[src/trunk]: src/external/bsd/tcpdump/dist move droproot after we have dealt ...

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/ce4e9db39ae3
branches:  trunk
changeset: 786064:ce4e9db39ae3
user:      christos <christos%NetBSD.org@localhost>
date:      Fri Apr 12 23:51:50 2013 +0000

description:
move droproot after we have dealt with input and output files.

diffstat:

 external/bsd/tcpdump/dist/print-ip.c |   3 +-
 external/bsd/tcpdump/dist/tcpdump.c  |  47 +++++++++++++++++------------------
 2 files changed, 25 insertions(+), 25 deletions(-)

diffs (91 lines):

diff -r 59785e68ca97 -r ce4e9db39ae3 external/bsd/tcpdump/dist/print-ip.c
--- a/external/bsd/tcpdump/dist/print-ip.c      Fri Apr 12 21:49:54 2013 +0000
+++ b/external/bsd/tcpdump/dist/print-ip.c      Fri Apr 12 23:51:50 2013 +0000
@@ -25,7 +25,7 @@
 static const char rcsid[] _U_ =
     "@(#) Header: /tcpdump/master/tcpdump/print-ip.c,v 1.159 2007-09-14 01:29:28 guy Exp  (LBL)";
 #else
-__RCSID("$NetBSD: print-ip.c,v 1.3 2013/04/06 19:33:08 christos Exp $");
+__RCSID("$NetBSD: print-ip.c,v 1.4 2013/04/12 23:51:50 christos Exp $");
 #endif
 #endif
 
@@ -491,6 +491,7 @@
                break;
 
        default:
+               fprintf(stderr, "XXXX: %d %d\n", ndo->ndo_nflag, ipds->nh);
                if (ndo->ndo_nflag==0 && (proto = getprotobynumber(ipds->nh)) != NULL)
                        ND_PRINT((ndo, " %s", proto->p_name));
                else
diff -r 59785e68ca97 -r ce4e9db39ae3 external/bsd/tcpdump/dist/tcpdump.c
--- a/external/bsd/tcpdump/dist/tcpdump.c       Fri Apr 12 21:49:54 2013 +0000
+++ b/external/bsd/tcpdump/dist/tcpdump.c       Fri Apr 12 23:51:50 2013 +0000
@@ -34,7 +34,7 @@
 static const char rcsid[] _U_ =
     "@(#) Header: /tcpdump/master/tcpdump/tcpdump.c,v 1.283 2008-09-25 21:45:50 guy Exp  (LBL)";
 #else
-__RCSID("$NetBSD: tcpdump.c,v 1.5 2013/04/07 19:17:11 christos Exp $");
+__RCSID("$NetBSD: tcpdump.c,v 1.6 2013/04/12 23:51:50 christos Exp $");
 #endif
 #endif
 
@@ -1295,29 +1295,6 @@
                (void)setsignal(SIGHUP, oldhandler);
 #endif /* WIN32 */
 
-#ifndef WIN32
-       /*
-        * If a user name was specified with "-Z", attempt to switch to
-        * that user's UID.  This would probably be used with sudo,
-        * to allow tcpdump to be run in a special restricted
-        * account (if you just want to allow users to open capture
-        * devices, and can't just give users that permission,
-        * you'd make tcpdump set-UID or set-GID).
-        *
-        * Tcpdump doesn't necessarily write only to one savefile;
-        * the general only way to allow a -Z instance to write to
-        * savefiles as the user under whose UID it's run, rather
-        * than as the user specified with -Z, would thus be to switch
-        * to the original user ID before opening a capture file and
-        * then switch back to the -Z user ID after opening the savefile.
-        * Switching to the -Z user ID only after opening the first
-        * savefile doesn't handle the general case.
-        */
-       if (getuid() == 0 || geteuid() == 0) {
-               if (username || chroot_dir)
-                       droproot(username, chroot_dir);
-       }
-#endif /* WIN32 */
 
        if (pcap_setfilter(pd, &fcode) < 0)
                error("%s", pcap_geterr(pd));
@@ -1421,6 +1398,28 @@
                }
                (void)fflush(stderr);
        }
+
+       /*
+        * If a user name was specified with "-Z", attempt to switch to
+        * that user's UID.  This would probably be used with sudo,
+        * to allow tcpdump to be run in a special restricted
+        * account (if you just want to allow users to open capture
+        * devices, and can't just give users that permission,
+        * you'd make tcpdump set-UID or set-GID).
+        *
+        * Tcpdump doesn't necessarily write only to one savefile;
+        * the general only way to allow a -Z instance to write to
+        * savefiles as the user under whose UID it's run, rather
+        * than as the user specified with -Z, would thus be to switch
+        * to the original user ID before opening a capture file and
+        * then switch back to the -Z user ID after opening the savefile.
+        * Switching to the -Z user ID only after opening the first
+        * savefile doesn't handle the general case.
+        */
+       if (getuid() == 0 || geteuid() == 0) {
+               if (username || chroot_dir)
+                       droproot(username, chroot_dir);
+       }
 #endif /* WIN32 */
        status = pcap_loop(pd, cnt, callback, pcap_userdata);
        if (WFileName == NULL) {