latticeware/Telodendria
1
0
Fork 0
forked from Telodendria/Telodendria
Code Pull requests Activity

Change behavior of "id" configuration directive.

Browse source
This commit is contained in:
Jordan Bancino 2022-11-08 17:53:01 +00:00
parent efbbf42a6e
commit 8e71cc833c
4 changed files with 79 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
contrib/development.conf
View file

@ -5,9 +5,6 @@
server-name "localhost"; server-name "localhost";
base-url "http://localhost:8008"; base-url "http://localhost:8008";
# Replace this with your UNIX username
id "jordan";
# Make this directory if Telodendria complains that it's missing. # Make this directory if Telodendria complains that it's missing.
data-dir "./data"; data-dir "./data";

4
contrib/production.conf
View file

@ -18,10 +18,12 @@ server-name "example.com";
base-url "https://matrix.example.com"; base-url "https://matrix.example.com";
identity-server "https://identity.example.com"; identity-server "https://identity.example.com";
id "_telodendria" "_telodendria"; id "_telodendria";
data-dir "/var/telodendria"; data-dir "/var/telodendria";
federation "true"; federation "true";
registration "false"; registration "false";
log "file" { log "file" {
level "warning"; level "warning";
timestampFormat "default"; timestampFormat "default";

61
src/Telodendria.c
View file

@ -346,22 +346,6 @@ main(int argc, char **argv)
Log(lc, LOG_DEBUG, "Flags: %x", tConfig->flags); Log(lc, LOG_DEBUG, "Flags: %x", tConfig->flags);
LogConfigUnindent(lc); LogConfigUnindent(lc);
Log(lc, LOG_DEBUG, "Running as uid:gid: %d:%d.", getuid(), getgid());
userInfo = getpwnam(tConfig->uid);
groupInfo = getgrnam(tConfig->gid);
if (!userInfo || !groupInfo)
{
Log(lc, LOG_ERROR, "Unable to locate the user/group specified in the configuration.");
exit = EXIT_FAILURE;
goto finish;
}
else
{
Log(lc, LOG_DEBUG, "Found user/group information using getpwnam() and getgrnam().");
}
/* Arguments to pass into the HTTP handler */ /* Arguments to pass into the HTTP handler */
matrixArgs.lc = lc; matrixArgs.lc = lc;
matrixArgs.config = tConfig; matrixArgs.config = tConfig;
@ -377,9 +361,31 @@ main(int argc, char **argv)
goto finish; goto finish;
} }
Log(lc, LOG_DEBUG, "Running as uid:gid: %d:%d.", getuid(), getgid());
if (tConfig->uid && tConfig->gid)
{
userInfo = getpwnam(tConfig->uid);
groupInfo = getgrnam(tConfig->gid);
if (!userInfo || !groupInfo)
{
Log(lc, LOG_ERROR, "Unable to locate the user/group specified in the configuration.");
exit = EXIT_FAILURE;
goto finish;
}
else
{
Log(lc, LOG_DEBUG, "Found user/group information using getpwnam() and getgrnam().");
}
}
else
{
Log(lc, LOG_DEBUG, "No user/group info specified in the config.");
}
if (getuid() == 0) if (getuid() == 0)
{ {
#ifndef __OpenBSD__
if (chroot(".") == 0) if (chroot(".") == 0)
{ {
Log(lc, LOG_DEBUG, "Changed the root directory to: %s.", tConfig->dataDir); Log(lc, LOG_DEBUG, "Changed the root directory to: %s.", tConfig->dataDir);
@ -388,13 +394,14 @@ main(int argc, char **argv)
{ {
Log(lc, LOG_WARNING, "Unable to chroot into directory: %s.", tConfig->dataDir); Log(lc, LOG_WARNING, "Unable to chroot into directory: %s.", tConfig->dataDir);
} }
#else
Log(lc, LOG_DEBUG, "Not attempting chroot() after pledge() and unveil().");
#endif
if (tConfig->uid && tConfig->gid)
{
if (setgid(groupInfo->gr_gid) != 0 || setuid(userInfo->pw_uid) != 0) if (setgid(groupInfo->gr_gid) != 0 || setuid(userInfo->pw_uid) != 0)
{ {
Log(lc, LOG_WARNING, "Unable to set process uid/gid."); Log(lc, LOG_ERROR, "Unable to set process uid/gid.");
exit = EXIT_FAILURE;
goto finish;
} }
else else
{ {
@ -403,8 +410,17 @@ main(int argc, char **argv)
} }
else else
{ {
Log(lc, LOG_DEBUG, "Not changing root directory, because we are not root."); Log(lc, LOG_WARNING, "We are running as root, and we are not dropping to another user");
Log(lc, LOG_WARNING, "because none was specified in the configuration file.");
Log(lc, LOG_WARNING, "This is probably a security issue.");
}
}
else
{
Log(lc, LOG_WARNING, "Not setting root directory, because we are not root.");
if (tConfig->uid && tConfig->gid)
{
if (getuid() != userInfo->pw_uid || getgid() != groupInfo->gr_gid) if (getuid() != userInfo->pw_uid || getgid() != groupInfo->gr_gid)
{ {
Log(lc, LOG_WARNING, "Not running as the uid/gid specified in the configuration."); Log(lc, LOG_WARNING, "Not running as the uid/gid specified in the configuration.");
@ -414,6 +430,7 @@ main(int argc, char **argv)
Log(lc, LOG_DEBUG, "Running as the uid/gid specified in the configuration."); Log(lc, LOG_DEBUG, "Running as the uid/gid specified in the configuration.");
} }
} }
}
/* These config values are no longer needed; don't hold them in /* These config values are no longer needed; don't hold them in
* memory anymore */ * memory anymore */

17
src/TelodendriaConfig.c
View file

@ -157,17 +157,24 @@ TelodendriaConfigParse(HashMap * config, LogConfig * lc)
tConfig->identityServer = NULL; tConfig->identityServer = NULL;
} }
GET_DIRECTIVE("id"); directive = (ConfigDirective *) HashMapGet(config, "id");
children = ConfigChildrenGet(directive);
value = ConfigValuesGet(directive);
ASSERT_NO_CHILDREN("id"); ASSERT_NO_CHILDREN("id");
COPY_VALUE(tConfig->uid, 0);
if (directive)
{
switch (ArraySize(value)) switch (ArraySize(value))
{ {
case 1: case 1:
Log(lc, LOG_WARNING, "No run group specified; assuming it's the same as the user."); Log(lc, LOG_WARNING, "No run group specified; assuming it's the same as the user.");
COPY_VALUE(tConfig->uid, 0);
tConfig->gid = UtilStringDuplicate(tConfig->uid); tConfig->gid = UtilStringDuplicate(tConfig->uid);
break; break;
case 2: case 2:
COPY_VALUE(tConfig->uid, 0);
COPY_VALUE(tConfig->gid, 1); COPY_VALUE(tConfig->gid, 1);
break; break;
default: default:
@ -176,6 +183,12 @@ TelodendriaConfigParse(HashMap * config, LogConfig * lc)
ArraySize(value)); ArraySize(value));
goto error; goto error;
} }
}
else
{
tConfig->uid = NULL;
tConfig->gid = NULL;
}
GET_DIRECTIVE("data-dir"); GET_DIRECTIVE("data-dir");
ASSERT_NO_CHILDREN("data-dir"); ASSERT_NO_CHILDREN("data-dir");