extended the GNUNET_OS_check_helper_binary parameters to do previlege

checking in windows. To do so, tested binaries must still be supplied with valid commandline arguments, but on windows gnunet will utilize the -d flag to run the programs initialization phase or privileged operations only. In these modes, a program will not enter its mainloop or communicate with the outside. updated relevant function calls gnunet-wide to meet the extended function parameters.
author: Christian Fuchs <christian.fuchs@cfuchs.net> 2013-04-15 12:36:37 +0000
committer: Christian Fuchs <christian.fuchs@cfuchs.net> 2013-04-15 12:36:37 +0000
commit: ad68ae150f17cf6e0b2c605c9331cf0aedfce1d0 (patch)
tree: 9079e9ce1b942683e45f2f5212fe2f9ce1bd5d56 /src/nat
parent: fbda84a3f00a667f4b149f00f9a7d330e5db54a8 (diff)
download: gnunet-ad68ae150f17cf6e0b2c605c9331cf0aedfce1d0.tar.gz
gnunet-ad68ae150f17cf6e0b2c605c9331cf0aedfce1d0.zip
7 files changed, 44 insertions, 18 deletions
diff --git a/src/nat/Makefile.am b/src/nat/Makefile.am
index 1b57ab63e..e27611ba9 100644
--- a/src/nat/Makefile.am
+++ b/src/nat/Makefile.am
@@ -15,9 +15,9 @@ dist_pkgcfg_DATA = \
  nat.conf
 if LINUX
-NATBIN = gnunet-helper-nat-server gnunet-helper-nat-client
+  NATBIN = gnunet-helper-nat-server gnunet-helper-nat-client
-NATSERVER = gnunet-helper-nat-server.c
+  NATSERVER = gnunet-helper-nat-server.c
-NATCLIENT = gnunet-helper-nat-client.c
+  NATCLIENT = gnunet-helper-nat-client.c
 install-exec-hook:
        $(top_srcdir)/src/nat/install-nat-helper.sh $(libexecdir) $(SUDO_BINARY) || true
 else
diff --git a/src/nat/gnunet-helper-nat-client-windows.c b/src/nat/gnunet-helper-nat-client-windows.c
index 47fbc0b86..b28b28584 100644
--- a/src/nat/gnunet-helper-nat-client-windows.c
+++ b/src/nat/gnunet-helper-nat-client-windows.c
@@ -167,6 +167,10 @@ struct udp_header
  uint16_t crc;
 };
+/**
+ * Will this binary be run in permissions testing mode? 
+ */
+static boolean privilege_testing = FALSE;
 /**
 * Socket we use to send our ICMP packets.
@@ -463,8 +467,14 @@ main (int argc, char *const *argv)
  struct in_addr external;
  struct in_addr target;
  WSADATA wsaData;
  unsigned int p;
+  
+  if (argc > 1 && 0 != strcmp (argv[1], "-d")){
+      privilege_testing = TRUE;
+      fprintf (stderr, "DEBUG: Running binary in privilege testing mode.", argv[0]);
+      argv++;
+      argc--;
+    }
  if (argc != 4)
  {
@@ -497,9 +507,11 @@ main (int argc, char *const *argv)
  }
  if (-1 == (rawsock = make_raw_socket ()))
    return 3;
-  send_icmp (&external, &target);
+  if (!privilege_testing){
-  send_icmp_udp (&external, &target);
+    send_icmp (&external, &target);
-  closesocket (rawsock);
+    send_icmp_udp (&external, &target);
+  }
+  closesocket (rawsock); 
  WSACleanup ();
  return 0;
 }
diff --git a/src/nat/gnunet-helper-nat-server-windows.c b/src/nat/gnunet-helper-nat-server-windows.c
index d970ffd70..fb564a188 100644
--- a/src/nat/gnunet-helper-nat-server-windows.c
+++ b/src/nat/gnunet-helper-nat-server-windows.c
@@ -188,6 +188,11 @@ struct udp_header
 };
 /**
+ * Will this binary be run in permissions testing mode? 
+ */
+static boolean privilege_testing = FALSE;
+/**
 * Socket we use to receive "fake" ICMP replies.
 */
 static SOCKET icmpsock;
@@ -526,9 +531,15 @@ main (int argc, char *const *argv)
  fd_set rs;
  struct timeval tv;
  WSADATA wsaData;
-  unsigned int alt;
+  unsigned int alt = 0;
-  alt = 0;
+  if (argc > 1 && 0 != strcmp (argv[1], "-d")){
+      privilege_testing = TRUE;
+      fprintf (stderr, "DEBUG: Running binary in privilege testing mode.", argv[0]);
+      argv++;
+      argc--;
+    }
+  
  if (2 != argc)
  {
    fprintf (stderr,
@@ -566,7 +577,8 @@ main (int argc, char *const *argv)
    closesocket (rawsock);
    return 3;
  }
-  while (1)
+  while ( ! privilege_testing)
  {
    FD_ZERO (&rs);
    FD_SET (icmpsock, &rs);
@@ -591,6 +603,8 @@ main (int argc, char *const *argv)
  closesocket (rawsock);
  closesocket (udpsock);
  WSACleanup ();
+  if (privilege_testing)
+    return 0;
  return 4;
 }
diff --git a/src/nat/nat.c b/src/nat/nat.c
index dd63224c0..fd9d5eaa0 100644
--- a/src/nat/nat.c
+++ b/src/nat/nat.c
@@ -1171,7 +1171,7 @@ GNUNET_NAT_register (const struct GNUNET_CONFIGURATION_Handle *cfg, int is_tcp,
  binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-nat-server");
  if ((h->behind_nat == GNUNET_YES) && (GNUNET_YES == h->enable_nat_server) &&
      (GNUNET_YES !=
-       GNUNET_OS_check_helper_binary (binary)))
+       GNUNET_OS_check_helper_binary (binary, TRUE, NULL))) // FIXME: CF: add test-parameters
  {
    h->enable_nat_server = GNUNET_NO;
    LOG (GNUNET_ERROR_TYPE_WARNING,
@@ -1183,7 +1183,7 @@ GNUNET_NAT_register (const struct GNUNET_CONFIGURATION_Handle *cfg, int is_tcp,
  binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-nat-client");
  if ((GNUNET_YES == h->enable_nat_client) &&
      (GNUNET_YES !=
-       GNUNET_OS_check_helper_binary (binary)))
+       GNUNET_OS_check_helper_binary (binary, TRUE, NULL))) // FIXME: CF: add test-parameters
  {
    h->enable_nat_client = GNUNET_NO;
    LOG (GNUNET_ERROR_TYPE_WARNING,
diff --git a/src/nat/nat_auto.c b/src/nat/nat_auto.c
index baa1cc78d..f382a9ac6 100644
--- a/src/nat/nat_auto.c
+++ b/src/nat/nat_auto.c
@@ -392,7 +392,7 @@ test_upnpc (struct GNUNET_NAT_AutoHandle *ah)
  /* test if upnpc is available */
  have_upnpc = (GNUNET_SYSERR !=
-                GNUNET_OS_check_helper_binary ("upnpc"));
+                GNUNET_OS_check_helper_binary ("upnpc", FALSE, NULL));
  /* FIXME: test if upnpc is actually working, that is, if transports
     start to work once we use UPnP */
  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
@@ -426,7 +426,7 @@ test_icmp_server (struct GNUNET_NAT_AutoHandle *ah)
       (GNUNET_YES ==
        GNUNET_CONFIGURATION_get_value_yesno (ah->cfg, "nat", "BEHIND_NAT")) &&
       (GNUNET_YES ==
-        GNUNET_OS_check_helper_binary (binary)));
+        GNUNET_OS_check_helper_binary (binary, TRUE, NULL))); // FIXME: CF: add test-parameters
  GNUNET_free_non_null (tmp);
  GNUNET_free (binary);
  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
@@ -461,7 +461,7 @@ test_icmp_client (struct GNUNET_NAT_AutoHandle *ah)
       (GNUNET_YES !=
        GNUNET_CONFIGURATION_get_value_yesno (ah->cfg, "nat", "BEHIND_NAT")) &&
       (GNUNET_YES ==
-        GNUNET_OS_check_helper_binary (binary)));
+        GNUNET_OS_check_helper_binary (binary, TRUE, NULL))); // FIXME: CF: add test-parameters
  GNUNET_free_non_null (tmp);
  GNUNET_free (binary);
  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
diff --git a/src/nat/nat_mini.c b/src/nat/nat_mini.c
index fbb6e769a..29b26ee28 100644
--- a/src/nat/nat_mini.c
+++ b/src/nat/nat_mini.c
@@ -164,7 +164,7 @@ GNUNET_NAT_mini_get_external_ipv4 (struct GNUNET_TIME_Relative timeout,
 {
  struct GNUNET_NAT_ExternalHandle *eh;
-  if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary ("external-ip"))
+  if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary ("external-ip", FALSE, NULL))
  {
    LOG (GNUNET_ERROR_TYPE_INFO,
         _("`external-ip' command not found\n"));
@@ -499,7 +499,7 @@ GNUNET_NAT_mini_map_start (uint16_t port, int is_tcp,
  struct GNUNET_NAT_MiniHandle *ret;
  char pstr[6];
-  if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary ("upnpc"))
+  if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary ("upnpc", FALSE, NULL))
  {
    LOG (GNUNET_ERROR_TYPE_INFO,
         _("`upnpc' command not found\n"));
diff --git a/src/nat/test_nat_test.c b/src/nat/test_nat_test.c
index c213ffa1e..7d4964b5c 100644
--- a/src/nat/test_nat_test.c
+++ b/src/nat/test_nat_test.c
@@ -92,7 +92,7 @@ main (int argc, char *const argv[])
                    "WARNING",
                    NULL);
-  nat_res = GNUNET_OS_check_helper_binary ("gnunet-nat-server");
+  nat_res = GNUNET_OS_check_helper_binary ("gnunet-nat-server", FALSE, NULL);
  if (GNUNET_SYSERR == nat_res)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
author	Christian Fuchs <christian.fuchs@cfuchs.net>	2013-04-15 12:36:37 +0000
committer	Christian Fuchs <christian.fuchs@cfuchs.net>	2013-04-15 12:36:37 +0000
commit	ad68ae150f17cf6e0b2c605c9331cf0aedfce1d0 (patch)
tree	9079e9ce1b942683e45f2f5212fe2f9ce1bd5d56 /src/nat
parent	fbda84a3f00a667f4b149f00f9a7d330e5db54a8 (diff)
download	gnunet-ad68ae150f17cf6e0b2c605c9331cf0aedfce1d0.tar.gz gnunet-ad68ae150f17cf6e0b2c605c9331cf0aedfce1d0.zip

diff --git a/src/nat/Makefile.am b/src/nat/Makefile.am index 1b57ab63e..e27611ba9 100644 --- a/src/nat/Makefile.am +++ b/src/nat/Makefile.am
@@ -15,9 +15,9 @@ dist_pkgcfg_DATA = \
15	nat.conf	15	nat.conf
16		16
17	if LINUX	17	if LINUX
18	NATBIN = gnunet-helper-nat-server gnunet-helper-nat-client	18	NATBIN = gnunet-helper-nat-server gnunet-helper-nat-client
19	NATSERVER = gnunet-helper-nat-server.c	19	NATSERVER = gnunet-helper-nat-server.c
20	NATCLIENT = gnunet-helper-nat-client.c	20	NATCLIENT = gnunet-helper-nat-client.c
21	install-exec-hook:	21	install-exec-hook:
22	$(top_srcdir)/src/nat/install-nat-helper.sh $(libexecdir) $(SUDO_BINARY) \|\| true	22	$(top_srcdir)/src/nat/install-nat-helper.sh $(libexecdir) $(SUDO_BINARY) \|\| true
23	else	23	else


diff --git a/src/nat/gnunet-helper-nat-client-windows.c b/src/nat/gnunet-helper-nat-client-windows.c index 47fbc0b86..b28b28584 100644 --- a/src/nat/gnunet-helper-nat-client-windows.c +++ b/src/nat/gnunet-helper-nat-client-windows.c
@@ -167,6 +167,10 @@ struct udp_header
167	uint16_t crc;	167	uint16_t crc;
168	};	168	};
169		169
		170	/**
		171	* Will this binary be run in permissions testing mode?
		172	*/
		173	static boolean privilege_testing = FALSE;
170		174
171	/**	175	/**
172	* Socket we use to send our ICMP packets.	176	* Socket we use to send our ICMP packets.
@@ -463,8 +467,14 @@ main (int argc, char const argv)
463	struct in_addr external;	467	struct in_addr external;
464	struct in_addr target;	468	struct in_addr target;
465	WSADATA wsaData;	469	WSADATA wsaData;
466
467	unsigned int p;	470	unsigned int p;
		471
		472	if (argc > 1 && 0 != strcmp (argv[1], "-d")){
		473	privilege_testing = TRUE;
		474	fprintf (stderr, "DEBUG: Running binary in privilege testing mode.", argv[0]);
		475	argv++;
		476	argc--;
		477	}
468		478
469	if (argc != 4)	479	if (argc != 4)
470	{	480	{
@@ -497,9 +507,11 @@ main (int argc, char const argv)
497	}	507	}
498	if (-1 == (rawsock = make_raw_socket ()))	508	if (-1 == (rawsock = make_raw_socket ()))
499	return 3;	509	return 3;
500	send_icmp (&external, &target);	510	if (!privilege_testing){
501	send_icmp_udp (&external, &target);	511	send_icmp (&external, &target);
502	closesocket (rawsock);	512	send_icmp_udp (&external, &target);
		513	}
		514	closesocket (rawsock);
503	WSACleanup ();	515	WSACleanup ();
504	return 0;	516	return 0;
505	}	517	}


diff --git a/src/nat/gnunet-helper-nat-server-windows.c b/src/nat/gnunet-helper-nat-server-windows.c index d970ffd70..fb564a188 100644 --- a/src/nat/gnunet-helper-nat-server-windows.c +++ b/src/nat/gnunet-helper-nat-server-windows.c
@@ -188,6 +188,11 @@ struct udp_header
188	};	188	};
189		189
190	/**	190	/**
		191	* Will this binary be run in permissions testing mode?
		192	*/
		193	static boolean privilege_testing = FALSE;
		194
		195	/**
191	* Socket we use to receive "fake" ICMP replies.	196	* Socket we use to receive "fake" ICMP replies.
192	*/	197	*/
193	static SOCKET icmpsock;	198	static SOCKET icmpsock;
@@ -526,9 +531,15 @@ main (int argc, char const argv)
526	fd_set rs;	531	fd_set rs;
527	struct timeval tv;	532	struct timeval tv;
528	WSADATA wsaData;	533	WSADATA wsaData;
529	unsigned int alt;	534	unsigned int alt = 0;
530		535
531	alt = 0;	536	if (argc > 1 && 0 != strcmp (argv[1], "-d")){
		537	privilege_testing = TRUE;
		538	fprintf (stderr, "DEBUG: Running binary in privilege testing mode.", argv[0]);
		539	argv++;
		540	argc--;
		541	}
		542
532	if (2 != argc)	543	if (2 != argc)
533	{	544	{
534	fprintf (stderr,	545	fprintf (stderr,
@@ -566,7 +577,8 @@ main (int argc, char const argv)
566	closesocket (rawsock);	577	closesocket (rawsock);
567	return 3;	578	return 3;
568	}	579	}
569	while (1)	580
		581	while ( ! privilege_testing)
570	{	582	{
571	FD_ZERO (&rs);	583	FD_ZERO (&rs);
572	FD_SET (icmpsock, &rs);	584	FD_SET (icmpsock, &rs);
@@ -591,6 +603,8 @@ main (int argc, char const argv)
591	closesocket (rawsock);	603	closesocket (rawsock);
592	closesocket (udpsock);	604	closesocket (udpsock);
593	WSACleanup ();	605	WSACleanup ();
		606	if (privilege_testing)
		607	return 0;
594	return 4;	608	return 4;
595	}	609	}
596		610


diff --git a/src/nat/nat.c b/src/nat/nat.c index dd63224c0..fd9d5eaa0 100644 --- a/src/nat/nat.c +++ b/src/nat/nat.c
@@ -1171,7 +1171,7 @@ GNUNET_NAT_register (const struct GNUNET_CONFIGURATION_Handle *cfg, int is_tcp,
1171	binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-nat-server");	1171	binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-nat-server");
1172	if ((h->behind_nat == GNUNET_YES) && (GNUNET_YES == h->enable_nat_server) &&	1172	if ((h->behind_nat == GNUNET_YES) && (GNUNET_YES == h->enable_nat_server) &&
1173	(GNUNET_YES !=	1173	(GNUNET_YES !=
1174	GNUNET_OS_check_helper_binary (binary)))	1174	GNUNET_OS_check_helper_binary (binary, TRUE, NULL))) // FIXME: CF: add test-parameters
1175	{	1175	{
1176	h->enable_nat_server = GNUNET_NO;	1176	h->enable_nat_server = GNUNET_NO;
1177	LOG (GNUNET_ERROR_TYPE_WARNING,	1177	LOG (GNUNET_ERROR_TYPE_WARNING,
@@ -1183,7 +1183,7 @@ GNUNET_NAT_register (const struct GNUNET_CONFIGURATION_Handle *cfg, int is_tcp,
1183	binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-nat-client");	1183	binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-nat-client");
1184	if ((GNUNET_YES == h->enable_nat_client) &&	1184	if ((GNUNET_YES == h->enable_nat_client) &&
1185	(GNUNET_YES !=	1185	(GNUNET_YES !=
1186	GNUNET_OS_check_helper_binary (binary)))	1186	GNUNET_OS_check_helper_binary (binary, TRUE, NULL))) // FIXME: CF: add test-parameters
1187	{	1187	{
1188	h->enable_nat_client = GNUNET_NO;	1188	h->enable_nat_client = GNUNET_NO;
1189	LOG (GNUNET_ERROR_TYPE_WARNING,	1189	LOG (GNUNET_ERROR_TYPE_WARNING,


diff --git a/src/nat/nat_auto.c b/src/nat/nat_auto.c index baa1cc78d..f382a9ac6 100644 --- a/src/nat/nat_auto.c +++ b/src/nat/nat_auto.c
@@ -392,7 +392,7 @@ test_upnpc (struct GNUNET_NAT_AutoHandle *ah)
392		392
393	/* test if upnpc is available */	393	/* test if upnpc is available */
394	have_upnpc = (GNUNET_SYSERR !=	394	have_upnpc = (GNUNET_SYSERR !=
395	GNUNET_OS_check_helper_binary ("upnpc"));	395	GNUNET_OS_check_helper_binary ("upnpc", FALSE, NULL));
396	/* FIXME: test if upnpc is actually working, that is, if transports	396	/* FIXME: test if upnpc is actually working, that is, if transports
397	start to work once we use UPnP */	397	start to work once we use UPnP */
398	GNUNET_log (GNUNET_ERROR_TYPE_INFO,	398	GNUNET_log (GNUNET_ERROR_TYPE_INFO,
@@ -426,7 +426,7 @@ test_icmp_server (struct GNUNET_NAT_AutoHandle *ah)
426	(GNUNET_YES ==	426	(GNUNET_YES ==
427	GNUNET_CONFIGURATION_get_value_yesno (ah->cfg, "nat", "BEHIND_NAT")) &&	427	GNUNET_CONFIGURATION_get_value_yesno (ah->cfg, "nat", "BEHIND_NAT")) &&
428	(GNUNET_YES ==	428	(GNUNET_YES ==
429	GNUNET_OS_check_helper_binary (binary)));	429	GNUNET_OS_check_helper_binary (binary, TRUE, NULL))); // FIXME: CF: add test-parameters
430	GNUNET_free_non_null (tmp);	430	GNUNET_free_non_null (tmp);
431	GNUNET_free (binary);	431	GNUNET_free (binary);
432	GNUNET_log (GNUNET_ERROR_TYPE_INFO,	432	GNUNET_log (GNUNET_ERROR_TYPE_INFO,
@@ -461,7 +461,7 @@ test_icmp_client (struct GNUNET_NAT_AutoHandle *ah)
461	(GNUNET_YES !=	461	(GNUNET_YES !=
462	GNUNET_CONFIGURATION_get_value_yesno (ah->cfg, "nat", "BEHIND_NAT")) &&	462	GNUNET_CONFIGURATION_get_value_yesno (ah->cfg, "nat", "BEHIND_NAT")) &&
463	(GNUNET_YES ==	463	(GNUNET_YES ==
464	GNUNET_OS_check_helper_binary (binary)));	464	GNUNET_OS_check_helper_binary (binary, TRUE, NULL))); // FIXME: CF: add test-parameters
465	GNUNET_free_non_null (tmp);	465	GNUNET_free_non_null (tmp);
466	GNUNET_free (binary);	466	GNUNET_free (binary);
467	GNUNET_log (GNUNET_ERROR_TYPE_INFO,	467	GNUNET_log (GNUNET_ERROR_TYPE_INFO,


diff --git a/src/nat/nat_mini.c b/src/nat/nat_mini.c index fbb6e769a..29b26ee28 100644 --- a/src/nat/nat_mini.c +++ b/src/nat/nat_mini.c
@@ -164,7 +164,7 @@ GNUNET_NAT_mini_get_external_ipv4 (struct GNUNET_TIME_Relative timeout,
164	{	164	{
165	struct GNUNET_NAT_ExternalHandle *eh;	165	struct GNUNET_NAT_ExternalHandle *eh;
166		166
167	if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary ("external-ip"))	167	if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary ("external-ip", FALSE, NULL))
168	{	168	{
169	LOG (GNUNET_ERROR_TYPE_INFO,	169	LOG (GNUNET_ERROR_TYPE_INFO,
170	_("`external-ip' command not found\n"));	170	_("`external-ip' command not found\n"));
@@ -499,7 +499,7 @@ GNUNET_NAT_mini_map_start (uint16_t port, int is_tcp,
499	struct GNUNET_NAT_MiniHandle *ret;	499	struct GNUNET_NAT_MiniHandle *ret;
500	char pstr[6];	500	char pstr[6];
501		501
502	if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary ("upnpc"))	502	if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary ("upnpc", FALSE, NULL))
503	{	503	{
504	LOG (GNUNET_ERROR_TYPE_INFO,	504	LOG (GNUNET_ERROR_TYPE_INFO,
505	_("`upnpc' command not found\n"));	505	_("`upnpc' command not found\n"));


diff --git a/src/nat/test_nat_test.c b/src/nat/test_nat_test.c index c213ffa1e..7d4964b5c 100644 --- a/src/nat/test_nat_test.c +++ b/src/nat/test_nat_test.c
@@ -92,7 +92,7 @@ main (int argc, char *const argv[])
92	"WARNING",	92	"WARNING",
93	NULL);	93	NULL);
94		94
95	nat_res = GNUNET_OS_check_helper_binary ("gnunet-nat-server");	95	nat_res = GNUNET_OS_check_helper_binary ("gnunet-nat-server", FALSE, NULL);
96	if (GNUNET_SYSERR == nat_res)	96	if (GNUNET_SYSERR == nat_res)
97	{	97	{
98	GNUNET_log (GNUNET_ERROR_TYPE_WARNING,	98	GNUNET_log (GNUNET_ERROR_TYPE_WARNING,