cleanup handling of uid/gid config

git-svn-id: http://svn.fedorahosted.org/svn/corosync/trunk@1742 fd59a12c-fef9-0310-b244-a6a79926bd2f
2025-07-22 19:07:21 +00:00 · 2009-01-23 16:12:13 +00:00 · 2009-01-23 16:12:13 +00:00 · cdb06d25d1
commit cdb06d25d1
parent 98cc132d48
3 changed files with 48 additions and 55 deletions
--- a/exec/main.c
+++ b/exec/main.c
@ -34,8 +34,6 @@
 */
 #include <pthread.h>
 #include <assert.h>
-#include <pwd.h>
-#include <grp.h>
 #include <sys/types.h>
 #include <sys/poll.h>
 #include <sys/uio.h>
@ -94,10 +92,6 @@ LOGSYS_DECLARE_SUBSYS ("MAIN", LOG_INFO);

 #define SERVER_BACKLOG 5

-static int ais_uid = 0;
-
-static int gid_valid = 0;
-
 static unsigned int service_count = 32;

 static pthread_mutex_t serialize_mutex = PTHREAD_MUTEX_INITIALIZER;
@ -275,36 +269,11 @@ static void confchg_fn (
 	}
 }

-static void aisexec_uid_determine (struct main_config *main_config)
+static void priv_drop (struct main_config *main_config)
 {
-	struct passwd *passwd;
-
-	passwd = getpwnam(main_config->user);
-	if (passwd == 0) {
-		log_printf (LOG_LEVEL_ERROR, "ERROR: The '%s' user is not found in /etc/passwd, please read the documentation.\n", main_config->user);
-		corosync_exit_error (AIS_DONE_UID_DETERMINE);
-	}
-	ais_uid = passwd->pw_uid;
-	endpwent ();
-}
-
-static void aisexec_gid_determine (struct main_config *main_config)
-{
-	struct group *group;
-	group = getgrnam (main_config->group);
-	if (group == 0) {
-		log_printf (LOG_LEVEL_ERROR, "ERROR: The '%s' group is not found in /etc/group, please read the documentation.\n", main_config->group);
-		corosync_exit_error (AIS_DONE_GID_DETERMINE);
-	}
-	gid_valid = group->gr_gid;
-	endgrent ();
-}
-
-static void aisexec_priv_drop (void)
-{
-return;
-	setuid (ais_uid);
-	setegid (ais_uid);
+return; /* TODO: we are still not dropping privs */
+	setuid (main_config->uid);
+	setegid (main_config->gid);
 }

 static void aisexec_mempool_init (void)
@ -639,10 +608,6 @@ int main (int argc, char **argv)
 		corosync_exit_error (AIS_DONE_MAINCONFIGREAD);
 	}

-	aisexec_uid_determine (&main_config);
-
-	aisexec_gid_determine (&main_config);
-
 	/*
 	 * Set round robin realtime scheduling with priority 99
 	 * Lock all memory to avoid page faults which may interrupt
@ -717,14 +682,14 @@ int main (int argc, char **argv)
 	 * CAP_SYS_NICE (setscheduler)
 	 * CAP_IPC_LOCK (mlockall)
 	 */
-	aisexec_priv_drop ();
+	priv_drop (&main_config);

 	aisexec_mempool_init ();

 	cs_ipc_init (
 		serialize_mutex_lock,
 		serialize_mutex_unlock,
-		gid_valid);
+		main_config.gid);

 	/*
 	 * Start main processing loop
--- a/exec/mainconfig.c
+++ b/exec/mainconfig.c
@ -40,6 +40,8 @@
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
+#include <pwd.h>
+#include <grp.h>

 #include <corosync/corotypes.h>
 #include <corosync/list.h>
@ -279,6 +281,36 @@ parse_error:
 	return (-1);
 }

+static int uid_determine (char *req_user)
+{
+	struct passwd *passwd;
+	int ais_uid = 0;
+
+	passwd = getpwnam(req_user);
+	if (passwd == 0) {
+		log_printf (LOG_LEVEL_ERROR, "ERROR: The '%s' user is not found in /etc/passwd, please read the documentation.\n", req_user);
+		corosync_exit_error (AIS_DONE_UID_DETERMINE);
+	}
+	ais_uid = passwd->pw_uid;
+	endpwent ();
+	return ais_uid;
+}
+
+static int gid_determine (char *req_group)
+{
+	struct group *group;
+	int ais_gid = 0;
+
+	group = getgrnam (req_group);
+	if (group == 0) {
+		log_printf (LOG_LEVEL_ERROR, "ERROR: The '%s' group is not found in /etc/group, please read the documentation.\n", req_group);
+		corosync_exit_error (AIS_DONE_GID_DETERMINE);
+	}
+	ais_gid = group->gr_gid;
+	endgrent ();
+	return ais_gid;
+}
+
 int corosync_main_config_read (
 	struct objdb_iface_ver0 *objdb,
 	char **error_string,
@ -304,22 +336,18 @@ int corosync_main_config_read (
 		&object_service_handle) == 0) {

 		if (!objdb_get_string (objdb,object_service_handle, "user", &value)) {
-			main_config->user = strdup(value);
-		}
+			main_config->uid = uid_determine(value);
+		} else
+			main_config->uid = uid_determine("ais");
+
 		if (!objdb_get_string (objdb,object_service_handle, "group", &value)) {
-			main_config->group = strdup(value);
-		}
+			main_config->gid = gid_determine(value);
+		} else
+			main_config->gid = gid_determine("ais");
 	}

 	objdb->object_find_destroy (object_find_handle);

-	/* Default user/group */
-	if (!main_config->user)
-		main_config->user = "ais";
-
-	if (!main_config->group)
-		main_config->group = "ais";
-
 	if ((main_config->logmode & LOG_MODE_OUTPUT_FILE) &&
 		(main_config->logfile == NULL)) {
 		error_reason = "logmode set to 'file' but no logfile specified";
--- a/exec/mainconfig.h
+++ b/exec/mainconfig.h
@ -61,13 +61,13 @@ struct main_config {
 	/*
 	 * user/group to run as
 	 */
-	char *user;
-	char *group;
+	int uid;
+	int gid;
 };

 extern int corosync_main_config_read (
 	struct objdb_iface_ver0 *objdb,
 	char **error_string,
 	struct main_config *main_config);
-	
+
 #endif /* MAINCONFIG_H_DEFINED */