From f7e0fa90cd9aec9111e09379f964993cec7615ff Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 20 Dec 2011 09:11:36 +0000 Subject: [PATCH] -minor cleanup, adding HAVE_SETRESUID check --- src/vpn/gnunet-helper-vpn.c | 69 ++++++++++++++++++++++++++++++------- 1 file changed, 57 insertions(+), 12 deletions(-) diff --git a/src/vpn/gnunet-helper-vpn.c b/src/vpn/gnunet-helper-vpn.c index d693388a3..3250141fb 100644 --- a/src/vpn/gnunet-helper-vpn.c +++ b/src/vpn/gnunet-helper-vpn.c @@ -61,10 +61,12 @@ struct in6_ifreq }; #endif + /** * Creates a tun-interface called dev; + * * @param dev is asumed to point to a char[IFNAMSIZ] - * if *dev == '\\0', uses the name supplied by the kernel + * if *dev == '\\0', uses the name supplied by the kernel; * @return the fd to the tun or -1 on error */ static int @@ -102,7 +104,7 @@ init_tun (char *dev) { fprintf (stderr, "Error with ioctl on `%s': %s\n", "/dev/net/tun", strerror (errno)); - close (fd); + (void) close (fd); return -1; } strcpy (dev, ifr.ifr_name); @@ -129,6 +131,7 @@ set_address6 (const char *dev, const char *address, unsigned long prefix_len) * parse the new address */ memset (&sa6, 0, sizeof (struct sockaddr_in6)); + sa6.sin6_family = AF_INET6; if (1 != inet_pton (AF_INET6, address, sa6.sin6_addr.s6_addr)) { fprintf (stderr, "Failed to parse address `%s': %s\n", address, @@ -142,10 +145,7 @@ set_address6 (const char *dev, const char *address, unsigned long prefix_len) exit (1); } - sa6.sin6_family = AF_INET6; - memcpy (&ifr6.ifr6_addr, &sa6.sin6_addr, sizeof (struct in6_addr)); - - + memset (&ifr, 0, sizeof (struct ifreq)); /* * Get the index of the if */ @@ -153,10 +153,13 @@ set_address6 (const char *dev, const char *address, unsigned long prefix_len) if (-1 == ioctl (fd, SIOGIFINDEX, &ifr)) { fprintf (stderr, "ioctl failed at %d: %s\n", __LINE__, strerror (errno)); + (void) close (fd); exit (1); } - ifr6.ifr6_ifindex = ifr.ifr_ifindex; + memset (&ifr6, 0, sizeof (struct in6_ifreq)); + ifr6.ifr6_addr = sa6.sin6_addr; + ifr6.ifr6_ifindex = ifr.ifr_ifindex; ifr6.ifr6_prefixlen = prefix_len; /* @@ -166,6 +169,8 @@ set_address6 (const char *dev, const char *address, unsigned long prefix_len) { fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__, strerror (errno)); + (void) close (fd); + exit (1); } /* @@ -175,6 +180,7 @@ set_address6 (const char *dev, const char *address, unsigned long prefix_len) { fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__, strerror (errno)); + (void) close (fd); exit (1); } @@ -186,6 +192,7 @@ set_address6 (const char *dev, const char *address, unsigned long prefix_len) { fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__, strerror (errno)); + (void) close (fd); exit (1); } @@ -213,9 +220,7 @@ set_address4 (const char *dev, const char *address, const char *mask) memset (&ifr, 0, sizeof (struct ifreq)); addr = (struct sockaddr_in *) &(ifr.ifr_addr); - memset (addr, 0, sizeof (struct sockaddr_in)); addr->sin_family = AF_INET; - addr->sin_addr.s_addr = inet_addr (address); /* * Parse the address @@ -227,7 +232,6 @@ set_address4 (const char *dev, const char *address, const char *mask) exit (1); } - if (-1 == (fd = socket (PF_INET, SOCK_DGRAM, 0))) { fprintf (stderr, "Error creating socket: %s\n", strerror (errno)); @@ -242,6 +246,7 @@ set_address4 (const char *dev, const char *address, const char *mask) if (-1 == ioctl (fd, SIOCSIFADDR, &ifr)) { fprintf (stderr, "ioctl failed at %d: %s\n", __LINE__, strerror (errno)); + (void) close (fd); exit (1); } @@ -253,6 +258,7 @@ set_address4 (const char *dev, const char *address, const char *mask) { fprintf (stderr, "Failed to parse address `%s': %s\n", mask, strerror (errno)); + (void) close (fd); exit (1); } @@ -263,6 +269,7 @@ set_address4 (const char *dev, const char *address, const char *mask) { fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__, strerror (errno)); + (void) close (fd); exit (1); } @@ -273,6 +280,7 @@ set_address4 (const char *dev, const char *address, const char *mask) { fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__, strerror (errno)); + (void) close (fd); exit (1); } @@ -284,17 +292,24 @@ set_address4 (const char *dev, const char *address, const char *mask) { fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__, strerror (errno)); + (void) close (fd); exit (1); } if (0 != close (fd)) { fprintf (stderr, "close failed: %s\n", strerror (errno)); + (void) close (fd); exit (1); } } +/** + * Start forwarding to and from the tunnel. + * + * @param fd_tun tunnel FD + */ static void run (int fd_tun) { @@ -497,11 +512,23 @@ PROCESS_BUFFER: } +/** + * Open VPN tunnel interface. + * + * @param argc must be 6 + * @param argv 0: binary name (gnunet-helper-vpn) + * 1: tunnel interface name (gnunet-vpn) + * 2: IPv6 address (::1) + * 3: IPv6 netmask length in bits (64) + * 4: IPv4 address (1.2.3.4) + * 5: IPv4 netmask (255.255.0.0) + */ int main (int argc, char **argv) { char dev[IFNAMSIZ]; int fd_tun; + int global_ret; if (6 != argc) { @@ -538,14 +565,32 @@ main (int argc, char **argv) set_address4 (dev, address, mask); } +#ifdef HAVE_SETRESUID uid_t uid = getuid (); - if (0 != setresuid (uid, uid, uid)) + { fprintf (stderr, "Failed to setresuid: %s\n", strerror (errno)); + global_ret = 2; + goto cleanup; + } +#else + if (0 != (setuid (uid) | seteuid (uid))) + { + fprintf (stderr, "Failed to setuid: %s\n", strerror (errno)); + global_ret = 2; + goto cleanup; + } +#endif + if (SIG_ERR == signal (SIGPIPE, SIG_IGN)) + { fprintf (stderr, "Failed to protect against SIGPIPE: %s\n", strerror (errno)); + /* no exit, we might as well die with SIGPIPE should it ever happen */ + } run (fd_tun); + global_ret = 0; + cleanup: close (fd_tun); - return 0; + return global_ret; } -- 2.25.1