To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugbasedclient.c
- browse files at revision 13
- compare with another revision
- download diff
- download tarball
- view history from revision 13
- Committer: Björn Påhlsson
- Date: 2008-07-20 02:52:20 UTC
- Revision ID: belorn@braxen-20080720025220-r5u0388uy9iu23h6
Added following support:
Pluginbased client handler
rewritten Mandos client
Avahi instead of udp server discovery
openpgp encrypted key support
Passprompt stand alone application for direct console input
Added logging for Mandos server
Pluginbased client handler
rewritten Mandos client
Avahi instead of udp server discovery
openpgp encrypted key support
Passprompt stand alone application for direct console input
Added logging for Mandos server
- files added:
- ca.pem
- files removed:
- .bzr-builddeb
- debian
- debian/po
- files renamed:
- clients.conf => mandos-clients.conf
- plugin-runner.c => plugbasedclient.c
- plugins.d/mandos-client.c => plugins.d/mandosclient.c
- plugins.d/password-prompt.c => plugins.d/passprompt.c
- mandos => server.py
- files modified:
- Makefile
added
removed
plugbasedclient.c
1
/* -*- coding: utf-8 -*- */
2
/*
3
* Mandos plugin runner - Run Mandos plugins
4
*
5
* Copyright © 2008,2009 Teddy Hogeborn
6
* Copyright © 2008,2009 Björn Påhlsson
7
*
8
* This program is free software: you can redistribute it and/or
9
* modify it under the terms of the GNU General Public License as
10
* published by the Free Software Foundation, either version 3 of the
11
* License, or (at your option) any later version.
12
*
13
* This program is distributed in the hope that it will be useful, but
14
* WITHOUT ANY WARRANTY; without even the implied warranty of
15
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16
* General Public License for more details.
17
*
18
* You should have received a copy of the GNU General Public License
19
* along with this program. If not, see
20
* <http://www.gnu.org/licenses/>.
21
*
22
* Contact the authors at <mandos@fukt.bsnet.se>.
23
*/
24
25
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), getline(),
26
asprintf() */
27
#include <stddef.h> /* size_t, NULL */
28
#include <stdlib.h> /* malloc(), exit(), EXIT_FAILURE,
29
EXIT_SUCCESS, realloc() */
30
#include <stdbool.h> /* bool, true, false */
31
#include <stdio.h> /* perror, fileno(), fprintf(),
32
stderr, STDOUT_FILENO */
33
#include <sys/types.h> /* DIR, opendir(), stat(), struct
34
stat, waitpid(), WIFEXITED(),
35
WEXITSTATUS(), wait(), pid_t,
36
uid_t, gid_t, getuid(), getgid(),
37
dirfd() */
38
#include <sys/select.h> /* fd_set, select(), FD_ZERO(),
39
FD_SET(), FD_ISSET(), FD_CLR */
40
#include <sys/wait.h> /* wait(), waitpid(), WIFEXITED(),
41
WEXITSTATUS() */
42
#include <sys/stat.h> /* struct stat, stat(), S_ISREG() */
43
#include <iso646.h> /* and, or, not */
44
#include <dirent.h> /* DIR, struct dirent, opendir(),
45
readdir(), closedir(), dirfd() */
46
#include <unistd.h> /* struct stat, stat(), S_ISREG(),
47
fcntl(), setuid(), setgid(),
48
F_GETFD, F_SETFD, FD_CLOEXEC,
49
access(), pipe(), fork(), close()
50
dup2(), STDOUT_FILENO, _exit(),
51
execv(), write(), read(),
52
close() */
53
#include <fcntl.h> /* fcntl(), F_GETFD, F_SETFD,
54
FD_CLOEXEC */
55
#include <string.h> /* strsep, strlen(), asprintf() */
56
#include <errno.h> /* errno */
57
#include <argp.h> /* struct argp_option, struct
58
argp_state, struct argp,
59
argp_parse(), ARGP_ERR_UNKNOWN,
60
ARGP_KEY_END, ARGP_KEY_ARG,
61
error_t */
62
#include <signal.h> /* struct sigaction, sigemptyset(),
63
sigaddset(), sigaction(),
64
sigprocmask(), SIG_BLOCK, SIGCHLD,
65
SIG_UNBLOCK, kill() */
66
#include <errno.h> /* errno, EBADF */
67
68
#define BUFFER_SIZE 256
69
70
#define PDIR "/lib/mandos/plugins.d"
71
#define AFILE "/conf/conf.d/mandos/plugin-runner.conf"
72
73
const char *argp_program_version = "plugin-runner " VERSION;
74
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
75
76
typedef struct plugin{
77
char *name; /* can be NULL or any plugin name */
78
char **argv;
79
int argc;
80
char **environ;
81
int envc;
82
bool disabled;
83
84
/* Variables used for running processes*/
1
#include <stdio.h> /* popen, fileno */
2
#include <iso646.h> /* and, or, not */
3
#include <sys/types.h> /* DIR, opendir, stat, struct stat, waitpid,
4
WIFEXITED, WEXITSTATUS, wait */
5
#include <sys/wait.h> /* wait */
6
#include <dirent.h> /* DIR, opendir */
7
#include <sys/stat.h> /* stat, struct stat */
8
#include <unistd.h> /* stat, struct stat, chdir */
9
#include <stdlib.h> /* EXIT_FAILURE */
10
#include <sys/select.h> /* fd_set, select, FD_ZERO, FD_SET, FD_ISSET */
11
#include <string.h> /* strlen, strcpy, strcat */
12
#include <stdbool.h> /* true */
13
#include <sys/wait.h> /* waitpid, WIFEXITED, WEXITSTATUS */
14
#include <errno.h> /* errno */
15
16
struct process;
17
18
typedef struct process{
85
19
pid_t pid;
86
20
int fd;
87
21
char *buffer;
88
size_t buffer_size;
89
size_t buffer_length;
90
bool eof;
91
volatile bool completed;
92
volatile int status;
93
struct plugin *next;
94
} plugin;
95
96
static plugin *plugin_list = NULL;
97
98
/* Gets an existing plugin based on name,
99
or if none is found, creates a new one */
100
static plugin *getplugin(char *name){
101
/* Check for exiting plugin with that name */
102
for(plugin *p = plugin_list; p != NULL; p = p->next){
103
if((p->name == name)
104
or (p->name and name and (strcmp(p->name, name) == 0))){
105
return p;
106
}
107
}
108
/* Create a new plugin */
109
plugin *new_plugin = malloc(sizeof(plugin));
110
if(new_plugin == NULL){
111
return NULL;
112
}
113
char *copy_name = NULL;
114
if(name != NULL){
115
copy_name = strdup(name);
116
if(copy_name == NULL){
117
return NULL;
118
}
119
}
120
121
*new_plugin = (plugin) { .name = copy_name,
122
.argc = 1,
123
.disabled = false,
124
.next = plugin_list };
125
126
new_plugin->argv = malloc(sizeof(char *) * 2);
127
if(new_plugin->argv == NULL){
128
free(copy_name);
129
free(new_plugin);
130
return NULL;
131
}
132
new_plugin->argv[0] = copy_name;
133
new_plugin->argv[1] = NULL;
134
135
new_plugin->environ = malloc(sizeof(char *));
136
if(new_plugin->environ == NULL){
137
free(copy_name);
138
free(new_plugin->argv);
139
free(new_plugin);
140
return NULL;
141
}
142
new_plugin->environ[0] = NULL;
143
144
/* Append the new plugin to the list */
145
plugin_list = new_plugin;
146
return new_plugin;
147
}
148
149
/* Helper function for add_argument and add_environment */
150
static bool add_to_char_array(const char *new, char ***array,
151
int *len){
152
/* Resize the pointed-to array to hold one more pointer */
153
*array = realloc(*array, sizeof(char *)
154
* (size_t) ((*len) + 2));
155
/* Malloc check */
156
if(*array == NULL){
157
return false;
158
}
159
/* Make a copy of the new string */
160
char *copy = strdup(new);
161
if(copy == NULL){
162
return false;
163
}
164
/* Insert the copy */
165
(*array)[*len] = copy;
166
(*len)++;
167
/* Add a new terminating NULL pointer to the last element */
168
(*array)[*len] = NULL;
169
return true;
170
}
171
172
/* Add to a plugin's argument vector */
173
static bool add_argument(plugin *p, const char *arg){
174
if(p == NULL){
175
return false;
176
}
177
return add_to_char_array(arg, &(p->argv), &(p->argc));
178
}
179
180
/* Add to a plugin's environment */
181
static bool add_environment(plugin *p, const char *def, bool replace){
182
if(p == NULL){
183
return false;
184
}
185
/* namelen = length of name of environment variable */
186
size_t namelen = (size_t)(strchrnul(def, '=') - def);
187
/* Search for this environment variable */
188
for(char **e = p->environ; *e != NULL; e++){
189
if(strncmp(*e, def, namelen + 1) == 0){
190
/* It already exists */
191
if(replace){
192
char *new = realloc(*e, strlen(def) + 1);
193
if(new == NULL){
194
return false;
195
}
196
*e = new;
197
strcpy(*e, def);
198
}
199
return true;
200
}
201
}
202
return add_to_char_array(def, &(p->environ), &(p->envc));
203
}
204
205
/*
206
* Based on the example in the GNU LibC manual chapter 13.13 "File
207
* Descriptor Flags".
208
* *Note File Descriptor Flags:(libc)Descriptor Flags.
209
*/
210
static int set_cloexec_flag(int fd){
211
int ret = fcntl(fd, F_GETFD, 0);
212
/* If reading the flags failed, return error indication now. */
213
if(ret < 0){
214
return ret;
215
}
216
/* Store modified flag word in the descriptor. */
217
return fcntl(fd, F_SETFD, ret | FD_CLOEXEC);
218
}
219
220
221
/* Mark processes as completed when they exit, and save their exit
222
status. */
223
static void handle_sigchld(__attribute__((unused)) int sig){
224
while(true){
225
plugin *proc = plugin_list;
226
int status;
227
pid_t pid = waitpid(-1, &status, WNOHANG);
228
if(pid == 0){
229
/* Only still running child processes */
230
break;
231
}
232
if(pid == -1){
233
if(errno != ECHILD){
234
perror("waitpid");
235
}
236
/* No child processes */
237
break;
238
}
239
240
/* A child exited, find it in process_list */
241
while(proc != NULL and proc->pid != pid){
242
proc = proc->next;
243
}
244
if(proc == NULL){
245
/* Process not found in process list */
246
continue;
247
}
248
proc->status = status;
249
proc->completed = true;
250
}
251
}
252
253
/* Prints out a password to stdout */
254
static bool print_out_password(const char *buffer, size_t length){
255
ssize_t ret;
256
for(size_t written = 0; written < length; written += (size_t)ret){
257
ret = TEMP_FAILURE_RETRY(write(STDOUT_FILENO, buffer + written,
258
length - written));
259
if(ret < 0){
260
return false;
261
}
262
}
263
return true;
264
}
265
266
/* Removes and free a plugin from the plugin list */
267
static void free_plugin(plugin *plugin_node){
268
269
for(char **arg = plugin_node->argv; *arg != NULL; arg++){
270
free(*arg);
271
}
272
free(plugin_node->argv);
273
for(char **env = plugin_node->environ; *env != NULL; env++){
274
free(*env);
275
}
276
free(plugin_node->environ);
277
free(plugin_node->buffer);
278
279
/* Removes the plugin from the singly-linked list */
280
if(plugin_node == plugin_list){
281
/* First one - simple */
282
plugin_list = plugin_list->next;
283
} else {
284
/* Second one or later */
285
for(plugin *p = plugin_list; p != NULL; p = p->next){
286
if(p->next == plugin_node){
287
p->next = plugin_node->next;
288
break;
289
}
290
}
291
}
292
293
free(plugin_node);
294
}
295
296
static void free_plugin_list(void){
297
while(plugin_list != NULL){
298
free_plugin(plugin_list);
299
}
300
}
22
int buffer_size;
23
int buffer_length;
24
struct process *next;
25
} process;
26
27
#define BUFFER_SIZE 256
301
28
302
29
int main(int argc, char *argv[]){
303
char *plugindir = NULL;
304
char *argfile = NULL;
305
FILE *conffp;
306
size_t d_name_len;
307
DIR *dir = NULL;
30
char plugindir[] = "plugins.d";
31
size_t d_name_len, plugindir_len = sizeof(plugindir)-1;
32
DIR *dir;
308
33
struct dirent *dirst;
309
34
struct stat st;
310
fd_set rfds_all;
35
fd_set rfds_orig;
311
36
int ret, maxfd = 0;
312
ssize_t sret;
313
uid_t uid = 65534;
314
gid_t gid = 65534;
315
bool debug = false;
316
int exitstatus = EXIT_SUCCESS;
317
struct sigaction old_sigchld_action;
318
struct sigaction sigchld_action = { .sa_handler = handle_sigchld,
319
.sa_flags = SA_NOCLDSTOP };
320
char **custom_argv = NULL;
321
int custom_argc = 0;
322
323
/* Establish a signal handler */
324
sigemptyset(&sigchld_action.sa_mask);
325
ret = sigaddset(&sigchld_action.sa_mask, SIGCHLD);
326
if(ret == -1){
327
perror("sigaddset");
328
exitstatus = EXIT_FAILURE;
329
goto fallback;
330
}
331
ret = sigaction(SIGCHLD, &sigchld_action, &old_sigchld_action);
332
if(ret == -1){
333
perror("sigaction");
334
exitstatus = EXIT_FAILURE;
335
goto fallback;
336
}
337
338
/* The options we understand. */
339
struct argp_option options[] = {
340
{ .name = "global-options", .key = 'g',
341
.arg = "OPTION[,OPTION[,...]]",
342
.doc = "Options passed to all plugins" },
343
{ .name = "global-env", .key = 'G',
344
.arg = "VAR=value",
345
.doc = "Environment variable passed to all plugins" },
346
{ .name = "options-for", .key = 'o',
347
.arg = "PLUGIN:OPTION[,OPTION[,...]]",
348
.doc = "Options passed only to specified plugin" },
349
{ .name = "env-for", .key = 'E',
350
.arg = "PLUGIN:ENV=value",
351
.doc = "Environment variable passed to specified plugin" },
352
{ .name = "disable", .key = 'd',
353
.arg = "PLUGIN",
354
.doc = "Disable a specific plugin", .group = 1 },
355
{ .name = "enable", .key = 'e',
356
.arg = "PLUGIN",
357
.doc = "Enable a specific plugin", .group = 1 },
358
{ .name = "plugin-dir", .key = 128,
359
.arg = "DIRECTORY",
360
.doc = "Specify a different plugin directory", .group = 2 },
361
{ .name = "config-file", .key = 129,
362
.arg = "FILE",
363
.doc = "Specify a different configuration file", .group = 2 },
364
{ .name = "userid", .key = 130,
365
.arg = "ID", .flags = 0,
366
.doc = "User ID the plugins will run as", .group = 3 },
367
{ .name = "groupid", .key = 131,
368
.arg = "ID", .flags = 0,
369
.doc = "Group ID the plugins will run as", .group = 3 },
370
{ .name = "debug", .key = 132,
371
.doc = "Debug mode", .group = 4 },
372
{ .name = NULL }
373
};
374
375
error_t parse_opt(int key, char *arg, __attribute__((unused))
376
struct argp_state *state) {
377
switch(key) {
378
case 'g': /* --global-options */
379
if(arg != NULL){
380
char *p;
381
while((p = strsep(&arg, ",")) != NULL){
382
if(p[0] == '\0'){
383
continue;
384
}
385
if(not add_argument(getplugin(NULL), p)){
386
perror("add_argument");
387
return ARGP_ERR_UNKNOWN;
388
}
389
}
390
}
391
break;
392
case 'G': /* --global-env */
393
if(arg == NULL){
394
break;
395
}
396
if(not add_environment(getplugin(NULL), arg, true)){
397
perror("add_environment");
398
}
399
break;
400
case 'o': /* --options-for */
401
if(arg != NULL){
402
char *p_name = strsep(&arg, ":");
403
if(p_name[0] == '\0' or arg == NULL){
404
break;
405
}
406
char *opt = strsep(&arg, ":");
407
if(opt[0] == '\0' or opt == NULL){
408
break;
409
}
410
char *p;
411
while((p = strsep(&opt, ",")) != NULL){
412
if(p[0] == '\0'){
413
continue;
414
}
415
if(not add_argument(getplugin(p_name), p)){
416
perror("add_argument");
417
return ARGP_ERR_UNKNOWN;
418
}
419
}
420
}
421
break;
422
case 'E': /* --env-for */
423
if(arg == NULL){
424
break;
425
}
426
{
427
char *envdef = strchr(arg, ':');
428
if(envdef == NULL){
429
break;
430
}
431
*envdef = '\0';
432
if(not add_environment(getplugin(arg), envdef+1, true)){
433
perror("add_environment");
434
}
435
}
436
break;
437
case 'd': /* --disable */
438
if(arg != NULL){
439
plugin *p = getplugin(arg);
440
if(p == NULL){
441
return ARGP_ERR_UNKNOWN;
442
}
443
p->disabled = true;
444
}
445
break;
446
case 'e': /* --enable */
447
if(arg != NULL){
448
plugin *p = getplugin(arg);
449
if(p == NULL){
450
return ARGP_ERR_UNKNOWN;
451
}
452
p->disabled = false;
453
}
454
break;
455
case 128: /* --plugin-dir */
456
free(plugindir);
457
plugindir = strdup(arg);
458
if(plugindir == NULL){
459
perror("strdup");
460
}
461
break;
462
case 129: /* --config-file */
463
/* This is already done by parse_opt_config_file() */
464
break;
465
case 130: /* --userid */
466
/* In the GNU C library, uid_t is always unsigned int */
467
ret = sscanf(arg, "%u", &uid);
468
if(ret != 1){
469
fprintf(stderr, "Bad user ID number: \"%s\", using %u\n", arg,
470
uid);
471
}
472
break;
473
case 131: /* --groupid */
474
/* In the GNU C library, gid_t is always unsigned int */
475
ret = sscanf(arg, "%u", &gid);
476
if(ret != 1){
477
fprintf(stderr, "Bad group ID number: \"%s\", using %u\n",
478
arg, gid);
479
}
480
break;
481
case 132: /* --debug */
482
debug = true;
483
break;
484
/*
485
* When adding more options before this line, remember to also add a
486
* "case" to the "parse_opt_config_file" function below.
487
*/
488
case ARGP_KEY_ARG:
489
/* Cryptsetup always passes an argument, which is an empty
490
string if "none" was specified in /etc/crypttab. So if
491
argument was empty, we ignore it silently. */
492
if(arg[0] != '\0'){
493
fprintf(stderr, "Ignoring unknown argument \"%s\"\n", arg);
494
}
495
break;
496
case ARGP_KEY_END:
497
break;
498
default:
499
return ARGP_ERR_UNKNOWN;
500
}
501
return 0;
502
}
503
504
/* This option parser is the same as parse_opt() above, except it
505
ignores everything but the --config-file option. */
506
error_t parse_opt_config_file(int key, char *arg,
507
__attribute__((unused))
508
struct argp_state *state) {
509
switch(key) {
510
case 'g': /* --global-options */
511
case 'G': /* --global-env */
512
case 'o': /* --options-for */
513
case 'E': /* --env-for */
514
case 'd': /* --disable */
515
case 'e': /* --enable */
516
case 128: /* --plugin-dir */
517
break;
518
case 129: /* --config-file */
519
free(argfile);
520
argfile = strdup(arg);
521
if(argfile == NULL){
522
perror("strdup");
523
}
524
break;
525
case 130: /* --userid */
526
case 131: /* --groupid */
527
case 132: /* --debug */
528
case ARGP_KEY_ARG:
529
case ARGP_KEY_END:
530
break;
531
default:
532
return ARGP_ERR_UNKNOWN;
533
}
534
return 0;
535
}
536
537
struct argp argp = { .options = options,
538
.parser = parse_opt_config_file,
539
.args_doc = "",
540
.doc = "Mandos plugin runner -- Run plugins" };
541
542
/* Parse using parse_opt_config_file() in order to get the custom
543
config file location, if any. */
544
ret = argp_parse(&argp, argc, argv, ARGP_IN_ORDER, 0, NULL);
545
if(ret == ARGP_ERR_UNKNOWN){
546
fprintf(stderr, "Unknown error while parsing arguments\n");
547
exitstatus = EXIT_FAILURE;
548
goto fallback;
549
}
550
551
/* Reset to the normal argument parser */
552
argp.parser = parse_opt;
553
554
/* Open the configfile if available */
555
if(argfile == NULL){
556
conffp = fopen(AFILE, "r");
557
} else {
558
conffp = fopen(argfile, "r");
559
}
560
if(conffp != NULL){
561
char *org_line = NULL;
562
char *p, *arg, *new_arg, *line;
563
size_t size = 0;
564
const char whitespace_delims[] = " \r\t\f\v\n";
565
const char comment_delim[] = "#";
566
567
custom_argc = 1;
568
custom_argv = malloc(sizeof(char*) * 2);
569
if(custom_argv == NULL){
570
perror("malloc");
571
exitstatus = EXIT_FAILURE;
572
goto fallback;
573
}
574
custom_argv[0] = argv[0];
575
custom_argv[1] = NULL;
576
577
/* for each line in the config file, strip whitespace and ignore
578
commented text */
579
while(true){
580
sret = getline(&org_line, &size, conffp);
581
if(sret == -1){
582
break;
583
}
584
585
line = org_line;
586
arg = strsep(&line, comment_delim);
587
while((p = strsep(&arg, whitespace_delims)) != NULL){
588
if(p[0] == '\0'){
589
continue;
590
}
591
new_arg = strdup(p);
592
if(new_arg == NULL){
593
perror("strdup");
594
exitstatus = EXIT_FAILURE;
595
free(org_line);
596
goto fallback;
597
}
598
599
custom_argc += 1;
600
custom_argv = realloc(custom_argv, sizeof(char *)
601
* ((unsigned int) custom_argc + 1));
602
if(custom_argv == NULL){
603
perror("realloc");
604
exitstatus = EXIT_FAILURE;
605
free(org_line);
606
goto fallback;
607
}
608
custom_argv[custom_argc-1] = new_arg;
609
custom_argv[custom_argc] = NULL;
610
}
611
}
612
free(org_line);
613
} else {
614
/* Check for harmful errors and go to fallback. Other errors might
615
not affect opening plugins */
616
if(errno == EMFILE or errno == ENFILE or errno == ENOMEM){
617
perror("fopen");
618
exitstatus = EXIT_FAILURE;
619
goto fallback;
620
}
621
}
622
/* If there was any arguments from configuration file,
623
pass them to parser as command arguments */
624
if(custom_argv != NULL){
625
ret = argp_parse(&argp, custom_argc, custom_argv, ARGP_IN_ORDER,
626
0, NULL);
627
if(ret == ARGP_ERR_UNKNOWN){
628
fprintf(stderr, "Unknown error while parsing arguments\n");
629
exitstatus = EXIT_FAILURE;
630
goto fallback;
631
}
632
}
633
634
/* Parse actual command line arguments, to let them override the
635
config file */
636
ret = argp_parse(&argp, argc, argv, ARGP_IN_ORDER, 0, NULL);
637
if(ret == ARGP_ERR_UNKNOWN){
638
fprintf(stderr, "Unknown error while parsing arguments\n");
639
exitstatus = EXIT_FAILURE;
640
goto fallback;
641
}
642
643
if(debug){
644
for(plugin *p = plugin_list; p != NULL; p=p->next){
645
fprintf(stderr, "Plugin: %s has %d arguments\n",
646
p->name ? p->name : "Global", p->argc - 1);
647
for(char **a = p->argv; *a != NULL; a++){
648
fprintf(stderr, "\tArg: %s\n", *a);
649
}
650
fprintf(stderr, "...and %u environment variables\n", p->envc);
651
for(char **a = p->environ; *a != NULL; a++){
652
fprintf(stderr, "\t%s\n", *a);
653
}
654
}
655
}
656
657
/* Strip permissions down to nobody */
658
ret = setuid(uid);
659
if(ret == -1){
660
perror("setuid");
661
}
662
setgid(gid);
663
if(ret == -1){
664
perror("setgid");
665
}
666
667
if(plugindir == NULL){
668
dir = opendir(PDIR);
669
} else {
670
dir = opendir(plugindir);
671
}
672
37
process *process_list = NULL;
38
39
dir = opendir(plugindir);
40
673
41
if(dir == NULL){
674
perror("Could not open plugin dir");
675
exitstatus = EXIT_FAILURE;
676
goto fallback;
677
}
678
679
/* Set the FD_CLOEXEC flag on the directory, if possible */
680
{
681
int dir_fd = dirfd(dir);
682
if(dir_fd >= 0){
683
ret = set_cloexec_flag(dir_fd);
684
if(ret < 0){
685
perror("set_cloexec_flag");
686
exitstatus = EXIT_FAILURE;
687
goto fallback;
688
}
689
}
690
}
691
692
FD_ZERO(&rfds_all);
693
694
/* Read and execute any executable in the plugin directory*/
42
fprintf(stderr, "Can not open directory\n");
43
return EXIT_FAILURE;
44
}
45
46
FD_ZERO(&rfds_orig);
47
695
48
while(true){
696
49
dirst = readdir(dir);
697
50
698
/* All directory entries have been processed */
51
// All directory entries have been processed
699
52
if(dirst == NULL){
700
if(errno == EBADF){
701
perror("readdir");
702
exitstatus = EXIT_FAILURE;
703
goto fallback;
704
}
705
53
break;
706
54
}
707
55
708
56
d_name_len = strlen(dirst->d_name);
709
57
710
/* Ignore dotfiles, backup files and other junk */
711
{
712
bool bad_name = false;
713
714
const char const *bad_prefixes[] = { ".", "#", NULL };
715
716
const char const *bad_suffixes[] = { "~", "#", ".dpkg-new",
717
".dpkg-old",
718
".dpkg-bak",
719
".dpkg-divert", NULL };
720
for(const char **pre = bad_prefixes; *pre != NULL; pre++){
721
size_t pre_len = strlen(*pre);
722
if((d_name_len >= pre_len)
723
and strncmp((dirst->d_name), *pre, pre_len) == 0){
724
if(debug){
725
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
726
" with bad prefix %s\n", dirst->d_name, *pre);
727
}
728
bad_name = true;
729
break;
730
}
731
}
732
if(bad_name){
733
continue;
734
}
735
for(const char **suf = bad_suffixes; *suf != NULL; suf++){
736
size_t suf_len = strlen(*suf);
737
if((d_name_len >= suf_len)
738
and (strcmp((dirst->d_name)+d_name_len-suf_len, *suf)
739
== 0)){
740
if(debug){
741
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
742
" with bad suffix %s\n", dirst->d_name, *suf);
743
}
744
bad_name = true;
745
break;
746
}
747
}
748
749
if(bad_name){
750
continue;
751
}
752
}
753
754
char *filename;
755
if(plugindir == NULL){
756
ret = asprintf(&filename, PDIR "/%s", dirst->d_name);
757
} else {
758
ret = asprintf(&filename, "%s/%s", plugindir, dirst->d_name);
759
}
760
if(ret < 0){
761
perror("asprintf");
762
continue;
763
}
764
765
ret = stat(filename, &st);
766
if(ret == -1){
767
perror("stat");
768
free(filename);
769
continue;
770
}
771
772
/* Ignore non-executable files */
773
if(not S_ISREG(st.st_mode) or (access(filename, X_OK) != 0)){
774
if(debug){
775
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
776
" with bad type or mode\n", filename);
777
}
778
free(filename);
779
continue;
780
}
781
782
plugin *p = getplugin(dirst->d_name);
783
if(p == NULL){
784
perror("getplugin");
785
free(filename);
786
continue;
787
}
788
if(p->disabled){
789
if(debug){
790
fprintf(stderr, "Ignoring disabled plugin \"%s\"\n",
791
dirst->d_name);
792
}
793
free(filename);
794
continue;
795
}
796
{
797
/* Add global arguments to argument list for this plugin */
798
plugin *g = getplugin(NULL);
799
if(g != NULL){
800
for(char **a = g->argv + 1; *a != NULL; a++){
801
if(not add_argument(p, *a)){
802
perror("add_argument");
803
}
804
}
805
/* Add global environment variables */
806
for(char **e = g->environ; *e != NULL; e++){
807
if(not add_environment(p, *e, false)){
808
perror("add_environment");
809
}
810
}
811
}
812
}
813
/* If this plugin has any environment variables, we will call
814
using execve and need to duplicate the environment from this
815
process, too. */
816
if(p->environ[0] != NULL){
817
for(char **e = environ; *e != NULL; e++){
818
if(not add_environment(p, *e, false)){
819
perror("add_environment");
820
}
821
}
822
}
823
824
int pipefd[2];
825
ret = pipe(pipefd);
826
if(ret == -1){
827
perror("pipe");
828
exitstatus = EXIT_FAILURE;
829
goto fallback;
830
}
831
/* Ask OS to automatic close the pipe on exec */
832
ret = set_cloexec_flag(pipefd[0]);
833
if(ret < 0){
834
perror("set_cloexec_flag");
835
exitstatus = EXIT_FAILURE;
836
goto fallback;
837
}
838
ret = set_cloexec_flag(pipefd[1]);
839
if(ret < 0){
840
perror("set_cloexec_flag");
841
exitstatus = EXIT_FAILURE;
842
goto fallback;
843
}
844
/* Block SIGCHLD until process is safely in process list */
845
ret = sigprocmask(SIG_BLOCK, &sigchld_action.sa_mask, NULL);
846
if(ret < 0){
847
perror("sigprocmask");
848
exitstatus = EXIT_FAILURE;
849
goto fallback;
850
}
851
/* Starting a new process to be watched */
852
pid_t pid = fork();
853
if(pid == -1){
854
perror("fork");
855
exitstatus = EXIT_FAILURE;
856
goto fallback;
857
}
858
if(pid == 0){
859
/* this is the child process */
860
ret = sigaction(SIGCHLD, &old_sigchld_action, NULL);
861
if(ret < 0){
862
perror("sigaction");
863
_exit(EXIT_FAILURE);
864
}
865
ret = sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
866
if(ret < 0){
867
perror("sigprocmask");
868
_exit(EXIT_FAILURE);
869
}
870
871
ret = dup2(pipefd[1], STDOUT_FILENO); /* replace our stdout */
872
if(ret == -1){
873
perror("dup2");
874
_exit(EXIT_FAILURE);
875
}
876
877
if(dirfd(dir) < 0){
878
/* If dir has no file descriptor, we could not set FD_CLOEXEC
879
above and must now close it manually here. */
58
// Ignore dotfiles and backup files
59
if (dirst->d_name[0] == '.'
60
or dirst->d_name[d_name_len - 1] == '~'){
61
continue;
62
}
63
64
char *filename = malloc(d_name_len + plugindir_len + 1);
65
strcpy(filename, plugindir);
66
strcat(filename, "/");
67
strcat(filename, dirst->d_name);
68
69
stat(filename, &st);
70
71
if (S_ISREG(st.st_mode) and (access(filename, X_OK) == 0)){
72
// Starting a new process to be watched
73
process *new_process = malloc(sizeof(process));
74
int pipefd[2];
75
pipe(pipefd);
76
new_process->pid = fork();
77
if(new_process->pid == 0){
78
/* this is the child process */
880
79
closedir(dir);
881
}
882
if(p->environ[0] == NULL){
883
if(execv(filename, p->argv) < 0){
884
perror("execv");
885
_exit(EXIT_FAILURE);
886
}
887
} else {
888
if(execve(filename, p->argv, p->environ) < 0){
889
perror("execve");
890
_exit(EXIT_FAILURE);
891
}
892
}
893
/* no return */
894
}
895
/* Parent process */
896
close(pipefd[1]); /* Close unused write end of pipe */
897
free(filename);
898
plugin *new_plugin = getplugin(dirst->d_name);
899
if(new_plugin == NULL){
900
perror("getplugin");
901
ret = sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
902
if(ret < 0){
903
perror("sigprocmask");
904
}
905
exitstatus = EXIT_FAILURE;
906
goto fallback;
907
}
908
909
new_plugin->pid = pid;
910
new_plugin->fd = pipefd[0];
911
912
/* Unblock SIGCHLD so signal handler can be run if this process
913
has already completed */
914
ret = sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
915
if(ret < 0){
916
perror("sigprocmask");
917
exitstatus = EXIT_FAILURE;
918
goto fallback;
919
}
920
921
FD_SET(new_plugin->fd, &rfds_all);
922
923
if(maxfd < new_plugin->fd){
924
maxfd = new_plugin->fd;
80
close(pipefd[0]); /* close unused read end of pipe */
81
dup2(pipefd[1], STDOUT_FILENO); /* replace our stdout */
82
/* create a new modified argument list */
83
char **new_argv = malloc(sizeof(char *) * argc + 1);
84
new_argv[0] = filename;
85
for(int i = 1; i < argc; i++){
86
new_argv[i] = argv[i];
87
}
88
new_argv[argc] = NULL;
89
if(execv(filename, new_argv) < 0){
90
perror(argv[0]);
91
close(pipefd[1]);
92
exit(EXIT_FAILURE);
93
}
94
/* no return */
95
}
96
close(pipefd[1]); /* close unused write end of pipe */
97
new_process->fd = pipefd[0];
98
new_process->buffer = malloc(BUFFER_SIZE);
99
if (new_process->buffer == NULL){
100
perror(argv[0]);
101
goto end;
102
}
103
new_process->buffer_size = BUFFER_SIZE;
104
new_process->buffer_length = 0;
105
FD_SET(new_process->fd, &rfds_orig);
106
107
if (maxfd < new_process->fd){
108
maxfd = new_process->fd;
109
}
110
111
//List handling
112
new_process->next = process_list;
113
process_list = new_process;
925
114
}
926
115
}
927
116
928
117
closedir(dir);
929
dir = NULL;
930
931
for(plugin *p = plugin_list; p != NULL; p = p->next){
932
if(p->pid != 0){
118
119
if (process_list != NULL){
120
while(true){
121
fd_set rfds = rfds_orig;
122
int select_ret = select(maxfd+1, &rfds, NULL, NULL, NULL);
123
if (select_ret == -1){
124
perror(argv[0]);
125
goto end;
126
}else{
127
for(process *process_itr = process_list; process_itr != NULL;
128
process_itr = process_itr->next){
129
if(FD_ISSET(process_itr->fd, &rfds)){
130
if(process_itr->buffer_length + BUFFER_SIZE
131
> process_itr->buffer_size){
132
process_itr->buffer = realloc(process_itr->buffer,
133
process_itr->buffer_size
134
+ BUFFER_SIZE);
135
if (process_itr->buffer == NULL){
136
perror(argv[0]);
137
goto end;
138
}
139
process_itr->buffer_size += BUFFER_SIZE;
140
}
141
ret = read(process_itr->fd, process_itr->buffer
142
+ process_itr->buffer_length, BUFFER_SIZE);
143
process_itr->buffer_length+=ret;
144
if(ret == 0){
145
/* got EOF */
146
/* wait for process exit */
147
int status;
148
waitpid(process_itr->pid, &status, 0);
149
if(WIFEXITED(status) and WEXITSTATUS(status) == 0){
150
write(STDOUT_FILENO, process_itr->buffer,
151
process_itr->buffer_length);
152
goto end;
153
} else {
154
FD_CLR(process_itr->fd, &rfds_orig);
155
}
156
}
157
}
158
}
159
}
160
}
161
}
162
163
end:
164
for(process *process_itr = process_list; process_itr != NULL;
165
process_itr = process_itr->next){
166
close(process_itr->fd);
167
kill(process_itr->pid, SIGTERM);
168
free(process_itr->buffer);
169
}
170
171
while(true){
172
int status;
173
ret = wait(&status);
174
if (ret == -1){
175
if(errno != ECHILD){
176
perror("wait");
177
}
933
178
break;
934
179
}
935
if(p->next == NULL){
936
fprintf(stderr, "No plugin processes started. Incorrect plugin"
937
" directory?\n");
938
free_plugin_list();
939
}
940
}
941
942
/* Main loop while running plugins exist */
943
while(plugin_list){
944
fd_set rfds = rfds_all;
945
int select_ret = select(maxfd+1, &rfds, NULL, NULL, NULL);
946
if(select_ret == -1){
947
perror("select");
948
exitstatus = EXIT_FAILURE;
949
goto fallback;
950
}
951
/* OK, now either a process completed, or something can be read
952
from one of them */
953
for(plugin *proc = plugin_list; proc != NULL;){
954
/* Is this process completely done? */
955
if(proc->eof and proc->completed){
956
/* Only accept the plugin output if it exited cleanly */
957
if(not WIFEXITED(proc->status)
958
or WEXITSTATUS(proc->status) != 0){
959
/* Bad exit by plugin */
960
961
if(debug){
962
if(WIFEXITED(proc->status)){
963
fprintf(stderr, "Plugin %u exited with status %d\n",
964
(unsigned int) (proc->pid),
965
WEXITSTATUS(proc->status));
966
} else if(WIFSIGNALED(proc->status)) {
967
fprintf(stderr, "Plugin %u killed by signal %d\n",
968
(unsigned int) (proc->pid),
969
WTERMSIG(proc->status));
970
} else if(WCOREDUMP(proc->status)){
971
fprintf(stderr, "Plugin %u dumped core\n",
972
(unsigned int) (proc->pid));
973
}
974
}
975
976
/* Remove the plugin */
977
FD_CLR(proc->fd, &rfds_all);
978
979
/* Block signal while modifying process_list */
980
ret = sigprocmask(SIG_BLOCK, &sigchld_action.sa_mask, NULL);
981
if(ret < 0){
982
perror("sigprocmask");
983
exitstatus = EXIT_FAILURE;
984
goto fallback;
985
}
986
987
plugin *next_plugin = proc->next;
988
free_plugin(proc);
989
proc = next_plugin;
990
991
/* We are done modifying process list, so unblock signal */
992
ret = sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask,
993
NULL);
994
if(ret < 0){
995
perror("sigprocmask");
996
exitstatus = EXIT_FAILURE;
997
goto fallback;
998
}
999
1000
if(plugin_list == NULL){
1001
break;
1002
}
1003
1004
continue;
1005
}
1006
1007
/* This process exited nicely, so print its buffer */
1008
1009
bool bret = print_out_password(proc->buffer,
1010
proc->buffer_length);
1011
if(not bret){
1012
perror("print_out_password");
1013
exitstatus = EXIT_FAILURE;
1014
}
1015
goto fallback;
1016
}
1017
1018
/* This process has not completed. Does it have any output? */
1019
if(proc->eof or not FD_ISSET(proc->fd, &rfds)){
1020
/* This process had nothing to say at this time */
1021
proc = proc->next;
1022
continue;
1023
}
1024
/* Before reading, make the process' data buffer large enough */
1025
if(proc->buffer_length + BUFFER_SIZE > proc->buffer_size){
1026
proc->buffer = realloc(proc->buffer, proc->buffer_size
1027
+ (size_t) BUFFER_SIZE);
1028
if(proc->buffer == NULL){
1029
perror("malloc");
1030
exitstatus = EXIT_FAILURE;
1031
goto fallback;
1032
}
1033
proc->buffer_size += BUFFER_SIZE;
1034
}
1035
/* Read from the process */
1036
sret = read(proc->fd, proc->buffer + proc->buffer_length,
1037
BUFFER_SIZE);
1038
if(sret < 0){
1039
/* Read error from this process; ignore the error */
1040
proc = proc->next;
1041
continue;
1042
}
1043
if(sret == 0){
1044
/* got EOF */
1045
proc->eof = true;
1046
} else {
1047
proc->buffer_length += (size_t) sret;
1048
}
1049
}
1050
}
1051
1052
1053
fallback:
1054
1055
if(plugin_list == NULL or exitstatus != EXIT_SUCCESS){
1056
/* Fallback if all plugins failed, none are found or an error
1057
occured */
1058
bool bret;
1059
fprintf(stderr, "Going to fallback mode using getpass(3)\n");
1060
char *passwordbuffer = getpass("Password: ");
1061
size_t len = strlen(passwordbuffer);
1062
/* Strip trailing newline */
1063
if(len > 0 and passwordbuffer[len-1] == '\n'){
1064
passwordbuffer[len-1] = '\0'; /* not strictly necessary */
1065
len--;
1066
}
1067
bret = print_out_password(passwordbuffer, len);
1068
if(not bret){
1069
perror("print_out_password");
1070
exitstatus = EXIT_FAILURE;
1071
}
1072
}
1073
1074
/* Restore old signal handler */
1075
ret = sigaction(SIGCHLD, &old_sigchld_action, NULL);
1076
if(ret == -1){
1077
perror("sigaction");
1078
exitstatus = EXIT_FAILURE;
1079
}
1080
1081
if(custom_argv != NULL){
1082
for(char **arg = custom_argv+1; *arg != NULL; arg++){
1083
free(*arg);
1084
}
1085
free(custom_argv);
1086
}
1087
1088
if(dir != NULL){
1089
closedir(dir);
1090
}
1091
1092
/* Kill the processes */
1093
for(plugin *p = plugin_list; p != NULL; p = p->next){
1094
if(p->pid != 0){
1095
close(p->fd);
1096
ret = kill(p->pid, SIGTERM);
1097
if(ret == -1 and errno != ESRCH){
1098
/* Set-uid proccesses might not get closed */
1099
perror("kill");
1100
}
1101
}
1102
}
1103
1104
/* Wait for any remaining child processes to terminate */
1105
do{
1106
ret = wait(NULL);
1107
} while(ret >= 0);
1108
if(errno != ECHILD){
1109
perror("wait");
1110
}
1111
1112
free_plugin_list();
1113
1114
free(plugindir);
1115
free(argfile);
1116
1117
return exitstatus;
180
}
181
return EXIT_SUCCESS;
1118
182
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0