X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=common-src%2Flocal-security.c;h=9a27dff4099ad5ac2a4b6cdf9b7d30181749c415;hb=4f0b86f7a23848c16cfe82fae81e639917fcff27;hp=7e2d1d81845c9fe4bef1a2c8b23729f296c18f93;hpb=2627875b7d18858bc1f9f7652811e4d8c15a23eb;p=debian%2Famanda diff --git a/common-src/local-security.c b/common-src/local-security.c index 7e2d1d8..9a27dff 100644 --- a/common-src/local-security.c +++ b/common-src/local-security.c @@ -34,14 +34,13 @@ */ #include "amanda.h" +#include "match.h" #include "util.h" #include "event.h" #include "packet.h" -#include "queue.h" #include "security.h" #include "security-util.h" #include "stream.h" -#include "version.h" /* * Number of seconds amandad has to start up @@ -62,6 +61,7 @@ const security_driver_t local_security_driver = { "LOCAL", local_connect, sec_accept, + sec_get_authenticated_peer_name_gethostname, sec_close, stream_sendpkt, stream_recvpkt, @@ -111,7 +111,7 @@ local_connect( auth_debug(1, _("local: local_connect: %s\n"), hostname); - rh = alloc(SIZEOF(*rh)); + rh = g_new0(struct sec_handle, 1); security_handleinit(&rh->sech, &local_security_driver); rh->hostname = NULL; rh->rs = NULL; @@ -243,21 +243,28 @@ runlocal( return (0); } - safe_fd(-1, 0); + /* drop root privs for good */ + set_root_privs(-1); if(!xamandad_path || strlen(xamandad_path) <= 1) - xamandad_path = vstralloc(amlibexecdir, "/", "amandad", - versionsuffix(), NULL); + xamandad_path = vstralloc(amlibexecdir, "/", "amandad", NULL); #ifndef SINGLE_USERID + if (client_username && *client_username != '\0') { + initgroups(client_username, gid); + } else { + initgroups(CLIENT_LOGIN, gid); + } + if (gid != 0) + setregid(uid, gid); if (uid != 0) setreuid(uid, uid); - if (gid != 0) - setregid(gid, gid); #endif + safe_fd(-1, 0); + execlp(xamandad_path, xamandad_path, - "-auth=local", "amdump", "amindexd", "amidxtaped", (char *)NULL); + "-auth=local", (char *)NULL); error(_("error: couldn't exec %s: %s"), xamandad_path, strerror(errno)); /* should never go here, shut up compiler warning */