Attachment #54121 for bug #64700




 *
 * Modified for Gentoo rc-scripts by Donny Davies <woodchip@gentoo.org>:
 *   I removed the BSD/Hurd/OtherOS stuff, added #include <stddef.h>
 *   and stuck in a #define VERSION "1.9.18".  Now it compiles without
 *   the whole automake/config.h dance.
 *
 * Updated by Aron Griffis <agriffis@gentoo.org>:
 *   Fetched updates from Debian's dpkg-1.10.20, including fix for
 *   Gentoo bug 22686 (start-stop-daemon in baselayout doesn't allow
 *   altered nicelevel).
 *
 * Updated by Scott Dial <scott@scottdial.com>:
 *   Provides PAM support, Gentoo bug 64700 (start-stop-daemon doesn't use pam)
 *
 */

#define VERSION "1.10.20"
#include <stddef.h>

#define NONRETURNPRINTFFORMAT(x, y) \
	__attribute__((noreturn, format(printf, x, y)))
#define NONRETURNING \
	__attribute__((noreturn))


#include <pwd.h>
#include <grp.h>
#include <sys/ioctl.h>
#include <sys/types.h>
#include <sys/termios.h>
#include <fcntl.h>
#include <limits.h>
#include <assert.h>
#include <ctype.h>

#ifdef USE_PAM
#	include <security/pam_appl.h>
#	include <security/pam_misc.h>
#endif

#ifdef HAVE_ERROR_H
#  include <error.h>
#endif
#ifdef HURD_IHASH_H
  #include <hurd/ihash.h>
#endif

static int testmode = 0;
static int quietmode = 0;
static int exitnodo = 1;

"  start-stop-daemon -K|--stop options ...\n"
"  start-stop-daemon -H|--help\n"
"  start-stop-daemon -V|--version\n"
"\n"
"Options (at least one of --exec|--pidfile|--user is required):\n"
"  -x|--exec <executable>        program to start/check if it is running\n"
"  -p|--pidfile <pid-file>       pid file to check\n"
"  -c|--chuid <name|uid[:group|gid]>\n"
"  		change to this user/group before starting process\n"
"  -u|--user <username>|<uid>    stop processes owned by this user\n"
"		user for PAM session\n"
"  -g|--group <group|gid>        run process as this group\n"
"  -n|--name <process-name>      stop processes with this name\n"
"  -s|--signal <signal>          signal to send (default TERM)\n"
"  -a|--startas <pathname>       program to start (default is <executable>)\n"
"  -C|--chdir <directory>        Change to <directory>(default is /)\n"
"  -N|--nicelevel <incr>         add incr to the process's nice level\n"
"  -b|--background               force the process to detach\n"
"  -m|--make-pidfile             create the pidfile before starting\n"
"  -R|--retry <schedule>         check whether processes die, and retry\n"
"  -t|--test                     test mode, don't do anything\n"

x_finished:
	if (!anykilled) {
		if (quietmode <= 0)
			printf("No %s found running; none killed.\n", what_stop);
		return exitnodo;
	} else {
		return 0;
	}
}

#ifdef USE_PAM
// We are not supporting authentication conversations
static struct pam_conv conv = {NULL, NULL };
#endif

int main(int argc, char **argv) NONRETURNING;
int
main(int argc, char **argv)
{
#ifdef USE_PAM
    pam_handle_t *pamh=NULL;
    int retval;
#endif	
	int devnull_fd = -1;
#ifdef HAVE_TIOCNOTTY
	int tty_fd = -1;
#endif
	progname = argv[0];

	parse_options(argc, argv);
	argc -= optind;
	argv += optind;


		fclose(pidf);
	}
	if (changeroot != NULL) {
		if (chdir(changeroot) < 0)
			fatal("Unable to chdir() to %s", changeroot);
		if (chroot(changeroot) < 0)
			fatal("Unable to chroot() to %s", changeroot);
	}
	if (changedir != NULL && chdir(changedir) < 0)
		fatal("Unable to chdir() to %s", changedir);

// Before we change users, we need to do PAM
#ifdef USE_PAM
		// -c	takes priority because it will be what the process ends up running as
		// -u	comes in second to allow daemons to be started as root (as most require)
		//			but use the effective session for another user
		// else we use "nobody" to avoid promoting any daemon

		if(changeuser != NULL)
			retval = pam_start("start-stop-daemon", changeuser, &conv, &pamh);
		else if (userspec != NULL)
			retval = pam_start("start-stop-daemon", userspec, &conv, &pamh);
		else
			retval = pam_start("start-stop-daemon", "nobody", &conv, &pamh);

		if(retval == PAM_SUCCESS)
			retval = pam_authenticate(pamh, PAM_SILENT);
	
		if(retval == PAM_SUCCESS)
			retval = pam_acct_mgmt(pamh, PAM_SILENT);
			
		if(retval == PAM_SUCCESS)
			retval = pam_open_session(pamh, PAM_SILENT);
			
		if(retval != PAM_SUCCESS)
			printf(pam_strerror(pamh, retval));
#endif

	if (changeuser != NULL) {
 		if (setgid(runas_gid))
 			fatal("Unable to set gid to %d", runas_gid);
		if (initgroups(changeuser, runas_gid))
			fatal("Unable to set initgroups() with gid %d", runas_gid);
		if (setuid(runas_uid))
			fatal("Unable to set uid to %s", changeuser);
	}
	if (background) { /* continue background setup */
		int i;

#endif

		/* create a new session */
#ifdef HAVE_SETSID
		setsid();
#else
		setpgid(0,0);
#endif
	}
	execv(startas, argv);
#ifdef USE_PAM
	if(retval == PAM_SUCCESS)
		pam_close_session(pamh, PAM_SILENT);
		
	pam_end(pamh, retval);
#endif
	fatal("Unable to start %s: %s", startas, strerror(errno));	
}


Return to bug 64700

Lines 21-40 Link Here

(-)start-stop-daemon.c.orig (-1 / +53 lines)
21	*	21	*
22	* Modified for Gentoo rc-scripts by Donny Davies <woodchip@gentoo.org>:	22	* Modified for Gentoo rc-scripts by Donny Davies <woodchip@gentoo.org>:
23	* I removed the BSD/Hurd/OtherOS stuff, added #include <stddef.h>	23	* I removed the BSD/Hurd/OtherOS stuff, added #include <stddef.h>
24	* and stuck in a #define VERSION "1.9.18". Now it compiles without	24	* and stuck in a #define VERSION "1.9.18". Now it compiles without
25	* the whole automake/config.h dance.	25	* the whole automake/config.h dance.
26	*	26	*
27	* Updated by Aron Griffis <agriffis@gentoo.org>:	27	* Updated by Aron Griffis <agriffis@gentoo.org>:
28	* Fetched updates from Debian's dpkg-1.10.20, including fix for	28	* Fetched updates from Debian's dpkg-1.10.20, including fix for
29	* Gentoo bug 22686 (start-stop-daemon in baselayout doesn't allow	29	* Gentoo bug 22686 (start-stop-daemon in baselayout doesn't allow
30	* altered nicelevel).	30	* altered nicelevel).
		31	*
		32	* Updated by Scott Dial <scott@scottdial.com>:
		33	* Provides PAM support, Gentoo bug 64700 (start-stop-daemon doesn't use pam)
		34	*
31	*/	35	*/
32		36
33	#define VERSION "1.10.20"	37	#define VERSION "1.10.20"
34	#include <stddef.h>	38	#include <stddef.h>
35		39
36	#define NONRETURNPRINTFFORMAT(x, y) \	40	#define NONRETURNPRINTFFORMAT(x, y) \
37	__attribute__((noreturn, format(printf, x, y)))	41	__attribute__((noreturn, format(printf, x, y)))
38	#define NONRETURNING \	42	#define NONRETURNING \
39	__attribute__((noreturn))	43	__attribute__((noreturn))
40		44
Lines 95-114 Link Here
95	#include <pwd.h>	99	#include <pwd.h>
96	#include <grp.h>	100	#include <grp.h>
97	#include <sys/ioctl.h>	101	#include <sys/ioctl.h>
98	#include <sys/types.h>	102	#include <sys/types.h>
99	#include <sys/termios.h>	103	#include <sys/termios.h>
100	#include <fcntl.h>	104	#include <fcntl.h>
101	#include <limits.h>	105	#include <limits.h>
102	#include <assert.h>	106	#include <assert.h>
103	#include <ctype.h>	107	#include <ctype.h>
104		108
		109	#ifdef USE_PAM
		110	# include <security/pam_appl.h>
		111	# include <security/pam_misc.h>
		112	#endif
		113
105	#ifdef HAVE_ERROR_H	114	#ifdef HAVE_ERROR_H
106	# include <error.h>	115	# include <error.h>
107	#endif	116	#endif
108	#ifdef HURD_IHASH_H	117	#ifdef HURD_IHASH_H
109	#include <hurd/ihash.h>	118	#include <hurd/ihash.h>
110	#endif	119	#endif
111		120
112	static int testmode = 0;	121	static int testmode = 0;
113	static int quietmode = 0;	122	static int quietmode = 0;
114	static int exitnodo = 1;	123	static int exitnodo = 1;
Lines 283-302 Link Here
283	" start-stop-daemon -K\|--stop options ...\n"	292	" start-stop-daemon -K\|--stop options ...\n"
284	" start-stop-daemon -H\|--help\n"	293	" start-stop-daemon -H\|--help\n"
285	" start-stop-daemon -V\|--version\n"	294	" start-stop-daemon -V\|--version\n"
286	"\n"	295	"\n"
287	"Options (at least one of --exec\|--pidfile\|--user is required):\n"	296	"Options (at least one of --exec\|--pidfile\|--user is required):\n"
288	" -x\|--exec <executable> program to start/check if it is running\n"	297	" -x\|--exec <executable> program to start/check if it is running\n"
289	" -p\|--pidfile <pid-file> pid file to check\n"	298	" -p\|--pidfile <pid-file> pid file to check\n"
290	" -c\|--chuid <name\|uid[:group\|gid]>\n"	299	" -c\|--chuid <name\|uid[:group\|gid]>\n"
291	" change to this user/group before starting process\n"	300	" change to this user/group before starting process\n"
292	" -u\|--user <username>\|<uid> stop processes owned by this user\n"	301	" -u\|--user <username>\|<uid> stop processes owned by this user\n"
		302	" user for PAM session\n"
293	" -g\|--group <group\|gid> run process as this group\n"	303	" -g\|--group <group\|gid> run process as this group\n"
294	" -n\|--name <process-name> stop processes with this name\n"	304	" -n\|--name <process-name> stop processes with this name\n"
295	" -s\|--signal <signal> signal to send (default TERM)\n"	305	" -s\|--signal <signal> signal to send (default TERM)\n"
296	" -a\|--startas <pathname> program to start (default is <executable>)\n"	306	" -a\|--startas <pathname> program to start (default is <executable>)\n"
297	" -C\|--chdir <directory> Change to <directory>(default is /)\n"	307	" -C\|--chdir <directory> Change to <directory>(default is /)\n"
298	" -N\|--nicelevel <incr> add incr to the process's nice level\n"	308	" -N\|--nicelevel <incr> add incr to the process's nice level\n"
299	" -b\|--background force the process to detach\n"	309	" -b\|--background force the process to detach\n"
300	" -m\|--make-pidfile create the pidfile before starting\n"	310	" -m\|--make-pidfile create the pidfile before starting\n"
301	" -R\|--retry <schedule> check whether processes die, and retry\n"	311	" -R\|--retry <schedule> check whether processes die, and retry\n"
302	" -t\|--test test mode, don't do anything\n"	312	" -t\|--test test mode, don't do anything\n"
Lines 1131-1155 Link Here
1131	x_finished:	1141	x_finished:
1132	if (!anykilled) {	1142	if (!anykilled) {
1133	if (quietmode <= 0)	1143	if (quietmode <= 0)
1134	printf("No %s found running; none killed.\n", what_stop);	1144	printf("No %s found running; none killed.\n", what_stop);
1135	return exitnodo;	1145	return exitnodo;
1136	} else {	1146	} else {
1137	return 0;	1147	return 0;
1138	}	1148	}
1139	}	1149	}
1140		1150
		1151	#ifdef USE_PAM
		1152	// We are not supporting authentication conversations
		1153	static struct pam_conv conv = {NULL, NULL };
		1154	#endif
1141		1155
1142	int main(int argc, char **argv) NONRETURNING;	1156	int main(int argc, char **argv) NONRETURNING;
1143	int	1157	int
1144	main(int argc, char **argv)	1158	main(int argc, char **argv)
1145	{	1159	{
		1160	#ifdef USE_PAM
		1161	pam_handle_t *pamh=NULL;
		1162	int retval;
		1163	#endif
1146	int devnull_fd = -1;	1164	int devnull_fd = -1;
1147	#ifdef HAVE_TIOCNOTTY	1165	#ifdef HAVE_TIOCNOTTY
1148	int tty_fd = -1;	1166	int tty_fd = -1;
1149	#endif	1167	#endif
1150	progname = argv[0];	1168	progname = argv[0];
1151		1169
1152	parse_options(argc, argv);	1170	parse_options(argc, argv);
1153	argc -= optind;	1171	argc -= optind;
1154	argv += optind;	1172	argv += optind;
1155		1173
Lines 1252-1271 Link Here
1252	fclose(pidf);	1270	fclose(pidf);
1253	}	1271	}
1254	if (changeroot != NULL) {	1272	if (changeroot != NULL) {
1255	if (chdir(changeroot) < 0)	1273	if (chdir(changeroot) < 0)
1256	fatal("Unable to chdir() to %s", changeroot);	1274	fatal("Unable to chdir() to %s", changeroot);
1257	if (chroot(changeroot) < 0)	1275	if (chroot(changeroot) < 0)
1258	fatal("Unable to chroot() to %s", changeroot);	1276	fatal("Unable to chroot() to %s", changeroot);
1259	}	1277	}
1260	if (changedir != NULL && chdir(changedir) < 0)	1278	if (changedir != NULL && chdir(changedir) < 0)
1261	fatal("Unable to chdir() to %s", changedir);	1279	fatal("Unable to chdir() to %s", changedir);
		1280
		1281	// Before we change users, we need to do PAM
		1282	#ifdef USE_PAM
		1283	// -c takes priority because it will be what the process ends up running as
		1284	// -u comes in second to allow daemons to be started as root (as most require)
		1285	// but use the effective session for another user
		1286	// else we use "nobody" to avoid promoting any daemon
		1287
		1288	if(changeuser != NULL)
		1289	retval = pam_start("start-stop-daemon", changeuser, &conv, &pamh);
		1290	else if (userspec != NULL)
		1291	retval = pam_start("start-stop-daemon", userspec, &conv, &pamh);
		1292	else
		1293	retval = pam_start("start-stop-daemon", "nobody", &conv, &pamh);
		1294
		1295	if(retval == PAM_SUCCESS)
		1296	retval = pam_authenticate(pamh, PAM_SILENT);
		1297
		1298	if(retval == PAM_SUCCESS)
		1299	retval = pam_acct_mgmt(pamh, PAM_SILENT);
		1300
		1301	if(retval == PAM_SUCCESS)
		1302	retval = pam_open_session(pamh, PAM_SILENT);
		1303
		1304	if(retval != PAM_SUCCESS)
		1305	printf(pam_strerror(pamh, retval));
		1306	#endif
		1307
1262	if (changeuser != NULL) {	1308	if (changeuser != NULL) {
1263	if (setgid(runas_gid))	1309	if (setgid(runas_gid))
1264	fatal("Unable to set gid to %d", runas_gid);	1310	fatal("Unable to set gid to %d", runas_gid);
1265	if (initgroups(changeuser, runas_gid))	1311	if (initgroups(changeuser, runas_gid))
1266	fatal("Unable to set initgroups() with gid %d", runas_gid);	1312	fatal("Unable to set initgroups() with gid %d", runas_gid);
1267	if (setuid(runas_uid))	1313	if (setuid(runas_uid))
1268	fatal("Unable to set uid to %s", changeuser);	1314	fatal("Unable to set uid to %s", changeuser);
1269	}	1315	}
1270	if (background) { /* continue background setup */	1316	if (background) { /* continue background setup */
1271	int i;	1317	int i;
Lines 1287-1299 Link Here
1287	#endif	1333	#endif
1288		1334
1289	/* create a new session */	1335	/* create a new session */
1290	#ifdef HAVE_SETSID	1336	#ifdef HAVE_SETSID
1291	setsid();	1337	setsid();
1292	#else	1338	#else
1293	setpgid(0,0);	1339	setpgid(0,0);
1294	#endif	1340	#endif
1295	}	1341	}
1296	execv(startas, argv);	1342	execv(startas, argv);
1297	fatal("Unable to start %s: %s", startas, strerror(errno));	1343	#ifdef USE_PAM
		1344	if(retval == PAM_SUCCESS)
		1345	pam_close_session(pamh, PAM_SILENT);
		1346
		1347	pam_end(pamh, retval);
		1348	#endif
		1349	fatal("Unable to start %s: %s", startas, strerror(errno));
1298	}	1350	}
1299		1351