since the introduction of mworker, the setuid/setgid was duplicated in
two places; try to improve that by creating a dedicated function.
this patch does not introduce any functional change.
Signed-off-by: William Dauchy <w.dau...@criteo.com>
---
src/haproxy.c | 63 ++++++++++++++++++++-------------------------------
1 file changed, 24 insertions(+), 39 deletions(-)
diff --git a/src/haproxy.c b/src/haproxy.c
index 44375f6d..4f9761e2 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -2776,6 +2776,27 @@ static struct task *manage_global_listener_queue(struct
task *t, void *context,
return t;
}
+/* set uid/gid depending on global settings */
+static void set_identity(const char *program_name) {
+ if (global.gid) {
+ if (getgroups(0, NULL) > 0 && setgroups(0, NULL) == -1)
+ ha_warning("[%s.main()] Failed to drop supplementary
groups. Using 'gid'/'group'"
+ " without 'uid'/'user' is generally
useless.\n", program_name);
+
+ if (setgid(global.gid) == -1) {
+ ha_alert("[%s.main()] Cannot set gid %d.\n",
program_name, global.gid);
+ protocol_unbind_all();
+ exit(1);
+ }
+ }
+
+ if (global.uid && setuid(global.uid) == -1) {
+ ha_alert("[%s.main()] Cannot set uid %d.\n", program_name,
global.uid);
+ protocol_unbind_all();
+ exit(1);
+ }
+}
+
int main(int argc, char **argv)
{
int err, retry;
@@ -3045,26 +3066,8 @@ int main(int argc, char **argv)
* be able to restart the old pids.
*/
- if ((global.mode & (MODE_MWORKER|MODE_DAEMON)) == 0) {
- /* setgid / setuid */
- if (global.gid) {
- if (getgroups(0, NULL) > 0 && setgroups(0, NULL) == -1)
- ha_warning("[%s.main()] Failed to drop
supplementary groups. Using 'gid'/'group'"
- " without 'uid'/'user' is generally
useless.\n", argv[0]);
-
- if (setgid(global.gid) == -1) {
- ha_alert("[%s.main()] Cannot set gid %d.\n",
argv[0], global.gid);
- protocol_unbind_all();
- exit(1);
- }
- }
-
- if (global.uid && setuid(global.uid) == -1) {
- ha_alert("[%s.main()] Cannot set uid %d.\n", argv[0],
global.uid);
- protocol_unbind_all();
- exit(1);
- }
- }
+ if ((global.mode & (MODE_MWORKER | MODE_DAEMON)) == 0)
+ set_identity(argv[0]);
/* check ulimits */
limit.rlim_cur = limit.rlim_max = 0;
@@ -3269,25 +3272,7 @@ int main(int argc, char **argv)
free(global.chroot);
global.chroot = NULL;
-
- /* setgid / setuid */
- if (global.gid) {
- if (getgroups(0, NULL) > 0 && setgroups(0, NULL) == -1)
- ha_warning("[%s.main()] Failed to drop
supplementary groups. Using 'gid'/'group'"
- " without 'uid'/'user' is generally
useless.\n", argv[0]);
-
- if (setgid(global.gid) == -1) {
- ha_alert("[%s.main()] Cannot set gid %d.\n",
argv[0], global.gid);
- protocol_unbind_all();
- exit(1);
- }
- }
-
- if (global.uid && setuid(global.uid) == -1) {
- ha_alert("[%s.main()] Cannot set uid %d.\n", argv[0],
global.uid);
- protocol_unbind_all();
- exit(1);
- }
+ set_identity(argv[0]);
/* pass through every cli socket, and check if it's bound to
* the current process and if it exposes listeners sockets.
--
2.24.0
