3
3
* Mandos plugin runner - Run Mandos plugins
5
* Copyright © 2008-2013 Teddy Hogeborn
6
* Copyright © 2008-2013 Björn Påhlsson
5
* Copyright © 2008,2009 Teddy Hogeborn
6
* Copyright © 2008,2009 Björn Påhlsson
8
8
* This program is free software: you can redistribute it and/or
9
9
* modify it under the terms of the GNU General Public License as
19
19
* along with this program. If not, see
20
20
* <http://www.gnu.org/licenses/>.
22
* Contact the authors at <mandos@recompile.se>.
22
* Contact the authors at <mandos@fukt.bsnet.se>.
25
25
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), getline(),
79
79
#define AFILE "/conf/conf.d/mandos/plugin-runner.conf"
81
81
const char *argp_program_version = "plugin-runner " VERSION;
82
const char *argp_program_bug_address = "<mandos@recompile.se>";
82
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
84
84
typedef struct plugin{
85
85
char *name; /* can be NULL or any plugin name */
106
106
/* Gets an existing plugin based on name,
107
107
or if none is found, creates a new one */
108
__attribute__((warn_unused_result))
109
108
static plugin *getplugin(char *name){
110
109
/* Check for existing plugin with that name */
111
110
for(plugin *p = plugin_list; p != NULL; p = p->next){
174
173
/* Helper function for add_argument and add_environment */
175
__attribute__((nonnull, warn_unused_result))
176
174
static bool add_to_char_array(const char *new, char ***array,
178
176
/* Resize the pointed-to array to hold one more pointer */
179
char **new_array = NULL;
181
new_array = realloc(*array, sizeof(char *)
182
* (size_t) ((*len) + 2));
183
} while(new_array == NULL and errno == EINTR);
178
*array = realloc(*array, sizeof(char *)
179
* (size_t) ((*len) + 2));
180
} while(*array == NULL and errno == EINTR);
184
181
/* Malloc check */
185
if(new_array == NULL){
189
185
/* Make a copy of the new string */
214
209
/* Add to a plugin's environment */
215
__attribute__((nonnull(2), warn_unused_result))
216
210
static bool add_environment(plugin *p, const char *def, bool replace){
220
214
/* namelen = length of name of environment variable */
221
215
size_t namelen = (size_t)(strchrnul(def, '=') - def);
222
216
/* Search for this environment variable */
223
for(char **envdef = p->environ; *envdef != NULL; envdef++){
224
if(strncmp(*envdef, def, namelen + 1) == 0){
217
for(char **e = p->environ; *e != NULL; e++){
218
if(strncmp(*e, def, namelen + 1) == 0){
225
219
/* It already exists */
229
new_envdef = realloc(*envdef, strlen(def) + 1);
230
} while(new_envdef == NULL and errno == EINTR);
231
if(new_envdef == NULL){
223
new = realloc(*e, strlen(def) + 1);
224
} while(new == NULL and errno == EINTR);
234
*envdef = new_envdef;
235
strcpy(*envdef, def);
245
239
* Descriptor Flags".
246
240
| [[info:libc:Descriptor%20Flags][File Descriptor Flags]] |
248
__attribute__((warn_unused_result))
249
242
static int set_cloexec_flag(int fd){
250
243
int ret = (int)TEMP_FAILURE_RETRY(fcntl(fd, F_GETFD, 0));
251
244
/* If reading the flags failed, return error indication now. */
295
288
/* Prints out a password to stdout */
296
__attribute__((nonnull, warn_unused_result))
297
289
static bool print_out_password(const char *buffer, size_t length){
299
291
for(size_t written = 0; written < length; written += (size_t)ret){
445
434
case 'G': /* --global-env */
446
if(add_environment(getplugin(NULL), arg, true)){
435
add_environment(getplugin(NULL), arg, true);
450
437
case 'o': /* --options-for */
489
if(add_environment(getplugin(arg), envdef, true)){
475
add_environment(getplugin(arg), envdef, true);
494
478
case 'd': /* --disable */
505
488
plugin *p = getplugin(arg);
507
490
p->disabled = false;
512
494
case 128: /* --plugin-dir */
514
496
plugindir = strdup(arg);
515
if(plugindir != NULL){
519
498
case 129: /* --config-file */
520
499
/* This is already done by parse_opt_config_file() */
522
501
case 130: /* --userid */
523
tmp_id = strtoimax(arg, &tmp, 10);
502
tmpmax = strtoimax(arg, &tmp, 10);
524
503
if(errno != 0 or tmp == arg or *tmp != '\0'
525
or tmp_id != (uid_t)tmp_id){
504
or tmpmax != (uid_t)tmpmax){
526
505
argp_error(state, "Bad user ID number: \"%s\", using %"
527
506
PRIdMAX, arg, (intmax_t)uid);
533
511
case 131: /* --groupid */
534
tmp_id = strtoimax(arg, &tmp, 10);
512
tmpmax = strtoimax(arg, &tmp, 10);
535
513
if(errno != 0 or tmp == arg or *tmp != '\0'
536
or tmp_id != (gid_t)tmp_id){
514
or tmpmax != (gid_t)tmpmax){
537
515
argp_error(state, "Bad group ID number: \"%s\", using %"
538
516
PRIdMAX, arg, (intmax_t)gid);
544
521
case 132: /* --debug */
686
660
custom_argc += 1;
688
char **new_argv = realloc(custom_argv, sizeof(char *)
691
if(new_argv == NULL){
692
error(0, errno, "realloc");
693
exitstatus = EX_OSERR;
698
custom_argv = new_argv;
661
custom_argv = realloc(custom_argv, sizeof(char *)
662
* ((unsigned int) custom_argc + 1));
663
if(custom_argv == NULL){
664
error(0, errno, "realloc");
665
exitstatus = EX_OSERR;
701
669
custom_argv[custom_argc-1] = new_arg;
702
670
custom_argv[custom_argc] = NULL;
778
/* Work around Debian bug #633582:
779
<http://bugs.debian.org/633582> */
780
int plugindir_fd = open(/* plugindir or */ PDIR, O_RDONLY);
781
if(plugindir_fd == -1){
782
error(0, errno, "open");
784
ret = (int)TEMP_FAILURE_RETRY(fstat(plugindir_fd, &st));
786
error(0, errno, "fstat");
788
if(S_ISDIR(st.st_mode) and st.st_uid == 0 and st.st_gid == 0){
789
ret = fchown(plugindir_fd, uid, gid);
791
error(0, errno, "fchown");
795
TEMP_FAILURE_RETRY(close(plugindir_fd));
799
/* Lower permissions */
745
/* Strip permissions down to nobody */
802
748
error(0, errno, "setgid");
877
823
bool bad_name = false;
879
const char * const bad_prefixes[] = { ".", "#", NULL };
825
const char const *bad_prefixes[] = { ".", "#", NULL };
881
const char * const bad_suffixes[] = { "~", "#", ".dpkg-new",
827
const char const *bad_suffixes[] = { "~", "#", ".dpkg-new",
884
830
".dpkg-divert", NULL };
886
#pragma GCC diagnostic push
887
#pragma GCC diagnostic ignored "-Wcast-qual"
889
for(const char **pre = (const char **)bad_prefixes;
890
*pre != NULL; pre++){
892
#pragma GCC diagnostic pop
831
for(const char **pre = bad_prefixes; *pre != NULL; pre++){
894
832
size_t pre_len = strlen(*pre);
895
833
if((d_name_len >= pre_len)
896
834
and strncmp((dirst->d_name), *pre, pre_len) == 0){
909
#pragma GCC diagnostic push
910
#pragma GCC diagnostic ignored "-Wcast-qual"
912
for(const char **suf = (const char **)bad_suffixes;
913
*suf != NULL; suf++){
915
#pragma GCC diagnostic pop
846
for(const char **suf = bad_suffixes; *suf != NULL; suf++){
917
847
size_t suf_len = strlen(*suf);
918
848
if((d_name_len >= suf_len)
919
849
and (strcmp((dirst->d_name) + d_name_len-suf_len, *suf)
1116
#if defined (__GNUC__) and defined (__GLIBC__)
1117
#if not __GLIBC_PREREQ(2, 16)
1118
#pragma GCC diagnostic push
1119
#pragma GCC diagnostic ignored "-Wsign-conversion"
1122
1046
FD_SET(new_plugin->fd, &rfds_all); /* Spurious warning from
1123
-Wconversion in GNU libc
1125
#if defined (__GNUC__) and defined (__GLIBC__)
1126
#if not __GLIBC_PREREQ(2, 16)
1127
#pragma GCC diagnostic pop
1131
1049
if(maxfd < new_plugin->fd){
1132
1050
maxfd = new_plugin->fd;
1188
1106
/* Remove the plugin */
1189
#if defined (__GNUC__) and defined (__GLIBC__)
1190
#if not __GLIBC_PREREQ(2, 16)
1191
#pragma GCC diagnostic push
1192
#pragma GCC diagnostic ignored "-Wsign-conversion"
1195
1107
FD_CLR(proc->fd, &rfds_all); /* Spurious warning from
1196
-Wconversion in GNU libc
1198
#if defined (__GNUC__) and defined (__GLIBC__)
1199
#if not __GLIBC_PREREQ(2, 16)
1200
#pragma GCC diagnostic pop
1204
1110
/* Block signal while modifying process_list */
1205
1111
ret = (int)TEMP_FAILURE_RETRY(sigprocmask
1247
1153
/* This process has not completed. Does it have any output? */
1248
#if defined (__GNUC__) and defined (__GLIBC__)
1249
#if not __GLIBC_PREREQ(2, 16)
1250
#pragma GCC diagnostic push
1251
#pragma GCC diagnostic ignored "-Wsign-conversion"
1254
1154
if(proc->eof or not FD_ISSET(proc->fd, &rfds)){ /* Spurious
1260
#if defined (__GNUC__) and defined (__GLIBC__)
1261
#if not __GLIBC_PREREQ(2, 16)
1262
#pragma GCC diagnostic pop
1265
1157
/* This process had nothing to say at this time */
1266
1158
proc = proc->next;
1269
1161
/* Before reading, make the process' data buffer large enough */
1270
1162
if(proc->buffer_length + BUFFER_SIZE > proc->buffer_size){
1271
char *new_buffer = realloc(proc->buffer, proc->buffer_size
1272
+ (size_t) BUFFER_SIZE);
1273
if(new_buffer == NULL){
1163
proc->buffer = realloc(proc->buffer, proc->buffer_size
1164
+ (size_t) BUFFER_SIZE);
1165
if(proc->buffer == NULL){
1274
1166
error(0, errno, "malloc");
1275
1167
exitstatus = EX_OSERR;
1278
proc->buffer = new_buffer;
1279
1170
proc->buffer_size += BUFFER_SIZE;
1281
1172
/* Read from the process */