/mandos/release : revision 15

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugbasedclient.c

Committer: Teddy Hogeborn
Date: 2008-07-20 06:33:48 UTC
Revision ID: teddy@fukt.bsnet.se-20080720063348-jscgy5p0itrgvlo8

* mandos-clients.conf ([foo]): Uncommented.
  ([foo]/secret): New.
  ([foo]/secfile): Commented out.
  ([foo]/checker): Changed to "fping -q -- %%(fqdn)s".
  ([foo]/timeout): New.

* server.py: New modeline for Python and Emacs.  Set a logging format.
  (Client.__init__): Bug fix: Choose either the value from the options
                     object or pass the argument through string_to_delta
                     for both "timeout" and "interval".
  (Client.checker_callback): Bug fix: Do not log spurious "Checker for
                             <foo> failed" messages.
  (Client.start_checker): Moved "Starting checker" log message down to
                          just before actually starting the subprocess.
                          Do not redirect the subprocesses' stdout to a
                          pipe.
  (peer_certificate, fingerprint): Added docstrings.
  (entry_group_state_changed): Call "killme()" instead of
                               "main_loop.quit()".
  (daemon, killme): New functions.
  (exitstatus, main_loop_started): New global variables.
  (__main__): Removed the "--cert", "--key", "--ca", and "--crl"
              options.  Removed the sleep command from the default
              checker.  Add a console logger in debug mode.  Call
              "killme()" instead of "main_loop.quit()" when there are no
              more clients.  Call "daemon()" if not in debug mode.
              Register "cleanup()" to run at exit.  Ignore some
              signals.  Catch DBusException to detect another running
              server and exit cleanly.  Exit with "exitstatus".
  (cleanup): New function.

files added:
plugins.d/Makefile

files modified:
Makefile

TODO

mandos-clients.conf

plugbasedclient.c

plugins.d/mandosclient.c

plugins.d/passprompt.c

server.py

Show diffs side-by-side

added added

removed removed

plugbasedclient.c

/* -*- coding: utf-8 -*- */

* Mandos plugin runner - Run Mandos plugins

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and

* <https://www.fukt.bsnet.se/~teddy/>.

#define _FORTIFY_SOURCE 2

#include <stdio.h> /* popen, fileno */

#include <iso646.h> /* and, or, not */

#include <sys/types.h> /* DIR, opendir, stat, struct stat, waitpid,

#include <sys/stat.h> /* stat, struct stat */

#include <unistd.h> /* stat, struct stat, chdir */

#include <stdlib.h> /* EXIT_FAILURE */

#include <sys/select.h> /* fd_set, select, FD_ZERO, FD_SET,

FD_ISSET */

#include <sys/select.h> /* fd_set, select, FD_ZERO, FD_SET, FD_ISSET */

#include <string.h> /* strlen, strcpy, strcat */

#include <stdbool.h> /* true */

#include <sys/wait.h> /* waitpid, WIFEXITED, WEXITSTATUS */

#include <errno.h> /* errno */

#include <argp.h> /* argp */

struct process;

pid_t pid;

int fd;

char *buffer;

size_t buffer_size;

size_t buffer_length;

int buffer_size;

int buffer_length;

struct process *next;

} process;

typedef struct plugin{

char *name; /* can be "global" and any plugin name */

char **argv;

int argc;

struct plugin *next;

} plugin;

plugin *getplugin(char *name, plugin **plugin_list){

for (plugin *p = *plugin_list; p != NULL; p = p->next){

if ((p->name == name)

or (p->name and name and (strcmp(p->name, name) == 0))){

return p;

}

/* Create a new plugin */

plugin *new_plugin = malloc(sizeof(plugin));

if (new_plugin == NULL){

perror("malloc");

exit(EXIT_FAILURE);

}

new_plugin->name = name;

new_plugin->argv = malloc(sizeof(char *) * 2);

if (new_plugin->argv == NULL){

perror("malloc");

exit(EXIT_FAILURE);

}

new_plugin->argv[0] = name;

new_plugin->argv[1] = NULL;

new_plugin->argc = 1;

/* Append the new plugin to the list */

new_plugin->next = *plugin_list;

*plugin_list = new_plugin;

return new_plugin;

}

void addarguments(plugin *p, char *arg){

p->argv[p->argc] = arg;

p->argv = realloc(p->argv, sizeof(char *) * (size_t)(p->argc + 2));

if (p->argv == NULL){

perror("malloc");

exit(EXIT_FAILURE);

}

p->argc++;

p->argv[p->argc] = NULL;

}

100

101

#define BUFFER_SIZE 256

102

103

const char *argp_program_version =

104

"plugbasedclient 0.9";

105

const char *argp_program_bug_address =

106

"<mandos@fukt.bsnet.se>";

107

static char doc[] =

108

"Mandos plugin runner -- Run Mandos plugins";

109

/* A description of the arguments we accept. */

110

static char args_doc[] = "";

111

112

int main(int argc, char *argv[]){

113

char plugindir[] = "plugins.d";

114

size_t d_name_len, plugindir_len = sizeof(plugindir)-1;

119

int ret, maxfd = 0;

120

process *process_list = NULL;

121

122

/* The options we understand. */

123

struct argp_option options[] = {

124

{ .name = "global-options", .key = 'g',

125

.arg = "option[,option[,...]]", .flags = 0,

126

.doc = "Options effecting all plugins" },

127

{ .name = "options-for", .key = 'o',

128

.arg = "plugin:option[,option[,...]]", .flags = 0,

129

.doc = "Options effecting only specified plugins" },

130

{ .name = NULL }

131

};

132

133

error_t parse_opt (int key, char *arg, struct argp_state *state) {

134

/* Get the INPUT argument from `argp_parse', which we

135

know is a pointer to our arguments structure. */

136

plugin **plugins = state->input;

137

switch (key) {

138

case 'g':

139

if (arg != NULL){

140

char *p = strtok(arg, ",");

141

do{

142

addarguments(getplugin(NULL, plugins), p);

143

p = strtok(NULL, ",");

144

} while (p);

145

}

146

break;

147

case 'o':

148

if (arg != NULL){

149

char *name = strtok(arg, ":");

150

char *p = strtok(NULL, ":");

151

p = strtok(p, ",");

152

do{

153

addarguments(getplugin(name, plugins), p);

154

p = strtok(NULL, ",");

155

} while (p);

156

}

157

break;

158

case ARGP_KEY_ARG:

159

argp_usage (state);

160

break;

161

case ARGP_KEY_END:

162

break;

163

default:

164

return ARGP_ERR_UNKNOWN;

165

}

166

return 0;

167

}

168

169

plugin *plugin_list = NULL;

170

171

struct argp argp = { .options = options, .parser = parse_opt,

172

.args_doc = args_doc, .doc = doc };

173

174

argp_parse (&argp, argc, argv, 0, 0, &plugin_list);

175

176

/* for(plugin *p = plugin_list; p != NULL; p=p->next){ */

177

/* fprintf(stderr, "Plugin: %s has %d arguments\n", p->name ? p->name : "Global", p->argc); */

178

/* for(char **a = p->argv + 1; *a != NULL; a++){ */

179

/* fprintf(stderr, "\tArg: %s\n", *a); */

180

/* } */

181

/* } */

182

183

/* return 0; */

184

185

dir = opendir(plugindir);

186

187

if(dir == NULL){

188

fprintf(stderr, "Can not open directory\n");

189

return EXIT_FAILURE;

218

// Starting a new process to be watched

219

process *new_process = malloc(sizeof(process));

220

int pipefd[2];

221

ret = pipe(pipefd);

222

if (ret == -1){

223

perror(argv[0]);

224

goto end;

225

}

pipe(pipefd);

226

new_process->pid = fork();

227

if(new_process->pid == 0){

228

/* this is the child process */

229

closedir(dir);

230

close(pipefd[0]); /* close unused read end of pipe */

231

dup2(pipefd[1], STDOUT_FILENO); /* replace our stdout */

232

char *basename;

233

basename = strrchr(filename, '/');

234

if (basename == NULL){

235

basename = filename;

236

} else {

237

basename++;

238

}

239

plugin *p = getplugin(basename, &plugin_list);

240

241

plugin *g = getplugin(NULL, &plugin_list);

242

for(char **a = g->argv + 1; *a != NULL; a++){

243

addarguments(p, *a);

244

}

245

if(execv(filename, p->argv) < 0){

/* create a new modified argument list */

char **new_argv = malloc(sizeof(char *) * (argc + 1));

new_argv[0] = filename;

for(int i = 1; i < argc; i++){

new_argv[i] = argv[i];

}

new_argv[argc] = NULL;

if(execv(filename, new_argv) < 0){

246

perror(argv[0]);

247

close(pipefd[1]);

248

exit(EXIT_FAILURE);

287

131

> process_itr->buffer_size){

288

132

process_itr->buffer = realloc(process_itr->buffer,

289

133

process_itr->buffer_size

290

+ (size_t) BUFFER_SIZE);

134

+ BUFFER_SIZE);

291

135

if (process_itr->buffer == NULL){

292

136

perror(argv[0]);

293

137

goto end;

296

140

}

297

141

ret = read(process_itr->fd, process_itr->buffer

298

142

+ process_itr->buffer_length, BUFFER_SIZE);

299

if(ret < 0){

300

/* Read error from this process; ignore it */

301

continue;

302

}

303

process_itr->buffer_length += (size_t) ret;

143

process_itr->buffer_length+=ret;

304

144

if(ret == 0){

305

145

/* got EOF */

306

146

/* wait for process exit */

307

147

int status;

308

148

waitpid(process_itr->pid, &status, 0);

309

149

if(WIFEXITED(status) and WEXITSTATUS(status) == 0){

310

for(size_t written = 0;

311

written < process_itr->buffer_length;){

312

ret = write(STDOUT_FILENO,

313

process_itr->buffer + written,

314

process_itr->buffer_length - written);

315

if(ret < 0){

316

perror(argv[0]);

317

goto end;

318

}

319

written += (size_t)ret;

320

}

150

write(STDOUT_FILENO, process_itr->buffer,

151

process_itr->buffer_length);

321

152

goto end;

322

153

} else {

323

154

FD_CLR(process_itr->fd, &rfds_orig);

Older »