From: Ian Jackson Date: Mon, 3 May 2010 12:03:49 +0000 (+0100) Subject: Allow overriding of perms check on real control path X-Git-Tag: innduct-0.1~59 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=innduct.git;a=commitdiff_plain;h=93844344f9f05434c69fdb15fd6fa65e10d040bb Allow overriding of perms check on real control path --- diff --git a/backends/innduct.c b/backends/innduct.c index 853a25c..d29e48f 100644 --- a/backends/innduct.c +++ b/backends/innduct.c @@ -23,16 +23,6 @@ * with GPLv3. If not then please let me know. -Ian Jackson.) */ -/* - * todo - * specify perms of /tmp/innduct.control - */ - -/* - * debugging rune: - * build-lfs/backends/innduct --connection-timeout=30 --no-daemon -C ../inn.conf -f `pwd`/fee sit localhost - */ - /* * Newsfeeds file entries should look like this: * host.name.of.site[/exclude,exclude,...]\ @@ -360,6 +350,7 @@ static void connfail(Conn *conn, const char *fmt, ...) PRINTF(2,3); static const oop_rd_style peer_rd_style; static oop_rd_call peer_rd_err, peer_rd_ok; + /*----- configuration options -----*/ /* when changing defaults, remember to update the manpage */ @@ -377,6 +368,7 @@ static int target_max_feedfile_size=100000; static int period_seconds=60; static int filepoll_seconds=5; static int max_queue_per_ipf=-1; +static int realsockdir_any_perms=0; static int connection_setup_timeout=200; static int inndcomm_flush_timeout=100; @@ -1039,7 +1031,7 @@ static void control_init(void) { r= mkdir(realsockdir, 0700); if (r) NOCONTROL("mkdir real socket dir %s", realsockdir); - } else { + } else if (!realsockdir_any_perms) { uid_t self= geteuid(); if (!S_ISDIR(stab.st_mode) || stab.st_uid != self || @@ -3607,6 +3599,7 @@ static const Option innduct_options[]= { {'C',"inndconf", "F", &inndconffile, op_string }, {'P',"port", "PORT", &port, op_integer }, {0,"ctrl-sock-dir", 0, &realsockdir, op_string }, +{0,"no-ctrl-sock-dir-perms-check",0,&realsockdir_any_perms, op_setint, 0 }, {0,"help", 0, 0, help }, {0,"max-connections", "N", &max_connections, op_integer }, @@ -3765,7 +3758,7 @@ int main(int argc, char **argv) { int val= 1; r= SMsetup(SM_PREOPEN, &val); if (!r) warn("SMsetup SM_PREOPEN failed"); - r= SMinit(); if (!r) die("storage manager initialisation (SMinit) failed"); +// r= SMinit(); if (!r) die("storage manager initialisation (SMinit) failed"); if (!become_daemon) control_stdio(); diff --git a/doc/man/innduct.8 b/doc/man/innduct.8 index 580f317..fa6cede 100644 --- a/doc/man/innduct.8 +++ b/doc/man/innduct.8 @@ -106,13 +106,13 @@ Read instead of the default .BR inn.conf . .TP -.BI \-\-ctrl-sock-dir= DIR +.BI \-\-ctrl-sock-dir= CTRL-SOCK-DIR Use -.I DIR +.I CTRL-SOCK-DIR as the directory to contain the actual control socket. See CONTROLLING INNDUCT, below. If -.I DIR +.I CTRL-SOCK-DIR does not exist it will be created with mode 0700; if it does exist it must not be a symlink and must be owned by the user running innduct and have no access for "other". If the control socket cannot @@ -120,6 +120,13 @@ be set up (for this or any other reason), a warning is logged, but such situations are not fatal for innduct's startup. The default is .BR /tmp/innduct.control . .TP +.BI \-\-no-ctrl-sock-dir-perms-check +Use an existing +.I CTRL-SOCK-DIR +even if it has unexpected permissions and ownership. Note that this +is not safe with the default value of +.IR CTRL-SOCK-DIR . +.TP .BI \-\-port= PORT Connect to port .I PORT