GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-03-13 06:48:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

chroot_dir, occtl_socket_file and socket_file_prefix were moved to permanent config options

Browse Source
This commit is contained in:
Nikos Mavrogiannopoulos
2015-03-03 11:49:09 +01:00
parent b4347e4971
commit adc8473328
5 changed files with 34 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/config.c
View File

@@ -746,10 +746,10 @@ unsigned urlfw_size = 0;
READ_STATIC_STRING("pid-file", pid_file); READ_STATIC_STRING("pid-file", pid_file);
READ_STRING("socket-file", config->socket_file_prefix); PREAD_STRING(perm_config, "socket-file", perm_config->socket_file_prefix);
READ_STRING("occtl-socket-file", config->occtl_socket_file); PREAD_STRING(perm_config, "occtl-socket-file", perm_config->occtl_socket_file);
if (config->occtl_socket_file == NULL) if (perm_config->occtl_socket_file == NULL)
config->occtl_socket_file = talloc_strdup(config, OCCTL_UNIX_SOCKET); perm_config->occtl_socket_file = talloc_strdup(perm_config, OCCTL_UNIX_SOCKET);
val = get_option("session-control", NULL); val = get_option("session-control", NULL);
if (val != NULL) { if (val != NULL) {
@@ -800,7 +800,7 @@ unsigned urlfw_size = 0;
READ_TF("ping-leases", config->ping_leases, 0); READ_TF("ping-leases", config->ping_leases, 0);
READ_STRING("tls-priorities", config->priorities); READ_STRING("tls-priorities", config->priorities);
READ_STRING("chroot-dir", config->chroot_dir); PREAD_STRING(perm_config, "chroot-dir", perm_config->chroot_dir);
READ_NUMERIC("mtu", config->default_mtu); READ_NUMERIC("mtu", config->default_mtu);
@@ -1019,10 +1019,10 @@ static void check_cfg(struct perm_cfg_st *perm_config)
if (perm_config->config->xml_config_file) { if (perm_config->config->xml_config_file) {
perm_config->config->xml_config_hash = calc_sha1_hash(perm_config->config, perm_config->config->xml_config_file, 0); perm_config->config->xml_config_hash = calc_sha1_hash(perm_config->config, perm_config->config->xml_config_file, 0);
if (perm_config->config->xml_config_hash == NULL && perm_config->config->chroot_dir != NULL) { if (perm_config->config->xml_config_hash == NULL && perm_config->chroot_dir != NULL) {
char path[_POSIX_PATH_MAX]; char path[_POSIX_PATH_MAX];
snprintf(path, sizeof(path), "%s/%s", perm_config->config->chroot_dir, perm_config->config->xml_config_file); snprintf(path, sizeof(path), "%s/%s", perm_config->chroot_dir, perm_config->config->xml_config_file);
perm_config->config->xml_config_hash = calc_sha1_hash(perm_config->config, path, 0); perm_config->config->xml_config_hash = calc_sha1_hash(perm_config->config, path, 0);
if (perm_config->config->xml_config_hash == NULL) { if (perm_config->config->xml_config_hash == NULL) {
@@ -1099,7 +1099,6 @@ unsigned i;
DEL(perm_config->config->route_del_cmd); DEL(perm_config->config->route_del_cmd);
DEL(perm_config->config->per_user_dir); DEL(perm_config->config->per_user_dir);
DEL(perm_config->config->per_group_dir); DEL(perm_config->config->per_group_dir);
DEL(perm_config->config->socket_file_prefix);
DEL(perm_config->config->default_domain); DEL(perm_config->config->default_domain);
DEL(perm_config->config->ocsp_response); DEL(perm_config->config->ocsp_response);
@@ -1112,7 +1111,6 @@ unsigned i;
DEL(perm_config->config->cert_user_oid); DEL(perm_config->config->cert_user_oid);
DEL(perm_config->config->cert_group_oid); DEL(perm_config->config->cert_group_oid);
DEL(perm_config->config->priorities); DEL(perm_config->config->priorities);
DEL(perm_config->config->chroot_dir);
DEL(perm_config->config->connect_script); DEL(perm_config->config->connect_script);
DEL(perm_config->config->disconnect_script); DEL(perm_config->config->disconnect_script);
DEL(perm_config->config->proxy_url); DEL(perm_config->config->proxy_url);

18
src/main-ctl-unix.c
View File

@@ -110,20 +110,20 @@ int ctl_handler_init(main_server_st * s)
struct sockaddr_un sa; struct sockaddr_un sa;
int sd, e; int sd, e;
if (s->config->use_occtl == 0 || s->config->occtl_socket_file == NULL) if (s->config->use_occtl == 0 || s->perm_config->occtl_socket_file == NULL)
return 0; return 0;
mslog(s, NULL, LOG_DEBUG, "initializing control unix socket: %s", s->config->occtl_socket_file); mslog(s, NULL, LOG_DEBUG, "initializing control unix socket: %s", s->perm_config->occtl_socket_file);
memset(&sa, 0, sizeof(sa)); memset(&sa, 0, sizeof(sa));
sa.sun_family = AF_UNIX; sa.sun_family = AF_UNIX;
strlcpy(sa.sun_path, s->config->occtl_socket_file, sizeof(sa.sun_path)); strlcpy(sa.sun_path, s->perm_config->occtl_socket_file, sizeof(sa.sun_path));
remove(s->config->occtl_socket_file); remove(s->perm_config->occtl_socket_file);
sd = socket(AF_UNIX, SOCK_STREAM, 0); sd = socket(AF_UNIX, SOCK_STREAM, 0);
if (sd == -1) { if (sd == -1) {
e = errno; e = errno;
mslog(s, NULL, LOG_ERR, "could not create socket '%s': %s", mslog(s, NULL, LOG_ERR, "could not create socket '%s': %s",
s->config->occtl_socket_file, strerror(e)); s->perm_config->occtl_socket_file, strerror(e));
return -1; return -1;
} }
@@ -132,22 +132,22 @@ int ctl_handler_init(main_server_st * s)
if (ret == -1) { if (ret == -1) {
e = errno; e = errno;
mslog(s, NULL, LOG_ERR, "could not bind socket '%s': %s", mslog(s, NULL, LOG_ERR, "could not bind socket '%s': %s",
s->config->occtl_socket_file, strerror(e)); s->perm_config->occtl_socket_file, strerror(e));
return -1; return -1;
} }
ret = chown(s->config->occtl_socket_file, s->perm_config->uid, s->perm_config->gid); ret = chown(s->perm_config->occtl_socket_file, s->perm_config->uid, s->perm_config->gid);
if (ret == -1) { if (ret == -1) {
e = errno; e = errno;
mslog(s, NULL, LOG_ERR, "could not chown socket '%s': %s", mslog(s, NULL, LOG_ERR, "could not chown socket '%s': %s",
s->config->occtl_socket_file, strerror(e)); s->perm_config->occtl_socket_file, strerror(e));
} }
ret = listen(sd, 1024); ret = listen(sd, 1024);
if (ret == -1) { if (ret == -1) {
e = errno; e = errno;
mslog(s, NULL, LOG_ERR, "could not listen to socket '%s': %s", mslog(s, NULL, LOG_ERR, "could not listen to socket '%s': %s",
s->config->occtl_socket_file, strerror(e)); s->perm_config->occtl_socket_file, strerror(e));
return -1; return -1;
} }

6
src/main-misc.c
View File

@@ -604,11 +604,11 @@ int run_sec_mod(main_server_st * s)
/* make socket name */ /* make socket name */
snprintf(s->socket_file, sizeof(s->socket_file), "%s.%u", snprintf(s->socket_file, sizeof(s->socket_file), "%s.%u",
s->config->socket_file_prefix, (unsigned)getpid()); s->perm_config->socket_file_prefix, (unsigned)getpid());
if (s->config->chroot_dir != NULL) { if (s->perm_config->chroot_dir != NULL) {
snprintf(s->full_socket_file, sizeof(s->full_socket_file), "%s/%s", snprintf(s->full_socket_file, sizeof(s->full_socket_file), "%s/%s",
s->config->chroot_dir, s->socket_file); s->perm_config->chroot_dir, s->socket_file);
} else { } else {
strlcpy(s->full_socket_file, s->socket_file, sizeof(s->full_socket_file)); strlcpy(s->full_socket_file, s->socket_file, sizeof(s->full_socket_file));
} }

20
src/main.c
View File

@@ -520,18 +520,18 @@ static void drop_privileges(main_server_st* s)
int ret, e; int ret, e;
struct rlimit rl; struct rlimit rl;
if (s->config->chroot_dir) { if (s->perm_config->chroot_dir) {
ret = chdir(s->config->chroot_dir); ret = chdir(s->perm_config->chroot_dir);
if (ret != 0) { if (ret != 0) {
e = errno; e = errno;
mslog(s, NULL, LOG_ERR, "cannot chdir to %s: %s", s->config->chroot_dir, strerror(e)); mslog(s, NULL, LOG_ERR, "cannot chdir to %s: %s", s->perm_config->chroot_dir, strerror(e));
exit(1); exit(1);
} }
ret = chroot(s->config->chroot_dir); ret = chroot(s->perm_config->chroot_dir);
if (ret != 0) { if (ret != 0) {
e = errno; e = errno;
mslog(s, NULL, LOG_ERR, "cannot chroot to %s: %s", s->config->chroot_dir, strerror(e)); mslog(s, NULL, LOG_ERR, "cannot chroot to %s: %s", s->perm_config->chroot_dir, strerror(e));
exit(1); exit(1);
} }
} }
@@ -841,7 +841,7 @@ unsigned total = 10;
mslog(s, NULL, LOG_INFO, "termination request received; waiting for children to die"); mslog(s, NULL, LOG_INFO, "termination request received; waiting for children to die");
kill_children(s); kill_children(s);
remove(s->full_socket_file); remove(s->full_socket_file);
remove(s->config->occtl_socket_file); remove(s->perm_config->occtl_socket_file);
remove_pid_file(); remove_pid_file();
while (waitpid(-1, NULL, WNOHANG) >= 0) { while (waitpid(-1, NULL, WNOHANG) >= 0) {
@@ -1027,10 +1027,10 @@ int main(int argc, char** argv)
/* chdir to our chroot directory, to allow opening the sec-mod /* chdir to our chroot directory, to allow opening the sec-mod
* socket if necessary. */ * socket if necessary. */
if (s->config->chroot_dir) { if (s->perm_config->chroot_dir) {
if (chdir(s->config->chroot_dir) != 0) { if (chdir(s->perm_config->chroot_dir) != 0) {
e = errno; e = errno;
mslog(s, NULL, LOG_ERR, "cannot chdir to %s: %s", s->config->chroot_dir, strerror(e)); mslog(s, NULL, LOG_ERR, "cannot chdir to %s: %s", s->perm_config->chroot_dir, strerror(e));
exit(1); exit(1);
} }
} }
@@ -1041,7 +1041,7 @@ int main(int argc, char** argv)
s->secmod_addr.sun_family = AF_UNIX; s->secmod_addr.sun_family = AF_UNIX;
p = s->socket_file; p = s->socket_file;
if (s->config->chroot_dir) /* if we are on chroot make the socket file path relative */ if (s->perm_config->chroot_dir) /* if we are on chroot make the socket file path relative */
while (*p == '/') p++; while (*p == '/') p++;
strlcpy(s->secmod_addr.sun_path, p, sizeof(s->secmod_addr.sun_path)); strlcpy(s->secmod_addr.sun_path, p, sizeof(s->secmod_addr.sun_path));
s->secmod_addr_len = SUN_LEN(&s->secmod_addr); s->secmod_addr_len = SUN_LEN(&s->secmod_addr);

8
src/vpn.h
View File

@@ -287,7 +287,7 @@ struct cfg_st {
char *priorities; char *priorities;
unsigned enable_compression; unsigned enable_compression;
unsigned no_compress_limit; /* under this size (in bytes) of data there will be no compression */ unsigned no_compress_limit; /* under this size (in bytes) of data there will be no compression */
char *chroot_dir; /* where the xml files are served from */
char *banner; char *banner;
char *ocsp_response; /* file with the OCSP response */ char *ocsp_response; /* file with the OCSP response */
char *default_domain; /* domain to be advertised */ char *default_domain; /* domain to be advertised */
@@ -305,7 +305,6 @@ struct cfg_st {
char **split_dns; char **split_dns;
unsigned split_dns_size;; unsigned split_dns_size;;
char* socket_file_prefix;
unsigned deny_roaming; /* whether a cookie is restricted to a single IP */ unsigned deny_roaming; /* whether a cookie is restricted to a single IP */
time_t cookie_timeout; /* in seconds */ time_t cookie_timeout; /* in seconds */
@@ -336,7 +335,6 @@ struct cfg_st {
unsigned use_utmp; unsigned use_utmp;
unsigned use_dbus; /* whether the D-BUS service is registered */ unsigned use_dbus; /* whether the D-BUS service is registered */
unsigned use_occtl; /* whether support for the occtl tool will be enabled */ unsigned use_occtl; /* whether support for the occtl tool will be enabled */
char* occtl_socket_file;
unsigned try_mtu; /* MTU discovery enabled */ unsigned try_mtu; /* MTU discovery enabled */
unsigned cisco_client_compat; /* do not require client certificate, unsigned cisco_client_compat; /* do not require client certificate,
@@ -390,6 +388,10 @@ struct perm_cfg_st {
acct_struct_st acct; acct_struct_st acct;
unsigned int sup_config_type; /* one of SUP_CONFIG_ */ unsigned int sup_config_type; /* one of SUP_CONFIG_ */
char *chroot_dir; /* where the xml files are served from */
char* occtl_socket_file;
char* socket_file_prefix;
uid_t uid; uid_t uid;
gid_t gid; gid_t gid;