util.pposix, prosodyctl, mod_posix: Add initgroups() function, and bump module versio...

diff --git a/plugins/mod_posix.lua b/plugins/mod_posix.lua
index 77b2f2a4ee25ae16d23d7198e834be09f7b13e10..38195b13f6dad7159ce6994a872a6cd759137a16 100644 (file)
--- a/plugins/mod_posix.lua
+++ b/plugins/mod_posix.lua
@@ -7,7 +7,7 @@
 --
 
 
-local want_pposix_version = "0.3.3";
+local want_pposix_version = "0.3.4";
 
 local pposix = assert(require "util.pposix");
 if pposix._VERSION ~= want_pposix_version then module:log("warn", "Unknown version (%s) of binary pposix module, expected %s", tostring(pposix._VERSION), want_pposix_version); end

diff --git a/prosodyctl b/prosodyctl
index 9bb8d4ad7173137887bd36d9e00b8e36d3eaf245..9af36ad9ebce2ef115aab1dab25f2a793baef80a 100755 (executable)
--- a/prosodyctl
+++ b/prosodyctl
@@ -79,7 +79,7 @@ require "util.datamanager".set_data_path(data_path);
 -- Switch away from root and into the prosody user --
 local switched_user, current_uid;
 
-local want_pposix_version = "0.3.3";
+local want_pposix_version = "0.3.4";
 local ok, pposix = pcall(require, "util.pposix");
 
 if ok and pposix then
@@ -90,6 +90,9 @@ if ok and pposix then
                local desired_user = config.get("*", "core", "prosody_user") or "prosody";
                local desired_group = config.get("*", "core", "prosody_group") or desired_user;
                local ok, err = pposix.setgid(desired_group);
+               if ok then
+                       ok, err = pposix.initgroups(desired_user);
+               end
                if ok then
                        ok, err = pposix.setuid(desired_user);
                        if ok then

diff --git a/util-src/pposix.c b/util-src/pposix.c
index 9f16f178b6cffd34e529babf1ad8674a60988a7e..1b1f85fd75d7c272bd303a4b12d134c7b430f03d 100644 (file)
--- a/util-src/pposix.c
+++ b/util-src/pposix.c
@@ -13,7 +13,7 @@
 * POSIX support functions for Lua
 */
 
-#define MODULE_VERSION "0.3.3"
+#define MODULE_VERSION "0.3.4"
 
 #include <stdlib.h>
 #include <math.h>
@@ -359,6 +359,62 @@ int lc_setgid(lua_State* L)
        return 2;
 }
 
+int lc_initgroups(lua_State* L)
+{
+       int ret;
+       gid_t gid;
+       struct passwd *p;
+
+       if(!lua_isstring(L, 1))
+       {
+               lua_pushnil(L);
+               lua_pushstring(L, "invalid-username");
+               return 2;
+       }
+       p = getpwnam(lua_tostring(L, 1));
+       if(!p)
+       {
+               lua_pushnil(L);
+               lua_pushstring(L, "no-such-user");
+               return 2;
+       }
+       if(lua_gettop(L) < 2)
+               lua_pushnil(L);
+       switch(lua_type(L, 2))
+       {
+       case LUA_TNIL:
+               gid = p->pw_gid;
+               break;
+       case LUA_TNUMBER:
+               gid = lua_tointeger(L, 2);
+               break;
+       default:
+               lua_pushnil(L);
+               lua_pushstring(L, "invalid-gid");
+               return 2;
+       }
+       ret = initgroups(lua_tostring(L, 1), gid);
+       switch(errno)
+       {
+       case 0:
+               lua_pushboolean(L, 1);
+               lua_pushnil(L);
+               break;
+       case ENOMEM:
+               lua_pushnil(L);
+               lua_pushstring(L, "no-memory");
+               break;
+       case EPERM:
+               lua_pushnil(L);
+               lua_pushstring(L, "permission-denied");
+               break;
+       default:
+               lua_pushnil(L);
+               lua_pushstring(L, "unknown-error");
+       }
+       return 2;
+}
+
 int lc_umask(lua_State* L)
 {
        char old_mode_string[7];
@@ -517,6 +573,7 @@ int luaopen_util_pposix(lua_State *L)
 
                { "setuid", lc_setuid },
                { "setgid", lc_setgid },
+               { "initgroups", lc_initgroups },
 
                { "umask", lc_umask },