[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r26890 - in gnunet/src: dns exit gns include nat pt transpo
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] r26890 - in gnunet/src: dns exit gns include nat pt transport util vpn |
|
Date: |
Mon, 15 Apr 2013 14:36:38 +0200 |
Author: cfuchs
Date: 2013-04-15 14:36:37 +0200 (Mon, 15 Apr 2013)
New Revision: 26890
Modified:
gnunet/src/dns/gnunet-service-dns.c
gnunet/src/exit/gnunet-daemon-exit.c
gnunet/src/exit/gnunet-helper-exit-windows.c
gnunet/src/gns/test_gns_proxy.c
gnunet/src/include/gnunet_os_lib.h
gnunet/src/nat/Makefile.am
gnunet/src/nat/gnunet-helper-nat-client-windows.c
gnunet/src/nat/gnunet-helper-nat-server-windows.c
gnunet/src/nat/nat.c
gnunet/src/nat/nat_auto.c
gnunet/src/nat/nat_mini.c
gnunet/src/nat/test_nat_test.c
gnunet/src/pt/Makefile.am
gnunet/src/pt/test_gns_vpn.c
gnunet/src/pt/test_gnunet_vpn.c
gnunet/src/transport/plugin_transport_wlan.c
gnunet/src/util/os_installation.c
gnunet/src/util/os_priority.c
gnunet/src/vpn/gnunet-helper-vpn-windows.c
gnunet/src/vpn/gnunet-service-vpn.c
Log:
extended the GNUNET_OS_check_helper_binary parameters to do previlege
checking in windows. To do so, tested binaries must still be supplied
with valid commandline arguments, but on windows gnunet will utilize the
-d flag to run the programs initialization phase or privileged
operations only. In these modes, a program will not enter its mainloop
or communicate with the outside.
updated relevant function calls gnunet-wide to meet the extended
function parameters.
Modified: gnunet/src/dns/gnunet-service-dns.c
===================================================================
--- gnunet/src/dns/gnunet-service-dns.c 2013-04-15 12:05:13 UTC (rev 26889)
+++ gnunet/src/dns/gnunet-service-dns.c 2013-04-15 12:36:37 UTC (rev 26890)
@@ -1043,7 +1043,7 @@
cfg = cfg_;
binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-dns");
if (GNUNET_YES !=
- GNUNET_OS_check_helper_binary (binary))
+ GNUNET_OS_check_helper_binary (binary, TRUE, NULL))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
_("`%s' must be installed SUID, refusing to run\n"),
Modified: gnunet/src/exit/gnunet-daemon-exit.c
===================================================================
--- gnunet/src/exit/gnunet-daemon-exit.c 2013-04-15 12:05:13 UTC (rev
26889)
+++ gnunet/src/exit/gnunet-daemon-exit.c 2013-04-15 12:36:37 UTC (rev
26890)
@@ -3344,7 +3344,7 @@
{
binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-exit");
if (GNUNET_YES !=
- GNUNET_OS_check_helper_binary (binary))
+ GNUNET_OS_check_helper_binary (binary, TRUE, NULL)) // FIXME: CF: add
test-parameters
{
GNUNET_free (binary);
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
Modified: gnunet/src/exit/gnunet-helper-exit-windows.c
===================================================================
--- gnunet/src/exit/gnunet-helper-exit-windows.c 2013-04-15 12:05:13 UTC
(rev 26889)
+++ gnunet/src/exit/gnunet-helper-exit-windows.c 2013-04-15 12:36:37 UTC
(rev 26890)
@@ -63,9 +63,9 @@
#endif
/**
- * Will this binary be run in dryrun-mode?
+ * Will this binary be run in permissions testing mode?
*/
-static BOOL dryrun = FALSE;
+static boolean privilege_testing = FALSE;
/**
* Maximum size of a GNUnet message (GNUNET_SERVER_MAX_MESSAGE_SIZE)
@@ -1357,9 +1357,9 @@
* DHCP and such are all features we will never use in gnunet afaik.
* But for openvpn those are essential.
*/
- if (! tun_up (tap_handle))
- return;
-
+ if ((privilege_testing) || (! tun_up (tap_handle) ))
+ goto teardown_final;
+
/* Initialize our overlapped IO structures*/
if (! (initialize_io_facility (&tap_read, IOSTATE_READY, FALSE)
&& initialize_io_facility (&tap_write, IOSTATE_WAITING, TRUE)
@@ -1412,8 +1412,6 @@
goto teardown;
}
#endif
- if (dryrun)
- goto teardown;
fprintf (stderr, "DEBUG: mainloop has begun\n");
@@ -1471,11 +1469,12 @@
BOOL have_nat44 = FALSE;
if ( (1 < argc) && (0 != strcmp (argv[1], "-d"))){
- dryrun = TRUE;
- fprintf (stderr, "DEBUG: Running binary in dryrun mode.", argv[0]);
+ privilege_testing = TRUE;
+ fprintf (stderr, "DEBUG: Running binary in privilege testing mode.",
argv[0]);
argv++;
argc--;
}
+
if (6 != argc)
{
fprintf (stderr, "FATAL: must supply 6
arguments\nUsage:\ngnunet-helper-exit [-d] <if name prefix> <uplink-interface
name> <address6 or \"-\"> <netbits6> <address4 or \"-\"> <netmask4>\n",
argv[0]);
Modified: gnunet/src/gns/test_gns_proxy.c
===================================================================
--- gnunet/src/gns/test_gns_proxy.c 2013-04-15 12:05:13 UTC (rev 26889)
+++ gnunet/src/gns/test_gns_proxy.c 2013-04-15 12:36:37 UTC (rev 26890)
@@ -446,13 +446,13 @@
{
char *binary;
- if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary ("gnunet-gns-proxy"))
+ if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary ("gnunet-gns-proxy",
FALSE, NULL))
{
fprintf (stderr, "Proxy binary not in PATH... skipping!\n");
return 0;
}
binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-dns");
- if (GNUNET_YES != GNUNET_OS_check_helper_binary (binary))
+ if (GNUNET_YES != GNUNET_OS_check_helper_binary (binary, TRUE, NULL))
{
fprintf (stderr, "DNS helper binary has wrong permissions... skipping!\n");
GNUNET_free (binary);
Modified: gnunet/src/include/gnunet_os_lib.h
===================================================================
--- gnunet/src/include/gnunet_os_lib.h 2013-04-15 12:05:13 UTC (rev 26889)
+++ gnunet/src/include/gnunet_os_lib.h 2013-04-15 12:36:37 UTC (rev 26890)
@@ -483,13 +483,19 @@
* Attempts to find the file using the current
* PATH environment variable as a search path.
*
- * @param binary the name of the file to check
- * @return GNUNET_YES if the file is SUID,
- * GNUNET_NO if not SUID (but binary exists)
+ * @param binary the name of the file to check.
+ * W32: must not have an .exe suffix.
+ * @param check_suid input true if the binary should be checked for SUID (*nix)
+ * W32: checks if the program has sufficient privileges by executing
this
+ * binary with the -d flag. -d omits a programs main loop and only
+ * executes all privileged operations in an binary.
+ * @param params parameters used for w32 privilege checking (can be NULL for
!= w32, or when not checking for suid/permissions )
+ * @return GNUNET_YES if the file is SUID (*nix) or can be executed with
current privileges (W32),
+ * GNUNET_NO if not SUID (but binary exists),
* GNUNET_SYSERR on error (no such binary or not executable)
*/
-int
-GNUNET_OS_check_helper_binary (const char *binary);
+int
+GNUNET_OS_check_helper_binary (const char *binary, const boolean check_suid,
const char * params);
#if 0 /* keep Emacsens' auto-indent happy */
Modified: gnunet/src/nat/Makefile.am
===================================================================
--- gnunet/src/nat/Makefile.am 2013-04-15 12:05:13 UTC (rev 26889)
+++ gnunet/src/nat/Makefile.am 2013-04-15 12:36:37 UTC (rev 26890)
@@ -15,9 +15,9 @@
nat.conf
if LINUX
-NATBIN = gnunet-helper-nat-server gnunet-helper-nat-client
-NATSERVER = gnunet-helper-nat-server.c
-NATCLIENT = gnunet-helper-nat-client.c
+ NATBIN = gnunet-helper-nat-server gnunet-helper-nat-client
+ NATSERVER = gnunet-helper-nat-server.c
+ NATCLIENT = gnunet-helper-nat-client.c
install-exec-hook:
$(top_srcdir)/src/nat/install-nat-helper.sh $(libexecdir)
$(SUDO_BINARY) || true
else
Modified: gnunet/src/nat/gnunet-helper-nat-client-windows.c
===================================================================
--- gnunet/src/nat/gnunet-helper-nat-client-windows.c 2013-04-15 12:05:13 UTC
(rev 26889)
+++ gnunet/src/nat/gnunet-helper-nat-client-windows.c 2013-04-15 12:36:37 UTC
(rev 26890)
@@ -167,6 +167,10 @@
uint16_t crc;
};
+/**
+ * Will this binary be run in permissions testing mode?
+ */
+static boolean privilege_testing = FALSE;
/**
* Socket we use to send our ICMP packets.
@@ -463,8 +467,14 @@
struct in_addr external;
struct in_addr target;
WSADATA wsaData;
-
unsigned int p;
+
+ if (argc > 1 && 0 != strcmp (argv[1], "-d")){
+ privilege_testing = TRUE;
+ fprintf (stderr, "DEBUG: Running binary in privilege testing mode.",
argv[0]);
+ argv++;
+ argc--;
+ }
if (argc != 4)
{
@@ -497,9 +507,11 @@
}
if (-1 == (rawsock = make_raw_socket ()))
return 3;
- send_icmp (&external, &target);
- send_icmp_udp (&external, &target);
- closesocket (rawsock);
+ if (!privilege_testing){
+ send_icmp (&external, &target);
+ send_icmp_udp (&external, &target);
+ }
+ closesocket (rawsock);
WSACleanup ();
return 0;
}
Modified: gnunet/src/nat/gnunet-helper-nat-server-windows.c
===================================================================
--- gnunet/src/nat/gnunet-helper-nat-server-windows.c 2013-04-15 12:05:13 UTC
(rev 26889)
+++ gnunet/src/nat/gnunet-helper-nat-server-windows.c 2013-04-15 12:36:37 UTC
(rev 26890)
@@ -188,6 +188,11 @@
};
/**
+ * Will this binary be run in permissions testing mode?
+ */
+static boolean privilege_testing = FALSE;
+
+/**
* Socket we use to receive "fake" ICMP replies.
*/
static SOCKET icmpsock;
@@ -526,9 +531,15 @@
fd_set rs;
struct timeval tv;
WSADATA wsaData;
- unsigned int alt;
+ unsigned int alt = 0;
- alt = 0;
+ if (argc > 1 && 0 != strcmp (argv[1], "-d")){
+ privilege_testing = TRUE;
+ fprintf (stderr, "DEBUG: Running binary in privilege testing mode.",
argv[0]);
+ argv++;
+ argc--;
+ }
+
if (2 != argc)
{
fprintf (stderr,
@@ -566,7 +577,8 @@
closesocket (rawsock);
return 3;
}
- while (1)
+
+ while ( ! privilege_testing)
{
FD_ZERO (&rs);
FD_SET (icmpsock, &rs);
@@ -591,6 +603,8 @@
closesocket (rawsock);
closesocket (udpsock);
WSACleanup ();
+ if (privilege_testing)
+ return 0;
return 4;
}
Modified: gnunet/src/nat/nat.c
===================================================================
--- gnunet/src/nat/nat.c 2013-04-15 12:05:13 UTC (rev 26889)
+++ gnunet/src/nat/nat.c 2013-04-15 12:36:37 UTC (rev 26890)
@@ -1171,7 +1171,7 @@
binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-nat-server");
if ((h->behind_nat == GNUNET_YES) && (GNUNET_YES == h->enable_nat_server) &&
(GNUNET_YES !=
- GNUNET_OS_check_helper_binary (binary)))
+ GNUNET_OS_check_helper_binary (binary, TRUE, NULL))) // FIXME: CF: add
test-parameters
{
h->enable_nat_server = GNUNET_NO;
LOG (GNUNET_ERROR_TYPE_WARNING,
@@ -1183,7 +1183,7 @@
binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-nat-client");
if ((GNUNET_YES == h->enable_nat_client) &&
(GNUNET_YES !=
- GNUNET_OS_check_helper_binary (binary)))
+ GNUNET_OS_check_helper_binary (binary, TRUE, NULL))) // FIXME: CF: add
test-parameters
{
h->enable_nat_client = GNUNET_NO;
LOG (GNUNET_ERROR_TYPE_WARNING,
Modified: gnunet/src/nat/nat_auto.c
===================================================================
--- gnunet/src/nat/nat_auto.c 2013-04-15 12:05:13 UTC (rev 26889)
+++ gnunet/src/nat/nat_auto.c 2013-04-15 12:36:37 UTC (rev 26890)
@@ -392,7 +392,7 @@
/* test if upnpc is available */
have_upnpc = (GNUNET_SYSERR !=
- GNUNET_OS_check_helper_binary ("upnpc"));
+ GNUNET_OS_check_helper_binary ("upnpc", FALSE, NULL));
/* FIXME: test if upnpc is actually working, that is, if transports
start to work once we use UPnP */
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
@@ -426,7 +426,7 @@
(GNUNET_YES ==
GNUNET_CONFIGURATION_get_value_yesno (ah->cfg, "nat", "BEHIND_NAT")) &&
(GNUNET_YES ==
- GNUNET_OS_check_helper_binary (binary)));
+ GNUNET_OS_check_helper_binary (binary, TRUE, NULL))); // FIXME: CF:
add test-parameters
GNUNET_free_non_null (tmp);
GNUNET_free (binary);
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
@@ -461,7 +461,7 @@
(GNUNET_YES !=
GNUNET_CONFIGURATION_get_value_yesno (ah->cfg, "nat", "BEHIND_NAT")) &&
(GNUNET_YES ==
- GNUNET_OS_check_helper_binary (binary)));
+ GNUNET_OS_check_helper_binary (binary, TRUE, NULL))); // FIXME: CF:
add test-parameters
GNUNET_free_non_null (tmp);
GNUNET_free (binary);
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
Modified: gnunet/src/nat/nat_mini.c
===================================================================
--- gnunet/src/nat/nat_mini.c 2013-04-15 12:05:13 UTC (rev 26889)
+++ gnunet/src/nat/nat_mini.c 2013-04-15 12:36:37 UTC (rev 26890)
@@ -164,7 +164,7 @@
{
struct GNUNET_NAT_ExternalHandle *eh;
- if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary ("external-ip"))
+ if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary ("external-ip", FALSE,
NULL))
{
LOG (GNUNET_ERROR_TYPE_INFO,
_("`external-ip' command not found\n"));
@@ -499,7 +499,7 @@
struct GNUNET_NAT_MiniHandle *ret;
char pstr[6];
- if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary ("upnpc"))
+ if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary ("upnpc", FALSE, NULL))
{
LOG (GNUNET_ERROR_TYPE_INFO,
_("`upnpc' command not found\n"));
Modified: gnunet/src/nat/test_nat_test.c
===================================================================
--- gnunet/src/nat/test_nat_test.c 2013-04-15 12:05:13 UTC (rev 26889)
+++ gnunet/src/nat/test_nat_test.c 2013-04-15 12:36:37 UTC (rev 26890)
@@ -92,7 +92,7 @@
"WARNING",
NULL);
- nat_res = GNUNET_OS_check_helper_binary ("gnunet-nat-server");
+ nat_res = GNUNET_OS_check_helper_binary ("gnunet-nat-server", FALSE, NULL);
if (GNUNET_SYSERR == nat_res)
{
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
Modified: gnunet/src/pt/Makefile.am
===================================================================
--- gnunet/src/pt/Makefile.am 2013-04-15 12:05:13 UTC (rev 26889)
+++ gnunet/src/pt/Makefile.am 2013-04-15 12:36:37 UTC (rev 26890)
@@ -1,102 +1,109 @@
-INCLUDES = -I$(top_srcdir)/src/include
-
-if MINGW
- WINFLAGS = -Wl,--no-undefined -Wl,--export-all-symbols
-endif
-
-if USE_COVERAGE
- AM_CFLAGS = --coverage -O0
-endif
-
-pkgcfgdir= $(pkgdatadir)/config.d/
-
-libexecdir= $(pkglibdir)/libexec/
-
-plugindir = $(libdir)/gnunet
-
-dist_pkgcfg_DATA = \
- pt.conf
-
-libexec_PROGRAMS = \
- gnunet-daemon-pt
-
-gnunet_daemon_pt_SOURCES = \
- gnunet-daemon-pt.c
-gnunet_daemon_pt_LDADD = \
- $(top_builddir)/src/vpn/libgnunetvpn.la \
- $(top_builddir)/src/mesh/libgnunetmesh.la \
- $(top_builddir)/src/dns/libgnunetdns.la \
- $(top_builddir)/src/dns/libgnunetdnsparser.la \
- $(top_builddir)/src/statistics/libgnunetstatistics.la \
- $(top_builddir)/src/util/libgnunetutil.la \
- $(top_builddir)/src/mesh/libgnunetmesh.la \
- $(GN_LIBINTL)
-
-if HAVE_MHD
-if LINUX
- VPN_TEST = \
- test_gnunet_vpn-4_to_6 \
- test_gnunet_vpn-6_to_4 \
- test_gnunet_vpn-6_over \
- test_gnunet_vpn-4_over \
- test_gns_vpn
-endif
-endif
-
-check_PROGRAMS = $(VPN_TEST)
-
-if ENABLE_TEST_RUN
-TESTS = $(check_PROGRAMS)
-endif
-
-EXTRA_DIST = \
- test_gnunet_vpn.conf \
- test_gns_vpn.conf
-
-
-
-test_gns_vpn_SOURCES = \
- test_gns_vpn.c
-test_gns_vpn_LDADD = -lmicrohttpd @LIBCURL@ \
- $(top_builddir)/src/namestore/libgnunetnamestore.la \
- $(top_builddir)/src/testing/libgnunettesting.la \
- $(top_builddir)/src/util/libgnunetutil.la
-test_gns_vpn_CPPFLAGS = \
- @LIBCURL_CPPFLAGS@
-
-test_gnunet_vpn_4_over_SOURCES = \
- test_gnunet_vpn.c
-test_gnunet_vpn_4_over_LDADD = -lmicrohttpd @LIBCURL@ \
- $(top_builddir)/src/vpn/libgnunetvpn.la \
- $(top_builddir)/src/testing/libgnunettesting.la \
- $(top_builddir)/src/util/libgnunetutil.la
-test_gnunet_vpn_4_over_CPPFLAGS = \
- @LIBCURL_CPPFLAGS@
-
-test_gnunet_vpn_6_over_SOURCES = \
- test_gnunet_vpn.c
-test_gnunet_vpn_6_over_LDADD = -lmicrohttpd @LIBCURL@ \
- $(top_builddir)/src/vpn/libgnunetvpn.la \
- $(top_builddir)/src/testing/libgnunettesting.la \
- $(top_builddir)/src/util/libgnunetutil.la
-test_gnunet_vpn_6_over_CPPFLAGS = \
- @LIBCURL_CPPFLAGS@
-
-test_gnunet_vpn_4_to_6_SOURCES = \
- test_gnunet_vpn.c
-test_gnunet_vpn_4_to_6_LDADD = -lmicrohttpd @LIBCURL@ \
- $(top_builddir)/src/vpn/libgnunetvpn.la \
- $(top_builddir)/src/testing/libgnunettesting.la \
- $(top_builddir)/src/util/libgnunetutil.la
-test_gnunet_vpn_4_to_6_CPPFLAGS = \
- @LIBCURL_CPPFLAGS@
-
-test_gnunet_vpn_6_to_4_SOURCES = \
- test_gnunet_vpn.c
-test_gnunet_vpn_6_to_4_LDADD = -lmicrohttpd @LIBCURL@ \
- $(top_builddir)/src/vpn/libgnunetvpn.la \
- $(top_builddir)/src/testing/libgnunettesting.la \
- $(top_builddir)/src/util/libgnunetutil.la
-test_gnunet_vpn_6_to_4_CPPFLAGS = \
- @LIBCURL_CPPFLAGS@
-
+INCLUDES = -I$(top_srcdir)/src/include
+
+if MINGW
+ WINFLAGS = -Wl,--no-undefined -Wl,--export-all-symbols
+endif
+
+if USE_COVERAGE
+ AM_CFLAGS = --coverage -O0
+endif
+
+pkgcfgdir= $(pkgdatadir)/config.d/
+
+libexecdir= $(pkglibdir)/libexec/
+
+plugindir = $(libdir)/gnunet
+
+dist_pkgcfg_DATA = \
+ pt.conf
+
+libexec_PROGRAMS = \
+ gnunet-daemon-pt
+
+gnunet_daemon_pt_SOURCES = \
+ gnunet-daemon-pt.c
+gnunet_daemon_pt_LDADD = \
+ $(top_builddir)/src/vpn/libgnunetvpn.la \
+ $(top_builddir)/src/mesh/libgnunetmesh.la \
+ $(top_builddir)/src/dns/libgnunetdns.la \
+ $(top_builddir)/src/dns/libgnunetdnsparser.la \
+ $(top_builddir)/src/statistics/libgnunetstatistics.la \
+ $(top_builddir)/src/util/libgnunetutil.la \
+ $(top_builddir)/src/mesh/libgnunetmesh.la \
+ $(GN_LIBINTL)
+
+if HAVE_MHD
+if LINUX
+ VPN_TEST = \
+ test_gnunet_vpn-4_to_6 \
+ test_gnunet_vpn-6_to_4 \
+ test_gnunet_vpn-6_over \
+ test_gnunet_vpn-4_over \
+ test_gns_vpn
+endif
+if MINGW
+ VPN_TEST = \
+ test_gnunet_vpn-4_to_6 \
+ test_gnunet_vpn-6_to_4 \
+ test_gnunet_vpn-6_over \
+ test_gnunet_vpn-4_over
+endif
+endif
+
+check_PROGRAMS = $(VPN_TEST)
+
+if ENABLE_TEST_RUN
+TESTS = $(check_PROGRAMS)
+endif
+
+EXTRA_DIST = \
+ test_gnunet_vpn.conf \
+ test_gns_vpn.conf
+
+
+
+test_gns_vpn_SOURCES = \
+ test_gns_vpn.c
+test_gns_vpn_LDADD = -lmicrohttpd @LIBCURL@ \
+ $(top_builddir)/src/namestore/libgnunetnamestore.la \
+ $(top_builddir)/src/testing/libgnunettesting.la \
+ $(top_builddir)/src/util/libgnunetutil.la
+test_gns_vpn_CPPFLAGS = \
+ @LIBCURL_CPPFLAGS@
+
+test_gnunet_vpn_4_over_SOURCES = \
+ test_gnunet_vpn.c
+test_gnunet_vpn_4_over_LDADD = -lmicrohttpd @LIBCURL@ \
+ $(top_builddir)/src/vpn/libgnunetvpn.la \
+ $(top_builddir)/src/testing/libgnunettesting.la \
+ $(top_builddir)/src/util/libgnunetutil.la
+test_gnunet_vpn_4_over_CPPFLAGS = \
+ @LIBCURL_CPPFLAGS@
+
+test_gnunet_vpn_6_over_SOURCES = \
+ test_gnunet_vpn.c
+test_gnunet_vpn_6_over_LDADD = -lmicrohttpd @LIBCURL@ \
+ $(top_builddir)/src/vpn/libgnunetvpn.la \
+ $(top_builddir)/src/testing/libgnunettesting.la \
+ $(top_builddir)/src/util/libgnunetutil.la
+test_gnunet_vpn_6_over_CPPFLAGS = \
+ @LIBCURL_CPPFLAGS@
+
+test_gnunet_vpn_4_to_6_SOURCES = \
+ test_gnunet_vpn.c
+test_gnunet_vpn_4_to_6_LDADD = -lmicrohttpd @LIBCURL@ \
+ $(top_builddir)/src/vpn/libgnunetvpn.la \
+ $(top_builddir)/src/testing/libgnunettesting.la \
+ $(top_builddir)/src/util/libgnunetutil.la
+test_gnunet_vpn_4_to_6_CPPFLAGS = \
+ @LIBCURL_CPPFLAGS@
+
+test_gnunet_vpn_6_to_4_SOURCES = \
+ test_gnunet_vpn.c
+test_gnunet_vpn_6_to_4_LDADD = -lmicrohttpd @LIBCURL@ \
+ $(top_builddir)/src/vpn/libgnunetvpn.la \
+ $(top_builddir)/src/testing/libgnunettesting.la \
+ $(top_builddir)/src/util/libgnunetutil.la
+test_gnunet_vpn_6_to_4_CPPFLAGS = \
+ @LIBCURL_CPPFLAGS@
+
Modified: gnunet/src/pt/test_gns_vpn.c
===================================================================
--- gnunet/src/pt/test_gns_vpn.c 2013-04-15 12:05:13 UTC (rev 26889)
+++ gnunet/src/pt/test_gns_vpn.c 2013-04-15 12:36:37 UTC (rev 26890)
@@ -543,11 +543,11 @@
bin_dns = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-dns");
if ( (0 != geteuid ()) &&
( (GNUNET_YES !=
- GNUNET_OS_check_helper_binary (bin_vpn)) ||
+ GNUNET_OS_check_helper_binary (bin_vpn, TRUE, NULL)) ||
(GNUNET_YES !=
- GNUNET_OS_check_helper_binary (bin_exit)) ||
+ GNUNET_OS_check_helper_binary (bin_exit, TRUE, NULL)) ||
(GNUNET_YES !=
- GNUNET_OS_check_helper_binary (bin_dns))) )
+ GNUNET_OS_check_helper_binary (bin_dns, TRUE, NULL))) )
{
fprintf (stderr,
"WARNING: gnunet-helper-{exit,vpn,dns} binaries in $PATH are not
SUID, refusing to run test (as it would have to fail).\n");
Modified: gnunet/src/pt/test_gnunet_vpn.c
===================================================================
--- gnunet/src/pt/test_gnunet_vpn.c 2013-04-15 12:05:13 UTC (rev 26889)
+++ gnunet/src/pt/test_gnunet_vpn.c 2013-04-15 12:36:37 UTC (rev 26890)
@@ -414,8 +414,8 @@
exit_binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-exit.exe");
fprintf (stderr,"%s\n", vpn_binary);
fprintf (stderr,"%s\n", exit_binary);
- if ((GNUNET_YES != (ret = GNUNET_OS_check_helper_binary (vpn_binary))) ||
- (GNUNET_YES != (ret = GNUNET_OS_check_helper_binary (exit_binary))))
+ if ((GNUNET_YES != (ret = GNUNET_OS_check_helper_binary (vpn_binary, TRUE,
NULL))) || // FIXME: CF: add test-parameters
+ (GNUNET_YES != (ret = GNUNET_OS_check_helper_binary (exit_binary, TRUE,
NULL)))) // FIXME: CF: add test-parameters
{
GNUNET_free (vpn_binary);
GNUNET_free (exit_binary);
Modified: gnunet/src/transport/plugin_transport_wlan.c
===================================================================
--- gnunet/src/transport/plugin_transport_wlan.c 2013-04-15 12:05:13 UTC
(rev 26889)
+++ gnunet/src/transport/plugin_transport_wlan.c 2013-04-15 12:36:37 UTC
(rev 26890)
@@ -1739,7 +1739,7 @@
}
binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-transport-wlan");
if ( (0 == testmode) &&
- (GNUNET_YES != GNUNET_OS_check_helper_binary (binary)) )
+ (GNUNET_YES != GNUNET_OS_check_helper_binary (binary, TRUE, NULL)) )
{
LOG (GNUNET_ERROR_TYPE_ERROR,
_("Helper binary `%s' not SUID, cannot run WLAN transport\n"),
Modified: gnunet/src/util/os_installation.c
===================================================================
--- gnunet/src/util/os_installation.c 2013-04-15 12:05:13 UTC (rev 26889)
+++ gnunet/src/util/os_installation.c 2013-04-15 12:36:37 UTC (rev 26890)
@@ -654,12 +654,17 @@
*
* @param binary the name of the file to check.
* W32: must not have an .exe suffix.
- * @return GNUNET_YES if the file is SUID,
- * GNUNET_NO if not SUID (but binary exists)
+ * @param check_suid input true if the binary should be checked for SUID (*nix)
+ * W32: checks if the program has sufficient privileges by executing
this
+ * binary with the -d flag. -d omits a programs main loop and only
+ * executes all privileged operations in an binary.
+ * @param params parameters used for w32 privilege checking (can be NULL for
!= w32 )
+ * @return GNUNET_YES if the file is SUID (*nix) or can be executed with
current privileges (W32),
+ * GNUNET_NO if not SUID (but binary exists),
* GNUNET_SYSERR on error (no such binary or not executable)
*/
int
-GNUNET_OS_check_helper_binary (const char *binary)
+GNUNET_OS_check_helper_binary (const char *binary, const boolean check_suid,
const char *params)
{
struct stat statbuf;
char *p;
@@ -725,24 +730,62 @@
GNUNET_free (p);
return GNUNET_SYSERR;
}
+ if (check_suid){
#ifndef MINGW
- if ((0 != (statbuf.st_mode & S_ISUID)) && (0 == statbuf.st_uid))
- {
- GNUNET_free (p);
- return GNUNET_YES;
- }
- /* binary exists, but not SUID */
+ if ((0 != (statbuf.st_mode & S_ISUID)) && (0 == statbuf.st_uid))
+ {
+ GNUNET_free (p);
+ return GNUNET_YES;
+ }
+ /* binary exists, but not SUID */
#else
- return GNUNET_YES;
- /* FIXME:
- * no suid for windows possible!
- * permissions-checking is too specific(as in non-portable)
- * user/group checking is pointless (users/applications can drop privileges)
- * using token checking for elevated permissions would limit gnunet
- * to run only on winserver 2008 and 2012!
- *
- * thus, ad add "dryrun" checking */
+ STARTUPINFO start;
+ char parameters[512];
+ PROCESS_INFORMATION proc;
+ DWORD exit_value;
+
+ GNUNET_snprintf (¶meters, 512, "-d %s", params);
+ memset (&start, 0, sizeof (start));
+ start.cb = sizeof (start);
+ memset (&proc, 0, sizeof (proc));
+
+
+ // Start the child process.
+ if ( ! (CreateProcess( p, // current windows (2k3 and up can handle /
instead of \ in paths))
+ parameters, // execute dryrun/priviliege checking mode
+ NULL, // Process handle not inheritable
+ NULL, // Thread handle not inheritable
+ FALSE, // Set handle inheritance to FALSE
+ CREATE_DEFAULT_ERROR_MODE, // No creation flags
+ NULL, // Use parent's environment block
+ NULL, // Use parent's starting directory
+ &start, // Pointer to STARTUPINFO structure
+ &proc ) // Pointer to PROCESS_INFORMATION structure
+ ))
+ {
+ LOG (GNUNET_ERROR_TYPE_ERROR,
+ _("CreateProcess failed for binary %s (%d).\n"),
+ p, GetLastError());
+ return GNUNET_SYSERR;
+ }
+
+ // Wait until child process exits.
+ WaitForSingleObject( proc.hProcess, INFINITE );
+
+ if ( ! GetExitCodeProcess (proc.hProcess, &exit_value)){
+ LOG (GNUNET_ERROR_TYPE_ERROR,
+ _("GetExitCodeProcess failed for binary %s (%d).\n"),
+ p, GetLastError() );
+ return GNUNET_SYSERR;
+ }
+ // Close process and thread handles.
+ CloseHandle( proc.hProcess );
+ CloseHandle( proc.hThread );
+
+ if (!exit_value)
+ return GNUNET_YES;
#endif
+ }
GNUNET_free (p);
return GNUNET_NO;
}
Modified: gnunet/src/util/os_priority.c
===================================================================
--- gnunet/src/util/os_priority.c 2013-04-15 12:05:13 UTC (rev 26889)
+++ gnunet/src/util/os_priority.c 2013-04-15 12:36:37 UTC (rev 26890)
@@ -634,7 +634,7 @@
int fd_stdin_read;
int fd_stdin_write;
- if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary (filename))
+ if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary (filename, FALSE, NULL))
return NULL; /* not executable */
if (GNUNET_YES == pipe_control)
{
@@ -865,7 +865,7 @@
BOOL bresult;
DWORD error_code;
- if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary (filename))
+ if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary (filename, FALSE, NULL))
return NULL; /* not executable */
/* Search in prefix dir (hopefully - the directory from which
Modified: gnunet/src/vpn/gnunet-helper-vpn-windows.c
===================================================================
--- gnunet/src/vpn/gnunet-helper-vpn-windows.c 2013-04-15 12:05:13 UTC (rev
26889)
+++ gnunet/src/vpn/gnunet-helper-vpn-windows.c 2013-04-15 12:36:37 UTC (rev
26890)
@@ -63,9 +63,9 @@
#endif
/**
- * Will this binary be run in dryrun-mode?
+ * Will this binary be run in permissions testing mode?
*/
-static BOOL dryrun = FALSE;
+static boolean privilege_testing = FALSE;
/**
* Maximum size of a GNUnet message (GNUNET_SERVER_MAX_MESSAGE_SIZE)
@@ -1356,8 +1356,8 @@
* DHCP and such are all features we will never use in gnunet afaik.
* But for openvpn those are essential.
*/
- if (! tun_up (tap_handle))
- return;
+ if ((privilege_testing) || (! tun_up (tap_handle))
+ goto teardown_final;
/* Initialize our overlapped IO structures*/
if (! (initialize_io_facility (&tap_read, IOSTATE_READY, FALSE)
@@ -1412,9 +1412,6 @@
}
#endif
- if (dryrun)
- goto teardown;
-
fprintf (stderr, "DEBUG: mainloop has begun\n");
while (std_out.path_open || tap_write.path_open)
@@ -1441,9 +1438,7 @@
CancelIo (tap_handle);
CancelIo (std_in.handle);
CancelIo (std_out.handle);
-
teardown_final:
-
CloseHandle (tap_handle);
}
@@ -1470,8 +1465,8 @@
BOOL have_ip6 = FALSE;
if (argc > 1 && 0 != strcmp (argv[1], "-d")){
- dryrun = TRUE;
- fprintf (stderr, "DEBUG: Running binary in dryrun mode.", argv[0]);
+ privilege_testing = TRUE;
+ fprintf (stderr, "DEBUG: Running binary in privilege testing mode.",
argv[0]);
argv++;
argc--;
}
Modified: gnunet/src/vpn/gnunet-service-vpn.c
===================================================================
--- gnunet/src/vpn/gnunet-service-vpn.c 2013-04-15 12:05:13 UTC (rev 26889)
+++ gnunet/src/vpn/gnunet-service-vpn.c 2013-04-15 12:36:37 UTC (rev 26890)
@@ -3062,7 +3062,7 @@
binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-vpn");
if (GNUNET_YES !=
- GNUNET_OS_check_helper_binary (binary))
+ GNUNET_OS_check_helper_binary (binary, TRUE, NULL)) // FIXME: CF: add
test-parameters
{
fprintf (stderr,
"`%s' is not SUID, refusing to run.\n",
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r26890 - in gnunet/src: dns exit gns include nat pt transport util vpn,
gnunet <=