Ensure that file logging uses the correct username.
This commit is contained in:
parent
a8fedf794f
commit
f781498c03
@ -66,11 +66,15 @@ int mqtt3_log_init(struct mqtt3_config *config)
|
||||
}
|
||||
|
||||
if(log_destinations & MQTT3_LOG_FILE){
|
||||
if(drop_privileges(config, true)){
|
||||
return 1;
|
||||
}
|
||||
config->log_fptr = _mosquitto_fopen(config->log_file, "at");
|
||||
if(!config->log_fptr){
|
||||
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Unable to open log file %s for writing.", config->log_file);
|
||||
return MOSQ_ERR_INVAL;
|
||||
}
|
||||
restore_privileges();
|
||||
}
|
||||
return rc;
|
||||
}
|
||||
@ -87,6 +91,7 @@ int mqtt3_log_close(struct mqtt3_config *config)
|
||||
if(log_destinations & MQTT3_LOG_FILE){
|
||||
if(config->log_fptr){
|
||||
fclose(config->log_fptr);
|
||||
config->log_fptr = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -64,7 +64,6 @@ int allow_severity = LOG_INFO;
|
||||
int deny_severity = LOG_INFO;
|
||||
#endif
|
||||
|
||||
int drop_privileges(struct mqtt3_config *config);
|
||||
void handle_sigint(int signal);
|
||||
void handle_sigusr1(int signal);
|
||||
void handle_sigusr2(int signal);
|
||||
@ -82,11 +81,12 @@ struct mosquitto_db *_mosquitto_get_db(void)
|
||||
* Note that setting config->user to "root" does not produce an error, but it
|
||||
* strongly discouraged.
|
||||
*/
|
||||
int drop_privileges(struct mqtt3_config *config)
|
||||
int drop_privileges(struct mqtt3_config *config, bool temporary)
|
||||
{
|
||||
#if !defined(__CYGWIN__) && !defined(WIN32)
|
||||
struct passwd *pwd;
|
||||
char err[256];
|
||||
int rc;
|
||||
|
||||
if(geteuid() == 0){
|
||||
if(config->user && strcmp(config->user, "root")){
|
||||
@ -100,12 +100,22 @@ int drop_privileges(struct mqtt3_config *config)
|
||||
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error setting groups whilst dropping privileges: %s.", err);
|
||||
return 1;
|
||||
}
|
||||
if(setgid(pwd->pw_gid) == -1){
|
||||
if(temporary){
|
||||
rc = setegid(pwd->pw_gid);
|
||||
}else{
|
||||
rc = setgid(pwd->pw_gid);
|
||||
}
|
||||
if(rc == -1){
|
||||
strerror_r(errno, err, 256);
|
||||
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error setting gid whilst dropping privileges: %s.", err);
|
||||
return 1;
|
||||
}
|
||||
if(setuid(pwd->pw_uid) == -1){
|
||||
if(temporary){
|
||||
rc = seteuid(pwd->pw_uid);
|
||||
}else{
|
||||
rc = setuid(pwd->pw_uid);
|
||||
}
|
||||
if(rc == -1){
|
||||
strerror_r(errno, err, 256);
|
||||
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error setting uid whilst dropping privileges: %s.", err);
|
||||
return 1;
|
||||
@ -119,6 +129,30 @@ int drop_privileges(struct mqtt3_config *config)
|
||||
return MOSQ_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
int restore_privileges(void)
|
||||
{
|
||||
#if !defined(__CYGWIN__) && !defined(WIN32)
|
||||
char err[256];
|
||||
int rc;
|
||||
|
||||
if(getuid() == 0){
|
||||
rc = setegid(0);
|
||||
if(rc == -1){
|
||||
strerror_r(errno, err, 256);
|
||||
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error setting gid whilst restoring privileges: %s.", err);
|
||||
return 1;
|
||||
}
|
||||
rc = seteuid(0);
|
||||
if(rc == -1){
|
||||
strerror_r(errno, err, 256);
|
||||
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error setting uid whilst restoring privileges: %s.", err);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
return MOSQ_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
#ifdef SIGHUP
|
||||
/* Signal handler for SIGHUP - flag a config reload. */
|
||||
void handle_sighup(int signal)
|
||||
@ -305,7 +339,7 @@ int main(int argc, char *argv[])
|
||||
}
|
||||
}
|
||||
|
||||
rc = drop_privileges(&config);
|
||||
rc = drop_privileges(&config, false);
|
||||
if(rc != MOSQ_ERR_SUCCESS) return rc;
|
||||
|
||||
signal(SIGINT, handle_sigint);
|
||||
|
@ -349,6 +349,9 @@ int mqtt3_config_read(struct mqtt3_config *config, bool reload);
|
||||
/* Free all config data. */
|
||||
void mqtt3_config_cleanup(struct mqtt3_config *config);
|
||||
|
||||
int drop_privileges(struct mqtt3_config *config, bool temporary);
|
||||
int restore_privileges(void);
|
||||
|
||||
/* ============================================================
|
||||
* Server send functions
|
||||
* ============================================================ */
|
||||
|
Loading…
Reference in New Issue
Block a user