Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Index: lighttpd-1.4.46/src/base.h
- ===================================================================
- --- lighttpd-1.4.46.orig/src/base.h
- +++ lighttpd-1.4.46/src/base.h
- @@ -230,6 +230,8 @@ typedef struct {
- buffer *dirlist_encoding;
- buffer *errorfile_prefix;
- buffer *socket_perms;
- + buffer *socket_user;
- + buffer *socket_group;
- unsigned short high_precision_timestamps;
- unsigned short max_keep_alive_requests;
- Index: lighttpd-1.4.46/src/configfile.c
- ===================================================================
- --- lighttpd-1.4.46.orig/src/configfile.c
- +++ lighttpd-1.4.46/src/configfile.c
- @@ -165,6 +165,8 @@ static int config_insert(server *srv) {
- { "server.error-intercept", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 79 */
- { "server.syslog-facility", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 80 */
- { "server.socket-perms", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 81 */
- + { "server.socket-user", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 82 */
- + { "server.socket-group", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 83 */
- { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
- };
- @@ -234,6 +236,13 @@ static int config_insert(server *srv) {
- s->socket_perms = (i == 0 || buffer_string_is_empty(srv->config_storage[0]->socket_perms))
- ? buffer_init()
- : buffer_init_buffer(srv->config_storage[0]->socket_perms);
- + s->socket_user = (i == 0 || buffer_string_is_empty(srv->config_storage[0]->socket_user))
- + ? buffer_init()
- + : buffer_init_buffer(srv->config_storage[0]->socket_user);
- + s->socket_group = (i == 0 || buffer_string_is_empty(srv->config_storage[0]->socket_group))
- + ? buffer_init()
- + : buffer_init_buffer(srv->config_storage[0]->socket_group);
- + s->max_keep_alive_requests = 16;
- s->max_keep_alive_requests = 16;
- s->max_keep_alive_idle = 5;
- s->max_read_idle = 60;
- @@ -328,6 +337,8 @@ static int config_insert(server *srv) {
- cv[77].destination = &(s->stream_response_body);
- cv[79].destination = &(s->error_intercept);
- cv[81].destination = s->socket_perms;
- + cv[82].destination = s->socket_user;
- + cv[83].destination = s->socket_group;
- srv->config_storage[i] = s;
- @@ -659,6 +670,10 @@ int config_patch_connection(server *srv,
- con->conf.global_bytes_per_second_cnt_ptr = &s->global_bytes_per_second_cnt;
- } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("server.socket-perms"))) {
- PATCH(socket_perms);
- + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("server.socket-user"))) {
- + PATCH(socket_user);
- + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("server.socket-group"))) {
- + PATCH(socket_group);
- }
- }
- }
- Index: lighttpd-1.4.46/src/network.c
- ===================================================================
- --- lighttpd-1.4.46.orig/src/network.c
- +++ lighttpd-1.4.46/src/network.c
- @@ -25,6 +25,11 @@
- #include <string.h>
- #include <stdlib.h>
- +#ifdef HAVE_PWD_H
- +# include <grp.h>
- +# include <pwd.h>
- +#endif
- +
- void
- network_accept_tcp_nagle_disable (const int fd)
- {
- @@ -385,6 +390,42 @@ static int network_server_init(server *s
- goto error_free_socket;
- }
- +#ifdef HAVE_PWD_H
- + if (srv_socket->addr.plain.sa_family == AF_UNIX && (!buffer_string_is_empty(s->socket_user) || !buffer_string_is_empty(s->socket_group))) {
- + int i_am_root = 0;
- + gid_t g = -1;
- + uid_t u = -1;
- +
- + if (!buffer_string_is_empty(s->socket_group)) {
- + struct group *grp = NULL;
- + if (NULL == (grp = getgrnam(s->socket_group->ptr))) {
- + log_error_write(srv, __FILE__, __LINE__, "sb",
- + "can't find groupname", s->socket_group);
- + goto error_free_socket;
- + }
- + g = grp->gr_gid;
- + }
- +
- +#ifdef HAVE_GETUID
- + i_am_root = (0 == getuid());
- +
- + if (i_am_root && !buffer_string_is_empty(s->socket_user)) {
- + struct passwd *pwd = NULL;
- + if (NULL == (pwd = getpwnam(s->socket_user->ptr))) {
- + log_error_write(srv, __FILE__, __LINE__, "sb",
- + "can't find username", s->socket_user);
- + goto error_free_socket;
- + }
- + u = pwd->pw_uid;
- + }
- +#endif
- +
- + if (-1 == chown(host, u, g)) {
- + log_error_write(srv, __FILE__, __LINE__, "sssbsbss", "chown(\"", host, "\", ", s->socket_user, ", ", s->socket_group, "):", strerror(errno));
- + }
- + }
- +#endif
- +
- if (srv_socket->addr.plain.sa_family == AF_UNIX && !buffer_string_is_empty(s->socket_perms)) {
- mode_t m = 0;
- for (char *str = s->socket_perms->ptr; *str; ++str) {
- Index: lighttpd-1.4.46/src/server.c
- ===================================================================
- --- lighttpd-1.4.46.orig/src/server.c
- +++ lighttpd-1.4.46/src/server.c
- @@ -362,6 +362,8 @@ static void server_free(server *srv) {
- buffer_free(s->error_handler_404);
- buffer_free(s->errorfile_prefix);
- buffer_free(s->socket_perms);
- + buffer_free(s->socket_user);
- + buffer_free(s->socket_group);
- array_free(s->mimetypes);
- free(s);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement