From 27a02b00c3c14d0af209d684ef8c9b618c7b7e6e8b0d6d8eecd3a4dbebadbcec Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <lnussel@suse.com>
Date: Tue, 8 Mar 2011 16:34:44 +0000
Subject: [PATCH] - change log dir owner to root - clean up init script

OBS-URL: https://build.opensuse.org/package/show/games:tools/mumble?expand=0&rev=8
---
 ...le-early-so-log-dir-can-be-root-owned.diff | 91 +++++++++++++++++++
 mumble-server.init                            | 24 +----
 mumble.changes                                |  6 ++
 mumble.spec                                   |  4 +-
 4 files changed, 103 insertions(+), 22 deletions(-)
 create mode 100644 0001-open-log-file-early-so-log-dir-can-be-root-owned.diff

diff --git a/0001-open-log-file-early-so-log-dir-can-be-root-owned.diff b/0001-open-log-file-early-so-log-dir-can-be-root-owned.diff
new file mode 100644
index 0000000..6d110f7
--- /dev/null
+++ b/0001-open-log-file-early-so-log-dir-can-be-root-owned.diff
@@ -0,0 +1,91 @@
+From d79587e5570ec036355ada3de76521d981ce9596 Mon Sep 17 00:00:00 2001
+From: Ludwig Nussel <ludwig.nussel@suse.de>
+Date: Tue, 8 Mar 2011 16:31:33 +0100
+Subject: [PATCH] open log file early so log dir can be root owned
+
+http://article.gmane.org/gmane.comp.security.oss.general/4404
+---
+ src/murmur/UnixMurmur.cpp |    2 +-
+ src/murmur/main.cpp       |   46 ++++++++++++++++++++++++++------------------
+ 2 files changed, 28 insertions(+), 20 deletions(-)
+
+diff --git a/src/murmur/UnixMurmur.cpp b/src/murmur/UnixMurmur.cpp
+index 773701c..3dc9c08 100644
+--- a/src/murmur/UnixMurmur.cpp
++++ b/src/murmur/UnixMurmur.cpp
+@@ -255,7 +255,7 @@ void UnixMurmur::setuid() {
+ 
+ void UnixMurmur::initialcap() {
+ #ifdef Q_OS_LINUX
+-	cap_value_t caps[] = {CAP_NET_ADMIN, CAP_SETUID, CAP_SETGID, CAP_SYS_RESOURCE, CAP_DAC_OVERRIDE };
++	cap_value_t caps[] = {CAP_NET_ADMIN, CAP_SETUID, CAP_SETGID, CAP_CHOWN, CAP_SYS_RESOURCE, CAP_DAC_OVERRIDE };
+ 
+ 	if (! bRoot)
+ 		return;
+diff --git a/src/murmur/main.cpp b/src/murmur/main.cpp
+index 5a4810d..695f8cc 100644
+--- a/src/murmur/main.cpp
++++ b/src/murmur/main.cpp
+@@ -273,6 +273,33 @@ int main(int argc, char **argv) {
+ 
+ 	Meta::mp.read(inifile);
+ 
++	// need to open log file early so log dir can be root owned:
++	// http://article.gmane.org/gmane.comp.security.oss.general/4404
++	if (detach && ! Meta::mp.qsLogfile.isEmpty()) {
++		qfLog = new QFile(Meta::mp.qsLogfile);
++		if (! qfLog->open(QIODevice::WriteOnly | QIODevice::Append | QIODevice::Text)) {
++			delete qfLog;
++			qfLog = NULL;
++#ifdef Q_OS_UNIX
++			fprintf(stderr, "murmurd: failed to open logfile %s: no logging will be done\n",qPrintable(Meta::mp.qsLogfile));
++#else
++			qWarning("Failed to open logfile %s. Will not detach.",qPrintable(Meta::mp.qsLogfile));
++			detach = false;
++#endif
++		} else {
++			qfLog->setTextModeEnabled(true);
++			QFileInfo qfi(*qfLog);
++			Meta::mp.qsLogfile = qfi.absoluteFilePath();
++#ifdef Q_OS_UNIX
++			if (Meta::mp.uiUid != 0 && fchown(qfLog->handle(), Meta::mp.uiUid, Meta::mp.uiGid) == -1) {
++				qFatal("can't change log file owner to %d %d:%d - %s", qfLog->handle(), Meta::mp.uiUid, Meta::mp.uiGid, strerror(errno));
++			}
++#endif
++		}
++	} else {
++		detach = false;
++	}
++
+ #ifdef Q_OS_UNIX
+ 	unixhandler.setuid();
+ #endif
+@@ -318,25 +345,6 @@ int main(int argc, char **argv) {
+ 		}
+ 	}
+ 
+-	if (detach && ! Meta::mp.qsLogfile.isEmpty()) {
+-		qfLog = new QFile(Meta::mp.qsLogfile);
+-		if (! qfLog->open(QIODevice::WriteOnly | QIODevice::Append | QIODevice::Text)) {
+-			delete qfLog;
+-			qfLog = NULL;
+-#ifdef Q_OS_UNIX
+-			fprintf(stderr, "murmurd: failed to open logfile %s: no logging will be done\n",qPrintable(Meta::mp.qsLogfile));
+-#else
+-			qWarning("Failed to open logfile %s. Will not detach.",qPrintable(Meta::mp.qsLogfile));
+-			detach = false;
+-#endif
+-		} else {
+-			qfLog->setTextModeEnabled(true);
+-			QFileInfo qfi(*qfLog);
+-			Meta::mp.qsLogfile = qfi.absoluteFilePath();
+-		}
+-	} else {
+-		detach = false;
+-	}
+ #ifdef Q_OS_UNIX
+ 	if (detach) {
+ 		if (fork() != 0) {
+-- 
+1.7.3.4
+
diff --git a/mumble-server.init b/mumble-server.init
index e5228dd..69a8b18 100644
--- a/mumble-server.init
+++ b/mumble-server.init
@@ -21,10 +21,6 @@ GROUP=mumble-server
 
 INIFILE=/etc/mumble-server.ini
 DAEMON_OPTS="-ini $INIFILE"
-MURMUR_DAEMON_START=0
-MURMUR_USE_CAPABILITIES=0
-MURMUR_LIMIT_NOFILE=0
-MURMUR_LIMIT_RTPRIO=0
 
 # Include murmur defaults if available
 if [ -f /etc/default/$NAME ] ; then
@@ -33,26 +29,12 @@ fi
 
 . /etc/rc.status
 
-if [ "$MURMUR_LIMIT_NOFILE" -gt 0 ] ; then
-	ulimit -n $MURMUR_LIMIT_NOFILE
-fi
-if [ "$MURMUR_LIMIT_RTPRIO" -gt 0 ]; then
-	ulimit -r 1
-fi
-
 case "$1" in
   start)
 	echo -n "Starting $NAME "
-	user=`sed -ne '/^uname=/s/.*=//p' < $INIFILE`
-	if [ -z "$user" ]; then
-		echo -n "${ext}No user configured in $INIFILE, refusing to run as root${norm}"
-		rc_status -v 6
-	else
-		eval HOME=~$user
-		cd $HOME
-		/sbin/start_daemon -p $PIDFILE -u $user $DAEMON $DAEMON_OPTS
-		rc_status -v
-	fi
+	test -d $PIDDIR || /usr/bin/install -d -m 0755 -o mumble-server -g mumble-server $PIDDIR
+	/sbin/start_daemon -p $PIDFILE $DAEMON $DAEMON_OPTS
+	rc_status -v
 	;;
   stop)
 	echo -n "Shutting down $NAME "
diff --git a/mumble.changes b/mumble.changes
index cd015cd..6d2ffd8 100644
--- a/mumble.changes
+++ b/mumble.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Mar  8 16:07:54 UTC 2011 - lnussel@suse.de
+
+- change log dir owner to root
+- clean up init script
+
 -------------------------------------------------------------------
 Mon Feb 21 13:19:50 UTC 2011 - lnussel@suse.de
 
diff --git a/mumble.spec b/mumble.spec
index d28a49f..9e392bc 100644
--- a/mumble.spec
+++ b/mumble.spec
@@ -80,6 +80,7 @@ Source1:        http://downloads.sourceforge.net/project/mumble/Mumble/%{version
 Source2:        mumble-server.init
 Patch0:         0001-fix-build-error-with-capability.h.diff
 Patch1:         0001-fix-user-switching.diff
+Patch2:         0001-open-log-file-early-so-log-dir-can-be-root-owned.diff
 Patch50:        mumble-1.2.2-buildcompare.diff
 # hack, no clue about glx so no idea to fix this properly
 Patch99:        mumble-1.1.4-sle10glx.diff
@@ -144,6 +145,7 @@ won't be audible to other players.
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 #
 %patch50 -p1
 %if 0%{?suse_version} && 0%{?suse_version} < 1020
@@ -388,7 +390,7 @@ getent passwd mumble-server >/dev/null || \
 %{_mandir}/man1/murmurd.*
 %{_mandir}/man1/murmur-user-wrapper.*
 %dir %attr(-,mumble-server,mumble-server) /var/lib/mumble-server
-%dir %attr(-,mumble-server,mumble-server) /var/log/mumble-server
+%dir /var/log/mumble-server
 %if 0%{?suse_version} < 1130
 %dir %attr(-,mumble-server,mumble-server) /var/run/mumble-server
 %else