diff options
author | Christian Fuchs <christian.fuchs@cfuchs.net> | 2013-04-15 12:36:37 +0000 |
---|---|---|
committer | Christian Fuchs <christian.fuchs@cfuchs.net> | 2013-04-15 12:36:37 +0000 |
commit | ad68ae150f17cf6e0b2c605c9331cf0aedfce1d0 (patch) | |
tree | 9079e9ce1b942683e45f2f5212fe2f9ce1bd5d56 /src/nat | |
parent | fbda84a3f00a667f4b149f00f9a7d330e5db54a8 (diff) | |
download | gnunet-ad68ae150f17cf6e0b2c605c9331cf0aedfce1d0.tar.gz gnunet-ad68ae150f17cf6e0b2c605c9331cf0aedfce1d0.zip |
extended the GNUNET_OS_check_helper_binary parameters to do previlege
checking in windows. To do so, tested binaries must still be supplied
with valid commandline arguments, but on windows gnunet will utilize the
-d flag to run the programs initialization phase or privileged
operations only. In these modes, a program will not enter its mainloop
or communicate with the outside.
updated relevant function calls gnunet-wide to meet the extended
function parameters.
Diffstat (limited to 'src/nat')
-rw-r--r-- | src/nat/Makefile.am | 6 | ||||
-rw-r--r-- | src/nat/gnunet-helper-nat-client-windows.c | 20 | ||||
-rw-r--r-- | src/nat/gnunet-helper-nat-server-windows.c | 20 | ||||
-rw-r--r-- | src/nat/nat.c | 4 | ||||
-rw-r--r-- | src/nat/nat_auto.c | 6 | ||||
-rw-r--r-- | src/nat/nat_mini.c | 4 | ||||
-rw-r--r-- | src/nat/test_nat_test.c | 2 |
7 files changed, 44 insertions, 18 deletions
diff --git a/src/nat/Makefile.am b/src/nat/Makefile.am index 1b57ab63e..e27611ba9 100644 --- a/src/nat/Makefile.am +++ b/src/nat/Makefile.am | |||
@@ -15,9 +15,9 @@ dist_pkgcfg_DATA = \ | |||
15 | nat.conf | 15 | nat.conf |
16 | 16 | ||
17 | if LINUX | 17 | if LINUX |
18 | NATBIN = gnunet-helper-nat-server gnunet-helper-nat-client | 18 | NATBIN = gnunet-helper-nat-server gnunet-helper-nat-client |
19 | NATSERVER = gnunet-helper-nat-server.c | 19 | NATSERVER = gnunet-helper-nat-server.c |
20 | NATCLIENT = gnunet-helper-nat-client.c | 20 | NATCLIENT = gnunet-helper-nat-client.c |
21 | install-exec-hook: | 21 | install-exec-hook: |
22 | $(top_srcdir)/src/nat/install-nat-helper.sh $(libexecdir) $(SUDO_BINARY) || true | 22 | $(top_srcdir)/src/nat/install-nat-helper.sh $(libexecdir) $(SUDO_BINARY) || true |
23 | else | 23 | else |
diff --git a/src/nat/gnunet-helper-nat-client-windows.c b/src/nat/gnunet-helper-nat-client-windows.c index 47fbc0b86..b28b28584 100644 --- a/src/nat/gnunet-helper-nat-client-windows.c +++ b/src/nat/gnunet-helper-nat-client-windows.c | |||
@@ -167,6 +167,10 @@ struct udp_header | |||
167 | uint16_t crc; | 167 | uint16_t crc; |
168 | }; | 168 | }; |
169 | 169 | ||
170 | /** | ||
171 | * Will this binary be run in permissions testing mode? | ||
172 | */ | ||
173 | static boolean privilege_testing = FALSE; | ||
170 | 174 | ||
171 | /** | 175 | /** |
172 | * Socket we use to send our ICMP packets. | 176 | * Socket we use to send our ICMP packets. |
@@ -463,8 +467,14 @@ main (int argc, char *const *argv) | |||
463 | struct in_addr external; | 467 | struct in_addr external; |
464 | struct in_addr target; | 468 | struct in_addr target; |
465 | WSADATA wsaData; | 469 | WSADATA wsaData; |
466 | |||
467 | unsigned int p; | 470 | unsigned int p; |
471 | |||
472 | if (argc > 1 && 0 != strcmp (argv[1], "-d")){ | ||
473 | privilege_testing = TRUE; | ||
474 | fprintf (stderr, "DEBUG: Running binary in privilege testing mode.", argv[0]); | ||
475 | argv++; | ||
476 | argc--; | ||
477 | } | ||
468 | 478 | ||
469 | if (argc != 4) | 479 | if (argc != 4) |
470 | { | 480 | { |
@@ -497,9 +507,11 @@ main (int argc, char *const *argv) | |||
497 | } | 507 | } |
498 | if (-1 == (rawsock = make_raw_socket ())) | 508 | if (-1 == (rawsock = make_raw_socket ())) |
499 | return 3; | 509 | return 3; |
500 | send_icmp (&external, &target); | 510 | if (!privilege_testing){ |
501 | send_icmp_udp (&external, &target); | 511 | send_icmp (&external, &target); |
502 | closesocket (rawsock); | 512 | send_icmp_udp (&external, &target); |
513 | } | ||
514 | closesocket (rawsock); | ||
503 | WSACleanup (); | 515 | WSACleanup (); |
504 | return 0; | 516 | return 0; |
505 | } | 517 | } |
diff --git a/src/nat/gnunet-helper-nat-server-windows.c b/src/nat/gnunet-helper-nat-server-windows.c index d970ffd70..fb564a188 100644 --- a/src/nat/gnunet-helper-nat-server-windows.c +++ b/src/nat/gnunet-helper-nat-server-windows.c | |||
@@ -188,6 +188,11 @@ struct udp_header | |||
188 | }; | 188 | }; |
189 | 189 | ||
190 | /** | 190 | /** |
191 | * Will this binary be run in permissions testing mode? | ||
192 | */ | ||
193 | static boolean privilege_testing = FALSE; | ||
194 | |||
195 | /** | ||
191 | * Socket we use to receive "fake" ICMP replies. | 196 | * Socket we use to receive "fake" ICMP replies. |
192 | */ | 197 | */ |
193 | static SOCKET icmpsock; | 198 | static SOCKET icmpsock; |
@@ -526,9 +531,15 @@ main (int argc, char *const *argv) | |||
526 | fd_set rs; | 531 | fd_set rs; |
527 | struct timeval tv; | 532 | struct timeval tv; |
528 | WSADATA wsaData; | 533 | WSADATA wsaData; |
529 | unsigned int alt; | 534 | unsigned int alt = 0; |
530 | 535 | ||
531 | alt = 0; | 536 | if (argc > 1 && 0 != strcmp (argv[1], "-d")){ |
537 | privilege_testing = TRUE; | ||
538 | fprintf (stderr, "DEBUG: Running binary in privilege testing mode.", argv[0]); | ||
539 | argv++; | ||
540 | argc--; | ||
541 | } | ||
542 | |||
532 | if (2 != argc) | 543 | if (2 != argc) |
533 | { | 544 | { |
534 | fprintf (stderr, | 545 | fprintf (stderr, |
@@ -566,7 +577,8 @@ main (int argc, char *const *argv) | |||
566 | closesocket (rawsock); | 577 | closesocket (rawsock); |
567 | return 3; | 578 | return 3; |
568 | } | 579 | } |
569 | while (1) | 580 | |
581 | while ( ! privilege_testing) | ||
570 | { | 582 | { |
571 | FD_ZERO (&rs); | 583 | FD_ZERO (&rs); |
572 | FD_SET (icmpsock, &rs); | 584 | FD_SET (icmpsock, &rs); |
@@ -591,6 +603,8 @@ main (int argc, char *const *argv) | |||
591 | closesocket (rawsock); | 603 | closesocket (rawsock); |
592 | closesocket (udpsock); | 604 | closesocket (udpsock); |
593 | WSACleanup (); | 605 | WSACleanup (); |
606 | if (privilege_testing) | ||
607 | return 0; | ||
594 | return 4; | 608 | return 4; |
595 | } | 609 | } |
596 | 610 | ||
diff --git a/src/nat/nat.c b/src/nat/nat.c index dd63224c0..fd9d5eaa0 100644 --- a/src/nat/nat.c +++ b/src/nat/nat.c | |||
@@ -1171,7 +1171,7 @@ GNUNET_NAT_register (const struct GNUNET_CONFIGURATION_Handle *cfg, int is_tcp, | |||
1171 | binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-nat-server"); | 1171 | binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-nat-server"); |
1172 | if ((h->behind_nat == GNUNET_YES) && (GNUNET_YES == h->enable_nat_server) && | 1172 | if ((h->behind_nat == GNUNET_YES) && (GNUNET_YES == h->enable_nat_server) && |
1173 | (GNUNET_YES != | 1173 | (GNUNET_YES != |
1174 | GNUNET_OS_check_helper_binary (binary))) | 1174 | GNUNET_OS_check_helper_binary (binary, TRUE, NULL))) // FIXME: CF: add test-parameters |
1175 | { | 1175 | { |
1176 | h->enable_nat_server = GNUNET_NO; | 1176 | h->enable_nat_server = GNUNET_NO; |
1177 | LOG (GNUNET_ERROR_TYPE_WARNING, | 1177 | LOG (GNUNET_ERROR_TYPE_WARNING, |
@@ -1183,7 +1183,7 @@ GNUNET_NAT_register (const struct GNUNET_CONFIGURATION_Handle *cfg, int is_tcp, | |||
1183 | binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-nat-client"); | 1183 | binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-nat-client"); |
1184 | if ((GNUNET_YES == h->enable_nat_client) && | 1184 | if ((GNUNET_YES == h->enable_nat_client) && |
1185 | (GNUNET_YES != | 1185 | (GNUNET_YES != |
1186 | GNUNET_OS_check_helper_binary (binary))) | 1186 | GNUNET_OS_check_helper_binary (binary, TRUE, NULL))) // FIXME: CF: add test-parameters |
1187 | { | 1187 | { |
1188 | h->enable_nat_client = GNUNET_NO; | 1188 | h->enable_nat_client = GNUNET_NO; |
1189 | LOG (GNUNET_ERROR_TYPE_WARNING, | 1189 | LOG (GNUNET_ERROR_TYPE_WARNING, |
diff --git a/src/nat/nat_auto.c b/src/nat/nat_auto.c index baa1cc78d..f382a9ac6 100644 --- a/src/nat/nat_auto.c +++ b/src/nat/nat_auto.c | |||
@@ -392,7 +392,7 @@ test_upnpc (struct GNUNET_NAT_AutoHandle *ah) | |||
392 | 392 | ||
393 | /* test if upnpc is available */ | 393 | /* test if upnpc is available */ |
394 | have_upnpc = (GNUNET_SYSERR != | 394 | have_upnpc = (GNUNET_SYSERR != |
395 | GNUNET_OS_check_helper_binary ("upnpc")); | 395 | GNUNET_OS_check_helper_binary ("upnpc", FALSE, NULL)); |
396 | /* FIXME: test if upnpc is actually working, that is, if transports | 396 | /* FIXME: test if upnpc is actually working, that is, if transports |
397 | start to work once we use UPnP */ | 397 | start to work once we use UPnP */ |
398 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | 398 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
@@ -426,7 +426,7 @@ test_icmp_server (struct GNUNET_NAT_AutoHandle *ah) | |||
426 | (GNUNET_YES == | 426 | (GNUNET_YES == |
427 | GNUNET_CONFIGURATION_get_value_yesno (ah->cfg, "nat", "BEHIND_NAT")) && | 427 | GNUNET_CONFIGURATION_get_value_yesno (ah->cfg, "nat", "BEHIND_NAT")) && |
428 | (GNUNET_YES == | 428 | (GNUNET_YES == |
429 | GNUNET_OS_check_helper_binary (binary))); | 429 | GNUNET_OS_check_helper_binary (binary, TRUE, NULL))); // FIXME: CF: add test-parameters |
430 | GNUNET_free_non_null (tmp); | 430 | GNUNET_free_non_null (tmp); |
431 | GNUNET_free (binary); | 431 | GNUNET_free (binary); |
432 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | 432 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
@@ -461,7 +461,7 @@ test_icmp_client (struct GNUNET_NAT_AutoHandle *ah) | |||
461 | (GNUNET_YES != | 461 | (GNUNET_YES != |
462 | GNUNET_CONFIGURATION_get_value_yesno (ah->cfg, "nat", "BEHIND_NAT")) && | 462 | GNUNET_CONFIGURATION_get_value_yesno (ah->cfg, "nat", "BEHIND_NAT")) && |
463 | (GNUNET_YES == | 463 | (GNUNET_YES == |
464 | GNUNET_OS_check_helper_binary (binary))); | 464 | GNUNET_OS_check_helper_binary (binary, TRUE, NULL))); // FIXME: CF: add test-parameters |
465 | GNUNET_free_non_null (tmp); | 465 | GNUNET_free_non_null (tmp); |
466 | GNUNET_free (binary); | 466 | GNUNET_free (binary); |
467 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | 467 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
diff --git a/src/nat/nat_mini.c b/src/nat/nat_mini.c index fbb6e769a..29b26ee28 100644 --- a/src/nat/nat_mini.c +++ b/src/nat/nat_mini.c | |||
@@ -164,7 +164,7 @@ GNUNET_NAT_mini_get_external_ipv4 (struct GNUNET_TIME_Relative timeout, | |||
164 | { | 164 | { |
165 | struct GNUNET_NAT_ExternalHandle *eh; | 165 | struct GNUNET_NAT_ExternalHandle *eh; |
166 | 166 | ||
167 | if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary ("external-ip")) | 167 | if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary ("external-ip", FALSE, NULL)) |
168 | { | 168 | { |
169 | LOG (GNUNET_ERROR_TYPE_INFO, | 169 | LOG (GNUNET_ERROR_TYPE_INFO, |
170 | _("`external-ip' command not found\n")); | 170 | _("`external-ip' command not found\n")); |
@@ -499,7 +499,7 @@ GNUNET_NAT_mini_map_start (uint16_t port, int is_tcp, | |||
499 | struct GNUNET_NAT_MiniHandle *ret; | 499 | struct GNUNET_NAT_MiniHandle *ret; |
500 | char pstr[6]; | 500 | char pstr[6]; |
501 | 501 | ||
502 | if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary ("upnpc")) | 502 | if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary ("upnpc", FALSE, NULL)) |
503 | { | 503 | { |
504 | LOG (GNUNET_ERROR_TYPE_INFO, | 504 | LOG (GNUNET_ERROR_TYPE_INFO, |
505 | _("`upnpc' command not found\n")); | 505 | _("`upnpc' command not found\n")); |
diff --git a/src/nat/test_nat_test.c b/src/nat/test_nat_test.c index c213ffa1e..7d4964b5c 100644 --- a/src/nat/test_nat_test.c +++ b/src/nat/test_nat_test.c | |||
@@ -92,7 +92,7 @@ main (int argc, char *const argv[]) | |||
92 | "WARNING", | 92 | "WARNING", |
93 | NULL); | 93 | NULL); |
94 | 94 | ||
95 | nat_res = GNUNET_OS_check_helper_binary ("gnunet-nat-server"); | 95 | nat_res = GNUNET_OS_check_helper_binary ("gnunet-nat-server", FALSE, NULL); |
96 | if (GNUNET_SYSERR == nat_res) | 96 | if (GNUNET_SYSERR == nat_res) |
97 | { | 97 | { |
98 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | 98 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |