@@ -1,3 +1,9 @@

[userv.git] / process.c

diff --git a/process.c b/process.c
index 3ca468cea0414cffc31e94c7cc7299a6c5db6bb5..636255a286f18209d2eed766e18d42bf260ec169 100644 (file)
--- a/process.c
+++ b/process.c
@@ -52,7 +52,8 @@
 #include <ctype.h>
 #include <limits.h>
 #include <sys/wait.h>
-#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/resource.h>
 #include <sys/fcntl.h>
 #include <sys/stat.h>
 #include <sys/socket.h>
@@ -74,7 +75,7 @@ int fdarraysize, fdarrayused;
 int restfdwantstate= tokv_word_rejectfd, restfdwantrw;
 int service_ngids;
 char **argarray;
-char *serviceuser, *service, *logname, *cwd;
+char *serviceuser, *service, *loginname, *cwd;
 char *overridedata, *userrcfile;
 char *serviceuser_dir, *serviceuser_shell, *callinguser_shell;
 gid_t *calling_gids, *service_gids;
@@ -270,8 +271,18 @@ void NONRETURNING disconnect(int exitstatus) {
   _exit(exitstatus);
 }
 
-static void NONRETURNING sighandler_chld(int ignored) {
+static void reporttermination(int status) {
   struct progress_msg progress_mbuf;
+  
+  memset(&progress_mbuf,0,sizeof(progress_mbuf));
+  progress_mbuf.magic= PROGRESS_MAGIC;
+  progress_mbuf.type= pt_terminated;
+  progress_mbuf.data.terminated.status= status;
+  xfwrite(&progress_mbuf,sizeof(progress_mbuf),swfile);
+  xfflush(swfile);
+}
+
+static void NONRETURNING sighandler_chld(int ignored) {
   int status;
   pid_t returned;
 
@@ -281,13 +292,7 @@ static void NONRETURNING sighandler_chld(int ignored) {
   if (returned!=child) syscallerror("spurious child process");
   child= childtokill= -1;
 
-  memset(&progress_mbuf,0,sizeof(progress_mbuf));
-  progress_mbuf.magic= PROGRESS_MAGIC;
-  progress_mbuf.type= pt_terminated;
-  progress_mbuf.data.terminated.status= status;
-  xfwrite(&progress_mbuf,sizeof(progress_mbuf),swfile);
-  xfflush(swfile);
-
+  reporttermination(status);
   syslog(LOG_INFO,"service completed (status %d %d)",(status>>8)&0x0ff,status&0x0ff);
   _exit(0);
 }
@@ -414,7 +419,7 @@ static void receive_request(void) {
   serviceuser= xfreadsetstring(request_mbuf.serviceuserlen);
   service= xfreadsetstring(request_mbuf.servicelen);
   assert(request_mbuf.spoofed==0 || request_mbuf.spoofed==1);
-  logname= xfreadsetstring(request_mbuf.lognamelen);
+  loginname= xfreadsetstring(request_mbuf.loginnamelen);
   cwd= xfreadsetstring(request_mbuf.cwdlen);
   if (request_mbuf.overridelen >= 0) {
     assert(request_mbuf.overridelen <= MAX_OVERRIDE_LEN);
@@ -496,9 +501,9 @@ static void groupnames(int ngids, gid_t *gids, const char ***names_r) {
 static void lookup_uidsgids(void) {
   struct passwd *pw;
 
-  pw= getpwnam(logname);
+  pw= getpwnam(loginname);
   if (!pw) miscerror("look up calling user");
-  assert(!strcmp(pw->pw_name,logname));
+  assert(!strcmp(pw->pw_name,loginname));
   callinguser_shell= xstrsave(pw->pw_shell);
 
   pw= getpwnam(serviceuser);
@@ -723,7 +728,7 @@ void servicerequest(int sfd) {
   debug_dumprequest(mypid);
   syslog(LOG_INFO,"%s %s -> %s %c %s",
         request_mbuf.spoofed ? "spoof" : "user",
-        logname, serviceuser, overridedata?'!':':', service);
+        loginname, serviceuser, overridedata?'!':':', service);
 
   if (overridedata)
     r= parse_string(TOPLEVEL_OVERRIDDEN_CONFIGURATION,
@@ -745,6 +750,18 @@ void servicerequest(int sfd) {
   getevent(&event_mbuf);
   assert(event_mbuf.type == et_confirm);
 
+  if (execbuiltin == bisexec_shutdown && !serviceuser_uid) {
+    /* The check for the uid is just so we can give a nice
+     * error message (in the actual code for bisexec_shutdown).
+     * If this is spoofed somehow then the unlink() will simply fail.
+     */
+    r= unlink(RENDEZVOUSPATH);
+    if (r) syscallfailure("remove rendezvous socket %s",RENDEZVOUSPATH);
+    syslog(LOG_NOTICE,"arranging for termination, due to client request");
+    reporttermination(0);
+    _exit(10);
+  }
+
   fork_service_synch();
   
   getevent(&event_mbuf);