diff options
| author | Kozlov Dmitry <xeb@mail.ru> | 2012-01-13 12:38:26 +0400 |
|---|---|---|
| committer | Kozlov Dmitry <xeb@mail.ru> | 2012-01-13 12:38:26 +0400 |
| commit | bf1ccc7f6e7a9dc5a8ba3d8d02b25ad446458840 (patch) | |
| tree | 4e53a7f2990e40436f6ae98434f72c3db14434c0 /accel-pppd | |
| parent | 03a466f1b0f7549c2ef89c1e544c2c86c3958ad4 (diff) | |
| download | accel-ppp-bf1ccc7f6e7a9dc5a8ba3d8d02b25ad446458840.tar.gz accel-ppp-bf1ccc7f6e7a9dc5a8ba3d8d02b25ad446458840.zip | |
set FD_CLOEXEC on opened file descriptors
Diffstat (limited to 'accel-pppd')
| -rw-r--r-- | accel-pppd/auth/auth_chap_md5.c | 9 | ||||
| -rw-r--r-- | accel-pppd/auth/auth_mschap_v1.c | 8 | ||||
| -rw-r--r-- | accel-pppd/auth/auth_mschap_v2.c | 8 | ||||
| -rw-r--r-- | accel-pppd/cli/tcp.c | 2 | ||||
| -rw-r--r-- | accel-pppd/cli/telnet.c | 2 | ||||
| -rw-r--r-- | accel-pppd/ctrl/l2tp/l2tp.c | 8 | ||||
| -rw-r--r-- | accel-pppd/ctrl/pppoe/pppoe.c | 16 | ||||
| -rw-r--r-- | accel-pppd/ctrl/pptp/pptp.c | 8 | ||||
| -rw-r--r-- | accel-pppd/ipv6/dhcpv6.c | 2 | ||||
| -rw-r--r-- | accel-pppd/ipv6/nd.c | 2 | ||||
| -rw-r--r-- | accel-pppd/logs/log_file.c | 4 | ||||
| -rw-r--r-- | accel-pppd/logs/log_tcp.c | 2 | ||||
| -rw-r--r-- | accel-pppd/ppp/ipv6cp_opt_intfid.c | 4 | ||||
| -rw-r--r-- | accel-pppd/ppp/ppp.c | 17 | ||||
| -rw-r--r-- | accel-pppd/ppp/ppp.h | 1 | ||||
| -rw-r--r-- | accel-pppd/radius/dm_coa.c | 3 | ||||
| -rw-r--r-- | accel-pppd/radius/req.c | 9 |
17 files changed, 57 insertions, 48 deletions
diff --git a/accel-pppd/auth/auth_chap_md5.c b/accel-pppd/auth/auth_chap_md5.c index cc27ba37..d5db85f5 100644 --- a/accel-pppd/auth/auth_chap_md5.c +++ b/accel-pppd/auth/auth_chap_md5.c @@ -37,8 +37,6 @@ static int conf_interval = 0; static int conf_max_failure = 3; static int conf_any_login = 0; -static int urandom_fd; - struct chap_hdr_t { uint16_t proto; @@ -438,13 +436,6 @@ static void load_config(void) static void auth_chap_md5_init() { - urandom_fd=open("/dev/urandom", O_RDONLY); - - if (urandom_fd < 0) { - log_emerg("chap-md5: failed to open /dev/urandom: %s\n", strerror(errno)); - return; - } - load_config(); if (ppp_auth_register_handler(&chap)) diff --git a/accel-pppd/auth/auth_mschap_v1.c b/accel-pppd/auth/auth_mschap_v1.c index 2d332524..ffe0200c 100644 --- a/accel-pppd/auth/auth_mschap_v1.c +++ b/accel-pppd/auth/auth_mschap_v1.c @@ -39,8 +39,6 @@ static char *conf_msg_failure = "E=691 R=0"; static char *conf_msg_success = "Authentication successed"; ; -static int urandom_fd; - struct chap_hdr_t { uint16_t proto; @@ -504,12 +502,6 @@ static void load_config(void) static void auth_mschap_v1_init() { - urandom_fd = open("/dev/urandom", O_RDONLY); - if (urandom_fd < 0) { - log_emerg("mschap-v1: failed to open /dev/urandom: %s\n", strerror(errno)); - return; - } - load_config(); if (ppp_auth_register_handler(&chap)) diff --git a/accel-pppd/auth/auth_mschap_v2.c b/accel-pppd/auth/auth_mschap_v2.c index cb972075..d067f0b7 100644 --- a/accel-pppd/auth/auth_mschap_v2.c +++ b/accel-pppd/auth/auth_mschap_v2.c @@ -38,8 +38,6 @@ static char *conf_msg_failure = "E=691 R=0 V=3"; static char *conf_msg_failure2 = "Authentication failure"; static char *conf_msg_success = "Authentication successed"; -static int urandom_fd; - struct chap_hdr_t { uint16_t proto; @@ -637,12 +635,6 @@ static void load_config(void) static void auth_mschap_v2_init() { - urandom_fd = open("/dev/urandom", O_RDONLY); - if (urandom_fd < 0) { - log_emerg("mschap-v2: failed to open /dev/urandom: %s\n", strerror(errno)); - return; - } - load_config(); if (ppp_auth_register_handler(&chap)) diff --git a/accel-pppd/cli/tcp.c b/accel-pppd/cli/tcp.c index fea0e4eb..9ea914c9 100644 --- a/accel-pppd/cli/tcp.c +++ b/accel-pppd/cli/tcp.c @@ -300,6 +300,8 @@ static void start_server(const char *host, int port) log_emerg("cli: tcp: failed to create server socket: %s\n", strerror(errno)); return; } + + fcntl(serv_hnd.fd, F_SETFD, fcntl(serv_hnd.fd, F_GETFD) | FD_CLOEXEC); memset(&addr, 0, sizeof(addr)); addr.sin_family = AF_INET; diff --git a/accel-pppd/cli/telnet.c b/accel-pppd/cli/telnet.c index 26436923..f7b43115 100644 --- a/accel-pppd/cli/telnet.c +++ b/accel-pppd/cli/telnet.c @@ -642,6 +642,8 @@ static void start_server(const char *host, int port) log_emerg("cli: telnet: failed to create server socket: %s\n", strerror(errno)); return; } + + fcntl(serv_hnd.fd, F_SETFD, fcntl(serv_hnd.fd, F_GETFD) | FD_CLOEXEC); memset(&addr, 0, sizeof(addr)); addr.sin_family = AF_INET; diff --git a/accel-pppd/ctrl/l2tp/l2tp.c b/accel-pppd/ctrl/l2tp/l2tp.c index ea99b820..fd74c2e8 100644 --- a/accel-pppd/ctrl/l2tp/l2tp.c +++ b/accel-pppd/ctrl/l2tp/l2tp.c @@ -244,6 +244,8 @@ static int l2tp_tunnel_alloc(struct l2tp_serv_t *serv, struct l2tp_packet_t *pac mempool_free(conn); return -1; } + + fcntl(conn->hnd.fd, F_SETFD, fcntl(conn->hnd.fd, F_GETFD) | FD_CLOEXEC); memset(&addr, 0, sizeof(addr)); addr.sin_family = AF_INET; @@ -358,6 +360,8 @@ static int l2tp_connect(struct l2tp_conn_t *conn) log_ppp_error("l2tp: socket(AF_PPPOX): %s\n", strerror(errno)); return -1; } + + fcntl(conn->tunnel_fd, F_SETFD, fcntl(conn->tunnel_fd, F_GETFD) | FD_CLOEXEC); conn->ppp.fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP); if (!conn->ppp.fd) { @@ -366,6 +370,8 @@ static int l2tp_connect(struct l2tp_conn_t *conn) log_ppp_error("l2tp: socket(AF_PPPOX): %s\n", strerror(errno)); return -1; } + + fcntl(conn->ppp.fd, F_SETFD, fcntl(conn->ppp.fd, F_GETFD) | FD_CLOEXEC); if (connect(conn->tunnel_fd, (struct sockaddr *)&pppox_addr, sizeof(pppox_addr)) < 0) { log_ppp_error("l2tp: connect(tunnel): %s\n", strerror(errno)); @@ -1043,6 +1049,8 @@ static void start_udp_server(void) log_emerg("l2tp: socket: %s\n", strerror(errno)); return; } + + fcntl(udp_serv.hnd.fd, F_SETFD, fcntl(udp_serv.hnd.fd, F_GETFD) | FD_CLOEXEC); memset(&addr, 0, sizeof(addr)); addr.sin_family = AF_INET; diff --git a/accel-pppd/ctrl/pppoe/pppoe.c b/accel-pppd/ctrl/pppoe/pppoe.c index a32c8f51..3742c870 100644 --- a/accel-pppd/ctrl/pppoe/pppoe.c +++ b/accel-pppd/ctrl/pppoe/pppoe.c @@ -305,6 +305,8 @@ static void connect_channel(struct pppoe_conn_t *conn) log_error("pppoe: socket(PPPOX): %s\n", strerror(errno)); goto out_err; } + + fcntl(sock, F_SETFD, fcntl(sock, F_GETFD) | FD_CLOEXEC); memset(&sp, 0, sizeof(sp)); @@ -1155,6 +1157,8 @@ void pppoe_server_start(const char *opt, void *cli) _free(serv); return; } + + fcntl(sock, F_SETFD, fcntl(sock, F_GETFD) | FD_CLOEXEC); if (setsockopt(sock, SOL_SOCKET, SO_BROADCAST, &f, sizeof(f))) { if (cli) @@ -1322,23 +1326,13 @@ void __export pppoe_get_stat(unsigned int **starting, unsigned int **active) static int init_secret(struct pppoe_serv_t *serv) { - int fd; DES_cblock key; - fd = open("/dev/urandom", O_RDONLY); - if (fd < 0) { - log_emerg("pppoe: cann't open /dev/urandom: %s\n", strerror(errno)); - return -1; - } - - if (read(fd, serv->secret, SECRET_LENGTH) < 0) { + if (read(urandom_fd, serv->secret, SECRET_LENGTH) < 0) { log_emerg("pppoe: faild to read /dev/urandom\n", strerror(errno)); - close(fd); return -1; } - close(fd); - memset(key, 0, sizeof(key)); DES_random_key(&key); DES_set_key(&key, &serv->des_ks); diff --git a/accel-pppd/ctrl/pptp/pptp.c b/accel-pppd/ctrl/pptp/pptp.c index 715a77b0..b9930f39 100644 --- a/accel-pppd/ctrl/pptp/pptp.c +++ b/accel-pppd/ctrl/pptp/pptp.c @@ -298,6 +298,9 @@ static int pptp_out_call_rqst(struct pptp_conn_t *conn) log_ppp_error("failed to create PPTP socket (%s)\n", strerror(errno)); return -1; } + + fcntl(pptp_sock, F_SETFD, fcntl(pptp_sock, F_GETFD) | FD_CLOEXEC); + if (bind(pptp_sock, (struct sockaddr*)&src_addr, sizeof(src_addr))) { log_ppp_error("failed to bind PPTP socket (%s)\n", strerror(errno)); close(pptp_sock); @@ -741,7 +744,10 @@ static void pptp_init(void) log_emerg("pptp: failed to create server socket: %s\n", strerror(errno)); return; } - addr.sin_family = AF_INET; + + fcntl(serv.hnd.fd, F_SETFD, fcntl(serv.hnd.fd, F_GETFD) | FD_CLOEXEC); + + addr.sin_family = AF_INET; addr.sin_port = htons(PPTP_PORT); opt = conf_get_opt("pptp", "bind"); diff --git a/accel-pppd/ipv6/dhcpv6.c b/accel-pppd/ipv6/dhcpv6.c index 22a4c8ef..e6df7dea 100644 --- a/accel-pppd/ipv6/dhcpv6.c +++ b/accel-pppd/ipv6/dhcpv6.c @@ -964,6 +964,8 @@ static void init(void) log_error("dhcpv6: socket: %s\n", strerror(errno)); return; } + + fcntl(sock, F_SETFD, fcntl(sock, F_GETFD) | FD_CLOEXEC); memset(&addr, 0, sizeof(addr)); addr.sin6_family = AF_INET6; diff --git a/accel-pppd/ipv6/nd.c b/accel-pppd/ipv6/nd.c index 1ef9bf7d..e6040a07 100644 --- a/accel-pppd/ipv6/nd.c +++ b/accel-pppd/ipv6/nd.c @@ -262,6 +262,8 @@ static int ipv6_nd_start(struct ppp_t *ppp) return -1; } + fcntl(sock, F_SETFD, fcntl(sock, F_GETFD) | FD_CLOEXEC); + memset(&addr, 0, sizeof(addr)); addr.sin6_family = AF_INET6; addr.sin6_addr.s6_addr32[0] = htons(0xfe80); diff --git a/accel-pppd/logs/log_file.c b/accel-pppd/logs/log_file.c index f1a50185..48f43510 100644 --- a/accel-pppd/logs/log_file.c +++ b/accel-pppd/logs/log_file.c @@ -106,6 +106,8 @@ static int log_file_open(struct log_file_t *lf, const char *fname) return -1; } + fcntl(lf->fd, F_SETFD, fcntl(lf->fd, F_GETFD) | FD_CLOEXEC); + lf->offset = lseek(lf->fd, 0, SEEK_END); return 0; @@ -412,6 +414,7 @@ static void fail_reopen(void) log_emerg("log_file: open '%s': %s\n", fname, strerror(errno)); return; } + fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); fail_log_file->new_fd = fd; } @@ -424,6 +427,7 @@ static void general_reopen(void) log_emerg("log_file: open '%s': %s\n", fname, strerror(errno)); return; } + fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); log_file->new_fd = fd; } diff --git a/accel-pppd/logs/log_tcp.c b/accel-pppd/logs/log_tcp.c index ceaeb1c0..3f76ff8a 100644 --- a/accel-pppd/logs/log_tcp.c +++ b/accel-pppd/logs/log_tcp.c @@ -210,6 +210,8 @@ static void start_connect(struct tcp_target_t *t) return; } + fcntl(t->hnd.fd, F_SETFD, fcntl(t->hnd.fd, F_GETFD) | FD_CLOEXEC); + if (fcntl(t->hnd.fd, F_SETFL, O_NONBLOCK)) { log_emerg("log-tcp: failed to set nonblocking mode: %s\n", strerror(errno)); close(t->hnd.fd); diff --git a/accel-pppd/ppp/ipv6cp_opt_intfid.c b/accel-pppd/ppp/ipv6cp_opt_intfid.c index 2e7f67d8..0d3d7513 100644 --- a/accel-pppd/ppp/ipv6cp_opt_intfid.c +++ b/accel-pppd/ppp/ipv6cp_opt_intfid.c @@ -37,8 +37,6 @@ struct in6_ifreq { int ifr6_ifindex; }; -static int urandom_fd; - static struct ipv6cp_option_t *ipaddr_init(struct ppp_ipv6cp_t *ipv6cp); static void ipaddr_free(struct ppp_ipv6cp_t *ipv6cp, struct ipv6cp_option_t *opt); static int ipaddr_send_conf_req(struct ppp_ipv6cp_t *ipv6cp, struct ipv6cp_option_t *opt, uint8_t *ptr); @@ -394,8 +392,6 @@ static void init() if (sock6_fd < 0) return; - urandom_fd = open("/dev/urandom", O_RDONLY); - ipv6cp_option_register(&ipaddr_opt_hnd); load_config(); triton_event_register_handler(EV_CONFIG_RELOAD, (triton_event_func)load_config); diff --git a/accel-pppd/ppp/ppp.c b/accel-pppd/ppp/ppp.c index acda84e9..3ab71662 100644 --- a/accel-pppd/ppp/ppp.c +++ b/accel-pppd/ppp/ppp.c @@ -33,6 +33,7 @@ __export LIST_HEAD(ppp_list); int __export sock_fd; int __export sock6_fd; +int __export urandom_fd; int __export ppp_shutdown; @@ -102,6 +103,8 @@ int __export establish_ppp(struct ppp_t *ppp) log_ppp_error("open(chan) /dev/ppp: %s\n", strerror(errno)); return -1; } + + fcntl(ppp->chan_fd, F_SETFD, fcntl(ppp->chan_fd, F_GETFD) | FD_CLOEXEC); if (ioctl(ppp->chan_fd, PPPIOCATTCHAN, &ppp->chan_idx) < 0) { log_ppp_error("ioctl(PPPIOCATTCHAN): %s\n", strerror(errno)); @@ -113,6 +116,8 @@ int __export establish_ppp(struct ppp_t *ppp) log_ppp_error("open(unit) /dev/ppp: %s\n", strerror(errno)); goto exit_close_chan; } + + fcntl(ppp->unit_fd, F_SETFD, fcntl(ppp->unit_fd, F_GETFD) | FD_CLOEXEC); ppp->unit_idx = -1; if (ioctl(ppp->unit_fd, PPPIOCNEWUNIT, &ppp->unit_idx) < 0) { @@ -756,10 +761,22 @@ static void init(void) perror("socket"); _exit(EXIT_FAILURE); } + + fcntl(sock_fd, F_SETFD, fcntl(sock_fd, F_GETFD) | FD_CLOEXEC); sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0); if (sock6_fd < 0) log_warn("ppp: kernel doesn't support ipv6\n"); + else + fcntl(sock6_fd, F_SETFD, fcntl(sock6_fd, F_GETFD) | FD_CLOEXEC); + + urandom_fd = open("/dev/urandom", O_RDONLY); + if (urandom_fd < 0) { + log_emerg("failed to open /dev/urandom: %s\n", strerror(errno)); + return; + } + + fcntl(urandom_fd, F_SETFD, fcntl(urandom_fd, F_GETFD) | FD_CLOEXEC); opt = conf_get_opt("ppp", "seq-file"); if (!opt) diff --git a/accel-pppd/ppp/ppp.h b/accel-pppd/ppp/ppp.h index 3ec15d9e..bb308899 100644 --- a/accel-pppd/ppp/ppp.h +++ b/accel-pppd/ppp/ppp.h @@ -203,4 +203,5 @@ extern struct ppp_stat_t ppp_stat; extern int sock_fd; // internet socket for ioctls extern int sock6_fd; // internet socket for ioctls +extern int urandom_fd; #endif diff --git a/accel-pppd/radius/dm_coa.c b/accel-pppd/radius/dm_coa.c index a41388cf..f6197e7c 100644 --- a/accel-pppd/radius/dm_coa.c +++ b/accel-pppd/radius/dm_coa.c @@ -271,6 +271,9 @@ static void init(void) log_emerg("radius:dm_coa: socket: %s\n", strerror(errno)); return; } + + fcntl(serv.hnd.fd, F_SETFD, fcntl(serv.hnd.fd, F_GETFD) | FD_CLOEXEC); + addr.sin_family = AF_INET; addr.sin_port = htons (conf_dm_coa_port); if (conf_dm_coa_server) diff --git a/accel-pppd/radius/req.c b/accel-pppd/radius/req.c index 4a9d42ad..cc0b261a 100644 --- a/accel-pppd/radius/req.c +++ b/accel-pppd/radius/req.c @@ -14,8 +14,6 @@ #include "memdebug.h" -static int urandom_fd; - static int rad_req_read(struct triton_md_handler_t *h); static void rad_req_timeout(struct triton_timer_t *t); @@ -177,6 +175,8 @@ static int make_socket(struct rad_req_t *req) log_ppp_error("radius:socket: %s\n", strerror(errno)); return -1; } + + fcntl(req->hnd.fd, F_SETFD, fcntl(req->hnd.fd, F_GETFD) | FD_CLOEXEC); memset(&addr, 0, sizeof(addr)); addr.sin_family = AF_INET; @@ -298,11 +298,6 @@ int rad_req_wait(struct rad_req_t *req, int timeout) static void req_init(void) { - urandom_fd = open("/dev/urandom", O_RDONLY); - if (!urandom_fd) { - log_emerg("radius:req: open /dev/urandom: %s\n", strerror(errno)); - _exit(EXIT_FAILURE); - } } DEFINE_INIT(50, req_init); |