fixed priviledge dropping on freebsd

maybee todo: remove old non working preprocessor staments like NO_EXEC to make code simpler
author: Othmar Gsenger <otti@anytun.org> 2010-01-10 22:10:05 +0000
committer: Othmar Gsenger <otti@anytun.org> 2010-01-10 22:10:05 +0000
commit: 2f418d7ab9f44ee8d573a81a08c167dbf46f1658 (patch)
tree: d4d6d38b11fda9ee17b1e4448f8dc1b7ffcc7c32 /src
parent: dispatching right socket for send to function (diff)
7 files changed, 101 insertions, 56 deletions
diff --git a/src/anytun.cpp b/src/anytun.cpp
index bdd5b65..222adf6 100644
--- a/src/anytun.cpp
+++ b/src/anytun.cpp
@@ -326,19 +326,6 @@ void startSendRecvThreads(TunDevice* dev, PacketSource* src)
 {
   src->waitUntilReady();
   
-#ifndef NO_DAEMON
-  if(gOpt.getChrootDir() != "") {
-    try {
-      do_chroot(gOpt.getChrootDir());
-    }
-    catch(const std::runtime_error& e) {
-      cLog.msg(Log::PRIO_WARNING) << "ignoring chroot error: " << e.what();
-    }
-  }
-#ifndef NO_PRIVDROP
-  privs.drop();
-#endif
-#endif
   
   boost::thread(boost::bind(sender, dev, src));
   boost::thread(boost::bind(receiver, dev, src)); 
@@ -431,12 +418,42 @@ int main(int argc, char* argv[])
     }
 #endif
 
+
+    OptionNetwork net = gOpt.getIfconfigParam();
+    TunDevice dev(gOpt.getDevName(), gOpt.getDevType(), net.net_addr, net.prefix_length);
+    cLog.msg(Log::PRIO_NOTICE) << "dev opened - name '" << dev.getActualName() << "', node '" << dev.getActualNode() << "'";
+    cLog.msg(Log::PRIO_NOTICE) << "dev type is '" << dev.getTypeString() << "'";
+#ifndef NO_EXEC
+    SysExec * postup_script = NULL;
+    if(gOpt.getPostUpScript() != "") {
+      cLog.msg(Log::PRIO_NOTICE) << "executing post-up script '" << gOpt.getPostUpScript() << "'";
+      StringVector args = boost::assign::list_of(dev.getActualName())(dev.getActualNode());
+      postup_script = new SysExec(gOpt.getPostUpScript(), args);
+    }
+#endif
         // this has to be called before the first thread is started
 #if !( defined(__FreeBSD__) || defined(__FreeBSD_kernel__))
     gSignalController.init();
 #endif
+#ifndef NO_DAEMON
+  if(gOpt.getChrootDir() != "") {
+    try {
+      do_chroot(gOpt.getChrootDir());
+    }
+    catch(const std::runtime_error& e) {
+      cLog.msg(Log::PRIO_WARNING) << "ignoring chroot error: " << e.what();
+    }
+  }
+#ifndef NO_PRIVDROP
+  privs.drop();
+#endif
+#endif
     gResolver.init();
-   
+#ifndef NO_EXEC
+   boost::thread(boost::bind(&TunDevice::waitForPostUpScript,&dev));
+   if (postup_script)
+     boost::thread(boost::bind(&SysExec::waitForScript,postup_script));
+#endif   
 #ifndef NO_CRYPT
 #ifndef USE_SSL_CRYPTO
 // this must be called before any other libgcrypt call
@@ -444,18 +461,6 @@ int main(int argc, char* argv[])
       return -1;
 #endif
 #endif
-
-    OptionNetwork net = gOpt.getIfconfigParam();
-    TunDevice dev(gOpt.getDevName(), gOpt.getDevType(), net.net_addr, net.prefix_length);
-    cLog.msg(Log::PRIO_NOTICE) << "dev opened - name '" << dev.getActualName() << "', node '" << dev.getActualNode() << "'";
-    cLog.msg(Log::PRIO_NOTICE) << "dev type is '" << dev.getTypeString() << "'";
-#ifndef NO_EXEC
-    if(gOpt.getPostUpScript() != "") {
-      cLog.msg(Log::PRIO_NOTICE) << "executing post-up script '" << gOpt.getPostUpScript() << "'";
-      StringVector args = boost::assign::list_of(dev.getActualName())(dev.getActualNode());
-      anytun_exec(gOpt.getPostUpScript(), args);
-    }
-#endif
     
     PacketSource* src = new UDPPacketSource(gOpt.getLocalAddr(), gOpt.getLocalPort());
 
diff --git a/src/bsd/tunDevice.cpp b/src/bsd/tunDevice.cpp
index 6dd3419..40c3001 100644
--- a/src/bsd/tunDevice.cpp
+++ b/src/bsd/tunDevice.cpp
@@ -54,7 +54,7 @@
 
 #define DEVICE_FILE_MAX 255
 
-TunDevice::TunDevice(std::string dev_name, std::string dev_type, std::string ifcfg_addr, u_int16_t ifcfg_prefix) : conf_(dev_name, dev_type, ifcfg_addr, ifcfg_prefix, 1400)
+TunDevice::TunDevice(std::string dev_name, std::string dev_type, std::string ifcfg_addr, u_int16_t ifcfg_prefix) : conf_(dev_name, dev_type, ifcfg_addr, ifcfg_prefix, 1400),sys_exec_(NULL)
 {
   std::string device_file = "/dev/";
   bool dynamic = true;
@@ -253,6 +253,7 @@ int TunDevice::write(u_int8_t* buf, u_int32_t len)
 
 void TunDevice::do_ifconfig()
 {
+#ifndef NO_EXEC
   std::ostringstream mtu_ss;
   mtu_ss << conf_.mtu_;
   StringVector args = boost::assign::list_of(actual_name_)(conf_.addr_.toString())("netmask")(conf_.netmask_.toString())("mtu")(mtu_ss.str());
@@ -270,6 +271,13 @@ void TunDevice::do_ifconfig()
  #error This Device works just for OpenBSD, FreeBSD or NetBSD
 #endif
   }
+  sys_exec_ = new SysExec("/sbin/ifconfig", args);
+#endif
+}
 
-  anytun_exec("/sbin/ifconfig", args);
+void TunDevice::waitForPostUpScript()
+{
+  if (sys_exec_)
+    sys_exec_->waitForScript();
 }
+
diff --git a/src/linux/tunDevice.cpp b/src/linux/tunDevice.cpp
index 57b1c7c..c351683 100644
--- a/src/linux/tunDevice.cpp
+++ b/src/linux/tunDevice.cpp
@@ -50,7 +50,7 @@
 #include "anytunError.h"
 #include "sysExec.h"
 
-TunDevice::TunDevice(std::string dev_name, std::string dev_type, std::string ifcfg_addr, u_int16_t ifcfg_prefix) : conf_(dev_name, dev_type, ifcfg_addr, ifcfg_prefix, 1400)
+TunDevice::TunDevice(std::string dev_name, std::string dev_type, std::string ifcfg_addr, u_int16_t ifcfg_prefix) : conf_(dev_name, dev_type, ifcfg_addr, ifcfg_prefix, 1400), sys_exec_(NULL)
 {
 	struct ifreq ifr;
 	memset(&ifr, 0, sizeof(ifr));
@@ -158,8 +158,16 @@ void TunDevice::init_post()
 
 void TunDevice::do_ifconfig()
 {
+#ifndef NO_EXEC
   std::ostringstream mtu_ss;
   mtu_ss << conf_.mtu_;
   StringVector args = boost::assign::list_of(actual_name_)(conf_.addr_.toString())("netmask")(conf_.netmask_.toString())("mtu")(mtu_ss.str());
-  anytun_exec("/sbin/ifconfig", args);
+  sys_exec_ = new SysExec("/sbin/ifconfig", args);
+#endif
+}
+
+void TunDevice::waitForPostUpScript()
+{
+  if (sys_exec_)
+    sys_exec_->waitForScript();
 }
diff --git a/src/sysExec.cpp b/src/sysExec.cpp
index fc806fd..869df3a 100644
--- a/src/sysExec.cpp
+++ b/src/sysExec.cpp
@@ -48,22 +48,22 @@
 #include <string.h>
 #include <cstring>
 
-void anytun_exec(std::string const& script)
+SysExec::SysExec(std::string const& script) : script_(script),closed_(false)
 {
-  anytun_exec(script, StringVector(), StringList());
+  SysExec(script, StringVector(), StringList());
 }
 
-void anytun_exec(std::string const& script, StringVector const& args)
+SysExec::SysExec(std::string const& script, StringVector const& args) : script_(script),closed_(false)
 {
-  anytun_exec(script, args, StringList());
+  SysExec(script, args, StringList());
 }
 
-void anytun_exec(std::string const& script, StringList const& env)
+SysExec::SysExec(std::string const& script, StringList const& env) : script_(script),closed_(false)
 {
-  anytun_exec(script, StringVector(), env);
+  SysExec(script, StringVector(), env);
 }
 
-void anytun_exec(std::string const& script, StringVector const& args, StringList const& env)
+SysExec::SysExec(std::string const& script, StringVector const& args, StringList const& env) : script_(script),closed_(false)
 {
   int pipefd[2];
   if(pipe(pipefd) == -1) {
@@ -80,7 +80,7 @@ void anytun_exec(std::string const& script, StringVector const& args, StringList
 
   if(pid) {
     close(pipefd[1]);
-    boost::thread(boost::bind(waitForScript, script, pid, pipefd[0]));
+    //boost::thread(boost::bind(waitForScript, script, pid, pipefd[0]));
     return;
   }
 
@@ -129,29 +129,35 @@ void anytun_exec(std::string const& script, StringVector const& args, StringList
   exit(-1);
 }
 
-void waitForScript(std::string const& script, pid_t pid, int pipefd)
+void SysExec::waitForScript()
 {
   int status = 0;
-  waitpid(pid, &status, 0);
+  waitpid(pid_, &status, 0);
 
   fd_set rfds;
   FD_ZERO(&rfds);
-  FD_SET(pipefd, &rfds);
+  FD_SET(pipefd_, &rfds);
   struct timeval tv = { 0 , 0 };
-  if(select(pipefd+1, &rfds, NULL, NULL, &tv) == 1) {
+  if(select(pipefd_+1, &rfds, NULL, NULL, &tv) == 1) {
     int err = 0;
-    if(read(pipefd, (void*)(&err), sizeof(err)) >= static_cast<int>(sizeof(err))) {
-      cLog.msg(Log::PRIO_NOTICE) << "script '" << script << "' exec() error: " << AnytunErrno(err);
-      close(pipefd);
+    if(read(pipefd_, (void*)(&err), sizeof(err)) >= static_cast<int>(sizeof(err))) {
+      cLog.msg(Log::PRIO_NOTICE) << "script '" << script_ << "' exec() error: " << AnytunErrno(err);
+      close(pipefd_);
       return;
     }
   }
   if(WIFEXITED(status))
-    cLog.msg(Log::PRIO_NOTICE) << "script '" << script << "' returned " << WEXITSTATUS(status);  
+    cLog.msg(Log::PRIO_NOTICE) << "script '" << script_ << "' returned " << WEXITSTATUS(status);  
   else if(WIFSIGNALED(status))
-    cLog.msg(Log::PRIO_NOTICE) << "script '" << script << "' terminated after signal " << WTERMSIG(status);
+    cLog.msg(Log::PRIO_NOTICE) << "script '" << script_ << "' terminated after signal " << WTERMSIG(status);
   else
-    cLog.msg(Log::PRIO_ERROR) << "executing script '" << script << "': unknown error";
+    cLog.msg(Log::PRIO_ERROR) << "executing script '" << script_ << "': unknown error";
 
-  close(pipefd);
+  close(pipefd_);
+}
+
+SysExec::~SysExec()
+{
+  if(!closed_)
+    close(pipefd_);
 }
diff --git a/src/sysExec.h b/src/sysExec.h
index e608472..f0461af 100644
--- a/src/sysExec.h
+++ b/src/sysExec.h
@@ -42,11 +42,21 @@
 typedef std::vector<std::string> StringVector;
 typedef std::list<std::string> StringList;
 
-void anytun_exec(std::string const& script);
-void anytun_exec(std::string const& script, StringVector const& args);
-void anytun_exec(std::string const& script, StringList const& env);
-void anytun_exec(std::string const& script, StringVector const& args, StringList const& env);
-void waitForScript(std::string const& script, pid_t pid, int pipefd);
+class SysExec
+{
+  public:
+    SysExec(std::string const& script);
+    SysExec(std::string const& script, StringVector const& args);
+    SysExec(std::string const& script, StringList const& env);
+    SysExec(std::string const& script, StringVector const& args, StringList const& env);
+    void waitForScript();
+    ~SysExec();
+  private:
+    std::string script_;
+    pid_t pid_;
+    int pipefd_;
+    bool closed_;
+};
 
 #endif
 #endif
diff --git a/src/tunDevice.h b/src/tunDevice.h
index e00751f..834837e 100644
--- a/src/tunDevice.h
+++ b/src/tunDevice.h
@@ -36,9 +36,10 @@
 #include "buffer.h"
 #include "deviceConfig.hpp"
 #include "threadUtils.hpp"
-
 #ifdef _MSC_VER
 #include <windows.h>
+#else
+#include "sysExec.h"
 #endif
 
 class TunDevice
@@ -53,6 +54,7 @@ public:
   const char* getActualName() const { return actual_name_.c_str(); }
   const char* getActualNode() const { return actual_node_.c_str(); }
   device_type_t getType() const { return conf_.type_; } 
+  void waitForPostUpScript();
   const char* getTypeString() const
   {
 #ifndef _MSC_VER
@@ -71,7 +73,6 @@ public:
     return "";
   }
 
-
 private:
   void operator=(const TunDevice &src);
   TunDevice(const TunDevice &src);
@@ -91,6 +92,9 @@ private:
 #endif
 
   DeviceConfig conf_;
+#ifndef _MSC_VER
+  SysExec * sys_exec_;
+#endif
   bool with_pi_;
   std::string actual_name_;
   std::string actual_node_;
diff --git a/src/win32/tunDevice.cpp b/src/win32/tunDevice.cpp
index fe6ab44..c5b378f 100644
--- a/src/win32/tunDevice.cpp
+++ b/src/win32/tunDevice.cpp
@@ -270,3 +270,7 @@ void TunDevice::do_ifconfig()
 	}
   conf_.mtu_ = static_cast<u_int16_t>(mtu);
 }
+
+void TunDevice::waitForPostUpScript()
+{
+}
author	Othmar Gsenger <otti@anytun.org>	2010-01-10 22:10:05 +0000
committer	Othmar Gsenger <otti@anytun.org>	2010-01-10 22:10:05 +0000
commit	2f418d7ab9f44ee8d573a81a08c167dbf46f1658 (patch)
tree	d4d6d38b11fda9ee17b1e4448f8dc1b7ffcc7c32 /src
parent	dispatching right socket for send to function (diff)