TS-3103: hide ElevateAccess implementation details
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/c2058086 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/c2058086 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/c2058086 Branch: refs/heads/master Commit: c20580866485cd6f61387b20c81361fa8709d89d Parents: 549108e Author: James Peach <[email protected]> Authored: Fri Sep 26 16:12:54 2014 -0700 Committer: James Peach <[email protected]> Committed: Thu Oct 2 15:52:38 2014 -0700 ---------------------------------------------------------------------- lib/ts/ink_cap.cc | 47 ++++++++++++++++++++++++++++++++++++++++++++--- lib/ts/ink_cap.h | 44 ++++---------------------------------------- 2 files changed, 48 insertions(+), 43 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/c2058086/lib/ts/ink_cap.cc ---------------------------------------------------------------------- diff --git a/lib/ts/ink_cap.cc b/lib/ts/ink_cap.cc index 26bb910..90c9c15 100644 --- a/lib/ts/ink_cap.cc +++ b/lib/ts/ink_cap.cc @@ -130,7 +130,7 @@ EnableCoreFile(bool flag) { current enable this feature so it's not actually called. Still, best to program defensively and have it available. */ -bool +static bool elevateFileAccess(bool state) { Debug("proxy_priv", "[elevateFileAccess] state : %d\n", state); @@ -152,7 +152,7 @@ elevateFileAccess(bool state) // // - Returns true on success // and false on failure -bool +static bool removeRootPriv(uid_t euid) { if (seteuid(euid) < 0) { @@ -168,7 +168,7 @@ removeRootPriv(uid_t euid) // // - Returns true on success // and false on failure -bool +static bool restoreRootPriv(uid_t *old_euid) { if (old_euid) @@ -183,3 +183,44 @@ restoreRootPriv(uid_t *old_euid) return true; } #endif + +ElevateAccess::ElevateAccess(const bool state) + : elevated(false), saved_uid(0) +{ + if (state == true) { + elevate(); + } +} + +ElevateAccess::~ElevateAccess() +{ + if (elevated == true) { + demote(); + } +} + +void +ElevateAccess::elevate() +{ +#if TS_USE_POSIX_CAP + ink_release_assert(elevateFileAccess(true)); +#else + // Since we are setting a process-wide credential, we have to block any other thread + // attempting to elevate until this one demotes. + ink_mutex_acquire(&lock); + restoreRootPriv(&saved_uid); +#endif + elevated = true; +} + +void +ElevateAccess::demote() +{ +#if TS_USE_POSIX_CAP + ink_release_assert(elevateFileAccess(false)); +#else + removeRootPriv(saved_uid); + ink_mutex_release(&lock); +#endif + elevated = false; +} http://git-wip-us.apache.org/repos/asf/trafficserver/blob/c2058086/lib/ts/ink_cap.h ---------------------------------------------------------------------- diff --git a/lib/ts/ink_cap.h b/lib/ts/ink_cap.h index 49c1219..e162030 100644 --- a/lib/ts/ink_cap.h +++ b/lib/ts/ink_cap.h @@ -46,49 +46,13 @@ extern int EnableCoreFile( -#if TS_USE_POSIX_CAP -bool elevateFileAccess(bool); -#else -bool restoreRootPriv(uid_t *old_euid = NULL); -bool removeRootPriv(uid_t euid); -#endif - - class ElevateAccess { public: - ElevateAccess(const bool state): elevated(false), saved_uid(0) { - if (state == true) { - elevate(); - } - } - - void elevate() { -#if TS_USE_POSIX_CAP - elevateFileAccess(true); -#else - // Since we are setting a process-wide credential, we have to block any other thread - // attempting to elevate until this one demotes. - restoreRootPriv(&saved_uid); - ink_mutex_acquire(&lock); -#endif - elevated = true; - } - - void demote() { -#if TS_USE_POSIX_CAP - elevateFileAccess(false); -#else - removeRootPriv(saved_uid); - ink_mutex_release(&lock); -#endif - elevated = false; - } + ElevateAccess(const bool state); + ~ElevateAccess(); - ~ElevateAccess() { - if (elevated == true) { - demote(); - } - } + void elevate(); + void demote(); private: bool elevated;
