3
3
* Mandos plugin runner - Run Mandos plugins
5
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
5
* Copyright © 2008,2009 Teddy Hogeborn
6
* Copyright © 2008,2009 Björn Påhlsson
7
8
* This program is free software: you can redistribute it and/or
8
9
* modify it under the terms of the GNU General Public License as
27
28
#include <stdlib.h> /* malloc(), exit(), EXIT_FAILURE,
28
29
EXIT_SUCCESS, realloc() */
29
30
#include <stdbool.h> /* bool, true, false */
30
#include <stdio.h> /* perror, popen(), fileno(),
31
fprintf(), stderr, STDOUT_FILENO */
31
#include <stdio.h> /* perror, fileno(), fprintf(),
32
stderr, STDOUT_FILENO */
32
33
#include <sys/types.h> /* DIR, opendir(), stat(), struct
33
34
stat, waitpid(), WIFEXITED(),
34
35
WEXITSTATUS(), wait(), pid_t,
46
47
fcntl(), setuid(), setgid(),
47
48
F_GETFD, F_SETFD, FD_CLOEXEC,
48
49
access(), pipe(), fork(), close()
49
dup2, STDOUT_FILENO, _exit(),
50
dup2(), STDOUT_FILENO, _exit(),
50
51
execv(), write(), read(),
52
53
#include <fcntl.h> /* fcntl(), F_GETFD, F_SETFD,
69
70
#define PDIR "/lib/mandos/plugins.d"
70
71
#define AFILE "/conf/conf.d/mandos/plugin-runner.conf"
72
const char *argp_program_version = "plugin-runner 1.0";
73
const char *argp_program_version = "plugin-runner " VERSION;
73
74
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
77
76
typedef struct plugin{
78
77
char *name; /* can be NULL or any plugin name */
97
96
static plugin *plugin_list = NULL;
99
/* Gets a existing plugin based on name,
98
/* Gets an existing plugin based on name,
100
99
or if none is found, creates a new one */
101
100
static plugin *getplugin(char *name){
102
101
/* Check for exiting plugin with that name */
103
for (plugin *p = plugin_list; p != NULL; p = p->next){
104
if ((p->name == name)
105
or (p->name and name and (strcmp(p->name, name) == 0))){
102
for(plugin *p = plugin_list; p != NULL; p = p->next){
104
or (p->name and name and (strcmp(p->name, name) == 0))){
109
108
/* Create a new plugin */
110
109
plugin *new_plugin = malloc(sizeof(plugin));
111
if (new_plugin == NULL){
110
if(new_plugin == NULL){
114
113
char *copy_name = NULL;
122
121
*new_plugin = (plugin) { .name = copy_name,
124
123
.disabled = false,
125
124
.next = plugin_list };
127
126
new_plugin->argv = malloc(sizeof(char *) * 2);
128
if (new_plugin->argv == NULL){
127
if(new_plugin->argv == NULL){
130
129
free(new_plugin);
187
186
size_t namelen = (size_t)(strchrnul(def, '=') - def);
188
187
/* Search for this environment variable */
189
188
for(char **e = p->environ; *e != NULL; e++){
190
if(strncmp(*e, def, namelen+1) == 0){
189
if(strncmp(*e, def, namelen + 1) == 0){
191
190
/* It already exists */
193
char *new = realloc(*e, strlen(def));
192
char *new = realloc(*e, strlen(def) + 1);
208
207
* Descriptor Flags".
209
208
* *Note File Descriptor Flags:(libc)Descriptor Flags.
211
static int set_cloexec_flag(int fd)
210
static int set_cloexec_flag(int fd){
213
211
int ret = fcntl(fd, F_GETFD, 0);
214
212
/* If reading the flags failed, return error indication now. */
223
221
/* Mark processes as completed when they exit, and save their exit
225
void handle_sigchld(__attribute__((unused)) int sig){
223
static void handle_sigchld(__attribute__((unused)) int sig){
227
225
plugin *proc = plugin_list;
255
253
/* Prints out a password to stdout */
256
bool print_out_password(const char *buffer, size_t length){
254
static bool print_out_password(const char *buffer, size_t length){
258
if(length>0 and buffer[length-1] == '\n'){
261
256
for(size_t written = 0; written < length; written += (size_t)ret){
262
257
ret = TEMP_FAILURE_RETRY(write(STDOUT_FILENO, buffer + written,
263
258
length - written));
379
error_t parse_opt (int key, char *arg, __attribute__((unused))
380
struct argp_state *state) {
375
error_t parse_opt(int key, char *arg, __attribute__((unused))
376
struct argp_state *state) {
382
378
case 'g': /* --global-options */
385
381
while((p = strsep(&arg, ",")) != NULL){
386
382
if(p[0] == '\0'){
401
char *envdef = strdup(arg);
405
if(not add_environment(getplugin(NULL), envdef, true)){
406
perror("add_environment");
396
if(not add_environment(getplugin(NULL), arg, true)){
397
perror("add_environment");
410
400
case 'o': /* --options-for */
412
402
char *p_name = strsep(&arg, ":");
413
if(p_name[0] == '\0'){
403
if(p_name[0] == '\0' or arg == NULL){
416
406
char *opt = strsep(&arg, ":");
407
if(opt[0] == '\0' or opt == NULL){
422
while((p = strsep(&opt, ",")) != NULL){
426
if(not add_argument(getplugin(p_name), p)){
427
perror("add_argument");
428
return ARGP_ERR_UNKNOWN;
411
while((p = strsep(&opt, ",")) != NULL){
415
if(not add_argument(getplugin(p_name), p)){
416
perror("add_argument");
417
return ARGP_ERR_UNKNOWN;
440
428
if(envdef == NULL){
443
char *p_name = strndup(arg, (size_t) (envdef-arg));
448
if(not add_environment(getplugin(p_name), envdef, true)){
432
if(not add_environment(getplugin(arg), envdef+1, true)){
449
433
perror("add_environment");
453
437
case 'd': /* --disable */
455
439
plugin *p = getplugin(arg);
457
441
return ARGP_ERR_UNKNOWN;
478
463
/* This is already done by parse_opt_config_file() */
480
465
case 130: /* --userid */
481
uid = (uid_t)strtol(arg, NULL, 10);
466
/* In the GNU C library, uid_t is always unsigned int */
467
ret = sscanf(arg, "%u", &uid);
469
fprintf(stderr, "Bad user ID number: \"%s\", using %u\n", arg,
483
473
case 131: /* --groupid */
484
gid = (gid_t)strtol(arg, NULL, 10);
474
/* In the GNU C library, gid_t is always unsigned int */
475
ret = sscanf(arg, "%u", &gid);
477
fprintf(stderr, "Bad group ID number: \"%s\", using %u\n",
486
481
case 132: /* --debug */
485
* When adding more options before this line, remember to also add a
486
* "case" to the "parse_opt_config_file" function below.
489
488
case ARGP_KEY_ARG:
490
fprintf(stderr, "Ignoring unknown argument \"%s\"\n", arg);
489
/* Cryptsetup always passes an argument, which is an empty
490
string if "none" was specified in /etc/crypttab. So if
491
argument was empty, we ignore it silently. */
493
fprintf(stderr, "Ignoring unknown argument \"%s\"\n", arg);
492
496
case ARGP_KEY_END:
500
504
/* This option parser is the same as parse_opt() above, except it
501
505
ignores everything but the --config-file option. */
502
error_t parse_opt_config_file (int key, char *arg,
503
__attribute__((unused))
504
struct argp_state *state) {
506
error_t parse_opt_config_file(int key, char *arg,
507
__attribute__((unused))
508
struct argp_state *state) {
506
510
case 'g': /* --global-options */
507
511
case 'G': /* --global-env */
508
512
case 'o': /* --options-for */
535
540
.doc = "Mandos plugin runner -- Run plugins" };
537
/* Parse using the parse_opt_config_file in order to get the custom
542
/* Parse using parse_opt_config_file() in order to get the custom
538
543
config file location, if any. */
539
ret = argp_parse (&argp, argc, argv, ARGP_IN_ORDER, 0, NULL);
540
if (ret == ARGP_ERR_UNKNOWN){
544
ret = argp_parse(&argp, argc, argv, ARGP_IN_ORDER, 0, NULL);
545
if(ret == ARGP_ERR_UNKNOWN){
541
546
fprintf(stderr, "Unknown error while parsing arguments\n");
542
547
exitstatus = EXIT_FAILURE;
556
561
char *org_line = NULL;
557
562
char *p, *arg, *new_arg, *line;
560
564
const char whitespace_delims[] = " \r\t\f\v\n";
561
565
const char comment_delim[] = "#";
610
614
/* Check for harmful errors and go to fallback. Other errors might
611
615
not affect opening plugins */
612
if (errno == EMFILE or errno == ENFILE or errno == ENOMEM){
616
if(errno == EMFILE or errno == ENFILE or errno == ENOMEM){
614
618
exitstatus = EXIT_FAILURE;
618
622
/* If there was any arguments from configuration file,
619
623
pass them to parser as command arguments */
620
624
if(custom_argv != NULL){
621
ret = argp_parse (&argp, custom_argc, custom_argv, ARGP_IN_ORDER,
623
if (ret == ARGP_ERR_UNKNOWN){
625
ret = argp_parse(&argp, custom_argc, custom_argv, ARGP_IN_ORDER,
627
if(ret == ARGP_ERR_UNKNOWN){
624
628
fprintf(stderr, "Unknown error while parsing arguments\n");
625
629
exitstatus = EXIT_FAILURE;
630
634
/* Parse actual command line arguments, to let them override the
632
ret = argp_parse (&argp, argc, argv, ARGP_IN_ORDER, 0, NULL);
633
if (ret == ARGP_ERR_UNKNOWN){
636
ret = argp_parse(&argp, argc, argv, ARGP_IN_ORDER, 0, NULL);
637
if(ret == ARGP_ERR_UNKNOWN){
634
638
fprintf(stderr, "Unknown error while parsing arguments\n");
635
639
exitstatus = EXIT_FAILURE;
712
716
const char const *bad_suffixes[] = { "~", "#", ".dpkg-new",
714
719
".dpkg-divert", NULL };
715
720
for(const char **pre = bad_prefixes; *pre != NULL; pre++){
716
721
size_t pre_len = strlen(*pre);
750
ret = asprintf(&filename, "%s/%s", plugindir, dirst->d_name);
755
if(plugindir == NULL){
756
ret = asprintf(&filename, PDIR "/%s", dirst->d_name);
758
ret = asprintf(&filename, "%s/%s", plugindir, dirst->d_name);
752
761
perror("asprintf");
756
765
ret = stat(filename, &st);
763
772
/* Ignore non-executable files */
764
if (not S_ISREG(st.st_mode) or (access(filename, X_OK) != 0)){
773
if(not S_ISREG(st.st_mode) or (access(filename, X_OK) != 0)){
766
775
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
767
776
" with bad type or mode\n", filename);
835
844
/* Block SIGCHLD until process is safely in process list */
836
ret = sigprocmask (SIG_BLOCK, &sigchld_action.sa_mask, NULL);
845
ret = sigprocmask(SIG_BLOCK, &sigchld_action.sa_mask, NULL);
838
847
perror("sigprocmask");
839
848
exitstatus = EXIT_FAILURE;
853
862
perror("sigaction");
854
863
_exit(EXIT_FAILURE);
856
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
865
ret = sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
858
867
perror("sigprocmask");
859
868
_exit(EXIT_FAILURE);
862
871
ret = dup2(pipefd[1], STDOUT_FILENO); /* replace our stdout */
887
896
close(pipefd[1]); /* Close unused write end of pipe */
889
898
plugin *new_plugin = getplugin(dirst->d_name);
890
if (new_plugin == NULL){
899
if(new_plugin == NULL){
891
900
perror("getplugin");
892
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
901
ret = sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
894
903
perror("sigprocmask");
903
912
/* Unblock SIGCHLD so signal handler can be run if this process
904
913
has already completed */
905
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
914
ret = sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
907
916
perror("sigprocmask");
908
917
exitstatus = EXIT_FAILURE;
912
921
FD_SET(new_plugin->fd, &rfds_all);
914
if (maxfd < new_plugin->fd){
923
if(maxfd < new_plugin->fd){
915
924
maxfd = new_plugin->fd;
923
931
for(plugin *p = plugin_list; p != NULL; p = p->next){
930
938
free_plugin_list();
934
942
/* Main loop while running plugins exist */
935
943
while(plugin_list){
936
944
fd_set rfds = rfds_all;
937
945
int select_ret = select(maxfd+1, &rfds, NULL, NULL, NULL);
938
if (select_ret == -1){
946
if(select_ret == -1){
939
947
perror("select");
940
948
exitstatus = EXIT_FAILURE;
943
951
/* OK, now either a process completed, or something can be read
944
952
from one of them */
945
for(plugin *proc = plugin_list; proc != NULL; proc = proc->next){
953
for(plugin *proc = plugin_list; proc != NULL;){
946
954
/* Is this process completely done? */
947
955
if(proc->eof and proc->completed){
948
956
/* Only accept the plugin output if it exited cleanly */
960
968
(unsigned int) (proc->pid),
961
969
WTERMSIG(proc->status));
962
970
} else if(WCOREDUMP(proc->status)){
963
fprintf(stderr, "Plugin %d dumped core\n",
971
fprintf(stderr, "Plugin %u dumped core\n",
964
972
(unsigned int) (proc->pid));
975
983
exitstatus = EXIT_FAILURE;
987
plugin *next_plugin = proc->next;
978
988
free_plugin(proc);
979
991
/* We are done modifying process list, so unblock signal */
980
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask,
992
ret = sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask,
983
995
perror("sigprocmask");
984
996
exitstatus = EXIT_FAILURE;
1005
1018
/* This process has not completed. Does it have any output? */
1006
1019
if(proc->eof or not FD_ISSET(proc->fd, &rfds)){
1007
1020
/* This process had nothing to say at this time */
1010
1024
/* Before reading, make the process' data buffer large enough */
1011
1025
if(proc->buffer_length + BUFFER_SIZE > proc->buffer_size){
1012
1026
proc->buffer = realloc(proc->buffer, proc->buffer_size
1013
1027
+ (size_t) BUFFER_SIZE);
1014
if (proc->buffer == NULL){
1028
if(proc->buffer == NULL){
1015
1029
perror("malloc");
1016
1030
exitstatus = EXIT_FAILURE;
1019
1033
proc->buffer_size += BUFFER_SIZE;
1021
1035
/* Read from the process */
1022
ret = read(proc->fd, proc->buffer + proc->buffer_length,
1036
sret = read(proc->fd, proc->buffer + proc->buffer_length,
1025
1039
/* Read error from this process; ignore the error */
1030
1045
proc->eof = true;
1032
proc->buffer_length += (size_t) ret;
1047
proc->buffer_length += (size_t) sret;
1044
1059
fprintf(stderr, "Going to fallback mode using getpass(3)\n");
1045
1060
char *passwordbuffer = getpass("Password: ");
1046
bret = print_out_password(passwordbuffer, strlen(passwordbuffer));
1061
size_t len = strlen(passwordbuffer);
1062
/* Strip trailing newline */
1063
if(len > 0 and passwordbuffer[len-1] == '\n'){
1064
passwordbuffer[len-1] = '\0'; /* not strictly necessary */
1067
bret = print_out_password(passwordbuffer, len);
1048
1069
perror("print_out_password");
1049
1070
exitstatus = EXIT_FAILURE;