aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorMattias Andrée <maandree@operamail.com>2014-05-06 15:32:47 +0200
committerMattias Andrée <maandree@operamail.com>2014-05-06 15:32:47 +0200
commitfcecad2b77f54c1ce356190168db8ac2c216f30d (patch)
tree47bdf6a30375154474ba36a9676bff0cffffdf1b /src
parentm (diff)
downloadmds-fcecad2b77f54c1ce356190168db8ac2c216f30d.tar.gz
mds-fcecad2b77f54c1ce356190168db8ac2c216f30d.tar.bz2
mds-fcecad2b77f54c1ce356190168db8ac2c216f30d.tar.xz
add strequals and startswith macros + add drop_privileges macro that drops the group before the user
Signed-off-by: Mattias Andrée <maandree@operamail.com>
Diffstat (limited to '')
-rw-r--r--src/libmdsserver/macros.h35
-rw-r--r--src/mds-server.c15
-rw-r--r--src/mds.c4
3 files changed, 44 insertions, 10 deletions
diff --git a/src/libmdsserver/macros.h b/src/libmdsserver/macros.h
index 0c2a2e2..bb4e1c3 100644
--- a/src/libmdsserver/macros.h
+++ b/src/libmdsserver/macros.h
@@ -23,6 +23,7 @@
#include <stdio.h>
#include <unistd.h>
#include <pthread.h>
+#include <string.h>
*/
@@ -180,5 +181,39 @@
buf_next(buffer, type, 1)
+/**
+ * Check whether two strings are equal
+ *
+ * @param a:char* One of the strings
+ * @param b:char* The other of the strings
+ * @return :int Whether the strings are equal
+ */
+#define strequals(a, b) \
+ (strcmp(a, b) == 0)
+
+
+/**
+ * Check whether a string starts with another string
+ *
+ * @param haystack:char* The string to inspect
+ * @param needle:char* The string `haystack` should start with
+ * @return :int Whether `haystack` starts with `needle`
+ */
+#define startswith(haystack, needle) \
+ (strstr(haystack, needle) == haystack)
+
+
+/**
+ * Set effective user and the effective group to the
+ * real user and the real group, respectively. If the
+ * group cannot be set, the user till not be set either.
+ *
+ * @return :int Non-zero on error
+ */
+#define drop_privileges() \
+ ((getegid() == getgid() ? 0 : setegid(getgid())) || \
+ (geteuid() == getuid() ? 0 : seteuid(getuid())))
+
+
#endif
diff --git a/src/mds-server.c b/src/mds-server.c
index 9f7d16b..20fc97e 100644
--- a/src/mds-server.c
+++ b/src/mds-server.c
@@ -123,8 +123,7 @@ int main(int argc_, char** argv_)
/* Drop privileges like it's hot. */
- if ((geteuid() == getuid() ? 0 : seteuid(getuid())) ||
- (getegid() == getgid() ? 0 : setegid(getgid())))
+ if (drop_privileges())
{
perror(*argv);
return 1;
@@ -143,7 +142,7 @@ int main(int argc_, char** argv_)
for (i = 1; i < argc; i++)
{
char* arg = argv[i];
- if (!strcmp(arg, "--initial-spawn")) /* Initial spawn? */
+ if (strequals(arg, "--initial-spawn")) /* Initial spawn? */
if (is_respawn == 1)
{
eprintf("conflicting arguments %s and %s cannot be combined.",
@@ -152,7 +151,7 @@ int main(int argc_, char** argv_)
}
else
is_respawn = 0;
- else if (!strcmp(arg, "--respawn")) /* Respawning after crash? */
+ else if (strequals(arg, "--respawn")) /* Respawning after crash? */
if (is_respawn == 0)
{
eprintf("conflicting arguments %s and %s cannot be combined.",
@@ -161,7 +160,7 @@ int main(int argc_, char** argv_)
}
else
is_respawn = 1;
- else if (strstr(arg, "--socket-fd=") == arg) /* Socket file descriptor. */
+ else if (startswith(arg, "--socket-fd=")) /* Socket file descriptor. */
{
long int r;
char* endptr;
@@ -173,15 +172,15 @@ int main(int argc_, char** argv_)
arg += strlen("--socket-fd=");
r = strtol(arg, &endptr, 10);
if ((*argv == '\0') || isspace(*argv) ||
- (endptr - arg != (ssize_t)strlen(arg))
- || (r < 0) || (r > INT_MAX))
+ (endptr - arg != (ssize_t)strlen(arg)) ||
+ (r < 0) || (r > INT_MAX))
{
eprintf("invalid value for %s: %s.", "--socket-fd", arg);
return 1;
}
socket_fd = (int)r;
}
- else if (!strcmp(arg, "--re-exec")) /* Re-exec state-marshal. */
+ else if (strequals(arg, "--re-exec")) /* Re-exec state-marshal. */
reexec = 1;
else
/* Not recognised, it is probably for another server. */
diff --git a/src/mds.c b/src/mds.c
index 82b5adb..df8fb31 100644
--- a/src/mds.c
+++ b/src/mds.c
@@ -88,7 +88,7 @@ int main(int argc_, char** argv_)
for (j = 1; j < argc; j++)
{
char* arg = argv[j];
- if (strstr(arg, "--master-server=") == arg) /* Master server. */
+ if (startswith(arg, "--master-server=")) /* Master server. */
{
if (got_master_server)
{
@@ -222,7 +222,7 @@ int main(int argc_, char** argv_)
/* Drop privileges. They most not be propagated non-authorised components. */
/* setgid should not be set, but just to be safe we are restoring both user and group. */
- if ((seteuid(getuid()) < 0) || (setegid(getgid()) < 0))
+ if (drop_privileges())
goto fail;
/* Start master server and respawn it if it crashes. */