2 * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 #include <sys/types.h>
20 #include <sys/param.h>
21 #include <sys/socket.h>
29 #endif /* HAVE_TERMIOS_H */
30 #include <sys/ioctl.h>
31 #ifdef HAVE_SYS_SELECT_H
32 # include <sys/select.h>
33 #endif /* HAVE_SYS_SELECT_H */
42 #endif /* STDC_HEADERS */
45 #endif /* HAVE_STRING_H */
48 #endif /* HAVE_STRINGS_H */
51 #endif /* HAVE_UNISTD_H */
52 #if TIME_WITH_SYS_TIME
62 # include <selinux/selinux.h>
66 #include "sudo_exec.h"
68 /* shared with exec_pty.c */
69 sig_atomic_t recvsig[NSIG];
70 void handler __P((int s));
73 * Like execve(2) but falls back to running through /bin/sh
74 * ala execvp(3) if we get ENOEXEC.
77 my_execve(path, argv, envp)
82 execve(path, argv, envp);
83 if (errno == ENOEXEC) {
84 argv--; /* at least one extra slot... */
86 argv[1] = (char *)path;
87 execve(_PATH_BSHELL, argv, envp);
93 * Fork and execute a command, returns the child's pid.
94 * Sends errno back on sv[1] if execve() fails.
96 static int fork_cmnd(path, argv, envp, sv, rbac_enabled)
103 struct command_status cstat;
107 zero_bytes(&sa, sizeof(sa));
108 sigemptyset(&sa.sa_mask);
109 sa.sa_flags = SA_INTERRUPT; /* do not restart syscalls */
110 sa.sa_handler = handler;
111 sigaction(SIGCONT, &sa, NULL);
121 fcntl(sv[1], F_SETFD, FD_CLOEXEC);
122 if (exec_setup(rbac_enabled, user_ttypath, -1) == TRUE) {
123 /* headed for execve() */
124 closefrom(def_closefrom);
127 selinux_execve(path, argv, envp);
130 my_execve(path, argv, envp);
132 cstat.type = CMD_ERRNO;
134 send(sv[1], &cstat, sizeof(cstat), 0);
141 * Execute a command, potentially in a pty with I/O loggging.
142 * This is a little bit tricky due to how POSIX job control works and
143 * we fact that we have two different controlling terminals to deal with.
146 sudo_execve(path, argv, envp, uid, cstat, dowait, bgmode)
151 struct command_status *cstat;
157 int maxfd, n, nready, status, sv[2];
158 int rbac_enabled = 0;
162 /* If running in background mode, fork and exit. */
166 cstat->type = CMD_ERRNO;
170 /* child continues */
178 #ifdef _PATH_SUDO_IO_LOGDIR
179 log_io = def_log_output || def_log_input || def_use_pty;
186 #endif /* _PATH_SUDO_IO_LOGDIR */
189 rbac_enabled = is_selinux_enabled() > 0 && user_role != NULL;
195 * If we don't need to wait for the command to finish, just exec it.
198 exec_setup(FALSE, NULL, -1);
199 closefrom(def_closefrom);
200 my_execve(path, argv, envp);
201 cstat->type = CMD_ERRNO;
207 * We communicate with the child over a bi-directional pair of sockets.
208 * Parent sends signal info to child and child sends back wait status.
210 if (socketpair(PF_UNIX, SOCK_DGRAM, 0, sv) != 0)
211 error(1, "cannot create sockets");
213 zero_bytes(&sa, sizeof(sa));
214 sigemptyset(&sa.sa_mask);
216 /* Note: HP-UX select() will not be interrupted if SA_RESTART set */
217 sa.sa_flags = SA_INTERRUPT; /* do not restart syscalls */
218 sa.sa_handler = handler;
219 sigaction(SIGCHLD, &sa, NULL);
220 sigaction(SIGHUP, &sa, NULL);
221 sigaction(SIGINT, &sa, NULL);
222 sigaction(SIGPIPE, &sa, NULL);
223 sigaction(SIGQUIT, &sa, NULL);
224 sigaction(SIGTERM, &sa, NULL);
226 /* Max fd we will be selecting on. */
230 * Child will run the command in the pty, parent will pass data
231 * to and from pty. Adjusts maxfd as needed.
233 #ifdef _PATH_SUDO_IO_LOGDIR
235 child = fork_pty(path, argv, envp, sv, rbac_enabled, &maxfd);
238 child = fork_cmnd(path, argv, envp, sv, rbac_enabled);
241 #ifdef HAVE_SETLOCALE
243 * I/O logging must be in the C locale for floating point numbers
244 * to be logged consistently.
246 setlocale(LC_ALL, "C");
250 * In the event loop we pass input from user tty to master
251 * and pass output from master to stdout and IO plugin.
253 fdsr = (fd_set *)emalloc2(howmany(maxfd + 1, NFDBITS), sizeof(fd_mask));
254 fdsw = (fd_set *)emalloc2(howmany(maxfd + 1, NFDBITS), sizeof(fd_mask));
256 if (recvsig[SIGCHLD]) {
260 * If logging I/O, child is the intermediate process,
261 * otherwise it is the command itself.
263 recvsig[SIGCHLD] = FALSE;
266 pid = sudo_waitpid(child, &status, WUNTRACED|WNOHANG);
270 } while (pid == -1 && errno == EINTR);
272 /* If not logging I/O and child has exited we are done. */
274 if (WIFSTOPPED(status)) {
275 /* Child may not have privs to suspend us itself. */
276 kill(getpid(), WSTOPSIG(status));
278 /* Child has exited, we are done. */
279 cstat->type = CMD_WSTATUS;
284 /* Else we get ECONNRESET on sv[0] if child dies. */
288 zero_bytes(fdsw, howmany(maxfd + 1, NFDBITS) * sizeof(fd_mask));
289 zero_bytes(fdsr, howmany(maxfd + 1, NFDBITS) * sizeof(fd_mask));
292 #ifdef _PATH_SUDO_IO_LOGDIR
294 fd_set_iobs(fdsr, fdsw); /* XXX - better name */
296 for (n = 0; n < NSIG; n++) {
297 if (recvsig[n] && n != SIGCHLD) {
302 /* nothing listening on sv[0], send directly */
308 if (recvsig[SIGCHLD])
310 nready = select(maxfd + 1, fdsr, fdsw, NULL, NULL);
314 error(1, "select failed");
316 if (FD_ISSET(sv[0], fdsr)) {
317 /* read child status */
318 n = recv(sv[0], cstat, sizeof(*cstat), 0);
323 * If not logging I/O we will receive ECONNRESET when
324 * the command is executed. It is safe to ignore this.
326 if (log_io && errno != EAGAIN) {
327 cstat->type = CMD_ERRNO;
332 #ifdef _PATH_SUDO_IO_LOGDIR /* XXX */
333 if (cstat->type == CMD_WSTATUS) {
334 if (WIFSTOPPED(cstat->val)) {
335 /* Suspend parent and tell child how to resume on return. */
336 n = suspend_parent(WSTOPSIG(cstat->val));
340 /* Child exited or was killed, either way we are done. */
344 #endif /* _PATH_SUDO_IO_LOGDIR */
345 if (cstat->type == CMD_ERRNO) {
346 /* Child was unable to execute command or broken pipe. */
351 #ifdef _PATH_SUDO_IO_LOGDIR
352 /* XXX - move this too */
353 if (FD_ISSET(sv[0], fdsw)) {
354 for (n = 0; n < NSIG; n++) {
358 cstat->type = CMD_SIGNO;
361 n = send(sv[0], cstat, sizeof(*cstat), 0);
362 } while (n == -1 && errno == EINTR);
363 if (n != sizeof(*cstat)) {
369 if (perform_io(fdsr, fdsw, cstat) != 0)
371 #endif /* _PATH_SUDO_IO_LOGDIR */
374 #ifdef _PATH_SUDO_IO_LOGDIR
376 /* Flush any remaining output and free pty-related memory. */
379 #endif /* _PATH_SUDO_IO_LOGDIR */
383 /* This is probably not needed in log_io mode. */
384 if (selinux_restore_tty() != 0)
385 warningx("unable to restore tty label");
392 return cstat->type == CMD_ERRNO ? -1 : 0;
396 * Generic handler for signals passed from parent -> child.
397 * The recvsig[] array is checked in the main event loop.
projects / debian / sudo / blob