1 |
wired 12/11/21 18:11:31 |
2 |
|
3 |
Added: znc.confd znc-1.0-systemwideconfig.patch znc.initd |
4 |
Log: |
5 |
version bump, bug #438430. added system-wide daemon use flag that installs init.d/conf.d files, bug #415389. systemWideConfig patch. |
6 |
|
7 |
(Portage version: 2.2.0_alpha142/cvs/Linux x86_64, signed Manifest commit with key EB9B4AFA) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 net-irc/znc/files/znc.confd |
11 |
|
12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-irc/znc/files/znc.confd?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-irc/znc/files/znc.confd?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: znc.confd |
16 |
=================================================================== |
17 |
# /etc/conf.d/znc |
18 |
|
19 |
# Location of the znc configuration folder |
20 |
ZNC_CONF="/etc/znc" |
21 |
|
22 |
# User to run znc as |
23 |
ZNC_USER="znc" |
24 |
|
25 |
|
26 |
|
27 |
1.1 net-irc/znc/files/znc-1.0-systemwideconfig.patch |
28 |
|
29 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-irc/znc/files/znc-1.0-systemwideconfig.patch?rev=1.1&view=markup |
30 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-irc/znc/files/znc-1.0-systemwideconfig.patch?rev=1.1&content-type=text/plain |
31 |
|
32 |
Index: znc-1.0-systemwideconfig.patch |
33 |
=================================================================== |
34 |
diff --git a/include/znc/znc.h b/include/znc/znc.h |
35 |
index 03be646..f493c83 100644 |
36 |
--- a/include/znc/znc.h |
37 |
+++ b/include/znc/znc.h |
38 |
@@ -169,6 +169,8 @@ public: |
39 |
|
40 |
static void DumpConfig(const CConfig* Config); |
41 |
|
42 |
+ void SetSystemWideConfig(bool systemWideConfig); |
43 |
+ |
44 |
private: |
45 |
CFile* InitPidFile(); |
46 |
bool DoRehash(CString& sError); |
47 |
@@ -209,6 +211,7 @@ protected: |
48 |
unsigned int m_uiConnectPaused; |
49 |
TCacheMap<CString> m_sConnectThrottle; |
50 |
bool m_bProtectWebSessions; |
51 |
+ bool m_bSystemWideConfig; |
52 |
}; |
53 |
|
54 |
#endif // !_ZNC_H |
55 |
diff --git a/src/main.cpp b/src/main.cpp |
56 |
index a1f3904..4950911 100644 |
57 |
--- a/src/main.cpp |
58 |
+++ b/src/main.cpp |
59 |
@@ -10,6 +10,9 @@ |
60 |
#include <znc/FileUtils.h> |
61 |
#include <sys/wait.h> |
62 |
#include <signal.h> |
63 |
+#include <sys/types.h> |
64 |
+#include <pwd.h> |
65 |
+#include <grp.h> |
66 |
|
67 |
using std::cout; |
68 |
using std::endl; |
69 |
@@ -46,6 +49,7 @@ static const struct option g_LongOpts[] = { |
70 |
{ "makepass", no_argument, 0, 's' }, |
71 |
{ "makepem", no_argument, 0, 'p' }, |
72 |
{ "datadir", required_argument, 0, 'd' }, |
73 |
+ { "system-wide-config-as", required_argument, 0, 'S' }, |
74 |
{ 0, 0, 0, 0 } |
75 |
}; |
76 |
|
77 |
@@ -127,6 +131,8 @@ int main(int argc, char** argv) { |
78 |
bool bMakeConf = false; |
79 |
bool bMakePass = false; |
80 |
bool bAllowRoot = false; |
81 |
+ bool bSystemWideConfig = false; |
82 |
+ CString sSystemWideConfigUser = "znc"; |
83 |
bool bForeground = false; |
84 |
#ifdef ALWAYS_RUN_IN_FOREGROUND |
85 |
bForeground = true; |
86 |
@@ -135,7 +141,7 @@ int main(int argc, char** argv) { |
87 |
bool bMakePem = false; |
88 |
#endif |
89 |
|
90 |
- while ((iArg = getopt_long(argc, argv, "hvnrcspd:Df", g_LongOpts, &iOptIndex)) != -1) { |
91 |
+ while ((iArg = getopt_long(argc, argv, "hvnrcspd:DfS:", g_LongOpts, &iOptIndex)) != -1) { |
92 |
switch (iArg) { |
93 |
case 'h': |
94 |
GenerateHelp(argv[0]); |
95 |
@@ -153,6 +159,10 @@ int main(int argc, char** argv) { |
96 |
case 'c': |
97 |
bMakeConf = true; |
98 |
break; |
99 |
+ case 'S': |
100 |
+ bSystemWideConfig = true; |
101 |
+ sSystemWideConfigUser = optarg; |
102 |
+ break; |
103 |
case 's': |
104 |
bMakePass = true; |
105 |
break; |
106 |
@@ -187,8 +197,36 @@ int main(int argc, char** argv) { |
107 |
return 1; |
108 |
} |
109 |
|
110 |
+ if (bSystemWideConfig && getuid() == 0) { |
111 |
+ struct passwd *pwd; |
112 |
+ |
113 |
+ pwd = getpwnam(sSystemWideConfigUser.c_str()); |
114 |
+ if (pwd == NULL) { |
115 |
+ CUtils::PrintError("Daemon user not found."); |
116 |
+ return 1; |
117 |
+ } |
118 |
+ |
119 |
+ if ((long) pwd->pw_uid == 0) { |
120 |
+ CUtils::PrintError("Please define a daemon user other than root."); |
121 |
+ return 1; |
122 |
+ } |
123 |
+ if (setgroups(0, NULL) != 0) { |
124 |
+ CUtils::PrintError("setgroups: Unable to clear supplementary group IDs"); |
125 |
+ return 1; |
126 |
+ } |
127 |
+ if (setgid((long) pwd->pw_gid) != 0) { |
128 |
+ CUtils::PrintError("setgid: Unable to drop group privileges"); |
129 |
+ return 1; |
130 |
+ } |
131 |
+ if (setuid((long) pwd->pw_uid) != 0) { |
132 |
+ CUtils::PrintError("setuid: Unable to drop user privileges"); |
133 |
+ return 1; |
134 |
+ } |
135 |
+ } |
136 |
+ |
137 |
CZNC* pZNC = &CZNC::Get(); |
138 |
pZNC->InitDirs(((argc) ? argv[0] : ""), sDataDir); |
139 |
+ pZNC->SetSystemWideConfig(bSystemWideConfig); |
140 |
|
141 |
#ifdef HAVE_LIBSSL |
142 |
if (bMakePem) { |
143 |
@@ -229,7 +267,7 @@ int main(int argc, char** argv) { |
144 |
CUtils::PrintStatus(true, ""); |
145 |
} |
146 |
|
147 |
- if (isRoot()) { |
148 |
+ if (isRoot() && !bSystemWideConfig) { |
149 |
CUtils::PrintError("You are running ZNC as root! Don't do that! There are not many valid"); |
150 |
CUtils::PrintError("reasons for this and it can, in theory, cause great damage!"); |
151 |
if (!bAllowRoot) { |
152 |
diff --git a/src/znc.cpp b/src/znc.cpp |
153 |
index 9469790..297b021 100644 |
154 |
--- a/src/znc.cpp |
155 |
+++ b/src/znc.cpp |
156 |
@@ -47,6 +47,7 @@ CZNC::CZNC() { |
157 |
m_sConnectThrottle.SetTTL(30000); |
158 |
m_pLockFile = NULL; |
159 |
m_bProtectWebSessions = true; |
160 |
+ m_bSystemWideConfig = false; |
161 |
} |
162 |
|
163 |
CZNC::~CZNC() { |
164 |
@@ -952,7 +953,7 @@ bool CZNC::WriteNewConfig(const CString& sConfigFile) { |
165 |
CUtils::PrintMessage(""); |
166 |
|
167 |
File.UnLock(); |
168 |
- return bFileOpen && CUtils::GetBoolInput("Launch ZNC now?", true); |
169 |
+ return bFileOpen && !m_bSystemWideConfig && CUtils::GetBoolInput("Launch ZNC now?", true); |
170 |
} |
171 |
|
172 |
size_t CZNC::FilterUncommonModules(set<CModInfo>& ssModules) { |
173 |
@@ -1971,3 +1972,7 @@ void CZNC::LeakConnectQueueTimer(CConnectQueueTimer *pTimer) { |
174 |
bool CZNC::WaitForChildLock() { |
175 |
return m_pLockFile && m_pLockFile->ExLock(); |
176 |
} |
177 |
+ |
178 |
+void CZNC::SetSystemWideConfig(bool systemWideConfig) { |
179 |
+ m_bSystemWideConfig = systemWideConfig; |
180 |
+} |
181 |
|
182 |
|
183 |
|
184 |
1.1 net-irc/znc/files/znc.initd |
185 |
|
186 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-irc/znc/files/znc.initd?rev=1.1&view=markup |
187 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-irc/znc/files/znc.initd?rev=1.1&content-type=text/plain |
188 |
|
189 |
Index: znc.initd |
190 |
=================================================================== |
191 |
#!/sbin/runscript |
192 |
# Copyright 1999-2012 Gentoo Foundation |
193 |
# Distributed under the terms of the GNU General Public License v2 |
194 |
# $Header: /var/cvsroot/gentoo-x86/net-irc/znc/files/znc.initd,v 1.1 2012/11/21 18:11:31 wired Exp $ |
195 |
|
196 |
extra_commands="config" |
197 |
extra_started_commands="reload save" |
198 |
|
199 |
depend() { |
200 |
need net |
201 |
} |
202 |
|
203 |
start() { |
204 |
ebegin "Starting ZNC" |
205 |
start-stop-daemon --start --user ${ZNC_USER} --name znc \ |
206 |
--exec /usr/bin/znc -- -d ${ZNC_CONF} |
207 |
eend $? |
208 |
} |
209 |
|
210 |
stop() { |
211 |
ebegin "Stopping ZNC" |
212 |
start-stop-daemon --signal SIGINT --name znc \ |
213 |
--exec /usr/bin/znc -- -d ${ZNC_CONF} |
214 |
eend $? |
215 |
} |
216 |
|
217 |
reload() { |
218 |
ebegin "Reloading ZNC Configuration File from Disk" |
219 |
start-stop-daemon --signal SIGHUP --name znc \ |
220 |
--exec /usr/bin/znc -- -d ${ZNC_CONF} |
221 |
eend $? |
222 |
} |
223 |
|
224 |
save() { |
225 |
ebegin "Saving ZNC Configuration File to Disk" |
226 |
start-stop-daemon --signal SIGUSR1 --name znc \ |
227 |
--exec /usr/bin/znc -- -d ${ZNC_CONF} |
228 |
eend $? |
229 |
} |