aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSergey Poznyakoff <gray@gnu.org.ua>2008-11-11 15:13:54 +0000
committerSergey Poznyakoff <gray@gnu.org.ua>2008-11-11 15:13:54 +0000
commit0af7127c5084ffc3550de8d98e00582975eb6113 (patch)
tree025df4a8afae34e999cb61d6255f4eb757e65687
parent58073638e695a34728794daf83c63b740419daa4 (diff)
downloadpies-0af7127c5084ffc3550de8d98e00582975eb6113.tar.gz
pies-0af7127c5084ffc3550de8d98e00582975eb6113.tar.bz2
Bugfixes
* pies/pies.c (component_cfg_param, pies_cfg_param): New keyword: allgroups. (pies_add_allgroups): New function. * pies/limits.c: Fix debug statements. * pies/progman.c (build_depmap): Rename to progman_build_depmap. Make extern, for future use. All callers updated. * pies/pies.h (progman_build_depmap): New proto.
-rw-r--r--pies/limits.c31
-rw-r--r--pies/pies.c30
-rw-r--r--pies/pies.h2
-rw-r--r--pies/progman.c10
4 files changed, 59 insertions, 14 deletions
diff --git a/pies/limits.c b/pies/limits.c
index 6c0d48e..90d6459 100644
--- a/pies/limits.c
+++ b/pies/limits.c
@@ -51,7 +51,7 @@ do_set_limit (int rlimit, rlim_t limit)
struct rlimit rlim;
MU_DEBUG2 (pies_debug, MU_DEBUG_TRACE1,
- "Setting limit %d to %lu", rlimit, (unsigned long) limit);
+ "Setting limit %d to %lu\n", rlimit, (unsigned long) limit);
rlim.rlim_cur = limit;
rlim.rlim_max = limit;
@@ -67,7 +67,7 @@ do_set_limit (int rlimit, rlim_t limit)
static int
set_prio (int prio)
{
- MU_DEBUG1 (pies_debug, MU_DEBUG_TRACE2, "Setting priority to %d", prio);
+ MU_DEBUG1 (pies_debug, MU_DEBUG_TRACE2, "Setting priority to %d\n", prio);
if (setpriority (PRIO_PROCESS, 0, prio))
{
mu_diag_output (MU_DIAG_NOTICE, _("error setting priority: %s"),
@@ -93,7 +93,7 @@ set_limits (const char *name, struct limits_rec *lrec)
if (!lrec)
return 0;
- MU_DEBUG1 (pies_debug, MU_DEBUG_TRACE2, "Setting limits for %s", name);
+ MU_DEBUG1 (pies_debug, MU_DEBUG_TRACE2, "Setting limits for %s\n", name);
#if defined(RLIMIT_AS)
if (lrec->set & SET_LIMIT_AS)
@@ -145,12 +145,20 @@ set_limits (const char *name, struct limits_rec *lrec)
int
getlimit (char **ptr, rlim_t *rlim, int mul)
{
- unsigned long val;
-
- val = strtoul (*ptr, ptr, 10);
- if (val == 0)
- return 1;
- *rlim = val * mul;
+ if (**ptr == '-')
+ {
+ *rlim = RLIM_INFINITY;
+ ++*ptr;
+ }
+ else
+ {
+ unsigned long val;
+
+ val = strtoul (*ptr, ptr, 10);
+ if (val == 0)
+ return 1;
+ *rlim = val * mul;
+ }
return 0;
}
@@ -159,9 +167,10 @@ getlimit (char **ptr, rlim_t *rlim, int mul)
The string consists of _commands_, optionally separated by any amount
of whitespace. A command has the following form:
- [AaCcDdFfMmNnRrSsTtUuLlPp][0-9]+
+ [AaCcDdFfMmNnRrSsTtUuLlPp](-|[0-9]+)
- i.e. a letter followed by number, and is interpreted as follows:
+ i.e. a letter followed by number or a dash. The latters stands for
+ 'unlimited'. Commands are interpreted as follows:
Command ulimit setrlimit() The limit it sets
option arg
diff --git a/pies/pies.c b/pies/pies.c
index b1d4940..9fc7a81 100644
--- a/pies/pies.c
+++ b/pies/pies.c
@@ -629,6 +629,9 @@ struct mu_cfg_param component_cfg_param[] = {
{ "group", mu_cfg_callback, NULL,
mu_offsetof (struct component, privs.groups), _cb_group,
N_("Retain supplementary group.") },
+ { "allgroups", mu_cfg_bool, NULL,
+ mu_offsetof (struct component, privs.allgroups), NULL,
+ N_("Retain all supplementary groups of which user is a member.") },
{ "umask", mu_cfg_callback, NULL,
mu_offsetof (struct component, umask), _cb_umask,
N_("Force this umask."),
@@ -780,6 +783,8 @@ struct mu_cfg_param pies_cfg_param[] = {
N_("Run with this user privileges.") },
{ "group", mu_cfg_callback, &pies_user.groups, 0, _cb_group,
N_("Retain supplementary group.") },
+ { "allgroups", mu_cfg_bool, &pies_user.allgroups, 0, NULL,
+ N_("Retain all supplementary groups of which user is a member.") },
{ "umask", mu_cfg_callback, &pies_umask, 0, _cb_umask,
N_("Force this umask."),
N_("arg: number") },
@@ -910,6 +915,29 @@ version (FILE *stream, struct argp_state *state)
}
+static void
+pies_add_allgroups (mu_list_t *pgrouplist, const char *user)
+{
+ struct group *gr;
+ mu_list_t list;
+ if (!*pgrouplist)
+ mu_list_create (pgrouplist);
+ list = *pgrouplist;
+ setgrent ();
+ while (gr = getgrent ())
+ {
+ char **p;
+ for (p = gr->gr_mem; *p; p++)
+ if (strcmp (*p, user) == 0)
+ {
+ /* FIXME: Avoid duplicating gids */
+ mu_list_append (list, (void*)gr->gr_gid);
+ break;
+ }
+ }
+ endgrent ();
+}
+
void
priv_setup (struct pies_privs_data *pr)
{
@@ -921,6 +949,8 @@ priv_setup (struct pies_privs_data *pr)
mu_error (_("No such user: %s"), pr->user);
exit (EX_CONFIG);
}
+ if (pr->allgroups)
+ pies_add_allgroups (&pr->groups, pr->user);
if (pw && switch_to_privs (pw->pw_uid, pw->pw_gid, pr->groups))
exit (EX_SOFTWARE);
}
diff --git a/pies/pies.h b/pies/pies.h
index 4d57fd7..4930de4 100644
--- a/pies/pies.h
+++ b/pies/pies.h
@@ -60,6 +60,7 @@ struct pies_privs_data
{
char *user;
mu_list_t groups;
+ int allgroups;
};
#define MAX_RETURN_CODE 127
@@ -138,6 +139,7 @@ void progman_cleanup (int expect_term);
void progman_stop_component (const char *name);
void progman_dump_stats (const char *filename);
int progman_accept (int socket);
+int progman_build_depmap (void);
void log_setup (int want_stderr);
void signal_setup (RETSIGTYPE (*sf)(int));
diff --git a/pies/progman.c b/pies/progman.c
index 9d37e67..c93ed9c 100644
--- a/pies/progman.c
+++ b/pies/progman.c
@@ -812,9 +812,10 @@ progman_accept (int socket)
return 0;
}
-static void
-build_depmap ()
+int
+progman_build_depmap ()
{
+ int rc = 0;
unsigned i;
struct prog *prog;
pies_depmap_t dp;
@@ -832,6 +833,7 @@ build_depmap ()
mu_error (_("component %s depends on %s, "
"which is not declared"),
prog->tag, prog->depend[i]);
+ rc++;
}
else
depmap_set (depmap, prog->idx, dep->idx);
@@ -845,8 +847,10 @@ build_depmap ()
prog = prog_lookup_by_idx (i);
mu_error (_("component %s depends on itself"), prog->tag);
prog->v.p.status = status_disabled;
+ rc++;
}
free (dp);
+ return rc;
}
void
@@ -854,7 +858,7 @@ progman_start ()
{
struct prog *prog;
- build_depmap ();
+ progman_build_depmap ();
MU_DEBUG (pies_debug, MU_DEBUG_TRACE1, "Starting components\n");
for (prog = proghead; prog; prog = prog->next)

Return to:

Send suggestions and report system problems to the System administrator.