Пример #1
0
static dbus_bool_t
exec_for_correct_user (char *exec, char *user, char *alias, DBusError *error)
{
  char **argv;
  int argc;
  dbus_bool_t retval;

  argc = 0;
  retval = TRUE;
  argv = NULL;

  if (!switch_user (user, error))
    return FALSE;

  /* convert command into arguments */
  if (!_dbus_shell_parse_argv (exec, &argc, &argv, error))
    return FALSE;

#ifndef ACTIVATION_LAUNCHER_DO_OOM
  /* replace with new binary, with no environment */
  if (execv (argv[0], argv) < 0)
    {
      dbus_set_error (error, DBUS_ERROR_SPAWN_EXEC_FAILED,
                      "Failed to exec: %s", argv[0]);
      retval = FALSE;
    }
#endif

  dbus_free_string_array (argv);
  return retval;
}
Пример #2
0
void run_session(LXDM_AUTH *a,const char *run)
{
	setsid();
	a->child=fork();
	if(a->child==0)
	{
		lxdm_auth_put_env(a);
		lxdm_auth_clean_for_child(a);
		switch_user(&a->pw,run,NULL);
		//execle(run,run,NULL,environ);
		_exit(EXIT_FAILURE);
	}
}
Пример #3
0
int main(int argc, char** argv)
try
{
	if(!setup(argc, argv))
	{
		usage();
		exit(-2);
	}

	std::cerr << "parsed channels: ";
	std::copy(channel_list.begin(), channel_list.end(),
      std::ostream_iterator<int> (std::cerr, " "));
	std::cerr << std::endl;
	std::cerr << "nflogd starting..." << std::endl;

	PacketHandler ph(pcap_filename);
	NFmain nf(channel_list, [ph = std::ref(ph)](struct nflog_data *nfa){
       ph(nfa);
    });

	// setup signal
	SETSIG(SIGTERM, term_handler, SA_RESTART);
	SETSIG(SIGINT, term_handler, SA_RESTART);
	SETSIG(SIGHUP, hup_handler, SA_RESTART);

	std::cerr << "going into main loop" << std::endl;

	switch_user();
	set_dumpable();
	nf.loop(term_flag);

	std::cerr << "terminating..." << std::endl;
	return 0;
}
catch (const std::exception& e)
{
    std::cerr << e.what() << std::endl;
    return -1;
}
Пример #4
0
int main(int argc, char **argv)
{
    uid_t  uid = getuid();
    int    noclose = 0;
    int    lockFD;
    struct stat st;

    if (geteuid() != uid)
        die("This executable is too dangerous to be setuid.\n");

    parse_params(argc, argv);

    if (cmd[0][0] != '/')
        die("The 'path' parameter must be an absolute path name.\n");

    /* Verify that the path to the command points to an existing file. */

    if (access(cmd[0], X_OK) == -1)
        die("File \"%s\" is not executable.\n", cmd[0]);

    /*
      Note: A directory will also pass the X_OK test, so test further with
      stat().
    */
    if (stat(cmd[0], &st))
        die("File \"%s\" does not exist.\n", cmd[0]);

    if(! S_ISREG(st.st_mode))
        die("File \"%s\" is not regular file.\n", cmd[0]);

    if (lock_file)
    {
        lockFD = open(lock_file, O_CREAT | O_WRONLY, S_IRUSR | S_IWUSR);
        if (lockFD < 0)
            die("Can't create lock file \"%s\": %s\n",
                lock_file, strerror (errno));
        if (flock(lockFD, LOCK_EX | LOCK_NB) != 0)
            die("Can't lock the lock file \"%s\". "
                "Is another instance running?\n",
                lock_file);
    }

    if (pid_file != NULL)
    {
        int fd;

        verbose("Creating PID file \"%s\".\n", pid_file);
        fd = open(pid_file, O_CREAT | O_WRONLY,
                  S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
        if (fd < 0)
        {
            die ("Can't create PID file \"%s\": %s\n",
                 pid_file, strerror (errno));
        }

        close(fd);
    }

    if (user != NULL)
        switch_user(user, uid, pid_file);

    open_output_files();

    if (chdir (cwd) != 0)
    {
        die("Can't change working directory to \"%s\": %s\n",
            cwd, strerror (errno));
    }

    verbose("Daemonizing...");

    if (redirect_stdout_stderr())
        noclose = 1;

    if (daemon (1, noclose) != 0)
        die("Can't daemonize: %s\n", strerror (errno));

    if (chdir(cwd) != 0)
    {
        die("Can't change working directory to \"%s\": %s\n",
            cwd, strerror (errno));
    }

    if (pid_file != NULL)
    {
        FILE  *fPid = NULL;

        verbose("Writing process ID to \"%s\".\n", pid_file);
        if ( (fPid = fopen (pid_file, "w")) == NULL )
        {
            die("Can't open PID file \"%s\": %s\n",
                pid_file, strerror (errno));
        }

        fprintf(fPid, "%d\n", getpid());
        fclose(fPid);
    }

    /*
      Make sure we have a relatively sane environment
      Patch by Ken Farnen <*****@*****.**>, 18 February 2010.
    */
    if (getenv("IFS") == NULL)
        setenv("IFS"," \t\n",1);

    if (getenv("PATH") == NULL)
        setenv("PATH","/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin", 1);
    execvp(cmd[0], cmd);

    die("Can't exec \"%s\": %s\n", cmd[0], strerror (errno));
}
Пример #5
0
int main(int argc, char **argv)
{
	bool_t nodaemon = false;
#ifdef POSIX_PRIORITY_SCHEDULING
	bool_t realtime = false;
#endif
	bool_t testconfig = false;
	char *conffile = NULL, *pidfile = NULL;
	int c;
	struct utsname utsbuf;

	/* Arguments */
#ifdef POSIX_PRIORITY_SCHEDULING
	while ((c = getopt(argc, argv, "drp:c:a:A:b:B:ht")) != EOF) {
#else
		while ((c = getopt(argc, argv, "dp:c:a:A:b:B:ht")) != EOF) {
#endif
			switch(c) {
				case 'c':
					conffile = optarg;
					break;
				case 'p':
					pidfile = optarg;
					break;
				case 'a':
					bindaddr = optarg;
					break;
				case 'A':
					bindaddr6 = optarg;
					break;
				case 'b':
					bindport = atoi(optarg);
					break;
				case 'B':
					bindport6 = atoi(optarg);
					break;
				case 'd':
					nodaemon = true;
					break;
				case 'h':
					printhelp();
					break;
				case 't':
					testconfig = true;
					break;
#ifdef POSIX_PRIORITY_SCHEDULING
				case 'r':
					realtime = true;
					break;
#endif
				default:
					fprintf(stderr, "Unrecognized option\n");
					printhelp();
					break;
			}
		}

		if (testconfig) {
			if (!Conf_ok(conffile))
				exit(1);
			else
				exit(0);
		}

		/* Initialize the config subsystem early;
		 * switch_user() will need to read some config variables as well as logging.
		 */
		Conf_init(conffile);

		/* Logging to terminal if not daemonizing, otherwise to syslog or log file.
		*/
		if (!nodaemon) {
			daemonize();
			Log_init(false);
			if (pidfile != NULL)
				lockfile(pidfile);

			switch_user();

			/* Reopen log file. If user switch results in access denied, we catch
			 * it early.
			 */
			Log_reset();
		}
		else Log_init(true);

		signal(SIGCHLD, SIG_IGN); /* ignore child */
		signal(SIGTSTP, SIG_IGN); /* ignore tty signals */
		signal(SIGTTOU, SIG_IGN);
		signal(SIGTTIN, SIG_IGN);
		signal(SIGPIPE, SIG_IGN);
		signal(SIGHUP, signal_handler); /* catch hangup signal */
		signal(SIGTERM, signal_handler); /* catch kill signal */

		/* Build system string */
		if (uname(&utsbuf) == 0) {
			snprintf(system_string, 64, "%s %s", utsbuf.sysname, utsbuf.machine);
			snprintf(version_string, 64, "%s", utsbuf.release);
		}
		else {
			snprintf(system_string, 64, "unknown unknown");
			snprintf(version_string, 64, "unknown");
		}

		/* Initializing */
		SSLi_init();
		Chan_init();
		Client_init();
		Ban_init();
    
#ifdef USE_SHAREDMEMORY_API    
    Sharedmemory_init( bindport, bindport6 );
#endif
   
#ifdef POSIX_PRIORITY_SCHEDULING
		if (realtime)
			setscheduler();
#endif

		Server_run();

#ifdef USE_SHAREDMEMORY_API
    Sharedmemory_deinit();
#endif

		Ban_deinit();
		SSLi_deinit();
		Chan_free();
		Log_free();
		Conf_deinit();

		if (pidfile != NULL)
			unlink(pidfile);

		return 0;
	}
Пример #6
0
void
execute(struct russ_sess *sess, char *userhost, char *new_spath) {
    struct russ_sconn	*sconn = sess->sconn;
    struct russ_req		*req = sess->req;
    char	*args[1024];
    int	nargs;
    char	*uhp_user, *uhp_host, *uhp_port;
    int	i, status, pid;

    switch_user(sconn);

    /* parse out user, host, and port */
    uhp_user = strdup(userhost);
    if ((uhp_host = strstr(uhp_user, "@")) != NULL) {
        *uhp_host = '\0';
        uhp_host++;
    } else {
        uhp_host = uhp_user;
        uhp_user = NULL;
    }
    if ((uhp_port = strstr(uhp_host, ":")) != NULL) {
        *uhp_port = '\0';
        uhp_port++;
    }

    /* build args array */
    nargs = 0;
    args[nargs++] = SSH_EXEC;
    args[nargs++] = "-o";
    args[nargs++] = "StrictHostKeyChecking=no";
    args[nargs++] = "-o";
    args[nargs++] = "BatchMode=yes";
    args[nargs++] = "-o";
    args[nargs++] = "LogLevel=QUIET";
    if (uhp_user) {
        args[nargs++] = "-l";
        args[nargs++] = uhp_user;
    }
    if (uhp_port) {
        args[nargs++] = "-p";
        args[nargs++] = uhp_port;
    }
    args[nargs++] = uhp_host;
    args[nargs++] = RUDIAL_EXEC;
    if ((req->attrv != NULL) && (req->attrv[0] != NULL)) {
        for (i = 0; req->attrv[i] != NULL; i++) {
            args[nargs++] = "-a";
            if ((args[nargs++] = escape_special(req->attrv[i])) == NULL) {
                russ_sconn_fatal(sconn, "error: out of memory", RUSS_EXIT_FAILURE);
                exit(0);
            }
        }
    }
    args[nargs++] = req->op;
    args[nargs++] = new_spath;
    if ((req->argv != NULL) && (req->argv[0] != NULL)) {
        for (i = 0; req->argv[i] != NULL; i++) {
            if ((args[nargs++] = escape_special(req->argv[i])) == NULL) {
                russ_sconn_fatal(sconn, "error: out of memory", RUSS_EXIT_FAILURE);
                exit(0);
            }
        }
    }
    args[nargs++] = NULL;

#if 0
    {
        char **xargs;
        for (xargs = args; *xargs != NULL; xargs++) {
            fprintf(stderr, "(%s)\n", *xargs);
        }
    }
#endif

    /* fix up fds and exec */
    signal(SIGCHLD, SIG_DFL);
    if ((pid = fork()) == 0) {
        /* dup sconn stdin/out/err fds to standard stdin/out/err */
        if ((dup2(sconn->fds[0], 0) >= 0) &&
                (dup2(sconn->fds[1], 1) >= 0) &&
                (dup2(sconn->fds[2], 2) >= 0)) {

            russ_sconn_close(sconn);
            execv(args[0], args);
        }

        /* should not get here! */
        russ_dprintf(2, "error: could not execute\n");
        exit(1);
    }
    /* close sconn stdin/out/err; leave exitfd */
    russ_close(sconn->fds[0]);
    russ_close(sconn->fds[1]);
    russ_close(sconn->fds[2]);

    /* wait for exit value, pass back, and close up */
    waitpid(pid, &status, 0);
    russ_sconn_exit(sconn, WEXITSTATUS(status));
    russ_sconn_close(sconn);

    exit(0);
}