DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity

added configure detection of execvpe() - doesn't exist on Mac OS X yet

Browse Source
This commit is contained in:
Michael Rash 2014-10-06 20:04:00 -04:00
parent 652b8cb80e
commit 248c4b301e
5 changed files with 139 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
client/http_resolve_host.c
View File

@ -312,15 +312,21 @@ resolve_ip_https(fko_cli_options_t *options)
struct url url; /* for validation only */
char wget_ssl_cmd[MAX_URL_PATH_LEN] = {0}; /* for verbose logging only */
#if HAVE_EXECVPE
char *wget_argv[MAX_CMDLINE_ARGS]; /* for execvpe() */
int wget_argc=0;
int pipe_fd[2];
pid_t pid=0;
FILE *output;
int status;
#else
FILE *wget;
#endif
memset(&url, 0x0, sizeof(url));
#if HAVE_EXECVPE
memset(wget_argv, 0x0, sizeof(wget_argv));
#endif
memset(&url, 0x0, sizeof(url));
if(options->wget_bin != NULL)
{
@ -375,6 +381,7 @@ resolve_ip_https(fko_cli_options_t *options)
strlcat(wget_ssl_cmd, WGET_RESOLVE_URL_SSL, sizeof(wget_ssl_cmd));
}
#if HAVE_EXECVPE
if(strtoargv(wget_ssl_cmd, wget_argv, &wget_argc, options) != 1)
{
log_msg(LOG_VERBOSITY_ERROR, "Error converting wget cmd str to argv");
@ -430,6 +437,23 @@ resolve_ip_https(fko_cli_options_t *options)
free_argv(wget_argv, &wget_argc);
#else /* fall back to popen() */
wget = popen(wget_ssl_cmd, "r");
if(wget == NULL)
{
log_msg(LOG_VERBOSITY_ERROR, "[*] Could not run cmd: %s",
wget_ssl_cmd);
return -1;
}
/* Expecting one line of wget output that contains the resolved IP.
* */
if ((fgets(resp, sizeof(resp), wget)) != NULL)
{
got_resp = 1;
}
pclose(wget);
#endif
if(got_resp)
{
ndx = resp;

1
client/utils.c
View File

@ -307,7 +307,6 @@ add_argv(char **argv_new, int *argc_new,
return 1;
}
int
strtoargv(char *args_str, char **argv_new, int *argc_new,
fko_cli_options_t *opts)

2
configure.ac
View File

@ -289,7 +289,7 @@ AC_FUNC_MALLOC
AC_FUNC_REALLOC
AC_FUNC_STAT
AC_CHECK_FUNCS([bzero gettimeofday memmove memset socket strchr strcspn strdup strncasecmp strndup strrchr strspn strnlen stat chmod chown strlcat strlcpy])
AC_CHECK_FUNCS([bzero execvpe gettimeofday memmove memset socket strchr strcspn strdup strncasecmp strndup strrchr strspn strnlen stat chmod chown strlcat strlcpy])
AC_SEARCH_LIBS([socket], [socket])
AC_SEARCH_LIBS([inet_addr], [nsl])

90
server/extcmd.c
View File

@ -86,19 +86,26 @@ _run_extcmd(uid_t user_uid, const char *cmd, char *so_buf, const size_t so_buf_s
const fko_srv_options_t * const opts)
{
char so_read_buf[IO_READ_BUF_LEN] = {0};
#if HAVE_EXECVPE
char *argv_new[MAX_CMDLINE_ARGS]; /* for execvpe() */
int argc_new=0;
int pipe_fd[2];
#endif
pid_t pid=0;
FILE *output;
int retval = 0;
int line_ctr = 0, found_str = 0;
*pid_status = 0;
memset(argv_new, 0x0, sizeof(argv_new));
#if HAVE_EXECVPE
if(opts->verbose > 1)
log_msg(LOG_INFO, "run_extcmd(): running CMD: %s", cmd);
log_msg(LOG_INFO, "run_extcmd() (with execvpe()): running CMD: %s", cmd);
memset(argv_new, 0x0, sizeof(argv_new));
if(strtoargv(cmd, argv_new, &argc_new, opts) != 1)
{
@ -200,6 +207,85 @@ _run_extcmd(uid_t user_uid, const char *cmd, char *so_buf, const size_t so_buf_s
waitpid(pid, pid_status, 0);
#else
if(opts->verbose > 1)
log_msg(LOG_INFO, "run_extcmd() (without execvpe()): running CMD: %s", cmd);
if(so_buf == NULL && substr_search == NULL)
{
/* Since we do not have to capture output, we will fork here (which we
* * would have to do anyway if we are running as another user as well).
* */
pid = fork();
if(pid == -1)
{
log_msg(LOG_ERR, "run_extcmd: fork failed: %s", strerror(errno));
return(EXTCMD_FORK_ERROR);
}
else if (pid == 0)
{
/* We are the child */
/* If user is not null, then we setuid to that user before running the
* command.
*/
if(user_uid > 0)
{
if(setuid(user_uid) < 0)
{
exit(EXTCMD_SETUID_ERROR);
}
}
*pid_status = system(cmd);
exit(*pid_status);
}
/* Retval is forced to 0 as we don't care about the exit status of
* the child (for now)
*/
retval = 0;
}
else
{
/* Looking for output use popen and fill the buffer to its limit.
*/
output = popen(cmd, "r");
if(output == NULL)
{
log_msg(LOG_ERR, "Got popen error %i: %s", errno, strerror(errno));
retval = -1;
}
else
{
memset(so_buf, 0x0, so_buf_sz);
while((fgets(so_read_buf, IO_READ_BUF_LEN, output)) != NULL)
{
if(so_buf != NULL)
{
strlcat(so_buf, so_read_buf, so_buf_sz);
if(strlen(so_buf) >= so_buf_sz-1)
break;
}
else /* we are looking for a substring */
{
/* Get past comments and empty lines (note: we only look at the
* first character).
*/
if(IS_EMPTY_LINE(so_read_buf[0]))
continue;
if(strstr(so_read_buf, substr_search) != NULL)
{
found_str = 1;
break;
}
}
}
pclose(output);
}
}
#endif
if(substr_search != NULL)
{
/* The semantics of the return value changes in search mode to the line

45
server/fw_util_ipfw.c
View File

@ -69,7 +69,7 @@ static int
ipfw_set_exists(const fko_srv_options_t *opts,
const char *fw_command, const unsigned short set_num)
{
int res = 0;
int res = 0, pid_status=0;
zero_cmd_buffers();
@ -78,7 +78,8 @@ ipfw_set_exists(const fko_srv_options_t *opts,
set_num
);
res = run_extcmd(cmd_buf, cmd_out, STANDARD_CMD_OUT_BUFSIZE, 0);
res = run_extcmd(cmd_buf, cmd_out, STANDARD_CMD_OUT_BUFSIZE,
0, &pid_status, opts);
log_msg(LOG_DEBUG, "ipfw_set_exists() CMD: '%s' (res: %d)",
cmd_buf, res);
@ -98,7 +99,7 @@ ipfw_set_exists(const fko_srv_options_t *opts,
int
fw_dump_rules(const fko_srv_options_t * const opts)
{
int res, got_err = 0;
int res, got_err = 0, pid_status = 0;
if (opts->fw_list_all)
{
@ -113,7 +114,7 @@ fw_dump_rules(const fko_srv_options_t * const opts)
opts->fw_config->fw_command
);
res = system(cmd_buf);
res = run_extcmd(cmd_buf, NULL, 0, 0, &pid_status, opts);
log_msg(LOG_DEBUG, "fw_dump_rules() CMD: '%s' (res: %d)",
cmd_buf, res);
@ -140,7 +141,7 @@ fw_dump_rules(const fko_srv_options_t * const opts)
);
printf("\nActive Rules:\n");
res = system(cmd_buf);
res = run_extcmd(cmd_buf, NULL, 0, 0, &pid_status, opts);
log_msg(LOG_DEBUG, "fw_dump_rules() CMD: '%s' (res: %d)",
cmd_buf, res);
@ -160,7 +161,7 @@ fw_dump_rules(const fko_srv_options_t * const opts)
);
printf("\nExpired Rules:\n");
res = system(cmd_buf);
res = run_extcmd(cmd_buf, NULL, 0, 0, &pid_status, opts);
log_msg(LOG_DEBUG, "fw_dump_rules() CMD: '%s' (res: %d)",
cmd_buf, res);
@ -243,7 +244,7 @@ fw_config_init(fko_srv_options_t * const opts)
int
fw_initialize(const fko_srv_options_t * const opts)
{
int res = 0, is_err;
int res = 0, is_err, pid_status=0;
unsigned short curr_rule;
char *ndx;
@ -280,7 +281,7 @@ fw_initialize(const fko_srv_options_t * const opts)
fwc.active_set_num
);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0, &pid_status, opts);
log_msg(LOG_DEBUG, "fw_initialize() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
@ -310,7 +311,7 @@ fw_initialize(const fko_srv_options_t * const opts)
fwc.expire_set_num
);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0, &pid_status, opts);
log_msg(LOG_DEBUG, "fw_initialize() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
@ -332,7 +333,8 @@ fw_initialize(const fko_srv_options_t * const opts)
fwc.expire_set_num
);
res = run_extcmd(cmd_buf, cmd_out, STANDARD_CMD_OUT_BUFSIZE, 0);
res = run_extcmd(cmd_buf, cmd_out, STANDARD_CMD_OUT_BUFSIZE,
0, &pid_status, opts);
log_msg(LOG_DEBUG, "fw_initialize() CMD: '%s' (res: %d)",
cmd_buf, res);
@ -392,7 +394,7 @@ fw_initialize(const fko_srv_options_t * const opts)
int
fw_cleanup(const fko_srv_options_t * const opts)
{
int res, got_err = 0;
int res, got_err = 0, pid_status = 0;
if(strncasecmp(opts->config[CONF_FLUSH_IPFW_AT_EXIT], "N", 1) == 0)
{
@ -413,7 +415,7 @@ fw_cleanup(const fko_srv_options_t * const opts)
fwc.active_set_num
);
res = system(cmd_buf);
res = run_extcmd(cmd_buf, NULL, 0, 0, &pid_status, opts);
log_msg(LOG_DEBUG, "fw_cleanup() CMD: '%s' (res: %d)",
cmd_buf, res);
@ -472,7 +474,7 @@ process_spa_request(const fko_srv_options_t * const opts,
acc_port_list_t *port_list = NULL;
acc_port_list_t *ple;
int res = 0;
int res = 0, pid_status=0;
time_t now;
unsigned int exp_ts;
@ -526,7 +528,7 @@ process_spa_request(const fko_srv_options_t * const opts,
exp_ts
);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0, &pid_status, opts);
log_msg(LOG_DEBUG, "process_spa_request() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
@ -590,7 +592,7 @@ check_firewall_rules(const fko_srv_options_t * const opts)
char rule_num_str[6] = {0};
char *ndx, *rn_start, *rn_end, *tmp_mark;
int i=0, res=0, is_err;
int i=0, res=0, is_err, pid_status=0;
time_t now, rule_exp, min_exp = 0;
unsigned short curr_rule;
@ -620,7 +622,8 @@ check_firewall_rules(const fko_srv_options_t * const opts)
fwc.active_set_num
);
res = run_extcmd(cmd_buf, cmd_out, STANDARD_CMD_OUT_BUFSIZE, 0);
res = run_extcmd(cmd_buf, cmd_out, STANDARD_CMD_OUT_BUFSIZE,
0, &pid_status, opts);
log_msg(LOG_DEBUG, "check_firewall_rules() CMD: '%s' (res: %d)",
cmd_buf, res);
@ -726,7 +729,7 @@ check_firewall_rules(const fko_srv_options_t * const opts)
fwc.expire_set_num
);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0, &pid_status, opts);
log_msg(LOG_DEBUG, "check_firewall_rules() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
@ -780,7 +783,7 @@ void
ipfw_purge_expired_rules(const fko_srv_options_t *opts)
{
char *ndx, *co_end;
int i, res, is_err;
int i, res, is_err, pid_status=0;
unsigned short curr_rule;
/* First, we get the current active dynamic rules for the expired rule
@ -794,7 +797,8 @@ ipfw_purge_expired_rules(const fko_srv_options_t *opts)
fwc.expire_set_num
);
res = run_extcmd(cmd_buf, cmd_out, STANDARD_CMD_OUT_BUFSIZE, 0);
res = run_extcmd(cmd_buf, cmd_out, STANDARD_CMD_OUT_BUFSIZE,
0, &pid_status, opts);
log_msg(LOG_DEBUG, "ipfw_purge_expired_rules() CMD: '%s' (res: %d)",
cmd_buf, res);
@ -901,7 +905,8 @@ ipfw_purge_expired_rules(const fko_srv_options_t *opts)
curr_rule
);
res = run_extcmd(cmd_buf, cmd_out, STANDARD_CMD_OUT_BUFSIZE, 0);
res = run_extcmd(cmd_buf, cmd_out, STANDARD_CMD_OUT_BUFSIZE,
0, &pid_status, opts);
log_msg(LOG_DEBUG, "ipfw_purge_expired_rules() CMD: '%s' (res: %d)",
cmd_buf, res);