|
version 1.5.20.1, 2017/10/08 21:57:34
|
version 1.5.20.10, 2021/03/21 01:30:19
|
|
Line 12 terms:
|
Line 12 terms:
|
| All of the documentation and software included in the ELWIX and AITNET |
All of the documentation and software included in the ELWIX and AITNET |
| Releases is copyrighted by ELWIX - Sofia/Bulgaria <info@elwix.org> |
Releases is copyrighted by ELWIX - Sofia/Bulgaria <info@elwix.org> |
| |
|
| Copyright 2004 - 2017 | Copyright 2004 - 2021 |
| by Michael Pounov <misho@elwix.org>. All rights reserved. |
by Michael Pounov <misho@elwix.org>. All rights reserved. |
| |
|
| Redistribution and use in source and binary forms, with or without |
Redistribution and use in source and binary forms, with or without |
|
Line 48 SUCH DAMAGE.
|
Line 48 SUCH DAMAGE.
|
| |
|
| cfg_root_t cfg; |
cfg_root_t cfg; |
| int Verbose, Timeout, kq; |
int Verbose, Timeout, kq; |
| ait_val_t User, Mount, Dev, Chroot; | ait_val_t User, Mount, Chroot; |
| char szSess[MAXPATHLEN], szSLCK[MAXPATHLEN], szConfig[MAXPATHLEN]; |
char szSess[MAXPATHLEN], szSLCK[MAXPATHLEN], szConfig[MAXPATHLEN]; |
| extern char compiled[], compiledby[], compilehost[]; |
extern char compiled[], compiledby[], compilehost[]; |
| |
|
|
Line 61 Usage()
|
Line 61 Usage()
|
| "=== %s === %s@%s ===\n\n" |
"=== %s === %s@%s ===\n\n" |
| " Syntax: cfexec [options] [exec_file]\n\n" |
" Syntax: cfexec [options] [exec_file]\n\n" |
| "\t-v\t\tVerbose ...\n" |
"\t-v\t\tVerbose ...\n" |
| |
"\t-C <config>\tLoad config [default=/etc/cfexec.conf]\n" |
| "\t-c <dir>\tAfter execute chroot to dir [default=/]\n" |
"\t-c <dir>\tAfter execute chroot to dir [default=/]\n" |
| "\t-u <user>\tAfter execute suid to user [default=root]\n" |
"\t-u <user>\tAfter execute suid to user [default=root]\n" |
| "\t-d <dev>\tOther device [default=/dev/ufs/elwix]\n" |
|
| "\t-m <mnt>\tOther mount dir [default=/]\n" |
"\t-m <mnt>\tOther mount dir [default=/]\n" |
| "\t-t <sec>\tTimeout for autolock mount dir after seconds [default=300]\n" |
"\t-t <sec>\tTimeout for autolock mount dir after seconds [default=300]\n" |
| "\t-L <reason>\tService lock and own RW state of device with reason\n" | "\t-L <reason>\tService lock and set RW state of device with reason\n" |
| "\t-U \t\tService unlock and change RO state of device\n" | "\t-U \t\tService unlock and set RO state of device\n" |
| "\n", compiled, compiledby, compilehost); |
"\n", compiled, compiledby, compilehost); |
| } |
} |
| |
|
| |
struct statfs * |
| |
getmntpt(const char *name) |
| |
{ |
| |
struct statfs *mntbuf; |
| |
int i, mntsize; |
| |
|
| |
mntsize = getmntinfo(&mntbuf, MNT_NOWAIT); |
| |
for (i = mntsize - 1; i >= 0; i--) { |
| |
if (!strcmp(mntbuf[i].f_mntfromname, name) || |
| |
!strcmp(mntbuf[i].f_mntonname, name)) |
| |
return &mntbuf[i]; |
| |
} |
| |
|
| |
return NULL; |
| |
} |
| |
|
| static int |
static int |
| update(int flags) |
update(int flags) |
| { |
{ |
| |
struct statfs *mntfs = getmntpt(AIT_GET_STR(&Mount)); |
| |
char errmsg[STRSIZ] = { [0 ... STRSIZ - 1] = 0 }; |
| |
|
| |
#ifdef __NetBSD__ |
| struct ufs_args mnt; |
struct ufs_args mnt; |
| |
|
| memset(&mnt, 0, sizeof mnt); |
memset(&mnt, 0, sizeof mnt); |
| mnt.fspec = AIT_GET_STR(&Dev); | mnt.fspec = mntfs->f_mntfromname; |
| #ifdef __NetBSD__ | if (mount(mntfs->f_fstypename, mntfs->f_mntonname, flags, &mnt, sizeof mnt) == -1) { |
| if (mount("ufs", AIT_GET_STR(&Mount), flags, &mnt, sizeof mnt) == -1) { | |
| #else |
#else |
| if (mount("ufs", AIT_GET_STR(&Mount), flags, &mnt) == -1) { | iovec_t *iov; |
| | int ret; |
| | |
| | iov = iov_Init(); |
| | if (!iov) |
| | return -1; |
| | if (flags & MNT_RDONLY) |
| | iov_PushPair(iov, "ro", "", 0); |
| | else |
| | iov_PushPair(iov, "noro", "", 0); |
| | iov_PushPair(iov, "update", "", 0); |
| | iov_PushPair(iov, "fstype", mntfs->f_fstypename, (size_t) -1); |
| | iov_PushPair(iov, "fspath", mntfs->f_mntonname, (size_t) -1); |
| | iov_PushPair(iov, "from", mntfs->f_mntfromname, (size_t) -1); |
| | iov_PushPair(iov, "errmsg", errmsg, sizeof errmsg); |
| | |
| | ret = nmount(iov_Array(iov), iov_Size(iov), flags); |
| | |
| | iov_FreePairs(iov, 0); |
| | iov_Destroy(&iov); |
| | if (ret == -1) { |
| #endif |
#endif |
| printf("Error:: can`t update mount %s #%d - %s\n", AIT_GET_STR(&Mount), | printf("Error:: can`t update mount %s %s #%d - %s\n", AIT_GET_STR(&Mount), |
| errno, strerror(errno)); | errmsg, errno, strerror(errno)); |
| return -1; |
return -1; |
| } |
} |
| |
|
| VERB(5) printf("Info(5):: safe mount for device %s to %s operation (%s)\n", | VERB(5) printf("Info(5):: safe mount %s for device %s to %s operation (%s)\n", |
| AIT_GET_STR(&Dev), AIT_GET_STR(&Mount), (flags & MNT_RDONLY) ? "ro" : "rw"); | mntfs->f_fstypename, mntfs->f_mntfromname, mntfs->f_mntonname, |
| | (flags & MNT_RDONLY) ? "ro" : "rw"); |
| return 0; |
return 0; |
| } |
} |
| |
|
|
Line 126 mkevent(struct kevent *chg, struct kevent *evt)
|
Line 166 mkevent(struct kevent *chg, struct kevent *evt)
|
| } |
} |
| VERB(3) printf("Created lock file %s\n", szSess); |
VERB(3) printf("Created lock file %s\n", szSess); |
| |
|
| kq = kqueue(); | if (chg && evt) { |
| if (kq == -1) { | kq = kqueue(); |
| printf("Error:: can`t execute safe mount #%d - %s\n", errno, strerror(errno)); | if (kq == -1) { |
| close(f); | printf("Error:: can`t execute safe mount #%d - %s\n", errno, strerror(errno)); |
| unlink(szSess); | close(f); |
| return -1; | unlink(szSess); |
| } else { | return -1; |
| memset(chg, 0, sizeof(struct kevent)); | } else { |
| memset(evt, 0, sizeof(struct kevent)); | memset(chg, 0, sizeof(struct kevent)); |
| | memset(evt, 0, sizeof(struct kevent)); |
| |
|
| EV_SET(chg, f, EVFILT_VNODE, EV_ADD, NOTE_DELETE | NOTE_RENAME | NOTE_REVOKE, | EV_SET(chg, f, EVFILT_VNODE, EV_ADD, NOTE_DELETE | NOTE_RENAME | NOTE_REVOKE, |
| 0, NULL); | 0, NULL); |
| | } |
| } |
} |
| |
|
| return f; |
return f; |
|
Line 147 static void
|
Line 189 static void
|
| cleanexit() |
cleanexit() |
| { |
{ |
| AIT_FREE_VAL(&User); |
AIT_FREE_VAL(&User); |
| AIT_FREE_VAL(&Dev); |
|
| AIT_FREE_VAL(&Mount); |
AIT_FREE_VAL(&Mount); |
| AIT_FREE_VAL(&Chroot); |
AIT_FREE_VAL(&Chroot); |
| |
|
| cfgUnloadConfig(&cfg); |
|
| } |
} |
| |
|
| static int |
static int |
| s_unlck() |
s_unlck() |
| { |
{ |
| if (access(szSLCK, F_OK)) |
if (access(szSLCK, F_OK)) |
| return 1; | return 2; |
| |
|
| if (update(MNT_UPDATE | MNT_RDONLY) == -1) | if (access(szSess, F_OK) && update(MNT_UPDATE | MNT_RDONLY) == -1) |
| return 8; |
return 8; |
| |
|
| unlink(szSLCK); |
unlink(szSLCK); |
|
Line 175 s_lck(const char *reason)
|
Line 214 s_lck(const char *reason)
|
| char szStr[STRSIZ]; |
char szStr[STRSIZ]; |
| |
|
| if (!access(szSLCK, F_OK)) { |
if (!access(szSLCK, F_OK)) { |
| printf("cfexec:: Service held lock ...\n"); | printf("cfexec already held service lock ...\n"); |
| return 127; |
return 127; |
| } |
} |
| |
|
| f = open(szSLCK, O_CREAT | O_WRONLY | O_TRUNC, 0644); |
f = open(szSLCK, O_CREAT | O_WRONLY | O_TRUNC, 0644); |
| if (f == -1) { |
if (f == -1) { |
| printf("Error:: can`t service lock session #%d - %s\n", errno, strerror(errno)); |
printf("Error:: can`t service lock session #%d - %s\n", errno, strerror(errno)); |
| return -1; | return 4; |
| } else { |
} else { |
| memset(szStr, 0, sizeof szStr); |
memset(szStr, 0, sizeof szStr); |
| snprintf(szStr, sizeof szStr, "[%d] - %s", getpid(), reason); |
snprintf(szStr, sizeof szStr, "[%d] - %s", getpid(), reason); |
|
Line 192 s_lck(const char *reason)
|
Line 231 s_lck(const char *reason)
|
| |
|
| if (update(MNT_UPDATE) == -1) { |
if (update(MNT_UPDATE) == -1) { |
| unlink(szSLCK); |
unlink(szSLCK); |
| return 4; | return 5; |
| } |
} |
| |
|
| VERB(3) printf("Lock & created service lock file %s\n", szSLCK); |
VERB(3) printf("Lock & created service lock file %s\n", szSLCK); |
|
Line 227 main(int argc, char **argv)
|
Line 266 main(int argc, char **argv)
|
| } |
} |
| cfg_loadAttribute(&cfg, "cfexec", "suid", &User, DEFAULT_USER); |
cfg_loadAttribute(&cfg, "cfexec", "suid", &User, DEFAULT_USER); |
| cfg_loadAttribute(&cfg, "cfexec", "mount", &Mount, DEFAULT_MOUNT); |
cfg_loadAttribute(&cfg, "cfexec", "mount", &Mount, DEFAULT_MOUNT); |
| cfg_loadAttribute(&cfg, "cfexec", "device", &Dev, DEFAULT_DEVICE); |
|
| cfg_loadAttribute(&cfg, "cfexec", "chroot", &Chroot, DEFAULT_CHROOT); |
cfg_loadAttribute(&cfg, "cfexec", "chroot", &Chroot, DEFAULT_CHROOT); |
| |
|
| cfgUnloadConfig(&cfg); |
cfgUnloadConfig(&cfg); |
|
Line 235 main(int argc, char **argv)
|
Line 273 main(int argc, char **argv)
|
| Timeout = atoi(DEFAULT_TIMEOUT); |
Timeout = atoi(DEFAULT_TIMEOUT); |
| AIT_SET_STR(&User, DEFAULT_USER); |
AIT_SET_STR(&User, DEFAULT_USER); |
| AIT_SET_STR(&Mount, DEFAULT_MOUNT); |
AIT_SET_STR(&Mount, DEFAULT_MOUNT); |
| AIT_SET_STR(&Dev, DEFAULT_DEVICE); |
|
| AIT_SET_STR(&Chroot, DEFAULT_CHROOT); |
AIT_SET_STR(&Chroot, DEFAULT_CHROOT); |
| } |
} |
| |
|
| atexit(cleanexit); |
atexit(cleanexit); |
| |
|
| /* Load variables from arguments if exists */ |
/* Load variables from arguments if exists */ |
| while ((ch = getopt(argc, argv, "hvUu:c:d:m:t:L:")) != -1) | while ((ch = getopt(argc, argv, "hvUC:u:c:m:t:L:")) != -1) |
| switch (ch) { |
switch (ch) { |
| |
case 'C': |
| |
if (!cfgLoadConfig(optarg, &cfg)) { |
| |
cfg_loadAttribute(&cfg, "cfexec", "timeout", &User, DEFAULT_TIMEOUT); |
| |
#ifndef HAVE_STRTONUM |
| |
Timeout = (int) strtol(szUser, NULL, 0); |
| |
#else |
| |
Timeout = strtonum(AIT_GET_STR(&User), 0, 3600, &err); |
| |
#endif |
| |
AIT_FREE_VAL(&User); |
| |
if (!Timeout && err) { |
| |
printf("Error:: in seconds for timeout %s - %s\n", optarg, err); |
| |
cfgUnloadConfig(&cfg); |
| |
return 1; |
| |
} |
| |
cfg_loadAttribute(&cfg, "cfexec", "suid", &User, DEFAULT_USER); |
| |
cfg_loadAttribute(&cfg, "cfexec", "mount", &Mount, DEFAULT_MOUNT); |
| |
cfg_loadAttribute(&cfg, "cfexec", "chroot", &Chroot, DEFAULT_CHROOT); |
| |
|
| |
cfgUnloadConfig(&cfg); |
| |
} |
| |
break; |
| case 'v': |
case 'v': |
| Verbose++; |
Verbose++; |
| break; |
break; |
|
Line 253 main(int argc, char **argv)
|
Line 311 main(int argc, char **argv)
|
| case 'c': |
case 'c': |
| AIT_SET_STR(&Chroot, optarg); |
AIT_SET_STR(&Chroot, optarg); |
| break; |
break; |
| case 'd': |
|
| AIT_SET_STR(&Dev, optarg); |
|
| break; |
|
| case 'm': |
case 'm': |
| AIT_SET_STR(&Mount, optarg); |
AIT_SET_STR(&Mount, optarg); |
| break; |
break; |
|
Line 289 main(int argc, char **argv)
|
Line 344 main(int argc, char **argv)
|
| memset(szSess, 0, MAXPATHLEN); |
memset(szSess, 0, MAXPATHLEN); |
| snprintf(szSess, MAXPATHLEN, "%s%s-cfexec.LCK", DEFAULT_TMP, AIT_GET_STR(&Mount)); |
snprintf(szSess, MAXPATHLEN, "%s%s-cfexec.LCK", DEFAULT_TMP, AIT_GET_STR(&Mount)); |
| memset(szSLCK, 0, MAXPATHLEN); |
memset(szSLCK, 0, MAXPATHLEN); |
| snprintf(szSLCK, MAXPATHLEN, CFEXEC_SLOCK, DEFAULT_TMP); | snprintf(szSLCK, MAXPATHLEN, "%s%s-SYS-cfexec.LCK", DEFAULT_TMP, AIT_GET_STR(&Mount)); |
| |
|
| /* we have request for service lock! */ |
/* we have request for service lock! */ |
| if (mod) { |
if (mod) { |
|
Line 301 main(int argc, char **argv)
|
Line 356 main(int argc, char **argv)
|
| return ret; |
return ret; |
| } |
} |
| |
|
| VERB(3) printf("Info(3):: Chroot=%s SUID=%s Device=%s Mount=%s Timeout=%d Session=%s\n", | VERB(3) printf("Info(3):: Chroot=%s SUID=%s Mount=%s Timeout=%d Session=%s\n", |
| AIT_GET_STR(&Chroot), AIT_GET_STR(&User), AIT_GET_STR(&Dev), | AIT_GET_STR(&Chroot), AIT_GET_STR(&User), |
| AIT_GET_STR(&Mount), Timeout, szSess); |
AIT_GET_STR(&Mount), Timeout, szSess); |
| |
|
| if (!access(szSess, F_OK)) { |
if (!access(szSess, F_OK)) { |
|
Line 320 main(int argc, char **argv)
|
Line 375 main(int argc, char **argv)
|
| VERB(5) printf("Info(5):: Go safe mount.\n"); |
VERB(5) printf("Info(5):: Go safe mount.\n"); |
| setsid(); |
setsid(); |
| |
|
| if (update(MNT_UPDATE) == -1) | if ((f = mkevent(&chg, &evt)) == -1) |
| return 4; |
return 4; |
| |
|
| if ((f = mkevent(&chg, &evt)) == -1) | if (update(MNT_UPDATE) == -1) { |
| return 5; | stat = 5; |
| | goto skip; |
| | } |
| |
|
| if (Timeout) { |
if (Timeout) { |
| memset(&ts, 0, sizeof ts); |
memset(&ts, 0, sizeof ts); |
|
Line 347 main(int argc, char **argv)
|
Line 404 main(int argc, char **argv)
|
| if (access(szSLCK, F_OK) && update(MNT_UPDATE | MNT_RDONLY) == -1) |
if (access(szSLCK, F_OK) && update(MNT_UPDATE | MNT_RDONLY) == -1) |
| stat = 8; |
stat = 8; |
| } |
} |
| skip: |
| close(kq); |
close(kq); |
| close(f); |
close(f); |
| unlink(szSess); |
unlink(szSess); |
|
Line 361 main(int argc, char **argv)
|
Line 418 main(int argc, char **argv)
|
| sigprocmask(SIG_BLOCK, &sig, &oldsig); |
sigprocmask(SIG_BLOCK, &sig, &oldsig); |
| */ |
*/ |
| |
|
| if (update(MNT_UPDATE) == -1) | if ((f = mkevent(NULL, NULL)) == -1) |
| return 4; |
return 4; |
| |
else |
| |
close(f); |
| |
|
| |
if (update(MNT_UPDATE) == -1) { |
| |
unlink(szSess); |
| |
return 5; |
| |
} |
| |
|
| switch ((pid = vfork())) { |
switch ((pid = vfork())) { |
| case -1: |
case -1: |
| printf("Error:: can`t execute safe mount #%d - %s\n", |
printf("Error:: can`t execute safe mount #%d - %s\n", |
| errno, strerror(errno)); |
errno, strerror(errno)); |
| return 5; | stat = 3; |
| | break; |
| case 0: |
case 0: |
| VERB(5) printf("Go to running process %s\n", *argv); |
VERB(5) printf("Go to running process %s\n", *argv); |
| if (chroot(AIT_GET_STR(&Chroot)) == -1) { |
if (chroot(AIT_GET_STR(&Chroot)) == -1) { |
|
Line 381 main(int argc, char **argv)
|
Line 446 main(int argc, char **argv)
|
| /* chdir("/"); */ |
/* chdir("/"); */ |
| execvp(*argv, argv); |
execvp(*argv, argv); |
| } |
} |
| exit(127); | _exit(127); |
| break; |
break; |
| default: |
default: |
| waitpid(pid, &stat, 0); |
waitpid(pid, &stat, 0); |
| |
stat = WEXITSTATUS(stat); |
| VERB(3) printf("Return code: %d\n", stat); |
VERB(3) printf("Return code: %d\n", stat); |
| if (stat == 32512) |
|
| stat = 127; |
|
| |
|
| if (access(szSLCK, F_OK) && update(MNT_UPDATE | MNT_RDONLY) == -1) |
if (access(szSLCK, F_OK) && update(MNT_UPDATE | MNT_RDONLY) == -1) |
| return 8; | stat = 8; |
| | break; |
| } |
} |
| |
|
| |
unlink(szSess); |
| } |
} |
| |
|
| return stat; |
return stat; |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to cfexec.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedtools / src