From 5f82116f51ffe2fc4b44abe606f87d576b9b4c9d Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 4 Oct 2009 14:27:58 +0000 Subject: added improved script execution --- src/Makefile | 1 + src/anytun.cpp | 24 +++---- src/signalController.cpp | 2 +- src/sysExec.cpp | 163 +++++++++++++++++++++++++++++++++++++++++++++++ src/sysExec.h | 50 +++++++++++++++ src/sysexec.hpp | 74 --------------------- 6 files changed, 224 insertions(+), 90 deletions(-) create mode 100644 src/sysExec.cpp create mode 100644 src/sysExec.h delete mode 100644 src/sysexec.hpp diff --git a/src/Makefile b/src/Makefile index 4f75c70..eabdefc 100644 --- a/src/Makefile +++ b/src/Makefile @@ -53,6 +53,7 @@ OBJS := tunDevice.o \ signalController.o \ log.o \ logTargets.o \ + sysExec.o \ anytunError.o \ options.o \ seqWindow.o \ diff --git a/src/anytun.cpp b/src/anytun.cpp index 6789b85..7e009ac 100644 --- a/src/anytun.cpp +++ b/src/anytun.cpp @@ -29,13 +29,12 @@ * along with anytun. If not, see . */ +#include +#include +#include #include #include - -#include -#include // for ENOMEM - #include "datatypes.h" #include "log.h" @@ -76,7 +75,7 @@ #include "cryptinit.hpp" #include "daemon.hpp" -#include "sysexec.hpp" +#include "sysExec.h" bool disableRouting = false; @@ -313,14 +312,6 @@ void receiver(TunDevice* dev, PacketSource* src) } } -#ifndef NO_EXEC -void startPostUpScript(TunDevice* dev) -{ - cLog.msg(Log::PRIO_NOTICE) << "executing post-up script '" << gOpt.getPostUpScript() << "'"; - execScript(gOpt.getPostUpScript(), dev->getActualName(), dev->getActualNode()); -} -#endif - #ifndef NO_DAEMON void startSendRecvThreads(PrivInfo& privs, TunDevice* dev, PacketSource* src) #else @@ -451,8 +442,11 @@ int main(int argc, char* argv[]) cLog.msg(Log::PRIO_NOTICE) << "dev opened - name '" << dev.getActualName() << "', node '" << dev.getActualNode() << "'"; cLog.msg(Log::PRIO_NOTICE) << "dev type is '" << dev.getTypeString() << "'"; #ifndef NO_EXEC - if(gOpt.getPostUpScript() != "") - boost::thread(boost::bind(startPostUpScript, &dev)); + if(gOpt.getPostUpScript() != "") { + cLog.msg(Log::PRIO_NOTICE) << "executing post-up script '" << gOpt.getPostUpScript() << "'"; + StringVector args = boost::assign::list_of(dev.getActualName())(dev.getActualNode()); + anytun_exec(gOpt.getPostUpScript(), args); + } #endif PacketSource* src = new UDPPacketSource(gOpt.getLocalAddr(), gOpt.getLocalPort()); diff --git a/src/signalController.cpp b/src/signalController.cpp index b2017fd..b3029c3 100644 --- a/src/signalController.cpp +++ b/src/signalController.cpp @@ -248,7 +248,7 @@ int SignalController::run() return ret; } else - cLog.msg(Log::PRIO_NOTICE) << "SIG " << sig.first << " caught with message '" << sig.second << "'- ignoring"; + cLog.msg(Log::PRIO_NOTICE) << "SIG " << sig.first << " caught with message '" << sig.second << "' - ignoring"; } return 0; } diff --git a/src/sysExec.cpp b/src/sysExec.cpp new file mode 100644 index 0000000..9a397a2 --- /dev/null +++ b/src/sysExec.cpp @@ -0,0 +1,163 @@ +/* + * anytun + * + * The secure anycast tunneling protocol (satp) defines a protocol used + * for communication between any combination of unicast and anycast + * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel + * mode and allows tunneling of every ETHER TYPE protocol (e.g. + * ethernet, ip, arp ...). satp directly includes cryptography and + * message authentication based on the methodes used by SRTP. It is + * intended to deliver a generic, scaleable and secure solution for + * tunneling and relaying of packets of any protocol. + * + * + * Copyright (C) 2007-2008 Othmar Gsenger, Erwin Nindl, + * Christian Pointner + * + * This file is part of Anytun. + * + * Anytun is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 3 as + * published by the Free Software Foundation. + * + * Anytun is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with anytun. If not, see . + */ + +#include +#include + +#include "datatypes.h" +#include "sysExec.h" +#include "log.h" +#include "anytunError.h" + +#include +#include +#include +#include +#include +#include +#include +#include + +void anytun_exec(std::string const& script) +{ + anytun_exec(script, StringVector(), StringList()); +} + +void anytun_exec(std::string const& script, StringVector const& args) +{ + anytun_exec(script, args, StringList()); +} + +void anytun_exec(std::string const& script, StringList const& env) +{ + anytun_exec(script, StringVector(), env); +} + +void anytun_exec(std::string const& script, StringVector const& args, StringList const& env) +{ + int pipefd[2]; + if(pipe(pipefd) == -1) { + cLog.msg(Log::PRIO_ERROR) << "executing script '" << script << "' pipe() error: " << AnytunErrno(errno); + return; + } + + pid_t pid; + pid = fork(); + if(pid == -1) { + cLog.msg(Log::PRIO_ERROR) << "executing script '" << script << "' fork() error: " << AnytunErrno(errno); + return; + } + + if(pid) { + close(pipefd[1]); + boost::thread(boost::bind(waitForScript, script, pid, pipefd[0])); + return; + } + +// child code + int fd; + for (fd=getdtablesize();fd>=0;--fd) // close all file descriptors + if(fd != pipefd[1]) close(fd); + + fd = open("/dev/null",O_RDWR); // stdin + if(fd == -1) + cLog.msg(Log::PRIO_WARNING) << "can't open stdin"; + else { + if(dup(fd) == -1) // stdout + cLog.msg(Log::PRIO_WARNING) << "can't open stdout"; + if(dup(fd) == -1) // stderr + cLog.msg(Log::PRIO_WARNING) << "can't open stderr"; + } + + char** argv = new char*[args.size() + 2]; + argv[0] = new char[script.size() + 1]; + std::strcpy(argv[0], script.c_str()); + for(unsigned int i=0; isize() + 1]; + std::strcpy(evp[i], it->c_str()); + ++i; + } + evp[env.size()] = new char[1]; + evp[env.size()][0] = NULL; + } else { + evp = new char*[1]; + evp[0] = new char[1]; + evp[0][0] = NULL; + } + + execve(script.c_str(), argv, evp); + // if execve returns, an error occurred, but logging doesn't work + // because we closed all file descriptors, so just write errno to + // pipe and call exit + int err = errno; + int ret = write(pipefd[1], (void*)(&err), sizeof(err)); + if(ret != sizeof(errno)) + exit(-2); + exit(-1); +} + +void waitForScript(std::string const& script, pid_t pid, int pipefd) +{ + int status = 0; + waitpid(pid, &status, 0); + + fd_set rfds; + FD_ZERO(&rfds); + FD_SET(pipefd, &rfds); + struct timeval tv = { 0 , 0 }; + if(select(pipefd+1, &rfds, NULL, NULL, &tv) == 1) { + int err = 0; + if(read(pipefd, (void*)(&err), sizeof(err)) >= static_cast(sizeof(err))) { + cLog.msg(Log::PRIO_NOTICE) << "script '" << script << "' exec() error: " << AnytunErrno(err); + close(pipefd); + return; + } + } + if(WIFEXITED(status)) + cLog.msg(Log::PRIO_NOTICE) << "script '" << script << "' returned " << WEXITSTATUS(status); + else if(WIFSIGNALED(status)) + cLog.msg(Log::PRIO_NOTICE) << "script '" << script << "' terminated after signal " << WTERMSIG(status); + else + cLog.msg(Log::PRIO_ERROR) << "executing script '" << script << "': unkown error"; + + close(pipefd); +} diff --git a/src/sysExec.h b/src/sysExec.h new file mode 100644 index 0000000..2bac740 --- /dev/null +++ b/src/sysExec.h @@ -0,0 +1,50 @@ +/* + * anytun + * + * The secure anycast tunneling protocol (satp) defines a protocol used + * for communication between any combination of unicast and anycast + * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel + * mode and allows tunneling of every ETHER TYPE protocol (e.g. + * ethernet, ip, arp ...). satp directly includes cryptography and + * message authentication based on the methodes used by SRTP. It is + * intended to deliver a generic, scaleable and secure solution for + * tunneling and relaying of packets of any protocol. + * + * + * Copyright (C) 2007-2008 Othmar Gsenger, Erwin Nindl, + * Christian Pointner + * + * This file is part of Anytun. + * + * Anytun is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 3 as + * published by the Free Software Foundation. + * + * Anytun is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with anytun. If not, see . + */ + +#ifndef _SYSEXEC_H_ +#define _SYSEXEC_H_ +#ifndef NO_EXEC + +#include +#include +#include + +typedef std::vector StringVector; +typedef std::list StringList; + +void anytun_exec(std::string const& script); +void anytun_exec(std::string const& script, StringVector const& args); +void anytun_exec(std::string const& script, StringList const& env); +void anytun_exec(std::string const& script, StringVector const& args, StringList const& env); +void waitForScript(std::string const& script, pid_t pid, int pipefd); + +#endif +#endif diff --git a/src/sysexec.hpp b/src/sysexec.hpp deleted file mode 100644 index 90bde90..0000000 --- a/src/sysexec.hpp +++ /dev/null @@ -1,74 +0,0 @@ -/* - * anytun - * - * The secure anycast tunneling protocol (satp) defines a protocol used - * for communication between any combination of unicast and anycast - * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel - * mode and allows tunneling of every ETHER TYPE protocol (e.g. - * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is - * intended to deliver a generic, scaleable and secure solution for - * tunneling and relaying of packets of any protocol. - * - * - * Copyright (C) 2007-2008 Othmar Gsenger, Erwin Nindl, - * Christian Pointner - * - * This file is part of Anytun. - * - * Anytun is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 3 as - * published by the Free Software Foundation. - * - * Anytun is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with anytun. If not, see . - */ - -#ifndef _SYSEXEC_HPP -#define _SYSEXEC_HPP -#ifndef NO_EXEC - -int execScript(std::string const& script, std::string const& ifname, std::string const& ifnode) -{ - pid_t pid; - pid = fork(); - if(!pid) { - int fd; - for (fd=getdtablesize();fd>=0;--fd) // close all file descriptors - close(fd); - - fd = open("/dev/null",O_RDWR); // stdin - if(fd == -1) - cLog.msg(Log::PRIO_WARNING) << "can't open stdin"; - else { - if(dup(fd) == -1) // stdout - cLog.msg(Log::PRIO_WARNING) << "can't open stdout"; - if(dup(fd) == -1) // stderr - cLog.msg(Log::PRIO_WARNING) << "can't open stderr"; - } - execl("/bin/sh", "/bin/sh", script.c_str(), ifname.c_str(), ifnode.c_str(), (char*)NULL); - // if execl return, an error occurred - cLog.msg(Log::PRIO_ERROR) << "error on executing script: " << AnytunErrno(errno); - return -1; - } - int status = 0; - waitpid(pid, &status, 0); - if(WIFEXITED(status)) - cLog.msg(Log::PRIO_NOTICE) << "script '" << script << "' returned " << WEXITSTATUS(status); - else if(WIFSIGNALED(status)) - cLog.msg(Log::PRIO_NOTICE) << "script '" << script << "' terminated after signal " << WTERMSIG(status); - else - cLog.msg(Log::PRIO_ERROR) << "executing script: unkown error"; - - return status; -} - - -#endif -#endif - -- cgit v1.2.3