diff options
| -rwxr-xr-x | configure | 69 | ||||
| -rwxr-xr-x | make/install-extras.pl | 6 | ||||
| -rw-r--r-- | make/template/inspircd | 17 | ||||
| -rw-r--r-- | make/template/main.mk | 35 | ||||
| -rw-r--r-- | src/modules/extra/m_ssl_gnutls.cpp | 5 | ||||
| -rw-r--r-- | src/modules/extra/m_ssl_openssl.cpp | 5 |
6 files changed, 72 insertions, 65 deletions
@@ -44,7 +44,8 @@ use make::opensslcert; our ($opt_use_gnutls, $opt_rebuild, $opt_use_openssl, $opt_nointeractive, $opt_ports, $opt_epoll, $opt_kqueue, $opt_noports, $opt_noepoll, $opt_nokqueue, - $opt_noipv6, $opt_maxbuf, $opt_disable_debug, $opt_freebsd_port); + $opt_noipv6, $opt_maxbuf, $opt_disable_debug, $opt_freebsd_port, + $opt_system, $opt_uid); our ($opt_cc, $opt_base_dir, $opt_config_dir, $opt_module_dir, $opt_binary_dir); @@ -60,6 +61,8 @@ my @opt_disableextras; GetOptions ( 'enable-gnutls' => \$opt_use_gnutls, 'rebuild' => \$opt_rebuild, + 'system' => \$opt_system, + 'uid=s' => \$opt_uid, 'enable-openssl' => \$opt_use_openssl, 'disable-interactive' => \$opt_nointeractive, 'enable-ports' => \$opt_ports, @@ -98,7 +101,7 @@ if (scalar(@opt_enableextras) + scalar(@opt_disableextras) > 0) { exit 0; } -our $non_interactive = ( +our $interactive = !( (defined $opt_base_dir) || (defined $opt_config_dir) || (defined $opt_module_dir) || @@ -115,10 +118,11 @@ our $non_interactive = ( (defined $opt_noepoll) || (defined $opt_noports) || (defined $opt_maxbuf) || + (defined $opt_system) || + (defined $opt_uid) || (defined $opt_use_gnutls) || (defined $opt_freebsd_port) ); -our $interactive = !$non_interactive; chomp(our $topdir = getcwd()); our $this = resolve_directory($topdir); # PWD, Regardless. @@ -128,26 +132,33 @@ $config{ME} = resolve_directory($topdir); # Present Working Directory $config{BASE_DIR} = $config{ME}."/run"; -if (defined $opt_base_dir) -{ +if (defined $opt_base_dir) { $config{BASE_DIR} = $opt_base_dir; +} elsif (defined $opt_system || defined $opt_uid) { + $config{BASE_DIR} = '/var/lib/inspircd'; } -$config{CONFIG_DIR} = resolve_directory($config{BASE_DIR}."/conf"); # Configuration Directory -$config{MODULE_DIR} = resolve_directory($config{BASE_DIR}."/modules"); # Modules Directory -$config{BINARY_DIR} = resolve_directory($config{BASE_DIR}."/bin"); # Binary Directory -$config{BUILD_DIR} = resolve_directory($config{ME}."/build"); # Build Directory +if (defined $opt_system || defined $opt_uid) { + $config{UID} = $opt_uid || 'ircd'; + $config{CONFIG_DIR} = '/etc/inspircd'; + $config{MODULE_DIR} = '/usr/lib/inspircd'; + $config{BINARY_DIR} = '/usr/sbin/'; + $config{BUILD_DIR} = resolve_directory($config{ME}."/build"); # Build Directory +} else { + $config{UID} = $<; + $config{CONFIG_DIR} = resolve_directory($config{BASE_DIR}."/conf"); # Configuration Directory + $config{MODULE_DIR} = resolve_directory($config{BASE_DIR}."/modules"); # Modules Directory + $config{BINARY_DIR} = resolve_directory($config{BASE_DIR}."/bin"); # Binary Directory + $config{BUILD_DIR} = resolve_directory($config{ME}."/build"); # Build Directory +} -if (defined $opt_config_dir) -{ +if (defined $opt_config_dir) { $config{CONFIG_DIR} = $opt_config_dir; } -if (defined $opt_module_dir) -{ +if (defined $opt_module_dir) { $config{MODULE_DIR} = $opt_module_dir; } -if (defined $opt_binary_dir) -{ +if (defined $opt_binary_dir) { $config{BINARY_DIR} = $opt_binary_dir; } chomp($config{HAS_GNUTLS} = `pkg-config --modversion gnutls 2>/dev/null | cut -c 1,2,3`); # GNUTLS Version. @@ -186,43 +197,25 @@ if (defined $opt_use_openssl) $config{USE_OPENSSL} = "y"; } -# no, let's not change these. -$config{OPTIMITEMP} = "0"; # Default Optimisation Value -if (!defined $opt_disable_debug) -{ +if (!defined $opt_disable_debug) { $config{OPTIMISATI} = "-g1"; # Optimisation Flag -} -else -{ - $config{OPTIMISATI} = "-O2"; # DEBUGGING OFF! +} else { + $config{OPTIMISATI} = "-O2"; } $config{HAS_STRLCPY} = "false"; # strlcpy Check. $config{HAS_STDINT} = "false"; # stdint.h check $config{USE_KQUEUE} = "y"; # kqueue enabled -if (defined $opt_kqueue) -{ - $config{USE_KQUEUE} = "y"; -} -if (defined $opt_nokqueue) -{ +if (defined $opt_nokqueue) { $config{USE_KQUEUE} = "n"; } $config{USE_POLL} = "y"; # poll enabled $config{USE_EPOLL} = "y"; # epoll enabled -if (defined $opt_epoll) -{ - $config{USE_EPOLL} = "y"; -} if (defined $opt_noepoll) { $config{USE_EPOLL} = "n"; } $config{USE_PORTS} = "y"; # epoll enabled -if (defined $opt_ports) -{ - $config{USE_PORTS} = "y"; -} if (defined $opt_noports) { $config{USE_PORTS} = "n"; @@ -1061,7 +1054,7 @@ EOF $config{BUILD_DIR} ||= resolve_directory($config{ME}."/build"); for my $var (qw( - CC SYSTEM BASE_DIR CONFIG_DIR MODULE_DIR BINARY_DIR BUILD_DIR + CC SYSTEM BASE_DIR CONFIG_DIR MODULE_DIR BINARY_DIR BUILD_DIR UID STARTSCRIPT DESTINATION EXTRA_DIR SOCKETENGINE )) { s/\@$var\@/$config{$var}/g; diff --git a/make/install-extras.pl b/make/install-extras.pl index f0e2dd0e2..ce77178e9 100755 --- a/make/install-extras.pl +++ b/make/install-extras.pl @@ -11,13 +11,13 @@ for my $dir (qw(src src/modules)) { next unless $file =~ /\.cpp$/; open CPP, '<', "$dir/$file" or die "Can't open $dir/$file to scan it: $!"; while (<CPP>) { - if (/\/\* \$CopyInstall: (\S+) (\S+) \*\//i) { - my($ifile, $idir) = ($1,$2); + if (/\/\* \$CopyInstall: (\S+) (\S+) (.*) \*\//i) { + my($ifile, $idir, $args) = ($1,$2,$3); next if exists $installed{$1.' '.$2}; $installed{$1.' '.$2}++; $idir =~ s/\$\(([^)]+)\)/$ENV{$1}/eg; if ($mode eq 'install') { - system "install $ifile $idir"; + system "install $args $ifile $idir"; } else { $ifile =~ s/.*\///g; system "rm $idir/$ifile"; diff --git a/make/template/inspircd b/make/template/inspircd index 6a74d1ec1..92f3f3bac 100644 --- a/make/template/inspircd +++ b/make/template/inspircd @@ -22,6 +22,23 @@ my $runpath = "@BASE_DIR@"; my $valgrindlogpath = "$basepath/valgrindlogs"; my $executable = "@EXECUTABLE@"; my $version = "@VERSION@"; +my $uid = "@UID@"; + +if ($< == 0 || $> == 0) { + if ($uid !~ /^\d+$/) { + # Named UID, look it up + $uid = getpwnam $uid; + } + if (!$uid) { + die "Cannot find a valid UID to change to"; + } + # drop root if we were configured with an ircd UID + $< = $uid; + $> = $uid; + if ($< == 0 || $> == 0) { + die "Could not drop root: $!"; + } +} our($pid,$pidfile); # Lets see what they want to do.. Set the variable (Cause i'm a lazy coder) diff --git a/make/template/main.mk b/make/template/main.mk index 88514029b..1413d2fff 100644 --- a/make/template/main.mk +++ b/make/template/main.mk @@ -24,7 +24,10 @@ BASE = "@BASE_DIR@" CONPATH = "@CONFIG_DIR@" MODPATH = "@MODULE_DIR@" BINPATH = "@BINARY_DIR@" -INSTMODE = 0755 +INSTUID = @UID@ +INSTMODE_DIR = 0755 +INSTMODE_BIN = 0755 +INSTMODE_LIB = 0644 @IFEQ $(CC) icc CXXFLAGS += -Wshadow @@ -78,7 +81,7 @@ CXXFLAGS += -Iinclude @ENDIF @DO_EXPORT RUNCC CXXFLAGS CC LDLIBS PICLDFLAGS VERBOSE SOCKETENGINE CORELDFLAGS PURE_STATIC -@DO_EXPORT BASE CONPATH MODPATH BINPATH SOURCEPATH BUILDPATH +@DO_EXPORT BASE CONPATH MODPATH BINPATH SOURCEPATH BUILDPATH INSTUID # Default target TARGET = all @@ -100,7 +103,6 @@ all: $(FOOTER) target: $(HEADER) $(MAKEENV) perl make/calcdep.pl - @if [ `id -u` = 0 ] && [ ! -e .force-root-ok ]; then echo "Don't compile or install as root!"; exit 1; fi cd $(BUILDPATH); $(MAKEENV) $(MAKE) -f real.mk $(TARGET) debug: @@ -147,15 +149,16 @@ finishmessage: target @echo "*************************************" install: target@EXTRA_DIR@ - @-install -d -m $(INSTMODE) $(BASE) - @-install -d -m $(INSTMODE) $(BASE)/data - @-install -d -m $(INSTMODE) $(BASE)/logs - @-install -d -m $(INSTMODE) $(BINPATH) - @-install -d -m $(INSTMODE) $(CONPATH) - @-install -d -m $(INSTMODE) $(MODPATH) - -install -m $(INSTMODE) $(BUILDPATH)/modules/*.so $(MODPATH) - -install -m $(INSTMODE) $(BUILDPATH)/bin/inspircd $(BINPATH) - -install -m $(INSTMODE) @STARTSCRIPT@ $(@DESTINATION@) 2>/dev/null + @if [ $(INSTUID) = 0 ]; then echo "You must specify a non-root uid for the server"; exit 1; fi + @-install -d -o $(INSTUID) -m $(INSTMODE_DIR) $(BASE) + @-install -d -o $(INSTUID) -m $(INSTMODE_DIR) $(BASE)/data + @-install -d -o $(INSTUID) -m $(INSTMODE_DIR) $(BASE)/logs + @-install -d -m $(INSTMODE_DIR) $(BINPATH) + @-install -d -m $(INSTMODE_DIR) $(CONPATH) + @-install -d -m $(INSTMODE_DIR) $(MODPATH) + -install -m $(INSTMODE_BIN) @STARTSCRIPT@ $(BASE) 2>/dev/null + -install -m $(INSTMODE_BIN) $(BUILDPATH)/bin/inspircd $(BINPATH) + -install -m $(INSTMODE_LIB) $(BUILDPATH)/modules/*.so $(MODPATH) @$(MAKEENV) make/install-extras.pl install @echo "" @echo "*************************************" @@ -175,12 +178,8 @@ GNUmakefile BSDmakefile: make/template/main.mk configure $(RCS_FILES) clean: @echo Cleaning... - @-rm -f src/inspircd src/modes/modeclasses.a include/inspircd_se_config.h - @-rm -f src/*.so src/modules/*.so src/commands/*.so - @-rm -f src/*.o src/*/*.o src/modules/*/*.o - @-rm -f src/.*.d src/*/.*.d src/modules/*/.*.d - @-rm -f $(BUILDPATH)/bin/inspircd $(BUILDPATH)/include $(BUILDPATH)/real.mk - @-rm -rf $(BUILDPATH)/obj $(BUILDPATH)/modules + -rm -f $(BUILDPATH)/bin/inspircd $(BUILDPATH)/include $(BUILDPATH)/real.mk + -rm -rf $(BUILDPATH)/obj $(BUILDPATH)/modules @-rmdir $(BUILDPATH)/bin 2>/dev/null @-rmdir $(BUILDPATH) 2>/dev/null @echo Completed. diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index f528a4bcc..26fa58898 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -24,9 +24,8 @@ /* $ModDesc: Provides SSL support for clients */ /* $CompileFlags: pkgconfincludes("gnutls","/gnutls/gnutls.h","") */ /* $LinkerFlags: rpath("pkg-config --libs gnutls") pkgconflibs("gnutls","/libgnutls.so","-lgnutls") */ -/* $ModDep: transport.h */ -/* $CopyInstall: conf/key.pem $(CONPATH) */ -/* $CopyInstall: conf/cert.pem $(CONPATH) */ +/* $CopyInstall: conf/key.pem $(CONPATH) -m 0400 -o $(INSTUID) */ +/* $CopyInstall: conf/cert.pem $(CONPATH) -m 0444 */ enum issl_status { ISSL_NONE, ISSL_HANDSHAKING_READ, ISSL_HANDSHAKING_WRITE, ISSL_HANDSHAKEN, ISSL_CLOSING, ISSL_CLOSED }; diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 1e3640048..1d4ebd7fd 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -29,10 +29,9 @@ /* $CompileFlags: if(!"USE_FREEBSD_BASE_SSL") pkgconfversion("openssl","0.9.7") pkgconfincludes("openssl","/openssl/ssl.h","") */ /* $LinkerFlags: if(!"USE_FREEBSD_BASE_SSL") rpath("pkg-config --libs openssl") pkgconflibs("openssl","/libssl.so","-lssl -lcrypto -ldl") */ -/* $ModDep: transport.h */ /* $NoPedantic */ -/* $CopyInstall: conf/key.pem $(CONPATH) */ -/* $CopyInstall: conf/cert.pem $(CONPATH) */ +/* $CopyInstall: conf/key.pem $(CONPATH) -m 0400 -o $(INSTUID) */ +/* $CopyInstall: conf/cert.pem $(CONPATH) -m 0444 */ enum issl_status { ISSL_NONE, ISSL_HANDSHAKING, ISSL_OPEN }; |