initgroups() call added when changing uid

author: Michael Krelin <hacker@klever.net> 2004-07-15 04:13:35 (UTC)
committer: Michael Krelin <hacker@klever.net> 2004-07-15 04:13:35 (UTC)
commit: 5e437102c59f4544e3803598eabcb643d403272d (patch) (unidiff)
tree: 7703657f2dac2fd9fb2b2a1f453ca2f30227efa1 /src/process.cc
parent: 4f8a6f291a231410a03c438bc9d63a7beb861e7b (diff)
download: dudki-5e437102c59f4544e3803598eabcb643d403272d.zip
dudki-5e437102c59f4544e3803598eabcb643d403272d.tar.gz
dudki-5e437102c59f4544e3803598eabcb643d403272d.tar.bz2
1 files changed, 10 insertions, 7 deletions
diff --git a/src/process.cc b/src/process.cc
index fda35e8..bfab311 100644
--- a/src/process.cc
+++ b/src/process.cc
@@ -1,184 +1,187 @@
 #include <stdio.h>
 #include <sys/types.h>
 #include <unistd.h>
 #include <signal.h>
 #include <pwd.h>
 #include <grp.h>
 #include <sys/wait.h>
 #include <syslog.h>
 #include <errno.h>
 #include <iostream>
 #include <fstream>
 #include <stdexcept>
 using namespace std;
 #include "process.h"
 #include "configuration.h"
 void process::check(const string& id,configuration& config) {
    bool running = false;
    ifstream pids(pidfile.c_str(),ios::in);
    if(pids) {
        pid_t pid = 0;
        pids >> pid;
        pids.close();
        if(pid) {
            if(!kill(pid,0)) {
                running = true;
            }
        }
    }
    if(running){
        patience = 0;
    }else{
        if(patience>60) { // TODO: configurable
            patience = 0;
        }else{
            if(patience<10) { // TODO: configurable
                syslog(LOG_NOTICE,"The process '%s' is down, trying to launch.",id.c_str());
                do_notify(id,"Starting up",
                        "The named process seems to be down. Dudki will try\n"
                        "to revive it by running the specified command.\n",
                        config);
                try {
                    launch(id,config);
                }catch(exception& e) {
                    syslog(LOG_ERR,"Error trying to launch process '%s': %s",id.c_str(),e.what());
                }
            }else if(patience==10){ // TODO: configurable like the above
                syslog(LOG_NOTICE,"Giving up on process '%s' for a while",id.c_str());
                do_notify(id,"Giving up",
                        "After a number of attempts to relaunch the named process\n"
                        "It still seems to be down. Dudki is giving up attempts\n"
                        "to revive the process for a while.\n",
                        config);
            }
            patience++;
        }
    }
 }
 void process::launch(const string& id,configuration& config) {
-    uid_t uid = 0;
+    uid_t uid = (uid_t)-1;
+    gid_t gid = (gid_t)-1;
    if(!user.empty()) {
        struct passwd *ptmp = getpwnam(user.c_str());
        if(ptmp) {
            uid = ptmp->pw_uid;
+            gid = ptmp->pw_gid;
        }else{
            errno=0;
            uid = strtol(user.c_str(),NULL,0);
            if(errno)
                throw runtime_error("Failed to resolve User value to uid");
        }
    }
-    gid_t gid = 0;
    if(!group.empty()) {
        struct group *gtmp = getgrnam(group.c_str());
        if(gtmp) {
            gid = gtmp->gr_gid;
        }else{
            errno = 0;
            gid = strtol(group.c_str(),NULL,0);
            if(errno)
                throw runtime_error("Failed to reslove Group value to gid");
        }
    }
    pid_t p = fork();
    if(p<0)
        throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to fork()");
    if(!p) {
        // child
        try {
            setsid();
+            if(user.empty()) {
+                if((getgid()!=gid) && setgid(gid))
+                    throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to setgid()");
+            }else{
+                if(initgroups(user.c_str(),gid))
+                    throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to initgroups()");
+            }
            if(!chroot.empty()) {
                if(::chroot(chroot.c_str()))
                    throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to chroot()");
            }
-            if(!group.empty()) {
-                // TODO: initgroups()?
-                if((getgid()!=gid) && setgid(gid))
-                    throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to setgid()");
-            }
            if(!user.empty()) {
                if((getuid()!=uid) && setuid(uid))
                    throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to setuid()");
            }
            char *argv[] = { "/bin/sh", "-c", (char*)restart_cmd.c_str(), NULL };
            close(0); close(1); close(2);
            execv("/bin/sh",argv);
        }catch(exception& e) {
            syslog(LOG_ERR,"Error trying to launch process '%s': %s",id.c_str(),e.what());
        }
        _exit(-1);
    }
    // parent
    int rv;
    if(waitpid(p,&rv,0)<0)
        throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to waitpid()");
 }
 void process::do_notify(const string& id,const string& event,const string& description,configuration& config) {
    string the_notify;
    if(!notify.empty())
        the_notify=notify;
    else if(!config.notify.empty())
        the_notify=config.notify;
    else
        return;
    try {
        string::size_type colon = the_notify.find(':');
        if(colon==string::npos)
            throw runtime_error("invalid notify action specification");
        string nschema = the_notify.substr(0,colon);
        string ntarget = the_notify.substr(colon+1);
        if(nschema=="mailto") {
            notify_mailto(ntarget,id,event,description,config);
        }else
            throw runtime_error("unrecognized notification schema");
    }catch(exception& e) {
        syslog(LOG_ERR,"Notification error: %s",e.what());
    }
 }
 void process::notify_mailto(const string& email,const string& id,const string& event,const string& description,configuration& config) {
    int files[2];
    if(pipe(files))
        throw runtime_error("Failed to pipe()");
    pid_t pid = vfork();
    if(pid==-1) {
        close(files[0]);
        close(files[1]);
        throw runtime_error("Failed to vfork()");
    }
    if(!pid) {
        // child
        if(dup2(files[0],0)!=0)
            _exit(-1);
        close(1);
        close(files[0]);
        close(files[1]);
        execl("/usr/sbin/sendmail","usr/sbin/sendmail","-i",email.c_str(),NULL);
        _exit(-1);
    }
    // parent
    close(files[0]);
    FILE *mta = fdopen(files[1],"w");
    for(headers_t::const_iterator i=mailto_headers.begin();i!=mailto_headers.end();++i) {
        fprintf(mta,"%s: %s\n",i->first.c_str(),i->second.c_str());
    }
    for(headers_t::const_iterator i=config.mailto_headers.begin();i!=config.mailto_headers.end();++i) {
        if(mailto_headers.find(i->first)!=mailto_headers.end())
            continue;
        fprintf(mta,"%s: %s\n",i->first.c_str(),i->second.c_str());
    }
    fprintf(mta,
            "Subject: [%s] %s\n\n"
            "%s\n"
            "---\n"
            "This message was sent automatically by the 'dudki' daemon\n",
            id.c_str(), event.c_str(),
            description.c_str() );
    fclose(mta);
    int status;
    waitpid(pid,&status,0);
    // TODO: check the return code
 }
author	Michael Krelin <hacker@klever.net>	2004-07-15 04:13:35 (UTC)
committer	Michael Krelin <hacker@klever.net>	2004-07-15 04:13:35 (UTC)
commit	5e437102c59f4544e3803598eabcb643d403272d (patch) (unidiff)
tree	7703657f2dac2fd9fb2b2a1f453ca2f30227efa1 /src/process.cc
parent	4f8a6f291a231410a03c438bc9d63a7beb861e7b (diff)
download	dudki-5e437102c59f4544e3803598eabcb643d403272d.zip dudki-5e437102c59f4544e3803598eabcb643d403272d.tar.gz dudki-5e437102c59f4544e3803598eabcb643d403272d.tar.bz2