From e227e24231b4a7ef892ccd8ad11c424c6a2d0c43 Mon Sep 17 00:00:00 2001
From: David Lamparter <equinox@opensourcerouting.org>
Date: Tue, 8 Nov 2016 19:42:01 +0100
Subject: [PATCH] lib: privs: always look up VTY group

Even if we're running without user switch, we should still try to honor
the VTY group.  This applies both to watchquagga (which always runs as
root) as well as "no-userswitch" configurations for other daemons.

Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
---
 lib/privs.c | 51 ++++++++++++++++++++++++++++-----------------------
 1 file changed, 28 insertions(+), 23 deletions(-)

diff --git a/lib/privs.c b/lib/privs.c
index 6cf87c18d4..ac2a8454c5 100644
--- a/lib/privs.c
+++ b/lib/privs.c
@@ -679,6 +679,15 @@ zprivs_init(struct zebra_privs_t *zprivs)
       exit (1);
     }
 
+  if (zprivs->vty_group)
+    {
+      /* in a "NULL" setup, this is allowed to fail too, but still try. */
+      if ((grentry = getgrnam (zprivs->vty_group)))
+        zprivs_state.vtygrp = grentry->gr_gid;
+      else
+        zprivs_state.vtygrp = (gid_t)-1;
+    }
+
   /* NULL privs */
   if (! (zprivs->user || zprivs->group 
          || zprivs->cap_num_p || zprivs->cap_num_i) )
@@ -731,34 +740,30 @@ zprivs_init(struct zebra_privs_t *zprivs)
   if (zprivs->vty_group)
     /* Add the vty_group to the supplementary groups so it can be chowned to */
     {
-      if ( (grentry = getgrnam (zprivs->vty_group)) )
-        {
-          zprivs_state.vtygrp = grentry->gr_gid;
-
-          for ( i = 0; i < ngroups; i++ )
-            if ( groups[i] == zprivs_state.vtygrp )
-              {
-                found++;
-                break;
-              }
-
-          if (!found)
-            {
-	      fprintf (stderr, "privs_init: user(%s) is not part of vty group specified(%s)\n",
-		       zprivs->user, zprivs->vty_group);
-              exit (1);
-            }
-          if ( i >= ngroups && ngroups < (int) ZEBRA_NUM_OF(groups) )
-            {
-              groups[i] = zprivs_state.vtygrp;
-            }
-        }
-      else
+      if (zprivs_state.vtygrp == (gid_t)-1)
         {
           fprintf (stderr, "privs_init: could not lookup vty group %s\n",
                    zprivs->vty_group);
           exit (1);
         }
+
+      for ( i = 0; i < ngroups; i++ )
+        if ( groups[i] == zprivs_state.vtygrp )
+          {
+            found++;
+            break;
+          }
+
+      if (!found)
+        {
+          fprintf (stderr, "privs_init: user(%s) is not part of vty group specified(%s)\n",
+                   zprivs->user, zprivs->vty_group);
+          exit (1);
+        }
+      if ( i >= ngroups && ngroups < (int) ZEBRA_NUM_OF(groups) )
+        {
+          groups[i] = zprivs_state.vtygrp;
+        }
     }
 
   if (ngroups)
-- 
2.39.5