To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugin-runner.c
- browse files at revision 962
- compare with another revision
- download diff
- download tarball
- view history from revision 962
- Committer: Teddy Hogeborn
- Date: 2019-02-09 23:23:26 UTC
- Revision ID: teddy@recompile.se-20190209232326-z1z2kzpgfixz7iaj
Add support for using raw public keys in TLS (RFC 7250)
Since GnuTLS removed support for OpenPGP keys in TLS (RFC 6091), and
no other library supports it, we have to change the protocol to use
something else. We choose to use "raw public keys" (RFC 7250). Since
we still use OpenPGP keys to decrypt the secret password, this means
that each client will have two keys: One OpenPGP key and one TLS
public/private key, and the key ID of the latter key is used to
identify clients instead of the fingerprint of the OpenPGP key.
Note that this code is still compatible with GnuTLS before version
3.6.0 (when OpenPGP key support was removed). This commit merely adds
support for using raw pulic keys instead with GnuTLS 3.6.6. or later.
* DBUS-API (Signals/ClientNotFound): Change name of first parameter
from "Fingerprint" to "KeyID".
(Mandos Client Interface/Properties/KeyID): New.
* INSTALL: Document conflict with GnuTLS 3.6.0 (which removed OpenPGP
key support) up until 3.6.6, when support for raw public
keys was added. Also document new dependency of client on
"gnutls-bin" package (for certtool).
* Makefile (run-client): Depend on TLS key files, and also pass them
as arguments to client.
(keydir/tls-privkey.pem, keydir/tls-pubkey.pem): New.
(confdir/clients.conf): Add dependency on TLS public key.
(purge-client): Add removal of TLS key files.
* clients.conf ([foo]/key_id, [bar]/key_id): New.
* debian/control (Source: mandos/Build-Depends): Also allow
libgnutls30 (>= 3.6.6)
(Package: mandos/Depends): - '' -
(Package: mandos/Description): Alter description to match new
design.
(Package: mandos-client/Description): - '' -
(Package: mandos-client/Depends): Move "gnutls-bin | openssl" to
here from "Recommends".
* debian/mandos-client.README.Debian: Add --tls-privkey and
--tls-pubkey options to test
command.
* debian/mandos-client.postinst (create_key): Renamed to "create_keys"
(all callers changed),
and also create TLS key.
* debian/mandos-client.postrm (purge): Also remove TLS key files.
* intro.xml (DESCRIPTION): Describe new dual-key design.
* mandos (GnuTLS): Define different functions depending on whether
support for raw public keys is detected.
(Client.key_id): New attribute.
(ClientDBus.KeyID_dbus_property): New method.
(ProxyClient.__init__): Take new "key_id" parameter.
(ClientHandler.handle): Use key IDs when using raw public keys and
use fingerprints when using OpenPGP keys.
(ClientHandler.peer_certificate): Also handle raw public keys.
(ClientHandler.key_id): New.
(MandosServer.handle_ipc): Pass key ID over the pipe IPC. Also
check for key ID matches when looking up
clients.
(main): Default GnuTLS priority string depends on whether we are
using raw public keys or not. When unpickling clients, set
key_id if not set in the pickle.
(main/MandosDBusService.ClientNotFound): Change name of first
parameter from
"Fingerprint" to "KeyID".
* mandos-clients.conf.xml (OPTIONS): Document new "key_id" option.
(OPTIONS/secret): Mention new key ID matchning.
(EXPANSION/RUNTIME EXPANSION): Add new "key_id" option.
(EXAMPLE): - '' -
* mandos-ctl (tablewords, main/keywords): Add new "KeyID" property.
* mandos-keygen: Create TLS key files. New "--tls-keytype" (-T)
option. Alter help text to be more clear about key
types. When in password mode, also output "key_id"
option.
* mandos-keygen.xml (SYNOPSIS): Add new "--tls-keytype" (-T) option.
(DESCRIPTION): Alter to match new dual-key design.
(OVERVIEW): - '' -
(FILES): Add TLS key files.
* mandos-options.xml (priority): Document new default priority string
when using raw public keys.
* mandos.xml (NETWORK PROTOCOL): Describe new protocol using key ID.
(BUGS): Remove issue about checking expire times of OpenPGP keys,
since TLS public keys do not have expiration times.
(SECURITY/CLIENT): Alter description to match new design.
(SEE ALSO/GnuTLS): - '' -
(SEE ALSO): Add reference to RFC 7250, and alter description of when
RFC 6091 is used.
* overview.xml: Alter text to match new design.
* plugin-runner.xml (EXAMPLE): Add --tls-pubkey and --tls-privkey
options to mandos-client options.
* plugins.d/mandos-client.c: Use raw public keys when compiling with
supporting GnuTLS versions. Add new
"--tls-pubkey" and "--tls-privkey"
options (which do nothing if GnuTLS
library does not support raw public
keys). Alter text throughout to reflect
new design. Only generate new DH
parameters (based on size of OpenPGP key)
when using OpenPGP in TLS. Default
GnuTLS priority string depends on whether
we are using raw public keys or not.
* plugins.d/mandos-client.xml (SYNOPSIS): Add new "--tls-privkey" (-t)
and "--tls-pubkey" (-T)
options.
(DESCRIPTION): Describe new dual-key design.
(OPTIONS): Document new "--tls-privkey" (-t) and "--tls-pubkey" (-T)
options.
(OPTIONS/--dh-bits): No longer necessarily depends on OpenPGP key
size.
(FILES): Add default locations for TLS public and private key files.
(EXAMPLE): Use new --tls-pubkey and --tls-privkey options.
(SECURITY): Alter wording slightly to reflect new dual-key design.
(SEE ALSO/GnuTLS): Alter description to match new design.
(SEE ALSO): Add reference to RFC 7250, and alter description of when
RFC 6091 is used.
Since GnuTLS removed support for OpenPGP keys in TLS (RFC 6091), and
no other library supports it, we have to change the protocol to use
something else. We choose to use "raw public keys" (RFC 7250). Since
we still use OpenPGP keys to decrypt the secret password, this means
that each client will have two keys: One OpenPGP key and one TLS
public/private key, and the key ID of the latter key is used to
identify clients instead of the fingerprint of the OpenPGP key.
Note that this code is still compatible with GnuTLS before version
3.6.0 (when OpenPGP key support was removed). This commit merely adds
support for using raw pulic keys instead with GnuTLS 3.6.6. or later.
* DBUS-API (Signals/ClientNotFound): Change name of first parameter
from "Fingerprint" to "KeyID".
(Mandos Client Interface/Properties/KeyID): New.
* INSTALL: Document conflict with GnuTLS 3.6.0 (which removed OpenPGP
key support) up until 3.6.6, when support for raw public
keys was added. Also document new dependency of client on
"gnutls-bin" package (for certtool).
* Makefile (run-client): Depend on TLS key files, and also pass them
as arguments to client.
(keydir/tls-privkey.pem, keydir/tls-pubkey.pem): New.
(confdir/clients.conf): Add dependency on TLS public key.
(purge-client): Add removal of TLS key files.
* clients.conf ([foo]/key_id, [bar]/key_id): New.
* debian/control (Source: mandos/Build-Depends): Also allow
libgnutls30 (>= 3.6.6)
(Package: mandos/Depends): - '' -
(Package: mandos/Description): Alter description to match new
design.
(Package: mandos-client/Description): - '' -
(Package: mandos-client/Depends): Move "gnutls-bin | openssl" to
here from "Recommends".
* debian/mandos-client.README.Debian: Add --tls-privkey and
--tls-pubkey options to test
command.
* debian/mandos-client.postinst (create_key): Renamed to "create_keys"
(all callers changed),
and also create TLS key.
* debian/mandos-client.postrm (purge): Also remove TLS key files.
* intro.xml (DESCRIPTION): Describe new dual-key design.
* mandos (GnuTLS): Define different functions depending on whether
support for raw public keys is detected.
(Client.key_id): New attribute.
(ClientDBus.KeyID_dbus_property): New method.
(ProxyClient.__init__): Take new "key_id" parameter.
(ClientHandler.handle): Use key IDs when using raw public keys and
use fingerprints when using OpenPGP keys.
(ClientHandler.peer_certificate): Also handle raw public keys.
(ClientHandler.key_id): New.
(MandosServer.handle_ipc): Pass key ID over the pipe IPC. Also
check for key ID matches when looking up
clients.
(main): Default GnuTLS priority string depends on whether we are
using raw public keys or not. When unpickling clients, set
key_id if not set in the pickle.
(main/MandosDBusService.ClientNotFound): Change name of first
parameter from
"Fingerprint" to "KeyID".
* mandos-clients.conf.xml (OPTIONS): Document new "key_id" option.
(OPTIONS/secret): Mention new key ID matchning.
(EXPANSION/RUNTIME EXPANSION): Add new "key_id" option.
(EXAMPLE): - '' -
* mandos-ctl (tablewords, main/keywords): Add new "KeyID" property.
* mandos-keygen: Create TLS key files. New "--tls-keytype" (-T)
option. Alter help text to be more clear about key
types. When in password mode, also output "key_id"
option.
* mandos-keygen.xml (SYNOPSIS): Add new "--tls-keytype" (-T) option.
(DESCRIPTION): Alter to match new dual-key design.
(OVERVIEW): - '' -
(FILES): Add TLS key files.
* mandos-options.xml (priority): Document new default priority string
when using raw public keys.
* mandos.xml (NETWORK PROTOCOL): Describe new protocol using key ID.
(BUGS): Remove issue about checking expire times of OpenPGP keys,
since TLS public keys do not have expiration times.
(SECURITY/CLIENT): Alter description to match new design.
(SEE ALSO/GnuTLS): - '' -
(SEE ALSO): Add reference to RFC 7250, and alter description of when
RFC 6091 is used.
* overview.xml: Alter text to match new design.
* plugin-runner.xml (EXAMPLE): Add --tls-pubkey and --tls-privkey
options to mandos-client options.
* plugins.d/mandos-client.c: Use raw public keys when compiling with
supporting GnuTLS versions. Add new
"--tls-pubkey" and "--tls-privkey"
options (which do nothing if GnuTLS
library does not support raw public
keys). Alter text throughout to reflect
new design. Only generate new DH
parameters (based on size of OpenPGP key)
when using OpenPGP in TLS. Default
GnuTLS priority string depends on whether
we are using raw public keys or not.
* plugins.d/mandos-client.xml (SYNOPSIS): Add new "--tls-privkey" (-t)
and "--tls-pubkey" (-T)
options.
(DESCRIPTION): Describe new dual-key design.
(OPTIONS): Document new "--tls-privkey" (-t) and "--tls-pubkey" (-T)
options.
(OPTIONS/--dh-bits): No longer necessarily depends on OpenPGP key
size.
(FILES): Add default locations for TLS public and private key files.
(EXAMPLE): Use new --tls-pubkey and --tls-privkey options.
(SECURITY): Alter wording slightly to reflect new dual-key design.
(SEE ALSO/GnuTLS): Alter description to match new design.
(SEE ALSO): Add reference to RFC 7250, and alter description of when
RFC 6091 is used.
- files added:
- .bzr-builddeb
- debian
- debian/po
- debian/source
- debian/upstream
- network-hooks.d
- plugin-helpers
- files removed:
- initramfs-tools-hook-conf
- files renamed:
- plugins.d/password-request.c => plugins.d/mandos-client.c
- plugins.d/password-request.xml => plugins.d/mandos-client.xml
- files modified:
- .bzrignore
added
removed
plugin-runner.c
1
/* -*- coding: utf-8 -*- */
1
/* -*- coding: utf-8; mode: c; mode: orgtbl -*- */
2
2
/*
3
3
* Mandos plugin runner - Run Mandos plugins
4
4
*
5
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
6
*
7
* This program is free software: you can redistribute it and/or
8
* modify it under the terms of the GNU General Public License as
9
* published by the Free Software Foundation, either version 3 of the
10
* License, or (at your option) any later version.
11
*
12
* This program is distributed in the hope that it will be useful, but
5
* Copyright © 2008-2018 Teddy Hogeborn
6
* Copyright © 2008-2018 Björn Påhlsson
7
*
8
* This file is part of Mandos.
9
*
10
* Mandos is free software: you can redistribute it and/or modify it
11
* under the terms of the GNU General Public License as published by
12
* the Free Software Foundation, either version 3 of the License, or
13
* (at your option) any later version.
14
*
15
* Mandos is distributed in the hope that it will be useful, but
13
16
* WITHOUT ANY WARRANTY; without even the implied warranty of
14
17
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15
18
* General Public License for more details.
16
19
*
17
20
* You should have received a copy of the GNU General Public License
18
* along with this program. If not, see
19
* <http://www.gnu.org/licenses/>.
21
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
20
22
*
21
* Contact the authors at <mandos@fukt.bsnet.se>.
23
* Contact the authors at <mandos@recompile.se>.
22
24
*/
23
25
24
26
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), getline(),
25
asprintf() */
27
O_CLOEXEC, pipe2() */
26
28
#include <stddef.h> /* size_t, NULL */
27
#include <stdlib.h> /* malloc(), exit(), EXIT_FAILURE,
28
EXIT_SUCCESS, realloc() */
29
#include <stdlib.h> /* malloc(), exit(), EXIT_SUCCESS,
30
realloc() */
29
31
#include <stdbool.h> /* bool, true, false */
30
#include <stdio.h> /* perror, popen(), fileno(),
31
fprintf(), stderr, STDOUT_FILENO */
32
#include <sys/types.h> /* DIR, opendir(), stat(), struct
33
stat, waitpid(), WIFEXITED(),
34
WEXITSTATUS(), wait(), pid_t,
35
uid_t, gid_t, getuid(), getgid(),
36
dirfd() */
32
#include <stdio.h> /* fileno(), fprintf(),
33
stderr, STDOUT_FILENO, fclose() */
34
#include <sys/types.h> /* fstat(), struct stat, waitpid(),
35
WIFEXITED(), WEXITSTATUS(), wait(),
36
pid_t, uid_t, gid_t, getuid(),
37
getgid() */
37
38
#include <sys/select.h> /* fd_set, select(), FD_ZERO(),
38
39
FD_SET(), FD_ISSET(), FD_CLR */
39
40
#include <sys/wait.h> /* wait(), waitpid(), WIFEXITED(),
40
WEXITSTATUS() */
41
#include <sys/stat.h> /* struct stat, stat(), S_ISREG() */
41
WEXITSTATUS(), WTERMSIG() */
42
#include <sys/stat.h> /* struct stat, fstat(), S_ISREG() */
42
43
#include <iso646.h> /* and, or, not */
43
#include <dirent.h> /* DIR, struct dirent, opendir(),
44
readdir(), closedir(), dirfd() */
45
#include <unistd.h> /* struct stat, stat(), S_ISREG(),
46
fcntl(), setuid(), setgid(),
47
F_GETFD, F_SETFD, FD_CLOEXEC,
48
access(), pipe(), fork(), close()
49
dup2, STDOUT_FILENO, _exit(),
50
execv(), write(), read(),
51
close() */
44
#include <dirent.h> /* struct dirent, scandirat() */
45
#include <unistd.h> /* fcntl(), F_GETFD, F_SETFD,
46
FD_CLOEXEC, write(), STDOUT_FILENO,
47
struct stat, fstat(), close(),
48
setgid(), setuid(), S_ISREG(),
49
faccessat() pipe2(), fork(),
50
_exit(), dup2(), fexecve(), read()
51
*/
52
52
#include <fcntl.h> /* fcntl(), F_GETFD, F_SETFD,
53
FD_CLOEXEC */
54
#include <string.h> /* strsep, strlen(), asprintf() */
53
FD_CLOEXEC, openat(), scandirat(),
54
pipe2() */
55
#include <string.h> /* strsep, strlen(), strsignal(),
56
strcmp(), strncmp() */
55
57
#include <errno.h> /* errno */
56
58
#include <argp.h> /* struct argp_option, struct
57
59
argp_state, struct argp,
61
63
#include <signal.h> /* struct sigaction, sigemptyset(),
62
64
sigaddset(), sigaction(),
63
65
sigprocmask(), SIG_BLOCK, SIGCHLD,
64
SIG_UNBLOCK, kill() */
66
SIG_UNBLOCK, kill(), sig_atomic_t
67
*/
65
68
#include <errno.h> /* errno, EBADF */
69
#include <inttypes.h> /* intmax_t, PRIdMAX, strtoimax() */
70
#include <sysexits.h> /* EX_OSERR, EX_USAGE, EX_IOERR,
71
EX_CONFIG, EX_UNAVAILABLE, EX_OK */
72
#include <errno.h> /* errno */
73
#include <error.h> /* error() */
74
#include <fnmatch.h> /* fnmatch() */
66
75
67
76
#define BUFFER_SIZE 256
68
77
69
78
#define PDIR "/lib/mandos/plugins.d"
79
#define PHDIR "/lib/mandos/plugin-helpers"
70
80
#define AFILE "/conf/conf.d/mandos/plugin-runner.conf"
71
81
72
const char *argp_program_version = "plugin-runner 1.0";
73
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
74
75
struct plugin;
82
const char *argp_program_version = "plugin-runner " VERSION;
83
const char *argp_program_bug_address = "<mandos@recompile.se>";
76
84
77
85
typedef struct plugin{
78
86
char *name; /* can be NULL or any plugin name */
81
89
char **environ;
82
90
int envc;
83
91
bool disabled;
84
92
85
93
/* Variables used for running processes*/
86
94
pid_t pid;
87
95
int fd;
89
97
size_t buffer_size;
90
98
size_t buffer_length;
91
99
bool eof;
92
volatile bool completed;
93
volatile int status;
100
volatile sig_atomic_t completed;
101
int status;
94
102
struct plugin *next;
95
103
} plugin;
96
104
97
105
static plugin *plugin_list = NULL;
98
106
99
/* Gets a existing plugin based on name,
107
/* Gets an existing plugin based on name,
100
108
or if none is found, creates a new one */
109
__attribute__((warn_unused_result))
101
110
static plugin *getplugin(char *name){
102
/* Check for exiting plugin with that name */
103
for (plugin *p = plugin_list; p != NULL; p = p->next){
104
if ((p->name == name)
105
or (p->name and name and (strcmp(p->name, name) == 0))){
111
/* Check for existing plugin with that name */
112
for(plugin *p = plugin_list; p != NULL; p = p->next){
113
if((p->name == name)
114
or (p->name and name and (strcmp(p->name, name) == 0))){
106
115
return p;
107
116
}
108
117
}
109
118
/* Create a new plugin */
110
plugin *new_plugin = malloc(sizeof(plugin));
111
if (new_plugin == NULL){
119
plugin *new_plugin = NULL;
120
do {
121
new_plugin = malloc(sizeof(plugin));
122
} while(new_plugin == NULL and errno == EINTR);
123
if(new_plugin == NULL){
112
124
return NULL;
113
125
}
114
126
char *copy_name = NULL;
115
127
if(name != NULL){
116
copy_name = strdup(name);
128
do {
129
copy_name = strdup(name);
130
} while(copy_name == NULL and errno == EINTR);
117
131
if(copy_name == NULL){
132
int e = errno;
133
free(new_plugin);
134
errno = e;
118
135
return NULL;
119
136
}
120
137
}
121
122
*new_plugin = (plugin) { .name = copy_name,
123
.argc = 1,
124
.disabled = false,
125
.next = plugin_list };
126
127
new_plugin->argv = malloc(sizeof(char *) * 2);
128
if (new_plugin->argv == NULL){
138
139
*new_plugin = (plugin){ .name = copy_name,
140
.argc = 1,
141
.disabled = false,
142
.next = plugin_list };
143
144
do {
145
new_plugin->argv = malloc(sizeof(char *) * 2);
146
} while(new_plugin->argv == NULL and errno == EINTR);
147
if(new_plugin->argv == NULL){
148
int e = errno;
129
149
free(copy_name);
130
150
free(new_plugin);
151
errno = e;
131
152
return NULL;
132
153
}
133
154
new_plugin->argv[0] = copy_name;
134
155
new_plugin->argv[1] = NULL;
135
156
136
new_plugin->environ = malloc(sizeof(char *));
157
do {
158
new_plugin->environ = malloc(sizeof(char *));
159
} while(new_plugin->environ == NULL and errno == EINTR);
137
160
if(new_plugin->environ == NULL){
161
int e = errno;
138
162
free(copy_name);
139
163
free(new_plugin->argv);
140
164
free(new_plugin);
165
errno = e;
141
166
return NULL;
142
167
}
143
168
new_plugin->environ[0] = NULL;
148
173
}
149
174
150
175
/* Helper function for add_argument and add_environment */
176
__attribute__((nonnull, warn_unused_result))
151
177
static bool add_to_char_array(const char *new, char ***array,
152
178
int *len){
153
179
/* Resize the pointed-to array to hold one more pointer */
154
*array = realloc(*array, sizeof(char *)
155
* (size_t) ((*len) + 2));
180
char **new_array = NULL;
181
do {
182
new_array = realloc(*array, sizeof(char *)
183
* (size_t) ((*len) + 2));
184
} while(new_array == NULL and errno == EINTR);
156
185
/* Malloc check */
157
if(*array == NULL){
186
if(new_array == NULL){
158
187
return false;
159
188
}
189
*array = new_array;
160
190
/* Make a copy of the new string */
161
char *copy = strdup(new);
191
char *copy;
192
do {
193
copy = strdup(new);
194
} while(copy == NULL and errno == EINTR);
162
195
if(copy == NULL){
163
196
return false;
164
197
}
171
204
}
172
205
173
206
/* Add to a plugin's argument vector */
207
__attribute__((nonnull(2), warn_unused_result))
174
208
static bool add_argument(plugin *p, const char *arg){
175
209
if(p == NULL){
176
210
return false;
179
213
}
180
214
181
215
/* Add to a plugin's environment */
182
static bool add_environment(plugin *p, const char *def){
216
__attribute__((nonnull(2), warn_unused_result))
217
static bool add_environment(plugin *p, const char *def, bool replace){
183
218
if(p == NULL){
184
219
return false;
185
220
}
186
221
/* namelen = length of name of environment variable */
187
222
size_t namelen = (size_t)(strchrnul(def, '=') - def);
188
223
/* Search for this environment variable */
189
for(char **e = p->environ; *e != NULL; e++){
190
if(strncmp(*e, def, namelen+1) == 0){
191
/* Refuse to add an existing variable */
224
for(char **envdef = p->environ; *envdef != NULL; envdef++){
225
if(strncmp(*envdef, def, namelen + 1) == 0){
226
/* It already exists */
227
if(replace){
228
char *new_envdef;
229
do {
230
new_envdef = realloc(*envdef, strlen(def) + 1);
231
} while(new_envdef == NULL and errno == EINTR);
232
if(new_envdef == NULL){
233
return false;
234
}
235
*envdef = new_envdef;
236
strcpy(*envdef, def);
237
}
192
238
return true;
193
239
}
194
240
}
195
241
return add_to_char_array(def, &(p->environ), &(p->envc));
196
242
}
197
243
244
#ifndef O_CLOEXEC
198
245
/*
199
246
* Based on the example in the GNU LibC manual chapter 13.13 "File
200
247
* Descriptor Flags".
201
* *Note File Descriptor Flags:(libc)Descriptor Flags.
248
| [[info:libc:Descriptor%20Flags][File Descriptor Flags]] |
202
249
*/
203
static int set_cloexec_flag(int fd)
204
{
205
int ret = fcntl(fd, F_GETFD, 0);
250
__attribute__((warn_unused_result))
251
static int set_cloexec_flag(int fd){
252
int ret = (int)TEMP_FAILURE_RETRY(fcntl(fd, F_GETFD, 0));
206
253
/* If reading the flags failed, return error indication now. */
207
254
if(ret < 0){
208
255
return ret;
209
256
}
210
257
/* Store modified flag word in the descriptor. */
211
return fcntl(fd, F_SETFD, ret | FD_CLOEXEC);
258
return (int)TEMP_FAILURE_RETRY(fcntl(fd, F_SETFD,
259
ret | FD_CLOEXEC));
212
260
}
261
#endif /* not O_CLOEXEC */
213
262
214
263
215
264
/* Mark processes as completed when they exit, and save their exit
216
265
status. */
217
void handle_sigchld(__attribute__((unused)) int sig){
266
static void handle_sigchld(__attribute__((unused)) int sig){
267
int old_errno = errno;
218
268
while(true){
219
269
plugin *proc = plugin_list;
220
270
int status;
224
274
break;
225
275
}
226
276
if(pid == -1){
227
if (errno != ECHILD){
228
perror("waitpid");
277
if(errno == ECHILD){
278
/* No child processes */
279
break;
229
280
}
230
/* No child processes */
231
break;
281
error(0, errno, "waitpid");
232
282
}
233
283
234
284
/* A child exited, find it in process_list */
235
285
while(proc != NULL and proc->pid != pid){
236
286
proc = proc->next;
240
290
continue;
241
291
}
242
292
proc->status = status;
243
proc->completed = true;
293
proc->completed = 1;
244
294
}
295
errno = old_errno;
245
296
}
246
297
247
298
/* Prints out a password to stdout */
248
bool print_out_password(const char *buffer, size_t length){
299
__attribute__((nonnull, warn_unused_result))
300
static bool print_out_password(const char *buffer, size_t length){
249
301
ssize_t ret;
250
if(length>0 and buffer[length-1] == '\n'){
251
length--;
252
}
253
302
for(size_t written = 0; written < length; written += (size_t)ret){
254
303
ret = TEMP_FAILURE_RETRY(write(STDOUT_FILENO, buffer + written,
255
304
length - written));
261
310
}
262
311
263
312
/* Removes and free a plugin from the plugin list */
313
__attribute__((nonnull))
264
314
static void free_plugin(plugin *plugin_node){
265
315
266
316
for(char **arg = plugin_node->argv; *arg != NULL; arg++){
272
322
}
273
323
free(plugin_node->environ);
274
324
free(plugin_node->buffer);
275
325
276
326
/* Removes the plugin from the singly-linked list */
277
327
if(plugin_node == plugin_list){
278
328
/* First one - simple */
298
348
299
349
int main(int argc, char *argv[]){
300
350
char *plugindir = NULL;
351
char *pluginhelperdir = NULL;
301
352
char *argfile = NULL;
302
353
FILE *conffp;
303
size_t d_name_len;
304
DIR *dir = NULL;
305
struct dirent *dirst;
354
struct dirent **direntries = NULL;
306
355
struct stat st;
307
356
fd_set rfds_all;
308
357
int ret, maxfd = 0;
358
ssize_t sret;
309
359
uid_t uid = 65534;
310
360
gid_t gid = 65534;
311
361
bool debug = false;
315
365
.sa_flags = SA_NOCLDSTOP };
316
366
char **custom_argv = NULL;
317
367
int custom_argc = 0;
368
int dir_fd = -1;
318
369
319
370
/* Establish a signal handler */
320
371
sigemptyset(&sigchld_action.sa_mask);
321
372
ret = sigaddset(&sigchld_action.sa_mask, SIGCHLD);
322
373
if(ret == -1){
323
perror("sigaddset");
324
exitstatus = EXIT_FAILURE;
374
error(0, errno, "sigaddset");
375
exitstatus = EX_OSERR;
325
376
goto fallback;
326
377
}
327
378
ret = sigaction(SIGCHLD, &sigchld_action, &old_sigchld_action);
328
379
if(ret == -1){
329
perror("sigaction");
330
exitstatus = EXIT_FAILURE;
380
error(0, errno, "sigaction");
381
exitstatus = EX_OSERR;
331
382
goto fallback;
332
383
}
333
384
336
387
{ .name = "global-options", .key = 'g',
337
388
.arg = "OPTION[,OPTION[,...]]",
338
389
.doc = "Options passed to all plugins" },
339
{ .name = "global-env", .key = 'e',
390
{ .name = "global-env", .key = 'G',
340
391
.arg = "VAR=value",
341
392
.doc = "Environment variable passed to all plugins" },
342
393
{ .name = "options-for", .key = 'o',
343
394
.arg = "PLUGIN:OPTION[,OPTION[,...]]",
344
395
.doc = "Options passed only to specified plugin" },
345
{ .name = "env-for", .key = 'f',
396
{ .name = "env-for", .key = 'E',
346
397
.arg = "PLUGIN:ENV=value",
347
398
.doc = "Environment variable passed to specified plugin" },
348
399
{ .name = "disable", .key = 'd',
349
400
.arg = "PLUGIN",
350
401
.doc = "Disable a specific plugin", .group = 1 },
402
{ .name = "enable", .key = 'e',
403
.arg = "PLUGIN",
404
.doc = "Enable a specific plugin", .group = 1 },
351
405
{ .name = "plugin-dir", .key = 128,
352
406
.arg = "DIRECTORY",
353
407
.doc = "Specify a different plugin directory", .group = 2 },
362
416
.doc = "Group ID the plugins will run as", .group = 3 },
363
417
{ .name = "debug", .key = 132,
364
418
.doc = "Debug mode", .group = 4 },
419
{ .name = "plugin-helper-dir", .key = 133,
420
.arg = "DIRECTORY",
421
.doc = "Specify a different plugin helper directory",
422
.group = 2 },
423
/*
424
* These reproduce what we would get without ARGP_NO_HELP
425
*/
426
{ .name = "help", .key = '?',
427
.doc = "Give this help list", .group = -1 },
428
{ .name = "usage", .key = -3,
429
.doc = "Give a short usage message", .group = -1 },
430
{ .name = "version", .key = 'V',
431
.doc = "Print program version", .group = -1 },
365
432
{ .name = NULL }
366
433
};
367
434
368
error_t parse_opt (int key, char *arg, __attribute__((unused))
369
struct argp_state *state) {
370
/* Get the INPUT argument from `argp_parse', which we know is a
371
pointer to our plugin list pointer. */
372
switch (key) {
435
__attribute__((nonnull(3)))
436
error_t parse_opt(int key, char *arg, struct argp_state *state){
437
errno = 0;
438
switch(key){
439
char *tmp;
440
intmax_t tmp_id;
373
441
case 'g': /* --global-options */
374
if (arg != NULL){
375
char *p;
376
while((p = strsep(&arg, ",")) != NULL){
377
if(p[0] == '\0'){
378
continue;
379
}
380
if(not add_argument(getplugin(NULL), p)){
381
perror("add_argument");
382
return ARGP_ERR_UNKNOWN;
383
}
384
}
385
}
386
break;
387
case 'e': /* --global-env */
388
if(arg == NULL){
389
break;
390
}
391
442
{
392
char *envdef = strdup(arg);
393
if(envdef == NULL){
394
break;
395
}
396
if(not add_environment(getplugin(NULL), envdef)){
397
perror("add_environment");
398
}
443
char *plugin_option;
444
while((plugin_option = strsep(&arg, ",")) != NULL){
445
if(not add_argument(getplugin(NULL), plugin_option)){
446
break;
447
}
448
}
449
errno = 0;
450
}
451
break;
452
case 'G': /* --global-env */
453
if(add_environment(getplugin(NULL), arg, true)){
454
errno = 0;
399
455
}
400
456
break;
401
457
case 'o': /* --options-for */
402
if (arg != NULL){
403
char *p_name = strsep(&arg, ":");
404
if(p_name[0] == '\0'){
405
break;
406
}
407
char *opt = strsep(&arg, ":");
408
if(opt[0] == '\0'){
409
break;
410
}
411
if(opt != NULL){
412
char *p;
413
while((p = strsep(&opt, ",")) != NULL){
414
if(p[0] == '\0'){
415
continue;
416
}
417
if(not add_argument(getplugin(p_name), p)){
418
perror("add_argument");
419
return ARGP_ERR_UNKNOWN;
420
}
458
{
459
char *option_list = strchr(arg, ':');
460
if(option_list == NULL){
461
argp_error(state, "No colon in \"%s\"", arg);
462
errno = EINVAL;
463
break;
464
}
465
*option_list = '\0';
466
option_list++;
467
if(arg[0] == '\0'){
468
argp_error(state, "Empty plugin name");
469
errno = EINVAL;
470
break;
471
}
472
char *option;
473
while((option = strsep(&option_list, ",")) != NULL){
474
if(not add_argument(getplugin(arg), option)){
475
break;
421
476
}
422
477
}
478
errno = 0;
423
479
}
424
480
break;
425
case 'f': /* --env-for */
426
if(arg == NULL){
427
break;
428
}
481
case 'E': /* --env-for */
429
482
{
430
483
char *envdef = strchr(arg, ':');
431
484
if(envdef == NULL){
432
break;
433
}
434
char *p_name = strndup(arg, (size_t) (envdef-arg));
435
if(p_name == NULL){
436
break;
437
}
485
argp_error(state, "No colon in \"%s\"", arg);
486
errno = EINVAL;
487
break;
488
}
489
*envdef = '\0';
438
490
envdef++;
439
if(not add_environment(getplugin(p_name), envdef)){
440
perror("add_environment");
491
if(arg[0] == '\0'){
492
argp_error(state, "Empty plugin name");
493
errno = EINVAL;
494
break;
495
}
496
if(add_environment(getplugin(arg), envdef, true)){
497
errno = 0;
441
498
}
442
499
}
443
500
break;
444
501
case 'd': /* --disable */
445
if (arg != NULL){
446
plugin *p = getplugin(arg);
447
if(p == NULL){
448
return ARGP_ERR_UNKNOWN;
449
}
450
p->disabled = true;
502
{
503
plugin *p = getplugin(arg);
504
if(p != NULL){
505
p->disabled = true;
506
errno = 0;
507
}
508
}
509
break;
510
case 'e': /* --enable */
511
{
512
plugin *p = getplugin(arg);
513
if(p != NULL){
514
p->disabled = false;
515
errno = 0;
516
}
451
517
}
452
518
break;
453
519
case 128: /* --plugin-dir */
520
free(plugindir);
454
521
plugindir = strdup(arg);
455
if(plugindir == NULL){
456
perror("strdup");
457
}
458
break;
459
case 129: /* --config-file */
522
if(plugindir != NULL){
523
errno = 0;
524
}
525
break;
526
case 129: /* --config-file */
527
/* This is already done by parse_opt_config_file() */
528
break;
529
case 130: /* --userid */
530
tmp_id = strtoimax(arg, &tmp, 10);
531
if(errno != 0 or tmp == arg or *tmp != '\0'
532
or tmp_id != (uid_t)tmp_id){
533
argp_error(state, "Bad user ID number: \"%s\", using %"
534
PRIdMAX, arg, (intmax_t)uid);
535
break;
536
}
537
uid = (uid_t)tmp_id;
538
errno = 0;
539
break;
540
case 131: /* --groupid */
541
tmp_id = strtoimax(arg, &tmp, 10);
542
if(errno != 0 or tmp == arg or *tmp != '\0'
543
or tmp_id != (gid_t)tmp_id){
544
argp_error(state, "Bad group ID number: \"%s\", using %"
545
PRIdMAX, arg, (intmax_t)gid);
546
break;
547
}
548
gid = (gid_t)tmp_id;
549
errno = 0;
550
break;
551
case 132: /* --debug */
552
debug = true;
553
break;
554
case 133: /* --plugin-helper-dir */
555
free(pluginhelperdir);
556
pluginhelperdir = strdup(arg);
557
if(pluginhelperdir != NULL){
558
errno = 0;
559
}
560
break;
561
/*
562
* These reproduce what we would get without ARGP_NO_HELP
563
*/
564
case '?': /* --help */
565
state->flags &= ~(unsigned int)ARGP_NO_EXIT; /* force exit */
566
argp_state_help(state, state->out_stream, ARGP_HELP_STD_HELP);
567
case -3: /* --usage */
568
state->flags &= ~(unsigned int)ARGP_NO_EXIT; /* force exit */
569
argp_state_help(state, state->out_stream,
570
ARGP_HELP_USAGE | ARGP_HELP_EXIT_OK);
571
case 'V': /* --version */
572
fprintf(state->out_stream, "%s\n", argp_program_version);
573
exit(EXIT_SUCCESS);
574
break;
575
/*
576
* When adding more options before this line, remember to also add a
577
* "case" to the "parse_opt_config_file" function below.
578
*/
579
case ARGP_KEY_ARG:
580
/* Cryptsetup always passes an argument, which is an empty
581
string if "none" was specified in /etc/crypttab. So if
582
argument was empty, we ignore it silently. */
583
if(arg[0] == '\0'){
584
break;
585
}
586
/* FALLTHROUGH */
587
default:
588
return ARGP_ERR_UNKNOWN;
589
}
590
return errno; /* Set to 0 at start */
591
}
592
593
/* This option parser is the same as parse_opt() above, except it
594
ignores everything but the --config-file option. */
595
error_t parse_opt_config_file(int key, char *arg,
596
__attribute__((unused))
597
struct argp_state *state){
598
errno = 0;
599
switch(key){
600
case 'g': /* --global-options */
601
case 'G': /* --global-env */
602
case 'o': /* --options-for */
603
case 'E': /* --env-for */
604
case 'd': /* --disable */
605
case 'e': /* --enable */
606
case 128: /* --plugin-dir */
607
break;
608
case 129: /* --config-file */
609
free(argfile);
460
610
argfile = strdup(arg);
461
if(argfile == NULL){
462
perror("strdup");
611
if(argfile != NULL){
612
errno = 0;
463
613
}
464
break;
614
break;
465
615
case 130: /* --userid */
466
uid = (uid_t)strtol(arg, NULL, 10);
467
break;
468
616
case 131: /* --groupid */
469
gid = (gid_t)strtol(arg, NULL, 10);
470
break;
471
617
case 132: /* --debug */
472
debug = true;
473
break;
618
case 133: /* --plugin-helper-dir */
619
case '?': /* --help */
620
case -3: /* --usage */
621
case 'V': /* --version */
474
622
case ARGP_KEY_ARG:
475
fprintf(stderr, "Ignoring unknown argument \"%s\"\n", arg);
476
break;
477
case ARGP_KEY_END:
478
623
break;
479
624
default:
480
625
return ARGP_ERR_UNKNOWN;
481
626
}
482
return 0;
627
return errno;
483
628
}
484
629
485
struct argp argp = { .options = options, .parser = parse_opt,
486
.args_doc = "[+PLUS_SEPARATED_OPTIONS]",
630
struct argp argp = { .options = options,
631
.parser = parse_opt_config_file,
632
.args_doc = "",
487
633
.doc = "Mandos plugin runner -- Run plugins" };
488
634
489
ret = argp_parse (&argp, argc, argv, 0, 0, NULL);
490
if (ret == ARGP_ERR_UNKNOWN){
491
fprintf(stderr, "Unknown error while parsing arguments\n");
492
exitstatus = EXIT_FAILURE;
635
/* Parse using parse_opt_config_file() in order to get the custom
636
config file location, if any. */
637
ret = argp_parse(&argp, argc, argv,
638
ARGP_IN_ORDER | ARGP_NO_EXIT | ARGP_NO_HELP,
639
NULL, NULL);
640
switch(ret){
641
case 0:
642
break;
643
case ENOMEM:
644
default:
645
errno = ret;
646
error(0, errno, "argp_parse");
647
exitstatus = EX_OSERR;
648
goto fallback;
649
case EINVAL:
650
exitstatus = EX_USAGE;
493
651
goto fallback;
494
652
}
495
496
/* Opens the configfile if aviable */
497
if (argfile == NULL){
653
654
/* Reset to the normal argument parser */
655
argp.parser = parse_opt;
656
657
/* Open the configfile if available */
658
if(argfile == NULL){
498
659
conffp = fopen(AFILE, "r");
499
660
} else {
500
661
conffp = fopen(argfile, "r");
501
}
662
}
502
663
if(conffp != NULL){
503
664
char *org_line = NULL;
504
665
char *p, *arg, *new_arg, *line;
505
666
size_t size = 0;
506
ssize_t sret;
507
667
const char whitespace_delims[] = " \r\t\f\v\n";
508
668
const char comment_delim[] = "#";
509
669
510
670
custom_argc = 1;
511
671
custom_argv = malloc(sizeof(char*) * 2);
512
672
if(custom_argv == NULL){
513
perror("malloc");
514
exitstatus = EXIT_FAILURE;
673
error(0, errno, "malloc");
674
exitstatus = EX_OSERR;
515
675
goto fallback;
516
676
}
517
677
custom_argv[0] = argv[0];
518
678
custom_argv[1] = NULL;
519
679
520
680
/* for each line in the config file, strip whitespace and ignore
521
681
commented text */
522
682
while(true){
524
684
if(sret == -1){
525
685
break;
526
686
}
527
687
528
688
line = org_line;
529
689
arg = strsep(&line, comment_delim);
530
690
while((p = strsep(&arg, whitespace_delims)) != NULL){
533
693
}
534
694
new_arg = strdup(p);
535
695
if(new_arg == NULL){
536
perror("strdup");
537
exitstatus = EXIT_FAILURE;
696
error(0, errno, "strdup");
697
exitstatus = EX_OSERR;
538
698
free(org_line);
539
699
goto fallback;
540
700
}
541
701
542
702
custom_argc += 1;
543
custom_argv = realloc(custom_argv, sizeof(char *)
544
* ((unsigned int) custom_argc + 1));
545
if(custom_argv == NULL){
546
perror("realloc");
547
exitstatus = EXIT_FAILURE;
548
free(org_line);
549
goto fallback;
703
{
704
char **new_argv = realloc(custom_argv, sizeof(char *)
705
* ((size_t)custom_argc + 1));
706
if(new_argv == NULL){
707
error(0, errno, "realloc");
708
exitstatus = EX_OSERR;
709
free(new_arg);
710
free(org_line);
711
goto fallback;
712
} else {
713
custom_argv = new_argv;
714
}
550
715
}
551
716
custom_argv[custom_argc-1] = new_arg;
552
custom_argv[custom_argc] = NULL;
717
custom_argv[custom_argc] = NULL;
553
718
}
554
719
}
720
do {
721
ret = fclose(conffp);
722
} while(ret == EOF and errno == EINTR);
723
if(ret == EOF){
724
error(0, errno, "fclose");
725
exitstatus = EX_IOERR;
726
goto fallback;
727
}
555
728
free(org_line);
556
} else{
729
} else {
557
730
/* Check for harmful errors and go to fallback. Other errors might
558
731
not affect opening plugins */
559
if (errno == EMFILE or errno == ENFILE or errno == ENOMEM){
560
perror("fopen");
561
exitstatus = EXIT_FAILURE;
732
if(errno == EMFILE or errno == ENFILE or errno == ENOMEM){
733
error(0, errno, "fopen");
734
exitstatus = EX_OSERR;
562
735
goto fallback;
563
736
}
564
737
}
565
/* If there was any arguments from configuration file,
566
pass them to parser as command arguments */
738
/* If there were any arguments from the configuration file, pass
739
them to parser as command line arguments */
567
740
if(custom_argv != NULL){
568
ret = argp_parse (&argp, custom_argc, custom_argv, 0, 0, NULL);
569
if (ret == ARGP_ERR_UNKNOWN){
570
fprintf(stderr, "Unknown error while parsing arguments\n");
571
exitstatus = EXIT_FAILURE;
572
goto fallback;
741
ret = argp_parse(&argp, custom_argc, custom_argv,
742
ARGP_IN_ORDER | ARGP_NO_EXIT | ARGP_NO_HELP,
743
NULL, NULL);
744
switch(ret){
745
case 0:
746
break;
747
case ENOMEM:
748
default:
749
errno = ret;
750
error(0, errno, "argp_parse");
751
exitstatus = EX_OSERR;
752
goto fallback;
753
case EINVAL:
754
exitstatus = EX_CONFIG;
755
goto fallback;
756
}
757
}
758
759
/* Parse actual command line arguments, to let them override the
760
config file */
761
ret = argp_parse(&argp, argc, argv,
762
ARGP_IN_ORDER | ARGP_NO_EXIT | ARGP_NO_HELP,
763
NULL, NULL);
764
switch(ret){
765
case 0:
766
break;
767
case ENOMEM:
768
default:
769
errno = ret;
770
error(0, errno, "argp_parse");
771
exitstatus = EX_OSERR;
772
goto fallback;
773
case EINVAL:
774
exitstatus = EX_USAGE;
775
goto fallback;
776
}
777
778
{
779
char *pluginhelperenv;
780
bool bret = true;
781
ret = asprintf(&pluginhelperenv, "MANDOSPLUGINHELPERDIR=%s",
782
pluginhelperdir != NULL ? pluginhelperdir : PHDIR);
783
if(ret != -1){
784
bret = add_environment(getplugin(NULL), pluginhelperenv, true);
785
}
786
if(ret == -1 or not bret){
787
error(0, errno, "Failed to set MANDOSPLUGINHELPERDIR"
788
" environment variable to \"%s\" for all plugins\n",
789
pluginhelperdir != NULL ? pluginhelperdir : PHDIR);
790
}
791
if(ret != -1){
792
free(pluginhelperenv);
573
793
}
574
794
}
575
795
576
796
if(debug){
577
for(plugin *p = plugin_list; p != NULL; p=p->next){
797
for(plugin *p = plugin_list; p != NULL; p = p->next){
578
798
fprintf(stderr, "Plugin: %s has %d arguments\n",
579
799
p->name ? p->name : "Global", p->argc - 1);
580
800
for(char **a = p->argv; *a != NULL; a++){
581
801
fprintf(stderr, "\tArg: %s\n", *a);
582
802
}
583
fprintf(stderr, "...and %u environment variables\n", p->envc);
803
fprintf(stderr, "...and %d environment variables\n", p->envc);
584
804
for(char **a = p->environ; *a != NULL; a++){
585
805
fprintf(stderr, "\t%s\n", *a);
586
806
}
587
807
}
588
808
}
589
590
/* Strip permissions down to nobody */
809
810
if(getuid() == 0){
811
/* Work around Debian bug #633582:
812
<https://bugs.debian.org/633582> */
813
int plugindir_fd = open(/* plugindir or */ PDIR, O_RDONLY);
814
if(plugindir_fd == -1){
815
if(errno != ENOENT){
816
error(0, errno, "open(\"" PDIR "\")");
817
}
818
} else {
819
ret = (int)TEMP_FAILURE_RETRY(fstat(plugindir_fd, &st));
820
if(ret == -1){
821
error(0, errno, "fstat");
822
} else {
823
if(S_ISDIR(st.st_mode) and st.st_uid == 0 and st.st_gid == 0){
824
ret = fchown(plugindir_fd, uid, gid);
825
if(ret == -1){
826
error(0, errno, "fchown");
827
}
828
}
829
}
830
close(plugindir_fd);
831
}
832
}
833
834
/* Lower permissions */
835
ret = setgid(gid);
836
if(ret == -1){
837
error(0, errno, "setgid");
838
}
591
839
ret = setuid(uid);
592
if (ret == -1){
593
perror("setuid");
594
}
595
setgid(gid);
596
if (ret == -1){
597
perror("setgid");
598
}
599
600
if (plugindir == NULL){
601
dir = opendir(PDIR);
602
} else {
603
dir = opendir(plugindir);
604
}
605
606
if(dir == NULL){
607
perror("Could not open plugin dir");
608
exitstatus = EXIT_FAILURE;
609
goto fallback;
610
}
611
612
/* Set the FD_CLOEXEC flag on the directory, if possible */
840
if(ret == -1){
841
error(0, errno, "setuid");
842
}
843
844
/* Open plugin directory with close_on_exec flag */
613
845
{
614
int dir_fd = dirfd(dir);
615
if(dir_fd >= 0){
616
ret = set_cloexec_flag(dir_fd);
617
if(ret < 0){
618
perror("set_cloexec_flag");
619
exitstatus = EXIT_FAILURE;
620
goto fallback;
846
dir_fd = open(plugindir != NULL ? plugindir : PDIR, O_RDONLY |
847
#ifdef O_CLOEXEC
848
O_CLOEXEC
849
#else /* not O_CLOEXEC */
850
0
851
#endif /* not O_CLOEXEC */
852
);
853
if(dir_fd == -1){
854
error(0, errno, "Could not open plugin dir");
855
exitstatus = EX_UNAVAILABLE;
856
goto fallback;
857
}
858
859
#ifndef O_CLOEXEC
860
/* Set the FD_CLOEXEC flag on the directory */
861
ret = set_cloexec_flag(dir_fd);
862
if(ret < 0){
863
error(0, errno, "set_cloexec_flag");
864
exitstatus = EX_OSERR;
865
goto fallback;
866
}
867
#endif /* O_CLOEXEC */
868
}
869
870
int good_name(const struct dirent * const dirent){
871
const char * const patterns[] = { ".*", "#*#", "*~", "*.dpkg-new",
872
"*.dpkg-old", "*.dpkg-bak",
873
"*.dpkg-divert", NULL };
874
#ifdef __GNUC__
875
#pragma GCC diagnostic push
876
#pragma GCC diagnostic ignored "-Wcast-qual"
877
#endif
878
for(const char **pat = (const char **)patterns;
879
*pat != NULL; pat++){
880
#ifdef __GNUC__
881
#pragma GCC diagnostic pop
882
#endif
883
if(fnmatch(*pat, dirent->d_name, FNM_FILE_NAME | FNM_PERIOD)
884
!= FNM_NOMATCH){
885
if(debug){
886
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
887
" matching pattern %s\n", dirent->d_name, *pat);
888
}
889
return 0;
621
890
}
622
891
}
892
return 1;
893
}
894
895
int numplugins = scandirat(dir_fd, ".", &direntries, good_name,
896
alphasort);
897
if(numplugins == -1){
898
error(0, errno, "Could not scan plugin dir");
899
direntries = NULL;
900
exitstatus = EX_OSERR;
901
goto fallback;
623
902
}
624
903
625
904
FD_ZERO(&rfds_all);
626
905
627
906
/* Read and execute any executable in the plugin directory*/
628
while(true){
629
dirst = readdir(dir);
630
631
// All directory entries have been processed
632
if(dirst == NULL){
633
if (errno == EBADF){
634
perror("readdir");
635
exitstatus = EXIT_FAILURE;
636
goto fallback;
637
}
638
break;
639
}
640
641
d_name_len = strlen(dirst->d_name);
642
643
// Ignore dotfiles, backup files and other junk
644
{
645
bool bad_name = false;
646
647
const char const *bad_prefixes[] = { ".", "#", NULL };
648
649
const char const *bad_suffixes[] = { "~", "#", ".dpkg-new",
650
".dpkg-old",
651
".dpkg-divert", NULL };
652
for(const char **pre = bad_prefixes; *pre != NULL; pre++){
653
size_t pre_len = strlen(*pre);
654
if((d_name_len >= pre_len)
655
and strncmp((dirst->d_name), *pre, pre_len) == 0){
656
if(debug){
657
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
658
" with bad prefix %s\n", dirst->d_name, *pre);
659
}
660
bad_name = true;
661
break;
662
}
663
}
664
if(bad_name){
665
continue;
666
}
667
for(const char **suf = bad_suffixes; *suf != NULL; suf++){
668
size_t suf_len = strlen(*suf);
669
if((d_name_len >= suf_len)
670
and (strcmp((dirst->d_name)+d_name_len-suf_len, *suf)
671
== 0)){
672
if(debug){
673
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
674
" with bad suffix %s\n", dirst->d_name, *suf);
675
}
676
bad_name = true;
677
break;
678
}
679
}
680
681
if(bad_name){
682
continue;
683
}
684
}
685
686
char *filename;
687
ret = asprintf(&filename, "%s/%s", plugindir, dirst->d_name);
688
if(ret < 0){
689
perror("asprintf");
690
continue;
691
}
692
693
ret = stat(filename, &st);
694
if (ret == -1){
695
perror("stat");
696
free(filename);
697
continue;
698
}
699
907
for(int i = 0; i < numplugins; i++){
908
909
int plugin_fd = openat(dir_fd, direntries[i]->d_name, O_RDONLY);
910
if(plugin_fd == -1){
911
error(0, errno, "Could not open plugin");
912
free(direntries[i]);
913
continue;
914
}
915
ret = (int)TEMP_FAILURE_RETRY(fstat(plugin_fd, &st));
916
if(ret == -1){
917
error(0, errno, "stat");
918
close(plugin_fd);
919
free(direntries[i]);
920
continue;
921
}
922
700
923
/* Ignore non-executable files */
701
if (not S_ISREG(st.st_mode) or (access(filename, X_OK) != 0)){
924
if(not S_ISREG(st.st_mode)
925
or (TEMP_FAILURE_RETRY(faccessat(dir_fd, direntries[i]->d_name,
926
X_OK, 0)) != 0)){
702
927
if(debug){
703
fprintf(stderr, "Ignoring plugin dir entry \"%s\""
704
" with bad type or mode\n", filename);
928
fprintf(stderr, "Ignoring plugin dir entry \"%s/%s\""
929
" with bad type or mode\n",
930
plugindir != NULL ? plugindir : PDIR,
931
direntries[i]->d_name);
705
932
}
706
free(filename);
933
close(plugin_fd);
934
free(direntries[i]);
707
935
continue;
708
936
}
709
937
710
plugin *p = getplugin(dirst->d_name);
938
plugin *p = getplugin(direntries[i]->d_name);
711
939
if(p == NULL){
712
perror("getplugin");
713
free(filename);
940
error(0, errno, "getplugin");
941
close(plugin_fd);
942
free(direntries[i]);
714
943
continue;
715
944
}
716
945
if(p->disabled){
717
946
if(debug){
718
947
fprintf(stderr, "Ignoring disabled plugin \"%s\"\n",
719
dirst->d_name);
948
direntries[i]->d_name);
720
949
}
721
free(filename);
950
close(plugin_fd);
951
free(direntries[i]);
722
952
continue;
723
953
}
724
954
{
727
957
if(g != NULL){
728
958
for(char **a = g->argv + 1; *a != NULL; a++){
729
959
if(not add_argument(p, *a)){
730
perror("add_argument");
960
error(0, errno, "add_argument");
731
961
}
732
962
}
733
963
/* Add global environment variables */
734
964
for(char **e = g->environ; *e != NULL; e++){
735
if(not add_environment(p, *e)){
736
perror("add_environment");
965
if(not add_environment(p, *e, false)){
966
error(0, errno, "add_environment");
737
967
}
738
968
}
739
969
}
740
970
}
741
/* If this plugin has any environment variables, we will call
742
using execve and need to duplicate the environment from this
743
process, too. */
971
/* If this plugin has any environment variables, we need to
972
duplicate the environment from this process, too. */
744
973
if(p->environ[0] != NULL){
745
974
for(char **e = environ; *e != NULL; e++){
746
char *copy = strdup(*e);
747
if(copy == NULL){
748
perror("strdup");
749
continue;
750
}
751
if(not add_environment(p, copy)){
752
perror("add_environment");
975
if(not add_environment(p, *e, false)){
976
error(0, errno, "add_environment");
753
977
}
754
978
}
755
979
}
756
980
757
981
int pipefd[2];
758
ret = pipe(pipefd);
759
if (ret == -1){
760
perror("pipe");
761
exitstatus = EXIT_FAILURE;
762
goto fallback;
763
}
982
#ifndef O_CLOEXEC
983
ret = (int)TEMP_FAILURE_RETRY(pipe(pipefd));
984
#else /* O_CLOEXEC */
985
ret = (int)TEMP_FAILURE_RETRY(pipe2(pipefd, O_CLOEXEC));
986
#endif /* O_CLOEXEC */
987
if(ret == -1){
988
error(0, errno, "pipe");
989
exitstatus = EX_OSERR;
990
free(direntries[i]);
991
goto fallback;
992
}
993
if(pipefd[0] >= FD_SETSIZE){
994
fprintf(stderr, "pipe()[0] (%d) >= FD_SETSIZE (%d)", pipefd[0],
995
FD_SETSIZE);
996
close(pipefd[0]);
997
close(pipefd[1]);
998
exitstatus = EX_OSERR;
999
free(direntries[i]);
1000
goto fallback;
1001
}
1002
#ifndef O_CLOEXEC
764
1003
/* Ask OS to automatic close the pipe on exec */
765
1004
ret = set_cloexec_flag(pipefd[0]);
766
1005
if(ret < 0){
767
perror("set_cloexec_flag");
768
exitstatus = EXIT_FAILURE;
1006
error(0, errno, "set_cloexec_flag");
1007
close(pipefd[0]);
1008
close(pipefd[1]);
1009
exitstatus = EX_OSERR;
1010
free(direntries[i]);
769
1011
goto fallback;
770
1012
}
771
1013
ret = set_cloexec_flag(pipefd[1]);
772
1014
if(ret < 0){
773
perror("set_cloexec_flag");
774
exitstatus = EXIT_FAILURE;
1015
error(0, errno, "set_cloexec_flag");
1016
close(pipefd[0]);
1017
close(pipefd[1]);
1018
exitstatus = EX_OSERR;
1019
free(direntries[i]);
775
1020
goto fallback;
776
1021
}
1022
#endif /* not O_CLOEXEC */
777
1023
/* Block SIGCHLD until process is safely in process list */
778
ret = sigprocmask (SIG_BLOCK, &sigchld_action.sa_mask, NULL);
1024
ret = (int)TEMP_FAILURE_RETRY(sigprocmask(SIG_BLOCK,
1025
&sigchld_action.sa_mask,
1026
NULL));
779
1027
if(ret < 0){
780
perror("sigprocmask");
781
exitstatus = EXIT_FAILURE;
1028
error(0, errno, "sigprocmask");
1029
exitstatus = EX_OSERR;
1030
free(direntries[i]);
782
1031
goto fallback;
783
1032
}
784
// Starting a new process to be watched
785
pid_t pid = fork();
1033
/* Starting a new process to be watched */
1034
pid_t pid;
1035
do {
1036
pid = fork();
1037
} while(pid == -1 and errno == EINTR);
786
1038
if(pid == -1){
787
perror("fork");
788
exitstatus = EXIT_FAILURE;
1039
error(0, errno, "fork");
1040
TEMP_FAILURE_RETRY(sigprocmask(SIG_UNBLOCK,
1041
&sigchld_action.sa_mask, NULL));
1042
close(pipefd[0]);
1043
close(pipefd[1]);
1044
exitstatus = EX_OSERR;
1045
free(direntries[i]);
789
1046
goto fallback;
790
1047
}
791
1048
if(pid == 0){
792
1049
/* this is the child process */
793
1050
ret = sigaction(SIGCHLD, &old_sigchld_action, NULL);
794
1051
if(ret < 0){
795
perror("sigaction");
796
_exit(EXIT_FAILURE);
1052
error(0, errno, "sigaction");
1053
_exit(EX_OSERR);
797
1054
}
798
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
1055
ret = sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
799
1056
if(ret < 0){
800
perror("sigprocmask");
801
_exit(EXIT_FAILURE);
1057
error(0, errno, "sigprocmask");
1058
_exit(EX_OSERR);
802
1059
}
803
1060
804
1061
ret = dup2(pipefd[1], STDOUT_FILENO); /* replace our stdout */
805
1062
if(ret == -1){
806
perror("dup2");
807
_exit(EXIT_FAILURE);
1063
error(0, errno, "dup2");
1064
_exit(EX_OSERR);
808
1065
}
809
1066
810
if(dirfd(dir) < 0){
811
/* If dir has no file descriptor, we could not set FD_CLOEXEC
812
above and must now close it manually here. */
813
closedir(dir);
814
}
815
if(p->environ[0] == NULL){
816
if(execv(filename, p->argv) < 0){
817
perror("execv");
818
_exit(EXIT_FAILURE);
819
}
820
} else {
821
if(execve(filename, p->argv, p->environ) < 0){
822
perror("execve");
823
_exit(EXIT_FAILURE);
824
}
1067
if(fexecve(plugin_fd, p->argv,
1068
(p->environ[0] != NULL) ? p->environ : environ) < 0){
1069
error(0, errno, "fexecve for %s/%s",
1070
plugindir != NULL ? plugindir : PDIR,
1071
direntries[i]->d_name);
1072
_exit(EX_OSERR);
825
1073
}
826
1074
/* no return */
827
1075
}
828
1076
/* Parent process */
829
1077
close(pipefd[1]); /* Close unused write end of pipe */
830
free(filename);
831
plugin *new_plugin = getplugin(dirst->d_name);
832
if (new_plugin == NULL){
833
perror("getplugin");
834
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
1078
close(plugin_fd);
1079
plugin *new_plugin = getplugin(direntries[i]->d_name);
1080
if(new_plugin == NULL){
1081
error(0, errno, "getplugin");
1082
ret = (int)(TEMP_FAILURE_RETRY
1083
(sigprocmask(SIG_UNBLOCK, &sigchld_action.sa_mask,
1084
NULL)));
835
1085
if(ret < 0){
836
perror("sigprocmask");
1086
error(0, errno, "sigprocmask");
837
1087
}
838
exitstatus = EXIT_FAILURE;
1088
exitstatus = EX_OSERR;
1089
free(direntries[i]);
839
1090
goto fallback;
840
1091
}
1092
free(direntries[i]);
841
1093
842
1094
new_plugin->pid = pid;
843
1095
new_plugin->fd = pipefd[0];
844
1096
1097
if(debug){
1098
fprintf(stderr, "Plugin %s started (PID %" PRIdMAX ")\n",
1099
new_plugin->name, (intmax_t) (new_plugin->pid));
1100
}
1101
845
1102
/* Unblock SIGCHLD so signal handler can be run if this process
846
1103
has already completed */
847
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask, NULL);
1104
ret = (int)TEMP_FAILURE_RETRY(sigprocmask(SIG_UNBLOCK,
1105
&sigchld_action.sa_mask,
1106
NULL));
848
1107
if(ret < 0){
849
perror("sigprocmask");
850
exitstatus = EXIT_FAILURE;
1108
error(0, errno, "sigprocmask");
1109
exitstatus = EX_OSERR;
851
1110
goto fallback;
852
1111
}
853
1112
854
1113
FD_SET(new_plugin->fd, &rfds_all);
855
1114
856
if (maxfd < new_plugin->fd){
1115
if(maxfd < new_plugin->fd){
857
1116
maxfd = new_plugin->fd;
858
1117
}
859
860
1118
}
861
1119
862
closedir(dir);
863
dir = NULL;
864
1120
free(direntries);
1121
direntries = NULL;
1122
close(dir_fd);
1123
dir_fd = -1;
1124
free_plugin(getplugin(NULL));
1125
865
1126
for(plugin *p = plugin_list; p != NULL; p = p->next){
866
1127
if(p->pid != 0){
867
1128
break;
872
1133
free_plugin_list();
873
1134
}
874
1135
}
875
1136
876
1137
/* Main loop while running plugins exist */
877
1138
while(plugin_list){
878
1139
fd_set rfds = rfds_all;
879
1140
int select_ret = select(maxfd+1, &rfds, NULL, NULL, NULL);
880
if (select_ret == -1){
881
perror("select");
882
exitstatus = EXIT_FAILURE;
1141
if(select_ret == -1 and errno != EINTR){
1142
error(0, errno, "select");
1143
exitstatus = EX_OSERR;
883
1144
goto fallback;
884
1145
}
885
1146
/* OK, now either a process completed, or something can be read
886
1147
from one of them */
887
for(plugin *proc = plugin_list; proc != NULL; proc = proc->next){
1148
for(plugin *proc = plugin_list; proc != NULL;){
888
1149
/* Is this process completely done? */
889
if(proc->eof and proc->completed){
1150
if(proc->completed and proc->eof){
890
1151
/* Only accept the plugin output if it exited cleanly */
891
1152
if(not WIFEXITED(proc->status)
892
1153
or WEXITSTATUS(proc->status) != 0){
893
1154
/* Bad exit by plugin */
894
1155
895
1156
if(debug){
896
1157
if(WIFEXITED(proc->status)){
897
fprintf(stderr, "Plugin %u exited with status %d\n",
898
(unsigned int) (proc->pid),
1158
fprintf(stderr, "Plugin %s [%" PRIdMAX "] exited with"
1159
" status %d\n", proc->name,
1160
(intmax_t) (proc->pid),
899
1161
WEXITSTATUS(proc->status));
900
} else if(WIFSIGNALED(proc->status)) {
901
fprintf(stderr, "Plugin %u killed by signal %d\n",
902
(unsigned int) (proc->pid),
903
WTERMSIG(proc->status));
904
} else if(WCOREDUMP(proc->status)){
905
fprintf(stderr, "Plugin %d dumped core\n",
906
(unsigned int) (proc->pid));
1162
} else if(WIFSIGNALED(proc->status)){
1163
fprintf(stderr, "Plugin %s [%" PRIdMAX "] killed by"
1164
" signal %d: %s\n", proc->name,
1165
(intmax_t) (proc->pid),
1166
WTERMSIG(proc->status),
1167
strsignal(WTERMSIG(proc->status)));
907
1168
}
908
1169
}
909
1170
910
1171
/* Remove the plugin */
911
1172
FD_CLR(proc->fd, &rfds_all);
912
1173
913
1174
/* Block signal while modifying process_list */
914
ret = sigprocmask(SIG_BLOCK, &sigchld_action.sa_mask, NULL);
1175
ret = (int)TEMP_FAILURE_RETRY(sigprocmask
1176
(SIG_BLOCK,
1177
&sigchld_action.sa_mask,
1178
NULL));
915
1179
if(ret < 0){
916
perror("sigprocmask");
917
exitstatus = EXIT_FAILURE;
1180
error(0, errno, "sigprocmask");
1181
exitstatus = EX_OSERR;
918
1182
goto fallback;
919
1183
}
1184
1185
plugin *next_plugin = proc->next;
920
1186
free_plugin(proc);
1187
proc = next_plugin;
1188
921
1189
/* We are done modifying process list, so unblock signal */
922
ret = sigprocmask (SIG_UNBLOCK, &sigchld_action.sa_mask,
923
NULL);
1190
ret = (int)(TEMP_FAILURE_RETRY
1191
(sigprocmask(SIG_UNBLOCK,
1192
&sigchld_action.sa_mask, NULL)));
924
1193
if(ret < 0){
925
perror("sigprocmask");
926
exitstatus = EXIT_FAILURE;
1194
error(0, errno, "sigprocmask");
1195
exitstatus = EX_OSERR;
927
1196
goto fallback;
928
1197
}
929
1198
930
1199
if(plugin_list == NULL){
931
1200
break;
932
1201
}
1202
933
1203
continue;
934
1204
}
935
1205
936
1206
/* This process exited nicely, so print its buffer */
937
1207
938
1208
bool bret = print_out_password(proc->buffer,
939
1209
proc->buffer_length);
940
1210
if(not bret){
941
perror("print_out_password");
942
exitstatus = EXIT_FAILURE;
1211
error(0, errno, "print_out_password");
1212
exitstatus = EX_IOERR;
943
1213
}
944
1214
goto fallback;
945
1215
}
947
1217
/* This process has not completed. Does it have any output? */
948
1218
if(proc->eof or not FD_ISSET(proc->fd, &rfds)){
949
1219
/* This process had nothing to say at this time */
1220
proc = proc->next;
950
1221
continue;
951
1222
}
952
1223
/* Before reading, make the process' data buffer large enough */
953
1224
if(proc->buffer_length + BUFFER_SIZE > proc->buffer_size){
954
proc->buffer = realloc(proc->buffer, proc->buffer_size
955
+ (size_t) BUFFER_SIZE);
956
if (proc->buffer == NULL){
957
perror("malloc");
958
exitstatus = EXIT_FAILURE;
1225
char *new_buffer = realloc(proc->buffer, proc->buffer_size
1226
+ (size_t) BUFFER_SIZE);
1227
if(new_buffer == NULL){
1228
error(0, errno, "malloc");
1229
exitstatus = EX_OSERR;
959
1230
goto fallback;
960
1231
}
1232
proc->buffer = new_buffer;
961
1233
proc->buffer_size += BUFFER_SIZE;
962
1234
}
963
1235
/* Read from the process */
964
ret = read(proc->fd, proc->buffer + proc->buffer_length,
965
BUFFER_SIZE);
966
if(ret < 0){
1236
sret = TEMP_FAILURE_RETRY(read(proc->fd,
1237
proc->buffer
1238
+ proc->buffer_length,
1239
BUFFER_SIZE));
1240
if(sret < 0){
967
1241
/* Read error from this process; ignore the error */
1242
proc = proc->next;
968
1243
continue;
969
1244
}
970
if(ret == 0){
1245
if(sret == 0){
971
1246
/* got EOF */
972
1247
proc->eof = true;
973
1248
} else {
974
proc->buffer_length += (size_t) ret;
1249
proc->buffer_length += (size_t) sret;
975
1250
}
976
1251
}
977
1252
}
978
979
1253
1254
980
1255
fallback:
981
1256
982
if(plugin_list == NULL or exitstatus != EXIT_SUCCESS){
1257
if(plugin_list == NULL or (exitstatus != EXIT_SUCCESS
1258
and exitstatus != EX_OK)){
983
1259
/* Fallback if all plugins failed, none are found or an error
984
1260
occured */
985
1261
bool bret;
986
1262
fprintf(stderr, "Going to fallback mode using getpass(3)\n");
987
1263
char *passwordbuffer = getpass("Password: ");
988
bret = print_out_password(passwordbuffer, strlen(passwordbuffer));
1264
size_t len = strlen(passwordbuffer);
1265
/* Strip trailing newline */
1266
if(len > 0 and passwordbuffer[len-1] == '\n'){
1267
passwordbuffer[len-1] = '\0'; /* not strictly necessary */
1268
len--;
1269
}
1270
bret = print_out_password(passwordbuffer, len);
989
1271
if(not bret){
990
perror("print_out_password");
991
exitstatus = EXIT_FAILURE;
1272
error(0, errno, "print_out_password");
1273
exitstatus = EX_IOERR;
992
1274
}
993
1275
}
994
1276
995
1277
/* Restore old signal handler */
996
1278
ret = sigaction(SIGCHLD, &old_sigchld_action, NULL);
997
1279
if(ret == -1){
998
perror("sigaction");
999
exitstatus = EXIT_FAILURE;
1280
error(0, errno, "sigaction");
1281
exitstatus = EX_OSERR;
1000
1282
}
1001
1283
1002
1284
if(custom_argv != NULL){
1003
1285
for(char **arg = custom_argv+1; *arg != NULL; arg++){
1004
1286
free(*arg);
1006
1288
free(custom_argv);
1007
1289
}
1008
1290
1009
if(dir != NULL){
1010
closedir(dir);
1291
free(direntries);
1292
1293
if(dir_fd != -1){
1294
close(dir_fd);
1011
1295
}
1012
1296
1013
/* Free the process list and kill the processes */
1297
/* Kill the processes */
1014
1298
for(plugin *p = plugin_list; p != NULL; p = p->next){
1015
1299
if(p->pid != 0){
1016
1300
close(p->fd);
1017
1301
ret = kill(p->pid, SIGTERM);
1018
1302
if(ret == -1 and errno != ESRCH){
1019
1303
/* Set-uid proccesses might not get closed */
1020
perror("kill");
1304
error(0, errno, "kill");
1021
1305
}
1022
1306
}
1023
1307
}
1024
1308
1025
1309
/* Wait for any remaining child processes to terminate */
1026
do{
1310
do {
1027
1311
ret = wait(NULL);
1028
1312
} while(ret >= 0);
1029
1313
if(errno != ECHILD){
1030
perror("wait");
1314
error(0, errno, "wait");
1031
1315
}
1032
1316
1033
1317
free_plugin_list();
1034
1318
1035
1319
free(plugindir);
1320
free(pluginhelperdir);
1036
1321
free(argfile);
1037
1322
1038
1323
return exitstatus;
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0