mgt: Always recreate secret file on startup

As both the varnish working directory and the secret file may pre-exist, this ensures permissions remain restrictive on it.

mgt: Always recreate secret file on startup
As both the varnish working directory and the secret file may pre-exist, this ensures permissions remain restrictive on it.
2f4a9c8d · Stephane Cance · Dridi Boukelmoune · 9e0f47f8 · 2f4a9c8d · 2f4a9c8d
Commit 2f4a9c8d authored Apr 05, 2024 by Stephane Cance Committed by Dridi Boukelmoune Apr 08, 2024
Hide whitespace changes
Inline Side-by-side

Showing with 51 additions and 3 deletions

mgt_main.c bin/varnishd/mgt/mgt_main.c +8 -2

b00084.vtc bin/varnishtest/tests/b00084.vtc +42 -0

u00000.vtc bin/varnishtest/tests/u00000.vtc +1 -1

No files found.
--- a/bin/varnishd/mgt/mgt_main.c
+++ b/bin/varnishd/mgt/mgt_main.c
@@ -272,10 +272,16 @@ make_secret(const char *dirname)
 	assert(asprintf(&fn, "%s/_.secret", dirname) > 0);

 	VJ_master(JAIL_MASTER_FILE);
-	fdo = open(fn, O_RDWR|O_CREAT|O_TRUNC, 0640);
-	if (fdo < 0)
+	if (unlink(fn) < 0 && errno != ENOENT) {
+		ARGV_ERR("Cannot remove pre-existing secret-file in %s (%s)\n",
+		    dirname, VAS_errtxt(errno));
+	}
+
+	fdo = open(fn, O_RDWR|O_CREAT|O_EXCL, 0640);
+	if (fdo < 0) {
 		ARGV_ERR("Cannot create secret-file in %s (%s)\n",
 		    dirname, VAS_errtxt(errno));
+	}

 	for (i = 0; i < 256; i++) {
 		AZ(VRND_RandomCrypto(&b, 1));

--- a/bin/varnishtest/tests/b00084.vtc
+++ b/bin/varnishtest/tests/b00084.vtc
+varnishtest "make sure an already setup secret file remains protected"
+
+varnish v1 -vcl { backend default none; } -start
+
+shell -match _.secret {
+	find "${tmpdir}"/v1/_.secret -perm 0640 -size 256c
+}
+
+varnish v1 -stop -wait
+
+shell {
+	test ! -f "${tmpdir}"/v1/_.secret
+}
+
+# since varnishtest destroys workdir silently before startup
+# this must fool varnishtest to not manage the workdir
+shell -match _.secret {
+	set -e
+	mkdir -p "${tmpdir}"/v2/
+	touch "${tmpdir}"/v2/_.secret
+	chmod 0666 "${tmpdir}"/v2/_.secret
+	find "${tmpdir}"/v2/_.secret -perm 0666 -size 0c
+}
+
+process p1 "exec varnishd -n ${tmpdir}/v2 -F -f '' -a :0" -start
+
+# wait for startup and check permissions have changed
+shell -match _.secret {
+	set -e
+	t=50
+	while [ "$t" -gt 0 ] && [ ! -d "${tmpdir}"/v2/_.vsm_mgt ]; do
+	    sleep 0.1
+	    t=$(($t - 1))
+	done
+	find "${tmpdir}"/v2/_.secret -perm 0640 -size 256c
+}
+
+process p1 -stop -wait
+
+shell {
+	test ! -f "${tmpdir}"/v2/_.secret
+}
--- a/bin/varnishtest/tests/u00000.vtc
+++ b/bin/varnishtest/tests/u00000.vtc
@@ -44,7 +44,7 @@ shell -err -expect {Cannot open -S file} {
 	varnishd -S ${tmpdir}/nonexistent -n ${tmpdir}/v0 -f ''
 }

-shell -err -expect {Cannot create secret-file in} {
+shell -err -expect {Cannot remove pre-existing secret-file in} {
 	mkdir ${tmpdir}/is_a_dir ${tmpdir}/is_a_dir/_.secret
 	varnishd -n ${tmpdir}/is_a_dir -d -a :0
 }