Blame SOURCES/amanda-3.3.3-krb5.patch

ea0dde
diff --git a/amandad-src/amandad.c b/amandad-src/amandad.c
ea0dde
index d864c3f..4a899fb 100644
ea0dde
--- a/amandad-src/amandad.c
ea0dde
+++ b/amandad-src/amandad.c
ea0dde
@@ -456,7 +456,7 @@ main(
ea0dde
     }
ea0dde
 
ea0dde
 #ifndef SINGLE_USERID
ea0dde
-    if (geteuid() == 0) {
ea0dde
+    if (getuid() == 0) {
ea0dde
 	if (strcasecmp(auth, "krb5") != 0) {
ea0dde
 	    struct passwd *pwd;
ea0dde
 	    /* lookup our local user name */
ea0dde
diff --git a/common-src/krb5-security.c b/common-src/krb5-security.c
ea0dde
index c3075fa..8d3b18a 100644
ea0dde
--- a/common-src/krb5-security.c
ea0dde
+++ b/common-src/krb5-security.c
ea0dde
@@ -334,6 +334,7 @@ krb5_accept(
ea0dde
     char hostname[NI_MAXHOST];
ea0dde
     int result;
ea0dde
     char *errmsg = NULL;
ea0dde
+    struct passwd *pw;
ea0dde
 
ea0dde
     krb5_init();
ea0dde
 
ea0dde
@@ -372,6 +373,12 @@ krb5_accept(
ea0dde
 	error("gss_server failed: %s\n", rc->errmsg);
ea0dde
     rc->accept_fn = fn;
ea0dde
     sec_tcp_conn_read(rc);
ea0dde
+
ea0dde
+    /* totally drop privileges at this point
ea0dde
+     *(making the userid equal to the dumpuser)
ea0dde
+     */
ea0dde
+    pw = getpwnam(CLIENT_LOGIN);
ea0dde
+    setreuid(pw->pw_uid, pw->pw_uid);
ea0dde
 }
ea0dde
 
ea0dde
 /*
ea0dde
@@ -712,7 +719,7 @@ krb5_init(void)
ea0dde
     beenhere = 1;
ea0dde
 
ea0dde
 #ifndef BROKEN_MEMORY_CCACHE
ea0dde
-    putenv(stralloc("KRB5_ENV_CCNAME=MEMORY:amanda_ccache"));
ea0dde
+    putenv(stralloc(KRB5_ENV_CCNAME"=MEMORY:amanda_ccache"));
ea0dde
 #else
ea0dde
     /*
ea0dde
      * MEMORY ccaches seem buggy and cause a lot of internal heap
ea0dde
@@ -727,7 +734,7 @@ krb5_init(void)
ea0dde
 	char *ccache;
ea0dde
 	ccache = malloc(128);
ea0dde
 	g_snprintf(ccache, SIZEOF(ccache),
ea0dde
-		 "KRB5_ENV_CCNAME=FILE:/tmp/amanda_ccache.%ld.%ld",
ea0dde
+		 KRB5_ENV_CCNAME"=FILE:/tmp/amanda_ccache.%ld.%ld",
ea0dde
 		 (long)geteuid(), (long)getpid());
ea0dde
 	putenv(ccache);
ea0dde
     }