X-Git-Url: http://git.meshlink.io/?a=blobdiff_plain;f=avahi-daemon%2Fmain.c;h=f32cbd6db855ac832a58d1ab583f941ebbae88d6;hb=6d8267e20db0b2900558cda3ec44517e845a0a99;hp=9f7b8476267d34f211b107b327473925522ebe66;hpb=1d6cecfe69fa2faea1c81ccd899bac24aad64273;p=catta diff --git a/avahi-daemon/main.c b/avahi-daemon/main.c index 9f7b847..f32cbd6 100644 --- a/avahi-daemon/main.c +++ b/avahi-daemon/main.c @@ -39,6 +39,7 @@ #include #include #include +#include #include #include @@ -49,12 +50,23 @@ #include #include #include +#include + #include +#include +#include #include +#ifdef ENABLE_CHROOT +#include "chroot.h" +#include "caps.h" +#endif + +#include "setproctitle.h" #include "main.h" #include "simple-protocol.h" #include "static-services.h" +#include "static-hosts.h" #include "ini-file-parser.h" #ifdef HAVE_DBUS @@ -62,6 +74,9 @@ #endif AvahiServer *avahi_server = NULL; +AvahiSimplePoll *simple_poll_api = NULL; +static char *argv0 = NULL; +int nss_support = 0; typedef enum { DAEMON_RUN, @@ -83,9 +98,15 @@ typedef struct { int fail_on_missing_dbus; #endif int drop_root; + int set_rlimits; +#ifdef ENABLE_CHROOT + int use_chroot; +#endif + int modify_proc_title; + + int disable_user_service_publishing; int publish_resolv_conf; char ** publish_dns_servers; - int no_rlimits; int debug; int rlimit_as_set, rlimit_core_set, rlimit_data_set, rlimit_fsize_set, rlimit_nofile_set, rlimit_stack_set; @@ -106,8 +127,6 @@ static char **resolv_conf = NULL; static DaemonConfig config; -#define MAX_NAME_SERVERS 10 - static int has_prefix(const char *s, const char *prefix) { size_t l; @@ -116,7 +135,7 @@ static int has_prefix(const char *s, const char *prefix) { return strlen(s) >= l && strncmp(s, prefix, l) == 0; } -static int load_resolv_conf(const DaemonConfig *c) { +static int load_resolv_conf(void) { int ret = -1; FILE *f; int i = 0; @@ -124,17 +143,20 @@ static int load_resolv_conf(const DaemonConfig *c) { avahi_strfreev(resolv_conf); resolv_conf = NULL; - if (!c->publish_resolv_conf) - return 0; - - if (!(f = fopen(RESOLV_CONF, "r"))) { - avahi_log_warn("Failed to open "RESOLV_CONF"."); +#ifdef ENABLE_CHROOT + f = avahi_chroot_helper_get_file(RESOLV_CONF); +#else + f = fopen(RESOLV_CONF, "r"); +#endif + + if (!f) { + avahi_log_warn("Failed to open "RESOLV_CONF": %s", strerror(errno)); goto finish; } - resolv_conf = avahi_new0(char*, MAX_NAME_SERVERS+1); + resolv_conf = avahi_new0(char*, AVAHI_WIDE_AREA_SERVERS_MAX+1); - while (!feof(f) && i < MAX_NAME_SERVERS) { + while (!feof(f) && i < AVAHI_WIDE_AREA_SERVERS_MAX) { char ln[128]; char *p; @@ -181,10 +203,10 @@ static AvahiSEntryGroup* add_dns_servers(AvahiServer *s, AvahiSEntryGroup* g, ch for (p = l; *p; p++) { AvahiAddress a; - if (!avahi_address_parse(*p, AF_UNSPEC, &a)) + if (!avahi_address_parse(*p, AVAHI_PROTO_UNSPEC, &a)) avahi_log_warn("Failed to parse address '%s', ignoring.", *p); else - if (avahi_server_add_dns_server_address(s, g, -1, AF_UNSPEC, NULL, AVAHI_DNS_SERVER_RESOLVE, &a, 53) < 0) { + if (avahi_server_add_dns_server_address(s, g, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, NULL, AVAHI_DNS_SERVER_RESOLVE, &a, 53) < 0) { avahi_s_entry_group_free(g); avahi_log_error("Failed to add DNS server address: %s", avahi_strerror(avahi_server_errno(s))); return NULL; @@ -205,51 +227,97 @@ static void remove_dns_server_entry_groups(void) { avahi_s_entry_group_reset(dns_servers_entry_group); } +static void update_wide_area_servers(void) { + AvahiAddress a[AVAHI_WIDE_AREA_SERVERS_MAX]; + unsigned n = 0; + char **p; + + if (!resolv_conf) { + avahi_server_set_wide_area_servers(avahi_server, NULL, 0); + return; + } + + for (p = resolv_conf; *p && n < AVAHI_WIDE_AREA_SERVERS_MAX; p++) { + if (!avahi_address_parse(*p, AVAHI_PROTO_UNSPEC, &a[n])) + avahi_log_warn("Failed to parse address '%s', ignoring.", *p); + else + n++; + } + + avahi_server_set_wide_area_servers(avahi_server, a, n); +} + static void server_callback(AvahiServer *s, AvahiServerState state, void *userdata) { DaemonConfig *c = userdata; assert(s); assert(c); - /** This function is possibly called before the global variable + /* This function is possibly called before the global variable * avahi_server has been set, therefore we do it explicitly */ avahi_server = s; #ifdef HAVE_DBUS - if (c->enable_dbus) + if (c->enable_dbus && state != AVAHI_SERVER_INVALID && state != AVAHI_SERVER_FAILURE) dbus_protocol_server_state_changed(state); #endif - if (state == AVAHI_SERVER_RUNNING) { - avahi_log_info("Server startup complete. Host name is <%s>", avahi_server_get_host_name_fqdn(s)); - static_service_add_to_server(); - - remove_dns_server_entry_groups(); + switch (state) { + case AVAHI_SERVER_RUNNING: + avahi_log_info("Server startup complete. Host name is %s. Local service cookie is %u.", avahi_server_get_host_name_fqdn(s), avahi_server_get_local_service_cookie(s)); + + avahi_set_proc_title("%s: running [%s]", argv0, avahi_server_get_host_name_fqdn(s)); + + static_service_add_to_server(); + static_hosts_add_to_server(); + + remove_dns_server_entry_groups(); + + if (c->publish_resolv_conf && resolv_conf && resolv_conf[0]) + resolv_conf_entry_group = add_dns_servers(s, resolv_conf_entry_group, resolv_conf); + + if (c->publish_dns_servers && c->publish_dns_servers[0]) + dns_servers_entry_group = add_dns_servers(s, dns_servers_entry_group, c->publish_dns_servers); + + simple_protocol_restart_queries(); + break; + + case AVAHI_SERVER_COLLISION: { + char *n; + + static_service_remove_from_server(); + static_hosts_remove_from_server(); + + remove_dns_server_entry_groups(); + + n = avahi_alternative_host_name(avahi_server_get_host_name(s)); + avahi_log_warn("Host name conflict, retrying with <%s>", n); + avahi_server_set_host_name(s, n); + avahi_free(n); - if (resolv_conf && resolv_conf[0]) - resolv_conf_entry_group = add_dns_servers(s, resolv_conf_entry_group, resolv_conf); + avahi_set_proc_title("%s: collision", argv0); + + break; + } - if (c->publish_dns_servers && c->publish_dns_servers[0]) - dns_servers_entry_group = add_dns_servers(s, dns_servers_entry_group, c->publish_dns_servers); + case AVAHI_SERVER_FAILURE: - simple_protocol_restart_queries(); - - } else if (state == AVAHI_SERVER_COLLISION) { - char *n; + avahi_log_error("Server error: %s", avahi_strerror(avahi_server_errno(s))); + avahi_simple_poll_quit(simple_poll_api); + break; - static_service_remove_from_server(); + case AVAHI_SERVER_REGISTERING: + avahi_set_proc_title("%s: registering [%s]", argv0, avahi_server_get_host_name_fqdn(s)); - remove_dns_server_entry_groups(); - n = avahi_alternative_host_name(avahi_server_get_host_name(s)); - avahi_log_warn("Host name conflict, retrying with <%s>", n); - avahi_server_set_host_name(s, n); - avahi_free(n); + case AVAHI_SERVER_INVALID: + break; + } } -static void help(FILE *f, const char *argv0) { +static void help(FILE *f) { fprintf(f, "%s [options]\n" " -h --help Show this help\n" @@ -263,6 +331,10 @@ static void help(FILE *f, const char *argv0) { " "AVAHI_CONFIG_FILE"\n" " --no-rlimits Don't enforce resource limits\n" " --no-drop-root Don't drop privileges\n" +#ifdef ENABLE_CHROOT + " --no-chroot Don't chroot()\n" +#endif + " --no-proc-title Don't modify process title\n" " --debug Increase verbosity\n", argv0); } @@ -274,21 +346,29 @@ static int parse_command_line(DaemonConfig *c, int argc, char *argv[]) { enum { OPTION_NO_RLIMITS = 256, OPTION_NO_DROP_ROOT, +#ifdef ENABLE_CHROOT + OPTION_NO_CHROOT, +#endif + OPTION_NO_PROC_TITLE, OPTION_DEBUG }; static const struct option long_options[] = { - { "help", no_argument, NULL, 'h' }, - { "daemonize", no_argument, NULL, 'D' }, - { "kill", no_argument, NULL, 'k' }, - { "version", no_argument, NULL, 'V' }, - { "file", required_argument, NULL, 'f' }, - { "reload", no_argument, NULL, 'r' }, - { "check", no_argument, NULL, 'c' }, - { "syslog", no_argument, NULL, 's' }, - { "no-rlimits", no_argument, NULL, OPTION_NO_RLIMITS }, - { "no-drop-root", no_argument, NULL, OPTION_NO_DROP_ROOT }, - { "debug", no_argument, NULL, OPTION_DEBUG }, + { "help", no_argument, NULL, 'h' }, + { "daemonize", no_argument, NULL, 'D' }, + { "kill", no_argument, NULL, 'k' }, + { "version", no_argument, NULL, 'V' }, + { "file", required_argument, NULL, 'f' }, + { "reload", no_argument, NULL, 'r' }, + { "check", no_argument, NULL, 'c' }, + { "syslog", no_argument, NULL, 's' }, + { "no-rlimits", no_argument, NULL, OPTION_NO_RLIMITS }, + { "no-drop-root", no_argument, NULL, OPTION_NO_DROP_ROOT }, +#ifdef ENABLE_CHROOT + { "no-chroot", no_argument, NULL, OPTION_NO_CHROOT }, +#endif + { "no-proc-title", no_argument, NULL, OPTION_NO_PROC_TITLE }, + { "debug", no_argument, NULL, OPTION_DEBUG }, { NULL, 0, NULL, 0 } }; @@ -324,11 +404,19 @@ static int parse_command_line(DaemonConfig *c, int argc, char *argv[]) { c->command = DAEMON_CHECK; break; case OPTION_NO_RLIMITS: - c->no_rlimits = 1; + c->set_rlimits = 0; break; case OPTION_NO_DROP_ROOT: c->drop_root = 0; break; +#ifdef ENABLE_CHROOT + case OPTION_NO_CHROOT: + c->use_chroot = 0; + break; +#endif + case OPTION_NO_PROC_TITLE: + c->modify_proc_title = 0; + break; case OPTION_DEBUG: c->debug = 1; break; @@ -375,14 +463,37 @@ static int load_config_file(DaemonConfig *c) { } else if (strcasecmp(p->key, "domain-name") == 0) { avahi_free(c->server_config.domain_name); c->server_config.domain_name = avahi_strdup(p->value); + } else if (strcasecmp(p->key, "browse-domains") == 0) { + char **e, **t; + + e = avahi_split_csv(p->value); + + for (t = e; *t; t++) { + char cleaned[AVAHI_DOMAIN_NAME_MAX]; + + if (!avahi_normalize_name(*t, cleaned, sizeof(cleaned))) { + avahi_log_error("Invalid domain name \"%s\" for key \"%s\" in group \"%s\"\n", *t, p->key, g->name); + avahi_strfreev(e); + goto finish; + } + + c->server_config.browse_domains = avahi_string_list_add(c->server_config.browse_domains, cleaned); + } + + avahi_strfreev(e); } else if (strcasecmp(p->key, "use-ipv4") == 0) c->server_config.use_ipv4 = is_yes(p->value); else if (strcasecmp(p->key, "use-ipv6") == 0) c->server_config.use_ipv6 = is_yes(p->value); else if (strcasecmp(p->key, "check-response-ttl") == 0) c->server_config.check_response_ttl = is_yes(p->value); + else if (strcasecmp(p->key, "allow-point-to-point") == 0) + c->server_config.allow_point_to_point = is_yes(p->value); else if (strcasecmp(p->key, "use-iff-running") == 0) c->server_config.use_iff_running = is_yes(p->value); + else if (strcasecmp(p->key, "disallow-other-stacks") == 0) + c->server_config.disallow_other_stacks = is_yes(p->value); +#ifdef HAVE_DBUS else if (strcasecmp(p->key, "enable-dbus") == 0) { if (*(p->value) == 'w' || *(p->value) == 'W') { @@ -395,8 +506,7 @@ static int load_config_file(DaemonConfig *c) { c->enable_dbus = 0; } } - else if (strcasecmp(p->key, "drop-root") == 0) - c->drop_root = is_yes(p->value); +#endif else { avahi_log_error("Invalid configuration key \"%s\" in group \"%s\"\n", p->key, g->name); goto finish; @@ -418,15 +528,34 @@ static int load_config_file(DaemonConfig *c) { c->server_config.publish_domain = is_yes(p->value); else if (strcasecmp(p->key, "publish-resolv-conf-dns-servers") == 0) c->publish_resolv_conf = is_yes(p->value); + else if (strcasecmp(p->key, "disable-publishing") == 0) + c->server_config.disable_publishing = is_yes(p->value); + else if (strcasecmp(p->key, "disable-user-service-publishing") == 0) + c->disable_user_service_publishing = is_yes(p->value); + else if (strcasecmp(p->key, "add-service-cookie") == 0) + c->server_config.add_service_cookie = is_yes(p->value); else if (strcasecmp(p->key, "publish-dns-servers") == 0) { avahi_strfreev(c->publish_dns_servers); - c->publish_dns_servers = avahi_split_csv(p->value); + c->publish_dns_servers = avahi_split_csv(p->value); } else { avahi_log_error("Invalid configuration key \"%s\" in group \"%s\"\n", p->key, g->name); goto finish; } } + } else if (strcasecmp(g->name, "wide-area") == 0) { + AvahiIniFilePair *p; + + for (p = g->pairs; p; p = p->pairs_next) { + + if (strcasecmp(p->key, "enable-wide-area") == 0) + c->server_config.enable_wide_area = is_yes(p->value); + else { + avahi_log_error("Invalid configuration key \"%s\" in group \"%s\"\n", p->key, g->name); + goto finish; + } + } + } else if (strcasecmp(g->name, "reflector") == 0) { AvahiIniFilePair *p; @@ -512,13 +641,12 @@ static void log_function(AvahiLogLevel level, const char *txt) { daemon_log(log_level_map[level], "%s", txt); } -static void dump(const char *text, void* userdata) { +static void dump(const char *text, AVAHI_GCC_UNUSED void* userdata) { avahi_log_info("%s", text); } -static void signal_callback(AvahiWatch *watch, int fd, AvahiWatchEvent event, void *userdata) { +static void signal_callback(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AVAHI_GCC_UNUSED AvahiWatchEvent event, AVAHI_GCC_UNUSED void *userdata) { int sig; - AvahiSimplePoll *simple_poll_api = userdata; const AvahiPoll *poll_api; assert(watch); @@ -545,15 +673,24 @@ static void signal_callback(AvahiWatch *watch, int fd, AvahiWatchEvent event, vo case SIGHUP: avahi_log_info("Got SIGHUP, reloading."); - static_service_load(); +#ifdef ENABLE_CHROOT + static_service_load(config.use_chroot); + static_hosts_load(config.use_chroot); +#else + static_service_load(0); + static_hosts_load(0); +#endif static_service_add_to_server(); + static_service_remove_from_server(); if (resolv_conf_entry_group) avahi_s_entry_group_reset(resolv_conf_entry_group); - load_resolv_conf(&config); + load_resolv_conf(); + + update_wide_area_servers(); - if (resolv_conf && resolv_conf[0]) + if (config.publish_resolv_conf && resolv_conf && resolv_conf[0]) resolv_conf_entry_group = add_dns_servers(avahi_server, resolv_conf_entry_group, resolv_conf); break; @@ -569,15 +706,21 @@ static void signal_callback(AvahiWatch *watch, int fd, AvahiWatchEvent event, vo } } +/* Imported from ../avahi-client/nss-check.c */ +int avahi_nss_support(void); + static int run_server(DaemonConfig *c) { int r = -1; int error; - AvahiSimplePoll *simple_poll_api; - const AvahiPoll *poll_api; - AvahiWatch *sig_watch; + const AvahiPoll *poll_api = NULL; + AvahiWatch *sig_watch = NULL; + int retval_is_sent = 0; assert(c); + if (!(nss_support = avahi_nss_support())) + avahi_log_warn("WARNING: No NSS support for mDNS detected, consider installing nss-mdns!"); + if (!(simple_poll_api = avahi_simple_poll_new())) { avahi_log_error("Failed to create main loop object."); goto finish; @@ -597,9 +740,10 @@ static int run_server(DaemonConfig *c) { if (simple_protocol_setup(poll_api) < 0) goto finish; - if (c->enable_dbus) { + #ifdef HAVE_DBUS - if (dbus_protocol_setup(poll_api) < 0) { + if (c->enable_dbus) { + if (dbus_protocol_setup(poll_api, config.disable_user_service_publishing) < 0) { if (c->fail_on_missing_dbus) goto finish; @@ -607,22 +751,49 @@ static int run_server(DaemonConfig *c) { avahi_log_warn("WARNING: Failed to contact D-BUS daemon, disabling D-BUS support."); c->enable_dbus = 0; } -#else - avahi_log_warn("WARNING: We are configured to enable D-BUS but it was not compiled in"); + } #endif + +#ifdef ENABLE_CHROOT + + if (config.drop_root && config.use_chroot) { + if (chroot(AVAHI_CONFIG_DIR) < 0) { + avahi_log_error("Failed to chroot(): %s", strerror(errno)); + goto finish; + } + + avahi_log_info("Successfully called chroot()."); + chdir("/"); + + if (avahi_caps_drop_all() < 0) { + avahi_log_error("Failed to drop capabilities."); + goto finish; + } + avahi_log_info("Successfully dropped remaining capabilities."); } - load_resolv_conf(c); - static_service_load(); +#endif + + load_resolv_conf(); +#ifdef ENABLE_CHROOT + static_service_load(config.use_chroot); + static_hosts_load(config.use_chroot); +#else + static_service_load(0); + static_hosts_load(0); +#endif if (!(avahi_server = avahi_server_new(poll_api, &c->server_config, server_callback, c, &error))) { avahi_log_error("Failed to create server: %s", avahi_strerror(error)); goto finish; } + update_wide_area_servers(); - if (c->daemonize) + if (c->daemonize) { daemon_retval_send(0); + retval_is_sent = 1; + } for (;;) { if ((r = avahi_simple_poll_iterate(simple_poll_api, -1)) < 0) { @@ -643,27 +814,35 @@ finish: static_service_remove_from_server(); static_service_free_all(); + + static_hosts_remove_from_server(); + static_hosts_free_all(); + remove_dns_server_entry_groups(); simple_protocol_shutdown(); -#ifdef ENABLE_DBUS +#ifdef HAVE_DBUS if (c->enable_dbus) dbus_protocol_shutdown(); #endif - if (avahi_server) + if (avahi_server) { avahi_server_free(avahi_server); + avahi_server = NULL; + } daemon_signal_done(); if (sig_watch) poll_api->watch_free(sig_watch); - if (simple_poll_api) + if (simple_poll_api) { avahi_simple_poll_free(simple_poll_api); + simple_poll_api = NULL; + } - if (r != 0 && c->daemonize) + if (!retval_is_sent && c->daemonize) daemon_retval_send(1); return r; @@ -695,11 +874,13 @@ static int drop_root(void) { #if defined(HAVE_SETRESGID) r = setresgid(gr->gr_gid, gr->gr_gid, gr->gr_gid); +#elif defined(HAVE_SETEGID) + if ((r = setgid(gr->gr_gid)) >= 0) + r = setegid(gr->gr_gid); #elif defined(HAVE_SETREGID) r = setregid(gr->gr_gid, gr->gr_gid); #else - if ((r = setgid(gr->gr_gid)) >= 0) - r = setegid(gr->gr_gid); +#error "No API to drop priviliges" #endif if (r < 0) { @@ -709,11 +890,13 @@ static int drop_root(void) { #if defined(HAVE_SETRESUID) r = setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid); +#elif defined(HAVE_SETEUID) + if ((r = setuid(pw->pw_uid)) >= 0) + r = seteuid(pw->pw_uid); #elif defined(HAVE_SETREUID) r = setreuid(pw->pw_uid, pw->pw_uid); #else - if ((r = setuid(pw->pw_uid)) >= 0) - r = seteuid(pw->pw_uid); +#error "No API to drop priviliges" #endif if (r < 0) { @@ -724,7 +907,7 @@ static int drop_root(void) { set_env("USER", pw->pw_name); set_env("LOGNAME", pw->pw_name); set_env("HOME", pw->pw_dir); - + avahi_log_info("Successfully dropped root privileges."); return 0; @@ -789,9 +972,10 @@ static void set_one_rlimit(int resource, rlim_t limit, const char *name) { } static void enforce_rlimits(void) { - +#ifdef RLIMIT_AS if (config.rlimit_as_set) set_one_rlimit(RLIMIT_AS, config.rlimit_as, "RLIMIT_AS"); +#endif if (config.rlimit_core_set) set_one_rlimit(RLIMIT_CORE, config.rlimit_core, "RLIMIT_CORE"); if (config.rlimit_data_set) @@ -807,7 +991,8 @@ static void enforce_rlimits(void) { set_one_rlimit(RLIMIT_NPROC, config.rlimit_nproc, "RLIMIT_NPROC"); #endif -#ifdef RLIMIT_MEMLOCK + /* the sysctl() call from iface-pfroute.c needs locked memory on FreeBSD */ +#if defined(RLIMIT_MEMLOCK) && !defined(__FreeBSD__) /* We don't need locked memory */ set_one_rlimit(RLIMIT_MEMLOCK, 0, "RLIMIT_MEMLOCK"); #endif @@ -835,7 +1020,6 @@ static void init_rand_seed(void) { int main(int argc, char *argv[]) { int r = 255; - const char *argv0; int wrote_pid_file = 0; avahi_set_log_function(log_function); @@ -850,13 +1034,19 @@ int main(int argc, char *argv[]) { config.enable_dbus = 1; config.fail_on_missing_dbus = 1; #endif + config.drop_root = 1; + config.set_rlimits = 1; +#ifdef ENABLE_CHROOT + config.use_chroot = 1; +#endif + config.modify_proc_title = 1; + + config.disable_user_service_publishing = 0; config.publish_dns_servers = NULL; config.publish_resolv_conf = 0; config.use_syslog = 0; - config.no_rlimits = 0; config.debug = 0; - config.rlimit_as_set = 0; config.rlimit_core_set = 0; config.rlimit_data_set = 0; @@ -868,9 +1058,9 @@ int main(int argc, char *argv[]) { #endif if ((argv0 = strrchr(argv[0], '/'))) - argv0++; + argv0 = avahi_strdup(argv0 + 1); else - argv0 = argv[0]; + argv0 = avahi_strdup(argv[0]); daemon_pid_file_ident = (const char *) argv0; daemon_log_ident = (char*) argv0; @@ -879,8 +1069,15 @@ int main(int argc, char *argv[]) { if (parse_command_line(&config, argc, argv) < 0) goto finish; + if (config.modify_proc_title) + avahi_init_proc_title(argc, argv); + +#ifdef ENABLE_CHROOT + config.use_chroot = config.use_chroot && config.drop_root; +#endif + if (config.command == DAEMON_HELP) { - help(stdout, argv0); + help(stdout); r = 0; } else if (config.command == DAEMON_VERSION) { printf("%s "PACKAGE_VERSION"\n", argv0); @@ -929,7 +1126,7 @@ int main(int argc, char *argv[]) { /** Parent **/ if ((ret = daemon_retval_wait(20)) < 0) { - avahi_log_error("Could not recieve return value from daemon process."); + avahi_log_error("Could not receive return value from daemon process."); goto finish; } @@ -947,8 +1144,20 @@ int main(int argc, char *argv[]) { goto finish; if (config.drop_root) { +#ifdef ENABLE_CHROOT + if (config.use_chroot) + if (avahi_caps_reduce() < 0) + goto finish; +#endif + if (drop_root() < 0) goto finish; + +#ifdef ENABLE_CHROOT + if (config.use_chroot) + if (avahi_caps_reduce2() < 0) + goto finish; +#endif } if (daemon_pid_file_create() < 0) { @@ -960,12 +1169,21 @@ int main(int argc, char *argv[]) { } else wrote_pid_file = 1; - if (!config.no_rlimits) + if (config.set_rlimits) enforce_rlimits(); chdir("/"); - + +#ifdef ENABLE_CHROOT + if (config.drop_root && config.use_chroot) + if (avahi_chroot_helper_start(argv0) < 0) { + avahi_log_error("failed to start chroot() helper daemon."); + goto finish; + } +#endif avahi_log_info("%s "PACKAGE_VERSION" starting up.", argv0); + + avahi_set_proc_title("%s: starting up", argv0); if (run_server(&config) == 0) r = 0; @@ -981,8 +1199,19 @@ finish: avahi_strfreev(config.publish_dns_servers); avahi_strfreev(resolv_conf); - if (wrote_pid_file) + if (wrote_pid_file) { +#ifdef ENABLE_CHROOT + avahi_chroot_helper_unlink(pid_file_proc()); +#else daemon_pid_file_remove(); +#endif + } + +#ifdef ENABLE_CHROOT + avahi_chroot_helper_shutdown(); +#endif + + avahi_free(argv0); return r; }