コード例 #1
0
ファイル: pppoed.c プロジェクト: alhazred/onarm
static void
add_signal_handlers(void)
{
	struct sigaction sa;

	(void) sigemptyset(&sigmask);
	(void) sigaddset(&sigmask, SIGHUP);
	(void) sigaddset(&sigmask, SIGCHLD);
	(void) sigaddset(&sigmask, SIGINT);
	(void) sigprocmask(SIG_BLOCK, &sigmask, NULL);

	sa.sa_mask = sigmask;
	sa.sa_flags = 0;

	/* Signals to handle */
	sa.sa_handler = handle_hup;
	if (sigaction(SIGHUP, &sa, NULL) < 0)
		early_error("sigaction HUP");
	sa.sa_handler = handle_int;
	if (sigaction(SIGINT, &sa, NULL) < 0)
		early_error("sigaction INT");

	/*
	 * Signals to ignore.  Ignoring SIGCHLD in this way makes the
	 * children exit without ever creating zombies.  (No wait(2)
	 * call required.)
	 */
	sa.sa_handler = SIG_IGN;
	if (sigaction(SIGPIPE, &sa, NULL) < 0)
		early_error("sigaction PIPE");
	sa.sa_flags = SA_NOCLDWAIT;
	if (sigaction(SIGCHLD, &sa, NULL) < 0)
		early_error("sigaction CHLD");
}
コード例 #2
0
ファイル: pppoed.c プロジェクト: alhazred/onarm
/*
 * Open the sppptun driver.
 */
static void
open_tunnel_dev(void)
{
	struct ppptun_peer ptp;

	tunfd = open(tunnam, O_RDWR);
	if (tunfd == -1) {
		early_error(tunnam);
	}

	/*
	 * Tell the device driver that I'm a daemon handling inbound
	 * connections, not a PPP session.
	 */
	(void) memset(&ptp, '\0', sizeof (ptp));
	ptp.ptp_style = PTS_PPPOE;
	ptp.ptp_flags = PTPF_DAEMON;
	(void) memcpy(ptp.ptp_address.pta_pppoe.ptma_mac, ether_bcast,
	    sizeof (ptp.ptp_address.pta_pppoe.ptma_mac));
	if (strioctl(tunfd, PPPTUN_SPEER, &ptp, sizeof (ptp), sizeof (ptp)) <
	    0) {
		myperror("PPPTUN_SPEER");
		exit(1);
	}
}
コード例 #3
0
/*
 * Try to obtain the CAP_IPC_LOCK Linux capability.
 * Then, whether or not this is successful, drop root
 * privileges to run as the invoking user. The application is aborted
 * if for any reason we are unable to drop privileges. Note: even gettext
 * is unavailable!
 */
void
gkd_capability_obtain_capability_and_drop_privileges (void)
{
#ifdef HAVE_LIBCAP
	cap_t caps;
	cap_value_t cap_list[1];

	caps = cap_get_proc ();
	if (caps == NULL) {
		early_error ("capability state cannot be allocated");
		goto drop;
	}

	cap_list[0] = CAP_IPC_LOCK;
	if (cap_set_flag (caps, CAP_EFFECTIVE, 1, cap_list, CAP_SET) == -1) {
		early_error ("error when manipulating capability sets");
		goto drop;
	}

	if (cap_set_proc (caps) == -1) {
		/* Only warn when it's root that's running */
		if (getuid () == 0)
			early_error ("cannot apply capabilities to process");
		goto drop;
	}

	if (cap_free (caps) == -1) {
		early_error ("failed to free capability structure");
		goto drop;
	}
drop:

#endif
	/* Now finally drop the suid by becoming the invoking user */
	if (geteuid () != getuid() || getegid () != getgid ())
		drop_privileges ();
}
コード例 #4
0
ファイル: pppoed.c プロジェクト: alhazred/onarm
/*
 * Become a daemon.
 */
static void
daemonize(void)
{
	pid_t cpid;

	/*
	 * A little bit of magic here.  By the first fork+setsid, we
	 * disconnect from our current controlling terminal and become
	 * a session group leader.  By forking again without setsid,
	 * we make certain that we're not the session group leader and
	 * can never reacquire a controlling terminal.
	 */
	if ((cpid = fork()) == (pid_t)-1) {
		early_error("fork 1");
	}
	if (cpid != 0) {
		(void) wait(NULL);
		_exit(0);
	}
	if (setsid() == (pid_t)-1) {
		early_error("setsid");
	}
	if ((cpid = fork()) == (pid_t)-1) {
		early_error("fork 2");
	}
	if (cpid != 0) {
		/* Parent just exits */
		(void) printf("%d\n", (int)cpid);
		(void) fflush(stdout);
		_exit(0);
	}
	(void) chdir("/");
	(void) umask(0);
	(void) fdwalk(fdcloser, NULL);
	reopen_log();
}
コード例 #5
0
static void
drop_privileges (void)
{
	uid_t orig_uid;
	gid_t orig_gid;

	orig_uid = getuid ();
	orig_gid = getgid ();

	/* This is permanent, you cannot go back to root */
	setgid (orig_gid);
	setuid (orig_uid);

	/*
	 * Check that the switch was ok
	 * We do not allow programs to run without the drop being
	 * successful as this would possibly run the program
	 * using root-privs, when that is not what we want
	 */
	if ((getegid () != orig_gid) || (geteuid () != orig_uid)) {
		early_error ("failed to drop privileges, aborting");
		exit (1);
	}
}