|
 |
f09cb9 |
diff --git a/amandad-src/amandad.c b/amandad-src/amandad.c
|
|
|
f09cb9 |
index d864c3f..4a899fb 100644
|
|
|
f09cb9 |
--- a/amandad-src/amandad.c
|
|
|
f09cb9 |
+++ b/amandad-src/amandad.c
|
|
|
f09cb9 |
@@ -456,7 +456,7 @@ main(
|
|
|
f09cb9 |
}
|
|
|
f09cb9 |
|
|
|
f09cb9 |
#ifndef SINGLE_USERID
|
|
|
f09cb9 |
- if (geteuid() == 0) {
|
|
|
f09cb9 |
+ if (getuid() == 0) {
|
|
|
f09cb9 |
if (strcasecmp(auth, "krb5") != 0) {
|
|
|
f09cb9 |
struct passwd *pwd;
|
|
|
f09cb9 |
/* lookup our local user name */
|
|
|
f09cb9 |
diff --git a/common-src/krb5-security.c b/common-src/krb5-security.c
|
|
|
f09cb9 |
index c3075fa..8d3b18a 100644
|
|
|
f09cb9 |
--- a/common-src/krb5-security.c
|
|
|
f09cb9 |
+++ b/common-src/krb5-security.c
|
|
|
f09cb9 |
@@ -334,6 +334,7 @@ krb5_accept(
|
|
|
f09cb9 |
char hostname[NI_MAXHOST];
|
|
|
f09cb9 |
int result;
|
|
|
f09cb9 |
char *errmsg = NULL;
|
|
|
f09cb9 |
+ struct passwd *pw;
|
|
|
f09cb9 |
|
|
|
f09cb9 |
krb5_init();
|
|
|
f09cb9 |
|
|
|
f09cb9 |
@@ -372,6 +373,12 @@ krb5_accept(
|
|
|
f09cb9 |
error("gss_server failed: %s\n", rc->errmsg);
|
|
|
f09cb9 |
rc->accept_fn = fn;
|
|
|
f09cb9 |
sec_tcp_conn_read(rc);
|
|
|
f09cb9 |
+
|
|
|
f09cb9 |
+ /* totally drop privileges at this point
|
|
|
f09cb9 |
+ *(making the userid equal to the dumpuser)
|
|
|
f09cb9 |
+ */
|
|
|
f09cb9 |
+ pw = getpwnam(CLIENT_LOGIN);
|
|
|
f09cb9 |
+ setreuid(pw->pw_uid, pw->pw_uid);
|
|
|
f09cb9 |
}
|
|
|
f09cb9 |
|
|
|
f09cb9 |
/*
|
|
|
f09cb9 |
@@ -712,7 +719,7 @@ krb5_init(void)
|
|
|
f09cb9 |
beenhere = 1;
|
|
|
f09cb9 |
|
|
|
f09cb9 |
#ifndef BROKEN_MEMORY_CCACHE
|
|
|
f09cb9 |
- putenv(stralloc("KRB5_ENV_CCNAME=MEMORY:amanda_ccache"));
|
|
|
f09cb9 |
+ putenv(stralloc(KRB5_ENV_CCNAME"=MEMORY:amanda_ccache"));
|
|
|
f09cb9 |
#else
|
|
|
f09cb9 |
/*
|
|
|
f09cb9 |
* MEMORY ccaches seem buggy and cause a lot of internal heap
|
|
|
f09cb9 |
@@ -727,7 +734,7 @@ krb5_init(void)
|
|
|
f09cb9 |
char *ccache;
|
|
|
f09cb9 |
ccache = malloc(128);
|
|
|
f09cb9 |
g_snprintf(ccache, SIZEOF(ccache),
|
|
|
f09cb9 |
- "KRB5_ENV_CCNAME=FILE:/tmp/amanda_ccache.%ld.%ld",
|
|
|
f09cb9 |
+ KRB5_ENV_CCNAME"=FILE:/tmp/amanda_ccache.%ld.%ld",
|
|
|
f09cb9 |
(long)geteuid(), (long)getpid());
|
|
|
f09cb9 |
putenv(ccache);
|
|
|
f09cb9 |
}
|