1
0
mirror of https://gitlab.xiph.org/xiph/icecast-server.git synced 2024-12-04 14:46:30 -05:00

Update: Record result from chroot/chuid

This commit is contained in:
Philipp Schafft 2022-09-24 10:22:51 +00:00
parent 5ef8b13a4a
commit 7c5d01a1a2
2 changed files with 28 additions and 16 deletions

View File

@ -46,6 +46,11 @@ typedef struct ice_global_tag
relay_t *master_relays; relay_t *master_relays;
module_container_t *modulecontainer; module_container_t *modulecontainer;
/* state */
bool chroot_succeeded;
bool chuid_succeeded;
} ice_global_t; } ice_global_t;
extern ice_global_t global; extern ice_global_t global;

View File

@ -479,34 +479,36 @@ static void _ch_root_uid_setup(void)
} }
#endif #endif
/* ensure a valid initial state */
global.chroot_succeeded = false;
global.chuid_succeeded = false;
#if HAVE_CHROOT #if HAVE_CHROOT
if (conf->chroot) if (conf->chroot) {
{ if (getuid()) { /* root check */
if(getuid()) /* root check */
{
fprintf(stderr, "WARNING: Cannot change server root unless running as root.\n"); fprintf(stderr, "WARNING: Cannot change server root unless running as root.\n");
} }
if(chroot(conf->base_dir) == -1 || chdir("/") == -1)
{ if(chroot(conf->base_dir) == -1 || chdir("/") == -1) {
fprintf(stderr,"WARNING: Couldn't change server root: %s\n", strerror(errno)); fprintf(stderr,"WARNING: Couldn't change server root: %s\n", strerror(errno));
return; return;
} } else {
else
fprintf(stdout, "Changed root successfully to \"%s\".\n", conf->base_dir); fprintf(stdout, "Changed root successfully to \"%s\".\n", conf->base_dir);
global.chroot_succeeded = true;
}
} }
#endif #endif
#if HAVE_SETUID #if HAVE_SETUID
if(conf->chuid) if(conf->chuid) {
{ if (getuid()) { /* root check */
if(getuid()) /* root check */
{
fprintf(stderr, "WARNING: Can't change user id unless you are root.\n"); fprintf(stderr, "WARNING: Can't change user id unless you are root.\n");
return; return;
} }
if(uid != (uid_t)-1 && gid != (gid_t)-1) { if (uid != (uid_t)-1 && gid != (gid_t)-1) {
global.chuid_succeeded = true;
#ifdef HAVE_SETRESGID #ifdef HAVE_SETRESGID
if(!setresgid(gid, gid, gid)) { if(!setresgid(gid, gid, gid)) {
#else #else
@ -515,11 +517,15 @@ static void _ch_root_uid_setup(void)
fprintf(stdout, "Changed groupid to %i.\n", (int)gid); fprintf(stdout, "Changed groupid to %i.\n", (int)gid);
} else { } else {
fprintf(stdout, "Error changing groupid: %s.\n", strerror(errno)); fprintf(stdout, "Error changing groupid: %s.\n", strerror(errno));
global.chuid_succeeded = false;
} }
if(!initgroups(conf->user, gid)) if(!initgroups(conf->user, gid)) {
fprintf(stdout, "Changed supplementary groups based on user: %s.\n", conf->user); fprintf(stdout, "Changed supplementary groups based on user: %s.\n", conf->user);
else } else {
fprintf(stdout, "Error changing supplementary groups: %s.\n", strerror(errno)); fprintf(stdout, "Error changing supplementary groups: %s.\n", strerror(errno));
global.chuid_succeeded = false;
}
#ifdef HAVE_SETRESUID #ifdef HAVE_SETRESUID
if(!setresuid(uid, uid, uid)) { if(!setresuid(uid, uid, uid)) {
#else #else
@ -528,6 +534,7 @@ static void _ch_root_uid_setup(void)
fprintf(stdout, "Changed userid to %i.\n", (int)uid); fprintf(stdout, "Changed userid to %i.\n", (int)uid);
} else { } else {
fprintf(stdout, "Error changing userid: %s.\n", strerror(errno)); fprintf(stdout, "Error changing userid: %s.\n", strerror(errno));
global.chuid_succeeded = false;
} }
} }
} }