From 002b4478eee2ffb1a032ee2b3cafa4bce9572fa9 Mon Sep 17 00:00:00 2001 From: stskeeps Date: Sun, 17 Jun 2007 12:35:17 +0000 Subject: [PATCH] - #0003363 patched by adrianp, changing IRC_UID and IRC_GID into defines IRC_USER, IRC_GROUP which is a string specifiying what user name/ group name that should be changed into, instead of a hardcoded gid/uid. This should make it easier for packaged binary releases to work (even though this probably means Debian will take us in, ick .. Can't we pull a new fight with debian-legal again?) --- Changes | 6 ++++++ include/config.h | 23 ++++++++++++----------- src/ircd.c | 45 +++++++++++++++++++++++++++++++-------------- src/support.c | 6 ++++-- src/url.c | 13 +++++++++---- 5 files changed, 62 insertions(+), 31 deletions(-) diff --git a/Changes b/Changes index f3cebd671..8596285df 100644 --- a/Changes +++ b/Changes @@ -1781,3 +1781,9 @@ MOTDs win32 and not do ./module for it - #0001740 reported by Trocotronic, making the IRCd send ERROR : to all links with possible reason for RESTART; like /die does it. +- #0003363 patched by adrianp, changing IRC_UID and IRC_GID into + defines IRC_USER, IRC_GROUP which is a string specifiying what user name/ + group name that should be changed into, instead of a hardcoded gid/uid. + This should make it easier for packaged binary releases to work (even + though this probably means Debian will take us in, ick .. Can't we pull + a new fight with debian-legal again?) diff --git a/include/config.h b/include/config.h index d14e102b3..90d96d2c0 100644 --- a/include/config.h +++ b/include/config.h @@ -214,28 +214,29 @@ /* CHROOTDIR * * This enables running the IRCd chrooted (requires initial root privileges, - * but will be dropped to IRC_UID/IRC_GID privileges if those are defined). + * but will be dropped to IRC_USER/IRC_GROUP privileges if those are defined). * * The directory to chroot to is simply DPATH (which is set via ./Config). * (This may effect the PATH locations above, though you can symlink it) * - * Usually you only simply need to enable this, and set IRC_UID and IRC_GID, - * you don't need to create a special chroot environment.. UnrealIRCd will - * do that by itself (Unreal will create /dev/random, etc. etc.). + * Usually you only simply need to enable this, and set IRC_USER and + * IRC_GROUP, you don't need to create a special chroot environment.. + * UnrealIRCd will do that by itself (Unreal will create /dev/random, + * etc. etc.). * * Change to '#define CHROOTDIR' to enable... */ /* #define CHROOTDIR */ /* - * IRC_UID + * IRC_USER * * If you start the server as root but wish to have it run as another user, - * define IRC_UID to that UID. This should only be defined if you are running - * as root and even then perhaps not. + * define IRC_USER to that user name. This should only be defined if you + * are running as root and even then perhaps not. */ -/* #define IRC_UID */ -/* #define IRC_GID */ +/* #define IRC_USER "" */ +/* #define IRC_GROUP "" */ /* SHOW_INVISIBLE_LUSERS @@ -452,8 +453,8 @@ #define CONFIGFILE CPATH #define IRCD_PIDFILE PPATH -#if defined(CHROOTDIR) && !defined(IRC_UID) -#error "ERROR: It makes no sense to define CHROOTDIR but not IRC_UID and IRC_GID! Please define IRC_UID and IRC_GID properly as the uid/gid to change to." +#if defined(CHROOTDIR) && !defined(IRC_USER) +#error "ERROR: It makes no sense to define CHROOTDIR but not IRC_USER and IRC_GROUP! Please define IRC_USER and IRC_GROUP properly as the user/group to change to." #endif #ifdef __osf__ diff --git a/src/ircd.c b/src/ircd.c index e6af9f813..1c03b9007 100644 --- a/src/ircd.c +++ b/src/ircd.c @@ -37,6 +37,7 @@ Computing Center and Jarkko Oikarinen"; #ifndef _WIN32 #include #include +#include #include #else #include @@ -97,6 +98,10 @@ extern MODVAR aMotd *botmotd; extern MODVAR aMotd *smotd; extern MODVAR ConfigFile *conf; MODVAR MemoryInfo StatsZ; +#ifndef _WIN32 +uid_t irc_uid = 0; +gid_t irc_gid = 0; +#endif int R_do_dns, R_fin_dns, R_fin_dnsc, R_fail_dns, R_do_id, R_fin_id, R_fail_id; @@ -1015,6 +1020,8 @@ int InitwIRCD(int argc, char *argv[]) uid_t uid, euid; gid_t gid, egid; TS delay = 0; + struct passwd *pw; + struct group *gr; #endif #ifdef HAVE_PSTAT union pstun pstats; @@ -1634,7 +1641,7 @@ int InitwIRCD(int argc, char *argv[]) R_fin_id = strlen(REPORT_FIN_ID); R_fail_id = strlen(REPORT_FAIL_ID); -#if !defined(IRC_UID) && !defined(_WIN32) +#if !defined(IRC_USER) && !defined(_WIN32) if ((uid != euid) && !euid) { (void)fprintf(stderr, @@ -1643,17 +1650,27 @@ int InitwIRCD(int argc, char *argv[]) } #endif -#if defined(IRC_UID) && defined(IRC_GID) +#if defined(IRC_USER) && defined(IRC_GROUP) if ((int)getuid() == 0) { - if ((IRC_UID == 0) || (IRC_GID == 0)) - { - (void)fprintf(stderr, - "ERROR: SETUID and SETGID have not been set properly" - "\nPlease read your documentation\n(HINT: IRC_UID and IRC_GID in include/config.h can not be 0)\n"); - exit(-1); - } - else + + pw = getpwnam(IRC_USER); + gr = getgrnam(IRC_GROUP); + + if ((pw == NULL) || (gr == NULL)) { + fprintf(stderr, "ERROR: Unable to change to specified user or group: %s\n", strerror(errno)); + exit(-1); + } else { + irc_uid = pw->pw_uid; + irc_gid = gr->gr_gid; + } + + if ((irc_uid == 0) || (irc_gid == 0)) { + (void)fprintf(stderr, + "ERROR: SETUID and SETGID have not been set properly" + "\nPlease read your documentation\n(HINT: IRC_USER and IRC_GROUP in include/config.h cannot be root/wheel)\n"); + exit(-1); + } else { { /* * run as a specified user @@ -1662,17 +1679,17 @@ int InitwIRCD(int argc, char *argv[]) (void)fprintf(stderr, "WARNING: ircd invoked as root\n"); (void)fprintf(stderr, " changing to uid %d\n", - IRC_UID); + irc_uid); (void)fprintf(stderr, " changing to gid %d\n", - IRC_GID); - if (setgid(IRC_GID)) + irc_gid); + if (setgid(irc_gid)) { fprintf(stderr, "ERROR: Unable to change group: %s\n", strerror(errno)); exit(-1); } - if (setuid(IRC_UID)) + if (setuid(irc_uid)) { fprintf(stderr, "ERROR: Unable to change userid: %s\n", diff --git a/src/support.c b/src/support.c index 045923e51..b215d4ae4 100644 --- a/src/support.c +++ b/src/support.c @@ -37,6 +37,8 @@ static char sccsid[] = "@(#)support.c 2.21 4/13/94 1990, 1991 Armin Gruner;\ #ifdef _WIN32 #include #else +extern uid_t irc_uid; +extern gid_t irc_gid; #include #include #include @@ -1783,9 +1785,9 @@ int unreal_copyfile(char *src, char *dest) close(srcfd); close(destfd); unreal_setfilemodtime(dest, mtime); -#if defined(IRC_UID) && defined(IRC_GID) +#if defined(IRC_USER) && defined(IRC_GROUP) if (!loop.ircd_booted) - chown(dest, IRC_UID, IRC_GID); + chown(dest, irc_uid, irc_gid); #endif return 1; fail: diff --git a/src/url.c b/src/url.c index 814128291..fd7f4515a 100644 --- a/src/url.c +++ b/src/url.c @@ -29,6 +29,11 @@ extern char *SSLKeyPasswd; #endif +#ifndef _WIN32 +extern uid_t irc_uid; +extern gid_t irc_gid; +#endif + CURLM *multihandle; /* Stores information about the async transfer. @@ -184,9 +189,9 @@ char *download_file(char *url, char **error, char *bind_ip) curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errorbuf); res = curl_easy_perform(curl); fclose(fd); -#if defined(IRC_UID) && defined(IRC_GID) +#if defined(IRC_USER) && defined(IRC_GROUP) if (!loop.ircd_booted) - chown(tmp, IRC_UID, IRC_GID); + chown(tmp, irc_uid, irc_gid); #endif if (file) free(file); @@ -340,9 +345,9 @@ void url_do_transfers_async(void) curl_easy_getinfo(easyhand, CURLINFO_EFFECTIVE_URL, &url); curl_easy_getinfo(easyhand, CURLINFO_FILETIME, &last_mod); fclose(handle->fd); -#if defined(IRC_UID) && defined(IRC_GID) +#if defined(IRC_USER) && defined(IRC_GROUP) if (!loop.ircd_booted) - chown(handle->filename, IRC_UID, IRC_GID); + chown(handle->filename, irc_uid, irc_gid); #endif if (msg->data.result == CURLE_OK) {