# HG changeset patch
# User Ivo Smits <Ivo@UCIS.nl>
# Date 1367868485 -7200
# Node ID 1fe62a94c28a0e492136b5824cd69997223e9aa6
# Parent  a1ec0d6b6f13d4e16dd5b6f35c45ce409ba21df1
Added option SETUID to drop privileges

diff -r a1ec0d6b6f13 -r 1fe62a94c28a src/common.c
--- a/src/common.c	Mon May 06 18:05:07 2013 +0200
+++ b/src/common.c	Mon May 06 21:28:05 2013 +0200
@@ -27,6 +27,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <fcntl.h>
+#include <pwd.h>
 #ifndef HAVE_NETINET_IN_H
 #include <netinet/in.h>
 #endif
@@ -200,6 +201,18 @@
 	}
 }
 
+int drop_privileges() {
+	char* envval;
+	if (envval = getconf("SETUID")) {
+		if (setgroups(0, NULL) == -1) return errorexitp("setgroups");
+		struct passwd *pw = getpwnam(envval);
+		if (!pw) return errorexitp("getpwnam");
+		if (setgid(pw->pw_gid) == -1) return errorexitp("setgid");
+		if (setuid(pw->pw_uid) == -1) return errorexitp("setuid");
+	}
+	chdir("/");
+}
+
 int qtrun(struct qtproto* p) {
 	if (getconf("DEBUG")) debug = 1;
 	struct qtsession session;
@@ -216,6 +229,8 @@
 	session.protocol_data = &protocol_data;
 	if (p->init && p->init(&session) < 0) return -1;
 
+	if (drop_privileges() < 0) return -1;
+
 	fprintf(stderr, "The tunnel is now operational!\n");
 
 	struct pollfd fds[2];