--- suX/src/sux.c 2013/04/09 15:59:44 1.4 +++ suX/src/sux.c 2015/06/17 14:14:17 1.6 @@ -3,7 +3,7 @@ * by Michael Pounov * * $Author: misho $ - * $Id: sux.c,v 1.4 2013/04/09 15:59:44 misho Exp $ + * $Id: sux.c,v 1.6 2015/06/17 14:14:17 misho Exp $ * *************************************************************************/ #include "global.h" @@ -26,7 +26,7 @@ Log(int lvl, const char *fmt, ...) vfprintf(lf, fmt, lst); va_end(lst); fprintf(lf, "\n"); - vsyslog(LOG_WARNING, fmt, cp); + vsyslog(LOG_INFO, fmt, cp); va_end(cp); } } @@ -48,8 +48,9 @@ Err(const char *fmt, ...) static inline void DumpProc(const char *txt) { - Log(0, "%s:: UID:GID=%d:%d Prio=%d Class=%s Name=%s Dir=%s Cmd=%s Script=%s From=%s:%s%s", - txt ? txt : __func__, AIT_GET_I16(&proc.proc_uid), + Log(1, "%s:: uid:gid=%d:%d UID:GID=%d:%d Prio=%d Class=%s Name=%s Dir=%s Cmd=%s " + "Script=%s From=%s:%s Get=%s", txt ? txt : __func__, + geteuid(), getegid(), AIT_GET_I16(&proc.proc_uid), AIT_GET_I16(&proc.proc_gid), AIT_GET_I32(&proc.proc_prio), AIT_GET_STR(&proc.proc_class), AIT_GET_STR(&proc.proc_name), AIT_GET_STR(&proc.proc_dir), AIT_GET_STR(&proc.proc_cmd), @@ -57,17 +58,14 @@ DumpProc(const char *txt) getenv("REMOTE_PORT"), getenv("REQUEST_URI")); } -static void +static int initProg() { - char d[MAXPATHLEN]; - AIT_SET_I16(&proc.proc_uid, getuid()); AIT_SET_I16(&proc.proc_gid, getgid()); AIT_SET_I32(&proc.proc_prio, getpriority(PRIO_PROCESS, 0)); AIT_INIT_VAL2(&proc.proc_class, string); - getcwd(d, sizeof d); - AIT_SET_STR(&proc.proc_dir, d); + AIT_INIT_VAL2(&proc.proc_dir, string); AIT_INIT_VAL2(&proc.proc_name, string); AIT_INIT_VAL2(&proc.proc_cmd, string); @@ -78,6 +76,7 @@ initProg() lf = stdout; openlog(PACKAGE_NAME, LOG_CONS | LOG_PID | LOG_NDELAY, LOG_USER); + return 0; } static void @@ -97,7 +96,7 @@ Usage() { printf( " -= suX =- suExecutor designed for web based applicaions\n" "(C)`11 AITNET ltd - Sofia/Bulgaria - \n\n" - " Syntax: %s [options] [arguments]\n" + " Syntax: %s [options] [arguments]\n" "\t-u \t\t\tUser for suID\n" "\t-g \t\t\tGroup for suID\n" "\t-p \t\tExecute with priority\n" @@ -114,22 +113,38 @@ static inline int setUIDGID(char flg, const char *name) { struct stat sb; + struct passwd *pass; + short uid, gid; - if (stat(name, &sb) == -1) { - ESYSERR(0); - return -1; + if (name) { + if (stat(name, &sb) == -1) { + ESYSERR(0); + return -1; + } + uid = sb.st_uid; + gid = sb.st_gid; + } else { + pass = getpwnam(getenv("SUX_USER") ? getenv("SUX_USER") : DEFAULT_SUX_USER); + if (!pass) { + Err("Error:: User %s not found", getenv("SUX_USER")); + endpwent(); + return -1; + } + uid = pass->pw_uid; + gid = pass->pw_gid; + endpwent(); } if (!(flg & SUX_GET_UID)) - AIT_SET_I16(&proc.proc_uid, sb.st_uid); + AIT_SET_I16(&proc.proc_uid, uid); if (!(flg & SUX_GET_GID)) - AIT_SET_I16(&proc.proc_gid, sb.st_gid); + AIT_SET_I16(&proc.proc_gid, gid); return 0; } static inline int -SetClass() +setClassDir() { struct passwd *pass; int ret = 0; @@ -137,16 +152,17 @@ SetClass() pass = getpwuid(AIT_GET_I16(&proc.proc_uid)); if (!pass) { Err("Error:: User with this UID %d not found", AIT_GET_I16(&proc.proc_uid)); - endpwent(); - return -1; - } else + ret = -1; + } else { AIT_SET_STR(&proc.proc_class, pass->pw_class); + AIT_SET_STR(&proc.proc_dir, pass->pw_dir); - if (setusercontext(NULL, pass, AIT_GET_I16(&proc.proc_uid), - LOGIN_SETRESOURCES | LOGIN_SETGROUP | LOGIN_SETLOGIN | - LOGIN_SETPRIORITY)) { - Err("Error:: Cant set login class %s", AIT_GET_STR(&proc.proc_class)); - ret = -1; + if (setusercontext(NULL, pass, AIT_GET_I16(&proc.proc_uid), + LOGIN_SETLOGIN | LOGIN_SETGROUP | LOGIN_SETUSER | + LOGIN_SETPRIORITY | LOGIN_SETRESOURCES)) { + Err("Error:: Can't set login class %s", AIT_GET_STR(&proc.proc_class)); + ret = -1; + } } endpwent(); @@ -166,19 +182,16 @@ LoadCfgData(char flg) } if (!strcasecmp(str, "SCRIPT")) { mode = 1; - if (setUIDGID(flg, AIT_GET_STR(&proc.proc_name)) == -1) + if (setUIDGID(flg, (getenv("SUX_USER") ? NULL : getenv("PATH_TRANSLATED"))) == -1) return -1; } else if (!strcasecmp(str, "FILE")) { mode = 2; if (setUIDGID(flg, AIT_GET_STR(&proc.proc_name)) == -1) return -1; - } else if (!strcasecmp(str, "DIR") && - (str = cfg_getAttribute(&cfg, "global", "directory"))) { + } else if (!strcasecmp(str, "DIR")) { mode = 3; - if (!(flg & SUX_GET_DIR)) - AIT_SET_STR(&proc.proc_dir, str); - - if (setUIDGID(flg, AIT_GET_STR(&proc.proc_dir)) == -1) + str = AIT_GET_STR(&proc.proc_dir) ? AIT_GET_STR(&proc.proc_dir) : "."; + if (setUIDGID(flg, str) == -1) return -1; } else { Err("Error:: Unknown mode %s", str); @@ -200,7 +213,8 @@ LoadCfgData(char flg) ELIBERR(cfg); return -1; case 0: - cfg_loadAttribute(&cfg, "associate", "default", &proc.proc_cmd, DEFAULT_CMD); + cfg_loadAttribute(&cfg, "associate", "default", + &proc.proc_cmd, DEFAULT_CMD); } } else AIT_SET_STR(&proc.proc_cmd, DEFAULT_CMD); @@ -224,7 +238,9 @@ Run(char **argv, char flg) if (!(aarg = array_From((const char***) &argv, 0))) { array_Destroy(&acmd); return -1; - } else if (*array(acmd, 0, char*) == '!') { + } + /* '!' exclude associated wrapper aka direct args execution */ + if (*array(acmd, 0, char*) == '!') { if (array_Grow(acmd, 0, 0)) { array_Destroy(&aarg); array_Destroy(&acmd); @@ -234,7 +250,7 @@ Run(char **argv, char flg) } else cmd = array(acmd, 0, char*); - if (array_Concat(acmd, aarg) == -1) { + if (!(flg & SUX_GET_STDIN) && array_Concat(acmd, aarg) == -1) { array_Destroy(&aarg); array_Destroy(&acmd); return -1; @@ -246,31 +262,29 @@ Run(char **argv, char flg) } array_Destroy(&acmd); - if (SetClass()) { + if (setClassDir()) { if (args) e_free(args); return -1; } if (flg & SUX_GET_FORCE) { - /* if (setegid(AIT_GET_I16(&proc.proc_gid)) == -1) goto err; if (seteuid(AIT_GET_I16(&proc.proc_uid)) == -1) goto err; - */ if (setpriority(PRIO_PROCESS, 0, AIT_GET_I32(&proc.proc_prio)) == -1) goto err; } - DumpProc(__func__); - EVERBS(3) { char **el = args - 1; while (*++el) Log(3, "args: %s", *el); } + DumpProc(__func__); + fflush(lf); execve(cmd, args, environ); @@ -376,8 +390,12 @@ main(int argc, char **argv) return 1; } else AIT_SET_STR(&proc.proc_name, str); - } else + } else if (strcmp(*argv, "-")) AIT_SET_STR(&proc.proc_name, *argv); + else { + flg |= SUX_GET_STDIN; + AIT_SET_STR(&proc.proc_name, "-.stdin"); /* hack for associate to stdin */ + } Log(2, "Try to load config %s", szCfg); if (cfgLoadConfig(szCfg, &cfg)) { ELIBERR(cfg);