File:  [ELWIX - Embedded LightWeight unIX -] / embedtools / src / cfexec.c
Revision 1.1.1.1.2.4: download - view: text, annotated - select for diffs - revision graph
Mon Sep 20 23:15:06 2010 UTC (14 years, 1 month ago) by misho
Branches: tools1_0
Diff to: branchpoint 1.1.1.1: preferred, unified
remove chdir to root if cfexec with cmdline

/*************************************************************************
 * (C) 2009 AITNET - Sofia/Bulgaria - <office@aitbg.com>
 *  by Michael Pounov <misho@aitbg.com>
 *
 * $Author: misho $
 * $Id: cfexec.c,v 1.1.1.1.2.4 2010/09/20 23:15:06 misho Exp $
 *
 *************************************************************************/
#include "global.h"


sl_config cfg;
int Verbose, Timeout, kq;
char szUser[MAX_STR], szMount[MAXPATHLEN], szDev[MAXPATHLEN], 
     szChroot[MAXPATHLEN], szSess[MAXPATHLEN], szConfig[MAXPATHLEN];
extern char compiled[], compiledby[], compilehost[];


static void Usage()
{

	printf(	"CFExec is tool for managment R/W operation with CompactFlash\n"
		"=== %s === %s@%s ===\n\n"
		"  Syntax: cfexec [options] [exec_file]\n\n"
		"\t-v\t\tVerbose ...\n"
		"\t-c <dir>\tAfter execute chroot to dir [default=/]\n"
		"\t-u <user>\tAfter execute suid to user [default=root]\n"
		"\t-d <dev>\tOther device [default=/dev/ufs/AITBSDonCF]\n"
		"\t-m <mnt>\tOther mount dir [default=/cf]\n"
		"\t-t <sec>\tTimeout for autolock mount dir after seconds [default=300]\n"
		"\n", compiled, compiledby, compilehost);
}

static int update(int flags)
{
	struct ufs_args mnt;

	memset(&mnt, 0, sizeof mnt);
	mnt.fspec = szDev;
	if (mount("ufs", szMount, flags, &mnt) == -1) {
		printf("Error:: can`t update mount %s #%d - %s\n", szMount, errno, strerror(errno));
		return -1;
	}

	VERB(5) printf("Info(5):: safe mount for device %s to %s operation (%s)\n", 
			szDev, szMount, (flags & MNT_RDONLY) ? "ro" : "rw");
	return 0;
}

static void setuser()
{
	struct passwd *pw;

	pw = getpwnam(szUser);
	if (pw) {
		setuid(pw->pw_uid);
		setgid(pw->pw_gid);
		endpwent();

		VERB(5) printf("Info(5):: Suid to user %s.\n", szUser);
	} else
		VERB(5) printf("Info(5):: Can`t suid to user %s !\n", szUser);
}

static int mkevent(struct kevent *chg, struct kevent *evt)
{
	int f;
	char szStr[MAX_STR];

	f = open(szSess, O_CREAT | O_WRONLY | O_TRUNC, 0644);
	if (f == -1) {
		printf("Error:: can`t lock session #%d - %s\n", errno, strerror(errno));
		return -1;
	} else {
		memset(szStr, 0, MAX_STR);
		snprintf(szStr, MAX_STR, "%d", getpid());
		write(f, szStr, strlen(szStr));
	}
	VERB(3) printf("Created lock file %s\n", szSess);

	kq = kqueue();
	if (kq == -1) {
		printf("Error:: can`t execute safe mount #%d - %s\n", errno, strerror(errno));
		close(f);
		unlink(szSess);
		return -1;
	} else {
		memset(chg, 0, sizeof(struct kevent));
		memset(evt, 0, sizeof(struct kevent));

		EV_SET(chg, f, EVFILT_VNODE, EV_ADD, NOTE_DELETE | NOTE_RENAME | NOTE_REVOKE, 0, NULL);
	}

	return f;
}

// ---------------------------------

int main(int argc, char **argv)
{
	char ch;
	const char *err;
	struct kevent chg, evt;
	struct timespec ts;
	pid_t pid;
	int f, stat = 0;
//	sigset_t sig, oldsig;

	strlcpy(szConfig, DEFAULT_CONFIG, MAXPATHLEN);
	// Load variables from config if exists
	if (!LoadConfig(szConfig, &cfg)) {
		cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("timeout"), CFG(szUser), MAX_STR, DEFAULT_TIMEOUT);
		Timeout = strtonum(szUser, 0, 3600, &err);
		if (!Timeout && err) {
			printf("Error:: in seconds for timeout %s - %s\n", optarg, err);
			UnloadConfig(&cfg);
			return 1;
		}
		cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("suid"), CFG(szUser), MAX_STR, DEFAULT_USER);
		cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("mount"), CFG(szMount), MAXPATHLEN, DEFAULT_MOUNT);
		cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("device"), CFG(szDev), MAXPATHLEN, DEFAULT_DEVICE);
		cfg_LoadAttribute(&cfg, CFG("cfexec"), CFG("chroot"), CFG(szChroot), MAXPATHLEN, DEFAULT_CHROOT);

		UnloadConfig(&cfg);
	} else {
		Timeout = atoi(DEFAULT_TIMEOUT);
		strlcpy(szUser, DEFAULT_USER, MAX_STR);
		strlcpy(szMount, DEFAULT_MOUNT, MAXPATHLEN);
		strlcpy(szDev, DEFAULT_DEVICE, MAXPATHLEN);
		strlcpy(szChroot, DEFAULT_CHROOT, MAXPATHLEN);
	}

	// Load variables from arguments if exists
	while ((ch = getopt(argc, argv, "hvu:c:d:m:t:")) != -1)
		switch (ch) {
			case 'v':
				Verbose++;
				break;
			case 'u':
				strlcpy(szUser, optarg, MAX_STR);
				break;
			case 'c':
				strlcpy(szChroot, optarg, MAXPATHLEN);
				break;
			case 'd':
				strlcpy(szDev, optarg, MAXPATHLEN);
				break;
			case 'm':
				strlcpy(szMount, optarg, MAXPATHLEN);
				break;
			case 't':
				Timeout = strtonum(optarg, 0, 3600, &err);
				if (!Timeout && err) {
					printf("Error:: in seconds for timeout %s - %s\n",
							optarg, err);
					return 1;
				}
				break;
			case 'h':
			default:
				Usage();
				return 1;
		}
	argc -= optind;
	argv += optind;

	memset(szSess, 0, MAXPATHLEN);
	snprintf(szSess, MAXPATHLEN, "%s%s-cfexec.LCK", DEFAULT_TMP, szMount);

	VERB(3) printf("Info(3):: Chroot=%s SUID=%s Device=%s Mount=%s Timeout=%d Session=%s\n", 
			szChroot, szUser, szDev, szMount, Timeout, szSess);

	if (!access(szSess, F_OK)) {
		printf("cfexec already running ...\n");
		return 127;
	}

	if (!argc) {
		switch (fork()) {
			case -1:
				printf("Error:: can`t execute safe mount #%d - %s\n", 
						errno, strerror(errno));
				return 3;
			case 0:
				VERB(5) printf("Info(5):: Go safe mount.\n");
				setsid();

				if (update(MNT_UPDATE) == -1)
					return 4;

				if ((f = mkevent(&chg, &evt)) == -1)
					return 5;

				if (Timeout) {
					memset(&ts, 0, sizeof ts);
					ts.tv_sec = Timeout;
				}
				switch (kevent(kq, &chg, 1, &evt, 1, !Timeout ? NULL : &ts)) {
					case -1:
						printf("Error:: can`t execute safe mount #%d - %s\n", 
								errno, strerror(errno));
						stat = 7;
						break;
					case 0:
						VERB(1) printf("Timeout reached - secure mount\n");
					default:
						VERB(1) printf("Lock file is deleted - secure mount\n");
						if (update(MNT_UPDATE | MNT_RDONLY) == -1)
							stat = 8;
				}

				close(kq);
				close(f);
				unlink(szSess);
				break;
		}
	} else {
		/*
		sigemptyset(&sig);
		sigaddset(&sig, SIGINT);
		sigaddset(&sig, SIGTSTP);
		sigprocmask(SIG_BLOCK, &sig, &oldsig);
		*/

		if (update(MNT_UPDATE) == -1)
			return 4;

		switch ((pid = vfork())) {
			case -1:
				printf("Error:: can`t execute safe mount #%d - %s\n", 
						errno, strerror(errno));
				return 5;
			case 0:
				VERB(5) printf("Go to running process %s\n", *argv);
				if (chroot(szChroot) == -1) {
					printf("Error:: can`t chroot to dir %s #%d - %s\n", 
							szChroot, errno, strerror(errno));
				} else {
					if (strncmp(szUser, "root", 5))
						setuser();

					/* chdir("/"); */
					execvp(*argv, argv);
				}
				_exit(127);
				break;
			default:
				waitpid(pid, &stat, 0);
				VERB(3) printf("Return code: %d\n", stat);
				if (stat == 32512) 
					stat = 127;

				if (update(MNT_UPDATE | MNT_RDONLY) == -1)
					return 8;
		}

//		sigprocmask(SIG_SETMASK, &oldsig, NULL);
	}

	return stat;
}

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>