----- Original Message ----- > Updated Branches: > refs/heads/master 00897775d -> cd86569e9 > > > TS-2425: Update to TS-2261 for loading plugins as root > > > Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo > Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/cd86569e > Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/cd86569e > Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/cd86569e > > Branch: refs/heads/master > Commit: cd86569e9342829fe72e7a4b6492157fb352fa0b > Parents: 0089777 > Author: Bryan Call <bc...@apache.org> > Authored: Thu Jan 23 15:50:14 2014 +0100 > Committer: Bryan Call <bc...@apache.org> > Committed: Thu Jan 23 15:50:14 2014 +0100 > > ---------------------------------------------------------------------- > CHANGES | 2 + > proxy/Plugin.cc | 34 +++++++-------- > proxy/http/remap/RemapConfig.cc | 85 +++++++++++++++++------------------- > proxy/http/remap/UrlMapping.cc | 7 +-- > 4 files changed, 59 insertions(+), 69 deletions(-) > ---------------------------------------------------------------------- > > > http://git-wip-us.apache.org/repos/asf/trafficserver/blob/cd86569e/CHANGES > ---------------------------------------------------------------------- > diff --git a/CHANGES b/CHANGES > index 0140b40..e795406 100644 > --- a/CHANGES > +++ b/CHANGES > @@ -1,6 +1,8 @@ > -*- coding: utf-8 > -*- > Changes with Apache Traffic Server 4.2.0 > > + *) [TS-2425] Update to TS-2261 for loading plugins as root > + > *) [TS-2505] Add traffic_line --offline option. > > *) [TS-2305] Fall back to ftruncate if posix_fallocate fails. > > http://git-wip-us.apache.org/repos/asf/trafficserver/blob/cd86569e/proxy/Plugin.cc > ---------------------------------------------------------------------- > diff --git a/proxy/Plugin.cc b/proxy/Plugin.cc > index 56e2a68..0d315b6 100644 > --- a/proxy/Plugin.cc > +++ b/proxy/Plugin.cc > @@ -111,29 +111,29 @@ plugin_load(int argc, char *argv[]) > } > plugin_reg_temp = (plugin_reg_temp->link).next; > } > - > - handle = dll_open(path); > - if (!handle) { > - Fatal("unable to load '%s': %s", path, dll_error(handle)); > - } > - > - // Allocate a new registration structure for the > - // plugin we're starting up > - ink_assert(plugin_reg_current == NULL); > - plugin_reg_current = new PluginRegInfo; > - plugin_reg_current->plugin_path = ats_strdup(path); > - > - init = (init_func_t) dll_findsym(handle, "TSPluginInit"); > - if (!init) { > - Fatal("unable to find TSPluginInit function '%s': %s", path, > dll_error(handle)); > - } > - > // elevate the access to read files as root if compiled with capabilities, > if not > // change the effective user to root > { > uint32_t elevate_access = 0; > REC_ReadConfigInteger(elevate_access, > "proxy.config.plugin.load_elevated"); > ElevateAccess access(elevate_access != 0); > + > + handle = dll_open(path); > + if (!handle) { > + Fatal("unable to load '%s': %s", path, dll_error(handle)); > + } > + > + // Allocate a new registration structure for the > + // plugin we're starting up > + ink_assert(plugin_reg_current == NULL); > + plugin_reg_current = new PluginRegInfo; > + plugin_reg_current->plugin_path = ats_strdup(path); > + > + init = (init_func_t) dll_findsym(handle, "TSPluginInit"); > + if (!init) { > + Fatal("unable to find TSPluginInit function '%s': %s", path, > dll_error(handle)); > + } > + > init(argc, argv); > } // done elevating access > > > http://git-wip-us.apache.org/repos/asf/trafficserver/blob/cd86569e/proxy/http/remap/RemapConfig.cc > ---------------------------------------------------------------------- > diff --git a/proxy/http/remap/RemapConfig.cc > b/proxy/http/remap/RemapConfig.cc > index bc4a16b..787fbb0 100644 > --- a/proxy/http/remap/RemapConfig.cc > +++ b/proxy/http/remap/RemapConfig.cc > @@ -663,44 +663,6 @@ remap_load_plugin(const char ** argv, int argc, > url_mapping *mp, char *errbuf, i > } > Debug("remap_plugin", "New remap plugin info created for \"%s\"", c); > > - if ((pi->dlh = dlopen(c, RTLD_NOW)) == NULL) { > -#if defined(freebsd) || defined(openbsd) > - err = (char *)dlerror(); > -#else > - err = dlerror(); > -#endif
Why is this #if dance necessary here? http://www.freebsd.org/cgi/man.cgi?dlerror dlerror() hasn't been const char* since FreeBSD 8.1. In OpenBSD it's still *is* ...broken, but then we should abstract that into a wrapper function of our own at autoconf time. We're not handling this case at every call of dlerror() anyways.. so.... > - snprintf(errbuf, errbufsize, "Can't load plugin \"%s\" - %s", c, err ? > err : "Unknown dlopen() error"); > - return -4; > - } > - pi->fp_tsremap_init = (remap_plugin_info::_tsremap_init *) > dlsym(pi->dlh, TSREMAP_FUNCNAME_INIT); > - pi->fp_tsremap_done = (remap_plugin_info::_tsremap_done *) > dlsym(pi->dlh, TSREMAP_FUNCNAME_DONE); > - pi->fp_tsremap_new_instance = (remap_plugin_info::_tsremap_new_instance > *) dlsym(pi->dlh, TSREMAP_FUNCNAME_NEW_INSTANCE); > - pi->fp_tsremap_delete_instance = > (remap_plugin_info::_tsremap_delete_instance *) dlsym(pi->dlh, > TSREMAP_FUNCNAME_DELETE_INSTANCE); > - pi->fp_tsremap_do_remap = (remap_plugin_info::_tsremap_do_remap *) > dlsym(pi->dlh, TSREMAP_FUNCNAME_DO_REMAP); > - pi->fp_tsremap_os_response = (remap_plugin_info::_tsremap_os_response *) > dlsym(pi->dlh, TSREMAP_FUNCNAME_OS_RESPONSE); > - > - if (!pi->fp_tsremap_init) { > - snprintf(errbuf, errbufsize, "Can't find \"%s\" function in remap > plugin \"%s\"", TSREMAP_FUNCNAME_INIT, c); > - retcode = -10; > - } else if (!pi->fp_tsremap_new_instance) { > - snprintf(errbuf, errbufsize, "Can't find \"%s\" function in remap > plugin \"%s\"", > - TSREMAP_FUNCNAME_NEW_INSTANCE, c); > - retcode = -11; > - } else if (!pi->fp_tsremap_do_remap) { > - snprintf(errbuf, errbufsize, "Can't find \"%s\" function in remap > plugin \"%s\"", TSREMAP_FUNCNAME_DO_REMAP, c); > - retcode = -12; > - } > - if (retcode) { > - if (errbuf && errbufsize > 0) > - Debug("remap_plugin", "%s", errbuf); > - dlclose(pi->dlh); > - pi->dlh = NULL; > - return retcode; > - } > - memset(&ri, 0, sizeof(ri)); > - ri.size = sizeof(ri); > - ri.tsremap_version = TSREMAP_VERSION; > - > // elevate the access to read files as root if compiled with > capabilities, if not > // change the effective user to root > { > @@ -708,6 +670,44 @@ remap_load_plugin(const char ** argv, int argc, > url_mapping *mp, char *errbuf, i > REC_ReadConfigInteger(elevate_access, > "proxy.config.plugin.load_elevated"); > ElevateAccess access(elevate_access != 0); > > + if ((pi->dlh = dlopen(c, RTLD_NOW)) == NULL) { > +#if defined(freebsd) || defined(openbsd) > + err = (char *)dlerror(); > +#else > + err = dlerror(); > +#endif > + snprintf(errbuf, errbufsize, "Can't load plugin \"%s\" - %s", c, err > ? err : "Unknown dlopen() error"); > + return -4; > + } > + pi->fp_tsremap_init = (remap_plugin_info::_tsremap_init *) > dlsym(pi->dlh, TSREMAP_FUNCNAME_INIT); > + pi->fp_tsremap_done = (remap_plugin_info::_tsremap_done *) > dlsym(pi->dlh, TSREMAP_FUNCNAME_DONE); > + pi->fp_tsremap_new_instance = > (remap_plugin_info::_tsremap_new_instance *) dlsym(pi->dlh, > TSREMAP_FUNCNAME_NEW_INSTANCE); > + pi->fp_tsremap_delete_instance = > (remap_plugin_info::_tsremap_delete_instance *) dlsym(pi->dlh, > TSREMAP_FUNCNAME_DELETE_INSTANCE); > + pi->fp_tsremap_do_remap = (remap_plugin_info::_tsremap_do_remap *) > dlsym(pi->dlh, TSREMAP_FUNCNAME_DO_REMAP); > + pi->fp_tsremap_os_response = (remap_plugin_info::_tsremap_os_response > *) dlsym(pi->dlh, TSREMAP_FUNCNAME_OS_RESPONSE); > + > + if (!pi->fp_tsremap_init) { > + snprintf(errbuf, errbufsize, "Can't find \"%s\" function in remap > plugin \"%s\"", TSREMAP_FUNCNAME_INIT, c); > + retcode = -10; > + } else if (!pi->fp_tsremap_new_instance) { > + snprintf(errbuf, errbufsize, "Can't find \"%s\" function in remap > plugin \"%s\"", > + TSREMAP_FUNCNAME_NEW_INSTANCE, c); > + retcode = -11; > + } else if (!pi->fp_tsremap_do_remap) { > + snprintf(errbuf, errbufsize, "Can't find \"%s\" function in remap > plugin \"%s\"", TSREMAP_FUNCNAME_DO_REMAP, c); > + retcode = -12; > + } > + if (retcode) { > + if (errbuf && errbufsize > 0) > + Debug("remap_plugin", "%s", errbuf); > + dlclose(pi->dlh); > + pi->dlh = NULL; > + return retcode; > + } > + memset(&ri, 0, sizeof(ri)); > + ri.size = sizeof(ri); > + ri.tsremap_version = TSREMAP_VERSION; > + > if (pi->fp_tsremap_init(&ri, tmpbuf, sizeof(tmpbuf) - 1) != > TS_SUCCESS) { > Warning("Failed to initialize plugin %s (non-zero retval) ... > bailing out", pi->path); > return -5; > @@ -768,14 +768,7 @@ remap_load_plugin(const char ** argv, int argc, > url_mapping *mp, char *errbuf, i > Debug("remap_plugin", "creating new plugin instance"); > > TSReturnCode res = TS_ERROR; > - // elevate the access to read files as root if compiled with capabilities, > if not > - // change the effective user to root > - { > - uint32_t elevate_access = 0; > - REC_ReadConfigInteger(elevate_access, > "proxy.config.plugin.load_elevated"); > - ElevateAccess access(elevate_access != 0); > - res = pi->fp_tsremap_new_instance(parc, parv, &ih, tmpbuf, > sizeof(tmpbuf) - 1); > - } // done elevating access > + res = pi->fp_tsremap_new_instance(parc, parv, &ih, tmpbuf, sizeof(tmpbuf) > - 1); > > Debug("remap_plugin", "done creating new plugin instance"); > > > http://git-wip-us.apache.org/repos/asf/trafficserver/blob/cd86569e/proxy/http/remap/UrlMapping.cc > ---------------------------------------------------------------------- > diff --git a/proxy/http/remap/UrlMapping.cc b/proxy/http/remap/UrlMapping.cc > index d5b00d1..58739c1 100644 > --- a/proxy/http/remap/UrlMapping.cc > +++ b/proxy/http/remap/UrlMapping.cc > @@ -79,13 +79,8 @@ url_mapping::delete_instance(unsigned int index) > remap_plugin_info* p = get_plugin(index); > > if (ih && p && p->fp_tsremap_delete_instance) { > - // elevate the access to read files as root if compiled with > capabilities, if not > - // change the effective user to root > - uint32_t elevate_access = 0; > - REC_ReadConfigInteger(elevate_access, > "proxy.config.plugin.load_elevated"); > - ElevateAccess access(elevate_access != 0); > p->fp_tsremap_delete_instance(ih); > - } // done elevating access > + } > } > > > > -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ GPG: 8716 7A9F 989B ABD5 100F 4008 F266 55D6 2998 1641
