#include <time.h>
#include <string.h>
#include <ctype.h>
+#include <pwd.h>
#include <sys/stat.h>
+#include <sys/types.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
return err;
}
write(fd, buf, buflen);
- fchmod(fd, 0700);
+ fchmod(fd, 0755);
close(fd);
if (!fork()) {
char *csd_argv[32];
int i = 0;
+ if (vpninfo->uid != getuid()) {
+ struct passwd *pw;
+
+ if (setuid(vpninfo->uid)) {
+ fprintf(stderr, "Failed to set uid %d\n",
+ vpninfo->uid);
+ exit(1);
+ }
+ if (!(pw = getpwuid(vpninfo->uid))) {
+ fprintf(stderr, "Invalid user uid=%d\n",
+ vpninfo->uid);
+ exit(1);
+ }
+ setenv("HOME", pw->pw_dir, 1);
+ chdir(pw->pw_dir);
+ }
+ if (vpninfo->uid == 0) {
+ fprintf(stderr, "Warning: you are running unsecure "
+ "CSD code with root privileges\n"
+ "\t Use command line option \"-U\"\n");
+ }
+
csd_argv[i++] = fname;
csd_argv[i++] = "-ticket";
asprintf(&csd_argv[i++], "\"%s\"", vpninfo->csd_ticket);
struct utsname utsbuf;
int cookieonly = 0;
int use_syslog = 0;
- uid_t uid = getuid();
int opt;
openconnect_init_openssl();
vpninfo->max_qlen = 10;
vpninfo->reconnect_interval = RECONNECT_INTERVAL_MIN;
vpninfo->reconnect_timeout = 300;
+ vpninfo->uid = getuid();
if (RAND_bytes(vpninfo->dtls_secret, sizeof(vpninfo->dtls_secret)) != 1) {
fprintf(stderr, "Failed to initialise DTLS secret\n");
break;
case 'U': {
char *strend;
- uid = strtol(optarg, &strend, 0);
+ vpninfo->uid = strtol(optarg, &strend, 0);
if (strend[0]) {
struct passwd *pw = getpwnam(optarg);
if (!pw) {
optarg);
exit(1);
}
- uid = pw->pw_uid;
+ vpninfo->uid = pw->pw_uid;
}
break;
}
exit(1);
}
- if (uid != getuid()) {
- if (setuid(uid)) {
- fprintf(stderr, "Failed to set uid %d\n", uid);
+ if (vpninfo->uid != getuid()) {
+ if (setuid(vpninfo->uid)) {
+ fprintf(stderr, "Failed to set uid %d\n", vpninfo->uid);
exit(1);
}
}