static dbus_bool_t
exec_for_correct_user (char *exec, char *user, char *alias, DBusError *error)
{
char **argv;
int argc;
dbus_bool_t retval;
argc = 0;
retval = TRUE;
argv = NULL;
if (!switch_user (user, error))
return FALSE;
/* convert command into arguments */
if (!_dbus_shell_parse_argv (exec, &argc, &argv, error))
return FALSE;
#ifndef ACTIVATION_LAUNCHER_DO_OOM
/* replace with new binary, with no environment */
if (execv (argv[0], argv) < 0)
{
dbus_set_error (error, DBUS_ERROR_SPAWN_EXEC_FAILED,
"Failed to exec: %s", argv[0]);
retval = FALSE;
}
#endif
dbus_free_string_array (argv);
return retval;
}
void run_session(LXDM_AUTH *a,const char *run)
{
setsid();
a->child=fork();
if(a->child==0)
{
lxdm_auth_put_env(a);
lxdm_auth_clean_for_child(a);
switch_user(&a->pw,run,NULL);
//execle(run,run,NULL,environ);
_exit(EXIT_FAILURE);
}
}
int main(int argc, char** argv)
try
{
if(!setup(argc, argv))
{
usage();
exit(-2);
}
std::cerr << "parsed channels: ";
std::copy(channel_list.begin(), channel_list.end(),
std::ostream_iterator<int> (std::cerr, " "));
std::cerr << std::endl;
std::cerr << "nflogd starting..." << std::endl;
PacketHandler ph(pcap_filename);
NFmain nf(channel_list, [ph = std::ref(ph)](struct nflog_data *nfa){
ph(nfa);
});
// setup signal
SETSIG(SIGTERM, term_handler, SA_RESTART);
SETSIG(SIGINT, term_handler, SA_RESTART);
SETSIG(SIGHUP, hup_handler, SA_RESTART);
std::cerr << "going into main loop" << std::endl;
switch_user();
set_dumpable();
nf.loop(term_flag);
std::cerr << "terminating..." << std::endl;
return 0;
}
catch (const std::exception& e)
{
std::cerr << e.what() << std::endl;
return -1;
}
int main(int argc, char **argv)
{
uid_t uid = getuid();
int noclose = 0;
int lockFD;
struct stat st;
if (geteuid() != uid)
die("This executable is too dangerous to be setuid.\n");
parse_params(argc, argv);
if (cmd[0][0] != '/')
die("The 'path' parameter must be an absolute path name.\n");
/* Verify that the path to the command points to an existing file. */
if (access(cmd[0], X_OK) == -1)
die("File \"%s\" is not executable.\n", cmd[0]);
/*
Note: A directory will also pass the X_OK test, so test further with
stat().
*/
if (stat(cmd[0], &st))
die("File \"%s\" does not exist.\n", cmd[0]);
if(! S_ISREG(st.st_mode))
die("File \"%s\" is not regular file.\n", cmd[0]);
if (lock_file)
{
lockFD = open(lock_file, O_CREAT | O_WRONLY, S_IRUSR | S_IWUSR);
if (lockFD < 0)
die("Can't create lock file \"%s\": %s\n",
lock_file, strerror (errno));
if (flock(lockFD, LOCK_EX | LOCK_NB) != 0)
die("Can't lock the lock file \"%s\". "
"Is another instance running?\n",
lock_file);
}
if (pid_file != NULL)
{
int fd;
verbose("Creating PID file \"%s\".\n", pid_file);
fd = open(pid_file, O_CREAT | O_WRONLY,
S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
if (fd < 0)
{
die ("Can't create PID file \"%s\": %s\n",
pid_file, strerror (errno));
}
close(fd);
}
if (user != NULL)
switch_user(user, uid, pid_file);
open_output_files();
if (chdir (cwd) != 0)
{
die("Can't change working directory to \"%s\": %s\n",
cwd, strerror (errno));
}
verbose("Daemonizing...");
if (redirect_stdout_stderr())
noclose = 1;
if (daemon (1, noclose) != 0)
die("Can't daemonize: %s\n", strerror (errno));
if (chdir(cwd) != 0)
{
die("Can't change working directory to \"%s\": %s\n",
cwd, strerror (errno));
}
if (pid_file != NULL)
{
FILE *fPid = NULL;
verbose("Writing process ID to \"%s\".\n", pid_file);
if ( (fPid = fopen (pid_file, "w")) == NULL )
{
die("Can't open PID file \"%s\": %s\n",
pid_file, strerror (errno));
}
fprintf(fPid, "%d\n", getpid());
fclose(fPid);
}
/*
Make sure we have a relatively sane environment
Patch by Ken Farnen <*****@*****.**>, 18 February 2010.
*/
if (getenv("IFS") == NULL)
setenv("IFS"," \t\n",1);
if (getenv("PATH") == NULL)
setenv("PATH","/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin", 1);
execvp(cmd[0], cmd);
die("Can't exec \"%s\": %s\n", cmd[0], strerror (errno));
}
int main(int argc, char **argv)
{
bool_t nodaemon = false;
#ifdef POSIX_PRIORITY_SCHEDULING
bool_t realtime = false;
#endif
bool_t testconfig = false;
char *conffile = NULL, *pidfile = NULL;
int c;
struct utsname utsbuf;
/* Arguments */
#ifdef POSIX_PRIORITY_SCHEDULING
while ((c = getopt(argc, argv, "drp:c:a:A:b:B:ht")) != EOF) {
#else
while ((c = getopt(argc, argv, "dp:c:a:A:b:B:ht")) != EOF) {
#endif
switch(c) {
case 'c':
conffile = optarg;
break;
case 'p':
pidfile = optarg;
break;
case 'a':
bindaddr = optarg;
break;
case 'A':
bindaddr6 = optarg;
break;
case 'b':
bindport = atoi(optarg);
break;
case 'B':
bindport6 = atoi(optarg);
break;
case 'd':
nodaemon = true;
break;
case 'h':
printhelp();
break;
case 't':
testconfig = true;
break;
#ifdef POSIX_PRIORITY_SCHEDULING
case 'r':
realtime = true;
break;
#endif
default:
fprintf(stderr, "Unrecognized option\n");
printhelp();
break;
}
}
if (testconfig) {
if (!Conf_ok(conffile))
exit(1);
else
exit(0);
}
/* Initialize the config subsystem early;
* switch_user() will need to read some config variables as well as logging.
*/
Conf_init(conffile);
/* Logging to terminal if not daemonizing, otherwise to syslog or log file.
*/
if (!nodaemon) {
daemonize();
Log_init(false);
if (pidfile != NULL)
lockfile(pidfile);
switch_user();
/* Reopen log file. If user switch results in access denied, we catch
* it early.
*/
Log_reset();
}
else Log_init(true);
signal(SIGCHLD, SIG_IGN); /* ignore child */
signal(SIGTSTP, SIG_IGN); /* ignore tty signals */
signal(SIGTTOU, SIG_IGN);
signal(SIGTTIN, SIG_IGN);
signal(SIGPIPE, SIG_IGN);
signal(SIGHUP, signal_handler); /* catch hangup signal */
signal(SIGTERM, signal_handler); /* catch kill signal */
/* Build system string */
if (uname(&utsbuf) == 0) {
snprintf(system_string, 64, "%s %s", utsbuf.sysname, utsbuf.machine);
snprintf(version_string, 64, "%s", utsbuf.release);
}
else {
snprintf(system_string, 64, "unknown unknown");
snprintf(version_string, 64, "unknown");
}
/* Initializing */
SSLi_init();
Chan_init();
Client_init();
Ban_init();
#ifdef USE_SHAREDMEMORY_API
Sharedmemory_init( bindport, bindport6 );
#endif
#ifdef POSIX_PRIORITY_SCHEDULING
if (realtime)
setscheduler();
#endif
Server_run();
#ifdef USE_SHAREDMEMORY_API
Sharedmemory_deinit();
#endif
Ban_deinit();
SSLi_deinit();
Chan_free();
Log_free();
Conf_deinit();
if (pidfile != NULL)
unlink(pidfile);
return 0;
}
void
execute(struct russ_sess *sess, char *userhost, char *new_spath) {
struct russ_sconn *sconn = sess->sconn;
struct russ_req *req = sess->req;
char *args[1024];
int nargs;
char *uhp_user, *uhp_host, *uhp_port;
int i, status, pid;
switch_user(sconn);
/* parse out user, host, and port */
uhp_user = strdup(userhost);
if ((uhp_host = strstr(uhp_user, "@")) != NULL) {
*uhp_host = '\0';
uhp_host++;
} else {
uhp_host = uhp_user;
uhp_user = NULL;
}
if ((uhp_port = strstr(uhp_host, ":")) != NULL) {
*uhp_port = '\0';
uhp_port++;
}
/* build args array */
nargs = 0;
args[nargs++] = SSH_EXEC;
args[nargs++] = "-o";
args[nargs++] = "StrictHostKeyChecking=no";
args[nargs++] = "-o";
args[nargs++] = "BatchMode=yes";
args[nargs++] = "-o";
args[nargs++] = "LogLevel=QUIET";
if (uhp_user) {
args[nargs++] = "-l";
args[nargs++] = uhp_user;
}
if (uhp_port) {
args[nargs++] = "-p";
args[nargs++] = uhp_port;
}
args[nargs++] = uhp_host;
args[nargs++] = RUDIAL_EXEC;
if ((req->attrv != NULL) && (req->attrv[0] != NULL)) {
for (i = 0; req->attrv[i] != NULL; i++) {
args[nargs++] = "-a";
if ((args[nargs++] = escape_special(req->attrv[i])) == NULL) {
russ_sconn_fatal(sconn, "error: out of memory", RUSS_EXIT_FAILURE);
exit(0);
}
}
}
args[nargs++] = req->op;
args[nargs++] = new_spath;
if ((req->argv != NULL) && (req->argv[0] != NULL)) {
for (i = 0; req->argv[i] != NULL; i++) {
if ((args[nargs++] = escape_special(req->argv[i])) == NULL) {
russ_sconn_fatal(sconn, "error: out of memory", RUSS_EXIT_FAILURE);
exit(0);
}
}
}
args[nargs++] = NULL;
#if 0
{
char **xargs;
for (xargs = args; *xargs != NULL; xargs++) {
fprintf(stderr, "(%s)\n", *xargs);
}
}
#endif
/* fix up fds and exec */
signal(SIGCHLD, SIG_DFL);
if ((pid = fork()) == 0) {
/* dup sconn stdin/out/err fds to standard stdin/out/err */
if ((dup2(sconn->fds[0], 0) >= 0) &&
(dup2(sconn->fds[1], 1) >= 0) &&
(dup2(sconn->fds[2], 2) >= 0)) {
russ_sconn_close(sconn);
execv(args[0], args);
}
/* should not get here! */
russ_dprintf(2, "error: could not execute\n");
exit(1);
}
/* close sconn stdin/out/err; leave exitfd */
russ_close(sconn->fds[0]);
russ_close(sconn->fds[1]);
russ_close(sconn->fds[2]);
/* wait for exit value, pass back, and close up */
waitpid(pid, &status, 0);
russ_sconn_exit(sconn, WEXITSTATUS(status));
russ_sconn_close(sconn);
exit(0);
}
