From b1ab2b9ac1cfc15d2a8f5850145dd69043cc3ef7 Mon Sep 17 00:00:00 2001 From: Andreas Eversberg Date: Sat, 30 Aug 2008 08:24:52 +0200 Subject: [PATCH 1/1] LCR now runs as a user. You may change the path of socket and lock files. LCR admin socket's flags can now be altered to allow access to other users. Lock and socket files will now be removed when terminating LCR. modified: Makefile modified: chan_lcr.c modified: default/options.conf modified: lcradmin.c modified: lcrsocket.h modified: main.c modified: options.c modified: options.h modified: socket_server.c --- Makefile | 4 ++-- chan_lcr.c | 3 +-- default/options.conf | 11 +++++++++++ lcradmin.c | 8 ++++++-- lcrsocket.h | 2 +- main.c | 21 +++++++++++++-------- options.c | 20 +++++++++++++++++++- options.h | 2 ++ socket_server.c | 9 ++++++++- 9 files changed, 63 insertions(+), 17 deletions(-) diff --git a/Makefile b/Makefile index 63aeeee..171b57b 100644 --- a/Makefile +++ b/Makefile @@ -225,9 +225,9 @@ $(LCR): main.o \ trace.o \ $(LIBS) -o $(LCR) -$(LCRADMIN): lcradmin.c cause.c *.h Makefile +$(LCRADMIN): lcradmin.c cause.c options.c *.h Makefile $(PP) $(LIBDIR) $(CFLAGS_LCRADMIN) $(CURSES) -lm lcradmin.c cause.c \ - -o $(LCRADMIN) + options.c -o $(LCRADMIN) $(CHAN_LCR): chan_lcr.o bchannel.o callerid.o options.o *.h Makefile $(CC) -shared -Xlinker -x $(LDFLAGS) -o $(CHAN_LCR) chan_lcr.o bchannel.o callerid.o options.o diff --git a/chan_lcr.c b/chan_lcr.c index 4ab8591..52c2a31 100644 --- a/chan_lcr.c +++ b/chan_lcr.c @@ -1428,7 +1428,6 @@ int handle_socket(void) int open_socket(void) { int ret; - char *socket_name = SOCKET_NAME; int conn; struct sockaddr_un sock_address; unsigned int on = 1; @@ -1444,7 +1443,7 @@ int open_socket(void) /* set socket address and name */ memset(&sock_address, 0, sizeof(sock_address)); sock_address.sun_family = PF_UNIX; - strcpy(sock_address.sun_path, socket_name); + sprintf(sock_address.sun_path, SOCKET_NAME, options.lock); /* connect socket */ if ((conn = connect(lcr_sock, (struct sockaddr *)&sock_address, SUN_LEN(&sock_address))) < 0) diff --git a/default/options.conf b/default/options.conf index 6b1ca27..8bb69bc 100644 --- a/default/options.conf +++ b/default/options.conf @@ -89,3 +89,14 @@ # Most mail servers require an existing domain in order to accept mails. #email lcr@your.domain +# Directory to write lock file and admin socket file to. +# If /var/run does not have the rights to run LCR, you may choose /var/tmp +# or any directory with the appropiet rights LCR runs with. +#lock /var/run + +# Change rights of LCR socket, where lcradmin or chan_lcr connects to. +# By default 700 (user only) rights are set. If Asterisk runs with a different +# user, the rights may be changed to all users (777). +# Rights must have 0 in front, if octal values above are used. +#socketrights 0700 + diff --git a/lcradmin.c b/lcradmin.c index 1df16c5..042a4b0 100644 --- a/lcradmin.c +++ b/lcradmin.c @@ -23,6 +23,7 @@ #include #include #include "macro.h" +#include "options.h" #include "join.h" #include "joinpbx.h" #include "extension.h" @@ -1630,7 +1631,6 @@ next: int main(int argc, char *argv[]) { int mode; - char *socket_name = SOCKET_NAME; int sock, conn; struct sockaddr_un sock_address; char *ret; @@ -1717,6 +1717,10 @@ int main(int argc, char *argv[]) goto usage; } + if (read_options() == 0) { + exit(EXIT_FAILURE); + } + //pipeagain: /* open socket */ if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) @@ -1725,8 +1729,8 @@ int main(int argc, char *argv[]) exit(EXIT_FAILURE); } memset(&sock_address, 0, sizeof(sock_address)); + SPRINT(sock_address.sun_path, SOCKET_NAME, options.lock); sock_address.sun_family = PF_UNIX; - UCPY(sock_address.sun_path, socket_name); if ((conn = connect(sock, (struct sockaddr *)&sock_address, SUN_LEN(&sock_address))) < 0) { close(sock); diff --git a/lcrsocket.h b/lcrsocket.h index 86497f9..6c7983f 100644 --- a/lcrsocket.h +++ b/lcrsocket.h @@ -9,7 +9,7 @@ ** ** \*****************************************************************************/ -#define SOCKET_NAME "/var/run/LCR.socket" +#define SOCKET_NAME "%s/LCR.socket" /* structures that define message between admin-tool and pbx */ diff --git a/main.c b/main.c index cf6be07..59343ae 100644 --- a/main.c +++ b/main.c @@ -189,7 +189,7 @@ int main(int argc, char *argv[]) created_lock = 0, created_signal = 0, created_debug = 0, created_misdn = 0; int idletime = 0, idlecheck = 0; - char tracetext[256]; + char tracetext[256], lock[128]; #if 0 /* init fdset */ @@ -352,9 +352,11 @@ int main(int argc, char *argv[]) } /* create lock and lock! */ - if ((lockfd = open("/var/run/lcr.lock", O_CREAT, 0)) < 0) + SPRINT(lock, "%s/lcr.lock", options.lock); + if ((lockfd = open(lock, O_CREAT | O_WRONLY)) < 0) { - fprintf(stderr, "Cannot create lock file: /var/run/lcr.lock\n"); + fprintf(stderr, "Cannot create lock file: %s\n", lock); + fprintf(stderr, "Check options.conf to change to path with permissions for you.\n"); goto free; } if (flock(lockfd, LOCK_EX|LOCK_NB) < 0) @@ -408,18 +410,17 @@ int main(int argc, char *argv[]) switch(errno) { case ENOMEM: - fprintf(stderr, "Not enough memory to lock paging, exitting...\n"); + fprintf(stderr, "Warning: Not enough memory to lock paging, exitting...\n"); break; case EPERM: - fprintf(stderr, "No permission to lock paging, exitting...\n"); + fprintf(stderr, "Warning: No permission to lock paging, exitting...\n"); break; case EFAULT: - fprintf(stderr, "'Bad address' while locking paging, exitting...\n"); + fprintf(stderr, "Warning: 'Bad address' while locking paging, exitting...\n"); break; default: - fprintf(stderr, "Unknown error %d while locking paging, exitting...\n", errno); + fprintf(stderr, "Warning: Unknown error %d while locking paging, exitting...\n", errno); } - goto free; } /* set real time scheduler & priority */ @@ -710,7 +711,11 @@ free: if (created_lock) flock(lockfd, LOCK_UN); if (lockfd >= 0) + { + chmod(lock, 0700); + unlink(lock); close(lockfd); + } /* free rulesets */ if (ruleset_first) diff --git a/options.c b/options.c index 6bfdb97..fbe7fea 100644 --- a/options.c +++ b/options.c @@ -30,7 +30,9 @@ struct options options = { "", /* dummy caller id */ 0, /* use tones by dsp.o */ 0, /* by default use priority 0 */ - "lcr@your.machine" /* source mail adress */ + "lcr@your.machine", /* source mail adress */ + "/var/tmp", /* path of lock files */ + 0700 /* rights of lcr admin socket */ }; char options_error[256]; @@ -240,6 +242,22 @@ int read_options(void) SCPY(options.email, param); } else + if (!strcmp(option,"lock")) + { + if (param[0]==0) + { + SPRINT(options_error, "Error in %s (line %d): parameter for option %s missing.\n",filename,line,option); + goto error; + } + if (param[strlen(param)-1] == '/') + param[strlen(param)-1]=0; + SCPY(options.lock, param); + + } else + if (!strcmp(option,"socketrights")) + { + options.socketrights = strtol(param, NULL, 0); + } else { SPRINT(options_error, "Error in %s (line %d): wrong option keyword %s.\n", filename,line,option); goto error; diff --git a/options.h b/options.h index 60748f9..79e5fe0 100644 --- a/options.h +++ b/options.h @@ -24,6 +24,8 @@ struct options { int dsptones; /* tones will be generated via dsp.o 1=american 2=ger */ int schedule; /* run process in realtime @ given priority */ char email[128]; /* source email address */ + char lock[128]; /* path of lock files */ + int socketrights; /* rights of lcr admin socket */ }; extern struct options options; diff --git a/socket_server.c b/socket_server.c index 0b6e173..e1853d3 100644 --- a/socket_server.c +++ b/socket_server.c @@ -15,7 +15,7 @@ #include -char *socket_name = SOCKET_NAME; +char socket_name[128]; int sock = -1; struct sockaddr_un sock_address; @@ -36,6 +36,7 @@ int admin_init(void) } fhuse++; memset(&sock_address, 0, sizeof(sock_address)); + SPRINT(socket_name, SOCKET_NAME, options.lock); sock_address.sun_family = AF_UNIX; UCPY(sock_address.sun_path, socket_name); unlink(socket_name); @@ -66,6 +67,10 @@ int admin_init(void) PERROR("Failed to set socket \"%s\" into non-blocking mode. (errno=%d)\n", sock_address.sun_path, errno); return(-1); } + if (chmod(socket_name, options.socketrights) < 0) + { + PERROR("Failed to change socket rigts to %d. (errno=%d)\n", options.socketrights, errno); + } return(0); } @@ -176,6 +181,8 @@ void admin_cleanup(void) close(sock); fhuse--; } + + unlink(socket_name); } -- 2.13.6