Patch for lighttpd UDS ownership.

1. Index: lighttpd-1.4.46/src/base.h
2. ===================================================================
3. --- lighttpd-1.4.46.orig/src/base.h
4. +++ lighttpd-1.4.46/src/base.h
5. @@ -230,6 +230,8 @@ typedef struct {
6.     buffer *dirlist_encoding;
7.     buffer *errorfile_prefix;
8.     buffer *socket_perms;
9. +   buffer *socket_user;
10. +   buffer *socket_group;
11.  
12.     unsigned short high_precision_timestamps;
13.     unsigned short max_keep_alive_requests;
14. Index: lighttpd-1.4.46/src/configfile.c
15. ===================================================================
16. --- lighttpd-1.4.46.orig/src/configfile.c
17. +++ lighttpd-1.4.46/src/configfile.c
18. @@ -165,6 +165,8 @@ static int config_insert(server *srv) {
19.         { "server.error-intercept",            NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 79 */
20.         { "server.syslog-facility",            NULL, T_CONFIG_STRING,  T_CONFIG_SCOPE_SERVER     }, /* 80 */
21.         { "server.socket-perms",               NULL, T_CONFIG_STRING,  T_CONFIG_SCOPE_CONNECTION }, /* 81 */
22. +       { "server.socket-user",                NULL, T_CONFIG_STRING,  T_CONFIG_SCOPE_CONNECTION }, /* 82 */
23. +       { "server.socket-group",               NULL, T_CONFIG_STRING,  T_CONFIG_SCOPE_CONNECTION }, /* 83 */
24.  
25.         { NULL,                                NULL, T_CONFIG_UNSET,   T_CONFIG_SCOPE_UNSET      }
26.     };
27. @@ -234,6 +236,13 @@ static int config_insert(server *srv) {
28.         s->socket_perms = (i == 0 || buffer_string_is_empty(srv->config_storage[0]->socket_perms))
29.           ? buffer_init()
30.           : buffer_init_buffer(srv->config_storage[0]->socket_perms);
31. +       s->socket_user = (i == 0 || buffer_string_is_empty(srv->config_storage[0]->socket_user))
32. +         ? buffer_init()
33. +         : buffer_init_buffer(srv->config_storage[0]->socket_user);
34. +       s->socket_group = (i == 0 || buffer_string_is_empty(srv->config_storage[0]->socket_group))
35. +         ? buffer_init()
36. +         : buffer_init_buffer(srv->config_storage[0]->socket_group);
37. +       s->max_keep_alive_requests = 16;
38.         s->max_keep_alive_requests = 16;
39.         s->max_keep_alive_idle = 5;
40.         s->max_read_idle = 60;
41. @@ -328,6 +337,8 @@ static int config_insert(server *srv) {
42.         cv[77].destination = &(s->stream_response_body);
43.         cv[79].destination = &(s->error_intercept);
44.         cv[81].destination = s->socket_perms;
45. +       cv[82].destination = s->socket_user;
46. +       cv[83].destination = s->socket_group;
47.  
48.         srv->config_storage[i] = s;
49.  
50. @@ -659,6 +670,10 @@ int config_patch_connection(server *srv,
51.                 con->conf.global_bytes_per_second_cnt_ptr = &s->global_bytes_per_second_cnt;
52.             } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("server.socket-perms"))) {
53.                 PATCH(socket_perms);
54. +           } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("server.socket-user"))) {
55. +               PATCH(socket_user);
56. +           } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("server.socket-group"))) {
57. +               PATCH(socket_group);
58.             }
59.         }
60.     }
61. Index: lighttpd-1.4.46/src/network.c
62. ===================================================================
63. --- lighttpd-1.4.46.orig/src/network.c
64. +++ lighttpd-1.4.46/src/network.c
65. @@ -25,6 +25,11 @@
66.  #include <string.h>
67.  #include <stdlib.h>
68.  
69. +#ifdef HAVE_PWD_H
70. +# include <grp.h>
71. +# include <pwd.h>
72. +#endif
73. +
74.  void
75.  network_accept_tcp_nagle_disable (const int fd)
76.  {
77. @@ -385,6 +390,42 @@ static int network_server_init(server *s
78.         goto error_free_socket;
79.     }
80.  
81. +#ifdef HAVE_PWD_H
82. +   if (srv_socket->addr.plain.sa_family == AF_UNIX && (!buffer_string_is_empty(s->socket_user) || !buffer_string_is_empty(s->socket_group))) {
83. +       int i_am_root = 0;
84. +       gid_t g = -1;
85. +       uid_t u = -1;
86. +
87. +       if (!buffer_string_is_empty(s->socket_group)) {
88. +           struct group *grp = NULL;
89. +           if (NULL == (grp = getgrnam(s->socket_group->ptr))) {
90. +               log_error_write(srv, __FILE__, __LINE__, "sb",
91. +                   "can't find groupname", s->socket_group);
92. +               goto error_free_socket;
93. +           }
94. +           g = grp->gr_gid;
95. +       }
96. +
97. +#ifdef HAVE_GETUID
98. +       i_am_root = (0 == getuid());
99. +
100. +       if (i_am_root && !buffer_string_is_empty(s->socket_user)) {
101. +           struct passwd *pwd = NULL;
102. +           if (NULL == (pwd = getpwnam(s->socket_user->ptr))) {
103. +               log_error_write(srv, __FILE__, __LINE__, "sb",
104. +                       "can't find username", s->socket_user);
105. +               goto error_free_socket;
106. +           }
107. +           u = pwd->pw_uid;
108. +       }
109. +#endif
110. +
111. +       if (-1 == chown(host, u, g)) {
112. +           log_error_write(srv, __FILE__, __LINE__, "sssbsbss", "chown(\"", host, "\", ", s->socket_user, ", ", s->socket_group, "):", strerror(errno));
113. +       }
114. +   }
115. +#endif
116. +
117.     if (srv_socket->addr.plain.sa_family == AF_UNIX && !buffer_string_is_empty(s->socket_perms)) {
118.         mode_t m = 0;
119.         for (char *str = s->socket_perms->ptr; *str; ++str) {
120. Index: lighttpd-1.4.46/src/server.c
121. ===================================================================
122. --- lighttpd-1.4.46.orig/src/server.c
123. +++ lighttpd-1.4.46/src/server.c
124. @@ -362,6 +362,8 @@ static void server_free(server *srv) {
125.             buffer_free(s->error_handler_404);
126.             buffer_free(s->errorfile_prefix);
127.             buffer_free(s->socket_perms);
128. +           buffer_free(s->socket_user);
129. +           buffer_free(s->socket_group);
130.             array_free(s->mimetypes);
131.             free(s);
132.         }