[Pkg-voip-commits] r5916 - in /rtpproxy/trunk/debian/patches: drop-privs-before-creating-socket series set-ctrl-socket-owner

marcusb-guest at alioth.debian.org marcusb-guest at alioth.debian.org
Sun Jun 29 16:17:14 UTC 2008 

Author: marcusb-guest
Date: Sun Jun 29 16:17:14 2008
New Revision: 5916

URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=5916
Log:
Applied patch from upstream to change owner user/group of the control socket to the setuid/setgid one.

Added:
    rtpproxy/trunk/debian/patches/set-ctrl-socket-owner
Removed:
    rtpproxy/trunk/debian/patches/drop-privs-before-creating-socket
Modified:
    rtpproxy/trunk/debian/patches/series

Modified: rtpproxy/trunk/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-voip/rtpproxy/trunk/debian/patches/series?rev=5916&op=diff
==============================================================================
--- rtpproxy/trunk/debian/patches/series (original)
+++ rtpproxy/trunk/debian/patches/series Sun Jun 29 16:17:14 2008
@@ -1,1 +1,2 @@
 
+set-ctrl-socket-owner

Added: rtpproxy/trunk/debian/patches/set-ctrl-socket-owner
URL: http://svn.debian.org/wsvn/pkg-voip/rtpproxy/trunk/debian/patches/set-ctrl-socket-owner?rev=5916&op=file
==============================================================================
--- rtpproxy/trunk/debian/patches/set-ctrl-socket-owner (added)
+++ rtpproxy/trunk/debian/patches/set-ctrl-socket-owner Sun Jun 29 16:17:14 2008
@@ -1,0 +1,136 @@
+Patch from upstream (also applied to upstream trunk) to set the owner user/group of the control socket to that of the running uid/gid.
+--- a/main.c
++++ b/main.c
+@@ -42,9 +42,11 @@
+ #include <assert.h>
+ #include <errno.h>
+ #include <fcntl.h>
++#include <grp.h>
+ #include <limits.h>
+ #include <netdb.h>
+ #include <poll.h>
++#include <pwd.h>
+ #include <sched.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+@@ -122,6 +124,8 @@ init_config(struct cfg *cf, int argc, ch
+ {
+     int ch, i;
+     char *bh[2], *bh6[2], *cp;
++    struct passwd *pp;
++    struct group *gp;
+ 
+     bh[0] = bh[1] = bh6[0] = bh6[1] = NULL;
+ 
+@@ -242,6 +246,22 @@ init_config(struct cfg *cf, int argc, ch
+ 		cp++;
+ 	    }
+ 	    cf->run_gname = cp;
++	    cf->run_uid = -1;
++	    cf->run_gid = -1;
++	    if (cf->run_uname != NULL) {
++		pp = getpwnam(cf->run_uname);
++		if (pp == NULL)
++		    err(1, "can't find ID for the user: %s", cf->run_uname);
++		cf->run_uid = pp->pw_uid;
++		if (cf->run_gname == NULL)
++		    cf->run_gid = pp->pw_gid;
++	    }
++	    if (cf->run_gname != NULL) {
++		gp = getgrnam(cf->run_gname);
++		if (gp == NULL)
++		    err(1, "can't find ID for the group: %s", cf->run_gname);
++		cf->run_gid = gp->gr_gid;
++	    }
+ 	    break;
+ 
+ 	case 'F':
+@@ -364,6 +384,9 @@ init_controlfd(struct cfg *cf)
+ 	  sizeof controlfd);
+ 	if (bind(controlfd, sstosa(&ifsun), sizeof ifsun) < 0)
+ 	    err(1, "can't bind to a socket");
++	if ((cf->run_uname != NULL || cf->run_gname != NULL) &&
++	  chown(cmd_sock, cf->run_uid, cf->run_gid) == -1)
++	    err(1, "can't set owner of the socket");
+ 	if (listen(controlfd, 32) != 0)
+ 	    err(1, "can't listen on a socket");
+     } else {
+@@ -719,7 +742,7 @@ main(int argc, char **argv)
+     signal(SIGUSR2, fatsignal);
+ 
+     if (cf.run_uname != NULL || cf.run_gname != NULL) {
+-	if (drop_privileges(&cf, cf.run_uname, cf.run_gname) != 0) {
++	if (drop_privileges(&cf) != 0) {
+ 	    rtpp_log_ewrite(RTPP_LOG_ERR, cf.glog,
+ 	      "can't switch to requested user/group");
+ 	    exit(1);
+--- a/rtpp_defines.h
++++ b/rtpp_defines.h
+@@ -102,6 +102,9 @@ struct cfg {
+     char *run_uname;
+     char *run_gname;
+     int no_check;
++
++    uid_t run_uid;
++    gid_t run_gid;
+ };
+ 
+ #endif
+--- a/rtpp_util.c
++++ b/rtpp_util.c
+@@ -172,37 +172,19 @@ seedrandom(void)
+ }
+ 
+ int
+-drop_privileges(struct cfg *cf, char *uname, char *gname)
++drop_privileges(struct cfg *cf)
+ {
+-    struct passwd *pp;
+-    struct group *gp;
+ 
+-    if (gname != NULL) {
+-	gp = getgrnam(gname);
+-	if (gp == NULL) {
+-	    rtpp_log_ewrite(RTPP_LOG_ERR, cf->glog, "can't find ID for the group: %s", gname);
+-	    return -1;
+-	}
+-	if (setgid(gp->gr_gid) != 0) {
+-	    rtpp_log_ewrite(RTPP_LOG_ERR, cf->glog, "can't set current group ID: %d", gp->gr_gid);
++    if (cf->run_gname != NULL) {
++	if (setgid(cf->run_gid) != 0) {
++	    rtpp_log_ewrite(RTPP_LOG_ERR, cf->glog, "can't set current group ID: %d", cf->run_gid);
+ 	    return -1;
+ 	}
+     }
+-    if (uname == NULL)
++    if (cf->run_uname == NULL)
+ 	return 0;
+-    pp = getpwnam(uname);
+-    if (pp == NULL) {
+-	rtpp_log_ewrite(RTPP_LOG_ERR, cf->glog, "can't find ID for the user: %s", uname);
+-	return -1;
+-    }
+-    if (gname == NULL) {
+-	if (setgid(pp->pw_gid) != 0) {
+-	    rtpp_log_ewrite(RTPP_LOG_ERR, cf->glog, "can't set current group ID: %d", pp->pw_gid);
+-	    return -1;
+-	}
+-    }
+-    if (setuid(pp->pw_uid) != 0) {
+-	rtpp_log_ewrite(RTPP_LOG_ERR, cf->glog, "can't set current user ID: %d", pp->pw_uid);
++    if (setuid(cf->run_uid) != 0) {
++	rtpp_log_ewrite(RTPP_LOG_ERR, cf->glog, "can't set current user ID: %d", cf->run_uid);
+ 	return -1;
+     }
+     return 0;
+--- a/rtpp_util.h
++++ b/rtpp_util.h
+@@ -53,7 +53,7 @@ const char *addr2char(struct sockaddr *)
+ double getctime(void);
+ int resolve(struct sockaddr *, int, const char *, const char *, int);
+ void seedrandom(void);
+-int drop_privileges(struct cfg *, char *, char *);
++int drop_privileges(struct cfg *);
+ 
+ /* Stripped down version of sockaddr_in* for saving space */
+ struct sockaddr_in4_s {

More information about the Pkg-voip-commits mailing list