mirror of
https://github.com/warmcat/libwebsockets.git
synced 2025-03-09 00:00:04 +01:00
permissions: adapt drop permissions plat function to do uid and gid lookup separately
This commit is contained in:
Andy Green
parent
9e347e66ce
commit
80135635bb
7 changed files with 14 additions and 9 deletions
|
|
@ -429,6 +429,10 @@ lwsl_info("context created\n");
|
|||
context->username = info->username;
|
||||
context->groupname = info->groupname;
|
||||
|
||||
/* if he gave us names, set the uid / gid */
|
||||
if (lws_plat_drop_app_privileges(context, 0))
|
||||
goto bail;
|
||||
|
||||
#if defined(LWS_HAVE_SYS_CAPABILITY_H) && defined(LWS_HAVE_LIBCAP)
|
||||
memcpy(context->caps, info->caps, sizeof(context->caps));
|
||||
context->count_caps = info->count_caps;
|
||||
|
|
@ -440,7 +444,7 @@ lwsl_info("context created\n");
|
|||
* listening, we don't want the power for anything else
|
||||
*/
|
||||
if (!lws_check_opt(info->options, LWS_SERVER_OPTION_EXPLICIT_VHOSTS))
|
||||
if (lws_plat_drop_app_privileges(context))
|
||||
if (lws_plat_drop_app_privileges(context, 1))
|
||||
goto bail;
|
||||
|
||||
#if defined(LWS_WITH_NETWORK)
|
||||
|
|
|
|||
|
|
@ -521,7 +521,7 @@ LWS_VISIBLE LWS_EXTERN int
|
|||
lws_finalize_startup(struct lws_context *context)
|
||||
{
|
||||
if (lws_check_opt(context->options, LWS_SERVER_OPTION_EXPLICIT_VHOSTS))
|
||||
if (lws_plat_drop_app_privileges(context))
|
||||
if (lws_plat_drop_app_privileges(context, 1))
|
||||
return 1;
|
||||
|
||||
return 0;
|
||||
|
|
|
|||
|
|
@ -591,7 +591,7 @@ LWS_EXTERN int
|
|||
lws_plat_init(struct lws_context *context,
|
||||
const struct lws_context_creation_info *info);
|
||||
LWS_EXTERN int
|
||||
lws_plat_drop_app_privileges(struct lws_context *context);
|
||||
lws_plat_drop_app_privileges(struct lws_context *context, int actually_drop);
|
||||
|
||||
#if defined(LWS_WITH_UNIX_SOCK)
|
||||
int
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@ LWS_VISIBLE void lwsl_emit_syslog(int level, const char *line)
|
|||
}
|
||||
|
||||
int
|
||||
lws_plat_drop_app_privileges(struct lws_context *context)
|
||||
lws_plat_drop_app_privileges(struct lws_context *context, int actually_init)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -108,7 +108,7 @@ lws_plat_set_nonblocking(int fd)
|
|||
}
|
||||
|
||||
int
|
||||
lws_plat_drop_app_privileges(struct lws_context *context)
|
||||
lws_plat_drop_app_privileges(struct lws_context *context, int actually_init)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -83,7 +83,7 @@ lws_plat_user_colon_group_to_ids(const char *u_colon_g, uid_t *puid, gid_t *pgid
|
|||
}
|
||||
|
||||
int
|
||||
lws_plat_drop_app_privileges(struct lws_context *context)
|
||||
lws_plat_drop_app_privileges(struct lws_context *context, int actually_drop)
|
||||
{
|
||||
struct passwd *p;
|
||||
struct group *g;
|
||||
|
|
@ -97,8 +97,6 @@ lws_plat_drop_app_privileges(struct lws_context *context)
|
|||
lwsl_info("%s: group %s -> gid %u\n", __func__,
|
||||
context->groupname, g->gr_gid);
|
||||
context->gid = g->gr_gid;
|
||||
if (setgid(g->gr_gid))
|
||||
lwsl_warn("setgid: %s\n", strerror(LWS_ERRNO));
|
||||
} else {
|
||||
lwsl_err("%s: unknown groupname '%s'\n", __func__,
|
||||
context->groupname);
|
||||
|
|
@ -125,6 +123,9 @@ lws_plat_drop_app_privileges(struct lws_context *context)
|
|||
}
|
||||
}
|
||||
|
||||
if (!actually_drop)
|
||||
return 0;
|
||||
|
||||
/* if he gave us the gid or we have it from the groupname, set it */
|
||||
|
||||
if (context->gid && context->gid != -1) {
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@
|
|||
#include "core/private.h"
|
||||
|
||||
int
|
||||
lws_plat_drop_app_privileges(struct lws_context *context)
|
||||
lws_plat_drop_app_privileges(struct lws_context *context, int actually_set)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue