extended the GNUNET_OS_check_helper_binary parameters to do previlege

checking in windows. To do so, tested binaries must still be supplied with valid commandline arguments, but on windows gnunet will utilize the -d flag to run the programs initialization phase or privileged operations only. In these modes, a program will not enter its mainloop or communicate with the outside. updated relevant function calls gnunet-wide to meet the extended function parameters.
author: Christian Fuchs <christian.fuchs@cfuchs.net> 2013-04-15 12:36:37 +0000
committer: Christian Fuchs <christian.fuchs@cfuchs.net> 2013-04-15 12:36:37 +0000
commit: ad68ae150f17cf6e0b2c605c9331cf0aedfce1d0 (patch)
tree: 9079e9ce1b942683e45f2f5212fe2f9ce1bd5d56 /src/vpn
parent: fbda84a3f00a667f4b149f00f9a7d330e5db54a8 (diff)
download: gnunet-ad68ae150f17cf6e0b2c605c9331cf0aedfce1d0.tar.gz
gnunet-ad68ae150f17cf6e0b2c605c9331cf0aedfce1d0.zip
2 files changed, 7 insertions, 12 deletions
diff --git a/src/vpn/gnunet-helper-vpn-windows.c b/src/vpn/gnunet-helper-vpn-windows.c
index 5166a055c..7dee53609 100644
--- a/src/vpn/gnunet-helper-vpn-windows.c
+++ b/src/vpn/gnunet-helper-vpn-windows.c
@@ -63,9 +63,9 @@
 #endif
 /**
- * Will this binary be run in dryrun-mode? 
+ * Will this binary be run in permissions testing mode? 
 */
-static BOOL dryrun = FALSE;
+static boolean privilege_testing = FALSE;
 /**
 * Maximum size of a GNUnet message (GNUNET_SERVER_MAX_MESSAGE_SIZE)
@@ -1356,8 +1356,8 @@ run (HANDLE tap_handle)
   * DHCP and such are all features we will never use in gnunet afaik.
   * But for openvpn those are essential.
   */
-  if (! tun_up (tap_handle))
+  if ((privilege_testing) || (! tun_up (tap_handle))
-    return;
+    goto teardown_final;
  /* Initialize our overlapped IO structures*/
  if (! (initialize_io_facility (&tap_read, IOSTATE_READY, FALSE)
@@ -1412,9 +1412,6 @@ run (HANDLE tap_handle)
    }
 #endif
-  if (dryrun)
-    goto teardown;
-  
  fprintf (stderr, "DEBUG: mainloop has begun\n");
  while (std_out.path_open || tap_write.path_open)
@@ -1441,9 +1438,7 @@ teardown:
  CancelIo (tap_handle);
  CancelIo (std_in.handle);
  CancelIo (std_out.handle);
 teardown_final:
-      
  CloseHandle (tap_handle);
 }
@@ -1470,8 +1465,8 @@ main (int argc, char **argv)
  BOOL have_ip6 = FALSE;
  
  if (argc > 1 && 0 != strcmp (argv[1], "-d")){
-      dryrun = TRUE;
+      privilege_testing = TRUE;
-      fprintf (stderr, "DEBUG: Running binary in dryrun mode.", argv[0]);
+      fprintf (stderr, "DEBUG: Running binary in privilege testing mode.", argv[0]);
      argv++;
      argc--;
    }
diff --git a/src/vpn/gnunet-service-vpn.c b/src/vpn/gnunet-service-vpn.c
index 1a46f0b5e..e3bc8a49c 100644
--- a/src/vpn/gnunet-service-vpn.c
+++ b/src/vpn/gnunet-service-vpn.c
@@ -3062,7 +3062,7 @@ run (void *cls,
  binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-vpn");
  if (GNUNET_YES !=
-      GNUNET_OS_check_helper_binary (binary))
+      GNUNET_OS_check_helper_binary (binary, TRUE, NULL)) // FIXME: CF: add test-parameters
  {
    fprintf (stderr,
             "`%s' is not SUID, refusing to run.\n",
author	Christian Fuchs <christian.fuchs@cfuchs.net>	2013-04-15 12:36:37 +0000
committer	Christian Fuchs <christian.fuchs@cfuchs.net>	2013-04-15 12:36:37 +0000
commit	ad68ae150f17cf6e0b2c605c9331cf0aedfce1d0 (patch)
tree	9079e9ce1b942683e45f2f5212fe2f9ce1bd5d56 /src/vpn
parent	fbda84a3f00a667f4b149f00f9a7d330e5db54a8 (diff)
download	gnunet-ad68ae150f17cf6e0b2c605c9331cf0aedfce1d0.tar.gz gnunet-ad68ae150f17cf6e0b2c605c9331cf0aedfce1d0.zip