int open_config() {
FILE *fp = NULL;
char *line;
key_cmd *cmd;
confentry *lastnode = NULL, *newnode = NULL;
int lineno = 1, ret = 0;
size_t n = 0;
/* Allow the configuration file to be overridden */
if (!config)
config = CONFIG;
fp = fopen(config, "r");
if (fp == NULL) {
lprintf("Warning: could not open the configuration file %s: %s\n", config, strerror(errno));
return OK;
}
if (verbose > 1)
lprintf("Using configuration file %s\n", config);
while (!feof(fp) && (ret >=0)) {
line = NULL;
ret = getline(&line, &n, fp);
if ((ret > 0) && (proc_config(lineno, line, &cmd) == OK)) {
newnode = (confentry *)(malloc(sizeof(confentry)));
if (newnode == NULL) {
lprintf("Error: memory allocation failed\n");
close_config();
free(line);
return MEMERR;
}
newnode->cmd = cmd;
newnode->next = NULL;
if (list == NULL) {
list = newnode;
} else {
lastnode->next = newnode;
}
lastnode = newnode;
if (verbose > 1) {
lprintf("Config: ");
lprint_mask(cmd->keys);
lprintf(" -:- ");
print_etype(cmd->type);
lprintf(" -:- ");
print_attrs(cmd);
lprintf(" -:- %s\n", cmd->command);
}
}
free(line);
++lineno;
}
fclose(fp);
return OK;
}
pid_t
proc_run(struct privsep *ps, struct privsep_proc *p,
struct privsep_proc *procs, u_int nproc,
void (*init)(struct privsep *, void *), void *arg)
{
pid_t pid;
struct passwd *pw;
const char *root;
u_int32_t seed[256];
switch (pid = fork()) {
case -1:
fatal("proc_run: cannot fork");
case 0:
break;
default:
return (pid);
}
pw = ps->ps_pw;
if (p->p_id == PROC_CONTROL) {
if (control_init(ps, &ps->ps_csock) == -1)
fatalx(p->p_title);
}
/* Change root directory */
if (p->p_chroot != NULL)
root = p->p_chroot;
else
root = pw->pw_dir;
#ifndef DEBUG
if (chroot(root) == -1)
fatal("proc_run: chroot");
if (chdir("/") == -1)
fatal("proc_run: chdir(\"/\")");
#else
#warning disabling privilege revocation and chroot in DEBUG MODE
if (p->p_chroot != NULL) {
if (chroot(root) == -1)
fatal("proc_run: chroot");
if (chdir("/") == -1)
fatal("proc_run: chdir(\"/\")");
}
#endif
privsep_process = p->p_id;
setproctitle("%s", p->p_title);
#ifndef DEBUG
if (setgroups(1, &pw->pw_gid) ||
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
fatal("proc_run: cannot drop privileges");
#endif
event_init();
signal_set(&ps->ps_evsigint, SIGINT, proc_sig_handler, p);
signal_set(&ps->ps_evsigterm, SIGTERM, proc_sig_handler, p);
signal_set(&ps->ps_evsigchld, SIGCHLD, proc_sig_handler, p);
signal_set(&ps->ps_evsighup, SIGHUP, proc_sig_handler, p);
signal_set(&ps->ps_evsigpipe, SIGPIPE, proc_sig_handler, p);
signal_add(&ps->ps_evsigint, NULL);
signal_add(&ps->ps_evsigterm, NULL);
signal_add(&ps->ps_evsigchld, NULL);
signal_add(&ps->ps_evsighup, NULL);
signal_add(&ps->ps_evsigpipe, NULL);
proc_config(ps, procs, nproc);
arc4random_buf(seed, sizeof(seed));
RAND_seed(seed, sizeof(seed));
if (p->p_id == PROC_CONTROL) {
TAILQ_INIT(&ctl_conns);
if (control_listen(&ps->ps_csock) == -1)
fatalx(p->p_title);
}
if (init != NULL)
init(ps, arg);
event_dispatch();
proc_shutdown(p);
return (0);
}