diff options
author | Laurent Bercot <ska-skaware@skarnet.org> | 2021-07-23 20:01:58 +0000 |
---|---|---|
committer | Laurent Bercot <ska@appnovation.com> | 2021-07-23 20:01:58 +0000 |
commit | f24d6bdcdfd5f955cbc72ae9e0eb2d2778ecf06a (patch) | |
tree | 10f24fae2f0d8a0e0e74cbd4a71113fdf7c58c74 /src/conn-tools | |
parent | c9fcfbf294edb01b149a75465a4beb14c3a5dd56 (diff) | |
download | s6-f24d6bdcdfd5f955cbc72ae9e0eb2d2778ecf06a.tar.xz |
Prepare for 2.11.0.0, adapt to skalibs-2.11.0.0 (cdb changes)
Signed-off-by: Laurent Bercot <ska@appnovation.com>
Diffstat (limited to 'src/conn-tools')
-rw-r--r-- | src/conn-tools/s6-accessrules-cdb-from-fs.c | 21 | ||||
-rw-r--r-- | src/conn-tools/s6-accessrules-fs-from-cdb.c | 108 | ||||
-rw-r--r-- | src/conn-tools/s6-ipcserver-access.c | 7 |
3 files changed, 66 insertions, 70 deletions
diff --git a/src/conn-tools/s6-accessrules-cdb-from-fs.c b/src/conn-tools/s6-accessrules-cdb-from-fs.c index dd935bf..a6587db 100644 --- a/src/conn-tools/s6-accessrules-cdb-from-fs.c +++ b/src/conn-tools/s6-accessrules-cdb-from-fs.c @@ -5,9 +5,10 @@ #include <errno.h> #include <stdlib.h> #include <stdio.h> + #include <skalibs/posixplz.h> #include <skalibs/types.h> -#include <skalibs/cdb_make.h> +#include <skalibs/cdbmake.h> #include <skalibs/strerr2.h> #include <skalibs/stralloc.h> #include <skalibs/env.h> @@ -31,7 +32,7 @@ static void dienomem (void) strerr_diefu1sys(111, "stralloc_catb") ; } -static void doit (struct cdb_make *c, stralloc *sa, size_t start) +static void doit (cdbmaker *c, stralloc *sa, size_t start) { size_t tmpbase = tmp.len ; unsigned int k = sa->len ; @@ -54,10 +55,10 @@ static void doit (struct cdb_make *c, stralloc *sa, size_t start) strerr_diefu2sys(111, "access ", sa->s) ; } else return ; - else if (cdb_make_add(c, sa->s + start, k - start, "D", 1) < 0) + else if (!cdbmake_add(c, sa->s + start, k - start, "D", 1)) { cleanup() ; - strerr_diefu1sys(111, "cdb_make_add") ; + strerr_diefu1sys(111, "cdbmake_add") ; } } else @@ -93,10 +94,10 @@ static void doit (struct cdb_make *c, stralloc *sa, size_t start) if (r > 0) execlen = r ; if (execlen == 4096) strerr_warnw2x("possibly truncated file ", sa->s) ; uint16_pack_big(tmp.s + tmpbase + 3 + envlen, execlen) ; - if (cdb_make_add(c, sa->s + start, k - start, tmp.s + tmpbase, 5 + envlen + execlen) < 0) + if (!cdbmake_add(c, sa->s + start, k - start, tmp.s + tmpbase, 5 + envlen + execlen)) { cleanup() ; - strerr_diefu1sys(111, "cdb_make_add") ; + strerr_diefu1sys(111, "cdbmake_add") ; } } } @@ -104,7 +105,7 @@ static void doit (struct cdb_make *c, stralloc *sa, size_t start) int main (int argc, char const *const *argv) { stralloc sa = STRALLOC_ZERO ; - struct cdb_make c = CDB_MAKE_ZERO ; + cdbmaker c = CDBMAKER_ZERO ; DIR *dir ; size_t start ; int fd ; @@ -116,10 +117,10 @@ int main (int argc, char const *const *argv) stralloc_catb(&tmp, SUFFIX, sizeof(SUFFIX)) ; fd = mkstemp(tmp.s) ; if (fd < 0) strerr_diefu2sys(111, "mkstemp ", tmp.s) ; - if (cdb_make_start(&c, fd) < 0) + if (!cdbmake_start(&c, fd)) { cleanup() ; - strerr_diefu1sys(111, "cdb_make_start") ; + strerr_diefu1sys(111, "cdbmake_start") ; } dir = opendir(argv[2]) ; if (!dir) @@ -173,7 +174,7 @@ int main (int argc, char const *const *argv) strerr_diefu2sys(111, "readdir ", argv[2]) ; } dir_close(dir) ; - if (cdb_make_finish(&c) < 0) + if (!cdbmake_finish(&c)) { cleanup() ; strerr_diefu1sys(111, "cdb_make_finish") ; diff --git a/src/conn-tools/s6-accessrules-fs-from-cdb.c b/src/conn-tools/s6-accessrules-fs-from-cdb.c index 3db1c77..d2cb4af 100644 --- a/src/conn-tools/s6-accessrules-fs-from-cdb.c +++ b/src/conn-tools/s6-accessrules-fs-from-cdb.c @@ -5,6 +5,7 @@ #include <sys/stat.h> #include <errno.h> #include <unistd.h> + #include <skalibs/bytestr.h> #include <skalibs/types.h> #include <skalibs/cdb.h> @@ -51,11 +52,15 @@ static void mkdirp (char *s) static void touchtrunc (char const *file) { int fd = open_trunc(file) ; - if (fd < 0) strerr_diefu2sys(111, "open_trunc ", file) ; + if (fd < 0) + { + cleanup() ; + strerr_diefu2sys(111, "open_trunc ", file) ; + } fd_close(fd) ; } -static int doenv (char const *dir, size_t dirlen, char *env, size_t envlen) +static int doenv (char const *dir, size_t dirlen, char const *env, uint32_t envlen) { mode_t m = umask(0) ; size_t i = 0 ; @@ -78,12 +83,12 @@ static int doenv (char const *dir, size_t dirlen, char *env, size_t envlen) tmp[dirlen + p + 1] = 0 ; if (p < n) { - env[i+n] = '\n' ; - if (!openwritenclose_unsafe(tmp, env + i + p + 1, n - p)) - { - cleanup() ; - strerr_diefu2sys(111, "openwritenclose_unsafe ", tmp) ; - } + struct iovec v[2] = { { .iov_base = (char *)env + i + p + 1, .iov_len = n - p - 1 }, { .iov_base = "\n", .iov_len = 1 } } ; + if (!openwritevnclose_unsafe(tmp, v, 2)) + { + cleanup() ; + strerr_diefu2sys(111, "openwritenclose_unsafe ", tmp) ; + } } else touchtrunc(tmp) ; } @@ -92,48 +97,41 @@ static int doenv (char const *dir, size_t dirlen, char *env, size_t envlen) return 1 ; } -static int doit (struct cdb *c) +static int doit (char const *key, uint32_t klen, char const *data, uint32_t dlen) { - unsigned int klen = cdb_keylen(c) ; - unsigned int dlen = cdb_datalen(c) ; + uint16_t envlen, execlen ; + char name[basedirlen + klen + 8] ; + if (!dlen || (dlen > 8201)) return 0 ; + memcpy(name, basedir, basedirlen) ; + name[basedirlen] = '/' ; + memcpy(name + basedirlen + 1, key, klen) ; + name[basedirlen + klen + 1 + klen] = 0 ; + mkdirp(name) ; + name[basedirlen + klen + 1] = '/' ; + if (data[0] == 'A') + { + memcpy(name + basedirlen + klen + 2, "allow", 6) ; + touchtrunc(name) ; + } + else if (data[0] == 'D') + { + memcpy(name + basedirlen + klen + 2, "deny", 5) ; + touchtrunc(name) ; + } + if (dlen < 3) return 1 ; + uint16_unpack_big(data + 1, &envlen) ; + if ((envlen > 4096U) || (3U + envlen > dlen)) return 0 ; + uint16_unpack_big(data + 3 + envlen, &execlen) ; + if ((execlen > 4096U) || (5U + envlen + execlen != dlen)) return 0 ; + if (envlen) + { + memcpy(name + basedirlen + klen + 2, "env", 4) ; + if (!doenv(name, basedirlen + klen + 5, data + 3, envlen)) return 0 ; + } + if (execlen) { - uint16_t envlen, execlen ; - char name[basedirlen + klen + 8] ; - char data[dlen] ; - memcpy(name, basedir, basedirlen) ; - name[basedirlen] = '/' ; - if (!dlen || (dlen > 8201)) return (errno = EINVAL, 0) ; - if ((cdb_read(c, name+basedirlen+1, klen, cdb_keypos(c)) < 0) - || (cdb_read(c, data, dlen, cdb_datapos(c)) < 0)) - { - cleanup() ; - strerr_diefu1sys(111, "cdb_read") ; - } - name[basedirlen + klen + 1] = 0 ; - mkdirp(name) ; - name[basedirlen + klen + 1] = '/' ; - if (data[0] == 'A') - { - memcpy(name + basedirlen + klen + 2, "allow", 6) ; - touchtrunc(name) ; - } - else if (data[0] == 'D') - { - memcpy(name + basedirlen + klen + 2, "deny", 5) ; - touchtrunc(name) ; - } - if (dlen < 3) return 1 ; - uint16_unpack_big(data + 1, &envlen) ; - if ((envlen > 4096U) || (3U + envlen > dlen)) return (errno = EINVAL, 0) ; - uint16_unpack_big(data + 3 + envlen, &execlen) ; - if ((execlen > 4096U) || (5U + envlen + execlen != dlen)) return (errno = EINVAL, 0) ; - if (envlen) - { - memcpy(name + basedirlen + klen + 2, "env", 4) ; - if (!doenv(name, basedirlen + klen + 5, data + 3, envlen)) return (errno = EINVAL, 0) ; - } memcpy(name + basedirlen + klen + 2, "exec", 5) ; - if (execlen && !openwritenclose_unsafe(name, data + 5 + envlen, execlen)) + if (!openwritenclose_unsafe(name, data + 5 + envlen, execlen)) { cleanup() ; strerr_diefu2sys(111, "openwritenclose_unsafe ", name) ; @@ -144,11 +142,11 @@ static int doit (struct cdb *c) int main (int argc, char const *const *argv) { - struct cdb c = CDB_ZERO ; - uint32_t kpos ; + cdb c = CDB_ZERO ; + uint32_t pos = CDB_TRAVERSE_INIT() ; PROG = "s6-accessrules-fs-from-cdb" ; if (argc < 3) strerr_dieusage(100, USAGE) ; - if (cdb_mapfile(&c, argv[2]) < 0) strerr_diefu1sys(111, "cdb_mapfile") ; + if (!cdb_init(&c, argv[2])) strerr_diefu1sys(111, "cdb_init") ; basedir = argv[1] ; basedirlen = strlen(argv[1]) ; { @@ -157,20 +155,20 @@ int main (int argc, char const *const *argv) strerr_diefu2sys(111, "mkdir ", basedir) ; umask(m) ; } - cdb_traverse_init(&c, &kpos) ; for (;;) { - int r = cdb_nextkey(&c, &kpos) ; + cdb_data key, data ; + int r = cdb_traverse_next(&c, &key, &data, &pos) ; if (r < 0) { cleanup() ; - strerr_diefu1sys(111, "cdb_nextkey") ; + strerr_diefu1x(111, "cdb_traverse_next: invalid cdb") ; } else if (!r) break ; - else if (!doit(&c)) + else if (!doit(key.s, key.len, data.s, data.len)) { cleanup() ; - strerr_diefu1sys(111, "handle key") ; + strerr_diefu3x(111, "handle cdb record: ", argv[2], " does not contain valid accessrules data") ; } } return 0 ; diff --git a/src/conn-tools/s6-ipcserver-access.c b/src/conn-tools/s6-ipcserver-access.c index 0356f60..a5c2bd7 100644 --- a/src/conn-tools/s6-ipcserver-access.c +++ b/src/conn-tools/s6-ipcserver-access.c @@ -75,14 +75,11 @@ static inline void log_deny (pid_t pid, uid_t uid, gid_t gid) static s6_accessrules_result_t check_cdb (uid_t uid, gid_t gid, char const *file, s6_accessrules_params_t *params) { - struct cdb c = CDB_ZERO ; - int fd = open_readb(file) ; + cdb c = CDB_ZERO ; s6_accessrules_result_t r ; - if (fd < 0) return -1 ; - if (cdb_init(&c, fd) < 0) strerr_diefu2sys(111, "cdb_init ", file) ; + if (!cdb_init(&c, file)) strerr_diefu2sys(111, "cdb_init ", file) ; r = s6_accessrules_uidgid_cdb(uid, gid, &c, params) ; cdb_free(&c) ; - fd_close(fd) ; return r ; } |