[Xorp-users] Things to do for the upcoming 1.8.3 release.

Wed Mar 9 11:35:33 PST 2011

Hi Ben,

Here is the XRL permissions patch. All this does is look up the uid and gid of xorp per unix98 standard
and set the permissions/owner appropriately for the XRL files. I found, at least on my system, that fea
would write the files as root:root, and xorpsh running as stripped privilege user 'xorp' could not read/write
to the xrp files in /var/tmp

If my logic is flawed, please let me know but it 'works for me' :)


--Joe

--- xorp/libxipc/xrl_pf_unix.cc-orig    2011-03-09 14:20:45.000000000 -0500
+++ xorp/libxipc/xrl_pf_unix.cc 2011-03-09 14:16:30.000000000 -0500
@@ -23,6 +23,8 @@
 #include "xrl_pf_unix.hh"
 #include "libcomm/comm_api.h"
 #include "sockutil.hh"
+#include <pwd.h>
+#include <grp.h>

 #ifndef        HOST_OS_WINDOWS

@@ -32,6 +34,11 @@
 XrlPFUNIXListener::XrlPFUNIXListener(EventLoop& e, XrlDispatcher* xr)
     : XrlPFSTCPListener(&e, xr)
 {
+
+struct passwd *pwd; /* For UID of XORP user */
+struct group *grp;  /* For GID of XORP group */
+
+
     string path = get_sock_path();

     _sock = comm_bind_unix(path.c_str(), COMM_SOCK_NONBLOCKING);
@@ -44,12 +51,50 @@
         xorp_throw(XrlPFConstructorError, comm_get_last_error_str());
     }

+
+/* This didn't quite work for my system, so I changed it to load user/group xorp per unix98 std -JC */
+
     // Make sure socket is read/write by group and owner.
-    if (chmod(path.c_str(), S_ISUID | S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH ) < 0) {
-       cerr << "ERROR:  Failed chgrp on path: " << path << " error: "
-            << strerror(errno) << endl;
-       // Carry on, might turn out OK!
-    }
+    //   if (chmod(path.c_str(), S_ISUID | S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH ) < 0) {
+    // cerr << "ERROR:  Failed chgrp on path: " << path << " error: "
+    //      << strerror(errno) << endl;
+    // Carry on, might turn out OK!
+    // }
+
+
+pwd = getpwnam("xorp");
+grp = getgrnam("xorp");
+
+
+       if (pwd == NULL) {
+
+                       cerr << "ERROR: Failed to get UID of xorp user!" << endl;
+                       exit(0);
+               }
+
+
+       if (grp == NULL) {
+
+                       cerr << "ERROR: Failed to get GID of xorp group!" << endl;
+                       exit(0);
+               }
+
+
+/* If we got here at least XORP user and group exist */
+
+       if (chown(path.c_str(), pwd->pw_uid, grp->gr_gid)) {
+
+               cerr << "ERROR: Failed chown on path: " << path << " error: " << strerror(errno) << endl;
+}
+
+       /* Owner read/write, group read/write, other read -JC */
+
+       if (chmod(path.c_str(), S_IWUSR| S_IRUSR| S_IWGRP| S_IRGRP| S_IROTH)) {
+               cerr << "ERROR: Failed chmod on path: " << path << " error: " << strerror(errno) << endl;
+               }
+
+/* Ok end of breaking xorp -JC */
+

     _address_slash_port = path;
     encode_address(_address_slash_port);


