19
18
* along with this program. If not, see
20
19
* <http://www.gnu.org/licenses/>.
22
* Contact the authors at <mandos@recompile.se>.
21
* Contact the authors at <mandos@fukt.bsnet.se>.
25
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), getline(),
26
asprintf(), O_CLOEXEC */
27
#include <stddef.h> /* size_t, NULL */
28
#include <stdlib.h> /* malloc(), exit(), EXIT_SUCCESS,
30
#include <stdbool.h> /* bool, true, false */
31
#include <stdio.h> /* fileno(), fprintf(),
24
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */
26
#include <stdio.h> /* popen(), fileno(), fprintf(),
32
27
stderr, STDOUT_FILENO */
33
#include <sys/types.h> /* DIR, fdopendir(), stat(), struct
34
stat, waitpid(), WIFEXITED(),
35
WEXITSTATUS(), wait(), pid_t,
36
uid_t, gid_t, getuid(), getgid(),
38
#include <sys/select.h> /* fd_set, select(), FD_ZERO(),
39
FD_SET(), FD_ISSET(), FD_CLR */
40
#include <sys/wait.h> /* wait(), waitpid(), WIFEXITED(),
41
WEXITSTATUS(), WTERMSIG(),
28
#include <iso646.h> /* and, or, not */
29
#include <sys/types.h> /* DIR, opendir(), stat(),
30
struct stat, waitpid(),
31
WIFEXITED(), WEXITSTATUS(),
33
#include <sys/wait.h> /* wait() */
34
#include <dirent.h> /* DIR, struct dirent, opendir(),
35
readdir(), closedir() */
43
36
#include <sys/stat.h> /* struct stat, stat(), S_ISREG() */
44
#include <iso646.h> /* and, or, not */
45
#include <dirent.h> /* DIR, struct dirent, fdopendir(),
46
readdir(), closedir(), dirfd() */
47
37
#include <unistd.h> /* struct stat, stat(), S_ISREG(),
48
fcntl(), setuid(), setgid(),
49
F_GETFD, F_SETFD, FD_CLOEXEC,
50
access(), pipe(), fork(), close()
51
dup2(), STDOUT_FILENO, _exit(),
52
execv(), write(), read(),
54
#include <fcntl.h> /* fcntl(), F_GETFD, F_SETFD,
56
#include <string.h> /* strsep, strlen(), asprintf(),
57
strsignal(), strcmp(), strncmp() */
39
#include <fcntl.h> /* fcntl() */
40
#include <stddef.h> /* NULL */
41
#include <stdlib.h> /* EXIT_FAILURE */
42
#include <sys/select.h> /* fd_set, select(), FD_ZERO(),
43
FD_SET(), FD_ISSET() */
44
#include <string.h> /* strlen(), strcpy(), strcat() */
45
#include <stdbool.h> /* true */
46
#include <sys/wait.h> /* waitpid(), WIFEXITED(),
58
48
#include <errno.h> /* errno */
59
#include <argp.h> /* struct argp_option, struct
60
argp_state, struct argp,
61
argp_parse(), ARGP_ERR_UNKNOWN,
62
ARGP_KEY_END, ARGP_KEY_ARG,
64
#include <signal.h> /* struct sigaction, sigemptyset(),
65
sigaddset(), sigaction(),
66
sigprocmask(), SIG_BLOCK, SIGCHLD,
67
SIG_UNBLOCK, kill(), sig_atomic_t
69
#include <errno.h> /* errno, EBADF */
70
#include <inttypes.h> /* intmax_t, PRIdMAX, strtoimax() */
71
#include <sysexits.h> /* EX_OSERR, EX_USAGE, EX_IOERR,
72
EX_CONFIG, EX_UNAVAILABLE, EX_OK */
73
#include <errno.h> /* errno */
74
#include <error.h> /* error() */
76
#define BUFFER_SIZE 256
78
#define PDIR "/lib/mandos/plugins.d"
79
#define AFILE "/conf/conf.d/mandos/plugin-runner.conf"
81
const char *argp_program_version = "plugin-runner " VERSION;
82
const char *argp_program_bug_address = "<mandos@recompile.se>";
84
typedef struct plugin{
85
char *name; /* can be NULL or any plugin name */
92
/* Variables used for running processes*/
49
#include <argp.h> /* struct argp_option,
50
struct argp_state, struct argp,
55
typedef struct process{
96
59
size_t buffer_size;
97
60
size_t buffer_length;
99
volatile sig_atomic_t completed;
67
typedef struct plugin{
68
char *name; /* can be NULL or any plugin name */
101
72
struct plugin *next;
104
static plugin *plugin_list = NULL;
106
/* Gets an existing plugin based on name,
107
or if none is found, creates a new one */
108
static plugin *getplugin(char *name){
109
/* Check for existing plugin with that name */
110
for(plugin *p = plugin_list; p != NULL; p = p->next){
112
or (p->name and name and (strcmp(p->name, name) == 0))){
75
plugin *getplugin(char *name, plugin **plugin_list){
76
for (plugin *p = *plugin_list; p != NULL; p = p->next){
78
or (p->name and name and (strcmp(p->name, name) == 0))){
116
82
/* Create a new plugin */
117
plugin *new_plugin = NULL;
119
new_plugin = malloc(sizeof(plugin));
120
} while(new_plugin == NULL and errno == EINTR);
121
if(new_plugin == NULL){
124
char *copy_name = NULL;
127
copy_name = strdup(name);
128
} while(copy_name == NULL and errno == EINTR);
129
if(copy_name == NULL){
137
*new_plugin = (plugin){ .name = copy_name,
140
.next = plugin_list };
143
new_plugin->argv = malloc(sizeof(char *) * 2);
144
} while(new_plugin->argv == NULL and errno == EINTR);
145
if(new_plugin->argv == NULL){
152
new_plugin->argv[0] = copy_name;
83
plugin *new_plugin = malloc(sizeof(plugin));
84
if (new_plugin == NULL){
88
new_plugin->name = name;
89
new_plugin->argv = malloc(sizeof(char *) * 2);
90
if (new_plugin->argv == NULL){
94
new_plugin->argv[0] = name;
153
95
new_plugin->argv[1] = NULL;
156
new_plugin->environ = malloc(sizeof(char *));
157
} while(new_plugin->environ == NULL and errno == EINTR);
158
if(new_plugin->environ == NULL){
161
free(new_plugin->argv);
166
new_plugin->environ[0] = NULL;
97
new_plugin->disabled = false;
98
new_plugin->next = *plugin_list;
168
99
/* Append the new plugin to the list */
169
plugin_list = new_plugin;
100
*plugin_list = new_plugin;
170
101
return new_plugin;
173
/* Helper function for add_argument and add_environment */
174
static bool add_to_char_array(const char *new, char ***array,
176
/* Resize the pointed-to array to hold one more pointer */
178
*array = realloc(*array, sizeof(char *)
179
* (size_t) ((*len) + 2));
180
} while(*array == NULL and errno == EINTR);
185
/* Make a copy of the new string */
189
} while(copy == NULL and errno == EINTR);
193
/* Insert the copy */
194
(*array)[*len] = copy;
196
/* Add a new terminating NULL pointer to the last element */
197
(*array)[*len] = NULL;
201
/* Add to a plugin's argument vector */
202
static bool add_argument(plugin *p, const char *arg){
206
return add_to_char_array(arg, &(p->argv), &(p->argc));
209
/* Add to a plugin's environment */
210
static bool add_environment(plugin *p, const char *def, bool replace){
214
/* namelen = length of name of environment variable */
215
size_t namelen = (size_t)(strchrnul(def, '=') - def);
216
/* Search for this environment variable */
217
for(char **e = p->environ; *e != NULL; e++){
218
if(strncmp(*e, def, namelen + 1) == 0){
219
/* It already exists */
223
new = realloc(*e, strlen(def) + 1);
224
} while(new == NULL and errno == EINTR);
234
return add_to_char_array(def, &(p->environ), &(p->envc));
104
void addargument(plugin *p, char *arg){
105
p->argv[p->argc] = arg;
106
p->argv = realloc(p->argv, sizeof(char *) * (size_t)(p->argc + 2));
107
if (p->argv == NULL){
112
p->argv[p->argc] = NULL;
238
116
* Based on the example in the GNU LibC manual chapter 13.13 "File
239
117
* Descriptor Flags".
240
| [[info:libc:Descriptor%20Flags][File Descriptor Flags]] |
118
* *Note File Descriptor Flags:(libc)Descriptor Flags.
242
static int set_cloexec_flag(int fd){
243
int ret = (int)TEMP_FAILURE_RETRY(fcntl(fd, F_GETFD, 0));
120
int set_cloexec_flag(int fd)
122
int ret = fcntl(fd, F_GETFD, 0);
244
123
/* If reading the flags failed, return error indication now. */
248
127
/* Store modified flag word in the descriptor. */
249
return (int)TEMP_FAILURE_RETRY(fcntl(fd, F_SETFD,
128
return fcntl(fd, F_SETFD, ret | FD_CLOEXEC);
254
/* Mark processes as completed when they exit, and save their exit
131
#define BUFFER_SIZE 256
133
const char *argp_program_version = "plugbasedclient 0.9";
134
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
136
process *process_list = NULL;
138
/* Mark a process as completed when it exits, and save its exit
256
static void handle_sigchld(__attribute__((unused)) int sig){
257
int old_errno = errno;
259
plugin *proc = plugin_list;
261
pid_t pid = waitpid(-1, &status, WNOHANG);
263
/* Only still running child processes */
268
/* No child processes */
271
error(0, errno, "waitpid");
274
/* A child exited, find it in process_list */
275
while(proc != NULL and proc->pid != pid){
279
/* Process not found in process list */
282
proc->status = status;
288
/* Prints out a password to stdout */
289
static bool print_out_password(const char *buffer, size_t length){
291
for(size_t written = 0; written < length; written += (size_t)ret){
292
ret = TEMP_FAILURE_RETRY(write(STDOUT_FILENO, buffer + written,
301
/* Removes and free a plugin from the plugin list */
302
static void free_plugin(plugin *plugin_node){
304
for(char **arg = plugin_node->argv; *arg != NULL; arg++){
307
free(plugin_node->argv);
308
for(char **env = plugin_node->environ; *env != NULL; env++){
311
free(plugin_node->environ);
312
free(plugin_node->buffer);
314
/* Removes the plugin from the singly-linked list */
315
if(plugin_node == plugin_list){
316
/* First one - simple */
317
plugin_list = plugin_list->next;
319
/* Second one or later */
320
for(plugin *p = plugin_list; p != NULL; p = p->next){
321
if(p->next == plugin_node){
322
p->next = plugin_node->next;
331
static void free_plugin_list(void){
332
while(plugin_list != NULL){
333
free_plugin(plugin_list);
140
void handle_sigchld(__attribute__((unused)) int sig){
141
process *proc = process_list;
143
pid_t pid = wait(&status);
144
while(proc != NULL and proc->pid != pid){
148
/* Process not found in process list */
151
proc->status = status;
152
proc->completed = true;
337
155
int main(int argc, char *argv[]){
338
char *plugindir = NULL;
339
char *argfile = NULL;
156
const char *plugindir = "/conf/conf.d/mandos/plugins.d";
341
157
size_t d_name_len;
343
159
struct dirent *dirst;
346
162
int ret, maxfd = 0;
350
163
bool debug = false;
351
164
int exitstatus = EXIT_SUCCESS;
352
struct sigaction old_sigchld_action;
353
struct sigaction sigchld_action = { .sa_handler = handle_sigchld,
354
.sa_flags = SA_NOCLDSTOP };
355
char **custom_argv = NULL;
358
166
/* Establish a signal handler */
167
struct sigaction old_sigchld_action,
168
sigchld_action = { .sa_handler = handle_sigchld,
169
.sa_flags = SA_NOCLDSTOP };
359
170
sigemptyset(&sigchld_action.sa_mask);
360
171
ret = sigaddset(&sigchld_action.sa_mask, SIGCHLD);
362
error(0, errno, "sigaddset");
363
exitstatus = EX_OSERR;
366
176
ret = sigaction(SIGCHLD, &sigchld_action, &old_sigchld_action);
368
error(0, errno, "sigaction");
369
exitstatus = EX_OSERR;
373
182
/* The options we understand. */
375
184
{ .name = "global-options", .key = 'g',
376
185
.arg = "OPTION[,OPTION[,...]]",
377
186
.doc = "Options passed to all plugins" },
378
{ .name = "global-env", .key = 'G',
380
.doc = "Environment variable passed to all plugins" },
381
187
{ .name = "options-for", .key = 'o',
382
188
.arg = "PLUGIN:OPTION[,OPTION[,...]]",
383
189
.doc = "Options passed only to specified plugin" },
384
{ .name = "env-for", .key = 'E',
385
.arg = "PLUGIN:ENV=value",
386
.doc = "Environment variable passed to specified plugin" },
387
190
{ .name = "disable", .key = 'd',
389
192
.doc = "Disable a specific plugin", .group = 1 },
390
{ .name = "enable", .key = 'e',
392
.doc = "Enable a specific plugin", .group = 1 },
393
193
{ .name = "plugin-dir", .key = 128,
394
194
.arg = "DIRECTORY",
395
195
.doc = "Specify a different plugin directory", .group = 2 },
396
{ .name = "config-file", .key = 129,
398
.doc = "Specify a different configuration file", .group = 2 },
399
{ .name = "userid", .key = 130,
400
.arg = "ID", .flags = 0,
401
.doc = "User ID the plugins will run as", .group = 3 },
402
{ .name = "groupid", .key = 131,
403
.arg = "ID", .flags = 0,
404
.doc = "Group ID the plugins will run as", .group = 3 },
405
{ .name = "debug", .key = 132,
406
.doc = "Debug mode", .group = 4 },
408
* These reproduce what we would get without ARGP_NO_HELP
410
{ .name = "help", .key = '?',
411
.doc = "Give this help list", .group = -1 },
412
{ .name = "usage", .key = -3,
413
.doc = "Give a short usage message", .group = -1 },
414
{ .name = "version", .key = 'V',
415
.doc = "Print program version", .group = -1 },
196
{ .name = "debug", .key = 129,
197
.doc = "Debug mode", .group = 3 },
419
error_t parse_opt(int key, char *arg, struct argp_state *state){
424
case 'g': /* --global-options */
427
while((plugin_option = strsep(&arg, ",")) != NULL){
428
if(not add_argument(getplugin(NULL), plugin_option)){
434
case 'G': /* --global-env */
435
add_environment(getplugin(NULL), arg, true);
437
case 'o': /* --options-for */
439
char *option_list = strchr(arg, ':');
440
if(option_list == NULL){
441
argp_error(state, "No colon in \"%s\"", arg);
448
argp_error(state, "Empty plugin name");
453
while((option = strsep(&option_list, ",")) != NULL){
454
if(not add_argument(getplugin(arg), option)){
460
case 'E': /* --env-for */
462
char *envdef = strchr(arg, ':');
464
argp_error(state, "No colon in \"%s\"", arg);
471
argp_error(state, "Empty plugin name");
475
add_environment(getplugin(arg), envdef, true);
478
case 'd': /* --disable */
480
plugin *p = getplugin(arg);
486
case 'e': /* --enable */
488
plugin *p = getplugin(arg);
494
case 128: /* --plugin-dir */
496
plugindir = strdup(arg);
498
case 129: /* --config-file */
499
/* This is already done by parse_opt_config_file() */
501
case 130: /* --userid */
502
tmpmax = strtoimax(arg, &tmp, 10);
503
if(errno != 0 or tmp == arg or *tmp != '\0'
504
or tmpmax != (uid_t)tmpmax){
505
argp_error(state, "Bad user ID number: \"%s\", using %"
506
PRIdMAX, arg, (intmax_t)uid);
511
case 131: /* --groupid */
512
tmpmax = strtoimax(arg, &tmp, 10);
513
if(errno != 0 or tmp == arg or *tmp != '\0'
514
or tmpmax != (gid_t)tmpmax){
515
argp_error(state, "Bad group ID number: \"%s\", using %"
516
PRIdMAX, arg, (intmax_t)gid);
521
case 132: /* --debug */
201
error_t parse_opt (int key, char *arg, struct argp_state *state) {
202
/* Get the INPUT argument from `argp_parse', which we know is a
203
pointer to our plugin list pointer. */
204
plugin **plugins = state->input;
208
char *p = strtok(arg, ",");
210
addargument(getplugin(NULL, plugins), p);
211
p = strtok(NULL, ",");
217
char *name = strtok(arg, ":");
218
char *p = strtok(NULL, ":");
222
addargument(getplugin(name, plugins), p);
223
p = strtok(NULL, ",");
230
getplugin(arg, plugins)->disabled = true;
525
* These reproduce what we would get without ARGP_NO_HELP
527
case '?': /* --help */
528
state->flags &= ~(unsigned int)ARGP_NO_EXIT; /* force exit */
529
argp_state_help(state, state->out_stream, ARGP_HELP_STD_HELP);
530
case -3: /* --usage */
531
state->flags &= ~(unsigned int)ARGP_NO_EXIT; /* force exit */
532
argp_state_help(state, state->out_stream,
533
ARGP_HELP_USAGE | ARGP_HELP_EXIT_OK);
534
case 'V': /* --version */
535
fprintf(state->out_stream, "%s\n", argp_program_version);
539
* When adding more options before this line, remember to also add a
540
* "case" to the "parse_opt_config_file" function below.
543
/* Cryptsetup always passes an argument, which is an empty
544
string if "none" was specified in /etc/crypttab. So if
545
argument was empty, we ignore it silently. */
550
return ARGP_ERR_UNKNOWN;
552
return errno; /* Set to 0 at start */
555
/* This option parser is the same as parse_opt() above, except it
556
ignores everything but the --config-file option. */
557
error_t parse_opt_config_file(int key, char *arg,
558
__attribute__((unused))
559
struct argp_state *state){
562
case 'g': /* --global-options */
563
case 'G': /* --global-env */
564
case 'o': /* --options-for */
565
case 'E': /* --env-for */
566
case 'd': /* --disable */
567
case 'e': /* --enable */
568
case 128: /* --plugin-dir */
570
case 129: /* --config-file */
572
argfile = strdup(arg);
574
case 130: /* --userid */
575
case 131: /* --groupid */
576
case 132: /* --debug */
577
case '?': /* --help */
578
case -3: /* --usage */
579
case 'V': /* --version */
583
return ARGP_ERR_UNKNOWN;
588
struct argp argp = { .options = options,
589
.parser = parse_opt_config_file,
245
return ARGP_ERR_UNKNOWN;
250
plugin *plugin_list = NULL;
252
struct argp argp = { .options = options, .parser = parse_opt,
591
254
.doc = "Mandos plugin runner -- Run plugins" };
593
/* Parse using parse_opt_config_file() in order to get the custom
594
config file location, if any. */
595
ret = argp_parse(&argp, argc, argv,
596
ARGP_IN_ORDER | ARGP_NO_EXIT | ARGP_NO_HELP,
604
error(0, errno, "argp_parse");
605
exitstatus = EX_OSERR;
608
exitstatus = EX_USAGE;
612
/* Reset to the normal argument parser */
613
argp.parser = parse_opt;
615
/* Open the configfile if available */
617
conffp = fopen(AFILE, "r");
619
conffp = fopen(argfile, "r");
622
char *org_line = NULL;
623
char *p, *arg, *new_arg, *line;
625
const char whitespace_delims[] = " \r\t\f\v\n";
626
const char comment_delim[] = "#";
629
custom_argv = malloc(sizeof(char*) * 2);
630
if(custom_argv == NULL){
631
error(0, errno, "malloc");
632
exitstatus = EX_OSERR;
635
custom_argv[0] = argv[0];
636
custom_argv[1] = NULL;
638
/* for each line in the config file, strip whitespace and ignore
641
sret = getline(&org_line, &size, conffp);
647
arg = strsep(&line, comment_delim);
648
while((p = strsep(&arg, whitespace_delims)) != NULL){
654
error(0, errno, "strdup");
655
exitstatus = EX_OSERR;
661
custom_argv = realloc(custom_argv, sizeof(char *)
662
* ((unsigned int) custom_argc + 1));
663
if(custom_argv == NULL){
664
error(0, errno, "realloc");
665
exitstatus = EX_OSERR;
669
custom_argv[custom_argc-1] = new_arg;
670
custom_argv[custom_argc] = NULL;
674
ret = fclose(conffp);
675
} while(ret == EOF and errno == EINTR);
677
error(0, errno, "fclose");
678
exitstatus = EX_IOERR;
683
/* Check for harmful errors and go to fallback. Other errors might
684
not affect opening plugins */
685
if(errno == EMFILE or errno == ENFILE or errno == ENOMEM){
686
error(0, errno, "fopen");
687
exitstatus = EX_OSERR;
691
/* If there were any arguments from the configuration file, pass
692
them to parser as command line arguments */
693
if(custom_argv != NULL){
694
ret = argp_parse(&argp, custom_argc, custom_argv,
695
ARGP_IN_ORDER | ARGP_NO_EXIT | ARGP_NO_HELP,
703
error(0, errno, "argp_parse");
704
exitstatus = EX_OSERR;
707
exitstatus = EX_CONFIG;
712
/* Parse actual command line arguments, to let them override the
714
ret = argp_parse(&argp, argc, argv,
715
ARGP_IN_ORDER | ARGP_NO_EXIT | ARGP_NO_HELP,
723
error(0, errno, "argp_parse");
724
exitstatus = EX_OSERR;
727
exitstatus = EX_USAGE;
256
argp_parse (&argp, argc, argv, 0, 0, &plugin_list);
732
259
for(plugin *p = plugin_list; p != NULL; p=p->next){
735
262
for(char **a = p->argv; *a != NULL; a++){
736
263
fprintf(stderr, "\tArg: %s\n", *a);
738
fprintf(stderr, "...and %d environment variables\n", p->envc);
739
for(char **a = p->environ; *a != NULL; a++){
740
fprintf(stderr, "\t%s\n", *a);
746
/* Work around Debian bug #633582:
747
<http://bugs.debian.org/633582> */
748
int plugindir_fd = open(/* plugindir or */ PDIR, O_RDONLY);
749
if(plugindir_fd == -1){
750
error(0, errno, "open");
752
ret = (int)TEMP_FAILURE_RETRY(fstat(plugindir_fd, &st));
754
error(0, errno, "fstat");
756
if(S_ISDIR(st.st_mode) and st.st_uid == 0 and st.st_gid == 0){
757
ret = fchown(plugindir_fd, uid, gid);
759
error(0, errno, "fchown");
763
TEMP_FAILURE_RETRY(close(plugindir_fd));
767
/* Lower permissions */
770
error(0, errno, "setgid");
774
error(0, errno, "setuid");
777
/* Open plugin directory with close_on_exec flag */
268
dir = opendir(plugindir);
270
perror("Could not open plugin dir");
271
exitstatus = EXIT_FAILURE;
275
/* Set the FD_CLOEXEC flag on the directory, if possible */
780
if(plugindir == NULL){
781
dir_fd = open(PDIR, O_RDONLY |
784
#else /* not O_CLOEXEC */
786
#endif /* not O_CLOEXEC */
789
dir_fd = open(plugindir, O_RDONLY |
792
#else /* not O_CLOEXEC */
794
#endif /* not O_CLOEXEC */
798
error(0, errno, "Could not open plugin dir");
799
exitstatus = EX_UNAVAILABLE;
804
/* Set the FD_CLOEXEC flag on the directory */
805
ret = set_cloexec_flag(dir_fd);
807
error(0, errno, "set_cloexec_flag");
808
TEMP_FAILURE_RETRY(close(dir_fd));
809
exitstatus = EX_OSERR;
812
#endif /* O_CLOEXEC */
814
dir = fdopendir(dir_fd);
816
error(0, errno, "Could not open plugin dir");
817
TEMP_FAILURE_RETRY(close(dir_fd));
818
exitstatus = EX_OSERR;
277
int dir_fd = dirfd(dir);
279
ret = set_cloexec_flag(dir_fd);
281
perror("set_cloexec_flag");
282
exitstatus = EXIT_FAILURE;
823
288
FD_ZERO(&rfds_all);
825
/* Read and execute any executable in the plugin directory*/
828
dirst = readdir(dir);
829
} while(dirst == NULL and errno == EINTR);
291
dirst = readdir(dir);
831
/* All directory entries have been processed */
293
// All directory entries have been processed
832
294
if(dirst == NULL){
834
error(0, errno, "readdir");
835
exitstatus = EX_IOERR;
841
298
d_name_len = strlen(dirst->d_name);
843
/* Ignore dotfiles, backup files and other junk */
300
// Ignore dotfiles, backup files and other junk
845
302
bool bad_name = false;
373
plugin *p = getplugin(dirst->d_name, &plugin_list);
934
375
/* Add global arguments to argument list for this plugin */
935
plugin *g = getplugin(NULL);
937
for(char **a = g->argv + 1; *a != NULL; a++){
938
if(not add_argument(p, *a)){
939
error(0, errno, "add_argument");
942
/* Add global environment variables */
943
for(char **e = g->environ; *e != NULL; e++){
944
if(not add_environment(p, *e, false)){
945
error(0, errno, "add_environment");
950
/* If this plugin has any environment variables, we will call
951
using execve and need to duplicate the environment from this
953
if(p->environ[0] != NULL){
954
for(char **e = environ; *e != NULL; e++){
955
if(not add_environment(p, *e, false)){
956
error(0, errno, "add_environment");
962
ret = (int)TEMP_FAILURE_RETRY(pipe(pipefd));
964
error(0, errno, "pipe");
965
exitstatus = EX_OSERR;
968
/* Ask OS to automatic close the pipe on exec */
376
plugin *g = getplugin(NULL, &plugin_list);
377
for(char **a = g->argv + 1; *a != NULL; a++){
385
exitstatus = EXIT_FAILURE;
969
388
ret = set_cloexec_flag(pipefd[0]);
971
error(0, errno, "set_cloexec_flag");
972
exitstatus = EX_OSERR;
390
perror("set_cloexec_flag");
391
exitstatus = EXIT_FAILURE;
975
394
ret = set_cloexec_flag(pipefd[1]);
977
error(0, errno, "set_cloexec_flag");
978
exitstatus = EX_OSERR;
396
perror("set_cloexec_flag");
397
exitstatus = EXIT_FAILURE;
981
400
/* Block SIGCHLD until process is safely in process list */
982
ret = (int)TEMP_FAILURE_RETRY(sigprocmask(SIG_BLOCK,
983
&sigchld_action.sa_mask,
401
ret = sigprocmask (SIG_BLOCK, &sigchld_action.sa_mask, NULL);
986
error(0, errno, "sigprocmask");
987
exitstatus = EX_OSERR;
990
/* Starting a new process to be watched */
994
} while(pid == -1 and errno == EINTR);
996
error(0, errno, "fork");
997
exitstatus = EX_OSERR;
403
perror("sigprocmask");
404
exitstatus = EXIT_FAILURE;
407
// Starting a new process to be watched
1001
410
/* this is the child process */
1002
411
ret = sigaction(SIGCHLD, &old_sigchld_action, NULL);
1004
error(0, errno, "sigaction");
1007
ret = sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
416
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
1009
error(0, errno, "sigprocmask");
1013
ret = dup2(pipefd[1], STDOUT_FILENO); /* replace our stdout */
1015
error(0, errno, "dup2");
418
perror("sigprocmask");
421
dup2(pipefd[1], STDOUT_FILENO); /* replace our stdout */
1019
423
if(dirfd(dir) < 0){
1020
424
/* If dir has no file descriptor, we could not set FD_CLOEXEC
1021
425
above and must now close it manually here. */
1024
if(p->environ[0] == NULL){
1025
if(execv(filename, p->argv) < 0){
1026
error(0, errno, "execv for %s", filename);
1030
if(execve(filename, p->argv, p->environ) < 0){
1031
error(0, errno, "execve for %s", filename);
428
if(execv(filename, p->argv) < 0){
1037
/* Parent process */
1038
TEMP_FAILURE_RETRY(close(pipefd[1])); /* Close unused write end of
1041
plugin *new_plugin = getplugin(dirst->d_name);
1042
if(new_plugin == NULL){
1043
error(0, errno, "getplugin");
1044
ret = (int)(TEMP_FAILURE_RETRY
1045
(sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask,
436
close(pipefd[1]); /* close unused write end of pipe */
437
process *new_process = malloc(sizeof(process));
438
if (new_process == NULL){
440
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
1048
error(0, errno, "sigprocmask");
442
perror("sigprocmask");
1050
exitstatus = EX_OSERR;
444
exitstatus = EXIT_FAILURE;
1054
new_plugin->pid = pid;
1055
new_plugin->fd = pipefd[0];
448
*new_process = (struct process){ .pid = pid,
450
.next = process_list };
452
process_list = new_process;
1057
453
/* Unblock SIGCHLD so signal handler can be run if this process
1058
454
has already completed */
1059
ret = (int)TEMP_FAILURE_RETRY(sigprocmask(SIG_UNBLOCK,
1060
&sigchld_action.sa_mask,
455
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
1063
error(0, errno, "sigprocmask");
1064
exitstatus = EX_OSERR;
1068
FD_SET(new_plugin->fd, &rfds_all); /* Spurious warning from
1071
if(maxfd < new_plugin->fd){
1072
maxfd = new_plugin->fd;
1076
TEMP_FAILURE_RETRY(closedir(dir));
457
perror("sigprocmask");
458
exitstatus = EXIT_FAILURE;
462
FD_SET(new_process->fd, &rfds_all);
464
if (maxfd < new_process->fd){
465
maxfd = new_process->fd;
470
/* Free the plugin list */
471
for(plugin *next; plugin_list != NULL; plugin_list = next){
472
next = plugin_list->next;
473
free(plugin_list->argv);
1078
free_plugin(getplugin(NULL));
1080
for(plugin *p = plugin_list; p != NULL; p = p->next){
1084
if(p->next == NULL){
1085
fprintf(stderr, "No plugin processes started. Incorrect plugin"
480
if (process_list == NULL){
481
fprintf(stderr, "No plugin processes started, exiting\n");
482
exitstatus = EXIT_FAILURE;
1091
/* Main loop while running plugins exist */
1093
486
fd_set rfds = rfds_all;
1094
487
int select_ret = select(maxfd+1, &rfds, NULL, NULL, NULL);
1095
if(select_ret == -1 and errno != EINTR){
1096
error(0, errno, "select");
1097
exitstatus = EX_OSERR;
488
if (select_ret == -1){
490
exitstatus = EXIT_FAILURE;
1100
493
/* OK, now either a process completed, or something can be read
1101
494
from one of them */
1102
for(plugin *proc = plugin_list; proc != NULL;){
495
for(process *proc = process_list; proc ; proc = proc->next){
1103
496
/* Is this process completely done? */
1104
if(proc->completed and proc->eof){
497
if(proc->eof and proc->completed){
1105
498
/* Only accept the plugin output if it exited cleanly */
1106
499
if(not WIFEXITED(proc->status)
1107
500
or WEXITSTATUS(proc->status) != 0){
1108
501
/* Bad exit by plugin */
1111
503
if(WIFEXITED(proc->status)){
1112
fprintf(stderr, "Plugin %s [%" PRIdMAX "] exited with"
1113
" status %d\n", proc->name,
1114
(intmax_t) (proc->pid),
1115
WEXITSTATUS(proc->status));
1116
} else if(WIFSIGNALED(proc->status)){
1117
fprintf(stderr, "Plugin %s [%" PRIdMAX "] killed by"
1118
" signal %d: %s\n", proc->name,
1119
(intmax_t) (proc->pid),
1120
WTERMSIG(proc->status),
1121
strsignal(WTERMSIG(proc->status)));
504
fprintf(stderr, "Plugin %d exited with status %d\n",
505
proc->pid, WEXITSTATUS(proc->status));
506
} else if(WIFSIGNALED(proc->status)) {
507
fprintf(stderr, "Plugin %d killed by signal %d\n",
508
proc->pid, WTERMSIG(proc->status));
1122
509
} else if(WCOREDUMP(proc->status)){
1123
fprintf(stderr, "Plugin %s [%" PRIdMAX "] dumped"
1124
" core\n", proc->name, (intmax_t) (proc->pid));
510
fprintf(stderr, "Plugin %d dumped core\n", proc->pid);
1128
513
/* Remove the plugin */
1129
FD_CLR(proc->fd, &rfds_all); /* Spurious warning from
514
FD_CLR(proc->fd, &rfds_all);
1132
515
/* Block signal while modifying process_list */
1133
ret = (int)TEMP_FAILURE_RETRY(sigprocmask
1135
&sigchld_action.sa_mask,
516
ret = sigprocmask (SIG_BLOCK, &sigchld_action.sa_mask, NULL);
1138
error(0, errno, "sigprocmask");
1139
exitstatus = EX_OSERR;
1143
plugin *next_plugin = proc->next;
518
perror("sigprocmask");
519
exitstatus = EXIT_FAILURE;
522
/* Delete this process entry from the list */
523
if(process_list == proc){
524
/* First one - simple */
525
process_list = proc->next;
527
/* Second one or later */
528
for(process *p = process_list; p != NULL; p = p->next){
530
p->next = proc->next;
1147
535
/* We are done modifying process list, so unblock signal */
1148
ret = (int)(TEMP_FAILURE_RETRY
1149
(sigprocmask(SIG_UNBLOCK,
1150
&sigchld_action.sa_mask, NULL)));
536
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask,
1152
error(0, errno, "sigprocmask");
1153
exitstatus = EX_OSERR;
1157
if(plugin_list == NULL){
539
perror("sigprocmask");
543
/* We deleted this process from the list, so we can't go
544
proc->next. Therefore, start over from the beginning of
1164
548
/* This process exited nicely, so print its buffer */
1166
bool bret = print_out_password(proc->buffer,
1167
proc->buffer_length);
1169
error(0, errno, "print_out_password");
1170
exitstatus = EX_IOERR;
549
for(size_t written = 0; written < proc->buffer_length;
550
written += (size_t)ret){
551
ret = TEMP_FAILURE_RETRY(write(STDOUT_FILENO,
552
proc->buffer + written,
557
exitstatus = EXIT_FAILURE;
1175
563
/* This process has not completed. Does it have any output? */
1176
if(proc->eof or not FD_ISSET(proc->fd, &rfds)){ /* Spurious
564
if(proc->eof or not FD_ISSET(proc->fd, &rfds)){
1179
565
/* This process had nothing to say at this time */
1183
568
/* Before reading, make the process' data buffer large enough */
1184
569
if(proc->buffer_length + BUFFER_SIZE > proc->buffer_size){
1185
570
proc->buffer = realloc(proc->buffer, proc->buffer_size
1186
571
+ (size_t) BUFFER_SIZE);
1187
if(proc->buffer == NULL){
1188
error(0, errno, "malloc");
1189
exitstatus = EX_OSERR;
572
if (proc->buffer == NULL){
574
exitstatus = EXIT_FAILURE;
1192
577
proc->buffer_size += BUFFER_SIZE;
1194
579
/* Read from the process */
1195
sret = TEMP_FAILURE_RETRY(read(proc->fd,
1197
+ proc->buffer_length,
580
ret = read(proc->fd, proc->buffer + proc->buffer_length,
1200
583
/* Read error from this process; ignore the error */
1206
588
proc->eof = true;
1208
proc->buffer_length += (size_t) sret;
590
proc->buffer_length += (size_t) ret;
1216
if(plugin_list == NULL or (exitstatus != EXIT_SUCCESS
1217
and exitstatus != EX_OK)){
1218
/* Fallback if all plugins failed, none are found or an error
1221
fprintf(stderr, "Going to fallback mode using getpass(3)\n");
1222
char *passwordbuffer = getpass("Password: ");
1223
size_t len = strlen(passwordbuffer);
1224
/* Strip trailing newline */
1225
if(len > 0 and passwordbuffer[len-1] == '\n'){
1226
passwordbuffer[len-1] = '\0'; /* not strictly necessary */
1229
bret = print_out_password(passwordbuffer, len);
1231
error(0, errno, "print_out_password");
1232
exitstatus = EX_IOERR;
594
if(process_list == NULL){
595
fprintf(stderr, "All plugin processes failed, exiting\n");
596
exitstatus = EXIT_FAILURE;
1236
600
/* Restore old signal handler */
1237
ret = sigaction(SIGCHLD, &old_sigchld_action, NULL);
1239
error(0, errno, "sigaction");
1240
exitstatus = EX_OSERR;
601
sigaction(SIGCHLD, &old_sigchld_action, NULL);
1243
if(custom_argv != NULL){
1244
for(char **arg = custom_argv+1; *arg != NULL; arg++){
603
/* Free the plugin list */
604
for(plugin *next; plugin_list != NULL; plugin_list = next){
605
next = plugin_list->next;
606
free(plugin_list->argv);
1250
610
if(dir != NULL){
1254
/* Kill the processes */
1255
for(plugin *p = plugin_list; p != NULL; p = p->next){
1258
ret = kill(p->pid, SIGTERM);
1259
if(ret == -1 and errno != ESRCH){
1260
/* Set-uid proccesses might not get closed */
1261
error(0, errno, "kill");
614
/* Free the process list and kill the processes */
615
for(process *next; process_list != NULL; process_list = next){
616
next = process_list->next;
617
close(process_list->fd);
618
kill(process_list->pid, SIGTERM);
619
free(process_list->buffer);
1266
623
/* Wait for any remaining child processes to terminate */
1268
625
ret = wait(NULL);
1269
626
} while(ret >= 0);
1270
627
if(errno != ECHILD){
1271
error(0, errno, "wait");
1279
631
return exitstatus;