src/client_msg.c src/client_msg.h src/main.c src/sanlock_internal.h - sanlock-devel - Fedora mailing-lists

20 Apr 2011

src/client_msg.c       |   35 ++++++++++++++++++-----------------
 src/client_msg.h       |    3 ++-
 src/main.c             |   43 +++++++++++++++++++++++++++++++++++++++++--
 src/sanlock_internal.h |    5 +++++
 4 files changed, 66 insertions(+), 20 deletions(-)
New commits:
commit d8805d428ff7c8994a43cc5265eb5379f4db1057
Author: Federico Simoncelli fsimonce@redhat.com
Date:   Wed Apr 20 13:59:33 2011 +0100
daemon: configurable socket permissions

diff --git a/src/client_msg.c b/src/client_msg.c
index 3240222..11d5ab5 100644
--- a/src/client_msg.c
+++ b/src/client_msg.c
@@ -43,7 +43,8 @@ static int get_socket_address(struct sockaddr_un *addr)
    return 0;
 }
-int setup_listener_socket(int *listener_socket)
+int setup_listener_socket(int *listener_socket,
+                          uid_t owner, gid_t group, mode_t mode)
 {
    int rv, s;
    struct sockaddr_un addr;
@@ -58,27 +59,27 @@ int setup_listener_socket(int *listener_socket)
unlink(addr.sun_path);
    rv = bind(s, (struct sockaddr *) &addr, sizeof(struct sockaddr_un));
-	if (rv < 0) {
-		rv = -1;
-		close(s);
-		return rv;
-	}
+	if (rv < 0)
+		goto exit_fail;
+
+	rv = chmod(addr.sun_path, mode);
+	if (rv < 0)
+		goto exit_fail;
+
+	rv = chown(addr.sun_path, owner, group);
+	if (rv < 0)
+		goto exit_fail;
rv = listen(s, 5);
-	if (rv < 0) {
-		rv = -1;
-		close(s);
-		return rv;
-	}
+	if (rv < 0)
+		goto exit_fail;
-	rv = fchmod(s, 666);
-	if (rv < 0) {
-		rv = -1;
-		close(s);
-		return rv;
-	}
    *listener_socket = s;
    return 0;
+
+ exit_fail:
+	close(s);
+	return -1;
 }
int connect_socket(int *sock_fd)
diff --git a/src/client_msg.h b/src/client_msg.h
index 12b206a..828acf5 100644
--- a/src/client_msg.h
+++ b/src/client_msg.h
@@ -40,7 +40,8 @@ struct sanlk_state {
    char str[0]; /* string of internal state */
 };
-int setup_listener_socket(int *listener_socket);
+int setup_listener_socket(int *listener_socket,
+                          uid_t owner, gid_t group, mode_t mode);
 int connect_socket(int *sock_fd);
 int send_header(int sock, int cmd, uint32_t cmd_flags, int datalen,
    	uint32_t data, uint32_t data2);
diff --git a/src/main.c b/src/main.c
index 5587957..c1e8abd 100644
--- a/src/main.c
+++ b/src/main.c
@@ -21,6 +21,8 @@
 #include <pthread.h>
 #include <poll.h>
 #include <sched.h>
+#include <pwd.h>
+#include <grp.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <sys/stat.h>
@@ -1956,7 +1958,7 @@ static int setup_listener(void)
 {
    int rv, fd, ci;
-	rv = setup_listener_socket(&fd);
+	rv = setup_listener_socket(&fd, com.uid, com.gid, DEFAULT_SOCKET_MODE);
    if (rv < 0)
    	return rv;
@@ -2004,7 +2006,7 @@ static void setup_priority(void)
rv = sched_get_priority_max(SCHED_RR);
    if (rv < 0) {
-                log_error("could not get max scheduler priority err %d", errno);
+		log_error("could not get max scheduler priority err %d", errno);
    	return;
    }
@@ -2087,6 +2089,34 @@ static int do_daemon(void)
    return rv;
 }
+static int user_to_uid(char *arg)
+{
+	struct passwd *pw;
+
+	pw = getpwnam(arg);
+	if (pw == NULL) {
+		log_error("user '%s' not found, "
+                          "using uid: %i", arg, DEFAULT_SOCKET_UID);
+		return DEFAULT_SOCKET_UID;
+	}
+
+	return pw->pw_uid;
+}
+
+static int group_to_gid(char *arg)
+{
+	struct group *gr;
+
+	gr = getgrnam(arg);
+	if (gr == NULL) {
+		log_error("group '%s' not found, "
+                          "using uid: %i", arg, DEFAULT_SOCKET_UID);
+		return DEFAULT_SOCKET_GID;
+	}
+
+	return gr->gr_gid;
+}
+
 static int parse_arg_lockspace(char *arg)
 {
    sanlock_str_to_lockspace(arg, &com.lockspace);
@@ -2511,6 +2541,13 @@ static int read_command_line(int argc, char *argv[])
    		parse_arg_resource(optionarg); /* com.res_args[] */
    		break;
+		case 'U':
+			com.uid = user_to_uid(optionarg);
+			break;
+		case 'G':
+			com.gid = group_to_gid(optionarg);
+			break;
+
    	case 'c':
    		begin_command = 1;
    		break;
@@ -2782,6 +2819,8 @@ int main(int argc, char *argv[])
    com.max_hosts = DEFAULT_MAX_HOSTS;
    com.use_watchdog = DEFAULT_USE_WATCHDOG;
    com.high_priority = DEFAULT_HIGH_PRIORITY;
+	com.uid = DEFAULT_SOCKET_UID;
+	com.gid = DEFAULT_SOCKET_GID;
    com.pid = -1;
to.use_aio = DEFAULT_USE_AIO;
diff --git a/src/sanlock_internal.h b/src/sanlock_internal.h
index f0108ea..f2bbbe3 100644
--- a/src/sanlock_internal.h
+++ b/src/sanlock_internal.h
@@ -260,6 +260,9 @@ EXTERN struct timeout to;
#define DEFAULT_USE_WATCHDOG 1
 #define DEFAULT_HIGH_PRIORITY 1
+#define DEFAULT_SOCKET_UID 0
+#define DEFAULT_SOCKET_GID 0
+#define DEFAULT_SOCKET_MODE (S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP)
struct command_line {
    int type;				/* COM_ */
@@ -267,6 +270,8 @@ struct command_line {
    int debug;
    int use_watchdog;
    int high_priority;
+	int uid;				/* -U */
+	int gid;				/* -G */
    int pid;				/* -p */
    uint64_t local_host_id;			/* -i */
    uint64_t local_host_generation;		/* -g */

    