X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=userv.git;a=blobdiff_plain;f=process.c;h=b091f4e5b8876b490f6159eb0a0f071eac07a51d;hp=35eba59ccd115c9091a277637b6b38e422a0f22a;hb=99ff52b783574342c2859359aa6c39229bd5dcda;hpb=db59ee1476515a65cfcca10a3059d8ccb2d24d32

diff --git a/process.c b/process.c
index 35eba59..b091f4e 100644
--- a/process.c
+++ b/process.c
@@ -41,7 +41,6 @@
 #include <stdio.h>
 #include <stdarg.h>
 #include <unistd.h>
-#include <wait.h>
 #include <assert.h>
 #include <signal.h>
 #include <string.h>
@@ -52,6 +51,7 @@
 #include <grp.h>
 #include <ctype.h>
 #include <limits.h>
+#include <sys/wait.h>
 #include <sys/types.h>
 #include <sys/fcntl.h>
 #include <sys/stat.h>
@@ -126,7 +126,7 @@ static void xfwriteerror(void) {
   if (errno != EPIPE) syscallerror("writing to client");
   blocksignals();
   ensurelogopen(USERVD_LOGFACILITY);
-  syslog(LOG_DEBUG,"client went away (broken pipe)");
+  syslog(LOG_INFO,"client went away (broken pipe)");
   disconnect(8);
 }
 
@@ -151,7 +151,7 @@ static void xfread(void *p, size_t sz) {
   if (ferror(srfile)) syscallerror("reading from client");
   blocksignals();
   assert(feof(srfile));
-  syslog(LOG_DEBUG,"client went away (unexpected EOF)");
+  syslog(LOG_INFO,"client went away (unexpected EOF)");
   swfile= 0;
   disconnect(8);
 }
@@ -183,7 +183,7 @@ static void getevent(struct event_msg *event_r) {
 	blocksignals();
 	syslog(LOG_ERR,"client sent bad file descriptor %d to close (max %d)",
 	       fd,fdarrayused-1);
-	disconnect(12);
+	disconnect(20);
       }
       if (fdarray[fd].holdfd!=-1) {
 	if (close(fdarray[fd].holdfd)) syscallerror("cannot close holding fd");
@@ -192,7 +192,7 @@ static void getevent(struct event_msg *event_r) {
       break;
     case et_disconnect:
       blocksignals();
-      syslog(LOG_DEBUG,"client disconnected");
+      syslog(LOG_INFO,"client disconnected");
       disconnect(4);
     default:
       return;
@@ -218,7 +218,7 @@ void syscallerror(const char *what) {
   e= errno;
   blocksignals();
   syslog(LOG_ERR,"system call failure: %s: %s",what,strerror(e));
-  disconnect(18);
+  disconnect(16);
 }
 
 /* Functions which may be called from signal handlers.  These
@@ -287,7 +287,7 @@ static void NONRETURNING sighandler_chld(int ignored) {
   xfwrite(&progress_mbuf,sizeof(progress_mbuf),swfile);
   xfflush(swfile);
 
-  syslog(LOG_DEBUG,"service completed (status %d %d)",(status>>8)&0x0ff,status&0x0ff);
+  syslog(LOG_INFO,"service completed (status %d %d)",(status>>8)&0x0ff,status&0x0ff);
   _exit(0);
 }
 
@@ -327,7 +327,7 @@ static void NONRETURNING generalfailure(const char *prefix, int reserveerrno,
     strnytcat(errmsg,strerror(errnoval),sizeof(errmsg));
   }
   senderrmsgstderr(errmsg);
-  syslog(LOG_DEBUG,"service failed (%s)",errmsg);
+  syslog(LOG_INFO,"service failed (%s)",errmsg);
   disconnect(12);
 }
 
@@ -399,6 +399,7 @@ static void send_opening(void) {
   memset(&opening_mbuf,0,sizeof(opening_mbuf));
   opening_mbuf.magic= OPENING_MAGIC;
   memcpy(opening_mbuf.protocolchecksumversion,protocolchecksumversion,PCSUMSIZE);
+  opening_mbuf.overlordpid= overlordpid;
   opening_mbuf.serverpid= mypid;
   xfwrite(&opening_mbuf,sizeof(opening_mbuf),swfile);
   xfflush(swfile);
@@ -411,6 +412,7 @@ static void receive_request(void) {
   xfread(&request_mbuf,sizeof(request_mbuf));
   serviceuser= xfreadsetstring(request_mbuf.serviceuserlen);
   service= xfreadsetstring(request_mbuf.servicelen);
+  assert(request_mbuf.spoofed==0 || request_mbuf.spoofed==1);
   logname= xfreadsetstring(request_mbuf.lognamelen);
   cwd= xfreadsetstring(request_mbuf.cwdlen);
   if (request_mbuf.overridelen >= 0) {
@@ -505,12 +507,15 @@ static void lookup_uidsgids(void) {
   serviceuser_shell= xstrsave(pw->pw_shell);
   serviceuser_uid= pw->pw_uid;
   
+  if (setregid(pw->pw_gid,pw->pw_gid)) syscallerror("setregid 1");
   if (initgroups(pw->pw_name,pw->pw_gid)) syscallerror("initgroups");
   if (setreuid(pw->pw_uid,pw->pw_uid)) syscallerror("setreuid 1");
   if (setreuid(pw->pw_uid,pw->pw_uid)) syscallerror("setreuid 2");
-  if (pw->pw_uid)
+  if (pw->pw_uid) {
     if (!setreuid(pw->pw_uid,0)) miscerror("setreuid 3 unexpectedly succeeded");
-  if (errno != EPERM) syscallerror("setreuid 3 failed in unexpected way");
+    if (errno != EPERM) syscallerror("setreuid 3 failed in unexpected way");
+  }
+  if (setregid(pw->pw_gid,pw->pw_gid)) syscallerror("setregid 2");
 
   service_ngids= getgroups(0,0); if (service_ngids == -1) syscallerror("getgroups(0,0)");
   if (service_ngids > MAX_GIDS) miscerror("service user is in far too many groups");
@@ -594,6 +599,7 @@ static void makenonexistentfd(int fd) {
     if (fdarray[fd].holdfd != -1) {
       if (close(fdarray[fd].holdfd))
 	syscallfailure("close unwanted hold descriptor for %d",fd);
+      fdarray[fd].holdfd= -1;
     }
   }
 }
@@ -710,9 +716,13 @@ void servicerequest(int sfd) {
   setup_comms(sfd);
   send_opening();
   receive_request();
+  if (request_mbuf.clientpid == (pid_t)-1) _exit(2);
   establish_pipes();
   lookup_uidsgids();
   debug_dumprequest(mypid);
+  syslog(LOG_INFO,"%s %s -> %s %c %s",
+	 request_mbuf.spoofed ? "spoof" : "user",
+	 logname, serviceuser, overridedata?'!':':', service);
 
   if (overridedata)
     r= parse_string(TOPLEVEL_OVERRIDDEN_CONFIGURATION,