stun/stun.patch@0ba300bdf30a (annotated)
stun/stun.patch
Mon, 20 Apr 2009 19:22:00 +0200
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Mon, 20 Apr 2009 19:22:00 +0200
- changeset 178
- 0ba300bdf30a
- parent 52
- d42d557c7a5a
- child 417
- 76ceb617f880
- permissions
- -rw-r--r--
Change unfortunate but partly useful overreaching security tradeoff.
The principle of allocating each running process an individual system
user and group can have security benefits, however maintining a plethora
of users, groups, processes, file modes, file permissions, and even
nonportable file ACLs on a host serving from a hundred processes has
some security disadvantages. This tradeoff is even worse for systems
like OpenPKG which benefit from administration transparency through the
use of minimal system intrusion and only three usage privilege levels.
| michael@52 | 1 | Index: client.cxx |
| michael@52 | 2 | --- client.cxx.orig 2005-08-14 02:43:10 +0200 |
| michael@52 | 3 | +++ client.cxx 2005-11-16 10:28:17 +0100 |
| michael@52 | 4 | @@ -178,13 +178,13 @@ |
| michael@52 | 5 | retval[nic] = 0x02; |
| michael@52 | 6 | break; |
| michael@52 | 7 | case StunTypeDependentFilter: |
| michael@52 | 8 | - cout << "Independedt Mapping, Address Dependendent Filter"; |
| michael@52 | 9 | + cout << "Independedt Mapping, Address Dependent Filter"; |
| michael@52 | 10 | if ( presPort ) cout << ", preserves ports"; else cout << ", random port"; |
| michael@52 | 11 | if ( hairpin ) cout << ", will hairpin"; else cout << ", no hairpin"; |
| michael@52 | 12 | retval[nic] = 0x04; |
| michael@52 | 13 | break; |
| michael@52 | 14 | case StunTypePortDependedFilter: |
| michael@52 | 15 | - cout << "Indepndent Mapping, Port Dependent Filter"; |
| michael@52 | 16 | + cout << "Independent Mapping, Port Dependent Filter"; |
| michael@52 | 17 | if ( presPort ) cout << ", preserves ports"; else cout << ", random port"; |
| michael@52 | 18 | if ( hairpin ) cout << ", will hairpin"; else cout << ", no hairpin"; |
| michael@52 | 19 | retval[nic] = 0x06; |
| michael@52 | 20 | Index: server.cxx |
| michael@52 | 21 | --- server.cxx.orig 2005-08-13 22:19:29 +0200 |
| michael@52 | 22 | +++ server.cxx 2005-11-16 10:33:51 +0100 |
| michael@52 | 23 | @@ -23,7 +23,7 @@ |
| michael@52 | 24 | usage() |
| michael@52 | 25 | { |
| michael@52 | 26 | cerr << "Usage: " << endl |
| michael@52 | 27 | - << " ./server [-v] [-h] [-h IP_Address] [-a IP_Address] [-p port] [-o port] [-m mediaport]" << endl |
| michael@52 | 28 | + << " ./server [-v] [-h] [-h IP_Address] [-a IP_Address] [-p port] [-o port] [-b] [-m mediaport] [-P pidfile]" << endl |
| michael@52 | 29 | << " " << endl |
| michael@52 | 30 | << " If the IP addresses of your NIC are 10.0.1.150 and 10.0.1.151, run this program with" << endl |
| michael@52 | 31 | << " ./server -v -h 10.0.1.150 -a 10.0.1.151" << endl |
| michael@52 | 32 | @@ -32,7 +32,7 @@ |
| michael@52 | 33 | << " -a sets the secondary IP" << endl |
| michael@52 | 34 | << " -p sets the primary port and defaults to 3478" << endl |
| michael@52 | 35 | << " -o sets the secondary port and defaults to 3479" << endl |
| michael@52 | 36 | - << " -b makes the program run in the backgroud" << endl |
| michael@52 | 37 | + << " -b makes the program run in the background" << endl |
| michael@52 | 38 | << " -m sets up a STERN server starting at port m" << endl |
| michael@52 | 39 | << " -v runs in verbose mode" << endl |
| michael@52 | 40 | // in makefile too |
| michael@52 | 41 | @@ -55,6 +55,7 @@ |
| michael@52 | 42 | StunAddress4 altAddr; |
| michael@52 | 43 | bool verbose=false; |
| michael@52 | 44 | bool background=false; |
| michael@52 | 45 | + char *myPidFile = 0; |
| michael@52 | 46 | |
| michael@52 | 47 | myAddr.addr = 0; |
| michael@52 | 48 | altAddr.addr = 0; |
| michael@52 | 49 | @@ -135,6 +136,16 @@ |
| michael@52 | 50 | } |
| michael@52 | 51 | myMediaPort = UInt16(strtol( argv[arg], NULL, 10)); |
| michael@52 | 52 | } |
| michael@52 | 53 | + else if ( !strcmp( argv[arg] , "-P" ) ) |
| michael@52 | 54 | + { |
| michael@52 | 55 | + arg++; |
| michael@52 | 56 | + if ( argc <= arg ) |
| michael@52 | 57 | + { |
| michael@52 | 58 | + usage(); |
| michael@52 | 59 | + exit(-1); |
| michael@52 | 60 | + } |
| michael@52 | 61 | + myPidFile = argv[arg]; |
| michael@52 | 62 | + } |
| michael@52 | 63 | else |
| michael@52 | 64 | { |
| michael@52 | 65 | usage(); |
| michael@52 | 66 | @@ -213,6 +224,19 @@ |
| michael@52 | 67 | |
| michael@52 | 68 | if (pid == 0) //child or not using background |
| michael@52 | 69 | { |
| michael@52 | 70 | + /* write a daemon pidfile */ |
| michael@52 | 71 | + if (myPidFile) { |
| michael@52 | 72 | + pid_t pid; |
| michael@52 | 73 | + FILE *fp; |
| michael@52 | 74 | + pid = getpid(); |
| michael@52 | 75 | + if ((fp = fopen(myPidFile, "w")) == NULL) { |
| michael@52 | 76 | + fprintf(stderr, "stund: Can't write pidfile '%s'", myPidFile); |
| michael@52 | 77 | + exit(1); |
| michael@52 | 78 | + } |
| michael@52 | 79 | + fprintf(fp, "%ld\n", (long)pid); |
| michael@52 | 80 | + fclose(fp); |
| michael@52 | 81 | + } |
| michael@52 | 82 | + |
| michael@52 | 83 | StunServerInfo info; |
| michael@52 | 84 | bool ok = stunInitServer(info, myAddr, altAddr, myMediaPort, verbose); |
| michael@52 | 85 | |
| michael@53 | 86 | Index: stun.cxx |
| michael@53 | 87 | diff -Nau stund.orig/stun.cxx stund/stun.cxx |
| michael@53 | 88 | --- stun.cxx.orig 2005-08-14 02:39:03.000000000 +0200 |
| michael@53 | 89 | +++ stun.cxx 2009-01-09 00:23:08.069498590 +0100 |
| michael@53 | 90 | @@ -16,6 +16,7 @@ |
| michael@53 | 91 | #include <string.h> |
| michael@53 | 92 | #include <sys/ioctl.h> |
| michael@53 | 93 | #include <sys/socket.h> |
| michael@53 | 94 | +#include <sys/sockio.h> |
| michael@53 | 95 | #include <sys/time.h> |
| michael@53 | 96 | #include <sys/types.h> |
| michael@53 | 97 | #include <arpa/inet.h> |
