main fieryfilter worktrunk@31

git-svn-id: file:///home/lennart/svn/public/fieryfilter/fieryfilter@31 79e6afc9-17da-0310-ae3c-b873bff394f4

1 files changed, 71 insertions, 0 deletions

diff --git a/helper/install-firewall.c b/helper/install-firewall.c
new file mode 100644
index 0000000..c42edd7
--- /dev/null
+++ b/helper/install-firewall.c
@@ -0,0 +1,71 @@
+#include <sys/types.h>
+#include <grp.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+
+#include <glib.h>
+
+int group_member(gid_t gid) {
+    int n;
+    gid_t *g;
+    if ((n = getgroups(0, NULL)) < 0)
+        return -1;
+
+    g = g_new(gid_t, n);
+    if (getgroups(n, g) < 0) {
+        g_free(g);
+        return -1;
+    }
+
+    for (; n >= 0; n--)
+        if (g[n] == gid) {
+            g_free(g);
+            return 1;
+        }
+
+    g_free(g);
+    return 0;        
+}
+
+int main(int argc, char *argv[]) {
+    struct group *gr;
+    
+    if (!(gr = getgrnam("fieryfilter"))) {
+        g_message("Could not find group fieryfilter\n");
+        return 1;
+    }
+
+    if (group_member(gr->gr_gid) != 1) {
+        fprintf(stderr, "I am sorry, you are not a member of the group \"fieryfilter\", access denied.\n");
+        return 1;
+    }
+
+    if (geteuid() != 0) {
+        fprintf(stderr, "Binary %s not SETUID.\n", argv[0]);
+        return 1;
+    }
+    
+    if (setuid(geteuid()) != 0) {
+        fprintf(stderr, "Cannot make uid=euid: %s\n", strerror(errno));
+        return 1;
+    }
+    
+    if (setgid(0) != 0) {
+        fprintf(stderr, "Cannot set uid=0: %s\n", strerror(errno));
+        return 1;
+    }
+
+    if (setgroups(0, NULL) != 0) {
+        fprintf(stderr, "setgroups(0, NULL): %s\n", strerror(errno));
+        return 1;
+    }
+
+    if (execvp("xml-iptables-safe", argv) < 0) {
+        fprintf(stderr, "Could not run xml-iptables-safe: %s\n", strerror(errno));
+        return 1;
+    }
+
+    return 0;
+}