Attachment #395456 for bug #528774

Lines 187-192 public: Link Here

(-)a/include/znc/znc.h (+3 lines)
187		187
188	static void DumpConfig(const CConfig* Config);	188	static void DumpConfig(const CConfig* Config);
189		189
		190	void SetSystemWideConfig(bool systemWideConfig);
		191
190	private:	192	private:
191	CFile* InitPidFile();	193	CFile* InitPidFile();
192	bool DoRehash(CString& sError);	194	bool DoRehash(CString& sError);
Lines 232-237 protected: Link Here
232	TCacheMap<CString> m_sConnectThrottle;	234	TCacheMap<CString> m_sConnectThrottle;
233	bool m_bProtectWebSessions;	235	bool m_bProtectWebSessions;
234	bool m_bHideVersion;	236	bool m_bHideVersion;
		237	bool m_bSystemWideConfig;
235	};	238	};
236		239
237	#endif // !_ZNC_H	240	#endif // !_ZNC_H

Lines 16-21 Link Here

(-)a/src/main.cpp (-2 / +40 lines)
16		16
17	#include <znc/znc.h>	17	#include <znc/znc.h>
18	#include <signal.h>	18	#include <signal.h>
		19	#include <sys/types.h>
		20	#include <pwd.h>
		21	#include <grp.h>
19		22
20	#if defined(HAVE_LIBSSL) && defined(HAVE_PTHREAD)	23	#if defined(HAVE_LIBSSL) && defined(HAVE_PTHREAD)
21	#include <znc/Threads.h>	24	#include <znc/Threads.h>
Lines 109-114 static const struct option g_LongOpts[] = { Link Here
109	{ "makepass", no_argument, 0, 's' },	112	{ "makepass", no_argument, 0, 's' },
110	{ "makepem", no_argument, 0, 'p' },	113	{ "makepem", no_argument, 0, 'p' },
111	{ "datadir", required_argument, 0, 'd' },	114	{ "datadir", required_argument, 0, 'd' },
		115	{ "system-wide-config-as", required_argument, 0, 'S' },
112	{ 0, 0, 0, 0 }	116	{ 0, 0, 0, 0 }
113	};	117	};
114		118
Lines 192-197 int main(int argc, char** argv) { Link Here
192	bool bMakeConf = false;	196	bool bMakeConf = false;
193	bool bMakePass = false;	197	bool bMakePass = false;
194	bool bAllowRoot = false;	198	bool bAllowRoot = false;
		199	bool bSystemWideConfig = false;
		200	CString sSystemWideConfigUser = "znc";
195	bool bForeground = false;	201	bool bForeground = false;
196	#ifdef ALWAYS_RUN_IN_FOREGROUND	202	#ifdef ALWAYS_RUN_IN_FOREGROUND
197	bForeground = true;	203	bForeground = true;
Lines 201-207 int main(int argc, char** argv) { Link Here
201	#endif	207	#endif
202	CZNC::CreateInstance();	208	CZNC::CreateInstance();
203		209
204	while ((iArg = getopt_long(argc, argv, "hvnrcspd:Df", g_LongOpts, &iOptIndex)) != -1) {	210	while ((iArg = getopt_long(argc, argv, "hvnrcspd:DfS", g_LongOpts, &iOptIndex)) != -1) {
205	switch (iArg) {	211	switch (iArg) {
206	case 'h':	212	case 'h':
207	GenerateHelp(argv[0]);	213	GenerateHelp(argv[0]);
Lines 219-224 int main(int argc, char** argv) { Link Here
219	case 'c':	225	case 'c':
220	bMakeConf = true;	226	bMakeConf = true;
221	break;	227	break;
		228	case 'S':
		229	bSystemWideConfig = true;
		230	sSystemWideConfigUser = optarg;
		231	break;
222	case 's':	232	case 's':
223	bMakePass = true;	233	bMakePass = true;
224	break;	234	break;
Lines 253-260 int main(int argc, char** argv) { Link Here
253	return 1;	263	return 1;
254	}	264	}
255		265
		266	if (bSystemWideConfig && getuid() == 0) {
		267	struct passwd *pwd;
		268
		269	pwd = getpwnam(sSystemWideConfigUser.c_str());
		270	if (pwd == NULL) {
		271	CUtils::PrintError("Daemon user not found.");
		272	return 1;
		273	}
		274
		275	if ((long) pwd->pw_uid == 0) {
		276	CUtils::PrintError("Please define a daemon user other than root.");
		277	return 1;
		278	}
		279	if (setgroups(0, NULL) != 0) {
		280	CUtils::PrintError("setgroups: Unable to clear supplementary group IDs");
		281	return 1;
		282	}
		283	if (setgid((long) pwd->pw_gid) != 0) {
		284	CUtils::PrintError("setgid: Unable to drop group privileges");
		285	return 1;
		286	}
		287	if (setuid((long) pwd->pw_uid) != 0) {
		288	CUtils::PrintError("setuid: Unable to drop user privileges");
		289	return 1;
		290	}
		291	}
		292
256	CZNC* pZNC = &CZNC::Get();	293	CZNC* pZNC = &CZNC::Get();
257	pZNC->InitDirs(((argc) ? argv[0] : ""), sDataDir);	294	pZNC->InitDirs(((argc) ? argv[0] : ""), sDataDir);
		295	pZNC->SetSystemWideConfig(bSystemWideConfig);
258		296
259	#ifdef HAVE_LIBSSL	297	#ifdef HAVE_LIBSSL
260	if (bMakePem) {	298	if (bMakePem) {
Lines 303-309 int main(int argc, char** argv) { Link Here
303	CUtils::PrintStatus(true, "");	341	CUtils::PrintStatus(true, "");
304	}	342	}
305		343
306	if (isRoot()) {	344	if (isRoot() && !bSystemWideConfig) {
307	CUtils::PrintError("You are running ZNC as root! Don't do that! There are not many valid");	345	CUtils::PrintError("You are running ZNC as root! Don't do that! There are not many valid");
308	CUtils::PrintError("reasons for this and it can, in theory, cause great damage!");	346	CUtils::PrintError("reasons for this and it can, in theory, cause great damage!");
309	if (!bAllowRoot) {	347	if (!bAllowRoot) {

Lines 56-61 CZNC::CZNC() { Link Here

(-)a/src/znc.cpp (-1 / +6 lines)
56	m_pLockFile = NULL;	56	m_pLockFile = NULL;
57	m_bProtectWebSessions = true;	57	m_bProtectWebSessions = true;
58	m_bHideVersion = false;	58	m_bHideVersion = false;
		59	m_bSystemWideConfig = false;
59	m_uDisabledSSLProtocols = Csock::EDP_SSL;	60	m_uDisabledSSLProtocols = Csock::EDP_SSL;
60	m_sSSLProtocols = "";	61	m_sSSLProtocols = "";
61	}	62	}
Lines 861-867 bool CZNC::WriteNewConfig(const CString& sConfigFile) { Link Here
861	CUtils::PrintMessage("");	862	CUtils::PrintMessage("");
862		863
863	File.UnLock();	864	File.UnLock();
864	return bFileOpen && CUtils::GetBoolInput("Launch ZNC now?", true);	865	return bFileOpen && !m_bSystemWideConfig && CUtils::GetBoolInput("Launch ZNC now?", true);
865	}	866	}
866		867
867	void CZNC::BackupConfigOnce(const CString& sSuffix) {	868	void CZNC::BackupConfigOnce(const CString& sSuffix) {
Lines 1973-1975 void CZNC::LeakConnectQueueTimer(CConnectQueueTimer *pTimer) { Link Here
1973	bool CZNC::WaitForChildLock() {	1974	bool CZNC::WaitForChildLock() {
1974	return m_pLockFile && m_pLockFile->ExLock();	1975	return m_pLockFile && m_pLockFile->ExLock();
1975	}	1976	}
		1977
		1978	void CZNC::SetSystemWideConfig(bool systemWideConfig) {
		1979	m_bSystemWideConfig = systemWideConfig;
		1980	}

Return to bug 528774