daemon.c (167357) | daemon.c (167700) |
---|---|
1/*- 2 * Copyright (c) 1999 Berkeley Software Design, Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. --- 15 unchanged lines hidden (view full) --- 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 * 28 * From BSDI: daemon.c,v 1.2 1996/08/15 01:11:09 jch Exp 29 */ 30 31#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 1999 Berkeley Software Design, Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. --- 15 unchanged lines hidden (view full) --- 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 * 28 * From BSDI: daemon.c,v 1.2 1996/08/15 01:11:09 jch Exp 29 */ 30 31#include <sys/cdefs.h> |
32__FBSDID("$FreeBSD: head/usr.sbin/daemon/daemon.c 167357 2007-03-09 09:40:23Z trhodes $"); | 32__FBSDID("$FreeBSD: head/usr.sbin/daemon/daemon.c 167700 2007-03-19 12:12:53Z trhodes $"); |
33 34#include <sys/param.h> 35 36#include <err.h> 37#include <errno.h> 38#include <pwd.h> | 33 34#include <sys/param.h> 35 36#include <err.h> 37#include <errno.h> 38#include <pwd.h> |
39#include <grp.h> | |
40#include <libutil.h> | 39#include <libutil.h> |
40#include <login_cap.h> |
|
41#include <stdio.h> 42#include <stdlib.h> 43#include <unistd.h> 44 | 41#include <stdio.h> 42#include <stdlib.h> 43#include <unistd.h> 44 |
45static void restrict_process(const char *, const char *); | 45static void restrict_process(const char *); |
46static void usage(void); 47 48int 49main(int argc, char *argv[]) 50{ 51 struct pidfh *pfh = NULL; 52 int ch, nochdir, noclose, errcode; | 46static void usage(void); 47 48int 49main(int argc, char *argv[]) 50{ 51 struct pidfh *pfh = NULL; 52 int ch, nochdir, noclose, errcode; |
53 const char *pidfile, *user, *group; | 53 const char *pidfile, *user; |
54 pid_t otherpid; 55 56 nochdir = noclose = 1; | 54 pid_t otherpid; 55 56 nochdir = noclose = 1; |
57 pidfile = user = group = NULL; 58 while ((ch = getopt(argc, argv, "-cfg:p:u:")) != -1) { | 57 pidfile = user = NULL; 58 while ((ch = getopt(argc, argv, "-cf:p:u:")) != -1) { |
59 switch (ch) { 60 case 'c': 61 nochdir = 0; 62 break; 63 case 'f': 64 noclose = 0; 65 break; | 59 switch (ch) { 60 case 'c': 61 nochdir = 0; 62 break; 63 case 'f': 64 noclose = 0; 65 break; |
66 case 'u': 67 user = optarg; 68 break; 69 case 'g': 70 group = optarg; 71 break; | |
72 case 'p': 73 pidfile = optarg; 74 break; | 66 case 'p': 67 pidfile = optarg; 68 break; |
69 case 'u': 70 user = optarg; 71 break; |
|
75 default: 76 usage(); 77 } 78 } 79 argc -= optind; 80 argv += optind; 81 82 if (argc == 0) 83 usage(); 84 | 72 default: 73 usage(); 74 } 75 } 76 argc -= optind; 77 argv += optind; 78 79 if (argc == 0) 80 usage(); 81 |
85 if (user || group) { 86 if (getuid() != 0) 87 errx(1, "only root user is allowed to chroot " 88 "and change UID/GID"); 89 restrict_process(user, group); 90 } | 82 if (user != NULL) 83 restrict_process(user); |
91 92 /* 93 * Try to open the pidfile before calling daemon(3), 94 * to be able to report the error intelligently 95 */ 96 if (pidfile) { 97 pfh = pidfile_open(pidfile, 0600, &otherpid); 98 if (pfh == NULL) { --- 22 unchanged lines hidden (view full) --- 121 if (pidfile) 122 pidfile_remove(pfh); 123 124 /* The child is now running, so the exit status doesn't matter. */ 125 errc(1, errcode, "%s", argv[0]); 126} 127 128static void | 84 85 /* 86 * Try to open the pidfile before calling daemon(3), 87 * to be able to report the error intelligently 88 */ 89 if (pidfile) { 90 pfh = pidfile_open(pidfile, 0600, &otherpid); 91 if (pfh == NULL) { --- 22 unchanged lines hidden (view full) --- 114 if (pidfile) 115 pidfile_remove(pfh); 116 117 /* The child is now running, so the exit status doesn't matter. */ 118 errc(1, errcode, "%s", argv[0]); 119} 120 121static void |
129restrict_process(const char *user, const char *group) | 122restrict_process(const char *user) |
130{ | 123{ |
131 struct group *gr = NULL; | |
132 struct passwd *pw = NULL; | 124 struct passwd *pw = NULL; |
133 errno = 0; | |
134 | 125 |
135 if (group != NULL) { 136 if (initgroups(user, gr->gr_gid) == -1) 137 errx(1, "User not in group list"); 138 if ((gr = getgrnam(group)) == NULL) 139 errx(1, "Group %s does not exist", group); 140 if (setgid(gr->gr_gid) == -1) 141 err(1, "%s", group); 142 } | 126 pw = getpwnam(user); 127 if (pw == NULL) 128 errx(1, "unknown user: %s", user); |
143 | 129 |
144 if (user != NULL) { 145 if ((pw = getpwnam(user)) == NULL) 146 errx(1, "User %s does not exist", user); 147 if (setuid(pw->pw_uid) == -1) 148 err(1, "%s", user); 149 } | 130 if (setusercontext(NULL, pw, pw->pw_uid, LOGIN_SETALL) != 0) 131 errx(1, "failed to set user environment"); |
150} 151 152static void 153usage(void) 154{ 155 (void)fprintf(stderr, | 132} 133 134static void 135usage(void) 136{ 137 (void)fprintf(stderr, |
156 "usage: daemon [-cf] [-g group] [-p pidfile] [-u user] command " | 138 "usage: daemon [-cf] [-p pidfile] [-u user] command " |
157 "arguments ...\n"); 158 exit(1); 159} | 139 "arguments ...\n"); 140 exit(1); 141} |