3
3
* Mandos plugin runner - Run Mandos plugins
5
* Copyright © 2008,2009 Teddy Hogeborn
6
* Copyright © 2008,2009 Björn Påhlsson
5
* Copyright © 2008 Teddy Hogeborn
6
* Copyright © 2008 Björn Påhlsson
8
8
* This program is free software: you can redistribute it and/or
9
9
* modify it under the terms of the GNU General Public License as
64
64
sigprocmask(), SIG_BLOCK, SIGCHLD,
65
65
SIG_UNBLOCK, kill() */
66
66
#include <errno.h> /* errno, EBADF */
67
#include <inttypes.h> /* intmax_t, SCNdMAX, PRIdMAX, */
69
68
#define BUFFER_SIZE 256
100
99
or if none is found, creates a new one */
101
100
static plugin *getplugin(char *name){
102
101
/* Check for exiting plugin with that name */
103
for(plugin *p = plugin_list; p != NULL; p = p->next){
105
or (p->name and name and (strcmp(p->name, name) == 0))){
102
for (plugin *p = plugin_list; p != NULL; p = p->next){
103
if ((p->name == name)
104
or (p->name and name and (strcmp(p->name, name) == 0))){
109
108
/* Create a new plugin */
110
109
plugin *new_plugin = malloc(sizeof(plugin));
111
if(new_plugin == NULL){
110
if (new_plugin == NULL){
114
113
char *copy_name = NULL;
115
114
if(name != NULL){
116
115
copy_name = strdup(name);
117
116
if(copy_name == NULL){
123
*new_plugin = (plugin){ .name = copy_name,
126
.next = plugin_list };
121
*new_plugin = (plugin) { .name = copy_name,
124
.next = plugin_list };
128
126
new_plugin->argv = malloc(sizeof(char *) * 2);
129
if(new_plugin->argv == NULL){
127
if (new_plugin->argv == NULL){
131
129
free(new_plugin);
380
error_t parse_opt(int key, char *arg, __attribute__((unused))
381
struct argp_state *state){
374
error_t parse_opt (int key, char *arg, __attribute__((unused))
375
struct argp_state *state) {
383
377
case 'g': /* --global-options */
386
380
while((p = strsep(&arg, ",")) != NULL){
387
381
if(p[0] == '\0'){
468
462
/* This is already done by parse_opt_config_file() */
470
464
case 130: /* --userid */
471
ret = sscanf(arg, "%" SCNdMAX "%n", &tmpmax, &numchars);
472
if(ret < 1 or tmpmax != (uid_t)tmpmax
473
or arg[numchars] != '\0'){
474
fprintf(stderr, "Bad user ID number: \"%s\", using %"
475
PRIdMAX "\n", arg, (intmax_t)uid);
465
uid = (uid_t)strtol(arg, NULL, 10);
480
467
case 131: /* --groupid */
481
ret = sscanf(arg, "%" SCNdMAX "%n", &tmpmax, &numchars);
482
if(ret < 1 or tmpmax != (gid_t)tmpmax
483
or arg[numchars] != '\0'){
484
fprintf(stderr, "Bad group ID number: \"%s\", using %"
485
PRIdMAX "\n", arg, (intmax_t)gid);
468
gid = (gid_t)strtol(arg, NULL, 10);
490
470
case 132: /* --debug */
494
* When adding more options before this line, remember to also add a
495
* "case" to the "parse_opt_config_file" function below.
497
473
case ARGP_KEY_ARG:
498
474
/* Cryptsetup always passes an argument, which is an empty
499
475
string if "none" was specified in /etc/crypttab. So if
513
489
/* This option parser is the same as parse_opt() above, except it
514
490
ignores everything but the --config-file option. */
515
error_t parse_opt_config_file(int key, char *arg,
516
__attribute__((unused))
517
struct argp_state *state){
491
error_t parse_opt_config_file (int key, char *arg,
492
__attribute__((unused))
493
struct argp_state *state) {
519
495
case 'g': /* --global-options */
520
496
case 'G': /* --global-env */
521
497
case 'o': /* --options-for */
549
525
.doc = "Mandos plugin runner -- Run plugins" };
551
/* Parse using parse_opt_config_file() in order to get the custom
527
/* Parse using the parse_opt_config_file in order to get the custom
552
528
config file location, if any. */
553
ret = argp_parse(&argp, argc, argv, ARGP_IN_ORDER, 0, NULL);
554
if(ret == ARGP_ERR_UNKNOWN){
529
ret = argp_parse (&argp, argc, argv, ARGP_IN_ORDER, 0, NULL);
530
if (ret == ARGP_ERR_UNKNOWN){
555
531
fprintf(stderr, "Unknown error while parsing arguments\n");
556
532
exitstatus = EXIT_FAILURE;
570
546
char *org_line = NULL;
571
547
char *p, *arg, *new_arg, *line;
573
550
const char whitespace_delims[] = " \r\t\f\v\n";
574
551
const char comment_delim[] = "#";
623
600
/* Check for harmful errors and go to fallback. Other errors might
624
601
not affect opening plugins */
625
if(errno == EMFILE or errno == ENFILE or errno == ENOMEM){
602
if (errno == EMFILE or errno == ENFILE or errno == ENOMEM){
627
604
exitstatus = EXIT_FAILURE;
631
608
/* If there was any arguments from configuration file,
632
609
pass them to parser as command arguments */
633
610
if(custom_argv != NULL){
634
ret = argp_parse(&argp, custom_argc, custom_argv, ARGP_IN_ORDER,
636
if(ret == ARGP_ERR_UNKNOWN){
611
ret = argp_parse (&argp, custom_argc, custom_argv, ARGP_IN_ORDER,
613
if (ret == ARGP_ERR_UNKNOWN){
637
614
fprintf(stderr, "Unknown error while parsing arguments\n");
638
615
exitstatus = EXIT_FAILURE;
643
620
/* Parse actual command line arguments, to let them override the
645
ret = argp_parse(&argp, argc, argv, ARGP_IN_ORDER, 0, NULL);
646
if(ret == ARGP_ERR_UNKNOWN){
622
ret = argp_parse (&argp, argc, argv, ARGP_IN_ORDER, 0, NULL);
623
if (ret == ARGP_ERR_UNKNOWN){
647
624
fprintf(stderr, "Unknown error while parsing arguments\n");
648
625
exitstatus = EXIT_FAILURE;
656
633
for(char **a = p->argv; *a != NULL; a++){
657
634
fprintf(stderr, "\tArg: %s\n", *a);
659
fprintf(stderr, "...and %d environment variables\n", p->envc);
636
fprintf(stderr, "...and %u environment variables\n", p->envc);
660
637
for(char **a = p->environ; *a != NULL; a++){
661
638
fprintf(stderr, "\t%s\n", *a);
774
751
ret = stat(filename, &st);
781
758
/* Ignore non-executable files */
782
if(not S_ISREG(st.st_mode) or (access(filename, X_OK) != 0)){
759
if (not S_ISREG(st.st_mode) or (access(filename, X_OK) != 0)){
784
761
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
785
762
" with bad type or mode\n", filename);
853
830
/* Block SIGCHLD until process is safely in process list */
854
ret = sigprocmask(SIG_BLOCK, &sigchld_action.sa_mask, NULL);
831
ret = sigprocmask (SIG_BLOCK, &sigchld_action.sa_mask, NULL);
856
833
perror("sigprocmask");
857
834
exitstatus = EXIT_FAILURE;
905
882
close(pipefd[1]); /* Close unused write end of pipe */
907
884
plugin *new_plugin = getplugin(dirst->d_name);
908
if(new_plugin == NULL){
885
if (new_plugin == NULL){
909
886
perror("getplugin");
910
ret = sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
887
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
912
889
perror("sigprocmask");
921
898
/* Unblock SIGCHLD so signal handler can be run if this process
922
899
has already completed */
923
ret = sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
900
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
925
902
perror("sigprocmask");
926
903
exitstatus = EXIT_FAILURE;
930
907
FD_SET(new_plugin->fd, &rfds_all);
932
if(maxfd < new_plugin->fd){
909
if (maxfd < new_plugin->fd){
933
910
maxfd = new_plugin->fd;
939
free_plugin(getplugin(NULL));
941
917
for(plugin *p = plugin_list; p != NULL; p = p->next){
962
938
from one of them */
963
939
for(plugin *proc = plugin_list; proc != NULL;){
964
940
/* Is this process completely done? */
965
if(proc->completed and proc->eof){
941
if(proc->eof and proc->completed){
966
942
/* Only accept the plugin output if it exited cleanly */
967
943
if(not WIFEXITED(proc->status)
968
944
or WEXITSTATUS(proc->status) != 0){
972
948
if(WIFEXITED(proc->status)){
973
fprintf(stderr, "Plugin %" PRIdMAX " exited with status"
974
" %d\n", (intmax_t) (proc->pid),
949
fprintf(stderr, "Plugin %u exited with status %d\n",
950
(unsigned int) (proc->pid),
975
951
WEXITSTATUS(proc->status));
976
} else if(WIFSIGNALED(proc->status)){
977
fprintf(stderr, "Plugin %" PRIdMAX " killed by signal"
978
" %d\n", (intmax_t) (proc->pid),
952
} else if(WIFSIGNALED(proc->status)) {
953
fprintf(stderr, "Plugin %u killed by signal %d\n",
954
(unsigned int) (proc->pid),
979
955
WTERMSIG(proc->status));
980
956
} else if(WCOREDUMP(proc->status)){
981
fprintf(stderr, "Plugin %" PRIdMAX " dumped core\n",
982
(intmax_t) (proc->pid));
957
fprintf(stderr, "Plugin %d dumped core\n",
958
(unsigned int) (proc->pid));
999
975
proc = next_plugin;
1001
977
/* We are done modifying process list, so unblock signal */
1002
ret = sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask,
978
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask,
1005
981
perror("sigprocmask");
1006
982
exitstatus = EXIT_FAILURE;
1035
1011
if(proc->buffer_length + BUFFER_SIZE > proc->buffer_size){
1036
1012
proc->buffer = realloc(proc->buffer, proc->buffer_size
1037
1013
+ (size_t) BUFFER_SIZE);
1038
if(proc->buffer == NULL){
1014
if (proc->buffer == NULL){
1039
1015
perror("malloc");
1040
1016
exitstatus = EXIT_FAILURE;
1043
1019
proc->buffer_size += BUFFER_SIZE;
1045
1021
/* Read from the process */
1046
sret = read(proc->fd, proc->buffer + proc->buffer_length,
1022
ret = read(proc->fd, proc->buffer + proc->buffer_length,
1049
1025
/* Read error from this process; ignore the error */
1050
1026
proc = proc->next;
1055
1031
proc->eof = true;
1057
proc->buffer_length += (size_t) sret;
1033
proc->buffer_length += (size_t) ret;