annotate cinst/nssstore_linux.c @ 946:171124737c76

Free secitem.data and not just the list.
author Andre Heinecke <andre.heinecke@intevation.de>
date Tue, 26 Aug 2014 17:03:50 +0200
parents 698b6a9bd75e
children dbf5ea18cb20
rev   line source
404
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 384
diff changeset
1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 384
diff changeset
2 * Software engineering by Intevation GmbH
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 384
diff changeset
3 *
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 384
diff changeset
4 * This file is Free Software under the GNU GPL (v>=2)
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 384
diff changeset
5 * and comes with ABSOLUTELY NO WARRANTY!
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 384
diff changeset
6 * See LICENSE.txt for details.
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 384
diff changeset
7 */
302
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
8 #ifndef WIN32
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
9
321
824ef90a6721 Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents: 305
diff changeset
10 /* @file
824ef90a6721 Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents: 305
diff changeset
11 @brief Linux implementation of nssstore process control.
824ef90a6721 Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents: 305
diff changeset
12 */
824ef90a6721 Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents: 305
diff changeset
13
302
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
14 #include <stdbool.h>
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
15 #include <stdio.h>
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
16 #include <unistd.h>
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
17 #include <sys/types.h>
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
18 #include <sys/wait.h>
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
19 #include <string.h>
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
20 #include <stdlib.h>
383
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
21 #include <limits.h>
439
c88090a15ae4 Fix cinstprocesstest for new arguments. Handle errno on write errors
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
22 #include <errno.h>
648
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
23 #include <pwd.h>
302
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
24
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
25 #include "nssstore.h"
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
26 #include "logging.h"
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
27 #include "strhelp.h"
841
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 648
diff changeset
28 #include "util.h"
302
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
29
383
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
30 #define NSS_PROCESS_NAME "mozilla"
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
31
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
32
302
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
33 /**@brief Start the process to install / remove
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
34 *
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
35 * This forks the process and executes the NSS installation
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
36 * process. It also writes the Instructions to that process.
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
37 *
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
38 * @param [in] to_install strv of DER encoded certificates to be added.
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
39 * @param [in] to_remove strv of DER encoded certificates to be remvoed.
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
40 * @param [in] uid_t uid of the user to install certificates for.
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
41 * @param [in] gid_t the gid of the user to install certificates for.
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
42 * @param [in] homedir the homedir of the user.
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
43 *
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
44 * @returns childs pid on success. -1 on failure
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
45 */
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
46 static int
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
47 start_procces_for_user (char **to_install, char **to_remove,
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
48 uid_t uid, gid_t gid, char *homedir)
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
49 {
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
50 int pipe_fd[2];
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
51 pid_t pid = 0;
383
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
52 char *argv[2] = {NULL, NULL},
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
53 *envp[2] = {NULL, NULL},
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
54 *inst_dir = NULL;
383
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
55 size_t homedir_len = 0,
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
56 exe_path_len = 0;
302
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
57 int ret = -1,
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
58 i = 0;
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
59 FILE *stream = NULL;
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
60 bool success = false;
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
61
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
62 if (homedir == NULL)
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
63 {
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
64 ERRORPRINTF ("Invalid call to start_process_for_user\n");
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
65 return -1;
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
66 }
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
67
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
68 homedir_len = strlen (homedir);
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
69
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
70 /* Allocate space for HOME=homedir\0 */
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
71 envp[0] = xmalloc (homedir_len + 6);
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
72 envp[1] = NULL;
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
73
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
74 ret = snprintf (envp[0], homedir_len + 6, "HOME=%s", homedir);
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
75
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
76 if (ret < 0 || (size_t) ret != homedir_len + 5)
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
77 {
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
78 ERRORPRINTF ("Error setting home env variable.\n");
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
79 xfree (envp[0]);
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
80 return -1;
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
81 }
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
82
383
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
83 /* Set up the file name of the installer process */
841
216a65d7fc4b (issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 648
diff changeset
84 inst_dir = get_install_dir();
383
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
85 if (inst_dir == NULL)
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
86 {
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
87 ERRORPRINTF ("Failed to find installation directory.\n");
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
88 xfree (envp[0]);
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
89 return -1;
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
90 }
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
91
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
92 exe_path_len = strlen(inst_dir) + strlen(NSS_PROCESS_NAME);
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
93 argv[0] = xmalloc (exe_path_len + 1);
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
94
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
95 ret = snprintf(argv[0], exe_path_len + 1, "%s%s", inst_dir, NSS_PROCESS_NAME);
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
96 if (ret < 0 || (size_t) ret != exe_path_len)
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
97 {
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
98 ERRORPRINTF ("Error setting executable variable.\n");
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
99 xfree (argv[0]);
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
100 return -1;
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
101 }
302
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
102
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
103 if (pipe (pipe_fd))
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
104 {
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
105 ERRORPRINTF ("Failed to create pipe.\n");
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
106 return -1;
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
107 }
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
108
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
109 pid = fork();
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
110
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
111 if (pid == (pid_t) -1)
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
112 {
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
113 ERRORPRINTF ("Failed to fork child.\n");
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
114 return -1;
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
115 }
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
116
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
117 if (pid == (pid_t) 0)
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
118 {
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
119 /* Drop privileges */
648
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
120 if (setgid (gid) || setuid (uid))
302
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
121 {
648
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
122 syslog_error_printf("Failed to drop privileges: %s", strerror(errno));
302
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
123 exit(-1);
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
124 }
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
125
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
126 close (pipe_fd[1]);
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
127 dup2 (pipe_fd[0], 0);
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
128 close (pipe_fd[0]);
383
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
129 execve (argv[0], argv, envp);
302
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
130 exit (127);
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
131 }
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
132
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
133 close (pipe_fd[0]);
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
134 stream = fdopen(pipe_fd[1], "w");
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
135 if (stream == NULL)
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
136 {
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
137 ERRORPRINTF ("Failed to open pipe for writing\n");
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
138 goto done;
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
139 }
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
140
384
638db75f0fdf Ignore sigpipe if the child closed the channel or there is an error
Andre Heinecke <andre.heinecke@intevation.de>
parents: 383
diff changeset
141 /* The NSS installer may exit on error before we are done
638db75f0fdf Ignore sigpipe if the child closed the channel or there is an error
Andre Heinecke <andre.heinecke@intevation.de>
parents: 383
diff changeset
142 * telling it what to do. We want to handle that rather
638db75f0fdf Ignore sigpipe if the child closed the channel or there is an error
Andre Heinecke <andre.heinecke@intevation.de>
parents: 383
diff changeset
143 * then die unexpectedly. */
638db75f0fdf Ignore sigpipe if the child closed the channel or there is an error
Andre Heinecke <andre.heinecke@intevation.de>
parents: 383
diff changeset
144 signal(SIGPIPE, SIG_IGN);
638db75f0fdf Ignore sigpipe if the child closed the channel or there is an error
Andre Heinecke <andre.heinecke@intevation.de>
parents: 383
diff changeset
145
302
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
146 /* Send the instructions */
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
147 for (i = 0; to_install && to_install[i]; i++)
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
148 {
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
149 if (fprintf (stream, "I:%s\n", to_install[i]) <= 3)
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
150 {
478
214bf504c54f Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents: 476
diff changeset
151 int err = errno;
214bf504c54f Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents: 476
diff changeset
152 ERRORPRINTF ("Write failed: %s \n", strerror(err));
214bf504c54f Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents: 476
diff changeset
153 if (err == 32)
214bf504c54f Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents: 476
diff changeset
154 {
214bf504c54f Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents: 476
diff changeset
155 /* Broken pipe is expected if there are no NSS stores
214bf504c54f Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents: 476
diff changeset
156 to be found the process just exits. That's ok */
214bf504c54f Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents: 476
diff changeset
157 success = true;
214bf504c54f Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents: 476
diff changeset
158 }
302
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
159 goto done;
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
160 }
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
161 }
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
162
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
163 for (i = 0; to_remove && to_remove[i]; i++)
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
164 {
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
165 if (fprintf (stream, "R:%s\n", to_remove[i]) <= 3)
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
166 {
478
214bf504c54f Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents: 476
diff changeset
167 int err = errno;
214bf504c54f Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents: 476
diff changeset
168 ERRORPRINTF ("Write failed: %s \n", strerror(err));
214bf504c54f Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents: 476
diff changeset
169 if (err == 32)
214bf504c54f Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents: 476
diff changeset
170 {
214bf504c54f Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents: 476
diff changeset
171 /* Broken pipe is expected if there are no NSS stores
214bf504c54f Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents: 476
diff changeset
172 to be found the process just exits. That's ok */
214bf504c54f Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents: 476
diff changeset
173 success = true;
214bf504c54f Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents: 476
diff changeset
174 }
302
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
175 goto done;
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
176 }
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
177 }
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
178
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
179 success = true;
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
180
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
181 done:
905
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
182 if (stream)
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
183 {
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
184 fclose (stream);
698b6a9bd75e Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents: 841
diff changeset
185 }
383
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
186 xfree (argv[0]);
302
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
187 xfree (envp[0]);
383
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
188 close (pipe_fd[0]);
5eb7ee4ee819 Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents: 321
diff changeset
189 close (pipe_fd[1]);
302
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
190
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
191 if (success)
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
192 {
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
193 return pid;
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
194 }
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
195 return -1;
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
196 }
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
197
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
198 int
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
199 write_stores_nss (char **to_install, char **to_remove)
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
200 {
648
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
201 struct passwd *usr_it = NULL;
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
202 uid_t my_uid = geteuid();
302
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
203
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
204 if (my_uid != 0)
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
205 {
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
206 /* Running as a user */
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
207 char *homedir = getenv ("HOME");
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
208 pid_t childprocess = -1; /* Only one child for single user installation */
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
209 int status = -1;
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
210 if (!homedir)
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
211 {
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
212 ERRORPRINTF ("Failed to find home directory\n");
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
213 }
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
214
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
215 childprocess = start_procces_for_user (to_install, to_remove,
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
216 my_uid, getgid(), homedir);
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
217
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
218 if (childprocess == -1)
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
219 {
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
220 ERRORPRINTF ("Failed to start childprocess!\n");
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
221 return -1;
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
222 }
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
223
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
224 childprocess = waitpid (childprocess, &status, 0);
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
225 if (childprocess == -1 || !WIFEXITED(status))
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
226 {
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
227 ERRORPRINTF ("Waitpid failed.\n");
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
228 return -1;
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
229 }
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
230
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
231 return 0;
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
232 }
648
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
233
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
234 setpwent();
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
235
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
236 while ((usr_it = getpwent ()) != NULL)
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
237 {
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
238 /* Skip obvious system accounts */
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
239 if (strcmp(usr_it->pw_shell, "/usr/sbin/nologin") == 0 ||
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
240 strcmp(usr_it->pw_shell, "/bin/false") == 0)
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
241 {
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
242 continue;
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
243 }
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
244 /* A check if the home directory starts with /home might be
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
245 appropiate */
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
246 start_procces_for_user (to_install,
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
247 to_remove,
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
248 usr_it->pw_uid,
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
249 usr_it->pw_gid,
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
250 usr_it->pw_dir);
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
251
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
252 }
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
253
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
254 endpwent();
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
255
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
256 waitpid (-1, NULL, 0);
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
257
e41a2537b84d Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 478
diff changeset
258 DEBUGPRINTF ("NSS installation done\n");
302
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
259 return 0;
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
260 }
fac7e1b0e558 Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
261 #endif

http://wald.intevation.org/projects/trustbridge/