[master] bfe5df8 If we cannot find nobody/nogroup, lookup current process uid/gid.
Poul-Henning Kamp
phk at FreeBSD.org
Tue Dec 16 11:43:28 CET 2014
commit bfe5df840f28a01b0ca9f69d58e4911284b66ee9
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date: Tue Dec 16 10:42:19 2014 +0000
If we cannot find nobody/nogroup, lookup current process uid/gid.
If that fails to, bail at ARGV_ERR level.
Fixes #1597
diff --git a/bin/varnishd/mgt/mgt_main.c b/bin/varnishd/mgt/mgt_main.c
index 6c6ba8a..10b037e 100644
--- a/bin/varnishd/mgt/mgt_main.c
+++ b/bin/varnishd/mgt/mgt_main.c
@@ -345,16 +345,40 @@ static void
init_params(struct cli *cli)
{
ssize_t def, low;
+ struct passwd *pwd;
+ struct group *grp;
MCF_CollectParams();
MCF_TcpParams();
- /* If we have nobody/nogroup, use them as defaults */
- if (getpwnam("nobody") != NULL)
+ /*
+ * If we have nobody/nogroup, use them as defaults for sandboxes,
+ * else fall back to whoever we run as.
+ */
+ if (getpwnam("nobody") != NULL) {
MCF_SetDefault("user", "nobody");
- if (getgrnam("nogroup") != NULL)
+ } else {
+ pwd = getpwuid(getuid());
+ if (pwd == NULL)
+ ARGV_ERR("Neither user 'nobody' or my uid (%jd)"
+ " found in password database.\n",
+ (intmax_t)getuid());
+ MCF_SetDefault("user", pwd->pw_name);
+ }
+ endpwent();
+
+ if (getgrnam("nogroup") != NULL) {
MCF_SetDefault("group", "nogroup");
+ } else {
+ grp = getgrgid(getgid());
+ if (grp == NULL)
+ ARGV_ERR("Neither group 'nogroup' or my gid (%jd)"
+ " found in password database.\n",
+ (intmax_t)getgid());
+ MCF_SetDefault("group", grp->gr_name);
+ }
+ endgrent();
if (sizeof(void *) < 8) {
/*
@@ -432,7 +456,6 @@ main(int argc, char * const *argv)
/* for ASSERT_MGT() */
mgt_pid = getpid();
-
/*
* Run in UTC timezone, on the off-chance that this operating
* system does not have a timegm() function, and translates
diff --git a/bin/varnishd/mgt/mgt_param.c b/bin/varnishd/mgt/mgt_param.c
index abfd86a..c8b7fe9 100644
--- a/bin/varnishd/mgt/mgt_param.c
+++ b/bin/varnishd/mgt/mgt_param.c
@@ -337,7 +337,7 @@ MCF_ParamSet(struct cli *cli, const char *param, const char *val)
*heritage.param = mgt_param;
if (cli->result != CLIS_OK) {
- VCLI_Out(cli, "\n(attempting to set param %s to %s)",
+ VCLI_Out(cli, "\n(attempting to set param '%s' to '%s')",
pp->name, val);
} else if (child_pid >= 0 && pp->flags & MUST_RESTART) {
VCLI_Out(cli,
diff --git a/bin/varnishd/mgt/mgt_param_tweak.c b/bin/varnishd/mgt/mgt_param_tweak.c
index e757ec6..699fc79 100644
--- a/bin/varnishd/mgt/mgt_param_tweak.c
+++ b/bin/varnishd/mgt/mgt_param_tweak.c
@@ -384,17 +384,14 @@ tweak_user(struct vsb *vsb, const struct parspec *par, const char *arg)
(void)par;
if (arg != NULL) {
- if (*arg != '\0') {
- pw = getpwnam(arg);
- if (pw == NULL) {
- VSB_printf(vsb, "Unknown user");
- return(-1);
- }
- REPLACE(mgt_param.user, pw->pw_name);
- mgt_param.uid = pw->pw_uid;
- } else {
- mgt_param.uid = getuid();
+ pw = getpwnam(arg);
+ if (pw == NULL) {
+ VSB_printf(vsb, "Unknown user '%s'", arg);
+ return(-1);
}
+ REPLACE(mgt_param.user, pw->pw_name);
+ mgt_param.uid = pw->pw_uid;
+ endpwent();
} else if (mgt_param.user) {
VSB_printf(vsb, "%s (%d)", mgt_param.user, (int)mgt_param.uid);
} else {
@@ -414,17 +411,14 @@ tweak_group(struct vsb *vsb, const struct parspec *par, const char *arg)
(void)par;
if (arg != NULL) {
- if (*arg != '\0') {
- gr = getgrnam(arg);
- if (gr == NULL) {
- VSB_printf(vsb, "Unknown group");
- return(-1);
- }
- REPLACE(mgt_param.group, gr->gr_name);
- mgt_param.gid = gr->gr_gid;
- } else {
- mgt_param.gid = getgid();
+ gr = getgrnam(arg);
+ if (gr == NULL) {
+ VSB_printf(vsb, "Unknown group '%s'", arg);
+ return(-1);
}
+ REPLACE(mgt_param.group, gr->gr_name);
+ mgt_param.gid = gr->gr_gid;
+ endgrent();
} else if (mgt_param.group) {
VSB_printf(vsb, "%s (%d)", mgt_param.group, (int)mgt_param.gid);
} else {
More information about the varnish-commit
mailing list