walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

nghttpx: Chown file to effective user

This commit is contained in:
Tatsuhiro Tsujikawa 2014-08-13 01:53:44 +09:00
parent bf13d91264
commit ca680c16e3
3 changed files with 68 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
src/shrpx.cc
View File

@ -313,6 +313,17 @@ void save_pid()
<< get_config()->pid_file.get(); << get_config()->pid_file.get();
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
if(get_config()->uid != 0) {
if(chown(get_config()->pid_file.get(),
get_config()->uid, get_config()->gid) == -1) {
auto error = errno;
LOG(WARNING) << "Changing owner of pid file "
<< get_config()->pid_file.get()
<< " failed: "
<< strerror(error);
}
}
} }
} // namespace } // namespace
@ -1554,13 +1565,15 @@ int main(int argc, char **argv)
} }
if(get_config()->uid != 0) { if(get_config()->uid != 0) {
if(fchown(worker_config.accesslog_fd, if(worker_config.accesslog_fd != -1 &&
fchown(worker_config.accesslog_fd,
get_config()->uid, get_config()->gid) == -1) { get_config()->uid, get_config()->gid) == -1) {
auto error = errno; auto error = errno;
LOG(WARNING) << "Changing owner of access log file failed: " LOG(WARNING) << "Changing owner of access log file failed: "
<< strerror(error); << strerror(error);
} }
if(fchown(worker_config.errorlog_fd, if(worker_config.errorlog_fd != -1 &&
fchown(worker_config.errorlog_fd,
get_config()->uid, get_config()->gid) == -1) { get_config()->uid, get_config()->gid) == -1) {
auto error = errno; auto error = errno;
LOG(WARNING) << "Changing owner of error log file failed: " LOG(WARNING) << "Changing owner of error log file failed: "
@ -1568,6 +1581,53 @@ int main(int argc, char **argv)
} }
} }
if(get_config()->http2_upstream_dump_request_header_file) {
auto path = get_config()->http2_upstream_dump_request_header_file.get();
auto f = open_file_for_write(path);
if(f == nullptr) {
LOG(FATAL) << "Failed to open http2 upstream request header file: "
<< path;
exit(EXIT_FAILURE);
}
mod_config()->http2_upstream_dump_request_header = f;
if(get_config()->uid != 0) {
if(chown(path, get_config()->uid, get_config()->gid) == -1) {
auto error = errno;
LOG(WARNING) << "Changing owner of http2 upstream request header file "
<< path
<< " failed: "
<< strerror(error);
}
}
}
if(get_config()->http2_upstream_dump_response_header_file) {
auto path = get_config()->http2_upstream_dump_response_header_file.get();
auto f = open_file_for_write(path);
if(f == nullptr) {
LOG(FATAL) << "Failed to open http2 upstream response header file: "
<< path;
exit(EXIT_FAILURE);
}
mod_config()->http2_upstream_dump_response_header = f;
if(get_config()->uid != 0) {
if(chown(path, get_config()->uid, get_config()->gid) == -1) {
auto error = errno;
LOG(WARNING) << "Changing owner of http2 upstream response header file"
<< " "
<< path
<< " failed: "
<< strerror(error);
}
}
}
if(get_config()->npn_list.empty()) { if(get_config()->npn_list.empty()) {
mod_config()->npn_list = parse_config_str_list(DEFAULT_NPN_LIST); mod_config()->npn_list = parse_config_str_list(DEFAULT_NPN_LIST);
} }

14
src/shrpx_config.cc
View File

@ -192,7 +192,6 @@ bool is_secure(const char *filename)
} }
} // namespace } // namespace
namespace {
FILE* open_file_for_write(const char *filename) FILE* open_file_for_write(const char *filename)
{ {
auto f = fopen(filename, "wb"); auto f = fopen(filename, "wb");
@ -205,7 +204,6 @@ FILE* open_file_for_write(const char *filename)
return f; return f;
} }
} // namespace
std::string read_passwd_from_file(const char *filename) std::string read_passwd_from_file(const char *filename)
{ {
@ -735,21 +733,13 @@ int parse_config(const char *opt, const char *optarg)
} }
if(util::strieq(opt, SHRPX_OPT_FRONTEND_HTTP2_DUMP_REQUEST_HEADER)) { if(util::strieq(opt, SHRPX_OPT_FRONTEND_HTTP2_DUMP_REQUEST_HEADER)) {
auto f = open_file_for_write(optarg); mod_config()->http2_upstream_dump_request_header_file = strcopy(optarg);
if(f == nullptr) {
return -1;
}
mod_config()->http2_upstream_dump_request_header = f;
return 0; return 0;
} }
if(util::strieq(opt, SHRPX_OPT_FRONTEND_HTTP2_DUMP_RESPONSE_HEADER)) { if(util::strieq(opt, SHRPX_OPT_FRONTEND_HTTP2_DUMP_RESPONSE_HEADER)) {
auto f = open_file_for_write(optarg); mod_config()->http2_upstream_dump_response_header_file = strcopy(optarg);
if(f == nullptr) {
return -1;
}
mod_config()->http2_upstream_dump_response_header = f;
return 0; return 0;
} }

4
src/shrpx_config.h
View File

@ -187,6 +187,8 @@ struct Config {
std::unique_ptr<char[]> downstream_http_proxy_userinfo; std::unique_ptr<char[]> downstream_http_proxy_userinfo;
// host in http proxy URI // host in http proxy URI
std::unique_ptr<char[]> downstream_http_proxy_host; std::unique_ptr<char[]> downstream_http_proxy_host;
std::unique_ptr<char[]> http2_upstream_dump_request_header_file;
std::unique_ptr<char[]> http2_upstream_dump_response_header_file;
// Rate limit configuration per worker (thread) // Rate limit configuration per worker (thread)
ev_token_bucket_cfg *worker_rate_limit_cfg; ev_token_bucket_cfg *worker_rate_limit_cfg;
// list of supported NPN/ALPN protocol strings in the order of // list of supported NPN/ALPN protocol strings in the order of
@ -316,6 +318,8 @@ const char* str_syslog_facility(int facility);
// Returns integer value of syslog |facility| string. // Returns integer value of syslog |facility| string.
int int_syslog_facility(const char *strfacility); int int_syslog_facility(const char *strfacility);
FILE* open_file_for_write(const char *filename);
} // namespace shrpx } // namespace shrpx
#endif // SHRPX_CONFIG_H #endif // SHRPX_CONFIG_H