2026-02-10 00:37:00 +08:00 · 2015-03-03 11:49:09 +01:00
parent b4347e4971
commit adc8473328
5 changed files with 34 additions and 34 deletions
							
							
								
							
							
						
@@ -746,10 +746,10 @@ unsigned urlfw_size = 0;
		READ_STATIC_STRING("pid-file", pid_file);
	READ_STRING("socket-file", config->socket_file_prefix);
	READ_STRING("occtl-socket-file", config->occtl_socket_file);
	if (config->occtl_socket_file == NULL)
		config->occtl_socket_file = talloc_strdup(config, OCCTL_UNIX_SOCKET);
	PREAD_STRING(perm_config, "socket-file", perm_config->socket_file_prefix);
	PREAD_STRING(perm_config, "occtl-socket-file", perm_config->occtl_socket_file);
	if (perm_config->occtl_socket_file == NULL)
		perm_config->occtl_socket_file = talloc_strdup(perm_config, OCCTL_UNIX_SOCKET);
	val = get_option("session-control", NULL);
	if (val != NULL) {
							
								
							
							
								
							
							
						
@@ -800,7 +800,7 @@ unsigned urlfw_size = 0;
	READ_TF("ping-leases", config->ping_leases, 0);
	READ_STRING("tls-priorities", config->priorities);
	READ_STRING("chroot-dir", config->chroot_dir);
	PREAD_STRING(perm_config, "chroot-dir", perm_config->chroot_dir);
	READ_NUMERIC("mtu", config->default_mtu);
							
								
							
							
								
							
							
						
@@ -1019,10 +1019,10 @@ static void check_cfg(struct perm_cfg_st *perm_config)
	if (perm_config->config->xml_config_file) {
		perm_config->config->xml_config_hash = calc_sha1_hash(perm_config->config, perm_config->config->xml_config_file, 0);
		if (perm_config->config->xml_config_hash == NULL && perm_config->config->chroot_dir != NULL) {
		if (perm_config->config->xml_config_hash == NULL && perm_config->chroot_dir != NULL) {
			char path[_POSIX_PATH_MAX];
			snprintf(path, sizeof(path), "%s/%s", perm_config->config->chroot_dir, perm_config->config->xml_config_file);
			snprintf(path, sizeof(path), "%s/%s", perm_config->chroot_dir, perm_config->config->xml_config_file);
			perm_config->config->xml_config_hash = calc_sha1_hash(perm_config->config, path, 0);
			if (perm_config->config->xml_config_hash == NULL) {
							
								
							
							
								
							
							
						
@@ -1099,7 +1099,6 @@ unsigned i;
	DEL(perm_config->config->route_del_cmd);
	DEL(perm_config->config->per_user_dir);
	DEL(perm_config->config->per_group_dir);
	DEL(perm_config->config->socket_file_prefix);
	DEL(perm_config->config->default_domain);
	DEL(perm_config->config->ocsp_response);
							
							
							
								
							
						
@@ -1112,7 +1111,6 @@ unsigned i;
	DEL(perm_config->config->cert_user_oid);
	DEL(perm_config->config->cert_group_oid);
	DEL(perm_config->config->priorities);
	DEL(perm_config->config->chroot_dir);
	DEL(perm_config->config->connect_script);
	DEL(perm_config->config->disconnect_script);
	DEL(perm_config->config->proxy_url);
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -110,20 +110,20 @@ int ctl_handler_init(main_server_st * s)
	struct sockaddr_un sa;
	int sd, e;
	if (s->config->use_occtl == 0 || s->config->occtl_socket_file == NULL)
	if (s->config->use_occtl == 0 || s->perm_config->occtl_socket_file == NULL)
		return 0;
	mslog(s, NULL, LOG_DEBUG, "initializing control unix socket: %s", s->config->occtl_socket_file);
	mslog(s, NULL, LOG_DEBUG, "initializing control unix socket: %s", s->perm_config->occtl_socket_file);
	memset(&sa, 0, sizeof(sa));
	sa.sun_family = AF_UNIX;
	strlcpy(sa.sun_path, s->config->occtl_socket_file, sizeof(sa.sun_path));
	remove(s->config->occtl_socket_file);
	strlcpy(sa.sun_path, s->perm_config->occtl_socket_file, sizeof(sa.sun_path));
	remove(s->perm_config->occtl_socket_file);
	sd = socket(AF_UNIX, SOCK_STREAM, 0);
	if (sd == -1) {
		e = errno;
		mslog(s, NULL, LOG_ERR, "could not create socket '%s': %s",
		      s->config->occtl_socket_file, strerror(e));
		      s->perm_config->occtl_socket_file, strerror(e));
		return -1;
	}
							
							
							
								
							
						
@@ -132,22 +132,22 @@ int ctl_handler_init(main_server_st * s)
	if (ret == -1) {
		e = errno;
		mslog(s, NULL, LOG_ERR, "could not bind socket '%s': %s",
		      s->config->occtl_socket_file, strerror(e));
		      s->perm_config->occtl_socket_file, strerror(e));
		return -1;
	}
	ret = chown(s->config->occtl_socket_file, s->perm_config->uid, s->perm_config->gid);
	ret = chown(s->perm_config->occtl_socket_file, s->perm_config->uid, s->perm_config->gid);
	if (ret == -1) {
		e = errno;
		mslog(s, NULL, LOG_ERR, "could not chown socket '%s': %s",
		      s->config->occtl_socket_file, strerror(e));
		      s->perm_config->occtl_socket_file, strerror(e));
	}
	ret = listen(sd, 1024);
	if (ret == -1) {
		e = errno;
		mslog(s, NULL, LOG_ERR, "could not listen to socket '%s': %s",
		      s->config->occtl_socket_file, strerror(e));
		      s->perm_config->occtl_socket_file, strerror(e));
		return -1;
	}
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -604,11 +604,11 @@ int run_sec_mod(main_server_st * s)
	/* make socket name */
	snprintf(s->socket_file, sizeof(s->socket_file), "%s.%u",
		 s->config->socket_file_prefix, (unsigned)getpid());
		 s->perm_config->socket_file_prefix, (unsigned)getpid());
	if (s->config->chroot_dir != NULL) {
	if (s->perm_config->chroot_dir != NULL) {
		snprintf(s->full_socket_file, sizeof(s->full_socket_file), "%s/%s",
			 s->config->chroot_dir, s->socket_file);
			 s->perm_config->chroot_dir, s->socket_file);
	} else {
		strlcpy(s->full_socket_file, s->socket_file, sizeof(s->full_socket_file));
	}
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -520,18 +520,18 @@ static void drop_privileges(main_server_st* s)
	int ret, e;
	struct rlimit rl;
	if (s->config->chroot_dir) {
		ret = chdir(s->config->chroot_dir);
	if (s->perm_config->chroot_dir) {
		ret = chdir(s->perm_config->chroot_dir);
		if (ret != 0) {
			e = errno;
			mslog(s, NULL, LOG_ERR, "cannot chdir to %s: %s", s->config->chroot_dir, strerror(e));
			mslog(s, NULL, LOG_ERR, "cannot chdir to %s: %s", s->perm_config->chroot_dir, strerror(e));
			exit(1);
		}
		ret = chroot(s->config->chroot_dir);
		ret = chroot(s->perm_config->chroot_dir);
		if (ret != 0) {
			e = errno;
			mslog(s, NULL, LOG_ERR, "cannot chroot to %s: %s", s->config->chroot_dir, strerror(e));
			mslog(s, NULL, LOG_ERR, "cannot chroot to %s: %s", s->perm_config->chroot_dir, strerror(e));
			exit(1);
		}
	}
							
								
							
							
								
							
							
						
@@ -841,7 +841,7 @@ unsigned total = 10;
		mslog(s, NULL, LOG_INFO, "termination request received; waiting for children to die");
		kill_children(s);
		remove(s->full_socket_file);
		remove(s->config->occtl_socket_file);
		remove(s->perm_config->occtl_socket_file);
		remove_pid_file();
		while (waitpid(-1, NULL, WNOHANG) >= 0) {
							
								
							
							
								
							
							
						
@@ -1027,10 +1027,10 @@ int main(int argc, char** argv)
	/* chdir to our chroot directory, to allow opening the sec-mod
	 * socket if necessary. */
	if (s->config->chroot_dir) {
		if (chdir(s->config->chroot_dir) != 0) {
	if (s->perm_config->chroot_dir) {
		if (chdir(s->perm_config->chroot_dir) != 0) {
			e = errno;
			mslog(s, NULL, LOG_ERR, "cannot chdir to %s: %s", s->config->chroot_dir, strerror(e));
			mslog(s, NULL, LOG_ERR, "cannot chdir to %s: %s", s->perm_config->chroot_dir, strerror(e));
			exit(1);
		}
	}
							
							
							
								
							
						
@@ -1041,7 +1041,7 @@ int main(int argc, char** argv)
	s->secmod_addr.sun_family = AF_UNIX;
	p = s->socket_file;
	if (s->config->chroot_dir) /* if we are on chroot make the socket file path relative */
	if (s->perm_config->chroot_dir) /* if we are on chroot make the socket file path relative */
		while (*p == '/') p++;
	strlcpy(s->secmod_addr.sun_path, p, sizeof(s->secmod_addr.sun_path));
	s->secmod_addr_len = SUN_LEN(&s->secmod_addr);
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -287,7 +287,7 @@ struct cfg_st {
	char *priorities;
	unsigned enable_compression;
	unsigned no_compress_limit;	/* under this size (in bytes) of data there will be no compression */
	char *chroot_dir;	/* where the xml files are served from */
	char *banner;
	char *ocsp_response; /* file with the OCSP response */
	char *default_domain; /* domain to be advertised */
							
							
							
								
							
						
@@ -305,7 +305,6 @@ struct cfg_st {
	char **split_dns;
	unsigned split_dns_size;;
	char* socket_file_prefix;
	unsigned deny_roaming; /* whether a cookie is restricted to a single IP */
	time_t cookie_timeout;	/* in seconds */
							
								
							
							
								
							
							
						
@@ -336,7 +335,6 @@ struct cfg_st {
	unsigned use_utmp;
	unsigned use_dbus; /* whether the D-BUS service is registered */
	unsigned use_occtl; /* whether support for the occtl tool will be enabled */
	char* occtl_socket_file;
	unsigned try_mtu; /* MTU discovery enabled */
	unsigned cisco_client_compat; /* do not require client certificate, 
							
								
							
							
								
							
							
						
@@ -390,6 +388,10 @@ struct perm_cfg_st {
	acct_struct_st acct;
	unsigned int sup_config_type; /* one of SUP_CONFIG_ */
	char *chroot_dir;	/* where the xml files are served from */
	char* occtl_socket_file;
	char* socket_file_prefix;
	uid_t uid;
	gid_t gid;