From e2f6f861375aea953866477f5736de5a4150d360 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 27 Dec 2008 01:37:51 +0000 Subject: initial checkin damonizing chroot signal handling syslog --- src/Makefile | 78 ++++++++++++++++++++++++++++++++++++++++++ src/configure | 50 +++++++++++++++++++++++++++ src/daemon.h | 107 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ src/log.c | 53 +++++++++++++++++++++++++++++ src/log.h | 61 +++++++++++++++++++++++++++++++++ src/signal.c | 80 +++++++++++++++++++++++++++++++++++++++++++ src/signal.h | 42 +++++++++++++++++++++++ src/uanytun.c | 55 ++++++++++++++++++++++++++++++ 8 files changed, 526 insertions(+) create mode 100644 src/Makefile create mode 100755 src/configure create mode 100644 src/daemon.h create mode 100644 src/log.c create mode 100644 src/log.h create mode 100644 src/signal.c create mode 100644 src/signal.h create mode 100644 src/uanytun.c (limited to 'src') diff --git a/src/Makefile b/src/Makefile new file mode 100644 index 0000000..cd374f4 --- /dev/null +++ b/src/Makefile @@ -0,0 +1,78 @@ +## +## ľAnytun +## +## ľAnytun is a tiny implementation of SATP. Unlike Anytun which is a full +## featured implementation ľAnytun has no support for multiple connections +## or synchronisation. It is a small single threaded implementation intended +## to act as a client on small platforms. +## The secure anycast tunneling protocol (satp) defines a protocol used +## for communication between any combination of unicast and anycast +## tunnel endpoints. It has less protocol overhead than IPSec in Tunnel +## mode and allows tunneling of every ETHER TYPE protocol (e.g. +## ethernet, ip, arp ...). satp directly includes cryptography and +## message authentication based on the methodes used by SRTP. It is +## intended to deliver a generic, scaleable and secure solution for +## tunneling and relaying of packets of any protocol. +## +## +## Copyright (C) 2007-2008 Christian Pointner +## +## This file is part of ľAnytun. +## +## ľAnytun is free software: you can redistribute it and/or modify +## it under the terms of the GNU General Public License version 3 as +## published by the Free Software Foundation. +## +## ľAnytun is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## +## You should have received a copy of the GNU General Public License +## along with ľAnytun. If not, see . +## + +TARGET=$(shell uname -s) +CC = gcc +CCFLAGS = -g +LD = gcc +LDFLAGS = -g -Wall -O2 -lgcrypt -lgpg-error + +ifeq ($(TARGET),Linux) + LDFLAGS += -ldl +endif +ifeq ($(TARGET),OpenBSD) + LDFLAGS += -L/usr/local/lib +endif + +OBJS = log.o \ + signal.o \ + uanytun.o + +EXECUTABLE = uanytun + +all: $(EXECUTABLE) + +uanytun: $(OBJS) + $(LD) $(OBJS) -o $@ $(LDFLAGS) + +uanytun.o: uanytun.c + $(CC) $(CCFLAGS) $< -c + +log.o: log.c log.h + $(CC) $(CCFLAGS) $< -c + +signal.o: signal.c signal.h + $(CC) $(CCFLAGS) $< -c + +distclean: clean + find . -name *.o -exec rm -f {} \; + rm -f tunDevice.c + +clean: + rm -f *.o + rm -f $(EXECUTABLE) + +ctags: + ctags -R --c++-kinds=+p --fields=+iaS --extra=+q . + diff --git a/src/configure b/src/configure new file mode 100755 index 0000000..f487593 --- /dev/null +++ b/src/configure @@ -0,0 +1,50 @@ +#!/bin/sh +# +# ľAnytun +# +# ľAnytun is a tiny implementation of SATP. Unlike Anytun which is a full +# featured implementation ľAnytun has no support for multiple connections +# or synchronisation. It is a small single threaded implementation intended +# to act as a client on small platforms. +# The secure anycast tunneling protocol (satp) defines a protocol used +# for communication between any combination of unicast and anycast +# tunnel endpoints. It has less protocol overhead than IPSec in Tunnel +# mode and allows tunneling of every ETHER TYPE protocol (e.g. +# ethernet, ip, arp ...). satp directly includes cryptography and +# message authentication based on the methodes used by SRTP. It is +# intended to deliver a generic, scaleable and secure solution for +# tunneling and relaying of packets of any protocol. +# +# +# Copyright (C) 2007-2008 Christian Pointner +# +# This file is part of ľAnytun. +# +# ľAnytun is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 3 as +# published by the Free Software Foundation. +# +# ľAnytun is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with ľAnytun. If not, see . +# + +TARGET=`uname -s` + +case $TARGET in + Linux) + rm -rf tunDevice.c + ln -sf linux/tunDevice.c + ;; + OpenBSD|FreeBSD|NetBSD) + rm -rf tunDevice.c + ln -sf bsd/tunDevice.c + ;; + *) + echo "Plattform not supported" + ;; +esac diff --git a/src/daemon.h b/src/daemon.h new file mode 100644 index 0000000..085f563 --- /dev/null +++ b/src/daemon.h @@ -0,0 +1,107 @@ +/* + * ľAnytun + * + * ľAnytun is a tiny implementation of SATP. Unlike Anytun which is a full + * featured implementation ľAnytun has no support for multiple connections + * or synchronisation. It is a small single threaded implementation intended + * to act as a client on small platforms. + * The secure anycast tunneling protocol (satp) defines a protocol used + * for communication between any combination of unicast and anycast + * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel + * mode and allows tunneling of every ETHER TYPE protocol (e.g. + * ethernet, ip, arp ...). satp directly includes cryptography and + * message authentication based on the methodes used by SRTP. It is + * intended to deliver a generic, scaleable and secure solution for + * tunneling and relaying of packets of any protocol. + * + * + * Copyright (C) 2007-2008 Christian Pointner + * + * This file is part of ľAnytun. + * + * ľAnytun is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 3 as + * published by the Free Software Foundation. + * + * ľAnytun is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with ľAnytun. If not, see . + */ + +#ifndef _DAEMON_H_ +#define _DAEMON_H_ + +#include +#include +#include +#include +#include +#include +#include + +void chrootAndDrop(const char* chrootdir, const char* username) +{ + if (getuid() != 0) + { + fprintf(stderr, "this programm has to be run as root in order to run in a chroot\n"); + exit(-1); + } + + struct passwd *pw = getpwnam(username); + if(pw) { + if(chroot(chrootdir)) + { + fprintf(stderr, "can't chroot to %s\n", chrootdir); + exit(-1); + } + log_printf(NOTICE, "we are in chroot jail (%s) now\n", chrootdir); + if(chdir("/")) + { + fprintf(stderr, "can't change to /\n"); + exit(-1); + } + if (initgroups(pw->pw_name, pw->pw_gid) || setgid(pw->pw_gid) || setuid(pw->pw_uid)) + { + fprintf(stderr, "can't drop to user %s %d:%d\n", username, pw->pw_uid, pw->pw_gid); + exit(-1); + } + log_printf(NOTICE, "dropped user to %s %d:%d\n", username, pw->pw_uid, pw->pw_gid); + } + else + { + fprintf(stderr, "unknown user %s\n", username); + exit(-1); + } +} + +void daemonize() +{ + pid_t pid; + + pid = fork(); + if(pid) exit(0); + setsid(); + pid = fork(); + if(pid) exit(0); + + int fd; + for (fd=0;fd<=2;fd++) // close all file descriptors + close(fd); + fd = open("/dev/null",O_RDWR); // stdin + if(fd == -1) + log_printf(WARNING, "can't open stdin (chroot and no link to /dev/null?)"); + else { + if(dup(fd) == -1) // stdout + log_printf(WARNING, "can't open stdout"); + if(dup(fd) == -1) // stderr + log_printf(WARNING, "can't open stderr"); + } + umask(027); +} + +#endif + diff --git a/src/log.c b/src/log.c new file mode 100644 index 0000000..f9bda33 --- /dev/null +++ b/src/log.c @@ -0,0 +1,53 @@ +/* + * ľAnytun + * + * ľAnytun is a tiny implementation of SATP. Unlike Anytun which is a full + * featured implementation ľAnytun has no support for multiple connections + * or synchronisation. It is a small single threaded implementation intended + * to act as a client on small platforms. + * The secure anycast tunneling protocol (satp) defines a protocol used + * for communication between any combination of unicast and anycast + * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel + * mode and allows tunneling of every ETHER TYPE protocol (e.g. + * ethernet, ip, arp ...). satp directly includes cryptography and + * message authentication based on the methodes used by SRTP. It is + * intended to deliver a generic, scaleable and secure solution for + * tunneling and relaying of packets of any protocol. + * + * + * Copyright (C) 2007-2008 Christian Pointner + * + * This file is part of ľAnytun. + * + * ľAnytun is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 3 as + * published by the Free Software Foundation. + * + * ľAnytun is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with ľAnytun. If not, see . + */ + +#include +#include "log.h" + +log_facility_t g_facility = DAEMON; + +void log_init(const char* name, log_facility_t facility) +{ + g_facility = facility; + openlog(name, LOG_PID | LOG_NDELAY, facility); +} + +void log_printf(log_prio_t prio, const char* fmt, ...) +{ + va_list args; + + va_start(args, fmt); + vsyslog(prio | g_facility, fmt, args); + va_end(args); +} diff --git a/src/log.h b/src/log.h new file mode 100644 index 0000000..3b2196d --- /dev/null +++ b/src/log.h @@ -0,0 +1,61 @@ +/* + * ľAnytun + * + * ľAnytun is a tiny implementation of SATP. Unlike Anytun which is a full + * featured implementation ľAnytun has no support for multiple connections + * or synchronisation. It is a small single threaded implementation intended + * to act as a client on small platforms. + * The secure anycast tunneling protocol (satp) defines a protocol used + * for communication between any combination of unicast and anycast + * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel + * mode and allows tunneling of every ETHER TYPE protocol (e.g. + * ethernet, ip, arp ...). satp directly includes cryptography and + * message authentication based on the methodes used by SRTP. It is + * intended to deliver a generic, scaleable and secure solution for + * tunneling and relaying of packets of any protocol. + * + * + * Copyright (C) 2007-2008 Christian Pointner + * + * This file is part of ľAnytun. + * + * ľAnytun is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 3 as + * published by the Free Software Foundation. + * + * ľAnytun is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with ľAnytun. If not, see . + */ + +#ifndef _LOG_H_ +#define _LOG_H_ + +#include + +enum log_facility_enum { USER = LOG_USER, MAIL = LOG_MAIL, + DAEMON = LOG_DAEMON, AUTH = LOG_AUTH, + SYSLOG = LOG_SYSLOG, LPR = LOG_LPR, + NEWS = LOG_NEWS, UUCP = LOG_UUCP, + CRON = LOG_CRON, AUTHPRIV = LOG_AUTHPRIV, + FTP = LOG_FTP, LOCAL0 = LOG_LOCAL0, + LOCAL1 = LOG_LOCAL1, LOCAL2 = LOG_LOCAL2, + LOCAL3 = LOG_LOCAL3, LOCAL4 = LOG_LOCAL4, + LOCAL5 = LOG_LOCAL5, LOCAL6 = LOG_LOCAL6, + LOCAL7 = LOG_LOCAL7 }; +typedef enum log_facility_enum log_facility_t; + +enum log_prio_enum { EMERG = LOG_EMERG, ALERT = LOG_ALERT, + CRIT = LOG_CRIT, ERR = LOG_ERR, + WARNING = LOG_WARNING, NOTICE = LOG_NOTICE, + INFO = LOG_INFO, DEBUG = LOG_DEBUG }; +typedef enum log_prio_enum log_prio_t; + +void log_init(const char* name, log_facility_t facility); +void log_printf(log_prio_t prio, const char* fmt, ...); + +#endif diff --git a/src/signal.c b/src/signal.c new file mode 100644 index 0000000..bb42331 --- /dev/null +++ b/src/signal.c @@ -0,0 +1,80 @@ +/* + * ľAnytun + * + * ľAnytun is a tiny implementation of SATP. Unlike Anytun which is a full + * featured implementation ľAnytun has no support for multiple connections + * or synchronisation. It is a small single threaded implementation intended + * to act as a client on small platforms. + * The secure anycast tunneling protocol (satp) defines a protocol used + * for communication between any combination of unicast and anycast + * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel + * mode and allows tunneling of every ETHER TYPE protocol (e.g. + * ethernet, ip, arp ...). satp directly includes cryptography and + * message authentication based on the methodes used by SRTP. It is + * intended to deliver a generic, scaleable and secure solution for + * tunneling and relaying of packets of any protocol. + * + * + * Copyright (C) 2007-2008 Christian Pointner + * + * This file is part of ľAnytun. + * + * ľAnytun is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 3 as + * published by the Free Software Foundation. + * + * ľAnytun is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with ľAnytun. If not, see . + */ + +#include "log.h" +#include "signal.h" +#include + +volatile sig_atomic_t signal_exit = 0; + +void signal_init() +{ + signal(SIGINT, handle_signal_exit); + signal(SIGQUIT, handle_signal_exit); + signal(SIGTERM, handle_signal_exit); + + signal(SIGHUP, handle_signal); + signal(SIGUSR1, handle_signal); + signal(SIGUSR2, handle_signal); +} + +void handle_signal(int sig) +{ + switch(sig) { + case SIGHUP: log_printf(NOTICE, "SIG-Hup caught"); break; + case SIGUSR1: log_printf(NOTICE, "SIG-Usr1 caught"); break; + case SIGUSR2: log_printf(NOTICE, "SIG-Usr2 caught"); break; + default: log_printf(NOTICE, "Signal %d caught, ignoring", sig); break; + } +} + +void handle_signal_exit(int sig) +{ + switch(sig) { + case SIGINT: log_printf(NOTICE, "SIG-Int caught, exiting"); break; + case SIGQUIT: log_printf(NOTICE, "SIG-Quit caught, exiting"); break; + case SIGTERM: log_printf(NOTICE, "SIG-Term caught, exiting"); break; + default: log_printf(NOTICE, "Signal %d caught, ignoring", sig); return; + } + + if (signal_exit) + raise (sig); + signal_exit = 1; + + // do cleanup here + + signal (sig, SIG_DFL); + raise (sig); +} + diff --git a/src/signal.h b/src/signal.h new file mode 100644 index 0000000..3dd0440 --- /dev/null +++ b/src/signal.h @@ -0,0 +1,42 @@ +/* + * ľAnytun + * + * ľAnytun is a tiny implementation of SATP. Unlike Anytun which is a full + * featured implementation ľAnytun has no support for multiple connections + * or synchronisation. It is a small single threaded implementation intended + * to act as a client on small platforms. + * The secure anycast tunneling protocol (satp) defines a protocol used + * for communication between any combination of unicast and anycast + * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel + * mode and allows tunneling of every ETHER TYPE protocol (e.g. + * ethernet, ip, arp ...). satp directly includes cryptography and + * message authentication based on the methodes used by SRTP. It is + * intended to deliver a generic, scaleable and secure solution for + * tunneling and relaying of packets of any protocol. + * + * + * Copyright (C) 2007-2008 Christian Pointner + * + * This file is part of ľAnytun. + * + * ľAnytun is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 3 as + * published by the Free Software Foundation. + * + * ľAnytun is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with ľAnytun. If not, see . + */ + +#ifndef _SIGNAL_H_ +#define _SIGNAL_H_ + +void signal_init(); +void handle_signal(int sig); +void handle_signal_exit(int sig); + +#endif diff --git a/src/uanytun.c b/src/uanytun.c new file mode 100644 index 0000000..76aca3e --- /dev/null +++ b/src/uanytun.c @@ -0,0 +1,55 @@ +/* + * ľAnytun + * + * ľAnytun is a tiny implementation of SATP. Unlike Anytun which is a full + * featured implementation ľAnytun has no support for multiple connections + * or synchronisation. It is a small single threaded implementation intended + * to act as a client on small platforms. + * The secure anycast tunneling protocol (satp) defines a protocol used + * for communication between any combination of unicast and anycast + * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel + * mode and allows tunneling of every ETHER TYPE protocol (e.g. + * ethernet, ip, arp ...). satp directly includes cryptography and + * message authentication based on the methodes used by SRTP. It is + * intended to deliver a generic, scaleable and secure solution for + * tunneling and relaying of packets of any protocol. + * + * + * Copyright (C) 2007-2008 Christian Pointner + * + * This file is part of ľAnytun. + * + * ľAnytun is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 3 as + * published by the Free Software Foundation. + * + * ľAnytun is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with ľAnytun. If not, see . + */ + +#include +#include + +#include "log.h" +#include "daemon.h" +#include "signal.h" + +int main(int argc, char* argv[]) +{ + log_init("uanytun", DAEMON); + signal_init(); + +// chrootAndDrop("/var/run/", "nobody"); + daemonize(); + log_printf(INFO, "running in background now"); + + log_printf(INFO, "entering main loop"); + while(1) sleep(1); +} + + -- cgit v1.2.3