To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugin-runner.c
- browse files at revision 237.7.290
- compare with another revision
- download diff
- download tarball
- view history from revision 237.7.290
- Committer: Teddy Hogeborn
- Date: 2015-03-10 18:03:38 UTC
- mto: (237.7.304 trunk)
- mto: This revision was merged to the branch mainline in revision 325.
- Revision ID: teddy@recompile.se-20150310180338-pcxw6r2qmw9k6br9
Add ":!RSA" to GnuTLS priority string, to disallow non-DHE kx.
If Mandos was somehow made to use a non-ephemeral Diffie-Hellman key
exchange algorithm in the TLS handshake, any saved network traffic
could then be decrypted later if the Mandos client key was obtained.
By default, Mandos uses ephemeral DH key exchanges which does not have
this problem, but a non-ephemeral key exchange algorithm was still
enabled by default. The simplest solution is to simply turn that off,
which ensures that Mandos will always use ephemeral DH key exchanges.
There is a "PFS" priority string specifier, but we can't use it because:
1. Security-wise, it is a mix between "NORMAL" and "SECURE128" - it
enables a lot more algorithms than "SECURE256".
2. It is only available since GnuTLS 3.2.4.
Thanks to Andreas Fischer <af@bantuX.org> for reporting this issue.
If Mandos was somehow made to use a non-ephemeral Diffie-Hellman key
exchange algorithm in the TLS handshake, any saved network traffic
could then be decrypted later if the Mandos client key was obtained.
By default, Mandos uses ephemeral DH key exchanges which does not have
this problem, but a non-ephemeral key exchange algorithm was still
enabled by default. The simplest solution is to simply turn that off,
which ensures that Mandos will always use ephemeral DH key exchanges.
There is a "PFS" priority string specifier, but we can't use it because:
1. Security-wise, it is a mix between "NORMAL" and "SECURE128" - it
enables a lot more algorithms than "SECURE256".
2. It is only available since GnuTLS 3.2.4.
Thanks to Andreas Fischer <af@bantuX.org> for reporting this issue.
- files added:
- DBUS-API
- debian/po
- debian/source
- debian/upstream
- network-hooks.d
- files removed:
- etc-plugins.d-README
- files modified:
- .bzrignore
added
removed
plugin-runner.c
1
/* -*- coding: utf-8 -*- */
1
/* -*- coding: utf-8; mode: c; mode: orgtbl -*- */
2
2
/*
3
3
* Mandos plugin runner - Run Mandos plugins
4
4
*
5
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
5
* Copyright © 2008-2014 Teddy Hogeborn
6
* Copyright © 2008-2014 Björn Påhlsson
6
7
*
7
8
* This program is free software: you can redistribute it and/or
8
9
* modify it under the terms of the GNU General Public License as
18
19
* along with this program. If not, see
19
20
* <http://www.gnu.org/licenses/>.
20
21
*
21
* Contact the authors at <mandos@fukt.bsnet.se>.
22
* Contact the authors at <mandos@recompile.se>.
22
23
*/
23
24
24
25
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), getline(),
25
asprintf() */
26
O_CLOEXEC, pipe2() */
26
27
#include <stddef.h> /* size_t, NULL */
27
#include <stdlib.h> /* malloc(), exit(), EXIT_FAILURE,
28
EXIT_SUCCESS, realloc() */
28
#include <stdlib.h> /* malloc(), exit(), EXIT_SUCCESS,
29
realloc() */
29
30
#include <stdbool.h> /* bool, true, false */
30
#include <stdio.h> /* perror, popen(), fileno(),
31
fprintf(), stderr, STDOUT_FILENO */
32
#include <sys/types.h> /* DIR, opendir(), stat(), struct
33
stat, waitpid(), WIFEXITED(),
34
WEXITSTATUS(), wait(), pid_t,
35
uid_t, gid_t, getuid(), getgid(),
36
dirfd() */
31
#include <stdio.h> /* fileno(), fprintf(),
32
stderr, STDOUT_FILENO, fclose() */
33
#include <sys/types.h> /* fstat(), struct stat, waitpid(),
34
WIFEXITED(), WEXITSTATUS(), wait(),
35
pid_t, uid_t, gid_t, getuid(),
36
getgid() */
37
37
#include <sys/select.h> /* fd_set, select(), FD_ZERO(),
38
38
FD_SET(), FD_ISSET(), FD_CLR */
39
39
#include <sys/wait.h> /* wait(), waitpid(), WIFEXITED(),
40
WEXITSTATUS() */
41
#include <sys/stat.h> /* struct stat, stat(), S_ISREG() */
40
WEXITSTATUS(), WTERMSIG(),
41
WCOREDUMP() */
42
#include <sys/stat.h> /* struct stat, fstat(), S_ISREG() */
42
43
#include <iso646.h> /* and, or, not */
43
#include <dirent.h> /* DIR, struct dirent, opendir(),
44
readdir(), closedir(), dirfd() */
45
#include <unistd.h> /* struct stat, stat(), S_ISREG(),
46
fcntl(), setuid(), setgid(),
47
F_GETFD, F_SETFD, FD_CLOEXEC,
48
access(), pipe(), fork(), close()
49
dup2, STDOUT_FILENO, _exit(),
50
execv(), write(), read(),
51
close() */
44
#include <dirent.h> /* struct dirent, scandirat() */
45
#include <unistd.h> /* fcntl(), F_GETFD, F_SETFD,
46
FD_CLOEXEC, write(), STDOUT_FILENO,
47
struct stat, fstat(), close(),
48
setgid(), setuid(), S_ISREG(),
49
faccessat() pipe2(), fork(),
50
_exit(), dup2(), fexecve(), read()
51
*/
52
52
#include <fcntl.h> /* fcntl(), F_GETFD, F_SETFD,
53
FD_CLOEXEC */
54
#include <string.h> /* strsep, strlen(), asprintf() */
53
FD_CLOEXEC, openat(), scandirat(),
54
pipe2() */
55
#include <string.h> /* strsep, strlen(), strsignal(),
56
strcmp(), strncmp() */
55
57
#include <errno.h> /* errno */
56
58
#include <argp.h> /* struct argp_option, struct
57
59
argp_state, struct argp,
61
63
#include <signal.h> /* struct sigaction, sigemptyset(),
62
64
sigaddset(), sigaction(),
63
65
sigprocmask(), SIG_BLOCK, SIGCHLD,
64
SIG_UNBLOCK, kill() */
66
SIG_UNBLOCK, kill(), sig_atomic_t
67
*/
65
68
#include <errno.h> /* errno, EBADF */
69
#include <inttypes.h> /* intmax_t, PRIdMAX, strtoimax() */
70
#include <sysexits.h> /* EX_OSERR, EX_USAGE, EX_IOERR,
71
EX_CONFIG, EX_UNAVAILABLE, EX_OK */
72
#include <errno.h> /* errno */
73
#include <error.h> /* error() */
74
#include <fnmatch.h> /* fnmatch() */
66
75
67
76
#define BUFFER_SIZE 256
68
77
69
78
#define PDIR "/lib/mandos/plugins.d"
70
79
#define AFILE "/conf/conf.d/mandos/plugin-runner.conf"
71
80
72
const char *argp_program_version = "plugin-runner 1.0";
73
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
74
75
struct plugin;
81
const char *argp_program_version = "plugin-runner " VERSION;
82
const char *argp_program_bug_address = "<mandos@recompile.se>";
76
83
77
84
typedef struct plugin{
78
85
char *name; /* can be NULL or any plugin name */
81
88
char **environ;
82
89
int envc;
83
90
bool disabled;
84
91
85
92
/* Variables used for running processes*/
86
93
pid_t pid;
87
94
int fd;
89
96
size_t buffer_size;
90
97
size_t buffer_length;
91
98
bool eof;
92
volatile bool completed;
93
volatile int status;
99
volatile sig_atomic_t completed;
100
int status;
94
101
struct plugin *next;
95
102
} plugin;
96
103
98
105
99
106
/* Gets an existing plugin based on name,
100
107
or if none is found, creates a new one */
108
__attribute__((warn_unused_result))
101
109
static plugin *getplugin(char *name){
102
/* Check for exiting plugin with that name */
103
for (plugin *p = plugin_list; p != NULL; p = p->next){
104
if ((p->name == name)
105
or (p->name and name and (strcmp(p->name, name) == 0))){
110
/* Check for existing plugin with that name */
111
for(plugin *p = plugin_list; p != NULL; p = p->next){
112
if((p->name == name)
113
or (p->name and name and (strcmp(p->name, name) == 0))){
106
114
return p;
107
115
}
108
116
}
109
117
/* Create a new plugin */
110
plugin *new_plugin = malloc(sizeof(plugin));
111
if (new_plugin == NULL){
118
plugin *new_plugin = NULL;
119
do {
120
new_plugin = malloc(sizeof(plugin));
121
} while(new_plugin == NULL and errno == EINTR);
122
if(new_plugin == NULL){
112
123
return NULL;
113
124
}
114
125
char *copy_name = NULL;
115
126
if(name != NULL){
116
copy_name = strdup(name);
127
do {
128
copy_name = strdup(name);
129
} while(copy_name == NULL and errno == EINTR);
117
130
if(copy_name == NULL){
131
int e = errno;
132
free(new_plugin);
133
errno = e;
118
134
return NULL;
119
135
}
120
136
}
121
137
122
*new_plugin = (plugin) { .name = copy_name,
123
.argc = 1,
124
.disabled = false,
125
.next = plugin_list };
138
*new_plugin = (plugin){ .name = copy_name,
139
.argc = 1,
140
.disabled = false,
141
.next = plugin_list };
126
142
127
new_plugin->argv = malloc(sizeof(char *) * 2);
128
if (new_plugin->argv == NULL){
143
do {
144
new_plugin->argv = malloc(sizeof(char *) * 2);
145
} while(new_plugin->argv == NULL and errno == EINTR);
146
if(new_plugin->argv == NULL){
147
int e = errno;
129
148
free(copy_name);
130
149
free(new_plugin);
150
errno = e;
131
151
return NULL;
132
152
}
133
153
new_plugin->argv[0] = copy_name;
134
154
new_plugin->argv[1] = NULL;
135
155
136
new_plugin->environ = malloc(sizeof(char *));
156
do {
157
new_plugin->environ = malloc(sizeof(char *));
158
} while(new_plugin->environ == NULL and errno == EINTR);
137
159
if(new_plugin->environ == NULL){
160
int e = errno;
138
161
free(copy_name);
139
162
free(new_plugin->argv);
140
163
free(new_plugin);
164
errno = e;
141
165
return NULL;
142
166
}
143
167
new_plugin->environ[0] = NULL;
148
172
}
149
173
150
174
/* Helper function for add_argument and add_environment */
175
__attribute__((nonnull, warn_unused_result))
151
176
static bool add_to_char_array(const char *new, char ***array,
152
177
int *len){
153
178
/* Resize the pointed-to array to hold one more pointer */
154
*array = realloc(*array, sizeof(char *)
155
* (size_t) ((*len) + 2));
179
char **new_array = NULL;
180
do {
181
new_array = realloc(*array, sizeof(char *)
182
* (size_t) ((*len) + 2));
183
} while(new_array == NULL and errno == EINTR);
156
184
/* Malloc check */
157
if(*array == NULL){
185
if(new_array == NULL){
158
186
return false;
159
187
}
188
*array = new_array;
160
189
/* Make a copy of the new string */
161
char *copy = strdup(new);
190
char *copy;
191
do {
192
copy = strdup(new);
193
} while(copy == NULL and errno == EINTR);
162
194
if(copy == NULL){
163
195
return false;
164
196
}
171
203
}
172
204
173
205
/* Add to a plugin's argument vector */
206
__attribute__((nonnull(2), warn_unused_result))
174
207
static bool add_argument(plugin *p, const char *arg){
175
208
if(p == NULL){
176
209
return false;
179
212
}
180
213
181
214
/* Add to a plugin's environment */
215
__attribute__((nonnull(2), warn_unused_result))
182
216
static bool add_environment(plugin *p, const char *def, bool replace){
183
217
if(p == NULL){
184
218
return false;
186
220
/* namelen = length of name of environment variable */
187
221
size_t namelen = (size_t)(strchrnul(def, '=') - def);
188
222
/* Search for this environment variable */
189
for(char **e = p->environ; *e != NULL; e++){
190
if(strncmp(*e, def, namelen + 1) == 0){
223
for(char **envdef = p->environ; *envdef != NULL; envdef++){
224
if(strncmp(*envdef, def, namelen + 1) == 0){
191
225
/* It already exists */
192
226
if(replace){
193
char *new = realloc(*e, strlen(def) + 1);
194
if(new == NULL){
227
char *new_envdef;
228
do {
229
new_envdef = realloc(*envdef, strlen(def) + 1);
230
} while(new_envdef == NULL and errno == EINTR);
231
if(new_envdef == NULL){
195
232
return false;
196
233
}
197
*e = new;
198
strcpy(*e, def);
234
*envdef = new_envdef;
235
strcpy(*envdef, def);
199
236
}
200
237
return true;
201
238
}
203
240
return add_to_char_array(def, &(p->environ), &(p->envc));
204
241
}
205
242
243
#ifndef O_CLOEXEC
206
244
/*
207
245
* Based on the example in the GNU LibC manual chapter 13.13 "File
208
246
* Descriptor Flags".
209
* *Note File Descriptor Flags:(libc)Descriptor Flags.
247
| [[info:libc:Descriptor%20Flags][File Descriptor Flags]] |
210
248
*/
211
static int set_cloexec_flag(int fd)
212
{
213
int ret = fcntl(fd, F_GETFD, 0);
249
__attribute__((warn_unused_result))
250
static int set_cloexec_flag(int fd){
251
int ret = (int)TEMP_FAILURE_RETRY(fcntl(fd, F_GETFD, 0));
214
252
/* If reading the flags failed, return error indication now. */
215
253
if(ret < 0){
216
254
return ret;
217
255
}
218
256
/* Store modified flag word in the descriptor. */
219
return fcntl(fd, F_SETFD, ret | FD_CLOEXEC);
257
return (int)TEMP_FAILURE_RETRY(fcntl(fd, F_SETFD,
258
ret | FD_CLOEXEC));
220
259
}
260
#endif /* not O_CLOEXEC */
221
261
222
262
223
263
/* Mark processes as completed when they exit, and save their exit
224
264
status. */
225
void handle_sigchld(__attribute__((unused)) int sig){
265
static void handle_sigchld(__attribute__((unused)) int sig){
266
int old_errno = errno;
226
267
while(true){
227
268
plugin *proc = plugin_list;
228
269
int status;
232
273
break;
233
274
}
234
275
if(pid == -1){
235
if (errno != ECHILD){
236
perror("waitpid");
276
if(errno == ECHILD){
277
/* No child processes */
278
break;
237
279
}
238
/* No child processes */
239
break;
280
error(0, errno, "waitpid");
240
281
}
241
282
242
283
/* A child exited, find it in process_list */
248
289
continue;
249
290
}
250
291
proc->status = status;
251
proc->completed = true;
292
proc->completed = 1;
252
293
}
294
errno = old_errno;
253
295
}
254
296
255
297
/* Prints out a password to stdout */
256
bool print_out_password(const char *buffer, size_t length){
298
__attribute__((nonnull, warn_unused_result))
299
static bool print_out_password(const char *buffer, size_t length){
257
300
ssize_t ret;
258
301
for(size_t written = 0; written < length; written += (size_t)ret){
259
302
ret = TEMP_FAILURE_RETRY(write(STDOUT_FILENO, buffer + written,
266
309
}
267
310
268
311
/* Removes and free a plugin from the plugin list */
312
__attribute__((nonnull))
269
313
static void free_plugin(plugin *plugin_node){
270
314
271
315
for(char **arg = plugin_node->argv; *arg != NULL; arg++){
277
321
}
278
322
free(plugin_node->environ);
279
323
free(plugin_node->buffer);
280
324
281
325
/* Removes the plugin from the singly-linked list */
282
326
if(plugin_node == plugin_list){
283
327
/* First one - simple */
305
349
char *plugindir = NULL;
306
350
char *argfile = NULL;
307
351
FILE *conffp;
308
size_t d_name_len;
309
DIR *dir = NULL;
310
struct dirent *dirst;
352
struct dirent **direntries = NULL;
311
353
struct stat st;
312
354
fd_set rfds_all;
313
355
int ret, maxfd = 0;
356
ssize_t sret;
314
357
uid_t uid = 65534;
315
358
gid_t gid = 65534;
316
359
bool debug = false;
320
363
.sa_flags = SA_NOCLDSTOP };
321
364
char **custom_argv = NULL;
322
365
int custom_argc = 0;
366
int dir_fd = -1;
323
367
324
368
/* Establish a signal handler */
325
369
sigemptyset(&sigchld_action.sa_mask);
326
370
ret = sigaddset(&sigchld_action.sa_mask, SIGCHLD);
327
371
if(ret == -1){
328
perror("sigaddset");
329
exitstatus = EXIT_FAILURE;
372
error(0, errno, "sigaddset");
373
exitstatus = EX_OSERR;
330
374
goto fallback;
331
375
}
332
376
ret = sigaction(SIGCHLD, &sigchld_action, &old_sigchld_action);
333
377
if(ret == -1){
334
perror("sigaction");
335
exitstatus = EXIT_FAILURE;
378
error(0, errno, "sigaction");
379
exitstatus = EX_OSERR;
336
380
goto fallback;
337
381
}
338
382
370
414
.doc = "Group ID the plugins will run as", .group = 3 },
371
415
{ .name = "debug", .key = 132,
372
416
.doc = "Debug mode", .group = 4 },
417
/*
418
* These reproduce what we would get without ARGP_NO_HELP
419
*/
420
{ .name = "help", .key = '?',
421
.doc = "Give this help list", .group = -1 },
422
{ .name = "usage", .key = -3,
423
.doc = "Give a short usage message", .group = -1 },
424
{ .name = "version", .key = 'V',
425
.doc = "Print program version", .group = -1 },
373
426
{ .name = NULL }
374
427
};
375
428
376
error_t parse_opt (int key, char *arg, __attribute__((unused))
377
struct argp_state *state) {
378
switch (key) {
429
__attribute__((nonnull(3)))
430
error_t parse_opt(int key, char *arg, struct argp_state *state){
431
errno = 0;
432
switch(key){
433
char *tmp;
434
intmax_t tmp_id;
379
435
case 'g': /* --global-options */
380
if (arg != NULL){
381
char *p;
382
while((p = strsep(&arg, ",")) != NULL){
383
if(p[0] == '\0'){
384
continue;
385
}
386
if(not add_argument(getplugin(NULL), p)){
387
perror("add_argument");
388
return ARGP_ERR_UNKNOWN;
436
{
437
char *plugin_option;
438
while((plugin_option = strsep(&arg, ",")) != NULL){
439
if(not add_argument(getplugin(NULL), plugin_option)){
440
break;
389
441
}
390
442
}
443
errno = 0;
391
444
}
392
445
break;
393
446
case 'G': /* --global-env */
394
if(arg == NULL){
395
break;
396
}
397
if(not add_environment(getplugin(NULL), arg, true)){
398
perror("add_environment");
447
if(add_environment(getplugin(NULL), arg, true)){
448
errno = 0;
399
449
}
400
450
break;
401
451
case 'o': /* --options-for */
402
if (arg != NULL){
403
char *p_name = strsep(&arg, ":");
404
if(p_name[0] == '\0' or arg == NULL){
405
break;
406
}
407
char *opt = strsep(&arg, ":");
408
if(opt[0] == '\0' or opt == NULL){
409
break;
410
}
411
char *p;
412
while((p = strsep(&opt, ",")) != NULL){
413
if(p[0] == '\0'){
414
continue;
415
}
416
if(not add_argument(getplugin(p_name), p)){
417
perror("add_argument");
418
return ARGP_ERR_UNKNOWN;
419
}
420
}
452
{
453
char *option_list = strchr(arg, ':');
454
if(option_list == NULL){
455
argp_error(state, "No colon in \"%s\"", arg);
456
errno = EINVAL;
457
break;
458
}
459
*option_list = '\0';
460
option_list++;
461
if(arg[0] == '\0'){
462
argp_error(state, "Empty plugin name");
463
errno = EINVAL;
464
break;
465
}
466
char *option;
467
while((option = strsep(&option_list, ",")) != NULL){
468
if(not add_argument(getplugin(arg), option)){
469
break;
470
}
471
}
472
errno = 0;
421
473
}
422
474
break;
423
475
case 'E': /* --env-for */
424
if(arg == NULL){
425
break;
426
}
427
476
{
428
477
char *envdef = strchr(arg, ':');
429
478
if(envdef == NULL){
479
argp_error(state, "No colon in \"%s\"", arg);
480
errno = EINVAL;
430
481
break;
431
482
}
432
483
*envdef = '\0';
433
if(not add_environment(getplugin(arg), envdef+1, true)){
434
perror("add_environment");
484
envdef++;
485
if(arg[0] == '\0'){
486
argp_error(state, "Empty plugin name");
487
errno = EINVAL;
488
break;
489
}
490
if(add_environment(getplugin(arg), envdef, true)){
491
errno = 0;
435
492
}
436
493
}
437
494
break;
438
495
case 'd': /* --disable */
439
if (arg != NULL){
496
{
440
497
plugin *p = getplugin(arg);
441
if(p == NULL){
442
return ARGP_ERR_UNKNOWN;
498
if(p != NULL){
499
p->disabled = true;
500
errno = 0;
443
501
}
444
p->disabled = true;
445
502
}
446
503
break;
447
504
case 'e': /* --enable */
448
if (arg != NULL){
505
{
449
506
plugin *p = getplugin(arg);
450
if(p == NULL){
451
return ARGP_ERR_UNKNOWN;
507
if(p != NULL){
508
p->disabled = false;
509
errno = 0;
452
510
}
453
p->disabled = false;
454
511
}
455
512
break;
456
513
case 128: /* --plugin-dir */
457
514
free(plugindir);
458
515
plugindir = strdup(arg);
459
if(plugindir == NULL){
460
perror("strdup");
461
}
516
if(plugindir != NULL){
517
errno = 0;
518
}
462
519
break;
463
520
case 129: /* --config-file */
464
521
/* This is already done by parse_opt_config_file() */
465
522
break;
466
523
case 130: /* --userid */
467
uid = (uid_t)strtol(arg, NULL, 10);
524
tmp_id = strtoimax(arg, &tmp, 10);
525
if(errno != 0 or tmp == arg or *tmp != '\0'
526
or tmp_id != (uid_t)tmp_id){
527
argp_error(state, "Bad user ID number: \"%s\", using %"
528
PRIdMAX, arg, (intmax_t)uid);
529
break;
530
}
531
uid = (uid_t)tmp_id;
532
errno = 0;
468
533
break;
469
534
case 131: /* --groupid */
470
gid = (gid_t)strtol(arg, NULL, 10);
535
tmp_id = strtoimax(arg, &tmp, 10);
536
if(errno != 0 or tmp == arg or *tmp != '\0'
537
or tmp_id != (gid_t)tmp_id){
538
argp_error(state, "Bad group ID number: \"%s\", using %"
539
PRIdMAX, arg, (intmax_t)gid);
540
break;
541
}
542
gid = (gid_t)tmp_id;
543
errno = 0;
471
544
break;
472
545
case 132: /* --debug */
473
546
debug = true;
474
547
break;
548
/*
549
* These reproduce what we would get without ARGP_NO_HELP
550
*/
551
case '?': /* --help */
552
state->flags &= ~(unsigned int)ARGP_NO_EXIT; /* force exit */
553
argp_state_help(state, state->out_stream, ARGP_HELP_STD_HELP);
554
case -3: /* --usage */
555
state->flags &= ~(unsigned int)ARGP_NO_EXIT; /* force exit */
556
argp_state_help(state, state->out_stream,
557
ARGP_HELP_USAGE | ARGP_HELP_EXIT_OK);
558
case 'V': /* --version */
559
fprintf(state->out_stream, "%s\n", argp_program_version);
560
exit(EXIT_SUCCESS);
561
break;
562
/*
563
* When adding more options before this line, remember to also add a
564
* "case" to the "parse_opt_config_file" function below.
565
*/
475
566
case ARGP_KEY_ARG:
476
567
/* Cryptsetup always passes an argument, which is an empty
477
568
string if "none" was specified in /etc/crypttab. So if
478
569
argument was empty, we ignore it silently. */
479
if(arg[0] != '\0'){
480
fprintf(stderr, "Ignoring unknown argument \"%s\"\n", arg);
570
if(arg[0] == '\0'){
571
break;
481
572
}
482
break;
483
case ARGP_KEY_END:
484
break;
485
573
default:
486
574
return ARGP_ERR_UNKNOWN;
487
575
}
488
return 0;
576
return errno; /* Set to 0 at start */
489
577
}
490
578
491
579
/* This option parser is the same as parse_opt() above, except it
492
580
ignores everything but the --config-file option. */
493
error_t parse_opt_config_file (int key, char *arg,
494
__attribute__((unused))
495
struct argp_state *state) {
496
switch (key) {
581
error_t parse_opt_config_file(int key, char *arg,
582
__attribute__((unused))
583
struct argp_state *state){
584
errno = 0;
585
switch(key){
497
586
case 'g': /* --global-options */
498
587
case 'G': /* --global-env */
499
588
case 'o': /* --options-for */
505
594
case 129: /* --config-file */
506
595
free(argfile);
507
596
argfile = strdup(arg);
508
if(argfile == NULL){
509
perror("strdup");
597
if(argfile != NULL){
598
errno = 0;
510
599
}
511
break;
600
break;
512
601
case 130: /* --userid */
513
602
case 131: /* --groupid */
514
603
case 132: /* --debug */
604
case '?': /* --help */
605
case -3: /* --usage */
606
case 'V': /* --version */
515
607
case ARGP_KEY_ARG:
516
case ARGP_KEY_END:
517
608
break;
518
609
default:
519
610
return ARGP_ERR_UNKNOWN;
520
611
}
521
return 0;
612
return errno;
522
613
}
523
614
524
615
struct argp argp = { .options = options,
526
617
.args_doc = "",
527
618
.doc = "Mandos plugin runner -- Run plugins" };
528
619
529
/* Parse using the parse_opt_config_file in order to get the custom
620
/* Parse using parse_opt_config_file() in order to get the custom
530
621
config file location, if any. */
531
ret = argp_parse (&argp, argc, argv, ARGP_IN_ORDER, 0, NULL);
532
if (ret == ARGP_ERR_UNKNOWN){
533
fprintf(stderr, "Unknown error while parsing arguments\n");
534
exitstatus = EXIT_FAILURE;
622
ret = argp_parse(&argp, argc, argv,
623
ARGP_IN_ORDER | ARGP_NO_EXIT | ARGP_NO_HELP,
624
NULL, NULL);
625
switch(ret){
626
case 0:
627
break;
628
case ENOMEM:
629
default:
630
errno = ret;
631
error(0, errno, "argp_parse");
632
exitstatus = EX_OSERR;
633
goto fallback;
634
case EINVAL:
635
exitstatus = EX_USAGE;
535
636
goto fallback;
536
637
}
537
638
539
640
argp.parser = parse_opt;
540
641
541
642
/* Open the configfile if available */
542
if (argfile == NULL){
643
if(argfile == NULL){
543
644
conffp = fopen(AFILE, "r");
544
645
} else {
545
646
conffp = fopen(argfile, "r");
546
}
647
}
547
648
if(conffp != NULL){
548
649
char *org_line = NULL;
549
650
char *p, *arg, *new_arg, *line;
550
651
size_t size = 0;
551
ssize_t sret;
552
652
const char whitespace_delims[] = " \r\t\f\v\n";
553
653
const char comment_delim[] = "#";
554
654
555
655
custom_argc = 1;
556
656
custom_argv = malloc(sizeof(char*) * 2);
557
657
if(custom_argv == NULL){
558
perror("malloc");
559
exitstatus = EXIT_FAILURE;
658
error(0, errno, "malloc");
659
exitstatus = EX_OSERR;
560
660
goto fallback;
561
661
}
562
662
custom_argv[0] = argv[0];
563
663
custom_argv[1] = NULL;
564
664
565
665
/* for each line in the config file, strip whitespace and ignore
566
666
commented text */
567
667
while(true){
569
669
if(sret == -1){
570
670
break;
571
671
}
572
672
573
673
line = org_line;
574
674
arg = strsep(&line, comment_delim);
575
675
while((p = strsep(&arg, whitespace_delims)) != NULL){
578
678
}
579
679
new_arg = strdup(p);
580
680
if(new_arg == NULL){
581
perror("strdup");
582
exitstatus = EXIT_FAILURE;
681
error(0, errno, "strdup");
682
exitstatus = EX_OSERR;
583
683
free(org_line);
584
684
goto fallback;
585
685
}
586
686
587
687
custom_argc += 1;
588
custom_argv = realloc(custom_argv, sizeof(char *)
589
* ((unsigned int) custom_argc + 1));
590
if(custom_argv == NULL){
591
perror("realloc");
592
exitstatus = EXIT_FAILURE;
593
free(org_line);
594
goto fallback;
688
{
689
char **new_argv = realloc(custom_argv, sizeof(char *)
690
* ((unsigned int)
691
custom_argc + 1));
692
if(new_argv == NULL){
693
error(0, errno, "realloc");
694
exitstatus = EX_OSERR;
695
free(new_arg);
696
free(org_line);
697
goto fallback;
698
} else {
699
custom_argv = new_argv;
700
}
595
701
}
596
702
custom_argv[custom_argc-1] = new_arg;
597
custom_argv[custom_argc] = NULL;
703
custom_argv[custom_argc] = NULL;
598
704
}
599
705
}
706
do {
707
ret = fclose(conffp);
708
} while(ret == EOF and errno == EINTR);
709
if(ret == EOF){
710
error(0, errno, "fclose");
711
exitstatus = EX_IOERR;
712
goto fallback;
713
}
600
714
free(org_line);
601
715
} else {
602
716
/* Check for harmful errors and go to fallback. Other errors might
603
717
not affect opening plugins */
604
if (errno == EMFILE or errno == ENFILE or errno == ENOMEM){
605
perror("fopen");
606
exitstatus = EXIT_FAILURE;
718
if(errno == EMFILE or errno == ENFILE or errno == ENOMEM){
719
error(0, errno, "fopen");
720
exitstatus = EX_OSERR;
607
721
goto fallback;
608
722
}
609
723
}
610
/* If there was any arguments from configuration file,
611
pass them to parser as command arguments */
724
/* If there were any arguments from the configuration file, pass
725
them to parser as command line arguments */
612
726
if(custom_argv != NULL){
613
ret = argp_parse (&argp, custom_argc, custom_argv, ARGP_IN_ORDER,
614
0, NULL);
615
if (ret == ARGP_ERR_UNKNOWN){
616
fprintf(stderr, "Unknown error while parsing arguments\n");
617
exitstatus = EXIT_FAILURE;
727
ret = argp_parse(&argp, custom_argc, custom_argv,
728
ARGP_IN_ORDER | ARGP_NO_EXIT | ARGP_NO_HELP,
729
NULL, NULL);
730
switch(ret){
731
case 0:
732
break;
733
case ENOMEM:
734
default:
735
errno = ret;
736
error(0, errno, "argp_parse");
737
exitstatus = EX_OSERR;
738
goto fallback;
739
case EINVAL:
740
exitstatus = EX_CONFIG;
618
741
goto fallback;
619
742
}
620
743
}
621
744
622
745
/* Parse actual command line arguments, to let them override the
623
746
config file */
624
ret = argp_parse (&argp, argc, argv, ARGP_IN_ORDER, 0, NULL);
625
if (ret == ARGP_ERR_UNKNOWN){
626
fprintf(stderr, "Unknown error while parsing arguments\n");
627
exitstatus = EXIT_FAILURE;
747
ret = argp_parse(&argp, argc, argv,
748
ARGP_IN_ORDER | ARGP_NO_EXIT | ARGP_NO_HELP,
749
NULL, NULL);
750
switch(ret){
751
case 0:
752
break;
753
case ENOMEM:
754
default:
755
errno = ret;
756
error(0, errno, "argp_parse");
757
exitstatus = EX_OSERR;
758
goto fallback;
759
case EINVAL:
760
exitstatus = EX_USAGE;
628
761
goto fallback;
629
762
}
630
763
635
768
for(char **a = p->argv; *a != NULL; a++){
636
769
fprintf(stderr, "\tArg: %s\n", *a);
637
770
}
638
fprintf(stderr, "...and %u environment variables\n", p->envc);
771
fprintf(stderr, "...and %d environment variables\n", p->envc);
639
772
for(char **a = p->environ; *a != NULL; a++){
640
773
fprintf(stderr, "\t%s\n", *a);
641
774
}
642
775
}
643
776
}
644
777
645
/* Strip permissions down to nobody */
778
if(getuid() == 0){
779
/* Work around Debian bug #633582:
780
<http://bugs.debian.org/633582> */
781
int plugindir_fd = open(/* plugindir or */ PDIR, O_RDONLY);
782
if(plugindir_fd == -1){
783
if(errno != ENOENT){
784
error(0, errno, "open(\"" PDIR "\")");
785
}
786
} else {
787
ret = (int)TEMP_FAILURE_RETRY(fstat(plugindir_fd, &st));
788
if(ret == -1){
789
error(0, errno, "fstat");
790
} else {
791
if(S_ISDIR(st.st_mode) and st.st_uid == 0 and st.st_gid == 0){
792
ret = fchown(plugindir_fd, uid, gid);
793
if(ret == -1){
794
error(0, errno, "fchown");
795
}
796
}
797
}
798
TEMP_FAILURE_RETRY(close(plugindir_fd));
799
}
800
}
801
802
/* Lower permissions */
803
ret = setgid(gid);
804
if(ret == -1){
805
error(0, errno, "setgid");
806
}
646
807
ret = setuid(uid);
647
if (ret == -1){
648
perror("setuid");
649
}
650
setgid(gid);
651
if (ret == -1){
652
perror("setgid");
653
}
654
655
if (plugindir == NULL){
656
dir = opendir(PDIR);
657
} else {
658
dir = opendir(plugindir);
659
}
660
661
if(dir == NULL){
662
perror("Could not open plugin dir");
663
exitstatus = EXIT_FAILURE;
664
goto fallback;
665
}
666
667
/* Set the FD_CLOEXEC flag on the directory, if possible */
808
if(ret == -1){
809
error(0, errno, "setuid");
810
}
811
812
/* Open plugin directory with close_on_exec flag */
668
813
{
669
int dir_fd = dirfd(dir);
670
if(dir_fd >= 0){
671
ret = set_cloexec_flag(dir_fd);
672
if(ret < 0){
673
perror("set_cloexec_flag");
674
exitstatus = EXIT_FAILURE;
675
goto fallback;
814
dir_fd = open(plugindir != NULL ? plugindir : PDIR, O_RDONLY |
815
#ifdef O_CLOEXEC
816
O_CLOEXEC
817
#else /* not O_CLOEXEC */
818
0
819
#endif /* not O_CLOEXEC */
820
);
821
if(dir_fd == -1){
822
error(0, errno, "Could not open plugin dir");
823
exitstatus = EX_UNAVAILABLE;
824
goto fallback;
825
}
826
827
#ifndef O_CLOEXEC
828
/* Set the FD_CLOEXEC flag on the directory */
829
ret = set_cloexec_flag(dir_fd);
830
if(ret < 0){
831
error(0, errno, "set_cloexec_flag");
832
exitstatus = EX_OSERR;
833
goto fallback;
834
}
835
#endif /* O_CLOEXEC */
836
}
837
838
int good_name(const struct dirent * const dirent){
839
const char * const patterns[] = { ".*", "#*#", "*~", "*.dpkg-new",
840
"*.dpkg-old", "*.dpkg-bak",
841
"*.dpkg-divert", NULL };
842
#ifdef __GNUC__
843
#pragma GCC diagnostic push
844
#pragma GCC diagnostic ignored "-Wcast-qual"
845
#endif
846
for(const char **pat = (const char **)patterns;
847
*pat != NULL; pat++){
848
#ifdef __GNUC__
849
#pragma GCC diagnostic pop
850
#endif
851
if(fnmatch(*pat, dirent->d_name, FNM_FILE_NAME | FNM_PERIOD)
852
!= FNM_NOMATCH){
853
if(debug){
854
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
855
" matching pattern %s\n", dirent->d_name, *pat);
856
}
857
return 0;
676
858
}
677
859
}
860
return 1;
861
}
862
863
#ifdef __GLIBC__
864
#if __GLIBC_PREREQ(2, 15)
865
int numplugins = scandirat(dir_fd, ".", &direntries, good_name,
866
alphasort);
867
#else /* not __GLIBC_PREREQ(2, 15) */
868
int numplugins = scandir(plugindir != NULL ? plugindir : PDIR,
869
&direntries, good_name, alphasort);
870
#endif /* not __GLIBC_PREREQ(2, 15) */
871
#else /* not __GLIBC__ */
872
int numplugins = scandir(plugindir != NULL ? plugindir : PDIR,
873
&direntries, good_name, alphasort);
874
#endif /* not __GLIBC__ */
875
if(numplugins == -1){
876
error(0, errno, "Could not scan plugin dir");
877
direntries = NULL;
878
exitstatus = EX_OSERR;
879
goto fallback;
678
880
}
679
881
680
882
FD_ZERO(&rfds_all);
681
883
682
884
/* Read and execute any executable in the plugin directory*/
683
while(true){
684
dirst = readdir(dir);
685
686
/* All directory entries have been processed */
687
if(dirst == NULL){
688
if (errno == EBADF){
689
perror("readdir");
690
exitstatus = EXIT_FAILURE;
691
goto fallback;
692
}
693
break;
694
}
695
696
d_name_len = strlen(dirst->d_name);
697
698
/* Ignore dotfiles, backup files and other junk */
699
{
700
bool bad_name = false;
701
702
const char const *bad_prefixes[] = { ".", "#", NULL };
703
704
const char const *bad_suffixes[] = { "~", "#", ".dpkg-new",
705
".dpkg-old",
706
".dpkg-divert", NULL };
707
for(const char **pre = bad_prefixes; *pre != NULL; pre++){
708
size_t pre_len = strlen(*pre);
709
if((d_name_len >= pre_len)
710
and strncmp((dirst->d_name), *pre, pre_len) == 0){
711
if(debug){
712
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
713
" with bad prefix %s\n", dirst->d_name, *pre);
714
}
715
bad_name = true;
716
break;
717
}
718
}
719
if(bad_name){
720
continue;
721
}
722
for(const char **suf = bad_suffixes; *suf != NULL; suf++){
723
size_t suf_len = strlen(*suf);
724
if((d_name_len >= suf_len)
725
and (strcmp((dirst->d_name)+d_name_len-suf_len, *suf)
726
== 0)){
727
if(debug){
728
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
729
" with bad suffix %s\n", dirst->d_name, *suf);
730
}
731
bad_name = true;
732
break;
733
}
734
}
735
736
if(bad_name){
737
continue;
738
}
739
}
740
741
char *filename;
742
if(plugindir == NULL){
743
ret = asprintf(&filename, PDIR "/%s", dirst->d_name);
744
} else {
745
ret = asprintf(&filename, "%s/%s", plugindir, dirst->d_name);
746
}
747
if(ret < 0){
748
perror("asprintf");
749
continue;
750
}
751
752
ret = stat(filename, &st);
753
if (ret == -1){
754
perror("stat");
755
free(filename);
756
continue;
757
}
758
885
for(int i = 0; i < numplugins; i++){
886
887
int plugin_fd = openat(dir_fd, direntries[i]->d_name, O_RDONLY);
888
if(plugin_fd == -1){
889
error(0, errno, "Could not open plugin");
890
free(direntries[i]);
891
continue;
892
}
893
ret = (int)TEMP_FAILURE_RETRY(fstat(plugin_fd, &st));
894
if(ret == -1){
895
error(0, errno, "stat");
896
TEMP_FAILURE_RETRY(close(plugin_fd));
897
free(direntries[i]);
898
continue;
899
}
900
759
901
/* Ignore non-executable files */
760
if (not S_ISREG(st.st_mode) or (access(filename, X_OK) != 0)){
902
if(not S_ISREG(st.st_mode)
903
or (TEMP_FAILURE_RETRY(faccessat(dir_fd, direntries[i]->d_name,
904
X_OK, 0)) != 0)){
761
905
if(debug){
762
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
763
" with bad type or mode\n", filename);
906
fprintf(stderr, "Ignoring plugin dir entry \"%s/%s\""
907
" with bad type or mode\n",
908
plugindir != NULL ? plugindir : PDIR,
909
direntries[i]->d_name);
764
910
}
765
free(filename);
911
TEMP_FAILURE_RETRY(close(plugin_fd));
912
free(direntries[i]);
766
913
continue;
767
914
}
768
915
769
plugin *p = getplugin(dirst->d_name);
916
plugin *p = getplugin(direntries[i]->d_name);
770
917
if(p == NULL){
771
perror("getplugin");
772
free(filename);
918
error(0, errno, "getplugin");
919
TEMP_FAILURE_RETRY(close(plugin_fd));
920
free(direntries[i]);
773
921
continue;
774
922
}
775
923
if(p->disabled){
776
924
if(debug){
777
925
fprintf(stderr, "Ignoring disabled plugin \"%s\"\n",
778
dirst->d_name);
926
direntries[i]->d_name);
779
927
}
780
free(filename);
928
TEMP_FAILURE_RETRY(close(plugin_fd));
929
free(direntries[i]);
781
930
continue;
782
931
}
783
932
{
786
935
if(g != NULL){
787
936
for(char **a = g->argv + 1; *a != NULL; a++){
788
937
if(not add_argument(p, *a)){
789
perror("add_argument");
938
error(0, errno, "add_argument");
790
939
}
791
940
}
792
941
/* Add global environment variables */
793
942
for(char **e = g->environ; *e != NULL; e++){
794
943
if(not add_environment(p, *e, false)){
795
perror("add_environment");
944
error(0, errno, "add_environment");
796
945
}
797
946
}
798
947
}
799
948
}
800
/* If this plugin has any environment variables, we will call
801
using execve and need to duplicate the environment from this
802
process, too. */
949
/* If this plugin has any environment variables, we need to
950
duplicate the environment from this process, too. */
803
951
if(p->environ[0] != NULL){
804
952
for(char **e = environ; *e != NULL; e++){
805
953
if(not add_environment(p, *e, false)){
806
perror("add_environment");
954
error(0, errno, "add_environment");
807
955
}
808
956
}
809
957
}
810
958
811
959
int pipefd[2];
812
ret = pipe(pipefd);
813
if (ret == -1){
814
perror("pipe");
815
exitstatus = EXIT_FAILURE;
816
goto fallback;
817
}
960
#ifndef O_CLOEXEC
961
ret = (int)TEMP_FAILURE_RETRY(pipe(pipefd));
962
#else /* O_CLOEXEC */
963
ret = (int)TEMP_FAILURE_RETRY(pipe2(pipefd, O_CLOEXEC));
964
#endif /* O_CLOEXEC */
965
if(ret == -1){
966
error(0, errno, "pipe");
967
exitstatus = EX_OSERR;
968
free(direntries[i]);
969
goto fallback;
970
}
971
if(pipefd[0] >= FD_SETSIZE){
972
fprintf(stderr, "pipe()[0] (%d) >= FD_SETSIZE (%d)", pipefd[0],
973
FD_SETSIZE);
974
TEMP_FAILURE_RETRY(close(pipefd[0]));
975
TEMP_FAILURE_RETRY(close(pipefd[1]));
976
exitstatus = EX_OSERR;
977
free(direntries[i]);
978
goto fallback;
979
}
980
#ifndef O_CLOEXEC
818
981
/* Ask OS to automatic close the pipe on exec */
819
982
ret = set_cloexec_flag(pipefd[0]);
820
983
if(ret < 0){
821
perror("set_cloexec_flag");
822
exitstatus = EXIT_FAILURE;
984
error(0, errno, "set_cloexec_flag");
985
TEMP_FAILURE_RETRY(close(pipefd[0]));
986
TEMP_FAILURE_RETRY(close(pipefd[1]));
987
exitstatus = EX_OSERR;
988
free(direntries[i]);
823
989
goto fallback;
824
990
}
825
991
ret = set_cloexec_flag(pipefd[1]);
826
992
if(ret < 0){
827
perror("set_cloexec_flag");
828
exitstatus = EXIT_FAILURE;
993
error(0, errno, "set_cloexec_flag");
994
TEMP_FAILURE_RETRY(close(pipefd[0]));
995
TEMP_FAILURE_RETRY(close(pipefd[1]));
996
exitstatus = EX_OSERR;
997
free(direntries[i]);
829
998
goto fallback;
830
999
}
1000
#endif /* not O_CLOEXEC */
831
1001
/* Block SIGCHLD until process is safely in process list */
832
ret = sigprocmask (SIG_BLOCK, &sigchld_action.sa_mask, NULL);
1002
ret = (int)TEMP_FAILURE_RETRY(sigprocmask(SIG_BLOCK,
1003
&sigchld_action.sa_mask,
1004
NULL));
833
1005
if(ret < 0){
834
perror("sigprocmask");
835
exitstatus = EXIT_FAILURE;
1006
error(0, errno, "sigprocmask");
1007
exitstatus = EX_OSERR;
1008
free(direntries[i]);
836
1009
goto fallback;
837
1010
}
838
1011
/* Starting a new process to be watched */
839
pid_t pid = fork();
1012
pid_t pid;
1013
do {
1014
pid = fork();
1015
} while(pid == -1 and errno == EINTR);
840
1016
if(pid == -1){
841
perror("fork");
842
exitstatus = EXIT_FAILURE;
1017
error(0, errno, "fork");
1018
TEMP_FAILURE_RETRY(sigprocmask(SIG_UNBLOCK,
1019
&sigchld_action.sa_mask, NULL));
1020
TEMP_FAILURE_RETRY(close(pipefd[0]));
1021
TEMP_FAILURE_RETRY(close(pipefd[1]));
1022
exitstatus = EX_OSERR;
1023
free(direntries[i]);
843
1024
goto fallback;
844
1025
}
845
1026
if(pid == 0){
846
1027
/* this is the child process */
847
1028
ret = sigaction(SIGCHLD, &old_sigchld_action, NULL);
848
1029
if(ret < 0){
849
perror("sigaction");
850
_exit(EXIT_FAILURE);
1030
error(0, errno, "sigaction");
1031
_exit(EX_OSERR);
851
1032
}
852
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
1033
ret = sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
853
1034
if(ret < 0){
854
perror("sigprocmask");
855
_exit(EXIT_FAILURE);
1035
error(0, errno, "sigprocmask");
1036
_exit(EX_OSERR);
856
1037
}
857
1038
858
1039
ret = dup2(pipefd[1], STDOUT_FILENO); /* replace our stdout */
859
1040
if(ret == -1){
860
perror("dup2");
861
_exit(EXIT_FAILURE);
1041
error(0, errno, "dup2");
1042
_exit(EX_OSERR);
862
1043
}
863
1044
864
if(dirfd(dir) < 0){
865
/* If dir has no file descriptor, we could not set FD_CLOEXEC
866
above and must now close it manually here. */
867
closedir(dir);
868
}
869
if(p->environ[0] == NULL){
870
if(execv(filename, p->argv) < 0){
871
perror("execv");
872
_exit(EXIT_FAILURE);
873
}
874
} else {
875
if(execve(filename, p->argv, p->environ) < 0){
876
perror("execve");
877
_exit(EXIT_FAILURE);
878
}
1045
if(fexecve(plugin_fd, p->argv,
1046
(p->environ[0] != NULL) ? p->environ : environ) < 0){
1047
error(0, errno, "fexecve for %s/%s",
1048
plugindir != NULL ? plugindir : PDIR,
1049
direntries[i]->d_name);
1050
_exit(EX_OSERR);
879
1051
}
880
1052
/* no return */
881
1053
}
882
1054
/* Parent process */
883
close(pipefd[1]); /* Close unused write end of pipe */
884
free(filename);
885
plugin *new_plugin = getplugin(dirst->d_name);
886
if (new_plugin == NULL){
887
perror("getplugin");
888
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
1055
TEMP_FAILURE_RETRY(close(pipefd[1])); /* Close unused write end of
1056
pipe */
1057
TEMP_FAILURE_RETRY(close(plugin_fd));
1058
plugin *new_plugin = getplugin(direntries[i]->d_name);
1059
if(new_plugin == NULL){
1060
error(0, errno, "getplugin");
1061
ret = (int)(TEMP_FAILURE_RETRY
1062
(sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask,
1063
NULL)));
889
1064
if(ret < 0){
890
perror("sigprocmask");
1065
error(0, errno, "sigprocmask");
891
1066
}
892
exitstatus = EXIT_FAILURE;
1067
exitstatus = EX_OSERR;
1068
free(direntries[i]);
893
1069
goto fallback;
894
1070
}
1071
free(direntries[i]);
895
1072
896
1073
new_plugin->pid = pid;
897
1074
new_plugin->fd = pipefd[0];
898
1075
899
1076
/* Unblock SIGCHLD so signal handler can be run if this process
900
1077
has already completed */
901
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
1078
ret = (int)TEMP_FAILURE_RETRY(sigprocmask(SIG_UNBLOCK,
1079
&sigchld_action.sa_mask,
1080
NULL));
902
1081
if(ret < 0){
903
perror("sigprocmask");
904
exitstatus = EXIT_FAILURE;
1082
error(0, errno, "sigprocmask");
1083
exitstatus = EX_OSERR;
905
1084
goto fallback;
906
1085
}
907
1086
908
FD_SET(new_plugin->fd, &rfds_all);
1087
#if defined (__GNUC__) and defined (__GLIBC__)
1088
#if not __GLIBC_PREREQ(2, 16)
1089
#pragma GCC diagnostic push
1090
#pragma GCC diagnostic ignored "-Wsign-conversion"
1091
#endif
1092
#endif
1093
FD_SET(new_plugin->fd, &rfds_all); /* Spurious warning from
1094
-Wconversion in GNU libc
1095
before 2.16 */
1096
#if defined (__GNUC__) and defined (__GLIBC__)
1097
#if not __GLIBC_PREREQ(2, 16)
1098
#pragma GCC diagnostic pop
1099
#endif
1100
#endif
909
1101
910
if (maxfd < new_plugin->fd){
1102
if(maxfd < new_plugin->fd){
911
1103
maxfd = new_plugin->fd;
912
1104
}
913
914
1105
}
915
1106
916
closedir(dir);
917
dir = NULL;
918
1107
free(direntries);
1108
direntries = NULL;
1109
TEMP_FAILURE_RETRY(close(dir_fd));
1110
dir_fd = -1;
1111
free_plugin(getplugin(NULL));
1112
919
1113
for(plugin *p = plugin_list; p != NULL; p = p->next){
920
1114
if(p->pid != 0){
921
1115
break;
926
1120
free_plugin_list();
927
1121
}
928
1122
}
929
1123
930
1124
/* Main loop while running plugins exist */
931
1125
while(plugin_list){
932
1126
fd_set rfds = rfds_all;
933
1127
int select_ret = select(maxfd+1, &rfds, NULL, NULL, NULL);
934
if (select_ret == -1){
935
perror("select");
936
exitstatus = EXIT_FAILURE;
1128
if(select_ret == -1 and errno != EINTR){
1129
error(0, errno, "select");
1130
exitstatus = EX_OSERR;
937
1131
goto fallback;
938
1132
}
939
1133
/* OK, now either a process completed, or something can be read
940
1134
from one of them */
941
1135
for(plugin *proc = plugin_list; proc != NULL;){
942
1136
/* Is this process completely done? */
943
if(proc->eof and proc->completed){
1137
if(proc->completed and proc->eof){
944
1138
/* Only accept the plugin output if it exited cleanly */
945
1139
if(not WIFEXITED(proc->status)
946
1140
or WEXITSTATUS(proc->status) != 0){
947
1141
/* Bad exit by plugin */
948
1142
949
1143
if(debug){
950
1144
if(WIFEXITED(proc->status)){
951
fprintf(stderr, "Plugin %u exited with status %d\n",
952
(unsigned int) (proc->pid),
1145
fprintf(stderr, "Plugin %s [%" PRIdMAX "] exited with"
1146
" status %d\n", proc->name,
1147
(intmax_t) (proc->pid),
953
1148
WEXITSTATUS(proc->status));
954
} else if(WIFSIGNALED(proc->status)) {
955
fprintf(stderr, "Plugin %u killed by signal %d\n",
956
(unsigned int) (proc->pid),
957
WTERMSIG(proc->status));
1149
} else if(WIFSIGNALED(proc->status)){
1150
fprintf(stderr, "Plugin %s [%" PRIdMAX "] killed by"
1151
" signal %d: %s\n", proc->name,
1152
(intmax_t) (proc->pid),
1153
WTERMSIG(proc->status),
1154
strsignal(WTERMSIG(proc->status)));
958
1155
} else if(WCOREDUMP(proc->status)){
959
fprintf(stderr, "Plugin %d dumped core\n",
960
(unsigned int) (proc->pid));
1156
fprintf(stderr, "Plugin %s [%" PRIdMAX "] dumped"
1157
" core\n", proc->name, (intmax_t) (proc->pid));
961
1158
}
962
1159
}
963
1160
964
1161
/* Remove the plugin */
965
FD_CLR(proc->fd, &rfds_all);
966
1162
#if defined (__GNUC__) and defined (__GLIBC__)
1163
#if not __GLIBC_PREREQ(2, 16)
1164
#pragma GCC diagnostic push
1165
#pragma GCC diagnostic ignored "-Wsign-conversion"
1166
#endif
1167
#endif
1168
FD_CLR(proc->fd, &rfds_all); /* Spurious warning from
1169
-Wconversion in GNU libc
1170
before 2.16 */
1171
#if defined (__GNUC__) and defined (__GLIBC__)
1172
#if not __GLIBC_PREREQ(2, 16)
1173
#pragma GCC diagnostic pop
1174
#endif
1175
#endif
1176
967
1177
/* Block signal while modifying process_list */
968
ret = sigprocmask(SIG_BLOCK, &sigchld_action.sa_mask, NULL);
969
if(ret < 0){
970
perror("sigprocmask");
971
exitstatus = EXIT_FAILURE;
972
goto fallback;
973
}
974
975
/* We are done modifying process list, so unblock signal */
976
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask,
977
NULL);
978
if(ret < 0){
979
perror("sigprocmask");
980
exitstatus = EXIT_FAILURE;
981
goto fallback;
982
}
983
984
if(plugin_list == NULL){
985
break;
1178
ret = (int)TEMP_FAILURE_RETRY(sigprocmask
1179
(SIG_BLOCK,
1180
&sigchld_action.sa_mask,
1181
NULL));
1182
if(ret < 0){
1183
error(0, errno, "sigprocmask");
1184
exitstatus = EX_OSERR;
1185
goto fallback;
986
1186
}
987
1187
988
1188
plugin *next_plugin = proc->next;
989
1189
free_plugin(proc);
990
1190
proc = next_plugin;
1191
1192
/* We are done modifying process list, so unblock signal */
1193
ret = (int)(TEMP_FAILURE_RETRY
1194
(sigprocmask(SIG_UNBLOCK,
1195
&sigchld_action.sa_mask, NULL)));
1196
if(ret < 0){
1197
error(0, errno, "sigprocmask");
1198
exitstatus = EX_OSERR;
1199
goto fallback;
1200
}
1201
1202
if(plugin_list == NULL){
1203
break;
1204
}
1205
991
1206
continue;
992
1207
}
993
1208
994
1209
/* This process exited nicely, so print its buffer */
995
1210
996
1211
bool bret = print_out_password(proc->buffer,
997
1212
proc->buffer_length);
998
1213
if(not bret){
999
perror("print_out_password");
1000
exitstatus = EXIT_FAILURE;
1214
error(0, errno, "print_out_password");
1215
exitstatus = EX_IOERR;
1001
1216
}
1002
1217
goto fallback;
1003
1218
}
1004
1219
1005
1220
/* This process has not completed. Does it have any output? */
1006
if(proc->eof or not FD_ISSET(proc->fd, &rfds)){
1221
#if defined (__GNUC__) and defined (__GLIBC__)
1222
#if not __GLIBC_PREREQ(2, 16)
1223
#pragma GCC diagnostic push
1224
#pragma GCC diagnostic ignored "-Wsign-conversion"
1225
#endif
1226
#endif
1227
if(proc->eof or not FD_ISSET(proc->fd, &rfds)){ /* Spurious
1228
warning from
1229
-Wconversion
1230
in GNU libc
1231
before
1232
2.16 */
1233
#if defined (__GNUC__) and defined (__GLIBC__)
1234
#if not __GLIBC_PREREQ(2, 16)
1235
#pragma GCC diagnostic pop
1236
#endif
1237
#endif
1007
1238
/* This process had nothing to say at this time */
1008
1239
proc = proc->next;
1009
1240
continue;
1010
1241
}
1011
1242
/* Before reading, make the process' data buffer large enough */
1012
1243
if(proc->buffer_length + BUFFER_SIZE > proc->buffer_size){
1013
proc->buffer = realloc(proc->buffer, proc->buffer_size
1014
+ (size_t) BUFFER_SIZE);
1015
if (proc->buffer == NULL){
1016
perror("malloc");
1017
exitstatus = EXIT_FAILURE;
1244
char *new_buffer = realloc(proc->buffer, proc->buffer_size
1245
+ (size_t) BUFFER_SIZE);
1246
if(new_buffer == NULL){
1247
error(0, errno, "malloc");
1248
exitstatus = EX_OSERR;
1018
1249
goto fallback;
1019
1250
}
1251
proc->buffer = new_buffer;
1020
1252
proc->buffer_size += BUFFER_SIZE;
1021
1253
}
1022
1254
/* Read from the process */
1023
ret = read(proc->fd, proc->buffer + proc->buffer_length,
1024
BUFFER_SIZE);
1025
if(ret < 0){
1255
sret = TEMP_FAILURE_RETRY(read(proc->fd,
1256
proc->buffer
1257
+ proc->buffer_length,
1258
BUFFER_SIZE));
1259
if(sret < 0){
1026
1260
/* Read error from this process; ignore the error */
1027
1261
proc = proc->next;
1028
1262
continue;
1029
1263
}
1030
if(ret == 0){
1264
if(sret == 0){
1031
1265
/* got EOF */
1032
1266
proc->eof = true;
1033
1267
} else {
1034
proc->buffer_length += (size_t) ret;
1268
proc->buffer_length += (size_t) sret;
1035
1269
}
1036
1270
}
1037
1271
}
1038
1039
1272
1273
1040
1274
fallback:
1041
1275
1042
if(plugin_list == NULL or exitstatus != EXIT_SUCCESS){
1276
if(plugin_list == NULL or (exitstatus != EXIT_SUCCESS
1277
and exitstatus != EX_OK)){
1043
1278
/* Fallback if all plugins failed, none are found or an error
1044
1279
occured */
1045
1280
bool bret;
1053
1288
}
1054
1289
bret = print_out_password(passwordbuffer, len);
1055
1290
if(not bret){
1056
perror("print_out_password");
1057
exitstatus = EXIT_FAILURE;
1291
error(0, errno, "print_out_password");
1292
exitstatus = EX_IOERR;
1058
1293
}
1059
1294
}
1060
1295
1061
1296
/* Restore old signal handler */
1062
1297
ret = sigaction(SIGCHLD, &old_sigchld_action, NULL);
1063
1298
if(ret == -1){
1064
perror("sigaction");
1065
exitstatus = EXIT_FAILURE;
1299
error(0, errno, "sigaction");
1300
exitstatus = EX_OSERR;
1066
1301
}
1067
1302
1068
1303
if(custom_argv != NULL){
1069
1304
for(char **arg = custom_argv+1; *arg != NULL; arg++){
1070
1305
free(*arg);
1072
1307
free(custom_argv);
1073
1308
}
1074
1309
1075
if(dir != NULL){
1076
closedir(dir);
1310
free(direntries);
1311
1312
if(dir_fd != -1){
1313
TEMP_FAILURE_RETRY(close(dir_fd));
1077
1314
}
1078
1315
1079
/* Free the process list and kill the processes */
1316
/* Kill the processes */
1080
1317
for(plugin *p = plugin_list; p != NULL; p = p->next){
1081
1318
if(p->pid != 0){
1082
1319
close(p->fd);
1083
1320
ret = kill(p->pid, SIGTERM);
1084
1321
if(ret == -1 and errno != ESRCH){
1085
1322
/* Set-uid proccesses might not get closed */
1086
perror("kill");
1323
error(0, errno, "kill");
1087
1324
}
1088
1325
}
1089
1326
}
1090
1327
1091
1328
/* Wait for any remaining child processes to terminate */
1092
do{
1329
do {
1093
1330
ret = wait(NULL);
1094
1331
} while(ret >= 0);
1095
1332
if(errno != ECHILD){
1096
perror("wait");
1333
error(0, errno, "wait");
1097
1334
}
1098
1335
1099
1336
free_plugin_list();
1100
1337
1101
1338
free(plugindir);
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0