[Pkg-voip-commits] r5916 - in /rtpproxy/trunk/debian/patches: drop-privs-before-creating-socket series set-ctrl-socket-owner
marcusb-guest at alioth.debian.org
marcusb-guest at alioth.debian.org
Sun Jun 29 16:17:14 UTC 2008
Author: marcusb-guest
Date: Sun Jun 29 16:17:14 2008
New Revision: 5916
URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=5916
Log:
Applied patch from upstream to change owner user/group of the control socket to the setuid/setgid one.
Added:
rtpproxy/trunk/debian/patches/set-ctrl-socket-owner
Removed:
rtpproxy/trunk/debian/patches/drop-privs-before-creating-socket
Modified:
rtpproxy/trunk/debian/patches/series
Modified: rtpproxy/trunk/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-voip/rtpproxy/trunk/debian/patches/series?rev=5916&op=diff
==============================================================================
--- rtpproxy/trunk/debian/patches/series (original)
+++ rtpproxy/trunk/debian/patches/series Sun Jun 29 16:17:14 2008
@@ -1,1 +1,2 @@
+set-ctrl-socket-owner
Added: rtpproxy/trunk/debian/patches/set-ctrl-socket-owner
URL: http://svn.debian.org/wsvn/pkg-voip/rtpproxy/trunk/debian/patches/set-ctrl-socket-owner?rev=5916&op=file
==============================================================================
--- rtpproxy/trunk/debian/patches/set-ctrl-socket-owner (added)
+++ rtpproxy/trunk/debian/patches/set-ctrl-socket-owner Sun Jun 29 16:17:14 2008
@@ -1,0 +1,136 @@
+Patch from upstream (also applied to upstream trunk) to set the owner user/group of the control socket to that of the running uid/gid.
+--- a/main.c
++++ b/main.c
+@@ -42,9 +42,11 @@
+ #include <assert.h>
+ #include <errno.h>
+ #include <fcntl.h>
++#include <grp.h>
+ #include <limits.h>
+ #include <netdb.h>
+ #include <poll.h>
++#include <pwd.h>
+ #include <sched.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+@@ -122,6 +124,8 @@ init_config(struct cfg *cf, int argc, ch
+ {
+ int ch, i;
+ char *bh[2], *bh6[2], *cp;
++ struct passwd *pp;
++ struct group *gp;
+
+ bh[0] = bh[1] = bh6[0] = bh6[1] = NULL;
+
+@@ -242,6 +246,22 @@ init_config(struct cfg *cf, int argc, ch
+ cp++;
+ }
+ cf->run_gname = cp;
++ cf->run_uid = -1;
++ cf->run_gid = -1;
++ if (cf->run_uname != NULL) {
++ pp = getpwnam(cf->run_uname);
++ if (pp == NULL)
++ err(1, "can't find ID for the user: %s", cf->run_uname);
++ cf->run_uid = pp->pw_uid;
++ if (cf->run_gname == NULL)
++ cf->run_gid = pp->pw_gid;
++ }
++ if (cf->run_gname != NULL) {
++ gp = getgrnam(cf->run_gname);
++ if (gp == NULL)
++ err(1, "can't find ID for the group: %s", cf->run_gname);
++ cf->run_gid = gp->gr_gid;
++ }
+ break;
+
+ case 'F':
+@@ -364,6 +384,9 @@ init_controlfd(struct cfg *cf)
+ sizeof controlfd);
+ if (bind(controlfd, sstosa(&ifsun), sizeof ifsun) < 0)
+ err(1, "can't bind to a socket");
++ if ((cf->run_uname != NULL || cf->run_gname != NULL) &&
++ chown(cmd_sock, cf->run_uid, cf->run_gid) == -1)
++ err(1, "can't set owner of the socket");
+ if (listen(controlfd, 32) != 0)
+ err(1, "can't listen on a socket");
+ } else {
+@@ -719,7 +742,7 @@ main(int argc, char **argv)
+ signal(SIGUSR2, fatsignal);
+
+ if (cf.run_uname != NULL || cf.run_gname != NULL) {
+- if (drop_privileges(&cf, cf.run_uname, cf.run_gname) != 0) {
++ if (drop_privileges(&cf) != 0) {
+ rtpp_log_ewrite(RTPP_LOG_ERR, cf.glog,
+ "can't switch to requested user/group");
+ exit(1);
+--- a/rtpp_defines.h
++++ b/rtpp_defines.h
+@@ -102,6 +102,9 @@ struct cfg {
+ char *run_uname;
+ char *run_gname;
+ int no_check;
++
++ uid_t run_uid;
++ gid_t run_gid;
+ };
+
+ #endif
+--- a/rtpp_util.c
++++ b/rtpp_util.c
+@@ -172,37 +172,19 @@ seedrandom(void)
+ }
+
+ int
+-drop_privileges(struct cfg *cf, char *uname, char *gname)
++drop_privileges(struct cfg *cf)
+ {
+- struct passwd *pp;
+- struct group *gp;
+
+- if (gname != NULL) {
+- gp = getgrnam(gname);
+- if (gp == NULL) {
+- rtpp_log_ewrite(RTPP_LOG_ERR, cf->glog, "can't find ID for the group: %s", gname);
+- return -1;
+- }
+- if (setgid(gp->gr_gid) != 0) {
+- rtpp_log_ewrite(RTPP_LOG_ERR, cf->glog, "can't set current group ID: %d", gp->gr_gid);
++ if (cf->run_gname != NULL) {
++ if (setgid(cf->run_gid) != 0) {
++ rtpp_log_ewrite(RTPP_LOG_ERR, cf->glog, "can't set current group ID: %d", cf->run_gid);
+ return -1;
+ }
+ }
+- if (uname == NULL)
++ if (cf->run_uname == NULL)
+ return 0;
+- pp = getpwnam(uname);
+- if (pp == NULL) {
+- rtpp_log_ewrite(RTPP_LOG_ERR, cf->glog, "can't find ID for the user: %s", uname);
+- return -1;
+- }
+- if (gname == NULL) {
+- if (setgid(pp->pw_gid) != 0) {
+- rtpp_log_ewrite(RTPP_LOG_ERR, cf->glog, "can't set current group ID: %d", pp->pw_gid);
+- return -1;
+- }
+- }
+- if (setuid(pp->pw_uid) != 0) {
+- rtpp_log_ewrite(RTPP_LOG_ERR, cf->glog, "can't set current user ID: %d", pp->pw_uid);
++ if (setuid(cf->run_uid) != 0) {
++ rtpp_log_ewrite(RTPP_LOG_ERR, cf->glog, "can't set current user ID: %d", cf->run_uid);
+ return -1;
+ }
+ return 0;
+--- a/rtpp_util.h
++++ b/rtpp_util.h
+@@ -53,7 +53,7 @@ const char *addr2char(struct sockaddr *)
+ double getctime(void);
+ int resolve(struct sockaddr *, int, const char *, const char *, int);
+ void seedrandom(void);
+-int drop_privileges(struct cfg *, char *, char *);
++int drop_privileges(struct cfg *);
+
+ /* Stripped down version of sockaddr_in* for saving space */
+ struct sockaddr_in4_s {
More information about the Pkg-voip-commits
mailing list