os.c 6.24 KB
Newer Older
Bob Halley's avatar
add    
Bob Halley committed
1
/*
Bob Halley's avatar
Bob Halley committed
2
 * Copyright (C) 1999, 2000  Internet Software Consortium.
Bob Halley's avatar
add    
Bob Halley committed
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
 * 
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 * 
 * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
 * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
 * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 * SOFTWARE.
 */

#include <config.h>

#include <sys/types.h>
Bob Halley's avatar
Bob Halley committed
21
#include <sys/stat.h>
Bob Halley's avatar
add    
Bob Halley committed
22

23
#include <ctype.h>
Bob Halley's avatar
add    
Bob Halley committed
24
25
26
27
28
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
Bob Halley's avatar
Bob Halley committed
29
#include <syslog.h>
Bob Halley's avatar
Bob Halley committed
30
#include <fcntl.h>
31
32
#include <pwd.h>
#include <grp.h>
Bob Halley's avatar
add    
Bob Halley committed
33
34

#include <isc/result.h>
35
#include <isc/boolean.h>
Bob Halley's avatar
add    
Bob Halley committed
36
37
38
39

#include <named/main.h>
#include <named/os.h>

Bob Halley's avatar
Bob Halley committed
40
41
42
43
static char *pidfile = NULL;
#ifdef HAVE_LINUXTHREADS
static pid_t mainpid = 0;
#endif
Bob Halley's avatar
add    
Bob Halley committed
44
45

#ifdef HAVE_LINUX_CAPABILITY_H
46

Bob Halley's avatar
add    
Bob Halley committed
47
48
49
50
51
52
53
54
#include <sys/syscall.h>
#include <linux/capability.h>

#ifndef SYS_capset
#define SYS_capset __NR_capset
#endif

static void
55
linux_setcaps(unsigned int caps) {
Bob Halley's avatar
add    
Bob Halley committed
56
57
58
59
60
61
62
63
64
65
66
67
68
69
	struct __user_cap_header_struct caphead;
	struct __user_cap_data_struct cap;

	if (getuid() != 0)
		return;

	memset(&caphead, 0, sizeof caphead);
	caphead.version = _LINUX_CAPABILITY_VERSION;
	caphead.pid = 0;
	memset(&cap, 0, sizeof cap);
	cap.effective = caps;
	cap.permitted = caps;
	cap.inheritable = caps;
	if (syscall(SYS_capset, &caphead, &cap) < 0)
70
		ns_main_earlyfatal("capset failed: %s", strerror(errno));
Bob Halley's avatar
add    
Bob Halley committed
71
}
72
73
74
75
76
77
78

static void
linux_initialprivs(void) {
	unsigned int caps;

	/*
	 * Drop all privileges except the abilities to bind() to privileged
Bob Halley's avatar
Bob Halley committed
79
	 * ports and chroot().
80
81
82
83
84
	 */

	caps = 0;
	caps |= (1 << CAP_NET_BIND_SERVICE);
	caps |= (1 << CAP_SYS_CHROOT);
Bob Halley's avatar
Bob Halley committed
85
86
87
88
	/*
	 * XXX  We might want to add CAP_SYS_RESOURCE, though it's not
	 *      clear it would work right given the way linuxthreads work.
	 */
89
90
91
92
93
94
95
96
97
	linux_setcaps(caps);
}

static void
linux_minprivs(void) {
	unsigned int caps;

	/*
	 * Drop all privileges except the abilities to bind() to privileged
Bob Halley's avatar
Bob Halley committed
98
	 * ports.
99
100
101
102
103
104
105
106
107
108
	 */

	caps = 0;
	caps |= (1 << CAP_NET_BIND_SERVICE);

	linux_setcaps(caps);
}

#endif	/* HAVE_LINUX_CAPABILITY_H */

Bob Halley's avatar
add    
Bob Halley committed
109

Bob Halley's avatar
Bob Halley committed
110
111
112
113
114
115
116
117
118
119
120
static void
setup_syslog(void) {
	int options;

	options = LOG_PID;
#ifdef LOG_NDELAY
	options |= LOG_NDELAY;
#endif

	openlog("named", options, LOG_DAEMON);
}
Bob Halley's avatar
add    
Bob Halley committed
121

122
void
Bob Halley's avatar
add    
Bob Halley committed
123
ns_os_init(void) {
Bob Halley's avatar
Bob Halley committed
124
	setup_syslog();
Bob Halley's avatar
add    
Bob Halley committed
125
#ifdef HAVE_LINUX_CAPABILITY_H
126
	linux_initialprivs();
Bob Halley's avatar
add    
Bob Halley committed
127
#endif
Bob Halley's avatar
Bob Halley committed
128
129
130
#ifdef HAVE_LINUXTHREADS
	mainpid = getpid();
#endif
Bob Halley's avatar
add    
Bob Halley committed
131
132
}

133
void
Bob Halley's avatar
Bob Halley committed
134
135
136
137
138
139
ns_os_daemonize(void) {
	pid_t pid;
	int fd;

	pid = fork();
	if (pid == -1)
140
		ns_main_earlyfatal("fork(): %s", strerror(errno));
Bob Halley's avatar
Bob Halley committed
141
142
143
144
145
146
147
	if (pid != 0)
                _exit(0);

	/*
	 * We're the child.
	 */

Bob Halley's avatar
Bob Halley committed
148
149
150
151
#ifdef HAVE_LINUXTHREADS
	mainpid = getpid();
#endif

Bob Halley's avatar
Bob Halley committed
152
        if (setsid() == -1)
153
		ns_main_earlyfatal("setsid(): %s", strerror(errno));
Bob Halley's avatar
Bob Halley committed
154
155
156
157
158
159
160
161
162
163

	/*
	 * Try to set stdin, stdout, and stderr to /dev/null, but press
	 * on even if it fails.
	 */
	fd = open("/dev/null", O_RDWR, 0);
	if (fd != -1) {
		(void)dup2(fd, STDIN_FILENO);
		(void)dup2(fd, STDOUT_FILENO);
		(void)dup2(fd, STDERR_FILENO);
164
165
166
167
		if (fd != STDIN_FILENO &&
		    fd != STDOUT_FILENO &&
		    fd != STDERR_FILENO)
			(void)close(fd);
Bob Halley's avatar
Bob Halley committed
168
169
170
	}
}

171
172
173
174
175
static isc_boolean_t
all_digits(const char *s) {
	if (*s == '\0')
		return (ISC_FALSE);
	while (*s != '\0') {
Mark Andrews's avatar
lint    
Mark Andrews committed
176
		if (!isdigit((*s)&0xff))
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
			return (ISC_FALSE);
		s++;
	}
	return (ISC_TRUE);
}

void
ns_os_chroot(const char *root) {
	if (root != NULL) {
		if (chroot(root) < 0)
			ns_main_earlyfatal("chroot(): %s", strerror(errno));
		if (chdir("/") < 0)
			ns_main_earlyfatal("chdir(/): %s", strerror(errno));
	}
#ifdef HAVE_LINUX_CAPABILITY_H
	/*
	 * We must drop the chroot() capability, otherwise it could be used
	 * to escape.
	 */
	linux_minprivs();
#endif
}

void
ns_os_changeuser(const char *username) {
	struct passwd *pw;

	if (username == NULL || getuid() != 0)
		return;

	if (all_digits(username))
		pw = getpwuid((uid_t)atoi(username));
	else
		pw = getpwnam(username);
	endpwent();
	if (pw == NULL)
		ns_main_earlyfatal("user '%s' unknown", username);
	if (initgroups(pw->pw_name, pw->pw_gid) < 0)
		ns_main_earlyfatal("initgroups(): %s", strerror(errno));
	if (setgid(pw->pw_gid) < 0)
		ns_main_earlyfatal("setgid(): %s", strerror(errno));
	if (setuid(pw->pw_uid) < 0)
		ns_main_earlyfatal("setuid(): %s", strerror(errno));
}
Bob Halley's avatar
Bob Halley committed
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292

static int
safe_open(const char *filename) {
        struct stat sb;

        if (stat(filename, &sb) == -1) {
                if (errno != ENOENT)
			return (-1);
        } else if ((sb.st_mode & S_IFREG) == 0)
		return (-1);

        (void)unlink(filename);
        return (open(filename, O_WRONLY|O_CREAT|O_EXCL,
		     S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH));
}

static void
cleanup_pidfile(void) {
	if (pidfile != NULL)
		(void)unlink(pidfile);
	free(pidfile);
	pidfile = NULL;
}

void
ns_os_writepidfile(const char *filename) {
        int fd;
	FILE *lockfile;
	size_t len;
	pid_t pid;

	/*
	 * The caller must ensure any required synchronization.
	 */

	cleanup_pidfile();

	len = strlen(filename);
	pidfile = malloc(len + 1);
	if (pidfile == NULL)
                ns_main_earlyfatal("couldn't malloc '%s': %s",
				   filename, strerror(errno));
	/* This is safe. */
	strcpy(pidfile, filename);

        fd = safe_open(filename);
        if (fd < 0)
                ns_main_earlyfatal("couldn't open pid file '%s': %s",
				   filename, strerror(errno));
        lockfile = fdopen(fd, "w");
        if (lockfile == NULL)
		ns_main_earlyfatal("could not fdopen() pid file '%s': %s",
				   filename, strerror(errno));
#ifdef HAVE_LINUXTHREADS
	pid = mainpid;
#else
	pid = getpid();
#endif
        if (fprintf(lockfile, "%ld\n", (long)pid) < 0)
                ns_main_earlyfatal("fprintf() to pid file '%s' failed",
				   filename);
        if (fflush(lockfile) == EOF)
                ns_main_earlyfatal("fflush() to pid file '%s' failed",
				   filename);
	(void)fclose(lockfile);
}

void
ns_os_shutdown(void) {
	closelog();
	cleanup_pidfile();
}