summaryrefslogtreecommitdiff
path: root/opentracker.c
diff options
context:
space:
mode:
authorerdgeist <>2009-01-02 08:57:53 +0000
committererdgeist <>2009-01-02 08:57:53 +0000
commit2df09905f5540fee096d48a92cb0c42558498a12 (patch)
tree68eab61d29719400972485de395dd0465467aea6 /opentracker.c
parent548e2b8338b5ee8d24fa928e833f345bb5cb6f0e (diff)
* opentracker now drops permissions in correct order and really chroots() if ran as root
* lock passing between add_peer_to_torrent and return_peers_for_torrent is now avoided by providing a more general add_peer_to_torrent_and_return_peers function that can be used with NULL parameters to not return any peers (in sync case) * in order to keep a fast overview how many torrents opentracker maintains, every mutex_bucket_unlock operation expects an additional integer parameter that tells ot_mutex.c how many torrents have been added or removed. A function mutex_get_torrent_count has been introduced.
Diffstat (limited to 'opentracker.c')
-rw-r--r--opentracker.c58
1 files changed, 45 insertions, 13 deletions
diff --git a/opentracker.c b/opentracker.c
index 61acd3f..993877a 100644
--- a/opentracker.c
+++ b/opentracker.c
@@ -350,8 +350,47 @@ int parse_configfile( char * config_filename ) {
350 return bound; 350 return bound;
351} 351}
352 352
353int main( int argc, char **argv ) { 353int drop_privileges (const char * const serverdir) {
354 struct passwd *pws = NULL; 354 struct passwd *pws = NULL;
355
356 /* Grab pws entry before chrooting */
357 pws = getpwnam( "nobody" );
358 endpwent();
359
360 if( geteuid() == 0 ) {
361 /* Running as root: chroot and drop privileges */
362 if(chroot( serverdir )) {
363 fprintf( stderr, "Could not chroot to %s, because: %s\n", serverdir, strerror(errno) );
364 return -1;
365 }
366
367 if(chdir("/"))
368 panic("chdir() failed after chrooting: ");
369
370 if( !pws ) {
371 setegid( (gid_t)-2 ); setgid( (gid_t)-2 );
372 setuid( (uid_t)-2 ); seteuid( (uid_t)-2 );
373 }
374 else {
375 setegid( pws->pw_gid ); setgid( pws->pw_gid );
376 setuid( pws->pw_uid ); seteuid( pws->pw_uid );
377 }
378
379 if( geteuid() == 0 || getegid() == 0 )
380 panic("Still running with root privileges?!");
381 }
382 else {
383 /* Normal user, just chdir() */
384 if(chdir( serverdir )) {
385 fprintf( stderr, "Could not chroot to %s, because: %s\n", serverdir, strerror(errno) );
386 return -1;
387 }
388 }
389
390 return 0;
391}
392
393int main( int argc, char **argv ) {
355 char serverip[4] = {0,0,0,0}, tmpip[4]; 394 char serverip[4] = {0,0,0,0}, tmpip[4];
356 int bound = 0, scanon = 1; 395 int bound = 0, scanon = 1;
357 uint16_t tmpport; 396 uint16_t tmpport;
@@ -404,16 +443,8 @@ while( scanon ) {
404 ot_try_bind( serverip, 6969, FLAG_UDP ); 443 ot_try_bind( serverip, 6969, FLAG_UDP );
405 } 444 }
406 445
407 /* Drop permissions */ 446 if( drop_privileges( g_serverdir ? g_serverdir : "." ) == -1 )
408 pws = getpwnam( "nobody" ); 447 panic( "drop_privileges failed, exiting. Last error");
409 if( !pws ) {
410 setegid( (gid_t)-2 ); setuid( (uid_t)-2 );
411 setgid( (gid_t)-2 ); seteuid( (uid_t)-2 );
412 } else {
413 setegid( pws->pw_gid ); setuid( pws->pw_uid );
414 setgid( pws->pw_gid ); seteuid( pws->pw_uid );
415 }
416 endpwent();
417 448
418 signal( SIGPIPE, SIG_IGN ); 449 signal( SIGPIPE, SIG_IGN );
419 signal( SIGINT, signal_handler ); 450 signal( SIGINT, signal_handler );
@@ -421,9 +452,10 @@ while( scanon ) {
421 452
422 g_now_seconds = time( NULL ); 453 g_now_seconds = time( NULL );
423 454
424 if( trackerlogic_init( g_serverdir ? g_serverdir : "." ) == -1 ) 455 /* Init all sub systems. This call may fail with an exit() */
425 panic( "Logic not started" ); 456 trackerlogic_init( );
426 457
458 /* Kick off our initial clock setting alarm */
427 alarm(5); 459 alarm(5);
428 460
429 server_mainloop( ); 461 server_mainloop( );