diff options
| author | Christian Grothoff <christian@grothoff.org> | 2012-01-18 12:47:52 +0000 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2012-01-18 12:47:52 +0000 |
| commit | eaed2cc24c95f9c6188182b1373459d0855015b1 (patch) | |
| tree | a0ecbba0ea5e5c3eecb19a53df7145597fb11fbd /src/dns | |
| parent | 6bdc9878c8027ca7e6c4fca5410d7569cea6fe12 (diff) | |
| download | gnunet-eaed2cc24c95f9c6188182b1373459d0855015b1.tar.gz gnunet-eaed2cc24c95f9c6188182b1373459d0855015b1.zip | |
-fixing #2082 -- allow iptables/ip/sysctl to also be in /usr/sbin
Diffstat (limited to 'src/dns')
| -rw-r--r-- | src/dns/gnunet-helper-dns.c | 40 |
1 files changed, 23 insertions, 17 deletions
diff --git a/src/dns/gnunet-helper-dns.c b/src/dns/gnunet-helper-dns.c index 56b8713cf..73536c252 100644 --- a/src/dns/gnunet-helper-dns.c +++ b/src/dns/gnunet-helper-dns.c | |||
| @@ -95,12 +95,12 @@ struct in6_ifreq | |||
| 95 | /** | 95 | /** |
| 96 | * Name and full path of IPTABLES binary. | 96 | * Name and full path of IPTABLES binary. |
| 97 | */ | 97 | */ |
| 98 | #define SBIN_IPTABLES "/sbin/iptables" | 98 | static const char *sbin_iptables; |
| 99 | 99 | ||
| 100 | /** | 100 | /** |
| 101 | * Name and full path of IPTABLES binary. | 101 | * Name and full path of IPTABLES binary. |
| 102 | */ | 102 | */ |
| 103 | #define SBIN_IP "/sbin/ip" | 103 | static const char *sbin_ip; |
| 104 | 104 | ||
| 105 | /** | 105 | /** |
| 106 | * Port for DNS traffic. | 106 | * Port for DNS traffic. |
| @@ -685,19 +685,25 @@ main (int argc, char *const*argv) | |||
| 685 | } | 685 | } |
| 686 | 686 | ||
| 687 | /* verify that the binaries were care about are executable */ | 687 | /* verify that the binaries were care about are executable */ |
| 688 | if (0 != access (SBIN_IPTABLES, X_OK)) | 688 | if (0 == access ("/sbin/iptables", X_OK)) |
| 689 | sbin_iptables = "/sbin/iptables"; | ||
| 690 | else if (0 == access ("/usr/sbin/iptables", X_OK)) | ||
| 691 | sbin_iptables = "/usr/sbin/iptables"; | ||
| 692 | else | ||
| 689 | { | 693 | { |
| 690 | fprintf (stderr, | 694 | fprintf (stderr, |
| 691 | "`%s' is not executable: %s\n", | 695 | "Fatal: executable iptables not found in approved directories: %s\n", |
| 692 | SBIN_IPTABLES, | ||
| 693 | strerror (errno)); | 696 | strerror (errno)); |
| 694 | return 3; | 697 | return 3; |
| 695 | } | 698 | } |
| 696 | if (0 != access (SBIN_IP, X_OK)) | 699 | if (0 == access ("/sbin/ip", X_OK)) |
| 700 | sbin_ip = "/sbin/ip"; | ||
| 701 | else if (0 == access ("/usr/sbin/ip", X_OK)) | ||
| 702 | sbin_ip = "/usr/sbin/ip"; | ||
| 703 | else | ||
| 697 | { | 704 | { |
| 698 | fprintf (stderr, | 705 | fprintf (stderr, |
| 699 | "`%s' is not executable: %s\n", | 706 | "Fatal: executable ip not found in approved directories: %s\n", |
| 700 | SBIN_IP, | ||
| 701 | strerror (errno)); | 707 | strerror (errno)); |
| 702 | return 4; | 708 | return 4; |
| 703 | } | 709 | } |
| @@ -825,7 +831,7 @@ main (int argc, char *const*argv) | |||
| 825 | "udp", "--sport", localport, "--dport", DNS_PORT, "-j", | 831 | "udp", "--sport", localport, "--dport", DNS_PORT, "-j", |
| 826 | "ACCEPT", NULL | 832 | "ACCEPT", NULL |
| 827 | }; | 833 | }; |
| 828 | if (0 != fork_and_exec (SBIN_IPTABLES, mangle_args)) | 834 | if (0 != fork_and_exec (sbin_iptables, mangle_args)) |
| 829 | goto cleanup_rest; | 835 | goto cleanup_rest; |
| 830 | } | 836 | } |
| 831 | /* Mark all of the other DNS traffic using our mark DNS_MARK */ | 837 | /* Mark all of the other DNS traffic using our mark DNS_MARK */ |
| @@ -836,7 +842,7 @@ main (int argc, char *const*argv) | |||
| 836 | "udp", "--dport", DNS_PORT, "-j", "MARK", "--set-mark", DNS_MARK, | 842 | "udp", "--dport", DNS_PORT, "-j", "MARK", "--set-mark", DNS_MARK, |
| 837 | NULL | 843 | NULL |
| 838 | }; | 844 | }; |
| 839 | if (0 != fork_and_exec (SBIN_IPTABLES, mark_args)) | 845 | if (0 != fork_and_exec (sbin_iptables, mark_args)) |
| 840 | goto cleanup_mangle_1; | 846 | goto cleanup_mangle_1; |
| 841 | } | 847 | } |
| 842 | /* Forward all marked DNS traffic to our DNS_TABLE */ | 848 | /* Forward all marked DNS traffic to our DNS_TABLE */ |
| @@ -845,7 +851,7 @@ main (int argc, char *const*argv) | |||
| 845 | { | 851 | { |
| 846 | "ip", "rule", "add", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL | 852 | "ip", "rule", "add", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL |
| 847 | }; | 853 | }; |
| 848 | if (0 != fork_and_exec (SBIN_IP, forward_args)) | 854 | if (0 != fork_and_exec (sbin_ip, forward_args)) |
| 849 | goto cleanup_mark_2; | 855 | goto cleanup_mark_2; |
| 850 | } | 856 | } |
| 851 | /* Finally, add rule in our forwarding table to pass to our virtual interface */ | 857 | /* Finally, add rule in our forwarding table to pass to our virtual interface */ |
| @@ -855,7 +861,7 @@ main (int argc, char *const*argv) | |||
| 855 | "ip", "route", "add", "default", "dev", dev, | 861 | "ip", "route", "add", "default", "dev", dev, |
| 856 | "table", DNS_TABLE, NULL | 862 | "table", DNS_TABLE, NULL |
| 857 | }; | 863 | }; |
| 858 | if (0 != fork_and_exec (SBIN_IP, route_args)) | 864 | if (0 != fork_and_exec (sbin_ip, route_args)) |
| 859 | goto cleanup_forward_3; | 865 | goto cleanup_forward_3; |
| 860 | } | 866 | } |
| 861 | 867 | ||
| @@ -910,7 +916,7 @@ main (int argc, char *const*argv) | |||
| 910 | "ip", "route", "del", "default", "dev", dev, | 916 | "ip", "route", "del", "default", "dev", dev, |
| 911 | "table", DNS_TABLE, NULL | 917 | "table", DNS_TABLE, NULL |
| 912 | }; | 918 | }; |
| 913 | if (0 != fork_and_exec (SBIN_IP, route_clean_args)) | 919 | if (0 != fork_and_exec (sbin_ip, route_clean_args)) |
| 914 | r += 1; | 920 | r += 1; |
| 915 | } | 921 | } |
| 916 | cleanup_forward_3: | 922 | cleanup_forward_3: |
| @@ -919,7 +925,7 @@ main (int argc, char *const*argv) | |||
| 919 | { | 925 | { |
| 920 | "ip", "rule", "del", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL | 926 | "ip", "rule", "del", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL |
| 921 | }; | 927 | }; |
| 922 | if (0 != fork_and_exec (SBIN_IP, forward_clean_args)) | 928 | if (0 != fork_and_exec (sbin_ip, forward_clean_args)) |
| 923 | r += 2; | 929 | r += 2; |
| 924 | } | 930 | } |
| 925 | cleanup_mark_2: | 931 | cleanup_mark_2: |
| @@ -929,7 +935,7 @@ main (int argc, char *const*argv) | |||
| 929 | "iptables", "-t", "mangle", "-D", "OUTPUT", "-p", "udp", | 935 | "iptables", "-t", "mangle", "-D", "OUTPUT", "-p", "udp", |
| 930 | "--dport", DNS_PORT, "-j", "MARK", "--set-mark", DNS_MARK, NULL | 936 | "--dport", DNS_PORT, "-j", "MARK", "--set-mark", DNS_MARK, NULL |
| 931 | }; | 937 | }; |
| 932 | if (0 != fork_and_exec (SBIN_IPTABLES, mark_clean_args)) | 938 | if (0 != fork_and_exec (sbin_iptables, mark_clean_args)) |
| 933 | r += 4; | 939 | r += 4; |
| 934 | } | 940 | } |
| 935 | cleanup_mangle_1: | 941 | cleanup_mangle_1: |
| @@ -940,7 +946,7 @@ main (int argc, char *const*argv) | |||
| 940 | "--sport", localport, "--dport", DNS_PORT, "-j", "ACCEPT", | 946 | "--sport", localport, "--dport", DNS_PORT, "-j", "ACCEPT", |
| 941 | NULL | 947 | NULL |
| 942 | }; | 948 | }; |
| 943 | if (0 != fork_and_exec (SBIN_IPTABLES, mangle_clean_args)) | 949 | if (0 != fork_and_exec (sbin_iptables, mangle_clean_args)) |
| 944 | r += 8; | 950 | r += 8; |
| 945 | } | 951 | } |
| 946 | 952 | ||