[master] 5f865c5 Try to collect all the sandbox related stuff in mgt_sandbox.c

Poul-Henning Kamp phk at FreeBSD.org
Wed Feb 11 23:39:10 CET 2015 

commit 5f865c5a438efd22de6fd2b13027def63546d554
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date:   Wed Feb 11 22:38:52 2015 +0000

    Try to collect all the sandbox related stuff in mgt_sandbox.c

diff --git a/bin/varnishd/Makefile.am b/bin/varnishd/Makefile.am
index 03c23fe..b5aafb0 100644
--- a/bin/varnishd/Makefile.am
+++ b/bin/varnishd/Makefile.am
@@ -68,7 +68,6 @@ varnishd_SOURCES = \
 	mgt/mgt_param.c \
 	mgt/mgt_param_tbl.c \
 	mgt/mgt_param_bits.c \
-	mgt/mgt_param_sandbox.c \
 	mgt/mgt_param_tcp.c \
 	mgt/mgt_param_tweak.c \
 	mgt/mgt_pool.c \
diff --git a/bin/varnishd/mgt/mgt.h b/bin/varnishd/mgt/mgt.h
index 601d194..9c1c13d 100644
--- a/bin/varnishd/mgt/mgt.h
+++ b/bin/varnishd/mgt/mgt.h
@@ -96,6 +96,7 @@ enum sandbox_e {
 
 typedef void mgt_sandbox_f(enum sandbox_e);
 extern mgt_sandbox_f *mgt_sandbox;
+void mgt_sandbox_init(void);
 
 /* mgt_sandbox_solaris.c */
 #ifdef HAVE_SETPPRIV
diff --git a/bin/varnishd/mgt/mgt_main.c b/bin/varnishd/mgt/mgt_main.c
index d32ea13..52bb022 100644
--- a/bin/varnishd/mgt/mgt_main.c
+++ b/bin/varnishd/mgt/mgt_main.c
@@ -36,8 +36,6 @@
 
 #include <ctype.h>
 #include <fcntl.h>
-#include <grp.h>
-#include <pwd.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -329,41 +327,11 @@ static void
 init_params(struct cli *cli)
 {
 	ssize_t def, low;
-	struct passwd *pwd;
-	struct group *grp;
 
 	MCF_CollectParams();
 
 	MCF_TcpParams();
 
-	/*
-	 * If we have nobody/nogroup, use them as defaults for sandboxes,
-	 * else fall back to whoever we run as.
-	 */
-	if (getpwnam("nobody") != NULL) {
-		MCF_SetDefault("user", "nobody");
-	} else {
-		pwd = getpwuid(getuid());
-		if (pwd == NULL)
-			ARGV_ERR("Neither user 'nobody' or my uid (%jd)"
-			    " found in password database.\n",
-			    (intmax_t)getuid());
-		MCF_SetDefault("user", pwd->pw_name);
-	}
-	endpwent();
-
-	if (getgrnam("nogroup") != NULL) {
-		MCF_SetDefault("group", "nogroup");
-	} else {
-		grp = getgrgid(getgid());
-		if (grp == NULL)
-			ARGV_ERR("Neither group 'nogroup' or my gid (%jd)"
-			    " found in password database.\n",
-			    (intmax_t)getgid());
-		MCF_SetDefault("group", grp->gr_name);
-	}
-	endgrent();
-
 	if (sizeof(void *) < 8) {
 		/*
 		 * Adjust default parameters for 32 bit systems to conserve
@@ -457,6 +425,15 @@ main(int argc, char * const *argv)
 	 */
 	SHA256_Test();
 
+	/*
+	 * Find out if we can sandbox
+	 */
+	mgt_sandbox_init();
+
+	/*
+	 * Create a cli for convenience in otherwise CLI functions
+	 */
+
 	INIT_OBJ(cli, CLI_MAGIC);
 	cli[0].sb = VSB_new_auto();
 	XXXAN(cli[0].sb);
@@ -579,8 +556,6 @@ main(int argc, char * const *argv)
 	argc -= optind;
 	argv += optind;
 
-	mgt_vcc_init();
-
 	if (argc != 0)
 		ARGV_ERR("Too many arguments (%s...)\n", argv[0]);
 
@@ -655,6 +630,8 @@ main(int argc, char * const *argv)
 		ARGV_ERR("Could not open pid/lock (-P) file (%s): %s\n",
 		    P_arg, strerror(errno));
 
+	mgt_vcc_init();
+
 	if (b_arg != NULL || f_arg != NULL) {
 		mgt_vcc_default(cli, b_arg, vcl, C_flag);
 		if (C_flag) {
diff --git a/bin/varnishd/mgt/mgt_param.c b/bin/varnishd/mgt/mgt_param.c
index 99d4496..c8b7fe9 100644
--- a/bin/varnishd/mgt/mgt_param.c
+++ b/bin/varnishd/mgt/mgt_param.c
@@ -470,7 +470,6 @@ MCF_CollectParams(void)
 	MCF_AddParams(mgt_parspec);
 	MCF_AddParams(WRK_parspec);
 	MCF_AddParams(VSL_parspec);
-	MCF_AddParams(mgt_parspec_sandbox);
 }
 
 /*--------------------------------------------------------------------*/
diff --git a/bin/varnishd/mgt/mgt_param.h b/bin/varnishd/mgt/mgt_param.h
index 95c402b..4550b92 100644
--- a/bin/varnishd/mgt/mgt_param.h
+++ b/bin/varnishd/mgt/mgt_param.h
@@ -71,4 +71,3 @@ int tweak_generic_uint(struct vsb *vsb, volatile unsigned *dest,
 extern struct parspec mgt_parspec[]; /* mgt_param_tbl.c */
 extern struct parspec VSL_parspec[]; /* mgt_param_vsl.c */
 extern struct parspec WRK_parspec[]; /* mgt_pool.c */
-extern struct parspec mgt_parspec_sandbox[]; /* mgt_param_sandbox.c */
diff --git a/bin/varnishd/mgt/mgt_param_sandbox.c b/bin/varnishd/mgt/mgt_param_sandbox.c
deleted file mode 100644
index 432c4d9..0000000
--- a/bin/varnishd/mgt/mgt_param_sandbox.c
+++ /dev/null
@@ -1,160 +0,0 @@
-/*-
- * Copyright (c) 2006 Verdens Gang AS
- * Copyright (c) 2006-2011 Varnish Software AS
- * All rights reserved.
- *
- * Author: Poul-Henning Kamp <phk at phk.freebsd.dk>
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * Functions for tweaking parameters
- *
- */
-
-#include "config.h"
-
-#include <grp.h>
-#include <limits.h>
-#include <math.h>
-#include <pwd.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "mgt/mgt.h"
-#include "common/params.h"
-
-#include "mgt/mgt_param.h"
-
-/*--------------------------------------------------------------------
- * XXX: slightly magic.  We want to initialize to "nobody" (XXX: shouldn't
- * XXX: that be something autocrap found for us ?) but we don't want to
- * XXX: fail initialization if that user doesn't exists, even though we
- * XXX: do want to fail it, in subsequent sets.
- * XXX: The magic init string is a hack for this.
- */
-
-static int
-tweak_user(struct vsb *vsb, const struct parspec *par, const char *arg)
-{
-	struct passwd *pw;
-
-	(void)par;
-	if (arg != NULL) {
-		pw = getpwnam(arg);
-		if (pw == NULL) {
-			VSB_printf(vsb, "Unknown user '%s'", arg);
-			return(-1);
-		}
-		REPLACE(mgt_param.user, pw->pw_name);
-		mgt_param.uid = pw->pw_uid;
-		endpwent();
-	} else if (mgt_param.user) {
-		VSB_printf(vsb, "%s (%d)", mgt_param.user, (int)mgt_param.uid);
-	} else {
-		VSB_printf(vsb, "UID %d", (int)mgt_param.uid);
-	}
-	return (0);
-}
-
-/*--------------------------------------------------------------------
- * XXX: see comment for tweak_user, same thing here.
- */
-
-static int
-tweak_group(struct vsb *vsb, const struct parspec *par, const char *arg)
-{
-	struct group *gr;
-
-	(void)par;
-	if (arg != NULL) {
-		gr = getgrnam(arg);
-		if (gr == NULL) {
-			VSB_printf(vsb, "Unknown group '%s'", arg);
-			return(-1);
-		}
-		REPLACE(mgt_param.group, gr->gr_name);
-		mgt_param.gid = gr->gr_gid;
-		endgrent();
-	} else if (mgt_param.group) {
-		VSB_printf(vsb, "%s (%d)", mgt_param.group, (int)mgt_param.gid);
-	} else {
-		VSB_printf(vsb, "GID %d", (int)mgt_param.gid);
-	}
-	return (0);
-}
-
-/*--------------------------------------------------------------------
- * XXX: see comment for tweak_user, same thing here.
- */
-
-static int
-tweak_group_cc(struct vsb *vsb, const struct parspec *par, const char *arg)
-{
-	struct group *gr;
-
-	(void)par;
-	if (arg != NULL) {
-		if (*arg != '\0') {
-			gr = getgrnam(arg);
-			if (gr == NULL) {
-				VSB_printf(vsb, "Unknown group");
-				return(-1);
-			}
-			REPLACE(mgt_param.group_cc, gr->gr_name);
-			mgt_param.gid_cc = gr->gr_gid;
-		} else {
-			REPLACE(mgt_param.group_cc, "");
-			mgt_param.gid_cc = 0;
-		}
-	} else if (strlen(mgt_param.group_cc) > 0) {
-		VSB_printf(vsb, "%s (%d)",
-		    mgt_param.group_cc, (int)mgt_param.gid_cc);
-	} else {
-		VSB_printf(vsb, "<not set>");
-	}
-	return (0);
-}
-
-/*--------------------------------------------------------------------
- */
-
-struct parspec mgt_parspec_sandbox[] = {
-	{ "user", tweak_user, NULL, NULL, NULL,
-		"The unprivileged user to run as.",
-		MUST_RESTART | ONLY_ROOT,
-		"" },
-	{ "group", tweak_group, NULL, NULL, NULL,
-		"The unprivileged group to run as.",
-		MUST_RESTART | ONLY_ROOT,
-		"" },
-	{ "group_cc", tweak_group_cc, NULL, NULL, NULL,
-		"On some systems the C-compiler is restricted so not"
-		" everybody can run it.  This parameter makes it possible"
-		" to add an extra group to the sandbox process which runs the"
-		" cc_command, in order to gain access to such a restricted"
-		" C-compiler.",
-		ONLY_ROOT,
-		"" },
-	{ NULL, NULL, NULL }
-};
diff --git a/bin/varnishd/mgt/mgt_sandbox.c b/bin/varnishd/mgt/mgt_sandbox.c
index 69ce5fa..a7b5abf 100644
--- a/bin/varnishd/mgt/mgt_sandbox.c
+++ b/bin/varnishd/mgt/mgt_sandbox.c
@@ -48,14 +48,132 @@
 #include <sys/prctl.h>
 #endif
 
+#include <pwd.h>
 #include <grp.h>
 #include <stdio.h>
+#include <stdlib.h>
 #include <syslog.h>
 #include <string.h>
 #include <unistd.h>
 
 #include "mgt/mgt.h"
 #include "common/params.h"
+#include "mgt/mgt_param.h"
+
+mgt_sandbox_f *mgt_sandbox;
+
+/*--------------------------------------------------------------------
+ * XXX: slightly magic.  We want to initialize to "nobody" (XXX: shouldn't
+ * XXX: that be something autocrap found for us ?) but we don't want to
+ * XXX: fail initialization if that user doesn't exists, even though we
+ * XXX: do want to fail it, in subsequent sets.
+ * XXX: The magic init string is a hack for this.
+ */
+
+static int
+tweak_user(struct vsb *vsb, const struct parspec *par, const char *arg)
+{
+	struct passwd *pw;
+
+	(void)par;
+	if (arg != NULL) {
+		pw = getpwnam(arg);
+		if (pw == NULL) {
+			VSB_printf(vsb, "Unknown user '%s'", arg);
+			return(-1);
+		}
+		REPLACE(mgt_param.user, pw->pw_name);
+		mgt_param.uid = pw->pw_uid;
+		endpwent();
+	} else if (mgt_param.user) {
+		VSB_printf(vsb, "%s (%d)", mgt_param.user, (int)mgt_param.uid);
+	} else {
+		VSB_printf(vsb, "UID %d", (int)mgt_param.uid);
+	}
+	return (0);
+}
+
+/*--------------------------------------------------------------------
+ * XXX: see comment for tweak_user, same thing here.
+ */
+
+static int
+tweak_group(struct vsb *vsb, const struct parspec *par, const char *arg)
+{
+	struct group *gr;
+
+	(void)par;
+	if (arg != NULL) {
+		gr = getgrnam(arg);
+		if (gr == NULL) {
+			VSB_printf(vsb, "Unknown group '%s'", arg);
+			return(-1);
+		}
+		REPLACE(mgt_param.group, gr->gr_name);
+		mgt_param.gid = gr->gr_gid;
+		endgrent();
+	} else if (mgt_param.group) {
+		VSB_printf(vsb, "%s (%d)", mgt_param.group, (int)mgt_param.gid);
+	} else {
+		VSB_printf(vsb, "GID %d", (int)mgt_param.gid);
+	}
+	return (0);
+}
+
+/*--------------------------------------------------------------------
+ * XXX: see comment for tweak_user, same thing here.
+ */
+
+static int
+tweak_group_cc(struct vsb *vsb, const struct parspec *par, const char *arg)
+{
+	struct group *gr;
+
+	(void)par;
+	if (arg != NULL) {
+		if (*arg != '\0') {
+			gr = getgrnam(arg);
+			if (gr == NULL) {
+				VSB_printf(vsb, "Unknown group");
+				return(-1);
+			}
+			REPLACE(mgt_param.group_cc, gr->gr_name);
+			mgt_param.gid_cc = gr->gr_gid;
+		} else {
+			REPLACE(mgt_param.group_cc, "");
+			mgt_param.gid_cc = 0;
+		}
+	} else if (strlen(mgt_param.group_cc) > 0) {
+		VSB_printf(vsb, "%s (%d)",
+		    mgt_param.group_cc, (int)mgt_param.gid_cc);
+	} else {
+		VSB_printf(vsb, "<not set>");
+	}
+	return (0);
+}
+
+/*--------------------------------------------------------------------
+ */
+
+static struct parspec mgt_parspec_sandbox[] = {
+	{ "user", tweak_user, NULL, NULL, NULL,
+		"The unprivileged user to run as.",
+		MUST_RESTART | ONLY_ROOT,
+		"" },
+	{ "group", tweak_group, NULL, NULL, NULL,
+		"The unprivileged group to run as.",
+		MUST_RESTART | ONLY_ROOT,
+		"" },
+	{ "group_cc", tweak_group_cc, NULL, NULL, NULL,
+		"On some systems the C-compiler is restricted so not"
+		" everybody can run it.  This parameter makes it possible"
+		" to add an extra group to the sandbox process which runs the"
+		" cc_command, in order to gain access to such a restricted"
+		" C-compiler.",
+		ONLY_ROOT,
+		"" },
+	{ NULL, NULL, NULL }
+};
 
 /*--------------------------------------------------------------------*/
 
@@ -105,11 +223,49 @@ mgt_sandbox_linux(enum sandbox_e who)
 
 /*--------------------------------------------------------------------*/
 
-mgt_sandbox_f *mgt_sandbox =
+void
+mgt_sandbox_init(void)
+{
+	struct passwd *pwd;
+	struct group *grp;
+
+
+	MCF_AddParams(mgt_parspec_sandbox);
+
+	/*
+	 * If we have nobody/nogroup, use them as defaults for sandboxes,
+	 * else fall back to whoever we run as.
+	 */
+	if (getpwnam("nobody") != NULL) {
+		MCF_SetDefault("user", "nobody");
+	} else {
+		pwd = getpwuid(getuid());
+		if (pwd == NULL)
+			ARGV_ERR("Neither user 'nobody' or my uid (%jd)"
+			    " found in password database.\n",
+			    (intmax_t)getuid());
+		MCF_SetDefault("user", pwd->pw_name);
+	}
+	endpwent();
+
+	if (getgrnam("nogroup") != NULL) {
+		MCF_SetDefault("group", "nogroup");
+	} else {
+		grp = getgrgid(getgid());
+		if (grp == NULL)
+			ARGV_ERR("Neither group 'nogroup' or my gid (%jd)"
+			    " found in password database.\n",
+			    (intmax_t)getgid());
+		MCF_SetDefault("group", grp->gr_name);
+	}
+	endgrent();
+
+
 #ifdef HAVE_SETPPRIV
-	mgt_sandbox_solaris;
+	mgt_sandbox = mgt_sandbox_solaris;
 #elif defined (__linux__)
-	mgt_sandbox_linux;
+	mgt_sandbox = mgt_sandbox_linux;
 #else
-	mgt_sandbox_unix;
+	mgt_sandbox = mgt_sandbox_unix;
 #endif
+}

More information about the varnish-commit mailing list