DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity

[server] first cut at converting iptables commands to use execvpe()

Browse Source
This commit is contained in:
Michael Rash
2014-10-03 21:58:51 -04:00
parent 7aa34a92f1
commit e271442aa9
13 changed files with 275 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
client/fwknop.c
View File

@@ -983,7 +983,6 @@ run_last_args(fko_cli_options_t *options, const char * const args_save_file)
{
FILE *args_file_ptr = NULL;
int argc_new = 0, args_broken = 0;
int i = 0;
char args_str[MAX_LINE_LEN] = {0};
char *argv_new[MAX_CMDLINE_ARGS]; /* should be way more than enough */

4
client/fwknop_common.h
View File

@@ -47,10 +47,6 @@
*/
#define DEF_CONFIG_FILE MY_NAME".conf"
/* Command line argument / argv handling
*/
#define MAX_CMDLINE_ARGS 50 /*!< should be way more than enough */
/* For time offset handling
*/
#define MAX_TIME_STR_LEN 9

6
client/http_resolve_host.c
View File

@@ -312,7 +312,7 @@ resolve_ip_https(fko_cli_options_t *options)
struct url url; /* for validation only */
char wget_ssl_cmd[MAX_URL_PATH_LEN] = {0}; /* for verbose logging only */
char *wget_argv[MAX_CMDLINE_ARGS]; /* for execvpe() with no environment */
char *wget_argv[MAX_CMDLINE_ARGS]; /* for execvpe() */
int wget_argc=0;
int pipe_fd[2];
pid_t pid=0;
@@ -398,7 +398,7 @@ resolve_ip_https(fko_cli_options_t *options)
close(pipe_fd[0]);
dup2(pipe_fd[1], STDOUT_FILENO);
dup2(pipe_fd[1], STDERR_FILENO);
execvpe(wget_argv[0], wget_argv, (char * const *)NULL);
execvpe(wget_argv[0], wget_argv, (char * const *)NULL); /* don't use env */
}
else if(pid == -1)
{
@@ -416,6 +416,7 @@ resolve_ip_https(fko_cli_options_t *options)
{
got_resp = 1;
}
fclose(output);
}
else
{
@@ -424,7 +425,6 @@ resolve_ip_https(fko_cli_options_t *options)
free_argv(wget_argv, &wget_argc);
return -1;
}
fclose(output);
waitpid(pid, &status, 0);

65
client/utils.c
View File

@@ -275,6 +275,39 @@ proto_strtoint(const char *pr_str)
return proto_int;
}
static int
add_argv(char **argv_new, int *argc_new,
const char *new_arg, fko_cli_options_t *opts)
{
int buf_size = 0;
if(opts->verbose > 2)
log_msg(LOG_VERBOSITY_NORMAL, "[+] add_argv() + arg: %s", new_arg);
buf_size = strlen(new_arg) + 1;
argv_new[*argc_new] = calloc(1, buf_size);
if(argv_new[*argc_new] == NULL)
{
log_msg(LOG_VERBOSITY_ERROR, "[*] Memory allocation error.");
return 0;
}
strlcpy(argv_new[*argc_new], new_arg, buf_size);
*argc_new += 1;
if(*argc_new >= MAX_CMDLINE_ARGS-1)
{
log_msg(LOG_VERBOSITY_ERROR, "[*] max command line args exceeded.");
return 0;
}
argv_new[*argc_new] = NULL;
return 1;
}
int
strtoargv(char *args_str, char **argv_new, int *argc_new,
fko_cli_options_t *opts)
@@ -318,38 +351,6 @@ strtoargv(char *args_str, char **argv_new, int *argc_new,
return 1;
}
int
add_argv(char **argv_new, int *argc_new,
const char *new_arg, fko_cli_options_t *opts)
{
int buf_size = 0;
if(opts->verbose > 2)
log_msg(LOG_VERBOSITY_NORMAL, "[+] add_argv() + arg: %s", new_arg);
buf_size = strlen(new_arg) + 1;
argv_new[*argc_new] = calloc(1, buf_size);
if(argv_new[*argc_new] == NULL)
{
log_msg(LOG_VERBOSITY_ERROR, "[*] Memory allocation error.");
return 0;
}
strlcpy(argv_new[*argc_new], new_arg, buf_size);
*argc_new += 1;
if(*argc_new >= MAX_CMDLINE_ARGS-1)
{
log_msg(LOG_VERBOSITY_ERROR, "[*] max command line args exceeded.");
return 0;
}
argv_new[*argc_new] = NULL;
return 1;
}
void
free_argv(char **argv_new, int *argc_new)
{

1
client/utils.h
View File

@@ -60,7 +60,6 @@ int resolve_dest_adr(const char *dns_str, struct addrinfo *hints, char *ip_s
short proto_inttostr(int proto, char *proto_str, size_t proto_size);
short proto_strtoint(const char *pr_str);
int strtoargv(char *args_str, char **argv_new, int *argc_new, fko_cli_options_t *opts);
int add_argv(char **argv_new, int *argc_new, const char *new_arg, fko_cli_options_t *opts);
void free_argv(char **argv_new, int *argc_new);
#endif /* UTILS_H */

4
common/common.h
View File

@@ -150,6 +150,10 @@ enum {
#define MAX_GPG_KEY_ID 128
#define MAX_USERNAME_LEN 30
/* Command line argument / argv handling
*/
#define MAX_CMDLINE_ARGS 50 /*!< should be way more than enough */
#if HAVE_LIBFIU
#define MAX_FAULT_TAG_LEN 128
#endif

107
server/extcmd.c
View File

@@ -33,15 +33,6 @@
#include "log_msg.h"
#include "utils.h"
/*
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/select.h>
*/
#include <errno.h>
#include <signal.h>
@@ -83,21 +74,102 @@ alarm_handler(int sig)
}
*/
/* Run en external command returning exit status, and optionally filling
/* Run an external command returning exit status, and optionally filling
* provided buffer with STDOUT output up to the size provided.
*
* Note: XXX: We are not using the timeout parameter at present. We still need
* to implement a reliable timeout mechanism.
*/
static int
_run_extcmd(uid_t user_uid, const char *cmd, char *so_buf, const size_t so_buf_sz, const int timeout)
_run_extcmd(uid_t user_uid, const char *cmd, char *so_buf, const size_t so_buf_sz,
const int timeout, const fko_srv_options_t * const opts)
{
FILE *ipt;
int retval = 0;
char so_read_buf[IO_READ_BUF_LEN] = {0};
pid_t pid;
int res;
char *argv_new[MAX_CMDLINE_ARGS]; /* for execvpe() */
int argc_new=0;
int pipe_fd[2];
pid_t pid=0;
FILE *output;
int status;
memset(argv_new, 0x0, sizeof(argv_new));
if(strtoargv(cmd, argv_new, &argc_new, opts) != 1)
{
log_msg(LOG_ERR, "Error converting cmd str to argv");
return(-1);
}
if(so_buf != NULL)
{
if(pipe(pipe_fd) < 0)
{
log_msg(LOG_ERR, "[*] pipe() error");
free_argv(argv_new, &argc_new);
return -1;
}
}
pid = fork();
if (pid == 0)
{
if(so_buf != NULL)
{
close(pipe_fd[0]);
dup2(pipe_fd[1], STDOUT_FILENO);
dup2(pipe_fd[1], STDERR_FILENO);
}
/* don't use env
*/
execvpe(argv_new[0], argv_new, (char * const *)NULL);
}
else if(pid == -1)
{
log_msg(LOG_ERR, "[*] Could not fork() for cmd.");
free_argv(argv_new, &argc_new);
return -1;
}
/* Only the parent process makes it here
*/
if(so_buf != NULL)
{
close(pipe_fd[1]);
if ((output = fdopen(pipe_fd[0], "r")) != NULL)
{
memset(so_buf, 0x0, so_buf_sz);
while((fgets(so_read_buf, IO_READ_BUF_LEN, output)) != NULL)
{
strlcat(so_buf, so_read_buf, so_buf_sz);
if(strlen(so_buf) >= so_buf_sz-1)
break;
}
fclose(output);
}
else
{
log_msg(LOG_ERR,
"[*] Could not fdopen() pipe output file descriptor.");
free_argv(argv_new, &argc_new);
return -1;
}
}
waitpid(pid, &status, 0);
free_argv(argv_new, &argc_new);
return(retval);
if(so_buf == NULL)
{
@@ -376,16 +448,17 @@ _run_extcmd(uid_t user_uid, const char *cmd, char *so_buf, const size_t so_buf_s
/* Run an external command. This is wrapper around _run_extcmd()
*/
int
run_extcmd(const char *cmd, char *so_buf, const size_t so_buf_sz, const int timeout)
run_extcmd(const char *cmd, char *so_buf, const size_t so_buf_sz,
const int timeout, const fko_srv_options_t * const opts)
{
return _run_extcmd(0, cmd, so_buf, so_buf_sz, timeout);
return _run_extcmd(0, cmd, so_buf, so_buf_sz, timeout, opts);
}
/* Run an external command as the specified user. This is wrapper around _run_extcmd()
*/
int
run_extcmd_as(uid_t user_uid, const char *cmd, char *so_buf, const size_t so_buf_sz, const int timeout)
run_extcmd_as(uid_t user_uid, const char *cmd,char *so_buf, const size_t so_buf_sz,
const int timeout, const fko_srv_options_t * const opts)
{
return _run_extcmd(user_uid, cmd, so_buf, so_buf_sz, timeout);
return _run_extcmd(user_uid, cmd, so_buf, so_buf_sz, timeout, opts);
}

6
server/extcmd.h
View File

@@ -71,8 +71,10 @@ enum {
/* Function prototypes
*/
int run_extcmd(const char *cmd, char *so_buf, const size_t so_buf_sz, const int timeout);
int run_extcmd_as(uid_t uid, const char *cmd, char *so_buf, const size_t so_buf_sz, const int timeout);
int run_extcmd(const char *cmd, char *so_buf, const size_t so_buf_sz,
const int timeout, const fko_srv_options_t * const opts);
int run_extcmd_as(uid_t uid, const char *cmd, char *so_buf,
const size_t so_buf_sz, const int timeout, const fko_srv_options_t * const opts);
#endif /* EXTCMD_H */

39
server/fw_util_iptables.c
View File

@@ -81,7 +81,7 @@ rule_exists_no_chk_support(const fko_srv_options_t * const opts,
char exp_ts_search[CMD_BUFSIZE] = {0};
FILE *ipt;
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_LIST_RULES_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_LIST_RULES_ARGS " 2>&1",
opts->fw_config->fw_command,
fwc->table,
fwc->to_chain
@@ -155,7 +155,7 @@ rule_exists_chk_support(const fko_srv_options_t * const opts,
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_CHK_RULE_ARGS,
opts->fw_config->fw_command, chain, rule);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0, opts);
chop_newline(err_buf);
log_msg(LOG_DEBUG, "rule_exists_chk_support() CMD: '%s' (res: %d, err: %s)",
@@ -219,7 +219,7 @@ ipt_chk_support(const fko_srv_options_t * const opts)
in_chain->target
);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0, opts);
chop_newline(err_buf);
log_msg(LOG_DEBUG, "ipt_chk_support() CMD: '%s' (res: %d, err: %s)",
@@ -236,7 +236,7 @@ ipt_chk_support(const fko_srv_options_t * const opts)
in_chain->target
);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0, opts);
chop_newline(err_buf);
log_msg(LOG_DEBUG, "ipt_chk_support() CMD: '%s' (res: %d, err: %s)",
@@ -263,7 +263,7 @@ ipt_chk_support(const fko_srv_options_t * const opts)
in_chain->from_chain,
1
);
run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0, opts);
return;
}
@@ -289,7 +289,7 @@ comment_match_exists(const fko_srv_options_t * const opts)
in_chain->target
);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0, opts);
chop_newline(err_buf);
log_msg(LOG_DEBUG, "comment_match_exists() CMD: '%s' (res: %d, err: %s)",
@@ -303,7 +303,7 @@ comment_match_exists(const fko_srv_options_t * const opts)
in_chain->from_chain
);
res = run_extcmd(cmd_buf, cmd_out, STANDARD_CMD_OUT_BUFSIZE, 0);
res = run_extcmd(cmd_buf, cmd_out, STANDARD_CMD_OUT_BUFSIZE, 0, opts);
chop_newline(cmd_out);
if(!EXTCMD_IS_SUCCESS(res))
@@ -327,7 +327,7 @@ comment_match_exists(const fko_srv_options_t * const opts)
in_chain->from_chain,
1
);
run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0, opts);
}
return res;
@@ -348,7 +348,7 @@ add_jump_rule(const fko_srv_options_t * const opts, const int chain_num)
fwc.chain[chain_num].to_chain
);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0, opts);
log_msg(LOG_DEBUG, "add_jump_rule() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
@@ -376,7 +376,7 @@ chain_exists(const fko_srv_options_t * const opts, const int chain_num)
fwc.chain[chain_num].to_chain
);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0, opts);
chop_newline(err_buf);
log_msg(LOG_DEBUG, "chain_exists() CMD: '%s' (res: %d, err: %s)",
@@ -423,7 +423,7 @@ jump_rule_exists_no_chk_support(const fko_srv_options_t * const opts, const int
char line_buf[CMD_BUFSIZE] = {0};
FILE *ipt;
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_LIST_RULES_ARGS,
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_LIST_RULES_ARGS " 2>&1",
fwc.fw_command,
fwc.chain[chain_num].table,
fwc.chain[chain_num].from_chain
@@ -513,7 +513,7 @@ fw_dump_rules(const fko_srv_options_t * const opts)
ch[i].table
);
res = system(cmd_buf);
res = run_extcmd(cmd_buf, NULL, 0, 0, opts);
log_msg(LOG_DEBUG, "fw_dump_rules() CMD: '%s' (res: %d)",
cmd_buf, res);
@@ -549,7 +549,8 @@ fw_dump_rules(const fko_srv_options_t * const opts)
fprintf(stdout, "\n");
fflush(stdout);
res = system(cmd_buf);
res = run_extcmd(cmd_buf, NULL, 0, 0, opts);
log_msg(LOG_DEBUG, "fw_dump_rules() CMD: '%s' (res: %d)",
cmd_buf, res);
@@ -593,7 +594,7 @@ delete_all_chains(const fko_srv_options_t * const opts)
fwc.chain[i].to_chain
);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0, opts);
chop_newline(err_buf);
log_msg(LOG_DEBUG, "delete_all_chains() CMD: '%s' (res: %d, err: %s)",
@@ -620,7 +621,7 @@ delete_all_chains(const fko_srv_options_t * const opts)
fwc.chain[i].to_chain
);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0, opts);
chop_newline(err_buf);
log_msg(LOG_DEBUG, "delete_all_chains() CMD: '%s' (res: %d, err: %s)",
@@ -647,7 +648,7 @@ create_chain(const fko_srv_options_t * const opts, const int chain_num)
fwc.chain[chain_num].to_chain
);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0, opts);
chop_newline(err_buf);
log_msg(LOG_DEBUG, "create_chain() CMD: '%s' (res: %d, err: %s)",
@@ -923,7 +924,7 @@ create_rule(const fko_srv_options_t * const opts,
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s -A %s %s", opts->fw_config->fw_command, fw_chain, fw_rule);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0, opts);
chop_newline(err_buf);
log_msg(LOG_DEBUG, "create_rule() CMD: '%s' (res: %d, err: %s)",
@@ -1392,7 +1393,7 @@ check_firewall_rules(const fko_srv_options_t * const opts)
ch[i].to_chain
);
res = run_extcmd(cmd_buf, cmd_out, STANDARD_CMD_OUT_BUFSIZE, 0);
res = run_extcmd(cmd_buf, cmd_out, STANDARD_CMD_OUT_BUFSIZE, 0, opts);
chop_newline(cmd_out);
log_msg(LOG_DEBUG, "check_firewall_rules() CMD: '%s' (res: %d, cmd_out: %s)",
@@ -1500,7 +1501,7 @@ check_firewall_rules(const fko_srv_options_t * const opts)
rule_num - rn_offset
);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, 0, opts);
chop_newline(err_buf);
log_msg(LOG_DEBUG, "check_firewall_rules() CMD: '%s' (res: %d, err: %s)",

38
server/fw_util_iptables.h
View File

@@ -35,25 +35,25 @@
/* iptables command args
*/
#define IPT_CHK_RULE_ARGS "-C %s %s" /* 2>&1 is always added in the second %s */
#define IPT_RULE_ARGS "-t %s -p %i -s %s --dport %i -m comment --comment " EXPIRE_COMMENT_PREFIX "%u -j %s 2>&1"
#define IPT_OUT_RULE_ARGS "-t %s -p %i -d %s --sport %i -m comment --comment " EXPIRE_COMMENT_PREFIX "%u -j %s 2>&1"
#define IPT_FWD_RULE_ARGS "-t %s -p %i -s %s -d %s --dport %i -m comment --comment " EXPIRE_COMMENT_PREFIX "%u -j %s 2>&1"
#define IPT_DNAT_RULE_ARGS "-t %s -p %i -s %s --dport %i -m comment --comment " EXPIRE_COMMENT_PREFIX "%u -j %s --to-destination %s:%i 2>&1"
#define IPT_SNAT_RULE_ARGS "-t %s -p %i -d %s --dport %i -m comment --comment " EXPIRE_COMMENT_PREFIX "%u -j %s %s 2>&1"
#define IPT_TMP_COMMENT_ARGS "-t %s -I %s %i -s 127.0.0.2 -m comment --comment " TMP_COMMENT " -j %s 2>&1"
#define IPT_TMP_CHK_RULE_ARGS "-t %s -I %s %i -s 127.0.0.2 -p udp -j %s 2>&1"
#define IPT_TMP_VERIFY_CHK_ARGS "-t %s -C %s -s 127.0.0.2 -p udp -j %s 2>&1"
#define IPT_DEL_RULE_ARGS "-t %s -D %s %i 2>&1"
#define IPT_NEW_CHAIN_ARGS "-t %s -N %s 2>&1"
#define IPT_FLUSH_CHAIN_ARGS "-t %s -F %s 2>&1"
#define IPT_CHAIN_EXISTS_ARGS "-t %s -L %s -n 2>&1"
#define IPT_DEL_CHAIN_ARGS "-t %s -X %s 2>&1"
#define IPT_CHK_JUMP_RULE_ARGS "-t %s -j %s 2>&1"
#define IPT_ADD_JUMP_RULE_ARGS "-t %s -I %s %i -j %s 2>&1"
#define IPT_DEL_JUMP_RULE_ARGS "-t %s -D %s -j %s 2>&1" /* let iptables work out the rule number */
#define IPT_LIST_RULES_ARGS "-t %s -L %s --line-numbers -n 2>&1"
#define IPT_LIST_ALL_RULES_ARGS "-t %s -v -n -L --line-numbers 2>&1"
#define IPT_CHK_RULE_ARGS "-C %s %s"
#define IPT_RULE_ARGS "-t %s -p %i -s %s --dport %i -m comment --comment " EXPIRE_COMMENT_PREFIX "%u -j %s"
#define IPT_OUT_RULE_ARGS "-t %s -p %i -d %s --sport %i -m comment --comment " EXPIRE_COMMENT_PREFIX "%u -j %s"
#define IPT_FWD_RULE_ARGS "-t %s -p %i -s %s -d %s --dport %i -m comment --comment " EXPIRE_COMMENT_PREFIX "%u -j %s"
#define IPT_DNAT_RULE_ARGS "-t %s -p %i -s %s --dport %i -m comment --comment " EXPIRE_COMMENT_PREFIX "%u -j %s --to-destination %s:%i"
#define IPT_SNAT_RULE_ARGS "-t %s -p %i -d %s --dport %i -m comment --comment " EXPIRE_COMMENT_PREFIX "%u -j %s %s"
#define IPT_TMP_COMMENT_ARGS "-t %s -I %s %i -s 127.0.0.2 -m comment --comment " TMP_COMMENT " -j %s"
#define IPT_TMP_CHK_RULE_ARGS "-t %s -I %s %i -s 127.0.0.2 -p udp -j %s"
#define IPT_TMP_VERIFY_CHK_ARGS "-t %s -C %s -s 127.0.0.2 -p udp -j %s"
#define IPT_DEL_RULE_ARGS "-t %s -D %s %i"
#define IPT_NEW_CHAIN_ARGS "-t %s -N %s"
#define IPT_FLUSH_CHAIN_ARGS "-t %s -F %s"
#define IPT_CHAIN_EXISTS_ARGS "-t %s -L %s -n"
#define IPT_DEL_CHAIN_ARGS "-t %s -X %s"
#define IPT_CHK_JUMP_RULE_ARGS "-t %s -j %s"
#define IPT_ADD_JUMP_RULE_ARGS "-t %s -I %s %i -j %s"
#define IPT_DEL_JUMP_RULE_ARGS "-t %s -D %s -j %s" /* let iptables work out the rule number */
#define IPT_LIST_RULES_ARGS "-t %s -L %s --line-numbers -n"
#define IPT_LIST_ALL_RULES_ARGS "-t %s -v -n -L --line-numbers"
int validate_ipt_chain_conf(const char * const chain_str);

6
server/incoming_spa.c
View File

@@ -882,11 +882,11 @@ incoming_spa(fko_srv_options_t *opts)
log_msg(LOG_INFO, "[%s] (stanza #%d) Setting effective user to %s (UID=%i) before running command.",
spadat.pkt_source_ip, stanza_num, acc->cmd_exec_user, acc->cmd_exec_uid);
res = run_extcmd_as(acc->cmd_exec_uid,
spadat.spa_message_remain, NULL, 0, 0);
res = run_extcmd_as(acc->cmd_exec_uid, spadat.spa_message_remain,
NULL, 0, 0, opts);
}
else /* Just run it as we are (root that is). */
res = run_extcmd(spadat.spa_message_remain, NULL, 0, 5);
res = run_extcmd(spadat.spa_message_remain, NULL, 0, 5, opts);
/* --DSS XXX: I have found that the status (and res for that
* matter) have been unreliable indicators of the

93
server/utils.c
View File

@@ -163,4 +163,97 @@ verify_file_perms_ownership(const char *file)
return res;
}
static int
add_argv(char **argv_new, int *argc_new,
const char *new_arg, const fko_srv_options_t * const opts)
{
int buf_size = 0;
if(opts->verbose > 2)
log_msg(LOG_INFO, "[+] add_argv() + arg: %s", new_arg);
buf_size = strlen(new_arg) + 1;
argv_new[*argc_new] = calloc(1, buf_size);
if(argv_new[*argc_new] == NULL)
{
log_msg(LOG_INFO, "[*] Memory allocation error.");
return 0;
}
strlcpy(argv_new[*argc_new], new_arg, buf_size);
*argc_new += 1;
if(*argc_new >= MAX_CMDLINE_ARGS-1)
{
log_msg(LOG_ERR, "[*] max command line args exceeded.");
return 0;
}
argv_new[*argc_new] = NULL;
return 1;
}
int
strtoargv(const char * const args_str, char **argv_new, int *argc_new,
const fko_srv_options_t * const opts)
{
int current_arg_ctr = 0, i;
char arg_tmp[MAX_LINE_LEN] = {0};
for (i=0; i < (int)strlen(args_str); i++)
{
if (!isspace(args_str[i]))
{
arg_tmp[current_arg_ctr] = args_str[i];
current_arg_ctr++;
}
else
{
if(current_arg_ctr > 0)
{
arg_tmp[current_arg_ctr] = '\0';
if (add_argv(argv_new, argc_new, arg_tmp, opts) != 1)
{
free_argv(argv_new, argc_new);
return 0;
}
current_arg_ctr = 0;
}
}
}
/* pick up the last argument in the string
*/
if(current_arg_ctr > 0)
{
arg_tmp[current_arg_ctr] = '\0';
if (add_argv(argv_new, argc_new, arg_tmp, opts) != 1)
{
free_argv(argv_new, argc_new);
return 0;
}
}
return 1;
}
void
free_argv(char **argv_new, int *argc_new)
{
int i;
if(argv_new == NULL || *argv_new == NULL)
return;
for (i=0; i < *argc_new; i++)
{
if(argv_new[i] == NULL)
break;
else
free(argv_new[i]);
}
return;
}
/***EOF***/

9
server/utils.h
View File

@@ -56,9 +56,12 @@
/* Prototypes
*/
void hex_dump(const unsigned char *data, const int size);
void hex_dump(const unsigned char *data, const int size);
char* dump_ctx(fko_ctx_t ctx);
int is_valid_dir(const char *path);
int verify_file_perms_ownership(const char *file);
int is_valid_dir(const char *path);
int verify_file_perms_ownership(const char *file);
int strtoargv(const char * const args_str, char **argv_new, int *argc_new,
const fko_srv_options_t * const opts);
void free_argv(char **argv_new, int *argc_new);
#endif /* UTILS_H */