source: trunk/src/sh_extern.c@ 245

Last change on this file since 245 was 235, checked in by katerina, 15 years ago

Fix for potential deadlock when calling external programm (ticket #155).

File size: 34.4 KB
RevLine 
[1]1/* SAMHAIN file system integrity testing */
2/* Copyright (C) 2000,2004 Rainer Wichmann */
3/* */
4/* This program is free software; you can redistribute it */
5/* and/or modify */
6/* it under the terms of the GNU General Public License as */
7/* published by */
8/* the Free Software Foundation; either version 2 of the License, or */
9/* (at your option) any later version. */
10/* */
11/* This program is distributed in the hope that it will be useful, */
12/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
13/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
14/* GNU General Public License for more details. */
15/* */
16/* You should have received a copy of the GNU General Public License */
17/* along with this program; if not, write to the Free Software */
18/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20
21#include "config_xor.h"
22
23
24#include <stdio.h>
25#include <string.h>
26#ifdef HAVE_MEMORY_H
27#include <memory.h>
28#endif
29
30/* replace #if 0 by #if 1 and set an appropriate path in front of '/pdbg.'
31 * for debugging
32 */
[212]33#if 0
34#define PDGBFILE "/pdbg."
[1]35#endif
36
37
38#if defined(PDGBFILE)
39static FILE * pdbg = NULL;
40static FILE * pdbgc = NULL;
41#define PDBG_OPEN if (pdbg == NULL) pdbg = fopen(PDGBFILE"main", "a")
42#define PDBG_CLOSE fclose (pdbg); pdbg = NULL
43#define PDBG(arg) fprintf(pdbg, "PDBG: step %d\n", arg); fflush(pdbg)
44#define PDBG_D(arg) fprintf(pdbg, "PDBG: %d\n", arg); fflush(pdbg)
45#define PDBG_S(arg) fprintf(pdbg, "PDBG: %s\n", arg); fflush(pdbg)
46
47#define PDBGC_OPEN if (pdbgc == NULL) pdbgc = fopen(PDGBFILE"child", "a")
48#define PDBGC_CLOSE fclose (pdbgc); pdbgc = NULL
49#define PDBGC(arg) fprintf(pdbgc, "PDBGC: step %d\n", arg); fflush(pdbgc)
50#define PDBGC_D(arg) fprintf(pdbgc, "PDBGC: %d\n", arg); fflush(pdbgc)
51#define PDBGC_S(arg) fprintf(pdbgc, "PDBGC: %s\n", arg); fflush(pdbgc)
52#else
53#define PDBG_OPEN
54#define PDBG_CLOSE
55#define PDBG(arg)
56#define PDBG_D(arg)
57#define PDBG_S(arg)
58#define PDBGC_OPEN
59#define PDBGC_CLOSE
60#define PDBGC(arg)
61#define PDBGC_D(arg)
62#define PDBGC_S(arg)
63#endif
64
65
66#include <stdlib.h>
67#include <pwd.h>
68#include <unistd.h>
69#include <fcntl.h>
70#include <signal.h>
71#include <sys/stat.h>
72#include <sys/types.h>
73#include <errno.h>
74#include <sys/wait.h>
75
76#if TIME_WITH_SYS_TIME
77#include <sys/time.h>
78#include <time.h>
79#else
80#if HAVE_SYS_TIME_H
81#include <sys/time.h>
82#else
83#include <time.h>
84#endif
85#endif
86
87
88#include "samhain.h"
89#include "sh_utils.h"
90#include "sh_unix.h"
91#include "sh_tiger.h"
92#include "sh_extern.h"
93#include "sh_calls.h"
[215]94#include "sh_filter.h"
[1]95#define SH_NEED_PWD_GRP 1
96#include "sh_static.h"
97
98
99#undef FIL__
100#define FIL__ _("sh_extern.c")
101
102extern int get_the_fd (SL_TICKET ticket);
103
104/*
105 * -- generic safe popen
106 */
107
108int sh_ext_popen (sh_tas_t * task)
109{
110 long status = 0;
111 int flags;
112 char * tmp;
113 char * tmp2;
114 int errnum;
115 int pipedes[2];
116 FILE * outf = NULL;
117 char * envp[1];
[29]118 char * argp[2];
[1]119
120 char * errfile;
[132]121 char errbuf[SH_ERRBUF_SIZE];
[1]122
123 static int some_error = 0;
124
125#if defined (__linux__)
126 SL_TICKET fd = -1;
127 char pname[128];
128 int pfd = -1;
129#endif
[102]130
[1]131 SL_ENTER(_("sh_ext_popen"));
132
133 /* Linux, HP-UX and FreeBSD will happily accept envp = argp = NULL
134 * Solaris (and probably some other Unices)
135 * needs a valid *envp[] with envp[0] = NULL;
136 * and similarly for argp
[29]137 * OpenBSD finally needs non-null argp[0] ...
[1]138 */
[29]139 argp[0] = task->command;
140 argp[1] = NULL;
[1]141 envp[0] = NULL;
142
143 /*
144 * -- check whether path is trustworthy
145 */
[169]146 status = sl_trustfile(task->command, NULL, NULL);
147#if 0
[1]148 if ((uid_t) -1 != task->trusted_users[0])
149 {
150 status = sl_trustfile(task->command, task->trusted_users, NULL);
151 }
[169]152#endif
[1]153
154 PDBG_OPEN;
155 PDBG_D( (int) status);
156
157 if ( SL_ENONE != status)
158 {
159 PDBG_S("SL_ENONE != status");
160 if (some_error == 0)
161 {
162 tmp = sh_util_safe_name (task->command);
163 errfile = sl_trust_errfile();
164 if (errfile[0] != '\0')
165 {
166 tmp2 = sh_util_safe_name (sl_trust_errfile());
167 sh_error_handle((-1), FIL__, __LINE__, status, MSG_E_TRUST2,
168 sl_error_string((int)status), tmp, tmp2);
169 SH_FREE(tmp2);
170 }
171 else
172 {
173 sh_error_handle((-1), FIL__, __LINE__, status, MSG_E_TRUST1,
174 sl_error_string((int)status), tmp);
175 }
176 SH_FREE(tmp);
177 }
178 some_error = 1;
179 SL_RETURN ((-1), _("sh_ext_popen"));
180 }
181
182 PDBG(1);
183
184 /*
185 * -- check whether the checksum is correct; with linux emulate fdexec
186 */
[235]187#if ( !defined(__linux__) || ( defined(__linux__) && defined(HAVE_PTHREAD)) ) && !defined(SL_DEBUG)
[1]188 if (task->checksum[0] != '\0')
189 {
[133]190 char hashbuf[KEYBUF_SIZE];
[1]191 PDBG_S("checksum test");
192 if (0 != sl_strcmp(task->checksum,
[160]193 sh_tiger_hash (task->command, TIGER_FILE, TIGER_NOLIM,
[133]194 hashbuf, sizeof(hashbuf))
195 )
[1]196 )
197 {
198 PDBG_S("checksum mismatch");
199 if (some_error == 0)
200 {
201 tmp = sh_util_safe_name (task->command);
202 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_HASH, tmp);
203 SH_FREE(tmp);
204 }
205 some_error = 1;
206 SL_RETURN ((-1), _("sh_ext_popen"));
207 }
208 }
209#endif
210
211 some_error = 0;
212
213 PDBG(2);
214
215 /*
216 * -- Create the pipe
217 */
218 if (aud_pipe(FIL__, __LINE__, pipedes) < 0)
219 {
220 PDBG_S("pipe() failure");
221 errnum = errno;
222 sh_error_handle((-1), FIL__, __LINE__, errnum, MSG_E_SUBGEN,
[132]223 sh_error_message(errnum, errbuf, sizeof(errbuf)), _("pipe"));
[1]224 SL_RETURN ((-1), _("sh_ext_popen"));
225 }
226
227 PDBG(3);
[102]228
[1]229 /*
[102]230 * -- Flush streams and fork
[1]231 */
[102]232 fflush (NULL);
233
[1]234 task->pid = aud_fork(FIL__, __LINE__);
235
236 if (task->pid == (pid_t) - 1)
237 {
238 PDBG_S("fork() failure");
239 /*@-usedef@*/
240 (void) close(pipedes[0]);
241 (void) close(pipedes[1]);
242 /*@+usedef@*/
243 errnum = errno;
244 sh_error_handle((-1), FIL__, __LINE__, errnum, MSG_E_SUBGEN,
[132]245 sh_error_message(errnum, errbuf, sizeof(errbuf)), _("fork"));
[1]246 SL_RETURN ((-1), _("sh_ext_popen"));
247 }
248
249 PDBG(4);
250
251 if (task->pid == (pid_t) 0)
252 {
253 /*
254 * -- fork again, if requested
255 */
256 if (S_TRUE == task->fork_twice)
257 {
[235]258 task->pid = fork();
[1]259
260 if (task->pid == (pid_t) - 1)
261 {
[235]262 _exit (EXIT_FAILURE);
[1]263 }
264 }
265
266 if (task->pid == (pid_t) 0)
267 {
[235]268 int val_return;
269
[1]270 PDBGC_OPEN;
271 PDBGC(1);
272
273 /*
274 * -- grandchild - make write side of the pipe stdin
275 */
276 if (task->rw == 'w')
277 {
[235]278 do {
279 val_return = dup2 (pipedes[STDIN_FILENO], STDIN_FILENO);
280 } while (val_return < 0 && errno == EINTR);
281
282 if (val_return < 0)
283 _exit(EXIT_FAILURE);
[1]284 }
285 else
286 {
[235]287 do {
288 val_return = dup2 (pipedes[STDOUT_FILENO], STDOUT_FILENO);
289 } while (val_return < 0 && errno == EINTR);
290
291 if (val_return < 0)
292 _exit(EXIT_FAILURE);
[1]293 }
294 PDBGC(2);
295
296
297 /* close the pipe descriptors
298 */
299 (void) close (pipedes[STDIN_FILENO]);
300 (void) close (pipedes[STDOUT_FILENO]);
301
302 /* don't leak file descriptors
303 */
304#if !defined(PDGBFILE)
[174]305 sh_unix_closeall (3, task->com_fd, SL_TRUE); /* in child process */
[1]306#endif
307
308 /* drop root privileges, if possible && requested
309 */
310 if (task->privileged == 0 && 0 == getuid())
311 {
312 PDBGC_S("privileged");
313
314 /* zero priv info
315 */
316 memset(skey, 0, sizeof(sh_key_t));
317
[235]318 (void) setgid((gid_t) task->run_user_gid);
319 (void) setuid((uid_t) task->run_user_uid);
[1]320 /* make sure we cannot get root again
321 */
[235]322 if (setuid(0) >= 0)
323 _exit(EXIT_FAILURE);
[1]324 }
325
326 PDBGC(3);
327 (void) fflush(NULL);
328
329 if (task->rw == 'w')
330 {
331 PDBGC_S("w");
332 (void) fcntl (STDOUT_FILENO, F_SETFD, FD_CLOEXEC);
333 (void) fcntl (STDERR_FILENO, F_SETFD, FD_CLOEXEC);
334 /*
335 freopen(_("/dev/null"), "r+", stderr);
336 freopen(_("/dev/null"), "r+", stdout);
337 */
338 }
339 else
340 {
341 PDBGC_S("r");
[235]342 do {
343 val_return = dup2 (STDOUT_FILENO, STDERR_FILENO);
344 } while (val_return < 0 && errno == EINTR);
345
[1]346 (void) fcntl (STDIN_FILENO, F_SETFD, FD_CLOEXEC);
347 /*
348 freopen(_("/dev/null"), "r+", stdin);
349 */
350 }
351
352 PDBGC(4);
353
354
355#if defined(__linux__)
356 /*
357 * -- emulate an fdexec with checksum testing
358 */
[235]359
360#if !defined(HAVE_PTHREAD)
[1]361 if (task->checksum[0] != '\0')
[235]362#endif
[1]363 {
364 PDBGC_S("fexecve");
365 if (task->com_fd != (-1))
366 {
[235]367 do {
368 val_return = dup (task->com_fd);
369 } while (val_return < 0 && errno == EINTR);
370 pfd = val_return;
[1]371 if (pfd < 0)
372 {
[235]373 PDBGC_S("fexecve: dup failed");
374 _exit(EXIT_FAILURE);
[1]375 }
376 }
[235]377#if !defined(HAVE_PTHREAD)
[1]378 else
379 {
[133]380 char hashbuf[KEYBUF_SIZE];
381
[1]382 fd =
383 sl_open_read(task->command,
384 task->privileged==0 ? SL_NOPRIV : SL_YESPRIV);
[133]385
[1]386 if (0 != sl_strcmp(task->checksum,
387 sh_tiger_hash (task->command,
[160]388 fd, TIGER_NOLIM, hashbuf, sizeof(hashbuf))))
[1]389 {
390 PDBGC_S("fexecve: checksum mismatch");
[235]391 _exit(EXIT_FAILURE);
[1]392 }
393 pfd = get_the_fd(fd);
394 }
[235]395#endif
[1]396
397 PDBGC(5);
[22]398 sl_snprintf(pname, sizeof(pname), _("/proc/self/fd/%d"), pfd);
399 if (access(pname, R_OK|X_OK) == 0) /* flawfinder: ignore */
[1]400 {
401 PDBGC(6);
402 PDBGC_CLOSE;
403 fcntl (pfd, F_SETFD, FD_CLOEXEC);
[235]404 do {
405 val_return = execve (pname,
406 (task->argc == 0) ? NULL : task->argv,
407 (task->envc == 0) ? NULL : task->envv
408 );
409 } while (val_return < 0 && errno == EINTR);
[1]410
411 errnum = errno;
412 PDBGC_OPEN;
413 PDBGC_S(strerror(errnum));
414 PDBGC_S(task->command);
415 PDBGC_S("fexecve: failed");
416 PDBGC_CLOSE;
417 /* failed
418 */
[235]419 _exit(EXIT_FAILURE);
[1]420 }
421 PDBGC_S("fexecve: not working");
422 /*
423 * procfs not working, go ahead; checksum is tested already
424 */
425 if (fd != -1)
426 sl_close(fd);
427 else if (pfd != -1)
428 close(fd);
429 }
430#endif
431
432 PDBGC_S(" -- non fexecve --");
433 /*
434 * -- execute path if executable
435 */
[22]436 if (0 == access(task->command, R_OK|X_OK)) /* flawfinder: ignore */
[1]437 {
438 PDBGC(5);
439 PDBGC_CLOSE;
[235]440 do {
441 val_return = execve (task->command,
442 (task->argc == 0) ? argp : task->argv,
443 (task->envc == 0) ? envp : task->envv
444 );
445 } while (val_return < 0 && errno == EINTR);
[1]446 }
447 errnum = errno;
448 PDBGC_OPEN;
449 PDBGC_S(strerror(errnum));
450 PDBGC_S(task->command);
451 PDBGC_S("execve: failed");
452 PDBGC_CLOSE;
453 /* failed
454 */
[235]455 _exit(EXIT_FAILURE);
[1]456 }
457 /*
458 * if we have forked twice, this is parent::detached_subprocess
459 */
460 if (S_TRUE == task->fork_twice)
461 {
[235]462 _exit (0);
[1]463 }
464 }
465
466
467 /*
468 * -- parent; task->pid is child pid; exit status is status of
469 * grandchild if exited
470 */
471 if (S_TRUE == task->fork_twice)
472 {
473 (void) waitpid (task->pid, NULL, 0);
474 }
475
476 PDBG(5);
477 /* open an output stream on top of the write side of the pipe
478 */
479 if (task->rw == 'w')
480 {
481 PDBG_S("is w");
482 (void) close (pipedes[STDIN_FILENO]);
483 (void) retry_fcntl (FIL__, __LINE__, pipedes[STDOUT_FILENO],
484 F_SETFD, FD_CLOEXEC);
485 outf = fdopen (pipedes[STDOUT_FILENO], "w");
486 }
487 else
488 {
489 PDBG_S("is r");
490 (void) close (pipedes[STDOUT_FILENO]);
491 (void) retry_fcntl (FIL__, __LINE__, pipedes[STDIN_FILENO],
492 F_SETFD, FD_CLOEXEC);
493 outf = fdopen (pipedes[STDIN_FILENO], "r");
494 }
495
496 if (outf == NULL)
497 {
498 errnum = errno;
499 PDBG_S("outf == NULL");
500 tmp = sh_util_safe_name (task->command);
501
502 if (task->privileged == 0 && 0 == getuid())
503 sh_error_handle((-1), FIL__, __LINE__, errnum, MSG_NOEXEC,
504 (UID_CAST) task->run_user_uid, tmp);
505 else
506 sh_error_handle((-1), FIL__, __LINE__, errnum, MSG_NOEXEC,
507 (UID_CAST) getuid(), tmp);
508
509 SH_FREE(tmp);
510
511 (void) aud_kill (FIL__, __LINE__, task->pid, SIGKILL);
512 (void) close (pipedes[STDOUT_FILENO]);
513 (void) close (pipedes[STDIN_FILENO]);
514 (void) waitpid (task->pid, NULL, 0);
515 task->pid = 0;
516
517 SL_RETURN ((-1), _("sh_ext_popen"));
518 }
519
520 if (task->rw == 'w')
521 task->pipeFD = pipedes[STDOUT_FILENO];
522 else
523 task->pipeFD = pipedes[STDIN_FILENO];
524
525 PDBG_D(task->pipeFD);
526
527 task->pipeTI = sl_make_ticket(task->pipeFD, _("pipe"));
528
529 flags = (int) retry_fcntl (FIL__, __LINE__, task->pipeFD, F_GETFL, 0);
530 if (flags != (-1))
531 (void) retry_fcntl (FIL__, __LINE__, task->pipeFD,
532 F_SETFL, flags|O_NONBLOCK);
533 task->pipe = outf;
534
535 PDBG_S("return from popen");
536 PDBG_CLOSE;
537
538 SL_RETURN (0, _("sh_ext_popen"));
539}
540
541/*
542 * -- close the pipe
543 */
544extern int flag_err_debug;
545
546int sh_ext_pclose (sh_tas_t * task)
547{
548 int status = 0;
549 int retry = 0;
550 pid_t retval;
551 char infomsg[256];
552
553 SL_ENTER(_("sh_ext_pclose"));
554
[211]555 PDBG_OPEN;
[1]556 PDBG_S(" -> pclose");
557 (void) fflush(task->pipe);
558 (void) fclose(task->pipe);
559 if (!SL_ISERROR(task->pipeTI))
560 (void) sl_close(task->pipeTI);
561
562 task->pipe = NULL;
563 task->pipeFD = (-1);
564 task->pipeTI = SL_ETICKET;
565
566 if (S_FALSE == task->fork_twice)
567 {
568 infomsg[0] = '\0';
569
570 nochmal:
571 retval = waitpid(task->pid, &(task->exit_status), WNOHANG|WUNTRACED);
572 /*@-bufferoverflowhigh@*/
573 if (task->pid == retval)
574 {
[96]575#ifndef USE_UNO
[1]576 if (WIFEXITED(task->exit_status) != 0)
577 {
578 task->exit_status = WEXITSTATUS(task->exit_status);
579 if ((flag_err_debug == SL_TRUE) || (task->exit_status != 0))
[22]580 sl_snprintf(infomsg, sizeof(infomsg),
581 _("Subprocess exited normally with status %d"),
582 task->exit_status);
[1]583 }
584 else if (WIFSIGNALED(task->exit_status) != 0)
585 {
[22]586 sl_snprintf(infomsg, sizeof(infomsg),
587 _("Subprocess terminated by signal %d"),
588 WTERMSIG(task->exit_status));
[1]589 task->exit_status = EXIT_FAILURE;
590 }
591 else if (WIFSTOPPED(task->exit_status) != 0)
592 {
[22]593 sl_snprintf(infomsg, sizeof(infomsg),
594 _("Subprocess stopped by signal %d, killing"),
595 WSTOPSIG(task->exit_status));
[1]596 task->exit_status = EXIT_FAILURE;
597 (void) aud_kill (FIL__, __LINE__, task->pid, 9);
598 (void) retry_msleep (0, 30);
599 (void) waitpid (task->pid, NULL, WNOHANG|WUNTRACED);
600 }
601 else
602 {
[22]603 sl_snprintf(infomsg, sizeof(infomsg),
604 _("Subprocess exit status unknown"));
[1]605 task->exit_status = EXIT_FAILURE;
606 }
[96]607#else
608 task->exit_status = EXIT_FAILURE;
609#endif
[1]610 }
611 else if (0 == retval)
612 {
613 if (retry < 3)
614 {
615 ++retry;
616 (void) retry_msleep(0, (retry * 30));
617 goto nochmal;
618 }
619 (void) aud_kill (FIL__, __LINE__, task->pid, 9);
[22]620 sl_snprintf(infomsg, sizeof(infomsg),
621 _("Subprocess not yet exited, killing"));
[1]622 task->exit_status = EXIT_FAILURE;
623 (void) waitpid (task->pid, NULL, 0);
624 }
625 else
626 {
[22]627 sl_snprintf(infomsg, sizeof(infomsg),
628 _("Waitpid returned error %d\n"), errno);
[1]629 task->exit_status = EXIT_FAILURE;
630 }
631 /*@+bufferoverflowhigh@*/
632 status = task->exit_status;
633 if (flag_err_debug == SL_TRUE)
634 {
635 sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, task->exit_status,
636 MSG_E_SUBGEN, infomsg, _("sh_ext_pclose"));
637 }
638 else if (status != 0)
639 {
640 sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, task->exit_status,
641 MSG_E_SUBGEN, infomsg, _("sh_ext_pclose"));
642 }
643 }
644
645 task->pid = 0;
646 task->exit_status = 0;
647 PDBG_S(" <--");
648 PDBG_CLOSE;
649 SL_RETURN (status, _("sh_ext_pclose"));
650}
651
652void sh_ext_tas_init (sh_tas_t * tas)
653{
654 int i;
655
656 tas->command = NULL;
657 tas->argc = 0;
658 tas->envc = 0;
659 tas->checksum[0] = '\0';
660 tas->pipeFD = (-1);
661 tas->pipeTI = SL_ETICKET;
662 tas->pid = (pid_t) -1;
663 tas->privileged = 1;
664 tas->pipe = NULL;
665 tas->rw = 'w';
666 tas->exit_status = 0;
667 tas->fork_twice = S_TRUE;
668
669 for (i = 0; i < 32; ++i)
670 {
671 tas->argv[i] = NULL;
672 tas->envv[i] = NULL;
[169]673#if 0
[1]674 tas->trusted_users[i] = (uid_t) -1;
[169]675#endif
[1]676 }
677
678 tas->run_user_uid = (uid_t) getuid();
679 tas->run_user_gid = (gid_t) getgid();
680
681 tas->com_fd = -1;
682 tas->com_ti = -1;
683 return;
684}
685
686
[22]687int sh_ext_tas_add_envv(sh_tas_t * tas, const char * key, const char * val)
[1]688{
689 size_t sk = 0, sv = 0;
690 int si;
691
692 SL_ENTER(_("sh_ext_tas_add_envv"));
693
694 if (tas == NULL || (key == NULL && val == NULL) ||
695 tas->envc >= 30)
696 {
697 SL_RETURN (-1, _("sh_ext_tas_add_envv"));
698 }
699 if (key != NULL)
700 sk = strlen(key) + 1;
701 if (val != NULL)
702 sv = strlen(val) + 1;
703
[34]704 if (!sl_ok_adds(sk, sv))
705 {
706 SL_RETURN (-1, _("sh_ext_tas_add_envv"));
707 }
[1]708 si = tas->envc;
709 tas->envv[si] = SH_ALLOC(sk + sv);
710
711 if (key != NULL)
712 {
713 (void) sl_strlcpy(tas->envv[si], key, sk+sv);
714 (void) sl_strlcat(tas->envv[si], "=", sk+sv);
715 if (val != NULL)
716 (void) sl_strlcat(tas->envv[si], val, sk+sv);
717 }
718 else
719 (void) sl_strlcpy(tas->envv[si], val, sv);
720
721 ++(tas->envc);
722 SL_RETURN ((tas->envc), _("sh_ext_tas_add_envv"));
723}
724
725int sh_ext_tas_rm_argv(sh_tas_t * tas)
726{
727 int last;
728
729 SL_ENTER(_("sh_ext_tas_rm_argv"));
730 if (tas == NULL || tas->argc == 0)
731 {
732 SL_RETURN (-1, _("sh_ext_tas_rm_argv"));
733 }
734
735 last = (tas->argc - 1);
736 --(tas->argc);
737 SH_FREE(tas->argv[last]);
738 tas->argv[last] = NULL;
739 SL_RETURN ((tas->argc), _("sh_ext_tas_rm_argv"));
740}
741
[22]742int sh_ext_tas_add_argv(sh_tas_t * tas, const char * val)
[1]743{
744 size_t sv = 0;
745 int si;
746
747 SL_ENTER(_("sh_ext_tas_add_argv"));
748
749 if (tas == NULL || val == NULL ||
750 tas->argc >= 30)
751 {
752 SL_RETURN (-1, _("sh_ext_tas_add_argv"));
753 }
754
755 if (val != NULL)
756 sv = strlen(val) + 1;
757
758 si = tas->argc;
759 tas->argv[si] = SH_ALLOC(sv);
760
761 (void) sl_strlcpy(tas->argv[si], val, sv);
762
763 ++(tas->argc);
764 SL_RETURN ((tas->argc), _("sh_ext_tas_add_argv"));
765}
766
[22]767void sh_ext_tas_command(sh_tas_t * tas, const char * command)
[1]768{
769 size_t len = sl_strlen(command);
770 tas->command = SH_ALLOC(len+1);
771 (void) sl_strlcpy(tas->command, command, len+1);
772 return;
773}
774
775void sh_ext_tas_free(sh_tas_t * tas)
776{
777 int i;
778 if (NULL != tas->command) SH_FREE(tas->command);
779
780 for (i = 0; i < 32; ++i)
781 {
782 if (NULL != tas->argv[i]) SH_FREE(tas->argv[i]);
783 if (NULL != tas->envv[i]) SH_FREE(tas->envv[i]);
784 }
785
786 if (tas->com_ti != (-1))
787 {
788 (void) sl_close(tas->com_ti);
789 tas->com_ti = -1;
790 tas->com_fd = -1;
791 }
792
793 return;
794}
795
[211]796/* Execute command, return first line of output
797 * ifconfig | grep -1 lo | tail -n 1 | sed s/.*inet addr:\([0-9.]*\)\(.*\)/\1/
798 */
799char * sh_ext_popen_str (char * command)
800{
801 sh_tas_t task;
802 struct sigaction new_act;
803 struct sigaction old_act;
804 char * out = NULL;
805 int status;
[1]806
[211]807 SL_ENTER(_("sh_ext_popen_str"));
808
809 sh_ext_tas_init(&task);
810
811 (void) sh_ext_tas_add_envv (&task, _("SHELL"),
812 _("/bin/sh"));
813 (void) sh_ext_tas_add_envv (&task, _("PATH"),
814 _("/sbin:/bin:/usr/sbin:/usr/bin:/usr/ucb"));
815 (void) sh_ext_tas_add_envv (&task, _("IFS"), " \n\t");
816 if (sh.timezone != NULL)
817 {
818 (void) sh_ext_tas_add_envv(&task, "TZ", sh.timezone);
819 }
820
821 sh_ext_tas_command(&task, _("/bin/sh"));
822
823 (void) sh_ext_tas_add_argv(&task, _("/bin/sh"));
824 (void) sh_ext_tas_add_argv(&task, _("-c"));
825 (void) sh_ext_tas_add_argv(&task, command);
826
827 task.rw = 'r';
828 task.fork_twice = S_FALSE;
829
830 status = sh_ext_popen(&task);
831
832 if (status != 0)
833 {
834 sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, status, MSG_E_SUBGEN,
835 _("Could not open pipe"), _("sh_ext_popen_str"));
836 SL_RETURN ((NULL), _("sh_ext_popen_str"));
837 }
838
839 /* ignore SIGPIPE (instead get EPIPE if connection is closed)
840 */
841 new_act.sa_handler = SIG_IGN;
842 (void) retry_sigaction (FIL__, __LINE__, SIGPIPE, &new_act, &old_act);
843
844 /* read from the open pipe
845 */
846 if (task.pipe != NULL)
847 {
848 int try = 1200; /* 1000 * 0.1 = 120 sec */
849 sh_string * s = sh_string_new(0);
850 do {
851 sh_string_read(s, task.pipe, 0);
852 if (sh_string_len(s) == 0)
853 {
854 --try; retry_msleep(0, 100);
855 }
856 } while (sh_string_len(s) == 0 && try != 0);
857
858 if (sh_string_len(s) == 0)
859 {
860 sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, status, MSG_E_SUBGEN,
861 _("No output from command"), _("sh_ext_popen_str"));
862 }
863
864 out = sh_util_strdup(sh_string_str(s));
865 sh_string_destroy(&s);
866 }
867
868 /* restore old signal handler
869 */
870 (void) retry_sigaction (FIL__, __LINE__, SIGPIPE, &old_act, NULL);
871
872 /* close pipe and return exit status
873 */
874 (void) sh_ext_pclose(&task);
875 sh_ext_tas_free (&task);
876 SL_RETURN ((out), _("sh_ext_popen_str"));
877}
878
879
880
881
[1]882/* --------------- EXTERN STUFF ------------------- */
883
884#if defined(WITH_EXTERNAL)
885
886typedef struct _sh_com_t
887{
888 char type[4];
889
[215]890 sh_filter_type * filter;
891
[1]892 time_t deadtime;
893 time_t last_run;
894
895 sh_tas_t tas;
896
897 struct _sh_com_t * next;
898
899} sh_com_t;
900
901
902static
903void set3 (char * pos, char c1, char c2, char c3)
904{
905 pos[0] = c1;
906 pos[1] = c2;
907 pos[2] = c3;
908 pos[3] = '\0';
909 return;
910}
911
912
913
914/* initialize the external command structure
915 */
916static
917sh_com_t * command_init(void)
918{
919 uid_t ff_euid;
920 sh_com_t * ext_com = NULL;
921
922 SL_ENTER(_("command_init"));
923
924 ext_com = (sh_com_t *) SH_ALLOC(sizeof(sh_com_t));
925
926 if (!ext_com)
927 {
[170]928 SL_RETURN( NULL, _("command_init"));
[1]929 }
930
931 sh_ext_tas_init (&(ext_com->tas));
932
933 (void) sl_get_euid(&ff_euid);
[169]934#if 0
[1]935 ext_com->tas.trusted_users[0] = (uid_t) 0;
936 ext_com->tas.trusted_users[1] = (uid_t) (ff_euid);
[169]937#endif
[1]938
939 /* ------------------------------------------------- */
940
941 set3(ext_com->type, 'l', 'o', 'g');
[215]942 ext_com->filter = NULL;
[1]943 ext_com->deadtime = 0;
944 ext_com->last_run = 0;
945
946 ext_com->next = NULL;
947
[170]948 SL_RETURN( ext_com, _("command_init"));
[1]949}
950
951/* the list of external commands
952 */
953static sh_com_t * ext_coms = NULL;
954
955/* if -1, allocation of last command has failed,
956 * thus don't fill in options
957 */
958static int ext_failed = -1;
959
960static
[22]961int sh_ext_add_envv(const char * key, const char * val)
[1]962{
[34]963 int retval;
964
[1]965 SL_ENTER(_("sh_ext_add_envv"));
966
967 if (ext_coms == NULL || ext_failed == (-1) ||
968 (key == NULL && val == NULL) ||
969 ext_coms->tas.envc >= 30)
970 {
971 SL_RETURN (-1, _("sh_ext_add_envv"));
972 }
973
[34]974 retval = sh_ext_tas_add_envv(&(ext_coms->tas), key, val);
[1]975
[34]976 if (retval >= 0)
977 retval = 0;
978
979 SL_RETURN (retval, _("sh_ext_add_envv"));
[1]980}
981
982
983
984static
[22]985int sh_ext_init(const char * command)
[1]986{
987 sh_com_t * retval;
988 size_t size;
989
990 SL_ENTER(_("sh_ext_init"));
991
992 if (command == NULL)
993 {
994 SL_RETURN (-1, _("sh_ext_init"));
995 }
996 size = strlen(command);
997 if (command[0] != '/' || size < 2)
998 {
999 SL_RETURN (-1, _("sh_ext_init"));
1000 }
1001
1002 if (NULL == (retval = command_init()))
1003 {
1004 SL_RETURN (-1, _("sh_ext_init"));
1005 }
1006
1007 sh_ext_tas_command(&(retval->tas), command);
1008
1009 if (sh.timezone != NULL)
1010 {
1011 (void) sh_ext_add_envv( "TZ", sh.timezone);
1012 }
1013
1014 retval->next = ext_coms;
1015 ext_coms = retval;
1016 SL_RETURN (0, _("sh_ext_init"));
1017}
1018
1019static
[22]1020int sh_ext_uid (const char * user, /*@out@*/uid_t * uid, /*@out@*/gid_t * gid)
[1]1021{
[131]1022 struct passwd * tempres;
1023#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
1024 struct passwd pwd;
[227]1025 char * buffer = SH_ALLOC(SH_PWBUF_SIZE);
[131]1026#endif
[1]1027
1028 SL_ENTER(_("sh_ext_uid"));
1029
1030 *uid = (uid_t)-1; *gid = (gid_t)-1;
1031
1032 if (user == NULL)
1033 {
[227]1034#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
1035 SH_FREE(buffer);
1036#endif
[1]1037 SL_RETURN (-1, _("sh_ext_uid"));
1038 }
[131]1039
1040#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
[227]1041 sh_getpwnam_r(user, &pwd, buffer, SH_PWBUF_SIZE, &tempres);
[131]1042#else
[1]1043 tempres = sh_getpwnam(user);
[131]1044#endif
[1]1045
1046 if (NULL != tempres)
1047 {
1048 *uid = tempres->pw_uid;
1049 *gid = tempres->pw_gid;
[227]1050#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
1051 SH_FREE(buffer);
1052#endif
[1]1053 SL_RETURN (0, _("sh_ext_uid"));
1054 }
1055
[227]1056#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
1057 SH_FREE(buffer);
1058#endif
[1]1059 SL_RETURN (-1, _("sh_ext_uid"));
1060}
1061
1062
1063static
[22]1064int sh_ext_add (const char * argstring, int * ntok, char * stok[])
[1]1065{
1066 int i = 0;
1067 size_t s;
1068 char * p;
[22]1069 char * new;
1070 size_t len;
[1]1071
1072 SL_ENTER(_("sh_ext_add"));
1073
1074 if (NULL == argstring)
1075 {
1076 SL_RETURN((-1), _("sh_ext_add"));
1077 }
1078
[22]1079 len = strlen(argstring) + 1;
1080 new = SH_ALLOC(len);
1081 sl_strlcpy(new, argstring, len);
1082
[1]1083 do
1084 {
[131]1085#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R)
1086 char * saveptr;
[1]1087 if (i == 0)
[131]1088 p = strtok_r (new, ", \t", &saveptr);
1089 else
1090 p = strtok_r (NULL, ", \t", &saveptr);
1091#else
1092 if (i == 0)
[22]1093 p = strtok (new, ", \t");
[1]1094 else
1095 p = strtok (NULL, ", \t");
[131]1096#endif
1097
[1]1098 if (p == NULL)
1099 break;
1100
1101 s = strlen(p) + 1;
1102 if (stok[i] != NULL)
1103 SH_FREE(stok[i]);
1104 stok[i] = SH_ALLOC(s);
1105 (void) sl_strlcpy(stok[i], p, s);
1106
1107 ++i;
1108 if (i == 30)
1109 break;
1110 }
1111 while (p != NULL);
1112
1113 *ntok = i;
[22]1114 SH_FREE(new);
[1]1115
1116 SL_RETURN (0, _("sh_ext_add"));
1117}
1118
1119/*********************************************************
1120 *
1121 * Public functions
1122 *
1123 *
1124 *********************************************************/
1125
1126/*
1127 * -- start a new external command, and add it to the list
1128 */
[22]1129int sh_ext_setcommand(const char * cmd)
[1]1130{
1131 int i;
1132
1133 SL_ENTER(_("sh_ext_setcommand"));
1134 if ( (i = sh_ext_init(cmd)) < 0)
1135 ext_failed = -1;
1136 else
1137 ext_failed = 0;
1138 SL_RETURN( i, _("sh_ext_setcommand"));
1139}
1140
1141
1142/*
1143 * -- clean up the command list
1144 */
1145int sh_ext_cleanup(void)
1146{
1147 sh_com_t * retval;
1148
1149 SL_ENTER(_("sh_ext_cleanup"));
1150
1151 while (ext_coms != NULL)
1152 {
1153 retval = ext_coms;
1154 ext_coms = retval->next;
1155
1156 sh_ext_tas_free (&(retval->tas));
1157
[215]1158 if (retval->filter)
1159 sh_filter_free (retval->filter);
[1]1160
1161 SH_FREE(retval);
1162
1163 }
1164
1165 SL_RETURN (0, _("sh_ext_cleanup"));
1166}
1167
1168/*
[164]1169 * -- explicitely close a command
1170 */
1171int sh_ext_close_command (const char * str)
1172{
1173 (void) str;
1174 if (ext_coms == NULL || ext_failed == (-1))
1175 return (-1);
1176 ext_failed = (-1);
1177 return 0;
1178}
1179
1180/*
[1]1181 * -- add keywords to the OR filter
1182 */
[22]1183int sh_ext_add_or (const char * str)
[1]1184{
1185 if (ext_coms == NULL || ext_failed == (-1))
1186 return (-1);
[215]1187 if (ext_coms->filter == NULL)
1188 ext_coms->filter = sh_filter_alloc();
1189 return (sh_filter_add(str, ext_coms->filter, SH_FILT_OR));
[1]1190}
1191
1192/*
1193 * -- add keywords to the AND filter
1194 */
[22]1195int sh_ext_add_and (const char * str)
[1]1196{
1197 if (ext_coms == NULL || ext_failed == (-1))
1198 return (-1);
[215]1199 if (ext_coms->filter == NULL)
1200 ext_coms->filter = sh_filter_alloc();
1201 return (sh_filter_add(str, ext_coms->filter, SH_FILT_AND));
[1]1202}
1203
1204/*
1205 * -- add keywords to the NOT filter
1206 */
[22]1207int sh_ext_add_not (const char * str)
[1]1208{
1209 if (ext_coms == NULL || ext_failed == (-1))
1210 return (-1);
[215]1211 if (ext_coms->filter == NULL)
1212 ext_coms->filter = sh_filter_alloc();
1213 return (sh_filter_add(str, ext_coms->filter, SH_FILT_NOT));
[1]1214}
1215
1216/*
1217 * -- add keywords to the CL argument list
1218 */
[22]1219int sh_ext_add_argv (const char * str)
[1]1220{
1221 if (ext_coms == NULL || ext_failed == (-1))
1222 return (-1);
1223 return (sh_ext_add (str, &(ext_coms->tas.argc), ext_coms->tas.argv));
1224}
1225
1226/*
1227 * -- add a path to the environment
1228 */
[22]1229int sh_ext_add_default (const char * dummy)
[1]1230{
[22]1231 char * p = NULL;
[1]1232 int i;
[132]1233 char dir[SH_PATHBUF];
[1]1234
1235 SL_ENTER(_("sh_ext_add_default"));
1236 if (dummy[0] == 'n' || dummy[0] == 'N' ||
1237 dummy[0] == 'f' || dummy[0] == 'F' || dummy[0] == '0')
1238 {
1239 SL_RETURN(0, _("sh_ext_add_default"));
1240 }
[132]1241 p = sh_unix_getUIDdir (SH_ERR_ERR, (uid_t) ext_coms->tas.run_user_uid,
1242 dir, sizeof(dir));
[1]1243 if (p)
1244 (void) sh_ext_add_envv (_("HOME"), p);
1245 (void) sh_ext_add_envv (_("SHELL"), _("/bin/sh"));
[211]1246 (void) sh_ext_add_envv (_("PATH"), _("/sbin:/bin:/usr/sbin:/usr/bin"));
1247 (void) sh_ext_add_envv (_("IFS"), " \n\t");
[1]1248 i = (p == NULL ? (-1) : 0);
1249 SL_RETURN(i, _("sh_ext_add_default"));
1250}
1251
1252/*
1253 * -- add an environment variable
1254 */
[22]1255int sh_ext_add_environ (const char * str)
[1]1256{
1257 int i;
[49]1258
[1]1259 SL_ENTER(_("sh_ext_add_environ"));
1260 i = sh_ext_add_envv (NULL, str);
1261 SL_RETURN(i, _("sh_ext_add_environ"));
1262}
1263
1264/*
1265 * -- set deadtime
1266 */
[22]1267int sh_ext_deadtime (const char * str)
[1]1268{
1269 long deadtime = 0;
1270 char * tail = NULL;
1271
1272 SL_ENTER(_("sh_ext_deadtime"));
1273
1274 if (ext_coms == NULL || ext_failed == (-1) || str == NULL)
1275 {
[170]1276 SL_RETURN (-1, _("sh_ext_deadtime"));
[1]1277 }
1278 deadtime = strtol(str, &tail, 10);
1279 if (tail == str || deadtime < 0 || deadtime == LONG_MAX)
1280 {
[170]1281 SL_RETURN (-1, _("sh_ext_deadtime"));
[1]1282 }
1283
1284 ext_coms->deadtime = (time_t) deadtime;
[170]1285 SL_RETURN (0, _("sh_ext_deadtime"));
[1]1286}
1287
1288/*
1289 * -- define type
1290 */
[22]1291int sh_ext_type (const char * str)
[1]1292{
1293 SL_ENTER(_("sh_ext_type"));
1294
1295 if (ext_coms == NULL || ext_failed == (-1) || str == NULL)
1296 {
1297 SL_RETURN((-1), _("sh_ext_type"));
1298 }
1299
1300 if (strlen(str) != 3)
1301 {
1302 SL_RETURN((-1), _("sh_ext_type"));
1303 }
1304
1305 set3(ext_coms->type, str[0], str[1], str[2]);
1306
1307 if (str[0] == 'l' && str[1] == 'o' && str[2] == 'g')
1308 ext_coms->tas.rw = 'w';
1309 else if (str[0] == 's' && str[1] == 'r' && str[2] == 'v')
1310 ext_coms->tas.rw = 'w';
1311 else if (str[0] == 'm' && str[1] == 'o' && str[2] == 'n')
1312 ext_coms->tas.rw = 'r';
1313 else
1314 {
1315 SL_RETURN((-1), _("sh_ext_type"));
1316 }
1317
1318 SL_RETURN(0, _("sh_ext_type"));
1319}
1320
1321
1322
1323/*
1324 * -- define checksum
1325 */
[22]1326int sh_ext_checksum (const char * str)
[1]1327{
1328 SL_ENTER(_("sh_ext_checksum"));
1329 if (ext_coms == NULL || ext_failed == (-1) || str == NULL)
1330 {
1331 SL_RETURN((-1), _("sh_ext_checksum"));
1332 }
1333
1334 if (sl_strlen(str) != KEY_LEN)
1335 {
1336 SL_RETURN((-1), _("sh_ext_checksum"));
1337 }
1338
1339 (void) sl_strlcpy (ext_coms->tas.checksum, str, KEY_LEN+1);
1340
1341 SL_RETURN((0), _("sh_ext_checksum"));
1342}
1343
1344/*
1345 * -- choose privileges
1346 */
[22]1347int sh_ext_priv (const char * c)
[1]1348{
1349
1350 uid_t me_uid;
1351 gid_t me_gid;
1352
1353 SL_ENTER(_("sh_ext_priv"));
1354 if (0 == sh_ext_uid (c, &me_uid, &me_gid))
1355 {
1356 ext_coms->tas.run_user_uid = me_uid;
1357 ext_coms->tas.run_user_gid = me_gid;
1358 if (me_uid != (uid_t) 0)
1359 ext_coms->tas.privileged = 0;
1360 SL_RETURN((0), _("sh_ext_priv"));
1361 }
1362
1363 SL_RETURN (-1, _("sh_ext_priv"));
1364}
1365
1366
1367
1368
1369/*
1370 * -- check filters
1371 */
1372static int sh_ext_filter (char * message, sh_com_t * task)
1373{
1374 time_t now_time;
1375
1376 SL_ENTER(_("sh_ext_filter"));
1377
[215]1378 if (task->filter)
[1]1379 {
[215]1380 if (0 != sh_filter_filter (message, task->filter))
[1]1381 {
[215]1382 SL_RETURN ((-1), _("sh_ext_filter"));
[1]1383 }
1384 }
1385
[215]1386 /* Filter passed, check deadtime */
[1]1387
[215]1388 if (task->deadtime != (time_t) 0)
[1]1389 {
1390 now_time = time (NULL);
1391
1392 if (task->last_run == (time_t) 0)
1393 {
1394 task->last_run = now_time;
1395 }
1396 else if ((time_t)(now_time-task->last_run) < task->deadtime)
1397 {
1398 SL_RETURN ((-1), _("sh_ext_filter"));
1399 }
1400 else
1401 {
1402 task->last_run = now_time;
1403 }
1404 }
1405
1406 SL_RETURN ((0), _("sh_ext_filter"));
1407}
1408
1409
1410
1411/*
1412 * -- execute external script/program
1413 */
1414int sh_ext_execute (char t1, char t2, char t3, /*@null@*/char * message,
1415 size_t msg_siz)
1416{
1417 int caperr;
1418 sh_com_t * listval = ext_coms;
1419 int status = 0;
1420 char * tmp;
[132]1421 char errbuf[SH_ERRBUF_SIZE];
[1]1422
1423 static int some_error = 0;
1424
1425 struct sigaction new_act;
1426 struct sigaction old_act;
1427
1428 SL_ENTER(_("sh_ext_execute"));
1429
1430 PDBG_OPEN;
1431
1432 if (listval == NULL || message == NULL)
1433 {
1434 SL_RETURN ((-1), _("sh_ext_execute"));
1435 }
1436
1437 PDBG(-1);
1438
1439 if (msg_siz == 0)
1440 msg_siz = sl_strlen(message);
1441
1442
1443 /* ignore SIGPIPE (instead get EPIPE if connection is closed)
1444 */
1445 new_act.sa_handler = SIG_IGN;
1446 (void) retry_sigaction (FIL__, __LINE__, SIGPIPE, &new_act, &old_act);
1447
1448 while (listval != NULL)
1449 {
[212]1450 PDBG_OPEN;
[1]1451 PDBG(-2);
1452 if (t1 == listval->type[0] &&
1453 t2 == listval->type[1] &&
1454 t3 == listval->type[2] &&
1455 0 == sh_ext_filter (message, listval))
1456 {
1457 PDBG(-3);
1458
1459 if (0 != (caperr = sl_get_cap_sub()))
1460 {
1461 sh_error_handle((-1), FIL__, __LINE__, caperr, MSG_E_SUBGEN,
[132]1462 sh_error_message (caperr, errbuf, sizeof(errbuf)),
[1]1463 _("sl_get_cap_sub"));
1464 }
1465 if (0 == sh_ext_popen (&(listval->tas)))
1466 {
1467 PDBG_OPEN;
1468 PDBG(-4);
1469 if (NULL != listval->tas.pipe && listval->tas.rw == 'w')
1470 {
1471 PDBG(-5);
1472 if (message != NULL)
1473 {
1474 PDBG(-6);
1475 status = (int) write (listval->tas.pipeFD,
1476 message, msg_siz);
1477 if (status >= 0)
1478 status = (int) write (listval->tas.pipeFD, "\n", 1);
1479 }
1480 PDBG_D(status);
1481 if (status >= 0)
1482 status = (int) write (listval->tas.pipeFD, "[", 1);
1483 PDBG_D(status);
1484 if (status >= 0)
1485 status = (int) write (listval->tas.pipeFD, "E", 1);
1486 PDBG_D(status);
1487 if (status >= 0)
1488 status = (int) write (listval->tas.pipeFD, "O", 1);
1489 PDBG_D(status);
1490 if (status >= 0)
1491 status = (int) write (listval->tas.pipeFD, "F", 1);
1492 PDBG_D(status);
1493 if (status >= 0)
1494 status = (int) write (listval->tas.pipeFD, "]", 1);
1495 PDBG_D(status);
1496 if (status >= 0)
1497 status = (int) write (listval->tas.pipeFD, "\n", 1);
1498 PDBG_D(status);
1499 if (status >= 0)
1500 {
1501 some_error = 0;
1502 }
1503 if ((status < 0) && (some_error == 0))
1504 {
1505 some_error = 1;
1506 PDBG_S("some error");
1507 PDBG_D(status);
1508 tmp = sh_util_safe_name (listval->tas.command);
1509
1510 if (tmp)
1511 {
1512 if (listval->tas.privileged == 0 &&
1513 (0 == getuid() || 0 != sl_is_suid()) )
1514 sh_error_handle((-1), FIL__, __LINE__, 0,
1515 MSG_NOEXEC,
1516 (UID_CAST) listval->tas.run_user_uid,
1517 tmp);
1518 else
1519 sh_error_handle((-1), FIL__, __LINE__, 0,
1520 MSG_NOEXEC,
1521 (UID_CAST) getuid(), tmp);
1522
1523 SH_FREE(tmp);
1524 }
1525
1526 }
1527 PDBG(-7);
1528 (void) fflush(listval->tas.pipe);
1529 }
1530 PDBG(-8);
1531 (void) sh_ext_pclose(&(listval->tas));
1532 }
1533 else
1534 {
1535 PDBG_OPEN;
1536 PDBG_S("0 != sh_ext_popen()");
1537 }
1538 if (0 != (caperr = sl_drop_cap_sub()))
1539 {
1540 sh_error_handle((-1), FIL__, __LINE__, caperr, MSG_E_SUBGEN,
[132]1541 sh_error_message (caperr, errbuf, sizeof(errbuf)),
[1]1542 _("sl_drop_cap_sub"));
1543 }
1544
1545 }
1546 listval = listval->next;
1547 }
1548 PDBG_OPEN;
1549 PDBG_S("no more commands");
1550
1551 /* restore old signal handler
1552 */
1553 (void) retry_sigaction (FIL__, __LINE__, SIGPIPE, &old_act, NULL);
1554 PDBG_S("return");
1555 PDBG_CLOSE;
1556
1557 SL_RETURN ((0), _("sh_ext_execute"));
1558}
1559
1560
1561/* #if defined(WITH_EXTERNAL) */
1562#endif
Note: See TracBrowser for help on using the repository browser.