From: Christian Grothoff Date: Wed, 18 Jan 2012 12:47:52 +0000 (+0000) Subject: -fixing #2082 -- allow iptables/ip/sysctl to also be in /usr/sbin X-Git-Tag: initial-import-from-subversion-38251~15239 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=eaed2cc24c95f9c6188182b1373459d0855015b1;p=oweals%2Fgnunet.git -fixing #2082 -- allow iptables/ip/sysctl to also be in /usr/sbin --- diff --git a/src/dns/gnunet-helper-dns.c b/src/dns/gnunet-helper-dns.c index 56b8713cf..73536c252 100644 --- a/src/dns/gnunet-helper-dns.c +++ b/src/dns/gnunet-helper-dns.c @@ -95,12 +95,12 @@ struct in6_ifreq /** * Name and full path of IPTABLES binary. */ -#define SBIN_IPTABLES "/sbin/iptables" +static const char *sbin_iptables; /** * Name and full path of IPTABLES binary. */ -#define SBIN_IP "/sbin/ip" +static const char *sbin_ip; /** * Port for DNS traffic. @@ -685,19 +685,25 @@ main (int argc, char *const*argv) } /* verify that the binaries were care about are executable */ - if (0 != access (SBIN_IPTABLES, X_OK)) + if (0 == access ("/sbin/iptables", X_OK)) + sbin_iptables = "/sbin/iptables"; + else if (0 == access ("/usr/sbin/iptables", X_OK)) + sbin_iptables = "/usr/sbin/iptables"; + else { fprintf (stderr, - "`%s' is not executable: %s\n", - SBIN_IPTABLES, + "Fatal: executable iptables not found in approved directories: %s\n", strerror (errno)); return 3; } - if (0 != access (SBIN_IP, X_OK)) + if (0 == access ("/sbin/ip", X_OK)) + sbin_ip = "/sbin/ip"; + else if (0 == access ("/usr/sbin/ip", X_OK)) + sbin_ip = "/usr/sbin/ip"; + else { - fprintf (stderr, - "`%s' is not executable: %s\n", - SBIN_IP, + fprintf (stderr, + "Fatal: executable ip not found in approved directories: %s\n", strerror (errno)); return 4; } @@ -825,7 +831,7 @@ main (int argc, char *const*argv) "udp", "--sport", localport, "--dport", DNS_PORT, "-j", "ACCEPT", NULL }; - if (0 != fork_and_exec (SBIN_IPTABLES, mangle_args)) + if (0 != fork_and_exec (sbin_iptables, mangle_args)) goto cleanup_rest; } /* Mark all of the other DNS traffic using our mark DNS_MARK */ @@ -836,7 +842,7 @@ main (int argc, char *const*argv) "udp", "--dport", DNS_PORT, "-j", "MARK", "--set-mark", DNS_MARK, NULL }; - if (0 != fork_and_exec (SBIN_IPTABLES, mark_args)) + if (0 != fork_and_exec (sbin_iptables, mark_args)) goto cleanup_mangle_1; } /* Forward all marked DNS traffic to our DNS_TABLE */ @@ -845,7 +851,7 @@ main (int argc, char *const*argv) { "ip", "rule", "add", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL }; - if (0 != fork_and_exec (SBIN_IP, forward_args)) + if (0 != fork_and_exec (sbin_ip, forward_args)) goto cleanup_mark_2; } /* Finally, add rule in our forwarding table to pass to our virtual interface */ @@ -855,7 +861,7 @@ main (int argc, char *const*argv) "ip", "route", "add", "default", "dev", dev, "table", DNS_TABLE, NULL }; - if (0 != fork_and_exec (SBIN_IP, route_args)) + if (0 != fork_and_exec (sbin_ip, route_args)) goto cleanup_forward_3; } @@ -910,7 +916,7 @@ main (int argc, char *const*argv) "ip", "route", "del", "default", "dev", dev, "table", DNS_TABLE, NULL }; - if (0 != fork_and_exec (SBIN_IP, route_clean_args)) + if (0 != fork_and_exec (sbin_ip, route_clean_args)) r += 1; } cleanup_forward_3: @@ -919,7 +925,7 @@ main (int argc, char *const*argv) { "ip", "rule", "del", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL }; - if (0 != fork_and_exec (SBIN_IP, forward_clean_args)) + if (0 != fork_and_exec (sbin_ip, forward_clean_args)) r += 2; } cleanup_mark_2: @@ -929,7 +935,7 @@ main (int argc, char *const*argv) "iptables", "-t", "mangle", "-D", "OUTPUT", "-p", "udp", "--dport", DNS_PORT, "-j", "MARK", "--set-mark", DNS_MARK, NULL }; - if (0 != fork_and_exec (SBIN_IPTABLES, mark_clean_args)) + if (0 != fork_and_exec (sbin_iptables, mark_clean_args)) r += 4; } cleanup_mangle_1: @@ -940,7 +946,7 @@ main (int argc, char *const*argv) "--sport", localport, "--dport", DNS_PORT, "-j", "ACCEPT", NULL }; - if (0 != fork_and_exec (SBIN_IPTABLES, mangle_clean_args)) + if (0 != fork_and_exec (sbin_iptables, mangle_clean_args)) r += 8; } diff --git a/src/exit/gnunet-helper-exit.c b/src/exit/gnunet-helper-exit.c index d1db2a6e6..57944cf61 100644 --- a/src/exit/gnunet-helper-exit.c +++ b/src/exit/gnunet-helper-exit.c @@ -62,12 +62,12 @@ /** * Path to 'sysctl' binary. */ -#define SBIN_SYSCTL "/sbin/sysctl" +static const char *sbin_sysctl; /** * Path to 'iptables' binary. */ -#define SBIN_IPTABLES "/sbin/iptables" +static const char *sbin_iptables; #ifndef _LINUX_IN6_H @@ -615,6 +615,28 @@ main (int argc, char **argv) fprintf (stderr, "Fatal: disabling both IPv4 and IPv6 makes no sense.\n"); return 1; } + if (0 == access ("/sbin/iptables", X_OK)) + sbin_iptables = "/sbin/iptables"; + else if (0 == access ("/usr/sbin/iptables", X_OK)) + sbin_iptables = "/usr/sbin/iptables"; + else + { + fprintf (stderr, + "Fatal: executable iptables not found in approved directories: %s\n", + strerror (errno)); + return 1; + } + if (0 == access ("/sbin/sysctl", X_OK)) + sbin_sysctl = "/sbin/sysctl"; + else if (0 == access ("/usr/sbin/sysctl", X_OK)) + sbin_sysctl = "/usr/sbin/sysctl"; + else + { + fprintf (stderr, + "Fatal: executable sysctl not found in approved directories: %s\n", + strerror (errno)); + return 1; + } strncpy (dev, argv[1], IFNAMSIZ); dev[IFNAMSIZ - 1] = '\0'; @@ -643,7 +665,7 @@ main (int argc, char **argv) { "sysctl", "-w", "net.ipv6.conf.all.forwarding=1", NULL }; - if (0 != fork_and_exec (SBIN_SYSCTL, + if (0 != fork_and_exec (sbin_sysctl, sysctl_args)) { fprintf (stderr, @@ -665,7 +687,7 @@ main (int argc, char **argv) { "sysctl", "-w", "net.ipv4.ip_forward=1", NULL }; - if (0 != fork_and_exec (SBIN_SYSCTL, + if (0 != fork_and_exec (sbin_sysctl, sysctl_args)) { fprintf (stderr, @@ -678,7 +700,7 @@ main (int argc, char **argv) { "iptables", "-t", "nat", "-A", "POSTROUTING", "-o", argv[2], "-j", "MASQUERADE", NULL }; - if (0 != fork_and_exec (SBIN_IPTABLES, + if (0 != fork_and_exec (sbin_iptables, iptables_args)) { fprintf (stderr, diff --git a/src/pt/gnunet-daemon-pt b/src/pt/gnunet-daemon-pt index 84ebead21..e57ea8f4d 100755 --- a/src/pt/gnunet-daemon-pt +++ b/src/pt/gnunet-daemon-pt @@ -1,7 +1,7 @@ #! /bin/bash # gnunet-daemon-pt - temporary wrapper script for .libs/gnunet-daemon-pt -# Generated by ltmain.sh (GNU libtool) 2.2.6b Debian-2.2.6b-2 +# Generated by libtool (GNU libtool) 2.4.2 Debian-2.4.2-1 # # The gnunet-daemon-pt program cannot be directly executed until all the libtool # libraries that it depends on are installed. @@ -11,7 +11,6 @@ # Sed substitution that helps us do robust quoting. It backslashifies # metacharacters that are still active within double-quoted strings. -Xsed='/bin/sed -e 1s/^X//' sed_quote_subst='s/\([`"$\\]\)/\\\1/g' # Be Bourne compatible @@ -32,39 +31,125 @@ DUALCASE=1; export DUALCASE # for MKS sh # if CDPATH is set. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH -relink_command="(cd /home/grothoff/svn/gnunet/src/pt; { test -z \"\${LIBRARY_PATH+set}\" || unset LIBRARY_PATH || { LIBRARY_PATH=; export LIBRARY_PATH; }; }; { test -z \"\${COMPILER_PATH+set}\" || unset COMPILER_PATH || { COMPILER_PATH=; export COMPILER_PATH; }; }; { test -z \"\${GCC_EXEC_PREFIX+set}\" || unset GCC_EXEC_PREFIX || { GCC_EXEC_PREFIX=; export GCC_EXEC_PREFIX; }; }; { test -z \"\${LD_RUN_PATH+set}\" || unset LD_RUN_PATH || { LD_RUN_PATH=; export LD_RUN_PATH; }; }; LD_LIBRARY_PATH=/usr/lib/debug:/home/grothoff/lib; export LD_LIBRARY_PATH; PATH=/opt/jdk1.6.0_22/bin:/usr/lib/jvm/java-6-sun//bin:.:/home/grothoff/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games; export PATH; gcc -fno-strict-aliasing -Wall -g -Wall -Werror -O0 -I/home/grothoff//include -o \$progdir/\$file gnunet-daemon-pt.o -L/home/grothoff//lib ../../src/vpn/.libs/libgnunetvpn.so ../../src/dns/.libs/libgnunetdns.so ../../src/dns/.libs/libgnunetdnsparser.so ../../src/statistics/.libs/libgnunetstatistics.so ../../src/util/.libs/libgnunetutil.so ../../src/mesh/.libs/libgnunetmesh.so -ldl -Wl,-rpath -Wl,/home/grothoff/svn/gnunet/src/vpn/.libs -Wl,-rpath -Wl,/home/grothoff/svn/gnunet/src/dns/.libs -Wl,-rpath -Wl,/home/grothoff/svn/gnunet/src/statistics/.libs -Wl,-rpath -Wl,/home/grothoff/svn/gnunet/src/util/.libs -Wl,-rpath -Wl,/home/grothoff/svn/gnunet/src/mesh/.libs -Wl,-rpath -Wl,/home/grothoff/lib)" +relink_command="(cd /home/grothoff/svn/gnunet/src/pt; { test -z \"\${LIBRARY_PATH+set}\" || unset LIBRARY_PATH || { LIBRARY_PATH=; export LIBRARY_PATH; }; }; { test -z \"\${COMPILER_PATH+set}\" || unset COMPILER_PATH || { COMPILER_PATH=; export COMPILER_PATH; }; }; { test -z \"\${GCC_EXEC_PREFIX+set}\" || unset GCC_EXEC_PREFIX || { GCC_EXEC_PREFIX=; export GCC_EXEC_PREFIX; }; }; { test -z \"\${LD_RUN_PATH+set}\" || unset LD_RUN_PATH || { LD_RUN_PATH=; export LD_RUN_PATH; }; }; LD_LIBRARY_PATH=/home/grothoff/lib; export LD_LIBRARY_PATH; PATH=/opt/jdk1.6.0_22/bin/:/home/grothoff/bin/:/usr/local/bin:/usr/bin:/bin:/usr/games:.; export PATH; gcc -fno-strict-aliasing -Wall -g -O0 -Wall -o \$progdir/\$file gnunet-daemon-pt.o -L/home/grothoff//lib ../../src/vpn/.libs/libgnunetvpn.so ../../src/dns/.libs/libgnunetdns.so ../../src/dns/.libs/libgnunetdnsparser.so ../../src/statistics/.libs/libgnunetstatistics.so ../../src/util/.libs/libgnunetutil.so ../../src/mesh/.libs/libgnunetmesh.so -lm -ldl -Wl,-rpath -Wl,/home/grothoff/svn/gnunet/src/vpn/.libs -Wl,-rpath -Wl,/home/grothoff/svn/gnunet/src/dns/.libs -Wl,-rpath -Wl,/home/grothoff/svn/gnunet/src/statistics/.libs -Wl,-rpath -Wl,/home/grothoff/svn/gnunet/src/util/.libs -Wl,-rpath -Wl,/home/grothoff/svn/gnunet/src/mesh/.libs -Wl,-rpath -Wl,/home/grothoff/lib)" # This environment variable determines our operation mode. if test "$libtool_install_magic" = "%%%MAGIC variable%%%"; then # install mode needs the following variables: - generated_by_libtool_version='2.2.6b' + generated_by_libtool_version='2.4.2' notinst_deplibs=' ../../src/vpn/libgnunetvpn.la ../../src/dns/libgnunetdns.la ../../src/dns/libgnunetdnsparser.la ../../src/statistics/libgnunetstatistics.la ../../src/util/libgnunetutil.la ../../src/mesh/libgnunetmesh.la' else # When we are sourced in execute mode, $file and $ECHO are already set. if test "$libtool_execute_magic" != "%%%MAGIC variable%%%"; then - ECHO="echo" file="$0" - # Make sure echo works. - if test "X$1" = X--no-reexec; then - # Discard the --no-reexec flag, and continue. - shift - elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t'; then - # Yippee, $ECHO works! - : - else - # Restart under the correct shell, and then maybe $ECHO will work. - exec /bin/bash "$0" --no-reexec ${1+"$@"} - fi + +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +$1 +_LTECHO_EOF' +} + ECHO="printf %s\\n" + fi + +# Very basic option parsing. These options are (a) specific to +# the libtool wrapper, (b) are identical between the wrapper +# /script/ and the wrapper /executable/ which is used only on +# windows platforms, and (c) all begin with the string --lt- +# (application programs are unlikely to have options which match +# this pattern). +# +# There are only two supported options: --lt-debug and +# --lt-dump-script. There is, deliberately, no --lt-help. +# +# The first argument to this parsing function should be the +# script's ../../libtool value, followed by no. +lt_option_debug= +func_parse_lt_options () +{ + lt_script_arg0=$0 + shift + for lt_opt + do + case "$lt_opt" in + --lt-debug) lt_option_debug=1 ;; + --lt-dump-script) + lt_dump_D=`$ECHO "X$lt_script_arg0" | /bin/sed -e 's/^X//' -e 's%/[^/]*$%%'` + test "X$lt_dump_D" = "X$lt_script_arg0" && lt_dump_D=. + lt_dump_F=`$ECHO "X$lt_script_arg0" | /bin/sed -e 's/^X//' -e 's%^.*/%%'` + cat "$lt_dump_D/$lt_dump_F" + exit 0 + ;; + --lt-*) + $ECHO "Unrecognized --lt- option: '$lt_opt'" 1>&2 + exit 1 + ;; + esac + done + + # Print the debug banner immediately: + if test -n "$lt_option_debug"; then + echo "gnunet-daemon-pt:gnunet-daemon-pt:${LINENO}: libtool wrapper (GNU libtool) 2.4.2 Debian-2.4.2-1" 1>&2 fi +} + +# Used when --lt-debug. Prints its arguments to stdout +# (redirection is the responsibility of the caller) +func_lt_dump_args () +{ + lt_dump_args_N=1; + for lt_arg + do + $ECHO "gnunet-daemon-pt:gnunet-daemon-pt:${LINENO}: newargv[$lt_dump_args_N]: $lt_arg" + lt_dump_args_N=`expr $lt_dump_args_N + 1` + done +} + +# Core function for launching the target application +func_exec_program_core () +{ + + if test -n "$lt_option_debug"; then + $ECHO "gnunet-daemon-pt:gnunet-daemon-pt:${LINENO}: newargv[0]: $progdir/$program" 1>&2 + func_lt_dump_args ${1+"$@"} 1>&2 + fi + exec "$progdir/$program" ${1+"$@"} + + $ECHO "$0: cannot exec $program $*" 1>&2 + exit 1 +} + +# A function to encapsulate launching the target application +# Strips options in the --lt-* namespace from $@ and +# launches target application with the remaining arguments. +func_exec_program () +{ + case " $* " in + *\ --lt-*) + for lt_wr_arg + do + case $lt_wr_arg in + --lt-*) ;; + *) set x "$@" "$lt_wr_arg"; shift;; + esac + shift + done ;; + esac + func_exec_program_core ${1+"$@"} +} + + # Parse options + func_parse_lt_options "$0" ${1+"$@"} # Find the directory that this script lives in. - thisdir=`$ECHO "X$file" | $Xsed -e 's%/[^/]*$%%'` + thisdir=`$ECHO "$file" | /bin/sed 's%/[^/]*$%%'` test "x$thisdir" = "x$file" && thisdir=. # Follow symbolic links until we get to the real thisdir. file=`ls -ld "$file" | /bin/sed -n 's/.*-> //p'` while test -n "$file"; do - destdir=`$ECHO "X$file" | $Xsed -e 's%/[^/]*$%%'` + destdir=`$ECHO "$file" | /bin/sed 's%/[^/]*$%%'` # If there was a directory component, then change thisdir. if test "x$destdir" != "x$file"; then @@ -74,11 +159,10 @@ else esac fi - file=`$ECHO "X$file" | $Xsed -e 's%^.*/%%'` + file=`$ECHO "$file" | /bin/sed 's%^.*/%%'` file=`ls -ld "$thisdir/$file" | /bin/sed -n 's/.*-> //p'` done - # Usually 'no', except on cygwin/mingw when embedded into # the cwrapper. WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=no @@ -89,7 +173,7 @@ else fi # remove .libs from thisdir case "$thisdir" in - *[\\/].libs ) thisdir=`$ECHO "X$thisdir" | $Xsed -e 's%[\\/][^\\/]*$%%'` ;; + *[\\/].libs ) thisdir=`$ECHO "$thisdir" | /bin/sed 's%[\\/][^\\/]*$%%'` ;; .libs ) thisdir=. ;; esac fi @@ -117,7 +201,7 @@ else if test -n "$relink_command"; then if relink_command_output=`eval $relink_command 2>&1`; then : else - echo "$relink_command_output" >&2 + printf %s\n "$relink_command_output" >&2 rm -f "$progdir/$file" exit 1 fi @@ -132,17 +216,13 @@ else if test -f "$progdir/$program"; then if test "$libtool_execute_magic" != "%%%MAGIC variable%%%"; then # Run the actual program with our arguments. - - exec "$progdir/$program" ${1+"$@"} - - $ECHO "$0: cannot exec $program $*" 1>&2 - exit 1 + func_exec_program ${1+"$@"} fi else # The program doesn't exist. $ECHO "$0: error: \`$progdir/$program' does not exist" 1>&2 $ECHO "This script is just a wrapper for $program." 1>&2 - echo "See the libtool documentation for more information." 1>&2 + $ECHO "See the libtool documentation for more information." 1>&2 exit 1 fi fi