Ensure that file logging uses the correct username.
This commit is contained in:
parent
a8fedf794f
commit
f781498c03
@ -66,11 +66,15 @@ int mqtt3_log_init(struct mqtt3_config *config)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if(log_destinations & MQTT3_LOG_FILE){
|
if(log_destinations & MQTT3_LOG_FILE){
|
||||||
|
if(drop_privileges(config, true)){
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
config->log_fptr = _mosquitto_fopen(config->log_file, "at");
|
config->log_fptr = _mosquitto_fopen(config->log_file, "at");
|
||||||
if(!config->log_fptr){
|
if(!config->log_fptr){
|
||||||
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Unable to open log file %s for writing.", config->log_file);
|
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Unable to open log file %s for writing.", config->log_file);
|
||||||
return MOSQ_ERR_INVAL;
|
return MOSQ_ERR_INVAL;
|
||||||
}
|
}
|
||||||
|
restore_privileges();
|
||||||
}
|
}
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
@ -87,6 +91,7 @@ int mqtt3_log_close(struct mqtt3_config *config)
|
|||||||
if(log_destinations & MQTT3_LOG_FILE){
|
if(log_destinations & MQTT3_LOG_FILE){
|
||||||
if(config->log_fptr){
|
if(config->log_fptr){
|
||||||
fclose(config->log_fptr);
|
fclose(config->log_fptr);
|
||||||
|
config->log_fptr = NULL;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -64,7 +64,6 @@ int allow_severity = LOG_INFO;
|
|||||||
int deny_severity = LOG_INFO;
|
int deny_severity = LOG_INFO;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
int drop_privileges(struct mqtt3_config *config);
|
|
||||||
void handle_sigint(int signal);
|
void handle_sigint(int signal);
|
||||||
void handle_sigusr1(int signal);
|
void handle_sigusr1(int signal);
|
||||||
void handle_sigusr2(int signal);
|
void handle_sigusr2(int signal);
|
||||||
@ -82,11 +81,12 @@ struct mosquitto_db *_mosquitto_get_db(void)
|
|||||||
* Note that setting config->user to "root" does not produce an error, but it
|
* Note that setting config->user to "root" does not produce an error, but it
|
||||||
* strongly discouraged.
|
* strongly discouraged.
|
||||||
*/
|
*/
|
||||||
int drop_privileges(struct mqtt3_config *config)
|
int drop_privileges(struct mqtt3_config *config, bool temporary)
|
||||||
{
|
{
|
||||||
#if !defined(__CYGWIN__) && !defined(WIN32)
|
#if !defined(__CYGWIN__) && !defined(WIN32)
|
||||||
struct passwd *pwd;
|
struct passwd *pwd;
|
||||||
char err[256];
|
char err[256];
|
||||||
|
int rc;
|
||||||
|
|
||||||
if(geteuid() == 0){
|
if(geteuid() == 0){
|
||||||
if(config->user && strcmp(config->user, "root")){
|
if(config->user && strcmp(config->user, "root")){
|
||||||
@ -100,12 +100,22 @@ int drop_privileges(struct mqtt3_config *config)
|
|||||||
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error setting groups whilst dropping privileges: %s.", err);
|
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error setting groups whilst dropping privileges: %s.", err);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
if(setgid(pwd->pw_gid) == -1){
|
if(temporary){
|
||||||
|
rc = setegid(pwd->pw_gid);
|
||||||
|
}else{
|
||||||
|
rc = setgid(pwd->pw_gid);
|
||||||
|
}
|
||||||
|
if(rc == -1){
|
||||||
strerror_r(errno, err, 256);
|
strerror_r(errno, err, 256);
|
||||||
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error setting gid whilst dropping privileges: %s.", err);
|
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error setting gid whilst dropping privileges: %s.", err);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
if(setuid(pwd->pw_uid) == -1){
|
if(temporary){
|
||||||
|
rc = seteuid(pwd->pw_uid);
|
||||||
|
}else{
|
||||||
|
rc = setuid(pwd->pw_uid);
|
||||||
|
}
|
||||||
|
if(rc == -1){
|
||||||
strerror_r(errno, err, 256);
|
strerror_r(errno, err, 256);
|
||||||
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error setting uid whilst dropping privileges: %s.", err);
|
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error setting uid whilst dropping privileges: %s.", err);
|
||||||
return 1;
|
return 1;
|
||||||
@ -119,6 +129,30 @@ int drop_privileges(struct mqtt3_config *config)
|
|||||||
return MOSQ_ERR_SUCCESS;
|
return MOSQ_ERR_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int restore_privileges(void)
|
||||||
|
{
|
||||||
|
#if !defined(__CYGWIN__) && !defined(WIN32)
|
||||||
|
char err[256];
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
if(getuid() == 0){
|
||||||
|
rc = setegid(0);
|
||||||
|
if(rc == -1){
|
||||||
|
strerror_r(errno, err, 256);
|
||||||
|
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error setting gid whilst restoring privileges: %s.", err);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
rc = seteuid(0);
|
||||||
|
if(rc == -1){
|
||||||
|
strerror_r(errno, err, 256);
|
||||||
|
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error setting uid whilst restoring privileges: %s.", err);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
return MOSQ_ERR_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef SIGHUP
|
#ifdef SIGHUP
|
||||||
/* Signal handler for SIGHUP - flag a config reload. */
|
/* Signal handler for SIGHUP - flag a config reload. */
|
||||||
void handle_sighup(int signal)
|
void handle_sighup(int signal)
|
||||||
@ -305,7 +339,7 @@ int main(int argc, char *argv[])
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = drop_privileges(&config);
|
rc = drop_privileges(&config, false);
|
||||||
if(rc != MOSQ_ERR_SUCCESS) return rc;
|
if(rc != MOSQ_ERR_SUCCESS) return rc;
|
||||||
|
|
||||||
signal(SIGINT, handle_sigint);
|
signal(SIGINT, handle_sigint);
|
||||||
|
@ -349,6 +349,9 @@ int mqtt3_config_read(struct mqtt3_config *config, bool reload);
|
|||||||
/* Free all config data. */
|
/* Free all config data. */
|
||||||
void mqtt3_config_cleanup(struct mqtt3_config *config);
|
void mqtt3_config_cleanup(struct mqtt3_config *config);
|
||||||
|
|
||||||
|
int drop_privileges(struct mqtt3_config *config, bool temporary);
|
||||||
|
int restore_privileges(void);
|
||||||
|
|
||||||
/* ============================================================
|
/* ============================================================
|
||||||
* Server send functions
|
* Server send functions
|
||||||
* ============================================================ */
|
* ============================================================ */
|
||||||
|
Loading…
Reference in New Issue
Block a user