/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugin-runner.c

  • Committer: teddy at bsnet
  • Date: 2010-08-10 19:08:24 UTC
  • mto: (237.2.182 mandos-local)
  • mto: This revision was merged to the branch mainline in revision 270.
  • Revision ID: teddy@fukt.bsnet.se-20100810190824-5yquozxy4kh6py3f
* plugins.d/mandos-client.c: An empty interface name now means to
                             autodetect an interface; to specify no
                             particular interface, use "none".
  (sys_class_net): New global variable for the "/sys/class/net" path.
  (good_interface): New function to determine the suitability of an
                    interface.  Used by a scandir() call in main().
  (main): Changed default value for "interface" to the empty string.
          Moved "connect_to" to be a global variable.  Only take down
          and up interface if its name is not "none".
* plugins.d/mandos-client.xml (OPTIONS): Update documentation for the
                                         "--interface" option.

Show diffs side-by-side

added added

removed removed

Lines of Context:
54
54
#include <fcntl.h>              /* fcntl(), F_GETFD, F_SETFD,
55
55
                                   FD_CLOEXEC */
56
56
#include <string.h>             /* strsep, strlen(), asprintf(),
57
 
                                   strsignal(), strcmp(), strncmp() */
 
57
                                   strsignal() */
58
58
#include <errno.h>              /* errno */
59
59
#include <argp.h>               /* struct argp_option, struct
60
60
                                   argp_state, struct argp,
230
230
 | [[info:libc:Descriptor%20Flags][File Descriptor Flags]] |
231
231
 */
232
232
static int set_cloexec_flag(int fd){
233
 
  int ret = TEMP_FAILURE_RETRY(fcntl(fd, F_GETFD, 0));
 
233
  int ret = (int)TEMP_FAILURE_RETRY(fcntl(fd, F_GETFD, 0));
234
234
  /* If reading the flags failed, return error indication now. */
235
235
  if(ret < 0){
236
236
    return ret;
237
237
  }
238
238
  /* Store modified flag word in the descriptor. */
239
 
  return TEMP_FAILURE_RETRY(fcntl(fd, F_SETFD, ret | FD_CLOEXEC));
 
239
  return (int)TEMP_FAILURE_RETRY(fcntl(fd, F_SETFD,
 
240
                                       ret | FD_CLOEXEC));
240
241
}
241
242
 
242
243
 
770
771
      for(const char **suf = bad_suffixes; *suf != NULL; suf++){
771
772
        size_t suf_len = strlen(*suf);
772
773
        if((d_name_len >= suf_len)
773
 
           and (strcmp((dirst->d_name) + d_name_len-suf_len, *suf)
 
774
           and (strcmp((dirst->d_name)+d_name_len-suf_len, *suf)
774
775
                == 0)){
775
776
          if(debug){
776
777
            fprintf(stderr, "Ignoring plugin dir entry \"%s\""
788
789
    
789
790
    char *filename;
790
791
    if(plugindir == NULL){
791
 
      ret = TEMP_FAILURE_RETRY(asprintf(&filename, PDIR "/%s",
792
 
                                        dirst->d_name));
 
792
      ret = (int)TEMP_FAILURE_RETRY(asprintf(&filename, PDIR "/%s",
 
793
                                             dirst->d_name));
793
794
    } else {
794
 
      ret = TEMP_FAILURE_RETRY(asprintf(&filename, "%s/%s", plugindir,
795
 
                                        dirst->d_name));
 
795
      ret = (int)TEMP_FAILURE_RETRY(asprintf(&filename, "%s/%s",
 
796
                                             plugindir,
 
797
                                             dirst->d_name));
796
798
    }
797
799
    if(ret < 0){
798
800
      perror("asprintf");
799
801
      continue;
800
802
    }
801
803
    
802
 
    ret = TEMP_FAILURE_RETRY(stat(filename, &st));
 
804
    ret = (int)TEMP_FAILURE_RETRY(stat(filename, &st));
803
805
    if(ret == -1){
804
806
      perror("stat");
805
807
      free(filename);
860
862
    }
861
863
    
862
864
    int pipefd[2];
863
 
    ret = TEMP_FAILURE_RETRY(pipe(pipefd));
 
865
    ret = (int)TEMP_FAILURE_RETRY(pipe(pipefd));
864
866
    if(ret == -1){
865
867
      perror("pipe");
866
868
      exitstatus = EXIT_FAILURE;
880
882
      goto fallback;
881
883
    }
882
884
    /* Block SIGCHLD until process is safely in process list */
883
 
    ret = TEMP_FAILURE_RETRY(sigprocmask(SIG_BLOCK,
884
 
                                         &sigchld_action.sa_mask,
885
 
                                         NULL));
 
885
    ret = (int)TEMP_FAILURE_RETRY(sigprocmask(SIG_BLOCK,
 
886
                                              &sigchld_action.sa_mask,
 
887
                                              NULL));
886
888
    if(ret < 0){
887
889
      perror("sigprocmask");
888
890
      exitstatus = EXIT_FAILURE;
942
944
    plugin *new_plugin = getplugin(dirst->d_name);
943
945
    if(new_plugin == NULL){
944
946
      perror("getplugin");
945
 
      ret = TEMP_FAILURE_RETRY(sigprocmask(SIG_UNBLOCK,
946
 
                                           &sigchld_action.sa_mask,
947
 
                                           NULL));
 
947
      ret = (int)(TEMP_FAILURE_RETRY
 
948
                  (sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask,
 
949
                               NULL)));
948
950
      if(ret < 0){
949
951
        perror("sigprocmask");
950
952
      }
957
959
    
958
960
    /* Unblock SIGCHLD so signal handler can be run if this process
959
961
       has already completed */
960
 
    ret = TEMP_FAILURE_RETRY(sigprocmask(SIG_UNBLOCK,
961
 
                                         &sigchld_action.sa_mask,
962
 
                                         NULL));
 
962
    ret = (int)TEMP_FAILURE_RETRY(sigprocmask(SIG_UNBLOCK,
 
963
                                              &sigchld_action.sa_mask,
 
964
                                              NULL));
963
965
    if(ret < 0){
964
966
      perror("sigprocmask");
965
967
      exitstatus = EXIT_FAILURE;
1029
1031
          FD_CLR(proc->fd, &rfds_all);
1030
1032
          
1031
1033
          /* Block signal while modifying process_list */
1032
 
          ret = TEMP_FAILURE_RETRY(sigprocmask(SIG_BLOCK,
1033
 
                                               &sigchld_action.sa_mask,
1034
 
                                               NULL));
 
1034
          ret = (int)TEMP_FAILURE_RETRY(sigprocmask
 
1035
                                        (SIG_BLOCK,
 
1036
                                         &sigchld_action.sa_mask,
 
1037
                                         NULL));
1035
1038
          if(ret < 0){
1036
1039
            perror("sigprocmask");
1037
1040
            exitstatus = EXIT_FAILURE;
1043
1046
          proc = next_plugin;
1044
1047
          
1045
1048
          /* We are done modifying process list, so unblock signal */
1046
 
          ret = TEMP_FAILURE_RETRY(sigprocmask(SIG_UNBLOCK,
1047
 
                                               &sigchld_action.sa_mask,
1048
 
                                               NULL));
 
1049
          ret = (int)(TEMP_FAILURE_RETRY
 
1050
                      (sigprocmask(SIG_UNBLOCK,
 
1051
                                   &sigchld_action.sa_mask, NULL)));
1049
1052
          if(ret < 0){
1050
1053
            perror("sigprocmask");
1051
1054
            exitstatus = EXIT_FAILURE;