Run as user

This commit is contained in:
Andrew Pamment 2018-02-18 19:52:55 +10:00
parent ec747992a4
commit 93c7bd2170
5 changed files with 61 additions and 16 deletions

1
dist/config/bbs.ini vendored
View File

@ -14,6 +14,7 @@ External Editor stdio = true
External Editor Codepage = CP437 External Editor Codepage = CP437
Automessage Write Level = 10 Automessage Write Level = 10
Fork = false Fork = false
Run As User = USERNAME
Enable WWW = false Enable WWW = false
WWW Port = 8080 WWW Port = 8080
WWW URL = http://127.0.0.1:8080/ WWW URL = http://127.0.0.1:8080/

View File

@ -18,6 +18,7 @@ This is the main bbs INI file and contains the following sections
* **External Editor Codepage** The codepage the external editor uses (CP437 for magiedit) (Only required if External Editor CMD is set) * **External Editor Codepage** The codepage the external editor uses (CP437 for magiedit) (Only required if External Editor CMD is set)
* **Automessage Write Level** The security level a user needs to change the automessage (Required) * **Automessage Write Level** The security level a user needs to change the automessage (Required)
* **Fork** True if you want the BBS to run in daemon mode false if not. (Required) * **Fork** True if you want the BBS to run in daemon mode false if not. (Required)
* **Run as User** Which user to run at if invoked as root. (Required if running as root)
* **Enable WWW** True to enable the WWW server, false if not. (Required) * **Enable WWW** True to enable the WWW server, false if not. (Required)
* **WWW Port** Port to listen for HTTP connections (Required if WWW is enabled) * **WWW Port** Port to listen for HTTP connections (Required if WWW is enabled)
* **WWW URL** Public facing url of the BBS (Required if WWW is enabled) * **WWW URL** Public facing url of the BBS (Required if WWW is enabled)

View File

@ -69,9 +69,11 @@ else
SED=sed SED=sed
fi fi
$SED -i "s@/home/andrew/MagickaBBS@${PWD}@g" config/bbs.ini $SED -i "s@/home/andrew/MagickaBBS@${PWD}@g" config/bbs.ini
$SED -i "s/BBS Name = Magicka BBS/BBS Name = ${bbsname}/g" config/bbs.ini $SED -i "s/BBS Name = Magicka BBS/BBS Name = ${bbsname}/g" config/bbs.ini
$SED -i "s/Sysop Name = sysop/Sysop Name = ${handle}/g" config/bbs.ini $SED -i "s/Sysop Name = sysop/Sysop Name = ${handle}/g" config/bbs.ini
$SED -i "s/USERNAME/${USERNAME}/g" config/bbs.ini
$SED -i "s@/home/andrew/MagickaBBS@${PWD}@g" config/localmail.ini $SED -i "s@/home/andrew/MagickaBBS@${PWD}@g" config/localmail.ini
$SED -i "s@/home/andrew/MagickaBBS@${PWD}@g" config/filesgen.ini $SED -i "s@/home/andrew/MagickaBBS@${PWD}@g" config/filesgen.ini
$SED -i "s@/home/andrew/MagickaBBS@${PWD}@g" config/happynet.ini $SED -i "s@/home/andrew/MagickaBBS@${PWD}@g" config/happynet.ini

View File

@ -125,6 +125,8 @@ struct ip_address_guard {
}; };
struct bbs_config { struct bbs_config {
uid_t uid;
gid_t gid;
int codepage; int codepage;
int ipv6; int ipv6;
char *bbs_name; char *bbs_name;

View File

@ -5,6 +5,7 @@
#include <sys/socket.h> #include <sys/socket.h>
#include <sys/wait.h> #include <sys/wait.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <pwd.h>
#include <signal.h> #include <signal.h>
#include <unistd.h> #include <unistd.h>
#include <stdlib.h> #include <stdlib.h>
@ -40,6 +41,7 @@ extern struct user_record *gUser;
int ssh_pid = -1; int ssh_pid = -1;
int bbs_pid = 0; int bbs_pid = 0;
int server_socket = -1; int server_socket = -1;
int ipv6_pid = -1;
int bbs_stdin; int bbs_stdin;
int bbs_stdout; int bbs_stdout;
@ -62,6 +64,10 @@ void sigterm_handler(int s)
MHD_stop_daemon(www_daemon); MHD_stop_daemon(www_daemon);
} }
#endif #endif
if (ipv6_pid != -1) {
printf("ipv6_pid %d\n", ipv6_pid);
kill(ipv6_pid, SIGTERM);
}
remove(conf.pid_file); remove(conf.pid_file);
exit(0); exit(0);
} }
@ -407,6 +413,7 @@ static int handler(void* user, const char* section, const char* name,
const char* value) const char* value)
{ {
struct bbs_config *conf = (struct bbs_config *)user; struct bbs_config *conf = (struct bbs_config *)user;
struct passwd *pwd;
if (strcasecmp(section, "main") == 0) { if (strcasecmp(section, "main") == 0) {
if (strcasecmp(name, "bbs name") == 0) { if (strcasecmp(name, "bbs name") == 0) {
@ -521,6 +528,12 @@ static int handler(void* user, const char* section, const char* name,
} else { } else {
conf->date_style = 0; conf->date_style = 0;
} }
} else if (strcasecmp(name, "run as user") == 0) {
pwd = getpwnam(value);
if (pwd != NULL) {
conf->uid = pwd->pw_uid;
conf->gid = pwd->pw_gid;
}
} }
} else if (strcasecmp(section, "paths") == 0){ } else if (strcasecmp(section, "paths") == 0){
if (strcasecmp(name, "ansi path") == 0) { if (strcasecmp(name, "ansi path") == 0) {
@ -794,6 +807,14 @@ void serverssh(int port, int ipv6) {
} }
c = sizeof(struct sockaddr_in); c = sizeof(struct sockaddr_in);
} }
if (conf.uid != getuid()) {
if (setgid(conf.gid) != 0 || setuid(conf.uid) != 0) {
perror("SetUID Failed: ");
remove(conf.pid_file);
exit(1);
}
}
listen(ssh_sock, 3); listen(ssh_sock, 3);
@ -1070,6 +1091,7 @@ void server(int port, int ipv6) {
ssh_pid = fork(); ssh_pid = fork();
if (ssh_pid == 0) { if (ssh_pid == 0) {
ipv6_pid = -1;
ssh_pid = -1; ssh_pid = -1;
serverssh(conf.ssh_port, ipv6); serverssh(conf.ssh_port, ipv6);
exit(0); exit(0);
@ -1079,20 +1101,6 @@ void server(int port, int ipv6) {
} }
} }
#if defined(ENABLE_WWW)
if (conf.www_server && conf.www_path != NULL && conf.www_url != NULL) {
if (!conf.fork) {
printf(" - HTTP Starting on Port %d (IPv%d)\n", conf.www_port, (ipv6 ? 6 : 4));
}
www_init();
if (ipv6) {
www_daemon = MHD_start_daemon(MHD_USE_THREAD_PER_CONNECTION|MHD_USE_IPv6, conf.www_port, NULL, NULL, &www_handler, NULL, MHD_OPTION_NOTIFY_COMPLETED, &www_request_completed, NULL, MHD_OPTION_URI_LOG_CALLBACK, &www_logger, NULL, MHD_OPTION_END);
} else {
www_daemon = MHD_start_daemon(MHD_USE_THREAD_PER_CONNECTION, conf.www_port, NULL, NULL, &www_handler, NULL, MHD_OPTION_NOTIFY_COMPLETED, &www_request_completed, NULL, MHD_OPTION_URI_LOG_CALLBACK, &www_logger, NULL, MHD_OPTION_END);
}
}
#endif
if (ipv6) { if (ipv6) {
server_socket = socket(AF_INET6, SOCK_STREAM, 0); server_socket = socket(AF_INET6, SOCK_STREAM, 0);
} else { } else {
@ -1152,6 +1160,28 @@ void server(int port, int ipv6) {
client_p = &client4; client_p = &client4;
} }
if (conf.uid != getuid()) {
if (setgid(conf.gid) != 0 || setuid(conf.uid) != 0) {
perror("SetUID Failed: ");
remove(conf.pid_file);
exit(1);
}
}
#if defined(ENABLE_WWW)
if (conf.www_server && conf.www_path != NULL && conf.www_url != NULL) {
if (!conf.fork) {
printf(" - HTTP Starting on Port %d (IPv%d)\n", conf.www_port, (ipv6 ? 6 : 4));
}
www_init();
if (ipv6) {
www_daemon = MHD_start_daemon(MHD_USE_THREAD_PER_CONNECTION|MHD_USE_IPv6, conf.www_port, NULL, NULL, &www_handler, NULL, MHD_OPTION_NOTIFY_COMPLETED, &www_request_completed, NULL, MHD_OPTION_URI_LOG_CALLBACK, &www_logger, NULL, MHD_OPTION_END);
} else {
www_daemon = MHD_start_daemon(MHD_USE_THREAD_PER_CONNECTION, conf.www_port, NULL, NULL, &www_handler, NULL, MHD_OPTION_NOTIFY_COMPLETED, &www_request_completed, NULL, MHD_OPTION_URI_LOG_CALLBACK, &www_logger, NULL, MHD_OPTION_END);
}
}
#endif
listen(server_socket, 3); listen(server_socket, 3);
@ -1229,7 +1259,7 @@ void server(int port, int ipv6) {
int main(int argc, char **argv) { int main(int argc, char **argv) {
int i; int i;
int main_pid, ipv6_pid; int main_pid;
FILE *fptr; FILE *fptr;
struct stat s; struct stat s;
char buffer[1024]; char buffer[1024];
@ -1269,7 +1299,8 @@ int main(int argc, char **argv) {
conf.codepage = 0; conf.codepage = 0;
conf.date_style = 0; conf.date_style = 0;
conf.ipv6 = 0; conf.ipv6 = 0;
conf.uid = getuid();
conf.gid = getgid();
// Load BBS data // Load BBS data
if (ini_parse(argv[1], handler, &conf) <0) { if (ini_parse(argv[1], handler, &conf) <0) {
fprintf(stderr, "Unable to load configuration ini (%s)!\n", argv[1]); fprintf(stderr, "Unable to load configuration ini (%s)!\n", argv[1]);
@ -1336,6 +1367,12 @@ int main(int argc, char **argv) {
exit(-1); exit(-1);
} else } else
if (main_pid > 0) { if (main_pid > 0) {
if (conf.uid != getuid()) {
if (setgid(conf.gid) != 0 || setuid(conf.uid) != 0) {
perror("Setuid Error: ");
exit(1);
}
}
fptr = fopen(conf.pid_file, "w"); fptr = fopen(conf.pid_file, "w");
if (!fptr) { if (!fptr) {
fprintf(stderr, "Unable to open pid file for writing.\n"); fprintf(stderr, "Unable to open pid file for writing.\n");
@ -1358,6 +1395,7 @@ int main(int argc, char **argv) {
} else if (ipv6_pid > 0) { } else if (ipv6_pid > 0) {
server(conf.telnet_port, 0); server(conf.telnet_port, 0);
} else { } else {
ipv6_pid = -1;
server(conf.telnet_port, 1); server(conf.telnet_port, 1);
} }
} else { } else {
@ -1382,6 +1420,7 @@ int main(int argc, char **argv) {
} else if (ipv6_pid > 0) { } else if (ipv6_pid > 0) {
server(conf.telnet_port, 0); server(conf.telnet_port, 0);
} else { } else {
ipv6_pid = -1;
server(conf.telnet_port, 1); server(conf.telnet_port, 1);
} }
} else { } else {