1: /*
2: * Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com>
3: *
4: * Permission to use, copy, modify, and distribute this software for any
5: * purpose with or without fee is hereby granted, provided that the above
6: * copyright notice and this permission notice appear in all copies.
7: *
8: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15: */
16:
17: #include <config.h>
18:
19: #include <sys/types.h>
20: #include <sys/socket.h>
21: #include <sys/time.h>
22: #include <sys/wait.h>
23: #include <sys/ioctl.h>
24: #include <stdio.h>
25: #ifdef STDC_HEADERS
26: # include <stdlib.h>
27: # include <stddef.h>
28: #else
29: # ifdef HAVE_STDLIB_H
30: # include <stdlib.h>
31: # endif
32: #endif /* STDC_HEADERS */
33: #ifdef HAVE_STRING_H
34: # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
35: # include <memory.h>
36: # endif
37: # include <string.h>
38: #endif /* HAVE_STRING_H */
39: #ifdef HAVE_STRINGS_H
40: # include <strings.h>
41: #endif /* HAVE_STRINGS_H */
42: #ifdef HAVE_UNISTD_H
43: # include <unistd.h>
44: #endif /* HAVE_UNISTD_H */
45: #ifdef TIME_WITH_SYS_TIME
46: # include <time.h>
47: #endif
48: #include <errno.h>
49: #include <fcntl.h>
50: #include <signal.h>
51: #include <termios.h>
52:
53: #include "sudo.h"
54: #include "sudo_event.h"
55: #include "sudo_exec.h"
56: #include "sudo_plugin.h"
57: #include "sudo_plugin_int.h"
58:
59: #define SFD_STDIN 0
60: #define SFD_STDOUT 1
61: #define SFD_STDERR 2
62: #define SFD_MASTER 3
63: #define SFD_SLAVE 4
64: #define SFD_USERTTY 5
65:
66: /* Evaluates to true if the event has /dev/tty as its fd. */
67: #define USERTTY_EVENT(_ev) (sudo_ev_get_fd((_ev)) == io_fds[SFD_USERTTY])
68:
69: #define TERM_COOKED 0
70: #define TERM_RAW 1
71:
72: /* Compatibility with older tty systems. */
73: #if !defined(TIOCGWINSZ) && defined(TIOCGSIZE)
74: # define TIOCGWINSZ TIOCGSIZE
75: # define TIOCSWINSZ TIOCSSIZE
76: # define winsize ttysize
77: #endif
78:
79: struct io_buffer {
80: SLIST_ENTRY(io_buffer) entries;
81: struct sudo_event *revent;
82: struct sudo_event *wevent;
83: bool (*action)(const char *buf, unsigned int len);
84: int len; /* buffer length (how much produced) */
85: int off; /* write position (how much already consumed) */
86: char buf[32 * 1024];
87: };
88:
89: SLIST_HEAD(io_buffer_list, io_buffer);
90:
91: static char slavename[PATH_MAX];
92: static bool foreground, pipeline, tty_initialized;
93: static int io_fds[6] = { -1, -1, -1, -1, -1, -1};
94: static int ttymode = TERM_COOKED;
95: static pid_t ppgrp, cmnd_pgrp, mon_pgrp;
96: static sigset_t ttyblock;
97: static struct io_buffer_list iobufs;
98:
99: static void del_io_events(void);
100: static int exec_monitor(struct command_details *details, int backchannel);
101: static void exec_pty(struct command_details *details,
102: struct command_status *cstat, int errfd);
103: static void sigwinch(int s);
104: static void sync_ttysize(int src, int dst);
105: static void deliver_signal(pid_t pid, int signo, bool from_parent);
106: static int safe_close(int fd);
107: static void ev_free_by_fd(struct sudo_event_base *evbase, int fd);
108: static void check_foreground(void);
109:
110: /*
111: * Cleanup hook for fatal()/fatalx()
112: */
113: static void
114: pty_cleanup(void)
115: {
116: debug_decl(cleanup, SUDO_DEBUG_EXEC);
117:
118: if (!TAILQ_EMPTY(&io_plugins) && io_fds[SFD_USERTTY] != -1)
119: term_restore(io_fds[SFD_USERTTY], 0);
120: #ifdef HAVE_SELINUX
121: selinux_restore_tty();
122: #endif
123: utmp_logout(slavename, 0); /* XXX - only if CD_SET_UTMP */
124:
125: debug_return;
126: }
127:
128: /*
129: * Generic handler for signals recieved by the monitor process.
130: * The other end of signal_pipe is checked in the monitor event loop.
131: */
132: #ifdef SA_SIGINFO
133: static void
134: mon_handler(int s, siginfo_t *info, void *context)
135: {
136: unsigned char signo = (unsigned char)s;
137:
138: /*
139: * If the signal came from the command we ran, just ignore
140: * it since we don't want the command to indirectly kill itself.
141: * This can happen with, e.g. BSD-derived versions of reboot
142: * that call kill(-1, SIGTERM) to kill all other processes.
143: */
144: if (info != NULL && info->si_code == SI_USER && info->si_pid == cmnd_pid)
145: return;
146:
147: /*
148: * The pipe is non-blocking, if we overflow the kernel's pipe
149: * buffer we drop the signal. This is not a problem in practice.
150: */
151: ignore_result(write(signal_pipe[1], &signo, sizeof(signo)));
152: }
153: #else
154: static void
155: mon_handler(int s)
156: {
157: unsigned char signo = (unsigned char)s;
158:
159: /*
160: * The pipe is non-blocking, if we overflow the kernel's pipe
161: * buffer we drop the signal. This is not a problem in practice.
162: */
163: ignore_result(write(signal_pipe[1], &signo, sizeof(signo)));
164: }
165: #endif
166:
167: /*
168: * Allocate a pty if /dev/tty is a tty.
169: * Fills in io_fds[SFD_USERTTY], io_fds[SFD_MASTER], io_fds[SFD_SLAVE]
170: * and slavename globals.
171: */
172: void
173: pty_setup(uid_t uid, const char *tty, const char *utmp_user)
174: {
175: debug_decl(pty_setup, SUDO_DEBUG_EXEC);
176:
177: io_fds[SFD_USERTTY] = open(_PATH_TTY, O_RDWR|O_NOCTTY, 0);
178: if (io_fds[SFD_USERTTY] != -1) {
179: if (!get_pty(&io_fds[SFD_MASTER], &io_fds[SFD_SLAVE],
180: slavename, sizeof(slavename), uid))
181: fatal(U_("unable to allocate pty"));
182: /* Add entry to utmp/utmpx? */
183: if (utmp_user != NULL)
184: utmp_login(tty, slavename, io_fds[SFD_SLAVE], utmp_user);
185: }
186:
187: debug_return;
188: }
189:
190: /* Call I/O plugin tty input log method. */
191: static bool
192: log_ttyin(const char *buf, unsigned int n)
193: {
194: struct plugin_container *plugin;
195: sigset_t omask;
196: bool rval = true;
197: debug_decl(log_ttyin, SUDO_DEBUG_EXEC);
198:
199: sigprocmask(SIG_BLOCK, &ttyblock, &omask);
200: TAILQ_FOREACH(plugin, &io_plugins, entries) {
201: if (plugin->u.io->log_ttyin) {
202: if (!plugin->u.io->log_ttyin(buf, n)) {
203: rval = false;
204: break;
205: }
206: }
207: }
208: sigprocmask(SIG_SETMASK, &omask, NULL);
209:
210: debug_return_bool(rval);
211: }
212:
213: /* Call I/O plugin stdin log method. */
214: static bool
215: log_stdin(const char *buf, unsigned int n)
216: {
217: struct plugin_container *plugin;
218: sigset_t omask;
219: bool rval = true;
220: debug_decl(log_stdin, SUDO_DEBUG_EXEC);
221:
222: sigprocmask(SIG_BLOCK, &ttyblock, &omask);
223: TAILQ_FOREACH(plugin, &io_plugins, entries) {
224: if (plugin->u.io->log_stdin) {
225: if (!plugin->u.io->log_stdin(buf, n)) {
226: rval = false;
227: break;
228: }
229: }
230: }
231: sigprocmask(SIG_SETMASK, &omask, NULL);
232:
233: debug_return_bool(rval);
234: }
235:
236: /* Call I/O plugin tty output log method. */
237: static bool
238: log_ttyout(const char *buf, unsigned int n)
239: {
240: struct plugin_container *plugin;
241: sigset_t omask;
242: bool rval = true;
243: debug_decl(log_ttyout, SUDO_DEBUG_EXEC);
244:
245: sigprocmask(SIG_BLOCK, &ttyblock, &omask);
246: TAILQ_FOREACH(plugin, &io_plugins, entries) {
247: if (plugin->u.io->log_ttyout) {
248: if (!plugin->u.io->log_ttyout(buf, n)) {
249: rval = false;
250: break;
251: }
252: }
253: }
254: sigprocmask(SIG_SETMASK, &omask, NULL);
255:
256: debug_return_bool(rval);
257: }
258:
259: /* Call I/O plugin stdout log method. */
260: static bool
261: log_stdout(const char *buf, unsigned int n)
262: {
263: struct plugin_container *plugin;
264: sigset_t omask;
265: bool rval = true;
266: debug_decl(log_stdout, SUDO_DEBUG_EXEC);
267:
268: sigprocmask(SIG_BLOCK, &ttyblock, &omask);
269: TAILQ_FOREACH(plugin, &io_plugins, entries) {
270: if (plugin->u.io->log_stdout) {
271: if (!plugin->u.io->log_stdout(buf, n)) {
272: rval = false;
273: break;
274: }
275: }
276: }
277: sigprocmask(SIG_SETMASK, &omask, NULL);
278:
279: debug_return_bool(rval);
280: }
281:
282: /* Call I/O plugin stderr log method. */
283: static bool
284: log_stderr(const char *buf, unsigned int n)
285: {
286: struct plugin_container *plugin;
287: sigset_t omask;
288: bool rval = true;
289: debug_decl(log_stderr, SUDO_DEBUG_EXEC);
290:
291: sigprocmask(SIG_BLOCK, &ttyblock, &omask);
292: TAILQ_FOREACH(plugin, &io_plugins, entries) {
293: if (plugin->u.io->log_stderr) {
294: if (!plugin->u.io->log_stderr(buf, n)) {
295: rval = false;
296: break;
297: }
298: }
299: }
300: sigprocmask(SIG_SETMASK, &omask, NULL);
301:
302: debug_return_bool(rval);
303: }
304:
305: /*
306: * Check whether we are running in the foregroup.
307: * Updates the foreground global and does lazy init of the
308: * the pty slave as needed.
309: */
310: static void
311: check_foreground(void)
312: {
313: debug_decl(check_foreground, SUDO_DEBUG_EXEC);
314:
315: if (io_fds[SFD_USERTTY] != -1) {
316: foreground = tcgetpgrp(io_fds[SFD_USERTTY]) == ppgrp;
317: if (foreground && !tty_initialized) {
318: if (term_copy(io_fds[SFD_USERTTY], io_fds[SFD_SLAVE])) {
319: tty_initialized = true;
320: sync_ttysize(io_fds[SFD_USERTTY], io_fds[SFD_SLAVE]);
321: }
322: }
323: }
324:
325: debug_return;
326: }
327:
328: /*
329: * Suspend sudo if the underlying command is suspended.
330: * Returns SIGCONT_FG if the command should be resumed in the
331: * foreground or SIGCONT_BG if it is a background process.
332: */
333: int
334: suspend_parent(int signo)
335: {
336: char signame[SIG2STR_MAX];
337: sigaction_t sa, osa;
338: int n, rval = 0;
339: debug_decl(suspend_parent, SUDO_DEBUG_EXEC);
340:
341: switch (signo) {
342: case SIGTTOU:
343: case SIGTTIN:
344: /*
345: * If sudo is already the foreground process, just resume the command
346: * in the foreground. If not, we'll suspend sudo and resume later.
347: */
348: if (!foreground)
349: check_foreground();
350: if (foreground) {
351: if (ttymode != TERM_RAW) {
352: do {
353: n = term_raw(io_fds[SFD_USERTTY], 0);
354: } while (!n && errno == EINTR);
355: ttymode = TERM_RAW;
356: }
357: rval = SIGCONT_FG; /* resume command in foreground */
358: break;
359: }
360: /* FALLTHROUGH */
361: case SIGSTOP:
362: case SIGTSTP:
363: /* Flush any remaining output and deschedule I/O events. */
364: del_io_events();
365:
366: /* Restore original tty mode before suspending. */
367: if (ttymode != TERM_COOKED)
368: term_restore(io_fds[SFD_USERTTY], 0);
369:
370: if (sig2str(signo, signame) == -1)
371: snprintf(signame, sizeof(signame), "%d", signo);
372:
373: /* Suspend self and continue command when we resume. */
374: if (signo != SIGSTOP) {
375: memset(&sa, 0, sizeof(sa));
376: sigemptyset(&sa.sa_mask);
377: sa.sa_flags = SA_RESTART;
378: sa.sa_handler = SIG_DFL;
379: sudo_sigaction(signo, &sa, &osa);
380: }
381: sudo_debug_printf(SUDO_DEBUG_INFO, "kill parent SIG%s", signame);
382: if (killpg(ppgrp, signo) != 0)
383: warning("killpg(%d, SIG%s)", (int)ppgrp, signame);
384:
385: /* Check foreground/background status on resume. */
386: check_foreground();
387:
388: /*
389: * We always resume the command in the foreground if sudo itself
390: * is the foreground process. This helps work around poorly behaved
391: * programs that catch SIGTTOU/SIGTTIN but suspend themselves with
392: * SIGSTOP. At worst, sudo will go into the background but upon
393: * resume the command will be runnable. Otherwise, we can get into
394: * a situation where the command will immediately suspend itself.
395: */
396: sudo_debug_printf(SUDO_DEBUG_INFO, "parent is in %s, ttymode %d -> %d",
397: foreground ? "foreground" : "background", ttymode,
398: foreground ? TERM_RAW : TERM_COOKED);
399:
400: if (foreground) {
401: /* Foreground process, set tty to raw mode. */
402: do {
403: n = term_raw(io_fds[SFD_USERTTY], 0);
404: } while (!n && errno == EINTR);
405: ttymode = TERM_RAW;
406: } else {
407: /* Background process, no access to tty. */
408: ttymode = TERM_COOKED;
409: }
410:
411: if (signo != SIGSTOP)
412: sudo_sigaction(signo, &osa, NULL);
413: rval = ttymode == TERM_RAW ? SIGCONT_FG : SIGCONT_BG;
414: break;
415: }
416:
417: debug_return_int(rval);
418: }
419:
420: /*
421: * Kill command with increasing urgency.
422: */
423: void
424: terminate_command(pid_t pid, bool use_pgrp)
425: {
426: debug_decl(terminate_command, SUDO_DEBUG_EXEC);
427:
428: /*
429: * Note that SIGCHLD will interrupt the sleep()
430: */
431: if (use_pgrp) {
432: sudo_debug_printf(SUDO_DEBUG_INFO, "killpg %d SIGHUP", (int)pid);
433: killpg(pid, SIGHUP);
434: sudo_debug_printf(SUDO_DEBUG_INFO, "killpg %d SIGTERM", (int)pid);
435: killpg(pid, SIGTERM);
436: sleep(2);
437: sudo_debug_printf(SUDO_DEBUG_INFO, "killpg %d SIGKILL", (int)pid);
438: killpg(pid, SIGKILL);
439: } else {
440: sudo_debug_printf(SUDO_DEBUG_INFO, "kill %d SIGHUP", (int)pid);
441: kill(pid, SIGHUP);
442: sudo_debug_printf(SUDO_DEBUG_INFO, "kill %d SIGTERM", (int)pid);
443: kill(pid, SIGTERM);
444: sleep(2);
445: sudo_debug_printf(SUDO_DEBUG_INFO, "kill %d SIGKILL", (int)pid);
446: kill(pid, SIGKILL);
447: }
448:
449: debug_return;
450: }
451:
452: /*
453: * Read/write an iobuf that is ready.
454: */
455: static void
456: io_callback(int fd, int what, void *v)
457: {
458: struct io_buffer *iob = v;
459: struct sudo_event_base *evbase;
460: int n;
461: debug_decl(io_callback, SUDO_DEBUG_EXEC);
462:
463: if (ISSET(what, SUDO_EV_READ)) {
464: evbase = sudo_ev_get_base(iob->revent);
465: do {
466: n = read(fd, iob->buf + iob->len, sizeof(iob->buf) - iob->len);
467: } while (n == -1 && errno == EINTR);
468: switch (n) {
469: case -1:
470: if (errno == EAGAIN)
471: break;
472: /* treat read error as fatal and close the fd */
473: sudo_debug_printf(SUDO_DEBUG_ERROR,
474: "error reading fd %d: %s", fd, strerror(errno));
475: /* FALLTHROUGH */
476: case 0:
477: /* got EOF or pty has gone away */
478: if (n == 0) {
479: sudo_debug_printf(SUDO_DEBUG_INFO,
480: "read EOF from fd %d", fd);
481: }
482: safe_close(fd);
483: ev_free_by_fd(evbase, fd);
484: /* If writer already consumed the buffer, close it too. */
485: if (iob->wevent != NULL && iob->off == iob->len) {
486: safe_close(sudo_ev_get_fd(iob->wevent));
487: ev_free_by_fd(evbase, sudo_ev_get_fd(iob->wevent));
488: iob->off = iob->len = 0;
489: }
490: break;
491: default:
492: sudo_debug_printf(SUDO_DEBUG_INFO,
493: "read %d bytes from fd %d", n, fd);
494: if (!iob->action(iob->buf + iob->len, n))
495: terminate_command(cmnd_pid, true);
496: iob->len += n;
497: /* Enable writer if not /dev/tty or we are foreground pgrp. */
498: if (iob->wevent != NULL &&
499: (foreground || !USERTTY_EVENT(iob->wevent))) {
500: if (sudo_ev_add(evbase, iob->wevent, NULL, false) == -1)
501: fatal(U_("unable to add event to queue"));
502: }
503: /* Re-enable reader if buffer is not full. */
504: if (iob->len != sizeof(iob->buf)) {
505: if (sudo_ev_add(evbase, iob->revent, NULL, false) == -1)
506: fatal(U_("unable to add event to queue"));
507: }
508: break;
509: }
510: }
511: if (ISSET(what, SUDO_EV_WRITE)) {
512: evbase = sudo_ev_get_base(iob->wevent);
513: do {
514: n = write(fd, iob->buf + iob->off, iob->len - iob->off);
515: } while (n == -1 && errno == EINTR);
516: if (n == -1) {
517: switch (errno) {
518: case EPIPE:
519: case ENXIO:
520: case EIO:
521: case EBADF:
522: /* other end of pipe closed or pty revoked */
523: sudo_debug_printf(SUDO_DEBUG_INFO,
524: "unable to write %d bytes to fd %d",
525: iob->len - iob->off, fd);
526: if (iob->revent != NULL) {
527: safe_close(sudo_ev_get_fd(iob->revent));
528: ev_free_by_fd(evbase, sudo_ev_get_fd(iob->revent));
529: }
530: safe_close(fd);
531: ev_free_by_fd(evbase, fd);
532: break;
533: case EAGAIN:
534: /* not an error */
535: break;
536: default:
537: #if 0 /* XXX -- how to set cstat? stash in iobufs instead? */
538: if (cstat != NULL) {
539: cstat->type = CMD_ERRNO;
540: cstat->val = errno;
541: }
542: #endif /* XXX */
543: sudo_debug_printf(SUDO_DEBUG_ERROR,
544: "error writing fd %d: %s", fd, strerror(errno));
545: sudo_ev_loopbreak(evbase);
546: break;
547: }
548: } else {
549: sudo_debug_printf(SUDO_DEBUG_INFO,
550: "wrote %d bytes to fd %d", n, fd);
551: iob->off += n;
552: /* Reset buffer if fully consumed. */
553: if (iob->off == iob->len) {
554: iob->off = iob->len = 0;
555: /* Forward the EOF from reader to writer. */
556: if (iob->revent == NULL) {
557: safe_close(fd);
558: ev_free_by_fd(evbase, fd);
559: }
560: }
561: /* Re-enable writer if buffer is not empty. */
562: if (iob->len > iob->off) {
563: if (sudo_ev_add(evbase, iob->wevent, NULL, false) == -1)
564: fatal(U_("unable to add event to queue"));
565: }
566: /* Enable reader if buffer is not full. */
567: if (iob->revent != NULL &&
568: (ttymode == TERM_RAW || !USERTTY_EVENT(iob->revent))) {
569: if (iob->len != sizeof(iob->buf)) {
570: if (sudo_ev_add(evbase, iob->revent, NULL, false) == -1)
571: fatal(U_("unable to add event to queue"));
572: }
573: }
574: }
575: }
576: }
577:
578: static void
579: io_buf_new(int rfd, int wfd, bool (*action)(const char *, unsigned int),
580: struct io_buffer_list *head)
581: {
582: int n;
583: struct io_buffer *iob;
584: debug_decl(io_buf_new, SUDO_DEBUG_EXEC);
585:
586: /* Set non-blocking mode. */
587: n = fcntl(rfd, F_GETFL, 0);
588: if (n != -1 && !ISSET(n, O_NONBLOCK))
589: (void) fcntl(rfd, F_SETFL, n | O_NONBLOCK);
590: n = fcntl(wfd, F_GETFL, 0);
591: if (n != -1 && !ISSET(n, O_NONBLOCK))
592: (void) fcntl(wfd, F_SETFL, n | O_NONBLOCK);
593:
594: /* Allocate and add to head of list. */
595: iob = emalloc(sizeof(*iob));
596: iob->revent = sudo_ev_alloc(rfd, SUDO_EV_READ, io_callback, iob);
597: iob->wevent = sudo_ev_alloc(wfd, SUDO_EV_WRITE, io_callback, iob);
598: iob->len = 0;
599: iob->off = 0;
600: iob->action = action;
601: iob->buf[0] = '\0';
602: if (iob->revent == NULL || iob->wevent == NULL)
603: fatal(NULL);
604: SLIST_INSERT_HEAD(head, iob, entries);
605:
606: debug_return;
607: }
608:
609: /*
610: * Fork a monitor process which runs the actual command as its own child
611: * process with std{in,out,err} hooked up to the pty or pipes as appropriate.
612: * Returns the child pid.
613: */
614: int
615: fork_pty(struct command_details *details, int sv[], sigset_t *omask)
616: {
617: struct command_status cstat;
618: int io_pipe[3][2], n;
619: sigaction_t sa;
620: sigset_t mask;
621: pid_t child;
622: debug_decl(fork_pty, SUDO_DEBUG_EXEC);
623:
624: ppgrp = getpgrp(); /* parent's pgrp, so child can signal us */
625:
626: memset(&sa, 0, sizeof(sa));
627: sigemptyset(&sa.sa_mask);
628:
629: if (io_fds[SFD_USERTTY] != -1) {
630: sa.sa_flags = SA_RESTART;
631: sa.sa_handler = sigwinch;
632: sudo_sigaction(SIGWINCH, &sa, NULL);
633: }
634:
635: /* So we can block tty-generated signals */
636: sigemptyset(&ttyblock);
637: sigaddset(&ttyblock, SIGINT);
638: sigaddset(&ttyblock, SIGQUIT);
639: sigaddset(&ttyblock, SIGTSTP);
640: sigaddset(&ttyblock, SIGTTIN);
641: sigaddset(&ttyblock, SIGTTOU);
642:
643: /*
644: * Setup stdin/stdout/stderr for child, to be duped after forking.
645: * In background mode there is no stdin.
646: */
647: if (!ISSET(details->flags, CD_BACKGROUND))
648: io_fds[SFD_STDIN] = io_fds[SFD_SLAVE];
649: io_fds[SFD_STDOUT] = io_fds[SFD_SLAVE];
650: io_fds[SFD_STDERR] = io_fds[SFD_SLAVE];
651:
652: if (io_fds[SFD_USERTTY] != -1) {
653: /* Read from /dev/tty, write to pty master */
654: if (!ISSET(details->flags, CD_BACKGROUND)) {
655: io_buf_new(io_fds[SFD_USERTTY], io_fds[SFD_MASTER],
656: log_ttyin, &iobufs);
657: }
658:
659: /* Read from pty master, write to /dev/tty */
660: io_buf_new(io_fds[SFD_MASTER], io_fds[SFD_USERTTY],
661: log_ttyout, &iobufs);
662:
663: /* Are we the foreground process? */
664: foreground = tcgetpgrp(io_fds[SFD_USERTTY]) == ppgrp;
665: }
666:
667: /*
668: * If either stdin, stdout or stderr is not a tty we use a pipe
669: * to interpose ourselves instead of duping the pty fd.
670: */
671: memset(io_pipe, 0, sizeof(io_pipe));
672: if (io_fds[SFD_STDIN] == -1 || !isatty(STDIN_FILENO)) {
673: sudo_debug_printf(SUDO_DEBUG_INFO, "stdin not a tty, creating a pipe");
674: pipeline = true;
675: if (pipe(io_pipe[STDIN_FILENO]) != 0)
676: fatal(U_("unable to create pipe"));
677: io_buf_new(STDIN_FILENO, io_pipe[STDIN_FILENO][1],
678: log_stdin, &iobufs);
679: io_fds[SFD_STDIN] = io_pipe[STDIN_FILENO][0];
680: }
681: if (io_fds[SFD_STDOUT] == -1 || !isatty(STDOUT_FILENO)) {
682: sudo_debug_printf(SUDO_DEBUG_INFO, "stdout not a tty, creating a pipe");
683: pipeline = true;
684: if (pipe(io_pipe[STDOUT_FILENO]) != 0)
685: fatal(U_("unable to create pipe"));
686: io_buf_new(io_pipe[STDOUT_FILENO][0], STDOUT_FILENO,
687: log_stdout, &iobufs);
688: io_fds[SFD_STDOUT] = io_pipe[STDOUT_FILENO][1];
689: }
690: if (io_fds[SFD_STDERR] == -1 || !isatty(STDERR_FILENO)) {
691: sudo_debug_printf(SUDO_DEBUG_INFO, "stderr not a tty, creating a pipe");
692: if (pipe(io_pipe[STDERR_FILENO]) != 0)
693: fatal(U_("unable to create pipe"));
694: io_buf_new(io_pipe[STDERR_FILENO][0], STDERR_FILENO,
695: log_stderr, &iobufs);
696: io_fds[SFD_STDERR] = io_pipe[STDERR_FILENO][1];
697: }
698:
699: /* We don't want to receive SIGTTIN/SIGTTOU, getting EIO is preferable. */
700: sa.sa_handler = SIG_IGN;
701: sudo_sigaction(SIGTTIN, &sa, NULL);
702: sudo_sigaction(SIGTTOU, &sa, NULL);
703:
704: /* Job control signals to relay from parent to child. */
705: sigfillset(&sa.sa_mask);
706: sa.sa_flags = SA_INTERRUPT; /* do not restart syscalls */
707: #ifdef SA_SIGINFO
708: sa.sa_flags |= SA_SIGINFO;
709: sa.sa_sigaction = handler;
710: #else
711: sa.sa_handler = handler;
712: #endif
713: sudo_sigaction(SIGTSTP, &sa, NULL);
714:
715: if (foreground) {
716: /* Copy terminal attrs from user tty -> pty slave. */
717: if (term_copy(io_fds[SFD_USERTTY], io_fds[SFD_SLAVE])) {
718: tty_initialized = true;
719: sync_ttysize(io_fds[SFD_USERTTY], io_fds[SFD_SLAVE]);
720: }
721:
722: /* Start out in raw mode unless part of a pipeline or backgrounded. */
723: if (!pipeline && !ISSET(details->flags, CD_EXEC_BG)) {
724: ttymode = TERM_RAW;
725: do {
726: n = term_raw(io_fds[SFD_USERTTY], 0);
727: } while (!n && errno == EINTR);
728: if (!n)
729: fatal(U_("unable to set terminal to raw mode"));
730: }
731: }
732:
733: /*
734: * The policy plugin's session init must be run before we fork
735: * or certain pam modules won't be able to track their state.
736: */
737: if (policy_init_session(details) != true)
738: fatalx(U_("policy plugin failed session initialization"));
739:
740: /*
741: * Block some signals until cmnd_pid is set in the parent to avoid a
742: * race between exec of the command and receipt of a fatal signal from it.
743: */
744: sigemptyset(&mask);
745: sigaddset(&mask, SIGTERM);
746: sigaddset(&mask, SIGHUP);
747: sigaddset(&mask, SIGINT);
748: sigaddset(&mask, SIGQUIT);
749: sigprocmask(SIG_BLOCK, &mask, omask);
750:
751: child = sudo_debug_fork();
752: switch (child) {
753: case -1:
754: fatal(U_("unable to fork"));
755: break;
756: case 0:
757: /* child */
758: close(sv[0]);
759: close(signal_pipe[0]);
760: close(signal_pipe[1]);
761: fcntl(sv[1], F_SETFD, FD_CLOEXEC);
762: sigprocmask(SIG_SETMASK, omask, NULL);
763: /* Close the other end of the stdin/stdout/stderr pipes and exec. */
764: if (io_pipe[STDIN_FILENO][1])
765: close(io_pipe[STDIN_FILENO][1]);
766: if (io_pipe[STDOUT_FILENO][0])
767: close(io_pipe[STDOUT_FILENO][0]);
768: if (io_pipe[STDERR_FILENO][0])
769: close(io_pipe[STDERR_FILENO][0]);
770: exec_monitor(details, sv[1]);
771: cstat.type = CMD_ERRNO;
772: cstat.val = errno;
773: ignore_result(send(sv[1], &cstat, sizeof(cstat), 0));
774: _exit(1);
775: }
776:
777: /* Close the other end of the stdin/stdout/stderr pipes. */
778: if (io_pipe[STDIN_FILENO][0])
779: close(io_pipe[STDIN_FILENO][0]);
780: if (io_pipe[STDOUT_FILENO][1])
781: close(io_pipe[STDOUT_FILENO][1]);
782: if (io_pipe[STDERR_FILENO][1])
783: close(io_pipe[STDERR_FILENO][1]);
784:
785: debug_return_int(child);
786: }
787:
788: void
789: pty_close(struct command_status *cstat)
790: {
791: struct io_buffer *iob;
792: int n;
793: debug_decl(pty_close, SUDO_DEBUG_EXEC);
794:
795: /* Flush any remaining output (the plugin already got it) */
796: if (io_fds[SFD_USERTTY] != -1) {
797: n = fcntl(io_fds[SFD_USERTTY], F_GETFL, 0);
798: if (n != -1 && ISSET(n, O_NONBLOCK)) {
799: CLR(n, O_NONBLOCK);
800: (void) fcntl(io_fds[SFD_USERTTY], F_SETFL, n);
801: }
802: }
803: del_io_events();
804:
805: /* Free I/O buffers. */
806: while ((iob = SLIST_FIRST(&iobufs)) != NULL) {
807: SLIST_REMOVE_HEAD(&iobufs, entries);
808: efree(iob);
809: }
810:
811: /* Restore terminal settings. */
812: if (io_fds[SFD_USERTTY] != -1)
813: term_restore(io_fds[SFD_USERTTY], 0);
814:
815: /* If child was signalled, write the reason to stdout like the shell. */
816: if (cstat->type == CMD_WSTATUS && WIFSIGNALED(cstat->val)) {
817: int signo = WTERMSIG(cstat->val);
818: if (signo && signo != SIGINT && signo != SIGPIPE) {
819: const char *reason = strsignal(signo);
820: n = io_fds[SFD_USERTTY] != -1 ?
821: io_fds[SFD_USERTTY] : STDOUT_FILENO;
822: if (write(n, reason, strlen(reason)) != -1) {
823: if (WCOREDUMP(cstat->val)) {
824: ignore_result(write(n, " (core dumped)", 14));
825: }
826: ignore_result(write(n, "\n", 1));
827: }
828: }
829: }
830: utmp_logout(slavename, cstat->type == CMD_WSTATUS ? cstat->val : 0); /* XXX - only if CD_SET_UTMP */
831: debug_return;
832: }
833:
834: /*
835: * Schedule I/O events before starting the main event loop or
836: * resuming from suspend.
837: */
838: void
839: add_io_events(struct sudo_event_base *evbase)
840: {
841: struct io_buffer *iob;
842: debug_decl(add_io_events, SUDO_DEBUG_EXEC);
843:
844: /*
845: * Schedule all readers as long as the buffer is not full.
846: * Schedule writers that contain buffered data.
847: * Normally, write buffers are added on demand when data is read.
848: */
849: SLIST_FOREACH(iob, &iobufs, entries) {
850: /* Don't read/write from /dev/tty if we are not in the foreground. */
851: if (iob->revent != NULL &&
852: (ttymode == TERM_RAW || !USERTTY_EVENT(iob->revent))) {
853: if (iob->len != sizeof(iob->buf)) {
854: sudo_debug_printf(SUDO_DEBUG_INFO,
855: "added I/O revent %p, fd %d, events %d",
856: iob->revent, iob->revent->fd, iob->revent->events);
857: if (sudo_ev_add(evbase, iob->revent, NULL, false) == -1)
858: fatal(U_("unable to add event to queue"));
859: }
860: }
861: if (iob->wevent != NULL &&
862: (foreground || !USERTTY_EVENT(iob->wevent))) {
863: if (iob->len > iob->off) {
864: sudo_debug_printf(SUDO_DEBUG_INFO,
865: "added I/O wevent %p, fd %d, events %d",
866: iob->wevent, iob->wevent->fd, iob->wevent->events);
867: if (sudo_ev_add(evbase, iob->wevent, NULL, false) == -1)
868: fatal(U_("unable to add event to queue"));
869: }
870: }
871: }
872: debug_return;
873: }
874:
875: /*
876: * Flush any output buffered in iobufs or readable from fds other
877: * than /dev/tty. Removes I/O events from the event base when done.
878: */
879: static void
880: del_io_events(void)
881: {
882: struct io_buffer *iob;
883: struct sudo_event_base *evbase;
884: debug_decl(del_io_events, SUDO_DEBUG_EXEC);
885:
886: /* Remove iobufs from existing event base. */
887: SLIST_FOREACH(iob, &iobufs, entries) {
888: if (iob->revent != NULL) {
889: sudo_debug_printf(SUDO_DEBUG_INFO,
890: "deleted I/O revent %p, fd %d, events %d",
891: iob->revent, iob->revent->fd, iob->revent->events);
892: sudo_ev_del(NULL, iob->revent);
893: }
894: if (iob->wevent != NULL) {
895: sudo_debug_printf(SUDO_DEBUG_INFO,
896: "deleted I/O wevent %p, fd %d, events %d",
897: iob->wevent, iob->wevent->fd, iob->wevent->events);
898: sudo_ev_del(NULL, iob->wevent);
899: }
900: }
901:
902: /* Create temporary event base for flushing. */
903: evbase = sudo_ev_base_alloc();
904: if (evbase == NULL)
905: fatal(NULL);
906:
907: /* Avoid reading from /dev/tty, just flush existing data. */
908: SLIST_FOREACH(iob, &iobufs, entries) {
909: /* Don't read from /dev/tty while flushing. */
910: if (iob->revent != NULL && !USERTTY_EVENT(iob->revent)) {
911: if (iob->len != sizeof(iob->buf)) {
912: if (sudo_ev_add(evbase, iob->revent, NULL, false) == -1)
913: fatal(U_("unable to add event to queue"));
914: }
915: }
916: /* Flush any write buffers with data in them. */
917: if (iob->wevent != NULL) {
918: if (iob->len > iob->off) {
919: if (sudo_ev_add(evbase, iob->wevent, NULL, false) == -1)
920: fatal(U_("unable to add event to queue"));
921: }
922: }
923: }
924:
925: (void) sudo_ev_loop(evbase, SUDO_EVLOOP_NONBLOCK);
926:
927: /* Free temporary event base, removing its events. */
928: sudo_ev_base_free(evbase);
929:
930: debug_return;
931: }
932:
933: static void
934: deliver_signal(pid_t pid, int signo, bool from_parent)
935: {
936: char signame[SIG2STR_MAX];
937: int status;
938: debug_decl(deliver_signal, SUDO_DEBUG_EXEC);
939:
940: if (signo == SIGCONT_FG)
941: strlcpy(signame, "CONT_FG", sizeof(signame));
942: else if (signo == SIGCONT_BG)
943: strlcpy(signame, "CONT_BG", sizeof(signame));
944: else if (sig2str(signo, signame) == -1)
945: snprintf(signame, sizeof(signame), "%d", signo);
946:
947: /* Handle signal from parent. */
948: sudo_debug_printf(SUDO_DEBUG_INFO, "received SIG%s%s",
949: signame, from_parent ? " from parent" : "");
950: switch (signo) {
951: case SIGALRM:
952: terminate_command(pid, true);
953: break;
954: case SIGCONT_FG:
955: /* Continue in foreground, grant it controlling tty. */
956: do {
957: status = tcsetpgrp(io_fds[SFD_SLAVE], cmnd_pgrp);
958: } while (status == -1 && errno == EINTR);
959: killpg(pid, SIGCONT);
960: break;
961: case SIGCONT_BG:
962: /* Continue in background, I take controlling tty. */
963: do {
964: status = tcsetpgrp(io_fds[SFD_SLAVE], mon_pgrp);
965: } while (status == -1 && errno == EINTR);
966: killpg(pid, SIGCONT);
967: break;
968: case SIGKILL:
969: _exit(1); /* XXX */
970: /* NOTREACHED */
971: default:
972: /* Relay signal to command. */
973: killpg(pid, signo);
974: break;
975: }
976: debug_return;
977: }
978:
979: /*
980: * Send status to parent over socketpair.
981: * Return value is the same as send(2).
982: */
983: static int
984: send_status(int fd, struct command_status *cstat)
985: {
986: int n = -1;
987: debug_decl(send_status, SUDO_DEBUG_EXEC);
988:
989: if (cstat->type != CMD_INVALID) {
990: sudo_debug_printf(SUDO_DEBUG_INFO,
991: "sending status message to parent: [%d, %d]",
992: cstat->type, cstat->val);
993: do {
994: n = send(fd, cstat, sizeof(*cstat), 0);
995: } while (n == -1 && errno == EINTR);
996: if (n != sizeof(*cstat)) {
997: sudo_debug_printf(SUDO_DEBUG_ERROR,
998: "unable to send status to parent: %s", strerror(errno));
999: }
1000: cstat->type = CMD_INVALID; /* prevent re-sending */
1001: }
1002: debug_return_int(n);
1003: }
1004:
1005: /*
1006: * Wait for command status after receiving SIGCHLD.
1007: * If the command was stopped, the status is send back to the parent.
1008: * Otherwise, cstat is filled in but not sent.
1009: * Returns true if command is still alive, else false.
1010: */
1011: static bool
1012: handle_sigchld(int backchannel, struct command_status *cstat)
1013: {
1014: bool alive = true;
1015: int status;
1016: pid_t pid;
1017: debug_decl(handle_sigchld, SUDO_DEBUG_EXEC);
1018:
1019: /* read command status */
1020: do {
1021: pid = waitpid(cmnd_pid, &status, WUNTRACED|WNOHANG);
1022: } while (pid == -1 && errno == EINTR);
1023: if (pid == cmnd_pid) {
1024: if (cstat->type != CMD_ERRNO) {
1025: char signame[SIG2STR_MAX];
1026:
1027: cstat->type = CMD_WSTATUS;
1028: cstat->val = status;
1029: if (WIFSTOPPED(status)) {
1030: if (sig2str(WSTOPSIG(status), signame) == -1)
1031: snprintf(signame, sizeof(signame), "%d", WSTOPSIG(status));
1032: sudo_debug_printf(SUDO_DEBUG_INFO,
1033: "command stopped, SIG%s", signame);
1034: /* Saved the foreground pgid so we can restore it later. */
1035: do {
1036: pid = tcgetpgrp(io_fds[SFD_SLAVE]);
1037: } while (pid == -1 && errno == EINTR);
1038: if (pid != mon_pgrp)
1039: cmnd_pgrp = pid;
1040: if (send_status(backchannel, cstat) == -1)
1041: return alive; /* XXX */
1042: } else if (WIFSIGNALED(status)) {
1043: if (sig2str(WTERMSIG(status), signame) == -1)
1044: snprintf(signame, sizeof(signame), "%d", WTERMSIG(status));
1045: sudo_debug_printf(SUDO_DEBUG_INFO,
1046: "command killed, SIG%s", signame);
1047: } else {
1048: sudo_debug_printf(SUDO_DEBUG_INFO, "command exited: %d",
1049: WEXITSTATUS(status));
1050: }
1051: }
1052: if (!WIFSTOPPED(status))
1053: alive = false;
1054: }
1055: debug_return_bool(alive);
1056: }
1057:
1058: struct monitor_closure {
1059: struct sudo_event_base *evbase;
1060: struct sudo_event *errpipe_event;
1061: struct sudo_event *backchannel_event;
1062: struct sudo_event *signal_pipe_event;
1063: struct command_status *cstat;
1064: int backchannel;
1065: bool alive;
1066: };
1067:
1068: static void
1069: mon_signal_pipe_cb(int fd, int what, void *v)
1070: {
1071: struct monitor_closure *mc = v;
1072: unsigned char signo;
1073: ssize_t n;
1074: debug_decl(mon_signal_pipe_cb, SUDO_DEBUG_EXEC);
1075:
1076: n = read(fd, &signo, sizeof(signo));
1077: if (n == -1) {
1078: if (errno != EINTR && errno != EAGAIN) {
1079: warning(U_("error reading from signal pipe"));
1080: sudo_ev_loopbreak(mc->evbase);
1081: }
1082: } else {
1083: /*
1084: * Handle SIGCHLD specially and deliver other signals
1085: * directly to the command.
1086: */
1087: if (signo == SIGCHLD) {
1088: mc->alive = handle_sigchld(mc->backchannel, mc->cstat);
1089: if (!mc->alive) {
1090: /* Remove all but the errpipe event. */
1091: sudo_ev_del(mc->evbase, mc->backchannel_event);
1092: sudo_ev_del(mc->evbase, mc->signal_pipe_event);
1093: }
1094: } else {
1095: deliver_signal(cmnd_pid, signo, false);
1096: }
1097: }
1098: debug_return;
1099: }
1100:
1101: static void
1102: mon_errpipe_cb(int fd, int what, void *v)
1103: {
1104: struct monitor_closure *mc = v;
1105: ssize_t n;
1106: debug_decl(mon_errpipe_cb, SUDO_DEBUG_EXEC);
1107:
1108: /* read errno or EOF from command pipe */
1109: n = read(fd, mc->cstat, sizeof(struct command_status));
1110: if (n == -1) {
1111: if (errno != EINTR && errno != EAGAIN) {
1112: warning(U_("error reading from pipe"));
1113: sudo_ev_loopbreak(mc->evbase);
1114: }
1115: } else {
1116: /* Got errno or EOF, either way we are done with errpipe. */
1117: sudo_ev_del(mc->evbase, mc->errpipe_event);
1118: close(fd);
1119: }
1120: debug_return;
1121: }
1122:
1123: static void
1124: mon_backchannel_cb(int fd, int what, void *v)
1125: {
1126: struct monitor_closure *mc = v;
1127: struct command_status cstmp;
1128: ssize_t n;
1129: debug_decl(mon_backchannel_cb, SUDO_DEBUG_EXEC);
1130:
1131: /* read command from backchannel, should be a signal */
1132: n = recv(fd, &cstmp, sizeof(cstmp), MSG_WAITALL);
1133: if (n != sizeof(cstmp)) {
1134: if (n == -1) {
1135: if (errno == EINTR || errno == EAGAIN)
1136: debug_return;
1137: warning(U_("error reading from socketpair"));
1138: } else {
1139: /* short read or EOF, parent process died? */
1140: }
1141: sudo_ev_loopbreak(mc->evbase);
1142: } else {
1143: if (cstmp.type == CMD_SIGNO) {
1144: deliver_signal(cmnd_pid, cstmp.val, true);
1145: } else {
1146: warningx(U_("unexpected reply type on backchannel: %d"), cstmp.type);
1147: }
1148: }
1149: debug_return;
1150: }
1151:
1152: /*
1153: * Monitor process that creates a new session with the controlling tty,
1154: * resets signal handlers and forks a child to call exec_pty().
1155: * Waits for status changes from the command and relays them to the
1156: * parent and relays signals from the parent to the command.
1157: * Returns an error if fork(2) fails, else calls _exit(2).
1158: */
1159: static int
1160: exec_monitor(struct command_details *details, int backchannel)
1161: {
1162: struct command_status cstat;
1163: struct sudo_event_base *evbase;
1164: struct monitor_closure mc;
1165: sigaction_t sa;
1166: int errpipe[2], n;
1167: debug_decl(exec_monitor, SUDO_DEBUG_EXEC);
1168:
1169: /* Close unused fds. */
1170: if (io_fds[SFD_MASTER] != -1)
1171: close(io_fds[SFD_MASTER]);
1172: if (io_fds[SFD_USERTTY] != -1)
1173: close(io_fds[SFD_USERTTY]);
1174:
1175: /*
1176: * We use a pipe to atomically handle signal notification within
1177: * the event loop.
1178: */
1179: if (pipe_nonblock(signal_pipe) != 0)
1180: fatal(U_("unable to create pipe"));
1181:
1182: /* Reset SIGWINCH and SIGALRM. */
1183: memset(&sa, 0, sizeof(sa));
1184: sigemptyset(&sa.sa_mask);
1185: sa.sa_flags = SA_RESTART;
1186: sa.sa_handler = SIG_DFL;
1187: sudo_sigaction(SIGWINCH, &sa, NULL);
1188: sudo_sigaction(SIGALRM, &sa, NULL);
1189:
1190: /* Ignore any SIGTTIN or SIGTTOU we get. */
1191: sa.sa_handler = SIG_IGN;
1192: sudo_sigaction(SIGTTIN, &sa, NULL);
1193: sudo_sigaction(SIGTTOU, &sa, NULL);
1194:
1195: /* Block all signals in mon_handler(). */
1196: sigfillset(&sa.sa_mask);
1197:
1198: /* Note: HP-UX poll() will not be interrupted if SA_RESTART is set. */
1199: sa.sa_flags = SA_INTERRUPT;
1200: #ifdef SA_SIGINFO
1201: sa.sa_flags |= SA_SIGINFO;
1202: sa.sa_sigaction = mon_handler;
1203: #else
1204: sa.sa_handler = mon_handler;
1205: #endif
1206: sudo_sigaction(SIGCHLD, &sa, NULL);
1207:
1208: /* Catch common signals so we can cleanup properly. */
1209: sa.sa_flags = SA_RESTART;
1210: #ifdef SA_SIGINFO
1211: sa.sa_flags |= SA_SIGINFO;
1212: sa.sa_sigaction = mon_handler;
1213: #else
1214: sa.sa_handler = mon_handler;
1215: #endif
1216: sudo_sigaction(SIGHUP, &sa, NULL);
1217: sudo_sigaction(SIGINT, &sa, NULL);
1218: sudo_sigaction(SIGQUIT, &sa, NULL);
1219: sudo_sigaction(SIGTERM, &sa, NULL);
1220: sudo_sigaction(SIGTSTP, &sa, NULL);
1221: sudo_sigaction(SIGUSR1, &sa, NULL);
1222: sudo_sigaction(SIGUSR2, &sa, NULL);
1223:
1224: /*
1225: * Start a new session with the parent as the session leader
1226: * and the slave pty as the controlling terminal.
1227: * This allows us to be notified when the command has been suspended.
1228: */
1229: if (setsid() == -1) {
1230: warning("setsid");
1231: goto bad;
1232: }
1233: if (io_fds[SFD_SLAVE] != -1) {
1234: #ifdef TIOCSCTTY
1235: if (ioctl(io_fds[SFD_SLAVE], TIOCSCTTY, NULL) != 0)
1236: fatal(U_("unable to set controlling tty"));
1237: #else
1238: /* Set controlling tty by reopening slave. */
1239: if ((n = open(slavename, O_RDWR)) >= 0)
1240: close(n);
1241: #endif
1242: }
1243:
1244: mon_pgrp = getpgrp(); /* save a copy of our process group */
1245:
1246: /*
1247: * If stdin/stdout is not a tty, start command in the background
1248: * since it might be part of a pipeline that reads from /dev/tty.
1249: * In this case, we rely on the command receiving SIGTTOU or SIGTTIN
1250: * when it needs access to the controlling tty.
1251: */
1252: if (pipeline)
1253: foreground = false;
1254:
1255: /* Start command and wait for it to stop or exit */
1256: if (pipe(errpipe) == -1)
1257: fatal(U_("unable to create pipe"));
1258: cmnd_pid = sudo_debug_fork();
1259: if (cmnd_pid == -1) {
1260: warning(U_("unable to fork"));
1261: goto bad;
1262: }
1263: if (cmnd_pid == 0) {
1264: /* We pass errno back to our parent via pipe on exec failure. */
1265: close(backchannel);
1266: close(signal_pipe[0]);
1267: close(signal_pipe[1]);
1268: close(errpipe[0]);
1269: fcntl(errpipe[1], F_SETFD, FD_CLOEXEC);
1270: restore_signals();
1271:
1272: /* setup tty and exec command */
1273: exec_pty(details, &cstat, errpipe[1]);
1274: ignore_result(write(errpipe[1], &cstat, sizeof(cstat)));
1275: _exit(1);
1276: }
1277: close(errpipe[1]);
1278:
1279: /* Send the command's pid to main sudo process. */
1280: cstat.type = CMD_PID;
1281: cstat.val = cmnd_pid;
1282: ignore_result(send(backchannel, &cstat, sizeof(cstat), 0));
1283:
1284: /* If any of stdin/stdout/stderr are pipes, close them in parent. */
1285: if (io_fds[SFD_STDIN] != io_fds[SFD_SLAVE])
1286: close(io_fds[SFD_STDIN]);
1287: if (io_fds[SFD_STDOUT] != io_fds[SFD_SLAVE])
1288: close(io_fds[SFD_STDOUT]);
1289: if (io_fds[SFD_STDERR] != io_fds[SFD_SLAVE])
1290: close(io_fds[SFD_STDERR]);
1291:
1292: /* Put command in its own process group. */
1293: cmnd_pgrp = cmnd_pid;
1294: setpgid(cmnd_pid, cmnd_pgrp);
1295:
1296: /* Make the command the foreground process for the pty slave. */
1297: if (foreground && !ISSET(details->flags, CD_EXEC_BG)) {
1298: do {
1299: n = tcsetpgrp(io_fds[SFD_SLAVE], cmnd_pgrp);
1300: } while (n == -1 && errno == EINTR);
1301: }
1302:
1303: /*
1304: * Create new event base and register read events for the
1305: * signal pipe, error pipe, and backchannel.
1306: */
1307: evbase = sudo_ev_base_alloc();
1308: if (evbase == NULL)
1309: fatal(NULL);
1310:
1311: memset(&cstat, 0, sizeof(cstat));
1312: mc.cstat = &cstat;
1313: mc.evbase = evbase;
1314: mc.backchannel = backchannel;
1315: mc.alive = true;
1316:
1317: mc.signal_pipe_event = sudo_ev_alloc(signal_pipe[0],
1318: SUDO_EV_READ|SUDO_EV_PERSIST, mon_signal_pipe_cb, &mc);
1319: if (mc.signal_pipe_event == NULL)
1320: fatal(NULL);
1321: if (sudo_ev_add(evbase, mc.signal_pipe_event, NULL, false) == -1)
1322: fatal(U_("unable to add event to queue"));
1323:
1324: mc.errpipe_event = sudo_ev_alloc(errpipe[0],
1325: SUDO_EV_READ|SUDO_EV_PERSIST, mon_errpipe_cb, &mc);
1326: if (mc.errpipe_event == NULL)
1327: fatal(NULL);
1328: if (sudo_ev_add(evbase, mc.errpipe_event, NULL, false) == -1)
1329: fatal(U_("unable to add event to queue"));
1330:
1331: mc.backchannel_event = sudo_ev_alloc(backchannel,
1332: SUDO_EV_READ|SUDO_EV_PERSIST, mon_backchannel_cb, &mc);
1333: if (mc.backchannel_event == NULL)
1334: fatal(NULL);
1335: if (sudo_ev_add(evbase, mc.backchannel_event, NULL, false) == -1)
1336: fatal(U_("unable to add event to queue"));
1337:
1338: /*
1339: * Wait for errno on pipe, signal on backchannel or for SIGCHLD.
1340: * The event loop ends when the child is no longer running and
1341: * the error pipe is closed.
1342: */
1343: (void) sudo_ev_loop(evbase, 0);
1344: if (mc.alive) {
1345: /* XXX An error occurred, should send a message back. */
1346: sudo_debug_printf(SUDO_DEBUG_ERROR,
1347: "Command still running after event loop exit, sending SIGKILL");
1348: kill(cmnd_pid, SIGKILL);
1349: } else {
1350: /* Send parent status. */
1351: send_status(backchannel, &cstat);
1352: }
1353: sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, 1);
1354: _exit(1);
1355:
1356: bad:
1357: debug_return_int(errno);
1358: }
1359:
1360: /*
1361: * Sets up std{in,out,err} and executes the actual command.
1362: * Returns only if execve() fails.
1363: */
1364: static void
1365: exec_pty(struct command_details *details,
1366: struct command_status *cstat, int errfd)
1367: {
1368: pid_t self = getpid();
1369: debug_decl(exec_pty, SUDO_DEBUG_EXEC);
1370:
1371: /* Register cleanup function */
1372: fatal_callback_register(pty_cleanup);
1373:
1374: /* Set command process group here too to avoid a race. */
1375: setpgid(0, self);
1376:
1377: /* Wire up standard fds, note that stdout/stderr may be pipes. */
1378: if (dup2(io_fds[SFD_STDIN], STDIN_FILENO) == -1 ||
1379: dup2(io_fds[SFD_STDOUT], STDOUT_FILENO) == -1 ||
1380: dup2(io_fds[SFD_STDERR], STDERR_FILENO) == -1)
1381: fatal("dup2");
1382:
1383: /* Wait for parent to grant us the tty if we are foreground. */
1384: if (foreground && !ISSET(details->flags, CD_EXEC_BG)) {
1385: while (tcgetpgrp(io_fds[SFD_SLAVE]) != self)
1386: ; /* spin */
1387: }
1388:
1389: /* We have guaranteed that the slave fd is > 2 */
1390: if (io_fds[SFD_SLAVE] != -1)
1391: close(io_fds[SFD_SLAVE]);
1392: if (io_fds[SFD_STDIN] != io_fds[SFD_SLAVE])
1393: close(io_fds[SFD_STDIN]);
1394: if (io_fds[SFD_STDOUT] != io_fds[SFD_SLAVE])
1395: close(io_fds[SFD_STDOUT]);
1396: if (io_fds[SFD_STDERR] != io_fds[SFD_SLAVE])
1397: close(io_fds[SFD_STDERR]);
1398:
1399: /* Execute command; only returns on error. */
1400: exec_cmnd(details, cstat, errfd);
1401:
1402: debug_return;
1403: }
1404:
1405: /*
1406: * Propagates tty size change signals to pty being used by the command.
1407: */
1408: static void
1409: sync_ttysize(int src, int dst)
1410: {
1411: #ifdef TIOCGWINSZ
1412: struct winsize wsize;
1413: pid_t pgrp;
1414: debug_decl(sync_ttysize, SUDO_DEBUG_EXEC);
1415:
1416: if (ioctl(src, TIOCGWINSZ, &wsize) == 0) {
1417: ioctl(dst, TIOCSWINSZ, &wsize);
1418: if ((pgrp = tcgetpgrp(dst)) != -1)
1419: killpg(pgrp, SIGWINCH);
1420: }
1421:
1422: debug_return;
1423: #endif
1424: }
1425:
1426: /*
1427: * Handler for SIGWINCH in parent.
1428: */
1429: static void
1430: sigwinch(int s)
1431: {
1432: int serrno = errno;
1433:
1434: sync_ttysize(io_fds[SFD_USERTTY], io_fds[SFD_SLAVE]);
1435: errno = serrno;
1436: }
1437:
1438: /*
1439: * Remove and free any events associated with the specified
1440: * file descriptor present in the I/O buffers list.
1441: */
1442: static void
1443: ev_free_by_fd(struct sudo_event_base *evbase, int fd)
1444: {
1445: struct io_buffer *iob;
1446: debug_decl(ev_free_by_fd, SUDO_DEBUG_EXEC);
1447:
1448: /* Deschedule any users of the fd and free up the events. */
1449: SLIST_FOREACH(iob, &iobufs, entries) {
1450: if (iob->revent != NULL) {
1451: if (sudo_ev_get_fd(iob->revent) == fd) {
1452: sudo_debug_printf(SUDO_DEBUG_INFO,
1453: "%s: deleting and freeing revent %p with fd %d",
1454: __func__, iob->revent, fd);
1455: sudo_ev_del(evbase, iob->revent);
1456: sudo_ev_free(iob->revent);
1457: iob->revent = NULL;
1458: }
1459: }
1460: if (iob->wevent != NULL) {
1461: if (sudo_ev_get_fd(iob->wevent) == fd) {
1462: sudo_debug_printf(SUDO_DEBUG_INFO,
1463: "%s: deleting and freeing wevent %p with fd %d",
1464: __func__, iob->wevent, fd);
1465: sudo_ev_del(evbase, iob->wevent);
1466: sudo_ev_free(iob->wevent);
1467: iob->wevent = NULL;
1468: }
1469: }
1470: }
1471: debug_return;
1472: }
1473:
1474: /*
1475: * Only close the fd if it is not /dev/tty or std{in,out,err}.
1476: * Return value is the same as close(2).
1477: */
1478: static int
1479: safe_close(int fd)
1480: {
1481: debug_decl(safe_close, SUDO_DEBUG_EXEC);
1482:
1483: /* Avoid closing /dev/tty or std{in,out,err}. */
1484: if (fd < 3 || fd == io_fds[SFD_USERTTY]) {
1485: sudo_debug_printf(SUDO_DEBUG_INFO,
1486: "%s: not closing fd %d (/dev/tty)", __func__, fd);
1487: errno = EINVAL;
1488: debug_return_int(-1);
1489: }
1490: sudo_debug_printf(SUDO_DEBUG_INFO, "%s: closing fd %d", __func__, fd);
1491: debug_return_int(close(fd));
1492: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>