To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugin-runner.c
- browse files at revision 237.4.42
- compare with another revision
- download diff
- download tarball
- view history from revision 237.4.42
- Committer: Teddy Hogeborn
- Date: 2014-05-11 20:10:08 UTC
- mfrom: (681 trunk)
- mto: This revision was merged to the branch mainline in revision 682.
- Revision ID: teddy@recompile.se-20140511201008-sriicp4qxr03uhln
Merge from trunk.
- files added:
- debian/upstream
- files modified:
- Makefile
added
removed
plugin-runner.c
2
2
/*
3
3
* Mandos plugin runner - Run Mandos plugins
4
4
*
5
* Copyright © 2008-2013 Teddy Hogeborn
6
* Copyright © 2008-2013 Björn Påhlsson
5
* Copyright © 2008-2014 Teddy Hogeborn
6
* Copyright © 2008-2014 Björn Påhlsson
7
7
*
8
8
* This program is free software: you can redistribute it and/or
9
9
* modify it under the terms of the GNU General Public License as
23
23
*/
24
24
25
25
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), getline(),
26
asprintf(), O_CLOEXEC */
26
O_CLOEXEC */
27
27
#include <stddef.h> /* size_t, NULL */
28
28
#include <stdlib.h> /* malloc(), exit(), EXIT_SUCCESS,
29
29
realloc() */
30
30
#include <stdbool.h> /* bool, true, false */
31
31
#include <stdio.h> /* fileno(), fprintf(),
32
stderr, STDOUT_FILENO */
33
#include <sys/types.h> /* DIR, fdopendir(), stat(), struct
32
stderr, STDOUT_FILENO, fclose() */
33
#include <sys/types.h> /* DIR, fdopendir(), fstat(), struct
34
34
stat, waitpid(), WIFEXITED(),
35
35
WEXITSTATUS(), wait(), pid_t,
36
36
uid_t, gid_t, getuid(), getgid(),
40
40
#include <sys/wait.h> /* wait(), waitpid(), WIFEXITED(),
41
41
WEXITSTATUS(), WTERMSIG(),
42
42
WCOREDUMP() */
43
#include <sys/stat.h> /* struct stat, stat(), S_ISREG() */
43
#include <sys/stat.h> /* struct stat, fstat(), S_ISREG() */
44
44
#include <iso646.h> /* and, or, not */
45
45
#include <dirent.h> /* DIR, struct dirent, fdopendir(),
46
46
readdir(), closedir(), dirfd() */
47
#include <unistd.h> /* struct stat, stat(), S_ISREG(),
48
fcntl(), setuid(), setgid(),
49
F_GETFD, F_SETFD, FD_CLOEXEC,
50
access(), pipe(), fork(), close()
51
dup2(), STDOUT_FILENO, _exit(),
52
execv(), write(), read(),
53
close() */
47
#include <unistd.h> /* fcntl(), F_GETFD, F_SETFD,
48
FD_CLOEXEC, write(), STDOUT_FILENO,
49
struct stat, fstat(), close(),
50
setgid(), setuid(), S_ISREG(),
51
faccessat() pipe(), fork(),
52
_exit(), dup2(), fexecve(), read()
53
*/
54
54
#include <fcntl.h> /* fcntl(), F_GETFD, F_SETFD,
55
FD_CLOEXEC */
56
#include <string.h> /* strsep, strlen(), asprintf(),
57
strsignal(), strcmp(), strncmp() */
55
FD_CLOEXEC, openat() */
56
#include <string.h> /* strsep, strlen(), strsignal(),
57
strcmp(), strncmp() */
58
58
#include <errno.h> /* errno */
59
59
#include <argp.h> /* struct argp_option, struct
60
60
argp_state, struct argp,
72
72
EX_CONFIG, EX_UNAVAILABLE, EX_OK */
73
73
#include <errno.h> /* errno */
74
74
#include <error.h> /* error() */
75
#include <fnmatch.h> /* fnmatch() */
75
76
76
77
#define BUFFER_SIZE 256
77
78
105
106
106
107
/* Gets an existing plugin based on name,
107
108
or if none is found, creates a new one */
109
__attribute__((warn_unused_result))
108
110
static plugin *getplugin(char *name){
109
111
/* Check for existing plugin with that name */
110
112
for(plugin *p = plugin_list; p != NULL; p = p->next){
171
173
}
172
174
173
175
/* Helper function for add_argument and add_environment */
174
__attribute__((nonnull))
176
__attribute__((nonnull, warn_unused_result))
175
177
static bool add_to_char_array(const char *new, char ***array,
176
178
int *len){
177
179
/* Resize the pointed-to array to hold one more pointer */
180
char **new_array = NULL;
178
181
do {
179
*array = realloc(*array, sizeof(char *)
180
* (size_t) ((*len) + 2));
181
} while(*array == NULL and errno == EINTR);
182
new_array = realloc(*array, sizeof(char *)
183
* (size_t) ((*len) + 2));
184
} while(new_array == NULL and errno == EINTR);
182
185
/* Malloc check */
183
if(*array == NULL){
186
if(new_array == NULL){
184
187
return false;
185
188
}
189
*array = new_array;
186
190
/* Make a copy of the new string */
187
191
char *copy;
188
192
do {
200
204
}
201
205
202
206
/* Add to a plugin's argument vector */
203
__attribute__((nonnull(2)))
207
__attribute__((nonnull(2), warn_unused_result))
204
208
static bool add_argument(plugin *p, const char *arg){
205
209
if(p == NULL){
206
210
return false;
209
213
}
210
214
211
215
/* Add to a plugin's environment */
212
__attribute__((nonnull(2)))
216
__attribute__((nonnull(2), warn_unused_result))
213
217
static bool add_environment(plugin *p, const char *def, bool replace){
214
218
if(p == NULL){
215
219
return false;
217
221
/* namelen = length of name of environment variable */
218
222
size_t namelen = (size_t)(strchrnul(def, '=') - def);
219
223
/* Search for this environment variable */
220
for(char **e = p->environ; *e != NULL; e++){
221
if(strncmp(*e, def, namelen + 1) == 0){
224
for(char **envdef = p->environ; *envdef != NULL; envdef++){
225
if(strncmp(*envdef, def, namelen + 1) == 0){
222
226
/* It already exists */
223
227
if(replace){
224
char *new;
228
char *new_envdef;
225
229
do {
226
new = realloc(*e, strlen(def) + 1);
227
} while(new == NULL and errno == EINTR);
228
if(new == NULL){
230
new_envdef = realloc(*envdef, strlen(def) + 1);
231
} while(new_envdef == NULL and errno == EINTR);
232
if(new_envdef == NULL){
229
233
return false;
230
234
}
231
*e = new;
232
strcpy(*e, def);
235
*envdef = new_envdef;
236
strcpy(*envdef, def);
233
237
}
234
238
return true;
235
239
}
242
246
* Descriptor Flags".
243
247
| [[info:libc:Descriptor%20Flags][File Descriptor Flags]] |
244
248
*/
249
__attribute__((warn_unused_result))
245
250
static int set_cloexec_flag(int fd){
246
251
int ret = (int)TEMP_FAILURE_RETRY(fcntl(fd, F_GETFD, 0));
247
252
/* If reading the flags failed, return error indication now. */
289
294
}
290
295
291
296
/* Prints out a password to stdout */
292
__attribute__((nonnull))
297
__attribute__((nonnull, warn_unused_result))
293
298
static bool print_out_password(const char *buffer, size_t length){
294
299
ssize_t ret;
295
300
for(size_t written = 0; written < length; written += (size_t)ret){
343
348
char *plugindir = NULL;
344
349
char *argfile = NULL;
345
350
FILE *conffp;
346
size_t d_name_len;
347
351
DIR *dir = NULL;
348
352
struct dirent *dirst;
349
353
struct stat st;
359
363
.sa_flags = SA_NOCLDSTOP };
360
364
char **custom_argv = NULL;
361
365
int custom_argc = 0;
366
int dir_fd;
362
367
363
368
/* Establish a signal handler */
364
369
sigemptyset(&sigchld_action.sa_mask);
435
440
break;
436
441
}
437
442
}
443
errno = 0;
438
444
}
439
445
break;
440
446
case 'G': /* --global-env */
441
add_environment(getplugin(NULL), arg, true);
447
if(add_environment(getplugin(NULL), arg, true)){
448
errno = 0;
449
}
442
450
break;
443
451
case 'o': /* --options-for */
444
452
{
461
469
break;
462
470
}
463
471
}
472
errno = 0;
464
473
}
465
474
break;
466
475
case 'E': /* --env-for */
478
487
errno = EINVAL;
479
488
break;
480
489
}
481
add_environment(getplugin(arg), envdef, true);
490
if(add_environment(getplugin(arg), envdef, true)){
491
errno = 0;
492
}
482
493
}
483
494
break;
484
495
case 'd': /* --disable */
486
497
plugin *p = getplugin(arg);
487
498
if(p != NULL){
488
499
p->disabled = true;
500
errno = 0;
489
501
}
490
502
}
491
503
break;
494
506
plugin *p = getplugin(arg);
495
507
if(p != NULL){
496
508
p->disabled = false;
509
errno = 0;
497
510
}
498
511
}
499
512
break;
500
513
case 128: /* --plugin-dir */
501
514
free(plugindir);
502
515
plugindir = strdup(arg);
516
if(plugindir != NULL){
517
errno = 0;
518
}
503
519
break;
504
520
case 129: /* --config-file */
505
521
/* This is already done by parse_opt_config_file() */
513
529
break;
514
530
}
515
531
uid = (uid_t)tmp_id;
532
errno = 0;
516
533
break;
517
534
case 131: /* --groupid */
518
535
tmp_id = strtoimax(arg, &tmp, 10);
523
540
break;
524
541
}
525
542
gid = (gid_t)tmp_id;
543
errno = 0;
526
544
break;
527
545
case 132: /* --debug */
528
546
debug = true;
576
594
case 129: /* --config-file */
577
595
free(argfile);
578
596
argfile = strdup(arg);
597
if(argfile != NULL){
598
errno = 0;
599
}
579
600
break;
580
601
case 130: /* --userid */
581
602
case 131: /* --groupid */
664
685
}
665
686
666
687
custom_argc += 1;
667
custom_argv = realloc(custom_argv, sizeof(char *)
668
* ((unsigned int) custom_argc + 1));
669
if(custom_argv == NULL){
670
error(0, errno, "realloc");
671
exitstatus = EX_OSERR;
672
free(org_line);
673
goto fallback;
688
{
689
char **new_argv = realloc(custom_argv, sizeof(char *)
690
* ((unsigned int)
691
custom_argc + 1));
692
if(new_argv == NULL){
693
error(0, errno, "realloc");
694
exitstatus = EX_OSERR;
695
free(new_arg);
696
free(org_line);
697
goto fallback;
698
} else {
699
custom_argv = new_argv;
700
}
674
701
}
675
702
custom_argv[custom_argc-1] = new_arg;
676
703
custom_argv[custom_argc] = NULL;
753
780
<http://bugs.debian.org/633582> */
754
781
int plugindir_fd = open(/* plugindir or */ PDIR, O_RDONLY);
755
782
if(plugindir_fd == -1){
756
error(0, errno, "open");
783
if(errno != ENOENT){
784
error(0, errno, "open(\"" PDIR "\")");
785
}
757
786
} else {
758
787
ret = (int)TEMP_FAILURE_RETRY(fstat(plugindir_fd, &st));
759
788
if(ret == -1){
782
811
783
812
/* Open plugin directory with close_on_exec flag */
784
813
{
785
int dir_fd = -1;
786
if(plugindir == NULL){
787
dir_fd = open(PDIR, O_RDONLY |
788
#ifdef O_CLOEXEC
789
O_CLOEXEC
790
#else /* not O_CLOEXEC */
791
0
792
#endif /* not O_CLOEXEC */
793
);
794
} else {
795
dir_fd = open(plugindir, O_RDONLY |
796
#ifdef O_CLOEXEC
797
O_CLOEXEC
798
#else /* not O_CLOEXEC */
799
0
800
#endif /* not O_CLOEXEC */
801
);
802
}
814
dir_fd = open(plugindir != NULL ? plugindir : PDIR, O_RDONLY |
815
#ifdef O_CLOEXEC
816
O_CLOEXEC
817
#else /* not O_CLOEXEC */
818
0
819
#endif /* not O_CLOEXEC */
820
);
803
821
if(dir_fd == -1){
804
822
error(0, errno, "Could not open plugin dir");
805
823
exitstatus = EX_UNAVAILABLE;
844
862
break;
845
863
}
846
864
847
d_name_len = strlen(dirst->d_name);
848
849
865
/* Ignore dotfiles, backup files and other junk */
850
866
{
851
867
bool bad_name = false;
852
853
const char const *bad_prefixes[] = { ".", "#", NULL };
854
855
const char const *bad_suffixes[] = { "~", "#", ".dpkg-new",
856
".dpkg-old",
857
".dpkg-bak",
858
".dpkg-divert", NULL };
859
for(const char **pre = bad_prefixes; *pre != NULL; pre++){
860
size_t pre_len = strlen(*pre);
861
if((d_name_len >= pre_len)
862
and strncmp((dirst->d_name), *pre, pre_len) == 0){
863
if(debug){
864
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
865
" with bad prefix %s\n", dirst->d_name, *pre);
866
}
867
bad_name = true;
868
break;
869
}
870
}
871
if(bad_name){
872
continue;
873
}
874
for(const char **suf = bad_suffixes; *suf != NULL; suf++){
875
size_t suf_len = strlen(*suf);
876
if((d_name_len >= suf_len)
877
and (strcmp((dirst->d_name) + d_name_len-suf_len, *suf)
878
== 0)){
879
if(debug){
880
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
881
" with bad suffix %s\n", dirst->d_name, *suf);
882
}
883
bad_name = true;
884
break;
885
}
886
}
887
868
const char * const patterns[] = { ".*", "#*#", "*~",
869
"*.dpkg-new", "*.dpkg-old",
870
"*.dpkg-bak", "*.dpkg-divert",
871
NULL };
872
#ifdef __GNUC__
873
#pragma GCC diagnostic push
874
#pragma GCC diagnostic ignored "-Wcast-qual"
875
#endif
876
for(const char **pat = (const char **)patterns;
877
*pat != NULL; pat++){
878
#ifdef __GNUC__
879
#pragma GCC diagnostic pop
880
#endif
881
if(fnmatch(*pat, dirst->d_name,
882
FNM_FILE_NAME | FNM_PERIOD) != FNM_NOMATCH){
883
if(debug){
884
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
885
" matching pattern %s\n", dirst->d_name, *pat);
886
}
887
bad_name = true;
888
break;
889
}
890
}
888
891
if(bad_name){
889
892
continue;
890
893
}
891
894
}
892
895
893
char *filename;
894
if(plugindir == NULL){
895
ret = (int)TEMP_FAILURE_RETRY(asprintf(&filename, PDIR "/%s",
896
dirst->d_name));
897
} else {
898
ret = (int)TEMP_FAILURE_RETRY(asprintf(&filename, "%s/%s",
899
plugindir,
900
dirst->d_name));
896
int plugin_fd = openat(dir_fd, dirst->d_name, O_RDONLY |
897
#ifdef O_CLOEXEC
898
O_CLOEXEC
899
#else /* not O_CLOEXEC */
900
0
901
#endif /* not O_CLOEXEC */
902
);
903
if(plugin_fd == -1){
904
error(0, errno, "Could not open plugin");
905
continue;
901
906
}
907
#ifndef O_CLOEXEC
908
/* Set the FD_CLOEXEC flag on the plugin FD */
909
ret = set_cloexec_flag(plugin_fd);
902
910
if(ret < 0){
903
error(0, errno, "asprintf");
911
error(0, errno, "set_cloexec_flag");
912
TEMP_FAILURE_RETRY(close(plugin_fd));
904
913
continue;
905
914
}
906
907
ret = (int)TEMP_FAILURE_RETRY(stat(filename, &st));
915
#endif /* O_CLOEXEC */
916
ret = (int)TEMP_FAILURE_RETRY(fstat(plugin_fd, &st));
908
917
if(ret == -1){
909
918
error(0, errno, "stat");
910
free(filename);
919
TEMP_FAILURE_RETRY(close(plugin_fd));
911
920
continue;
912
921
}
913
922
914
923
/* Ignore non-executable files */
915
924
if(not S_ISREG(st.st_mode)
916
or (TEMP_FAILURE_RETRY(access(filename, X_OK)) != 0)){
925
or (TEMP_FAILURE_RETRY(faccessat(dir_fd, dirst->d_name, X_OK,
926
0)) != 0)){
917
927
if(debug){
918
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
919
" with bad type or mode\n", filename);
928
fprintf(stderr, "Ignoring plugin dir entry \"%s/%s\""
929
" with bad type or mode\n",
930
plugindir != NULL ? plugindir : PDIR, dirst->d_name);
920
931
}
921
free(filename);
932
TEMP_FAILURE_RETRY(close(plugin_fd));
922
933
continue;
923
934
}
924
935
925
936
plugin *p = getplugin(dirst->d_name);
926
937
if(p == NULL){
927
938
error(0, errno, "getplugin");
928
free(filename);
939
TEMP_FAILURE_RETRY(close(plugin_fd));
929
940
continue;
930
941
}
931
942
if(p->disabled){
933
944
fprintf(stderr, "Ignoring disabled plugin \"%s\"\n",
934
945
dirst->d_name);
935
946
}
936
free(filename);
947
TEMP_FAILURE_RETRY(close(plugin_fd));
937
948
continue;
938
949
}
939
950
{
953
964
}
954
965
}
955
966
}
956
/* If this plugin has any environment variables, we will call
957
using execve and need to duplicate the environment from this
958
process, too. */
967
/* If this plugin has any environment variables, we need to
968
duplicate the environment from this process, too. */
959
969
if(p->environ[0] != NULL){
960
970
for(char **e = environ; *e != NULL; e++){
961
971
if(not add_environment(p, *e, false)){
1027
1037
above and must now close it manually here. */
1028
1038
closedir(dir);
1029
1039
}
1030
if(p->environ[0] == NULL){
1031
if(execv(filename, p->argv) < 0){
1032
error(0, errno, "execv for %s", filename);
1033
_exit(EX_OSERR);
1034
}
1035
} else {
1036
if(execve(filename, p->argv, p->environ) < 0){
1037
error(0, errno, "execve for %s", filename);
1038
_exit(EX_OSERR);
1039
}
1040
if(fexecve(plugin_fd, p->argv,
1041
(p->environ[0] != NULL) ? p->environ : environ) < 0){
1042
error(0, errno, "fexecve for %s/%s",
1043
plugindir != NULL ? plugindir : PDIR, dirst->d_name);
1044
_exit(EX_OSERR);
1040
1045
}
1041
1046
/* no return */
1042
1047
}
1043
1048
/* Parent process */
1044
1049
TEMP_FAILURE_RETRY(close(pipefd[1])); /* Close unused write end of
1045
1050
pipe */
1046
free(filename);
1051
TEMP_FAILURE_RETRY(close(plugin_fd));
1047
1052
plugin *new_plugin = getplugin(dirst->d_name);
1048
1053
if(new_plugin == NULL){
1049
1054
error(0, errno, "getplugin");
1226
1231
}
1227
1232
/* Before reading, make the process' data buffer large enough */
1228
1233
if(proc->buffer_length + BUFFER_SIZE > proc->buffer_size){
1229
proc->buffer = realloc(proc->buffer, proc->buffer_size
1230
+ (size_t) BUFFER_SIZE);
1231
if(proc->buffer == NULL){
1234
char *new_buffer = realloc(proc->buffer, proc->buffer_size
1235
+ (size_t) BUFFER_SIZE);
1236
if(new_buffer == NULL){
1232
1237
error(0, errno, "malloc");
1233
1238
exitstatus = EX_OSERR;
1234
1239
goto fallback;
1235
1240
}
1241
proc->buffer = new_buffer;
1236
1242
proc->buffer_size += BUFFER_SIZE;
1237
1243
}
1238
1244
/* Read from the process */
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0