From e2f6f861375aea953866477f5736de5a4150d360 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 27 Dec 2008 01:37:51 +0000 Subject: initial checkin damonizing chroot signal handling syslog --- src/daemon.h | 107 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 107 insertions(+) create mode 100644 src/daemon.h (limited to 'src/daemon.h') diff --git a/src/daemon.h b/src/daemon.h new file mode 100644 index 0000000..085f563 --- /dev/null +++ b/src/daemon.h @@ -0,0 +1,107 @@ +/* + * ľAnytun + * + * ľAnytun is a tiny implementation of SATP. Unlike Anytun which is a full + * featured implementation ľAnytun has no support for multiple connections + * or synchronisation. It is a small single threaded implementation intended + * to act as a client on small platforms. + * The secure anycast tunneling protocol (satp) defines a protocol used + * for communication between any combination of unicast and anycast + * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel + * mode and allows tunneling of every ETHER TYPE protocol (e.g. + * ethernet, ip, arp ...). satp directly includes cryptography and + * message authentication based on the methodes used by SRTP. It is + * intended to deliver a generic, scaleable and secure solution for + * tunneling and relaying of packets of any protocol. + * + * + * Copyright (C) 2007-2008 Christian Pointner + * + * This file is part of ľAnytun. + * + * ľAnytun is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 3 as + * published by the Free Software Foundation. + * + * ľAnytun is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with ľAnytun. If not, see . + */ + +#ifndef _DAEMON_H_ +#define _DAEMON_H_ + +#include +#include +#include +#include +#include +#include +#include + +void chrootAndDrop(const char* chrootdir, const char* username) +{ + if (getuid() != 0) + { + fprintf(stderr, "this programm has to be run as root in order to run in a chroot\n"); + exit(-1); + } + + struct passwd *pw = getpwnam(username); + if(pw) { + if(chroot(chrootdir)) + { + fprintf(stderr, "can't chroot to %s\n", chrootdir); + exit(-1); + } + log_printf(NOTICE, "we are in chroot jail (%s) now\n", chrootdir); + if(chdir("/")) + { + fprintf(stderr, "can't change to /\n"); + exit(-1); + } + if (initgroups(pw->pw_name, pw->pw_gid) || setgid(pw->pw_gid) || setuid(pw->pw_uid)) + { + fprintf(stderr, "can't drop to user %s %d:%d\n", username, pw->pw_uid, pw->pw_gid); + exit(-1); + } + log_printf(NOTICE, "dropped user to %s %d:%d\n", username, pw->pw_uid, pw->pw_gid); + } + else + { + fprintf(stderr, "unknown user %s\n", username); + exit(-1); + } +} + +void daemonize() +{ + pid_t pid; + + pid = fork(); + if(pid) exit(0); + setsid(); + pid = fork(); + if(pid) exit(0); + + int fd; + for (fd=0;fd<=2;fd++) // close all file descriptors + close(fd); + fd = open("/dev/null",O_RDWR); // stdin + if(fd == -1) + log_printf(WARNING, "can't open stdin (chroot and no link to /dev/null?)"); + else { + if(dup(fd) == -1) // stdout + log_printf(WARNING, "can't open stdout"); + if(dup(fd) == -1) // stderr + log_printf(WARNING, "can't open stderr"); + } + umask(027); +} + +#endif + -- cgit v1.2.3