From f2effe6a388951a485127d1dd6dc31829a6efa0b Mon Sep 17 00:00:00 2001 From: "Alan T. DeKok" Date: Mon, 26 Jul 2010 13:30:56 +0200 Subject: [PATCH] Delete control socket when the server exits. This prevents permission errors --- src/main/command.c | 44 ++++++++++++++++++++++++++++++++++---------- src/main/listen.c | 4 ++-- src/main/mainconfig.c | 13 ++++++++++++- 3 files changed, 48 insertions(+), 13 deletions(-) diff --git a/src/main/command.c b/src/main/command.c index 60afa5c..03e9cf0 100644 --- a/src/main/command.c +++ b/src/main/command.c @@ -191,17 +191,30 @@ static int fr_server_domain_socket(const char *path) } /* - * Refuse to open sockets not owned by us. + * In daemon mode, check the ownership. If in + * debug mode, ignore ownership if we're root. */ - if (buf.st_uid != geteuid()) { - radlog(L_ERR, "We do not own %s", path); - return -1; - } - - if (unlink(path) < 0) { - radlog(L_ERR, "Failed to delete %s: %s", - path, strerror(errno)); - return -1; + if ((debug_flag == 0) || (geteuid() != 0)) { + + /* + * Refuse to open sockets not owned by us. + */ + if (buf.st_uid != geteuid()) { + radlog(L_ERR, "We do not own %s", path); + return -1; + } + + /* + * In debug mode as root, leave the file + * there. Otherwise, it will be owned by + * "root", which makes it difficult to + * open the file as user "radiusd". + */ + if (unlink(path) < 0) { + radlog(L_ERR, "Failed to delete %s: %s", + path, strerror(errno)); + return -1; + } } } @@ -2334,6 +2347,17 @@ static int command_domain_accept(rad_listen_t *listener, /* + * Delete the socket for safety. If the server isn't running, + * the socket shouldn't exist. + */ +static void command_socket_free(rad_listen_t *listener) +{ + fr_command_socket_t *sock = listener->data; + + if (sock->path) unlink(sock->path); +} + +/* * Send an authentication response packet */ static int command_domain_send(UNUSED rad_listen_t *listener, diff --git a/src/main/listen.c b/src/main/listen.c index 1c36953..530ed49 100644 --- a/src/main/listen.c +++ b/src/main/listen.c @@ -1816,8 +1816,8 @@ static const rad_listen_master_t master_listen[RAD_LISTEN_MAX] = { #endif #ifdef WITH_COMMAND_SOCKET - /* TCP command socket */ - { command_socket_parse, NULL, + /* Unix domain command socket */ + { command_socket_parse, command_socket_free, command_domain_accept, command_domain_send, command_socket_print, command_socket_encode, command_socket_decode }, #endif diff --git a/src/main/mainconfig.c b/src/main/mainconfig.c index 7a7bf4b..b99923c 100644 --- a/src/main/mainconfig.c +++ b/src/main/mainconfig.c @@ -256,6 +256,7 @@ static const CONF_PARSER bootstrap_config[] = { { "group", PW_TYPE_STRING_PTR, 0, &gid_name, NULL }, #endif { "chroot", PW_TYPE_STRING_PTR, 0, &chroot_dir, NULL }, + { "libdir", PW_TYPE_STRING_PTR, 0, &radlib_dir, "${prefix}/lib"}, { "allow_core_dumps", PW_TYPE_BOOLEAN, 0, &allow_core_dumps, "no" }, { NULL, -1, 0, NULL, NULL } @@ -651,6 +652,7 @@ static int switch_users(CONF_SECTION *cs) #endif if (chroot_dir) { + DEBUG("Performing chroot to %s", chroot_dir); if (chroot(chroot_dir) < 0) { fprintf(stderr, "%s: Failed to perform chroot %s: %s", progname, chroot_dir, strerror(errno)); @@ -712,6 +714,8 @@ static int switch_users(CONF_SECTION *cs) if (uid_name) { doing_setuid = TRUE; + DEBUG("Switching to user %s group %s", + uid_name, gid_name ? gid_name : ""); fr_suid_down(); } #endif @@ -949,6 +953,7 @@ int read_mainconfig(int reload) } if (chroot_dir) { + DEBUG("Changing current working directory to %s", radlog_dir); if (chdir(radlog_dir) < 0) { radlog(L_ERR, "Failed to 'chdir %s' after chroot: %s", radlog_dir, strerror(errno)); @@ -976,6 +981,13 @@ int free_mainconfig(void) virtual_servers_free(0); /* + * Close sockets before free'ing the configuration. This + * allows us to removed the control socket before + * exiting. + */ + listen_free(&mainconfig.listen); + + /* * Free all of the cached configurations. */ for (cc = cs_cache; cc != NULL; cc = next) { @@ -989,7 +1001,6 @@ int free_mainconfig(void) * structures. */ realms_free(); - listen_free(&mainconfig.listen); dict_free(); return 0; -- 2.1.4