/* -*-c-*-
- *
- * $Id: exec.c,v 1.8 2003/11/29 20:36:07 mdw Exp $
*
* Source and target for executable programs
*
* (c) 1999 Straylight/Edgeware
*/
-/*----- Licensing notice --------------------------------------------------*
+/*----- Licensing notice --------------------------------------------------*
*
- * This file is part of the `fw' port forwarder.
+ * This file is part of the `fwd' port forwarder.
*
- * `fw' is free software; you can redistribute it and/or modify
+ * `fwd' is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
- *
- * `fw' is distributed in the hope that it will be useful,
+ *
+ * `fwd' is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
- * along with `fw'; if not, write to the Free Software Foundation,
+ * along with `fwd'; if not, write to the Free Software Foundation,
* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: exec.c,v $
- * Revision 1.8 2003/11/29 20:36:07 mdw
- * Privileged outgoing connections.
- *
- * Revision 1.7 2003/01/24 20:12:26 mdw
- * Correctly cast uid and gid sentinel values. Parse full filenames in
- * exec arguments (can't do it for program, unfortunately, since the die is
- * cast).
- *
- * Revision 1.6 2002/02/22 23:43:32 mdw
- * Call @xfree@ rather than @free@.
- *
- * Revision 1.5 2002/01/13 14:49:03 mdw
- * Track @lbuf@ changes in mLib.
- *
- * Revision 1.4 2001/02/03 20:30:03 mdw
- * Support re-reading config files on SIGHUP.
- *
- * Revision 1.3 2000/07/01 11:28:52 mdw
- * Use new mLib selbuf features.
- *
- * Revision 1.2 1999/10/22 22:46:17 mdw
- * When a non-file endpoint is attached to a file, keep the file endpoint
- * open until the nonfile is done. This stops socket sources from
- * resetting their connection limits too early.
- *
- * Revision 1.1 1999/07/26 23:33:32 mdw
- * New sources and targets.
- *
- */
-
-/*----- Header files ------------------------------------------------------*/
-
-#include "config.h"
-
-#define _GNU_SOURCE
-
-#include <ctype.h>
-#include <errno.h>
-#include <signal.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <sys/wait.h>
-
-#ifdef HAVE_SETRLIMIT
-# include <sys/resource.h>
-#endif
-
-#ifndef DECL_ENVIRON
- extern char **environ;
-#endif
-
-#include <pwd.h>
-#include <grp.h>
-
-#include <syslog.h>
-
-#include <mLib/alloc.h>
-#include <mLib/dstr.h>
-#include <mLib/env.h>
-#include <mLib/fdflags.h>
-#include <mLib/report.h>
-#include <mLib/sel.h>
-#include <mLib/selbuf.h>
-#include <mLib/sig.h>
-#include <mLib/sub.h>
-#include <mLib/sym.h>
-
-#include "conf.h"
-#include "endpt.h"
-#include "exec.h"
-#include "fattr.h"
-#include "fw.h"
-#include "reffd.h"
-#include "scan.h"
-#include "source.h"
-#include "target.h"
+#include "fwd.h"
/*----- Data structures ---------------------------------------------------*/
#ifdef HAVE_SETRLIMIT
typedef struct xlimit {
-#define R(r, n) struct rlimit n;
-#include "rlimits.h"
+#define XLIMIT_ENTRY(name, constant) struct rlimit name;
+ RLIMITS(XLIMIT_ENTRY)
+#undef XLIMIT_ENTRY
} xlimit;
#endif
} rlimit_ent;
static rlimit_ent rlimits[] = {
-#define R(r, n) { #n, #r, r, offsetof(xlimit, n) },
-#include "rlimits.h"
+#define TABLE_ENTRY(name, constant) \
+ { #name, #constant, constant, offsetof(xlimit, name) },
+ RLIMITS(TABLE_ENTRY)
+#undef TABLE_ENTRY
{ 0, 0, 0, 0 }
};
break;
case w_soft:
if (v > rl->rlim_max)
- error(sc, "soft limit %l exceeds hard limit %l for %s",
- v, rl->rlim_max, chosen->rname);
+ error(sc, "soft limit %lu exceeds hard limit %lu for %s",
+ (unsigned long)v, (unsigned long)rl->rlim_max,
+ chosen->rname);
rl->rlim_cur = v;
break;
case w_hard:
/* --- Make a pipe for standard error --- */
if (pipe(fd)) {
- fw_log(-1, "[%s] couldn't create pipe: %s", xe->desc, strerror(errno));
+ fw_log(NOW, "[%s] couldn't create pipe: %s", xe->desc, strerror(errno));
return;
}
fdflags(fd[0], O_NONBLOCK, O_NONBLOCK, FD_CLOEXEC, FD_CLOEXEC);
/* --- Fork a child, and handle an error if there was one --- */
if ((kid = fork()) == -1) {
- fw_log(-1, "[%s] couldn't fork: %s", xe->desc, strerror(errno));
+ fw_log(NOW, "[%s] couldn't fork: %s", xe->desc, strerror(errno));
close(fd[0]);
close(fd[1]);
return;
if (kid == 0) {
xopts *xo = xe->xo;
+ mdup_fd md[3];
/* --- Fiddle with the file descriptors --- *
*
*/
close(fd[0]);
- if (dup2(in->fd, STDIN_FILENO) < 0 ||
- dup2(out->fd, STDOUT_FILENO) < 0 ||
- dup2(fd[1], STDERR_FILENO) < 0) {
+ md[0].cur = in->fd; md[0].want = STDIN_FILENO;
+ md[1].cur = out->fd; md[1].want = STDOUT_FILENO;
+ md[2].cur = fd[1]; md[2].want = STDERR_FILENO;
+ if (mdup(md, 3)) {
moan("couldn't manipulate file descriptors: %s", strerror(errno));
_exit(1);
}
- if (in->fd > 2)
- close(in->fd);
- if (out->fd > 2)
- close(out->fd);
-
fdflags(STDIN_FILENO, O_NONBLOCK, 0, FD_CLOEXEC, 0);
fdflags(STDOUT_FILENO, O_NONBLOCK, 0, FD_CLOEXEC, 0);
fdflags(STDERR_FILENO, O_NONBLOCK, 0, FD_CLOEXEC, 0);
xept_list->prev = xe;
xept_list = xe;
if (!(xe->xo->f & XF_NOLOG))
- fw_log(-1, "[%s] started with pid %i", xe->desc, kid);
+ fw_log(NOW, "[%s] started with pid %i", xe->desc, kid);
fw_inc();
return;
}
/* Nothin' doin' */;
else if (WIFEXITED(xe->st)) {
if (WEXITSTATUS(xe->st) == 0)
- fw_log(-1, "[%s] pid %i exited successfully", xe->desc, xe->kid);
+ fw_log(NOW, "[%s] pid %i exited successfully", xe->desc, xe->kid);
else {
- fw_log(-1, "[%s] pid %i failed: status %i",
+ fw_log(NOW, "[%s] pid %i failed: status %i",
xe->desc, xe->kid, WEXITSTATUS(xe->st));
}
} else if (WIFSIGNALED(xe->st)) {
sprintf(buf, "signal %i", WTERMSIG(xe->st));
s = buf;
#endif
- fw_log(-1, "[%s] pid %i failed: %s", xe->desc, xe->kid, s);
+ fw_log(NOW, "[%s] pid %i failed: %s", xe->desc, xe->kid, s);
} else
- fw_log(-1, "[%s] pid %i failed: unrecognized status", xe->desc, xe->kid);
+ fw_log(NOW, "[%s] pid %i failed: unrecognized status",
+ xe->desc, xe->kid);
/* --- Free up the parent-side resources --- */
{
xept *xe = v;
if (p)
- fw_log(-1, "[%s] pid %i: %s", xe->desc, xe->kid, p);
+ fw_log(NOW, "[%s] pid %i: %s", xe->desc, xe->kid, p);
else {
close(xe->err.reader.fd);
selbuf_destroy(&xe->err);
token(sc);
if (sc->t == '=')
token(sc);
- conf_name(sc, '/', &d);
+ conf_fname(sc, &d);
xo->dir = xstrdup(d.buf);
dstr_destroy(&d);
CONF_ACCEPT;
/* --- Set a chroot prison --- */
if (strcmp(sc->d.buf, "root") == 0 ||
- strcmp(sc->d.buf, "chroot") == 0) {
+ strcmp(sc->d.buf, "chroot") == 0) {
dstr d = DSTR_INIT;
token(sc);
if (sc->t == '=')
token(sc);
- conf_name(sc, '/', &d);
+ conf_fname(sc, &d);
xo->root = xstrdup(d.buf);
dstr_destroy(&d);
CONF_ACCEPT;
ee->ops->close(ee);
goto tidy;
}
- endpt_join(e, ee);
+ endpt_join(e, ee, xs->s.desc);
/* --- Dispose of source and target --- */