Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/external/mpl/bind/dist/bin/named/unix/Attic/os.c,v rcsdiff: /ftp/cvs/cvsroot/src/external/mpl/bind/dist/bin/named/unix/Attic/os.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.3.2.2 retrieving revision 1.4 diff -u -p -r1.3.2.2 -r1.4 --- src/external/mpl/bind/dist/bin/named/unix/Attic/os.c 2019/06/10 22:03:00 1.3.2.2 +++ src/external/mpl/bind/dist/bin/named/unix/Attic/os.c 2020/05/24 19:46:12 1.4 @@ -1,4 +1,4 @@ -/* $NetBSD: os.c,v 1.3.2.2 2019/06/10 22:03:00 christos Exp $ */ +/* $NetBSD: os.c,v 1.4 2020/05/24 19:46:12 christos Exp $ */ /* * Copyright (C) Internet Systems Consortium, Inc. ("ISC") @@ -12,29 +12,26 @@ */ /*! \file */ - -#include #include #include - -#include /* dev_t FreeBSD 2.1 */ #include +#include /* dev_t FreeBSD 2.1 */ #ifdef HAVE_UNAME #include -#endif +#endif /* ifdef HAVE_UNAME */ #include #include -#include #include +#include #include +#include #include #include -#include #include #ifdef HAVE_TZSET #include -#endif +#endif /* ifdef HAVE_TZSET */ #include #include @@ -44,13 +41,14 @@ #include #include #include +#include #include #include #include #ifdef HAVE_LIBSCF #include -#endif +#endif /* ifdef HAVE_LIBSCF */ static char *pidfile = NULL; static char *lockfile = NULL; @@ -59,7 +57,7 @@ static int singletonfd = -1; #ifndef ISC_FACILITY #define ISC_FACILITY LOG_DAEMON -#endif +#endif /* ifndef ISC_FACILITY */ static struct passwd *runas_pw = NULL; static bool done_setuid = false; @@ -89,41 +87,48 @@ linux_setcaps(cap_t caps) { } } -#define SET_CAP(flag) \ - do { \ - cap_flag_value_t curval; \ - capval = (flag); \ - err = cap_get_flag(curcaps, capval, CAP_PERMITTED, &curval); \ - if (err != -1 && curval) { \ - err = cap_set_flag(caps, CAP_EFFECTIVE, 1, &capval, CAP_SET); \ - if (err == -1) { \ - strerror_r(errno, strbuf, sizeof(strbuf)); \ - named_main_earlyfatal("cap_set_proc failed: %s", strbuf); \ - } \ - \ - err = cap_set_flag(caps, CAP_PERMITTED, 1, &capval, CAP_SET); \ - if (err == -1) { \ - strerror_r(errno, strbuf, sizeof(strbuf)); \ - named_main_earlyfatal("cap_set_proc failed: %s", strbuf); \ - } \ - } \ +#define SET_CAP(flag) \ + do { \ + cap_flag_value_t curval; \ + capval = (flag); \ + err = cap_get_flag(curcaps, capval, CAP_PERMITTED, &curval); \ + if (err != -1 && curval) { \ + err = cap_set_flag(caps, CAP_EFFECTIVE, 1, &capval, \ + CAP_SET); \ + if (err == -1) { \ + strerror_r(errno, strbuf, sizeof(strbuf)); \ + named_main_earlyfatal("cap_set_proc failed: " \ + "%s", \ + strbuf); \ + } \ + \ + err = cap_set_flag(caps, CAP_PERMITTED, 1, &capval, \ + CAP_SET); \ + if (err == -1) { \ + strerror_r(errno, strbuf, sizeof(strbuf)); \ + named_main_earlyfatal("cap_set_proc failed: " \ + "%s", \ + strbuf); \ + } \ + } \ } while (/*CONSTCOND*/0) -#define INIT_CAP \ - do { \ - caps = cap_init(); \ - if (caps == NULL) { \ - strerror_r(errno, strbuf, sizeof(strbuf)); \ +#define INIT_CAP \ + do { \ + caps = cap_init(); \ + if (caps == NULL) { \ + strerror_r(errno, strbuf, sizeof(strbuf)); \ named_main_earlyfatal("cap_init failed: %s", strbuf); \ - } \ - curcaps = cap_get_proc(); \ - if (curcaps == NULL) { \ - strerror_r(errno, strbuf, sizeof(strbuf)); \ - named_main_earlyfatal("cap_get_proc failed: %s", strbuf); \ - } \ + } \ + curcaps = cap_get_proc(); \ + if (curcaps == NULL) { \ + strerror_r(errno, strbuf, sizeof(strbuf)); \ + named_main_earlyfatal("cap_get_proc failed: %s", \ + strbuf); \ + } \ } while (/*CONSTCOND*/0) -#define FREE_CAP \ - { \ - cap_free(caps); \ +#define FREE_CAP \ + do { \ + cap_free(caps); \ cap_free(curcaps); \ } while (/*CONSTCOND*/0) @@ -237,12 +242,13 @@ linux_keepcaps(void) { } } else { non_root_caps = true; - if (getuid() != 0) + if (getuid() != 0) { non_root = true; + } } } -#endif /* HAVE_SYS_CAPABILITY_H */ +#endif /* HAVE_SYS_CAPABILITY_H */ static void setup_syslog(const char *progname) { @@ -251,7 +257,7 @@ setup_syslog(const char *progname) { options = LOG_PID; #ifdef LOG_NDELAY options |= LOG_NDELAY; -#endif +#endif /* ifdef LOG_NDELAY */ openlog(isc_file_basename(progname), options, ISC_FACILITY); } @@ -260,10 +266,10 @@ named_os_init(const char *progname) { setup_syslog(progname); #ifdef HAVE_SYS_CAPABILITY_H linux_initialprivs(); -#endif +#endif /* ifdef HAVE_SYS_CAPABILITY_H */ #ifdef SIGXFSZ signal(SIGXFSZ, SIG_IGN); -#endif +#endif /* ifdef SIGXFSZ */ } void @@ -292,8 +298,9 @@ named_os_daemonize(void) { do { char buf; n = read(dfd[0], &buf, 1); - if (n == 1) + if (n == 1) { _exit(0); + } } while (n == -1 && errno == EINTR); _exit(1); } @@ -342,10 +349,11 @@ named_os_started(void) { * Signal to the parent that we started successfully. */ if (dfd[0] != -1 && dfd[1] != -1) { - if (write(dfd[1], &buf, 1) != 1) + if (write(dfd[1], &buf, 1) != 1) { named_main_earlyfatal("unable to signal parent that we " "otherwise started " "successfully."); + } close(dfd[1]); dfd[0] = dfd[1] = -1; } @@ -358,9 +366,9 @@ named_os_opendevnull(void) { void named_os_closedevnull(void) { - if (devnullfd != STDIN_FILENO && - devnullfd != STDOUT_FILENO && - devnullfd != STDERR_FILENO) { + if (devnullfd != STDIN_FILENO && devnullfd != STDOUT_FILENO && + devnullfd != STDERR_FILENO) + { close(devnullfd); devnullfd = -1; } @@ -368,11 +376,13 @@ named_os_closedevnull(void) { static bool all_digits(const char *s) { - if (*s == '\0') + if (*s == '\0') { return (false); + } while (*s != '\0') { - if (!isdigit((*s)&0xff)) + if (!isdigit((*s) & 0xff)) { return (false); + } s++; } return (true); @@ -383,16 +393,16 @@ named_os_chroot(const char *root) { char strbuf[ISC_STRERRORSIZE]; #ifdef HAVE_LIBSCF named_smf_chroot = 0; -#endif +#endif /* ifdef HAVE_LIBSCF */ if (root != NULL) { #ifdef HAVE_CHROOT if (chroot(root) < 0) { strerror_r(errno, strbuf, sizeof(strbuf)); named_main_earlyfatal("chroot(): %s", strbuf); } -#else +#else /* ifdef HAVE_CHROOT */ named_main_earlyfatal("chroot(): disabled"); -#endif +#endif /* ifdef HAVE_CHROOT */ if (chdir("/") < 0) { strerror_r(errno, strbuf, sizeof(strbuf)); named_main_earlyfatal("chdir(/): %s", strbuf); @@ -400,39 +410,42 @@ named_os_chroot(const char *root) { #ifdef HAVE_LIBSCF /* Set named_smf_chroot flag on successful chroot. */ named_smf_chroot = 1; -#endif +#endif /* ifdef HAVE_LIBSCF */ } } void named_os_inituserinfo(const char *username) { - char strbuf[ISC_STRERRORSIZE]; - if (username == NULL) + if (username == NULL) { return; + } - if (all_digits(username)) + if (all_digits(username)) { runas_pw = getpwuid((uid_t)atoi(username)); - else + } else { runas_pw = getpwnam(username); + } endpwent(); - if (runas_pw == NULL) + if (runas_pw == NULL) { named_main_earlyfatal("user '%s' unknown", username); + } if (getuid() == 0) { + char strbuf[ISC_STRERRORSIZE]; if (initgroups(runas_pw->pw_name, runas_pw->pw_gid) < 0) { strerror_r(errno, strbuf, sizeof(strbuf)); named_main_earlyfatal("initgroups(): %s", strbuf); } } - } void named_os_changeuser(void) { char strbuf[ISC_STRERRORSIZE]; - if (runas_pw == NULL || done_setuid) + if (runas_pw == NULL || done_setuid) { return; + } done_setuid = true; @@ -451,20 +464,21 @@ named_os_changeuser(void) { * Restore the ability of named to drop core after the setuid() * call has disabled it. */ - if (prctl(PR_SET_DUMPABLE,1,0,0,0) < 0) { + if (prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) < 0) { strerror_r(errno, strbuf, sizeof(strbuf)); named_main_earlywarning("prctl(PR_SET_DUMPABLE) failed: %s", strbuf); } linux_minprivs(); -#endif +#endif /* if defined(HAVE_SYS_CAPABILITY_H) */ } uid_t ns_os_uid(void) { - if (runas_pw == NULL) + if (runas_pw == NULL) { return (0); + } return (runas_pw->pw_uid); } @@ -481,9 +495,10 @@ named_os_adjustnofile(void) { newvalue = ISC_RESOURCE_UNLIMITED; result = isc_resource_setlimit(isc_resource_openfiles, newvalue); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) { named_main_earlywarning("couldn't adjust limit on open files"); -#endif + } +#endif /* if defined(__linux__) */ } void @@ -492,7 +507,7 @@ named_os_minprivs(void) { linux_keepcaps(); named_os_changeuser(); linux_minprivs(); -#endif +#endif /* if defined(HAVE_SYS_CAPABILITY_H) */ } static int @@ -501,19 +516,21 @@ safe_open(const char *filename, mode_t m struct stat sb; if (stat(filename, &sb) == -1) { - if (errno != ENOENT) + if (errno != ENOENT) { return (-1); + } } else if ((sb.st_mode & S_IFREG) == 0) { errno = EOPNOTSUPP; return (-1); } - if (append) - fd = open(filename, O_WRONLY|O_CREAT|O_APPEND, mode); - else { - if (unlink(filename) < 0 && errno != ENOENT) + if (append) { + fd = open(filename, O_WRONLY | O_CREAT | O_APPEND, mode); + } else { + if (unlink(filename) < 0 && errno != ENOENT) { return (-1); - fd = open(filename, O_WRONLY|O_CREAT|O_EXCL, mode); + } + fd = open(filename, O_WRONLY | O_CREAT | O_EXCL, mode); } return (fd); } @@ -523,8 +540,9 @@ cleanup_pidfile(void) { int n; if (pidfile != NULL) { n = unlink(pidfile); - if (n == -1 && errno != ENOENT) + if (n == -1 && errno != ENOENT) { named_main_earlywarning("unlink '%s': failed", pidfile); + } free(pidfile); } pidfile = NULL; @@ -539,9 +557,10 @@ cleanup_lockfile(void) { if (lockfile != NULL) { int n = unlink(lockfile); - if (n == -1 && errno != ENOENT) + if (n == -1 && errno != ENOENT) { named_main_earlywarning("unlink '%s': failed", lockfile); + } free(lockfile); lockfile = NULL; } @@ -569,20 +588,21 @@ mkdirpath(char *filename, void (*report) strbuf); goto error; } - if (mkdirpath(filename, report) == -1) + if (mkdirpath(filename, report) == -1) { goto error; + } /* * Handle "//", "/./" and "/../" in path. */ - if (!strcmp(slash + 1, "") || - !strcmp(slash + 1, ".") || - !strcmp(slash + 1, "..")) { + if (!strcmp(slash + 1, "") || !strcmp(slash + 1, ".") || + !strcmp(slash + 1, "..")) + { *slash = '/'; return (0); } - mode = S_IRUSR | S_IWUSR | S_IXUSR; /* u=rwx */ - mode |= S_IRGRP | S_IXGRP; /* g=rx */ - mode |= S_IROTH | S_IXOTH; /* o=rx */ + mode = S_IRUSR | S_IWUSR | S_IXUSR; /* u=rwx */ + mode |= S_IRGRP | S_IXGRP; /* g=rx */ + mode |= S_IROTH | S_IXOTH; /* o=rx */ if (mkdir(filename, mode) == -1) { strerror_r(errno, strbuf, sizeof(strbuf)); (*report)("couldn't mkdir '%s': %s", filename, @@ -591,7 +611,8 @@ mkdirpath(char *filename, void (*report) } if (runas_pw != NULL && chown(filename, runas_pw->pw_uid, - runas_pw->pw_gid) == -1) { + runas_pw->pw_gid) == -1) + { strerror_r(errno, strbuf, sizeof(strbuf)); (*report)("couldn't chown '%s': %s", filename, strbuf); @@ -601,22 +622,23 @@ mkdirpath(char *filename, void (*report) } return (0); - error: +error: *slash = '/'; return (-1); } +#if !HAVE_SYS_CAPABILITY_H static void setperms(uid_t uid, gid_t gid) { #if defined(HAVE_SETEGID) || defined(HAVE_SETRESGID) char strbuf[ISC_STRERRORSIZE]; -#endif +#endif /* if defined(HAVE_SETEGID) || defined(HAVE_SETRESGID) */ #if !defined(HAVE_SETEGID) && defined(HAVE_SETRESGID) gid_t oldgid, tmpg; -#endif +#endif /* if !defined(HAVE_SETEGID) && defined(HAVE_SETRESGID) */ #if !defined(HAVE_SETEUID) && defined(HAVE_SETRESUID) uid_t olduid, tmpu; -#endif +#endif /* if !defined(HAVE_SETEUID) && defined(HAVE_SETRESUID) */ #if defined(HAVE_SETEGID) if (getegid() != gid && setegid(gid) == -1) { strerror_r(errno, strbuf, sizeof(strbuf)); @@ -629,10 +651,11 @@ setperms(uid_t uid, gid_t gid) { if (setresgid(-1, gid, -1) == -1) { strerror_r(errno, strbuf, sizeof(strbuf)); named_main_earlywarning("unable to set effective " - "gid to %d: %s", gid, strbuf); + "gid to %d: %s", + gid, strbuf); } } -#endif +#endif /* if defined(HAVE_SETEGID) */ #if defined(HAVE_SETEUID) if (geteuid() != uid && seteuid(uid) == -1) { @@ -646,11 +669,13 @@ setperms(uid_t uid, gid_t gid) { if (setresuid(-1, uid, -1) == -1) { strerror_r(errno, strbuf, sizeof(strbuf)); named_main_earlywarning("unable to set effective " - "uid to %d: %s", uid, strbuf); + "uid to %d: %s", + uid, strbuf); } } -#endif +#endif /* if defined(HAVE_SETEUID) */ } +#endif /* HAVE_SYS_CAPABILITY_H */ FILE * named_os_openfile(const char *filename, mode_t mode, bool switch_user) { @@ -664,8 +689,8 @@ named_os_openfile(const char *filename, f = strdup(filename); if (f == NULL) { strerror_r(errno, strbuf, sizeof(strbuf)); - named_main_earlywarning("couldn't strdup() '%s': %s", - filename, strbuf); + named_main_earlywarning("couldn't strdup() '%s': %s", filename, + strbuf); return (NULL); } if (mkdirpath(f, named_main_earlywarning) == -1) { @@ -675,24 +700,33 @@ named_os_openfile(const char *filename, free(f); if (switch_user && runas_pw != NULL) { + uid_t olduid = getuid(); gid_t oldgid = getgid(); +#if HAVE_SYS_CAPABILITY_H + REQUIRE(olduid == runas_pw->pw_uid); + REQUIRE(oldgid == runas_pw->pw_gid); +#else /* HAVE_SYS_CAPABILITY_H */ /* Set UID/GID to the one we'll be running with eventually */ setperms(runas_pw->pw_uid, runas_pw->pw_gid); - +#endif fd = safe_open(filename, mode, false); - /* Restore UID/GID to root */ - setperms(0, oldgid); +#if !HAVE_SYS_CAPABILITY_H + /* Restore UID/GID to previous uid/gid */ + setperms(olduid, oldgid); +#endif if (fd == -1) { fd = safe_open(filename, mode, false); if (fd != -1) { named_main_earlywarning("Required root " "permissions to open " - "'%s'.", filename); + "'%s'.", + filename); } else { named_main_earlywarning("Could not open " - "'%s'.", filename); + "'%s'.", + filename); } named_main_earlywarning("Please check file and " "directory permissions " @@ -734,8 +768,9 @@ named_os_writepidfile(const char *filena cleanup_pidfile(); - if (filename == NULL) + if (filename == NULL) { return; + } pidfile = strdup(filename); if (pidfile == NULL) { @@ -744,7 +779,7 @@ named_os_writepidfile(const char *filena return; } - fh = named_os_openfile(filename, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH, + fh = named_os_openfile(filename, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH, first_time); if (fh == NULL) { cleanup_pidfile(); @@ -771,11 +806,13 @@ named_os_issingleton(const char *filenam char strbuf[ISC_STRERRORSIZE]; struct flock lock; - if (singletonfd != -1) + if (singletonfd != -1) { return (true); + } - if (strcasecmp(filename, "none") == 0) + if (strcasecmp(filename, "none") == 0) { return (true); + } /* * Make the containing directory if it doesn't exist. @@ -800,7 +837,7 @@ named_os_issingleton(const char *filenam * files. We can't use that here. */ singletonfd = open(filename, O_WRONLY | O_CREAT, - S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); + S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); if (singletonfd == -1) { cleanup_lockfile(); return (false); @@ -842,9 +879,8 @@ named_os_shutdownmsg(char *command, isc_ char *last, *ptr; pid_t pid; - /* Skip the command name. */ - if ((ptr = strtok_r(command, " \t", &last)) == NULL) { + if (strtok_r(command, " \t", &last) == NULL) { return; } @@ -865,7 +901,7 @@ void named_os_tzset(void) { #ifdef HAVE_TZSET tzset(); -#endif +#endif /* ifdef HAVE_TZSET */ } static char unamebuf[BUFSIZ]; @@ -882,18 +918,18 @@ getuname(void) { return; } - snprintf(unamebuf, sizeof(unamebuf), - "%s %s %s %s", - uts.sysname, uts.machine, uts.release, uts.version); -#else + snprintf(unamebuf, sizeof(unamebuf), "%s %s %s %s", uts.sysname, + uts.machine, uts.release, uts.version); +#else /* ifdef HAVE_UNAME */ snprintf(unamebuf, sizeof(unamebuf), "unknown architecture"); -#endif +#endif /* ifdef HAVE_UNAME */ unamep = unamebuf; } char * named_os_uname(void) { - if (unamep == NULL) + if (unamep == NULL) { getuname(); + } return (unamep); }