--- embedtools/src/cfexec.c 2011/06/13 20:23:35 1.2.2.2 +++ embedtools/src/cfexec.c 2017/10/08 22:34:41 1.5.20.5 @@ -3,7 +3,7 @@ * by Michael Pounov * * $Author: misho $ - * $Id: cfexec.c,v 1.2.2.2 2011/06/13 20:23:35 misho Exp $ + * $Id: cfexec.c,v 1.5.20.5 2017/10/08 22:34:41 misho Exp $ * ************************************************************************* The ELWIX and AITNET software is distributed under the following @@ -12,7 +12,7 @@ terms: All of the documentation and software included in the ELWIX and AITNET Releases is copyrighted by ELWIX - Sofia/Bulgaria -Copyright 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 +Copyright 2004 - 2017 by Michael Pounov . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -46,14 +46,15 @@ SUCH DAMAGE. #include "global.h" -sl_config cfg; +cfg_root_t cfg; int Verbose, Timeout, kq; -char szUser[MAX_STR], szMount[MAXPATHLEN], szDev[MAXPATHLEN], - szChroot[MAXPATHLEN], szSess[MAXPATHLEN], szConfig[MAXPATHLEN]; +ait_val_t User, Mount, Dev, Chroot; +char szSess[MAXPATHLEN], szSLCK[MAXPATHLEN], szConfig[MAXPATHLEN]; extern char compiled[], compiledby[], compilehost[]; -static void Usage() +static void +Usage() { printf( "CFExec is tool for managment R/W operation with CompactFlash\n" @@ -63,139 +64,213 @@ static void Usage() "\t-c \tAfter execute chroot to dir [default=/]\n" "\t-u \tAfter execute suid to user [default=root]\n" "\t-d \tOther device [default=/dev/ufs/elwix]\n" - "\t-m \tOther mount dir [default=/cf]\n" + "\t-m \tOther mount dir [default=/]\n" "\t-t \tTimeout for autolock mount dir after seconds [default=300]\n" + "\t-L \tService lock and set RW state of device with reason\n" + "\t-U \t\tService unlock and set RO state of device\n" "\n", compiled, compiledby, compilehost); } -static int update(int flags) +static int +update(int flags) { struct ufs_args mnt; memset(&mnt, 0, sizeof mnt); - mnt.fspec = szDev; + mnt.fspec = AIT_GET_STR(&Dev); #ifdef __NetBSD__ - if (mount("ufs", szMount, flags, &mnt, sizeof mnt) == -1) { + if (mount("ufs", AIT_GET_STR(&Mount), flags, &mnt, sizeof mnt) == -1) { #else - if (mount("ufs", szMount, flags, &mnt) == -1) { + if (mount("ufs", AIT_GET_STR(&Mount), flags, &mnt) == -1) { #endif - printf("Error:: can`t update mount %s #%d - %s\n", szMount, errno, strerror(errno)); + printf("Error:: can`t update mount %s #%d - %s\n", AIT_GET_STR(&Mount), + errno, strerror(errno)); return -1; } VERB(5) printf("Info(5):: safe mount for device %s to %s operation (%s)\n", - szDev, szMount, (flags & MNT_RDONLY) ? "ro" : "rw"); + AIT_GET_STR(&Dev), AIT_GET_STR(&Mount), (flags & MNT_RDONLY) ? "ro" : "rw"); return 0; } -static void setuser() +static void +setuser() { struct passwd *pw; - pw = getpwnam(szUser); + pw = getpwnam(AIT_GET_LIKE(&User, char*)); if (pw) { setuid(pw->pw_uid); setgid(pw->pw_gid); endpwent(); - VERB(5) printf("Info(5):: Suid to user %s.\n", szUser); + VERB(5) printf("Info(5):: Suid to user %s.\n", AIT_GET_STR(&User)); } else - VERB(5) printf("Info(5):: Can`t suid to user %s !\n", szUser); + VERB(5) printf("Info(5):: Can`t suid to user %s !\n", AIT_GET_STR(&User)); } -static int mkevent(struct kevent *chg, struct kevent *evt) +static int +mkevent(struct kevent *chg, struct kevent *evt) { int f; - char szStr[MAX_STR]; + char szStr[STRSIZ]; f = open(szSess, O_CREAT | O_WRONLY | O_TRUNC, 0644); if (f == -1) { printf("Error:: can`t lock session #%d - %s\n", errno, strerror(errno)); return -1; } else { - memset(szStr, 0, MAX_STR); - snprintf(szStr, MAX_STR, "%d", getpid()); + memset(szStr, 0, sizeof szStr); + snprintf(szStr, sizeof szStr, "%d", getpid()); write(f, szStr, strlen(szStr)); } VERB(3) printf("Created lock file %s\n", szSess); - kq = kqueue(); - if (kq == -1) { - printf("Error:: can`t execute safe mount #%d - %s\n", errno, strerror(errno)); - close(f); - unlink(szSess); - return -1; - } else { - memset(chg, 0, sizeof(struct kevent)); - memset(evt, 0, sizeof(struct kevent)); + if (chg && evt) { + kq = kqueue(); + if (kq == -1) { + printf("Error:: can`t execute safe mount #%d - %s\n", errno, strerror(errno)); + close(f); + unlink(szSess); + return -1; + } else { + memset(chg, 0, sizeof(struct kevent)); + memset(evt, 0, sizeof(struct kevent)); - EV_SET(chg, f, EVFILT_VNODE, EV_ADD, NOTE_DELETE | NOTE_RENAME | NOTE_REVOKE, 0, (intptr_t) NULL); + EV_SET(chg, f, EVFILT_VNODE, EV_ADD, NOTE_DELETE | NOTE_RENAME | NOTE_REVOKE, + 0, NULL); + } } return f; } -// --------------------------------- +static void +cleanexit() +{ + AIT_FREE_VAL(&User); + AIT_FREE_VAL(&Dev); + AIT_FREE_VAL(&Mount); + AIT_FREE_VAL(&Chroot); -int main(int argc, char **argv) + cfgUnloadConfig(&cfg); +} + +static int +s_unlck() { - char ch; + if (access(szSLCK, F_OK)) + return 2; + + if (access(szSess, F_OK) && update(MNT_UPDATE | MNT_RDONLY) == -1) + return 8; + + unlink(szSLCK); + VERB(3) printf("Unlock & deleted service lock file %s\n", szSLCK); + return 0; +} + +static int +s_lck(const char *reason) +{ + int f; + char szStr[STRSIZ]; + + if (!access(szSLCK, F_OK)) { + printf("cfexec already held service lock ...\n"); + return 127; + } + + f = open(szSLCK, O_CREAT | O_WRONLY | O_TRUNC, 0644); + if (f == -1) { + printf("Error:: can`t service lock session #%d - %s\n", errno, strerror(errno)); + return 4; + } else { + memset(szStr, 0, sizeof szStr); + snprintf(szStr, sizeof szStr, "[%d] - %s", getpid(), reason); + write(f, szStr, strlen(szStr)); + } + close(f); + + if (update(MNT_UPDATE) == -1) { + unlink(szSLCK); + return 5; + } + + VERB(3) printf("Lock & created service lock file %s\n", szSLCK); + return 0; +} + + +int +main(int argc, char **argv) +{ + char ch, mod = 0, reason[STRSIZ]; const char *err = NULL; struct kevent chg, evt; struct timespec ts; pid_t pid; - int f, stat = 0; -// sigset_t sig, oldsig; + int f, ret = 0, stat = 0; strlcpy(szConfig, DEFAULT_CONFIG, MAXPATHLEN); - // Load variables from config if exists - if (!LoadConfig(szConfig, &cfg)) { - cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("timeout"), CFG(szUser), MAX_STR, DEFAULT_TIMEOUT); + /* Load variables from config if exists */ + if (!cfgLoadConfig(szConfig, &cfg)) { + cfg_loadAttribute(&cfg, "cfexec", "timeout", &User, DEFAULT_TIMEOUT); #ifndef HAVE_STRTONUM Timeout = (int) strtol(szUser, NULL, 0); #else - Timeout = strtonum(szUser, 0, 3600, &err); + Timeout = strtonum(AIT_GET_STR(&User), 0, 3600, &err); #endif + AIT_FREE_VAL(&User); if (!Timeout && err) { printf("Error:: in seconds for timeout %s - %s\n", optarg, err); - UnloadConfig(&cfg); + cfgUnloadConfig(&cfg); return 1; } - cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("suid"), CFG(szUser), MAX_STR, DEFAULT_USER); - cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("mount"), CFG(szMount), MAXPATHLEN, DEFAULT_MOUNT); - cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("device"), CFG(szDev), MAXPATHLEN, DEFAULT_DEVICE); - cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("chroot"), CFG(szChroot), MAXPATHLEN, DEFAULT_CHROOT); + cfg_loadAttribute(&cfg, "cfexec", "suid", &User, DEFAULT_USER); + cfg_loadAttribute(&cfg, "cfexec", "mount", &Mount, DEFAULT_MOUNT); + cfg_loadAttribute(&cfg, "cfexec", "device", &Dev, DEFAULT_DEVICE); + cfg_loadAttribute(&cfg, "cfexec", "chroot", &Chroot, DEFAULT_CHROOT); - UnloadConfig(&cfg); + cfgUnloadConfig(&cfg); } else { Timeout = atoi(DEFAULT_TIMEOUT); - strlcpy(szUser, DEFAULT_USER, MAX_STR); - strlcpy(szMount, DEFAULT_MOUNT, MAXPATHLEN); - strlcpy(szDev, DEFAULT_DEVICE, MAXPATHLEN); - strlcpy(szChroot, DEFAULT_CHROOT, MAXPATHLEN); + AIT_SET_STR(&User, DEFAULT_USER); + AIT_SET_STR(&Mount, DEFAULT_MOUNT); + AIT_SET_STR(&Dev, DEFAULT_DEVICE); + AIT_SET_STR(&Chroot, DEFAULT_CHROOT); } - // Load variables from arguments if exists - while ((ch = getopt(argc, argv, "hvu:c:d:m:t:")) != -1) + atexit(cleanexit); + + /* Load variables from arguments if exists */ + while ((ch = getopt(argc, argv, "hvUu:c:d:m:t:L:")) != -1) switch (ch) { case 'v': Verbose++; break; case 'u': - strlcpy(szUser, optarg, MAX_STR); + AIT_SET_STR(&User, optarg); break; case 'c': - strlcpy(szChroot, optarg, MAXPATHLEN); + AIT_SET_STR(&Chroot, optarg); break; case 'd': - strlcpy(szDev, optarg, MAXPATHLEN); + AIT_SET_STR(&Dev, optarg); break; case 'm': - strlcpy(szMount, optarg, MAXPATHLEN); + AIT_SET_STR(&Mount, optarg); break; + case 'L': + strlcpy(reason, optarg, sizeof reason); + mod = 1; + break; + case 'U': + mod = -1; + break; case 't': #ifndef HAVE_STRTONUM - Timeout = (int) strtol(szUser, NULL, 0); + Timeout = (int) strtol(optarg, NULL, 0); #else Timeout = strtonum(optarg, 0, 3600, &err); #endif @@ -214,10 +289,23 @@ int main(int argc, char **argv) argv += optind; memset(szSess, 0, MAXPATHLEN); - snprintf(szSess, MAXPATHLEN, "%s%s-cfexec.LCK", DEFAULT_TMP, szMount); + snprintf(szSess, MAXPATHLEN, "%s%s-cfexec.LCK", DEFAULT_TMP, AIT_GET_STR(&Mount)); + memset(szSLCK, 0, MAXPATHLEN); + snprintf(szSLCK, MAXPATHLEN, CFEXEC_SLOCK, DEFAULT_TMP); + /* we have request for service lock! */ + if (mod) { + VERB(3) printf("Info(3):: mode=%hhd\n", mod); + if (mod == -1) + ret = s_unlck(); + else + ret = s_lck(reason); + return ret; + } + VERB(3) printf("Info(3):: Chroot=%s SUID=%s Device=%s Mount=%s Timeout=%d Session=%s\n", - szChroot, szUser, szDev, szMount, Timeout, szSess); + AIT_GET_STR(&Chroot), AIT_GET_STR(&User), AIT_GET_STR(&Dev), + AIT_GET_STR(&Mount), Timeout, szSess); if (!access(szSess, F_OK)) { printf("cfexec already running ...\n"); @@ -234,10 +322,10 @@ int main(int argc, char **argv) VERB(5) printf("Info(5):: Go safe mount.\n"); setsid(); - if (update(MNT_UPDATE) == -1) + if ((f = mkevent(&chg, &evt)) == -1) return 4; - if ((f = mkevent(&chg, &evt)) == -1) + if (update(MNT_UPDATE) == -1) return 5; if (Timeout) { @@ -251,10 +339,14 @@ int main(int argc, char **argv) stat = 7; break; case 0: + if (!access(szSLCK, F_OK)) { + VERB(1) printf("Timeout reached - service locked\n"); + break; + } VERB(1) printf("Timeout reached - secure mount\n"); default: VERB(1) printf("Lock file is deleted - secure mount\n"); - if (update(MNT_UPDATE | MNT_RDONLY) == -1) + if (access(szSLCK, F_OK) && update(MNT_UPDATE | MNT_RDONLY) == -1) stat = 8; } @@ -271,21 +363,27 @@ int main(int argc, char **argv) sigprocmask(SIG_BLOCK, &sig, &oldsig); */ - if (update(MNT_UPDATE) == -1) + if ((f = mkevent(NULL, NULL)) == -1) return 4; + else + close(f); + if (update(MNT_UPDATE) == -1) + return 5; + switch ((pid = vfork())) { case -1: printf("Error:: can`t execute safe mount #%d - %s\n", errno, strerror(errno)); - return 5; + stat = 3; + break; case 0: VERB(5) printf("Go to running process %s\n", *argv); - if (chroot(szChroot) == -1) { + if (chroot(AIT_GET_STR(&Chroot)) == -1) { printf("Error:: can`t chroot to dir %s #%d - %s\n", - szChroot, errno, strerror(errno)); + AIT_GET_STR(&Chroot), errno, strerror(errno)); } else { - if (strncmp(szUser, "root", 5)) + if (strncmp(AIT_GET_STR(&User), "root", 5)) setuser(); /* chdir("/"); */ @@ -295,15 +393,15 @@ int main(int argc, char **argv) break; default: waitpid(pid, &stat, 0); + stat = WEXITSTATUS(stat); VERB(3) printf("Return code: %d\n", stat); - if (stat == 32512) - stat = 127; - if (update(MNT_UPDATE | MNT_RDONLY) == -1) - return 8; + if (access(szSLCK, F_OK) && update(MNT_UPDATE | MNT_RDONLY) == -1) + stat = 8; + break; } -// sigprocmask(SIG_SETMASK, &oldsig, NULL); + unlink(szSess); } return stat;