diff options
| -rw-r--r-- | src/conffile.c | 2 | ||||
| -rw-r--r-- | src/tinyproxy.c | 71 | ||||
| -rw-r--r-- | src/tinyproxy.h | 2 |
3 files changed, 52 insertions, 23 deletions
diff --git a/src/conffile.c b/src/conffile.c index 2ae1d90..78f5da3 100644 --- a/src/conffile.c +++ b/src/conffile.c @@ -557,7 +557,7 @@ HANDLE_FUNC(handle_connectport) static HANDLE_FUNC(handle_user) { - return set_string_arg(&conf->username, line, &match[2]); + return set_string_arg(&conf->user, line, &match[2]); } static diff --git a/src/tinyproxy.c b/src/tinyproxy.c index d185d51..88bc9d3 100644 --- a/src/tinyproxy.c +++ b/src/tinyproxy.c @@ -149,6 +149,24 @@ Options:\n\ #endif /* REVERSE_SUPPORT */ } +static int +get_id (char *str) +{ + char *tstr; + + if (str == NULL) + return -1; + + tstr = str; + while (*tstr != 0) { + if (!isdigit(*tstr)) + return -1; + tstr++; + } + + return atoi(str); +} + int main(int argc, char **argv) { @@ -268,7 +286,7 @@ main(int argc, char **argv) DEFAULT_STATHOST); config.stathost = DEFAULT_STATHOST; } - if (!config.username) { + if (!config.user) { log_message(LOG_WARNING, "You SHOULD set a UserName in the configuration file. Using current user instead."); } @@ -328,38 +346,49 @@ main(int argc, char **argv) */ if (geteuid() == 0) { if (config.group && strlen(config.group) > 0) { - thisgroup = getgrnam(config.group); - if (!thisgroup) { + int gid = get_id(config.group); + if (gid < 0) { + thisgroup = getgrnam(config.group); + if (!thisgroup) { + fprintf(stderr, + "%s: Unable to find " + "group \"%s\".\n", + argv[0], config.group); + exit(EX_NOUSER); + } + gid = thisgroup->gr_gid; + } + if (setgid(gid) < 0) { fprintf(stderr, - "%s: Unable to find group \"%s\".\n", - argv[0], config.group); - exit(EX_NOUSER); - } - if (setgid(thisgroup->gr_gid) < 0) { - fprintf(stderr, - "%s: Unable to change to group \"%s\".\n", + "%s: Unable to change to " + "group \"%s\".\n", argv[0], config.group); exit(EX_CANTCREAT); } log_message(LOG_INFO, "Now running as group \"%s\".", config.group); } - if (config.username && strlen(config.username) > 0) { - thisuser = getpwnam(config.username); - if (!thisuser) { - fprintf(stderr, - "%s: Unable to find user \"%s\".", - argv[0], config.username); - exit(EX_NOUSER); - } - if (setuid(thisuser->pw_uid) < 0) { + if (config.user && strlen(config.user) > 0) { + int uid = get_id(config.user); + if (uid < 0) { + thisuser = getpwnam(config.user); + if (!thisuser) { + fprintf(stderr, + "%s: Unable to find " + "user \"%s\".", + argv[0], config.user); + exit(EX_NOUSER); + } + uid = thisuser->pw_uid; + } + if (setuid(uid) < 0) { fprintf(stderr, "%s: Unable to change to user \"%s\".", - argv[0], config.username); + argv[0], config.user); exit(EX_CANTCREAT); } log_message(LOG_INFO, "Now running as user \"%s\".", - config.username); + config.user); } } else { log_message(LOG_WARNING, diff --git a/src/tinyproxy.h b/src/tinyproxy.h index a418a02..88ed541 100644 --- a/src/tinyproxy.h +++ b/src/tinyproxy.h @@ -51,7 +51,7 @@ struct config_s { int port; char *stathost; unsigned int quit; /* boolean */ - char *username; + char *user; char *group; char *ipAddr; #ifdef FILTER_ENABLE |