nghttpx: Chown file to effective user

This commit is contained in:
Tatsuhiro Tsujikawa 2014-08-13 01:53:44 +09:00
parent bf13d91264
commit ca680c16e3
3 changed files with 68 additions and 14 deletions

View File

@ -313,6 +313,17 @@ void save_pid()
<< get_config()->pid_file.get();
exit(EXIT_FAILURE);
}
if(get_config()->uid != 0) {
if(chown(get_config()->pid_file.get(),
get_config()->uid, get_config()->gid) == -1) {
auto error = errno;
LOG(WARNING) << "Changing owner of pid file "
<< get_config()->pid_file.get()
<< " failed: "
<< strerror(error);
}
}
}
} // namespace
@ -1554,13 +1565,15 @@ int main(int argc, char **argv)
}
if(get_config()->uid != 0) {
if(fchown(worker_config.accesslog_fd,
if(worker_config.accesslog_fd != -1 &&
fchown(worker_config.accesslog_fd,
get_config()->uid, get_config()->gid) == -1) {
auto error = errno;
LOG(WARNING) << "Changing owner of access log file failed: "
<< strerror(error);
}
if(fchown(worker_config.errorlog_fd,
if(worker_config.errorlog_fd != -1 &&
fchown(worker_config.errorlog_fd,
get_config()->uid, get_config()->gid) == -1) {
auto error = errno;
LOG(WARNING) << "Changing owner of error log file failed: "
@ -1568,6 +1581,53 @@ int main(int argc, char **argv)
}
}
if(get_config()->http2_upstream_dump_request_header_file) {
auto path = get_config()->http2_upstream_dump_request_header_file.get();
auto f = open_file_for_write(path);
if(f == nullptr) {
LOG(FATAL) << "Failed to open http2 upstream request header file: "
<< path;
exit(EXIT_FAILURE);
}
mod_config()->http2_upstream_dump_request_header = f;
if(get_config()->uid != 0) {
if(chown(path, get_config()->uid, get_config()->gid) == -1) {
auto error = errno;
LOG(WARNING) << "Changing owner of http2 upstream request header file "
<< path
<< " failed: "
<< strerror(error);
}
}
}
if(get_config()->http2_upstream_dump_response_header_file) {
auto path = get_config()->http2_upstream_dump_response_header_file.get();
auto f = open_file_for_write(path);
if(f == nullptr) {
LOG(FATAL) << "Failed to open http2 upstream response header file: "
<< path;
exit(EXIT_FAILURE);
}
mod_config()->http2_upstream_dump_response_header = f;
if(get_config()->uid != 0) {
if(chown(path, get_config()->uid, get_config()->gid) == -1) {
auto error = errno;
LOG(WARNING) << "Changing owner of http2 upstream response header file"
<< " "
<< path
<< " failed: "
<< strerror(error);
}
}
}
if(get_config()->npn_list.empty()) {
mod_config()->npn_list = parse_config_str_list(DEFAULT_NPN_LIST);
}

View File

@ -192,7 +192,6 @@ bool is_secure(const char *filename)
}
} // namespace
namespace {
FILE* open_file_for_write(const char *filename)
{
auto f = fopen(filename, "wb");
@ -205,7 +204,6 @@ FILE* open_file_for_write(const char *filename)
return f;
}
} // namespace
std::string read_passwd_from_file(const char *filename)
{
@ -735,21 +733,13 @@ int parse_config(const char *opt, const char *optarg)
}
if(util::strieq(opt, SHRPX_OPT_FRONTEND_HTTP2_DUMP_REQUEST_HEADER)) {
auto f = open_file_for_write(optarg);
if(f == nullptr) {
return -1;
}
mod_config()->http2_upstream_dump_request_header = f;
mod_config()->http2_upstream_dump_request_header_file = strcopy(optarg);
return 0;
}
if(util::strieq(opt, SHRPX_OPT_FRONTEND_HTTP2_DUMP_RESPONSE_HEADER)) {
auto f = open_file_for_write(optarg);
if(f == nullptr) {
return -1;
}
mod_config()->http2_upstream_dump_response_header = f;
mod_config()->http2_upstream_dump_response_header_file = strcopy(optarg);
return 0;
}

View File

@ -187,6 +187,8 @@ struct Config {
std::unique_ptr<char[]> downstream_http_proxy_userinfo;
// host in http proxy URI
std::unique_ptr<char[]> downstream_http_proxy_host;
std::unique_ptr<char[]> http2_upstream_dump_request_header_file;
std::unique_ptr<char[]> http2_upstream_dump_response_header_file;
// Rate limit configuration per worker (thread)
ev_token_bucket_cfg *worker_rate_limit_cfg;
// list of supported NPN/ALPN protocol strings in the order of
@ -316,6 +318,8 @@ const char* str_syslog_facility(int facility);
// Returns integer value of syslog |facility| string.
int int_syslog_facility(const char *strfacility);
FILE* open_file_for_write(const char *filename);
} // namespace shrpx
#endif // SHRPX_CONFIG_H