diff options
| -rw-r--r-- | net/server.lua | 9 | ||||
| -rw-r--r-- | plugins/mod_console.lua | 2 | ||||
| -rw-r--r-- | plugins/mod_posix.lua | 2 | ||||
| -rwxr-xr-x | prosody | 5 | ||||
| -rwxr-xr-x | prosodyctl | 19 | ||||
| -rw-r--r-- | util-src/pposix.c | 65 |
6 files changed, 89 insertions, 13 deletions
diff --git a/net/server.lua b/net/server.lua index e31333e2..6fe72712 100644 --- a/net/server.lua +++ b/net/server.lua @@ -189,7 +189,13 @@ wrapserver = function( listeners, socket, ip, serverport, pattern, sslctx, maxco end
end
if not ssl then
- out_put("server.lua: ", "ssl not enabled on ", serverport);
+ sslctx = false;
+ if startssl then
+ out_error( "server.lua: Cannot start ssl on port: ", serverport )
+ return nil, "Cannot start ssl, see log for details"
+ else
+ out_put("server.lua: ", "ssl not enabled on ", serverport);
+ end
end
local accept = socket.accept
@@ -689,6 +695,7 @@ removeserver = function( port ) return nil, "no server found on port '" .. tostring( port ) "'"
end
handler.close( )
+ _server[ port ] = nil
return true
end
diff --git a/plugins/mod_console.lua b/plugins/mod_console.lua index 28e12a62..c3a12857 100644 --- a/plugins/mod_console.lua +++ b/plugins/mod_console.lua @@ -14,7 +14,7 @@ local prosody = _G.prosody; local hosts = prosody.hosts; local connlisteners_register = require "net.connlisteners".register; -local console_listener = { default_port = 5582; default_mode = "*l"; }; +local console_listener = { default_port = 5582; default_mode = "*l"; default_interface = "127.0.0.1" }; require "util.iterators"; local jid_bare = require "util.jid".bare; diff --git a/plugins/mod_posix.lua b/plugins/mod_posix.lua index c00482c5..0f46888d 100644 --- a/plugins/mod_posix.lua +++ b/plugins/mod_posix.lua @@ -7,7 +7,7 @@ -- -local want_pposix_version = "0.3.0"; +local want_pposix_version = "0.3.1"; local pposix = assert(require "util.pposix"); if pposix._VERSION ~= want_pposix_version then module:log("warn", "Unknown version (%s) of binary pposix module, expected %s", tostring(pposix._VERSION), want_pposix_version); end @@ -222,10 +222,7 @@ function prepare_to_start() net_activate_ports("s2s", "xmppserver", {5269}, "tcp"); net_activate_ports("component", "xmppcomponent", {}, "tcp"); net_activate_ports("legacy_ssl", "xmppclient", {}, "ssl"); - - if cl.get("console") then - cl.start("console", { interface = config.get("*", "core", "console_interface") or "127.0.0.1" }) - end + net_activate_ports("console", "console", {5582}, "tcp"); prosody.start_time = os.time(); end @@ -66,19 +66,28 @@ require "util.datamanager".set_data_path(data_path); -- Switch away from root and into the prosody user -- local switched_user, current_uid; + +local want_pposix_version = "0.3.1"; local ok, pposix = pcall(require, "util.pposix"); + if ok and pposix then + if pposix._VERSION ~= want_pposix_version then print(string.format("Unknown version (%s) of binary pposix module, expected %s", tostring(pposix._VERSION), want_pposix_version)); return; end current_uid = pposix.getuid(); if current_uid == 0 then -- We haz root! local desired_user = config.get("*", "core", "prosody_user") or "prosody"; - local ok, err = pposix.setuid(desired_user); + local desired_group = config.get("*", "core", "prosody_group") or desired_user; + local ok, err = pposix.setgid(desired_group); if ok then - -- Yay! - switched_user = true; - else + ok, err = pposix.setuid(desired_user); + if ok then + -- Yay! + switched_user = true; + end + end + if not switched_user then -- Boo! - print("Warning: Couldn't switch to Prosody user '"..tostring(desired_user).."': "..tostring(err)); + print("Warning: Couldn't switch to Prosody user/group '"..tostring(desired_user).."'/'"..tostring(desired_group).."': "..tostring(err)); end end else diff --git a/util-src/pposix.c b/util-src/pposix.c index 70c15281..d27a84b1 100644 --- a/util-src/pposix.c +++ b/util-src/pposix.c @@ -13,7 +13,7 @@ * POSIX support functions for Lua */ -#define MODULE_VERSION "0.3.0" +#define MODULE_VERSION "0.3.1" #include <stdlib.h> #include <unistd.h> @@ -25,6 +25,7 @@ #include <syslog.h> #include <pwd.h> +#include <grp.h> #include <string.h> #include <errno.h> @@ -291,6 +292,64 @@ int lc_setuid(lua_State* L) return 2; } +int lc_setgid(lua_State* L) +{ + int gid = -1; + if(lua_gettop(L) < 1) + return 0; + if(!lua_isnumber(L, 1) && lua_tostring(L, 1)) + { + /* Passed GID is actually a string, so look up the GID */ + struct group *g; + g = getgrnam(lua_tostring(L, 1)); + if(!g) + { + lua_pushboolean(L, 0); + lua_pushstring(L, "no-such-group"); + return 2; + } + gid = g->gr_gid; + } + else + { + gid = lua_tonumber(L, 1); + } + + if(gid>-1) + { + /* Ok, attempt setgid */ + errno = 0; + if(setgid(gid)) + { + /* Fail */ + lua_pushboolean(L, 0); + switch(errno) + { + case EINVAL: + lua_pushstring(L, "invalid-gid"); + break; + case EPERM: + lua_pushstring(L, "permission-denied"); + break; + default: + lua_pushstring(L, "unknown-error"); + } + return 2; + } + else + { + /* Success! */ + lua_pushboolean(L, 1); + return 1; + } + } + + /* Seems we couldn't find a valid GID to switch to */ + lua_pushboolean(L, 0); + lua_pushstring(L, "invalid-gid"); + return 2; +} + /* Like POSIX's setrlimit()/getrlimit() API functions. * * Syntax: @@ -420,9 +479,13 @@ int luaopen_util_pposix(lua_State *L) lua_pushcfunction(L, lc_getuid); lua_setfield(L, -2, "getuid"); + lua_pushcfunction(L, lc_getgid); + lua_setfield(L, -2, "getgid"); lua_pushcfunction(L, lc_setuid); lua_setfield(L, -2, "setuid"); + lua_pushcfunction(L, lc_setgid); + lua_setfield(L, -2, "setgid"); lua_pushcfunction(L, lc_setrlimit); lua_setfield(L, -2, "setrlimit"); |