From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa.local.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RP_MATCHES_RCVD autolearn=ham autolearn_force=no version=3.4.1 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=cs.msu.ru; s=dkim; h=Subject:In-Reply-To:Content-Type:MIME-Version:References:Message-ID :Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=RymGYlbiddcC4sfSE9PgcdTTGrVt1I/dy3FI4gfYTfM=; b=T3zr537Mb5ks3jrxHHzRZvRYqf pVvcygTaBCn5QrWSVt3k4IjNUU8cb0t58kBKHCLw/23nYqoJDWQl0jO/aVwD2Qt20/wsw4yPxsVdD JLr62YZ2VjIs8LvUAN2EvlsDSt+aHQOM6x9nlowf+yDdyvtPfNFBAfaXX0W/TjDAd40lIL9Oi6mkA dRWrxdWWfpHjc13Gz5oTunMVQrBXVB8REUUorTRomM7UtmNDHixLXS4RAlqnP+fNYx8TiGSATG1t9 AlevCFrD0eN6ExC7tQpiVh2tV5vRDoHjbvswqm+iEuKS4xkKW8KzcmD9Y+JtGosJP5MYKszrm7DDT qz3m8Qrg==; Date: Thu, 17 Sep 2020 16:11:56 +0300 From: Arseny Maslennikov To: Alex Gladkov , devel@lists.altlinux.org Message-ID: <20200917131156.GH286846@cello> References: <9bca7626b593f896de4283cba2d6290ec99eb4f2.1576183643.git.legion@altlinux.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="6cMF9JLEeZkfJjkP" Content-Disposition: inline In-Reply-To: <9bca7626b593f896de4283cba2d6290ec99eb4f2.1576183643.git.legion@altlinux.org> OpenPGP: url=http://grep.cs.msu.ru/~ar/pgp-key.asc X-SA-Exim-Connect-IP: 10.7.5.179 X-SA-Exim-Mail-From: ar@cs.msu.ru X-SA-Exim-Version: 4.2.1 X-SA-Exim-Scanned: Yes (on mail.cs.msu.ru) Cc: ldv@altlinux.org Subject: Re: [devel] [PATCH hasher-priv v1 1/3] config.c X-BeenThere: devel@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: ALT Linux Team development discussions List-Id: ALT Linux Team development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Sep 2020 13:12:00 -0000 Archived-At: List-Archive: List-Post: --6cMF9JLEeZkfJjkP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Dec 13, 2019 at 12:42:03PM +0100, Alex Gladkov wrote: > diff --git a/hasher-priv/config.c b/hasher-priv/config.c > index e3fedcd..6b6bdb1 100644 > --- a/hasher-priv/config.c > +++ b/hasher-priv/config.c > @@ -1,6 +1,7 @@ > > /* > Copyright (C) 2003-2019 Dmitry V. Levin > + Copyright (C) 2019 Alexey Gladkov > > Configuration support module for the hasher-priv program. > > @@ -19,13 +20,17 @@ > #include > #include > #include > +#include > > #include "priv.h" > #include "xmalloc.h" > +#include "logging.h" > > const char *const *chroot_prefix_list; > const char *chroot_prefix_path; > const char *change_user1, *change_user2; > +char *server_control_group = NULL; > +char *server_pidfile = NULL; > const char *term; > const char *x11_display, *x11_key; > str_list_t allowed_devices; > @@ -33,6 +38,8 @@ str_list_t allowed_mountpoints; > str_list_t requested_mountpoints; > uid_t change_uid1, change_uid2; > gid_t change_gid1, change_gid2; > +gid_t server_gid; > +unsigned long server_session_timeout = 0; > mode_t change_umask = 022; > int change_nice = 8; > int makedev_console; > @@ -42,6 +49,7 @@ int share_caller_network = 0; > int share_ipc = -1; > int share_network = -1; > int share_uts = -1; > +int server_log_priority = -1; > change_rlimit_t change_rlimit[] = { > > /* Per-process CPU limit, in seconds. */ > @@ -209,7 +217,7 @@ parse_rlim(const char *name, const char *value, const char *optname, > } > > static unsigned long > -str2wlim(const char *name, const char *value, const char *filename) > +str2ul(const char *name, const char *value, const char *filename) > { > char *p = 0; > unsigned long long n; > @@ -229,7 +237,7 @@ static void > modify_wlim(unsigned long *pval, const char *value, > const char *optname, const char *filename, int is_system) > { > - unsigned long val = str2wlim(optname, value, filename); > + unsigned long val = str2ul(optname, value, filename); > > if (is_system || *pval == 0 || (val > 0 && val < *pval)) > *pval = val; > @@ -633,3 +641,134 @@ parse_env(void) > if ((e = getenv("requested_mountpoints"))) > parse_str_list(e, &requested_mountpoints); > } > + > +static void > +check_server_control_group(void) Bad (IOW, unlucky) naming; especially since in a later patch hasher-privd deals with cgroups. Is this related to the socket inode's gid in /run? > +{ > + struct group *gr; > + > + if (!server_control_group || !*server_control_group) > + error(EXIT_FAILURE, 0, "config: undefined: control_group"); > + > + gr = getgrnam(server_control_group); > + > + if (!gr || !gr->gr_name) > + error(EXIT_FAILURE, 0, "config: control_group: %s lookup failure", server_control_group); > + > + server_gid = gr->gr_gid; > +} > + > +static void > +set_server_config(const char *name, const char *value, const char *filename) > +{ > + if (!strcasecmp("priority", name)) { > + server_log_priority = logging_level(value); > + } else if (!strcasecmp("session_timeout", name)) { > + server_session_timeout = str2ul(name, value, filename); > + } else if (!strcasecmp("pidfile", name)) { > + free(server_pidfile); > + server_pidfile = xstrdup(value); > + } else if (!strcasecmp("control_group", name)) { > + free(server_control_group); > + server_control_group = xstrdup(value); > + } else { > + bad_option_name(name, filename); > + } > +} > + > +static void > +read_server_config(int fd, const char *name) > +{ > + FILE *fp = fdopen(fd, "r"); > + char buf[BUFSIZ]; > + unsigned line; > + > + if (!fp) > + error(EXIT_FAILURE, errno, "fdopen: %s", name); > + > + for (line = 1; fgets(buf, BUFSIZ, fp); ++line) { > + const char *start, *left; > + char *eq, *right, *end; > + > + for (start = buf; *start && isspace(*start); ++start) > + ; > + > + if (!*start || '#' == *start) > + continue; > + > + if (!(eq = strchr(start, '='))) > + error(EXIT_FAILURE, 0, "%s: syntax error at line %u", > + name, line); > + > + left = start; > + right = eq + 1; > + > + for (; eq > left; --eq) > + if (!isspace(eq[-1])) > + break; > + > + if (left == eq) > + error(EXIT_FAILURE, 0, "%s: syntax error at line %u", > + name, line); > + > + *eq = '\0'; > + end = right + strlen(right); > + > + for (; right < end; ++right) > + if (!isspace(*right)) > + break; > + > + for (; end > right; --end) > + if (!isspace(end[-1])) > + break; > + > + *end = '\0'; > + set_server_config(left, right, name); > + } > + > + if (ferror(fp)) > + error(EXIT_FAILURE, errno, "fgets: %s", name); > + > + if (fclose(fp)) > + error(EXIT_FAILURE, errno, "fclose: %s", name); > +} > + > +static void > +load_server_config(const char *name) > +{ > + struct stat st; > + int fd = open(name, O_RDONLY | O_NOFOLLOW | O_NOCTTY); > + > + if (fd < 0) > + error(EXIT_FAILURE, errno, "open: %s", name); > + > + if (fstat(fd, &st) < 0) > + error(EXIT_FAILURE, errno, "fstat: %s", name); > + > + stat_root_ok_validator(&st, name); > + > + if (!S_ISREG(st.st_mode)) > + error(EXIT_FAILURE, 0, "%s: not a regular file", name); > + > + if (st.st_size > MAX_CONFIG_SIZE) > + error(EXIT_FAILURE, 0, "%s: file too large: %lu", > + name, (unsigned long) st.st_size); > + > + read_server_config(fd, name); > +} > + > +void > +configure_server(void) > +{ > + safe_chdir("/", stat_root_ok_validator); > + safe_chdir("etc/hasher-priv", stat_root_ok_validator); > + load_server_config("server"); > + check_server_control_group(); > +} > + > +void > +free_server_configuration(void) > +{ > + free(server_pidfile); > + free(server_control_group); > +} --6cMF9JLEeZkfJjkP Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE56JD3UKTLEu/ddrm9dQjyAYL01AFAl9jYJwACgkQ9dQjyAYL 01DVPg/+NKu74Q8TgNhzy4phiIPKmdzhLmGLJgUiSI+3IJscFY9XRKM+UTXFfkkC ayU0QzHeFq1qArmV2jTGNvXN/9ny08pTn/YjmR6vEcHHzSPna2xBbakGO7bgB9/c rfZ1lh6W0e9uFyE9woD9WjpyPB7cfXcRtvEpMPAzTp/Wb0nahDyRDgMj/zJ379oE T7qRfO+v4AAd1k+2HPwOHJHMZpggemDVHYyIBzIizhR9f1XTsHDYtIBpSZpwhOha JgH+mq6N4RyKNMWSpxlU6BmUscjIVwkOa8wHm4dm6DnniVDq4MN3ZdPAg1gDkFIi gPfBGe8sV4NTBzbo5dVvyevBqWINIoYCrYfEynGj37D4gZqMKjX15qBdLInzbRMH OkwIdLmR0yZQdPLNZT3+lTfwyI0SWWIElJdZBxUjENFaF07psv7kqqvj27xgstCc 02BfKxWSnzoIeO3MUzjNM5PYgzp+qeov0gRfVTqMTZapMB8H4t2v5hBjqh8MVfo9 W3bLvl1M+PcklO04711wxQXxaL3mdKkF6h43QnhRzW22swrG1jSk4HgyFsyMm/s/ RybaUXxfMbmmXqx0gw8M+GY2sNDntnztH/abrKxwohqQd8CRtcNOwr2FSdNrp6OR RUK7hQwnogq3OBEXWqTrd4EJzJ3qj+JE5HMewZmdOW536F4ni2s= =cOK/ -----END PGP SIGNATURE----- --6cMF9JLEeZkfJjkP--