drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2025-04-19 05:22:58 +03:00
Code Issues Packages Projects Releases Wiki Activity

tpws : dropcaps

Browse Source
This commit is contained in:
bolvan 2019-05-19 15:37:05 +03:00
parent 352f93ced2
commit 8b9d7f56d3
10 changed files with 26 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
binaries/aarch64/tpws
View File

Binary file not shown.

BIN
binaries/armhf/tpws
View File

Binary file not shown.

BIN
binaries/mips32r1-lsb/tpws
View File

Binary file not shown.

BIN
binaries/mips32r1-msb/tpws
View File

Binary file not shown.

BIN
binaries/mips64r2-msb/tpws
View File

Binary file not shown.

BIN
binaries/ppc/tpws
View File

Binary file not shown.

BIN
binaries/x86/tpws
View File

Binary file not shown.

BIN
binaries/x86_64/tpws
View File

Binary file not shown.

2
docs/compile/openwrt/package/zapret/tpws/Makefile
View File

@ -12,7 +12,7 @@ define Package/tpws
CATEGORY:=Network CATEGORY:=Network
TITLE:=tpws TITLE:=tpws
SUBMENU:=Zapret SUBMENU:=Zapret
DEPENDS:=+zlib DEPENDS:=+zlib +libcap
endef endef
define Build/Prepare define Build/Prepare

28
tpws/tpws.c
View File

@ -23,6 +23,7 @@
#include <getopt.h> #include <getopt.h>
#include <pwd.h> #include <pwd.h>
#include <signal.h> #include <signal.h>
#include <sys/capability.h>
#include "tpws.h" #include "tpws.h"
#include "tpws_conn.h" #include "tpws_conn.h"
@ -789,6 +790,26 @@ void daemonize()
/* stderror */ /* stderror */
} }
bool dropcaps()
{
cap_t capabilities;
capabilities = cap_init();
if (cap_clear(capabilities))
{
perror("cap_init");
return false;
}
if (cap_set_proc(capabilities))
{
perror("cap_set_proc");
cap_free(capabilities);
return false;
}
cap_free(capabilities);
return true;
}
bool droproot() bool droproot()
{ {
if (params.uid || params.gid) if (params.uid || params.gid)
@ -804,9 +825,10 @@ bool droproot()
return false; return false;
} }
} }
return true; return dropcaps();
} }
bool writepid(const char *filename) bool writepid(const char *filename)
{ {
FILE *F; FILE *F;
@ -1002,7 +1024,7 @@ int main(int argc, char *argv[]) {
perror("setsockopt (SO_KEEPALIVE): "); perror("setsockopt (SO_KEEPALIVE): ");
goto exiterr; goto exiterr;
} }
//Mark that this socket can be used for transparent proxying //Mark that this socket can be used for transparent proxying
//This allows the socket to accept connections for non-local IPs //This allows the socket to accept connections for non-local IPs
if (setsockopt(listen_fd, SOL_IP, IP_TRANSPARENT, &yes, sizeof(yes)) == -1) if (setsockopt(listen_fd, SOL_IP, IP_TRANSPARENT, &yes, sizeof(yes)) == -1)
@ -1027,7 +1049,7 @@ int main(int argc, char *argv[]) {
perror("listen: "); perror("listen: ");
goto exiterr; goto exiterr;
} }
//splice() causes the process to receive the SIGPIPE-signal if one part (for //splice() causes the process to receive the SIGPIPE-signal if one part (for
//example a socket) is closed during splice(). I would rather have splice() //example a socket) is closed during splice(). I would rather have splice()
//fail and return -1, so blocking SIGPIPE. //fail and return -1, so blocking SIGPIPE.