From 1dc3e3c40830c0fb88ff541765138170ede6843d Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Wed, 10 May 2000 23:30:52 +0000 Subject: [PATCH] Add basic and EXPERIMENTAL chroot() support. --- configure | 29 +++++++++++++++-------------- configure.in | 1 + include/portable.h.in | 3 +++ servers/slapd/main.c | 21 +++++++++++++++++++++ 4 files changed, 40 insertions(+), 14 deletions(-) diff --git a/configure b/configure index f056ce74bc..dd321178b5 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # $OpenLDAP$ -# from OpenLDAP: pkg/ldap/configure.in,v 1.297 2000/05/10 18:07:03 kurt Exp +# from OpenLDAP: pkg/ldap/configure.in,v 1.298 2000/05/10 20:48:23 hyc Exp # Copyright 1998-2000 The OpenLDAP Foundation. All Rights Reserved. # @@ -2556,7 +2556,7 @@ if test $ol_enable_spasswd = yes ; then if test $ol_with_cyrus_sasl = no ; then { echo "configure: error: options require --with-cyrus-sasl" 1>&2; exit 1; } fi - ol_with_cyrus_sasl=yes + ol_link_spasswd=yes fi echo "$ac_t""done" 1>&6 @@ -15480,6 +15480,7 @@ fi for ac_func in \ bcopy \ closesocket \ + chroot \ endgrent \ endpwent \ flock \ @@ -15528,12 +15529,12 @@ for ac_func in \ do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:15532: checking for $ac_func" >&5 +echo "configure:15533: checking for $ac_func" >&5 if eval "test \"\${ac_cv_func_$ac_func+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:15562: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -15585,12 +15586,12 @@ done for ac_func in getopt tempnam do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:15589: checking for $ac_func" >&5 +echo "configure:15590: checking for $ac_func" >&5 if eval "test \"\${ac_cv_func_$ac_func+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:15619: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -15651,13 +15652,13 @@ fi # Check Configuration echo $ac_n "checking declaration of sys_errlist""... $ac_c" 1>&6 -echo "configure:15655: checking declaration of sys_errlist" >&5 +echo "configure:15656: checking declaration of sys_errlist" >&5 if eval "test \"\${ol_cv_dcl_sys_errlist+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < @@ -15670,7 +15671,7 @@ int main() { char *c = (char *) *sys_errlist ; return 0; } EOF -if { (eval echo configure:15674: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:15675: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ol_cv_dcl_sys_errlist=yes ol_cv_have_sys_errlist=yes @@ -15693,20 +15694,20 @@ EOF echo $ac_n "checking existence of sys_errlist""... $ac_c" 1>&6 -echo "configure:15697: checking existence of sys_errlist" >&5 +echo "configure:15698: checking existence of sys_errlist" >&5 if eval "test \"\${ol_cv_have_sys_errlist+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < int main() { char *c = (char *) *sys_errlist ; return 0; } EOF -if { (eval echo configure:15710: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:15711: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* ol_cv_have_sys_errlist=yes else diff --git a/configure.in b/configure.in index 259e612c93..130d6b3e8c 100644 --- a/configure.in +++ b/configure.in @@ -2122,6 +2122,7 @@ fi AC_CHECK_FUNCS( \ bcopy \ closesocket \ + chroot \ endgrent \ endpwent \ flock \ diff --git a/include/portable.h.in b/include/portable.h.in index c2f33494d7..0e5447f1ea 100644 --- a/include/portable.h.in +++ b/include/portable.h.in @@ -127,6 +127,9 @@ /* Define if you have the bcopy function. */ #undef HAVE_BCOPY +/* Define if you have the chroot function. */ +#undef HAVE_CHROOT + /* Define if you have the closesocket function. */ #undef HAVE_CLOSESOCKET diff --git a/servers/slapd/main.c b/servers/slapd/main.c index 3176411796..3f77d26edb 100644 --- a/servers/slapd/main.c +++ b/servers/slapd/main.c @@ -139,6 +139,9 @@ int main( int argc, char **argv ) char *username = NULL; char *groupname = NULL; #endif +#if defined(HAVE_CHROOT) + char *sandbox = NULL; +#endif #ifdef LOG_LOCAL4 int syslogUser = DEFAULT_SYSLOG_USER; #endif @@ -190,6 +193,9 @@ int main( int argc, char **argv ) while ( (i = getopt( argc, argv, "d:f:h:s:" +#ifdef HAVE_CHROOT + "r:" +#endif #ifdef LOG_LOCAL4 "l:" #endif @@ -252,6 +258,13 @@ int main( int argc, char **argv ) break; #endif +#ifdef HAVE_CHROOT + case 'r': + if( sandbox ) free(sandbox); + sandbox = ch_strdup( optarg ); + break; +#endif + #if defined(HAVE_SETUID) && defined(HAVE_SETGID) case 'u': /* user name */ if( username ) free(username); @@ -301,6 +314,14 @@ int main( int argc, char **argv ) goto stop; } +#if defined(HAVE_CHROOT) + if ( sandbox && chroot( sandbox ) ) { + perror("chroot"); + rc = 1; + goto stop; + } +#endif + #if defined(HAVE_SETUID) && defined(HAVE_SETGID) if ( username != NULL || groupname != NULL ) { slap_init_user( username, groupname ); -- 2.39.5