[master] dabcce2 Use the new param-default-setting ability, to simplify the magic surrounding the privsep user/group setting code.

Poul-Henning Kamp phk at varnish-cache.org
Tue Jan 8 13:00:04 CET 2013 

commit dabcce2cd278dc2a710777b90ada2aeff0cbadaa
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date:   Tue Jan 8 11:59:08 2013 +0000

    Use the new param-default-setting ability, to simplify the magic
    surrounding the privsep user/group setting code.
    
    Fixes #1243

diff --git a/bin/varnishd/mgt/mgt_param.c b/bin/varnishd/mgt/mgt_param.c
index b7baafd..6ce53eb 100644
--- a/bin/varnishd/mgt/mgt_param.c
+++ b/bin/varnishd/mgt/mgt_param.c
@@ -388,36 +388,25 @@ void
 tweak_user(struct cli *cli, const struct parspec *par, const char *arg)
 {
 	struct passwd *pw;
-	struct group *gr;
 
 	(void)par;
 	if (arg != NULL) {
-		if (!strcmp(arg, MAGIC_INIT_STRING)) {
-			pw = getpwnam("nobody");
+		if (*arg != '\0') {
+			pw = getpwnam(arg);
 			if (pw == NULL) {
-				mgt_param.uid = getuid();
+				VCLI_Out(cli, "Unknown user");
+				VCLI_SetResult(cli, CLIS_PARAM);
 				return;
 			}
-		} else
-			pw = getpwnam(arg);
-		if (pw == NULL) {
-			VCLI_Out(cli, "Unknown user");
-			VCLI_SetResult(cli, CLIS_PARAM);
-			return;
+			REPLACE(mgt_param.user, pw->pw_name);
+			mgt_param.uid = pw->pw_uid;
+		} else {
+			mgt_param.uid = getuid();
 		}
-		REPLACE(mgt_param.user, pw->pw_name);
-		mgt_param.uid = pw->pw_uid;
-		mgt_param.gid = pw->pw_gid;
-
-		/* set group to user's primary group */
-		if ((gr = getgrgid(pw->pw_gid)) != NULL &&
-		    (gr = getgrnam(gr->gr_name)) != NULL &&
-		    gr->gr_gid == pw->pw_gid)
-			REPLACE(mgt_param.group, gr->gr_name);
 	} else if (mgt_param.user) {
 		VCLI_Out(cli, "%s (%d)", mgt_param.user, (int)mgt_param.uid);
 	} else {
-		VCLI_Out(cli, "%d", (int)mgt_param.uid);
+		VCLI_Out(cli, "UID %d", (int)mgt_param.uid);
 	}
 }
 
@@ -432,27 +421,22 @@ tweak_group(struct cli *cli, const struct parspec *par, const char *arg)
 
 	(void)par;
 	if (arg != NULL) {
-		if (!strcmp(arg, MAGIC_INIT_STRING)) {
-			gr = getgrnam("nogroup");
+		if (*arg != '\0') {
+			gr = getgrnam(arg);
 			if (gr == NULL) {
-				/* Only replace if tweak_user didn't */
-				if (mgt_param.gid == 0)
-					mgt_param.gid = getgid();
+				VCLI_Out(cli, "Unknown group");
+				VCLI_SetResult(cli, CLIS_PARAM);
 				return;
 			}
-		} else
-			gr = getgrnam(arg);
-		if (gr == NULL) {
-			VCLI_Out(cli, "Unknown group");
-			VCLI_SetResult(cli, CLIS_PARAM);
-			return;
+			REPLACE(mgt_param.group, gr->gr_name);
+			mgt_param.gid = gr->gr_gid;
+		} else {
+			mgt_param.gid = getgid();
 		}
-		REPLACE(mgt_param.group, gr->gr_name);
-		mgt_param.gid = gr->gr_gid;
 	} else if (mgt_param.group) {
 		VCLI_Out(cli, "%s (%d)", mgt_param.group, (int)mgt_param.gid);
 	} else {
-		VCLI_Out(cli, "%d", (int)mgt_param.gid);
+		VCLI_Out(cli, "GID %d", (int)mgt_param.gid);
 	}
 }
 
@@ -885,6 +869,12 @@ MCF_CollectParams(void)
 	MCF_AddParams(mgt_parspec);
 	MCF_AddParams(WRK_parspec);
 	MCF_AddParams(VSL_parspec);
+
+	/* If we have nobody/nogroup, use them as defaults */
+	if (getpwnam("nobody") != NULL)
+		MCF_SetDefault("user", "nobody");
+	if (getgrnam("nogroup") != NULL)
+		MCF_SetDefault("group", "nogroup");
 }
 
 /*--------------------------------------------------------------------*/
@@ -933,8 +923,7 @@ MCF_DumpRstParam(void)
 		printf("%s\n", pp->name);
 		if (pp->units != NULL && *pp->units != '\0')
 			printf("\t- Units: %s\n", pp->units);
-		printf("\t- Default: %s\n",
-		    strcmp(pp->def,MAGIC_INIT_STRING) == 0 ? "magic" : pp->def);
+		printf("\t- Default: %s\n", pp->def);
 		/*
 		 * XXX: we should mark the params with one/two flags
 		 * XXX: that say if ->min/->max are valid, so we
diff --git a/bin/varnishd/mgt/mgt_param.h b/bin/varnishd/mgt/mgt_param.h
index 04c9c4f..4026bb9 100644
--- a/bin/varnishd/mgt/mgt_param.h
+++ b/bin/varnishd/mgt/mgt_param.h
@@ -77,8 +77,6 @@ extern const struct parspec VSL_parspec[];
 /* mgt_pool.c */
 extern const struct parspec WRK_parspec[];
 
-#define MAGIC_INIT_STRING	"\001"
-
 #define MEMPOOL_TEXT							\
 	"The three numbers are:\n"					\
 	"   min_pool -- minimum size of free pool.\n"			\
diff --git a/bin/varnishd/mgt/mgt_param_tbl.c b/bin/varnishd/mgt/mgt_param_tbl.c
index 96052c5..0e4e561 100644
--- a/bin/varnishd/mgt/mgt_param_tbl.c
+++ b/bin/varnishd/mgt/mgt_param_tbl.c
@@ -46,14 +46,13 @@
 
 const struct parspec mgt_parspec[] = {
 	{ "user", tweak_user, NULL, 0, 0,
-		"The unprivileged user to run as.  Setting this will "
-		"also set \"group\" to the specified user's primary group.",
+		"The unprivileged user to run as.",
 		MUST_RESTART,
-		MAGIC_INIT_STRING },
+		"" },
 	{ "group", tweak_group, NULL, 0, 0,
 		"The unprivileged group to run as.",
 		MUST_RESTART,
-		MAGIC_INIT_STRING },
+		"" },
 	{ "default_ttl", tweak_timeout_double, &mgt_param.default_ttl,
 		0, UINT_MAX,
 		"The TTL assigned to objects if neither the backend nor "

More information about the varnish-commit mailing list