From cdb06d25d1a8c71b57ad9283b8f81c1332b18fe1 Mon Sep 17 00:00:00 2001
From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
Date: Fri, 23 Jan 2009 16:12:13 +0000
Subject: [PATCH] cleanup handling of uid/gid config

git-svn-id: http://svn.fedorahosted.org/svn/corosync/trunk@1742 fd59a12c-fef9-0310-b244-a6a79926bd2f
---
 exec/main.c       | 47 ++++++--------------------------------------
 exec/mainconfig.c | 50 ++++++++++++++++++++++++++++++++++++-----------
 exec/mainconfig.h |  6 +++---
 3 files changed, 48 insertions(+), 55 deletions(-)

diff --git a/exec/main.c b/exec/main.c
index d99f963c..00ced1cd 100644
--- a/exec/main.c
+++ b/exec/main.c
@@ -34,8 +34,6 @@
  */
 #include <pthread.h>
 #include <assert.h>
-#include <pwd.h>
-#include <grp.h>
 #include <sys/types.h>
 #include <sys/poll.h>
 #include <sys/uio.h>
@@ -94,10 +92,6 @@ LOGSYS_DECLARE_SUBSYS ("MAIN", LOG_INFO);
 
 #define SERVER_BACKLOG 5
 
-static int ais_uid = 0;
-
-static int gid_valid = 0;
-
 static unsigned int service_count = 32;
 
 static pthread_mutex_t serialize_mutex = PTHREAD_MUTEX_INITIALIZER;
@@ -275,36 +269,11 @@ static void confchg_fn (
 	}
 }
 
-static void aisexec_uid_determine (struct main_config *main_config)
+static void priv_drop (struct main_config *main_config)
 {
-	struct passwd *passwd;
-
-	passwd = getpwnam(main_config->user);
-	if (passwd == 0) {
-		log_printf (LOG_LEVEL_ERROR, "ERROR: The '%s' user is not found in /etc/passwd, please read the documentation.\n", main_config->user);
-		corosync_exit_error (AIS_DONE_UID_DETERMINE);
-	}
-	ais_uid = passwd->pw_uid;
-	endpwent ();
-}
-
-static void aisexec_gid_determine (struct main_config *main_config)
-{
-	struct group *group;
-	group = getgrnam (main_config->group);
-	if (group == 0) {
-		log_printf (LOG_LEVEL_ERROR, "ERROR: The '%s' group is not found in /etc/group, please read the documentation.\n", main_config->group);
-		corosync_exit_error (AIS_DONE_GID_DETERMINE);
-	}
-	gid_valid = group->gr_gid;
-	endgrent ();
-}
-
-static void aisexec_priv_drop (void)
-{
-return;
-	setuid (ais_uid);
-	setegid (ais_uid);
+return; /* TODO: we are still not dropping privs */
+	setuid (main_config->uid);
+	setegid (main_config->gid);
 }
 
 static void aisexec_mempool_init (void)
@@ -639,10 +608,6 @@ int main (int argc, char **argv)
 		corosync_exit_error (AIS_DONE_MAINCONFIGREAD);
 	}
 
-	aisexec_uid_determine (&main_config);
-
-	aisexec_gid_determine (&main_config);
-
 	/*
 	 * Set round robin realtime scheduling with priority 99
 	 * Lock all memory to avoid page faults which may interrupt
@@ -717,14 +682,14 @@ int main (int argc, char **argv)
 	 * CAP_SYS_NICE (setscheduler)
 	 * CAP_IPC_LOCK (mlockall)
 	 */
-	aisexec_priv_drop ();
+	priv_drop (&main_config);
 
 	aisexec_mempool_init ();
 
 	cs_ipc_init (
 		serialize_mutex_lock,
 		serialize_mutex_unlock,
-		gid_valid);
+		main_config.gid);
 
 	/*
 	 * Start main processing loop
diff --git a/exec/mainconfig.c b/exec/mainconfig.c
index 00ee6143..14cc88aa 100644
--- a/exec/mainconfig.c
+++ b/exec/mainconfig.c
@@ -40,6 +40,8 @@
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
+#include <pwd.h>
+#include <grp.h>
 
 #include <corosync/corotypes.h>
 #include <corosync/list.h>
@@ -279,6 +281,36 @@ parse_error:
 	return (-1);
 }
 
+static int uid_determine (char *req_user)
+{
+	struct passwd *passwd;
+	int ais_uid = 0;
+
+	passwd = getpwnam(req_user);
+	if (passwd == 0) {
+		log_printf (LOG_LEVEL_ERROR, "ERROR: The '%s' user is not found in /etc/passwd, please read the documentation.\n", req_user);
+		corosync_exit_error (AIS_DONE_UID_DETERMINE);
+	}
+	ais_uid = passwd->pw_uid;
+	endpwent ();
+	return ais_uid;
+}
+
+static int gid_determine (char *req_group)
+{
+	struct group *group;
+	int ais_gid = 0;
+
+	group = getgrnam (req_group);
+	if (group == 0) {
+		log_printf (LOG_LEVEL_ERROR, "ERROR: The '%s' group is not found in /etc/group, please read the documentation.\n", req_group);
+		corosync_exit_error (AIS_DONE_GID_DETERMINE);
+	}
+	ais_gid = group->gr_gid;
+	endgrent ();
+	return ais_gid;
+}
+
 int corosync_main_config_read (
 	struct objdb_iface_ver0 *objdb,
 	char **error_string,
@@ -304,22 +336,18 @@ int corosync_main_config_read (
 		&object_service_handle) == 0) {
 
 		if (!objdb_get_string (objdb,object_service_handle, "user", &value)) {
-			main_config->user = strdup(value);
-		}
+			main_config->uid = uid_determine(value);
+		} else
+			main_config->uid = uid_determine("ais");
+
 		if (!objdb_get_string (objdb,object_service_handle, "group", &value)) {
-			main_config->group = strdup(value);
-		}
+			main_config->gid = gid_determine(value);
+		} else
+			main_config->gid = gid_determine("ais");
 	}
 
 	objdb->object_find_destroy (object_find_handle);
 
-	/* Default user/group */
-	if (!main_config->user)
-		main_config->user = "ais";
-
-	if (!main_config->group)
-		main_config->group = "ais";
-
 	if ((main_config->logmode & LOG_MODE_OUTPUT_FILE) &&
 		(main_config->logfile == NULL)) {
 		error_reason = "logmode set to 'file' but no logfile specified";
diff --git a/exec/mainconfig.h b/exec/mainconfig.h
index 22709760..9acc2b56 100644
--- a/exec/mainconfig.h
+++ b/exec/mainconfig.h
@@ -61,13 +61,13 @@ struct main_config {
 	/*
 	 * user/group to run as
 	 */
-	char *user;
-	char *group;
+	int uid;
+	int gid;
 };
 
 extern int corosync_main_config_read (
 	struct objdb_iface_ver0 *objdb,
 	char **error_string,
 	struct main_config *main_config);
-	
+
 #endif /* MAINCONFIG_H_DEFINED */