mime type handling and setuid/setgid support

author: Jan Wolff <janw@mailbox.org> 2020-05-17 12:54:10 +0200
committer: Jan Wolff <janw@mailbox.org> 2020-05-17 12:54:10 +0200
commit: 872197c55805161e1ed6bbbd13b169b3bc809fd5 (patch)
tree: 600914246f6de5e7ae2cee82f0009aec3b2c77ac /src/server/mod.rs
parent: 4a9c6c11acf4128b2c5158307088b0cbc377c3e5 (diff)
1 files changed, 35 insertions, 3 deletions
diff --git a/src/server/mod.rs b/src/server/mod.rs
index 696a3a5..f00ab35 100644
--- a/src/server/mod.rs
+++ b/src/server/mod.rs
@@ -5,6 +5,7 @@ use std::sync::Arc;
 use std::thread;
 use std::vec::Vec;
 use url::Url;
+use nix::unistd;
 
 pub mod handler;
 pub mod response;
@@ -14,6 +15,8 @@ pub struct ServerConfig {
     default_host: Url,
     gem_root: PathBuf,
     addrs: Vec<SocketAddr>,
+    user: unistd::Uid,
+    group: unistd::Gid,
 }
 
 impl ServerConfig {
@@ -22,6 +25,8 @@ impl ServerConfig {
             default_host: Url::parse("gemini://localhost").unwrap(),
             gem_root: PathBuf::from(""),
             addrs: Vec::new(),
+            user: unistd::getuid(),
+            group: unistd::getgid(),
         }
     }
 
@@ -45,17 +50,29 @@ impl ServerConfig {
             Err(e) => panic!(e),
         });
     }
+
+    pub fn set_user(&mut self, uname: String) {
+        self.user = match unistd::User::from_name(&uname) {
+            Ok(user) => user.unwrap().uid,
+            Err(e) => panic!(e),
+        };
+    }
+
+    pub fn set_group(&mut self, gname: String) {
+        self.group = match unistd::Group::from_name(&gname) {
+            Ok(group) => group.unwrap().gid,
+            Err(e) => panic!(e),
+        };
+    }
 }
 
 pub struct Server {
-    acceptor: std::sync::Arc<SslAcceptor>,
     config: ServerConfig,
 }
 
 impl Server {
     pub fn new(config: &ServerConfig) -> Server {
         Server {
-            acceptor: Server::build_acceptor(),
             config: config.clone(),
         }
     }
@@ -71,12 +88,27 @@ impl Server {
     }
 
     pub fn serve(&self) {
+        let acceptor = Server::build_acceptor();
         let listener = TcpListener::bind(&self.config.addrs[..]).unwrap();
 
+        if self.config.user.is_root() {
+            panic!("refusing to run as root");
+        }
+
+        match unistd::setgid(self.config.group) {
+            Ok(_) => {},
+            Err(e) => {panic!(e);},
+        };
+
+        match unistd::setuid(self.config.user) {
+            Ok(_) => {},
+            Err(e) => {panic!(e);},
+        };
+
         for stream in listener.incoming() {
             match stream {
                 Ok(stream) => {
-                    let acceptor = self.acceptor.clone();
+                    let acceptor = acceptor.clone();
                     let config = self.config.clone();
                     thread::spawn(move || {
                         let stream = acceptor.accept(stream).unwrap();
author	Jan Wolff <janw@mailbox.org>	2020-05-17 12:54:10 +0200
committer	Jan Wolff <janw@mailbox.org>	2020-05-17 12:54:10 +0200
commit	872197c55805161e1ed6bbbd13b169b3bc809fd5 (patch)
tree	600914246f6de5e7ae2cee82f0009aec3b2c77ac /src/server/mod.rs
parent	4a9c6c11acf4128b2c5158307088b0cbc377c3e5 (diff)