729
setperms(uid_t uid, gid_t gid) {
730
char strbuf[ISC_STRERRORSIZE];
731
#if !defined(HAVE_SETEGID) && defined(HAVE_SETRESGID)
734
#if !defined(HAVE_SETEUID) && defined(HAVE_SETRESUID)
737
#if defined(HAVE_SETEGID)
738
if (getegid() != gid && setegid(gid) == -1) {
739
isc__strerror(errno, strbuf, sizeof(strbuf));
740
ns_main_earlywarning("unable to set effective gid to %ld: %s",
743
#elif defined(HAVE_SETRESGID)
744
if (getresgid(&tmpg, &oldgid, &tmpg) == -1 || oldgid != gid) {
745
if (setresgid(-1, gid, -1) == -1) {
746
isc__strerror(errno, strbuf, sizeof(strbuf));
747
ns_main_earlywarning("unable to set effective "
748
"gid to %d: %s", gid, strbuf);
753
#if defined(HAVE_SETEUID)
754
if (geteuid() != uid && seteuid(uid) == -1) {
755
isc__strerror(errno, strbuf, sizeof(strbuf));
756
ns_main_earlywarning("unable to set effective uid to %ld: %s",
759
#elif defined(HAVE_SETRESUID)
760
if (getresuid(&tmpu, &olduid, &tmpu) == -1 || olduid != uid) {
761
if (setresuid(-1, uid, -1) == -1) {
762
isc__strerror(errno, strbuf, sizeof(strbuf));
763
ns_main_earlywarning("unable to set effective "
764
"uid to %d: %s", uid, strbuf);
771
ns_os_openfile(const char *filename, mode_t mode, isc_boolean_t switch_user) {
772
char strbuf[ISC_STRERRORSIZE], *f;
777
* Make the containing directory if it doesn't exist.
779
f = strdup(filename);
781
isc__strerror(errno, strbuf, sizeof(strbuf));
782
ns_main_earlywarning("couldn't strdup() '%s': %s",
786
if (mkdirpath(f, ns_main_earlywarning) == -1) {
792
if (switch_user && runas_pw != NULL) {
793
/* Set UID/GID to the one we'll be running with eventually */
794
setperms(runas_pw->pw_uid, runas_pw->pw_gid);
796
fd = safe_open(filename, mode, ISC_FALSE);
798
#ifndef HAVE_LINUXTHREADS
799
/* Restore UID/GID to root */
801
#endif /* HAVE_LINUXTHREADS */
804
#ifndef HAVE_LINUXTHREADS
805
fd = safe_open(filename, mode, ISC_FALSE);
807
ns_main_earlywarning("Required root "
808
"permissions to open "
811
ns_main_earlywarning("Could not open "
814
ns_main_earlywarning("Please check file and "
815
"directory permissions "
816
"or reconfigure the filename.");
817
#else /* HAVE_LINUXTHREADS */
818
ns_main_earlywarning("Could not open "
820
ns_main_earlywarning("Please check file and "
821
"directory permissions "
822
"or reconfigure the filename.");
823
#endif /* HAVE_LINUXTHREADS */
826
fd = safe_open(filename, mode, ISC_FALSE);
830
isc__strerror(errno, strbuf, sizeof(strbuf));
831
ns_main_earlywarning("could not open file '%s': %s",
836
fp = fdopen(fd, "w");
838
isc__strerror(errno, strbuf, sizeof(strbuf));
839
ns_main_earlywarning("could not fdopen() file '%s': %s",
709
847
ns_os_writepidfile(const char *filename, isc_boolean_t first_time) {
714
850
char strbuf[ISC_STRERRORSIZE];
715
851
void (*report)(const char *, ...);
725
861
if (filename == NULL)
728
len = strlen(filename);
729
pidfile = malloc(len + 1);
864
pidfile = strdup(filename);
730
865
if (pidfile == NULL) {
731
866
isc__strerror(errno, strbuf, sizeof(strbuf));
732
(*report)("couldn't malloc '%s': %s", filename, strbuf);
737
strcpy(pidfile, filename);
740
* Make the containing directory if it doesn't exist.
742
if (mkdirpath(pidfile, report) == -1) {
748
fd = safe_open(filename, ISC_FALSE);
750
isc__strerror(errno, strbuf, sizeof(strbuf));
751
(*report)("couldn't open pid file '%s': %s", filename, strbuf);
756
lockfile = fdopen(fd, "w");
867
(*report)("couldn't strdup() '%s': %s", filename, strbuf);
871
lockfile = ns_os_openfile(filename, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH,
757
873
if (lockfile == NULL) {
758
isc__strerror(errno, strbuf, sizeof(strbuf));
759
(*report)("could not fdopen() pid file '%s': %s",
762
874
cleanup_pidfile();