/* Define to 1 if you have the `gmtime_r' function. */
#undef HAVE_GMTIME_R
+/* Define to 1 if you have the <grp.h> header file. */
+#undef HAVE_GRP_H
+
/* If you have HMAC_CTX_init */
#undef HAVE_HMAC_CTX_INIT
/* Define to 1 if you have the `inet_pton' function. */
#undef HAVE_INET_PTON
+/* Define to 1 if you have the `initgroups' function. */
+#undef HAVE_INITGROUPS
+
/* Define to 1 if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
-for ac_header in stdarg.h stdbool.h netinet/in.h sys/param.h sys/socket.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h
+
+for ac_header in stdarg.h stdbool.h netinet/in.h sys/param.h sys/socket.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h
do
as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-for ac_func in tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev setresuid setreuid setresgid setregid glob
+
+for ac_func in tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev setresuid setreuid setresgid setregid glob initgroups
do
as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
{ echo "$as_me:$LINENO: checking for $ac_func" >&5
# Checks for header files.
AC_HEADER_STDC
-AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h sys/param.h sys/socket.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h],,, [AC_INCLUDES_DEFAULT])
+AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h sys/param.h sys/socket.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h],,, [AC_INCLUDES_DEFAULT])
# check for types
AC_CHECK_TYPE(int8_t, char)
if test $ac_cv_func_getaddrinfo = no; then
AC_LIBOBJ([fake-rfc2553])
fi
-AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev setresuid setreuid setresgid setregid glob])
+AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev setresuid setreuid setresgid setregid glob initgroups])
# check if setreuid en setregid fail, on MacOSX10.4(darwin8).
if echo $build_os | grep darwin8 > /dev/null; then
#ifdef HAVE_PWD_H
#include <pwd.h>
#endif
+#ifdef HAVE_GRP_H
+#include <grp.h>
+#endif
#ifdef HAVE_SYS_RESOURCE_H
#include <sys/resource.h>
/* drop permissions after chroot, getpwnam, pidfile, syslog done*/
#ifdef HAVE_GETPWNAM
if(cfg->username && cfg->username[0]) {
+#ifdef HAVE_INITGROUPS
+ if(initgroups(cfg->username, gid) != 0)
+ log_warn("unable to initgroups %s: %s",
+ cfg->username, strerror(errno));
+#endif
#ifdef HAVE_SETRESGID
if(setresgid(gid,gid,gid) != 0)
#elif defined(HAVE_SETREGID) && !defined(DARWIN_BROKEN_SETREUID)
ub_cancel tries to return an error code.
Fixes race condition in ub_cancel() libunbound function.
- MacOSX Leopard cleaner text output from configure.
+ - initgroups(3) is called to drop secondary group permissions, if
+ applicable.
4 February 2009: Wouter
- tag for release 1.2.1.
projects / thirdparty / unbound.git / commitdiff
