Add --pppd-call option. #270
Conversation
On systems where pppd supports the "call" option --- eg. Debian derived
distros --- privileged options to pppd can be moved to a config file owned
by root, and any unprivileged user in group "dip" can invoke openfortivpn.
Static routes and DNS settings are managed by /etc/ppp/ip-up.local and
/etc/ppp/ip-down.local scripts, provided the following lines are added
to /etc/openfortivpn/config:
set-routes = 0
set-dns = 0
pppd-ipparam = openfortivpn
pppd-call = openfortivpn
There was a problem hiding this comment.
What happens to this piece of code when openfortivpn is called by an unprivileged user?
https://github.com/adrienverge/openfortivpn/blob/25b2585/src/tunnel.c#L126-L146
src/ipv4.c
Outdated
| snprintf(*target + l0, l1, fmt, dest, mask, gw); | ||
| } else { | ||
| int eno = errno; | ||
| log_error("Could not reallocate array: %s\n", strerror(eno)); |
There was a problem hiding this comment.
Not that the message is any better this way, just for mere consistency with the rest of the code:
log_error("realloc: %s\n", strerror(eno));
src/ipv4.c
Outdated
| *target = ptr; | ||
| snprintf(*target + l0, l1, fmt, dest, mask, gw); | ||
| } else { | ||
| int eno = errno; |
There was a problem hiding this comment.
While log_error() may theoretically change the value of errno, for mere consistency with the rest of the code I suggest getting rid of eno and using errno directly.
There was a problem hiding this comment.
Actually log_error() cannot change the value of errno before it is used as the strerror(errno) argument is evaluated before the function is called.
|
The man page should eventually be updated too: |
|
On Fri, Mar 30, 2018 at 08:17:27PM +0000, Dimitri Papadopoulos Orfanos wrote:
DimitriPapadopoulos commented on this pull request.
What happens to this piece of code when _openfortivpn_ is called by an unprivileged user?
https://github.com/adrienverge/openfortivpn/blob/25b2585/src/tunnel.c#L126-L146
> + char **target = &tunnel->config->pppd_ipparam;
+ char *ptr;
+
+ if (*target == NULL || strncmp(*target, trigger, strlen(trigger)))
+ return;
+ if (!dest || !mask || !gw)
+ return;
+ log_info("Registering route %s/%s via %s\n", dest, mask, gw);
+ l0 = strlen(*target);
+ l1 = strlen(fmt) + strlen(dest) + strlen(mask) + strlen(gw) + 1;
+ if ((ptr = realloc(*target, l0 + l1))) {
+ *target = ptr;
+ snprintf(*target + l0, l1, fmt, dest, mask, gw);
+ } else {
+ int eno = errno;
+ log_error("Could not reallocate array: %s\n", strerror(eno));
Basically, (unprivileged) openfortivpn builds a list of routes to add
after the tunnel is up, and passes the list to (privileged) pppd via
the ipparam option, which is usually employed to pass auxiliary data available
at runtime.
|
|
I must be missing something, but aren't all these options passed to pppd when they should be read from |
|
Yes, I was definitely missing something! Perhaps some comments should be added to explain that |
|
I was thinking an However I don't see how to initialize |
src/tunnel.c
Outdated
| @@ -145,6 +145,14 @@ static int pppd_run(struct tunnel *tunnel) | |||
| NULL // terminal null pointer required by execvp() | |||
| }; | |||
|
|
|||
| if (tunnel->config->pppd_call != NULL) { | |||
There was a problem hiding this comment.
Just write:
if (tunnel->config->pppd_call) {
Again I do not care myself but but the checkpatch.pl script of the Linux kernel emits a warning and we try to follow the Linux kernel coding style.
|
Looks good to me. Could you perhaps squash the commits so that I can merge your pull request? |
|
Does this mean openfortivpn will not need to be run by root anymore on Debian-based systems? If so this looks like a solution for issue #54. We should probably disable No need to address the above issue in this pull request, we shall handle it in a different pull request. |
On systems where pppd supports the "call" option --- eg. Debian derived
distros --- privileged options to pppd can be moved to a config file owned
by root, and any unprivileged user in group "dip" can invoke openfortivpn.
Static routes and DNS settings are managed by /etc/ppp/ip-up.local and
/etc/ppp/ip-down.local scripts, provided the following lines are added
to /etc/openfortivpn/config:
set-routes = 0
set-dns = 0
pppd-ipparam = openfortivpn
pppd-call = openfortivpn
On systems where pppd supports the "call" option --- eg. Debian derived
distros --- privileged options to pppd can be moved to a config file owned
by root, and any unprivileged user in group "dip" can invoke openfortivpn.
Static routes and DNS settings are managed by /etc/ppp/ip-up.local and
/etc/ppp/ip-down.local scripts, provided the following lines are added
to /etc/openfortivpn/config:
set-routes = 0
set-dns = 0
pppd-ipparam = openfortivpn
pppd-call = openfortivpn
|
@DimitriPapadopoulos I'm not sure I squashed my commits properly. Should the PR result more difficult to merge than before, please let me know. |
|
Actually you've added on more commit instead of replacing all existing commits by a single one, but don't worry: I can squash these commits myself not that I have the definitive comment (the one in the last commit). |
|
@DimitriPapadopoulos I'm not sure the following code is more elegant of the current static array, but it might silence some warnings from Coverity: |
On systems where pppd supports the "call" option --- eg. Debian derived
distros --- privileged options to pppd can be moved to a config file owned
by root, and any unprivileged user in group "dip" can invoke openfortivpn.
Static routes and DNS settings are managed by /etc/ppp/ip-up.local and
/etc/ppp/ip-down.local scripts, provided the following lines are added
to /etc/openfortivpn/config: