[rrd-developers] [PATCH] rrdcached: Let the -s, -m and -P options affect the default socket as well.
Sebastian Harl
sh at tokkee.org
Tue Jul 13 20:28:15 CEST 2010
Signed-off-by: Sebastian Harl <sh at tokkee.org>
---
program/doc/rrdcached.pod | 9 ++++--
program/src/rrd_daemon.c | 68 ++++++++++++++++++++++++--------------------
2 files changed, 43 insertions(+), 34 deletions(-)
diff --git a/program/doc/rrdcached.pod b/program/doc/rrdcached.pod
index d6bfec3..73e070b 100644
--- a/program/doc/rrdcached.pod
+++ b/program/doc/rrdcached.pod
@@ -77,7 +77,8 @@ user privileges (e.g. graph generating CGI scripts that typically run in the
permission context of the web server).
This option affects the I<following> UNIX socket addresses (the following
-B<-l> options), i.e., you may specify different settings for different
+B<-l> options) or the default socket (if no B<-l> options have been
+specified), i.e., you may specify different settings for different
sockets.
The default is not to change ownership or permissions of the socket and, thus,
@@ -95,7 +96,8 @@ BSD-derived systems ignore permissions for UNIX sockets. See L<unix(7)> for
details.
This option affects the I<following> UNIX socket addresses (the following
-B<-l> options), i.e., you may specify different settings for different
+B<-l> options) or the default socket (if no B<-l> options have been
+specified), i.e., you may specify different settings for different
sockets.
The default is not to change ownership or permissions of the socket and, thus,
@@ -113,7 +115,8 @@ For example, to allow the C<FLUSH> and C<PENDING> commands one could specify:
rrdcached -P FLUSH,PENDING $MORE_ARGUMENTS
The B<-P> option affects the I<following> socket addresses (the following B<-l>
-options). In the following example, only the IPv4 network socket (address
+options) or the default socket (if no B<-l> options have been
+specified). In the following example, only the IPv4 network socket (address
C<10.0.0.1>) will be restricted to the C<FLUSH> and C<PENDING> commands:
rrdcached -l unix:/some/path -P FLUSH,PENDING -l 10.0.0.1
diff --git a/program/src/rrd_daemon.c b/program/src/rrd_daemon.c
index 93ed71c..f340ecc 100644
--- a/program/src/rrd_daemon.c
+++ b/program/src/rrd_daemon.c
@@ -227,6 +227,8 @@ static uid_t daemon_uid;
static listen_socket_t *listen_fds = NULL;
static size_t listen_fds_num = 0;
+static listen_socket_t default_socket;
+
enum {
RUNNING, /* normal operation */
FLUSHING, /* flushing remaining values */
@@ -1719,6 +1721,17 @@ static int socket_permission_add (listen_socket_t *sock, /* {{{ */
return (0);
} /* }}} int socket_permission_add */
+static void socket_permission_clear (listen_socket_t *sock) /* {{{ */
+{
+ sock->permissions = 0;
+} /* }}} socket_permission_clear */
+
+static void socket_permission_copy (listen_socket_t *dest, /* {{{ */
+ listen_socket_t *src)
+{
+ dest->permissions = src->permissions;
+} /* }}} socket_permission_copy */
+
/* check whether commands are received in the expected context */
static int command_check_context(listen_socket_t *sock, command_t *cmd)
{
@@ -2664,10 +2677,10 @@ static int daemonize (void) /* {{{ */
}
else
{
- listen_socket_t sock;
- memset(&sock, 0, sizeof(sock));
- strncpy(sock.addr, RRDCACHED_DEFAULT_ADDRESS, sizeof(sock.addr)-1);
- open_listen_socket (&sock);
+ strncpy(default_socket.addr, RRDCACHED_DEFAULT_ADDRESS,
+ sizeof(default_socket.addr) - 1);
+ default_socket.addr[sizeof(default_socket.addr) - 1] = '\0';
+ open_listen_socket (&default_socket);
}
if (listen_fds_num < 1)
@@ -2772,11 +2785,10 @@ static int read_options (int argc, char **argv) /* {{{ */
int option;
int status = 0;
- char **permissions = NULL;
- size_t permissions_len = 0;
+ socket_permission_clear (&default_socket);
- gid_t socket_group = (gid_t)-1;
- mode_t socket_permissions = (mode_t)-1;
+ default_socket.socket_group = (gid_t)-1;
+ default_socket.socket_permissions = (mode_t)-1;
while ((option = getopt(argc, argv, "gl:s:m:P:f:w:z:t:Bb:p:Fj:h?")) != -1)
{
@@ -2801,22 +2813,11 @@ static int read_options (int argc, char **argv) /* {{{ */
strncpy(new->addr, optarg, sizeof(new->addr)-1);
/* Add permissions to the socket {{{ */
- if (permissions_len != 0)
+ if (default_socket.permissions != 0)
{
- size_t i;
- for (i = 0; i < permissions_len; i++)
- {
- status = socket_permission_add (new, permissions[i]);
- if (status != 0)
- {
- fprintf (stderr, "read_options: Adding permission \"%s\" to "
- "socket failed. Most likely, this permission doesn't "
- "exist. Check your command line.\n", permissions[i]);
- status = 4;
- }
- }
+ socket_permission_copy (new, &default_socket);
}
- else /* if (permissions_len == 0) */
+ else /* if (default_socket.permissions == 0) */
{
/* Add permission for ALL commands to the socket. */
size_t i;
@@ -2827,15 +2828,15 @@ static int read_options (int argc, char **argv) /* {{{ */
{
fprintf (stderr, "read_options: Adding permission \"%s\" to "
"socket failed. This should never happen, ever! Sorry.\n",
- permissions[i]);
+ list_of_commands[i].cmd);
status = 4;
}
}
}
/* }}} Done adding permissions. */
- new->socket_group = socket_group;
- new->socket_permissions = socket_permissions;
+ new->socket_group = default_socket.socket_group;
+ new->socket_permissions = default_socket.socket_permissions;
if (!rrd_add_ptr((void ***)&config_listen_address_list,
&config_listen_address_list_len, new))
@@ -2865,7 +2866,7 @@ static int read_options (int argc, char **argv) /* {{{ */
if (grp)
{
- socket_group = grp->gr_gid;
+ default_socket.socket_group = grp->gr_gid;
}
else
{
@@ -2890,7 +2891,7 @@ static int read_options (int argc, char **argv) /* {{{ */
return (5);
}
- socket_permissions = (mode_t)tmp;
+ default_socket.socket_permissions = (mode_t)tmp;
}
break;
@@ -2901,7 +2902,7 @@ static int read_options (int argc, char **argv) /* {{{ */
char *dummy;
char *ptr;
- rrd_free_ptrs ((void *) &permissions, &permissions_len);
+ socket_permission_clear (&default_socket);
optcopy = strdup (optarg);
dummy = optcopy;
@@ -2909,7 +2910,14 @@ static int read_options (int argc, char **argv) /* {{{ */
while ((ptr = strtok_r (dummy, ", ", &saveptr)) != NULL)
{
dummy = NULL;
- rrd_add_strdup ((void *) &permissions, &permissions_len, ptr);
+ status = socket_permission_add (&default_socket, ptr);
+ if (status != 0)
+ {
+ fprintf (stderr, "read_options: Adding permission \"%s\" to "
+ "socket failed. Most likely, this permission doesn't "
+ "exist. Check your command line.\n", ptr);
+ status = 4;
+ }
}
free (optcopy);
@@ -3142,8 +3150,6 @@ static int read_options (int argc, char **argv) /* {{{ */
if (journal_dir == NULL)
config_flush_at_shutdown = 1;
- rrd_free_ptrs ((void *) &permissions, &permissions_len);
-
return (status);
} /* }}} int read_options */
--
1.7.1.rc1.21.gf3bd6
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.oetiker.ch/pipermail/rrd-developers/attachments/20100713/c47ba773/attachment.pgp
More information about the rrd-developers
mailing list