/mandos/trunk : revision 741

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugin-runner.c

Committer: Teddy Hogeborn
Date: 2015-01-25 00:02:51 UTC
Revision ID: teddy@recompile.se-20150125000251-j2bw50gfq9smqyxe

mandos.xml (SEE ALSO): Update links.

Update link to GnuPG home page, change reference from TLS 1.1 to TLS
1.2, and change to latest RFC for using OpenPGP keys with TLS (and use
its correct title).

files added:
initramfs-tools-hook-conf

files removed:
bugs.xml

debian/mandos-client.templates

debian/mandos.templates

debian/po/POTFILES.in

debian/po/de.po

debian/po/en_US.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/sv.po

debian/po/templates.pot

debian/source/lintian-overrides

debian/tests

debian/tests/control

debian/upstream/metadata

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-script-stop

mandos-to-cryptroot-unlock

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

sysusers.d-mandos.conf

tmpfiles.d-mandos.conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d/bridge

network-hooks.d/openvpn

network-hooks.d/wireless

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

plugin-runner.c

* Mandos plugin runner - Run Mandos plugins

* This file is part of Mandos.

* Mandos is free software: you can redistribute it and/or modify it

* under the terms of the GNU General Public License as published by

* the Free Software Foundation, either version 3 of the License, or

* (at your option) any later version.

* Mandos is distributed in the hope that it will be useful, but

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with Mandos. If not, see <http://www.gnu.org/licenses/>.

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@recompile.se>.

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), getline(),

O_CLOEXEC, pipe2() */

#include <stddef.h> /* size_t, NULL */

#include <stdlib.h> /* malloc(), reallocarray(), realloc(),

EXIT_SUCCESS, exit() */

#include <stdlib.h> /* malloc(), exit(), EXIT_SUCCESS,

realloc() */

#include <stdbool.h> /* bool, true, false */

#include <stdio.h> /* fileno(), fprintf(),

stderr, STDOUT_FILENO, fclose() */

#include <sys/select.h> /* fd_set, select(), FD_ZERO(),

FD_SET(), FD_ISSET(), FD_CLR */

#include <sys/wait.h> /* wait(), waitpid(), WIFEXITED(),

WEXITSTATUS(), WTERMSIG() */

WEXITSTATUS(), WTERMSIG(),

WCOREDUMP() */

#include <sys/stat.h> /* struct stat, fstat(), S_ISREG() */

#include <iso646.h> /* and, or, not */

#include <dirent.h> /* struct dirent, scandirat() */

struct stat, fstat(), close(),

setgid(), setuid(), S_ISREG(),

faccessat() pipe2(), fork(),

_exit(), dup2(), fexecve(), read(),

lstat(), symlink() */

_exit(), dup2(), fexecve(), read()

#include <fcntl.h> /* fcntl(), F_GETFD, F_SETFD,

FD_CLOEXEC, openat(), scandirat(),

pipe2() */

#define BUFFER_SIZE 256

#define PDIR "/lib/mandos/plugins.d"

#define PHDIR "/lib/mandos/plugin-helpers"

#define AFILE "/conf/conf.d/mandos/plugin-runner.conf"

const char *argp_program_version = "plugin-runner " VERSION;

179

178

/* Resize the pointed-to array to hold one more pointer */

180

179

char **new_array = NULL;

181

180

do {

182

#if defined(__GLIBC_PREREQ) and __GLIBC_PREREQ(2, 26)

183

new_array = reallocarray(*array, (size_t)((*len) + 2),

184

sizeof(char *));

185

#else

186

if(((size_t)((*len) + 2)) > (SIZE_MAX / sizeof(char *))){

187

/* overflow */

188

new_array = NULL;

189

errno = ENOMEM;

190

} else {

191

new_array = realloc(*array, (size_t)((*len) + 2)

192

* sizeof(char *));

193

}

194

#endif

181

new_array = realloc(*array, sizeof(char *)

182

* (size_t) ((*len) + 2));

195

183

} while(new_array == NULL and errno == EINTR);

196

184

/* Malloc check */

197

185

if(new_array == NULL){

324

312

__attribute__((nonnull))

325

313

static void free_plugin(plugin *plugin_node){

326

314

327

for(char **arg = (plugin_node->argv)+1; *arg != NULL; arg++){

315

for(char **arg = plugin_node->argv; *arg != NULL; arg++){

328

316

free(*arg);

329

317

}

330

free(plugin_node->name);

331

318

free(plugin_node->argv);

332

319

for(char **env = plugin_node->environ; *env != NULL; env++){

333

320

free(*env);

360

347

361

348

int main(int argc, char *argv[]){

362

349

char *plugindir = NULL;

363

char *pluginhelperdir = NULL;

364

350

char *argfile = NULL;

365

351

FILE *conffp;

366

352

struct dirent **direntries = NULL;

428

414

.doc = "Group ID the plugins will run as", .group = 3 },

429

415

{ .name = "debug", .key = 132,

430

416

.doc = "Debug mode", .group = 4 },

431

{ .name = "plugin-helper-dir", .key = 133,

432

.arg = "DIRECTORY",

433

.doc = "Specify a different plugin helper directory",

434

.group = 2 },

435

417

436

418

* These reproduce what we would get without ARGP_NO_HELP

437

419

563

545

case 132: /* --debug */

564

546

debug = true;

565

547

break;

566

case 133: /* --plugin-helper-dir */

567

free(pluginhelperdir);

568

pluginhelperdir = strdup(arg);

569

if(pluginhelperdir != NULL){

570

errno = 0;

571

}

572

break;

573

548

574

549

* These reproduce what we would get without ARGP_NO_HELP

575

550

576

551

case '?': /* --help */

577

552

state->flags &= ~(unsigned int)ARGP_NO_EXIT; /* force exit */

578

553

argp_state_help(state, state->out_stream, ARGP_HELP_STD_HELP);

579

__builtin_unreachable();

580

554

case -3: /* --usage */

581

555

state->flags &= ~(unsigned int)ARGP_NO_EXIT; /* force exit */

582

556

argp_state_help(state, state->out_stream,

583

557

ARGP_HELP_USAGE | ARGP_HELP_EXIT_OK);

584

__builtin_unreachable();

585

558

case 'V': /* --version */

586

559

fprintf(state->out_stream, "%s\n", argp_program_version);

587

560

exit(EXIT_SUCCESS);

597

570

if(arg[0] == '\0'){

598

571

break;

599

572

}

600

#if __GNUC__ >= 7

601

__attribute__((fallthrough));

602

#else

603

/* FALLTHROUGH */

604

#endif

605

573

default:

606

574

return ARGP_ERR_UNKNOWN;

607

575

}

633

601

case 130: /* --userid */

634

602

case 131: /* --groupid */

635

603

case 132: /* --debug */

636

case 133: /* --plugin-helper-dir */

637

604

case '?': /* --help */

638

605

case -3: /* --usage */

639

606

case 'V': /* --version */

719

686

720

687

custom_argc += 1;

721

688

{

722

#if defined(__GLIBC_PREREQ) and __GLIBC_PREREQ(2, 26)

723

char **new_argv = reallocarray(custom_argv, (size_t)custom_argc + 1,

724

sizeof(char *));

725

#else

726

char **new_argv = NULL;

727

if(((size_t)custom_argc + 1) > (SIZE_MAX / sizeof(char *))){

728

/* overflow */

729

errno = ENOMEM;

730

} else {

731

new_argv = realloc(custom_argv, ((size_t)custom_argc + 1)

732

* sizeof(char *));

733

}

734

#endif

689

char **new_argv = realloc(custom_argv, sizeof(char *)

690

* ((unsigned int)

691

custom_argc + 1));

735

692

if(new_argv == NULL){

736

error(0, errno, "reallocarray");

693

error(0, errno, "realloc");

737

694

exitstatus = EX_OSERR;

738

695

free(new_arg);

739

696

free(org_line);

804

761

goto fallback;

805

762

}

806

763

807

{

808

char *pluginhelperenv;

809

bool bret = true;

810

ret = asprintf(&pluginhelperenv, "MANDOSPLUGINHELPERDIR=%s",

811

pluginhelperdir != NULL ? pluginhelperdir : PHDIR);

812

if(ret != -1){

813

bret = add_environment(getplugin(NULL), pluginhelperenv, true);

814

}

815

if(ret == -1 or not bret){

816

error(0, errno, "Failed to set MANDOSPLUGINHELPERDIR"

817

" environment variable to \"%s\" for all plugins\n",

818

pluginhelperdir != NULL ? pluginhelperdir : PHDIR);

819

}

820

if(ret != -1){

821

free(pluginhelperenv);

822

}

823

}

824

825

764

if(debug){

826

for(plugin *p = plugin_list; p != NULL; p = p->next){

765

for(plugin *p = plugin_list; p != NULL; p=p->next){

827

766

fprintf(stderr, "Plugin: %s has %d arguments\n",

828

767

p->name ? p->name : "Global", p->argc - 1);

829

768

for(char **a = p->argv; *a != NULL; a++){

838

777

839

778

if(getuid() == 0){

840

779

/* Work around Debian bug #633582:

841

<https://bugs.debian.org/633582> */

780

<http://bugs.debian.org/633582> */

842

781

int plugindir_fd = open(/* plugindir or */ PDIR, O_RDONLY);

843

782

if(plugindir_fd == -1){

844

783

if(errno != ENOENT){

856

795

}

857

796

}

858

797

}

859

close(plugindir_fd);

860

}

861

862

/* Work around Debian bug #981302

863

<https://bugs.debian.org/981302> */

864

if(lstat("/dev/fd", &st) != 0 and errno == ENOENT){

865

ret = symlink("/proc/self/fd", "/dev/fd");

866

if(ret == -1){

867

error(0, errno, "Failed to create /dev/fd symlink");

868

}

798

TEMP_FAILURE_RETRY(close(plugindir_fd));

869

799

}

870

800

}

871

801

930

860

return 1;

931

861

}

932

862

863

#ifdef __GLIBC__

864

#if __GLIBC_PREREQ(2, 15)

933

865

int numplugins = scandirat(dir_fd, ".", &direntries, good_name,

934

866

alphasort);

867

#else /* not __GLIBC_PREREQ(2, 15) */

868

int numplugins = scandir(plugindir != NULL ? plugindir : PDIR,

869

&direntries, good_name, alphasort);

870

#endif /* not __GLIBC_PREREQ(2, 15) */

871

#else /* not __GLIBC__ */

872

int numplugins = scandir(plugindir != NULL ? plugindir : PDIR,

873

&direntries, good_name, alphasort);

874

#endif /* not __GLIBC__ */

935

875

if(numplugins == -1){

936

876

error(0, errno, "Could not scan plugin dir");

937

877

direntries = NULL;

953

893

ret = (int)TEMP_FAILURE_RETRY(fstat(plugin_fd, &st));

954

894

if(ret == -1){

955

895

error(0, errno, "stat");

956

close(plugin_fd);

896

TEMP_FAILURE_RETRY(close(plugin_fd));

957

897

free(direntries[i]);

958

898

continue;

959

899

}

968

908

plugindir != NULL ? plugindir : PDIR,

969

909

direntries[i]->d_name);

970

910

}

971

close(plugin_fd);

911

TEMP_FAILURE_RETRY(close(plugin_fd));

972

912

free(direntries[i]);

973

913

continue;

974

914

}

976

916

plugin *p = getplugin(direntries[i]->d_name);

977

917

if(p == NULL){

978

918

error(0, errno, "getplugin");

979

close(plugin_fd);

919

TEMP_FAILURE_RETRY(close(plugin_fd));

980

920

free(direntries[i]);

981

921

continue;

982

922

}

985

925

fprintf(stderr, "Ignoring disabled plugin \"%s\"\n",

986

926

direntries[i]->d_name);

987

927

}

988

close(plugin_fd);

928

TEMP_FAILURE_RETRY(close(plugin_fd));

989

929

free(direntries[i]);

990

930

continue;

991

931

}

1031

971

if(pipefd[0] >= FD_SETSIZE){

1032

972

fprintf(stderr, "pipe()[0] (%d) >= FD_SETSIZE (%d)", pipefd[0],

1033

973

FD_SETSIZE);

1034

close(pipefd[0]);

1035

close(pipefd[1]);

974

TEMP_FAILURE_RETRY(close(pipefd[0]));

975

TEMP_FAILURE_RETRY(close(pipefd[1]));

1036

976

exitstatus = EX_OSERR;

1037

977

free(direntries[i]);

1038

978

goto fallback;

1042

982

ret = set_cloexec_flag(pipefd[0]);

1043

983

if(ret < 0){

1044

984

error(0, errno, "set_cloexec_flag");

1045

close(pipefd[0]);

1046

close(pipefd[1]);

985

TEMP_FAILURE_RETRY(close(pipefd[0]));

986

TEMP_FAILURE_RETRY(close(pipefd[1]));

1047

987

exitstatus = EX_OSERR;

1048

988

free(direntries[i]);

1049

989

goto fallback;

1051

991

ret = set_cloexec_flag(pipefd[1]);

1052

992

if(ret < 0){

1053

993

error(0, errno, "set_cloexec_flag");

1054

close(pipefd[0]);

1055

close(pipefd[1]);

994

TEMP_FAILURE_RETRY(close(pipefd[0]));

995

TEMP_FAILURE_RETRY(close(pipefd[1]));

1056

996

exitstatus = EX_OSERR;

1057

997

free(direntries[i]);

1058

998

goto fallback;

1077

1017

error(0, errno, "fork");

1078

1018

TEMP_FAILURE_RETRY(sigprocmask(SIG_UNBLOCK,

1079

1019

&sigchld_action.sa_mask, NULL));

1080

close(pipefd[0]);

1081

close(pipefd[1]);

1020

TEMP_FAILURE_RETRY(close(pipefd[0]));

1021

TEMP_FAILURE_RETRY(close(pipefd[1]));

1082

1022

exitstatus = EX_OSERR;

1083

1023

free(direntries[i]);

1084

1024

goto fallback;

1112

1052

/* no return */

1113

1053

}

1114

1054

/* Parent process */

1115

close(pipefd[1]); /* Close unused write end of pipe */

1116

close(plugin_fd);

1055

TEMP_FAILURE_RETRY(close(pipefd[1])); /* Close unused write end of

1056

pipe */

1057

TEMP_FAILURE_RETRY(close(plugin_fd));

1117

1058

plugin *new_plugin = getplugin(direntries[i]->d_name);

1118

1059

if(new_plugin == NULL){

1119

1060

error(0, errno, "getplugin");

1131

1072

1132

1073

new_plugin->pid = pid;

1133

1074

new_plugin->fd = pipefd[0];

1134

1135

if(debug){

1136

fprintf(stderr, "Plugin %s started (PID %" PRIdMAX ")\n",

1137

new_plugin->name, (intmax_t) (new_plugin->pid));

1138

}

1139

1075

1140

1076

/* Unblock SIGCHLD so signal handler can be run if this process

1141

1077

has already completed */

1142

1078

ret = (int)TEMP_FAILURE_RETRY(sigprocmask(SIG_UNBLOCK,

1148

1084

goto fallback;

1149

1085

}

1150

1086

1151

FD_SET(new_plugin->fd, &rfds_all);

1087

#if defined (__GNUC__) and defined (__GLIBC__)

1088

#if not __GLIBC_PREREQ(2, 16)

1089

#pragma GCC diagnostic push

1090

#pragma GCC diagnostic ignored "-Wsign-conversion"

1091

#endif

1092

#endif

1093

FD_SET(new_plugin->fd, &rfds_all); /* Spurious warning from

1094

-Wconversion in GNU libc

1095

before 2.16 */

1096

#if defined (__GNUC__) and defined (__GLIBC__)

1097

#if not __GLIBC_PREREQ(2, 16)

1098

#pragma GCC diagnostic pop

1099

#endif

1100

#endif

1152

1101

1153

1102

if(maxfd < new_plugin->fd){

1154

1103

maxfd = new_plugin->fd;

1157

1106

1158

1107

free(direntries);

1159

1108

direntries = NULL;

1160

close(dir_fd);

1109

TEMP_FAILURE_RETRY(close(dir_fd));

1161

1110

dir_fd = -1;

1162

1111

free_plugin(getplugin(NULL));

1163

1112

1203

1152

(intmax_t) (proc->pid),

1204

1153

WTERMSIG(proc->status),

1205

1154

strsignal(WTERMSIG(proc->status)));

1155

} else if(WCOREDUMP(proc->status)){

1156

fprintf(stderr, "Plugin %s [%" PRIdMAX "] dumped"

1157

" core\n", proc->name, (intmax_t) (proc->pid));

1206

1158

}

1207

1159

}

1208

1160

1209

1161

/* Remove the plugin */

1210

FD_CLR(proc->fd, &rfds_all);

1162

#if defined (__GNUC__) and defined (__GLIBC__)

1163

#if not __GLIBC_PREREQ(2, 16)

1164

#pragma GCC diagnostic push

1165

#pragma GCC diagnostic ignored "-Wsign-conversion"

1166

#endif

1167

#endif

1168

FD_CLR(proc->fd, &rfds_all); /* Spurious warning from

1169

-Wconversion in GNU libc

1170

before 2.16 */

1171

#if defined (__GNUC__) and defined (__GLIBC__)

1172

#if not __GLIBC_PREREQ(2, 16)

1173

#pragma GCC diagnostic pop

1174

#endif

1175

#endif

1211

1176

1212

1177

/* Block signal while modifying process_list */

1213

1178

ret = (int)TEMP_FAILURE_RETRY(sigprocmask

1253

1218

}

1254

1219

1255

1220

/* This process has not completed. Does it have any output? */

1256

if(proc->eof or not FD_ISSET(proc->fd, &rfds)){

1221

#if defined (__GNUC__) and defined (__GLIBC__)

1222

#if not __GLIBC_PREREQ(2, 16)

1223

#pragma GCC diagnostic push

1224

#pragma GCC diagnostic ignored "-Wsign-conversion"

1225

#endif

1226

#endif

1227

if(proc->eof or not FD_ISSET(proc->fd, &rfds)){ /* Spurious

1228

warning from

1229

-Wconversion

1230

in GNU libc

1231

before

1232

2.16 */

1233

#if defined (__GNUC__) and defined (__GLIBC__)

1234

#if not __GLIBC_PREREQ(2, 16)

1235

#pragma GCC diagnostic pop

1236

#endif

1237

#endif

1257

1238

/* This process had nothing to say at this time */

1258

1239

proc = proc->next;

1259

1240

continue;

1329

1310

free(direntries);

1330

1311

1331

1312

if(dir_fd != -1){

1332

close(dir_fd);

1313

TEMP_FAILURE_RETRY(close(dir_fd));

1333

1314

}

1334

1315

1335

1316

/* Kill the processes */

1355

1336

free_plugin_list();

1356

1337

1357

1338

free(plugindir);

1358

free(pluginhelperdir);

1359

1339

free(argfile);

1360

1340

1361

1341

return exitstatus;

Older »