[devel] [PATCH hasher-priv v1 1/3] config.c
Arseny Maslennikov
ar на cs.msu.ru
Чт Сен 17 16:11:56 MSK 2020
On Fri, Dec 13, 2019 at 12:42:03PM +0100, Alex Gladkov wrote:
> diff --git a/hasher-priv/config.c b/hasher-priv/config.c
> index e3fedcd..6b6bdb1 100644
> --- a/hasher-priv/config.c
> +++ b/hasher-priv/config.c
> @@ -1,6 +1,7 @@
>
> /*
> Copyright (C) 2003-2019 Dmitry V. Levin <ldv на altlinux.org>
> + Copyright (C) 2019 Alexey Gladkov <legion на altlinux.org>
>
> Configuration support module for the hasher-priv program.
>
> @@ -19,13 +20,17 @@
> #include <unistd.h>
> #include <limits.h>
> #include <pwd.h>
> +#include <grp.h>
>
> #include "priv.h"
> #include "xmalloc.h"
> +#include "logging.h"
>
> const char *const *chroot_prefix_list;
> const char *chroot_prefix_path;
> const char *change_user1, *change_user2;
> +char *server_control_group = NULL;
> +char *server_pidfile = NULL;
> const char *term;
> const char *x11_display, *x11_key;
> str_list_t allowed_devices;
> @@ -33,6 +38,8 @@ str_list_t allowed_mountpoints;
> str_list_t requested_mountpoints;
> uid_t change_uid1, change_uid2;
> gid_t change_gid1, change_gid2;
> +gid_t server_gid;
> +unsigned long server_session_timeout = 0;
> mode_t change_umask = 022;
> int change_nice = 8;
> int makedev_console;
> @@ -42,6 +49,7 @@ int share_caller_network = 0;
> int share_ipc = -1;
> int share_network = -1;
> int share_uts = -1;
> +int server_log_priority = -1;
> change_rlimit_t change_rlimit[] = {
>
> /* Per-process CPU limit, in seconds. */
> @@ -209,7 +217,7 @@ parse_rlim(const char *name, const char *value, const char *optname,
> }
>
> static unsigned long
> -str2wlim(const char *name, const char *value, const char *filename)
> +str2ul(const char *name, const char *value, const char *filename)
> {
> char *p = 0;
> unsigned long long n;
> @@ -229,7 +237,7 @@ static void
> modify_wlim(unsigned long *pval, const char *value,
> const char *optname, const char *filename, int is_system)
> {
> - unsigned long val = str2wlim(optname, value, filename);
> + unsigned long val = str2ul(optname, value, filename);
>
> if (is_system || *pval == 0 || (val > 0 && val < *pval))
> *pval = val;
> @@ -633,3 +641,134 @@ parse_env(void)
> if ((e = getenv("requested_mountpoints")))
> parse_str_list(e, &requested_mountpoints);
> }
> +
> +static void
> +check_server_control_group(void)
Bad (IOW, unlucky) naming; especially since in a later patch
hasher-privd deals with cgroups.
Is this related to the socket inode's gid in /run?
> +{
> + struct group *gr;
> +
> + if (!server_control_group || !*server_control_group)
> + error(EXIT_FAILURE, 0, "config: undefined: control_group");
> +
> + gr = getgrnam(server_control_group);
> +
> + if (!gr || !gr->gr_name)
> + error(EXIT_FAILURE, 0, "config: control_group: %s lookup failure", server_control_group);
> +
> + server_gid = gr->gr_gid;
> +}
> +
> +static void
> +set_server_config(const char *name, const char *value, const char *filename)
> +{
> + if (!strcasecmp("priority", name)) {
> + server_log_priority = logging_level(value);
> + } else if (!strcasecmp("session_timeout", name)) {
> + server_session_timeout = str2ul(name, value, filename);
> + } else if (!strcasecmp("pidfile", name)) {
> + free(server_pidfile);
> + server_pidfile = xstrdup(value);
> + } else if (!strcasecmp("control_group", name)) {
> + free(server_control_group);
> + server_control_group = xstrdup(value);
> + } else {
> + bad_option_name(name, filename);
> + }
> +}
> +
> +static void
> +read_server_config(int fd, const char *name)
> +{
> + FILE *fp = fdopen(fd, "r");
> + char buf[BUFSIZ];
> + unsigned line;
> +
> + if (!fp)
> + error(EXIT_FAILURE, errno, "fdopen: %s", name);
> +
> + for (line = 1; fgets(buf, BUFSIZ, fp); ++line) {
> + const char *start, *left;
> + char *eq, *right, *end;
> +
> + for (start = buf; *start && isspace(*start); ++start)
> + ;
> +
> + if (!*start || '#' == *start)
> + continue;
> +
> + if (!(eq = strchr(start, '=')))
> + error(EXIT_FAILURE, 0, "%s: syntax error at line %u",
> + name, line);
> +
> + left = start;
> + right = eq + 1;
> +
> + for (; eq > left; --eq)
> + if (!isspace(eq[-1]))
> + break;
> +
> + if (left == eq)
> + error(EXIT_FAILURE, 0, "%s: syntax error at line %u",
> + name, line);
> +
> + *eq = '\0';
> + end = right + strlen(right);
> +
> + for (; right < end; ++right)
> + if (!isspace(*right))
> + break;
> +
> + for (; end > right; --end)
> + if (!isspace(end[-1]))
> + break;
> +
> + *end = '\0';
> + set_server_config(left, right, name);
> + }
> +
> + if (ferror(fp))
> + error(EXIT_FAILURE, errno, "fgets: %s", name);
> +
> + if (fclose(fp))
> + error(EXIT_FAILURE, errno, "fclose: %s", name);
> +}
> +
> +static void
> +load_server_config(const char *name)
> +{
> + struct stat st;
> + int fd = open(name, O_RDONLY | O_NOFOLLOW | O_NOCTTY);
> +
> + if (fd < 0)
> + error(EXIT_FAILURE, errno, "open: %s", name);
> +
> + if (fstat(fd, &st) < 0)
> + error(EXIT_FAILURE, errno, "fstat: %s", name);
> +
> + stat_root_ok_validator(&st, name);
> +
> + if (!S_ISREG(st.st_mode))
> + error(EXIT_FAILURE, 0, "%s: not a regular file", name);
> +
> + if (st.st_size > MAX_CONFIG_SIZE)
> + error(EXIT_FAILURE, 0, "%s: file too large: %lu",
> + name, (unsigned long) st.st_size);
> +
> + read_server_config(fd, name);
> +}
> +
> +void
> +configure_server(void)
> +{
> + safe_chdir("/", stat_root_ok_validator);
> + safe_chdir("etc/hasher-priv", stat_root_ok_validator);
> + load_server_config("server");
> + check_server_control_group();
> +}
> +
> +void
> +free_server_configuration(void)
> +{
> + free(server_pidfile);
> + free(server_control_group);
> +}
----------- следующая часть -----------
Было удалено вложение не в текстовом формате...
Имя : signature.asc
Тип : application/pgp-signature
Размер : 833 байтов
Описание: отсутствует
Url : <http://lists.altlinux.org/pipermail/devel/attachments/20200917/c6ca0e79/attachment-0001.bin>
Подробная информация о списке рассылки Devel