--- /dev/null
+/libsetuid.so
+*.h
--- /dev/null
+SYSTEM= $(shell uname | awk '{print tolower($$0)}')
+
+
+all: libsetuid.so
+
+libsetuid.so:
+ javah -classpath ../bin/ -jni org.cacert.gigi.natives.SetUID
+ gcc -fPIC -o libsetuid.so -shared -I$(JAVA_HOME)/include -I$(JAVA_HOME)/include/$(SYSTEM) org_cacert_gigi_natives_SetUID.c
+
+clean:
+ rm -f *.so
+ rm -f *.h
--- /dev/null
+#include <jni.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#ifndef _Included_org_cacert_natives_SetUID
+#define _Included_org_cacert_natives_SetUID
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+jobject getStatus(JNIEnv *env, int successCode, const char * message) {
+
+ jstring message_str = (*env)->NewStringUTF(env, message);
+ jboolean success = successCode;
+ jclass cls = (*env)->FindClass(env, "Lorg/cacert/gigi/natives/SetUID$Status;");
+ jmethodID constructor = (*env)->GetMethodID(env, cls, "<init>", "(ZLjava/lang/String;)V");
+ return (*env)->NewObject(env, cls, constructor, success, message_str);
+}
+
+JNIEXPORT jobject JNICALL Java_org_cacert_gigi_natives_SetUID_setUid
+ (JNIEnv *env, jobject obj, jint uid, jint gid) {
+ if(setgid((int)gid)) {
+ return (jobject)getStatus(env, 0, "Error while setting GID.");
+ }
+
+ if(setuid((int)uid)) {
+ return (jobject)getStatus(env, 0, "Error while setting UID.");
+ }
+
+ return (jobject)getStatus(env, 1, "Successfully set uid/gid.");
+}
+
+#ifdef __cplusplus
+}
+#endif
+#endif
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
+import org.cacert.gigi.natives.SetUID;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
+import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.ssl.SslContextFactory;
public class Launcher {
public static void main(String[] args) throws Exception {
Server s = new Server();
-
// === SSL HTTP Configuration ===
HttpConfiguration https_config = new HttpConfiguration();
// for client-cert auth
s.setHandler(sh);
sh.addServlet(new ServletHolder(new TestServlet()), "/");
s.start();
+ if (connector.getPort() <= 1024
+ && !System.getProperty("os.name").toLowerCase().contains("win")) {
+ SetUID uid = new SetUID();
+ if (!uid.setUid(-2, -2).getSuccess()) {
+ Log.getLogger(Launcher.class).warn("Couldn't set uid!");
+ }
+ }
}
private static SslContextFactory generateSSLContextFactory()
--- /dev/null
+package org.cacert.gigi.natives;
+
+import java.io.File;
+
+/**
+ * Native to use privileged ports on unixoide hosts.
+ *
+ * @author janis
+ *
+ */
+public class SetUID {
+ static {
+ System.load(new File("natives/libsetuid.so").getAbsolutePath());
+ }
+
+ public native Status setUid(int uid, int gid);
+
+ public static class Status {
+
+ private boolean success;
+ private String message;
+
+ public Status(boolean success, String message) {
+ this.success = success;
+ this.message = message;
+ }
+
+ public boolean getSuccess() {
+ return success;
+ }
+
+ public String getMessage() {
+ return message;
+ }
+ }
+}