diff options
author | Mattias Andrée <maandree@operamail.com> | 2013-11-19 02:30:33 +0100 |
---|---|---|
committer | Mattias Andrée <maandree@operamail.com> | 2013-11-19 02:30:33 +0100 |
commit | 2668d799b828d864c13d8a55b58965493d52a4f5 (patch) | |
tree | a78a07a164bddc9f0afbe6785c5a865def732506 /src | |
parent | m (diff) | |
download | libpassphrase-2668d799b828d864c13d8a55b58965493d52a4f5.tar.gz libpassphrase-2668d799b828d864c13d8a55b58965493d52a4f5.tar.bz2 libpassphrase-2668d799b828d864c13d8a55b58965493d52a4f5.tar.xz |
set supplemental groups
Signed-off-by: Mattias Andrée <maandree@operamail.com>
Diffstat (limited to '')
-rw-r--r-- | src/cerberus.c | 12 | ||||
-rw-r--r-- | src/cerberus.h | 3 |
2 files changed, 12 insertions, 3 deletions
diff --git a/src/cerberus.c b/src/cerberus.c index 01cbe08..4f9dd0c 100644 --- a/src/cerberus.c +++ b/src/cerberus.c @@ -242,6 +242,8 @@ void do_login(int argc, char** argv) } else if (child_pid == 0) { + int ret; + /* In case the shell does not do this */ setsid(); @@ -251,7 +253,15 @@ void do_login(int argc, char** argv) signal(SIGINT, SIG_DFL); /* Partial login */ - /* TODO set supplemental groups */ + ret = entry->pw_uid + ? initgroups(username, entry->pw_gid) /* supplemental groups for user, can require network */ + : setgroups(0, NULL); /* supplemental groups for root, does not require netork */ + if (ret == -1) + { + perror(entry->pw_uid ? "initgroups" : "setgroups"); + sleep(ERROR_SLEEP); + _exit(1); + } set_user(entry); exec_shell(entry); } diff --git a/src/cerberus.h b/src/cerberus.h index 706925a..a2df554 100644 --- a/src/cerberus.h +++ b/src/cerberus.h @@ -30,9 +30,8 @@ #include <termios.h> #include <sys/wait.h> #include <sys/ioctl.h> -#ifdef USE_TTY_GROUP +#include <sys/types.h> #include <grp.h> -#endif #include "config.h" |