global: record target user and group strings

Useful so we don't have to do a reverse lookup when dropping permissions
in civetweb.

Signed-off-by: Karol Mroz <kmroz@suse.com>

diff --git a/src/common/ceph_context.cc b/src/common/ceph_context.cc
index 28349e80081db9c5b041ec32ea40c6c11dd37f16..e873c9f8783c5564a82b3f38efaa32c9f71f9241 100644 (file)
--- a/src/common/ceph_context.cc
+++ b/src/common/ceph_context.cc
@@ -441,6 +441,8 @@ CephContext::CephContext(uint32_t module_type_, int init_flags_)
     _init_flags(init_flags_),
     _set_uid(0),
     _set_gid(0),
+    _set_uid_string(),
+    _set_gid_string(),
     _crypto_inited(false),
     _service_thread(NULL),
     _log_obs(NULL),

diff --git a/src/common/ceph_context.h b/src/common/ceph_context.h
index b91b7e7a3a81bebd575a069dd119f9165b5be24f..cdb66f58343a4779ec4b11093bd1660e90caf99a 100644 (file)
--- a/src/common/ceph_context.h
+++ b/src/common/ceph_context.h
@@ -164,6 +164,17 @@ public:
     return _set_gid;
   }
 
+  void set_uid_gid_strings(std::string u, std::string g) {
+    _set_uid_string = u;
+    _set_gid_string = g;
+  }
+  std::string get_set_uid_string() const {
+    return _set_uid_string;
+  }
+  std::string get_set_gid_string() const {
+    return _set_gid_string;
+  }
+
 private:
   struct SingletonWrapper : boost::noncopyable {
     virtual ~SingletonWrapper() {}
@@ -192,6 +203,8 @@ private:
 
   uid_t _set_uid; ///< uid to drop privs to
   gid_t _set_gid; ///< gid to drop privs to
+  std::string _set_uid_string;
+  std::string _set_gid_string;
 
   bool _crypto_inited;
 

diff --git a/src/global/global_init.cc b/src/global/global_init.cc
index 89b8fe9bd271b606caad91f28e80e2ca7b828db1..18ad76e433f68a14ac78c0a24d2513e7a2f5954b 100644 (file)
--- a/src/global/global_init.cc
+++ b/src/global/global_init.cc
@@ -151,6 +151,8 @@ void global_init(std::vector < const char * > *alt_def_args,
       g_conf->setuser.length()) {
     uid_t uid = 0;  // zero means no change; we can only drop privs here.
     gid_t gid = 0;
+    std::string uid_string;
+    std::string gid_string;
     if (g_conf->setuser.length()) {
       uid = atoi(g_conf->setuser.c_str());
       if (!uid) {
@@ -165,6 +167,7 @@ void global_init(std::vector < const char * > *alt_def_args,
        }
        uid = p->pw_uid;
        gid = p->pw_gid;
+       uid_string = g_conf->setuser;
       }
     }
     if (g_conf->setgroup.length() > 0) {
@@ -180,6 +183,7 @@ void global_init(std::vector < const char * > *alt_def_args,
          exit(1);
        }
        gid = g->gr_gid;
+       gid_string = g_conf->setgroup;
       }
     }
     if ((uid || gid) &&
@@ -201,6 +205,8 @@ void global_init(std::vector < const char * > *alt_def_args,
             << std::endl;
        uid = 0;
        gid = 0;
+       uid_string.erase();
+       gid_string.erase();
       } else {
        priv_ss << "setuser_match_path "
                << g_conf->setuser_match_path << " owned by "
@@ -208,6 +214,7 @@ void global_init(std::vector < const char * > *alt_def_args,
       }
     }
     g_ceph_context->set_uid_gid(uid, gid);
+    g_ceph_context->set_uid_gid_strings(uid_string, gid_string);
     if ((flags & CINIT_FLAG_DEFER_DROP_PRIVILEGES) == 0) {
       if (setgid(gid) != 0) {
        int r = errno;
@@ -221,9 +228,9 @@ void global_init(std::vector < const char * > *alt_def_args,
             << std::endl;
        exit(1);
       }
-      priv_ss << "set uid:gid to " << uid << ":" << gid;
+      priv_ss << "set uid:gid to " << uid << ":" << gid << " (" << uid_string << ":" << gid_string << ")";
     } else {
-      priv_ss << "deferred set uid:gid to " << uid << ":" << gid;
+      priv_ss << "deferred set uid:gid to " << uid << ":" << gid << " (" << uid_string << ":" << gid_string << ")";
     }
   }