commit fd03103c045c958756f5f3f03f13604bd80eaa1d
parent bfea01b8d21291919d2a0e1f2568de1834e67fd0
Author: Duncan Overbruck <mail@duncano.de>
Date: Thu, 5 Nov 2020 21:00:16 +0100
check for login_cap.h and use setusercontext if available
Diffstat:
2 files changed, 21 insertions(+), 0 deletions(-)
diff --git a/configure b/configure
@@ -452,6 +452,17 @@ int main(void) {
check_func "ndir_h" "$src"
#
+# Check for login_cap.h.
+#
+src='
+#include <sys/types.h>
+#include <login_cap.h>
+int main(void) {
+ return 0;
+}'
+check_func "login_cap_h" "$src"
+
+#
#
#
src='
diff --git a/doas.c b/doas.c
@@ -20,6 +20,9 @@
#include <sys/ioctl.h>
#include <limits.h>
+#ifdef HAVE_LOGIN_CAP_H
+#include <login_cap.h>
+#endif
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
@@ -379,12 +382,19 @@ main(int argc, char **argv)
rule->options & PERSIST);
#endif
+#ifdef HAVE_LOGIN_CAP_H
+ if (setusercontext(NULL, targpw, target, LOGIN_SETGROUP |
+ LOGIN_SETPRIORITY | LOGIN_SETRESOURCES | LOGIN_SETUMASK |
+ LOGIN_SETUSER) != 0)
+ errx(1, "failed to set user context for target");
+#else
if (setresgid(targpw->pw_gid, targpw->pw_gid, targpw->pw_gid) != 0)
err(1, "setresgid");
if (initgroups(targpw->pw_name, targpw->pw_gid) != 0)
err(1, "initgroups");
if (setresuid(target, target, target) != 0)
err(1, "setresuid");
+#endif
if (getcwd(cwdpath, sizeof(cwdpath)) == NULL)
cwd = "(failed)";
