To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugbasedclient.c
- browse files at revision 24.1.4
- compare with another revision
- download diff
- download tarball
- view history from revision 24.1.4
- Committer: Björn Påhlsson
- Date: 2008-07-30 02:11:33 UTC
- mto: (24.1.154 mandos) (237.4.3 mandos-release)
- mto: This revision was merged to the branch mainline in revision 30.
- Revision ID: belorn@braxen-20080730021133-q341llq93r328q5b
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
- files added:
- ca.pem
- files removed:
- COPYING
- files renamed:
- clients.conf => mandos-clients.conf
- mandos-client.c => plugbasedclient.c
- plugins.d/password-request.c => plugins.d/mandosclient.c
- plugins.d/password-prompt.c => plugins.d/passprompt.c
- mandos => server.py
- files modified:
- Makefile
added
removed
plugbasedclient.c
2
2
/*
3
3
* Mandos plugin runner - Run Mandos plugins
4
4
*
5
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
5
* Copyright © 2007-2008 Teddy Hogeborn and Björn Påhlsson.
6
6
*
7
7
* This program is free software: you can redistribute it and/or
8
8
* modify it under the terms of the GNU General Public License as
18
18
* along with this program. If not, see
19
19
* <http://www.gnu.org/licenses/>.
20
20
*
21
* Contact the authors at <mandos@fukt.bsnet.se>.
21
* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and
22
* <https://www.fukt.bsnet.se/~teddy/>.
22
23
*/
23
24
24
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */
25
26
#include <stddef.h> /* size_t, NULL */
27
#include <stdlib.h> /* malloc(), exit(), EXIT_FAILURE,
28
EXIT_SUCCESS, realloc() */
29
#include <stdbool.h> /* bool, true, false */
30
#include <stdio.h> /* perror, popen(), fileno(),
31
fprintf(), stderr, STDOUT_FILENO */
32
#include <sys/types.h> /* DIR, opendir(), stat(), struct
33
stat, waitpid(), WIFEXITED(),
34
WEXITSTATUS(), wait(), pid_t,
35
uid_t, gid_t, getuid(), getgid(),
36
dirfd() */
37
#include <sys/select.h> /* fd_set, select(), FD_ZERO(),
38
FD_SET(), FD_ISSET(), FD_CLR */
39
#include <sys/wait.h> /* wait(), waitpid(), WIFEXITED(),
40
WEXITSTATUS() */
41
#include <sys/stat.h> /* struct stat, stat(), S_ISREG() */
42
#include <iso646.h> /* and, or, not */
43
#include <dirent.h> /* DIR, struct dirent, opendir(),
44
readdir(), closedir(), dirfd() */
45
#include <unistd.h> /* struct stat, stat(), S_ISREG(),
46
fcntl(), setuid(), setgid(),
47
F_GETFD, F_SETFD, FD_CLOEXEC,
48
access(), pipe(), fork(), close()
49
dup2, STDOUT_FILENO, _exit(),
50
execv(), write(), read(),
51
close() */
52
#include <fcntl.h> /* fcntl(), F_GETFD, F_SETFD,
53
FD_CLOEXEC */
54
#include <string.h> /* strsep, strlen(), strcpy(),
55
strcat() */
56
#include <errno.h> /* errno */
57
#include <argp.h> /* struct argp_option, struct
58
argp_state, struct argp,
59
argp_parse(), ARGP_ERR_UNKNOWN,
60
ARGP_KEY_END, ARGP_KEY_ARG, error_t */
61
#include <signal.h> /* struct sigaction, sigemptyset(),
62
sigaddset(), sigaction(),
63
sigprocmask(), SIG_BLOCK, SIGCHLD,
64
SIG_UNBLOCK, kill() */
65
#include <errno.h> /* errno, EBADF */
66
67
#define BUFFER_SIZE 256
68
#define CONFFILE "/conf/conf.d/mandos/client.conf"
69
70
const char *argp_program_version = "mandos-client 1.0";
71
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
25
#define _FORTIFY_SOURCE 2
26
27
#include <stdio.h> /* popen, fileno */
28
#include <iso646.h> /* and, or, not */
29
#include <sys/types.h> /* DIR, opendir, stat, struct stat, waitpid,
30
WIFEXITED, WEXITSTATUS, wait */
31
#include <sys/wait.h> /* wait */
32
#include <dirent.h> /* DIR, opendir */
33
#include <sys/stat.h> /* stat, struct stat */
34
#include <unistd.h> /* stat, struct stat, chdir */
35
#include <stdlib.h> /* EXIT_FAILURE */
36
#include <sys/select.h> /* fd_set, select, FD_ZERO, FD_SET,
37
FD_ISSET */
38
#include <string.h> /* strlen, strcpy, strcat */
39
#include <stdbool.h> /* true */
40
#include <sys/wait.h> /* waitpid, WIFEXITED, WEXITSTATUS */
41
#include <errno.h> /* errno */
42
#include <argp.h> /* argp */
72
43
73
44
struct process;
74
45
78
49
char *buffer;
79
50
size_t buffer_size;
80
51
size_t buffer_length;
81
bool eof;
82
bool completed;
83
int status;
84
52
struct process *next;
85
53
} process;
86
54
87
55
typedef struct plugin{
88
char *name; /* can be NULL or any plugin name */
56
char *name; /* can be "global" and any plugin name */
89
57
char **argv;
90
58
int argc;
91
bool disabled;
92
59
struct plugin *next;
93
60
} plugin;
94
61
95
static plugin *getplugin(char *name, plugin **plugin_list){
62
plugin *getplugin(char *name, plugin **plugin_list){
96
63
for (plugin *p = *plugin_list; p != NULL; p = p->next){
97
64
if ((p->name == name)
98
65
or (p->name and name and (strcmp(p->name, name) == 0))){
114
81
new_plugin->argv[0] = name;
115
82
new_plugin->argv[1] = NULL;
116
83
new_plugin->argc = 1;
117
new_plugin->disabled = false;
84
/* Append the new plugin to the list */
118
85
new_plugin->next = *plugin_list;
119
/* Append the new plugin to the list */
120
86
*plugin_list = new_plugin;
121
87
return new_plugin;
122
88
}
123
89
124
static void addargument(plugin *p, char *arg){
90
void addarguments(plugin *p, char *arg){
125
91
p->argv[p->argc] = arg;
126
92
p->argv = realloc(p->argv, sizeof(char *) * (size_t)(p->argc + 2));
127
93
if (p->argv == NULL){
131
97
p->argc++;
132
98
p->argv[p->argc] = NULL;
133
99
}
134
135
/*
136
* Based on the example in the GNU LibC manual chapter 13.13 "File
137
* Descriptor Flags".
138
* *Note File Descriptor Flags:(libc)Descriptor Flags.
139
*/
140
static int set_cloexec_flag(int fd)
141
{
142
int ret = fcntl(fd, F_GETFD, 0);
143
/* If reading the flags failed, return error indication now. */
144
if(ret < 0){
145
return ret;
146
}
147
/* Store modified flag word in the descriptor. */
148
return fcntl(fd, F_SETFD, ret | FD_CLOEXEC);
149
}
150
151
process *process_list = NULL;
152
153
/* Mark a process as completed when it exits, and save its exit
154
status. */
155
void handle_sigchld(__attribute__((unused)) int sig){
156
process *proc = process_list;
157
int status;
158
pid_t pid = wait(&status);
159
if(pid == -1){
160
perror("wait");
161
return;
162
}
163
while(proc != NULL and proc->pid != pid){
164
proc = proc->next;
165
}
166
if(proc == NULL){
167
/* Process not found in process list */
168
return;
169
}
170
proc->status = status;
171
proc->completed = true;
172
}
173
174
bool print_out_password(const char *buffer, size_t length){
175
ssize_t ret;
176
if(length>0 and buffer[length-1] == '\n'){
177
length--;
178
}
179
for(size_t written = 0; written < length; written += (size_t)ret){
180
ret = TEMP_FAILURE_RETRY(write(STDOUT_FILENO, buffer + written,
181
length - written));
182
if(ret < 0){
183
return false;
184
}
185
}
186
return true;
187
}
188
189
char ** addcustomargument(char **argv, int *argc, char *arg){
190
191
if (argv == NULL){
192
*argc = 1;
193
argv = malloc(sizeof(char*) * 2);
194
if(argv == NULL){
195
return NULL;
196
}
197
argv[0] = NULL; /* Will be set to argv[0] in main before parsing */
198
argv[1] = NULL;
199
}
200
*argc += 1;
201
argv = realloc(argv, sizeof(char *)
202
* ((unsigned int) *argc + 1));
203
if(argv == NULL){
204
return NULL;
205
}
206
argv[*argc-1] = arg;
207
argv[*argc] = NULL;
208
return argv;
209
}
100
101
#define BUFFER_SIZE 256
102
103
const char *argp_program_version =
104
"plugbasedclient 0.9";
105
const char *argp_program_bug_address =
106
"<mandos@fukt.bsnet.se>";
107
static char doc[] =
108
"Mandos plugin runner -- Run Mandos plugins";
109
/* A description of the arguments we accept. */
110
static char args_doc[] = "";
210
111
211
112
int main(int argc, char *argv[]){
212
const char *plugindir = "/conf/conf.d/mandos/plugins.d";
213
const char *conffile = CONFFILE;
214
FILE *conffp;
215
size_t d_name_len;
216
DIR *dir = NULL;
113
char plugindir[] = "plugins.d";
114
size_t d_name_len, plugindir_len = sizeof(plugindir)-1;
115
DIR *dir;
217
116
struct dirent *dirst;
218
117
struct stat st;
219
fd_set rfds_all;
118
fd_set rfds_orig;
220
119
int ret, maxfd = 0;
221
uid_t uid = 65534;
222
gid_t gid = 65534;
223
bool debug = false;
224
int exitstatus = EXIT_SUCCESS;
225
struct sigaction old_sigchld_action;
226
struct sigaction sigchld_action = { .sa_handler = handle_sigchld,
227
.sa_flags = SA_NOCLDSTOP };
228
char **custom_argv = NULL;
229
int custom_argc = 0;
230
231
/* Establish a signal handler */
232
sigemptyset(&sigchld_action.sa_mask);
233
ret = sigaddset(&sigchld_action.sa_mask, SIGCHLD);
234
if(ret < 0){
235
perror("sigaddset");
236
exit(EXIT_FAILURE);
237
}
238
ret = sigaction(SIGCHLD, &sigchld_action, &old_sigchld_action);
239
if(ret < 0){
240
perror("sigaction");
241
exit(EXIT_FAILURE);
242
}
120
process *process_list = NULL;
243
121
244
122
/* The options we understand. */
245
123
struct argp_option options[] = {
246
124
{ .name = "global-options", .key = 'g',
247
.arg = "OPTION[,OPTION[,...]]",
248
.doc = "Options passed to all plugins" },
125
.arg = "option[,option[,...]]", .flags = 0,
126
.doc = "Options effecting all plugins" },
249
127
{ .name = "options-for", .key = 'o',
250
.arg = "PLUGIN:OPTION[,OPTION[,...]]",
251
.doc = "Options passed only to specified plugin" },
252
{ .name = "disable", .key = 'd',
253
.arg = "PLUGIN",
254
.doc = "Disable a specific plugin", .group = 1 },
255
{ .name = "plugin-dir", .key = 128,
256
.arg = "DIRECTORY",
257
.doc = "Specify a different plugin directory", .group = 2 },
258
{ .name = "userid", .key = 129,
259
.arg = "ID", .flags = 0,
260
.doc = "User ID the plugins will run as", .group = 2 },
261
{ .name = "groupid", .key = 130,
262
.arg = "ID", .flags = 0,
263
.doc = "Group ID the plugins will run as", .group = 2 },
264
{ .name = "debug", .key = 131,
265
.doc = "Debug mode", .group = 3 },
128
.arg = "plugin:option[,option[,...]]", .flags = 0,
129
.doc = "Options effecting only specified plugins" },
266
130
{ .name = NULL }
267
131
};
268
132
269
133
error_t parse_opt (int key, char *arg, struct argp_state *state) {
270
/* Get the INPUT argument from `argp_parse', which we know is a
271
pointer to our plugin list pointer. */
134
/* Get the INPUT argument from `argp_parse', which we
135
know is a pointer to our arguments structure. */
272
136
plugin **plugins = state->input;
273
137
switch (key) {
274
138
case 'g':
275
139
if (arg != NULL){
276
char *p;
277
while((p = strsep(&arg, ",")) != NULL){
278
if(p[0] == '\0'){
279
continue;
280
}
281
addargument(getplugin(NULL, plugins), p);
282
}
140
char *p = strtok(arg, ",");
141
do{
142
addarguments(getplugin(NULL, plugins), p);
143
p = strtok(NULL, ",");
144
} while (p);
283
145
}
284
146
break;
285
147
case 'o':
286
148
if (arg != NULL){
287
char *name = strsep(&arg, ":");
288
if(name[0] == '\0'){
289
break;
290
}
291
char *opt = strsep(&arg, ":");
292
if(opt[0] == '\0'){
293
break;
294
}
295
if(opt != NULL){
296
char *p;
297
while((p = strsep(&opt, ",")) != NULL){
298
if(p[0] == '\0'){
299
continue;
300
}
301
addargument(getplugin(name, plugins), p);
302
}
303
}
304
}
305
break;
306
case 'd':
307
if (arg != NULL){
308
getplugin(arg, plugins)->disabled = true;
309
}
310
break;
311
case 128:
312
plugindir = arg;
313
break;
314
case 129:
315
uid = (uid_t)strtol(arg, NULL, 10);
316
break;
317
case 130:
318
gid = (gid_t)strtol(arg, NULL, 10);
319
break;
320
case 131:
321
debug = true;
149
char *name = strtok(arg, ":");
150
char *p = strtok(NULL, ":");
151
p = strtok(p, ",");
152
do{
153
addarguments(getplugin(name, plugins), p);
154
p = strtok(NULL, ",");
155
} while (p);
156
}
322
157
break;
323
158
case ARGP_KEY_ARG:
324
fprintf(stderr, "Ignoring unknown argument \"%s\"\n", arg);
159
argp_usage (state);
325
160
break;
326
161
case ARGP_KEY_END:
327
162
break;
330
165
}
331
166
return 0;
332
167
}
333
168
334
169
plugin *plugin_list = NULL;
335
170
336
171
struct argp argp = { .options = options, .parser = parse_opt,
337
.args_doc = "[+PLUS_SEPARATED_OPTIONS]",
338
.doc = "Mandos plugin runner -- Run plugins" };
339
340
ret = argp_parse (&argp, argc, argv, 0, 0, &plugin_list);
341
if (ret == ARGP_ERR_UNKNOWN){
342
fprintf(stderr, "Unknown error while parsing arguments\n");
343
exitstatus = EXIT_FAILURE;
344
goto end;
345
}
346
347
conffp = fopen(conffile, "r");
348
if(conffp != NULL){
349
char *org_line = NULL;
350
size_t size = 0;
351
ssize_t sret;
352
char *p, *arg, *new_arg, *line;
353
const char whitespace_delims[] = " \r\t\f\v\n";
354
const char comment_delim[] = "#";
355
356
while(true){
357
sret = getline(&org_line, &size, conffp);
358
if(sret == -1){
359
break;
360
}
361
362
line = org_line;
363
arg = strsep(&line, comment_delim);
364
while((p = strsep(&arg, whitespace_delims)) != NULL){
365
if(p[0] == '\0'){
366
continue;
367
}
368
new_arg = strdup(p);
369
custom_argv = addcustomargument(custom_argv, &custom_argc, new_arg);
370
if (custom_argv == NULL){
371
perror("addcustomargument");
372
exitstatus = EXIT_FAILURE;
373
goto end;
374
}
375
}
376
}
377
free(org_line);
378
} else{
379
/* check for harmfull errors */
380
if (errno == EMFILE or errno == ENFILE or errno == ENOMEM){
381
perror("fopen");
382
exitstatus = EXIT_FAILURE;
383
goto end;
384
}
385
}
386
387
if(custom_argv != NULL){
388
custom_argv[0] = argv[0];
389
ret = argp_parse (&argp, custom_argc, custom_argv, 0, 0, &plugin_list);
390
if (ret == ARGP_ERR_UNKNOWN){
391
fprintf(stderr, "Unknown error while parsing arguments\n");
392
exitstatus = EXIT_FAILURE;
393
goto end;
394
}
395
}
396
397
if(debug){
398
for(plugin *p = plugin_list; p != NULL; p=p->next){
399
fprintf(stderr, "Plugin: %s has %d arguments\n",
400
p->name ? p->name : "Global", p->argc - 1);
401
for(char **a = p->argv; *a != NULL; a++){
402
fprintf(stderr, "\tArg: %s\n", *a);
403
}
404
}
405
}
406
407
ret = setuid(uid);
408
if (ret == -1){
409
perror("setuid");
410
}
411
412
setgid(gid);
413
if (ret == -1){
414
perror("setgid");
415
}
172
.args_doc = args_doc, .doc = doc };
173
174
argp_parse (&argp, argc, argv, 0, 0, &plugin_list);
175
176
/* for(plugin *p = plugin_list; p != NULL; p=p->next){ */
177
/* fprintf(stderr, "Plugin: %s has %d arguments\n", p->name ? p->name : "Global", p->argc); */
178
/* for(char **a = p->argv + 1; *a != NULL; a++){ */
179
/* fprintf(stderr, "\tArg: %s\n", *a); */
180
/* } */
181
/* } */
182
183
/* return 0; */
416
184
417
185
dir = opendir(plugindir);
186
418
187
if(dir == NULL){
419
perror("Could not open plugin dir");
420
exitstatus = EXIT_FAILURE;
421
goto end;
422
}
423
424
/* Set the FD_CLOEXEC flag on the directory, if possible */
425
{
426
int dir_fd = dirfd(dir);
427
if(dir_fd >= 0){
428
ret = set_cloexec_flag(dir_fd);
429
if(ret < 0){
430
perror("set_cloexec_flag");
431
exitstatus = EXIT_FAILURE;
432
goto end;
433
}
434
}
435
}
436
437
FD_ZERO(&rfds_all);
188
fprintf(stderr, "Can not open directory\n");
189
return EXIT_FAILURE;
190
}
191
192
FD_ZERO(&rfds_orig);
438
193
439
194
while(true){
440
195
dirst = readdir(dir);
441
196
442
197
// All directory entries have been processed
443
198
if(dirst == NULL){
444
if (errno == EBADF){
445
perror("readdir");
446
exitstatus = EXIT_FAILURE;
447
goto end;
448
}
449
199
break;
450
200
}
451
201
452
202
d_name_len = strlen(dirst->d_name);
453
203
454
// Ignore dotfiles, backup files and other junk
455
{
456
bool bad_name = false;
457
458
const char const *bad_prefixes[] = { ".", "#", NULL };
459
460
const char const *bad_suffixes[] = { "~", "#", ".dpkg-new",
461
".dpkg-old",
462
".dpkg-divert", NULL };
463
for(const char **pre = bad_prefixes; *pre != NULL; pre++){
464
size_t pre_len = strlen(*pre);
465
if((d_name_len >= pre_len)
466
and strncmp((dirst->d_name), *pre, pre_len) == 0){
467
if(debug){
468
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
469
" with bad prefix %s\n", dirst->d_name, *pre);
470
}
471
bad_name = true;
472
break;
473
}
474
}
475
476
if(bad_name){
477
continue;
478
}
479
480
for(const char **suf = bad_suffixes; *suf != NULL; suf++){
481
size_t suf_len = strlen(*suf);
482
if((d_name_len >= suf_len)
483
and (strcmp((dirst->d_name)+d_name_len-suf_len, *suf)
484
== 0)){
485
if(debug){
486
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
487
" with bad suffix %s\n", dirst->d_name, *suf);
488
}
489
bad_name = true;
490
break;
491
}
492
}
493
494
if(bad_name){
495
continue;
496
}
497
}
498
499
char *filename = malloc(d_name_len + strlen(plugindir) + 2);
500
if (filename == NULL){
501
perror("malloc");
502
continue;
503
}
504
strcpy(filename, plugindir); /* Spurious warning */
505
strcat(filename, "/"); /* Spurious warning */
506
strcat(filename, dirst->d_name); /* Spurious warning */
507
508
ret = stat(filename, &st);
509
if (ret == -1){
510
perror("stat");
511
free(filename);
512
continue;
513
}
514
515
if (not S_ISREG(st.st_mode) or (access(filename, X_OK) != 0)){
516
if(debug){
517
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
518
" with bad type or mode\n", filename);
519
}
520
free(filename);
521
continue;
522
}
523
if(getplugin(dirst->d_name, &plugin_list)->disabled){
524
if(debug){
525
fprintf(stderr, "Ignoring disabled plugin \"%s\"\n",
526
dirst->d_name);
527
}
528
free(filename);
529
continue;
530
}
531
plugin *p = getplugin(dirst->d_name, &plugin_list);
532
{
533
/* Add global arguments to argument list for this plugin */
534
plugin *g = getplugin(NULL, &plugin_list);
535
for(char **a = g->argv + 1; *a != NULL; a++){
536
addargument(p, *a);
537
}
538
}
539
int pipefd[2];
540
ret = pipe(pipefd);
541
if (ret == -1){
542
perror("pipe");
543
exitstatus = EXIT_FAILURE;
544
goto end;
545
}
546
ret = set_cloexec_flag(pipefd[0]);
547
if(ret < 0){
548
perror("set_cloexec_flag");
549
exitstatus = EXIT_FAILURE;
550
goto end;
551
}
552
ret = set_cloexec_flag(pipefd[1]);
553
if(ret < 0){
554
perror("set_cloexec_flag");
555
exitstatus = EXIT_FAILURE;
556
goto end;
557
}
558
/* Block SIGCHLD until process is safely in process list */
559
ret = sigprocmask (SIG_BLOCK, &sigchld_action.sa_mask, NULL);
560
if(ret < 0){
561
perror("sigprocmask");
562
exitstatus = EXIT_FAILURE;
563
goto end;
564
}
565
// Starting a new process to be watched
566
pid_t pid = fork();
567
if(pid == -1){
568
perror("fork");
569
exitstatus = EXIT_FAILURE;
570
goto end;
571
}
572
if(pid == 0){
573
/* this is the child process */
574
ret = sigaction(SIGCHLD, &old_sigchld_action, NULL);
575
if(ret < 0){
576
perror("sigaction");
577
_exit(EXIT_FAILURE);
578
}
579
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
580
if(ret < 0){
581
perror("sigprocmask");
582
_exit(EXIT_FAILURE);
583
}
584
585
ret = dup2(pipefd[1], STDOUT_FILENO); /* replace our stdout */
586
if(ret == -1){
587
perror("dup2");
588
_exit(EXIT_FAILURE);
589
}
590
591
if(dirfd(dir) < 0){
592
/* If dir has no file descriptor, we could not set FD_CLOEXEC
593
above and must now close it manually here. */
204
// Ignore dotfiles and backup files
205
if (dirst->d_name[0] == '.'
206
or dirst->d_name[d_name_len - 1] == '~'){
207
continue;
208
}
209
210
char *filename = malloc(d_name_len + plugindir_len + 2);
211
strcpy(filename, plugindir);
212
strcat(filename, "/");
213
strcat(filename, dirst->d_name);
214
215
stat(filename, &st);
216
217
if (S_ISREG(st.st_mode) and (access(filename, X_OK) == 0)){
218
// Starting a new process to be watched
219
process *new_process = malloc(sizeof(process));
220
int pipefd[2];
221
ret = pipe(pipefd);
222
if (ret == -1){
223
perror(argv[0]);
224
goto end;
225
}
226
new_process->pid = fork();
227
if(new_process->pid == 0){
228
/* this is the child process */
594
229
closedir(dir);
595
}
596
if(execv(filename, p->argv) < 0){
597
perror("execv");
598
_exit(EXIT_FAILURE);
599
}
600
/* no return */
601
}
602
/* parent process */
603
free(filename);
604
close(pipefd[1]); /* close unused write end of pipe */
605
process *new_process = malloc(sizeof(process));
606
if (new_process == NULL){
607
perror("malloc");
608
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
609
if(ret < 0){
610
perror("sigprocmask");
611
}
612
exitstatus = EXIT_FAILURE;
613
goto end;
614
}
615
616
*new_process = (struct process){ .pid = pid,
617
.fd = pipefd[0],
618
.next = process_list };
619
// List handling
620
process_list = new_process;
621
/* Unblock SIGCHLD so signal handler can be run if this process
622
has already completed */
623
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
624
if(ret < 0){
625
perror("sigprocmask");
626
exitstatus = EXIT_FAILURE;
627
goto end;
628
}
629
630
FD_SET(new_process->fd, &rfds_all);
631
632
if (maxfd < new_process->fd){
633
maxfd = new_process->fd;
634
}
635
636
}
637
638
/* Free the plugin list */
639
for(plugin *next; plugin_list != NULL; plugin_list = next){
640
next = plugin_list->next;
641
free(plugin_list->argv);
642
free(plugin_list);
230
close(pipefd[0]); /* close unused read end of pipe */
231
dup2(pipefd[1], STDOUT_FILENO); /* replace our stdout */
232
char *basename;
233
basename = strrchr(filename, '/');
234
if (basename == NULL){
235
basename = filename;
236
} else {
237
basename++;
238
}
239
plugin *p = getplugin(basename, &plugin_list);
240
241
plugin *g = getplugin(NULL, &plugin_list);
242
for(char **a = g->argv + 1; *a != NULL; a++){
243
addarguments(p, *a);
244
}
245
if(execv(filename, p->argv) < 0){
246
perror(argv[0]);
247
close(pipefd[1]);
248
exit(EXIT_FAILURE);
249
}
250
/* no return */
251
}
252
close(pipefd[1]); /* close unused write end of pipe */
253
new_process->fd = pipefd[0];
254
new_process->buffer = malloc(BUFFER_SIZE);
255
if (new_process->buffer == NULL){
256
perror(argv[0]);
257
goto end;
258
}
259
new_process->buffer_size = BUFFER_SIZE;
260
new_process->buffer_length = 0;
261
FD_SET(new_process->fd, &rfds_orig);
262
263
if (maxfd < new_process->fd){
264
maxfd = new_process->fd;
265
}
266
267
//List handling
268
new_process->next = process_list;
269
process_list = new_process;
270
}
643
271
}
644
272
645
273
closedir(dir);
646
dir = NULL;
647
648
if (process_list == NULL){
649
fprintf(stderr, "No plugin processes started. Incorrect plugin"
650
" directory?\n");
651
process_list = NULL;
652
}
653
while(process_list){
654
fd_set rfds = rfds_all;
655
int select_ret = select(maxfd+1, &rfds, NULL, NULL, NULL);
656
if (select_ret == -1){
657
perror("select");
658
exitstatus = EXIT_FAILURE;
659
goto end;
660
}
661
/* OK, now either a process completed, or something can be read
662
from one of them */
663
for(process *proc = process_list; proc ; proc = proc->next){
664
/* Is this process completely done? */
665
if(proc->eof and proc->completed){
666
/* Only accept the plugin output if it exited cleanly */
667
if(not WIFEXITED(proc->status)
668
or WEXITSTATUS(proc->status) != 0){
669
/* Bad exit by plugin */
670
if(debug){
671
if(WIFEXITED(proc->status)){
672
fprintf(stderr, "Plugin %u exited with status %d\n",
673
(unsigned int) (proc->pid),
674
WEXITSTATUS(proc->status));
675
} else if(WIFSIGNALED(proc->status)) {
676
fprintf(stderr, "Plugin %u killed by signal %d\n",
677
(unsigned int) (proc->pid),
678
WTERMSIG(proc->status));
679
} else if(WCOREDUMP(proc->status)){
680
fprintf(stderr, "Plugin %d dumped core\n",
681
(unsigned int) (proc->pid));
682
}
683
}
684
/* Remove the plugin */
685
FD_CLR(proc->fd, &rfds_all);
686
/* Block signal while modifying process_list */
687
ret = sigprocmask (SIG_BLOCK, &sigchld_action.sa_mask, NULL);
688
if(ret < 0){
689
perror("sigprocmask");
690
exitstatus = EXIT_FAILURE;
691
goto end;
692
}
693
/* Delete this process entry from the list */
694
if(process_list == proc){
695
/* First one - simple */
696
process_list = proc->next;
697
} else {
698
/* Second one or later */
699
for(process *p = process_list; p != NULL; p = p->next){
700
if(p->next == proc){
701
p->next = proc->next;
702
break;
274
275
if (process_list != NULL){
276
while(true){
277
fd_set rfds = rfds_orig;
278
int select_ret = select(maxfd+1, &rfds, NULL, NULL, NULL);
279
if (select_ret == -1){
280
perror(argv[0]);
281
goto end;
282
}else{
283
for(process *process_itr = process_list; process_itr != NULL;
284
process_itr = process_itr->next){
285
if(FD_ISSET(process_itr->fd, &rfds)){
286
if(process_itr->buffer_length + BUFFER_SIZE
287
> process_itr->buffer_size){
288
process_itr->buffer = realloc(process_itr->buffer,
289
process_itr->buffer_size
290
+ (size_t) BUFFER_SIZE);
291
if (process_itr->buffer == NULL){
292
perror(argv[0]);
293
goto end;
294
}
295
process_itr->buffer_size += BUFFER_SIZE;
296
}
297
ret = read(process_itr->fd, process_itr->buffer
298
+ process_itr->buffer_length, BUFFER_SIZE);
299
if(ret < 0){
300
/* Read error from this process; ignore it */
301
continue;
302
}
303
process_itr->buffer_length += (size_t) ret;
304
if(ret == 0){
305
/* got EOF */
306
/* wait for process exit */
307
int status;
308
waitpid(process_itr->pid, &status, 0);
309
if(WIFEXITED(status) and WEXITSTATUS(status) == 0){
310
for(size_t written = 0;
311
written < process_itr->buffer_length;){
312
ret = write(STDOUT_FILENO,
313
process_itr->buffer + written,
314
process_itr->buffer_length - written);
315
if(ret < 0){
316
perror(argv[0]);
317
goto end;
318
}
319
written += (size_t)ret;
320
}
321
goto end;
322
} else {
323
FD_CLR(process_itr->fd, &rfds_orig);
703
324
}
704
325
}
705
326
}
706
/* We are done modifying process list, so unblock signal */
707
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask,
708
NULL);
709
if(ret < 0){
710
perror("sigprocmask");
711
}
712
free(proc->buffer);
713
free(proc);
714
/* We deleted this process from the list, so we can't go
715
proc->next. Therefore, start over from the beginning of
716
the process list */
717
break;
718
}
719
/* This process exited nicely, so print its buffer */
720
721
bool bret = print_out_password(proc->buffer, proc->buffer_length);
722
if(not bret){
723
perror("print_out_password");
724
exitstatus = EXIT_FAILURE;
725
}
726
goto end;
727
}
728
/* This process has not completed. Does it have any output? */
729
if(proc->eof or not FD_ISSET(proc->fd, &rfds)){
730
/* This process had nothing to say at this time */
731
continue;
732
}
733
/* Before reading, make the process' data buffer large enough */
734
if(proc->buffer_length + BUFFER_SIZE > proc->buffer_size){
735
proc->buffer = realloc(proc->buffer, proc->buffer_size
736
+ (size_t) BUFFER_SIZE);
737
if (proc->buffer == NULL){
738
perror("malloc");
739
exitstatus = EXIT_FAILURE;
740
goto end;
741
}
742
proc->buffer_size += BUFFER_SIZE;
743
}
744
/* Read from the process */
745
ret = read(proc->fd, proc->buffer + proc->buffer_length,
746
BUFFER_SIZE);
747
if(ret < 0){
748
/* Read error from this process; ignore the error */
749
continue;
750
}
751
if(ret == 0){
752
/* got EOF */
753
proc->eof = true;
754
} else {
755
proc->buffer_length += (size_t) ret;
327
}
756
328
}
757
329
}
758
330
}
759
760
331
761
332
end:
762
763
if(process_list == NULL or exitstatus != EXIT_SUCCESS){
764
/* Fallback if all plugins failed, none are found or an error occured */
765
bool bret;
766
fprintf(stderr, "Going to fallback mode using getpass(3)\n");
767
char *passwordbuffer = getpass("Password: ");
768
bret = print_out_password(passwordbuffer, strlen(passwordbuffer));
769
if(not bret){
770
perror("print_out_password");
771
exitstatus = EXIT_FAILURE;
772
goto end;
773
}
774
}
775
776
/* Restore old signal handler */
777
sigaction(SIGCHLD, &old_sigchld_action, NULL);
778
779
free(custom_argv);
780
781
/* Free the plugin list */
782
for(plugin *next; plugin_list != NULL; plugin_list = next){
783
next = plugin_list->next;
784
free(plugin_list->argv);
785
free(plugin_list);
786
}
787
788
if(dir != NULL){
789
closedir(dir);
790
}
791
792
/* Free the process list and kill the processes */
793
for(process *next; process_list != NULL; process_list = next){
794
next = process_list->next;
795
close(process_list->fd);
796
ret = kill(process_list->pid, SIGTERM);
797
if(ret == -1 and errno != ESRCH){
798
/* set-uid proccesses migth not get closed */
799
perror("kill");
800
}
801
free(process_list->buffer);
802
free(process_list);
803
}
804
805
/* Wait for any remaining child processes to terminate */
806
do{
807
ret = wait(NULL);
808
} while(ret >= 0);
809
if(errno != ECHILD){
810
perror("wait");
811
}
812
813
return exitstatus;
333
for(process *process_itr = process_list; process_itr != NULL;
334
process_itr = process_itr->next){
335
close(process_itr->fd);
336
kill(process_itr->pid, SIGTERM);
337
free(process_itr->buffer);
338
}
339
340
while(true){
341
int status;
342
ret = wait(&status);
343
if (ret == -1){
344
if(errno != ECHILD){
345
perror("wait");
346
}
347
break;
348
}
349
}
350
return EXIT_SUCCESS;
814
351
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0