diff options
author | Christian Fuchs <christian.fuchs@cfuchs.net> | 2013-04-15 12:36:37 +0000 |
---|---|---|
committer | Christian Fuchs <christian.fuchs@cfuchs.net> | 2013-04-15 12:36:37 +0000 |
commit | ad68ae150f17cf6e0b2c605c9331cf0aedfce1d0 (patch) | |
tree | 9079e9ce1b942683e45f2f5212fe2f9ce1bd5d56 /src/vpn | |
parent | fbda84a3f00a667f4b149f00f9a7d330e5db54a8 (diff) | |
download | gnunet-ad68ae150f17cf6e0b2c605c9331cf0aedfce1d0.tar.gz gnunet-ad68ae150f17cf6e0b2c605c9331cf0aedfce1d0.zip |
extended the GNUNET_OS_check_helper_binary parameters to do previlege
checking in windows. To do so, tested binaries must still be supplied
with valid commandline arguments, but on windows gnunet will utilize the
-d flag to run the programs initialization phase or privileged
operations only. In these modes, a program will not enter its mainloop
or communicate with the outside.
updated relevant function calls gnunet-wide to meet the extended
function parameters.
Diffstat (limited to 'src/vpn')
-rw-r--r-- | src/vpn/gnunet-helper-vpn-windows.c | 17 | ||||
-rw-r--r-- | src/vpn/gnunet-service-vpn.c | 2 |
2 files changed, 7 insertions, 12 deletions
diff --git a/src/vpn/gnunet-helper-vpn-windows.c b/src/vpn/gnunet-helper-vpn-windows.c index 5166a055c..7dee53609 100644 --- a/src/vpn/gnunet-helper-vpn-windows.c +++ b/src/vpn/gnunet-helper-vpn-windows.c | |||
@@ -63,9 +63,9 @@ | |||
63 | #endif | 63 | #endif |
64 | 64 | ||
65 | /** | 65 | /** |
66 | * Will this binary be run in dryrun-mode? | 66 | * Will this binary be run in permissions testing mode? |
67 | */ | 67 | */ |
68 | static BOOL dryrun = FALSE; | 68 | static boolean privilege_testing = FALSE; |
69 | 69 | ||
70 | /** | 70 | /** |
71 | * Maximum size of a GNUnet message (GNUNET_SERVER_MAX_MESSAGE_SIZE) | 71 | * Maximum size of a GNUnet message (GNUNET_SERVER_MAX_MESSAGE_SIZE) |
@@ -1356,8 +1356,8 @@ run (HANDLE tap_handle) | |||
1356 | * DHCP and such are all features we will never use in gnunet afaik. | 1356 | * DHCP and such are all features we will never use in gnunet afaik. |
1357 | * But for openvpn those are essential. | 1357 | * But for openvpn those are essential. |
1358 | */ | 1358 | */ |
1359 | if (! tun_up (tap_handle)) | 1359 | if ((privilege_testing) || (! tun_up (tap_handle)) |
1360 | return; | 1360 | goto teardown_final; |
1361 | 1361 | ||
1362 | /* Initialize our overlapped IO structures*/ | 1362 | /* Initialize our overlapped IO structures*/ |
1363 | if (! (initialize_io_facility (&tap_read, IOSTATE_READY, FALSE) | 1363 | if (! (initialize_io_facility (&tap_read, IOSTATE_READY, FALSE) |
@@ -1412,9 +1412,6 @@ run (HANDLE tap_handle) | |||
1412 | } | 1412 | } |
1413 | #endif | 1413 | #endif |
1414 | 1414 | ||
1415 | if (dryrun) | ||
1416 | goto teardown; | ||
1417 | |||
1418 | fprintf (stderr, "DEBUG: mainloop has begun\n"); | 1415 | fprintf (stderr, "DEBUG: mainloop has begun\n"); |
1419 | 1416 | ||
1420 | while (std_out.path_open || tap_write.path_open) | 1417 | while (std_out.path_open || tap_write.path_open) |
@@ -1441,9 +1438,7 @@ teardown: | |||
1441 | CancelIo (tap_handle); | 1438 | CancelIo (tap_handle); |
1442 | CancelIo (std_in.handle); | 1439 | CancelIo (std_in.handle); |
1443 | CancelIo (std_out.handle); | 1440 | CancelIo (std_out.handle); |
1444 | |||
1445 | teardown_final: | 1441 | teardown_final: |
1446 | |||
1447 | CloseHandle (tap_handle); | 1442 | CloseHandle (tap_handle); |
1448 | } | 1443 | } |
1449 | 1444 | ||
@@ -1470,8 +1465,8 @@ main (int argc, char **argv) | |||
1470 | BOOL have_ip6 = FALSE; | 1465 | BOOL have_ip6 = FALSE; |
1471 | 1466 | ||
1472 | if (argc > 1 && 0 != strcmp (argv[1], "-d")){ | 1467 | if (argc > 1 && 0 != strcmp (argv[1], "-d")){ |
1473 | dryrun = TRUE; | 1468 | privilege_testing = TRUE; |
1474 | fprintf (stderr, "DEBUG: Running binary in dryrun mode.", argv[0]); | 1469 | fprintf (stderr, "DEBUG: Running binary in privilege testing mode.", argv[0]); |
1475 | argv++; | 1470 | argv++; |
1476 | argc--; | 1471 | argc--; |
1477 | } | 1472 | } |
diff --git a/src/vpn/gnunet-service-vpn.c b/src/vpn/gnunet-service-vpn.c index 1a46f0b5e..e3bc8a49c 100644 --- a/src/vpn/gnunet-service-vpn.c +++ b/src/vpn/gnunet-service-vpn.c | |||
@@ -3062,7 +3062,7 @@ run (void *cls, | |||
3062 | binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-vpn"); | 3062 | binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-vpn"); |
3063 | 3063 | ||
3064 | if (GNUNET_YES != | 3064 | if (GNUNET_YES != |
3065 | GNUNET_OS_check_helper_binary (binary)) | 3065 | GNUNET_OS_check_helper_binary (binary, TRUE, NULL)) // FIXME: CF: add test-parameters |
3066 | { | 3066 | { |
3067 | fprintf (stderr, | 3067 | fprintf (stderr, |
3068 | "`%s' is not SUID, refusing to run.\n", | 3068 | "`%s' is not SUID, refusing to run.\n", |