To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugin-runner.c
- browse files at revision 1055
- compare with another revision
- download diff
- download tarball
- view history from revision 1055
- Committer: Teddy Hogeborn
- Date: 2019-03-12 20:13:34 UTC
- Revision ID: teddy@recompile.se-20190312201334-my3htrprewjosuw5
mandos-ctl: Refactor
* mandos-ctl: Reorder everything into logical order; put main() first,
and put every subsequent definition as soon as possible
after its first use, except superclasses which need to
be placed before the classes inheriting from them.
Reorder all tests to match.
* mandos-ctl: Reorder everything into logical order; put main() first,
and put every subsequent definition as soon as possible
after its first use, except superclasses which need to
be placed before the classes inheriting from them.
Reorder all tests to match.
- files added:
- DBUS-API
- debian/source
- debian/upstream
- network-hooks.d
- plugin-helpers
- files removed:
- initramfs-tools-hook-conf
- files modified:
- .bzrignore
added
removed
plugin-runner.c
1
/* -*- coding: utf-8 -*- */
1
/* -*- coding: utf-8; mode: c; mode: orgtbl -*- */
2
2
/*
3
3
* Mandos plugin runner - Run Mandos plugins
4
4
*
5
* Copyright © 2008,2009 Teddy Hogeborn
6
* Copyright © 2008,2009 Björn Påhlsson
7
*
8
* This program is free software: you can redistribute it and/or
9
* modify it under the terms of the GNU General Public License as
10
* published by the Free Software Foundation, either version 3 of the
11
* License, or (at your option) any later version.
12
*
13
* This program is distributed in the hope that it will be useful, but
5
* Copyright © 2008-2018 Teddy Hogeborn
6
* Copyright © 2008-2018 Björn Påhlsson
7
*
8
* This file is part of Mandos.
9
*
10
* Mandos is free software: you can redistribute it and/or modify it
11
* under the terms of the GNU General Public License as published by
12
* the Free Software Foundation, either version 3 of the License, or
13
* (at your option) any later version.
14
*
15
* Mandos is distributed in the hope that it will be useful, but
14
16
* WITHOUT ANY WARRANTY; without even the implied warranty of
15
17
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16
18
* General Public License for more details.
17
19
*
18
20
* You should have received a copy of the GNU General Public License
19
* along with this program. If not, see
20
* <http://www.gnu.org/licenses/>.
21
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
21
22
*
22
* Contact the authors at <mandos@fukt.bsnet.se>.
23
* Contact the authors at <mandos@recompile.se>.
23
24
*/
24
25
25
26
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), getline(),
26
asprintf() */
27
O_CLOEXEC, pipe2() */
27
28
#include <stddef.h> /* size_t, NULL */
28
#include <stdlib.h> /* malloc(), exit(), EXIT_FAILURE,
29
EXIT_SUCCESS, realloc() */
29
#include <stdlib.h> /* malloc(), exit(), EXIT_SUCCESS,
30
realloc() */
30
31
#include <stdbool.h> /* bool, true, false */
31
#include <stdio.h> /* perror, fileno(), fprintf(),
32
stderr, STDOUT_FILENO */
33
#include <sys/types.h> /* DIR, opendir(), stat(), struct
34
stat, waitpid(), WIFEXITED(),
35
WEXITSTATUS(), wait(), pid_t,
36
uid_t, gid_t, getuid(), getgid(),
37
dirfd() */
32
#include <stdio.h> /* fileno(), fprintf(),
33
stderr, STDOUT_FILENO, fclose() */
34
#include <sys/types.h> /* fstat(), struct stat, waitpid(),
35
WIFEXITED(), WEXITSTATUS(), wait(),
36
pid_t, uid_t, gid_t, getuid(),
37
getgid() */
38
38
#include <sys/select.h> /* fd_set, select(), FD_ZERO(),
39
39
FD_SET(), FD_ISSET(), FD_CLR */
40
40
#include <sys/wait.h> /* wait(), waitpid(), WIFEXITED(),
41
WEXITSTATUS() */
42
#include <sys/stat.h> /* struct stat, stat(), S_ISREG() */
41
WEXITSTATUS(), WTERMSIG() */
42
#include <sys/stat.h> /* struct stat, fstat(), S_ISREG() */
43
43
#include <iso646.h> /* and, or, not */
44
#include <dirent.h> /* DIR, struct dirent, opendir(),
45
readdir(), closedir(), dirfd() */
46
#include <unistd.h> /* struct stat, stat(), S_ISREG(),
47
fcntl(), setuid(), setgid(),
48
F_GETFD, F_SETFD, FD_CLOEXEC,
49
access(), pipe(), fork(), close()
50
dup2(), STDOUT_FILENO, _exit(),
51
execv(), write(), read(),
52
close() */
44
#include <dirent.h> /* struct dirent, scandirat() */
45
#include <unistd.h> /* fcntl(), F_GETFD, F_SETFD,
46
FD_CLOEXEC, write(), STDOUT_FILENO,
47
struct stat, fstat(), close(),
48
setgid(), setuid(), S_ISREG(),
49
faccessat() pipe2(), fork(),
50
_exit(), dup2(), fexecve(), read()
51
*/
53
52
#include <fcntl.h> /* fcntl(), F_GETFD, F_SETFD,
54
FD_CLOEXEC */
55
#include <string.h> /* strsep, strlen(), asprintf() */
53
FD_CLOEXEC, openat(), scandirat(),
54
pipe2() */
55
#include <string.h> /* strsep, strlen(), strsignal(),
56
strcmp(), strncmp() */
56
57
#include <errno.h> /* errno */
57
58
#include <argp.h> /* struct argp_option, struct
58
59
argp_state, struct argp,
66
67
*/
67
68
#include <errno.h> /* errno, EBADF */
68
69
#include <inttypes.h> /* intmax_t, PRIdMAX, strtoimax() */
70
#include <sysexits.h> /* EX_OSERR, EX_USAGE, EX_IOERR,
71
EX_CONFIG, EX_UNAVAILABLE, EX_OK */
72
#include <errno.h> /* errno */
73
#include <error.h> /* error() */
74
#include <fnmatch.h> /* fnmatch() */
69
75
70
76
#define BUFFER_SIZE 256
71
77
72
78
#define PDIR "/lib/mandos/plugins.d"
79
#define PHDIR "/lib/mandos/plugin-helpers"
73
80
#define AFILE "/conf/conf.d/mandos/plugin-runner.conf"
74
81
75
82
const char *argp_program_version = "plugin-runner " VERSION;
76
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
83
const char *argp_program_bug_address = "<mandos@recompile.se>";
77
84
78
85
typedef struct plugin{
79
86
char *name; /* can be NULL or any plugin name */
99
106
100
107
/* Gets an existing plugin based on name,
101
108
or if none is found, creates a new one */
109
__attribute__((warn_unused_result))
102
110
static plugin *getplugin(char *name){
103
/* Check for exiting plugin with that name */
111
/* Check for existing plugin with that name */
104
112
for(plugin *p = plugin_list; p != NULL; p = p->next){
105
113
if((p->name == name)
106
114
or (p->name and name and (strcmp(p->name, name) == 0))){
108
116
}
109
117
}
110
118
/* Create a new plugin */
111
plugin *new_plugin = malloc(sizeof(plugin));
119
plugin *new_plugin = NULL;
120
do {
121
new_plugin = malloc(sizeof(plugin));
122
} while(new_plugin == NULL and errno == EINTR);
112
123
if(new_plugin == NULL){
113
124
return NULL;
114
125
}
115
126
char *copy_name = NULL;
116
127
if(name != NULL){
117
copy_name = strdup(name);
128
do {
129
copy_name = strdup(name);
130
} while(copy_name == NULL and errno == EINTR);
118
131
if(copy_name == NULL){
132
int e = errno;
119
133
free(new_plugin);
134
errno = e;
120
135
return NULL;
121
136
}
122
137
}
126
141
.disabled = false,
127
142
.next = plugin_list };
128
143
129
new_plugin->argv = malloc(sizeof(char *) * 2);
144
do {
145
new_plugin->argv = malloc(sizeof(char *) * 2);
146
} while(new_plugin->argv == NULL and errno == EINTR);
130
147
if(new_plugin->argv == NULL){
148
int e = errno;
131
149
free(copy_name);
132
150
free(new_plugin);
151
errno = e;
133
152
return NULL;
134
153
}
135
154
new_plugin->argv[0] = copy_name;
136
155
new_plugin->argv[1] = NULL;
137
156
138
new_plugin->environ = malloc(sizeof(char *));
157
do {
158
new_plugin->environ = malloc(sizeof(char *));
159
} while(new_plugin->environ == NULL and errno == EINTR);
139
160
if(new_plugin->environ == NULL){
161
int e = errno;
140
162
free(copy_name);
141
163
free(new_plugin->argv);
142
164
free(new_plugin);
165
errno = e;
143
166
return NULL;
144
167
}
145
168
new_plugin->environ[0] = NULL;
150
173
}
151
174
152
175
/* Helper function for add_argument and add_environment */
176
__attribute__((nonnull, warn_unused_result))
153
177
static bool add_to_char_array(const char *new, char ***array,
154
178
int *len){
155
179
/* Resize the pointed-to array to hold one more pointer */
156
*array = realloc(*array, sizeof(char *)
157
* (size_t) ((*len) + 2));
180
char **new_array = NULL;
181
do {
182
new_array = realloc(*array, sizeof(char *)
183
* (size_t) ((*len) + 2));
184
} while(new_array == NULL and errno == EINTR);
158
185
/* Malloc check */
159
if(*array == NULL){
186
if(new_array == NULL){
160
187
return false;
161
188
}
189
*array = new_array;
162
190
/* Make a copy of the new string */
163
char *copy = strdup(new);
191
char *copy;
192
do {
193
copy = strdup(new);
194
} while(copy == NULL and errno == EINTR);
164
195
if(copy == NULL){
165
196
return false;
166
197
}
173
204
}
174
205
175
206
/* Add to a plugin's argument vector */
207
__attribute__((nonnull(2), warn_unused_result))
176
208
static bool add_argument(plugin *p, const char *arg){
177
209
if(p == NULL){
178
210
return false;
181
213
}
182
214
183
215
/* Add to a plugin's environment */
216
__attribute__((nonnull(2), warn_unused_result))
184
217
static bool add_environment(plugin *p, const char *def, bool replace){
185
218
if(p == NULL){
186
219
return false;
188
221
/* namelen = length of name of environment variable */
189
222
size_t namelen = (size_t)(strchrnul(def, '=') - def);
190
223
/* Search for this environment variable */
191
for(char **e = p->environ; *e != NULL; e++){
192
if(strncmp(*e, def, namelen + 1) == 0){
224
for(char **envdef = p->environ; *envdef != NULL; envdef++){
225
if(strncmp(*envdef, def, namelen + 1) == 0){
193
226
/* It already exists */
194
227
if(replace){
195
char *new = realloc(*e, strlen(def) + 1);
196
if(new == NULL){
228
char *new_envdef;
229
do {
230
new_envdef = realloc(*envdef, strlen(def) + 1);
231
} while(new_envdef == NULL and errno == EINTR);
232
if(new_envdef == NULL){
197
233
return false;
198
234
}
199
*e = new;
200
strcpy(*e, def);
235
*envdef = new_envdef;
236
strcpy(*envdef, def);
201
237
}
202
238
return true;
203
239
}
205
241
return add_to_char_array(def, &(p->environ), &(p->envc));
206
242
}
207
243
244
#ifndef O_CLOEXEC
208
245
/*
209
246
* Based on the example in the GNU LibC manual chapter 13.13 "File
210
247
* Descriptor Flags".
211
* *Note File Descriptor Flags:(libc)Descriptor Flags.
248
| [[info:libc:Descriptor%20Flags][File Descriptor Flags]] |
212
249
*/
250
__attribute__((warn_unused_result))
213
251
static int set_cloexec_flag(int fd){
214
int ret = fcntl(fd, F_GETFD, 0);
252
int ret = (int)TEMP_FAILURE_RETRY(fcntl(fd, F_GETFD, 0));
215
253
/* If reading the flags failed, return error indication now. */
216
254
if(ret < 0){
217
255
return ret;
218
256
}
219
257
/* Store modified flag word in the descriptor. */
220
return fcntl(fd, F_SETFD, ret | FD_CLOEXEC);
258
return (int)TEMP_FAILURE_RETRY(fcntl(fd, F_SETFD,
259
ret | FD_CLOEXEC));
221
260
}
261
#endif /* not O_CLOEXEC */
222
262
223
263
224
264
/* Mark processes as completed when they exit, and save their exit
238
278
/* No child processes */
239
279
break;
240
280
}
241
perror("waitpid");
281
error(0, errno, "waitpid");
242
282
}
243
283
244
284
/* A child exited, find it in process_list */
256
296
}
257
297
258
298
/* Prints out a password to stdout */
299
__attribute__((nonnull, warn_unused_result))
259
300
static bool print_out_password(const char *buffer, size_t length){
260
301
ssize_t ret;
261
302
for(size_t written = 0; written < length; written += (size_t)ret){
269
310
}
270
311
271
312
/* Removes and free a plugin from the plugin list */
313
__attribute__((nonnull))
272
314
static void free_plugin(plugin *plugin_node){
273
315
274
316
for(char **arg = plugin_node->argv; *arg != NULL; arg++){
306
348
307
349
int main(int argc, char *argv[]){
308
350
char *plugindir = NULL;
351
char *pluginhelperdir = NULL;
309
352
char *argfile = NULL;
310
353
FILE *conffp;
311
size_t d_name_len;
312
DIR *dir = NULL;
313
struct dirent *dirst;
354
struct dirent **direntries = NULL;
314
355
struct stat st;
315
356
fd_set rfds_all;
316
357
int ret, maxfd = 0;
317
358
ssize_t sret;
318
intmax_t tmpmax;
319
359
uid_t uid = 65534;
320
360
gid_t gid = 65534;
321
361
bool debug = false;
325
365
.sa_flags = SA_NOCLDSTOP };
326
366
char **custom_argv = NULL;
327
367
int custom_argc = 0;
368
int dir_fd = -1;
328
369
329
370
/* Establish a signal handler */
330
371
sigemptyset(&sigchld_action.sa_mask);
331
372
ret = sigaddset(&sigchld_action.sa_mask, SIGCHLD);
332
373
if(ret == -1){
333
perror("sigaddset");
334
exitstatus = EXIT_FAILURE;
374
error(0, errno, "sigaddset");
375
exitstatus = EX_OSERR;
335
376
goto fallback;
336
377
}
337
378
ret = sigaction(SIGCHLD, &sigchld_action, &old_sigchld_action);
338
379
if(ret == -1){
339
perror("sigaction");
340
exitstatus = EXIT_FAILURE;
380
error(0, errno, "sigaction");
381
exitstatus = EX_OSERR;
341
382
goto fallback;
342
383
}
343
384
375
416
.doc = "Group ID the plugins will run as", .group = 3 },
376
417
{ .name = "debug", .key = 132,
377
418
.doc = "Debug mode", .group = 4 },
419
{ .name = "plugin-helper-dir", .key = 133,
420
.arg = "DIRECTORY",
421
.doc = "Specify a different plugin helper directory",
422
.group = 2 },
423
/*
424
* These reproduce what we would get without ARGP_NO_HELP
425
*/
426
{ .name = "help", .key = '?',
427
.doc = "Give this help list", .group = -1 },
428
{ .name = "usage", .key = -3,
429
.doc = "Give a short usage message", .group = -1 },
430
{ .name = "version", .key = 'V',
431
.doc = "Print program version", .group = -1 },
378
432
{ .name = NULL }
379
433
};
380
434
381
error_t parse_opt(int key, char *arg, __attribute__((unused))
382
struct argp_state *state){
383
char *tmp;
435
__attribute__((nonnull(3)))
436
error_t parse_opt(int key, char *arg, struct argp_state *state){
437
errno = 0;
384
438
switch(key){
439
char *tmp;
440
intmax_t tmp_id;
385
441
case 'g': /* --global-options */
386
if(arg != NULL){
442
{
387
443
char *plugin_option;
388
444
while((plugin_option = strsep(&arg, ",")) != NULL){
389
if(plugin_option[0] == '\0'){
390
continue;
391
}
392
445
if(not add_argument(getplugin(NULL), plugin_option)){
393
perror("add_argument");
394
return ARGP_ERR_UNKNOWN;
446
break;
395
447
}
396
448
}
449
errno = 0;
397
450
}
398
451
break;
399
452
case 'G': /* --global-env */
400
if(arg == NULL){
401
break;
402
}
403
if(not add_environment(getplugin(NULL), arg, true)){
404
perror("add_environment");
453
if(add_environment(getplugin(NULL), arg, true)){
454
errno = 0;
405
455
}
406
456
break;
407
457
case 'o': /* --options-for */
408
if(arg != NULL){
409
char *plugin_name = strsep(&arg, ":");
410
if(plugin_name[0] == '\0'){
411
break;
412
}
413
char *plugin_option;
414
while((plugin_option = strsep(&arg, ",")) != NULL){
415
if(not add_argument(getplugin(plugin_name), plugin_option)){
416
perror("add_argument");
417
return ARGP_ERR_UNKNOWN;
458
{
459
char *option_list = strchr(arg, ':');
460
if(option_list == NULL){
461
argp_error(state, "No colon in \"%s\"", arg);
462
errno = EINVAL;
463
break;
464
}
465
*option_list = '\0';
466
option_list++;
467
if(arg[0] == '\0'){
468
argp_error(state, "Empty plugin name");
469
errno = EINVAL;
470
break;
471
}
472
char *option;
473
while((option = strsep(&option_list, ",")) != NULL){
474
if(not add_argument(getplugin(arg), option)){
475
break;
418
476
}
419
477
}
478
errno = 0;
420
479
}
421
480
break;
422
481
case 'E': /* --env-for */
423
if(arg == NULL){
424
break;
425
}
426
482
{
427
483
char *envdef = strchr(arg, ':');
428
484
if(envdef == NULL){
485
argp_error(state, "No colon in \"%s\"", arg);
486
errno = EINVAL;
429
487
break;
430
488
}
431
489
*envdef = '\0';
432
if(not add_environment(getplugin(arg), envdef+1, true)){
433
perror("add_environment");
490
envdef++;
491
if(arg[0] == '\0'){
492
argp_error(state, "Empty plugin name");
493
errno = EINVAL;
494
break;
495
}
496
if(add_environment(getplugin(arg), envdef, true)){
497
errno = 0;
434
498
}
435
499
}
436
500
break;
437
501
case 'd': /* --disable */
438
if(arg != NULL){
502
{
439
503
plugin *p = getplugin(arg);
440
if(p == NULL){
441
return ARGP_ERR_UNKNOWN;
504
if(p != NULL){
505
p->disabled = true;
506
errno = 0;
442
507
}
443
p->disabled = true;
444
508
}
445
509
break;
446
510
case 'e': /* --enable */
447
if(arg != NULL){
511
{
448
512
plugin *p = getplugin(arg);
449
if(p == NULL){
450
return ARGP_ERR_UNKNOWN;
513
if(p != NULL){
514
p->disabled = false;
515
errno = 0;
451
516
}
452
p->disabled = false;
453
517
}
454
518
break;
455
519
case 128: /* --plugin-dir */
456
520
free(plugindir);
457
521
plugindir = strdup(arg);
458
if(plugindir == NULL){
459
perror("strdup");
522
if(plugindir != NULL){
523
errno = 0;
460
524
}
461
525
break;
462
526
case 129: /* --config-file */
463
527
/* This is already done by parse_opt_config_file() */
464
528
break;
465
529
case 130: /* --userid */
466
errno = 0;
467
tmpmax = strtoimax(arg, &tmp, 10);
530
tmp_id = strtoimax(arg, &tmp, 10);
468
531
if(errno != 0 or tmp == arg or *tmp != '\0'
469
or tmpmax != (uid_t)tmpmax){
470
fprintf(stderr, "Bad user ID number: \"%s\", using %"
471
PRIdMAX "\n", arg, (intmax_t)uid);
472
} else {
473
uid = (uid_t)tmpmax;
532
or tmp_id != (uid_t)tmp_id){
533
argp_error(state, "Bad user ID number: \"%s\", using %"
534
PRIdMAX, arg, (intmax_t)uid);
535
break;
474
536
}
537
uid = (uid_t)tmp_id;
538
errno = 0;
475
539
break;
476
540
case 131: /* --groupid */
477
errno = 0;
478
tmpmax = strtoimax(arg, &tmp, 10);
541
tmp_id = strtoimax(arg, &tmp, 10);
479
542
if(errno != 0 or tmp == arg or *tmp != '\0'
480
or tmpmax != (gid_t)tmpmax){
481
fprintf(stderr, "Bad group ID number: \"%s\", using %"
482
PRIdMAX "\n", arg, (intmax_t)gid);
483
} else {
484
gid = (gid_t)tmpmax;
543
or tmp_id != (gid_t)tmp_id){
544
argp_error(state, "Bad group ID number: \"%s\", using %"
545
PRIdMAX, arg, (intmax_t)gid);
546
break;
485
547
}
548
gid = (gid_t)tmp_id;
549
errno = 0;
486
550
break;
487
551
case 132: /* --debug */
488
552
debug = true;
489
553
break;
554
case 133: /* --plugin-helper-dir */
555
free(pluginhelperdir);
556
pluginhelperdir = strdup(arg);
557
if(pluginhelperdir != NULL){
558
errno = 0;
559
}
560
break;
561
/*
562
* These reproduce what we would get without ARGP_NO_HELP
563
*/
564
case '?': /* --help */
565
state->flags &= ~(unsigned int)ARGP_NO_EXIT; /* force exit */
566
argp_state_help(state, state->out_stream, ARGP_HELP_STD_HELP);
567
__builtin_unreachable();
568
case -3: /* --usage */
569
state->flags &= ~(unsigned int)ARGP_NO_EXIT; /* force exit */
570
argp_state_help(state, state->out_stream,
571
ARGP_HELP_USAGE | ARGP_HELP_EXIT_OK);
572
__builtin_unreachable();
573
case 'V': /* --version */
574
fprintf(state->out_stream, "%s\n", argp_program_version);
575
exit(EXIT_SUCCESS);
576
break;
490
577
/*
491
578
* When adding more options before this line, remember to also add a
492
579
* "case" to the "parse_opt_config_file" function below.
495
582
/* Cryptsetup always passes an argument, which is an empty
496
583
string if "none" was specified in /etc/crypttab. So if
497
584
argument was empty, we ignore it silently. */
498
if(arg[0] != '\0'){
499
fprintf(stderr, "Ignoring unknown argument \"%s\"\n", arg);
585
if(arg[0] == '\0'){
586
break;
500
587
}
501
break;
502
case ARGP_KEY_END:
503
break;
588
/* FALLTHROUGH */
504
589
default:
505
590
return ARGP_ERR_UNKNOWN;
506
591
}
507
return 0;
592
return errno; /* Set to 0 at start */
508
593
}
509
594
510
595
/* This option parser is the same as parse_opt() above, except it
512
597
error_t parse_opt_config_file(int key, char *arg,
513
598
__attribute__((unused))
514
599
struct argp_state *state){
600
errno = 0;
515
601
switch(key){
516
602
case 'g': /* --global-options */
517
603
case 'G': /* --global-env */
524
610
case 129: /* --config-file */
525
611
free(argfile);
526
612
argfile = strdup(arg);
527
if(argfile == NULL){
528
perror("strdup");
613
if(argfile != NULL){
614
errno = 0;
529
615
}
530
616
break;
531
617
case 130: /* --userid */
532
618
case 131: /* --groupid */
533
619
case 132: /* --debug */
620
case 133: /* --plugin-helper-dir */
621
case '?': /* --help */
622
case -3: /* --usage */
623
case 'V': /* --version */
534
624
case ARGP_KEY_ARG:
535
case ARGP_KEY_END:
536
625
break;
537
626
default:
538
627
return ARGP_ERR_UNKNOWN;
539
628
}
540
return 0;
629
return errno;
541
630
}
542
631
543
632
struct argp argp = { .options = options,
547
636
548
637
/* Parse using parse_opt_config_file() in order to get the custom
549
638
config file location, if any. */
550
ret = argp_parse(&argp, argc, argv, ARGP_IN_ORDER, 0, NULL);
551
if(ret == ARGP_ERR_UNKNOWN){
552
fprintf(stderr, "Unknown error while parsing arguments\n");
553
exitstatus = EXIT_FAILURE;
639
ret = argp_parse(&argp, argc, argv,
640
ARGP_IN_ORDER | ARGP_NO_EXIT | ARGP_NO_HELP,
641
NULL, NULL);
642
switch(ret){
643
case 0:
644
break;
645
case ENOMEM:
646
default:
647
errno = ret;
648
error(0, errno, "argp_parse");
649
exitstatus = EX_OSERR;
650
goto fallback;
651
case EINVAL:
652
exitstatus = EX_USAGE;
554
653
goto fallback;
555
654
}
556
655
573
672
custom_argc = 1;
574
673
custom_argv = malloc(sizeof(char*) * 2);
575
674
if(custom_argv == NULL){
576
perror("malloc");
577
exitstatus = EXIT_FAILURE;
675
error(0, errno, "malloc");
676
exitstatus = EX_OSERR;
578
677
goto fallback;
579
678
}
580
679
custom_argv[0] = argv[0];
596
695
}
597
696
new_arg = strdup(p);
598
697
if(new_arg == NULL){
599
perror("strdup");
600
exitstatus = EXIT_FAILURE;
698
error(0, errno, "strdup");
699
exitstatus = EX_OSERR;
601
700
free(org_line);
602
701
goto fallback;
603
702
}
604
703
605
704
custom_argc += 1;
606
custom_argv = realloc(custom_argv, sizeof(char *)
607
* ((unsigned int) custom_argc + 1));
608
if(custom_argv == NULL){
609
perror("realloc");
610
exitstatus = EXIT_FAILURE;
611
free(org_line);
612
goto fallback;
705
{
706
char **new_argv = realloc(custom_argv, sizeof(char *)
707
* ((size_t)custom_argc + 1));
708
if(new_argv == NULL){
709
error(0, errno, "realloc");
710
exitstatus = EX_OSERR;
711
free(new_arg);
712
free(org_line);
713
goto fallback;
714
} else {
715
custom_argv = new_argv;
716
}
613
717
}
614
718
custom_argv[custom_argc-1] = new_arg;
615
719
custom_argv[custom_argc] = NULL;
616
720
}
617
721
}
722
do {
723
ret = fclose(conffp);
724
} while(ret == EOF and errno == EINTR);
725
if(ret == EOF){
726
error(0, errno, "fclose");
727
exitstatus = EX_IOERR;
728
goto fallback;
729
}
618
730
free(org_line);
619
731
} else {
620
732
/* Check for harmful errors and go to fallback. Other errors might
621
733
not affect opening plugins */
622
734
if(errno == EMFILE or errno == ENFILE or errno == ENOMEM){
623
perror("fopen");
624
exitstatus = EXIT_FAILURE;
735
error(0, errno, "fopen");
736
exitstatus = EX_OSERR;
625
737
goto fallback;
626
738
}
627
739
}
628
/* If there was any arguments from configuration file,
629
pass them to parser as command arguments */
740
/* If there were any arguments from the configuration file, pass
741
them to parser as command line arguments */
630
742
if(custom_argv != NULL){
631
ret = argp_parse(&argp, custom_argc, custom_argv, ARGP_IN_ORDER,
632
0, NULL);
633
if(ret == ARGP_ERR_UNKNOWN){
634
fprintf(stderr, "Unknown error while parsing arguments\n");
635
exitstatus = EXIT_FAILURE;
743
ret = argp_parse(&argp, custom_argc, custom_argv,
744
ARGP_IN_ORDER | ARGP_NO_EXIT | ARGP_NO_HELP,
745
NULL, NULL);
746
switch(ret){
747
case 0:
748
break;
749
case ENOMEM:
750
default:
751
errno = ret;
752
error(0, errno, "argp_parse");
753
exitstatus = EX_OSERR;
754
goto fallback;
755
case EINVAL:
756
exitstatus = EX_CONFIG;
636
757
goto fallback;
637
758
}
638
759
}
639
760
640
761
/* Parse actual command line arguments, to let them override the
641
762
config file */
642
ret = argp_parse(&argp, argc, argv, ARGP_IN_ORDER, 0, NULL);
643
if(ret == ARGP_ERR_UNKNOWN){
644
fprintf(stderr, "Unknown error while parsing arguments\n");
645
exitstatus = EXIT_FAILURE;
646
goto fallback;
763
ret = argp_parse(&argp, argc, argv,
764
ARGP_IN_ORDER | ARGP_NO_EXIT | ARGP_NO_HELP,
765
NULL, NULL);
766
switch(ret){
767
case 0:
768
break;
769
case ENOMEM:
770
default:
771
errno = ret;
772
error(0, errno, "argp_parse");
773
exitstatus = EX_OSERR;
774
goto fallback;
775
case EINVAL:
776
exitstatus = EX_USAGE;
777
goto fallback;
778
}
779
780
{
781
char *pluginhelperenv;
782
bool bret = true;
783
ret = asprintf(&pluginhelperenv, "MANDOSPLUGINHELPERDIR=%s",
784
pluginhelperdir != NULL ? pluginhelperdir : PHDIR);
785
if(ret != -1){
786
bret = add_environment(getplugin(NULL), pluginhelperenv, true);
787
}
788
if(ret == -1 or not bret){
789
error(0, errno, "Failed to set MANDOSPLUGINHELPERDIR"
790
" environment variable to \"%s\" for all plugins\n",
791
pluginhelperdir != NULL ? pluginhelperdir : PHDIR);
792
}
793
if(ret != -1){
794
free(pluginhelperenv);
795
}
647
796
}
648
797
649
798
if(debug){
650
for(plugin *p = plugin_list; p != NULL; p=p->next){
799
for(plugin *p = plugin_list; p != NULL; p = p->next){
651
800
fprintf(stderr, "Plugin: %s has %d arguments\n",
652
801
p->name ? p->name : "Global", p->argc - 1);
653
802
for(char **a = p->argv; *a != NULL; a++){
660
809
}
661
810
}
662
811
663
/* Strip permissions down to nobody */
664
setgid(gid);
812
if(getuid() == 0){
813
/* Work around Debian bug #633582:
814
<https://bugs.debian.org/633582> */
815
int plugindir_fd = open(/* plugindir or */ PDIR, O_RDONLY);
816
if(plugindir_fd == -1){
817
if(errno != ENOENT){
818
error(0, errno, "open(\"" PDIR "\")");
819
}
820
} else {
821
ret = (int)TEMP_FAILURE_RETRY(fstat(plugindir_fd, &st));
822
if(ret == -1){
823
error(0, errno, "fstat");
824
} else {
825
if(S_ISDIR(st.st_mode) and st.st_uid == 0 and st.st_gid == 0){
826
ret = fchown(plugindir_fd, uid, gid);
827
if(ret == -1){
828
error(0, errno, "fchown");
829
}
830
}
831
}
832
close(plugindir_fd);
833
}
834
}
835
836
/* Lower permissions */
837
ret = setgid(gid);
665
838
if(ret == -1){
666
perror("setgid");
839
error(0, errno, "setgid");
667
840
}
668
841
ret = setuid(uid);
669
842
if(ret == -1){
670
perror("setuid");
671
}
672
673
if(plugindir == NULL){
674
dir = opendir(PDIR);
675
} else {
676
dir = opendir(plugindir);
677
}
678
679
if(dir == NULL){
680
perror("Could not open plugin dir");
681
exitstatus = EXIT_FAILURE;
682
goto fallback;
683
}
684
685
/* Set the FD_CLOEXEC flag on the directory, if possible */
843
error(0, errno, "setuid");
844
}
845
846
/* Open plugin directory with close_on_exec flag */
686
847
{
687
int dir_fd = dirfd(dir);
688
if(dir_fd >= 0){
689
ret = set_cloexec_flag(dir_fd);
690
if(ret < 0){
691
perror("set_cloexec_flag");
692
exitstatus = EXIT_FAILURE;
693
goto fallback;
848
dir_fd = open(plugindir != NULL ? plugindir : PDIR, O_RDONLY |
849
#ifdef O_CLOEXEC
850
O_CLOEXEC
851
#else /* not O_CLOEXEC */
852
0
853
#endif /* not O_CLOEXEC */
854
);
855
if(dir_fd == -1){
856
error(0, errno, "Could not open plugin dir");
857
exitstatus = EX_UNAVAILABLE;
858
goto fallback;
859
}
860
861
#ifndef O_CLOEXEC
862
/* Set the FD_CLOEXEC flag on the directory */
863
ret = set_cloexec_flag(dir_fd);
864
if(ret < 0){
865
error(0, errno, "set_cloexec_flag");
866
exitstatus = EX_OSERR;
867
goto fallback;
868
}
869
#endif /* O_CLOEXEC */
870
}
871
872
int good_name(const struct dirent * const dirent){
873
const char * const patterns[] = { ".*", "#*#", "*~", "*.dpkg-new",
874
"*.dpkg-old", "*.dpkg-bak",
875
"*.dpkg-divert", NULL };
876
#ifdef __GNUC__
877
#pragma GCC diagnostic push
878
#pragma GCC diagnostic ignored "-Wcast-qual"
879
#endif
880
for(const char **pat = (const char **)patterns;
881
*pat != NULL; pat++){
882
#ifdef __GNUC__
883
#pragma GCC diagnostic pop
884
#endif
885
if(fnmatch(*pat, dirent->d_name, FNM_FILE_NAME | FNM_PERIOD)
886
!= FNM_NOMATCH){
887
if(debug){
888
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
889
" matching pattern %s\n", dirent->d_name, *pat);
890
}
891
return 0;
694
892
}
695
893
}
894
return 1;
895
}
896
897
int numplugins = scandirat(dir_fd, ".", &direntries, good_name,
898
alphasort);
899
if(numplugins == -1){
900
error(0, errno, "Could not scan plugin dir");
901
direntries = NULL;
902
exitstatus = EX_OSERR;
903
goto fallback;
696
904
}
697
905
698
906
FD_ZERO(&rfds_all);
699
907
700
908
/* Read and execute any executable in the plugin directory*/
701
while(true){
702
dirst = readdir(dir);
703
704
/* All directory entries have been processed */
705
if(dirst == NULL){
706
if(errno == EBADF){
707
perror("readdir");
708
exitstatus = EXIT_FAILURE;
709
goto fallback;
710
}
711
break;
712
}
713
714
d_name_len = strlen(dirst->d_name);
715
716
/* Ignore dotfiles, backup files and other junk */
717
{
718
bool bad_name = false;
719
720
const char const *bad_prefixes[] = { ".", "#", NULL };
721
722
const char const *bad_suffixes[] = { "~", "#", ".dpkg-new",
723
".dpkg-old",
724
".dpkg-bak",
725
".dpkg-divert", NULL };
726
for(const char **pre = bad_prefixes; *pre != NULL; pre++){
727
size_t pre_len = strlen(*pre);
728
if((d_name_len >= pre_len)
729
and strncmp((dirst->d_name), *pre, pre_len) == 0){
730
if(debug){
731
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
732
" with bad prefix %s\n", dirst->d_name, *pre);
733
}
734
bad_name = true;
735
break;
736
}
737
}
738
if(bad_name){
739
continue;
740
}
741
for(const char **suf = bad_suffixes; *suf != NULL; suf++){
742
size_t suf_len = strlen(*suf);
743
if((d_name_len >= suf_len)
744
and (strcmp((dirst->d_name)+d_name_len-suf_len, *suf)
745
== 0)){
746
if(debug){
747
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
748
" with bad suffix %s\n", dirst->d_name, *suf);
749
}
750
bad_name = true;
751
break;
752
}
753
}
754
755
if(bad_name){
756
continue;
757
}
758
}
759
760
char *filename;
761
if(plugindir == NULL){
762
ret = asprintf(&filename, PDIR "/%s", dirst->d_name);
763
} else {
764
ret = asprintf(&filename, "%s/%s", plugindir, dirst->d_name);
765
}
766
if(ret < 0){
767
perror("asprintf");
909
for(int i = 0; i < numplugins; i++){
910
911
int plugin_fd = openat(dir_fd, direntries[i]->d_name, O_RDONLY);
912
if(plugin_fd == -1){
913
error(0, errno, "Could not open plugin");
914
free(direntries[i]);
768
915
continue;
769
916
}
770
771
ret = stat(filename, &st);
917
ret = (int)TEMP_FAILURE_RETRY(fstat(plugin_fd, &st));
772
918
if(ret == -1){
773
perror("stat");
774
free(filename);
919
error(0, errno, "stat");
920
close(plugin_fd);
921
free(direntries[i]);
775
922
continue;
776
923
}
777
924
778
925
/* Ignore non-executable files */
779
if(not S_ISREG(st.st_mode) or (access(filename, X_OK) != 0)){
926
if(not S_ISREG(st.st_mode)
927
or (TEMP_FAILURE_RETRY(faccessat(dir_fd, direntries[i]->d_name,
928
X_OK, 0)) != 0)){
780
929
if(debug){
781
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
782
" with bad type or mode\n", filename);
930
fprintf(stderr, "Ignoring plugin dir entry \"%s/%s\""
931
" with bad type or mode\n",
932
plugindir != NULL ? plugindir : PDIR,
933
direntries[i]->d_name);
783
934
}
784
free(filename);
935
close(plugin_fd);
936
free(direntries[i]);
785
937
continue;
786
938
}
787
939
788
plugin *p = getplugin(dirst->d_name);
940
plugin *p = getplugin(direntries[i]->d_name);
789
941
if(p == NULL){
790
perror("getplugin");
791
free(filename);
942
error(0, errno, "getplugin");
943
close(plugin_fd);
944
free(direntries[i]);
792
945
continue;
793
946
}
794
947
if(p->disabled){
795
948
if(debug){
796
949
fprintf(stderr, "Ignoring disabled plugin \"%s\"\n",
797
dirst->d_name);
950
direntries[i]->d_name);
798
951
}
799
free(filename);
952
close(plugin_fd);
953
free(direntries[i]);
800
954
continue;
801
955
}
802
956
{
805
959
if(g != NULL){
806
960
for(char **a = g->argv + 1; *a != NULL; a++){
807
961
if(not add_argument(p, *a)){
808
perror("add_argument");
962
error(0, errno, "add_argument");
809
963
}
810
964
}
811
965
/* Add global environment variables */
812
966
for(char **e = g->environ; *e != NULL; e++){
813
967
if(not add_environment(p, *e, false)){
814
perror("add_environment");
968
error(0, errno, "add_environment");
815
969
}
816
970
}
817
971
}
818
972
}
819
/* If this plugin has any environment variables, we will call
820
using execve and need to duplicate the environment from this
821
process, too. */
973
/* If this plugin has any environment variables, we need to
974
duplicate the environment from this process, too. */
822
975
if(p->environ[0] != NULL){
823
976
for(char **e = environ; *e != NULL; e++){
824
977
if(not add_environment(p, *e, false)){
825
perror("add_environment");
978
error(0, errno, "add_environment");
826
979
}
827
980
}
828
981
}
829
982
830
983
int pipefd[2];
831
ret = pipe(pipefd);
984
#ifndef O_CLOEXEC
985
ret = (int)TEMP_FAILURE_RETRY(pipe(pipefd));
986
#else /* O_CLOEXEC */
987
ret = (int)TEMP_FAILURE_RETRY(pipe2(pipefd, O_CLOEXEC));
988
#endif /* O_CLOEXEC */
832
989
if(ret == -1){
833
perror("pipe");
834
exitstatus = EXIT_FAILURE;
835
goto fallback;
836
}
990
error(0, errno, "pipe");
991
exitstatus = EX_OSERR;
992
free(direntries[i]);
993
goto fallback;
994
}
995
if(pipefd[0] >= FD_SETSIZE){
996
fprintf(stderr, "pipe()[0] (%d) >= FD_SETSIZE (%d)", pipefd[0],
997
FD_SETSIZE);
998
close(pipefd[0]);
999
close(pipefd[1]);
1000
exitstatus = EX_OSERR;
1001
free(direntries[i]);
1002
goto fallback;
1003
}
1004
#ifndef O_CLOEXEC
837
1005
/* Ask OS to automatic close the pipe on exec */
838
1006
ret = set_cloexec_flag(pipefd[0]);
839
1007
if(ret < 0){
840
perror("set_cloexec_flag");
841
exitstatus = EXIT_FAILURE;
1008
error(0, errno, "set_cloexec_flag");
1009
close(pipefd[0]);
1010
close(pipefd[1]);
1011
exitstatus = EX_OSERR;
1012
free(direntries[i]);
842
1013
goto fallback;
843
1014
}
844
1015
ret = set_cloexec_flag(pipefd[1]);
845
1016
if(ret < 0){
846
perror("set_cloexec_flag");
847
exitstatus = EXIT_FAILURE;
1017
error(0, errno, "set_cloexec_flag");
1018
close(pipefd[0]);
1019
close(pipefd[1]);
1020
exitstatus = EX_OSERR;
1021
free(direntries[i]);
848
1022
goto fallback;
849
1023
}
1024
#endif /* not O_CLOEXEC */
850
1025
/* Block SIGCHLD until process is safely in process list */
851
ret = sigprocmask(SIG_BLOCK, &sigchld_action.sa_mask, NULL);
1026
ret = (int)TEMP_FAILURE_RETRY(sigprocmask(SIG_BLOCK,
1027
&sigchld_action.sa_mask,
1028
NULL));
852
1029
if(ret < 0){
853
perror("sigprocmask");
854
exitstatus = EXIT_FAILURE;
1030
error(0, errno, "sigprocmask");
1031
exitstatus = EX_OSERR;
1032
free(direntries[i]);
855
1033
goto fallback;
856
1034
}
857
1035
/* Starting a new process to be watched */
858
pid_t pid = fork();
1036
pid_t pid;
1037
do {
1038
pid = fork();
1039
} while(pid == -1 and errno == EINTR);
859
1040
if(pid == -1){
860
perror("fork");
861
exitstatus = EXIT_FAILURE;
1041
error(0, errno, "fork");
1042
TEMP_FAILURE_RETRY(sigprocmask(SIG_UNBLOCK,
1043
&sigchld_action.sa_mask, NULL));
1044
close(pipefd[0]);
1045
close(pipefd[1]);
1046
exitstatus = EX_OSERR;
1047
free(direntries[i]);
862
1048
goto fallback;
863
1049
}
864
1050
if(pid == 0){
865
1051
/* this is the child process */
866
1052
ret = sigaction(SIGCHLD, &old_sigchld_action, NULL);
867
1053
if(ret < 0){
868
perror("sigaction");
869
_exit(EXIT_FAILURE);
1054
error(0, errno, "sigaction");
1055
_exit(EX_OSERR);
870
1056
}
871
1057
ret = sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
872
1058
if(ret < 0){
873
perror("sigprocmask");
874
_exit(EXIT_FAILURE);
1059
error(0, errno, "sigprocmask");
1060
_exit(EX_OSERR);
875
1061
}
876
1062
877
1063
ret = dup2(pipefd[1], STDOUT_FILENO); /* replace our stdout */
878
1064
if(ret == -1){
879
perror("dup2");
880
_exit(EXIT_FAILURE);
1065
error(0, errno, "dup2");
1066
_exit(EX_OSERR);
881
1067
}
882
1068
883
if(dirfd(dir) < 0){
884
/* If dir has no file descriptor, we could not set FD_CLOEXEC
885
above and must now close it manually here. */
886
closedir(dir);
887
}
888
if(p->environ[0] == NULL){
889
if(execv(filename, p->argv) < 0){
890
perror("execv");
891
_exit(EXIT_FAILURE);
892
}
893
} else {
894
if(execve(filename, p->argv, p->environ) < 0){
895
perror("execve");
896
_exit(EXIT_FAILURE);
897
}
1069
if(fexecve(plugin_fd, p->argv,
1070
(p->environ[0] != NULL) ? p->environ : environ) < 0){
1071
error(0, errno, "fexecve for %s/%s",
1072
plugindir != NULL ? plugindir : PDIR,
1073
direntries[i]->d_name);
1074
_exit(EX_OSERR);
898
1075
}
899
1076
/* no return */
900
1077
}
901
1078
/* Parent process */
902
1079
close(pipefd[1]); /* Close unused write end of pipe */
903
free(filename);
904
plugin *new_plugin = getplugin(dirst->d_name);
1080
close(plugin_fd);
1081
plugin *new_plugin = getplugin(direntries[i]->d_name);
905
1082
if(new_plugin == NULL){
906
perror("getplugin");
907
ret = sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
1083
error(0, errno, "getplugin");
1084
ret = (int)(TEMP_FAILURE_RETRY
1085
(sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask,
1086
NULL)));
908
1087
if(ret < 0){
909
perror("sigprocmask");
1088
error(0, errno, "sigprocmask");
910
1089
}
911
exitstatus = EXIT_FAILURE;
1090
exitstatus = EX_OSERR;
1091
free(direntries[i]);
912
1092
goto fallback;
913
1093
}
1094
free(direntries[i]);
914
1095
915
1096
new_plugin->pid = pid;
916
1097
new_plugin->fd = pipefd[0];
917
1098
1099
if(debug){
1100
fprintf(stderr, "Plugin %s started (PID %" PRIdMAX ")\n",
1101
new_plugin->name, (intmax_t) (new_plugin->pid));
1102
}
1103
918
1104
/* Unblock SIGCHLD so signal handler can be run if this process
919
1105
has already completed */
920
ret = sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
1106
ret = (int)TEMP_FAILURE_RETRY(sigprocmask(SIG_UNBLOCK,
1107
&sigchld_action.sa_mask,
1108
NULL));
921
1109
if(ret < 0){
922
perror("sigprocmask");
923
exitstatus = EXIT_FAILURE;
1110
error(0, errno, "sigprocmask");
1111
exitstatus = EX_OSERR;
924
1112
goto fallback;
925
1113
}
926
1114
931
1119
}
932
1120
}
933
1121
934
closedir(dir);
935
dir = NULL;
1122
free(direntries);
1123
direntries = NULL;
1124
close(dir_fd);
1125
dir_fd = -1;
936
1126
free_plugin(getplugin(NULL));
937
1127
938
1128
for(plugin *p = plugin_list; p != NULL; p = p->next){
950
1140
while(plugin_list){
951
1141
fd_set rfds = rfds_all;
952
1142
int select_ret = select(maxfd+1, &rfds, NULL, NULL, NULL);
953
if(select_ret == -1){
954
perror("select");
955
exitstatus = EXIT_FAILURE;
1143
if(select_ret == -1 and errno != EINTR){
1144
error(0, errno, "select");
1145
exitstatus = EX_OSERR;
956
1146
goto fallback;
957
1147
}
958
1148
/* OK, now either a process completed, or something can be read
973
1163
WEXITSTATUS(proc->status));
974
1164
} else if(WIFSIGNALED(proc->status)){
975
1165
fprintf(stderr, "Plugin %s [%" PRIdMAX "] killed by"
976
" signal %d\n", proc->name,
1166
" signal %d: %s\n", proc->name,
977
1167
(intmax_t) (proc->pid),
978
WTERMSIG(proc->status));
979
} else if(WCOREDUMP(proc->status)){
980
fprintf(stderr, "Plugin %s [%" PRIdMAX "] dumped"
981
" core\n", proc->name, (intmax_t) (proc->pid));
1168
WTERMSIG(proc->status),
1169
strsignal(WTERMSIG(proc->status)));
982
1170
}
983
1171
}
984
1172
986
1174
FD_CLR(proc->fd, &rfds_all);
987
1175
988
1176
/* Block signal while modifying process_list */
989
ret = sigprocmask(SIG_BLOCK, &sigchld_action.sa_mask, NULL);
1177
ret = (int)TEMP_FAILURE_RETRY(sigprocmask
1178
(SIG_BLOCK,
1179
&sigchld_action.sa_mask,
1180
NULL));
990
1181
if(ret < 0){
991
perror("sigprocmask");
992
exitstatus = EXIT_FAILURE;
1182
error(0, errno, "sigprocmask");
1183
exitstatus = EX_OSERR;
993
1184
goto fallback;
994
1185
}
995
1186
998
1189
proc = next_plugin;
999
1190
1000
1191
/* We are done modifying process list, so unblock signal */
1001
ret = sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask,
1002
NULL);
1192
ret = (int)(TEMP_FAILURE_RETRY
1193
(sigprocmask(SIG_UNBLOCK,
1194
&sigchld_action.sa_mask, NULL)));
1003
1195
if(ret < 0){
1004
perror("sigprocmask");
1005
exitstatus = EXIT_FAILURE;
1196
error(0, errno, "sigprocmask");
1197
exitstatus = EX_OSERR;
1006
1198
goto fallback;
1007
1199
}
1008
1200
1018
1210
bool bret = print_out_password(proc->buffer,
1019
1211
proc->buffer_length);
1020
1212
if(not bret){
1021
perror("print_out_password");
1022
exitstatus = EXIT_FAILURE;
1213
error(0, errno, "print_out_password");
1214
exitstatus = EX_IOERR;
1023
1215
}
1024
1216
goto fallback;
1025
1217
}
1032
1224
}
1033
1225
/* Before reading, make the process' data buffer large enough */
1034
1226
if(proc->buffer_length + BUFFER_SIZE > proc->buffer_size){
1035
proc->buffer = realloc(proc->buffer, proc->buffer_size
1036
+ (size_t) BUFFER_SIZE);
1037
if(proc->buffer == NULL){
1038
perror("malloc");
1039
exitstatus = EXIT_FAILURE;
1227
char *new_buffer = realloc(proc->buffer, proc->buffer_size
1228
+ (size_t) BUFFER_SIZE);
1229
if(new_buffer == NULL){
1230
error(0, errno, "malloc");
1231
exitstatus = EX_OSERR;
1040
1232
goto fallback;
1041
1233
}
1234
proc->buffer = new_buffer;
1042
1235
proc->buffer_size += BUFFER_SIZE;
1043
1236
}
1044
1237
/* Read from the process */
1045
sret = read(proc->fd, proc->buffer + proc->buffer_length,
1046
BUFFER_SIZE);
1238
sret = TEMP_FAILURE_RETRY(read(proc->fd,
1239
proc->buffer
1240
+ proc->buffer_length,
1241
BUFFER_SIZE));
1047
1242
if(sret < 0){
1048
1243
/* Read error from this process; ignore the error */
1049
1244
proc = proc->next;
1061
1256
1062
1257
fallback:
1063
1258
1064
if(plugin_list == NULL or exitstatus != EXIT_SUCCESS){
1259
if(plugin_list == NULL or (exitstatus != EXIT_SUCCESS
1260
and exitstatus != EX_OK)){
1065
1261
/* Fallback if all plugins failed, none are found or an error
1066
1262
occured */
1067
1263
bool bret;
1075
1271
}
1076
1272
bret = print_out_password(passwordbuffer, len);
1077
1273
if(not bret){
1078
perror("print_out_password");
1079
exitstatus = EXIT_FAILURE;
1274
error(0, errno, "print_out_password");
1275
exitstatus = EX_IOERR;
1080
1276
}
1081
1277
}
1082
1278
1083
1279
/* Restore old signal handler */
1084
1280
ret = sigaction(SIGCHLD, &old_sigchld_action, NULL);
1085
1281
if(ret == -1){
1086
perror("sigaction");
1087
exitstatus = EXIT_FAILURE;
1282
error(0, errno, "sigaction");
1283
exitstatus = EX_OSERR;
1088
1284
}
1089
1285
1090
1286
if(custom_argv != NULL){
1094
1290
free(custom_argv);
1095
1291
}
1096
1292
1097
if(dir != NULL){
1098
closedir(dir);
1293
free(direntries);
1294
1295
if(dir_fd != -1){
1296
close(dir_fd);
1099
1297
}
1100
1298
1101
1299
/* Kill the processes */
1105
1303
ret = kill(p->pid, SIGTERM);
1106
1304
if(ret == -1 and errno != ESRCH){
1107
1305
/* Set-uid proccesses might not get closed */
1108
perror("kill");
1306
error(0, errno, "kill");
1109
1307
}
1110
1308
}
1111
1309
}
1112
1310
1113
1311
/* Wait for any remaining child processes to terminate */
1114
do{
1312
do {
1115
1313
ret = wait(NULL);
1116
1314
} while(ret >= 0);
1117
1315
if(errno != ECHILD){
1118
perror("wait");
1316
error(0, errno, "wait");
1119
1317
}
1120
1318
1121
1319
free_plugin_list();
1122
1320
1123
1321
free(plugindir);
1322
free(pluginhelperdir);
1124
1323
free(argfile);
1125
1324
1126
1325
return exitstatus;
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0