Merge branch 'nativeuid'
authorFelix Dörre <felix@dogcraft.de>
Sat, 21 Jun 2014 14:33:13 +0000 (16:33 +0200)
committerFelix Dörre <felix@dogcraft.de>
Sat, 21 Jun 2014 14:33:13 +0000 (16:33 +0200)
natives/.gitignore [new file with mode: 0644]
natives/Makefile [new file with mode: 0644]
natives/org_cacert_gigi_natives_SetUID.c [new file with mode: 0644]
src/org/cacert/gigi/Launcher.java
src/org/cacert/gigi/natives/SetUID.java [new file with mode: 0644]

diff --git a/natives/.gitignore b/natives/.gitignore
new file mode 100644 (file)
index 0000000..0b5c1b3
--- /dev/null
@@ -0,0 +1,2 @@
+/libsetuid.so
+*.h
diff --git a/natives/Makefile b/natives/Makefile
new file mode 100644 (file)
index 0000000..b58e400
--- /dev/null
@@ -0,0 +1,12 @@
+SYSTEM= $(shell uname | awk '{print tolower($$0)}')
+
+
+all: libsetuid.so
+
+libsetuid.so:
+       javah -classpath ../bin/ -jni org.cacert.gigi.natives.SetUID    
+       gcc -fPIC -o libsetuid.so -shared -I$(JAVA_HOME)/include -I$(JAVA_HOME)/include/$(SYSTEM) org_cacert_gigi_natives_SetUID.c
+
+clean:
+       rm -f *.so
+       rm -f *.h
diff --git a/natives/org_cacert_gigi_natives_SetUID.c b/natives/org_cacert_gigi_natives_SetUID.c
new file mode 100644 (file)
index 0000000..f0ae7cb
--- /dev/null
@@ -0,0 +1,36 @@
+#include <jni.h>  
+#include <sys/types.h>
+#include <unistd.h> 
+  
+#ifndef _Included_org_cacert_natives_SetUID  
+#define _Included_org_cacert_natives_SetUID  
+#ifdef __cplusplus  
+extern "C" {  
+#endif  
+  
+jobject getStatus(JNIEnv *env, int successCode, const char * message) {  
+  
+   jstring message_str = (*env)->NewStringUTF(env, message);
+   jboolean success = successCode;  
+   jclass cls = (*env)->FindClass(env, "Lorg/cacert/gigi/natives/SetUID$Status;");  
+   jmethodID constructor = (*env)->GetMethodID(env, cls, "<init>", "(ZLjava/lang/String;)V");  
+   return (*env)->NewObject(env, cls, constructor, success, message_str);  
+}  
+  
+JNIEXPORT jobject JNICALL Java_org_cacert_gigi_natives_SetUID_setUid  
+  (JNIEnv *env, jobject obj, jint uid, jint gid) {  
+         if(setgid((int)gid)) {  
+         return (jobject)getStatus(env, 0, "Error while setting GID.");  
+      } 
+  
+      if(setuid((int)uid)) {
+         return (jobject)getStatus(env, 0, "Error while setting UID.");  
+      }  
+  
+      return (jobject)getStatus(env, 1, "Successfully set uid/gid.");  
+}  
+  
+#ifdef __cplusplus  
+}  
+#endif  
+#endif  
index a64a8fa00f494873a22ddff47fdf290aec2fed6d..2c8c1f531d67a5e04dcbab21ce7b6a4c40efe359 100644 (file)
@@ -12,6 +12,7 @@ import java.util.Collection;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
 
+import org.cacert.gigi.natives.SetUID;
 import org.eclipse.jetty.server.Connector;
 import org.eclipse.jetty.server.HttpConfiguration;
 import org.eclipse.jetty.server.HttpConnectionFactory;
@@ -21,12 +22,12 @@ import org.eclipse.jetty.server.ServerConnector;
 import org.eclipse.jetty.server.SslConnectionFactory;
 import org.eclipse.jetty.servlet.ServletContextHandler;
 import org.eclipse.jetty.servlet.ServletHolder;
+import org.eclipse.jetty.util.log.Log;
 import org.eclipse.jetty.util.ssl.SslContextFactory;
 
 public class Launcher {
        public static void main(String[] args) throws Exception {
                Server s = new Server();
-
                // === SSL HTTP Configuration ===
                HttpConfiguration https_config = new HttpConfiguration();
                // for client-cert auth
@@ -42,6 +43,13 @@ public class Launcher {
                s.setHandler(sh);
                sh.addServlet(new ServletHolder(new TestServlet()), "/");
                s.start();
+               if (connector.getPort() <= 1024
+                               && !System.getProperty("os.name").toLowerCase().contains("win")) {
+                       SetUID uid = new SetUID();
+                       if (!uid.setUid(-2, -2).getSuccess()) {
+                               Log.getLogger(Launcher.class).warn("Couldn't set uid!");
+                       }
+               }
        }
 
        private static SslContextFactory generateSSLContextFactory()
diff --git a/src/org/cacert/gigi/natives/SetUID.java b/src/org/cacert/gigi/natives/SetUID.java
new file mode 100644 (file)
index 0000000..25c97a5
--- /dev/null
@@ -0,0 +1,36 @@
+package org.cacert.gigi.natives;
+
+import java.io.File;
+
+/**
+ * Native to use privileged ports on unixoide hosts.
+ * 
+ * @author janis
+ * 
+ */
+public class SetUID {
+       static {
+               System.load(new File("natives/libsetuid.so").getAbsolutePath());
+       }
+
+       public native Status setUid(int uid, int gid);
+
+       public static class Status {
+
+               private boolean success;
+               private String message;
+
+               public Status(boolean success, String message) {
+                       this.success = success;
+                       this.message = message;
+               }
+
+               public boolean getSuccess() {
+                       return success;
+               }
+
+               public String getMessage() {
+                       return message;
+               }
+       }
+}