1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
From 28bf40220840c277d70ed66f6d58729ebb975de8 Mon Sep 17 00:00:00 2001
From: Vincent Bernat <vincent@bernat.im>
Date: Thu, 12 Feb 2015 08:07:43 +0100
Subject: [PATCH] priv: don't lookup for _lldpd when privsep is disabled
Closes #95
---
src/daemon/lldpd.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/daemon/lldpd.c b/src/daemon/lldpd.c
index f868fc7..6a3a160 100644
--- a/src/daemon/lldpd.c
+++ b/src/daemon/lldpd.c
@@ -1335,11 +1335,13 @@ lldpd_main(int argc, char *argv[], char *envp[])
int receiveonly = 0;
int ctl;
+#ifdef ENABLE_PRIVSEP
/* Non privileged user */
struct passwd *user;
struct group *group;
uid_t uid;
gid_t gid;
+#endif
saved_argv = argv;
@@ -1493,12 +1495,14 @@ lldpd_main(int argc, char *argv[], char *envp[])
log_debug("main", "lldpd starting...");
/* Grab uid and gid to use for priv sep */
+#ifdef ENABLE_PRIVSEP
if ((user = getpwnam(PRIVSEP_USER)) == NULL)
fatal("main", "no " PRIVSEP_USER " user for privilege separation");
uid = user->pw_uid;
if ((group = getgrnam(PRIVSEP_GROUP)) == NULL)
fatal("main", "no " PRIVSEP_GROUP " group for privilege separation");
gid = group->gr_gid;
+#endif
/* Create and setup socket */
int retry = 1;
@@ -1526,12 +1530,14 @@ lldpd_main(int argc, char *argv[], char *envp[])
log_warn("main", "unable to create control socket");
fatalx("giving up");
}
+#ifdef ENABLE_PRIVSEP
if (chown(ctlname, uid, gid) == -1)
log_warn("main", "unable to chown control socket");
if (chmod(ctlname,
S_IRUSR | S_IWUSR | S_IXUSR |
S_IRGRP | S_IWGRP | S_IXGRP) == -1)
log_warn("main", "unable to chmod control socket");
+#endif
/* Disable SIGPIPE */
signal(SIGPIPE, SIG_IGN);
@@ -1576,7 +1582,11 @@ lldpd_main(int argc, char *argv[], char *envp[])
}
log_debug("main", "initialize privilege separation");
+#ifdef ENABLE_PRIVSEP
priv_init(PRIVSEP_CHROOT, ctl, uid, gid);
+#else
+ priv_init(PRIVSEP_CHROOT, ctl, 0, 0);
+#endif
/* Initialization of global configuration */
if ((cfg = (struct lldpd *)
--
2.1.2
|
