This is an automated email from the git hooks/post-receive script.
rharwood pushed a commit to branch master in repository gssproxy.
commit 9e38cd56177eefd54880eb4e92f63ee362e74f61 Author: Stanislav Levin slev@altlinux.org AuthorDate: Sat Dec 29 12:08:26 2018 +0300
Move run_as_user check out of drop_privs()
Signed-off-by: Stanislav Levin slev@altlinux.org [rharwood@redhat.com: commit message] Reviewed-by: Robbie Harwood rharwood@redhat.com Reviewed-by: Simo Sorce simo@redhat.com --- src/gp_init.c | 5 ----- src/gssproxy.c | 12 ++++++++---- 2 files changed, 8 insertions(+), 9 deletions(-)
diff --git a/src/gp_init.c b/src/gp_init.c index 6dc2398..24839de 100644 --- a/src/gp_init.c +++ b/src/gp_init.c @@ -229,11 +229,6 @@ int drop_privs(struct gp_config *cfg) struct passwd *pw, pws; int ret;
- if (cfg->proxy_user == NULL) { - /* not dropping privs */ - return 0; - } - #ifdef HAVE_CAP /* Retain capabilities when changing UID to non-zero. We drop the ones we * don't need after the switch. */ diff --git a/src/gssproxy.c b/src/gssproxy.c index 93c1c1e..01d4ef9 100644 --- a/src/gssproxy.c +++ b/src/gssproxy.c @@ -269,10 +269,14 @@ int main(int argc, const char *argv[]) * so it can continue with dependencies and start nfsd */ init_done(wait_fd);
- ret = drop_privs(gpctx->config); - if (ret) { - ret = EXIT_FAILURE; - goto cleanup; + /* if config option "run_as_user" is missing, then it's no need to + * drop privileges */ + if (gpctx->config->proxy_user) { + ret = drop_privs(gpctx->config); + if (ret) { + ret = EXIT_FAILURE; + goto cleanup; + } }
ret = gp_workers_init(gpctx);