X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=userv.git;a=blobdiff_plain;f=process.c;h=e624fb8a5e4da420cfa9127ae63d9621a8f56b32;hp=3ca468cea0414cffc31e94c7cc7299a6c5db6bb5;hb=93dc755251df6490871f5b719d62d7f3ddfced32;hpb=b6c671fd90134d458ad4722ec3a99742bced1a34 diff --git a/process.c b/process.c index 3ca468c..e624fb8 100644 --- a/process.c +++ b/process.c @@ -2,7 +2,7 @@ * userv - process.c * daemon code to process one request (is parent of service process) * - * Copyright (C)1996-1999 Ian Jackson + * Copyright (C)1996-1999,2001,2003 Ian Jackson * * This is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by @@ -49,11 +49,12 @@ #include #include #include -#include #include +#include #include +#include +#include #include -#include #include #include #include @@ -74,7 +75,7 @@ int fdarraysize, fdarrayused; int restfdwantstate= tokv_word_rejectfd, restfdwantrw; int service_ngids; char **argarray; -char *serviceuser, *service, *logname, *cwd; +char *serviceuser, *service, *loginname, *cwd; char *overridedata, *userrcfile; char *serviceuser_dir, *serviceuser_shell, *callinguser_shell; gid_t *calling_gids, *service_gids; @@ -270,8 +271,18 @@ void NONRETURNING disconnect(int exitstatus) { _exit(exitstatus); } -static void NONRETURNING sighandler_chld(int ignored) { +static void reporttermination(int status) { struct progress_msg progress_mbuf; + + memset(&progress_mbuf,0,sizeof(progress_mbuf)); + progress_mbuf.magic= PROGRESS_MAGIC; + progress_mbuf.type= pt_terminated; + progress_mbuf.data.terminated.status= status; + xfwrite(&progress_mbuf,sizeof(progress_mbuf),swfile); + xfflush(swfile); +} + +static void NONRETURNING sighandler_chld(int ignored) { int status; pid_t returned; @@ -281,13 +292,7 @@ static void NONRETURNING sighandler_chld(int ignored) { if (returned!=child) syscallerror("spurious child process"); child= childtokill= -1; - memset(&progress_mbuf,0,sizeof(progress_mbuf)); - progress_mbuf.magic= PROGRESS_MAGIC; - progress_mbuf.type= pt_terminated; - progress_mbuf.data.terminated.status= status; - xfwrite(&progress_mbuf,sizeof(progress_mbuf),swfile); - xfflush(swfile); - + reporttermination(status); syslog(LOG_INFO,"service completed (status %d %d)",(status>>8)&0x0ff,status&0x0ff); _exit(0); } @@ -414,7 +419,7 @@ static void receive_request(void) { serviceuser= xfreadsetstring(request_mbuf.serviceuserlen); service= xfreadsetstring(request_mbuf.servicelen); assert(request_mbuf.spoofed==0 || request_mbuf.spoofed==1); - logname= xfreadsetstring(request_mbuf.lognamelen); + loginname= xfreadsetstring(request_mbuf.loginnamelen); cwd= xfreadsetstring(request_mbuf.cwdlen); if (request_mbuf.overridelen >= 0) { assert(request_mbuf.overridelen <= MAX_OVERRIDE_LEN); @@ -438,6 +443,8 @@ static void receive_request(void) { assert(fdarray[fd].iswrite == -1); fdarray[fd].iswrite= (i>=request_mbuf.nreadfds); } + /* fdarray[].iswrite now set; rest is still blank + * (ie want reject read, no realfd holdfd). */ assert(request_mbuf.nargs <= MAX_ARGSDEFVAR); argarray= xmalloc(sizeof(char*)*(request_mbuf.nargs)); @@ -477,6 +484,14 @@ static void establish_pipes(void) { if (unlink(pipepathbuf)) syscallerror("unlink pipe"); if (close(tempfd)) syscallerror("close prelim fd onto pipe"); } + /* Now fdarray[].realfd is pipe end for service in case service + * wants it. If it's an input pipe, then .holdfd is the other + * (writing) end of the pipe - we keep it around so that the service + * doesn't get an apparently clean EOF if the caller disappears (eg + * due to a file read error) or the like (ie so that on disconnect + * we can guarantee to send the service SIGHUP before it gets EOF on + * the input fd). Otherwise, .holdfd=-1. + */ } static void groupnames(int ngids, gid_t *gids, const char ***names_r) { @@ -496,9 +511,9 @@ static void groupnames(int ngids, gid_t *gids, const char ***names_r) { static void lookup_uidsgids(void) { struct passwd *pw; - pw= getpwnam(logname); + pw= getpwnam(loginname); if (!pw) miscerror("look up calling user"); - assert(!strcmp(pw->pw_name,logname)); + assert(!strcmp(pw->pw_name,loginname)); callinguser_shell= xstrsave(pw->pw_shell); pw= getpwnam(serviceuser); @@ -640,7 +655,6 @@ static void check_fds(void) { case tokv_word_requirefd: if (fdarray[fd].realfd == -1) failure("file descriptor %d required but not provided",fd); - assert(fdarray[fd].holdfd == -1); /* fall through */ case tokv_word_allowfd: if (fdarray[fd].realfd == -1) { @@ -657,6 +671,10 @@ static void check_fds(void) { } } } + /* Now fdarray[].realfd is exactly what service wants: pipe end or + * /dev/null or -1. If .realfd is not -1 then .holdfd may be the fd + * for the writing end of the corresponding pipe. + */ } static void send_progress_ok(void) { @@ -723,7 +741,7 @@ void servicerequest(int sfd) { debug_dumprequest(mypid); syslog(LOG_INFO,"%s %s -> %s %c %s", request_mbuf.spoofed ? "spoof" : "user", - logname, serviceuser, overridedata?'!':':', service); + loginname, serviceuser, overridedata?'!':':', service); if (overridedata) r= parse_string(TOPLEVEL_OVERRIDDEN_CONFIGURATION, @@ -745,6 +763,18 @@ void servicerequest(int sfd) { getevent(&event_mbuf); assert(event_mbuf.type == et_confirm); + if (execbuiltin == bisexec_shutdown && !serviceuser_uid) { + /* The check for the uid is just so we can give a nice + * error message (in the actual code for bisexec_shutdown). + * If this is spoofed somehow then the unlink() will simply fail. + */ + r= unlink(RENDEZVOUSPATH); + if (r) syscallfailure("remove rendezvous socket %s",RENDEZVOUSPATH); + syslog(LOG_NOTICE,"arranging for termination, due to client request"); + reporttermination(0); + _exit(10); + } + fork_service_synch(); getevent(&event_mbuf);