upd: make verification processes more consistent on failure

[gigi.git] / src / org / cacert / gigi / Launcher.java

diff --git a/src/org/cacert/gigi/Launcher.java b/src/org/cacert/gigi/Launcher.java
index cff94772eff804d85593d9f537858ea887dd4254..7c588d8e95a28b49183735478489b2f09e6309f0 100644 (file)
--- a/src/org/cacert/gigi/Launcher.java
+++ b/src/org/cacert/gigi/Launcher.java
@@ -112,6 +112,10 @@ public class Launcher {
 
     GigiConfig conf;
 
+    private boolean isSystemPort(int port) {
+        return 1 <= port && port <= 1024;
+    }
+
     public synchronized void boot(InputStream in) throws Exception {
         Locale.setDefault(Locale.ENGLISH);
         TimeZone.setDefault(TimeZone.getTimeZone("UTC"));
@@ -127,10 +131,24 @@ public class Launcher {
         initHandlers();
 
         s.start();
-        if ((ServerConstants.getSecurePort() <= 1024 || ServerConstants.getPort() <= 1024) && !System.getProperty("os.name").toLowerCase().contains("win")) {
-            SetUID uid = new SetUID();
-            if ( !uid.setUid(65536 - 2, 65536 - 2).getSuccess()) {
-                Log.getLogger(Launcher.class).warn("Couldn't set uid!");
+        if ((isSystemPort(ServerConstants.getSecurePort()) || isSystemPort(ServerConstants.getPort())) && !System.getProperty("os.name").toLowerCase().contains("win")) {
+            String uid_s = conf.getMainProps().getProperty("gigi.uid", Integer.toString(65536 - 2));
+            String gid_s = conf.getMainProps().getProperty("gigi.gid", Integer.toString(65536 - 2));
+            try {
+                int uid = Integer.parseInt(uid_s);
+                int gid = Integer.parseInt(gid_s);
+                if (uid == -1 && gid == -1) {
+                    // skip setuid step
+                } else if (uid > 0 && gid > 0 && uid < 65536 && gid < 65536) {
+                    SetUID.Status status = new SetUID().setUid(uid, gid);
+                    if ( !status.getSuccess()) {
+                        Log.getLogger(Launcher.class).warn(status.getMessage());
+                    }
+                } else {
+                    Log.getLogger(Launcher.class).warn("Invalid uid or gid (must satisfy 0 < id < 65536)");
+                }
+            } catch (NumberFormatException e) {
+                Log.getLogger(Launcher.class).warn("Invalid gigi.uid or gigi.gid", e);
             }
         }
     }
@@ -177,16 +195,19 @@ public class Launcher {
 
         protected static ServerConnector createConnector(GigiConfig conf, Server s, HttpConfiguration httpConfig, boolean doHttps) throws GeneralSecurityException, IOException {
             ServerConnector connector;
+            int port;
             if (doHttps) {
                 connector = new ServerConnector(s, createConnectionFactory(conf), new HttpConnectionFactory(httpConfig));
+                port = ServerConstants.getSecurePort();
             } else {
                 connector = new ServerConnector(s, new HttpConnectionFactory(httpConfig));
+                port = ServerConstants.getPort();
             }
-            connector.setHost(conf.getMainProps().getProperty("host"));
-            if (doHttps) {
-                connector.setPort(ServerConstants.getSecurePort());
+            if (port == -1) {
+                connector.setInheritChannel(true);
             } else {
-                connector.setPort(ServerConstants.getPort());
+                connector.setHost(conf.getMainProps().getProperty("host"));
+                connector.setPort(port);
             }
             connector.setAcceptQueueSize(100);
             return connector;