Merged revisions 44053 via svnmerge from
[asterisk/asterisk.git] / main / asterisk.c
index 011626d..ae8a56b 100644 (file)
@@ -80,13 +80,12 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
 #include <sys/stat.h>
 #ifdef linux
 #include <sys/prctl.h>
-#endif
+#ifdef HAVE_CAP
+#include <sys/capability.h>
+#endif /* HAVE_CAP */
+#endif /* linux */
 #include <regex.h>
 
-#ifdef linux
-#include <sys/prctl.h>
-#endif
-
 #if  defined(__FreeBSD__) || defined( __NetBSD__ ) || defined(SOLARIS)
 #include <netdb.h>
 #if defined(SOLARIS)
@@ -2075,9 +2074,9 @@ static void ast_remotecontrol(char * data)
                pid = atoi(cpid);
        else
                pid = -1;
-       snprintf(tmp, sizeof(tmp), "core verbose %d", option_verbose);
+       snprintf(tmp, sizeof(tmp), "core verbose atleast %d", option_verbose);
        fdprint(ast_consock, tmp);
-       snprintf(tmp, sizeof(tmp), "core debug %d", option_debug);
+       snprintf(tmp, sizeof(tmp), "core debug atleast %d", option_debug);
        fdprint(ast_consock, tmp);
        if (ast_opt_mute) {
                snprintf(tmp, sizeof(tmp), "log and verbose output currently muted ('logger unmute' to unmute)");
@@ -2521,12 +2520,22 @@ int main(int argc, char *argv[])
        }
 
        if (!is_child_of_nonroot && runuser) {
+#ifdef HAVE_CAP
+               cap_t cap;
+               int has_cap = 1;
+#endif /* HAVE_CAP */
                struct passwd *pw;
                pw = getpwnam(runuser);
                if (!pw) {
                        ast_log(LOG_WARNING, "No such user '%s'!\n", runuser);
                        exit(1);
                }
+#ifdef HAVE_CAP
+               if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) {
+                       ast_log(LOG_WARNING, "Unable to keep capabilities.\n");
+                       has_cap  = 0;
+               }
+#endif /* HAVE_CAP */
                if (!rungroup) {
                        if (setgid(pw->pw_gid)) {
                                ast_log(LOG_WARNING, "Unable to setgid to %d!\n", (int)pw->pw_gid);
@@ -2544,6 +2553,18 @@ int main(int argc, char *argv[])
                setenv("ASTERISK_ALREADY_NONROOT", "yes", 1);
                if (option_verbose)
                        ast_verbose("Running as user '%s'\n", runuser);
+#ifdef HAVE_CAP
+               if (has_cap) {
+                       cap = cap_from_text("cap_net_admin=ep");
+                       if (cap_set_proc(cap)) {
+                               ast_log(LOG_WARNING, "Unable to install capabilities.\n");
+                               break;
+                       }
+                       if (cap_free(cap)) {
+                               ast_log(LOG_WARNING, "Unable to drop capabilities.\n");
+                       }
+               }
+#endif /* HAVE_CAP */
        }
 
 #endif /* __CYGWIN__ */
@@ -2753,19 +2774,17 @@ int main(int argc, char *argv[])
                                        buf[strlen(buf)-1] = '\0';
 
                                consolehandler((char *)buf);
-                       } else {
-                               if (write(STDOUT_FILENO, "\nUse EXIT or QUIT to exit the asterisk console\n",
-                                         strlen("\nUse EXIT or QUIT to exit the asterisk console\n")) < 0) {
-                                       /* Whoa, stdout disappeared from under us... Make /dev/null's */
-                                       int fd;
-                                       fd = open("/dev/null", O_RDWR);
-                                       if (fd > -1) {
-                                               dup2(fd, STDOUT_FILENO);
-                                               dup2(fd, STDIN_FILENO);
-                                       } else
-                                               ast_log(LOG_WARNING, "Failed to open /dev/null to recover from dead console. Bad things will happen!\n");
-                                       break;
-                               }
+                       } else if (ast_opt_remote && (write(STDOUT_FILENO, "\nUse EXIT or QUIT to exit the asterisk console\n",
+                                  strlen("\nUse EXIT or QUIT to exit the asterisk console\n")) < 0)) {
+                               /* Whoa, stdout disappeared from under us... Make /dev/null's */
+                               int fd;
+                               fd = open("/dev/null", O_RDWR);
+                               if (fd > -1) {
+                                       dup2(fd, STDOUT_FILENO);
+                                       dup2(fd, STDIN_FILENO);
+                               } else
+                                       ast_log(LOG_WARNING, "Failed to open /dev/null to recover from dead console. Bad things will happen!\n");
+                               break;
                        }
                }