server: Introduce privilege separation.

[tripe] / server / tripe.h

diff --git a/server/tripe.h b/server/tripe.h
index 404bad0f10e29ecb7a45f124488207a233a02740..ab15787f386d3dc9e2ee05035969346b3f1d40e4 100644 (file)
--- a/server/tripe.h
+++ b/server/tripe.h
@@ -52,6 +52,7 @@
 #include <unistd.h>
 #include <fcntl.h>
 #include <sys/stat.h>
+#include <sys/wait.h>
 
 #include <sys/socket.h>
 #include <sys/un.h>
@@ -70,6 +71,7 @@
 #include <mLib/dstr.h>
 #include <mLib/env.h>
 #include <mLib/fdflags.h>
+#include <mLib/fdpass.h>
 #include <mLib/fwatch.h>
 #include <mLib/hash.h>
 #include <mLib/macros.h>
@@ -103,6 +105,7 @@
 #include <catacomb/ec-keys.h>
 #include <catacomb/group.h>
 
+#include "priv.h"
 #include "protocol.h"
 #include "slip.h"
 #include "util.h"
@@ -122,8 +125,9 @@
 #define T_KEYEXCH 64u
 #define T_KEYMGMT 128u
 #define T_CHAL 256u
+/* T_PRIVSEP  in priv.h */
 
-#define T_ALL 511u
+#define T_ALL 1023u
 
 /* --- Units --- */
 
@@ -287,8 +291,9 @@ struct peer;
 
 typedef struct tunnel_ops {
   const char *name;                    /* Name of this tunnel driver */
+  unsigned flags;                      /* Various interesting flags */
+#define TUNF_PRIVOPEN 1u               /*   Need helper to open file */
   void (*init)(void);                  /* Initializes the system */
-  int (*open)(char **/*ifn*/);         /* Open tunnel and report ifname */
   tunnel *(*create)(struct peer */*p*/, int /*fd*/, char **/*ifn*/);
                                        /* Initializes a new tunnel */
   void (*setifname)(tunnel */*t*/, const char */*ifn*/);
@@ -994,6 +999,68 @@ extern void *am_find(addrmap */*m*/, const addr */*a*/,
 
 extern void am_remove(addrmap */*m*/, void */*i*/);
 
+/*----- Privilege separation ----------------------------------------------*/
+
+/* --- @ps_trace@ --- *
+ *
+ * Arguments:  @unsigned mask@ = trace mask to check
+ *             @const char *fmt@ = message format
+ *             @...@ = values for placeholders
+ *
+ * Returns:    ---
+ *
+ * Use:                Writes a trace message.
+ */
+
+T( extern void ps_trace(unsigned /*mask*/, const char */*fmt*/, ...); )
+
+/* --- @ps_warn@ --- *
+ *
+ * Arguments:  @const char *fmt@ = message format
+ *             @...@ = values for placeholders
+ *
+ * Returns:    ---
+ *
+ * Use:                Writes a warning message.
+ */
+
+extern void ps_warn(const char */*fmt*/, ...);
+
+/* --- @ps_tunfd@ --- *
+ *
+ * Arguments:  @const tunnel_ops *tops@ = pointer to tunnel operations
+ *             @char **ifn@ = where to put the interface name
+ *
+ * Returns:    The file descriptor, or @-1@ on error.
+ *
+ * Use:                Fetches a file descriptor for a tunnel driver.
+ */
+
+extern int ps_tunfd(const tunnel_ops */*tops*/, char **/*ifn*/);
+
+/* --- @ps_split@ --- *
+ *
+ * Arguments:  @int detachp@ = whether to detach the child from its terminal
+ *
+ * Returns:    ---
+ *
+ * Use:                Separates off the privileged tunnel-opening service from the
+ *             rest of the server.
+ */
+
+extern void ps_split(int /*detachp*/);
+
+/* --- @ps_quit@ --- *
+ *
+ * Arguments:  ---
+ *
+ * Returns:    ---
+ *
+ * Use:                Detaches from the helper process.
+ */
+
+extern void ps_quit(void);
+
 /*----- Peer management ---------------------------------------------------*/
 
 /* --- @p_txstart@ --- *