From a226533c8b8a3bab520c9d2d345dbe7dd3924e1d Mon Sep 17 00:00:00 2001 From: Wouter Wijngaards Date: Fri, 20 Feb 2015 14:48:04 +0000 Subject: [PATCH] - Fix #647 crash in 1.5.2 because pwd.db no longer accessible after reload. git-svn-id: file:///svn/unbound/trunk@3341 be551aaa-1e26-0410-a405-d3ace91eadb9 --- daemon/remote.c | 2 +- daemon/unbound.c | 23 ++++++++++++----------- doc/Changelog | 2 ++ util/config_file.c | 11 +++++++---- util/config_file.h | 9 ++++++--- 5 files changed, 28 insertions(+), 19 deletions(-) diff --git a/daemon/remote.c b/daemon/remote.c index 7a8fdb75e..65749568f 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -329,7 +329,7 @@ add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err, if(fd != -1) { #ifdef HAVE_CHOWN if (cfg->username && cfg->username[0]) - chown(ip, cfg->uid, cfg->gid); + chown(ip, cfg_uid, cfg_gid); chmod(ip, (mode_t)(S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP)); #else (void)cfg; diff --git a/daemon/unbound.c b/daemon/unbound.c index f6bd924a5..b70e39686 100644 --- a/daemon/unbound.c +++ b/daemon/unbound.c @@ -505,9 +505,9 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, writepid(daemon->pidfile, getpid()); if(cfg->username && cfg->username[0]) { # ifdef HAVE_CHOWN - if(chown(daemon->pidfile, cfg->uid, cfg->gid) == -1) { + if(chown(daemon->pidfile, cfg_uid, cfg_gid) == -1) { log_err("cannot chown %u.%u %s: %s", - (unsigned)cfg->uid, (unsigned)cfg->gid, + (unsigned)cfg_uid, (unsigned)cfg_gid, daemon->pidfile, strerror(errno)); } # endif /* HAVE_CHOWN */ @@ -524,7 +524,7 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, /* setusercontext does initgroups, setuid, setgid, and * also resource limits from login config, but we * still call setresuid, setresgid to be sure to set all uid*/ - if(setusercontext(NULL, pwd, cfg->uid, (unsigned) + if(setusercontext(NULL, pwd, cfg_uid, (unsigned) LOGIN_SETALL & ~LOGIN_SETUSER & ~LOGIN_SETGROUP) != 0) log_warn("unable to setusercontext %s: %s", cfg->username, strerror(errno)); @@ -588,27 +588,27 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, #ifdef HAVE_GETPWNAM if(cfg->username && cfg->username[0]) { # ifdef HAVE_INITGROUPS - if(initgroups(cfg->username, cfg->gid) != 0) + if(initgroups(cfg->username, cfg_gid) != 0) log_warn("unable to initgroups %s: %s", cfg->username, strerror(errno)); # endif /* HAVE_INITGROUPS */ endpwent(); #ifdef HAVE_SETRESGID - if(setresgid(cfg->gid,cfg->gid,cfg->gid) != 0) + if(setresgid(cfg_gid,cfg_gid,cfg_gid) != 0) #elif defined(HAVE_SETREGID) && !defined(DARWIN_BROKEN_SETREUID) - if(setregid(cfg->gid,cfg->gid) != 0) + if(setregid(cfg_gid,cfg_gid) != 0) #else /* use setgid */ - if(setgid(cfg->gid) != 0) + if(setgid(cfg_gid) != 0) #endif /* HAVE_SETRESGID */ fatal_exit("unable to set group id of %s: %s", cfg->username, strerror(errno)); #ifdef HAVE_SETRESUID - if(setresuid(cfg->uid,cfg->uid,cfg->uid) != 0) + if(setresuid(cfg_uid,cfg_uid,cfg_uid) != 0) #elif defined(HAVE_SETREUID) && !defined(DARWIN_BROKEN_SETREUID) - if(setreuid(cfg->uid,cfg->uid) != 0) + if(setreuid(cfg_uid,cfg_uid) != 0) #else /* use setuid */ - if(setuid(cfg->uid) != 0) + if(setuid(cfg_uid) != 0) #endif /* HAVE_SETRESUID */ fatal_exit("unable to set user id of %s: %s", cfg->username, strerror(errno)); @@ -653,7 +653,8 @@ run_daemon(const char* cfgfile, int cmdline_verbose, int debug_mode) log_warn("Continuing with default config settings"); } apply_settings(daemon, cfg, cmdline_verbose, debug_mode); - config_lookup_uid(cfg); + if(!done_setup) + config_lookup_uid(cfg); /* prepare */ if(!daemon_open_shared_ports(daemon)) diff --git a/doc/Changelog b/doc/Changelog index 94b3f9411..ddbfda8bd 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -3,6 +3,8 @@ Kallweit). - Fix #645 Portability to Solaris 10, use AF_LOCAL. - Fix #646 Portability to Solaris, -lrt for getentropy_solaris. + - Fix #647 crash in 1.5.2 because pwd.db no longer accessible after + reload. 19 February 2015: Wouter - 1.5.2 release tag. diff --git a/util/config_file.c b/util/config_file.c index f4eaccf1b..5c4e897da 100644 --- a/util/config_file.c +++ b/util/config_file.c @@ -65,6 +65,11 @@ #include #endif +/** from cfg username, after daemonise setup performed */ +uid_t cfg_uid = (uid_t)-1; +/** from cfg username, after daemonise setup performed */ +gid_t cfg_gid = (gid_t)-1; + /** global config during parsing */ struct config_parser_state* cfg_parser = 0; @@ -136,8 +141,6 @@ config_create(void) goto error_exit; init_outgoing_availports(cfg->outgoing_avail_ports, 65536); if(!(cfg->username = strdup(UB_USERNAME))) goto error_exit; - cfg->uid = (uid_t)-1; - cfg->gid = (gid_t)-1; #ifdef HAVE_CHROOT if(!(cfg->chrootdir = strdup(CHROOT_DIR))) goto error_exit; #endif @@ -1210,8 +1213,8 @@ void config_lookup_uid(struct config_file* cfg) struct passwd *pwd; if((pwd = getpwnam(cfg->username)) == NULL) log_err("user '%s' does not exist.", cfg->username); - cfg->uid = pwd->pw_uid; - cfg->gid = pwd->pw_gid; + cfg_uid = pwd->pw_uid; + cfg_gid = pwd->pw_gid; } #else (void)cfg; diff --git a/util/config_file.h b/util/config_file.h index 7ffc00a02..ca512d720 100644 --- a/util/config_file.h +++ b/util/config_file.h @@ -194,8 +194,6 @@ struct config_file { char* chrootdir; /** username to change to, if not "". */ char* username; - uid_t uid; - gid_t gid; /** working directory */ char* directory; /** filename to log to. */ @@ -345,6 +343,11 @@ struct config_file { int dnstap_log_forwarder_response_messages; }; +/** from cfg username, after daemonise setup performed */ +extern uid_t cfg_uid; +/** from cfg username, after daemonise setup performed */ +extern gid_t cfg_gid; + /** * Stub config options */ @@ -429,7 +432,7 @@ void config_delete(struct config_file* config); void config_apply(struct config_file* config); /** - * Find username, sets uid and gid. + * Find username, sets cfg_uid and cfg_gid. * @param config: the config structure. */ void config_lookup_uid(struct config_file* config); -- 2.47.3