The Samba-Bugzilla – Attachment 13248 Details for
Bug 12817
[PATCH] Allow daemon itself to chroot
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
rsync_daemon_chroot
rsync_daemon_chroot.patch (text/plain), 3.84 KB, created by
Ben RUBSON
on 2017-06-04 21:13:37 UTC
(
hide
)
Description:
rsync_daemon_chroot
Filename:
MIME Type:
Creator:
Ben RUBSON
Created:
2017-06-04 21:13:37 UTC
Size:
3.84 KB
patch
obsolete
>--- proto.h.orig 2017-06-04 22:50:06.814525000 +0200 >+++ proto.h 2017-06-04 22:50:30.000000000 +0200 >@@ -183,6 +183,9 @@ > void start_write_batch(int fd); > void stop_write_batch(void); > char *lp_bind_address(void); >+char *lp_daemon_chroot(void); >+char *lp_daemon_gid(void); >+char *lp_daemon_uid(void); > char *lp_motd_file(void); > char *lp_pid_file(void); > char *lp_socket_options(void); >--- loadparm.c.orig 2017-06-04 22:49:56.753698000 +0200 >+++ loadparm.c 2017-06-04 22:50:54.000000000 +0200 >@@ -93,6 +93,9 @@ > /* This structure describes global (ie., server-wide) parameters. */ > typedef struct { > char *bind_address; >+ char *daemon_chroot; >+ char *daemon_gid; >+ char *daemon_uid; > char *motd_file; > char *pid_file; > char *socket_options; >@@ -172,6 +175,9 @@ > /* ==== global_vars ==== */ > { > /* bind_address; */ NULL, >+ /* daemon_chroot; */ NULL, >+ /* daemon_gid; */ NULL, >+ /* daemon_uid; */ NULL, > /* motd_file; */ NULL, > /* pid_file; */ NULL, > /* socket_options; */ NULL, >@@ -313,6 +319,9 @@ > static struct parm_struct parm_table[] = > { > {"address", P_STRING, P_GLOBAL,&Vars.g.bind_address, NULL,0}, >+ {"daemon chroot", P_STRING, P_GLOBAL,&Vars.g.daemon_chroot, NULL,0}, >+ {"daemon gid", P_STRING, P_GLOBAL,&Vars.g.daemon_gid, NULL,0}, >+ {"daemon uid", P_STRING, P_GLOBAL,&Vars.g.daemon_uid, NULL,0}, > {"listen backlog", P_INTEGER,P_GLOBAL,&Vars.g.listen_backlog, NULL,0}, > {"motd file", P_STRING, P_GLOBAL,&Vars.g.motd_file, NULL,0}, > {"pid file", P_STRING, P_GLOBAL,&Vars.g.pid_file, NULL,0}, >@@ -444,6 +453,9 @@ > int fn_name(int i) {return LP_SNUM_OK(i)? iSECTION(i).val : Vars.l.val;} > > FN_GLOBAL_STRING(lp_bind_address, &Vars.g.bind_address) >+FN_GLOBAL_STRING(lp_daemon_chroot, &Vars.g.daemon_chroot) >+FN_GLOBAL_STRING(lp_daemon_gid, &Vars.g.daemon_gid) >+FN_GLOBAL_STRING(lp_daemon_uid, &Vars.g.daemon_uid) > FN_GLOBAL_STRING(lp_motd_file, &Vars.g.motd_file) > FN_GLOBAL_STRING(lp_pid_file, &Vars.g.pid_file) > FN_GLOBAL_STRING(lp_socket_options, &Vars.g.socket_options) >--- clientserver.c.orig 2017-06-04 22:50:15.488946000 +0200 >+++ clientserver.c 2017-06-04 22:50:25.000000000 +0200 >@@ -1040,6 +1040,9 @@ > char line[1024]; > const char *addr, *host; > int i; >+ char *chroot_path, *p = NULL; >+ gid_t gid; >+ uid_t uid; > > io_set_sock_fds(f_in, f_out); > >@@ -1050,6 +1053,31 @@ > if (!load_config(0)) > exit_cleanup(RERR_SYNTAX); > >+ chroot_path = lp_daemon_chroot(); >+ if (*chroot_path) { >+ if (chroot(chroot_path)) { >+ rsyserr(FLOG, errno, "daemon chroot %s failed", chroot_path); >+ return -1; >+ } >+ chdir("/"); >+ } >+ p = lp_daemon_gid(); >+ if (*p) { >+ if (!group_to_gid(p, &gid, True)) { >+ rprintf(FLOG, "Invalid gid %s\n", p); >+ return -1; >+ } >+ setgid(gid); >+ } >+ p = lp_daemon_uid(); >+ if (*p) { >+ if (!user_to_uid(p, &uid, True)) { >+ rprintf(FLOG, "Invalid uid %s\n", p); >+ return -1; >+ } >+ setuid(uid); >+ } >+ > addr = client_addr(f_in); > host = lp_reverse_lookup(-1) ? client_name(f_in) : undetermined_hostname; > rprintf(FLOG, "connect from %s (%s)\n", host, addr); >--- rsyncd.conf.5.orig 2017-06-04 22:49:49.051335000 +0200 >+++ rsyncd.conf.5 2017-06-04 22:55:57.000000000 +0200 >@@ -166,6 +166,17 @@ > that is displayed next to the module name when clients obtain a list > of available modules. The default is no comment. > .IP >+.IP "\fBdaemon chroot\fP" >+This parameter specifies a path to which daemon will chroot before >+beginning communication with clients. Modules paths will then be related >+to this one. >+.IP >+.IP "\fBdaemon gid\fP" >+This parameter specifies a gid under which the daemon will run. >+.IP >+.IP "\fBdaemon uid\fP" >+This parameter specifies a uid under which the daemon will run. >+.IP > .IP "\fBpath\fP" > This parameter specifies the directory in the daemon\(cq\&s > filesystem to make available in this module. You must specify this parameter
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=13248">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 12817
:
13248
|
13249
|
13250
|
13251