[PATH] -g option for httpd and default user
Luciano Miguel Ferreira Rocha
strange at nsk.no-ip.org
Mon Sep 25 17:58:19 UTC 2006
Hello,
The attached patch changes httpd in the following ways when
CONFIG_FEATURE_HTTPD_SETUID is set:
1. -u now also sets the group id (from pwent->pw_gid, if found, else
same as uid)
2. new -g option, defining new group id
3. setgid and setuid are always called, even in the absence of -u/-g,
and a new option for defining the default was added. Default is "-1".
Regards,
Luciano Rocha
--
lfr
0/0
-------------- next part --------------
diff -ur busybox-1.2.1.orig/include/usage.h busybox-1.2.1/include/usage.h
--- busybox-1.2.1.orig/include/usage.h 2006-06-30 23:42:10.000000000 +0100
+++ busybox-1.2.1/include/usage.h 2006-09-25 18:39:51.000000000 +0100
@@ -1094,17 +1094,25 @@
#define httpd_trivial_usage \
"[-c <conf file>]" \
USE_FEATURE_HTTPD_WITHOUT_INETD(" [-p <port>]") \
- USE_FEATURE_HTTPD_SETUID(" [-u user]") \
+ USE_FEATURE_HTTPD_SETUID(" [-u user] [-g group]") \
USE_FEATURE_HTTPD_BASIC_AUTH(" [-r <realm>]") \
USE_FEATURE_HTTPD_AUTH_MD5(" [-m pass]") \
" [-h home]" \
" [-d/-e <string>]"
+
+#ifndef CONFIG_FEATURE_HTTPD_SETUID_DEFAULT
+# define DEFAULT_ID "-1"
+#else
+# define DEFAULT_ID CONFIG_FEATURE_HTTPD_SETUID_DEFAULT
+#endif
+
#define httpd_full_usage \
"Listens for incoming http server requests.\n\n" \
"Options:\n" \
"\t-c FILE\t\tSpecifies configuration file. (default httpd.conf)\n" \
- USE_FEATURE_HTTPD_WITHOUT_INETD("\t-p PORT\tServer port (default 80)\n") \
- USE_FEATURE_HTTPD_SETUID("\t-u USER\tSet uid to USER after listening privileges port\n") \
+ USE_FEATURE_HTTPD_WITHOUT_INETD("\t-p PORT\t\tServer port (default 80)\n") \
+ USE_FEATURE_HTTPD_SETUID("\t-u USER\t\tSet uid to USER (default " DEFAULT_ID ")\n") \
+ USE_FEATURE_HTTPD_SETUID("\t-g GROUP\tSet gid to GROUP (default USER option)\n") \
USE_FEATURE_HTTPD_BASIC_AUTH("\t-r REALM\tAuthentication Realm for Basic Authentication\n") \
USE_FEATURE_HTTPD_AUTH_MD5("\t-m PASS\t\tCrypt PASS with md5 algorithm\n") \
"\t-h HOME \tSpecifies http HOME directory (default ./)\n" \
diff -ur busybox-1.2.1.orig/networking/Config.in busybox-1.2.1/networking/Config.in
--- busybox-1.2.1.orig/networking/Config.in 2006-06-30 23:42:02.000000000 +0100
+++ busybox-1.2.1/networking/Config.in 2006-09-25 18:43:25.000000000 +0100
@@ -85,15 +85,22 @@
configuration settings.
config CONFIG_FEATURE_HTTPD_SETUID
- bool "Enable support -u <user> option"
+ bool "Enable support for -u <user> and -g <group> options"
default n
depends on CONFIG_HTTPD && CONFIG_FEATURE_HTTPD_WITHOUT_INETD
help
- This option allows the server to run as a specific user
- rather than defaulting to the user that starts the server.
+ This option allows the server to run as a specific user and/or
+ group rather than defaulting to the user that starts the server.
Use of this option requires special privileges to change to a
different user.
+config CONFIG_FEATURE_HTTPD_SETUID_DEFAULT
+ string "Default user"
+ default "-1"
+ depends on CONFIG_FEATURE_HTTPD_SETUID
+ help
+ Specify default user for -u option.
+
config CONFIG_FEATURE_HTTPD_BASIC_AUTH
bool "Enable Basic http Authentication"
default y
diff -ur busybox-1.2.1.orig/networking/httpd.c busybox-1.2.1/networking/httpd.c
--- busybox-1.2.1.orig/networking/httpd.c 2006-06-30 23:42:02.000000000 +0100
+++ busybox-1.2.1/networking/httpd.c 2006-09-25 18:46:01.000000000 +0100
@@ -131,6 +131,12 @@
# define DEBUG 0
#endif
+#ifndef CONFIG_FEATURE_HTTPD_SETUID_DEFAULT
+# define DEFAULT_ID "-1"
+#else
+# define DEFAULT_ID CONFIG_FEATURE_HTTPD_SETUID_DEFAULT
+#endif
+
#define MAX_MEMORY_BUFF 8192 /* IO buffer */
typedef struct HT_ACCESS {
@@ -1897,7 +1903,7 @@
USE_FEATURE_HTTPD_ENCODE_URL_STR(e_opt_encode_url,)
USE_FEATURE_HTTPD_BASIC_AUTH(r_opt_realm,)
USE_FEATURE_HTTPD_AUTH_MD5(m_opt_md5,)
- USE_FEATURE_HTTPD_SETUID(u_opt_setuid,)
+ USE_FEATURE_HTTPD_SETUID(u_opt_setuid, g_opt_setuid,)
USE_FEATURE_HTTPD_WITHOUT_INETD(p_opt_port,)
};
@@ -1905,7 +1911,7 @@
USE_FEATURE_HTTPD_ENCODE_URL_STR("e:")
USE_FEATURE_HTTPD_BASIC_AUTH("r:")
USE_FEATURE_HTTPD_AUTH_MD5("m:")
- USE_FEATURE_HTTPD_SETUID("u:")
+ USE_FEATURE_HTTPD_SETUID("u:g:")
USE_FEATURE_HTTPD_WITHOUT_INETD("p:");
#define OPT_CONFIG_FILE (1<<c_opt_config_file)
@@ -1921,6 +1927,8 @@
#define OPT_MD5 USE_FEATURE_HTTPD_AUTH_MD5((1<<m_opt_md5)) \
SKIP_FEATURE_HTTPD_AUTH_MD5(0)
+#define OPT_SETGID USE_FEATURE_HTTPD_SETUID((1<<g_opt_setuid)) \
+ SKIP_FEATURE_HTTPD_SETUID(0)
#define OPT_SETUID USE_FEATURE_HTTPD_SETUID((1<<u_opt_setuid)) \
SKIP_FEATURE_HTTPD_SETUID(0)
@@ -1937,8 +1945,8 @@
USE_FEATURE_HTTPD_WITHOUT_INETD(const char *s_port;)
USE_FEATURE_HTTPD_WITHOUT_INETD(int server;)
- USE_FEATURE_HTTPD_SETUID(const char *s_uid;)
- USE_FEATURE_HTTPD_SETUID(long uid = -1;)
+ USE_FEATURE_HTTPD_SETUID(const char *s_uid = DEFAULT_ID, *s_gid = DEFAULT_ID;)
+ USE_FEATURE_HTTPD_SETUID(long uid, gid;)
USE_FEATURE_HTTPD_AUTH_MD5(const char *pass;)
@@ -1958,7 +1966,7 @@
USE_FEATURE_HTTPD_ENCODE_URL_STR(, &url_for_encode)
USE_FEATURE_HTTPD_BASIC_AUTH(, &(config->realm))
USE_FEATURE_HTTPD_AUTH_MD5(, &pass)
- USE_FEATURE_HTTPD_SETUID(, &s_uid)
+ USE_FEATURE_HTTPD_SETUID(, &s_uid, &s_gid)
USE_FEATURE_HTTPD_WITHOUT_INETD(, &s_port)
);
@@ -1982,15 +1990,15 @@
if(opt & OPT_PORT)
config->port = bb_xgetlarg(s_port, 10, 1, 0xffff);
#ifdef CONFIG_FEATURE_HTTPD_SETUID
- if(opt & OPT_SETUID) {
- char *e;
-
- uid = strtol(s_uid, &e, 0);
- if(*e != '\0') {
- /* not integer */
- uid = bb_xgetpwnam(s_uid);
+ gid = get_ug_id(s_gid, bb_xgetgrnam);
+ uid = get_ug_id(s_uid, bb_xgetpwnam);
+ if (!(opt & OPT_SETGID)) {
+ struct passwd *pwe;
+ if (!(pwe = getpwuid(uid)))
+ gid = uid;
+ else
+ gid = pwe->pw_gid;
}
- }
#endif
#endif
@@ -1999,8 +2007,8 @@
server = openServer();
# ifdef CONFIG_FEATURE_HTTPD_SETUID
/* drop privileges */
- if(uid > 0)
- setuid(uid);
+ setgid(gid);
+ setuid(uid);
# endif
#endif
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.busybox.net/pipermail/busybox/attachments/20060925/a1674355/attachment-0002.pgp
More information about the busybox
mailing list