Changeset: 22ab36b7873b for MonetDB
URL: http://dev.monetdb.org/hg/MonetDB?cmd=changeset;node=22ab36b7873b
Modified Files:
sql/src/backends/monet5/merovingian/ChangeLog.Jun2010
sql/src/backends/monet5/merovingian/merovingian.1.in
sql/src/backends/monet5/merovingian/merovingian.c
sql/src/backends/monet5/merovingian/merovingian_connections.c
sql/src/backends/monet5/merovingian/utils.c
Branch: Jun2010
Log Message:
Fix bug #2550 (file access permissions), cleanup more, remove prestarting
database feature
diffs (273 lines):
diff -r e09cdc4142b3 -r 22ab36b7873b
sql/src/backends/monet5/merovingian/ChangeLog.Jun2010
--- a/sql/src/backends/monet5/merovingian/ChangeLog.Jun2010 Tue Jun 01
08:20:52 2010 +0200
+++ b/sql/src/backends/monet5/merovingian/ChangeLog.Jun2010 Tue Jun 01
11:51:17 2010 +0200
@@ -3,6 +3,21 @@
#*June2010
+ 01 Jun 2010; Fabian Groffen <fab...@cwi.nl> merovingian.c, utils.c:
+ Fixed an issue where Merovingian's strict umask was applied too early
+ causing files to be inaccessible. Now the .merovingian_control socket
+ file is accessible to both user and group of the merovingian process,
+ and the .mapi_socket file is accessible to everyone like a TCP socket
+ is. Fixes bug #2550.
+
+ 01 Jun 2010; Fabian Groffen <fab...@cwi.nl> merovingian.c:
+ Properly clean up .merovingian_control file in dbfarm.
+
+ 01 Jun 2010; Fabian Groffen <fab...@cwi.nl> merovingian.1.in,
+ merovingian.c:
+ Removed database pre-starting (mis-)feature, any argument to
+ merovingian now yields in a version message followed by a server exit.
+
07 Apr 2010; Fabian Groffen <fab...@cwi.nl> monetdb.c:
Sort output returned by discover, status and get commands based on url
or dbname.
diff -r e09cdc4142b3 -r 22ab36b7873b
sql/src/backends/monet5/merovingian/merovingian.1.in
--- a/sql/src/backends/monet5/merovingian/merovingian.1.in Tue Jun 01
08:20:52 2010 +0200
+++ b/sql/src/backends/monet5/merovingian/merovingian.1.in Tue Jun 01
11:51:17 2010 +0200
@@ -1,12 +1,11 @@
.\" Process this file with
.\" groff -man -Tascii foo.1
.\"
-.TH MEROVINGIAN 1 "APRIL 2010" Application "MonetDB Applications"
+.TH MEROVINGIAN 1 "JUNE 2010" Application "MonetDB Applications"
.SH NAME
merovingian \- the MonetDB Database Server daemon
.SH SYNOPSIS
.B merovingian
-[database ...]
.SH DESCRIPTION
.B merovingian
is the MonetDB Database Server daemon. It is not meant to be used in
@@ -37,14 +36,11 @@
.B merovingian
runs in the background, sending log messages to
.IR @MERO_LOG@ ,
-until being sent a stop, terminate or interrupt signal. All arguments
+until being sent a stop, terminate or interrupt signal. Any arguments
given when starting
.B merovingian
-are considered to be databases to be pre-started. Pre-started databases
-are started as part of the startup of
-.BR merovingian ,
-which means their startup is not delayed until the first client
-requests for them.
+cause the version to be printed followed by a shutdown of
+.BR merovingian .
.P
.B merovingian
uses a neighbour discovery scheme to detect other
diff -r e09cdc4142b3 -r 22ab36b7873b
sql/src/backends/monet5/merovingian/merovingian.c
--- a/sql/src/backends/monet5/merovingian/merovingian.c Tue Jun 01 08:20:52
2010 +0200
+++ b/sql/src/backends/monet5/merovingian/merovingian.c Tue Jun 01 11:51:17
2010 +0200
@@ -427,7 +427,6 @@
FILE *cnf = NULL, *pidfile = NULL;
char buf[1024];
char bufu[1024];
- sabdb* stats = NULL;
dpair d;
int pfd[2];
int retfd = -1;
@@ -501,10 +500,6 @@
}
#endif
- /* Paranoia umask, but good, because why would people have to sniff
- * our private parts? */
- umask(S_IRWXG | S_IRWXO);
-
/* hunt for the config file, and read it, allow the caller to
* specify where to look using the MONETDB5CONF environment variable */
p = getenv("MONETDB5CONF");
@@ -518,13 +513,14 @@
/* store this conffile for later use in forkMserver */
_mero_conffile = p;
-#define MERO_EXIT(status) \
- buf[0] = status; \
- if (write(retfd, &buf, 1) != 1 || close(retfd) != 0) { \
+#define MERO_EXIT(status) { \
+ char s = status; \
+ if (write(retfd, &s, 1) != 1 || close(retfd) != 0) { \
Mfprintf(stderr, "could not write to parent\n"); \
} \
if (status != 0) \
- return(status);
+ return(status); \
+}
readConfFile(ckv, cnf);
fclose(cnf);
@@ -667,6 +663,22 @@
MERO_EXIT(1);
}
+ /* figure out our hostname */
+ gethostname(_mero_hostname, 128);
+
+ if (argc > 1) {
+ Mfprintf(stderr, "Merovingian %s on host %s\n", MERO_VERSION,
+ _mero_hostname /*FIXME not yet set*/);
+ Mfprintf(stderr, "Using config file: %s\n", _mero_conffile);
+ Mfprintf(stderr, " monitoring dbfarm: %s\n", dbfarm);
+ Mfprintf(stderr, " forking mserver5: %s\n", _mero_mserver);
+ Mfprintf(stderr, " allows remote control: %s\n",
+ (_mero_controlport != 0 ? "yes" : "no"));
+ Mfprintf(stderr, " performs neighbour discovery: %s\n",
+ (discoveryport != 0 ? "yes" : "no"));
+ MERO_EXIT(1);
+ }
+
/* seed the randomiser for when we create a database, send responses
* to HELO, etc */
srand(time(NULL));
@@ -845,9 +857,6 @@
d->dbname = "control";
d->next = NULL;
- /* figure out our hostname */
- gethostname(_mero_hostname, 128);
-
/* write out the pid */
Mfprintf(pidfile, "%d\n", (int)d->pid);
fclose(pidfile);
@@ -913,9 +922,9 @@
/* open up connections */
if (
(e = openConnectionTCP(&sock, _mero_port, stdout)) ==
NO_ERR &&
- (e = openConnectionUNIX(&socku, bufu, stdout)) ==
NO_ERR &&
+ (e = openConnectionUNIX(&socku, bufu, 0, stdout)) ==
NO_ERR &&
(e = openConnectionUDP(&usock, discoveryport)) ==
NO_ERR &&
- (e = openConnectionUNIX(&unsock, buf, _mero_ctlout)) ==
NO_ERR &&
+ (e = openConnectionUNIX(&unsock, buf, S_IRWXO,
_mero_ctlout)) == NO_ERR &&
(_mero_controlport == 0 || (e =
openConnectionTCP(&csock, _mero_controlport, _mero_ctlout)) == NO_ERR)
)
{
@@ -944,16 +953,9 @@
* start running, so flag the parent we will have fun. */
MERO_EXIT(0);
- for (argp = 1; argp < argc; argp++) {
- e = forkMserver(argv[argp], &stats, 0);
- if (e != NO_ERR) {
- Mfprintf(stderr, "failed to fork mserver:
%s\n", getErrMsg(e));
- freeErr(e);
- stats = NULL;
- }
- if (stats != NULL)
- SABAOTHfreeStatus(&stats);
- }
+ /* Paranoia umask, but good, because why would people have to
sniff
+ * our private parts? */
+ umask(S_IRWXG | S_IRWXO);
/* handle control commands */
csocks[0] = unsock;
@@ -989,8 +991,12 @@
}
/* control channel is already closed at this point */
- unlink(buf);
- unlink(bufu);
+ if (unlink(buf) == -1)
+ Mfprintf(stderr, "unable to unlink control socket '%s': %s\n",
+ buf, strerror(errno));
+ if (unlink(bufu) == -1)
+ Mfprintf(stderr, "unable to unlink mapi socket '%s': %s\n",
+ bufu, strerror(errno));
if (e != NO_ERR) {
/* console */
diff -r e09cdc4142b3 -r 22ab36b7873b
sql/src/backends/monet5/merovingian/merovingian_connections.c
--- a/sql/src/backends/monet5/merovingian/merovingian_connections.c Tue Jun
01 08:20:52 2010 +0200
+++ b/sql/src/backends/monet5/merovingian/merovingian_connections.c Tue Jun
01 11:51:17 2010 +0200
@@ -142,10 +142,11 @@
}
static err
-openConnectionUNIX(int *ret, char *path, FILE *log)
+openConnectionUNIX(int *ret, char *path, int mode, FILE *log)
{
struct sockaddr_un server;
int sock = -1;
+ int omask;
sock = socket(AF_UNIX, SOCK_STREAM, 0);
if (sock < 0)
@@ -156,9 +157,15 @@
server.sun_family = AF_UNIX;
strncpy(server.sun_path, path, sizeof(server.sun_path) - 1);
- if (bind(sock, (SOCKPTR) &server, sizeof(struct sockaddr_un)) < 0)
+ /* have to use umask to restrict permissions to avoid a race
+ * condition */
+ omask = umask(mode);
+ if (bind(sock, (SOCKPTR) &server, sizeof(struct sockaddr_un)) < 0) {
+ umask(omask);
return(newErr("binding to UNIX stream socket at %s failed: %s",
path, strerror(errno)));
+ }
+ umask(omask);
/* keep queue of 5 */
listen(sock, 5);
diff -r e09cdc4142b3 -r 22ab36b7873b sql/src/backends/monet5/merovingian/utils.c
--- a/sql/src/backends/monet5/merovingian/utils.c Tue Jun 01 08:20:52
2010 +0200
+++ b/sql/src/backends/monet5/merovingian/utils.c Tue Jun 01 11:51:17
2010 +0200
@@ -29,6 +29,7 @@
#include "sql_config.h"
#include "utils.h"
#include <stdio.h> /* fprintf, fgets */
+#include <unistd.h> /* unlink */
#include <string.h> /* memcpy */
#include <strings.h> /* strcasecmp */
#include <gdk.h> /* GDKmalloc */
@@ -299,18 +300,33 @@
buf[c] = '\0';
}
+/**
+ * Creates a file path read/writable for the user only containing a
+ * random passphrase.
+ */
char *
generatePassphraseFile(char *path)
{
+ int fd;
FILE *f;
unsigned int len = 48;
char buf[len];
- generateSalt(buf, len);
- if ((f = fopen(path, "w")) == NULL) {
+ /* delete such that we are sure we recreate the file with restricted
+ * permissions */
+ unlink(path);
+ if ((fd = open(path, O_CREAT | O_WRONLY, S_IRUSR | S_IWUSR)) == -1) {
char err[512];
snprintf(err, sizeof(err), "unable to open '%s': %s",
path, strerror(errno));
+ }
+
+ generateSalt(buf, len);
+ if ((f = fdopen(fd, "w")) == NULL) {
+ char err[512];
+ snprintf(err, sizeof(err), "unable to open '%s': %s",
+ path, strerror(errno));
+ close(fd);
return(strdup(err));
}
if (fwrite(buf, 1, len, f) < len) {
@@ -318,9 +334,11 @@
snprintf(err, sizeof(err), "cannot write secret: %s",
strerror(errno));
fclose(f);
+ close(fd);
return(strdup(err));
}
fclose(f);
+ close(fd);
return(NULL);
}
_______________________________________________
Checkin-list mailing list
Checkin-list@monetdb.org
http://mail.monetdb.org/mailman/listinfo/checkin-list
