Add basic and EXPERIMENTAL chroot() support.

diff --git a/configure b/configure
index f056ce74bc1d8010c45170735503ebaa0c4f7cc6..dd321178b5dc8eb7c9532787303dad021d3ab3a4 100755 (executable)
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # $OpenLDAP$
-# from OpenLDAP: pkg/ldap/configure.in,v 1.297 2000/05/10 18:07:03 kurt Exp  
+# from OpenLDAP: pkg/ldap/configure.in,v 1.298 2000/05/10 20:48:23 hyc Exp  
 
 # Copyright 1998-2000 The OpenLDAP Foundation.  All Rights Reserved.
 # 
@@ -2556,7 +2556,7 @@ if test $ol_enable_spasswd = yes ; then
        if test $ol_with_cyrus_sasl = no ; then
                { echo "configure: error: options require --with-cyrus-sasl" 1>&2; exit 1; }
        fi
-       ol_with_cyrus_sasl=yes
+       ol_link_spasswd=yes
 fi
 
 echo "$ac_t""done" 1>&6
@@ -15480,6 +15480,7 @@ fi
 for ac_func in \
        bcopy                   \
        closesocket             \
+       chroot                  \
        endgrent                \
        endpwent                \
        flock                   \
@@ -15528,12 +15529,12 @@ for ac_func in \
 
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:15532: checking for $ac_func" >&5
+echo "configure:15533: checking for $ac_func" >&5
 if eval "test \"\${ac_cv_func_$ac_func+set}\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 15537 "configure"
+#line 15538 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -15557,7 +15558,7 @@ f = $ac_func;
 
 ; return 0; }
 EOF
-if { (eval echo configure:15561: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:15562: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -15585,12 +15586,12 @@ done
 for ac_func in getopt tempnam
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:15589: checking for $ac_func" >&5
+echo "configure:15590: checking for $ac_func" >&5
 if eval "test \"\${ac_cv_func_$ac_func+set}\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 15594 "configure"
+#line 15595 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -15614,7 +15615,7 @@ f = $ac_func;
 
 ; return 0; }
 EOF
-if { (eval echo configure:15618: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:15619: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -15651,13 +15652,13 @@ fi
 
 # Check Configuration
 echo $ac_n "checking declaration of sys_errlist""... $ac_c" 1>&6
-echo "configure:15655: checking declaration of sys_errlist" >&5
+echo "configure:15656: checking declaration of sys_errlist" >&5
 if eval "test \"\${ol_cv_dcl_sys_errlist+set}\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
        cat > conftest.$ac_ext <<EOF
-#line 15661 "configure"
+#line 15662 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -15670,7 +15671,7 @@ int main() {
 char *c = (char *) *sys_errlist
 ; return 0; }
 EOF
-if { (eval echo configure:15674: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:15675: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ol_cv_dcl_sys_errlist=yes
        ol_cv_have_sys_errlist=yes
@@ -15693,20 +15694,20 @@ EOF
 
 
        echo $ac_n "checking existence of sys_errlist""... $ac_c" 1>&6
-echo "configure:15697: checking existence of sys_errlist" >&5
+echo "configure:15698: checking existence of sys_errlist" >&5
 if eval "test \"\${ol_cv_have_sys_errlist+set}\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
                cat > conftest.$ac_ext <<EOF
-#line 15703 "configure"
+#line 15704 "configure"
 #include "confdefs.h"
 #include <errno.h>
 int main() {
 char *c = (char *) *sys_errlist
 ; return 0; }
 EOF
-if { (eval echo configure:15710: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:15711: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   ol_cv_have_sys_errlist=yes
 else

diff --git a/configure.in b/configure.in
index 259e612c9368dd23c823141019894663aefc6697..130d6b3e8c2828d309f487eb50d42900d9f4aadf 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -2122,6 +2122,7 @@ fi
 AC_CHECK_FUNCS(                \
        bcopy                   \
        closesocket             \
+       chroot                  \
        endgrent                \
        endpwent                \
        flock                   \

diff --git a/include/portable.h.in b/include/portable.h.in
index c2f33494d7e757e70391b6991098b9fe12be5b04..0e5447f1eac554edcdbf609f3d67dac246da425c 100644 (file)
--- a/include/portable.h.in
+++ b/include/portable.h.in
@@ -127,6 +127,9 @@
 /* Define if you have the bcopy function.  */
 #undef HAVE_BCOPY
 
+/* Define if you have the chroot function.  */
+#undef HAVE_CHROOT
+
 /* Define if you have the closesocket function.  */
 #undef HAVE_CLOSESOCKET
 

diff --git a/servers/slapd/main.c b/servers/slapd/main.c
index 3176411796b5336c491291ba608aa7563b0afe16..3f77d26edbbf7d90a648e08e27b2cd48a4d21a7e 100644 (file)
--- a/servers/slapd/main.c
+++ b/servers/slapd/main.c
@@ -139,6 +139,9 @@ int main( int argc, char **argv )
        char *username = NULL;
        char *groupname = NULL;
 #endif
+#if defined(HAVE_CHROOT)
+       char *sandbox = NULL;
+#endif
 #ifdef LOG_LOCAL4
     int     syslogUser = DEFAULT_SYSLOG_USER;
 #endif
@@ -190,6 +193,9 @@ int main( int argc, char **argv )
 
        while ( (i = getopt( argc, argv,
                             "d:f:h:s:"
+#ifdef HAVE_CHROOT
+                               "r:"
+#endif
 #ifdef LOG_LOCAL4
                             "l:"
 #endif
@@ -252,6 +258,13 @@ int main( int argc, char **argv )
                        break;
 #endif
 
+#ifdef HAVE_CHROOT
+               case 'r':
+                       if( sandbox ) free(sandbox);
+                       sandbox = ch_strdup( optarg );
+                       break;
+#endif
+
 #if defined(HAVE_SETUID) && defined(HAVE_SETGID)
                case 'u':       /* user name */
                        if( username ) free(username);
@@ -301,6 +314,14 @@ int main( int argc, char **argv )
                goto stop;
        }
 
+#if defined(HAVE_CHROOT)
+       if ( sandbox && chroot( sandbox ) ) {
+               perror("chroot");
+               rc = 1;
+               goto stop;
+       }
+#endif
+
 #if defined(HAVE_SETUID) && defined(HAVE_SETGID)
        if ( username != NULL || groupname != NULL ) {
                slap_init_user( username, groupname );