commit b1a2731277dd0939572901bf018afa7a0debdb54 Author: wouter Date: Thu Feb 5 11:12:01 2009 +0000 call initgroups. git-svn-id: http://unbound.nlnetlabs.nl/svn/trunk@1453 be551aaa-1e26-0410-a405-d3ace91eadb9 diff --git a/config.h.in b/config.h.in index 956224d..aa7ce2d 100644 --- a/config.h.in +++ b/config.h.in @@ -85,6 +85,9 @@ /* Define to 1 if you have the `gmtime_r' function. */ #undef HAVE_GMTIME_R +/* Define to 1 if you have the header file. */ +#undef HAVE_GRP_H + /* If you have HMAC_CTX_init */ #undef HAVE_HMAC_CTX_INIT @@ -97,6 +100,9 @@ /* Define to 1 if you have the `inet_pton' function. */ #undef HAVE_INET_PTON +/* Define to 1 if you have the `initgroups' function. */ +#undef HAVE_INITGROUPS + /* Define to 1 if you have the header file. */ #undef HAVE_INTTYPES_H diff --git a/configure b/configure index a823b0b..0b1f96a 100755 --- a/configure +++ b/configure @@ -19961,7 +19961,8 @@ fi -for ac_header in stdarg.h stdbool.h netinet/in.h sys/param.h sys/socket.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h + +for ac_header in stdarg.h stdbool.h netinet/in.h sys/param.h sys/socket.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h do as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` { echo "$as_me:$LINENO: checking for $ac_header" >&5 @@ -25282,7 +25283,8 @@ fi -for ac_func in tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev setresuid setreuid setresgid setregid glob + +for ac_func in tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev setresuid setreuid setresgid setregid glob initgroups do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` { echo "$as_me:$LINENO: checking for $ac_func" >&5 diff --git a/configure.ac b/configure.ac index bd000bc..48a4385 100644 --- a/configure.ac +++ b/configure.ac @@ -480,7 +480,7 @@ AC_PROG_LIBTOOL # Checks for header files. AC_HEADER_STDC -AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h sys/param.h sys/socket.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h],,, [AC_INCLUDES_DEFAULT]) +AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h sys/param.h sys/socket.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h],,, [AC_INCLUDES_DEFAULT]) # check for types AC_CHECK_TYPE(int8_t, char) @@ -854,7 +854,7 @@ AC_CHECK_GETADDRINFO_WITH_INCLUDES if test $ac_cv_func_getaddrinfo = no; then AC_LIBOBJ([fake-rfc2553]) fi -AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev setresuid setreuid setresgid setregid glob]) +AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev setresuid setreuid setresgid setregid glob initgroups]) # check if setreuid en setregid fail, on MacOSX10.4(darwin8). if echo $build_os | grep darwin8 > /dev/null; then diff --git a/daemon/unbound.c b/daemon/unbound.c index 09767a4..6c5fb6f 100644 --- a/daemon/unbound.c +++ b/daemon/unbound.c @@ -56,6 +56,9 @@ #ifdef HAVE_PWD_H #include #endif +#ifdef HAVE_GRP_H +#include +#endif #ifdef HAVE_SYS_RESOURCE_H #include @@ -451,6 +454,11 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, /* drop permissions after chroot, getpwnam, pidfile, syslog done*/ #ifdef HAVE_GETPWNAM if(cfg->username && cfg->username[0]) { +#ifdef HAVE_INITGROUPS + if(initgroups(cfg->username, gid) != 0) + log_warn("unable to initgroups %s: %s", + cfg->username, strerror(errno)); +#endif #ifdef HAVE_SETRESGID if(setresgid(gid,gid,gid) != 0) #elif defined(HAVE_SETREGID) && !defined(DARWIN_BROKEN_SETREUID)