diff options
| author | Ren Kararou <[email protected]> | 2024-12-30 01:47:21 -0600 |
|---|---|---|
| committer | Ren Kararou <[email protected]> | 2024-12-30 01:47:21 -0600 |
| commit | d9111c41e8160c69a79e03e88b9219cb1c0ac27e (patch) | |
| tree | f7afbb3b7084f9130b6ac508e955301a617f1b35 | |
| parent | dc3aeb792e176d301915b84f5f6ea69e72053970 (diff) | |
| download | nbtpd-d9111c41e8160c69a79e03e88b9219cb1c0ac27e.tar.gz nbtpd-d9111c41e8160c69a79e03e88b9219cb1c0ac27e.tar.bz2 nbtpd-d9111c41e8160c69a79e03e88b9219cb1c0ac27e.zip | |
implement naive privilege drop
| -rw-r--r-- | src/main.c | 58 |
1 files changed, 40 insertions, 18 deletions
diff --git a/src/main.c b/src/main.c index 1c242cf..ee5a912 100644 --- a/src/main.c +++ b/src/main.c @@ -9,7 +9,9 @@ #include <netinet/in.h> #include <netdb.h> #include <pthread.h> +#include <sys/types.h> #include <pwd.h> +#include <grp.h> #include <errno.h> #include <signal.h> @@ -20,6 +22,7 @@ static int stop = 0; void stop_handler() { stop = 1; + return; } void usage(char* name) { @@ -29,7 +32,6 @@ void usage(char* name) { printf("\tg: group to run as (default: nobody)\n"); printf("\ta: address to bind to (default: 127.0.0.1)\n"); printf("\tp: port to bind to (default: 69)\n"); - printf("\tt: number of worker threads to spawn (default 128)\n"); } int main(int argc, char** argv) { @@ -42,10 +44,9 @@ int main(int argc, char** argv) { strcpy(user, "nobody"); strcpy(group, "nobody"); int port = 69; - int threadcount = 128; int ch = 0; - while ((ch = getopt(argc, argv, "da:p:u:g:t:h")) != -1) { + while ((ch = getopt(argc, argv, "da:p:u:g:h")) != -1) { switch (ch) { case 'a': //TODO: this is unsafe @@ -58,13 +59,6 @@ int main(int argc, char** argv) { return -1; } break; - case 't': - threadcount = atoi(optarg); - if ((threadcount <= 0) || (threadcount > 51200)) { - fprintf(stderr, "threadcount must be between 1 and 51200\n"); - return -1; - } - break; case 'd': daemonize = 1; break; @@ -133,21 +127,49 @@ int main(int argc, char** argv) { } syslog(LOG_INFO, "socket bind success"); - //TODO: drop privs! + //TODO: use getpwnam_r() and getgrnam_r() + struct passwd u = getpwnam(&user); + struct group g = getgrnam(&group); + if (setuid(u.pw_uid) == -1) { + syslog(LOG_ERR, "failed to drop privileges"); + return -1; + } + if (setgit(g.gr_gid) == -1) { + syslog(LOG_ERR, "failed to drop privileges"); + return -1; + } - pthread_t threads[128]; - memset(threads, '\0', sizeof(threads)); - //TODO: spawn threadpool + // create persistent buffer + char* buf; + buf = malloc(1024); + if (buf == NULL) { + syslog(LOG_PANIC, "unable to allocate memory!"); + close(s); + return -1; + } while (!stop) { struct sockaddr_in caddr; unsigned int clen = sizeof(caddr); - char buf[1024]; - if (recvfrom(s, buf, sizeof(buf), 0, - (struct sockaddr*)&caddr, &clen) < 0) { + memset(buf, '\0', 1024); + if (recvfrom(s, buf, 1024, 0, (struct sockaddr*)&caddr, &clen) < 0) { syslog(LOG_ERR, "got a client connection, but unable to receive data!"); + free(buf); + continue; } - //TODO: handle threadpool + //TODO: process packet + + // we will never actually join on this thread, and don't care to keep it around. + pthread_t* _thread; + } + + // free our persistent buffer + free(buf); + // close socket + close(s); + // wait for threads to exit + pthread_exit(NULL); + // exit program return 0; } |