embedtools/src/cfexec.c - diff

Return to cfexec.c CVS log

Up to [ELWIX - Embedded LightWeight unIX -] / embedtools / src

Diff for /embedtools/src/cfexec.c between versions 1.2.2.3 and 1.5.20.9

version 1.2.2.3, 2012/04/05 12:22:44	version 1.5.20.9, 2018/01/02 02:02:16
Line 12 terms:	Line 12 terms:
All of the documentation and software included in the ELWIX and AITNET	All of the documentation and software included in the ELWIX and AITNET
Releases is copyrighted by ELWIX - Sofia/Bulgaria <info@elwix.org>	Releases is copyrighted by ELWIX - Sofia/Bulgaria <info@elwix.org>

Copyright 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012	Copyright 2004 - 2018
by Michael Pounov <misho@elwix.org>. All rights reserved.	by Michael Pounov <misho@elwix.org>. All rights reserved.

Redistribution and use in source and binary forms, with or without	Redistribution and use in source and binary forms, with or without
Line 48 SUCH DAMAGE.	Line 48 SUCH DAMAGE.

cfg_root_t cfg;	cfg_root_t cfg;
int Verbose, Timeout, kq;	int Verbose, Timeout, kq;
ait_val_t User, Mount, Dev, Chroot;	ait_val_t User, Mount, Chroot;
char szSess[MAXPATHLEN], szConfig[MAXPATHLEN];	char szSess[MAXPATHLEN], szSLCK[MAXPATHLEN], szConfig[MAXPATHLEN];
extern char compiled[], compiledby[], compilehost[];	extern char compiled[], compiledby[], compilehost[];


Line 61 Usage()	Line 61 Usage()
"=== %s === %s@%s ===\n\n"	"=== %s === %s@%s ===\n\n"
" Syntax: cfexec [options] [exec_file]\n\n"	" Syntax: cfexec [options] [exec_file]\n\n"
"\t-v\t\tVerbose ...\n"	"\t-v\t\tVerbose ...\n"
	"\t-C <config>\tLoad config [default=/etc/cfexec.conf]\n"
"\t-c <dir>\tAfter execute chroot to dir [default=/]\n"	"\t-c <dir>\tAfter execute chroot to dir [default=/]\n"
"\t-u <user>\tAfter execute suid to user [default=root]\n"	"\t-u <user>\tAfter execute suid to user [default=root]\n"
"\t-d <dev>\tOther device [default=/dev/ufs/elwix]\n"	"\t-m <mnt>\tOther mount dir [default=/]\n"
"\t-m <mnt>\tOther mount dir [default=/cf]\n"
"\t-t <sec>\tTimeout for autolock mount dir after seconds [default=300]\n"	"\t-t <sec>\tTimeout for autolock mount dir after seconds [default=300]\n"
	"\t-L <reason>\tService lock and set RW state of device with reason\n"
	"\t-U \t\tService unlock and set RO state of device\n"
"\n", compiled, compiledby, compilehost);	"\n", compiled, compiledby, compilehost);
}	}

	struct statfs *
	getmntpt(const char *name)
	{
	struct statfs *mntbuf;
	int i, mntsize;

	mntsize = getmntinfo(&mntbuf, MNT_NOWAIT);
	for (i = mntsize - 1; i >= 0; i--) {
	if (!strcmp(mntbuf[i].f_mntfromname, name) \|\|
	!strcmp(mntbuf[i].f_mntonname, name))
	return &mntbuf[i];
	}

	return NULL;
	}

static int	static int
update(int flags)	update(int flags)
{	{
struct ufs_args mnt;	struct ufs_args mnt;
	struct statfs *mntfs = getmntpt(AIT_GET_STR(&Mount));

memset(&mnt, 0, sizeof mnt);	memset(&mnt, 0, sizeof mnt);
mnt.fspec = AIT_GET_STR(&Dev);	mnt.fspec = mntfs->f_mntfromname;
#ifdef __NetBSD__	#ifdef __NetBSD__
if (mount("ufs", AIT_GET_STR(&Mount), flags, &mnt, sizeof mnt) == -1) {	if (mount(mntfs->f_fstypename, mntfs->f_mntonname, flags, &mnt, sizeof mnt) == -1) {
#else	#else
if (mount("ufs", AIT_GET_STR(&Mount), flags, &mnt) == -1) {	if (mount(mntfs->f_fstypename, mntfs->f_mntonname, flags, &mnt) == -1) {
#endif	#endif
printf("Error:: can`t update mount %s #%d - %s\n", AIT_GET_STR(&Mount),	printf("Error:: can`t update mount %s #%d - %s\n", AIT_GET_STR(&Mount),
errno, strerror(errno));	errno, strerror(errno));
return -1;	return -1;
}	}

VERB(5) printf("Info(5):: safe mount for device %s to %s operation (%s)\n",	VERB(5) printf("Info(5):: safe mount %s for device %s to %s operation (%s)\n",
AIT_GET_STR(&Dev), AIT_GET_STR(&Mount), (flags & MNT_RDONLY) ? "ro" : "rw");	mntfs->f_fstypename, mntfs->f_mntfromname, mntfs->f_mntonname,
	(flags & MNT_RDONLY) ? "ro" : "rw");
return 0;	return 0;
}	}

Line 111 static int	Line 131 static int
mkevent(struct kevent chg, struct kevent evt)	mkevent(struct kevent chg, struct kevent evt)
{	{
int f;	int f;
char szStr[MAX_STR];	char szStr[STRSIZ];

f = open(szSess, O_CREAT \| O_WRONLY \| O_TRUNC, 0644);	f = open(szSess, O_CREAT \| O_WRONLY \| O_TRUNC, 0644);
if (f == -1) {	if (f == -1) {
printf("Error:: can`t lock session #%d - %s\n", errno, strerror(errno));	printf("Error:: can`t lock session #%d - %s\n", errno, strerror(errno));
return -1;	return -1;
} else {	} else {
memset(szStr, 0, MAX_STR);	memset(szStr, 0, sizeof szStr);
snprintf(szStr, MAX_STR, "%d", getpid());	snprintf(szStr, sizeof szStr, "%d", getpid());
write(f, szStr, strlen(szStr));	write(f, szStr, strlen(szStr));
}	}
VERB(3) printf("Created lock file %s\n", szSess);	VERB(3) printf("Created lock file %s\n", szSess);

kq = kqueue();	if (chg && evt) {
if (kq == -1) {	kq = kqueue();
printf("Error:: can`t execute safe mount #%d - %s\n", errno, strerror(errno));	if (kq == -1) {
close(f);	printf("Error:: can`t execute safe mount #%d - %s\n", errno, strerror(errno));
unlink(szSess);	close(f);
return -1;	unlink(szSess);
} else {	return -1;
memset(chg, 0, sizeof(struct kevent));	} else {
memset(evt, 0, sizeof(struct kevent));	memset(chg, 0, sizeof(struct kevent));
	memset(evt, 0, sizeof(struct kevent));

EV_SET(chg, f, EVFILT_VNODE, EV_ADD, NOTE_DELETE \| NOTE_RENAME \| NOTE_REVOKE,	EV_SET(chg, f, EVFILT_VNODE, EV_ADD, NOTE_DELETE \| NOTE_RENAME \| NOTE_REVOKE,
0, (intptr_t) NULL);	0, NULL);
	}
}	}

return f;	return f;
Line 145 static void	Line 167 static void
cleanexit()	cleanexit()
{	{
AIT_FREE_VAL(&User);	AIT_FREE_VAL(&User);
AIT_FREE_VAL(&Dev);
AIT_FREE_VAL(&Mount);	AIT_FREE_VAL(&Mount);
AIT_FREE_VAL(&Chroot);	AIT_FREE_VAL(&Chroot);
	}

cfgUnloadConfig(&cfg);	static int
	s_unlck()
	{
	if (access(szSLCK, F_OK))
	return 2;

	if (access(szSess, F_OK) && update(MNT_UPDATE \| MNT_RDONLY) == -1)
	return 8;

	unlink(szSLCK);
	VERB(3) printf("Unlock & deleted service lock file %s\n", szSLCK);
	return 0;
}	}

	static int
	s_lck(const char *reason)
	{
	int f;
	char szStr[STRSIZ];

	if (!access(szSLCK, F_OK)) {
	printf("cfexec already held service lock ...\n");
	return 127;
	}

	f = open(szSLCK, O_CREAT \| O_WRONLY \| O_TRUNC, 0644);
	if (f == -1) {
	printf("Error:: can`t service lock session #%d - %s\n", errno, strerror(errno));
	return 4;
	} else {
	memset(szStr, 0, sizeof szStr);
	snprintf(szStr, sizeof szStr, "[%d] - %s", getpid(), reason);
	write(f, szStr, strlen(szStr));
	}
	close(f);

	if (update(MNT_UPDATE) == -1) {
	unlink(szSLCK);
	return 5;
	}

	VERB(3) printf("Lock & created service lock file %s\n", szSLCK);
	return 0;
	}


int	int
main(int argc, char **argv)	main(int argc, char **argv)
{	{
char ch;	char ch, mod = 0, reason[STRSIZ];
const char *err = NULL;	const char *err = NULL;
struct kevent chg, evt;	struct kevent chg, evt;
struct timespec ts;	struct timespec ts;
pid_t pid;	pid_t pid;
int f, stat = 0;	int f, ret = 0, stat = 0;

strlcpy(szConfig, DEFAULT_CONFIG, MAXPATHLEN);	strlcpy(szConfig, DEFAULT_CONFIG, MAXPATHLEN);
/* Load variables from config if exists */	/* Load variables from config if exists */
Line 180 main(int argc, char **argv)	Line 244 main(int argc, char **argv)
}	}
cfg_loadAttribute(&cfg, "cfexec", "suid", &User, DEFAULT_USER);	cfg_loadAttribute(&cfg, "cfexec", "suid", &User, DEFAULT_USER);
cfg_loadAttribute(&cfg, "cfexec", "mount", &Mount, DEFAULT_MOUNT);	cfg_loadAttribute(&cfg, "cfexec", "mount", &Mount, DEFAULT_MOUNT);
cfg_loadAttribute(&cfg, "cfexec", "device", &Dev, DEFAULT_DEVICE);
cfg_loadAttribute(&cfg, "cfexec", "chroot", &Chroot, DEFAULT_CHROOT);	cfg_loadAttribute(&cfg, "cfexec", "chroot", &Chroot, DEFAULT_CHROOT);

cfgUnloadConfig(&cfg);	cfgUnloadConfig(&cfg);
Line 188 main(int argc, char **argv)	Line 251 main(int argc, char **argv)
Timeout = atoi(DEFAULT_TIMEOUT);	Timeout = atoi(DEFAULT_TIMEOUT);
AIT_SET_STR(&User, DEFAULT_USER);	AIT_SET_STR(&User, DEFAULT_USER);
AIT_SET_STR(&Mount, DEFAULT_MOUNT);	AIT_SET_STR(&Mount, DEFAULT_MOUNT);
AIT_SET_STR(&Dev, DEFAULT_DEVICE);
AIT_SET_STR(&Chroot, DEFAULT_CHROOT);	AIT_SET_STR(&Chroot, DEFAULT_CHROOT);
}	}

atexit(cleanexit);	atexit(cleanexit);

/* Load variables from arguments if exists */	/* Load variables from arguments if exists */
while ((ch = getopt(argc, argv, "hvu:c:d:m:t:")) != -1)	while ((ch = getopt(argc, argv, "hvUC:u:c:m:t:L:")) != -1)
switch (ch) {	switch (ch) {
	case 'C':
	if (!cfgLoadConfig(optarg, &cfg)) {
	cfg_loadAttribute(&cfg, "cfexec", "timeout", &User, DEFAULT_TIMEOUT);
	#ifndef HAVE_STRTONUM
	Timeout = (int) strtol(szUser, NULL, 0);
	#else
	Timeout = strtonum(AIT_GET_STR(&User), 0, 3600, &err);
	#endif
	AIT_FREE_VAL(&User);
	if (!Timeout && err) {
	printf("Error:: in seconds for timeout %s - %s\n", optarg, err);
	cfgUnloadConfig(&cfg);
	return 1;
	}
	cfg_loadAttribute(&cfg, "cfexec", "suid", &User, DEFAULT_USER);
	cfg_loadAttribute(&cfg, "cfexec", "mount", &Mount, DEFAULT_MOUNT);
	cfg_loadAttribute(&cfg, "cfexec", "chroot", &Chroot, DEFAULT_CHROOT);

	cfgUnloadConfig(&cfg);
	}
	break;
case 'v':	case 'v':
Verbose++;	Verbose++;
break;	break;
Line 206 main(int argc, char **argv)	Line 289 main(int argc, char **argv)
case 'c':	case 'c':
AIT_SET_STR(&Chroot, optarg);	AIT_SET_STR(&Chroot, optarg);
break;	break;
case 'd':
AIT_SET_STR(&Dev, optarg);
break;
case 'm':	case 'm':
AIT_SET_STR(&Mount, optarg);	AIT_SET_STR(&Mount, optarg);
break;	break;
	case 'L':
	strlcpy(reason, optarg, sizeof reason);
	mod = 1;
	break;
	case 'U':
	mod = -1;
	break;
case 't':	case 't':
#ifndef HAVE_STRTONUM	#ifndef HAVE_STRTONUM
Timeout = (int) strtol(optarg, NULL, 0);	Timeout = (int) strtol(optarg, NULL, 0);
Line 234 main(int argc, char **argv)	Line 321 main(int argc, char **argv)

memset(szSess, 0, MAXPATHLEN);	memset(szSess, 0, MAXPATHLEN);
snprintf(szSess, MAXPATHLEN, "%s%s-cfexec.LCK", DEFAULT_TMP, AIT_GET_STR(&Mount));	snprintf(szSess, MAXPATHLEN, "%s%s-cfexec.LCK", DEFAULT_TMP, AIT_GET_STR(&Mount));
	memset(szSLCK, 0, MAXPATHLEN);
	snprintf(szSLCK, MAXPATHLEN, "%s%s-SYS-cfexec.LCK", DEFAULT_TMP, AIT_GET_STR(&Mount));

VERB(3) printf("Info(3):: Chroot=%s SUID=%s Device=%s Mount=%s Timeout=%d Session=%s\n",	/* we have request for service lock! */
AIT_GET_STR(&Chroot), AIT_GET_STR(&User), AIT_GET_STR(&Dev),	if (mod) {
	VERB(3) printf("Info(3):: mode=%hhd\n", mod);
	if (mod == -1)
	ret = s_unlck();
	else
	ret = s_lck(reason);
	return ret;
	}

	VERB(3) printf("Info(3):: Chroot=%s SUID=%s Mount=%s Timeout=%d Session=%s\n",
	AIT_GET_STR(&Chroot), AIT_GET_STR(&User),
AIT_GET_STR(&Mount), Timeout, szSess);	AIT_GET_STR(&Mount), Timeout, szSess);

if (!access(szSess, F_OK)) {	if (!access(szSess, F_OK)) {
Line 254 main(int argc, char **argv)	Line 353 main(int argc, char **argv)
VERB(5) printf("Info(5):: Go safe mount.\n");	VERB(5) printf("Info(5):: Go safe mount.\n");
setsid();	setsid();

if (update(MNT_UPDATE) == -1)	if ((f = mkevent(&chg, &evt)) == -1)
return 4;	return 4;

if ((f = mkevent(&chg, &evt)) == -1)	if (update(MNT_UPDATE) == -1) {
return 5;	stat = 5;
	goto skip;
	}

if (Timeout) {	if (Timeout) {
memset(&ts, 0, sizeof ts);	memset(&ts, 0, sizeof ts);
Line 271 main(int argc, char **argv)	Line 372 main(int argc, char **argv)
stat = 7;	stat = 7;
break;	break;
case 0:	case 0:
	if (!access(szSLCK, F_OK)) {
	VERB(1) printf("Timeout reached - service locked\n");
	break;
	}
VERB(1) printf("Timeout reached - secure mount\n");	VERB(1) printf("Timeout reached - secure mount\n");
default:	default:
VERB(1) printf("Lock file is deleted - secure mount\n");	VERB(1) printf("Lock file is deleted - secure mount\n");
if (update(MNT_UPDATE \| MNT_RDONLY) == -1)	if (access(szSLCK, F_OK) && update(MNT_UPDATE \| MNT_RDONLY) == -1)
stat = 8;	stat = 8;
}	}
	skip:
close(kq);	close(kq);
close(f);	close(f);
unlink(szSess);	unlink(szSess);
Line 291 main(int argc, char **argv)	Line 396 main(int argc, char **argv)
sigprocmask(SIG_BLOCK, &sig, &oldsig);	sigprocmask(SIG_BLOCK, &sig, &oldsig);
*/	*/

if (update(MNT_UPDATE) == -1)	if ((f = mkevent(NULL, NULL)) == -1)
return 4;	return 4;
	else
	close(f);

	if (update(MNT_UPDATE) == -1) {
	unlink(szSess);
	return 5;
	}

switch ((pid = vfork())) {	switch ((pid = vfork())) {
case -1:	case -1:
printf("Error:: can`t execute safe mount #%d - %s\n",	printf("Error:: can`t execute safe mount #%d - %s\n",
errno, strerror(errno));	errno, strerror(errno));
return 5;	stat = 3;
	break;
case 0:	case 0:
VERB(5) printf("Go to running process %s\n", *argv);	VERB(5) printf("Go to running process %s\n", *argv);
if (chroot(AIT_GET_STR(&Chroot)) == -1) {	if (chroot(AIT_GET_STR(&Chroot)) == -1) {
Line 311 main(int argc, char **argv)	Line 424 main(int argc, char **argv)
/* chdir("/"); */	/* chdir("/"); */
execvp(*argv, argv);	execvp(*argv, argv);
}	}
exit(127);	_exit(127);
break;	break;
default:	default:
waitpid(pid, &stat, 0);	waitpid(pid, &stat, 0);
	stat = WEXITSTATUS(stat);
VERB(3) printf("Return code: %d\n", stat);	VERB(3) printf("Return code: %d\n", stat);
if (stat == 32512)
stat = 127;

if (update(MNT_UPDATE \| MNT_RDONLY) == -1)	if (access(szSLCK, F_OK) && update(MNT_UPDATE \| MNT_RDONLY) == -1)
return 8;	stat = 8;
	break;
}	}

	unlink(szSess);
}	}

return stat;	return stat;

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.2.2.3
changed lines
	Added in v.1.5.20.9