To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugin-runner.c
- browse files at revision 237.24.1
- compare with another revision
- download diff
- download tarball
- view history from revision 237.24.1
- Committer: Teddy Hogeborn
- Date: 2015-05-23 20:18:34 UTC
- mto: (237.7.304 trunk)
- mto: This revision was merged to the branch mainline in revision 325.
- Revision ID: teddy@recompile.se-20150523201834-e89ex4ito93yni8x
mandos: Use multiprocessing module to run checkers.
For a long time, the Mandos server has occasionally logged the message
"ERROR: Child process vanished". This was never a fatal error, but it
has been annoying and slightly worrying, since a definite cause was
not found. One potential cause could be the "multiprocessing" and
"subprocess" modules conflicting w.r.t. SIGCHLD. To avoid this,
change the running of checkers from using subprocess.Popen
asynchronously to instead first create a multiprocessing.Process()
(which is asynchronous) calling a function, and have that function
then call subprocess.call() (which is synchronous). In this way, the
only thing using any asynchronous subprocesses is the multiprocessing
module.
This makes it necessary to change one small thing in the D-Bus API,
since the subprocesses.call() function does not expose the raw wait(2)
status value.
DBUS-API (CheckerCompleted): Change the second value provided by this
D-Bus signal from the raw wait(2) status
to the actual terminating signal number.
mandos (subprocess_call_pipe): New function to be called by
multiprocessing.Process (starting a
separate process).
(Client.last_checker signal): New attribute for signal which
terminated last checker. Like
last_checker_status, only not accessible
via D-Bus.
(Client.checker_callback): Take new "connection" argument and use it
to get returncode; set last_checker_signal.
Return False so gobject does not call this
callback again.
(Client.start_checker): Start checker using a multiprocessing.Process
instead of a subprocess.Popen.
(ClientDBus.checker_callback): Take new "connection" argument. Call
Client.checker_callback early to have
it set last_checker_status and
last_checker_signal; use those. Change
second value provided to D-Bus signal
CheckerCompleted to use
last_checker_signal if checker was
terminated by signal.
mandos-monitor: Update to reflect DBus API change.
(MandosClientWidget.checker_completed): Take "signal" instead of
"condition" argument. Use it
accordingly. Remove dead code
(os.WCOREDUMP case).
For a long time, the Mandos server has occasionally logged the message
"ERROR: Child process vanished". This was never a fatal error, but it
has been annoying and slightly worrying, since a definite cause was
not found. One potential cause could be the "multiprocessing" and
"subprocess" modules conflicting w.r.t. SIGCHLD. To avoid this,
change the running of checkers from using subprocess.Popen
asynchronously to instead first create a multiprocessing.Process()
(which is asynchronous) calling a function, and have that function
then call subprocess.call() (which is synchronous). In this way, the
only thing using any asynchronous subprocesses is the multiprocessing
module.
This makes it necessary to change one small thing in the D-Bus API,
since the subprocesses.call() function does not expose the raw wait(2)
status value.
DBUS-API (CheckerCompleted): Change the second value provided by this
D-Bus signal from the raw wait(2) status
to the actual terminating signal number.
mandos (subprocess_call_pipe): New function to be called by
multiprocessing.Process (starting a
separate process).
(Client.last_checker signal): New attribute for signal which
terminated last checker. Like
last_checker_status, only not accessible
via D-Bus.
(Client.checker_callback): Take new "connection" argument and use it
to get returncode; set last_checker_signal.
Return False so gobject does not call this
callback again.
(Client.start_checker): Start checker using a multiprocessing.Process
instead of a subprocess.Popen.
(ClientDBus.checker_callback): Take new "connection" argument. Call
Client.checker_callback early to have
it set last_checker_status and
last_checker_signal; use those. Change
second value provided to D-Bus signal
CheckerCompleted to use
last_checker_signal if checker was
terminated by signal.
mandos-monitor: Update to reflect DBus API change.
(MandosClientWidget.checker_completed): Take "signal" instead of
"condition" argument. Use it
accordingly. Remove dead code
(os.WCOREDUMP case).
- files added:
- DBUS-API
- debian/source
- debian/upstream
- network-hooks.d
- files removed:
- debian/mandos-client.config
- files modified:
- .bzrignore
added
removed
plugin-runner.c
1
/* -*- coding: utf-8 -*- */
1
/* -*- coding: utf-8; mode: c; mode: orgtbl -*- */
2
2
/*
3
3
* Mandos plugin runner - Run Mandos plugins
4
4
*
5
* Copyright © 2008 Teddy Hogeborn & Björn Påhlsson
5
* Copyright © 2008-2014 Teddy Hogeborn
6
* Copyright © 2008-2014 Björn Påhlsson
6
7
*
7
8
* This program is free software: you can redistribute it and/or
8
9
* modify it under the terms of the GNU General Public License as
18
19
* along with this program. If not, see
19
20
* <http://www.gnu.org/licenses/>.
20
21
*
21
* Contact the authors at <mandos@fukt.bsnet.se>.
22
* Contact the authors at <mandos@recompile.se>.
22
23
*/
23
24
24
25
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), getline(),
25
asprintf() */
26
O_CLOEXEC, pipe2() */
26
27
#include <stddef.h> /* size_t, NULL */
27
#include <stdlib.h> /* malloc(), exit(), EXIT_FAILURE,
28
EXIT_SUCCESS, realloc() */
28
#include <stdlib.h> /* malloc(), exit(), EXIT_SUCCESS,
29
realloc() */
29
30
#include <stdbool.h> /* bool, true, false */
30
#include <stdio.h> /* perror, fileno(), fprintf(),
31
stderr, STDOUT_FILENO */
32
#include <sys/types.h> /* DIR, opendir(), stat(), struct
33
stat, waitpid(), WIFEXITED(),
34
WEXITSTATUS(), wait(), pid_t,
35
uid_t, gid_t, getuid(), getgid(),
36
dirfd() */
31
#include <stdio.h> /* fileno(), fprintf(),
32
stderr, STDOUT_FILENO, fclose() */
33
#include <sys/types.h> /* fstat(), struct stat, waitpid(),
34
WIFEXITED(), WEXITSTATUS(), wait(),
35
pid_t, uid_t, gid_t, getuid(),
36
getgid() */
37
37
#include <sys/select.h> /* fd_set, select(), FD_ZERO(),
38
38
FD_SET(), FD_ISSET(), FD_CLR */
39
39
#include <sys/wait.h> /* wait(), waitpid(), WIFEXITED(),
40
WEXITSTATUS() */
41
#include <sys/stat.h> /* struct stat, stat(), S_ISREG() */
40
WEXITSTATUS(), WTERMSIG(),
41
WCOREDUMP() */
42
#include <sys/stat.h> /* struct stat, fstat(), S_ISREG() */
42
43
#include <iso646.h> /* and, or, not */
43
#include <dirent.h> /* DIR, struct dirent, opendir(),
44
readdir(), closedir(), dirfd() */
45
#include <unistd.h> /* struct stat, stat(), S_ISREG(),
46
fcntl(), setuid(), setgid(),
47
F_GETFD, F_SETFD, FD_CLOEXEC,
48
access(), pipe(), fork(), close()
49
dup2(), STDOUT_FILENO, _exit(),
50
execv(), write(), read(),
51
close() */
44
#include <dirent.h> /* struct dirent, scandirat() */
45
#include <unistd.h> /* fcntl(), F_GETFD, F_SETFD,
46
FD_CLOEXEC, write(), STDOUT_FILENO,
47
struct stat, fstat(), close(),
48
setgid(), setuid(), S_ISREG(),
49
faccessat() pipe2(), fork(),
50
_exit(), dup2(), fexecve(), read()
51
*/
52
52
#include <fcntl.h> /* fcntl(), F_GETFD, F_SETFD,
53
FD_CLOEXEC */
54
#include <string.h> /* strsep, strlen(), asprintf() */
53
FD_CLOEXEC, openat(), scandirat(),
54
pipe2() */
55
#include <string.h> /* strsep, strlen(), strsignal(),
56
strcmp(), strncmp() */
55
57
#include <errno.h> /* errno */
56
58
#include <argp.h> /* struct argp_option, struct
57
59
argp_state, struct argp,
61
63
#include <signal.h> /* struct sigaction, sigemptyset(),
62
64
sigaddset(), sigaction(),
63
65
sigprocmask(), SIG_BLOCK, SIGCHLD,
64
SIG_UNBLOCK, kill() */
66
SIG_UNBLOCK, kill(), sig_atomic_t
67
*/
65
68
#include <errno.h> /* errno, EBADF */
69
#include <inttypes.h> /* intmax_t, PRIdMAX, strtoimax() */
70
#include <sysexits.h> /* EX_OSERR, EX_USAGE, EX_IOERR,
71
EX_CONFIG, EX_UNAVAILABLE, EX_OK */
72
#include <errno.h> /* errno */
73
#include <error.h> /* error() */
74
#include <fnmatch.h> /* fnmatch() */
66
75
67
76
#define BUFFER_SIZE 256
68
77
70
79
#define AFILE "/conf/conf.d/mandos/plugin-runner.conf"
71
80
72
81
const char *argp_program_version = "plugin-runner " VERSION;
73
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
82
const char *argp_program_bug_address = "<mandos@recompile.se>";
74
83
75
84
typedef struct plugin{
76
85
char *name; /* can be NULL or any plugin name */
79
88
char **environ;
80
89
int envc;
81
90
bool disabled;
82
91
83
92
/* Variables used for running processes*/
84
93
pid_t pid;
85
94
int fd;
87
96
size_t buffer_size;
88
97
size_t buffer_length;
89
98
bool eof;
90
volatile bool completed;
91
volatile int status;
99
volatile sig_atomic_t completed;
100
int status;
92
101
struct plugin *next;
93
102
} plugin;
94
103
96
105
97
106
/* Gets an existing plugin based on name,
98
107
or if none is found, creates a new one */
108
__attribute__((warn_unused_result))
99
109
static plugin *getplugin(char *name){
100
/* Check for exiting plugin with that name */
101
for (plugin *p = plugin_list; p != NULL; p = p->next){
102
if ((p->name == name)
103
or (p->name and name and (strcmp(p->name, name) == 0))){
110
/* Check for existing plugin with that name */
111
for(plugin *p = plugin_list; p != NULL; p = p->next){
112
if((p->name == name)
113
or (p->name and name and (strcmp(p->name, name) == 0))){
104
114
return p;
105
115
}
106
116
}
107
117
/* Create a new plugin */
108
plugin *new_plugin = malloc(sizeof(plugin));
109
if (new_plugin == NULL){
118
plugin *new_plugin = NULL;
119
do {
120
new_plugin = malloc(sizeof(plugin));
121
} while(new_plugin == NULL and errno == EINTR);
122
if(new_plugin == NULL){
110
123
return NULL;
111
124
}
112
125
char *copy_name = NULL;
113
126
if(name != NULL){
114
copy_name = strdup(name);
127
do {
128
copy_name = strdup(name);
129
} while(copy_name == NULL and errno == EINTR);
115
130
if(copy_name == NULL){
131
int e = errno;
132
free(new_plugin);
133
errno = e;
116
134
return NULL;
117
135
}
118
136
}
119
137
120
*new_plugin = (plugin) { .name = copy_name,
121
.argc = 1,
122
.disabled = false,
123
.next = plugin_list };
138
*new_plugin = (plugin){ .name = copy_name,
139
.argc = 1,
140
.disabled = false,
141
.next = plugin_list };
124
142
125
new_plugin->argv = malloc(sizeof(char *) * 2);
126
if (new_plugin->argv == NULL){
143
do {
144
new_plugin->argv = malloc(sizeof(char *) * 2);
145
} while(new_plugin->argv == NULL and errno == EINTR);
146
if(new_plugin->argv == NULL){
147
int e = errno;
127
148
free(copy_name);
128
149
free(new_plugin);
150
errno = e;
129
151
return NULL;
130
152
}
131
153
new_plugin->argv[0] = copy_name;
132
154
new_plugin->argv[1] = NULL;
133
155
134
new_plugin->environ = malloc(sizeof(char *));
156
do {
157
new_plugin->environ = malloc(sizeof(char *));
158
} while(new_plugin->environ == NULL and errno == EINTR);
135
159
if(new_plugin->environ == NULL){
160
int e = errno;
136
161
free(copy_name);
137
162
free(new_plugin->argv);
138
163
free(new_plugin);
164
errno = e;
139
165
return NULL;
140
166
}
141
167
new_plugin->environ[0] = NULL;
146
172
}
147
173
148
174
/* Helper function for add_argument and add_environment */
175
__attribute__((nonnull, warn_unused_result))
149
176
static bool add_to_char_array(const char *new, char ***array,
150
177
int *len){
151
178
/* Resize the pointed-to array to hold one more pointer */
152
*array = realloc(*array, sizeof(char *)
153
* (size_t) ((*len) + 2));
179
char **new_array = NULL;
180
do {
181
new_array = realloc(*array, sizeof(char *)
182
* (size_t) ((*len) + 2));
183
} while(new_array == NULL and errno == EINTR);
154
184
/* Malloc check */
155
if(*array == NULL){
185
if(new_array == NULL){
156
186
return false;
157
187
}
188
*array = new_array;
158
189
/* Make a copy of the new string */
159
char *copy = strdup(new);
190
char *copy;
191
do {
192
copy = strdup(new);
193
} while(copy == NULL and errno == EINTR);
160
194
if(copy == NULL){
161
195
return false;
162
196
}
169
203
}
170
204
171
205
/* Add to a plugin's argument vector */
206
__attribute__((nonnull(2), warn_unused_result))
172
207
static bool add_argument(plugin *p, const char *arg){
173
208
if(p == NULL){
174
209
return false;
177
212
}
178
213
179
214
/* Add to a plugin's environment */
215
__attribute__((nonnull(2), warn_unused_result))
180
216
static bool add_environment(plugin *p, const char *def, bool replace){
181
217
if(p == NULL){
182
218
return false;
184
220
/* namelen = length of name of environment variable */
185
221
size_t namelen = (size_t)(strchrnul(def, '=') - def);
186
222
/* Search for this environment variable */
187
for(char **e = p->environ; *e != NULL; e++){
188
if(strncmp(*e, def, namelen + 1) == 0){
223
for(char **envdef = p->environ; *envdef != NULL; envdef++){
224
if(strncmp(*envdef, def, namelen + 1) == 0){
189
225
/* It already exists */
190
226
if(replace){
191
char *new = realloc(*e, strlen(def) + 1);
192
if(new == NULL){
227
char *new_envdef;
228
do {
229
new_envdef = realloc(*envdef, strlen(def) + 1);
230
} while(new_envdef == NULL and errno == EINTR);
231
if(new_envdef == NULL){
193
232
return false;
194
233
}
195
*e = new;
196
strcpy(*e, def);
234
*envdef = new_envdef;
235
strcpy(*envdef, def);
197
236
}
198
237
return true;
199
238
}
201
240
return add_to_char_array(def, &(p->environ), &(p->envc));
202
241
}
203
242
243
#ifndef O_CLOEXEC
204
244
/*
205
245
* Based on the example in the GNU LibC manual chapter 13.13 "File
206
246
* Descriptor Flags".
207
* *Note File Descriptor Flags:(libc)Descriptor Flags.
247
| [[info:libc:Descriptor%20Flags][File Descriptor Flags]] |
208
248
*/
249
__attribute__((warn_unused_result))
209
250
static int set_cloexec_flag(int fd){
210
int ret = fcntl(fd, F_GETFD, 0);
251
int ret = (int)TEMP_FAILURE_RETRY(fcntl(fd, F_GETFD, 0));
211
252
/* If reading the flags failed, return error indication now. */
212
253
if(ret < 0){
213
254
return ret;
214
255
}
215
256
/* Store modified flag word in the descriptor. */
216
return fcntl(fd, F_SETFD, ret | FD_CLOEXEC);
257
return (int)TEMP_FAILURE_RETRY(fcntl(fd, F_SETFD,
258
ret | FD_CLOEXEC));
217
259
}
260
#endif /* not O_CLOEXEC */
218
261
219
262
220
263
/* Mark processes as completed when they exit, and save their exit
221
264
status. */
222
265
static void handle_sigchld(__attribute__((unused)) int sig){
266
int old_errno = errno;
223
267
while(true){
224
268
plugin *proc = plugin_list;
225
269
int status;
229
273
break;
230
274
}
231
275
if(pid == -1){
232
if (errno != ECHILD){
233
perror("waitpid");
276
if(errno == ECHILD){
277
/* No child processes */
278
break;
234
279
}
235
/* No child processes */
236
break;
280
error(0, errno, "waitpid");
237
281
}
238
282
239
283
/* A child exited, find it in process_list */
245
289
continue;
246
290
}
247
291
proc->status = status;
248
proc->completed = true;
292
proc->completed = 1;
249
293
}
294
errno = old_errno;
250
295
}
251
296
252
297
/* Prints out a password to stdout */
298
__attribute__((nonnull, warn_unused_result))
253
299
static bool print_out_password(const char *buffer, size_t length){
254
300
ssize_t ret;
255
301
for(size_t written = 0; written < length; written += (size_t)ret){
263
309
}
264
310
265
311
/* Removes and free a plugin from the plugin list */
312
__attribute__((nonnull))
266
313
static void free_plugin(plugin *plugin_node){
267
314
268
315
for(char **arg = plugin_node->argv; *arg != NULL; arg++){
274
321
}
275
322
free(plugin_node->environ);
276
323
free(plugin_node->buffer);
277
324
278
325
/* Removes the plugin from the singly-linked list */
279
326
if(plugin_node == plugin_list){
280
327
/* First one - simple */
302
349
char *plugindir = NULL;
303
350
char *argfile = NULL;
304
351
FILE *conffp;
305
size_t d_name_len;
306
DIR *dir = NULL;
307
struct dirent *dirst;
352
struct dirent **direntries = NULL;
308
353
struct stat st;
309
354
fd_set rfds_all;
310
355
int ret, maxfd = 0;
356
ssize_t sret;
311
357
uid_t uid = 65534;
312
358
gid_t gid = 65534;
313
359
bool debug = false;
317
363
.sa_flags = SA_NOCLDSTOP };
318
364
char **custom_argv = NULL;
319
365
int custom_argc = 0;
366
int dir_fd = -1;
320
367
321
368
/* Establish a signal handler */
322
369
sigemptyset(&sigchld_action.sa_mask);
323
370
ret = sigaddset(&sigchld_action.sa_mask, SIGCHLD);
324
371
if(ret == -1){
325
perror("sigaddset");
326
exitstatus = EXIT_FAILURE;
372
error(0, errno, "sigaddset");
373
exitstatus = EX_OSERR;
327
374
goto fallback;
328
375
}
329
376
ret = sigaction(SIGCHLD, &sigchld_action, &old_sigchld_action);
330
377
if(ret == -1){
331
perror("sigaction");
332
exitstatus = EXIT_FAILURE;
378
error(0, errno, "sigaction");
379
exitstatus = EX_OSERR;
333
380
goto fallback;
334
381
}
335
382
367
414
.doc = "Group ID the plugins will run as", .group = 3 },
368
415
{ .name = "debug", .key = 132,
369
416
.doc = "Debug mode", .group = 4 },
417
/*
418
* These reproduce what we would get without ARGP_NO_HELP
419
*/
420
{ .name = "help", .key = '?',
421
.doc = "Give this help list", .group = -1 },
422
{ .name = "usage", .key = -3,
423
.doc = "Give a short usage message", .group = -1 },
424
{ .name = "version", .key = 'V',
425
.doc = "Print program version", .group = -1 },
370
426
{ .name = NULL }
371
427
};
372
428
373
error_t parse_opt (int key, char *arg, __attribute__((unused))
374
struct argp_state *state) {
375
switch (key) {
429
__attribute__((nonnull(3)))
430
error_t parse_opt(int key, char *arg, struct argp_state *state){
431
errno = 0;
432
switch(key){
433
char *tmp;
434
intmax_t tmp_id;
376
435
case 'g': /* --global-options */
377
if (arg != NULL){
378
char *p;
379
while((p = strsep(&arg, ",")) != NULL){
380
if(p[0] == '\0'){
381
continue;
382
}
383
if(not add_argument(getplugin(NULL), p)){
384
perror("add_argument");
385
return ARGP_ERR_UNKNOWN;
436
{
437
char *plugin_option;
438
while((plugin_option = strsep(&arg, ",")) != NULL){
439
if(not add_argument(getplugin(NULL), plugin_option)){
440
break;
386
441
}
387
442
}
443
errno = 0;
388
444
}
389
445
break;
390
446
case 'G': /* --global-env */
391
if(arg == NULL){
392
break;
393
}
394
if(not add_environment(getplugin(NULL), arg, true)){
395
perror("add_environment");
447
if(add_environment(getplugin(NULL), arg, true)){
448
errno = 0;
396
449
}
397
450
break;
398
451
case 'o': /* --options-for */
399
if (arg != NULL){
400
char *p_name = strsep(&arg, ":");
401
if(p_name[0] == '\0' or arg == NULL){
402
break;
403
}
404
char *opt = strsep(&arg, ":");
405
if(opt[0] == '\0' or opt == NULL){
406
break;
407
}
408
char *p;
409
while((p = strsep(&opt, ",")) != NULL){
410
if(p[0] == '\0'){
411
continue;
412
}
413
if(not add_argument(getplugin(p_name), p)){
414
perror("add_argument");
415
return ARGP_ERR_UNKNOWN;
416
}
417
}
452
{
453
char *option_list = strchr(arg, ':');
454
if(option_list == NULL){
455
argp_error(state, "No colon in \"%s\"", arg);
456
errno = EINVAL;
457
break;
458
}
459
*option_list = '\0';
460
option_list++;
461
if(arg[0] == '\0'){
462
argp_error(state, "Empty plugin name");
463
errno = EINVAL;
464
break;
465
}
466
char *option;
467
while((option = strsep(&option_list, ",")) != NULL){
468
if(not add_argument(getplugin(arg), option)){
469
break;
470
}
471
}
472
errno = 0;
418
473
}
419
474
break;
420
475
case 'E': /* --env-for */
421
if(arg == NULL){
422
break;
423
}
424
476
{
425
477
char *envdef = strchr(arg, ':');
426
478
if(envdef == NULL){
479
argp_error(state, "No colon in \"%s\"", arg);
480
errno = EINVAL;
427
481
break;
428
482
}
429
483
*envdef = '\0';
430
if(not add_environment(getplugin(arg), envdef+1, true)){
431
perror("add_environment");
484
envdef++;
485
if(arg[0] == '\0'){
486
argp_error(state, "Empty plugin name");
487
errno = EINVAL;
488
break;
489
}
490
if(add_environment(getplugin(arg), envdef, true)){
491
errno = 0;
432
492
}
433
493
}
434
494
break;
435
495
case 'd': /* --disable */
436
if (arg != NULL){
496
{
437
497
plugin *p = getplugin(arg);
438
if(p == NULL){
439
return ARGP_ERR_UNKNOWN;
498
if(p != NULL){
499
p->disabled = true;
500
errno = 0;
440
501
}
441
p->disabled = true;
442
502
}
443
503
break;
444
504
case 'e': /* --enable */
445
if (arg != NULL){
505
{
446
506
plugin *p = getplugin(arg);
447
if(p == NULL){
448
return ARGP_ERR_UNKNOWN;
507
if(p != NULL){
508
p->disabled = false;
509
errno = 0;
449
510
}
450
p->disabled = false;
451
511
}
452
512
break;
453
513
case 128: /* --plugin-dir */
454
514
free(plugindir);
455
515
plugindir = strdup(arg);
456
if(plugindir == NULL){
457
perror("strdup");
458
}
516
if(plugindir != NULL){
517
errno = 0;
518
}
459
519
break;
460
520
case 129: /* --config-file */
461
521
/* This is already done by parse_opt_config_file() */
462
522
break;
463
523
case 130: /* --userid */
464
uid = (uid_t)strtol(arg, NULL, 10);
524
tmp_id = strtoimax(arg, &tmp, 10);
525
if(errno != 0 or tmp == arg or *tmp != '\0'
526
or tmp_id != (uid_t)tmp_id){
527
argp_error(state, "Bad user ID number: \"%s\", using %"
528
PRIdMAX, arg, (intmax_t)uid);
529
break;
530
}
531
uid = (uid_t)tmp_id;
532
errno = 0;
465
533
break;
466
534
case 131: /* --groupid */
467
gid = (gid_t)strtol(arg, NULL, 10);
535
tmp_id = strtoimax(arg, &tmp, 10);
536
if(errno != 0 or tmp == arg or *tmp != '\0'
537
or tmp_id != (gid_t)tmp_id){
538
argp_error(state, "Bad group ID number: \"%s\", using %"
539
PRIdMAX, arg, (intmax_t)gid);
540
break;
541
}
542
gid = (gid_t)tmp_id;
543
errno = 0;
468
544
break;
469
545
case 132: /* --debug */
470
546
debug = true;
471
547
break;
548
/*
549
* These reproduce what we would get without ARGP_NO_HELP
550
*/
551
case '?': /* --help */
552
state->flags &= ~(unsigned int)ARGP_NO_EXIT; /* force exit */
553
argp_state_help(state, state->out_stream, ARGP_HELP_STD_HELP);
554
case -3: /* --usage */
555
state->flags &= ~(unsigned int)ARGP_NO_EXIT; /* force exit */
556
argp_state_help(state, state->out_stream,
557
ARGP_HELP_USAGE | ARGP_HELP_EXIT_OK);
558
case 'V': /* --version */
559
fprintf(state->out_stream, "%s\n", argp_program_version);
560
exit(EXIT_SUCCESS);
561
break;
562
/*
563
* When adding more options before this line, remember to also add a
564
* "case" to the "parse_opt_config_file" function below.
565
*/
472
566
case ARGP_KEY_ARG:
473
567
/* Cryptsetup always passes an argument, which is an empty
474
568
string if "none" was specified in /etc/crypttab. So if
475
569
argument was empty, we ignore it silently. */
476
if(arg[0] != '\0'){
477
fprintf(stderr, "Ignoring unknown argument \"%s\"\n", arg);
570
if(arg[0] == '\0'){
571
break;
478
572
}
479
break;
480
case ARGP_KEY_END:
481
break;
482
573
default:
483
574
return ARGP_ERR_UNKNOWN;
484
575
}
485
return 0;
576
return errno; /* Set to 0 at start */
486
577
}
487
578
488
579
/* This option parser is the same as parse_opt() above, except it
489
580
ignores everything but the --config-file option. */
490
error_t parse_opt_config_file (int key, char *arg,
491
__attribute__((unused))
492
struct argp_state *state) {
493
switch (key) {
581
error_t parse_opt_config_file(int key, char *arg,
582
__attribute__((unused))
583
struct argp_state *state){
584
errno = 0;
585
switch(key){
494
586
case 'g': /* --global-options */
495
587
case 'G': /* --global-env */
496
588
case 'o': /* --options-for */
502
594
case 129: /* --config-file */
503
595
free(argfile);
504
596
argfile = strdup(arg);
505
if(argfile == NULL){
506
perror("strdup");
597
if(argfile != NULL){
598
errno = 0;
507
599
}
508
break;
600
break;
509
601
case 130: /* --userid */
510
602
case 131: /* --groupid */
511
603
case 132: /* --debug */
604
case '?': /* --help */
605
case -3: /* --usage */
606
case 'V': /* --version */
512
607
case ARGP_KEY_ARG:
513
case ARGP_KEY_END:
514
608
break;
515
609
default:
516
610
return ARGP_ERR_UNKNOWN;
517
611
}
518
return 0;
612
return errno;
519
613
}
520
614
521
615
struct argp argp = { .options = options,
523
617
.args_doc = "",
524
618
.doc = "Mandos plugin runner -- Run plugins" };
525
619
526
/* Parse using the parse_opt_config_file in order to get the custom
620
/* Parse using parse_opt_config_file() in order to get the custom
527
621
config file location, if any. */
528
ret = argp_parse (&argp, argc, argv, ARGP_IN_ORDER, 0, NULL);
529
if (ret == ARGP_ERR_UNKNOWN){
530
fprintf(stderr, "Unknown error while parsing arguments\n");
531
exitstatus = EXIT_FAILURE;
622
ret = argp_parse(&argp, argc, argv,
623
ARGP_IN_ORDER | ARGP_NO_EXIT | ARGP_NO_HELP,
624
NULL, NULL);
625
switch(ret){
626
case 0:
627
break;
628
case ENOMEM:
629
default:
630
errno = ret;
631
error(0, errno, "argp_parse");
632
exitstatus = EX_OSERR;
633
goto fallback;
634
case EINVAL:
635
exitstatus = EX_USAGE;
532
636
goto fallback;
533
637
}
534
638
536
640
argp.parser = parse_opt;
537
641
538
642
/* Open the configfile if available */
539
if (argfile == NULL){
643
if(argfile == NULL){
540
644
conffp = fopen(AFILE, "r");
541
645
} else {
542
646
conffp = fopen(argfile, "r");
543
}
647
}
544
648
if(conffp != NULL){
545
649
char *org_line = NULL;
546
650
char *p, *arg, *new_arg, *line;
547
651
size_t size = 0;
548
ssize_t sret;
549
652
const char whitespace_delims[] = " \r\t\f\v\n";
550
653
const char comment_delim[] = "#";
551
654
552
655
custom_argc = 1;
553
656
custom_argv = malloc(sizeof(char*) * 2);
554
657
if(custom_argv == NULL){
555
perror("malloc");
556
exitstatus = EXIT_FAILURE;
658
error(0, errno, "malloc");
659
exitstatus = EX_OSERR;
557
660
goto fallback;
558
661
}
559
662
custom_argv[0] = argv[0];
560
663
custom_argv[1] = NULL;
561
664
562
665
/* for each line in the config file, strip whitespace and ignore
563
666
commented text */
564
667
while(true){
566
669
if(sret == -1){
567
670
break;
568
671
}
569
672
570
673
line = org_line;
571
674
arg = strsep(&line, comment_delim);
572
675
while((p = strsep(&arg, whitespace_delims)) != NULL){
575
678
}
576
679
new_arg = strdup(p);
577
680
if(new_arg == NULL){
578
perror("strdup");
579
exitstatus = EXIT_FAILURE;
681
error(0, errno, "strdup");
682
exitstatus = EX_OSERR;
580
683
free(org_line);
581
684
goto fallback;
582
685
}
583
686
584
687
custom_argc += 1;
585
custom_argv = realloc(custom_argv, sizeof(char *)
586
* ((unsigned int) custom_argc + 1));
587
if(custom_argv == NULL){
588
perror("realloc");
589
exitstatus = EXIT_FAILURE;
590
free(org_line);
591
goto fallback;
688
{
689
char **new_argv = realloc(custom_argv, sizeof(char *)
690
* ((unsigned int)
691
custom_argc + 1));
692
if(new_argv == NULL){
693
error(0, errno, "realloc");
694
exitstatus = EX_OSERR;
695
free(new_arg);
696
free(org_line);
697
goto fallback;
698
} else {
699
custom_argv = new_argv;
700
}
592
701
}
593
702
custom_argv[custom_argc-1] = new_arg;
594
custom_argv[custom_argc] = NULL;
703
custom_argv[custom_argc] = NULL;
595
704
}
596
705
}
706
do {
707
ret = fclose(conffp);
708
} while(ret == EOF and errno == EINTR);
709
if(ret == EOF){
710
error(0, errno, "fclose");
711
exitstatus = EX_IOERR;
712
goto fallback;
713
}
597
714
free(org_line);
598
715
} else {
599
716
/* Check for harmful errors and go to fallback. Other errors might
600
717
not affect opening plugins */
601
if (errno == EMFILE or errno == ENFILE or errno == ENOMEM){
602
perror("fopen");
603
exitstatus = EXIT_FAILURE;
718
if(errno == EMFILE or errno == ENFILE or errno == ENOMEM){
719
error(0, errno, "fopen");
720
exitstatus = EX_OSERR;
604
721
goto fallback;
605
722
}
606
723
}
607
/* If there was any arguments from configuration file,
608
pass them to parser as command arguments */
724
/* If there were any arguments from the configuration file, pass
725
them to parser as command line arguments */
609
726
if(custom_argv != NULL){
610
ret = argp_parse (&argp, custom_argc, custom_argv, ARGP_IN_ORDER,
611
0, NULL);
612
if (ret == ARGP_ERR_UNKNOWN){
613
fprintf(stderr, "Unknown error while parsing arguments\n");
614
exitstatus = EXIT_FAILURE;
727
ret = argp_parse(&argp, custom_argc, custom_argv,
728
ARGP_IN_ORDER | ARGP_NO_EXIT | ARGP_NO_HELP,
729
NULL, NULL);
730
switch(ret){
731
case 0:
732
break;
733
case ENOMEM:
734
default:
735
errno = ret;
736
error(0, errno, "argp_parse");
737
exitstatus = EX_OSERR;
738
goto fallback;
739
case EINVAL:
740
exitstatus = EX_CONFIG;
615
741
goto fallback;
616
742
}
617
743
}
618
744
619
745
/* Parse actual command line arguments, to let them override the
620
746
config file */
621
ret = argp_parse (&argp, argc, argv, ARGP_IN_ORDER, 0, NULL);
622
if (ret == ARGP_ERR_UNKNOWN){
623
fprintf(stderr, "Unknown error while parsing arguments\n");
624
exitstatus = EXIT_FAILURE;
747
ret = argp_parse(&argp, argc, argv,
748
ARGP_IN_ORDER | ARGP_NO_EXIT | ARGP_NO_HELP,
749
NULL, NULL);
750
switch(ret){
751
case 0:
752
break;
753
case ENOMEM:
754
default:
755
errno = ret;
756
error(0, errno, "argp_parse");
757
exitstatus = EX_OSERR;
758
goto fallback;
759
case EINVAL:
760
exitstatus = EX_USAGE;
625
761
goto fallback;
626
762
}
627
763
632
768
for(char **a = p->argv; *a != NULL; a++){
633
769
fprintf(stderr, "\tArg: %s\n", *a);
634
770
}
635
fprintf(stderr, "...and %u environment variables\n", p->envc);
771
fprintf(stderr, "...and %d environment variables\n", p->envc);
636
772
for(char **a = p->environ; *a != NULL; a++){
637
773
fprintf(stderr, "\t%s\n", *a);
638
774
}
639
775
}
640
776
}
641
777
642
/* Strip permissions down to nobody */
778
if(getuid() == 0){
779
/* Work around Debian bug #633582:
780
<http://bugs.debian.org/633582> */
781
int plugindir_fd = open(/* plugindir or */ PDIR, O_RDONLY);
782
if(plugindir_fd == -1){
783
if(errno != ENOENT){
784
error(0, errno, "open(\"" PDIR "\")");
785
}
786
} else {
787
ret = (int)TEMP_FAILURE_RETRY(fstat(plugindir_fd, &st));
788
if(ret == -1){
789
error(0, errno, "fstat");
790
} else {
791
if(S_ISDIR(st.st_mode) and st.st_uid == 0 and st.st_gid == 0){
792
ret = fchown(plugindir_fd, uid, gid);
793
if(ret == -1){
794
error(0, errno, "fchown");
795
}
796
}
797
}
798
TEMP_FAILURE_RETRY(close(plugindir_fd));
799
}
800
}
801
802
/* Lower permissions */
803
ret = setgid(gid);
804
if(ret == -1){
805
error(0, errno, "setgid");
806
}
643
807
ret = setuid(uid);
644
if (ret == -1){
645
perror("setuid");
646
}
647
setgid(gid);
648
if (ret == -1){
649
perror("setgid");
650
}
651
652
if (plugindir == NULL){
653
dir = opendir(PDIR);
654
} else {
655
dir = opendir(plugindir);
656
}
657
658
if(dir == NULL){
659
perror("Could not open plugin dir");
660
exitstatus = EXIT_FAILURE;
661
goto fallback;
662
}
663
664
/* Set the FD_CLOEXEC flag on the directory, if possible */
808
if(ret == -1){
809
error(0, errno, "setuid");
810
}
811
812
/* Open plugin directory with close_on_exec flag */
665
813
{
666
int dir_fd = dirfd(dir);
667
if(dir_fd >= 0){
668
ret = set_cloexec_flag(dir_fd);
669
if(ret < 0){
670
perror("set_cloexec_flag");
671
exitstatus = EXIT_FAILURE;
672
goto fallback;
814
dir_fd = open(plugindir != NULL ? plugindir : PDIR, O_RDONLY |
815
#ifdef O_CLOEXEC
816
O_CLOEXEC
817
#else /* not O_CLOEXEC */
818
0
819
#endif /* not O_CLOEXEC */
820
);
821
if(dir_fd == -1){
822
error(0, errno, "Could not open plugin dir");
823
exitstatus = EX_UNAVAILABLE;
824
goto fallback;
825
}
826
827
#ifndef O_CLOEXEC
828
/* Set the FD_CLOEXEC flag on the directory */
829
ret = set_cloexec_flag(dir_fd);
830
if(ret < 0){
831
error(0, errno, "set_cloexec_flag");
832
exitstatus = EX_OSERR;
833
goto fallback;
834
}
835
#endif /* O_CLOEXEC */
836
}
837
838
int good_name(const struct dirent * const dirent){
839
const char * const patterns[] = { ".*", "#*#", "*~", "*.dpkg-new",
840
"*.dpkg-old", "*.dpkg-bak",
841
"*.dpkg-divert", NULL };
842
#ifdef __GNUC__
843
#pragma GCC diagnostic push
844
#pragma GCC diagnostic ignored "-Wcast-qual"
845
#endif
846
for(const char **pat = (const char **)patterns;
847
*pat != NULL; pat++){
848
#ifdef __GNUC__
849
#pragma GCC diagnostic pop
850
#endif
851
if(fnmatch(*pat, dirent->d_name, FNM_FILE_NAME | FNM_PERIOD)
852
!= FNM_NOMATCH){
853
if(debug){
854
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
855
" matching pattern %s\n", dirent->d_name, *pat);
856
}
857
return 0;
673
858
}
674
859
}
860
return 1;
861
}
862
863
#ifdef __GLIBC__
864
#if __GLIBC_PREREQ(2, 15)
865
int numplugins = scandirat(dir_fd, ".", &direntries, good_name,
866
alphasort);
867
#else /* not __GLIBC_PREREQ(2, 15) */
868
int numplugins = scandir(plugindir != NULL ? plugindir : PDIR,
869
&direntries, good_name, alphasort);
870
#endif /* not __GLIBC_PREREQ(2, 15) */
871
#else /* not __GLIBC__ */
872
int numplugins = scandir(plugindir != NULL ? plugindir : PDIR,
873
&direntries, good_name, alphasort);
874
#endif /* not __GLIBC__ */
875
if(numplugins == -1){
876
error(0, errno, "Could not scan plugin dir");
877
direntries = NULL;
878
exitstatus = EX_OSERR;
879
goto fallback;
675
880
}
676
881
677
882
FD_ZERO(&rfds_all);
678
883
679
884
/* Read and execute any executable in the plugin directory*/
680
while(true){
681
dirst = readdir(dir);
682
683
/* All directory entries have been processed */
684
if(dirst == NULL){
685
if (errno == EBADF){
686
perror("readdir");
687
exitstatus = EXIT_FAILURE;
688
goto fallback;
689
}
690
break;
691
}
692
693
d_name_len = strlen(dirst->d_name);
694
695
/* Ignore dotfiles, backup files and other junk */
696
{
697
bool bad_name = false;
698
699
const char const *bad_prefixes[] = { ".", "#", NULL };
700
701
const char const *bad_suffixes[] = { "~", "#", ".dpkg-new",
702
".dpkg-old",
703
".dpkg-bak",
704
".dpkg-divert", NULL };
705
for(const char **pre = bad_prefixes; *pre != NULL; pre++){
706
size_t pre_len = strlen(*pre);
707
if((d_name_len >= pre_len)
708
and strncmp((dirst->d_name), *pre, pre_len) == 0){
709
if(debug){
710
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
711
" with bad prefix %s\n", dirst->d_name, *pre);
712
}
713
bad_name = true;
714
break;
715
}
716
}
717
if(bad_name){
718
continue;
719
}
720
for(const char **suf = bad_suffixes; *suf != NULL; suf++){
721
size_t suf_len = strlen(*suf);
722
if((d_name_len >= suf_len)
723
and (strcmp((dirst->d_name)+d_name_len-suf_len, *suf)
724
== 0)){
725
if(debug){
726
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
727
" with bad suffix %s\n", dirst->d_name, *suf);
728
}
729
bad_name = true;
730
break;
731
}
732
}
733
734
if(bad_name){
735
continue;
736
}
737
}
738
739
char *filename;
740
if(plugindir == NULL){
741
ret = asprintf(&filename, PDIR "/%s", dirst->d_name);
742
} else {
743
ret = asprintf(&filename, "%s/%s", plugindir, dirst->d_name);
744
}
745
if(ret < 0){
746
perror("asprintf");
747
continue;
748
}
749
750
ret = stat(filename, &st);
751
if (ret == -1){
752
perror("stat");
753
free(filename);
754
continue;
755
}
756
885
for(int i = 0; i < numplugins; i++){
886
887
int plugin_fd = openat(dir_fd, direntries[i]->d_name, O_RDONLY);
888
if(plugin_fd == -1){
889
error(0, errno, "Could not open plugin");
890
free(direntries[i]);
891
continue;
892
}
893
ret = (int)TEMP_FAILURE_RETRY(fstat(plugin_fd, &st));
894
if(ret == -1){
895
error(0, errno, "stat");
896
TEMP_FAILURE_RETRY(close(plugin_fd));
897
free(direntries[i]);
898
continue;
899
}
900
757
901
/* Ignore non-executable files */
758
if (not S_ISREG(st.st_mode) or (access(filename, X_OK) != 0)){
902
if(not S_ISREG(st.st_mode)
903
or (TEMP_FAILURE_RETRY(faccessat(dir_fd, direntries[i]->d_name,
904
X_OK, 0)) != 0)){
759
905
if(debug){
760
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
761
" with bad type or mode\n", filename);
906
fprintf(stderr, "Ignoring plugin dir entry \"%s/%s\""
907
" with bad type or mode\n",
908
plugindir != NULL ? plugindir : PDIR,
909
direntries[i]->d_name);
762
910
}
763
free(filename);
911
TEMP_FAILURE_RETRY(close(plugin_fd));
912
free(direntries[i]);
764
913
continue;
765
914
}
766
915
767
plugin *p = getplugin(dirst->d_name);
916
plugin *p = getplugin(direntries[i]->d_name);
768
917
if(p == NULL){
769
perror("getplugin");
770
free(filename);
918
error(0, errno, "getplugin");
919
TEMP_FAILURE_RETRY(close(plugin_fd));
920
free(direntries[i]);
771
921
continue;
772
922
}
773
923
if(p->disabled){
774
924
if(debug){
775
925
fprintf(stderr, "Ignoring disabled plugin \"%s\"\n",
776
dirst->d_name);
926
direntries[i]->d_name);
777
927
}
778
free(filename);
928
TEMP_FAILURE_RETRY(close(plugin_fd));
929
free(direntries[i]);
779
930
continue;
780
931
}
781
932
{
784
935
if(g != NULL){
785
936
for(char **a = g->argv + 1; *a != NULL; a++){
786
937
if(not add_argument(p, *a)){
787
perror("add_argument");
938
error(0, errno, "add_argument");
788
939
}
789
940
}
790
941
/* Add global environment variables */
791
942
for(char **e = g->environ; *e != NULL; e++){
792
943
if(not add_environment(p, *e, false)){
793
perror("add_environment");
944
error(0, errno, "add_environment");
794
945
}
795
946
}
796
947
}
797
948
}
798
/* If this plugin has any environment variables, we will call
799
using execve and need to duplicate the environment from this
800
process, too. */
949
/* If this plugin has any environment variables, we need to
950
duplicate the environment from this process, too. */
801
951
if(p->environ[0] != NULL){
802
952
for(char **e = environ; *e != NULL; e++){
803
953
if(not add_environment(p, *e, false)){
804
perror("add_environment");
954
error(0, errno, "add_environment");
805
955
}
806
956
}
807
957
}
808
958
809
959
int pipefd[2];
810
ret = pipe(pipefd);
811
if (ret == -1){
812
perror("pipe");
813
exitstatus = EXIT_FAILURE;
814
goto fallback;
815
}
960
#ifndef O_CLOEXEC
961
ret = (int)TEMP_FAILURE_RETRY(pipe(pipefd));
962
#else /* O_CLOEXEC */
963
ret = (int)TEMP_FAILURE_RETRY(pipe2(pipefd, O_CLOEXEC));
964
#endif /* O_CLOEXEC */
965
if(ret == -1){
966
error(0, errno, "pipe");
967
exitstatus = EX_OSERR;
968
free(direntries[i]);
969
goto fallback;
970
}
971
if(pipefd[0] >= FD_SETSIZE){
972
fprintf(stderr, "pipe()[0] (%d) >= FD_SETSIZE (%d)", pipefd[0],
973
FD_SETSIZE);
974
TEMP_FAILURE_RETRY(close(pipefd[0]));
975
TEMP_FAILURE_RETRY(close(pipefd[1]));
976
exitstatus = EX_OSERR;
977
free(direntries[i]);
978
goto fallback;
979
}
980
#ifndef O_CLOEXEC
816
981
/* Ask OS to automatic close the pipe on exec */
817
982
ret = set_cloexec_flag(pipefd[0]);
818
983
if(ret < 0){
819
perror("set_cloexec_flag");
820
exitstatus = EXIT_FAILURE;
984
error(0, errno, "set_cloexec_flag");
985
TEMP_FAILURE_RETRY(close(pipefd[0]));
986
TEMP_FAILURE_RETRY(close(pipefd[1]));
987
exitstatus = EX_OSERR;
988
free(direntries[i]);
821
989
goto fallback;
822
990
}
823
991
ret = set_cloexec_flag(pipefd[1]);
824
992
if(ret < 0){
825
perror("set_cloexec_flag");
826
exitstatus = EXIT_FAILURE;
993
error(0, errno, "set_cloexec_flag");
994
TEMP_FAILURE_RETRY(close(pipefd[0]));
995
TEMP_FAILURE_RETRY(close(pipefd[1]));
996
exitstatus = EX_OSERR;
997
free(direntries[i]);
827
998
goto fallback;
828
999
}
1000
#endif /* not O_CLOEXEC */
829
1001
/* Block SIGCHLD until process is safely in process list */
830
ret = sigprocmask (SIG_BLOCK, &sigchld_action.sa_mask, NULL);
1002
ret = (int)TEMP_FAILURE_RETRY(sigprocmask(SIG_BLOCK,
1003
&sigchld_action.sa_mask,
1004
NULL));
831
1005
if(ret < 0){
832
perror("sigprocmask");
833
exitstatus = EXIT_FAILURE;
1006
error(0, errno, "sigprocmask");
1007
exitstatus = EX_OSERR;
1008
free(direntries[i]);
834
1009
goto fallback;
835
1010
}
836
1011
/* Starting a new process to be watched */
837
pid_t pid = fork();
1012
pid_t pid;
1013
do {
1014
pid = fork();
1015
} while(pid == -1 and errno == EINTR);
838
1016
if(pid == -1){
839
perror("fork");
840
exitstatus = EXIT_FAILURE;
1017
error(0, errno, "fork");
1018
TEMP_FAILURE_RETRY(sigprocmask(SIG_UNBLOCK,
1019
&sigchld_action.sa_mask, NULL));
1020
TEMP_FAILURE_RETRY(close(pipefd[0]));
1021
TEMP_FAILURE_RETRY(close(pipefd[1]));
1022
exitstatus = EX_OSERR;
1023
free(direntries[i]);
841
1024
goto fallback;
842
1025
}
843
1026
if(pid == 0){
844
1027
/* this is the child process */
845
1028
ret = sigaction(SIGCHLD, &old_sigchld_action, NULL);
846
1029
if(ret < 0){
847
perror("sigaction");
848
_exit(EXIT_FAILURE);
1030
error(0, errno, "sigaction");
1031
_exit(EX_OSERR);
849
1032
}
850
1033
ret = sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
851
1034
if(ret < 0){
852
perror("sigprocmask");
853
_exit(EXIT_FAILURE);
1035
error(0, errno, "sigprocmask");
1036
_exit(EX_OSERR);
854
1037
}
855
1038
856
1039
ret = dup2(pipefd[1], STDOUT_FILENO); /* replace our stdout */
857
1040
if(ret == -1){
858
perror("dup2");
859
_exit(EXIT_FAILURE);
1041
error(0, errno, "dup2");
1042
_exit(EX_OSERR);
860
1043
}
861
1044
862
if(dirfd(dir) < 0){
863
/* If dir has no file descriptor, we could not set FD_CLOEXEC
864
above and must now close it manually here. */
865
closedir(dir);
866
}
867
if(p->environ[0] == NULL){
868
if(execv(filename, p->argv) < 0){
869
perror("execv");
870
_exit(EXIT_FAILURE);
871
}
872
} else {
873
if(execve(filename, p->argv, p->environ) < 0){
874
perror("execve");
875
_exit(EXIT_FAILURE);
876
}
1045
if(fexecve(plugin_fd, p->argv,
1046
(p->environ[0] != NULL) ? p->environ : environ) < 0){
1047
error(0, errno, "fexecve for %s/%s",
1048
plugindir != NULL ? plugindir : PDIR,
1049
direntries[i]->d_name);
1050
_exit(EX_OSERR);
877
1051
}
878
1052
/* no return */
879
1053
}
880
1054
/* Parent process */
881
close(pipefd[1]); /* Close unused write end of pipe */
882
free(filename);
883
plugin *new_plugin = getplugin(dirst->d_name);
884
if (new_plugin == NULL){
885
perror("getplugin");
886
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
1055
TEMP_FAILURE_RETRY(close(pipefd[1])); /* Close unused write end of
1056
pipe */
1057
TEMP_FAILURE_RETRY(close(plugin_fd));
1058
plugin *new_plugin = getplugin(direntries[i]->d_name);
1059
if(new_plugin == NULL){
1060
error(0, errno, "getplugin");
1061
ret = (int)(TEMP_FAILURE_RETRY
1062
(sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask,
1063
NULL)));
887
1064
if(ret < 0){
888
perror("sigprocmask");
1065
error(0, errno, "sigprocmask");
889
1066
}
890
exitstatus = EXIT_FAILURE;
1067
exitstatus = EX_OSERR;
1068
free(direntries[i]);
891
1069
goto fallback;
892
1070
}
1071
free(direntries[i]);
893
1072
894
1073
new_plugin->pid = pid;
895
1074
new_plugin->fd = pipefd[0];
896
1075
897
1076
/* Unblock SIGCHLD so signal handler can be run if this process
898
1077
has already completed */
899
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
1078
ret = (int)TEMP_FAILURE_RETRY(sigprocmask(SIG_UNBLOCK,
1079
&sigchld_action.sa_mask,
1080
NULL));
900
1081
if(ret < 0){
901
perror("sigprocmask");
902
exitstatus = EXIT_FAILURE;
1082
error(0, errno, "sigprocmask");
1083
exitstatus = EX_OSERR;
903
1084
goto fallback;
904
1085
}
905
1086
906
FD_SET(new_plugin->fd, &rfds_all);
1087
#if defined (__GNUC__) and defined (__GLIBC__)
1088
#if not __GLIBC_PREREQ(2, 16)
1089
#pragma GCC diagnostic push
1090
#pragma GCC diagnostic ignored "-Wsign-conversion"
1091
#endif
1092
#endif
1093
FD_SET(new_plugin->fd, &rfds_all); /* Spurious warning from
1094
-Wconversion in GNU libc
1095
before 2.16 */
1096
#if defined (__GNUC__) and defined (__GLIBC__)
1097
#if not __GLIBC_PREREQ(2, 16)
1098
#pragma GCC diagnostic pop
1099
#endif
1100
#endif
907
1101
908
if (maxfd < new_plugin->fd){
1102
if(maxfd < new_plugin->fd){
909
1103
maxfd = new_plugin->fd;
910
1104
}
911
1105
}
912
1106
913
closedir(dir);
914
dir = NULL;
1107
free(direntries);
1108
direntries = NULL;
1109
TEMP_FAILURE_RETRY(close(dir_fd));
1110
dir_fd = -1;
1111
free_plugin(getplugin(NULL));
915
1112
916
1113
for(plugin *p = plugin_list; p != NULL; p = p->next){
917
1114
if(p->pid != 0){
928
1125
while(plugin_list){
929
1126
fd_set rfds = rfds_all;
930
1127
int select_ret = select(maxfd+1, &rfds, NULL, NULL, NULL);
931
if (select_ret == -1){
932
perror("select");
933
exitstatus = EXIT_FAILURE;
1128
if(select_ret == -1 and errno != EINTR){
1129
error(0, errno, "select");
1130
exitstatus = EX_OSERR;
934
1131
goto fallback;
935
1132
}
936
1133
/* OK, now either a process completed, or something can be read
937
1134
from one of them */
938
1135
for(plugin *proc = plugin_list; proc != NULL;){
939
1136
/* Is this process completely done? */
940
if(proc->eof and proc->completed){
1137
if(proc->completed and proc->eof){
941
1138
/* Only accept the plugin output if it exited cleanly */
942
1139
if(not WIFEXITED(proc->status)
943
1140
or WEXITSTATUS(proc->status) != 0){
944
1141
/* Bad exit by plugin */
945
1142
946
1143
if(debug){
947
1144
if(WIFEXITED(proc->status)){
948
fprintf(stderr, "Plugin %u exited with status %d\n",
949
(unsigned int) (proc->pid),
1145
fprintf(stderr, "Plugin %s [%" PRIdMAX "] exited with"
1146
" status %d\n", proc->name,
1147
(intmax_t) (proc->pid),
950
1148
WEXITSTATUS(proc->status));
951
} else if(WIFSIGNALED(proc->status)) {
952
fprintf(stderr, "Plugin %u killed by signal %d\n",
953
(unsigned int) (proc->pid),
954
WTERMSIG(proc->status));
1149
} else if(WIFSIGNALED(proc->status)){
1150
fprintf(stderr, "Plugin %s [%" PRIdMAX "] killed by"
1151
" signal %d: %s\n", proc->name,
1152
(intmax_t) (proc->pid),
1153
WTERMSIG(proc->status),
1154
strsignal(WTERMSIG(proc->status)));
955
1155
} else if(WCOREDUMP(proc->status)){
956
fprintf(stderr, "Plugin %d dumped core\n",
957
(unsigned int) (proc->pid));
1156
fprintf(stderr, "Plugin %s [%" PRIdMAX "] dumped"
1157
" core\n", proc->name, (intmax_t) (proc->pid));
958
1158
}
959
1159
}
960
1160
961
1161
/* Remove the plugin */
962
FD_CLR(proc->fd, &rfds_all);
963
1162
#if defined (__GNUC__) and defined (__GLIBC__)
1163
#if not __GLIBC_PREREQ(2, 16)
1164
#pragma GCC diagnostic push
1165
#pragma GCC diagnostic ignored "-Wsign-conversion"
1166
#endif
1167
#endif
1168
FD_CLR(proc->fd, &rfds_all); /* Spurious warning from
1169
-Wconversion in GNU libc
1170
before 2.16 */
1171
#if defined (__GNUC__) and defined (__GLIBC__)
1172
#if not __GLIBC_PREREQ(2, 16)
1173
#pragma GCC diagnostic pop
1174
#endif
1175
#endif
1176
964
1177
/* Block signal while modifying process_list */
965
ret = sigprocmask(SIG_BLOCK, &sigchld_action.sa_mask, NULL);
1178
ret = (int)TEMP_FAILURE_RETRY(sigprocmask
1179
(SIG_BLOCK,
1180
&sigchld_action.sa_mask,
1181
NULL));
966
1182
if(ret < 0){
967
perror("sigprocmask");
968
exitstatus = EXIT_FAILURE;
1183
error(0, errno, "sigprocmask");
1184
exitstatus = EX_OSERR;
969
1185
goto fallback;
970
1186
}
971
1187
974
1190
proc = next_plugin;
975
1191
976
1192
/* We are done modifying process list, so unblock signal */
977
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask,
978
NULL);
1193
ret = (int)(TEMP_FAILURE_RETRY
1194
(sigprocmask(SIG_UNBLOCK,
1195
&sigchld_action.sa_mask, NULL)));
979
1196
if(ret < 0){
980
perror("sigprocmask");
981
exitstatus = EXIT_FAILURE;
1197
error(0, errno, "sigprocmask");
1198
exitstatus = EX_OSERR;
982
1199
goto fallback;
983
1200
}
984
1201
994
1211
bool bret = print_out_password(proc->buffer,
995
1212
proc->buffer_length);
996
1213
if(not bret){
997
perror("print_out_password");
998
exitstatus = EXIT_FAILURE;
1214
error(0, errno, "print_out_password");
1215
exitstatus = EX_IOERR;
999
1216
}
1000
1217
goto fallback;
1001
1218
}
1002
1219
1003
1220
/* This process has not completed. Does it have any output? */
1004
if(proc->eof or not FD_ISSET(proc->fd, &rfds)){
1221
#if defined (__GNUC__) and defined (__GLIBC__)
1222
#if not __GLIBC_PREREQ(2, 16)
1223
#pragma GCC diagnostic push
1224
#pragma GCC diagnostic ignored "-Wsign-conversion"
1225
#endif
1226
#endif
1227
if(proc->eof or not FD_ISSET(proc->fd, &rfds)){ /* Spurious
1228
warning from
1229
-Wconversion
1230
in GNU libc
1231
before
1232
2.16 */
1233
#if defined (__GNUC__) and defined (__GLIBC__)
1234
#if not __GLIBC_PREREQ(2, 16)
1235
#pragma GCC diagnostic pop
1236
#endif
1237
#endif
1005
1238
/* This process had nothing to say at this time */
1006
1239
proc = proc->next;
1007
1240
continue;
1008
1241
}
1009
1242
/* Before reading, make the process' data buffer large enough */
1010
1243
if(proc->buffer_length + BUFFER_SIZE > proc->buffer_size){
1011
proc->buffer = realloc(proc->buffer, proc->buffer_size
1012
+ (size_t) BUFFER_SIZE);
1013
if (proc->buffer == NULL){
1014
perror("malloc");
1015
exitstatus = EXIT_FAILURE;
1244
char *new_buffer = realloc(proc->buffer, proc->buffer_size
1245
+ (size_t) BUFFER_SIZE);
1246
if(new_buffer == NULL){
1247
error(0, errno, "malloc");
1248
exitstatus = EX_OSERR;
1016
1249
goto fallback;
1017
1250
}
1251
proc->buffer = new_buffer;
1018
1252
proc->buffer_size += BUFFER_SIZE;
1019
1253
}
1020
1254
/* Read from the process */
1021
ret = read(proc->fd, proc->buffer + proc->buffer_length,
1022
BUFFER_SIZE);
1023
if(ret < 0){
1255
sret = TEMP_FAILURE_RETRY(read(proc->fd,
1256
proc->buffer
1257
+ proc->buffer_length,
1258
BUFFER_SIZE));
1259
if(sret < 0){
1024
1260
/* Read error from this process; ignore the error */
1025
1261
proc = proc->next;
1026
1262
continue;
1027
1263
}
1028
if(ret == 0){
1264
if(sret == 0){
1029
1265
/* got EOF */
1030
1266
proc->eof = true;
1031
1267
} else {
1032
proc->buffer_length += (size_t) ret;
1268
proc->buffer_length += (size_t) sret;
1033
1269
}
1034
1270
}
1035
1271
}
1036
1037
1272
1273
1038
1274
fallback:
1039
1275
1040
if(plugin_list == NULL or exitstatus != EXIT_SUCCESS){
1276
if(plugin_list == NULL or (exitstatus != EXIT_SUCCESS
1277
and exitstatus != EX_OK)){
1041
1278
/* Fallback if all plugins failed, none are found or an error
1042
1279
occured */
1043
1280
bool bret;
1051
1288
}
1052
1289
bret = print_out_password(passwordbuffer, len);
1053
1290
if(not bret){
1054
perror("print_out_password");
1055
exitstatus = EXIT_FAILURE;
1291
error(0, errno, "print_out_password");
1292
exitstatus = EX_IOERR;
1056
1293
}
1057
1294
}
1058
1295
1059
1296
/* Restore old signal handler */
1060
1297
ret = sigaction(SIGCHLD, &old_sigchld_action, NULL);
1061
1298
if(ret == -1){
1062
perror("sigaction");
1063
exitstatus = EXIT_FAILURE;
1299
error(0, errno, "sigaction");
1300
exitstatus = EX_OSERR;
1064
1301
}
1065
1302
1066
1303
if(custom_argv != NULL){
1070
1307
free(custom_argv);
1071
1308
}
1072
1309
1073
if(dir != NULL){
1074
closedir(dir);
1310
free(direntries);
1311
1312
if(dir_fd != -1){
1313
TEMP_FAILURE_RETRY(close(dir_fd));
1075
1314
}
1076
1315
1077
1316
/* Kill the processes */
1081
1320
ret = kill(p->pid, SIGTERM);
1082
1321
if(ret == -1 and errno != ESRCH){
1083
1322
/* Set-uid proccesses might not get closed */
1084
perror("kill");
1323
error(0, errno, "kill");
1085
1324
}
1086
1325
}
1087
1326
}
1088
1327
1089
1328
/* Wait for any remaining child processes to terminate */
1090
do{
1329
do {
1091
1330
ret = wait(NULL);
1092
1331
} while(ret >= 0);
1093
1332
if(errno != ECHILD){
1094
perror("wait");
1333
error(0, errno, "wait");
1095
1334
}
1096
1335
1097
1336
free_plugin_list();
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0