diff options
Diffstat (limited to 'src/openvpn/platform.c')
-rw-r--r-- | src/openvpn/platform.c | 272 |
1 files changed, 147 insertions, 125 deletions
diff --git a/src/openvpn/platform.c b/src/openvpn/platform.c index 6343647..952d633 100644 --- a/src/openvpn/platform.c +++ b/src/openvpn/platform.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> + * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -39,21 +39,25 @@ #include "platform.h" /* Redefine the top level directory of the filesystem - to restrict access to files for security */ + * to restrict access to files for security */ void -platform_chroot (const char *path) +platform_chroot(const char *path) { - if (path) + if (path) { #ifdef HAVE_CHROOT - const char *top = "/"; - if (chroot (path)) - msg (M_ERR, "chroot to '%s' failed", path); - if (platform_chdir (top)) - msg (M_ERR, "cd to '%s' failed", top); - msg (M_INFO, "chroot to '%s' and cd to '%s' succeeded", path, top); -#else - msg (M_FATAL, "Sorry but I can't chroot to '%s' because this operating system doesn't appear to support the chroot() system call", path); + const char *top = "/"; + if (chroot(path)) + { + msg(M_ERR, "chroot to '%s' failed", path); + } + if (platform_chdir(top)) + { + msg(M_ERR, "cd to '%s' failed", top); + } + msg(M_INFO, "chroot to '%s' and cd to '%s' succeeded", path, top); +#else /* ifdef HAVE_CHROOT */ + msg(M_FATAL, "Sorry but I can't chroot to '%s' because this operating system doesn't appear to support the chroot() system call", path); #endif } } @@ -61,34 +65,38 @@ platform_chroot (const char *path) /* Get/Set UID of process */ bool -platform_user_get (const char *username, struct platform_state_user *state) +platform_user_get(const char *username, struct platform_state_user *state) { - bool ret = false; - CLEAR (*state); - if (username) + bool ret = false; + CLEAR(*state); + if (username) { #if defined(HAVE_GETPWNAM) && defined(HAVE_SETUID) - state->pw = getpwnam (username); - if (!state->pw) - msg (M_ERR, "failed to find UID for user %s", username); - state->username = username; - ret = true; -#else - msg (M_FATAL, "cannot get UID for user %s -- platform lacks getpwname() or setuid() system calls", username); + state->pw = getpwnam(username); + if (!state->pw) + { + msg(M_ERR, "failed to find UID for user %s", username); + } + state->username = username; + ret = true; +#else /* if defined(HAVE_GETPWNAM) && defined(HAVE_SETUID) */ + msg(M_FATAL, "cannot get UID for user %s -- platform lacks getpwname() or setuid() system calls", username); #endif } - return ret; + return ret; } void -platform_user_set (const struct platform_state_user *state) +platform_user_set(const struct platform_state_user *state) { #if defined(HAVE_GETPWNAM) && defined(HAVE_SETUID) - if (state->username && state->pw) + if (state->username && state->pw) { - if (setuid (state->pw->pw_uid)) - msg (M_ERR, "setuid('%s') failed", state->username); - msg (M_INFO, "UID set to %s", state->username); + if (setuid(state->pw->pw_uid)) + { + msg(M_ERR, "setuid('%s') failed", state->username); + } + msg(M_INFO, "UID set to %s", state->username); } #endif } @@ -96,41 +104,47 @@ platform_user_set (const struct platform_state_user *state) /* Get/Set GID of process */ bool -platform_group_get (const char *groupname, struct platform_state_group *state) +platform_group_get(const char *groupname, struct platform_state_group *state) { - bool ret = false; - CLEAR (*state); - if (groupname) + bool ret = false; + CLEAR(*state); + if (groupname) { #if defined(HAVE_GETGRNAM) && defined(HAVE_SETGID) - state->gr = getgrnam (groupname); - if (!state->gr) - msg (M_ERR, "failed to find GID for group %s", groupname); - state->groupname = groupname; - ret = true; -#else - msg (M_FATAL, "cannot get GID for group %s -- platform lacks getgrnam() or setgid() system calls", groupname); + state->gr = getgrnam(groupname); + if (!state->gr) + { + msg(M_ERR, "failed to find GID for group %s", groupname); + } + state->groupname = groupname; + ret = true; +#else /* if defined(HAVE_GETGRNAM) && defined(HAVE_SETGID) */ + msg(M_FATAL, "cannot get GID for group %s -- platform lacks getgrnam() or setgid() system calls", groupname); #endif } - return ret; + return ret; } void -platform_group_set (const struct platform_state_group *state) +platform_group_set(const struct platform_state_group *state) { #if defined(HAVE_GETGRNAM) && defined(HAVE_SETGID) - if (state->groupname && state->gr) + if (state->groupname && state->gr) { - if (setgid (state->gr->gr_gid)) - msg (M_ERR, "setgid('%s') failed", state->groupname); - msg (M_INFO, "GID set to %s", state->groupname); + if (setgid(state->gr->gr_gid)) + { + msg(M_ERR, "setgid('%s') failed", state->groupname); + } + msg(M_INFO, "GID set to %s", state->groupname); #ifdef HAVE_SETGROUPS - { - gid_t gr_list[1]; - gr_list[0] = state->gr->gr_gid; - if (setgroups (1, gr_list)) - msg (M_ERR, "setgroups('%s') failed", state->groupname); - } + { + gid_t gr_list[1]; + gr_list[0] = state->gr->gr_gid; + if (setgroups(1, gr_list)) + { + msg(M_ERR, "setgroups('%s') failed", state->groupname); + } + } #endif } #endif @@ -138,33 +152,37 @@ platform_group_set (const struct platform_state_group *state) /* Change process priority */ void -platform_nice (int niceval) +platform_nice(int niceval) { - if (niceval) + if (niceval) { #ifdef HAVE_NICE - errno = 0; - if (nice (niceval) < 0 && errno != 0) - msg (M_WARN | M_ERRNO, "WARNING: nice %d failed: %s", niceval, strerror(errno)); - else - msg (M_INFO, "nice %d succeeded", niceval); -#else - msg (M_WARN, "WARNING: nice %d failed (function not implemented)", niceval); + errno = 0; + if (nice(niceval) < 0 && errno != 0) + { + msg(M_WARN | M_ERRNO, "WARNING: nice %d failed: %s", niceval, strerror(errno)); + } + else + { + msg(M_INFO, "nice %d succeeded", niceval); + } +#else /* ifdef HAVE_NICE */ + msg(M_WARN, "WARNING: nice %d failed (function not implemented)", niceval); #endif } } /* Get current PID */ unsigned int -platform_getpid () +platform_getpid() { #ifdef _WIN32 - return (unsigned int) GetCurrentProcessId (); + return (unsigned int) GetCurrentProcessId(); #else #ifdef HAVE_GETPID - return (unsigned int) getpid (); + return (unsigned int) getpid(); #else - return 0; + return 0; #endif #endif } @@ -174,12 +192,16 @@ void platform_mlockall(bool print_msg) { #ifdef HAVE_MLOCKALL - if (mlockall (MCL_CURRENT | MCL_FUTURE)) - msg (M_WARN | M_ERRNO, "WARNING: mlockall call failed"); - else if (print_msg) - msg (M_INFO, "mlockall call succeeded"); -#else - msg (M_WARN, "WARNING: mlockall call failed (function not implemented)"); + if (mlockall(MCL_CURRENT | MCL_FUTURE)) + { + msg(M_WARN | M_ERRNO, "WARNING: mlockall call failed"); + } + else if (print_msg) + { + msg(M_INFO, "mlockall call succeeded"); + } +#else /* ifdef HAVE_MLOCKALL */ + msg(M_WARN, "WARNING: mlockall call failed (function not implemented)"); #endif } @@ -187,20 +209,20 @@ platform_mlockall(bool print_msg) * Wrapper for chdir library function */ int -platform_chdir (const char* dir) +platform_chdir(const char *dir) { #ifdef HAVE_CHDIR #ifdef _WIN32 - int res; - struct gc_arena gc = gc_new (); - res = _wchdir (wide_string (dir, &gc)); - gc_free (&gc); - return res; -#else - return chdir (dir); + int res; + struct gc_arena gc = gc_new(); + res = _wchdir(wide_string(dir, &gc)); + gc_free(&gc); + return res; +#else /* ifdef _WIN32 */ + return chdir(dir); #endif -#else - return -1; +#else /* ifdef HAVE_CHDIR */ + return -1; #endif } @@ -208,25 +230,25 @@ platform_chdir (const char* dir) * convert execve() return into a success/failure value */ bool -platform_system_ok (int stat) +platform_system_ok(int stat) { #ifdef _WIN32 - return stat == 0; + return stat == 0; #else - return stat != -1 && WIFEXITED (stat) && WEXITSTATUS (stat) == 0; + return stat != -1 && WIFEXITED(stat) && WEXITSTATUS(stat) == 0; #endif } int -platform_access (const char *path, int mode) +platform_access(const char *path, int mode) { #ifdef _WIN32 - struct gc_arena gc = gc_new (); - int ret = _waccess (wide_string (path, &gc), mode & ~X_OK); - gc_free (&gc); - return ret; + struct gc_arena gc = gc_new(); + int ret = _waccess(wide_string(path, &gc), mode & ~X_OK); + gc_free(&gc); + return ret; #else - return access (path, mode); + return access(path, mode); #endif } @@ -234,15 +256,15 @@ platform_access (const char *path, int mode) * Go to sleep for n milliseconds. */ void -platform_sleep_milliseconds (unsigned int n) +platform_sleep_milliseconds(unsigned int n) { #ifdef _WIN32 - Sleep (n); + Sleep(n); #else - struct timeval tv; - tv.tv_sec = n / 1000; - tv.tv_usec = (n % 1000) * 1000; - select (0, NULL, NULL, NULL, &tv); + struct timeval tv; + tv.tv_sec = n / 1000; + tv.tv_usec = (n % 1000) * 1000; + select(0, NULL, NULL, NULL, &tv); #endif } @@ -250,67 +272,67 @@ platform_sleep_milliseconds (unsigned int n) * Go to sleep indefinitely. */ void -platform_sleep_until_signal (void) +platform_sleep_until_signal(void) { #ifdef _WIN32 - ASSERT (0); + ASSERT(0); #else - select (0, NULL, NULL, NULL, NULL); + select(0, NULL, NULL, NULL, NULL); #endif } /* delete a file, return true if succeeded */ bool -platform_unlink (const char *filename) +platform_unlink(const char *filename) { #if defined(_WIN32) - struct gc_arena gc = gc_new (); - BOOL ret = DeleteFileW (wide_string (filename, &gc)); - gc_free (&gc); - return (ret != 0); + struct gc_arena gc = gc_new(); + BOOL ret = DeleteFileW(wide_string(filename, &gc)); + gc_free(&gc); + return (ret != 0); #elif defined(HAVE_UNLINK) - return (unlink (filename) == 0); -#else - return false; + return (unlink(filename) == 0); +#else /* if defined(_WIN32) */ + return false; #endif } FILE * -platform_fopen (const char *path, const char *mode) +platform_fopen(const char *path, const char *mode) { #ifdef _WIN32 - struct gc_arena gc = gc_new (); - FILE *f = _wfopen (wide_string (path, &gc), wide_string (mode, &gc)); - gc_free (&gc); - return f; + struct gc_arena gc = gc_new(); + FILE *f = _wfopen(wide_string(path, &gc), wide_string(mode, &gc)); + gc_free(&gc); + return f; #else - return fopen(path, mode); + return fopen(path, mode); #endif } int -platform_open (const char *path, int flags, int mode) +platform_open(const char *path, int flags, int mode) { #ifdef _WIN32 - struct gc_arena gc = gc_new (); - int fd = _wopen (wide_string (path, &gc), flags, mode); - gc_free (&gc); - return fd; + struct gc_arena gc = gc_new(); + int fd = _wopen(wide_string(path, &gc), flags, mode); + gc_free(&gc); + return fd; #else - return open(path, flags, mode); + return open(path, flags, mode); #endif } int -platform_stat (const char *path, platform_stat_t *buf) +platform_stat(const char *path, platform_stat_t *buf) { #ifdef _WIN32 - struct gc_arena gc = gc_new (); - int res = _wstat (wide_string (path, &gc), buf); - gc_free (&gc); - return res; + struct gc_arena gc = gc_new(); + int res = _wstat(wide_string(path, &gc), buf); + gc_free(&gc); + return res; #else - return stat(path, buf); + return stat(path, buf); #endif } |