client/tripectl.c, debian: Fix logging privileges disaster.

Previous behaviour: tripectl starts as root, opens logfile, starts tripe
server, drops privileges, logs happily to file, receives signal,
attempts to open new logfile, and fails miserably.  It therefore
continues logging to the old logfile, which may well have been deleted
by this point.

New behaviour: fix Debianization to put logs in a /var/log/tripe
directory, and arrange for this to be writable by the tripe user; create
the log file after dropping privileges.  If tripectl can't open the log,
it fails, and the tripe server quits due to EOF on stdin.

diff --git a/client/tripectl.c b/client/tripectl.c
index 514506162429860fd6047c85db2b49159c08b2ca..ea86ec5c4fa6c563acaaed49b6c7af7351f487c6 100644 (file)
--- a/client/tripectl.c
+++ b/client/tripectl.c
@@ -65,6 +65,7 @@
 #include "util.h"
 
 #undef sun
+#define IGNORE(x) do if (x); while (0)
 
 /*----- Data structures ---------------------------------------------------*/
 
@@ -92,6 +93,7 @@ static const char *bgtag = 0;
 #define f_noinput 64u
 #define f_warn 128u
 #define f_uclose 256u
+#define f_losing 512u
 
 /*----- Main code ---------------------------------------------------------*/
 
@@ -154,6 +156,7 @@ static void cline(char *p, size_t len, void *b)
   if (!p) {
     if (f & f_command)
       die(EXIT_FAILURE, "server dropped the connection");
+    f &= ~f_losing;
     exit(0);
   }
   q = str_getword(&p);
@@ -477,8 +480,6 @@ int main(int argc, char *argv[])
     die(EXIT_FAILURE, "couldn't set `%s' as current directory: %s",
        dir, strerror(errno));
   }
-  if (logname)
-    logfile(logname);
   if (!pidfile && (f & f_daemon) && ((f & f_syslog) || logname))
     pidfile = "tripectl.pid";
   if (pidfile && (pidfp = fopen(pidfile, "w")) == 0) {
@@ -523,7 +524,6 @@ int main(int argc, char *argv[])
       md[1].cur = pfd[1]; md[1].want = STDOUT_FILENO;
       md[2].cur = efd[1]; md[2].want = STDERR_FILENO;
       mdup(md, 3);
-      if (logfp) fclose(logfp);
       if (pidfp) fclose(pidfp);
       closelog();
       if (f & f_daemon) detachtty();
@@ -550,7 +550,10 @@ int main(int argc, char *argv[])
     }
   }
 
+  f |= f_losing; /* pessimism */
   u_setugid(u, g);
+  if (logname)
+    logfile(logname);
   if (f & f_daemon) {
     if (daemonize())
       die(EXIT_FAILURE, "error becoming daemon: %s", strerror(errno));

diff --git a/debian/changelog b/debian/changelog
index b8cf6c6b97cdd99a78cce6391ed19e0374bc9db6..4d8a4416b00ff91932efaef74104b80c7d195c1a 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+tripe (1.0.0pre11~preview) experimental; urgency=low
+
+  * Fix log/permissions foul-up.  Move the logs to /var/log/tripe, and
+    arrange for that directory to exist with the correct permissions.
+    Don't try to open the log until after dropping privileges, so as to
+    provide a check that we can reopen them later.
+
+ -- Mark Wooding <mdw@distorted.org.uk>  Mon, 27 Jun 2011 09:51:08 +0100
+
 tripe (1.0.0pre10) experimental; urgency=low
 
   * Overhaul SLIP error handling.

diff --git a/debian/rules b/debian/rules
index 7cc8074bf3aa7eb34fdd07dfc8853f8ee215699e..b902fb6c2ca39caa865a58e2ee3f347818b880bc 100755 (executable)
--- a/debian/rules
+++ b/debian/rules
@@ -22,10 +22,10 @@ DEB_CONFIGURE_EXTRA_FLAGS = \
        --with-tunnel="$(default_tunnel) slip" \
        --with-configdir="/etc/tripe" \
        --with-socketdir="/var/run" \
-       --with-logfile="/var/log/tripe.log" \
+       --with-logfile="/var/log/tripe/tripe.log" \
        --with-pidfile="/var/run/tripectl.pid" \
        --with-initconfig="/etc/default/tripe" \
-       --with-wireshark
+       --with-wireshark="/usr/lib/wireshark/libwireshark0/plugins"
 
 ###--------------------------------------------------------------------------
 ### Python.

diff --git a/debian/tripe.logrotate b/debian/tripe.logrotate
index 83a0066f18a7188b4412849de1922b45dcf390f1..ff3f470c48deff69561c79db7168cb126f7547e0 100644 (file)
--- a/debian/tripe.logrotate
+++ b/debian/tripe.logrotate
@@ -1,4 +1,4 @@
-/var/log/tripe.log {
+/var/log/tripe/tripe.log {
        rotate 7
        weekly
        compress

diff --git a/debian/tripe.postinst b/debian/tripe.postinst
index 2994690257f4bdb6f5d4e83fed9848f16b2cb914..0ec93bc66e52618f8993bf68a1754cfb51d2e953 100644 (file)
--- a/debian/tripe.postinst
+++ b/debian/tripe.postinst
@@ -22,4 +22,14 @@ getent passwd tripe >/dev/null || \
                --gecos "TrIPE server" \
                tripe
 
+## Create the log directory and an initial logfile.
+if [ ! -d /var/log/tripe ]; then
+  mkdir -m2750 /var/log/tripe
+  chown tripe:adm /var/log/tripe
+fi
+if [ ! -f /var/log/tripe/tripe.log ]; then
+  (umask 027; touch /var/log/tripe/tripe.log)
+  chown tripe:adm /var/log/tripe/tripe.log
+fi
+
 #DEBHELPER#