diff options
author | erdgeist <> | 2009-01-02 08:57:53 +0000 |
---|---|---|
committer | erdgeist <> | 2009-01-02 08:57:53 +0000 |
commit | 2df09905f5540fee096d48a92cb0c42558498a12 (patch) | |
tree | 68eab61d29719400972485de395dd0465467aea6 /opentracker.c | |
parent | 548e2b8338b5ee8d24fa928e833f345bb5cb6f0e (diff) |
* opentracker now drops permissions in correct order and really chroots() if ran as root
* lock passing between add_peer_to_torrent and return_peers_for_torrent is now avoided by providing a more general add_peer_to_torrent_and_return_peers function that can be used with NULL parameters to not return any peers (in sync case)
* in order to keep a fast overview how many torrents opentracker maintains, every mutex_bucket_unlock operation expects an additional integer parameter that tells ot_mutex.c how many torrents have been added or removed. A function mutex_get_torrent_count has been introduced.
Diffstat (limited to 'opentracker.c')
-rw-r--r-- | opentracker.c | 58 |
1 files changed, 45 insertions, 13 deletions
diff --git a/opentracker.c b/opentracker.c index 61acd3f..993877a 100644 --- a/opentracker.c +++ b/opentracker.c | |||
@@ -350,8 +350,47 @@ int parse_configfile( char * config_filename ) { | |||
350 | return bound; | 350 | return bound; |
351 | } | 351 | } |
352 | 352 | ||
353 | int main( int argc, char **argv ) { | 353 | int drop_privileges (const char * const serverdir) { |
354 | struct passwd *pws = NULL; | 354 | struct passwd *pws = NULL; |
355 | |||
356 | /* Grab pws entry before chrooting */ | ||
357 | pws = getpwnam( "nobody" ); | ||
358 | endpwent(); | ||
359 | |||
360 | if( geteuid() == 0 ) { | ||
361 | /* Running as root: chroot and drop privileges */ | ||
362 | if(chroot( serverdir )) { | ||
363 | fprintf( stderr, "Could not chroot to %s, because: %s\n", serverdir, strerror(errno) ); | ||
364 | return -1; | ||
365 | } | ||
366 | |||
367 | if(chdir("/")) | ||
368 | panic("chdir() failed after chrooting: "); | ||
369 | |||
370 | if( !pws ) { | ||
371 | setegid( (gid_t)-2 ); setgid( (gid_t)-2 ); | ||
372 | setuid( (uid_t)-2 ); seteuid( (uid_t)-2 ); | ||
373 | } | ||
374 | else { | ||
375 | setegid( pws->pw_gid ); setgid( pws->pw_gid ); | ||
376 | setuid( pws->pw_uid ); seteuid( pws->pw_uid ); | ||
377 | } | ||
378 | |||
379 | if( geteuid() == 0 || getegid() == 0 ) | ||
380 | panic("Still running with root privileges?!"); | ||
381 | } | ||
382 | else { | ||
383 | /* Normal user, just chdir() */ | ||
384 | if(chdir( serverdir )) { | ||
385 | fprintf( stderr, "Could not chroot to %s, because: %s\n", serverdir, strerror(errno) ); | ||
386 | return -1; | ||
387 | } | ||
388 | } | ||
389 | |||
390 | return 0; | ||
391 | } | ||
392 | |||
393 | int main( int argc, char **argv ) { | ||
355 | char serverip[4] = {0,0,0,0}, tmpip[4]; | 394 | char serverip[4] = {0,0,0,0}, tmpip[4]; |
356 | int bound = 0, scanon = 1; | 395 | int bound = 0, scanon = 1; |
357 | uint16_t tmpport; | 396 | uint16_t tmpport; |
@@ -404,16 +443,8 @@ while( scanon ) { | |||
404 | ot_try_bind( serverip, 6969, FLAG_UDP ); | 443 | ot_try_bind( serverip, 6969, FLAG_UDP ); |
405 | } | 444 | } |
406 | 445 | ||
407 | /* Drop permissions */ | 446 | if( drop_privileges( g_serverdir ? g_serverdir : "." ) == -1 ) |
408 | pws = getpwnam( "nobody" ); | 447 | panic( "drop_privileges failed, exiting. Last error"); |
409 | if( !pws ) { | ||
410 | setegid( (gid_t)-2 ); setuid( (uid_t)-2 ); | ||
411 | setgid( (gid_t)-2 ); seteuid( (uid_t)-2 ); | ||
412 | } else { | ||
413 | setegid( pws->pw_gid ); setuid( pws->pw_uid ); | ||
414 | setgid( pws->pw_gid ); seteuid( pws->pw_uid ); | ||
415 | } | ||
416 | endpwent(); | ||
417 | 448 | ||
418 | signal( SIGPIPE, SIG_IGN ); | 449 | signal( SIGPIPE, SIG_IGN ); |
419 | signal( SIGINT, signal_handler ); | 450 | signal( SIGINT, signal_handler ); |
@@ -421,9 +452,10 @@ while( scanon ) { | |||
421 | 452 | ||
422 | g_now_seconds = time( NULL ); | 453 | g_now_seconds = time( NULL ); |
423 | 454 | ||
424 | if( trackerlogic_init( g_serverdir ? g_serverdir : "." ) == -1 ) | 455 | /* Init all sub systems. This call may fail with an exit() */ |
425 | panic( "Logic not started" ); | 456 | trackerlogic_init( ); |
426 | 457 | ||
458 | /* Kick off our initial clock setting alarm */ | ||
427 | alarm(5); | 459 | alarm(5); |
428 | 460 | ||
429 | server_mainloop( ); | 461 | server_mainloop( ); |