* move socket and pid file to its own directory /var/run/avahi

* create /var/run/avahi securely

git-svn-id: file:///home/lennart/svn/public/avahi/trunk@133 941a03a8-eaeb-0310-b9a0-b1bbd8fe43fe

diff --git a/avahi-daemon/Makefile.am b/avahi-daemon/Makefile.am
index 0682fba3cbfb1536864b65ee9e7b9be337942467..3b90852e801390f1ac8ef02deeaab3849e7c23e8 100644 (file)
--- a/avahi-daemon/Makefile.am
+++ b/avahi-daemon/Makefile.am
@@ -25,7 +25,8 @@ AM_CFLAGS= \
        -I$(top_srcdir) \
        -D_GNU_SOURCE \
        -DAVAHI_SERVICE_DIRECTORY=\"$(servicedir)\" \
-       -DAVAHI_CONFIG_FILE=\"$(pkgsysconfdir)/avahi.conf\"
+       -DAVAHI_CONFIG_FILE=\"$(pkgsysconfdir)/avahi.conf\" \
+       -DAVAHI_RUNTIME_DIR=\"$(localstatedir)/run/avahi\"
 AM_LDADD=-lexpat
 
 # GLIB 2.0

diff --git a/avahi-daemon/main.c b/avahi-daemon/main.c
index 7fce3a546d8b0b7086d93e9341e01a664cbf0919..ce3400a3dff2e69ecc5687f84bc9f975045e1e3d 100644 (file)
--- a/avahi-daemon/main.c
+++ b/avahi-daemon/main.c
@@ -31,6 +31,7 @@
 #include <unistd.h>
 #include <grp.h>
 #include <pwd.h>
+#include <sys/stat.h>
 
 #include <libdaemon/dfork.h>
 #include <libdaemon/dsignal.h>
@@ -474,6 +475,59 @@ static gint drop_root(void) {
     return 0;
 }
 
+static const char* pid_file_proc(void) {
+    return AVAHI_RUNTIME_DIR"/pid";
+}
+
+static gint make_runtime_dir(void) {
+    gint r = -1;
+    mode_t u;
+    gboolean reset_umask = FALSE;
+    struct passwd *pw;
+    struct group * gr;
+    struct stat st;
+
+    if (!(pw = getpwnam(AVAHI_USER))) {
+        avahi_log_error( "Failed to find user '"AVAHI_USER"'.");
+        goto fail;
+    }
+
+    if (!(gr = getgrnam(AVAHI_GROUP))) {
+        avahi_log_error( "Failed to find group '"AVAHI_GROUP"'.");
+        goto fail;
+    }
+
+    u = umask(0000);
+    reset_umask = TRUE;
+    
+    if (mkdir(AVAHI_RUNTIME_DIR, 0755) < 0 && errno != EEXIST) {
+        avahi_log_error("mkdir(\""AVAHI_RUNTIME_DIR"\"): %s", strerror(errno));
+        goto fail;
+    }
+    
+    chown(AVAHI_RUNTIME_DIR, pw->pw_uid, gr->gr_gid);
+
+    if (stat(AVAHI_RUNTIME_DIR, &st) < 0) {
+        avahi_log_error("stat(): %s\n", strerror(errno));
+        goto fail;
+    }
+
+    if (!S_ISDIR(st.st_mode) || st.st_uid != pw->pw_uid || st.st_gid != gr->gr_gid) {
+        avahi_log_error("Failed to create runtime directory "AVAHI_RUNTIME_DIR".");
+        goto fail;
+    }
+
+    r = 0;
+
+fail:
+    if (reset_umask)
+        umask(u);
+    return r;
+
+}
+    
+
+
 int main(int argc, char *argv[]) {
     gint r = 255;
     DaemonConfig config;
@@ -495,6 +549,8 @@ int main(int argc, char *argv[]) {
         argv0 = argv[0];
 
     daemon_pid_file_ident = daemon_log_ident = (char *) argv0;
+
+    daemon_pid_file_proc = pid_file_proc;
     
     if (parse_command_line(&config, argc, argv) < 0)
         goto finish;
@@ -561,6 +617,14 @@ int main(int argc, char *argv[]) {
 
         chdir("/");
 
+        if (make_runtime_dir() < 0)
+            goto finish;
+
+        if (config.drop_root) {
+            if (drop_root() < 0)
+                goto finish;
+        }
+
         if (daemon_pid_file_create() < 0) {
             avahi_log_error("Failed to create PID file: %s", strerror(errno));
 
@@ -570,11 +634,6 @@ int main(int argc, char *argv[]) {
         } else
             wrote_pid_file = TRUE;
 
-        if (config.drop_root) {
-            if (drop_root() < 0)
-                goto finish;
-        }
-
         if (run_server(&config) == 0)
             r = 0;
     }

diff --git a/avahi-daemon/simple-protocol.c b/avahi-daemon/simple-protocol.c
index 6eaef999268aa3e282cf77c594e7a4c5ad680c46..8bd8da4403588ee27654092dda4813ed0cdcd1d3 100644 (file)
--- a/avahi-daemon/simple-protocol.c
+++ b/avahi-daemon/simple-protocol.c
@@ -41,8 +41,7 @@
 
 #define BUFFER_SIZE (10*1024)
 
-#define UNIX_SOCKET_PATH "/tmp/avahi"
-#define UNIX_SOCKET UNIX_SOCKET_PATH"/socket"
+#define UNIX_SOCKET AVAHI_RUNTIME_DIR "/socket"
 
 #define CLIENTS_MAX 50
 
@@ -378,11 +377,6 @@ int simple_protocol_setup(GMainContext *c) {
 
     u = umask(0000);
 
-    if (mkdir(UNIX_SOCKET_PATH, 0755) < 0 && errno != EEXIST) {
-        avahi_log_warn("mkdir(): %s", strerror(errno));
-        goto fail;
-    }
-    
     if ((server->fd = socket(PF_LOCAL, SOCK_STREAM, 0)) < 0) {
         avahi_log_warn("socket(PF_LOCAL, SOCK_STREAM, 0): %s", strerror(errno));
         goto fail;

diff --git a/bootstrap.sh b/bootstrap.sh
index f0eedcd6c0737b6f62f96c819222788895012cab..d50ba727f80c6327b84ce6bbb30c9f6337ac2b8c 100755 (executable)
--- a/bootstrap.sh
+++ b/bootstrap.sh
@@ -42,7 +42,7 @@ else
     run_versioned automake 1.7 -a -c --foreign
     autoconf -Wall
 
-    CFLAGS="-g -O0" ./configure --sysconfdir=/etc "$@"
+    CFLAGS="-g -O0" ./configure --sysconfdir=/etc --localstatedir=/var"$@"
 
     make clean
 fi