Move fr_set_dumpable code into debug.c, it's useful for utilities too

FreeRADIUS · Apr 7, 2014 · dc808b9 · dc808b9
1 parent 6c64018
commit dc808b9
Show file tree

Hide file tree

Showing 3 changed files with 109 additions and 18 deletions.
diff --git a/src/include/libradius.h b/src/include/libradius.h
@@ -775,6 +775,9 @@ typedef struct fr_bt_marker fr_bt_marker_t;
 void		fr_debug_break(void);
 void		backtrace_print(fr_cbuff_t *cbuff, void *obj);
 fr_bt_marker_t	*fr_backtrace_attach(fr_cbuff_t **cbuff, TALLOC_CTX *obj);
+
+int		fr_set_dumpable_init(void);
+int		fr_set_dumpable(bool allow_core_dumps);
 void		fr_fault(int sig);
 int		fr_fault_setup(char const *cmd, char const *program);
 void		fr_fault_set_cb(fr_fault_cb cb);

diff --git a/src/lib/debug.c b/src/lib/debug.c
@@ -32,6 +32,10 @@
 #  include <execinfo.h>
 #endif
 
+#ifdef HAVE_SYS_PRCTL_H
+#  include <sys/prctl.h>
+#endif
+
 #ifdef HAVE_PTHREAD_H
 #  define PTHREAD_MUTEX_LOCK pthread_mutex_lock
 #  define PTHREAD_MUTEX_UNLOCK pthread_mutex_unlock
@@ -65,6 +69,10 @@ static char panic_action[512];
 static fr_fault_cb panic_cb;
 static int fr_debugger_present = -1;
 
+#ifdef HAVE_SYS_RESOURCE_H
+static struct rlimit core_limits;
+#endif
+
 /** Stub callback to see if the SIGTRAP handler is overriden
  *
  * @param signum signal raised.
@@ -222,6 +230,83 @@ fr_bt_marker_t *fr_backtrace_attach(UNUSED fr_cbuff_t **cbuff, UNUSED TALLOC_CTX
 }
 #endif /* ifdef HAVE_EXECINFO */
 
+/** Set the dumpable flag, also controls whether processes can PATTACH
+ *
+ * @param dumpable whether we should allow core dumping
+ */
+#if defined(HAVE_SYS_PRCTL_H) && defined(PR_SET_DUMPABLE)
+static int fr_set_dumpable_flag(bool dumpable)
+{
+	if (prctl(PR_SET_DUMPABLE, dumpable ? 1 : 0) < 0) {
+		fr_strerror_printf("Cannot re-enable core dumps: prctl(PR_SET_DUMPABLE) failed: %s",
+				   fr_syserror(errno));
+		return -1;
+	}
+
+	return 0;
+}
+#else
+static int fr_set_dumpable_flag(UNUSED bool dumbpable)
+{
+	return 0;
+}
+#endif
+
+/** Get the current maximum for core files
+ *
+ * Do this before anything else so as to ensure it's properly initialized.
+ */
+int fr_set_dumpable_init(void)
+{
+#ifdef HAVE_SYS_RESOURCE_H
+	if (getrlimit(RLIMIT_CORE, &core_limits) < 0) {
+		fr_strerror_printf("Failed to get current core limit:  %s", fr_syserror(errno));
+		return -1;
+	}
+#endif
+	return 0;
+}
+
+/** Enable or disable core dumps
+ *
+ * @param allow_core_dumps whether to enable or disable core dumps.
+ */
+int fr_set_dumpable(bool allow_core_dumps)
+{
+	/*
+	 *	If configured, turn core dumps off.
+	 */
+	if (!allow_core_dumps) {
+#ifdef HAVE_SYS_RESOURCE_H
+		struct rlimit no_core;
+
+		no_core.rlim_cur = 0;
+		no_core.rlim_max = 0;
+
+		if (setrlimit(RLIMIT_CORE, &no_core) < 0) {
+			fr_strerror_printf("Failed disabling core dumps: %s", fr_syserror(errno));
+
+			return -1;
+		}
+#endif
+		return 0;
+	}
+
+	if (fr_set_dumpable_flag(true) < 0) return -1;
+
+	/*
+	 *	Reset the core dump limits to their original value.
+	 */
+#ifdef HAVE_SYS_RESOURCE_H
+	if (setrlimit(RLIMIT_CORE, &core_limits) < 0) {
+		fr_strerror_printf("Cannot update core dump limit: %s", fr_syserror(errno));
+
+		return -1;
+	}
+#endif
+	return 0;
+}
+
 /** Prints a simple backtrace (if execinfo is available) and calls panic_action if set.
  *
  * @param sig caught
@@ -379,6 +464,11 @@ int fr_fault_setup(char const *cmd, char const *program)
 
 	free(filename);
 
+	/*
+	 *	This is required on some systems to be able to PATTACH to the process.
+	 */
+	fr_set_dumpable_flag(true);
+
 	/* Unsure what the side effects of changing the signal handler mid execution might be */
 	if (!setup) {
 #ifdef SIGSEGV

diff --git a/src/main/mainconfig.c b/src/main/mainconfig.c
@@ -41,10 +41,6 @@ RCSID("$Id$")
 #include <grp.h>
 #endif
 
-#ifdef HAVE_SYS_PRCTL_H
-#include <sys/prctl.h>
-#endif
-
 #ifdef HAVE_SYSLOG_H
 #	include <syslog.h>
 #endif
@@ -473,7 +469,7 @@ static void fr_set_dumpable(void)
 #ifdef HAVE_SETUID
 static bool doing_setuid = false;
 
-#if defined(HAVE_SETRESUID) && defined (HAVE_GETRESUID)
+#  if defined(HAVE_SETRESUID) && defined (HAVE_GETRESUID)
 void fr_suid_up(void)
 {
 	uid_t ruid, euid, suid;
@@ -510,7 +506,7 @@ void fr_suid_down(void)
 		fr_exit_now(1);
 	}
 
-	fr_set_dumpable();
+	fr_set_dumpable(allow_core_dumps);
 }
 
 void fr_suid_down_permanent(void)
@@ -528,15 +524,16 @@ void fr_suid_down_permanent(void)
 		fr_exit_now(1);
 	}
 
-	fr_set_dumpable();
+	fr_set_dumpable(allow_core_dumps);
 }
-#else
+#  else
 /*
  *	Much less secure...
  */
 void fr_suid_up(void)
 {
 }
+
 void fr_suid_down(void)
 {
 	if (!uid_name) return;
@@ -547,24 +544,25 @@ void fr_suid_down(void)
 		fr_exit(1);
 	}
 
-	fr_set_dumpable();
+	fr_set_dumpable(allow_core_dumps);
 }
+
 void fr_suid_down_permanent(void)
 {
-	fr_set_dumpable();
+	fr_set_dumpable(allow_core_dumps);
 }
-#endif /* HAVE_SETRESUID && HAVE_GETRESUID */
+#  endif /* HAVE_SETRESUID && HAVE_GETRESUID */
 #else  /* HAVE_SETUID */
 void fr_suid_up(void)
 {
 }
 void fr_suid_down(void)
 {
-	fr_set_dumpable();
+	fr_set_dumpable(allow_core_dumps);
 }
 void fr_suid_down_permanent(void)
 {
-	fr_set_dumpable();
+	fr_set_dumpable(allow_core_dumps);
 }
 #endif /* HAVE_SETUID */
 
@@ -577,17 +575,15 @@ void fr_suid_down_permanent(void)
  */
 static int switch_users(CONF_SECTION *cs)
 {
-#ifdef HAVE_SYS_RESOURCE_H
 	/*
 	 *	Get the current maximum for core files.  Do this
 	 *	before anything else so as to ensure it's properly
 	 *	initialized.
 	 */
-	if (getrlimit(RLIMIT_CORE, &core_limits) < 0) {
-		ERROR("Failed to get current core limit:  %s", fr_syserror(errno));
+	if (fr_set_dumpable_init() < 0) {
+		fr_perror("radiusd");
 		return 0;
 	}
-#endif
 
 	/*
 	 *	Don't do chroot/setuid/setgid if we're in debugging
@@ -718,7 +714,9 @@ static int switch_users(CONF_SECTION *cs)
 	 *	This also clears the dumpable flag if core dumps
 	 *	aren't allowed.
 	 */
-	fr_set_dumpable();
+	if (fr_set_dumpable(allow_core_dumps) < 0) {
+		ERROR("%s", fr_strerror());
+	}
 
 	if (allow_core_dumps) {
 		INFO("Core dumps are enabled.");