Add chroot to konfd. Bad mtimes. Don't use

git-svn-id: https://klish.googlecode.com/svn/trunk@376 0eaa4687-2ee9-07dd-09d9-bcdd2d2dd5fb

Makefile.in

@@ -3110,3 +3110,4 @@ uninstall-am: uninstall-binPROGRAMS uninstall-libLIBRARIES \
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
+

aclocal.m4

@@ -9433,3 +9433,4 @@ AC_SUBST([am__tar])
 AC_SUBST([am__untar])
 ]) # _AM_PROG_TAR
 
+

bin/konfd.c

@@ -27,8 +27,12 @@
 #ifdef HAVE_GETOPT_H
 #include <getopt.h>
 #endif
+#ifdef HAVE_PWD_H
 #include <pwd.h>
+#endif
+#ifdef HAVE_GRP_H
 #include <grp.h>
+#endif
 
 #include "clish/private.h"
 #include "konf/tree.h"
@@ -72,11 +76,12 @@ static int opts_parse(int argc, char *argv[], struct options *opts);
 
 /* Command line options */
 struct options {
-	char	*socket_path;
-	char	*pidfile;
-	int	debug; /* Don't daemonize in debug mode */
-	uid_t	uid;
-	gid_t	gid;
+	char *socket_path;
+	char *pidfile;
+	char *chroot;
+	int debug; /* Don't daemonize in debug mode */
+	uid_t uid;
+	gid_t gid;
 };
 
 /*--------------------------------------------------------- */
@@ -134,24 +139,6 @@ int main(int argc, char **argv)
 		}
 	}
 
-	/* Change GID */
-	if (opts->gid != getgid()) {
-		if (setgid(opts->gid)) {
-			syslog(LOG_ERR, "Can't set GID to %u: %s",
-				opts->gid, strerror(errno));
-			goto err;
-		}
-	}
-
-	/* Change UID */
-	if (opts->uid != getuid()) {
-		if (setuid(opts->uid)) {
-			syslog(LOG_ERR, "Can't set UID to %u: %s",
-				opts->uid, strerror(errno));
-			goto err;
-		}
-	}
-
 	/* Create listen socket */
 	if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
 		syslog(LOG_ERR, "Can't create listen socket: %s\n",
@@ -171,8 +158,42 @@ int main(int argc, char **argv)
 			strerror(errno));
 		goto err;
 	}
+	if (chown(opts->socket_path, opts->uid, opts->gid)) {
+		syslog(LOG_ERR, "Can't chown UNIX socket: %s\n",
+			strerror(errno));
+		goto err;
+	}
 	listen(sock, 5);
 
+	/* Change GID */
+	if (opts->gid != getgid()) {
+		if (setgid(opts->gid)) {
+			syslog(LOG_ERR, "Can't set GID to %u: %s",
+				opts->gid, strerror(errno));
+			goto err;
+		}
+	}
+
+#ifdef HAVE_CHROOT
+	/* Chroot */
+	if (opts->chroot) {
+		if (chroot(opts->chroot) < 0) {
+			syslog(LOG_ERR, "Can't chroot to %s: %s",
+				opts->chroot, strerror(errno));
+			goto err;
+		}
+	}
+#endif
+
+	/* Change UID */
+	if (opts->uid != getuid()) {
+		if (setuid(opts->uid)) {
+			syslog(LOG_ERR, "Can't set UID to %u: %s",
+				opts->uid, strerror(errno));
+			goto err;
+		}
+	}
+
 	/* Create configuration tree */
 	conf = konf_tree_new("", 0);
 
@@ -510,6 +531,7 @@ struct options *opts_init(void)
 	opts->debug = 0; /* daemonize by default */
 	opts->socket_path = lub_string_dup(KONFD_SOCKET_PATH);
 	opts->pidfile = lub_string_dup(KONFD_PIDFILE);
+	opts->chroot = NULL;
 	opts->uid = getuid();
 	opts->gid = getgid();
 
@@ -524,6 +546,8 @@ void opts_free(struct options *opts)
 		lub_string_free(opts->socket_path);
 	if (opts->pidfile)
 		lub_string_free(opts->pidfile);
+	if (opts->chroot)
+		lub_string_free(opts->chroot);
 	free(opts);
 }
 
@@ -531,7 +555,7 @@ void opts_free(struct options *opts)
 /* Parse command line options */
 static int opts_parse(int argc, char *argv[], struct options *opts)
 {
-	static const char *shortopts = "hvs:p:u:g:d";
+	static const char *shortopts = "hvs:p:u:g:dr:";
 #ifdef HAVE_GETOPT_H
 	static const struct option longopts[] = {
 		{"help",	0, NULL, 'h'},
@@ -541,6 +565,7 @@ static int opts_parse(int argc, char *argv[], struct options *opts)
 		{"user",	1, NULL, 'u'},
 		{"group",	1, NULL, 'g'},
 		{"debug",	0, NULL, 'd'},
+		{"chroot",	1, NULL, 'r'},
 		{NULL,		0, NULL, 0}
 	};
 #endif
@@ -565,10 +590,21 @@ static int opts_parse(int argc, char *argv[], struct options *opts)
 				lub_string_free(opts->pidfile);
 			opts->pidfile = lub_string_dup(optarg);
 			break;
+		case 'r':
+#ifdef HAVE_CHROOT
+			if (opts->chroot)
+				lub_string_free(opts->chroot);
+			opts->chroot = lub_string_dup(optarg);
+#else
+			syslog(LOG_ERR, "The --chroot option is not supported\n");
+			return -1;
+#endif
+			break;
 		case 'd':
 			opts->debug = 1;
 			break;
 		case 'u': {
+#ifdef HAVE_PWD_H
 			struct passwd *pwd = getpwnam(optarg);
 			if (!pwd) {
 				syslog(LOG_ERR, "Can't identify user \"%s\"\n",
@@ -576,9 +612,14 @@ static int opts_parse(int argc, char *argv[], struct options *opts)
 				return -1;
 			}
 			opts->uid = pwd->pw_uid;
+#else
+			syslog(LOG_ERR, "The --user option is not supported\n");
+			return -1;
+#endif
 			break;
 		}
 		case 'g': {
+#ifdef HAVE_GRP_H
 			struct group *grp = getgrnam(optarg);
 			if (!grp) {
 				syslog(LOG_ERR, "Can't identify group \"%s\"\n",
@@ -586,6 +627,10 @@ static int opts_parse(int argc, char *argv[], struct options *opts)
 				return -1;
 			}
 			opts->gid = grp->gr_gid;
+#else
+			syslog(LOG_ERR, "The --group option is not supported\n");
+			return -1;
+#endif
 			break;
 		}
 		case 'h':
@@ -636,6 +681,7 @@ static void help(int status, const char *argv0)
 		printf("\t-s <path>, --socket=<path>\tSpecify the UNIX socket "
 			"filesystem path to listen on.\n");
 		printf("\t-p <path>, --pid=<path>\tFile to save daemon's PID to.\n");
+		printf("\t-r <path>, --chroot=<path>\tDirectory to chroot.\n");
 		printf("\t-u <user>, --user=<user>\tExecute process as"
 			" specified user.\n");
 		printf("\t-g <group>, --group=<group>\tExecute process as"

config.h.in

@@ -3,12 +3,18 @@
 /* Define to 1 if you have the <bfd.h> header file. */
 #undef HAVE_BFD_H
 
+/* Define to 1 if you have the `chroot' function. */
+#undef HAVE_CHROOT
+
 /* Define to 1 if you have the <dlfcn.h> header file. */
 #undef HAVE_DLFCN_H
 
 /* Define to 1 if you have the <getopt.h> header file. */
 #undef HAVE_GETOPT_H
 
+/* Define to 1 if you have the <grp.h> header file. */
+#undef HAVE_GRP_H
+
 /* Define to 1 if you have the <inttypes.h> header file. */
 #undef HAVE_INTTYPES_H
 
@@ -39,6 +45,9 @@
 /* Define to 1 if you have the <pthread.h> header file. */
 #undef HAVE_PTHREAD_H
 
+/* Define to 1 if you have the <pwd.h> header file. */
+#undef HAVE_PWD_H
+
 /* Define to 1 if you have the <stdint.h> header file. */
 #undef HAVE_STDINT_H
 
@@ -105,3 +114,4 @@
 
 /* Version number of package */
 #undef VERSION
+

configure

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.68 for klish 1.4.1.
+# Generated by GNU Autoconf 2.68 for klish 1.4.2.
 #
 # Report bugs to <serj.kalichev at gmail dot com>.
 #
@@ -570,8 +570,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='klish'
 PACKAGE_TARNAME='klish'
-PACKAGE_VERSION='1.4.1'
-PACKAGE_STRING='klish 1.4.1'
+PACKAGE_VERSION='1.4.2'
+PACKAGE_STRING='klish 1.4.2'
 PACKAGE_BUGREPORT='serj.kalichev at gmail dot com'
 PACKAGE_URL=''
 
@@ -1327,7 +1327,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures klish 1.4.1 to adapt to many kinds of systems.
+\`configure' configures klish 1.4.2 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1397,7 +1397,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of klish 1.4.1:";;
+     short | recursive ) echo "Configuration of klish 1.4.2:";;
    esac
   cat <<\_ACEOF
 
@@ -1509,7 +1509,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-klish configure 1.4.1
+klish configure 1.4.2
 generated by GNU Autoconf 2.68
 
 Copyright (C) 2010 Free Software Foundation, Inc.
@@ -2177,7 +2177,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by klish $as_me 1.4.1, which was
+It was created by klish $as_me 1.4.2, which was
 generated by GNU Autoconf 2.68.  Invocation command line was
 
   $ $0 $@
@@ -15127,7 +15127,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='klish'
- VERSION='1.4.1'
+ VERSION='1.4.2'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -16196,6 +16196,58 @@ $as_echo "#define HAVE_LANGINFO_CODESET 1" >>confdefs.h
   fi
 
 
+################################
+# Check for pwd.h and grp.h
+################################
+for ac_header in pwd.h
+do :
+  ac_fn_c_check_header_mongrel "$LINENO" "pwd.h" "ac_cv_header_pwd_h" "$ac_includes_default"
+if test "x$ac_cv_header_pwd_h" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_PWD_H 1
+_ACEOF
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: pwd.h not found: the pwd operations is not supported" >&5
+$as_echo "$as_me: WARNING: pwd.h not found: the pwd operations is not supported" >&2;}
+fi
+
+done
+
+for ac_header in grp.h
+do :
+  ac_fn_c_check_header_mongrel "$LINENO" "grp.h" "ac_cv_header_grp_h" "$ac_includes_default"
+if test "x$ac_cv_header_grp_h" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_GRP_H 1
+_ACEOF
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: grp.h not found: the grp operations is not supported" >&5
+$as_echo "$as_me: WARNING: grp.h not found: the grp operations is not supported" >&2;}
+fi
+
+done
+
+
+################################
+# Check for chroot
+################################
+for ac_func in chroot
+do :
+  ac_fn_c_check_func "$LINENO" "chroot" "ac_cv_func_chroot"
+if test "x$ac_cv_func_chroot" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_CHROOT 1
+_ACEOF
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: chroot() not found: the choot is not supported" >&5
+$as_echo "$as_me: WARNING: chroot() not found: the choot is not supported" >&2;}
+fi
+done
+
+
 ac_config_files="$ac_config_files Makefile"
 
 cat >confcache <<\_ACEOF
@@ -16748,7 +16800,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by klish $as_me 1.4.1, which was
+This file was extended by klish $as_me 1.4.2, which was
 generated by GNU Autoconf 2.68.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -16814,7 +16866,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-klish config.status 1.4.1
+klish config.status 1.4.2
 configured by $0, generated by GNU Autoconf 2.68,
   with options \\"\$ac_cs_config\\"
 
@@ -18859,3 +18911,4 @@ if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
 $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
 fi
 
+

configure.ac

@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 m4_define([MAJOR_VERSION], 1)
 m4_define([MINOR_VERSION], 4)
-m4_define([MICRO_VERSION], 1)
+m4_define([MICRO_VERSION], 2)
 
 AC_PREREQ(2.59)
 AC_INIT([klish],
@@ -252,5 +252,19 @@ AC_CHECK_HEADERS(locale.h, [],
 ################################
 AM_LANGINFO_CODESET
 
+################################
+# Check for pwd.h and grp.h
+################################
+AC_CHECK_HEADERS(pwd.h, [],
+    AC_MSG_WARN([pwd.h not found: the pwd operations is not supported]))
+AC_CHECK_HEADERS(grp.h, [],
+    AC_MSG_WARN([grp.h not found: the grp operations is not supported]))
+
+################################
+# Check for chroot
+################################
+AC_CHECK_FUNCS(chroot, [],
+    AC_MSG_WARN([chroot() not found: the choot is not supported]))
+
 AC_CONFIG_FILES(Makefile)
 AC_OUTPUT