albino
/
ngircd-tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

startup: open /dev/null before chroot 

before people had to create a /dev/null inside the chroot to make
redirection work.
This commit is contained in:
Florian Westphal 2010-08-01 00:05:07 +02:00
parent 01e40f4b55
commit a02bc9cc6f
1 changed files with 28 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
src/ngircd/ngircd.c
View File

@ -67,7 +67,7 @@ static void Pidfile_Delete PARAMS(( void ));
static void Fill_Version PARAMS(( void )); static void Fill_Version PARAMS(( void ));
static void Setup_FDStreams PARAMS(( void )); static void Setup_FDStreams PARAMS(( int fd ));
static bool NGIRCd_Init PARAMS(( bool )); static bool NGIRCd_Init PARAMS(( bool ));
@ -646,27 +646,16 @@ Pidfile_Create(pid_t pid)
* Redirect stdin, stdout and stderr to apropriate file handles. * Redirect stdin, stdout and stderr to apropriate file handles.
*/ */
static void static void
Setup_FDStreams( void ) Setup_FDStreams(int fd)
{ {
int fd; if (fd < 0)
/* Test if we can open /dev/null for reading and writing. If not
* we are most probably chrooted already and the server has been
* restarted. So we simply don't try to redirect stdXXX ... */
fd = open( "/dev/null", O_RDWR );
if ( fd < 0 ) {
Log(LOG_WARNING, "Could not open /dev/null: %s", strerror(errno));
return; return;
}
fflush(stdout); fflush(stdout);
fflush(stderr); fflush(stderr);
/* Create new stdin(0), stdout(1) and stderr(2) descriptors */ /* Create new stdin(0), stdout(1) and stderr(2) descriptors */
dup2( fd, 0 ); dup2( fd, 1 ); dup2( fd, 2 ); dup2( fd, 0 ); dup2( fd, 1 ); dup2( fd, 2 );
/* Close newly opened file descriptor if not stdin/out/err */
if( fd > 2 ) close( fd );
} /* Setup_FDStreams */ } /* Setup_FDStreams */
@ -709,12 +698,19 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
bool chrooted = false; bool chrooted = false;
struct passwd *pwd; struct passwd *pwd;
struct group *grp; struct group *grp;
int real_errno; int real_errno, fd = -1;
pid_t pid; pid_t pid;
if (initialized) if (initialized)
return true; return true;
if (!NGIRCd_NoDaemon) {
/* open /dev/null before chroot() */
fd = open( "/dev/null", O_RDWR);
if (fd < 0)
Log(LOG_WARNING, "Could not open /dev/null: %s", strerror(errno));
}
if (!ConnSSL_InitLibrary()) if (!ConnSSL_InitLibrary())
Log(LOG_WARNING, Log(LOG_WARNING,
"Warning: Error during SSL initialization, continuing ..."); "Warning: Error during SSL initialization, continuing ...");
@ -722,15 +718,14 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
if( Conf_Chroot[0] ) { if( Conf_Chroot[0] ) {
if( chdir( Conf_Chroot ) != 0 ) { if( chdir( Conf_Chroot ) != 0 ) {
Log( LOG_ERR, "Can't chdir() in ChrootDir (%s): %s", Conf_Chroot, strerror( errno )); Log( LOG_ERR, "Can't chdir() in ChrootDir (%s): %s", Conf_Chroot, strerror( errno ));
return false; goto out;
} }
if( chroot( Conf_Chroot ) != 0 ) { if( chroot( Conf_Chroot ) != 0 ) {
if (errno != EPERM) { if (errno != EPERM) {
Log( LOG_ERR, "Can't change root directory to \"%s\": %s", Log( LOG_ERR, "Can't change root directory to \"%s\": %s",
Conf_Chroot, strerror( errno )); Conf_Chroot, strerror( errno ));
goto out;
return false;
} }
} else { } else {
chrooted = true; chrooted = true;
@ -744,7 +739,7 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
if (! NGIRCd_getNobodyID(&Conf_UID, &Conf_GID)) { if (! NGIRCd_getNobodyID(&Conf_UID, &Conf_GID)) {
Log(LOG_WARNING, "Could not get user/group ID of user \"nobody\": %s", Log(LOG_WARNING, "Could not get user/group ID of user \"nobody\": %s",
errno ? strerror(errno) : "not found" ); errno ? strerror(errno) : "not found" );
return false; goto out;
} }
} }
@ -754,7 +749,7 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
real_errno = errno; real_errno = errno;
Log( LOG_ERR, "Can't change group ID to %u: %s", Conf_GID, strerror( errno )); Log( LOG_ERR, "Can't change group ID to %u: %s", Conf_GID, strerror( errno ));
if (real_errno != EPERM) if (real_errno != EPERM)
return false; goto out;
} }
} }
@ -764,7 +759,7 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
real_errno = errno; real_errno = errno;
Log(LOG_ERR, "Can't change user ID to %u: %s", Conf_UID, strerror(errno)); Log(LOG_ERR, "Can't change user ID to %u: %s", Conf_UID, strerror(errno));
if (real_errno != EPERM) if (real_errno != EPERM)
return false; goto out;
} }
} }
@ -797,7 +792,11 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
strerror(errno)); strerror(errno));
/* Detach stdin, stdout and stderr */ /* Detach stdin, stdout and stderr */
Setup_FDStreams( ); Setup_FDStreams(fd);
if (fd > 2) {
close(fd);
fd = -1;
}
} }
pid = getpid(); pid = getpid();
@ -825,7 +824,7 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
/* Change working directory to home directory of the user /* Change working directory to home directory of the user
* we are running as (only when running in daemon mode and not in chroot) */ * we are running as (only when running in daemon mode and not in chroot) */
if ( pwd ) { if (pwd) {
if (!NGIRCd_NoDaemon ) { if (!NGIRCd_NoDaemon ) {
if( chdir( pwd->pw_dir ) == 0 ) if( chdir( pwd->pw_dir ) == 0 )
Log( LOG_DEBUG, "Changed working directory to \"%s\" ...", pwd->pw_dir ); Log( LOG_DEBUG, "Changed working directory to \"%s\" ...", pwd->pw_dir );
@ -837,7 +836,11 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
Log( LOG_ERR, "Can't get user informaton for UID %d!?", Conf_UID ); Log( LOG_ERR, "Can't get user informaton for UID %d!?", Conf_UID );
} }
return true; return true;
out:
if (fd > 2)
close(fd);
return false;
} }
/* -eof- */ /* -eof- */