1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
/*
* �Anytun
*
* �Anytun is a tiny implementation of SATP. Unlike Anytun which is a full
* featured implementation �Anytun has no support for multiple connections
* or synchronisation. It is a small single threaded implementation intended
* to act as a client on small platforms.
* The secure anycast tunneling protocol (satp) defines a protocol used
* for communication between any combination of unicast and anycast
* tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
* mode and allows tunneling of every ETHER TYPE protocol (e.g.
* ethernet, ip, arp ...). satp directly includes cryptography and
* message authentication based on the methodes used by SRTP. It is
* intended to deliver a generic, scaleable and secure solution for
* tunneling and relaying of packets of any protocol.
*
*
* Copyright (C) 2007-2008 Christian Pointner <equinox@anytun.org>
*
* This file is part of �Anytun.
*
* �Anytun is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 3 as
* published by the Free Software Foundation.
*
* �Anytun is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with �Anytun. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _DAEMON_H_
#define _DAEMON_H_
#include <poll.h>
#include <fcntl.h>
#include <pwd.h>
#include <grp.h>
#include <sys/wait.h>
#include <sys/stat.h>
#include <unistd.h>
void chrootAndDrop(const char* chrootdir, const char* username)
{
if (getuid() != 0)
{
fprintf(stderr, "this programm has to be run as root in order to run in a chroot\n");
exit(-1);
}
struct passwd *pw = getpwnam(username);
if(pw) {
if(chroot(chrootdir))
{
fprintf(stderr, "can't chroot to %s\n", chrootdir);
exit(-1);
}
log_printf(NOTICE, "we are in chroot jail (%s) now\n", chrootdir);
if(chdir("/"))
{
fprintf(stderr, "can't change to /\n");
exit(-1);
}
if (initgroups(pw->pw_name, pw->pw_gid) || setgid(pw->pw_gid) || setuid(pw->pw_uid))
{
fprintf(stderr, "can't drop to user %s %d:%d\n", username, pw->pw_uid, pw->pw_gid);
exit(-1);
}
log_printf(NOTICE, "dropped user to %s %d:%d\n", username, pw->pw_uid, pw->pw_gid);
}
else
{
fprintf(stderr, "unknown user %s\n", username);
exit(-1);
}
}
void daemonize()
{
pid_t pid;
pid = fork();
if(pid) exit(0);
setsid();
pid = fork();
if(pid) exit(0);
int fd;
for (fd=0;fd<=2;fd++) // close all file descriptors
close(fd);
fd = open("/dev/null",O_RDWR); // stdin
if(fd == -1)
log_printf(WARNING, "can't open stdin (chroot and no link to /dev/null?)");
else {
if(dup(fd) == -1) // stdout
log_printf(WARNING, "can't open stdout");
if(dup(fd) == -1) // stderr
log_printf(WARNING, "can't open stderr");
}
umask(027);
}
#endif
|
