[6.0] 4d2c0c543 support for vmod_unix on solar-ish OSes
Dridi Boukelmoune
dridi.boukelmoune at gmail.com
Thu Aug 16 08:52:36 UTC 2018
commit 4d2c0c543a0ffc24f810111cd42dd8e435815466
Author: Nils Goroll <nils.goroll at uplex.de>
Date: Thu Apr 5 13:58:19 2018 +0200
support for vmod_unix on solar-ish OSes
note on jail_solaris:
ideally, vmods could tell the jails about privileges they require, but
for now (and because vmod_unix lives in varnish-cache), just add the
required privilege to the permitted set.
I have also considered the option to add additional privileges via the
-j argument (and actually would still want to add that somewhen), but
for this purpose, varnish should really DTRT by default.
note on priv_allocset:
Most of the sun folk had proven to be good interface designers, but
an API which requires dynamic allocation/deallocation really does not
play well with my efficiency fetish. So good we got library
constructors/destructors.
note on getpeerucred:
basically the same thing, but this time they at least added
ucred_size(). Not intended for use like this, but anyway....
diff --git a/bin/varnishd/mgt/mgt_jail_solaris.c b/bin/varnishd/mgt/mgt_jail_solaris.c
index ef80c909b..dc1921297 100644
--- a/bin/varnishd/mgt/mgt_jail_solaris.c
+++ b/bin/varnishd/mgt/mgt_jail_solaris.c
@@ -356,6 +356,8 @@ vjs_add_permitted(priv_set_t *pset, enum jail_gen_e jge)
case JAILG_SUBPROC_VCLLOAD:
break;
case JAILG_SUBPROC_WORKER:
+ /* vmod_unix getpeerucred() */
+ AZ(priv_addset(pset, PRIV_PROC_INFO));
break;
default:
INCOMPL();
diff --git a/configure.ac b/configure.ac
index ad2850737..2e25adf05 100644
--- a/configure.ac
+++ b/configure.ac
@@ -217,6 +217,7 @@ AC_CHECK_FUNCS([fallocate])
AC_CHECK_FUNCS([closefrom])
AC_CHECK_FUNCS([sigaltstack])
AC_CHECK_FUNCS([getpeereid])
+AC_CHECK_FUNCS([getpeerucred])
save_LIBS="${LIBS}"
LIBS="${PTHREAD_LIBS}"
diff --git a/lib/libvmod_unix/cred_compat.h b/lib/libvmod_unix/cred_compat.h
index 6a79636f5..3c5ff080e 100644
--- a/lib/libvmod_unix/cred_compat.h
+++ b/lib/libvmod_unix/cred_compat.h
@@ -25,8 +25,6 @@
*
*/
-#include "config.h"
-
#include <sys/types.h>
#include <sys/socket.h>
#include <errno.h>
@@ -37,11 +35,35 @@
#if defined(HAVE_GETPEERUCRED)
#include <ucred.h>
+# if defined(HAVE_SETPPRIV)
+# include <priv.h>
+static priv_set_t *priv_proc_info = NULL;
+# endif
#endif
#define CREDS_FAIL -1
#define NOT_SUPPORTED -2
+#if defined(HAVE_GETPEERUCRED) && defined(HAVE_SETPPRIV)
+static void __attribute__((constructor))
+cred_compat_init(void)
+{
+ AZ(priv_proc_info);
+ priv_proc_info = priv_allocset();
+ AN(priv_proc_info);
+ AZ(priv_addset(priv_proc_info, PRIV_PROC_INFO));
+}
+
+static void __attribute__((destructor))
+cred_compat_fini(void)
+{
+ if (priv_proc_info == NULL)
+ return;
+ priv_freeset(priv_proc_info);
+ priv_proc_info = NULL;
+}
+#endif
+
static int
get_ids(int fd, uid_t *uid, gid_t *gid)
{
@@ -65,6 +87,33 @@ get_ids(int fd, uid_t *uid, gid_t *gid)
return (CREDS_FAIL);
return (0);
+#elif defined(HAVE_GETPEERUCRED)
+ char buf[ucred_size()];
+ ucred_t *ucredp = (ucred_t *)buf;
+
+# if defined(HAVE_SETPPRIV)
+ priv_set_t *priv = NULL;
+
+ errno = 0;
+ if (! priv_ineffect(PRIV_PROC_INFO)) {
+ priv = priv_proc_info;
+ if (setppriv(PRIV_ON, PRIV_EFFECTIVE, priv))
+ return (CREDS_FAIL);
+ }
+# endif
+
+ errno = 0;
+ if (getpeerucred(fd, &ucredp))
+ return (CREDS_FAIL);
+ *uid = ucred_getruid(ucredp);
+ *gid = ucred_getrgid(ucredp);
+
+# if defined(HAVE_SETPPRIV)
+ if (priv != NULL)
+ AZ(setppriv(PRIV_OFF, PRIV_EFFECTIVE, priv)); // waive
+# endif
+
+ return (0);
#else
(void) fd;
(void) uid;
diff --git a/lib/libvmod_unix/vmod_unix.c b/lib/libvmod_unix/vmod_unix.c
index ee1f3e002..f51c10883 100644
--- a/lib/libvmod_unix/vmod_unix.c
+++ b/lib/libvmod_unix/vmod_unix.c
@@ -25,7 +25,7 @@
*
*/
-#include "cred_compat.h"
+#include "config.h"
#include <pwd.h>
#include <grp.h>
@@ -35,6 +35,7 @@
#include "vcl.h"
#include "common/heritage.h"
+#include "cred_compat.h"
#include "vcc_if.h"
#define FAIL(ctx, msg) \
More information about the varnish-commit
mailing list