Allow dropping privileges to specified user - stun

commit 9b6122cb92ce56964f328b533d5f748a428c5a7d
parent bb2f2eb11fbe038e029c374e18023abd0916ba13
Author: sin <sin@2f30.org>
Date:   Thu, 21 Apr 2016 12:43:05 +0100

Allow dropping privileges to specified user

Diffstat:
M stun.8  | 8 +++++++-
M stun.c  | 12 ++++++++----
M stun.h  | 2 +-
M util.c  | 6 +++---

4 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/stun.8 b/stun.8
@@ -1,4 +1,4 @@
-.Dd April 14, 2016
+.Dd April 21, 2016
 .Dt STUN 8
 .Os
 .Sh NAME
@@ -13,6 +13,7 @@
 .Op Fl p Ar port
 .Op Fl t Ar devtype
 .Op Fl c Ar cipher
+.Op Fl u Ar user
 .Ar interface
 .Nm stun
 .Op Fl 46
@@ -21,6 +22,7 @@
 .Op Fl p Ar port
 .Op Fl t Ar devtype
 .Op Fl c Ar cipher
+.Op Fl u Ar user
 .Ar interface
 .Sh DESCRIPTION
 .Nm
@@ -63,6 +65,10 @@ Select the given
 If the argument is ? then
 .Nm
 will list the available ciphers.  The default cipher is chacha20-poly1305.
+.It Fl u Ar user
+Drop privileges to the specified
+.Ar user .
+The default user is nobody.
 .El
 .Sh BUGS
 This program is an experiment and may not be secure.  Use at your
diff --git a/stun.c b/stun.c
@@ -65,8 +65,8 @@ int sflag;
 void
 usage(void)
 {
-	fprintf(stderr, "usage: stun [-46] [-d] -s [-b address] [-p port] [-t devtype] [-c cipher] interface\n");
-	fprintf(stderr, "       stun [-46] [-d] -h host [-p port] [-t devtype] [-c cipher] interface\n");
+	fprintf(stderr, "usage: stun [-46] [-d] -s [-b address] [-p port] [-t devtype] [-c cipher] [-u user] interface\n");
+	fprintf(stderr, "       stun [-46] [-d] -h host [-p port] [-t devtype] [-c cipher] [-u user] interface\n");
 	exit(1);
 }
 
@@ -75,6 +75,7 @@ main(int argc, char *argv[])
 {
 	struct rlimit rlim;
 	char *arg, *pw;
+	char *user = NOPRIVUSER;
 	int devfd, listenfd, netfd;
 
 	ARGBEGIN {
@@ -115,6 +116,9 @@ main(int argc, char *argv[])
 			return 0;
 		}
 		break;
+	case 'u':
+		user = EARGF(usage());
+		break;
 	default:
 		usage();
 	} ARGEND
@@ -150,7 +154,7 @@ main(int argc, char *argv[])
 	if (sflag) {
 		/* invoked as server */
 		listenfd = serverinit(bindaddr, port);
-		revokeprivs();
+		revokeprivs(user);
 #if defined(__OpenBSD__)
 #include <sys/param.h>
 #if OpenBSD >= 201605
@@ -171,7 +175,7 @@ main(int argc, char *argv[])
 		}
 	} else {
 		/* invoked as client */
-		revokeprivs();
+		revokeprivs(user);
 #if defined(__OpenBSD__)
 #include <sys/param.h>
 #if OpenBSD >= 201605
diff --git a/stun.h b/stun.h
@@ -78,7 +78,7 @@ void pack16(unsigned char *, uint16_t);
 uint16_t unpack16(unsigned char *);
 void pack64(unsigned char *, uint64_t);
 uint64_t unpack64(unsigned char *);
-void revokeprivs(void);
+void revokeprivs(char *);
 int setnonblock(int, int);
 char *saddr_ntop(struct sockaddr *, socklen_t);
 char *peer_ntop(int);
diff --git a/util.c b/util.c
@@ -53,12 +53,12 @@ unpack64(unsigned char *buf)
 }
 
 void
-revokeprivs(void)
+revokeprivs(char *user)
 {
 	struct passwd *pw;
 
-	if (!(pw = getpwnam(NOPRIVUSER)))
-		logerr("no %s user", NOPRIVUSER);
+	if (!(pw = getpwnam(user)))
+		logerr("no %s user", user);
 	if (setgroups(1, &pw->pw_gid) < 0 ||
 	    setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0 ||
 	    setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0)

	stun simple point to point tunnel
	git clone git://git.2f30.org/stun
	Log \| Files \| Refs \| README

M	stun.8	\|	8	+++++++-
M	stun.c	\|	12	++++++++----
M	stun.h	\|	2	+-
M	util.c	\|	6	+++---