mirror of
https://github.com/osmarks/ngircd.git
synced 2025-10-22 01:47:37 +00:00
New "chroot" feature (from Benjamin Pineau), introducing new configuration
variables "ChrootDir" and "MotdPhrase".
This commit is contained in:
@@ -14,7 +14,7 @@
|
||||
|
||||
#include "portab.h"
|
||||
|
||||
static char UNUSED id[] = "$Id: conf.c,v 1.63 2004/01/17 03:17:00 alex Exp $";
|
||||
static char UNUSED id[] = "$Id: conf.c,v 1.64 2004/05/07 11:19:21 alex Exp $";
|
||||
|
||||
#include "imp.h"
|
||||
#include <assert.h>
|
||||
@@ -114,6 +114,8 @@ Conf_Test( VOID )
|
||||
printf( " AdminInfo2 = %s\n", Conf_ServerAdmin2 );
|
||||
printf( " AdminEMail = %s\n", Conf_ServerAdminMail );
|
||||
printf( " MotdFile = %s\n", Conf_MotdFile );
|
||||
printf( " MotdPhrase = %s\n", Conf_MotdPhrase );
|
||||
printf( " ChrootDir= %s\n", Conf_Chroot );
|
||||
printf( " Ports = " );
|
||||
for( i = 0; i < Conf_ListenPorts_Count; i++ )
|
||||
{
|
||||
@@ -343,6 +345,10 @@ Set_Defaults( BOOLEAN InitServers )
|
||||
strlcpy( Conf_MotdFile, SYSCONFDIR, sizeof( Conf_MotdFile ));
|
||||
strlcat( Conf_MotdFile, MOTD_FILE, sizeof( Conf_MotdFile ));
|
||||
|
||||
strlcpy( Conf_MotdPhrase, MOTD_PHRASE, sizeof( Conf_MotdPhrase ));
|
||||
|
||||
strlcpy( Conf_Chroot, CHROOT_DIR, sizeof( Conf_Chroot ));
|
||||
|
||||
Conf_ListenPorts_Count = 0;
|
||||
strcpy( Conf_ListenAddress, "" );
|
||||
|
||||
@@ -613,6 +619,18 @@ Handle_GLOBAL( INT Line, CHAR *Var, CHAR *Arg )
|
||||
if( strlcpy( Conf_MotdFile, Arg, sizeof( Conf_MotdFile )) >= sizeof( Conf_MotdFile )) Config_Error( LOG_WARNING, "%s, line %d: Value of \"MotdFile\" too long!", NGIRCd_ConfFile, Line );
|
||||
return;
|
||||
}
|
||||
if( strcasecmp( Var, "MotdPhrase" ) == 0 )
|
||||
{
|
||||
/* "Message of the day" phrase (instead of file) */
|
||||
if( strlcpy( Conf_MotdPhrase, Arg, sizeof( Conf_MotdPhrase )) >= sizeof( Conf_MotdPhrase )) Config_Error( LOG_WARNING, "%s, line %d: Value of \"MotdPhrase\" too long!", NGIRCd_ConfFile, Line );
|
||||
return;
|
||||
}
|
||||
if( strcasecmp( Var, "ChrootDir" ) == 0 )
|
||||
{
|
||||
/* directory for chroot() */
|
||||
if( strlcpy( Conf_Chroot, Arg, sizeof( Conf_Chroot )) >= sizeof( Conf_Chroot )) Config_Error( LOG_WARNING, "%s, line %d: Value of \"ChrootDir\" too long!", NGIRCd_ConfFile, Line );
|
||||
return;
|
||||
}
|
||||
if( strcasecmp( Var, "ServerUID" ) == 0 )
|
||||
{
|
||||
/* UID the daemon should switch to */
|
||||
|
@@ -8,7 +8,7 @@
|
||||
* (at your option) any later version.
|
||||
* Please read the file COPYING, README and AUTHORS for more information.
|
||||
*
|
||||
* $Id: conf.h,v 1.28 2003/11/05 21:41:02 alex Exp $
|
||||
* $Id: conf.h,v 1.29 2004/05/07 11:19:21 alex Exp $
|
||||
*
|
||||
* Configuration management (header)
|
||||
*/
|
||||
@@ -72,6 +72,9 @@ GLOBAL CHAR Conf_ServerAdminMail[CLIENT_INFO_LEN];
|
||||
/* File with MOTD text */
|
||||
GLOBAL CHAR Conf_MotdFile[FNAME_LEN];
|
||||
|
||||
/* Phrase with MOTD text */
|
||||
GLOBAL CHAR Conf_MotdPhrase[LINE_LEN];
|
||||
|
||||
/* Ports the server should listen on */
|
||||
GLOBAL UINT Conf_ListenPorts[MAX_LISTEN_PORTS];
|
||||
GLOBAL INT Conf_ListenPorts_Count;
|
||||
@@ -83,6 +86,9 @@ GLOBAL CHAR Conf_ListenAddress[16];
|
||||
GLOBAL UINT Conf_UID;
|
||||
GLOBAL UINT Conf_GID;
|
||||
|
||||
/* A directory to chroot() in */
|
||||
GLOBAL CHAR Conf_Chroot[FNAME_LEN];
|
||||
|
||||
/* Timeouts for PING and PONG */
|
||||
GLOBAL INT Conf_PingTimeout;
|
||||
GLOBAL INT Conf_PongTimeout;
|
||||
|
@@ -8,7 +8,7 @@
|
||||
* (at your option) any later version.
|
||||
* Please read the file COPYING, README and AUTHORS for more information.
|
||||
*
|
||||
* $Id: defines.h,v 1.45 2004/04/25 15:46:50 alex Exp $
|
||||
* $Id: defines.h,v 1.46 2004/05/07 11:19:21 alex Exp $
|
||||
*
|
||||
* Global defines of ngIRCd.
|
||||
*/
|
||||
@@ -83,6 +83,8 @@
|
||||
|
||||
#define CONFIG_FILE "/ngircd.conf"
|
||||
#define MOTD_FILE "/ngircd.motd"
|
||||
#define MOTD_PHRASE ""
|
||||
#define CHROOT_DIR ""
|
||||
|
||||
#define ERROR_DIR "/tmp"
|
||||
|
||||
|
@@ -14,7 +14,7 @@
|
||||
|
||||
#include "portab.h"
|
||||
|
||||
static char UNUSED id[] = "$Id: irc-info.c,v 1.21 2004/01/17 03:17:49 alex Exp $";
|
||||
static char UNUSED id[] = "$Id: irc-info.c,v 1.22 2004/05/07 11:19:21 alex Exp $";
|
||||
|
||||
#include "imp.h"
|
||||
#include <assert.h>
|
||||
@@ -773,6 +773,13 @@ IRC_Show_MOTD( CLIENT *Client )
|
||||
|
||||
assert( Client != NULL );
|
||||
|
||||
if( Conf_MotdPhrase[0] )
|
||||
{
|
||||
if( ! IRC_WriteStrClient( Client, RPL_MOTDSTART_MSG, Client_ID( Client ), Client_ID( Client_ThisServer( )))) return DISCONNECTED;
|
||||
if( ! IRC_WriteStrClient( Client, RPL_MOTD_MSG, Client_ID( Client ), Conf_MotdPhrase )) return DISCONNECTED;
|
||||
return IRC_WriteStrClient( Client, RPL_ENDOFMOTD_MSG, Client_ID( Client ));
|
||||
}
|
||||
|
||||
fd = fopen( Conf_MotdFile, "r" );
|
||||
if( ! fd )
|
||||
{
|
||||
@@ -780,7 +787,7 @@ IRC_Show_MOTD( CLIENT *Client )
|
||||
return IRC_WriteStrClient( Client, ERR_NOMOTD_MSG, Client_ID( Client ) );
|
||||
}
|
||||
|
||||
IRC_WriteStrClient( Client, RPL_MOTDSTART_MSG, Client_ID( Client ), Client_ID( Client_ThisServer( )));
|
||||
if( ! IRC_WriteStrClient( Client, RPL_MOTDSTART_MSG, Client_ID( Client ), Client_ID( Client_ThisServer( )))) return DISCONNECTED;
|
||||
while( TRUE )
|
||||
{
|
||||
if( ! fgets( line, 126, fd )) break;
|
||||
|
@@ -14,7 +14,7 @@
|
||||
|
||||
#include "portab.h"
|
||||
|
||||
static char UNUSED id[] = "$Id: log.c,v 1.44 2003/12/26 15:55:07 alex Exp $";
|
||||
static char UNUSED id[] = "$Id: log.c,v 1.45 2004/05/07 11:19:21 alex Exp $";
|
||||
|
||||
#include "imp.h"
|
||||
#include <assert.h>
|
||||
@@ -85,6 +85,8 @@ Log_Init( VOID )
|
||||
}
|
||||
#endif
|
||||
if( Init_Txt[0] ) Log( LOG_INFO, "Activating: %s.", Init_Txt );
|
||||
|
||||
Error_File[0] = '\0';
|
||||
} /* Log_Init */
|
||||
|
||||
|
||||
@@ -122,8 +124,11 @@ Log_Exit( VOID )
|
||||
if( NGIRCd_SignalRestart ) Log( LOG_NOTICE, "%s done (restarting).", PACKAGE_NAME );
|
||||
else Log( LOG_NOTICE, "%s done.", PACKAGE_NAME );
|
||||
|
||||
/* Error-File (stderr) loeschen */
|
||||
if( unlink( Error_File ) != 0 ) Log( LOG_ERR, "Can't delete \"%s\": %s", Error_File, strerror( errno ));
|
||||
if( Error_File[0] )
|
||||
{
|
||||
/* Error-File (stderr) loeschen */
|
||||
if( unlink( Error_File ) != 0 ) Log( LOG_ERR, "Can't delete \"%s\": %s", Error_File, strerror( errno ));
|
||||
}
|
||||
|
||||
#ifdef SYSLOG
|
||||
/* syslog abmelden */
|
||||
|
@@ -14,7 +14,7 @@
|
||||
|
||||
#include "portab.h"
|
||||
|
||||
static char UNUSED id[] = "$Id: ngircd.c,v 1.83 2004/01/19 21:54:59 alex Exp $";
|
||||
static char UNUSED id[] = "$Id: ngircd.c,v 1.84 2004/05/07 11:19:21 alex Exp $";
|
||||
|
||||
#include "imp.h"
|
||||
#include <assert.h>
|
||||
@@ -228,6 +228,38 @@ main( int argc, const char *argv[] )
|
||||
|
||||
while( ! NGIRCd_SignalQuit )
|
||||
{
|
||||
/* Initialize global variables */
|
||||
NGIRCd_Start = time( NULL );
|
||||
(VOID)strftime( NGIRCd_StartStr, 64, "%a %b %d %Y at %H:%M:%S (%Z)", localtime( &NGIRCd_Start ));
|
||||
|
||||
NGIRCd_SignalRehash = FALSE;
|
||||
NGIRCd_SignalRestart = FALSE;
|
||||
NGIRCd_SignalQuit = FALSE;
|
||||
|
||||
/* Initialize modules, part I */
|
||||
Log_Init( );
|
||||
Conf_Init( );
|
||||
|
||||
if( Conf_Chroot[0] )
|
||||
{
|
||||
/* Chroot */
|
||||
if( chdir( Conf_Chroot ) != 0 ) Log( LOG_ERR, "Can't chdir() in ChrootDir (%s): %s", Conf_Chroot, strerror( errno ));
|
||||
|
||||
if( chroot( Conf_Chroot ) != 0 ) Log( LOG_ERR, "Can't change root directory to \"%s\": %s", Conf_Chroot, strerror( errno ));
|
||||
else Log( LOG_INFO, "Changed root and working directory to \"%s\".", Conf_Chroot );
|
||||
}
|
||||
|
||||
if( Conf_GID != 0 )
|
||||
{
|
||||
/* Set new group ID */
|
||||
if( setgid( Conf_GID ) != 0 ) Log( LOG_ERR, "Can't change group ID to %u: %s", Conf_GID, strerror( errno ));
|
||||
}
|
||||
if( Conf_UID != 0 )
|
||||
{
|
||||
/* Set new user ID */
|
||||
if( setuid( Conf_UID ) != 0 ) Log( LOG_ERR, "Can't change user ID to %u: %s", Conf_UID, strerror( errno ));
|
||||
}
|
||||
|
||||
/* In der Regel wird ein Sub-Prozess ge-fork()'t, der
|
||||
* nicht mehr mit dem Terminal verbunden ist. Mit der
|
||||
* Option "--nodaemon" kann dies (z.B. zum Debuggen)
|
||||
@@ -252,18 +284,10 @@ main( int argc, const char *argv[] )
|
||||
(VOID)setsid( );
|
||||
chdir( "/" );
|
||||
}
|
||||
|
||||
/* Globale Variablen initialisieren */
|
||||
NGIRCd_Start = time( NULL );
|
||||
(VOID)strftime( NGIRCd_StartStr, 64, "%a %b %d %Y at %H:%M:%S (%Z)", localtime( &NGIRCd_Start ));
|
||||
NGIRCd_SignalRehash = FALSE;
|
||||
NGIRCd_SignalRestart = FALSE;
|
||||
NGIRCd_SignalQuit = FALSE;
|
||||
|
||||
/* Module initialisieren */
|
||||
Log_Init( );
|
||||
/* Initialize modules, part II: these functions are eventually
|
||||
* called with already dropped privileges ... */
|
||||
Resolve_Init( );
|
||||
Conf_Init( );
|
||||
Lists_Init( );
|
||||
Channel_Init( );
|
||||
Client_Init( );
|
||||
@@ -272,28 +296,15 @@ main( int argc, const char *argv[] )
|
||||
#endif
|
||||
Conn_Init( );
|
||||
|
||||
/* Wenn als root ausgefuehrt und eine andere UID
|
||||
* konfiguriert ist, jetzt zu dieser wechseln */
|
||||
if( getuid( ) == 0 )
|
||||
{
|
||||
if( Conf_GID != 0 )
|
||||
{
|
||||
/* Neue Group-ID setzen */
|
||||
if( setgid( Conf_GID ) != 0 ) Log( LOG_ERR, "Can't change Group-ID to %u: %s", Conf_GID, strerror( errno ));
|
||||
}
|
||||
if( Conf_UID != 0 )
|
||||
{
|
||||
/* Neue User-ID setzen */
|
||||
if( setuid( Conf_UID ) != 0 ) Log( LOG_ERR, "Can't change User-ID to %u: %s", Conf_UID, strerror( errno ));
|
||||
}
|
||||
}
|
||||
|
||||
/* User, Gruppe und Prozess-ID des Daemon ausgeben */
|
||||
/* Show user, group, and PID of the running daemon */
|
||||
pwd = getpwuid( getuid( )); grp = getgrgid( getgid( ));
|
||||
Log( LOG_INFO, "Running as user %s(%ld), group %s(%ld), with PID %ld.", pwd ? pwd->pw_name : "unknown", (LONG)getuid( ), grp ? grp->gr_name : "unknown", (LONG)getgid( ), (LONG)getpid( ));
|
||||
|
||||
/* stderr in "Error-File" umlenken */
|
||||
Log_InitErrorfile( );
|
||||
/* Redirect stderr handle to "error file" for debugging.
|
||||
* But don't try to write in the chroot jail, since it's more
|
||||
* secure to have a chroot dir not writable by the daemon.
|
||||
*/
|
||||
if( ! Conf_Chroot[0] ) Log_InitErrorfile( );
|
||||
|
||||
/* Signal-Handler initialisieren */
|
||||
Initialize_Signal_Handler( );
|
||||
|
Reference in New Issue
Block a user