Finish setuid/setgid.

2025-04-13 15:12:00 +02:00 · 2025-04-13 15:12:00 +02:00 · 0e012332e1
commit 0e012332e1
parent 8bd46721aa
1 changed files with 21 additions and 7 deletions
--- a/backend/brminv.scm
+++ b/backend/brminv.scm
@ -34,7 +34,9 @@
 	(chicken string)
 	api-servlets
 	bar-db
-	(chicken process-context posix))
+	(chicken process-context posix)
+	(chicken process-context)
+	posix-groups)

 (define -port- (make-parameter #f))
 (define -certificate- (make-parameter #f))
@ -99,12 +101,24 @@
 		   private-key: (-key-))
      (tcp-listen port)))

-(when (or (-user-) (-group-))
 (print "current user id: " (current-user-id))
 (print "current effective user id: " (current-effective-user-id))
-  (switch-user/group (-user-) (-group-))
+(when (-group-)	 ; group first, since only superuser can switch groups
+  (let ((ginfo (group-information (-group-))))
+    (unless ginfo
+      (error "Group does not exist" (-group-)))
+    (set! (current-group-id) (list-ref ginfo 2))))
+(when (-user-)
+  (let ((uinfo (user-information (-user-))))
+    (unless uinfo
+      (error "User does not exist" (-user-)))
+    (set-environment-variable! "HOME" (list-ref uinfo 5))
+    (initialize-groups (-user-) (list-ref uinfo 3))
+    (unless (-group-)		    ; Already changed to target group?
+      (set! (current-group-id) (list-ref uinfo 3)))
+    (set! (current-user-id) (list-ref uinfo 2))))
 (print "current user id: " (current-user-id))
-  (print "current effective user id: " (current-effective-user-id)))
+(print "current effective user id: " (current-effective-user-id))

 (bar-db-init! (-db-name-) (-db-host-) (-db-user-) (-db-pass-))