/mandos/trunk : revision 165

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugin-runner.c

Committer: Teddy Hogeborn
Date: 2008-09-05 18:37:28 UTC
Revision ID: teddy@fukt.bsnet.se-20080905183728-l0m8v3vqa302uwrw

* mandos (main): Use EAFP with pidfile.

files added:
plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

INSTALL

NEWS

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

mandos-list

mandos.lsm

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
.bzrignore

Makefile

README

TODO

clients.conf

default-mandos

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

plugin-runner.c

* Mandos plugin runner - Run Mandos plugins

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

#include <stdlib.h> /* malloc(), exit(), EXIT_FAILURE,

EXIT_SUCCESS, realloc() */

#include <stdbool.h> /* bool, true, false */

#include <stdio.h> /* perror, fileno(), fprintf(),

stderr, STDOUT_FILENO */

#include <stdio.h> /* perror, popen(), fileno(),

fprintf(), stderr, STDOUT_FILENO */

#include <sys/types.h> /* DIR, opendir(), stat(), struct

stat, waitpid(), WIFEXITED(),

WEXITSTATUS(), wait(), pid_t,

fcntl(), setuid(), setgid(),

F_GETFD, F_SETFD, FD_CLOEXEC,

access(), pipe(), fork(), close()

dup2(), STDOUT_FILENO, _exit(),

dup2, STDOUT_FILENO, _exit(),

execv(), write(), read(),

close() */

#include <fcntl.h> /* fcntl(), F_GETFD, F_SETFD,

#define PDIR "/lib/mandos/plugins.d"

#define AFILE "/conf/conf.d/mandos/plugin-runner.conf"

const char *argp_program_version = "plugin-runner " VERSION;

const char *argp_program_version = "plugin-runner 1.0";

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

struct plugin;

typedef struct plugin{

char *name; /* can be NULL or any plugin name */

char **argv;

207

208

* Descriptor Flags".

208

209

* *Note File Descriptor Flags:(libc)Descriptor Flags.

209

210

static int set_cloexec_flag(int fd){

211

static int set_cloexec_flag(int fd)

212

{

211

213

int ret = fcntl(fd, F_GETFD, 0);

212

214

/* If reading the flags failed, return error indication now. */

213

215

if(ret < 0){

220

222

221

223

/* Mark processes as completed when they exit, and save their exit

222

224

status. */

223

static void handle_sigchld(__attribute__((unused)) int sig){

225

void handle_sigchld(__attribute__((unused)) int sig){

224

226

while(true){

225

227

plugin *proc = plugin_list;

226

228

int status;

251

253

}

252

254

253

255

/* Prints out a password to stdout */

254

static bool print_out_password(const char *buffer, size_t length){

256

bool print_out_password(const char *buffer, size_t length){

255

257

ssize_t ret;

258

if(length>0 and buffer[length-1] == '\n'){

259

length--;

260

}

256

261

for(size_t written = 0; written < length; written += (size_t)ret){

257

262

ret = TEMP_FAILURE_RETRY(write(STDOUT_FILENO, buffer + written,

258

263

length - written));

309

314

struct stat st;

310

315

fd_set rfds_all;

311

316

int ret, maxfd = 0;

312

ssize_t sret;

313

317

uid_t uid = 65534;

314

318

gid_t gid = 65534;

315

319

bool debug = false;

393

397

if(arg == NULL){

394

398

break;

395

399

}

396

if(not add_environment(getplugin(NULL), arg, true)){

397

perror("add_environment");

400

{

401

char *envdef = strdup(arg);

402

if(envdef == NULL){

403

break;

404

}

405

if(not add_environment(getplugin(NULL), envdef, true)){

406

perror("add_environment");

407

}

398

408

}

399

409

break;

400

410

case 'o': /* --options-for */

428

438

if(envdef == NULL){

429

439

break;

430

440

}

431

*envdef = '\0';

432

if(not add_environment(getplugin(arg), envdef+1, true)){

441

char *p_name = strndup(arg, (size_t) (envdef-arg));

442

if(p_name == NULL){

443

break;

444

}

445

envdef++;

446

if(not add_environment(getplugin(p_name), envdef, true)){

433

447

perror("add_environment");

434

448

}

435

449

}

453

467

}

454

468

break;

455

469

case 128: /* --plugin-dir */

456

free(plugindir);

457

470

plugindir = strdup(arg);

458

471

if(plugindir == NULL){

459

472

perror("strdup");

463

476

/* This is already done by parse_opt_config_file() */

464

477

break;

465

478

case 130: /* --userid */

466

/* In the GNU C library, uid_t is always unsigned int */

467

ret = sscanf(arg, "%ud", &uid);

468

if(ret != 1){

469

fprintf(stderr, "Bad user ID number: \"%s\", using %ud\n",

470

arg, uid);

471

}

479

uid = (uid_t)strtol(arg, NULL, 10);

472

480

break;

473

481

case 131: /* --groupid */

474

/* In the GNU C library, gid_t is always unsigned int */

475

ret = sscanf(arg, "%ud", &gid);

476

if(ret != 1){

477

fprintf(stderr, "Bad group ID number: \"%s\", using %ud\n",

478

arg, gid);

479

}

482

gid = (gid_t)strtol(arg, NULL, 10);

480

483

break;

481

484

case 132: /* --debug */

482

485

debug = true;

483

486

break;

484

485

* When adding more options before this line, remember to also add a

486

* "case" to the "parse_opt_config_file" function below.

487

488

487

case ARGP_KEY_ARG:

489

/* Cryptsetup always passes an argument, which is an empty

490

string if "none" was specified in /etc/crypttab. So if

491

argument was empty, we ignore it silently. */

492

if(arg[0] != '\0'){

493

fprintf(stderr, "Ignoring unknown argument \"%s\"\n", arg);

494

}

488

fprintf(stderr, "Ignoring unknown argument \"%s\"\n", arg);

495

489

break;

496

490

case ARGP_KEY_END:

497

491

break;

516

510

case 128: /* --plugin-dir */

517

511

break;

518

512

case 129: /* --config-file */

519

free(argfile);

520

513

argfile = strdup(arg);

521

514

if(argfile == NULL){

522

515

perror("strdup");

561

554

char *org_line = NULL;

562

555

char *p, *arg, *new_arg, *line;

563

556

size_t size = 0;

557

ssize_t sret;

564

558

const char whitespace_delims[] = " \r\t\f\v\n";

565

559

const char comment_delim[] = "#";

566

560

715

709

716

710

const char const *bad_suffixes[] = { "~", "#", ".dpkg-new",

717

711

".dpkg-old",

718

".dpkg-bak",

719

712

".dpkg-divert", NULL };

720

713

for(const char **pre = bad_prefixes; *pre != NULL; pre++){

721

714

size_t pre_len = strlen(*pre);

752

745

}

753

746

754

747

char *filename;

755

if(plugindir == NULL){

756

ret = asprintf(&filename, PDIR "/%s", dirst->d_name);

757

} else {

758

ret = asprintf(&filename, "%s/%s", plugindir, dirst->d_name);

759

}

748

ret = asprintf(&filename, "%s/%s", plugindir, dirst->d_name);

760

749

if(ret < 0){

761

750

perror("asprintf");

762

751

continue;

862

851

perror("sigaction");

863

852

_exit(EXIT_FAILURE);

864

853

}

865

ret = sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);

854

ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);

866

855

if(ret < 0){

867

856

perror("sigprocmask");

868

857

_exit(EXIT_FAILURE);

869

858

}

870

859

871

860

ret = dup2(pipefd[1], STDOUT_FILENO); /* replace our stdout */

872

861

if(ret == -1){

873

862

perror("dup2");

923

912

if (maxfd < new_plugin->fd){

924

913

maxfd = new_plugin->fd;

925

914

}

915

926

916

}

927

917

928

918

closedir(dir);

929

919

dir = NULL;

930

920

931

921

for(plugin *p = plugin_list; p != NULL; p = p->next){

932

922

if(p->pid != 0){

933

923

break;

938

928

free_plugin_list();

939

929

}

940

930

}

941

931

942

932

/* Main loop while running plugins exist */

943

933

while(plugin_list){

944

934

fd_set rfds = rfds_all;

950

940

}

951

941

/* OK, now either a process completed, or something can be read

952

942

from one of them */

953

for(plugin *proc = plugin_list; proc != NULL;){

943

for(plugin *proc = plugin_list; proc != NULL; proc = proc->next){

954

944

/* Is this process completely done? */

955

945

if(proc->eof and proc->completed){

956

946

/* Only accept the plugin output if it exited cleanly */

983

973

exitstatus = EXIT_FAILURE;

984

974

goto fallback;

985

975

}

986

987

plugin *next_plugin = proc->next;

988

976

free_plugin(proc);

989

proc = next_plugin;

990

991

977

/* We are done modifying process list, so unblock signal */

992

978

ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask,

993

979

NULL);

1000

986

if(plugin_list == NULL){

1001

987

break;

1002

988

}

1003

1004

989

continue;

1005

990

}

1006

991

1007

992

/* This process exited nicely, so print its buffer */

1008

993

1009

994

bool bret = print_out_password(proc->buffer,

1010

995

proc->buffer_length);

1011

996

if(not bret){

1018

1003

/* This process has not completed. Does it have any output? */

1019

1004

if(proc->eof or not FD_ISSET(proc->fd, &rfds)){

1020

1005

/* This process had nothing to say at this time */

1021

proc = proc->next;

1022

1006

continue;

1023

1007

}

1024

1008

/* Before reading, make the process' data buffer large enough */

1033

1017

proc->buffer_size += BUFFER_SIZE;

1034

1018

}

1035

1019

/* Read from the process */

1036

sret = read(proc->fd, proc->buffer + proc->buffer_length,

1037

BUFFER_SIZE);

1038

if(sret < 0){

1020

ret = read(proc->fd, proc->buffer + proc->buffer_length,

1021

BUFFER_SIZE);

1022

if(ret < 0){

1039

1023

/* Read error from this process; ignore the error */

1040

proc = proc->next;

1041

1024

continue;

1042

1025

}

1043

if(sret == 0){

1026

if(ret == 0){

1044

1027

/* got EOF */

1045

1028

proc->eof = true;

1046

1029

} else {

1047

proc->buffer_length += (size_t) sret;

1030

proc->buffer_length += (size_t) ret;

1048

1031

}

1049

1032

}

1050

1033

}

1058

1041

bool bret;

1059

1042

fprintf(stderr, "Going to fallback mode using getpass(3)\n");

1060

1043

char *passwordbuffer = getpass("Password: ");

1061

size_t len = strlen(passwordbuffer);

1062

/* Strip trailing newline */

1063

if(len > 0 and passwordbuffer[len-1] == '\n'){

1064

passwordbuffer[len-1] = '\0'; /* not strictly necessary */

1065

len--;

1066

}

1067

bret = print_out_password(passwordbuffer, len);

1044

bret = print_out_password(passwordbuffer, strlen(passwordbuffer));

1068

1045

if(not bret){

1069

1046

perror("print_out_password");

1070

1047

exitstatus = EXIT_FAILURE;

1077

1054

perror("sigaction");

1078

1055

exitstatus = EXIT_FAILURE;

1079

1056

}

1080

1057

1081

1058

if(custom_argv != NULL){

1082

1059

for(char **arg = custom_argv+1; *arg != NULL; arg++){

1083

1060

free(*arg);

1089

1066

closedir(dir);

1090

1067

}

1091

1068

1092

/* Kill the processes */

1069

/* Free the process list and kill the processes */

1093

1070

for(plugin *p = plugin_list; p != NULL; p = p->next){

1094

1071

if(p->pid != 0){

1095

1072

close(p->fd);

1108

1085

if(errno != ECHILD){

1109

1086

perror("wait");

1110

1087

}

1111

1088

1112

1089

free_plugin_list();

1113

1090

1114

1091

free(plugindir);

Older »