/* -*-c-*-
*
- * $Id$
- *
* Port forwarding thingy
*
* (c) 1999 Straylight/Edgeware
*/
-/*----- Licensing notice --------------------------------------------------*
+/*----- Licensing notice --------------------------------------------------*
*
* This file is part of the `fw' port forwarder.
*
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
- *
+ *
* `fw' is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with `fw'; if not, write to the Free Software Foundation,
* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
-/*----- Header files ------------------------------------------------------*/
-
-#include "config.h"
-
-#include <assert.h>
-#include <ctype.h>
-#include <errno.h>
-#include <signal.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-
-#include <unistd.h>
-#include <syslog.h>
-
-#include <grp.h>
-#include <pwd.h>
-
-#include <mLib/bres.h>
-#include <mLib/dstr.h>
-#include <mLib/mdwopt.h>
-#include <mLib/quis.h>
-#include <mLib/report.h>
-#include <mLib/sel.h>
-#include <mLib/sig.h>
-#include <mLib/sub.h>
-
-#include "conf.h"
-#include "endpt.h"
-#include "exec.h"
-#include "fattr.h"
-#include "file.h"
#include "fw.h"
-#include "mantext.h"
-#include "privconn.h"
-#include "scan.h"
-#include "socket.h"
-#include "source.h"
/*----- Global variables --------------------------------------------------*/
if (strcmp(sc->d.buf, "forward") == 0 ||
strcmp(sc->d.buf, "fw") == 0 ||
- strcmp(sc->d.buf, "from") == 0) {
+ strcmp(sc->d.buf, "from") == 0) {
source *s;
target *t;
flags |= FW_QUIET;
break;
case 's':
- if (isdigit((unsigned char )optarg[0])) {
+ if (isdigit((unsigned char )optarg[0])) {
char *q;
drop = strtol(optarg, &q, 0);
if (*q)
}
break;
case 'g':
- if (isdigit((unsigned char )optarg[0])) {
+ if (isdigit((unsigned char )optarg[0])) {
char *q;
dropg = strtol(optarg, &q, 0);
if (*q)
sig_add(&s_hup, SIGHUP, fw_reload, 0);
}
- /* --- Drop privileges --- */
-
- if (drop != (uid_t)-1)
- privconn_split(sel);
-#ifdef HAVE_SETGROUPS
- if ((dropg != (gid_t)-1 && (setgid(dropg) || setgroups(1, &dropg))) ||
- (drop != (uid_t)-1 && setuid(drop)))
- die(1, "couldn't drop privileges: %s", strerror(errno));
-#else
- if ((dropg != (gid_t)-1 && setgid(dropg)) ||
- (drop != (uid_t)-1 && setuid(drop)))
- die(1, "couldn't drop privileges: %s", strerror(errno));
-#endif
-
/* --- Fork into the background --- */
if (f & f_fork) {
openlog(QUIS, 0, LOG_DAEMON);
}
+ /* --- Drop privileges --- */
+
+ if (drop != (uid_t)-1)
+ privconn_split(sel);
+#ifdef HAVE_SETGROUPS
+ if ((dropg != (gid_t)-1 && (setgid(dropg) || setgroups(1, &dropg))) ||
+ (drop != (uid_t)-1 && setuid(drop)))
+ die(1, "couldn't drop privileges: %s", strerror(errno));
+#else
+ if ((dropg != (gid_t)-1 && setgid(dropg)) ||
+ (drop != (uid_t)-1 && setuid(drop)))
+ die(1, "couldn't drop privileges: %s", strerror(errno));
+#endif
+
/* --- Let rip --- */
if (!(flags & FW_SET))
int selerr = 0;
while (active) {
if (!sel_select(sel))
- selerr = 0;
+ selerr = 0;
else if (errno != EINTR && errno != EAGAIN) {
fw_log(-1, "error from select: %s", strerror(errno));
selerr++;
}
}
}
-
+
return (0);
}