added compile time options NOCRYPT,NODAEMON,NOEXEC for easyier windows porting

moved crypto init functions to cryptinit.hpp and exec to sysexec.hpp (as this will be platform dependant)
author: Othmar Gsenger <otti@anytun.org> 2008-11-28 17:39:14 +0000
committer: Othmar Gsenger <otti@anytun.org> 2008-11-28 17:39:14 +0000
commit: 409d58d0b63a113b29d8ce7c75a70e6dbbb39e69 (patch)
tree: 27a2526d6fc3b4600f18572e77f9fb8890ccfb39 /src
parent: fixed datatypes (really using boost now) (diff)
13 files changed, 152 insertions, 152 deletions
diff --git a/src/anytun.cpp b/src/anytun.cpp
index 3e1c4fc..553c451 100644
--- a/src/anytun.cpp
+++ b/src/anytun.cpp
@@ -40,7 +40,9 @@
 #include <unistd.h>
 
 #include <boost/bind.hpp>
+#ifndef NOCRYPT
 #include <gcrypt.h>
+#endif
 #include <cerrno>     // for ENOMEM
 
 #include "datatypes.h"
@@ -76,6 +78,10 @@
 #include "threadParam.h"
 #define MAX_PACKET_LENGTH 1600
 
+#include "cryptinit.hpp"
+#include "daemon.hpp"
+#include "sysexec.hpp"
+
 #define SESSION_KEYLEN_AUTH 20   // TODO: hardcoded size
 #define SESSION_KEYLEN_ENCR 16   // TODO: hardcoded size
 #define SESSION_KEYLEN_SALT 14   // TODO: hardcoded size
@@ -342,150 +348,6 @@ void receiver(void* p)
   }
 }
 
-// boost thread callbacks for libgcrypt
-#if defined(BOOST_HAS_PTHREADS)
-
-static int boost_mutex_init(void **priv)
-{
-  boost::mutex *lock = new boost::mutex();
-  if (!lock)
-    return ENOMEM;
-  *priv = lock;
-  return 0;
-}
-
-static int boost_mutex_destroy(void **lock)
-{ 
-  delete reinterpret_cast<boost::mutex*>(*lock); 
-  return 0;
-}
-
-static int boost_mutex_lock(void **lock) 
-{ 
-  reinterpret_cast<boost::mutex*>(*lock)->lock();
-  return 0; 
-}
-
-static int boost_mutex_unlock(void **lock)
-{ 
-  reinterpret_cast<boost::mutex*>(*lock)->unlock();
-  return 0; 
-}
-
-static struct gcry_thread_cbs gcry_threads_boost = 
-{ GCRY_THREAD_OPTION_USER, NULL, 
-  boost_mutex_init, boost_mutex_destroy, 
-  boost_mutex_lock, boost_mutex_unlock };
-#else
-#error this libgcrypt thread callbacks only work with pthreads
-#endif
-
-#define MIN_GCRYPT_VERSION "1.2.0"
-
-bool initLibGCrypt()
-{
-  // make libgcrypt thread safe 
-  // this must be called before any other libgcrypt call
-  gcry_control( GCRYCTL_SET_THREAD_CBS, &gcry_threads_boost );
-
-  // this must be called right after the GCRYCTL_SET_THREAD_CBS command
-  // no other function must be called till now
-  if( !gcry_check_version( MIN_GCRYPT_VERSION ) ) {
-    std::cout << "initLibGCrypt: Invalid Version of libgcrypt, should be >= " << MIN_GCRYPT_VERSION << std::endl;
-    return false;
-  }
-  
-  gcry_error_t err = gcry_control (GCRYCTL_DISABLE_SECMEM, 0); 
-  if( err ) {
-    char buf[STERROR_TEXT_MAX];
-    buf[0] = 0;
-    std::cout << "initLibGCrypt: Failed to disable secure memory: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX) << std::endl;
-    return false;
-  }
-    
-  // Tell Libgcrypt that initialization has completed.
-  err = gcry_control(GCRYCTL_INITIALIZATION_FINISHED);
-  if( err ) {
-    char buf[STERROR_TEXT_MAX];
-    buf[0] = 0;
-    std::cout << "initLibGCrypt: Failed to finish initialization: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX) << std::endl;
-    return false;
-  }
-
-  cLog.msg(Log::PRIO_NOTICE) << "initLibGCrypt: libgcrypt init finished";
-  return true;
-}
-
-void chrootAndDrop(std::string const& chrootdir, std::string const& username)
-{
-	if (getuid() != 0)
-	{
-	  std::cerr << "this programm has to be run as root in order to run in a chroot" << std::endl;
-		exit(-1);
-	}	
-
-  struct passwd *pw = getpwnam(username.c_str());
-	if(pw) {
-		if(chroot(chrootdir.c_str()))
-		{
-      std::cerr << "can't chroot to " << chrootdir << std::endl;
-      exit(-1);
-		}
-    cLog.msg(Log::PRIO_NOTICE) << "we are in chroot jail (" << chrootdir << ") now" << std::endl;
-    chdir("/");
-		if (initgroups(pw->pw_name, pw->pw_gid) || setgid(pw->pw_gid) || setuid(pw->pw_uid)) 
-		{
-			std::cerr << "can't drop to user " << username << " " << pw->pw_uid << ":" << pw->pw_gid << std::endl;
-			exit(-1);
-		}
-    cLog.msg(Log::PRIO_NOTICE) << "dropped user to " << username << " " << pw->pw_uid << ":" << pw->pw_gid << std::endl;
-	}
-	else 
-  {
-    std::cerr << "unknown user " << username << std::endl;
-    exit(-1);
-	}
-}
-
-void daemonize()
-{
-  pid_t pid;
-
-  pid = fork();
-  if(pid) exit(0);  
-  setsid();
-  pid = fork();
-  if(pid) exit(0);
-  
-//  std::cout << "running in background now..." << std::endl;
-
-  int fd;
-//  for (fd=getdtablesize();fd>=0;--fd) // close all file descriptors
-  for (fd=0;fd<=2;fd++) // close all file descriptors
-    close(fd);
-  fd=open("/dev/null",O_RDWR);        // stdin
-  dup(fd);                            // stdout
-  dup(fd);                            // stderr
-  umask(027); 
-}
-
-int execScript(std::string const& script, std::string const& ifname)
-{
-  pid_t pid;
-  pid = fork();
-  if(!pid) {
-    int fd;
-    for (fd=getdtablesize();fd>=0;--fd) // close all file descriptors
-      close(fd);
-    fd=open("/dev/null",O_RDWR);        // stdin
-    dup(fd);                            // stdout
-    dup(fd);                            // stderr
-    return execl("/bin/sh", "/bin/sh", script.c_str(), ifname.c_str(), NULL);
-  }
-  int status = 0;
-  waitpid(pid, &status, 0);
-  return status;
-}
  
 int main(int argc, char* argv[])
 {
@@ -513,10 +375,12 @@ int main(int argc, char* argv[])
     cLog.msg(Log::PRIO_NOTICE) << "dev created (opened)";
     cLog.msg(Log::PRIO_NOTICE) << "dev opened - actual name is '" << dev.getActualName() << "'";
     cLog.msg(Log::PRIO_NOTICE) << "dev type is '" << dev.getTypeString() << "'";
+#ifndef NOEXEC
     if(gOpt.getPostUpScript() != "") {
       int postup_ret = execScript(gOpt.getPostUpScript(), dev.getActualName());
       cLog.msg(Log::PRIO_NOTICE) << "post up script '" << gOpt.getPostUpScript() << "' returned " << postup_ret;  
     }
+#endif
         
     PacketSource* src;
     if(gOpt.getLocalAddr() == "")
@@ -537,6 +401,7 @@ int main(int argc, char* argv[])
       createConnection(endpoint,cl,gOpt.getSeqWindowSize(), queue, gOpt.getMux());
     }    
 
+#ifndef NODAEMON
     if(gOpt.getChroot())
       chrootAndDrop(gOpt.getChrootDir(), gOpt.getUsername());
     if(gOpt.getDaemonize())
@@ -544,6 +409,7 @@ int main(int argc, char* argv[])
       daemonize();
       daemonized = true;
     }
+#endif
 
     if(pidFile.is_open()) {
       pid_t pid = getpid();
@@ -556,9 +422,11 @@ int main(int argc, char* argv[])
     
     ThreadParam p(dev, *src, cl, queue,*(new OptionConnectTo()));
 
-        // this must be called before any other libgcrypt call
+#ifndef NOCRYPT
+// this must be called before any other libgcrypt call
     if(!initLibGCrypt())
       return -1;
+#endif
 
     boost::thread senderThread(boost::bind(sender,&p));
     boost::thread receiverThread(boost::bind(receiver,&p)); 
diff --git a/src/authAlgo.cpp b/src/authAlgo.cpp
index 80ee3ba..ebd76d2 100644
--- a/src/authAlgo.cpp
+++ b/src/authAlgo.cpp
@@ -54,6 +54,7 @@ u_int32_t NullAuthAlgo::getMaxLength()
   return MAX_LENGTH_;
 }
 
+#ifndef NOCRYPT
 //****** Sha1AuthAlgo ******
 
 Sha1AuthAlgo::Sha1AuthAlgo() : ctx_(NULL)
@@ -128,3 +129,5 @@ u_int32_t Sha1AuthAlgo::getMaxLength()
 {
   return MAX_LENGTH_;
 }
+#endif
+
diff --git a/src/authAlgo.h b/src/authAlgo.h
index c53f3c0..2e01c0b 100644
--- a/src/authAlgo.h
+++ b/src/authAlgo.h
@@ -81,7 +81,7 @@ public:
   static const u_int32_t MAX_LENGTH_ = 0;
 };
 
-
+#ifndef NOCRYPT
 //****** Sha1AuthAlgo ******
 //* HMAC SHA1 Auth Tag Generator Class
 
@@ -101,5 +101,6 @@ public:
 private:
   gcry_md_hd_t ctx_;
 };
+#endif
 
 #endif
diff --git a/src/authAlgoFactory.cpp b/src/authAlgoFactory.cpp
index 4e51f36..333c47c 100644
--- a/src/authAlgoFactory.cpp
+++ b/src/authAlgoFactory.cpp
@@ -40,8 +40,10 @@ AuthAlgo* AuthAlgoFactory::create(std::string const& type)
 {
   if( type == "null" )
     return new NullAuthAlgo();
+#ifndef NOCRYPT
   else if( type == "sha1" )
     return new Sha1AuthAlgo();
+#endif
   else
     throw std::invalid_argument("auth algo not available");
 }
diff --git a/src/cipher.cpp b/src/cipher.cpp
index ab8b013..edfc760 100644
--- a/src/cipher.cpp
+++ b/src/cipher.cpp
@@ -34,10 +34,12 @@
 #include <string>
 #include <cstdio>
 #include <cstring>
+#ifndef NOCRYPT
 #include <gcrypt.h>
+#include "mpi.h"
+#endif
 
 #include "cipher.h"
-#include "mpi.h"
 #include "log.h"
 
 
@@ -73,7 +75,7 @@ u_int32_t NullCipher::decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_in
   return (ilen < olen) ? ilen : olen;
 }
 
-
+#ifndef NOCRYPT
 //****** AesIcmCipher ****** 
 
 AesIcmCipher::AesIcmCipher() : cipher_(NULL)
@@ -178,4 +180,5 @@ void AesIcmCipher::calc(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t o
     return;
   }
 }
+#endif
 
diff --git a/src/cipher.h b/src/cipher.h
index f590aef..d402bce 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -70,6 +70,7 @@ protected:
   u_int32_t decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
 };
 
+#ifndef NOCRYPT
 //****** AesIcmCipher ******
 
 class AesIcmCipher : public Cipher
@@ -90,6 +91,6 @@ private:
   gcry_cipher_hd_t cipher_;
   Buffer salt_;
 };
-
+#endif
 
 #endif
diff --git a/src/cipherFactory.cpp b/src/cipherFactory.cpp
index 228b29b..b02e5bc 100644
--- a/src/cipherFactory.cpp
+++ b/src/cipherFactory.cpp
@@ -40,8 +40,10 @@ Cipher* CipherFactory::create(std::string const& type)
 {
   if( type == "null" )
     return new NullCipher();
+#ifndef NOCRYPT
   else if( type == "aes-ctr" )
     return new AesIcmCipher();
+#endif
   else
     throw std::invalid_argument("cipher not available");
 }
diff --git a/src/cryptinit.hpp b/src/cryptinit.hpp
new file mode 100644
index 0000000..567a374
--- /dev/null
+++ b/src/cryptinit.hpp
@@ -0,0 +1,82 @@
+#ifndef _CRYPTINIT_HPP
+#define _CRYPTINIT_HPP
+#ifndef NOCRYPT
+
+// boost thread callbacks for libgcrypt
+#if defined(BOOST_HAS_PTHREADS)
+
+static int boost_mutex_init(void **priv)
+{
+  boost::mutex *lock = new boost::mutex();
+  if (!lock)
+    return ENOMEM;
+  *priv = lock;
+  return 0;
+}
+
+static int boost_mutex_destroy(void **lock)
+{
+  delete reinterpret_cast<boost::mutex*>(*lock);
+  return 0;
+}
+
+static int boost_mutex_lock(void **lock)
+{
+  reinterpret_cast<boost::mutex*>(*lock)->lock();
+  return 0;
+}
+
+static int boost_mutex_unlock(void **lock)
+{
+  reinterpret_cast<boost::mutex*>(*lock)->unlock();
+  return 0;
+}
+
+static struct gcry_thread_cbs gcry_threads_boost =
+{ GCRY_THREAD_OPTION_USER, NULL,
+  boost_mutex_init, boost_mutex_destroy,
+  boost_mutex_lock, boost_mutex_unlock };
+#else
+#error this libgcrypt thread callbacks only work with pthreads
+#endif
+
+
+#define MIN_GCRYPT_VERSION "1.2.0"
+
+bool initLibGCrypt()
+{
+  // make libgcrypt thread safe 
+  // this must be called before any other libgcrypt call
+  gcry_control( GCRYCTL_SET_THREAD_CBS, &gcry_threads_boost );
+
+  // this must be called right after the GCRYCTL_SET_THREAD_CBS command
+  // no other function must be called till now
+  if( !gcry_check_version( MIN_GCRYPT_VERSION ) ) {
+    std::cout << "initLibGCrypt: Invalid Version of libgcrypt, should be >= " << MIN_GCRYPT_VERSION << std::endl;
+    return false;
+  }
+
+  gcry_error_t err = gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
+  if( err ) {
+    char buf[STERROR_TEXT_MAX];
+    buf[0] = 0;
+    std::cout << "initLibGCrypt: Failed to disable secure memory: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX) << std::endl;
+    return false;
+  }
+
+  // Tell Libgcrypt that initialization has completed.
+  err = gcry_control(GCRYCTL_INITIALIZATION_FINISHED);
+  if( err ) {
+    char buf[STERROR_TEXT_MAX];
+    buf[0] = 0;
+    std::cout << "initLibGCrypt: Failed to finish initialization: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX) << std::endl;
+    return false;
+  }
+
+  cLog.msg(Log::PRIO_NOTICE) << "initLibGCrypt: libgcrypt init finished";
+  return true;
+}
+
+#endif
+#endif
+
diff --git a/src/daemon.hpp b/src/daemon.hpp
index 13c4132..be5c710 100644
--- a/src/daemon.hpp
+++ b/src/daemon.hpp
@@ -1,3 +1,6 @@
+#ifndef _DAEMON_HPP
+#define _DAEMON_HPP
+#ifndef NODAEMON
 
 void chrootAndDrop(std::string const& chrootdir, std::string const& username)
 {
@@ -51,5 +54,6 @@ void daemonize()
   dup(fd);                            // stderr
   umask(027);
 }
-
+#endif
+#endif
 
diff --git a/src/keyDerivation.cpp b/src/keyDerivation.cpp
index 1c88352..946943e 100644
--- a/src/keyDerivation.cpp
+++ b/src/keyDerivation.cpp
@@ -32,15 +32,16 @@
 
 #include "log.h"
 #include "keyDerivation.h"
-#include "mpi.h"
 #include "threadUtils.hpp"
 
 #include <stdexcept>
 #include <iostream>
 #include <string>
 
+#ifndef NOCRYPT
 #include <gcrypt.h>
-
+#include "mpi.h"
+#endif
 
 void KeyDerivation::setLogKDRate(const uint8_t log_rate)
 {
@@ -56,6 +57,7 @@ void NullKeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer&
   for(u_int32_t i=0; i < key.getLength(); ++i) key[i] = 0;
 }
 
+#ifndef NOCRYPT
 //****** AesIcmKeyDerivation ******
 
 AesIcmKeyDerivation::~AesIcmKeyDerivation()
@@ -165,4 +167,5 @@ void AesIcmKeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer
     cLog.msg(Log::PRIO_ERR) << "KeyDerivation::generate: Failed to generate cipher bitstream: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX);
   }
 }
+#endif
 
diff --git a/src/keyDerivation.h b/src/keyDerivation.h
index b64500b..0f41895 100644
--- a/src/keyDerivation.h
+++ b/src/keyDerivation.h
@@ -111,6 +111,7 @@ private:
 
 };
 
+#ifndef NOCRYPT
 //****** AesIcmKeyDerivation ******
 
 class AesIcmKeyDerivation : public KeyDerivation
@@ -139,3 +140,5 @@ private:
 
 #endif
 
+#endif
+
diff --git a/src/keyDerivationFactory.cpp b/src/keyDerivationFactory.cpp
index 56a750a..58518b8 100644
--- a/src/keyDerivationFactory.cpp
+++ b/src/keyDerivationFactory.cpp
@@ -40,8 +40,10 @@ KeyDerivation* KeyDerivationFactory::create(std::string const& type)
 {
   if( type == "null" )
     return new NullKeyDerivation();
+#ifndef NOCRYPT
   else if( type == "aes-ctr" )
     return new AesIcmKeyDerivation();
+#endif
   else
     throw std::invalid_argument("key derivation prf not available");
 }
diff --git a/src/sysexec.hpp b/src/sysexec.hpp
new file mode 100644
index 0000000..73a18bf
--- /dev/null
+++ b/src/sysexec.hpp
@@ -0,0 +1,26 @@
+#ifndef _SYSEXEC_HPP
+#define _SYSEXEC_HPP
+#ifndef NOEXEC
+
+int execScript(std::string const& script, std::string const& ifname)
+{
+  pid_t pid;
+  pid = fork();
+  if(!pid) {
+    int fd;
+    for (fd=getdtablesize();fd>=0;--fd) // close all file descriptors
+      close(fd);
+    fd=open("/dev/null",O_RDWR);        // stdin
+    dup(fd);                            // stdout
+    dup(fd);                            // stderr
+    return execl("/bin/sh", "/bin/sh", script.c_str(), ifname.c_str(), NULL);
+  }
+  int status = 0;
+  waitpid(pid, &status, 0);
+  return status;
+}
+
+
+#endif
+#endif
+
author	Othmar Gsenger <otti@anytun.org>	2008-11-28 17:39:14 +0000
committer	Othmar Gsenger <otti@anytun.org>	2008-11-28 17:39:14 +0000
commit	409d58d0b63a113b29d8ce7c75a70e6dbbb39e69 (patch)
tree	27a2526d6fc3b4600f18572e77f9fb8890ccfb39 /src
parent	fixed datatypes (really using boost now) (diff)