[Opendnssec-commits] [keihatsu.kirei.se/svn/dnssec] r1549 - trunk/enforcer/common

Sion Lloyd sion at nominet.org.uk
Tue Aug 11 12:35:03 CEST 2009


Author: sion
Date: 2009-08-11 12:35:02 +0200 (Tue, 11 Aug 2009)
New Revision: 1549

Modified:
   trunk/enforcer/common/daemon_util.c
Log:
call setgid before setuid in enforcer daemons


Modified: trunk/enforcer/common/daemon_util.c
===================================================================
--- trunk/enforcer/common/daemon_util.c	2009-08-11 09:37:08 UTC (rev 1548)
+++ trunk/enforcer/common/daemon_util.c	2009-08-11 10:35:02 UTC (rev 1549)
@@ -137,70 +137,70 @@
         xmlFreeDoc(doc);
         return(-1);
     }
-    
-    /* Set the user to drop to if specified; else just set the uid as the real one */
-    xpathObj = xmlXPathEvalExpression(user_expr, xpathCtx);
+   
+    /* Set the group if specified; else just set the gid as the real one */
+    xpathObj = xmlXPathEvalExpression(group_expr, xpathCtx);
     if(xpathObj == NULL) {
-        log_msg(config, LOG_ERR, "Error: unable to evaluate xpath expression: %s\n", user_expr);
+        log_msg(config, LOG_ERR, "Error: unable to evaluate xpath expression: %s\n", group_expr);
         xmlXPathFreeContext(xpathCtx);
         xmlFreeDoc(doc);
         return(-1);
     }
     if (xpathObj->nodesetval->nodeNr > 0) {
         temp_char = (char*) xmlXPathCastToString(xpathObj);
-        StrAppend(&config->username, temp_char);
+        StrAppend(&config->groupname, temp_char);
         StrFree(temp_char);
         xmlXPathFreeObject(xpathObj);
 
-        /* Lookup the user id in /etc/passwd */
-        if ((pwd = getpwnam(config->username)) == NULL) {
-            log_msg(config, LOG_ERR, "user '%s' does not exist. exiting...", config->username);
+        /* Lookup the group id in /etc/groups */
+        if ((grp = getgrnam(config->groupname)) == NULL) {
+            log_msg(config, LOG_ERR, "group '%s' does not exist. exiting...", config->groupname);
             exit(1);
         } else {
-            config->uid = pwd->pw_uid;
+            config->gid = grp->gr_gid;
         }
-        endpwent();
+        endgrent();
 
-        if (setuid(config->uid) != 0) {
-            log_msg(config, LOG_ERR, "unable to drop user privileges: %s", strerror(errno));
+        if (setgid(config->gid) != 0) {
+            log_msg(config, LOG_ERR, "unable to drop group privileges: %s", strerror(errno));
             return -1;
         }
-        log_msg(config, LOG_INFO, "user set to: %s(%d)\n", config->username, config->uid);
+        log_msg(config, LOG_INFO, "group set to: %s(%d)\n", config->groupname, config->gid);
     } else {
-        config->uid = getuid();
+        config->gid = getgid();
     }
 
-    /* Set the group if specified; else just set the gid as the real one */
-    xpathObj = xmlXPathEvalExpression(group_expr, xpathCtx);
+    /* Set the user to drop to if specified; else just set the uid as the real one */
+    xpathObj = xmlXPathEvalExpression(user_expr, xpathCtx);
     if(xpathObj == NULL) {
-        log_msg(config, LOG_ERR, "Error: unable to evaluate xpath expression: %s\n", group_expr);
+        log_msg(config, LOG_ERR, "Error: unable to evaluate xpath expression: %s\n", user_expr);
         xmlXPathFreeContext(xpathCtx);
         xmlFreeDoc(doc);
         return(-1);
     }
     if (xpathObj->nodesetval->nodeNr > 0) {
         temp_char = (char*) xmlXPathCastToString(xpathObj);
-        StrAppend(&config->groupname, temp_char);
+        StrAppend(&config->username, temp_char);
         StrFree(temp_char);
         xmlXPathFreeObject(xpathObj);
 
-        /* Lookup the group id in /etc/groups */
-        if ((grp = getgrnam(config->groupname)) == NULL) {
-            log_msg(config, LOG_ERR, "group '%s' does not exist. exiting...", config->groupname);
+        /* Lookup the user id in /etc/passwd */
+        if ((pwd = getpwnam(config->username)) == NULL) {
+            log_msg(config, LOG_ERR, "user '%s' does not exist. exiting...", config->username);
             exit(1);
         } else {
-            config->gid = grp->gr_gid;
+            config->uid = pwd->pw_uid;
         }
-        endgrent();
+        endpwent();
 
-        if (setgid(config->gid) != 0) {
-            log_msg(config, LOG_ERR, "unable to drop group privileges: %s", strerror(errno));
+        if (setuid(config->uid) != 0) {
+            log_msg(config, LOG_ERR, "unable to drop user privileges: %s", strerror(errno));
             return -1;
         }
-        log_msg(config, LOG_INFO, "group set to: %s(%d)\n", config->groupname, config->gid);
+        log_msg(config, LOG_INFO, "user set to: %s(%d)\n", config->username, config->uid);
     } else {
-        config->gid = getgid();
-    }   
+        config->uid = getuid();
+    }
 
     return 0;
 }




More information about the Opendnssec-commits mailing list