Remove requirement of having uid and gid of "ais" on the system and allow

nonroot users to access ipc if their uid/gid is in the /etc/corosync/uidgid.d
directory.


git-svn-id: http://svn.fedorahosted.org/svn/corosync/trunk@2261 fd59a12c-fef9-0310-b244-a6a79926bd2f

exec/main.c

@@ -117,8 +117,6 @@ static struct objdb_iface_ver0 *objdb = NULL;
 
 static struct corosync_api_v1 *api = NULL;
 
-static struct ug_config ug_config;
-
 unsigned long long *(*main_clm_get_by_nodeid) (unsigned int node_id);
 
 hdb_handle_t corosync_poll_handle;
@@ -276,9 +274,7 @@ static void confchg_fn (
 
 static void priv_drop (void)
 {
-return; /* TODO: we are still not dropping privs */
-	setuid (ug_config.uid);
-	setegid (ug_config.gid);
+	return; /* TODO: we are still not dropping privs */
 }
 
 static void corosync_tty_detach (void)
@@ -486,8 +482,11 @@ static int corosync_security_valid (int euid, int egid)
 		return (1);
 	}
 
-	for (iter = ug_config.uidgid_list.next; iter != &ug_config.uidgid_list; iter = iter->next) {
-		struct uidgid_item *ugi = list_entry (iter, struct uidgid_item, list);
+	for (iter = uidgid_list_head.next; iter != &uidgid_list_head;
+		iter = iter->next) {
+
+		struct uidgid_item *ugi = list_entry (iter, struct uidgid_item,
+			list);
 
 		if (euid == ugi->uid || egid == ugi->gid)
 			return (1);
@@ -786,7 +785,7 @@ int main (int argc, char **argv)
 	}
 	free(config_iface);
 
-	res = corosync_main_config_read (objdb, &error_string, &ug_config);
+	res = corosync_main_config_read (objdb, &error_string);
 	if (res == -1) {
 		/*
 		 * if we are here, we _must_ flush the logsys queue

exec/mainconfig.c

@@ -55,8 +55,12 @@
 #include "mainconfig.h"
 
 static char error_string_response[512];
+
 static struct objdb_iface_ver0 *global_objdb;
 
+DECLARE_LIST_INIT(uidgid_list_head);
+
+
 /* This just makes the code below a little neater */
 static inline int objdb_get_string (
 	const struct objdb_iface_ver0 *objdb,
@@ -642,8 +646,7 @@ static void add_logsys_config_notification(
 
 static int corosync_main_config_read_uidgid (
 	struct objdb_iface_ver0 *objdb,
-	const char **error_string,
-	struct ug_config *ug_config)
+	const char **error_string)
 {
 	hdb_handle_t object_find_handle;
 	hdb_handle_t object_service_handle;
@@ -651,8 +654,6 @@ static int corosync_main_config_read_uidgid (
 	int uid, gid;
 	struct uidgid_item *ugi;
 
-	list_init (&ug_config->uidgid_list);
-
 	objdb->object_find_create (
 		OBJECT_PARENT_HANDLE,
 		"uidgid",
@@ -680,7 +681,8 @@ static int corosync_main_config_read_uidgid (
 			}
 			ugi->uid = uid;
 			ugi->gid = gid;
-			list_add (&ugi->list, &ug_config->uidgid_list);
+			list_init (&ugi->list);
+			list_add (&ugi->list, &uidgid_list_head);
 		}
 	}
 	objdb->object_find_destroy (object_find_handle);
@@ -690,53 +692,16 @@ static int corosync_main_config_read_uidgid (
 
 int corosync_main_config_read (
 	struct objdb_iface_ver0 *objdb,
-	const char **error_string,
-	struct ug_config *ug_config)
+	const char **error_string)
 {
-	hdb_handle_t object_service_handle;
-	char *value;
 	const char *error_reason = error_string_response;
-	hdb_handle_t object_find_handle;
-
-	memset (ug_config, 0, sizeof (struct ug_config));
 
 	if (corosync_main_config_read_logging(objdb, error_string) < 0) {
 		error_reason = *error_string;
 		goto parse_error;
 	}
 
-	ug_config->uid = -1;
-	ug_config->gid = -1;
-
-	objdb->object_find_create (
-		OBJECT_PARENT_HANDLE,
-		"aisexec",
-		strlen ("aisexec"),
-		&object_find_handle);
-
-	if (objdb->object_find_next (
-		object_find_handle,
-		&object_service_handle) == 0) {
-
-		if (!objdb_get_string (objdb,object_service_handle, "user", &value)) {
-			ug_config->uid = uid_determine(value);
-		}
-
-		if (!objdb_get_string (objdb,object_service_handle, "group", &value)) {
-			ug_config->gid = gid_determine(value);
-		}
-	}
-
-	objdb->object_find_destroy (object_find_handle);
-
-	if (ug_config->uid < 0) {
-		ug_config->uid = uid_determine("ais");
-	}
-	if (ug_config->gid < 0) {
-		ug_config->gid = gid_determine("ais");
-	}
-
-	corosync_main_config_read_uidgid (objdb, error_string, ug_config);
+	corosync_main_config_read_uidgid (objdb, error_string);
 
 	add_logsys_config_notification(objdb);
 

exec/mainconfig.h

@@ -59,23 +59,10 @@ struct uidgid_item {
 	int gid;
 };
 
-struct ug_config {
-	/*
-	 * user/group to run as
-	 */
-	int uid;
-	int gid;
-
-	/*
-	 * Allowed users/group to connect. This is of type uidgid item.
-	 */
-	struct list_head uidgid_list;
-};
-
+extern struct list_head uidgid_list_head;
 
 extern int corosync_main_config_read (
 	struct objdb_iface_ver0 *objdb,
-	const char **error_string,
-	struct ug_config *ug_config);
+	const char **error_string);
 
 #endif /* MAINCONFIG_H_DEFINED */

man/corosync.conf.5

@@ -1,6 +1,6 @@
 .\"/*
 .\" * Copyright (c) 2005 MontaVista Software, Inc.
-.\" * Copyright (c) 2006 Red Hat, Inc.
+.\" * Copyright (c) 2006-2009 Red Hat, Inc.
 .\" *
 .\" * All rights reserved.
 .\" *
@@ -55,9 +55,6 @@ This top level directive contains configuration options for logging.
 .TP
 event { }
 This top level directive contains configuration options for the event service.
-.TP
-aisexec { }
-This top level directive contains configuration options for user privilegies.
 
 .PP
 .PP
@@ -537,20 +534,6 @@ This specifies the subsystem identity (name) for which logging is specified. Thi
 name used by a service in the log_init () call. E.g. 'CKPT'. This directive is
 required.
 
-.PP
-Within the
-.B aisexec
-directive, there are two configuration options which are all optional:
-.TP
-user
-.TP
-group
-These specify the user and group, which is able to run and use corosync.
-In any case, this is able to do root:root. But if you don't want run
-corosync as root, you can use this directives.
-
-The default is ais.
-
 .SH "FILES"
 .TP
 /etc/corosync.conf

man/corosync_overview.8

@@ -1,6 +1,6 @@
 .\"/*
 .\" * Copyright (c) 2005 MontaVista Software, Inc.
-.\" * Copyright (c) 2006 Red Hat, Inc.
+.\" * Copyright (c) 2006-2009 Red Hat, Inc.
 .\" *
 .\" * All rights reserved.
 .\" *
@@ -86,7 +86,7 @@ which make virtual synchrony ideal for developing distributed applications.
 
 .SH QUICKSTART
 The corosync executive must be configured.  In the directory conf in the
-source distribution are several files that must be copied to the /etc/ais
+source distribution are several files that must be copied to the /etc/corosync
 directory.  If corosync is packaged by a distro, this may be complete.
 
 The directory contains the file corosync.conf.  Please read the corosync.conf(5)
@@ -94,12 +94,6 @@ man page for details on the configuration options.  The corosync project will
 work out of the box with the default configuration options, although the
 administrator may desire different options.
 
-An user and group of the name "ais" must be added to the system.  If corosync
-is packaged from a distro, this step should already be completed.
-This can be achieved by executing:
-
-[root@slickdeal root]# adduser ais -g ais
-
 The corosync executive uses cryptographic techniques to ensure authenticity
 and privacy of the messages.  In order for corosync to be secure and operate,
 a private key must be generated and shared to all processors.