suzanne.soy/qubes-core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qrexec: expand tabs, no functional change

Browse Source
This commit is contained in:
Marek Marczykowski-Górecki 2015-03-15 00:54:43 +01:00
parent 4a7928212b
commit 6160ae8230
2 changed files with 465 additions and 465 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

788
qrexec/qrexec-agent.c
View File

@ -35,27 +35,27 @@
#include "libqrexec-utils.h" #include "libqrexec-utils.h"
enum fdtype { enum fdtype {
FDTYPE_INVALID, FDTYPE_INVALID,
FDTYPE_STDOUT, FDTYPE_STDOUT,
FDTYPE_STDERR FDTYPE_STDERR
}; };
struct _process_fd { struct _process_fd {
int client_id; int client_id;
int type; int type;
int is_blocked; int is_blocked;
}; };
struct _client_info { struct _client_info {
int stdin_fd; int stdin_fd;
int stdout_fd; int stdout_fd;
int stderr_fd; int stderr_fd;
int exit_status; int exit_status;
int is_exited; int is_exited;
int pid; int pid;
int is_blocked; int is_blocked;
int is_close_after_flush_needed; int is_close_after_flush_needed;
struct buffer buffer; struct buffer buffer;
}; };
int max_process_fd = -1; int max_process_fd = -1;
@ -75,533 +75,533 @@ void do_exec(const char *cmd);
void init() void init()
{ {
peer_server_init(REXEC_PORT); peer_server_init(REXEC_PORT);
umask(0); umask(0);
mkfifo(QREXEC_AGENT_TRIGGER_PATH, 0666); mkfifo(QREXEC_AGENT_TRIGGER_PATH, 0666);
passfd_socket = get_server_socket(QREXEC_AGENT_FDPASS_PATH); passfd_socket = get_server_socket(QREXEC_AGENT_FDPASS_PATH);
umask(077); umask(077);
trigger_fd = trigger_fd =
open(QREXEC_AGENT_TRIGGER_PATH, O_RDONLY | O_NONBLOCK); open(QREXEC_AGENT_TRIGGER_PATH, O_RDONLY | O_NONBLOCK);
register_exec_func(do_exec); register_exec_func(do_exec);
} }
void wake_meminfo_writer() { void wake_meminfo_writer() {
FILE *f; FILE *f;
int pid; int pid;
if (meminfo_write_started) if (meminfo_write_started)
/* wake meminfo-writer only once */ /* wake meminfo-writer only once */
return; return;
f = fopen(MEMINFO_WRITER_PIDFILE, "r"); f = fopen(MEMINFO_WRITER_PIDFILE, "r");
if (f == NULL) { if (f == NULL) {
/* no meminfo-writer found, ignoring */ /* no meminfo-writer found, ignoring */
return; return;
} }
if (fscanf(f, "%d", &pid) < 1) { if (fscanf(f, "%d", &pid) < 1) {
fclose(f); fclose(f);
/* no meminfo-writer found, ignoring */ /* no meminfo-writer found, ignoring */
return; return;
} }
fclose(f); fclose(f);
if (pid <= 1 || pid > 0xffff) { if (pid <= 1 || pid > 0xffff) {
/* check within acceptable range */ /* check within acceptable range */
return; return;
} }
if (kill(pid, SIGUSR1) < 0) { if (kill(pid, SIGUSR1) < 0) {
/* Can't send signal */ /* Can't send signal */
return; return;
} }
meminfo_write_started = 1; meminfo_write_started = 1;
} }
void no_colon_in_cmd() void no_colon_in_cmd()
{ {
fprintf(stderr, fprintf(stderr,
"cmdline is supposed to be in user:command form\n"); "cmdline is supposed to be in user:command form\n");
exit(1); exit(1);
} }
void do_exec(const char *cmd) void do_exec(const char *cmd)
{ {
char buf[strlen(QUBES_RPC_MULTIPLEXER_PATH) + strlen(cmd) - strlen(QUBES_RPC_MAGIC_CMD) + 1]; char buf[strlen(QUBES_RPC_MULTIPLEXER_PATH) + strlen(cmd) - strlen(QUBES_RPC_MAGIC_CMD) + 1];
char *realcmd = index(cmd, ':'), *user; char *realcmd = index(cmd, ':'), *user;
if (!realcmd) if (!realcmd)
no_colon_in_cmd(); no_colon_in_cmd();
/* mark end of username and move to command */ /* mark end of username and move to command */
user=strndup(cmd,realcmd-cmd); user=strndup(cmd,realcmd-cmd);
realcmd++; realcmd++;
/* ignore "nogui:" prefix in linux agent */ /* ignore "nogui:" prefix in linux agent */
if (strncmp(realcmd, "nogui:", 6) == 0) if (strncmp(realcmd, "nogui:", 6) == 0)
realcmd+=6; realcmd+=6;
/* replace magic RPC cmd with RPC multiplexer path */ /* replace magic RPC cmd with RPC multiplexer path */
if (strncmp(realcmd, QUBES_RPC_MAGIC_CMD " ", strlen(QUBES_RPC_MAGIC_CMD)+1)==0) { if (strncmp(realcmd, QUBES_RPC_MAGIC_CMD " ", strlen(QUBES_RPC_MAGIC_CMD)+1)==0) {
strcpy(buf, QUBES_RPC_MULTIPLEXER_PATH); strcpy(buf, QUBES_RPC_MULTIPLEXER_PATH);
strcpy(buf + strlen(QUBES_RPC_MULTIPLEXER_PATH), realcmd + strlen(QUBES_RPC_MAGIC_CMD)); strcpy(buf + strlen(QUBES_RPC_MULTIPLEXER_PATH), realcmd + strlen(QUBES_RPC_MAGIC_CMD));
realcmd = buf; realcmd = buf;
} }
signal(SIGCHLD, SIG_DFL); signal(SIGCHLD, SIG_DFL);
signal(SIGPIPE, SIG_DFL); signal(SIGPIPE, SIG_DFL);
execl("/bin/su", "su", "-", user, "-c", realcmd, NULL); execl("/bin/su", "su", "-", user, "-c", realcmd, NULL);
perror("execl"); perror("execl");
exit(1); exit(1);
} }
void handle_just_exec(int len) void handle_just_exec(int len)
{ {
char buf[len]; char buf[len];
int fdn, pid; int fdn, pid;
read_all_vchan_ext(buf, len); read_all_vchan_ext(buf, len);
switch (pid = fork()) { switch (pid = fork()) {
case -1: case -1:
perror("fork"); perror("fork");
exit(1); exit(1);
case 0: case 0:
fdn = open("/dev/null", O_RDWR); fdn = open("/dev/null", O_RDWR);
fix_fds(fdn, fdn, fdn); fix_fds(fdn, fdn, fdn);
do_exec(buf); do_exec(buf);
perror("execl"); perror("execl");
exit(1); exit(1);
default:; default:;
} }
fprintf(stderr, "executed (nowait) %s pid %d\n", buf, pid); fprintf(stderr, "executed (nowait) %s pid %d\n", buf, pid);
} }
void create_info_about_client(int client_id, int pid, int stdin_fd, void create_info_about_client(int client_id, int pid, int stdin_fd,
int stdout_fd, int stderr_fd) int stdout_fd, int stderr_fd)
{ {
process_fd[stdout_fd].client_id = client_id; process_fd[stdout_fd].client_id = client_id;
process_fd[stdout_fd].type = FDTYPE_STDOUT; process_fd[stdout_fd].type = FDTYPE_STDOUT;
process_fd[stdout_fd].is_blocked = 0; process_fd[stdout_fd].is_blocked = 0;
process_fd[stderr_fd].client_id = client_id; process_fd[stderr_fd].client_id = client_id;
process_fd[stderr_fd].type = FDTYPE_STDERR; process_fd[stderr_fd].type = FDTYPE_STDERR;
process_fd[stderr_fd].is_blocked = 0; process_fd[stderr_fd].is_blocked = 0;
if (stderr_fd > max_process_fd) if (stderr_fd > max_process_fd)
max_process_fd = stderr_fd; max_process_fd = stderr_fd;
if (stdout_fd > max_process_fd) if (stdout_fd > max_process_fd)
max_process_fd = stdout_fd; max_process_fd = stdout_fd;
set_nonblock(stdin_fd); set_nonblock(stdin_fd);
client_info[client_id].stdin_fd = stdin_fd; client_info[client_id].stdin_fd = stdin_fd;
client_info[client_id].stdout_fd = stdout_fd; client_info[client_id].stdout_fd = stdout_fd;
client_info[client_id].stderr_fd = stderr_fd; client_info[client_id].stderr_fd = stderr_fd;
client_info[client_id].exit_status = 0; client_info[client_id].exit_status = 0;
client_info[client_id].is_exited = 0; client_info[client_id].is_exited = 0;
client_info[client_id].pid = pid; client_info[client_id].pid = pid;
client_info[client_id].is_blocked = 0; client_info[client_id].is_blocked = 0;
client_info[client_id].is_close_after_flush_needed = 0; client_info[client_id].is_close_after_flush_needed = 0;
buffer_init(&client_info[client_id].buffer); buffer_init(&client_info[client_id].buffer);
} }
void handle_exec(int client_id, int len) void handle_exec(int client_id, int len)
{ {
char buf[len]; char buf[len];
int pid, stdin_fd, stdout_fd, stderr_fd; int pid, stdin_fd, stdout_fd, stderr_fd;
read_all_vchan_ext(buf, len); read_all_vchan_ext(buf, len);
do_fork_exec(buf, &pid, &stdin_fd, &stdout_fd, &stderr_fd); do_fork_exec(buf, &pid, &stdin_fd, &stdout_fd, &stderr_fd);
create_info_about_client(client_id, pid, stdin_fd, stdout_fd, create_info_about_client(client_id, pid, stdin_fd, stdout_fd,
stderr_fd); stderr_fd);
fprintf(stderr, "executed %s pid %d\n", buf, pid); fprintf(stderr, "executed %s pid %d\n", buf, pid);
} }
void handle_connect_existing(int client_id, int len) void handle_connect_existing(int client_id, int len)
{ {
int stdin_fd, stdout_fd, stderr_fd; int stdin_fd, stdout_fd, stderr_fd;
char buf[len]; char buf[len];
read_all_vchan_ext(buf, len); read_all_vchan_ext(buf, len);
sscanf(buf, "%d %d %d", &stdin_fd, &stdout_fd, &stderr_fd); sscanf(buf, "%d %d %d", &stdin_fd, &stdout_fd, &stderr_fd);
create_info_about_client(client_id, -1, stdin_fd, stdout_fd, create_info_about_client(client_id, -1, stdin_fd, stdout_fd,
stderr_fd); stderr_fd);
client_info[client_id].is_exited = 1; //do not wait for SIGCHLD client_info[client_id].is_exited = 1; //do not wait for SIGCHLD
} }
void update_max_process_fd() void update_max_process_fd()
{ {
int i; int i;
for (i = max_process_fd; for (i = max_process_fd;
i >= 0 && process_fd[i].type == FDTYPE_INVALID; i--); i >= 0 && process_fd[i].type == FDTYPE_INVALID; i--);
max_process_fd = i; max_process_fd = i;
} }
void send_exit_code(int client_id, int status) void send_exit_code(int client_id, int status)
{ {
struct server_header s_hdr; struct server_header s_hdr;
s_hdr.type = MSG_AGENT_TO_SERVER_EXIT_CODE; s_hdr.type = MSG_AGENT_TO_SERVER_EXIT_CODE;
s_hdr.client_id = client_id; s_hdr.client_id = client_id;
s_hdr.len = sizeof status; s_hdr.len = sizeof status;
write_all_vchan_ext(&s_hdr, sizeof s_hdr); write_all_vchan_ext(&s_hdr, sizeof s_hdr);
write_all_vchan_ext(&status, sizeof(status)); write_all_vchan_ext(&status, sizeof(status));
fprintf(stderr, "send exit code %d for client_id %d pid %d\n", fprintf(stderr, "send exit code %d for client_id %d pid %d\n",
status, client_id, client_info[client_id].pid); status, client_id, client_info[client_id].pid);
} }
// erase process data structures, possibly forced by remote // erase process data structures, possibly forced by remote
void remove_process(int client_id, int status) void remove_process(int client_id, int status)
{ {
int i; int i;
if (!client_info[client_id].pid) if (!client_info[client_id].pid)
return; return;
if (client_info[client_id].stdin_fd >= 0) if (client_info[client_id].stdin_fd >= 0)
fork_and_flush_stdin(client_info[client_id].stdin_fd, fork_and_flush_stdin(client_info[client_id].stdin_fd,
&client_info[client_id].buffer); &client_info[client_id].buffer);
#if 0 #if 0
// let's let it die by itself, possibly after it has received buffered stdin // let's let it die by itself, possibly after it has received buffered stdin
kill(client_info[client_id].pid, SIGKILL); kill(client_info[client_id].pid, SIGKILL);
#endif #endif
if (status != -1) if (status != -1)
send_exit_code(client_id, status); send_exit_code(client_id, status);
close(client_info[client_id].stdin_fd); close(client_info[client_id].stdin_fd);
client_info[client_id].pid = 0; client_info[client_id].pid = 0;
client_info[client_id].stdin_fd = -1; client_info[client_id].stdin_fd = -1;
client_info[client_id].is_blocked = 0; client_info[client_id].is_blocked = 0;
buffer_free(&client_info[client_id].buffer); buffer_free(&client_info[client_id].buffer);
for (i = 0; i <= max_process_fd; i++) for (i = 0; i <= max_process_fd; i++)
if (process_fd[i].type != FDTYPE_INVALID if (process_fd[i].type != FDTYPE_INVALID
&& process_fd[i].client_id == client_id) { && process_fd[i].client_id == client_id) {
process_fd[i].type = FDTYPE_INVALID; process_fd[i].type = FDTYPE_INVALID;
process_fd[i].client_id = -1; process_fd[i].client_id = -1;
process_fd[i].is_blocked = 0; process_fd[i].is_blocked = 0;
close(i); close(i);
} }
update_max_process_fd(); update_max_process_fd();
} }
// remove process not immediately after it has exited, but after its stdout and stderr has been drained // remove process not immediately after it has exited, but after its stdout and stderr has been drained
// previous method implemented in flush_out_err was broken - it cannot work when peer signalled it is blocked // previous method implemented in flush_out_err was broken - it cannot work when peer signalled it is blocked
void possibly_remove_process(int client_id) void possibly_remove_process(int client_id)
{ {
if (client_info[client_id].stdout_fd == -1 && if (client_info[client_id].stdout_fd == -1 &&
client_info[client_id].stderr_fd == -1 && client_info[client_id].stderr_fd == -1 &&
client_info[client_id].is_exited) client_info[client_id].is_exited)
remove_process(client_id, remove_process(client_id,
client_info[client_id].exit_status); client_info[client_id].exit_status);
} }
void handle_input(int client_id, int len) void handle_input(int client_id, int len)
{ {
char buf[len]; char buf[len];
read_all_vchan_ext(buf, len); read_all_vchan_ext(buf, len);
if (!client_info[client_id].pid || client_info[client_id].stdin_fd == -1) if (!client_info[client_id].pid || client_info[client_id].stdin_fd == -1)
return; return;
if (len == 0) { if (len == 0) {
if (client_info[client_id].is_blocked) if (client_info[client_id].is_blocked)
client_info[client_id].is_close_after_flush_needed client_info[client_id].is_close_after_flush_needed
= 1; = 1;
else { else {
close(client_info[client_id].stdin_fd); close(client_info[client_id].stdin_fd);
client_info[client_id].stdin_fd = -1; client_info[client_id].stdin_fd = -1;
} }
return; return;
} }
switch (write_stdin switch (write_stdin
(client_info[client_id].stdin_fd, client_id, buf, len, (client_info[client_id].stdin_fd, client_id, buf, len,
&client_info[client_id].buffer)) { &client_info[client_id].buffer)) {
case WRITE_STDIN_OK: case WRITE_STDIN_OK:
break; break;
case WRITE_STDIN_BUFFERED: case WRITE_STDIN_BUFFERED:
client_info[client_id].is_blocked = 1; client_info[client_id].is_blocked = 1;
break; break;
case WRITE_STDIN_ERROR: case WRITE_STDIN_ERROR:
// do not remove process, as it still can write data to stdout // do not remove process, as it still can write data to stdout
close(client_info[client_id].stdin_fd); close(client_info[client_id].stdin_fd);
client_info[client_id].stdin_fd = -1; client_info[client_id].stdin_fd = -1;
client_info[client_id].is_blocked = 0; client_info[client_id].is_blocked = 0;
break; break;
default: default:
fprintf(stderr, "unknown write_stdin?\n"); fprintf(stderr, "unknown write_stdin?\n");
exit(1); exit(1);
} }
} }
void set_blocked_outerr(int client_id, int val) void set_blocked_outerr(int client_id, int val)
{ {
process_fd[client_info[client_id].stdout_fd].is_blocked = val; process_fd[client_info[client_id].stdout_fd].is_blocked = val;
process_fd[client_info[client_id].stderr_fd].is_blocked = val; process_fd[client_info[client_id].stderr_fd].is_blocked = val;
} }
void handle_server_data() void handle_server_data()
{ {
struct server_header s_hdr; struct server_header s_hdr;
read_all_vchan_ext(&s_hdr, sizeof s_hdr); read_all_vchan_ext(&s_hdr, sizeof s_hdr);
// fprintf(stderr, "got %x %x %x\n", s_hdr.type, s_hdr.client_id, // fprintf(stderr, "got %x %x %x\n", s_hdr.type, s_hdr.client_id,
// s_hdr.len); // s_hdr.len);
switch (s_hdr.type) { switch (s_hdr.type) {
case MSG_XON: case MSG_XON:
set_blocked_outerr(s_hdr.client_id, 0); set_blocked_outerr(s_hdr.client_id, 0);
break; break;
case MSG_XOFF: case MSG_XOFF:
set_blocked_outerr(s_hdr.client_id, 1); set_blocked_outerr(s_hdr.client_id, 1);
break; break;
case MSG_SERVER_TO_AGENT_CONNECT_EXISTING: case MSG_SERVER_TO_AGENT_CONNECT_EXISTING:
handle_connect_existing(s_hdr.client_id, s_hdr.len); handle_connect_existing(s_hdr.client_id, s_hdr.len);
break; break;
case MSG_SERVER_TO_AGENT_EXEC_CMDLINE: case MSG_SERVER_TO_AGENT_EXEC_CMDLINE:
wake_meminfo_writer(); wake_meminfo_writer();
handle_exec(s_hdr.client_id, s_hdr.len); handle_exec(s_hdr.client_id, s_hdr.len);
break; break;
case MSG_SERVER_TO_AGENT_JUST_EXEC: case MSG_SERVER_TO_AGENT_JUST_EXEC:
wake_meminfo_writer(); wake_meminfo_writer();
handle_just_exec(s_hdr.len); handle_just_exec(s_hdr.len);
break; break;
case MSG_SERVER_TO_AGENT_INPUT: case MSG_SERVER_TO_AGENT_INPUT:
handle_input(s_hdr.client_id, s_hdr.len); handle_input(s_hdr.client_id, s_hdr.len);
break; break;
case MSG_SERVER_TO_AGENT_CLIENT_END: case MSG_SERVER_TO_AGENT_CLIENT_END:
remove_process(s_hdr.client_id, -1); remove_process(s_hdr.client_id, -1);
break; break;
default: default:
fprintf(stderr, "msg type from daemon is %d ?\n", fprintf(stderr, "msg type from daemon is %d ?\n",
s_hdr.type); s_hdr.type);
exit(1); exit(1);
} }
} }
void handle_process_data(int fd) void handle_process_data(int fd)
{ {
struct server_header s_hdr; struct server_header s_hdr;
char buf[MAX_DATA_CHUNK]; char buf[MAX_DATA_CHUNK];
int ret; int ret;
unsigned int len; unsigned int len;
len = buffer_space_vchan_ext(); len = buffer_space_vchan_ext();
if (len <= sizeof s_hdr) if (len <= sizeof s_hdr)
return; return;
ret = read(fd, buf, len - sizeof s_hdr); ret = read(fd, buf, len - sizeof s_hdr);
s_hdr.client_id = process_fd[fd].client_id; s_hdr.client_id = process_fd[fd].client_id;
if (process_fd[fd].type == FDTYPE_STDOUT) if (process_fd[fd].type == FDTYPE_STDOUT)
s_hdr.type = MSG_AGENT_TO_SERVER_STDOUT; s_hdr.type = MSG_AGENT_TO_SERVER_STDOUT;
else if (process_fd[fd].type == FDTYPE_STDERR) else if (process_fd[fd].type == FDTYPE_STDERR)
s_hdr.type = MSG_AGENT_TO_SERVER_STDERR; s_hdr.type = MSG_AGENT_TO_SERVER_STDERR;
else { else {
fprintf(stderr, "fd=%d, client_id=%d, type=%d ?\n", fd, fprintf(stderr, "fd=%d, client_id=%d, type=%d ?\n", fd,
process_fd[fd].client_id, process_fd[fd].type); process_fd[fd].client_id, process_fd[fd].type);
exit(1); exit(1);
} }
s_hdr.len = ret; s_hdr.len = ret;
if (ret >= 0) { if (ret >= 0) {
write_all_vchan_ext(&s_hdr, sizeof s_hdr); write_all_vchan_ext(&s_hdr, sizeof s_hdr);
write_all_vchan_ext(buf, ret); write_all_vchan_ext(buf, ret);
} }
if (ret == 0) { if (ret == 0) {
int client_id = process_fd[fd].client_id; int client_id = process_fd[fd].client_id;
if (process_fd[fd].type == FDTYPE_STDOUT) if (process_fd[fd].type == FDTYPE_STDOUT)
client_info[client_id].stdout_fd = -1; client_info[client_id].stdout_fd = -1;
else else
client_info[client_id].stderr_fd = -1; client_info[client_id].stderr_fd = -1;
process_fd[fd].type = FDTYPE_INVALID; process_fd[fd].type = FDTYPE_INVALID;
process_fd[fd].client_id = -1; process_fd[fd].client_id = -1;
process_fd[fd].is_blocked = 0; process_fd[fd].is_blocked = 0;
close(fd); close(fd);
update_max_process_fd(); update_max_process_fd();
possibly_remove_process(client_id); possibly_remove_process(client_id);
} }
if (ret < 0) if (ret < 0)
remove_process(process_fd[fd].client_id, 127); remove_process(process_fd[fd].client_id, 127);
} }
volatile int child_exited; volatile int child_exited;
void sigchld_handler(int x __attribute__((__unused__))) void sigchld_handler(int x __attribute__((__unused__)))
{ {
child_exited = 1; child_exited = 1;
signal(SIGCHLD, sigchld_handler); signal(SIGCHLD, sigchld_handler);
} }
int find_info(int pid) int find_info(int pid)
{ {
int i; int i;
for (i = 0; i < MAX_FDS; i++) for (i = 0; i < MAX_FDS; i++)
if (client_info[i].pid == pid) if (client_info[i].pid == pid)
return i; return i;
return -1; return -1;
} }
void handle_process_data_all(fd_set * select_fds) void handle_process_data_all(fd_set * select_fds)
{ {
int i; int i;
for (i = 0; i <= max_process_fd; i++) for (i = 0; i <= max_process_fd; i++)
if (process_fd[i].type != FDTYPE_INVALID if (process_fd[i].type != FDTYPE_INVALID
&& FD_ISSET(i, select_fds)) && FD_ISSET(i, select_fds))
handle_process_data(i); handle_process_data(i);
} }
void reap_children() void reap_children()
{ {
int status; int status;
int pid; int pid;
int client_id; int client_id;
while ((pid = waitpid(-1, &status, WNOHANG)) > 0) { while ((pid = waitpid(-1, &status, WNOHANG)) > 0) {
client_id = find_info(pid); client_id = find_info(pid);
if (client_id < 0) if (client_id < 0)
continue; continue;
client_info[client_id].is_exited = 1; client_info[client_id].is_exited = 1;
client_info[client_id].exit_status = status; client_info[client_id].exit_status = status;
possibly_remove_process(client_id); possibly_remove_process(client_id);
} }
child_exited = 0; child_exited = 0;
} }
int fill_fds_for_select(fd_set * rdset, fd_set * wrset) int fill_fds_for_select(fd_set * rdset, fd_set * wrset)
{ {
int max = -1; int max = -1;
int fd, i; int fd, i;
FD_ZERO(rdset); FD_ZERO(rdset);
FD_ZERO(wrset); FD_ZERO(wrset);
for (i = 0; i <= max_process_fd; i++) for (i = 0; i <= max_process_fd; i++)
if (process_fd[i].type != FDTYPE_INVALID if (process_fd[i].type != FDTYPE_INVALID
&& !process_fd[i].is_blocked) { && !process_fd[i].is_blocked) {
FD_SET(i, rdset); FD_SET(i, rdset);
max = i; max = i;
} }
FD_SET(trigger_fd, rdset); FD_SET(trigger_fd, rdset);
if (trigger_fd > max) if (trigger_fd > max)
max = trigger_fd; max = trigger_fd;
FD_SET(passfd_socket, rdset); FD_SET(passfd_socket, rdset);
if (passfd_socket > max) if (passfd_socket > max)
max = passfd_socket; max = passfd_socket;
for (i = 0; i < MAX_FDS; i++) for (i = 0; i < MAX_FDS; i++)
if (client_info[i].pid && client_info[i].is_blocked) { if (client_info[i].pid && client_info[i].is_blocked) {
fd = client_info[i].stdin_fd; fd = client_info[i].stdin_fd;
FD_SET(fd, wrset); FD_SET(fd, wrset);
if (fd > max) if (fd > max)
max = fd; max = fd;
} }
return max; return max;
} }
void flush_client_data_agent(int client_id) void flush_client_data_agent(int client_id)
{ {
struct _client_info *info = &client_info[client_id]; struct _client_info *info = &client_info[client_id];
switch (flush_client_data switch (flush_client_data
(info->stdin_fd, client_id, &info->buffer)) { (info->stdin_fd, client_id, &info->buffer)) {
case WRITE_STDIN_OK: case WRITE_STDIN_OK:
info->is_blocked = 0; info->is_blocked = 0;
if (info->is_close_after_flush_needed) { if (info->is_close_after_flush_needed) {
close(info->stdin_fd); close(info->stdin_fd);
info->stdin_fd = -1; info->stdin_fd = -1;
info->is_close_after_flush_needed = 0; info->is_close_after_flush_needed = 0;
} }
break; break;
case WRITE_STDIN_ERROR: case WRITE_STDIN_ERROR:
// do not remove process, as it still can write data to stdout // do not remove process, as it still can write data to stdout
info->is_blocked = 0; info->is_blocked = 0;
close(info->stdin_fd); close(info->stdin_fd);
info->stdin_fd = -1; info->stdin_fd = -1;
info->is_close_after_flush_needed = 0; info->is_close_after_flush_needed = 0;
break; break;
case WRITE_STDIN_BUFFERED: case WRITE_STDIN_BUFFERED:
break; break;
default: default:
fprintf(stderr, "unknown flush_client_data?\n"); fprintf(stderr, "unknown flush_client_data?\n");
exit(1); exit(1);
} }
} }
void handle_new_passfd() void handle_new_passfd()
{ {
int fd = do_accept(passfd_socket); int fd = do_accept(passfd_socket);
if (fd >= MAX_FDS) { if (fd >= MAX_FDS) {
fprintf(stderr, "too many clients ?\n"); fprintf(stderr, "too many clients ?\n");
exit(1); exit(1);
} }
// let client know what fd has been allocated // let client know what fd has been allocated
if (write(fd, &fd, sizeof(fd)) != sizeof(fd)) { if (write(fd, &fd, sizeof(fd)) != sizeof(fd)) {
perror("write to client"); perror("write to client");
} }
} }
void handle_trigger_io() void handle_trigger_io()
{ {
struct server_header s_hdr; struct server_header s_hdr;
struct trigger_connect_params params; struct trigger_connect_params params;
int ret; int ret;
s_hdr.client_id = 0; s_hdr.client_id = 0;
s_hdr.len = 0; s_hdr.len = 0;
ret = read(trigger_fd, &params, sizeof(params)); ret = read(trigger_fd, &params, sizeof(params));
if (ret == sizeof(params)) { if (ret == sizeof(params)) {
s_hdr.type = MSG_AGENT_TO_SERVER_TRIGGER_CONNECT_EXISTING; s_hdr.type = MSG_AGENT_TO_SERVER_TRIGGER_CONNECT_EXISTING;
write_all_vchan_ext(&s_hdr, sizeof s_hdr); write_all_vchan_ext(&s_hdr, sizeof s_hdr);
write_all_vchan_ext(&params, sizeof params); write_all_vchan_ext(&params, sizeof params);
} }
// trigger_fd is nonblock - so no need to reopen // trigger_fd is nonblock - so no need to reopen
// not really, need to reopen at EOF // not really, need to reopen at EOF
if (ret <= 0) { if (ret <= 0) {
close(trigger_fd); close(trigger_fd);
trigger_fd = trigger_fd =
open(QREXEC_AGENT_TRIGGER_PATH, O_RDONLY | O_NONBLOCK); open(QREXEC_AGENT_TRIGGER_PATH, O_RDONLY | O_NONBLOCK);
} }
} }
int main() int main()
{ {
fd_set rdset, wrset; fd_set rdset, wrset;
int max; int max;
int i; int i;
sigset_t chld_set; sigset_t chld_set;
init(); init();
signal(SIGCHLD, sigchld_handler); signal(SIGCHLD, sigchld_handler);
signal(SIGPIPE, SIG_IGN); signal(SIGPIPE, SIG_IGN);
sigemptyset(&chld_set); sigemptyset(&chld_set);
sigaddset(&chld_set, SIGCHLD); sigaddset(&chld_set, SIGCHLD);
for (;;) { for (;;) {
sigprocmask(SIG_BLOCK, &chld_set, NULL); sigprocmask(SIG_BLOCK, &chld_set, NULL);
if (child_exited) if (child_exited)
reap_children(); reap_children();
max = fill_fds_for_select(&rdset, &wrset); max = fill_fds_for_select(&rdset, &wrset);
if (buffer_space_vchan_ext() <= if (buffer_space_vchan_ext() <=
sizeof(struct server_header)) sizeof(struct server_header))
FD_ZERO(&rdset); FD_ZERO(&rdset);
wait_for_vchan_or_argfd(max, &rdset, &wrset); wait_for_vchan_or_argfd(max, &rdset, &wrset);
sigprocmask(SIG_UNBLOCK, &chld_set, NULL); sigprocmask(SIG_UNBLOCK, &chld_set, NULL);
if (FD_ISSET(passfd_socket, &rdset)) if (FD_ISSET(passfd_socket, &rdset))
handle_new_passfd(); handle_new_passfd();
while (read_ready_vchan_ext()) while (read_ready_vchan_ext())
handle_server_data(); handle_server_data();
if (FD_ISSET(trigger_fd, &rdset)) if (FD_ISSET(trigger_fd, &rdset))
handle_trigger_io(); handle_trigger_io();
handle_process_data_all(&rdset); handle_process_data_all(&rdset);
for (i = 0; i < MAX_FDS; i++) for (i = 0; i < MAX_FDS; i++)
if (client_info[i].pid if (client_info[i].pid
&& client_info[i].is_blocked && client_info[i].is_blocked
&& FD_ISSET(client_info[i].stdin_fd, &wrset)) && FD_ISSET(client_info[i].stdin_fd, &wrset))
flush_client_data_agent(i); flush_client_data_agent(i);
} }
} }

142
qrexec/qrexec-client-vm.c
View File

@ -29,92 +29,92 @@
#include "qrexec.h" #include "qrexec.h"
int connect_unix_socket() int connect_unix_socket()
{ {
int s, len; int s, len;
struct sockaddr_un remote; struct sockaddr_un remote;
if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
perror("socket"); perror("socket");
return -1; return -1;
} }
remote.sun_family = AF_UNIX; remote.sun_family = AF_UNIX;
strncpy(remote.sun_path, QREXEC_AGENT_FDPASS_PATH, strncpy(remote.sun_path, QREXEC_AGENT_FDPASS_PATH,
sizeof(remote.sun_path)); sizeof(remote.sun_path));
len = strlen(remote.sun_path) + sizeof(remote.sun_family); len = strlen(remote.sun_path) + sizeof(remote.sun_family);
if (connect(s, (struct sockaddr *) &remote, len) == -1) { if (connect(s, (struct sockaddr *) &remote, len) == -1) {
perror("connect"); perror("connect");
exit(1); exit(1);
} }
return s; return s;
} }
char *get_program_name(char *prog) char *get_program_name(char *prog)
{ {
char *basename = rindex(prog, '/'); char *basename = rindex(prog, '/');
if (basename) if (basename)
return basename + 1; return basename + 1;
else else
return prog; return prog;
} }
int main(int argc, char **argv) int main(int argc, char **argv)
{ {
int trigger_fd; int trigger_fd;
struct trigger_connect_params params; struct trigger_connect_params params;
int local_fd[3], remote_fd[3]; int local_fd[3], remote_fd[3];
int i; int i;
char *abs_exec_path; char *abs_exec_path;
if (argc < 4) { if (argc < 4) {
fprintf(stderr, fprintf(stderr,
"usage: %s target_vmname program_ident local_program [local program arguments]\n", "usage: %s target_vmname program_ident local_program [local program arguments]\n",
argv[0]); argv[0]);
exit(1); exit(1);
} }
trigger_fd = open(QREXEC_AGENT_TRIGGER_PATH, O_WRONLY); trigger_fd = open(QREXEC_AGENT_TRIGGER_PATH, O_WRONLY);
if (trigger_fd < 0) { if (trigger_fd < 0) {
perror("open " QREXEC_AGENT_TRIGGER_PATH); perror("open " QREXEC_AGENT_TRIGGER_PATH);
exit(1); exit(1);
} }
for (i = 0; i < 3; i++) { for (i = 0; i < 3; i++) {
local_fd[i] = connect_unix_socket(); local_fd[i] = connect_unix_socket();
if (read(local_fd[i], &remote_fd[i], sizeof(remote_fd[i])) != sizeof(remote_fd[i])) { if (read(local_fd[i], &remote_fd[i], sizeof(remote_fd[i])) != sizeof(remote_fd[i])) {
perror("read client fd"); perror("read client fd");
exit(1); exit(1);
} }
if (i != 2 || getenv("PASS_LOCAL_STDERR")) { if (i != 2 || getenv("PASS_LOCAL_STDERR")) {
char *env; char *env;
if (asprintf(&env, "SAVED_FD_%d=%d", i, dup(i)) < 0) { if (asprintf(&env, "SAVED_FD_%d=%d", i, dup(i)) < 0) {
perror("prepare SAVED_FD_"); perror("prepare SAVED_FD_");
exit(1); exit(1);
} }
putenv(env); putenv(env);
dup2(local_fd[i], i); dup2(local_fd[i], i);
close(local_fd[i]); close(local_fd[i]);
} }
} }
memset(&params, 0, sizeof(params)); memset(&params, 0, sizeof(params));
strncpy(params.exec_index, argv[2], sizeof(params.exec_index)); strncpy(params.exec_index, argv[2], sizeof(params.exec_index));
strncpy(params.target_vmname, argv[1], strncpy(params.target_vmname, argv[1],
sizeof(params.target_vmname)); sizeof(params.target_vmname));
snprintf(params.process_fds.ident, snprintf(params.process_fds.ident,
sizeof(params.process_fds.ident), "%d %d %d", sizeof(params.process_fds.ident), "%d %d %d",
remote_fd[0], remote_fd[1], remote_fd[2]); remote_fd[0], remote_fd[1], remote_fd[2]);
if (write(trigger_fd, &params, sizeof(params)) < 0) { if (write(trigger_fd, &params, sizeof(params)) < 0) {
if (!getenv("PASS_LOCAL_STDERR")) if (!getenv("PASS_LOCAL_STDERR"))
perror("write to agent"); perror("write to agent");
exit(1); exit(1);
} }
close(trigger_fd); close(trigger_fd);
abs_exec_path = strdup(argv[3]); abs_exec_path = strdup(argv[3]);
argv[3] = get_program_name(argv[3]); argv[3] = get_program_name(argv[3]);
execv(abs_exec_path, argv + 3); execv(abs_exec_path, argv + 3);
perror("execv"); perror("execv");
return 1; return 1;
} }