11 #include <sys/types.h>
19 #include "appconfig.h"
21 #include "web_client.h"
22 #include "plugins_d.h"
28 char pidfile[FILENAME_MAX + 1] = "";
31 void sig_handler(int signo)
37 int become_user(const char *username, int access_fd, int output_fd, int error_fd, int pid_fd)
39 struct passwd *pw = getpwnam(username);
41 error("User %s is not present.", username);
45 uid_t uid = pw->pw_uid;
46 gid_t gid = pw->pw_gid;
48 int ngroups = sysconf(_SC_NGROUPS_MAX);
49 gid_t *supplementary_groups = NULL;
51 supplementary_groups = malloc(sizeof(gid_t) * ngroups);
52 if(supplementary_groups) {
53 if(getgrouplist(username, gid, supplementary_groups, &ngroups) == -1) {
54 error("Cannot get supplementary groups of user '%s'.", username);
55 free(supplementary_groups);
56 supplementary_groups = NULL;
60 else fatal("Cannot allocate memory for %d supplementary groups", ngroups);
63 if(getuid() != uid || getgid() != gid) {
64 if (access_fd != -1) {
65 if (fchown(access_fd, uid, gid) == -1)
66 error("Cannot set the ownership of access log file.");
69 if (output_fd != -1) {
70 if (fchown(output_fd, uid, gid) == -1)
71 error("Cannot set the ownership of output log file.");
75 if (fchown(error_fd, uid, gid) == -1)
76 error("Cannot set the ownership of error log file.");
80 if(fchown(pid_fd, uid, gid) != 0)
81 error("Cannot set the ownership of pid file.");
85 if(supplementary_groups && ngroups) {
86 if(setgroups(ngroups, supplementary_groups) == -1)
87 error("Cannot set supplementary groups for user '%s'", username);
89 free(supplementary_groups);
90 supplementary_groups = NULL;
94 if(setresgid(gid, gid, gid) != 0) {
95 error("Cannot switch to user's %s group (gid: %d).", username, gid);
99 if(setresuid(uid, uid, uid) != 0) {
100 error("Cannot switch to user %s (uid: %d).", username, uid);
104 if(setgid(gid) != 0) {
105 error("Cannot switch to user's %s group (gid: %d).", username, gid);
108 if(setegid(gid) != 0) {
109 error("Cannot effectively switch to user's %s group (gid: %d).", username, gid);
112 if(setuid(uid) != 0) {
113 error("Cannot switch to user %s (uid: %d).", username, uid);
116 if(seteuid(uid) != 0) {
117 error("Cannot effectively switch to user %s (uid: %d).", username, uid);
124 int become_daemon(int dont_fork, int close_all_files, const char *user, const char *input, const char *output, const char *error, const char *access, int *access_fd, FILE **access_fp)
128 // open the files before forking
129 int input_fd = -1, output_fd = -1, error_fd = -1, dev_null;
131 if(input && *input) {
132 if((input_fd = open(input, O_RDONLY, 0666)) == -1) {
133 error("Cannot open input file '%s'.", input);
138 if(output && *output && strcmp(output, "/dev/null") != 0) {
139 if((output_fd = open(output, O_RDWR | O_APPEND | O_CREAT, 0666)) == -1) {
140 error("Cannot open output log file '%s'", output);
141 if(input_fd != -1) close(input_fd);
146 if(error && *error && strcmp(error, "/dev/null") != 0) {
147 if((error_fd = open(error, O_RDWR | O_APPEND | O_CREAT, 0666)) == -1) {
148 error("Cannot open error log file '%s'.", error);
149 if(input_fd != -1) close(input_fd);
150 if(output_fd != -1) close(output_fd);
155 if(access && *access && access_fd && strcmp(access, "/dev/null") != 0) {
156 if((*access_fd = open(access, O_RDWR | O_APPEND | O_CREAT, 0666)) == -1) {
157 error("Cannot open access log file '%s'", access);
158 if(input_fd != -1) close(input_fd);
159 if(output_fd != -1) close(output_fd);
160 if(error_fd != -1) close(error_fd);
165 *access_fp = fdopen(*access_fd, "w");
167 error("Cannot migrate file's '%s' fd %d.", access, *access_fd);
168 if(input_fd != -1) close(input_fd);
169 if(output_fd != -1) close(output_fd);
170 if(error_fd != -1) close(error_fd);
175 if(setvbuf(*access_fp, NULL, _IOLBF, 0) != 0)
176 error("Cannot set line buffering on access.log");
180 if((dev_null = open("/dev/null", O_RDWR, 0666)) == -1) {
181 perror("Cannot open /dev/null");
182 if(input_fd != -1) close(input_fd);
183 if(output_fd != -1) close(output_fd);
184 if(error_fd != -1) close(error_fd);
185 if(access && access_fd && *access_fd != -1) {
202 perror("cannot fork");
206 exit(0); // the parent
209 // become session leader
211 perror("Cannot become session leader.");
220 perror("cannot fork");
224 exit(0); // the parent
228 // Set new file permissions
232 if(close_all_files) {
234 for(i = (int) (sysconf(_SC_OPEN_MAX) - 1); i > 0; i--)
236 ((access_fd && i != *access_fd) || !access_fd)
246 close(STDOUT_FILENO);
247 close(STDERR_FILENO);
250 // put the opened files
251 // to our standard file descriptors
253 if(input_fd != STDIN_FILENO) {
254 dup2(input_fd, STDIN_FILENO);
259 else dup2(dev_null, STDIN_FILENO);
261 if(output_fd != -1) {
262 if(output_fd != STDOUT_FILENO) {
263 dup2(output_fd, STDOUT_FILENO);
267 if(setvbuf(stdout, NULL, _IOLBF, 0) != 0)
268 error("Cannot set line buffering on debug.log");
270 output_fd = STDOUT_FILENO;
272 else dup2(dev_null, STDOUT_FILENO);
275 if(error_fd != STDERR_FILENO) {
276 dup2(error_fd, STDERR_FILENO);
280 if(setvbuf(stderr, NULL, _IOLBF, 0) != 0)
281 error("Cannot set line buffering on error.log");
283 error_fd = STDERR_FILENO;
285 else dup2(dev_null, STDERR_FILENO);
288 if(dev_null != STDIN_FILENO && dev_null != STDOUT_FILENO && dev_null != STDERR_FILENO)
291 // generate our pid file
294 pidfd = open(pidfile, O_RDWR | O_CREAT, 0644);
296 if(ftruncate(pidfd, 0) != 0)
297 error("Cannot truncate pidfile '%s'.", pidfile);
300 sprintf(b, "%d\n", getpid());
301 ssize_t i = write(pidfd, b, strlen(b));
303 error("Cannot write pidfile '%s'.", pidfile);
305 else error("Failed to open pidfile '%s'.", pidfile);
309 if(become_user(user, (*access_fd)?*access_fd:-1, output_fd, error_fd, pidfd) != 0) {
310 error("Cannot become user '%s'. Continuing as we are.", user);
312 else info("Successfully became user '%s'.", user);