diff options
author | Christian Grothoff <christian@grothoff.org> | 2011-12-20 09:11:36 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2011-12-20 09:11:36 +0000 |
commit | f7e0fa90cd9aec9111e09379f964993cec7615ff (patch) | |
tree | 900390bf3ea16a01d937a1b394523ee7869b121f | |
parent | 262b5052b8753e30cd0b2dedab419ab0c52520bc (diff) | |
download | gnunet-f7e0fa90cd9aec9111e09379f964993cec7615ff.tar.gz gnunet-f7e0fa90cd9aec9111e09379f964993cec7615ff.zip |
-minor cleanup, adding HAVE_SETRESUID check
-rw-r--r-- | src/vpn/gnunet-helper-vpn.c | 69 |
1 files changed, 57 insertions, 12 deletions
diff --git a/src/vpn/gnunet-helper-vpn.c b/src/vpn/gnunet-helper-vpn.c index d693388a3..3250141fb 100644 --- a/src/vpn/gnunet-helper-vpn.c +++ b/src/vpn/gnunet-helper-vpn.c | |||
@@ -61,10 +61,12 @@ struct in6_ifreq | |||
61 | }; | 61 | }; |
62 | #endif | 62 | #endif |
63 | 63 | ||
64 | |||
64 | /** | 65 | /** |
65 | * Creates a tun-interface called dev; | 66 | * Creates a tun-interface called dev; |
67 | * | ||
66 | * @param dev is asumed to point to a char[IFNAMSIZ] | 68 | * @param dev is asumed to point to a char[IFNAMSIZ] |
67 | * if *dev == '\\0', uses the name supplied by the kernel | 69 | * if *dev == '\\0', uses the name supplied by the kernel; |
68 | * @return the fd to the tun or -1 on error | 70 | * @return the fd to the tun or -1 on error |
69 | */ | 71 | */ |
70 | static int | 72 | static int |
@@ -102,7 +104,7 @@ init_tun (char *dev) | |||
102 | { | 104 | { |
103 | fprintf (stderr, "Error with ioctl on `%s': %s\n", "/dev/net/tun", | 105 | fprintf (stderr, "Error with ioctl on `%s': %s\n", "/dev/net/tun", |
104 | strerror (errno)); | 106 | strerror (errno)); |
105 | close (fd); | 107 | (void) close (fd); |
106 | return -1; | 108 | return -1; |
107 | } | 109 | } |
108 | strcpy (dev, ifr.ifr_name); | 110 | strcpy (dev, ifr.ifr_name); |
@@ -129,6 +131,7 @@ set_address6 (const char *dev, const char *address, unsigned long prefix_len) | |||
129 | * parse the new address | 131 | * parse the new address |
130 | */ | 132 | */ |
131 | memset (&sa6, 0, sizeof (struct sockaddr_in6)); | 133 | memset (&sa6, 0, sizeof (struct sockaddr_in6)); |
134 | sa6.sin6_family = AF_INET6; | ||
132 | if (1 != inet_pton (AF_INET6, address, sa6.sin6_addr.s6_addr)) | 135 | if (1 != inet_pton (AF_INET6, address, sa6.sin6_addr.s6_addr)) |
133 | { | 136 | { |
134 | fprintf (stderr, "Failed to parse address `%s': %s\n", address, | 137 | fprintf (stderr, "Failed to parse address `%s': %s\n", address, |
@@ -142,10 +145,7 @@ set_address6 (const char *dev, const char *address, unsigned long prefix_len) | |||
142 | exit (1); | 145 | exit (1); |
143 | } | 146 | } |
144 | 147 | ||
145 | sa6.sin6_family = AF_INET6; | 148 | memset (&ifr, 0, sizeof (struct ifreq)); |
146 | memcpy (&ifr6.ifr6_addr, &sa6.sin6_addr, sizeof (struct in6_addr)); | ||
147 | |||
148 | |||
149 | /* | 149 | /* |
150 | * Get the index of the if | 150 | * Get the index of the if |
151 | */ | 151 | */ |
@@ -153,10 +153,13 @@ set_address6 (const char *dev, const char *address, unsigned long prefix_len) | |||
153 | if (-1 == ioctl (fd, SIOGIFINDEX, &ifr)) | 153 | if (-1 == ioctl (fd, SIOGIFINDEX, &ifr)) |
154 | { | 154 | { |
155 | fprintf (stderr, "ioctl failed at %d: %s\n", __LINE__, strerror (errno)); | 155 | fprintf (stderr, "ioctl failed at %d: %s\n", __LINE__, strerror (errno)); |
156 | (void) close (fd); | ||
156 | exit (1); | 157 | exit (1); |
157 | } | 158 | } |
158 | ifr6.ifr6_ifindex = ifr.ifr_ifindex; | ||
159 | 159 | ||
160 | memset (&ifr6, 0, sizeof (struct in6_ifreq)); | ||
161 | ifr6.ifr6_addr = sa6.sin6_addr; | ||
162 | ifr6.ifr6_ifindex = ifr.ifr_ifindex; | ||
160 | ifr6.ifr6_prefixlen = prefix_len; | 163 | ifr6.ifr6_prefixlen = prefix_len; |
161 | 164 | ||
162 | /* | 165 | /* |
@@ -166,6 +169,8 @@ set_address6 (const char *dev, const char *address, unsigned long prefix_len) | |||
166 | { | 169 | { |
167 | fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__, | 170 | fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__, |
168 | strerror (errno)); | 171 | strerror (errno)); |
172 | (void) close (fd); | ||
173 | exit (1); | ||
169 | } | 174 | } |
170 | 175 | ||
171 | /* | 176 | /* |
@@ -175,6 +180,7 @@ set_address6 (const char *dev, const char *address, unsigned long prefix_len) | |||
175 | { | 180 | { |
176 | fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__, | 181 | fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__, |
177 | strerror (errno)); | 182 | strerror (errno)); |
183 | (void) close (fd); | ||
178 | exit (1); | 184 | exit (1); |
179 | } | 185 | } |
180 | 186 | ||
@@ -186,6 +192,7 @@ set_address6 (const char *dev, const char *address, unsigned long prefix_len) | |||
186 | { | 192 | { |
187 | fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__, | 193 | fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__, |
188 | strerror (errno)); | 194 | strerror (errno)); |
195 | (void) close (fd); | ||
189 | exit (1); | 196 | exit (1); |
190 | } | 197 | } |
191 | 198 | ||
@@ -213,9 +220,7 @@ set_address4 (const char *dev, const char *address, const char *mask) | |||
213 | 220 | ||
214 | memset (&ifr, 0, sizeof (struct ifreq)); | 221 | memset (&ifr, 0, sizeof (struct ifreq)); |
215 | addr = (struct sockaddr_in *) &(ifr.ifr_addr); | 222 | addr = (struct sockaddr_in *) &(ifr.ifr_addr); |
216 | memset (addr, 0, sizeof (struct sockaddr_in)); | ||
217 | addr->sin_family = AF_INET; | 223 | addr->sin_family = AF_INET; |
218 | addr->sin_addr.s_addr = inet_addr (address); | ||
219 | 224 | ||
220 | /* | 225 | /* |
221 | * Parse the address | 226 | * Parse the address |
@@ -227,7 +232,6 @@ set_address4 (const char *dev, const char *address, const char *mask) | |||
227 | exit (1); | 232 | exit (1); |
228 | } | 233 | } |
229 | 234 | ||
230 | |||
231 | if (-1 == (fd = socket (PF_INET, SOCK_DGRAM, 0))) | 235 | if (-1 == (fd = socket (PF_INET, SOCK_DGRAM, 0))) |
232 | { | 236 | { |
233 | fprintf (stderr, "Error creating socket: %s\n", strerror (errno)); | 237 | fprintf (stderr, "Error creating socket: %s\n", strerror (errno)); |
@@ -242,6 +246,7 @@ set_address4 (const char *dev, const char *address, const char *mask) | |||
242 | if (-1 == ioctl (fd, SIOCSIFADDR, &ifr)) | 246 | if (-1 == ioctl (fd, SIOCSIFADDR, &ifr)) |
243 | { | 247 | { |
244 | fprintf (stderr, "ioctl failed at %d: %s\n", __LINE__, strerror (errno)); | 248 | fprintf (stderr, "ioctl failed at %d: %s\n", __LINE__, strerror (errno)); |
249 | (void) close (fd); | ||
245 | exit (1); | 250 | exit (1); |
246 | } | 251 | } |
247 | 252 | ||
@@ -253,6 +258,7 @@ set_address4 (const char *dev, const char *address, const char *mask) | |||
253 | { | 258 | { |
254 | fprintf (stderr, "Failed to parse address `%s': %s\n", mask, | 259 | fprintf (stderr, "Failed to parse address `%s': %s\n", mask, |
255 | strerror (errno)); | 260 | strerror (errno)); |
261 | (void) close (fd); | ||
256 | exit (1); | 262 | exit (1); |
257 | } | 263 | } |
258 | 264 | ||
@@ -263,6 +269,7 @@ set_address4 (const char *dev, const char *address, const char *mask) | |||
263 | { | 269 | { |
264 | fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__, | 270 | fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__, |
265 | strerror (errno)); | 271 | strerror (errno)); |
272 | (void) close (fd); | ||
266 | exit (1); | 273 | exit (1); |
267 | } | 274 | } |
268 | 275 | ||
@@ -273,6 +280,7 @@ set_address4 (const char *dev, const char *address, const char *mask) | |||
273 | { | 280 | { |
274 | fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__, | 281 | fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__, |
275 | strerror (errno)); | 282 | strerror (errno)); |
283 | (void) close (fd); | ||
276 | exit (1); | 284 | exit (1); |
277 | } | 285 | } |
278 | 286 | ||
@@ -284,17 +292,24 @@ set_address4 (const char *dev, const char *address, const char *mask) | |||
284 | { | 292 | { |
285 | fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__, | 293 | fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__, |
286 | strerror (errno)); | 294 | strerror (errno)); |
295 | (void) close (fd); | ||
287 | exit (1); | 296 | exit (1); |
288 | } | 297 | } |
289 | 298 | ||
290 | if (0 != close (fd)) | 299 | if (0 != close (fd)) |
291 | { | 300 | { |
292 | fprintf (stderr, "close failed: %s\n", strerror (errno)); | 301 | fprintf (stderr, "close failed: %s\n", strerror (errno)); |
302 | (void) close (fd); | ||
293 | exit (1); | 303 | exit (1); |
294 | } | 304 | } |
295 | } | 305 | } |
296 | 306 | ||
297 | 307 | ||
308 | /** | ||
309 | * Start forwarding to and from the tunnel. | ||
310 | * | ||
311 | * @param fd_tun tunnel FD | ||
312 | */ | ||
298 | static void | 313 | static void |
299 | run (int fd_tun) | 314 | run (int fd_tun) |
300 | { | 315 | { |
@@ -497,11 +512,23 @@ PROCESS_BUFFER: | |||
497 | } | 512 | } |
498 | 513 | ||
499 | 514 | ||
515 | /** | ||
516 | * Open VPN tunnel interface. | ||
517 | * | ||
518 | * @param argc must be 6 | ||
519 | * @param argv 0: binary name (gnunet-helper-vpn) | ||
520 | * 1: tunnel interface name (gnunet-vpn) | ||
521 | * 2: IPv6 address (::1) | ||
522 | * 3: IPv6 netmask length in bits (64) | ||
523 | * 4: IPv4 address (1.2.3.4) | ||
524 | * 5: IPv4 netmask (255.255.0.0) | ||
525 | */ | ||
500 | int | 526 | int |
501 | main (int argc, char **argv) | 527 | main (int argc, char **argv) |
502 | { | 528 | { |
503 | char dev[IFNAMSIZ]; | 529 | char dev[IFNAMSIZ]; |
504 | int fd_tun; | 530 | int fd_tun; |
531 | int global_ret; | ||
505 | 532 | ||
506 | if (6 != argc) | 533 | if (6 != argc) |
507 | { | 534 | { |
@@ -538,14 +565,32 @@ main (int argc, char **argv) | |||
538 | set_address4 (dev, address, mask); | 565 | set_address4 (dev, address, mask); |
539 | } | 566 | } |
540 | 567 | ||
568 | #ifdef HAVE_SETRESUID | ||
541 | uid_t uid = getuid (); | 569 | uid_t uid = getuid (); |
542 | |||
543 | if (0 != setresuid (uid, uid, uid)) | 570 | if (0 != setresuid (uid, uid, uid)) |
571 | { | ||
544 | fprintf (stderr, "Failed to setresuid: %s\n", strerror (errno)); | 572 | fprintf (stderr, "Failed to setresuid: %s\n", strerror (errno)); |
573 | global_ret = 2; | ||
574 | goto cleanup; | ||
575 | } | ||
576 | #else | ||
577 | if (0 != (setuid (uid) | seteuid (uid))) | ||
578 | { | ||
579 | fprintf (stderr, "Failed to setuid: %s\n", strerror (errno)); | ||
580 | global_ret = 2; | ||
581 | goto cleanup; | ||
582 | } | ||
583 | #endif | ||
584 | |||
545 | if (SIG_ERR == signal (SIGPIPE, SIG_IGN)) | 585 | if (SIG_ERR == signal (SIGPIPE, SIG_IGN)) |
586 | { | ||
546 | fprintf (stderr, "Failed to protect against SIGPIPE: %s\n", | 587 | fprintf (stderr, "Failed to protect against SIGPIPE: %s\n", |
547 | strerror (errno)); | 588 | strerror (errno)); |
589 | /* no exit, we might as well die with SIGPIPE should it ever happen */ | ||
590 | } | ||
548 | run (fd_tun); | 591 | run (fd_tun); |
592 | global_ret = 0; | ||
593 | cleanup: | ||
549 | close (fd_tun); | 594 | close (fd_tun); |
550 | return 0; | 595 | return global_ret; |
551 | } | 596 | } |