Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

civetweb: setgid/groups/uid only once if needed #23

Open
wants to merge 1 commit into
base: wip-listen4
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 23 additions & 15 deletions src/civetweb.c
Original file line number Diff line number Diff line change
Expand Up @@ -10691,41 +10691,49 @@ check_acl(struct mg_context *ctx, uint32_t remote_ip)
static int
set_uid_option(struct mg_context *ctx)
{
struct passwd *pw;
if (ctx) {
const char *uid = ctx->config[RUN_AS_USER];
int success = 0;
int success = 0;

if (uid == NULL) {
if (ctx) {
/* We are currently running as curr_uid. */
const uid_t curr_uid = getuid();
/* If set, we want to run as run_as_user. */
const char *run_as_user = ctx->config[RUN_AS_USER];
const struct passwd *to_pw = NULL;

if (run_as_user != NULL && (to_pw = getpwnam(run_as_user)) == NULL) {
/* run_as_user does not exist on the system. We can't proceed further. */
mg_cry(fc(ctx), "%s: unknown user [%s]", __func__, run_as_user);
} else if (run_as_user == NULL || curr_uid == to_pw->pw_uid) {
/* There was either no request to change user, or we're already
* running as run_as_user. Nothing else to do.
*/
success = 1;
} else {
if ((pw = getpwnam(uid)) == NULL) {
mg_cry(fc(ctx), "%s: unknown user [%s]", __func__, uid);
} else if (setgid(pw->pw_gid) == -1) {
/* Valid change request. */
if (setgid(to_pw->pw_gid) == -1) {
mg_cry(fc(ctx),
"%s: setgid(%s): %s",
__func__,
uid,
run_as_user,
strerror(errno));
} else if (setgroups(0, NULL)) {
} else if (setgroups(0, NULL) == -1) {
mg_cry(fc(ctx),
"%s: setgroups(): %s",
__func__,
strerror(errno));
} else if (setuid(pw->pw_uid) == -1) {
} else if (setuid(to_pw->pw_uid) == -1) {
mg_cry(fc(ctx),
"%s: setuid(%s): %s",
__func__,
uid,
run_as_user,
strerror(errno));
} else {
success = 1;
}
}

return success;
}
return 0;

return success;
}
#endif /* !_WIN32 */

Expand Down