From: lurchi Date: Sat, 29 Jun 2019 10:59:02 +0000 (+0200) Subject: use GNUNET_OS_get_suid_binary_path to construct suid helper paths X-Git-Tag: v0.11.6~54 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=8c057274e457ad64aefaf2e3d08925617c928752;p=oweals%2Fgnunet.git use GNUNET_OS_get_suid_binary_path to construct suid helper paths --- diff --git a/src/dns/gnunet-service-dns.c b/src/dns/gnunet-service-dns.c index a63205ebf..dc9f37377 100644 --- a/src/dns/gnunet-service-dns.c +++ b/src/dns/gnunet-service-dns.c @@ -1082,7 +1082,8 @@ run (void *cls, _("need a valid IPv4 or IPv6 address\n")); GNUNET_free_non_null (dns_exit); } - binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-dns"); + binary = GNUNET_OS_get_suid_binary_path (cfg, "gnunet-helper-dns"); + if (GNUNET_YES != GNUNET_OS_check_helper_binary (binary, GNUNET_YES, @@ -1106,6 +1107,7 @@ run (void *cls, { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No entry 'IFNAME' in configuration!\n"); + GNUNET_free (binary); GNUNET_SCHEDULER_shutdown (); return; } @@ -1118,6 +1120,7 @@ run (void *cls, { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No entry 'IPV6ADDR' in configuration!\n"); + GNUNET_free (binary); GNUNET_SCHEDULER_shutdown (); return; } @@ -1130,6 +1133,7 @@ run (void *cls, { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No entry 'IPV6PREFIX' in configuration!\n"); + GNUNET_free (binary); GNUNET_SCHEDULER_shutdown (); return; } @@ -1143,6 +1147,7 @@ run (void *cls, { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No entry 'IPV4ADDR' in configuration!\n"); + GNUNET_free (binary); GNUNET_SCHEDULER_shutdown (); return; } @@ -1153,6 +1158,7 @@ run (void *cls, { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No entry 'IPV4MASK' in configuration!\n"); + GNUNET_free (binary); GNUNET_SCHEDULER_shutdown (); return; } @@ -1167,10 +1173,11 @@ run (void *cls, helper_argv[7] = NULL; hijacker = GNUNET_HELPER_start (GNUNET_NO, - "gnunet-helper-dns", + binary, helper_argv, &process_helper_messages, NULL, NULL); + GNUNET_free (binary); } diff --git a/src/exit/gnunet-daemon-exit.c b/src/exit/gnunet-daemon-exit.c index 5bcf53f57..ed49a5297 100644 --- a/src/exit/gnunet-daemon-exit.c +++ b/src/exit/gnunet-daemon-exit.c @@ -3790,9 +3790,9 @@ run (void *cls, &max_connections)) max_connections = 1024; parse_ip_options (); + binary = GNUNET_OS_get_suid_binary_path (cfg, "gnunet-helper-exit"); if ( (ipv4_exit) || (ipv6_exit) ) { - binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-exit"); if (GNUNET_YES != GNUNET_OS_check_helper_binary (binary, GNUNET_YES, @@ -3807,10 +3807,10 @@ run (void *cls, global_ret = 1; return; } - GNUNET_free (binary); } if (! (ipv4_enabled || ipv6_enabled)) { + GNUNET_free (binary); GNUNET_log (GNUNET_ERROR_TYPE_ERROR, _("No useful service enabled. Exiting.\n")); GNUNET_SCHEDULER_shutdown (); @@ -3824,6 +3824,7 @@ run (void *cls, cadet_handle = GNUNET_CADET_connect (cfg); if (NULL == cadet_handle) { + GNUNET_free (binary); GNUNET_SCHEDULER_shutdown (); return; } @@ -3831,6 +3832,7 @@ run (void *cls, if (GNUNET_OK != setup_exit_helper_args ()) { + GNUNET_free (binary); GNUNET_SCHEDULER_shutdown (); return; } @@ -3927,11 +3929,12 @@ run (void *cls, } } helper_handle = GNUNET_HELPER_start (GNUNET_NO, - "gnunet-helper-exit", + binary, exit_argv, &message_token, NULL, NULL); + GNUNET_free (binary); } diff --git a/src/nat/gnunet-service-nat.c b/src/nat/gnunet-service-nat.c index 8d771f474..2498a990a 100644 --- a/src/nat/gnunet-service-nat.c +++ b/src/nat/gnunet-service-nat.c @@ -1063,7 +1063,8 @@ run_scan (void *cls) sizeof (*s4))); pos->hc = GN_start_gnunet_nat_server_ (&s4->sin_addr, &reversal_callback, - pos); + pos, + cfg); } } } @@ -1826,7 +1827,8 @@ handle_request_connection_reversal (void *cls, GNUNET_break_op (AF_INET == r4.sin_family); ret = GN_request_connection_reversal (&l4.sin_addr, ntohs (l4.sin_port), - &r4.sin_addr); + &r4.sin_addr, + cfg); if (GNUNET_OK != ret) GNUNET_log (GNUNET_ERROR_TYPE_WARNING, _("Connection reversal request failed\n")); diff --git a/src/nat/gnunet-service-nat_helper.c b/src/nat/gnunet-service-nat_helper.c index 56090bcea..43ac54adf 100644 --- a/src/nat/gnunet-service-nat_helper.c +++ b/src/nat/gnunet-service-nat_helper.c @@ -74,6 +74,11 @@ struct HelperContext * stdout file handle (for reading) for the gnunet-helper-nat-server process */ const struct GNUNET_DISK_FileHandle *server_stdout_handle; + + /** + * Handle to the GNUnet configuration + */ + const struct GNUNET_CONFIGURATION_Handle *cfg; }; @@ -227,8 +232,7 @@ restart_nat_server (void *cls) ia, sizeof (ia))); /* Start the server process */ - binary - = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-nat-server"); + binary = GNUNET_OS_get_suid_binary_path (h->cfg, "gnunet-helper-nat-server"); if (GNUNET_YES != GNUNET_OS_check_helper_binary (binary, GNUNET_YES, @@ -298,12 +302,14 @@ restart_nat_server (void *cls) * @param internal_address * @param cb function to call if we receive a request * @param cb_cls closure for @a cb + * @param cfg Handle to the GNUnet configuration * @return NULL on error */ struct HelperContext * GN_start_gnunet_nat_server_ (const struct in_addr *internal_address, GN_ReversalCallback cb, - void *cb_cls) + void *cb_cls, + const struct GNUNET_CONFIGURATION_Handle *cfg) { struct HelperContext *h; @@ -311,6 +317,7 @@ GN_start_gnunet_nat_server_ (const struct in_addr *internal_address, h->cb = cb; h->cb_cls = cb_cls; h->internal_address = *internal_address; + h->cfg = cfg; restart_nat_server (h); if (NULL == h->server_stdout) { @@ -366,13 +373,15 @@ GN_stop_gnunet_nat_server_ (struct HelperContext *h) * @param internal_address out internal address to use * @param internal_port port to use * @param remote_v4 the address of the peer (IPv4-only) + * @param cfg handle to the GNUnet configuration * @return #GNUNET_SYSERR on error, * #GNUNET_OK otherwise */ int GN_request_connection_reversal (const struct in_addr *internal_address, uint16_t internal_port, - const struct in_addr *remote_v4) + const struct in_addr *remote_v4, + const struct GNUNET_CONFIGURATION_Handle *cfg) { char intv4[INET_ADDRSTRLEN]; char remv4[INET_ADDRSTRLEN]; @@ -407,8 +416,7 @@ GN_request_connection_reversal (const struct in_addr *internal_address, intv4, remv4, internal_port); - binary - = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-nat-client"); + binary = GNUNET_OS_get_suid_binary_path (cfg, "gnunet-helper-nat-client"); proc = GNUNET_OS_start_process (GNUNET_NO, 0, diff --git a/src/nat/gnunet-service-nat_helper.h b/src/nat/gnunet-service-nat_helper.h index d9294d949..4c39a374c 100644 --- a/src/nat/gnunet-service-nat_helper.h +++ b/src/nat/gnunet-service-nat_helper.h @@ -53,12 +53,14 @@ typedef void * @param internal_address * @param cb function to call if we receive a request * @param cb_cls closure for @a cb + * @param cfg handle to the GNUnet configuration * @return NULL on error */ struct HelperContext * GN_start_gnunet_nat_server_ (const struct in_addr *internal_address, GN_ReversalCallback cb, - void *cb_cls); + void *cb_cls, + const struct GNUNET_CONFIGURATION_Handle *cfg); /** @@ -79,13 +81,15 @@ GN_stop_gnunet_nat_server_ (struct HelperContext *h); * @param internal_address out internal address to use * @param internal_port internal port to use * @param remote_v4 the address of the peer (IPv4-only) + * @param cfg handle to the GNUnet configuration * @return #GNUNET_SYSERR on error, * #GNUNET_OK otherwise */ int GN_request_connection_reversal (const struct in_addr *internal_address, uint16_t internal_port, - const struct in_addr *sa); + const struct in_addr *remote_v4, + const struct GNUNET_CONFIGURATION_Handle *cfg); /* end of gnunet-service-nat_helper.h */ diff --git a/src/vpn/gnunet-service-vpn.c b/src/vpn/gnunet-service-vpn.c index 91bc13fd8..f48022b5f 100644 --- a/src/vpn/gnunet-service-vpn.c +++ b/src/vpn/gnunet-service-vpn.c @@ -2936,7 +2936,8 @@ run (void *cls, struct in6_addr v6; char *binary; - binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-vpn"); + cfg = cfg_; + binary = GNUNET_OS_get_suid_binary_path (cfg, "gnunet-helper-vpn"); if (GNUNET_YES != GNUNET_OS_check_helper_binary (binary, @@ -2953,8 +2954,6 @@ run (void *cls, anything either */ return; } - GNUNET_free (binary); - cfg = cfg_; stats = GNUNET_STATISTICS_create ("vpn", cfg); if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_number (cfg, @@ -2980,6 +2979,7 @@ run (void *cls, GNUNET_CONFIGURATION_get_value_string (cfg, "VPN", "IFNAME", &ifname)) { GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, "VPN", "IFNAME"); + GNUNET_free (binary); GNUNET_SCHEDULER_shutdown (); return; } @@ -2994,6 +2994,7 @@ run (void *cls, { GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, "VPN", "IPV6ADDR", _("Must specify valid IPv6 address")); + GNUNET_free (binary); GNUNET_SCHEDULER_shutdown (); GNUNET_free_non_null (ipv6addr); return; @@ -3005,6 +3006,7 @@ run (void *cls, &ipv6prefix_s)) { GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, "VPN", "IPV6PREFIX"); + GNUNET_free (binary); GNUNET_SCHEDULER_shutdown (); GNUNET_free_non_null (ipv6prefix_s); return; @@ -3018,6 +3020,7 @@ run (void *cls, { GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, "VPN", "IPV4MASK", _("Must specify valid IPv6 mask")); + GNUNET_free (binary); GNUNET_SCHEDULER_shutdown (); return; } @@ -3039,6 +3042,7 @@ run (void *cls, { GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, "VPN", "IPV4ADDR", _("Must specify valid IPv4 address")); + GNUNET_free (binary); GNUNET_SCHEDULER_shutdown (); GNUNET_free_non_null (ipv4addr); return; @@ -3052,6 +3056,7 @@ run (void *cls, { GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, "VPN", "IPV4MASK", _("Must specify valid IPv4 mask")); + GNUNET_free (binary); GNUNET_SCHEDULER_shutdown (); GNUNET_free_non_null (ipv4mask); return; @@ -3070,8 +3075,12 @@ run (void *cls, cadet_handle = GNUNET_CADET_connect (cfg_); // FIXME never opens ports??? helper_handle = GNUNET_HELPER_start (GNUNET_NO, - "gnunet-helper-vpn", vpn_argv, - &message_token, NULL, NULL); + binary, + vpn_argv, + &message_token, + NULL, + NULL); + GNUNET_free (binary); GNUNET_SCHEDULER_add_shutdown (&cleanup, NULL); }