Package: maradns / 2.0.13-1.2

maradns_user_config.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
Author: Simon Burnet
Subject: Adding maradns_user to mararc
Forwarded: no
Last-update: 2014-03-04
--- a/parse/ParseMaraRc.c
+++ b/parse/ParseMaraRc.c
@@ -31,7 +31,7 @@
 
 /* Keywords that are non-dictionary strings in Mara's rc file */
 
-#define KEYCOUNT 55
+#define KEYCOUNT 56
 
 char *keywords[KEYCOUNT] = {
         "bind_address", /* IPv4 Addresses to bind to (old name) */
@@ -52,8 +52,10 @@
                                 changes MaraDNS' behavior as an authoritative
                                 nameserver */
         "hide_disclaimer", /* Whether to hide the disclaimer */
-        "maradns_uid",  /* UID that MaraDNS will run as */
+        "maradns_uid",  /* UID that MaraDNS will run as (optional - must be
+			   provided if maradns_user is not) */
         "maradns_gid",  /* GID that MaraDNS will run as (optional) */
+	"maradns_user", /* The user and group which MaraDNS will switch to */
         "max_ar_chain", /* Maximum number of records in a chain of
                            records in the AR section.  Note:  This has
                            to be one or round-robin rotates are disabled */
--- a/server/MaraDNS.c
+++ b/server/MaraDNS.c
@@ -34,7 +34,7 @@
 #include <string.h>
 #include <time.h>
 #ifndef MINGW32
-#include <grp.h>
+#include <pwd.h>
 #endif
 #include <fcntl.h>
 #ifdef __FreeBSD__
@@ -3697,11 +3697,11 @@
               *ipv4_bind_address = 0, *incoming = 0,
               *uncomp = 0, *verbstr = 0;
 #ifndef MINGW32
-    unsigned char chroot_zt[255];
+    unsigned char stringbuffer_zt[255];
 #ifndef __CYGWIN__
-    uid_t uid;
+    uid_t uid = 0;
 #endif
-    gid_t gid;
+    gid_t gid = 0;
 #endif
     int errorn, value, maxprocs, counter;
     int sock[514];
@@ -4223,7 +4223,26 @@
     debug_msg_level = read_numeric_kvar("debug_msg_level",1);
 
 #ifndef MINGW32
-    /* Determine if we are root */
+	/* Get the uid and gid now, because we won't be able to do it once we're chrooted */
+	if (verbstr != 0) { js_destroy(verbstr); verbstr = 0; }
+	verbstr = read_string_kvar("maradns_user");
+	if (verbstr != 0 && js_length(verbstr) > 0) {
+		struct passwd * pwd = NULL;
+		if (js_js2str(verbstr,(char *)stringbuffer_zt,200) == JS_ERROR)
+			harderror(L_BADUSER);
+		errno=0;
+		if ((pwd = getpwnam((char *)stringbuffer_zt)) == NULL) {
+			printf("Error setting uid and gid to that of '%s'. Error from getpwnam() was %d.\n", (char*)stringbuffer_zt, errno);
+			exit(1);
+		}
+#ifndef __CYGWIN__
+		uid = pwd->pw_uid;
+#endif
+		gid = pwd->pw_gid;
+	}
+	if (verbstr != 0) { js_destroy(verbstr); verbstr = 0; }
+	
+	/* Determine if we are root */
 #ifndef __CYGWIN__
     if(geteuid() == 0) {
 #endif
@@ -4235,12 +4254,12 @@
             }
         if(js_length(verbstr) <= 0)
             harderror(L_CHROOT_KVAR); /* "Problem getting chroot kvar.\nYou must have chroot_dir set if you start this as root" */
-        if(js_js2str(verbstr,(char *)chroot_zt,200) == JS_ERROR)
+        if(js_js2str(verbstr,(char *)stringbuffer_zt,200) == JS_ERROR)
             harderror(L_CHROOT_NT); /* "Problem making chroot nt string.\nMake sure the chroot directory is 200 chars or less" */
-        if(chdir((char *)chroot_zt) != 0)
+        if(chdir((char *)stringbuffer_zt) != 0)
             sys_harderror(L_CHROOT_CHANGE); /* "Problem changing to chroot dir.\nMake sure chroot_dir points to a valid directory" */
 #if ! (defined __CYGWIN__ || defined QNX)
-        if(chroot((char *)chroot_zt) != 0)
+        if(chroot((char *)stringbuffer_zt) != 0)
             sys_harderror(L_CHROOT_DO);  /* "Problem changing the root directory." */
 #endif
 
@@ -4339,7 +4358,9 @@
 #ifndef MINGW32
         /* Drop the elevated privileges */
         /* First, change the GID */
-        gid = read_numeric_kvar("maradns_gid",MARADNS_DEFAULT_GID);
+
+	if (gid == 0)
+	        gid = read_numeric_kvar("maradns_gid",MARADNS_DEFAULT_GID);
 #ifndef __CYGWIN__
         /* Drop all supplemental groups */
         setgroups(1,&gid);
@@ -4349,7 +4370,9 @@
 
 #ifndef __CYGWIN__
         /* Next, change the UID */
-        uid = read_numeric_kvar("maradns_uid",MARADNS_DEFAULT_UID);
+	if (uid == 0)
+	        uid = read_numeric_kvar("maradns_uid",MARADNS_DEFAULT_UID);
+
         if(uid < 10)
             harderror(L_BADUID); /* "maradns_uid is less than 10 or not a number.\nThis uid must have a value of 10 or more" */
         if(setuid(uid) != 0)
--- a/server/MaraDNS_en.h
+++ b/server/MaraDNS_en.h
@@ -77,3 +77,5 @@
 #define L_INVALID_TIMEOUT "timeout_seconds needs to be a number, and be greater than zero"
 #define L_TIMESTAMP "Timestamp: "
 #define L_COMPRESS_ERROR "Compression error: "
+#define L_BADUSER "Could not parse maradns_user. Perhaps the string is too long?"
+