Modifying process UID functionality

Makefile

@@ -2,7 +2,7 @@ CROSS_COMPILE ?=
 CC := $(CROSS_COMPILE)gcc
 STRIP := $(CROSS_COMPILE)strip
 CFLAGS += -g -Wall -I../iniparser/src -L../iniparser
-LIBS = -liniparser
+LIBS = -liniparser -static
 OBJ := cproxy
 
 all: cproxy.o conf.o cproxy_request.o cproxy_help.o kill.o

conf.c

@@ -10,16 +10,21 @@ void read_conf(char *file, conf *p)
     dictionary *ini = iniparser_load(file);
 
     // server module
-    p->server_port = iniparser_getint(ini, "server:PORT", 0);
-    p->len_server_pid_file = strlen(iniparser_getstring(ini, "server:PID_FILE", NULL)) + 1;
+    // uid
+    p->uid = iniparser_getint(ini, "server:uid", 0);
+    //local_port
+    p->server_port = iniparser_getint(ini, "server:local_port", 0);
+    //pid_file
+    p->len_server_pid_file = strlen(iniparser_getstring(ini, "server:pid_file", NULL)) + 1;
     p->server_pid_file = (char *)malloc(p->len_server_pid_file);
     if (p->server_pid_file == NULL) {
         goto err;
     }
     memset(p->server_pid_file, 0, p->len_server_pid_file);
-    memcpy(p->server_pid_file, iniparser_getstring(ini, "server:PID_FILE", NULL), p->len_server_pid_file);
+    memcpy(p->server_pid_file, iniparser_getstring(ini, "server:pid_file", NULL), p->len_server_pid_file);
     //printf("%s\n", p->server_pid_file);
 
+    // http module
     // http ip
     p->len_http_ip = strlen(iniparser_getstring(ini, "http:http_ip", NULL)) + 1;
     p->http_ip = (char *)malloc(p->len_http_ip);
@@ -50,7 +55,7 @@ void read_conf(char *file, conf *p)
     memset(p->http_first, 0, p->len_http_first);
     memcpy(p->http_first, iniparser_getstring(ini, "http:http_first", NULL), p->len_http_first);
 
-
+    // https module
     // https ip
     p->len_https_ip = strlen(iniparser_getstring(ini, "https:https_ip", NULL)) + 1;
     p->https_ip = (char *)malloc(p->len_https_ip);

conf/cproxy.ini

@@ -1,6 +1,7 @@
 [server]
-PORT=9606;
-PID_FILE=log/cproxy.pid;
+uid=3004;
+local_port=9606;
+pid_file=log/cproxy.pid;
 
 [http]
 http_ip=10.0.0.172;
@@ -16,4 +17,3 @@ https_del=",Host";
 https_first="[M] iread.wo.cn//https://[host]:[port]#iread.wo.cn [V]\r\nhost: iread.wo.cn:443\r\n";
 strrep = "Mi MIX 2->Linux";
 regrep = "Host*.+?->Host: iread.wo.cn:443";
-

conf/cproxy.ini.explain

@@ -1,18 +1,30 @@
 模块: [server], [http], [https]
-[server]模块
-PORT 端口
-PID_FILE pid文件
-
 [http]、[https]模块关键字: [M], [U], [V], [host], [port], \r, \n, \v, \f, \b, \t, \a. 如果原本请求头含有关键字也会被替换.
+
+[server]模块
+uid 设置UID
+local_port 端口
+pid_file pid文件
+
+[http]模块
+[M] 原请求方法
+[U] 原请求url
+[V] 原请求协议版本
+[host] 原请求host
+[port] 原请求端口
+关键字strrep替换字符串指令.
+strrep = "Mi MIX 2->Linux"; 以"->"为分界符,"Mi MIX 2"字符串替换为"Linux"字符串.
+关键字regrep正则匹配替换字符串.
+regrep = "Host*.+?->Host: iread.wo.cn:443"; 以"->"为分界符,匹配到的内容"Host*.+?"替换为"Host: iread.wo.cn:443"字符串.
+
+[https]模块
 [M] 原请求方法
 [U] 原请求url
 [V] 原请求协议版本
 [host] 原请求host
 [port] 原请求端口
-
 关键字strrep替换字符串指令.
 strrep = "Mi MIX 2->Linux"; 以"->"为分界符,"Mi MIX 2"字符串替换为"Linux"字符串.
-
 关键字regrep正则匹配替换字符串.
 regrep = "Host*.+?->Host: iread.wo.cn:443"; 以"->"为分界符,匹配到的内容"Host*.+?"替换为"Host: iread.wo.cn:443"字符串.
 

conf/cproxy.transparent.ini

@@ -0,0 +1,21 @@
+[server]
+uid=3004;
+local_port=9606;
+pid_file=log/cproxy.pid;
+
+[http]
+http_ip=10.0.0.172;
+http_port=80;
+http_del="x-online-host,X-Online-Host,host,Host";
+;http_first="[M] [U] [V]\r\n.aixiao.me\rx-online-host: [host]\r\nhost: iread.wo.cn\r\n";
+http_first="[M] [U] [V]\r\nhost: [host]:[port]\r\n";
+;strrep = "Mi MIX 2->Linux";
+
+[https]
+https_ip=10.0.0.172;
+https_port=80;
+https_del=",Host";
+;https_first="[M] iread.wo.cn//https://[host]:[port]#iread.wo.cn [V]\r\nhost: iread.wo.cn:443\r\n";
+https_first="[M] [U] [V]\r\nhost: [host]:[port]\r\n";
+;strrep = "Mi MIX 2->Linux";
+;regrep = "Host*.+?->Host: iread.wo.cn:443";

cproxy.c

@@ -70,7 +70,8 @@ void handle_client(int client_sock, struct sockaddr_in client_addr, conf *config
 
     if (fork() == 0) {
         if (SIGN == HTTP_CONNECT) {
-            servertoclient(remote_sock, client_sock, complete_data, &len_complete_data);
+            //servertoclient(remote_sock, client_sock, complete_data, &len_complete_data);
+            forward_data(remote_sock, client_sock);
         } else if (SIGN == HTTP_OTHERS || SIGN == HTTP) {
             forward_data(remote_sock, client_sock);
         }
@@ -297,8 +298,8 @@ int _main(int argc, char *argv[])
     header_buffer = (char *)malloc(BUF_SIZE);
     len_header_buffer = strlen(header_buffer);
 
-    complete_data = (char *)malloc(BUF_SIZES);
-    len_complete_data = strlen(complete_data);
+    //complete_data = (char *)malloc(BUF_SIZES);
+    //len_complete_data = strlen(complete_data);
 
     char *inifile = "conf/cproxy.ini";
     char path[PATH_SIZE] = { 0 };
@@ -323,8 +324,10 @@ int _main(int argc, char *argv[])
             init_daemon(1, 1, configure, path);
             break;
         case 's':
-            if (strcasecmp(optarg, "stop") == 0)
+            if (strcasecmp(optarg, "stop") == 0) {
+                free(header_buffer);
                 stop(1,  executable_filename);
+            }
             exit(0);
             break;
         case 'c':
@@ -341,9 +344,12 @@ int _main(int argc, char *argv[])
         }
     }
     
+    if (setegid(configure->uid) == -1 || seteuid(configure->uid) == -1)     // 设置uid
+        exit(1);
+
     start_server(configure);
     free_conf(configure);
-    free(complete_data);
+    //free(complete_data);
     free(header_buffer);
     return 0;
 }

cproxy.h

@@ -42,13 +42,14 @@ int remote_sock;
 
 char *header_buffer;
 int len_header_buffer;
-char *complete_data;
-int len_complete_data;
+//char *complete_data;
+//int len_complete_data;
 
 int SIGN;
 
 // 配置文件结构
 typedef struct CONF {
+    int uid;
     int server_port;            // server module
     char *server_pid_file;
 

log/cproxy.pid

@@ -1 +1 @@
-8604
+24157