You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2014/01/27 21:41:45 UTC
[15/28] git commit: TS-2425: Update to TS-2261 for loading plugins as
root
TS-2425: Update to TS-2261 for loading plugins as root
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/cd86569e
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/cd86569e
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/cd86569e
Branch: refs/heads/5.0.x
Commit: cd86569e9342829fe72e7a4b6492157fb352fa0b
Parents: 0089777
Author: Bryan Call <bc...@apache.org>
Authored: Thu Jan 23 15:50:14 2014 +0100
Committer: Bryan Call <bc...@apache.org>
Committed: Thu Jan 23 15:50:14 2014 +0100
----------------------------------------------------------------------
CHANGES | 2 +
proxy/Plugin.cc | 34 +++++++--------
proxy/http/remap/RemapConfig.cc | 85 +++++++++++++++++-------------------
proxy/http/remap/UrlMapping.cc | 7 +--
4 files changed, 59 insertions(+), 69 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/cd86569e/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 0140b40..e795406 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
-*- coding: utf-8 -*-
Changes with Apache Traffic Server 4.2.0
+ *) [TS-2425] Update to TS-2261 for loading plugins as root
+
*) [TS-2505] Add traffic_line --offline option.
*) [TS-2305] Fall back to ftruncate if posix_fallocate fails.
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/cd86569e/proxy/Plugin.cc
----------------------------------------------------------------------
diff --git a/proxy/Plugin.cc b/proxy/Plugin.cc
index 56e2a68..0d315b6 100644
--- a/proxy/Plugin.cc
+++ b/proxy/Plugin.cc
@@ -111,29 +111,29 @@ plugin_load(int argc, char *argv[])
}
plugin_reg_temp = (plugin_reg_temp->link).next;
}
-
- handle = dll_open(path);
- if (!handle) {
- Fatal("unable to load '%s': %s", path, dll_error(handle));
- }
-
- // Allocate a new registration structure for the
- // plugin we're starting up
- ink_assert(plugin_reg_current == NULL);
- plugin_reg_current = new PluginRegInfo;
- plugin_reg_current->plugin_path = ats_strdup(path);
-
- init = (init_func_t) dll_findsym(handle, "TSPluginInit");
- if (!init) {
- Fatal("unable to find TSPluginInit function '%s': %s", path, dll_error(handle));
- }
-
// elevate the access to read files as root if compiled with capabilities, if not
// change the effective user to root
{
uint32_t elevate_access = 0;
REC_ReadConfigInteger(elevate_access, "proxy.config.plugin.load_elevated");
ElevateAccess access(elevate_access != 0);
+
+ handle = dll_open(path);
+ if (!handle) {
+ Fatal("unable to load '%s': %s", path, dll_error(handle));
+ }
+
+ // Allocate a new registration structure for the
+ // plugin we're starting up
+ ink_assert(plugin_reg_current == NULL);
+ plugin_reg_current = new PluginRegInfo;
+ plugin_reg_current->plugin_path = ats_strdup(path);
+
+ init = (init_func_t) dll_findsym(handle, "TSPluginInit");
+ if (!init) {
+ Fatal("unable to find TSPluginInit function '%s': %s", path, dll_error(handle));
+ }
+
init(argc, argv);
} // done elevating access
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/cd86569e/proxy/http/remap/RemapConfig.cc
----------------------------------------------------------------------
diff --git a/proxy/http/remap/RemapConfig.cc b/proxy/http/remap/RemapConfig.cc
index bc4a16b..787fbb0 100644
--- a/proxy/http/remap/RemapConfig.cc
+++ b/proxy/http/remap/RemapConfig.cc
@@ -663,44 +663,6 @@ remap_load_plugin(const char ** argv, int argc, url_mapping *mp, char *errbuf, i
}
Debug("remap_plugin", "New remap plugin info created for \"%s\"", c);
- if ((pi->dlh = dlopen(c, RTLD_NOW)) == NULL) {
-#if defined(freebsd) || defined(openbsd)
- err = (char *)dlerror();
-#else
- err = dlerror();
-#endif
- snprintf(errbuf, errbufsize, "Can't load plugin \"%s\" - %s", c, err ? err : "Unknown dlopen() error");
- return -4;
- }
- pi->fp_tsremap_init = (remap_plugin_info::_tsremap_init *) dlsym(pi->dlh, TSREMAP_FUNCNAME_INIT);
- pi->fp_tsremap_done = (remap_plugin_info::_tsremap_done *) dlsym(pi->dlh, TSREMAP_FUNCNAME_DONE);
- pi->fp_tsremap_new_instance = (remap_plugin_info::_tsremap_new_instance *) dlsym(pi->dlh, TSREMAP_FUNCNAME_NEW_INSTANCE);
- pi->fp_tsremap_delete_instance = (remap_plugin_info::_tsremap_delete_instance *) dlsym(pi->dlh, TSREMAP_FUNCNAME_DELETE_INSTANCE);
- pi->fp_tsremap_do_remap = (remap_plugin_info::_tsremap_do_remap *) dlsym(pi->dlh, TSREMAP_FUNCNAME_DO_REMAP);
- pi->fp_tsremap_os_response = (remap_plugin_info::_tsremap_os_response *) dlsym(pi->dlh, TSREMAP_FUNCNAME_OS_RESPONSE);
-
- if (!pi->fp_tsremap_init) {
- snprintf(errbuf, errbufsize, "Can't find \"%s\" function in remap plugin \"%s\"", TSREMAP_FUNCNAME_INIT, c);
- retcode = -10;
- } else if (!pi->fp_tsremap_new_instance) {
- snprintf(errbuf, errbufsize, "Can't find \"%s\" function in remap plugin \"%s\"",
- TSREMAP_FUNCNAME_NEW_INSTANCE, c);
- retcode = -11;
- } else if (!pi->fp_tsremap_do_remap) {
- snprintf(errbuf, errbufsize, "Can't find \"%s\" function in remap plugin \"%s\"", TSREMAP_FUNCNAME_DO_REMAP, c);
- retcode = -12;
- }
- if (retcode) {
- if (errbuf && errbufsize > 0)
- Debug("remap_plugin", "%s", errbuf);
- dlclose(pi->dlh);
- pi->dlh = NULL;
- return retcode;
- }
- memset(&ri, 0, sizeof(ri));
- ri.size = sizeof(ri);
- ri.tsremap_version = TSREMAP_VERSION;
-
// elevate the access to read files as root if compiled with capabilities, if not
// change the effective user to root
{
@@ -708,6 +670,44 @@ remap_load_plugin(const char ** argv, int argc, url_mapping *mp, char *errbuf, i
REC_ReadConfigInteger(elevate_access, "proxy.config.plugin.load_elevated");
ElevateAccess access(elevate_access != 0);
+ if ((pi->dlh = dlopen(c, RTLD_NOW)) == NULL) {
+#if defined(freebsd) || defined(openbsd)
+ err = (char *)dlerror();
+#else
+ err = dlerror();
+#endif
+ snprintf(errbuf, errbufsize, "Can't load plugin \"%s\" - %s", c, err ? err : "Unknown dlopen() error");
+ return -4;
+ }
+ pi->fp_tsremap_init = (remap_plugin_info::_tsremap_init *) dlsym(pi->dlh, TSREMAP_FUNCNAME_INIT);
+ pi->fp_tsremap_done = (remap_plugin_info::_tsremap_done *) dlsym(pi->dlh, TSREMAP_FUNCNAME_DONE);
+ pi->fp_tsremap_new_instance = (remap_plugin_info::_tsremap_new_instance *) dlsym(pi->dlh, TSREMAP_FUNCNAME_NEW_INSTANCE);
+ pi->fp_tsremap_delete_instance = (remap_plugin_info::_tsremap_delete_instance *) dlsym(pi->dlh, TSREMAP_FUNCNAME_DELETE_INSTANCE);
+ pi->fp_tsremap_do_remap = (remap_plugin_info::_tsremap_do_remap *) dlsym(pi->dlh, TSREMAP_FUNCNAME_DO_REMAP);
+ pi->fp_tsremap_os_response = (remap_plugin_info::_tsremap_os_response *) dlsym(pi->dlh, TSREMAP_FUNCNAME_OS_RESPONSE);
+
+ if (!pi->fp_tsremap_init) {
+ snprintf(errbuf, errbufsize, "Can't find \"%s\" function in remap plugin \"%s\"", TSREMAP_FUNCNAME_INIT, c);
+ retcode = -10;
+ } else if (!pi->fp_tsremap_new_instance) {
+ snprintf(errbuf, errbufsize, "Can't find \"%s\" function in remap plugin \"%s\"",
+ TSREMAP_FUNCNAME_NEW_INSTANCE, c);
+ retcode = -11;
+ } else if (!pi->fp_tsremap_do_remap) {
+ snprintf(errbuf, errbufsize, "Can't find \"%s\" function in remap plugin \"%s\"", TSREMAP_FUNCNAME_DO_REMAP, c);
+ retcode = -12;
+ }
+ if (retcode) {
+ if (errbuf && errbufsize > 0)
+ Debug("remap_plugin", "%s", errbuf);
+ dlclose(pi->dlh);
+ pi->dlh = NULL;
+ return retcode;
+ }
+ memset(&ri, 0, sizeof(ri));
+ ri.size = sizeof(ri);
+ ri.tsremap_version = TSREMAP_VERSION;
+
if (pi->fp_tsremap_init(&ri, tmpbuf, sizeof(tmpbuf) - 1) != TS_SUCCESS) {
Warning("Failed to initialize plugin %s (non-zero retval) ... bailing out", pi->path);
return -5;
@@ -768,14 +768,7 @@ remap_load_plugin(const char ** argv, int argc, url_mapping *mp, char *errbuf, i
Debug("remap_plugin", "creating new plugin instance");
TSReturnCode res = TS_ERROR;
- // elevate the access to read files as root if compiled with capabilities, if not
- // change the effective user to root
- {
- uint32_t elevate_access = 0;
- REC_ReadConfigInteger(elevate_access, "proxy.config.plugin.load_elevated");
- ElevateAccess access(elevate_access != 0);
- res = pi->fp_tsremap_new_instance(parc, parv, &ih, tmpbuf, sizeof(tmpbuf) - 1);
- } // done elevating access
+ res = pi->fp_tsremap_new_instance(parc, parv, &ih, tmpbuf, sizeof(tmpbuf) - 1);
Debug("remap_plugin", "done creating new plugin instance");
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/cd86569e/proxy/http/remap/UrlMapping.cc
----------------------------------------------------------------------
diff --git a/proxy/http/remap/UrlMapping.cc b/proxy/http/remap/UrlMapping.cc
index d5b00d1..58739c1 100644
--- a/proxy/http/remap/UrlMapping.cc
+++ b/proxy/http/remap/UrlMapping.cc
@@ -79,13 +79,8 @@ url_mapping::delete_instance(unsigned int index)
remap_plugin_info* p = get_plugin(index);
if (ih && p && p->fp_tsremap_delete_instance) {
- // elevate the access to read files as root if compiled with capabilities, if not
- // change the effective user to root
- uint32_t elevate_access = 0;
- REC_ReadConfigInteger(elevate_access, "proxy.config.plugin.load_elevated");
- ElevateAccess access(elevate_access != 0);
p->fp_tsremap_delete_instance(ih);
- } // done elevating access
+ }
}