diff options
| author | David Lamparter <equinox@opensourcerouting.org> | 2017-06-01 18:33:08 +0200 |
|---|---|---|
| committer | David Lamparter <equinox@opensourcerouting.org> | 2017-08-02 23:36:39 +0200 |
| commit | 37a1f2fbb6e05053098a5f1af5eff16ac523dd35 (patch) | |
| tree | 537022bb34cb3c92d2ae2d6c131f12d46190fdf5 /lib/privs.c | |
| parent | lib: vty_stdio signal handling (diff) | |
| download | frr-37a1f2fbb6e05053098a5f1af5eff16ac523dd35.tar.xz frr-37a1f2fbb6e05053098a5f1af5eff16ac523dd35.zip | |
lib: privs: make uid/gid accessible before setuid
This splits off privs_preinit(), which does the lookups for user and
group IDs. This is so the init code can create state directories while
still running as root.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Diffstat (limited to 'lib/privs.c')
| -rw-r--r-- | lib/privs.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/lib/privs.c b/lib/privs.c index c97159611..eda3fb02d 100644 --- a/lib/privs.c +++ b/lib/privs.c @@ -696,13 +696,10 @@ static int getgrouplist(const char *user, gid_t group, gid_t *groups, } #endif /* HAVE_GETGROUPLIST */ -void zprivs_init(struct zebra_privs_t *zprivs) +void zprivs_preinit(struct zebra_privs_t *zprivs) { struct passwd *pwentry = NULL; struct group *grentry = NULL; - gid_t groups[NGROUPS_MAX]; - int i, ngroups = 0; - int found = 0; if (!zprivs) { fprintf(stderr, "zprivs_init: called with NULL arg!\n"); @@ -751,6 +748,18 @@ void zprivs_init(struct zebra_privs_t *zprivs) zprivs_state.zgid = grentry->gr_gid; } +} + +void zprivs_init(struct zebra_privs_t *zprivs) +{ + gid_t groups[NGROUPS_MAX]; + int i, ngroups = 0; + int found = 0; + + /* NULL privs */ + if (!(zprivs->user || zprivs->group || zprivs->cap_num_p + || zprivs->cap_num_i)) + return; if (zprivs->user) { ngroups = sizeof(groups); |