On Fri, 2009-01-23 at 08:47 -0700, Steven Dake wrote:
> change aisexec_gid_determine to gid_determine
> change aisexec_uid_determine to uid_determine or atleast remove the
> references to ais (ie: exec_uid_determine) or whatever you like.
> change aisexec_priv_drop to priv_drop or exec_priv_drop
>
> patch looks good with above changes. I know you didn't name those
> functions originally but since your changing that code anyway if you
> could fix up the names I'd appreciate it.
>
> Regards
> -steve
New patch, takes care of both Chrissie and your requests.
Fabio
Index: exec/mainconfig.c
===================================================================
--- exec/mainconfig.c (revision 1741)
+++ exec/mainconfig.c (working copy)
@@ -40,6 +40,8 @@
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
+#include <pwd.h>
+#include <grp.h>
#include <corosync/corotypes.h>
#include <corosync/list.h>
@@ -279,6 +281,36 @@
return (-1);
}
+static int uid_determine (char *req_user)
+{
+ struct passwd *passwd;
+ int ais_uid = 0;
+
+ passwd = getpwnam(req_user);
+ if (passwd == 0) {
+ log_printf (LOG_LEVEL_ERROR, "ERROR: The '%s' user is not found in /etc/passwd, please read the documentation.\n", req_user);
+ corosync_exit_error (AIS_DONE_UID_DETERMINE);
+ }
+ ais_uid = passwd->pw_uid;
+ endpwent ();
+ return ais_uid;
+}
+
+static int gid_determine (char *req_group)
+{
+ struct group *group;
+ int ais_gid = 0;
+
+ group = getgrnam (req_group);
+ if (group == 0) {
+ log_printf (LOG_LEVEL_ERROR, "ERROR: The '%s' group is not found in /etc/group, please read the documentation.\n", req_group);
+ corosync_exit_error (AIS_DONE_GID_DETERMINE);
+ }
+ ais_gid = group->gr_gid;
+ endgrent ();
+ return ais_gid;
+}
+
int corosync_main_config_read (
struct objdb_iface_ver0 *objdb,
char **error_string,
@@ -304,22 +336,18 @@
&object_service_handle) == 0) {
if (!objdb_get_string (objdb,object_service_handle, "user", &value)) {
- main_config->user = strdup(value);
- }
+ main_config->uid = uid_determine(value);
+ } else
+ main_config->uid = uid_determine("ais");
+
if (!objdb_get_string (objdb,object_service_handle, "group", &value)) {
- main_config->group = strdup(value);
- }
+ main_config->gid = gid_determine(value);
+ } else
+ main_config->gid = gid_determine("ais");
}
objdb->object_find_destroy (object_find_handle);
- /* Default user/group */
- if (!main_config->user)
- main_config->user = "ais";
-
- if (!main_config->group)
- main_config->group = "ais";
-
if ((main_config->logmode & LOG_MODE_OUTPUT_FILE) &&
(main_config->logfile == NULL)) {
error_reason = "logmode set to 'file' but no logfile specified";
Index: exec/mainconfig.h
===================================================================
--- exec/mainconfig.h (revision 1741)
+++ exec/mainconfig.h (working copy)
@@ -61,13 +61,13 @@
/*
* user/group to run as
*/
- char *user;
- char *group;
+ int uid;
+ int gid;
};
extern int corosync_main_config_read (
struct objdb_iface_ver0 *objdb,
char **error_string,
struct main_config *main_config);
-
+
#endif /* MAINCONFIG_H_DEFINED */
Index: exec/main.c
===================================================================
--- exec/main.c (revision 1741)
+++ exec/main.c (working copy)
@@ -34,8 +34,6 @@
*/
#include <pthread.h>
#include <assert.h>
-#include <pwd.h>
-#include <grp.h>
#include <sys/types.h>
#include <sys/poll.h>
#include <sys/uio.h>
@@ -94,10 +92,6 @@
#define SERVER_BACKLOG 5
-static int ais_uid = 0;
-
-static int gid_valid = 0;
-
static unsigned int service_count = 32;
static pthread_mutex_t serialize_mutex = PTHREAD_MUTEX_INITIALIZER;
@@ -275,38 +269,13 @@
}
}
-static void aisexec_uid_determine (struct main_config *main_config)
+static void priv_drop (struct main_config *main_config)
{
- struct passwd *passwd;
-
- passwd = getpwnam(main_config->user);
- if (passwd == 0) {
- log_printf (LOG_LEVEL_ERROR, "ERROR: The '%s' user is not found in /etc/passwd, please read the documentation.\n", main_config->user);
- corosync_exit_error (AIS_DONE_UID_DETERMINE);
- }
- ais_uid = passwd->pw_uid;
- endpwent ();
+return; /* TODO: we are still not dropping privs */
+ setuid (main_config->uid);
+ setegid (main_config->gid);
}
-static void aisexec_gid_determine (struct main_config *main_config)
-{
- struct group *group;
- group = getgrnam (main_config->group);
- if (group == 0) {
- log_printf (LOG_LEVEL_ERROR, "ERROR: The '%s' group is not found in /etc/group, please read the documentation.\n", main_config->group);
- corosync_exit_error (AIS_DONE_GID_DETERMINE);
- }
- gid_valid = group->gr_gid;
- endgrent ();
-}
-
-static void aisexec_priv_drop (void)
-{
-return;
- setuid (ais_uid);
- setegid (ais_uid);
-}
-
static void aisexec_mempool_init (void)
{
int res;
@@ -639,10 +608,6 @@
corosync_exit_error (AIS_DONE_MAINCONFIGREAD);
}
- aisexec_uid_determine (&main_config);
-
- aisexec_gid_determine (&main_config);
-
/*
* Set round robin realtime scheduling with priority 99
* Lock all memory to avoid page faults which may interrupt
@@ -717,14 +682,14 @@
* CAP_SYS_NICE (setscheduler)
* CAP_IPC_LOCK (mlockall)
*/
- aisexec_priv_drop ();
+ priv_drop (&main_config);
aisexec_mempool_init ();
cs_ipc_init (
serialize_mutex_lock,
serialize_mutex_unlock,
- gid_valid);
+ main_config.gid);
/*
* Start main processing loop
_______________________________________________
Openais mailing list
Openais@lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/openais
