/** Start a process
*
* @param cmd Command to execute. This is parsed into argv[] parts,
* then each individual argv part is xlat'ed.
* @param request Current reuqest
* @param exec_wait set to 1 if you want to read from or write to child
* @param[in,out] input_fd pointer to int, receives the stdin file.
* descriptor. Set to NULL and the child will have /dev/null on stdin
* @param[in,out] output_fd pinter to int, receives the stdout file
* descriptor. Set to NULL and child will have /dev/null on stdout.
* @param input_pairs list of value pairs - these will be put into
* the environment variables of the child.
* @param shell_escape values before passing them as arguments.
* @return PID of the child process, -1 on error.
*/
pid_t radius_start_program(char const *cmd, REQUEST *request,
int exec_wait,
int *input_fd,
int *output_fd,
VALUE_PAIR *input_pairs,
int shell_escape)
{
#ifndef __MINGW32__
char *p;
VALUE_PAIR *vp;
int n;
int to_child[2] = {-1, -1};
int from_child[2] = {-1, -1};
pid_t pid;
#endif
int argc;
int i;
char *argv[MAX_ARGV];
char argv_buf[4096];
#define MAX_ENVP 1024
char *envp[MAX_ENVP];
argc = rad_expand_xlat(request, cmd, MAX_ARGV, argv, true, sizeof(argv_buf), argv_buf);
if (argc <= 0) {
RDEBUG("invalid command line '%s'.", cmd);
return -1;
}
#ifndef NDEBUG
if (debug_flag > 2) {
RDEBUG3("executing cmd %s", cmd);
for (i = 0; i < argc; i++) {
RDEBUG3("\t[%d] %s", i, argv[i]);
}
}
#endif
#ifndef __MINGW32__
/*
* Open a pipe for child/parent communication, if necessary.
*/
if (exec_wait) {
if (input_fd) {
if (pipe(to_child) != 0) {
RDEBUG("Couldn't open pipe to child: %s", strerror(errno));
return -1;
}
}
if (output_fd) {
if (pipe(from_child) != 0) {
RDEBUG("Couldn't open pipe from child: %s", strerror(errno));
/* safe because these either need closing or are == -1 */
close(to_child[0]);
close(to_child[1]);
return -1;
}
}
}
envp[0] = NULL;
if (input_pairs) {
vp_cursor_t cursor;
int envlen;
char buffer[1024];
/*
* Set up the environment variables in the
* parent, so we don't call libc functions that
* hold mutexes. They might be locked when we fork,
* and will remain locked in the child.
*/
envlen = 0;
for (vp = paircursor(&cursor, &input_pairs); vp; vp = pairnext(&cursor)) {
/*
* Hmm... maybe we shouldn't pass the
* user's password in an environment
* variable...
*/
snprintf(buffer, sizeof(buffer), "%s=", vp->da->name);
if (shell_escape) {
for (p = buffer; *p != '='; p++) {
if (*p == '-') {
*p = '_';
} else if (isalpha((int) *p)) {
*p = toupper(*p);
}
}
}
n = strlen(buffer);
vp_prints_value(buffer+n, sizeof(buffer) - n, vp, shell_escape ? '"' : 0);
envp[envlen++] = strdup(buffer);
/*
* Don't add too many attributes.
*/
if (envlen == (MAX_ENVP - 1)) break;
}
envp[envlen] = NULL;
}
if (exec_wait) {
pid = rad_fork(); /* remember PID */
} else {
pid = fork(); /* don't wait */
}
if (pid == 0) {
int devnull;
/*
* Child process.
*
* We try to be fail-safe here. So if ANYTHING
* goes wrong, we exit with status 1.
*/
/*
* Open STDIN to /dev/null
*/
devnull = open("/dev/null", O_RDWR);
if (devnull < 0) {
RDEBUG("Failed opening /dev/null: %s\n", strerror(errno));
/*
* Where the status code is interpreted as a module rcode
* one is subtracted from it, to allow 0 to equal success
*
* 2 is RLM_MODULE_FAIL + 1
*/
exit(2);
}
/*
* Only massage the pipe handles if the parent
* has created them.
*/
if (exec_wait) {
if (input_fd) {
close(to_child[1]);
dup2(to_child[0], STDIN_FILENO);
} else {
dup2(devnull, STDIN_FILENO);
}
if (output_fd) {
close(from_child[0]);
dup2(from_child[1], STDOUT_FILENO);
} else {
dup2(devnull, STDOUT_FILENO);
}
} else { /* no pipe, STDOUT should be /dev/null */
dup2(devnull, STDIN_FILENO);
dup2(devnull, STDOUT_FILENO);
}
/*
* If we're not debugging, then we can't do
* anything with the error messages, so we throw
* them away.
*
* If we are debugging, then we want the error
* messages to go to the STDERR of the server.
*/
if (debug_flag == 0) {
dup2(devnull, STDERR_FILENO);
}
close(devnull);
/*
* The server may have MANY FD's open. We don't
* want to leave dangling FD's for the child process
* to play funky games with, so we close them.
*/
closefrom(3);
/*
* I swear the signature for execve is wrong and should take 'char const * const argv[]'.
*/
execve(argv[0], argv, envp);
printf("Failed to execute \"%s\": %s", argv[0], strerror(errno)); /* fork output will be captured */
/*
* Where the status code is interpreted as a module rcode
* one is subtracted from it, to allow 0 to equal success
*
* 2 is RLM_MODULE_FAIL + 1
*/
exit(2);
}
/*
* Free child environment variables
*/
for (i = 0; envp[i] != NULL; i++) {
free(envp[i]);
}
/*
* Parent process.
*/
if (pid < 0) {
RDEBUG("Couldn't fork %s: %s", argv[0], strerror(errno));
if (exec_wait) {
/* safe because these either need closing or are == -1 */
close(to_child[0]);
close(to_child[1]);
close(from_child[0]);
close(from_child[0]);
}
return -1;
}
/*
* We're not waiting, exit, and ignore any child's status.
*/
if (exec_wait) {
/*
* Close the ends of the pipe(s) the child is using
* return the ends of the pipe(s) our caller wants
*
*/
if (input_fd) {
*input_fd = to_child[1];
close(to_child[0]);
}
if (output_fd) {
*output_fd = from_child[0];
close(from_child[1]);
}
}
return pid;
#else
if (exec_wait) {
RDEBUG("Wait is not supported");
return -1;
}
{
/*
* The _spawn and _exec families of functions are
* found in Windows compiler libraries for
* portability from UNIX. There is a variety of
* functions, including the ability to pass
* either a list or array of parameters, to
* search in the PATH or otherwise, and whether
* or not to pass an environment (a set of
* environment variables). Using _spawn, you can
* also specify whether you want the new process
* to close your program (_P_OVERLAY), to wait
* until the new process is finished (_P_WAIT) or
* for the two to run concurrently (_P_NOWAIT).
* _spawn and _exec are useful for instances in
* which you have simple requirements for running
* the program, don't want the overhead of the
* Windows header file, or are interested
* primarily in portability.
*/
/*
* FIXME: check return code... what is it?
*/
_spawnve(_P_NOWAIT, argv[0], argv, envp);
}
return 0;
#endif
}
/** Start a process
*
* @param cmd Command to execute. This is parsed into argv[] parts, then each individual argv
* part is xlat'ed.
* @param request Current reuqest
* @param exec_wait set to true to read from or write to child.
* @param[in,out] input_fd pointer to int, receives the stdin file descriptor. Set to NULL
* and the child will have /dev/null on stdin.
* @param[in,out] output_fd pinter to int, receives the stdout file descriptor. Set to NULL
* and child will have /dev/null on stdout.
* @param input_pairs list of value pairs - these will be put into the environment variables
* of the child.
* @param shell_escape values before passing them as arguments.
* @return
* - PID of the child process.
* - -1 on failure.
*/
pid_t radius_start_program(char const *cmd, REQUEST *request, bool exec_wait,
int *input_fd, int *output_fd,
VALUE_PAIR *input_pairs, bool shell_escape)
{
#ifndef __MINGW32__
char *p;
VALUE_PAIR *vp;
int n;
int to_child[2] = {-1, -1};
int from_child[2] = {-1, -1};
pid_t pid;
#endif
int argc;
int i;
char const **argv_p;
char *argv[MAX_ARGV], **argv_start = argv;
char argv_buf[4096];
#define MAX_ENVP 1024
char *envp[MAX_ENVP];
size_t envlen = 0;
TALLOC_CTX *input_ctx = NULL;
/*
* Stupid array decomposition...
*
* If we do memcpy(&argv_p, &argv, sizeof(argv_p)) src ends up being a char **
* pointing to the value of the first element.
*/
memcpy(&argv_p, &argv_start, sizeof(argv_p));
argc = rad_expand_xlat(request, cmd, MAX_ARGV, argv_p, true, sizeof(argv_buf), argv_buf);
if (argc <= 0) {
ERROR("Invalid command '%s'", cmd);
return -1;
}
if (DEBUG_ENABLED3) {
for (i = 0; i < argc; i++) DEBUG3("arg[%d] %s", i, argv[i]);
}
#ifndef __MINGW32__
/*
* Open a pipe for child/parent communication, if necessary.
*/
if (exec_wait) {
if (input_fd) {
if (pipe(to_child) != 0) {
ERROR("Couldn't open pipe to child: %s", fr_syserror(errno));
return -1;
}
}
if (output_fd) {
if (pipe(from_child) != 0) {
ERROR("Couldn't open pipe from child: %s", fr_syserror(errno));
/* safe because these either need closing or are == -1 */
close(to_child[0]);
close(to_child[1]);
return -1;
}
}
}
envp[0] = NULL;
if (input_pairs) {
vp_cursor_t cursor;
char buffer[1024];
input_ctx = talloc_new(request);
/*
* Set up the environment variables in the
* parent, so we don't call libc functions that
* hold mutexes. They might be locked when we fork,
* and will remain locked in the child.
*/
for (vp = fr_cursor_init(&cursor, &input_pairs);
vp && (envlen < ((sizeof(envp) / sizeof(*envp)) - 1));
vp = fr_cursor_next(&cursor)) {
/*
* Hmm... maybe we shouldn't pass the
* user's password in an environment
* variable...
*/
snprintf(buffer, sizeof(buffer), "%s=", vp->da->name);
if (shell_escape) {
for (p = buffer; *p != '='; p++) {
if (*p == '-') {
*p = '_';
} else if (isalpha((int) *p)) {
*p = toupper(*p);
}
}
}
n = strlen(buffer);
fr_pair_value_snprint(buffer + n, sizeof(buffer) - n, vp, shell_escape ? '"' : 0);
DEBUG3("export %s", buffer);
envp[envlen++] = talloc_strdup(input_ctx, buffer);
}
fr_cursor_init(&cursor, radius_list(request, PAIR_LIST_CONTROL));
while ((envlen < ((sizeof(envp) / sizeof(*envp)) - 1)) &&
(vp = fr_cursor_next_by_num(&cursor, 0, PW_EXEC_EXPORT, TAG_ANY))) {
DEBUG3("export %s", vp->vp_strvalue);
memcpy(&envp[envlen++], &vp->vp_strvalue, sizeof(*envp));
}
/*
* NULL terminate for execve
*/
envp[envlen] = NULL;
}
if (exec_wait) {
pid = rad_fork(); /* remember PID */
} else {
pid = fork(); /* don't wait */
}
if (pid == 0) {
int devnull;
/*
* Child process.
*
* We try to be fail-safe here. So if ANYTHING
* goes wrong, we exit with status 1.
*/
/*
* Open STDIN to /dev/null
*/
devnull = open("/dev/null", O_RDWR);
if (devnull < 0) {
ERROR("Failed opening /dev/null: %s\n", fr_syserror(errno));
/*
* Where the status code is interpreted as a module rcode
* one is subtracted from it, to allow 0 to equal success
*
* 2 is RLM_MODULE_FAIL + 1
*/
exit(2);
}
/*
* Only massage the pipe handles if the parent
* has created them.
*/
if (exec_wait) {
if (input_fd) {
close(to_child[1]);
dup2(to_child[0], STDIN_FILENO);
} else {
dup2(devnull, STDIN_FILENO);
}
if (output_fd) {
close(from_child[0]);
dup2(from_child[1], STDOUT_FILENO);
} else {
dup2(devnull, STDOUT_FILENO);
}
} else { /* no pipe, STDOUT should be /dev/null */
dup2(devnull, STDIN_FILENO);
dup2(devnull, STDOUT_FILENO);
}
/*
* If we're not debugging, then we can't do
* anything with the error messages, so we throw
* them away.
*
* If we are debugging, then we want the error
* messages to go to the STDERR of the server.
*/
if (rad_debug_lvl == 0) {
dup2(devnull, STDERR_FILENO);
}
close(devnull);
/*
* The server may have MANY FD's open. We don't
* want to leave dangling FD's for the child process
* to play funky games with, so we close them.
*/
closefrom(3);
/*
* I swear the signature for execve is wrong and should
* take 'char const * const argv[]'.
*
* Note: execve(), unlike system(), treats all the space
* delimited arguments as literals, so there's no need
* to perform additional escaping.
*/
execve(argv[0], argv, envp);
printf("Failed to execute \"%s\": %s", argv[0], fr_syserror(errno)); /* fork output will be captured */
/*
* Where the status code is interpreted as a module rcode
* one is subtracted from it, to allow 0 to equal success
*
* 2 is RLM_MODULE_FAIL + 1
*/
exit(2);
}
/*
* Free child environment variables
*/
talloc_free(input_ctx);
/*
* Parent process.
*/
if (pid < 0) {
ERROR("Couldn't fork %s: %s", argv[0], fr_syserror(errno));
if (exec_wait) {
/* safe because these either need closing or are == -1 */
close(to_child[0]);
close(to_child[1]);
close(from_child[0]);
close(from_child[1]);
}
return -1;
}
/*
* We're not waiting, exit, and ignore any child's status.
*/
if (exec_wait) {
/*
* Close the ends of the pipe(s) the child is using
* return the ends of the pipe(s) our caller wants
*
*/
if (input_fd) {
*input_fd = to_child[1];
close(to_child[0]);
}
if (output_fd) {
*output_fd = from_child[0];
close(from_child[1]);
}
}
return pid;
#else
if (exec_wait) {
ERROR("Wait is not supported");
return -1;
}
{
/*
* The _spawn and _exec families of functions are
* found in Windows compiler libraries for
* portability from UNIX. There is a variety of
* functions, including the ability to pass
* either a list or array of parameters, to
* search in the PATH or otherwise, and whether
* or not to pass an environment (a set of
* environment variables). Using _spawn, you can
* also specify whether you want the new process
* to close your program (_P_OVERLAY), to wait
* until the new process is finished (_P_WAIT) or
* for the two to run concurrently (_P_NOWAIT).
* _spawn and _exec are useful for instances in
* which you have simple requirements for running
* the program, don't want the overhead of the
* Windows header file, or are interested
* primarily in portability.
*/
/*
* FIXME: check return code... what is it?
*/
_spawnve(_P_NOWAIT, argv[0], argv, envp);
}
return 0;
#endif
}
/** Start a process
*
* @param cmd Command to execute. This is parsed into argv[] parts,
* then each individual argv part is xlat'ed.
* @param request Current reuqest
* @param exec_wait set to 1 if you want to read from or write to child
* @param[in,out] input_fd pointer to int, receives the stdin file.
* descriptor. Set to NULL and the child will have /dev/null on stdin
* @param[in,out] output_fd pinter to int, receives the stdout file
* descriptor. Set to NULL and child will have /dev/null on stdout.
* @param input_pairs list of value pairs - these will be put into
* the environment variables of the child.
* @param shell_escape
* @return PID of the child process, -1 on error.
*/
pid_t radius_start_program(const char *cmd, REQUEST *request,
int exec_wait,
int *input_fd,
int *output_fd,
VALUE_PAIR *input_pairs,
int shell_escape)
{
const char *from;
char *to;
#ifndef __MINGW32__
char *p;
VALUE_PAIR *vp;
int n;
int to_child[2] = {-1, -1};
int from_child[2] = {-1, -1};
pid_t pid;
#endif
int argc = -1;
int i;
int left;
char *argv[MAX_ARGV];
char argv_buf[4096];
#define MAX_ENVP 1024
char *envp[MAX_ENVP];
char mycmd[1024];
if (strlen(cmd) > (sizeof(mycmd) - 1)) {
radlog(L_ERR|L_CONS, "Command line is too long");
return -1;
}
/*
* Check for bad escapes.
*/
if (cmd[strlen(cmd) - 1] == '\\') {
radlog(L_ERR|L_CONS, "Command line has final backslash, without a following character");
return -1;
}
strlcpy(mycmd, cmd, sizeof(mycmd));
/*
* Split the string into argv's BEFORE doing radius_xlat...
*/
from = cmd;
to = mycmd;
argc = 0;
while (*from) {
int length;
/*
* Skip spaces.
*/
if ((*from == ' ') || (*from == '\t')) {
from++;
continue;
}
argv[argc] = to;
argc++;
if (argc >= (MAX_ARGV - 1)) break;
/*
* Copy the argv over to our buffer.
*/
while (*from && (*from != ' ') && (*from != '\t')) {
if (to >= mycmd + sizeof(mycmd) - 1) {
return -1; /* ran out of space */
}
switch (*from) {
case '"':
case '\'':
length = rad_copy_string(to, from);
if (length < 0) {
radlog(L_ERR|L_CONS, "Invalid string passed as argument for external program");
return -1;
}
from += length;
to += length;
break;
case '%':
if (from[1] == '{') {
*(to++) = *(from++);
length = rad_copy_variable(to, from);
if (length < 0) {
radlog(L_ERR|L_CONS, "Invalid variable expansion passed as argument for external program");
return -1;
}
from += length;
to += length;
} else { /* FIXME: catch %%{ ? */
*(to++) = *(from++);
}
break;
case '\\':
if (from[1] == ' ') from++;
/* FALL-THROUGH */
default:
*(to++) = *(from++);
}
} /* end of string, or found a space */
*(to++) = '\0'; /* terminate the string */
}
/*
* We have to have SOMETHING, at least.
*/
if (argc <= 0) {
radlog(L_ERR, "Exec-Program: empty command line.");
return -1;
}
/*
* Expand each string, as appropriate.
*/
to = argv_buf;
left = sizeof(argv_buf);
for (i = 0; i < argc; i++) {
int sublen;
/*
* Don't touch argv's which won't be translated.
*/
if (strchr(argv[i], '%') == NULL) continue;
if (!request) continue;
sublen = radius_xlat(to, left - 1, argv[i], request, NULL);
if (sublen <= 0) {
/*
* Fail to be backwards compatible.
*
* It's yucky, but it won't break anything,
* and it won't cause security problems.
*/
sublen = 0;
}
argv[i] = to;
to += sublen;
*(to++) = '\0';
left -= sublen;
left--;
if (left <= 0) {
radlog(L_ERR, "Exec-Program: Ran out of space while expanding arguments.");
return -1;
}
}
argv[argc] = NULL;
#ifndef __MINGW32__
/*
* Open a pipe for child/parent communication, if necessary.
*/
if (exec_wait) {
if (input_fd) {
if (pipe(to_child) != 0) {
radlog(L_ERR|L_CONS, "Couldn't open pipe to child: %s",
strerror(errno));
return -1;
}
}
if (output_fd) {
if (pipe(from_child) != 0) {
radlog(L_ERR|L_CONS, "Couldn't open pipe from child: %s",
strerror(errno));
/* safe because these either need closing or are == -1 */
close(to_child[0]);
close(to_child[1]);
return -1;
}
}
}
envp[0] = NULL;
if (input_pairs) {
int envlen;
char buffer[1024];
/*
* Set up the environment variables in the
* parent, so we don't call libc functions that
* hold mutexes. They might be locked when we fork,
* and will remain locked in the child.
*/
envlen = 0;
for (vp = input_pairs; vp != NULL; vp = vp->next) {
/*
* Hmm... maybe we shouldn't pass the
* user's password in an environment
* variable...
*/
snprintf(buffer, sizeof(buffer), "%s=", vp->name);
if (shell_escape) {
for (p = buffer; *p != '='; p++) {
if (*p == '-') {
*p = '_';
} else if (isalpha((int) *p)) {
*p = toupper(*p);
}
}
}
n = strlen(buffer);
vp_prints_value(buffer+n, sizeof(buffer) - n, vp, shell_escape);
envp[envlen++] = strdup(buffer);
/*
* Don't add too many attributes.
*/
if (envlen == (MAX_ENVP - 1)) break;
}
envp[envlen] = NULL;
}
if (exec_wait) {
pid = rad_fork(); /* remember PID */
} else {
pid = fork(); /* don't wait */
}
if (pid == 0) {
int devnull;
/*
* Child process.
*
* We try to be fail-safe here. So if ANYTHING
* goes wrong, we exit with status 1.
*/
/*
* Open STDIN to /dev/null
*/
devnull = open("/dev/null", O_RDWR);
if (devnull < 0) {
radlog(L_ERR|L_CONS, "Failed opening /dev/null: %s\n",
strerror(errno));
exit(1);
}
/*
* Only massage the pipe handles if the parent
* has created them.
*/
if (exec_wait) {
if (input_fd) {
close(to_child[1]);
dup2(to_child[0], STDIN_FILENO);
} else {
dup2(devnull, STDIN_FILENO);
}
if (output_fd) {
close(from_child[0]);
dup2(from_child[1], STDOUT_FILENO);
} else {
dup2(devnull, STDOUT_FILENO);
}
} else { /* no pipe, STDOUT should be /dev/null */
dup2(devnull, STDIN_FILENO);
dup2(devnull, STDOUT_FILENO);
}
/*
* If we're not debugging, then we can't do
* anything with the error messages, so we throw
* them away.
*
* If we are debugging, then we want the error
* messages to go to the STDERR of the server.
*/
if (debug_flag == 0) {
dup2(devnull, STDERR_FILENO);
}
close(devnull);
/*
* The server may have MANY FD's open. We don't
* want to leave dangling FD's for the child process
* to play funky games with, so we close them.
*/
closefrom(3);
execve(argv[0], argv, envp);
radlog(L_ERR, "Exec-Program: FAILED to execute %s: %s",
argv[0], strerror(errno));
exit(1);
}
/*
* Free child environment variables
*/
for (i = 0; envp[i] != NULL; i++) {
free(envp[i]);
}
/*
* Parent process.
*/
if (pid < 0) {
radlog(L_ERR|L_CONS, "Couldn't fork %s: %s",
argv[0], strerror(errno));
if (exec_wait) {
/* safe because these either need closing or are == -1 */
close(to_child[0]);
close(to_child[1]);
close(from_child[0]);
close(from_child[0]);
}
return -1;
}
/*
* We're not waiting, exit, and ignore any child's status.
*/
if (exec_wait) {
/*
* Close the ends of the pipe(s) the child is using
* return the ends of the pipe(s) our caller wants
*
*/
if (input_fd) {
*input_fd = to_child[1];
close(to_child[0]);
}
if (output_fd) {
*output_fd = from_child[0];
close(from_child[1]);
}
}
return pid;
#else
if (exec_wait) {
radlog(L_ERR, "Exec-Program-Wait is not supported");
return -1;
}
{
/*
* The _spawn and _exec families of functions are
* found in Windows compiler libraries for
* portability from UNIX. There is a variety of
* functions, including the ability to pass
* either a list or array of parameters, to
* search in the PATH or otherwise, and whether
* or not to pass an environment (a set of
* environment variables). Using _spawn, you can
* also specify whether you want the new process
* to close your program (_P_OVERLAY), to wait
* until the new process is finished (_P_WAIT) or
* for the two to run concurrently (_P_NOWAIT).
* _spawn and _exec are useful for instances in
* which you have simple requirements for running
* the program, don't want the overhead of the
* Windows header file, or are interested
* primarily in portability.
*/
/*
* FIXME: check return code... what is it?
*/
_spawnve(_P_NOWAIT, argv[0], argv, envp);
}
return 0;
#endif
}
/*
* Check one terminal server to see if a user is logged in.
*
* Return values:
* 0 The user is off-line.
* 1 The user is logged in.
* 2 Some error occured.
*/
int rad_check_ts(uint32_t nasaddr, unsigned int portnum, char const *user,
char const *session_id)
{
pid_t pid, child_pid;
int status;
char address[16];
char port[11];
RADCLIENT *cl;
fr_ipaddr_t ipaddr;
ipaddr.af = AF_INET;
ipaddr.ipaddr.ip4addr.s_addr = nasaddr;
/*
* Find NAS type.
*/
cl = client_find_old(&ipaddr);
if (!cl) {
/*
* Unknown NAS, so trusting radutmp.
*/
DEBUG2("checkrad: Unknown NAS %s, not checking",
ip_ntoa(address, nasaddr));
return 1;
}
/*
* No nas_type, or nas type 'other', trust radutmp.
*/
if (!cl->nas_type || (cl->nas_type[0] == '\0') ||
(strcmp(cl->nas_type, "other") == 0)) {
DEBUG2("checkrad: No NAS type, or type \"other\" not checking");
return 1;
}
/*
* Fork.
*/
if ((pid = rad_fork()) < 0) { /* do wait for the fork'd result */
ERROR("Accounting: Failed in fork(): Cannot run checkrad\n");
return 2;
}
if (pid > 0) {
child_pid = rad_waitpid(pid, &status);
/*
* It's taking too long. Stop waiting for it.
*
* Don't bother to kill it, as we don't care what
* happens to it now.
*/
if (child_pid == 0) {
ERROR("Check-TS: timeout waiting for checkrad");
return 2;
}
if (child_pid < 0) {
ERROR("Check-TS: unknown error in waitpid()");
return 2;
}
return WEXITSTATUS(status);
}
/*
* We don't close fd's 0, 1, and 2. If we're in debugging mode,
* then they should go to stdout (etc), along with the other
* server log messages.
*
* If we're not in debugging mode, then the code in radiusd.c
* takes care of connecting fd's 0, 1, and 2 to /dev/null.
*/
closefrom(3);
ip_ntoa(address, nasaddr);
snprintf(port, 11, "%u", portnum);
#ifdef __EMX__
/* OS/2 can't directly execute scripts then we call the command
processor to execute checkrad
*/
execl(getenv("COMSPEC"), "", "/C","checkrad", cl->nas_type, address, port,
user, session_id, NULL);
#else
execl(mainconfig.checkrad, "checkrad", cl->nas_type, address, port,
user, session_id, NULL);
#endif
ERROR("Check-TS: exec %s: %s", mainconfig.checkrad, strerror(errno));
/*
* Exit - 2 means "some error occured".
*/
exit(2);
return 2;
}
/*
* Execute a program on successful authentication.
* Return 0 if exec_wait == 0.
* Return the exit code of the called program if exec_wait != 0.
* Return -1 on fork/other errors in the parent process.
*/
int radius_exec_program(const char *cmd, REQUEST *request,
int exec_wait,
char *user_msg, int msg_len,
VALUE_PAIR *input_pairs,
VALUE_PAIR **output_pairs,
int shell_escape)
{
VALUE_PAIR *vp;
char mycmd[1024];
const char *from;
char *p, *to;
int pd[2];
pid_t pid, child_pid;
int argc = -1;
int comma = 0;
int status;
int i;
int n, left, done;
char *argv[MAX_ARGV];
char answer[4096];
char argv_buf[4096];
#define MAX_ENVP 1024
char *envp[MAX_ENVP];
struct timeval start;
#ifdef O_NONBLOCK
int nonblock = TRUE;
#endif
if (user_msg) *user_msg = '\0';
if (output_pairs) *output_pairs = NULL;
if (strlen(cmd) > (sizeof(mycmd) - 1)) {
radlog(L_ERR|L_CONS, "Command line is too long");
return -1;
}
/*
* Check for bad escapes.
*/
if (cmd[strlen(cmd) - 1] == '\\') {
radlog(L_ERR|L_CONS, "Command line has final backslash, without a following character");
return -1;
}
strlcpy(mycmd, cmd, sizeof(mycmd));
/*
* Split the string into argv's BEFORE doing radius_xlat...
*/
from = cmd;
to = mycmd;
argc = 0;
while (*from) {
int length;
/*
* Skip spaces.
*/
if ((*from == ' ') || (*from == '\t')) {
from++;
continue;
}
argv[argc] = to;
argc++;
if (argc >= (MAX_ARGV - 1)) break;
/*
* Copy the argv over to our buffer.
*/
while (*from && (*from != ' ') && (*from != '\t')) {
if (to >= mycmd + sizeof(mycmd) - 1) {
return -1; /* ran out of space */
}
switch (*from) {
case '"':
case '\'':
length = rad_copy_string(to, from);
if (length < 0) {
radlog(L_ERR|L_CONS, "Invalid string passed as argument for external program");
return -1;
}
from += length;
to += length;
break;
case '%':
if (from[1] == '{') {
*(to++) = *(from++);
length = rad_copy_variable(to, from);
if (length < 0) {
radlog(L_ERR|L_CONS, "Invalid variable expansion passed as argument for external program");
return -1;
}
from += length;
to += length;
} else { /* FIXME: catch %%{ ? */
*(to++) = *(from++);
}
break;
case '\\':
if (from[1] == ' ') from++;
/* FALL-THROUGH */
default:
*(to++) = *(from++);
}
} /* end of string, or found a space */
*(to++) = '\0'; /* terminate the string */
}
/*
* We have to have SOMETHING, at least.
*/
if (argc <= 0) {
radlog(L_ERR, "Exec-Program: empty command line.");
return -1;
}
/*
* Expand each string, as appropriate.
*/
to = argv_buf;
left = sizeof(argv_buf);
for (i = 0; i < argc; i++) {
int sublen;
/*
* Don't touch argv's which won't be translated.
*/
if (strchr(argv[i], '%') == NULL) continue;
if (!request) continue;
sublen = radius_xlat(to, left - 1, argv[i], request, NULL);
if (sublen <= 0) {
/*
* Fail to be backwards compatible.
*
* It's yucky, but it won't break anything,
* and it won't cause security problems.
*/
sublen = 0;
}
argv[i] = to;
to += sublen;
*(to++) = '\0';
left -= sublen;
left--;
if (left <= 0) {
radlog(L_ERR, "Exec-Program: Ran out of space while expanding arguments.");
return -1;
}
}
argv[argc] = NULL;
#ifndef __MINGW32__
/*
* Open a pipe for child/parent communication, if necessary.
*/
if (exec_wait) {
if (pipe(pd) != 0) {
radlog(L_ERR|L_CONS, "Couldn't open pipe: %s",
strerror(errno));
return -1;
}
} else {
/*
* We're not waiting, so we don't look for a
* message, or VP's.
*/
user_msg = NULL;
output_pairs = NULL;
}
envp[0] = NULL;
if (input_pairs) {
int envlen;
char buffer[1024];
/*
* Set up the environment variables in the
* parent, so we don't call libc functions that
* hold mutexes. They might be locked when we fork,
* and will remain locked in the child.
*/
envlen = 0;
for (vp = input_pairs; vp != NULL; vp = vp->next) {
/*
* Hmm... maybe we shouldn't pass the
* user's password in an environment
* variable...
*/
snprintf(buffer, sizeof(buffer), "%s=", vp->name);
if (shell_escape) {
for (p = buffer; *p != '='; p++) {
if (*p == '-') {
*p = '_';
} else if (isalpha((int) *p)) {
*p = toupper(*p);
}
}
}
n = strlen(buffer);
vp_prints_value(buffer+n, sizeof(buffer) - n, vp, shell_escape);
envp[envlen++] = strdup(buffer);
/*
* Don't add too many attributes.
*/
if (envlen == (MAX_ENVP - 1)) break;
}
envp[envlen] = NULL;
}
if (exec_wait) {
pid = rad_fork(); /* remember PID */
} else {
pid = fork(); /* don't wait */
}
if (pid == 0) {
int devnull;
/*
* Child process.
*
* We try to be fail-safe here. So if ANYTHING
* goes wrong, we exit with status 1.
*/
/*
* Open STDIN to /dev/null
*/
devnull = open("/dev/null", O_RDWR);
if (devnull < 0) {
radlog(L_ERR|L_CONS, "Failed opening /dev/null: %s\n",
strerror(errno));
exit(1);
}
dup2(devnull, STDIN_FILENO);
/*
* Only massage the pipe handles if the parent
* has created them.
*/
if (exec_wait) {
/*
* pd[0] is the FD the child will read from,
* which we don't want.
*/
if (close(pd[0]) != 0) {
radlog(L_ERR|L_CONS, "Can't close pipe: %s",
strerror(errno));
exit(1);
}
/*
* pd[1] is the FD that the child will write to,
* so we make it STDOUT.
*/
if (dup2(pd[1], STDOUT_FILENO) != 1) {
radlog(L_ERR|L_CONS, "Can't dup stdout: %s",
strerror(errno));
exit(1);
}
} else { /* no pipe, STDOUT should be /dev/null */
dup2(devnull, STDOUT_FILENO);
}
/*
* If we're not debugging, then we can't do
* anything with the error messages, so we throw
* them away.
*
* If we are debugging, then we want the error
* messages to go to the STDERR of the server.
*/
if (debug_flag == 0) {
dup2(devnull, STDERR_FILENO);
}
close(devnull);
/*
* The server may have MANY FD's open. We don't
* want to leave dangling FD's for the child process
* to play funky games with, so we close them.
*/
closefrom(3);
execve(argv[0], argv, envp);
radlog(L_ERR, "Exec-Program: FAILED to execute %s: %s",
argv[0], strerror(errno));
exit(1);
}
/*
* Free child environment variables
*/
for (i = 0; envp[i] != NULL; i++) {
free(envp[i]);
}
/*
* Parent process.
*/
if (pid < 0) {
radlog(L_ERR|L_CONS, "Couldn't fork %s: %s",
argv[0], strerror(errno));
if (exec_wait) {
close(pd[0]);
close(pd[1]);
}
return -1;
}
/*
* We're not waiting, exit, and ignore any child's status.
*/
if (!exec_wait) {
return 0;
}
/*
* Close the FD to which the child writes it's data.
*
* If we can't close it, then we close pd[0], and return an
* error.
*/
if (close(pd[1]) != 0) {
radlog(L_ERR|L_CONS, "Can't close pipe: %s", strerror(errno));
close(pd[0]);
return -1;
}
#ifdef O_NONBLOCK
/*
* Try to set it non-blocking.
*/
do {
int flags;
if ((flags = fcntl(pd[0], F_GETFL, NULL)) < 0) {
nonblock = FALSE;
break;
}
flags |= O_NONBLOCK;
if( fcntl(pd[0], F_SETFL, flags) < 0) {
nonblock = FALSE;
break;
}
} while (0);
#endif
/*
* Read from the pipe until we doesn't get any more or
* until the message is full.
*/
done = 0;
left = sizeof(answer) - 1;
gettimeofday(&start, NULL);
while (1) {
int rcode;
fd_set fds;
struct timeval when, elapsed, wake;
FD_ZERO(&fds);
FD_SET(pd[0], &fds);
gettimeofday(&when, NULL);
tv_sub(&when, &start, &elapsed);
if (elapsed.tv_sec >= 10) goto too_long;
when.tv_sec = 10;
when.tv_usec = 0;
tv_sub(&when, &elapsed, &wake);
rcode = select(pd[0] + 1, &fds, NULL, NULL, &wake);
if (rcode == 0) {
too_long:
radlog(L_ERR, "Child PID %u (%s) is taking too much time: forcing failure and killing child.", pid, argv[0]);
kill(pid, SIGTERM);
close(pd[0]); /* should give SIGPIPE to child, too */
/*
* Clean up the child entry.
*/
rad_waitpid(pid, &status);
return 1;
}
if (rcode < 0) {
if (errno == EINTR) continue;
break;
}
#ifdef O_NONBLOCK
/*
* Read as many bytes as possible. The kernel
* will return the number of bytes available.
*/
if (nonblock) {
status = read(pd[0], answer + done, left);
} else
#endif
/*
* There's at least 1 byte ready: read it.
*/
status = read(pd[0], answer + done, 1);
/*
* Nothing more to read: stop.
*/
if (status == 0) {
break;
}
/*
* Error: See if we have to continue.
*/
if (status < 0) {
/*
* We were interrupted: continue reading.
*/
if (errno == EINTR) {
continue;
}
/*
* There was another error. Most likely
* The child process has finished, and
* exited.
*/
break;
}
done += status;
left -= status;
if (left <= 0) break;
}
answer[done] = 0;
/*
* Make sure that the writer can't block while writing to
* a pipe that no one is reading from anymore.
*/
close(pd[0]);
DEBUG2("Exec-Program output: %s", answer);
/*
* Parse the output, if any.
*/
if (done) {
n = T_OP_INVALID;
if (output_pairs) {
/*
* For backwards compatibility, first check
* for plain text (user_msg).
*/
vp = NULL;
n = userparse(answer, &vp);
if (vp) {
pairfree(&vp);
}
}
if (n == T_OP_INVALID) {
DEBUG("Exec-Program-Wait: plaintext: %s", answer);
if (user_msg) {
strlcpy(user_msg, answer, msg_len);
}
} else {
/*
* HACK: Replace '\n' with ',' so that
* userparse() can parse the buffer in
* one go (the proper way would be to
* fix userparse(), but oh well).
*/
for (p = answer; *p; p++) {
if (*p == '\n') {
*p = comma ? ' ' : ',';
p++;
comma = 0;
}
if (*p == ',') comma++;
}
/*
* Replace any trailing comma by a NUL.
*/
if (answer[strlen(answer) - 1] == ',') {
answer[strlen(answer) - 1] = '\0';
}
radlog(L_DBG,"Exec-Program-Wait: value-pairs: %s", answer);
if (userparse(answer, &vp) == T_OP_INVALID) {
radlog(L_ERR, "Exec-Program-Wait: %s: unparsable reply", cmd);
} else {
/*
* Tell the caller about the value
* pairs.
*/
*output_pairs = vp;
}
} /* else the answer was a set of VP's, not a text message */
} /* else we didn't read anything from the child */
/*
* Call rad_waitpid (should map to waitpid on non-threaded
* or single-server systems).
*/
child_pid = rad_waitpid(pid, &status);
if (child_pid == 0) {
radlog(L_DBG, "Exec-Program: Timeout waiting for child");
return 2;
}
if (child_pid == pid) {
if (WIFEXITED(status)) {
status = WEXITSTATUS(status);
radlog(L_DBG, "Exec-Program: returned: %d", status);
return status;
}
}
radlog(L_ERR|L_CONS, "Exec-Program: Abnormal child exit: %s",
strerror(errno));
return 1;
#else
msg_len = msg_len; /* -Wunused */
if (exec_wait) {
radlog(L_ERR, "Exec-Program-Wait is not supported");
return -1;
}
/*
* We're not waiting, so we don't look for a
* message, or VP's.
*/
user_msg = NULL;
output_pairs = NULL;
{
/*
* The _spawn and _exec families of functions are
* found in Windows compiler libraries for
* portability from UNIX. There is a variety of
* functions, including the ability to pass
* either a list or array of parameters, to
* search in the PATH or otherwise, and whether
* or not to pass an environment (a set of
* environment variables). Using _spawn, you can
* also specify whether you want the new process
* to close your program (_P_OVERLAY), to wait
* until the new process is finished (_P_WAIT) or
* for the two to run concurrently (_P_NOWAIT).
* _spawn and _exec are useful for instances in
* which you have simple requirements for running
* the program, don't want the overhead of the
* Windows header file, or are interested
* primarily in portability.
*/
/*
* FIXME: check return code... what is it?
*/
_spawnve(_P_NOWAIT, argv[0], argv, envp);
}
return 0;
#endif
}
