comparison: src/server/daemon/acl.c
src/server/daemon/acl.c
- changeset 73
- 79fa26ecd135
- parent 69
- 4a10bc0ee80d
- child 93
- 95b77e842db3
equal
deleted
inserted
replaced
| 72:9b888965f3ee | 73:79fa26ecd135 |
|---|---|
| 26 * POSSIBILITY OF SUCH DAMAGE. | 26 * POSSIBILITY OF SUCH DAMAGE. |
| 27 */ | 27 */ |
| 28 | 28 |
| 29 #include <stdio.h> | 29 #include <stdio.h> |
| 30 #include <stdlib.h> | 30 #include <stdlib.h> |
| 31 #include <unistd.h> | |
| 31 | 32 |
| 32 #include "../util/util.h" | 33 #include "../util/util.h" |
| 33 #include "../util/pool.h" | 34 #include "../util/pool.h" |
| 34 #include "../safs/auth.h" | 35 #include "../safs/auth.h" |
| 36 #include "log.h" | |
| 35 #include "acl.h" | 37 #include "acl.h" |
| 36 | 38 |
| 37 void acllist_createhandle(Session *sn, Request *rq) { | 39 void acllist_createhandle(Session *sn, Request *rq) { |
| 38 ACLListHandle *handle = pool_malloc(sn->pool, sizeof(ACLListHandle)); | 40 ACLListHandle *handle = pool_malloc(sn->pool, sizeof(ACLListHandle)); |
| 39 handle->defaultauthdb = NULL; | 41 handle->defaultauthdb = NULL; |
| 540 } | 542 } |
| 541 | 543 |
| 542 return check_access; | 544 return check_access; |
| 543 } | 545 } |
| 544 | 546 |
| 545 | 547 void fs_acl_finish() { |
| 548 | |
| 549 } | |
| 546 | 550 |
| 547 #endif | 551 #endif |
| 548 | 552 |
| 549 /* | 553 /* |
| 550 * generic code for all non acl unices | 554 * generic code for all non acl unices |
| 554 | 558 |
| 555 int fs_acl_check(SysACL *acl, User *user, char *path, uint32_t access_mask) { | 559 int fs_acl_check(SysACL *acl, User *user, char *path, uint32_t access_mask) { |
| 556 return 1; | 560 return 1; |
| 557 } | 561 } |
| 558 | 562 |
| 563 void fs_acl_finish() { | |
| 564 | |
| 565 } | |
| 566 | |
| 559 #endif | 567 #endif |
| 568 | |
| 569 | |
| 570 #ifdef LINUX | |
| 571 | |
| 572 #include <sys/fsuid.h> | |
| 573 | |
| 574 int fs_acl_check(SysACL *acl, User *user, char *path, uint32_t access_mask) { | |
| 575 struct passwd *ws_pw = conf_getglobals()->Vuserpw; | |
| 576 if(!ws_pw) { | |
| 577 log_ereport(LOG_FAILURE, "fs_acl_check: unknown webserver uid/gid"); | |
| 578 return 1; | |
| 579 } | |
| 580 | |
| 581 // get uid/gid | |
| 582 struct passwd pw; | |
| 583 if(user) { | |
| 584 char *pwbuf = malloc(DEF_PWBUF); | |
| 585 if(pwbuf == NULL) { | |
| 586 return 0; | |
| 587 } | |
| 588 if(!util_getpwnam(user->name, &pw, pwbuf, DEF_PWBUF)) { | |
| 589 free(pwbuf); | |
| 590 return 0; | |
| 591 } | |
| 592 free(pwbuf); | |
| 593 acl->user_uid = pw.pw_uid; | |
| 594 acl->user_gid = pw.pw_gid; | |
| 595 } else { | |
| 596 acl->user_uid = 0; | |
| 597 acl->user_gid = 0; | |
| 598 } | |
| 599 | |
| 600 // set fs uid/gid | |
| 601 if(acl->user_uid != 0) { | |
| 602 if(setfsuid(pw.pw_uid)) { | |
| 603 log_ereport( | |
| 604 LOG_FAILURE, | |
| 605 "Cannot set fsuid to uid: %u", pw.pw_uid); | |
| 606 } | |
| 607 if(setfsgid(pw.pw_gid)) { | |
| 608 log_ereport( | |
| 609 LOG_FAILURE, | |
| 610 "Cannot set fsgid to gid: %u", pw.pw_gid); | |
| 611 } | |
| 612 } | |
| 613 | |
| 614 | |
| 615 return 1; | |
| 616 } | |
| 617 | |
| 618 void fs_acl_finish() { | |
| 619 struct passwd *pw = conf_getglobals()->Vuserpw; | |
| 620 if(!pw) { | |
| 621 log_ereport( | |
| 622 LOG_FAILURE, | |
| 623 "global configuration broken (Vuserpw is null)"); | |
| 624 return; | |
| 625 } | |
| 626 if(setfsuid(pw->pw_uid)) { | |
| 627 log_ereport( | |
| 628 LOG_FAILURE, | |
| 629 "Cannot set fsuid back to server uid: %u", pw->pw_uid); | |
| 630 } | |
| 631 if(setfsgid(pw->pw_gid)) { | |
| 632 log_ereport( | |
| 633 LOG_FAILURE, | |
| 634 "Cannot set fsgid back to server gid: %u", pw->pw_gid); | |
| 635 } | |
| 636 } | |
| 637 | |
| 638 #endif |
