1: /*************************************************************************
2: * (C) 2009 AITNET - Sofia/Bulgaria - <office@aitbg.com>
3: * by Michael Pounov <misho@aitbg.com>
4: *
5: * $Author: misho $
6: * $Id: cfexec.c,v 1.2.2.1 2011/06/13 20:04:12 misho Exp $
7: *
8: *************************************************************************/
9: #include "global.h"
10:
11:
12: sl_config cfg;
13: int Verbose, Timeout, kq;
14: char szUser[MAX_STR], szMount[MAXPATHLEN], szDev[MAXPATHLEN],
15: szChroot[MAXPATHLEN], szSess[MAXPATHLEN], szConfig[MAXPATHLEN];
16: extern char compiled[], compiledby[], compilehost[];
17:
18:
19: static void Usage()
20: {
21:
22: printf( "CFExec is tool for managment R/W operation with CompactFlash\n"
23: "=== %s === %s@%s ===\n\n"
24: " Syntax: cfexec [options] [exec_file]\n\n"
25: "\t-v\t\tVerbose ...\n"
26: "\t-c <dir>\tAfter execute chroot to dir [default=/]\n"
27: "\t-u <user>\tAfter execute suid to user [default=root]\n"
28: "\t-d <dev>\tOther device [default=/dev/ufs/elwix]\n"
29: "\t-m <mnt>\tOther mount dir [default=/cf]\n"
30: "\t-t <sec>\tTimeout for autolock mount dir after seconds [default=300]\n"
31: "\n", compiled, compiledby, compilehost);
32: }
33:
34: static int update(int flags)
35: {
36: struct ufs_args mnt;
37:
38: memset(&mnt, 0, sizeof mnt);
39: mnt.fspec = szDev;
40: #ifdef __NetBSD__
41: if (mount("ufs", szMount, flags, &mnt, sizeof mnt) == -1) {
42: #else
43: if (mount("ufs", szMount, flags, &mnt) == -1) {
44: #endif
45: printf("Error:: can`t update mount %s #%d - %s\n", szMount, errno, strerror(errno));
46: return -1;
47: }
48:
49: VERB(5) printf("Info(5):: safe mount for device %s to %s operation (%s)\n",
50: szDev, szMount, (flags & MNT_RDONLY) ? "ro" : "rw");
51: return 0;
52: }
53:
54: static void setuser()
55: {
56: struct passwd *pw;
57:
58: pw = getpwnam(szUser);
59: if (pw) {
60: setuid(pw->pw_uid);
61: setgid(pw->pw_gid);
62: endpwent();
63:
64: VERB(5) printf("Info(5):: Suid to user %s.\n", szUser);
65: } else
66: VERB(5) printf("Info(5):: Can`t suid to user %s !\n", szUser);
67: }
68:
69: static int mkevent(struct kevent *chg, struct kevent *evt)
70: {
71: int f;
72: char szStr[MAX_STR];
73:
74: f = open(szSess, O_CREAT | O_WRONLY | O_TRUNC, 0644);
75: if (f == -1) {
76: printf("Error:: can`t lock session #%d - %s\n", errno, strerror(errno));
77: return -1;
78: } else {
79: memset(szStr, 0, MAX_STR);
80: snprintf(szStr, MAX_STR, "%d", getpid());
81: write(f, szStr, strlen(szStr));
82: }
83: VERB(3) printf("Created lock file %s\n", szSess);
84:
85: kq = kqueue();
86: if (kq == -1) {
87: printf("Error:: can`t execute safe mount #%d - %s\n", errno, strerror(errno));
88: close(f);
89: unlink(szSess);
90: return -1;
91: } else {
92: memset(chg, 0, sizeof(struct kevent));
93: memset(evt, 0, sizeof(struct kevent));
94:
95: EV_SET(chg, f, EVFILT_VNODE, EV_ADD, NOTE_DELETE | NOTE_RENAME | NOTE_REVOKE, 0, (intptr_t) NULL);
96: }
97:
98: return f;
99: }
100:
101: // ---------------------------------
102:
103: int main(int argc, char **argv)
104: {
105: char ch;
106: const char *err = NULL;
107: struct kevent chg, evt;
108: struct timespec ts;
109: pid_t pid;
110: int f, stat = 0;
111: // sigset_t sig, oldsig;
112:
113: strlcpy(szConfig, DEFAULT_CONFIG, MAXPATHLEN);
114: // Load variables from config if exists
115: if (!LoadConfig(szConfig, &cfg)) {
116: cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("timeout"), CFG(szUser), MAX_STR, DEFAULT_TIMEOUT);
117: #ifndef HAVE_STRTONUM
118: Timeout = (int) strtol(szUser, NULL, 0);
119: #else
120: Timeout = strtonum(szUser, 0, 3600, &err);
121: #endif
122: if (!Timeout && err) {
123: printf("Error:: in seconds for timeout %s - %s\n", optarg, err);
124: UnloadConfig(&cfg);
125: return 1;
126: }
127: cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("suid"), CFG(szUser), MAX_STR, DEFAULT_USER);
128: cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("mount"), CFG(szMount), MAXPATHLEN, DEFAULT_MOUNT);
129: cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("device"), CFG(szDev), MAXPATHLEN, DEFAULT_DEVICE);
130: cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("chroot"), CFG(szChroot), MAXPATHLEN, DEFAULT_CHROOT);
131:
132: UnloadConfig(&cfg);
133: } else {
134: Timeout = atoi(DEFAULT_TIMEOUT);
135: strlcpy(szUser, DEFAULT_USER, MAX_STR);
136: strlcpy(szMount, DEFAULT_MOUNT, MAXPATHLEN);
137: strlcpy(szDev, DEFAULT_DEVICE, MAXPATHLEN);
138: strlcpy(szChroot, DEFAULT_CHROOT, MAXPATHLEN);
139: }
140:
141: // Load variables from arguments if exists
142: while ((ch = getopt(argc, argv, "hvu:c:d:m:t:")) != -1)
143: switch (ch) {
144: case 'v':
145: Verbose++;
146: break;
147: case 'u':
148: strlcpy(szUser, optarg, MAX_STR);
149: break;
150: case 'c':
151: strlcpy(szChroot, optarg, MAXPATHLEN);
152: break;
153: case 'd':
154: strlcpy(szDev, optarg, MAXPATHLEN);
155: break;
156: case 'm':
157: strlcpy(szMount, optarg, MAXPATHLEN);
158: break;
159: case 't':
160: #ifndef HAVE_STRTONUM
161: Timeout = (int) strtol(szUser, NULL, 0);
162: #else
163: Timeout = strtonum(optarg, 0, 3600, &err);
164: #endif
165: if (!Timeout && err) {
166: printf("Error:: in seconds for timeout %s - %s\n",
167: optarg, err);
168: return 1;
169: }
170: break;
171: case 'h':
172: default:
173: Usage();
174: return 1;
175: }
176: argc -= optind;
177: argv += optind;
178:
179: memset(szSess, 0, MAXPATHLEN);
180: snprintf(szSess, MAXPATHLEN, "%s%s-cfexec.LCK", DEFAULT_TMP, szMount);
181:
182: VERB(3) printf("Info(3):: Chroot=%s SUID=%s Device=%s Mount=%s Timeout=%d Session=%s\n",
183: szChroot, szUser, szDev, szMount, Timeout, szSess);
184:
185: if (!access(szSess, F_OK)) {
186: printf("cfexec already running ...\n");
187: return 127;
188: }
189:
190: if (!argc) {
191: switch (fork()) {
192: case -1:
193: printf("Error:: can`t execute safe mount #%d - %s\n",
194: errno, strerror(errno));
195: return 3;
196: case 0:
197: VERB(5) printf("Info(5):: Go safe mount.\n");
198: setsid();
199:
200: if (update(MNT_UPDATE) == -1)
201: return 4;
202:
203: if ((f = mkevent(&chg, &evt)) == -1)
204: return 5;
205:
206: if (Timeout) {
207: memset(&ts, 0, sizeof ts);
208: ts.tv_sec = Timeout;
209: }
210: switch (kevent(kq, &chg, 1, &evt, 1, !Timeout ? NULL : &ts)) {
211: case -1:
212: printf("Error:: can`t execute safe mount #%d - %s\n",
213: errno, strerror(errno));
214: stat = 7;
215: break;
216: case 0:
217: VERB(1) printf("Timeout reached - secure mount\n");
218: default:
219: VERB(1) printf("Lock file is deleted - secure mount\n");
220: if (update(MNT_UPDATE | MNT_RDONLY) == -1)
221: stat = 8;
222: }
223:
224: close(kq);
225: close(f);
226: unlink(szSess);
227: break;
228: }
229: } else {
230: /*
231: sigemptyset(&sig);
232: sigaddset(&sig, SIGINT);
233: sigaddset(&sig, SIGTSTP);
234: sigprocmask(SIG_BLOCK, &sig, &oldsig);
235: */
236:
237: if (update(MNT_UPDATE) == -1)
238: return 4;
239:
240: switch ((pid = vfork())) {
241: case -1:
242: printf("Error:: can`t execute safe mount #%d - %s\n",
243: errno, strerror(errno));
244: return 5;
245: case 0:
246: VERB(5) printf("Go to running process %s\n", *argv);
247: if (chroot(szChroot) == -1) {
248: printf("Error:: can`t chroot to dir %s #%d - %s\n",
249: szChroot, errno, strerror(errno));
250: } else {
251: if (strncmp(szUser, "root", 5))
252: setuser();
253:
254: /* chdir("/"); */
255: execvp(*argv, argv);
256: }
257: _exit(127);
258: break;
259: default:
260: waitpid(pid, &stat, 0);
261: VERB(3) printf("Return code: %d\n", stat);
262: if (stat == 32512)
263: stat = 127;
264:
265: if (update(MNT_UPDATE | MNT_RDONLY) == -1)
266: return 8;
267: }
268:
269: // sigprocmask(SIG_SETMASK, &oldsig, NULL);
270: }
271:
272: return stat;
273: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to cfexec.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedtools / src