diff options
Diffstat (limited to '')
-rw-r--r-- | external/unbound/daemon/unbound.c | 47 |
1 files changed, 18 insertions, 29 deletions
diff --git a/external/unbound/daemon/unbound.c b/external/unbound/daemon/unbound.c index 5ded5a964..8e07c3895 100644 --- a/external/unbound/daemon/unbound.c +++ b/external/unbound/daemon/unbound.c @@ -443,18 +443,10 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, { #ifdef HAVE_GETPWNAM struct passwd *pwd = NULL; - uid_t uid; - gid_t gid; - /* initialize, but not to 0 (root) */ - memset(&uid, 112, sizeof(uid)); - memset(&gid, 112, sizeof(gid)); - log_assert(cfg); if(cfg->username && cfg->username[0]) { if((pwd = getpwnam(cfg->username)) == NULL) fatal_exit("user '%s' does not exist.", cfg->username); - uid = pwd->pw_uid; - gid = pwd->pw_gid; /* endpwent below, in case we need pwd for setusercontext */ } #endif @@ -511,33 +503,28 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, #ifdef HAVE_KILL if(cfg->pidfile && cfg->pidfile[0]) { writepid(daemon->pidfile, getpid()); - if(!(cfg->chrootdir && cfg->chrootdir[0]) || - (cfg->chrootdir && cfg->chrootdir[0] && - strncmp(daemon->pidfile, cfg->chrootdir, - strlen(cfg->chrootdir))==0)) { - /* delete of pidfile could potentially work, - * chown to get permissions */ - if(cfg->username && cfg->username[0]) { - if(chown(daemon->pidfile, uid, gid) == -1) { + if(cfg->username && cfg->username[0] && cfg_uid != (uid_t)-1) { +# ifdef HAVE_CHOWN + if(chown(daemon->pidfile, cfg_uid, cfg_gid) == -1) { log_err("cannot chown %u.%u %s: %s", - (unsigned)uid, (unsigned)gid, + (unsigned)cfg_uid, (unsigned)cfg_gid, daemon->pidfile, strerror(errno)); - } } +# endif /* HAVE_CHOWN */ } } #else (void)daemon; -#endif +#endif /* HAVE_KILL */ /* Set user context */ #ifdef HAVE_GETPWNAM - if(cfg->username && cfg->username[0]) { + if(cfg->username && cfg->username[0] && cfg_uid != (uid_t)-1) { #ifdef HAVE_SETUSERCONTEXT /* setusercontext does initgroups, setuid, setgid, and * also resource limits from login config, but we * still call setresuid, setresgid to be sure to set all uid*/ - if(setusercontext(NULL, pwd, uid, (unsigned) + if(setusercontext(NULL, pwd, cfg_uid, (unsigned) LOGIN_SETALL & ~LOGIN_SETUSER & ~LOGIN_SETGROUP) != 0) log_warn("unable to setusercontext %s: %s", cfg->username, strerror(errno)); @@ -599,29 +586,29 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, /* drop permissions after chroot, getpwnam, pidfile, syslog done*/ #ifdef HAVE_GETPWNAM - if(cfg->username && cfg->username[0]) { + if(cfg->username && cfg->username[0] && cfg_uid != (uid_t)-1) { # ifdef HAVE_INITGROUPS - if(initgroups(cfg->username, gid) != 0) + if(initgroups(cfg->username, cfg_gid) != 0) log_warn("unable to initgroups %s: %s", cfg->username, strerror(errno)); # endif /* HAVE_INITGROUPS */ endpwent(); #ifdef HAVE_SETRESGID - if(setresgid(gid,gid,gid) != 0) + if(setresgid(cfg_gid,cfg_gid,cfg_gid) != 0) #elif defined(HAVE_SETREGID) && !defined(DARWIN_BROKEN_SETREUID) - if(setregid(gid,gid) != 0) + if(setregid(cfg_gid,cfg_gid) != 0) #else /* use setgid */ - if(setgid(gid) != 0) + if(setgid(cfg_gid) != 0) #endif /* HAVE_SETRESGID */ fatal_exit("unable to set group id of %s: %s", cfg->username, strerror(errno)); #ifdef HAVE_SETRESUID - if(setresuid(uid,uid,uid) != 0) + if(setresuid(cfg_uid,cfg_uid,cfg_uid) != 0) #elif defined(HAVE_SETREUID) && !defined(DARWIN_BROKEN_SETREUID) - if(setreuid(uid,uid) != 0) + if(setreuid(cfg_uid,cfg_uid) != 0) #else /* use setuid */ - if(setuid(uid) != 0) + if(setuid(cfg_uid) != 0) #endif /* HAVE_SETRESUID */ fatal_exit("unable to set user id of %s: %s", cfg->username, strerror(errno)); @@ -666,6 +653,8 @@ run_daemon(const char* cfgfile, int cmdline_verbose, int debug_mode) log_warn("Continuing with default config settings"); } apply_settings(daemon, cfg, cmdline_verbose, debug_mode); + if(!done_setup) + config_lookup_uid(cfg); /* prepare */ if(!daemon_open_shared_ports(daemon)) |