You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2014/01/27 21:41:45 UTC

[15/28] git commit: TS-2425: Update to TS-2261 for loading plugins as root

TS-2425: Update to TS-2261 for loading plugins as root


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/cd86569e
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/cd86569e
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/cd86569e

Branch: refs/heads/5.0.x
Commit: cd86569e9342829fe72e7a4b6492157fb352fa0b
Parents: 0089777
Author: Bryan Call <bc...@apache.org>
Authored: Thu Jan 23 15:50:14 2014 +0100
Committer: Bryan Call <bc...@apache.org>
Committed: Thu Jan 23 15:50:14 2014 +0100

----------------------------------------------------------------------
 CHANGES                         |  2 +
 proxy/Plugin.cc                 | 34 +++++++--------
 proxy/http/remap/RemapConfig.cc | 85 +++++++++++++++++-------------------
 proxy/http/remap/UrlMapping.cc  |  7 +--
 4 files changed, 59 insertions(+), 69 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/cd86569e/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 0140b40..e795406 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache Traffic Server 4.2.0
 
+  *) [TS-2425] Update to TS-2261 for loading plugins as root
+
   *) [TS-2505] Add traffic_line --offline option.
 
   *) [TS-2305] Fall back to ftruncate if posix_fallocate fails.

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/cd86569e/proxy/Plugin.cc
----------------------------------------------------------------------
diff --git a/proxy/Plugin.cc b/proxy/Plugin.cc
index 56e2a68..0d315b6 100644
--- a/proxy/Plugin.cc
+++ b/proxy/Plugin.cc
@@ -111,29 +111,29 @@ plugin_load(int argc, char *argv[])
     }
     plugin_reg_temp = (plugin_reg_temp->link).next;
   }
-
-  handle = dll_open(path);
-  if (!handle) {
-    Fatal("unable to load '%s': %s", path, dll_error(handle));
-  }
-
-  // Allocate a new registration structure for the
-  //    plugin we're starting up
-  ink_assert(plugin_reg_current == NULL);
-  plugin_reg_current = new PluginRegInfo;
-  plugin_reg_current->plugin_path = ats_strdup(path);
-
-  init = (init_func_t) dll_findsym(handle, "TSPluginInit");
-  if (!init) {
-    Fatal("unable to find TSPluginInit function '%s': %s", path, dll_error(handle));
-  }
-
   // elevate the access to read files as root if compiled with capabilities, if not
   // change the effective user to root
   {
     uint32_t elevate_access = 0;
     REC_ReadConfigInteger(elevate_access, "proxy.config.plugin.load_elevated");
     ElevateAccess access(elevate_access != 0);
+
+    handle = dll_open(path);
+    if (!handle) {
+      Fatal("unable to load '%s': %s", path, dll_error(handle));
+    }
+
+    // Allocate a new registration structure for the
+    //    plugin we're starting up
+    ink_assert(plugin_reg_current == NULL);
+    plugin_reg_current = new PluginRegInfo;
+    plugin_reg_current->plugin_path = ats_strdup(path);
+
+    init = (init_func_t) dll_findsym(handle, "TSPluginInit");
+    if (!init) {
+      Fatal("unable to find TSPluginInit function '%s': %s", path, dll_error(handle));
+    }
+
     init(argc, argv);
   } // done elevating access
 

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/cd86569e/proxy/http/remap/RemapConfig.cc
----------------------------------------------------------------------
diff --git a/proxy/http/remap/RemapConfig.cc b/proxy/http/remap/RemapConfig.cc
index bc4a16b..787fbb0 100644
--- a/proxy/http/remap/RemapConfig.cc
+++ b/proxy/http/remap/RemapConfig.cc
@@ -663,44 +663,6 @@ remap_load_plugin(const char ** argv, int argc, url_mapping *mp, char *errbuf, i
     }
     Debug("remap_plugin", "New remap plugin info created for \"%s\"", c);
 
-    if ((pi->dlh = dlopen(c, RTLD_NOW)) == NULL) {
-#if defined(freebsd) || defined(openbsd)
-      err = (char *)dlerror();
-#else
-      err = dlerror();
-#endif
-      snprintf(errbuf, errbufsize, "Can't load plugin \"%s\" - %s", c, err ? err : "Unknown dlopen() error");
-      return -4;
-    }
-    pi->fp_tsremap_init = (remap_plugin_info::_tsremap_init *) dlsym(pi->dlh, TSREMAP_FUNCNAME_INIT);
-    pi->fp_tsremap_done = (remap_plugin_info::_tsremap_done *) dlsym(pi->dlh, TSREMAP_FUNCNAME_DONE);
-    pi->fp_tsremap_new_instance = (remap_plugin_info::_tsremap_new_instance *) dlsym(pi->dlh, TSREMAP_FUNCNAME_NEW_INSTANCE);
-    pi->fp_tsremap_delete_instance = (remap_plugin_info::_tsremap_delete_instance *) dlsym(pi->dlh, TSREMAP_FUNCNAME_DELETE_INSTANCE);
-    pi->fp_tsremap_do_remap = (remap_plugin_info::_tsremap_do_remap *) dlsym(pi->dlh, TSREMAP_FUNCNAME_DO_REMAP);
-    pi->fp_tsremap_os_response = (remap_plugin_info::_tsremap_os_response *) dlsym(pi->dlh, TSREMAP_FUNCNAME_OS_RESPONSE);
-
-    if (!pi->fp_tsremap_init) {
-      snprintf(errbuf, errbufsize, "Can't find \"%s\" function in remap plugin \"%s\"", TSREMAP_FUNCNAME_INIT, c);
-      retcode = -10;
-    } else if (!pi->fp_tsremap_new_instance) {
-      snprintf(errbuf, errbufsize, "Can't find \"%s\" function in remap plugin \"%s\"",
-                   TSREMAP_FUNCNAME_NEW_INSTANCE, c);
-      retcode = -11;
-    } else if (!pi->fp_tsremap_do_remap) {
-      snprintf(errbuf, errbufsize, "Can't find \"%s\" function in remap plugin \"%s\"", TSREMAP_FUNCNAME_DO_REMAP, c);
-      retcode = -12;
-    }
-    if (retcode) {
-      if (errbuf && errbufsize > 0)
-        Debug("remap_plugin", "%s", errbuf);
-      dlclose(pi->dlh);
-      pi->dlh = NULL;
-      return retcode;
-    }
-    memset(&ri, 0, sizeof(ri));
-    ri.size = sizeof(ri);
-    ri.tsremap_version = TSREMAP_VERSION;
-
     // elevate the access to read files as root if compiled with capabilities, if not
     // change the effective user to root
     {
@@ -708,6 +670,44 @@ remap_load_plugin(const char ** argv, int argc, url_mapping *mp, char *errbuf, i
       REC_ReadConfigInteger(elevate_access, "proxy.config.plugin.load_elevated");
       ElevateAccess access(elevate_access != 0);
 
+      if ((pi->dlh = dlopen(c, RTLD_NOW)) == NULL) {
+#if defined(freebsd) || defined(openbsd)
+        err = (char *)dlerror();
+#else
+        err = dlerror();
+#endif
+        snprintf(errbuf, errbufsize, "Can't load plugin \"%s\" - %s", c, err ? err : "Unknown dlopen() error");
+        return -4;
+      }
+      pi->fp_tsremap_init = (remap_plugin_info::_tsremap_init *) dlsym(pi->dlh, TSREMAP_FUNCNAME_INIT);
+      pi->fp_tsremap_done = (remap_plugin_info::_tsremap_done *) dlsym(pi->dlh, TSREMAP_FUNCNAME_DONE);
+      pi->fp_tsremap_new_instance = (remap_plugin_info::_tsremap_new_instance *) dlsym(pi->dlh, TSREMAP_FUNCNAME_NEW_INSTANCE);
+      pi->fp_tsremap_delete_instance = (remap_plugin_info::_tsremap_delete_instance *) dlsym(pi->dlh, TSREMAP_FUNCNAME_DELETE_INSTANCE);
+      pi->fp_tsremap_do_remap = (remap_plugin_info::_tsremap_do_remap *) dlsym(pi->dlh, TSREMAP_FUNCNAME_DO_REMAP);
+      pi->fp_tsremap_os_response = (remap_plugin_info::_tsremap_os_response *) dlsym(pi->dlh, TSREMAP_FUNCNAME_OS_RESPONSE);
+
+      if (!pi->fp_tsremap_init) {
+        snprintf(errbuf, errbufsize, "Can't find \"%s\" function in remap plugin \"%s\"", TSREMAP_FUNCNAME_INIT, c);
+        retcode = -10;
+      } else if (!pi->fp_tsremap_new_instance) {
+        snprintf(errbuf, errbufsize, "Can't find \"%s\" function in remap plugin \"%s\"",
+            TSREMAP_FUNCNAME_NEW_INSTANCE, c);
+        retcode = -11;
+      } else if (!pi->fp_tsremap_do_remap) {
+        snprintf(errbuf, errbufsize, "Can't find \"%s\" function in remap plugin \"%s\"", TSREMAP_FUNCNAME_DO_REMAP, c);
+        retcode = -12;
+      }
+      if (retcode) {
+        if (errbuf && errbufsize > 0)
+          Debug("remap_plugin", "%s", errbuf);
+        dlclose(pi->dlh);
+        pi->dlh = NULL;
+        return retcode;
+      }
+      memset(&ri, 0, sizeof(ri));
+      ri.size = sizeof(ri);
+      ri.tsremap_version = TSREMAP_VERSION;
+
       if (pi->fp_tsremap_init(&ri, tmpbuf, sizeof(tmpbuf) - 1) != TS_SUCCESS) {
         Warning("Failed to initialize plugin %s (non-zero retval) ... bailing out", pi->path);
         return -5;
@@ -768,14 +768,7 @@ remap_load_plugin(const char ** argv, int argc, url_mapping *mp, char *errbuf, i
   Debug("remap_plugin", "creating new plugin instance");
 
   TSReturnCode res = TS_ERROR;
-  // elevate the access to read files as root if compiled with capabilities, if not
-  // change the effective user to root
-  {
-    uint32_t elevate_access = 0;
-    REC_ReadConfigInteger(elevate_access, "proxy.config.plugin.load_elevated");
-    ElevateAccess access(elevate_access != 0);
-    res = pi->fp_tsremap_new_instance(parc, parv, &ih, tmpbuf, sizeof(tmpbuf) - 1);
-  } // done elevating access
+  res = pi->fp_tsremap_new_instance(parc, parv, &ih, tmpbuf, sizeof(tmpbuf) - 1);
 
   Debug("remap_plugin", "done creating new plugin instance");
 

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/cd86569e/proxy/http/remap/UrlMapping.cc
----------------------------------------------------------------------
diff --git a/proxy/http/remap/UrlMapping.cc b/proxy/http/remap/UrlMapping.cc
index d5b00d1..58739c1 100644
--- a/proxy/http/remap/UrlMapping.cc
+++ b/proxy/http/remap/UrlMapping.cc
@@ -79,13 +79,8 @@ url_mapping::delete_instance(unsigned int index)
   remap_plugin_info* p = get_plugin(index);
 
   if (ih && p && p->fp_tsremap_delete_instance) {
-    // elevate the access to read files as root if compiled with capabilities, if not
-    // change the effective user to root
-    uint32_t elevate_access = 0;
-    REC_ReadConfigInteger(elevate_access, "proxy.config.plugin.load_elevated");
-    ElevateAccess access(elevate_access != 0);
     p->fp_tsremap_delete_instance(ih);
-  } // done elevating access
+  }
 }