From f12666f2d17d4901455e5ff5894275ebdd1350a2 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Fri, 16 Nov 2018 15:49:25 +0100 Subject: [PATCH] Move the code using libcap to separate files So we don't have to link every tool against libcap. --- pdns/capabilities.cc | 49 +++++++++++++++++++++++++++++++ pdns/capabilities.hh | 24 +++++++++++++++ pdns/dnsdist.hh | 1 + pdns/dnsdistdist/Makefile.am | 1 + pdns/dnsdistdist/capabilities.cc | 1 + pdns/dnsdistdist/capabilities.hh | 1 + pdns/misc.cc | 21 ------------- pdns/misc.hh | 1 - pdns/pdns_recursor.cc | 1 + pdns/recursordist/Makefile.am | 4 +-- pdns/recursordist/capabilities.cc | 1 + pdns/recursordist/capabilities.hh | 1 + 12 files changed, 81 insertions(+), 25 deletions(-) create mode 100644 pdns/capabilities.cc create mode 100644 pdns/capabilities.hh create mode 120000 pdns/dnsdistdist/capabilities.cc create mode 120000 pdns/dnsdistdist/capabilities.hh create mode 120000 pdns/recursordist/capabilities.cc create mode 120000 pdns/recursordist/capabilities.hh diff --git a/pdns/capabilities.cc b/pdns/capabilities.cc new file mode 100644 index 0000000000..c269099a31 --- /dev/null +++ b/pdns/capabilities.cc @@ -0,0 +1,49 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "config.h" + +#include +#include + +#ifdef HAVE_LIBCAP +#include +#endif + +#include "capabilities.hh" + +void dropCapabilities() +{ +#ifdef HAVE_LIBCAP + cap_t caps = cap_get_proc(); + if (caps != nullptr) { + cap_clear(caps); + + if (cap_set_proc(caps) != 0) { + cap_free(caps); + throw std::runtime_error("Unable to drop capabilities: " + std::string(strerror(errno))); + } + + cap_free(caps); + } +#endif /* HAVE_LIBCAP */ +} diff --git a/pdns/capabilities.hh b/pdns/capabilities.hh new file mode 100644 index 0000000000..e9499f5a8d --- /dev/null +++ b/pdns/capabilities.hh @@ -0,0 +1,24 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +void dropCapabilities(); diff --git a/pdns/dnsdist.hh b/pdns/dnsdist.hh index c4ae2bac3a..e36bc323db 100644 --- a/pdns/dnsdist.hh +++ b/pdns/dnsdist.hh @@ -35,6 +35,7 @@ #include #include "bpf-filter.hh" +#include "capabilities.hh" #include "dnscrypt.hh" #include "dnsdist-cache.hh" #include "dnsdist-dynbpf.hh" diff --git a/pdns/dnsdistdist/Makefile.am b/pdns/dnsdistdist/Makefile.am index 50354ece18..9f422a86cd 100644 --- a/pdns/dnsdistdist/Makefile.am +++ b/pdns/dnsdistdist/Makefile.am @@ -87,6 +87,7 @@ dnsdist_SOURCES = \ base64.hh \ bpf-filter.cc bpf-filter.hh \ cachecleaner.hh \ + capabilities.cc capabilities.hh \ dns.cc dns.hh \ dnscrypt.cc dnscrypt.hh \ dnsdist.cc dnsdist.hh \ diff --git a/pdns/dnsdistdist/capabilities.cc b/pdns/dnsdistdist/capabilities.cc new file mode 120000 index 0000000000..1b9c432530 --- /dev/null +++ b/pdns/dnsdistdist/capabilities.cc @@ -0,0 +1 @@ +../capabilities.cc \ No newline at end of file diff --git a/pdns/dnsdistdist/capabilities.hh b/pdns/dnsdistdist/capabilities.hh new file mode 120000 index 0000000000..ea9e875af2 --- /dev/null +++ b/pdns/dnsdistdist/capabilities.hh @@ -0,0 +1 @@ +../capabilities.hh \ No newline at end of file diff --git a/pdns/misc.cc b/pdns/misc.cc index cd8842ed5d..196a4bcf48 100644 --- a/pdns/misc.cc +++ b/pdns/misc.cc @@ -65,10 +65,6 @@ # include #endif -#ifdef HAVE_LIBCAP -#include -#endif - bool g_singleThreaded; size_t writen2(int fd, const void *buf, size_t count) @@ -1453,20 +1449,3 @@ std::vector getResolvers(const std::string& resolvConfPath) return results; } - -void dropCapabilities() -{ -#ifdef HAVE_LIBCAP - cap_t caps = cap_get_proc(); - if (caps != nullptr) { - cap_clear(caps); - - if (cap_set_proc(caps) != 0) { - cap_free(caps); - throw std::runtime_error("Unable to drop capabilities: " + std::string(strerror(errno))); - } - - cap_free(caps); - } -#endif /* HAVE_LIBCAP */ -} diff --git a/pdns/misc.hh b/pdns/misc.hh index d4420dfa84..fcf3c6a51d 100644 --- a/pdns/misc.hh +++ b/pdns/misc.hh @@ -593,7 +593,6 @@ double DiffTime(const struct timespec& first, const struct timespec& second); double DiffTime(const struct timeval& first, const struct timeval& second); uid_t strToUID(const string &str); gid_t strToGID(const string &str); -void dropCapabilities(); unsigned int pdns_stou(const std::string& str, size_t * idx = 0, int base = 10); diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc index 83a0548d3c..ec619fff41 100644 --- a/pdns/pdns_recursor.cc +++ b/pdns/pdns_recursor.cc @@ -67,6 +67,7 @@ #include "malloctrace.hh" #endif #include +#include "capabilities.hh" #include "dnsparser.hh" #include "dnswriter.hh" #include "dnsrecords.hh" diff --git a/pdns/recursordist/Makefile.am b/pdns/recursordist/Makefile.am index 04b1019ffa..40056da2cb 100644 --- a/pdns/recursordist/Makefile.am +++ b/pdns/recursordist/Makefile.am @@ -93,6 +93,7 @@ pdns_recursor_SOURCES = \ base32.cc base32.hh \ base64.cc base64.hh \ cachecleaner.hh \ + capabilities.cc capabilities.hh \ comment.hh \ dns.hh dns.cc \ dns_random.hh dns_random.cc \ @@ -372,9 +373,6 @@ rec_control_SOURCES = \ rec_control.cc \ unix_utility.cc -rec_control_LDADD = \ - $(LIBCAP_LIBS) - dnslabeltext.cc: dnslabeltext.rl $(AM_V_GEN)$(RAGEL) $< -o dnslabeltext.cc diff --git a/pdns/recursordist/capabilities.cc b/pdns/recursordist/capabilities.cc new file mode 120000 index 0000000000..1b9c432530 --- /dev/null +++ b/pdns/recursordist/capabilities.cc @@ -0,0 +1 @@ +../capabilities.cc \ No newline at end of file diff --git a/pdns/recursordist/capabilities.hh b/pdns/recursordist/capabilities.hh new file mode 120000 index 0000000000..ea9e875af2 --- /dev/null +++ b/pdns/recursordist/capabilities.hh @@ -0,0 +1 @@ +../capabilities.hh \ No newline at end of file -- 2.39.2