[GNUnet-SVN] r18713 - gnunet/src/vpn

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] r18713 - gnunet/src/vpn

From:	gnunet
Subject:	[GNUnet-SVN] r18713 - gnunet/src/vpn
Date:	Tue, 20 Dec 2011 10:11:36 +0100

Author: grothoff
Date: 2011-12-20 10:11:36 +0100 (Tue, 20 Dec 2011)
New Revision: 18713

Modified:
   gnunet/src/vpn/gnunet-helper-vpn.c
Log:
-minor cleanup, adding HAVE_SETRESUID check

Modified: gnunet/src/vpn/gnunet-helper-vpn.c
===================================================================
--- gnunet/src/vpn/gnunet-helper-vpn.c  2011-12-20 09:11:34 UTC (rev 18712)
+++ gnunet/src/vpn/gnunet-helper-vpn.c  2011-12-20 09:11:36 UTC (rev 18713)
@@ -61,10 +61,12 @@
 };
 #endif
 
+
 /**
  * Creates a tun-interface called dev;
+ *
  * @param dev is asumed to point to a char[IFNAMSIZ]
- *        if *dev == '\\0', uses the name supplied by the kernel
+ *        if *dev == '\\0', uses the name supplied by the kernel;
  * @return the fd to the tun or -1 on error
  */
 static int
@@ -102,7 +104,7 @@
   {
     fprintf (stderr, "Error with ioctl on `%s': %s\n", "/dev/net/tun",
              strerror (errno));
-    close (fd);
+    (void) close (fd);
     return -1;
   }
   strcpy (dev, ifr.ifr_name);
@@ -129,6 +131,7 @@
    * parse the new address
    */
   memset (&sa6, 0, sizeof (struct sockaddr_in6));
+  sa6.sin6_family = AF_INET6;
   if (1 != inet_pton (AF_INET6, address, sa6.sin6_addr.s6_addr))
   {
     fprintf (stderr, "Failed to parse address `%s': %s\n", address,
@@ -142,10 +145,7 @@
     exit (1);
   }
 
-  sa6.sin6_family = AF_INET6;
-  memcpy (&ifr6.ifr6_addr, &sa6.sin6_addr, sizeof (struct in6_addr));
-
-
+  memset (&ifr, 0, sizeof (struct ifreq));
   /*
    * Get the index of the if
    */
@@ -153,10 +153,13 @@
   if (-1 == ioctl (fd, SIOGIFINDEX, &ifr))
   {
     fprintf (stderr, "ioctl failed at %d: %s\n", __LINE__, strerror (errno));
+    (void) close (fd);
     exit (1);
   }
+
+  memset (&ifr6, 0, sizeof (struct in6_ifreq));
+  ifr6.ifr6_addr = sa6.sin6_addr;
   ifr6.ifr6_ifindex = ifr.ifr_ifindex;
-
   ifr6.ifr6_prefixlen = prefix_len;
 
   /*
@@ -166,6 +169,8 @@
   {
     fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
              strerror (errno));
+    (void) close (fd);
+    exit (1);
   }
 
   /*
@@ -175,6 +180,7 @@
   {
     fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
              strerror (errno));
+    (void) close (fd);
     exit (1);
   }
 
@@ -186,6 +192,7 @@
   {
     fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
              strerror (errno));
+    (void) close (fd);
     exit (1);
   }
 
@@ -213,9 +220,7 @@
 
   memset (&ifr, 0, sizeof (struct ifreq));
   addr = (struct sockaddr_in *) &(ifr.ifr_addr);
-  memset (addr, 0, sizeof (struct sockaddr_in));
   addr->sin_family = AF_INET;
-  addr->sin_addr.s_addr = inet_addr (address);
 
   /*
    * Parse the address
@@ -227,7 +232,6 @@
     exit (1);
   }
 
-
   if (-1 == (fd = socket (PF_INET, SOCK_DGRAM, 0)))
   {
     fprintf (stderr, "Error creating socket: %s\n", strerror (errno));
@@ -242,6 +246,7 @@
   if (-1 == ioctl (fd, SIOCSIFADDR, &ifr))
   {
     fprintf (stderr, "ioctl failed at %d: %s\n", __LINE__, strerror (errno));
+    (void) close (fd);
     exit (1);
   }
 
@@ -253,6 +258,7 @@
   {
     fprintf (stderr, "Failed to parse address `%s': %s\n", mask,
              strerror (errno));
+    (void) close (fd);
     exit (1);
   }
 
@@ -263,6 +269,7 @@
   {
     fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
              strerror (errno));
+    (void) close (fd);
     exit (1);
   }
 
@@ -273,6 +280,7 @@
   {
     fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
              strerror (errno));
+    (void) close (fd);
     exit (1);
   }
 
@@ -284,17 +292,24 @@
   {
     fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
              strerror (errno));
+    (void) close (fd);
     exit (1);
   }
 
   if (0 != close (fd))
   {
     fprintf (stderr, "close failed: %s\n", strerror (errno));
+    (void) close (fd);
     exit (1);
   }
 }
 
 
+/**
+ * Start forwarding to and from the tunnel.
+ *
+ * @param fd_tun tunnel FD
+ */
 static void
 run (int fd_tun)
 {
@@ -497,11 +512,23 @@
 }
 
 
+/**
+ * Open VPN tunnel interface.
+ *
+ * @param argc must be 6
+ * @param argv 0: binary name (gnunet-helper-vpn)
+ *             1: tunnel interface name (gnunet-vpn)
+ *             2: IPv6 address (::1)
+ *             3: IPv6 netmask length in bits (64)
+ *             4: IPv4 address (1.2.3.4)
+ *             5: IPv4 netmask (255.255.0.0)
+ */
 int
 main (int argc, char **argv)
 {
   char dev[IFNAMSIZ];
   int fd_tun;
+  int global_ret;
 
   if (6 != argc)
   {
@@ -538,14 +565,32 @@
     set_address4 (dev, address, mask);
   }
 
+#ifdef HAVE_SETRESUID
   uid_t uid = getuid ();
-
   if (0 != setresuid (uid, uid, uid))
+  {
     fprintf (stderr, "Failed to setresuid: %s\n", strerror (errno));
+    global_ret = 2;
+    goto cleanup;
+  }
+#else
+  if (0 != (setuid (uid) | seteuid (uid)))
+  {
+    fprintf (stderr, "Failed to setuid: %s\n", strerror (errno));
+    global_ret = 2;
+    goto cleanup;
+  }
+#endif
+
   if (SIG_ERR == signal (SIGPIPE, SIG_IGN))
+  {
     fprintf (stderr, "Failed to protect against SIGPIPE: %s\n",
              strerror (errno));
+    /* no exit, we might as well die with SIGPIPE should it ever happen */
+  }
   run (fd_tun);
+  global_ret = 0;
+ cleanup:
   close (fd_tun);
-  return 0;
+  return global_ret;
 }

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] r18713 - gnunet/src/vpn, gnunet <=

Prev by Date: [GNUnet-SVN] r18712 - gnunet/contrib
Next by Date: [GNUnet-SVN] r18714 - in gnunet: . src/dht
Previous by thread: [GNUnet-SVN] r18712 - gnunet/contrib
Next by thread: [GNUnet-SVN] r18714 - in gnunet: . src/dht
Index(es):
- Date
- Thread