Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 102 lines (90 sloc) 3.325 kB
fccc685 Initial open-source release
MLstate authored
1 (*
2 Copyright © 2011 MLstate
3
4 This file is part of OPA.
5
6 OPA is free software: you can redistribute it and/or modify it under the
7 terms of the GNU Affero General Public License, version 3, as published by
8 the Free Software Foundation.
9
10 OPA is distributed in the hope that it will be useful, but WITHOUT ANY
11 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
12 FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for
13 more details.
14
15 You should have received a copy of the GNU Affero General Public License
16 along with OPA. If not, see <http://www.gnu.org/licenses/>.
17 *)
18 module S = ServerArg
19
20 (* module DropPrivileges : Runtime.COMPONENT = *)
21 (* struct *)
22 (* type options = { *)
23 (* stay_root:bool; *)
24 (* user:string; *)
25 (* group:string; *)
26 (* } *)
27 (* type t = unit *)
28
29 (* let name = "Drop privileges" *)
30 (* let version = "1.0" *)
31 (* let default_options = { *)
32 (* stay_root = true; *)
33 (* user = ""; *)
34 (* group = "" *)
35 (* } (\* TODO *\) *)
36
37 (* let spec_args = *)
38 (* [ *)
39 (* ["--stay_root"], *)
40 (* S.func S.bool (fun opt b -> {opt with stay_root = b}), *)
41 (* "", "TODO" *)
42 (* (\* TODO *\) *)
43 (* ] *)
44
45 (* let ports = [] *)
46 (* let make opt pi = *)
47 (* let _ = opt, pi in *)
48 (* () *)
49
50 (* let run _ sch = *)
51 (* let _ = sch in *)
52 (* (\* TODO base en change_user fun below *\) *)
53 (* () *)
54
55 (* let close _ _ = () *)
56 (* end *)
57
58 let change_user () =
59 if (Unix.geteuid ()) <> 0 then ()
60 else
61 begin
62 let get_arg ref_str =
63 let res =
64 Array.fold_left (
65 fun accu opt ->
66 if fst accu then (false, (Some opt))
67 else if ref_str = opt then (true, (snd accu))
68 else accu
69 ) (false, None) Sys.argv
70 in snd res
71 in
72 let get_id pattern getter =
73 match get_arg pattern with
74 | Some value ->
75 begin try int_of_string value with
76 | Failure _ -> (try getter value with | Not_found | Unix.Unix_error _ -> -1)
77 end
78 | _ -> -1
79 in
80 let stay_root = Array.fold_left (fun acc s -> acc || s = "--stay-root") false Sys.argv in
81 if stay_root then Logger.warning "Warning: Be careful with the --stay-root flag !\n%!"
82 else (
83 let user =
84 let id = get_id "--user" (fun user -> (Unix.getpwnam user).Unix.pw_uid) in
85 if id >= 0 then id else 33 (* uid for www-data under linux systems? *)
86 in
87 let group =
88 let id =
89 let tmp_grp = get_id "--group" (fun group -> (Unix.getgrnam group).Unix.gr_gid) in
90 if user <> -1 && tmp_grp = -1 then
91 get_id "--user" (fun user -> (Unix.getpwnam user).Unix.pw_gid)
92 else tmp_grp
93 in
94 if id >= 0 then id else 33 (* guid for www-data under linux systems? *)
95 in
96 (* let () = File.iter_dir_rec ~showdir:true (fun ~name:_ ~path -> Unix.chown path user group) (Lazy.force File.mlstate_dir) in *)
97 let () = try Unix.setgid group; Logger.notice "[+] setting gid to %d%!" group with Unix.Unix_error _ -> () in
98 let () = try Unix.setuid user; Logger.notice "[+] setting uid to %d%!" user with Unix.Unix_error _ -> () in
99 ()
100 )
101 end
Something went wrong with that request. Please try again.