/*************************************************************************
* (C) 2009 AITNET - Sofia/Bulgaria - <office@aitbg.com>
* by Michael Pounov <misho@aitbg.com>
*
* $Author: misho $
* $Id: cfexec.c,v 1.1.1.1.2.4 2010/09/20 23:15:06 misho Exp $
*
*************************************************************************/
#include "global.h"
sl_config cfg;
int Verbose, Timeout, kq;
char szUser[MAX_STR], szMount[MAXPATHLEN], szDev[MAXPATHLEN],
szChroot[MAXPATHLEN], szSess[MAXPATHLEN], szConfig[MAXPATHLEN];
extern char compiled[], compiledby[], compilehost[];
static void Usage()
{
printf( "CFExec is tool for managment R/W operation with CompactFlash\n"
"=== %s === %s@%s ===\n\n"
" Syntax: cfexec [options] [exec_file]\n\n"
"\t-v\t\tVerbose ...\n"
"\t-c <dir>\tAfter execute chroot to dir [default=/]\n"
"\t-u <user>\tAfter execute suid to user [default=root]\n"
"\t-d <dev>\tOther device [default=/dev/ufs/AITBSDonCF]\n"
"\t-m <mnt>\tOther mount dir [default=/cf]\n"
"\t-t <sec>\tTimeout for autolock mount dir after seconds [default=300]\n"
"\n", compiled, compiledby, compilehost);
}
static int update(int flags)
{
struct ufs_args mnt;
memset(&mnt, 0, sizeof mnt);
mnt.fspec = szDev;
if (mount("ufs", szMount, flags, &mnt) == -1) {
printf("Error:: can`t update mount %s #%d - %s\n", szMount, errno, strerror(errno));
return -1;
}
VERB(5) printf("Info(5):: safe mount for device %s to %s operation (%s)\n",
szDev, szMount, (flags & MNT_RDONLY) ? "ro" : "rw");
return 0;
}
static void setuser()
{
struct passwd *pw;
pw = getpwnam(szUser);
if (pw) {
setuid(pw->pw_uid);
setgid(pw->pw_gid);
endpwent();
VERB(5) printf("Info(5):: Suid to user %s.\n", szUser);
} else
VERB(5) printf("Info(5):: Can`t suid to user %s !\n", szUser);
}
static int mkevent(struct kevent *chg, struct kevent *evt)
{
int f;
char szStr[MAX_STR];
f = open(szSess, O_CREAT | O_WRONLY | O_TRUNC, 0644);
if (f == -1) {
printf("Error:: can`t lock session #%d - %s\n", errno, strerror(errno));
return -1;
} else {
memset(szStr, 0, MAX_STR);
snprintf(szStr, MAX_STR, "%d", getpid());
write(f, szStr, strlen(szStr));
}
VERB(3) printf("Created lock file %s\n", szSess);
kq = kqueue();
if (kq == -1) {
printf("Error:: can`t execute safe mount #%d - %s\n", errno, strerror(errno));
close(f);
unlink(szSess);
return -1;
} else {
memset(chg, 0, sizeof(struct kevent));
memset(evt, 0, sizeof(struct kevent));
EV_SET(chg, f, EVFILT_VNODE, EV_ADD, NOTE_DELETE | NOTE_RENAME | NOTE_REVOKE, 0, NULL);
}
return f;
}
// ---------------------------------
int main(int argc, char **argv)
{
char ch;
const char *err;
struct kevent chg, evt;
struct timespec ts;
pid_t pid;
int f, stat = 0;
// sigset_t sig, oldsig;
strlcpy(szConfig, DEFAULT_CONFIG, MAXPATHLEN);
// Load variables from config if exists
if (!LoadConfig(szConfig, &cfg)) {
cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("timeout"), CFG(szUser), MAX_STR, DEFAULT_TIMEOUT);
Timeout = strtonum(szUser, 0, 3600, &err);
if (!Timeout && err) {
printf("Error:: in seconds for timeout %s - %s\n", optarg, err);
UnloadConfig(&cfg);
return 1;
}
cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("suid"), CFG(szUser), MAX_STR, DEFAULT_USER);
cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("mount"), CFG(szMount), MAXPATHLEN, DEFAULT_MOUNT);
cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("device"), CFG(szDev), MAXPATHLEN, DEFAULT_DEVICE);
cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("chroot"), CFG(szChroot), MAXPATHLEN, DEFAULT_CHROOT);
UnloadConfig(&cfg);
} else {
Timeout = atoi(DEFAULT_TIMEOUT);
strlcpy(szUser, DEFAULT_USER, MAX_STR);
strlcpy(szMount, DEFAULT_MOUNT, MAXPATHLEN);
strlcpy(szDev, DEFAULT_DEVICE, MAXPATHLEN);
strlcpy(szChroot, DEFAULT_CHROOT, MAXPATHLEN);
}
// Load variables from arguments if exists
while ((ch = getopt(argc, argv, "hvu:c:d:m:t:")) != -1)
switch (ch) {
case 'v':
Verbose++;
break;
case 'u':
strlcpy(szUser, optarg, MAX_STR);
break;
case 'c':
strlcpy(szChroot, optarg, MAXPATHLEN);
break;
case 'd':
strlcpy(szDev, optarg, MAXPATHLEN);
break;
case 'm':
strlcpy(szMount, optarg, MAXPATHLEN);
break;
case 't':
Timeout = strtonum(optarg, 0, 3600, &err);
if (!Timeout && err) {
printf("Error:: in seconds for timeout %s - %s\n",
optarg, err);
return 1;
}
break;
case 'h':
default:
Usage();
return 1;
}
argc -= optind;
argv += optind;
memset(szSess, 0, MAXPATHLEN);
snprintf(szSess, MAXPATHLEN, "%s%s-cfexec.LCK", DEFAULT_TMP, szMount);
VERB(3) printf("Info(3):: Chroot=%s SUID=%s Device=%s Mount=%s Timeout=%d Session=%s\n",
szChroot, szUser, szDev, szMount, Timeout, szSess);
if (!access(szSess, F_OK)) {
printf("cfexec already running ...\n");
return 127;
}
if (!argc) {
switch (fork()) {
case -1:
printf("Error:: can`t execute safe mount #%d - %s\n",
errno, strerror(errno));
return 3;
case 0:
VERB(5) printf("Info(5):: Go safe mount.\n");
setsid();
if (update(MNT_UPDATE) == -1)
return 4;
if ((f = mkevent(&chg, &evt)) == -1)
return 5;
if (Timeout) {
memset(&ts, 0, sizeof ts);
ts.tv_sec = Timeout;
}
switch (kevent(kq, &chg, 1, &evt, 1, !Timeout ? NULL : &ts)) {
case -1:
printf("Error:: can`t execute safe mount #%d - %s\n",
errno, strerror(errno));
stat = 7;
break;
case 0:
VERB(1) printf("Timeout reached - secure mount\n");
default:
VERB(1) printf("Lock file is deleted - secure mount\n");
if (update(MNT_UPDATE | MNT_RDONLY) == -1)
stat = 8;
}
close(kq);
close(f);
unlink(szSess);
break;
}
} else {
/*
sigemptyset(&sig);
sigaddset(&sig, SIGINT);
sigaddset(&sig, SIGTSTP);
sigprocmask(SIG_BLOCK, &sig, &oldsig);
*/
if (update(MNT_UPDATE) == -1)
return 4;
switch ((pid = vfork())) {
case -1:
printf("Error:: can`t execute safe mount #%d - %s\n",
errno, strerror(errno));
return 5;
case 0:
VERB(5) printf("Go to running process %s\n", *argv);
if (chroot(szChroot) == -1) {
printf("Error:: can`t chroot to dir %s #%d - %s\n",
szChroot, errno, strerror(errno));
} else {
if (strncmp(szUser, "root", 5))
setuser();
/* chdir("/"); */
execvp(*argv, argv);
}
_exit(127);
break;
default:
waitpid(pid, &stat, 0);
VERB(3) printf("Return code: %d\n", stat);
if (stat == 32512)
stat = 127;
if (update(MNT_UPDATE | MNT_RDONLY) == -1)
return 8;
}
// sigprocmask(SIG_SETMASK, &oldsig, NULL);
}
return stat;
}
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>