]> arthur.barton.de Git - ngircd-alex.git/blobdiff - src/ngircd/ngircd.c
projects / ngircd-alex.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
startup: open /dev/null before chroot
[ngircd-alex.git] / src / ngircd / ngircd.c
diff --git a/src/ngircd/ngircd.c b/src/ngircd/ngircd.c
index 5fc88c9c8c601293d5936df608c796c5423836ae..4d329d2ade1c89724bf975c98cb758f12fa310b0 100644 (file)
--- a/src/ngircd/ngircd.c
+++ b/src/ngircd/ngircd.c
@@ -1,6 +1,6 @@
 /*
  * ngIRCd -- The Next Generation IRC Daemon
- * Copyright (c)2001-2009 Alexander Barton (alex@barton.de).
+ * Copyright (c)2001-2010 Alexander Barton (alex@barton.de).
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -39,10 +39,8 @@
 #endif
 
 #include "defines.h"
-#include "resolve.h"
 #include "conn.h"
 #include "conf-ssl.h"
-#include "client.h"
 #include "channel.h"
 #include "conf.h"
 #include "lists.h"
@@ -69,7 +67,7 @@ static void Pidfile_Delete PARAMS(( void ));
 
 static void Fill_Version PARAMS(( void ));
 
-static void Setup_FDStreams PARAMS(( void ));
+static void Setup_FDStreams PARAMS(( int fd ));
 
 static bool NGIRCd_Init PARAMS(( bool ));
 
@@ -362,7 +360,6 @@ Fill_Version( void )
 #ifdef ZLIB
        if( NGIRCd_VersionAddition[0] )
                strlcat( NGIRCd_VersionAddition, "+", sizeof NGIRCd_VersionAddition );
-
        strlcat( NGIRCd_VersionAddition, "ZLIB", sizeof NGIRCd_VersionAddition );
 #endif
 #ifdef SSL_SUPPORT
@@ -372,49 +369,46 @@ Fill_Version( void )
 #ifdef TCPWRAP
        if( NGIRCd_VersionAddition[0] )
                        strlcat( NGIRCd_VersionAddition, "+", sizeof NGIRCd_VersionAddition );
-
        strlcat( NGIRCd_VersionAddition, "TCPWRAP", sizeof NGIRCd_VersionAddition );
 #endif
 #ifdef ZEROCONF
        if( NGIRCd_VersionAddition[0] )
                strlcat( NGIRCd_VersionAddition, "+", sizeof NGIRCd_VersionAddition );
-
        strlcat( NGIRCd_VersionAddition, "ZEROCONF", sizeof NGIRCd_VersionAddition );
 #endif
 #ifdef IDENTAUTH
        if( NGIRCd_VersionAddition[0] )
                strlcat( NGIRCd_VersionAddition, "+", sizeof NGIRCd_VersionAddition );
-
        strlcat( NGIRCd_VersionAddition, "IDENT", sizeof NGIRCd_VersionAddition );
 #endif
+#ifdef PAM
+       if (NGIRCd_VersionAddition[0])
+               strlcat(NGIRCd_VersionAddition, "+", sizeof NGIRCd_VersionAddition);
+       strlcat(NGIRCd_VersionAddition, "PAM", sizeof NGIRCd_VersionAddition);
+#endif
 #ifdef DEBUG
        if( NGIRCd_VersionAddition[0] )
                strlcat( NGIRCd_VersionAddition, "+", sizeof NGIRCd_VersionAddition );
-
        strlcat( NGIRCd_VersionAddition, "DEBUG", sizeof NGIRCd_VersionAddition );
 #endif
 #ifdef SNIFFER
        if( NGIRCd_VersionAddition[0] )
                strlcat( NGIRCd_VersionAddition, "+", sizeof NGIRCd_VersionAddition );
-
        strlcat( NGIRCd_VersionAddition, "SNIFFER", sizeof NGIRCd_VersionAddition );
 #endif
 #ifdef STRICT_RFC
        if( NGIRCd_VersionAddition[0] )
                strlcat( NGIRCd_VersionAddition, "+", sizeof NGIRCd_VersionAddition );
-
        strlcat( NGIRCd_VersionAddition, "RFC", sizeof NGIRCd_VersionAddition );
 #endif
 #ifdef IRCPLUS
        if( NGIRCd_VersionAddition[0] )
                strlcat( NGIRCd_VersionAddition, "+", sizeof NGIRCd_VersionAddition );
-
        strlcat( NGIRCd_VersionAddition, "IRCPLUS", sizeof NGIRCd_VersionAddition );
 #endif
 #ifdef WANT_IPV6
        if (NGIRCd_VersionAddition[0])
                strlcat(NGIRCd_VersionAddition, "+", sizeof(NGIRCd_VersionAddition));
-
        strlcat(NGIRCd_VersionAddition, "IPv6", sizeof(NGIRCd_VersionAddition));
 #endif
        if( NGIRCd_VersionAddition[0] )
@@ -562,7 +556,7 @@ static void
 Show_Version( void )
 {
        puts( NGIRCd_Version );
-       puts( "Copyright (c)2001-2009 Alexander Barton (<alex@barton.de>) and Contributors." );
+       puts( "Copyright (c)2001-2010 Alexander Barton (<alex@barton.de>) and Contributors." );
        puts( "Homepage: <http://ngircd.barton.de/>\n" );
        puts( "This is free software; see the source for copying conditions. There is NO" );
        puts( "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." );
@@ -652,27 +646,16 @@ Pidfile_Create(pid_t pid)
  * Redirect stdin, stdout and stderr to apropriate file handles.
  */
 static void
-Setup_FDStreams( void )
+Setup_FDStreams(int fd)
 {
-       int fd;
-
-       /* Test if we can open /dev/null for reading and writing. If not
-        * we are most probably chrooted already and the server has been
-        * restarted. So we simply don't try to redirect stdXXX ... */
-       fd = open( "/dev/null", O_RDWR );
-       if ( fd < 0 ) {
-               Log(LOG_WARNING, "Could not open /dev/null: %s", strerror(errno));      
+       if (fd < 0)
                return;
-       } 
 
        fflush(stdout);
        fflush(stderr);
 
        /* Create new stdin(0), stdout(1) and stderr(2) descriptors */
        dup2( fd, 0 ); dup2( fd, 1 ); dup2( fd, 2 );
-
-       /* Close newly opened file descriptor if not stdin/out/err */
-       if( fd > 2 ) close( fd );
 } /* Setup_FDStreams */
 
 
@@ -715,12 +698,19 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
        bool chrooted = false;
        struct passwd *pwd;
        struct group *grp;
-       int real_errno;
+       int real_errno, fd = -1;
        pid_t pid;
 
        if (initialized)
                return true;
 
+       if (!NGIRCd_NoDaemon) {
+               /* open /dev/null before chroot() */
+               fd = open( "/dev/null", O_RDWR);
+               if (fd < 0)
+                       Log(LOG_WARNING, "Could not open /dev/null: %s", strerror(errno));
+       }
+
        if (!ConnSSL_InitLibrary())
                Log(LOG_WARNING,
                    "Warning: Error during SSL initialization, continuing ...");
@@ -728,15 +718,14 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
        if( Conf_Chroot[0] ) {
                if( chdir( Conf_Chroot ) != 0 ) {
                        Log( LOG_ERR, "Can't chdir() in ChrootDir (%s): %s", Conf_Chroot, strerror( errno ));
-                       return false;
+                       goto out;
                }
 
                if( chroot( Conf_Chroot ) != 0 ) {
                        if (errno != EPERM) {
                                Log( LOG_ERR, "Can't change root directory to \"%s\": %s",
                                                                Conf_Chroot, strerror( errno ));
-
-                               return false;
+                               goto out;
                        }
                } else {
                        chrooted = true;
@@ -750,7 +739,7 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
                if (! NGIRCd_getNobodyID(&Conf_UID, &Conf_GID)) {
                        Log(LOG_WARNING, "Could not get user/group ID of user \"nobody\": %s",
                                        errno ? strerror(errno) : "not found" );
-                       return false;
+                       goto out;
                }
        }
 
@@ -760,7 +749,7 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
                        real_errno = errno;
                        Log( LOG_ERR, "Can't change group ID to %u: %s", Conf_GID, strerror( errno ));
                        if (real_errno != EPERM) 
-                               return false;
+                               goto out;
                }
        }
 
@@ -770,7 +759,7 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
                        real_errno = errno;
                        Log(LOG_ERR, "Can't change user ID to %u: %s", Conf_UID, strerror(errno));
                        if (real_errno != EPERM) 
-                               return false;
+                               goto out;
                }
        }
 
@@ -798,10 +787,16 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
 #else
                setpgrp(0, getpid());
 #endif
-               chdir( "/" );
+               if (chdir( "/" ) != 0)
+                       Log(LOG_ERR, "Can't change directory to '/': %s",
+                                    strerror(errno));
 
                /* Detach stdin, stdout and stderr */
-               Setup_FDStreams( );
+               Setup_FDStreams(fd);
+               if (fd > 2) {
+                       close(fd);
+                       fd = -1;
+               }
        }
        pid = getpid();
 
@@ -828,8 +823,8 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
 
        /* Change working directory to home directory of the user
         * we are running as (only when running in daemon mode and not in chroot) */
-       
-       if ( pwd ) {
+
+       if (pwd) {
                if (!NGIRCd_NoDaemon ) {
                        if( chdir( pwd->pw_dir ) == 0 ) 
                                Log( LOG_DEBUG, "Changed working directory to \"%s\" ...", pwd->pw_dir );
@@ -841,7 +836,11 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
                Log( LOG_ERR, "Can't get user informaton for UID %d!?", Conf_UID );
        }
 
-return true;
+       return true;
+ out:
+       if (fd > 2)
+               close(fd);
+       return false;
 }
 
 /* -eof- */
Alex' ngIRCd development repository