bughz/tinyproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow numeric uid/gids in User and Group directives

Browse Source 
This change allows numeric uid/gids to be specified in the User and
Group directives in tinyproxy.conf. Formerly, only username and group
names were accepted. This fixes bug #15, which was created after
looking at a case on the OpenWrt wiki.

X-Banu-Bugzilla-Ids: 15
This commit is contained in:
Mukund Sivaraman 2008-07-14 17:40:20 +05:30
parent 2fe213d777
commit aa95c34004
3 changed files with 52 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/conffile.c
View File

@ -557,7 +557,7 @@ HANDLE_FUNC(handle_connectport)
static static
HANDLE_FUNC(handle_user) HANDLE_FUNC(handle_user)
{ {
return set_string_arg(&conf->username, line, &match[2]); return set_string_arg(&conf->user, line, &match[2]);
} }
static static

71
src/tinyproxy.c
View File

@ -149,6 +149,24 @@ Options:\n\
#endif /* REVERSE_SUPPORT */ #endif /* REVERSE_SUPPORT */
} }
static int
get_id (char *str)
{
char *tstr;
if (str == NULL)
return -1;
tstr = str;
while (*tstr != 0) {
if (!isdigit(*tstr))
return -1;
tstr++;
}
return atoi(str);
}
int int
main(int argc, char **argv) main(int argc, char **argv)
{ {
@ -268,7 +286,7 @@ main(int argc, char **argv)
DEFAULT_STATHOST); DEFAULT_STATHOST);
config.stathost = DEFAULT_STATHOST; config.stathost = DEFAULT_STATHOST;
} }
if (!config.username) { if (!config.user) {
log_message(LOG_WARNING, log_message(LOG_WARNING,
"You SHOULD set a UserName in the configuration file. Using current user instead."); "You SHOULD set a UserName in the configuration file. Using current user instead.");
} }
@ -328,38 +346,49 @@ main(int argc, char **argv)
*/ */
if (geteuid() == 0) { if (geteuid() == 0) {
if (config.group && strlen(config.group) > 0) { if (config.group && strlen(config.group) > 0) {
thisgroup = getgrnam(config.group); int gid = get_id(config.group);
if (!thisgroup) { if (gid < 0) {
thisgroup = getgrnam(config.group);
if (!thisgroup) {
fprintf(stderr,
"%s: Unable to find "
"group \"%s\".\n",
argv[0], config.group);
exit(EX_NOUSER);
}
gid = thisgroup->gr_gid;
}
if (setgid(gid) < 0) {
fprintf(stderr, fprintf(stderr,
"%s: Unable to find group \"%s\".\n", "%s: Unable to change to "
argv[0], config.group); "group \"%s\".\n",
exit(EX_NOUSER);
}
if (setgid(thisgroup->gr_gid) < 0) {
fprintf(stderr,
"%s: Unable to change to group \"%s\".\n",
argv[0], config.group); argv[0], config.group);
exit(EX_CANTCREAT); exit(EX_CANTCREAT);
} }
log_message(LOG_INFO, "Now running as group \"%s\".", log_message(LOG_INFO, "Now running as group \"%s\".",
config.group); config.group);
} }
if (config.username && strlen(config.username) > 0) { if (config.user && strlen(config.user) > 0) {
thisuser = getpwnam(config.username); int uid = get_id(config.user);
if (!thisuser) { if (uid < 0) {
fprintf(stderr, thisuser = getpwnam(config.user);
"%s: Unable to find user \"%s\".", if (!thisuser) {
argv[0], config.username); fprintf(stderr,
exit(EX_NOUSER); "%s: Unable to find "
} "user \"%s\".",
if (setuid(thisuser->pw_uid) < 0) { argv[0], config.user);
exit(EX_NOUSER);
}
uid = thisuser->pw_uid;
}
if (setuid(uid) < 0) {
fprintf(stderr, fprintf(stderr,
"%s: Unable to change to user \"%s\".", "%s: Unable to change to user \"%s\".",
argv[0], config.username); argv[0], config.user);
exit(EX_CANTCREAT); exit(EX_CANTCREAT);
} }
log_message(LOG_INFO, "Now running as user \"%s\".", log_message(LOG_INFO, "Now running as user \"%s\".",
config.username); config.user);
} }
} else { } else {
log_message(LOG_WARNING, log_message(LOG_WARNING,

2
src/tinyproxy.h
View File

@ -51,7 +51,7 @@ struct config_s {
int port; int port;
char *stathost; char *stathost;
unsigned int quit; /* boolean */ unsigned int quit; /* boolean */
char *username; char *user;
char *group; char *group;
char *ipAddr; char *ipAddr;
#ifdef FILTER_ENABLE #ifdef FILTER_ENABLE