From aef80c8871409ee4845e03d1943860d48e1ba17b Mon Sep 17 00:00:00 2001
From: thib <thib>
Date: Thu, 14 Dec 2000 21:21:46 +0000
Subject: [PATCH] added checks : only root can use runas

---
 conf.c | 29 +++++++++++++++++++++++++----
 1 file changed, 25 insertions(+), 4 deletions(-)

diff --git a/conf.c b/conf.c
index fff6697..ce86c1b 100644
--- a/conf.c
+++ b/conf.c
@@ -22,7 +22,7 @@
  *  `LICENSE' that comes with the fcron source distribution.
  */
 
- /* $Id: conf.c,v 1.30 2000-11-13 15:47:50 thib Exp $ */
+ /* $Id: conf.c,v 1.31 2000-12-14 21:21:46 thib Exp $ */
 
 #include "fcron.h"
 
@@ -49,10 +49,9 @@ reload_all(const char *dir_name)
 
     f = file_base;
     while ( f != NULL ) {
-	if ( f->cf_running > 0 ) {
+	if ( f->cf_running > 0 )
 	    wait_all( &f->cf_running );
-	    save_file(f, NULL);
-	}
+	save_file(f, NULL);
 	delete_file(f->cf_user);    
 
 	/* delete_file remove the f file from the list :
@@ -388,6 +387,8 @@ read_file(const char *file_name, CF *cf)
     time_t slept = 0;
     char *user = NULL;
     char zero[bitstr_size(60)];
+    uid_t runas = 0;
+    struct stat file_stat;
 
     bzero(zero, sizeof(zero));
 
@@ -397,6 +398,17 @@ read_file(const char *file_name, CF *cf)
 	return 1;
     }
 
+    /* check if this file is owned by root : otherwise, all runas fields
+     * of this field should be set to the owner */
+    if ( fstat(fileno(ff), &file_stat) != 0 ) {
+	error_e("Could not stat %s", file_name);
+	return 1;
+    }
+    (file_stat.st_uid != 0) ? runas = file_stat.st_uid : 0;
+    /* */
+    debug("runas : %d", runas);
+    /* */
+
     debug("User %s Entry", file_name);
     bzero(buf, sizeof(buf));
 
@@ -450,6 +462,10 @@ read_file(const char *file_name, CF *cf)
 	    continue;
 	}
 
+	/* set runas field if necessary */
+	if (runas > 0)
+	    cl->cl_runas = runas;
+
 	if ( is_td(cl->cl_option) ) {
     
 	    /* set the time and date of the next execution  */
@@ -709,6 +725,11 @@ save_file(CF *file, char *path)
 	    if ( (f = fopen(path, "w")) == NULL )
 		error_e("save");
 
+	/* chown the file to root:root : this file should only be read and
+	 * modified by fcron (not fcrontab) */
+	if (fchown(fileno(f), 0, 0) != 0)
+	    error_e("Could not fchown '%s'", (path) ? path : file->cf_user);
+
 	/* save file : */
 
 	/* put version of frontab file: it permit to daemon not to load
-- 
2.40.0