diff options
| author | lns <matzeton@googlemail.com> | 2018-04-25 12:41:03 +0200 |
|---|---|---|
| committer | lns <matzeton@googlemail.com> | 2018-04-25 12:41:03 +0200 |
| commit | d05358d2667d5b55a1bec36d051d95c06a3c7536 (patch) | |
| tree | 11e9ef6d9cf9ecf12988151545c094397a6989ec | |
| parent | 03e137c2193d550dda156f86ca68c896f0dffe84 (diff) | |
POTD skeleton #29.
Signed-off-by: lns <matzeton@googlemail.com>
| -rw-r--r-- | src/jail.c | 10 | ||||
| -rw-r--r-- | src/server_ssh.c | 2 | ||||
| -rw-r--r-- | src/utils.c | 86 | ||||
| -rw-r--r-- | src/utils.h | 2 |
4 files changed, 86 insertions, 14 deletions
@@ -231,10 +231,11 @@ static int jail_accept_client(jail_ctx *ctx[], args->client_psock.fd); args->prisoner_pid = clone(jail_childfn, ctx[i]->stack_beg, - SIGCHLD|clone_flags, NULL); + SIGCHLD|clone_flags, args); rc = 1; error: + socket_close(&args->client_psock); free(args); return rc; } @@ -245,13 +246,16 @@ error: static int jail_childfn(void *arg) { - (void) arg; + jail_prisoner_process *args; + + assert(arg); + args = (jail_prisoner_process *) arg; if (prctl(PR_SET_PDEATHSIG, SIGKILL) != 0) { E_STRERR("Jail child prctl"); exit(EXIT_FAILURE); } - printf("----> CHILD FN <----\n"); + printf("----> CHILD FN: %d <----\n", args->client_psock.fd); sleep(10); exit(EXIT_SUCCESS); diff --git a/src/server_ssh.c b/src/server_ssh.c index 100c6a8..b0eb301 100644 --- a/src/server_ssh.c +++ b/src/server_ssh.c @@ -214,7 +214,7 @@ static int gen_export_sshkey(enum ssh_keytypes_e type, int length, const char *p ssh_key_free(priv_key); if (s != SSH_OK) { - E2("SSH private key export to file failed: %d", s); + W2("SSH private key export to file failed: %d", s); return 1; } diff --git a/src/utils.c b/src/utils.c index a5fa5a9..996a8a7 100644 --- a/src/utils.c +++ b/src/utils.c @@ -2,6 +2,8 @@ #include <stdlib.h> #include <string.h> #include <unistd.h> +#include <stdarg.h> +#include <fcntl.h> #include <signal.h> #include <sys/types.h> #include <sys/stat.h> @@ -15,6 +17,7 @@ #define _POSIX_PATH_MAX 256 char *arg0 = NULL; +static int null_fd = -1; static void sighandler_child(int signo) @@ -90,18 +93,81 @@ pid_t daemonize(int stay_foreground) /* Set new file permissions */ umask(0); - if (stay_foreground) - return pid; + if (!stay_foreground) { + /* Change the working directory to the root directory */ + /* or another appropriated directory */ + chdir("/"); + /* Close all open file descriptors */ + assert( close_fds_except(-1) == 0 ); + } else { + assert( close_fds_except(0, 1, 2, -1) == 0 ); + } - /* Change the working directory to the root directory */ - /* or another appropriated directory */ -// chdir("/"); + return pid; +} - /* Close all open file descriptors */ - int x; - for (x = sysconf(_SC_OPEN_MAX); x>=0; x--) { -// close (x); +int close_fds_except(int fds, ...) +{ + int fd; + long max_fd; + size_t i, except_count, found; + va_list ap; + + max_fd = sysconf(_SC_OPEN_MAX); + if (max_fd <= 0) + return 1; + + va_start(ap, fds); + { + int *all_fds = malloc(max_fd * sizeof(*all_fds)); + assert(all_fds); + memset(all_fds, -1, max_fd * sizeof(*all_fds)); + + except_count = 0; + while ( (fd = va_arg(ap, int)) >= 0 ) { + all_fds[except_count++] = fd; + } + + for (fd = max_fd; fd >= 0; --fd) { + found = 0; + for (i = 0; i < except_count; ++i) { + if (fd == all_fds[i]) + found++; + } + if (!found) { + close(fd); + } + } + + free(all_fds); } + va_end(ap); - return pid; + return 0; +} + +int redirect_devnull_to(int fds, ...) +{ + int fd, rc = 0; + va_list ap; + + if (null_fd < 0) + null_fd = open("/dev/null", O_RDWR); + assert(null_fd >= 0); + + va_start(ap, fds); + { + while ( (fd = va_arg(ap, int)) >= 0 ) { + if ( dup2(null_fd, fd) < 0 ) + rc++; + } + } + va_end(ap); + + return rc; +} + +int change_user_group(const char *user, const char *group) +{ + return 0; } diff --git a/src/utils.h b/src/utils.h index da5be32..22a2b07 100644 --- a/src/utils.h +++ b/src/utils.h @@ -16,6 +16,8 @@ pid_t daemonize(int stay_foreground); int close_fds_except(int fd, ...); +int redirect_devnull_to(int fds, ...); + int change_user_group(const char *user, const char *group); #endif |