X-Git-Url: https://git.syn-net.org/debian/?a=blobdiff_plain;f=src%2Fposix%2FposixDaemon.cpp;h=3ad71ba16795450c98bafd64dd5892d44d1988c0;hb=refs%2Ftags%2Fupstream%2F0.3.7;hp=e4a41482518ba2746f90f164fe75c8ff98dcef58;hpb=ece844834d2cecc028ce81ca283f5d441088580e;p=anytun.git diff --git a/src/posix/posixDaemon.cpp b/src/posix/posixDaemon.cpp index e4a4148..3ad71ba 100644 --- a/src/posix/posixDaemon.cpp +++ b/src/posix/posixDaemon.cpp @@ -6,12 +6,12 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * * - * Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl, + * Copyright (C) 2007-2014 Markus Grüneis, Othmar Gsenger, Erwin Nindl, * Christian Pointner * * This file is part of Anytun. @@ -27,7 +27,20 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with anytun. If not, see . + * along with Anytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #include @@ -49,112 +62,131 @@ DaemonService::DaemonService() : pw_(NULL), gr_(NULL), daemonized_(false) void DaemonService::initPrivs(std::string const& username, std::string const& groupname) { - if(username == "") + if(username == "") { return; - + } + pw_ = getpwnam(username.c_str()); - if(!pw_) + if(!pw_) { AnytunError::throwErr() << "unknown user " << username; - - if(groupname != "") + } + + if(groupname != "") { gr_ = getgrnam(groupname.c_str()); - else + } else { gr_ = getgrgid(pw_->pw_gid); - - if(!gr_) + } + + if(!gr_) { AnytunError::throwErr() << "unknown group " << groupname; + } } void DaemonService::dropPrivs() { - if(!pw_ || !gr_) + if(!pw_ || !gr_) { return; - - if(setgid(gr_->gr_gid)) + } + + if(setgid(gr_->gr_gid)) { AnytunError::throwErr() << "setgid('" << gr_->gr_name << "') failed: " << AnytunErrno(errno); - + } + gid_t gr_list[1]; gr_list[0] = gr_->gr_gid; - if(setgroups (1, gr_list)) + if(setgroups(1, gr_list)) { AnytunError::throwErr() << "setgroups(['" << gr_->gr_name << "']) failed: " << AnytunErrno(errno); - - if(setuid(pw_->pw_uid)) + } + + if(setuid(pw_->pw_uid)) { AnytunError::throwErr() << "setuid('" << pw_->pw_name << "') failed: " << AnytunErrno(errno); - + } + cLog.msg(Log::PRIO_NOTICE) << "dropped privileges to " << pw_->pw_name << ":" << gr_->gr_name; } void DaemonService::chroot(std::string const& chrootdir) { - if (getuid() != 0) + if(getuid() != 0) { AnytunError::throwErr() << "this program has to be run as root in order to run in a chroot"; + } - if(::chroot(chrootdir.c_str())) + if(::chroot(chrootdir.c_str())) { AnytunError::throwErr() << "can't chroot to " << chrootdir; + } cLog.msg(Log::PRIO_NOTICE) << "we are in chroot jail (" << chrootdir << ") now" << std::endl; - if(chdir("/")) + if(chdir("/")) { AnytunError::throwErr() << "can't change to /"; + } } /// TODO: this outstandignly ugly please and i really can't stress the please fix it asap!!!!!!! -std::ofstream pidFile; // FIXXXME no global variable +std::ofstream pidFile; // FIXXXME no global variable void DaemonService::daemonize() { -// std::ofstream pidFile; + // std::ofstream pidFile; if(gOpt.getPidFile() != "") { pidFile.open(gOpt.getPidFile().c_str()); - if(!pidFile.is_open()) + if(!pidFile.is_open()) { AnytunError::throwErr() << "can't open pid file (" << gOpt.getPidFile() << "): " << AnytunErrno(errno); + } } pid_t pid; pid = fork(); - if(pid < 0) + if(pid < 0) { AnytunError::throwErr() << "daemonizing failed at fork(): " << AnytunErrno(errno) << ", exitting"; + } - if(pid) exit(0); + if(pid) { exit(0); } umask(0); - if(setsid() < 0) + if(setsid() < 0) { AnytunError::throwErr() << "daemonizing failed at setsid(): " << AnytunErrno(errno) << ", exitting"; + } pid = fork(); - if(pid < 0) + if(pid < 0) { AnytunError::throwErr() << "daemonizing failed at fork(): " << AnytunErrno(errno) << ", exitting"; + } - if(pid) exit(0); + if(pid) { exit(0); } - if ((chdir("/")) < 0) + if((chdir("/")) < 0) { AnytunError::throwErr() << "daemonizing failed at chdir(): " << AnytunErrno(errno) << ", exitting"; + } -// std::cout << "running in background now..." << std::endl; + // std::cout << "running in background now..." << std::endl; int fd; -// for (fd=getdtablesize();fd>=0;--fd) // close all file descriptors - for (fd=0;fd<=2;fd++) // close all file descriptors + // for (fd=getdtablesize();fd>=0;--fd) // close all file descriptors + for(fd=0; fd<=2; fd++) { // close all file descriptors close(fd); + } fd = open("/dev/null",O_RDWR); // stdin - if(fd == -1) + if(fd == -1) { cLog.msg(Log::PRIO_WARNING) << "can't open /dev/null as stdin"; - else { - if(dup(fd) == -1) // stdout + } else { + if(dup(fd) == -1) { // stdout cLog.msg(Log::PRIO_WARNING) << "can't open /dev/null as stdout"; - if(dup(fd) == -1) // stderr + } + if(dup(fd) == -1) { // stderr cLog.msg(Log::PRIO_WARNING) << "can't open /dev/null as stderr"; + } } - -// FIXXXXME: write this pid to file (currently pid from posix/signhandler.hpp:77 is used) -// -// if(pidFile.is_open()) { -// pid_t pid = getpid(); -// pidFile << pid; -// pidFile.close(); -// } + + // FIXXXXME: write this pid to file (currently pid from posix/signhandler.hpp:77 is used) + // + // if(pidFile.is_open()) { + // pid_t pid = getpid(); + // pidFile << pid; + // pidFile.close(); + // } daemonized_ = true; }