client/tripectl.c, debian: Fix logging privileges disaster.

Previous behaviour: tripectl starts as root, opens logfile, starts tripe
server, drops privileges, logs happily to file, receives signal,
attempts to open new logfile, and fails miserably.  It therefore
continues logging to the old logfile, which may well have been deleted
by this point.

New behaviour: fix Debianization to put logs in a /var/log/tripe
directory, and arrange for this to be writable by the tripe user; create
the log file after dropping privileges.  If tripectl can't open the log,
it fails, and the tripe server quits due to EOF on stdin.

diff --git a/client/tripectl.c b/client/tripectl.c
index 5145061..ea86ec5 100644 (file)
--- a/client/tripectl.c
+++ b/client/tripectl.c
@@ -65,6 +65,7 @@
 #include "util.h"
 
 #undef sun
+#define IGNORE(x) do if (x); while (0)
 
 /*----- Data structures ---------------------------------------------------*/
 
@@ -92,6 +93,7 @@ static const char *bgtag = 0;
 #define f_noinput 64u
 #define f_warn 128u
 #define f_uclose 256u
+#define f_losing 512u
 
 /*----- Main code ---------------------------------------------------------*/
 
@@ -154,6 +156,7 @@ static void cline(char *p, size_t len, void *b)
   if (!p) {
     if (f & f_command)
       die(EXIT_FAILURE, "server dropped the connection");
+    f &= ~f_losing;
     exit(0);
   }
   q = str_getword(&p);
@@ -477,8 +480,6 @@ int main(int argc, char *argv[])
     die(EXIT_FAILURE, "couldn't set `%s' as current directory: %s",
        dir, strerror(errno));
   }
-  if (logname)
-    logfile(logname);
   if (!pidfile && (f & f_daemon) && ((f & f_syslog) || logname))
     pidfile = "tripectl.pid";
   if (pidfile && (pidfp = fopen(pidfile, "w")) == 0) {
@@ -523,7 +524,6 @@ int main(int argc, char *argv[])
       md[1].cur = pfd[1]; md[1].want = STDOUT_FILENO;
       md[2].cur = efd[1]; md[2].want = STDERR_FILENO;
       mdup(md, 3);
-      if (logfp) fclose(logfp);
       if (pidfp) fclose(pidfp);
       closelog();
       if (f & f_daemon) detachtty();
@@ -550,7 +550,10 @@ int main(int argc, char *argv[])
     }
   }
 
+  f |= f_losing; /* pessimism */
   u_setugid(u, g);
+  if (logname)
+    logfile(logname);
   if (f & f_daemon) {
     if (daemonize())
       die(EXIT_FAILURE, "error becoming daemon: %s", strerror(errno));

diff --git a/debian/changelog b/debian/changelog
index b8cf6c6..4d8a441 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+tripe (1.0.0pre11~preview) experimental; urgency=low
+
+  * Fix log/permissions foul-up.  Move the logs to /var/log/tripe, and
+    arrange for that directory to exist with the correct permissions.
+    Don't try to open the log until after dropping privileges, so as to
+    provide a check that we can reopen them later.
+
+ -- Mark Wooding <mdw@distorted.org.uk>  Mon, 27 Jun 2011 09:51:08 +0100
+
 tripe (1.0.0pre10) experimental; urgency=low
 
   * Overhaul SLIP error handling.

diff --git a/debian/rules b/debian/rules
index 7cc8074..b902fb6 100755 (executable)
--- a/debian/rules
+++ b/debian/rules
@@ -22,10 +22,10 @@ DEB_CONFIGURE_EXTRA_FLAGS = \
        --with-tunnel="$(default_tunnel) slip" \
        --with-configdir="/etc/tripe" \
        --with-socketdir="/var/run" \
-       --with-logfile="/var/log/tripe.log" \
+       --with-logfile="/var/log/tripe/tripe.log" \
        --with-pidfile="/var/run/tripectl.pid" \
        --with-initconfig="/etc/default/tripe" \
-       --with-wireshark
+       --with-wireshark="/usr/lib/wireshark/libwireshark0/plugins"
 
 ###--------------------------------------------------------------------------
 ### Python.

diff --git a/debian/tripe.logrotate b/debian/tripe.logrotate
index 83a0066..ff3f470 100644 (file)
--- a/debian/tripe.logrotate
+++ b/debian/tripe.logrotate
@@ -1,4 +1,4 @@
-/var/log/tripe.log {
+/var/log/tripe/tripe.log {
        rotate 7
        weekly
        compress

diff --git a/debian/tripe.postinst b/debian/tripe.postinst
index 2994690..0ec93bc 100644 (file)
--- a/debian/tripe.postinst
+++ b/debian/tripe.postinst
@@ -22,4 +22,14 @@ getent passwd tripe >/dev/null || \
                --gecos "TrIPE server" \
                tripe
 
+## Create the log directory and an initial logfile.
+if [ ! -d /var/log/tripe ]; then
+  mkdir -m2750 /var/log/tripe
+  chown tripe:adm /var/log/tripe
+fi
+if [ ! -f /var/log/tripe/tripe.log ]; then
+  (umask 027; touch /var/log/tripe/tripe.log)
+  chown tripe:adm /var/log/tripe/tripe.log
+fi
+
 #DEBHELPER#