Commit 47eecefe authored by Michal 'vorner' Vaner's avatar Michal 'vorner' Vaner
Browse files

Merge #1510

parents 142ae6ee 4c80cfde
......@@ -44,7 +44,6 @@ pkglibexec_PROGRAMS = b10-auth
b10_auth_SOURCES = query.cc query.h
b10_auth_SOURCES += auth_srv.cc auth_srv.h
b10_auth_SOURCES += auth_log.cc auth_log.h
b10_auth_SOURCES += change_user.cc change_user.h
b10_auth_SOURCES += auth_config.cc auth_config.h
b10_auth_SOURCES += command.cc command.h
b10_auth_SOURCES += common.h common.cc
......
......@@ -45,7 +45,6 @@
<cmdsynopsis>
<command>b10-auth</command>
<arg><option>-n</option></arg>
<arg><option>-u <replaceable>username</replaceable></option></arg>
<arg><option>-v</option></arg>
</cmdsynopsis>
</refsynopsisdiv>
......@@ -92,20 +91,6 @@
<!-- TODO: this is SQLite3 only -->
</varlistentry>
<varlistentry>
<term><option>-u <replaceable>username</replaceable></option></term>
<listitem>
<para>
The user name of the <command>b10-auth</command> daemon.
If specified, the daemon changes the process owner to the
specified user.
The <replaceable>username</replaceable> must be either a
valid numeric user ID or a valid user name.
By default the daemon runs as the user who invokes it.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-v</option></term>
<listitem><para>
......
// Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
// AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
// PERFORMANCE OF THIS SOFTWARE.
#include <errno.h>
#include <string.h>
#include <pwd.h>
#include <unistd.h>
#include <boost/lexical_cast.hpp>
#include <exceptions/exceptions.h>
#include <auth/common.h>
using namespace boost;
using namespace std;
void
changeUser(const char* const username) {
const struct passwd *runas_pw = NULL;
runas_pw = getpwnam(username);
endpwent();
if (runas_pw == NULL) {
try {
runas_pw = getpwuid(lexical_cast<uid_t>(username));
endpwent();
} catch (const bad_lexical_cast&) {
; // fall through to isc_throw below.
}
}
if (runas_pw == NULL) {
throw FatalError("Unknown user name or UID:" + string(username));
}
if (setgid(runas_pw->pw_gid) < 0) {
throw FatalError("setgid() failed: " + string(strerror(errno)));
}
if (setuid(runas_pw->pw_uid) < 0) {
throw FatalError("setuid() failed: " + string(strerror(errno)));
}
}
// Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
// AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
// PERFORMANCE OF THIS SOFTWARE.
#ifndef __CHANGE_USER_H
#define __CHANGE_USER_H 1
/// \brief Change the run time user.
///
/// This function changes the user and its group of the authoritative server
/// process.
///
/// On success the user ID of the process is changed to the specified user,
/// and the group is changed to that of the new user.
///
/// This is considered a short term workaround until we develop clearer
/// privilege separation, where the server won't even have to open privileged
/// ports and can be started by a non privileged user from the beginning.
/// This function therefore ignores some corner case problems (see below)
/// which we would address otherwise.
///
/// \c username can be either a textual user name or its numeric ID.
/// If the specified user name (or ID) doesn't specify a local user ID
/// or the user originally starting the process doesn't have a permission
/// of changing the user to \c username, this function throws an exception
/// of class \c FatalError.
///
/// This function internally uses system libraries that do not guarantee
/// reentrancy. In fact, it doesn't even expect to be called more than once.
/// The behavior is undefined if this function is called from multiple threads
/// simultaneously or more generally called multiple times.
///
/// This function only offers the basic exception guarantee, that is, if
/// an exception is thrown from this function, it's possible that an exception
/// is thrown after changing the group ID. This function doesn't recover
/// from that situation. In practice, the process is expected to consider
/// this event a fatal error and will immediately exit, and shouldn't cause
/// a real trouble.
///
/// \param username User name or ID of the new effective user.
void changeUser(const char* const username);
#endif // __CHANGE_USER_H
// Local Variables:
// mode: c++
// End:
......@@ -42,7 +42,6 @@
#include <auth/common.h>
#include <auth/auth_config.h>
#include <auth/command.h>
#include <auth/change_user.h>
#include <auth/auth_srv.h>
#include <auth/auth_log.h>
#include <asiodns/asiodns.h>
......@@ -86,7 +85,6 @@ usage() {
cerr << "Usage: b10-auth [-u user] [-nv]"
<< endl;
cerr << "\t-n: do not cache answers in memory" << endl;
cerr << "\t-u: change process UID to the specified user" << endl;
cerr << "\t-v: verbose output" << endl;
exit(1);
}
......@@ -96,7 +94,6 @@ usage() {
int
main(int argc, char* argv[]) {
int ch;
const char* uid = NULL;
bool cache = true;
bool verbose = false;
......@@ -105,9 +102,6 @@ main(int argc, char* argv[]) {
case 'n':
cache = false;
break;
case 'u':
uid = optarg;
break;
case 'v':
verbose = true;
break;
......@@ -201,10 +195,6 @@ main(int argc, char* argv[]) {
LOG_ERROR(auth_logger, AUTH_CONFIG_LOAD_FAIL).arg(ex.what());
}
if (uid != NULL) {
changeUser(uid);
}
LOG_DEBUG(auth_logger, DBG_AUTH_START, AUTH_LOAD_TSIG);
isc::server_common::initKeyring(*config_session);
auth_server->setTSIGKeyRing(&isc::server_common::keyring);
......
......@@ -24,7 +24,6 @@ run_unittests_SOURCES += $(top_srcdir)/src/lib/dns/tests/unittest_util.cc
run_unittests_SOURCES += ../auth_srv.h ../auth_srv.cc
run_unittests_SOURCES += ../auth_log.h ../auth_log.cc
run_unittests_SOURCES += ../query.h ../query.cc
run_unittests_SOURCES += ../change_user.h ../change_user.cc
run_unittests_SOURCES += ../auth_config.h ../auth_config.cc
run_unittests_SOURCES += ../command.h ../command.cc
run_unittests_SOURCES += ../common.h ../common.cc
......@@ -34,7 +33,6 @@ run_unittests_SOURCES += config_unittest.cc
run_unittests_SOURCES += command_unittest.cc
run_unittests_SOURCES += common_unittest.cc
run_unittests_SOURCES += query_unittest.cc
run_unittests_SOURCES += change_user_unittest.cc
run_unittests_SOURCES += statistics_unittest.cc
run_unittests_SOURCES += run_unittests.cc
# This is a temporary workaround for #1206, where the InMemoryClient has been
......
// Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
// AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
// PERFORMANCE OF THIS SOFTWARE.
#include <stdlib.h>
#include <unistd.h> // for getuid
#include <string>
#include <boost/lexical_cast.hpp>
#include <gtest/gtest.h>
#include <auth/common.h>
#include <auth/change_user.h>
using namespace std;
namespace {
TEST(ChangeUserTest, changeToTheSameUser) {
const char* const my_username = getenv("USER");
// normally the USER environment variable should be set to the name
// of the local user running this test, but it's not always the case.
if (my_username == NULL) {
cerr << "Environment variable USER is undefined, skipping the test"
<< endl;
return;
}
// changing to the run time user should succeed.
EXPECT_NO_THROW(changeUser(my_username));
}
TEST(ChangeUserTest, changeToTheSameUserId) {
// same as above, but using numeric user ID
EXPECT_NO_THROW(changeUser(
(boost::lexical_cast<string>(getuid())).c_str()));
}
TEST(ChangeUserTest, badUID) {
// -1 should be an invalid numeric UID, and (hopefully) shouldn't be
// a valid textual username.
EXPECT_THROW(changeUser("-1"), FatalError);
}
TEST(ChangeUserTest, promotionAttempt) {
// change to root should fail unless the running user is a super user.
if (getuid() == 0) {
cerr << "Already a super user, skipping the test" << endl;
return;
}
EXPECT_THROW(changeUser("root"), FatalError);
}
}
......@@ -570,8 +570,6 @@ class BoB:
authargs = ['b10-auth']
if self.nocache:
authargs += ['-n']
if self.uid:
authargs += ['-u', str(self.uid)]
if self.verbose:
authargs += ['-v']
......@@ -589,8 +587,6 @@ class BoB:
self.curproc = "b10-resolver"
# XXX: this must be read from the configuration manager in the future
resargs = ['b10-resolver']
if self.uid:
resargs += ['-u', str(self.uid)]
if self.verbose:
resargs += ['-v']
......
......@@ -49,7 +49,6 @@ pkglibexec_PROGRAMS = b10-resolver
b10_resolver_SOURCES = resolver.cc resolver.h
b10_resolver_SOURCES += resolver_log.cc resolver_log.h
b10_resolver_SOURCES += response_scrubber.cc response_scrubber.h
b10_resolver_SOURCES += $(top_builddir)/src/bin/auth/change_user.h
b10_resolver_SOURCES += $(top_builddir)/src/bin/auth/common.h
b10_resolver_SOURCES += main.cc
......@@ -70,7 +69,6 @@ b10_resolver_LDADD += $(top_builddir)/src/lib/server_common/libserver_common.la
b10_resolver_LDADD += $(top_builddir)/src/lib/cache/libcache.la
b10_resolver_LDADD += $(top_builddir)/src/lib/nsas/libnsas.la
b10_resolver_LDADD += $(top_builddir)/src/lib/resolve/libresolve.la
b10_resolver_LDADD += $(top_builddir)/src/bin/auth/change_user.o
b10_resolver_LDFLAGS = -pthread
# TODO: config.h.in is wrong because doesn't honor pkgdatadir
......
......@@ -44,7 +44,6 @@
<refsynopsisdiv>
<cmdsynopsis>
<command>b10-resolver</command>
<arg><option>-u <replaceable>username</replaceable></option></arg>
<arg><option>-v</option></arg>
</cmdsynopsis>
</refsynopsisdiv>
......@@ -85,20 +84,6 @@
<variablelist>
<varlistentry>
<term><option>-u <replaceable>username</replaceable></option></term>
<listitem>
<para>
The user name of the <command>b10-resolver</command> daemon.
If specified, the daemon changes the process owner to the
specified user.
The <replaceable>username</replaceable> must be either a
valid numeric user ID or a valid user name.
By default the daemon runs as the user who invokes it.
</para>
</listitem>
</varlistentry>
<!-- TODO: this needs to be fixed as -v on command line
should imply stdout or stderr output also -->
<!-- TODO: can this -v be overidden by configuration or bindctl? -->
......
......@@ -45,7 +45,6 @@
#include <xfr/xfrout_client.h>
#include <auth/change_user.h>
#include <auth/common.h>
#include <resolver/spec_config.h>
......@@ -95,7 +94,6 @@ my_command_handler(const string& command, ConstElementPtr args) {
void
usage() {
cerr << "Usage: b10-resolver [-u user] [-v]" << endl;
cerr << "\t-u: change process UID to the specified user" << endl;
cerr << "\t-v: verbose output" << endl;
exit(1);
}
......@@ -105,13 +103,9 @@ int
main(int argc, char* argv[]) {
bool verbose = false;
int ch;
const char* uid = NULL;
while ((ch = getopt(argc, argv, "u:v")) != -1) {
switch (ch) {
case 'u':
uid = optarg;
break;
case 'v':
verbose = true;
break;
......@@ -214,11 +208,6 @@ main(int argc, char* argv[]) {
my_command_handler);
LOG_DEBUG(resolver_logger, RESOLVER_DBG_INIT, RESOLVER_CONFIG_CHANNEL);
// FIXME: This does not belong here, but inside Boss
if (uid != NULL) {
changeUser(uid);
}
resolver->setConfigSession(config_session);
// Install all initial configurations. If loading configuration
// fails, it will be logged, but we start the server anyway, giving
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment