1bd06a3ecSMike Barcroft /*- 2bd06a3ecSMike Barcroft * Copyright (c) 1999 Berkeley Software Design, Inc. All rights reserved. 3bd06a3ecSMike Barcroft * 4bd06a3ecSMike Barcroft * Redistribution and use in source and binary forms, with or without 5bd06a3ecSMike Barcroft * modification, are permitted provided that the following conditions 6bd06a3ecSMike Barcroft * are met: 7bd06a3ecSMike Barcroft * 1. Redistributions of source code must retain the above copyright 8bd06a3ecSMike Barcroft * notice, this list of conditions and the following disclaimer. 9bd06a3ecSMike Barcroft * 2. Redistributions in binary form must reproduce the above copyright 10bd06a3ecSMike Barcroft * notice, this list of conditions and the following disclaimer in the 11bd06a3ecSMike Barcroft * documentation and/or other materials provided with the distribution. 12bd06a3ecSMike Barcroft * 3. Berkeley Software Design Inc's name may not be used to endorse or 13bd06a3ecSMike Barcroft * promote products derived from this software without specific prior 14bd06a3ecSMike Barcroft * written permission. 15bd06a3ecSMike Barcroft * 16bd06a3ecSMike Barcroft * THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN INC ``AS IS'' AND 17bd06a3ecSMike Barcroft * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18bd06a3ecSMike Barcroft * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19bd06a3ecSMike Barcroft * ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN INC BE LIABLE 20bd06a3ecSMike Barcroft * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21bd06a3ecSMike Barcroft * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22bd06a3ecSMike Barcroft * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23bd06a3ecSMike Barcroft * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24bd06a3ecSMike Barcroft * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25bd06a3ecSMike Barcroft * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26bd06a3ecSMike Barcroft * SUCH DAMAGE. 27bd06a3ecSMike Barcroft * 28bd06a3ecSMike Barcroft * From BSDI: daemon.c,v 1.2 1996/08/15 01:11:09 jch Exp 29bd06a3ecSMike Barcroft */ 30bd06a3ecSMike Barcroft 3154ede02dSPhilippe Charnier #include <sys/cdefs.h> 3254ede02dSPhilippe Charnier __FBSDID("$FreeBSD$"); 3354ede02dSPhilippe Charnier 34c6262cb6SPawel Jakub Dawidek #include <sys/param.h> 35bd06a3ecSMike Barcroft 36bd06a3ecSMike Barcroft #include <err.h> 37846be7bdSPoul-Henning Kamp #include <errno.h> 3812d7249eSTom Rhodes #include <pwd.h> 3912d7249eSTom Rhodes #include <grp.h> 40c6262cb6SPawel Jakub Dawidek #include <libutil.h> 41bd06a3ecSMike Barcroft #include <stdio.h> 42bd06a3ecSMike Barcroft #include <stdlib.h> 43bd06a3ecSMike Barcroft #include <unistd.h> 44bd06a3ecSMike Barcroft 4512d7249eSTom Rhodes static void restrict_process(const char *, const char *); 46bd06a3ecSMike Barcroft static void usage(void); 47bd06a3ecSMike Barcroft 48bd06a3ecSMike Barcroft int 49bd06a3ecSMike Barcroft main(int argc, char *argv[]) 50bd06a3ecSMike Barcroft { 51c6262cb6SPawel Jakub Dawidek struct pidfh *pfh; 52846be7bdSPoul-Henning Kamp int ch, nochdir, noclose, errcode; 5312d7249eSTom Rhodes const char *pidfile, *user, *group; 54c6262cb6SPawel Jakub Dawidek pid_t otherpid; 55bd06a3ecSMike Barcroft 56bd06a3ecSMike Barcroft nochdir = noclose = 1; 5712d7249eSTom Rhodes pidfile = user = group = NULL; 5812d7249eSTom Rhodes while ((ch = getopt(argc, argv, "-cfg:p:u:")) != -1) { 59bd06a3ecSMike Barcroft switch (ch) { 60bd06a3ecSMike Barcroft case 'c': 61bd06a3ecSMike Barcroft nochdir = 0; 62bd06a3ecSMike Barcroft break; 63bd06a3ecSMike Barcroft case 'f': 64bd06a3ecSMike Barcroft noclose = 0; 65bd06a3ecSMike Barcroft break; 6612d7249eSTom Rhodes case 'u': 6712d7249eSTom Rhodes user = optarg; 6812d7249eSTom Rhodes break; 6912d7249eSTom Rhodes case 'g': 7012d7249eSTom Rhodes group = optarg; 7112d7249eSTom Rhodes break; 72846be7bdSPoul-Henning Kamp case 'p': 73846be7bdSPoul-Henning Kamp pidfile = optarg; 74846be7bdSPoul-Henning Kamp break; 75bd06a3ecSMike Barcroft default: 76bd06a3ecSMike Barcroft usage(); 77bd06a3ecSMike Barcroft } 78bd06a3ecSMike Barcroft } 79bd06a3ecSMike Barcroft argc -= optind; 80bd06a3ecSMike Barcroft argv += optind; 81bd06a3ecSMike Barcroft 82bd06a3ecSMike Barcroft if (argc == 0) 83bd06a3ecSMike Barcroft usage(); 8412d7249eSTom Rhodes 8512d7249eSTom Rhodes if (user || group) { 8612d7249eSTom Rhodes if (getuid() != 0) 8712d7249eSTom Rhodes errx(1, "only root user is allowed to chroot " 8812d7249eSTom Rhodes "and change UID/GID"); 8912d7249eSTom Rhodes restrict_process(user, group); 9012d7249eSTom Rhodes } 9112d7249eSTom Rhodes 92846be7bdSPoul-Henning Kamp /* 93846be7bdSPoul-Henning Kamp * Try to open the pidfile before calling daemon(3), 94846be7bdSPoul-Henning Kamp * to be able to report the error intelligently 95846be7bdSPoul-Henning Kamp */ 96846be7bdSPoul-Henning Kamp if (pidfile) { 97c6262cb6SPawel Jakub Dawidek pfh = pidfile_open(pidfile, 0600, &otherpid); 98c6262cb6SPawel Jakub Dawidek if (pfh == NULL) { 99c6262cb6SPawel Jakub Dawidek if (errno == EEXIST) { 100c6262cb6SPawel Jakub Dawidek errx(3, "process already running, pid: %d", 101c6262cb6SPawel Jakub Dawidek otherpid); 102c6262cb6SPawel Jakub Dawidek } 103846be7bdSPoul-Henning Kamp err(2, "pidfile ``%s''", pidfile); 104846be7bdSPoul-Henning Kamp } 105c6262cb6SPawel Jakub Dawidek } 106846be7bdSPoul-Henning Kamp 107bd06a3ecSMike Barcroft if (daemon(nochdir, noclose) == -1) 108bd06a3ecSMike Barcroft err(1, NULL); 109846be7bdSPoul-Henning Kamp 110846be7bdSPoul-Henning Kamp /* Now that we are the child, write out the pid */ 111c6262cb6SPawel Jakub Dawidek if (pidfile) 112c6262cb6SPawel Jakub Dawidek pidfile_write(pfh); 113846be7bdSPoul-Henning Kamp 114bd06a3ecSMike Barcroft execvp(argv[0], argv); 115bd06a3ecSMike Barcroft 116846be7bdSPoul-Henning Kamp /* 117846be7bdSPoul-Henning Kamp * execvp() failed -- unlink pidfile if any, and 118846be7bdSPoul-Henning Kamp * report the error 119846be7bdSPoul-Henning Kamp */ 120846be7bdSPoul-Henning Kamp errcode = errno; /* Preserve errcode -- unlink may reset it */ 121846be7bdSPoul-Henning Kamp if (pidfile) 122c6262cb6SPawel Jakub Dawidek pidfile_remove(pfh); 123846be7bdSPoul-Henning Kamp 124bd06a3ecSMike Barcroft /* The child is now running, so the exit status doesn't matter. */ 125846be7bdSPoul-Henning Kamp errc(1, errcode, "%s", argv[0]); 126bd06a3ecSMike Barcroft } 127bd06a3ecSMike Barcroft 128bd06a3ecSMike Barcroft static void 12912d7249eSTom Rhodes restrict_process(const char *user, const char *group) 13012d7249eSTom Rhodes { 13112d7249eSTom Rhodes struct group *gr = NULL; 13212d7249eSTom Rhodes struct passwd *pw = NULL; 13312d7249eSTom Rhodes errno = 0; 13412d7249eSTom Rhodes 13512d7249eSTom Rhodes if (group != NULL) { 13612d7249eSTom Rhodes if (initgroups(user, gr->gr_gid) == -1) 13712d7249eSTom Rhodes errx(1, "User not in group list"); 13812d7249eSTom Rhodes if ((gr = getgrnam(group)) == NULL) 13912d7249eSTom Rhodes errx(1, "Group %s does not exist", group); 14012d7249eSTom Rhodes if (setgid(gr->gr_gid) == -1) 14112d7249eSTom Rhodes err(1, "%s", group); 14212d7249eSTom Rhodes } 14312d7249eSTom Rhodes 14412d7249eSTom Rhodes if (user != NULL) { 14512d7249eSTom Rhodes if ((pw = getpwnam(user)) == NULL) 14612d7249eSTom Rhodes errx(1, "User %s does not exist", user); 14712d7249eSTom Rhodes if (setuid(pw->pw_uid) == -1) 14812d7249eSTom Rhodes err(1, "%s", user); 14912d7249eSTom Rhodes } 15012d7249eSTom Rhodes } 15112d7249eSTom Rhodes 15212d7249eSTom Rhodes static void 153bd06a3ecSMike Barcroft usage(void) 154bd06a3ecSMike Barcroft { 155846be7bdSPoul-Henning Kamp (void)fprintf(stderr, 15612d7249eSTom Rhodes "usage: daemon [-cf] [-g group] [-p pidfile] [-u user] command " 15712d7249eSTom Rhodes "arguments ...\n"); 158bd06a3ecSMike Barcroft exit(1); 159bd06a3ecSMike Barcroft } 160