diff -urN httptunnel-3.3.orig/hts.c httptunnel-3.3/hts.c --- httptunnel-3.3.orig/hts.c 2001-02-25 12:56:37.000000000 +0100 +++ httptunnel-3.3/hts.c 2004-04-03 18:21:23.000000000 +0200 @@ -13,6 +13,7 @@ #include #include #include +#include #include "common.h" @@ -31,6 +32,8 @@ int strict_content_length; int keep_alive; int max_connection_age; + uid_t user; + gid_t group; } Arguments; int debug_level = 0; @@ -67,6 +70,7 @@ " -V, --version output version information and exit\n" " -w, --no-daemon don't fork into the background\n" " -p, --pid-file LOCATION write a PID file to LOCATION\n" +" -u, --user run as this user\n" "\n" "Report bugs to %s.\n", me, DEFAULT_HOST_PORT, DEFAULT_KEEP_ALIVE, @@ -93,6 +97,8 @@ arg->strict_content_length = FALSE; arg->keep_alive = DEFAULT_KEEP_ALIVE; arg->max_connection_age = DEFAULT_CONNECTION_MAX_TIME; + arg->user = getuid(); + arg->group = getgid(); for (;;) { @@ -114,10 +120,11 @@ { "forward-port", required_argument, 0, 'F' }, { "content-length", required_argument, 0, 'c' }, { "max-connection-age", required_argument, 0, 'M' }, + { "user", required_argument, 0, 'u' }, { 0, 0, 0, 0 } }; - static const char *short_options = "c:d:F:hk:M:p:sSVw" + static const char *short_options = "c:d:F:hk:M:p:sSu:Vw" #ifdef DEBUG_MODE "D:l:" #endif @@ -211,6 +218,27 @@ case '?': break; + case 'u': + if (getuid () != 0) + { + fprintf(stderr, "%s: only root are allowed to set uid!\n" + "%s: try '%s --help' for help.\n", + arg->me, arg->me, arg->me); + exit (1); + } + + struct passwd* pw = getpwnam(optarg); + if (pw == NULL) + { + fprintf(stderr, "%s: the user %s was not found.\n", + arg->me, optarg); + exit (1); + } + + arg->user = pw->pw_uid; + arg->group = pw->pw_gid; + break; + default: fprintf (stderr, "?? getopt returned character code 0%o ??\n", c); } @@ -293,6 +321,7 @@ log_notice ("hts (%s) %s started with arguments:", PACKAGE, VERSION); log_notice (" me = %s", arg.me); + log_notice (" uid = %d", arg.user); log_notice (" device = %s", arg.device ? arg.device : "(null)"); if (arg.host) log_notice (" port = %s:%d", arg.host, arg.port); @@ -308,7 +337,7 @@ log_notice (" pid_filename = %s", arg.pid_filename ? arg.pid_filename : "(null)"); - tunnel = tunnel_new_server (arg.host, arg.port, arg.content_length); + tunnel = tunnel_new_server (arg.host, arg.port, arg.content_length, arg.user, arg.group); if (tunnel == NULL) { log_error ("couldn't create tunnel", argv[0]); diff -urN httptunnel-3.3.orig/tunnel.c httptunnel-3.3/tunnel.c --- httptunnel-3.3.orig/tunnel.c 2000-09-01 10:46:10.000000000 +0200 +++ httptunnel-3.3/tunnel.c 2004-04-03 18:08:25.000000000 +0200 @@ -1245,7 +1245,7 @@ } Tunnel * -tunnel_new_server (const char *host, int port, size_t content_length) +tunnel_new_server (const char *host, int port, size_t content_length, uid_t user, gid_t group) { Tunnel *tunnel; struct in_addr addr; @@ -1295,6 +1295,10 @@ return NULL; } + /* change user */ + setuid (user); + setgid (group); + return tunnel; } diff -urN httptunnel-3.3.orig/tunnel.h httptunnel-3.3/tunnel.h --- httptunnel-3.3.orig/tunnel.h 2000-07-25 12:46:50.000000000 +0200 +++ httptunnel-3.3/tunnel.h 2004-04-03 18:06:43.000000000 +0200 @@ -16,6 +16,9 @@ Tunnel *tunnel_new_server (const char *host, int port, + size_t content_length, + uid_t user, + gid_t group); size_t content_length); Create a new HTTP tunnel server. If LENGTH is 0, the Content-Length @@ -70,8 +73,8 @@ extern Tunnel *tunnel_new_client (const char *host, int host_port, const char *proxy, int proxy_port, size_t content_length); -extern Tunnel *tunnel_new_server (const char *host, int port, - size_t content_length); +extern Tunnel *tunnel_new_server (const char *host, int port, size_t content_length, + uid_t user, gid_t group); extern int tunnel_connect (Tunnel *tunnel); extern int tunnel_accept (Tunnel *tunnel); extern int tunnel_pollin_fd (Tunnel *tunnel);