Annotation of embedaddon/sudo/src/exec.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (c) 2009-2011 Todd C. Miller <Todd.Miller@courtesan.com>
! 3: *
! 4: * Permission to use, copy, modify, and distribute this software for any
! 5: * purpose with or without fee is hereby granted, provided that the above
! 6: * copyright notice and this permission notice appear in all copies.
! 7: *
! 8: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
! 9: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
! 10: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
! 11: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
! 12: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
! 13: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
! 14: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
! 15: */
! 16:
! 17: #include <config.h>
! 18:
! 19: #include <sys/types.h>
! 20: #include <sys/param.h>
! 21: #ifdef HAVE_SYS_SYSMACROS_H
! 22: # include <sys/sysmacros.h>
! 23: #endif
! 24: #include <sys/socket.h>
! 25: #include <sys/stat.h>
! 26: #include <sys/time.h>
! 27: #include <sys/wait.h>
! 28: #include <sys/ioctl.h>
! 29: #ifdef HAVE_SYS_SELECT_H
! 30: # include <sys/select.h>
! 31: #endif /* HAVE_SYS_SELECT_H */
! 32: #include <stdio.h>
! 33: #ifdef STDC_HEADERS
! 34: # include <stdlib.h>
! 35: # include <stddef.h>
! 36: #else
! 37: # ifdef HAVE_STDLIB_H
! 38: # include <stdlib.h>
! 39: # endif
! 40: #endif /* STDC_HEADERS */
! 41: #ifdef HAVE_STRING_H
! 42: # include <string.h>
! 43: #endif /* HAVE_STRING_H */
! 44: #ifdef HAVE_STRINGS_H
! 45: # include <strings.h>
! 46: #endif /* HAVE_STRINGS_H */
! 47: #ifdef HAVE_UNISTD_H
! 48: # include <unistd.h>
! 49: #endif /* HAVE_UNISTD_H */
! 50: #if TIME_WITH_SYS_TIME
! 51: # include <time.h>
! 52: #endif
! 53: #ifdef HAVE_SETLOCALE
! 54: # include <locale.h>
! 55: #endif
! 56: #include <errno.h>
! 57: #include <fcntl.h>
! 58: #include <signal.h>
! 59: #include <termios.h>
! 60:
! 61: #include "sudo.h"
! 62: #include "sudo_exec.h"
! 63: #include "sudo_plugin.h"
! 64: #include "sudo_plugin_int.h"
! 65:
! 66: /* Shared with exec_pty.c for use with handler(). */
! 67: int signal_pipe[2];
! 68:
! 69: /* We keep a tailq of signals to forward to child. */
! 70: struct sigforward {
! 71: struct sigforward *prev, *next;
! 72: int signo;
! 73: };
! 74: TQ_DECLARE(sigforward)
! 75: static struct sigforward_list sigfwd_list;
! 76:
! 77: static int handle_signals(int fd, pid_t child, int log_io,
! 78: struct command_status *cstat);
! 79: static void forward_signals(int fd);
! 80: static void schedule_signal(int signo);
! 81:
! 82: /*
! 83: * Like execve(2) but falls back to running through /bin/sh
! 84: * ala execvp(3) if we get ENOEXEC.
! 85: */
! 86: int
! 87: my_execve(const char *path, char *const argv[], char *const envp[])
! 88: {
! 89: execve(path, argv, envp);
! 90: if (errno == ENOEXEC) {
! 91: int argc;
! 92: char **nargv;
! 93:
! 94: for (argc = 0; argv[argc] != NULL; argc++)
! 95: continue;
! 96: nargv = emalloc2(argc + 2, sizeof(char *));
! 97: nargv[0] = "sh";
! 98: nargv[1] = (char *)path;
! 99: memcpy(nargv + 2, argv + 1, argc * sizeof(char *));
! 100: execve(_PATH_BSHELL, nargv, envp);
! 101: efree(nargv);
! 102: }
! 103: return -1;
! 104: }
! 105:
! 106: /*
! 107: * Fork and execute a command, returns the child's pid.
! 108: * Sends errno back on sv[1] if execve() fails.
! 109: */
! 110: static int fork_cmnd(struct command_details *details, int sv[2])
! 111: {
! 112: struct command_status cstat;
! 113: sigaction_t sa;
! 114: pid_t child;
! 115:
! 116: zero_bytes(&sa, sizeof(sa));
! 117: sigemptyset(&sa.sa_mask);
! 118: sa.sa_flags = SA_INTERRUPT; /* do not restart syscalls */
! 119: sa.sa_handler = handler;
! 120: sigaction(SIGCONT, &sa, NULL);
! 121:
! 122: child = fork();
! 123: switch (child) {
! 124: case -1:
! 125: error(1, _("unable to fork"));
! 126: break;
! 127: case 0:
! 128: /* child */
! 129: close(sv[0]);
! 130: close(signal_pipe[0]);
! 131: close(signal_pipe[1]);
! 132: fcntl(sv[1], F_SETFD, FD_CLOEXEC);
! 133: restore_signals();
! 134: if (exec_setup(details, NULL, -1) == TRUE) {
! 135: /* headed for execve() */
! 136: if (details->closefrom >= 0)
! 137: closefrom(details->closefrom);
! 138: #ifdef HAVE_SELINUX
! 139: if (ISSET(details->flags, CD_RBAC_ENABLED))
! 140: selinux_execve(details->command, details->argv, details->envp);
! 141: else
! 142: #endif
! 143: my_execve(details->command, details->argv, details->envp);
! 144: }
! 145: cstat.type = CMD_ERRNO;
! 146: cstat.val = errno;
! 147: send(sv[1], &cstat, sizeof(cstat), 0);
! 148: _exit(1);
! 149: }
! 150: return child;
! 151: }
! 152:
! 153: static struct signal_state {
! 154: int signo;
! 155: sigaction_t sa;
! 156: } saved_signals[] = {
! 157: { SIGALRM },
! 158: { SIGCHLD },
! 159: { SIGCONT },
! 160: { SIGHUP },
! 161: { SIGINT },
! 162: { SIGPIPE },
! 163: { SIGQUIT },
! 164: { SIGTERM },
! 165: { SIGTSTP },
! 166: { SIGTTIN },
! 167: { SIGTTOU },
! 168: { SIGUSR1 },
! 169: { SIGUSR2 },
! 170: { -1 }
! 171: };
! 172:
! 173: /*
! 174: * Save signal handler state so it can be restored before exec.
! 175: */
! 176: void
! 177: save_signals(void)
! 178: {
! 179: struct signal_state *ss;
! 180:
! 181: for (ss = saved_signals; ss->signo != -1; ss++)
! 182: sigaction(ss->signo, NULL, &ss->sa);
! 183: }
! 184:
! 185: /*
! 186: * Restore signal handlers to initial state.
! 187: */
! 188: void
! 189: restore_signals(void)
! 190: {
! 191: struct signal_state *ss;
! 192:
! 193: for (ss = saved_signals; ss->signo != -1; ss++)
! 194: sigaction(ss->signo, &ss->sa, NULL);
! 195: }
! 196:
! 197: /*
! 198: * Execute a command, potentially in a pty with I/O loggging.
! 199: * This is a little bit tricky due to how POSIX job control works and
! 200: * we fact that we have two different controlling terminals to deal with.
! 201: */
! 202: int
! 203: sudo_execve(struct command_details *details, struct command_status *cstat)
! 204: {
! 205: int maxfd, n, nready, sv[2], log_io = FALSE;
! 206: const char *utmp_user = NULL;
! 207: fd_set *fdsr, *fdsw;
! 208: sigaction_t sa;
! 209: pid_t child;
! 210:
! 211: /* If running in background mode, fork and exit. */
! 212: if (ISSET(details->flags, CD_BACKGROUND)) {
! 213: switch (fork()) {
! 214: case -1:
! 215: cstat->type = CMD_ERRNO;
! 216: cstat->val = errno;
! 217: return -1;
! 218: case 0:
! 219: /* child continues without controlling terminal */
! 220: (void)setpgid(0, 0);
! 221: break;
! 222: default:
! 223: /* parent exits (but does not flush buffers) */
! 224: _exit(0);
! 225: }
! 226: }
! 227:
! 228: /*
! 229: * If we have an I/O plugin or the policy plugin has requested one, we
! 230: * need to allocate a pty. It is OK to set log_io in the pty-only case
! 231: * as the io plugin tailqueue will be empty and no I/O logging will occur.
! 232: */
! 233: if (!tq_empty(&io_plugins) || ISSET(details->flags, CD_USE_PTY)) {
! 234: log_io = TRUE;
! 235: if (ISSET(details->flags, CD_SET_UTMP))
! 236: utmp_user = details->utmp_user ? details->utmp_user : user_details.username;
! 237: sudo_debug(8, "allocate pty for I/O logging");
! 238: pty_setup(details->euid, user_details.tty, utmp_user);
! 239: }
! 240:
! 241: /*
! 242: * We communicate with the child over a bi-directional pair of sockets.
! 243: * Parent sends signal info to child and child sends back wait status.
! 244: */
! 245: if (socketpair(PF_UNIX, SOCK_DGRAM, 0, sv) == -1)
! 246: error(1, _("unable to create sockets"));
! 247:
! 248: /*
! 249: * We use a pipe to atomically handle signal notification within
! 250: * the select() loop.
! 251: */
! 252: if (pipe_nonblock(signal_pipe) != 0)
! 253: error(1, _("unable to create pipe"));
! 254:
! 255: zero_bytes(&sa, sizeof(sa));
! 256: sigemptyset(&sa.sa_mask);
! 257:
! 258: /*
! 259: * Signals for forward to the child process (excluding SIGALRM and SIGCHLD).
! 260: * Note: HP-UX select() will not be interrupted if SA_RESTART set.
! 261: */
! 262: sa.sa_flags = SA_INTERRUPT; /* do not restart syscalls */
! 263: sa.sa_handler = handler;
! 264: sigaction(SIGALRM, &sa, NULL);
! 265: sigaction(SIGCHLD, &sa, NULL);
! 266: sigaction(SIGHUP, &sa, NULL);
! 267: sigaction(SIGINT, &sa, NULL);
! 268: sigaction(SIGPIPE, &sa, NULL);
! 269: sigaction(SIGQUIT, &sa, NULL);
! 270: sigaction(SIGTERM, &sa, NULL);
! 271: sigaction(SIGUSR1, &sa, NULL);
! 272: sigaction(SIGUSR2, &sa, NULL);
! 273:
! 274: /* Max fd we will be selecting on. */
! 275: maxfd = MAX(sv[0], signal_pipe[0]);
! 276:
! 277: /*
! 278: * Child will run the command in the pty, parent will pass data
! 279: * to and from pty. Adjusts maxfd as needed.
! 280: */
! 281: if (log_io)
! 282: child = fork_pty(details, sv, &maxfd);
! 283: else
! 284: child = fork_cmnd(details, sv);
! 285: close(sv[1]);
! 286:
! 287: /* Set command timeout if specified. */
! 288: if (ISSET(details->flags, CD_SET_TIMEOUT))
! 289: alarm(details->timeout);
! 290:
! 291: #ifdef HAVE_SETLOCALE
! 292: /*
! 293: * I/O logging must be in the C locale for floating point numbers
! 294: * to be logged consistently.
! 295: */
! 296: setlocale(LC_ALL, "C");
! 297: #endif
! 298:
! 299: /*
! 300: * In the event loop we pass input from user tty to master
! 301: * and pass output from master to stdout and IO plugin.
! 302: */
! 303: fdsr = (fd_set *)emalloc2(howmany(maxfd + 1, NFDBITS), sizeof(fd_mask));
! 304: fdsw = (fd_set *)emalloc2(howmany(maxfd + 1, NFDBITS), sizeof(fd_mask));
! 305: for (;;) {
! 306: zero_bytes(fdsw, howmany(maxfd + 1, NFDBITS) * sizeof(fd_mask));
! 307: zero_bytes(fdsr, howmany(maxfd + 1, NFDBITS) * sizeof(fd_mask));
! 308:
! 309: FD_SET(signal_pipe[0], fdsr);
! 310: FD_SET(sv[0], fdsr);
! 311: if (!tq_empty(&sigfwd_list))
! 312: FD_SET(sv[0], fdsw);
! 313: if (log_io)
! 314: fd_set_iobs(fdsr, fdsw); /* XXX - better name */
! 315: nready = select(maxfd + 1, fdsr, fdsw, NULL, NULL);
! 316: if (nready == -1) {
! 317: if (errno == EINTR)
! 318: continue;
! 319: error(1, _("select failed"));
! 320: }
! 321: if (FD_ISSET(sv[0], fdsw)) {
! 322: forward_signals(sv[0]);
! 323: }
! 324: if (FD_ISSET(signal_pipe[0], fdsr)) {
! 325: n = handle_signals(signal_pipe[0], child, log_io, cstat);
! 326: if (n == 0) {
! 327: /* Child has exited, cstat is set, we are done. */
! 328: goto done;
! 329: }
! 330: if (n == -1) {
! 331: /* Error reading signal_pipe[0], should not happen. */
! 332: break;
! 333: }
! 334: /* Restart event loop so signals get sent to child immediately. */
! 335: continue;
! 336: }
! 337: if (FD_ISSET(sv[0], fdsr)) {
! 338: /* read child status */
! 339: n = recv(sv[0], cstat, sizeof(*cstat), 0);
! 340: if (n == -1) {
! 341: if (errno == EINTR)
! 342: continue;
! 343: /*
! 344: * If not logging I/O we will receive ECONNRESET when
! 345: * the command is executed. It is safe to ignore this.
! 346: */
! 347: if (log_io && errno != EAGAIN) {
! 348: cstat->type = CMD_ERRNO;
! 349: cstat->val = errno;
! 350: break;
! 351: }
! 352: }
! 353: if (cstat->type == CMD_WSTATUS) {
! 354: if (WIFSTOPPED(cstat->val)) {
! 355: /* Suspend parent and tell child how to resume on return. */
! 356: sudo_debug(8, "child stopped, suspending parent");
! 357: n = suspend_parent(WSTOPSIG(cstat->val));
! 358: schedule_signal(n);
! 359: continue;
! 360: } else {
! 361: /* Child exited or was killed, either way we are done. */
! 362: break;
! 363: }
! 364: } else if (cstat->type == CMD_ERRNO) {
! 365: /* Child was unable to execute command or broken pipe. */
! 366: break;
! 367: }
! 368: }
! 369:
! 370: if (perform_io(fdsr, fdsw, cstat) != 0) {
! 371: /* I/O error, kill child if still alive and finish. */
! 372: schedule_signal(SIGKILL);
! 373: forward_signals(sv[0]);
! 374: break;
! 375: }
! 376: }
! 377:
! 378: if (log_io) {
! 379: /* Flush any remaining output and free pty-related memory. */
! 380: pty_close(cstat);
! 381: }
! 382:
! 383: #ifdef HAVE_SELINUX
! 384: if (ISSET(details->flags, CD_RBAC_ENABLED)) {
! 385: /* This is probably not needed in log_io mode. */
! 386: if (selinux_restore_tty() != 0)
! 387: warningx(_("unable to restore tty label"));
! 388: }
! 389: #endif
! 390:
! 391: done:
! 392: efree(fdsr);
! 393: efree(fdsw);
! 394: while (!tq_empty(&sigfwd_list)) {
! 395: struct sigforward *sigfwd = tq_first(&sigfwd_list);
! 396: tq_remove(&sigfwd_list, sigfwd);
! 397: efree(sigfwd);
! 398: }
! 399:
! 400: return cstat->type == CMD_ERRNO ? -1 : 0;
! 401: }
! 402:
! 403: /*
! 404: * Read signals on fd written to by handler().
! 405: * Returns -1 on error, 0 on child exit, else 1.
! 406: */
! 407: static int
! 408: handle_signals(int fd, pid_t child, int log_io, struct command_status *cstat)
! 409: {
! 410: unsigned char signo;
! 411: ssize_t nread;
! 412: int status;
! 413: pid_t pid;
! 414:
! 415: for (;;) {
! 416: /* read signal pipe */
! 417: nread = read(signal_pipe[0], &signo, sizeof(signo));
! 418: if (nread <= 0) {
! 419: /* It should not be possible to get EOF but just in case. */
! 420: if (nread == 0)
! 421: errno = ECONNRESET;
! 422: /* Restart if interrupted by signal so the pipe doesn't fill. */
! 423: if (errno == EINTR)
! 424: continue;
! 425: /* If pipe is empty, we are done. */
! 426: if (errno == EAGAIN)
! 427: break;
! 428: sudo_debug(9, "error reading signal pipe %s", strerror(errno));
! 429: cstat->type = CMD_ERRNO;
! 430: cstat->val = errno;
! 431: return -1;
! 432: }
! 433: sudo_debug(9, "received signal %d", signo);
! 434: if (signo == SIGCHLD) {
! 435: /*
! 436: * If logging I/O, child is the intermediate process,
! 437: * otherwise it is the command itself.
! 438: */
! 439: do {
! 440: pid = waitpid(child, &status, WUNTRACED|WNOHANG);
! 441: } while (pid == -1 && errno == EINTR);
! 442: if (pid == child) {
! 443: /* If not logging I/O and child has exited we are done. */
! 444: if (!log_io) {
! 445: if (WIFSTOPPED(status)) {
! 446: /*
! 447: * Save the controlling terminal's process group
! 448: * so we can restore it after we resume.
! 449: */
! 450: pid_t saved_pgrp = (pid_t)-1;
! 451: int fd = open(_PATH_TTY, O_RDWR|O_NOCTTY, 0);
! 452: if (fd != -1)
! 453: saved_pgrp = tcgetpgrp(fd);
! 454: if (kill(getpid(), WSTOPSIG(status)) != 0) {
! 455: warning("kill(%d, %d)", (int)getpid(),
! 456: WSTOPSIG(status));
! 457: }
! 458: if (fd != -1) {
! 459: if (saved_pgrp != (pid_t)-1)
! 460: (void)tcsetpgrp(fd, saved_pgrp);
! 461: close(fd);
! 462: }
! 463: } else {
! 464: /* Child has exited, we are done. */
! 465: cstat->type = CMD_WSTATUS;
! 466: cstat->val = status;
! 467: return 0;
! 468: }
! 469: }
! 470: /* Else we get ECONNRESET on sv[0] if child dies. */
! 471: }
! 472: } else {
! 473: if (log_io) {
! 474: /* Schedule signo to be forwared to the child. */
! 475: schedule_signal(signo);
! 476: } else {
! 477: /* Nothing listening on sv[0], send directly. */
! 478: if (signo == SIGALRM)
! 479: terminate_child(child, FALSE);
! 480: else if (kill(child, signo) != 0)
! 481: warning("kill(%d, %d)", (int)child, signo);
! 482: }
! 483: }
! 484: }
! 485: return 1;
! 486: }
! 487:
! 488: /*
! 489: * Forward signals in sigfwd_list to child listening on fd.
! 490: */
! 491: static void
! 492: forward_signals(int sock)
! 493: {
! 494: struct sigforward *sigfwd;
! 495: struct command_status cstat;
! 496: ssize_t nsent;
! 497:
! 498: while (!tq_empty(&sigfwd_list)) {
! 499: sigfwd = tq_first(&sigfwd_list);
! 500: sudo_debug(9, "sending signal %d to child over backchannel",
! 501: sigfwd->signo);
! 502: cstat.type = CMD_SIGNO;
! 503: cstat.val = sigfwd->signo;
! 504: do {
! 505: nsent = send(sock, &cstat, sizeof(cstat), 0);
! 506: } while (nsent == -1 && errno == EINTR);
! 507: tq_remove(&sigfwd_list, sigfwd);
! 508: efree(sigfwd);
! 509: if (nsent != sizeof(cstat)) {
! 510: if (errno == EPIPE) {
! 511: /* Other end of socket gone, empty out sigfwd_list. */
! 512: while (!tq_empty(&sigfwd_list)) {
! 513: sigfwd = tq_first(&sigfwd_list);
! 514: tq_remove(&sigfwd_list, sigfwd);
! 515: efree(sigfwd);
! 516: }
! 517: }
! 518: break;
! 519: }
! 520: }
! 521: }
! 522:
! 523: /*
! 524: * Schedule a signal to be forwared.
! 525: */
! 526: static void
! 527: schedule_signal(int signo)
! 528: {
! 529: struct sigforward *sigfwd;
! 530:
! 531: sigfwd = emalloc(sizeof(*sigfwd));
! 532: sigfwd->prev = sigfwd;
! 533: sigfwd->next = NULL;
! 534: sigfwd->signo = signo;
! 535: tq_append(&sigfwd_list, sigfwd);
! 536: }
! 537:
! 538: /*
! 539: * Generic handler for signals passed from parent -> child.
! 540: * The other end of signal_pipe is checked in the main event loop.
! 541: */
! 542: void
! 543: handler(int s)
! 544: {
! 545: unsigned char signo = (unsigned char)s;
! 546:
! 547: /*
! 548: * The pipe is non-blocking, if we overflow the kernel's pipe
! 549: * buffer we drop the signal. This is not a problem in practice.
! 550: */
! 551: if (write(signal_pipe[1], &signo, sizeof(signo)) == -1)
! 552: /* shut up glibc */;
! 553: }
! 554:
! 555: /*
! 556: * Open a pipe and make both ends non-blocking.
! 557: * Returns 0 on success and -1 on error.
! 558: */
! 559: int
! 560: pipe_nonblock(int fds[2])
! 561: {
! 562: int flags, rval;
! 563:
! 564: rval = pipe(fds);
! 565: if (rval != -1) {
! 566: flags = fcntl(fds[0], F_GETFL, 0);
! 567: if (flags != -1 && !ISSET(flags, O_NONBLOCK))
! 568: rval = fcntl(fds[0], F_SETFL, flags | O_NONBLOCK);
! 569: if (rval != -1) {
! 570: flags = fcntl(fds[1], F_GETFL, 0);
! 571: if (flags != -1 && !ISSET(flags, O_NONBLOCK))
! 572: rval = fcntl(fds[1], F_SETFL, flags | O_NONBLOCK);
! 573: }
! 574: if (rval == -1) {
! 575: close(fds[0]);
! 576: close(fds[1]);
! 577: }
! 578: }
! 579:
! 580: return rval;
! 581: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to exec.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / src