/mandos/release : revision 13

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugbasedclient.c

Committer: Björn Påhlsson
Date: 2008-07-20 02:52:20 UTC
Revision ID: belorn@braxen-20080720025220-r5u0388uy9iu23h6

Added following support:
Pluginbased client handler
rewritten Mandos client
Avahi instead of udp server discovery
openpgp encrypted key support
Passprompt stand alone application for direct console input
Added logging for Mandos server

files added:
plugins.d/Makefile

files modified:
Makefile

TODO

mandos-clients.conf

plugbasedclient.c

plugins.d/mandosclient.c

plugins.d/passprompt.c

server.py

Show diffs side-by-side

added added

removed removed

plugbasedclient.c

/* -*- coding: utf-8 -*- */

* Mandos plugin runner - Run Mandos plugins

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and

* <https://www.fukt.bsnet.se/~teddy/>.

#define _FORTIFY_SOURCE 2

#include <stdio.h> /* popen, fileno */

#include <iso646.h> /* and, or, not */

#include <sys/types.h> /* DIR, opendir, stat, struct stat, waitpid,

#include <sys/stat.h> /* stat, struct stat */

#include <unistd.h> /* stat, struct stat, chdir */

#include <stdlib.h> /* EXIT_FAILURE */

#include <sys/select.h> /* fd_set, select, FD_ZERO, FD_SET,

FD_ISSET */

#include <sys/select.h> /* fd_set, select, FD_ZERO, FD_SET, FD_ISSET */

#include <string.h> /* strlen, strcpy, strcat */

#include <stdbool.h> /* true */

#include <sys/wait.h> /* waitpid, WIFEXITED, WEXITSTATUS */

#include <errno.h> /* errno */

#include <argp.h> /* argp */

struct process;

pid_t pid;

int fd;

char *buffer;

size_t buffer_size;

size_t buffer_length;

int buffer_size;

int buffer_length;

struct process *next;

} process;

typedef struct plugin{

char *name; /* can be "global" and any plugin name */

char **argv;

int argc;

bool disable;

struct plugin *next;

} plugin;

plugin *getplugin(char *name, plugin **plugin_list){

for (plugin *p = *plugin_list; p != NULL; p = p->next){

if ((p->name == name)

or (p->name and name and (strcmp(p->name, name) == 0))){

return p;

}

/* Create a new plugin */

plugin *new_plugin = malloc(sizeof(plugin));

if (new_plugin == NULL){

perror("malloc");

exit(EXIT_FAILURE);

}

new_plugin->name = name;

new_plugin->argv = malloc(sizeof(char *) * 2);

if (new_plugin->argv == NULL){

perror("malloc");

exit(EXIT_FAILURE);

}

new_plugin->argv[0] = name;

new_plugin->argv[1] = NULL;

new_plugin->argc = 1;

new_plugin->disable = false;

new_plugin->next = *plugin_list;

/* Append the new plugin to the list */

*plugin_list = new_plugin;

return new_plugin;

}

void addarguments(plugin *p, char *arg){

p->argv[p->argc] = arg;

p->argv = realloc(p->argv, sizeof(char *) * (size_t)(p->argc + 2));

if (p->argv == NULL){

perror("malloc");

exit(EXIT_FAILURE);

}

p->argc++;

100

p->argv[p->argc] = NULL;

101

}

102

103

#define BUFFER_SIZE 256

104

105

const char *argp_program_version =

106

"plugbasedclient 0.9";

107

const char *argp_program_bug_address =

108

"<mandos@fukt.bsnet.se>";

109

static char doc[] =

110

"Mandos plugin runner -- Run Mandos plugins";

111

/* A description of the arguments we accept. */

112

static char args_doc[] = "";

113

114

int main(int argc, char *argv[]){

115

const char *plugindir = "plugins.d";

116

size_t d_name_len;

char plugindir[] = "plugins.d";

size_t d_name_len, plugindir_len = sizeof(plugindir)-1;

117

DIR *dir;

118

struct dirent *dirst;

119

struct stat st;

120

fd_set rfds_orig;

121

int ret, maxfd = 0;

122

process *process_list = NULL;

123

124

/* The options we understand. */

125

struct argp_option options[] = {

126

{ .name = "global-options", .key = 'g',

127

.arg = "option[,option[,...]]", .flags = 0,

128

.doc = "Options effecting all plugins" },

129

{ .name = "options-for", .key = 'o',

130

.arg = "plugin:option[,option[,...]]", .flags = 0,

131

.doc = "Options effecting only specified plugins" },

132

{ .name = "disable-plugin", .key = 'd',

133

.arg = "Plugin[,Plugin[,...]]", .flags = 0,

134

.doc = "Option to disable specififed plugins" },

135

{ .name = "plugin-dir", .key = 128,

136

.arg = "Directory", .flags = 0,

137

.doc = "Option to change directory to search for plugins" },

138

{ .name = NULL }

139

};

140

141

error_t parse_opt (int key, char *arg, struct argp_state *state) {

142

/* Get the INPUT argument from `argp_parse', which we

143

know is a pointer to our arguments structure. */

144

plugin **plugins = state->input;

145

switch (key) {

146

case 'g':

147

if (arg != NULL){

148

char *p = strtok(arg, ",");

149

do{

150

addarguments(getplugin(NULL, plugins), p);

151

p = strtok(NULL, ",");

152

} while (p);

153

}

154

break;

155

case 'o':

156

if (arg != NULL){

157

char *name = strtok(arg, ":");

158

char *p = strtok(NULL, ":");

159

p = strtok(p, ",");

160

do{

161

addarguments(getplugin(name, plugins), p);

162

p = strtok(NULL, ",");

163

} while (p);

164

}

165

break;

166

case 'd':

167

if (arg != NULL){

168

char *p = strtok(arg, ",");

169

do{

170

getplugin(p, plugins)->disable = true;

171

p = strtok(NULL, ",");

172

} while (p);

173

}

174

break;

175

case 128:

176

plugindir = arg;

177

break;

178

case ARGP_KEY_ARG:

179

argp_usage (state);

180

break;

181

case ARGP_KEY_END:

182

break;

183

default:

184

return ARGP_ERR_UNKNOWN;

185

}

186

return 0;

187

}

188

189

plugin *plugin_list = NULL;

190

191

struct argp argp = { .options = options, .parser = parse_opt,

192

.args_doc = args_doc, .doc = doc };

193

194

argp_parse (&argp, argc, argv, 0, 0, &plugin_list);

195

196

/* for(plugin *p = plugin_list; p != NULL; p=p->next){ */

197

/* fprintf(stderr, "Plugin: %s has %d arguments\n", p->name ? p->name : "Global", p->argc); */

198

/* for(char **a = p->argv + 1; *a != NULL; a++){ */

199

/* fprintf(stderr, "\tArg: %s\n", *a); */

200

/* } */

201

/* } */

202

203

/* return 0; */

204

205

dir = opendir(plugindir);

206

207

if(dir == NULL){

208

fprintf(stderr, "Can not open directory\n");

209

return EXIT_FAILURE;

226

or dirst->d_name[d_name_len - 1] == '~'){

227

continue;

228

}

229

230

char *filename = malloc(d_name_len + strlen(plugindir) + 2);

char *filename = malloc(d_name_len + plugindir_len + 1);

231

strcpy(filename, plugindir);

232

strcat(filename, "/");

233

strcat(filename, dirst->d_name);

234

235

stat(filename, &st);

236

237

if (S_ISREG(st.st_mode)

238

and (access(filename, X_OK) == 0)

239

and not (getplugin(dirst->d_name, &plugin_list)->disable)){

if (S_ISREG(st.st_mode) and (access(filename, X_OK) == 0)){

240

// Starting a new process to be watched

241

process *new_process = malloc(sizeof(process));

242

int pipefd[2];

243

ret = pipe(pipefd);

244

if (ret == -1){

245

perror(argv[0]);

246

goto end;

247

}

int pipefd[2];

pipe(pipefd);

248

new_process->pid = fork();

249

if(new_process->pid == 0){

250

/* this is the child process */

251

closedir(dir);

252

close(pipefd[0]); /* close unused read end of pipe */

253

dup2(pipefd[1], STDOUT_FILENO); /* replace our stdout */

254

255

plugin *p = getplugin(dirst->d_name, &plugin_list);

256

plugin *g = getplugin(NULL, &plugin_list);

257

for(char **a = g->argv + 1; *a != NULL; a++){

258

addarguments(p, *a);

/* create a new modified argument list */

char **new_argv = malloc(sizeof(char *) * argc + 1);

new_argv[0] = filename;

for(int i = 1; i < argc; i++){

new_argv[i] = argv[i];

259

}

260

if(execv(filename, p->argv) < 0){

new_argv[argc] = NULL;

if(execv(filename, new_argv) < 0){

261

perror(argv[0]);

262

close(pipefd[1]);

263

exit(EXIT_FAILURE);

302

131

> process_itr->buffer_size){

303

132

process_itr->buffer = realloc(process_itr->buffer,

304

133

process_itr->buffer_size

305

+ (size_t) BUFFER_SIZE);

134

+ BUFFER_SIZE);

306

135

if (process_itr->buffer == NULL){

307

136

perror(argv[0]);

308

137

goto end;

311

140

}

312

141

ret = read(process_itr->fd, process_itr->buffer

313

142

+ process_itr->buffer_length, BUFFER_SIZE);

314

if(ret < 0){

315

/* Read error from this process; ignore it */

316

continue;

317

}

318

process_itr->buffer_length += (size_t) ret;

143

process_itr->buffer_length+=ret;

319

144

if(ret == 0){

320

145

/* got EOF */

321

146

/* wait for process exit */

322

147

int status;

323

148

waitpid(process_itr->pid, &status, 0);

324

149

if(WIFEXITED(status) and WEXITSTATUS(status) == 0){

325

for(size_t written = 0;

326

written < process_itr->buffer_length;){

327

ret = write(STDOUT_FILENO,

328

process_itr->buffer + written,

329

process_itr->buffer_length - written);

330

if(ret < 0){

331

perror(argv[0]);

332

goto end;

333

}

334

written += (size_t)ret;

335

}

150

write(STDOUT_FILENO, process_itr->buffer,

151

process_itr->buffer_length);

336

152

goto end;

337

153

} else {

338

154

FD_CLR(process_itr->fd, &rfds_orig);

Older »