To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugin-runner.c
- browse files at revision 237.23.1
- compare with another revision
- download diff
- download tarball
- view history from revision 237.23.1
- Committer: Teddy Hogeborn
- Date: 2014-07-25 22:44:20 UTC
- mto: (237.7.272 trunk)
- mto: This revision was merged to the branch mainline in revision 321.
- Revision ID: teddy@recompile.se-20140725224420-4a5ct2ptt0hsc92z
Require Python 2.7.
This is in preparation for the eventual move to Python 3, which will
happen as soon as all Python modules required by Mandos are available.
The mandos-ctl and mandos-monitor programs are already portable
between Python 2.6 and Python 3 without changes; this change will
bring the requirement up to Python 2.7.
* INSTALL (Prerequisites/Libraries/Mandos Server): Document
requirement of
Python 2.7; remove
Python-argparse
which is in the
Python 2.7 standard
library.
* debian/control (Source: mandos/Build-Depends-Indep): Depend on
exactly the
python2.7
package and all
the Python 2.7
versions of the
python modules.
(Package: mandos/Depends): - '' - but still depend on python (<=2.7)
and the generic versions of the Python
modules; this is for mandos-ctl and
mandos-monitor, both of which are
compatible with Python 3, and use
#!/usr/bin/python.
* mandos: Use #!/usr/bin/python2.7 instead of #!/usr/bin/python.
This is in preparation for the eventual move to Python 3, which will
happen as soon as all Python modules required by Mandos are available.
The mandos-ctl and mandos-monitor programs are already portable
between Python 2.6 and Python 3 without changes; this change will
bring the requirement up to Python 2.7.
* INSTALL (Prerequisites/Libraries/Mandos Server): Document
requirement of
Python 2.7; remove
Python-argparse
which is in the
Python 2.7 standard
library.
* debian/control (Source: mandos/Build-Depends-Indep): Depend on
exactly the
python2.7
package and all
the Python 2.7
versions of the
python modules.
(Package: mandos/Depends): - '' - but still depend on python (<=2.7)
and the generic versions of the Python
modules; this is for mandos-ctl and
mandos-monitor, both of which are
compatible with Python 3, and use
#!/usr/bin/python.
* mandos: Use #!/usr/bin/python2.7 instead of #!/usr/bin/python.
- files added:
- .bzr-builddeb
- debian
- debian/po
- debian/source
- debian/upstream
- network-hooks.d
- files removed:
- plugins.d/usplash
- files renamed:
- plugins.d/password-request.c => plugins.d/mandos-client.c
- plugins.d/password-request.xml => plugins.d/mandos-client.xml
- files modified:
- .bzrignore
added
removed
plugin-runner.c
1
/* -*- coding: utf-8 -*- */
1
/* -*- coding: utf-8; mode: c; mode: orgtbl -*- */
2
2
/*
3
3
* Mandos plugin runner - Run Mandos plugins
4
4
*
5
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
5
* Copyright © 2008-2014 Teddy Hogeborn
6
* Copyright © 2008-2014 Björn Påhlsson
6
7
*
7
8
* This program is free software: you can redistribute it and/or
8
9
* modify it under the terms of the GNU General Public License as
18
19
* along with this program. If not, see
19
20
* <http://www.gnu.org/licenses/>.
20
21
*
21
* Contact the authors at <mandos@fukt.bsnet.se>.
22
* Contact the authors at <mandos@recompile.se>.
22
23
*/
23
24
24
25
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), getline(),
25
asprintf() */
26
O_CLOEXEC, pipe2() */
26
27
#include <stddef.h> /* size_t, NULL */
27
#include <stdlib.h> /* malloc(), exit(), EXIT_FAILURE,
28
EXIT_SUCCESS, realloc() */
28
#include <stdlib.h> /* malloc(), exit(), EXIT_SUCCESS,
29
realloc() */
29
30
#include <stdbool.h> /* bool, true, false */
30
#include <stdio.h> /* perror, popen(), fileno(),
31
fprintf(), stderr, STDOUT_FILENO */
32
#include <sys/types.h> /* DIR, opendir(), stat(), struct
33
stat, waitpid(), WIFEXITED(),
34
WEXITSTATUS(), wait(), pid_t,
35
uid_t, gid_t, getuid(), getgid(),
36
dirfd() */
31
#include <stdio.h> /* fileno(), fprintf(),
32
stderr, STDOUT_FILENO, fclose() */
33
#include <sys/types.h> /* fstat(), struct stat, waitpid(),
34
WIFEXITED(), WEXITSTATUS(), wait(),
35
pid_t, uid_t, gid_t, getuid(),
36
getgid() */
37
37
#include <sys/select.h> /* fd_set, select(), FD_ZERO(),
38
38
FD_SET(), FD_ISSET(), FD_CLR */
39
39
#include <sys/wait.h> /* wait(), waitpid(), WIFEXITED(),
40
WEXITSTATUS() */
41
#include <sys/stat.h> /* struct stat, stat(), S_ISREG() */
40
WEXITSTATUS(), WTERMSIG(),
41
WCOREDUMP() */
42
#include <sys/stat.h> /* struct stat, fstat(), S_ISREG() */
42
43
#include <iso646.h> /* and, or, not */
43
#include <dirent.h> /* DIR, struct dirent, opendir(),
44
readdir(), closedir(), dirfd() */
45
#include <unistd.h> /* struct stat, stat(), S_ISREG(),
46
fcntl(), setuid(), setgid(),
47
F_GETFD, F_SETFD, FD_CLOEXEC,
48
access(), pipe(), fork(), close()
49
dup2, STDOUT_FILENO, _exit(),
50
execv(), write(), read(),
51
close() */
44
#include <dirent.h> /* struct dirent, scandirat() */
45
#include <unistd.h> /* fcntl(), F_GETFD, F_SETFD,
46
FD_CLOEXEC, write(), STDOUT_FILENO,
47
struct stat, fstat(), close(),
48
setgid(), setuid(), S_ISREG(),
49
faccessat() pipe2(), fork(),
50
_exit(), dup2(), fexecve(), read()
51
*/
52
52
#include <fcntl.h> /* fcntl(), F_GETFD, F_SETFD,
53
FD_CLOEXEC */
54
#include <string.h> /* strsep, strlen(), asprintf() */
53
FD_CLOEXEC, openat(), scandirat(),
54
pipe2() */
55
#include <string.h> /* strsep, strlen(), strsignal(),
56
strcmp(), strncmp() */
55
57
#include <errno.h> /* errno */
56
58
#include <argp.h> /* struct argp_option, struct
57
59
argp_state, struct argp,
61
63
#include <signal.h> /* struct sigaction, sigemptyset(),
62
64
sigaddset(), sigaction(),
63
65
sigprocmask(), SIG_BLOCK, SIGCHLD,
64
SIG_UNBLOCK, kill() */
66
SIG_UNBLOCK, kill(), sig_atomic_t
67
*/
65
68
#include <errno.h> /* errno, EBADF */
69
#include <inttypes.h> /* intmax_t, PRIdMAX, strtoimax() */
70
#include <sysexits.h> /* EX_OSERR, EX_USAGE, EX_IOERR,
71
EX_CONFIG, EX_UNAVAILABLE, EX_OK */
72
#include <errno.h> /* errno */
73
#include <error.h> /* error() */
74
#include <fnmatch.h> /* fnmatch() */
66
75
67
76
#define BUFFER_SIZE 256
68
77
69
78
#define PDIR "/lib/mandos/plugins.d"
70
79
#define AFILE "/conf/conf.d/mandos/plugin-runner.conf"
71
80
72
const char *argp_program_version = "plugin-runner 1.0";
73
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
74
75
struct plugin;
81
const char *argp_program_version = "plugin-runner " VERSION;
82
const char *argp_program_bug_address = "<mandos@recompile.se>";
76
83
77
84
typedef struct plugin{
78
85
char *name; /* can be NULL or any plugin name */
81
88
char **environ;
82
89
int envc;
83
90
bool disabled;
84
91
85
92
/* Variables used for running processes*/
86
93
pid_t pid;
87
94
int fd;
89
96
size_t buffer_size;
90
97
size_t buffer_length;
91
98
bool eof;
92
volatile bool completed;
93
volatile int status;
99
volatile sig_atomic_t completed;
100
int status;
94
101
struct plugin *next;
95
102
} plugin;
96
103
97
104
static plugin *plugin_list = NULL;
98
105
99
/* Gets a existing plugin based on name,
106
/* Gets an existing plugin based on name,
100
107
or if none is found, creates a new one */
108
__attribute__((warn_unused_result))
101
109
static plugin *getplugin(char *name){
102
/* Check for exiting plugin with that name */
103
for (plugin *p = plugin_list; p != NULL; p = p->next){
104
if ((p->name == name)
105
or (p->name and name and (strcmp(p->name, name) == 0))){
110
/* Check for existing plugin with that name */
111
for(plugin *p = plugin_list; p != NULL; p = p->next){
112
if((p->name == name)
113
or (p->name and name and (strcmp(p->name, name) == 0))){
106
114
return p;
107
115
}
108
116
}
109
117
/* Create a new plugin */
110
plugin *new_plugin = malloc(sizeof(plugin));
111
if (new_plugin == NULL){
118
plugin *new_plugin = NULL;
119
do {
120
new_plugin = malloc(sizeof(plugin));
121
} while(new_plugin == NULL and errno == EINTR);
122
if(new_plugin == NULL){
112
123
return NULL;
113
124
}
114
125
char *copy_name = NULL;
115
126
if(name != NULL){
116
copy_name = strdup(name);
127
do {
128
copy_name = strdup(name);
129
} while(copy_name == NULL and errno == EINTR);
117
130
if(copy_name == NULL){
131
int e = errno;
132
free(new_plugin);
133
errno = e;
118
134
return NULL;
119
135
}
120
136
}
121
122
*new_plugin = (plugin) { .name = copy_name,
123
.argc = 1,
124
.disabled = false,
125
.next = plugin_list };
126
127
new_plugin->argv = malloc(sizeof(char *) * 2);
128
if (new_plugin->argv == NULL){
137
138
*new_plugin = (plugin){ .name = copy_name,
139
.argc = 1,
140
.disabled = false,
141
.next = plugin_list };
142
143
do {
144
new_plugin->argv = malloc(sizeof(char *) * 2);
145
} while(new_plugin->argv == NULL and errno == EINTR);
146
if(new_plugin->argv == NULL){
147
int e = errno;
129
148
free(copy_name);
130
149
free(new_plugin);
150
errno = e;
131
151
return NULL;
132
152
}
133
153
new_plugin->argv[0] = copy_name;
134
154
new_plugin->argv[1] = NULL;
135
155
136
new_plugin->environ = malloc(sizeof(char *));
156
do {
157
new_plugin->environ = malloc(sizeof(char *));
158
} while(new_plugin->environ == NULL and errno == EINTR);
137
159
if(new_plugin->environ == NULL){
160
int e = errno;
138
161
free(copy_name);
139
162
free(new_plugin->argv);
140
163
free(new_plugin);
164
errno = e;
141
165
return NULL;
142
166
}
143
167
new_plugin->environ[0] = NULL;
148
172
}
149
173
150
174
/* Helper function for add_argument and add_environment */
175
__attribute__((nonnull, warn_unused_result))
151
176
static bool add_to_char_array(const char *new, char ***array,
152
177
int *len){
153
178
/* Resize the pointed-to array to hold one more pointer */
154
*array = realloc(*array, sizeof(char *)
155
* (size_t) ((*len) + 2));
179
char **new_array = NULL;
180
do {
181
new_array = realloc(*array, sizeof(char *)
182
* (size_t) ((*len) + 2));
183
} while(new_array == NULL and errno == EINTR);
156
184
/* Malloc check */
157
if(*array == NULL){
185
if(new_array == NULL){
158
186
return false;
159
187
}
188
*array = new_array;
160
189
/* Make a copy of the new string */
161
char *copy = strdup(new);
190
char *copy;
191
do {
192
copy = strdup(new);
193
} while(copy == NULL and errno == EINTR);
162
194
if(copy == NULL){
163
195
return false;
164
196
}
171
203
}
172
204
173
205
/* Add to a plugin's argument vector */
206
__attribute__((nonnull(2), warn_unused_result))
174
207
static bool add_argument(plugin *p, const char *arg){
175
208
if(p == NULL){
176
209
return false;
179
212
}
180
213
181
214
/* Add to a plugin's environment */
215
__attribute__((nonnull(2), warn_unused_result))
182
216
static bool add_environment(plugin *p, const char *def, bool replace){
183
217
if(p == NULL){
184
218
return false;
186
220
/* namelen = length of name of environment variable */
187
221
size_t namelen = (size_t)(strchrnul(def, '=') - def);
188
222
/* Search for this environment variable */
189
for(char **e = p->environ; *e != NULL; e++){
190
if(strncmp(*e, def, namelen+1) == 0){
223
for(char **envdef = p->environ; *envdef != NULL; envdef++){
224
if(strncmp(*envdef, def, namelen + 1) == 0){
191
225
/* It already exists */
192
226
if(replace){
193
char *new = realloc(*e, strlen(def));
194
if(new == NULL){
227
char *new_envdef;
228
do {
229
new_envdef = realloc(*envdef, strlen(def) + 1);
230
} while(new_envdef == NULL and errno == EINTR);
231
if(new_envdef == NULL){
195
232
return false;
196
233
}
197
*e = new;
198
strcpy(*e, def);
234
*envdef = new_envdef;
235
strcpy(*envdef, def);
199
236
}
200
237
return true;
201
238
}
203
240
return add_to_char_array(def, &(p->environ), &(p->envc));
204
241
}
205
242
243
#ifndef O_CLOEXEC
206
244
/*
207
245
* Based on the example in the GNU LibC manual chapter 13.13 "File
208
246
* Descriptor Flags".
209
* *Note File Descriptor Flags:(libc)Descriptor Flags.
247
| [[info:libc:Descriptor%20Flags][File Descriptor Flags]] |
210
248
*/
211
static int set_cloexec_flag(int fd)
212
{
213
int ret = fcntl(fd, F_GETFD, 0);
249
__attribute__((warn_unused_result))
250
static int set_cloexec_flag(int fd){
251
int ret = (int)TEMP_FAILURE_RETRY(fcntl(fd, F_GETFD, 0));
214
252
/* If reading the flags failed, return error indication now. */
215
253
if(ret < 0){
216
254
return ret;
217
255
}
218
256
/* Store modified flag word in the descriptor. */
219
return fcntl(fd, F_SETFD, ret | FD_CLOEXEC);
257
return (int)TEMP_FAILURE_RETRY(fcntl(fd, F_SETFD,
258
ret | FD_CLOEXEC));
220
259
}
260
#endif /* not O_CLOEXEC */
221
261
222
262
223
263
/* Mark processes as completed when they exit, and save their exit
224
264
status. */
225
void handle_sigchld(__attribute__((unused)) int sig){
265
static void handle_sigchld(__attribute__((unused)) int sig){
266
int old_errno = errno;
226
267
while(true){
227
268
plugin *proc = plugin_list;
228
269
int status;
232
273
break;
233
274
}
234
275
if(pid == -1){
235
if (errno != ECHILD){
236
perror("waitpid");
276
if(errno == ECHILD){
277
/* No child processes */
278
break;
237
279
}
238
/* No child processes */
239
break;
280
error(0, errno, "waitpid");
240
281
}
241
282
242
283
/* A child exited, find it in process_list */
243
284
while(proc != NULL and proc->pid != pid){
244
285
proc = proc->next;
248
289
continue;
249
290
}
250
291
proc->status = status;
251
proc->completed = true;
292
proc->completed = 1;
252
293
}
294
errno = old_errno;
253
295
}
254
296
255
297
/* Prints out a password to stdout */
256
bool print_out_password(const char *buffer, size_t length){
298
__attribute__((nonnull, warn_unused_result))
299
static bool print_out_password(const char *buffer, size_t length){
257
300
ssize_t ret;
258
if(length>0 and buffer[length-1] == '\n'){
259
length--;
260
}
261
301
for(size_t written = 0; written < length; written += (size_t)ret){
262
302
ret = TEMP_FAILURE_RETRY(write(STDOUT_FILENO, buffer + written,
263
303
length - written));
269
309
}
270
310
271
311
/* Removes and free a plugin from the plugin list */
312
__attribute__((nonnull))
272
313
static void free_plugin(plugin *plugin_node){
273
314
274
315
for(char **arg = plugin_node->argv; *arg != NULL; arg++){
280
321
}
281
322
free(plugin_node->environ);
282
323
free(plugin_node->buffer);
283
324
284
325
/* Removes the plugin from the singly-linked list */
285
326
if(plugin_node == plugin_list){
286
327
/* First one - simple */
308
349
char *plugindir = NULL;
309
350
char *argfile = NULL;
310
351
FILE *conffp;
311
size_t d_name_len;
312
DIR *dir = NULL;
313
struct dirent *dirst;
352
struct dirent **direntries = NULL;
314
353
struct stat st;
315
354
fd_set rfds_all;
316
355
int ret, maxfd = 0;
356
ssize_t sret;
317
357
uid_t uid = 65534;
318
358
gid_t gid = 65534;
319
359
bool debug = false;
323
363
.sa_flags = SA_NOCLDSTOP };
324
364
char **custom_argv = NULL;
325
365
int custom_argc = 0;
366
int dir_fd = -1;
326
367
327
368
/* Establish a signal handler */
328
369
sigemptyset(&sigchld_action.sa_mask);
329
370
ret = sigaddset(&sigchld_action.sa_mask, SIGCHLD);
330
371
if(ret == -1){
331
perror("sigaddset");
332
exitstatus = EXIT_FAILURE;
372
error(0, errno, "sigaddset");
373
exitstatus = EX_OSERR;
333
374
goto fallback;
334
375
}
335
376
ret = sigaction(SIGCHLD, &sigchld_action, &old_sigchld_action);
336
377
if(ret == -1){
337
perror("sigaction");
338
exitstatus = EXIT_FAILURE;
378
error(0, errno, "sigaction");
379
exitstatus = EX_OSERR;
339
380
goto fallback;
340
381
}
341
382
344
385
{ .name = "global-options", .key = 'g',
345
386
.arg = "OPTION[,OPTION[,...]]",
346
387
.doc = "Options passed to all plugins" },
347
{ .name = "global-env", .key = 'e',
388
{ .name = "global-env", .key = 'G',
348
389
.arg = "VAR=value",
349
390
.doc = "Environment variable passed to all plugins" },
350
391
{ .name = "options-for", .key = 'o',
351
392
.arg = "PLUGIN:OPTION[,OPTION[,...]]",
352
393
.doc = "Options passed only to specified plugin" },
353
{ .name = "env-for", .key = 'f',
394
{ .name = "env-for", .key = 'E',
354
395
.arg = "PLUGIN:ENV=value",
355
396
.doc = "Environment variable passed to specified plugin" },
356
397
{ .name = "disable", .key = 'd',
357
398
.arg = "PLUGIN",
358
399
.doc = "Disable a specific plugin", .group = 1 },
400
{ .name = "enable", .key = 'e',
401
.arg = "PLUGIN",
402
.doc = "Enable a specific plugin", .group = 1 },
359
403
{ .name = "plugin-dir", .key = 128,
360
404
.arg = "DIRECTORY",
361
405
.doc = "Specify a different plugin directory", .group = 2 },
370
414
.doc = "Group ID the plugins will run as", .group = 3 },
371
415
{ .name = "debug", .key = 132,
372
416
.doc = "Debug mode", .group = 4 },
417
/*
418
* These reproduce what we would get without ARGP_NO_HELP
419
*/
420
{ .name = "help", .key = '?',
421
.doc = "Give this help list", .group = -1 },
422
{ .name = "usage", .key = -3,
423
.doc = "Give a short usage message", .group = -1 },
424
{ .name = "version", .key = 'V',
425
.doc = "Print program version", .group = -1 },
373
426
{ .name = NULL }
374
427
};
375
428
376
error_t parse_opt (int key, char *arg, __attribute__((unused))
377
struct argp_state *state) {
378
/* Get the INPUT argument from `argp_parse', which we know is a
379
pointer to our plugin list pointer. */
380
switch (key) {
429
__attribute__((nonnull(3)))
430
error_t parse_opt(int key, char *arg, struct argp_state *state){
431
errno = 0;
432
switch(key){
433
char *tmp;
434
intmax_t tmp_id;
381
435
case 'g': /* --global-options */
382
if (arg != NULL){
383
char *p;
384
while((p = strsep(&arg, ",")) != NULL){
385
if(p[0] == '\0'){
386
continue;
387
}
388
if(not add_argument(getplugin(NULL), p)){
389
perror("add_argument");
390
return ARGP_ERR_UNKNOWN;
391
}
392
}
393
}
394
break;
395
case 'e': /* --global-env */
396
if(arg == NULL){
397
break;
398
}
399
436
{
400
char *envdef = strdup(arg);
401
if(envdef == NULL){
402
break;
403
}
404
if(not add_environment(getplugin(NULL), envdef, true)){
405
perror("add_environment");
406
}
437
char *plugin_option;
438
while((plugin_option = strsep(&arg, ",")) != NULL){
439
if(not add_argument(getplugin(NULL), plugin_option)){
440
break;
441
}
442
}
443
errno = 0;
444
}
445
break;
446
case 'G': /* --global-env */
447
if(add_environment(getplugin(NULL), arg, true)){
448
errno = 0;
407
449
}
408
450
break;
409
451
case 'o': /* --options-for */
410
if (arg != NULL){
411
char *p_name = strsep(&arg, ":");
412
if(p_name[0] == '\0'){
413
break;
414
}
415
char *opt = strsep(&arg, ":");
416
if(opt[0] == '\0'){
417
break;
418
}
419
if(opt != NULL){
420
char *p;
421
while((p = strsep(&opt, ",")) != NULL){
422
if(p[0] == '\0'){
423
continue;
424
}
425
if(not add_argument(getplugin(p_name), p)){
426
perror("add_argument");
427
return ARGP_ERR_UNKNOWN;
428
}
452
{
453
char *option_list = strchr(arg, ':');
454
if(option_list == NULL){
455
argp_error(state, "No colon in \"%s\"", arg);
456
errno = EINVAL;
457
break;
458
}
459
*option_list = '\0';
460
option_list++;
461
if(arg[0] == '\0'){
462
argp_error(state, "Empty plugin name");
463
errno = EINVAL;
464
break;
465
}
466
char *option;
467
while((option = strsep(&option_list, ",")) != NULL){
468
if(not add_argument(getplugin(arg), option)){
469
break;
429
470
}
430
471
}
472
errno = 0;
431
473
}
432
474
break;
433
case 'f': /* --env-for */
434
if(arg == NULL){
435
break;
436
}
475
case 'E': /* --env-for */
437
476
{
438
477
char *envdef = strchr(arg, ':');
439
478
if(envdef == NULL){
440
break;
441
}
442
char *p_name = strndup(arg, (size_t) (envdef-arg));
443
if(p_name == NULL){
444
break;
445
}
479
argp_error(state, "No colon in \"%s\"", arg);
480
errno = EINVAL;
481
break;
482
}
483
*envdef = '\0';
446
484
envdef++;
447
if(not add_environment(getplugin(p_name), envdef, true)){
448
perror("add_environment");
485
if(arg[0] == '\0'){
486
argp_error(state, "Empty plugin name");
487
errno = EINVAL;
488
break;
489
}
490
if(add_environment(getplugin(arg), envdef, true)){
491
errno = 0;
449
492
}
450
493
}
451
494
break;
452
495
case 'd': /* --disable */
453
if (arg != NULL){
454
plugin *p = getplugin(arg);
455
if(p == NULL){
456
return ARGP_ERR_UNKNOWN;
457
}
458
p->disabled = true;
496
{
497
plugin *p = getplugin(arg);
498
if(p != NULL){
499
p->disabled = true;
500
errno = 0;
501
}
502
}
503
break;
504
case 'e': /* --enable */
505
{
506
plugin *p = getplugin(arg);
507
if(p != NULL){
508
p->disabled = false;
509
errno = 0;
510
}
459
511
}
460
512
break;
461
513
case 128: /* --plugin-dir */
514
free(plugindir);
462
515
plugindir = strdup(arg);
463
if(plugindir == NULL){
464
perror("strdup");
465
}
466
break;
467
case 129: /* --config-file */
516
if(plugindir != NULL){
517
errno = 0;
518
}
519
break;
520
case 129: /* --config-file */
521
/* This is already done by parse_opt_config_file() */
522
break;
523
case 130: /* --userid */
524
tmp_id = strtoimax(arg, &tmp, 10);
525
if(errno != 0 or tmp == arg or *tmp != '\0'
526
or tmp_id != (uid_t)tmp_id){
527
argp_error(state, "Bad user ID number: \"%s\", using %"
528
PRIdMAX, arg, (intmax_t)uid);
529
break;
530
}
531
uid = (uid_t)tmp_id;
532
errno = 0;
533
break;
534
case 131: /* --groupid */
535
tmp_id = strtoimax(arg, &tmp, 10);
536
if(errno != 0 or tmp == arg or *tmp != '\0'
537
or tmp_id != (gid_t)tmp_id){
538
argp_error(state, "Bad group ID number: \"%s\", using %"
539
PRIdMAX, arg, (intmax_t)gid);
540
break;
541
}
542
gid = (gid_t)tmp_id;
543
errno = 0;
544
break;
545
case 132: /* --debug */
546
debug = true;
547
break;
548
/*
549
* These reproduce what we would get without ARGP_NO_HELP
550
*/
551
case '?': /* --help */
552
state->flags &= ~(unsigned int)ARGP_NO_EXIT; /* force exit */
553
argp_state_help(state, state->out_stream, ARGP_HELP_STD_HELP);
554
case -3: /* --usage */
555
state->flags &= ~(unsigned int)ARGP_NO_EXIT; /* force exit */
556
argp_state_help(state, state->out_stream,
557
ARGP_HELP_USAGE | ARGP_HELP_EXIT_OK);
558
case 'V': /* --version */
559
fprintf(state->out_stream, "%s\n", argp_program_version);
560
exit(EXIT_SUCCESS);
561
break;
562
/*
563
* When adding more options before this line, remember to also add a
564
* "case" to the "parse_opt_config_file" function below.
565
*/
566
case ARGP_KEY_ARG:
567
/* Cryptsetup always passes an argument, which is an empty
568
string if "none" was specified in /etc/crypttab. So if
569
argument was empty, we ignore it silently. */
570
if(arg[0] == '\0'){
571
break;
572
}
573
default:
574
return ARGP_ERR_UNKNOWN;
575
}
576
return errno; /* Set to 0 at start */
577
}
578
579
/* This option parser is the same as parse_opt() above, except it
580
ignores everything but the --config-file option. */
581
error_t parse_opt_config_file(int key, char *arg,
582
__attribute__((unused))
583
struct argp_state *state){
584
errno = 0;
585
switch(key){
586
case 'g': /* --global-options */
587
case 'G': /* --global-env */
588
case 'o': /* --options-for */
589
case 'E': /* --env-for */
590
case 'd': /* --disable */
591
case 'e': /* --enable */
592
case 128: /* --plugin-dir */
593
break;
594
case 129: /* --config-file */
595
free(argfile);
468
596
argfile = strdup(arg);
469
if(argfile == NULL){
470
perror("strdup");
597
if(argfile != NULL){
598
errno = 0;
471
599
}
472
break;
600
break;
473
601
case 130: /* --userid */
474
uid = (uid_t)strtol(arg, NULL, 10);
475
break;
476
602
case 131: /* --groupid */
477
gid = (gid_t)strtol(arg, NULL, 10);
478
break;
479
603
case 132: /* --debug */
480
debug = true;
481
break;
604
case '?': /* --help */
605
case -3: /* --usage */
606
case 'V': /* --version */
482
607
case ARGP_KEY_ARG:
483
fprintf(stderr, "Ignoring unknown argument \"%s\"\n", arg);
484
break;
485
case ARGP_KEY_END:
486
608
break;
487
609
default:
488
610
return ARGP_ERR_UNKNOWN;
489
611
}
490
return 0;
612
return errno;
491
613
}
492
614
493
struct argp argp = { .options = options, .parser = parse_opt,
615
struct argp argp = { .options = options,
616
.parser = parse_opt_config_file,
494
617
.args_doc = "",
495
618
.doc = "Mandos plugin runner -- Run plugins" };
496
619
620
/* Parse using parse_opt_config_file() in order to get the custom
621
config file location, if any. */
622
ret = argp_parse(&argp, argc, argv,
623
ARGP_IN_ORDER | ARGP_NO_EXIT | ARGP_NO_HELP,
624
NULL, NULL);
625
switch(ret){
626
case 0:
627
break;
628
case ENOMEM:
629
default:
630
errno = ret;
631
error(0, errno, "argp_parse");
632
exitstatus = EX_OSERR;
633
goto fallback;
634
case EINVAL:
635
exitstatus = EX_USAGE;
636
goto fallback;
637
}
638
639
/* Reset to the normal argument parser */
640
argp.parser = parse_opt;
641
497
642
/* Open the configfile if available */
498
if (argfile == NULL){
643
if(argfile == NULL){
499
644
conffp = fopen(AFILE, "r");
500
645
} else {
501
646
conffp = fopen(argfile, "r");
502
}
647
}
503
648
if(conffp != NULL){
504
649
char *org_line = NULL;
505
650
char *p, *arg, *new_arg, *line;
506
651
size_t size = 0;
507
ssize_t sret;
508
652
const char whitespace_delims[] = " \r\t\f\v\n";
509
653
const char comment_delim[] = "#";
510
654
511
655
custom_argc = 1;
512
656
custom_argv = malloc(sizeof(char*) * 2);
513
657
if(custom_argv == NULL){
514
perror("malloc");
515
exitstatus = EXIT_FAILURE;
658
error(0, errno, "malloc");
659
exitstatus = EX_OSERR;
516
660
goto fallback;
517
661
}
518
662
custom_argv[0] = argv[0];
519
663
custom_argv[1] = NULL;
520
664
521
665
/* for each line in the config file, strip whitespace and ignore
522
666
commented text */
523
667
while(true){
525
669
if(sret == -1){
526
670
break;
527
671
}
528
672
529
673
line = org_line;
530
674
arg = strsep(&line, comment_delim);
531
675
while((p = strsep(&arg, whitespace_delims)) != NULL){
534
678
}
535
679
new_arg = strdup(p);
536
680
if(new_arg == NULL){
537
perror("strdup");
538
exitstatus = EXIT_FAILURE;
681
error(0, errno, "strdup");
682
exitstatus = EX_OSERR;
539
683
free(org_line);
540
684
goto fallback;
541
685
}
542
686
543
687
custom_argc += 1;
544
custom_argv = realloc(custom_argv, sizeof(char *)
545
* ((unsigned int) custom_argc + 1));
546
if(custom_argv == NULL){
547
perror("realloc");
548
exitstatus = EXIT_FAILURE;
549
free(org_line);
550
goto fallback;
688
{
689
char **new_argv = realloc(custom_argv, sizeof(char *)
690
* ((unsigned int)
691
custom_argc + 1));
692
if(new_argv == NULL){
693
error(0, errno, "realloc");
694
exitstatus = EX_OSERR;
695
free(new_arg);
696
free(org_line);
697
goto fallback;
698
} else {
699
custom_argv = new_argv;
700
}
551
701
}
552
702
custom_argv[custom_argc-1] = new_arg;
553
custom_argv[custom_argc] = NULL;
703
custom_argv[custom_argc] = NULL;
554
704
}
555
705
}
706
do {
707
ret = fclose(conffp);
708
} while(ret == EOF and errno == EINTR);
709
if(ret == EOF){
710
error(0, errno, "fclose");
711
exitstatus = EX_IOERR;
712
goto fallback;
713
}
556
714
free(org_line);
557
715
} else {
558
716
/* Check for harmful errors and go to fallback. Other errors might
559
717
not affect opening plugins */
560
if (errno == EMFILE or errno == ENFILE or errno == ENOMEM){
561
perror("fopen");
562
exitstatus = EXIT_FAILURE;
718
if(errno == EMFILE or errno == ENFILE or errno == ENOMEM){
719
error(0, errno, "fopen");
720
exitstatus = EX_OSERR;
563
721
goto fallback;
564
722
}
565
723
}
566
/* If there was any arguments from configuration file,
567
pass them to parser as command arguments */
724
/* If there were any arguments from the configuration file, pass
725
them to parser as command line arguments */
568
726
if(custom_argv != NULL){
569
ret = argp_parse (&argp, custom_argc, custom_argv, ARGP_IN_ORDER,
570
0, NULL);
571
if (ret == ARGP_ERR_UNKNOWN){
572
fprintf(stderr, "Unknown error while parsing arguments\n");
573
exitstatus = EXIT_FAILURE;
727
ret = argp_parse(&argp, custom_argc, custom_argv,
728
ARGP_IN_ORDER | ARGP_NO_EXIT | ARGP_NO_HELP,
729
NULL, NULL);
730
switch(ret){
731
case 0:
732
break;
733
case ENOMEM:
734
default:
735
errno = ret;
736
error(0, errno, "argp_parse");
737
exitstatus = EX_OSERR;
738
goto fallback;
739
case EINVAL:
740
exitstatus = EX_CONFIG;
574
741
goto fallback;
575
742
}
576
743
}
577
744
578
745
/* Parse actual command line arguments, to let them override the
579
746
config file */
580
ret = argp_parse (&argp, argc, argv, ARGP_IN_ORDER, 0, NULL);
581
if (ret == ARGP_ERR_UNKNOWN){
582
fprintf(stderr, "Unknown error while parsing arguments\n");
583
exitstatus = EXIT_FAILURE;
747
ret = argp_parse(&argp, argc, argv,
748
ARGP_IN_ORDER | ARGP_NO_EXIT | ARGP_NO_HELP,
749
NULL, NULL);
750
switch(ret){
751
case 0:
752
break;
753
case ENOMEM:
754
default:
755
errno = ret;
756
error(0, errno, "argp_parse");
757
exitstatus = EX_OSERR;
758
goto fallback;
759
case EINVAL:
760
exitstatus = EX_USAGE;
584
761
goto fallback;
585
762
}
586
763
591
768
for(char **a = p->argv; *a != NULL; a++){
592
769
fprintf(stderr, "\tArg: %s\n", *a);
593
770
}
594
fprintf(stderr, "...and %u environment variables\n", p->envc);
771
fprintf(stderr, "...and %d environment variables\n", p->envc);
595
772
for(char **a = p->environ; *a != NULL; a++){
596
773
fprintf(stderr, "\t%s\n", *a);
597
774
}
598
775
}
599
776
}
600
777
601
/* Strip permissions down to nobody */
778
if(getuid() == 0){
779
/* Work around Debian bug #633582:
780
<http://bugs.debian.org/633582> */
781
int plugindir_fd = open(/* plugindir or */ PDIR, O_RDONLY);
782
if(plugindir_fd == -1){
783
if(errno != ENOENT){
784
error(0, errno, "open(\"" PDIR "\")");
785
}
786
} else {
787
ret = (int)TEMP_FAILURE_RETRY(fstat(plugindir_fd, &st));
788
if(ret == -1){
789
error(0, errno, "fstat");
790
} else {
791
if(S_ISDIR(st.st_mode) and st.st_uid == 0 and st.st_gid == 0){
792
ret = fchown(plugindir_fd, uid, gid);
793
if(ret == -1){
794
error(0, errno, "fchown");
795
}
796
}
797
}
798
TEMP_FAILURE_RETRY(close(plugindir_fd));
799
}
800
}
801
802
/* Lower permissions */
803
ret = setgid(gid);
804
if(ret == -1){
805
error(0, errno, "setgid");
806
}
602
807
ret = setuid(uid);
603
if (ret == -1){
604
perror("setuid");
605
}
606
setgid(gid);
607
if (ret == -1){
608
perror("setgid");
609
}
610
611
if (plugindir == NULL){
612
dir = opendir(PDIR);
613
} else {
614
dir = opendir(plugindir);
615
}
616
617
if(dir == NULL){
618
perror("Could not open plugin dir");
619
exitstatus = EXIT_FAILURE;
620
goto fallback;
621
}
622
623
/* Set the FD_CLOEXEC flag on the directory, if possible */
808
if(ret == -1){
809
error(0, errno, "setuid");
810
}
811
812
/* Open plugin directory with close_on_exec flag */
624
813
{
625
int dir_fd = dirfd(dir);
626
if(dir_fd >= 0){
627
ret = set_cloexec_flag(dir_fd);
628
if(ret < 0){
629
perror("set_cloexec_flag");
630
exitstatus = EXIT_FAILURE;
631
goto fallback;
814
dir_fd = open(plugindir != NULL ? plugindir : PDIR, O_RDONLY |
815
#ifdef O_CLOEXEC
816
O_CLOEXEC
817
#else /* not O_CLOEXEC */
818
0
819
#endif /* not O_CLOEXEC */
820
);
821
if(dir_fd == -1){
822
error(0, errno, "Could not open plugin dir");
823
exitstatus = EX_UNAVAILABLE;
824
goto fallback;
825
}
826
827
#ifndef O_CLOEXEC
828
/* Set the FD_CLOEXEC flag on the directory */
829
ret = set_cloexec_flag(dir_fd);
830
if(ret < 0){
831
error(0, errno, "set_cloexec_flag");
832
exitstatus = EX_OSERR;
833
goto fallback;
834
}
835
#endif /* O_CLOEXEC */
836
}
837
838
int good_name(const struct dirent * const dirent){
839
const char * const patterns[] = { ".*", "#*#", "*~", "*.dpkg-new",
840
"*.dpkg-old", "*.dpkg-bak",
841
"*.dpkg-divert", NULL };
842
#ifdef __GNUC__
843
#pragma GCC diagnostic push
844
#pragma GCC diagnostic ignored "-Wcast-qual"
845
#endif
846
for(const char **pat = (const char **)patterns;
847
*pat != NULL; pat++){
848
#ifdef __GNUC__
849
#pragma GCC diagnostic pop
850
#endif
851
if(fnmatch(*pat, dirent->d_name, FNM_FILE_NAME | FNM_PERIOD)
852
!= FNM_NOMATCH){
853
if(debug){
854
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
855
" matching pattern %s\n", dirent->d_name, *pat);
856
}
857
return 0;
632
858
}
633
859
}
860
return 1;
861
}
862
863
#ifdef __GLIBC__
864
#if __GLIBC_PREREQ(2, 15)
865
int numplugins = scandirat(dir_fd, ".", &direntries, good_name,
866
alphasort);
867
#else /* not __GLIBC_PREREQ(2, 15) */
868
int numplugins = scandir(plugindir != NULL ? plugindir : PDIR,
869
&direntries, good_name, alphasort);
870
#endif /* not __GLIBC_PREREQ(2, 15) */
871
#else /* not __GLIBC__ */
872
int numplugins = scandir(plugindir != NULL ? plugindir : PDIR,
873
&direntries, good_name, alphasort);
874
#endif /* not __GLIBC__ */
875
if(numplugins == -1){
876
error(0, errno, "Could not scan plugin dir");
877
direntries = NULL;
878
exitstatus = EX_OSERR;
879
goto fallback;
634
880
}
635
881
636
882
FD_ZERO(&rfds_all);
637
883
638
884
/* Read and execute any executable in the plugin directory*/
639
while(true){
640
dirst = readdir(dir);
641
642
/* All directory entries have been processed */
643
if(dirst == NULL){
644
if (errno == EBADF){
645
perror("readdir");
646
exitstatus = EXIT_FAILURE;
647
goto fallback;
648
}
649
break;
650
}
651
652
d_name_len = strlen(dirst->d_name);
653
654
/* Ignore dotfiles, backup files and other junk */
655
{
656
bool bad_name = false;
657
658
const char const *bad_prefixes[] = { ".", "#", NULL };
659
660
const char const *bad_suffixes[] = { "~", "#", ".dpkg-new",
661
".dpkg-old",
662
".dpkg-divert", NULL };
663
for(const char **pre = bad_prefixes; *pre != NULL; pre++){
664
size_t pre_len = strlen(*pre);
665
if((d_name_len >= pre_len)
666
and strncmp((dirst->d_name), *pre, pre_len) == 0){
667
if(debug){
668
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
669
" with bad prefix %s\n", dirst->d_name, *pre);
670
}
671
bad_name = true;
672
break;
673
}
674
}
675
if(bad_name){
676
continue;
677
}
678
for(const char **suf = bad_suffixes; *suf != NULL; suf++){
679
size_t suf_len = strlen(*suf);
680
if((d_name_len >= suf_len)
681
and (strcmp((dirst->d_name)+d_name_len-suf_len, *suf)
682
== 0)){
683
if(debug){
684
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
685
" with bad suffix %s\n", dirst->d_name, *suf);
686
}
687
bad_name = true;
688
break;
689
}
690
}
691
692
if(bad_name){
693
continue;
694
}
695
}
696
697
char *filename;
698
ret = asprintf(&filename, "%s/%s", plugindir, dirst->d_name);
699
if(ret < 0){
700
perror("asprintf");
701
continue;
702
}
703
704
ret = stat(filename, &st);
705
if (ret == -1){
706
perror("stat");
707
free(filename);
708
continue;
709
}
710
885
for(int i = 0; i < numplugins; i++){
886
887
int plugin_fd = openat(dir_fd, direntries[i]->d_name, O_RDONLY);
888
if(plugin_fd == -1){
889
error(0, errno, "Could not open plugin");
890
free(direntries[i]);
891
continue;
892
}
893
ret = (int)TEMP_FAILURE_RETRY(fstat(plugin_fd, &st));
894
if(ret == -1){
895
error(0, errno, "stat");
896
TEMP_FAILURE_RETRY(close(plugin_fd));
897
free(direntries[i]);
898
continue;
899
}
900
711
901
/* Ignore non-executable files */
712
if (not S_ISREG(st.st_mode) or (access(filename, X_OK) != 0)){
902
if(not S_ISREG(st.st_mode)
903
or (TEMP_FAILURE_RETRY(faccessat(dir_fd, direntries[i]->d_name,
904
X_OK, 0)) != 0)){
713
905
if(debug){
714
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
715
" with bad type or mode\n", filename);
906
fprintf(stderr, "Ignoring plugin dir entry \"%s/%s\""
907
" with bad type or mode\n",
908
plugindir != NULL ? plugindir : PDIR,
909
direntries[i]->d_name);
716
910
}
717
free(filename);
911
TEMP_FAILURE_RETRY(close(plugin_fd));
912
free(direntries[i]);
718
913
continue;
719
914
}
720
915
721
plugin *p = getplugin(dirst->d_name);
916
plugin *p = getplugin(direntries[i]->d_name);
722
917
if(p == NULL){
723
perror("getplugin");
724
free(filename);
918
error(0, errno, "getplugin");
919
TEMP_FAILURE_RETRY(close(plugin_fd));
920
free(direntries[i]);
725
921
continue;
726
922
}
727
923
if(p->disabled){
728
924
if(debug){
729
925
fprintf(stderr, "Ignoring disabled plugin \"%s\"\n",
730
dirst->d_name);
926
direntries[i]->d_name);
731
927
}
732
free(filename);
928
TEMP_FAILURE_RETRY(close(plugin_fd));
929
free(direntries[i]);
733
930
continue;
734
931
}
735
932
{
738
935
if(g != NULL){
739
936
for(char **a = g->argv + 1; *a != NULL; a++){
740
937
if(not add_argument(p, *a)){
741
perror("add_argument");
938
error(0, errno, "add_argument");
742
939
}
743
940
}
744
941
/* Add global environment variables */
745
942
for(char **e = g->environ; *e != NULL; e++){
746
943
if(not add_environment(p, *e, false)){
747
perror("add_environment");
944
error(0, errno, "add_environment");
748
945
}
749
946
}
750
947
}
751
948
}
752
/* If this plugin has any environment variables, we will call
753
using execve and need to duplicate the environment from this
754
process, too. */
949
/* If this plugin has any environment variables, we need to
950
duplicate the environment from this process, too. */
755
951
if(p->environ[0] != NULL){
756
952
for(char **e = environ; *e != NULL; e++){
757
953
if(not add_environment(p, *e, false)){
758
perror("add_environment");
954
error(0, errno, "add_environment");
759
955
}
760
956
}
761
957
}
762
958
763
959
int pipefd[2];
764
ret = pipe(pipefd);
765
if (ret == -1){
766
perror("pipe");
767
exitstatus = EXIT_FAILURE;
768
goto fallback;
769
}
960
#ifndef O_CLOEXEC
961
ret = (int)TEMP_FAILURE_RETRY(pipe(pipefd));
962
#else /* O_CLOEXEC */
963
ret = (int)TEMP_FAILURE_RETRY(pipe2(pipefd, O_CLOEXEC));
964
#endif /* O_CLOEXEC */
965
if(ret == -1){
966
error(0, errno, "pipe");
967
exitstatus = EX_OSERR;
968
free(direntries[i]);
969
goto fallback;
970
}
971
if(pipefd[0] >= FD_SETSIZE){
972
fprintf(stderr, "pipe()[0] (%d) >= FD_SETSIZE (%d)", pipefd[0],
973
FD_SETSIZE);
974
TEMP_FAILURE_RETRY(close(pipefd[0]));
975
TEMP_FAILURE_RETRY(close(pipefd[1]));
976
exitstatus = EX_OSERR;
977
free(direntries[i]);
978
goto fallback;
979
}
980
#ifndef O_CLOEXEC
770
981
/* Ask OS to automatic close the pipe on exec */
771
982
ret = set_cloexec_flag(pipefd[0]);
772
983
if(ret < 0){
773
perror("set_cloexec_flag");
774
exitstatus = EXIT_FAILURE;
984
error(0, errno, "set_cloexec_flag");
985
TEMP_FAILURE_RETRY(close(pipefd[0]));
986
TEMP_FAILURE_RETRY(close(pipefd[1]));
987
exitstatus = EX_OSERR;
988
free(direntries[i]);
775
989
goto fallback;
776
990
}
777
991
ret = set_cloexec_flag(pipefd[1]);
778
992
if(ret < 0){
779
perror("set_cloexec_flag");
780
exitstatus = EXIT_FAILURE;
993
error(0, errno, "set_cloexec_flag");
994
TEMP_FAILURE_RETRY(close(pipefd[0]));
995
TEMP_FAILURE_RETRY(close(pipefd[1]));
996
exitstatus = EX_OSERR;
997
free(direntries[i]);
781
998
goto fallback;
782
999
}
1000
#endif /* not O_CLOEXEC */
783
1001
/* Block SIGCHLD until process is safely in process list */
784
ret = sigprocmask (SIG_BLOCK, &sigchld_action.sa_mask, NULL);
1002
ret = (int)TEMP_FAILURE_RETRY(sigprocmask(SIG_BLOCK,
1003
&sigchld_action.sa_mask,
1004
NULL));
785
1005
if(ret < 0){
786
perror("sigprocmask");
787
exitstatus = EXIT_FAILURE;
1006
error(0, errno, "sigprocmask");
1007
exitstatus = EX_OSERR;
1008
free(direntries[i]);
788
1009
goto fallback;
789
1010
}
790
1011
/* Starting a new process to be watched */
791
pid_t pid = fork();
1012
pid_t pid;
1013
do {
1014
pid = fork();
1015
} while(pid == -1 and errno == EINTR);
792
1016
if(pid == -1){
793
perror("fork");
794
exitstatus = EXIT_FAILURE;
1017
error(0, errno, "fork");
1018
TEMP_FAILURE_RETRY(sigprocmask(SIG_UNBLOCK,
1019
&sigchld_action.sa_mask, NULL));
1020
TEMP_FAILURE_RETRY(close(pipefd[0]));
1021
TEMP_FAILURE_RETRY(close(pipefd[1]));
1022
exitstatus = EX_OSERR;
1023
free(direntries[i]);
795
1024
goto fallback;
796
1025
}
797
1026
if(pid == 0){
798
1027
/* this is the child process */
799
1028
ret = sigaction(SIGCHLD, &old_sigchld_action, NULL);
800
1029
if(ret < 0){
801
perror("sigaction");
802
_exit(EXIT_FAILURE);
1030
error(0, errno, "sigaction");
1031
_exit(EX_OSERR);
803
1032
}
804
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
1033
ret = sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
805
1034
if(ret < 0){
806
perror("sigprocmask");
807
_exit(EXIT_FAILURE);
1035
error(0, errno, "sigprocmask");
1036
_exit(EX_OSERR);
808
1037
}
809
1038
810
1039
ret = dup2(pipefd[1], STDOUT_FILENO); /* replace our stdout */
811
1040
if(ret == -1){
812
perror("dup2");
813
_exit(EXIT_FAILURE);
1041
error(0, errno, "dup2");
1042
_exit(EX_OSERR);
814
1043
}
815
1044
816
if(dirfd(dir) < 0){
817
/* If dir has no file descriptor, we could not set FD_CLOEXEC
818
above and must now close it manually here. */
819
closedir(dir);
820
}
821
if(p->environ[0] == NULL){
822
if(execv(filename, p->argv) < 0){
823
perror("execv");
824
_exit(EXIT_FAILURE);
825
}
826
} else {
827
if(execve(filename, p->argv, p->environ) < 0){
828
perror("execve");
829
_exit(EXIT_FAILURE);
830
}
1045
if(fexecve(plugin_fd, p->argv,
1046
(p->environ[0] != NULL) ? p->environ : environ) < 0){
1047
error(0, errno, "fexecve for %s/%s",
1048
plugindir != NULL ? plugindir : PDIR,
1049
direntries[i]->d_name);
1050
_exit(EX_OSERR);
831
1051
}
832
1052
/* no return */
833
1053
}
834
1054
/* Parent process */
835
close(pipefd[1]); /* Close unused write end of pipe */
836
free(filename);
837
plugin *new_plugin = getplugin(dirst->d_name);
838
if (new_plugin == NULL){
839
perror("getplugin");
840
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
1055
TEMP_FAILURE_RETRY(close(pipefd[1])); /* Close unused write end of
1056
pipe */
1057
TEMP_FAILURE_RETRY(close(plugin_fd));
1058
plugin *new_plugin = getplugin(direntries[i]->d_name);
1059
if(new_plugin == NULL){
1060
error(0, errno, "getplugin");
1061
ret = (int)(TEMP_FAILURE_RETRY
1062
(sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask,
1063
NULL)));
841
1064
if(ret < 0){
842
perror("sigprocmask");
1065
error(0, errno, "sigprocmask");
843
1066
}
844
exitstatus = EXIT_FAILURE;
1067
exitstatus = EX_OSERR;
1068
free(direntries[i]);
845
1069
goto fallback;
846
1070
}
1071
free(direntries[i]);
847
1072
848
1073
new_plugin->pid = pid;
849
1074
new_plugin->fd = pipefd[0];
850
1075
851
1076
/* Unblock SIGCHLD so signal handler can be run if this process
852
1077
has already completed */
853
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
1078
ret = (int)TEMP_FAILURE_RETRY(sigprocmask(SIG_UNBLOCK,
1079
&sigchld_action.sa_mask,
1080
NULL));
854
1081
if(ret < 0){
855
perror("sigprocmask");
856
exitstatus = EXIT_FAILURE;
1082
error(0, errno, "sigprocmask");
1083
exitstatus = EX_OSERR;
857
1084
goto fallback;
858
1085
}
859
1086
860
FD_SET(new_plugin->fd, &rfds_all);
1087
#if defined (__GNUC__) and defined (__GLIBC__)
1088
#if not __GLIBC_PREREQ(2, 16)
1089
#pragma GCC diagnostic push
1090
#pragma GCC diagnostic ignored "-Wsign-conversion"
1091
#endif
1092
#endif
1093
FD_SET(new_plugin->fd, &rfds_all); /* Spurious warning from
1094
-Wconversion in GNU libc
1095
before 2.16 */
1096
#if defined (__GNUC__) and defined (__GLIBC__)
1097
#if not __GLIBC_PREREQ(2, 16)
1098
#pragma GCC diagnostic pop
1099
#endif
1100
#endif
861
1101
862
if (maxfd < new_plugin->fd){
1102
if(maxfd < new_plugin->fd){
863
1103
maxfd = new_plugin->fd;
864
1104
}
865
866
1105
}
867
1106
868
closedir(dir);
869
dir = NULL;
870
1107
free(direntries);
1108
direntries = NULL;
1109
TEMP_FAILURE_RETRY(close(dir_fd));
1110
dir_fd = -1;
1111
free_plugin(getplugin(NULL));
1112
871
1113
for(plugin *p = plugin_list; p != NULL; p = p->next){
872
1114
if(p->pid != 0){
873
1115
break;
878
1120
free_plugin_list();
879
1121
}
880
1122
}
881
1123
882
1124
/* Main loop while running plugins exist */
883
1125
while(plugin_list){
884
1126
fd_set rfds = rfds_all;
885
1127
int select_ret = select(maxfd+1, &rfds, NULL, NULL, NULL);
886
if (select_ret == -1){
887
perror("select");
888
exitstatus = EXIT_FAILURE;
1128
if(select_ret == -1 and errno != EINTR){
1129
error(0, errno, "select");
1130
exitstatus = EX_OSERR;
889
1131
goto fallback;
890
1132
}
891
1133
/* OK, now either a process completed, or something can be read
892
1134
from one of them */
893
for(plugin *proc = plugin_list; proc != NULL; proc = proc->next){
1135
for(plugin *proc = plugin_list; proc != NULL;){
894
1136
/* Is this process completely done? */
895
if(proc->eof and proc->completed){
1137
if(proc->completed and proc->eof){
896
1138
/* Only accept the plugin output if it exited cleanly */
897
1139
if(not WIFEXITED(proc->status)
898
1140
or WEXITSTATUS(proc->status) != 0){
899
1141
/* Bad exit by plugin */
900
1142
901
1143
if(debug){
902
1144
if(WIFEXITED(proc->status)){
903
fprintf(stderr, "Plugin %u exited with status %d\n",
904
(unsigned int) (proc->pid),
1145
fprintf(stderr, "Plugin %s [%" PRIdMAX "] exited with"
1146
" status %d\n", proc->name,
1147
(intmax_t) (proc->pid),
905
1148
WEXITSTATUS(proc->status));
906
} else if(WIFSIGNALED(proc->status)) {
907
fprintf(stderr, "Plugin %u killed by signal %d\n",
908
(unsigned int) (proc->pid),
909
WTERMSIG(proc->status));
1149
} else if(WIFSIGNALED(proc->status)){
1150
fprintf(stderr, "Plugin %s [%" PRIdMAX "] killed by"
1151
" signal %d: %s\n", proc->name,
1152
(intmax_t) (proc->pid),
1153
WTERMSIG(proc->status),
1154
strsignal(WTERMSIG(proc->status)));
910
1155
} else if(WCOREDUMP(proc->status)){
911
fprintf(stderr, "Plugin %d dumped core\n",
912
(unsigned int) (proc->pid));
1156
fprintf(stderr, "Plugin %s [%" PRIdMAX "] dumped"
1157
" core\n", proc->name, (intmax_t) (proc->pid));
913
1158
}
914
1159
}
915
1160
916
1161
/* Remove the plugin */
917
FD_CLR(proc->fd, &rfds_all);
918
1162
#if defined (__GNUC__) and defined (__GLIBC__)
1163
#if not __GLIBC_PREREQ(2, 16)
1164
#pragma GCC diagnostic push
1165
#pragma GCC diagnostic ignored "-Wsign-conversion"
1166
#endif
1167
#endif
1168
FD_CLR(proc->fd, &rfds_all); /* Spurious warning from
1169
-Wconversion in GNU libc
1170
before 2.16 */
1171
#if defined (__GNUC__) and defined (__GLIBC__)
1172
#if not __GLIBC_PREREQ(2, 16)
1173
#pragma GCC diagnostic pop
1174
#endif
1175
#endif
1176
919
1177
/* Block signal while modifying process_list */
920
ret = sigprocmask(SIG_BLOCK, &sigchld_action.sa_mask, NULL);
1178
ret = (int)TEMP_FAILURE_RETRY(sigprocmask
1179
(SIG_BLOCK,
1180
&sigchld_action.sa_mask,
1181
NULL));
921
1182
if(ret < 0){
922
perror("sigprocmask");
923
exitstatus = EXIT_FAILURE;
1183
error(0, errno, "sigprocmask");
1184
exitstatus = EX_OSERR;
924
1185
goto fallback;
925
1186
}
1187
1188
plugin *next_plugin = proc->next;
926
1189
free_plugin(proc);
1190
proc = next_plugin;
1191
927
1192
/* We are done modifying process list, so unblock signal */
928
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask,
929
NULL);
1193
ret = (int)(TEMP_FAILURE_RETRY
1194
(sigprocmask(SIG_UNBLOCK,
1195
&sigchld_action.sa_mask, NULL)));
930
1196
if(ret < 0){
931
perror("sigprocmask");
932
exitstatus = EXIT_FAILURE;
1197
error(0, errno, "sigprocmask");
1198
exitstatus = EX_OSERR;
933
1199
goto fallback;
934
1200
}
935
1201
936
1202
if(plugin_list == NULL){
937
1203
break;
938
1204
}
1205
939
1206
continue;
940
1207
}
941
1208
942
1209
/* This process exited nicely, so print its buffer */
943
1210
944
1211
bool bret = print_out_password(proc->buffer,
945
1212
proc->buffer_length);
946
1213
if(not bret){
947
perror("print_out_password");
948
exitstatus = EXIT_FAILURE;
1214
error(0, errno, "print_out_password");
1215
exitstatus = EX_IOERR;
949
1216
}
950
1217
goto fallback;
951
1218
}
952
1219
953
1220
/* This process has not completed. Does it have any output? */
954
if(proc->eof or not FD_ISSET(proc->fd, &rfds)){
1221
#if defined (__GNUC__) and defined (__GLIBC__)
1222
#if not __GLIBC_PREREQ(2, 16)
1223
#pragma GCC diagnostic push
1224
#pragma GCC diagnostic ignored "-Wsign-conversion"
1225
#endif
1226
#endif
1227
if(proc->eof or not FD_ISSET(proc->fd, &rfds)){ /* Spurious
1228
warning from
1229
-Wconversion
1230
in GNU libc
1231
before
1232
2.16 */
1233
#if defined (__GNUC__) and defined (__GLIBC__)
1234
#if not __GLIBC_PREREQ(2, 16)
1235
#pragma GCC diagnostic pop
1236
#endif
1237
#endif
955
1238
/* This process had nothing to say at this time */
1239
proc = proc->next;
956
1240
continue;
957
1241
}
958
1242
/* Before reading, make the process' data buffer large enough */
959
1243
if(proc->buffer_length + BUFFER_SIZE > proc->buffer_size){
960
proc->buffer = realloc(proc->buffer, proc->buffer_size
961
+ (size_t) BUFFER_SIZE);
962
if (proc->buffer == NULL){
963
perror("malloc");
964
exitstatus = EXIT_FAILURE;
1244
char *new_buffer = realloc(proc->buffer, proc->buffer_size
1245
+ (size_t) BUFFER_SIZE);
1246
if(new_buffer == NULL){
1247
error(0, errno, "malloc");
1248
exitstatus = EX_OSERR;
965
1249
goto fallback;
966
1250
}
1251
proc->buffer = new_buffer;
967
1252
proc->buffer_size += BUFFER_SIZE;
968
1253
}
969
1254
/* Read from the process */
970
ret = read(proc->fd, proc->buffer + proc->buffer_length,
971
BUFFER_SIZE);
972
if(ret < 0){
1255
sret = TEMP_FAILURE_RETRY(read(proc->fd,
1256
proc->buffer
1257
+ proc->buffer_length,
1258
BUFFER_SIZE));
1259
if(sret < 0){
973
1260
/* Read error from this process; ignore the error */
1261
proc = proc->next;
974
1262
continue;
975
1263
}
976
if(ret == 0){
1264
if(sret == 0){
977
1265
/* got EOF */
978
1266
proc->eof = true;
979
1267
} else {
980
proc->buffer_length += (size_t) ret;
1268
proc->buffer_length += (size_t) sret;
981
1269
}
982
1270
}
983
1271
}
984
985
1272
1273
986
1274
fallback:
987
1275
988
if(plugin_list == NULL or exitstatus != EXIT_SUCCESS){
1276
if(plugin_list == NULL or (exitstatus != EXIT_SUCCESS
1277
and exitstatus != EX_OK)){
989
1278
/* Fallback if all plugins failed, none are found or an error
990
1279
occured */
991
1280
bool bret;
992
1281
fprintf(stderr, "Going to fallback mode using getpass(3)\n");
993
1282
char *passwordbuffer = getpass("Password: ");
994
bret = print_out_password(passwordbuffer, strlen(passwordbuffer));
1283
size_t len = strlen(passwordbuffer);
1284
/* Strip trailing newline */
1285
if(len > 0 and passwordbuffer[len-1] == '\n'){
1286
passwordbuffer[len-1] = '\0'; /* not strictly necessary */
1287
len--;
1288
}
1289
bret = print_out_password(passwordbuffer, len);
995
1290
if(not bret){
996
perror("print_out_password");
997
exitstatus = EXIT_FAILURE;
1291
error(0, errno, "print_out_password");
1292
exitstatus = EX_IOERR;
998
1293
}
999
1294
}
1000
1295
1001
1296
/* Restore old signal handler */
1002
1297
ret = sigaction(SIGCHLD, &old_sigchld_action, NULL);
1003
1298
if(ret == -1){
1004
perror("sigaction");
1005
exitstatus = EXIT_FAILURE;
1299
error(0, errno, "sigaction");
1300
exitstatus = EX_OSERR;
1006
1301
}
1007
1302
1008
1303
if(custom_argv != NULL){
1009
1304
for(char **arg = custom_argv+1; *arg != NULL; arg++){
1010
1305
free(*arg);
1012
1307
free(custom_argv);
1013
1308
}
1014
1309
1015
if(dir != NULL){
1016
closedir(dir);
1310
free(direntries);
1311
1312
if(dir_fd != -1){
1313
TEMP_FAILURE_RETRY(close(dir_fd));
1017
1314
}
1018
1315
1019
/* Free the process list and kill the processes */
1316
/* Kill the processes */
1020
1317
for(plugin *p = plugin_list; p != NULL; p = p->next){
1021
1318
if(p->pid != 0){
1022
1319
close(p->fd);
1023
1320
ret = kill(p->pid, SIGTERM);
1024
1321
if(ret == -1 and errno != ESRCH){
1025
1322
/* Set-uid proccesses might not get closed */
1026
perror("kill");
1323
error(0, errno, "kill");
1027
1324
}
1028
1325
}
1029
1326
}
1030
1327
1031
1328
/* Wait for any remaining child processes to terminate */
1032
do{
1329
do {
1033
1330
ret = wait(NULL);
1034
1331
} while(ret >= 0);
1035
1332
if(errno != ECHILD){
1036
perror("wait");
1333
error(0, errno, "wait");
1037
1334
}
1038
1335
1039
1336
free_plugin_list();
1040
1337
1041
1338
free(plugindir);
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0