|
@@ -1,948 +0,0 @@
|
|
|
-/*
|
|
|
- * The Qubes OS Project, http://www.qubes-os.org
|
|
|
- *
|
|
|
- * Copyright (C) 2010 Rafal Wojtczuk <rafal@invisiblethingslab.com>
|
|
|
- *
|
|
|
- * This program is free software; you can redistribute it and/or
|
|
|
- * modify it under the terms of the GNU General Public License
|
|
|
- * as published by the Free Software Foundation; either version 2
|
|
|
- * of the License, or (at your option) any later version.
|
|
|
- *
|
|
|
- * This program is distributed in the hope that it will be useful,
|
|
|
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
- * GNU General Public License for more details.
|
|
|
- *
|
|
|
- * You should have received a copy of the GNU General Public License
|
|
|
- * along with this program; if not, write to the Free Software
|
|
|
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
|
- *
|
|
|
- */
|
|
|
-
|
|
|
-#define _GNU_SOURCE
|
|
|
-#define HAVE_PAM
|
|
|
-
|
|
|
-#include <sys/select.h>
|
|
|
-#include <sys/socket.h>
|
|
|
-#include <sys/un.h>
|
|
|
-#include <stdio.h>
|
|
|
-#include <stdlib.h>
|
|
|
-#include <signal.h>
|
|
|
-#include <unistd.h>
|
|
|
-#include <errno.h>
|
|
|
-#include <err.h>
|
|
|
-#include <sys/wait.h>
|
|
|
-#include <fcntl.h>
|
|
|
-#include <string.h>
|
|
|
-#include <pwd.h>
|
|
|
-#include <grp.h>
|
|
|
-#include <sys/stat.h>
|
|
|
-#include <assert.h>
|
|
|
-#ifdef HAVE_PAM
|
|
|
-#include <security/pam_appl.h>
|
|
|
-#endif
|
|
|
-#include "qrexec.h"
|
|
|
-#include <libvchan.h>
|
|
|
-#include "libqrexec-utils.h"
|
|
|
-#include "qrexec-agent.h"
|
|
|
-
|
|
|
-struct _connection_info {
|
|
|
- int pid; /* pid of child process handling the data */
|
|
|
- int fd; /* socket to process handling the data (wait for EOF here) */
|
|
|
- int connect_domain;
|
|
|
- int connect_port;
|
|
|
-};
|
|
|
-
|
|
|
-/* structure describing a single request waiting for qubes.WaitForSession to
|
|
|
- * finish */
|
|
|
-struct _waiting_request {
|
|
|
- int type;
|
|
|
- int connect_domain;
|
|
|
- int connect_port;
|
|
|
- char *cmdline;
|
|
|
-};
|
|
|
-
|
|
|
-int max_process_fd = -1;
|
|
|
-
|
|
|
-/* */
|
|
|
-struct _connection_info connection_info[MAX_FDS];
|
|
|
-
|
|
|
-struct _waiting_request requests_waiting_for_session[MAX_FDS];
|
|
|
-
|
|
|
-libvchan_t *ctrl_vchan;
|
|
|
-
|
|
|
-pid_t wait_for_session_pid = -1;
|
|
|
-
|
|
|
-int trigger_fd;
|
|
|
-
|
|
|
-int meminfo_write_started = 0;
|
|
|
-
|
|
|
-void handle_server_exec_request_do(int type, int connect_domain, int connect_port, char *cmdline);
|
|
|
-
|
|
|
-void no_colon_in_cmd()
|
|
|
-{
|
|
|
- fprintf(stderr,
|
|
|
- "cmdline is supposed to be in user:command form\n");
|
|
|
- exit(1);
|
|
|
-}
|
|
|
-
|
|
|
-#ifdef HAVE_PAM
|
|
|
-int pam_conv_callback(int num_msg, const struct pam_message **msg,
|
|
|
- struct pam_response **resp, void *appdata_ptr __attribute__((__unused__)))
|
|
|
-{
|
|
|
- int i;
|
|
|
- struct pam_response *resp_array =
|
|
|
- calloc(sizeof(struct pam_response), num_msg);
|
|
|
-
|
|
|
- if (resp_array == NULL)
|
|
|
- return PAM_BUF_ERR;
|
|
|
-
|
|
|
- for (i=0; i<num_msg; i++) {
|
|
|
- if (msg[i]->msg_style == PAM_ERROR_MSG)
|
|
|
- fprintf(stderr, "%s", msg[i]->msg);
|
|
|
- if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF ||
|
|
|
- msg[i]->msg_style == PAM_PROMPT_ECHO_ON) {
|
|
|
- resp_array[i].resp = strdup("");
|
|
|
- resp_array[i].resp_retcode = 0;
|
|
|
- }
|
|
|
- }
|
|
|
- *resp = resp_array;
|
|
|
- return PAM_SUCCESS;
|
|
|
-}
|
|
|
-
|
|
|
-static struct pam_conv conv = {
|
|
|
- pam_conv_callback,
|
|
|
- NULL
|
|
|
-};
|
|
|
-#endif
|
|
|
-
|
|
|
-/* Start program requested by dom0 in already prepared process
|
|
|
- * (stdin/stdout/stderr already set, etc)
|
|
|
- * Called in two cases:
|
|
|
- * MSG_JUST_EXEC - from qrexec-agent-data.c:handle_new_process_common->handle_just_exec
|
|
|
- * MSG_EXEC_CMDLINE - from
|
|
|
- * qrexec-agent-data.c:handle_new_process_common->do_fork_exec (callback
|
|
|
- * registerd with register_exec_func in init() here)
|
|
|
- *
|
|
|
- * cmd parameter came from dom0 (MSG_JUST_EXEC or MSG_EXEC_CMDLINE messages), so
|
|
|
- * is trusted. Even in VM-VM service request, the command here is controlled by
|
|
|
- * dom0 - it will be in form:
|
|
|
- * RPC_REQUEST_COMMAND " " service_name " " source_vm_name
|
|
|
- * where service_name is already validated against Qrexec RPC policy
|
|
|
- *
|
|
|
- * If dom0 sends overly long cmd, it will probably crash qrexec-agent (unless
|
|
|
- * process can allocate up to 4GB on both stack and heap), sorry.
|
|
|
- */
|
|
|
-void do_exec(char *cmd)
|
|
|
-{
|
|
|
- char *realcmd = index(cmd, ':'), *user;
|
|
|
-#ifdef HAVE_PAM
|
|
|
- int retval, status;
|
|
|
- pam_handle_t *pamh=NULL;
|
|
|
- struct passwd *pw;
|
|
|
- struct passwd pw_copy;
|
|
|
- pid_t child, pid;
|
|
|
- char **env;
|
|
|
- char env_buf[64];
|
|
|
- char *arg0;
|
|
|
- char *shell_basename;
|
|
|
-#endif
|
|
|
-
|
|
|
- if (!realcmd)
|
|
|
- no_colon_in_cmd();
|
|
|
- /* mark end of username and move to command */
|
|
|
- user=strndup(cmd,realcmd-cmd);
|
|
|
- realcmd++;
|
|
|
- /* ignore "nogui:" prefix in linux agent */
|
|
|
- if (strncmp(realcmd, NOGUI_CMD_PREFIX, NOGUI_CMD_PREFIX_LEN) == 0)
|
|
|
- realcmd += NOGUI_CMD_PREFIX_LEN;
|
|
|
-
|
|
|
- signal(SIGCHLD, SIG_DFL);
|
|
|
- signal(SIGPIPE, SIG_DFL);
|
|
|
-
|
|
|
-#ifdef HAVE_PAM
|
|
|
- pw = getpwnam (user);
|
|
|
- if (! (pw && pw->pw_name && pw->pw_name[0] && pw->pw_dir && pw->pw_dir[0]
|
|
|
- && pw->pw_passwd)) {
|
|
|
- fprintf(stderr, "user %s does not exist", user);
|
|
|
- exit(1);
|
|
|
- }
|
|
|
-
|
|
|
- /* Make a copy of the password information and point pw at the local
|
|
|
- * copy instead. Otherwise, some systems (e.g. Linux) would clobber
|
|
|
- * the static data through the getlogin call.
|
|
|
- */
|
|
|
- pw_copy = *pw;
|
|
|
- pw = &pw_copy;
|
|
|
- pw->pw_name = strdup(pw->pw_name);
|
|
|
- pw->pw_passwd = strdup(pw->pw_passwd);
|
|
|
- pw->pw_dir = strdup(pw->pw_dir);
|
|
|
- pw->pw_shell = strdup(pw->pw_shell);
|
|
|
- endpwent();
|
|
|
-
|
|
|
- shell_basename = basename (pw->pw_shell);
|
|
|
- /* this process is going to die shortly, so don't care about freeing */
|
|
|
- arg0 = malloc (strlen (shell_basename) + 2);
|
|
|
- if (!arg0)
|
|
|
- goto error;
|
|
|
- arg0[0] = '-';
|
|
|
- strcpy (arg0 + 1, shell_basename);
|
|
|
-
|
|
|
- retval = pam_start("qrexec", user, &conv, &pamh);
|
|
|
- if (retval != PAM_SUCCESS)
|
|
|
- goto error;
|
|
|
-
|
|
|
- retval = pam_authenticate(pamh, 0);
|
|
|
- if (retval != PAM_SUCCESS)
|
|
|
- goto error;
|
|
|
-
|
|
|
- retval = initgroups(pw->pw_name, pw->pw_gid);
|
|
|
- if (retval == -1) {
|
|
|
- perror("initgroups");
|
|
|
- goto error;
|
|
|
- }
|
|
|
-
|
|
|
- retval = pam_setcred(pamh, PAM_ESTABLISH_CRED);
|
|
|
- if (retval != PAM_SUCCESS)
|
|
|
- goto error;
|
|
|
-
|
|
|
- retval = pam_open_session(pamh, 0);
|
|
|
- if (retval != PAM_SUCCESS)
|
|
|
- goto error;
|
|
|
-
|
|
|
- /* provide this variable to child process */
|
|
|
- snprintf(env_buf, sizeof(env_buf), "QREXEC_AGENT_PID=%d", getppid());
|
|
|
- retval = pam_putenv(pamh, env_buf);
|
|
|
- if (retval != PAM_SUCCESS)
|
|
|
- goto error;
|
|
|
- snprintf(env_buf, sizeof(env_buf), "HOME=%s", pw->pw_dir);
|
|
|
- retval = pam_putenv(pamh, env_buf);
|
|
|
- if (retval != PAM_SUCCESS)
|
|
|
- goto error;
|
|
|
- snprintf(env_buf, sizeof(env_buf), "SHELL=%s", pw->pw_shell);
|
|
|
- retval = pam_putenv(pamh, env_buf);
|
|
|
- if (retval != PAM_SUCCESS)
|
|
|
- goto error;
|
|
|
- snprintf(env_buf, sizeof(env_buf), "USER=%s", pw->pw_name);
|
|
|
- retval = pam_putenv(pamh, env_buf);
|
|
|
- if (retval != PAM_SUCCESS)
|
|
|
- goto error;
|
|
|
- snprintf(env_buf, sizeof(env_buf), "LOGNAME=%s", pw->pw_name);
|
|
|
- retval = pam_putenv(pamh, env_buf);
|
|
|
- if (retval != PAM_SUCCESS)
|
|
|
- goto error;
|
|
|
-
|
|
|
- /* FORK HERE */
|
|
|
- child = fork ();
|
|
|
-
|
|
|
- switch (child) {
|
|
|
- case -1:
|
|
|
- goto error;
|
|
|
- case 0:
|
|
|
- /* child */
|
|
|
-
|
|
|
- if (setgid (pw->pw_gid))
|
|
|
- exit(126);
|
|
|
- if (setuid (pw->pw_uid))
|
|
|
- exit(126);
|
|
|
- setsid();
|
|
|
- /* This is a copy but don't care to free as we exec later anyway. */
|
|
|
- env = pam_getenvlist (pamh);
|
|
|
-
|
|
|
- /* try to enter home dir, but don't abort if it fails */
|
|
|
- retval = chdir(pw->pw_dir);
|
|
|
- if (retval == -1)
|
|
|
- warn("chdir(%s)", pw->pw_dir);
|
|
|
-
|
|
|
- /* call QUBESRPC if requested */
|
|
|
- exec_qubes_rpc_if_requested(realcmd, env);
|
|
|
-
|
|
|
- /* otherwise exec shell */
|
|
|
- execle(pw->pw_shell, arg0, "-c", realcmd, (char*)NULL, env);
|
|
|
- exit(127);
|
|
|
- default:
|
|
|
- /* parent */
|
|
|
- /* close std*, so when child process closes them, qrexec-agent will receive EOF */
|
|
|
- /* this is the main purpose of this reimplementation of /bin/su... */
|
|
|
- close(0);
|
|
|
- close(1);
|
|
|
- close(2);
|
|
|
- }
|
|
|
-
|
|
|
- /* reachable only in parent */
|
|
|
- pid = waitpid (child, &status, 0);
|
|
|
- if (pid != (pid_t)-1) {
|
|
|
- if (WIFSIGNALED (status))
|
|
|
- status = WTERMSIG (status) + 128;
|
|
|
- else
|
|
|
- status = WEXITSTATUS (status);
|
|
|
- } else
|
|
|
- status = 1;
|
|
|
-
|
|
|
- retval = pam_close_session (pamh, 0);
|
|
|
-
|
|
|
- retval = pam_setcred (pamh, PAM_DELETE_CRED | PAM_SILENT);
|
|
|
-
|
|
|
- if (pam_end(pamh, retval) != PAM_SUCCESS) { /* close Linux-PAM */
|
|
|
- pamh = NULL;
|
|
|
- exit(1);
|
|
|
- }
|
|
|
- exit(status);
|
|
|
-error:
|
|
|
- pam_end(pamh, PAM_ABORT);
|
|
|
- exit(1);
|
|
|
-#else
|
|
|
- /* call QUBESRPC if requested */
|
|
|
- exec_qubes_rpc_if_requested(realcmd, environ);
|
|
|
-
|
|
|
- /* otherwise exec shell */
|
|
|
- execl("/bin/su", "su", "-", user, "-c", realcmd, NULL);
|
|
|
- perror("execl");
|
|
|
- exit(1);
|
|
|
-#endif
|
|
|
-
|
|
|
-}
|
|
|
-
|
|
|
-void handle_vchan_error(const char *op)
|
|
|
-{
|
|
|
- fprintf(stderr, "Error while vchan %s, exiting\n", op);
|
|
|
- exit(1);
|
|
|
-}
|
|
|
-
|
|
|
-int my_sd_notify(int unset_environment, const char *state) {
|
|
|
- struct sockaddr_un addr;
|
|
|
- int fd;
|
|
|
- int ret = -1;
|
|
|
-
|
|
|
- addr.sun_family = AF_UNIX;
|
|
|
- strncpy(addr.sun_path, getenv("NOTIFY_SOCKET"), sizeof(addr.sun_path)-1);
|
|
|
- addr.sun_path[sizeof(addr.sun_path)-1] = '\0';
|
|
|
- if (addr.sun_path[0] == '@')
|
|
|
- addr.sun_path[0] = '\0';
|
|
|
-
|
|
|
- if (unset_environment)
|
|
|
- unsetenv("NOTIFY_SOCKET");
|
|
|
-
|
|
|
- fd = socket(AF_UNIX, SOCK_DGRAM, 0);
|
|
|
- if (fd == -1) {
|
|
|
- perror("sd_notify socket");
|
|
|
- return -1;
|
|
|
- }
|
|
|
-
|
|
|
- if (connect(fd, &addr, sizeof(addr)) == -1) {
|
|
|
- perror("sd_notify connect");
|
|
|
- goto out;
|
|
|
- }
|
|
|
-
|
|
|
- if (send(fd, state, strlen(state), 0) == -1) {
|
|
|
- perror("sd_notify send");
|
|
|
- goto out;
|
|
|
- }
|
|
|
-
|
|
|
- ret = 0;
|
|
|
-out:
|
|
|
- close(fd);
|
|
|
- return ret;
|
|
|
-}
|
|
|
-
|
|
|
-void init()
|
|
|
-{
|
|
|
- mode_t old_umask;
|
|
|
- /* FIXME: This 0 is remote domain ID */
|
|
|
- ctrl_vchan = libvchan_server_init(0, VCHAN_BASE_PORT, 4096, 4096);
|
|
|
- if (!ctrl_vchan)
|
|
|
- handle_vchan_error("server_init");
|
|
|
- if (handle_handshake(ctrl_vchan) < 0)
|
|
|
- exit(1);
|
|
|
- old_umask = umask(0);
|
|
|
- trigger_fd = get_server_socket(QREXEC_AGENT_TRIGGER_PATH);
|
|
|
- umask(old_umask);
|
|
|
- register_exec_func(do_exec);
|
|
|
-
|
|
|
- /* wait for qrexec daemon */
|
|
|
- while (!libvchan_is_open(ctrl_vchan))
|
|
|
- libvchan_wait(ctrl_vchan);
|
|
|
-
|
|
|
- if (getenv("NOTIFY_SOCKET")) {
|
|
|
- my_sd_notify(1, "READY=1");
|
|
|
- }
|
|
|
-}
|
|
|
-
|
|
|
-void wake_meminfo_writer()
|
|
|
-{
|
|
|
- FILE *f;
|
|
|
- int pid;
|
|
|
-
|
|
|
- if (meminfo_write_started)
|
|
|
- /* wake meminfo-writer only once */
|
|
|
- return;
|
|
|
-
|
|
|
- f = fopen(MEMINFO_WRITER_PIDFILE, "r");
|
|
|
- if (f == NULL) {
|
|
|
- /* no meminfo-writer found, ignoring */
|
|
|
- return;
|
|
|
- }
|
|
|
- if (fscanf(f, "%d", &pid) < 1) {
|
|
|
- fclose(f);
|
|
|
- /* no meminfo-writer found, ignoring */
|
|
|
- return;
|
|
|
- }
|
|
|
-
|
|
|
- fclose(f);
|
|
|
- if (pid <= 1 || pid > 0xffff) {
|
|
|
- /* check within acceptable range */
|
|
|
- return;
|
|
|
- }
|
|
|
- if (kill(pid, SIGUSR1) < 0) {
|
|
|
- /* Can't send signal */
|
|
|
- return;
|
|
|
- }
|
|
|
- meminfo_write_started = 1;
|
|
|
-}
|
|
|
-
|
|
|
-int try_fork_server(int type, int connect_domain, int connect_port,
|
|
|
- char *cmdline, int cmdline_len) {
|
|
|
- char username[cmdline_len];
|
|
|
- char *colon;
|
|
|
- char *fork_server_socket_path;
|
|
|
- int s, len;
|
|
|
- struct sockaddr_un remote;
|
|
|
- struct qrexec_cmd_info info;
|
|
|
-
|
|
|
- strncpy(username, cmdline, cmdline_len);
|
|
|
- colon = index(username, ':');
|
|
|
- if (!colon)
|
|
|
- return -1;
|
|
|
- *colon = '\0';
|
|
|
-
|
|
|
- if (asprintf(&fork_server_socket_path, QREXEC_FORK_SERVER_SOCKET, username) < 0) {
|
|
|
- fprintf(stderr, "Memory allocation failed\n");
|
|
|
- return -1;
|
|
|
- }
|
|
|
-
|
|
|
- remote.sun_family = AF_UNIX;
|
|
|
- strncpy(remote.sun_path, fork_server_socket_path,
|
|
|
- sizeof(remote.sun_path) - 1);
|
|
|
- free(fork_server_socket_path);
|
|
|
-
|
|
|
- if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
|
|
|
- perror("socket");
|
|
|
- return -1;
|
|
|
- }
|
|
|
- len = strlen(remote.sun_path) + sizeof(remote.sun_family);
|
|
|
- if (connect(s, (struct sockaddr *) &remote, len) == -1) {
|
|
|
- if (errno != ECONNREFUSED && errno != ENOENT)
|
|
|
- perror("connect");
|
|
|
- close(s);
|
|
|
- return -1;
|
|
|
- }
|
|
|
-
|
|
|
- info.type = type;
|
|
|
- info.connect_domain = connect_domain;
|
|
|
- info.connect_port = connect_port;
|
|
|
- info.cmdline_len = cmdline_len-(strlen(username)+1);
|
|
|
- if (!write_all(s, &info, sizeof(info))) {
|
|
|
- perror("write");
|
|
|
- close(s);
|
|
|
- return -1;
|
|
|
- }
|
|
|
- if (!write_all(s, colon+1, info.cmdline_len)) {
|
|
|
- perror("write");
|
|
|
- close(s);
|
|
|
- return -1;
|
|
|
- }
|
|
|
-
|
|
|
- return s;
|
|
|
-}
|
|
|
-
|
|
|
-
|
|
|
-void register_vchan_connection(pid_t pid, int fd, int domain, int port)
|
|
|
-{
|
|
|
- int i;
|
|
|
-
|
|
|
- for (i = 0; i < MAX_FDS; i++) {
|
|
|
- if (connection_info[i].pid == 0) {
|
|
|
- connection_info[i].pid = pid;
|
|
|
- connection_info[i].fd = fd;
|
|
|
- connection_info[i].connect_domain = domain;
|
|
|
- connection_info[i].connect_port = port;
|
|
|
- return;
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- fprintf(stderr, "No free slot for child %d (connection to %d:%d)\n", pid, domain, port);
|
|
|
-}
|
|
|
-
|
|
|
-/* Load service configuration from /etc/qubes/rpc-config/
|
|
|
- * (QUBES_RPC_CONFIG_DIR), currently only wait-for-session option supported.
|
|
|
- *
|
|
|
- * Return:
|
|
|
- * 1 - config successfuly loaded
|
|
|
- * 0 - config not found
|
|
|
- * -1 - other error
|
|
|
- */
|
|
|
-int load_service_config(const char *service_name, int *wait_for_session) {
|
|
|
- char filename[256];
|
|
|
- char config[MAX_CONFIG_SIZE];
|
|
|
- char *config_iter = config;
|
|
|
- FILE *config_file;
|
|
|
- size_t read_count;
|
|
|
- char *current_line;
|
|
|
-
|
|
|
- if (snprintf(filename, sizeof(filename), "%s/%s",
|
|
|
- QUBES_RPC_CONFIG_DIR, service_name) >= (int)sizeof(filename)) {
|
|
|
- /* buffer too small?! */
|
|
|
- return -1;
|
|
|
- }
|
|
|
-
|
|
|
- config_file = fopen(filename, "r");
|
|
|
- if (!config_file) {
|
|
|
- if (errno == ENOENT)
|
|
|
- return 0;
|
|
|
- else {
|
|
|
- fprintf(stderr, "Failed to load %s\n", filename);
|
|
|
- return -1;
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- read_count = fread(config, 1, sizeof(config)-1, config_file);
|
|
|
-
|
|
|
- if (ferror(config_file)) {
|
|
|
- fclose(config_file);
|
|
|
- return -1;
|
|
|
- }
|
|
|
-
|
|
|
- // config is a text file, should not have \0 inside; but when it has, part
|
|
|
- // after it will be ignored
|
|
|
- config[read_count] = 0;
|
|
|
-
|
|
|
- while ((current_line = strsep(&config_iter, "\n"))) {
|
|
|
- // ignore comments
|
|
|
- if (current_line[0] == '#')
|
|
|
- continue;
|
|
|
- sscanf(current_line, "wait-for-session=%d", wait_for_session);
|
|
|
- }
|
|
|
-
|
|
|
- fclose(config_file);
|
|
|
- return 1;
|
|
|
-}
|
|
|
-
|
|
|
-/* Check if requested command/service require GUI session and if so, initiate
|
|
|
- * waiting process.
|
|
|
- *
|
|
|
- * Return:
|
|
|
- * - 1 - waiting is needed, caller should register request to be proceeded
|
|
|
- * only after session is started)
|
|
|
- * - 0 - waiting is not needed, caller may proceed with request immediately
|
|
|
- */
|
|
|
-int wait_for_session_maybe(char *cmdline) {
|
|
|
- char *realcmd = index(cmdline, ':');
|
|
|
- char *user, *service_name, *source_domain, *service_argument;
|
|
|
- int stdin_pipe[2];
|
|
|
- int wait_for_session = 0;
|
|
|
-
|
|
|
- if (!realcmd)
|
|
|
- /* no colon in command line, this will be properly reported later */
|
|
|
- return 0;
|
|
|
-
|
|
|
- /* "nogui:" prefix have priority - do not wait for session */
|
|
|
- if (strncmp(realcmd, NOGUI_CMD_PREFIX, NOGUI_CMD_PREFIX_LEN) == 0)
|
|
|
- return 0;
|
|
|
-
|
|
|
- /* extract username */
|
|
|
- user = strndup(cmdline, realcmd - cmdline);
|
|
|
- realcmd++;
|
|
|
-
|
|
|
- /* wait for session only for service requests */
|
|
|
- if (strncmp(realcmd, RPC_REQUEST_COMMAND " ", RPC_REQUEST_COMMAND_LEN+1) != 0) {
|
|
|
- free(user);
|
|
|
- return 0;
|
|
|
- }
|
|
|
-
|
|
|
- realcmd += RPC_REQUEST_COMMAND_LEN+1;
|
|
|
- /* now realcmd contains service name (possibly with argument after '+'
|
|
|
- * char) and source domain name, after space */
|
|
|
- source_domain = index(realcmd, ' ');
|
|
|
- if (!source_domain) {
|
|
|
- /* qrexec-rpc-multiplexer will properly report this */
|
|
|
- free(user);
|
|
|
- return 0;
|
|
|
- }
|
|
|
- service_name = strndup(realcmd, source_domain - realcmd);
|
|
|
- source_domain++;
|
|
|
-
|
|
|
- /* first try to load config for specific argument */
|
|
|
- switch (load_service_config(service_name, &wait_for_session)) {
|
|
|
- case 0:
|
|
|
- /* no config for specific argument, try for bare service name */
|
|
|
- service_argument = index(service_name, '+');
|
|
|
- if (!service_argument) {
|
|
|
- /* there was no argument, so no config at all - do not wait for
|
|
|
- * session */
|
|
|
- free(user);
|
|
|
- return 0;
|
|
|
- }
|
|
|
- /* cut off the argument */
|
|
|
- *service_argument = '\0';
|
|
|
-
|
|
|
- if (load_service_config(service_name, &wait_for_session) != 1) {
|
|
|
- /* no config, or load error -> no wait for session */
|
|
|
- free(user);
|
|
|
- return 0;
|
|
|
- }
|
|
|
- break;
|
|
|
-
|
|
|
- case 1:
|
|
|
- /* config loaded */
|
|
|
- break;
|
|
|
-
|
|
|
- case -1:
|
|
|
- /* load error -> no wait for session */
|
|
|
- free(user);
|
|
|
- return 0;
|
|
|
- }
|
|
|
-
|
|
|
- if (!wait_for_session) {
|
|
|
- /* setting not set, or set to 0 */
|
|
|
- free(user);
|
|
|
- return 0;
|
|
|
- }
|
|
|
-
|
|
|
- /* ok, now we know that service is configured to wait for session */
|
|
|
-
|
|
|
- if (wait_for_session_pid != -1) {
|
|
|
- /* we're already waiting */
|
|
|
- free(user);
|
|
|
- return 1;
|
|
|
- }
|
|
|
-
|
|
|
- if (pipe(stdin_pipe) == -1) {
|
|
|
- perror("pipe for wait-for-session");
|
|
|
- free(user);
|
|
|
- return 0;
|
|
|
- }
|
|
|
- /* start waiting process */
|
|
|
- wait_for_session_pid = fork();
|
|
|
- switch (wait_for_session_pid) {
|
|
|
- case 0:
|
|
|
- close(stdin_pipe[1]);
|
|
|
- dup2(stdin_pipe[0], 0);
|
|
|
- execl("/etc/qubes-rpc/qubes.WaitForSession", "qubes.WaitForSession",
|
|
|
- source_domain, (char*)NULL);
|
|
|
- exit(1);
|
|
|
- case -1:
|
|
|
- perror("fork wait-for-session");
|
|
|
- free(user);
|
|
|
- return 0;
|
|
|
- default:
|
|
|
- close(stdin_pipe[0]);
|
|
|
- if (write(stdin_pipe[1], user, strlen(user)) == -1)
|
|
|
- perror("write error");
|
|
|
- if (write(stdin_pipe[1], "\n", 1) == -1)
|
|
|
- perror("write error");
|
|
|
- close(stdin_pipe[1]);
|
|
|
- }
|
|
|
- free(user);
|
|
|
- /* qubes.WaitForSession started, postpone request until it report back */
|
|
|
- return 1;
|
|
|
-}
|
|
|
-
|
|
|
-
|
|
|
-/* hdr parameter is received from dom0, so it is trusted */
|
|
|
-void handle_server_exec_request_init(struct msg_header *hdr)
|
|
|
-{
|
|
|
- struct exec_params params;
|
|
|
- int buf_len = hdr->len-sizeof(params);
|
|
|
- char buf[buf_len];
|
|
|
-
|
|
|
- assert(hdr->len >= sizeof(params));
|
|
|
-
|
|
|
- if (libvchan_recv(ctrl_vchan, ¶ms, sizeof(params)) < 0)
|
|
|
- handle_vchan_error("read exec params");
|
|
|
- if (libvchan_recv(ctrl_vchan, buf, buf_len) < 0)
|
|
|
- handle_vchan_error("read exec cmd");
|
|
|
-
|
|
|
- buf[buf_len-1] = 0;
|
|
|
-
|
|
|
- if (hdr->type != MSG_SERVICE_CONNECT && wait_for_session_maybe(buf)) {
|
|
|
- /* waiting for session, postpone actual call */
|
|
|
- int slot_index;
|
|
|
- for (slot_index = 0; slot_index < MAX_FDS; slot_index++)
|
|
|
- if (!requests_waiting_for_session[slot_index].cmdline)
|
|
|
- break;
|
|
|
- if (slot_index == MAX_FDS) {
|
|
|
- /* no free slots */
|
|
|
- fprintf(stderr, "No free slots for waiting for GUI session, continuing!\n");
|
|
|
- } else {
|
|
|
- requests_waiting_for_session[slot_index].type = hdr->type;
|
|
|
- requests_waiting_for_session[slot_index].connect_domain = params.connect_domain;
|
|
|
- requests_waiting_for_session[slot_index].connect_port = params.connect_port;
|
|
|
- requests_waiting_for_session[slot_index].cmdline = strdup(buf);
|
|
|
- /* nothing to do now, when we get GUI session, we'll continue */
|
|
|
- return;
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- handle_server_exec_request_do(hdr->type, params.connect_domain, params.connect_port, buf);
|
|
|
-}
|
|
|
-
|
|
|
-void handle_server_exec_request_do(int type, int connect_domain, int connect_port, char *cmdline) {
|
|
|
- int client_fd;
|
|
|
- pid_t child_agent;
|
|
|
- int cmdline_len = strlen(cmdline) + 1; // size of cmdline, including \0 at the end
|
|
|
- struct exec_params params = {
|
|
|
- .connect_domain = connect_domain,
|
|
|
- .connect_port = connect_port,
|
|
|
- };
|
|
|
-
|
|
|
- if ((type == MSG_EXEC_CMDLINE || type == MSG_JUST_EXEC) &&
|
|
|
- !strstr(cmdline, ":nogui:")) {
|
|
|
- int child_socket;
|
|
|
-
|
|
|
- child_socket = try_fork_server(type,
|
|
|
- params.connect_domain, params.connect_port,
|
|
|
- cmdline, cmdline_len);
|
|
|
- if (child_socket >= 0) {
|
|
|
- register_vchan_connection(-1, child_socket,
|
|
|
- params.connect_domain, params.connect_port);
|
|
|
- return;
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- if (type == MSG_SERVICE_CONNECT && sscanf(cmdline, "SOCKET%d", &client_fd)) {
|
|
|
- /* FIXME: Maybe add some check if client_fd is really FD to some
|
|
|
- * qrexec-client-vm process; but this data comes from qrexec-daemon
|
|
|
- * (which sends back what it got from us earlier), so it isn't critical.
|
|
|
- */
|
|
|
- if (write(client_fd, ¶ms, sizeof(params)) < 0) {
|
|
|
- /* ignore */
|
|
|
- }
|
|
|
- /* No need to send request_id (buf) - the client don't need it, there
|
|
|
- * is only meaningless (for the client) socket FD */
|
|
|
- /* Register connection even if there was an error sending params to
|
|
|
- * qrexec-client-vm. This way the mainloop will clean the things up
|
|
|
- * (close socket, send MSG_CONNECTION_TERMINATED) when qrexec-client-vm
|
|
|
- * will close the socket (terminate itself). */
|
|
|
- register_vchan_connection(-1, client_fd,
|
|
|
- params.connect_domain, params.connect_port);
|
|
|
- return;
|
|
|
- }
|
|
|
-
|
|
|
- /* No fork server case */
|
|
|
- child_agent = handle_new_process(type,
|
|
|
- params.connect_domain, params.connect_port,
|
|
|
- cmdline, cmdline_len);
|
|
|
-
|
|
|
- register_vchan_connection(child_agent, -1,
|
|
|
- params.connect_domain, params.connect_port);
|
|
|
-}
|
|
|
-
|
|
|
-void handle_service_refused(struct msg_header *hdr)
|
|
|
-{
|
|
|
- struct service_params params;
|
|
|
- int socket_fd;
|
|
|
-
|
|
|
- if (hdr->len != sizeof(params)) {
|
|
|
- fprintf(stderr, "Invalid msg 0x%x length (%d)\n", MSG_SERVICE_REFUSED, hdr->len);
|
|
|
- exit(1);
|
|
|
- }
|
|
|
-
|
|
|
- if (libvchan_recv(ctrl_vchan, ¶ms, sizeof(params)) < 0)
|
|
|
- handle_vchan_error("read exec params");
|
|
|
-
|
|
|
- if (sscanf(params.ident, "SOCKET%d", &socket_fd))
|
|
|
- close(socket_fd);
|
|
|
- else
|
|
|
- fprintf(stderr, "Received REFUSED for unknown service request '%s'\n", params.ident);
|
|
|
-}
|
|
|
-
|
|
|
-void handle_server_cmd()
|
|
|
-{
|
|
|
- struct msg_header s_hdr;
|
|
|
-
|
|
|
- if (libvchan_recv(ctrl_vchan, &s_hdr, sizeof(s_hdr)) < 0)
|
|
|
- handle_vchan_error("read s_hdr");
|
|
|
-
|
|
|
- // fprintf(stderr, "got %x %x %x\n", s_hdr.type, s_hdr.client_id,
|
|
|
- // s_hdr.len);
|
|
|
-
|
|
|
- switch (s_hdr.type) {
|
|
|
- case MSG_EXEC_CMDLINE:
|
|
|
- case MSG_JUST_EXEC:
|
|
|
- case MSG_SERVICE_CONNECT:
|
|
|
- wake_meminfo_writer();
|
|
|
- handle_server_exec_request_init(&s_hdr);
|
|
|
- break;
|
|
|
- case MSG_SERVICE_REFUSED:
|
|
|
- handle_service_refused(&s_hdr);
|
|
|
- break;
|
|
|
- default:
|
|
|
- fprintf(stderr, "msg type from daemon is %d ?\n",
|
|
|
- s_hdr.type);
|
|
|
- exit(1);
|
|
|
- }
|
|
|
-}
|
|
|
-
|
|
|
-volatile int child_exited;
|
|
|
-
|
|
|
-void sigchld_handler(int x __attribute__((__unused__)))
|
|
|
-{
|
|
|
- child_exited = 1;
|
|
|
- signal(SIGCHLD, sigchld_handler);
|
|
|
-}
|
|
|
-
|
|
|
-int find_connection(int pid)
|
|
|
-{
|
|
|
- int i;
|
|
|
- for (i = 0; i < MAX_FDS; i++)
|
|
|
- if (connection_info[i].pid == pid)
|
|
|
- return i;
|
|
|
- return -1;
|
|
|
-}
|
|
|
-
|
|
|
-void release_connection(int id) {
|
|
|
- struct msg_header hdr;
|
|
|
- struct exec_params params;
|
|
|
-
|
|
|
- hdr.type = MSG_CONNECTION_TERMINATED;
|
|
|
- hdr.len = sizeof(struct exec_params);
|
|
|
- params.connect_domain = connection_info[id].connect_domain;
|
|
|
- params.connect_port = connection_info[id].connect_port;
|
|
|
- if (libvchan_send(ctrl_vchan, &hdr, sizeof(hdr)) < 0)
|
|
|
- handle_vchan_error("send");
|
|
|
- if (libvchan_send(ctrl_vchan, ¶ms, sizeof(params)) < 0)
|
|
|
- handle_vchan_error("send");
|
|
|
- connection_info[id].pid = 0;
|
|
|
-}
|
|
|
-
|
|
|
-void reap_children()
|
|
|
-{
|
|
|
- int status;
|
|
|
- int pid;
|
|
|
- int id;
|
|
|
- while ((pid = waitpid(-1, &status, WNOHANG)) > 0) {
|
|
|
- if (pid == wait_for_session_pid) {
|
|
|
- for (id = 0; id < MAX_FDS; id++) {
|
|
|
- if (!requests_waiting_for_session[id].cmdline)
|
|
|
- continue;
|
|
|
- handle_server_exec_request_do(
|
|
|
- requests_waiting_for_session[id].type,
|
|
|
- requests_waiting_for_session[id].connect_domain,
|
|
|
- requests_waiting_for_session[id].connect_port,
|
|
|
- requests_waiting_for_session[id].cmdline);
|
|
|
- free(requests_waiting_for_session[id].cmdline);
|
|
|
- requests_waiting_for_session[id].cmdline = NULL;
|
|
|
- }
|
|
|
- wait_for_session_pid = -1;
|
|
|
- continue;
|
|
|
- }
|
|
|
- id = find_connection(pid);
|
|
|
- if (id < 0)
|
|
|
- continue;
|
|
|
- release_connection(id);
|
|
|
- }
|
|
|
- child_exited = 0;
|
|
|
-}
|
|
|
-
|
|
|
-int fill_fds_for_select(fd_set * rdset, fd_set * wrset)
|
|
|
-{
|
|
|
- int max = -1;
|
|
|
- int i;
|
|
|
- FD_ZERO(rdset);
|
|
|
- FD_ZERO(wrset);
|
|
|
-
|
|
|
- FD_SET(trigger_fd, rdset);
|
|
|
- if (trigger_fd > max)
|
|
|
- max = trigger_fd;
|
|
|
-
|
|
|
- for (i = 0; i < MAX_FDS; i++) {
|
|
|
- if (connection_info[i].pid != 0 && connection_info[i].fd != -1) {
|
|
|
- FD_SET(connection_info[i].fd, rdset);
|
|
|
- if (connection_info[i].fd > max)
|
|
|
- max = connection_info[i].fd;
|
|
|
- }
|
|
|
- }
|
|
|
- return max;
|
|
|
-}
|
|
|
-
|
|
|
-void handle_trigger_io()
|
|
|
-{
|
|
|
- struct msg_header hdr;
|
|
|
- struct trigger_service_params params;
|
|
|
- int ret;
|
|
|
- int client_fd;
|
|
|
-
|
|
|
- client_fd = do_accept(trigger_fd);
|
|
|
- if (client_fd < 0)
|
|
|
- return;
|
|
|
- hdr.len = sizeof(params);
|
|
|
- ret = read(client_fd, ¶ms, sizeof(params));
|
|
|
- if (ret == sizeof(params)) {
|
|
|
- hdr.type = MSG_TRIGGER_SERVICE;
|
|
|
- snprintf(params.request_id.ident, sizeof(params.request_id), "SOCKET%d", client_fd);
|
|
|
- if (libvchan_send(ctrl_vchan, &hdr, sizeof(hdr)) < 0)
|
|
|
- handle_vchan_error("write hdr");
|
|
|
- if (libvchan_send(ctrl_vchan, ¶ms, sizeof(params)) < 0)
|
|
|
- handle_vchan_error("write params");
|
|
|
- }
|
|
|
- if (ret <= 0) {
|
|
|
- close(client_fd);
|
|
|
- }
|
|
|
- /* do not close client_fd - we'll need it to send the connection details
|
|
|
- * later (when dom0 accepts the request) */
|
|
|
-}
|
|
|
-
|
|
|
-void handle_terminated_fork_client(fd_set *rdset) {
|
|
|
- int i, ret;
|
|
|
- char buf[2];
|
|
|
-
|
|
|
- for (i = 0; i < MAX_FDS; i++) {
|
|
|
- if (connection_info[i].pid && connection_info[i].fd >= 0 &&
|
|
|
- FD_ISSET(connection_info[i].fd, rdset)) {
|
|
|
- ret = read(connection_info[i].fd, buf, sizeof(buf));
|
|
|
- if (ret == 0 || (ret == -1 && errno == ECONNRESET)) {
|
|
|
- close(connection_info[i].fd);
|
|
|
- release_connection(i);
|
|
|
- } else {
|
|
|
- fprintf(stderr, "Unexpected read on fork-server connection: %d(%s)\n", ret, strerror(errno));
|
|
|
- close(connection_info[i].fd);
|
|
|
- release_connection(i);
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
-}
|
|
|
-
|
|
|
-int main()
|
|
|
-{
|
|
|
- fd_set rdset, wrset;
|
|
|
- int max;
|
|
|
- sigset_t chld_set;
|
|
|
-
|
|
|
- init();
|
|
|
- signal(SIGCHLD, sigchld_handler);
|
|
|
- signal(SIGPIPE, SIG_IGN);
|
|
|
- sigemptyset(&chld_set);
|
|
|
- sigaddset(&chld_set, SIGCHLD);
|
|
|
-
|
|
|
-
|
|
|
- for (;;) {
|
|
|
- sigprocmask(SIG_BLOCK, &chld_set, NULL);
|
|
|
- if (child_exited)
|
|
|
- reap_children();
|
|
|
- max = fill_fds_for_select(&rdset, &wrset);
|
|
|
- if (libvchan_buffer_space(ctrl_vchan) <=
|
|
|
- (int)sizeof(struct msg_header))
|
|
|
- FD_ZERO(&rdset);
|
|
|
-
|
|
|
- wait_for_vchan_or_argfd(ctrl_vchan, max, &rdset, &wrset);
|
|
|
- sigprocmask(SIG_UNBLOCK, &chld_set, NULL);
|
|
|
-
|
|
|
- while (libvchan_data_ready(ctrl_vchan))
|
|
|
- handle_server_cmd();
|
|
|
-
|
|
|
- if (FD_ISSET(trigger_fd, &rdset))
|
|
|
- handle_trigger_io();
|
|
|
-
|
|
|
- handle_terminated_fork_client(&rdset);
|
|
|
- }
|
|
|
-}
|