--- a/src/server/daemon/acl.c Sun Jun 23 13:49:17 2013 +0200 +++ b/src/server/daemon/acl.c Sun Jun 23 13:51:49 2013 +0200 @@ -28,10 +28,12 @@ #include <stdio.h> #include <stdlib.h> +#include <unistd.h> #include "../util/util.h" #include "../util/pool.h" #include "../safs/auth.h" +#include "log.h" #include "acl.h" void acllist_createhandle(Session *sn, Request *rq) { @@ -542,7 +544,9 @@ return check_access; } - +void fs_acl_finish() { + +} #endif @@ -556,4 +560,79 @@ return 1; } +void fs_acl_finish() { + +} + #endif + + +#ifdef LINUX + +#include <sys/fsuid.h> + +int fs_acl_check(SysACL *acl, User *user, char *path, uint32_t access_mask) { + struct passwd *ws_pw = conf_getglobals()->Vuserpw; + if(!ws_pw) { + log_ereport(LOG_FAILURE, "fs_acl_check: unknown webserver uid/gid"); + return 1; + } + + // get uid/gid + struct passwd pw; + if(user) { + char *pwbuf = malloc(DEF_PWBUF); + if(pwbuf == NULL) { + return 0; + } + if(!util_getpwnam(user->name, &pw, pwbuf, DEF_PWBUF)) { + free(pwbuf); + return 0; + } + free(pwbuf); + acl->user_uid = pw.pw_uid; + acl->user_gid = pw.pw_gid; + } else { + acl->user_uid = 0; + acl->user_gid = 0; + } + + // set fs uid/gid + if(acl->user_uid != 0) { + if(setfsuid(pw.pw_uid)) { + log_ereport( + LOG_FAILURE, + "Cannot set fsuid to uid: %u", pw.pw_uid); + } + if(setfsgid(pw.pw_gid)) { + log_ereport( + LOG_FAILURE, + "Cannot set fsgid to gid: %u", pw.pw_gid); + } + } + + + return 1; +} + +void fs_acl_finish() { + struct passwd *pw = conf_getglobals()->Vuserpw; + if(!pw) { + log_ereport( + LOG_FAILURE, + "global configuration broken (Vuserpw is null)"); + return; + } + if(setfsuid(pw->pw_uid)) { + log_ereport( + LOG_FAILURE, + "Cannot set fsuid back to server uid: %u", pw->pw_uid); + } + if(setfsgid(pw->pw_gid)) { + log_ereport( + LOG_FAILURE, + "Cannot set fsgid back to server gid: %u", pw->pw_gid); + } +} + +#endif