From: Felix Dörre <felix@dogcraft.de>
Date: Sat, 21 Jun 2014 14:33:13 +0000 (+0200)
Subject: Merge branch 'nativeuid'
X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=a7221f6d65748e2c681e94e905615b4e576b75a5;hp=a7b3907c5b31b2ff23d341493fb0c145ddf3c5b1

Merge branch 'nativeuid'
---

diff --git a/natives/.gitignore b/natives/.gitignore
new file mode 100644
index 00000000..0b5c1b32
--- /dev/null
+++ b/natives/.gitignore
@@ -0,0 +1,2 @@
+/libsetuid.so
+*.h
diff --git a/natives/Makefile b/natives/Makefile
new file mode 100644
index 00000000..b58e4006
--- /dev/null
+++ b/natives/Makefile
@@ -0,0 +1,12 @@
+SYSTEM= $(shell uname | awk '{print tolower($$0)}')
+
+
+all: libsetuid.so
+
+libsetuid.so:
+	javah -classpath ../bin/ -jni org.cacert.gigi.natives.SetUID	
+	gcc -fPIC -o libsetuid.so -shared -I$(JAVA_HOME)/include -I$(JAVA_HOME)/include/$(SYSTEM) org_cacert_gigi_natives_SetUID.c
+
+clean:
+	rm -f *.so
+	rm -f *.h
diff --git a/natives/org_cacert_gigi_natives_SetUID.c b/natives/org_cacert_gigi_natives_SetUID.c
new file mode 100644
index 00000000..f0ae7cb1
--- /dev/null
+++ b/natives/org_cacert_gigi_natives_SetUID.c
@@ -0,0 +1,36 @@
+#include <jni.h>  
+#include <sys/types.h>
+#include <unistd.h> 
+  
+#ifndef _Included_org_cacert_natives_SetUID  
+#define _Included_org_cacert_natives_SetUID  
+#ifdef __cplusplus  
+extern "C" {  
+#endif  
+  
+jobject getStatus(JNIEnv *env, int successCode, const char * message) {  
+  
+   jstring message_str = (*env)->NewStringUTF(env, message);
+   jboolean success = successCode;  
+   jclass cls = (*env)->FindClass(env, "Lorg/cacert/gigi/natives/SetUID$Status;");  
+   jmethodID constructor = (*env)->GetMethodID(env, cls, "<init>", "(ZLjava/lang/String;)V");  
+   return (*env)->NewObject(env, cls, constructor, success, message_str);  
+}  
+  
+JNIEXPORT jobject JNICALL Java_org_cacert_gigi_natives_SetUID_setUid  
+  (JNIEnv *env, jobject obj, jint uid, jint gid) {  
+	  if(setgid((int)gid)) {  
+         return (jobject)getStatus(env, 0, "Error while setting GID.");  
+      } 
+  
+      if(setuid((int)uid)) {
+         return (jobject)getStatus(env, 0, "Error while setting UID.");  
+      }  
+  
+      return (jobject)getStatus(env, 1, "Successfully set uid/gid.");  
+}  
+  
+#ifdef __cplusplus  
+}  
+#endif  
+#endif  
diff --git a/src/org/cacert/gigi/Launcher.java b/src/org/cacert/gigi/Launcher.java
index a64a8fa0..2c8c1f53 100644
--- a/src/org/cacert/gigi/Launcher.java
+++ b/src/org/cacert/gigi/Launcher.java
@@ -12,6 +12,7 @@ import java.util.Collection;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
 
+import org.cacert.gigi.natives.SetUID;
 import org.eclipse.jetty.server.Connector;
 import org.eclipse.jetty.server.HttpConfiguration;
 import org.eclipse.jetty.server.HttpConnectionFactory;
@@ -21,12 +22,12 @@ import org.eclipse.jetty.server.ServerConnector;
 import org.eclipse.jetty.server.SslConnectionFactory;
 import org.eclipse.jetty.servlet.ServletContextHandler;
 import org.eclipse.jetty.servlet.ServletHolder;
+import org.eclipse.jetty.util.log.Log;
 import org.eclipse.jetty.util.ssl.SslContextFactory;
 
 public class Launcher {
 	public static void main(String[] args) throws Exception {
 		Server s = new Server();
-
 		// === SSL HTTP Configuration ===
 		HttpConfiguration https_config = new HttpConfiguration();
 		// for client-cert auth
@@ -42,6 +43,13 @@ public class Launcher {
 		s.setHandler(sh);
 		sh.addServlet(new ServletHolder(new TestServlet()), "/");
 		s.start();
+		if (connector.getPort() <= 1024
+				&& !System.getProperty("os.name").toLowerCase().contains("win")) {
+			SetUID uid = new SetUID();
+			if (!uid.setUid(-2, -2).getSuccess()) {
+				Log.getLogger(Launcher.class).warn("Couldn't set uid!");
+			}
+		}
 	}
 
 	private static SslContextFactory generateSSLContextFactory()
diff --git a/src/org/cacert/gigi/natives/SetUID.java b/src/org/cacert/gigi/natives/SetUID.java
new file mode 100644
index 00000000..25c97a59
--- /dev/null
+++ b/src/org/cacert/gigi/natives/SetUID.java
@@ -0,0 +1,36 @@
+package org.cacert.gigi.natives;
+
+import java.io.File;
+
+/**
+ * Native to use privileged ports on unixoide hosts.
+ * 
+ * @author janis
+ * 
+ */
+public class SetUID {
+	static {
+		System.load(new File("natives/libsetuid.so").getAbsolutePath());
+	}
+
+	public native Status setUid(int uid, int gid);
+
+	public static class Status {
+
+		private boolean success;
+		private String message;
+
+		public Status(boolean success, String message) {
+			this.success = success;
+			this.message = message;
+		}
+
+		public boolean getSuccess() {
+			return success;
+		}
+
+		public String getMessage() {
+			return message;
+		}
+	}
+}