OSSP CVS Repository

ossp - Check-in [1166]
Not logged in
[Honeypot]  [Browse]  [Home]  [Login]  [Reports
[Search]  [Ticket]  [Timeline
  [Patchset]  [Tagging/Branching

Check-in Number: 1166
Date: 2001-Oct-12 12:08:57 (local)
2001-Oct-12 10:08:57 (UTC)
User:rse
Branch:
Comment: Improve -u option and -b (uid/mode on Unix Domain sockets).
Tickets:
Inspections:
Files:
ossp-pkg/lmtp2nntp/00TODO      1.37 -> 1.38     3 inserted, 0 deleted
ossp-pkg/lmtp2nntp/lmtp2nntp.c      1.84 -> 1.85     70 inserted, 18 deleted

ossp-pkg/lmtp2nntp/00TODO 1.37 -> 1.38

--- 00TODO       2001/09/13 14:24:49     1.37
+++ 00TODO       2001/10/12 10:08:57     1.38
@@ -1,6 +1,9 @@
 
   **** DEVELOPMENT INFORMATION ****
 
+  option -U currently has to be specified before option -b in order to
+  set the owner/modes of Unix Domains sockets correctly.
+
   Proposal for future URL-style logging option syntax
   -L streamlog
   -l syslog:[mask]//[localhost[:port]][/tag=value ...] with /tag=value i.e. facility=local0


ossp-pkg/lmtp2nntp/lmtp2nntp.c 1.84 -> 1.85

--- lmtp2nntp.c  2001/10/12 08:57:50     1.84
+++ lmtp2nntp.c  2001/10/12 10:08:57     1.85
@@ -34,6 +34,7 @@
 #include <sys/time.h>
 #include <sys/types.h>
 #include <sys/wait.h>
+#include <sys/stat.h>
 #include <signal.h>
 #include <pwd.h>
 
@@ -397,6 +398,10 @@
     char         *cpPrefixLen;
     struct passwd *sPasswd;
 
+    /* drop effective uid/gid priviledges */
+    seteuid(getuid());
+    setegid(getgid());
+
     /* library version check (run-time) */
     if (l2_version.v_hex < L2_VERSION_HEX_REQ) {
         fprintf(stderr, "require OSSP L2 >= %s, found %s\n", L2_VERSION_STR_REQ, L2_VERSION_STR);
@@ -428,7 +433,7 @@
     ctx->option_levelmask = L2_LEVEL_NONE;
     ctx->option_pidfile = NULL;
     ctx->option_killflag = FALSE;
-    ctx->option_uid = geteuid();
+    ctx->option_uid = getuid();
     ctx->option_daemon = FALSE;
     ctx->l2 = NULL;
     ctx->saaAltio = NULL;
@@ -520,16 +525,67 @@
                 break;
             case 'b': /*POD [B<-b> I<addr>[I<:port>]|C<->|I<path>] */
                 if (strcmp(optarg, "-") != 0) {
+                    if ((rc = sa_create(&ctx->saAltio)) != SA_OK) {
+                        fprintf(stderr, "%s:Error: Creating TCP socket failed for \"%s\": %s\n", 
+                                ctx->progname, optarg, strerror(errno));
+                        CU(ERR_EXECUTION);
+                    }
                     if ((rc = sa_addr_create(&ctx->saaAltio)) != SA_OK) {
                         fprintf(stderr, "%s:Error: Creating address failed for -a option (%d)\n", 
                                 ctx->progname, rc);
                     }
                     if (optarg[0] == '/') {
-                        if ((rc = sa_addr_u2a(ctx->saaAltio, "unix:%s", optarg)) != SA_OK) {
+                        char *cpPath;
+                        char *cpPerm;
+                        int nPerm;
+                        int n;
+
+                        cpPath = strdup(optarg);
+                        cpPerm = NULL;
+                        nPerm  = -1;
+                        if ((cpPerm = strrchr(cpPath, ':')) != NULL) {
+                            *cpPerm++ = '\0';
+                            nPerm = 0;
+                            for (i = 0; i < 4 && cpPerm[i] != '\0'; i++) {
+                                if (!isdigit((int)cpPerm[i])) {
+                                    nPerm = -1;
+                                    break;
+                                }
+                                n = cpPerm[i] - '0';
+                                if (n > 7) {
+                                    nPerm = -1;
+                                    break;
+                                }
+                                nPerm = ((nPerm << 3) | n);
+                            }
+                            if (nPerm == -1 || cpPerm[i] != '\0') {
+                                fprintf(stderr, "%s:Error: Invalid permissions \"%s\"\n", ctx->progname, cpPerm);
+                                CU(ERR_EXECUTION);
+                            }
+                        }
+                        if ((rc = sa_addr_u2a(ctx->saaAltio, "unix:%s", cpPath)) != SA_OK) {
                             fprintf(stderr, "%s:Error: Parsing alternate IO guessing UNIX domain socket failed for \"%s\" (%d)\n", 
-                                    ctx->progname, optarg, rc);
+                                    ctx->progname, cpPath, rc);
+                            CU(ERR_EXECUTION);
+                        }
+                        if ((rc = sa_bind(ctx->saAltio, ctx->saaAltio)) != SA_OK) {
+                            fprintf(stderr, "%s:Error: Bind failed for \"%s\": %s\n", 
+                                    ctx->progname, cpPath, strerror(errno));
                             CU(ERR_EXECUTION);
                         }
+                        if (nPerm != -1) {
+                            if (chmod(cpPath, nPerm) == -1) {
+                                fprintf(stderr, "%s:Error: chmod failed for \"%s\": %s\n", ctx->progname, cpPath, strerror(errno));
+                                CU(ERR_EXECUTION);
+                            }
+                        }
+                        if (getuid() == 0 && getuid() != ctx->option_uid) {
+                            if (chown(cpPath, ctx->option_uid, -1) == -1) {
+                                fprintf(stderr, "%s:Error: chown failed for \"%s\": %s\n", ctx->progname, cpPath, strerror(errno));
+                                CU(ERR_EXECUTION);
+                            }
+                        }
+                        free(cpPath);
                     }
                     else {
                         if ((rc = sa_addr_u2a(ctx->saaAltio, "inet://%s", optarg)) != SA_OK) {
@@ -537,16 +593,11 @@
                                     ctx->progname, optarg, rc);
                             CU(ERR_EXECUTION);
                         }
-                    }
-                    if ((rc = sa_create(&ctx->saAltio)) != SA_OK) {
-                        fprintf(stderr, "%s:Error: Creating TCP socket failed for \"%s\": %s\n", 
-                                ctx->progname, optarg, strerror(errno));
-                        CU(ERR_EXECUTION);
-                    }
-                    if ((rc = sa_bind(ctx->saAltio, ctx->saaAltio)) != SA_OK) {
-                        fprintf(stderr, "%s:Error: Bind failed for \"%s\": %s\n", 
-                                ctx->progname, optarg, strerror(errno));
-                        CU(ERR_EXECUTION);
+                        if ((rc = sa_bind(ctx->saAltio, ctx->saaAltio)) != SA_OK) {
+                            fprintf(stderr, "%s:Error: Bind failed for \"%s\": %s\n", 
+                                    ctx->progname, optarg, strerror(errno));
+                            CU(ERR_EXECUTION);
+                        }
                     }
                     if ((rc = sa_listen(ctx->saAltio, -1)) != SA_OK) {
                         fprintf(stderr, "%s:Error: Listen to failed for \"%s\": %s\n", 
@@ -766,7 +817,6 @@
                     }
                 }
                 else {
-
                     if ((sPasswd = getpwnam(optarg)) == NULL) {
                         fprintf(stderr, "%s:Error: loginname \"%s\" not found for -u option.\n", ctx->progname, optarg);
                         CU(ERR_EXECUTION);
@@ -840,10 +890,12 @@
     }
 #endif
 
-    if (setuid(ctx->option_uid) == -1) {
-        fprintf(stderr, "%s:Error: Setting UID to %d failed: %s\n", 
-                ctx->progname, ctx->option_uid, strerror(errno));
-        CU(ERR_EXECUTION);
+    if (getuid() != ctx->option_uid) {
+        if (setuid(ctx->option_uid) == -1) {
+            fprintf(stderr, "%s:Error: Setting UID to %d failed: %s\n", 
+                    ctx->progname, ctx->option_uid, strerror(errno));
+            CU(ERR_EXECUTION);
+        }
     }
 
     if ((ctx->l2 = l2_stream_create()) == NULL) {

CVSTrac 2.0.1