diff options
author | Christian Grothoff <christian@grothoff.org> | 2012-01-18 12:47:52 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2012-01-18 12:47:52 +0000 |
commit | eaed2cc24c95f9c6188182b1373459d0855015b1 (patch) | |
tree | a0ecbba0ea5e5c3eecb19a53df7145597fb11fbd /src/dns/gnunet-helper-dns.c | |
parent | 6bdc9878c8027ca7e6c4fca5410d7569cea6fe12 (diff) | |
download | gnunet-eaed2cc24c95f9c6188182b1373459d0855015b1.tar.gz gnunet-eaed2cc24c95f9c6188182b1373459d0855015b1.zip |
-fixing #2082 -- allow iptables/ip/sysctl to also be in /usr/sbin
Diffstat (limited to 'src/dns/gnunet-helper-dns.c')
-rw-r--r-- | src/dns/gnunet-helper-dns.c | 40 |
1 files changed, 23 insertions, 17 deletions
diff --git a/src/dns/gnunet-helper-dns.c b/src/dns/gnunet-helper-dns.c index 56b8713cf..73536c252 100644 --- a/src/dns/gnunet-helper-dns.c +++ b/src/dns/gnunet-helper-dns.c | |||
@@ -95,12 +95,12 @@ struct in6_ifreq | |||
95 | /** | 95 | /** |
96 | * Name and full path of IPTABLES binary. | 96 | * Name and full path of IPTABLES binary. |
97 | */ | 97 | */ |
98 | #define SBIN_IPTABLES "/sbin/iptables" | 98 | static const char *sbin_iptables; |
99 | 99 | ||
100 | /** | 100 | /** |
101 | * Name and full path of IPTABLES binary. | 101 | * Name and full path of IPTABLES binary. |
102 | */ | 102 | */ |
103 | #define SBIN_IP "/sbin/ip" | 103 | static const char *sbin_ip; |
104 | 104 | ||
105 | /** | 105 | /** |
106 | * Port for DNS traffic. | 106 | * Port for DNS traffic. |
@@ -685,19 +685,25 @@ main (int argc, char *const*argv) | |||
685 | } | 685 | } |
686 | 686 | ||
687 | /* verify that the binaries were care about are executable */ | 687 | /* verify that the binaries were care about are executable */ |
688 | if (0 != access (SBIN_IPTABLES, X_OK)) | 688 | if (0 == access ("/sbin/iptables", X_OK)) |
689 | sbin_iptables = "/sbin/iptables"; | ||
690 | else if (0 == access ("/usr/sbin/iptables", X_OK)) | ||
691 | sbin_iptables = "/usr/sbin/iptables"; | ||
692 | else | ||
689 | { | 693 | { |
690 | fprintf (stderr, | 694 | fprintf (stderr, |
691 | "`%s' is not executable: %s\n", | 695 | "Fatal: executable iptables not found in approved directories: %s\n", |
692 | SBIN_IPTABLES, | ||
693 | strerror (errno)); | 696 | strerror (errno)); |
694 | return 3; | 697 | return 3; |
695 | } | 698 | } |
696 | if (0 != access (SBIN_IP, X_OK)) | 699 | if (0 == access ("/sbin/ip", X_OK)) |
700 | sbin_ip = "/sbin/ip"; | ||
701 | else if (0 == access ("/usr/sbin/ip", X_OK)) | ||
702 | sbin_ip = "/usr/sbin/ip"; | ||
703 | else | ||
697 | { | 704 | { |
698 | fprintf (stderr, | 705 | fprintf (stderr, |
699 | "`%s' is not executable: %s\n", | 706 | "Fatal: executable ip not found in approved directories: %s\n", |
700 | SBIN_IP, | ||
701 | strerror (errno)); | 707 | strerror (errno)); |
702 | return 4; | 708 | return 4; |
703 | } | 709 | } |
@@ -825,7 +831,7 @@ main (int argc, char *const*argv) | |||
825 | "udp", "--sport", localport, "--dport", DNS_PORT, "-j", | 831 | "udp", "--sport", localport, "--dport", DNS_PORT, "-j", |
826 | "ACCEPT", NULL | 832 | "ACCEPT", NULL |
827 | }; | 833 | }; |
828 | if (0 != fork_and_exec (SBIN_IPTABLES, mangle_args)) | 834 | if (0 != fork_and_exec (sbin_iptables, mangle_args)) |
829 | goto cleanup_rest; | 835 | goto cleanup_rest; |
830 | } | 836 | } |
831 | /* Mark all of the other DNS traffic using our mark DNS_MARK */ | 837 | /* Mark all of the other DNS traffic using our mark DNS_MARK */ |
@@ -836,7 +842,7 @@ main (int argc, char *const*argv) | |||
836 | "udp", "--dport", DNS_PORT, "-j", "MARK", "--set-mark", DNS_MARK, | 842 | "udp", "--dport", DNS_PORT, "-j", "MARK", "--set-mark", DNS_MARK, |
837 | NULL | 843 | NULL |
838 | }; | 844 | }; |
839 | if (0 != fork_and_exec (SBIN_IPTABLES, mark_args)) | 845 | if (0 != fork_and_exec (sbin_iptables, mark_args)) |
840 | goto cleanup_mangle_1; | 846 | goto cleanup_mangle_1; |
841 | } | 847 | } |
842 | /* Forward all marked DNS traffic to our DNS_TABLE */ | 848 | /* Forward all marked DNS traffic to our DNS_TABLE */ |
@@ -845,7 +851,7 @@ main (int argc, char *const*argv) | |||
845 | { | 851 | { |
846 | "ip", "rule", "add", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL | 852 | "ip", "rule", "add", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL |
847 | }; | 853 | }; |
848 | if (0 != fork_and_exec (SBIN_IP, forward_args)) | 854 | if (0 != fork_and_exec (sbin_ip, forward_args)) |
849 | goto cleanup_mark_2; | 855 | goto cleanup_mark_2; |
850 | } | 856 | } |
851 | /* Finally, add rule in our forwarding table to pass to our virtual interface */ | 857 | /* Finally, add rule in our forwarding table to pass to our virtual interface */ |
@@ -855,7 +861,7 @@ main (int argc, char *const*argv) | |||
855 | "ip", "route", "add", "default", "dev", dev, | 861 | "ip", "route", "add", "default", "dev", dev, |
856 | "table", DNS_TABLE, NULL | 862 | "table", DNS_TABLE, NULL |
857 | }; | 863 | }; |
858 | if (0 != fork_and_exec (SBIN_IP, route_args)) | 864 | if (0 != fork_and_exec (sbin_ip, route_args)) |
859 | goto cleanup_forward_3; | 865 | goto cleanup_forward_3; |
860 | } | 866 | } |
861 | 867 | ||
@@ -910,7 +916,7 @@ main (int argc, char *const*argv) | |||
910 | "ip", "route", "del", "default", "dev", dev, | 916 | "ip", "route", "del", "default", "dev", dev, |
911 | "table", DNS_TABLE, NULL | 917 | "table", DNS_TABLE, NULL |
912 | }; | 918 | }; |
913 | if (0 != fork_and_exec (SBIN_IP, route_clean_args)) | 919 | if (0 != fork_and_exec (sbin_ip, route_clean_args)) |
914 | r += 1; | 920 | r += 1; |
915 | } | 921 | } |
916 | cleanup_forward_3: | 922 | cleanup_forward_3: |
@@ -919,7 +925,7 @@ main (int argc, char *const*argv) | |||
919 | { | 925 | { |
920 | "ip", "rule", "del", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL | 926 | "ip", "rule", "del", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL |
921 | }; | 927 | }; |
922 | if (0 != fork_and_exec (SBIN_IP, forward_clean_args)) | 928 | if (0 != fork_and_exec (sbin_ip, forward_clean_args)) |
923 | r += 2; | 929 | r += 2; |
924 | } | 930 | } |
925 | cleanup_mark_2: | 931 | cleanup_mark_2: |
@@ -929,7 +935,7 @@ main (int argc, char *const*argv) | |||
929 | "iptables", "-t", "mangle", "-D", "OUTPUT", "-p", "udp", | 935 | "iptables", "-t", "mangle", "-D", "OUTPUT", "-p", "udp", |
930 | "--dport", DNS_PORT, "-j", "MARK", "--set-mark", DNS_MARK, NULL | 936 | "--dport", DNS_PORT, "-j", "MARK", "--set-mark", DNS_MARK, NULL |
931 | }; | 937 | }; |
932 | if (0 != fork_and_exec (SBIN_IPTABLES, mark_clean_args)) | 938 | if (0 != fork_and_exec (sbin_iptables, mark_clean_args)) |
933 | r += 4; | 939 | r += 4; |
934 | } | 940 | } |
935 | cleanup_mangle_1: | 941 | cleanup_mangle_1: |
@@ -940,7 +946,7 @@ main (int argc, char *const*argv) | |||
940 | "--sport", localport, "--dport", DNS_PORT, "-j", "ACCEPT", | 946 | "--sport", localport, "--dport", DNS_PORT, "-j", "ACCEPT", |
941 | NULL | 947 | NULL |
942 | }; | 948 | }; |
943 | if (0 != fork_and_exec (SBIN_IPTABLES, mangle_clean_args)) | 949 | if (0 != fork_and_exec (sbin_iptables, mangle_clean_args)) |
944 | r += 8; | 950 | r += 8; |
945 | } | 951 | } |
946 | 952 | ||