aboutsummaryrefslogtreecommitdiff
path: root/external/unbound/daemon/unbound.c
diff options
context:
space:
mode:
Diffstat (limited to 'external/unbound/daemon/unbound.c')
-rw-r--r--external/unbound/daemon/unbound.c47
1 files changed, 18 insertions, 29 deletions
diff --git a/external/unbound/daemon/unbound.c b/external/unbound/daemon/unbound.c
index 5ded5a964..8e07c3895 100644
--- a/external/unbound/daemon/unbound.c
+++ b/external/unbound/daemon/unbound.c
@@ -443,18 +443,10 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
{
#ifdef HAVE_GETPWNAM
struct passwd *pwd = NULL;
- uid_t uid;
- gid_t gid;
- /* initialize, but not to 0 (root) */
- memset(&uid, 112, sizeof(uid));
- memset(&gid, 112, sizeof(gid));
- log_assert(cfg);
if(cfg->username && cfg->username[0]) {
if((pwd = getpwnam(cfg->username)) == NULL)
fatal_exit("user '%s' does not exist.", cfg->username);
- uid = pwd->pw_uid;
- gid = pwd->pw_gid;
/* endpwent below, in case we need pwd for setusercontext */
}
#endif
@@ -511,33 +503,28 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
#ifdef HAVE_KILL
if(cfg->pidfile && cfg->pidfile[0]) {
writepid(daemon->pidfile, getpid());
- if(!(cfg->chrootdir && cfg->chrootdir[0]) ||
- (cfg->chrootdir && cfg->chrootdir[0] &&
- strncmp(daemon->pidfile, cfg->chrootdir,
- strlen(cfg->chrootdir))==0)) {
- /* delete of pidfile could potentially work,
- * chown to get permissions */
- if(cfg->username && cfg->username[0]) {
- if(chown(daemon->pidfile, uid, gid) == -1) {
+ if(cfg->username && cfg->username[0] && cfg_uid != (uid_t)-1) {
+# ifdef HAVE_CHOWN
+ if(chown(daemon->pidfile, cfg_uid, cfg_gid) == -1) {
log_err("cannot chown %u.%u %s: %s",
- (unsigned)uid, (unsigned)gid,
+ (unsigned)cfg_uid, (unsigned)cfg_gid,
daemon->pidfile, strerror(errno));
- }
}
+# endif /* HAVE_CHOWN */
}
}
#else
(void)daemon;
-#endif
+#endif /* HAVE_KILL */
/* Set user context */
#ifdef HAVE_GETPWNAM
- if(cfg->username && cfg->username[0]) {
+ if(cfg->username && cfg->username[0] && cfg_uid != (uid_t)-1) {
#ifdef HAVE_SETUSERCONTEXT
/* setusercontext does initgroups, setuid, setgid, and
* also resource limits from login config, but we
* still call setresuid, setresgid to be sure to set all uid*/
- if(setusercontext(NULL, pwd, uid, (unsigned)
+ if(setusercontext(NULL, pwd, cfg_uid, (unsigned)
LOGIN_SETALL & ~LOGIN_SETUSER & ~LOGIN_SETGROUP) != 0)
log_warn("unable to setusercontext %s: %s",
cfg->username, strerror(errno));
@@ -599,29 +586,29 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
/* drop permissions after chroot, getpwnam, pidfile, syslog done*/
#ifdef HAVE_GETPWNAM
- if(cfg->username && cfg->username[0]) {
+ if(cfg->username && cfg->username[0] && cfg_uid != (uid_t)-1) {
# ifdef HAVE_INITGROUPS
- if(initgroups(cfg->username, gid) != 0)
+ if(initgroups(cfg->username, cfg_gid) != 0)
log_warn("unable to initgroups %s: %s",
cfg->username, strerror(errno));
# endif /* HAVE_INITGROUPS */
endpwent();
#ifdef HAVE_SETRESGID
- if(setresgid(gid,gid,gid) != 0)
+ if(setresgid(cfg_gid,cfg_gid,cfg_gid) != 0)
#elif defined(HAVE_SETREGID) && !defined(DARWIN_BROKEN_SETREUID)
- if(setregid(gid,gid) != 0)
+ if(setregid(cfg_gid,cfg_gid) != 0)
#else /* use setgid */
- if(setgid(gid) != 0)
+ if(setgid(cfg_gid) != 0)
#endif /* HAVE_SETRESGID */
fatal_exit("unable to set group id of %s: %s",
cfg->username, strerror(errno));
#ifdef HAVE_SETRESUID
- if(setresuid(uid,uid,uid) != 0)
+ if(setresuid(cfg_uid,cfg_uid,cfg_uid) != 0)
#elif defined(HAVE_SETREUID) && !defined(DARWIN_BROKEN_SETREUID)
- if(setreuid(uid,uid) != 0)
+ if(setreuid(cfg_uid,cfg_uid) != 0)
#else /* use setuid */
- if(setuid(uid) != 0)
+ if(setuid(cfg_uid) != 0)
#endif /* HAVE_SETRESUID */
fatal_exit("unable to set user id of %s: %s",
cfg->username, strerror(errno));
@@ -666,6 +653,8 @@ run_daemon(const char* cfgfile, int cmdline_verbose, int debug_mode)
log_warn("Continuing with default config settings");
}
apply_settings(daemon, cfg, cmdline_verbose, debug_mode);
+ if(!done_setup)
+ config_lookup_uid(cfg);
/* prepare */
if(!daemon_open_shared_ports(daemon))