Date: Wed, 02 Apr 2003 15:40:34 -0800 From: Lev Walkin <vlm@netli.com> To: Andreas Klemm <andreas@klemm.apsfilter.org> Cc: Lev Walkin <vlm@spelio.net.ru> Subject: Re: ipcad 2.8.1 bug: doesn't run with uid 0 which is needed for rsh Message-ID: <3E8B74F2.9020704@netli.com> In-Reply-To: <20030402072143.GA78425@titan.klemm.apsfilter.org> References: <20030402072143.GA78425@titan.klemm.apsfilter.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Andreas Klemm wrote:
> Hi Lev,
>
> first of all thanks for this nice accounting tool.
>
> I need it for a friend of mine who has a small company
> where different smaller "1 person companies" share one
> link to the internet.
>
> They need IP accounting on the FreeBSD firewall box,
> since they pay for IP volume, so we need to count the
> traffic of every person to the FreeBSD internet gateway.
>
> Since they use NAT and squid, counting IP traffic
> on the inner interface seems to do the trick well.
> Of course this box is only firewall, not a server ;-)
> Otherwise they would pay for file access as well ;-))
>
> When trying your last ipcad version 2.8.1 I trapped into
> a bug. See fix in the attachment. It was not allowed to
> configure ipcad to run under root privileges.
Actually, it is enough just to run it as root and not uncomment
the uid and gid settings. In this case, ipcad just wouldn't drop
its privileges!
> See my patch, which fixes it.
Patch applied, but considered useless. I am always running ipcad
as root on all of my systems without any patches.
> Another problem is here on a FreeBSD 4.8 box, that I cant
> rebuild the cfgy.c file. Since the right thing to do for me
> was to apply the patch to the cfg.y file.
> I'll also attach the error-log.
Sorry, I don't read this language :/
> Would be interesting to find out, why bison fails here
> on the FreeBSD box. Either another bug in the .y file
> or perhaps because of bison version ???
>
> /usr/local/bin/bison: bison (GNU Bison) 1.75
I had 1.28. cfg.y corrected in CVS to match the 1.75'th expectations.
> A first fix for the FreeBSD port would be, if you add the
> patch to cfgy.c to a files subdir.
>
> If you are at it you could also update the FreeBSD port.
I don't think it is necessary for this minor thing: this
patch does not affect the functionality: you could run ipcad
as root even without it. So I've just made the proposed changes,
but will update port whenever something major happens.
> Best regards
>
> Andreas ///
>
>
>
> ------------------------------------------------------------------------
>
> --- cfgy.c.orig Wed Apr 2 09:12:30 2003
> +++ cfgy.c Wed Apr 2 09:12:40 2003
> @@ -916,7 +916,7 @@
> {
> int id = yyvsp[-1].tv_char ? atoi(yyvsp[-1].tv_char) : -1;
> free(yyvsp[-1].tv_char);
> - if(id <= 0 || id > 65535)
> + if(id < 0 || id > 65535)
> return yyerror("Inappropriate UID value");
> conf->set_uid = id;
> ;
> @@ -926,7 +926,7 @@
> {
> int id = yyvsp[-1].tv_char ? atoi(yyvsp[-1].tv_char) : -1;
> free(yyvsp[-1].tv_char);
> - if(id <= 0 || id > 65535)
> + if(id < 0 || id > 65535)
> return yyerror("Inappropriate UID value");
> conf->set_gid = id;
> ;
>
>
> ------------------------------------------------------------------------
>
> --- cfg.y.orig Wed Apr 2 08:45:27 2003
> +++ cfg.y Wed Apr 2 08:45:50 2003
> @@ -155,14 +155,14 @@
> | UID EQ TOK_STRING ps {
> int id = $3 ? atoi($3) : -1;
> free($3);
> - if(id <= 0 || id > 65535)
> + if(id < 0 || id > 65535)
> return yyerror("Inappropriate UID value");
> conf->set_uid = id;
> }
> | GID EQ TOK_STRING ps {
> int id = $3 ? atoi($3) : -1;
> free($3);
> - if(id <= 0 || id > 65535)
> + if(id < 0 || id > 65535)
> return yyerror("Inappropriate UID value");
> conf->set_gid = id;
> }
>
>
> ------------------------------------------------------------------------
>
> Index: Makefile
> ===================================================================
> RCS file: /data/ncvs/ports/net/ipcad/Makefile,v
> retrieving revision 1.10
> diff -u -r1.10 Makefile
> --- Makefile 21 Feb 2003 13:14:44 -0000 1.10
> +++ Makefile 2 Apr 2003 06:06:04 -0000
> @@ -6,7 +6,7 @@
> #
>
> PORTNAME= ipcad
> -PORTVERSION= 2.7.1
> +PORTVERSION= 2.8.1
> CATEGORIES= net
> MASTER_SITES= http://www.spelio.net.ru/soft/
>
> Index: distinfo
> ===================================================================
> RCS file: /data/ncvs/ports/net/ipcad/distinfo,v
> retrieving revision 1.9
> diff -u -r1.9 distinfo
> --- distinfo 2 Jan 2003 17:12:13 -0000 1.9
> +++ distinfo 2 Apr 2003 06:06:27 -0000
> @@ -1 +1 @@
> -MD5 (ipcad-2.7.1.tar.gz) = bfbb0b4706a9cd8cffa34213f8a709e3
> +MD5 (ipcad-2.8.1.tar.gz) = 90434ed3fbc84b11146e351c870a27a3
> --- cfg.y.orig Wed Apr 2 08:56:17 2003
> +++ cfg.y Wed Apr 2 08:56:26 2003
> @@ -155,14 +155,14 @@
> | UID EQ TOK_STRING ps {
> int id = $3 ? atoi($3) : -1;
> free($3);
> - if(id <= 0 || id > 65535)
> + if(id < 0 || id > 65535)
> return yyerror("Inappropriate UID value");
> conf->set_uid = id;
> }
> | GID EQ TOK_STRING ps {
> int id = $3 ? atoi($3) : -1;
> free($3);
> - if(id <= 0 || id > 65535)
> + if(id < 0 || id > 65535)
> return yyerror("Inappropriate UID value");
> conf->set_gid = id;
> }
>
>
> ------------------------------------------------------------------------
>
> bison -y -p ipcacfg -d cfg.y
> cfg.y:95.8: parse error, unexpected ":", expecting ";" or "|"
> cfg.y:97.22-30: $2 von ?IFlags? hat keinen deklarierten Typ
> cfg.y:100.27-103.14: $3 von ?IFlags? hat keinen deklarierten Typ
> cfg.y:105.25-106.23: $3 von ?IFlags? hat keinen deklarierten Typ
... skipped ...
--
Lev Walkin
vlm@netli.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E8B74F2.9020704>