Blame SOURCES/amanda-3.3.3-krb5.patch

290075
diff --git a/amandad-src/amandad.c b/amandad-src/amandad.c
290075
index d864c3f..4a899fb 100644
290075
--- a/amandad-src/amandad.c
290075
+++ b/amandad-src/amandad.c
290075
@@ -456,7 +456,7 @@ main(
290075
     }
290075
 
290075
 #ifndef SINGLE_USERID
290075
-    if (geteuid() == 0) {
290075
+    if (getuid() == 0) {
290075
 	if (strcasecmp(auth, "krb5") != 0) {
290075
 	    struct passwd *pwd;
290075
 	    /* lookup our local user name */
290075
diff --git a/common-src/krb5-security.c b/common-src/krb5-security.c
290075
index c3075fa..8d3b18a 100644
290075
--- a/common-src/krb5-security.c
290075
+++ b/common-src/krb5-security.c
290075
@@ -334,6 +334,7 @@ krb5_accept(
290075
     char hostname[NI_MAXHOST];
290075
     int result;
290075
     char *errmsg = NULL;
290075
+    struct passwd *pw;
290075
 
290075
     krb5_init();
290075
 
290075
@@ -372,6 +373,12 @@ krb5_accept(
290075
 	error("gss_server failed: %s\n", rc->errmsg);
290075
     rc->accept_fn = fn;
290075
     sec_tcp_conn_read(rc);
290075
+
290075
+    /* totally drop privileges at this point
290075
+     *(making the userid equal to the dumpuser)
290075
+     */
290075
+    pw = getpwnam(CLIENT_LOGIN);
290075
+    setreuid(pw->pw_uid, pw->pw_uid);
290075
 }
290075
 
290075
 /*
290075
@@ -712,7 +719,7 @@ krb5_init(void)
290075
     beenhere = 1;
290075
 
290075
 #ifndef BROKEN_MEMORY_CCACHE
290075
-    putenv(stralloc("KRB5_ENV_CCNAME=MEMORY:amanda_ccache"));
290075
+    putenv(stralloc(KRB5_ENV_CCNAME"=MEMORY:amanda_ccache"));
290075
 #else
290075
     /*
290075
      * MEMORY ccaches seem buggy and cause a lot of internal heap
290075
@@ -727,7 +734,7 @@ krb5_init(void)
290075
 	char *ccache;
290075
 	ccache = malloc(128);
290075
 	g_snprintf(ccache, SIZEOF(ccache),
290075
-		 "KRB5_ENV_CCNAME=FILE:/tmp/amanda_ccache.%ld.%ld",
290075
+		 KRB5_ENV_CCNAME"=FILE:/tmp/amanda_ccache.%ld.%ld",
290075
 		 (long)geteuid(), (long)getpid());
290075
 	putenv(ccache);
290075
     }