To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugin-runner.c
- browse files at revision 249
- compare with another revision
- download diff
- download tarball
- view history from revision 249
- Committer: Teddy Hogeborn
- Date: 2009-01-06 02:42:53 UTC
- Revision ID: teddy@fukt.bsnet.se-20090106024253-7w4mfestd9sgk4rw
Merge release from release branch.
- files added:
- .bzr-builddeb
- debian
- debian/po
- files removed:
- network-protocol.txt
- files renamed:
- mandos-client.c => plugin-runner.c
- mandos-client.xml => plugin-runner.xml
- plugins.d/password-request.c => plugins.d/mandos-client.c
- plugins.d/password-request.xml => plugins.d/mandos-client.xml
- files modified:
- Makefile
added
removed
plugin-runner.c
2
2
/*
3
3
* Mandos plugin runner - Run Mandos plugins
4
4
*
5
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
5
* Copyright © 2008,2009 Teddy Hogeborn
6
* Copyright © 2008,2009 Björn Påhlsson
6
7
*
7
8
* This program is free software: you can redistribute it and/or
8
9
* modify it under the terms of the GNU General Public License as
21
22
* Contact the authors at <mandos@fukt.bsnet.se>.
22
23
*/
23
24
24
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */
25
25
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), getline(),
26
asprintf() */
26
27
#include <stddef.h> /* size_t, NULL */
27
28
#include <stdlib.h> /* malloc(), exit(), EXIT_FAILURE,
28
29
EXIT_SUCCESS, realloc() */
29
30
#include <stdbool.h> /* bool, true, false */
30
#include <stdio.h> /* perror, popen(), fileno(),
31
fprintf(), stderr, STDOUT_FILENO */
31
#include <stdio.h> /* perror, fileno(), fprintf(),
32
stderr, STDOUT_FILENO */
32
33
#include <sys/types.h> /* DIR, opendir(), stat(), struct
33
34
stat, waitpid(), WIFEXITED(),
34
35
WEXITSTATUS(), wait(), pid_t,
46
47
fcntl(), setuid(), setgid(),
47
48
F_GETFD, F_SETFD, FD_CLOEXEC,
48
49
access(), pipe(), fork(), close()
49
dup2, STDOUT_FILENO, _exit(),
50
dup2(), STDOUT_FILENO, _exit(),
50
51
execv(), write(), read(),
51
52
close() */
52
53
#include <fcntl.h> /* fcntl(), F_GETFD, F_SETFD,
53
54
FD_CLOEXEC */
54
#include <string.h> /* strtok, strlen(), strcpy(),
55
strcat() */
55
#include <string.h> /* strsep, strlen(), asprintf() */
56
56
#include <errno.h> /* errno */
57
57
#include <argp.h> /* struct argp_option, struct
58
58
argp_state, struct argp,
59
59
argp_parse(), ARGP_ERR_UNKNOWN,
60
ARGP_KEY_END, ARGP_KEY_ARG, error_t */
60
ARGP_KEY_END, ARGP_KEY_ARG,
61
error_t */
61
62
#include <signal.h> /* struct sigaction, sigemptyset(),
62
63
sigaddset(), sigaction(),
63
64
sigprocmask(), SIG_BLOCK, SIGCHLD,
66
67
67
68
#define BUFFER_SIZE 256
68
69
69
const char *argp_program_version = "mandos-client 1.0";
70
#define PDIR "/lib/mandos/plugins.d"
71
#define AFILE "/conf/conf.d/mandos/plugin-runner.conf"
72
73
const char *argp_program_version = "plugin-runner " VERSION;
70
74
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
71
75
72
struct process;
76
typedef struct plugin{
77
char *name; /* can be NULL or any plugin name */
78
char **argv;
79
int argc;
80
char **environ;
81
int envc;
82
bool disabled;
73
83
74
typedef struct process{
84
/* Variables used for running processes*/
75
85
pid_t pid;
76
86
int fd;
77
87
char *buffer;
78
88
size_t buffer_size;
79
89
size_t buffer_length;
80
90
bool eof;
81
bool completed;
82
int status;
83
struct process *next;
84
} process;
85
86
typedef struct plugin{
87
char *name; /* can be NULL or any plugin name */
88
char **argv;
89
int argc;
90
bool disabled;
91
volatile bool completed;
92
volatile int status;
91
93
struct plugin *next;
92
94
} plugin;
93
95
94
static plugin *getplugin(char *name, plugin **plugin_list){
95
for (plugin *p = *plugin_list; p != NULL; p = p->next){
96
static plugin *plugin_list = NULL;
97
98
/* Gets an existing plugin based on name,
99
or if none is found, creates a new one */
100
static plugin *getplugin(char *name){
101
/* Check for exiting plugin with that name */
102
for (plugin *p = plugin_list; p != NULL; p = p->next){
96
103
if ((p->name == name)
97
104
or (p->name and name and (strcmp(p->name, name) == 0))){
98
105
return p;
101
108
/* Create a new plugin */
102
109
plugin *new_plugin = malloc(sizeof(plugin));
103
110
if (new_plugin == NULL){
104
perror("malloc");
105
exit(EXIT_FAILURE);
106
}
107
new_plugin->name = name;
111
return NULL;
112
}
113
char *copy_name = NULL;
114
if(name != NULL){
115
copy_name = strdup(name);
116
if(copy_name == NULL){
117
return NULL;
118
}
119
}
120
121
*new_plugin = (plugin) { .name = copy_name,
122
.argc = 1,
123
.disabled = false,
124
.next = plugin_list };
125
108
126
new_plugin->argv = malloc(sizeof(char *) * 2);
109
127
if (new_plugin->argv == NULL){
110
perror("malloc");
111
exit(EXIT_FAILURE);
128
free(copy_name);
129
free(new_plugin);
130
return NULL;
112
131
}
113
new_plugin->argv[0] = name;
132
new_plugin->argv[0] = copy_name;
114
133
new_plugin->argv[1] = NULL;
115
new_plugin->argc = 1;
116
new_plugin->disabled = false;
117
new_plugin->next = *plugin_list;
134
135
new_plugin->environ = malloc(sizeof(char *));
136
if(new_plugin->environ == NULL){
137
free(copy_name);
138
free(new_plugin->argv);
139
free(new_plugin);
140
return NULL;
141
}
142
new_plugin->environ[0] = NULL;
143
118
144
/* Append the new plugin to the list */
119
*plugin_list = new_plugin;
145
plugin_list = new_plugin;
120
146
return new_plugin;
121
147
}
122
148
123
static void addargument(plugin *p, char *arg){
124
p->argv[p->argc] = arg;
125
p->argv = realloc(p->argv, sizeof(char *) * (size_t)(p->argc + 2));
126
if (p->argv == NULL){
127
perror("malloc");
128
exit(EXIT_FAILURE);
129
}
130
p->argc++;
131
p->argv[p->argc] = NULL;
149
/* Helper function for add_argument and add_environment */
150
static bool add_to_char_array(const char *new, char ***array,
151
int *len){
152
/* Resize the pointed-to array to hold one more pointer */
153
*array = realloc(*array, sizeof(char *)
154
* (size_t) ((*len) + 2));
155
/* Malloc check */
156
if(*array == NULL){
157
return false;
158
}
159
/* Make a copy of the new string */
160
char *copy = strdup(new);
161
if(copy == NULL){
162
return false;
163
}
164
/* Insert the copy */
165
(*array)[*len] = copy;
166
(*len)++;
167
/* Add a new terminating NULL pointer to the last element */
168
(*array)[*len] = NULL;
169
return true;
170
}
171
172
/* Add to a plugin's argument vector */
173
static bool add_argument(plugin *p, const char *arg){
174
if(p == NULL){
175
return false;
176
}
177
return add_to_char_array(arg, &(p->argv), &(p->argc));
178
}
179
180
/* Add to a plugin's environment */
181
static bool add_environment(plugin *p, const char *def, bool replace){
182
if(p == NULL){
183
return false;
184
}
185
/* namelen = length of name of environment variable */
186
size_t namelen = (size_t)(strchrnul(def, '=') - def);
187
/* Search for this environment variable */
188
for(char **e = p->environ; *e != NULL; e++){
189
if(strncmp(*e, def, namelen + 1) == 0){
190
/* It already exists */
191
if(replace){
192
char *new = realloc(*e, strlen(def) + 1);
193
if(new == NULL){
194
return false;
195
}
196
*e = new;
197
strcpy(*e, def);
198
}
199
return true;
200
}
201
}
202
return add_to_char_array(def, &(p->environ), &(p->envc));
132
203
}
133
204
134
205
/*
136
207
* Descriptor Flags".
137
208
* *Note File Descriptor Flags:(libc)Descriptor Flags.
138
209
*/
139
static int set_cloexec_flag(int fd)
140
{
210
static int set_cloexec_flag(int fd){
141
211
int ret = fcntl(fd, F_GETFD, 0);
142
212
/* If reading the flags failed, return error indication now. */
143
213
if(ret < 0){
147
217
return fcntl(fd, F_SETFD, ret | FD_CLOEXEC);
148
218
}
149
219
150
process *process_list = NULL;
151
220
152
/* Mark a process as completed when it exits, and save its exit
221
/* Mark processes as completed when they exit, and save their exit
153
222
status. */
154
void handle_sigchld(__attribute__((unused)) int sig){
155
process *proc = process_list;
156
int status;
157
pid_t pid = wait(&status);
158
if(pid == -1){
159
perror("wait");
160
return;
161
}
162
while(proc != NULL and proc->pid != pid){
163
proc = proc->next;
164
}
165
if(proc == NULL){
166
/* Process not found in process list */
167
return;
168
}
169
proc->status = status;
170
proc->completed = true;
223
static void handle_sigchld(__attribute__((unused)) int sig){
224
while(true){
225
plugin *proc = plugin_list;
226
int status;
227
pid_t pid = waitpid(-1, &status, WNOHANG);
228
if(pid == 0){
229
/* Only still running child processes */
230
break;
231
}
232
if(pid == -1){
233
if (errno != ECHILD){
234
perror("waitpid");
235
}
236
/* No child processes */
237
break;
238
}
239
240
/* A child exited, find it in process_list */
241
while(proc != NULL and proc->pid != pid){
242
proc = proc->next;
243
}
244
if(proc == NULL){
245
/* Process not found in process list */
246
continue;
247
}
248
proc->status = status;
249
proc->completed = true;
250
}
171
251
}
172
252
173
bool print_out_password(const char *buffer, size_t length){
253
/* Prints out a password to stdout */
254
static bool print_out_password(const char *buffer, size_t length){
174
255
ssize_t ret;
175
if(length>0 and buffer[length-1] == '\n'){
176
length--;
177
}
178
256
for(size_t written = 0; written < length; written += (size_t)ret){
179
257
ret = TEMP_FAILURE_RETRY(write(STDOUT_FILENO, buffer + written,
180
258
length - written));
185
263
return true;
186
264
}
187
265
266
/* Removes and free a plugin from the plugin list */
267
static void free_plugin(plugin *plugin_node){
268
269
for(char **arg = plugin_node->argv; *arg != NULL; arg++){
270
free(*arg);
271
}
272
free(plugin_node->argv);
273
for(char **env = plugin_node->environ; *env != NULL; env++){
274
free(*env);
275
}
276
free(plugin_node->environ);
277
free(plugin_node->buffer);
278
279
/* Removes the plugin from the singly-linked list */
280
if(plugin_node == plugin_list){
281
/* First one - simple */
282
plugin_list = plugin_list->next;
283
} else {
284
/* Second one or later */
285
for(plugin *p = plugin_list; p != NULL; p = p->next){
286
if(p->next == plugin_node){
287
p->next = plugin_node->next;
288
break;
289
}
290
}
291
}
292
293
free(plugin_node);
294
}
295
296
static void free_plugin_list(void){
297
while(plugin_list != NULL){
298
free_plugin(plugin_list);
299
}
300
}
301
188
302
int main(int argc, char *argv[]){
189
const char *plugindir = "/conf/conf.d/mandos/plugins.d";
303
char *plugindir = NULL;
304
char *argfile = NULL;
305
FILE *conffp;
190
306
size_t d_name_len;
191
307
DIR *dir = NULL;
192
308
struct dirent *dirst;
200
316
struct sigaction old_sigchld_action;
201
317
struct sigaction sigchld_action = { .sa_handler = handle_sigchld,
202
318
.sa_flags = SA_NOCLDSTOP };
203
char *plus_options = NULL;
204
char **plus_argv = NULL;
205
206
errno = 0;
319
char **custom_argv = NULL;
320
int custom_argc = 0;
207
321
208
322
/* Establish a signal handler */
209
323
sigemptyset(&sigchld_action.sa_mask);
210
324
ret = sigaddset(&sigchld_action.sa_mask, SIGCHLD);
211
if(ret < 0){
325
if(ret == -1){
212
326
perror("sigaddset");
213
exit(EXIT_FAILURE);
327
exitstatus = EXIT_FAILURE;
328
goto fallback;
214
329
}
215
330
ret = sigaction(SIGCHLD, &sigchld_action, &old_sigchld_action);
216
if(ret < 0){
331
if(ret == -1){
217
332
perror("sigaction");
218
exit(EXIT_FAILURE);
333
exitstatus = EXIT_FAILURE;
334
goto fallback;
219
335
}
220
336
221
337
/* The options we understand. */
223
339
{ .name = "global-options", .key = 'g',
224
340
.arg = "OPTION[,OPTION[,...]]",
225
341
.doc = "Options passed to all plugins" },
342
{ .name = "global-env", .key = 'G',
343
.arg = "VAR=value",
344
.doc = "Environment variable passed to all plugins" },
226
345
{ .name = "options-for", .key = 'o',
227
346
.arg = "PLUGIN:OPTION[,OPTION[,...]]",
228
347
.doc = "Options passed only to specified plugin" },
348
{ .name = "env-for", .key = 'E',
349
.arg = "PLUGIN:ENV=value",
350
.doc = "Environment variable passed to specified plugin" },
229
351
{ .name = "disable", .key = 'd',
230
352
.arg = "PLUGIN",
231
353
.doc = "Disable a specific plugin", .group = 1 },
354
{ .name = "enable", .key = 'e',
355
.arg = "PLUGIN",
356
.doc = "Enable a specific plugin", .group = 1 },
232
357
{ .name = "plugin-dir", .key = 128,
233
358
.arg = "DIRECTORY",
234
359
.doc = "Specify a different plugin directory", .group = 2 },
235
{ .name = "userid", .key = 129,
236
.arg = "ID", .flags = 0,
237
.doc = "User ID the plugins will run as", .group = 2 },
238
{ .name = "groupid", .key = 130,
239
.arg = "ID", .flags = 0,
240
.doc = "Group ID the plugins will run as", .group = 2 },
241
{ .name = "debug", .key = 131,
242
.doc = "Debug mode", .group = 3 },
360
{ .name = "config-file", .key = 129,
361
.arg = "FILE",
362
.doc = "Specify a different configuration file", .group = 2 },
363
{ .name = "userid", .key = 130,
364
.arg = "ID", .flags = 0,
365
.doc = "User ID the plugins will run as", .group = 3 },
366
{ .name = "groupid", .key = 131,
367
.arg = "ID", .flags = 0,
368
.doc = "Group ID the plugins will run as", .group = 3 },
369
{ .name = "debug", .key = 132,
370
.doc = "Debug mode", .group = 4 },
243
371
{ .name = NULL }
244
372
};
245
373
246
error_t parse_opt (int key, char *arg, struct argp_state *state) {
247
/* Get the INPUT argument from `argp_parse', which we know is a
248
pointer to our plugin list pointer. */
249
plugin **plugins = state->input;
374
error_t parse_opt (int key, char *arg, __attribute__((unused))
375
struct argp_state *state) {
250
376
switch (key) {
251
case 'g':
252
if (arg != NULL){
253
char *p = strtok(arg, ",");
254
do{
255
addargument(getplugin(NULL, plugins), p);
256
p = strtok(NULL, ",");
257
} while (p != NULL);
258
}
259
break;
260
case 'o':
261
if (arg != NULL){
262
char *name = strtok(arg, ":");
263
char *p = strtok(NULL, ":");
264
if(p != NULL){
265
p = strtok(p, ",");
266
do{
267
addargument(getplugin(name, plugins), p);
268
p = strtok(NULL, ",");
269
} while (p != NULL);
270
}
271
}
272
break;
273
case 'd':
274
if (arg != NULL){
275
getplugin(arg, plugins)->disabled = true;
276
}
277
break;
278
case 128:
279
plugindir = arg;
280
break;
281
case 129:
377
case 'g': /* --global-options */
378
if (arg != NULL){
379
char *p;
380
while((p = strsep(&arg, ",")) != NULL){
381
if(p[0] == '\0'){
382
continue;
383
}
384
if(not add_argument(getplugin(NULL), p)){
385
perror("add_argument");
386
return ARGP_ERR_UNKNOWN;
387
}
388
}
389
}
390
break;
391
case 'G': /* --global-env */
392
if(arg == NULL){
393
break;
394
}
395
if(not add_environment(getplugin(NULL), arg, true)){
396
perror("add_environment");
397
}
398
break;
399
case 'o': /* --options-for */
400
if (arg != NULL){
401
char *p_name = strsep(&arg, ":");
402
if(p_name[0] == '\0' or arg == NULL){
403
break;
404
}
405
char *opt = strsep(&arg, ":");
406
if(opt[0] == '\0' or opt == NULL){
407
break;
408
}
409
char *p;
410
while((p = strsep(&opt, ",")) != NULL){
411
if(p[0] == '\0'){
412
continue;
413
}
414
if(not add_argument(getplugin(p_name), p)){
415
perror("add_argument");
416
return ARGP_ERR_UNKNOWN;
417
}
418
}
419
}
420
break;
421
case 'E': /* --env-for */
422
if(arg == NULL){
423
break;
424
}
425
{
426
char *envdef = strchr(arg, ':');
427
if(envdef == NULL){
428
break;
429
}
430
*envdef = '\0';
431
if(not add_environment(getplugin(arg), envdef+1, true)){
432
perror("add_environment");
433
}
434
}
435
break;
436
case 'd': /* --disable */
437
if (arg != NULL){
438
plugin *p = getplugin(arg);
439
if(p == NULL){
440
return ARGP_ERR_UNKNOWN;
441
}
442
p->disabled = true;
443
}
444
break;
445
case 'e': /* --enable */
446
if (arg != NULL){
447
plugin *p = getplugin(arg);
448
if(p == NULL){
449
return ARGP_ERR_UNKNOWN;
450
}
451
p->disabled = false;
452
}
453
break;
454
case 128: /* --plugin-dir */
455
free(plugindir);
456
plugindir = strdup(arg);
457
if(plugindir == NULL){
458
perror("strdup");
459
}
460
break;
461
case 129: /* --config-file */
462
/* This is already done by parse_opt_config_file() */
463
break;
464
case 130: /* --userid */
282
465
uid = (uid_t)strtol(arg, NULL, 10);
283
466
break;
284
case 130:
467
case 131: /* --groupid */
285
468
gid = (gid_t)strtol(arg, NULL, 10);
286
469
break;
287
case 131:
470
case 132: /* --debug */
288
471
debug = true;
289
472
break;
290
473
case ARGP_KEY_ARG:
291
if(plus_options != NULL or arg == NULL or arg[0] != '+'){
292
argp_usage (state);
293
}
294
plus_options = arg;
295
break;
296
case ARGP_KEY_END:
297
break;
298
default:
299
return ARGP_ERR_UNKNOWN;
300
}
301
return 0;
302
}
303
304
plugin *plugin_list = NULL;
305
306
struct argp argp = { .options = options, .parser = parse_opt,
307
.args_doc = "[+PLUS_SEPARATED_OPTIONS]",
474
/* Cryptsetup always passes an argument, which is an empty
475
string if "none" was specified in /etc/crypttab. So if
476
argument was empty, we ignore it silently. */
477
if(arg[0] != '\0'){
478
fprintf(stderr, "Ignoring unknown argument \"%s\"\n", arg);
479
}
480
break;
481
case ARGP_KEY_END:
482
break;
483
default:
484
return ARGP_ERR_UNKNOWN;
485
}
486
return 0;
487
}
488
489
/* This option parser is the same as parse_opt() above, except it
490
ignores everything but the --config-file option. */
491
error_t parse_opt_config_file (int key, char *arg,
492
__attribute__((unused))
493
struct argp_state *state) {
494
switch (key) {
495
case 'g': /* --global-options */
496
case 'G': /* --global-env */
497
case 'o': /* --options-for */
498
case 'E': /* --env-for */
499
case 'd': /* --disable */
500
case 'e': /* --enable */
501
case 128: /* --plugin-dir */
502
break;
503
case 129: /* --config-file */
504
free(argfile);
505
argfile = strdup(arg);
506
if(argfile == NULL){
507
perror("strdup");
508
}
509
break;
510
case 130: /* --userid */
511
case 131: /* --groupid */
512
case 132: /* --debug */
513
case ARGP_KEY_ARG:
514
case ARGP_KEY_END:
515
break;
516
default:
517
return ARGP_ERR_UNKNOWN;
518
}
519
return 0;
520
}
521
522
struct argp argp = { .options = options,
523
.parser = parse_opt_config_file,
524
.args_doc = "",
308
525
.doc = "Mandos plugin runner -- Run plugins" };
309
526
310
ret = argp_parse (&argp, argc, argv, 0, 0, &plugin_list);
527
/* Parse using the parse_opt_config_file in order to get the custom
528
config file location, if any. */
529
ret = argp_parse (&argp, argc, argv, ARGP_IN_ORDER, 0, NULL);
311
530
if (ret == ARGP_ERR_UNKNOWN){
312
531
fprintf(stderr, "Unknown error while parsing arguments\n");
313
532
exitstatus = EXIT_FAILURE;
314
goto end;
533
goto fallback;
315
534
}
316
535
317
if(plus_options){
318
/* This is a mangled argument in the form of
319
"+--option+--other-option=parameter+--yet-another-option", etc */
320
/* Make new argc and argv vars, and call argp_parse() again. */
321
plus_options++; /* skip the first '+' character */
322
const char delims[] = "+";
323
char *arg;
324
int new_argc = 1;
325
plus_argv = malloc(sizeof(char*) * 2);
326
if(plus_argv == NULL){
536
/* Reset to the normal argument parser */
537
argp.parser = parse_opt;
538
539
/* Open the configfile if available */
540
if (argfile == NULL){
541
conffp = fopen(AFILE, "r");
542
} else {
543
conffp = fopen(argfile, "r");
544
}
545
if(conffp != NULL){
546
char *org_line = NULL;
547
char *p, *arg, *new_arg, *line;
548
size_t size = 0;
549
ssize_t sret;
550
const char whitespace_delims[] = " \r\t\f\v\n";
551
const char comment_delim[] = "#";
552
553
custom_argc = 1;
554
custom_argv = malloc(sizeof(char*) * 2);
555
if(custom_argv == NULL){
327
556
perror("malloc");
328
557
exitstatus = EXIT_FAILURE;
329
goto end;
330
}
331
plus_argv[0] = argv[0];
332
plus_argv[1] = NULL;
333
arg = strtok(plus_options, delims); /* Get first argument */
334
while(arg != NULL){
335
new_argc++;
336
plus_argv = realloc(plus_argv, sizeof(char *)
337
* ((unsigned int) new_argc + 1));
338
if(plus_argv == NULL){
339
perror("realloc");
340
exitstatus = EXIT_FAILURE;
341
goto end;
342
}
343
plus_argv[new_argc-1] = arg;
344
plus_argv[new_argc] = NULL;
345
arg = strtok(NULL, delims); /* Get next argument */
346
}
347
ret = argp_parse (&argp, new_argc, plus_argv, 0, 0, &plugin_list);
558
goto fallback;
559
}
560
custom_argv[0] = argv[0];
561
custom_argv[1] = NULL;
562
563
/* for each line in the config file, strip whitespace and ignore
564
commented text */
565
while(true){
566
sret = getline(&org_line, &size, conffp);
567
if(sret == -1){
568
break;
569
}
570
571
line = org_line;
572
arg = strsep(&line, comment_delim);
573
while((p = strsep(&arg, whitespace_delims)) != NULL){
574
if(p[0] == '\0'){
575
continue;
576
}
577
new_arg = strdup(p);
578
if(new_arg == NULL){
579
perror("strdup");
580
exitstatus = EXIT_FAILURE;
581
free(org_line);
582
goto fallback;
583
}
584
585
custom_argc += 1;
586
custom_argv = realloc(custom_argv, sizeof(char *)
587
* ((unsigned int) custom_argc + 1));
588
if(custom_argv == NULL){
589
perror("realloc");
590
exitstatus = EXIT_FAILURE;
591
free(org_line);
592
goto fallback;
593
}
594
custom_argv[custom_argc-1] = new_arg;
595
custom_argv[custom_argc] = NULL;
596
}
597
}
598
free(org_line);
599
} else {
600
/* Check for harmful errors and go to fallback. Other errors might
601
not affect opening plugins */
602
if (errno == EMFILE or errno == ENFILE or errno == ENOMEM){
603
perror("fopen");
604
exitstatus = EXIT_FAILURE;
605
goto fallback;
606
}
607
}
608
/* If there was any arguments from configuration file,
609
pass them to parser as command arguments */
610
if(custom_argv != NULL){
611
ret = argp_parse (&argp, custom_argc, custom_argv, ARGP_IN_ORDER,
612
0, NULL);
348
613
if (ret == ARGP_ERR_UNKNOWN){
349
614
fprintf(stderr, "Unknown error while parsing arguments\n");
350
615
exitstatus = EXIT_FAILURE;
351
goto end;
616
goto fallback;
352
617
}
353
618
}
354
619
620
/* Parse actual command line arguments, to let them override the
621
config file */
622
ret = argp_parse (&argp, argc, argv, ARGP_IN_ORDER, 0, NULL);
623
if (ret == ARGP_ERR_UNKNOWN){
624
fprintf(stderr, "Unknown error while parsing arguments\n");
625
exitstatus = EXIT_FAILURE;
626
goto fallback;
627
}
628
355
629
if(debug){
356
630
for(plugin *p = plugin_list; p != NULL; p=p->next){
357
631
fprintf(stderr, "Plugin: %s has %d arguments\n",
359
633
for(char **a = p->argv; *a != NULL; a++){
360
634
fprintf(stderr, "\tArg: %s\n", *a);
361
635
}
636
fprintf(stderr, "...and %u environment variables\n", p->envc);
637
for(char **a = p->environ; *a != NULL; a++){
638
fprintf(stderr, "\t%s\n", *a);
639
}
362
640
}
363
641
}
364
642
643
/* Strip permissions down to nobody */
365
644
ret = setuid(uid);
366
645
if (ret == -1){
367
646
perror("setuid");
368
}
369
647
}
370
648
setgid(gid);
371
649
if (ret == -1){
372
650
perror("setgid");
373
651
}
374
652
375
dir = opendir(plugindir);
653
if (plugindir == NULL){
654
dir = opendir(PDIR);
655
} else {
656
dir = opendir(plugindir);
657
}
658
376
659
if(dir == NULL){
377
660
perror("Could not open plugin dir");
378
661
exitstatus = EXIT_FAILURE;
379
goto end;
662
goto fallback;
380
663
}
381
664
382
665
/* Set the FD_CLOEXEC flag on the directory, if possible */
387
670
if(ret < 0){
388
671
perror("set_cloexec_flag");
389
672
exitstatus = EXIT_FAILURE;
390
goto end;
673
goto fallback;
391
674
}
392
675
}
393
676
}
394
677
395
678
FD_ZERO(&rfds_all);
396
679
680
/* Read and execute any executable in the plugin directory*/
397
681
while(true){
398
682
dirst = readdir(dir);
399
683
400
// All directory entries have been processed
684
/* All directory entries have been processed */
401
685
if(dirst == NULL){
402
686
if (errno == EBADF){
403
687
perror("readdir");
404
688
exitstatus = EXIT_FAILURE;
405
goto end;
689
goto fallback;
406
690
}
407
691
break;
408
692
}
409
693
410
694
d_name_len = strlen(dirst->d_name);
411
695
412
// Ignore dotfiles, backup files and other junk
696
/* Ignore dotfiles, backup files and other junk */
413
697
{
414
698
bool bad_name = false;
415
699
417
701
418
702
const char const *bad_suffixes[] = { "~", "#", ".dpkg-new",
419
703
".dpkg-old",
704
".dpkg-bak",
420
705
".dpkg-divert", NULL };
421
706
for(const char **pre = bad_prefixes; *pre != NULL; pre++){
422
707
size_t pre_len = strlen(*pre);
430
715
break;
431
716
}
432
717
}
433
434
718
if(bad_name){
435
719
continue;
436
720
}
437
438
721
for(const char **suf = bad_suffixes; *suf != NULL; suf++){
439
722
size_t suf_len = strlen(*suf);
440
723
if((d_name_len >= suf_len)
453
736
continue;
454
737
}
455
738
}
456
457
char *filename = malloc(d_name_len + strlen(plugindir) + 2);
458
if (filename == NULL){
459
perror("malloc");
460
exitstatus = EXIT_FAILURE;
461
goto end;
462
}
463
strcpy(filename, plugindir); /* Spurious warning */
464
strcat(filename, "/"); /* Spurious warning */
465
strcat(filename, dirst->d_name); /* Spurious warning */
739
740
char *filename;
741
if(plugindir == NULL){
742
ret = asprintf(&filename, PDIR "/%s", dirst->d_name);
743
} else {
744
ret = asprintf(&filename, "%s/%s", plugindir, dirst->d_name);
745
}
746
if(ret < 0){
747
perror("asprintf");
748
continue;
749
}
466
750
467
751
ret = stat(filename, &st);
468
752
if (ret == -1){
469
753
perror("stat");
470
exitstatus = EXIT_FAILURE;
471
goto end;
754
free(filename);
755
continue;
472
756
}
473
757
758
/* Ignore non-executable files */
474
759
if (not S_ISREG(st.st_mode) or (access(filename, X_OK) != 0)){
475
760
if(debug){
476
761
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
479
764
free(filename);
480
765
continue;
481
766
}
482
if(getplugin(dirst->d_name, &plugin_list)->disabled){
767
768
plugin *p = getplugin(dirst->d_name);
769
if(p == NULL){
770
perror("getplugin");
771
free(filename);
772
continue;
773
}
774
if(p->disabled){
483
775
if(debug){
484
776
fprintf(stderr, "Ignoring disabled plugin \"%s\"\n",
485
777
dirst->d_name);
487
779
free(filename);
488
780
continue;
489
781
}
490
plugin *p = getplugin(dirst->d_name, &plugin_list);
491
782
{
492
783
/* Add global arguments to argument list for this plugin */
493
plugin *g = getplugin(NULL, &plugin_list);
494
for(char **a = g->argv + 1; *a != NULL; a++){
495
addargument(p, *a);
496
}
497
}
498
int pipefd[2];
784
plugin *g = getplugin(NULL);
785
if(g != NULL){
786
for(char **a = g->argv + 1; *a != NULL; a++){
787
if(not add_argument(p, *a)){
788
perror("add_argument");
789
}
790
}
791
/* Add global environment variables */
792
for(char **e = g->environ; *e != NULL; e++){
793
if(not add_environment(p, *e, false)){
794
perror("add_environment");
795
}
796
}
797
}
798
}
799
/* If this plugin has any environment variables, we will call
800
using execve and need to duplicate the environment from this
801
process, too. */
802
if(p->environ[0] != NULL){
803
for(char **e = environ; *e != NULL; e++){
804
if(not add_environment(p, *e, false)){
805
perror("add_environment");
806
}
807
}
808
}
809
810
int pipefd[2];
499
811
ret = pipe(pipefd);
500
812
if (ret == -1){
501
813
perror("pipe");
502
814
exitstatus = EXIT_FAILURE;
503
goto end;
815
goto fallback;
504
816
}
817
/* Ask OS to automatic close the pipe on exec */
505
818
ret = set_cloexec_flag(pipefd[0]);
506
819
if(ret < 0){
507
820
perror("set_cloexec_flag");
508
821
exitstatus = EXIT_FAILURE;
509
goto end;
822
goto fallback;
510
823
}
511
824
ret = set_cloexec_flag(pipefd[1]);
512
825
if(ret < 0){
513
826
perror("set_cloexec_flag");
514
827
exitstatus = EXIT_FAILURE;
515
goto end;
828
goto fallback;
516
829
}
517
830
/* Block SIGCHLD until process is safely in process list */
518
831
ret = sigprocmask (SIG_BLOCK, &sigchld_action.sa_mask, NULL);
519
832
if(ret < 0){
520
833
perror("sigprocmask");
521
834
exitstatus = EXIT_FAILURE;
522
goto end;
835
goto fallback;
523
836
}
524
// Starting a new process to be watched
837
/* Starting a new process to be watched */
525
838
pid_t pid = fork();
839
if(pid == -1){
840
perror("fork");
841
exitstatus = EXIT_FAILURE;
842
goto fallback;
843
}
526
844
if(pid == 0){
527
845
/* this is the child process */
528
846
ret = sigaction(SIGCHLD, &old_sigchld_action, NULL);
530
848
perror("sigaction");
531
849
_exit(EXIT_FAILURE);
532
850
}
533
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
851
ret = sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
534
852
if(ret < 0){
535
853
perror("sigprocmask");
536
854
_exit(EXIT_FAILURE);
537
855
}
538
856
539
857
ret = dup2(pipefd[1], STDOUT_FILENO); /* replace our stdout */
540
858
if(ret == -1){
541
859
perror("dup2");
547
865
above and must now close it manually here. */
548
866
closedir(dir);
549
867
}
550
if(execv(filename, p->argv) < 0){
551
perror("execv");
552
_exit(EXIT_FAILURE);
868
if(p->environ[0] == NULL){
869
if(execv(filename, p->argv) < 0){
870
perror("execv");
871
_exit(EXIT_FAILURE);
872
}
873
} else {
874
if(execve(filename, p->argv, p->environ) < 0){
875
perror("execve");
876
_exit(EXIT_FAILURE);
877
}
553
878
}
554
879
/* no return */
555
880
}
556
/* parent process */
881
/* Parent process */
882
close(pipefd[1]); /* Close unused write end of pipe */
557
883
free(filename);
558
close(pipefd[1]); /* close unused write end of pipe */
559
process *new_process = malloc(sizeof(process));
560
if (new_process == NULL){
561
perror("malloc");
884
plugin *new_plugin = getplugin(dirst->d_name);
885
if (new_plugin == NULL){
886
perror("getplugin");
562
887
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
563
888
if(ret < 0){
564
perror("sigprocmask");
889
perror("sigprocmask");
565
890
}
566
891
exitstatus = EXIT_FAILURE;
567
goto end;
892
goto fallback;
568
893
}
569
894
570
*new_process = (struct process){ .pid = pid,
571
.fd = pipefd[0],
572
.next = process_list };
573
// List handling
574
process_list = new_process;
895
new_plugin->pid = pid;
896
new_plugin->fd = pipefd[0];
897
575
898
/* Unblock SIGCHLD so signal handler can be run if this process
576
899
has already completed */
577
900
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
578
901
if(ret < 0){
579
902
perror("sigprocmask");
580
903
exitstatus = EXIT_FAILURE;
581
goto end;
582
}
583
584
FD_SET(new_process->fd, &rfds_all);
585
586
if (maxfd < new_process->fd){
587
maxfd = new_process->fd;
588
}
589
590
}
591
592
/* Free the plugin list */
593
for(plugin *next; plugin_list != NULL; plugin_list = next){
594
next = plugin_list->next;
595
free(plugin_list->argv);
596
free(plugin_list);
904
goto fallback;
905
}
906
907
FD_SET(new_plugin->fd, &rfds_all);
908
909
if (maxfd < new_plugin->fd){
910
maxfd = new_plugin->fd;
911
}
597
912
}
598
913
599
914
closedir(dir);
600
915
dir = NULL;
601
602
if (process_list == NULL){
603
fprintf(stderr, "No plugin processes started. Incorrect plugin"
604
" directory?\n");
605
process_list = NULL;
916
917
for(plugin *p = plugin_list; p != NULL; p = p->next){
918
if(p->pid != 0){
919
break;
920
}
921
if(p->next == NULL){
922
fprintf(stderr, "No plugin processes started. Incorrect plugin"
923
" directory?\n");
924
free_plugin_list();
925
}
606
926
}
607
while(process_list){
927
928
/* Main loop while running plugins exist */
929
while(plugin_list){
608
930
fd_set rfds = rfds_all;
609
931
int select_ret = select(maxfd+1, &rfds, NULL, NULL, NULL);
610
932
if (select_ret == -1){
611
933
perror("select");
612
934
exitstatus = EXIT_FAILURE;
613
goto end;
935
goto fallback;
614
936
}
615
937
/* OK, now either a process completed, or something can be read
616
938
from one of them */
617
for(process *proc = process_list; proc ; proc = proc->next){
939
for(plugin *proc = plugin_list; proc != NULL;){
618
940
/* Is this process completely done? */
619
941
if(proc->eof and proc->completed){
620
942
/* Only accept the plugin output if it exited cleanly */
621
943
if(not WIFEXITED(proc->status)
622
944
or WEXITSTATUS(proc->status) != 0){
623
945
/* Bad exit by plugin */
946
624
947
if(debug){
625
948
if(WIFEXITED(proc->status)){
626
949
fprintf(stderr, "Plugin %u exited with status %d\n",
635
958
(unsigned int) (proc->pid));
636
959
}
637
960
}
961
638
962
/* Remove the plugin */
639
963
FD_CLR(proc->fd, &rfds_all);
964
640
965
/* Block signal while modifying process_list */
641
ret = sigprocmask (SIG_BLOCK, &sigchld_action.sa_mask, NULL);
966
ret = sigprocmask(SIG_BLOCK, &sigchld_action.sa_mask, NULL);
642
967
if(ret < 0){
643
968
perror("sigprocmask");
644
969
exitstatus = EXIT_FAILURE;
645
goto end;
646
}
647
/* Delete this process entry from the list */
648
if(process_list == proc){
649
/* First one - simple */
650
process_list = proc->next;
651
} else {
652
/* Second one or later */
653
for(process *p = process_list; p != NULL; p = p->next){
654
if(p->next == proc){
655
p->next = proc->next;
656
break;
657
}
658
}
659
}
970
goto fallback;
971
}
972
973
plugin *next_plugin = proc->next;
974
free_plugin(proc);
975
proc = next_plugin;
976
660
977
/* We are done modifying process list, so unblock signal */
661
978
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask,
662
979
NULL);
663
980
if(ret < 0){
664
981
perror("sigprocmask");
665
}
666
free(proc->buffer);
667
free(proc);
668
/* We deleted this process from the list, so we can't go
669
proc->next. Therefore, start over from the beginning of
670
the process list */
671
break;
982
exitstatus = EXIT_FAILURE;
983
goto fallback;
984
}
985
986
if(plugin_list == NULL){
987
break;
988
}
989
990
continue;
672
991
}
992
673
993
/* This process exited nicely, so print its buffer */
674
675
bool bret = print_out_password(proc->buffer, proc->buffer_length);
994
995
bool bret = print_out_password(proc->buffer,
996
proc->buffer_length);
676
997
if(not bret){
677
998
perror("print_out_password");
678
999
exitstatus = EXIT_FAILURE;
679
1000
}
680
goto end;
1001
goto fallback;
681
1002
}
1003
682
1004
/* This process has not completed. Does it have any output? */
683
1005
if(proc->eof or not FD_ISSET(proc->fd, &rfds)){
684
1006
/* This process had nothing to say at this time */
1007
proc = proc->next;
685
1008
continue;
686
1009
}
687
1010
/* Before reading, make the process' data buffer large enough */
691
1014
if (proc->buffer == NULL){
692
1015
perror("malloc");
693
1016
exitstatus = EXIT_FAILURE;
694
goto end;
1017
goto fallback;
695
1018
}
696
1019
proc->buffer_size += BUFFER_SIZE;
697
1020
}
700
1023
BUFFER_SIZE);
701
1024
if(ret < 0){
702
1025
/* Read error from this process; ignore the error */
1026
proc = proc->next;
703
1027
continue;
704
1028
}
705
1029
if(ret == 0){
712
1036
}
713
1037
714
1038
715
end:
1039
fallback:
716
1040
717
if(process_list == NULL or exitstatus != EXIT_SUCCESS){
718
/* Fallback if all plugins failed or an error occured */
1041
if(plugin_list == NULL or exitstatus != EXIT_SUCCESS){
1042
/* Fallback if all plugins failed, none are found or an error
1043
occured */
719
1044
bool bret;
720
1045
fprintf(stderr, "Going to fallback mode using getpass(3)\n");
721
1046
char *passwordbuffer = getpass("Password: ");
722
bret = print_out_password(passwordbuffer, strlen(passwordbuffer));
1047
size_t len = strlen(passwordbuffer);
1048
/* Strip trailing newline */
1049
if(len > 0 and passwordbuffer[len-1] == '\n'){
1050
passwordbuffer[len-1] = '\0'; /* not strictly necessary */
1051
len--;
1052
}
1053
bret = print_out_password(passwordbuffer, len);
723
1054
if(not bret){
724
1055
perror("print_out_password");
725
1056
exitstatus = EXIT_FAILURE;
726
goto end;
727
1057
}
728
1058
}
729
1059
730
1060
/* Restore old signal handler */
731
sigaction(SIGCHLD, &old_sigchld_action, NULL);
732
733
free(plus_argv);
734
735
/* Free the plugin list */
736
for(plugin *next; plugin_list != NULL; plugin_list = next){
737
next = plugin_list->next;
738
free(plugin_list->argv);
739
free(plugin_list);
1061
ret = sigaction(SIGCHLD, &old_sigchld_action, NULL);
1062
if(ret == -1){
1063
perror("sigaction");
1064
exitstatus = EXIT_FAILURE;
1065
}
1066
1067
if(custom_argv != NULL){
1068
for(char **arg = custom_argv+1; *arg != NULL; arg++){
1069
free(*arg);
1070
}
1071
free(custom_argv);
740
1072
}
741
1073
742
1074
if(dir != NULL){
743
1075
closedir(dir);
744
1076
}
745
1077
746
/* Free the process list and kill the processes */
747
for(process *next; process_list != NULL; process_list = next){
748
next = process_list->next;
749
close(process_list->fd);
750
ret = kill(process_list->pid, SIGTERM);
751
if(ret == -1 and errno != ESRCH){
752
/* set-uid proccesses migth not get closed */
753
perror("kill");
1078
/* Kill the processes */
1079
for(plugin *p = plugin_list; p != NULL; p = p->next){
1080
if(p->pid != 0){
1081
close(p->fd);
1082
ret = kill(p->pid, SIGTERM);
1083
if(ret == -1 and errno != ESRCH){
1084
/* Set-uid proccesses might not get closed */
1085
perror("kill");
1086
}
754
1087
}
755
free(process_list->buffer);
756
free(process_list);
757
1088
}
758
1089
759
1090
/* Wait for any remaining child processes to terminate */
764
1095
perror("wait");
765
1096
}
766
1097
1098
free_plugin_list();
1099
1100
free(plugindir);
1101
free(argfile);
1102
767
1103
return exitstatus;
768
1104
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0