[Pkg-freeipa-devel] [Git][freeipa-team/nuxwdog][master] 2 commits: patches: Add two patches for setting the uid and handling longer conf line length.
Timo Aaltonen
gitlab at salsa.debian.org
Thu May 3 10:31:14 BST 2018
Timo Aaltonen pushed to branch master at FreeIPA packaging / nuxwdog
Commits:
611b2409 by Timo Aaltonen at 2018-02-08T17:10:57+02:00
patches: Add two patches for setting the uid and handling longer conf line length.
- - - - -
bfdaa1bd by Timo Aaltonen at 2018-02-08T17:11:22+02:00
releasing package nuxwdog version 1.0.3-4
- - - - -
4 changed files:
- debian/changelog
- + debian/patches/add-parameter-to-set-uid.diff
- + debian/patches/allow-unlimited-conf-line-length.diff
- debian/patches/series
Changes:
=====================================
debian/changelog
=====================================
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+nuxwdog (1.0.3-4) unstable; urgency=medium
+
+ * patches: Add two patches for setting the uid and handling longer
+ conf line length.
+
+ -- Timo Aaltonen <tjaalton at debian.org> Thu, 08 Feb 2018 17:11:17 +0200
+
nuxwdog (1.0.3-3) unstable; urgency=medium
* Install the jni lib in /usr/lib/jni, not in a multiarch path.
=====================================
debian/patches/add-parameter-to-set-uid.diff
=====================================
--- /dev/null
+++ b/debian/patches/add-parameter-to-set-uid.diff
@@ -0,0 +1,137 @@
+commit 3d7adfbe0788f33a67c3ed65e12ba9d32074a674
+Author: Ade Lee <alee at redhat.com>
+Date: Mon Jan 15 15:25:36 2018 -0500
+
+ Add parameter to set the uid of the invoked process
+
+diff --git a/src/com/redhat/nuxwdog/watchdog.cpp b/src/com/redhat/nuxwdog/watchdog.cpp
+index a4d6a77..36b13e4 100644
+--- a/src/com/redhat/nuxwdog/watchdog.cpp
++++ b/src/com/redhat/nuxwdog/watchdog.cpp
+@@ -33,6 +33,7 @@
+ #include <stdlib.h>
+ #include <unistd.h>
+ #include <errno.h>
++#include <cerrno>
+ #include <signal.h>
+ #include <fcntl.h>
+ #include <pwd.h>
+@@ -280,7 +281,7 @@ watchdog_exit(int status)
+
+ int
+ _watchdog_exec(int server_starts, char *server_exe, char *args[],
+- char * envp[], int *spid)
++ char * envp[], int *spid, int uid)
+ {
+ int server_background = 0;
+ char *server_out = NULL;
+@@ -412,6 +413,14 @@ _watchdog_exec(int server_starts, char *server_exe, char *args[],
+ free(server_context);
+ }
+
++ if (uid >= 0) {
++ rv = setuid(uid);
++ if (rv != 0) {
++ watchdog_error("unable to setuid");
++ watchdog_exit(1);
++ }
++ }
++
+ rv = execv(server_exe, args);
+ if (rv < 0) {
+ watchdog_error("could not execute server binary");
+@@ -757,10 +766,12 @@ int main(int argc, char **argv, char **envp)
+ int ver=0;
+ int server_starts;
+ int server_stat;
++ int uid=-1;
+ char *server_exe = NULL;
+ char *server_args = NULL;
+ char *conffile = NULL;
+ char *pch;
++ char *user = NULL;
+ char *args[100];
+ struct stat statbuf;
+ UDS_NAME[0]=0;
+@@ -833,6 +844,11 @@ int main(int argc, char **argv, char **envp)
+ watchdog_exit(1);
+ }
+
++ /* user */
++ if (confinfo->user) {
++ user = strdup(confinfo->user);
++ }
++
+ if (detach) {
+ parent_watchdog_create_signal_handlers();
+
+@@ -883,6 +899,22 @@ int main(int argc, char **argv, char **envp)
+ watchdog_exit(1);
+ }
+
++ if (user != NULL) {
++ struct passwd *pw = getpwnam(user);
++ if (pw == NULL) {
++ sprintf(errmsgstr, "user %s does not exist", user);
++ watchdog_error(errmsgstr);
++ watchdog_exit(1);
++ }
++
++ if (chown(UDS_NAME, pw->pw_uid, pw->pw_gid) != 0) {
++ sprintf(errmsgstr, "chown failed errno %d %s", errno, strerror(errno));
++ watchdog_error(errmsgstr);
++ watchdog_exit(1);
++ }
++ uid = pw->pw_uid;
++ }
++
+ for (server_starts = 0;; ++server_starts) {
+
+ _watchdog_death = 0;
+@@ -895,7 +927,7 @@ int main(int argc, char **argv, char **envp)
+
+ watchdog_create_signal_handlers();
+
+- rv = _watchdog_exec(server_starts, server_exe, args, envp, &server_pid);
++ rv = _watchdog_exec(server_starts, server_exe, args, envp, &server_pid, uid);
+
+ if (server_pid < 0) {
+ // exec failed: kill parent if it's still waiting
+diff --git a/src/com/redhat/nuxwdog/wdconf.cpp b/src/com/redhat/nuxwdog/wdconf.cpp
+index 95603c9..2d50575 100644
+--- a/src/com/redhat/nuxwdog/wdconf.cpp
++++ b/src/com/redhat/nuxwdog/wdconf.cpp
+@@ -158,6 +158,9 @@ _watchdog_parse_conffile(char *conffile,
+ if (!strcasecmp(name, "ChildSecurity")) {
+ info->childSecurity = atoi(value);
+ }
++ if (!strcasecmp(name, "User")) {
++ info->user = strdup(value);
++ }
+ if (line != NULL) {
+ free(line);
+ line = NULL;
+@@ -227,5 +230,9 @@ watchdog_confinfo_free(watchdog_conf_info_t *info)
+ free(info->childPidFile);
+ }
+
++ if (info->user) {
++ free(info->user);
++ }
++
+ free(info);
+ }
+diff --git a/src/com/redhat/nuxwdog/wdconf.h b/src/com/redhat/nuxwdog/wdconf.h
+index bb2e7b1..94f02e3 100644
+--- a/src/com/redhat/nuxwdog/wdconf.h
++++ b/src/com/redhat/nuxwdog/wdconf.h
+@@ -36,7 +36,8 @@ typedef struct watchdog_conf_info_t {
+ char *exeContext; /* selinux type context */
+ char *pidFile; /* pidFile */
+ char *childPidFile; /* child pid file */
+- int childSecurity; /* enforce child security */
++ int childSecurity; /* enforce child security */
++ char *user; /* user to execute the process as */
+ } watchdog_conf_info_t;
+
+ watchdog_conf_info_t *watchdog_parse(char *conf_file);
=====================================
debian/patches/allow-unlimited-conf-line-length.diff
=====================================
--- /dev/null
+++ b/debian/patches/allow-unlimited-conf-line-length.diff
@@ -0,0 +1,122 @@
+commit f4b47d21560fd57c7d2e326ebfae66f42b66864f
+Author: Ade Lee <alee at redhat.com>
+Date: Mon Oct 30 22:47:15 2017 -0400
+
+ Allow unlimited conf line length
+
+ Errors occurred because the line length was being truncated,
+ especially for long lines like JVM args. Now the line length
+ will be allocated correctly.
+
+ Change-Id: I77553817931883e05180a1082d45a20e3a6afe4c
+
+diff --git a/src/com/redhat/nuxwdog/wdconf.cpp b/src/com/redhat/nuxwdog/wdconf.cpp
+index 086bc5a..95603c9 100644
+--- a/src/com/redhat/nuxwdog/wdconf.cpp
++++ b/src/com/redhat/nuxwdog/wdconf.cpp
+@@ -29,24 +29,23 @@
+ #include "wdconf.h"
+ #include "wdlog.h"
+
+-#define MAX_CONF_LINE_LENGTH 1024
++#define CHUNK 1024
+
+ /* Read config file line like util_getline() */
+-static int _watchdog_readconf_line(char *line, int maxlen, FILE *file)
++static char * _watchdog_readconf_line(FILE *file)
+ {
+ int len = 0;
+ int nlseen = 0;
+- int src;
+- int dst;
+- char *bufp = line;
++ int src = 0;
++ int dst = 0;
++ char bufp[CHUNK];
+
+- if (feof(file)) {
+- return -1;
+- }
++ char *line = (char *) malloc(1);
++ line[0] = '\0';
+
+- while (!nlseen && (len < maxlen - 1)) {
++ while (!nlseen && !feof(file)) {
+
+- if (!fgets(bufp, maxlen - len, file))
++ if (!fgets(bufp, CHUNK, file))
+ break;
+
+ /* Scan what was just read */
+@@ -68,26 +67,31 @@ static int _watchdog_readconf_line(char *line, int maxlen, FILE *file)
+ ++dst;
+ }
+ }
++ bufp[dst] = '\0';
+
+ if (dst > 0) {
+ /* Check for continuation */
+ if (nlseen && (bufp[dst-1] == '\\')) {
++ bufp[dst-1] = '\0';
+ dst -= 1;
+ nlseen = 0;
+ }
+
+ len += dst;
+- bufp += dst;
++
++ line = (char *) realloc(line, len+1);
++ strcat(line, bufp);
+ }
+ }
+
+ if ((len <= 0) && !nlseen) {
+- return -1;
++ if (line) {
++ free(line);
++ }
++ return NULL;
+ }
+
+- line[len] = '\0';
+-
+- return len;
++ return line;
+ }
+
+ static int
+@@ -95,8 +99,7 @@ _watchdog_parse_conffile(char *conffile,
+ watchdog_conf_info_t *info)
+ {
+ FILE *cfile;
+- char line[MAX_CONF_LINE_LENGTH];
+- char *name, *value;
++ char *line, *name, *value;
+ int len;
+
+ cfile = fopen(conffile, "r");
+@@ -110,7 +113,8 @@ _watchdog_parse_conffile(char *conffile,
+ return -1;
+ }
+
+- while ((len = _watchdog_readconf_line(line, MAX_CONF_LINE_LENGTH, cfile)) >= 0) {
++ while ((line = _watchdog_readconf_line(cfile)) != NULL) {
++ len = strlen(line);
+ name = line;
+ if ((*name) == '#')
+ continue;
+@@ -154,10 +158,13 @@ _watchdog_parse_conffile(char *conffile,
+ if (!strcasecmp(name, "ChildSecurity")) {
+ info->childSecurity = atoi(value);
+ }
++ if (line != NULL) {
++ free(line);
++ line = NULL;
++ }
+ }
+
+ fclose(cfile);
+-
+ return 0;
+ }
+
=====================================
debian/patches/series
=====================================
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,4 @@
fix-javac-path.diff
fix-nspr-include-path.diff
+allow-unlimited-conf-line-length.diff
+add-parameter-to-set-uid.diff
View it on GitLab: https://salsa.debian.org/freeipa-team/nuxwdog/compare/10a7642fd7ca6e73420d5d9f334d824e96128535...bfdaa1bd6fc15855641efbd6c84018399de152e9
---
View it on GitLab: https://salsa.debian.org/freeipa-team/nuxwdog/compare/10a7642fd7ca6e73420d5d9f334d824e96128535...bfdaa1bd6fc15855641efbd6c84018399de152e9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20180503/9790991d/attachment-0001.html>
More information about the Pkg-freeipa-devel
mailing list