--- freem/src/mumps.c 2025/04/03 20:48:14 1.15
+++ freem/src/mumps.c 2025/04/04 21:28:16 1.17
@@ -1,5 +1,5 @@
/*
- * $Id: mumps.c,v 1.15 2025/04/03 20:48:14 snw Exp $
+ * $Id: mumps.c,v 1.17 2025/04/04 21:28:16 snw Exp $
* main module of freem
*
*
@@ -24,6 +24,12 @@
* along with FreeM. If not, see .
*
* $Log: mumps.c,v $
+ * Revision 1.17 2025/04/04 21:28:16 snw
+ * Remove custom_user and custom_group vars from freem and shed privileges per environment catalog settings
+ *
+ * Revision 1.16 2025/04/04 19:43:18 snw
+ * Switch to using environment catalog to determine user and group for environment, and remove -u and -g flags from freem
+ *
* Revision 1.15 2025/04/03 20:48:14 snw
* Improve daemon error diagnostics and bump to 0.63.0-rc3
*
@@ -65,6 +71,7 @@
* SPDX-License-Identifier: AGPL-3.0-or-later
**/
+#define _GNU_SOURCE
#include
#include
#include "mpsdef.h"
@@ -137,9 +144,6 @@ int main (int argc, char **argv, char **
gid_t d_gid;
uid_t d_uid;
- short custom_user = FALSE;
- short custom_group = FALSE;
-
#if defined(HAVE_GETOPT_LONG)
struct option long_options[] = {
{"help", no_argument, 0, 'h'},
@@ -176,6 +180,8 @@ int main (int argc, char **argv, char **
char *cli_rtn_file;
char cli_rtn_name[256];
+ char env_ena[25];
+
routine_mode = FALSE;
strcpy (m_dialect, "FREEM");
@@ -205,7 +211,7 @@ int main (int argc, char **argv, char **
while (1) {
- c = getopt_long (argc, argv, "hsfiqRr:n:e:vx:dkpS:u:g:", long_options, &option_index);
+ c = getopt_long (argc, argv, "hsfiqRr:n:e:vx:dkpS", long_options, &option_index);
if (c == -1) break;
if (c == '?') freem_usage ();
@@ -318,18 +324,7 @@ int main (int argc, char **argv, char **
case 'S': /* --shmsize */
shm_init_size = atol (optarg);
- break;
-
- case 'u': /* --user */
- strncpy (d_username, optarg, 40);
- custom_user = TRUE;
- break;
-
- case 'g': /* --group */
- strncpy (d_groupname, optarg, 40);
- custom_group = TRUE;
- break;
-
+ break;
}
@@ -341,7 +336,7 @@ int main (int argc, char **argv, char **
extern char *optarg;
extern int optind, optopt;
- while ((c = getopt (argc, argv, "hsfiqRr:n:e:vx:dkS:u:g:")) != -1) {
+ while ((c = getopt (argc, argv, "hsfiqRr:n:e:vx:dkS:")) != -1) {
if (c == '?') freem_usage ();
@@ -449,17 +444,6 @@ int main (int argc, char **argv, char **
shm_init_size = atol (optarg);
break;
- case 'u': /* --user */
- strncpy (d_username, optarg, 40);
- custom_user = TRUE;
- break;
-
- case 'g': /* --group */
- strncpy (d_groupname, optarg, 40);
- custom_group = TRUE;
- break;
-
-
}
}
}
@@ -473,34 +457,65 @@ int main (int argc, char **argv, char **
#endif
snprintf (config_file, 4096, "%s/freem/%s/freem.conf", SYSCONFDIR, shm_env);
+ snprintf (env_config_file, 4096, "%s/freem/env.conf", SYSCONFDIR);
- if (run_daemon == TRUE && geteuid() == 0) {
+ if (!file_exists (env_config_file)) {
+ fprintf (stderr, "freem: environment catalog does not exist; may need to run fmadm configure\n");
+ exit (1);
+ }
- if (custom_group) {
- d_grp = getgrnam (d_groupname);
+ if (!file_exists (config_file)) {
+ fprintf (stderr, "freem: configuration file for %s does not exist; may need to run fmadm configure\n", shm_env);
+ exit (1);
+ }
- if (d_grp == NULL) {
- fprintf (stderr, "freem: invalid group '%s'\n", d_groupname);
- exit (1);
- }
-
- d_gid = d_grp->gr_gid;
- }
+ if (read_profile_string (env_config_file, shm_env, "user", d_username) == FALSE) {
+ fprintf (stderr, "freem: could not determine owning user for environment %s\n", shm_env);
+ exit (1);
+ }
- if (custom_user) {
- d_user = getpwnam (d_username);
+ if (read_profile_string (env_config_file, shm_env, "group", d_groupname) == FALSE) {
+ fprintf (stderr, "freem: could not determine owning group for environment %s\n", shm_env);
+ exit (1);
+ }
- if (d_user == NULL) {
- fprintf (stderr, "freem: invalid user '%s'\n", d_username);
- exit (1);
- }
-
- d_uid = d_user->pw_uid;
- }
- else {
- d_uid = 0;
- }
+ if (read_profile_string (env_config_file, shm_env, "enabled", env_ena) == FALSE) {
+ fprintf (stderr, "freem: could not discover enabled state for environment %s\n", shm_env);
+ exit (1);
+ }
+
+ if (strcmp (env_ena, "true") != 0) {
+ fprintf (stderr, "freem: environment %s is administratively disabled\n", shm_env);
+ exit (1);
+ }
+
+ d_grp = getgrnam (d_groupname);
+ if (d_grp == NULL) {
+ fprintf (stderr, "freem: invalid group '%s'\n", d_groupname);
+ exit (1);
+ }
+ d_gid = d_grp->gr_gid;
+ d_user = getpwnam (d_username);
+ if (d_user == NULL) {
+ fprintf (stderr, "freem: invalid user '%s'\n", d_username);
+ exit (1);
+ }
+ d_uid = d_user->pw_uid;
+
+
+#if defined(__linux__)
+ if (run_daemon == FALSE && group_member (d_gid) == 0) {
+ fprintf (stderr, "freem: you must be a member of the %s group to use environment %s\n", d_groupname, shm_env);
+ exit (1);
+ }
+#endif
+
+ if (run_daemon == TRUE) {
+ if (geteuid () != 0 && nofork == FALSE) {
+ fprintf (stderr, "freem: forking daemon must be run as root\n");
+ exit (1);
+ }
}
if ((nofork == TRUE) && (run_daemon == FALSE)) {
@@ -558,19 +573,19 @@ int main (int argc, char **argv, char **
if (geteuid () == 0) {
/* shed privileges */
- if (custom_group) {
- fprintf (stderr, "freem: switching to group %s\n", d_groupname);
- m_log (1, "switching groups");
+
+ fprintf (stderr, "freem: switching to group %s\n", d_groupname);
+ m_log (1, "switching groups");
- if (setgid (d_gid) == -1) {
- fprintf (stderr, "freem: failure switching GID\n");
- m_log (1, "failure switching GIDs");
- exit (1);
- }
+ if (setgid (d_gid) == -1) {
+ fprintf (stderr, "freem: failure switching GID\n");
+ m_log (1, "failure switching GIDs");
+ exit (1);
}
+
- if (custom_user) {
+ if (d_uid != geteuid ()) {
fprintf (stderr, "freem: switching to username %s\n", d_username);
m_log (1, "switching users");