server: Introduce privilege separation.

[tripe] / server / tun-unet.c

diff --git a/server/tun-unet.c b/server/tun-unet.c
index 88ce83d08d1b216be7b2905eaaccba252bb1a867..d4b4cf3478a847e26d6897cd15c6e8ddc02cbcba 100644 (file)
--- a/server/tun-unet.c
+++ b/server/tun-unet.c
@@ -32,7 +32,7 @@
 
 #ifdef TUN_UNET
 #  include <sys/ioctl.h>
-#  include <net/if.h>
+#  include <linux/if.h>
 #  include <unet.h>
 #endif
 
@@ -88,44 +88,6 @@ static void t_read(int fd, unsigned mode, void *v)
 
 static void t_init(void) { return; }
 
-/* --- @t_open@ --- *
- *
- * Arguments:  @char **ifn@ = where to put the interface name
- *
- * Returns:    A file descriptor, or @-1@ on failure.
- *
- * Use:                Opens a tunnel device.  This will run with root privileges
- *             even if the rest of the server has dropped them.
- */
-
-static int t_open(char **ifn)
-{
-  int fd;
-  int f;
-  struct unet_info uni;
-
-  if ((fd = open("/dev/unet", O_RDWR)) < 0) {
-    a_warn("TUN", "-", "unet", "open-error", "/dev/unet", "?ERRNO", A_END);
-    goto fail_0;
-  }
-  if ((f = ioctl(fd, UNIOCGIFFLAGS)) < 0 ||
-      ioctl(fd, UNIOCSIFFLAGS, f | IFF_POINTOPOINT)) {
-    a_warn("TUN", "-", "unet", "config-error", "?ERRNO", A_END);
-    goto fail_1;
-  }
-  if (ioctl(t->f.fd, UNIOCGINFO, &uni)) {
-    a_warn("TUN", "-", "unet", "getinfo-error", "?ERRNO", A_END);
-    goto fail_1;
-  }
-  *ifn = xstrdup(uni.uni_ifname);
-  return (fd);
-
-fail_1:
-  close(fd);
-fail_0:
-  return (-1);
-}
-
 /* --- @t_create@ --- *
  *
  * Arguments:  @peer *p@ = pointer to peer block
@@ -183,8 +145,8 @@ static void t_destroy(tunnel *t)
 
 const tunnel_ops tun_unet = {
   "unet",
+  TUNF_PRIVOPEN,
   t_init,
-  t_open,
   t_create,
   0,
   t_inject,