merge

Sun, 23 Jun 2013 13:51:49 +0200

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Sun, 23 Jun 2013 13:51:49 +0200
changeset 75
6195c92262a2
parent 74
5bc6d078fb2c (current diff)
parent 73
79fa26ecd135 (diff)
child 76
5f7660fe1562

merge

src/server/daemon/config.c file | annotate | diff | comparison | revisions
--- a/src/server/daemon/acl.c	Sun Jun 23 13:49:17 2013 +0200
+++ b/src/server/daemon/acl.c	Sun Jun 23 13:51:49 2013 +0200
@@ -28,10 +28,12 @@
 
 #include <stdio.h>
 #include <stdlib.h>
+#include <unistd.h>
 
 #include "../util/util.h"
 #include "../util/pool.h"
 #include "../safs/auth.h"
+#include "log.h"
 #include "acl.h"
 
 void acllist_createhandle(Session *sn, Request *rq) {
@@ -542,7 +544,9 @@
     return check_access;
 }
 
-
+void fs_acl_finish() {
+    
+}
 
 #endif
 
@@ -556,4 +560,79 @@
     return 1;
 }
 
+void fs_acl_finish() {
+    
+}
+
 #endif
+
+
+#ifdef LINUX
+
+#include <sys/fsuid.h>
+
+int fs_acl_check(SysACL *acl, User *user, char *path, uint32_t access_mask) {
+    struct passwd *ws_pw = conf_getglobals()->Vuserpw;
+    if(!ws_pw) {
+        log_ereport(LOG_FAILURE, "fs_acl_check: unknown webserver uid/gid");
+        return 1;
+    }
+    
+    // get uid/gid
+    struct passwd pw;
+    if(user) {
+        char *pwbuf = malloc(DEF_PWBUF);
+        if(pwbuf == NULL) {
+            return 0;
+        }
+        if(!util_getpwnam(user->name, &pw, pwbuf, DEF_PWBUF)) {
+            free(pwbuf);
+            return 0;
+        }
+        free(pwbuf);
+        acl->user_uid = pw.pw_uid;
+        acl->user_gid = pw.pw_gid;
+    } else {
+        acl->user_uid = 0;
+        acl->user_gid = 0;
+    }
+    
+    // set fs uid/gid
+    if(acl->user_uid != 0) {
+        if(setfsuid(pw.pw_uid)) {
+            log_ereport(
+                    LOG_FAILURE,
+                    "Cannot set fsuid to uid: %u", pw.pw_uid);
+        }
+        if(setfsgid(pw.pw_gid)) {
+            log_ereport(
+                    LOG_FAILURE,
+                    "Cannot set fsgid to gid: %u", pw.pw_gid);
+        }
+    }
+    
+    
+    return 1;
+}
+
+void fs_acl_finish() {
+    struct passwd *pw = conf_getglobals()->Vuserpw;
+    if(!pw) {
+        log_ereport(
+                LOG_FAILURE,
+                "global configuration broken (Vuserpw is null)");
+        return;
+    }
+    if(setfsuid(pw->pw_uid)) {
+        log_ereport(
+                LOG_FAILURE,
+                "Cannot set fsuid back to server uid: %u", pw->pw_uid);
+    }
+    if(setfsgid(pw->pw_gid)) {
+        log_ereport(
+                LOG_FAILURE,
+                "Cannot set fsgid back to server gid: %u", pw->pw_gid);
+    }
+}
+
+#endif
--- a/src/server/daemon/acl.h	Sun Jun 23 13:49:17 2013 +0200
+++ b/src/server/daemon/acl.h	Sun Jun 23 13:51:49 2013 +0200
@@ -49,6 +49,7 @@
 // file system acl functions
 
 int fs_acl_check(SysACL *acl, User *user, char *path, uint32_t access_mask);
+void fs_acl_finish();
 
 #ifdef	__cplusplus
 }
--- a/src/server/daemon/config.c	Sun Jun 23 13:49:17 2013 +0200
+++ b/src/server/daemon/config.c	Sun Jun 23 13:51:49 2013 +0200
@@ -64,6 +64,7 @@
     InitConfig *cfg = load_init_config(file);
     UcxMempool *mp = cfg->parser.mp;
     if(cfg == NULL) {
+        fprintf(stderr, "Cannot load init.conf\n");
         return 1;
     }
 
@@ -149,34 +150,39 @@
      * VirtualServer (dependencies: Listener)
      */
     
-    /* init logfile first */
+    // init logfile first
     UcxList *lfl = ucx_map_sstr_get(serverconf->objects, sstrn("LogFile", 7));
     if(lfl != NULL) {
         ServerConfigObject *logobj = lfl->data;
         if(logobj == NULL) {
-            /* error */
+            // error
             return NULL;
         }
         
         int ret = cfg_handle_logfile(serverconfig, logobj);
         if(ret != 0) {
-            /* cannot initialize log file */
+            // cannot initialize log file
             return NULL;
         }
     } else {
-        /* horrible error */
+        // horrible error
         return NULL;
     }
      
     UcxList *list = ucx_map_sstr_get(serverconf->objects, sstrn("Runtime", 7));
     UCX_FOREACH(UcxList*, list, elm) {
         ServerConfigObject *scfgobj = elm->data;
-        cfg_handle_runtime(serverconfig, scfgobj);
+        if(cfg_handle_runtime(serverconfig, scfgobj)) {
+            // error
+            return NULL;
+        }
     }
     
     list = ucx_map_sstr_get(serverconf->objects, sstrn("Threadpool", 10));
     UCX_FOREACH(UcxList*, list, elm) {
-        cfg_handle_threadpool(serverconfig, elm->data);
+        if(cfg_handle_threadpool(serverconfig, elm->data)) {
+            return NULL;
+        }
     }
     // check thread pool config
     if(check_thread_pool_cfg() != 0) {
@@ -186,7 +192,11 @@
     
     list = ucx_map_sstr_get(serverconf->objects, sstrn("EventHandler", 12));
     UCX_FOREACH(UcxList*, list, elm) {
-        cfg_handle_eventhandler(serverconfig, (ServerConfigObject*)elm->data);
+        if(cfg_handle_eventhandler(
+                serverconfig, (ServerConfigObject*)elm->data)) {
+            // error            
+            return NULL;
+        }
     }
     // check event handler config
     if(check_event_handler_cfg() != 0) {
@@ -197,25 +207,33 @@
     list = ucx_map_sstr_get(serverconf->objects, sstrn("AccessLog", 9));
     UCX_FOREACH(UcxList*, list, elm) {
         ServerConfigObject *scfgobj = elm->data;
-        cfg_handle_accesslog(serverconfig, scfgobj);
+        if(cfg_handle_accesslog(serverconfig, scfgobj)) {
+            return NULL;
+        }
     }
     
     list = ucx_map_sstr_get(serverconf->objects, sstrn("AuthDB", 6));
     UCX_FOREACH(UcxList*, list, elm) {
         ServerConfigObject *scfgobj = elm->data;
-        cfg_handle_authdb(serverconfig, scfgobj);
+        if(cfg_handle_authdb(serverconfig, scfgobj)) {
+            return NULL;
+        }
     }
     
     list = ucx_map_sstr_get(serverconf->objects, sstrn("Listener", 8));
     UCX_FOREACH(UcxList*, list, elm) {
         ServerConfigObject *scfgobj = elm->data;
-        cfg_handle_listener(serverconfig, scfgobj);
+        if(cfg_handle_listener(serverconfig, scfgobj)) {
+            return NULL;
+        }
     }
     
     list = ucx_map_sstr_get(serverconf->objects, sstrn("VirtualServer", 13));
     UCX_FOREACH(UcxList*, list, elm) {
         ServerConfigObject *scfgobj = elm->data;
-        cfg_handle_vs(serverconfig, scfgobj);
+        if(cfg_handle_vs(serverconfig, scfgobj)) {
+            return NULL;
+        }
     }
     
 
@@ -261,12 +279,17 @@
 }
 
 int cfg_handle_runtime(ServerConfiguration *cfg, ServerConfigObject *obj) {
-    cfg->user = sstrdup(cfg_directivelist_get_str(
-            obj->directives,
-            sstr("User")));
-    cfg->tmp = sstrdup(cfg_directivelist_get_str(
-            obj->directives,
-            sstr("Temp")));
+    sstr_t user = cfg_directivelist_get_str(obj->directives, sstr("User"));
+    if(user.ptr) {
+        cfg->user = sstrdup_pool(cfg->pool, user);
+    }
+    sstr_t tmp = cfg_directivelist_get_str(obj->directives, sstr("Temp"));
+    if(tmp.ptr) {
+        cfg->tmp = sstrdup_pool(cfg->pool, tmp);
+    } else {
+        log_ereport(LOG_MISCONFIG, "no temporary directory specified");
+        return -1;
+    }
     
     // mime file
     sstr_t mf = cfg_directivelist_get_str(obj->directives, sstr("MimeFile"));
@@ -400,9 +423,7 @@
     
     evcfg.isdefault = util_getboolean(isdefault.ptr, 0);
     
-    int ret = create_event_handler(&evcfg);
-    
-    return ret;
+    return create_event_handler(&evcfg);
 }
 
 int cfg_handle_accesslog(ServerConfiguration *cfg, ServerConfigObject *obj) {
--- a/src/server/daemon/vfs.c	Sun Jun 23 13:49:17 2013 +0200
+++ b/src/server/daemon/vfs.c	Sun Jun 23 13:51:49 2013 +0200
@@ -292,8 +292,23 @@
         }
     }
     
-    // open file  
+    // open directory
+#ifdef BSD
     DIR *sys_dir = opendir(path);
+    if(sys_dir) {
+        int dir_fd = dirfd(sys_dir);
+    }
+#else
+    int dir_fd = open(path, O_RDONLY);
+    if(dir_fd == -1) {
+        if(ctx) {
+            ctx->vfs_errno = errno;
+            sys_set_error_status(ctx);
+        }
+        return NULL;
+    }
+    DIR *sys_dir = fdopendir(dir_fd);
+#endif
     if(!sys_dir) {
         if(ctx) {
             ctx->vfs_errno = errno;
@@ -310,7 +325,7 @@
     }
     dir->ctx = ctx;
     dir->data = sys_dir;
-    dir->fd = dirfd(sys_dir);
+    dir->fd = dir_fd;
     dir->io = &sys_dir_io;
     return dir;
 }
--- a/src/server/daemon/webserver.c	Sun Jun 23 13:49:17 2013 +0200
+++ b/src/server/daemon/webserver.c	Sun Jun 23 13:51:49 2013 +0200
@@ -97,7 +97,31 @@
     // set global vars
     conf_global_vars_s *vars = conf_getglobals();
     
+    uid_t ws_uid = geteuid();
     setpwent();
+    char *pwbuf = malloc(DEF_PWBUF);
+    vars->Vuserpw = malloc(sizeof(struct passwd));
+    if(cfg->user.ptr) {
+        if(!util_getpwnam(cfg->user.ptr, vars->Vuserpw, pwbuf, DEF_PWBUF)) {
+            log_ereport(
+                    LOG_MISCONFIG,
+                    "user %s does not exist!",
+                    cfg->user.ptr);
+            free(vars->Vuserpw);
+            vars->Vuserpw = NULL;
+        }
+    } else {
+        if(!util_getpwuid(ws_uid, vars->Vuserpw, pwbuf, DEF_PWBUF)) {
+            log_ereport(LOG_FAILURE, "webserver_init: cannot get passwd data");
+            free(vars->Vuserpw);
+            vars->Vuserpw = NULL;
+        }
+    }
+    free(pwbuf);
+    if(!vars->Vuserpw) {
+        log_ereport(LOG_WARN, "globalvars->Vuserpw is null");
+    }
+    
     if(cfg->user.ptr) {
         char *pwbuf = malloc(DEF_PWBUF);
         vars->Vuserpw = malloc(sizeof(struct passwd));
@@ -116,7 +140,7 @@
     }
 
     // change uid
-    if(vars->Vuserpw && geteuid() == 0) {
+    if(vars->Vuserpw && ws_uid == 0) {
         // a webserver user is set and we are root
         
         if(setgid(vars->Vuserpw->pw_gid) != 0) {

mercurial