To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugin-runner.c
- browse files at revision 1213
- compare with another revision
- download diff
- download tarball
- view history from revision 1213
- Committer: teddy at recompile
- Date: 2020-04-05 21:30:59 UTC
- Revision ID: teddy@recompile.se-20200405213059-fb2a61ckqynrmatk
Fix file descriptor leak in mandos-client
When the local network has Mandos servers announcing themselves using
real, globally reachable, IPv6 addresses (i.e. not link-local
addresses), but there is no router on the local network providing IPv6
RA (Router Advertisement) packets, the client cannot reach the server
by normal means, since the client only has a link-local IPv6 address,
and has no usable route to reach the server's global IPv6 address.
(This is not a common situation, and usually only happens when the
router itself reboots and runs a Mandos client, since it cannot then
give RA packets to itself.) The client code has a solution for
this, which consists of adding a temporary local route to reach the
address of the server during communication, and removing this
temporary route afterwards.
This solution with a temporary route works, but has a file descriptor
leak; it leaks one file descriptor for each addition and for each
removal of a route. If one server requiring an added route is present
on the network, but no servers gives a password, making the client
retry after the default ten seconds, and we furthermore assume a
default 1024 open files limit, the client runs out of file descriptors
after about 90 minutes, after which time the client process will be
useless and fail to retrieve any passwords, necessitating manual
password entry via the keyboard.
Fix this by eliminating the file descriptor leak in the client.
* plugins.d/mandos-client.c (add_delete_local_route): Do
close(devnull) also in parent process, also if fork() fails, and on
any failure in child process.
When the local network has Mandos servers announcing themselves using
real, globally reachable, IPv6 addresses (i.e. not link-local
addresses), but there is no router on the local network providing IPv6
RA (Router Advertisement) packets, the client cannot reach the server
by normal means, since the client only has a link-local IPv6 address,
and has no usable route to reach the server's global IPv6 address.
(This is not a common situation, and usually only happens when the
router itself reboots and runs a Mandos client, since it cannot then
give RA packets to itself.) The client code has a solution for
this, which consists of adding a temporary local route to reach the
address of the server during communication, and removing this
temporary route afterwards.
This solution with a temporary route works, but has a file descriptor
leak; it leaks one file descriptor for each addition and for each
removal of a route. If one server requiring an added route is present
on the network, but no servers gives a password, making the client
retry after the default ten seconds, and we furthermore assume a
default 1024 open files limit, the client runs out of file descriptors
after about 90 minutes, after which time the client process will be
useless and fail to retrieve any passwords, necessitating manual
password entry via the keyboard.
Fix this by eliminating the file descriptor leak in the client.
* plugins.d/mandos-client.c (add_delete_local_route): Do
close(devnull) also in parent process, also if fork() fails, and on
any failure in child process.
- files added:
- bugs.xml
- debian/tests
- debian/upstream
- dracut-module
- plugin-helpers
- files removed:
- debian/upstream-signing-key.pgp
- files modified:
- .bzrignore
added
removed
plugin-runner.c
2
2
/*
3
3
* Mandos plugin runner - Run Mandos plugins
4
4
*
5
* Copyright © 2008-2013 Teddy Hogeborn
6
* Copyright © 2008-2013 Björn Påhlsson
7
*
8
* This program is free software: you can redistribute it and/or
9
* modify it under the terms of the GNU General Public License as
10
* published by the Free Software Foundation, either version 3 of the
11
* License, or (at your option) any later version.
12
*
13
* This program is distributed in the hope that it will be useful, but
5
* Copyright © 2008-2018 Teddy Hogeborn
6
* Copyright © 2008-2018 Björn Påhlsson
7
*
8
* This file is part of Mandos.
9
*
10
* Mandos is free software: you can redistribute it and/or modify it
11
* under the terms of the GNU General Public License as published by
12
* the Free Software Foundation, either version 3 of the License, or
13
* (at your option) any later version.
14
*
15
* Mandos is distributed in the hope that it will be useful, but
14
16
* WITHOUT ANY WARRANTY; without even the implied warranty of
15
17
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16
18
* General Public License for more details.
17
19
*
18
20
* You should have received a copy of the GNU General Public License
19
* along with this program. If not, see
20
* <http://www.gnu.org/licenses/>.
21
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
21
22
*
22
23
* Contact the authors at <mandos@recompile.se>.
23
24
*/
24
25
25
26
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), getline(),
26
asprintf(), O_CLOEXEC */
27
O_CLOEXEC, pipe2() */
27
28
#include <stddef.h> /* size_t, NULL */
28
#include <stdlib.h> /* malloc(), exit(), EXIT_SUCCESS,
29
realloc() */
29
#include <stdlib.h> /* malloc(), reallocarray(), realloc(),
30
EXIT_SUCCESS, exit() */
30
31
#include <stdbool.h> /* bool, true, false */
31
32
#include <stdio.h> /* fileno(), fprintf(),
32
stderr, STDOUT_FILENO */
33
#include <sys/types.h> /* DIR, fdopendir(), stat(), struct
34
stat, waitpid(), WIFEXITED(),
35
WEXITSTATUS(), wait(), pid_t,
36
uid_t, gid_t, getuid(), getgid(),
37
dirfd() */
33
stderr, STDOUT_FILENO, fclose() */
34
#include <sys/types.h> /* fstat(), struct stat, waitpid(),
35
WIFEXITED(), WEXITSTATUS(), wait(),
36
pid_t, uid_t, gid_t, getuid(),
37
getgid() */
38
38
#include <sys/select.h> /* fd_set, select(), FD_ZERO(),
39
39
FD_SET(), FD_ISSET(), FD_CLR */
40
40
#include <sys/wait.h> /* wait(), waitpid(), WIFEXITED(),
41
WEXITSTATUS(), WTERMSIG(),
42
WCOREDUMP() */
43
#include <sys/stat.h> /* struct stat, stat(), S_ISREG() */
41
WEXITSTATUS(), WTERMSIG() */
42
#include <sys/stat.h> /* struct stat, fstat(), S_ISREG() */
44
43
#include <iso646.h> /* and, or, not */
45
#include <dirent.h> /* DIR, struct dirent, fdopendir(),
46
readdir(), closedir(), dirfd() */
47
#include <unistd.h> /* struct stat, stat(), S_ISREG(),
48
fcntl(), setuid(), setgid(),
49
F_GETFD, F_SETFD, FD_CLOEXEC,
50
access(), pipe(), fork(), close()
51
dup2(), STDOUT_FILENO, _exit(),
52
execv(), write(), read(),
53
close() */
44
#include <dirent.h> /* struct dirent, scandirat() */
45
#include <unistd.h> /* fcntl(), F_GETFD, F_SETFD,
46
FD_CLOEXEC, write(), STDOUT_FILENO,
47
struct stat, fstat(), close(),
48
setgid(), setuid(), S_ISREG(),
49
faccessat() pipe2(), fork(),
50
_exit(), dup2(), fexecve(), read()
51
*/
54
52
#include <fcntl.h> /* fcntl(), F_GETFD, F_SETFD,
55
FD_CLOEXEC */
56
#include <string.h> /* strsep, strlen(), asprintf(),
57
strsignal(), strcmp(), strncmp() */
53
FD_CLOEXEC, openat(), scandirat(),
54
pipe2() */
55
#include <string.h> /* strsep, strlen(), strsignal(),
56
strcmp(), strncmp() */
58
57
#include <errno.h> /* errno */
59
58
#include <argp.h> /* struct argp_option, struct
60
59
argp_state, struct argp,
72
71
EX_CONFIG, EX_UNAVAILABLE, EX_OK */
73
72
#include <errno.h> /* errno */
74
73
#include <error.h> /* error() */
74
#include <fnmatch.h> /* fnmatch() */
75
75
76
76
#define BUFFER_SIZE 256
77
77
78
78
#define PDIR "/lib/mandos/plugins.d"
79
#define PHDIR "/lib/mandos/plugin-helpers"
79
80
#define AFILE "/conf/conf.d/mandos/plugin-runner.conf"
80
81
81
82
const char *argp_program_version = "plugin-runner " VERSION;
178
179
/* Resize the pointed-to array to hold one more pointer */
179
180
char **new_array = NULL;
180
181
do {
181
new_array = realloc(*array, sizeof(char *)
182
* (size_t) ((*len) + 2));
182
#if defined(__GLIBC_PREREQ) and __GLIBC_PREREQ(2, 26)
183
new_array = reallocarray(*array, (size_t)((*len) + 2),
184
sizeof(char *));
185
#else
186
if(((size_t)((*len) + 2)) > (SIZE_MAX / sizeof(char *))){
187
/* overflow */
188
new_array = NULL;
189
errno = ENOMEM;
190
} else {
191
new_array = realloc(*array, (size_t)((*len) + 2)
192
* sizeof(char *));
193
}
194
#endif
183
195
} while(new_array == NULL and errno == EINTR);
184
196
/* Malloc check */
185
197
if(new_array == NULL){
240
252
return add_to_char_array(def, &(p->environ), &(p->envc));
241
253
}
242
254
255
#ifndef O_CLOEXEC
243
256
/*
244
257
* Based on the example in the GNU LibC manual chapter 13.13 "File
245
258
* Descriptor Flags".
256
269
return (int)TEMP_FAILURE_RETRY(fcntl(fd, F_SETFD,
257
270
ret | FD_CLOEXEC));
258
271
}
272
#endif /* not O_CLOEXEC */
259
273
260
274
261
275
/* Mark processes as completed when they exit, and save their exit
310
324
__attribute__((nonnull))
311
325
static void free_plugin(plugin *plugin_node){
312
326
313
for(char **arg = plugin_node->argv; *arg != NULL; arg++){
327
for(char **arg = (plugin_node->argv)+1; *arg != NULL; arg++){
314
328
free(*arg);
315
329
}
330
free(plugin_node->name);
316
331
free(plugin_node->argv);
317
332
for(char **env = plugin_node->environ; *env != NULL; env++){
318
333
free(*env);
345
360
346
361
int main(int argc, char *argv[]){
347
362
char *plugindir = NULL;
363
char *pluginhelperdir = NULL;
348
364
char *argfile = NULL;
349
365
FILE *conffp;
350
size_t d_name_len;
351
DIR *dir = NULL;
352
struct dirent *dirst;
366
struct dirent **direntries = NULL;
353
367
struct stat st;
354
368
fd_set rfds_all;
355
369
int ret, maxfd = 0;
363
377
.sa_flags = SA_NOCLDSTOP };
364
378
char **custom_argv = NULL;
365
379
int custom_argc = 0;
380
int dir_fd = -1;
366
381
367
382
/* Establish a signal handler */
368
383
sigemptyset(&sigchld_action.sa_mask);
413
428
.doc = "Group ID the plugins will run as", .group = 3 },
414
429
{ .name = "debug", .key = 132,
415
430
.doc = "Debug mode", .group = 4 },
431
{ .name = "plugin-helper-dir", .key = 133,
432
.arg = "DIRECTORY",
433
.doc = "Specify a different plugin helper directory",
434
.group = 2 },
416
435
/*
417
436
* These reproduce what we would get without ARGP_NO_HELP
418
437
*/
544
563
case 132: /* --debug */
545
564
debug = true;
546
565
break;
566
case 133: /* --plugin-helper-dir */
567
free(pluginhelperdir);
568
pluginhelperdir = strdup(arg);
569
if(pluginhelperdir != NULL){
570
errno = 0;
571
}
572
break;
547
573
/*
548
574
* These reproduce what we would get without ARGP_NO_HELP
549
575
*/
550
576
case '?': /* --help */
551
577
state->flags &= ~(unsigned int)ARGP_NO_EXIT; /* force exit */
552
578
argp_state_help(state, state->out_stream, ARGP_HELP_STD_HELP);
579
__builtin_unreachable();
553
580
case -3: /* --usage */
554
581
state->flags &= ~(unsigned int)ARGP_NO_EXIT; /* force exit */
555
582
argp_state_help(state, state->out_stream,
556
583
ARGP_HELP_USAGE | ARGP_HELP_EXIT_OK);
584
__builtin_unreachable();
557
585
case 'V': /* --version */
558
586
fprintf(state->out_stream, "%s\n", argp_program_version);
559
587
exit(EXIT_SUCCESS);
569
597
if(arg[0] == '\0'){
570
598
break;
571
599
}
600
#if __GNUC__ >= 7
601
__attribute__((fallthrough));
602
#else
603
/* FALLTHROUGH */
604
#endif
572
605
default:
573
606
return ARGP_ERR_UNKNOWN;
574
607
}
600
633
case 130: /* --userid */
601
634
case 131: /* --groupid */
602
635
case 132: /* --debug */
636
case 133: /* --plugin-helper-dir */
603
637
case '?': /* --help */
604
638
case -3: /* --usage */
605
639
case 'V': /* --version */
685
719
686
720
custom_argc += 1;
687
721
{
688
char **new_argv = realloc(custom_argv, sizeof(char *)
689
* ((unsigned int)
690
custom_argc + 1));
722
#if defined(__GLIBC_PREREQ) and __GLIBC_PREREQ(2, 26)
723
char **new_argv = reallocarray(custom_argv, (size_t)custom_argc + 1,
724
sizeof(char *));
725
#else
726
char **new_argv = NULL;
727
if(((size_t)custom_argc + 1) > (SIZE_MAX / sizeof(char *))){
728
/* overflow */
729
errno = ENOMEM;
730
} else {
731
new_argv = realloc(custom_argv, ((size_t)custom_argc + 1)
732
* sizeof(char *));
733
}
734
#endif
691
735
if(new_argv == NULL){
692
error(0, errno, "realloc");
736
error(0, errno, "reallocarray");
693
737
exitstatus = EX_OSERR;
694
738
free(new_arg);
695
739
free(org_line);
760
804
goto fallback;
761
805
}
762
806
807
{
808
char *pluginhelperenv;
809
bool bret = true;
810
ret = asprintf(&pluginhelperenv, "MANDOSPLUGINHELPERDIR=%s",
811
pluginhelperdir != NULL ? pluginhelperdir : PHDIR);
812
if(ret != -1){
813
bret = add_environment(getplugin(NULL), pluginhelperenv, true);
814
}
815
if(ret == -1 or not bret){
816
error(0, errno, "Failed to set MANDOSPLUGINHELPERDIR"
817
" environment variable to \"%s\" for all plugins\n",
818
pluginhelperdir != NULL ? pluginhelperdir : PHDIR);
819
}
820
if(ret != -1){
821
free(pluginhelperenv);
822
}
823
}
824
763
825
if(debug){
764
for(plugin *p = plugin_list; p != NULL; p=p->next){
826
for(plugin *p = plugin_list; p != NULL; p = p->next){
765
827
fprintf(stderr, "Plugin: %s has %d arguments\n",
766
828
p->name ? p->name : "Global", p->argc - 1);
767
829
for(char **a = p->argv; *a != NULL; a++){
776
838
777
839
if(getuid() == 0){
778
840
/* Work around Debian bug #633582:
779
<http://bugs.debian.org/633582> */
841
<https://bugs.debian.org/633582> */
780
842
int plugindir_fd = open(/* plugindir or */ PDIR, O_RDONLY);
781
843
if(plugindir_fd == -1){
782
error(0, errno, "open");
844
if(errno != ENOENT){
845
error(0, errno, "open(\"" PDIR "\")");
846
}
783
847
} else {
784
848
ret = (int)TEMP_FAILURE_RETRY(fstat(plugindir_fd, &st));
785
849
if(ret == -1){
792
856
}
793
857
}
794
858
}
795
TEMP_FAILURE_RETRY(close(plugindir_fd));
859
close(plugindir_fd);
796
860
}
797
861
}
798
862
808
872
809
873
/* Open plugin directory with close_on_exec flag */
810
874
{
811
int dir_fd = -1;
812
if(plugindir == NULL){
813
dir_fd = open(PDIR, O_RDONLY |
814
#ifdef O_CLOEXEC
815
O_CLOEXEC
816
#else /* not O_CLOEXEC */
817
0
818
#endif /* not O_CLOEXEC */
819
);
820
} else {
821
dir_fd = open(plugindir, O_RDONLY |
822
#ifdef O_CLOEXEC
823
O_CLOEXEC
824
#else /* not O_CLOEXEC */
825
0
826
#endif /* not O_CLOEXEC */
827
);
828
}
875
dir_fd = open(plugindir != NULL ? plugindir : PDIR, O_RDONLY |
876
#ifdef O_CLOEXEC
877
O_CLOEXEC
878
#else /* not O_CLOEXEC */
879
0
880
#endif /* not O_CLOEXEC */
881
);
829
882
if(dir_fd == -1){
830
883
error(0, errno, "Could not open plugin dir");
831
884
exitstatus = EX_UNAVAILABLE;
837
890
ret = set_cloexec_flag(dir_fd);
838
891
if(ret < 0){
839
892
error(0, errno, "set_cloexec_flag");
840
TEMP_FAILURE_RETRY(close(dir_fd));
841
893
exitstatus = EX_OSERR;
842
894
goto fallback;
843
895
}
844
896
#endif /* O_CLOEXEC */
845
846
dir = fdopendir(dir_fd);
847
if(dir == NULL){
848
error(0, errno, "Could not open plugin dir");
849
TEMP_FAILURE_RETRY(close(dir_fd));
850
exitstatus = EX_OSERR;
851
goto fallback;
897
}
898
899
int good_name(const struct dirent * const dirent){
900
const char * const patterns[] = { ".*", "#*#", "*~", "*.dpkg-new",
901
"*.dpkg-old", "*.dpkg-bak",
902
"*.dpkg-divert", NULL };
903
#ifdef __GNUC__
904
#pragma GCC diagnostic push
905
#pragma GCC diagnostic ignored "-Wcast-qual"
906
#endif
907
for(const char **pat = (const char **)patterns;
908
*pat != NULL; pat++){
909
#ifdef __GNUC__
910
#pragma GCC diagnostic pop
911
#endif
912
if(fnmatch(*pat, dirent->d_name, FNM_FILE_NAME | FNM_PERIOD)
913
!= FNM_NOMATCH){
914
if(debug){
915
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
916
" matching pattern %s\n", dirent->d_name, *pat);
917
}
918
return 0;
919
}
852
920
}
921
return 1;
922
}
923
924
int numplugins = scandirat(dir_fd, ".", &direntries, good_name,
925
alphasort);
926
if(numplugins == -1){
927
error(0, errno, "Could not scan plugin dir");
928
direntries = NULL;
929
exitstatus = EX_OSERR;
930
goto fallback;
853
931
}
854
932
855
933
FD_ZERO(&rfds_all);
856
934
857
935
/* Read and execute any executable in the plugin directory*/
858
while(true){
859
do {
860
dirst = readdir(dir);
861
} while(dirst == NULL and errno == EINTR);
862
863
/* All directory entries have been processed */
864
if(dirst == NULL){
865
if(errno == EBADF){
866
error(0, errno, "readdir");
867
exitstatus = EX_IOERR;
868
goto fallback;
869
}
870
break;
871
}
872
873
d_name_len = strlen(dirst->d_name);
874
875
/* Ignore dotfiles, backup files and other junk */
876
{
877
bool bad_name = false;
878
879
const char * const bad_prefixes[] = { ".", "#", NULL };
880
881
const char * const bad_suffixes[] = { "~", "#", ".dpkg-new",
882
".dpkg-old",
883
".dpkg-bak",
884
".dpkg-divert", NULL };
885
#ifdef __GNUC__
886
#pragma GCC diagnostic push
887
#pragma GCC diagnostic ignored "-Wcast-qual"
888
#endif
889
for(const char **pre = (const char **)bad_prefixes;
890
*pre != NULL; pre++){
891
#ifdef __GNUC__
892
#pragma GCC diagnostic pop
893
#endif
894
size_t pre_len = strlen(*pre);
895
if((d_name_len >= pre_len)
896
and strncmp((dirst->d_name), *pre, pre_len) == 0){
897
if(debug){
898
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
899
" with bad prefix %s\n", dirst->d_name, *pre);
900
}
901
bad_name = true;
902
break;
903
}
904
}
905
if(bad_name){
906
continue;
907
}
908
#ifdef __GNUC__
909
#pragma GCC diagnostic push
910
#pragma GCC diagnostic ignored "-Wcast-qual"
911
#endif
912
for(const char **suf = (const char **)bad_suffixes;
913
*suf != NULL; suf++){
914
#ifdef __GNUC__
915
#pragma GCC diagnostic pop
916
#endif
917
size_t suf_len = strlen(*suf);
918
if((d_name_len >= suf_len)
919
and (strcmp((dirst->d_name) + d_name_len-suf_len, *suf)
920
== 0)){
921
if(debug){
922
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
923
" with bad suffix %s\n", dirst->d_name, *suf);
924
}
925
bad_name = true;
926
break;
927
}
928
}
929
930
if(bad_name){
931
continue;
932
}
933
}
934
935
char *filename;
936
if(plugindir == NULL){
937
ret = (int)TEMP_FAILURE_RETRY(asprintf(&filename, PDIR "/%s",
938
dirst->d_name));
939
} else {
940
ret = (int)TEMP_FAILURE_RETRY(asprintf(&filename, "%s/%s",
941
plugindir,
942
dirst->d_name));
943
}
944
if(ret < 0){
945
error(0, errno, "asprintf");
936
for(int i = 0; i < numplugins; i++){
937
938
int plugin_fd = openat(dir_fd, direntries[i]->d_name, O_RDONLY);
939
if(plugin_fd == -1){
940
error(0, errno, "Could not open plugin");
941
free(direntries[i]);
946
942
continue;
947
943
}
948
949
ret = (int)TEMP_FAILURE_RETRY(stat(filename, &st));
944
ret = (int)TEMP_FAILURE_RETRY(fstat(plugin_fd, &st));
950
945
if(ret == -1){
951
946
error(0, errno, "stat");
952
free(filename);
947
close(plugin_fd);
948
free(direntries[i]);
953
949
continue;
954
950
}
955
951
956
952
/* Ignore non-executable files */
957
953
if(not S_ISREG(st.st_mode)
958
or (TEMP_FAILURE_RETRY(access(filename, X_OK)) != 0)){
954
or (TEMP_FAILURE_RETRY(faccessat(dir_fd, direntries[i]->d_name,
955
X_OK, 0)) != 0)){
959
956
if(debug){
960
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
961
" with bad type or mode\n", filename);
957
fprintf(stderr, "Ignoring plugin dir entry \"%s/%s\""
958
" with bad type or mode\n",
959
plugindir != NULL ? plugindir : PDIR,
960
direntries[i]->d_name);
962
961
}
963
free(filename);
962
close(plugin_fd);
963
free(direntries[i]);
964
964
continue;
965
965
}
966
966
967
plugin *p = getplugin(dirst->d_name);
967
plugin *p = getplugin(direntries[i]->d_name);
968
968
if(p == NULL){
969
969
error(0, errno, "getplugin");
970
free(filename);
970
close(plugin_fd);
971
free(direntries[i]);
971
972
continue;
972
973
}
973
974
if(p->disabled){
974
975
if(debug){
975
976
fprintf(stderr, "Ignoring disabled plugin \"%s\"\n",
976
dirst->d_name);
977
direntries[i]->d_name);
977
978
}
978
free(filename);
979
close(plugin_fd);
980
free(direntries[i]);
979
981
continue;
980
982
}
981
983
{
995
997
}
996
998
}
997
999
}
998
/* If this plugin has any environment variables, we will call
999
using execve and need to duplicate the environment from this
1000
process, too. */
1000
/* If this plugin has any environment variables, we need to
1001
duplicate the environment from this process, too. */
1001
1002
if(p->environ[0] != NULL){
1002
1003
for(char **e = environ; *e != NULL; e++){
1003
1004
if(not add_environment(p, *e, false)){
1007
1008
}
1008
1009
1009
1010
int pipefd[2];
1011
#ifndef O_CLOEXEC
1010
1012
ret = (int)TEMP_FAILURE_RETRY(pipe(pipefd));
1013
#else /* O_CLOEXEC */
1014
ret = (int)TEMP_FAILURE_RETRY(pipe2(pipefd, O_CLOEXEC));
1015
#endif /* O_CLOEXEC */
1011
1016
if(ret == -1){
1012
1017
error(0, errno, "pipe");
1013
1018
exitstatus = EX_OSERR;
1014
goto fallback;
1015
}
1019
free(direntries[i]);
1020
goto fallback;
1021
}
1022
if(pipefd[0] >= FD_SETSIZE){
1023
fprintf(stderr, "pipe()[0] (%d) >= FD_SETSIZE (%d)", pipefd[0],
1024
FD_SETSIZE);
1025
close(pipefd[0]);
1026
close(pipefd[1]);
1027
exitstatus = EX_OSERR;
1028
free(direntries[i]);
1029
goto fallback;
1030
}
1031
#ifndef O_CLOEXEC
1016
1032
/* Ask OS to automatic close the pipe on exec */
1017
1033
ret = set_cloexec_flag(pipefd[0]);
1018
1034
if(ret < 0){
1019
1035
error(0, errno, "set_cloexec_flag");
1036
close(pipefd[0]);
1037
close(pipefd[1]);
1020
1038
exitstatus = EX_OSERR;
1039
free(direntries[i]);
1021
1040
goto fallback;
1022
1041
}
1023
1042
ret = set_cloexec_flag(pipefd[1]);
1024
1043
if(ret < 0){
1025
1044
error(0, errno, "set_cloexec_flag");
1045
close(pipefd[0]);
1046
close(pipefd[1]);
1026
1047
exitstatus = EX_OSERR;
1048
free(direntries[i]);
1027
1049
goto fallback;
1028
1050
}
1051
#endif /* not O_CLOEXEC */
1029
1052
/* Block SIGCHLD until process is safely in process list */
1030
1053
ret = (int)TEMP_FAILURE_RETRY(sigprocmask(SIG_BLOCK,
1031
1054
&sigchld_action.sa_mask,
1033
1056
if(ret < 0){
1034
1057
error(0, errno, "sigprocmask");
1035
1058
exitstatus = EX_OSERR;
1059
free(direntries[i]);
1036
1060
goto fallback;
1037
1061
}
1038
1062
/* Starting a new process to be watched */
1042
1066
} while(pid == -1 and errno == EINTR);
1043
1067
if(pid == -1){
1044
1068
error(0, errno, "fork");
1069
TEMP_FAILURE_RETRY(sigprocmask(SIG_UNBLOCK,
1070
&sigchld_action.sa_mask, NULL));
1071
close(pipefd[0]);
1072
close(pipefd[1]);
1045
1073
exitstatus = EX_OSERR;
1074
free(direntries[i]);
1046
1075
goto fallback;
1047
1076
}
1048
1077
if(pid == 0){
1064
1093
_exit(EX_OSERR);
1065
1094
}
1066
1095
1067
if(dirfd(dir) < 0){
1068
/* If dir has no file descriptor, we could not set FD_CLOEXEC
1069
above and must now close it manually here. */
1070
closedir(dir);
1071
}
1072
if(p->environ[0] == NULL){
1073
if(execv(filename, p->argv) < 0){
1074
error(0, errno, "execv for %s", filename);
1075
_exit(EX_OSERR);
1076
}
1077
} else {
1078
if(execve(filename, p->argv, p->environ) < 0){
1079
error(0, errno, "execve for %s", filename);
1080
_exit(EX_OSERR);
1081
}
1096
if(fexecve(plugin_fd, p->argv,
1097
(p->environ[0] != NULL) ? p->environ : environ) < 0){
1098
error(0, errno, "fexecve for %s/%s",
1099
plugindir != NULL ? plugindir : PDIR,
1100
direntries[i]->d_name);
1101
_exit(EX_OSERR);
1082
1102
}
1083
1103
/* no return */
1084
1104
}
1085
1105
/* Parent process */
1086
TEMP_FAILURE_RETRY(close(pipefd[1])); /* Close unused write end of
1087
pipe */
1088
free(filename);
1089
plugin *new_plugin = getplugin(dirst->d_name);
1106
close(pipefd[1]); /* Close unused write end of pipe */
1107
close(plugin_fd);
1108
plugin *new_plugin = getplugin(direntries[i]->d_name);
1090
1109
if(new_plugin == NULL){
1091
1110
error(0, errno, "getplugin");
1092
1111
ret = (int)(TEMP_FAILURE_RETRY
1096
1115
error(0, errno, "sigprocmask");
1097
1116
}
1098
1117
exitstatus = EX_OSERR;
1118
free(direntries[i]);
1099
1119
goto fallback;
1100
1120
}
1121
free(direntries[i]);
1101
1122
1102
1123
new_plugin->pid = pid;
1103
1124
new_plugin->fd = pipefd[0];
1104
1125
1126
if(debug){
1127
fprintf(stderr, "Plugin %s started (PID %" PRIdMAX ")\n",
1128
new_plugin->name, (intmax_t) (new_plugin->pid));
1129
}
1130
1105
1131
/* Unblock SIGCHLD so signal handler can be run if this process
1106
1132
has already completed */
1107
1133
ret = (int)TEMP_FAILURE_RETRY(sigprocmask(SIG_UNBLOCK,
1113
1139
goto fallback;
1114
1140
}
1115
1141
1116
#if defined (__GNUC__) and defined (__GLIBC__)
1117
#if not __GLIBC_PREREQ(2, 16)
1118
#pragma GCC diagnostic push
1119
#pragma GCC diagnostic ignored "-Wsign-conversion"
1120
#endif
1121
#endif
1122
FD_SET(new_plugin->fd, &rfds_all); /* Spurious warning from
1123
-Wconversion in GNU libc
1124
before 2.16 */
1125
#if defined (__GNUC__) and defined (__GLIBC__)
1126
#if not __GLIBC_PREREQ(2, 16)
1127
#pragma GCC diagnostic pop
1128
#endif
1129
#endif
1142
FD_SET(new_plugin->fd, &rfds_all);
1130
1143
1131
1144
if(maxfd < new_plugin->fd){
1132
1145
maxfd = new_plugin->fd;
1133
1146
}
1134
1147
}
1135
1148
1136
TEMP_FAILURE_RETRY(closedir(dir));
1137
dir = NULL;
1149
free(direntries);
1150
direntries = NULL;
1151
close(dir_fd);
1152
dir_fd = -1;
1138
1153
free_plugin(getplugin(NULL));
1139
1154
1140
1155
for(plugin *p = plugin_list; p != NULL; p = p->next){
1179
1194
(intmax_t) (proc->pid),
1180
1195
WTERMSIG(proc->status),
1181
1196
strsignal(WTERMSIG(proc->status)));
1182
} else if(WCOREDUMP(proc->status)){
1183
fprintf(stderr, "Plugin %s [%" PRIdMAX "] dumped"
1184
" core\n", proc->name, (intmax_t) (proc->pid));
1185
1197
}
1186
1198
}
1187
1199
1188
1200
/* Remove the plugin */
1189
#if defined (__GNUC__) and defined (__GLIBC__)
1190
#if not __GLIBC_PREREQ(2, 16)
1191
#pragma GCC diagnostic push
1192
#pragma GCC diagnostic ignored "-Wsign-conversion"
1193
#endif
1194
#endif
1195
FD_CLR(proc->fd, &rfds_all); /* Spurious warning from
1196
-Wconversion in GNU libc
1197
before 2.16 */
1198
#if defined (__GNUC__) and defined (__GLIBC__)
1199
#if not __GLIBC_PREREQ(2, 16)
1200
#pragma GCC diagnostic pop
1201
#endif
1202
#endif
1201
FD_CLR(proc->fd, &rfds_all);
1203
1202
1204
1203
/* Block signal while modifying process_list */
1205
1204
ret = (int)TEMP_FAILURE_RETRY(sigprocmask
1245
1244
}
1246
1245
1247
1246
/* This process has not completed. Does it have any output? */
1248
#if defined (__GNUC__) and defined (__GLIBC__)
1249
#if not __GLIBC_PREREQ(2, 16)
1250
#pragma GCC diagnostic push
1251
#pragma GCC diagnostic ignored "-Wsign-conversion"
1252
#endif
1253
#endif
1254
if(proc->eof or not FD_ISSET(proc->fd, &rfds)){ /* Spurious
1255
warning from
1256
-Wconversion
1257
in GNU libc
1258
before
1259
2.16 */
1260
#if defined (__GNUC__) and defined (__GLIBC__)
1261
#if not __GLIBC_PREREQ(2, 16)
1262
#pragma GCC diagnostic pop
1263
#endif
1264
#endif
1247
if(proc->eof or not FD_ISSET(proc->fd, &rfds)){
1265
1248
/* This process had nothing to say at this time */
1266
1249
proc = proc->next;
1267
1250
continue;
1334
1317
free(custom_argv);
1335
1318
}
1336
1319
1337
if(dir != NULL){
1338
closedir(dir);
1320
free(direntries);
1321
1322
if(dir_fd != -1){
1323
close(dir_fd);
1339
1324
}
1340
1325
1341
1326
/* Kill the processes */
1361
1346
free_plugin_list();
1362
1347
1363
1348
free(plugindir);
1349
free(pluginhelperdir);
1364
1350
free(argfile);
1365
1351
1366
1352
return exitstatus;
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0