#include "snprintf.h"
#endif
+#include "webserver.h"
+
pthread_mutex_t Critters[MAX_SEMAPHORES]; /* Things needing locking */
pthread_key_t MyConKey; /* TSD key for MyContext() */
pthread_key_t MyReq; /* TSD key for MyReq() */
pthread_mutex_unlock(&Critters[which_one]);
}
+void drop_root(uid_t UID)
+{
+ struct passwd pw, *pwp = NULL;
+
+ /*
+ * Now that we've bound the sockets, change to the Citadel user id and its
+ * corresponding group ids
+ */
+ if (UID != -1) {
+
+#ifdef HAVE_GETPWUID_R
+#ifdef SOLARIS_GETPWUID
+ pwp = getpwuid_r(UID, &pw, pwbuf, sizeof(pwbuf));
+#else // SOLARIS_GETPWUID
+ getpwuid_r(UID, &pw, pwbuf, sizeof(pwbuf), &pwp);
+#endif // SOLARIS_GETPWUID
+#else // HAVE_GETPWUID_R
+ pwp = NULL;
+#endif // HAVE_GETPWUID_R
+
+ if (pwp == NULL)
+ lprintf(CTDL_CRIT, "WARNING: getpwuid(%ld): %s\n"
+ "Group IDs will be incorrect.\n", UID,
+ strerror(errno));
+ else {
+ initgroups(pw.pw_name, pw.pw_gid);
+ if (setgid(pw.pw_gid))
+ lprintf(CTDL_CRIT, "setgid(%ld): %s\n", (long)pw.pw_gid,
+ strerror(errno));
+ }
+ lprintf(CTDL_INFO, "Changing uid to %ld\n", (long)UID);
+ if (setuid(UID) != 0) {
+ lprintf(CTDL_CRIT, "setuid() failed: %s\n", strerror(errno));
+ }
+#if defined (HAVE_SYS_PRCTL_H) && defined (PR_SET_DUMPABLE)
+ prctl(PR_SET_DUMPABLE, 1);
+#endif
+ }
+}
extern int ig_tcp_server(char *ip_addr, int port_number, int queue_len);
extern int ig_uds_server(char *sockpath, int queue_len);
+extern void drop_root(uid_t UID);
char ctdl_key_dir[PATH_MAX]=SSL_DIR;
char file_crpt_file_key[PATH_MAX]="";
*/
int main(int argc, char **argv)
{
+ uid_t UID = -1;
size_t basesize = 2; /* how big should strbufs be on creation? */
pthread_t SessThread; /* Thread descriptor */
pthread_attr_t attr; /* Thread attributes */
/* Parse command line */
#ifdef HAVE_OPENSSL
- while ((a = getopt(argc, argv, "h:i:p:t:T:B:x:dD:G:cfsS:Z")) != EOF)
+ while ((a = getopt(argc, argv, "u:h:i:p:t:T:B:x:dD:G:cfsS:Z")) != EOF)
#else
- while ((a = getopt(argc, argv, "h:i:p:t:T:B:x:dD:G:cfZ")) != EOF)
+ while ((a = getopt(argc, argv, "u:h:i:p:t:T:B:x:dD:G:cfZ")) != EOF)
#endif
switch (a) {
+ case 'u':
+ UID = atol(optarg);
+ break;
case 'h':
hdir = strdup(optarg);
relh=hdir[0]!='/';
init_ssl();
}
#endif
+ drop_root(UID);
/* Start a few initial worker threads */
for (i = 0; i < (MIN_WORKER_THREADS); ++i) {