authdb: use shared 'squark' group for shm areas

this way multiple users can access the shm areas (e.g. www-data
for captive portal, and proxy for squid). all system users needing
to use squark tools need to belong to this group.

1 files changed, 11 insertions, 3 deletions

diff --git a/authdb.c b/authdb.c
index 5fc7d62..488932c 100644
--- a/authdb.c
+++ b/authdb.c
@@ -4,6 +4,7 @@
 #include <malloc.h>
 #include <sched.h>
 #include <fcntl.h>
+#include <grp.h>
 
 #include "authdb.h"
 #include "addr.h"
@@ -18,10 +19,11 @@
 static struct authdb_map_entry *authdb_me_open(sockaddr_any *addr, int create)
 {
 	int oflag, fd;
-	char name[64];
+	char name[64], buf[256];
 	blob_t b = BLOB_BUF(name);
 	void *base;
 	struct authdb_map_entry *me;
+	struct group grp, *res;
 
 	blob_push(&b, BLOB_STR("squark-auth-"));
 	blob_push_hexdump(&b, addr_get_hostaddr_blob(addr));
@@ -31,15 +33,21 @@ static struct authdb_map_entry *authdb_me_open(sockaddr_any *addr, int create)
 	if (create)
 		oflag |= O_CREAT;
 
-	fd = shm_open(name, oflag, 0600);
+	fd = shm_open(name, oflag, 0660);
 	if (fd < 0)
 		return NULL;
 
-	if (create && ftruncate(fd, AUTHDB_SHM_SIZE) < 0) {
+	if (ftruncate(fd, AUTHDB_SHM_SIZE) < 0) {
 		close(fd);
 		return NULL;
 	}
 
+	getgrnam_r("squark", &grp, buf, sizeof(buf), &res);
+	if (res != NULL) {
+		fchown(fd, -1, res->gr_gid);
+		fchmod(fd, 0660);
+	}
+
 	base = mmap(NULL, AUTHDB_SHM_SIZE,
 		    PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
 	close(fd);