From 3dfae8f4b1127a62f3acc299683a8fbd63b908df Mon Sep 17 00:00:00 2001
From: Carl Worth <carl@theworths.org>
Date: Fri, 9 Dec 2005 17:10:08 +0000
Subject: [PATCH 1/1] 2005-12-09  Carl Worth  <cworth@cworth.org>

        * src/ttt-args.h:
        * src/ttt-args.c: (ttt_args_help), (ttt_args_parse): Add a -u,
        --user option for controlling the uid under which the server
        process runs.

        * src/ttt.h:
        * src/ttt-server.c: (ttt_server_register_client), (main): Recert
        the dup of stdout which wasn't working. Instead just print client
        join information on stderr so that it goes into the log. Implement
        support for the user option by calling setuid to drop root
        privileges the process might start out with.
---
 ChangeLog        | 14 ++++++++++++++
 src/ttt-args.c   |  8 +++++++-
 src/ttt-args.h   |  1 +
 src/ttt-server.c | 29 ++++++++++++++++++++++++-----
 src/ttt.h        |  1 +
 5 files changed, 47 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 30093c4..372a320 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,17 @@
+2005-12-09  Carl Worth  <cworth@cworth.org>
+
+	* src/ttt-args.h:
+	* src/ttt-args.c: (ttt_args_help), (ttt_args_parse): Add a -u,
+	--user option for controlling the uid under which the server
+	process runs.
+	
+	* src/ttt.h:
+	* src/ttt-server.c: (ttt_server_register_client), (main): Recert
+	the dup of stdout which wasn't working. Instead just print client
+	join information on stderr so that it goes into the log. Implement
+	support for the user option by calling setuid to drop root
+	privileges the process might start out with.
+
 2005-12-09  Bryan Worth  <bryan@theworths.org>
 	* src/ttt-curses-client.c: added error checking to ttt_create_client
 	call. Added ability to escape server commands by prepending with "/".
diff --git a/src/ttt-args.c b/src/ttt-args.c
index f367716..0f3e8fe 100644
--- a/src/ttt-args.c
+++ b/src/ttt-args.c
@@ -53,11 +53,12 @@ enum {
     TTT_ARGS_VAL_VERSION,
 };
 
-static char ttt_args_optstring[] = "dh:p:";
+static char ttt_args_optstring[] = "dh:p:u:";
 static struct option ttt_args_options[] = {
     /* name,		has_arg,	flag,	val */
     {"host",		1,		0,	'h'},
     {"port",		1,		0,	'p'},
+    {"user",		1,		0,	'u'},
     {"detach",		0,		0,	'd'},
     {"log-file",	1,		0,	TTT_ARGS_VAL_LOG_FILE},
     {"pid-file",	1,		0,	TTT_ARGS_VAL_PID_FILE},
@@ -78,6 +79,7 @@ ttt_args_help (const char *argv0)
 	    TTT_ARGS_HOST_DEFAULT);
     printf ("  -p PORT, --port=PORT\tPort to connect/bind to [%s]\n",
 	    TTT_ARGS_PORT_DEFAULT);
+    printf ("  -u USER, --user=USER\tUser the server should run as.\n");
     printf ("           --help\tGive this help list\n");
     printf ("           --version\tPrint program version\n");
     puts ("");
@@ -109,6 +111,7 @@ ttt_args_parse(ttt_args_t *args, int argc, char *argv[])
 
     args->host = TTT_ARGS_HOST_DEFAULT;
     args->port = TTT_ARGS_PORT_DEFAULT;
+    args->user = NULL;
     args->log_file = TTT_ARGS_LOG_FILE_DEFAULT;
     args->detach = FALSE;
     args->pid_file = TTT_ARGS_PID_FILE_DEFAULT;
@@ -125,6 +128,9 @@ ttt_args_parse(ttt_args_t *args, int argc, char *argv[])
 	case 'p':
 	    args->port = optarg;
 	    break;
+	case 'u':
+	    args->user = optarg;
+	    break;
 	case TTT_ARGS_VAL_LOG_FILE:
 	    args->log_file = optarg;
 	    break;
diff --git a/src/ttt-args.h b/src/ttt-args.h
index 5a1b3cf..f35bee8 100644
--- a/src/ttt-args.h
+++ b/src/ttt-args.h
@@ -34,6 +34,7 @@ typedef struct ttt_args
 {
     char *host;
     char *port;
+    char *user;
     char *log_file;
     ttt_bool_t detach;
     char *pid_file;
diff --git a/src/ttt-server.c b/src/ttt-server.c
index 5d951fd..4f647ee 100644
--- a/src/ttt-server.c
+++ b/src/ttt-server.c
@@ -74,7 +74,7 @@ ttt_server_register_client (ttt_server_t *server, ttt_client_t *client)
 	}
     }
 
-    printf ("Client %s has joined.\r\n", username);
+    fprintf (stderr, "Client %s has joined.\r\n", username);
 
     server->num_clients++;
 
@@ -305,14 +305,33 @@ main (int argc, char **argv)
     if (args.detach)
 	_detach_and_write_child_pid_to (args.pid_file);
 
+    /* Now that we've setup logging and the pid file, drop any special
+     * permissions we might have if we were asked to do that. */
+    if (args.user) {
+	int ret;
+	struct passwd *pwd;
+	errno = 0;
+	pwd = getpwnam (args.user);
+	if (pwd == NULL) {
+	    fprintf (stderr, "Error: Failed to lookup uid for %s: %s. Aborting.\n",
+		     args.user,
+		     errno == 0 ? "User not found" : strerror (errno));
+	    exit (1);
+	}
+	ret = setuid (pwd->pw_uid);
+	if (ret == -1) {
+	    fprintf (stderr, "Error: Failed to setuid to %d (%s): %s. Aborting.\n",
+		     pwd->pw_uid, args.user, strerror (errno));
+	    exit (1);
+	}
+    }
+
     socket = ttt_socket_create_server (args.host, args.port);
 
-    if (args.detach) {
-	xdup2 (2, 1);
+    if (args.detach)
 	printf ("Server started listening on %s:%s\n", args.host, args.port);
-    } else {
+    else
 	printf (WELCOME_MESSAGE, args.host, args.port, args.host, args.port);
-    }
 
     fclose (stdout);
     fclose (stdin);
diff --git a/src/ttt.h b/src/ttt.h
index c1662af..5c14169 100644
--- a/src/ttt.h
+++ b/src/ttt.h
@@ -41,6 +41,7 @@
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <pthread.h>
+#include <pwd.h>
 
 #define ASSERT_NOT_REACHED		\
 do {					\
-- 
2.43.0