To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugin-runner.c
- browse files at revision 673
- compare with another revision
- download diff
- download tarball
- view history from revision 673
- Committer: Teddy Hogeborn
- Date: 2014-03-23 19:55:18 UTC
- Revision ID: teddy@recompile.se-20140323195518-amvoytwi12iheypo
Make mandos-client prefer /run/tmp over /tmp.
* plugins.d/mandos-client.c (init_gpgme): Add more const.
(main): Make "tempdir" a pointer to the temporary directory, if one
has been created, or NULL. This also eliminates the need
for the "tempdir_created" variable.
* plugins.d/mandos-client.c (init_gpgme): Add more const.
(main): Make "tempdir" a pointer to the temporary directory, if one
has been created, or NULL. This also eliminates the need
for the "tempdir_created" variable.
- files added:
- debian/mandos-client.examples
- network-hooks.d
- files modified:
- .bzrignore
added
removed
plugin-runner.c
2
2
/*
3
3
* Mandos plugin runner - Run Mandos plugins
4
4
*
5
* Copyright © 2008-2010 Teddy Hogeborn
6
* Copyright © 2008-2010 Björn Påhlsson
5
* Copyright © 2008-2013 Teddy Hogeborn
6
* Copyright © 2008-2013 Björn Påhlsson
7
7
*
8
8
* This program is free software: you can redistribute it and/or
9
9
* modify it under the terms of the GNU General Public License as
19
19
* along with this program. If not, see
20
20
* <http://www.gnu.org/licenses/>.
21
21
*
22
* Contact the authors at <mandos@fukt.bsnet.se>.
22
* Contact the authors at <mandos@recompile.se>.
23
23
*/
24
24
25
25
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), getline(),
79
79
#define AFILE "/conf/conf.d/mandos/plugin-runner.conf"
80
80
81
81
const char *argp_program_version = "plugin-runner " VERSION;
82
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
82
const char *argp_program_bug_address = "<mandos@recompile.se>";
83
83
84
84
typedef struct plugin{
85
85
char *name; /* can be NULL or any plugin name */
105
105
106
106
/* Gets an existing plugin based on name,
107
107
or if none is found, creates a new one */
108
__attribute__((warn_unused_result))
108
109
static plugin *getplugin(char *name){
109
110
/* Check for existing plugin with that name */
110
111
for(plugin *p = plugin_list; p != NULL; p = p->next){
171
172
}
172
173
173
174
/* Helper function for add_argument and add_environment */
175
__attribute__((nonnull, warn_unused_result))
174
176
static bool add_to_char_array(const char *new, char ***array,
175
177
int *len){
176
178
/* Resize the pointed-to array to hold one more pointer */
179
char **new_array = NULL;
177
180
do {
178
*array = realloc(*array, sizeof(char *)
179
* (size_t) ((*len) + 2));
180
} while(*array == NULL and errno == EINTR);
181
new_array = realloc(*array, sizeof(char *)
182
* (size_t) ((*len) + 2));
183
} while(new_array == NULL and errno == EINTR);
181
184
/* Malloc check */
182
if(*array == NULL){
185
if(new_array == NULL){
183
186
return false;
184
187
}
188
*array = new_array;
185
189
/* Make a copy of the new string */
186
190
char *copy;
187
191
do {
199
203
}
200
204
201
205
/* Add to a plugin's argument vector */
206
__attribute__((nonnull(2), warn_unused_result))
202
207
static bool add_argument(plugin *p, const char *arg){
203
208
if(p == NULL){
204
209
return false;
207
212
}
208
213
209
214
/* Add to a plugin's environment */
215
__attribute__((nonnull(2), warn_unused_result))
210
216
static bool add_environment(plugin *p, const char *def, bool replace){
211
217
if(p == NULL){
212
218
return false;
214
220
/* namelen = length of name of environment variable */
215
221
size_t namelen = (size_t)(strchrnul(def, '=') - def);
216
222
/* Search for this environment variable */
217
for(char **e = p->environ; *e != NULL; e++){
218
if(strncmp(*e, def, namelen + 1) == 0){
223
for(char **envdef = p->environ; *envdef != NULL; envdef++){
224
if(strncmp(*envdef, def, namelen + 1) == 0){
219
225
/* It already exists */
220
226
if(replace){
221
char *new;
227
char *new_envdef;
222
228
do {
223
new = realloc(*e, strlen(def) + 1);
224
} while(new == NULL and errno == EINTR);
225
if(new == NULL){
229
new_envdef = realloc(*envdef, strlen(def) + 1);
230
} while(new_envdef == NULL and errno == EINTR);
231
if(new_envdef == NULL){
226
232
return false;
227
233
}
228
*e = new;
229
strcpy(*e, def);
234
*envdef = new_envdef;
235
strcpy(*envdef, def);
230
236
}
231
237
return true;
232
238
}
239
245
* Descriptor Flags".
240
246
| [[info:libc:Descriptor%20Flags][File Descriptor Flags]] |
241
247
*/
248
__attribute__((warn_unused_result))
242
249
static int set_cloexec_flag(int fd){
243
250
int ret = (int)TEMP_FAILURE_RETRY(fcntl(fd, F_GETFD, 0));
244
251
/* If reading the flags failed, return error indication now. */
286
293
}
287
294
288
295
/* Prints out a password to stdout */
296
__attribute__((nonnull, warn_unused_result))
289
297
static bool print_out_password(const char *buffer, size_t length){
290
298
ssize_t ret;
291
299
for(size_t written = 0; written < length; written += (size_t)ret){
299
307
}
300
308
301
309
/* Removes and free a plugin from the plugin list */
310
__attribute__((nonnull))
302
311
static void free_plugin(plugin *plugin_node){
303
312
304
313
for(char **arg = plugin_node->argv; *arg != NULL; arg++){
416
425
{ .name = NULL }
417
426
};
418
427
428
__attribute__((nonnull(3)))
419
429
error_t parse_opt(int key, char *arg, struct argp_state *state){
420
430
errno = 0;
421
431
switch(key){
422
432
char *tmp;
423
intmax_t tmpmax;
433
intmax_t tmp_id;
424
434
case 'g': /* --global-options */
425
435
{
426
436
char *plugin_option;
429
439
break;
430
440
}
431
441
}
442
errno = 0;
432
443
}
433
444
break;
434
445
case 'G': /* --global-env */
435
add_environment(getplugin(NULL), arg, true);
446
if(add_environment(getplugin(NULL), arg, true)){
447
errno = 0;
448
}
436
449
break;
437
450
case 'o': /* --options-for */
438
451
{
455
468
break;
456
469
}
457
470
}
471
errno = 0;
458
472
}
459
473
break;
460
474
case 'E': /* --env-for */
472
486
errno = EINVAL;
473
487
break;
474
488
}
475
add_environment(getplugin(arg), envdef, true);
489
if(add_environment(getplugin(arg), envdef, true)){
490
errno = 0;
491
}
476
492
}
477
493
break;
478
494
case 'd': /* --disable */
480
496
plugin *p = getplugin(arg);
481
497
if(p != NULL){
482
498
p->disabled = true;
499
errno = 0;
483
500
}
484
501
}
485
502
break;
488
505
plugin *p = getplugin(arg);
489
506
if(p != NULL){
490
507
p->disabled = false;
508
errno = 0;
491
509
}
492
510
}
493
511
break;
494
512
case 128: /* --plugin-dir */
495
513
free(plugindir);
496
514
plugindir = strdup(arg);
515
if(plugindir != NULL){
516
errno = 0;
517
}
497
518
break;
498
519
case 129: /* --config-file */
499
520
/* This is already done by parse_opt_config_file() */
500
521
break;
501
522
case 130: /* --userid */
502
tmpmax = strtoimax(arg, &tmp, 10);
523
tmp_id = strtoimax(arg, &tmp, 10);
503
524
if(errno != 0 or tmp == arg or *tmp != '\0'
504
or tmpmax != (uid_t)tmpmax){
525
or tmp_id != (uid_t)tmp_id){
505
526
argp_error(state, "Bad user ID number: \"%s\", using %"
506
527
PRIdMAX, arg, (intmax_t)uid);
507
528
break;
508
529
}
509
uid = (uid_t)tmpmax;
530
uid = (uid_t)tmp_id;
531
errno = 0;
510
532
break;
511
533
case 131: /* --groupid */
512
tmpmax = strtoimax(arg, &tmp, 10);
534
tmp_id = strtoimax(arg, &tmp, 10);
513
535
if(errno != 0 or tmp == arg or *tmp != '\0'
514
or tmpmax != (gid_t)tmpmax){
536
or tmp_id != (gid_t)tmp_id){
515
537
argp_error(state, "Bad group ID number: \"%s\", using %"
516
538
PRIdMAX, arg, (intmax_t)gid);
517
539
break;
518
540
}
519
gid = (gid_t)tmpmax;
541
gid = (gid_t)tmp_id;
542
errno = 0;
520
543
break;
521
544
case 132: /* --debug */
522
545
debug = true;
570
593
case 129: /* --config-file */
571
594
free(argfile);
572
595
argfile = strdup(arg);
596
if(argfile != NULL){
597
errno = 0;
598
}
573
599
break;
574
600
case 130: /* --userid */
575
601
case 131: /* --groupid */
658
684
}
659
685
660
686
custom_argc += 1;
661
custom_argv = realloc(custom_argv, sizeof(char *)
662
* ((unsigned int) custom_argc + 1));
663
if(custom_argv == NULL){
664
error(0, errno, "realloc");
665
exitstatus = EX_OSERR;
666
free(org_line);
667
goto fallback;
687
{
688
char **new_argv = realloc(custom_argv, sizeof(char *)
689
* ((unsigned int)
690
custom_argc + 1));
691
if(new_argv == NULL){
692
error(0, errno, "realloc");
693
exitstatus = EX_OSERR;
694
free(new_arg);
695
free(org_line);
696
goto fallback;
697
} else {
698
custom_argv = new_argv;
699
}
668
700
}
669
701
custom_argv[custom_argc-1] = new_arg;
670
702
custom_argv[custom_argc] = NULL;
742
774
}
743
775
}
744
776
745
/* Strip permissions down to nobody */
746
setgid(gid);
777
if(getuid() == 0){
778
/* Work around Debian bug #633582:
779
<http://bugs.debian.org/633582> */
780
int plugindir_fd = open(/* plugindir or */ PDIR, O_RDONLY);
781
if(plugindir_fd == -1){
782
error(0, errno, "open");
783
} else {
784
ret = (int)TEMP_FAILURE_RETRY(fstat(plugindir_fd, &st));
785
if(ret == -1){
786
error(0, errno, "fstat");
787
} else {
788
if(S_ISDIR(st.st_mode) and st.st_uid == 0 and st.st_gid == 0){
789
ret = fchown(plugindir_fd, uid, gid);
790
if(ret == -1){
791
error(0, errno, "fchown");
792
}
793
}
794
}
795
TEMP_FAILURE_RETRY(close(plugindir_fd));
796
}
797
}
798
799
/* Lower permissions */
800
ret = setgid(gid);
747
801
if(ret == -1){
748
802
error(0, errno, "setgid");
749
803
}
822
876
{
823
877
bool bad_name = false;
824
878
825
const char const *bad_prefixes[] = { ".", "#", NULL };
879
const char * const bad_prefixes[] = { ".", "#", NULL };
826
880
827
const char const *bad_suffixes[] = { "~", "#", ".dpkg-new",
881
const char * const bad_suffixes[] = { "~", "#", ".dpkg-new",
828
882
".dpkg-old",
829
883
".dpkg-bak",
830
884
".dpkg-divert", NULL };
831
for(const char **pre = bad_prefixes; *pre != NULL; pre++){
885
#ifdef __GNUC__
886
#pragma GCC diagnostic push
887
#pragma GCC diagnostic ignored "-Wcast-qual"
888
#endif
889
for(const char **pre = (const char **)bad_prefixes;
890
*pre != NULL; pre++){
891
#ifdef __GNUC__
892
#pragma GCC diagnostic pop
893
#endif
832
894
size_t pre_len = strlen(*pre);
833
895
if((d_name_len >= pre_len)
834
896
and strncmp((dirst->d_name), *pre, pre_len) == 0){
843
905
if(bad_name){
844
906
continue;
845
907
}
846
for(const char **suf = bad_suffixes; *suf != NULL; suf++){
908
#ifdef __GNUC__
909
#pragma GCC diagnostic push
910
#pragma GCC diagnostic ignored "-Wcast-qual"
911
#endif
912
for(const char **suf = (const char **)bad_suffixes;
913
*suf != NULL; suf++){
914
#ifdef __GNUC__
915
#pragma GCC diagnostic pop
916
#endif
847
917
size_t suf_len = strlen(*suf);
848
918
if((d_name_len >= suf_len)
849
919
and (strcmp((dirst->d_name) + d_name_len-suf_len, *suf)
1043
1113
goto fallback;
1044
1114
}
1045
1115
1116
#if defined (__GNUC__) and defined (__GLIBC__)
1117
#if not __GLIBC_PREREQ(2, 16)
1118
#pragma GCC diagnostic push
1119
#pragma GCC diagnostic ignored "-Wsign-conversion"
1120
#endif
1121
#endif
1046
1122
FD_SET(new_plugin->fd, &rfds_all); /* Spurious warning from
1047
-Wconversion */
1123
-Wconversion in GNU libc
1124
before 2.16 */
1125
#if defined (__GNUC__) and defined (__GLIBC__)
1126
#if not __GLIBC_PREREQ(2, 16)
1127
#pragma GCC diagnostic pop
1128
#endif
1129
#endif
1048
1130
1049
1131
if(maxfd < new_plugin->fd){
1050
1132
maxfd = new_plugin->fd;
1104
1186
}
1105
1187
1106
1188
/* Remove the plugin */
1189
#if defined (__GNUC__) and defined (__GLIBC__)
1190
#if not __GLIBC_PREREQ(2, 16)
1191
#pragma GCC diagnostic push
1192
#pragma GCC diagnostic ignored "-Wsign-conversion"
1193
#endif
1194
#endif
1107
1195
FD_CLR(proc->fd, &rfds_all); /* Spurious warning from
1108
-Wconversion */
1196
-Wconversion in GNU libc
1197
before 2.16 */
1198
#if defined (__GNUC__) and defined (__GLIBC__)
1199
#if not __GLIBC_PREREQ(2, 16)
1200
#pragma GCC diagnostic pop
1201
#endif
1202
#endif
1109
1203
1110
1204
/* Block signal while modifying process_list */
1111
1205
ret = (int)TEMP_FAILURE_RETRY(sigprocmask
1151
1245
}
1152
1246
1153
1247
/* This process has not completed. Does it have any output? */
1248
#if defined (__GNUC__) and defined (__GLIBC__)
1249
#if not __GLIBC_PREREQ(2, 16)
1250
#pragma GCC diagnostic push
1251
#pragma GCC diagnostic ignored "-Wsign-conversion"
1252
#endif
1253
#endif
1154
1254
if(proc->eof or not FD_ISSET(proc->fd, &rfds)){ /* Spurious
1155
1255
warning from
1156
-Wconversion */
1256
-Wconversion
1257
in GNU libc
1258
before
1259
2.16 */
1260
#if defined (__GNUC__) and defined (__GLIBC__)
1261
#if not __GLIBC_PREREQ(2, 16)
1262
#pragma GCC diagnostic pop
1263
#endif
1264
#endif
1157
1265
/* This process had nothing to say at this time */
1158
1266
proc = proc->next;
1159
1267
continue;
1160
1268
}
1161
1269
/* Before reading, make the process' data buffer large enough */
1162
1270
if(proc->buffer_length + BUFFER_SIZE > proc->buffer_size){
1163
proc->buffer = realloc(proc->buffer, proc->buffer_size
1164
+ (size_t) BUFFER_SIZE);
1165
if(proc->buffer == NULL){
1271
char *new_buffer = realloc(proc->buffer, proc->buffer_size
1272
+ (size_t) BUFFER_SIZE);
1273
if(new_buffer == NULL){
1166
1274
error(0, errno, "malloc");
1167
1275
exitstatus = EX_OSERR;
1168
1276
goto fallback;
1169
1277
}
1278
proc->buffer = new_buffer;
1170
1279
proc->buffer_size += BUFFER_SIZE;
1171
1280
}
1172
1281
/* Read from the process */
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0