Annotation of embedtools/src/cfexec.c, revision 1.1
1.1 ! misho 1: /*************************************************************************
! 2: * (C) 2009 AITNET - Sofia/Bulgaria - <office@aitbg.com>
! 3: * by Michael Pounov <misho@aitbg.com>
! 4: *
! 5: * $Author: misho $
! 6: * $Id: global.h,v 1.1.1.1 2009/04/22 22:38:22 misho Exp $
! 7: *
! 8: *************************************************************************/
! 9: #include "global.h"
! 10:
! 11:
! 12: sl_config cfg;
! 13: int Verbose, Timeout, kq;
! 14: char szUser[MAX_STR], szMount[MAXPATHLEN], szDev[MAXPATHLEN],
! 15: szChroot[MAXPATHLEN], szSess[MAXPATHLEN], szConfig[MAXPATHLEN];
! 16: extern char compiled[], compiledby[], compilehost[];
! 17:
! 18: static void Usage()
! 19: {
! 20:
! 21: printf( "CFExec is tool for managment R/W operation with CompactFlash\n"
! 22: "=== %s === %s@%s ===\n\n"
! 23: " Syntax: cfexec [options] [exec_file]\n\n"
! 24: "\t-v\t\tVerbose ...\n"
! 25: "\t-c <dir>\tAfter execute chroot to dir [default=/]\n"
! 26: "\t-u <user>\tAfter execute suid to user [default=root]\n"
! 27: "\t-d <dev>\tOther device [default=/dev/ufs/AITBSDonCF]\n"
! 28: "\t-m <mnt>\tOther mount dir [default=/cf]\n"
! 29: "\t-t <sec>\tTimeout for autolock mount dir after seconds [default=300]\n"
! 30: "\n", compiled, compiledby, compilehost);
! 31: }
! 32:
! 33: static int update(int flags)
! 34: {
! 35: struct ufs_args mnt;
! 36:
! 37: memset(&mnt, 0, sizeof mnt);
! 38: mnt.fspec = szDev;
! 39: if (mount("ufs", szMount, flags, &mnt) == -1) {
! 40: printf("Error:: can`t update mount %s #%d - %s\n", szMount, errno, strerror(errno));
! 41: return -1;
! 42: }
! 43:
! 44: VERB(5) printf("Info(5):: safe mount for device %s to %s operation (%s)\n",
! 45: szDev, szMount, (flags & MNT_RDONLY) ? "ro" : "rw");
! 46: return 0;
! 47: }
! 48:
! 49: static void setuser()
! 50: {
! 51: struct passwd *pw;
! 52:
! 53: pw = getpwnam(szUser);
! 54: if (pw) {
! 55: setuid(pw->pw_uid);
! 56: setgid(pw->pw_gid);
! 57: endpwent();
! 58:
! 59: VERB(5) printf("Info(5):: Suid to user %s.\n", szUser);
! 60: } else
! 61: VERB(5) printf("Info(5):: Can`t suid to user %s !\n", szUser);
! 62: }
! 63:
! 64: static int mkevent(struct kevent *chg, struct kevent *evt)
! 65: {
! 66: int f;
! 67: char szStr[MAX_STR];
! 68:
! 69: f = open(szSess, O_CREAT | O_WRONLY | O_TRUNC, 0644);
! 70: if (f == -1) {
! 71: printf("Error:: can`t lock session #%d - %s\n", errno, strerror(errno));
! 72: return -1;
! 73: } else {
! 74: memset(szStr, 0, MAX_STR);
! 75: snprintf(szStr, MAX_STR, "%d", getpid());
! 76: write(f, szStr, strlen(szStr));
! 77: }
! 78: VERB(3) printf("Created lock file %s\n", szSess);
! 79:
! 80: kq = kqueue();
! 81: if (kq == -1) {
! 82: printf("Error:: can`t execute safe mount #%d - %s\n", errno, strerror(errno));
! 83: close(f);
! 84: unlink(szSess);
! 85: return -1;
! 86: } else {
! 87: memset(chg, 0, sizeof(struct kevent));
! 88: memset(evt, 0, sizeof(struct kevent));
! 89:
! 90: EV_SET(chg, f, EVFILT_VNODE, EV_ADD, NOTE_DELETE | NOTE_RENAME | NOTE_REVOKE, 0, NULL);
! 91: }
! 92:
! 93: return f;
! 94: }
! 95:
! 96: // ---------------------------------
! 97:
! 98: int main(int argc, char **argv)
! 99: {
! 100: char ch;
! 101: const char *err;
! 102: struct kevent chg, evt;
! 103: struct timespec ts;
! 104: pid_t pid;
! 105: int f, stat = 0;
! 106: // sigset_t sig, oldsig;
! 107:
! 108: strlcpy(szConfig, DEFAULT_CONFIG, MAXPATHLEN);
! 109: // Load variables from config if exists
! 110: if (!LoadConfig(szConfig, &cfg)) {
! 111: cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("timeout"), CFG(szUser), MAX_STR, DEFAULT_TIMEOUT);
! 112: Timeout = strtonum(szUser, 1, 3600, &err);
! 113: if (!Timeout) {
! 114: printf("Error:: in seconds for timeout %s - %s\n", optarg, err);
! 115: UnloadConfig(&cfg);
! 116: return 1;
! 117: }
! 118: cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("suid"), CFG(szUser), MAX_STR, DEFAULT_USER);
! 119: cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("mount"), CFG(szMount), MAXPATHLEN, DEFAULT_MOUNT);
! 120: cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("device"), CFG(szDev), MAXPATHLEN, DEFAULT_DEVICE);
! 121: cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("chroot"), CFG(szChroot), MAXPATHLEN, DEFAULT_CHROOT);
! 122:
! 123: UnloadConfig(&cfg);
! 124: } else {
! 125: Timeout = atoi(DEFAULT_TIMEOUT);
! 126: strlcpy(szUser, DEFAULT_USER, MAX_STR);
! 127: strlcpy(szMount, DEFAULT_MOUNT, MAXPATHLEN);
! 128: strlcpy(szDev, DEFAULT_DEVICE, MAXPATHLEN);
! 129: strlcpy(szChroot, DEFAULT_CHROOT, MAXPATHLEN);
! 130: }
! 131:
! 132: // Load variables from arguments if exists
! 133: while ((ch = getopt(argc, argv, "hvu:c:d:m:t:")) != -1)
! 134: switch (ch) {
! 135: case 'v':
! 136: Verbose++;
! 137: break;
! 138: case 'u':
! 139: strlcpy(szUser, optarg, MAX_STR);
! 140: break;
! 141: case 'c':
! 142: strlcpy(szChroot, optarg, MAXPATHLEN);
! 143: break;
! 144: case 'd':
! 145: strlcpy(szDev, optarg, MAXPATHLEN);
! 146: break;
! 147: case 'm':
! 148: strlcpy(szMount, optarg, MAXPATHLEN);
! 149: break;
! 150: case 't':
! 151: Timeout = strtonum(optarg, 1, 3600, &err);
! 152: if (!Timeout) {
! 153: printf("Error:: in seconds for timeout %s - %s\n",
! 154: optarg, err);
! 155: return 1;
! 156: }
! 157: break;
! 158: case 'h':
! 159: default:
! 160: Usage();
! 161: return 1;
! 162: }
! 163: argc -= optind;
! 164: argv += optind;
! 165:
! 166: memset(szSess, 0, MAXPATHLEN);
! 167: snprintf(szSess, MAXPATHLEN, "%s%s-cfexec.LCK", DEFAULT_TMP, szMount);
! 168:
! 169: VERB(3) printf("Info(3):: Chroot=%s SUID=%s Device=%s Mount=%s Timeout=%d Session=%s\n",
! 170: szChroot, szUser, szDev, szMount, Timeout, szSess);
! 171:
! 172: if (!access(szSess, F_OK)) {
! 173: printf("cfexec already running ...\n");
! 174: return 127;
! 175: }
! 176:
! 177: if (!argc) {
! 178: switch (fork()) {
! 179: case -1:
! 180: printf("Error:: can`t execute safe mount #%d - %s\n",
! 181: errno, strerror(errno));
! 182: return 3;
! 183: case 0:
! 184: VERB(5) printf("Info(5):: Go safe mount.\n");
! 185: setsid();
! 186:
! 187: if (update(MNT_UPDATE) == -1)
! 188: return 4;
! 189:
! 190: if ((f = mkevent(&chg, &evt)) == -1)
! 191: return 5;
! 192:
! 193: memset(&ts, 0, sizeof ts);
! 194: ts.tv_sec = Timeout;
! 195: switch (kevent(kq, &chg, 1, &evt, 1, &ts)) {
! 196: case -1:
! 197: printf("Error:: can`t execute safe mount #%d - %s\n",
! 198: errno, strerror(errno));
! 199: stat = 7;
! 200: break;
! 201: case 0:
! 202: VERB(1) printf("Timeout reached - secure mount\n");
! 203: default:
! 204: VERB(1) printf("Lock file is deleted - secure mount\n");
! 205: if (update(MNT_UPDATE | MNT_RDONLY) == -1)
! 206: stat = 8;
! 207: }
! 208:
! 209: close(kq);
! 210: close(f);
! 211: unlink(szSess);
! 212: break;
! 213: }
! 214: } else {
! 215: /*
! 216: sigemptyset(&sig);
! 217: sigaddset(&sig, SIGINT);
! 218: sigaddset(&sig, SIGTSTP);
! 219: sigprocmask(SIG_BLOCK, &sig, &oldsig);
! 220: */
! 221:
! 222: if (update(MNT_UPDATE) == -1)
! 223: return 4;
! 224:
! 225: switch ((pid = vfork())) {
! 226: case -1:
! 227: printf("Error:: can`t execute safe mount #%d - %s\n",
! 228: errno, strerror(errno));
! 229: return 5;
! 230: case 0:
! 231: VERB(5) printf("Go to running process %s\n", *argv);
! 232: if (chroot(szChroot) == -1) {
! 233: printf("Error:: can`t chroot to dir %s #%d - %s\n",
! 234: szChroot, errno, strerror(errno));
! 235: } else {
! 236: if (strncmp(szUser, "root", 5))
! 237: setuser();
! 238:
! 239: chdir("/");
! 240: execvp(*argv, argv);
! 241: }
! 242: _exit(127);
! 243: break;
! 244: default:
! 245: waitpid(pid, &stat, 0);
! 246: VERB(3) printf("Return code: %d\n", stat);
! 247: if (stat == 32512)
! 248: stat = 127;
! 249:
! 250: if (update(MNT_UPDATE | MNT_RDONLY) == -1)
! 251: return 8;
! 252: }
! 253:
! 254: // sigprocmask(SIG_SETMASK, &oldsig, NULL);
! 255: }
! 256:
! 257: return stat;
! 258: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>