Mercurial > hg > quicktun
changeset 36:1fe62a94c28a
Added option SETUID to drop privileges
| author | Ivo Smits <Ivo@UCIS.nl> |
|---|---|
| date | Mon, 06 May 2013 21:28:05 +0200 |
| parents | a1ec0d6b6f13 |
| children | bb4bbf380938 |
| files | src/common.c |
| diffstat | 1 files changed, 15 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/common.c Mon May 06 18:05:07 2013 +0200 +++ b/src/common.c Mon May 06 21:28:05 2013 +0200 @@ -27,6 +27,7 @@ #include <stdlib.h> #include <string.h> #include <fcntl.h> +#include <pwd.h> #ifndef HAVE_NETINET_IN_H #include <netinet/in.h> #endif @@ -200,6 +201,18 @@ } } +int drop_privileges() { + char* envval; + if (envval = getconf("SETUID")) { + if (setgroups(0, NULL) == -1) return errorexitp("setgroups"); + struct passwd *pw = getpwnam(envval); + if (!pw) return errorexitp("getpwnam"); + if (setgid(pw->pw_gid) == -1) return errorexitp("setgid"); + if (setuid(pw->pw_uid) == -1) return errorexitp("setuid"); + } + chdir("/"); +} + int qtrun(struct qtproto* p) { if (getconf("DEBUG")) debug = 1; struct qtsession session; @@ -216,6 +229,8 @@ session.protocol_data = &protocol_data; if (p->init && p->init(&session) < 0) return -1; + if (drop_privileges() < 0) return -1; + fprintf(stderr, "The tunnel is now operational!\n"); struct pollfd fds[2];