diff options
| author | Jean-Francois Brousseau <jfb@cvs.openbsd.org> | 2004-09-27 12:39:31 +0000 |
|---|---|---|
| committer | Jean-Francois Brousseau <jfb@cvs.openbsd.org> | 2004-09-27 12:39:31 +0000 |
| commit | f4f2b78efae56fd688ba9380e77d6ed995f2531f (patch) | |
| tree | 533e3fff517eb90dcfec91e354fe4ca1fcebb066 | |
| parent | 534679b46ff8e5da853ab6c2c96efedc70ef0fb9 (diff) | |
Add the `user' and `group' keywords in the configuration file format, so
we can specify alternate users under which the children should run
| -rw-r--r-- | usr.bin/cvs/conf.y | 17 | ||||
| -rw-r--r-- | usr.bin/cvs/cvsd.c | 53 | ||||
| -rw-r--r-- | usr.bin/cvs/cvsd.conf | 9 |
3 files changed, 55 insertions, 24 deletions
diff --git a/usr.bin/cvs/conf.y b/usr.bin/cvs/conf.y index 5902c5484b7..1b350e9fdb3 100644 --- a/usr.bin/cvs/conf.y +++ b/usr.bin/cvs/conf.y @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.y,v 1.2 2004/08/03 14:46:35 jfb Exp $ */ +/* $OpenBSD: conf.y,v 1.3 2004/09/27 12:39:29 jfb Exp $ */ /* * Copyright (c) 2004 Jean-Francois Brousseau <jfb@openbsd.org> * All rights reserved. @@ -143,7 +143,7 @@ static u_int acl_defact = CVS_ACL_DENY; %} %token LISTEN CVSROOT MINCHILD MAXCHILD REQSOCK -%token ALLOW DENY LOG QUICK ON TAG FROM +%token ALLOW DENY LOG QUICK ON TAG FROM USER GROUP %token ANY ADD CHECKOUT COMMIT DIFF HISTORY UPDATE %token <v.string> STRING %type <v.num> action number options operation @@ -184,6 +184,16 @@ directive : LISTEN address cvsd_set(CVSD_SET_ROOT, $2); free($2); } + | USER STRING + { + cvsd_set(CVSD_SET_USER, $2); + free($2); + } + | GROUP STRING + { + cvsd_set(CVSD_SET_GROUP, $2); + free($2); + } | MINCHILD number { cvsd_set(CVSD_SET_CHMIN, $2); } | MAXCHILD number { cvsd_set(CVSD_SET_CHMAX, $2); } | REQSOCK STRING @@ -325,12 +335,14 @@ static const struct conf_kw keywords[] = { { "cvsroot", CVSROOT }, { "deny", DENY }, { "from", FROM }, + { "group", GROUP }, { "listen", LISTEN }, { "log", LOG }, { "on", ON }, { "quick", QUICK }, { "reqsock", REQSOCK }, { "tag", TAG }, + { "user", USER }, }; @@ -571,6 +583,7 @@ cvs_conf_read(const char *conf) TAILQ_INIT(&acl_rules); acl_nrules = 0; + cvs_log(LP_INFO, "using configuration file `%s'", conf); conf_file = conf; conf_fin = fopen(conf, "r"); if (conf_fin == NULL) { diff --git a/usr.bin/cvs/cvsd.c b/usr.bin/cvs/cvsd.c index 7fa2ab141ef..bb8ab675d1f 100644 --- a/usr.bin/cvs/cvsd.c +++ b/usr.bin/cvs/cvsd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cvsd.c,v 1.8 2004/09/27 12:16:05 jfb Exp $ */ +/* $OpenBSD: cvsd.c,v 1.9 2004/09/27 12:39:29 jfb Exp $ */ /* * Copyright (c) 2004 Jean-Francois Brousseau <jfb@openbsd.org> * All rights reserved. @@ -68,8 +68,8 @@ volatile sig_atomic_t restart = 0; uid_t cvsd_uid = -1; gid_t cvsd_gid = -1; -static char *cvsd_user = CVSD_USER; -static char *cvsd_group = CVSD_GROUP; +static char *cvsd_user = NULL; +static char *cvsd_group = NULL; static char *cvsd_root = NULL; static char *cvsd_conffile = CVSD_CONF; static int cvsd_privfd = -1; @@ -152,6 +152,8 @@ main(int argc, char **argv) struct group *grp; checkrepo = 0; + cvsd_set(CVSD_SET_USER, CVSD_USER); + cvsd_set(CVSD_SET_GROUP, CVSD_GROUP); if (cvs_log_init(LD_STD|LD_SYSLOG, LF_PID) < 0) err(1, "failed to initialize logging mechanism"); @@ -169,7 +171,7 @@ main(int argc, char **argv) foreground = 1; break; case 'g': - cvsd_group = optarg; + cvsd_set(CVSD_SET_GROUP, optarg); break; case 'h': usage(); @@ -186,7 +188,7 @@ main(int argc, char **argv) cvsd_sock_path = optarg; break; case 'u': - cvsd_user = optarg; + cvsd_set(CVSD_SET_USER, optarg); break; case 'v': cvs_log_filter(LP_FILTER_UNSET, LP_INFO); @@ -860,19 +862,42 @@ cvsd_set(int what, ...) char *str; va_list vap; + str = NULL; + va_start(vap, what); - switch (what) { - case CVSD_SET_ROOT: + if ((what == CVSD_SET_ROOT) || (what == CVSD_SET_SOCK) || + (what == CVSD_SET_USER) || (what == CVSD_SET_GROUP)) { str = strdup(va_arg(vap, char *)); if (str == NULL) { - cvs_log(LP_ERRNO, "failed to set CVS root"); + cvs_log(LP_ERRNO, "failed to set string"); return (-1); } + } + + switch (what) { + case CVSD_SET_ROOT: if (cvsd_root != NULL) free(cvsd_root); cvsd_root = str; break; + case CVSD_SET_SOCK: + if (cvsd_sock_path != NULL) + free(cvsd_sock_path); + cvsd_sock_path = str; + if (cvsd_sock_open() < 0) + return (-1); + break; + case CVSD_SET_USER: + if (cvsd_user != NULL) + free(cvsd_user); + cvsd_user = str; + break; + case CVSD_SET_GROUP: + if (cvsd_group != NULL) + free(cvsd_group); + cvsd_group = str; + break; case CVSD_SET_CHMIN: cvsd_chmin = va_arg(vap, int); /* we should increase the number of children accordingly */ @@ -884,18 +909,6 @@ cvsd_set(int what, ...) case CVSD_SET_ADDR: /* this is more like an add than a set */ break; - case CVSD_SET_SOCK: - str = strdup(va_arg(vap, char *)); - if (str == NULL) { - cvs_log(LP_ERRNO, "failed to set CVS socket path"); - return (-1); - } - if (cvsd_sock_path != NULL) - free(cvsd_sock_path); - cvsd_sock_path = str; - if (cvsd_sock_open() < 0) - return (-1); - break; default: cvs_log(LP_ERR, "invalid field to set"); return (-1); diff --git a/usr.bin/cvs/cvsd.conf b/usr.bin/cvs/cvsd.conf index ab949504fec..acc14f445c1 100644 --- a/usr.bin/cvs/cvsd.conf +++ b/usr.bin/cvs/cvsd.conf @@ -1,4 +1,4 @@ -# $OpenBSD: cvsd.conf,v 1.1 2004/08/13 12:59:53 jfb Exp $ +# $OpenBSD: cvsd.conf,v 1.2 2004/09/27 12:39:30 jfb Exp $ # # Sample cvsd configuration file # see cvsd.conf(5) @@ -10,13 +10,18 @@ # Set this to the root directory of your CVS repository cvsroot /cvs - # Minimum children processes to keep in pool at any given time #minchild 3 # Maximum children processes to keep in pool at any given time #maxchild 5 +# Username that child processes should drop privileges to upon startup +#user _cvsd + +# Group that child processes should drop privileges to upon startup +#group _cvsd + # Socket on which the server will be listening for client requests reqsock /tmp/cvsd.sock |