diff options
| author | Donald Sharp <sharpd@cumulusnetworks.com> | 2016-04-08 19:20:34 -0400 |
|---|---|---|
| committer | Donald Sharp <sharpd@cumulusnetworks.com> | 2016-04-08 20:33:15 -0400 |
| commit | b8b341d7c359d9c6770cbecfb050fc992bf3ce1f (patch) | |
| tree | ed3137dd84e1885d633943a05b108794a517b551 | |
| parent | 4a9ea50e1b7d0d4172accd3acac46f9cb2e4d531 (diff) | |
lib: Fix priviledge modification for vty group specified
When attempting to switch runtime permissions over to
the correct group specified for the vty group, if the
user specified to run as does not have that vty group
then do warn about the issue and stop running
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Reported-by: Thomas Martin <tmartincpp@gmail.com>
| -rw-r--r-- | lib/privs.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/lib/privs.c b/lib/privs.c index 0ca8783dcc..e6d76b600b 100644 --- a/lib/privs.c +++ b/lib/privs.c @@ -664,6 +664,7 @@ zprivs_init(struct zebra_privs_t *zprivs) struct group *grentry = NULL; gid_t groups[NGROUPS_MAX]; int i, ngroups = 0; + int found = 0; if (!zprivs) { @@ -729,8 +730,17 @@ zprivs_init(struct zebra_privs_t *zprivs) for ( i = 0; i < ngroups; i++ ) if ( groups[i] == zprivs_state.vtygrp ) - break; + { + found++; + break; + } + if (!found) + { + fprintf (stderr, "privs_init: user(%s) is not part of vty group specified(%s)\n", + zprivs->user, zprivs->vty_group); + exit (1); + } if ( i >= ngroups && ngroups < (int) ZEBRA_NUM_OF(groups) ) { groups[i] = zprivs_state.vtygrp; |