/mandos/trunk

/*  -*- coding: utf-8; mode: c; mode: orgtbl -*- */

/*

 * Mandos plugin runner - Run Mandos plugins

 *

 * Copyright © 2008,2009 Teddy Hogeborn

 * Copyright © 2008,2009 Björn Påhlsson

 * 

 * This program is free software: you can redistribute it and/or

 * modify it under the terms of the GNU General Public License as

 * published by the Free Software Foundation, either version 3 of the

 * License, or (at your option) any later version.

 * 

 * This program is distributed in the hope that it will be useful, but

 * WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

 * General Public License for more details.

 * 

 * You should have received a copy of the GNU General Public License

 * along with this program.  If not, see

 * <http://www.gnu.org/licenses/>.

 * 

 * Contact the authors at <mandos@fukt.bsnet.se>.

 */

#define _GNU_SOURCE		/* TEMP_FAILURE_RETRY(), getline(),

				   asprintf(), O_CLOEXEC */

#include <stddef.h>		/* size_t, NULL */

#include <stdlib.h>		/* malloc(), exit(), EXIT_SUCCESS,

				   realloc() */

#include <stdbool.h>		/* bool, true, false */

#include <stdio.h>		/* perror, fileno(), fprintf(),

				   stderr, STDOUT_FILENO */

#include <sys/types.h>	        /* DIR, fdopendir(), stat(), struct

				   stat, waitpid(), WIFEXITED(),

				   WEXITSTATUS(), wait(), pid_t,

				   uid_t, gid_t, getuid(), getgid(),

				   dirfd() */

#include <sys/select.h>		/* fd_set, select(), FD_ZERO(),

				   FD_SET(), FD_ISSET(), FD_CLR */

#include <sys/wait.h>		/* wait(), waitpid(), WIFEXITED(),

				   WEXITSTATUS(), WTERMSIG(),

				   WCOREDUMP() */

#include <sys/stat.h>		/* struct stat, stat(), S_ISREG() */

#include <iso646.h>		/* and, or, not */

#include <dirent.h>		/* DIR, struct dirent, fdopendir(),

				   readdir(), closedir(), dirfd() */

#include <unistd.h>		/* struct stat, stat(), S_ISREG(),

				   fcntl(), setuid(), setgid(),

				   F_GETFD, F_SETFD, FD_CLOEXEC,

				   access(), pipe(), fork(), close()

				   dup2(), STDOUT_FILENO, _exit(),

				   execv(), write(), read(),

				   close() */

#include <fcntl.h>		/* fcntl(), F_GETFD, F_SETFD,

				   FD_CLOEXEC */

#include <string.h>		/* strsep, strlen(), asprintf(),

				   strsignal(), strcmp(), strncmp() */

#include <errno.h>		/* errno */

#include <argp.h>		/* struct argp_option, struct

				   argp_state, struct argp,

				   argp_parse(), ARGP_ERR_UNKNOWN,

				   ARGP_KEY_END, ARGP_KEY_ARG,

				   error_t */

#include <signal.h> 		/* struct sigaction, sigemptyset(),

				   sigaddset(), sigaction(),

				   sigprocmask(), SIG_BLOCK, SIGCHLD,

				   SIG_UNBLOCK, kill(), sig_atomic_t

				*/

#include <errno.h>		/* errno, EBADF */

#include <inttypes.h>		/* intmax_t, PRIdMAX, strtoimax() */

#include <sysexits.h>		/* EX_OSERR, EX_USAGE, EX_IOERR,

				   EX_CONFIG, EX_UNAVAILABLE, EX_OK */

#define BUFFER_SIZE 256

#define PDIR "/lib/mandos/plugins.d"

#define AFILE "/conf/conf.d/mandos/plugin-runner.conf"

const char *argp_program_version = "plugin-runner " VERSION;

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

typedef struct plugin{

  char *name;			/* can be NULL or any plugin name */

  char **argv;

  int argc;

  char **environ;

  int envc;

  bool disabled;

  /* Variables used for running processes*/

  pid_t pid;

  int fd;

  char *buffer;

  size_t buffer_size;

  size_t buffer_length;

  bool eof;

  volatile sig_atomic_t completed;

  int status;

  struct plugin *next;

} plugin;

static plugin *plugin_list = NULL;

/* Gets an existing plugin based on name,

   or if none is found, creates a new one */

static plugin *getplugin(char *name){

  /* Check for existing plugin with that name */

  for(plugin *p = plugin_list; p != NULL; p = p->next){

    if((p->name == name)

       or (p->name and name and (strcmp(p->name, name) == 0))){

      return p;

    }

  }

  /* Create a new plugin */

  plugin *new_plugin = NULL;

  do {

    new_plugin = malloc(sizeof(plugin));

  } while(new_plugin == NULL and errno == EINTR);

  if(new_plugin == NULL){

    return NULL;

  }

  char *copy_name = NULL;

  if(name != NULL){

    do {

      copy_name = strdup(name);

    } while(copy_name == NULL and errno == EINTR);

    if(copy_name == NULL){

      int e = errno;

      free(new_plugin);

      errno = e;

      return NULL;

    }

  }

  *new_plugin = (plugin){ .name = copy_name,

			  .argc = 1,

			  .disabled = false,

			  .next = plugin_list };

  do {

    new_plugin->argv = malloc(sizeof(char *) * 2);

  } while(new_plugin->argv == NULL and errno == EINTR);

  if(new_plugin->argv == NULL){

    int e = errno;

    free(copy_name);

    free(new_plugin);

    errno = e;

    return NULL;

  }

  new_plugin->argv[0] = copy_name;

  new_plugin->argv[1] = NULL;

  do {

    new_plugin->environ = malloc(sizeof(char *));

  } while(new_plugin->environ == NULL and errno == EINTR);

  if(new_plugin->environ == NULL){

    int e = errno;

    free(copy_name);

    free(new_plugin->argv);

    free(new_plugin);

    errno = e;

    return NULL;

  }

  new_plugin->environ[0] = NULL;

  /* Append the new plugin to the list */

  plugin_list = new_plugin;

  return new_plugin;

}

/* Helper function for add_argument and add_environment */

static bool add_to_char_array(const char *new, char ***array,

			      int *len){

  /* Resize the pointed-to array to hold one more pointer */

  do {

    *array = realloc(*array, sizeof(char *)

		     * (size_t) ((*len) + 2));

  } while(*array == NULL and errno == EINTR);

  /* Malloc check */

  if(*array == NULL){

    return false;

  }

  /* Make a copy of the new string */

  char *copy;

  do {

    copy = strdup(new);

  } while(copy == NULL and errno == EINTR);

  if(copy == NULL){

    return false;

  }

  /* Insert the copy */

  (*array)[*len] = copy;

  (*len)++;

  /* Add a new terminating NULL pointer to the last element */

  (*array)[*len] = NULL;

  return true;

}

/* Add to a plugin's argument vector */

static bool add_argument(plugin *p, const char *arg){

  if(p == NULL){

    return false;

  }

  return add_to_char_array(arg, &(p->argv), &(p->argc));

}

/* Add to a plugin's environment */

static bool add_environment(plugin *p, const char *def, bool replace){

  if(p == NULL){

    return false;

  }

  /* namelen = length of name of environment variable */

  size_t namelen = (size_t)(strchrnul(def, '=') - def);

  /* Search for this environment variable */

  for(char **e = p->environ; *e != NULL; e++){

    if(strncmp(*e, def, namelen + 1) == 0){

      /* It already exists */

      if(replace){

	char *new;

	do {

	  new = realloc(*e, strlen(def) + 1);

	} while(new == NULL and errno == EINTR);

	if(new == NULL){

	  return false;

	}

	*e = new;

	strcpy(*e, def);

      }

      return true;

    }

  }

  return add_to_char_array(def, &(p->environ), &(p->envc));

}

/*

 * Based on the example in the GNU LibC manual chapter 13.13 "File

 * Descriptor Flags".

 | [[info:libc:Descriptor%20Flags][File Descriptor Flags]] |

 */

static int set_cloexec_flag(int fd){

  int ret = (int)TEMP_FAILURE_RETRY(fcntl(fd, F_GETFD, 0));

  /* If reading the flags failed, return error indication now. */

  if(ret < 0){

    return ret;

  }

  /* Store modified flag word in the descriptor. */

  return (int)TEMP_FAILURE_RETRY(fcntl(fd, F_SETFD,

				       ret | FD_CLOEXEC));

}

/* Mark processes as completed when they exit, and save their exit

   status. */

static void handle_sigchld(__attribute__((unused)) int sig){

  int old_errno = errno;

  while(true){

    plugin *proc = plugin_list;

    int status;

    pid_t pid = waitpid(-1, &status, WNOHANG);

    if(pid == 0){

      /* Only still running child processes */

      break;

    }

    if(pid == -1){

      if(errno == ECHILD){

	/* No child processes */

	break;

      }

      perror("waitpid");

    }

    /* A child exited, find it in process_list */

    while(proc != NULL and proc->pid != pid){

      proc = proc->next;

    }

    if(proc == NULL){

      /* Process not found in process list */

      continue;

    }

    proc->status = status;

    proc->completed = 1;

  }

  errno = old_errno;

}

/* Prints out a password to stdout */

static bool print_out_password(const char *buffer, size_t length){

  ssize_t ret;

  for(size_t written = 0; written < length; written += (size_t)ret){

    ret = TEMP_FAILURE_RETRY(write(STDOUT_FILENO, buffer + written,

				   length - written));

    if(ret < 0){

      return false;

    }

  }

  return true;

}

/* Removes and free a plugin from the plugin list */

static void free_plugin(plugin *plugin_node){

  for(char **arg = plugin_node->argv; *arg != NULL; arg++){

    free(*arg);

  }

  free(plugin_node->argv);

  for(char **env = plugin_node->environ; *env != NULL; env++){

    free(*env);

  }

  free(plugin_node->environ);

  free(plugin_node->buffer);

  /* Removes the plugin from the singly-linked list */

  if(plugin_node == plugin_list){

    /* First one - simple */

    plugin_list = plugin_list->next;

  } else {

    /* Second one or later */

    for(plugin *p = plugin_list; p != NULL; p = p->next){

      if(p->next == plugin_node){

	p->next = plugin_node->next;

	break;

      }

    }

  }

  free(plugin_node);

}

static void free_plugin_list(void){

  while(plugin_list != NULL){

    free_plugin(plugin_list);

  }

}

int main(int argc, char *argv[]){

  char *plugindir = NULL;

  char *argfile = NULL;

  FILE *conffp;

  size_t d_name_len;

  DIR *dir = NULL;

  struct dirent *dirst;

  struct stat st;

  fd_set rfds_all;

  int ret, maxfd = 0;

  ssize_t sret;

  uid_t uid = 65534;

  gid_t gid = 65534;

  bool debug = false;

  int exitstatus = EXIT_SUCCESS;

  struct sigaction old_sigchld_action;

  struct sigaction sigchld_action = { .sa_handler = handle_sigchld,

				      .sa_flags = SA_NOCLDSTOP };

  char **custom_argv = NULL;

  int custom_argc = 0;

  /* Establish a signal handler */

  sigemptyset(&sigchld_action.sa_mask);

  ret = sigaddset(&sigchld_action.sa_mask, SIGCHLD);

  if(ret == -1){

    perror("sigaddset");

    exitstatus = EX_OSERR;

    goto fallback;

  }

  ret = sigaction(SIGCHLD, &sigchld_action, &old_sigchld_action);

  if(ret == -1){

    perror("sigaction");

    exitstatus = EX_OSERR;

    goto fallback;

  }

  /* The options we understand. */

  struct argp_option options[] = {

    { .name = "global-options", .key = 'g',

      .arg = "OPTION[,OPTION[,...]]",

      .doc = "Options passed to all plugins" },

    { .name = "global-env", .key = 'G',

      .arg = "VAR=value",

      .doc = "Environment variable passed to all plugins" },

    { .name = "options-for", .key = 'o',

      .arg = "PLUGIN:OPTION[,OPTION[,...]]",

      .doc = "Options passed only to specified plugin" },

    { .name = "env-for", .key = 'E',

      .arg = "PLUGIN:ENV=value",

      .doc = "Environment variable passed to specified plugin" },

    { .name = "disable", .key = 'd',

      .arg = "PLUGIN",

      .doc = "Disable a specific plugin", .group = 1 },

    { .name = "enable", .key = 'e',

      .arg = "PLUGIN",

      .doc = "Enable a specific plugin", .group = 1 },

    { .name = "plugin-dir", .key = 128,

      .arg = "DIRECTORY",

      .doc = "Specify a different plugin directory", .group = 2 },

    { .name = "config-file", .key = 129,

      .arg = "FILE",

      .doc = "Specify a different configuration file", .group = 2 },

    { .name = "userid", .key = 130,

      .arg = "ID", .flags = 0,

      .doc = "User ID the plugins will run as", .group = 3 },

    { .name = "groupid", .key = 131,

      .arg = "ID", .flags = 0,

      .doc = "Group ID the plugins will run as", .group = 3 },

    { .name = "debug", .key = 132,

      .doc = "Debug mode", .group = 4 },

    /*

     * These reproduce what we would get without ARGP_NO_HELP

     */

    { .name = "help", .key = '?',

      .doc = "Give this help list", .group = -1 },

    { .name = "usage", .key = -3,

      .doc = "Give a short usage message", .group = -1 },

    { .name = "version", .key = 'V',

      .doc = "Print program version", .group = -1 },

    { .name = NULL }

  };

  error_t parse_opt(int key, char *arg, struct argp_state *state){

    errno = 0;

    switch(key){

      char *tmp;

      intmax_t tmpmax;

    case 'g': 			/* --global-options */

      {

	char *plugin_option;

	while((plugin_option = strsep(&arg, ",")) != NULL){

	  if(not add_argument(getplugin(NULL), plugin_option)){

	    break;

	  }

	}

      }

      break;

    case 'G':			/* --global-env */

      add_environment(getplugin(NULL), arg, true);

      break;

    case 'o':			/* --options-for */

      {

	char *option_list = strchr(arg, ':');

	if(option_list == NULL){

	  argp_error(state, "No colon in \"%s\"", arg);

	  errno = EINVAL;

	  break;

	}

	*option_list = '\0';

	option_list++;

	if(arg[0] == '\0'){

	  argp_error(state, "Empty plugin name");

	  errno = EINVAL;

	  break;

	}

	char *option;

	while((option = strsep(&option_list, ",")) != NULL){

	  if(not add_argument(getplugin(arg), option)){

	    break;

	  }

	}

      }

      break;

    case 'E':			/* --env-for */

      {

	char *envdef = strchr(arg, ':');

	if(envdef == NULL){

	  argp_error(state, "No colon in \"%s\"", arg);

	  errno = EINVAL;

	  break;

	}

	*envdef = '\0';

	envdef++;

	if(arg[0] == '\0'){

	  argp_error(state, "Empty plugin name");

	  errno = EINVAL;

	  break;

	}

	add_environment(getplugin(arg), envdef, true);

      }

      break;

    case 'd':			/* --disable */

      {

	plugin *p = getplugin(arg);

	if(p != NULL){

	  p->disabled = true;

	}

      }

      break;

    case 'e':			/* --enable */

      {

	plugin *p = getplugin(arg);

	if(p != NULL){

	  p->disabled = false;

	}

      }

      break;

    case 128:			/* --plugin-dir */

      free(plugindir);

      plugindir = strdup(arg);

      break;

    case 129:			/* --config-file */

      /* This is already done by parse_opt_config_file() */

      break;

    case 130:			/* --userid */

      tmpmax = strtoimax(arg, &tmp, 10);

      if(errno != 0 or tmp == arg or *tmp != '\0'

	 or tmpmax != (uid_t)tmpmax){

	argp_error(state, "Bad user ID number: \"%s\", using %"

		   PRIdMAX, arg, (intmax_t)uid);

	break;

      }

      uid = (uid_t)tmpmax;

      break;

    case 131:			/* --groupid */

      tmpmax = strtoimax(arg, &tmp, 10);

      if(errno != 0 or tmp == arg or *tmp != '\0'

	 or tmpmax != (gid_t)tmpmax){

	argp_error(state, "Bad group ID number: \"%s\", using %"