Mercurial > trustbridge
annotate cinst/nssstore_linux.c @ 856:797aa8d9c785
(issue48) Fallback to HKEY_USERS on hive load failure
If the hive can not be loaded it might mean that the user
is currently logged on. In that case we can access his
registry via HKEY_USERS.
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Thu, 31 Jul 2014 12:56:26 +0200 |
parents | 216a65d7fc4b |
children | 698b6a9bd75e |
rev | line source |
---|---|
404 | 1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik |
2 * Software engineering by Intevation GmbH | |
3 * | |
4 * This file is Free Software under the GNU GPL (v>=2) | |
5 * and comes with ABSOLUTELY NO WARRANTY! | |
6 * See LICENSE.txt for details. | |
7 */ | |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
8 #ifndef WIN32 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
9 |
321
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
305
diff
changeset
|
10 /* @file |
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
305
diff
changeset
|
11 @brief Linux implementation of nssstore process control. |
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
305
diff
changeset
|
12 */ |
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
305
diff
changeset
|
13 |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
14 #include <stdbool.h> |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
15 #include <stdio.h> |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
16 #include <unistd.h> |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
17 #include <sys/types.h> |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
18 #include <sys/wait.h> |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
19 #include <string.h> |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
20 #include <stdlib.h> |
383
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
21 #include <limits.h> |
439
c88090a15ae4
Fix cinstprocesstest for new arguments. Handle errno on write errors
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
22 #include <errno.h> |
648
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
23 #include <pwd.h> |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
24 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
25 #include "nssstore.h" |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
26 #include "logging.h" |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
27 #include "strhelp.h" |
841
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
648
diff
changeset
|
28 #include "util.h" |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
29 |
383
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
30 #define NSS_PROCESS_NAME "mozilla" |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
31 |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
32 |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
33 /**@brief Start the process to install / remove |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
34 * |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
35 * This forks the process and executes the NSS installation |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
36 * process. It also writes the Instructions to that process. |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
37 * |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
38 * @param [in] to_install strv of DER encoded certificates to be added. |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
39 * @param [in] to_remove strv of DER encoded certificates to be remvoed. |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
40 * @param [in] uid_t uid of the user to install certificates for. |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
41 * @param [in] gid_t the gid of the user to install certificates for. |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
42 * @param [in] homedir the homedir of the user. |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
43 * |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
44 * @returns childs pid on success. -1 on failure |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
45 */ |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
46 static int |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
47 start_procces_for_user (char **to_install, char **to_remove, |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
48 uid_t uid, gid_t gid, char *homedir) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
49 { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
50 int pipe_fd[2]; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
51 pid_t pid = 0; |
383
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
52 char *argv[2] = {NULL, NULL}, |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
53 *envp[2] = {NULL, NULL}, |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
54 *inst_dir = NULL; |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
55 size_t homedir_len = 0, |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
56 exe_path_len = 0; |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
57 int ret = -1, |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
58 i = 0; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
59 FILE *stream = NULL; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
60 bool success = false; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
61 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
62 if (homedir == NULL) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
63 { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
64 ERRORPRINTF ("Invalid call to start_process_for_user\n"); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
65 return -1; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
66 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
67 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
68 homedir_len = strlen (homedir); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
69 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
70 /* Allocate space for HOME=homedir\0 */ |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
71 envp[0] = xmalloc (homedir_len + 6); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
72 envp[1] = NULL; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
73 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
74 ret = snprintf (envp[0], homedir_len + 6, "HOME=%s", homedir); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
75 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
76 if (ret < 0 || (size_t) ret != homedir_len + 5) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
77 { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
78 ERRORPRINTF ("Error setting home env variable.\n"); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
79 xfree (envp[0]); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
80 return -1; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
81 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
82 |
383
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
83 /* Set up the file name of the installer process */ |
841
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
648
diff
changeset
|
84 inst_dir = get_install_dir(); |
383
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
85 if (inst_dir == NULL) |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
86 { |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
87 ERRORPRINTF ("Failed to find installation directory.\n"); |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
88 xfree (envp[0]); |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
89 return -1; |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
90 } |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
91 |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
92 exe_path_len = strlen(inst_dir) + strlen(NSS_PROCESS_NAME); |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
93 argv[0] = xmalloc (exe_path_len + 1); |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
94 |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
95 ret = snprintf(argv[0], exe_path_len + 1, "%s%s", inst_dir, NSS_PROCESS_NAME); |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
96 if (ret < 0 || (size_t) ret != exe_path_len) |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
97 { |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
98 ERRORPRINTF ("Error setting executable variable.\n"); |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
99 xfree (argv[0]); |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
100 return -1; |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
101 } |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
102 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
103 if (pipe (pipe_fd)) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
104 { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
105 ERRORPRINTF ("Failed to create pipe.\n"); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
106 return -1; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
107 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
108 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
109 pid = fork(); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
110 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
111 if (pid == (pid_t) -1) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
112 { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
113 ERRORPRINTF ("Failed to fork child.\n"); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
114 return -1; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
115 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
116 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
117 if (pid == (pid_t) 0) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
118 { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
119 /* Drop privileges */ |
648
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
120 if (setgid (gid) || setuid (uid)) |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
121 { |
648
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
122 syslog_error_printf("Failed to drop privileges: %s", strerror(errno)); |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
123 exit(-1); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
124 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
125 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
126 close (pipe_fd[1]); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
127 dup2 (pipe_fd[0], 0); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
128 close (pipe_fd[0]); |
383
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
129 execve (argv[0], argv, envp); |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
130 exit (127); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
131 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
132 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
133 close (pipe_fd[0]); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
134 stream = fdopen(pipe_fd[1], "w"); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
135 if (stream == NULL) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
136 { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
137 ERRORPRINTF ("Failed to open pipe for writing\n"); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
138 goto done; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
139 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
140 |
384
638db75f0fdf
Ignore sigpipe if the child closed the channel or there is an error
Andre Heinecke <andre.heinecke@intevation.de>
parents:
383
diff
changeset
|
141 /* The NSS installer may exit on error before we are done |
638db75f0fdf
Ignore sigpipe if the child closed the channel or there is an error
Andre Heinecke <andre.heinecke@intevation.de>
parents:
383
diff
changeset
|
142 * telling it what to do. We want to handle that rather |
638db75f0fdf
Ignore sigpipe if the child closed the channel or there is an error
Andre Heinecke <andre.heinecke@intevation.de>
parents:
383
diff
changeset
|
143 * then die unexpectedly. */ |
638db75f0fdf
Ignore sigpipe if the child closed the channel or there is an error
Andre Heinecke <andre.heinecke@intevation.de>
parents:
383
diff
changeset
|
144 signal(SIGPIPE, SIG_IGN); |
638db75f0fdf
Ignore sigpipe if the child closed the channel or there is an error
Andre Heinecke <andre.heinecke@intevation.de>
parents:
383
diff
changeset
|
145 |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
146 /* Send the instructions */ |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
147 for (i = 0; to_install && to_install[i]; i++) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
148 { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
149 if (fprintf (stream, "I:%s\n", to_install[i]) <= 3) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
150 { |
478
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
151 int err = errno; |
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
152 ERRORPRINTF ("Write failed: %s \n", strerror(err)); |
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
153 if (err == 32) |
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
154 { |
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
155 /* Broken pipe is expected if there are no NSS stores |
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
156 to be found the process just exits. That's ok */ |
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
157 success = true; |
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
158 } |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
159 goto done; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
160 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
161 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
162 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
163 for (i = 0; to_remove && to_remove[i]; i++) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
164 { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
165 if (fprintf (stream, "R:%s\n", to_remove[i]) <= 3) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
166 { |
478
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
167 int err = errno; |
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
168 ERRORPRINTF ("Write failed: %s \n", strerror(err)); |
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
169 if (err == 32) |
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
170 { |
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
171 /* Broken pipe is expected if there are no NSS stores |
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
172 to be found the process just exits. That's ok */ |
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
173 success = true; |
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
174 } |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
175 goto done; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
176 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
177 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
178 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
179 success = true; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
180 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
181 done: |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
182 if (stream) { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
183 fclose (stream); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
184 } |
383
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
185 xfree (argv[0]); |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
186 xfree (envp[0]); |
383
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
187 close (pipe_fd[0]); |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
188 close (pipe_fd[1]); |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
189 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
190 if (success) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
191 { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
192 return pid; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
193 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
194 return -1; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
195 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
196 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
197 int |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
198 write_stores_nss (char **to_install, char **to_remove) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
199 { |
648
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
200 struct passwd *usr_it = NULL; |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
201 uid_t my_uid = geteuid(); |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
202 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
203 if (my_uid != 0) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
204 { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
205 /* Running as a user */ |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
206 char *homedir = getenv ("HOME"); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
207 pid_t childprocess = -1; /* Only one child for single user installation */ |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
208 int status = -1; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
209 if (!homedir) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
210 { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
211 ERRORPRINTF ("Failed to find home directory\n"); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
212 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
213 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
214 childprocess = start_procces_for_user (to_install, to_remove, |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
215 my_uid, getgid(), homedir); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
216 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
217 if (childprocess == -1) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
218 { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
219 ERRORPRINTF ("Failed to start childprocess!\n"); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
220 return -1; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
221 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
222 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
223 childprocess = waitpid (childprocess, &status, 0); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
224 if (childprocess == -1 || !WIFEXITED(status)) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
225 { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
226 ERRORPRINTF ("Waitpid failed.\n"); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
227 return -1; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
228 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
229 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
230 return 0; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
231 } |
648
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
232 |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
233 setpwent(); |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
234 |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
235 while ((usr_it = getpwent ()) != NULL) |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
236 { |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
237 /* Skip obvious system accounts */ |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
238 if (strcmp(usr_it->pw_shell, "/usr/sbin/nologin") == 0 || |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
239 strcmp(usr_it->pw_shell, "/bin/false") == 0) |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
240 { |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
241 continue; |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
242 } |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
243 /* A check if the home directory starts with /home might be |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
244 appropiate */ |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
245 start_procces_for_user (to_install, |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
246 to_remove, |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
247 usr_it->pw_uid, |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
248 usr_it->pw_gid, |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
249 usr_it->pw_dir); |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
250 |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
251 } |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
252 |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
253 endpwent(); |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
254 |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
255 waitpid (-1, NULL, 0); |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
256 |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
257 DEBUGPRINTF ("NSS installation done\n"); |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
258 return 0; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
259 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
260 #endif |