source: trunk/src/sh_extern.c@ 289

Last change on this file since 289 was 289, checked in by katerina, 14 years ago

Fix for ticket #212 (warning on NULL argv in execve)
File size: 35.2 KB
Line 
1/* SAMHAIN file system integrity testing */
2/* Copyright (C) 2000,2004 Rainer Wichmann */
3/* */
4/* This program is free software; you can redistribute it */
5/* and/or modify */
6/* it under the terms of the GNU General Public License as */
7/* published by */
8/* the Free Software Foundation; either version 2 of the License, or */
9/* (at your option) any later version. */
10/* */
11/* This program is distributed in the hope that it will be useful, */
12/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
13/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
14/* GNU General Public License for more details. */
15/* */
16/* You should have received a copy of the GNU General Public License */
17/* along with this program; if not, write to the Free Software */
18/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20
21#include "config_xor.h"
22
23
24#include <stdio.h>
25#include <string.h>
26#ifdef HAVE_MEMORY_H
27#include <memory.h>
28#endif
29
30/* replace #if 0 by #if 1 and set an appropriate path in front of '/pdbg.'
31 * for debugging
32 */
33#if 0
34#define PDGBFILE "/pdbg."
35#endif
36
37
38#if defined(PDGBFILE)
39static FILE * pdbg = NULL;
40static FILE * pdbgc = NULL;
41#define PDBG_OPEN if (pdbg == NULL) pdbg = fopen(PDGBFILE"main", "a")
42#define PDBG_CLOSE sl_fclose (FIL__, __LINE__, pdbg); pdbg = NULL
43#define PDBG(arg) fprintf(pdbg, "PDBG: step %d\n", arg); fflush(pdbg)
44#define PDBG_D(arg) fprintf(pdbg, "PDBG: %d\n", arg); fflush(pdbg)
45#define PDBG_S(arg) fprintf(pdbg, "PDBG: %s\n", arg); fflush(pdbg)
46
47#define PDBGC_OPEN if (pdbgc == NULL) pdbgc = fopen(PDGBFILE"child", "a")
48#define PDBGC_CLOSE sl_fclose (FIL__, __LINE__, pdbgc); pdbgc = NULL
49#define PDBGC(arg) fprintf(pdbgc, "PDBGC: step %d\n", arg); fflush(pdbgc)
50#define PDBGC_D(arg) fprintf(pdbgc, "PDBGC: %d\n", arg); fflush(pdbgc)
51#define PDBGC_S(arg) fprintf(pdbgc, "PDBGC: %s\n", arg); fflush(pdbgc)
52#else
53#define PDBG_OPEN
54#define PDBG_CLOSE
55#define PDBG(arg)
56#define PDBG_D(arg)
57#define PDBG_S(arg)
58#define PDBGC_OPEN
59#define PDBGC_CLOSE
60#define PDBGC(arg)
61#define PDBGC_D(arg)
62#define PDBGC_S(arg)
63#endif
64
65
66#include <stdlib.h>
67#include <pwd.h>
68#include <unistd.h>
69#include <fcntl.h>
70#include <signal.h>
71#include <sys/stat.h>
72#include <sys/types.h>
73#include <errno.h>
74#include <sys/wait.h>
75
76#if TIME_WITH_SYS_TIME
77#include <sys/time.h>
78#include <time.h>
79#else
80#if HAVE_SYS_TIME_H
81#include <sys/time.h>
82#else
83#include <time.h>
84#endif
85#endif
86
87
88#include "samhain.h"
89#include "sh_utils.h"
90#include "sh_unix.h"
91#include "sh_tiger.h"
92#include "sh_extern.h"
93#include "sh_calls.h"
94#include "sh_filter.h"
95#define SH_NEED_PWD_GRP 1
96#include "sh_static.h"
97
98
99#undef FIL__
100#define FIL__ _("sh_extern.c")
101
102extern int get_the_fd (SL_TICKET ticket);
103
104/*
105 * -- generic safe popen
106 */
107
108int sh_ext_popen (sh_tas_t * task)
109{
110 long status = 0;
111 int flags;
112 char * tmp;
113 char * tmp2;
114 int errnum;
115 int pipedes[2];
116 FILE * outf = NULL;
117 char * envp[1];
118 char * argp[2];
119
120 char * errfile;
121 char errbuf[SH_ERRBUF_SIZE];
122
123 static int some_error = 0;
124
125#if defined (__linux__)
126 SL_TICKET fd = -1;
127 char pname[128];
128 int pfd = -1;
129#endif
130
131 SL_ENTER(_("sh_ext_popen"));
132
133 /* Linux, HP-UX and FreeBSD will happily accept envp = argp = NULL
134 * (newer Linuxes (gcc 4.4.4) warn on argp == NULL, but accept it,
135 * as reported by T. Luettgert)
136 * Solaris (and probably some other Unices)
137 * needs a valid *envp[] with envp[0] = NULL;
138 * and similarly for argp
139 * OpenBSD finally needs non-null argp[0] ...
140 */
141 argp[0] = task->command;
142 argp[1] = NULL;
143 envp[0] = NULL;
144
145 /*
146 * -- check whether path is trustworthy
147 */
148 status = sl_trustfile(task->command, NULL, NULL);
149#if 0
150 if ((uid_t) -1 != task->trusted_users[0])
151 {
152 status = sl_trustfile(task->command, task->trusted_users, NULL);
153 }
154#endif
155
156 PDBG_OPEN;
157 PDBG_D( (int) status);
158
159 if ( SL_ENONE != status)
160 {
161 PDBG_S("SL_ENONE != status");
162 if (some_error == 0)
163 {
164 tmp = sh_util_safe_name (task->command);
165 errfile = sl_trust_errfile();
166 if (errfile[0] != '\0')
167 {
168 tmp2 = sh_util_safe_name (sl_trust_errfile());
169 sh_error_handle((-1), FIL__, __LINE__, status, MSG_E_TRUST2,
170 sl_error_string((int)status), tmp, tmp2);
171 SH_FREE(tmp2);
172 }
173 else
174 {
175 sh_error_handle((-1), FIL__, __LINE__, status, MSG_E_TRUST1,
176 sl_error_string((int)status), tmp);
177 }
178 SH_FREE(tmp);
179 }
180 some_error = 1;
181 SL_RETURN ((-1), _("sh_ext_popen"));
182 }
183
184 PDBG(1);
185
186 /*
187 * -- check whether the checksum is correct; with linux emulate fdexec
188 */
189#if ( !defined(__linux__) || ( defined(__linux__) && defined(HAVE_PTHREAD)) ) && !defined(SL_DEBUG)
190 if (task->checksum[0] != '\0')
191 {
192 char hashbuf[KEYBUF_SIZE];
193 PDBG_S("checksum test");
194 if (0 != sl_strcmp(task->checksum,
195 sh_tiger_hash (task->command, TIGER_FILE, TIGER_NOLIM,
196 hashbuf, sizeof(hashbuf))
197 )
198 )
199 {
200 PDBG_S("checksum mismatch");
201 if (some_error == 0)
202 {
203 tmp = sh_util_safe_name (task->command);
204 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_HASH, tmp);
205 SH_FREE(tmp);
206 }
207 some_error = 1;
208 SL_RETURN ((-1), _("sh_ext_popen"));
209 }
210 }
211#endif
212
213 some_error = 0;
214
215 PDBG(2);
216
217 /*
218 * -- Create the pipe
219 */
220 if (aud_pipe(FIL__, __LINE__, pipedes) < 0)
221 {
222 PDBG_S("pipe() failure");
223 errnum = errno;
224 sh_error_handle((-1), FIL__, __LINE__, errnum, MSG_E_SUBGEN,
225 sh_error_message(errnum, errbuf, sizeof(errbuf)), _("pipe"));
226 SL_RETURN ((-1), _("sh_ext_popen"));
227 }
228
229 PDBG(3);
230
231 /*
232 * -- Flush streams and fork
233 */
234 fflush (NULL);
235
236 task->pid = aud_fork(FIL__, __LINE__);
237
238 if (task->pid == (pid_t) - 1)
239 {
240 PDBG_S("fork() failure");
241 /*@-usedef@*/
242 (void) sl_close_fd(FIL__, __LINE__, pipedes[0]);
243 (void) sl_close_fd(FIL__, __LINE__, pipedes[1]);
244 /*@+usedef@*/
245 errnum = errno;
246 sh_error_handle((-1), FIL__, __LINE__, errnum, MSG_E_SUBGEN,
247 sh_error_message(errnum, errbuf, sizeof(errbuf)), _("fork"));
248 SL_RETURN ((-1), _("sh_ext_popen"));
249 }
250
251 PDBG(4);
252
253 if (task->pid == (pid_t) 0)
254 {
255 /*
256 * -- fork again, if requested
257 */
258 if (S_TRUE == task->fork_twice)
259 {
260 task->pid = fork();
261
262 if (task->pid == (pid_t) - 1)
263 {
264 _exit (EXIT_FAILURE);
265 }
266 }
267
268 if (task->pid == (pid_t) 0)
269 {
270 int val_return;
271
272 PDBGC_OPEN;
273 PDBGC(1);
274
275 /*
276 * -- grandchild - make write side of the pipe stdin
277 */
278 if (task->rw == 'w')
279 {
280 do {
281 val_return = dup2 (pipedes[STDIN_FILENO], STDIN_FILENO);
282 } while (val_return < 0 && errno == EINTR);
283
284 if (val_return < 0)
285 _exit(EXIT_FAILURE);
286 }
287 else
288 {
289 do {
290 val_return = dup2 (pipedes[STDOUT_FILENO], STDOUT_FILENO);
291 } while (val_return < 0 && errno == EINTR);
292
293 if (val_return < 0)
294 _exit(EXIT_FAILURE);
295 }
296 PDBGC(2);
297
298
299 /* close the pipe descriptors
300 */
301 (void) sl_close_fd (FIL__, __LINE__, pipedes[STDIN_FILENO]);
302 (void) sl_close_fd (FIL__, __LINE__, pipedes[STDOUT_FILENO]);
303
304 /* don't leak file descriptors
305 */
306#if !defined(PDGBFILE)
307 sh_unix_closeall (3, task->com_fd, SL_TRUE); /* in child process */
308#endif
309
310 /* drop root privileges, if possible && requested
311 */
312 if (task->privileged == 0 && 0 == getuid())
313 {
314 PDBGC_S("privileged");
315
316 /* zero priv info
317 */
318 memset(skey, 0, sizeof(sh_key_t));
319
320 (void) setgid((gid_t) task->run_user_gid);
321 (void) setuid((uid_t) task->run_user_uid);
322 /* make sure we cannot get root again
323 */
324 if (setuid(0) >= 0)
325 _exit(EXIT_FAILURE);
326 }
327
328 PDBGC(3);
329 (void) fflush(NULL);
330
331 if (task->rw == 'w')
332 {
333 PDBGC_S("w");
334 (void) fcntl (STDOUT_FILENO, F_SETFD, FD_CLOEXEC);
335 (void) fcntl (STDERR_FILENO, F_SETFD, FD_CLOEXEC);
336 /*
337 freopen(_("/dev/null"), "r+", stderr);
338 freopen(_("/dev/null"), "r+", stdout);
339 */
340 }
341 else
342 {
343 PDBGC_S("r");
344 do {
345 val_return = dup2 (STDOUT_FILENO, STDERR_FILENO);
346 } while (val_return < 0 && errno == EINTR);
347
348 (void) fcntl (STDIN_FILENO, F_SETFD, FD_CLOEXEC);
349 /*
350 freopen(_("/dev/null"), "r+", stdin);
351 */
352 }
353
354 PDBGC(4);
355
356
357#if defined(__linux__)
358 /*
359 * -- emulate an fdexec with checksum testing
360 */
361
362#if !defined(HAVE_PTHREAD)
363 if (task->checksum[0] != '\0')
364#endif
365 {
366 PDBGC_S("fexecve");
367 if (task->com_fd != (-1))
368 {
369 do {
370 val_return = dup (task->com_fd);
371 } while (val_return < 0 && errno == EINTR);
372 pfd = val_return;
373 if (pfd < 0)
374 {
375 PDBGC_S("fexecve: dup failed");
376 _exit(EXIT_FAILURE);
377 }
378 }
379#if !defined(HAVE_PTHREAD)
380 else
381 {
382 char hashbuf[KEYBUF_SIZE];
383
384 fd =
385 sl_open_read(FIL__, __LINE__, task->command,
386 task->privileged==0 ? SL_NOPRIV : SL_YESPRIV);
387
388 if (0 != sl_strcmp(task->checksum,
389 sh_tiger_hash (task->command,
390 fd, TIGER_NOLIM, hashbuf, sizeof(hashbuf))))
391 {
392 PDBGC_S("fexecve: checksum mismatch");
393 sl_close(fd);
394 _exit(EXIT_FAILURE);
395 }
396
397 pfd = get_the_fd(fd);
398
399 do {
400 val_return = dup (pfd);
401 } while (val_return < 0 && errno == EINTR);
402 pfd = val_return;
403
404 sl_close(fd);
405 fd = -1;
406
407 if (pfd < 0)
408 {
409 PDBGC_S("fexecve: dup (2) failed");
410 _exit(EXIT_FAILURE);
411 }
412 }
413#endif
414
415 PDBGC(5);
416 sl_snprintf(pname, sizeof(pname), _("/proc/self/fd/%d"), pfd);
417 if (access(pname, R_OK|X_OK) == 0) /* flawfinder: ignore */
418 {
419 PDBGC(6);
420 PDBGC_CLOSE;
421 fcntl (pfd, F_SETFD, FD_CLOEXEC);
422 do {
423 val_return = execve (pname,
424 (task->argc == 0) ? argp : task->argv,
425 (task->envc == 0) ? NULL : task->envv
426 );
427 } while (val_return < 0 && errno == EINTR);
428
429 errnum = errno;
430 PDBGC_OPEN;
431 PDBGC_S(strerror(errnum));
432 PDBGC_S(task->command);
433 PDBGC_S("fexecve: failed");
434 PDBGC_CLOSE;
435 /* failed
436 */
437 _exit(EXIT_FAILURE);
438 }
439 PDBGC_S("fexecve: not working");
440 /*
441 * procfs not working, go ahead; checksum is tested already
442 */
443 if (fd != -1)
444 sl_close(fd);
445 else if (pfd != -1)
446 sl_close_fd(FIL__, __LINE__, pfd);
447 }
448#endif
449
450 PDBGC_S(" -- non fexecve --");
451 /*
452 * -- execute path if executable
453 */
454 if (0 == access(task->command, R_OK|X_OK)) /* flawfinder: ignore */
455 {
456 PDBGC(5);
457 PDBGC_CLOSE;
458 do {
459 val_return = execve (task->command,
460 (task->argc == 0) ? argp : task->argv,
461 (task->envc == 0) ? envp : task->envv
462 );
463 } while (val_return < 0 && errno == EINTR);
464 }
465 errnum = errno;
466 PDBGC_OPEN;
467 PDBGC_S(strerror(errnum));
468 PDBGC_S(task->command);
469 PDBGC_S("execve: failed");
470 PDBGC_CLOSE;
471 /* failed
472 */
473 _exit(EXIT_FAILURE);
474 }
475 /*
476 * if we have forked twice, this is parent::detached_subprocess
477 */
478 if (S_TRUE == task->fork_twice)
479 {
480 _exit (0);
481 }
482 }
483
484
485 /*
486 * -- parent; task->pid is child pid; exit status is status of
487 * grandchild if exited
488 */
489 if (S_TRUE == task->fork_twice)
490 {
491 (void) waitpid (task->pid, NULL, 0);
492 }
493
494 PDBG(5);
495 /* open an output stream on top of the write side of the pipe
496 */
497 if (task->rw == 'w')
498 {
499 PDBG_S("is w");
500 (void) sl_close_fd (FIL__, __LINE__, pipedes[STDIN_FILENO]);
501 (void) retry_fcntl (FIL__, __LINE__, pipedes[STDOUT_FILENO],
502 F_SETFD, FD_CLOEXEC);
503 outf = fdopen (pipedes[STDOUT_FILENO], "w");
504 }
505 else
506 {
507 PDBG_S("is r");
508 (void) sl_close_fd (FIL__, __LINE__, pipedes[STDOUT_FILENO]);
509 (void) retry_fcntl (FIL__, __LINE__, pipedes[STDIN_FILENO],
510 F_SETFD, FD_CLOEXEC);
511 outf = fdopen (pipedes[STDIN_FILENO], "r");
512 }
513
514 if (outf == NULL)
515 {
516 errnum = errno;
517 PDBG_S("outf == NULL");
518 tmp = sh_util_safe_name (task->command);
519
520 if (task->privileged == 0 && 0 == getuid())
521 sh_error_handle((-1), FIL__, __LINE__, errnum, MSG_NOEXEC,
522 (UID_CAST) task->run_user_uid, tmp);
523 else
524 sh_error_handle((-1), FIL__, __LINE__, errnum, MSG_NOEXEC,
525 (UID_CAST) getuid(), tmp);
526
527 SH_FREE(tmp);
528
529 (void) aud_kill (FIL__, __LINE__, task->pid, SIGKILL);
530 (void) sl_close_fd (FIL__, __LINE__, pipedes[STDOUT_FILENO]);
531 (void) sl_close_fd (FIL__, __LINE__, pipedes[STDIN_FILENO]);
532 (void) waitpid (task->pid, NULL, 0);
533 task->pid = 0;
534
535 SL_RETURN ((-1), _("sh_ext_popen"));
536 }
537
538 if (task->rw == 'w')
539 task->pipeFD = pipedes[STDOUT_FILENO];
540 else
541 task->pipeFD = pipedes[STDIN_FILENO];
542
543 PDBG_D(task->pipeFD);
544
545 task->pipeTI = sl_make_ticket(FIL__, __LINE__, task->pipeFD, _("pipe"), outf);
546
547 flags = (int) retry_fcntl (FIL__, __LINE__, task->pipeFD, F_GETFL, 0);
548 if (flags != (-1))
549 (void) retry_fcntl (FIL__, __LINE__, task->pipeFD,
550 F_SETFL, flags|O_NONBLOCK);
551 task->pipe = outf;
552
553 PDBG_S("return from popen");
554 PDBG_CLOSE;
555
556 SL_RETURN (0, _("sh_ext_popen"));
557}
558
559/*
560 * -- close the pipe
561 */
562extern int flag_err_debug;
563
564int sh_ext_pclose (sh_tas_t * task)
565{
566 int status = 0;
567 int retry = 0;
568 pid_t retval;
569 char infomsg[256];
570
571 SL_ENTER(_("sh_ext_pclose"));
572
573 PDBG_OPEN;
574 PDBG_S(" -> pclose");
575 (void) fflush(task->pipe);
576 if (!SL_ISERROR(task->pipeTI))
577 (void) sl_close(task->pipeTI);
578
579 task->pipe = NULL;
580 task->pipeFD = (-1);
581 task->pipeTI = SL_ETICKET;
582
583 if (S_FALSE == task->fork_twice)
584 {
585 infomsg[0] = '\0';
586
587 nochmal:
588 retval = waitpid(task->pid, &(task->exit_status), WNOHANG|WUNTRACED);
589 /*@-bufferoverflowhigh@*/
590 if (task->pid == retval)
591 {
592#ifndef USE_UNO
593 if (WIFEXITED(task->exit_status) != 0)
594 {
595 task->exit_status = WEXITSTATUS(task->exit_status);
596 if ((flag_err_debug == SL_TRUE) || (task->exit_status != 0))
597 sl_snprintf(infomsg, sizeof(infomsg),
598 _("Subprocess exited normally with status %d"),
599 task->exit_status);
600 }
601 else if (WIFSIGNALED(task->exit_status) != 0)
602 {
603 sl_snprintf(infomsg, sizeof(infomsg),
604 _("Subprocess terminated by signal %d"),
605 WTERMSIG(task->exit_status));
606 task->exit_status = EXIT_FAILURE;
607 }
608 else if (WIFSTOPPED(task->exit_status) != 0)
609 {
610 sl_snprintf(infomsg, sizeof(infomsg),
611 _("Subprocess stopped by signal %d, killing"),
612 WSTOPSIG(task->exit_status));
613 task->exit_status = EXIT_FAILURE;
614 (void) aud_kill (FIL__, __LINE__, task->pid, 9);
615 (void) retry_msleep (0, 30);
616 (void) waitpid (task->pid, NULL, WNOHANG|WUNTRACED);
617 }
618 else
619 {
620 sl_snprintf(infomsg, sizeof(infomsg),
621 _("Subprocess exit status unknown"));
622 task->exit_status = EXIT_FAILURE;
623 }
624#else
625 task->exit_status = EXIT_FAILURE;
626#endif
627 }
628 else if (0 == retval)
629 {
630 if (retry < 3)
631 {
632 ++retry;
633 (void) retry_msleep(0, (retry * 30));
634 goto nochmal;
635 }
636 (void) aud_kill (FIL__, __LINE__, task->pid, 9);
637 sl_snprintf(infomsg, sizeof(infomsg),
638 _("Subprocess not yet exited, killing"));
639 task->exit_status = EXIT_FAILURE;
640 (void) waitpid (task->pid, NULL, 0);
641 }
642 else
643 {
644 sl_snprintf(infomsg, sizeof(infomsg),
645 _("Waitpid returned error %d\n"), errno);
646 task->exit_status = EXIT_FAILURE;
647 }
648 /*@+bufferoverflowhigh@*/
649 status = task->exit_status;
650 if (flag_err_debug == SL_TRUE)
651 {
652 sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, task->exit_status,
653 MSG_E_SUBGEN, infomsg, _("sh_ext_pclose"));
654 }
655 else if (status != 0)
656 {
657 sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, task->exit_status,
658 MSG_E_SUBGEN, infomsg, _("sh_ext_pclose"));
659 }
660 }
661
662 task->pid = 0;
663 task->exit_status = 0;
664 PDBG_S(" <--");
665 PDBG_CLOSE;
666 SL_RETURN (status, _("sh_ext_pclose"));
667}
668
669void sh_ext_tas_init (sh_tas_t * tas)
670{
671 int i;
672
673 tas->command = NULL;
674 tas->argc = 0;
675 tas->envc = 0;
676 tas->checksum[0] = '\0';
677 tas->pipeFD = (-1);
678 tas->pipeTI = SL_ETICKET;
679 tas->pid = (pid_t) -1;
680 tas->privileged = 1;
681 tas->pipe = NULL;
682 tas->rw = 'w';
683 tas->exit_status = 0;
684 tas->fork_twice = S_TRUE;
685
686 for (i = 0; i < 32; ++i)
687 {
688 tas->argv[i] = NULL;
689 tas->envv[i] = NULL;
690#if 0
691 tas->trusted_users[i] = (uid_t) -1;
692#endif
693 }
694
695 tas->run_user_uid = (uid_t) getuid();
696 tas->run_user_gid = (gid_t) getgid();
697
698 tas->com_fd = -1;
699 tas->com_ti = -1;
700 return;
701}
702
703
704int sh_ext_tas_add_envv(sh_tas_t * tas, const char * key, const char * val)
705{
706 size_t sk = 0, sv = 0;
707 int si;
708
709 SL_ENTER(_("sh_ext_tas_add_envv"));
710
711 if (tas == NULL || (key == NULL && val == NULL) ||
712 tas->envc >= 30)
713 {
714 SL_RETURN (-1, _("sh_ext_tas_add_envv"));
715 }
716 if (key != NULL)
717 sk = strlen(key) + 1;
718 if (val != NULL)
719 sv = strlen(val) + 1;
720
721 if (!sl_ok_adds(sk, sv))
722 {
723 SL_RETURN (-1, _("sh_ext_tas_add_envv"));
724 }
725 si = tas->envc;
726 tas->envv[si] = SH_ALLOC(sk + sv);
727
728 if (key != NULL)
729 {
730 (void) sl_strlcpy(tas->envv[si], key, sk+sv);
731 (void) sl_strlcat(tas->envv[si], "=", sk+sv);
732 if (val != NULL)
733 (void) sl_strlcat(tas->envv[si], val, sk+sv);
734 }
735 else
736 (void) sl_strlcpy(tas->envv[si], val, sv);
737
738 ++(tas->envc);
739 SL_RETURN ((tas->envc), _("sh_ext_tas_add_envv"));
740}
741
742int sh_ext_tas_rm_argv(sh_tas_t * tas)
743{
744 int last;
745
746 SL_ENTER(_("sh_ext_tas_rm_argv"));
747 if (tas == NULL || tas->argc == 0)
748 {
749 SL_RETURN (-1, _("sh_ext_tas_rm_argv"));
750 }
751
752 last = (tas->argc - 1);
753 --(tas->argc);
754 SH_FREE(tas->argv[last]);
755 tas->argv[last] = NULL;
756 SL_RETURN ((tas->argc), _("sh_ext_tas_rm_argv"));
757}
758
759int sh_ext_tas_add_argv(sh_tas_t * tas, const char * val)
760{
761 size_t sv = 0;
762 int si;
763
764 SL_ENTER(_("sh_ext_tas_add_argv"));
765
766 if (tas == NULL || val == NULL ||
767 tas->argc >= 30)
768 {
769 SL_RETURN (-1, _("sh_ext_tas_add_argv"));
770 }
771
772 if (val != NULL)
773 sv = strlen(val) + 1;
774
775 si = tas->argc;
776 tas->argv[si] = SH_ALLOC(sv);
777
778 (void) sl_strlcpy(tas->argv[si], val, sv);
779
780 ++(tas->argc);
781 SL_RETURN ((tas->argc), _("sh_ext_tas_add_argv"));
782}
783
784void sh_ext_tas_command(sh_tas_t * tas, const char * command)
785{
786 size_t len = sl_strlen(command);
787 tas->command = SH_ALLOC(len+1);
788 (void) sl_strlcpy(tas->command, command, len+1);
789 return;
790}
791
792void sh_ext_tas_free(sh_tas_t * tas)
793{
794 int i;
795 if (NULL != tas->command) SH_FREE(tas->command);
796
797 for (i = 0; i < 32; ++i)
798 {
799 if (NULL != tas->argv[i]) SH_FREE(tas->argv[i]);
800 if (NULL != tas->envv[i]) SH_FREE(tas->envv[i]);
801 }
802
803 if (tas->com_ti != (-1))
804 {
805 (void) sl_close(tas->com_ti);
806 tas->com_ti = -1;
807 tas->com_fd = -1;
808 }
809
810 return;
811}
812
813int sh_ext_popen_init (sh_tas_t * task, char * command)
814{
815 int status;
816
817 sh_ext_tas_init(task);
818
819 (void) sh_ext_tas_add_envv (task, _("SHELL"),
820 _("/bin/sh"));
821 (void) sh_ext_tas_add_envv (task, _("PATH"),
822 _("/sbin:/bin:/usr/sbin:/usr/bin:/usr/ucb"));
823 (void) sh_ext_tas_add_envv (task, _("IFS"), " \n\t");
824 if (sh.timezone != NULL)
825 {
826 (void) sh_ext_tas_add_envv(task, "TZ", sh.timezone);
827 }
828
829 sh_ext_tas_command(task, _("/bin/sh"));
830
831 (void) sh_ext_tas_add_argv(task, _("/bin/sh"));
832 (void) sh_ext_tas_add_argv(task, _("-c"));
833 (void) sh_ext_tas_add_argv(task, command);
834
835 task->rw = 'r';
836 task->fork_twice = S_FALSE;
837
838 status = sh_ext_popen(task);
839
840 return status;
841}
842
843/* Execute command, return first line of output
844 * ifconfig | grep -1 lo | tail -n 1 | sed s/.*inet addr:\([0-9.]*\)\(.*\)/\1/
845 */
846char * sh_ext_popen_str (char * command)
847{
848 sh_tas_t task;
849 struct sigaction new_act;
850 struct sigaction old_act;
851 char * out = NULL;
852 int status;
853
854 SL_ENTER(_("sh_ext_popen_str"));
855
856 status = sh_ext_popen_init (&task, command);
857
858 if (status != 0)
859 {
860 sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, status, MSG_E_SUBGEN,
861 _("Could not open pipe"), _("sh_ext_popen_str"));
862 SL_RETURN ((NULL), _("sh_ext_popen_str"));
863 }
864
865 /* ignore SIGPIPE (instead get EPIPE if connection is closed)
866 */
867 new_act.sa_handler = SIG_IGN;
868 (void) retry_sigaction (FIL__, __LINE__, SIGPIPE, &new_act, &old_act);
869
870 /* read from the open pipe
871 */
872 if (task.pipe != NULL)
873 {
874 int try = 1200; /* 1000 * 0.1 = 120 sec */
875 sh_string * s = sh_string_new(0);
876 do {
877 sh_string_read(s, task.pipe, 0);
878 if (sh_string_len(s) == 0)
879 {
880 --try; retry_msleep(0, 100);
881 }
882 } while (sh_string_len(s) == 0 && try != 0);
883
884 if (sh_string_len(s) == 0)
885 {
886 sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, status, MSG_E_SUBGEN,
887 _("No output from command"), _("sh_ext_popen_str"));
888 }
889
890 out = sh_util_strdup(sh_string_str(s));
891 sh_string_destroy(&s);
892 }
893
894 /* restore old signal handler
895 */
896 (void) retry_sigaction (FIL__, __LINE__, SIGPIPE, &old_act, NULL);
897
898 /* close pipe and return exit status
899 */
900 (void) sh_ext_pclose(&task);
901 sh_ext_tas_free (&task);
902 SL_RETURN ((out), _("sh_ext_popen_str"));
903}
904
905
906
907
908/* --------------- EXTERN STUFF ------------------- */
909
910#if defined(WITH_EXTERNAL)
911
912typedef struct _sh_com_t
913{
914 char type[4];
915
916 sh_filter_type * filter;
917
918 time_t deadtime;
919 time_t last_run;
920
921 sh_tas_t tas;
922
923 struct _sh_com_t * next;
924
925} sh_com_t;
926
927
928static
929void set3 (char * pos, char c1, char c2, char c3)
930{
931 pos[0] = c1;
932 pos[1] = c2;
933 pos[2] = c3;
934 pos[3] = '\0';
935 return;
936}
937
938
939
940/* initialize the external command structure
941 */
942static
943sh_com_t * command_init(void)
944{
945 uid_t ff_euid;
946 sh_com_t * ext_com = NULL;
947
948 SL_ENTER(_("command_init"));
949
950 ext_com = (sh_com_t *) SH_ALLOC(sizeof(sh_com_t));
951
952 if (!ext_com)
953 {
954 SL_RETURN( NULL, _("command_init"));
955 }
956
957 sh_ext_tas_init (&(ext_com->tas));
958
959 (void) sl_get_euid(&ff_euid);
960#if 0
961 ext_com->tas.trusted_users[0] = (uid_t) 0;
962 ext_com->tas.trusted_users[1] = (uid_t) (ff_euid);
963#endif
964
965 /* ------------------------------------------------- */
966
967 set3(ext_com->type, 'l', 'o', 'g');
968 ext_com->filter = NULL;
969 ext_com->deadtime = 0;
970 ext_com->last_run = 0;
971
972 ext_com->next = NULL;
973
974 SL_RETURN( ext_com, _("command_init"));
975}
976
977/* the list of external commands
978 */
979static sh_com_t * ext_coms = NULL;
980
981/* if -1, allocation of last command has failed,
982 * thus don't fill in options
983 */
984static int ext_failed = -1;
985
986static
987int sh_ext_add_envv(const char * key, const char * val)
988{
989 int retval;
990
991 SL_ENTER(_("sh_ext_add_envv"));
992
993 if (ext_coms == NULL || ext_failed == (-1) ||
994 (key == NULL && val == NULL) ||
995 ext_coms->tas.envc >= 30)
996 {
997 SL_RETURN (-1, _("sh_ext_add_envv"));
998 }
999
1000 retval = sh_ext_tas_add_envv(&(ext_coms->tas), key, val);
1001
1002 if (retval >= 0)
1003 retval = 0;
1004
1005 SL_RETURN (retval, _("sh_ext_add_envv"));
1006}
1007
1008
1009
1010static
1011int sh_ext_init(const char * command)
1012{
1013 sh_com_t * retval;
1014 size_t size;
1015
1016 SL_ENTER(_("sh_ext_init"));
1017
1018 if (command == NULL)
1019 {
1020 SL_RETURN (-1, _("sh_ext_init"));
1021 }
1022 size = strlen(command);
1023 if (command[0] != '/' || size < 2)
1024 {
1025 SL_RETURN (-1, _("sh_ext_init"));
1026 }
1027
1028 if (NULL == (retval = command_init()))
1029 {
1030 SL_RETURN (-1, _("sh_ext_init"));
1031 }
1032
1033 sh_ext_tas_command(&(retval->tas), command);
1034
1035 if (sh.timezone != NULL)
1036 {
1037 (void) sh_ext_add_envv( "TZ", sh.timezone);
1038 }
1039
1040 retval->next = ext_coms;
1041 ext_coms = retval;
1042 SL_RETURN (0, _("sh_ext_init"));
1043}
1044
1045static
1046int sh_ext_uid (const char * user, /*@out@*/uid_t * uid, /*@out@*/gid_t * gid)
1047{
1048 struct passwd * tempres;
1049#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
1050 struct passwd pwd;
1051 char * buffer = SH_ALLOC(SH_PWBUF_SIZE);
1052#endif
1053
1054 SL_ENTER(_("sh_ext_uid"));
1055
1056 *uid = (uid_t)-1; *gid = (gid_t)-1;
1057
1058 if (user == NULL)
1059 {
1060#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
1061 SH_FREE(buffer);
1062#endif
1063 SL_RETURN (-1, _("sh_ext_uid"));
1064 }
1065
1066#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
1067 sh_getpwnam_r(user, &pwd, buffer, SH_PWBUF_SIZE, &tempres);
1068#else
1069 tempres = sh_getpwnam(user);
1070#endif
1071
1072 if (NULL != tempres)
1073 {
1074 *uid = tempres->pw_uid;
1075 *gid = tempres->pw_gid;
1076#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
1077 SH_FREE(buffer);
1078#endif
1079 SL_RETURN (0, _("sh_ext_uid"));
1080 }
1081
1082#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
1083 SH_FREE(buffer);
1084#endif
1085 SL_RETURN (-1, _("sh_ext_uid"));
1086}
1087
1088
1089static
1090int sh_ext_add (const char * argstring, int * ntok, char * stok[])
1091{
1092 int i = 0;
1093 size_t s;
1094 char * p;
1095 char * new;
1096 size_t len;
1097
1098 SL_ENTER(_("sh_ext_add"));
1099
1100 if (NULL == argstring)
1101 {
1102 SL_RETURN((-1), _("sh_ext_add"));
1103 }
1104
1105 len = strlen(argstring) + 1;
1106 new = SH_ALLOC(len);
1107 sl_strlcpy(new, argstring, len);
1108
1109 do
1110 {
1111#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R)
1112 char * saveptr;
1113 if (i == 0)
1114 p = strtok_r (new, ", \t", &saveptr);
1115 else
1116 p = strtok_r (NULL, ", \t", &saveptr);
1117#else
1118 if (i == 0)
1119 p = strtok (new, ", \t");
1120 else
1121 p = strtok (NULL, ", \t");
1122#endif
1123
1124 if (p == NULL)
1125 break;
1126
1127 s = strlen(p) + 1;
1128 if (stok[i] != NULL)
1129 SH_FREE(stok[i]);
1130 stok[i] = SH_ALLOC(s);
1131 (void) sl_strlcpy(stok[i], p, s);
1132
1133 ++i;
1134 if (i == 30)
1135 break;
1136 }
1137 while (p != NULL);
1138
1139 *ntok = i;
1140 SH_FREE(new);
1141
1142 SL_RETURN (0, _("sh_ext_add"));
1143}
1144
1145/*********************************************************
1146 *
1147 * Public functions
1148 *
1149 *
1150 *********************************************************/
1151
1152/*
1153 * -- start a new external command, and add it to the list
1154 */
1155int sh_ext_setcommand(const char * cmd)
1156{
1157 int i;
1158
1159 SL_ENTER(_("sh_ext_setcommand"));
1160 if ( (i = sh_ext_init(cmd)) < 0)
1161 ext_failed = -1;
1162 else
1163 ext_failed = 0;
1164 SL_RETURN( i, _("sh_ext_setcommand"));
1165}
1166
1167
1168/*
1169 * -- clean up the command list
1170 */
1171int sh_ext_cleanup(void)
1172{
1173 sh_com_t * retval;
1174
1175 SL_ENTER(_("sh_ext_cleanup"));
1176
1177 while (ext_coms != NULL)
1178 {
1179 retval = ext_coms;
1180 ext_coms = retval->next;
1181
1182 sh_ext_tas_free (&(retval->tas));
1183
1184 if (retval->filter)
1185 sh_filter_free (retval->filter);
1186
1187 SH_FREE(retval);
1188
1189 }
1190
1191 SL_RETURN (0, _("sh_ext_cleanup"));
1192}
1193
1194/*
1195 * -- explicitely close a command
1196 */
1197int sh_ext_close_command (const char * str)
1198{
1199 (void) str;
1200 if (ext_coms == NULL || ext_failed == (-1))
1201 return (-1);
1202 ext_failed = (-1);
1203 return 0;
1204}
1205
1206/*
1207 * -- add keywords to the OR filter
1208 */
1209int sh_ext_add_or (const char * str)
1210{
1211 if (ext_coms == NULL || ext_failed == (-1))
1212 return (-1);
1213 if (ext_coms->filter == NULL)
1214 ext_coms->filter = sh_filter_alloc();
1215 return (sh_filter_add(str, ext_coms->filter, SH_FILT_OR));
1216}
1217
1218/*
1219 * -- add keywords to the AND filter
1220 */
1221int sh_ext_add_and (const char * str)
1222{
1223 if (ext_coms == NULL || ext_failed == (-1))
1224 return (-1);
1225 if (ext_coms->filter == NULL)
1226 ext_coms->filter = sh_filter_alloc();
1227 return (sh_filter_add(str, ext_coms->filter, SH_FILT_AND));
1228}
1229
1230/*
1231 * -- add keywords to the NOT filter
1232 */
1233int sh_ext_add_not (const char * str)
1234{
1235 if (ext_coms == NULL || ext_failed == (-1))
1236 return (-1);
1237 if (ext_coms->filter == NULL)
1238 ext_coms->filter = sh_filter_alloc();
1239 return (sh_filter_add(str, ext_coms->filter, SH_FILT_NOT));
1240}
1241
1242/*
1243 * -- add keywords to the CL argument list
1244 */
1245int sh_ext_add_argv (const char * str)
1246{
1247 if (ext_coms == NULL || ext_failed == (-1))
1248 return (-1);
1249 return (sh_ext_add (str, &(ext_coms->tas.argc), ext_coms->tas.argv));
1250}
1251
1252/*
1253 * -- add a path to the environment
1254 */
1255int sh_ext_add_default (const char * dummy)
1256{
1257 char * p = NULL;
1258 int i;
1259 char dir[SH_PATHBUF];
1260
1261 SL_ENTER(_("sh_ext_add_default"));
1262 if (dummy[0] == 'n' || dummy[0] == 'N' ||
1263 dummy[0] == 'f' || dummy[0] == 'F' || dummy[0] == '0')
1264 {
1265 SL_RETURN(0, _("sh_ext_add_default"));
1266 }
1267 p = sh_unix_getUIDdir (SH_ERR_ERR, (uid_t) ext_coms->tas.run_user_uid,
1268 dir, sizeof(dir));
1269 if (p)
1270 (void) sh_ext_add_envv (_("HOME"), p);
1271 (void) sh_ext_add_envv (_("SHELL"), _("/bin/sh"));
1272 (void) sh_ext_add_envv (_("PATH"), _("/sbin:/bin:/usr/sbin:/usr/bin"));
1273 (void) sh_ext_add_envv (_("IFS"), " \n\t");
1274 i = (p == NULL ? (-1) : 0);
1275 SL_RETURN(i, _("sh_ext_add_default"));
1276}
1277
1278/*
1279 * -- add an environment variable
1280 */
1281int sh_ext_add_environ (const char * str)
1282{
1283 int i;
1284
1285 SL_ENTER(_("sh_ext_add_environ"));
1286 i = sh_ext_add_envv (NULL, str);
1287 SL_RETURN(i, _("sh_ext_add_environ"));
1288}
1289
1290/*
1291 * -- set deadtime
1292 */
1293int sh_ext_deadtime (const char * str)
1294{
1295 long deadtime = 0;
1296 char * tail = NULL;
1297
1298 SL_ENTER(_("sh_ext_deadtime"));
1299
1300 if (ext_coms == NULL || ext_failed == (-1) || str == NULL)
1301 {
1302 SL_RETURN (-1, _("sh_ext_deadtime"));
1303 }
1304 deadtime = strtol(str, &tail, 10);
1305 if (tail == str || deadtime < 0 || deadtime == LONG_MAX)
1306 {
1307 SL_RETURN (-1, _("sh_ext_deadtime"));
1308 }
1309
1310 ext_coms->deadtime = (time_t) deadtime;
1311 SL_RETURN (0, _("sh_ext_deadtime"));
1312}
1313
1314/*
1315 * -- define type
1316 */
1317int sh_ext_type (const char * str)
1318{
1319 SL_ENTER(_("sh_ext_type"));
1320
1321 if (ext_coms == NULL || ext_failed == (-1) || str == NULL)
1322 {
1323 SL_RETURN((-1), _("sh_ext_type"));
1324 }
1325
1326 if (strlen(str) != 3)
1327 {
1328 SL_RETURN((-1), _("sh_ext_type"));
1329 }
1330
1331 set3(ext_coms->type, str[0], str[1], str[2]);
1332
1333 if (str[0] == 'l' && str[1] == 'o' && str[2] == 'g')
1334 ext_coms->tas.rw = 'w';
1335 else if (str[0] == 's' && str[1] == 'r' && str[2] == 'v')
1336 ext_coms->tas.rw = 'w';
1337 else if (str[0] == 'm' && str[1] == 'o' && str[2] == 'n')
1338 ext_coms->tas.rw = 'r';
1339 else
1340 {
1341 SL_RETURN((-1), _("sh_ext_type"));
1342 }
1343
1344 SL_RETURN(0, _("sh_ext_type"));
1345}
1346
1347
1348
1349/*
1350 * -- define checksum
1351 */
1352int sh_ext_checksum (const char * str)
1353{
1354 SL_ENTER(_("sh_ext_checksum"));
1355 if (ext_coms == NULL || ext_failed == (-1) || str == NULL)
1356 {
1357 SL_RETURN((-1), _("sh_ext_checksum"));
1358 }
1359
1360 if (sl_strlen(str) != KEY_LEN)
1361 {
1362 SL_RETURN((-1), _("sh_ext_checksum"));
1363 }
1364
1365 (void) sl_strlcpy (ext_coms->tas.checksum, str, KEY_LEN+1);
1366
1367 SL_RETURN((0), _("sh_ext_checksum"));
1368}
1369
1370/*
1371 * -- choose privileges
1372 */
1373int sh_ext_priv (const char * c)
1374{
1375
1376 uid_t me_uid;
1377 gid_t me_gid;
1378
1379 SL_ENTER(_("sh_ext_priv"));
1380 if (0 == sh_ext_uid (c, &me_uid, &me_gid))
1381 {
1382 ext_coms->tas.run_user_uid = me_uid;
1383 ext_coms->tas.run_user_gid = me_gid;
1384 if (me_uid != (uid_t) 0)
1385 ext_coms->tas.privileged = 0;
1386 SL_RETURN((0), _("sh_ext_priv"));
1387 }
1388
1389 SL_RETURN (-1, _("sh_ext_priv"));
1390}
1391
1392
1393
1394
1395/*
1396 * -- check filters
1397 */
1398static int sh_ext_filter (char * message, sh_com_t * task)
1399{
1400 time_t now_time;
1401
1402 SL_ENTER(_("sh_ext_filter"));
1403
1404 if (task->filter)
1405 {
1406 if (0 != sh_filter_filter (message, task->filter))
1407 {
1408 SL_RETURN ((-1), _("sh_ext_filter"));
1409 }
1410 }
1411
1412 /* Filter passed, check deadtime */
1413
1414 if (task->deadtime != (time_t) 0)
1415 {
1416 now_time = time (NULL);
1417
1418 if (task->last_run == (time_t) 0)
1419 {
1420 task->last_run = now_time;
1421 }
1422 else if ((time_t)(now_time-task->last_run) < task->deadtime)
1423 {
1424 SL_RETURN ((-1), _("sh_ext_filter"));
1425 }
1426 else
1427 {
1428 task->last_run = now_time;
1429 }
1430 }
1431
1432 SL_RETURN ((0), _("sh_ext_filter"));
1433}
1434
1435
1436
1437/*
1438 * -- execute external script/program
1439 */
1440int sh_ext_execute (char t1, char t2, char t3, /*@null@*/char * message,
1441 size_t msg_siz)
1442{
1443 int caperr;
1444 sh_com_t * listval = ext_coms;
1445 int status = 0;
1446 char * tmp;
1447 char errbuf[SH_ERRBUF_SIZE];
1448
1449 static int some_error = 0;
1450
1451 struct sigaction new_act;
1452 struct sigaction old_act;
1453
1454 SL_ENTER(_("sh_ext_execute"));
1455
1456 PDBG_OPEN;
1457
1458 if (listval == NULL || message == NULL)
1459 {
1460 SL_RETURN ((-1), _("sh_ext_execute"));
1461 }
1462
1463 PDBG(-1);
1464
1465 if (msg_siz == 0)
1466 msg_siz = sl_strlen(message);
1467
1468
1469 /* ignore SIGPIPE (instead get EPIPE if connection is closed)
1470 */
1471 new_act.sa_handler = SIG_IGN;
1472 (void) retry_sigaction (FIL__, __LINE__, SIGPIPE, &new_act, &old_act);
1473
1474 while (listval != NULL)
1475 {
1476 PDBG_OPEN;
1477 PDBG(-2);
1478 if (t1 == listval->type[0] &&
1479 t2 == listval->type[1] &&
1480 t3 == listval->type[2] &&
1481 0 == sh_ext_filter (message, listval))
1482 {
1483 PDBG(-3);
1484
1485 if (0 != (caperr = sl_get_cap_sub()))
1486 {
1487 sh_error_handle((-1), FIL__, __LINE__, caperr, MSG_E_SUBGEN,
1488 sh_error_message (caperr, errbuf, sizeof(errbuf)),
1489 _("sl_get_cap_sub"));
1490 }
1491 if (0 == sh_ext_popen (&(listval->tas)))
1492 {
1493 PDBG_OPEN;
1494 PDBG(-4);
1495 if (NULL != listval->tas.pipe && listval->tas.rw == 'w')
1496 {
1497 PDBG(-5);
1498 if (message != NULL)
1499 {
1500 PDBG(-6);
1501 status = (int) write (listval->tas.pipeFD,
1502 message, msg_siz);
1503 if (status >= 0)
1504 status = (int) write (listval->tas.pipeFD, "\n", 1);
1505 }
1506 PDBG_D(status);
1507 if (status >= 0)
1508 status = (int) write (listval->tas.pipeFD, "[", 1);
1509 PDBG_D(status);
1510 if (status >= 0)
1511 status = (int) write (listval->tas.pipeFD, "E", 1);
1512 PDBG_D(status);
1513 if (status >= 0)
1514 status = (int) write (listval->tas.pipeFD, "O", 1);
1515 PDBG_D(status);
1516 if (status >= 0)
1517 status = (int) write (listval->tas.pipeFD, "F", 1);
1518 PDBG_D(status);
1519 if (status >= 0)
1520 status = (int) write (listval->tas.pipeFD, "]", 1);
1521 PDBG_D(status);
1522 if (status >= 0)
1523 status = (int) write (listval->tas.pipeFD, "\n", 1);
1524 PDBG_D(status);
1525 if (status >= 0)
1526 {
1527 some_error = 0;
1528 }
1529 if ((status < 0) && (some_error == 0))
1530 {
1531 some_error = 1;
1532 PDBG_S("some error");
1533 PDBG_D(status);
1534 tmp = sh_util_safe_name (listval->tas.command);
1535
1536 if (tmp)
1537 {
1538 if (listval->tas.privileged == 0 &&
1539 (0 == getuid() || 0 != sl_is_suid()) )
1540 sh_error_handle((-1), FIL__, __LINE__, 0,
1541 MSG_NOEXEC,
1542 (UID_CAST) listval->tas.run_user_uid,
1543 tmp);
1544 else
1545 sh_error_handle((-1), FIL__, __LINE__, 0,
1546 MSG_NOEXEC,
1547 (UID_CAST) getuid(), tmp);
1548
1549 SH_FREE(tmp);
1550 }
1551
1552 }
1553 PDBG(-7);
1554 (void) fflush(listval->tas.pipe);
1555 }
1556 PDBG(-8);
1557 (void) sh_ext_pclose(&(listval->tas));
1558 }
1559 else
1560 {
1561 PDBG_OPEN;
1562 PDBG_S("0 != sh_ext_popen()");
1563 }
1564 if (0 != (caperr = sl_drop_cap_sub()))
1565 {
1566 sh_error_handle((-1), FIL__, __LINE__, caperr, MSG_E_SUBGEN,
1567 sh_error_message (caperr, errbuf, sizeof(errbuf)),
1568 _("sl_drop_cap_sub"));
1569 }
1570
1571 }
1572 listval = listval->next;
1573 }
1574 PDBG_OPEN;
1575 PDBG_S("no more commands");
1576
1577 /* restore old signal handler
1578 */
1579 (void) retry_sigaction (FIL__, __LINE__, SIGPIPE, &old_act, NULL);
1580 PDBG_S("return");
1581 PDBG_CLOSE;
1582
1583 SL_RETURN ((0), _("sh_ext_execute"));
1584}
1585
1586
1587/* #if defined(WITH_EXTERNAL) */
1588#endif
Note: See TracBrowser for help on using the repository browser.