From 96eb2544c3ece6f0bfcd752088eda7d38d59a1b5 Mon Sep 17 00:00:00 2001
From: Gunnar Beutner <gunnar.beutner@netways.de>
Date: Tue, 14 Oct 2014 17:03:14 +0200
Subject: [PATCH] Call setuid()/setgid() after parsing arguments

refs #7375
---
 icinga-app/icinga.cpp | 146 +++++++++++++++++++++---------------------
 1 file changed, 73 insertions(+), 73 deletions(-)

diff --git a/icinga-app/icinga.cpp b/icinga-app/icinga.cpp
index 2a09c9bf6..385d764f0 100644
--- a/icinga-app/icinga.cpp
+++ b/icinga-app/icinga.cpp
@@ -209,79 +209,6 @@ int Main(void)
 		}
 	}
 
-#ifndef _WIN32
-	String group = Application::GetRunAsGroup();
-
-	errno = 0;
-	struct group *gr = getgrnam(group.CStr());
-
-	if (!gr) {
-		if (errno == 0) {
-			std::ostringstream msgbuf;
-			msgbuf << "Invalid group specified: " + group;
-			Log(LogCritical, "cli",  msgbuf.str());
-			return EXIT_FAILURE;
-		} else {
-			std::ostringstream msgbuf;
-			msgbuf << "getgrnam() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\"";
-			Log(LogCritical, "cli",  msgbuf.str());
-			return EXIT_FAILURE;
-		}
-	}
-
-	if (getgid() != gr->gr_gid) {
-		if (!vm.count("reload-internal") && setgroups(0, NULL) < 0) {
-			std::ostringstream msgbuf;
-			msgbuf << "setgroups() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\"";
-			Log(LogCritical, "cli",  msgbuf.str());
-			return EXIT_FAILURE;
-		}
-
-		if (setgid(gr->gr_gid) < 0) {
-			std::ostringstream msgbuf;
-			msgbuf << "setgid() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\"";
-			Log(LogCritical, "cli",  msgbuf.str());
-			return EXIT_FAILURE;
-		}
-	}
-
-	String user = Application::GetRunAsUser();
-
-	errno = 0;
-	struct passwd *pw = getpwnam(user.CStr());
-
-	if (!pw) {
-		if (errno == 0) {
-			std::ostringstream msgbuf;
-			msgbuf << "Invalid user specified: " + user;
-			Log(LogCritical, "cli",  msgbuf.str());
-			return EXIT_FAILURE;
-		} else {
-			std::ostringstream msgbuf;
-			msgbuf << "getpwnam() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\"";
-			Log(LogCritical, "cli",  msgbuf.str());
-			return EXIT_FAILURE;
-		}
-	}
-
-	// also activate the additional groups the configured user is member of
-	if (getuid() != pw->pw_uid) {
-		if (!vm.count("reload-internal") && initgroups(user.CStr(), pw->pw_gid) < 0) {
-			std::ostringstream msgbuf;
-			msgbuf << "initgroups() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\"";
-			Log(LogCritical, "cli",  msgbuf.str());
-			return EXIT_FAILURE;
-		}
-
-		if (setuid(pw->pw_uid) < 0) {
-			std::ostringstream msgbuf;
-			msgbuf << "setuid() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\"";
-			Log(LogCritical, "cli",  msgbuf.str());
-			return EXIT_FAILURE;
-		}
-	}
-#endif /* _WIN32 */
-
 	Application::DeclareStatePath(Application::GetLocalStateDir() + "/lib/icinga2/icinga2.state");
 	Application::DeclareObjectsPath(Application::GetLocalStateDir() + "/cache/icinga2/icinga2.debug");
 	Application::DeclarePidPath(Application::GetRunDir() + "/icinga2/icinga2.pid");
@@ -383,6 +310,79 @@ int Main(void)
 		CLICommand::ShowCommands(argc, argv, &visibleDesc, &hiddenDesc, &argDesc, true, autoindex);
 		rc = 0;
 	} else if (command) {
+#ifndef _WIN32
+		String group = Application::GetRunAsGroup();
+	
+		errno = 0;
+		struct group *gr = getgrnam(group.CStr());
+	
+		if (!gr) {
+			if (errno == 0) {
+				std::ostringstream msgbuf;
+				msgbuf << "Invalid group specified: " + group;
+				Log(LogCritical, "cli",  msgbuf.str());
+				return EXIT_FAILURE;
+			} else {
+				std::ostringstream msgbuf;
+				msgbuf << "getgrnam() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\"";
+				Log(LogCritical, "cli",  msgbuf.str());
+				return EXIT_FAILURE;
+			}
+		}
+	
+		if (getgid() != gr->gr_gid) {
+			if (!vm.count("reload-internal") && setgroups(0, NULL) < 0) {
+				std::ostringstream msgbuf;
+				msgbuf << "setgroups() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\"";
+				Log(LogCritical, "cli",  msgbuf.str());
+				return EXIT_FAILURE;
+			}
+	
+			if (setgid(gr->gr_gid) < 0) {
+				std::ostringstream msgbuf;
+				msgbuf << "setgid() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\"";
+				Log(LogCritical, "cli",  msgbuf.str());
+				return EXIT_FAILURE;
+			}
+		}
+	
+		String user = Application::GetRunAsUser();
+	
+		errno = 0;
+		struct passwd *pw = getpwnam(user.CStr());
+	
+		if (!pw) {
+			if (errno == 0) {
+				std::ostringstream msgbuf;
+				msgbuf << "Invalid user specified: " + user;
+				Log(LogCritical, "cli",  msgbuf.str());
+				return EXIT_FAILURE;
+			} else {
+				std::ostringstream msgbuf;
+				msgbuf << "getpwnam() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\"";
+				Log(LogCritical, "cli",  msgbuf.str());
+				return EXIT_FAILURE;
+			}
+		}
+	
+		// also activate the additional groups the configured user is member of
+		if (getuid() != pw->pw_uid) {
+			if (!vm.count("reload-internal") && initgroups(user.CStr(), pw->pw_gid) < 0) {
+				std::ostringstream msgbuf;
+				msgbuf << "initgroups() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\"";
+				Log(LogCritical, "cli",  msgbuf.str());
+				return EXIT_FAILURE;
+			}
+	
+			if (setuid(pw->pw_uid) < 0) {
+				std::ostringstream msgbuf;
+				msgbuf << "setuid() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\"";
+				Log(LogCritical, "cli",  msgbuf.str());
+				return EXIT_FAILURE;
+			}
+		}
+#endif /* _WIN32 */
+
 		std::vector<std::string> args;
 		if (vm.count("arg"))
 			args = vm["arg"].as<std::vector<std::string> >();