summaryrefslogtreecommitdiffstats
path: root/helper/install-firewall.c
diff options
context:
space:
mode:
Diffstat (limited to 'helper/install-firewall.c')
-rw-r--r--helper/install-firewall.c71
1 files changed, 71 insertions, 0 deletions
diff --git a/helper/install-firewall.c b/helper/install-firewall.c
new file mode 100644
index 0000000..c42edd7
--- /dev/null
+++ b/helper/install-firewall.c
@@ -0,0 +1,71 @@
+#include <sys/types.h>
+#include <grp.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+
+#include <glib.h>
+
+int group_member(gid_t gid) {
+ int n;
+ gid_t *g;
+ if ((n = getgroups(0, NULL)) < 0)
+ return -1;
+
+ g = g_new(gid_t, n);
+ if (getgroups(n, g) < 0) {
+ g_free(g);
+ return -1;
+ }
+
+ for (; n >= 0; n--)
+ if (g[n] == gid) {
+ g_free(g);
+ return 1;
+ }
+
+ g_free(g);
+ return 0;
+}
+
+int main(int argc, char *argv[]) {
+ struct group *gr;
+
+ if (!(gr = getgrnam("fieryfilter"))) {
+ g_message("Could not find group fieryfilter\n");
+ return 1;
+ }
+
+ if (group_member(gr->gr_gid) != 1) {
+ fprintf(stderr, "I am sorry, you are not a member of the group \"fieryfilter\", access denied.\n");
+ return 1;
+ }
+
+ if (geteuid() != 0) {
+ fprintf(stderr, "Binary %s not SETUID.\n", argv[0]);
+ return 1;
+ }
+
+ if (setuid(geteuid()) != 0) {
+ fprintf(stderr, "Cannot make uid=euid: %s\n", strerror(errno));
+ return 1;
+ }
+
+ if (setgid(0) != 0) {
+ fprintf(stderr, "Cannot set uid=0: %s\n", strerror(errno));
+ return 1;
+ }
+
+ if (setgroups(0, NULL) != 0) {
+ fprintf(stderr, "setgroups(0, NULL): %s\n", strerror(errno));
+ return 1;
+ }
+
+ if (execvp("xml-iptables-safe", argv) < 0) {
+ fprintf(stderr, "Could not run xml-iptables-safe: %s\n", strerror(errno));
+ return 1;
+ }
+
+ return 0;
+}