diff options
author | Christian Fuchs <christian.fuchs@cfuchs.net> | 2013-04-15 12:36:37 +0000 |
---|---|---|
committer | Christian Fuchs <christian.fuchs@cfuchs.net> | 2013-04-15 12:36:37 +0000 |
commit | ad68ae150f17cf6e0b2c605c9331cf0aedfce1d0 (patch) | |
tree | 9079e9ce1b942683e45f2f5212fe2f9ce1bd5d56 /src | |
parent | fbda84a3f00a667f4b149f00f9a7d330e5db54a8 (diff) | |
download | gnunet-ad68ae150f17cf6e0b2c605c9331cf0aedfce1d0.tar.gz gnunet-ad68ae150f17cf6e0b2c605c9331cf0aedfce1d0.zip |
extended the GNUNET_OS_check_helper_binary parameters to do previlege
checking in windows. To do so, tested binaries must still be supplied
with valid commandline arguments, but on windows gnunet will utilize the
-d flag to run the programs initialization phase or privileged
operations only. In these modes, a program will not enter its mainloop
or communicate with the outside.
updated relevant function calls gnunet-wide to meet the extended
function parameters.
Diffstat (limited to 'src')
-rw-r--r-- | src/dns/gnunet-service-dns.c | 2 | ||||
-rw-r--r-- | src/exit/gnunet-daemon-exit.c | 2 | ||||
-rw-r--r-- | src/exit/gnunet-helper-exit-windows.c | 17 | ||||
-rw-r--r-- | src/gns/test_gns_proxy.c | 4 | ||||
-rw-r--r-- | src/include/gnunet_os_lib.h | 16 | ||||
-rw-r--r-- | src/nat/Makefile.am | 6 | ||||
-rw-r--r-- | src/nat/gnunet-helper-nat-client-windows.c | 20 | ||||
-rw-r--r-- | src/nat/gnunet-helper-nat-server-windows.c | 20 | ||||
-rw-r--r-- | src/nat/nat.c | 4 | ||||
-rw-r--r-- | src/nat/nat_auto.c | 6 | ||||
-rw-r--r-- | src/nat/nat_mini.c | 4 | ||||
-rw-r--r-- | src/nat/test_nat_test.c | 2 | ||||
-rw-r--r-- | src/pt/Makefile.am | 211 | ||||
-rw-r--r-- | src/pt/test_gns_vpn.c | 6 | ||||
-rw-r--r-- | src/pt/test_gnunet_vpn.c | 4 | ||||
-rw-r--r-- | src/transport/plugin_transport_wlan.c | 2 | ||||
-rw-r--r-- | src/util/os_installation.c | 79 | ||||
-rw-r--r-- | src/util/os_priority.c | 4 | ||||
-rw-r--r-- | src/vpn/gnunet-helper-vpn-windows.c | 17 | ||||
-rw-r--r-- | src/vpn/gnunet-service-vpn.c | 2 |
20 files changed, 252 insertions, 176 deletions
diff --git a/src/dns/gnunet-service-dns.c b/src/dns/gnunet-service-dns.c index d1689f4d2..a2d5354de 100644 --- a/src/dns/gnunet-service-dns.c +++ b/src/dns/gnunet-service-dns.c | |||
@@ -1043,7 +1043,7 @@ run (void *cls, struct GNUNET_SERVER_Handle *server, | |||
1043 | cfg = cfg_; | 1043 | cfg = cfg_; |
1044 | binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-dns"); | 1044 | binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-dns"); |
1045 | if (GNUNET_YES != | 1045 | if (GNUNET_YES != |
1046 | GNUNET_OS_check_helper_binary (binary)) | 1046 | GNUNET_OS_check_helper_binary (binary, TRUE, NULL)) |
1047 | { | 1047 | { |
1048 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 1048 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
1049 | _("`%s' must be installed SUID, refusing to run\n"), | 1049 | _("`%s' must be installed SUID, refusing to run\n"), |
diff --git a/src/exit/gnunet-daemon-exit.c b/src/exit/gnunet-daemon-exit.c index 877630fa8..2c5bb1ecd 100644 --- a/src/exit/gnunet-daemon-exit.c +++ b/src/exit/gnunet-daemon-exit.c | |||
@@ -3344,7 +3344,7 @@ run (void *cls, char *const *args GNUNET_UNUSED, | |||
3344 | { | 3344 | { |
3345 | binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-exit"); | 3345 | binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-exit"); |
3346 | if (GNUNET_YES != | 3346 | if (GNUNET_YES != |
3347 | GNUNET_OS_check_helper_binary (binary)) | 3347 | GNUNET_OS_check_helper_binary (binary, TRUE, NULL)) // FIXME: CF: add test-parameters |
3348 | { | 3348 | { |
3349 | GNUNET_free (binary); | 3349 | GNUNET_free (binary); |
3350 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 3350 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
diff --git a/src/exit/gnunet-helper-exit-windows.c b/src/exit/gnunet-helper-exit-windows.c index e6ade4ba3..dd6237bc6 100644 --- a/src/exit/gnunet-helper-exit-windows.c +++ b/src/exit/gnunet-helper-exit-windows.c | |||
@@ -63,9 +63,9 @@ | |||
63 | #endif | 63 | #endif |
64 | 64 | ||
65 | /** | 65 | /** |
66 | * Will this binary be run in dryrun-mode? | 66 | * Will this binary be run in permissions testing mode? |
67 | */ | 67 | */ |
68 | static BOOL dryrun = FALSE; | 68 | static boolean privilege_testing = FALSE; |
69 | 69 | ||
70 | /** | 70 | /** |
71 | * Maximum size of a GNUnet message (GNUNET_SERVER_MAX_MESSAGE_SIZE) | 71 | * Maximum size of a GNUnet message (GNUNET_SERVER_MAX_MESSAGE_SIZE) |
@@ -1357,9 +1357,9 @@ run (HANDLE tap_handle) | |||
1357 | * DHCP and such are all features we will never use in gnunet afaik. | 1357 | * DHCP and such are all features we will never use in gnunet afaik. |
1358 | * But for openvpn those are essential. | 1358 | * But for openvpn those are essential. |
1359 | */ | 1359 | */ |
1360 | if (! tun_up (tap_handle)) | 1360 | if ((privilege_testing) || (! tun_up (tap_handle) )) |
1361 | return; | 1361 | goto teardown_final; |
1362 | 1362 | ||
1363 | /* Initialize our overlapped IO structures*/ | 1363 | /* Initialize our overlapped IO structures*/ |
1364 | if (! (initialize_io_facility (&tap_read, IOSTATE_READY, FALSE) | 1364 | if (! (initialize_io_facility (&tap_read, IOSTATE_READY, FALSE) |
1365 | && initialize_io_facility (&tap_write, IOSTATE_WAITING, TRUE) | 1365 | && initialize_io_facility (&tap_write, IOSTATE_WAITING, TRUE) |
@@ -1412,8 +1412,6 @@ run (HANDLE tap_handle) | |||
1412 | goto teardown; | 1412 | goto teardown; |
1413 | } | 1413 | } |
1414 | #endif | 1414 | #endif |
1415 | if (dryrun) | ||
1416 | goto teardown; | ||
1417 | 1415 | ||
1418 | fprintf (stderr, "DEBUG: mainloop has begun\n"); | 1416 | fprintf (stderr, "DEBUG: mainloop has begun\n"); |
1419 | 1417 | ||
@@ -1471,11 +1469,12 @@ main (int argc, char **argv) | |||
1471 | BOOL have_nat44 = FALSE; | 1469 | BOOL have_nat44 = FALSE; |
1472 | 1470 | ||
1473 | if ( (1 < argc) && (0 != strcmp (argv[1], "-d"))){ | 1471 | if ( (1 < argc) && (0 != strcmp (argv[1], "-d"))){ |
1474 | dryrun = TRUE; | 1472 | privilege_testing = TRUE; |
1475 | fprintf (stderr, "DEBUG: Running binary in dryrun mode.", argv[0]); | 1473 | fprintf (stderr, "DEBUG: Running binary in privilege testing mode.", argv[0]); |
1476 | argv++; | 1474 | argv++; |
1477 | argc--; | 1475 | argc--; |
1478 | } | 1476 | } |
1477 | |||
1479 | if (6 != argc) | 1478 | if (6 != argc) |
1480 | { | 1479 | { |
1481 | fprintf (stderr, "FATAL: must supply 6 arguments\nUsage:\ngnunet-helper-exit [-d] <if name prefix> <uplink-interface name> <address6 or \"-\"> <netbits6> <address4 or \"-\"> <netmask4>\n", argv[0]); | 1480 | fprintf (stderr, "FATAL: must supply 6 arguments\nUsage:\ngnunet-helper-exit [-d] <if name prefix> <uplink-interface name> <address6 or \"-\"> <netbits6> <address4 or \"-\"> <netmask4>\n", argv[0]); |
diff --git a/src/gns/test_gns_proxy.c b/src/gns/test_gns_proxy.c index 1b904cec9..68830ca7f 100644 --- a/src/gns/test_gns_proxy.c +++ b/src/gns/test_gns_proxy.c | |||
@@ -446,13 +446,13 @@ main (int argc, char *const *argv) | |||
446 | { | 446 | { |
447 | char *binary; | 447 | char *binary; |
448 | 448 | ||
449 | if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary ("gnunet-gns-proxy")) | 449 | if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary ("gnunet-gns-proxy", FALSE, NULL)) |
450 | { | 450 | { |
451 | fprintf (stderr, "Proxy binary not in PATH... skipping!\n"); | 451 | fprintf (stderr, "Proxy binary not in PATH... skipping!\n"); |
452 | return 0; | 452 | return 0; |
453 | } | 453 | } |
454 | binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-dns"); | 454 | binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-dns"); |
455 | if (GNUNET_YES != GNUNET_OS_check_helper_binary (binary)) | 455 | if (GNUNET_YES != GNUNET_OS_check_helper_binary (binary, TRUE, NULL)) |
456 | { | 456 | { |
457 | fprintf (stderr, "DNS helper binary has wrong permissions... skipping!\n"); | 457 | fprintf (stderr, "DNS helper binary has wrong permissions... skipping!\n"); |
458 | GNUNET_free (binary); | 458 | GNUNET_free (binary); |
diff --git a/src/include/gnunet_os_lib.h b/src/include/gnunet_os_lib.h index e4bbab8a9..425c565ba 100644 --- a/src/include/gnunet_os_lib.h +++ b/src/include/gnunet_os_lib.h | |||
@@ -483,13 +483,19 @@ GNUNET_OS_install_parent_control_handler (void *cls, | |||
483 | * Attempts to find the file using the current | 483 | * Attempts to find the file using the current |
484 | * PATH environment variable as a search path. | 484 | * PATH environment variable as a search path. |
485 | * | 485 | * |
486 | * @param binary the name of the file to check | 486 | * @param binary the name of the file to check. |
487 | * @return GNUNET_YES if the file is SUID, | 487 | * W32: must not have an .exe suffix. |
488 | * GNUNET_NO if not SUID (but binary exists) | 488 | * @param check_suid input true if the binary should be checked for SUID (*nix) |
489 | * W32: checks if the program has sufficient privileges by executing this | ||
490 | * binary with the -d flag. -d omits a programs main loop and only | ||
491 | * executes all privileged operations in an binary. | ||
492 | * @param params parameters used for w32 privilege checking (can be NULL for != w32, or when not checking for suid/permissions ) | ||
493 | * @return GNUNET_YES if the file is SUID (*nix) or can be executed with current privileges (W32), | ||
494 | * GNUNET_NO if not SUID (but binary exists), | ||
489 | * GNUNET_SYSERR on error (no such binary or not executable) | 495 | * GNUNET_SYSERR on error (no such binary or not executable) |
490 | */ | 496 | */ |
491 | int | 497 | int |
492 | GNUNET_OS_check_helper_binary (const char *binary); | 498 | GNUNET_OS_check_helper_binary (const char *binary, const boolean check_suid, const char * params); |
493 | 499 | ||
494 | 500 | ||
495 | #if 0 /* keep Emacsens' auto-indent happy */ | 501 | #if 0 /* keep Emacsens' auto-indent happy */ |
diff --git a/src/nat/Makefile.am b/src/nat/Makefile.am index 1b57ab63e..e27611ba9 100644 --- a/src/nat/Makefile.am +++ b/src/nat/Makefile.am | |||
@@ -15,9 +15,9 @@ dist_pkgcfg_DATA = \ | |||
15 | nat.conf | 15 | nat.conf |
16 | 16 | ||
17 | if LINUX | 17 | if LINUX |
18 | NATBIN = gnunet-helper-nat-server gnunet-helper-nat-client | 18 | NATBIN = gnunet-helper-nat-server gnunet-helper-nat-client |
19 | NATSERVER = gnunet-helper-nat-server.c | 19 | NATSERVER = gnunet-helper-nat-server.c |
20 | NATCLIENT = gnunet-helper-nat-client.c | 20 | NATCLIENT = gnunet-helper-nat-client.c |
21 | install-exec-hook: | 21 | install-exec-hook: |
22 | $(top_srcdir)/src/nat/install-nat-helper.sh $(libexecdir) $(SUDO_BINARY) || true | 22 | $(top_srcdir)/src/nat/install-nat-helper.sh $(libexecdir) $(SUDO_BINARY) || true |
23 | else | 23 | else |
diff --git a/src/nat/gnunet-helper-nat-client-windows.c b/src/nat/gnunet-helper-nat-client-windows.c index 47fbc0b86..b28b28584 100644 --- a/src/nat/gnunet-helper-nat-client-windows.c +++ b/src/nat/gnunet-helper-nat-client-windows.c | |||
@@ -167,6 +167,10 @@ struct udp_header | |||
167 | uint16_t crc; | 167 | uint16_t crc; |
168 | }; | 168 | }; |
169 | 169 | ||
170 | /** | ||
171 | * Will this binary be run in permissions testing mode? | ||
172 | */ | ||
173 | static boolean privilege_testing = FALSE; | ||
170 | 174 | ||
171 | /** | 175 | /** |
172 | * Socket we use to send our ICMP packets. | 176 | * Socket we use to send our ICMP packets. |
@@ -463,8 +467,14 @@ main (int argc, char *const *argv) | |||
463 | struct in_addr external; | 467 | struct in_addr external; |
464 | struct in_addr target; | 468 | struct in_addr target; |
465 | WSADATA wsaData; | 469 | WSADATA wsaData; |
466 | |||
467 | unsigned int p; | 470 | unsigned int p; |
471 | |||
472 | if (argc > 1 && 0 != strcmp (argv[1], "-d")){ | ||
473 | privilege_testing = TRUE; | ||
474 | fprintf (stderr, "DEBUG: Running binary in privilege testing mode.", argv[0]); | ||
475 | argv++; | ||
476 | argc--; | ||
477 | } | ||
468 | 478 | ||
469 | if (argc != 4) | 479 | if (argc != 4) |
470 | { | 480 | { |
@@ -497,9 +507,11 @@ main (int argc, char *const *argv) | |||
497 | } | 507 | } |
498 | if (-1 == (rawsock = make_raw_socket ())) | 508 | if (-1 == (rawsock = make_raw_socket ())) |
499 | return 3; | 509 | return 3; |
500 | send_icmp (&external, &target); | 510 | if (!privilege_testing){ |
501 | send_icmp_udp (&external, &target); | 511 | send_icmp (&external, &target); |
502 | closesocket (rawsock); | 512 | send_icmp_udp (&external, &target); |
513 | } | ||
514 | closesocket (rawsock); | ||
503 | WSACleanup (); | 515 | WSACleanup (); |
504 | return 0; | 516 | return 0; |
505 | } | 517 | } |
diff --git a/src/nat/gnunet-helper-nat-server-windows.c b/src/nat/gnunet-helper-nat-server-windows.c index d970ffd70..fb564a188 100644 --- a/src/nat/gnunet-helper-nat-server-windows.c +++ b/src/nat/gnunet-helper-nat-server-windows.c | |||
@@ -188,6 +188,11 @@ struct udp_header | |||
188 | }; | 188 | }; |
189 | 189 | ||
190 | /** | 190 | /** |
191 | * Will this binary be run in permissions testing mode? | ||
192 | */ | ||
193 | static boolean privilege_testing = FALSE; | ||
194 | |||
195 | /** | ||
191 | * Socket we use to receive "fake" ICMP replies. | 196 | * Socket we use to receive "fake" ICMP replies. |
192 | */ | 197 | */ |
193 | static SOCKET icmpsock; | 198 | static SOCKET icmpsock; |
@@ -526,9 +531,15 @@ main (int argc, char *const *argv) | |||
526 | fd_set rs; | 531 | fd_set rs; |
527 | struct timeval tv; | 532 | struct timeval tv; |
528 | WSADATA wsaData; | 533 | WSADATA wsaData; |
529 | unsigned int alt; | 534 | unsigned int alt = 0; |
530 | 535 | ||
531 | alt = 0; | 536 | if (argc > 1 && 0 != strcmp (argv[1], "-d")){ |
537 | privilege_testing = TRUE; | ||
538 | fprintf (stderr, "DEBUG: Running binary in privilege testing mode.", argv[0]); | ||
539 | argv++; | ||
540 | argc--; | ||
541 | } | ||
542 | |||
532 | if (2 != argc) | 543 | if (2 != argc) |
533 | { | 544 | { |
534 | fprintf (stderr, | 545 | fprintf (stderr, |
@@ -566,7 +577,8 @@ main (int argc, char *const *argv) | |||
566 | closesocket (rawsock); | 577 | closesocket (rawsock); |
567 | return 3; | 578 | return 3; |
568 | } | 579 | } |
569 | while (1) | 580 | |
581 | while ( ! privilege_testing) | ||
570 | { | 582 | { |
571 | FD_ZERO (&rs); | 583 | FD_ZERO (&rs); |
572 | FD_SET (icmpsock, &rs); | 584 | FD_SET (icmpsock, &rs); |
@@ -591,6 +603,8 @@ main (int argc, char *const *argv) | |||
591 | closesocket (rawsock); | 603 | closesocket (rawsock); |
592 | closesocket (udpsock); | 604 | closesocket (udpsock); |
593 | WSACleanup (); | 605 | WSACleanup (); |
606 | if (privilege_testing) | ||
607 | return 0; | ||
594 | return 4; | 608 | return 4; |
595 | } | 609 | } |
596 | 610 | ||
diff --git a/src/nat/nat.c b/src/nat/nat.c index dd63224c0..fd9d5eaa0 100644 --- a/src/nat/nat.c +++ b/src/nat/nat.c | |||
@@ -1171,7 +1171,7 @@ GNUNET_NAT_register (const struct GNUNET_CONFIGURATION_Handle *cfg, int is_tcp, | |||
1171 | binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-nat-server"); | 1171 | binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-nat-server"); |
1172 | if ((h->behind_nat == GNUNET_YES) && (GNUNET_YES == h->enable_nat_server) && | 1172 | if ((h->behind_nat == GNUNET_YES) && (GNUNET_YES == h->enable_nat_server) && |
1173 | (GNUNET_YES != | 1173 | (GNUNET_YES != |
1174 | GNUNET_OS_check_helper_binary (binary))) | 1174 | GNUNET_OS_check_helper_binary (binary, TRUE, NULL))) // FIXME: CF: add test-parameters |
1175 | { | 1175 | { |
1176 | h->enable_nat_server = GNUNET_NO; | 1176 | h->enable_nat_server = GNUNET_NO; |
1177 | LOG (GNUNET_ERROR_TYPE_WARNING, | 1177 | LOG (GNUNET_ERROR_TYPE_WARNING, |
@@ -1183,7 +1183,7 @@ GNUNET_NAT_register (const struct GNUNET_CONFIGURATION_Handle *cfg, int is_tcp, | |||
1183 | binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-nat-client"); | 1183 | binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-nat-client"); |
1184 | if ((GNUNET_YES == h->enable_nat_client) && | 1184 | if ((GNUNET_YES == h->enable_nat_client) && |
1185 | (GNUNET_YES != | 1185 | (GNUNET_YES != |
1186 | GNUNET_OS_check_helper_binary (binary))) | 1186 | GNUNET_OS_check_helper_binary (binary, TRUE, NULL))) // FIXME: CF: add test-parameters |
1187 | { | 1187 | { |
1188 | h->enable_nat_client = GNUNET_NO; | 1188 | h->enable_nat_client = GNUNET_NO; |
1189 | LOG (GNUNET_ERROR_TYPE_WARNING, | 1189 | LOG (GNUNET_ERROR_TYPE_WARNING, |
diff --git a/src/nat/nat_auto.c b/src/nat/nat_auto.c index baa1cc78d..f382a9ac6 100644 --- a/src/nat/nat_auto.c +++ b/src/nat/nat_auto.c | |||
@@ -392,7 +392,7 @@ test_upnpc (struct GNUNET_NAT_AutoHandle *ah) | |||
392 | 392 | ||
393 | /* test if upnpc is available */ | 393 | /* test if upnpc is available */ |
394 | have_upnpc = (GNUNET_SYSERR != | 394 | have_upnpc = (GNUNET_SYSERR != |
395 | GNUNET_OS_check_helper_binary ("upnpc")); | 395 | GNUNET_OS_check_helper_binary ("upnpc", FALSE, NULL)); |
396 | /* FIXME: test if upnpc is actually working, that is, if transports | 396 | /* FIXME: test if upnpc is actually working, that is, if transports |
397 | start to work once we use UPnP */ | 397 | start to work once we use UPnP */ |
398 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | 398 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
@@ -426,7 +426,7 @@ test_icmp_server (struct GNUNET_NAT_AutoHandle *ah) | |||
426 | (GNUNET_YES == | 426 | (GNUNET_YES == |
427 | GNUNET_CONFIGURATION_get_value_yesno (ah->cfg, "nat", "BEHIND_NAT")) && | 427 | GNUNET_CONFIGURATION_get_value_yesno (ah->cfg, "nat", "BEHIND_NAT")) && |
428 | (GNUNET_YES == | 428 | (GNUNET_YES == |
429 | GNUNET_OS_check_helper_binary (binary))); | 429 | GNUNET_OS_check_helper_binary (binary, TRUE, NULL))); // FIXME: CF: add test-parameters |
430 | GNUNET_free_non_null (tmp); | 430 | GNUNET_free_non_null (tmp); |
431 | GNUNET_free (binary); | 431 | GNUNET_free (binary); |
432 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | 432 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
@@ -461,7 +461,7 @@ test_icmp_client (struct GNUNET_NAT_AutoHandle *ah) | |||
461 | (GNUNET_YES != | 461 | (GNUNET_YES != |
462 | GNUNET_CONFIGURATION_get_value_yesno (ah->cfg, "nat", "BEHIND_NAT")) && | 462 | GNUNET_CONFIGURATION_get_value_yesno (ah->cfg, "nat", "BEHIND_NAT")) && |
463 | (GNUNET_YES == | 463 | (GNUNET_YES == |
464 | GNUNET_OS_check_helper_binary (binary))); | 464 | GNUNET_OS_check_helper_binary (binary, TRUE, NULL))); // FIXME: CF: add test-parameters |
465 | GNUNET_free_non_null (tmp); | 465 | GNUNET_free_non_null (tmp); |
466 | GNUNET_free (binary); | 466 | GNUNET_free (binary); |
467 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | 467 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
diff --git a/src/nat/nat_mini.c b/src/nat/nat_mini.c index fbb6e769a..29b26ee28 100644 --- a/src/nat/nat_mini.c +++ b/src/nat/nat_mini.c | |||
@@ -164,7 +164,7 @@ GNUNET_NAT_mini_get_external_ipv4 (struct GNUNET_TIME_Relative timeout, | |||
164 | { | 164 | { |
165 | struct GNUNET_NAT_ExternalHandle *eh; | 165 | struct GNUNET_NAT_ExternalHandle *eh; |
166 | 166 | ||
167 | if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary ("external-ip")) | 167 | if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary ("external-ip", FALSE, NULL)) |
168 | { | 168 | { |
169 | LOG (GNUNET_ERROR_TYPE_INFO, | 169 | LOG (GNUNET_ERROR_TYPE_INFO, |
170 | _("`external-ip' command not found\n")); | 170 | _("`external-ip' command not found\n")); |
@@ -499,7 +499,7 @@ GNUNET_NAT_mini_map_start (uint16_t port, int is_tcp, | |||
499 | struct GNUNET_NAT_MiniHandle *ret; | 499 | struct GNUNET_NAT_MiniHandle *ret; |
500 | char pstr[6]; | 500 | char pstr[6]; |
501 | 501 | ||
502 | if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary ("upnpc")) | 502 | if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary ("upnpc", FALSE, NULL)) |
503 | { | 503 | { |
504 | LOG (GNUNET_ERROR_TYPE_INFO, | 504 | LOG (GNUNET_ERROR_TYPE_INFO, |
505 | _("`upnpc' command not found\n")); | 505 | _("`upnpc' command not found\n")); |
diff --git a/src/nat/test_nat_test.c b/src/nat/test_nat_test.c index c213ffa1e..7d4964b5c 100644 --- a/src/nat/test_nat_test.c +++ b/src/nat/test_nat_test.c | |||
@@ -92,7 +92,7 @@ main (int argc, char *const argv[]) | |||
92 | "WARNING", | 92 | "WARNING", |
93 | NULL); | 93 | NULL); |
94 | 94 | ||
95 | nat_res = GNUNET_OS_check_helper_binary ("gnunet-nat-server"); | 95 | nat_res = GNUNET_OS_check_helper_binary ("gnunet-nat-server", FALSE, NULL); |
96 | if (GNUNET_SYSERR == nat_res) | 96 | if (GNUNET_SYSERR == nat_res) |
97 | { | 97 | { |
98 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | 98 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
diff --git a/src/pt/Makefile.am b/src/pt/Makefile.am index b9a8e497c..ed7892fe0 100644 --- a/src/pt/Makefile.am +++ b/src/pt/Makefile.am | |||
@@ -1,102 +1,109 @@ | |||
1 | INCLUDES = -I$(top_srcdir)/src/include | 1 | INCLUDES = -I$(top_srcdir)/src/include |
2 | 2 | ||
3 | if MINGW | 3 | if MINGW |
4 | WINFLAGS = -Wl,--no-undefined -Wl,--export-all-symbols | 4 | WINFLAGS = -Wl,--no-undefined -Wl,--export-all-symbols |
5 | endif | 5 | endif |
6 | 6 | ||
7 | if USE_COVERAGE | 7 | if USE_COVERAGE |
8 | AM_CFLAGS = --coverage -O0 | 8 | AM_CFLAGS = --coverage -O0 |
9 | endif | 9 | endif |
10 | 10 | ||
11 | pkgcfgdir= $(pkgdatadir)/config.d/ | 11 | pkgcfgdir= $(pkgdatadir)/config.d/ |
12 | 12 | ||
13 | libexecdir= $(pkglibdir)/libexec/ | 13 | libexecdir= $(pkglibdir)/libexec/ |
14 | 14 | ||
15 | plugindir = $(libdir)/gnunet | 15 | plugindir = $(libdir)/gnunet |
16 | 16 | ||
17 | dist_pkgcfg_DATA = \ | 17 | dist_pkgcfg_DATA = \ |
18 | pt.conf | 18 | pt.conf |
19 | 19 | ||
20 | libexec_PROGRAMS = \ | 20 | libexec_PROGRAMS = \ |
21 | gnunet-daemon-pt | 21 | gnunet-daemon-pt |
22 | 22 | ||
23 | gnunet_daemon_pt_SOURCES = \ | 23 | gnunet_daemon_pt_SOURCES = \ |
24 | gnunet-daemon-pt.c | 24 | gnunet-daemon-pt.c |
25 | gnunet_daemon_pt_LDADD = \ | 25 | gnunet_daemon_pt_LDADD = \ |
26 | $(top_builddir)/src/vpn/libgnunetvpn.la \ | 26 | $(top_builddir)/src/vpn/libgnunetvpn.la \ |
27 | $(top_builddir)/src/mesh/libgnunetmesh.la \ | 27 | $(top_builddir)/src/mesh/libgnunetmesh.la \ |
28 | $(top_builddir)/src/dns/libgnunetdns.la \ | 28 | $(top_builddir)/src/dns/libgnunetdns.la \ |
29 | $(top_builddir)/src/dns/libgnunetdnsparser.la \ | 29 | $(top_builddir)/src/dns/libgnunetdnsparser.la \ |
30 | $(top_builddir)/src/statistics/libgnunetstatistics.la \ | 30 | $(top_builddir)/src/statistics/libgnunetstatistics.la \ |
31 | $(top_builddir)/src/util/libgnunetutil.la \ | 31 | $(top_builddir)/src/util/libgnunetutil.la \ |
32 | $(top_builddir)/src/mesh/libgnunetmesh.la \ | 32 | $(top_builddir)/src/mesh/libgnunetmesh.la \ |
33 | $(GN_LIBINTL) | 33 | $(GN_LIBINTL) |
34 | 34 | ||
35 | if HAVE_MHD | 35 | if HAVE_MHD |
36 | if LINUX | 36 | if LINUX |
37 | VPN_TEST = \ | 37 | VPN_TEST = \ |
38 | test_gnunet_vpn-4_to_6 \ | 38 | test_gnunet_vpn-4_to_6 \ |
39 | test_gnunet_vpn-6_to_4 \ | 39 | test_gnunet_vpn-6_to_4 \ |
40 | test_gnunet_vpn-6_over \ | 40 | test_gnunet_vpn-6_over \ |
41 | test_gnunet_vpn-4_over \ | 41 | test_gnunet_vpn-4_over \ |
42 | test_gns_vpn | 42 | test_gns_vpn |
43 | endif | 43 | endif |
44 | endif | 44 | if MINGW |
45 | 45 | VPN_TEST = \ | |
46 | check_PROGRAMS = $(VPN_TEST) | 46 | test_gnunet_vpn-4_to_6 \ |
47 | 47 | test_gnunet_vpn-6_to_4 \ | |
48 | if ENABLE_TEST_RUN | 48 | test_gnunet_vpn-6_over \ |
49 | TESTS = $(check_PROGRAMS) | 49 | test_gnunet_vpn-4_over |
50 | endif | 50 | endif |
51 | 51 | endif | |
52 | EXTRA_DIST = \ | 52 | |
53 | test_gnunet_vpn.conf \ | 53 | check_PROGRAMS = $(VPN_TEST) |
54 | test_gns_vpn.conf | 54 | |
55 | 55 | if ENABLE_TEST_RUN | |
56 | 56 | TESTS = $(check_PROGRAMS) | |
57 | 57 | endif | |
58 | test_gns_vpn_SOURCES = \ | 58 | |
59 | test_gns_vpn.c | 59 | EXTRA_DIST = \ |
60 | test_gns_vpn_LDADD = -lmicrohttpd @LIBCURL@ \ | 60 | test_gnunet_vpn.conf \ |
61 | $(top_builddir)/src/namestore/libgnunetnamestore.la \ | 61 | test_gns_vpn.conf |
62 | $(top_builddir)/src/testing/libgnunettesting.la \ | 62 | |
63 | $(top_builddir)/src/util/libgnunetutil.la | 63 | |
64 | test_gns_vpn_CPPFLAGS = \ | 64 | |
65 | @LIBCURL_CPPFLAGS@ | 65 | test_gns_vpn_SOURCES = \ |
66 | 66 | test_gns_vpn.c | |
67 | test_gnunet_vpn_4_over_SOURCES = \ | 67 | test_gns_vpn_LDADD = -lmicrohttpd @LIBCURL@ \ |
68 | test_gnunet_vpn.c | 68 | $(top_builddir)/src/namestore/libgnunetnamestore.la \ |
69 | test_gnunet_vpn_4_over_LDADD = -lmicrohttpd @LIBCURL@ \ | 69 | $(top_builddir)/src/testing/libgnunettesting.la \ |
70 | $(top_builddir)/src/vpn/libgnunetvpn.la \ | 70 | $(top_builddir)/src/util/libgnunetutil.la |
71 | $(top_builddir)/src/testing/libgnunettesting.la \ | 71 | test_gns_vpn_CPPFLAGS = \ |
72 | $(top_builddir)/src/util/libgnunetutil.la | 72 | @LIBCURL_CPPFLAGS@ |
73 | test_gnunet_vpn_4_over_CPPFLAGS = \ | 73 | |
74 | @LIBCURL_CPPFLAGS@ | 74 | test_gnunet_vpn_4_over_SOURCES = \ |
75 | 75 | test_gnunet_vpn.c | |
76 | test_gnunet_vpn_6_over_SOURCES = \ | 76 | test_gnunet_vpn_4_over_LDADD = -lmicrohttpd @LIBCURL@ \ |
77 | test_gnunet_vpn.c | 77 | $(top_builddir)/src/vpn/libgnunetvpn.la \ |
78 | test_gnunet_vpn_6_over_LDADD = -lmicrohttpd @LIBCURL@ \ | 78 | $(top_builddir)/src/testing/libgnunettesting.la \ |
79 | $(top_builddir)/src/vpn/libgnunetvpn.la \ | 79 | $(top_builddir)/src/util/libgnunetutil.la |
80 | $(top_builddir)/src/testing/libgnunettesting.la \ | 80 | test_gnunet_vpn_4_over_CPPFLAGS = \ |
81 | $(top_builddir)/src/util/libgnunetutil.la | 81 | @LIBCURL_CPPFLAGS@ |
82 | test_gnunet_vpn_6_over_CPPFLAGS = \ | 82 | |
83 | @LIBCURL_CPPFLAGS@ | 83 | test_gnunet_vpn_6_over_SOURCES = \ |
84 | 84 | test_gnunet_vpn.c | |
85 | test_gnunet_vpn_4_to_6_SOURCES = \ | 85 | test_gnunet_vpn_6_over_LDADD = -lmicrohttpd @LIBCURL@ \ |
86 | test_gnunet_vpn.c | 86 | $(top_builddir)/src/vpn/libgnunetvpn.la \ |
87 | test_gnunet_vpn_4_to_6_LDADD = -lmicrohttpd @LIBCURL@ \ | 87 | $(top_builddir)/src/testing/libgnunettesting.la \ |
88 | $(top_builddir)/src/vpn/libgnunetvpn.la \ | 88 | $(top_builddir)/src/util/libgnunetutil.la |
89 | $(top_builddir)/src/testing/libgnunettesting.la \ | 89 | test_gnunet_vpn_6_over_CPPFLAGS = \ |
90 | $(top_builddir)/src/util/libgnunetutil.la | 90 | @LIBCURL_CPPFLAGS@ |
91 | test_gnunet_vpn_4_to_6_CPPFLAGS = \ | 91 | |
92 | @LIBCURL_CPPFLAGS@ | 92 | test_gnunet_vpn_4_to_6_SOURCES = \ |
93 | 93 | test_gnunet_vpn.c | |
94 | test_gnunet_vpn_6_to_4_SOURCES = \ | 94 | test_gnunet_vpn_4_to_6_LDADD = -lmicrohttpd @LIBCURL@ \ |
95 | test_gnunet_vpn.c | 95 | $(top_builddir)/src/vpn/libgnunetvpn.la \ |
96 | test_gnunet_vpn_6_to_4_LDADD = -lmicrohttpd @LIBCURL@ \ | 96 | $(top_builddir)/src/testing/libgnunettesting.la \ |
97 | $(top_builddir)/src/vpn/libgnunetvpn.la \ | 97 | $(top_builddir)/src/util/libgnunetutil.la |
98 | $(top_builddir)/src/testing/libgnunettesting.la \ | 98 | test_gnunet_vpn_4_to_6_CPPFLAGS = \ |
99 | $(top_builddir)/src/util/libgnunetutil.la | 99 | @LIBCURL_CPPFLAGS@ |
100 | test_gnunet_vpn_6_to_4_CPPFLAGS = \ | 100 | |
101 | @LIBCURL_CPPFLAGS@ | 101 | test_gnunet_vpn_6_to_4_SOURCES = \ |
102 | 102 | test_gnunet_vpn.c | |
103 | test_gnunet_vpn_6_to_4_LDADD = -lmicrohttpd @LIBCURL@ \ | ||
104 | $(top_builddir)/src/vpn/libgnunetvpn.la \ | ||
105 | $(top_builddir)/src/testing/libgnunettesting.la \ | ||
106 | $(top_builddir)/src/util/libgnunetutil.la | ||
107 | test_gnunet_vpn_6_to_4_CPPFLAGS = \ | ||
108 | @LIBCURL_CPPFLAGS@ | ||
109 | |||
diff --git a/src/pt/test_gns_vpn.c b/src/pt/test_gns_vpn.c index 6fe1e63a2..0ae875d0f 100644 --- a/src/pt/test_gns_vpn.c +++ b/src/pt/test_gns_vpn.c | |||
@@ -543,11 +543,11 @@ main (int argc, char *const *argv) | |||
543 | bin_dns = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-dns"); | 543 | bin_dns = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-dns"); |
544 | if ( (0 != geteuid ()) && | 544 | if ( (0 != geteuid ()) && |
545 | ( (GNUNET_YES != | 545 | ( (GNUNET_YES != |
546 | GNUNET_OS_check_helper_binary (bin_vpn)) || | 546 | GNUNET_OS_check_helper_binary (bin_vpn, TRUE, NULL)) || |
547 | (GNUNET_YES != | 547 | (GNUNET_YES != |
548 | GNUNET_OS_check_helper_binary (bin_exit)) || | 548 | GNUNET_OS_check_helper_binary (bin_exit, TRUE, NULL)) || |
549 | (GNUNET_YES != | 549 | (GNUNET_YES != |
550 | GNUNET_OS_check_helper_binary (bin_dns))) ) | 550 | GNUNET_OS_check_helper_binary (bin_dns, TRUE, NULL))) ) |
551 | { | 551 | { |
552 | fprintf (stderr, | 552 | fprintf (stderr, |
553 | "WARNING: gnunet-helper-{exit,vpn,dns} binaries in $PATH are not SUID, refusing to run test (as it would have to fail).\n"); | 553 | "WARNING: gnunet-helper-{exit,vpn,dns} binaries in $PATH are not SUID, refusing to run test (as it would have to fail).\n"); |
diff --git a/src/pt/test_gnunet_vpn.c b/src/pt/test_gnunet_vpn.c index c50837459..b6e8980c9 100644 --- a/src/pt/test_gnunet_vpn.c +++ b/src/pt/test_gnunet_vpn.c | |||
@@ -414,8 +414,8 @@ main (int argc, char *const *argv) | |||
414 | exit_binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-exit.exe"); | 414 | exit_binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-exit.exe"); |
415 | fprintf (stderr,"%s\n", vpn_binary); | 415 | fprintf (stderr,"%s\n", vpn_binary); |
416 | fprintf (stderr,"%s\n", exit_binary); | 416 | fprintf (stderr,"%s\n", exit_binary); |
417 | if ((GNUNET_YES != (ret = GNUNET_OS_check_helper_binary (vpn_binary))) || | 417 | if ((GNUNET_YES != (ret = GNUNET_OS_check_helper_binary (vpn_binary, TRUE, NULL))) || // FIXME: CF: add test-parameters |
418 | (GNUNET_YES != (ret = GNUNET_OS_check_helper_binary (exit_binary)))) | 418 | (GNUNET_YES != (ret = GNUNET_OS_check_helper_binary (exit_binary, TRUE, NULL)))) // FIXME: CF: add test-parameters |
419 | { | 419 | { |
420 | GNUNET_free (vpn_binary); | 420 | GNUNET_free (vpn_binary); |
421 | GNUNET_free (exit_binary); | 421 | GNUNET_free (exit_binary); |
diff --git a/src/transport/plugin_transport_wlan.c b/src/transport/plugin_transport_wlan.c index 9e2a0ff77..29070560e 100644 --- a/src/transport/plugin_transport_wlan.c +++ b/src/transport/plugin_transport_wlan.c | |||
@@ -1739,7 +1739,7 @@ libgnunet_plugin_transport_wlan_init (void *cls) | |||
1739 | } | 1739 | } |
1740 | binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-transport-wlan"); | 1740 | binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-transport-wlan"); |
1741 | if ( (0 == testmode) && | 1741 | if ( (0 == testmode) && |
1742 | (GNUNET_YES != GNUNET_OS_check_helper_binary (binary)) ) | 1742 | (GNUNET_YES != GNUNET_OS_check_helper_binary (binary, TRUE, NULL)) ) |
1743 | { | 1743 | { |
1744 | LOG (GNUNET_ERROR_TYPE_ERROR, | 1744 | LOG (GNUNET_ERROR_TYPE_ERROR, |
1745 | _("Helper binary `%s' not SUID, cannot run WLAN transport\n"), | 1745 | _("Helper binary `%s' not SUID, cannot run WLAN transport\n"), |
diff --git a/src/util/os_installation.c b/src/util/os_installation.c index b63a19d2e..8445fd1cc 100644 --- a/src/util/os_installation.c +++ b/src/util/os_installation.c | |||
@@ -654,12 +654,17 @@ GNUNET_OS_get_libexec_binary_path (const char *progname) | |||
654 | * | 654 | * |
655 | * @param binary the name of the file to check. | 655 | * @param binary the name of the file to check. |
656 | * W32: must not have an .exe suffix. | 656 | * W32: must not have an .exe suffix. |
657 | * @return GNUNET_YES if the file is SUID, | 657 | * @param check_suid input true if the binary should be checked for SUID (*nix) |
658 | * GNUNET_NO if not SUID (but binary exists) | 658 | * W32: checks if the program has sufficient privileges by executing this |
659 | * binary with the -d flag. -d omits a programs main loop and only | ||
660 | * executes all privileged operations in an binary. | ||
661 | * @param params parameters used for w32 privilege checking (can be NULL for != w32 ) | ||
662 | * @return GNUNET_YES if the file is SUID (*nix) or can be executed with current privileges (W32), | ||
663 | * GNUNET_NO if not SUID (but binary exists), | ||
659 | * GNUNET_SYSERR on error (no such binary or not executable) | 664 | * GNUNET_SYSERR on error (no such binary or not executable) |
660 | */ | 665 | */ |
661 | int | 666 | int |
662 | GNUNET_OS_check_helper_binary (const char *binary) | 667 | GNUNET_OS_check_helper_binary (const char *binary, const boolean check_suid, const char *params) |
663 | { | 668 | { |
664 | struct stat statbuf; | 669 | struct stat statbuf; |
665 | char *p; | 670 | char *p; |
@@ -725,24 +730,62 @@ GNUNET_OS_check_helper_binary (const char *binary) | |||
725 | GNUNET_free (p); | 730 | GNUNET_free (p); |
726 | return GNUNET_SYSERR; | 731 | return GNUNET_SYSERR; |
727 | } | 732 | } |
733 | if (check_suid){ | ||
728 | #ifndef MINGW | 734 | #ifndef MINGW |
729 | if ((0 != (statbuf.st_mode & S_ISUID)) && (0 == statbuf.st_uid)) | 735 | if ((0 != (statbuf.st_mode & S_ISUID)) && (0 == statbuf.st_uid)) |
730 | { | 736 | { |
731 | GNUNET_free (p); | 737 | GNUNET_free (p); |
732 | return GNUNET_YES; | 738 | return GNUNET_YES; |
733 | } | 739 | } |
734 | /* binary exists, but not SUID */ | 740 | /* binary exists, but not SUID */ |
735 | #else | 741 | #else |
736 | return GNUNET_YES; | 742 | STARTUPINFO start; |
737 | /* FIXME: | 743 | char parameters[512]; |
738 | * no suid for windows possible! | 744 | PROCESS_INFORMATION proc; |
739 | * permissions-checking is too specific(as in non-portable) | 745 | DWORD exit_value; |
740 | * user/group checking is pointless (users/applications can drop privileges) | 746 | |
741 | * using token checking for elevated permissions would limit gnunet | 747 | GNUNET_snprintf (¶meters, 512, "-d %s", params); |
742 | * to run only on winserver 2008 and 2012! | 748 | memset (&start, 0, sizeof (start)); |
743 | * | 749 | start.cb = sizeof (start); |
744 | * thus, ad add "dryrun" checking */ | 750 | memset (&proc, 0, sizeof (proc)); |
751 | |||
752 | |||
753 | // Start the child process. | ||
754 | if ( ! (CreateProcess( p, // current windows (2k3 and up can handle / instead of \ in paths)) | ||
755 | parameters, // execute dryrun/priviliege checking mode | ||
756 | NULL, // Process handle not inheritable | ||
757 | NULL, // Thread handle not inheritable | ||
758 | FALSE, // Set handle inheritance to FALSE | ||
759 | CREATE_DEFAULT_ERROR_MODE, // No creation flags | ||
760 | NULL, // Use parent's environment block | ||
761 | NULL, // Use parent's starting directory | ||
762 | &start, // Pointer to STARTUPINFO structure | ||
763 | &proc ) // Pointer to PROCESS_INFORMATION structure | ||
764 | )) | ||
765 | { | ||
766 | LOG (GNUNET_ERROR_TYPE_ERROR, | ||
767 | _("CreateProcess failed for binary %s (%d).\n"), | ||
768 | p, GetLastError()); | ||
769 | return GNUNET_SYSERR; | ||
770 | } | ||
771 | |||
772 | // Wait until child process exits. | ||
773 | WaitForSingleObject( proc.hProcess, INFINITE ); | ||
774 | |||
775 | if ( ! GetExitCodeProcess (proc.hProcess, &exit_value)){ | ||
776 | LOG (GNUNET_ERROR_TYPE_ERROR, | ||
777 | _("GetExitCodeProcess failed for binary %s (%d).\n"), | ||
778 | p, GetLastError() ); | ||
779 | return GNUNET_SYSERR; | ||
780 | } | ||
781 | // Close process and thread handles. | ||
782 | CloseHandle( proc.hProcess ); | ||
783 | CloseHandle( proc.hThread ); | ||
784 | |||
785 | if (!exit_value) | ||
786 | return GNUNET_YES; | ||
745 | #endif | 787 | #endif |
788 | } | ||
746 | GNUNET_free (p); | 789 | GNUNET_free (p); |
747 | return GNUNET_NO; | 790 | return GNUNET_NO; |
748 | } | 791 | } |
diff --git a/src/util/os_priority.c b/src/util/os_priority.c index b8b854963..e86de968a 100644 --- a/src/util/os_priority.c +++ b/src/util/os_priority.c | |||
@@ -634,7 +634,7 @@ start_process (int pipe_control, | |||
634 | int fd_stdin_read; | 634 | int fd_stdin_read; |
635 | int fd_stdin_write; | 635 | int fd_stdin_write; |
636 | 636 | ||
637 | if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary (filename)) | 637 | if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary (filename, FALSE, NULL)) |
638 | return NULL; /* not executable */ | 638 | return NULL; /* not executable */ |
639 | if (GNUNET_YES == pipe_control) | 639 | if (GNUNET_YES == pipe_control) |
640 | { | 640 | { |
@@ -865,7 +865,7 @@ start_process (int pipe_control, | |||
865 | BOOL bresult; | 865 | BOOL bresult; |
866 | DWORD error_code; | 866 | DWORD error_code; |
867 | 867 | ||
868 | if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary (filename)) | 868 | if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary (filename, FALSE, NULL)) |
869 | return NULL; /* not executable */ | 869 | return NULL; /* not executable */ |
870 | 870 | ||
871 | /* Search in prefix dir (hopefully - the directory from which | 871 | /* Search in prefix dir (hopefully - the directory from which |
diff --git a/src/vpn/gnunet-helper-vpn-windows.c b/src/vpn/gnunet-helper-vpn-windows.c index 5166a055c..7dee53609 100644 --- a/src/vpn/gnunet-helper-vpn-windows.c +++ b/src/vpn/gnunet-helper-vpn-windows.c | |||
@@ -63,9 +63,9 @@ | |||
63 | #endif | 63 | #endif |
64 | 64 | ||
65 | /** | 65 | /** |
66 | * Will this binary be run in dryrun-mode? | 66 | * Will this binary be run in permissions testing mode? |
67 | */ | 67 | */ |
68 | static BOOL dryrun = FALSE; | 68 | static boolean privilege_testing = FALSE; |
69 | 69 | ||
70 | /** | 70 | /** |
71 | * Maximum size of a GNUnet message (GNUNET_SERVER_MAX_MESSAGE_SIZE) | 71 | * Maximum size of a GNUnet message (GNUNET_SERVER_MAX_MESSAGE_SIZE) |
@@ -1356,8 +1356,8 @@ run (HANDLE tap_handle) | |||
1356 | * DHCP and such are all features we will never use in gnunet afaik. | 1356 | * DHCP and such are all features we will never use in gnunet afaik. |
1357 | * But for openvpn those are essential. | 1357 | * But for openvpn those are essential. |
1358 | */ | 1358 | */ |
1359 | if (! tun_up (tap_handle)) | 1359 | if ((privilege_testing) || (! tun_up (tap_handle)) |
1360 | return; | 1360 | goto teardown_final; |
1361 | 1361 | ||
1362 | /* Initialize our overlapped IO structures*/ | 1362 | /* Initialize our overlapped IO structures*/ |
1363 | if (! (initialize_io_facility (&tap_read, IOSTATE_READY, FALSE) | 1363 | if (! (initialize_io_facility (&tap_read, IOSTATE_READY, FALSE) |
@@ -1412,9 +1412,6 @@ run (HANDLE tap_handle) | |||
1412 | } | 1412 | } |
1413 | #endif | 1413 | #endif |
1414 | 1414 | ||
1415 | if (dryrun) | ||
1416 | goto teardown; | ||
1417 | |||
1418 | fprintf (stderr, "DEBUG: mainloop has begun\n"); | 1415 | fprintf (stderr, "DEBUG: mainloop has begun\n"); |
1419 | 1416 | ||
1420 | while (std_out.path_open || tap_write.path_open) | 1417 | while (std_out.path_open || tap_write.path_open) |
@@ -1441,9 +1438,7 @@ teardown: | |||
1441 | CancelIo (tap_handle); | 1438 | CancelIo (tap_handle); |
1442 | CancelIo (std_in.handle); | 1439 | CancelIo (std_in.handle); |
1443 | CancelIo (std_out.handle); | 1440 | CancelIo (std_out.handle); |
1444 | |||
1445 | teardown_final: | 1441 | teardown_final: |
1446 | |||
1447 | CloseHandle (tap_handle); | 1442 | CloseHandle (tap_handle); |
1448 | } | 1443 | } |
1449 | 1444 | ||
@@ -1470,8 +1465,8 @@ main (int argc, char **argv) | |||
1470 | BOOL have_ip6 = FALSE; | 1465 | BOOL have_ip6 = FALSE; |
1471 | 1466 | ||
1472 | if (argc > 1 && 0 != strcmp (argv[1], "-d")){ | 1467 | if (argc > 1 && 0 != strcmp (argv[1], "-d")){ |
1473 | dryrun = TRUE; | 1468 | privilege_testing = TRUE; |
1474 | fprintf (stderr, "DEBUG: Running binary in dryrun mode.", argv[0]); | 1469 | fprintf (stderr, "DEBUG: Running binary in privilege testing mode.", argv[0]); |
1475 | argv++; | 1470 | argv++; |
1476 | argc--; | 1471 | argc--; |
1477 | } | 1472 | } |
diff --git a/src/vpn/gnunet-service-vpn.c b/src/vpn/gnunet-service-vpn.c index 1a46f0b5e..e3bc8a49c 100644 --- a/src/vpn/gnunet-service-vpn.c +++ b/src/vpn/gnunet-service-vpn.c | |||
@@ -3062,7 +3062,7 @@ run (void *cls, | |||
3062 | binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-vpn"); | 3062 | binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-vpn"); |
3063 | 3063 | ||
3064 | if (GNUNET_YES != | 3064 | if (GNUNET_YES != |
3065 | GNUNET_OS_check_helper_binary (binary)) | 3065 | GNUNET_OS_check_helper_binary (binary, TRUE, NULL)) // FIXME: CF: add test-parameters |
3066 | { | 3066 | { |
3067 | fprintf (stderr, | 3067 | fprintf (stderr, |
3068 | "`%s' is not SUID, refusing to run.\n", | 3068 | "`%s' is not SUID, refusing to run.\n", |