upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-24 00:29:58 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Fix #647 crash in 1.5.2 because pwd.db no longer accessible after

Browse source 
reload.


git-svn-id: file:///svn/unbound/trunk@3341 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2015-02-20 14:48:04 +00:00
parent 34402f8455
commit a226533c8b
5 changed files with 28 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
daemon/remote.c
View file

@ -329,7 +329,7 @@ add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err,
if(fd != -1) { if(fd != -1) {
#ifdef HAVE_CHOWN #ifdef HAVE_CHOWN
if (cfg->username && cfg->username[0]) if (cfg->username && cfg->username[0])
chown(ip, cfg->uid, cfg->gid); chown(ip, cfg_uid, cfg_gid);
chmod(ip, (mode_t)(S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP)); chmod(ip, (mode_t)(S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP));
#else #else
(void)cfg; (void)cfg;

23
daemon/unbound.c
View file

@ -505,9 +505,9 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
writepid(daemon->pidfile, getpid()); writepid(daemon->pidfile, getpid());
if(cfg->username && cfg->username[0]) { if(cfg->username && cfg->username[0]) {
# ifdef HAVE_CHOWN # ifdef HAVE_CHOWN
if(chown(daemon->pidfile, cfg->uid, cfg->gid) == -1) { if(chown(daemon->pidfile, cfg_uid, cfg_gid) == -1) {
log_err("cannot chown %u.%u %s: %s", log_err("cannot chown %u.%u %s: %s",
(unsigned)cfg->uid, (unsigned)cfg->gid, (unsigned)cfg_uid, (unsigned)cfg_gid,
daemon->pidfile, strerror(errno)); daemon->pidfile, strerror(errno));
} }
# endif /* HAVE_CHOWN */ # endif /* HAVE_CHOWN */
@ -524,7 +524,7 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
/* setusercontext does initgroups, setuid, setgid, and /* setusercontext does initgroups, setuid, setgid, and
* also resource limits from login config, but we * also resource limits from login config, but we
* still call setresuid, setresgid to be sure to set all uid*/ * still call setresuid, setresgid to be sure to set all uid*/
if(setusercontext(NULL, pwd, cfg->uid, (unsigned) if(setusercontext(NULL, pwd, cfg_uid, (unsigned)
LOGIN_SETALL & ~LOGIN_SETUSER & ~LOGIN_SETGROUP) != 0) LOGIN_SETALL & ~LOGIN_SETUSER & ~LOGIN_SETGROUP) != 0)
log_warn("unable to setusercontext %s: %s", log_warn("unable to setusercontext %s: %s",
cfg->username, strerror(errno)); cfg->username, strerror(errno));
@ -588,27 +588,27 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
#ifdef HAVE_GETPWNAM #ifdef HAVE_GETPWNAM
if(cfg->username && cfg->username[0]) { if(cfg->username && cfg->username[0]) {
# ifdef HAVE_INITGROUPS # ifdef HAVE_INITGROUPS
if(initgroups(cfg->username, cfg->gid) != 0) if(initgroups(cfg->username, cfg_gid) != 0)
log_warn("unable to initgroups %s: %s", log_warn("unable to initgroups %s: %s",
cfg->username, strerror(errno)); cfg->username, strerror(errno));
# endif /* HAVE_INITGROUPS */ # endif /* HAVE_INITGROUPS */
endpwent(); endpwent();
#ifdef HAVE_SETRESGID #ifdef HAVE_SETRESGID
if(setresgid(cfg->gid,cfg->gid,cfg->gid) != 0) if(setresgid(cfg_gid,cfg_gid,cfg_gid) != 0)
#elif defined(HAVE_SETREGID) && !defined(DARWIN_BROKEN_SETREUID) #elif defined(HAVE_SETREGID) && !defined(DARWIN_BROKEN_SETREUID)
if(setregid(cfg->gid,cfg->gid) != 0) if(setregid(cfg_gid,cfg_gid) != 0)
#else /* use setgid */ #else /* use setgid */
if(setgid(cfg->gid) != 0) if(setgid(cfg_gid) != 0)
#endif /* HAVE_SETRESGID */ #endif /* HAVE_SETRESGID */
fatal_exit("unable to set group id of %s: %s", fatal_exit("unable to set group id of %s: %s",
cfg->username, strerror(errno)); cfg->username, strerror(errno));
#ifdef HAVE_SETRESUID #ifdef HAVE_SETRESUID
if(setresuid(cfg->uid,cfg->uid,cfg->uid) != 0) if(setresuid(cfg_uid,cfg_uid,cfg_uid) != 0)
#elif defined(HAVE_SETREUID) && !defined(DARWIN_BROKEN_SETREUID) #elif defined(HAVE_SETREUID) && !defined(DARWIN_BROKEN_SETREUID)
if(setreuid(cfg->uid,cfg->uid) != 0) if(setreuid(cfg_uid,cfg_uid) != 0)
#else /* use setuid */ #else /* use setuid */
if(setuid(cfg->uid) != 0) if(setuid(cfg_uid) != 0)
#endif /* HAVE_SETRESUID */ #endif /* HAVE_SETRESUID */
fatal_exit("unable to set user id of %s: %s", fatal_exit("unable to set user id of %s: %s",
cfg->username, strerror(errno)); cfg->username, strerror(errno));
@ -653,7 +653,8 @@ run_daemon(const char* cfgfile, int cmdline_verbose, int debug_mode)
log_warn("Continuing with default config settings"); log_warn("Continuing with default config settings");
} }
apply_settings(daemon, cfg, cmdline_verbose, debug_mode); apply_settings(daemon, cfg, cmdline_verbose, debug_mode);
config_lookup_uid(cfg); if(!done_setup)
config_lookup_uid(cfg);
/* prepare */ /* prepare */
if(!daemon_open_shared_ports(daemon)) if(!daemon_open_shared_ports(daemon))

2
doc/Changelog
View file

@ -3,6 +3,8 @@
Kallweit). Kallweit).
- Fix #645 Portability to Solaris 10, use AF_LOCAL. - Fix #645 Portability to Solaris 10, use AF_LOCAL.
- Fix #646 Portability to Solaris, -lrt for getentropy_solaris. - Fix #646 Portability to Solaris, -lrt for getentropy_solaris.
- Fix #647 crash in 1.5.2 because pwd.db no longer accessible after
reload.
19 February 2015: Wouter 19 February 2015: Wouter
- 1.5.2 release tag. - 1.5.2 release tag.

11
util/config_file.c
View file

@ -65,6 +65,11 @@
#include <pwd.h> #include <pwd.h>
#endif #endif
/** from cfg username, after daemonise setup performed */
uid_t cfg_uid = (uid_t)-1;
/** from cfg username, after daemonise setup performed */
gid_t cfg_gid = (gid_t)-1;
/** global config during parsing */ /** global config during parsing */
struct config_parser_state* cfg_parser = 0; struct config_parser_state* cfg_parser = 0;
@ -136,8 +141,6 @@ config_create(void)
goto error_exit; goto error_exit;
init_outgoing_availports(cfg->outgoing_avail_ports, 65536); init_outgoing_availports(cfg->outgoing_avail_ports, 65536);
if(!(cfg->username = strdup(UB_USERNAME))) goto error_exit; if(!(cfg->username = strdup(UB_USERNAME))) goto error_exit;
cfg->uid = (uid_t)-1;
cfg->gid = (gid_t)-1;
#ifdef HAVE_CHROOT #ifdef HAVE_CHROOT
if(!(cfg->chrootdir = strdup(CHROOT_DIR))) goto error_exit; if(!(cfg->chrootdir = strdup(CHROOT_DIR))) goto error_exit;
#endif #endif
@ -1210,8 +1213,8 @@ void config_lookup_uid(struct config_file* cfg)
struct passwd *pwd; struct passwd *pwd;
if((pwd = getpwnam(cfg->username)) == NULL) if((pwd = getpwnam(cfg->username)) == NULL)
log_err("user '%s' does not exist.", cfg->username); log_err("user '%s' does not exist.", cfg->username);
cfg->uid = pwd->pw_uid; cfg_uid = pwd->pw_uid;
cfg->gid = pwd->pw_gid; cfg_gid = pwd->pw_gid;
} }
#else #else
(void)cfg; (void)cfg;

9
util/config_file.h
View file

@ -194,8 +194,6 @@ struct config_file {
char* chrootdir; char* chrootdir;
/** username to change to, if not "". */ /** username to change to, if not "". */
char* username; char* username;
uid_t uid;
gid_t gid;
/** working directory */ /** working directory */
char* directory; char* directory;
/** filename to log to. */ /** filename to log to. */
@ -345,6 +343,11 @@ struct config_file {
int dnstap_log_forwarder_response_messages; int dnstap_log_forwarder_response_messages;
}; };
/** from cfg username, after daemonise setup performed */
extern uid_t cfg_uid;
/** from cfg username, after daemonise setup performed */
extern gid_t cfg_gid;
/** /**
* Stub config options * Stub config options
*/ */
@ -429,7 +432,7 @@ void config_delete(struct config_file* config);
void config_apply(struct config_file* config); void config_apply(struct config_file* config);
/** /**
* Find username, sets uid and gid. * Find username, sets cfg_uid and cfg_gid.
* @param config: the config structure. * @param config: the config structure.
*/ */
void config_lookup_uid(struct config_file* config); void config_lookup_uid(struct config_file* config);