4 * uAnytun is a tiny implementation of SATP. Unlike Anytun which is a full
5 * featured implementation uAnytun has no support for multiple connections
6 * or synchronisation. It is a small single threaded implementation intended
7 * to act as a client on small platforms.
8 * The secure anycast tunneling protocol (satp) defines a protocol used
9 * for communication between any combination of unicast and anycast
10 * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
11 * mode and allows tunneling of every ETHER TYPE protocol (e.g.
12 * ethernet, ip, arp ...). satp directly includes cryptography and
13 * message authentication based on the methodes used by SRTP. It is
14 * intended to deliver a generic, scaleable and secure solution for
15 * tunneling and relaying of packets of any protocol.
18 * Copyright (C) 2007-2008 Christian Pointner <equinox@anytun.org>
20 * This file is part of uAnytun.
22 * uAnytun is free software: you can redistribute it and/or modify
23 * it under the terms of the GNU General Public License version 3 as
24 * published by the Free Software Foundation.
26 * uAnytun is distributed in the hope that it will be useful,
27 * but WITHOUT ANY WARRANTY; without even the implied warranty of
28 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
29 * GNU General Public License for more details.
31 * You should have received a copy of the GNU General Public License
32 * along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
46 struct priv_info_struct {
50 typedef struct priv_info_struct priv_info_t;
52 int priv_init(priv_info_t* priv, const char* username, const char* groupname)
60 priv->pw_ = getpwnam(username);
62 log_printf(ERROR, "unkown user %s", username);
67 priv->gr_ = getgrnam(groupname);
69 priv->gr_ = getgrgid(priv->pw_->pw_gid);
72 log_printf(ERROR, "unkown group %s", groupname);
79 int priv_drop(priv_info_t* priv)
81 if(!priv || !priv->pw_ || !priv->gr_) {
82 log_printf(ERROR, "privileges not initialized properly");
86 if(setgid(priv->gr_->gr_gid)) {
87 log_printf(ERROR, "setgid('%s') failed: %s", priv->gr_->gr_name, strerror(errno));
92 gr_list[0] = priv->gr_->gr_gid;
93 if(setgroups (1, gr_list)) {
94 log_printf(ERROR, "setgroups(['%s']) failed: %s", priv->gr_->gr_name, strerror(errno));
98 if(setuid(priv->pw_->pw_uid)) {
99 log_printf(ERROR, "setuid('%s') failed: %s", priv->pw_->pw_name, strerror(errno));
103 log_printf(NOTICE, "dropped privileges to %s:%s", priv->pw_->pw_name, priv->gr_->gr_name);
108 int do_chroot(const char* chrootdir)
111 log_printf(ERROR, "this programm has to be run as root in order to run in a chroot");
115 if(chroot(chrootdir)) {
116 log_printf(ERROR, "can't chroot to %s: %s", chrootdir, strerror(errno));
119 log_printf(NOTICE, "we are in chroot jail (%s) now", chrootdir);
121 log_printf(ERROR, "can't change to /: %s", strerror(errno));
132 log_printf(ERROR, "daemonizing failed at fork(): %s, exitting", strerror(errno));
140 log_printf(ERROR, "daemonizing failed at setsid(): %s, exitting", strerror(errno));
146 log_printf(ERROR, "daemonizing failed at fork(): %s, exitting", strerror(errno));
151 if ((chdir("/")) < 0) {
152 log_printf(ERROR, "daemonizing failed at chdir(): %s, exitting", strerror(errno));
157 for (fd=0;fd<=2;fd++) // close all file descriptors
159 fd = open("/dev/null",O_RDWR); // stdin
161 log_printf(WARNING, "can't open stdin (chroot and no link to /dev/null?)");
163 if(dup(fd) == -1) // stdout
164 log_printf(WARNING, "can't open stdout");
165 if(dup(fd) == -1) // stderr
166 log_printf(WARNING, "can't open stderr");