Check the permission of the cfg file based on the user settings passed to the daemon, it it applies
... | ... |
@@ -40,6 +40,7 @@ |
40 | 40 |
#include "../../sr_module.h" |
41 | 41 |
#include "../../str.h" |
42 | 42 |
#include "../../mem/mem.h" |
43 |
+#include "../../ut.h" /* for user2uid() */ |
|
43 | 44 |
#include "carrierroute.h" |
44 | 45 |
#include "cr_fixup.h" |
45 | 46 |
#include "cr_map.h" |
... | ... |
@@ -154,6 +155,8 @@ struct module_exports exports = { |
154 | 155 |
*/ |
155 | 156 |
static int mod_init(void) { |
156 | 157 |
struct stat fs; |
158 |
+ extern char* user; /*from main.c*/ |
|
159 |
+ int uid, gid; |
|
157 | 160 |
|
158 | 161 |
if(register_mi_mod(exports.name, mi_cmds)!=0) |
159 | 162 |
{ |
... | ... |
@@ -197,9 +200,20 @@ static int mod_init(void) { |
197 | 200 |
if(fs.st_mode & S_IWOTH){ |
198 | 201 |
LM_WARN("insecure file permissions, routing data is world writeable\n"); |
199 | 202 |
} |
203 |
+ |
|
204 |
+ if (user){ |
|
205 |
+ if (user2uid(&uid, &gid, user)<0){ |
|
206 |
+ LM_ERR("bad user name/uid number: -u %s\n", user); |
|
207 |
+ return -1; |
|
208 |
+ } |
|
209 |
+ } else { |
|
210 |
+ uid = geteuid(); |
|
211 |
+ gid = getegid(); |
|
212 |
+ } |
|
213 |
+ |
|
200 | 214 |
if( !( fs.st_mode & S_IWOTH) && |
201 |
- !((fs.st_mode & S_IWGRP) && (fs.st_gid == getegid())) && |
|
202 |
- !((fs.st_mode & S_IWUSR) && (fs.st_uid == geteuid())) ) { |
|
215 |
+ !((fs.st_mode & S_IWGRP) && (fs.st_gid == uid)) && |
|
216 |
+ !((fs.st_mode & S_IWUSR) && (fs.st_uid == gid))) { |
|
203 | 217 |
LM_ERR("config file %s not writable\n", config_file); |
204 | 218 |
return -1; |
205 | 219 |
} |