From: Vincent Bernat Date: Tue, 4 May 2021 19:46:30 +0000 (+0200) Subject: client: put lock file in the same directory as the socket X-Git-Tag: 1.0.12~19 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a1c9d4bef7ffba4ae754b213613e8a9cde498b36;p=thirdparty%2Flldpd.git client: put lock file in the same directory as the socket The whole deal I was trying to solve is the fact that I cannot put the lock here because I was unprivileged. Just let lldpd create the lock in the same way it creates the socket (same privileges). --- diff --git a/configure.ac b/configure.ac index e7e15965..5128569d 100644 --- a/configure.ac +++ b/configure.ac @@ -351,7 +351,6 @@ fi lldp_ARG_WITH([privsep-chroot], [Which directory to use to chroot lldpd], [${runstatedir}/lldpd]) lldp_ARG_WITH([lldpd-ctl-socket], [Path to socket for communication with lldpd], [${runstatedir}/lldpd.socket]) lldp_ARG_WITH([lldpd-pid-file], [Path to lldpd PID file], [${runstatedir}/lldpd.pid]) -lldp_ARG_WITH([lldpcli-lock-dir], [Which directory to use to put locks], [${localstatedir}/lock]) # Netlink lldp_ARG_WITH_UNQUOTED([netlink-max-receive-bufsize], [Netlink maximum receive buffer size], [1024*1024]) diff --git a/src/client/commands.c b/src/client/commands.c index b7b77dde..e6bd349e 100644 --- a/src/client/commands.c +++ b/src/client/commands.c @@ -451,21 +451,16 @@ _commands_execute(struct lldpctl_conn_t *conn, struct writer *w, if (best->execute) { if (needlock) { if (lockfd == -1) { - char *_ctlname = NULL; if (lockname == NULL && - ((_ctlname = strdup(ctlname)) == NULL || - asprintf(&lockname, LLDPCLI_LOCK_DIR "/%s.lck", - basename(_ctlname)) == -1)) { + asprintf(&lockname, "%s.lock", + ctlname) == -1) { log_warnx("lldpctl", "not enough memory to build lock filename"); rc = -1; - free(_ctlname); goto end; } - free(_ctlname); log_debug("lldpctl", "open %s for locking", lockname); - if ((lockfd = open(lockname, - O_CREAT|O_RDWR|O_NOFOLLOW, 0666)) == -1) { + if ((lockfd = open(lockname, O_RDWR)) == -1) { log_warn("lldpctl", "cannot open lock %s", lockname); rc = -1; goto end; diff --git a/src/daemon/lldpd.c b/src/daemon/lldpd.c index a7b2647b..c717c012 100644 --- a/src/daemon/lldpd.c +++ b/src/daemon/lldpd.c @@ -1309,12 +1309,17 @@ lldpd_loop(struct lldpd *cfg) static void lldpd_exit(struct lldpd *cfg) { + char *lockname = NULL; struct lldpd_hardware *hardware, *hardware_next; log_debug("main", "exit lldpd"); TAILQ_FOREACH(hardware, &cfg->g_hardware, h_entries) lldpd_send_shutdown(hardware); + if (asprintf(&lockname, "%s.lock", cfg->g_ctlname) != -1) { + priv_ctl_cleanup(lockname); + free(lockname); + } close(cfg->g_ctl); priv_ctl_cleanup(cfg->g_ctlname); log_debug("main", "cleanup hardware information"); @@ -1797,6 +1802,24 @@ lldpd_main(int argc, char *argv[], char *envp[]) log_warn("main", "unable to chmod control socket"); #endif + /* Create associated advisory lock file */ + char *lockname = NULL; + int fd; + if (asprintf(&lockname, "%s.lock", ctlname) == -1) + fatal("main", "cannot build lock name"); + if ((fd = open(lockname, O_CREAT|O_RDWR, 0000)) == -1) + fatal("main", "cannot create lock file for control socket"); + close(fd); +#ifdef ENABLE_PRIVSEP + if (chown(lockname, uid, gid) == -1) + log_warn("main", "unable to chown control socket lock"); + if (chmod(lockname, + S_IRUSR | S_IWUSR | S_IXUSR | + S_IRGRP | S_IWGRP | S_IXGRP) == -1) + log_warn("main", "unable to chmod control socket lock"); +#endif + free(lockname); + /* Disable SIGPIPE */ signal(SIGPIPE, SIG_IGN); diff --git a/tests/integration/fixtures/programs.py b/tests/integration/fixtures/programs.py index 04e27153..e389c011 100644 --- a/tests/integration/fixtures/programs.py +++ b/tests/integration/fixtures/programs.py @@ -207,12 +207,6 @@ protocols: files services: files """) - # Ensure lock directory also exists. This can be a broken symlink! - path = os.path.realpath("/var/lock") - if not os.path.isdir(path): - os.mkdir(path) - mount_tmpfs(path) - # Remove any config path = os.path.join(self.config.lldpd.confdir, "lldpd.conf") if os.path.isfile(path):