From fdd1fa2ffe8edb419d6f65774544f9de17f75ad4 Mon Sep 17 00:00:00 2001 From: oetiker Date: Mon, 26 Jul 2010 05:35:11 +0000 Subject: [PATCH] rrdcached: Let the -s, -m and -P options affect the default socket as well -- Sebastian Harl git-svn-id: svn://svn.oetiker.ch/rrdtool/branches/1.4/program@2116 a5681a0c-68f1-0310-ab6d-d61299d08faa --- doc/rrdcached.pod | 9 ++++--- src/rrd_daemon.c | 68 ++++++++++++++++++++++++++--------------------- 2 files changed, 43 insertions(+), 34 deletions(-) diff --git a/doc/rrdcached.pod b/doc/rrdcached.pod index d6bfec3..73e070b 100644 --- a/doc/rrdcached.pod +++ b/doc/rrdcached.pod @@ -77,7 +77,8 @@ user privileges (e.g. graph generating CGI scripts that typically run in the permission context of the web server). This option affects the I UNIX socket addresses (the following -B<-l> options), i.e., you may specify different settings for different +B<-l> options) or the default socket (if no B<-l> options have been +specified), i.e., you may specify different settings for different sockets. The default is not to change ownership or permissions of the socket and, thus, @@ -95,7 +96,8 @@ BSD-derived systems ignore permissions for UNIX sockets. See L for details. This option affects the I UNIX socket addresses (the following -B<-l> options), i.e., you may specify different settings for different +B<-l> options) or the default socket (if no B<-l> options have been +specified), i.e., you may specify different settings for different sockets. The default is not to change ownership or permissions of the socket and, thus, @@ -113,7 +115,8 @@ For example, to allow the C and C commands one could specify: rrdcached -P FLUSH,PENDING $MORE_ARGUMENTS The B<-P> option affects the I socket addresses (the following B<-l> -options). In the following example, only the IPv4 network socket (address +options) or the default socket (if no B<-l> options have been +specified). In the following example, only the IPv4 network socket (address C<10.0.0.1>) will be restricted to the C and C commands: rrdcached -l unix:/some/path -P FLUSH,PENDING -l 10.0.0.1 diff --git a/src/rrd_daemon.c b/src/rrd_daemon.c index 93ed71c..f340ecc 100644 --- a/src/rrd_daemon.c +++ b/src/rrd_daemon.c @@ -227,6 +227,8 @@ static uid_t daemon_uid; static listen_socket_t *listen_fds = NULL; static size_t listen_fds_num = 0; +static listen_socket_t default_socket; + enum { RUNNING, /* normal operation */ FLUSHING, /* flushing remaining values */ @@ -1719,6 +1721,17 @@ static int socket_permission_add (listen_socket_t *sock, /* {{{ */ return (0); } /* }}} int socket_permission_add */ +static void socket_permission_clear (listen_socket_t *sock) /* {{{ */ +{ + sock->permissions = 0; +} /* }}} socket_permission_clear */ + +static void socket_permission_copy (listen_socket_t *dest, /* {{{ */ + listen_socket_t *src) +{ + dest->permissions = src->permissions; +} /* }}} socket_permission_copy */ + /* check whether commands are received in the expected context */ static int command_check_context(listen_socket_t *sock, command_t *cmd) { @@ -2664,10 +2677,10 @@ static int daemonize (void) /* {{{ */ } else { - listen_socket_t sock; - memset(&sock, 0, sizeof(sock)); - strncpy(sock.addr, RRDCACHED_DEFAULT_ADDRESS, sizeof(sock.addr)-1); - open_listen_socket (&sock); + strncpy(default_socket.addr, RRDCACHED_DEFAULT_ADDRESS, + sizeof(default_socket.addr) - 1); + default_socket.addr[sizeof(default_socket.addr) - 1] = '\0'; + open_listen_socket (&default_socket); } if (listen_fds_num < 1) @@ -2772,11 +2785,10 @@ static int read_options (int argc, char **argv) /* {{{ */ int option; int status = 0; - char **permissions = NULL; - size_t permissions_len = 0; + socket_permission_clear (&default_socket); - gid_t socket_group = (gid_t)-1; - mode_t socket_permissions = (mode_t)-1; + default_socket.socket_group = (gid_t)-1; + default_socket.socket_permissions = (mode_t)-1; while ((option = getopt(argc, argv, "gl:s:m:P:f:w:z:t:Bb:p:Fj:h?")) != -1) { @@ -2801,22 +2813,11 @@ static int read_options (int argc, char **argv) /* {{{ */ strncpy(new->addr, optarg, sizeof(new->addr)-1); /* Add permissions to the socket {{{ */ - if (permissions_len != 0) + if (default_socket.permissions != 0) { - size_t i; - for (i = 0; i < permissions_len; i++) - { - status = socket_permission_add (new, permissions[i]); - if (status != 0) - { - fprintf (stderr, "read_options: Adding permission \"%s\" to " - "socket failed. Most likely, this permission doesn't " - "exist. Check your command line.\n", permissions[i]); - status = 4; - } - } + socket_permission_copy (new, &default_socket); } - else /* if (permissions_len == 0) */ + else /* if (default_socket.permissions == 0) */ { /* Add permission for ALL commands to the socket. */ size_t i; @@ -2827,15 +2828,15 @@ static int read_options (int argc, char **argv) /* {{{ */ { fprintf (stderr, "read_options: Adding permission \"%s\" to " "socket failed. This should never happen, ever! Sorry.\n", - permissions[i]); + list_of_commands[i].cmd); status = 4; } } } /* }}} Done adding permissions. */ - new->socket_group = socket_group; - new->socket_permissions = socket_permissions; + new->socket_group = default_socket.socket_group; + new->socket_permissions = default_socket.socket_permissions; if (!rrd_add_ptr((void ***)&config_listen_address_list, &config_listen_address_list_len, new)) @@ -2865,7 +2866,7 @@ static int read_options (int argc, char **argv) /* {{{ */ if (grp) { - socket_group = grp->gr_gid; + default_socket.socket_group = grp->gr_gid; } else { @@ -2890,7 +2891,7 @@ static int read_options (int argc, char **argv) /* {{{ */ return (5); } - socket_permissions = (mode_t)tmp; + default_socket.socket_permissions = (mode_t)tmp; } break; @@ -2901,7 +2902,7 @@ static int read_options (int argc, char **argv) /* {{{ */ char *dummy; char *ptr; - rrd_free_ptrs ((void *) &permissions, &permissions_len); + socket_permission_clear (&default_socket); optcopy = strdup (optarg); dummy = optcopy; @@ -2909,7 +2910,14 @@ static int read_options (int argc, char **argv) /* {{{ */ while ((ptr = strtok_r (dummy, ", ", &saveptr)) != NULL) { dummy = NULL; - rrd_add_strdup ((void *) &permissions, &permissions_len, ptr); + status = socket_permission_add (&default_socket, ptr); + if (status != 0) + { + fprintf (stderr, "read_options: Adding permission \"%s\" to " + "socket failed. Most likely, this permission doesn't " + "exist. Check your command line.\n", ptr); + status = 4; + } } free (optcopy); @@ -3142,8 +3150,6 @@ static int read_options (int argc, char **argv) /* {{{ */ if (journal_dir == NULL) config_flush_at_shutdown = 1; - rrd_free_ptrs ((void *) &permissions, &permissions_len); - return (status); } /* }}} int read_options */ -- 2.30.2