LCR now runs as a user.

You may change the path of socket and lock files.
LCR admin socket's flags can now be altered to allow access to other users.
Lock and socket files will now be removed when terminating LCR.

	modified:   Makefile
	modified:   chan_lcr.c
	modified:   default/options.conf
	modified:   lcradmin.c
	modified:   lcrsocket.h
	modified:   main.c
	modified:   options.c
	modified:   options.h
	modified:   socket_server.c

Makefile

@@ -225,9 +225,9 @@ $(LCR): main.o \
 	trace.o \
 	$(LIBS) -o $(LCR) 
 
-$(LCRADMIN): lcradmin.c cause.c *.h Makefile
+$(LCRADMIN): lcradmin.c cause.c options.c *.h Makefile
 	$(PP) $(LIBDIR) $(CFLAGS_LCRADMIN) $(CURSES) -lm lcradmin.c cause.c \
-	-o $(LCRADMIN) 
+	options.c -o $(LCRADMIN) 
 
 $(CHAN_LCR): chan_lcr.o bchannel.o callerid.o options.o *.h Makefile
 	$(CC) -shared -Xlinker -x $(LDFLAGS) -o $(CHAN_LCR) chan_lcr.o bchannel.o callerid.o options.o

chan_lcr.c

@@ -1428,7 +1428,6 @@ int handle_socket(void)
 int open_socket(void)
 {
 	int ret;
-	char *socket_name = SOCKET_NAME;
 	int conn;
 	struct sockaddr_un sock_address;
 	unsigned int on = 1;
@@ -1444,7 +1443,7 @@ int open_socket(void)
 	/* set socket address and name */
 	memset(&sock_address, 0, sizeof(sock_address));
 	sock_address.sun_family = PF_UNIX;
-	strcpy(sock_address.sun_path, socket_name);
+	sprintf(sock_address.sun_path, SOCKET_NAME, options.lock);
 
 	/* connect socket */
 	if ((conn = connect(lcr_sock, (struct sockaddr *)&sock_address, SUN_LEN(&sock_address))) < 0)

default/options.conf

@@ -89,3 +89,14 @@
 # Most mail servers require an existing domain in order to accept mails.
 #email lcr@your.domain
 
+# Directory to write lock file and admin socket file to.
+# If /var/run does not have the rights to run LCR, you may choose /var/tmp
+# or any directory with the appropiet rights LCR runs with.
+#lock /var/run
+
+# Change rights of LCR socket, where lcradmin or chan_lcr connects to.
+# By default 700 (user only) rights are set. If Asterisk runs with a different
+# user, the rights may be changed to all users (777).
+# Rights must have 0 in front, if octal values above are used.
+#socketrights 0700
+

lcradmin.c

@@ -23,6 +23,7 @@
 #include <errno.h>
 #include <curses.h>
 #include "macro.h"
+#include "options.h"
 #include "join.h"
 #include "joinpbx.h"
 #include "extension.h"
@@ -1630,7 +1631,6 @@ next:
 int main(int argc, char *argv[])
 {
 	int mode;
-	char *socket_name = SOCKET_NAME;
 	int sock, conn;
 	struct sockaddr_un sock_address;
 	char *ret;
@@ -1717,6 +1717,10 @@ int main(int argc, char *argv[])
 		goto usage;
 	}
 
+	if (read_options() == 0) {
+		exit(EXIT_FAILURE);
+	}
+
 //pipeagain:
 	/* open socket */
 	if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
@@ -1725,8 +1729,8 @@ int main(int argc, char *argv[])
 		exit(EXIT_FAILURE);
 	}
 	memset(&sock_address, 0, sizeof(sock_address));
+	SPRINT(sock_address.sun_path, SOCKET_NAME, options.lock);
 	sock_address.sun_family = PF_UNIX;
-	UCPY(sock_address.sun_path, socket_name);
 	if ((conn = connect(sock, (struct sockaddr *)&sock_address, SUN_LEN(&sock_address))) < 0)
 	{
 		close(sock);

lcrsocket.h

@@ -9,7 +9,7 @@
 **                                                                           **
 \*****************************************************************************/
 
-#define SOCKET_NAME "/var/run/LCR.socket"
+#define SOCKET_NAME "%s/LCR.socket"
 
 /* structures that define message between admin-tool and pbx */
 

main.c

@@ -189,7 +189,7 @@ int main(int argc, char *argv[])
         			created_lock = 0, created_signal = 0, created_debug = 0,
 				created_misdn = 0;
 	int			idletime = 0, idlecheck = 0;
-	char			tracetext[256];
+	char			tracetext[256], lock[128];
 
 #if 0
 	/* init fdset */
@@ -352,9 +352,11 @@ int main(int argc, char *argv[])
 	}
 
 	/* create lock and lock! */
-	if ((lockfd = open("/var/run/lcr.lock", O_CREAT, 0)) < 0)
+	SPRINT(lock, "%s/lcr.lock", options.lock);
+	if ((lockfd = open(lock, O_CREAT | O_WRONLY)) < 0)
 	{
-		fprintf(stderr, "Cannot create lock file: /var/run/lcr.lock\n");
+		fprintf(stderr, "Cannot create lock file: %s\n", lock);
+		fprintf(stderr, "Check options.conf to change to path with permissions for you.\n");
 		goto free;
 	}
 	if (flock(lockfd, LOCK_EX|LOCK_NB) < 0)
@@ -408,18 +410,17 @@ int main(int argc, char *argv[])
 		switch(errno)
 		{
 			case ENOMEM:
-			fprintf(stderr, "Not enough memory to lock paging, exitting...\n");
+			fprintf(stderr, "Warning: Not enough memory to lock paging, exitting...\n");
 			break;
 			case EPERM:
-			fprintf(stderr, "No permission to lock paging, exitting...\n");
+			fprintf(stderr, "Warning: No permission to lock paging, exitting...\n");
 			break;
 			case EFAULT:
-			fprintf(stderr, "'Bad address' while locking paging, exitting...\n");
+			fprintf(stderr, "Warning: 'Bad address' while locking paging, exitting...\n");
 			break;
 			default:
-			fprintf(stderr, "Unknown error %d while locking paging, exitting...\n", errno);
+			fprintf(stderr, "Warning: Unknown error %d while locking paging, exitting...\n", errno);
 		}
-		goto free;
 	}
 
 	/* set real time scheduler & priority */
@@ -710,7 +711,11 @@ free:
 	if (created_lock)
 		flock(lockfd, LOCK_UN);
 	if (lockfd >= 0)
+	{
+		chmod(lock, 0700);
+		unlink(lock);
 		close(lockfd);
+	}
 
 	/* free rulesets */
 	if (ruleset_first)

options.c

@@ -30,7 +30,9 @@ struct options options = {
 	"",				/* dummy caller id */
 	0,				/* use tones by dsp.o */
 	0,				/* by default use priority 0 */
-	"lcr@your.machine"		/* source mail adress */
+	"lcr@your.machine",		/* source mail adress */
+	"/var/tmp",			/* path of lock files */
+	0700				/* rights of lcr admin socket */
 };
 
 char options_error[256];
@@ -240,6 +242,22 @@ int read_options(void)
 			SCPY(options.email, param);
 
 		} else
+		if (!strcmp(option,"lock"))
+		{
+			if (param[0]==0)
+			{
+				SPRINT(options_error, "Error in %s (line %d): parameter for option %s missing.\n",filename,line,option);
+				goto error;
+			}
+			if (param[strlen(param)-1] == '/')
+				param[strlen(param)-1]=0;
+			SCPY(options.lock, param);
+
+		} else
+		if (!strcmp(option,"socketrights"))
+		{
+			options.socketrights = strtol(param, NULL, 0);
+		} else
 		{
 			SPRINT(options_error, "Error in %s (line %d): wrong option keyword %s.\n", filename,line,option);
 			goto error;

options.h

@@ -24,6 +24,8 @@ struct options {
 	int	dsptones;		/* tones will be generated via dsp.o 1=american 2=ger */
 	int	schedule;		/* run process in realtime @ given priority */
 	char	email[128];		/* source email address */
+	char	lock[128];		/* path of lock files */
+	int	socketrights;		/* rights of lcr admin socket */
 };	
 
 extern struct options options;

socket_server.c

@@ -15,7 +15,7 @@
 #include <curses.h>
 
 
-char *socket_name = SOCKET_NAME;
+char socket_name[128];
 int sock = -1;
 struct sockaddr_un sock_address;
 
@@ -36,6 +36,7 @@ int admin_init(void)
 	}
 	fhuse++;
 	memset(&sock_address, 0, sizeof(sock_address));
+	SPRINT(socket_name, SOCKET_NAME, options.lock);
 	sock_address.sun_family = AF_UNIX;
 	UCPY(sock_address.sun_path, socket_name);
 	unlink(socket_name);
@@ -66,6 +67,10 @@ int admin_init(void)
 		PERROR("Failed to set socket \"%s\" into non-blocking mode. (errno=%d)\n", sock_address.sun_path, errno);
 		return(-1);
 	}
+	if (chmod(socket_name, options.socketrights) < 0)
+	{
+		PERROR("Failed to change socket rigts to %d. (errno=%d)\n", options.socketrights, errno);
+	}
 	return(0);
 }
 
@@ -176,6 +181,8 @@ void admin_cleanup(void)
 		close(sock);
 		fhuse--;
 	}
+
+	unlink(socket_name);
 }