[SCM] GNU Inetutils branch, master, updated. inetutils-1_9

commit-inetutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-231-g19c96

From:	Mats Erik Andersson
Subject:	[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-231-g19c966e
Date:	Sat, 05 Jan 2013 15:33:55 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Inetutils ".

The branch, master has been updated
       via  19c966ef509931470c379f8e15da511a19bbf8f2 (commit)
      from  7d4833481e9e9fc5998c66fadd666e727b169323 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=19c966ef509931470c379f8e15da511a19bbf8f2


commit 19c966ef509931470c379f8e15da511a19bbf8f2
Author: Mats Erik Andersson <address@hidden>
Date:   Sat Jan 5 16:14:02 2013 +0100

    tftpd: Group setting.

diff --git a/ChangeLog b/ChangeLog
index 3b56f74..ccc45e0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+2013-01-05  Mats Erik Andersson  <address@hidden>
+
+       tftpd: Group setting.
+       A group named `nogroup' is not portable enough,
+       so tidy the chrooting code for robustness.
+
+       * src/tftpd.c (DEFAULT_GROUP): Remove macro.
+       (main): Do not initialize `group'.  Delay code
+       block for chroot set-up until after forking and
+       socket binding.  Separate setgid() from setuid(),
+       and inherit group membership from owner, should
+       no group have been specified.
+
 2013-01-02  Mats Erik Andersson  <address@hidden>
 
        tftpd: Chrooted mode.
diff --git a/doc/inetutils.texi b/doc/inetutils.texi
index b0375f1..e13a5c7 100644
--- a/doc/inetutils.texi
+++ b/doc/inetutils.texi
@@ -3603,8 +3603,9 @@ tftpd address@hidden address@hidden @dots{}]
 @opindex -g
 @opindex --group
 Specify group membership of the process owner.
-This is used only along with the option @option{-s}.
-The default choice is @samp{nogroup}.
+This is used only along with the option @option{-s},
+and replaces the group membership that comes from
+the process owner himself.
 
 @item -l
 @itemx --logging
@@ -3694,7 +3695,7 @@ for a read request, or a write request, to succeed.
 The standard use case is an entry in @file{/etc/inetd.conf} like
 
 @example
-tftp dgram tcp4 wait root nobody /usr/sbin/tftpd \
+tftp dgram udp4 wait root nobody /usr/sbin/tftpd \
 @verb{        } tftpd /tftpboot /altboot
 @end example
 
@@ -3719,7 +3720,7 @@ meaning that the serving process is running in a chrooted 
mode.
 Then a suitable configuration could be
 
 @example
-tftp dgram tcp4 wait root nobody /usr/sbin/tftpd \
+tftp dgram udp4 wait root nobody /usr/sbin/tftpd \
 @verb{        } tftpd --secure-dir=/srv/tftp-root  /tftpboot /altboot
 @end example
 
diff --git a/src/tftpd.c b/src/tftpd.c
index d648733..7f078ee 100644
--- a/src/tftpd.c
+++ b/src/tftpd.c
@@ -102,13 +102,9 @@ static int peer;
 static int rexmtval = TIMEOUT;
 static int maxtimeout = 5 * TIMEOUT;
 static char *chrootdir = NULL;
-static char *group;
+static char *group = NULL;
 static char *user;
 
-#ifndef DEFAULT_GROUP
-# define DEFAULT_GROUP "nogroup"
-#endif
-
 #ifndef DEFAULT_USER
 # define DEFAULT_USER  "nobody"
 #endif
@@ -157,8 +153,7 @@ static struct argp_option options[] = {
 #define GRP 10
   { NULL, 0, NULL, 0, "", GRP},
   { "group", 'g', "GRP", 0,
-    "set group of process owner, used with '-s' and "
-    "defaults to 'nogroup'", GRP+1},
+    "set explicit group of process owner, used with '-s'", GRP+1},
   { "secure-dir", 's', "DIR", 0,
     "change root directory to DIR before searching and "
     "serving content", GRP+1},
@@ -222,7 +217,6 @@ main (int argc, char *argv[])
   int on, n;
   struct sockaddr_storage sin;
 
-  group = xstrdup (DEFAULT_GROUP);
   user = xstrdup (DEFAULT_USER);
 
   set_program_name (argv[0]);
@@ -247,45 +241,6 @@ main (int argc, char *argv[])
        }
     }
 
-  if (chrootdir && *chrootdir)
-    {
-      struct passwd *pwd = NULL;
-      struct group *grp = NULL;
-
-      /* Ignore user and group setting for non-root invokations.  */
-      if (!getuid())
-       {
-         pwd = getpwnam (user);
-         if (!pwd)
-           {
-             syslog (LOG_ERR, "getpwnam('%s'): %m", user);
-             exit (EXIT_FAILURE);
-           }
-
-         grp = getgrnam (group);
-         if (!grp)
-           {
-             syslog (LOG_ERR, "getgrnam('%s'): %m", group);
-             exit (EXIT_FAILURE);
-           }
-       }
-
-      if (chroot (chrootdir) || chdir ("/"))
-       {
-         syslog (LOG_ERR, "chroot('%s'): %m", chrootdir);
-         exit (EXIT_FAILURE);
-       }
-
-      if (pwd && grp)
-       {
-         if (setgid (grp->gr_gid) || setuid (pwd->pw_uid))
-           {
-             syslog (LOG_ERR, "setgid/setuid: %m");
-             exit (EXIT_FAILURE);
-           }
-       }
-    }
-
   on = 1;
   if (ioctl (0, FIONBIO, &on) < 0)
     {
@@ -385,6 +340,69 @@ main (int argc, char *argv[])
       exit (EXIT_FAILURE);
     }
 
+  if (chrootdir && *chrootdir)
+    {
+      struct passwd *pwd = NULL;
+      struct group *grp = NULL;
+
+      /* Ignore user and group setting for non-root invocations.  */
+      if (!getuid())
+       {
+         pwd = getpwnam (user);
+         if (!pwd)
+           {
+             syslog (LOG_ERR, "getpwnam('%s'): %m", user);
+             exit (EXIT_FAILURE);
+           }
+
+         /* Group names are not portable enough to allow
+          * for a preset value.  The server inherits
+          * group membership from owner, in other cases.
+          */
+         if (group && *group)
+           {
+             grp = getgrnam (group);
+             if (!grp)
+               {
+                 syslog (LOG_ERR, "getgrnam('%s'): %m", group);
+                 exit (EXIT_FAILURE);
+               }
+           }
+       }
+
+      if (chroot (chrootdir) || chdir ("/"))
+       {
+         syslog (LOG_ERR, "chroot('%s'): %m", chrootdir);
+         exit (EXIT_FAILURE);
+       }
+
+      if (pwd)
+       {
+         if (grp)
+           {
+             if (setgid (grp->gr_gid))
+               {
+                 syslog (LOG_ERR, "setgid: %m");
+                 exit (EXIT_FAILURE);
+               }
+           }
+         else
+           {
+             if (setgid (pwd->pw_gid))
+               {
+                 syslog (LOG_ERR, "setgid: %m");
+                 exit (EXIT_FAILURE);
+               }
+           }
+
+         if (setuid (pwd->pw_uid))
+           {
+             syslog (LOG_ERR, "setuid: %m");
+             exit (EXIT_FAILURE);
+           }
+       }
+    }
+
   tp = (struct tftphdr *) buf;
   tp->th_opcode = ntohs (tp->th_opcode);
   if (tp->th_opcode == RRQ || tp->th_opcode == WRQ)

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog          |   13 ++++++
 doc/inetutils.texi |    9 ++--
 src/tftpd.c        |  112 ++++++++++++++++++++++++++++++----------------------
 3 files changed, 83 insertions(+), 51 deletions(-)


hooks/post-receive
-- 
GNU Inetutils

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-231-g19c966e, Mats Erik Andersson <=

Prev by Date: [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-230-g7d48334
Next by Date: [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-232-g894c336
Previous by thread: [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-230-g7d48334
Next by thread: [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-232-g894c336
Index(es):
- Date
- Thread