Commit 2c8bf424 authored by 's avatar

Added 'mapi' user group for sockets, shared memory, and semaphores. The group...

Added 'mapi' user group for sockets, shared memory, and semaphores. The group name can be changed at configure-time. Some quick notes about this have been added to INSTALL.

git-svn-id: file:///home/svn/mapi/trunk@872 8d5bb341-7cf1-0310-8cf6-ba355fef3186
parent d012c59c
Generic installation notes are below. Here are some quick notes:
0. ./bootstrap.sh (only for a fresh checkout from CVS)
1. ./configure (see below for a list of available options)
1. ./configure
2. make
3. make install
4. Change mapi.conf (located in <prefix>/etc/mapi/), if needed, to fit
3. su -
4. make install
5. Change mapi.conf (located in <prefix>/etc/mapi/), if needed, to fit
your system (e.g., add/remove monitoring interfaces)
5. mapid
6. mapicommd (only if distributed monitoring support is enabled)
7. run some MAPI applications - the 'tests' directory is a good start :)
6. mapid
7. mapicommd (only if distributed monitoring support is enabled)
8. run some MAPI applications - the 'tests' directory is a good start :)
To compile the tests, just run 'make' in the 'tests' directory after you
have 'make install'ed MAPI (i.e., libmapi should have been installed in
<prefix>/lib before compiling the tests)
The default installation prefix is /usr/local and can be changed using the
--prefix switch. See below for a list of the available configure options.
Library path
......@@ -32,71 +32,81 @@ variable LD_LIBRARY_PATH as follows:
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib
MAPI configure-time switches
============================
Permissions
===========
'--enable-dimapi'
Support for remote and distributed monitoring (DiMAPI).
Usually, the monitoring daemon (mapid) must run with root permissions,
e.g., for capturing traffic in promicious mode from an Ethernet interface
like eth0. Such traffic monitoring is a sensitive operation and should be
allowed only for selected users. With MAPI, non-root users can also build
and run MAPI monitoring applications using the installed mapid.
'--enable-dag'
Support for Endace's DAG packet capture cards.
During installation, a special user group is created for MAPI, and users of
this group have the right to run MAPI applications that interact with the
installed mapid. The default name of this user group is 'mapi'. Users can
be added to the 'mapi' group using (as root):
'--enable-ssl'
Enable encryption of DiMAPI traffic
adduser username mapi
MAPI function libraries:
The name of the MAPI user group can be changed at configure time by setting
the MAPI_GROUP variable, e.g.:
'--enable-trackflib'
Build the traffic characterization library.
./configure MAPI_GROUP=foo
'--enable-ipfixflib'
Build the NetFlow export library.
'--enable-anonflib'
Build the traffic anonymization library.
MAPI configure-time switches
============================
'--enable-extraflib'
Build the extra functions library
--enable-dimapi Support for remote and distributed monitoring
--enable-dag Support for Endace's DAG packet capture cards
--enable-ssl Enable encryption of DiMAPI traffic
MAPI function libraries:
Misc options
--enable-trackflib Build the traffic characterization library
--enable-ipfixflib Build the NetFlow export library
--enable-anonflib Build the traffic anonymization library
--enable-extraflib Build the extra functions library
'--enable-modifypkts'
Enable support for functions that modify packets.
External packages configuration
'--enable-funcstats'
Enable function statistics. This option enables packet counters for
each applied function.
--with-libpcap=DIR Manual libpcap path configuration, in case the
configuration script can't find it. Search for the
library in DIR/lib, and for the header file in
DIR/include
--with-libdag=DIR Search for libdag in DIR/lib, and for the header
file in DIR/include
--with-ssl=DIR Location of installed SSL libraries/include files
--with-libpcre-includes=DIR Search for libpcre headers in DIR
--with-libpcre-libraries=DIR Search for libpcre library in DIR
External packages configuration
Since MAPI is in beta-testing stage, debugging is always on
(DEBUG=1 in config.h)
/* --enable-debug Enable debugging options */
'--with-libpcap=DIR'
Manual libpcap path configuration, in case the configuration script
can't find it. Search for the library in DIR/lib, and for the header
file in DIR/include.
Variables
'--with-libdag=DIR'
Search for libdag in DIR/lib, and for the header file in DIR/include.
MAPI_GROUP Name of the MAPI user group (default: 'mapi')
'--with-libpcre-includes=DIR'
Search for libpcre headers in DIR
'--with-libpcre-libraries=DIR'
Search for libpcre library in DIR
Miscellaneous
=============
'--with-ssl=DIR'
Location of installed SSL libraries/include files
To compile the tests, just run 'make' in the 'tests' directory after you
have 'make install'ed MAPI (i.e., libmapi should have been installed in
<prefix>/lib before compiling the tests)
At this beta-testing stage, debugging is always on (DEBUG=1 in config.h)
Aditional information can be found in doc/mapitutor.pdf, in the man pages,
and at http://mapi.uninett.no/
/* '--enable-debug'
Enable debugging options (bugreports and developers only). */
To get in contact with other users and the developers of MAPI, please join
the MAPI mailing list at http://mapi.uninett.no/
Please send bug reports to mapi@uninett.no or submit them directly to the
MAPI bugtracking system at http://bugs.uninett.no/
Aditional information can be found in doc/mapitutor.pdf
and at http://mapi.uninett.no
============ end of MAPI quick notes ============
==== end of MAPI quick notes ====
Installation Instructions
......
......@@ -178,6 +178,13 @@ AC_DEFINE(DEBUG, 1, [keep debugging on during beta testing])
AC_DEFINE(VALGRIND, 1, [easier debugging using valgrind])
#AC_DEFINE(WITH_AUTHENTICATION, 1, [support for authentication])
# mapi user group name
AC_ARG_VAR(MAPI_GROUP, [Name of the MAPI user group (default: 'mapi')])
if test x$MAPI_GROUP = x; then
MAPI_GROUP=mapi;
fi
AC_DEFINE_UNQUOTED(MAPI_GROUP_NAME, "${MAPI_GROUP}", [mapi group name])
# in the end will contain all the enabled MAPI function libraries
MAPI_FUNC_LIBS="stdflib.so"
......@@ -350,6 +357,7 @@ else
AC_MSG_RESULT(no)
fi
# Checks for libraries
AC_MSG_NOTICE([libraries ---------------------------------------------------])
......@@ -649,6 +657,7 @@ echo "Headers: ${prefix}/include"
echo "Configuration files: ${CONFDIR}"
echo "drivers/functions/misc: ${DATADIR}"
echo "MAPI function libraries: ${MAPI_FUNC_LIBS}"
echo "mapid user group: ${MAPI_GROUP}"
if test x$dimapi = xtrue; then
echo "option: DiMAPI"
fi
......
......@@ -419,7 +419,7 @@ If the flow does not exist, it returns -1.
.\".TP
.\".B <etc . . .>
.SH BUGS
Please send bug reports to info@ist-scampi.org
Please send bug reports to mapi@uninett.no
.SH "SEE ALSO"
.BR mapi_stdflib (3),
.BR mapi_trackflib (3),
......
......@@ -120,7 +120,7 @@ HTTP_VERSION, METHOD, URI, USER_AGENT, ACCEPT, ACCEPT_CHARSET, ACCEPT_ENCODING,
.IP "\fBFTP protocol fields\fP"
USER, PASS, ACCT, FTP_TYPE, STRU, MODE, CWD, PWD, CDUP, PASV, RETR, REST, PORT, LIST, NLST, QUIT, SYST, STAT, HELP, NOOP, STOR, APPE, STOU, ALLO, MKD, RMD, DELE, RNFR, RNTO, SITE, FTP_RESPONSE_CODE, FTP_RESPONSE_ARG
.SH BUGS
Please send bug reports to info@ist-scampi.org
Please send bug reports to mapi@uninett.no
.SH "SEE ALSO"
.BR mapi (3),
.BR mapi_stdflib (3),
......
......@@ -58,7 +58,7 @@ Return TOP \fIX\fP values of the \fIfield\fP field of the \fIprotocol\fP protoco
Type of results: \fBunsigned int[]\fP.
.SH BUGS
Please send bug reports to info@ist-scampi.org
Please send bug reports to mapi@uninett.no
.SH "SEE ALSO"
.BR mapi (3),
.BR mapi_trackflib (3),
......
......@@ -355,7 +355,7 @@ void die(){
}
.fi
.SH BUGS
Please send bug reports to info@ist-scampi.org
Please send bug reports to mapi@uninett.no
.SH "SEE ALSO"
.BR mapi (3),
.BR mapi_trackflib (3),
......
......@@ -85,7 +85,7 @@ void die(){
}
.fi
.SH BUGS
Please send bug reports to info@ist-scampi.org
Please send bug reports to mapi@uninett.no
.SH "SEE ALSO"
.BR mapi (3),
.BR mapi_stdlib (3),
......
......@@ -56,3 +56,10 @@ EXTRA_DIST = errors.mapi combo6flib vod
dist-hook:
rm -rf `find $(distdir)/combo6flib -name .svn`
rm -rf `find $(distdir)/vod -name .svn`
# if installing as root, create a mapi user group
install-exec-hook:
@if test ${USER} = root; then \
groupadd -f ${MAPI_GROUP}; \
echo "Created user group '${MAPI_GROUP}'"; \
fi
......@@ -8,6 +8,7 @@
#include <unistd.h>
#include <errno.h>
#include <sys/types.h>
#include <grp.h>
#include <sys/stat.h>
#include <sys/sem.h>
#include <fcntl.h>
......@@ -112,31 +113,48 @@ int fhlp_create_semaphore(fhlp_sem_t *sem, int num)
ushort * array;
} argument;
int fd;
struct group *mapi_group;
struct semid_ds sem_data;
argument.val = 0;
strncpy(pathname,FUNCTION_SEM_TEMPLATE,MAPI_STR_LENGTH);
if(mkstemp(pathname)==-1)
return MDLIB_SEM_ERR;
umask(017);
if((fd=open(pathname,O_EXCL,FUNCTION_SEM_PERMS))<0)
return MDLIB_SEM_ERR;
else
else
close(fd);
strncpy(sem->fname,pathname,MAPI_STR_LENGTH);
if((sem->key=ftok(pathname,FUNCTION_SEM_PROJECT_ID))<0)
return MDLIB_SEM_ERR;
if((sem->id=semget(sem->key,num,FUNCTION_SEM_PERMS | IPC_CREAT)) < 0)
return MDLIB_SEM_ERR;
if( semctl(sem->id, 0, SETVAL, argument) < 0)
{
ERROR_CMD(printf("Error setting semaphore (%s) [%s:%d]\n",strerror(errno),__FILE__,__LINE__));
return MDLIB_SEM_ERR;
}
if( semctl(sem->id, 0, SETVAL, argument) < 0) {
ERROR_CMD(printf("Error setting semaphore (%s) [%s:%d]\n",strerror(errno),__FILE__,__LINE__));
return MDLIB_SEM_ERR;
}
// if a mapi user group exists, set group permissions accordingly,
// otherwise the group ID will be equal to the user ID of the user that
// invoked mapid
mapi_group = getgrnam(MAPI_GROUP_NAME);
if (mapi_group != NULL) {
if (semctl(sem->id, 0, IPC_STAT, &sem_data) < 0) {
WARNING_CMD(printf("Warning: semctl IPC_STAT of %d failed (%s) [%s:%d]\n",
sem->id,strerror(errno),__FILE__,__LINE__));
}
sem_data.sem_perm.gid = mapi_group->gr_gid;
if (semctl(sem->id, 0, IPC_SET, &sem_data) != 0) {
WARNING_CMD(printf("Warning: semctl IPC_SET of %d failed (%s) [%s:%d]\n",
sem->id,strerror(errno),__FILE__,__LINE__));
}
}
DEBUG_CMD(printf("Semaphore created. key=%d, id=%d, file=%s [%s:%d]\n",sem->key,sem->id,sem->fname,__FILE__,__LINE__));
......@@ -148,11 +166,11 @@ void fhlp_free_semaphore(fhlp_sem_t *sem)
if (semctl(sem->id,0,IPC_RMID)) {
WARNING_CMD(printf("Could not free semaphore id=%d (%s) [%s:%d]\n",sem->id,strerror(errno),__FILE__,__LINE__));
}
if (remove(sem->fname)<0) {
WARNING_CMD(printf("Could not remove semaphore file %s (%s) [%s:%d]\n",sem->fname,strerror(errno),__FILE__,__LINE__));
}
DEBUG_CMD(printf("Removed semaphore id=%d [%s:%d]\n",sem->id,__FILE__,__LINE__));
}
......
......@@ -10,6 +10,8 @@
#include <unistd.h>
#include <errno.h>
#include <time.h>
#include <sys/types.h>
#include <grp.h>
#include "mapidlib.h"
#include "mapilibhandler.h"
#include "mapidflib.h"
......@@ -70,6 +72,8 @@ mapid_init(mapidlib_instance_t *i)
char buf[1024],*str,*s;
char pathname[MAPI_STR_LENGTH];
int fd;
struct group *mapi_group;
struct shmid_ds shm_data;
//Copy devtype
/*
......@@ -145,6 +149,22 @@ mapid_init(mapidlib_instance_t *i)
if((i->shm_spinlock=shmat(i->shm_spinlock_id,0,0))==NULL)
return MDLIB_SHM_ERR;
// if a mapi user group exists, set group permissions accordingly,
// otherwise the group ID will be equal to the user ID of the user that
// invoked mapid
mapi_group = getgrnam(MAPI_GROUP_NAME);
if (mapi_group != NULL) {
if (shmctl(i->shm_spinlock_id, IPC_STAT, &shm_data) != 0) {
WARNING_CMD(printf("Warning: shmctl IPC_STAT of %d failed (%s) [%s:%d]\n",
i->shm_spinlock_id,strerror(errno),__FILE__,__LINE__));
}
shm_data.shm_perm.gid = mapi_group->gr_gid;
if (shmctl(i->shm_spinlock_id, IPC_SET, &shm_data) != 0) {
WARNING_CMD(printf("Warning: shmctl IPC_SET of %d failed (%s) [%s:%d]\n",
i->shm_spinlock_id,strerror(errno),__FILE__,__LINE__));
}
}
//Initialize spinlock
pthread_spin_init (i->shm_spinlock, PTHREAD_PROCESS_SHARED);
i->shm_spinlock_size=sizeof(pthread_spinlock_t);
......@@ -347,7 +367,7 @@ mapid_connect(mapidlib_instance_t *i,int fd)
struct mapidlibflow *flow=flist_priorities_get(i->flowlist,fd);
#else
struct mapidlibflow *flow=flist_get(i->flowlist,fd);
#endif
#endif
flist_node_t *n;
mapidflib_function_t *f;
mapidflib_function_instance_t *fi;
......@@ -355,6 +375,8 @@ mapid_connect(mapidlib_instance_t *i,int fd)
int error=0;
int id, fdn;
char pathname[MAPI_STR_LENGTH];
struct group *mapi_group;
struct shmid_ds shm_data;
/* NULL-> invalid flow descriptor, set error */
if(flow==NULL)
......@@ -362,31 +384,31 @@ mapid_connect(mapidlib_instance_t *i,int fd)
//we can't know the flow-id, so we can't set an error */
return -1;
}
DEBUG_CMD(printf ("Connect to flow %d [%s:%d]\n", fd, __FILE__,__LINE__));
/* Don't allow connect() for a second time at the same flow*/
if(flow->status == FLOW_ACTIVE) {
return MDLIB_FLOW_ALREADY_ACTIVE;
}
if(flow->shm_size>0) {
//Allocate shared memory
strncpy(pathname,FUNCTION_SHM_TEMPLATE,MAPI_STR_LENGTH);
if(mktemp(pathname)==NULL)
return MDLIB_SHM_ERR;
umask(017);
if((fdn=open(pathname,O_CREAT|O_EXCL,FUNCTION_SHM_PERMS))<0)
return MDLIB_SHM_ERR;
else
else
close(fdn);
strncpy(flow->shm_fname,pathname,MAPI_STR_LENGTH);
if((flow->shm_key=ftok(pathname,FUNCTION_SHM_PROJECT_ID))<0)
return MDLIB_SHM_ERR;
if((id=shmget(flow->shm_key,flow->shm_size,FUNCTION_SHM_PERMS | IPC_CREAT)) < 0)
return MDLIB_SHM_ERR;
......@@ -395,6 +417,22 @@ mapid_connect(mapidlib_instance_t *i,int fd)
if((flow->shm=shmat(id,0,0))==NULL)
return MDLIB_SHM_ERR;
// if a mapi user group exists, set group permissions accordingly,
// otherwise the group ID will be equal to the user ID of the user that
// invoked mapid
mapi_group = getgrnam(MAPI_GROUP_NAME);
if (mapi_group != NULL) {
if (shmctl(id, IPC_STAT, &shm_data) != 0) {
WARNING_CMD(printf("Warning: shmctl IPC_STAT of %d failed (%s) [%s:%d]\n",
id,strerror(errno),__FILE__,__LINE__));
}
shm_data.shm_perm.gid = mapi_group->gr_gid;
if (shmctl(id, IPC_SET, &shm_data) != 0) {
WARNING_CMD(printf("Warning: shmctl IPC_SET of %d failed (%s) [%s:%d]\n",
id,strerror(errno),__FILE__,__LINE__));
}
}
//Initialize memory to 0
memset(flow->shm,0,flow->shm_size);
}
......@@ -412,7 +450,7 @@ mapid_connect(mapidlib_instance_t *i,int fd)
fi->result.info.shm.offset=offset;
fi->result.data=flow->shm+offset;
offset+=fi->result.data_size;
//Set information about spinlock
fi->result.info.shm_spinlock.key=i->shm_spinlock_key;
fi->result.info.shm_spinlock.buf_size=i->shm_spinlock_size;
......
......@@ -2230,15 +2230,15 @@ default_read_result_init(flowdescr_t *flow,functdescr_t* f,void* data)
local_err=MAPI_SHM_ERR;
return -1;
}
if ((flow->shm_base=shmat(id, 0, FUNCTION_SHM_PERMS))==NULL) {
local_err = MAPI_SHM_ERR;
return -1;
}
}
if(!flow->shm_spinlock) {
//Get pointer to shared spinlock memory
//Get pointer to shared spinlock memory
id=shmget(shm_spinlock->key, shm_spinlock->buf_size, 660);
if(id<0)
{
......@@ -2253,8 +2253,7 @@ default_read_result_init(flowdescr_t *flow,functdescr_t* f,void* data)
return -1;
}
}
f->data=malloc(sizeof(shm_result_t));
((shm_result_t*)f->data)->ptr=flow->shm_base+shm->offset;
((shm_result_t*)f->data)->size=shm->res_size;
......@@ -2283,12 +2282,12 @@ int mapi_get_function_info(int fd,int fid, mapi_function_info_t *info)
if (!minit) {
DEBUG_CMD(printf("Not initialized! [%s:%d]\n",__FILE__,__LINE__));
local_err = MAPI_INIT_ERROR;
local_err = MAPI_INIT_ERROR;
return -1;
}
else if(fd<=0 || fid <=0 ){
//DEBUG_CMD(printf("Error wrong fd or fid in mapi_get_function_info\n\n"));
local_err =MAPI_INVALID_FID_FUNCID ;
local_err =MAPI_INVALID_FID_FUNCID ;
return -1;
}
else if (info == NULL){
......@@ -2303,14 +2302,14 @@ int mapi_get_function_info(int fd,int fid, mapi_function_info_t *info)
hflow->dbuf->cmd=GET_FUNCTION_INFO;
hflow->dbuf->fd=hflow->fd;
if ( (fdata=(function_data*)flist_get(hflow->functions, fid))==NULL ) {
local_err = MAPI_FUNCTION_INFO_ERR;
local_err = MAPI_FUNCTION_INFO_ERR;
return -1;
}
hflow->dbuf->fid = fdata->fid;
hflow->dbuf->length=BASIC_SIZE;
}
if (mapiipc_remote_write_to_all(rflow)<0){
if (mapiipc_remote_write_to_all(rflow)<0){
local_err = MCOM_SOCKET_ERROR;
return -1;
}
......@@ -2325,7 +2324,7 @@ int mapi_get_function_info(int fd,int fid, mapi_function_info_t *info)
memcpy(info,hflow->dbuf->data,sizeof(mapi_function_info_t));
continue;
case ERROR_ACK:
local_err = MAPI_FUNCTION_INFO_ERR;
local_err = MAPI_FUNCTION_INFO_ERR;
return -1;
default:
local_err = MAPI_FUNCTION_INFO_ERR;
......@@ -2339,11 +2338,11 @@ int mapi_get_function_info(int fd,int fid, mapi_function_info_t *info)
if ((flow=flist_get(flowlist,fd))==NULL) {
DEBUG_CMD(printf("Invalid flow: %d [%s:%d]\n",fd,__FILE__,__LINE__));
local_err = MAPI_INIT_ERROR;
local_err = MAPI_INIT_ERROR;
return -1;
}/* else if (flow->error!=0) {
DEBUG_CMD(printf("Invalid flow: %d due to error #%d [%s:%d]\n",fd,flow->error,__FILE__,__LINE__));
local_err = MAPI_INIT_ERROR;
local_err = MAPI_INIT_ERROR;
return -1;
}*/
......@@ -2355,7 +2354,7 @@ int mapi_get_function_info(int fd,int fid, mapi_function_info_t *info)
pthread_spin_lock(&mapi_lock);
if (mapiipc_write((struct mapiipcbuf*)&qbuf)<0) {
local_err = MCOM_SOCKET_ERROR;
pthread_spin_unlock(&mapi_lock);
pthread_spin_unlock(&mapi_lock);
return -1;
}
if (mapiipc_read((struct mapiipcbuf*)&qbuf)<0) {
......@@ -2389,7 +2388,7 @@ int mapi_get_next_function_info(int fd,int fid, mapi_function_info_t *info)
if (!minit) {
DEBUG_CMD(printf("Not initialized! [%s:%d]\n",__FILE__,__LINE__));
local_err=MAPI_INIT_ERROR;
local_err=MAPI_INIT_ERROR;
return -1;
}
else if(fd<=0 || fid <0 ){
......@@ -2416,7 +2415,7 @@ int mapi_get_next_function_info(int fd,int fid, mapi_function_info_t *info)
hflow->dbuf->length=BASIC_SIZE;
}
if (mapiipc_remote_write_to_all(rflow)<0){
if (mapiipc_remote_write_to_all(rflow)<0){
local_err = MCOM_SOCKET_ERROR;
return -1;
}
......@@ -2525,7 +2524,6 @@ int mapi_get_flow_info(int fd, mapi_flow_info_t *info)
local_err = MAPI_FLOW_INFO_ERR;
return -1;
}
}
return 0;
}
......@@ -2551,7 +2549,7 @@ int mapi_get_flow_info(int fd, mapi_flow_info_t *info)
if(qbuf.cmd==GET_FLOW_INFO_ACK) {
memcpy(info,qbuf.data,sizeof(mapi_flow_info_t));
return 0;
}
}
else {
local_err = MAPI_FLOW_INFO_ERR;
return -1;
......@@ -2795,7 +2793,7 @@ int mapi_get_device_info(int devid, mapi_device_info_t *info)
if(qbuf.cmd==GET_DEVICE_INFO_ACK) {
memcpy(info,qbuf.data,sizeof(mapi_device_info_t));
return 0;
}
}
else {
local_err = MAPI_DEVICE_INFO_ERR;
return -1;
......@@ -3155,7 +3153,7 @@ int mapi_authenticate(int fd, const char *username, const char *password, const
local_err = MAPI_INIT_ERROR;
return(-1);
}
/*
* Before we start, some trivial checks.
*/
......@@ -3248,7 +3246,7 @@ int mapi_authenticate(int fd, const char *username, const char *password, const
/*
* mfukar
*
*
* Forward data from agent to mapid.
*/
int agent_authenticate(void *data)
......@@ -3291,7 +3289,6 @@ int agent_authenticate(void *data)
default:
pthread_spin_unlock(&mapi_lock);
return(-1);
}
return(-1);
}
......
......@@ -14,6 +14,7 @@
#include <getopt.h>
#include <pthread.h>
#include <sys/types.h>
#include <grp.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <unistd.h>
......@@ -2013,7 +2014,8 @@ mapidcom ()
flist_node_t *tmpnode;
conf_category_entry_t *cat=NULL;
char *local;
struct group *mapi_group;
pthread_spin_init (&flowlist_lock, PTHREAD_PROCESS_SHARED);
pthread_spin_init (&clientlist_lock, PTHREAD_PROCESS_SHARED);
pthread_spin_init (&functlist_lock, PTHREAD_PROCESS_SHARED);
......@@ -2057,24 +2059,28 @@ mapidcom ()
// set up the address we will be binding to
memset (&mapidaddr, 0, sizeof (mapidaddr));
mapidaddr.sun_family = AF_LOCAL;
memcpy (mapidaddr.sun_path, mapidsocket, strlen(mapidsocket)+1);
unlink (mapidsocket);
len = sizeof mapidaddr.sun_family + strlen (mapidaddr.sun_path);
if (bind (listenerfd, (struct sockaddr *) &mapidaddr, len))
{
ERROR_CMD (printf
("bind: %s [%s:%d]\n", strerror (errno), __FILE__,
__LINE__));
exit (EXIT_FAILURE);
}
// allow any member of our own group to connect
chmod (mapidsocket, S_IRWXU | S_IRWXG);
if (bind (listenerfd, (struct sockaddr *) &mapidaddr, len)) {
ERROR_CMD (printf
("bind: %s [%s:%d]\n", strerror (errno), __FILE__, __LINE__));
exit (EXIT_FAILURE);
}
// allow any member of our own group to connect
chmod (mapidsocket, S_IRWXU | S_IRWXG);
// if a mapi user group exists, set group permissions accordingly,
// otherwise the group ID will be equal to the user ID of the user that
// invoked mapid
mapi_group = getgrnam(MAPI_GROUP_NAME);
if (mapi_group != NULL) {
chown(mapidsocket, -1, mapi_group->gr_gid);
}
if (listen (listenerfd, BACKLOG) == -1)
{
ERROR_CMD (printf
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment