Mercurial > trustbridge
annotate cinst/nssstore_linux.c @ 891:fc39f3a1b466
(issue64) Add more icon sizes
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Fri, 08 Aug 2014 13:06:05 +0200 |
parents | 216a65d7fc4b |
children | 698b6a9bd75e |
rev | line source |
---|---|
404 | 1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik |
2 * Software engineering by Intevation GmbH | |
3 * | |
4 * This file is Free Software under the GNU GPL (v>=2) | |
5 * and comes with ABSOLUTELY NO WARRANTY! | |
6 * See LICENSE.txt for details. | |
7 */ | |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
8 #ifndef WIN32 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
9 |
321
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
305
diff
changeset
|
10 /* @file |
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
305
diff
changeset
|
11 @brief Linux implementation of nssstore process control. |
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
305
diff
changeset
|
12 */ |
824ef90a6721
Move is_elevated into common/util.c file for better reuse
Andre Heinecke <aheinecke@intevation.de>
parents:
305
diff
changeset
|
13 |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
14 #include <stdbool.h> |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
15 #include <stdio.h> |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
16 #include <unistd.h> |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
17 #include <sys/types.h> |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
18 #include <sys/wait.h> |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
19 #include <string.h> |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
20 #include <stdlib.h> |
383
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
21 #include <limits.h> |
439
c88090a15ae4
Fix cinstprocesstest for new arguments. Handle errno on write errors
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
22 #include <errno.h> |
648
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
23 #include <pwd.h> |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
24 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
25 #include "nssstore.h" |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
26 #include "logging.h" |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
27 #include "strhelp.h" |
841
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
648
diff
changeset
|
28 #include "util.h" |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
29 |
383
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
30 #define NSS_PROCESS_NAME "mozilla" |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
31 |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
32 |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
33 /**@brief Start the process to install / remove |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
34 * |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
35 * This forks the process and executes the NSS installation |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
36 * process. It also writes the Instructions to that process. |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
37 * |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
38 * @param [in] to_install strv of DER encoded certificates to be added. |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
39 * @param [in] to_remove strv of DER encoded certificates to be remvoed. |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
40 * @param [in] uid_t uid of the user to install certificates for. |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
41 * @param [in] gid_t the gid of the user to install certificates for. |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
42 * @param [in] homedir the homedir of the user. |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
43 * |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
44 * @returns childs pid on success. -1 on failure |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
45 */ |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
46 static int |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
47 start_procces_for_user (char **to_install, char **to_remove, |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
48 uid_t uid, gid_t gid, char *homedir) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
49 { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
50 int pipe_fd[2]; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
51 pid_t pid = 0; |
383
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
52 char *argv[2] = {NULL, NULL}, |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
53 *envp[2] = {NULL, NULL}, |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
54 *inst_dir = NULL; |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
55 size_t homedir_len = 0, |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
56 exe_path_len = 0; |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
57 int ret = -1, |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
58 i = 0; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
59 FILE *stream = NULL; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
60 bool success = false; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
61 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
62 if (homedir == NULL) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
63 { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
64 ERRORPRINTF ("Invalid call to start_process_for_user\n"); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
65 return -1; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
66 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
67 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
68 homedir_len = strlen (homedir); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
69 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
70 /* Allocate space for HOME=homedir\0 */ |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
71 envp[0] = xmalloc (homedir_len + 6); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
72 envp[1] = NULL; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
73 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
74 ret = snprintf (envp[0], homedir_len + 6, "HOME=%s", homedir); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
75 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
76 if (ret < 0 || (size_t) ret != homedir_len + 5) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
77 { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
78 ERRORPRINTF ("Error setting home env variable.\n"); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
79 xfree (envp[0]); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
80 return -1; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
81 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
82 |
383
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
83 /* Set up the file name of the installer process */ |
841
216a65d7fc4b
(issue66) Implement is_system_install and use it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
648
diff
changeset
|
84 inst_dir = get_install_dir(); |
383
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
85 if (inst_dir == NULL) |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
86 { |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
87 ERRORPRINTF ("Failed to find installation directory.\n"); |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
88 xfree (envp[0]); |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
89 return -1; |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
90 } |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
91 |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
92 exe_path_len = strlen(inst_dir) + strlen(NSS_PROCESS_NAME); |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
93 argv[0] = xmalloc (exe_path_len + 1); |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
94 |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
95 ret = snprintf(argv[0], exe_path_len + 1, "%s%s", inst_dir, NSS_PROCESS_NAME); |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
96 if (ret < 0 || (size_t) ret != exe_path_len) |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
97 { |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
98 ERRORPRINTF ("Error setting executable variable.\n"); |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
99 xfree (argv[0]); |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
100 return -1; |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
101 } |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
102 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
103 if (pipe (pipe_fd)) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
104 { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
105 ERRORPRINTF ("Failed to create pipe.\n"); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
106 return -1; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
107 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
108 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
109 pid = fork(); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
110 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
111 if (pid == (pid_t) -1) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
112 { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
113 ERRORPRINTF ("Failed to fork child.\n"); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
114 return -1; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
115 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
116 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
117 if (pid == (pid_t) 0) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
118 { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
119 /* Drop privileges */ |
648
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
120 if (setgid (gid) || setuid (uid)) |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
121 { |
648
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
122 syslog_error_printf("Failed to drop privileges: %s", strerror(errno)); |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
123 exit(-1); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
124 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
125 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
126 close (pipe_fd[1]); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
127 dup2 (pipe_fd[0], 0); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
128 close (pipe_fd[0]); |
383
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
129 execve (argv[0], argv, envp); |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
130 exit (127); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
131 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
132 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
133 close (pipe_fd[0]); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
134 stream = fdopen(pipe_fd[1], "w"); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
135 if (stream == NULL) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
136 { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
137 ERRORPRINTF ("Failed to open pipe for writing\n"); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
138 goto done; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
139 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
140 |
384
638db75f0fdf
Ignore sigpipe if the child closed the channel or there is an error
Andre Heinecke <andre.heinecke@intevation.de>
parents:
383
diff
changeset
|
141 /* The NSS installer may exit on error before we are done |
638db75f0fdf
Ignore sigpipe if the child closed the channel or there is an error
Andre Heinecke <andre.heinecke@intevation.de>
parents:
383
diff
changeset
|
142 * telling it what to do. We want to handle that rather |
638db75f0fdf
Ignore sigpipe if the child closed the channel or there is an error
Andre Heinecke <andre.heinecke@intevation.de>
parents:
383
diff
changeset
|
143 * then die unexpectedly. */ |
638db75f0fdf
Ignore sigpipe if the child closed the channel or there is an error
Andre Heinecke <andre.heinecke@intevation.de>
parents:
383
diff
changeset
|
144 signal(SIGPIPE, SIG_IGN); |
638db75f0fdf
Ignore sigpipe if the child closed the channel or there is an error
Andre Heinecke <andre.heinecke@intevation.de>
parents:
383
diff
changeset
|
145 |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
146 /* Send the instructions */ |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
147 for (i = 0; to_install && to_install[i]; i++) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
148 { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
149 if (fprintf (stream, "I:%s\n", to_install[i]) <= 3) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
150 { |
478
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
151 int err = errno; |
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
152 ERRORPRINTF ("Write failed: %s \n", strerror(err)); |
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
153 if (err == 32) |
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
154 { |
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
155 /* Broken pipe is expected if there are no NSS stores |
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
156 to be found the process just exits. That's ok */ |
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
157 success = true; |
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
158 } |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
159 goto done; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
160 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
161 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
162 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
163 for (i = 0; to_remove && to_remove[i]; i++) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
164 { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
165 if (fprintf (stream, "R:%s\n", to_remove[i]) <= 3) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
166 { |
478
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
167 int err = errno; |
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
168 ERRORPRINTF ("Write failed: %s \n", strerror(err)); |
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
169 if (err == 32) |
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
170 { |
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
171 /* Broken pipe is expected if there are no NSS stores |
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
172 to be found the process just exits. That's ok */ |
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
173 success = true; |
214bf504c54f
Handle broken pipe as it is expected behavior
Andre Heinecke <aheinecke@intevation.de>
parents:
476
diff
changeset
|
174 } |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
175 goto done; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
176 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
177 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
178 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
179 success = true; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
180 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
181 done: |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
182 if (stream) { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
183 fclose (stream); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
184 } |
383
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
185 xfree (argv[0]); |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
186 xfree (envp[0]); |
383
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
187 close (pipe_fd[0]); |
5eb7ee4ee819
Look up executable name based on /proc/self/exe
Andre Heinecke <andre.heinecke@intevation.de>
parents:
321
diff
changeset
|
188 close (pipe_fd[1]); |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
189 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
190 if (success) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
191 { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
192 return pid; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
193 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
194 return -1; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
195 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
196 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
197 int |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
198 write_stores_nss (char **to_install, char **to_remove) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
199 { |
648
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
200 struct passwd *usr_it = NULL; |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
201 uid_t my_uid = geteuid(); |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
202 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
203 if (my_uid != 0) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
204 { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
205 /* Running as a user */ |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
206 char *homedir = getenv ("HOME"); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
207 pid_t childprocess = -1; /* Only one child for single user installation */ |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
208 int status = -1; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
209 if (!homedir) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
210 { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
211 ERRORPRINTF ("Failed to find home directory\n"); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
212 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
213 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
214 childprocess = start_procces_for_user (to_install, to_remove, |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
215 my_uid, getgid(), homedir); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
216 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
217 if (childprocess == -1) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
218 { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
219 ERRORPRINTF ("Failed to start childprocess!\n"); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
220 return -1; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
221 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
222 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
223 childprocess = waitpid (childprocess, &status, 0); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
224 if (childprocess == -1 || !WIFEXITED(status)) |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
225 { |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
226 ERRORPRINTF ("Waitpid failed.\n"); |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
227 return -1; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
228 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
229 |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
230 return 0; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
231 } |
648
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
232 |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
233 setpwent(); |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
234 |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
235 while ((usr_it = getpwent ()) != NULL) |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
236 { |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
237 /* Skip obvious system accounts */ |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
238 if (strcmp(usr_it->pw_shell, "/usr/sbin/nologin") == 0 || |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
239 strcmp(usr_it->pw_shell, "/bin/false") == 0) |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
240 { |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
241 continue; |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
242 } |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
243 /* A check if the home directory starts with /home might be |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
244 appropiate */ |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
245 start_procces_for_user (to_install, |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
246 to_remove, |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
247 usr_it->pw_uid, |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
248 usr_it->pw_gid, |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
249 usr_it->pw_dir); |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
250 |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
251 } |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
252 |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
253 endpwent(); |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
254 |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
255 waitpid (-1, NULL, 0); |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
256 |
e41a2537b84d
Implement root installation
Andre Heinecke <andre.heinecke@intevation.de>
parents:
478
diff
changeset
|
257 DEBUGPRINTF ("NSS installation done\n"); |
302
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
258 return 0; |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
259 } |
fac7e1b0e558
Add nss store calling function and use it in cinst
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
260 #endif |