New "chroot" feature (from Benjamin Pineau), introducing new configuration

variables "ChrootDir" and "MotdPhrase".

6 files changed, 87 insertions, 38 deletions

diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c
index fde37b00..1ea1fe74 100644
--- a/src/ngircd/conf.c
+++ b/src/ngircd/conf.c
@@ -14,7 +14,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: conf.c,v 1.63 2004/01/17 03:17:00 alex Exp $";
+static char UNUSED id[] = "$Id: conf.c,v 1.64 2004/05/07 11:19:21 alex Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -114,6 +114,8 @@ Conf_Test( VOID )
 	printf( "  AdminInfo2 = %s\n", Conf_ServerAdmin2 );
 	printf( "  AdminEMail = %s\n", Conf_ServerAdminMail );
 	printf( "  MotdFile = %s\n", Conf_MotdFile );
+	printf( "  MotdPhrase = %s\n", Conf_MotdPhrase );
+	printf( "  ChrootDir= %s\n", Conf_Chroot );
 	printf( "  Ports = " );
 	for( i = 0; i < Conf_ListenPorts_Count; i++ )
 	{
@@ -343,6 +345,10 @@ Set_Defaults( BOOLEAN InitServers )
 	strlcpy( Conf_MotdFile, SYSCONFDIR, sizeof( Conf_MotdFile ));
 	strlcat( Conf_MotdFile, MOTD_FILE, sizeof( Conf_MotdFile ));
 
+	strlcpy( Conf_MotdPhrase, MOTD_PHRASE, sizeof( Conf_MotdPhrase ));
+
+	strlcpy( Conf_Chroot, CHROOT_DIR, sizeof( Conf_Chroot ));
+
 	Conf_ListenPorts_Count = 0;
 	strcpy( Conf_ListenAddress, "" );
 
@@ -613,6 +619,18 @@ Handle_GLOBAL( INT Line, CHAR *Var, CHAR *Arg )
 		if( strlcpy( Conf_MotdFile, Arg, sizeof( Conf_MotdFile )) >= sizeof( Conf_MotdFile )) Config_Error( LOG_WARNING, "%s, line %d: Value of \"MotdFile\" too long!", NGIRCd_ConfFile, Line );
 		return;
 	}
+	if( strcasecmp( Var, "MotdPhrase" ) == 0 )
+	{
+		/* "Message of the day" phrase (instead of file) */
+		if( strlcpy( Conf_MotdPhrase, Arg, sizeof( Conf_MotdPhrase )) >= sizeof( Conf_MotdPhrase )) Config_Error( LOG_WARNING, "%s, line %d: Value of \"MotdPhrase\" too long!", NGIRCd_ConfFile, Line );
+		return;
+	}
+	if( strcasecmp( Var, "ChrootDir" ) == 0 )
+	{
+		/* directory for chroot() */
+		if( strlcpy( Conf_Chroot, Arg, sizeof( Conf_Chroot )) >= sizeof( Conf_Chroot )) Config_Error( LOG_WARNING, "%s, line %d: Value of \"ChrootDir\" too long!", NGIRCd_ConfFile, Line );
+		return;
+	}
 	if( strcasecmp( Var, "ServerUID" ) == 0 )
 	{
 		/* UID the daemon should switch to */
diff --git a/src/ngircd/conf.h b/src/ngircd/conf.h
index b900610b..4fbf2d68 100644
--- a/src/ngircd/conf.h
+++ b/src/ngircd/conf.h
@@ -8,7 +8,7 @@
  * (at your option) any later version.
  * Please read the file COPYING, README and AUTHORS for more information.
  *
- * $Id: conf.h,v 1.28 2003/11/05 21:41:02 alex Exp $
+ * $Id: conf.h,v 1.29 2004/05/07 11:19:21 alex Exp $
  *
  * Configuration management (header)
  */
@@ -72,6 +72,9 @@ GLOBAL CHAR Conf_ServerAdminMail[CLIENT_INFO_LEN];
 /* File with MOTD text */
 GLOBAL CHAR Conf_MotdFile[FNAME_LEN];
 
+/* Phrase with MOTD text */
+GLOBAL CHAR Conf_MotdPhrase[LINE_LEN];
+
 /* Ports the server should listen on */
 GLOBAL UINT Conf_ListenPorts[MAX_LISTEN_PORTS];
 GLOBAL INT Conf_ListenPorts_Count;
@@ -83,6 +86,9 @@ GLOBAL CHAR Conf_ListenAddress[16];
 GLOBAL UINT Conf_UID;
 GLOBAL UINT Conf_GID;
 
+/* A directory to chroot() in */
+GLOBAL CHAR Conf_Chroot[FNAME_LEN];
+
 /* Timeouts for PING and PONG */
 GLOBAL INT Conf_PingTimeout;
 GLOBAL INT Conf_PongTimeout;
diff --git a/src/ngircd/defines.h b/src/ngircd/defines.h
index e351b236..34951aee 100644
--- a/src/ngircd/defines.h
+++ b/src/ngircd/defines.h
@@ -8,7 +8,7 @@
  * (at your option) any later version.
  * Please read the file COPYING, README and AUTHORS for more information.
  *
- * $Id: defines.h,v 1.45 2004/04/25 15:46:50 alex Exp $
+ * $Id: defines.h,v 1.46 2004/05/07 11:19:21 alex Exp $
  *
  * Global defines of ngIRCd.
  */
@@ -83,6 +83,8 @@
 
 #define CONFIG_FILE "/ngircd.conf"
 #define MOTD_FILE "/ngircd.motd"
+#define MOTD_PHRASE ""
+#define CHROOT_DIR ""
 
 #define ERROR_DIR "/tmp"
 
diff --git a/src/ngircd/irc-info.c b/src/ngircd/irc-info.c
index 59d04dd1..26306949 100644
--- a/src/ngircd/irc-info.c
+++ b/src/ngircd/irc-info.c
@@ -14,7 +14,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: irc-info.c,v 1.21 2004/01/17 03:17:49 alex Exp $";
+static char UNUSED id[] = "$Id: irc-info.c,v 1.22 2004/05/07 11:19:21 alex Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -773,6 +773,13 @@ IRC_Show_MOTD( CLIENT *Client )
 
 	assert( Client != NULL );
 
+	if( Conf_MotdPhrase[0] )
+	{
+		if( ! IRC_WriteStrClient( Client, RPL_MOTDSTART_MSG, Client_ID( Client ), Client_ID( Client_ThisServer( )))) return DISCONNECTED;
+		if( ! IRC_WriteStrClient( Client, RPL_MOTD_MSG, Client_ID( Client ), Conf_MotdPhrase )) return DISCONNECTED;
+		return IRC_WriteStrClient( Client, RPL_ENDOFMOTD_MSG, Client_ID( Client ));
+	}
+
 	fd = fopen( Conf_MotdFile, "r" );
 	if( ! fd )
 	{
@@ -780,7 +787,7 @@ IRC_Show_MOTD( CLIENT *Client )
 		return IRC_WriteStrClient( Client, ERR_NOMOTD_MSG, Client_ID( Client ) );
 	}
 
-	IRC_WriteStrClient( Client, RPL_MOTDSTART_MSG, Client_ID( Client ), Client_ID( Client_ThisServer( )));
+	if( ! IRC_WriteStrClient( Client, RPL_MOTDSTART_MSG, Client_ID( Client ), Client_ID( Client_ThisServer( )))) return DISCONNECTED;
 	while( TRUE )
 	{
 		if( ! fgets( line, 126, fd )) break;
diff --git a/src/ngircd/log.c b/src/ngircd/log.c
index 1c8d2c7b..cb149939 100644
--- a/src/ngircd/log.c
+++ b/src/ngircd/log.c
@@ -14,7 +14,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: log.c,v 1.44 2003/12/26 15:55:07 alex Exp $";
+static char UNUSED id[] = "$Id: log.c,v 1.45 2004/05/07 11:19:21 alex Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -85,6 +85,8 @@ Log_Init( VOID )
 	}
 #endif
 	if( Init_Txt[0] ) Log( LOG_INFO, "Activating: %s.", Init_Txt );
+
+	Error_File[0] = '\0';
 } /* Log_Init */
 
 
@@ -122,8 +124,11 @@ Log_Exit( VOID )
 	if( NGIRCd_SignalRestart ) Log( LOG_NOTICE, "%s done (restarting).", PACKAGE_NAME );
 	else Log( LOG_NOTICE, "%s done.", PACKAGE_NAME );
 
-	/* Error-File (stderr) loeschen */
-	if( unlink( Error_File ) != 0 ) Log( LOG_ERR, "Can't delete \"%s\": %s", Error_File, strerror( errno ));
+	if( Error_File[0] )
+	{
+		/* Error-File (stderr) loeschen */
+		if( unlink( Error_File ) != 0 ) Log( LOG_ERR, "Can't delete \"%s\": %s", Error_File, strerror( errno ));
+	}
 
 #ifdef SYSLOG
 	/* syslog abmelden */
diff --git a/src/ngircd/ngircd.c b/src/ngircd/ngircd.c
index 8fbdba3f..8ced6e3f 100644
--- a/src/ngircd/ngircd.c
+++ b/src/ngircd/ngircd.c
@@ -14,7 +14,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: ngircd.c,v 1.83 2004/01/19 21:54:59 alex Exp $";
+static char UNUSED id[] = "$Id: ngircd.c,v 1.84 2004/05/07 11:19:21 alex Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -228,6 +228,38 @@ main( int argc, const char *argv[] )
 	
 	while( ! NGIRCd_SignalQuit )
 	{
+		/* Initialize global variables */
+		NGIRCd_Start = time( NULL );
+		(VOID)strftime( NGIRCd_StartStr, 64, "%a %b %d %Y at %H:%M:%S (%Z)", localtime( &NGIRCd_Start ));
+
+		NGIRCd_SignalRehash = FALSE;
+		NGIRCd_SignalRestart = FALSE;
+		NGIRCd_SignalQuit = FALSE;
+
+		/* Initialize modules, part I */
+		Log_Init( );
+		Conf_Init( );
+
+		if( Conf_Chroot[0] )
+		{
+			/* Chroot */
+			if( chdir( Conf_Chroot ) != 0 ) Log( LOG_ERR, "Can't chdir() in ChrootDir (%s): %s", Conf_Chroot, strerror( errno ));
+
+			if( chroot( Conf_Chroot ) != 0 ) Log( LOG_ERR, "Can't change root directory to \"%s\": %s", Conf_Chroot, strerror( errno ));
+			else Log( LOG_INFO, "Changed root and working directory to \"%s\".", Conf_Chroot );
+		}
+
+		if( Conf_GID != 0 )
+		{
+			/* Set new group ID */
+			if( setgid( Conf_GID ) != 0 ) Log( LOG_ERR, "Can't change group ID to %u: %s", Conf_GID, strerror( errno ));
+		}
+		if( Conf_UID != 0 )
+		{
+			/* Set new user ID */
+			if( setuid( Conf_UID ) != 0 ) Log( LOG_ERR, "Can't change user ID to %u: %s", Conf_UID, strerror( errno ));
+		}
+
 		/* In der Regel wird ein Sub-Prozess ge-fork()'t, der
 		 * nicht mehr mit dem Terminal verbunden ist. Mit der
 		 * Option "--nodaemon" kann dies (z.B. zum Debuggen)
@@ -252,18 +284,10 @@ main( int argc, const char *argv[] )
 			(VOID)setsid( );
 			chdir( "/" );
 		}
-	
-		/* Globale Variablen initialisieren */
-		NGIRCd_Start = time( NULL );
-		(VOID)strftime( NGIRCd_StartStr, 64, "%a %b %d %Y at %H:%M:%S (%Z)", localtime( &NGIRCd_Start ));
-		NGIRCd_SignalRehash = FALSE;
-		NGIRCd_SignalRestart = FALSE;
-		NGIRCd_SignalQuit = FALSE;
 
-		/* Module initialisieren */
-		Log_Init( );
+		/* Initialize modules, part II: these functions are eventually
+		 * called with already dropped privileges ... */
 		Resolve_Init( );
-		Conf_Init( );
 		Lists_Init( );
 		Channel_Init( );
 		Client_Init( );
@@ -272,28 +296,15 @@ main( int argc, const char *argv[] )
 #endif
 		Conn_Init( );
 
-		/* Wenn als root ausgefuehrt und eine andere UID
-		 * konfiguriert ist, jetzt zu dieser wechseln */
-		if( getuid( ) == 0 )
-		{
-			if( Conf_GID != 0 )
-			{
-				/* Neue Group-ID setzen */
-				if( setgid( Conf_GID ) != 0 ) Log( LOG_ERR, "Can't change Group-ID to %u: %s", Conf_GID, strerror( errno ));
-			}
-			if( Conf_UID != 0 )
-			{
-				/* Neue User-ID setzen */
-				if( setuid( Conf_UID ) != 0 ) Log( LOG_ERR, "Can't change User-ID to %u: %s", Conf_UID, strerror( errno ));
-			}
-		}
-		
-		/* User, Gruppe und Prozess-ID des Daemon ausgeben */
+		/* Show user, group, and PID of the running daemon */
 		pwd = getpwuid( getuid( )); grp = getgrgid( getgid( ));
 		Log( LOG_INFO, "Running as user %s(%ld), group %s(%ld), with PID %ld.", pwd ? pwd->pw_name : "unknown", (LONG)getuid( ), grp ? grp->gr_name : "unknown", (LONG)getgid( ), (LONG)getpid( ));
 
-		/* stderr in "Error-File" umlenken */
-		Log_InitErrorfile( );
+		/* Redirect stderr handle to "error file" for debugging.
+		 * But don't try to write in the chroot jail, since it's more 
+		 * secure to have a chroot dir not writable by the daemon.
+		 */
+		if( ! Conf_Chroot[0] ) Log_InitErrorfile( );
 
 		/* Signal-Handler initialisieren */
 		Initialize_Signal_Handler( );