Browse Source

Make opentracker's user runtime configurable. Also add more debug output to aid finding problems.

master
Dirk Engling 11 years ago
parent
commit
fb532e4017
  1. 33
      opentracker.c
  2. 10
      opentracker.conf.sample
  3. 4
      ot_http.c

33
opentracker.c

@ -2,7 +2,7 @@
It is considered beerware. Prost. Skol. Cheers or whatever.
Some of the stuff below is stolen from Fefes example libowfat httpd.
$Id: opentracker.c,v 1.228 2010/04/09 09:33:39 erdgeist Exp $ */
$Id: opentracker.c,v 1.229 2010/04/09 10:15:51 erdgeist Exp $ */
/* System */
#include <stdlib.h>
@ -15,6 +15,7 @@
#include <stdio.h>
#include <pwd.h>
#include <ctype.h>
#include <pthread.h>
/* Libowfat */
#include "socket.h"
@ -41,6 +42,7 @@ volatile int g_opentracker_running = 1;
int g_self_pipe[2];
static char * g_serverdir;
static char * g_serveruser;
static void panic( const char *routine ) {
fprintf( stderr, "%s: %s\n", routine, strerror(errno) );
@ -72,7 +74,7 @@ static void defaul_signal_handlers( void ) {
sigaddset (&signal_mask, SIGHUP);
sigaddset (&signal_mask, SIGINT);
sigaddset (&signal_mask, SIGALRM);
pthread_sigmask (SIG_BLOCK, &signal_mask, NULL);
pthread_sigmask (SIG_BLOCK, &signal_mask, NULL);
}
static void install_signal_handlers( void ) {
@ -88,11 +90,11 @@ static void install_signal_handlers( void ) {
sigaddset (&signal_mask, SIGINT);
sigaddset (&signal_mask, SIGALRM);
pthread_sigmask (SIG_UNBLOCK, &signal_mask, NULL);
pthread_sigmask (SIG_UNBLOCK, &signal_mask, NULL);
}
static void usage( char *name ) {
fprintf( stderr, "Usage: %s [-i ip] [-p port] [-P port] [-r redirect] [-d dir] [-A ip] [-f config] [-s livesyncport]"
fprintf( stderr, "Usage: %s [-i ip] [-p port] [-P port] [-r redirect] [-d dir] [-u user] [-A ip] [-f config] [-s livesyncport]"
#ifdef WANT_ACCESSLIST_BLACK
" [-b blacklistfile]"
#elif defined ( WANT_ACCESSLIST_WHITE )
@ -111,6 +113,7 @@ static void help( char *name ) {
HELPLINE("-P port","specify udp port to bind to (default: 6969, you may specify more than one)");
HELPLINE("-r redirecturl","specify url where / should be redirected to (default none)");
HELPLINE("-d dir","specify directory to try to chroot to (default: \".\")");
HELPLINE("-u user","specify user under whose priviliges opentracker should run (default: \"nobody\")");
HELPLINE("-A ip","bless an ip address as admin address (e.g. to allow syncs from this address)");
#ifdef WANT_ACCESSLIST_BLACK
HELPLINE("-b file","specify blacklist file.");
@ -382,6 +385,8 @@ int parse_configfile( char * config_filename ) {
/* Scan for commands */
if(!byte_diff(p,15,"tracker.rootdir" ) && isspace(p[15])) {
set_config_option( &g_serverdir, p+16 );
} else if(!byte_diff(p,12,"tracker.user" ) && isspace(p[12])) {
set_config_option( &g_serveruser, p+13 );
} else if(!byte_diff(p,14,"listen.tcp_udp" ) && isspace(p[14])) {
uint16_t tmpport = 6969;
if( !scan_ip6_port( p+15, tmpip, &tmpport )) goto parse_error;
@ -473,11 +478,18 @@ void load_state(const char * const state_filename ) {
fclose( state_filehandle );
}
int drop_privileges (const char * const serverdir) {
int drop_privileges ( const char * const serveruser, const char * const serverdir ) {
struct passwd *pws = NULL;
#ifdef _DEBUG
if( !geteuid() )
fprintf( stderr, "Dropping to user %s.\n", serveruser );
if( serverdir )
fprintf( stderr, "ch%s'ing to directory %s.\n", geteuid() ? "dir" : "root", serverdir );
#endif
/* Grab pws entry before chrooting */
pws = getpwnam( "nobody" );
pws = getpwnam( serveruser );
endpwent();
if( geteuid() == 0 ) {
@ -490,7 +502,9 @@ int drop_privileges (const char * const serverdir) {
if(chdir("/"))
panic("chdir() failed after chrooting: ");
/* If we can't find server user, revert to nobody's default uid */
if( !pws ) {
fprintf( stderr, "Warning: Could not get password entry for %s. Reverting to uid -2.\n", serveruser );
setegid( (gid_t)-2 ); setgid( (gid_t)-2 );
setuid( (uid_t)-2 ); seteuid( (uid_t)-2 );
}
@ -525,7 +539,7 @@ int main( int argc, char **argv ) {
#endif
while( scanon ) {
switch( getopt( argc, argv, ":i:p:A:P:d:r:s:f:l:v"
switch( getopt( argc, argv, ":i:p:A:P:d:u:r:s:f:l:v"
#ifdef WANT_ACCESSLIST_BLACK
"b:"
#elif defined( WANT_ACCESSLIST_WHITE )
@ -553,6 +567,7 @@ int main( int argc, char **argv ) {
livesync_bind_mcast( serverip, tmpport); break;
#endif
case 'd': set_config_option( &g_serverdir, optarg ); break;
case 'u': set_config_option( &g_serveruser, optarg ); break;
case 'r': set_config_option( &g_redirecturl, optarg ); break;
case 'l': load_state( optarg ); break;
case 'A':
@ -578,7 +593,7 @@ int main( int argc, char **argv ) {
ot_try_bind( serverip, 6969, FLAG_UDP );
}
if( drop_privileges( g_serverdir ) == -1 )
if( drop_privileges( g_serveruser ? g_serveruser : "nobody", g_serverdir ) == -1 )
panic( "drop_privileges failed, exiting. Last error");
g_now_seconds = time( NULL );
@ -605,4 +620,4 @@ int main( int argc, char **argv ) {
return 0;
}
const char *g_version_opentracker_c = "$Source: /home/cvsroot/opentracker/opentracker.c,v $: $Revision: 1.228 $\n";
const char *g_version_opentracker_c = "$Source: /home/cvsroot/opentracker/opentracker.c,v $: $Revision: 1.229 $\n";

10
opentracker.conf.sample

@ -79,11 +79,17 @@
# batchsync.cluster.admin_ip 10.1.1.1
#
# V) Control directory where opentracker will chdir to. So all black/white
# list files may be put in that directory (shell option -d).
# V) Control privilege drop behaviour.
# Put in the directory opentracker will chroot/chdir to. All black/white
# list files must be put in that directory (shell option -d).
#
#
# tracker.rootdir /usr/local/etc/opentracker
#
# Tell opentracker which user to setuid to.
#
# tracker.user nobody
#
# VI) opentracker can be told to answer to a "GET / HTTP"-request with a
# redirect to another location (shell option -r).

4
ot_http.c

@ -347,6 +347,7 @@ static ssize_t http_handle_scrape( const int64 sock, struct ot_workstruct *ws, c
unsigned long long numwants[201];
#endif
#if defined( WANT_KEEPALIVE ) || defined( WANT_IP_FROM_PROXY )
static char* http_header( char *data, size_t byte_count, char *header ) {
size_t i;
long sl = strlen( header );
@ -359,6 +360,7 @@ static char* http_header( char *data, size_t byte_count, char *header ) {
}
return 0;
}
#endif
static ot_keywords keywords_announce[] = { { "port", 1 }, { "left", 2 }, { "event", 3 }, { "numwant", 4 }, { "compact", 5 }, { "compact6", 5 }, { "info_hash", 6 },
#ifdef WANT_IP_FROM_QUERY_STRING
@ -615,4 +617,4 @@ ssize_t http_handle_request( const int64 sock, struct ot_workstruct *ws ) {
return ws->reply_size;
}
const char *g_version_http_c = "$Source: /home/cvsroot/opentracker/ot_http.c,v $: $Revision: 1.47 $\n";
const char *g_version_http_c = "$Source: /home/cvsroot/opentracker/ot_http.c,v $: $Revision: 1.48 $\n";
Loading…
Cancel
Save