[Spread-cvs] cvs commit: spread/daemon config_gram.l config_parse.y configuration.c configuration.h sample.spread.conf spread.c
jonathan at spread.org
jonathan at spread.org
Tue Sep 17 00:41:02 EDT 2002
jonathan 02/09/17 04:41:02
Modified: daemon config_gram.l config_parse.y configuration.c
configuration.h sample.spread.conf spread.c
Log:
Apply Daniel Rall's patch to make the spread user, group and directory
to run in configurable at runtime.
Revision Changes Path
1.4 +3 -0 spread/daemon/config_gram.l
Index: config_gram.l
===================================================================
RCS file: /storage/cvsroot/spread/daemon/config_gram.l,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- config_gram.l 16 Sep 2002 16:59:06 -0000 1.3
+++ config_gram.l 17 Sep 2002 04:41:01 -0000 1.4
@@ -77,6 +77,9 @@
DebugFlags { return DEBUGFLAGS; }
DangerousMonitor { return DANGEROUSMONITOR; }
SocketPortReuse { return SOCKETPORTREUSE; }
+RuntimeDir { return RUNTIMEDIR; }
+DaemonUser { return SPUSER; }
+DaemonGroup { return SPGROUP; }
RequiredAuthMethods { return REQUIREDAUTHMETHODS; }
AllowedAuthMethods { return ALLOWEDAUTHMETHODS; }
AccessControlPolicy { return ACCESSCONTROLPOLICY; }
1.4 +13 -1 spread/daemon/config_parse.y
Index: config_parse.y
===================================================================
RCS file: /storage/cvsroot/spread/daemon/config_parse.y,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- config_parse.y 16 Sep 2002 16:59:06 -0000 1.3
+++ config_parse.y 17 Sep 2002 04:41:01 -0000 1.4
@@ -185,7 +185,7 @@
%token DDEBUG DEXIT DPRINT DDATA_LINK DNETWORK DPROTOCOL DSESSION
%token DCONF DMEMB DFLOW_CONTROL DSTATUS DEVENTS DGROUPS DMEMORY
%token DSKIPLIST DACM DALL DNONE
-%token DANGEROUSMONITOR SOCKETPORTREUSE ALLOWEDAUTHMETHODS REQUIREDAUTHMETHODS ACCESSCONTROLPOLICY
+%token DANGEROUSMONITOR SOCKETPORTREUSE RUNTIMEDIR SPUSER SPGROUP ALLOWEDAUTHMETHODS REQUIREDAUTHMETHODS ACCESSCONTROLPOLICY
%token SP_BOOL LINKPROTOCOL PHOP PTCPHOP
%token IMONITOR ICLIENT IDAEMON
%token ROUTEMATRIX LINKCOST
@@ -288,6 +288,18 @@
state = port_reuse_auto;
}
Conf_set_port_reuse_type(state);
+ }
+ | RUNTIMEDIR EQUALS STRING
+ {
+ Conf_set_runtime_dir($3.string);
+ }
+ | SPUSER EQUALS STRING
+ {
+ Conf_set_user($3.string);
+ }
+ | SPGROUP EQUALS STRING
+ {
+ Conf_set_group($3.string);
}
| ALLOWEDAUTHMETHODS EQUALS STRING
{
1.5 +71 -0 spread/daemon/configuration.c
Index: configuration.c
===================================================================
RCS file: /storage/cvsroot/spread/daemon/configuration.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- configuration.c 16 Sep 2002 16:59:06 -0000 1.4
+++ configuration.c 17 Sep 2002 04:41:01 -0000 1.5
@@ -68,6 +68,7 @@
#endif /* ARCH_PC_WIN95 */
#include <stdio.h>
+#include <stdlib.h>
#include <string.h>
#include <assert.h>
@@ -78,6 +79,8 @@
#undef ext_conf_body
#include "alarm.h"
+#include "memory.h"
+#include "spread_params.h"
static proc My;
@@ -89,6 +92,12 @@
static port_reuse SocketPortReuse = port_reuse_auto;
+static char *RuntimeDir = NULL;
+
+static char *User = NULL;
+
+static char *Group = NULL;
+
static int Link_Protocol;
int Conf_init( char *file_name, char *my_name )
@@ -546,4 +555,66 @@
return;
}
SocketPortReuse = state;
+}
+
+static void set_param_if_valid(char **param, char *value, char *description, int max_value_len)
+{
+ if (value != NULL && *value != '\0')
+ {
+ int len = strlen(value);
+ char *old_value = *param;
+ char *buf;
+ if (len > max_value_len)
+ {
+ Alarm(EXIT, "set_param_if_valid: value string too long\n");
+ }
+ buf = Mem_alloc(len + 1);
+ if (buf == NULL)
+ {
+ Alarm(EXIT, "set_param_if_valid: Out of memory\n");
+ }
+ strncpy(buf, value, len);
+ buf[len] = '\0';
+
+ *param = buf;
+ if (old_value != NULL)
+ {
+ dispose(old_value);
+ }
+ Alarm(PRINT, "Set %s to '%s'\n", description, value);
+ }
+ else
+ {
+ Alarm(DEBUG, "Ignored invalid %s\n", description);
+ }
+}
+
+char *Conf_get_runtime_dir(void)
+{
+ return (RuntimeDir != NULL ? RuntimeDir : SP_RUNTIME_DIR);
+}
+
+void Conf_set_runtime_dir(char *dir)
+{
+ set_param_if_valid(&RuntimeDir, dir, "runtime directory", MAXPATHLEN);
+}
+
+char *Conf_get_user(void)
+{
+ return (User != NULL ? User : SP_USER);
+}
+
+void Conf_set_user(char *user)
+{
+ set_param_if_valid(&User, user, "user name", 32);
+}
+
+char *Conf_get_group(void)
+{
+ return (Group != NULL ? Group : SP_GROUP);
+}
+
+void Conf_set_group(char *group)
+{
+ set_param_if_valid(&Group, group, "group name", 32);
}
1.3 +6 -0 spread/daemon/configuration.h
Index: configuration.h
===================================================================
RCS file: /storage/cvsroot/spread/daemon/configuration.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- configuration.h 27 Aug 2002 01:10:52 -0000 1.2
+++ configuration.h 17 Sep 2002 04:41:01 -0000 1.3
@@ -104,6 +104,12 @@
void Conf_set_dangerous_monitor_state(bool new_state);
port_reuse Conf_get_port_reuse_type(void);
void Conf_set_port_reuse_type(port_reuse state);
+char *Conf_get_runtime_dir(void);
+void Conf_set_runtime_dir(char *dir);
+char *Conf_get_user(void);
+void Conf_set_user(char *dir);
+char *Conf_get_group(void);
+void Conf_set_group(char *dir);
int Conf_get_link_protocol(void);
void Conf_set_link_protocol(int protocol);
1.4 +15 -0 spread/daemon/sample.spread.conf
Index: sample.spread.conf
===================================================================
RCS file: /storage/cvsroot/spread/daemon/sample.spread.conf,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- sample.spread.conf 27 Aug 2002 01:10:52 -0000 1.3
+++ sample.spread.conf 17 Sep 2002 04:41:01 -0000 1.4
@@ -86,6 +86,21 @@
#SocketPortReuse = AUTO
+#Sets the runtime directory used when the Spread daemon is run as root
+# as the directory to chroot to. Defaults to the value of the
+# compile-time preprocessor define SP_RUNTIME_DIR, which is generally
+# "/var/run/spread".
+
+#RuntimeDir = /var/run/spread
+
+#Sets the unix user that the Spread daemon runs as (when launched as
+# the "root" user). Not effective on # a Windows system. Defaults to
+# the user and group "spread".
+
+#DaemonUser = spread
+#DaemonGroup = spread
+
+
#Set the list of authentication methods that the daemon will allow
# and those which are required in all cases.
# All of the methods listed in "RequiredAuthMethods" will be checked,
1.11 +22 -10 spread/daemon/spread.c
Index: spread.c
===================================================================
RCS file: /storage/cvsroot/spread/daemon/spread.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- spread.c 17 Sep 2002 04:25:24 -0000 1.10
+++ spread.c 17 Sep 2002 04:41:01 -0000 1.11
@@ -61,6 +61,7 @@
static char Config_file[80];
static int Log;
+static void Invalid_privilege_decrease(char *user, char *group);
static void Usage(int argc, char *argv[]);
/* auth-null.c: */
@@ -165,19 +166,22 @@
/* Yupp, we're paranoid */
- if (geteuid()) {
+ if (geteuid() != (uid_t) 0) {
Alarm( PRINT, "Spread: not running as root, won't chroot\n" );
}
- else if ( (grp = getgrnam(SP_GROUP)) == NULL
- || (pwd = getpwnam(SP_USER)) == NULL
- || chdir(SP_RUNTIME_DIR) < 0
- || chroot(SP_RUNTIME_DIR) < 0
- || setgroups(0, 0) < 0
+ else if ( (grp = getgrnam(Conf_get_group())) == NULL
+ || (pwd = getpwnam(Conf_get_user())) == NULL ) {
+ Invalid_privilege_decrease(Conf_get_user(), Conf_get_group());
+ }
+ else if (chdir(Conf_get_runtime_dir()) < 0
+ || chroot(Conf_get_runtime_dir()) < 0 ) {
+ Alarm( EXIT, "Spread: FAILED chroot to '%s'\n",
+ Conf_get_runtime_dir() );
+ }
+ else if ( setgroups(0, 0) < 0
|| setgid(grp->gr_gid) < 0
- || setuid(pwd->pw_uid) < 0)
- {
- Alarm( PRINT, "Spread: FAILED -- chroot or privledge drop -- check spread_params.h for directory and user/group names\n");
- Alarm( EXIT, "Spread: FAILED to give up privileges or chroot\n");
+ || setuid(pwd->pw_uid) < 0) {
+ Invalid_privilege_decrease(Conf_get_user(), Conf_get_group());
} else {
Alarm( PRINT, "Spread: setugid and chroot successeful\n" );
}
@@ -195,6 +199,14 @@
"\t[-l y/n] : print log",
"\t[-n <proc name>] : force computer name",
"\t[-c <file name>] : specify configuration file" );
+}
+
+
+static void Invalid_privilege_decrease(char *user, char *group)
+{
+ Alarm( EXIT, "Spread: FAILED privilege drop to user/group "
+ "'%s/%s' (defined in spread.conf or spread_params.h)\n",
+ user, group );
}
static void Usage(int argc, char *argv[])
More information about the Spread-cvs
mailing list