To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugin-runner.c
- browse files at revision 110
- compare with another revision
- download diff
- download tarball
- view history from revision 110
- Committer: Teddy Hogeborn
- Date: 2008-08-29 05:53:59 UTC
- Revision ID: teddy@fukt.bsnet.se-20080829055359-wkdasnyxtylmnxus
* mandos.xml (EXAMPLE): Replaced all occurences of command name with
"&COMMANDNAME;".
* plugins.d/password-prompt.c (main): Improved some documentation
strings. Do perror() of
tcgetattr() fails. Add debug
output if interrupted by signal.
Loop over write() instead of
using fwrite() when outputting
password. Add debug output if
getline() returns 0, unless it
was caused by a signal. Add
exit status code to debug
output.
* plugins.d/password-prompt.xml: Changed all single quotes to double
quotes for consistency. Removed
<?xml-stylesheet>.
(ENTITY TIMESTAMP): New. Automatically updated by Emacs time-stamp
by using Emacs local variables.
(/refentry/refentryinfo/title): Changed to "Mandos Manual".
(/refentry/refentryinfo/productname): Changed to "Mandos".
(/refentry/refentryinfo/date): New; set to "&TIMESTAMP;".
(/refentry/refentryinfo/copyright): Split copyright holders.
(/refentry/refnamediv/refpurpose): Improved wording.
(SYNOPSIS): Fix to use correct markup. Add short options.
(DESCRIPTION, OPTIONS): Improved wording.
(OPTIONS): Improved wording. Use more correct markup. Document
short options.
(EXIT STATUS): Add text.
(ENVIRONMENT): Document use of "cryptsource" and "crypttarget".
(FILES): REMOVED.
(BUGS): Add text.
(EXAMPLE): Added some examples.
(SECURITY): Added text.
(SEE ALSO): Remove reference to mandos(8). Add reference to
crypttab(5).
"&COMMANDNAME;".
* plugins.d/password-prompt.c (main): Improved some documentation
strings. Do perror() of
tcgetattr() fails. Add debug
output if interrupted by signal.
Loop over write() instead of
using fwrite() when outputting
password. Add debug output if
getline() returns 0, unless it
was caused by a signal. Add
exit status code to debug
output.
* plugins.d/password-prompt.xml: Changed all single quotes to double
quotes for consistency. Removed
<?xml-stylesheet>.
(ENTITY TIMESTAMP): New. Automatically updated by Emacs time-stamp
by using Emacs local variables.
(/refentry/refentryinfo/title): Changed to "Mandos Manual".
(/refentry/refentryinfo/productname): Changed to "Mandos".
(/refentry/refentryinfo/date): New; set to "&TIMESTAMP;".
(/refentry/refentryinfo/copyright): Split copyright holders.
(/refentry/refnamediv/refpurpose): Improved wording.
(SYNOPSIS): Fix to use correct markup. Add short options.
(DESCRIPTION, OPTIONS): Improved wording.
(OPTIONS): Improved wording. Use more correct markup. Document
short options.
(EXIT STATUS): Add text.
(ENVIRONMENT): Document use of "cryptsource" and "crypttarget".
(FILES): REMOVED.
(BUGS): Add text.
(EXAMPLE): Added some examples.
(SECURITY): Added text.
(SEE ALSO): Remove reference to mandos(8). Add reference to
crypttab(5).
- files added:
- .bzrignore
- files removed:
- ca.pem
- files renamed:
- server.py => mandos
- server.conf => mandos.conf
- plugbasedclient.c => plugin-runner.c
- plugins.d/passprompt.c => plugins.d/password-prompt.c
- plugins.d/mandosclient.c => plugins.d/password-request.c
- files modified:
- Makefile
added
removed
plugin-runner.c
21
21
* Contact the authors at <mandos@fukt.bsnet.se>.
22
22
*/
23
23
24
#include <stdio.h> /* popen(), fileno(), fprintf(),
25
stderr, STDOUT_FILENO */
24
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), getline(),
25
asprintf() */
26
#include <stddef.h> /* size_t, NULL */
27
#include <stdlib.h> /* malloc(), exit(), EXIT_FAILURE,
28
EXIT_SUCCESS, realloc() */
29
#include <stdbool.h> /* bool, true, false */
30
#include <stdio.h> /* perror, popen(), fileno(),
31
fprintf(), stderr, STDOUT_FILENO */
32
#include <sys/types.h> /* DIR, opendir(), stat(), struct
33
stat, waitpid(), WIFEXITED(),
34
WEXITSTATUS(), wait(), pid_t,
35
uid_t, gid_t, getuid(), getgid(),
36
dirfd() */
37
#include <sys/select.h> /* fd_set, select(), FD_ZERO(),
38
FD_SET(), FD_ISSET(), FD_CLR */
39
#include <sys/wait.h> /* wait(), waitpid(), WIFEXITED(),
40
WEXITSTATUS() */
41
#include <sys/stat.h> /* struct stat, stat(), S_ISREG() */
26
42
#include <iso646.h> /* and, or, not */
27
#include <sys/types.h> /* DIR, opendir(), stat(), struct stat,
28
waitpid(), WIFEXITED(),
29
WEXITSTATUS(), wait() */
30
#include <sys/wait.h> /* wait() */
31
43
#include <dirent.h> /* DIR, struct dirent, opendir(),
32
readdir(), closedir() */
33
#include <sys/stat.h> /* struct stat, stat(), S_ISREG() */
44
readdir(), closedir(), dirfd() */
34
45
#include <unistd.h> /* struct stat, stat(), S_ISREG(),
35
fcntl() */
36
#include <fcntl.h> /* fcntl() */
37
#include <stddef.h> /* NULL */
38
#include <stdlib.h> /* EXIT_FAILURE */
39
#include <sys/select.h> /* fd_set, select(), FD_ZERO(),
40
FD_SET(), FD_ISSET() */
41
#include <string.h> /* strlen(), strcpy(), strcat() */
42
#include <stdbool.h> /* true */
43
#include <sys/wait.h> /* waitpid(), WIFEXITED(),
44
WEXITSTATUS() */
46
fcntl(), setuid(), setgid(),
47
F_GETFD, F_SETFD, FD_CLOEXEC,
48
access(), pipe(), fork(), close()
49
dup2, STDOUT_FILENO, _exit(),
50
execv(), write(), read(),
51
close() */
52
#include <fcntl.h> /* fcntl(), F_GETFD, F_SETFD,
53
FD_CLOEXEC */
54
#include <string.h> /* strsep, strlen(), asprintf() */
45
55
#include <errno.h> /* errno */
46
#include <argp.h> /* struct argp_option,
47
struct argp_state, struct argp,
48
argp_parse() */
56
#include <argp.h> /* struct argp_option, struct
57
argp_state, struct argp,
58
argp_parse(), ARGP_ERR_UNKNOWN,
59
ARGP_KEY_END, ARGP_KEY_ARG,
60
error_t */
61
#include <signal.h> /* struct sigaction, sigemptyset(),
62
sigaddset(), sigaction(),
63
sigprocmask(), SIG_BLOCK, SIGCHLD,
64
SIG_UNBLOCK, kill() */
65
#include <errno.h> /* errno, EBADF */
66
67
#define BUFFER_SIZE 256
68
69
#define PDIR "/lib/mandos/plugins.d"
70
#define AFILE "/conf/conf.d/mandos/plugin-runner.conf"
71
72
const char *argp_program_version = "plugin-runner 1.0";
73
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
49
74
50
75
struct process;
51
76
55
80
char *buffer;
56
81
size_t buffer_size;
57
82
size_t buffer_length;
83
bool eof;
84
volatile bool completed;
85
volatile int status;
58
86
struct process *next;
59
87
} process;
60
88
62
90
char *name; /* can be NULL or any plugin name */
63
91
char **argv;
64
92
int argc;
93
char **environ;
94
int envc;
65
95
bool disabled;
66
96
struct plugin *next;
67
97
} plugin;
68
98
69
plugin *getplugin(char *name, plugin **plugin_list){
99
static plugin *getplugin(char *name, plugin **plugin_list){
70
100
for (plugin *p = *plugin_list; p != NULL; p = p->next){
71
101
if ((p->name == name)
72
102
or (p->name and name and (strcmp(p->name, name) == 0))){
76
106
/* Create a new plugin */
77
107
plugin *new_plugin = malloc(sizeof(plugin));
78
108
if (new_plugin == NULL){
79
perror("malloc");
80
exit(EXIT_FAILURE);
81
}
82
new_plugin->name = name;
109
return NULL;
110
}
111
char *copy_name = NULL;
112
if(name != NULL){
113
copy_name = strdup(name);
114
if(copy_name == NULL){
115
return NULL;
116
}
117
}
118
119
*new_plugin = (plugin) { .name = copy_name,
120
.argc = 1,
121
.envc = 0,
122
.disabled = false,
123
.next = *plugin_list };
124
83
125
new_plugin->argv = malloc(sizeof(char *) * 2);
84
126
if (new_plugin->argv == NULL){
85
perror("malloc");
86
exit(EXIT_FAILURE);
127
free(copy_name);
128
free(new_plugin);
129
return NULL;
87
130
}
88
new_plugin->argv[0] = name;
131
new_plugin->argv[0] = copy_name;
89
132
new_plugin->argv[1] = NULL;
90
new_plugin->argc = 1;
91
new_plugin->disabled = false;
92
new_plugin->next = *plugin_list;
133
134
new_plugin->environ = malloc(sizeof(char *));
135
if(new_plugin->environ == NULL){
136
free(copy_name);
137
free(new_plugin->argv);
138
free(new_plugin);
139
return NULL;
140
}
141
new_plugin->environ[0] = NULL;
93
142
/* Append the new plugin to the list */
94
143
*plugin_list = new_plugin;
95
144
return new_plugin;
96
145
}
97
146
98
void addargument(plugin *p, char *arg){
99
p->argv[p->argc] = arg;
100
p->argv = realloc(p->argv, sizeof(char *) * (size_t)(p->argc + 2));
101
if (p->argv == NULL){
102
perror("malloc");
103
exit(EXIT_FAILURE);
104
}
105
p->argc++;
106
p->argv[p->argc] = NULL;
107
}
108
109
#define BUFFER_SIZE 256
110
111
const char *argp_program_version =
112
"plugbasedclient 0.9";
113
const char *argp_program_bug_address =
114
"<mandos@fukt.bsnet.se>";
147
/* Helper function for add_argument and add_environment */
148
static bool add_to_char_array(const char *new, char ***array,
149
int *len){
150
/* Resize the pointed-to array to hold one more pointer */
151
*array = realloc(*array, sizeof(char *)
152
* (size_t) ((*len) + 2));
153
/* Malloc check */
154
if(*array == NULL){
155
return false;
156
}
157
/* Make a copy of the new string */
158
char *copy = strdup(new);
159
if(copy == NULL){
160
return false;
161
}
162
/* Insert the copy */
163
(*array)[*len] = copy;
164
(*len)++;
165
/* Add a new terminating NULL pointer to the last element */
166
(*array)[*len] = NULL;
167
return true;
168
}
169
170
/* Add to a plugin's argument vector */
171
static bool add_argument(plugin *p, const char *arg){
172
if(p == NULL){
173
return false;
174
}
175
return add_to_char_array(arg, &(p->argv), &(p->argc));
176
}
177
178
/* Add to a plugin's environment */
179
static bool add_environment(plugin *p, const char *def){
180
if(p == NULL){
181
return false;
182
}
183
return add_to_char_array(def, &(p->environ), &(p->envc));
184
}
185
186
187
/*
188
* Based on the example in the GNU LibC manual chapter 13.13 "File
189
* Descriptor Flags".
190
* *Note File Descriptor Flags:(libc)Descriptor Flags.
191
*/
192
static int set_cloexec_flag(int fd)
193
{
194
int ret = fcntl(fd, F_GETFD, 0);
195
/* If reading the flags failed, return error indication now. */
196
if(ret < 0){
197
return ret;
198
}
199
/* Store modified flag word in the descriptor. */
200
return fcntl(fd, F_SETFD, ret | FD_CLOEXEC);
201
}
202
203
process *process_list = NULL;
204
205
/* Mark processes as completed when they exit, and save their exit
206
status. */
207
void handle_sigchld(__attribute__((unused)) int sig){
208
while(true){
209
process *proc = process_list;
210
int status;
211
pid_t pid = waitpid(-1, &status, WNOHANG);
212
if(pid == 0){
213
/* Only still running child processes */
214
break;
215
}
216
if(pid == -1){
217
if (errno != ECHILD){
218
perror("waitpid");
219
}
220
/* No child processes */
221
break;
222
}
223
224
/* A child exited, find it in process_list */
225
while(proc != NULL and proc->pid != pid){
226
proc = proc->next;
227
}
228
if(proc == NULL){
229
/* Process not found in process list */
230
continue;
231
}
232
proc->status = status;
233
proc->completed = true;
234
}
235
}
236
237
bool print_out_password(const char *buffer, size_t length){
238
ssize_t ret;
239
if(length>0 and buffer[length-1] == '\n'){
240
length--;
241
}
242
for(size_t written = 0; written < length; written += (size_t)ret){
243
ret = TEMP_FAILURE_RETRY(write(STDOUT_FILENO, buffer + written,
244
length - written));
245
if(ret < 0){
246
return false;
247
}
248
}
249
return true;
250
}
251
252
static void free_plugin_list(plugin *plugin_list){
253
for(plugin *next; plugin_list != NULL; plugin_list = next){
254
next = plugin_list->next;
255
for(char **arg = plugin_list->argv; *arg != NULL; arg++){
256
free(*arg);
257
}
258
free(plugin_list->argv);
259
for(char **env = plugin_list->environ; *env != NULL; env++){
260
free(*env);
261
}
262
free(plugin_list->environ);
263
free(plugin_list);
264
}
265
}
115
266
116
267
int main(int argc, char *argv[]){
117
const char *plugindir = "/conf/conf.d/mandos/plugins.d";
268
char *plugindir = NULL;
269
char *argfile = NULL;
270
FILE *conffp;
118
271
size_t d_name_len;
119
DIR *dir;
272
DIR *dir = NULL;
120
273
struct dirent *dirst;
121
274
struct stat st;
122
275
fd_set rfds_all;
123
276
int ret, maxfd = 0;
124
process *process_list = NULL;
277
uid_t uid = 65534;
278
gid_t gid = 65534;
125
279
bool debug = false;
126
280
int exitstatus = EXIT_SUCCESS;
281
struct sigaction old_sigchld_action;
282
struct sigaction sigchld_action = { .sa_handler = handle_sigchld,
283
.sa_flags = SA_NOCLDSTOP };
284
char **custom_argv = NULL;
285
int custom_argc = 0;
286
287
/* Establish a signal handler */
288
sigemptyset(&sigchld_action.sa_mask);
289
ret = sigaddset(&sigchld_action.sa_mask, SIGCHLD);
290
if(ret == -1){
291
perror("sigaddset");
292
exitstatus = EXIT_FAILURE;
293
goto fallback;
294
}
295
ret = sigaction(SIGCHLD, &sigchld_action, &old_sigchld_action);
296
if(ret == -1){
297
perror("sigaction");
298
exitstatus = EXIT_FAILURE;
299
goto fallback;
300
}
127
301
128
302
/* The options we understand. */
129
303
struct argp_option options[] = {
130
304
{ .name = "global-options", .key = 'g',
131
305
.arg = "OPTION[,OPTION[,...]]",
132
306
.doc = "Options passed to all plugins" },
307
{ .name = "global-envs", .key = 'e',
308
.arg = "VAR=value",
309
.doc = "Environment variable passed to all plugins" },
133
310
{ .name = "options-for", .key = 'o',
134
311
.arg = "PLUGIN:OPTION[,OPTION[,...]]",
135
312
.doc = "Options passed only to specified plugin" },
313
{ .name = "envs-for", .key = 'f',
314
.arg = "PLUGIN:ENV=value",
315
.doc = "Environment variable passed to specified plugin" },
136
316
{ .name = "disable", .key = 'd',
137
317
.arg = "PLUGIN",
138
318
.doc = "Disable a specific plugin", .group = 1 },
139
319
{ .name = "plugin-dir", .key = 128,
140
320
.arg = "DIRECTORY",
141
321
.doc = "Specify a different plugin directory", .group = 2 },
142
{ .name = "debug", .key = 129,
143
.doc = "Debug mode", .group = 3 },
322
{ .name = "config-file", .key = 129,
323
.arg = "FILE",
324
.doc = "Specify a different configuration file", .group = 2 },
325
{ .name = "userid", .key = 130,
326
.arg = "ID", .flags = 0,
327
.doc = "User ID the plugins will run as", .group = 3 },
328
{ .name = "groupid", .key = 131,
329
.arg = "ID", .flags = 0,
330
.doc = "Group ID the plugins will run as", .group = 3 },
331
{ .name = "debug", .key = 132,
332
.doc = "Debug mode", .group = 4 },
144
333
{ .name = NULL }
145
334
};
146
335
147
336
error_t parse_opt (int key, char *arg, struct argp_state *state) {
148
/* Get the INPUT argument from `argp_parse', which we
149
know is a pointer to our plugin list pointer. */
337
/* Get the INPUT argument from `argp_parse', which we know is a
338
pointer to our plugin list pointer. */
150
339
plugin **plugins = state->input;
151
340
switch (key) {
152
341
case 'g':
153
342
if (arg != NULL){
154
char *p = strtok(arg, ",");
155
do{
156
addargument(getplugin(NULL, plugins), p);
157
p = strtok(NULL, ",");
158
} while (p);
343
char *p;
344
while((p = strsep(&arg, ",")) != NULL){
345
if(p[0] == '\0'){
346
continue;
347
}
348
if(not add_argument(getplugin(NULL, plugins), p)){
349
perror("add_argument");
350
return ARGP_ERR_UNKNOWN;
351
}
352
}
353
}
354
break;
355
case 'e':
356
if(arg == NULL){
357
break;
358
}
359
{
360
char *envdef = strdup(arg);
361
if(envdef == NULL){
362
break;
363
}
364
if(not add_environment(getplugin(NULL, plugins), envdef)){
365
perror("add_environment");
366
}
159
367
}
160
368
break;
161
369
case 'o':
162
370
if (arg != NULL){
163
char *name = strtok(arg, ":");
164
char *p = strtok(NULL, ":");
165
if(p){
166
p = strtok(p, ",");
167
do{
168
addargument(getplugin(name, plugins), p);
169
p = strtok(NULL, ",");
170
} while (p);
371
char *p_name = strsep(&arg, ":");
372
if(p_name[0] == '\0'){
373
break;
374
}
375
char *opt = strsep(&arg, ":");
376
if(opt[0] == '\0'){
377
break;
378
}
379
if(opt != NULL){
380
char *p;
381
while((p = strsep(&opt, ",")) != NULL){
382
if(p[0] == '\0'){
383
continue;
384
}
385
if(not add_argument(getplugin(p_name, plugins), p)){
386
perror("add_argument");
387
return ARGP_ERR_UNKNOWN;
388
}
389
}
390
}
391
}
392
break;
393
case 'f':
394
if(arg == NULL){
395
break;
396
}
397
{
398
char *envdef = strchr(arg, ':');
399
if(envdef == NULL){
400
break;
401
}
402
char *p_name = strndup(arg, (size_t) (envdef-arg));
403
if(p_name == NULL){
404
break;
405
}
406
envdef++;
407
if(not add_environment(getplugin(p_name, plugins), envdef)){
408
perror("add_environment");
171
409
}
172
410
}
173
411
break;
174
412
case 'd':
175
413
if (arg != NULL){
176
getplugin(arg, plugins)->disabled = true;
414
plugin *p = getplugin(arg, plugins);
415
if(p == NULL){
416
return ARGP_ERR_UNKNOWN;
417
}
418
p->disabled = true;
177
419
}
178
420
break;
179
421
case 128:
180
plugindir = arg;
422
plugindir = strdup(arg);
423
if(plugindir == NULL){
424
perror("strdup");
425
}
181
426
break;
182
427
case 129:
428
argfile = strdup(arg);
429
if(argfile == NULL){
430
perror("strdup");
431
}
432
break;
433
case 130:
434
uid = (uid_t)strtol(arg, NULL, 10);
435
break;
436
case 131:
437
gid = (gid_t)strtol(arg, NULL, 10);
438
break;
439
case 132:
183
440
debug = true;
184
441
break;
185
442
case ARGP_KEY_ARG:
186
argp_usage (state);
443
fprintf(stderr, "Ignoring unknown argument \"%s\"\n", arg);
187
444
break;
188
445
case ARGP_KEY_END:
189
446
break;
196
453
plugin *plugin_list = NULL;
197
454
198
455
struct argp argp = { .options = options, .parser = parse_opt,
199
.args_doc = "",
456
.args_doc = "[+PLUS_SEPARATED_OPTIONS]",
200
457
.doc = "Mandos plugin runner -- Run plugins" };
201
458
202
argp_parse (&argp, argc, argv, 0, 0, &plugin_list);
459
ret = argp_parse (&argp, argc, argv, 0, 0, &plugin_list);
460
if (ret == ARGP_ERR_UNKNOWN){
461
fprintf(stderr, "Unknown error while parsing arguments\n");
462
exitstatus = EXIT_FAILURE;
463
goto fallback;
464
}
465
466
if (argfile == NULL){
467
conffp = fopen(AFILE, "r");
468
} else {
469
conffp = fopen(argfile, "r");
470
}
471
472
if(conffp != NULL){
473
char *org_line = NULL;
474
char *p, *arg, *new_arg, *line;
475
size_t size = 0;
476
ssize_t sret;
477
const char whitespace_delims[] = " \r\t\f\v\n";
478
const char comment_delim[] = "#";
479
480
custom_argc = 1;
481
custom_argv = malloc(sizeof(char*) * 2);
482
if(custom_argv == NULL){
483
perror("malloc");
484
exitstatus = EXIT_FAILURE;
485
goto fallback;
486
}
487
custom_argv[0] = argv[0];
488
custom_argv[1] = NULL;
489
490
while(true){
491
sret = getline(&org_line, &size, conffp);
492
if(sret == -1){
493
break;
494
}
495
496
line = org_line;
497
arg = strsep(&line, comment_delim);
498
while((p = strsep(&arg, whitespace_delims)) != NULL){
499
if(p[0] == '\0'){
500
continue;
501
}
502
new_arg = strdup(p);
503
if(new_arg == NULL){
504
perror("strdup");
505
exitstatus = EXIT_FAILURE;
506
free(org_line);
507
goto fallback;
508
}
509
510
custom_argc += 1;
511
custom_argv = realloc(custom_argv, sizeof(char *)
512
* ((unsigned int) custom_argc + 1));
513
if(custom_argv == NULL){
514
perror("realloc");
515
exitstatus = EXIT_FAILURE;
516
free(org_line);
517
goto fallback;
518
}
519
custom_argv[custom_argc-1] = new_arg;
520
custom_argv[custom_argc] = NULL;
521
}
522
}
523
free(org_line);
524
} else{
525
/* Check for harmful errors and go to fallback. Other errors might
526
not affect opening plugins */
527
if (errno == EMFILE or errno == ENFILE or errno == ENOMEM){
528
perror("fopen");
529
exitstatus = EXIT_FAILURE;
530
goto fallback;
531
}
532
}
533
534
if(custom_argv != NULL){
535
ret = argp_parse (&argp, custom_argc, custom_argv, 0, 0, &plugin_list);
536
if (ret == ARGP_ERR_UNKNOWN){
537
fprintf(stderr, "Unknown error while parsing arguments\n");
538
exitstatus = EXIT_FAILURE;
539
goto fallback;
540
}
541
}
203
542
204
543
if(debug){
205
544
for(plugin *p = plugin_list; p != NULL; p=p->next){
206
545
fprintf(stderr, "Plugin: %s has %d arguments\n",
207
p->name ? p->name : "Global", p->argc);
546
p->name ? p->name : "Global", p->argc - 1);
208
547
for(char **a = p->argv; *a != NULL; a++){
209
548
fprintf(stderr, "\tArg: %s\n", *a);
210
549
}
550
fprintf(stderr, "...and %u environment variables\n", p->envc);
551
for(char **a = p->environ; *a != NULL; a++){
552
fprintf(stderr, "\t%s\n", *a);
553
}
211
554
}
212
555
}
213
556
214
dir = opendir(plugindir);
557
ret = setuid(uid);
558
if (ret == -1){
559
perror("setuid");
560
}
561
562
setgid(gid);
563
if (ret == -1){
564
perror("setgid");
565
}
566
567
if (plugindir == NULL){
568
dir = opendir(PDIR);
569
} else {
570
dir = opendir(plugindir);
571
}
572
573
if(dir == NULL){
574
perror("Could not open plugin dir");
575
exitstatus = EXIT_FAILURE;
576
goto fallback;
577
}
578
579
/* Set the FD_CLOEXEC flag on the directory, if possible */
215
580
{
216
/* Set the FD_CLOEXEC flag on the directory */
217
int fd = dirfd(dir);
218
ret = fcntl (fd, F_GETFD, 0);
219
if(ret < 0){
220
perror("fcntl F_GETFD");
221
goto end;
222
}
223
ret = fcntl(fd, F_SETFD, FD_CLOEXEC | ret);
224
if(ret < 0){
225
perror("fcntl F_SETFD");
226
goto end;
227
}
228
}
229
230
if(dir == NULL){
231
fprintf(stderr, "Can not open directory\n");
232
return EXIT_FAILURE;
581
int dir_fd = dirfd(dir);
582
if(dir_fd >= 0){
583
ret = set_cloexec_flag(dir_fd);
584
if(ret < 0){
585
perror("set_cloexec_flag");
586
exitstatus = EXIT_FAILURE;
587
goto fallback;
588
}
589
}
233
590
}
234
591
235
592
FD_ZERO(&rfds_all);
239
596
240
597
// All directory entries have been processed
241
598
if(dirst == NULL){
599
if (errno == EBADF){
600
perror("readdir");
601
exitstatus = EXIT_FAILURE;
602
goto fallback;
603
}
242
604
break;
243
605
}
244
606
258
620
if((d_name_len >= pre_len)
259
621
and strncmp((dirst->d_name), *pre, pre_len) == 0){
260
622
if(debug){
261
fprintf(stderr, "Ignoring plugin dir entry name \"%s\""
623
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
262
624
" with bad prefix %s\n", dirst->d_name, *pre);
263
625
}
264
626
bad_name = true;
276
638
and (strcmp((dirst->d_name)+d_name_len-suf_len, *suf)
277
639
== 0)){
278
640
if(debug){
279
fprintf(stderr, "Ignoring plugin dir entry name \"%s\""
641
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
280
642
" with bad suffix %s\n", dirst->d_name, *suf);
281
643
}
282
644
bad_name = true;
288
650
continue;
289
651
}
290
652
}
291
292
char *filename = malloc(d_name_len + strlen(plugindir) + 2);
293
if (filename == NULL){
294
perror("malloc");
295
exitstatus =EXIT_FAILURE;
296
goto end;
297
}
298
strcpy(filename, plugindir);
299
strcat(filename, "/");
300
strcat(filename, dirst->d_name);
301
302
stat(filename, &st);
303
653
654
char *filename;
655
ret = asprintf(&filename, "%s/%s", plugindir, dirst->d_name);
656
if(ret < 0){
657
perror("asprintf");
658
continue;
659
}
660
661
ret = stat(filename, &st);
662
if (ret == -1){
663
perror("stat");
664
free(filename);
665
continue;
666
}
667
304
668
if (not S_ISREG(st.st_mode) or (access(filename, X_OK) != 0)){
305
669
if(debug){
306
fprintf(stderr, "Ignoring plugin dir entry name \"%s\""
670
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
307
671
" with bad type or mode\n", filename);
308
672
}
309
continue;
310
}
311
if(getplugin(dirst->d_name, &plugin_list)->disabled){
673
free(filename);
674
continue;
675
}
676
plugin *p = getplugin(dirst->d_name, &plugin_list);
677
if(p == NULL){
678
perror("getplugin");
679
free(filename);
680
continue;
681
}
682
if(p->disabled){
312
683
if(debug){
313
fprintf(stderr, "Ignoring disabled plugin \"%s\"",
684
fprintf(stderr, "Ignoring disabled plugin \"%s\"\n",
314
685
dirst->d_name);
315
686
}
687
free(filename);
316
688
continue;
317
689
}
690
{
691
/* Add global arguments to argument list for this plugin */
692
plugin *g = getplugin(NULL, &plugin_list);
693
if(g != NULL){
694
for(char **a = g->argv + 1; *a != NULL; a++){
695
if(not add_argument(p, *a)){
696
perror("add_argument");
697
}
698
}
699
/* Add global environment variables */
700
for(char **e = g->environ; *e != NULL; e++){
701
if(not add_environment(p, *e)){
702
perror("add_environment");
703
}
704
}
705
}
706
}
707
/* If this plugin has any environment variables, we will call
708
using execve and need to duplicate the environment from this
709
process, too. */
710
if(p->environ[0] != NULL){
711
for(char **e = environ; *e != NULL; e++){
712
char *copy = strdup(*e);
713
if(copy == NULL){
714
perror("strdup");
715
continue;
716
}
717
if(not add_environment(p, copy)){
718
perror("add_environment");
719
}
720
}
721
}
722
723
int pipefd[2];
724
ret = pipe(pipefd);
725
if (ret == -1){
726
perror("pipe");
727
exitstatus = EXIT_FAILURE;
728
goto fallback;
729
}
730
ret = set_cloexec_flag(pipefd[0]);
731
if(ret < 0){
732
perror("set_cloexec_flag");
733
exitstatus = EXIT_FAILURE;
734
goto fallback;
735
}
736
ret = set_cloexec_flag(pipefd[1]);
737
if(ret < 0){
738
perror("set_cloexec_flag");
739
exitstatus = EXIT_FAILURE;
740
goto fallback;
741
}
742
/* Block SIGCHLD until process is safely in process list */
743
ret = sigprocmask (SIG_BLOCK, &sigchld_action.sa_mask, NULL);
744
if(ret < 0){
745
perror("sigprocmask");
746
exitstatus = EXIT_FAILURE;
747
goto fallback;
748
}
318
749
// Starting a new process to be watched
319
int pipefd[2];
320
ret = pipe(pipefd);
321
if (ret == -1){
322
perror(argv[0]);
323
goto end;
324
}
325
750
pid_t pid = fork();
751
if(pid == -1){
752
perror("fork");
753
exitstatus = EXIT_FAILURE;
754
goto fallback;
755
}
326
756
if(pid == 0){
327
757
/* this is the child process */
328
closedir(dir);
329
close(pipefd[0]); /* close unused read end of pipe */
330
dup2(pipefd[1], STDOUT_FILENO); /* replace our stdout */
758
ret = sigaction(SIGCHLD, &old_sigchld_action, NULL);
759
if(ret < 0){
760
perror("sigaction");
761
_exit(EXIT_FAILURE);
762
}
763
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
764
if(ret < 0){
765
perror("sigprocmask");
766
_exit(EXIT_FAILURE);
767
}
768
769
ret = dup2(pipefd[1], STDOUT_FILENO); /* replace our stdout */
770
if(ret == -1){
771
perror("dup2");
772
_exit(EXIT_FAILURE);
773
}
331
774
332
plugin *p = getplugin(dirst->d_name, &plugin_list);
333
plugin *g = getplugin(NULL, &plugin_list);
334
for(char **a = g->argv + 1; *a != NULL; a++){
335
addargument(p, *a);
775
if(dirfd(dir) < 0){
776
/* If dir has no file descriptor, we could not set FD_CLOEXEC
777
above and must now close it manually here. */
778
closedir(dir);
336
779
}
337
if(execv(filename, p->argv) < 0){
338
perror(argv[0]);
339
close(pipefd[1]);
340
_exit(EXIT_FAILURE);
780
if(p->environ[0] == NULL){
781
if(execv(filename, p->argv) < 0){
782
perror("execv");
783
_exit(EXIT_FAILURE);
784
}
785
} else {
786
if(execve(filename, p->argv, p->environ) < 0){
787
perror("execve");
788
_exit(EXIT_FAILURE);
789
}
341
790
}
342
791
/* no return */
343
792
}
793
/* parent process */
794
free(filename);
344
795
close(pipefd[1]); /* close unused write end of pipe */
345
796
process *new_process = malloc(sizeof(process));
346
797
if (new_process == NULL){
347
798
perror("malloc");
348
exitstatus = EXIT_FAILURE;
349
goto end;
350
}
351
352
new_process->fd = pipefd[0];
353
new_process->buffer = malloc(BUFFER_SIZE);
354
if (new_process->buffer == NULL){
355
perror("malloc");
356
exitstatus = EXIT_FAILURE;
357
goto end;
358
}
359
new_process->buffer_size = BUFFER_SIZE;
360
new_process->buffer_length = 0;
799
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
800
if(ret < 0){
801
perror("sigprocmask");
802
}
803
exitstatus = EXIT_FAILURE;
804
goto fallback;
805
}
806
807
*new_process = (struct process){ .pid = pid,
808
.fd = pipefd[0],
809
.next = process_list };
810
// List handling
811
process_list = new_process;
812
/* Unblock SIGCHLD so signal handler can be run if this process
813
has already completed */
814
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
815
if(ret < 0){
816
perror("sigprocmask");
817
exitstatus = EXIT_FAILURE;
818
goto fallback;
819
}
820
361
821
FD_SET(new_process->fd, &rfds_all);
362
822
363
823
if (maxfd < new_process->fd){
364
824
maxfd = new_process->fd;
365
825
}
366
826
367
//List handling
368
new_process->next = process_list;
369
process_list = new_process;
370
827
}
828
829
free_plugin_list(plugin_list);
830
plugin_list = NULL;
371
831
372
832
closedir(dir);
373
374
if (process_list != NULL){
375
while(true){
376
fd_set rfds = rfds_all;
377
int select_ret = select(maxfd+1, &rfds, NULL, NULL, NULL);
378
if (select_ret == -1){
379
perror(argv[0]);
380
goto end;
381
}else{
382
for(process *process_itr = process_list; process_itr != NULL;
383
process_itr = process_itr->next){
384
if(FD_ISSET(process_itr->fd, &rfds)){
385
if(process_itr->buffer_length + BUFFER_SIZE
386
> process_itr->buffer_size){
387
process_itr->buffer = realloc(process_itr->buffer,
388
process_itr->buffer_size
389
+ (size_t) BUFFER_SIZE);
390
if (process_itr->buffer == NULL){
391
perror(argv[0]);
392
goto end;
393
}
394
process_itr->buffer_size += BUFFER_SIZE;
395
}
396
ret = read(process_itr->fd, process_itr->buffer
397
+ process_itr->buffer_length, BUFFER_SIZE);
398
if(ret < 0){
399
/* Read error from this process; ignore it */
400
continue;
401
}
402
process_itr->buffer_length += (size_t) ret;
403
if(ret == 0){
404
/* got EOF */
405
/* wait for process exit */
406
int status;
407
waitpid(process_itr->pid, &status, 0);
408
if(WIFEXITED(status) and WEXITSTATUS(status) == 0){
409
for(size_t written = 0;
410
written < process_itr->buffer_length;){
411
ret = write(STDOUT_FILENO,
412
process_itr->buffer + written,
413
process_itr->buffer_length - written);
414
if(ret < 0){
415
perror(argv[0]);
416
goto end;
417
}
418
written += (size_t)ret;
419
}
420
goto end;
421
} else {
422
FD_CLR(process_itr->fd, &rfds_all);
833
dir = NULL;
834
835
if (process_list == NULL){
836
fprintf(stderr, "No plugin processes started. Incorrect plugin"
837
" directory?\n");
838
process_list = NULL;
839
}
840
while(process_list){
841
fd_set rfds = rfds_all;
842
int select_ret = select(maxfd+1, &rfds, NULL, NULL, NULL);
843
if (select_ret == -1){
844
perror("select");
845
exitstatus = EXIT_FAILURE;
846
goto fallback;
847
}
848
/* OK, now either a process completed, or something can be read
849
from one of them */
850
for(process *proc = process_list; proc ; proc = proc->next){
851
/* Is this process completely done? */
852
if(proc->eof and proc->completed){
853
/* Only accept the plugin output if it exited cleanly */
854
if(not WIFEXITED(proc->status)
855
or WEXITSTATUS(proc->status) != 0){
856
/* Bad exit by plugin */
857
if(debug){
858
if(WIFEXITED(proc->status)){
859
fprintf(stderr, "Plugin %u exited with status %d\n",
860
(unsigned int) (proc->pid),
861
WEXITSTATUS(proc->status));
862
} else if(WIFSIGNALED(proc->status)) {
863
fprintf(stderr, "Plugin %u killed by signal %d\n",
864
(unsigned int) (proc->pid),
865
WTERMSIG(proc->status));
866
} else if(WCOREDUMP(proc->status)){
867
fprintf(stderr, "Plugin %d dumped core\n",
868
(unsigned int) (proc->pid));
869
}
870
}
871
/* Remove the plugin */
872
FD_CLR(proc->fd, &rfds_all);
873
/* Block signal while modifying process_list */
874
ret = sigprocmask(SIG_BLOCK, &sigchld_action.sa_mask, NULL);
875
if(ret < 0){
876
perror("sigprocmask");
877
exitstatus = EXIT_FAILURE;
878
goto fallback;
879
}
880
/* Delete this process entry from the list */
881
if(process_list == proc){
882
/* First one - simple */
883
process_list = proc->next;
884
} else {
885
/* Second one or later */
886
for(process *p = process_list; p != NULL; p = p->next){
887
if(p->next == proc){
888
p->next = proc->next;
889
break;
423
890
}
424
891
}
425
892
}
426
}
427
}
428
}
429
}
430
431
end:
432
for(process *process_itr = process_list; process_itr != NULL;
433
process_itr = process_itr->next){
434
close(process_itr->fd);
435
kill(process_itr->pid, SIGTERM);
436
free(process_itr->buffer);
437
}
438
439
while(true){
440
int status;
441
ret = wait(&status);
442
if (ret == -1){
443
if(errno != ECHILD){
444
perror("wait");
445
}
446
break;
447
}
448
}
893
/* We are done modifying process list, so unblock signal */
894
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask,
895
NULL);
896
if(ret < 0){
897
perror("sigprocmask");
898
}
899
free(proc->buffer);
900
free(proc);
901
/* We deleted this process from the list, so we can't go
902
proc->next. Therefore, start over from the beginning of
903
the process list */
904
break;
905
}
906
/* This process exited nicely, so print its buffer */
907
908
bool bret = print_out_password(proc->buffer,
909
proc->buffer_length);
910
if(not bret){
911
perror("print_out_password");
912
exitstatus = EXIT_FAILURE;
913
}
914
goto fallback;
915
}
916
/* This process has not completed. Does it have any output? */
917
if(proc->eof or not FD_ISSET(proc->fd, &rfds)){
918
/* This process had nothing to say at this time */
919
continue;
920
}
921
/* Before reading, make the process' data buffer large enough */
922
if(proc->buffer_length + BUFFER_SIZE > proc->buffer_size){
923
proc->buffer = realloc(proc->buffer, proc->buffer_size
924
+ (size_t) BUFFER_SIZE);
925
if (proc->buffer == NULL){
926
perror("malloc");
927
exitstatus = EXIT_FAILURE;
928
goto fallback;
929
}
930
proc->buffer_size += BUFFER_SIZE;
931
}
932
/* Read from the process */
933
ret = read(proc->fd, proc->buffer + proc->buffer_length,
934
BUFFER_SIZE);
935
if(ret < 0){
936
/* Read error from this process; ignore the error */
937
continue;
938
}
939
if(ret == 0){
940
/* got EOF */
941
proc->eof = true;
942
} else {
943
proc->buffer_length += (size_t) ret;
944
}
945
}
946
}
947
948
949
fallback:
950
951
if(process_list == NULL or exitstatus != EXIT_SUCCESS){
952
/* Fallback if all plugins failed, none are found or an error
953
occured */
954
bool bret;
955
fprintf(stderr, "Going to fallback mode using getpass(3)\n");
956
char *passwordbuffer = getpass("Password: ");
957
bret = print_out_password(passwordbuffer, strlen(passwordbuffer));
958
if(not bret){
959
perror("print_out_password");
960
exitstatus = EXIT_FAILURE;
961
}
962
}
963
964
/* Restore old signal handler */
965
ret = sigaction(SIGCHLD, &old_sigchld_action, NULL);
966
if(ret == -1){
967
perror("sigaction");
968
exitstatus = EXIT_FAILURE;
969
}
970
971
if(custom_argv != NULL){
972
for(char **arg = custom_argv+1; *arg != NULL; arg++){
973
free(*arg);
974
}
975
free(custom_argv);
976
}
977
free_plugin_list(plugin_list);
978
979
if(dir != NULL){
980
closedir(dir);
981
}
982
983
/* Free the process list and kill the processes */
984
for(process *next; process_list != NULL; process_list = next){
985
next = process_list->next;
986
close(process_list->fd);
987
ret = kill(process_list->pid, SIGTERM);
988
if(ret == -1 and errno != ESRCH){
989
/* set-uid proccesses migth not get closed */
990
perror("kill");
991
}
992
free(process_list->buffer);
993
free(process_list);
994
}
995
996
/* Wait for any remaining child processes to terminate */
997
do{
998
ret = wait(NULL);
999
} while(ret >= 0);
1000
if(errno != ECHILD){
1001
perror("wait");
1002
}
1003
1004
free(plugindir);
1005
free(argfile);
1006
449
1007
return exitstatus;
450
1008
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0