[Pkg-voip-commits] [resiprocate] 01/06: Imported Upstream version 1.9.0~rc2
Daniel Pocock
pocock at moszumanska.debian.org
Mon Jan 27 21:56:26 UTC 2014
This is an automated email from the git hooks/post-receive script.
pocock pushed a commit to annotated tag debian/1.9.0_rc2-1
in repository resiprocate.
commit e15db3322eac1af9c240c64ee808f4cf240ccbfb
Author: Daniel Pocock <daniel at pocock.com.au>
Date: Mon Jan 27 22:34:23 2014 +0100
Imported Upstream version 1.9.0~rc2
---
configure | 22 ++++++++++++----------
configure.ac | 4 +++-
repro/ReproRunner.cxx | 3 ++-
repro/monkeys/CookieAuthenticator.cxx | 22 ++++++++++++++++++++--
repro/monkeys/CookieAuthenticator.hxx | 5 ++++-
repro/monkeys/DigestAuthenticator.cxx | 22 ++++++++++------------
repro/plugins/pyroute/PyRouteWorker.cxx | 32 +++++++++++++++++++++++++++++---
repro/repro.config | 18 ++++++++++++++++++
repro/repro.config.ws | 18 ++++++++++++++++++
repro/test/web/websocket-cookie-test.php | 5 ++++-
resip/dum/test/basicClientUserAgent.cxx | 2 +-
resip/stack/EventStackThread.cxx | 6 ++++--
resiprocate.spec | 4 ++--
rutil/ConfigParse.cxx | 17 ++++++++++-------
rutil/Log.cxx | 24 ++++++++++++++++++++++++
rutil/Log.hxx | 6 ++++++
rutil/ServerProcess.cxx | 17 +++++++++++++++--
17 files changed, 182 insertions(+), 45 deletions(-)
diff --git a/configure b/configure
index c99740d..5853909 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for resiprocate 1.9.0~rc1.
+# Generated by GNU Autoconf 2.69 for resiprocate 1.9.0~rc2.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -587,8 +587,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='resiprocate'
PACKAGE_TARNAME='resiprocate'
-PACKAGE_VERSION='1.9.0~rc1'
-PACKAGE_STRING='resiprocate 1.9.0~rc1'
+PACKAGE_VERSION='1.9.0~rc2'
+PACKAGE_STRING='resiprocate 1.9.0~rc2'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -1394,7 +1394,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures resiprocate 1.9.0~rc1 to adapt to many kinds of systems.
+\`configure' configures resiprocate 1.9.0~rc2 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1464,7 +1464,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of resiprocate 1.9.0~rc1:";;
+ short | recursive ) echo "Configuration of resiprocate 1.9.0~rc2:";;
esac
cat <<\_ACEOF
@@ -1600,7 +1600,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-resiprocate configure 1.9.0~rc1
+resiprocate configure 1.9.0~rc2
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2143,7 +2143,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by resiprocate $as_me 1.9.0~rc1, which was
+It was created by resiprocate $as_me 1.9.0~rc2, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2971,7 +2971,7 @@ fi
# Define the identity of the package.
PACKAGE='resiprocate'
- VERSION='1.9.0~rc1'
+ VERSION='1.9.0~rc2'
cat >>confdefs.h <<_ACEOF
@@ -3012,6 +3012,8 @@ am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'
+
+
# Make sure we can run config.sub.
$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5
@@ -17675,7 +17677,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by resiprocate $as_me 1.9.0~rc1, which was
+This file was extended by resiprocate $as_me 1.9.0~rc2, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -17741,7 +17743,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-resiprocate config.status 1.9.0~rc1
+resiprocate config.status 1.9.0~rc2
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff --git a/configure.ac b/configure.ac
index b30c58b..f122bce 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
-AC_INIT(resiprocate,1.9.0~rc1)
+AC_INIT(resiprocate,1.9.0~rc2)
AC_CONFIG_SRCDIR(repro/repro.cxx)
SO_RELEASE=`echo $PACKAGE_VERSION | cut -f1,2 -d.`
@@ -16,6 +16,8 @@ AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_MACRO_DIR([m4])
AM_INIT_AUTOMAKE
+m4_pattern_forbid([^PKG_])
+
AC_CANONICAL_HOST
AM_CONFIG_HEADER(config.h)
diff --git a/repro/ReproRunner.cxx b/repro/ReproRunner.cxx
index 40157d5..8b3c8ce 100644
--- a/repro/ReproRunner.cxx
+++ b/repro/ReproRunner.cxx
@@ -1602,9 +1602,10 @@ ReproRunner::makeRequestProcessorChain(ProcessorChain& chain)
}
Data wsCookieAuthSharedSecret = mProxyConfig->getConfigData("WSCookieAuthSharedSecret", "");
+ Data wsCookieExtraHeaderName = mProxyConfig->getConfigData("WSCookieExtraHeaderName", "X-WS-Session-Extra");
if(!mAuthFactory->digestAuthEnabled() && !wsCookieAuthSharedSecret.empty())
{
- addProcessor(chain, std::auto_ptr<Processor>(new CookieAuthenticator(wsCookieAuthSharedSecret, mSipStack)));
+ addProcessor(chain, std::auto_ptr<Processor>(new CookieAuthenticator(wsCookieAuthSharedSecret, wsCookieExtraHeaderName, mSipStack)));
}
// Add digest authenticator monkey - if required
diff --git a/repro/monkeys/CookieAuthenticator.cxx b/repro/monkeys/CookieAuthenticator.cxx
index b027073..25d5635 100644
--- a/repro/monkeys/CookieAuthenticator.cxx
+++ b/repro/monkeys/CookieAuthenticator.cxx
@@ -33,8 +33,10 @@ using namespace std;
CookieAuthenticator::CookieAuthenticator(const Data& wsCookieAuthSharedSecret,
+ const Data& wsCookieExtraHeaderName,
resip::SipStack* stack) :
- Processor("CookieAuthenticator")
+ Processor("CookieAuthenticator"),
+ mWsCookieExtraHeader(wsCookieExtraHeaderName.empty() ? 0 : new resip::ExtensionHeader(wsCookieExtraHeaderName))
{
}
@@ -80,7 +82,23 @@ CookieAuthenticator::process(repro::RequestContext &rc)
{
if(authorizedForThisIdentity(sipMessage->header(h_RequestLine).method(), wsCookieContext, sipMessage->header(h_From).uri(), sipMessage->header(h_To).uri()))
{
- return Continue;
+ if(mWsCookieExtraHeader.get() && sipMessage->exists(*mWsCookieExtraHeader))
+ {
+ ParserContainer<StringCategory>& extra = sipMessage->header(*mWsCookieExtraHeader);
+ StringCategory& sc = extra.front();
+ if(sc.value() == wsCookieContext.getWsSessionExtra())
+ {
+ return Continue;
+ }
+ else
+ {
+ WarningLog(<<"mWsCookieExtraHeader does not match wsCookieContext value");
+ }
+ }
+ else
+ {
+ return Continue;
+ }
}
rc.sendResponse(*auto_ptr<SipMessage>
(Helper::makeResponse(*sipMessage, 403, "Authentication against cookie failed")));
diff --git a/repro/monkeys/CookieAuthenticator.hxx b/repro/monkeys/CookieAuthenticator.hxx
index 068af0c..dbe3695 100644
--- a/repro/monkeys/CookieAuthenticator.hxx
+++ b/repro/monkeys/CookieAuthenticator.hxx
@@ -4,6 +4,7 @@
#include "rutil/Data.hxx"
#include "repro/Processor.hxx"
#include "resip/stack/Cookie.hxx"
+#include "resip/stack/ExtensionHeader.hxx"
#include "resip/stack/WsCookieContext.hxx"
#include "resip/stack/SipStack.hxx"
@@ -15,13 +16,15 @@ namespace repro
{
public:
- CookieAuthenticator(const Data& wsCookieAuthSharedSecret, resip::SipStack* stack);
+ CookieAuthenticator(const Data& wsCookieAuthSharedSecret, const Data& wsCookieExtraHeaderName, resip::SipStack* stack);
~CookieAuthenticator();
virtual processor_action_t process(RequestContext &);
virtual void dump(EncodeStream &os) const;
private:
+ std::auto_ptr<resip::ExtensionHeader> mWsCookieExtraHeader;
+
bool cookieUriMatch(const resip::Uri &first, const resip::Uri &second);
bool authorizedForThisIdentity(const MethodTypes method, const WsCookieContext& wsCookieContext, resip::Uri &fromUri, resip::Uri &toUri);
};
diff --git a/repro/monkeys/DigestAuthenticator.cxx b/repro/monkeys/DigestAuthenticator.cxx
index 33bd1be..75ed046 100644
--- a/repro/monkeys/DigestAuthenticator.cxx
+++ b/repro/monkeys/DigestAuthenticator.cxx
@@ -99,8 +99,8 @@ DigestAuthenticator::process(repro::RequestContext &rc)
{
if (!rc.getKeyValueStore().getBoolValue(IsTrustedNode::mFromTrustedNodeKey))
{
- challengeRequest(rc, false);
- return SkipAllChains;
+ challengeRequest(rc, false);
+ return SkipAllChains;
}
}
}
@@ -318,7 +318,9 @@ DigestAuthenticator::authorizedForThisIdentity(const resip::Data &user, const re
if (fromUri.host() == realm)
{
if ((fromUri.user() == user) || (fromUri.user() == "anonymous"))
+ {
return true;
+ }
}
// Now try the form where the username parameter in the auth
@@ -327,7 +329,7 @@ DigestAuthenticator::authorizedForThisIdentity(const resip::Data &user, const re
//
if (fromUri.getAorNoPort() == user)
{
- return true;
+ return true;
}
// catch-all: access denied
@@ -346,8 +348,7 @@ DigestAuthenticator::getDefaultIdentity(const resip::Data &user, const resip::Da
}
void
-DigestAuthenticator::challengeRequest(repro::RequestContext &rc,
- bool stale)
+DigestAuthenticator::challengeRequest(repro::RequestContext &rc, bool stale)
{
SipMessage &sipMessage = rc.getOriginalRequest();
Data realm = getRealm(rc);
@@ -358,7 +359,6 @@ DigestAuthenticator::challengeRequest(repro::RequestContext &rc,
delete challenge;
}
-
repro::Processor::processor_action_t
DigestAuthenticator::requestUserAuthInfo(repro::RequestContext &rc, resip::Data &realm)
{
@@ -366,18 +366,16 @@ DigestAuthenticator::requestUserAuthInfo(repro::RequestContext &rc, resip::Data
SipMessage *sipMessage = dynamic_cast<SipMessage*>(message);
assert(sipMessage);
-
// Extract the user from the appropriate Proxy-Authorization header
Auths &authorizationHeaders = sipMessage->header(h_ProxyAuthorizations);
Auths::iterator i;
Data user;
- for (i = authorizationHeaders.begin();
- i != authorizationHeaders.end(); i++)
+ for (i = authorizationHeaders.begin(); i != authorizationHeaders.end(); i++)
{
- if ( i->exists(p_realm) &&
- i->param(p_realm) == realm
- && i->exists(p_username))
+ if (i->exists(p_realm) &&
+ i->param(p_realm) == realm
+ && i->exists(p_username))
{
user = i->param(p_username);
diff --git a/repro/plugins/pyroute/PyRouteWorker.cxx b/repro/plugins/pyroute/PyRouteWorker.cxx
index 52e5cff..2737518 100644
--- a/repro/plugins/pyroute/PyRouteWorker.cxx
+++ b/repro/plugins/pyroute/PyRouteWorker.cxx
@@ -12,7 +12,10 @@
#include "resip/stack/Cookie.hxx"
#include "resip/stack/ExtensionHeader.hxx"
#include "resip/stack/Headers.hxx"
+#include "resip/stack/HeaderFieldValueList.hxx"
#include "resip/stack/Helper.hxx"
+#include "resip/stack/SipMessage.hxx"
+#include "resip/stack/UnknownHeaderType.hxx"
#include "repro/Plugin.hxx"
#include "repro/Processor.hxx"
#include "repro/ProcessorMessage.hxx"
@@ -118,6 +121,29 @@ PyRouteWorker::process(resip::ApplicationMessage* msg)
Py::Dict headers;
headers["From"] = Py::String(message.header(resip::h_From).uri().toString().c_str());
headers["To"] = Py::String(message.header(resip::h_To).uri().toString().c_str());
+ if(message.exists(resip::h_ContentType))
+ {
+ const resip::HeaderFieldValue hfv = message.header(resip::h_ContentType).getHeaderField();
+ headers["Content-Type"] = Py::String(hfv.getBuffer(), hfv.getLength(), "utf8");
+ }
+ const resip::SipMessage::UnknownHeaders& unknowns = message.getRawUnknownHeaders();
+ resip::SipMessage::UnknownHeaders::const_iterator it = unknowns.begin();
+ for( ; it != unknowns.end(); it++)
+ {
+ const resip::Data& name = it->first;
+ StackLog(<<"found unknown header: " << name);
+ resip::HeaderFieldValueList* hfvl = it->second;
+ if(!hfvl->empty())
+ {
+ resip::HeaderFieldValue* hfv = hfvl->front();
+ headers[name.c_str()] = Py::String(hfv->getBuffer(), hfv->getLength(), "utf8");
+ }
+ if(hfvl->size() > 1)
+ {
+ // TODO - if multiple values exist, put them in a Py::List
+ WarningLog(<<"ignoring additional values for header " << name);
+ }
+ }
// arg 4: transport type
Py::String transportType("");
@@ -128,12 +154,12 @@ PyRouteWorker::process(resip::ApplicationMessage* msg)
// arg 5: body
Py::String body("");
- if(message.getContents())
+ const resip::HeaderFieldValue& bodyHfv = message.getRawBody();
+ if(bodyHfv.getLength() > 0)
{
// FIXME: do we always need to copy the whole body?
// could we give Python a read-only pointer to the body data?
- const resip::Data& bodyData = message.getContents()->getBodyData();
- body = Py::String(bodyData.data(), bodyData.size(), "utf8");
+ body = Py::String(bodyHfv.getBuffer(), bodyHfv.getLength(), "utf8");
}
// arg 6: cookies (if the message was received over a WebSocket transport)
diff --git a/repro/repro.config b/repro/repro.config
index 7242a15..3041564 100644
--- a/repro/repro.config
+++ b/repro/repro.config
@@ -177,6 +177,20 @@ DisableHttpAuth = false
HttpAdminRealm = repro
# File containing user/password details
+#
+# The format is:
+#
+# username:realm:HA1
+#
+# where
+#
+# user = admin
+# realm = the value from HttpAdminRealm
+# HA1 = `echo -n user:realm:password | md5sum`
+#
+# You can use the htdigest utility from Apache to create and
+# manage this file
+#
HttpAdminUserFile = users.txt
# Comma separated list of IP addresses used for binding the Command Server listeners.
@@ -690,6 +704,10 @@ AllowBadReg = false
#WSCookieNameExtra = WSSessionExtra
#WSCookieNameMAC = WSSessionMAC
+# Name of the extension header that must match the content of
+# the authenticated WSSessionExtra cookie
+#WSCookieExtraHeaderName = X-WS-Session-Extra
+
########################################################
# RequestFilter Monkey Settings
########################################################
diff --git a/repro/repro.config.ws b/repro/repro.config.ws
index 51c729f..c7210ec 100644
--- a/repro/repro.config.ws
+++ b/repro/repro.config.ws
@@ -177,6 +177,20 @@ DisableHttpAuth = false
HttpAdminRealm = repro
# File containing user/password details
+#
+# The format is:
+#
+# username:realm:HA1
+#
+# where
+#
+# user = admin
+# realm = the value from HttpAdminRealm
+# HA1 = `echo -n user:realm:password | md5sum`
+#
+# You can use the htdigest utility from Apache to create and
+# manage this file
+#
HttpAdminUserFile = users.txt
# Comma separated list of IP addresses used for binding the Command Server listeners.
@@ -690,6 +704,10 @@ AllowBadReg = false
#WSCookieNameExtra = WSSessionExtra
#WSCookieNameMAC = WSSessionMAC
+# Name of the extension header that must match the content of
+# the authenticated WSSessionExtra cookie
+#WSCookieExtraHeaderName = X-WS-Session-Extra
+
########################################################
# RequestFilter Monkey Settings
########################################################
diff --git a/repro/test/web/websocket-cookie-test.php b/repro/test/web/websocket-cookie-test.php
index 13a37d9..afd43d2 100644
--- a/repro/test/web/websocket-cookie-test.php
+++ b/repro/test/web/websocket-cookie-test.php
@@ -26,10 +26,12 @@
$hmac_key = $_POST['hmac_key'];
$time_limit = $_POST['time_limit'];
$cookie_value = '1:' . time() . ':' . $time_limit . ':' . $sip_from . ':' . $sip_to;
- $digest_input = $cookie_value . ':';
+ $extra_value = $_POST['extra_value'];
+ $digest_input = $cookie_value . ':' . $extra_value;
$cookie_mac = hash_hmac ( 'sha1', $digest_input, $hmac_key);
// not sure why setcookie didn't work, we use setrawcookie instead:
setrawcookie("WSSessionInfo", urlencode($cookie_value), $time_limit, '/', $proxy_domain);
+ setrawcookie("WSSessionExtra", urlencode($extra_value), $time_limit, '/', $proxy_domain);
setrawcookie("WSSessionMAC", $cookie_mac, $time_limit, '/', $proxy_domain);
}
@@ -44,6 +46,7 @@
To: <input type="text" name="sip_to" value=""/><br/>
HMAC key (must match repro.config WSCookieAuthSharedSecret): <input type="text" name="hmac_key" value=""/><br/>
Timeout (default now + 1000s): <input type="text" name="time_limit" value="<? echo (time()+1000); ?>"/><br/>
+ Extra header value: <input type="text" name="extra_value" value=""/><br/>
<input type="submit" /><br/>
<p>Note: for from and to URIs, you may use "*" to replace the user, host or both, e.g. *@example.org would allow calls to anybody in example.org</p>
</form>
diff --git a/resip/dum/test/basicClientUserAgent.cxx b/resip/dum/test/basicClientUserAgent.cxx
index 624a8a4..0f86c68 100644
--- a/resip/dum/test/basicClientUserAgent.cxx
+++ b/resip/dum/test/basicClientUserAgent.cxx
@@ -165,7 +165,7 @@ BasicClientUserAgent::BasicClientUserAgent(int argc, char** argv) :
//mProfile->addSupportedMethod(PRACK);
//mProfile->addSupportedOptionTag(Token(Symbols::C100rel)); // Automatically added when using setUacReliableProvisionalMode
mProfile->setUacReliableProvisionalMode(MasterProfile::Supported);
- //mProfile->setUasReliableProvisionalMode(MasterProfile::Supported); // TODO - needs support in DUM, currently unimplemented
+ mProfile->setUasReliableProvisionalMode(MasterProfile::SupportedEssential);
// Support Languages
mProfile->clearSupportedLanguages();
diff --git a/resip/stack/EventStackThread.cxx b/resip/stack/EventStackThread.cxx
index 142a97d..141d8ae 100644
--- a/resip/stack/EventStackThread.cxx
+++ b/resip/stack/EventStackThread.cxx
@@ -148,12 +148,14 @@ EventStackSimpleMgr::createStack(SipStackOptions& options)
}
void
-EventStackSimpleMgr::release() {
+EventStackSimpleMgr::release()
+{
if ( mThread )
{
delete mThread; mThread = NULL;
}
- if ( mStack ) {
+ if ( mStack )
+ {
// we only delete the stack if we created, not if externally created
delete mStack; mStack = NULL;
}
diff --git a/resiprocate.spec b/resiprocate.spec
index 1071e11..31c71f6 100644
--- a/resiprocate.spec
+++ b/resiprocate.spec
@@ -1,5 +1,5 @@
Name: resiprocate
-Version: 1.9.0~rc1
+Version: 1.9.0~rc2
Release: 1%{?dist}
Summary: SIP and TURN stacks, with SIP proxy and TURN server implementations
License: VSL
@@ -308,7 +308,7 @@ fi
%{_sbindir}/presSvr
%changelog
-* Sat Nov 24 2012 Daniel Pocock <daniel at pocock.com.au> - 1.9.0~rc1-1
+* Sat Nov 24 2012 Daniel Pocock <daniel at pocock.com.au> - 1.9.0~rc2-1
- Produce multiple packages for stack/libs, daemons, sipdialer
- Initial build based on autotools
diff --git a/rutil/ConfigParse.cxx b/rutil/ConfigParse.cxx
index 1128975..4fca6ca 100644
--- a/rutil/ConfigParse.cxx
+++ b/rutil/ConfigParse.cxx
@@ -440,14 +440,17 @@ ConfigParse::removePath(const resip::Data& fileAndPath)
bool
ConfigParse::AddBasePathIfRequired(Data& filename)
{
- // If filename already has a path specified, then don't touch it
- ParseBuffer pb(filename);
- pb.skipToOneOf("/\\");
- if(pb.eof())
+ if(!filename.empty())
{
- // No slashes in filename, so no path present
- filename = mConfigBasePath + filename;
- return true;
+ // If filename already has a path specified, then don't touch it
+ ParseBuffer pb(filename);
+ pb.skipToOneOf("/\\");
+ if(pb.eof())
+ {
+ // No slashes in filename, so no path present
+ filename = mConfigBasePath + filename;
+ return true;
+ }
}
return false;
}
diff --git a/rutil/Log.cxx b/rutil/Log.cxx
index 924f287..ca7f20a 100644
--- a/rutil/Log.cxx
+++ b/rutil/Log.cxx
@@ -607,6 +607,14 @@ Log::reset()
getLoggerData().reset();
}
+#ifndef WIN32
+void
+Log::droppingPrivileges(uid_t uid, pid_t pid)
+{
+ getLoggerData().droppingPrivileges(uid, pid);
+}
+#endif
+
bool
Log::isLogging(Log::Level level, const resip::Subsystem& sub)
{
@@ -837,6 +845,22 @@ Log::ThreadData::reset()
mLogger = NULL;
}
+#ifndef WIN32
+void
+Log::ThreadData::droppingPrivileges(uid_t uid, pid_t pid)
+{
+ if(mType == Log::File)
+ {
+ Data logFileName(mLogFileName != "" ? mLogFileName : "resiprocate.log");
+ if(chown(logFileName.c_str(), uid, pid) < 0)
+ {
+ // Some error occurred
+ std::cerr << "ERROR: chown failed on " << logFileName << std::endl;
+ }
+ }
+}
+#endif
+
/* ====================================================================
* The Vovida Software License, Version 1.0
*
diff --git a/rutil/Log.hxx b/rutil/Log.hxx
index ae2b24f..3acfba3 100644
--- a/rutil/Log.hxx
+++ b/rutil/Log.hxx
@@ -253,6 +253,9 @@ class Log
static bool isLogging(Log::Level level, const Subsystem&);
static void OutputToWin32DebugWindow(const Data& result);
static void reset(); ///< Frees logger stream
+#ifndef WIN32
+ static void droppingPrivileges(uid_t uid, pid_t pid);
+#endif
public:
static unsigned int MaxLineCount;
@@ -306,6 +309,9 @@ class Log
std::ostream& Instance(unsigned int bytesToWrite); ///< Return logger stream instance, creating it if needed.
void reset(); ///< Frees logger stream
+#ifndef WIN32
+ void droppingPrivileges(uid_t uid, pid_t pid);
+#endif
volatile Level mLevel;
volatile unsigned int mMaxLineCount;
diff --git a/rutil/ServerProcess.cxx b/rutil/ServerProcess.cxx
index d3be18a..5197b0f 100644
--- a/rutil/ServerProcess.cxx
+++ b/rutil/ServerProcess.cxx
@@ -42,6 +42,7 @@ ServerProcess::dropPrivileges(const Data& runAsUser, const Data& runAsGroup)
int rval;
uid_t cur_uid;
gid_t cur_gid;
+ uid_t new_uid;
gid_t new_gid;
const char *username;
struct passwd *pw;
@@ -59,6 +60,7 @@ ServerProcess::dropPrivileges(const Data& runAsUser, const Data& runAsGroup)
ErrLog(<<"Unable to drop privileges, user not found");
throw std::runtime_error("Unable to drop privileges, user not found");
}
+ new_uid = pw->pw_uid;
if(!runAsGroup.empty())
{
@@ -100,7 +102,7 @@ ServerProcess::dropPrivileges(const Data& runAsUser, const Data& runAsGroup)
}
cur_uid = getuid();
- if (cur_uid != pw->pw_uid)
+ if (cur_uid != new_uid)
{
if (cur_uid != 0)
{
@@ -108,7 +110,18 @@ ServerProcess::dropPrivileges(const Data& runAsUser, const Data& runAsGroup)
throw std::runtime_error("Unable to drop privileges, not root!");
}
- rval = setuid(pw->pw_uid);
+ // If logging to file, the file ownership may be root and needs to
+ // be changed
+ Log::droppingPrivileges(new_uid, new_gid);
+ if(mPidFile.size() > 0)
+ {
+ if(chown(mPidFile.c_str(), new_uid, new_gid) < 0)
+ {
+ ErrLog(<<"Failed to change ownership of PID file");
+ }
+ }
+
+ rval = setuid(new_uid);
if (rval < 0)
{
ErrLog(<<"Unable to drop privileges, operation failed (setuid)");
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-voip/resiprocate.git
More information about the Pkg-voip-commits
mailing list