aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorToni Uhlig <matzeton@googlemail.com>2017-12-19 16:13:35 +0100
committerToni Uhlig <matzeton@googlemail.com>2017-12-19 16:13:35 +0100
commit252ab35c2e9944d87e750afc3852a487f596cbbd (patch)
tree8bf15760e3ef09f0b645c4cf4577570018e8bbff /src
parenta0f97ecfd138d12fcac3177ea1ce9f15df0f7fd4 (diff)
ptunnel-ng:
* optional feature disabled warning * SeLinux enabled flag * cosmetics # Bitte geben Sie eine Commit-Beschreibung für Ihre Änderungen ein. Zeilen,
Diffstat (limited to 'src')
-rw-r--r--src/options.c52
-rw-r--r--src/options.h5
-rw-r--r--src/ptunnel.c6
-rw-r--r--src/ptunnel.h2
-rw-r--r--src/utils.c2
5 files changed, 43 insertions, 24 deletions
diff --git a/src/options.c b/src/options.c
index d8061bd..89fcde8 100644
--- a/src/options.c
+++ b/src/options.c
@@ -72,6 +72,9 @@ static const struct option_usage usage[] = {
},
/** --libpcap */
{"interface", 0, OPT_STR, {.str = "eth0"},
+#ifdef HAVE_PCAP
+ "(Not available on this platform.)\n"
+#endif
"Enable libpcap on the given device.\n"
},
/** --logfile */
@@ -84,8 +87,7 @@ static const struct option_usage usage[] = {
},
/** --passwd */
{"password", 0, OPT_STR, {.str = NULL},
- "Set password (must be same on client and proxy)\n"
- "If no password is set, you will be asked during runtime.\n"
+ "Set a password (must be same on client and proxy)\n"
},
/** --udp */
{NULL, 0, OPT_BOOL, {.num = 0},
@@ -98,35 +100,48 @@ static const struct option_usage usage[] = {
"Unprivileged mode will only work on some systems, and is in general less reliable\n"
"than running in privileged mode.\n"
},
- /** --base64 */
- {NULL, 0, OPT_BOOL, {.num = 0},
- "Base64 encode/decode all outoging/incoming packets."},
-#ifndef WIN32
/** --daemon */
{"pidfile", 0, OPT_STR, {.str = "/run/ptunnel.pid"},
+#ifdef WIN32
+ "(Not available on this platform.)\n"
+#endif
"Run in background, the PID will be written in the file supplied as argument\n"
},
/** --syslog */
{NULL, 0, OPT_BOOL, {.num = 0},
+#ifdef WIN32
+ "(Not available on this platform.)\n"
+#endif
"Output debug to syslog instead of standard out.\n"
},
/** --user */
{"user", 0, OPT_STR, {.str = "nobody"},
+#ifdef WIN32
+ "(Not available on this platform.)\n"
+#endif
"When started in privileged mode, drop down to user's rights as soon as possible\n"
},
/** --group */
{"group", 0, OPT_STR, {.str = "nogroup"},
+#ifdef WIN32
+ "(Not available on this platform.)\n"
+#endif
"When started in privileged mode, drop down to group's rights as soon as possible\n"
},
/** --chroot */
{"directory", 0, OPT_STR, {.str = "/var/lib/ptunnel"},
+#ifdef WIN32
+ "(Not available on this platform.)\n"
+#endif
"When started in privileged mode, restrict file access to the specified directory\n"
},
-#endif
/** --setcon */
- {NULL, 0, OPT_STR, {.num = 0},
+ {"context", 0, OPT_STR, {.str = "ptunnel"},
+#ifndef HAVE_SELINUX
+ "(Not available on this platform.)\n"
+#endif
"Set SELinux context when all there is left to do are network I/O operations\n"
- "To combine with -chroot you will have to `mount --bind /proc /chrootdir/proc`\n"
+ "To combine with --chroot you will have to `mount --bind /proc /chrootdir/proc`\n"
},
/** --help */
{"help", 0, OPT_STR, {.str = NULL}, "this\n"},
@@ -147,15 +162,12 @@ static struct option long_options[] = {
{"passwd", required_argument, 0, 'P'},
{"udp", no_argument, &opts.udp, 1 },
{"unprivileged", no_argument, &opts.unprivileged, 1 },
- {"base64", no_argument, &opts.base64, 1 },
-#ifndef WIN32
{"daemon", optional_argument, 0, 'd'},
{"syslog", no_argument, 0, 'S'},
{"user", optional_argument, 0, 'u'},
{"group", optional_argument, 0, 'g'},
{"chroot", optional_argument, 0, 'C'},
-#endif
- {"setcon", no_argument, 0, 'e'},
+ {"setcon", optional_argument, 0, 'e'},
{"help", no_argument, 0, 'h'},
{NULL,0,0,0}
};
@@ -217,6 +229,9 @@ static void set_options_defaults(void) {
opts.root_dir = strdup(*(char **)get_default_optval(OPT_STR, "chroot"));
#endif
+#ifdef HAVE_SELINUX
+ opts.selinux_context = strdup(*(char **)get_default_optval(OPT_STR, "setcon"));
+#endif
}
static void print_multiline(const char *prefix, const char *multiline) {
@@ -331,7 +346,7 @@ int parse_options(int argc, char **argv) {
/* parse command line arguments */
while (1) {
- c = getopt_long(argc, argv, "m:p:l:r::R::c:v:L::o::sP:d::Su::g::C::eh", &long_options[0], &optind);
+ c = getopt_long(argc, argv, "m:p:l:r::R::c:v:L::o::sP:d::Su::g::C::e::h", &long_options[0], &optind);
if (c == -1) break;
switch (c) {
@@ -450,12 +465,15 @@ int parse_options(int argc, char **argv) {
case 'S':
case 'u':
case 'g':
- case 't':
+ case 'C':
pt_log(kLog_error, "-%c: feature not supported\n", c);
exit(1);
#endif
case 'e':
#ifdef HAVE_SELINUX
+ opts.selinux = 1;
+ if (!optarg)
+ break;
if (opts.selinux_context)
free(opts.selinux_context);
opts.selinux_context = strdup(optarg);
@@ -499,9 +517,5 @@ int parse_options(int argc, char **argv) {
} else opts.log_file = tmp_log;
}
- if (opts.base64 != 0) {
- pt_log(kLog_debug, "Base64 enabled.");
- }
-
return 0;
}
diff --git a/src/options.h b/src/options.h
index 8678d60..9029b6a 100644
--- a/src/options.h
+++ b/src/options.h
@@ -51,8 +51,6 @@ struct options {
int udp;
/** unpriviledged mode */
int unprivileged;
- /** use base64 encoded packets */
- int base64;
#ifndef WIN32
/** run as daemon if non zero value */
@@ -72,6 +70,9 @@ struct options {
#endif
#ifdef HAVE_SELINUX
+ /** Non zero value if uer wants SeLinux */
+ int selinux;
+ /** SeLinux context name */
char *selinux_context;
#endif
};
diff --git a/src/ptunnel.c b/src/ptunnel.c
index 95ebbac..85f3b5f 100644
--- a/src/ptunnel.c
+++ b/src/ptunnel.c
@@ -506,8 +506,10 @@ void* pt_proxy(void *args) {
if (opts.uid && -1 == setuid(opts.uid))
pt_log(kLog_error, "setuid(%d): %s\n", opts.uid, strerror(errno));
#ifdef HAVE_SELINUX
- if (NULL != opts.selinux_context && -1 == setcon(opts.selinux_context))
- pt_log(kLog_error, "setcon(%s) failed: %s\n", opts.selinux_context, strerror(errno));
+ if (opts.selinux) {
+ if (NULL != opts.selinux_context && -1 == setcon(opts.selinux_context))
+ pt_log(kLog_error, "setcon(%s) failed: %s\n", opts.selinux_context, strerror(errno));
+ }
#endif
#endif
diff --git a/src/ptunnel.h b/src/ptunnel.h
index 7ce15e3..c5a9e9b 100644
--- a/src/ptunnel.h
+++ b/src/ptunnel.h
@@ -66,7 +66,9 @@
#include <signal.h>
#include <stdint.h>
#include <stdbool.h>
+#ifdef HAVE_PCAP
#include <pcap.h>
+#endif
#include "pkt.h"
#include "pdesc.h"
diff --git a/src/utils.c b/src/utils.c
index 0872619..996baf7 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -39,7 +39,7 @@ void pt_log(int level, const char *fmt, ...) {
#else
if (opts.log_file != stdout)
#endif
- fflush(opts.log_file);
+ fflush(opts.log_file);
}
}