client: put lock file in the same directory as the socket

The whole deal I was trying to solve is the fact that I cannot put the
lock here because I was unprivileged. Just let lldpd create the lock
in the same way it creates the socket (same privileges).

diff --git a/configure.ac b/configure.ac
index e7e159657ad9a042aa26464d2fdd7ef581e9ba47..5128569de869c1066e4bb6030867d9f2d2586012 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -351,7 +351,6 @@ fi
 lldp_ARG_WITH([privsep-chroot], [Which directory to use to chroot lldpd], [${runstatedir}/lldpd])
 lldp_ARG_WITH([lldpd-ctl-socket], [Path to socket for communication with lldpd], [${runstatedir}/lldpd.socket])
 lldp_ARG_WITH([lldpd-pid-file], [Path to lldpd PID file], [${runstatedir}/lldpd.pid])
-lldp_ARG_WITH([lldpcli-lock-dir], [Which directory to use to put locks], [${localstatedir}/lock])
 
 # Netlink
 lldp_ARG_WITH_UNQUOTED([netlink-max-receive-bufsize], [Netlink maximum receive buffer size], [1024*1024])

diff --git a/src/client/commands.c b/src/client/commands.c
index b7b77dded309f92ffdf5ed782b04044d37ca2623..e6bd349e799c31278e8346af98de2d978816f889 100644 (file)
--- a/src/client/commands.c
+++ b/src/client/commands.c
@@ -451,21 +451,16 @@ _commands_execute(struct lldpctl_conn_t *conn, struct writer *w,
                if (best->execute) {
                        if (needlock) {
                                if (lockfd == -1) {
-                                       char *_ctlname = NULL;
                                        if (lockname == NULL &&
-                                           ((_ctlname = strdup(ctlname)) == NULL ||
-                                           asprintf(&lockname, LLDPCLI_LOCK_DIR "/%s.lck",
-                                           basename(_ctlname)) == -1)) {
+                                           asprintf(&lockname, "%s.lock",
+                                           ctlname) == -1) {
                                                log_warnx("lldpctl",
                                                    "not enough memory to build lock filename");
                                                rc = -1;
-                                               free(_ctlname);
                                                goto end;
                                        }
-                                       free(_ctlname);
                                        log_debug("lldpctl", "open %s for locking", lockname);
-                                       if ((lockfd = open(lockname,
-                                           O_CREAT|O_RDWR|O_NOFOLLOW, 0666)) == -1) {
+                                       if ((lockfd = open(lockname, O_RDWR)) == -1) {
                                                log_warn("lldpctl", "cannot open lock %s", lockname);
                                                rc = -1;
                                                goto end;

diff --git a/src/daemon/lldpd.c b/src/daemon/lldpd.c
index a7b2647b499c5581ccdd8c21d03c9d9c46f25984..c717c012c5a95ab9c1479beb28f70af0162a9e95 100644 (file)
--- a/src/daemon/lldpd.c
+++ b/src/daemon/lldpd.c
@@ -1309,12 +1309,17 @@ lldpd_loop(struct lldpd *cfg)
 static void
 lldpd_exit(struct lldpd *cfg)
 {
+       char *lockname = NULL;
        struct lldpd_hardware *hardware, *hardware_next;
        log_debug("main", "exit lldpd");
 
        TAILQ_FOREACH(hardware, &cfg->g_hardware, h_entries)
                lldpd_send_shutdown(hardware);
 
+       if (asprintf(&lockname, "%s.lock", cfg->g_ctlname) != -1) {
+               priv_ctl_cleanup(lockname);
+               free(lockname);
+       }
        close(cfg->g_ctl);
        priv_ctl_cleanup(cfg->g_ctlname);
        log_debug("main", "cleanup hardware information");
@@ -1797,6 +1802,24 @@ lldpd_main(int argc, char *argv[], char *envp[])
                log_warn("main", "unable to chmod control socket");
 #endif
 
+       /* Create associated advisory lock file */
+       char *lockname = NULL;
+       int fd;
+       if (asprintf(&lockname, "%s.lock", ctlname) == -1)
+               fatal("main", "cannot build lock name");
+       if ((fd = open(lockname, O_CREAT|O_RDWR, 0000)) == -1)
+               fatal("main", "cannot create lock file for control socket");
+       close(fd);
+#ifdef ENABLE_PRIVSEP
+       if (chown(lockname, uid, gid) == -1)
+               log_warn("main", "unable to chown control socket lock");
+       if (chmod(lockname,
+               S_IRUSR | S_IWUSR | S_IXUSR |
+               S_IRGRP | S_IWGRP | S_IXGRP) == -1)
+               log_warn("main", "unable to chmod control socket lock");
+#endif
+       free(lockname);
+
        /* Disable SIGPIPE */
        signal(SIGPIPE, SIG_IGN);
 

diff --git a/tests/integration/fixtures/programs.py b/tests/integration/fixtures/programs.py
index 04e2715374a139dc428c372efc380d9d38d751c4..e389c011e249064a4125152e5a01b4957d087a9c 100644 (file)
--- a/tests/integration/fixtures/programs.py
+++ b/tests/integration/fixtures/programs.py
@@ -207,12 +207,6 @@ protocols: files
 services: files
 """)
 
-        # Ensure lock directory also exists. This can be a broken symlink!
-        path = os.path.realpath("/var/lock")
-        if not os.path.isdir(path):
-            os.mkdir(path)
-        mount_tmpfs(path)
-
         # Remove any config
         path = os.path.join(self.config.lldpd.confdir, "lldpd.conf")
         if os.path.isfile(path):