if(dcgi_cookie && dcgi_client)
disorder_revoke(dcgi_client);
- /* We'll need a new connection as we are going to stop being guest */
+ /* We'll need a new connection as we are going to stop being guest.
+ * Make sure it's unprivileged, so that the server actually bothers checking
+ * the password we supply.
+ */
c = disorder_new(0);
+ disorder_force_unpriv(c);
if(disorder_connect_user(c, username, password)) {
login_error("loginfailed");
return -1;
/** @brief Figure out what address to connect to
* @param c Configuration to honor
+ * @param flags Flags to guide the choice
* @param sap Where to store pointer to sockaddr
* @param namep Where to store socket name
* @return Socket length, or (socklen_t)-1
*/
-socklen_t find_server(struct config *c,
- struct sockaddr **sap, char **namep) {
+socklen_t disorder_find_server(struct config *c, unsigned flags,
+ struct sockaddr **sap, char **namep) {
struct sockaddr *sa;
#if !_WIN32
struct sockaddr_un su;
disorder_fatal(0, "local connections are not supported on Windows");
#else
/* use the private socket if possible (which it should be) */
- name = config_get_file2(c, "private/socket");
- if(access(name, R_OK) != 0) {
- xfree(name);
- name = NULL;
+ if (!(flags & DISORDER_FS_NOTPRIV)) {
+ name = config_get_file2(c, "private/socket");
+ if(access(name, R_OK) != 0) {
+ xfree(name);
+ name = NULL;
+ }
}
if(!name)
name = config_get_file2(c, "socket");
return len;
}
+/** @brief Figure out what address to connect to
+ * @param c Configuration to honor
+ * @param sap Where to store pointer to sockaddr
+ * @param namep Where to store socket name
+ * @return Socket length, or (socklen_t)-1
+ *
+ * The function disorder_find_server() isn't a namespace violation, and has
+ * more functionality. This function is equivalent, to disorder_find_server()
+ * with a zero @c flags argument.
+ */
+socklen_t find_server(struct config *c,
+ struct sockaddr **sap, char **namep) {
+ return disorder_find_server(c, 0, sap, namep);
+}
+
const char disorder__body[1];
const char disorder__list[1];
const char disorder__integer[1];
int open;
/** @brief Socket I/O context */
struct socketio sio;
+ /** @brief Whether to try to open a privileged connection */
+ int trypriv;
};
/** @brief Create a new client
c->verbose = verbose;
c->family = -1;
+ c->trypriv = 1;
return c;
}
+/** @brief Don't try to make a privileged connection
+ * @param c Client
+ *
+ * You must call this before any of the connection functions (e.g.,
+ * disorder_connect(), disorder_connect_user()), if at all.
+ */
+void disorder_force_unpriv(disorder_client *c) {
+ assert(!c->open);
+ c->trypriv = 0;
+}
+
/** @brief Return the address family used by this client */
int disorder_client_af(disorder_client *c) {
return c->family;
socklen_t salen;
char errbuf[1024];
- if((salen = find_server(conf, &sa, &c->ident)) == (socklen_t)-1)
+ if((salen = disorder_find_server(conf,
+ (c->trypriv ? 0 : DISORDER_FS_NOTPRIV),
+ &sa, &c->ident)) == (socklen_t)-1)
return -1;
c->input = 0;
c->output = 0;