2629. [port] Check for seteuid()/setegid(), use setresuid()/

			setresgid() if not present. [RT #19932]

CHANGES

+2629.	[port]		Check for seteuid()/setegid(), use setresuid()/
+			setresgid() if not present. [RT #19932]
+			
 2628.	[port]		linux: Allow /var/run/named/named.pid to be opened 
 			at startup with reduced capabilities in operation.
 			[RT #19884]

bin/named/unix/os.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: os.c,v 1.96 2009/07/14 05:15:00 marka Exp $ */
+/* $Id: os.c,v 1.97 2009/07/14 22:38:38 each Exp $ */
 
 /*! \file */
 
@@ -718,6 +718,34 @@ mkdirpath(char *filename, void (*report)(const char *, ...)) {
 	return (-1);
 }
 
+static void
+setperms(uid_t uid, gid_t gid, void (*report)(const char *, ...)) {
+	char strbuf[ISC_STRERRORSIZE];
+#if defined(HAVE_SETEGID)
+        if (setegid(gid) == -1) {
+                isc__strerror(errno, strbuf, sizeof(strbuf));
+                (*report)("unable to set effective gid: %s", strbuf);
+        }
+#elif defined(HAVE_SETRESGID)
+        if (setresgid(-1, gid, -1) == -1) {
+                isc__strerror(errno, strbuf, sizeof(strbuf));
+                (*report)("unable to set effective gid: %s", strbuf);
+        }
+#endif
+
+#if defined(HAVE_SETEUID)
+        if (seteuid(uid) == -1) {
+                isc__strerror(errno, strbuf, sizeof(strbuf));
+                (*report)("unable to set effective uid: %s", strbuf);
+        }
+#elif defined(HAVE_SETRESUID)
+        if (setresuid(-1, uid, -1) == -1) {
+                isc__strerror(errno, strbuf, sizeof(strbuf));
+                (*report)("unable to set effective uid: %s", strbuf);
+        }
+#endif
+}
+
 void
 ns_os_writepidfile(const char *filename, isc_boolean_t first_time) {
 	int fd;
@@ -763,29 +791,10 @@ ns_os_writepidfile(const char *filename, isc_boolean_t first_time) {
 		 * Open the file using the uid/gid pair we will eventually
 		 * be running as.
 		 */
-		if (setegid(runas_pw->pw_gid) == -1) {
-			isc__strerror(errno, strbuf, sizeof(strbuf));
-			(*report)("unable to set effective gid: %s", strbuf);
-			/* NOTREACHED */
-		}
-		if (seteuid(runas_pw->pw_uid) == -1) {
-			isc__strerror(errno, strbuf, sizeof(strbuf));
-			(*report)("unable to set effective uid: %s", strbuf);
-			/* NOTREACHED */
-		}
+                setperms(runas_pw->pw_uid, runas_pw->pw_gid, report);
 		fd = safe_open(filename, ISC_FALSE);
-		if  (seteuid(0) == -1) {
-			isc__strerror(errno, strbuf, sizeof(strbuf));
-			(*report)("unable to restore effective uid: %s",
-				  strbuf);
-			/* NOTREACHED */
-		}
-		if (setegid(0) == -1) {
-			isc__strerror(errno, strbuf, sizeof(strbuf));
-			(*report)("unable to restore effective gid: %s",
-				  strbuf);
-			/* NOTREACHED */
-		}
+                setperms(0, 0, report);
+
 		if (fd == -1) {
 			/*
 			 * Backwards compatibility.

config.h.in

@@ -16,7 +16,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: config.h.in,v 1.115 2009/06/10 02:23:42 marka Exp $ */
+/* $Id: config.h.in,v 1.117 2009/08/13 01:51:19 marka Exp $ */
 
 /*! \file */
 
@@ -220,9 +220,21 @@ int sigwait(const unsigned int *set, int *sig);
 /* Define to 1 if you have the <regex.h> header file. */
 #undef HAVE_REGEX_H
 
+/* Define to 1 if you have the `setegid' function. */
+#undef HAVE_SETEGID
+
+/* Define to 1 if you have the `seteuid' function. */
+#undef HAVE_SETEUID
+
 /* Define to 1 if you have the `setlocale' function. */
 #undef HAVE_SETLOCALE
 
+/* Define to 1 if you have the `setresgid' function. */
+#undef HAVE_SETRESGID
+
+/* Define to 1 if you have the `setresuid' function. */
+#undef HAVE_SETRESUID
+
 /* Define to 1 if you have the <stdint.h> header file. */
 #undef HAVE_STDINT_H
 

configure

@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 #
-# $Id: configure,v 1.457 2009/06/30 02:53:46 each Exp $
+# $Id: configure,v 1.458 2009/07/14 22:39:30 each Exp $
 #
 # Portions Copyright (C) 1996-2001  Nominum, Inc.
 #
@@ -29,7 +29,7 @@
 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
 # OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-# From configure.in Revision: 1.471 .
+# From configure.in Revision: 1.472 .
 # Guess values for system-dependent variables and create Makefiles.
 # Generated by GNU Autoconf 2.61.
 #
@@ -20920,6 +20920,200 @@ _ACEOF
 fi
 
 
+#
+# Older versions of HP/UX don't define seteuid() and setegid()
+#
+
+
+for ac_func in seteuid setresuid
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
+  eval "$as_ac_var=yes"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+      conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+
+for ac_func in setegid setresgid
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
+  eval "$as_ac_var=yes"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+      conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
 #
 # UnixWare 7.1.1 with the feature supplement to the UDK compiler
 # is reported to not support "static inline" (RT #1212).

configure.in

@@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl
 esyscmd([sed "s/^/# /" COPYRIGHT])dnl
 AC_DIVERT_POP()dnl
 
-AC_REVISION($Revision: 1.471 $)
+AC_REVISION($Revision: 1.472 $)
 
 AC_INIT(lib/dns/name.c)
 AC_PREREQ(2.59)
@@ -282,6 +282,12 @@ AC_C_INLINE
 AC_C_VOLATILE
 AC_CHECK_FUNC(sysctlbyname, AC_DEFINE(HAVE_SYSCTLBYNAME))
 
+#
+# Older versions of HP/UX don't define seteuid() and setegid()
+#
+AC_CHECK_FUNCS(seteuid setresuid)
+AC_CHECK_FUNCS(setegid setresgid)
+
 #
 # UnixWare 7.1.1 with the feature supplement to the UDK compiler
 # is reported to not support "static inline" (RT #1212).