Run as user
This commit is contained in:
Andrew Pamment
@@ -125,6 +125,8 @@ struct ip_address_guard {
|
||||
};
|
||||
|
||||
struct bbs_config {
|
||||
uid_t uid;
|
||||
gid_t gid;
|
||||
int codepage;
|
||||
int ipv6;
|
||||
char *bbs_name;
|
||||
|
||||
71
src/main.c
71
src/main.c
@@ -5,6 +5,7 @@
|
||||
#include <sys/socket.h>
|
||||
#include <sys/wait.h>
|
||||
#include <sys/stat.h>
|
||||
#include <pwd.h>
|
||||
#include <signal.h>
|
||||
#include <unistd.h>
|
||||
#include <stdlib.h>
|
||||
@@ -40,6 +41,7 @@ extern struct user_record *gUser;
|
||||
int ssh_pid = -1;
|
||||
int bbs_pid = 0;
|
||||
int server_socket = -1;
|
||||
int ipv6_pid = -1;
|
||||
|
||||
int bbs_stdin;
|
||||
int bbs_stdout;
|
||||
@@ -62,6 +64,10 @@ void sigterm_handler(int s)
|
||||
MHD_stop_daemon(www_daemon);
|
||||
}
|
||||
#endif
|
||||
if (ipv6_pid != -1) {
|
||||
printf("ipv6_pid %d\n", ipv6_pid);
|
||||
kill(ipv6_pid, SIGTERM);
|
||||
}
|
||||
remove(conf.pid_file);
|
||||
exit(0);
|
||||
}
|
||||
@@ -407,6 +413,7 @@ static int handler(void* user, const char* section, const char* name,
|
||||
const char* value)
|
||||
{
|
||||
struct bbs_config *conf = (struct bbs_config *)user;
|
||||
struct passwd *pwd;
|
||||
|
||||
if (strcasecmp(section, "main") == 0) {
|
||||
if (strcasecmp(name, "bbs name") == 0) {
|
||||
@@ -521,6 +528,12 @@ static int handler(void* user, const char* section, const char* name,
|
||||
} else {
|
||||
conf->date_style = 0;
|
||||
}
|
||||
} else if (strcasecmp(name, "run as user") == 0) {
|
||||
pwd = getpwnam(value);
|
||||
if (pwd != NULL) {
|
||||
conf->uid = pwd->pw_uid;
|
||||
conf->gid = pwd->pw_gid;
|
||||
}
|
||||
}
|
||||
} else if (strcasecmp(section, "paths") == 0){
|
||||
if (strcasecmp(name, "ansi path") == 0) {
|
||||
@@ -794,6 +807,14 @@ void serverssh(int port, int ipv6) {
|
||||
}
|
||||
c = sizeof(struct sockaddr_in);
|
||||
}
|
||||
|
||||
if (conf.uid != getuid()) {
|
||||
if (setgid(conf.gid) != 0 || setuid(conf.uid) != 0) {
|
||||
perror("SetUID Failed: ");
|
||||
remove(conf.pid_file);
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
listen(ssh_sock, 3);
|
||||
|
||||
@@ -1070,6 +1091,7 @@ void server(int port, int ipv6) {
|
||||
ssh_pid = fork();
|
||||
|
||||
if (ssh_pid == 0) {
|
||||
ipv6_pid = -1;
|
||||
ssh_pid = -1;
|
||||
serverssh(conf.ssh_port, ipv6);
|
||||
exit(0);
|
||||
@@ -1079,20 +1101,6 @@ void server(int port, int ipv6) {
|
||||
}
|
||||
}
|
||||
|
||||
#if defined(ENABLE_WWW)
|
||||
if (conf.www_server && conf.www_path != NULL && conf.www_url != NULL) {
|
||||
if (!conf.fork) {
|
||||
printf(" - HTTP Starting on Port %d (IPv%d)\n", conf.www_port, (ipv6 ? 6 : 4));
|
||||
}
|
||||
www_init();
|
||||
if (ipv6) {
|
||||
www_daemon = MHD_start_daemon(MHD_USE_THREAD_PER_CONNECTION|MHD_USE_IPv6, conf.www_port, NULL, NULL, &www_handler, NULL, MHD_OPTION_NOTIFY_COMPLETED, &www_request_completed, NULL, MHD_OPTION_URI_LOG_CALLBACK, &www_logger, NULL, MHD_OPTION_END);
|
||||
} else {
|
||||
www_daemon = MHD_start_daemon(MHD_USE_THREAD_PER_CONNECTION, conf.www_port, NULL, NULL, &www_handler, NULL, MHD_OPTION_NOTIFY_COMPLETED, &www_request_completed, NULL, MHD_OPTION_URI_LOG_CALLBACK, &www_logger, NULL, MHD_OPTION_END);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if (ipv6) {
|
||||
server_socket = socket(AF_INET6, SOCK_STREAM, 0);
|
||||
} else {
|
||||
@@ -1152,6 +1160,28 @@ void server(int port, int ipv6) {
|
||||
client_p = &client4;
|
||||
}
|
||||
|
||||
if (conf.uid != getuid()) {
|
||||
if (setgid(conf.gid) != 0 || setuid(conf.uid) != 0) {
|
||||
perror("SetUID Failed: ");
|
||||
remove(conf.pid_file);
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
#if defined(ENABLE_WWW)
|
||||
if (conf.www_server && conf.www_path != NULL && conf.www_url != NULL) {
|
||||
if (!conf.fork) {
|
||||
printf(" - HTTP Starting on Port %d (IPv%d)\n", conf.www_port, (ipv6 ? 6 : 4));
|
||||
}
|
||||
www_init();
|
||||
if (ipv6) {
|
||||
www_daemon = MHD_start_daemon(MHD_USE_THREAD_PER_CONNECTION|MHD_USE_IPv6, conf.www_port, NULL, NULL, &www_handler, NULL, MHD_OPTION_NOTIFY_COMPLETED, &www_request_completed, NULL, MHD_OPTION_URI_LOG_CALLBACK, &www_logger, NULL, MHD_OPTION_END);
|
||||
} else {
|
||||
www_daemon = MHD_start_daemon(MHD_USE_THREAD_PER_CONNECTION, conf.www_port, NULL, NULL, &www_handler, NULL, MHD_OPTION_NOTIFY_COMPLETED, &www_request_completed, NULL, MHD_OPTION_URI_LOG_CALLBACK, &www_logger, NULL, MHD_OPTION_END);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
listen(server_socket, 3);
|
||||
|
||||
|
||||
@@ -1229,7 +1259,7 @@ void server(int port, int ipv6) {
|
||||
|
||||
int main(int argc, char **argv) {
|
||||
int i;
|
||||
int main_pid, ipv6_pid;
|
||||
int main_pid;
|
||||
FILE *fptr;
|
||||
struct stat s;
|
||||
char buffer[1024];
|
||||
@@ -1269,7 +1299,8 @@ int main(int argc, char **argv) {
|
||||
conf.codepage = 0;
|
||||
conf.date_style = 0;
|
||||
conf.ipv6 = 0;
|
||||
|
||||
conf.uid = getuid();
|
||||
conf.gid = getgid();
|
||||
// Load BBS data
|
||||
if (ini_parse(argv[1], handler, &conf) <0) {
|
||||
fprintf(stderr, "Unable to load configuration ini (%s)!\n", argv[1]);
|
||||
@@ -1336,6 +1367,12 @@ int main(int argc, char **argv) {
|
||||
exit(-1);
|
||||
} else
|
||||
if (main_pid > 0) {
|
||||
if (conf.uid != getuid()) {
|
||||
if (setgid(conf.gid) != 0 || setuid(conf.uid) != 0) {
|
||||
perror("Setuid Error: ");
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
fptr = fopen(conf.pid_file, "w");
|
||||
if (!fptr) {
|
||||
fprintf(stderr, "Unable to open pid file for writing.\n");
|
||||
@@ -1358,6 +1395,7 @@ int main(int argc, char **argv) {
|
||||
} else if (ipv6_pid > 0) {
|
||||
server(conf.telnet_port, 0);
|
||||
} else {
|
||||
ipv6_pid = -1;
|
||||
server(conf.telnet_port, 1);
|
||||
}
|
||||
} else {
|
||||
@@ -1382,6 +1420,7 @@ int main(int argc, char **argv) {
|
||||
} else if (ipv6_pid > 0) {
|
||||
server(conf.telnet_port, 0);
|
||||
} else {
|
||||
ipv6_pid = -1;
|
||||
server(conf.telnet_port, 1);
|
||||
}
|
||||
} else {
|
||||
|
||||
Reference in New Issue
Block a user