#include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "utils.h" #include "log.h" #define _POSIX_PATH_MAX 256 char *arg0 = NULL; static int null_fd = -1; static void sighandler_child(int signo); static void sighandler_master(int signo); static inline void bin2hex_char(unsigned char c, char hexc[5]); int set_fd_nonblock(int fd) { int flags; flags = fcntl(fd, F_GETFL, 0); if (flags < 0) return 1; flags |= O_NONBLOCK; if (fcntl(fd, F_SETFL, flags) == -1) return 1; return 0; } static void sighandler_child(int signo) { switch (signo) { case SIGHUP: if (getppid() == 1) { N("Master process %d died, exiting", getpgrp()); exit(EXIT_SUCCESS); } break; case SIGSEGV: E("%s", "Got a SIGSEGV signal, abort .."); exit(EXIT_FAILURE); } } int set_child_sighandler(void) { if (prctl(PR_SET_PDEATHSIG, SIGHUP) != 0) return 1; assert( signal(SIGCHLD, SIG_IGN) != SIG_ERR ); assert( signal(SIGPIPE, SIG_IGN) != SIG_ERR ); assert( signal(SIGSEGV, sighandler_child) != SIG_ERR ); return signal(SIGHUP, sighandler_child) == SIG_ERR; } static void sighandler_master(int signo) { static int exiting = 0; switch (signo) { case SIGINT: case SIGTERM: case SIGABRT: if (exiting) break; exiting = 1; W("Got signal %d, exiting", signo); kill(0, SIGTERM); exit(EXIT_FAILURE); } } int set_master_sighandler(void) { int s = 0; s |= signal(SIGINT, sighandler_master) == SIG_ERR; s |= signal(SIGTERM, sighandler_master) == SIG_ERR; s |= signal(SIGABRT, sighandler_master) == SIG_ERR; return s; } void set_procname(const char *new_arg0) { assert(arg0); memset(arg0, 0, _POSIX_PATH_MAX); strncpy(arg0, new_arg0, _POSIX_PATH_MAX); } pid_t daemonize(int stay_foreground) { int status = -1; pid_t pid; /* Fork off the parent process */ pid = fork(); /* An error occurred */ if (pid < 0) return pid; /* Success: Let the parent terminate */ if (pid > 0) { if (!stay_foreground) exit(EXIT_SUCCESS); waitpid(-1, &status, 0); exit(EXIT_SUCCESS); } /* On success: The child process becomes session leader */ if (!stay_foreground && setsid() < 0) { E_STRERR("%s", "setsid"); exit(EXIT_FAILURE); } /* Fork off for the second time*/ if (!stay_foreground) { pid = fork(); /* An error occurred */ if (pid < 0) exit(EXIT_FAILURE); /* Success: Let the parent terminate */ if (pid > 0) exit(EXIT_SUCCESS); } if (!stay_foreground && setpgrp()) { E_STRERR("%s", "setpgrp"); exit(EXIT_FAILURE); } /* Set new file permissions */ umask(0); if (!stay_foreground) { /* Change the working directory to the root directory */ /* or another appropriated directory */ chdir("/"); /* Close all open file descriptors */ assert( close_fds_except(-1) == 0 ); assert( redirect_devnull_to(0, 1, 2, -1) == 0 ); } else { assert( close_fds_except(0, 1, 2, -1) == 0 ); } return pid; } int close_fds_except(int fds, ...) { int fd; long max_fd; size_t i, except_count, found; va_list ap; max_fd = sysconf(_SC_OPEN_MAX) - 1; if (max_fd <= 0) return 1; if (fds < 0) return 1; va_start(ap, fds); { int *all_fds = (int *) malloc((max_fd+1) * sizeof(*all_fds)); assert(all_fds); memset(all_fds, -1, max_fd * sizeof(*all_fds)); except_count = 0; while ( (fd = va_arg(ap, int)) >= 0 ) { all_fds[except_count++] = fd; } all_fds[except_count++] = fds; for (fd = max_fd; fd >= 0; --fd) { found = 0; for (i = 0; i < except_count; ++i) { if (fd == all_fds[i]) found++; } if (!found) { close(fd); } } free(all_fds); } va_end(ap); return 0; } int redirect_devnull_to(int fds, ...) { int fd, rc = 0; va_list ap; if (null_fd < 0) null_fd = open("/dev/null", O_RDWR); if (null_fd < 0) return -1; if (fds < -1) return -1; va_start(ap, fds); { while ( (fd = va_arg(ap, int)) >= 0 ) { if ( dup2(null_fd, fd) < 0 ) rc++; } } va_end(ap); return rc; } int change_user_group(const char *user, const char *group) { struct passwd *pwd = NULL; struct group *grp = NULL; gid_t gid; pwd = getpwnam(user); if (!pwd) return 1; if (!group) { gid = pwd->pw_gid; } else { grp = getgrnam(group); if (!grp) return 1; gid = grp->gr_gid; } if (setregid(gid, gid)) return 1; if (setreuid(pwd->pw_uid, pwd->pw_uid)) return 1; return 0; } int change_default_user_group(void) { return change_user_group("nobody", NULL); } int safe_chroot(const char *newroot) { int s; s = chdir(newroot); if (s) { E_STRERR("Change directory to '%s'", newroot); return 1; } s = chroot("."); if (s) { E_STRERR("Change root directory to '%s'", "."); return 1; } s = chdir("/"); if (s) { E_STRERR("Change directory inside new root to '%s'", "/"); return 1; } return 0; } int dir_is_mountpoint(const char *path) { struct stat current = {0}, parent = {0}; size_t plen = strnlen(path, PATH_MAX); char parent_path[plen + 4]; if (stat(path, ¤t)) goto error; strncpy(parent_path, path, plen); parent_path[plen] = '/'; parent_path[plen+1] = '.'; parent_path[plen+2] = '.'; parent_path[plen+3] = 0; if (stat(parent_path, &parent)) goto error; return current.st_dev != parent.st_dev; error: W_STRERR("Mountpoint check for '%s'", path); return -1; } void chk_chroot(void) { struct stat s = {0}; if (stat("/", &s) == 0) { if (s.st_ino != 2) return; } E("%s", "Can not mount filesystem as slave"); exit(EXIT_FAILURE); } void mount_root(void) { int s; s = mount("none", "/", "", MS_SLAVE|MS_REC, NULL); if (s) chk_chroot(); } int mount_dev(const char *mount_path) { int s; s = mount("tmpfs", mount_path, "tmpfs", MS_NOSUID|MS_STRICTATIME| MS_NOEXEC|MS_REC, "size=4k,mode=755,gid=0"); if (s) { E_STRERR("Mount devtmpfs filesystem to %s", mount_path); return 1; } return 0; } int mount_pts(const char *mount_path) { int s; s = mount("devpts", mount_path, "devpts", MS_MGC_VAL, "newinstance,gid=5,mode=620,ptmxmode=0666"); if (s) { E_STRERR("Mount devpts filesystem to %s", mount_path); return 1; } return 0; } int mount_proc(const char *mount_path) { int s; umount(mount_path); s = mount("proc", mount_path, "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REC, NULL); if (s) { E_STRERR("Mount proc filesystem to %s", mount_path); return 1; } return 0; } int create_device_file_checked(const char *mount_path, const char *device_file, mode_t mode, int add_mode, dev_t dev) { int s; mode_t defmode = S_IRUSR|S_IWUSR| S_IRGRP|S_IWGRP| S_IROTH; size_t plen = strnlen(mount_path, PATH_MAX); size_t dlen = strnlen(device_file, PATH_MAX); struct stat devbuf = {0}; char devpath[plen+dlen+2]; snprintf(devpath, plen+dlen+2, "%s/%s", mount_path, device_file); s = stat(devpath, &devbuf); if (s && errno != EEXIST && errno != ENOENT) { return 1; } if (errno == EEXIST) { if (unlink(devpath)) return 1; } D2("Create device file: %s", devpath); if (!add_mode) defmode = 0; s = mknod(devpath, defmode|mode, dev); if (s) { E_STRERR("Device creation '%s'", devpath); return 1; } return 0; } int create_device_files(const char *mount_path) { int s = 0; s |= create_device_file_checked(mount_path, "ptmx", S_IFCHR, 1, makedev(5,2)); s |= create_device_file_checked(mount_path, "tty", S_IFCHR, 1, makedev(5,0)); return s; } #if 0 int update_guid_map(pid_t pid, unsigned int map[3], int update_uidmap) { int s, fd; ssize_t written; const char path_pid[] = "/proc/%d/%s"; const char path_self[] = "/proc/self/%s"; char buf[64]; if (pid < 0) { s = snprintf(buf, sizeof buf, path_self, (update_uidmap ? "uid_map" : "gid_map")); } else { s = snprintf(buf, sizeof buf, path_pid, pid, (update_uidmap ? "uid_map" : "gid_map")); } if (s <= 0) return 1; fd = open(buf, O_WRONLY); if (fd < 0) return 1; s = snprintf(buf, sizeof buf, "%u %u %u\n", map[0], map[1], map[2]); written = write(fd, buf, s); if (written <= 0) return 1; return 0; } int update_setgroups_self(int allow) { int fd; ssize_t written; const char path_self[] = "/proc/self/setgroups"; const char str_allow[] = "allow"; const char str_deny[] = "deny"; fd = open(path_self, O_WRONLY); if (fd < 0) return 1; if (allow) { written = write(fd, str_allow, sizeof(str_allow) - 1); } else { written = write(fd, str_deny, sizeof(str_deny) - 1); } if (written <= 0) return 1; return 0; } #endif static inline void bin2hex_char(unsigned char c, char hexc[5]) { static const char hexalnum[] = "0123456789ABCDEF"; hexc[0] = '\\'; hexc[1] = 'x'; hexc[2] = hexalnum[ (c >> 4)%16 ]; hexc[3] = hexalnum[ (c & 0x0F)%16 ]; hexc[4] = 0; } void escape_ascii_string(const char ascii[], size_t siz, char **dest, size_t *newsiz) { char hexbyte[5]; const size_t binsiz = 4; size_t i, j, ns; assert(ascii && dest && newsiz); ns = 0; for (i = 0; i < siz; ++i) { if (isprint(ascii[i])) ns++; else ns += binsiz; } if (ns > *newsiz) { if (*dest) free(*dest); *dest = (char *) malloc(sizeof(char) * (ns+1)); assert(*dest); (*newsiz) = ns; } for (i = 0, j = 0; i < siz && j < ns; ++i) { if (isprint(ascii[i])) { (*dest)[j] = ascii[i]; j++; } else { bin2hex_char(ascii[i], hexbyte); snprintf((*dest)+j, binsiz+1, "%s", hexbyte); j += binsiz; } } (*dest)[ns] = 0; }