From 6e459d7f92d21721cda1432c113d4ad665366b0b Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Thu, 3 Sep 2020 07:09:09 +0200 Subject: [PATCH] MINOR: listener: create a new struct "settings" in bind_conf There currently is a large inconsistency in how binding parameters are split between bind_conf and listeners. It happens that for historical reasons some parameters are available at the listener level but cannot be configured per-listener but only for a bind_conf, and thus, need to be replicated. In addition, some of the bind_conf parameters are in fact for the listening socket itself while others are for the instanciated sockets. A previous attempt at splitting listeners into receivers failed because the boundary between all these settings is not well defined. This patch introduces a level of listening socket settings in the bind_conf, that will be detachable later. Such settings that are solely for the listening socket are: - unix socket permissions (used only during binding) - interface (used for binding) - network namespace (used for binding) - process mask and thread mask (used during startup) The rest seems to be used only to initialize the resulting sockets, or to control the accept rate. For now, only the unix params (bind_conf->ux) were moved there. --- include/haproxy/listener-t.h | 12 +++++++----- include/haproxy/listener.h | 6 +++--- src/cfgparse-listen.c | 6 +++--- src/cfgparse-unix.c | 10 +++++----- src/proto_uxst.c | 6 +++--- 5 files changed, 21 insertions(+), 19 deletions(-) diff --git a/include/haproxy/listener-t.h b/include/haproxy/listener-t.h index cb30af1c8..97ef5dde4 100644 --- a/include/haproxy/listener-t.h +++ b/include/haproxy/listener-t.h @@ -180,11 +180,13 @@ struct bind_conf { char *arg; /* argument passed to "bind" for better error reporting */ char *file; /* file where the section appears */ int line; /* line where the section appears */ - struct { /* UNIX socket permissions */ - uid_t uid; /* -1 to leave unchanged */ - gid_t gid; /* -1 to leave unchanged */ - mode_t mode; /* 0 to leave unchanged */ - } ux; + struct { + struct { /* UNIX socket permissions */ + uid_t uid; /* -1 to leave unchanged */ + gid_t gid; /* -1 to leave unchanged */ + mode_t mode; /* 0 to leave unchanged */ + } ux; + } settings; /* all the settings needed for the listening socket */ }; /* The listener will be directly referenced by the fdtab[] which holds its diff --git a/include/haproxy/listener.h b/include/haproxy/listener.h index 9715f89ae..2f7231e63 100644 --- a/include/haproxy/listener.h +++ b/include/haproxy/listener.h @@ -150,9 +150,9 @@ static inline struct bind_conf *bind_conf_alloc(struct proxy *fe, const char *fi if (arg) bind_conf->arg = strdup(arg); - bind_conf->ux.uid = -1; - bind_conf->ux.gid = -1; - bind_conf->ux.mode = 0; + bind_conf->settings.ux.uid = -1; + bind_conf->settings.ux.gid = -1; + bind_conf->settings.ux.mode = 0; bind_conf->xprt = xprt; bind_conf->frontend = fe; bind_conf->severity_output = CLI_SEVERITY_NONE; diff --git a/src/cfgparse-listen.c b/src/cfgparse-listen.c index ac23bf65d..82e8cf989 100644 --- a/src/cfgparse-listen.c +++ b/src/cfgparse-listen.c @@ -565,9 +565,9 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm) bind_conf = bind_conf_alloc(curproxy, file, linenum, args[1], xprt_get(XPRT_RAW)); /* use default settings for unix sockets */ - bind_conf->ux.uid = global.unix_bind.ux.uid; - bind_conf->ux.gid = global.unix_bind.ux.gid; - bind_conf->ux.mode = global.unix_bind.ux.mode; + bind_conf->settings.ux.uid = global.unix_bind.ux.uid; + bind_conf->settings.ux.gid = global.unix_bind.ux.gid; + bind_conf->settings.ux.mode = global.unix_bind.ux.mode; /* NOTE: the following line might create several listeners if there * are comma-separated IPs or port ranges. So all further processing diff --git a/src/cfgparse-unix.c b/src/cfgparse-unix.c index b1631c901..2e7e8232e 100644 --- a/src/cfgparse-unix.c +++ b/src/cfgparse-unix.c @@ -43,7 +43,7 @@ static int bind_parse_mode(char **args, int cur_arg, struct proxy *px, struct bi { char *endptr; - conf->ux.mode = strtol(args[cur_arg + 1], &endptr, 8); + conf->settings.ux.mode = strtol(args[cur_arg + 1], &endptr, 8); if (!*args[cur_arg + 1] || *endptr) { memprintf(err, "'%s' : missing or invalid mode '%s' (octal integer expected)", args[cur_arg], args[cur_arg + 1]); @@ -61,7 +61,7 @@ static int bind_parse_gid(char **args, int cur_arg, struct proxy *px, struct bin return ERR_ALERT | ERR_FATAL; } - conf->ux.gid = atol(args[cur_arg + 1]); + conf->settings.ux.gid = atol(args[cur_arg + 1]); return 0; } @@ -81,7 +81,7 @@ static int bind_parse_group(char **args, int cur_arg, struct proxy *px, struct b return ERR_ALERT | ERR_FATAL; } - conf->ux.gid = group->gr_gid; + conf->settings.ux.gid = group->gr_gid; return 0; } @@ -93,7 +93,7 @@ static int bind_parse_uid(char **args, int cur_arg, struct proxy *px, struct bin return ERR_ALERT | ERR_FATAL; } - conf->ux.uid = atol(args[cur_arg + 1]); + conf->settings.ux.uid = atol(args[cur_arg + 1]); return 0; } @@ -113,7 +113,7 @@ static int bind_parse_user(char **args, int cur_arg, struct proxy *px, struct bi return ERR_ALERT | ERR_FATAL; } - conf->ux.uid = user->pw_uid; + conf->settings.ux.uid = user->pw_uid; return 0; } diff --git a/src/proto_uxst.c b/src/proto_uxst.c index 07e83e29c..8be2219f2 100644 --- a/src/proto_uxst.c +++ b/src/proto_uxst.c @@ -224,9 +224,9 @@ static int uxst_bind_listener(struct listener *listener, char *errmsg, int errle * where it works. We also don't change permissions on abstract sockets. */ if (!ext && path[0] && - (((listener->bind_conf->ux.uid != -1 || listener->bind_conf->ux.gid != -1) && - (chown(tempname, listener->bind_conf->ux.uid, listener->bind_conf->ux.gid) == -1)) || - (listener->bind_conf->ux.mode != 0 && chmod(tempname, listener->bind_conf->ux.mode) == -1))) { + (((listener->bind_conf->settings.ux.uid != -1 || listener->bind_conf->settings.ux.gid != -1) && + (chown(tempname, listener->bind_conf->settings.ux.uid, listener->bind_conf->settings.ux.gid) == -1)) || + (listener->bind_conf->settings.ux.mode != 0 && chmod(tempname, listener->bind_conf->settings.ux.mode) == -1))) { err |= ERR_FATAL | ERR_ALERT; msg = "cannot change UNIX socket ownership"; goto err_unlink_temp;