diff options
| author | Peter Powell <petpow@saberuk.com> | 2019-12-08 20:39:28 +0000 |
|---|---|---|
| committer | Peter Powell <petpow@saberuk.com> | 2019-12-08 20:39:28 +0000 |
| commit | 71130d15b3393fad1d660e8ddec1f69d2118bdcd (patch) | |
| tree | 152482583da6f62921af2db40d4971b8e4eebc78 /src | |
| parent | a47e2df0ce833e06fa3e4034e64ec084a2bbb2d3 (diff) | |
Extract root dropping code to a function.
Diffstat (limited to 'src')
| -rw-r--r-- | src/inspircd.cpp | 101 |
1 files changed, 53 insertions, 48 deletions
diff --git a/src/inspircd.cpp b/src/inspircd.cpp index 8803a9e54..7dcaeb9b6 100644 --- a/src/inspircd.cpp +++ b/src/inspircd.cpp @@ -87,6 +87,56 @@ namespace delete p; } + // Drops to the unprivileged user/group specified in <security:runas{user,group}>. + void DropRoot() + { +#ifndef _WIN32 + ConfigTag* security = ServerInstance->Config->ConfValue("security"); + + const std::string SetGroup = security->getString("runasgroup"); + if (!SetGroup.empty()) + { + errno = 0; + if (setgroups(0, NULL) == -1) + { + ServerInstance->Logs->Log("STARTUP", LOG_DEFAULT, "setgroups() failed (wtf?): %s", strerror(errno)); + exit(EXIT_STATUS_CONFIG); + } + + struct group* g = getgrnam(SetGroup.c_str()); + if (!g) + { + ServerInstance->Logs->Log("STARTUP", LOG_DEFAULT, "getgrnam(%s) failed (wrong group?): %s", SetGroup.c_str(), strerror(errno)); + exit(EXIT_STATUS_CONFIG); + } + + if (setgid(g->gr_gid) == -1) + { + ServerInstance->Logs->Log("STARTUP", LOG_DEFAULT, "setgid(%d) failed (wrong group?): %s", g->gr_gid, strerror(errno)); + exit(EXIT_STATUS_CONFIG); + } + } + + const std::string SetUser = security->getString("runasuser"); + if (!SetUser.empty()) + { + errno = 0; + struct passwd* u = getpwnam(SetUser.c_str()); + if (!u) + { + ServerInstance->Logs->Log("STARTUP", LOG_DEFAULT, "getpwnam(%s) failed (wrong user?): %s", SetUser.c_str(), strerror(errno)); + exit(EXIT_STATUS_CONFIG); + } + + if (setuid(u->pw_uid) == -1) + { + ServerInstance->Logs->Log("STARTUP", LOG_DEFAULT, "setuid(%d) failed (wrong user?): %s", u->pw_uid, strerror(errno)); + exit(EXIT_STATUS_CONFIG); + } + } +#endif + } + // Seeds the random number generator if applicable. void SeedRng(timespec ts) { @@ -506,55 +556,10 @@ InspIRCd::InspIRCd(int argc, char** argv) QueryPerformanceFrequency(&stats.QPFrequency); #endif - Logs->Log("STARTUP", LOG_DEFAULT, "Startup complete as '%s'[%s], %lu max open sockets", Config->ServerName.c_str(),Config->GetSID().c_str(), SocketEngine::GetMaxFds()); - -#ifndef _WIN32 - ConfigTag* security = Config->ConfValue("security"); - - const std::string SetGroup = security->getString("runasgroup"); - if (!SetGroup.empty()) - { - errno = 0; - if (setgroups(0, NULL) == -1) - { - this->Logs->Log("STARTUP", LOG_DEFAULT, "setgroups() failed (wtf?): %s", strerror(errno)); - exit(EXIT_STATUS_CONFIG); - } - - struct group* g = getgrnam(SetGroup.c_str()); - if (!g) - { - this->Logs->Log("STARTUP", LOG_DEFAULT, "getgrnam(%s) failed (wrong group?): %s", SetGroup.c_str(), strerror(errno)); - exit(EXIT_STATUS_CONFIG); - } - - if (setgid(g->gr_gid) == -1) - { - this->Logs->Log("STARTUP", LOG_DEFAULT, "setgid(%d) failed (wrong group?): %s", g->gr_gid, strerror(errno)); - exit(EXIT_STATUS_CONFIG); - } - } - - const std::string SetUser = security->getString("runasuser"); - if (!SetUser.empty()) - { - errno = 0; - struct passwd* u = getpwnam(SetUser.c_str()); - if (!u) - { - this->Logs->Log("STARTUP", LOG_DEFAULT, "getpwnam(%s) failed (wrong user?): %s", SetUser.c_str(), strerror(errno)); - exit(EXIT_STATUS_CONFIG); - } + WritePID(Config->PID); + DropRoot(); - if (setuid(u->pw_uid) == -1) - { - this->Logs->Log("STARTUP", LOG_DEFAULT, "setuid(%d) failed (wrong user?): %s", u->pw_uid, strerror(errno)); - exit(EXIT_STATUS_CONFIG); - } - } - - this->WritePID(Config->PID); -#endif + Logs->Log("STARTUP", LOG_DEFAULT, "Startup complete as '%s'[%s], %lu max open sockets", Config->ServerName.c_str(),Config->GetSID().c_str(), SocketEngine::GetMaxFds()); } void InspIRCd::UpdateTime() |