Bug#287025: asterisk -rx 'restart now' fails

Mon Jul 18 15:01:52 UTC 2005

On Tue, Jul 05, 2005 at 03:04:08AM +0300, Tzafrir Cohen wrote:

> But is there a real reason for asterisk to re-setuid on restart? This
> part could probably be skipped.

On restart asterisk simply re-execs itself. So it just needs to know
this was already done.

The following patch "remembers" (through an environment variable) that
asterisk has run setuid, and in that case won't try to do any operation
that require extra priviliges.

What do you think?

-- 
Tzafrir Cohen     icq#16849755  +972-50-7952406
tzafrir.cohen at xorcom.com  http://www.xorcom.com
-------------- next part --------------
#! /bin/sh /usr/share/dpatch/dpatch-run
## restart_noroot.dpatch by Xorcom Ltd. (software releases key) <support at xorcom.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.

@DPATCH@
diff -urNad asterisk-1.0.9.dfsg.1/asterisk.c /tmp/dpep.grs7nl/asterisk-1.0.9.dfsg.1/asterisk.c

--- asterisk-1.0.9.dfsg.1/asterisk.c	2005-07-18 17:49:24.000000000 +0300
+++ /tmp/dpep.grs7nl/asterisk-1.0.9.dfsg.1/asterisk.c	2005-07-18 17:51:50.000000000 +0300
@@ -1579,6 +1579,7 @@
 	FILE *f;
 	sigset_t sigs;
 	int num;
+	int is_child_of_nonroot=0;
 	char *buf;
 	char *runuser=NULL, *rungroup=NULL;
 	struct pollfd silly_macos[1];	
@@ -1605,6 +1606,11 @@
 	callerid_init();
 	ast_utils_init();
 	tdd_init();
+			/* When asterisk restarts after it has dropped the root privileges,
+			 * it can't issue setuid(), setgid(), setgroups() or set_priority() 
+			 * */
+	if (getenv("ASTERISK_ALREADY_NONROOT"))
+		is_child_of_nonroot=1;
 	if (getenv("HOME")) 
 		snprintf(filename, sizeof(filename), "%s/.asterisk_history", getenv("HOME"));
 	/* Check if we're root */
@@ -1698,11 +1704,11 @@
 		ast_verbose("[ Reading Master Configuration ]");
 	ast_readconfig();
 
-	if (set_priority(option_highpriority)) {
+	if (!is_child_of_nonroot && set_priority(option_highpriority)) {
 		exit(1);
 	}
 
-	if (rungroup) {
+	if (rungroup && !is_child_of_nonroot) {
 		struct group *gr;
 		gr = getgrnam(rungroup);
 		if (!gr) {
@@ -1717,7 +1723,7 @@
 			ast_verbose("Running as group '%s'\n", rungroup);
 	}
 
-	if (runuser) {
+	if (runuser && ! is_child_of_nonroot) {
 		struct passwd *pw;
 		pw = getpwnam(runuser);
 		if (!pw) {
@@ -1728,6 +1734,7 @@
 			ast_log(LOG_WARNING, "Unable to setuid to %d (%s)\n", pw->pw_uid, runuser);
 			exit(1);
 		}
+		setenv("ASTERISK_ALREADY_NONROOT","yes",1);
 		if (option_verbose)
 			ast_verbose("Running as user '%s'\n", runuser);
 	}
