/mandos/trunk : revision 951

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugin-runner.c

Committer: Teddy Hogeborn
Date: 2018-08-15 09:26:02 UTC
Revision ID: teddy@recompile.se-20180815092602-xoyb5s6gf8376i7u

http://bugs.debian.org/894495

mandos-client: Set system clock if necessary

* plugins.d/mandos-client.c (init_gpgme/import_key): If the system
  clock is not set, or set to january 1970, set the system clock to
  the more plausible value that is the mtime of the key file.  This is
  required by GnuPG to be able to import the keys.  (We can't pass the
  --ignore-time-conflict or the --ignore-valid-from options though
  GPGME.)

files added:
bugs.xml

plugin-helpers/mandos-client-iprouteadddel.c

tmpfiles.d-mandos.conf

files modified:
DBUS-API

INSTALL

Makefile

NEWS

README

TODO

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d/bridge

network-hooks.d/openvpn

network-hooks.d/wireless

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

plugin-runner.c

* Mandos plugin runner - Run Mandos plugins

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* This file is part of Mandos.

* Mandos is free software: you can redistribute it and/or modify it

* under the terms of the GNU General Public License as published by

* the Free Software Foundation, either version 3 of the License, or

* (at your option) any later version.

* Mandos is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* along with Mandos. If not, see <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@recompile.se>.

#include <sys/select.h> /* fd_set, select(), FD_ZERO(),

FD_SET(), FD_ISSET(), FD_CLR */

#include <sys/wait.h> /* wait(), waitpid(), WIFEXITED(),

WEXITSTATUS(), WTERMSIG(),

WCOREDUMP() */

WEXITSTATUS(), WTERMSIG() */

#include <sys/stat.h> /* struct stat, fstat(), S_ISREG() */

#include <iso646.h> /* and, or, not */

#include <dirent.h> /* struct dirent, scandirat() */

583

if(arg[0] == '\0'){

584

break;

585

}

586

/* FALLTHROUGH */

586

587

default:

587

588

return ARGP_ERR_UNKNOWN;

588

589

}

701

702

custom_argc += 1;

702

703

{

703

704

char **new_argv = realloc(custom_argv, sizeof(char *)

704

* ((unsigned int)

705

custom_argc + 1));

705

* ((size_t)custom_argc + 1));

706

if(new_argv == NULL){

707

error(0, errno, "realloc");

708

exitstatus = EX_OSERR;

794

}

795

796

if(debug){

797

for(plugin *p = plugin_list; p != NULL; p=p->next){

797

for(plugin *p = plugin_list; p != NULL; p = p->next){

798

fprintf(stderr, "Plugin: %s has %d arguments\n",

799

p->name ? p->name : "Global", p->argc - 1);

800

for(char **a = p->argv; *a != NULL; a++){

809

810

if(getuid() == 0){

811

/* Work around Debian bug #633582:

812

<http://bugs.debian.org/633582> */

812

<https://bugs.debian.org/633582> */

813

int plugindir_fd = open(/* plugindir or */ PDIR, O_RDONLY);

814

if(plugindir_fd == -1){

815

if(errno != ENOENT){

827

}

828

}

829

}

830

TEMP_FAILURE_RETRY(close(plugindir_fd));

830

close(plugindir_fd);

831

}

832

}

833

892

return 1;

893

}

894

895

#ifdef __GLIBC__

896

#if __GLIBC_PREREQ(2, 15)

897

895

int numplugins = scandirat(dir_fd, ".", &direntries, good_name,

898

896

alphasort);

899

#else /* not __GLIBC_PREREQ(2, 15) */

900

int numplugins = scandir(plugindir != NULL ? plugindir : PDIR,

901

&direntries, good_name, alphasort);

902

#endif /* not __GLIBC_PREREQ(2, 15) */

903

#else /* not __GLIBC__ */

904

int numplugins = scandir(plugindir != NULL ? plugindir : PDIR,

905

&direntries, good_name, alphasort);

906

#endif /* not __GLIBC__ */

907

897

if(numplugins == -1){

908

898

error(0, errno, "Could not scan plugin dir");

909

899

direntries = NULL;

925

915

ret = (int)TEMP_FAILURE_RETRY(fstat(plugin_fd, &st));

926

916

if(ret == -1){

927

917

error(0, errno, "stat");

928

TEMP_FAILURE_RETRY(close(plugin_fd));

918

close(plugin_fd);

929

919

free(direntries[i]);

930

920

continue;

931

921

}

940

930

plugindir != NULL ? plugindir : PDIR,

941

931

direntries[i]->d_name);

942

932

}

943

TEMP_FAILURE_RETRY(close(plugin_fd));

933

close(plugin_fd);

944

934

free(direntries[i]);

945

935

continue;

946

936

}

948

938

plugin *p = getplugin(direntries[i]->d_name);

949

939

if(p == NULL){

950

940

error(0, errno, "getplugin");

951

TEMP_FAILURE_RETRY(close(plugin_fd));

941

close(plugin_fd);

952

942

free(direntries[i]);

953

943

continue;

954

944

}

957

947

fprintf(stderr, "Ignoring disabled plugin \"%s\"\n",

958

948

direntries[i]->d_name);

959

949

}

960

TEMP_FAILURE_RETRY(close(plugin_fd));

950

close(plugin_fd);

961

951

free(direntries[i]);

962

952

continue;

963

953

}

1003

993

if(pipefd[0] >= FD_SETSIZE){

1004

994

fprintf(stderr, "pipe()[0] (%d) >= FD_SETSIZE (%d)", pipefd[0],

1005

995

FD_SETSIZE);

1006

TEMP_FAILURE_RETRY(close(pipefd[0]));

1007

TEMP_FAILURE_RETRY(close(pipefd[1]));

996

close(pipefd[0]);

997

close(pipefd[1]);

1008

998

exitstatus = EX_OSERR;

1009

999

free(direntries[i]);

1010

1000

goto fallback;

1014

1004

ret = set_cloexec_flag(pipefd[0]);

1015

1005

if(ret < 0){

1016

1006

error(0, errno, "set_cloexec_flag");

1017

TEMP_FAILURE_RETRY(close(pipefd[0]));

1018

TEMP_FAILURE_RETRY(close(pipefd[1]));

1007

close(pipefd[0]);

1008

close(pipefd[1]);

1019

1009

exitstatus = EX_OSERR;

1020

1010

free(direntries[i]);

1021

1011

goto fallback;

1023

1013

ret = set_cloexec_flag(pipefd[1]);

1024

1014

if(ret < 0){

1025

1015

error(0, errno, "set_cloexec_flag");

1026

TEMP_FAILURE_RETRY(close(pipefd[0]));

1027

TEMP_FAILURE_RETRY(close(pipefd[1]));

1016

close(pipefd[0]);

1017

close(pipefd[1]);

1028

1018

exitstatus = EX_OSERR;

1029

1019

free(direntries[i]);

1030

1020

goto fallback;

1049

1039

error(0, errno, "fork");

1050

1040

TEMP_FAILURE_RETRY(sigprocmask(SIG_UNBLOCK,

1051

1041

&sigchld_action.sa_mask, NULL));

1052

TEMP_FAILURE_RETRY(close(pipefd[0]));

1053

TEMP_FAILURE_RETRY(close(pipefd[1]));

1042

close(pipefd[0]);

1043

close(pipefd[1]);

1054

1044

exitstatus = EX_OSERR;

1055

1045

free(direntries[i]);

1056

1046

goto fallback;

1084

1074

/* no return */

1085

1075

}

1086

1076

/* Parent process */

1087

TEMP_FAILURE_RETRY(close(pipefd[1])); /* Close unused write end of

1088

pipe */

1089

TEMP_FAILURE_RETRY(close(plugin_fd));

1077

close(pipefd[1]); /* Close unused write end of pipe */

1078

close(plugin_fd);

1090

1079

plugin *new_plugin = getplugin(direntries[i]->d_name);

1091

1080

if(new_plugin == NULL){

1092

1081

error(0, errno, "getplugin");

1116

1105

goto fallback;

1117

1106

}

1118

1107

1119

#if defined (__GNUC__) and defined (__GLIBC__)

1120

#if not __GLIBC_PREREQ(2, 16)

1121

#pragma GCC diagnostic push

1122

#pragma GCC diagnostic ignored "-Wsign-conversion"

1123

#endif

1124

#endif

1125

FD_SET(new_plugin->fd, &rfds_all); /* Spurious warning from

1126

-Wconversion in GNU libc

1127

before 2.16 */

1128

#if defined (__GNUC__) and defined (__GLIBC__)

1129

#if not __GLIBC_PREREQ(2, 16)

1130

#pragma GCC diagnostic pop

1131

#endif

1132

#endif

1108

FD_SET(new_plugin->fd, &rfds_all);

1133

1109

1134

1110

if(maxfd < new_plugin->fd){

1135

1111

maxfd = new_plugin->fd;

1138

1114

1139

1115

free(direntries);

1140

1116

direntries = NULL;

1141

TEMP_FAILURE_RETRY(close(dir_fd));

1117

close(dir_fd);

1142

1118

dir_fd = -1;

1143

1119

free_plugin(getplugin(NULL));

1144

1120

1184

1160

(intmax_t) (proc->pid),

1185

1161

WTERMSIG(proc->status),

1186

1162

strsignal(WTERMSIG(proc->status)));

1187

} else if(WCOREDUMP(proc->status)){

1188

fprintf(stderr, "Plugin %s [%" PRIdMAX "] dumped"

1189

" core\n", proc->name, (intmax_t) (proc->pid));

1190

1163

}

1191

1164

}

1192

1165

1193

1166

/* Remove the plugin */

1194

#if defined (__GNUC__) and defined (__GLIBC__)

1195

#if not __GLIBC_PREREQ(2, 16)

1196

#pragma GCC diagnostic push

1197

#pragma GCC diagnostic ignored "-Wsign-conversion"

1198

#endif

1199

#endif

1200

FD_CLR(proc->fd, &rfds_all); /* Spurious warning from

1201

-Wconversion in GNU libc

1202

before 2.16 */

1203

#if defined (__GNUC__) and defined (__GLIBC__)

1204

#if not __GLIBC_PREREQ(2, 16)

1205

#pragma GCC diagnostic pop

1206

#endif

1207

#endif

1167

FD_CLR(proc->fd, &rfds_all);

1208

1168

1209

1169

/* Block signal while modifying process_list */

1210

1170

ret = (int)TEMP_FAILURE_RETRY(sigprocmask

1250

1210

}

1251

1211

1252

1212

/* This process has not completed. Does it have any output? */

1253

#if defined (__GNUC__) and defined (__GLIBC__)

1254

#if not __GLIBC_PREREQ(2, 16)

1255

#pragma GCC diagnostic push

1256

#pragma GCC diagnostic ignored "-Wsign-conversion"

1257

#endif

1258

#endif

1259

if(proc->eof or not FD_ISSET(proc->fd, &rfds)){ /* Spurious

1260

warning from

1261

-Wconversion

1262

in GNU libc

1263

before

1264

2.16 */

1265

#if defined (__GNUC__) and defined (__GLIBC__)

1266

#if not __GLIBC_PREREQ(2, 16)

1267

#pragma GCC diagnostic pop

1268

#endif

1269

#endif

1213

if(proc->eof or not FD_ISSET(proc->fd, &rfds)){

1270

1214

/* This process had nothing to say at this time */

1271

1215

proc = proc->next;

1272

1216

continue;

1342

1286

free(direntries);

1343

1287

1344

1288

if(dir_fd != -1){

1345

TEMP_FAILURE_RETRY(close(dir_fd));

1289

close(dir_fd);

1346

1290

}

1347

1291

1348

1292

/* Kill the processes */

Older »