qrexec-agent.c 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602
  1. /*
  2. * The Qubes OS Project, http://www.qubes-os.org
  3. *
  4. * Copyright (C) 2010 Rafal Wojtczuk <rafal@invisiblethingslab.com>
  5. *
  6. * This program is free software; you can redistribute it and/or
  7. * modify it under the terms of the GNU General Public License
  8. * as published by the Free Software Foundation; either version 2
  9. * of the License, or (at your option) any later version.
  10. *
  11. * This program is distributed in the hope that it will be useful,
  12. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14. * GNU General Public License for more details.
  15. *
  16. * You should have received a copy of the GNU General Public License
  17. * along with this program; if not, write to the Free Software
  18. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  19. *
  20. */
  21. #include <sys/select.h>
  22. #include <stdio.h>
  23. #include <stdlib.h>
  24. #include <signal.h>
  25. #include <unistd.h>
  26. #include <errno.h>
  27. #include <sys/wait.h>
  28. #include <fcntl.h>
  29. #include <string.h>
  30. #include <pwd.h>
  31. #include <grp.h>
  32. #include <sys/stat.h>
  33. #include "qrexec.h"
  34. #include "libqrexec-utils.h"
  35. enum fdtype {
  36. FDTYPE_INVALID,
  37. FDTYPE_STDOUT,
  38. FDTYPE_STDERR
  39. };
  40. struct _process_fd {
  41. int client_id;
  42. int type;
  43. int is_blocked;
  44. };
  45. struct _client_info {
  46. int stdin_fd;
  47. int stdout_fd;
  48. int stderr_fd;
  49. int exit_status;
  50. int is_exited;
  51. int pid;
  52. int is_blocked;
  53. int is_close_after_flush_needed;
  54. struct buffer buffer;
  55. };
  56. int max_process_fd = -1;
  57. /* indexed by file descriptor */
  58. struct _process_fd process_fd[MAX_FDS];
  59. /* indexed by client id, which is descriptor number of a client in daemon */
  60. struct _client_info client_info[MAX_FDS];
  61. int trigger_fd;
  62. int passfd_socket;
  63. int meminfo_write_started = 0;
  64. void init()
  65. {
  66. peer_server_init(REXEC_PORT);
  67. umask(0);
  68. mkfifo(QREXEC_AGENT_TRIGGER_PATH, 0666);
  69. passfd_socket = get_server_socket(QREXEC_AGENT_FDPASS_PATH);
  70. umask(077);
  71. trigger_fd =
  72. open(QREXEC_AGENT_TRIGGER_PATH, O_RDONLY | O_NONBLOCK);
  73. }
  74. void wake_meminfo_writer() {
  75. FILE *f;
  76. int pid;
  77. if (meminfo_write_started)
  78. /* wake meminfo-writer only once */
  79. return;
  80. f = fopen(MEMINFO_WRITER_PIDFILE, "r");
  81. if (f == NULL) {
  82. /* no meminfo-writer found, ignoring */
  83. return;
  84. }
  85. if (fscanf(f, "%d", &pid) < 1) {
  86. fclose(f);
  87. /* no meminfo-writer found, ignoring */
  88. return;
  89. }
  90. fclose(f);
  91. if (pid <= 1 || pid > 0xffff) {
  92. /* check within acceptable range */
  93. return;
  94. }
  95. if (kill(pid, SIGUSR1) < 0) {
  96. /* Can't send signal */
  97. return;
  98. }
  99. meminfo_write_started = 1;
  100. }
  101. void no_colon_in_cmd()
  102. {
  103. fprintf(stderr,
  104. "cmdline is supposed to be in user:command form\n");
  105. exit(1);
  106. }
  107. void do_exec(const char *cmd)
  108. {
  109. char buf[strlen(QUBES_RPC_MULTIPLEXER_PATH) + strlen(cmd) - strlen(QUBES_RPC_MAGIC_CMD) + 1];
  110. char *realcmd = index(cmd, ':'), *user;
  111. if (!realcmd)
  112. no_colon_in_cmd();
  113. /* mark end of username and move to command */
  114. user=strndup(cmd,realcmd-cmd);
  115. realcmd++;
  116. /* ignore "nogui:" prefix in linux agent */
  117. if (strncmp(realcmd, "nogui:", 6) == 0)
  118. realcmd+=6;
  119. /* replace magic RPC cmd with RPC multiplexer path */
  120. if (strncmp(realcmd, QUBES_RPC_MAGIC_CMD " ", strlen(QUBES_RPC_MAGIC_CMD)+1)==0) {
  121. strcpy(buf, QUBES_RPC_MULTIPLEXER_PATH);
  122. strcpy(buf + strlen(QUBES_RPC_MULTIPLEXER_PATH), realcmd + strlen(QUBES_RPC_MAGIC_CMD));
  123. realcmd = buf;
  124. }
  125. signal(SIGCHLD, SIG_DFL);
  126. signal(SIGPIPE, SIG_DFL);
  127. execl("/bin/su", "su", "-", user, "-c", realcmd, NULL);
  128. perror("execl");
  129. exit(1);
  130. }
  131. void handle_just_exec(int client_id, int len)
  132. {
  133. char buf[len];
  134. int fdn, pid;
  135. read_all_vchan_ext(buf, len);
  136. switch (pid = fork()) {
  137. case -1:
  138. perror("fork");
  139. exit(1);
  140. case 0:
  141. fdn = open("/dev/null", O_RDWR);
  142. fix_fds(fdn, fdn, fdn);
  143. do_exec(buf);
  144. perror("execl");
  145. exit(1);
  146. default:;
  147. }
  148. fprintf(stderr, "executed (nowait) %s pid %d\n", buf, pid);
  149. }
  150. void create_info_about_client(int client_id, int pid, int stdin_fd,
  151. int stdout_fd, int stderr_fd)
  152. {
  153. process_fd[stdout_fd].client_id = client_id;
  154. process_fd[stdout_fd].type = FDTYPE_STDOUT;
  155. process_fd[stdout_fd].is_blocked = 0;
  156. process_fd[stderr_fd].client_id = client_id;
  157. process_fd[stderr_fd].type = FDTYPE_STDERR;
  158. process_fd[stderr_fd].is_blocked = 0;
  159. if (stderr_fd > max_process_fd)
  160. max_process_fd = stderr_fd;
  161. if (stdout_fd > max_process_fd)
  162. max_process_fd = stdout_fd;
  163. set_nonblock(stdin_fd);
  164. client_info[client_id].stdin_fd = stdin_fd;
  165. client_info[client_id].stdout_fd = stdout_fd;
  166. client_info[client_id].stderr_fd = stderr_fd;
  167. client_info[client_id].exit_status = 0;
  168. client_info[client_id].is_exited = 0;
  169. client_info[client_id].pid = pid;
  170. client_info[client_id].is_blocked = 0;
  171. client_info[client_id].is_close_after_flush_needed = 0;
  172. buffer_init(&client_info[client_id].buffer);
  173. }
  174. void handle_exec(int client_id, int len)
  175. {
  176. char buf[len];
  177. int pid, stdin_fd, stdout_fd, stderr_fd;
  178. read_all_vchan_ext(buf, len);
  179. do_fork_exec(buf, &pid, &stdin_fd, &stdout_fd, &stderr_fd);
  180. create_info_about_client(client_id, pid, stdin_fd, stdout_fd,
  181. stderr_fd);
  182. fprintf(stderr, "executed %s pid %d\n", buf, pid);
  183. }
  184. void handle_connect_existing(int client_id, int len)
  185. {
  186. int stdin_fd, stdout_fd, stderr_fd;
  187. char buf[len];
  188. read_all_vchan_ext(buf, len);
  189. sscanf(buf, "%d %d %d", &stdin_fd, &stdout_fd, &stderr_fd);
  190. create_info_about_client(client_id, -1, stdin_fd, stdout_fd,
  191. stderr_fd);
  192. client_info[client_id].is_exited = 1; //do not wait for SIGCHLD
  193. }
  194. void update_max_process_fd()
  195. {
  196. int i;
  197. for (i = max_process_fd;
  198. i >= 0 && process_fd[i].type == FDTYPE_INVALID; i--);
  199. max_process_fd = i;
  200. }
  201. void send_exit_code(int client_id, int status)
  202. {
  203. struct server_header s_hdr;
  204. s_hdr.type = MSG_AGENT_TO_SERVER_EXIT_CODE;
  205. s_hdr.client_id = client_id;
  206. s_hdr.len = sizeof status;
  207. write_all_vchan_ext(&s_hdr, sizeof s_hdr);
  208. write_all_vchan_ext(&status, sizeof(status));
  209. fprintf(stderr, "send exit code %d for client_id %d pid %d\n",
  210. status, client_id, client_info[client_id].pid);
  211. }
  212. // erase process data structures, possibly forced by remote
  213. void remove_process(int client_id, int status)
  214. {
  215. int i;
  216. if (!client_info[client_id].pid)
  217. return;
  218. if (client_info[client_id].stdin_fd >= 0)
  219. fork_and_flush_stdin(client_info[client_id].stdin_fd,
  220. &client_info[client_id].buffer);
  221. #if 0
  222. // let's let it die by itself, possibly after it has received buffered stdin
  223. kill(client_info[client_id].pid, SIGKILL);
  224. #endif
  225. if (status != -1)
  226. send_exit_code(client_id, status);
  227. close(client_info[client_id].stdin_fd);
  228. client_info[client_id].pid = 0;
  229. client_info[client_id].stdin_fd = -1;
  230. client_info[client_id].is_blocked = 0;
  231. buffer_free(&client_info[client_id].buffer);
  232. for (i = 0; i <= max_process_fd; i++)
  233. if (process_fd[i].type != FDTYPE_INVALID
  234. && process_fd[i].client_id == client_id) {
  235. process_fd[i].type = FDTYPE_INVALID;
  236. process_fd[i].client_id = -1;
  237. process_fd[i].is_blocked = 0;
  238. close(i);
  239. }
  240. update_max_process_fd();
  241. }
  242. // remove process not immediately after it has exited, but after its stdout and stderr has been drained
  243. // previous method implemented in flush_out_err was broken - it cannot work when peer signalled it is blocked
  244. void possibly_remove_process(int client_id)
  245. {
  246. if (client_info[client_id].stdout_fd == -1 &&
  247. client_info[client_id].stderr_fd == -1 &&
  248. client_info[client_id].is_exited)
  249. remove_process(client_id,
  250. client_info[client_id].exit_status);
  251. }
  252. void handle_input(int client_id, int len)
  253. {
  254. char buf[len];
  255. read_all_vchan_ext(buf, len);
  256. if (!client_info[client_id].pid || client_info[client_id].stdin_fd == -1)
  257. return;
  258. if (len == 0) {
  259. if (client_info[client_id].is_blocked)
  260. client_info[client_id].is_close_after_flush_needed
  261. = 1;
  262. else {
  263. close(client_info[client_id].stdin_fd);
  264. client_info[client_id].stdin_fd = -1;
  265. }
  266. return;
  267. }
  268. switch (write_stdin
  269. (client_info[client_id].stdin_fd, client_id, buf, len,
  270. &client_info[client_id].buffer)) {
  271. case WRITE_STDIN_OK:
  272. break;
  273. case WRITE_STDIN_BUFFERED:
  274. client_info[client_id].is_blocked = 1;
  275. break;
  276. case WRITE_STDIN_ERROR:
  277. // do not remove process, as it still can write data to stdout
  278. close(client_info[client_id].stdin_fd);
  279. client_info[client_id].stdin_fd = -1;
  280. client_info[client_id].is_blocked = 0;
  281. break;
  282. default:
  283. fprintf(stderr, "unknown write_stdin?\n");
  284. exit(1);
  285. }
  286. }
  287. void set_blocked_outerr(int client_id, int val)
  288. {
  289. process_fd[client_info[client_id].stdout_fd].is_blocked = val;
  290. process_fd[client_info[client_id].stderr_fd].is_blocked = val;
  291. }
  292. void handle_server_data()
  293. {
  294. struct server_header s_hdr;
  295. read_all_vchan_ext(&s_hdr, sizeof s_hdr);
  296. // fprintf(stderr, "got %x %x %x\n", s_hdr.type, s_hdr.client_id,
  297. // s_hdr.len);
  298. switch (s_hdr.type) {
  299. case MSG_XON:
  300. set_blocked_outerr(s_hdr.client_id, 0);
  301. break;
  302. case MSG_XOFF:
  303. set_blocked_outerr(s_hdr.client_id, 1);
  304. break;
  305. case MSG_SERVER_TO_AGENT_CONNECT_EXISTING:
  306. handle_connect_existing(s_hdr.client_id, s_hdr.len);
  307. break;
  308. case MSG_SERVER_TO_AGENT_EXEC_CMDLINE:
  309. wake_meminfo_writer();
  310. handle_exec(s_hdr.client_id, s_hdr.len);
  311. break;
  312. case MSG_SERVER_TO_AGENT_JUST_EXEC:
  313. wake_meminfo_writer();
  314. handle_just_exec(s_hdr.client_id, s_hdr.len);
  315. break;
  316. case MSG_SERVER_TO_AGENT_INPUT:
  317. handle_input(s_hdr.client_id, s_hdr.len);
  318. break;
  319. case MSG_SERVER_TO_AGENT_CLIENT_END:
  320. remove_process(s_hdr.client_id, -1);
  321. break;
  322. default:
  323. fprintf(stderr, "msg type from daemon is %d ?\n",
  324. s_hdr.type);
  325. exit(1);
  326. }
  327. }
  328. void handle_process_data(int fd)
  329. {
  330. struct server_header s_hdr;
  331. char buf[MAX_DATA_CHUNK];
  332. int ret;
  333. int len;
  334. len = buffer_space_vchan_ext();
  335. if (len <= sizeof s_hdr)
  336. return;
  337. ret = read(fd, buf, len - sizeof s_hdr);
  338. s_hdr.client_id = process_fd[fd].client_id;
  339. if (process_fd[fd].type == FDTYPE_STDOUT)
  340. s_hdr.type = MSG_AGENT_TO_SERVER_STDOUT;
  341. else if (process_fd[fd].type == FDTYPE_STDERR)
  342. s_hdr.type = MSG_AGENT_TO_SERVER_STDERR;
  343. else {
  344. fprintf(stderr, "fd=%d, client_id=%d, type=%d ?\n", fd,
  345. process_fd[fd].client_id, process_fd[fd].type);
  346. exit(1);
  347. }
  348. s_hdr.len = ret;
  349. if (ret >= 0) {
  350. write_all_vchan_ext(&s_hdr, sizeof s_hdr);
  351. write_all_vchan_ext(buf, ret);
  352. }
  353. if (ret == 0) {
  354. int client_id = process_fd[fd].client_id;
  355. if (process_fd[fd].type == FDTYPE_STDOUT)
  356. client_info[client_id].stdout_fd = -1;
  357. else
  358. client_info[client_id].stderr_fd = -1;
  359. process_fd[fd].type = FDTYPE_INVALID;
  360. process_fd[fd].client_id = -1;
  361. process_fd[fd].is_blocked = 0;
  362. close(fd);
  363. update_max_process_fd();
  364. possibly_remove_process(client_id);
  365. }
  366. if (ret < 0)
  367. remove_process(process_fd[fd].client_id, 127);
  368. }
  369. volatile int child_exited;
  370. void sigchld_handler(int x)
  371. {
  372. child_exited = 1;
  373. signal(SIGCHLD, sigchld_handler);
  374. }
  375. int find_info(int pid)
  376. {
  377. int i;
  378. for (i = 0; i < MAX_FDS; i++)
  379. if (client_info[i].pid == pid)
  380. return i;
  381. return -1;
  382. }
  383. void handle_process_data_all(fd_set * select_fds)
  384. {
  385. int i;
  386. for (i = 0; i <= max_process_fd; i++)
  387. if (process_fd[i].type != FDTYPE_INVALID
  388. && FD_ISSET(i, select_fds))
  389. handle_process_data(i);
  390. }
  391. void reap_children()
  392. {
  393. int status;
  394. int pid;
  395. int client_id;
  396. while ((pid = waitpid(-1, &status, WNOHANG)) > 0) {
  397. client_id = find_info(pid);
  398. if (client_id < 0)
  399. continue;
  400. client_info[client_id].is_exited = 1;
  401. client_info[client_id].exit_status = status;
  402. possibly_remove_process(client_id);
  403. }
  404. child_exited = 0;
  405. }
  406. int fill_fds_for_select(fd_set * rdset, fd_set * wrset)
  407. {
  408. int max = -1;
  409. int fd, i;
  410. FD_ZERO(rdset);
  411. FD_ZERO(wrset);
  412. for (i = 0; i <= max_process_fd; i++)
  413. if (process_fd[i].type != FDTYPE_INVALID
  414. && !process_fd[i].is_blocked) {
  415. FD_SET(i, rdset);
  416. max = i;
  417. }
  418. FD_SET(trigger_fd, rdset);
  419. if (trigger_fd > max)
  420. max = trigger_fd;
  421. FD_SET(passfd_socket, rdset);
  422. if (passfd_socket > max)
  423. max = passfd_socket;
  424. for (i = 0; i < MAX_FDS; i++)
  425. if (client_info[i].pid && client_info[i].is_blocked) {
  426. fd = client_info[i].stdin_fd;
  427. FD_SET(fd, wrset);
  428. if (fd > max)
  429. max = fd;
  430. }
  431. return max;
  432. }
  433. void flush_client_data_agent(int client_id)
  434. {
  435. struct _client_info *info = &client_info[client_id];
  436. switch (flush_client_data
  437. (info->stdin_fd, client_id, &info->buffer)) {
  438. case WRITE_STDIN_OK:
  439. info->is_blocked = 0;
  440. if (info->is_close_after_flush_needed) {
  441. close(info->stdin_fd);
  442. info->stdin_fd = -1;
  443. info->is_close_after_flush_needed = 0;
  444. }
  445. break;
  446. case WRITE_STDIN_ERROR:
  447. // do not remove process, as it still can write data to stdout
  448. info->is_blocked = 0;
  449. close(info->stdin_fd);
  450. info->stdin_fd = -1;
  451. info->is_close_after_flush_needed = 0;
  452. break;
  453. case WRITE_STDIN_BUFFERED:
  454. break;
  455. default:
  456. fprintf(stderr, "unknown flush_client_data?\n");
  457. exit(1);
  458. }
  459. }
  460. void handle_new_passfd()
  461. {
  462. int fd = do_accept(passfd_socket);
  463. if (fd >= MAX_FDS) {
  464. fprintf(stderr, "too many clients ?\n");
  465. exit(1);
  466. }
  467. // let client know what fd has been allocated
  468. write(fd, &fd, sizeof(fd));
  469. }
  470. void handle_trigger_io()
  471. {
  472. struct server_header s_hdr;
  473. struct trigger_connect_params params;
  474. int ret;
  475. s_hdr.client_id = 0;
  476. s_hdr.len = 0;
  477. ret = read(trigger_fd, &params, sizeof(params));
  478. if (ret == sizeof(params)) {
  479. s_hdr.type = MSG_AGENT_TO_SERVER_TRIGGER_CONNECT_EXISTING;
  480. write_all_vchan_ext(&s_hdr, sizeof s_hdr);
  481. write_all_vchan_ext(&params, sizeof params);
  482. }
  483. // trigger_fd is nonblock - so no need to reopen
  484. // not really, need to reopen at EOF
  485. if (ret <= 0) {
  486. close(trigger_fd);
  487. trigger_fd =
  488. open(QREXEC_AGENT_TRIGGER_PATH, O_RDONLY | O_NONBLOCK);
  489. }
  490. }
  491. int main()
  492. {
  493. fd_set rdset, wrset;
  494. int max;
  495. int i;
  496. sigset_t chld_set;
  497. init();
  498. signal(SIGCHLD, sigchld_handler);
  499. signal(SIGPIPE, SIG_IGN);
  500. sigemptyset(&chld_set);
  501. sigaddset(&chld_set, SIGCHLD);
  502. for (;;) {
  503. sigprocmask(SIG_BLOCK, &chld_set, NULL);
  504. if (child_exited)
  505. reap_children();
  506. max = fill_fds_for_select(&rdset, &wrset);
  507. if (buffer_space_vchan_ext() <=
  508. sizeof(struct server_header))
  509. FD_ZERO(&rdset);
  510. wait_for_vchan_or_argfd(max, &rdset, &wrset);
  511. sigprocmask(SIG_UNBLOCK, &chld_set, NULL);
  512. if (FD_ISSET(passfd_socket, &rdset))
  513. handle_new_passfd();
  514. while (read_ready_vchan_ext())
  515. handle_server_data();
  516. if (FD_ISSET(trigger_fd, &rdset))
  517. handle_trigger_io();
  518. handle_process_data_all(&rdset);
  519. for (i = 0; i <= MAX_FDS; i++)
  520. if (client_info[i].pid
  521. && client_info[i].is_blocked
  522. && FD_ISSET(client_info[i].stdin_fd, &wrset))
  523. flush_client_data_agent(i);
  524. }
  525. }