nghttpx: Chown file to effective user

2014-08-13 01:53:44 +09:00 · 2014-08-13 01:53:44 +09:00 · ca680c16e3
parent bf13d91264
commit ca680c16e3
3 changed files with 68 additions and 14 deletions
--- a/src/shrpx.cc
+++ b/src/shrpx.cc
@ -313,6 +313,17 @@ void save_pid()
               << get_config()->pid_file.get();
    exit(EXIT_FAILURE);
  }
+
+  if(get_config()->uid != 0) {
+    if(chown(get_config()->pid_file.get(),
+             get_config()->uid, get_config()->gid)  == -1) {
+      auto error = errno;
+      LOG(WARNING) << "Changing owner of pid file "
+                   << get_config()->pid_file.get()
+                   << " failed: "
+                   << strerror(error);
+    }
+  }
 }
 } // namespace

@ -1554,13 +1565,15 @@ int main(int argc, char **argv)
  }

  if(get_config()->uid != 0) {
-    if(fchown(worker_config.accesslog_fd,
+    if(worker_config.accesslog_fd != -1 &&
+       fchown(worker_config.accesslog_fd,
              get_config()->uid, get_config()->gid)  == -1) {
      auto error = errno;
      LOG(WARNING) << "Changing owner of access log file failed: "
                   << strerror(error);
    }
-    if(fchown(worker_config.errorlog_fd,
+    if(worker_config.errorlog_fd != -1 &&
+       fchown(worker_config.errorlog_fd,
              get_config()->uid, get_config()->gid) == -1) {
      auto error = errno;
      LOG(WARNING) << "Changing owner of error log file failed: "
@ -1568,6 +1581,53 @@ int main(int argc, char **argv)
    }
  }

+  if(get_config()->http2_upstream_dump_request_header_file) {
+    auto path = get_config()->http2_upstream_dump_request_header_file.get();
+    auto f = open_file_for_write(path);
+
+    if(f == nullptr) {
+      LOG(FATAL) << "Failed to open http2 upstream request header file: "
+                 << path;
+      exit(EXIT_FAILURE);
+    }
+
+    mod_config()->http2_upstream_dump_request_header = f;
+
+    if(get_config()->uid != 0) {
+      if(chown(path, get_config()->uid, get_config()->gid) == -1) {
+        auto error = errno;
+        LOG(WARNING) << "Changing owner of http2 upstream request header file "
+                     << path
+                     << " failed: "
+                     << strerror(error);
+      }
+    }
+  }
+
+  if(get_config()->http2_upstream_dump_response_header_file) {
+    auto path = get_config()->http2_upstream_dump_response_header_file.get();
+    auto f = open_file_for_write(path);
+
+    if(f == nullptr) {
+      LOG(FATAL) << "Failed to open http2 upstream response header file: "
+                 << path;
+      exit(EXIT_FAILURE);
+    }
+
+    mod_config()->http2_upstream_dump_response_header = f;
+
+    if(get_config()->uid != 0) {
+      if(chown(path, get_config()->uid, get_config()->gid) == -1) {
+        auto error = errno;
+        LOG(WARNING) << "Changing owner of http2 upstream response header file"
+                     << " "
+                     << path
+                     << " failed: "
+                     << strerror(error);
+      }
+    }
+  }
+
  if(get_config()->npn_list.empty()) {
    mod_config()->npn_list = parse_config_str_list(DEFAULT_NPN_LIST);
  }
--- a/src/shrpx_config.cc
+++ b/src/shrpx_config.cc
@ -192,7 +192,6 @@ bool is_secure(const char *filename)
 }
 } // namespace

-namespace {
 FILE* open_file_for_write(const char *filename)
 {
  auto f = fopen(filename, "wb");
@ -205,7 +204,6 @@ FILE* open_file_for_write(const char *filename)

  return f;
 }
-} // namespace

 std::string read_passwd_from_file(const char *filename)
 {
@ -735,21 +733,13 @@ int parse_config(const char *opt, const char *optarg)
  }

  if(util::strieq(opt, SHRPX_OPT_FRONTEND_HTTP2_DUMP_REQUEST_HEADER)) {
-    auto f = open_file_for_write(optarg);
-    if(f == nullptr) {
-      return -1;
-    }
-    mod_config()->http2_upstream_dump_request_header = f;
+    mod_config()->http2_upstream_dump_request_header_file = strcopy(optarg);

    return 0;
  }

  if(util::strieq(opt, SHRPX_OPT_FRONTEND_HTTP2_DUMP_RESPONSE_HEADER)) {
-    auto f = open_file_for_write(optarg);
-    if(f == nullptr) {
-      return -1;
-    }
-    mod_config()->http2_upstream_dump_response_header = f;
+    mod_config()->http2_upstream_dump_response_header_file = strcopy(optarg);

    return 0;
  }
--- a/src/shrpx_config.h
+++ b/src/shrpx_config.h
@ -187,6 +187,8 @@ struct Config {
  std::unique_ptr<char[]> downstream_http_proxy_userinfo;
  // host in http proxy URI
  std::unique_ptr<char[]> downstream_http_proxy_host;
+  std::unique_ptr<char[]> http2_upstream_dump_request_header_file;
+  std::unique_ptr<char[]> http2_upstream_dump_response_header_file;
  // Rate limit configuration per worker (thread)
  ev_token_bucket_cfg *worker_rate_limit_cfg;
  // list of supported NPN/ALPN protocol strings in the order of
@ -316,6 +318,8 @@ const char* str_syslog_facility(int facility);
 // Returns integer value of syslog |facility| string.
 int int_syslog_facility(const char *strfacility);

+FILE* open_file_for_write(const char *filename);
+
 } // namespace shrpx

 #endif // SHRPX_CONFIG_H