TS-2425: Update to TS-2261 for loading plugins as root
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/cd86569e Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/cd86569e Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/cd86569e Branch: refs/heads/5.0.x Commit: cd86569e9342829fe72e7a4b6492157fb352fa0b Parents: 0089777 Author: Bryan Call <bc...@apache.org> Authored: Thu Jan 23 15:50:14 2014 +0100 Committer: Bryan Call <bc...@apache.org> Committed: Thu Jan 23 15:50:14 2014 +0100 ---------------------------------------------------------------------- CHANGES | 2 + proxy/Plugin.cc | 34 +++++++-------- proxy/http/remap/RemapConfig.cc | 85 +++++++++++++++++------------------- proxy/http/remap/UrlMapping.cc | 7 +-- 4 files changed, 59 insertions(+), 69 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/cd86569e/CHANGES ---------------------------------------------------------------------- diff --git a/CHANGES b/CHANGES index 0140b40..e795406 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,8 @@ -*- coding: utf-8 -*- Changes with Apache Traffic Server 4.2.0 + *) [TS-2425] Update to TS-2261 for loading plugins as root + *) [TS-2505] Add traffic_line --offline option. *) [TS-2305] Fall back to ftruncate if posix_fallocate fails. http://git-wip-us.apache.org/repos/asf/trafficserver/blob/cd86569e/proxy/Plugin.cc ---------------------------------------------------------------------- diff --git a/proxy/Plugin.cc b/proxy/Plugin.cc index 56e2a68..0d315b6 100644 --- a/proxy/Plugin.cc +++ b/proxy/Plugin.cc @@ -111,29 +111,29 @@ plugin_load(int argc, char *argv[]) } plugin_reg_temp = (plugin_reg_temp->link).next; } - - handle = dll_open(path); - if (!handle) { - Fatal("unable to load '%s': %s", path, dll_error(handle)); - } - - // Allocate a new registration structure for the - // plugin we're starting up - ink_assert(plugin_reg_current == NULL); - plugin_reg_current = new PluginRegInfo; - plugin_reg_current->plugin_path = ats_strdup(path); - - init = (init_func_t) dll_findsym(handle, "TSPluginInit"); - if (!init) { - Fatal("unable to find TSPluginInit function '%s': %s", path, dll_error(handle)); - } - // elevate the access to read files as root if compiled with capabilities, if not // change the effective user to root { uint32_t elevate_access = 0; REC_ReadConfigInteger(elevate_access, "proxy.config.plugin.load_elevated"); ElevateAccess access(elevate_access != 0); + + handle = dll_open(path); + if (!handle) { + Fatal("unable to load '%s': %s", path, dll_error(handle)); + } + + // Allocate a new registration structure for the + // plugin we're starting up + ink_assert(plugin_reg_current == NULL); + plugin_reg_current = new PluginRegInfo; + plugin_reg_current->plugin_path = ats_strdup(path); + + init = (init_func_t) dll_findsym(handle, "TSPluginInit"); + if (!init) { + Fatal("unable to find TSPluginInit function '%s': %s", path, dll_error(handle)); + } + init(argc, argv); } // done elevating access http://git-wip-us.apache.org/repos/asf/trafficserver/blob/cd86569e/proxy/http/remap/RemapConfig.cc ---------------------------------------------------------------------- diff --git a/proxy/http/remap/RemapConfig.cc b/proxy/http/remap/RemapConfig.cc index bc4a16b..787fbb0 100644 --- a/proxy/http/remap/RemapConfig.cc +++ b/proxy/http/remap/RemapConfig.cc @@ -663,44 +663,6 @@ remap_load_plugin(const char ** argv, int argc, url_mapping *mp, char *errbuf, i } Debug("remap_plugin", "New remap plugin info created for \"%s\"", c); - if ((pi->dlh = dlopen(c, RTLD_NOW)) == NULL) { -#if defined(freebsd) || defined(openbsd) - err = (char *)dlerror(); -#else - err = dlerror(); -#endif - snprintf(errbuf, errbufsize, "Can't load plugin \"%s\" - %s", c, err ? err : "Unknown dlopen() error"); - return -4; - } - pi->fp_tsremap_init = (remap_plugin_info::_tsremap_init *) dlsym(pi->dlh, TSREMAP_FUNCNAME_INIT); - pi->fp_tsremap_done = (remap_plugin_info::_tsremap_done *) dlsym(pi->dlh, TSREMAP_FUNCNAME_DONE); - pi->fp_tsremap_new_instance = (remap_plugin_info::_tsremap_new_instance *) dlsym(pi->dlh, TSREMAP_FUNCNAME_NEW_INSTANCE); - pi->fp_tsremap_delete_instance = (remap_plugin_info::_tsremap_delete_instance *) dlsym(pi->dlh, TSREMAP_FUNCNAME_DELETE_INSTANCE); - pi->fp_tsremap_do_remap = (remap_plugin_info::_tsremap_do_remap *) dlsym(pi->dlh, TSREMAP_FUNCNAME_DO_REMAP); - pi->fp_tsremap_os_response = (remap_plugin_info::_tsremap_os_response *) dlsym(pi->dlh, TSREMAP_FUNCNAME_OS_RESPONSE); - - if (!pi->fp_tsremap_init) { - snprintf(errbuf, errbufsize, "Can't find \"%s\" function in remap plugin \"%s\"", TSREMAP_FUNCNAME_INIT, c); - retcode = -10; - } else if (!pi->fp_tsremap_new_instance) { - snprintf(errbuf, errbufsize, "Can't find \"%s\" function in remap plugin \"%s\"", - TSREMAP_FUNCNAME_NEW_INSTANCE, c); - retcode = -11; - } else if (!pi->fp_tsremap_do_remap) { - snprintf(errbuf, errbufsize, "Can't find \"%s\" function in remap plugin \"%s\"", TSREMAP_FUNCNAME_DO_REMAP, c); - retcode = -12; - } - if (retcode) { - if (errbuf && errbufsize > 0) - Debug("remap_plugin", "%s", errbuf); - dlclose(pi->dlh); - pi->dlh = NULL; - return retcode; - } - memset(&ri, 0, sizeof(ri)); - ri.size = sizeof(ri); - ri.tsremap_version = TSREMAP_VERSION; - // elevate the access to read files as root if compiled with capabilities, if not // change the effective user to root { @@ -708,6 +670,44 @@ remap_load_plugin(const char ** argv, int argc, url_mapping *mp, char *errbuf, i REC_ReadConfigInteger(elevate_access, "proxy.config.plugin.load_elevated"); ElevateAccess access(elevate_access != 0); + if ((pi->dlh = dlopen(c, RTLD_NOW)) == NULL) { +#if defined(freebsd) || defined(openbsd) + err = (char *)dlerror(); +#else + err = dlerror(); +#endif + snprintf(errbuf, errbufsize, "Can't load plugin \"%s\" - %s", c, err ? err : "Unknown dlopen() error"); + return -4; + } + pi->fp_tsremap_init = (remap_plugin_info::_tsremap_init *) dlsym(pi->dlh, TSREMAP_FUNCNAME_INIT); + pi->fp_tsremap_done = (remap_plugin_info::_tsremap_done *) dlsym(pi->dlh, TSREMAP_FUNCNAME_DONE); + pi->fp_tsremap_new_instance = (remap_plugin_info::_tsremap_new_instance *) dlsym(pi->dlh, TSREMAP_FUNCNAME_NEW_INSTANCE); + pi->fp_tsremap_delete_instance = (remap_plugin_info::_tsremap_delete_instance *) dlsym(pi->dlh, TSREMAP_FUNCNAME_DELETE_INSTANCE); + pi->fp_tsremap_do_remap = (remap_plugin_info::_tsremap_do_remap *) dlsym(pi->dlh, TSREMAP_FUNCNAME_DO_REMAP); + pi->fp_tsremap_os_response = (remap_plugin_info::_tsremap_os_response *) dlsym(pi->dlh, TSREMAP_FUNCNAME_OS_RESPONSE); + + if (!pi->fp_tsremap_init) { + snprintf(errbuf, errbufsize, "Can't find \"%s\" function in remap plugin \"%s\"", TSREMAP_FUNCNAME_INIT, c); + retcode = -10; + } else if (!pi->fp_tsremap_new_instance) { + snprintf(errbuf, errbufsize, "Can't find \"%s\" function in remap plugin \"%s\"", + TSREMAP_FUNCNAME_NEW_INSTANCE, c); + retcode = -11; + } else if (!pi->fp_tsremap_do_remap) { + snprintf(errbuf, errbufsize, "Can't find \"%s\" function in remap plugin \"%s\"", TSREMAP_FUNCNAME_DO_REMAP, c); + retcode = -12; + } + if (retcode) { + if (errbuf && errbufsize > 0) + Debug("remap_plugin", "%s", errbuf); + dlclose(pi->dlh); + pi->dlh = NULL; + return retcode; + } + memset(&ri, 0, sizeof(ri)); + ri.size = sizeof(ri); + ri.tsremap_version = TSREMAP_VERSION; + if (pi->fp_tsremap_init(&ri, tmpbuf, sizeof(tmpbuf) - 1) != TS_SUCCESS) { Warning("Failed to initialize plugin %s (non-zero retval) ... bailing out", pi->path); return -5; @@ -768,14 +768,7 @@ remap_load_plugin(const char ** argv, int argc, url_mapping *mp, char *errbuf, i Debug("remap_plugin", "creating new plugin instance"); TSReturnCode res = TS_ERROR; - // elevate the access to read files as root if compiled with capabilities, if not - // change the effective user to root - { - uint32_t elevate_access = 0; - REC_ReadConfigInteger(elevate_access, "proxy.config.plugin.load_elevated"); - ElevateAccess access(elevate_access != 0); - res = pi->fp_tsremap_new_instance(parc, parv, &ih, tmpbuf, sizeof(tmpbuf) - 1); - } // done elevating access + res = pi->fp_tsremap_new_instance(parc, parv, &ih, tmpbuf, sizeof(tmpbuf) - 1); Debug("remap_plugin", "done creating new plugin instance"); http://git-wip-us.apache.org/repos/asf/trafficserver/blob/cd86569e/proxy/http/remap/UrlMapping.cc ---------------------------------------------------------------------- diff --git a/proxy/http/remap/UrlMapping.cc b/proxy/http/remap/UrlMapping.cc index d5b00d1..58739c1 100644 --- a/proxy/http/remap/UrlMapping.cc +++ b/proxy/http/remap/UrlMapping.cc @@ -79,13 +79,8 @@ url_mapping::delete_instance(unsigned int index) remap_plugin_info* p = get_plugin(index); if (ih && p && p->fp_tsremap_delete_instance) { - // elevate the access to read files as root if compiled with capabilities, if not - // change the effective user to root - uint32_t elevate_access = 0; - REC_ReadConfigInteger(elevate_access, "proxy.config.plugin.load_elevated"); - ElevateAccess access(elevate_access != 0); p->fp_tsremap_delete_instance(ih); - } // done elevating access + } }