src/server/daemon/acl.c

changeset 75
6195c92262a2
parent 73
79fa26ecd135
child 93
95b77e842db3
equal deleted inserted replaced
74:5bc6d078fb2c 75:6195c92262a2
26 * POSSIBILITY OF SUCH DAMAGE. 26 * POSSIBILITY OF SUCH DAMAGE.
27 */ 27 */
28 28
29 #include <stdio.h> 29 #include <stdio.h>
30 #include <stdlib.h> 30 #include <stdlib.h>
31 #include <unistd.h>
31 32
32 #include "../util/util.h" 33 #include "../util/util.h"
33 #include "../util/pool.h" 34 #include "../util/pool.h"
34 #include "../safs/auth.h" 35 #include "../safs/auth.h"
36 #include "log.h"
35 #include "acl.h" 37 #include "acl.h"
36 38
37 void acllist_createhandle(Session *sn, Request *rq) { 39 void acllist_createhandle(Session *sn, Request *rq) {
38 ACLListHandle *handle = pool_malloc(sn->pool, sizeof(ACLListHandle)); 40 ACLListHandle *handle = pool_malloc(sn->pool, sizeof(ACLListHandle));
39 handle->defaultauthdb = NULL; 41 handle->defaultauthdb = NULL;
540 } 542 }
541 543
542 return check_access; 544 return check_access;
543 } 545 }
544 546
545 547 void fs_acl_finish() {
548
549 }
546 550
547 #endif 551 #endif
548 552
549 /* 553 /*
550 * generic code for all non acl unices 554 * generic code for all non acl unices
554 558
555 int fs_acl_check(SysACL *acl, User *user, char *path, uint32_t access_mask) { 559 int fs_acl_check(SysACL *acl, User *user, char *path, uint32_t access_mask) {
556 return 1; 560 return 1;
557 } 561 }
558 562
563 void fs_acl_finish() {
564
565 }
566
559 #endif 567 #endif
568
569
570 #ifdef LINUX
571
572 #include <sys/fsuid.h>
573
574 int fs_acl_check(SysACL *acl, User *user, char *path, uint32_t access_mask) {
575 struct passwd *ws_pw = conf_getglobals()->Vuserpw;
576 if(!ws_pw) {
577 log_ereport(LOG_FAILURE, "fs_acl_check: unknown webserver uid/gid");
578 return 1;
579 }
580
581 // get uid/gid
582 struct passwd pw;
583 if(user) {
584 char *pwbuf = malloc(DEF_PWBUF);
585 if(pwbuf == NULL) {
586 return 0;
587 }
588 if(!util_getpwnam(user->name, &pw, pwbuf, DEF_PWBUF)) {
589 free(pwbuf);
590 return 0;
591 }
592 free(pwbuf);
593 acl->user_uid = pw.pw_uid;
594 acl->user_gid = pw.pw_gid;
595 } else {
596 acl->user_uid = 0;
597 acl->user_gid = 0;
598 }
599
600 // set fs uid/gid
601 if(acl->user_uid != 0) {
602 if(setfsuid(pw.pw_uid)) {
603 log_ereport(
604 LOG_FAILURE,
605 "Cannot set fsuid to uid: %u", pw.pw_uid);
606 }
607 if(setfsgid(pw.pw_gid)) {
608 log_ereport(
609 LOG_FAILURE,
610 "Cannot set fsgid to gid: %u", pw.pw_gid);
611 }
612 }
613
614
615 return 1;
616 }
617
618 void fs_acl_finish() {
619 struct passwd *pw = conf_getglobals()->Vuserpw;
620 if(!pw) {
621 log_ereport(
622 LOG_FAILURE,
623 "global configuration broken (Vuserpw is null)");
624 return;
625 }
626 if(setfsuid(pw->pw_uid)) {
627 log_ereport(
628 LOG_FAILURE,
629 "Cannot set fsuid back to server uid: %u", pw->pw_uid);
630 }
631 if(setfsgid(pw->pw_gid)) {
632 log_ereport(
633 LOG_FAILURE,
634 "Cannot set fsgid back to server gid: %u", pw->pw_gid);
635 }
636 }
637
638 #endif

mercurial