cheako

Patch for lighttpd UDS ownership.

Aug 2nd, 2017
113
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Index: lighttpd-1.4.46/src/base.h
  2. ===================================================================
  3. --- lighttpd-1.4.46.orig/src/base.h
  4. +++ lighttpd-1.4.46/src/base.h
  5. @@ -230,6 +230,8 @@ typedef struct {
  6.     buffer *dirlist_encoding;
  7.     buffer *errorfile_prefix;
  8.     buffer *socket_perms;
  9. +   buffer *socket_user;
  10. +   buffer *socket_group;
  11.  
  12.     unsigned short high_precision_timestamps;
  13.     unsigned short max_keep_alive_requests;
  14. Index: lighttpd-1.4.46/src/configfile.c
  15. ===================================================================
  16. --- lighttpd-1.4.46.orig/src/configfile.c
  17. +++ lighttpd-1.4.46/src/configfile.c
  18. @@ -165,6 +165,8 @@ static int config_insert(server *srv) {
  19.         { "server.error-intercept",            NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 79 */
  20.         { "server.syslog-facility",            NULL, T_CONFIG_STRING,  T_CONFIG_SCOPE_SERVER     }, /* 80 */
  21.         { "server.socket-perms",               NULL, T_CONFIG_STRING,  T_CONFIG_SCOPE_CONNECTION }, /* 81 */
  22. +       { "server.socket-user",                NULL, T_CONFIG_STRING,  T_CONFIG_SCOPE_CONNECTION }, /* 82 */
  23. +       { "server.socket-group",               NULL, T_CONFIG_STRING,  T_CONFIG_SCOPE_CONNECTION }, /* 83 */
  24.  
  25.         { NULL,                                NULL, T_CONFIG_UNSET,   T_CONFIG_SCOPE_UNSET      }
  26.     };
  27. @@ -234,6 +236,13 @@ static int config_insert(server *srv) {
  28.         s->socket_perms = (i == 0 || buffer_string_is_empty(srv->config_storage[0]->socket_perms))
  29.           ? buffer_init()
  30.           : buffer_init_buffer(srv->config_storage[0]->socket_perms);
  31. +       s->socket_user = (i == 0 || buffer_string_is_empty(srv->config_storage[0]->socket_user))
  32. +         ? buffer_init()
  33. +         : buffer_init_buffer(srv->config_storage[0]->socket_user);
  34. +       s->socket_group = (i == 0 || buffer_string_is_empty(srv->config_storage[0]->socket_group))
  35. +         ? buffer_init()
  36. +         : buffer_init_buffer(srv->config_storage[0]->socket_group);
  37. +       s->max_keep_alive_requests = 16;
  38.         s->max_keep_alive_requests = 16;
  39.         s->max_keep_alive_idle = 5;
  40.         s->max_read_idle = 60;
  41. @@ -328,6 +337,8 @@ static int config_insert(server *srv) {
  42.         cv[77].destination = &(s->stream_response_body);
  43.         cv[79].destination = &(s->error_intercept);
  44.         cv[81].destination = s->socket_perms;
  45. +       cv[82].destination = s->socket_user;
  46. +       cv[83].destination = s->socket_group;
  47.  
  48.         srv->config_storage[i] = s;
  49.  
  50. @@ -659,6 +670,10 @@ int config_patch_connection(server *srv,
  51.                 con->conf.global_bytes_per_second_cnt_ptr = &s->global_bytes_per_second_cnt;
  52.             } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("server.socket-perms"))) {
  53.                 PATCH(socket_perms);
  54. +           } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("server.socket-user"))) {
  55. +               PATCH(socket_user);
  56. +           } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("server.socket-group"))) {
  57. +               PATCH(socket_group);
  58.             }
  59.         }
  60.     }
  61. Index: lighttpd-1.4.46/src/network.c
  62. ===================================================================
  63. --- lighttpd-1.4.46.orig/src/network.c
  64. +++ lighttpd-1.4.46/src/network.c
  65. @@ -25,6 +25,11 @@
  66.  #include <string.h>
  67.  #include <stdlib.h>
  68.  
  69. +#ifdef HAVE_PWD_H
  70. +# include <grp.h>
  71. +# include <pwd.h>
  72. +#endif
  73. +
  74.  void
  75.  network_accept_tcp_nagle_disable (const int fd)
  76.  {
  77. @@ -385,6 +390,42 @@ static int network_server_init(server *s
  78.         goto error_free_socket;
  79.     }
  80.  
  81. +#ifdef HAVE_PWD_H
  82. +   if (srv_socket->addr.plain.sa_family == AF_UNIX && (!buffer_string_is_empty(s->socket_user) || !buffer_string_is_empty(s->socket_group))) {
  83. +       int i_am_root = 0;
  84. +       gid_t g = -1;
  85. +       uid_t u = -1;
  86. +
  87. +       if (!buffer_string_is_empty(s->socket_group)) {
  88. +           struct group *grp = NULL;
  89. +           if (NULL == (grp = getgrnam(s->socket_group->ptr))) {
  90. +               log_error_write(srv, __FILE__, __LINE__, "sb",
  91. +                   "can't find groupname", s->socket_group);
  92. +               goto error_free_socket;
  93. +           }
  94. +           g = grp->gr_gid;
  95. +       }
  96. +
  97. +#ifdef HAVE_GETUID
  98. +       i_am_root = (0 == getuid());
  99. +
  100. +       if (i_am_root && !buffer_string_is_empty(s->socket_user)) {
  101. +           struct passwd *pwd = NULL;
  102. +           if (NULL == (pwd = getpwnam(s->socket_user->ptr))) {
  103. +               log_error_write(srv, __FILE__, __LINE__, "sb",
  104. +                       "can't find username", s->socket_user);
  105. +               goto error_free_socket;
  106. +           }
  107. +           u = pwd->pw_uid;
  108. +       }
  109. +#endif
  110. +
  111. +       if (-1 == chown(host, u, g)) {
  112. +           log_error_write(srv, __FILE__, __LINE__, "sssbsbss", "chown(\"", host, "\", ", s->socket_user, ", ", s->socket_group, "):", strerror(errno));
  113. +       }
  114. +   }
  115. +#endif
  116. +
  117.     if (srv_socket->addr.plain.sa_family == AF_UNIX && !buffer_string_is_empty(s->socket_perms)) {
  118.         mode_t m = 0;
  119.         for (char *str = s->socket_perms->ptr; *str; ++str) {
  120. Index: lighttpd-1.4.46/src/server.c
  121. ===================================================================
  122. --- lighttpd-1.4.46.orig/src/server.c
  123. +++ lighttpd-1.4.46/src/server.c
  124. @@ -362,6 +362,8 @@ static void server_free(server *srv) {
  125.             buffer_free(s->error_handler_404);
  126.             buffer_free(s->errorfile_prefix);
  127.             buffer_free(s->socket_perms);
  128. +           buffer_free(s->socket_user);
  129. +           buffer_free(s->socket_group);
  130.             array_free(s->mimetypes);
  131.             free(s);
  132.         }
RAW Paste Data