Home Explore Help
Sign In
Godot
/
godot
mirror of https://github.com/godotengine/godot.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: 3cfab06080
Branches Tags
godot
/
thirdparty
/
libwebsockets
/
lib
/
plat
/
unix
/
unix-caps.c

unix-caps.c 2.2 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485 
  1. /*
    2. 

  2.  * libwebsockets - small server side websockets and web server implementation
    3. 

  3.  *
    4. 

  4.  * Copyright (C) 2010-2018 Andy Green <[email protected]>
    5. 

  5.  *
    6. 

  6.  *  This library is free software; you can redistribute it and/or
    7. 

  7.  *  modify it under the terms of the GNU Lesser General Public
    8. 

  8.  *  License as published by the Free Software Foundation:
    9. 

  9.  *  version 2.1 of the License.
    10. 

  10.  *
    11. 

  11.  *  This library is distributed in the hope that it will be useful,
    12. 

  12.  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13.  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    14. 

  14.  *  Lesser General Public License for more details.
    15. 

  15.  *
    16. 

  16.  *  You should have received a copy of the GNU Lesser General Public
    17. 

  17.  *  License along with this library; if not, write to the Free Software
    18. 

  18.  *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
    19. 

  19.  *  MA  02110-1301  USA
    20. 

  20.  */
    21. 

  21. 

  22. #define _GNU_SOURCE
    23. 

  23. #include "core/private.h"
    24. 

  24. 

  25. #include <pwd.h>
    26. 

  26. #include <grp.h>
    27. 

  27. 

  28. #if defined(LWS_HAVE_SYS_CAPABILITY_H) && defined(LWS_HAVE_LIBCAP)
    29. 

  29. static void
    30. 

  30. _lws_plat_apply_caps(int mode, const cap_value_t *cv, int count)
    31. 

  31. {
    32. 

  32. 	cap_t caps;
    33. 

  33. 

  34. 	if (!count)
    35. 

  35. 		return;
    36. 

  36. 

  37. 	caps = cap_get_proc();
    38. 

  38. 

  39. 	cap_set_flag(caps, mode, count, cv, CAP_SET);
    40. 

  40. 	cap_set_proc(caps);
    41. 

  41. 	prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
    42. 

  42. 	cap_free(caps);
    43. 

  43. }
    44. 

  44. #endif
    45. 

  45. 

  46. void
    47. 

  47. lws_plat_drop_app_privileges(const struct lws_context_creation_info *info)
    48. 

  48. {
    49. 

  49. 	if (info->gid && info->gid != -1)
    50. 

  50. 		if (setgid(info->gid))
    51. 

  51. 			lwsl_warn("setgid: %s\n", strerror(LWS_ERRNO));
    52. 

  52. 

  53. 	if (info->uid && info->uid != -1) {
    54. 

  54. 		struct passwd *p = getpwuid(info->uid);
    55. 

  55. 

  56. 		if (p) {
    57. 

  57. 

  58. #if defined(LWS_HAVE_SYS_CAPABILITY_H) && defined(LWS_HAVE_LIBCAP)
    59. 

  59. 			_lws_plat_apply_caps(CAP_PERMITTED, info->caps,
    60. 

  60. 					     info->count_caps);
    61. 

  61. #endif
    62. 

  62. 

  63. 			initgroups(p->pw_name, info->gid);
    64. 

  64. 			if (setuid(info->uid))
    65. 

  65. 				lwsl_warn("setuid: %s\n", strerror(LWS_ERRNO));
    66. 

  66. 			else
    67. 

  67. 				lwsl_notice("Set privs to user '%s'\n",
    68. 

  68. 					    p->pw_name);
    69. 

  69. 

  70. #if defined(LWS_HAVE_SYS_CAPABILITY_H) && defined(LWS_HAVE_LIBCAP)
    71. 

  71. 			_lws_plat_apply_caps(CAP_EFFECTIVE, info->caps,
    72. 

  72. 					     info->count_caps);
    73. 

  73. 

  74. 			if (info->count_caps) {
    75. 

  75. 				int n;
    76. 

  76. 				for (n = 0; n < info->count_caps; n++)
    77. 

  77. 					lwsl_notice("   RETAINING CAP %d\n",
    78. 

  78. 						    (int)info->caps[n]);
    79. 

  79. 			}
    80. 

  80. #endif
    81. 

  81. 

  82. 		} else
    83. 

  83. 			lwsl_warn("getpwuid: unable to find uid %d", info->uid);
    84. 

  84. 	}
    85. 

  85. }
    86.