third-party-mirrors/sslh
1
0
Fork 0
mirror of https://github.com/yrutschle/sslh.git synced 2025-04-18 17:57:39 +03:00
Code Issues Packages Projects Releases Wiki Activity

refactor: purified set_capabilities, told to keep or drop CAP_NET_ADMIN instead of deciding for itself

Browse Source
This commit is contained in:
yrutschle 2021-05-09 15:39:14 +02:00
parent cf4f4cbebe
commit 030ef64b99
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
common.c
View File

@ -786,9 +786,9 @@ void set_keepcaps(int val) {
} }
/* Returns true if anything requires transparent proxying. */ /* Returns true if anything requires transparent proxying. */
#ifdef LIBCAP
static int use_transparent(void) static int use_transparent(void)
{ {
#ifdef LIBCAP
if (cfg.transparent) if (cfg.transparent)
return 1; return 1;
@ -796,19 +796,21 @@ static int use_transparent(void)
if (cfg.protocols[i].transparent) if (cfg.protocols[i].transparent)
return 1; return 1;
#endif
return 0; return 0;
} }
#endif
/* set needed capabilities for effective and permitted, clear rest */ /* set needed capabilities for effective and permitted, clear rest
void set_capabilities(void) { * IN: cap_net_admin: set to 1 to set CAP_NET_ADMIN
* */
void set_capabilities(int cap_net_admin) {
#ifdef LIBCAP #ifdef LIBCAP
int res; int res;
cap_t caps; cap_t caps;
cap_value_t cap_list[10]; cap_value_t cap_list[10];
int ncap = 0; int ncap = 0;
if (use_transparent()) if (cap_net_admin)
cap_list[ncap++] = CAP_NET_ADMIN; cap_list[ncap++] = CAP_NET_ADMIN;
caps = cap_init(); caps = cap_init();
@ -877,7 +879,7 @@ void drop_privileges(const char* user_name, const char* chroot_path)
res = setuid(pw->pw_uid); res = setuid(pw->pw_uid);
CHECK_RES_DIE(res, "setuid"); CHECK_RES_DIE(res, "setuid");
set_capabilities(); set_capabilities(use_transparent());
set_keepcaps(0); set_keepcaps(0);
} }
} }