diff options
-rw-r--r-- | pies/meta1gram.y | 4 | ||||
-rw-r--r-- | pies/pies.c | 100 | ||||
-rw-r--r-- | pies/pies.h | 10 | ||||
-rw-r--r-- | pies/progman.c | 2 |
4 files changed, 14 insertions, 102 deletions
diff --git a/pies/meta1gram.y b/pies/meta1gram.y index 91bcb6d..ae73f63 100644 --- a/pies/meta1gram.y +++ b/pies/meta1gram.y @@ -199,6 +199,10 @@ list : '{' values '}' { $$ = $2; } + | '{' values ',' '}' + { + $$ = $2; + } ; values : value diff --git a/pies/pies.c b/pies/pies.c index 7f1ed35..8c39cfa 100644 --- a/pies/pies.c +++ b/pies/pies.c @@ -21,7 +21,7 @@ int log_to_stderr; /* Use stderr for logging */ char *log_tag; /* override mu_log_tag */ mu_log_level_t debug_level; mu_debug_t pies_debug; -struct pies_privs_data pies_user; +struct mf_privs pies_privs; int foreground; int command; char *pidfile = STATEDIR "/pies.pid"; @@ -314,48 +314,6 @@ return_code_cfg_init () mu_cfg_section_add_params (section, return_code_cfg_param); } - -static int -_cb_group (mu_debug_t debug, void *data, mu_config_value_t *arg) -{ - int argc, i; - char **argv; - mu_list_t *plist = data, list; - int rc; - - if (mu_cfg_assert_value_type (arg, MU_CFG_STRING, debug)) - return 1; - rc = mu_argcv_get_np (arg->v.string, strlen (arg->v.string), - ",", NULL, 0, &argc, &argv, NULL); - if (rc) - { - mu_cfg_format_error (debug, MU_DEBUG_ERROR, - "mu_argcv_get: %s", mu_strerror (rc)); - return 1; - } - if (*plist) - list = *plist; - else - { - mu_list_create (&list); - *plist = list; - } - for (i = 0; i < argc; i++) - { - struct group *group = getgrnam (argv[i]); - if (!group) - { - mu_cfg_format_error (debug, MU_DEBUG_ERROR, _("Unknown group: %s"), - argv[i]); - continue; - } - mu_list_append (list, (void*)group->gr_gid); - } - mu_argcv_free (argc, argv); - return 0; -} - - static int _cb_command (mu_debug_t debug, void *data, mu_config_value_t *val) { @@ -677,8 +635,8 @@ struct mu_cfg_param component_cfg_param[] = { { "user", mu_cfg_string, NULL, mu_offsetof (struct component, privs.user), NULL, N_("Run with this user privileges.") }, - { "group", mu_cfg_callback, NULL, - mu_offsetof (struct component, privs.groups), _cb_group, + { "group", MU_CFG_LIST_OF(mu_cfg_string), NULL, + mu_offsetof (struct component, privs.groups), NULL, N_("Retain supplementary group.") }, { "allgroups", mu_cfg_bool, NULL, mu_offsetof (struct component, privs.allgroups), NULL, @@ -886,11 +844,11 @@ struct mu_cfg_param pies_cfg_param[] = { N_("Set location of the control file.") }, { "stat-file", mu_cfg_string, &statfile, 0, NULL, N_("Set location of the statistics output file.") }, - { "user", mu_cfg_string, &pies_user.user, 0, NULL, + { "user", mu_cfg_string, &pies_privs.user, 0, NULL, N_("Run with this user privileges.") }, - { "group", mu_cfg_callback, &pies_user.groups, 0, _cb_group, + { "group", MU_CFG_LIST_OF(mu_cfg_string), &pies_privs.groups, 0, NULL, N_("Retain supplementary group.") }, - { "allgroups", mu_cfg_bool, &pies_user.allgroups, 0, NULL, + { "allgroups", mu_cfg_bool, &pies_privs.allgroups, 0, NULL, N_("Retain all supplementary groups of which user is a member.") }, { "umask", mu_cfg_callback, &pies_umask, 0, _cb_umask, N_("Force this umask."), @@ -1047,48 +1005,6 @@ version (FILE *stream, struct argp_state *state) } -static void -pies_add_allgroups (mu_list_t *pgrouplist, const char *user) -{ - struct group *gr; - mu_list_t list; - if (!*pgrouplist) - mu_list_create (pgrouplist); - list = *pgrouplist; - setgrent (); - while (gr = getgrent ()) - { - char **p; - for (p = gr->gr_mem; *p; p++) - if (strcmp (*p, user) == 0) - { - /* FIXME: Avoid duplicating gids */ - mu_list_append (list, (void*)gr->gr_gid); - break; - } - } - endgrent (); -} - -void -priv_setup (struct pies_privs_data *pr) -{ - if (pr->user) - { - struct passwd *pw = getpwnam (pr->user); - if (!pw) - { - mu_error (_("No such user: %s"), pr->user); - exit (EX_CONFIG); - } - if (pr->allgroups) - pies_add_allgroups (&pr->groups, pr->user); - if (pw && switch_to_privs (pw->pw_uid, pw->pw_gid, pr->groups)) - exit (EX_SOFTWARE); - } -} - - #define ACTION_CONT 0 #define ACTION_STOP 1 #define ACTION_RESTART 2 @@ -1377,7 +1293,7 @@ main (int argc, char **argv) switch (command) { case OPT_RESTART: - priv_setup (&pies_user); + mf_priv_setup (&pies_privs); if (pies_umask) umask (pies_umask); exit (request_restart_components (argv + index)); @@ -1392,7 +1308,7 @@ main (int argc, char **argv) exit (pies_stop ()); default: - priv_setup (&pies_user); + mf_priv_setup (&pies_privs); if (pies_umask) umask (pies_umask); } diff --git a/pies/pies.h b/pies/pies.h index 806c82f..2969222 100644 --- a/pies/pies.h +++ b/pies/pies.h @@ -73,13 +73,6 @@ struct retranslator typedef struct limits_rec *limits_record_t; -struct pies_privs_data -{ - char *user; - mu_list_t groups; - int allgroups; -}; - #define MAX_RETURN_CODE 127 enum return_action @@ -129,7 +122,7 @@ struct component int disabled; /* The componenet is disabled */ int precious; /* The component is precious (cannot be disabled) */ char *rmfile; /* Try to remove this file before starting */ - struct pies_privs_data privs; /* UID/GIDS+groups to run under */ + struct mf_privs privs; /* UID/GIDS+groups to run under */ mode_t umask; /* Umask to install before starting */ limits_record_t limits;/* System limits */ mu_url_t socket_url; /* Socket to listen on (if mode != pies_comp_exec) */ @@ -164,7 +157,6 @@ struct component *progman_lookup_component (const char *tag); void log_setup (int want_stderr); void signal_setup (RETSIGTYPE (*sf)(int)); -void priv_setup (struct pies_privs_data *pr); typedef struct pies_depmap *pies_depmap_t; typedef struct pies_depmap_pos *pies_depmap_pos_t; diff --git a/pies/progman.c b/pies/progman.c index 74b9b88..6691786 100644 --- a/pies/progman.c +++ b/pies/progman.c @@ -691,7 +691,7 @@ prog_start (struct prog *prog) __MU_DEBUG1 (pies_debug, MU_DEBUG_TRACE4, "%s ", environ[i]); mu_debug_printf (pies_debug, MU_DEBUG_TRACE4, "\n"); } - priv_setup (&prog->v.p.comp->privs); + mf_priv_setup (&prog->v.p.comp->privs); if (prog->v.p.comp->umask) umask (prog->v.p.comp->umask); |