/mandos/trunk : revision 967

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugin-runner.c

Committer: Teddy Hogeborn
Date: 2019-02-10 03:50:20 UTC
Revision ID: teddy@recompile.se-20190210035020-nttr1tybgwwixueu

http://bugs.debian.org/879538

http://bugs.debian.org/916673

Show debconf note about new TLS key IDs

If mandos-client did not see TLS keys and had to create them, or if
mandos sees GnuTLS version 3.6.6 or later, show an important notice on
package installation about the importance of adding the new key_id
options to clients.conf on the Mandos server.

* debian/control (Package: mandos, Package: mandos-client): Depend on
                                                            debconf.
* debian/mandos-client.lintian-overrides: Override warnings.
* debian/mandos-client.postinst (create_keys): Show notice if new TLS
                                               key files were created.
* debian/mandos-client.templates: New.
* debian/mandos.lintian-overrides: Override warnings.
* debian/mandos.postinst (configure): If GnuTLS 3.6.6 or later is
                                      detected, show an important
                                      notice (once) about the new
                                      key_id option required in
                                      clients.conf.
* debian/mandos.templates: New.

files added:
bugs.xml

debian/mandos-client.templates

debian/mandos.templates

initramfs-tools-conf

initramfs-tools-script-stop

mandos-to-cryptroot-unlock

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

tmpfiles.d-mandos.conf

files removed:
initramfs-tools-hook-conf

files modified:
DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d/bridge

network-hooks.d/openvpn

network-hooks.d/wireless

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

plugin-runner.c

* Mandos plugin runner - Run Mandos plugins

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* This file is part of Mandos.

* Mandos is free software: you can redistribute it and/or modify it

* under the terms of the GNU General Public License as published by

* the Free Software Foundation, either version 3 of the License, or

* (at your option) any later version.

* Mandos is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* along with Mandos. If not, see <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@recompile.se>.

#include <sys/select.h> /* fd_set, select(), FD_ZERO(),

FD_SET(), FD_ISSET(), FD_CLR */

#include <sys/wait.h> /* wait(), waitpid(), WIFEXITED(),

WEXITSTATUS(), WTERMSIG(),

WCOREDUMP() */

WEXITSTATUS(), WTERMSIG() */

#include <sys/stat.h> /* struct stat, fstat(), S_ISREG() */

#include <iso646.h> /* and, or, not */

#include <dirent.h> /* struct dirent, scandirat() */

#define BUFFER_SIZE 256

#define PDIR "/lib/mandos/plugins.d"

#define PHDIR "/lib/mandos/plugin-helpers"

#define AFILE "/conf/conf.d/mandos/plugin-runner.conf"

const char *argp_program_version = "plugin-runner " VERSION;

347

348

349

int main(int argc, char *argv[]){

349

350

char *plugindir = NULL;

351

char *pluginhelperdir = NULL;

350

352

char *argfile = NULL;

351

353

FILE *conffp;

352

struct dirent **direntries;

354

struct dirent **direntries = NULL;

353

355

struct stat st;

354

356

fd_set rfds_all;

355

357

int ret, maxfd = 0;

414

416

.doc = "Group ID the plugins will run as", .group = 3 },

415

417

{ .name = "debug", .key = 132,

416

418

.doc = "Debug mode", .group = 4 },

419

{ .name = "plugin-helper-dir", .key = 133,

420

.arg = "DIRECTORY",

421

.doc = "Specify a different plugin helper directory",

422

.group = 2 },

417

423

418

424

* These reproduce what we would get without ARGP_NO_HELP

419

425

545

551

case 132: /* --debug */

546

552

debug = true;

547

553

break;

554

case 133: /* --plugin-helper-dir */

555

free(pluginhelperdir);

556

pluginhelperdir = strdup(arg);

557

if(pluginhelperdir != NULL){

558

errno = 0;

559

}

560

break;

548

561

549

562

* These reproduce what we would get without ARGP_NO_HELP

550

563

570

583

if(arg[0] == '\0'){

571

584

break;

572

585

}

586

/* FALLTHROUGH */

573

587

default:

574

588

return ARGP_ERR_UNKNOWN;

575

589

}

601

615

case 130: /* --userid */

602

616

case 131: /* --groupid */

603

617

case 132: /* --debug */

618

case 133: /* --plugin-helper-dir */

604

619

case '?': /* --help */

605

620

case -3: /* --usage */

606

621

case 'V': /* --version */

687

702

custom_argc += 1;

688

703

{

689

704

char **new_argv = realloc(custom_argv, sizeof(char *)

690

* ((unsigned int)

691

custom_argc + 1));

705

* ((size_t)custom_argc + 1));

692

706

if(new_argv == NULL){

693

707

error(0, errno, "realloc");

694

708

exitstatus = EX_OSERR;

761

775

goto fallback;

762

776

}

763

777

778

{

779

char *pluginhelperenv;

780

bool bret = true;

781

ret = asprintf(&pluginhelperenv, "MANDOSPLUGINHELPERDIR=%s",

782

pluginhelperdir != NULL ? pluginhelperdir : PHDIR);

783

if(ret != -1){

784

bret = add_environment(getplugin(NULL), pluginhelperenv, true);

785

}

786

if(ret == -1 or not bret){

787

error(0, errno, "Failed to set MANDOSPLUGINHELPERDIR"

788

" environment variable to \"%s\" for all plugins\n",

789

pluginhelperdir != NULL ? pluginhelperdir : PHDIR);

790

}

791

if(ret != -1){

792

free(pluginhelperenv);

793

}

794

}

795

764

796

if(debug){

765

for(plugin *p = plugin_list; p != NULL; p=p->next){

797

for(plugin *p = plugin_list; p != NULL; p = p->next){

766

798

fprintf(stderr, "Plugin: %s has %d arguments\n",

767

799

p->name ? p->name : "Global", p->argc - 1);

768

800

for(char **a = p->argv; *a != NULL; a++){

777

809

778

810

if(getuid() == 0){

779

811

/* Work around Debian bug #633582:

780

<http://bugs.debian.org/633582> */

812

<https://bugs.debian.org/633582> */

781

813

int plugindir_fd = open(/* plugindir or */ PDIR, O_RDONLY);

782

814

if(plugindir_fd == -1){

783

815

if(errno != ENOENT){

795

827

}

796

828

}

797

829

}

798

TEMP_FAILURE_RETRY(close(plugindir_fd));

830

close(plugindir_fd);

799

831

}

800

832

}

801

833

829

861

ret = set_cloexec_flag(dir_fd);

830

862

if(ret < 0){

831

863

error(0, errno, "set_cloexec_flag");

832

TEMP_FAILURE_RETRY(close(dir_fd));

833

864

exitstatus = EX_OSERR;

834

865

goto fallback;

835

866

}

861

892

return 1;

862

893

}

863

894

864

#ifdef __GLIBC__

865

#if __GLIBC_PREREQ(2, 15)

866

895

int numplugins = scandirat(dir_fd, ".", &direntries, good_name,

867

896

alphasort);

868

#else /* not __GLIBC_PREREQ(2, 15) */

869

int numplugins = scandir(plugindir != NULL ? plugindir : PDIR,

870

&direntries, good_name, alphasort);

871

#endif /* not __GLIBC_PREREQ(2, 15) */

872

#else /* not __GLIBC__ */

873

int numplugins = scandir(plugindir != NULL ? plugindir : PDIR,

874

&direntries, good_name, alphasort);

875

#endif /* not __GLIBC__ */

876

897

if(numplugins == -1){

877

898

error(0, errno, "Could not scan plugin dir");

878

TEMP_FAILURE_RETRY(close(dir_fd));

899

direntries = NULL;

879

900

exitstatus = EX_OSERR;

880

901

goto fallback;

881

902

}

888

909

int plugin_fd = openat(dir_fd, direntries[i]->d_name, O_RDONLY);

889

910

if(plugin_fd == -1){

890

911

error(0, errno, "Could not open plugin");

912

free(direntries[i]);

891

913

continue;

892

914

}

893

915

ret = (int)TEMP_FAILURE_RETRY(fstat(plugin_fd, &st));

894

916

if(ret == -1){

895

917

error(0, errno, "stat");

896

TEMP_FAILURE_RETRY(close(plugin_fd));

918

close(plugin_fd);

919

free(direntries[i]);

897

920

continue;

898

921

}

899

922

907

930

plugindir != NULL ? plugindir : PDIR,

908

931

direntries[i]->d_name);

909

932

}

910

TEMP_FAILURE_RETRY(close(plugin_fd));

933

close(plugin_fd);

934

free(direntries[i]);

911

935

continue;

912

936

}

913

937

914

938

plugin *p = getplugin(direntries[i]->d_name);

915

939

if(p == NULL){

916

940

error(0, errno, "getplugin");

917

TEMP_FAILURE_RETRY(close(plugin_fd));

941

close(plugin_fd);

942

free(direntries[i]);

918

943

continue;

919

944

}

920

945

if(p->disabled){

922

947

fprintf(stderr, "Ignoring disabled plugin \"%s\"\n",

923

948

direntries[i]->d_name);

924

949

}

925

TEMP_FAILURE_RETRY(close(plugin_fd));

950

close(plugin_fd);

951

free(direntries[i]);

926

952

continue;

927

953

}

928

954

{

961

987

if(ret == -1){

962

988

error(0, errno, "pipe");

963

989

exitstatus = EX_OSERR;

990

free(direntries[i]);

964

991

goto fallback;

965

992

}

966

993

if(pipefd[0] >= FD_SETSIZE){

967

994

fprintf(stderr, "pipe()[0] (%d) >= FD_SETSIZE (%d)", pipefd[0],

968

995

FD_SETSIZE);

969

TEMP_FAILURE_RETRY(close(pipefd[0]));

970

TEMP_FAILURE_RETRY(close(pipefd[1]));

996

close(pipefd[0]);

997

close(pipefd[1]);

971

998

exitstatus = EX_OSERR;

999

free(direntries[i]);

972

1000

goto fallback;

973

1001

}

974

1002

#ifndef O_CLOEXEC

976

1004

ret = set_cloexec_flag(pipefd[0]);

977

1005

if(ret < 0){

978

1006

error(0, errno, "set_cloexec_flag");

979

TEMP_FAILURE_RETRY(close(pipefd[0]));

980

TEMP_FAILURE_RETRY(close(pipefd[1]));

1007

close(pipefd[0]);

1008

close(pipefd[1]);

981

1009

exitstatus = EX_OSERR;

1010

free(direntries[i]);

982

1011

goto fallback;

983

1012

}

984

1013

ret = set_cloexec_flag(pipefd[1]);

985

1014

if(ret < 0){

986

1015

error(0, errno, "set_cloexec_flag");

987

TEMP_FAILURE_RETRY(close(pipefd[0]));

988

TEMP_FAILURE_RETRY(close(pipefd[1]));

1016

close(pipefd[0]);

1017

close(pipefd[1]);

989

1018

exitstatus = EX_OSERR;

1019

free(direntries[i]);

990

1020

goto fallback;

991

1021

}

992

1022

#endif /* not O_CLOEXEC */

997

1027

if(ret < 0){

998

1028

error(0, errno, "sigprocmask");

999

1029

exitstatus = EX_OSERR;

1030

free(direntries[i]);

1000

1031

goto fallback;

1001

1032

}

1002

1033

/* Starting a new process to be watched */

1008

1039

error(0, errno, "fork");

1009

1040

TEMP_FAILURE_RETRY(sigprocmask(SIG_UNBLOCK,

1010

1041

&sigchld_action.sa_mask, NULL));

1011

TEMP_FAILURE_RETRY(close(pipefd[0]));

1012

TEMP_FAILURE_RETRY(close(pipefd[1]));

1042

close(pipefd[0]);

1043

close(pipefd[1]);

1013

1044

exitstatus = EX_OSERR;

1045

free(direntries[i]);

1014

1046

goto fallback;

1015

1047

}

1016

1048

if(pid == 0){

1042

1074

/* no return */

1043

1075

}

1044

1076

/* Parent process */

1045

TEMP_FAILURE_RETRY(close(pipefd[1])); /* Close unused write end of

1046

pipe */

1047

TEMP_FAILURE_RETRY(close(plugin_fd));

1077

close(pipefd[1]); /* Close unused write end of pipe */

1078

close(plugin_fd);

1048

1079

plugin *new_plugin = getplugin(direntries[i]->d_name);

1049

1080

if(new_plugin == NULL){

1050

1081

error(0, errno, "getplugin");

1055

1086

error(0, errno, "sigprocmask");

1056

1087

}

1057

1088

exitstatus = EX_OSERR;

1089

free(direntries[i]);

1058

1090

goto fallback;

1059

1091

}

1092

free(direntries[i]);

1060

1093

1061

1094

new_plugin->pid = pid;

1062

1095

new_plugin->fd = pipefd[0];

1063

1096

1097

if(debug){

1098

fprintf(stderr, "Plugin %s started (PID %" PRIdMAX ")\n",

1099

new_plugin->name, (intmax_t) (new_plugin->pid));

1100

}

1101

1064

1102

/* Unblock SIGCHLD so signal handler can be run if this process

1065

1103

has already completed */

1066

1104

ret = (int)TEMP_FAILURE_RETRY(sigprocmask(SIG_UNBLOCK,

1072

1110

goto fallback;

1073

1111

}

1074

1112

1075

#if defined (__GNUC__) and defined (__GLIBC__)

1076

#if not __GLIBC_PREREQ(2, 16)

1077

#pragma GCC diagnostic push

1078

#pragma GCC diagnostic ignored "-Wsign-conversion"

1079

#endif

1080

#endif

1081

FD_SET(new_plugin->fd, &rfds_all); /* Spurious warning from

1082

-Wconversion in GNU libc

1083

before 2.16 */

1084

#if defined (__GNUC__) and defined (__GLIBC__)

1085

#if not __GLIBC_PREREQ(2, 16)

1086

#pragma GCC diagnostic pop

1087

#endif

1088

#endif

1113

FD_SET(new_plugin->fd, &rfds_all);

1089

1114

1090

1115

if(maxfd < new_plugin->fd){

1091

1116

maxfd = new_plugin->fd;

1092

1117

}

1093

1118

}

1094

1119

1095

TEMP_FAILURE_RETRY(close(dir_fd));

1120

free(direntries);

1121

direntries = NULL;

1122

close(dir_fd);

1123

dir_fd = -1;

1096

1124

free_plugin(getplugin(NULL));

1097

1125

1098

1126

for(plugin *p = plugin_list; p != NULL; p = p->next){

1137

1165

(intmax_t) (proc->pid),

1138

1166

WTERMSIG(proc->status),

1139

1167

strsignal(WTERMSIG(proc->status)));

1140

} else if(WCOREDUMP(proc->status)){

1141

fprintf(stderr, "Plugin %s [%" PRIdMAX "] dumped"

1142

" core\n", proc->name, (intmax_t) (proc->pid));

1143

1168

}

1144

1169

}

1145

1170

1146

1171

/* Remove the plugin */

1147

#if defined (__GNUC__) and defined (__GLIBC__)

1148

#if not __GLIBC_PREREQ(2, 16)

1149

#pragma GCC diagnostic push

1150

#pragma GCC diagnostic ignored "-Wsign-conversion"

1151

#endif

1152

#endif

1153

FD_CLR(proc->fd, &rfds_all); /* Spurious warning from

1154

-Wconversion in GNU libc

1155

before 2.16 */

1156

#if defined (__GNUC__) and defined (__GLIBC__)

1157

#if not __GLIBC_PREREQ(2, 16)

1158

#pragma GCC diagnostic pop

1159

#endif

1160

#endif

1172

FD_CLR(proc->fd, &rfds_all);

1161

1173

1162

1174

/* Block signal while modifying process_list */

1163

1175

ret = (int)TEMP_FAILURE_RETRY(sigprocmask

1203

1215

}

1204

1216

1205

1217

/* This process has not completed. Does it have any output? */

1206

#if defined (__GNUC__) and defined (__GLIBC__)

1207

#if not __GLIBC_PREREQ(2, 16)

1208

#pragma GCC diagnostic push

1209

#pragma GCC diagnostic ignored "-Wsign-conversion"

1210

#endif

1211

#endif

1212

if(proc->eof or not FD_ISSET(proc->fd, &rfds)){ /* Spurious

1213

warning from

1214

-Wconversion

1215

in GNU libc

1216

before

1217

2.16 */

1218

#if defined (__GNUC__) and defined (__GLIBC__)

1219

#if not __GLIBC_PREREQ(2, 16)

1220

#pragma GCC diagnostic pop

1221

#endif

1222

#endif

1218

if(proc->eof or not FD_ISSET(proc->fd, &rfds)){

1223

1219

/* This process had nothing to say at this time */

1224

1220

proc = proc->next;

1225

1221

continue;

1292

1288

free(custom_argv);

1293

1289

}

1294

1290

1291

free(direntries);

1292

1295

1293

if(dir_fd != -1){

1296

TEMP_FAILURE_RETRY(close(dir_fd));

1294

close(dir_fd);

1297

1295

}

1298

1296

1299

1297

/* Kill the processes */

1319

1317

free_plugin_list();

1320

1318

1321

1319

free(plugindir);

1320

free(pluginhelperdir);

1322

1321

free(argfile);

1323

1322

1324

1323

return exitstatus;

Older »