+#define set_env(key, value) putenv(avahi_strdup_printf("%s=%s", (key), (value)))
+
+static int drop_privs(void) {
+ struct passwd *pw;
+ struct group * gr;
+ int r;
+ mode_t u;
+
+ /* Get user/group ID */
+
+ if (!no_drop_root) {
+
+ if (!(pw = getpwnam(AVAHI_AUTOIPD_USER))) {
+ daemon_log(LOG_ERR, "Failed to find user '"AVAHI_AUTOIPD_USER"'.");
+ return -1;
+ }
+
+ if (!(gr = getgrnam(AVAHI_AUTOIPD_GROUP))) {
+ daemon_log(LOG_ERR, "Failed to find group '"AVAHI_AUTOIPD_GROUP"'.");
+ return -1;
+ }
+
+ daemon_log(LOG_INFO, "Found user '"AVAHI_AUTOIPD_USER"' (UID %lu) and group '"AVAHI_AUTOIPD_GROUP"' (GID %lu).", (unsigned long) pw->pw_uid, (unsigned long) gr->gr_gid);
+ }
+
+ /* Create directory */
+ u = umask(0000);
+ r = mkdir(AVAHI_IPDATA_DIR, 0755);
+ umask(u);
+
+ if (r < 0 && errno != EEXIST) {
+ daemon_log(LOG_ERR, "mkdir(\""AVAHI_IPDATA_DIR"\"): %s", strerror(errno));
+ return -1;
+ }
+
+ /* Convey working directory */
+
+ if (!no_drop_root) {
+ struct stat st;
+
+ chown(AVAHI_IPDATA_DIR, pw->pw_uid, gr->gr_gid);
+
+ if (stat(AVAHI_IPDATA_DIR, &st) < 0) {
+ daemon_log(LOG_ERR, "stat(): %s\n", strerror(errno));
+ return -1;
+ }
+
+ if (!S_ISDIR(st.st_mode) || st.st_uid != pw->pw_uid || st.st_gid != gr->gr_gid) {
+ daemon_log(LOG_ERR, "Failed to create runtime directory "AVAHI_IPDATA_DIR".");
+ return -1;
+ }
+ }
+
+#ifdef HAVE_CHROOT
+
+ if (!no_chroot) {
+ if (chroot(AVAHI_IPDATA_DIR) < 0) {
+ daemon_log(LOG_ERR, "Failed to chroot(): %s", strerror(errno));
+ return -1;
+ }
+
+ daemon_log(LOG_INFO, "Successfully called chroot().");
+ chdir("/");
+
+ /* Since we are now trapped inside a chroot we cannot remove
+ * the pid file anymore, the helper process will do that for us. */
+ wrote_pid_file = 0;
+ }
+
+#endif
+
+ if (!no_drop_root) {
+
+ if (initgroups(AVAHI_AUTOIPD_USER, gr->gr_gid) != 0) {
+ daemon_log(LOG_ERR, "Failed to change group list: %s", strerror(errno));
+ return -1;
+ }
+
+#if defined(HAVE_SETRESGID)
+ r = setresgid(gr->gr_gid, gr->gr_gid, gr->gr_gid);
+#elif defined(HAVE_SETEGID)
+ if ((r = setgid(gr->gr_gid)) >= 0)
+ r = setegid(gr->gr_gid);
+#elif defined(HAVE_SETREGID)
+ r = setregid(gr->gr_gid, gr->gr_gid);
+#else
+#error "No API to drop priviliges"
+#endif
+
+ if (r < 0) {
+ daemon_log(LOG_ERR, "Failed to change GID: %s", strerror(errno));
+ return -1;
+ }
+
+#if defined(HAVE_SETRESUID)
+ r = setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid);
+#elif defined(HAVE_SETEUID)
+ if ((r = setuid(pw->pw_uid)) >= 0)
+ r = seteuid(pw->pw_uid);
+#elif defined(HAVE_SETREUID)
+ r = setreuid(pw->pw_uid, pw->pw_uid);
+#else
+#error "No API to drop priviliges"
+#endif
+
+ if (r < 0) {
+ daemon_log(LOG_ERR, "Failed to change UID: %s", strerror(errno));
+ return -1;
+ }
+
+ set_env("USER", pw->pw_name);
+ set_env("LOGNAME", pw->pw_name);
+ set_env("HOME", pw->pw_dir);
+
+ daemon_log(LOG_ERR, "Successfully dropped root privileges.");
+ }
+
+ return 0;
+}
+