/* Run the given command line as if with exec. What we actually do is fork the
command line as a subprocess, then loop, relaying data between the socket and
the subprocess. This allows Ncat to handle SSL from the socket and give plain
text to the subprocess, and also allows things like logging and line delays.
Never returns. */
void netexec(struct fdinfo *info, char *cmdexec)
{
int child_stdin[2];
int child_stdout[2];
int pid;
int crlf_state;
char buf[DEFAULT_TCP_BUF_LEN];
int maxfd;
if (o.debug) {
switch (o.execmode) {
case EXEC_SHELL:
logdebug("Executing with shell: %s\n", cmdexec);
break;
#ifdef HAVE_LUA
case EXEC_LUA:
logdebug("Executing as lua script: %s\n", cmdexec);
break;
#endif
default:
logdebug("Executing: %s\n", cmdexec);
break;
}
}
if (pipe(child_stdin) == -1 || pipe(child_stdout) == -1)
bye("Can't create child pipes: %s", strerror(errno));
pid = fork();
if (pid == -1)
bye("Error in fork: %s", strerror(errno));
if (pid == 0) {
/* This is the child process. Exec the command. */
close(child_stdin[1]);
close(child_stdout[0]);
/* We might have turned off SIGPIPE handling in ncat_listen.c. Since
the child process SIGPIPE might mean that the connection got broken,
ignoring it could result in an infinite loop if the code here
ignores the error codes of read()/write() calls. So, just in case,
let's restore SIGPIPE so that writing to a broken pipe results in
killing the child process. */
Signal(SIGPIPE, SIG_DFL);
/* rearrange stdin and stdout */
Dup2(child_stdin[0], STDIN_FILENO);
Dup2(child_stdout[1], STDOUT_FILENO);
switch (o.execmode) {
char **cmdargs;
case EXEC_SHELL:
execl("/bin/sh", "sh", "-c", cmdexec, (void *) NULL);
break;
#ifdef HAVE_LUA
case EXEC_LUA:
lua_run();
break;
#endif
default:
cmdargs = cmdline_split(cmdexec);
execv(cmdargs[0], cmdargs);
break;
}
/* exec failed. */
die("exec");
}
close(child_stdin[0]);
close(child_stdout[1]);
maxfd = child_stdout[0];
if (info->fd > maxfd)
maxfd = info->fd;
/* This is the parent process. Enter a "caretaker" loop that reads from the
socket and writes to the suprocess, and reads from the subprocess and
writes to the socket. We exit the loop on any read error (or EOF). On a
write error we just close the opposite side of the conversation. */
crlf_state = 0;
for (;;) {
fd_set fds;
int r, n_r;
FD_ZERO(&fds);
FD_SET(info->fd, &fds);
FD_SET(child_stdout[0], &fds);
r = fselect(maxfd + 1, &fds, NULL, NULL, NULL);
if (r == -1) {
if (errno == EINTR)
continue;
else
break;
}
if (FD_ISSET(info->fd, &fds)) {
int pending;
do {
n_r = ncat_recv(info, buf, sizeof(buf), &pending);
if (n_r <= 0)
goto loop_end;
write_loop(child_stdin[1], buf, n_r);
} while (pending);
}
if (FD_ISSET(child_stdout[0], &fds)) {
char *crlf = NULL, *wbuf;
n_r = read(child_stdout[0], buf, sizeof(buf));
if (n_r <= 0)
break;
wbuf = buf;
if (o.crlf) {
if (fix_line_endings((char *) buf, &n_r, &crlf, &crlf_state))
wbuf = crlf;
}
ncat_send(info, wbuf, n_r);
if (crlf != NULL)
free(crlf);
}
}
loop_end:
#ifdef HAVE_OPENSSL
if (info->ssl != NULL) {
SSL_shutdown(info->ssl);
SSL_free(info->ssl);
}
#endif
close(info->fd);
exit(0);
}
/* Relay data between a socket and a process until the process dies or stops
sending or receiving data. The socket descriptor and process pipe handles
are in the data argument, which must be a pointer to struct subprocess_info.
This function is a workaround for the fact that we can't just run a process
after redirecting its input handles to a socket. If the process, for
example, redirects its own stdin, it somehow confuses the socket and stdout
stops working. This is exactly what ncat does (as part of the Windows stdin
workaround), so it can't be ignored.
This function can be invoked through CreateThread to simulate fork+exec, or
called directly to simulate exec. It frees the subprocess_info struct and
closes the socket and pipe handles before returning. Returns the exit code
of the subprocess. */
static DWORD WINAPI subprocess_thread_func(void *data)
{
struct subprocess_info *info;
char pipe_buffer[BUFSIZ];
OVERLAPPED overlap = { 0 };
HANDLE events[3];
DWORD ret, rc;
int crlf_state = 0;
info = (struct subprocess_info *) data;
/* Three events we watch for: socket read, pipe read, and process end. */
events[0] = (HANDLE) WSACreateEvent();
WSAEventSelect(info->fdn.fd, events[0], FD_READ | FD_CLOSE);
events[1] = info->child_out_r;
events[2] = info->proc;
/* To avoid blocking or polling, we use asynchronous I/O, or what Microsoft
calls "overlapped" I/O, on the process pipe. WaitForMultipleObjects
reports when the read operation is complete. */
ReadFile(info->child_out_r, pipe_buffer, sizeof(pipe_buffer), NULL, &overlap);
/* Loop until EOF or error. */
for (;;) {
DWORD n, nwritten;
int i;
i = WaitForMultipleObjects(3, events, FALSE, INFINITE);
if (i == WAIT_OBJECT_0) {
/* Read from socket, write to process. */
char buffer[BUFSIZ];
int pending;
ResetEvent(events[0]);
do {
n = ncat_recv(&info->fdn, buffer, sizeof(buffer), &pending);
if (n <= 0)
goto loop_end;
if (WriteFile(info->child_in_w, buffer, n, &nwritten, NULL) == 0)
break;
if (nwritten != n)
goto loop_end;
} while (pending);
} else if (i == WAIT_OBJECT_0 + 1) {
char *crlf = NULL, *wbuf;
/* Read from process, write to socket. */
if (GetOverlappedResult(info->child_out_r, &overlap, &n, FALSE)) {
int n_r;
wbuf = pipe_buffer;
n_r = n;
if (o.crlf) {
if (fix_line_endings((char *) pipe_buffer, &n_r, &crlf, &crlf_state))
wbuf = crlf;
}
/* The above call to WSAEventSelect puts the socket in
non-blocking mode, but we want this send to block, not
potentially return WSAEWOULDBLOCK. We call block_socket, but
first we must clear out the select event. */
WSAEventSelect(info->fdn.fd, events[0], 0);
block_socket(info->fdn.fd);
nwritten = ncat_send(&info->fdn, wbuf, n_r);
if (crlf != NULL)
free(crlf);
if (nwritten != n_r)
break;
/* Restore the select event (and non-block the socket again.) */
WSAEventSelect(info->fdn.fd, events[0], FD_READ | FD_CLOSE);
/* Queue another ansychronous read. */
ReadFile(info->child_out_r, pipe_buffer, sizeof(pipe_buffer), NULL, &overlap);
} else {
if (GetLastError() != ERROR_IO_PENDING)
/* Error or end of file. */
break;
}
} else if (i == WAIT_OBJECT_0 + 2) {
/* The child died. There are no more writes left in the pipe
because WaitForMultipleObjects guarantees events with lower
indexes are handled first. */
break;
} else {
break;
}
}
loop_end:
WSACloseEvent(events[0]);
rc = unregister_subprocess(info->proc);
ncat_assert(rc != -1);
GetExitCodeProcess(info->proc, &ret);
if (ret == STILL_ACTIVE) {
if (o.debug > 1)
logdebug("Subprocess still running, terminating it.\n");
rc = TerminateProcess(info->proc, 0);
if (rc == 0) {
if (o.debug > 1)
logdebug("TerminateProcess failed with code %d.\n", rc);
}
}
GetExitCodeProcess(info->proc, &ret);
if (o.debug > 1)
logdebug("Subprocess ended with exit code %d.\n", ret);
shutdown(info->fdn.fd, 2);
subprocess_info_close(info);
free(info);
rc = WaitForSingleObject(pseudo_sigchld_mutex, INFINITE);
ncat_assert(rc == WAIT_OBJECT_0);
if (pseudo_sigchld_handler != NULL)
pseudo_sigchld_handler();
rc = ReleaseMutex(pseudo_sigchld_mutex);
ncat_assert(rc != 0);
return ret;
}
/* Run the given command line as if with exec. What we actually do is fork the
command line as a subprocess, then loop, relaying data between the socket and
the subprocess. This allows Ncat to handle SSL from the socket and give plain
text to the subprocess, and also allows things like logging and line delays.
Never returns. */
void netexec(struct fdinfo *info, char *cmdexec)
{
int child_stdin[2];
int child_stdout[2];
int pid;
int crlf_state;
char buf[DEFAULT_TCP_BUF_LEN];
int maxfd;
if (o.debug) {
if (o.shellexec)
logdebug("Executing with shell: %s\n", cmdexec);
else
logdebug("Executing: %s\n", cmdexec);
}
if (pipe(child_stdin) == -1 || pipe(child_stdout) == -1)
bye("Can't create child pipes: %s", strerror(errno));
pid = fork();
if (pid == -1)
bye("Error in fork: %s", strerror(errno));
if (pid == 0) {
/* This is the child process. Exec the command. */
close(child_stdin[1]);
close(child_stdout[0]);
/* rearrange stdin and stdout */
Dup2(child_stdin[0], STDIN_FILENO);
Dup2(child_stdout[1], STDOUT_FILENO);
if (o.shellexec) {
execl("/bin/sh", "sh", "-c", cmdexec, (void *) NULL);
} else {
char **cmdargs;
cmdargs = cmdline_split(cmdexec);
execv(cmdargs[0], cmdargs);
}
/* exec failed.*/
die("exec");
}
close(child_stdin[0]);
close(child_stdout[1]);
maxfd = child_stdout[0];
if (info->fd > maxfd)
maxfd = info->fd;
/* This is the parent process. Enter a "caretaker" loop that reads from the
socket and writes to the suprocess, and reads from the subprocess and
writes to the socket. We exit the loop on any read error (or EOF). On a
write error we just close the opposite side of the conversation. */
crlf_state = 0;
for (;;) {
fd_set fds;
int r, n_r, n_w;
FD_ZERO(&fds);
FD_SET(info->fd, &fds);
FD_SET(child_stdout[0], &fds);
r = fselect(maxfd + 1, &fds, NULL, NULL, NULL);
if (r == -1) {
if (errno == EINTR)
continue;
else
break;
}
if (FD_ISSET(info->fd, &fds)) {
int pending;
do {
n_r = ncat_recv(info, buf, sizeof(buf), &pending);
if (n_r <= 0)
goto loop_end;
n_w = write_loop(child_stdin[1], buf, n_r);
} while (pending);
}
if (FD_ISSET(child_stdout[0], &fds)) {
char *crlf = NULL, *wbuf;
n_r = read(child_stdout[0], buf, sizeof(buf));
if (n_r <= 0)
break;
wbuf = buf;
if (o.crlf) {
if (fix_line_endings((char *) buf, &n_r, &crlf, &crlf_state))
wbuf = crlf;
}
n_w = ncat_send(info, wbuf, n_r);
if (crlf != NULL)
free(crlf);
}
}
loop_end:
#ifdef HAVE_OPENSSL
if (info->ssl != NULL) {
SSL_shutdown(info->ssl);
SSL_free(info->ssl);
}
#endif
close(info->fd);
exit(0);
}