Hi all again... I did a chroot patch with ability to change uid and gid. I dunno if you all approve with the current implementation but the patch is small and it works here. remember to CC, since i'm not on this ml... //Ian Kumlien PS. To anyone on vorbis-dev, I'm *REALLY* sorry must be tired or something.. =) DS. <p><p><p> -------------- next part -------------- A non-text attachment was scrubbed... Name: icecast-patch.diff.gz Type: application/x-gzip Size: 1786 bytes Desc: icecast-patch.diff.gz Url : http://lists.xiph.org/pipermail/icecast-dev/attachments/20020506/6809abe5/icecast-patch.diff.bin
Hi,
Since the version of the patch that went in to CVS didn't take chroot into
account, I did a patch that fixes this...
Please keep in mind that i have been consuming alc, and i have been working at
a carneval all day... But i tested this and it works here.
//Ian Kumlien
PS. Might need some indent fixes.. but that should be all...
DS.
--- icecast/src/main.c Tue May 14 13:06:54 2002
+++ icecast.old/src/main.c Mon May 20 02:04:55 2002
@@ -9,9 +9,6 @@
#include "httpp.h"
#ifdef CHUID
-#include <sys/types.h>
-#include <grp.h>
-#include <pwd.h>
#include <errno.h>
#endif
@@ -194,8 +191,6 @@
static void _chuid_setup(void)
{
ice_config_t *conf = config_get_config();
- struct passwd *user;
- struct group *group;
if(conf->chuid)
{
@@ -205,16 +200,13 @@
return;
}
- user = getpwnam(conf->user);
- group = getgrnam(conf->group);
-
- if(!setgid(group->gr_gid))
- fprintf(stdout, "Changed groupid to %i.\n",
group->gr_gid);
+ if(!setgid(conf->gid))
+ fprintf(stdout, "Changed groupid to %i.\n", conf->gid);
else
fprintf(stdout, "Error changing groupid: %s.\n",
strerror(errno));
- if(!setuid(user->pw_uid))
- fprintf(stdout, "Changed userid to %i.\n",
user->pw_uid);
+ if(!setuid(conf->uid))
+ fprintf(stdout, "Changed userid to %i.\n", conf->uid);
else
fprintf(stdout, "Error changing userid: %s.\n",
strerror(errno));
--- icecast/src/config.c Tue May 14 13:06:54 2002
+++ icecast.old/src/config.c Mon May 20 02:13:55 2002
@@ -4,6 +4,10 @@
#include <xmlmemory.h>
#include <parser.h>
#include "config.h"
+#ifdef CHUID
+#include <pwd.h>
+#include <grp.h>
+#endif
#define CONFIG_DEFAULT_LOCATION "Earth"
#define CONFIG_DEFAULT_ADMIN "icemaster@localhost"
@@ -21,8 +25,8 @@
#define CONFIG_DEFAULT_ERROR_LOG "error.log"
#define CONFIG_DEFAULT_CHROOT 0
#define CONFIG_DEFAULT_CHUID 0
-#define CONFIG_DEFAULT_USER NULL
-#define CONFIG_DEFAULT_GROUP NULL
+#define CONFIG_DEFAULT_UID 0
+#define CONFIG_DEFAULT_GID 0
#ifndef _WIN32
#define CONFIG_DEFAULT_BASE_DIR "/usr/local/icecast"
@@ -65,8 +69,6 @@
if (_configuration.access_log) free(_configuration.access_log);
if (_configuration.error_log) free(_configuration.error_log);
if (_configuration.bind_address) free(_configuration.bind_address);
- if (_configuration.user) free(_configuration.user);
- if (_configuration.group) free(_configuration.group);
dirnode = _configuration.dir_list;
while(dirnode) {
nextdirnode = dirnode->next;
@@ -147,8 +149,10 @@
_configuration.error_log = (char *)strdup(CONFIG_DEFAULT_ERROR_LOG);
_configuration.chroot = CONFIG_DEFAULT_CHROOT;
_configuration.chuid = CONFIG_DEFAULT_CHUID;
- _configuration.user = CONFIG_DEFAULT_USER;
- _configuration.group = CONFIG_DEFAULT_GROUP;
+#ifdef CHUID
+ _configuration.uid = CONFIG_DEFAULT_UID;
+ _configuration.gid = CONFIG_DEFAULT_GID;
+#endif
}
static void _parse_root(xmlDocPtr doc, xmlNodePtr node)
@@ -282,6 +286,10 @@
{
char *tmp;
xmlNodePtr oldnode;
+#ifdef CHUID
+ struct passwd *user;
+ struct group *group;
+#endif
do {
if (node == NULL) break;
@@ -298,12 +306,16 @@
do {
if(node == NULL) break;
if(xmlIsBlankNode(node)) continue;
- if(strcmp(node->name, "user") == 0) {
- if(_configuration.user) free(_configuration.user);
- _configuration.user = (char *)xmlNodeListGetString(doc,
node->xmlChildrenNode, 1);
+ if(strcmp(node->name, "user") == 0) {
+#ifdef CHUID
+ if((user = getpwnam((char *)xmlNodeListGetString(doc,
node->xmlChildrenNode, 1))))
+ _configuration.uid = user->pw_uid;
+#endif
} else if(strcmp(node->name, "group") == 0) {
- if(_configuration.group) free(_configuration.group);
- _configuration.group = (char *)xmlNodeListGetString(doc,
node->xmlChildrenNode, 1);
+#ifdef CHUID
+ if((group = getgrnam((char *)xmlNodeListGetString(doc,
node->xmlChildrenNode, 1))))
+ _configuration.gid = group->gr_gid;
+#endif
}
} while((node = node->next));
node = oldnode;
--- icecast/src/config.h Tue May 14 13:06:54 2002
+++ icecast.old/src/config.h Mon May 20 02:14:15 2002
@@ -1,6 +1,10 @@
#ifndef __CONFIG_H__
#define __CONFIG_H__
+#ifdef CHUID
+#include <sys/types.h>
+#endif
+
#define CONFIG_EINSANE -1
#define CONFIG_ENOROOT -2
#define CONFIG_EBADROOT -3
@@ -41,8 +45,10 @@
int chroot;
int chuid;
- char *user;
- char *group;
+#ifdef CHUID
+ uid_t uid;
+ gid_t gid;
+#endif
} ice_config_t;
void config_initialize(void);
<p><p>--- >8 ----
List archives: http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to
'icecast-dev-request@xiph.org'
containing only the word 'unsubscribe' in the body. No subject is
needed.
Unsubscribe messages sent to the list will be ignored/filtered.
Michael Smith
2004-Aug-06 14:57 UTC
[icecast-dev] [PATCH] Icecast2 - chroot, setuid/gid...
At 02:03 AM 5/6/02 +0200, Ian Kumlien wrote:>Hi all again... > >I did a chroot patch with ability to change uid and gid. > >I dunno if you all approve with the current implementation but the patch >is small and it works here. > >remember to CC, since i'm not on this ml...This looks useful. If you want it included, it'll at a minimum need to be factored out a bit more cleanly (like putting all the chroot/setuid/etc. stuff in a seperate function), and you'll need to make it optional for portability reasons (along with autoconf stuff to define the right things if it is available). If you do that, then I think we'd be pretty happy to add it. <p>Michael <p>--- >8 ---- List archives: http://www.xiph.org/archives/ icecast project homepage: http://www.icecast.org/ To unsubscribe from this list, send a message to 'icecast-dev-request@xiph.org' containing only the word 'unsubscribe' in the body. No subject is needed. Unsubscribe messages sent to the list will be ignored/filtered.
On Mon, 2002-05-06 at 11:11, Michael Smith wrote:> At 02:03 AM 5/6/02 +0200, Ian Kumlien wrote: > >Hi all again... > > > >I did a chroot patch with ability to change uid and gid. > > > >I dunno if you all approve with the current implementation but the patch > >is small and it works here. > > > >remember to CC, since i'm not on this ml... > > This looks useful. > If you want it included, it'll at a minimum need to be factored out a bit > more cleanly (like putting all the chroot/setuid/etc. stuff in a seperate > function), and you'll need to make it optional for portability reasons > (along with autoconf stuff to define the right things if it is available).Well i dunno how to do the autoconf things, if i knew that i would fix it so that you could do a static compile easily aswell... =) But otoh, function and ifdefs i can do... Anything else i sould have in mind?> If you do that, then I think we'd be pretty happy to add it.I hope so =) //Ian Kumlien <p>--- >8 ---- List archives: http://www.xiph.org/archives/ icecast project homepage: http://www.icecast.org/ To unsubscribe from this list, send a message to 'icecast-dev-request@xiph.org' containing only the word 'unsubscribe' in the body. No subject is needed. Unsubscribe messages sent to the list will be ignored/filtered.
On Mon, 2002-05-06 at 11:11, Michael Smith wrote:> This looks useful. > If you want it included, it'll at a minimum need to be factored out a bit > more cleanly (like putting all the chroot/setuid/etc. stuff in a seperate > function), and you'll need to make it optional for portability reasons > (along with autoconf stuff to define the right things if it is available).Could someone help me with autoconf?> If you do that, then I think we'd be pretty happy to add it.I added ifdefs to make things easier... ie, could be disabled by default etc... And restructured it, Will this do? or do i need to do more? //Ian Kumlien PS. Remember to CC! The diff is also available at http://pomac.netswarm.net/ DS. -------------- next part -------------- A non-text attachment was scrubbed... Name: icecast-patch-v2.diff.gz Type: application/x-gzip Size: 1970 bytes Desc: icecast-patch-v2.diff.gz Url : http://lists.xiph.org/pipermail/icecast-dev/attachments/20020506/3fda7d77/icecast-patch-v2.diff.bin
3:rd try, With autoconfig... and all... Autoconfig only checks for the required files, hopefully this should be enugh to seperate unix from other oses and most *ix should support it afair... As usual, Comments are welcome... //Ian Kumlien PS. Don't forget that CC... DS. -------------- next part -------------- A non-text attachment was scrubbed... Name: icecast-patch-v3.diff.gz Type: application/x-gzip Size: 3450 bytes Desc: icecast-patch-v3.diff.gz Url : http://lists.xiph.org/pipermail/icecast-dev/attachments/20020506/b8155a1b/icecast-patch-v3.diff.bin
Hi,
The latest incarnation of this patch seems ok (Michael tested it, I haven't
yet).
But there is a few things that should be ironed out... like:
user = getpwnam(conf->user);
group = getgrnam(conf->group);
if(user)
uid = user->pw_uid;
else
fprintf(stderr, "Couldn't find user \"%s\" in
password file\n", conf->user);
---
if(user) will segfault if the pointer is 0x0 (which it will be if passwd file
isn't found.
(how it reacts if the user isn't found i don't know, but better safe
than sorry)
use if((user = getpwnam(conf->user))) and you won't have that segfault.
Same goes for if(group).
//Ian Kumlien
<p>--- >8 ----
List archives: http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to
'icecast-dev-request@xiph.org'
containing only the word 'unsubscribe' in the body. No subject is
needed.
Unsubscribe messages sent to the list will be ignored/filtered.