ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/vpn.C
(Generate patch)

Comparing gvpe/src/vpn.C (file contents):
Revision 1.60 by root, Fri Sep 16 18:01:27 2011 UTC vs.
Revision 1.64 by root, Tue Dec 4 10:29:43 2012 UTC

38#include <cstdlib> 38#include <cstdlib>
39 39
40#include <sys/types.h> 40#include <sys/types.h>
41#include <sys/socket.h> 41#include <sys/socket.h>
42#include <sys/wait.h> 42#include <sys/wait.h>
43#include <sys/stat.h>
43#include <errno.h> 44#include <errno.h>
44#include <time.h> 45#include <time.h>
45#include <unistd.h> 46#include <unistd.h>
46#include <fcntl.h> 47#include <fcntl.h>
47#include <sys/socket.h> 48#include <sys/socket.h>
51#include "pidfile.h" 52#include "pidfile.h"
52 53
53#include "connection.h" 54#include "connection.h"
54#include "util.h" 55#include "util.h"
55#include "vpn.h" 56#include "vpn.h"
57
58using namespace std;
56 59
57vpn network; // THE vpn (bad design...) 60vpn network; // THE vpn (bad design...)
58 61
59///////////////////////////////////////////////////////////////////////////// 62/////////////////////////////////////////////////////////////////////////////
60 63
392 395
393 return 0; 396 return 0;
394} 397}
395 398
396bool 399bool
400vpn::drop_privileges ()
401{
402 if (::conf.change_root)
403 {
404 if (!strcmp (::conf.change_root, "/"))
405 {
406 char dir [L_tmpnam];
407 if (!tmpnam (dir))
408 {
409 slog (L_CRIT, _("unable to create anonymous root path."));
410 return false;
411 }
412
413 if (mkdir (dir, 0700))
414 {
415 slog (L_CRIT, _("unable to crate anonymous root directory."));
416 return false;
417 }
418
419 if (chdir (dir))
420 {
421 slog (L_CRIT, _("unable to change to anonymous root directory."));
422 return false;
423 }
424
425 if (rmdir (dir))
426 slog (L_ERR, _("unable to remove anonymous root directory, continuing."));
427 }
428 else
429 {
430 if (chdir (::conf.change_root))
431 {
432 slog (L_CRIT, _("%s: unable to change to specified root directory."), ::conf.change_root);
433 return false;
434 }
435 }
436
437 if (chroot ("."))
438 {
439 slog (L_CRIT, _("unable to set new root directory."));
440 return false;
441 }
442
443 if (chdir ("/"))
444 {
445 slog (L_CRIT, _("unable to set cwd to new root directory."));
446 return false;
447 }
448 }
449
450 if (::conf.change_gid)
451 if (setgid (::conf.change_gid))
452 {
453 slog (L_CRIT, _("unable to change group id to %d."), ::conf.change_gid);
454 return false;
455 }
456
457 if (::conf.change_uid)
458 if (setuid (::conf.change_uid))
459 {
460 slog (L_CRIT, _("unable to change user id to %d."), ::conf.change_uid);
461 return false;
462 }
463
464 return true;
465}
466
467bool
397vpn::send_ipv4_packet (vpn_packet *pkt, const sockinfo &si, int tos) 468vpn::send_ipv4_packet (vpn_packet *pkt, const sockinfo &si, int tos)
398{ 469{
399 set_tos (ipv4_fd, ipv4_tos, tos); 470 set_tos (ipv4_fd, ipv4_tos, tos);
400 sendto (ipv4_fd, &((*pkt)[0]), pkt->len, 0, si.sav4 (), si.salenv4 ()); 471 sendto (ipv4_fd, &((*pkt)[0]), pkt->len, 0, si.sav4 (), si.salenv4 ());
401 472
482 (const char *)rsi, pkt->typ (), pkt->src (), pkt->dst (), pkt->len); 553 (const char *)rsi, pkt->typ (), pkt->src (), pkt->dst (), pkt->len);
483 554
484 if (src == 0 || src > conns.size () 555 if (src == 0 || src > conns.size ()
485 || dst > conns.size () 556 || dst > conns.size ()
486 || pkt->typ () >= vpn_packet::PT_MAX) 557 || pkt->typ () >= vpn_packet::PT_MAX)
487 slog (L_WARN, _("(%s): received corrupted packet type %d (src %d, dst %d)."),
488 (const char *)rsi, pkt->typ (), pkt->src (), pkt->dst ());
489 else if (dst > conns.size ())
490 slog (L_WARN, _("(%s): received corrupted packet type %d (src %d, dst %d)."), 558 slog (L_WARN, _("(%s): received corrupted packet type %d (src %d, dst %d)."),
491 (const char *)rsi, pkt->typ (), pkt->src (), pkt->dst ()); 559 (const char *)rsi, pkt->typ (), pkt->src (), pkt->dst ());
492 else 560 else
493 { 561 {
494 connection *c = conns[src - 1]; 562 connection *c = conns[src - 1];
516vpn::send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos) 584vpn::send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos)
517{ 585{
518 switch (si.prot) 586 switch (si.prot)
519 { 587 {
520 case PROT_IPv4: 588 case PROT_IPv4:
521 return send_ipv4_packet (pkt, si, tos); 589 return send_ipv4_packet (pkt, si, tos);
522 590
523 case PROT_UDPv4: 591 case PROT_UDPv4:
524 return send_udpv4_packet (pkt, si, tos); 592 return send_udpv4_packet (pkt, si, tos);
525 593
526#if ENABLE_TCP 594#if ENABLE_TCP
527 case PROT_TCPv4: 595 case PROT_TCPv4:
528 return send_tcpv4_packet (pkt, si, tos); 596 return send_tcpv4_packet (pkt, si, tos);
529#endif 597#endif
530#if ENABLE_ICMP 598#if ENABLE_ICMP
531 case PROT_ICMPv4: 599 case PROT_ICMPv4:
532 return send_icmpv4_packet (pkt, si, tos); 600 return send_icmpv4_packet (pkt, si, tos);
533#endif 601#endif
534#if ENABLE_DNS 602#if ENABLE_DNS
535 case PROT_DNSv4: 603 case PROT_DNSv4:
536 return send_dnsv4_packet (pkt, si, tos); 604 return send_dnsv4_packet (pkt, si, tos);
537#endif 605#endif
538 default: 606 default:
539 slog (L_CRIT, _("%s: FATAL: trying to send packet with unsupported protocol."), (const char *)si); 607 slog (L_CRIT, _("%s: FATAL: trying to send packet with unsupported protocol."), (const char *)si);
540 } 608 }
541 609

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines