[ovs-dev] [PATCH 1/2] lib: simplify daemon_become_new_user__()

[Andy Zhou]

Global variable 'switch_user' is no longer needed to make sure
user switch only happens once per process. Testing for uid directly
simplifies the logic; if switch process has taken place, then the
currnet uid can not be zero.

Signed-off-by: Andy Zhou <azhou at nicira.com>
---
 lib/daemon-unix.c | 27 +++++++++++++--------------
 1 file changed, 13 insertions(+), 14 deletions(-)

diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c
index 868e2c9..cafa397 100644
--- a/lib/daemon-unix.c
+++ b/lib/daemon-unix.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013 Nicira, Inc.
+ * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2015 Nicira, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -83,8 +83,7 @@ static bool monitor;
 
 /* --user: Only root can use this option. Switch to new uid:gid after
  * initially running as root.  */
-static bool switch_user = false;
-static bool non_root_user = false;
+static bool non_root_user__ = false;
 static uid_t uid;
 static gid_t gid;
 static char *user = NULL;
@@ -440,13 +439,11 @@ daemonize_start(bool access_datapath)
     assert_single_threaded();
     daemonize_fd = -1;
 
-    if (switch_user) {
+    if (non_root_user__) {
         daemon_become_new_user__(access_datapath);
-        switch_user = false;
-    }
 
-    /* If --user is specified, make sure user switch has completed by now.  */
-    if (non_root_user) {
+        /* If --user is specified, make sure this is no longer a root
+         * process.   */
         ovs_assert(geteuid() && getuid());
     }
 
@@ -853,6 +850,12 @@ daemon_become_new_user_linux(bool access_datapath OVS_UNUSED)
 static void
 daemon_become_new_user__(bool access_datapath)
 {
+    /* Execute this function at most once. After this function has been
+     * executed, current uid and effective uid can not be zero. */
+    if (getuid() || geteuid()) {
+        return;
+    }
+
     if (LINUX) {
         if (LIBCAPNG) {
             daemon_become_new_user_linux(access_datapath);
@@ -873,12 +876,8 @@ void
 daemon_become_new_user(bool access_datapath)
 {
     assert_single_threaded();
-    if (switch_user) {
+    if (non_root_user__) {
         daemon_become_new_user__(access_datapath);
-
-        /* Make sure daemonize_start() will not switch
-         * user again. */
-        switch_user = false;
     }
 }
 
@@ -1041,5 +1040,5 @@ daemon_set_new_user(const char *user_spec)
         }
     }
 
-    switch_user = non_root_user = true;
+    non_root_user__ = true;
 }
-- 
1.9.1