summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
155a970)
We create the socket before dropping privileges so that we can create it
somewhere we might not be able to write to later. This change will make
it possible for other processes running with reduced privilege to
connect and issue administration requests.
/* --- @a_init@ --- *
*
* Arguments: @const char *name@ = socket name to create
/* --- @a_init@ --- *
*
* Arguments: @const char *name@ = socket name to create
+ * @uid_t u@ = user to own the socket
+ * @gid_t g@ = group to own the socket
*
* Returns: ---
*
* Use: Creates the admin listening socket.
*/
*
* Returns: ---
*
* Use: Creates the admin listening socket.
*/
-void a_init(const char *name)
+void a_init(const char *name, uid_t u, gid_t g)
goto again;
}
chmod(sun.sun_path, 0600);
goto again;
}
chmod(sun.sun_path, 0600);
+ if (chown(sun.sun_path, u, g)) {
+ T( trace(T_ADMIN,
+ "admin: failed to give away socket: %s",
+ strerror(errno)); )
+ }
fdflags(fd, O_NONBLOCK, O_NONBLOCK, FD_CLOEXEC, FD_CLOEXEC);
if (listen(fd, 5))
die(EXIT_FAILURE, "couldn't listen on socket: %s", strerror(errno));
fdflags(fd, O_NONBLOCK, O_NONBLOCK, FD_CLOEXEC, FD_CLOEXEC);
if (listen(fd, 5))
die(EXIT_FAILURE, "couldn't listen on socket: %s", strerror(errno));
.IR user 's
primary group, unless overridden by a
.B \-G
.IR user 's
primary group, unless overridden by a
.B \-G
+option. The selected user (and group) will also be the owner of the
+administration socket.
.TP
.BI "\-G, \-\-setgid=" group
Set gid to that of
.TP
.BI "\-G, \-\-setgid=" group
Set gid to that of
af |= AF_FOREGROUND;
a_create(STDIN_FILENO, STDOUT_FILENO, af);
}
af |= AF_FOREGROUND;
a_create(STDIN_FILENO, STDOUT_FILENO, af);
}
u_setugid(u, g);
km_init(kr_priv, kr_pub, tag_priv);
u_setugid(u, g);
km_init(kr_priv, kr_pub, tag_priv);
if (f & f_daemon) {
if (daemonize())
die(EXIT_FAILURE, "couldn't become a daemon: %s", strerror(errno));
if (f & f_daemon) {
if (daemonize())
die(EXIT_FAILURE, "couldn't become a daemon: %s", strerror(errno));
/* --- @a_init@ --- *
*
* Arguments: @const char *sock@ = socket name to create
/* --- @a_init@ --- *
*
* Arguments: @const char *sock@ = socket name to create
+ * @uid_t u@ = user to own the socket
+ * @gid_t g@ = group to own the socket
*
* Returns: ---
*
* Use: Creates the admin listening socket.
*/
*
* Returns: ---
*
* Use: Creates the admin listening socket.
*/
-extern void a_init(const char */*sock*/);
+extern void a_init(const char */*sock*/, uid_t /*u*/, gid_t /*g*/);
/*----- Mapping with addresses as keys ------------------------------------*/
/*----- Mapping with addresses as keys ------------------------------------*/