warp-vpn

point to point VPN implementation
git clone git://git.2f30.org/warp-vpn
Log | Files | Refs | README

commit f278e9f47d626981d26f061adec552581a03b7d9
parent 98118c6d6e5219ebae7c239e9ca55fad38daef86
Author: sin <sin@2f30.org>
Date:   Tue, 29 Mar 2016 10:42:25 +0100

revoke privs later so bind can succeed on low ports

Diffstat:
Mstun.c | 31++++++++++++++++---------------
1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/stun.c b/stun.c @@ -155,6 +155,20 @@ logerr(char *msg, ...) exit(1); } +void +revokeprivs(void) +{ + struct passwd *pw; + + pw = getpwnam(NOPRIVUSER); + if (!pw) + logerr("no %s user", NOPRIVUSER); + if (setgroups(1, &pw->pw_gid) || + setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || + setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) + logerr("failed to revoke privs"); +} + int padto(int len, int blocksize) { @@ -641,6 +655,7 @@ serversetup(int devfd) if (ret < 0) logerr("listen failed"); + revokeprivs(); for (;;) { netfd = accept(listenfd, (struct sockaddr *)&remote, (socklen_t []){sizeof(remote)}); @@ -761,20 +776,6 @@ daemonize(void) } void -revokeprivs(void) -{ - struct passwd *pw; - - pw = getpwnam(NOPRIVUSER); - if (!pw) - logerr("no %s user", NOPRIVUSER); - if (setgroups(1, &pw->pw_gid) || - setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || - setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) - logerr("failed to revoke privs"); -} - -void usage(void) { fprintf(stderr, "usage: stun [-df] -s [-p port] [-t type] interface\n"); @@ -825,7 +826,6 @@ main(int argc, char *argv[]) openlog("stun", LOG_PID | LOG_NDELAY, LOG_DAEMON); devfd = opendev(argv[0]); - revokeprivs(); pw = getenv("STUNPW"); if (!pw) @@ -836,6 +836,7 @@ main(int argc, char *argv[]) if (sflag) return serversetup(devfd); /* auto-reconnect client */ + revokeprivs(); for (;;) { clientsetup(devfd); sleep(RECONNECTTIMEO);