int
diod_remapuser (Npfid *fid, Npstr *uname, u32 n_uname, Npstr *aname)
{
int ret = 0;
if (diod_conf_get_allsquash ()) {
char *squash = diod_conf_get_squashuser ();
Npuser *user = NULL;
if (!(user = np_uname2user (fid->conn->srv, squash))) {
ret = -1;
goto done;
}
if (fid->user)
np_user_decref (fid->user);
fid->user = user;
}
done:
return ret;
}
static void
_service_run (srvmode_t mode, int rfdno, int wfdno)
{
List l = diod_conf_get_listen ();
int nwthreads = diod_conf_get_nwthreads ();
int flags = diod_conf_get_debuglevel ();
uid_t euid = geteuid ();
int n;
ss.mode = mode;
ss.rfdno = rfdno;
ss.wfdno = wfdno;
ss.shutdown = 0;
ss.reload = 0;
_service_sigsetup ();
ss.fds = NULL;
ss.nfds = 0;
switch (mode) {
case SRV_FILEDES:
break;
case SRV_NORMAL:
case SRV_SOCKTEST:
if (!diod_sock_listen (l, &ss.fds, &ss.nfds))
msg_exit ("failed to set up listener");
#if WITH_RDMATRANS
ss.rdma = diod_rdma_create ();
diod_rdma_listen (ss.rdma);
#endif
break;
}
/* manipulate squash/runas users if not root */
if (euid != 0) {
if (diod_conf_get_allsquash ()) {
struct passwd *pw = getpwuid (euid);
char *su = diod_conf_get_squashuser ();
if (!pw)
msg_exit ("getpwuid on effective uid failed");
if (strcmp (pw->pw_name, su) != 0) {
if (strcmp (su, DFLT_SQUASHUSER) != 0)
msg ("changing squashuser '%s' to '%s' "
"since you are not root", su, pw->pw_name);
diod_conf_set_squashuser (pw->pw_name); /* fixes issue 41 */
}
} else { /* N.B. runasuser cannot be set in the config file */
uid_t ruid = diod_conf_get_runasuid ();
if (diod_conf_opt_runasuid () && ruid != euid)
msg ("changing runasuid %d to %d "
"since you are not root", ruid, euid);
diod_conf_set_runasuid (euid);
}
}
if (!diod_conf_get_foreground () && mode != SRV_FILEDES)
_daemonize (); /* implicit fork - no pthreads before this */
if (!diod_conf_get_foreground () && mode != SRV_FILEDES)
diod_log_set_dest (diod_conf_get_logdest ());
/* drop root */
if (euid == 0) {
if (diod_conf_get_allsquash ())
_become_user (diod_conf_get_squashuser (), -1, 1);
else if (diod_conf_opt_runasuid ())
_become_user (NULL, diod_conf_get_runasuid (), 1);
}
/* clear umask */
umask (0);
flags |= SRV_FLAGS_LOOSEFID; /* work around buggy clients */
flags |= SRV_FLAGS_AUTHCONN;
//flags |= SRV_FLAGS_FLUSHSIG; /* XXX temporarily off */
if (geteuid () == 0) {
flags |= SRV_FLAGS_SETFSID;
flags |= SRV_FLAGS_DAC_BYPASS;
if (_test_setgroups ())
flags |= SRV_FLAGS_SETGROUPS;
else
msg ("test_setgroups: groups are per-process (disabling)");
}
/* Process dumpable flag may have been cleared by uid manipulation above.
* Set it here, then maintain it in user.c::np_setfsid () as uids are
* further manipulated.
*/
if (prctl (PR_SET_DUMPABLE, 1, 0, 0, 0) < 0)
err_exit ("prctl PR_SET_DUMPABLE failed");
if (!diod_conf_get_userdb ())
flags |= SRV_FLAGS_NOUSERDB;
if (!(ss.srv = np_srv_create (nwthreads, flags))) /* starts threads */
errn_exit (np_rerror (), "np_srv_create");
if (diod_init (ss.srv) < 0)
errn_exit (np_rerror (), "diod_init");
if ((n = pthread_create (&ss.t, NULL, _service_loop, NULL)))
errn_exit (n, "pthread_create _service_loop");
#if WITH_RDMATRANS
if ((n = pthread_create (&ss.rdma_t, NULL, _service_loop_rdma, NULL)))
errn_exit (n, "pthread_create _service_loop_rdma");
#endif
switch (mode) {
case SRV_FILEDES:
case SRV_SOCKTEST:
np_srv_wait_conncount (ss.srv, 1);
pthread_kill (ss.t, SIGUSR1);
break;
case SRV_NORMAL:
break;
}
if ((n = pthread_join (ss.t, NULL)))
errn_exit (n, "pthread_join _service_loop");
#if WITH_RDMATRANS
if ((n = pthread_join (ss.rdma_t, NULL)))
errn_exit (n, "pthread_join _service_loop_rdma");
#endif
diod_fini (ss.srv);
np_srv_destroy (ss.srv);
}
