From c218c53d1ab377df62a7d6c24f8c9f6b1e656bc7 Mon Sep 17 00:00:00 2001 From: Karol Mroz Date: Wed, 9 Mar 2016 16:25:39 +0100 Subject: [PATCH] global: record target user and group strings Useful so we don't have to do a reverse lookup when dropping permissions in civetweb. Signed-off-by: Karol Mroz --- src/common/ceph_context.cc | 2 ++ src/common/ceph_context.h | 13 +++++++++++++ src/global/global_init.cc | 11 +++++++++-- 3 files changed, 24 insertions(+), 2 deletions(-) diff --git a/src/common/ceph_context.cc b/src/common/ceph_context.cc index 28349e80081db..e873c9f8783c5 100644 --- a/src/common/ceph_context.cc +++ b/src/common/ceph_context.cc @@ -441,6 +441,8 @@ CephContext::CephContext(uint32_t module_type_, int init_flags_) _init_flags(init_flags_), _set_uid(0), _set_gid(0), + _set_uid_string(), + _set_gid_string(), _crypto_inited(false), _service_thread(NULL), _log_obs(NULL), diff --git a/src/common/ceph_context.h b/src/common/ceph_context.h index b91b7e7a3a81b..cdb66f58343a4 100644 --- a/src/common/ceph_context.h +++ b/src/common/ceph_context.h @@ -164,6 +164,17 @@ public: return _set_gid; } + void set_uid_gid_strings(std::string u, std::string g) { + _set_uid_string = u; + _set_gid_string = g; + } + std::string get_set_uid_string() const { + return _set_uid_string; + } + std::string get_set_gid_string() const { + return _set_gid_string; + } + private: struct SingletonWrapper : boost::noncopyable { virtual ~SingletonWrapper() {} @@ -192,6 +203,8 @@ private: uid_t _set_uid; ///< uid to drop privs to gid_t _set_gid; ///< gid to drop privs to + std::string _set_uid_string; + std::string _set_gid_string; bool _crypto_inited; diff --git a/src/global/global_init.cc b/src/global/global_init.cc index 89b8fe9bd271b..18ad76e433f68 100644 --- a/src/global/global_init.cc +++ b/src/global/global_init.cc @@ -151,6 +151,8 @@ void global_init(std::vector < const char * > *alt_def_args, g_conf->setuser.length()) { uid_t uid = 0; // zero means no change; we can only drop privs here. gid_t gid = 0; + std::string uid_string; + std::string gid_string; if (g_conf->setuser.length()) { uid = atoi(g_conf->setuser.c_str()); if (!uid) { @@ -165,6 +167,7 @@ void global_init(std::vector < const char * > *alt_def_args, } uid = p->pw_uid; gid = p->pw_gid; + uid_string = g_conf->setuser; } } if (g_conf->setgroup.length() > 0) { @@ -180,6 +183,7 @@ void global_init(std::vector < const char * > *alt_def_args, exit(1); } gid = g->gr_gid; + gid_string = g_conf->setgroup; } } if ((uid || gid) && @@ -201,6 +205,8 @@ void global_init(std::vector < const char * > *alt_def_args, << std::endl; uid = 0; gid = 0; + uid_string.erase(); + gid_string.erase(); } else { priv_ss << "setuser_match_path " << g_conf->setuser_match_path << " owned by " @@ -208,6 +214,7 @@ void global_init(std::vector < const char * > *alt_def_args, } } g_ceph_context->set_uid_gid(uid, gid); + g_ceph_context->set_uid_gid_strings(uid_string, gid_string); if ((flags & CINIT_FLAG_DEFER_DROP_PRIVILEGES) == 0) { if (setgid(gid) != 0) { int r = errno; @@ -221,9 +228,9 @@ void global_init(std::vector < const char * > *alt_def_args, << std::endl; exit(1); } - priv_ss << "set uid:gid to " << uid << ":" << gid; + priv_ss << "set uid:gid to " << uid << ":" << gid << " (" << uid_string << ":" << gid_string << ")"; } else { - priv_ss << "deferred set uid:gid to " << uid << ":" << gid; + priv_ss << "deferred set uid:gid to " << uid << ":" << gid << " (" << uid_string << ":" << gid_string << ")"; } } -- 2.39.5