rec: ensure correct service user on debian

[thirdparty/pdns.git] / pdns / unix_utility.cc

diff --git a/pdns/unix_utility.cc b/pdns/unix_utility.cc
index 5f5bb822cd65a5025b9436aa928f32bcb1753d91..0d180cfc84450aa2b87c83b277c88fa9b3e5a257 100644 (file)
--- a/pdns/unix_utility.cc
+++ b/pdns/unix_utility.cc
@@ -84,22 +84,22 @@ void Utility::setBindAny(int af, sock_t sock)
   (void) one; // avoids 'unused var' warning on systems that have none of the defines checked below
 #ifdef IP_FREEBIND
   if (setsockopt(sock, IPPROTO_IP, IP_FREEBIND, &one, sizeof(one)) < 0)
-      theL()<<Logger::Warning<<"Warning: IP_FREEBIND setsockopt failed: "<<strerror(errno)<<endl;
+      g_log<<Logger::Warning<<"Warning: IP_FREEBIND setsockopt failed: "<<strerror(errno)<<endl;
 #endif
 
 #ifdef IP_BINDANY
   if (af == AF_INET)
     if (setsockopt(sock, IPPROTO_IP, IP_BINDANY, &one, sizeof(one)) < 0)
-      theL()<<Logger::Warning<<"Warning: IP_BINDANY setsockopt failed: "<<strerror(errno)<<endl;
+      g_log<<Logger::Warning<<"Warning: IP_BINDANY setsockopt failed: "<<strerror(errno)<<endl;
 #endif
 #ifdef IPV6_BINDANY
   if (af == AF_INET6)
     if (setsockopt(sock, IPPROTO_IPV6, IPV6_BINDANY, &one, sizeof(one)) < 0)
-      theL()<<Logger::Warning<<"Warning: IPV6_BINDANY setsockopt failed: "<<strerror(errno)<<endl;
+      g_log<<Logger::Warning<<"Warning: IPV6_BINDANY setsockopt failed: "<<strerror(errno)<<endl;
 #endif
 #ifdef SO_BINDANY
   if (setsockopt(sock, SOL_SOCKET, SO_BINDANY, &one, sizeof(one)) < 0)
-      theL()<<Logger::Warning<<"Warning: SO_BINDANY setsockopt failed: "<<strerror(errno)<<endl;
+      g_log<<Logger::Warning<<"Warning: SO_BINDANY setsockopt failed: "<<strerror(errno)<<endl;
 #endif
 }
 
@@ -124,26 +124,26 @@ void Utility::usleep(unsigned long usec)
 
 
 // Drops the program's group privileges.
-void Utility::dropGroupPrivs( int uid, int gid )
+void Utility::dropGroupPrivs( uid_t uid, gid_t gid )
 {
-  if(gid) {
+  if(gid && gid != getegid()) {
     if(setgid(gid)<0) {
-      theL()<<Logger::Critical<<"Unable to set effective group id to "<<gid<<": "<<stringerror()<<endl;
+      g_log<<Logger::Critical<<"Unable to set effective group id to "<<gid<<": "<<stringerror()<<endl;
       exit(1);
     }
     else
-      theL()<<Logger::Info<<"Set effective group id to "<<gid<<endl;
+      g_log<<Logger::Info<<"Set effective group id to "<<gid<<endl;
 
     struct passwd *pw=getpwuid(uid);
     if(!pw) {
-      theL()<<Logger::Warning<<"Unable to determine user name for uid "<<uid<<endl;
+      g_log<<Logger::Warning<<"Unable to determine user name for uid "<<uid<<endl;
       if (setgroups(0, NULL)<0) {
-        theL()<<Logger::Critical<<"Unable to drop supplementary gids: "<<stringerror()<<endl;
+        g_log<<Logger::Critical<<"Unable to drop supplementary gids: "<<stringerror()<<endl;
         exit(1);
       }
     } else {
       if (initgroups(pw->pw_name, gid)<0) {
-        theL()<<Logger::Critical<<"Unable to set supplementary groups: "<<stringerror()<<endl;
+        g_log<<Logger::Critical<<"Unable to set supplementary groups: "<<stringerror()<<endl;
         exit(1);
       }
     }
@@ -152,15 +152,15 @@ void Utility::dropGroupPrivs( int uid, int gid )
 
 
 // Drops the program's user privileges.
-void Utility::dropUserPrivs( int uid )
+void Utility::dropUserPrivs( uid_t uid )
 {
-  if(uid) {
+  if(uid && uid != geteuid()) {
     if(setuid(uid)<0) {
-      theL()<<Logger::Critical<<"Unable to set effective user id to "<<uid<<":  "<<stringerror()<<endl;
+      g_log<<Logger::Critical<<"Unable to set effective user id to "<<uid<<": "<<stringerror()<<endl;
       exit(1);
     }
     else
-      theL()<<Logger::Info<<"Set effective user id to "<<uid<<endl;
+      g_log<<Logger::Info<<"Set effective user id to "<<uid<<endl;
   }
 }
 
@@ -181,14 +181,14 @@ int Utility::gettimeofday( struct timeval *tv, void *tz )
 
 
 // Retrieves a gid using a groupname.
-int Utility::makeGidNumeric(const string &group)
+gid_t Utility::makeGidNumeric(const string &group)
 {
-  int newgid;
+  gid_t newgid;
   if(!(newgid=atoi(group.c_str()))) {
     errno=0;
     struct group *gr=getgrnam(group.c_str());
     if(!gr) {
-      theL()<<Logger::Critical<<"Unable to look up gid of group '"<<group<<"': "<< (errno ? strerror(errno) : "not found") <<endl;
+      g_log<<Logger::Critical<<"Unable to look up gid of group '"<<group<<"': "<< (errno ? strerror(errno) : "not found") <<endl;
       exit(1);
     }
     newgid=gr->gr_gid;
@@ -198,13 +198,13 @@ int Utility::makeGidNumeric(const string &group)
 
 
 // Retrieves an uid using a username.
-int Utility::makeUidNumeric(const string &username)
+uid_t Utility::makeUidNumeric(const string &username)
 {
-  int newuid;
+  uid_t newuid;
   if(!(newuid=atoi(username.c_str()))) {
     struct passwd *pw=getpwnam(username.c_str());
     if(!pw) {
-      theL()<<Logger::Critical<<"Unable to look up uid of user '"<<username<<"': "<< (errno ? strerror(errno) : "not found") <<endl;
+      g_log<<Logger::Critical<<"Unable to look up uid of user '"<<username<<"': "<< (errno ? strerror(errno) : "not found") <<endl;
       exit(1);
     }
     newuid=pw->pw_uid;
@@ -212,20 +212,14 @@ int Utility::makeUidNumeric(const string &username)
   return newuid;
 }
 
-
-// Returns a random number.
-long int Utility::random( void )
-{
-  return rand();
-}
-
 // Sets the random seed.
-void Utility::srandom( unsigned int seed )
+void Utility::srandom(void)
 {
-  ::srandom(seed);
+  struct timeval tv;
+  gettimeofday(&tv, 0);
+  ::srandom(tv.tv_sec ^ tv.tv_usec ^ getpid());
 }
 
-
 // Writes a vector.
 int Utility::writev(int socket, const iovec *vector, size_t count )
 {