-removing legacy dns/vpn/exit code and renaming -new versions to current

[oweals/gnunet.git] / src / vpn / gnunet-helper-vpn.c

diff --git a/src/vpn/gnunet-helper-vpn.c b/src/vpn/gnunet-helper-vpn.c
index 698c46f1d432752187d6f8ca1df28658156def5c..b93ce2382fd3c261c9a76e9ea8092035c86afede 100644 (file)
--- a/src/vpn/gnunet-helper-vpn.c
+++ b/src/vpn/gnunet-helper-vpn.c
@@ -61,10 +61,12 @@ struct in6_ifreq
 };
 #endif
 
+
 /**
  * Creates a tun-interface called dev;
+ *
  * @param dev is asumed to point to a char[IFNAMSIZ]
- *        if *dev == '\\0', uses the name supplied by the kernel
+ *        if *dev == '\\0', uses the name supplied by the kernel;
  * @return the fd to the tun or -1 on error
  */
 static int
@@ -81,8 +83,8 @@ init_tun (char *dev)
 
   if (-1 == (fd = open ("/dev/net/tun", O_RDWR)))
   {
-    fprintf (stderr,
-             "Error opening `%s': %s\n", "/dev/net/tun", strerror (errno));
+    fprintf (stderr, "Error opening `%s': %s\n", "/dev/net/tun",
+             strerror (errno));
     return -1;
   }
 
@@ -100,10 +102,9 @@ init_tun (char *dev)
 
   if (-1 == ioctl (fd, TUNSETIFF, (void *) &ifr))
   {
-    fprintf (stderr,
-             "Error with ioctl on `%s': %s\n",
-             "/dev/net/tun", strerror (errno));
-    close (fd);
+    fprintf (stderr, "Error with ioctl on `%s': %s\n", "/dev/net/tun",
+             strerror (errno));
+    (void) close (fd);
     return -1;
   }
   strcpy (dev, ifr.ifr_name);
@@ -130,10 +131,11 @@ set_address6 (const char *dev, const char *address, unsigned long prefix_len)
    * parse the new address
    */
   memset (&sa6, 0, sizeof (struct sockaddr_in6));
+  sa6.sin6_family = AF_INET6;
   if (1 != inet_pton (AF_INET6, address, sa6.sin6_addr.s6_addr))
   {
-    fprintf (stderr,
-             "Failed to parse address `%s': %s\n", address, strerror (errno));
+    fprintf (stderr, "Failed to parse address `%s': %s\n", address,
+             strerror (errno));
     exit (1);
   }
 
@@ -143,10 +145,7 @@ set_address6 (const char *dev, const char *address, unsigned long prefix_len)
     exit (1);
   }
 
-  sa6.sin6_family = AF_INET6;
-  memcpy (&ifr6.ifr6_addr, &sa6.sin6_addr, sizeof (struct in6_addr));
-
-
+  memset (&ifr, 0, sizeof (struct ifreq));
   /*
    * Get the index of the if
    */
@@ -154,10 +153,13 @@ set_address6 (const char *dev, const char *address, unsigned long prefix_len)
   if (-1 == ioctl (fd, SIOGIFINDEX, &ifr))
   {
     fprintf (stderr, "ioctl failed at %d: %s\n", __LINE__, strerror (errno));
+    (void) close (fd);
     exit (1);
   }
-  ifr6.ifr6_ifindex = ifr.ifr_ifindex;
 
+  memset (&ifr6, 0, sizeof (struct in6_ifreq));
+  ifr6.ifr6_addr = sa6.sin6_addr;
+  ifr6.ifr6_ifindex = ifr.ifr_ifindex;
   ifr6.ifr6_prefixlen = prefix_len;
 
   /*
@@ -165,8 +167,9 @@ set_address6 (const char *dev, const char *address, unsigned long prefix_len)
    */
   if (-1 == ioctl (fd, SIOCSIFADDR, &ifr6))
   {
-    fprintf (stderr,
-             "ioctl failed at line %d: %s\n", __LINE__, strerror (errno));
+    fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
+             strerror (errno));
+    (void) close (fd);
     exit (1);
   }
 
@@ -175,8 +178,9 @@ set_address6 (const char *dev, const char *address, unsigned long prefix_len)
    */
   if (-1 == ioctl (fd, SIOCGIFFLAGS, &ifr))
   {
-    fprintf (stderr,
-             "ioctl failed at line %d: %s\n", __LINE__, strerror (errno));
+    fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
+             strerror (errno));
+    (void) close (fd);
     exit (1);
   }
 
@@ -186,8 +190,9 @@ set_address6 (const char *dev, const char *address, unsigned long prefix_len)
   ifr.ifr_flags |= IFF_UP | IFF_RUNNING;
   if (-1 == ioctl (fd, SIOCSIFFLAGS, &ifr))
   {
-    fprintf (stderr,
-             "ioctl failed at line %d: %s\n", __LINE__, strerror (errno));
+    fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
+             strerror (errno));
+    (void) close (fd);
     exit (1);
   }
 
@@ -215,21 +220,18 @@ set_address4 (const char *dev, const char *address, const char *mask)
 
   memset (&ifr, 0, sizeof (struct ifreq));
   addr = (struct sockaddr_in *) &(ifr.ifr_addr);
-  memset (addr, 0, sizeof (struct sockaddr_in));
   addr->sin_family = AF_INET;
-  addr->sin_addr.s_addr = inet_addr (address);
 
   /*
    * Parse the address
    */
   if (1 != inet_pton (AF_INET, address, &addr->sin_addr.s_addr))
   {
-    fprintf (stderr,
-             "Failed to parse address `%s': %s\n", address, strerror (errno));
+    fprintf (stderr, "Failed to parse address `%s': %s\n", address,
+             strerror (errno));
     exit (1);
   }
 
-
   if (-1 == (fd = socket (PF_INET, SOCK_DGRAM, 0)))
   {
     fprintf (stderr, "Error creating socket: %s\n", strerror (errno));
@@ -244,6 +246,7 @@ set_address4 (const char *dev, const char *address, const char *mask)
   if (-1 == ioctl (fd, SIOCSIFADDR, &ifr))
   {
     fprintf (stderr, "ioctl failed at %d: %s\n", __LINE__, strerror (errno));
+    (void) close (fd);
     exit (1);
   }
 
@@ -253,8 +256,9 @@ set_address4 (const char *dev, const char *address, const char *mask)
   addr = (struct sockaddr_in *) &(ifr.ifr_netmask);
   if (1 != inet_pton (AF_INET, mask, &addr->sin_addr.s_addr))
   {
-    fprintf (stderr,
-             "Failed to parse address `%s': %s\n", mask, strerror (errno));
+    fprintf (stderr, "Failed to parse address `%s': %s\n", mask,
+             strerror (errno));
+    (void) close (fd);
     exit (1);
   }
 
@@ -263,8 +267,9 @@ set_address4 (const char *dev, const char *address, const char *mask)
    */
   if (-1 == ioctl (fd, SIOCSIFNETMASK, &ifr))
   {
-    fprintf (stderr,
-             "ioctl failed at line %d: %s\n", __LINE__, strerror (errno));
+    fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
+             strerror (errno));
+    (void) close (fd);
     exit (1);
   }
 
@@ -273,8 +278,9 @@ set_address4 (const char *dev, const char *address, const char *mask)
    */
   if (-1 == ioctl (fd, SIOCGIFFLAGS, &ifr))
   {
-    fprintf (stderr,
-             "ioctl failed at line %d: %s\n", __LINE__, strerror (errno));
+    fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
+             strerror (errno));
+    (void) close (fd);
     exit (1);
   }
 
@@ -284,19 +290,26 @@ set_address4 (const char *dev, const char *address, const char *mask)
   ifr.ifr_flags |= IFF_UP | IFF_RUNNING;
   if (-1 == ioctl (fd, SIOCSIFFLAGS, &ifr))
   {
-    fprintf (stderr,
-             "ioctl failed at line %d: %s\n", __LINE__, strerror (errno));
+    fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
+             strerror (errno));
+    (void) close (fd);
     exit (1);
   }
 
   if (0 != close (fd))
   {
     fprintf (stderr, "close failed: %s\n", strerror (errno));
+    (void) close (fd);
     exit (1);
   }
 }
 
 
+/**
+ * Start forwarding to and from the tunnel.
+ *
+ * @param fd_tun tunnel FD
+ */
 static void
 run (int fd_tun)
 {
@@ -305,7 +318,7 @@ run (int fd_tun)
    */
   unsigned char buftun[MAX_SIZE];
   ssize_t buftun_size = 0;
-  unsigned char *buftun_read;
+  unsigned char *buftun_read = NULL;
 
   /*
    * The buffer filled by reading from stdin
@@ -499,11 +512,23 @@ PROCESS_BUFFER:
 }
 
 
+/**
+ * Open VPN tunnel interface.
+ *
+ * @param argc must be 6
+ * @param argv 0: binary name (gnunet-helper-vpn)
+ *             1: tunnel interface name (gnunet-vpn)
+ *             2: IPv6 address (::1)
+ *             3: IPv6 netmask length in bits (64)
+ *             4: IPv4 address (1.2.3.4)
+ *             5: IPv4 netmask (255.255.0.0)
+ */
 int
 main (int argc, char **argv)
 {
   char dev[IFNAMSIZ];
   int fd_tun;
+  int global_ret;
 
   if (6 != argc)
   {
@@ -539,15 +564,33 @@ main (int argc, char **argv)
 
     set_address4 (dev, address, mask);
   }
-
+  
   uid_t uid = getuid ();
-
+#ifdef HAVE_SETRESUID
   if (0 != setresuid (uid, uid, uid))
+  {
     fprintf (stderr, "Failed to setresuid: %s\n", strerror (errno));
+    global_ret = 2;
+    goto cleanup;
+  }
+#else
+  if (0 != (setuid (uid) | seteuid (uid)))
+  {
+    fprintf (stderr, "Failed to setuid: %s\n", strerror (errno));
+    global_ret = 2;
+    goto cleanup;
+  }
+#endif
+
   if (SIG_ERR == signal (SIGPIPE, SIG_IGN))
-    fprintf (stderr,
-             "Failed to protect against SIGPIPE: %s\n", strerror (errno));
+  {
+    fprintf (stderr, "Failed to protect against SIGPIPE: %s\n",
+             strerror (errno));
+    /* no exit, we might as well die with SIGPIPE should it ever happen */
+  }
   run (fd_tun);
+  global_ret = 0;
+ cleanup:
   close (fd_tun);
-  return 0;
+  return global_ret;
 }