droproot patch

author: Mike Frysinger <vapier@gentoo.org> 2003-09-18 03:35:34 +0000
committer: Mike Frysinger <vapier@gentoo.org> 2003-09-18 03:35:34 +0000
commit: 14310fa7e777d1d0d462e7bfe66cdb3b04c7d6ca (patch)
tree: 56c20b2ff09f566732a94c3991c7c7ca67561c86 /games-puzzle
parent: Added debug IUSE flag (diff)
download: historical-14310fa7e777d1d0d462e7bfe66cdb3b04c7d6ca.tar.gz
historical-14310fa7e777d1d0d462e7bfe66cdb3b04c7d6ca.tar.bz2
historical-14310fa7e777d1d0d462e7bfe66cdb3b04c7d6ca.zip
5 files changed, 235 insertions, 3 deletions
diff --git a/games-puzzle/tetrix/ChangeLog b/games-puzzle/tetrix/ChangeLog
index 29c53ffa8d0d..aa6265b3d206 100644
--- a/games-puzzle/tetrix/ChangeLog
+++ b/games-puzzle/tetrix/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for games-puzzle/tetrix
 # Copyright 2002-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/games-puzzle/tetrix/ChangeLog,v 1.3 2003/09/14 01:28:52 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/games-puzzle/tetrix/ChangeLog,v 1.4 2003/09/18 03:35:34 vapier Exp $
+
+*tetrix-1.13.16.1.40c-r2 (17 Sep 2002)
+
+  17 Sep 2003; Mike Frysinger <vapier@gentoo.org> :
+  Add a custom drop root patch.  Hate to see this sucker
+  run as root on servers :).
 
 *tetrix-1.13.16.1.40c-r1 (13 Sep 2002)
 
diff --git a/games-puzzle/tetrix/files/1.13.16.1.40c-droproot.patch b/games-puzzle/tetrix/files/1.13.16.1.40c-droproot.patch
new file mode 100644
index 000000000000..f04911f523fb
--- /dev/null
+++ b/games-puzzle/tetrix/files/1.13.16.1.40c-droproot.patch
@@ -0,0 +1,171 @@
+diff -ur src.orig/game.c src/game.c
+--- src.orig/game.c	2003-09-17 13:55:17.000000000 -0400
++++ src/game.c	2003-09-17 23:01:10.644146104 -0400
+@@ -2,6 +2,8 @@
+   game.c
+   
+ */
++#include <pwd.h>
++#include <grp.h>
+ 
+ /* securitywrite() */
+ /*   Writes out the security structure into a text format game.secure file */
+@@ -149,6 +151,11 @@
+     fprintf(file_out,"# bindip [0.0.0.0] - What IP should server be bound to (0.0.0.0 means all)\n");
+     fprintf(file_out,"bindip=%s\n", game.bindip);
+     fprintf(file_out,"\n");
++    fprintf(file_out,"# username/group to switch UID/GID to");
++    fprintf(file_out,"droproot=%d\n", game.droproot);
++    fprintf(file_out,"dropuser=%s\n", game.user);
++    fprintf(file_out,"dropgroup=%s\n", game.group);
++    fprintf(file_out,"\n");
+     fprintf(file_out,"# maxchannels [1] - How many channels should be available on server\n");
+     fprintf(file_out,"maxchannels=%d\n", game.maxchannels);
+     fprintf(file_out,"\n");
+@@ -466,6 +473,21 @@
+                 strncpy(game.bindip, id_value, IPLEN-1); game.bindip[IPLEN-1]=0;
+                 error=0;
+               }
++            if (!strcasecmp(id_tag,"droproot"))
++              {
++                game.droproot=atoi(id_value);
++                error=0;
++              }
++            if (!strcasecmp(id_tag,"dropuser"))
++              {
++                strncpy(game.user, id_value, USERNAMELEN-1); game.bindip[USERNAMELEN-1]=0;
++                error=0;
++              }
++            if (!strcasecmp(id_tag,"dropgroup"))
++              {
++                strncpy(game.group, id_value, USERNAMELEN-1); game.bindip[USERNAMELEN-1]=0;
++                error=0;
++              }
+             
+               
+             if (!strcasecmp(id_tag,"maxchannels"))
+@@ -854,6 +876,22 @@
+       }
+     fclose(file_in);
+     lvprintf(3,"Read game configuration from %s\n", FILE_CONF);
++    if (game.droproot) {
++    	struct passwd *vpw;
++		struct group *vgr;
++		game.droproot = 0;
++		vpw = getpwnam(game.user);
++		if (vpw) {
++			game.userid = vpw->pw_uid;
++			vgr = getgrnam(game.group);
++			if (vgr) {
++				game.groupid = vgr->gr_gid;
++				game.droproot = 1;
++			}
++		}
++		if (!game.droproot)
++			lvprintf(2,"Drop root was requested but the specified user/group were invalid!\n");
++    }
+     return(0);
+   }
+ 
+diff -ur src.orig/main.c src/main.c
+--- src.orig/main.c	2003-09-17 13:55:17.000000000 -0400
++++ src/main.c	2003-09-17 23:17:43.858154624 -0400
+@@ -4878,10 +4878,13 @@
+     long int timeticks, otimeticks;
+  
+     /* Initialise */
++	xx = (argc == 2 && !strcmp(argv[1],"-q"));
++	if (!xx)
+     printf("Loading Tetrix. Please wait...\n");
+     init_main();
+ 	init_resolver();
+     init_game();
++	if (!xx)
+     printf("Initializing security/ban list...\n");
+     init_security();
+     init_banlist(banlist, MAXBAN);
+@@ -4890,6 +4893,7 @@
+     read_banlist(FILE_BAN_COMPROMISE, combanlist, MAXBAN);
+     init_allowlist();
+     read_allowlist();
++	if (!xx)
+     printf("Initializing winlist...\n");
+     init_winlist(winlist, MAXWINLIST);
+     init_winlist(winlist2, MAXWINLIST);
+@@ -4898,16 +4902,21 @@
+     readwinlist(FILE_WINLIST2, winlist2, MAXWINLIST); 
+     readwinlist(FILE_WINLIST3, winlist3, MAXWINLIST); 
+     sleep(1);
++	if (!xx)
+     printf("Initialize network connection...\n");
+     init_net();
++	if (!xx)
+     printf("Gameplay ... ");
+     usleep(300000);
+     init_telnet_port();
++	if (!xx)
+     printf("Spectator ... ");
+     usleep(300000);
+     init_playback_port();
++	if (!xx)
+     printf("Ircadm ... \n");
+     init_query_port();
++	if (!xx)
+     printf("Completed!!!\n");
+ 
+     if (securityread() < 0)
+@@ -4933,6 +4942,14 @@
+     
+     /* Write out PID */
+     writepid();                                      
++
++	/* drop root */
++	if (game.droproot) {
++		if (setgid(game.groupid))
++			perror("Could not setgid");
++		if (setuid(game.userid))
++			perror("Could not setuid");
++	}
+     
+     /* Reset time */
+     timeticks = time(NULL);
+diff -ur src.orig/main.h src/main.h
+--- src.orig/main.h	2003-09-17 13:55:17.000000000 -0400
++++ src/main.h	2003-09-17 23:00:12.054053152 -0400
+@@ -48,6 +48,7 @@
+ /* Defines */
+ #define TETVERSION "1.13"		/* What Tetrinet version we are for */
+ #define SERVERBUILD "16+qirc-1.40b"	/* What build we are at */
++#define USERNAMELEN 30			/* Maximum length of username/group for droproot */
+ #define NICKLEN 30			/* Maximum length of Nickname */
+ #define VERLEN 10			/* Maximum length of Tetrinet version */
+ #define UHOSTLEN 121			/* Maximum length of Hostname */
+@@ -235,6 +236,12 @@
+   
+   int verbose;			/* Verbosity */
+   char pidfile[PIDFILELEN+1];
++
++  int droproot;			/* should we drop root when starting ? */
++  char user[USERNAMELEN+1];
++  uid_t userid;
++  char group[USERNAMELEN+1];
++  gid_t groupid;
+ };
+ 
+ 
+Only in src: makefile
+Files src.orig/tetrix and src/tetrix differ
+--- bin/game.conf.orig	2003-09-17 23:19:02.703168360 -0400
++++ bin/game.conf	2003-09-17 23:18:58.062873792 -0400
+@@ -13,6 +13,11 @@
+ # bindip [0.0.0.0] - What IP should server be bound to (0.0.0.0 means all)
+ bindip=0.0.0.0
+ 
++# username/group to switch UID/GID to
++droproot=1
++dropuser=games-ded
++dropgroup=games
++
+ # maxchannels [1] - How many channels should be available on server
+ maxchannels=8
+ 
diff --git a/games-puzzle/tetrix/files/digest-tetrix-1.13.16.1.40c-r2 b/games-puzzle/tetrix/files/digest-tetrix-1.13.16.1.40c-r2
new file mode 100644
index 000000000000..90ab0b9dc712
--- /dev/null
+++ b/games-puzzle/tetrix/files/digest-tetrix-1.13.16.1.40c-r2
@@ -0,0 +1 @@
+MD5 32e5306bc26afc9e5acdca9c093947c0 tetrinetx-1.13.16+qirc-1.40c.tar.gz 81447
diff --git a/games-puzzle/tetrix/files/tetrix.rc b/games-puzzle/tetrix/files/tetrix.rc
index 80e594c15987..e1b6bf085e6b 100644
--- a/games-puzzle/tetrix/files/tetrix.rc
+++ b/games-puzzle/tetrix/files/tetrix.rc
@@ -1,7 +1,7 @@
 #!/sbin/runscript
 # Copyright 1999-2003 Gentoo Technologies, Inc.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/games-puzzle/tetrix/files/tetrix.rc,v 1.1 2003/09/14 01:28:52 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/games-puzzle/tetrix/files/tetrix.rc,v 1.2 2003/09/18 03:35:34 vapier Exp $
 
 depend() {
 	need net
@@ -9,7 +9,7 @@ depend() {
 
 start() {
 	ebegin "Starting TetriNET Server"
-	/usr/games/bin/tetrix > /dev/null
+	/usr/games/bin/tetrix -q
 	eend $?
 }
 
diff --git a/games-puzzle/tetrix/tetrix-1.13.16.1.40c-r2.ebuild b/games-puzzle/tetrix/tetrix-1.13.16.1.40c-r2.ebuild
new file mode 100644
index 000000000000..d0190f61a1f3
--- /dev/null
+++ b/games-puzzle/tetrix/tetrix-1.13.16.1.40c-r2.ebuild
@@ -0,0 +1,54 @@
+# Copyright 1999-2003 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/games-puzzle/tetrix/tetrix-1.13.16.1.40c-r2.ebuild,v 1.1 2003/09/18 03:35:34 vapier Exp $
+
+inherit games gcc
+
+MY_SV=${PV#*.*.*.}
+MY_PV=${PV%.${MY_SV}}
+MY_P="tetrinetx-${MY_PV}+qirc-${MY_SV}"
+
+DESCRIPTION="A GNU TetriNET server"
+HOMEPAGE="http://tetrinetx.sourceforge.net/"
+SRC_URI="mirror://sourceforge/tetrinetx/${MY_P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="x86"
+
+DEPEND="net-libs/adns"
+
+S=${WORKDIR}/${MY_P}
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+	epatch ${FILESDIR}/${PV}-droproot.patch
+	epatch ${FILESDIR}/${PV}-paths.patch
+	sed -i \
+		-e "s:GENTOO_CONFDIR:${GAMES_SYSCONFDIR}/${PN}:" \
+		-e "s:GENTOO_STATEDIR:${GAMES_STATEDIR}/${PN}:" \
+		-e "s:GENTOO_LOGDIR:${GAMES_LOGDIR}:" \
+		src/config.h bin/game.conf
+}
+
+src_compile() {
+	cd src
+	$(gcc-getCC) ${CFLAGS} main.c -o tetrix -ladns || die "compile failed"
+}
+
+src_install() {
+	dodoc AUTHORS ChangeLog README README.qirc.spectators
+
+	dogamesbin src/tetrix
+	insinto ${GAMES_SYSCONFDIR}/${PN}
+	doins bin/*
+
+	exeinto /etc/init.d
+	newexe ${FILESDIR}/tetrix.rc tetrix
+
+	keepdir ${GAMES_STATEDIR}/${PN}
+
+	prepgamesdirs
+	fowners ${GAMES_USER_DED} ${GAMES_STATEDIR}/${PN}
+}
author	Mike Frysinger <vapier@gentoo.org>	2003-09-18 03:35:34 +0000
committer	Mike Frysinger <vapier@gentoo.org>	2003-09-18 03:35:34 +0000
commit	14310fa7e777d1d0d462e7bfe66cdb3b04c7d6ca (patch)
tree	56c20b2ff09f566732a94c3991c7c7ca67561c86 /games-puzzle
parent	Added debug IUSE flag (diff)
download	historical-14310fa7e777d1d0d462e7bfe66cdb3b04c7d6ca.tar.gz historical-14310fa7e777d1d0d462e7bfe66cdb3b04c7d6ca.tar.bz2 historical-14310fa7e777d1d0d462e7bfe66cdb3b04c7d6ca.zip