Skip to content
Commits on Source (2)
Hide whitespace changes
Inline Side-by-side
debian/changelog
View file @ bfdaa1bd
nuxwdog (1.0.3-4) unstable; urgency=medium
* patches: Add two patches for setting the uid and handling longer
conf line length.
-- Timo Aaltonen <tjaalton@debian.org> Thu, 08 Feb 2018 17:11:17 +0200
nuxwdog (1.0.3-3) unstable; urgency=medium
* Install the jni lib in /usr/lib/jni, not in a multiarch path.
......
debian/patches/add-parameter-to-set-uid.diff 0 → 100644
View file @ bfdaa1bd
commit 3d7adfbe0788f33a67c3ed65e12ba9d32074a674
Author: Ade Lee <alee@redhat.com>
Date: Mon Jan 15 15:25:36 2018 -0500
Add parameter to set the uid of the invoked process
diff --git a/src/com/redhat/nuxwdog/watchdog.cpp b/src/com/redhat/nuxwdog/watchdog.cpp
index a4d6a77..36b13e4 100644
--- a/src/com/redhat/nuxwdog/watchdog.cpp
+++ b/src/com/redhat/nuxwdog/watchdog.cpp
@@ -33,6 +33,7 @@
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
+#include <cerrno>
#include <signal.h>
#include <fcntl.h>
#include <pwd.h>
@@ -280,7 +281,7 @@ watchdog_exit(int status)
int
_watchdog_exec(int server_starts, char *server_exe, char *args[],
- char * envp[], int *spid)
+ char * envp[], int *spid, int uid)
{
int server_background = 0;
char *server_out = NULL;
@@ -412,6 +413,14 @@ _watchdog_exec(int server_starts, char *server_exe, char *args[],
free(server_context);
}
+ if (uid >= 0) {
+ rv = setuid(uid);
+ if (rv != 0) {
+ watchdog_error("unable to setuid");
+ watchdog_exit(1);
+ }
+ }
+
rv = execv(server_exe, args);
if (rv < 0) {
watchdog_error("could not execute server binary");
@@ -757,10 +766,12 @@ int main(int argc, char **argv, char **envp)
int ver=0;
int server_starts;
int server_stat;
+ int uid=-1;
char *server_exe = NULL;
char *server_args = NULL;
char *conffile = NULL;
char *pch;
+ char *user = NULL;
char *args[100];
struct stat statbuf;
UDS_NAME[0]=0;
@@ -833,6 +844,11 @@ int main(int argc, char **argv, char **envp)
watchdog_exit(1);
}
+ /* user */
+ if (confinfo->user) {
+ user = strdup(confinfo->user);
+ }
+
if (detach) {
parent_watchdog_create_signal_handlers();
@@ -883,6 +899,22 @@ int main(int argc, char **argv, char **envp)
watchdog_exit(1);
}
+ if (user != NULL) {
+ struct passwd *pw = getpwnam(user);
+ if (pw == NULL) {
+ sprintf(errmsgstr, "user %s does not exist", user);
+ watchdog_error(errmsgstr);
+ watchdog_exit(1);
+ }
+
+ if (chown(UDS_NAME, pw->pw_uid, pw->pw_gid) != 0) {
+ sprintf(errmsgstr, "chown failed errno %d %s", errno, strerror(errno));
+ watchdog_error(errmsgstr);
+ watchdog_exit(1);
+ }
+ uid = pw->pw_uid;
+ }
+
for (server_starts = 0;; ++server_starts) {
_watchdog_death = 0;
@@ -895,7 +927,7 @@ int main(int argc, char **argv, char **envp)
watchdog_create_signal_handlers();
- rv = _watchdog_exec(server_starts, server_exe, args, envp, &server_pid);
+ rv = _watchdog_exec(server_starts, server_exe, args, envp, &server_pid, uid);
if (server_pid < 0) {
// exec failed: kill parent if it's still waiting
diff --git a/src/com/redhat/nuxwdog/wdconf.cpp b/src/com/redhat/nuxwdog/wdconf.cpp
index 95603c9..2d50575 100644
--- a/src/com/redhat/nuxwdog/wdconf.cpp
+++ b/src/com/redhat/nuxwdog/wdconf.cpp
@@ -158,6 +158,9 @@ _watchdog_parse_conffile(char *conffile,
if (!strcasecmp(name, "ChildSecurity")) {
info->childSecurity = atoi(value);
}
+ if (!strcasecmp(name, "User")) {
+ info->user = strdup(value);
+ }
if (line != NULL) {
free(line);
line = NULL;
@@ -227,5 +230,9 @@ watchdog_confinfo_free(watchdog_conf_info_t *info)
free(info->childPidFile);
}
+ if (info->user) {
+ free(info->user);
+ }
+
free(info);
}
diff --git a/src/com/redhat/nuxwdog/wdconf.h b/src/com/redhat/nuxwdog/wdconf.h
index bb2e7b1..94f02e3 100644
--- a/src/com/redhat/nuxwdog/wdconf.h
+++ b/src/com/redhat/nuxwdog/wdconf.h
@@ -36,7 +36,8 @@ typedef struct watchdog_conf_info_t {
char *exeContext; /* selinux type context */
char *pidFile; /* pidFile */
char *childPidFile; /* child pid file */
- int childSecurity; /* enforce child security */
+ int childSecurity; /* enforce child security */
+ char *user; /* user to execute the process as */
} watchdog_conf_info_t;
watchdog_conf_info_t *watchdog_parse(char *conf_file);
debian/patches/allow-unlimited-conf-line-length.diff 0 → 100644
View file @ bfdaa1bd
commit f4b47d21560fd57c7d2e326ebfae66f42b66864f
Author: Ade Lee <alee@redhat.com>
Date: Mon Oct 30 22:47:15 2017 -0400
Allow unlimited conf line length
Errors occurred because the line length was being truncated,
especially for long lines like JVM args. Now the line length
will be allocated correctly.
Change-Id: I77553817931883e05180a1082d45a20e3a6afe4c
diff --git a/src/com/redhat/nuxwdog/wdconf.cpp b/src/com/redhat/nuxwdog/wdconf.cpp
index 086bc5a..95603c9 100644
--- a/src/com/redhat/nuxwdog/wdconf.cpp
+++ b/src/com/redhat/nuxwdog/wdconf.cpp
@@ -29,24 +29,23 @@
#include "wdconf.h"
#include "wdlog.h"
-#define MAX_CONF_LINE_LENGTH 1024
+#define CHUNK 1024
/* Read config file line like util_getline() */
-static int _watchdog_readconf_line(char *line, int maxlen, FILE *file)
+static char * _watchdog_readconf_line(FILE *file)
{
int len = 0;
int nlseen = 0;
- int src;
- int dst;
- char *bufp = line;
+ int src = 0;
+ int dst = 0;
+ char bufp[CHUNK];
- if (feof(file)) {
- return -1;
- }
+ char *line = (char *) malloc(1);
+ line[0] = '\0';
- while (!nlseen && (len < maxlen - 1)) {
+ while (!nlseen && !feof(file)) {
- if (!fgets(bufp, maxlen - len, file))
+ if (!fgets(bufp, CHUNK, file))
break;
/* Scan what was just read */
@@ -68,26 +67,31 @@ static int _watchdog_readconf_line(char *line, int maxlen, FILE *file)
++dst;
}
}
+ bufp[dst] = '\0';
if (dst > 0) {
/* Check for continuation */
if (nlseen && (bufp[dst-1] == '\\')) {
+ bufp[dst-1] = '\0';
dst -= 1;
nlseen = 0;
}
len += dst;
- bufp += dst;
+
+ line = (char *) realloc(line, len+1);
+ strcat(line, bufp);
}
}
if ((len <= 0) && !nlseen) {
- return -1;
+ if (line) {
+ free(line);
+ }
+ return NULL;
}
- line[len] = '\0';
-
- return len;
+ return line;
}
static int
@@ -95,8 +99,7 @@ _watchdog_parse_conffile(char *conffile,
watchdog_conf_info_t *info)
{
FILE *cfile;
- char line[MAX_CONF_LINE_LENGTH];
- char *name, *value;
+ char *line, *name, *value;
int len;
cfile = fopen(conffile, "r");
@@ -110,7 +113,8 @@ _watchdog_parse_conffile(char *conffile,
return -1;
}
- while ((len = _watchdog_readconf_line(line, MAX_CONF_LINE_LENGTH, cfile)) >= 0) {
+ while ((line = _watchdog_readconf_line(cfile)) != NULL) {
+ len = strlen(line);
name = line;
if ((*name) == '#')
continue;
@@ -154,10 +158,13 @@ _watchdog_parse_conffile(char *conffile,
if (!strcasecmp(name, "ChildSecurity")) {
info->childSecurity = atoi(value);
}
+ if (line != NULL) {
+ free(line);
+ line = NULL;
+ }
}
fclose(cfile);
-
return 0;
}
debian/patches/series
View file @ bfdaa1bd
fix-javac-path.diff
fix-nspr-include-path.diff
allow-unlimited-conf-line-length.diff
add-parameter-to-set-uid.diff