loolwsd/Capabilities.hpp | 96 +++++++++++++++++++++++++++++++++++++++++++++++ loolwsd/LOKitClient.cpp | 2 loolwsd/LOOLBroker.cpp | 52 ------------------------- loolwsd/LOOLKit.cpp | 8 +-- loolwsd/LOOLWSD.cpp | 91 +++----------------------------------------- loolwsd/Makefile.am | 2 loolwsd/Util.cpp | 6 +- 7 files changed, 113 insertions(+), 144 deletions(-)
New commits: commit f48d61d25d938886fa4409da2d40e17d8ca4f27b Author: Ashod Nakashian <[email protected]> Date: Tue Dec 29 20:34:53 2015 -0500 loolwsd: dropCapability moved to Capabilities.hpp Change-Id: Id84d485b446040df1d5398341af2b0e8f300ed63 Reviewed-on: https://gerrit.libreoffice.org/21060 Reviewed-by: Ashod Nakashian <[email protected]> Tested-by: Ashod Nakashian <[email protected]> diff --git a/loolwsd/Capabilities.hpp b/loolwsd/Capabilities.hpp new file mode 100644 index 0000000..d50018f --- /dev/null +++ b/loolwsd/Capabilities.hpp @@ -0,0 +1,96 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +#ifndef INCLUDED_CAPABILITIES +#define INCLUDED_CAPABILITIES + +#ifdef __linux +#include <sys/capability.h> +#endif + +#include "Util.hpp" + +static +void dropCapability( +#ifdef __linux + cap_value_t capability +#endif + ) +{ +#ifdef __linux + cap_t caps; + cap_value_t cap_list[] = { capability }; + + caps = cap_get_proc(); + if (caps == nullptr) + { + Log::error("Error: cap_get_proc() failed."); + exit(1); + } + + if (cap_set_flag(caps, CAP_EFFECTIVE, sizeof(cap_list)/sizeof(cap_list[0]), cap_list, CAP_CLEAR) == -1 || + cap_set_flag(caps, CAP_PERMITTED, sizeof(cap_list)/sizeof(cap_list[0]), cap_list, CAP_CLEAR) == -1) + { + Log::error("Error: cap_set_flag() failed."); + exit(1); + } + + if (cap_set_proc(caps) == -1) + { + Log::error("Error: cap_set_proc() failed."); + exit(1); + } + + char *capText = cap_to_text(caps, nullptr); + Log::info("Capabilities now: " + std::string(capText)); + cap_free(capText); + + cap_free(caps); +#endif + // We assume that on non-Linux we don't need to be root to be able to hardlink to files we + // don't own, so drop root. + if (geteuid() == 0 && getuid() != 0) + { + // The program is setuid root. Not normal on Linux where we use setcap, but if this + // needs to run on non-Linux Unixes, setuid root is what it will bneed to be to be able + // to do chroot(). + if (setuid(getuid()) != 0) + { + Log::error("Error: setuid() failed."); + } + } +#if ENABLE_DEBUG + if (geteuid() == 0 && getuid() == 0) + { +#ifdef __linux + // Argh, awful hack + if (capability == CAP_FOWNER) + return; +#endif + + // Running under sudo, probably because being debugged? Let's drop super-user rights. + if (LOOLWSD::uid == 0) + { + struct passwd *nobody = getpwnam("nobody"); + if (nobody) + LOOLWSD::uid = nobody->pw_uid; + else + LOOLWSD::uid = 65534; + } + if (setuid(LOOLWSD::uid) != 0) + { + Log::error("setuid() failed."); + } + } +#endif +} + +#endif + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/loolwsd/LOKitClient.cpp b/loolwsd/LOKitClient.cpp index afbc62d..b6db978 100644 --- a/loolwsd/LOKitClient.cpp +++ b/loolwsd/LOKitClient.cpp @@ -101,7 +101,7 @@ protected: return Application::EXIT_UNAVAILABLE; } - loKitDocument->pClass->registerCallback(loKitDocument, myCallback, NULL); + loKitDocument->pClass->registerCallback(loKitDocument, myCallback, nullptr); loKitDocument->pClass->initializeForRendering(loKitDocument, nullptr); diff --git a/loolwsd/LOOLBroker.cpp b/loolwsd/LOOLBroker.cpp index 1262540..71e4d28 100644 --- a/loolwsd/LOOLBroker.cpp +++ b/loolwsd/LOOLBroker.cpp @@ -9,7 +9,6 @@ #include <sys/types.h> #include <sys/wait.h> -#include <sys/capability.h> #include <utime.h> #include <ftw.h> @@ -33,6 +32,7 @@ #include <Poco/NamedMutex.h> #include "Common.hpp" +#include "Capabilities.hpp" #include "Util.hpp" // First include the grist of the helper process - ideally @@ -150,56 +150,6 @@ namespace if (nftw(source.c_str(), linkOrCopyFunction, 10, FTW_DEPTH) == -1) Log::error("linkOrCopy: nftw() failed for '" + source + "'"); } - - void dropCapability( -#ifdef __linux - cap_value_t capability -#endif - ) - { -#ifdef __linux - cap_t caps; - cap_value_t cap_list[] = { capability }; - - caps = cap_get_proc(); - if (caps == nullptr) - { - Log::error("Error: cap_get_proc() failed."); - exit(1); - } - - if (cap_set_flag(caps, CAP_EFFECTIVE, sizeof(cap_list)/sizeof(cap_list[0]), cap_list, CAP_CLEAR) == -1 || - cap_set_flag(caps, CAP_PERMITTED, sizeof(cap_list)/sizeof(cap_list[0]), cap_list, CAP_CLEAR) == -1) - { - Log::error("Error: cap_set_flag() failed."); - exit(1); - } - - if (cap_set_proc(caps) == -1) - { - Log::error("Error: cap_set_proc() failed."); - exit(1); - } - - char *capText = cap_to_text(caps, nullptr); - Log::info("Capabilities now: " + std::string(capText)); - cap_free(capText); - - cap_free(caps); -#endif - // We assume that on non-Linux we don't need to be root to be able to hardlink to files we - // don't own, so drop root. - if (geteuid() == 0 && getuid() != 0) - { - // The program is setuid root. Not normal on Linux where we use setcap, but if this - // needs to run on non-Linux Unixes, setuid root is what it will bneed to be to be able - // to do chroot(). - if (setuid(getuid()) != 0) - { - Log::error("Error: setuid() failed."); - } - } - } } class PipeRunnable: public Runnable diff --git a/loolwsd/LOOLKit.cpp b/loolwsd/LOOLKit.cpp index 37bf655..f54c8a2 100644 --- a/loolwsd/LOOLKit.cpp +++ b/loolwsd/LOOLKit.cpp @@ -77,10 +77,10 @@ namespace aSigAction.sa_flags = 0; aSigAction.sa_handler = (isIgnored ? SIG_IGN : handleSignal); - sigaction(SIGTERM, &aSigAction, NULL); - sigaction(SIGINT, &aSigAction, NULL); - sigaction(SIGQUIT, &aSigAction, NULL); - sigaction(SIGHUP, &aSigAction, NULL); + sigaction(SIGTERM, &aSigAction, nullptr); + sigaction(SIGINT, &aSigAction, nullptr); + sigaction(SIGQUIT, &aSigAction, nullptr); + sigaction(SIGHUP, &aSigAction, nullptr); #endif } } diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp index fe95041..47cb3ed 100644 --- a/loolwsd/LOOLWSD.cpp +++ b/loolwsd/LOOLWSD.cpp @@ -46,7 +46,6 @@ DEALINGS IN THE SOFTWARE. #include <unistd.h> #ifdef __linux -#include <sys/capability.h> #include <sys/types.h> #include <sys/wait.h> #include <sys/prctl.h> @@ -104,6 +103,7 @@ DEALINGS IN THE SOFTWARE. #include <Poco/Environment.h> #include "Common.hpp" +#include "Capabilities.hpp" #include "LOOLProtocol.hpp" #include "LOOLSession.hpp" #include "MasterProcessSession.hpp" @@ -152,83 +152,6 @@ using Poco::NamedMutex; using Poco::ProcessHandle; using Poco::URI; -namespace -{ - void dropCapability( -#ifdef __linux - cap_value_t capability -#endif - ) - { -#ifdef __linux - cap_t caps; - cap_value_t cap_list[] = { capability }; - - caps = cap_get_proc(); - if (caps == NULL) - { - Log::error("cap_get_proc() failed."); - exit(1); - } - - if (cap_set_flag(caps, CAP_EFFECTIVE, sizeof(cap_list)/sizeof(cap_list[0]), cap_list, CAP_CLEAR) == -1 || - cap_set_flag(caps, CAP_PERMITTED, sizeof(cap_list)/sizeof(cap_list[0]), cap_list, CAP_CLEAR) == -1) - { - Log::error("cap_set_flag() failed."); - exit(1); - } - - if (cap_set_proc(caps) == -1) - { - Log::error("cap_set_proc() failed."); - exit(1); - } - - char *capText = cap_to_text(caps, NULL); - Log::info(std::string("Capabilities now: ") + capText); - cap_free(capText); - - cap_free(caps); -#endif - // We assume that on non-Linux we don't need to be root to be able to hardlink to files we - // don't own, so drop root. - if (geteuid() == 0 && getuid() != 0) - { - // The program is setuid root. Not normal on Linux where we use setcap, but if this - // needs to run on non-Linux Unixes, setuid root is what it will bneed to be to be able - // to do chroot(). - if (setuid(getuid()) != 0) - { - Log::error("setuid() failed."); - } - } -#if ENABLE_DEBUG - if (geteuid() == 0 && getuid() == 0) - { -#ifdef __linux - // Argh, awful hack - if (capability == CAP_FOWNER) - return; -#endif - - // Running under sudo, probably because being debugged? Let's drop super-user rights. - if (LOOLWSD::uid == 0) - { - struct passwd *nobody = getpwnam("nobody"); - if (nobody) - LOOLWSD::uid = nobody->pw_uid; - else - LOOLWSD::uid = 65534; - } - if (setuid(LOOLWSD::uid) != 0) - { - Log::error("setuid() failed."); - } - } -#endif - } -} - class QueueHandler: public Runnable { public: @@ -708,10 +631,10 @@ void LOOLWSD::setSignals(bool isIgnored) aSigAction.sa_flags = 0; aSigAction.sa_handler = (isIgnored ? SIG_IGN : handleSignal); - sigaction(SIGTERM, &aSigAction, NULL); - sigaction(SIGINT, &aSigAction, NULL); - sigaction(SIGQUIT, &aSigAction, NULL); - sigaction(SIGHUP, &aSigAction, NULL); + sigaction(SIGTERM, &aSigAction, nullptr); + sigaction(SIGINT, &aSigAction, nullptr); + sigaction(SIGQUIT, &aSigAction, nullptr); + sigaction(SIGHUP, &aSigAction, nullptr); #endif } @@ -864,8 +787,8 @@ int LOOLWSD::main(const std::vector<std::string>& /*args*/) Poco::Environment::set("LOK_VIEW_CALLBACK", "1"); #ifdef __linux - char *locale = setlocale(LC_ALL, NULL); - if (locale == NULL || std::strcmp(locale, "C") == 0) + char *locale = setlocale(LC_ALL, nullptr); + if (locale == nullptr || std::strcmp(locale, "C") == 0) setlocale(LC_ALL, "en_US.utf8"); setSignals(false); diff --git a/loolwsd/Makefile.am b/loolwsd/Makefile.am index 02cfa0d..0d0f221 100644 --- a/loolwsd/Makefile.am +++ b/loolwsd/Makefile.am @@ -28,7 +28,7 @@ loolbroker_SOURCES = LOOLBroker.cpp $(broker_shared_sources) loolmap_SOURCES = loolmap.c noinst_HEADERS = LOKitHelper.hpp LOOLProtocol.hpp LOOLSession.hpp MasterProcessSession.hpp ChildProcessSession.hpp \ - LOOLWSD.hpp LoadTest.hpp MessageQueue.hpp TileCache.hpp Util.hpp Png.hpp Common.hpp \ + LOOLWSD.hpp LoadTest.hpp MessageQueue.hpp TileCache.hpp Util.hpp Png.hpp Common.hpp Capabilities.hpp \ bundled/include/LibreOfficeKit/LibreOfficeKit.h bundled/include/LibreOfficeKit/LibreOfficeKitEnums.h \ bundled/include/LibreOfficeKit/LibreOfficeKitInit.h bundled/include/LibreOfficeKit/LibreOfficeKitTypes.h diff --git a/loolwsd/Util.cpp b/loolwsd/Util.cpp index 17d07df..62883c2 100644 --- a/loolwsd/Util.cpp +++ b/loolwsd/Util.cpp @@ -170,7 +170,7 @@ namespace Util bool windowingAvailable() { #ifdef __linux - return std::getenv("DISPLAY") != NULL; + return std::getenv("DISPLAY") != nullptr; #endif return false; @@ -178,13 +178,13 @@ namespace Util bool encodePNGAndAppendToBuffer(unsigned char *pixmap, int width, int height, std::vector<char>& output, LibreOfficeKitTileMode mode) { - png_structp png_ptr = png_create_write_struct(PNG_LIBPNG_VER_STRING, NULL, NULL, NULL); + png_structp png_ptr = png_create_write_struct(PNG_LIBPNG_VER_STRING, nullptr, nullptr, nullptr); png_infop info_ptr = png_create_info_struct(png_ptr); if (setjmp(png_jmpbuf(png_ptr))) { - png_destroy_write_struct(&png_ptr, NULL); + png_destroy_write_struct(&png_ptr, nullptr); return false; } _______________________________________________ Libreoffice-commits mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
