use setusercontext(3).

git-svn-id: file:///svn/unbound/trunk@1474 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/config.h.in b/config.h.in
index f7351539ad6ba07a88a6f3c22f03be9a0de7162f..74632c302809a214baa7a90497663f320ec00341 100644 (file)
--- a/config.h.in
+++ b/config.h.in
@@ -188,6 +188,9 @@
 /* Define to 1 if you have the `setsid' function. */
 #undef HAVE_SETSID
 
+/* Define to 1 if you have the `setusercontext' function. */
+#undef HAVE_SETUSERCONTEXT
+
 /* Define to 1 if you have the `sigprocmask' function. */
 #undef HAVE_SIGPROCMASK
 

diff --git a/configure b/configure
index 408c09cd862e49bef9ddc25c8d34cdb810fd423d..b0ad087563fbd6e8534ced9047d6f7f43101ca6b 100755 (executable)
--- a/configure
+++ b/configure
@@ -25380,7 +25380,8 @@ fi
 
 
 
-for ac_func in tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev setresuid setreuid setresgid setregid glob initgroups daemon strftime localtime_r
+
+for ac_func in tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev setresuid setreuid setresgid setregid glob initgroups daemon strftime localtime_r setusercontext
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
 { echo "$as_me:$LINENO: checking for $ac_func" >&5

diff --git a/configure.ac b/configure.ac
index 61cdaceb6d97cdae91893457e462d51c6b010247..d359ff19bcc721dbe890ecda05a89330e88ce506 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -855,7 +855,7 @@ AC_CHECK_GETADDRINFO_WITH_INCLUDES
 if test $ac_cv_func_getaddrinfo = no; then
 AC_LIBOBJ([fake-rfc2553])
 fi
-AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev setresuid setreuid setresgid setregid glob initgroups daemon strftime localtime_r])
+AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev setresuid setreuid setresgid setregid glob initgroups daemon strftime localtime_r setusercontext])
 
 # check if setreuid en setregid fail, on MacOSX10.4(darwin8).
 if echo $build_os | grep darwin8 > /dev/null; then

diff --git a/daemon/unbound.c b/daemon/unbound.c
index 5fc3d62175c0201099770e5885c9b7f8b41a14a7..c526635c298840efe43da32cac737880920767c0 100644 (file)
--- a/daemon/unbound.c
+++ b/daemon/unbound.c
@@ -333,6 +333,7 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
        const char** cfgfile)
 {
 #ifdef HAVE_GETPWNAM
+       struct passwd *pwd = NULL;
        uid_t uid;
        gid_t gid;
        /* initialize, but not to 0 (root) */
@@ -341,12 +342,11 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
        log_assert(cfg);
 
        if(cfg->username && cfg->username[0]) {
-               struct passwd *pwd;
                if((pwd = getpwnam(cfg->username)) == NULL)
                        fatal_exit("user '%s' does not exist.", cfg->username);
                uid = pwd->pw_uid;
                gid = pwd->pw_gid;
-               endpwent();
+               /* endpwent below, in case we need pwd for setusercontext */
        }
 #endif
 
@@ -396,11 +396,11 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
                        /* delete of pidfile could potentially work,
                         * chown to get permissions */
                        if(cfg->username && cfg->username[0]) {
-                       if(chown(daemon->pidfile, uid, gid) == -1) {
+                         if(chown(daemon->pidfile, uid, gid) == -1) {
                                fatal_exit("cannot chown %u.%u %s: %s",
                                        (unsigned)uid, (unsigned)gid,
                                        daemon->pidfile, strerror(errno));
-                       }
+                         }
                        }
                }
        }
@@ -460,11 +460,22 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
        /* drop permissions after chroot, getpwnam, pidfile, syslog done*/
 #ifdef HAVE_GETPWNAM
        if(cfg->username && cfg->username[0]) {
-#ifdef HAVE_INITGROUPS
+#ifdef HAVE_SETUSERCONTEXT
+               /* setusercontext does initgroups, setuid, setgid, and
+                * also resource limits from login config, but we
+                * still call setresuid, setresgid to be sure to set all uid*/
+               if(setusercontext(NULL, pwd, uid, LOGIN_SETALL) != 0)
+                       fatal_exit("could not setusercontext %s: %s",
+                               cfg->username, strerror(errno));
+#else /* !HAVE_SETUSERCONTEXT */
+#  ifdef HAVE_INITGROUPS
                if(initgroups(cfg->username, gid) != 0)
                        log_warn("unable to initgroups %s: %s",
                                cfg->username, strerror(errno));
-#endif
+#  endif /* HAVE_INITGROUPS */
+#endif /* HAVE_SETUSERCONTEXT */
+               endpwent();
+
 #ifdef HAVE_SETRESGID
                if(setresgid(gid,gid,gid) != 0)
 #elif defined(HAVE_SETREGID) && !defined(DARWIN_BROKEN_SETREUID)
@@ -486,7 +497,7 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
                verbose(VERB_QUERY, "drop user privileges, run as %s", 
                        cfg->username);
        }
-#endif
+#endif /* HAVE_GETPWNAM */
        /* file logging inited after chroot,chdir,setuid is done so that 
         * it would succeed on SIGHUP as well */
        if(!cfg->use_syslog)

diff --git a/doc/Changelog b/doc/Changelog
index f411b699534470638170459fdf684d93c25cdf5c..849551f0ee39cf9dca410bb99f3fd2d0985890c4 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+12 February 2009: Wouter
+       - call setusercontext if available (on BSD).
+
 10 February 2009: Wouter
        - keys with rfc5011 REVOKE flag are skipped and not considered when
          validating data.