Mercurial > hg > quicktun

comparison src/common.c @ 36:1fe62a94c28a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added option SETUID to drop privileges
author Ivo Smits <Ivo@UCIS.nl>
date Mon, 06 May 2013 21:28:05 +0200
parents a1ec0d6b6f13
children d9f5caa13898
comparison
equal deleted inserted replaced
35:a1ec0d6b6f13 36:1fe62a94c28a
25 25
26 #include <stdio.h> 26 #include <stdio.h>
27 #include <stdlib.h> 27 #include <stdlib.h>
28 #include <string.h> 28 #include <string.h>
29 #include <fcntl.h> 29 #include <fcntl.h>
30 #include <pwd.h>
30 #ifndef HAVE_NETINET_IN_H 31 #ifndef HAVE_NETINET_IN_H
31 #include <netinet/in.h> 32 #include <netinet/in.h>
32 #endif 33 #endif
33 #include <sys/ioctl.h> 34 #include <sys/ioctl.h>
34 #include <sys/socket.h> 35 #include <sys/socket.h>
198 else if (*src >= 'A' && *src <= 'F') *dest += *src - 'A' + 10; 199 else if (*src >= 'A' && *src <= 'F') *dest += *src - 'A' + 10;
199 src++; dest++; 200 src++; dest++;
200 } 201 }
201 } 202 }
202 203
204 int drop_privileges() {
205 char* envval;
206 if (envval = getconf("SETUID")) {
207 if (setgroups(0, NULL) == -1) return errorexitp("setgroups");
208 struct passwd *pw = getpwnam(envval);
209 if (!pw) return errorexitp("getpwnam");
210 if (setgid(pw->pw_gid) == -1) return errorexitp("setgid");
211 if (setuid(pw->pw_uid) == -1) return errorexitp("setuid");
212 }
213 chdir("/");
214 }
215
203 int qtrun(struct qtproto* p) { 216 int qtrun(struct qtproto* p) {
204 if (getconf("DEBUG")) debug = 1; 217 if (getconf("DEBUG")) debug = 1;
205 struct qtsession session; 218 struct qtsession session;
206 session.protocol = *p; 219 session.protocol = *p;
207 220
213 226
214 char protocol_data[p->protocol_data_size]; 227 char protocol_data[p->protocol_data_size];
215 memset(protocol_data, 0, p->protocol_data_size); 228 memset(protocol_data, 0, p->protocol_data_size);
216 session.protocol_data = &protocol_data; 229 session.protocol_data = &protocol_data;
217 if (p->init && p->init(&session) < 0) return -1; 230 if (p->init && p->init(&session) < 0) return -1;
231
232 if (drop_privileges() < 0) return -1;
218 233
219 fprintf(stderr, "The tunnel is now operational!\n"); 234 fprintf(stderr, "The tunnel is now operational!\n");
220 235
221 struct pollfd fds[2]; 236 struct pollfd fds[2];
222 fds[0].fd = ttfd; 237 fds[0].fd = ttfd;