Run as user
This commit is contained in:
parent
ec747992a4
commit
93c7bd2170
1
dist/config/bbs.ini
vendored
1
dist/config/bbs.ini
vendored
@ -14,6 +14,7 @@ External Editor stdio = true
|
|||||||
External Editor Codepage = CP437
|
External Editor Codepage = CP437
|
||||||
Automessage Write Level = 10
|
Automessage Write Level = 10
|
||||||
Fork = false
|
Fork = false
|
||||||
|
Run As User = USERNAME
|
||||||
Enable WWW = false
|
Enable WWW = false
|
||||||
WWW Port = 8080
|
WWW Port = 8080
|
||||||
WWW URL = http://127.0.0.1:8080/
|
WWW URL = http://127.0.0.1:8080/
|
||||||
|
@ -18,6 +18,7 @@ This is the main bbs INI file and contains the following sections
|
|||||||
* **External Editor Codepage** The codepage the external editor uses (CP437 for magiedit) (Only required if External Editor CMD is set)
|
* **External Editor Codepage** The codepage the external editor uses (CP437 for magiedit) (Only required if External Editor CMD is set)
|
||||||
* **Automessage Write Level** The security level a user needs to change the automessage (Required)
|
* **Automessage Write Level** The security level a user needs to change the automessage (Required)
|
||||||
* **Fork** True if you want the BBS to run in daemon mode false if not. (Required)
|
* **Fork** True if you want the BBS to run in daemon mode false if not. (Required)
|
||||||
|
* **Run as User** Which user to run at if invoked as root. (Required if running as root)
|
||||||
* **Enable WWW** True to enable the WWW server, false if not. (Required)
|
* **Enable WWW** True to enable the WWW server, false if not. (Required)
|
||||||
* **WWW Port** Port to listen for HTTP connections (Required if WWW is enabled)
|
* **WWW Port** Port to listen for HTTP connections (Required if WWW is enabled)
|
||||||
* **WWW URL** Public facing url of the BBS (Required if WWW is enabled)
|
* **WWW URL** Public facing url of the BBS (Required if WWW is enabled)
|
||||||
|
2
setup.sh
2
setup.sh
@ -69,9 +69,11 @@ else
|
|||||||
SED=sed
|
SED=sed
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
$SED -i "s@/home/andrew/MagickaBBS@${PWD}@g" config/bbs.ini
|
$SED -i "s@/home/andrew/MagickaBBS@${PWD}@g" config/bbs.ini
|
||||||
$SED -i "s/BBS Name = Magicka BBS/BBS Name = ${bbsname}/g" config/bbs.ini
|
$SED -i "s/BBS Name = Magicka BBS/BBS Name = ${bbsname}/g" config/bbs.ini
|
||||||
$SED -i "s/Sysop Name = sysop/Sysop Name = ${handle}/g" config/bbs.ini
|
$SED -i "s/Sysop Name = sysop/Sysop Name = ${handle}/g" config/bbs.ini
|
||||||
|
$SED -i "s/USERNAME/${USERNAME}/g" config/bbs.ini
|
||||||
$SED -i "s@/home/andrew/MagickaBBS@${PWD}@g" config/localmail.ini
|
$SED -i "s@/home/andrew/MagickaBBS@${PWD}@g" config/localmail.ini
|
||||||
$SED -i "s@/home/andrew/MagickaBBS@${PWD}@g" config/filesgen.ini
|
$SED -i "s@/home/andrew/MagickaBBS@${PWD}@g" config/filesgen.ini
|
||||||
$SED -i "s@/home/andrew/MagickaBBS@${PWD}@g" config/happynet.ini
|
$SED -i "s@/home/andrew/MagickaBBS@${PWD}@g" config/happynet.ini
|
||||||
|
@ -125,6 +125,8 @@ struct ip_address_guard {
|
|||||||
};
|
};
|
||||||
|
|
||||||
struct bbs_config {
|
struct bbs_config {
|
||||||
|
uid_t uid;
|
||||||
|
gid_t gid;
|
||||||
int codepage;
|
int codepage;
|
||||||
int ipv6;
|
int ipv6;
|
||||||
char *bbs_name;
|
char *bbs_name;
|
||||||
|
71
src/main.c
71
src/main.c
@ -5,6 +5,7 @@
|
|||||||
#include <sys/socket.h>
|
#include <sys/socket.h>
|
||||||
#include <sys/wait.h>
|
#include <sys/wait.h>
|
||||||
#include <sys/stat.h>
|
#include <sys/stat.h>
|
||||||
|
#include <pwd.h>
|
||||||
#include <signal.h>
|
#include <signal.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
@ -40,6 +41,7 @@ extern struct user_record *gUser;
|
|||||||
int ssh_pid = -1;
|
int ssh_pid = -1;
|
||||||
int bbs_pid = 0;
|
int bbs_pid = 0;
|
||||||
int server_socket = -1;
|
int server_socket = -1;
|
||||||
|
int ipv6_pid = -1;
|
||||||
|
|
||||||
int bbs_stdin;
|
int bbs_stdin;
|
||||||
int bbs_stdout;
|
int bbs_stdout;
|
||||||
@ -62,6 +64,10 @@ void sigterm_handler(int s)
|
|||||||
MHD_stop_daemon(www_daemon);
|
MHD_stop_daemon(www_daemon);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
if (ipv6_pid != -1) {
|
||||||
|
printf("ipv6_pid %d\n", ipv6_pid);
|
||||||
|
kill(ipv6_pid, SIGTERM);
|
||||||
|
}
|
||||||
remove(conf.pid_file);
|
remove(conf.pid_file);
|
||||||
exit(0);
|
exit(0);
|
||||||
}
|
}
|
||||||
@ -407,6 +413,7 @@ static int handler(void* user, const char* section, const char* name,
|
|||||||
const char* value)
|
const char* value)
|
||||||
{
|
{
|
||||||
struct bbs_config *conf = (struct bbs_config *)user;
|
struct bbs_config *conf = (struct bbs_config *)user;
|
||||||
|
struct passwd *pwd;
|
||||||
|
|
||||||
if (strcasecmp(section, "main") == 0) {
|
if (strcasecmp(section, "main") == 0) {
|
||||||
if (strcasecmp(name, "bbs name") == 0) {
|
if (strcasecmp(name, "bbs name") == 0) {
|
||||||
@ -521,6 +528,12 @@ static int handler(void* user, const char* section, const char* name,
|
|||||||
} else {
|
} else {
|
||||||
conf->date_style = 0;
|
conf->date_style = 0;
|
||||||
}
|
}
|
||||||
|
} else if (strcasecmp(name, "run as user") == 0) {
|
||||||
|
pwd = getpwnam(value);
|
||||||
|
if (pwd != NULL) {
|
||||||
|
conf->uid = pwd->pw_uid;
|
||||||
|
conf->gid = pwd->pw_gid;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
} else if (strcasecmp(section, "paths") == 0){
|
} else if (strcasecmp(section, "paths") == 0){
|
||||||
if (strcasecmp(name, "ansi path") == 0) {
|
if (strcasecmp(name, "ansi path") == 0) {
|
||||||
@ -794,6 +807,14 @@ void serverssh(int port, int ipv6) {
|
|||||||
}
|
}
|
||||||
c = sizeof(struct sockaddr_in);
|
c = sizeof(struct sockaddr_in);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (conf.uid != getuid()) {
|
||||||
|
if (setgid(conf.gid) != 0 || setuid(conf.uid) != 0) {
|
||||||
|
perror("SetUID Failed: ");
|
||||||
|
remove(conf.pid_file);
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
listen(ssh_sock, 3);
|
listen(ssh_sock, 3);
|
||||||
|
|
||||||
@ -1070,6 +1091,7 @@ void server(int port, int ipv6) {
|
|||||||
ssh_pid = fork();
|
ssh_pid = fork();
|
||||||
|
|
||||||
if (ssh_pid == 0) {
|
if (ssh_pid == 0) {
|
||||||
|
ipv6_pid = -1;
|
||||||
ssh_pid = -1;
|
ssh_pid = -1;
|
||||||
serverssh(conf.ssh_port, ipv6);
|
serverssh(conf.ssh_port, ipv6);
|
||||||
exit(0);
|
exit(0);
|
||||||
@ -1079,20 +1101,6 @@ void server(int port, int ipv6) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(ENABLE_WWW)
|
|
||||||
if (conf.www_server && conf.www_path != NULL && conf.www_url != NULL) {
|
|
||||||
if (!conf.fork) {
|
|
||||||
printf(" - HTTP Starting on Port %d (IPv%d)\n", conf.www_port, (ipv6 ? 6 : 4));
|
|
||||||
}
|
|
||||||
www_init();
|
|
||||||
if (ipv6) {
|
|
||||||
www_daemon = MHD_start_daemon(MHD_USE_THREAD_PER_CONNECTION|MHD_USE_IPv6, conf.www_port, NULL, NULL, &www_handler, NULL, MHD_OPTION_NOTIFY_COMPLETED, &www_request_completed, NULL, MHD_OPTION_URI_LOG_CALLBACK, &www_logger, NULL, MHD_OPTION_END);
|
|
||||||
} else {
|
|
||||||
www_daemon = MHD_start_daemon(MHD_USE_THREAD_PER_CONNECTION, conf.www_port, NULL, NULL, &www_handler, NULL, MHD_OPTION_NOTIFY_COMPLETED, &www_request_completed, NULL, MHD_OPTION_URI_LOG_CALLBACK, &www_logger, NULL, MHD_OPTION_END);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if (ipv6) {
|
if (ipv6) {
|
||||||
server_socket = socket(AF_INET6, SOCK_STREAM, 0);
|
server_socket = socket(AF_INET6, SOCK_STREAM, 0);
|
||||||
} else {
|
} else {
|
||||||
@ -1152,6 +1160,28 @@ void server(int port, int ipv6) {
|
|||||||
client_p = &client4;
|
client_p = &client4;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (conf.uid != getuid()) {
|
||||||
|
if (setgid(conf.gid) != 0 || setuid(conf.uid) != 0) {
|
||||||
|
perror("SetUID Failed: ");
|
||||||
|
remove(conf.pid_file);
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#if defined(ENABLE_WWW)
|
||||||
|
if (conf.www_server && conf.www_path != NULL && conf.www_url != NULL) {
|
||||||
|
if (!conf.fork) {
|
||||||
|
printf(" - HTTP Starting on Port %d (IPv%d)\n", conf.www_port, (ipv6 ? 6 : 4));
|
||||||
|
}
|
||||||
|
www_init();
|
||||||
|
if (ipv6) {
|
||||||
|
www_daemon = MHD_start_daemon(MHD_USE_THREAD_PER_CONNECTION|MHD_USE_IPv6, conf.www_port, NULL, NULL, &www_handler, NULL, MHD_OPTION_NOTIFY_COMPLETED, &www_request_completed, NULL, MHD_OPTION_URI_LOG_CALLBACK, &www_logger, NULL, MHD_OPTION_END);
|
||||||
|
} else {
|
||||||
|
www_daemon = MHD_start_daemon(MHD_USE_THREAD_PER_CONNECTION, conf.www_port, NULL, NULL, &www_handler, NULL, MHD_OPTION_NOTIFY_COMPLETED, &www_request_completed, NULL, MHD_OPTION_URI_LOG_CALLBACK, &www_logger, NULL, MHD_OPTION_END);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
listen(server_socket, 3);
|
listen(server_socket, 3);
|
||||||
|
|
||||||
|
|
||||||
@ -1229,7 +1259,7 @@ void server(int port, int ipv6) {
|
|||||||
|
|
||||||
int main(int argc, char **argv) {
|
int main(int argc, char **argv) {
|
||||||
int i;
|
int i;
|
||||||
int main_pid, ipv6_pid;
|
int main_pid;
|
||||||
FILE *fptr;
|
FILE *fptr;
|
||||||
struct stat s;
|
struct stat s;
|
||||||
char buffer[1024];
|
char buffer[1024];
|
||||||
@ -1269,7 +1299,8 @@ int main(int argc, char **argv) {
|
|||||||
conf.codepage = 0;
|
conf.codepage = 0;
|
||||||
conf.date_style = 0;
|
conf.date_style = 0;
|
||||||
conf.ipv6 = 0;
|
conf.ipv6 = 0;
|
||||||
|
conf.uid = getuid();
|
||||||
|
conf.gid = getgid();
|
||||||
// Load BBS data
|
// Load BBS data
|
||||||
if (ini_parse(argv[1], handler, &conf) <0) {
|
if (ini_parse(argv[1], handler, &conf) <0) {
|
||||||
fprintf(stderr, "Unable to load configuration ini (%s)!\n", argv[1]);
|
fprintf(stderr, "Unable to load configuration ini (%s)!\n", argv[1]);
|
||||||
@ -1336,6 +1367,12 @@ int main(int argc, char **argv) {
|
|||||||
exit(-1);
|
exit(-1);
|
||||||
} else
|
} else
|
||||||
if (main_pid > 0) {
|
if (main_pid > 0) {
|
||||||
|
if (conf.uid != getuid()) {
|
||||||
|
if (setgid(conf.gid) != 0 || setuid(conf.uid) != 0) {
|
||||||
|
perror("Setuid Error: ");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
}
|
||||||
fptr = fopen(conf.pid_file, "w");
|
fptr = fopen(conf.pid_file, "w");
|
||||||
if (!fptr) {
|
if (!fptr) {
|
||||||
fprintf(stderr, "Unable to open pid file for writing.\n");
|
fprintf(stderr, "Unable to open pid file for writing.\n");
|
||||||
@ -1358,6 +1395,7 @@ int main(int argc, char **argv) {
|
|||||||
} else if (ipv6_pid > 0) {
|
} else if (ipv6_pid > 0) {
|
||||||
server(conf.telnet_port, 0);
|
server(conf.telnet_port, 0);
|
||||||
} else {
|
} else {
|
||||||
|
ipv6_pid = -1;
|
||||||
server(conf.telnet_port, 1);
|
server(conf.telnet_port, 1);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
@ -1382,6 +1420,7 @@ int main(int argc, char **argv) {
|
|||||||
} else if (ipv6_pid > 0) {
|
} else if (ipv6_pid > 0) {
|
||||||
server(conf.telnet_port, 0);
|
server(conf.telnet_port, 0);
|
||||||
} else {
|
} else {
|
||||||
|
ipv6_pid = -1;
|
||||||
server(conf.telnet_port, 1);
|
server(conf.telnet_port, 1);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
Reference in New Issue
Block a user