git commit: TS-2039: Clean up coverity reported leaks in SSL examples and experimental plugin. Tidy up licenses and code standard issues. This closes #129
Repository: trafficserver Updated Branches: refs/heads/master 18ebfbaa5 - 97068fb84 TS-2039: Clean up coverity reported leaks in SSL examples and experimental plugin. Tidy up licenses and code standard issues. This closes #129 Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/97068fb8 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/97068fb8 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/97068fb8 Branch: refs/heads/master Commit: 97068fb8490901a154048f7597c918af8eaeafc2 Parents: 18ebfba Author: shinrich shinr...@network-geographics.com Authored: Wed Oct 1 10:16:42 2014 -0500 Committer: Alan M. Carroll a...@apache.org Committed: Thu Oct 2 09:17:08 2014 -0500 -- example/ssl-preaccept/ssl-preaccept.cc | 106 +++ example/ssl-sni-whitelist/ssl-sni-whitelist.cc | 97 ++--- example/ssl-sni/ssl-sni.cc | 101 ++ .../ssl_cert_loader/ssl-cert-loader.cc | 64 +-- 4 files changed, 200 insertions(+), 168 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/97068fb8/example/ssl-preaccept/ssl-preaccept.cc -- diff --git a/example/ssl-preaccept/ssl-preaccept.cc b/example/ssl-preaccept/ssl-preaccept.cc index c67ba8c..c0f0ce8 100644 --- a/example/ssl-preaccept/ssl-preaccept.cc +++ b/example/ssl-preaccept/ssl-preaccept.cc @@ -1,10 +1,29 @@ -/** @file -SSL Preaccept test plugin -Implements blind tunneling based on the client IP address -The client ip addresses are specified in the plugin's -config file as an array of IP addresses or IP address ranges under the -key client-blind-tunnel -*/ +/** @file + + SSL Preaccept test plugin + Implements blind tunneling based on the client IP address + The client ip addresses are specified in the plugin's + config file as an array of IP addresses or IP address ranges under the + key client-blind-tunnel + + @section license License + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + License); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an AS IS BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + */ # include stdio.h # include memory.h @@ -12,6 +31,7 @@ # include ts/ts.h # include tsconfig/TsValue.h # include ts/ink_inet.h +# include getopt.h using ts::config::Configuration; using ts::config::Value; @@ -29,7 +49,8 @@ IpRangeQueue ClientBlindTunnelIp; Configuration Config; // global configuration void -Parse_Addr_String(ts::ConstBuffer const text, IpRange range) { +Parse_Addr_String(ts::ConstBuffer const text, IpRange range) +{ IpAddr newAddr; std::string textstr(text._ptr, text._size); // Is there a hyphen? @@ -48,7 +69,8 @@ Parse_Addr_String(ts::ConstBuffer const text, IpRange range) { } /// Get a string value from a config node. -void Load_Config_Value(Value const parent, char const* name, IpRangeQueue addrs) { +void Load_Config_Value(Value const parent, char const* name, IpRangeQueue addrs) +{ Value v = parent[name]; std::string zret; IpRange ipRange; @@ -67,7 +89,8 @@ void Load_Config_Value(Value const parent, char const* name, IpRangeQueue addr int -Load_Config_File() { +Load_Config_File() +{ ts::RvConfiguration cv = Configuration::loadFromPath(ConfigPath.c_str()); if (!cv.isOK()) { TSError(PCP Failed to parse %s as TSConfig format, ConfigPath.c_str()); @@ -78,36 +101,8 @@ Load_Config_File() { } int -Load_Configuration(int argc, const char *argv[]) { -ts::ConstBuffer text; - std::string s; // temp holder. - TSMgmtString config_path = NULL; - - // get the path to the config file if one was specified - static char const * const CONFIG_ARG = --config=; - int arg_idx; - for (arg_idx = 0; arg_idx argc; arg_idx++) { -if (0 == memcmp(argv[arg_idx], CONFIG_ARG, strlen(CONFIG_ARG))) { - config_path = TSstrdup(argv[arg_idx] + strlen(CONFIG_ARG)); - TSDebug(PN, Found config path %s, config_path); -} - } - if (NULL == config_path) { -static char const * const DEFAULT_CONFIG_PATH = ssl_preaccept.config; -
Re: git commit: TS-3108: Add port matching condition to header_rewrite
On Oct 2, 2014, at 12:47 PM, sor...@apache.org wrote: Repository: trafficserver Updated Branches: refs/heads/master adae7cd16 - 5054186f9 TS-3108: Add port matching condition to header_rewrite Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/5054186f Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/5054186f Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/5054186f Branch: refs/heads/master Commit: 5054186f9083640583d366e732f18f846b65a6c2 Parents: adae7cd Author: Phil Sorber sor...@apache.org Authored: Thu Oct 2 13:47:12 2014 -0600 Committer: Phil Sorber sor...@apache.org Committed: Thu Oct 2 13:47:12 2014 -0600 -- CHANGES | 4 +++- plugins/header_rewrite/conditions.cc | 29 + plugins/header_rewrite/conditions.h | 18 ++ plugins/header_rewrite/factory.cc| 2 ++ plugins/header_rewrite/lulu.cc | 23 +++ plugins/header_rewrite/lulu.h| 2 +- 6 files changed, 76 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/5054186f/CHANGES -- diff --git a/CHANGES b/CHANGES index c21cedc..867e8a3 100644 --- a/CHANGES +++ b/CHANGES @@ -1,7 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache Traffic Server 5.2.0 - *) [TS=3068] Remove usage of Boost. + *) [TS-3108] Add port matching condition to header_rewrite. + + *) [TS-3068] Remove usage of Boost. *) [TS-2289] Removed old unused AIO modes. http://git-wip-us.apache.org/repos/asf/trafficserver/blob/5054186f/plugins/header_rewrite/conditions.cc -- diff --git a/plugins/header_rewrite/conditions.cc b/plugins/header_rewrite/conditions.cc index 0f78ace..be3d28b 100644 --- a/plugins/header_rewrite/conditions.cc +++ b/plugins/header_rewrite/conditions.cc @@ -491,3 +491,32 @@ ConditionClientIp::append_value(std::string s, const Resources res) s.append(ip); } } + +void +ConditionIncomingPort::initialize(Parser p) +{ + Condition::initialize(p); + + Matchersuint16_t* match = new Matchersuint16_t(_cond_op); + match-set(static_castuint16_t(strtoul(p.get_arg().c_str(), NULL, 10))); + _matcher = match; +} + +bool +ConditionIncomingPort::eval(const Resources res) +{ + uint16_t port = getPort(TSHttpTxnIncomingAddrGet(res.txnp)); + bool rval = static_castconst Matchersuint16_t*(_matcher)-test(port); + TSDebug(PLUGIN_NAME, Evaluating INCOMING-PORT(): %d: rval: %d, port, rval); + return rval; +} + +void +ConditionIncomingPort::append_value(std::string s, const Resources res) +{ + std::ostringstream oss; + uint16_t port = getPort(TSHttpTxnIncomingAddrGet(res.txnp)); + oss port; + s += oss.str(); + TSDebug(PLUGIN_NAME, Appending %d to evaluation value - %s, port, s.c_str()); +} http://git-wip-us.apache.org/repos/asf/trafficserver/blob/5054186f/plugins/header_rewrite/conditions.h -- diff --git a/plugins/header_rewrite/conditions.h b/plugins/header_rewrite/conditions.h index 0b76f42..fbb843d 100644 --- a/plugins/header_rewrite/conditions.h +++ b/plugins/header_rewrite/conditions.h @@ -348,4 +348,22 @@ protected: bool eval(const Resources res); }; +class ConditionIncomingPort : public Condition +{ +public: + ConditionIncomingPort() + { +TSDebug(PLUGIN_NAME_DBG, Calling CTOR for ConditionIncomingPort); + } + + void initialize(Parser p); + void append_value(std::string s, const Resources res); + +protected: + bool eval(const Resources res); + +private: + DISALLOW_COPY_AND_ASSIGN(ConditionIncomingPort); +}; + #endif // __CONDITIONS_H http://git-wip-us.apache.org/repos/asf/trafficserver/blob/5054186f/plugins/header_rewrite/factory.cc -- diff --git a/plugins/header_rewrite/factory.cc b/plugins/header_rewrite/factory.cc index 1d99ea5..eb44369 100644 --- a/plugins/header_rewrite/factory.cc +++ b/plugins/header_rewrite/factory.cc @@ -113,6 +113,8 @@ condition_factory(const std::string cond) c = new ConditionInternalTransaction(); } else if (c_name == CLIENT-IP) { c = new ConditionClientIp(); + } else if (c_name == INCOMING-PORT) { I think SERVER-PORT would be clearer ... also it would not take long to add CLIENT-PORT and SERVER-IP, so make it symmetric :) J
git commit: TS-3044: Use eventfd in AIO_MODE_NATIVE if available
Repository: trafficserver Updated Branches: refs/heads/master 5054186f9 - 86295176c TS-3044: Use eventfd in AIO_MODE_NATIVE if available Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/86295176 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/86295176 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/86295176 Branch: refs/heads/master Commit: 86295176ccb5b7ef5c96686b398733e1edf6f2ee Parents: 5054186 Author: John Plevyak jplev...@apache.org Authored: Thu Oct 2 14:34:55 2014 -0600 Committer: Phil Sorber sor...@apache.org Committed: Thu Oct 2 14:34:55 2014 -0600 -- CHANGES | 2 ++ iocore/aio/AIO.cc | 33 + 2 files changed, 27 insertions(+), 8 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/86295176/CHANGES -- diff --git a/CHANGES b/CHANGES index 867e8a3..2184733 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,8 @@ -*- coding: utf-8 -*- Changes with Apache Traffic Server 5.2.0 + *) [TS-3044] Use eventfd in AIO_MODE_NATIVE if available. + *) [TS-3108] Add port matching condition to header_rewrite. *) [TS-3068] Remove usage of Boost. http://git-wip-us.apache.org/repos/asf/trafficserver/blob/86295176/iocore/aio/AIO.cc -- diff --git a/iocore/aio/AIO.cc b/iocore/aio/AIO.cc index 4dea143..877bc61 100644 --- a/iocore/aio/AIO.cc +++ b/iocore/aio/AIO.cc @@ -28,7 +28,7 @@ #include P_AIO.h #if AIO_MODE == AIO_MODE_NATIVE -#define AIO_PERIOD-HRTIME_MSECONDS(4) +#define AIO_PERIOD-HRTIME_MSECONDS(10) #else #define MAX_DISKS_POSSIBLE 100 @@ -528,13 +528,11 @@ DiskHandler::mainAIOEvent(int event, Event *e) { AIOCallback *op = NULL; Lagain: int ret = io_getevents(ctx, 0, MAX_AIO_EVENTS, events, NULL); - //printf(%d\n, ret); for (int i = 0; i ret; i++) { op = (AIOCallback *) events[i].data; op-aio_result = events[i].res; ink_assert(op-action.continuation); complete_list.enqueue(op); -//op-handleEvent(event, e); } if (ret == MAX_AIO_EVENTS) { @@ -542,7 +540,10 @@ Lagain: } if (ret 0) { -Debug(aio, io_getevents failed: %s (%d), strerror(-ret), -ret); +if (errno == EINTR) + goto Lagain; +if (errno == EFAULT || errno == ENOSYS) + Debug(aio, io_getevents failed: %s (%d), strerror(-ret), -ret); } ink_aiocb_t *cbs[MAX_AIO_EVENTS]; @@ -579,7 +580,11 @@ ink_aio_read(AIOCallback *op, int /* fromAPI ATS_UNUSED */) { op-aiocb.aio_reqprio = AIO_DEFAULT_PRIORITY; op-aiocb.aio_lio_opcode = IO_CMD_PREAD; op-aiocb.data = op; - this_ethread()-diskHandler-ready_list.enqueue(op); + EThread *t = this_ethread(); +#ifdef HAVE_EVENTFD + io_set_eventfd(op-aiocb, t-evfd); +#endif + t-diskHandler-ready_list.enqueue(op); return 1; } @@ -589,14 +594,19 @@ ink_aio_write(AIOCallback *op, int /* fromAPI ATS_UNUSED */) { op-aiocb.aio_reqprio = AIO_DEFAULT_PRIORITY; op-aiocb.aio_lio_opcode = IO_CMD_PWRITE; op-aiocb.data = op; - this_ethread()-diskHandler-ready_list.enqueue(op); + EThread *t = this_ethread(); +#ifdef HAVE_EVENTFD + io_set_eventfd(op-aiocb, t-evfd); +#endif + t-diskHandler-ready_list.enqueue(op); return 1; } int ink_aio_readv(AIOCallback *op, int /* fromAPI ATS_UNUSED */) { - DiskHandler *dh = this_ethread()-diskHandler; + EThread *t = this_ethread(); + DiskHandler *dh = t-diskHandler; AIOCallback *io = op; int sz = 0; @@ -604,6 +614,9 @@ ink_aio_readv(AIOCallback *op, int /* fromAPI ATS_UNUSED */) { io-aiocb.aio_reqprio = AIO_DEFAULT_PRIORITY; io-aiocb.aio_lio_opcode = IO_CMD_PREAD; io-aiocb.data = io; +#ifdef HAVE_EVENTFD +io_set_eventfd(op-aiocb, t-evfd); +#endif dh-ready_list.enqueue(io); ++sz; io = io-then; @@ -622,7 +635,8 @@ ink_aio_readv(AIOCallback *op, int /* fromAPI ATS_UNUSED */) { int ink_aio_writev(AIOCallback *op, int /* fromAPI ATS_UNUSED */) { - DiskHandler *dh = this_ethread()-diskHandler; + EThread *t = this_ethread(); + DiskHandler *dh = t-diskHandler; AIOCallback *io = op; int sz = 0; @@ -630,6 +644,9 @@ ink_aio_writev(AIOCallback *op, int /* fromAPI ATS_UNUSED */) { io-aiocb.aio_reqprio = AIO_DEFAULT_PRIORITY; io-aiocb.aio_lio_opcode = IO_CMD_PWRITE; io-aiocb.data = io; +#ifdef HAVE_EVENTFD +io_set_eventfd(op-aiocb, t-evfd); +#endif dh-ready_list.enqueue(io); ++sz; io = io-then;
[3/7] git commit: tsqa: support running tests as root
tsqa: support running tests as root Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/c0622e67 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/c0622e67 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/c0622e67 Branch: refs/heads/master Commit: c0622e67acb3e71a60e4579e6c18703e3ecae09d Parents: 79bc7e2 Author: James Peach jpe...@apache.org Authored: Fri Sep 26 12:32:42 2014 -0700 Committer: James Peach jpe...@apache.org Committed: Thu Oct 2 15:52:38 2014 -0700 -- ci/tsqa/functions | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/c0622e67/ci/tsqa/functions -- diff --git a/ci/tsqa/functions b/ci/tsqa/functions index 1fd64ed..60783b1 100644 --- a/ci/tsqa/functions +++ b/ci/tsqa/functions @@ -245,6 +245,7 @@ bootstrap() { local prefix=$(tsxs -q PREFIX) local sysconfdir=$(tsxs -q SYSCONFDIR | sed -es+$prefix/++) local dir + local userid=${SUDO_USER:-$(whoami)} # Create runtime directories in the test root. for dir in SYSCONFDIR LOCALSTATEDIR RUNTIMEDIR LOGDIR ; do @@ -271,7 +272,7 @@ CONFIG proxy.config.bin_path STRING $(tsxs -q BINDIR) CONFIG proxy.config.plugin.plugin_dir STRING $(tsxs -q LIBEXECDIR) CONFIG proxy.config.body_factory.template_sets_dir STRING $(tsxs -q SYSCONFDIR)/body_factory -CONFIG proxy.config.admin.user_id STRING $(whoami) +CONFIG proxy.config.admin.user_id STRING $userid CONFIG proxy.config.http.server_ports STRING $PORT # Flush config updates every 0.5s so that we don't have to sleep so long making config changes. @@ -293,6 +294,8 @@ CONFIG proxy.config.diags.debug.tags STRING NULL CONFIG proxy.config.diags.show_location INT 1 EOF + chown -R $userid $TSQA_ROOT + msg bootstrapped Traffic Server into $TSQA_ROOT tsexec traffic_layout }
[1/7] git commit: TS-3103: improve privilege debug logging
Repository: trafficserver Updated Branches: refs/heads/master 86295176c - 33f651c90 TS-3103: improve privilege debug logging fix better debugging for DebugCapabilities Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/0f0c1633 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/0f0c1633 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/0f0c1633 Branch: refs/heads/master Commit: 0f0c1633beeab24cca6a312a44b0aa4e39fb57cd Parents: c205808 Author: James Peach jpe...@apache.org Authored: Fri Sep 26 13:50:12 2014 -0700 Committer: James Peach jpe...@apache.org Committed: Thu Oct 2 15:52:38 2014 -0700 -- lib/ts/ink_cap.cc | 74 ++ 1 file changed, 51 insertions(+), 23 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0f0c1633/lib/ts/ink_cap.cc -- diff --git a/lib/ts/ink_cap.cc b/lib/ts/ink_cap.cc index 90c9c15..2666f61 100644 --- a/lib/ts/ink_cap.cc +++ b/lib/ts/ink_cap.cc @@ -38,37 +38,63 @@ ink_mutex ElevateAccess::lock = INK_MUTEX_INIT; #endif +static const char * +is_dumpable() +{ +#if defined(PR_GET_DUMPABLE) + return (prctl(PR_GET_DUMPABLE) != 1) ? disabled : enabled; +#else + return unknown; +#endif +} + +static int +death_signal() +{ + int signum = -1; + +#if defined(PR_GET_PDEATHSIG) + prctl(PR_GET_PDEATHSIG, signum, 0, 0, 0); +#endif + + return signum; +} + void -DebugCapabilities(char const* tag) { +DebugCapabilities(char const* tag) +{ if (is_debug_tag_set(tag)) { -# if TS_USE_POSIX_CAP - cap_t caps = cap_get_proc(); - char* caps_text = cap_to_text(caps, 0); -# endif - -# if TS_USE_POSIX_CAP -Debug(tag, uid=%u, gid=%u, euid=%u, egid=%u, caps %s core=%s thread=0x%llx, - static_castunsigned int(getuid()), - static_castunsigned int(getgid()), - static_castunsigned int(geteuid()), - static_castunsigned int(getegid()), - caps_text, - prctl(PR_GET_DUMPABLE) != 1 ? disabled : enabled, - (unsigned long long)pthread_self() ); +#if TS_USE_POSIX_CAP +cap_t caps = cap_get_proc(); +char* caps_text = cap_to_text(caps, 0); + +Debug(tag, uid=%u, gid=%u, euid=%u, egid=%u, caps=%s, core=%s, death signal=%d, thread=0x%llx, +static_castunsigned int(getuid()), +static_castunsigned int(getgid()), +static_castunsigned int(geteuid()), +static_castunsigned int(getegid()), +caps_text, +is_dumpable(), +death_signal(), +(unsigned long long)pthread_self() ); cap_free(caps_text); cap_free(caps); #else -Debug(tag, uid=%u, gid=%u, euid=%u, egid=%u, - static_castunsigned int(getuid()), - static_castunsigned int(getgid()), - static_castunsigned int(geteuid()), - static_castunsigned int(getegid()) ); +Debug(tag, uid=%u, gid=%u, euid=%u, egid=%u, core=%s, death signal=%d, thread=0x%llx, +static_castunsigned int(getuid()), +static_castunsigned int(getgid()), +static_castunsigned int(geteuid()), +static_castunsigned int(getegid()), +is_dumpable(), +death_signal(), +(unsigned long long)pthread_self() ); #endif } } int -PreserveCapabilities() { +PreserveCapabilities() +{ int zret = 0; # if TS_USE_POSIX_CAP zret = prctl(PR_SET_KEEPCAPS, 1); @@ -79,7 +105,8 @@ PreserveCapabilities() { // Adjust the capabilities to only those needed. int -RestrictCapabilities() { +RestrictCapabilities() +{ int zret = 0; // return value. # if TS_USE_POSIX_CAP cap_t caps = cap_init(); // start with nothing. @@ -99,7 +126,8 @@ RestrictCapabilities() { } int -EnableCoreFile(bool flag) { +EnableCoreFile(bool flag) +{ int zret = 0; # if defined(PR_SET_DUMPABLE)
[2/7] git commit: TS-3103: hide ElevateAccess implementation details
TS-3103: hide ElevateAccess implementation details Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/c2058086 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/c2058086 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/c2058086 Branch: refs/heads/master Commit: c20580866485cd6f61387b20c81361fa8709d89d Parents: 549108e Author: James Peach jpe...@apache.org Authored: Fri Sep 26 16:12:54 2014 -0700 Committer: James Peach jpe...@apache.org Committed: Thu Oct 2 15:52:38 2014 -0700 -- lib/ts/ink_cap.cc | 47 --- lib/ts/ink_cap.h | 44 2 files changed, 48 insertions(+), 43 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/c2058086/lib/ts/ink_cap.cc -- diff --git a/lib/ts/ink_cap.cc b/lib/ts/ink_cap.cc index 26bb910..90c9c15 100644 --- a/lib/ts/ink_cap.cc +++ b/lib/ts/ink_cap.cc @@ -130,7 +130,7 @@ EnableCoreFile(bool flag) { current enable this feature so it's not actually called. Still, best to program defensively and have it available. */ -bool +static bool elevateFileAccess(bool state) { Debug(proxy_priv, [elevateFileAccess] state : %d\n, state); @@ -152,7 +152,7 @@ elevateFileAccess(bool state) // //- Returns true on success // and false on failure -bool +static bool removeRootPriv(uid_t euid) { if (seteuid(euid) 0) { @@ -168,7 +168,7 @@ removeRootPriv(uid_t euid) // //- Returns true on success // and false on failure -bool +static bool restoreRootPriv(uid_t *old_euid) { if (old_euid) @@ -183,3 +183,44 @@ restoreRootPriv(uid_t *old_euid) return true; } #endif + +ElevateAccess::ElevateAccess(const bool state) + : elevated(false), saved_uid(0) +{ + if (state == true) { +elevate(); + } +} + +ElevateAccess::~ElevateAccess() +{ + if (elevated == true) { +demote(); + } +} + +void +ElevateAccess::elevate() +{ +#if TS_USE_POSIX_CAP + ink_release_assert(elevateFileAccess(true)); +#else + // Since we are setting a process-wide credential, we have to block any other thread + // attempting to elevate until this one demotes. + ink_mutex_acquire(lock); + restoreRootPriv(saved_uid); +#endif + elevated = true; +} + +void +ElevateAccess::demote() +{ +#if TS_USE_POSIX_CAP + ink_release_assert(elevateFileAccess(false)); +#else + removeRootPriv(saved_uid); + ink_mutex_release(lock); +#endif + elevated = false; +} http://git-wip-us.apache.org/repos/asf/trafficserver/blob/c2058086/lib/ts/ink_cap.h -- diff --git a/lib/ts/ink_cap.h b/lib/ts/ink_cap.h index 49c1219..e162030 100644 --- a/lib/ts/ink_cap.h +++ b/lib/ts/ink_cap.h @@ -46,49 +46,13 @@ extern int EnableCoreFile( -#if TS_USE_POSIX_CAP -bool elevateFileAccess(bool); -#else -bool restoreRootPriv(uid_t *old_euid = NULL); -bool removeRootPriv(uid_t euid); -#endif - - class ElevateAccess { public: - ElevateAccess(const bool state): elevated(false), saved_uid(0) { -if (state == true) { - elevate(); -} - } - - void elevate() { -#if TS_USE_POSIX_CAP -elevateFileAccess(true); -#else -// Since we are setting a process-wide credential, we have to block any other thread -// attempting to elevate until this one demotes. -restoreRootPriv(saved_uid); -ink_mutex_acquire(lock); -#endif -elevated = true; - } - - void demote() { -#if TS_USE_POSIX_CAP -elevateFileAccess(false); -#else -removeRootPriv(saved_uid); -ink_mutex_release(lock); -#endif -elevated = false; - } + ElevateAccess(const bool state); + ~ElevateAccess(); - ~ElevateAccess() { -if (elevated == true) { - demote(); -} - } + void elevate(); + void demote(); private: bool elevated;
[6/7] git commit: TS-3103: use scoped ElevateAccess to elevate privileges
TS-3103: use scoped ElevateAccess to elevate privileges Rather than using explicit root privilege escalation, elevate privilege using the scope ElevateAccess wrapper. Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/549108ea Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/549108ea Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/549108ea Branch: refs/heads/master Commit: 549108ea80913975e52e4d5a9b4fc1404fbecf2a Parents: 090a75a Author: James Peach jpe...@apache.org Authored: Fri Sep 26 13:42:05 2014 -0700 Committer: James Peach jpe...@apache.org Committed: Thu Oct 2 15:52:38 2014 -0700 -- mgmt/LocalManager.cc | 26 + mgmt/Rollback.cc | 74 +-- 2 files changed, 9 insertions(+), 91 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/549108ea/mgmt/LocalManager.cc -- diff --git a/mgmt/LocalManager.cc b/mgmt/LocalManager.cc index 885b054..936e5ea 100644 --- a/mgmt/LocalManager.cc +++ b/mgmt/LocalManager.cc @@ -1076,21 +1076,7 @@ LocalManager::bindProxyPort(HttpProxyPort port) { int one = 1; -#if !TS_USE_POSIX_CAP - bool privBoost = false; - uid_t euid = geteuid(); - uid_t saved_euid = 0; - - if (port.m_port 1024 euid != 0) { -if (restoreRootPriv(saved_euid) == false) { - mgmt_elog(stderr, 0, [bindProxyPort] Unable to get root priviledges to bind port %d. euid is %d. Exiting\n, -port.m_port, euid); - _exit(0); -} else { - privBoost = true; -} - } -#endif + ElevateAccess access(port.m_port 1024 geteuid() != 0); /* Setup reliable connection, for large config changes */ if ((port.m_fd = socket(port.m_family, SOCK_STREAM, 0)) 0) { @@ -1152,16 +1138,6 @@ LocalManager::bindProxyPort(HttpProxyPort port) Debug(lm, [bindProxyPort] Successfully bound proxy port %d\n, port.m_port); -#if !TS_USE_POSIX_CAP - if (port.m_port 1024 euid != 0) { -if (privBoost == true) { - if (removeRootPriv(saved_euid) == false) { -mgmt_elog(stderr, 0, [bindProxyPort] Unable to reset permissions to euid %d. Exiting...\n, getuid()); -_exit(1); - } -} - } -#endif } void http://git-wip-us.apache.org/repos/asf/trafficserver/blob/549108ea/mgmt/Rollback.cc -- diff --git a/mgmt/Rollback.cc b/mgmt/Rollback.cc index 3ed09b3..003d12f 100644 --- a/mgmt/Rollback.cc +++ b/mgmt/Rollback.cc @@ -224,10 +224,8 @@ char * Rollback::createPathStr(version_t version) { - char *buffer; int bufSize = strlen(Layout::get()-sysconfdir) + fileNameLen + MAX_VERSION_DIGITS + 1; - - buffer = new char[bufSize]; + char * buffer = (char *)ats_malloc(bufSize); Layout::get()-relative_to(buffer, bufSize, Layout::get()-sysconfdir, fileName); @@ -248,44 +246,17 @@ Rollback::createPathStr(version_t version) int Rollback::statFile(version_t version, struct stat *buf) { - char *filePath; int statResult; -#if !TS_USE_POSIX_CAP - uid_t saved_euid = 0; -#endif if (version == this-currentVersion) { version = ACTIVE_VERSION; } - filePath = createPathStr(version); - - if (root_access_needed) { -if ( -#if TS_USE_POSIX_CAP - elevateFileAccess(true) -#else - restoreRootPriv(saved_euid) -#endif - != true) { - mgmt_log(stderr, [Rollback] Unable to acquire root privileges.\n); -} - } - statResult = stat(filePath, buf); + ats_scoped_str filePath(createPathStr(version)); + ElevateAccess access(root_access_needed); - if (root_access_needed) { -if ( -#if TS_USE_POSIX_CAP - elevateFileAccess(false) -#else - removeRootPriv(saved_euid) -#endif - != true) { - mgmt_log(stderr, [Rollback] Unable to restore non-root privileges.\n); -} - } + statResult = stat(filePath, buf); - delete[]filePath; return statResult; } @@ -297,54 +268,25 @@ Rollback::statFile(version_t version, struct stat *buf) int Rollback::openFile(version_t version, int oflags, int *errnoPtr) { - char *filePath; int fd; -#if !TS_USE_POSIX_CAP - uid_t saved_euid = 0; -#endif - - filePath = createPathStr(version); - - if (root_access_needed) { -if ( -#if TS_USE_POSIX_CAP - elevateFileAccess(true) -#else - restoreRootPriv(saved_euid) -#endif - != true) { - mgmt_log(stderr, [Rollback] Unable to acquire root privileges.\n); -} - } + + ats_scoped_str filePath(createPathStr(version)); + ElevateAccess access(root_access_needed); // TODO: Use the original permissions // Anyhow the _1 files should not be created inside Syconfdir. // fd = mgmt_open_mode(filePath, oflags, 0644); -
[7/7] git commit: TS-3103: improve privilege elevation
TS-3103: improve privilege elevation Remove duplicate user credential routines in favor of a single ImpersonateUser function. This correctly dealt with real and effective credentials, supplementary groups and preserving additional process flags. Set and preserve PR_SET_PDEATHSIG on Linux so that killing traffic_cop correctly brings down the rest of the system. Log and ignore proxy.config.ssl.cert.load_elevated and proxy.config.plugin.load_elevated unless POSIX capabilities are enabled. Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/33f651c9 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/33f651c9 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/33f651c9 Branch: refs/heads/master Commit: 33f651c90f1832188408d859ab59c03ad2b3de01 Parents: 0f0c163 Author: James Peach jpe...@apache.org Authored: Tue Sep 30 13:19:47 2014 -0700 Committer: James Peach jpe...@apache.org Committed: Thu Oct 2 16:51:45 2014 -0700 -- CHANGES | 2 + cmd/traffic_cop/traffic_cop.cc | 3 + cmd/traffic_manager/traffic_manager.cc | 67 + configure.ac| 1 + .../configuration/records.config.en.rst | 6 +- iocore/net/SSLUtils.cc | 2 + lib/ts/ink_cap.cc | 301 ++- lib/ts/ink_cap.h| 20 +- mgmt/LocalManager.cc| 2 + mgmt/RecordsConfig.cc | 4 +- proxy/Main.cc | 109 +++ proxy/Plugin.cc | 3 + proxy/http/remap/RemapConfig.cc | 4 +- 13 files changed, 301 insertions(+), 223 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/33f651c9/CHANGES -- diff --git a/CHANGES b/CHANGES index 2184733..2747e8f 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,8 @@ -*- coding: utf-8 -*- Changes with Apache Traffic Server 5.2.0 + *) [TS-3103] Improve privilege elevation. + *) [TS-3044] Use eventfd in AIO_MODE_NATIVE if available. *) [TS-3108] Add port matching condition to header_rewrite. http://git-wip-us.apache.org/repos/asf/trafficserver/blob/33f651c9/cmd/traffic_cop/traffic_cop.cc -- diff --git a/cmd/traffic_cop/traffic_cop.cc b/cmd/traffic_cop/traffic_cop.cc index 4d711c7..d93a0a3 100644 --- a/cmd/traffic_cop/traffic_cop.cc +++ b/cmd/traffic_cop/traffic_cop.cc @@ -27,6 +27,7 @@ #include I_RecCore.h #include mgmtapi.h #include ClusterCom.h +#include ink_cap.h #include string #include map @@ -732,6 +733,8 @@ spawn_manager() close(log_fd); } +EnableDeathSignal(SIGTERM); + err = execv(prog, options); cop_log_trace(Somehow execv(%s, options, NULL) failed (%d)!\n, prog, err); exit(1); http://git-wip-us.apache.org/repos/asf/trafficserver/blob/33f651c9/cmd/traffic_manager/traffic_manager.cc -- diff --git a/cmd/traffic_manager/traffic_manager.cc b/cmd/traffic_manager/traffic_manager.cc index d3870f5..11227fb 100644 --- a/cmd/traffic_manager/traffic_manager.cc +++ b/cmd/traffic_manager/traffic_manager.cc @@ -60,7 +60,7 @@ LocalManager *lmgmt = NULL; FileManager *configFiles; static void fileUpdated(char *fname, bool incVersion); -static void runAsUser(char *userName); +static void runAsUser(const char *userName); static void printUsage(void); #if defined(freebsd) @@ -1056,69 +1056,10 @@ restoreCapabilities() { // If we are not root, do nothing // void -runAsUser(char *userName) +runAsUser(const char * userName) { - uid_t uid, euid; - struct passwd *result; - const int bufSize = 1024; - char buf[bufSize]; - - uid = getuid(); - euid = geteuid(); - - if (uid == 0 || euid == 0) { - -/* Figure out what user we should run as */ - -Debug(lm, [runAsUser] Attempting to run as user '%s'\n, userName); - -if (userName == NULL || userName[0] == '\0') { - mgmt_elog(stderr, 0, [runAsUser] Fatal Error: proxy.config.admin.user_id is not set\n); - _exit(1); -} - -struct passwd passwdInfo; -struct passwd *ppasswd = NULL; -result = NULL; -int res; -if (*userName == '#') { - int uuid = atoi(userName + 1); - if (uuid == -1) -uuid = (int)uid; - res = getpwuid_r((uid_t)uuid, passwdInfo, buf, bufSize, ppasswd); -} -else { - res = getpwnam_r(userName[0], passwdInfo, buf, bufSize, ppasswd); -} - -if (!res ppasswd) { -