int diod_remapuser (Npfid *fid, Npstr *uname, u32 n_uname, Npstr *aname) { int ret = 0; if (diod_conf_get_allsquash ()) { char *squash = diod_conf_get_squashuser (); Npuser *user = NULL; if (!(user = np_uname2user (fid->conn->srv, squash))) { ret = -1; goto done; } if (fid->user) np_user_decref (fid->user); fid->user = user; } done: return ret; }
static void _service_run (srvmode_t mode, int rfdno, int wfdno) { List l = diod_conf_get_listen (); int nwthreads = diod_conf_get_nwthreads (); int flags = diod_conf_get_debuglevel (); uid_t euid = geteuid (); int n; ss.mode = mode; ss.rfdno = rfdno; ss.wfdno = wfdno; ss.shutdown = 0; ss.reload = 0; _service_sigsetup (); ss.fds = NULL; ss.nfds = 0; switch (mode) { case SRV_FILEDES: break; case SRV_NORMAL: case SRV_SOCKTEST: if (!diod_sock_listen (l, &ss.fds, &ss.nfds)) msg_exit ("failed to set up listener"); #if WITH_RDMATRANS ss.rdma = diod_rdma_create (); diod_rdma_listen (ss.rdma); #endif break; } /* manipulate squash/runas users if not root */ if (euid != 0) { if (diod_conf_get_allsquash ()) { struct passwd *pw = getpwuid (euid); char *su = diod_conf_get_squashuser (); if (!pw) msg_exit ("getpwuid on effective uid failed"); if (strcmp (pw->pw_name, su) != 0) { if (strcmp (su, DFLT_SQUASHUSER) != 0) msg ("changing squashuser '%s' to '%s' " "since you are not root", su, pw->pw_name); diod_conf_set_squashuser (pw->pw_name); /* fixes issue 41 */ } } else { /* N.B. runasuser cannot be set in the config file */ uid_t ruid = diod_conf_get_runasuid (); if (diod_conf_opt_runasuid () && ruid != euid) msg ("changing runasuid %d to %d " "since you are not root", ruid, euid); diod_conf_set_runasuid (euid); } } if (!diod_conf_get_foreground () && mode != SRV_FILEDES) _daemonize (); /* implicit fork - no pthreads before this */ if (!diod_conf_get_foreground () && mode != SRV_FILEDES) diod_log_set_dest (diod_conf_get_logdest ()); /* drop root */ if (euid == 0) { if (diod_conf_get_allsquash ()) _become_user (diod_conf_get_squashuser (), -1, 1); else if (diod_conf_opt_runasuid ()) _become_user (NULL, diod_conf_get_runasuid (), 1); } /* clear umask */ umask (0); flags |= SRV_FLAGS_LOOSEFID; /* work around buggy clients */ flags |= SRV_FLAGS_AUTHCONN; //flags |= SRV_FLAGS_FLUSHSIG; /* XXX temporarily off */ if (geteuid () == 0) { flags |= SRV_FLAGS_SETFSID; flags |= SRV_FLAGS_DAC_BYPASS; if (_test_setgroups ()) flags |= SRV_FLAGS_SETGROUPS; else msg ("test_setgroups: groups are per-process (disabling)"); } /* Process dumpable flag may have been cleared by uid manipulation above. * Set it here, then maintain it in user.c::np_setfsid () as uids are * further manipulated. */ if (prctl (PR_SET_DUMPABLE, 1, 0, 0, 0) < 0) err_exit ("prctl PR_SET_DUMPABLE failed"); if (!diod_conf_get_userdb ()) flags |= SRV_FLAGS_NOUSERDB; if (!(ss.srv = np_srv_create (nwthreads, flags))) /* starts threads */ errn_exit (np_rerror (), "np_srv_create"); if (diod_init (ss.srv) < 0) errn_exit (np_rerror (), "diod_init"); if ((n = pthread_create (&ss.t, NULL, _service_loop, NULL))) errn_exit (n, "pthread_create _service_loop"); #if WITH_RDMATRANS if ((n = pthread_create (&ss.rdma_t, NULL, _service_loop_rdma, NULL))) errn_exit (n, "pthread_create _service_loop_rdma"); #endif switch (mode) { case SRV_FILEDES: case SRV_SOCKTEST: np_srv_wait_conncount (ss.srv, 1); pthread_kill (ss.t, SIGUSR1); break; case SRV_NORMAL: break; } if ((n = pthread_join (ss.t, NULL))) errn_exit (n, "pthread_join _service_loop"); #if WITH_RDMATRANS if ((n = pthread_join (ss.rdma_t, NULL))) errn_exit (n, "pthread_join _service_loop_rdma"); #endif diod_fini (ss.srv); np_srv_destroy (ss.srv); }