use setusercontext(3).

git-svn-id: file:///svn/unbound/trunk@1474 be551aaa-1e26-0410-a405-d3ace91eadb9

config.h.in

@@ -188,6 +188,9 @@
 /* Define to 1 if you have the `setsid' function. */
 #undef HAVE_SETSID
 
+/* Define to 1 if you have the `setusercontext' function. */
+#undef HAVE_SETUSERCONTEXT
+
 /* Define to 1 if you have the `sigprocmask' function. */
 #undef HAVE_SIGPROCMASK
 

configure

@@ -25380,7 +25380,8 @@ fi
 
 
 
-for ac_func in tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev setresuid setreuid setresgid setregid glob initgroups daemon strftime localtime_r
+
+for ac_func in tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev setresuid setreuid setresgid setregid glob initgroups daemon strftime localtime_r setusercontext
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
 { echo "$as_me:$LINENO: checking for $ac_func" >&5

configure.ac

@@ -855,7 +855,7 @@ AC_CHECK_GETADDRINFO_WITH_INCLUDES
 if test $ac_cv_func_getaddrinfo = no; then
 AC_LIBOBJ([fake-rfc2553])
 fi
-AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev setresuid setreuid setresgid setregid glob initgroups daemon strftime localtime_r])
+AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev setresuid setreuid setresgid setregid glob initgroups daemon strftime localtime_r setusercontext])
 
 # check if setreuid en setregid fail, on MacOSX10.4(darwin8).
 if echo $build_os | grep darwin8 > /dev/null; then

daemon/unbound.c

@@ -333,6 +333,7 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
 	const char** cfgfile)
 {
 #ifdef HAVE_GETPWNAM
+	struct passwd *pwd = NULL;
 	uid_t uid;
 	gid_t gid;
 	/* initialize, but not to 0 (root) */
@@ -341,12 +342,11 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
 	log_assert(cfg);
 
 	if(cfg->username && cfg->username[0]) {
-		struct passwd *pwd;
 		if((pwd = getpwnam(cfg->username)) == NULL)
 			fatal_exit("user '%s' does not exist.", cfg->username);
 		uid = pwd->pw_uid;
 		gid = pwd->pw_gid;
-		endpwent();
+		/* endpwent below, in case we need pwd for setusercontext */
 	}
 #endif
 
@@ -460,11 +460,22 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
 	/* drop permissions after chroot, getpwnam, pidfile, syslog done*/
 #ifdef HAVE_GETPWNAM
 	if(cfg->username && cfg->username[0]) {
-#ifdef HAVE_INITGROUPS
+#ifdef HAVE_SETUSERCONTEXT
+		/* setusercontext does initgroups, setuid, setgid, and
+		 * also resource limits from login config, but we
+		 * still call setresuid, setresgid to be sure to set all uid*/
+		if(setusercontext(NULL, pwd, uid, LOGIN_SETALL) != 0)
+			fatal_exit("could not setusercontext %s: %s",
+				cfg->username, strerror(errno));
+#else /* !HAVE_SETUSERCONTEXT */
+#  ifdef HAVE_INITGROUPS
 		if(initgroups(cfg->username, gid) != 0)
 			log_warn("unable to initgroups %s: %s",
 				cfg->username, strerror(errno));
-#endif
+#  endif /* HAVE_INITGROUPS */
+#endif /* HAVE_SETUSERCONTEXT */
+		endpwent();
+
 #ifdef HAVE_SETRESGID
 		if(setresgid(gid,gid,gid) != 0)
 #elif defined(HAVE_SETREGID) && !defined(DARWIN_BROKEN_SETREUID)
@@ -486,7 +497,7 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
 		verbose(VERB_QUERY, "drop user privileges, run as %s", 
 			cfg->username);
 	}
-#endif
+#endif /* HAVE_GETPWNAM */
 	/* file logging inited after chroot,chdir,setuid is done so that 
 	 * it would succeed on SIGHUP as well */
 	if(!cfg->use_syslog)

doc/Changelog

@@ -1,3 +1,6 @@
+12 February 2009: Wouter
+	- call setusercontext if available (on BSD).
+
 10 February 2009: Wouter
 	- keys with rfc5011 REVOKE flag are skipped and not considered when
 	  validating data.