src/server/daemon/acl.c

changeset 75
6195c92262a2
parent 73
79fa26ecd135
child 93
95b77e842db3
--- a/src/server/daemon/acl.c	Sun Jun 23 13:49:17 2013 +0200
+++ b/src/server/daemon/acl.c	Sun Jun 23 13:51:49 2013 +0200
@@ -28,10 +28,12 @@
 
 #include <stdio.h>
 #include <stdlib.h>
+#include <unistd.h>
 
 #include "../util/util.h"
 #include "../util/pool.h"
 #include "../safs/auth.h"
+#include "log.h"
 #include "acl.h"
 
 void acllist_createhandle(Session *sn, Request *rq) {
@@ -542,7 +544,9 @@
     return check_access;
 }
 
-
+void fs_acl_finish() {
+    
+}
 
 #endif
 
@@ -556,4 +560,79 @@
     return 1;
 }
 
+void fs_acl_finish() {
+    
+}
+
 #endif
+
+
+#ifdef LINUX
+
+#include <sys/fsuid.h>
+
+int fs_acl_check(SysACL *acl, User *user, char *path, uint32_t access_mask) {
+    struct passwd *ws_pw = conf_getglobals()->Vuserpw;
+    if(!ws_pw) {
+        log_ereport(LOG_FAILURE, "fs_acl_check: unknown webserver uid/gid");
+        return 1;
+    }
+    
+    // get uid/gid
+    struct passwd pw;
+    if(user) {
+        char *pwbuf = malloc(DEF_PWBUF);
+        if(pwbuf == NULL) {
+            return 0;
+        }
+        if(!util_getpwnam(user->name, &pw, pwbuf, DEF_PWBUF)) {
+            free(pwbuf);
+            return 0;
+        }
+        free(pwbuf);
+        acl->user_uid = pw.pw_uid;
+        acl->user_gid = pw.pw_gid;
+    } else {
+        acl->user_uid = 0;
+        acl->user_gid = 0;
+    }
+    
+    // set fs uid/gid
+    if(acl->user_uid != 0) {
+        if(setfsuid(pw.pw_uid)) {
+            log_ereport(
+                    LOG_FAILURE,
+                    "Cannot set fsuid to uid: %u", pw.pw_uid);
+        }
+        if(setfsgid(pw.pw_gid)) {
+            log_ereport(
+                    LOG_FAILURE,
+                    "Cannot set fsgid to gid: %u", pw.pw_gid);
+        }
+    }
+    
+    
+    return 1;
+}
+
+void fs_acl_finish() {
+    struct passwd *pw = conf_getglobals()->Vuserpw;
+    if(!pw) {
+        log_ereport(
+                LOG_FAILURE,
+                "global configuration broken (Vuserpw is null)");
+        return;
+    }
+    if(setfsuid(pw->pw_uid)) {
+        log_ereport(
+                LOG_FAILURE,
+                "Cannot set fsuid back to server uid: %u", pw->pw_uid);
+    }
+    if(setfsgid(pw->pw_gid)) {
+        log_ereport(
+                LOG_FAILURE,
+                "Cannot set fsgid back to server gid: %u", pw->pw_gid);
+    }
+}
+
+#endif

mercurial