Allow numeric uid/gids in User and Group directives
This change allows numeric uid/gids to be specified in the User and Group directives in tinyproxy.conf. Formerly, only username and group names were accepted. This fixes bug #15, which was created after looking at a case on the OpenWrt wiki. X-Banu-Bugzilla-Ids: 15
This commit is contained in:
Mukund Sivaraman
parent
2fe213d777
commit
aa95c34004
@ -557,7 +557,7 @@ HANDLE_FUNC(handle_connectport)
|
||||
static
|
||||
HANDLE_FUNC(handle_user)
|
||||
{
|
||||
return set_string_arg(&conf->username, line, &match[2]);
|
||||
return set_string_arg(&conf->user, line, &match[2]);
|
||||
}
|
||||
|
||||
static
|
||||
|
||||
@ -149,6 +149,24 @@ Options:\n\
|
||||
#endif /* REVERSE_SUPPORT */
|
||||
}
|
||||
|
||||
static int
|
||||
get_id (char *str)
|
||||
{
|
||||
char *tstr;
|
||||
|
||||
if (str == NULL)
|
||||
return -1;
|
||||
|
||||
tstr = str;
|
||||
while (*tstr != 0) {
|
||||
if (!isdigit(*tstr))
|
||||
return -1;
|
||||
tstr++;
|
||||
}
|
||||
|
||||
return atoi(str);
|
||||
}
|
||||
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
@ -268,7 +286,7 @@ main(int argc, char **argv)
|
||||
DEFAULT_STATHOST);
|
||||
config.stathost = DEFAULT_STATHOST;
|
||||
}
|
||||
if (!config.username) {
|
||||
if (!config.user) {
|
||||
log_message(LOG_WARNING,
|
||||
"You SHOULD set a UserName in the configuration file. Using current user instead.");
|
||||
}
|
||||
@ -328,38 +346,49 @@ main(int argc, char **argv)
|
||||
*/
|
||||
if (geteuid() == 0) {
|
||||
if (config.group && strlen(config.group) > 0) {
|
||||
thisgroup = getgrnam(config.group);
|
||||
if (!thisgroup) {
|
||||
int gid = get_id(config.group);
|
||||
if (gid < 0) {
|
||||
thisgroup = getgrnam(config.group);
|
||||
if (!thisgroup) {
|
||||
fprintf(stderr,
|
||||
"%s: Unable to find "
|
||||
"group \"%s\".\n",
|
||||
argv[0], config.group);
|
||||
exit(EX_NOUSER);
|
||||
}
|
||||
gid = thisgroup->gr_gid;
|
||||
}
|
||||
if (setgid(gid) < 0) {
|
||||
fprintf(stderr,
|
||||
"%s: Unable to find group \"%s\".\n",
|
||||
argv[0], config.group);
|
||||
exit(EX_NOUSER);
|
||||
}
|
||||
if (setgid(thisgroup->gr_gid) < 0) {
|
||||
fprintf(stderr,
|
||||
"%s: Unable to change to group \"%s\".\n",
|
||||
"%s: Unable to change to "
|
||||
"group \"%s\".\n",
|
||||
argv[0], config.group);
|
||||
exit(EX_CANTCREAT);
|
||||
}
|
||||
log_message(LOG_INFO, "Now running as group \"%s\".",
|
||||
config.group);
|
||||
}
|
||||
if (config.username && strlen(config.username) > 0) {
|
||||
thisuser = getpwnam(config.username);
|
||||
if (!thisuser) {
|
||||
fprintf(stderr,
|
||||
"%s: Unable to find user \"%s\".",
|
||||
argv[0], config.username);
|
||||
exit(EX_NOUSER);
|
||||
}
|
||||
if (setuid(thisuser->pw_uid) < 0) {
|
||||
if (config.user && strlen(config.user) > 0) {
|
||||
int uid = get_id(config.user);
|
||||
if (uid < 0) {
|
||||
thisuser = getpwnam(config.user);
|
||||
if (!thisuser) {
|
||||
fprintf(stderr,
|
||||
"%s: Unable to find "
|
||||
"user \"%s\".",
|
||||
argv[0], config.user);
|
||||
exit(EX_NOUSER);
|
||||
}
|
||||
uid = thisuser->pw_uid;
|
||||
}
|
||||
if (setuid(uid) < 0) {
|
||||
fprintf(stderr,
|
||||
"%s: Unable to change to user \"%s\".",
|
||||
argv[0], config.username);
|
||||
argv[0], config.user);
|
||||
exit(EX_CANTCREAT);
|
||||
}
|
||||
log_message(LOG_INFO, "Now running as user \"%s\".",
|
||||
config.username);
|
||||
config.user);
|
||||
}
|
||||
} else {
|
||||
log_message(LOG_WARNING,
|
||||
|
||||
@ -51,7 +51,7 @@ struct config_s {
|
||||
int port;
|
||||
char *stathost;
|
||||
unsigned int quit; /* boolean */
|
||||
char *username;
|
||||
char *user;
|
||||
char *group;
|
||||
char *ipAddr;
|
||||
#ifdef FILTER_ENABLE
|
||||
|
||||
Loading…
Reference in New Issue
Block a user