chiark
/
gitweb
/
~ian
/
userv.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Move xtrsave(string) to avoid possible memory leak.
[userv.git]
/
process.c
diff --git
a/process.c
b/process.c
index 35eba59ccd115c9091a277637b6b38e422a0f22a..b091f4e5b8876b490f6159eb0a0f071eac07a51d 100644
(file)
--- a/
process.c
+++ b/
process.c
@@
-41,7
+41,6
@@
#include <stdio.h>
#include <stdarg.h>
#include <unistd.h>
#include <stdio.h>
#include <stdarg.h>
#include <unistd.h>
-#include <wait.h>
#include <assert.h>
#include <signal.h>
#include <string.h>
#include <assert.h>
#include <signal.h>
#include <string.h>
@@
-52,6
+51,7
@@
#include <grp.h>
#include <ctype.h>
#include <limits.h>
#include <grp.h>
#include <ctype.h>
#include <limits.h>
+#include <sys/wait.h>
#include <sys/types.h>
#include <sys/fcntl.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/fcntl.h>
#include <sys/stat.h>
@@
-126,7
+126,7
@@
static void xfwriteerror(void) {
if (errno != EPIPE) syscallerror("writing to client");
blocksignals();
ensurelogopen(USERVD_LOGFACILITY);
if (errno != EPIPE) syscallerror("writing to client");
blocksignals();
ensurelogopen(USERVD_LOGFACILITY);
- syslog(LOG_
DEBUG
,"client went away (broken pipe)");
+ syslog(LOG_
INFO
,"client went away (broken pipe)");
disconnect(8);
}
disconnect(8);
}
@@
-151,7
+151,7
@@
static void xfread(void *p, size_t sz) {
if (ferror(srfile)) syscallerror("reading from client");
blocksignals();
assert(feof(srfile));
if (ferror(srfile)) syscallerror("reading from client");
blocksignals();
assert(feof(srfile));
- syslog(LOG_
DEBUG
,"client went away (unexpected EOF)");
+ syslog(LOG_
INFO
,"client went away (unexpected EOF)");
swfile= 0;
disconnect(8);
}
swfile= 0;
disconnect(8);
}
@@
-183,7
+183,7
@@
static void getevent(struct event_msg *event_r) {
blocksignals();
syslog(LOG_ERR,"client sent bad file descriptor %d to close (max %d)",
fd,fdarrayused-1);
blocksignals();
syslog(LOG_ERR,"client sent bad file descriptor %d to close (max %d)",
fd,fdarrayused-1);
- disconnect(
12
);
+ disconnect(
20
);
}
if (fdarray[fd].holdfd!=-1) {
if (close(fdarray[fd].holdfd)) syscallerror("cannot close holding fd");
}
if (fdarray[fd].holdfd!=-1) {
if (close(fdarray[fd].holdfd)) syscallerror("cannot close holding fd");
@@
-192,7
+192,7
@@
static void getevent(struct event_msg *event_r) {
break;
case et_disconnect:
blocksignals();
break;
case et_disconnect:
blocksignals();
- syslog(LOG_
DEBUG
,"client disconnected");
+ syslog(LOG_
INFO
,"client disconnected");
disconnect(4);
default:
return;
disconnect(4);
default:
return;
@@
-218,7
+218,7
@@
void syscallerror(const char *what) {
e= errno;
blocksignals();
syslog(LOG_ERR,"system call failure: %s: %s",what,strerror(e));
e= errno;
blocksignals();
syslog(LOG_ERR,"system call failure: %s: %s",what,strerror(e));
- disconnect(1
8
);
+ disconnect(1
6
);
}
/* Functions which may be called from signal handlers. These
}
/* Functions which may be called from signal handlers. These
@@
-287,7
+287,7
@@
static void NONRETURNING sighandler_chld(int ignored) {
xfwrite(&progress_mbuf,sizeof(progress_mbuf),swfile);
xfflush(swfile);
xfwrite(&progress_mbuf,sizeof(progress_mbuf),swfile);
xfflush(swfile);
- syslog(LOG_
DEBUG
,"service completed (status %d %d)",(status>>8)&0x0ff,status&0x0ff);
+ syslog(LOG_
INFO
,"service completed (status %d %d)",(status>>8)&0x0ff,status&0x0ff);
_exit(0);
}
_exit(0);
}
@@
-327,7
+327,7
@@
static void NONRETURNING generalfailure(const char *prefix, int reserveerrno,
strnytcat(errmsg,strerror(errnoval),sizeof(errmsg));
}
senderrmsgstderr(errmsg);
strnytcat(errmsg,strerror(errnoval),sizeof(errmsg));
}
senderrmsgstderr(errmsg);
- syslog(LOG_
DEBUG
,"service failed (%s)",errmsg);
+ syslog(LOG_
INFO
,"service failed (%s)",errmsg);
disconnect(12);
}
disconnect(12);
}
@@
-399,6
+399,7
@@
static void send_opening(void) {
memset(&opening_mbuf,0,sizeof(opening_mbuf));
opening_mbuf.magic= OPENING_MAGIC;
memcpy(opening_mbuf.protocolchecksumversion,protocolchecksumversion,PCSUMSIZE);
memset(&opening_mbuf,0,sizeof(opening_mbuf));
opening_mbuf.magic= OPENING_MAGIC;
memcpy(opening_mbuf.protocolchecksumversion,protocolchecksumversion,PCSUMSIZE);
+ opening_mbuf.overlordpid= overlordpid;
opening_mbuf.serverpid= mypid;
xfwrite(&opening_mbuf,sizeof(opening_mbuf),swfile);
xfflush(swfile);
opening_mbuf.serverpid= mypid;
xfwrite(&opening_mbuf,sizeof(opening_mbuf),swfile);
xfflush(swfile);
@@
-411,6
+412,7
@@
static void receive_request(void) {
xfread(&request_mbuf,sizeof(request_mbuf));
serviceuser= xfreadsetstring(request_mbuf.serviceuserlen);
service= xfreadsetstring(request_mbuf.servicelen);
xfread(&request_mbuf,sizeof(request_mbuf));
serviceuser= xfreadsetstring(request_mbuf.serviceuserlen);
service= xfreadsetstring(request_mbuf.servicelen);
+ assert(request_mbuf.spoofed==0 || request_mbuf.spoofed==1);
logname= xfreadsetstring(request_mbuf.lognamelen);
cwd= xfreadsetstring(request_mbuf.cwdlen);
if (request_mbuf.overridelen >= 0) {
logname= xfreadsetstring(request_mbuf.lognamelen);
cwd= xfreadsetstring(request_mbuf.cwdlen);
if (request_mbuf.overridelen >= 0) {
@@
-505,12
+507,15
@@
static void lookup_uidsgids(void) {
serviceuser_shell= xstrsave(pw->pw_shell);
serviceuser_uid= pw->pw_uid;
serviceuser_shell= xstrsave(pw->pw_shell);
serviceuser_uid= pw->pw_uid;
+ if (setregid(pw->pw_gid,pw->pw_gid)) syscallerror("setregid 1");
if (initgroups(pw->pw_name,pw->pw_gid)) syscallerror("initgroups");
if (setreuid(pw->pw_uid,pw->pw_uid)) syscallerror("setreuid 1");
if (setreuid(pw->pw_uid,pw->pw_uid)) syscallerror("setreuid 2");
if (initgroups(pw->pw_name,pw->pw_gid)) syscallerror("initgroups");
if (setreuid(pw->pw_uid,pw->pw_uid)) syscallerror("setreuid 1");
if (setreuid(pw->pw_uid,pw->pw_uid)) syscallerror("setreuid 2");
- if (pw->pw_uid)
+ if (pw->pw_uid)
{
if (!setreuid(pw->pw_uid,0)) miscerror("setreuid 3 unexpectedly succeeded");
if (!setreuid(pw->pw_uid,0)) miscerror("setreuid 3 unexpectedly succeeded");
- if (errno != EPERM) syscallerror("setreuid 3 failed in unexpected way");
+ if (errno != EPERM) syscallerror("setreuid 3 failed in unexpected way");
+ }
+ if (setregid(pw->pw_gid,pw->pw_gid)) syscallerror("setregid 2");
service_ngids= getgroups(0,0); if (service_ngids == -1) syscallerror("getgroups(0,0)");
if (service_ngids > MAX_GIDS) miscerror("service user is in far too many groups");
service_ngids= getgroups(0,0); if (service_ngids == -1) syscallerror("getgroups(0,0)");
if (service_ngids > MAX_GIDS) miscerror("service user is in far too many groups");
@@
-594,6
+599,7
@@
static void makenonexistentfd(int fd) {
if (fdarray[fd].holdfd != -1) {
if (close(fdarray[fd].holdfd))
syscallfailure("close unwanted hold descriptor for %d",fd);
if (fdarray[fd].holdfd != -1) {
if (close(fdarray[fd].holdfd))
syscallfailure("close unwanted hold descriptor for %d",fd);
+ fdarray[fd].holdfd= -1;
}
}
}
}
}
}
@@
-710,9
+716,13
@@
void servicerequest(int sfd) {
setup_comms(sfd);
send_opening();
receive_request();
setup_comms(sfd);
send_opening();
receive_request();
+ if (request_mbuf.clientpid == (pid_t)-1) _exit(2);
establish_pipes();
lookup_uidsgids();
debug_dumprequest(mypid);
establish_pipes();
lookup_uidsgids();
debug_dumprequest(mypid);
+ syslog(LOG_INFO,"%s %s -> %s %c %s",
+ request_mbuf.spoofed ? "spoof" : "user",
+ logname, serviceuser, overridedata?'!':':', service);
if (overridedata)
r= parse_string(TOPLEVEL_OVERRIDDEN_CONFIGURATION,
if (overridedata)
r= parse_string(TOPLEVEL_OVERRIDDEN_CONFIGURATION,