X-Git-Url: https://git.distorted.org.uk/~mdw/fwd/blobdiff_plain/1c2054c7558f523dec9d7c1f243a2ceddd81c781..ee599f5566c155b4decd9c77bfa4d6212f20891e:/fw.c

diff --git a/fw.c b/fw.c
index 5a5db0f..2dec3c0 100644
--- a/fw.c
+++ b/fw.c
@@ -1,6 +1,6 @@
 /* -*-c-*-
  *
- * $Id: fw.c,v 1.15 2003/11/25 14:46:50 mdw Exp $
+ * $Id: fw.c,v 1.16 2003/11/29 20:36:07 mdw Exp $
  *
  * Port forwarding thingy
  *
@@ -29,6 +29,9 @@
 /*----- Revision history --------------------------------------------------* 
  *
  * $Log: fw.c,v $
+ * Revision 1.16  2003/11/29 20:36:07  mdw
+ * Privileged outgoing connections.
+ *
  * Revision 1.15  2003/11/25 14:46:50  mdw
  * Update docco for new options.
  *
@@ -115,6 +118,7 @@
 #include "fattr.h"
 #include "file.h"
 #include "fw.h"
+#include "privconn.h"
 #include "scan.h"
 #include "socket.h"
 #include "source.h"
@@ -247,6 +251,8 @@ void parse(scanner *sc)
       /* --- Combine the source and target --- */
 
       s->ops->attach(s, sc, t);
+      if (t->ops->confirm)
+	t->ops->confirm(t);
     }
 
     /* --- Include configuration from a file --- *
@@ -604,6 +610,7 @@ Socket options\n\
 	socket.inet.source.[allow|deny] priv-port\n\
 	socket.inet.source.addr [=] any|ADDR\n\
 	socket.inet.dest.addr [=] any|ADDR\n\
+	socket.inet.dest.priv-port [=] yes|no\n\
 \n\
 	socket.unix.fattr.*\n\
 ");
@@ -805,6 +812,8 @@ int main(int argc, char *argv[])
 
   /* --- Drop privileges --- */
 
+  if (drop != (uid_t)-1)
+    privconn_split(sel);
 #ifdef HAVE_SETGROUPS
   if ((dropg != (gid_t)-1 && (setgid(dropg) || setgroups(1, &dropg))) ||
       (drop != (uid_t)-1 && setuid(drop)))