lib: Fix priviledge modification for vty group specified

When attempting to switch runtime permissions over to
the correct group specified for the vty group, if the
user specified to run as does not have that vty group
then do warn about the issue and stop running

Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Reported-by: Thomas Martin <tmartincpp@gmail.com>

diff --git a/lib/privs.c b/lib/privs.c
index 0ca8783dcc87826719b24201890ff1bea86b3248..e6d76b600b0d4122f223bfb01153500e93f6fff7 100644 (file)
--- a/lib/privs.c
+++ b/lib/privs.c
@@ -664,6 +664,7 @@ zprivs_init(struct zebra_privs_t *zprivs)
   struct group *grentry = NULL;
   gid_t groups[NGROUPS_MAX];
   int i, ngroups = 0;
+  int found = 0;
 
   if (!zprivs)
     {
@@ -729,8 +730,17 @@ zprivs_init(struct zebra_privs_t *zprivs)
 
           for ( i = 0; i < ngroups; i++ )
             if ( groups[i] == zprivs_state.vtygrp )
-              break;
+              {
+                found++;
+                break;
+              }
 
+          if (!found)
+            {
+             fprintf (stderr, "privs_init: user(%s) is not part of vty group specified(%s)\n",
+                      zprivs->user, zprivs->vty_group);
+              exit (1);
+            }
           if ( i >= ngroups && ngroups < (int) ZEBRA_NUM_OF(groups) )
             {
               groups[i] = zprivs_state.vtygrp;