1
0
mirror of https://github.com/osmarks/ngircd.git synced 2025-10-22 01:47:37 +00:00

New "chroot" feature (from Benjamin Pineau), introducing new configuration

variables "ChrootDir" and "MotdPhrase".
This commit is contained in:
Alexander Barton
2004-05-07 11:19:20 +00:00
parent 39fc76c4e4
commit 7281b8dd4d
13 changed files with 139 additions and 46 deletions

View File

@@ -14,7 +14,7 @@
#include "portab.h"
static char UNUSED id[] = "$Id: conf.c,v 1.63 2004/01/17 03:17:00 alex Exp $";
static char UNUSED id[] = "$Id: conf.c,v 1.64 2004/05/07 11:19:21 alex Exp $";
#include "imp.h"
#include <assert.h>
@@ -114,6 +114,8 @@ Conf_Test( VOID )
printf( " AdminInfo2 = %s\n", Conf_ServerAdmin2 );
printf( " AdminEMail = %s\n", Conf_ServerAdminMail );
printf( " MotdFile = %s\n", Conf_MotdFile );
printf( " MotdPhrase = %s\n", Conf_MotdPhrase );
printf( " ChrootDir= %s\n", Conf_Chroot );
printf( " Ports = " );
for( i = 0; i < Conf_ListenPorts_Count; i++ )
{
@@ -343,6 +345,10 @@ Set_Defaults( BOOLEAN InitServers )
strlcpy( Conf_MotdFile, SYSCONFDIR, sizeof( Conf_MotdFile ));
strlcat( Conf_MotdFile, MOTD_FILE, sizeof( Conf_MotdFile ));
strlcpy( Conf_MotdPhrase, MOTD_PHRASE, sizeof( Conf_MotdPhrase ));
strlcpy( Conf_Chroot, CHROOT_DIR, sizeof( Conf_Chroot ));
Conf_ListenPorts_Count = 0;
strcpy( Conf_ListenAddress, "" );
@@ -613,6 +619,18 @@ Handle_GLOBAL( INT Line, CHAR *Var, CHAR *Arg )
if( strlcpy( Conf_MotdFile, Arg, sizeof( Conf_MotdFile )) >= sizeof( Conf_MotdFile )) Config_Error( LOG_WARNING, "%s, line %d: Value of \"MotdFile\" too long!", NGIRCd_ConfFile, Line );
return;
}
if( strcasecmp( Var, "MotdPhrase" ) == 0 )
{
/* "Message of the day" phrase (instead of file) */
if( strlcpy( Conf_MotdPhrase, Arg, sizeof( Conf_MotdPhrase )) >= sizeof( Conf_MotdPhrase )) Config_Error( LOG_WARNING, "%s, line %d: Value of \"MotdPhrase\" too long!", NGIRCd_ConfFile, Line );
return;
}
if( strcasecmp( Var, "ChrootDir" ) == 0 )
{
/* directory for chroot() */
if( strlcpy( Conf_Chroot, Arg, sizeof( Conf_Chroot )) >= sizeof( Conf_Chroot )) Config_Error( LOG_WARNING, "%s, line %d: Value of \"ChrootDir\" too long!", NGIRCd_ConfFile, Line );
return;
}
if( strcasecmp( Var, "ServerUID" ) == 0 )
{
/* UID the daemon should switch to */

View File

@@ -8,7 +8,7 @@
* (at your option) any later version.
* Please read the file COPYING, README and AUTHORS for more information.
*
* $Id: conf.h,v 1.28 2003/11/05 21:41:02 alex Exp $
* $Id: conf.h,v 1.29 2004/05/07 11:19:21 alex Exp $
*
* Configuration management (header)
*/
@@ -72,6 +72,9 @@ GLOBAL CHAR Conf_ServerAdminMail[CLIENT_INFO_LEN];
/* File with MOTD text */
GLOBAL CHAR Conf_MotdFile[FNAME_LEN];
/* Phrase with MOTD text */
GLOBAL CHAR Conf_MotdPhrase[LINE_LEN];
/* Ports the server should listen on */
GLOBAL UINT Conf_ListenPorts[MAX_LISTEN_PORTS];
GLOBAL INT Conf_ListenPorts_Count;
@@ -83,6 +86,9 @@ GLOBAL CHAR Conf_ListenAddress[16];
GLOBAL UINT Conf_UID;
GLOBAL UINT Conf_GID;
/* A directory to chroot() in */
GLOBAL CHAR Conf_Chroot[FNAME_LEN];
/* Timeouts for PING and PONG */
GLOBAL INT Conf_PingTimeout;
GLOBAL INT Conf_PongTimeout;

View File

@@ -8,7 +8,7 @@
* (at your option) any later version.
* Please read the file COPYING, README and AUTHORS for more information.
*
* $Id: defines.h,v 1.45 2004/04/25 15:46:50 alex Exp $
* $Id: defines.h,v 1.46 2004/05/07 11:19:21 alex Exp $
*
* Global defines of ngIRCd.
*/
@@ -83,6 +83,8 @@
#define CONFIG_FILE "/ngircd.conf"
#define MOTD_FILE "/ngircd.motd"
#define MOTD_PHRASE ""
#define CHROOT_DIR ""
#define ERROR_DIR "/tmp"

View File

@@ -14,7 +14,7 @@
#include "portab.h"
static char UNUSED id[] = "$Id: irc-info.c,v 1.21 2004/01/17 03:17:49 alex Exp $";
static char UNUSED id[] = "$Id: irc-info.c,v 1.22 2004/05/07 11:19:21 alex Exp $";
#include "imp.h"
#include <assert.h>
@@ -773,6 +773,13 @@ IRC_Show_MOTD( CLIENT *Client )
assert( Client != NULL );
if( Conf_MotdPhrase[0] )
{
if( ! IRC_WriteStrClient( Client, RPL_MOTDSTART_MSG, Client_ID( Client ), Client_ID( Client_ThisServer( )))) return DISCONNECTED;
if( ! IRC_WriteStrClient( Client, RPL_MOTD_MSG, Client_ID( Client ), Conf_MotdPhrase )) return DISCONNECTED;
return IRC_WriteStrClient( Client, RPL_ENDOFMOTD_MSG, Client_ID( Client ));
}
fd = fopen( Conf_MotdFile, "r" );
if( ! fd )
{
@@ -780,7 +787,7 @@ IRC_Show_MOTD( CLIENT *Client )
return IRC_WriteStrClient( Client, ERR_NOMOTD_MSG, Client_ID( Client ) );
}
IRC_WriteStrClient( Client, RPL_MOTDSTART_MSG, Client_ID( Client ), Client_ID( Client_ThisServer( )));
if( ! IRC_WriteStrClient( Client, RPL_MOTDSTART_MSG, Client_ID( Client ), Client_ID( Client_ThisServer( )))) return DISCONNECTED;
while( TRUE )
{
if( ! fgets( line, 126, fd )) break;

View File

@@ -14,7 +14,7 @@
#include "portab.h"
static char UNUSED id[] = "$Id: log.c,v 1.44 2003/12/26 15:55:07 alex Exp $";
static char UNUSED id[] = "$Id: log.c,v 1.45 2004/05/07 11:19:21 alex Exp $";
#include "imp.h"
#include <assert.h>
@@ -85,6 +85,8 @@ Log_Init( VOID )
}
#endif
if( Init_Txt[0] ) Log( LOG_INFO, "Activating: %s.", Init_Txt );
Error_File[0] = '\0';
} /* Log_Init */
@@ -122,8 +124,11 @@ Log_Exit( VOID )
if( NGIRCd_SignalRestart ) Log( LOG_NOTICE, "%s done (restarting).", PACKAGE_NAME );
else Log( LOG_NOTICE, "%s done.", PACKAGE_NAME );
/* Error-File (stderr) loeschen */
if( unlink( Error_File ) != 0 ) Log( LOG_ERR, "Can't delete \"%s\": %s", Error_File, strerror( errno ));
if( Error_File[0] )
{
/* Error-File (stderr) loeschen */
if( unlink( Error_File ) != 0 ) Log( LOG_ERR, "Can't delete \"%s\": %s", Error_File, strerror( errno ));
}
#ifdef SYSLOG
/* syslog abmelden */

View File

@@ -14,7 +14,7 @@
#include "portab.h"
static char UNUSED id[] = "$Id: ngircd.c,v 1.83 2004/01/19 21:54:59 alex Exp $";
static char UNUSED id[] = "$Id: ngircd.c,v 1.84 2004/05/07 11:19:21 alex Exp $";
#include "imp.h"
#include <assert.h>
@@ -228,6 +228,38 @@ main( int argc, const char *argv[] )
while( ! NGIRCd_SignalQuit )
{
/* Initialize global variables */
NGIRCd_Start = time( NULL );
(VOID)strftime( NGIRCd_StartStr, 64, "%a %b %d %Y at %H:%M:%S (%Z)", localtime( &NGIRCd_Start ));
NGIRCd_SignalRehash = FALSE;
NGIRCd_SignalRestart = FALSE;
NGIRCd_SignalQuit = FALSE;
/* Initialize modules, part I */
Log_Init( );
Conf_Init( );
if( Conf_Chroot[0] )
{
/* Chroot */
if( chdir( Conf_Chroot ) != 0 ) Log( LOG_ERR, "Can't chdir() in ChrootDir (%s): %s", Conf_Chroot, strerror( errno ));
if( chroot( Conf_Chroot ) != 0 ) Log( LOG_ERR, "Can't change root directory to \"%s\": %s", Conf_Chroot, strerror( errno ));
else Log( LOG_INFO, "Changed root and working directory to \"%s\".", Conf_Chroot );
}
if( Conf_GID != 0 )
{
/* Set new group ID */
if( setgid( Conf_GID ) != 0 ) Log( LOG_ERR, "Can't change group ID to %u: %s", Conf_GID, strerror( errno ));
}
if( Conf_UID != 0 )
{
/* Set new user ID */
if( setuid( Conf_UID ) != 0 ) Log( LOG_ERR, "Can't change user ID to %u: %s", Conf_UID, strerror( errno ));
}
/* In der Regel wird ein Sub-Prozess ge-fork()'t, der
* nicht mehr mit dem Terminal verbunden ist. Mit der
* Option "--nodaemon" kann dies (z.B. zum Debuggen)
@@ -252,18 +284,10 @@ main( int argc, const char *argv[] )
(VOID)setsid( );
chdir( "/" );
}
/* Globale Variablen initialisieren */
NGIRCd_Start = time( NULL );
(VOID)strftime( NGIRCd_StartStr, 64, "%a %b %d %Y at %H:%M:%S (%Z)", localtime( &NGIRCd_Start ));
NGIRCd_SignalRehash = FALSE;
NGIRCd_SignalRestart = FALSE;
NGIRCd_SignalQuit = FALSE;
/* Module initialisieren */
Log_Init( );
/* Initialize modules, part II: these functions are eventually
* called with already dropped privileges ... */
Resolve_Init( );
Conf_Init( );
Lists_Init( );
Channel_Init( );
Client_Init( );
@@ -272,28 +296,15 @@ main( int argc, const char *argv[] )
#endif
Conn_Init( );
/* Wenn als root ausgefuehrt und eine andere UID
* konfiguriert ist, jetzt zu dieser wechseln */
if( getuid( ) == 0 )
{
if( Conf_GID != 0 )
{
/* Neue Group-ID setzen */
if( setgid( Conf_GID ) != 0 ) Log( LOG_ERR, "Can't change Group-ID to %u: %s", Conf_GID, strerror( errno ));
}
if( Conf_UID != 0 )
{
/* Neue User-ID setzen */
if( setuid( Conf_UID ) != 0 ) Log( LOG_ERR, "Can't change User-ID to %u: %s", Conf_UID, strerror( errno ));
}
}
/* User, Gruppe und Prozess-ID des Daemon ausgeben */
/* Show user, group, and PID of the running daemon */
pwd = getpwuid( getuid( )); grp = getgrgid( getgid( ));
Log( LOG_INFO, "Running as user %s(%ld), group %s(%ld), with PID %ld.", pwd ? pwd->pw_name : "unknown", (LONG)getuid( ), grp ? grp->gr_name : "unknown", (LONG)getgid( ), (LONG)getpid( ));
/* stderr in "Error-File" umlenken */
Log_InitErrorfile( );
/* Redirect stderr handle to "error file" for debugging.
* But don't try to write in the chroot jail, since it's more
* secure to have a chroot dir not writable by the daemon.
*/
if( ! Conf_Chroot[0] ) Log_InitErrorfile( );
/* Signal-Handler initialisieren */
Initialize_Signal_Handler( );