diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-03-08 16:42:03 +0100 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-03-08 16:51:15 +0100 |
commit | 3e2d86693f6e8920c97fe296491e7741e31f922c (patch) | |
tree | 1c755422fd27c7f192243e8eb7f7811193efa1f6 /bin | |
parent | e0cabd6295204fe8a6b54edfc9141302943fdbfb (diff) | |
download | privsep-master.tar.bz2 privsep-master.tar.xz |
This allows you load various modules into a server lua state and give
a performance boost when calling the privileged functions
Diffstat (limited to 'bin')
-rw-r--r-- | bin/Makefile | 24 | ||||
-rw-r--r-- | bin/conn.c | 145 | ||||
-rw-r--r-- | bin/conn.h | 8 | ||||
-rw-r--r-- | bin/list.h | 112 | ||||
-rw-r--r-- | bin/lua-privsep.c | 66 | ||||
-rw-r--r-- | bin/lua-privsep.h | 6 | ||||
-rw-r--r-- | bin/privsep-server.c | 35 |
7 files changed, 0 insertions, 396 deletions
diff --git a/bin/Makefile b/bin/Makefile deleted file mode 100644 index 07a522a..0000000 --- a/bin/Makefile +++ /dev/null @@ -1,24 +0,0 @@ - -COMPILE_PROG = $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $($@-objs) $($@-libs) - -CFLAGS ?= -g - -PKGCONF ?= pkg-config - -LUA_PKG ?= lua -LUA_CFLAGS := $(shell $(PKGCONF) --cflags $(LUA_PKG)) -LUA_LIBS := $(shell $(PKGCONF) --libs $(LUA_PKG)) - -LIBEV_LIBS := -lev - -privsep-server-objs = privsep-server.o lua-privsep.o conn.o -privsep-server-libs = $(LUA_LIBS) $(LIBEV_LIBS) - -all: privsep-server - -privsep-server: $(privsep-server-objs) - $(COMPILE_PROG) - -clean: - rm -f $(privsep-server-objs) privsep-server - diff --git a/bin/conn.c b/bin/conn.c deleted file mode 100644 index f953d09..0000000 --- a/bin/conn.c +++ /dev/null @@ -1,145 +0,0 @@ - -#include <sys/socket.h> -#include <sys/un.h> - -#include <stdio.h> - -#include <errno.h> -#include <fcntl.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> - -#include <ev.h> - -#include "list.h" -#include "conn.h" -#include "lua-privsep.h" - - -#ifndef DEBUG -#define log_debug(x) printf("%s\n", x) -#define log_perror(x) perror(x) -#endif - -#ifndef MSG_MAX_SIZE -#define MSG_MAX_SIZE 16386 -#endif - -static struct ev_io accept_io; - -struct conn { - struct ev_io io; - struct ev_timer timeout; - size_t num_read; - char msg[MSG_MAX_SIZE]; -}; - -static void conn_free(struct ev_loop *loop, struct conn *rm) -{ - int fd = rm->io.fd; - - ev_io_stop(loop, &rm->io); - ev_timer_stop(loop, &rm->timeout); - close(fd); - free(rm); - log_debug("Connection closed"); -} - -static void conn_recv_cb (struct ev_loop *loop, struct ev_io *w, - int revents) -{ - struct conn *conn = container_of(w, struct conn, io); - int len, i; - char *args; - - len = recv(conn->io.fd, conn->msg, sizeof(conn->msg) - conn->num_read, - MSG_DONTWAIT); - if (len < 0 && errno == EAGAIN) - return; - if (len <= 0) - goto err; - - conn->num_read += len; - if (conn->num_read >= sizeof(conn->msg)) - goto err; - - call_lua(conn->io.fd, conn->msg, conn->num_read); - -err: - conn_free(loop, conn); -} - -static void conn_timeout_cb (struct ev_loop *loop, struct ev_timer *t, - int revents) -{ - log_debug("Connection timed out"); - conn_free(loop, container_of(t, struct conn, timeout)); -} - -static void conn_accept_cb(struct ev_loop *loop, struct ev_io *w, - int revents) -{ - struct conn *conn; - struct sockaddr_storage from; - socklen_t fromlen = sizeof(from); - int fd; - - fd = accept(w->fd, (struct sockaddr *) &from, &fromlen); - if (fd < 0) { - log_perror("accept"); - return; - } - log_debug("New connection"); - fcntl(fd, F_SETFD, FD_CLOEXEC); - conn = calloc(1, sizeof(struct conn)); - - ev_io_init(&conn->io, conn_recv_cb, fd, EV_READ); - ev_io_start(loop, &conn->io); - ev_timer_init(&conn->timeout, conn_timeout_cb, 10.0, 0.); - ev_timer_start(loop, &conn->timeout); -} - - -int conn_init(struct ev_loop *loop, const char *socket_path) -{ - struct sockaddr_un sun; - char *p; - int fd; - - memset(&sun, 0, sizeof(sun)); - sun.sun_family = AF_UNIX; - strncpy(sun.sun_path, socket_path, sizeof(sun.sun_path)); - - /* create the dir */ - p = strrchr(sun.sun_path, '/'); - if (p) { - *p = '\0'; - mkdir(sun.sun_path, 0755); - *p = '/'; - } - - fd = socket(AF_UNIX, SOCK_STREAM, 0); - if (fd < 0) { - log_perror("socket"); - return -1; - } - - fcntl(fd, F_SETFD, FD_CLOEXEC); - unlink(socket_path); - if (bind(fd, (struct sockaddr *) &sun, sizeof(sun)) < 0) - goto perr_close; - - if (listen(fd, 5) < 0) - goto perr_close; - - ev_io_init(&accept_io, conn_accept_cb, fd, EV_READ); - ev_io_start(loop, &accept_io); - return 0; - -perr_close: - log_perror(socket_path); - close(fd); - return -1; - -} diff --git a/bin/conn.h b/bin/conn.h deleted file mode 100644 index f5b33a9..0000000 --- a/bin/conn.h +++ /dev/null @@ -1,8 +0,0 @@ -#ifndef CONN_H -#define CONN_H - -#include <ev.h> - -int conn_init(struct ev_loop *loop, const char *socket_path); - -#endif diff --git a/bin/list.h b/bin/list.h deleted file mode 100644 index 1fca5e7..0000000 --- a/bin/list.h +++ /dev/null @@ -1,112 +0,0 @@ -/* list.h - Single and double linked list macros - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 or later as - * published by the Free Software Foundation. - * - * See http://www.gnu.org/ for details. - * - * This is more or less based on the code in the linux kernel. There are - * minor differences and this is only a subset of the kernel version. - */ - -#ifndef LIST_H -#define LIST_H - -#ifndef NULL -#define NULL 0L -#endif - -#ifndef offsetof -#ifdef __compiler_offsetof -#define offsetof(TYPE,MEMBER) __compiler_offsetof(TYPE,MEMBER) -#else -#define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER) -#endif -#endif - -#ifndef container_of -#define container_of(ptr, type, member) ({ \ - const typeof( ((type *)0)->member ) *__mptr = (ptr); \ - (type *)( (char *)__mptr - offsetof(type,member) );}) -#endif - -struct list_head { - struct list_head *next, *prev; -}; - -#define LIST_INITIALIZER(l) { .next = &l, .prev = &l } - -static inline void list_init(struct list_head *list) -{ - list->next = list; - list->prev = list; -} - -static inline void __list_add(struct list_head *new, - struct list_head *prev, - struct list_head *next) -{ - next->prev = new; - new->next = next; - new->prev = prev; - prev->next = new; -} - -static inline void list_add(struct list_head *new, struct list_head *head) -{ - __list_add(new, head, head->next); -} - -static inline void list_add_tail(struct list_head *new, struct list_head *head) -{ - __list_add(new, head->prev, head); -} - -static inline void __list_del(struct list_head * prev, struct list_head * next) -{ - next->prev = prev; - prev->next = next; -} - -static inline void list_del(struct list_head *entry) -{ - __list_del(entry->prev, entry->next); - entry->next = NULL; - entry->prev = NULL; -} - -static inline int list_hashed(const struct list_head *n) -{ - return n->next != n && n->next != NULL; -} - -static inline int list_empty(const struct list_head *n) -{ - return !list_hashed(n); -} - -#define list_next(ptr, type, member) \ - (list_hashed(ptr) ? container_of((ptr)->next,type,member) : NULL) - -#define list_entry(ptr, type, member) container_of(ptr,type,member) - -#define list_for_each(pos, head) \ - for (pos = (head)->next; pos != (head); pos = pos->next) - -#define list_for_each_safe(pos, n, head) \ - for (pos = (head)->next, n = pos->next; pos != (head); \ - pos = n, n = pos->next) - -#define list_for_each_entry(pos, head, member) \ - for (pos = list_entry((head)->next, typeof(*pos), member); \ - &pos->member != (head); \ - pos = list_entry(pos->member.next, typeof(*pos), member)) - -#define list_for_each_entry_safe(pos, n, head, member) \ - for (pos = list_entry((head)->next, typeof(*pos), member), \ - n = list_entry(pos->member.next, typeof(*pos), member); \ - &pos->member != (head); \ - pos = n, n = list_entry(n->member.next, typeof(*n), member)) - -#endif diff --git a/bin/lua-privsep.c b/bin/lua-privsep.c deleted file mode 100644 index d6d750c..0000000 --- a/bin/lua-privsep.c +++ /dev/null @@ -1,66 +0,0 @@ -#include <stdio.h> - -#include <lua.h> -#include <lauxlib.h> -#include <lualib.h> - -#include "conn.h" -#include "lua-privsep.h" - -#ifndef PRIVSEP_PATH -#define PRIVSEP_PATH "./" -#endif - -static int traceback (lua_State *L) { - if (!lua_isstring(L, 1)) /* 'message' not a string? */ - return 1; /* keep it intact */ - fprintf(stderr, "traceback\n"); - lua_getfield(L, LUA_GLOBALSINDEX, "debug"); - if (!lua_istable(L, -1)) { - fprintf(stderr, "traceback: debug\n"); - lua_pop(L, 1); - return 1; - } - - lua_getfield(L, -1, "traceback"); - if (!lua_isfunction(L, -1)) { - fprintf(stderr, "traceback: traceback\n"); - lua_pop(L, 2); - return 1; - } - - lua_pushvalue(L, 1); /* pass error message */ - lua_pushinteger(L, 2); /* skip this function and traceback */ - lua_call(L, 2, 1); /* call debug.traceback */ - return 1; -} - -int call_lua(int fd, const char *msg, size_t msglen) -{ - const char *luamain = PRIVSEP_PATH "privileged-main.lua"; - int traceback_index; - const char *retbuf; - size_t retsize; - - lua_State *L = luaL_newstate(); - luaL_openlibs(L); - - lua_pushcfunction(L, traceback); - traceback_index = lua_gettop(L); - - if (luaL_loadfile(L, luamain)) - return luaL_error(L, "%s", luamain); - - lua_pushlstring(L, msg, msglen); - - - if (lua_pcall(L, 1, 1, traceback_index)) - return luaL_error(L, "error"); - - if (!lua_isstring(L, -1)) - error(L, "function must return string"); - - retbuf = lua_tolstring(L, -1, &retsize); - return write(fd, retbuf, retsize); -} - diff --git a/bin/lua-privsep.h b/bin/lua-privsep.h deleted file mode 100644 index 9b7e219..0000000 --- a/bin/lua-privsep.h +++ /dev/null @@ -1,6 +0,0 @@ -#ifndef LUA_PRIVSEP_H -#define LUA_PRIVSEP_H - -int call_lua(int fd, const char *msg, size_t msglen); - -#endif diff --git a/bin/privsep-server.c b/bin/privsep-server.c deleted file mode 100644 index 76d3f4c..0000000 --- a/bin/privsep-server.c +++ /dev/null @@ -1,35 +0,0 @@ - -#include <sys/stat.h> -#include <stdio.h> -#include <ev.h> - -#ifndef DEFAULT_SOCKET_PATH -#define DEFAULT_SOCKET_PATH "/var/run/privsep/root.sock" -#endif - -static void sigint_cb(struct ev_loop *loop, ev_signal *w, int revents) -{ - ev_break(loop, EVBREAK_ALL); -} - -int main(int argc, char *argv[]) -{ - int c; - const char *socket_path = DEFAULT_SOCKET_PATH; - static struct ev_loop *loop; - static struct ev_signal signal_watcher; - - loop = ev_default_loop(0); - - if (conn_init(loop, socket_path) < 0) - return 1; - - ev_signal_init(&signal_watcher, sigint_cb, SIGINT); - ev_signal_start(loop, &signal_watcher); - - ev_run(loop, 0); - printf("%s\n", "Shutting down."); - ev_loop_destroy(loop); - return 0; -} - |