diff options
| author |   gsoares <gsoares@openbsd.org> | 2017-03-01 00:50:12 +0000 |
|---|---|---|
| committer | gsoares <gsoares@openbsd.org> | 2017-03-01 00:50:12 +0000 |
| commit | ab2e3d2324a5f739692feb1f1dba67ae6dfbef80 (patch) | |
| tree | bc60ab6edf71486880082fe644e24a68a912f2fd | |
| parent | Print SKIPPED if the architecture dependent regression tests are (diff) | |
| download | wireguard-openbsd-ab2e3d2324a5f739692feb1f1dba67ae6dfbef80.tar.xz wireguard-openbsd-ab2e3d2324a5f739692feb1f1dba67ae6dfbef80.zip | |
move up getpid() and getpwnam(LDAP USER) checks
to fail earlier and also make them consistent with
other daemons.
while here:
- fix getpwnam(LDAPD_USER) errx()
- no need to skip_chroot
ok jmatthew@
| -rw-r--r-- | usr.sbin/ldapd/ldapd.c | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/usr.sbin/ldapd/ldapd.c b/usr.sbin/ldapd/ldapd.c index 4929cf3090b..2c1f8e50842 100644 --- a/usr.sbin/ldapd/ldapd.c +++ b/usr.sbin/ldapd/ldapd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ldapd.c,v 1.22 2017/02/24 14:28:31 gsoares Exp $ */ +/* $OpenBSD: ldapd.c,v 1.23 2017/03/01 00:50:12 gsoares Exp $ */ /* * Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se> @@ -111,7 +111,7 @@ main(int argc, char *argv[]) { int c; int debug = 0, verbose = 0, eflag = 0; - int configtest = 0, skip_chroot = 0; + int configtest = 0; int pipe_parent2ldap[2]; char *conffile = CONFFILE; char *csockpath = LDAPD_SOCKET; @@ -172,6 +172,14 @@ main(int argc, char *argv[]) if (argc > 0) usage(); + /* check for root privileges */ + if (geteuid()) + errx(1, "need root privileges"); + + /* check for ldapd user */ + if (getpwnam(LDAPD_USER) == NULL) + errx(1, "unknown user %s", LDAPD_USER); + log_verbose(verbose); stats.started_at = time(0); tls_init(); @@ -186,21 +194,12 @@ main(int argc, char *argv[]) if (eflag) ldape(debug, verbose, csockpath); - - if (geteuid()) { - if (!debug) - errx(1, "need root privileges"); - skip_chroot = 1; - } if (stat(datadir, &sb) == -1) err(1, "%s", datadir); if (!S_ISDIR(sb.st_mode)) errx(1, "%s is not a directory", datadir); - if (!skip_chroot && (getpwnam(LDAPD_USER) == NULL)) - err(1, "%s", LDAPD_USER); - if (!debug) { if (daemon(1, 0) == -1) err(1, "failed to daemonize"); |