From: Donald Sharp <sharpd@cumulusnetworks.com>
Date: Fri, 8 Apr 2016 23:20:34 +0000 (-0400)
Subject: lib: Fix priviledge modification for vty group specified
X-Git-Tag: frr-2.0-rc1~976
X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=b8b341d7c359d9c6770cbecfb050fc992bf3ce1f;p=matthieu%2Ffrr.git

lib: Fix priviledge modification for vty group specified

When attempting to switch runtime permissions over to
the correct group specified for the vty group, if the
user specified to run as does not have that vty group
then do warn about the issue and stop running

Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Reported-by: Thomas Martin <tmartincpp@gmail.com>
---

diff --git a/lib/privs.c b/lib/privs.c
index 0ca8783dcc..e6d76b600b 100644
--- a/lib/privs.c
+++ b/lib/privs.c
@@ -664,6 +664,7 @@ zprivs_init(struct zebra_privs_t *zprivs)
   struct group *grentry = NULL;
   gid_t groups[NGROUPS_MAX];
   int i, ngroups = 0;
+  int found = 0;
 
   if (!zprivs)
     {
@@ -729,8 +730,17 @@ zprivs_init(struct zebra_privs_t *zprivs)
 
           for ( i = 0; i < ngroups; i++ )
             if ( groups[i] == zprivs_state.vtygrp )
-              break;
+              {
+                found++;
+                break;
+              }
 
+          if (!found)
+            {
+	      fprintf (stderr, "privs_init: user(%s) is not part of vty group specified(%s)\n",
+		       zprivs->user, zprivs->vty_group);
+              exit (1);
+            }
           if ( i >= ngroups && ngroups < (int) ZEBRA_NUM_OF(groups) )
             {
               groups[i] = zprivs_state.vtygrp;