From patchwork Sat Oct 10 08:07:35 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andy Zhou X-Patchwork-Id: 528552 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from archives.nicira.com (li376-54.members.linode.com [96.126.127.54]) by ozlabs.org (Postfix) with ESMTP id 479AC14076B for ; Sat, 10 Oct 2015 19:07:45 +1100 (AEDT) Received: from archives.nicira.com (localhost [127.0.0.1]) by archives.nicira.com (Postfix) with ESMTP id ED81810B99; Sat, 10 Oct 2015 01:07:44 -0700 (PDT) X-Original-To: dev@openvswitch.org Delivered-To: dev@openvswitch.org Received: from mx1e4.cudamail.com (mx1.cudamail.com [69.90.118.67]) by archives.nicira.com (Postfix) with ESMTPS id 8F9FD10B3C for ; Sat, 10 Oct 2015 01:07:44 -0700 (PDT) Received: from bar2.cudamail.com (unknown [192.168.21.12]) by mx1e4.cudamail.com (Postfix) with ESMTPS id 89FD41E0413 for ; Sat, 10 Oct 2015 02:07:43 -0600 (MDT) X-ASG-Debug-ID: 1444464462-03dc537fe1f022d0001-byXFYA Received: from mx1-pf2.cudamail.com ([192.168.24.2]) by bar2.cudamail.com with ESMTP id vPRRBVFQzo65Exhw (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sat, 10 Oct 2015 02:07:42 -0600 (MDT) X-Barracuda-Envelope-From: azhou@nicira.com X-Barracuda-RBL-Trusted-Forwarder: 192.168.24.2 Received: from unknown (HELO mail-pa0-f46.google.com) (209.85.220.46) by mx1-pf2.cudamail.com with ESMTPS (RC4-SHA encrypted); 10 Oct 2015 08:07:42 -0000 Received-SPF: unknown (mx1-pf2.cudamail.com: Multiple SPF records returned) X-Barracuda-Apparent-Source-IP: 209.85.220.46 X-Barracuda-RBL-IP: 209.85.220.46 Received: by pacex6 with SMTP id ex6so108038376pac.0 for ; Sat, 10 Oct 2015 01:07:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=YHBTUrq+8OYH96MA1gNnYiGFDGH4OQACFETO3BLctSw=; b=JHpaWkVIPYaUOfeG3LBwJgUMIrpOY8hnPUiIWRiJyIuSqb1arEAVvvuVl1s+AIzeLC YU8OymJnHgQa3aCtdQNbAcSm60ShnYnwJps7PlVFW/F253PwfDY76HP0bvD9T8BetsH7 9dG9EgRSj1K6XjO7Vc1p9f/zLoK7m2CXS3yr8mUfvQFLYCDgVOReHuu2KQtVpf+oZndM IKh2KKTGrmcgb2FjJY1A89DyPM0PJhGf1ow8lT64HfTzICnVqf0aGog4A1t0JBRmskDO ewl410igL4K4PEgpLftw6rRIZbOkemVqts6ZF/mlS6qC/4w0l7Q7UYKI8U/WSyZx9GeV 7Rkw== X-Gm-Message-State: ALoCoQnUoxeQk4ZnuqAZ1ISObnsMsL8VCF8z1n2NKdxQ9UqaS21bY/HydR4YfNC2RKIL8rq9MXVp X-Received: by 10.66.146.69 with SMTP id ta5mr21040083pab.46.1444464461857; Sat, 10 Oct 2015 01:07:41 -0700 (PDT) Received: from ubuntu.localdomain ([208.91.1.34]) by smtp.gmail.com with ESMTPSA id k10sm6578235pbq.78.2015.10.10.01.07.40 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 10 Oct 2015 01:07:41 -0700 (PDT) X-CudaMail-Envelope-Sender: azhou@nicira.com From: Andy Zhou To: dev@openvswitch.org X-CudaMail-Whitelist-To: dev@openvswitch.org X-CudaMail-MID: CM-E2-1009002442 X-CudaMail-DTE: 101015 X-CudaMail-Originating-IP: 209.85.220.46 Date: Sat, 10 Oct 2015 01:07:35 -0700 X-ASG-Orig-Subj: [##CM-E2-1009002442##][PATCH 1/2] lib: simplify daemon_become_new_user__() Message-Id: <1444464456-27941-1-git-send-email-azhou@nicira.com> X-Mailer: git-send-email 1.9.1 X-Barracuda-Connect: UNKNOWN[192.168.24.2] X-Barracuda-Start-Time: 1444464462 X-Barracuda-Encrypted: DHE-RSA-AES256-SHA X-Barracuda-URL: https://web.cudamail.com:443/cgi-mod/mark.cgi X-ASG-Whitelist: Header =?UTF-8?B?eFwtY3VkYW1haWxcLXdoaXRlbGlzdFwtdG8=?= X-Virus-Scanned: by bsmtpd at cudamail.com X-Barracuda-BRTS-Status: 1 Subject: [ovs-dev] [PATCH 1/2] lib: simplify daemon_become_new_user__() X-BeenThere: dev@openvswitch.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: dev-bounces@openvswitch.org Sender: "dev" Global variable 'switch_user' is no longer needed to make sure user switch only happens once per process. Testing for uid directly simplifies the logic; if switch process has taken place, then the currnet uid can not be zero. Signed-off-by: Andy Zhou --- lib/daemon-unix.c | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c index 868e2c9..cafa397 100644 --- a/lib/daemon-unix.c +++ b/lib/daemon-unix.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013 Nicira, Inc. + * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2015 Nicira, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -83,8 +83,7 @@ static bool monitor; /* --user: Only root can use this option. Switch to new uid:gid after * initially running as root. */ -static bool switch_user = false; -static bool non_root_user = false; +static bool non_root_user__ = false; static uid_t uid; static gid_t gid; static char *user = NULL; @@ -440,13 +439,11 @@ daemonize_start(bool access_datapath) assert_single_threaded(); daemonize_fd = -1; - if (switch_user) { + if (non_root_user__) { daemon_become_new_user__(access_datapath); - switch_user = false; - } - /* If --user is specified, make sure user switch has completed by now. */ - if (non_root_user) { + /* If --user is specified, make sure this is no longer a root + * process. */ ovs_assert(geteuid() && getuid()); } @@ -853,6 +850,12 @@ daemon_become_new_user_linux(bool access_datapath OVS_UNUSED) static void daemon_become_new_user__(bool access_datapath) { + /* Execute this function at most once. After this function has been + * executed, current uid and effective uid can not be zero. */ + if (getuid() || geteuid()) { + return; + } + if (LINUX) { if (LIBCAPNG) { daemon_become_new_user_linux(access_datapath); @@ -873,12 +876,8 @@ void daemon_become_new_user(bool access_datapath) { assert_single_threaded(); - if (switch_user) { + if (non_root_user__) { daemon_become_new_user__(access_datapath); - - /* Make sure daemonize_start() will not switch - * user again. */ - switch_user = false; } } @@ -1041,5 +1040,5 @@ daemon_set_new_user(const char *user_spec) } } - switch_user = non_root_user = true; + non_root_user__ = true; }