X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=common-src%2Flocal-security.c;h=9a27dff4099ad5ac2a4b6cdf9b7d30181749c415;hb=HEAD;hp=29a946df5ae0d233619d397c0a0bbf6c03350d9c;hpb=6ba576375c19b829b2a13dbe6562eedd2716b9ea;p=debian%2Famanda

diff --git a/common-src/local-security.c b/common-src/local-security.c
index 29a946d..9a27dff 100644
--- a/common-src/local-security.c
+++ b/common-src/local-security.c
@@ -34,14 +34,13 @@
  */
 
 #include "amanda.h"
+#include "match.h"
 #include "util.h"
 #include "event.h"
 #include "packet.h"
-#include "queue.h"
 #include "security.h"
 #include "security-util.h"
 #include "stream.h"
-#include "version.h"
 
 /*
  * Number of seconds amandad has to start up
@@ -62,6 +61,7 @@ const security_driver_t local_security_driver = {
     "LOCAL",
     local_connect,
     sec_accept,
+    sec_get_authenticated_peer_name_gethostname,
     sec_close,
     stream_sendpkt,
     stream_recvpkt,
@@ -111,7 +111,7 @@ local_connect(
 
     auth_debug(1, _("local: local_connect: %s\n"), hostname);
 
-    rh = alloc(SIZEOF(*rh));
+    rh = g_new0(struct sec_handle, 1);
     security_handleinit(&rh->sech, &local_security_driver);
     rh->hostname = NULL;
     rh->rs = NULL;
@@ -178,6 +178,7 @@ local_connect(
 
 error:
     (*fn)(arg, &rh->sech, S_ERROR);
+    amfree(rh->hostname);
 }
 
 /*
@@ -188,7 +189,7 @@ static int
 runlocal(
     struct tcp_conn *	rc,
     const char *	amandad_path,
-    const char *	client_username)
+    const char *	client_username G_GNUC_UNUSED)
 {
     int rpipe[2], wpipe[2];
     char *xamandad_path = (char *)amandad_path;
@@ -242,21 +243,28 @@ runlocal(
 	return (0);
     }
 
-    safe_fd(-1, 0);
+    /* drop root privs for good */
+    set_root_privs(-1);
 
     if(!xamandad_path || strlen(xamandad_path) <= 1) 
-	xamandad_path = vstralloc(amlibexecdir, "/", "amandad",
-				 versionsuffix(), NULL);
+	xamandad_path = vstralloc(amlibexecdir, "/", "amandad", NULL);
 
 #ifndef SINGLE_USERID
+    if (client_username && *client_username != '\0') {
+	initgroups(client_username, gid);
+    } else {
+	initgroups(CLIENT_LOGIN, gid);
+    }
+    if (gid != 0)
+	setregid(uid, gid);
     if (uid != 0)
 	setreuid(uid, uid);
-    if (gid != 0)
-	setregid(gid, gid);
 #endif
 
+    safe_fd(-1, 0);
+
     execlp(xamandad_path, xamandad_path,
-	   "-auth=local", "amdump", "amindexd", "amidxtaped", (char *)NULL);
+	   "-auth=local", (char *)NULL);
     error(_("error: couldn't exec %s: %s"), xamandad_path, strerror(errno));
 
     /* should never go here, shut up compiler warning */