From eda3aa3333fffd8f1b5f22326d8897d85ef9c0f8 Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Wed, 21 Nov 2018 12:05:07 +0100
Subject: [PATCH] gluon-mesh-vpn-core: add gluon-wan exec wrapper

gluon-wan is a sudo-like exec wrapper that switches the process group to
gluon-mesh-vpn, making it use the WAN dnsmasq rather than resolving over
the mesh.

Note that this only affects DNS at the moment. Processes running under
gluon-wan will still use the regular mesh IPv6 routing table, and not the
WAN routing table. This is not a problem for IPv4, as there is only one
IPv4 routing table.

Fixes #1575
---
 .../luasrc/usr/bin/gluon-wan                  | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100755 package/gluon-mesh-vpn-core/luasrc/usr/bin/gluon-wan

diff --git a/package/gluon-mesh-vpn-core/luasrc/usr/bin/gluon-wan b/package/gluon-mesh-vpn-core/luasrc/usr/bin/gluon-wan
new file mode 100755
index 000000000..4df582854
--- /dev/null
+++ b/package/gluon-mesh-vpn-core/luasrc/usr/bin/gluon-wan
@@ -0,0 +1,32 @@
+#!/usr/bin/lua
+
+local GROUP = 'gluon-mesh-vpn'
+
+local grp = require 'posix.grp'
+local unistd = require 'posix.unistd'
+
+if #arg < 1 then
+	io.stderr:write('Usage: gluon-wan <command> ...\n')
+	os.exit(1)
+end
+
+local g = grp.getgrnam(GROUP)
+if not g then
+	io.stderr:write(string.format("gluon-wan: unable to find group '%s'\n", GROUP))
+	os.exit(1)
+end
+
+local ok, err = unistd.setpid('g', g.gr_gid)
+if ok ~= 0 then
+	io.stderr:write(string.format("gluon-wan: unable to change to group: %s\n", err))
+	os.exit(1)
+end
+
+arg[0] = arg[1]
+table.remove(arg, 1)
+print(arg[0], unpack(arg))
+
+ok, err = unistd.execp(arg[0], arg)
+
+io.stderr:write(string.format("gluon-wan: exec failed: %s\n", err))
+os.exit(1)
-- 
GitLab