X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=userv-utils.git;a=blobdiff_plain;f=ipif%2Fservice.c;fp=ipif%2Fservice.c;h=eacfc63c1ce4d9782d7823716ec5b71281c55f13;hp=519015163fff2afec2bdc6f7e163d0e2004b687b;hb=f2add8c1b19c46ff78655278643c3c2851db7566;hpb=eccfa510eebbda0703971e3f708c293cfd6471a5 diff --git a/ipif/service.c b/ipif/service.c index 5190151..eacfc63 100644 --- a/ipif/service.c +++ b/ipif/service.c @@ -30,7 +30,7 @@ * * The remaining arguments are supplied by the (untrusted) caller: * - * ,,[,[]] + * ,,[,[][,[]]] * * As for slattach. The only supported protocol is slip. * Alternatively, set to `debug' to print debugging info and @@ -82,6 +82,9 @@ * service program directly (not via userv), without needing to set up * permissions in /etc/userv/ipif-networks. * + * Only `*' permits interface name patterns other than the default + * value of `userv%d'. + * * #... * * Comment. Blank lines are also ignored. @@ -148,11 +151,13 @@ static const unsigned long gidmaxval= (unsigned long)((gid_t)-2); static const char *const protos_ok[]= { "slip", 0 }; static const int signals[]= { SIGHUP, SIGINT, SIGTERM, 0 }; +static const char default_ifnamepat[]= "userv%d"; static const char *configstr, *proto; static unsigned long localaddr, peeraddr, mtu; static int localpming, peerpming; -static int localallow, peerallow, allallow; +static int localallow, peerallow, ifnameallow, allallow; +static char *ifnamepat; static int nexroutes; static struct exroute { unsigned long prefix, mask; @@ -476,6 +481,7 @@ static void pconfig(const char *configstr, int truncated) { case '*': permit_begin(); permit_range(0UL,0UL,1,0); + ifnameallow= 1; return; case '#': @@ -575,7 +581,7 @@ static void parseargs(int argc, const char *const *argv) { mtu= eat_number(&carg,"mtu", 576,65536, ",",0); localallow= peerallow= 0; - char *protostr = eat_optionalstr(&carg,"protocol","slip"); + char *protostr= eat_optionalstr(&carg,"protocol","slip"); if (!strcmp(protostr,"debug")) { proto= 0; } else { @@ -584,6 +590,8 @@ static void parseargs(int argc, const char *const *argv) { cprotop++); if (!proto) fatal("invalid protocol"); } + + ifnamepat= eat_optionalstr(&carg,"ifname pattern",default_ifnamepat); addrnet_mustdiffer("local-addr",localaddr,~0UL, "peer-addr",peeraddr,~0UL); @@ -629,6 +637,14 @@ static void checkpermit(void) { sprintf(erwhatbuf, "route#%d", i); checkallow(exroutes[i].allow, erwhatbuf, exroutes[i].prefixtxt, exroutes[i].masktxt); } + if (!strcmp(ifnamepat,default_ifnamepat)) + ifnameallow= 1; + if (!ifnameallow) { + fprintf(stderr, + "userv-ipif service: access denied for interface name %s\n", + ifnamepat); + allallow= 0; + } if (!allallow) fatal("access denied"); } @@ -691,14 +707,13 @@ static int task(const char *desc) { } static void createif(void) { - static const char ifnamepat[]= "userv%d"; struct ifreq ifr; int r; memset(&ifr,0,sizeof(ifr)); ifr.ifr_flags= IFF_TUN | IFF_NO_PI; - assert(sizeof(ifr.ifr_name) >= sizeof(ifnamepat)); + assert(sizeof(ifr.ifr_name) >= strlen(ifnamepat)+1); strcpy(ifr.ifr_name, ifnamepat); tunfd= open("/dev/net/tun", O_RDWR);