[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[myserver-commit] [2994] Added possibility to use different uid/ gid for
From: |
Giuseppe Scrivano |
Subject: |
[myserver-commit] [2994] Added possibility to use different uid/ gid for spawned server processes. |
Date: |
Mon, 02 Feb 2009 20:47:25 +0000 |
Revision: 2994
http://svn.sv.gnu.org/viewvc/?view=rev&root=myserver&revision=2994
Author: gscrivano
Date: 2009-02-02 20:47:19 +0000 (Mon, 02 Feb 2009)
Log Message:
-----------
Added possibility to use different uid/gid for spawned server processes.
Modified Paths:
--------------
trunk/myserver/documentation/process_security.texi
trunk/myserver/include/base/process/process_server_manager.h
trunk/myserver/src/base/process/process_server_manager.cpp
Modified: trunk/myserver/documentation/process_security.texi
===================================================================
--- trunk/myserver/documentation/process_security.texi 2009-02-02 19:29:11 UTC
(rev 2993)
+++ trunk/myserver/documentation/process_security.texi 2009-02-02 20:47:19 UTC
(rev 2994)
@@ -73,6 +73,8 @@
<HOST>localhost</HOST>
<PORT>2010</PORT>
<LOCAL>yes</LOCAL>
+ <UID>1000</UID>
+ <GID>1000</GID>
</PROCESS_SERVER>
@end example
@@ -85,7 +87,11 @@
If the server is not local then the @code{name} is a simple label that
can be used by a MIME type trought @code{param} to access it.
+It is possible to specify a different uid/gid for the local server
+process and don't maintain the original myserver process privileges.
+It can be done using the @code{uid} and @code{gid} elements.
+
The following code, declare an already running FastCGI server and
registers it on the @code{fcgi} extension:
Modified: trunk/myserver/include/base/process/process_server_manager.h
===================================================================
--- trunk/myserver/include/base/process/process_server_manager.h
2009-02-02 19:29:11 UTC (rev 2993)
+++ trunk/myserver/include/base/process/process_server_manager.h
2009-02-02 20:47:19 UTC (rev 2994)
@@ -1,7 +1,7 @@
/* -*- mode: c++ -*- */
/*
MyServer
-Copyright (C) 2007, 2008 Free Software Foundation, Inc.
+Copyright (C) 2007, 2008, 2009 Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
@@ -88,7 +88,7 @@
int domainServers(const char* domain);
void load();
Server* runAndAddServer(const char* domain, const char* name,
-
u_short port = 0);
+ int uid = 0, int gid = 0, u_short port = 0);
Server* addRemoteServer(const char* domain, const char* name,
const char* host, u_short port);
private:
@@ -96,7 +96,8 @@
int nServers;
Mutex mutex;
HashMap<string, ServerDomain*> domains;
- int runServer(Server* server, const char* path, int port = 0);
+ int runServer(Server* server, const char* path, int uid = 0,
+ int gid = 0, u_short port = 0);
void addServer(Server* server, const char* domain, const char* name);
};
Modified: trunk/myserver/src/base/process/process_server_manager.cpp
===================================================================
--- trunk/myserver/src/base/process/process_server_manager.cpp 2009-02-02
19:29:11 UTC (rev 2993)
+++ trunk/myserver/src/base/process/process_server_manager.cpp 2009-02-02
20:47:19 UTC (rev 2994)
@@ -54,55 +54,63 @@
string port;
string local;
bool localBool = true;
+ int uid = 0;
+ int gid = 0;
xmlNodePtr node2;
- if(strcmpi((const char*)node->name, "PROCESS_SERVER"))
+ if (strcmpi((const char*)node->name, "PROCESS_SERVER"))
continue;
node2 = node->children;
- for(;node2; node2 = node2->next)
+ for (;node2; node2 = node2->next)
{
- if(!node2->children || !node2->children->content)
+ if (!node2->children || !node2->children->content)
continue;
- if(!strcmpi((const char*)node2->name, "NAME"))
- name.assign((const char*) node2->children->content);
+ if (!strcmpi ((const char*)node2->name, "NAME"))
+ name.assign ((const char*) node2->children->content);
- if(!strcmpi((const char*)node2->name, "HOST"))
- host.assign((const char*) node2->children->content);
+ if (!strcmpi ((const char*)node2->name, "HOST"))
+ host.assign ((const char*) node2->children->content);
- if(!strcmpi((const char*)node2->name, "DOMAIN"))
- domain.assign((const char*) node2->children->content);
+ if (!strcmpi ((const char*)node2->name, "DOMAIN"))
+ domain.assign ((const char*) node2->children->content);
- if(!strcmpi((const char*)node2->name, "PORT"))
- port.assign((const char*) node2->children->content);
+ if (!strcmpi ((const char*)node2->name, "PORT"))
+ port.assign ((const char*) node2->children->content);
- if(!strcmpi((const char*)node2->name, "LOCAL"))
- local.assign((const char*) node2->children->content);
+ if (!strcmpi ((const char*)node2->name, "LOCAL"))
+ local.assign ((const char*) node2->children->content);
+
+ if (!strcmpi ((const char*)node2->name, "UID"))
+ uid = atoi ((const char*) node2->children->content);
+
+ if (!strcmpi ((const char*)node2->name, "GID"))
+ gid = atoi ((const char*) node2->children->content);
}
- if(!local.compare("YES") || !local.compare("yes"))
+ if (!local.compare("YES") || !local.compare("yes"))
localBool = true;
else
localBool = false;
- if(name.size() && domain.size())
+ if (name.size () && domain.size ())
{
u_short portN = 0;
- if(port.size())
- portN = atoi(port.c_str());
+ if(port.size ())
+ portN = atoi (port.c_str());
- if(localBool)
- runAndAddServer(domain.c_str(), name.c_str(), portN);
+ if (localBool)
+ runAndAddServer (domain.c_str(), name.c_str(), uid, gid, portN);
else
{
- if(portN)
- addRemoteServer(domain.c_str(), name.c_str(), host.c_str(), portN);
+ if (portN)
+ addRemoteServer (domain.c_str(), name.c_str(), host.c_str(), portN);
else
{
ostringstream msg;
msg << "Error: incomplete remote PROCESS_SERVER block, "
<< domain << ":" << name << " needs a port";
- ::Server::getInstance()->logWriteln(msg.str().c_str(),
MYSERVER_LOG_MSG_ERROR);
+ ::Server::getInstance ()->logWriteln(msg.str().c_str(),
MYSERVER_LOG_MSG_ERROR);
}
}
@@ -110,7 +118,7 @@
else
{
const char *msg = "Error: incomplete PROCESS_SERVER block";
- ::Server::getInstance()->logWriteln(msg, MYSERVER_LOG_MSG_ERROR);
+ ::Server::getInstance ()->logWriteln(msg, MYSERVER_LOG_MSG_ERROR);
}
}
@@ -350,14 +358,16 @@
*Run and add a server to the collection.
*\param domain The server's domain.
*\param path The path to the executable.
+ *\param uid User id to use for the new process.
+ *\param gid Group id to use for the new process.
*\param port Port to use for the server.
*/
ProcessServerManager::Server*
ProcessServerManager::runAndAddServer(const char* domain, const char* path,
- u_short port)
+ int uid, int gid, u_short port)
{
Server* server = new Server;
- if(runServer(server, path, port))
+ if(runServer(server, path, uid, gid, port))
{
delete server;
return 0;
@@ -370,10 +380,13 @@
*Run a new server.
*\param server The server object.
*\param path The path to the executable.
+ *\param uid User id to use for the new process.
+ *\param gid Group id to use for the new process.
*\param port The listening port.
*/
int ProcessServerManager::runServer(ProcessServerManager::Server* server,
- const char* path, int port)
+ const char* path, int uid, int gid,
+ u_short port)
{
StartProcInfo spi;
MYSERVER_SOCKADDRIN serverSockAddrIn;
@@ -435,6 +448,9 @@
spi.cmdLine.assign(path);
server->path.assign(path);
+ spi.uid = uid;
+ spi.gid = gid;
+
if (Process::getForkServer ()->isInitialized ())
{
int ret, port, pid;
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [myserver-commit] [2994] Added possibility to use different uid/ gid for spawned server processes.,
Giuseppe Scrivano <=