summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJean-Francois Brousseau <jfb@cvs.openbsd.org>2004-09-27 12:16:07 +0000
committerJean-Francois Brousseau <jfb@cvs.openbsd.org>2004-09-27 12:16:07 +0000
commit534679b46ff8e5da853ab6c2c96efedc70ef0fb9 (patch)
tree4951293dd024936dbeceb371634dd44acb54cba2
parent3707ba7190efad04f9d715764e47bea7a9b19b03 (diff)
Simplify signal handling by having only one handler that sets the proper
variables, and add support for reporting via SIGINFO. Also add a way to change the user and group for privilege separation of the children.
-rw-r--r--usr.bin/cvs/cvsd.824
-rw-r--r--usr.bin/cvs/cvsd.c146
2 files changed, 110 insertions, 60 deletions
diff --git a/usr.bin/cvs/cvsd.8 b/usr.bin/cvs/cvsd.8
index 78c849beeb1..8280abf363a 100644
--- a/usr.bin/cvs/cvsd.8
+++ b/usr.bin/cvs/cvsd.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: cvsd.8,v 1.2 2004/07/25 03:23:57 jfb Exp $
+.\" $OpenBSD: cvsd.8,v 1.3 2004/09/27 12:16:06 jfb Exp $
.\"
.\" Copyright (c) 2004 Jean-Francois Brousseau <jfb@openbsd.org>
.\"
@@ -32,10 +32,12 @@
.Nd Concurrent Versions System daemon
.Sh SYNOPSIS
.Nm cvsd
-.Op Fl dfpv
-.Op Fl a Ar aclfile
+.Op Fl dfhpv
+.Op Fl c Ar config
+.Op Fl g Ar group
.Op Fl r Ar cvsroot
.Op Fl s Ar sockpath
+.Op Fl u Ar user
.Sh DESCRIPTION
The
.Nm
@@ -66,10 +68,10 @@ and should only be writable by the user.
.Pp
The options are as follows:
.Bl -tag -width "-s sockpath"
-.It Fl a Ar aclfile
+.It Fl c Ar config
Use
-.Ar aclfile
-as the source file for the Access Control Lists to apply on the repository.
+.Ar config
+as the startup configuration file instead of the default one.
.It Fl d
Start the server with debugging enabled.
This option overrides the
@@ -80,6 +82,12 @@ Stay in foreground instead of performing the usual operations to become
a daemon.
This causes all log messages to be printed on standard input or standard
error, depending on the priority of each message.
+.It Fl g Ar group
+Drop group privileges to the group name or GID specified by
+.Ar group
+instead of the default group.
+.It Fl h
+Print information about the server's usage and exit.
.It Fl p
On startup, perform a check on the whole contents of the CVS repository to
check file permissions and ownership, and print warnings for any files or
@@ -96,6 +104,10 @@ as the CVS repository's root directory.
Use the path specified by
.Ar sockpath
as the file to bind to for the local socket.
+.It Fl u Ar user
+Drop user privileges to the username or UID specified by
+.Ar user
+instead of the default user.
.It Fl v
Be verbose.
.Sh FILES
diff --git a/usr.bin/cvs/cvsd.c b/usr.bin/cvs/cvsd.c
index 22d2efb8b2e..7fa2ab141ef 100644
--- a/usr.bin/cvs/cvsd.c
+++ b/usr.bin/cvs/cvsd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cvsd.c,v 1.7 2004/09/25 12:21:43 jfb Exp $ */
+/* $OpenBSD: cvsd.c,v 1.8 2004/09/27 12:16:05 jfb Exp $ */
/*
* Copyright (c) 2004 Jean-Francois Brousseau <jfb@openbsd.org>
* All rights reserved.
@@ -52,6 +52,7 @@
static void cvsd_parent_loop (void);
static void cvsd_child_loop (void);
static int cvsd_privdrop (void);
+static void cvsd_report (void);
extern char *__progname;
@@ -64,10 +65,11 @@ volatile sig_atomic_t running = 1;
volatile sig_atomic_t restart = 0;
-uid_t cvsd_uid = -1;
-gid_t cvsd_gid = -1;
-
+uid_t cvsd_uid = -1;
+gid_t cvsd_gid = -1;
+static char *cvsd_user = CVSD_USER;
+static char *cvsd_group = CVSD_GROUP;
static char *cvsd_root = NULL;
static char *cvsd_conffile = CVSD_CONF;
static int cvsd_privfd = -1;
@@ -79,52 +81,39 @@ static volatile sig_atomic_t cvsd_chnum = 0;
static volatile sig_atomic_t cvsd_chmin = CVSD_CHILD_DEFMIN;
static volatile sig_atomic_t cvsd_chmax = CVSD_CHILD_DEFMAX;
static volatile sig_atomic_t cvsd_sigchld = 0;
+static volatile sig_atomic_t cvsd_siginfo = 0;
-void usage (void);
-void sighup_handler (int);
-void sigint_handler (int);
-void sigchld_handler (int);
-int cvsd_msghdlr (struct cvsd_child *, int);
-
-
-/*
- * sighup_handler()
- *
- * Handler for the SIGHUP signal.
- */
-
-void
-sighup_handler(int signo)
-{
- restart = 1;
-}
-
-
-/*
- * sigint_handler()
- *
- * Handler for the SIGINT signal.
- */
-
-void
-sigint_handler(int signo)
-{
- running = 0;
-}
+void usage (void);
+void cvsd_sighdlr (int);
+int cvsd_msghdlr (struct cvsd_child *, int);
/*
- * sigchld_handler()
+ * cvsd_sighdlr()
*
- * Handler for the SIGCHLD signal.
+ * Generic signal handler.
*/
void
-sigchld_handler(int signo)
+cvsd_sighdlr(int signo)
{
- cvsd_sigchld = 1;
- signal(SIGCHLD, sigchld_handler);
+ switch (signo) {
+ case SIGHUP:
+ restart = 1;
+ break;
+ case SIGCHLD:
+ cvsd_sigchld = 1;
+ break;
+ case SIGINT:
+ case SIGTERM:
+ case SIGQUIT:
+ running = 0;
+ break;
+ case SIGINFO:
+ cvsd_siginfo = 1;
+ break;
+ }
}
@@ -138,14 +127,17 @@ void
usage(void)
{
fprintf(stderr,
- "Usage: %s [-dfhpv] [-c config] [-r root] [-s path]\n"
+ "Usage: %s [-dfhpv] [-c config] [-g group] [-r root] "
+ "[-s path] [-u user]\n"
"\t-c config\tUse <config> as the configuration file\n"
"\t-d\t\tStart the server in debugging mode (very verbose)\n"
"\t-f\t\tStay in foreground instead of becoming a daemon\n"
+ "\t-g group\tUse group <group> for privilege revocation\n"
"\t-h\t\tPrint the usage and exit\n"
"\t-p\t\tPerform repository sanity check on startup\n"
"\t-r root\t\tUse <root> as the root directory of the repository\n"
"\t-s path\t\tUse <path> as the path for the CVS server socket\n"
+ "\t-u user\tUse user <user> for privilege revocation\n"
"\t-v\t\tBe verbose\n",
__progname);
}
@@ -176,6 +168,9 @@ main(int argc, char **argv)
case 'f':
foreground = 1;
break;
+ case 'g':
+ cvsd_group = optarg;
+ break;
case 'h':
usage();
exit(0);
@@ -190,6 +185,9 @@ main(int argc, char **argv)
case 's':
cvsd_sock_path = optarg;
break;
+ case 'u':
+ cvsd_user = optarg;
+ break;
case 'v':
cvs_log_filter(LP_FILTER_UNSET, LP_INFO);
break;
@@ -213,22 +211,22 @@ main(int argc, char **argv)
TAILQ_INIT(&cvsd_children);
- pwd = getpwnam(CVSD_USER);
+ pwd = getpwnam(cvsd_user);
if (pwd == NULL)
- err(EX_NOUSER, "failed to get user `%s'", CVSD_USER);
+ err(EX_NOUSER, "failed to get user `%s'", cvsd_user);
- grp = getgrnam(CVSD_GROUP);
+ grp = getgrnam(cvsd_group);
if (grp == NULL)
- err(EX_NOUSER, "failed to get group `%s'", CVSD_GROUP);
+ err(EX_NOUSER, "failed to get group `%s'", cvsd_group);
cvsd_uid = pwd->pw_uid;
cvsd_gid = grp->gr_gid;
- signal(SIGHUP, sighup_handler);
- signal(SIGINT, sigint_handler);
- signal(SIGQUIT, sigint_handler);
- signal(SIGTERM, sigint_handler);
- signal(SIGCHLD, sigchld_handler);
+ signal(SIGHUP, cvsd_sighdlr);
+ signal(SIGINT, cvsd_sighdlr);
+ signal(SIGQUIT, cvsd_sighdlr);
+ signal(SIGTERM, cvsd_sighdlr);
+ signal(SIGCHLD, cvsd_sighdlr);
if (!foreground && daemon(0, 0) == -1) {
cvs_log(LP_ERRNO, "failed to become a daemon");
@@ -263,6 +261,7 @@ main(int argc, char **argv)
}
}
+ signal(SIGINFO, cvsd_sighdlr);
cvsd_parent_loop();
cvs_log(LP_NOTICE, "shutting down");
@@ -283,8 +282,8 @@ main(int argc, char **argv)
int
cvsd_privdrop(void)
{
- cvs_log(LP_INFO, "dropping privileges to %s:%s", CVSD_USER,
- CVSD_GROUP);
+ cvs_log(LP_INFO, "dropping privileges to %s[%d]:%s[%d]",
+ cvsd_user, cvsd_uid, cvsd_group, cvsd_gid);
if (setgid(cvsd_gid) == -1) {
cvs_log(LP_ERRNO, "failed to drop group privileges to %s",
CVSD_GROUP);
@@ -490,7 +489,7 @@ cvsd_child_fork(struct cvsd_child **chpp)
signal(SIGCHLD, SIG_IGN);
TAILQ_INSERT_TAIL(&cvsd_children, chp, ch_list);
cvsd_chnum++;
- signal(SIGCHLD, sigchld_handler);
+ signal(SIGCHLD, cvsd_sighdlr);
if (chpp != NULL)
*chpp = chp;
@@ -541,7 +540,7 @@ cvsd_child_reap(void)
signal(SIGCHLD, SIG_IGN);
TAILQ_REMOVE(&cvsd_children, ch, ch_list);
cvsd_chnum--;
- signal(SIGCHLD, sigchld_handler);
+ signal(SIGCHLD, cvsd_sighdlr);
break;
}
@@ -614,6 +613,10 @@ cvsd_parent_loop(void)
cvsd_sigchld = 0;
cvsd_child_reap();
}
+ if (cvsd_siginfo) {
+ cvsd_siginfo = 0;
+ cvsd_report();
+ }
nfds = cvsd_chnum + 1;
pfd = (struct pollfd *)realloc(pfd,
@@ -731,6 +734,8 @@ cvsd_child_loop(void)
break;
switch (mtype) {
+ case CVSD_MSG_PASSFD:
+ break;
case CVSD_MSG_SHUTDOWN:
running = 0;
break;
@@ -900,3 +905,36 @@ cvsd_set(int what, ...)
return (0);
}
+
+
+/*
+ * cvsd_report()
+ */
+
+static void
+cvsd_report(void)
+{
+ u_int nb_idle, nb_busy, nb_unknown;
+ struct cvsd_child *ch;
+
+ nb_idle = 0;
+ nb_busy = 0;
+ nb_unknown = 0;
+
+ signal(SIGCHLD, SIG_IGN);
+ TAILQ_FOREACH(ch, &cvsd_children, ch_list) {
+ if (ch->ch_state == CVSD_ST_IDLE)
+ nb_idle++;
+ else if (ch->ch_state == CVSD_ST_BUSY)
+ nb_busy++;
+ else if (ch->ch_state == CVSD_ST_UNKNOWN)
+ nb_unknown++;
+ }
+
+ cvs_log(LP_WARN, "%u children, %u idle, %u busy, %u unknown",
+ cvsd_chnum, nb_idle, nb_busy, nb_unknown);
+
+ TAILQ_FOREACH(ch, &cvsd_children, ch_list)
+ cvs_log(LP_WARN, "");
+ signal(SIGCHLD, cvsd_sighdlr);
+}