/************************************************************************* * (C) 2009 AITNET - Sofia/Bulgaria - * by Michael Pounov * * $Author: misho $ * $Id: cfexec.c,v 1.2 2011/06/08 12:45:41 misho Exp $ * *************************************************************************/ #include "global.h" sl_config cfg; int Verbose, Timeout, kq; char szUser[MAX_STR], szMount[MAXPATHLEN], szDev[MAXPATHLEN], szChroot[MAXPATHLEN], szSess[MAXPATHLEN], szConfig[MAXPATHLEN]; extern char compiled[], compiledby[], compilehost[]; static void Usage() { printf( "CFExec is tool for managment R/W operation with CompactFlash\n" "=== %s === %s@%s ===\n\n" " Syntax: cfexec [options] [exec_file]\n\n" "\t-v\t\tVerbose ...\n" "\t-c \tAfter execute chroot to dir [default=/]\n" "\t-u \tAfter execute suid to user [default=root]\n" "\t-d \tOther device [default=/dev/ufs/elwix]\n" "\t-m \tOther mount dir [default=/cf]\n" "\t-t \tTimeout for autolock mount dir after seconds [default=300]\n" "\n", compiled, compiledby, compilehost); } static int update(int flags) { struct ufs_args mnt; memset(&mnt, 0, sizeof mnt); mnt.fspec = szDev; if (mount("ufs", szMount, flags, &mnt) == -1) { printf("Error:: can`t update mount %s #%d - %s\n", szMount, errno, strerror(errno)); return -1; } VERB(5) printf("Info(5):: safe mount for device %s to %s operation (%s)\n", szDev, szMount, (flags & MNT_RDONLY) ? "ro" : "rw"); return 0; } static void setuser() { struct passwd *pw; pw = getpwnam(szUser); if (pw) { setuid(pw->pw_uid); setgid(pw->pw_gid); endpwent(); VERB(5) printf("Info(5):: Suid to user %s.\n", szUser); } else VERB(5) printf("Info(5):: Can`t suid to user %s !\n", szUser); } static int mkevent(struct kevent *chg, struct kevent *evt) { int f; char szStr[MAX_STR]; f = open(szSess, O_CREAT | O_WRONLY | O_TRUNC, 0644); if (f == -1) { printf("Error:: can`t lock session #%d - %s\n", errno, strerror(errno)); return -1; } else { memset(szStr, 0, MAX_STR); snprintf(szStr, MAX_STR, "%d", getpid()); write(f, szStr, strlen(szStr)); } VERB(3) printf("Created lock file %s\n", szSess); kq = kqueue(); if (kq == -1) { printf("Error:: can`t execute safe mount #%d - %s\n", errno, strerror(errno)); close(f); unlink(szSess); return -1; } else { memset(chg, 0, sizeof(struct kevent)); memset(evt, 0, sizeof(struct kevent)); EV_SET(chg, f, EVFILT_VNODE, EV_ADD, NOTE_DELETE | NOTE_RENAME | NOTE_REVOKE, 0, NULL); } return f; } // --------------------------------- int main(int argc, char **argv) { char ch; const char *err; struct kevent chg, evt; struct timespec ts; pid_t pid; int f, stat = 0; // sigset_t sig, oldsig; strlcpy(szConfig, DEFAULT_CONFIG, MAXPATHLEN); // Load variables from config if exists if (!LoadConfig(szConfig, &cfg)) { cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("timeout"), CFG(szUser), MAX_STR, DEFAULT_TIMEOUT); Timeout = strtonum(szUser, 0, 3600, &err); if (!Timeout && err) { printf("Error:: in seconds for timeout %s - %s\n", optarg, err); UnloadConfig(&cfg); return 1; } cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("suid"), CFG(szUser), MAX_STR, DEFAULT_USER); cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("mount"), CFG(szMount), MAXPATHLEN, DEFAULT_MOUNT); cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("device"), CFG(szDev), MAXPATHLEN, DEFAULT_DEVICE); cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("chroot"), CFG(szChroot), MAXPATHLEN, DEFAULT_CHROOT); UnloadConfig(&cfg); } else { Timeout = atoi(DEFAULT_TIMEOUT); strlcpy(szUser, DEFAULT_USER, MAX_STR); strlcpy(szMount, DEFAULT_MOUNT, MAXPATHLEN); strlcpy(szDev, DEFAULT_DEVICE, MAXPATHLEN); strlcpy(szChroot, DEFAULT_CHROOT, MAXPATHLEN); } // Load variables from arguments if exists while ((ch = getopt(argc, argv, "hvu:c:d:m:t:")) != -1) switch (ch) { case 'v': Verbose++; break; case 'u': strlcpy(szUser, optarg, MAX_STR); break; case 'c': strlcpy(szChroot, optarg, MAXPATHLEN); break; case 'd': strlcpy(szDev, optarg, MAXPATHLEN); break; case 'm': strlcpy(szMount, optarg, MAXPATHLEN); break; case 't': Timeout = strtonum(optarg, 0, 3600, &err); if (!Timeout && err) { printf("Error:: in seconds for timeout %s - %s\n", optarg, err); return 1; } break; case 'h': default: Usage(); return 1; } argc -= optind; argv += optind; memset(szSess, 0, MAXPATHLEN); snprintf(szSess, MAXPATHLEN, "%s%s-cfexec.LCK", DEFAULT_TMP, szMount); VERB(3) printf("Info(3):: Chroot=%s SUID=%s Device=%s Mount=%s Timeout=%d Session=%s\n", szChroot, szUser, szDev, szMount, Timeout, szSess); if (!access(szSess, F_OK)) { printf("cfexec already running ...\n"); return 127; } if (!argc) { switch (fork()) { case -1: printf("Error:: can`t execute safe mount #%d - %s\n", errno, strerror(errno)); return 3; case 0: VERB(5) printf("Info(5):: Go safe mount.\n"); setsid(); if (update(MNT_UPDATE) == -1) return 4; if ((f = mkevent(&chg, &evt)) == -1) return 5; if (Timeout) { memset(&ts, 0, sizeof ts); ts.tv_sec = Timeout; } switch (kevent(kq, &chg, 1, &evt, 1, !Timeout ? NULL : &ts)) { case -1: printf("Error:: can`t execute safe mount #%d - %s\n", errno, strerror(errno)); stat = 7; break; case 0: VERB(1) printf("Timeout reached - secure mount\n"); default: VERB(1) printf("Lock file is deleted - secure mount\n"); if (update(MNT_UPDATE | MNT_RDONLY) == -1) stat = 8; } close(kq); close(f); unlink(szSess); break; } } else { /* sigemptyset(&sig); sigaddset(&sig, SIGINT); sigaddset(&sig, SIGTSTP); sigprocmask(SIG_BLOCK, &sig, &oldsig); */ if (update(MNT_UPDATE) == -1) return 4; switch ((pid = vfork())) { case -1: printf("Error:: can`t execute safe mount #%d - %s\n", errno, strerror(errno)); return 5; case 0: VERB(5) printf("Go to running process %s\n", *argv); if (chroot(szChroot) == -1) { printf("Error:: can`t chroot to dir %s #%d - %s\n", szChroot, errno, strerror(errno)); } else { if (strncmp(szUser, "root", 5)) setuser(); /* chdir("/"); */ execvp(*argv, argv); } _exit(127); break; default: waitpid(pid, &stat, 0); VERB(3) printf("Return code: %d\n", stat); if (stat == 32512) stat = 127; if (update(MNT_UPDATE | MNT_RDONLY) == -1) return 8; } // sigprocmask(SIG_SETMASK, &oldsig, NULL); } return stat; }