Allow overriding of perms check on real control path

diff --git a/backends/innduct.c b/backends/innduct.c
index 853a25c37b628f850f076d2e179af8f856b8b039..d29e48f85be113464c1b6b28372cb9b32a8a9ac3 100644 (file)
--- a/backends/innduct.c
+++ b/backends/innduct.c
@@ -23,16 +23,6 @@
  *  with GPLv3.  If not then please let me know.  -Ian Jackson.)
  */
 
  *  with GPLv3.  If not then please let me know.  -Ian Jackson.)
  */
 

-/*
- * todo
- *  specify perms of /tmp/innduct.control
- */
-
-/*
- * debugging rune:
- *  build-lfs/backends/innduct --connection-timeout=30 --no-daemon -C ../inn.conf -f `pwd`/fee sit localhost
- */
-

 /*
  * Newsfeeds file entries should look like this:
  *     host.name.of.site[/exclude,exclude,...]\
 /*
  * Newsfeeds file entries should look like this:
  *     host.name.of.site[/exclude,exclude,...]\


@@ -360,6 +350,7 @@ static void connfail(Conn *conn, const char *fmt, ...)         PRINTF(2,3);
 static const oop_rd_style peer_rd_style;
 static oop_rd_call peer_rd_err, peer_rd_ok;
 
 static const oop_rd_style peer_rd_style;
 static oop_rd_call peer_rd_err, peer_rd_ok;
 

+

 /*----- configuration options -----*/
 /* when changing defaults, remember to update the manpage */
 
 /*----- configuration options -----*/
 /* when changing defaults, remember to update the manpage */
 


@@ -377,6 +368,7 @@ static int target_max_feedfile_size=100000;
 static int period_seconds=60;
 static int filepoll_seconds=5;
 static int max_queue_per_ipf=-1;
 static int period_seconds=60;
 static int filepoll_seconds=5;
 static int max_queue_per_ipf=-1;

+static int realsockdir_any_perms=0;

 
 static int connection_setup_timeout=200;
 static int inndcomm_flush_timeout=100;
 
 static int connection_setup_timeout=200;
 static int inndcomm_flush_timeout=100;


@@ -1039,7 +1031,7 @@ static void control_init(void) {
       r= mkdir(realsockdir, 0700);
       if (r) NOCONTROL("mkdir real socket dir %s", realsockdir);
 
       r= mkdir(realsockdir, 0700);
       if (r) NOCONTROL("mkdir real socket dir %s", realsockdir);
 

-    } else {
+    } else if (!realsockdir_any_perms) {

       uid_t self= geteuid();
       if (!S_ISDIR(stab.st_mode) ||
          stab.st_uid != self ||
       uid_t self= geteuid();
       if (!S_ISDIR(stab.st_mode) ||
          stab.st_uid != self ||


@@ -3607,6 +3599,7 @@ static const Option innduct_options[]= {
 {'C',"inndconf",         "F",     &inndconffile,             op_string      },
 {'P',"port",             "PORT",  &port,                     op_integer     },
 {0,"ctrl-sock-dir",      0,       &realsockdir,              op_string      },
 {'C',"inndconf",         "F",     &inndconffile,             op_string      },
 {'P',"port",             "PORT",  &port,                     op_integer     },
 {0,"ctrl-sock-dir",      0,       &realsockdir,              op_string      },

+{0,"no-ctrl-sock-dir-perms-check",0,&realsockdir_any_perms,  op_setint, 0   },

 {0,"help",               0,       0,                         help           },
 
 {0,"max-connections",    "N",     &max_connections,          op_integer     },
 {0,"help",               0,       0,                         help           },
 
 {0,"max-connections",    "N",     &max_connections,          op_integer     },


@@ -3765,7 +3758,7 @@ int main(int argc, char **argv) {
 
   int val= 1;
   r= SMsetup(SM_PREOPEN, &val); if (!r) warn("SMsetup SM_PREOPEN failed");
 
   int val= 1;
   r= SMsetup(SM_PREOPEN, &val); if (!r) warn("SMsetup SM_PREOPEN failed");

-  r= SMinit(); if (!r) die("storage manager initialisation (SMinit) failed");
+//  r= SMinit(); if (!r) die("storage manager initialisation (SMinit) failed");

 
   if (!become_daemon)
     control_stdio();
 
   if (!become_daemon)
     control_stdio();

diff --git a/doc/man/innduct.8 b/doc/man/innduct.8
index 580f317ed853af04e96c463253e3b87fb1c4913a..fa6cede7b7f6d76b1203b24d3b223c42ea2ff1a7 100644 (file)
--- a/doc/man/innduct.8
+++ b/doc/man/innduct.8
@@ -106,13 +106,13 @@ Read
 instead of the default
 .BR inn.conf .
 .TP
 instead of the default
 .BR inn.conf .
 .TP

-.BI \-\-ctrl-sock-dir= DIR
+.BI \-\-ctrl-sock-dir= CTRL-SOCK-DIR

 Use
 Use

-.I DIR
+.I CTRL-SOCK-DIR

 as the directory to contain the actual control socket.  See
 CONTROLLING INNDUCT, below.
 If
 as the directory to contain the actual control socket.  See
 CONTROLLING INNDUCT, below.
 If

-.I DIR
+.I CTRL-SOCK-DIR

 does not exist it will be created with mode 0700; if it does
 exist it must not be a symlink and must be owned by the user running
 innduct and have no access for "other".  If the control socket cannot
 does not exist it will be created with mode 0700; if it does
 exist it must not be a symlink and must be owned by the user running
 innduct and have no access for "other".  If the control socket cannot


@@ -120,6 +120,13 @@ be set up (for this or any other reason), a warning is logged, but
 such situations are not fatal for innduct's startup.  The default is
 .BR /tmp/innduct.control .
 .TP
 such situations are not fatal for innduct's startup.  The default is
 .BR /tmp/innduct.control .
 .TP

+.BI \-\-no-ctrl-sock-dir-perms-check
+Use an existing
+.I CTRL-SOCK-DIR
+even if it has unexpected permissions and ownership.  Note that this
+is not safe with the default value of
+.IR CTRL-SOCK-DIR .
+.TP

 .BI \-\-port= PORT
 Connect to port
 .I PORT
 .BI \-\-port= PORT
 Connect to port
 .I PORT