Changeset View
Changeset View
Standalone View
Standalone View
usr.sbin/ctld/ctld.c
Context not available. | |||||
#include <sys/types.h> | #include <sys/types.h> | ||||
#include <sys/time.h> | #include <sys/time.h> | ||||
#include <sys/socket.h> | #include <sys/socket.h> | ||||
#include <sys/stat.h> | |||||
#include <sys/wait.h> | #include <sys/wait.h> | ||||
#include <netinet/in.h> | #include <netinet/in.h> | ||||
#include <arpa/inet.h> | #include <arpa/inet.h> | ||||
Context not available. | |||||
log_err(1, "sigaction"); | log_err(1, "sigaction"); | ||||
} | } | ||||
static void | |||||
check_perms(const char *path) | |||||
{ | |||||
struct stat sb; | |||||
int error; | |||||
error = stat(path, &sb); | |||||
if (error != 0) { | |||||
log_warn("stat"); | |||||
return; | |||||
} | |||||
if (sb.st_mode & S_IWOTH) { | |||||
log_warnx("%s is world-writable", path); | |||||
} else if (sb.st_mode & S_IROTH) { | |||||
log_warnx("%s is world-readable", path); | |||||
} else if (sb.st_mode & S_IXOTH) { | |||||
/* | |||||
* Ok, this one doesn't matter, but still do it, | |||||
* just for consistency. | |||||
*/ | |||||
log_warnx("%s is world-executable", path); | |||||
} | |||||
/* | |||||
* XXX: Should we also check for owner != 0? | |||||
*/ | |||||
} | |||||
static struct conf * | |||||
conf_new_from_file(const char *path, struct conf *oldconf, bool ucl) | |||||
{ | |||||
struct conf *conf; | |||||
struct auth_group *ag; | |||||
struct portal_group *pg; | |||||
struct pport *pp; | |||||
int error; | |||||
log_debugx("obtaining configuration from %s", path); | |||||
conf = conf_new(); | |||||
TAILQ_FOREACH(pp, &oldconf->conf_pports, pp_next) | |||||
pport_copy(pp, conf); | |||||
ag = auth_group_new(conf, "default"); | |||||
assert(ag != NULL); | |||||
ag = auth_group_new(conf, "no-authentication"); | |||||
assert(ag != NULL); | |||||
ag->ag_type = AG_TYPE_NO_AUTHENTICATION; | |||||
ag = auth_group_new(conf, "no-access"); | |||||
assert(ag != NULL); | |||||
ag->ag_type = AG_TYPE_DENY; | |||||
pg = portal_group_new(conf, "default"); | |||||
assert(pg != NULL); | |||||
check_perms(path); | |||||
trasz: I liked the old order, ie check_perms after parse_conf/uclparse_conf. This way you would get… | |||||
if (ucl) { | |||||
error = uclparse_conf(conf, path); | |||||
Not Done Inline Actionsstyle(9) - superfluous "{}" bracees. trasz: style(9) - superfluous "{}" bracees. | |||||
} else { | |||||
error = parse_conf(conf, path); | |||||
} | |||||
if (error != 0) { | |||||
conf_delete(conf); | |||||
return (NULL); | |||||
} | |||||
if (conf->conf_default_ag_defined == false) { | |||||
log_debugx("auth-group \"default\" not defined; " | |||||
"going with defaults"); | |||||
ag = auth_group_find(conf, "default"); | |||||
assert(ag != NULL); | |||||
ag->ag_type = AG_TYPE_DENY; | |||||
} | |||||
if (conf->conf_default_pg_defined == false) { | |||||
log_debugx("portal-group \"default\" not defined; " | |||||
"going with defaults"); | |||||
pg = portal_group_find(conf, "default"); | |||||
assert(pg != NULL); | |||||
portal_group_add_listen(pg, "0.0.0.0:3260", false); | |||||
portal_group_add_listen(pg, "[::]:3260", false); | |||||
} | |||||
conf->conf_kernel_port_on = true; | |||||
error = conf_verify(conf); | |||||
if (error != 0) { | |||||
conf_delete(conf); | |||||
return (NULL); | |||||
} | |||||
return (conf); | |||||
} | |||||
int | int | ||||
main(int argc, char **argv) | main(int argc, char **argv) | ||||
{ | { | ||||
Context not available. | |||||
const char *config_path = DEFAULT_CONFIG_PATH; | const char *config_path = DEFAULT_CONFIG_PATH; | ||||
int debug = 0, ch, error; | int debug = 0, ch, error; | ||||
bool dont_daemonize = false; | bool dont_daemonize = false; | ||||
bool use_ucl = false; | |||||
while ((ch = getopt(argc, argv, "df:R")) != -1) { | while ((ch = getopt(argc, argv, "duf:R")) != -1) { | ||||
switch (ch) { | switch (ch) { | ||||
case 'd': | case 'd': | ||||
dont_daemonize = true; | dont_daemonize = true; | ||||
debug++; | debug++; | ||||
break; | break; | ||||
case 'u': | |||||
use_ucl = true; | |||||
break; | |||||
case 'f': | case 'f': | ||||
config_path = optarg; | config_path = optarg; | ||||
break; | break; | ||||
Context not available. | |||||
kernel_init(); | kernel_init(); | ||||
oldconf = conf_new_from_kernel(); | oldconf = conf_new_from_kernel(); | ||||
newconf = conf_new_from_file(config_path, oldconf); | newconf = conf_new_from_file(config_path, oldconf, use_ucl); | ||||
if (newconf == NULL) | if (newconf == NULL) | ||||
log_errx(1, "configuration error; exiting"); | log_errx(1, "configuration error; exiting"); | ||||
if (debug > 0) { | if (debug > 0) { | ||||
Context not available. | |||||
if (sighup_received) { | if (sighup_received) { | ||||
sighup_received = false; | sighup_received = false; | ||||
log_debugx("received SIGHUP, reloading configuration"); | log_debugx("received SIGHUP, reloading configuration"); | ||||
tmpconf = conf_new_from_file(config_path, newconf); | tmpconf = conf_new_from_file(config_path, newconf, | ||||
use_ucl); | |||||
if (tmpconf == NULL) { | if (tmpconf == NULL) { | ||||
log_warnx("configuration error, " | log_warnx("configuration error, " | ||||
"continuing with old configuration"); | "continuing with old configuration"); | ||||
Context not available. |
I liked the old order, ie check_perms after parse_conf/uclparse_conf. This way you would get an user-friendly error with path, if the configuration file doesn't exist.