"Fossies" - the Fresh Open Source Software Archive 
Source code changes of the file "src/supernode.c" between
n2n-3.0.tar.gz and n2n-3.1.1.tar.gz
About: n2n is a layer-two peer-to-peer virtual private network (VPN) which allows bypassing intermediate firewalls. Pre-release.
| supernode.c (n2n-3.0) | : | supernode.c (n2n-3.1.1) | ||
|---|---|---|---|---|
| /** | /** | |||
| * (C) 2007-21 - ntop.org and contributors | * (C) 2007-22 - ntop.org and contributors | |||
| * | * | |||
| * This program is free software; you can redistribute it and/or modify | * This program is free software; you can redistribute it and/or modify | |||
| * it under the terms of the GNU General Public License as published by | * it under the terms of the GNU General Public License as published by | |||
| * the Free Software Foundation; either version 3 of the License, or | * the Free Software Foundation; either version 3 of the License, or | |||
| * (at your option) any later version. | * (at your option) any later version. | |||
| * | * | |||
| * This program is distributed in the hope that it will be useful, | * This program is distributed in the hope that it will be useful, | |||
| * but WITHOUT ANY WARRANTY; without even the implied warranty of | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
| * GNU General Public License for more details. | * GNU General Public License for more details. | |||
| skipping to change at line 291 | skipping to change at line 291 | |||
| sss->groupid = atoi(_optarg); | sss->groupid = atoi(_optarg); | |||
| break; | break; | |||
| #endif | #endif | |||
| case 'F': { /* federation name */ | case 'F': { /* federation name */ | |||
| snprintf(sss->federation->community, N2N_COMMUNITY_SIZE - 1 ,"*%s", _optarg); | snprintf(sss->federation->community, N2N_COMMUNITY_SIZE - 1 ,"*%s", _optarg); | |||
| sss->federation->community[N2N_COMMUNITY_SIZE - 1] = '\0'; | sss->federation->community[N2N_COMMUNITY_SIZE - 1] = '\0'; | |||
| break; | break; | |||
| } | } | |||
| #ifdef SN_MANUAL_MAC | #ifdef SN_MANUAL_MAC | |||
| case 'm': {/* MAC address */ | case 'm': {/* MAC address */ | |||
| str2mac(sss->mac_addr,_optarg); | str2mac(sss->mac_addr, _optarg); | |||
| // clear multicast bit | ||||
| sss->mac_addr[0] &= ~0x01; | ||||
| // set locally-assigned bit | ||||
| sss->mac_addr[0] |= 0x02; | ||||
| break; | break; | |||
| } | } | |||
| #endif | #endif | |||
| case 'M': /* override spoofing protection */ | case 'M': /* override spoofing protection */ | |||
| sss->override_spoofing_protection = 1; | sss->override_spoofing_protection = 1; | |||
| break; | break; | |||
| case 'V': /* version text */ | case 'V': /* version text */ | |||
| strncpy(sss->version, _optarg, sizeof(n2n_version_t)); | strncpy(sss->version, _optarg, sizeof(n2n_version_t)); | |||
| sss->version[sizeof(n2n_version_t) - 1] = '\0'; | sss->version[sizeof(n2n_version_t) - 1] = '\0'; | |||
| skipping to change at line 632 | skipping to change at line 638 | |||
| traceEvent(TRACE_ERROR, "failed to open management socket, %s", strerror (errno)); | traceEvent(TRACE_ERROR, "failed to open management socket, %s", strerror (errno)); | |||
| exit(-2); | exit(-2); | |||
| } else { | } else { | |||
| traceEvent(TRACE_NORMAL, "supernode is listening on UDP %u (management)" , sss_node.mport); | traceEvent(TRACE_NORMAL, "supernode is listening on UDP %u (management)" , sss_node.mport); | |||
| } | } | |||
| HASH_ITER(hh, sss_node.federation->edges, scan, tmp) | HASH_ITER(hh, sss_node.federation->edges, scan, tmp) | |||
| scan->socket_fd = sss_node.sock; | scan->socket_fd = sss_node.sock; | |||
| #ifndef WIN32 | #ifndef WIN32 | |||
| /* | ||||
| * If no uid/gid is specified on the commandline, use the uid/gid of the | ||||
| * first found out of user "n2n" or "nobody" | ||||
| */ | ||||
| if(((pw = getpwnam ("n2n")) != NULL) || ((pw = getpwnam ("nobody")) != NULL) ) { | if(((pw = getpwnam ("n2n")) != NULL) || ((pw = getpwnam ("nobody")) != NULL) ) { | |||
| /* | ||||
| * If the uid/gid is not set from the CLI, set it from getpwnam | ||||
| * otherwise reset it to zero | ||||
| * (TODO: this looks wrong) | ||||
| */ | ||||
| sss_node.userid = sss_node.userid == 0 ? pw->pw_uid : 0; | sss_node.userid = sss_node.userid == 0 ? pw->pw_uid : 0; | |||
| sss_node.groupid = sss_node.groupid == 0 ? pw->pw_gid : 0; | sss_node.groupid = sss_node.groupid == 0 ? pw->pw_gid : 0; | |||
| } | } | |||
| /* | ||||
| * If we have a non-zero requested uid/gid, attempt to switch to use | ||||
| * those | ||||
| */ | ||||
| if((sss_node.userid != 0) || (sss_node.groupid != 0)) { | if((sss_node.userid != 0) || (sss_node.groupid != 0)) { | |||
| traceEvent(TRACE_NORMAL, "dropping privileges to uid=%d, gid=%d", | traceEvent(TRACE_NORMAL, "dropping privileges to uid=%d, gid=%d", | |||
| (signed int)sss_node.userid, (signed int)sss_node.groupi d); | (signed int)sss_node.userid, (signed int)sss_node.groupi d); | |||
| /* Finished with the need for root privileges. Drop to unprivileged user . */ | /* Finished with the need for root privileges. Drop to unprivileged user . */ | |||
| if((setgid(sss_node.groupid) != 0) | if((setgid(sss_node.groupid) != 0) | |||
| || (setuid(sss_node.userid) != 0)) { | || (setuid(sss_node.userid) != 0)) { | |||
| traceEvent(TRACE_ERROR, "unable to drop privileges [%u/%s]", errno, strerror(errno)); | traceEvent(TRACE_ERROR, "unable to drop privileges [%u/%s]", errno, strerror(errno)); | |||
| exit(1); | ||||
| } | } | |||
| } | } | |||
| if((getuid() == 0) || (getgid() == 0)) { | if((getuid() == 0) || (getgid() == 0)) { | |||
| traceEvent(TRACE_WARNING, "running as root is discouraged, check out the -u/-g options"); | traceEvent(TRACE_WARNING, "running as root is discouraged, check out the -u/-g options"); | |||
| } | } | |||
| #endif | #endif | |||
| sn_init(&sss_node); | sn_init(&sss_node); | |||
| End of changes. 6 change blocks. | ||||
| 3 lines changed or deleted | 22 lines changed or added | |||