11 #include <sys/types.h>
19 #include "appconfig.h"
21 #include "web_client.h"
22 #include "plugins_d.h"
28 char pidfile[FILENAME_MAX + 1] = "";
31 void sig_handler(int signo)
36 int become_user(const char *username)
38 struct passwd *pw = getpwnam(username);
40 error("User %s is not present.", username);
44 uid_t uid = pw->pw_uid;
45 gid_t gid = pw->pw_gid;
47 int ngroups = sysconf(_SC_NGROUPS_MAX);
48 gid_t *supplementary_groups = NULL;
50 supplementary_groups = malloc(sizeof(gid_t) * ngroups);
51 if(supplementary_groups) {
52 if(getgrouplist(username, gid, supplementary_groups, &ngroups) == -1) {
53 error("Cannot get supplementary groups of user '%s'.", username);
54 free(supplementary_groups);
55 supplementary_groups = NULL;
59 else fatal("Cannot allocate memory for %d supplementary groups", ngroups);
62 if(pidfile[0] && getuid() != uid) {
63 // we are dropping privileges
64 if(chown(pidfile, uid, gid) != 0)
65 error("Cannot chown pidfile '%s' to user '%s'", pidfile, username);
67 else if(pidfd != -1) {
68 // not need to keep it open
73 else if(pidfd != -1) {
74 // not need to keep it open
79 if(supplementary_groups && ngroups) {
80 if(setgroups(ngroups, supplementary_groups) == -1)
81 error("Cannot set supplementary groups for user '%s'", username);
83 free(supplementary_groups);
84 supplementary_groups = NULL;
88 if(setresgid(gid, gid, gid) != 0) {
89 error("Cannot switch to user's %s group (gid: %d).", username, gid);
93 if(setresuid(uid, uid, uid) != 0) {
94 error("Cannot switch to user %s (uid: %d).", username, uid);
98 if(setgid(gid) != 0) {
99 error("Cannot switch to user's %s group (gid: %d).", username, gid);
102 if(setegid(gid) != 0) {
103 error("Cannot effectively switch to user's %s group (gid: %d).", username, gid);
106 if(setuid(uid) != 0) {
107 error("Cannot switch to user %s (uid: %d).", username, uid);
110 if(seteuid(uid) != 0) {
111 error("Cannot effectively switch to user %s (uid: %d).", username, uid);
118 int become_daemon(int dont_fork, int close_all_files, const char *user, const char *input, const char *output, const char *error, const char *access, int *access_fd, FILE **access_fp)
122 // open the files before forking
123 int input_fd = -1, output_fd = -1, error_fd = -1, dev_null;
125 if(input && *input) {
126 if((input_fd = open(input, O_RDONLY, 0666)) == -1) {
127 error("Cannot open input file '%s'.", input);
132 if(output && *output) {
133 if((output_fd = open(output, O_RDWR | O_APPEND | O_CREAT, 0666)) == -1) {
134 error("Cannot open output log file '%s'", output);
135 if(input_fd != -1) close(input_fd);
140 if(error && *error) {
141 if((error_fd = open(error, O_RDWR | O_APPEND | O_CREAT, 0666)) == -1) {
142 error("Cannot open error log file '%s'.", error);
143 if(input_fd != -1) close(input_fd);
144 if(output_fd != -1) close(output_fd);
149 if(access && *access && access_fd) {
150 if((*access_fd = open(access, O_RDWR | O_APPEND | O_CREAT, 0666)) == -1) {
151 error("Cannot open access log file '%s'", access);
152 if(input_fd != -1) close(input_fd);
153 if(output_fd != -1) close(output_fd);
154 if(error_fd != -1) close(error_fd);
159 *access_fp = fdopen(*access_fd, "w");
161 error("Cannot migrate file's '%s' fd %d.", access, *access_fd);
162 if(input_fd != -1) close(input_fd);
163 if(output_fd != -1) close(output_fd);
164 if(error_fd != -1) close(error_fd);
172 if((dev_null = open("/dev/null", O_RDWR, 0666)) == -1) {
173 perror("Cannot open /dev/null");
174 if(input_fd != -1) close(input_fd);
175 if(output_fd != -1) close(output_fd);
176 if(error_fd != -1) close(error_fd);
177 if(access && access_fd && *access_fd != -1) {
194 perror("cannot fork");
198 exit(0); // the parent
201 // become session leader
203 perror("Cannot become session leader.");
212 perror("cannot fork");
216 exit(0); // the parent
220 // Set new file permissions
224 if(close_all_files) {
226 for(i = (int) (sysconf(_SC_OPEN_MAX) - 1); i > 0; i--)
228 ((access_fd && i != *access_fd) || !access_fd)
238 close(STDOUT_FILENO);
239 close(STDERR_FILENO);
242 // put the opened files
243 // to our standard file descriptors
245 if(input_fd != STDIN_FILENO) {
246 dup2(input_fd, STDIN_FILENO);
251 else dup2(dev_null, STDIN_FILENO);
253 if(output_fd != -1) {
254 if(output_fd != STDOUT_FILENO) {
255 dup2(output_fd, STDOUT_FILENO);
260 else dup2(dev_null, STDOUT_FILENO);
263 if(error_fd != STDERR_FILENO) {
264 dup2(error_fd, STDERR_FILENO);
269 else dup2(dev_null, STDERR_FILENO);
272 if(dev_null != STDIN_FILENO && dev_null != STDOUT_FILENO && dev_null != STDERR_FILENO)
275 // generate our pid file
277 pidfd = open(pidfile, O_RDWR | O_CREAT, 0644);
279 if(ftruncate(pidfd, 0) != 0)
280 error("Cannot truncate pidfile '%s'.", pidfile);
283 sprintf(b, "%d\n", getpid());
284 ssize_t i = write(pidfd, b, strlen(b));
286 error("Cannot write pidfile '%s'.", pidfile);
288 // don't close it, we might need it at exit
291 else error("Failed to open pidfile '%s'.", pidfile);
295 if(become_user(user) != 0) {
296 error("Cannot become user '%s'. Continuing as we are.", user);
298 else info("Successfully became user '%s'.", user);