From: Richard Kettlewell <rjk@greenend.org.uk>
Date: Wed, 17 Oct 2007 19:49:36 +0000 (+0100)
Subject: auto create config.private on 1st run of server if necessary
X-Git-Tag: debian-1_5_99dev8~113
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/disorder/commitdiff_plain/36be7e6a505753eb31ed165084c729c7efa40534

auto create config.private on 1st run of server if necessary
---

diff --git a/README b/README
index 350d7a2..d59e017 100644
--- a/README
+++ b/README
@@ -123,30 +123,13 @@ NOTE: If you are upgrading from an earlier version, see README.upgrades.
    See README.raw for details on setting up "raw format" players, which allow
    for pausing and gapless play.
 
-5. Create /etc/disorder/config.private.  This should be readable only by the
-   jukebox group:
-
-     touch /etc/disorder/config.private
-     chown root:jukebox /etc/disorder/config.private
-     chmod 640 /etc/disorder/config.private
-
-   Set up a username and password for root, for example with line like this:
-
-     allow root somepassword
-
-   Use (for instance) pwgen(1) to create the password.  DO NOT use your root
-   password - this is a password to give root access to the server, not to give
-   access to the root login.
-
-   See disorderd(8) and disorder_config(5) for more details.
-
-6. Make sure the server is started at boot time.
+5. Make sure the server is started at boot time.
 
    On many Linux systems, examples/disorder.init should be more or less
    suitable; install it in /etc/init.d, adapting it as necessary, and make
    appropriate links from /etc/rc[0-6].d.
 
-7. Start the server.
+6. Start the server.
 
    On Linux systems with sysv-style init:
 
@@ -157,14 +140,14 @@ NOTE: If you are upgrading from an earlier version, see README.upgrades.
    start up correctly there should be an error message.  Correct the problem
    and try again.
 
-8. After a minute it should start to play something.  Try scratching it, as any
+7. After a minute it should start to play something.  Try scratching it, as any
    of the users you set up in step 5:
 
      disorder scratch
 
    The track should stop playing, and (if you set any up) a scratch sound play.
 
-9. Add any other users you want to config.private.  Each user's password
+8. Add any other users you want to config.private.  Each user's password
    should be stored in a file in their home directory, ~/.disorder/passwd,
    which should be readable only by them, and should take the form of a single
    line:
@@ -185,12 +168,12 @@ NOTE: If you are upgrading from an earlier version, see README.upgrades.
    You can use 'disorder authorize' to automatically pick passwords and
    create these files.
 
-10. Optionally source completion.bash from /etc/profile or similar, for
-    example:
+9. Optionally source completion.bash from /etc/profile or similar, for
+   example:
 
-      . /usr/local/share/disorder/completion.bash
+     . /usr/local/share/disorder/completion.bash
 
-    This provides completion over disorder command and option names.
+   This provides completion over disorder command and option names.
 
 
 Web Interface
diff --git a/doc/disorder_config.5.in b/doc/disorder_config.5.in
index aeaef98..744bf13 100644
--- a/doc/disorder_config.5.in
+++ b/doc/disorder_config.5.in
@@ -509,6 +509,9 @@ Configuration files are read in the following order:
 .I pkgconfdir/config.private
 Should be readable only by the jukebox group, and contain \fBallow\fR
 commands for authorised users.
+.IP
+If this file does not exist at startup then the server will create it with a
+randomly chosen password for the root user.
 .TP
 .I pkgconfdir/config.\fRUSER
 Per-user system-controlled client configuration.  Optional but if it
diff --git a/server/Makefile.am b/server/Makefile.am
index 75acf59..6ef505b 100644
--- a/server/Makefile.am
+++ b/server/Makefile.am
@@ -31,6 +31,7 @@ disorderd_SOURCES=disorderd.c				\
 	play.c play.h 					\
 	server.c server.h     				\
 	server-queue.c server-queue.h			\
+	setup.c setup.h					\
 	state.c state.h					\
 	trackdb.c trackdb.h trackdb-int.h exports.c 	\
 	../lib/memgc.c
diff --git a/server/disorderd.c b/server/disorderd.c
index fb31087..944777a 100644
--- a/server/disorderd.c
+++ b/server/disorderd.c
@@ -1,6 +1,6 @@
 /*
  * This file is part of DisOrder.
- * Copyright (C) 2004, 2005, 2006 Richard Kettlewell
+ * Copyright (C) 2004, 2005, 2006, 2007 Richard Kettlewell
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -55,6 +55,7 @@
 #include "mixer.h"
 #include "eventlog.h"
 #include "printf.h"
+#include "setup.h"
 
 static ev_source *ev;
 
@@ -248,6 +249,8 @@ int main(int argc, char **argv) {
     fatal(0, "cannot read configuration");
   /* make sure the home directory exists and has suitable permissions */
   make_home();
+  /* create the default login */
+  make_root_login();
   /* Start the speaker process (as root! - so it can choose its nice value) */
   speaker_setup(ev);
   /* set server nice value _after_ starting the speaker, so that they
diff --git a/server/setup.c b/server/setup.c
new file mode 100644
index 0000000..47cbc87
--- /dev/null
+++ b/server/setup.c
@@ -0,0 +1,96 @@
+/*
+ * This file is part of DisOrder.
+ * Copyright (C) 2007 Richard Kettlewell
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ * USA
+ */
+/** @file server/setup.c
+ * @brief Automated setup functions
+ */
+
+#include <config.h>
+#include "types.h"
+
+#include <unistd.h>
+#include <fcntl.h>
+#include <gcrypt.h>
+#include <pwd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <errno.h>
+#include <stdio.h>
+
+#include "log.h"
+#include "mem.h"
+#include "printf.h"
+#include "configuration.h"
+#include "setup.h"
+#include "hex.h"
+#include "defs.h"
+
+/** @brief Create config.private with a login for root */
+void make_root_login(void) {
+  struct stat sb;
+  char *privconfig,  *privconfignew;
+  int fd;
+  FILE *fp;
+  struct passwd *pw;
+  uint8_t pwbin[10];
+  char *pwhex;
+  
+  if(config->user) {
+    if(!(pw = getpwnam(config->user)))
+      fatal(0, "cannot find user %s", config->user);
+  } else
+    pw = 0;
+  /* Compute filenames */
+  byte_xasprintf(&privconfig, "%s/config.private", pkgconfdir);
+  byte_xasprintf(&privconfignew, "%s/config.private.new", pkgconfdir);
+  /* If config.private already exists don't overwrite it */
+  if(stat(privconfig, &sb) == 0)
+    return;
+  /* Choose a new root password */
+  gcry_randomize(pwbin, sizeof pwbin, GCRY_STRONG_RANDOM);
+  pwhex = hex(pwbin, sizeof pwbin);
+  /* Create the file */
+  if((fd = open(privconfignew, O_WRONLY|O_CREAT, 0600)) < 0)
+    fatal(errno, "error creating %s", privconfignew);
+  /* Fix permissions */
+  if(pw) {
+    if(fchown(fd, 0, pw->pw_gid) < 0)
+      fatal(errno, "error setting owner/group for %s", privconfignew);
+    if(fchmod(fd, 0640) < 0)
+      fatal(errno, "error setting permissions for %s", privconfignew);
+  }
+  /* Write the required 'allow' line */
+  if(!(fp = fdopen(fd, "w")))
+    fatal(errno, "fdopen");
+  if(fprintf(fp, "allow root %s\n", pwhex) < 0
+     || fclose(fp) < 0)
+    fatal(errno, "error writing %s", privconfignew);
+  /* Rename into place */
+  if(rename(privconfignew, privconfig) < 0)
+    fatal(errno, "error renaming %s", privconfignew);
+}
+
+/*
+Local Variables:
+c-basic-offset:2
+comment-column:40
+fill-column:79
+indent-tabs-mode:nil
+End:
+*/
diff --git a/server/setup.h b/server/setup.h
new file mode 100644
index 0000000..ea31106
--- /dev/null
+++ b/server/setup.h
@@ -0,0 +1,35 @@
+/*
+ * This file is part of DisOrder
+ * Copyright (C) 2007 Richard Kettlewell
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ * USA
+ */
+
+#ifndef SETUP_H
+#define SETUP_H
+
+void make_root_login(void);
+
+#endif /* SETUP_H */
+
+/*
+Local Variables:
+c-basic-offset:2
+comment-column:40
+fill-column:79
+indent-tabs-mode:nil
+End:
+*/