authbind
helper
libauthbind.o
-libauthbind.so.0.1
+libauthbind.so.1.0
+# Makefile for authbind
+#
+# authbind is Copyright (C) 1998 Ian Jackson
#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software Foundation,
+# Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# $Id$
+
+prefix=/usr/local
+share_dir=$(prefix)/share
+etc_dir=/etc/authbind
+lib_dir=$(prefix)/lib/authbind
+man_dir=$(share_dir)/man
+man1_dir=$(man_dir)/man1
+man8_dir=$(man_dir)/man8
+
OPTIMISE= -O2
CFLAGS= -g $(OPTIMISE) \
-Wall -Wwrite-strings -Wpointer-arith -Wimplicit \
-Wnested-externs -Wmissing-prototypes -Wstrict-prototypes
+CPPFLAGS= -DMAJOR_VER='"$(MAJOR)"' -DMINOR_VER='"$(MINOR)"' \
+ -DLIBAUTHBIND='"$(lib_dir)/$(LIBCANON)"' \
+ -DHELPER='"$(prefix)/helper"' -DCONFIGDIR='"$(etc_dir)"'
+
+MAJOR=1
+MINOR=0
+LIBCANON= libauthbind.so.$(MAJOR)
+LIBTARGET= $(LIBCANON).$(MINOR)
-TARGETS= authbind helper libauthbind.so.0.1
+TARGETS= authbind helper $(LIBTARGET)
+MANPAGES_1= authbind
+MANPAGES_8= authbind-helper
all: $(TARGETS)
+install: $(TARGETS)
+ install -o root -g root -m 755 -d $(lib_dir) $(man_dir)
+ install -o root -g root -m 755 authbind $(bin_dir)/.
+ install -o root -g root -m 755 $(LIBTARGET) $(lib_dir)/.
+ strip --strip-unneeded $(lib_dir)/$(LIBTARGET)
+ ln -s $(LIBTARGET) $(lib_dir)/$(LIBCANON)
+ install -o root -g root -m 4755 helper $(lib_dir)/.
+ install -o root -g root -m 755 -d $(etc_dir) \
+ $(etc_dir)/byport $(etc_dir)/byaddr $(etc_dir)/byuid
+
+install_man: $(MANPAGES_1) $(MANPAGES_8)
+ install -o root -g root -m 644 $(MANPAGES_1) $(man1_dir)/.
+ install -o root -g root -m 644 $(MANPAGES_8) $(man8_dir)/.
+
libauthbind.o: libauthbind.c
- gcc -D_REENTRANT -g $(CFLAGS) -c -o libauthbind.o -fPIC libauthbind.c
+ $(CC) -D_REENTRANT $(CFLAGS) $(CPPFLAGS) -c -o $@ -fPIC $<
-libauthbind.so.0.1: libauthbind.o
- gcc -g -shared -Wl,-soname,libauthbind.so.0.1 -o libauthbind.so.0.1 libauthbind.o -ldl -lc
+$(LIBTARGET): libauthbind.o
+ gcc -g -shared -Wl,-soname,$(LIBCANON) -o $@ $< -ldl -lc
-clean distclean:
- rm -f $(TARGETS) *.o *~ ./#*# *.bak debian/*~
- rm -f core libauthbind.so*
+clean distclean:
+ rm -f $(TARGETS) *.o *~ ./#*# *.bak *.new core libauthbind.so*
--- /dev/null
+.\" Hey, Emacs! This is an -*- nroff -*- source file.
+.\" Authors: Ian Jackson
+.\"
+.\" authbind is Copyright (C) 1998 Ian Jackson
+.\"
+.\" This program is free software; you can redistribute it and/or modify
+.\" it under the terms of the GNU General Public License as published by
+.\" the Free Software Foundation; either version 2, or (at your option)
+.\" any later version.
+.\"
+.\" This program is distributed in the hope that it will be useful,
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+.\" GNU General Public License for more details.
+.\"
+.\" You should have received a copy of the GNU General Public License
+.\" along with this program; if not, write to the Free Software Foundation,
+.\" Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+.\"
+.\" $Id$
+.\"
+.TH AUTHBIND\-HELPER 8 "30th August 1998" "Debian Project" "Debian Linux manual"
+.br
+.SH NAME
+authbind\-helper \- helper program to bind sockets to privileged ports without root
+.SH SYNOPSIS
+.BI /usr/lib/authbind/helper " addr\-hex port\-hex " < socket
+.SH DESCRIPTION
+.B helper
+is the program used by
+.BR libauthbind ,
+which is in turn used by
+.B authbind
+to allow programs which do not or should not run as root to bind to
+low-numbered ports in a controlled way. See
+.BR authbind (1).
+.PP
+It may also be used standalone, i.e. without assistance from
+.BR authbind .
+Its standard input should be a TCP/IP socket, and it should be passed
+two arguments.
+.PP
+The arguments are the address and port number, respectively, to which
+the caller desires that the socket be bound. They should be hex
+strings,
+.I without
+leading
+.BR 0x ,
+of exactly the right length (8 and 4 digits, respectively), being
+a pairs of hex digits for each byte in the address or port number when
+expressed in network byte order.
+.SH EXIT STATUS
+.B helper
+will exit with code 0 on success.
+.PP
+If possible,
+.B helper
+will return an appropriate
+.B errno
+value as its exit status. If this is not possible it may exit with
+status 255 or with an exit status corresponding to
+.B ENOSYS
+.RI ( "Function not implemented" ).
+.SH ACCESS CONTROL
+See
+.BR authbind (1)
+for details of the access control regime implemented by
+.BR helper .
+.SH SEE ALSO
+.BR authbind (1),
+.BR bind (2)
+.SH AUTHOR
+.B authbind
+and this manpage were written by Ian Jackson. They are
+Copyright (C)1998
+by him and released under the GNU General Public Licence; there is NO
+WARRANTY. See
+.B /usr/doc/authbind/copyright
+and
+.B /usr/doc/copyright/GPL
+for details.
--- /dev/null
+.\" Hey, Emacs! This is an -*- nroff -*- source file.
+.\" Authors: Ian Jackson
+.\"
+.\" authbind is Copyright (C) 1998 Ian Jackson
+.\"
+.\" This program is free software; you can redistribute it and/or modify
+.\" it under the terms of the GNU General Public License as published by
+.\" the Free Software Foundation; either version 2, or (at your option)
+.\" any later version.
+.\"
+.\" This program is distributed in the hope that it will be useful,
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+.\" GNU General Public License for more details.
+.\"
+.\" You should have received a copy of the GNU General Public License
+.\" along with this program; if not, write to the Free Software Foundation,
+.\" Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+.\"
+.\" $Id$
+.\"
+.TH AUTHBIND 1 "30th August 1998" "Debian Project" "Debian Linux manual"
+.SH NAME
+authbind \- bind sockets to privileged ports without root
+.SH SYNOPSIS
+.BI authbind " program"
+.RI [ argument " ...]"
+.SH DESCRIPTION
+.B authbind
+allows a program which does not or should not run as root to bind to
+low-numbered ports in a controlled way.
+.PP
+You must invoke the program using
+.BR authbind ". " authbind
+will set up some environment variables, including an
+.BR LD_PRELOAD ,
+which will allow the program (including any subprocesses it may run)
+to bind to low-numbered (<1024) ports if the system is configured to
+allow this.
+.SH ACCESS CONTROL
+Access to low numbered ports is controlled by permissions and contents
+of files in a configuration area,
+.BR /etc/authbind .
+.PP
+Firstly,
+.BI /etc/authbind/byport/ port
+is tested. If this file is accessible for execution to the calling
+user, according to
+.BR access (2),
+then binding to the port is authorised. If the file can be seen not
+to exist (the existence check returns
+.BR ENOENT )
+then further tests will be used to find authorisation; otherwise,
+binding is not authorised, and the
+.B bind
+call will return with the
+.B errno
+value from the
+.BR access (2)
+call, usually
+.B EACCES
+.RI ( "Permission denied" ).
+.PP
+Secondly, if that test fails to resolve the matter,
+.BI /etc/authbind/byaddr/ addr : port
+is tested, in the same manner as above.
+.PP
+Thirdly, if the question is still unresolved, the file
+.BI /etc/authbind/byuid/ uid
+will be opened and read. If the file does not exist then the binding
+is not authorised and
+.B bind
+will return
+.B EPERM
+.RI ( "Operation not permitted" ", or " "Not owner" ).
+If the file does exist it will be searched for a line of the form
+.nf
+.IB addr / length : min\-port , max\-port
+.fi
+matching the request (ie, the initial
+.I length
+bits of
+.I addr
+match those in the proposed
+.B bind
+call, and the proposed port number lies is in the inclusive range
+specified. If such a line is found then the binding is authorised.
+Otherwise it is not, and
+.B bind
+will fail with
+.B ENOENT
+.RI ( "No such file or directory" ).
+.PP
+In each case above,
+.TP
+.I port
+is the (local) TCP or UDP port number, expressed as an unsigned
+integer in the minimal non-zero number of digits, and
+.TP
+.I addr
+is the (local) IP address, as a dotted quad.
+.PP
+If a read error occurs, or the directory
+.B /etc/authbind
+cannot be accessed, then not only will
+.B bind
+fail, but an error message will be printed to stderr. Unrecognised
+lines in
+.BI /etc/authbind/byuid/ uid
+files are silently ignored (as are lines whose
+.I addr
+has non-zero bits more than
+.I length
+from the top).
+.SH MECHANISM
+The shared library loaded using
+.B LD_PRELOAD
+overrides the
+.BR bind (2)
+system call. When a program invoked via
+.B authbind
+calls
+.B bind
+to bind a socket to a low-numbered TCP/IP port, and if the program
+doesn't already have an effective uid of 0, the version of
+.B bind
+supposed by
+.B authbind
+forks and executes a setuid-root helper program. For non-TCP/IP
+sockets, high-numbered ports, or programs which are already root,
+.B authbind
+passes the call to the original
+.BR bind (2)
+system call, which is found using
+.BR dlsym (3)
+with the handle
+.BR RTLD_NEXT .
+.PP
+.SH ERROR HANDLING
+Usually the normal C error handling mechanisms apply. If
+.B authbind
+cannot find the program it has been asked to execute it will print a
+message to stderr and exit with code 255.
+.PP
+The helper program usually reports back to the shared library with an
+exit status containing an
+.B errno
+value which encodes whether the
+.B bind
+was permitted and successful. This will be returned to the calling
+program in the usual way.
+.PP
+In the case of apparent configuration or other serious errors the
+library and/or the helper program may cause messages to be printed to
+the program's stderr, was well as returning -1 from
+.BR bind .
+.SH BUGS
+.B authbind
+currently only supports IPv4 sockets. Programs which open other kinds
+of sockets will not benefit from
+.BR authbind ,
+but it won't get in their way.
+.PP
+The use of
+.B LD_PRELOAD
+makes an
+.B authbind
+installation specific to a particular C library. This version is for
+GNU/Linux libc6 (glibc2).
+.PP
+It is quite possible that
+.B authbind
+and other programs and facilities which use
+.B LD_PRELOAD
+may interfere with each other, causing unpredictable behaviour or even
+core dumps.
+.B authbind
+is known sometimes not to work correctly with
+.BR fakeroot ,
+for example (even supposing it could be determined what `correctly'
+means in this context).
+.PP
+.B authbind
+is ineffective with setuid programs, because they do not honour
+.B LD_PRELOAD
+for security reasons. Of course a setuid-root program does not need
+.BR authbind ,
+but it might be useful to apply it to program which are setuid to
+another user or setgid. If the author or builder of such a programs
+wishes it to use authbind they could have it load the
+.B libauthbind
+library explicitly rather than via
+.BR LD_PRELOAD .
+.PP
+Some badly-written programs may have trouble because
+.B authbind
+spawns a child process `under their feet', causing (for example) a
+.BR fork (2)
+to happen and
+.B SIGCHLD
+signal to be delivered. Programs should not rely on standard
+libraries not doing these things.
+.PP
+The access control configuration scheme is somewhat strange.
+.SH FILES AND ENVIRONMENT VARIABLES
+.TP
+.I /usr/lib/authbind/libauthbind.so.1.0
+The shared library which
+.B authbind
+causes to be loaded using
+.BR LD_PRELOAD ,
+and which actually implements the diversion of
+.BR bind (2)
+to an external program.
+.TP
+.I LD_PRELOAD
+The variable used by the dynamic linker when starting dynamically
+linked programs and deciding which shared libraries to load and
+modifed by the
+.B authbind
+program to allow it to override the usual meaning of
+.BR bind (2) .
+.TP
+.I AUTHBIND_LIB
+If set, forces
+.B authbind
+to use its value as the path to the shared library to put in
+.BR LD_PRELOAD ,
+instead of the compiled-in value.
+.TP
+.I AUTHBIND_NESTED
+Do not set this variable. It is set to
+.B 1
+by
+.B libauthbind
+when it invokes the helper program. This allows detection of the
+situation where the helper has not been installed setuid, which would
+otherwise lead to infinite recursion.
+.SH SEE ALSO
+.BR bind (2),
+.BR authbind\-helper (8),
+.BR dlsym (3),
+.BR ld.so (8)
+.SH AUTHOR
+.B authbind
+and this manpage were written by Ian Jackson. They are
+Copyright (C)1998
+by him and released under the GNU General Public Licence; there is NO
+WARRANTY. See
+.B /usr/doc/authbind/copyright
+and
+.B /usr/doc/copyright/GPL
+for details.
-/**/
+/*
+ * authbind.c - main invoker program
+ *
+ * authbind is Copyright (C) 1998 Ian Jackson
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ */
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <unistd.h>
-#define LD_PRELOAD "LD_PRELOAD"
-#define AUTHBINDLIB "AUTHBIND_LIB"
-#define LIBAUTHBIND "/usr/lib/authbind/libauthbind.so.0"
+static const char *rcsid="$Id$";
+
+#ifndef LIBAUTHBIND
+# define "/usr/local/lib/authbind/libauthbind.so." MAJOR_VER
+#endif
+
+#define PRELOAD_VAR "LD_PRELOAD"
+#define AUTHBINDLIB_VAR "AUTHBIND_LIB"
int main(int argc, char *const *argv) {
const char *expreload, *authbindlib, *preload;
char *newpreload;
- authbindlib= getenv(AUTHBINDLIB);
- if (!authbindlib) {
- if (setenv(AUTHBINDLIB,LIBAUTHBIND,0)) {
- perror("authbind: setenv " AUTHBINDLIB);
- exit(-1);
- }
- authbindlib= LIBAUTHBIND;
+ if (argc<2 || argv[1][0]=='-') {
+ fprintf(stderr,"authbind: usage: authbind program arg arg ...\n %s\n",rcsid);
+ exit(-1);
}
+
+ authbindlib= getenv(AUTHBINDLIB_VAR);
+ if (!authbindlib) authbindlib= LIBAUTHBIND;
- if ((expreload= getenv(LD_PRELOAD))) {
+ if ((expreload= getenv(PRELOAD_VAR))) {
newpreload= malloc(strlen(expreload)+strlen(authbindlib)+2);
strcpy(newpreload,expreload);
strcat(newpreload,":");
} else {
preload= authbindlib;
}
- if (setenv(LD_PRELOAD,preload,1)) { perror("authbind: setenv"); exit(-1); }
+ if (setenv(PRELOAD_VAR,preload,1)) { perror("authbind: setenv"); exit(-1); }
execvp(argv[1],argv+1);
perror(argv[1]); exit(-1);
+authbind (1.0-1) experimental; urgency=low
+
+ * Following testing, we can call this 1.0.
+
+ -- Ian Jackson <ian@davenant.greenend.org.uk> Sun, 30 Aug 1998 03:15:21 +0100
+
authbind (0.1-1) experimental; urgency=low
* Initial release.
-GNU copyleft joost witteveen, <joostje@debian.org>.
+This is the Debian/GNU Linux prepackaged version of my `authbind'
+utility for allowing non-root programs to bind to privileged ports,
+subject to configuration by the sysadmin.
+
+This package was put together by me, Ian Jackson
+<ian@chiark.greenend.org.uk>, from my CVS repository.
+
+
+authbind is Copyright (C)1998 Ian Jackson <ian@chiark.greenend.org.uk>.
+
+authbind is free software; you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by the
+Free Software Foundation; either version 2 of the License, or (at your
+option) any later version.
+
+This program is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License with
+your Debian GNU/Linux system, in /usr/doc/copyright/GPL, or with the
+Debian GNU/Linux userv source package as the file COPYING; if not,
+email me at one of the addresses above or write to the Free Software
+Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+$Id$
--- /dev/null
+#!/bin/sh
+# $Id$
+set -e
+if test "$1" = purge
+then
+ rm -rf /etc/authbind
+fi
#! /usr/bin/make -f
-# -*- mode: makefile; -*-
#
-# Modified by Ian Jackson for authbind.
-# Then last updated: Sat Dec 17 10:52:20 EST 1994 by imurdock.
+# debian/rules for authbind
+#
+# authbind is Copyright (C) 1998 Ian Jackson
#
-# To make the binary distribution package, the ``Debianized'' source package
-# and the context diff to the original package, type `./debian.rules dist'.
-# Make sure that `debian.rules' is executable before the final distribution
-# is made.
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
#
-# Invoke each target with `./debian.rules <target>'. All targets should be
-# invoked with the package root as the current directory.
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
#
-# The `binary' target must be run as root, as it needs to install files with
-# specific ownerships. The `diff' target assumes that you have the original
-# source package available, unpacked, in ../$(p)-$(v).orig, or that you have
-# the previous revision of the ``Debianized'' source package and context diff
-# in the parent directory.
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software Foundation,
+# Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# $Id$
-CC = gcc
+CC= gcc
package=authbind
-major=0
-minor=1
+major=1
+minor=0
arch = $(shell dpkg --print-architecture)
# made here.
lab=libauthbind.so.$(major).$(minor)
+udp=debian/tmp/usr/doc/$(package)
binary-arch: checkroot build
rm -rf debian/tmp
- install -d -g root -m 755 -o root debian/tmp/DEBIAN \
- debian/tmp/usr/{bin,lib/$(package),doc/$(package)} \
- debian/tmp/etc/authbind/{byport,byname,byuid}
- install -s -g root -o root -m 755 authbind debian/tmp/usr/bin/.
- install -s -g root -o root -m 4755 helper debian/tmp/usr/lib/authbind/.
- install -s -g root -o root -m 755 $(lab) debian/tmp/usr/lib/authbind/.
- ln -s $(lab) debian/tmp/usr/lib/authbind/libauthbind.so.$(major)
- strip --strip-unneeded debian/tmp/usr/lib/authbind/$(lab)
- install -g root -o root -m 644 debian/copyright debian/tmp/usr/doc/$(package)/
- install -g root -o root -m 644 debian/changelog \
- debian/tmp/usr/doc/$(package)/changelog.Debian
- gzip -9 debian/tmp/usr/doc/$(package)/*
+ install -d -g root -m 755 -o root debian/tmp/DEBIAN $udp \
+ debian/tmp/usr/{bin,lib/$(package),man}
+ $(MAKE) prefix=debian/tmp/usr install install_man
+ install -g root -o root -m 644 debian/copyright $(udp)/.
+ install -g root -o root -m 644 debian/changelog $(udp)/changelog.Debian
+ gzip -9 debian/tmp/usr/man/man*/* $(udp)/*
+ install -g root -o root -m 755 debian/postrm debian/tmp/DEBIAN
ifneq ($(arch),alpha)
install -g root -o root -m 644 debian/shlibs debian/tmp/DEBIAN
else
/*
- * setuid. Invoked with socket on stdin.
- * Usage: helper <addr> <port>
- * both are hex strings, padded to the right length.
- * they are pairs of hex digits for each byte (network byte order)
+ * helper.c - setuid helper program for authbind
*
- * If /etc/authbind cannot be chdir'd into, is an error.
- *
- * First, check /etc/authbind/byport/<port> with access(2,X_OK).
- * If OK, then authorised.
- * If ENOENT then keep looking.
- * Otherwise, not authorised, errno=whatever
- *
- * Then check /etc/authbind/byboth/<addr>:<port> likewise.
- *
- * Then try to read /etc/authbind/byuid/<uid> (with superuser privs!)
- * If ENOENT, then not authorised, errno=EPERM
- * If cannot open, then not authorised, errno=whatever
- * If it contains a line of the form
- * <addr>/<length>:<port-min>,<port-max>
- * then authorised, otherwise not authorised, errno=ENOENT
- * If read error then is an error
- *
- * In each case,
- * <addr> is dotted quad
- * <port> is decimal in host order
- * <length> is prefix length (so 0.0.0.0/32 matches any)
- * <uid> is decimal unsigned
+ * authbind is Copyright (C) 1998 Ian Jackson
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
*/
#include <errno.h>
#include <netinet/in.h>
#include <arpa/inet.h>
-#define CONFIGDIR "/etc/authbind"
+#ifndef CONFIGDIR
+# define CONFIGDIR "/etc/authbind"
+#endif
+
+static const char *rcsid="$Id$";
static void exiterrno(int e) {
exit(e>0 && e<128 ? e : ENOSYS);
}
static void badusage(void) {
- fputs("libauthbind's helper: bad usage\n",stderr);
+ fprintf(stderr,"libauthbind's helper: bad usage\n %s\n",rcsid);
exit(ENOSYS);
}
/*
+ * libauthbind.c - bind(2)-redirector library for authbind
+ *
+ * authbind is Copyright (C) 1998 Ian Jackson
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
*/
#include <dlfcn.h>
#include <sys/wait.h>
#include <netinet/in.h>
-#define AUTHBIND_NESTED "AUTHBIND_NESTED"
-#define HELPER "/usr/lib/authbind/helper"
+static const char *rcsid="$Id$";
+
+#ifndef HELPER
+# define HELPER "/usr/local/lib/authbind/helper"
+#endif
+
+#define AUTHBIND_NESTED_VAR "AUTHBIND_NESTED"
typedef void anyfn_type(void);
typedef int bindfn_type(int fd, const struct sockaddr *addr, socklen_t addrlen);
ntohs(((struct sockaddr_in*)addr)->sin_port) >= 1024 || !geteuid())
return old_bind(fd,addr,addrlen);
- if (getenv(AUTHBIND_NESTED)) {
+ if (getenv(AUTHBIND_NESTED_VAR)) {
STDERRSTR_CONST("libauthbind: possible installation problem - "
- "nested invocation, perhaps helper is not setuid\n");
+ "nested invocation, perhaps helper is not setuid\n ");
+ STDERRSTR_STRING(rcsid);
+ STDERRSTR_CONST("\n");
return old_bind(fd,addr,addrlen);
}
if (!child) {
if (dup2(fd,0)) exiterrno(errno);
- if (setenv(AUTHBIND_NESTED,"1",1)) exiterrno(errno);
+ if (setenv(AUTHBIND_NESTED_VAR,"1",1)) exiterrno(errno);
execl(HELPER,HELPER,addrarg,portarg,(char*)0);
status= errno;
STDERRSTR_CONST("libauthbind: possible installation problem - "