To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugbasedclient.c
- browse files at revision 35
- compare with another revision
- download diff
- download tarball
- view history from revision 35
- Committer: Teddy Hogeborn
- Date: 2008-08-02 10:48:24 UTC
- Revision ID: teddy@fukt.bsnet.se-20080802104824-fx0miwp9o4g9r31e
* plugbasedclient.c (struct process): New fields "eof", "completed",
and "status".
(handle_sigchld): New function.
(main): Initialize "dir" to NULL to only closedir() it if necessary.
Move "process_list" to be a global variable to be accessible
by "handle_sigchld". Make "handle_sigchld" handle SIGCHLD.
Remove redundant check for NULL "dir". Free "filename" when
no longer used. Block SIGCHLD around fork()/exec().
Restore normal signals in child. Only loop while running
processes exist. Print process buffer when the process is
done and it has emitted EOF, not when it only emits EOF.
Remove processes from list which exit non-cleanly. In
cleaning up, closedir() if necessary. Bug fix: set next
pointer correctly when freeing process list.
* plugins.d/passprompt.c (main): Do not ignore SIGQUIT.
and "status".
(handle_sigchld): New function.
(main): Initialize "dir" to NULL to only closedir() it if necessary.
Move "process_list" to be a global variable to be accessible
by "handle_sigchld". Make "handle_sigchld" handle SIGCHLD.
Remove redundant check for NULL "dir". Free "filename" when
no longer used. Block SIGCHLD around fork()/exec().
Restore normal signals in child. Only loop while running
processes exist. Print process buffer when the process is
done and it has emitted EOF, not when it only emits EOF.
Remove processes from list which exit non-cleanly. In
cleaning up, closedir() if necessary. Bug fix: set next
pointer correctly when freeing process list.
* plugins.d/passprompt.c (main): Do not ignore SIGQUIT.
- files added:
- ca.pem
- files removed:
- initramfs-tools-hook
- files renamed:
- mandos-client.c => plugbasedclient.c
- plugins.d/password-request.c => plugins.d/mandosclient.c
- plugins.d/password-prompt.c => plugins.d/passprompt.c
- mandos.conf => server.conf
- mandos => server.py
- files modified:
- Makefile
added
removed
plugbasedclient.c
23
23
24
24
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */
25
25
26
#include <stddef.h> /* size_t, NULL */
27
#include <stdlib.h> /* malloc(), exit(), EXIT_FAILURE,
28
EXIT_SUCCESS, realloc() */
29
#include <stdbool.h> /* bool, true, false */
30
#include <stdio.h> /* perror, popen(), fileno(),
31
fprintf(), stderr, STDOUT_FILENO */
32
#include <sys/types.h> /* DIR, opendir(), stat(), struct
33
stat, waitpid(), WIFEXITED(),
34
WEXITSTATUS(), wait(), pid_t,
35
uid_t, gid_t, getuid(), getgid(),
36
dirfd() */
37
#include <sys/select.h> /* fd_set, select(), FD_ZERO(),
38
FD_SET(), FD_ISSET(), FD_CLR */
39
#include <sys/wait.h> /* wait(), waitpid(), WIFEXITED(),
40
WEXITSTATUS() */
41
#include <sys/stat.h> /* struct stat, stat(), S_ISREG() */
26
#include <stdio.h> /* popen(), fileno(), fprintf(),
27
stderr, STDOUT_FILENO */
42
28
#include <iso646.h> /* and, or, not */
29
#include <sys/types.h> /* DIR, opendir(), stat(),
30
struct stat, waitpid(),
31
WIFEXITED(), WEXITSTATUS(),
32
wait() */
33
#include <sys/wait.h> /* wait() */
43
34
#include <dirent.h> /* DIR, struct dirent, opendir(),
44
readdir(), closedir(), dirfd() */
35
readdir(), closedir() */
36
#include <sys/stat.h> /* struct stat, stat(), S_ISREG() */
45
37
#include <unistd.h> /* struct stat, stat(), S_ISREG(),
46
fcntl(), setuid(), setgid(),
47
F_GETFD, F_SETFD, FD_CLOEXEC,
48
access(), pipe(), fork(), close()
49
dup2, STDOUT_FILENO, _exit(),
50
execv(), write(), read(),
51
close() */
52
#include <fcntl.h> /* fcntl(), F_GETFD, F_SETFD,
53
FD_CLOEXEC */
54
#include <string.h> /* strtok, strlen(), strcpy(),
55
strcat() */
38
fcntl() */
39
#include <fcntl.h> /* fcntl() */
40
#include <stddef.h> /* NULL */
41
#include <stdlib.h> /* EXIT_FAILURE */
42
#include <sys/select.h> /* fd_set, select(), FD_ZERO(),
43
FD_SET(), FD_ISSET() */
44
#include <string.h> /* strlen(), strcpy(), strcat() */
45
#include <stdbool.h> /* true */
46
#include <sys/wait.h> /* waitpid(), WIFEXITED(),
47
WEXITSTATUS() */
56
48
#include <errno.h> /* errno */
57
#include <argp.h> /* struct argp_option, struct
58
argp_state, struct argp,
59
argp_parse(), ARGP_ERR_UNKNOWN,
60
ARGP_KEY_END, ARGP_KEY_ARG, error_t */
61
#include <signal.h> /* struct sigaction, sigemptyset(),
62
sigaddset(), sigaction(),
63
sigprocmask(), SIG_BLOCK, SIGCHLD,
64
SIG_UNBLOCK, kill() */
65
#include <errno.h> /* errno, EBADF */
66
67
#define BUFFER_SIZE 256
68
69
const char *argp_program_version = "mandos-client 1.0";
70
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
49
#include <argp.h> /* struct argp_option,
50
struct argp_state, struct argp,
51
argp_parse() */
71
52
72
53
struct process;
73
54
91
72
struct plugin *next;
92
73
} plugin;
93
74
94
static plugin *getplugin(char *name, plugin **plugin_list){
75
plugin *getplugin(char *name, plugin **plugin_list){
95
76
for (plugin *p = *plugin_list; p != NULL; p = p->next){
96
77
if ((p->name == name)
97
78
or (p->name and name and (strcmp(p->name, name) == 0))){
120
101
return new_plugin;
121
102
}
122
103
123
static void addargument(plugin *p, char *arg){
104
void addargument(plugin *p, char *arg){
124
105
p->argv[p->argc] = arg;
125
106
p->argv = realloc(p->argv, sizeof(char *) * (size_t)(p->argc + 2));
126
107
if (p->argv == NULL){
136
117
* Descriptor Flags".
137
118
* *Note File Descriptor Flags:(libc)Descriptor Flags.
138
119
*/
139
static int set_cloexec_flag(int fd)
120
int set_cloexec_flag(int fd)
140
121
{
141
122
int ret = fcntl(fd, F_GETFD, 0);
142
123
/* If reading the flags failed, return error indication now. */
147
128
return fcntl(fd, F_SETFD, ret | FD_CLOEXEC);
148
129
}
149
130
131
#define BUFFER_SIZE 256
132
133
const char *argp_program_version = "plugbasedclient 0.9";
134
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
135
150
136
process *process_list = NULL;
151
137
152
138
/* Mark a process as completed when it exits, and save its exit
155
141
process *proc = process_list;
156
142
int status;
157
143
pid_t pid = wait(&status);
158
if(pid == -1){
159
perror("wait");
160
return;
161
}
162
144
while(proc != NULL and proc->pid != pid){
163
proc = proc->next;
145
proc = proc->next;
164
146
}
165
147
if(proc == NULL){
166
148
/* Process not found in process list */
170
152
proc->completed = true;
171
153
}
172
154
173
bool print_out_password(const char *buffer, size_t length){
174
ssize_t ret;
175
if(length>0 and buffer[length-1] == '\n'){
176
length--;
177
}
178
for(size_t written = 0; written < length; written += (size_t)ret){
179
ret = TEMP_FAILURE_RETRY(write(STDOUT_FILENO, buffer + written,
180
length - written));
181
if(ret < 0){
182
return false;
183
}
184
}
185
return true;
186
}
187
188
155
int main(int argc, char *argv[]){
189
156
const char *plugindir = "/conf/conf.d/mandos/plugins.d";
190
157
size_t d_name_len;
193
160
struct stat st;
194
161
fd_set rfds_all;
195
162
int ret, maxfd = 0;
196
uid_t uid = 65534;
197
gid_t gid = 65534;
198
163
bool debug = false;
199
164
int exitstatus = EXIT_SUCCESS;
200
struct sigaction old_sigchld_action;
201
struct sigaction sigchld_action = { .sa_handler = handle_sigchld,
202
.sa_flags = SA_NOCLDSTOP };
203
char *plus_options = NULL;
204
char **plus_argv = NULL;
205
165
206
166
/* Establish a signal handler */
167
struct sigaction old_sigchld_action,
168
sigchld_action = { .sa_handler = handle_sigchld,
169
.sa_flags = SA_NOCLDSTOP };
207
170
sigemptyset(&sigchld_action.sa_mask);
208
171
ret = sigaddset(&sigchld_action.sa_mask, SIGCHLD);
209
172
if(ret < 0){
230
193
{ .name = "plugin-dir", .key = 128,
231
194
.arg = "DIRECTORY",
232
195
.doc = "Specify a different plugin directory", .group = 2 },
233
{ .name = "userid", .key = 129,
234
.arg = "ID", .flags = 0,
235
.doc = "User ID the plugins will run as", .group = 2 },
236
{ .name = "groupid", .key = 130,
237
.arg = "ID", .flags = 0,
238
.doc = "Group ID the plugins will run as", .group = 2 },
239
{ .name = "debug", .key = 131,
196
{ .name = "debug", .key = 129,
240
197
.doc = "Debug mode", .group = 3 },
241
198
{ .name = NULL }
242
199
};
252
209
do{
253
210
addargument(getplugin(NULL, plugins), p);
254
211
p = strtok(NULL, ",");
255
} while (p != NULL);
212
} while (p);
256
213
}
257
214
break;
258
215
case 'o':
259
216
if (arg != NULL){
260
217
char *name = strtok(arg, ":");
261
218
char *p = strtok(NULL, ":");
262
if(p != NULL){
219
if(p){
263
220
p = strtok(p, ",");
264
221
do{
265
222
addargument(getplugin(name, plugins), p);
266
223
p = strtok(NULL, ",");
267
} while (p != NULL);
224
} while (p);
268
225
}
269
226
}
270
227
break;
277
234
plugindir = arg;
278
235
break;
279
236
case 129:
280
uid = (uid_t)strtol(arg, NULL, 10);
281
break;
282
case 130:
283
gid = (gid_t)strtol(arg, NULL, 10);
284
break;
285
case 131:
286
237
debug = true;
287
238
break;
288
239
case ARGP_KEY_ARG:
289
if(plus_options != NULL or arg == NULL or arg[0] != '+'){
290
argp_usage (state);
291
}
292
plus_options = arg;
240
argp_usage (state);
293
241
break;
294
242
case ARGP_KEY_END:
295
243
break;
302
250
plugin *plugin_list = NULL;
303
251
304
252
struct argp argp = { .options = options, .parser = parse_opt,
305
.args_doc = "[+PLUS_SEPARATED_OPTIONS]",
253
.args_doc = "",
306
254
.doc = "Mandos plugin runner -- Run plugins" };
307
255
308
ret = argp_parse (&argp, argc, argv, 0, 0, &plugin_list);
309
if (ret == ARGP_ERR_UNKNOWN){
310
fprintf(stderr, "Unknown error while parsing arguments\n");
311
exitstatus = EXIT_FAILURE;
312
goto end;
313
}
314
315
if(plus_options){
316
/* This is a mangled argument in the form of
317
"+--option+--other-option=parameter+--yet-another-option", etc */
318
/* Make new argc and argv vars, and call argp_parse() again. */
319
plus_options++; /* skip the first '+' character */
320
const char delims[] = "+";
321
char *arg;
322
int new_argc = 1;
323
plus_argv = malloc(sizeof(char*) * 2);
324
if(plus_argv == NULL){
325
perror("malloc");
326
exitstatus = EXIT_FAILURE;
327
goto end;
328
}
329
plus_argv[0] = argv[0];
330
plus_argv[1] = NULL;
331
arg = strtok(plus_options, delims); /* Get first argument */
332
while(arg != NULL){
333
new_argc++;
334
plus_argv = realloc(plus_argv, sizeof(char *)
335
* ((unsigned int) new_argc + 1));
336
if(plus_argv == NULL){
337
perror("realloc");
338
exitstatus = EXIT_FAILURE;
339
goto end;
340
}
341
plus_argv[new_argc-1] = arg;
342
plus_argv[new_argc] = NULL;
343
arg = strtok(NULL, delims); /* Get next argument */
344
}
345
ret = argp_parse (&argp, new_argc, plus_argv, 0, 0, &plugin_list);
346
if (ret == ARGP_ERR_UNKNOWN){
347
fprintf(stderr, "Unknown error while parsing arguments\n");
348
exitstatus = EXIT_FAILURE;
349
goto end;
350
}
351
}
256
argp_parse (&argp, argc, argv, 0, 0, &plugin_list);
352
257
353
258
if(debug){
354
259
for(plugin *p = plugin_list; p != NULL; p=p->next){
360
265
}
361
266
}
362
267
363
ret = setuid(uid);
364
if (ret == -1){
365
perror("setuid");
366
}
367
368
setgid(gid);
369
if (ret == -1){
370
perror("setgid");
371
}
372
373
268
dir = opendir(plugindir);
374
269
if(dir == NULL){
375
270
perror("Could not open plugin dir");
397
292
398
293
// All directory entries have been processed
399
294
if(dirst == NULL){
400
if (errno == EBADF){
401
perror("readdir");
402
exitstatus = EXIT_FAILURE;
403
goto end;
404
}
405
295
break;
406
296
}
407
297
462
352
strcat(filename, "/"); /* Spurious warning */
463
353
strcat(filename, dirst->d_name); /* Spurious warning */
464
354
465
ret = stat(filename, &st);
466
if (ret == -1){
467
perror("stat");
468
exitstatus = EXIT_FAILURE;
469
goto end;
470
}
355
stat(filename, &st);
471
356
472
357
if (not S_ISREG(st.st_mode) or (access(filename, X_OK) != 0)){
473
358
if(debug){
533
418
perror("sigprocmask");
534
419
_exit(EXIT_FAILURE);
535
420
}
536
537
ret = dup2(pipefd[1], STDOUT_FILENO); /* replace our stdout */
538
if(ret == -1){
539
perror("dup2");
540
_exit(EXIT_FAILURE);
541
}
421
dup2(pipefd[1], STDOUT_FILENO); /* replace our stdout */
542
422
543
423
if(dirfd(dir) < 0){
544
424
/* If dir has no file descriptor, we could not set FD_CLOEXEC
596
476
597
477
closedir(dir);
598
478
dir = NULL;
599
479
600
480
if (process_list == NULL){
601
fprintf(stderr, "No plugin processes started. Incorrect plugin"
602
" directory?\n");
603
process_list = NULL;
481
fprintf(stderr, "No plugin processes started, exiting\n");
482
exitstatus = EXIT_FAILURE;
483
goto end;
604
484
}
605
485
while(process_list){
606
486
fd_set rfds = rfds_all;
621
501
/* Bad exit by plugin */
622
502
if(debug){
623
503
if(WIFEXITED(proc->status)){
624
fprintf(stderr, "Plugin %u exited with status %d\n",
625
(unsigned int) (proc->pid),
626
WEXITSTATUS(proc->status));
504
fprintf(stderr, "Plugin %d exited with status %d\n",
505
proc->pid, WEXITSTATUS(proc->status));
627
506
} else if(WIFSIGNALED(proc->status)) {
628
fprintf(stderr, "Plugin %u killed by signal %d\n",
629
(unsigned int) (proc->pid),
630
WTERMSIG(proc->status));
507
fprintf(stderr, "Plugin %d killed by signal %d\n",
508
proc->pid, WTERMSIG(proc->status));
631
509
} else if(WCOREDUMP(proc->status)){
632
fprintf(stderr, "Plugin %d dumped core\n",
633
(unsigned int) (proc->pid));
510
fprintf(stderr, "Plugin %d dumped core\n", proc->pid);
634
511
}
635
512
}
636
513
/* Remove the plugin */
669
546
break;
670
547
}
671
548
/* This process exited nicely, so print its buffer */
672
673
bool bret = print_out_password(proc->buffer, proc->buffer_length);
674
if(not bret){
675
perror("print_out_password");
676
exitstatus = EXIT_FAILURE;
549
for(size_t written = 0; written < proc->buffer_length;
550
written += (size_t)ret){
551
ret = TEMP_FAILURE_RETRY(write(STDOUT_FILENO,
552
proc->buffer + written,
553
proc->buffer_length
554
- written));
555
if(ret < 0){
556
perror("write");
557
exitstatus = EXIT_FAILURE;
558
goto end;
559
}
677
560
}
678
561
goto end;
679
562
}
708
591
}
709
592
}
710
593
}
711
712
594
if(process_list == NULL){
595
fprintf(stderr, "All plugin processes failed, exiting\n");
596
exitstatus = EXIT_FAILURE;
597
}
598
713
599
end:
714
715
if(process_list == NULL or exitstatus != EXIT_SUCCESS){
716
/* Fallback if all plugins failed or an error occured */
717
bool bret;
718
fprintf(stderr, "Going to fallback mode using getpass(3)\n");
719
char *passwordbuffer = getpass("Password: ");
720
bret = print_out_password(passwordbuffer, strlen(passwordbuffer));
721
if(not bret){
722
perror("print_out_password");
723
exitstatus = EXIT_FAILURE;
724
goto end;
725
}
726
}
727
728
600
/* Restore old signal handler */
729
601
sigaction(SIGCHLD, &old_sigchld_action, NULL);
730
602
731
free(plus_argv);
732
733
603
/* Free the plugin list */
734
604
for(plugin *next; plugin_list != NULL; plugin_list = next){
735
605
next = plugin_list->next;
745
615
for(process *next; process_list != NULL; process_list = next){
746
616
next = process_list->next;
747
617
close(process_list->fd);
748
ret = kill(process_list->pid, SIGTERM);
749
if(ret == -1 and errno != ESRCH){
750
/* set-uid proccesses migth not get closed */
751
perror("kill");
752
}
618
kill(process_list->pid, SIGTERM);
753
619
free(process_list->buffer);
754
620
free(process_list);
755
621
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0