mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-22 06:11:32 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: init: avoid code duplication while setting identify

Browse Source 
since the introduction of mworker, the setuid/setgid was duplicated in
two places; try to improve that by creating a dedicated function.
this patch does not introduce any functional change.

Signed-off-by: William Dauchy <w.dauchy@criteo.com>
This commit is contained in:
William Dauchy 2019-11-17 15:47:16 +01:00 committed by Willy Tarreau
parent e039f26ba4
commit f9af9d7f3c
1 changed files with 25 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
src/haproxy.c
View File

@ -2776,6 +2776,28 @@ static struct task *manage_global_listener_queue(struct task *t, void *context,
return t; return t;
} }
/* set uid/gid depending on global settings */
static void set_identity(const char *program_name)
{
if (global.gid) {
if (getgroups(0, NULL) > 0 && setgroups(0, NULL) == -1)
ha_warning("[%s.main()] Failed to drop supplementary groups. Using 'gid'/'group'"
" without 'uid'/'user' is generally useless.\n", program_name);
if (setgid(global.gid) == -1) {
ha_alert("[%s.main()] Cannot set gid %d.\n", program_name, global.gid);
protocol_unbind_all();
exit(1);
}
}
if (global.uid && setuid(global.uid) == -1) {
ha_alert("[%s.main()] Cannot set uid %d.\n", program_name, global.uid);
protocol_unbind_all();
exit(1);
}
}
int main(int argc, char **argv) int main(int argc, char **argv)
{ {
int err, retry; int err, retry;
@ -3045,26 +3067,8 @@ int main(int argc, char **argv)
* be able to restart the old pids. * be able to restart the old pids.
*/ */
if ((global.mode & (MODE_MWORKER|MODE_DAEMON)) == 0) { if ((global.mode & (MODE_MWORKER | MODE_DAEMON)) == 0)
/* setgid / setuid */ set_identity(argv[0]);
if (global.gid) {
if (getgroups(0, NULL) > 0 && setgroups(0, NULL) == -1)
ha_warning("[%s.main()] Failed to drop supplementary groups. Using 'gid'/'group'"
" without 'uid'/'user' is generally useless.\n", argv[0]);
if (setgid(global.gid) == -1) {
ha_alert("[%s.main()] Cannot set gid %d.\n", argv[0], global.gid);
protocol_unbind_all();
exit(1);
}
}
if (global.uid && setuid(global.uid) == -1) {
ha_alert("[%s.main()] Cannot set uid %d.\n", argv[0], global.uid);
protocol_unbind_all();
exit(1);
}
}
/* check ulimits */ /* check ulimits */
limit.rlim_cur = limit.rlim_max = 0; limit.rlim_cur = limit.rlim_max = 0;
@ -3269,25 +3273,7 @@ int main(int argc, char **argv)
free(global.chroot); free(global.chroot);
global.chroot = NULL; global.chroot = NULL;
set_identity(argv[0]);
/* setgid / setuid */
if (global.gid) {
if (getgroups(0, NULL) > 0 && setgroups(0, NULL) == -1)
ha_warning("[%s.main()] Failed to drop supplementary groups. Using 'gid'/'group'"
" without 'uid'/'user' is generally useless.\n", argv[0]);
if (setgid(global.gid) == -1) {
ha_alert("[%s.main()] Cannot set gid %d.\n", argv[0], global.gid);
protocol_unbind_all();
exit(1);
}
}
if (global.uid && setuid(global.uid) == -1) {
ha_alert("[%s.main()] Cannot set uid %d.\n", argv[0], global.uid);
protocol_unbind_all();
exit(1);
}
/* pass through every cli socket, and check if it's bound to /* pass through every cli socket, and check if it's bound to
* the current process and if it exposes listeners sockets. * the current process and if it exposes listeners sockets.