Ticket #6264: 0002-Added-support-for-chrooting-obfsproxy.patch

File 0002-Added-support-for-chrooting-obfsproxy.patch, 2.6 KB (added by dazo, 7 years ago)
  • src/main.c

    From 7cc4c9829b9cf8372e4f497a587905e0e163075e Mon Sep 17 00:00:00 2001
    From: David Sommerseth <dazo@users.sourceforge.net>
    Date: Sun, 6 May 2012 21:38:25 +0200
    Subject: [PATCH 2/2] Added support for chrooting obfsproxy
    
    This patch adds --chroot=<dir> which will chroot the process as soon
    as possible.
    
    For more info about chrooting, see this URL:
    <http://www.unixwiz.net/techtips/chroot-practices.html>
    
    Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
    ---
     src/main.c |   27 +++++++++++++++++++++++++--
     1 files changed, 25 insertions(+), 2 deletions(-)
    
    diff --git a/src/main.c b/src/main.c
    index cb092a1..39a6b2d 100644
    a b get_version(void) 
    8888
    8989#ifdef HAVE_UNISTD_H
    9090int do_daemonize = 0;
     91char *chroot_dir = NULL;
    9192
    9293/**
    9394   Daemonize the process properly.  stdin, stdout and stderr are set to /dev/null
    usage(void) 
    316317          "--daemon ~ run as a daemon\n"
    317318          "--user=<user name> ~ Run as this user\n"
    318319          "--group=<group name> ~ Run as this group\n"
     320          "--chroot=<dir> ~ chroot obfsproxy into the given directory (requires root user)\n"
    319321#ifdef HAVE_FCNTL_H
    320322          "--pid-file=<file> ~ file where to write daemon PID\n"
    321323#endif /* HAVE_FCNTL_H */
    handle_obfsproxy_args(const char *const *argv) 
    470472        log_warn("Error setting configured group: %s not found", argv[i]+8);
    471473        exit(1);
    472474      }
     475    } else if (!strncmp(argv[i], "--chroot=", 9)) {
     476      chroot_dir = strdup(argv[i]+9);
    473477#ifdef HAVE_FCNTL_H
    474478    } else if (!strncmp(argv[i], "--pid-file=", 11)) {
    475479      pidfilename = strdup(argv[i]+11);
    obfsproxy_cleanup() 
    584588  status_connections_cleanup();
    585589  close_obfsproxy_logfile();
    586590
    587 #if defined(HAVE_UNISTD_H) && defined(HAVE_FCNTL_H)
     591#ifdef HAVE_UNISTD_H
     592#ifdef HAVE_FCNTL_H
    588593  if( pidfilename ) {
    589594    unlink(pidfilename);
    590595    free(pidfilename);
    591596  }
    592 #endif
     597#endif /* HAVE_FCNTL_H */
     598
     599  if( chroot_dir ) {
     600    free(chroot_dir);
     601  }
     602#endif /* HAVE_UNISTD_H */
    593603
    594604  if (the_obfsproxy_version)
    595605    free(the_obfsproxy_version);
    obfs_main(int argc, const char *const *argv) 
    611621    return 1;
    612622  }
    613623
     624  if (chroot_dir) {
     625    if( chdir(chroot_dir) < 0 ) {
     626      log_error("Failed to enter the chroot directory %s: %s", chroot_dir, strerror(errno));
     627      return 1;
     628    }
     629    if (chroot(chroot_dir) < 0) {
     630      log_error("Failed to chroot into %s: %s", chroot_dir, strerror(errno));
     631      return 1;
     632    }
     633    log_info("obfsproxy has chrooted into '%s'", chroot_dir);
     634  }
     635
     636
    614637#ifdef HAVE_FCNTL_H
    615638  if (pidfilename && (write_pid() != 0)) {
    616639    log_error("Exiting");