You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by am...@apache.org on 2011/07/18 22:52:44 UTC

svn commit: r1148048 - in /trafficserver/traffic/trunk: lib/tsconfig/TsValue.cc mgmt/Main.cc proxy/Main.cc

Author: amc
Date: Mon Jul 18 20:52:43 2011
New Revision: 1148048

URL: http://svn.apache.org/viewvc?rev=1148048&view=rev
Log:
TS-804 - libcap required when running standalone.

Modified:
    trafficserver/traffic/trunk/lib/tsconfig/TsValue.cc
    trafficserver/traffic/trunk/mgmt/Main.cc
    trafficserver/traffic/trunk/proxy/Main.cc

Modified: trafficserver/traffic/trunk/lib/tsconfig/TsValue.cc
URL: http://svn.apache.org/viewvc/trafficserver/traffic/trunk/lib/tsconfig/TsValue.cc?rev=1148048&r1=1148047&r2=1148048&view=diff
==============================================================================
--- trafficserver/traffic/trunk/lib/tsconfig/TsValue.cc (original)
+++ trafficserver/traffic/trunk/lib/tsconfig/TsValue.cc Mon Jul 18 20:52:43 2011
@@ -26,7 +26,8 @@
 
 # include <TsErrataUtil.h>
 # include <sys/stat.h>
-# include <malloc.h>
+# include <stdio.h>
+# include <stdlib.h>
 
 # if !defined(_MSC_VER)
 # define _fileno fileno

Modified: trafficserver/traffic/trunk/mgmt/Main.cc
URL: http://svn.apache.org/viewvc/trafficserver/traffic/trunk/mgmt/Main.cc?rev=1148048&r1=1148047&r2=1148048&view=diff
==============================================================================
--- trafficserver/traffic/trunk/mgmt/Main.cc (original)
+++ trafficserver/traffic/trunk/mgmt/Main.cc Mon Jul 18 20:52:43 2011
@@ -1225,7 +1225,11 @@ restoreCapabilities() {
   int zret = 0; // return value.
   cap_t cap_set = cap_get_proc(); // current capabilities
   // Make a list of the capabilities we want turned on.
-  cap_value_t cap_list[] = { CAP_NET_ADMIN, CAP_NET_BIND_SERVICE, CAP_IPC_LOCK };
+  cap_value_t cap_list[] = {
+    CAP_NET_ADMIN, ///< Set socket transparency.
+    CAP_NET_BIND_SERVICE, ///< Low port (e.g. 80) binding.
+    CAP_IPC_LOCK ///< Lock IPC objects.
+  };
   static int const CAP_COUNT = sizeof(cap_list)/sizeof(*cap_list);
 
   cap_set_flag(cap_set, CAP_EFFECTIVE, CAP_COUNT, cap_list, CAP_SET);
@@ -1308,7 +1312,7 @@ runAsUser(char *userName)
     }
 
 #if TS_USE_POSIX_CAP
-    if (restoreCapabilities()) {
+    if (0 != restoreCapabilities()) {
       mgmt_elog(stderr, "[runAsUser] Error: Failed to restore capabilities after switch to user %s.\n", userName);
     }
 #endif

Modified: trafficserver/traffic/trunk/proxy/Main.cc
URL: http://svn.apache.org/viewvc/trafficserver/traffic/trunk/proxy/Main.cc?rev=1148048&r1=1148047&r2=1148048&view=diff
==============================================================================
--- trafficserver/traffic/trunk/proxy/Main.cc (original)
+++ trafficserver/traffic/trunk/proxy/Main.cc Mon Jul 18 20:52:43 2011
@@ -1556,6 +1556,7 @@ main(int argc, char **argv)
 #if TS_HAS_PROFILER
   ProfilerStart("/tmp/ts.prof");
 #endif
+  bool found_admin_user = false;
 
   NOWARN_UNUSED(argc);
 
@@ -1634,24 +1635,31 @@ main(int argc, char **argv)
   if (!num_task_threads)
     TS_ReadConfigInteger(num_task_threads, "proxy.config.task_threads");
 
-  // change the user of the process
-  // do this before we start threads so we control the user id of the
-  // threads (rather than have it change asynchronously during thread
-  // execution). We also need to do this before we fiddle with capabilities
-  // as those are thread local and if we change the user id it will
-  // modified the capabilities in other threads, breaking things.
   const long max_login =  sysconf(_SC_LOGIN_NAME_MAX) <= 0 ? _POSIX_LOGIN_NAME_MAX :  sysconf(_SC_LOGIN_NAME_MAX);
   char *user = (char *)xmalloc(max_login);
   *user = '\0';
-  if ((TS_ReadConfigString(user, "proxy.config.admin.user_id",
-                           max_login) == REC_ERR_OKAY) &&
-                           user[0] != '\0' &&
-                           strcmp(user, "#-1")) {
+  found_admin_user = 
+    (REC_ERR_OKAY ==
+      TS_ReadConfigString(user, "proxy.config.admin.user_id", max_login)
+    )
+    && user[0] != '\0'
+    && 0 != strcmp(user, "#-1")
+    ;
+
+# if TS_USE_POSIX_CAPS
+  // Change the user of the process.
+  // Do this before we start threads so we control the user id of the
+  // threads (rather than have it change asynchronously during thread
+  // execution). We also need to do this before we fiddle with capabilities
+  // as those are thread local and if we change the user id it will
+  // modify the capabilities in other threads, breaking things.
+  if (found_admin_user) {
     PreserveCapabilities();
     change_uid_gid(user);
     RestrictCapabilities();
     xfree(user);
   }
+# endif
 
   // Can't generate a log message yet, do that right after Diags is
   // setup.
@@ -1955,6 +1963,13 @@ main(int argc, char **argv)
     run_AutoStop();
   }
 
+# if ! TS_USE_POSIX_CAP
+  if (found_admin_user) {
+    change_uid_gid(user);
+    xfree(user);
+  }
+# endif
+
   this_thread()->execute();
 }