X-Git-Url: https://git.distorted.org.uk/~mdw/tripe/blobdiff_plain/388e0319a0faf48193658c82228133bd1ea24eb6..HEAD:/server/privsep.c diff --git a/server/privsep.c b/server/privsep.c index 5bc2b892..ffe64048 100644 --- a/server/privsep.c +++ b/server/privsep.c @@ -9,19 +9,18 @@ * * This file is part of Trivial IP Encryption (TrIPE). * - * TrIPE is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. + * TrIPE is free software: you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 3 of the License, or (at your + * option) any later version. * - * TrIPE is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * TrIPE is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. * * You should have received a copy of the GNU General Public License - * along with TrIPE; if not, write to the Free Software Foundation, - * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * along with TrIPE. If not, see . */ /*----- Header files ------------------------------------------------------*/ @@ -32,6 +31,7 @@ /*----- Static variables --------------------------------------------------*/ static pid_t kid = -1; +static sig sig_chld; /*----- Fetching a tunnel file descriptor ---------------------------------*/ @@ -128,7 +128,7 @@ lose: * Use: Notices and reports child process death. */ -static void reap(int sig) +static void reap(int sig, void *p) { pid_t k; int st; @@ -163,34 +163,35 @@ static void reap(int sig) * * Arguments: @int detachp@ = whether to detach the child from its terminal * - * Returns: --- + * Returns: Zero on success, @-1@ on failure. * * Use: Separates off the privileged tunnel-opening service from the * rest of the server. */ -void ps_split(int detachp) +int ps_split(int detachp) { pid_t kid; int fd[2]; + mdup_fd md[1]; const char *helper; if (socketpair(PF_UNIX, SOCK_STREAM, 0, fd)) { - die(EXIT_FAILURE, - "failed to create socket pair for privilege separation: %s", - strerror(errno)); + a_warn("PRIVSEP", "socketpair-create-failed", "?ERRNO", A_END); + return (-1); } helper = getenv("TRIPE_PRIVHELPER"); if (!helper) helper = PRIVSEP_HELPER; fdflags(fd[0], 0, 0, FD_CLOEXEC, FD_CLOEXEC); fdflags(fd[1], 0, 0, FD_CLOEXEC, FD_CLOEXEC); - signal(SIGCHLD, reap); + sig_add(&sig_chld, SIGCHLD, reap, 0); kid = fork(); if (kid == 0) { signal(SIGCHLD, SIG_DFL); if (detachp) detachtty(); - if (dup2(fd[0], 0) < 0) goto lose; - close(fd[0]); close(fd[1]); + close(fd[1]); + md[0].cur = fd[0]; md[0].want = STDIN_FILENO; + if (mdup(md, 1)) goto lose; execl(helper, helper, (char *)0); lose: fprintf(stderr, "helper: failed to run helper: %s\n", strerror(errno)); @@ -199,6 +200,7 @@ void ps_split(int detachp) T( trace(T_PRIVSEP, "privsep: forked child successfully"); ) close(fd[0]); pc_fd = fd[1]; + return (0); } /* --- @ps_quit@ --- *