stun/stun.patch@0ba300bdf30a
stun/stun.patch
Mon, 20 Apr 2009 19:22:00 +0200
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Mon, 20 Apr 2009 19:22:00 +0200
- changeset 178
- 0ba300bdf30a
- parent 52
- d42d557c7a5a
- child 417
- 76ceb617f880
- permissions
- -rw-r--r--
Change unfortunate but partly useful overreaching security tradeoff.
The principle of allocating each running process an individual system
user and group can have security benefits, however maintining a plethora
of users, groups, processes, file modes, file permissions, and even
nonportable file ACLs on a host serving from a hundred processes has
some security disadvantages. This tradeoff is even worse for systems
like OpenPKG which benefit from administration transparency through the
use of minimal system intrusion and only three usage privilege levels.
1 Index: client.cxx
2 --- client.cxx.orig 2005-08-14 02:43:10 +0200
3 +++ client.cxx 2005-11-16 10:28:17 +0100
4 @@ -178,13 +178,13 @@
5 retval[nic] = 0x02;
6 break;
7 case StunTypeDependentFilter:
8 - cout << "Independedt Mapping, Address Dependendent Filter";
9 + cout << "Independedt Mapping, Address Dependent Filter";
10 if ( presPort ) cout << ", preserves ports"; else cout << ", random port";
11 if ( hairpin ) cout << ", will hairpin"; else cout << ", no hairpin";
12 retval[nic] = 0x04;
13 break;
14 case StunTypePortDependedFilter:
15 - cout << "Indepndent Mapping, Port Dependent Filter";
16 + cout << "Independent Mapping, Port Dependent Filter";
17 if ( presPort ) cout << ", preserves ports"; else cout << ", random port";
18 if ( hairpin ) cout << ", will hairpin"; else cout << ", no hairpin";
19 retval[nic] = 0x06;
20 Index: server.cxx
21 --- server.cxx.orig 2005-08-13 22:19:29 +0200
22 +++ server.cxx 2005-11-16 10:33:51 +0100
23 @@ -23,7 +23,7 @@
24 usage()
25 {
26 cerr << "Usage: " << endl
27 - << " ./server [-v] [-h] [-h IP_Address] [-a IP_Address] [-p port] [-o port] [-m mediaport]" << endl
28 + << " ./server [-v] [-h] [-h IP_Address] [-a IP_Address] [-p port] [-o port] [-b] [-m mediaport] [-P pidfile]" << endl
29 << " " << endl
30 << " If the IP addresses of your NIC are 10.0.1.150 and 10.0.1.151, run this program with" << endl
31 << " ./server -v -h 10.0.1.150 -a 10.0.1.151" << endl
32 @@ -32,7 +32,7 @@
33 << " -a sets the secondary IP" << endl
34 << " -p sets the primary port and defaults to 3478" << endl
35 << " -o sets the secondary port and defaults to 3479" << endl
36 - << " -b makes the program run in the backgroud" << endl
37 + << " -b makes the program run in the background" << endl
38 << " -m sets up a STERN server starting at port m" << endl
39 << " -v runs in verbose mode" << endl
40 // in makefile too
41 @@ -55,6 +55,7 @@
42 StunAddress4 altAddr;
43 bool verbose=false;
44 bool background=false;
45 + char *myPidFile = 0;
47 myAddr.addr = 0;
48 altAddr.addr = 0;
49 @@ -135,6 +136,16 @@
50 }
51 myMediaPort = UInt16(strtol( argv[arg], NULL, 10));
52 }
53 + else if ( !strcmp( argv[arg] , "-P" ) )
54 + {
55 + arg++;
56 + if ( argc <= arg )
57 + {
58 + usage();
59 + exit(-1);
60 + }
61 + myPidFile = argv[arg];
62 + }
63 else
64 {
65 usage();
66 @@ -213,6 +224,19 @@
68 if (pid == 0) //child or not using background
69 {
70 + /* write a daemon pidfile */
71 + if (myPidFile) {
72 + pid_t pid;
73 + FILE *fp;
74 + pid = getpid();
75 + if ((fp = fopen(myPidFile, "w")) == NULL) {
76 + fprintf(stderr, "stund: Can't write pidfile '%s'", myPidFile);
77 + exit(1);
78 + }
79 + fprintf(fp, "%ld\n", (long)pid);
80 + fclose(fp);
81 + }
82 +
83 StunServerInfo info;
84 bool ok = stunInitServer(info, myAddr, altAddr, myMediaPort, verbose);
86 Index: stun.cxx
87 diff -Nau stund.orig/stun.cxx stund/stun.cxx
88 --- stun.cxx.orig 2005-08-14 02:39:03.000000000 +0200
89 +++ stun.cxx 2009-01-09 00:23:08.069498590 +0100
90 @@ -16,6 +16,7 @@
91 #include <string.h>
92 #include <sys/ioctl.h>
93 #include <sys/socket.h>
94 +#include <sys/sockio.h>
95 #include <sys/time.h>
96 #include <sys/types.h>
97 #include <arpa/inet.h>
