From 6b9c59efc9db4aa710d7c243d566973006020d42 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Wed, 14 Jan 2015 22:29:30 +0100 Subject: Refactor handling of platforms without user/group settings (Android) --- cmake/config.cmake | 17 ++++++++++++++++- src/config.c | 9 ++++----- src/config.y | 10 ++++++++++ src/fastd.c | 27 ++++++++++++++++++--------- src/fastd.h | 2 ++ src/fastd_config.h.in | 3 +++ src/status.c | 5 ++++- 7 files changed, 57 insertions(+), 16 deletions(-) diff --git a/cmake/config.cmake b/cmake/config.cmake index e6b70a2..049304f 100644 --- a/cmake/config.cmake +++ b/cmake/config.cmake @@ -18,6 +18,14 @@ set(USE_PMTU ${LINUX}) set(USE_PKTINFO ${LINUX}) set(USE_PACKET_MARK ${LINUX}) + +if(ANDROID) + set(USE_USER FALSE) +else(ANDROID) + set(USE_USER TRUE) +endif(ANDROID) + + # OSX doesn't support poll on devices... set(USE_SELECT ${DARWIN}) @@ -36,9 +44,16 @@ set(ENABLE_LTO FALSE CACHE BOOL "Enable link-time optimization") if(LINUX AND NOT ANDROID) set(ENABLE_SYSTEMD TRUE CACHE BOOL "Enable systemd support") +else(LINUX AND NOT ANDROID) + set(ENABLE_SYSTEMD FALSE) endif(LINUX AND NOT ANDROID) -set(WITH_CMDLINE_USER TRUE CACHE BOOL "Include support for setting user/group related options on the command line") +if(USE_USER) + set(WITH_CMDLINE_USER TRUE CACHE BOOL "Include support for setting user/group related options on the command line") +else(USE_USER) + set(WITH_CMDLINE_USER FALSE) +endif(USE_USER) + set(WITH_CMDLINE_LOGGING TRUE CACHE BOOL "Include support for setting logging related options on the command line") set(WITH_CMDLINE_OPERATION TRUE CACHE BOOL "Include support for setting options related to the VPN operation (like mode, interface, encryption method) on the command line") set(WITH_CMDLINE_COMMANDS TRUE CACHE BOOL "Include support for setting handler scripts (e.g. --on-up) on the command line") diff --git a/src/config.c b/src/config.c index 86e7df6..d0d1d52 100644 --- a/src/config.c +++ b/src/config.c @@ -383,14 +383,10 @@ bool fastd_config_read(const char *filename, fastd_peer_group_t *peer_group, fas /** Loads information about the configured user and group */ static void configure_user(void) { +#ifdef USE_USER conf.uid = getuid(); conf.gid = getgid(); -#ifdef __ANDROID__ - if (conf.user || conf.group) { - exit_error("config error: setting user/group is not supported on Android"); - } -#else if (conf.user) { struct passwd pwd, *pwdr; size_t bufspace = 1024; @@ -683,9 +679,12 @@ void fastd_config_release(void) { free(conf.status_socket); #endif +#ifdef USE_USER free(conf.user); free(conf.group); free(conf.groups); +#endif + free(conf.ifname); free(conf.secret); free(conf.protocol_config); diff --git a/src/config.y b/src/config.y index c998a41..404ac1d 100644 --- a/src/config.y +++ b/src/config.y @@ -213,13 +213,23 @@ peer_group_statement: ; user: TOK_STRING { +#ifdef USE_USER free(conf.user); conf.user = fastd_strdup($1->str); +#else + fastd_config_error(&@$, state, "user setting is not supported on this platform"); + YYERROR; +#endif } group: TOK_STRING { +#ifdef USE_USER free(conf.group); conf.group = fastd_strdup($1->str); +#else + fastd_config_error(&@$, state, "group setting is not supported on this platform"); + YYERROR; +#endif } drop_capabilities: diff --git a/src/fastd.c b/src/fastd.c index 5a71b6a..f05b43e 100644 --- a/src/fastd.c +++ b/src/fastd.c @@ -256,6 +256,8 @@ static inline void write_pid(void) { return; } #endif + +#ifdef USE_USER uid_t uid = geteuid(); gid_t gid = getegid(); @@ -265,28 +267,32 @@ static inline void write_pid(void) { if (seteuid(conf.uid) < 0) pr_debug_errno("seteuid"); } +#endif FILE *f = fopen(conf.pid_file, "w"); - if (f == NULL) { - pr_error_errno("can't write PID file: fopen"); - goto end; - } + if (f) { + if (fprintf(f, "%u", (unsigned)getpid()) < 0) + pr_error_errno("can't write PID file: fprintf"); - if (fprintf(f, "%u", (unsigned)getpid()) < 0) - pr_error_errno("can't write PID file: fprintf"); + if (fclose(f) < 0) + pr_warn_errno("fclose"); - if (fclose(f) < 0) - pr_warn_errno("fclose"); + } + else { + pr_error_errno("can't write PID file: fopen"); + } - end: +#ifdef USE_USER if (seteuid(uid) < 0) pr_debug_errno("seteuid"); if (setegid(gid) < 0) pr_debug_errno("setegid"); +#endif } /** Switches to the configured user */ static void set_user(void) { +#ifdef USE_USER if (conf.user || conf.group) { if (setgid(conf.gid) < 0) exit_errno("setgid"); @@ -296,10 +302,12 @@ static void set_user(void) { pr_info("changed to UID %i, GID %i", (int)conf.uid, (int)conf.gid); } +#endif } /** Sets the configured user's supplementary groups */ static void set_groups(void) { +#ifdef USE_USER if (conf.groups) { if (setgroups(conf.n_groups, conf.groups) < 0) { if (errno != EPERM) @@ -312,6 +320,7 @@ static void set_groups(void) { pr_debug_errno("setgroups"); } } +#endif } /** Switches the user and drops all capabilities */ diff --git a/src/fastd.h b/src/fastd.h index fc4acd1..f46e221 100644 --- a/src/fastd.h +++ b/src/fastd.h @@ -204,6 +204,7 @@ struct fastd_config { fastd_drop_caps_t drop_caps; /**< Specifies if and when to drop capabilities */ +#ifdef USE_USER char *user; /**< Specifies which user to switch to after initialization */ char *group; /**< Can specify an alternative group to switch to */ @@ -211,6 +212,7 @@ struct fastd_config { gid_t gid; /**< The GID of the configured group */ size_t n_groups; /**< The number of supplementary groups of the user */ gid_t *groups; /**< The supplementary groups of the configured user */ +#endif const fastd_protocol_t *protocol; /**< The handshake protocol */ fastd_string_stack_t *method_list; /**< The list of configured method names */ diff --git a/src/fastd_config.h.in b/src/fastd_config.h.in index 5286992..03ccc56 100644 --- a/src/fastd_config.h.in +++ b/src/fastd_config.h.in @@ -71,6 +71,9 @@ /** Defined if the platform supports SO_MARK */ #cmakedefine USE_PACKET_MARK +/** Defined if the platform supports settings users and groups */ +#cmakedefine USE_USER + /** Defined if the platform supports binding on IPv4 and IPv6 with a single socket */ #cmakedefine USE_MULTIAF_BIND diff --git a/src/status.c b/src/status.c index 7505ef9..3c82e0c 100644 --- a/src/status.c +++ b/src/status.c @@ -203,6 +203,7 @@ void fastd_status_init(void) { return; } +#ifdef USE_USER uid_t uid = geteuid(); gid_t gid = getegid(); @@ -212,7 +213,7 @@ void fastd_status_init(void) { if (seteuid(conf.uid) < 0) pr_debug_errno("seteuid"); } - +#endif ctx.status_fd = socket(AF_UNIX, SOCK_STREAM, 0); if (ctx.status_fd < 0) @@ -242,10 +243,12 @@ void fastd_status_init(void) { exit_errno("fastd_status_init: listen"); +#ifdef USE_USER if (seteuid(uid) < 0) pr_debug_errno("seteuid"); if (setegid(gid) < 0) pr_debug_errno("setegid"); +#endif } /** Closes the status socket */ -- cgit v1.2.3