mirror of
https://github.com/moparisthebest/sslh
synced 2024-12-21 06:48:57 -05:00
libcap support: print out process capabilities at startup if verbose
This commit is contained in:
parent
2d3b6c4abd
commit
6bcb5c83f2
@ -5,6 +5,12 @@ vNEXT:
|
||||
first incoming packet.
|
||||
(Ondrej Kuzník)
|
||||
|
||||
Libcap support: Keep only CAP_NET_ADMIN if started
|
||||
as root with transparent proxying and dropping
|
||||
priviledges (enable USELIBCAP in Makefile). This
|
||||
avoids having to mess with filesystem capabilities.
|
||||
(Sebastian Schmidt/yath)
|
||||
|
||||
Fixed bugs related to getpeername that would cause
|
||||
sslh to quit erroneously (getpeername can return
|
||||
actual errors if connections are dropped before
|
||||
|
5
common.c
5
common.c
@ -37,11 +37,6 @@ struct addrinfo *addr_listen = NULL; /* what addresses do we listen to? */
|
||||
int allow_severity =0, deny_severity = 0;
|
||||
#endif
|
||||
|
||||
#ifdef LIBCAP
|
||||
#include <sys/prctl.h>
|
||||
#include <sys/capability.h>
|
||||
#endif
|
||||
|
||||
/* check result and die, printing the offending address and error */
|
||||
void check_res_dumpdie(int res, struct addrinfo *addr, char* syscall)
|
||||
{
|
||||
|
6
common.h
6
common.h
@ -27,6 +27,12 @@
|
||||
#include <libgen.h>
|
||||
#include <time.h>
|
||||
#include <getopt.h>
|
||||
|
||||
#ifdef LIBCAP
|
||||
#include <sys/prctl.h>
|
||||
#include <sys/capability.h>
|
||||
#endif
|
||||
|
||||
#include "version.h"
|
||||
|
||||
#define CHECK_RES_DIE(res, str) \
|
||||
|
21
sslh-main.c
21
sslh-main.c
@ -91,6 +91,23 @@ static void print_usage(void)
|
||||
fprintf(stderr, USAGE_STRING, prots);
|
||||
}
|
||||
|
||||
static void printcaps(void) {
|
||||
#ifdef LIBCAP
|
||||
cap_t caps;
|
||||
char* desc;
|
||||
ssize_t len;
|
||||
|
||||
caps = cap_get_proc();
|
||||
|
||||
desc = cap_to_text(caps, &len);
|
||||
|
||||
fprintf(stderr, "capabilities: %s\n", desc);
|
||||
|
||||
cap_free(caps);
|
||||
cap_free(desc);
|
||||
#endif
|
||||
}
|
||||
|
||||
static void printsettings(void)
|
||||
{
|
||||
char buf[NI_MAXHOST];
|
||||
@ -508,9 +525,13 @@ int main(int argc, char *argv[])
|
||||
if (user_name)
|
||||
drop_privileges(user_name);
|
||||
|
||||
|
||||
/* Open syslog connection */
|
||||
setup_syslog(argv[0]);
|
||||
|
||||
if (verbose)
|
||||
printcaps();
|
||||
|
||||
main_loop(listen_sockets, num_addr_listen);
|
||||
|
||||
return 0;
|
||||
|
Loading…
Reference in New Issue
Block a user