[1] | 1 | /* $Id: process-creation-posix.cpp 103581 2024-02-26 17:54:50Z vboxsync $ */
|
---|
| 2 | /** @file
|
---|
[33602] | 3 | * IPRT - Process Creation, POSIX.
|
---|
[1] | 4 | */
|
---|
| 5 |
|
---|
| 6 | /*
|
---|
[98103] | 7 | * Copyright (C) 2006-2023 Oracle and/or its affiliates.
|
---|
[1] | 8 | *
|
---|
[96407] | 9 | * This file is part of VirtualBox base platform packages, as
|
---|
| 10 | * available from https://www.virtualbox.org.
|
---|
[5999] | 11 | *
|
---|
[96407] | 12 | * This program is free software; you can redistribute it and/or
|
---|
| 13 | * modify it under the terms of the GNU General Public License
|
---|
| 14 | * as published by the Free Software Foundation, in version 3 of the
|
---|
| 15 | * License.
|
---|
| 16 | *
|
---|
| 17 | * This program is distributed in the hope that it will be useful, but
|
---|
| 18 | * WITHOUT ANY WARRANTY; without even the implied warranty of
|
---|
| 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
---|
| 20 | * General Public License for more details.
|
---|
| 21 | *
|
---|
| 22 | * You should have received a copy of the GNU General Public License
|
---|
| 23 | * along with this program; if not, see <https://www.gnu.org/licenses>.
|
---|
| 24 | *
|
---|
[5999] | 25 | * The contents of this file may alternatively be used under the terms
|
---|
| 26 | * of the Common Development and Distribution License Version 1.0
|
---|
[96407] | 27 | * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
|
---|
| 28 | * in the VirtualBox distribution, in which case the provisions of the
|
---|
[5999] | 29 | * CDDL are applicable instead of those of the GPL.
|
---|
| 30 | *
|
---|
| 31 | * You may elect to license modified versions of this file under the
|
---|
| 32 | * terms and conditions of either the GPL or the CDDL or both.
|
---|
[96407] | 33 | *
|
---|
| 34 | * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
|
---|
[1] | 35 | */
|
---|
| 36 |
|
---|
| 37 |
|
---|
[57358] | 38 | /*********************************************************************************************************************************
|
---|
| 39 | * Header Files *
|
---|
| 40 | *********************************************************************************************************************************/
|
---|
[1] | 41 | #define LOG_GROUP RTLOGGROUP_PROCESS
|
---|
[44556] | 42 | #include <iprt/cdefs.h>
|
---|
[79011] | 43 | #ifdef RT_OS_LINUX
|
---|
| 44 | # define IPRT_WITH_DYNAMIC_CRYPT_R
|
---|
| 45 | #endif
|
---|
| 46 | #if (defined(RT_OS_LINUX) || defined(RT_OS_OS2)) && !defined(_GNU_SOURCE)
|
---|
| 47 | # define _GNU_SOURCE
|
---|
| 48 | #endif
|
---|
[92671] | 49 | #if defined(RT_OS_LINUX) && !defined(_XOPEN_SOURCE)
|
---|
| 50 | # define _XOPEN_SOURCE 700 /* for newlocale */
|
---|
| 51 | #endif
|
---|
[44556] | 52 |
|
---|
[79014] | 53 | #ifdef RT_OS_OS2
|
---|
| 54 | # define crypt unistd_crypt
|
---|
| 55 | # define setkey unistd_setkey
|
---|
| 56 | # define encrypt unistd_encrypt
|
---|
| 57 | # include <unistd.h>
|
---|
| 58 | # undef crypt
|
---|
| 59 | # undef setkey
|
---|
| 60 | # undef encrypt
|
---|
| 61 | #else
|
---|
| 62 | # include <unistd.h>
|
---|
| 63 | #endif
|
---|
[1] | 64 | #include <stdlib.h>
|
---|
| 65 | #include <errno.h>
|
---|
[92671] | 66 | #include <langinfo.h>
|
---|
| 67 | #include <locale.h>
|
---|
[11337] | 68 | #include <sys/types.h>
|
---|
[1] | 69 | #include <sys/stat.h>
|
---|
| 70 | #include <sys/wait.h>
|
---|
[11337] | 71 | #include <fcntl.h>
|
---|
[537] | 72 | #include <signal.h>
|
---|
[49530] | 73 | #include <grp.h>
|
---|
[57869] | 74 | #include <pwd.h>
|
---|
[79010] | 75 | #if defined(RT_OS_LINUX) || defined(RT_OS_OS2) || defined(RT_OS_SOLARIS)
|
---|
| 76 | # include <crypt.h>
|
---|
| 77 | #endif
|
---|
[29624] | 78 | #if defined(RT_OS_LINUX) || defined(RT_OS_SOLARIS)
|
---|
[29582] | 79 | # include <shadow.h>
|
---|
| 80 | #endif
|
---|
[95623] | 81 | #if defined(RT_OS_DARWIN)
|
---|
| 82 | # include <xlocale.h> /* for newlocale() */
|
---|
| 83 | #endif
|
---|
[44556] | 84 |
|
---|
[3672] | 85 | #if defined(RT_OS_LINUX) || defined(RT_OS_OS2)
|
---|
[33009] | 86 | /* While Solaris has posix_spawn() of course we don't want to use it as
|
---|
| 87 | * we need to have the child in a different process contract, no matter
|
---|
| 88 | * whether it is started detached or not. */
|
---|
[1] | 89 | # define HAVE_POSIX_SPAWN 1
|
---|
| 90 | #endif
|
---|
[44556] | 91 | #if defined(RT_OS_DARWIN) && defined(MAC_OS_X_VERSION_MIN_REQUIRED)
|
---|
| 92 | # if MAC_OS_X_VERSION_MIN_REQUIRED >= 1050
|
---|
| 93 | # define HAVE_POSIX_SPAWN 1
|
---|
| 94 | # endif
|
---|
| 95 | #endif
|
---|
[1] | 96 | #ifdef HAVE_POSIX_SPAWN
|
---|
| 97 | # include <spawn.h>
|
---|
| 98 | #endif
|
---|
[44556] | 99 |
|
---|
[92657] | 100 | #if !defined(IPRT_USE_PAM) \
|
---|
[94406] | 101 | && !defined(IPRT_WITHOUT_PAM) \
|
---|
[95208] | 102 | && ( defined(RT_OS_DARWIN) || defined(RT_OS_FREEBSD) || defined(RT_OS_LINUX) || defined(RT_OS_NETBSD) || defined(RT_OS_OPENBSD) || defined(RT_OS_SOLARIS) )
|
---|
[81251] | 103 | # define IPRT_USE_PAM
|
---|
| 104 | #endif
|
---|
| 105 | #ifdef IPRT_USE_PAM
|
---|
[75725] | 106 | # include <security/pam_appl.h>
|
---|
| 107 | # include <stdlib.h>
|
---|
| 108 | # include <dlfcn.h>
|
---|
| 109 | # include <iprt/asm.h>
|
---|
[1] | 110 | #endif
|
---|
[75725] | 111 |
|
---|
[32990] | 112 | #ifdef RT_OS_SOLARIS
|
---|
| 113 | # include <limits.h>
|
---|
| 114 | # include <sys/ctfs.h>
|
---|
| 115 | # include <sys/contract/process.h>
|
---|
| 116 | # include <libcontract.h>
|
---|
| 117 | #endif
|
---|
[1] | 118 |
|
---|
[57872] | 119 | #ifndef RT_OS_SOLARIS
|
---|
| 120 | # include <paths.h>
|
---|
| 121 | #else
|
---|
| 122 | # define _PATH_MAILDIR "/var/mail"
|
---|
| 123 | # define _PATH_DEFPATH "/usr/bin:/bin"
|
---|
| 124 | # define _PATH_STDPATH "/sbin:/usr/sbin:/bin:/usr/bin"
|
---|
| 125 | #endif
|
---|
[92617] | 126 | #ifndef _PATH_BSHELL
|
---|
| 127 | # define _PATH_BSHELL "/bin/sh"
|
---|
| 128 | #endif
|
---|
[57872] | 129 |
|
---|
| 130 |
|
---|
[1] | 131 | #include <iprt/process.h>
|
---|
[26802] | 132 | #include "internal/iprt.h"
|
---|
| 133 |
|
---|
[92671] | 134 | #include <iprt/alloca.h>
|
---|
[1] | 135 | #include <iprt/assert.h>
|
---|
[92617] | 136 | #include <iprt/ctype.h>
|
---|
[26802] | 137 | #include <iprt/env.h>
|
---|
[1] | 138 | #include <iprt/err.h>
|
---|
[26802] | 139 | #include <iprt/file.h>
|
---|
[92758] | 140 | #if defined(IPRT_WITH_DYNAMIC_CRYPT_R) || defined(IPRT_USE_PAM)
|
---|
[79011] | 141 | # include <iprt/ldr.h>
|
---|
| 142 | #endif
|
---|
[75725] | 143 | #include <iprt/log.h>
|
---|
[40571] | 144 | #include <iprt/path.h>
|
---|
[26802] | 145 | #include <iprt/pipe.h>
|
---|
[27503] | 146 | #include <iprt/socket.h>
|
---|
[26802] | 147 | #include <iprt/string.h>
|
---|
[29636] | 148 | #include <iprt/mem.h>
|
---|
[1] | 149 | #include "internal/process.h"
|
---|
[92671] | 150 | #include "internal/path.h"
|
---|
| 151 | #include "internal/string.h"
|
---|
[1] | 152 |
|
---|
| 153 |
|
---|
[75725] | 154 | /*********************************************************************************************************************************
|
---|
[92755] | 155 | * Defined Constants And Macros *
|
---|
| 156 | *********************************************************************************************************************************/
|
---|
| 157 | #ifdef IPRT_USE_PAM
|
---|
| 158 | /*
|
---|
| 159 | * The PAM library names and version ranges to try.
|
---|
| 160 | */
|
---|
| 161 | # ifdef RT_OS_DARWIN
|
---|
| 162 | # include <mach-o/dyld.h>
|
---|
| 163 | /** @node libpam.2.dylib was introduced with 10.6.x (OpenPAM); we use
|
---|
| 164 | * libpam.dylib as that's a symlink to the latest and greatest. */
|
---|
| 165 | # define IPRT_LIBPAM_FILE_1 "libpam.dylib"
|
---|
| 166 | # define IPRT_LIBPAM_FILE_1_FIRST_VER 0
|
---|
| 167 | # define IPRT_LIBPAM_FILE_1_END_VER 0
|
---|
| 168 | # define IPRT_LIBPAM_FILE_2 "libpam.2.dylib"
|
---|
| 169 | # define IPRT_LIBPAM_FILE_2_FIRST_VER 0
|
---|
| 170 | # define IPRT_LIBPAM_FILE_2_END_VER 0
|
---|
| 171 | # define IPRT_LIBPAM_FILE_3 "libpam.1.dylib"
|
---|
| 172 | # define IPRT_LIBPAM_FILE_3_FIRST_VER 0
|
---|
| 173 | # define IPRT_LIBPAM_FILE_3_END_VER 0
|
---|
| 174 | # elif RT_OS_LINUX
|
---|
| 175 | # define IPRT_LIBPAM_FILE_1 "libpam.so.0"
|
---|
| 176 | # define IPRT_LIBPAM_FILE_1_FIRST_VER 0
|
---|
| 177 | # define IPRT_LIBPAM_FILE_1_END_VER 0
|
---|
| 178 | # define IPRT_LIBPAM_FILE_2 "libpam.so"
|
---|
| 179 | # define IPRT_LIBPAM_FILE_2_FIRST_VER 16
|
---|
| 180 | # define IPRT_LIBPAM_FILE_2_END_VER 1
|
---|
| 181 | # else
|
---|
| 182 | # define IPRT_LIBPAM_FILE_1 "libpam.so"
|
---|
[93487] | 183 | # define IPRT_LIBPAM_FILE_1_FIRST_VER 16
|
---|
| 184 | # define IPRT_LIBPAM_FILE_1_END_VER 0
|
---|
[92755] | 185 | # endif
|
---|
| 186 | #endif
|
---|
| 187 |
|
---|
| 188 |
|
---|
| 189 | /*********************************************************************************************************************************
|
---|
[75725] | 190 | * Structures and Typedefs *
|
---|
| 191 | *********************************************************************************************************************************/
|
---|
[81251] | 192 | #ifdef IPRT_USE_PAM
|
---|
[75725] | 193 | /** For passing info between rtCheckCredentials and rtPamConv. */
|
---|
| 194 | typedef struct RTPROCPAMARGS
|
---|
| 195 | {
|
---|
| 196 | const char *pszUser;
|
---|
| 197 | const char *pszPassword;
|
---|
| 198 | } RTPROCPAMARGS;
|
---|
| 199 | /** Pointer to rtPamConv argument package. */
|
---|
| 200 | typedef RTPROCPAMARGS *PRTPROCPAMARGS;
|
---|
| 201 | #endif
|
---|
| 202 |
|
---|
| 203 |
|
---|
[92617] | 204 | /*********************************************************************************************************************************
|
---|
| 205 | * Global Variables *
|
---|
| 206 | *********************************************************************************************************************************/
|
---|
| 207 | /** Environment dump marker used with CSH. */
|
---|
| 208 | static const char g_szEnvMarkerBegin[] = "IPRT_EnvEnvEnv_Begin_EnvEnvEnv";
|
---|
| 209 | /** Environment dump marker used with CSH. */
|
---|
| 210 | static const char g_szEnvMarkerEnd[] = "IPRT_EnvEnvEnv_End_EnvEnvEnv";
|
---|
| 211 |
|
---|
| 212 |
|
---|
| 213 | /*********************************************************************************************************************************
|
---|
| 214 | * Internal Functions *
|
---|
| 215 | *********************************************************************************************************************************/
|
---|
| 216 | static int rtProcPosixCreateInner(const char *pszExec, const char * const *papszArgs, RTENV hEnv, RTENV hEnvToUse,
|
---|
| 217 | uint32_t fFlags, const char *pszAsUser, uid_t uid, gid_t gid,
|
---|
[99109] | 218 | unsigned cRedirFds, int *paRedirFds, void *pvExtraData, PRTPROCESS phProcess);
|
---|
[92617] | 219 |
|
---|
| 220 |
|
---|
[81251] | 221 | #ifdef IPRT_USE_PAM
|
---|
[29582] | 222 | /**
|
---|
[75725] | 223 | * Worker for rtCheckCredentials that feeds password and maybe username to PAM.
|
---|
| 224 | *
|
---|
| 225 | * @returns PAM status.
|
---|
| 226 | * @param cMessages Number of messages.
|
---|
| 227 | * @param papMessages Message vector.
|
---|
| 228 | * @param ppaResponses Where to put our responses.
|
---|
| 229 | * @param pvAppData Pointer to RTPROCPAMARGS.
|
---|
| 230 | */
|
---|
[95208] | 231 | #if defined(RT_OS_SOLARIS)
|
---|
| 232 | static int rtPamConv(int cMessages, struct pam_message **papMessages, struct pam_response **ppaResponses, void *pvAppData)
|
---|
| 233 | #else
|
---|
[75725] | 234 | static int rtPamConv(int cMessages, const struct pam_message **papMessages, struct pam_response **ppaResponses, void *pvAppData)
|
---|
[95208] | 235 | #endif
|
---|
[75725] | 236 | {
|
---|
| 237 | LogFlow(("rtPamConv: cMessages=%d\n", cMessages));
|
---|
| 238 | PRTPROCPAMARGS pArgs = (PRTPROCPAMARGS)pvAppData;
|
---|
| 239 | AssertPtrReturn(pArgs, PAM_CONV_ERR);
|
---|
| 240 |
|
---|
| 241 | struct pam_response *paResponses = (struct pam_response *)calloc(cMessages, sizeof(paResponses[0]));
|
---|
| 242 | AssertReturn(paResponses, PAM_CONV_ERR);
|
---|
| 243 | for (int i = 0; i < cMessages; i++)
|
---|
| 244 | {
|
---|
| 245 | LogFlow(("rtPamConv: #%d: msg_style=%d msg=%s\n", i, papMessages[i]->msg_style, papMessages[i]->msg));
|
---|
| 246 |
|
---|
| 247 | paResponses[i].resp_retcode = 0;
|
---|
| 248 | if (papMessages[i]->msg_style == PAM_PROMPT_ECHO_OFF)
|
---|
| 249 | paResponses[i].resp = strdup(pArgs->pszPassword);
|
---|
| 250 | else if (papMessages[i]->msg_style == PAM_PROMPT_ECHO_ON)
|
---|
| 251 | paResponses[i].resp = strdup(pArgs->pszUser);
|
---|
| 252 | else
|
---|
| 253 | {
|
---|
| 254 | paResponses[i].resp = NULL;
|
---|
| 255 | continue;
|
---|
| 256 | }
|
---|
| 257 | if (paResponses[i].resp == NULL)
|
---|
| 258 | {
|
---|
| 259 | while (i-- > 0)
|
---|
| 260 | free(paResponses[i].resp);
|
---|
| 261 | free(paResponses);
|
---|
| 262 | LogFlow(("rtPamConv: out of memory\n"));
|
---|
| 263 | return PAM_CONV_ERR;
|
---|
| 264 | }
|
---|
| 265 | }
|
---|
| 266 |
|
---|
| 267 | *ppaResponses = paResponses;
|
---|
| 268 | return PAM_SUCCESS;
|
---|
| 269 | }
|
---|
| 270 |
|
---|
| 271 |
|
---|
| 272 | /**
|
---|
[92657] | 273 | * Common PAM driver for rtCheckCredentials and the case where pszAsUser is NULL
|
---|
| 274 | * but RTPROC_FLAGS_PROFILE is set.
|
---|
[79011] | 275 | *
|
---|
[92657] | 276 | * @returns IPRT status code.
|
---|
| 277 | * @param pszPamService The PAM service to use for the run.
|
---|
| 278 | * @param pszUser The user.
|
---|
| 279 | * @param pszPassword The password.
|
---|
| 280 | * @param ppapszEnv Where to return PAM environment variables, NULL is
|
---|
| 281 | * fine if no variables to return. Call
|
---|
| 282 | * rtProcPosixFreePamEnv to free. Optional, so NULL
|
---|
| 283 | * can be passed in.
|
---|
| 284 | * @param pfMayFallBack Where to return whether a fallback to crypt is
|
---|
| 285 | * acceptable or if the failure result is due to
|
---|
| 286 | * authentication failing. Optional.
|
---|
[79011] | 287 | */
|
---|
[92657] | 288 | static int rtProcPosixAuthenticateUsingPam(const char *pszPamService, const char *pszUser, const char *pszPassword,
|
---|
| 289 | char ***ppapszEnv, bool *pfMayFallBack)
|
---|
[79011] | 290 | {
|
---|
[92657] | 291 | if (pfMayFallBack)
|
---|
| 292 | *pfMayFallBack = true;
|
---|
[79011] | 293 |
|
---|
[75725] | 294 | /*
|
---|
[92755] | 295 | * Dynamically load pam the first time we go thru here.
|
---|
[75725] | 296 | */
|
---|
[92755] | 297 | static int (*s_pfnPamStart)(const char *, const char *, struct pam_conv *, pam_handle_t **);
|
---|
| 298 | static int (*s_pfnPamAuthenticate)(pam_handle_t *, int);
|
---|
| 299 | static int (*s_pfnPamAcctMgmt)(pam_handle_t *, int);
|
---|
| 300 | static int (*s_pfnPamSetItem)(pam_handle_t *, int, const void *);
|
---|
| 301 | static int (*s_pfnPamSetCred)(pam_handle_t *, int);
|
---|
| 302 | static char ** (*s_pfnPamGetEnvList)(pam_handle_t *);
|
---|
| 303 | static int (*s_pfnPamOpenSession)(pam_handle_t *, int);
|
---|
| 304 | static int (*s_pfnPamCloseSession)(pam_handle_t *, int);
|
---|
| 305 | static int (*s_pfnPamEnd)(pam_handle_t *, int);
|
---|
| 306 | if ( s_pfnPamStart == NULL
|
---|
| 307 | || s_pfnPamAuthenticate == NULL
|
---|
| 308 | || s_pfnPamAcctMgmt == NULL
|
---|
| 309 | || s_pfnPamSetItem == NULL
|
---|
| 310 | || s_pfnPamEnd == NULL)
|
---|
[75725] | 311 | {
|
---|
[92755] | 312 | RTLDRMOD hModPam = NIL_RTLDRMOD;
|
---|
| 313 | const char *pszLast;
|
---|
| 314 | int rc = RTLdrLoadSystemEx(pszLast = IPRT_LIBPAM_FILE_1, RTLDRLOAD_FLAGS_GLOBAL | RTLDRLOAD_FLAGS_NO_UNLOAD
|
---|
| 315 | | RTLDRLOAD_FLAGS_SO_VER_RANGE(IPRT_LIBPAM_FILE_1_FIRST_VER, IPRT_LIBPAM_FILE_1_END_VER),
|
---|
| 316 | &hModPam);
|
---|
| 317 | # ifdef IPRT_LIBPAM_FILE_2
|
---|
| 318 | if (RT_FAILURE(rc))
|
---|
| 319 | rc = RTLdrLoadSystemEx(pszLast = IPRT_LIBPAM_FILE_2, RTLDRLOAD_FLAGS_GLOBAL | RTLDRLOAD_FLAGS_NO_UNLOAD
|
---|
| 320 | | RTLDRLOAD_FLAGS_SO_VER_RANGE(IPRT_LIBPAM_FILE_2_FIRST_VER, IPRT_LIBPAM_FILE_2_END_VER),
|
---|
| 321 | &hModPam);
|
---|
| 322 | # endif
|
---|
| 323 | # ifdef IPRT_LIBPAM_FILE_3
|
---|
| 324 | if (RT_FAILURE(rc))
|
---|
| 325 | rc = RTLdrLoadSystemEx(pszLast = IPRT_LIBPAM_FILE_3, RTLDRLOAD_FLAGS_GLOBAL | RTLDRLOAD_FLAGS_NO_UNLOAD
|
---|
| 326 | | RTLDRLOAD_FLAGS_SO_VER_RANGE(IPRT_LIBPAM_FILE_3_FIRST_VER, IPRT_LIBPAM_FILE_3_END_VER),
|
---|
| 327 | &hModPam);
|
---|
| 328 | # endif
|
---|
[103581] | 329 | # ifdef RT_OS_DARWIN
|
---|
| 330 | /* Try absolute paths on Darwin (if SIP is enabled). */
|
---|
[92755] | 331 | if (RT_FAILURE(rc))
|
---|
| 332 | {
|
---|
[103581] | 333 | # define MAKE_ABSOLUTE(a_Lib) "/usr/lib" # a_Lib
|
---|
| 334 | rc = RTLdrLoadEx(pszLast = MAKE_ABSOLUTE(IPRT_LIBPAM_FILE_1), &hModPam, RTLDRLOAD_FLAGS_GLOBAL | RTLDRLOAD_FLAGS_NO_UNLOAD
|
---|
| 335 | | RTLDRLOAD_FLAGS_SO_VER_RANGE(IPRT_LIBPAM_FILE_1_FIRST_VER, IPRT_LIBPAM_FILE_1_END_VER),
|
---|
| 336 | NULL);
|
---|
| 337 | # ifdef IPRT_LIBPAM_FILE_2
|
---|
| 338 | if (RT_FAILURE(rc))
|
---|
| 339 | rc = RTLdrLoadEx(pszLast = MAKE_ABSOLUTE(IPRT_LIBPAM_FILE_2), &hModPam, RTLDRLOAD_FLAGS_GLOBAL | RTLDRLOAD_FLAGS_NO_UNLOAD
|
---|
| 340 | | RTLDRLOAD_FLAGS_SO_VER_RANGE(IPRT_LIBPAM_FILE_2_FIRST_VER, IPRT_LIBPAM_FILE_2_END_VER),
|
---|
| 341 | NULL);
|
---|
| 342 | # endif
|
---|
| 343 | # ifdef IPRT_LIBPAM_FILE_3
|
---|
| 344 | if (RT_FAILURE(rc))
|
---|
| 345 | rc = RTLdrLoadEx(pszLast = MAKE_ABSOLUTE(IPRT_LIBPAM_FILE_3), &hModPam, RTLDRLOAD_FLAGS_GLOBAL | RTLDRLOAD_FLAGS_NO_UNLOAD
|
---|
| 346 | | RTLDRLOAD_FLAGS_SO_VER_RANGE(IPRT_LIBPAM_FILE_3_FIRST_VER, IPRT_LIBPAM_FILE_3_END_VER),
|
---|
| 347 | NULL);
|
---|
| 348 | # endif
|
---|
| 349 | # undef MAKE_ABSOLUTE
|
---|
| 350 | }
|
---|
| 351 | # endif /* RT_OS_DARWIN */
|
---|
| 352 |
|
---|
| 353 | if (RT_FAILURE(rc))
|
---|
| 354 | {
|
---|
[92755] | 355 | LogRelMax(10, ("failed to load %s: %Rrc\n", pszLast, rc));
|
---|
| 356 | return VERR_AUTHENTICATION_FAILURE;
|
---|
| 357 | }
|
---|
| 358 |
|
---|
[92761] | 359 | *(uintptr_t *)&s_pfnPamStart = (uintptr_t)RTLdrGetFunction(hModPam, "pam_start");
|
---|
| 360 | *(uintptr_t *)&s_pfnPamAuthenticate = (uintptr_t)RTLdrGetFunction(hModPam, "pam_authenticate");
|
---|
| 361 | *(uintptr_t *)&s_pfnPamAcctMgmt = (uintptr_t)RTLdrGetFunction(hModPam, "pam_acct_mgmt");
|
---|
| 362 | *(uintptr_t *)&s_pfnPamSetItem = (uintptr_t)RTLdrGetFunction(hModPam, "pam_set_item");
|
---|
| 363 | *(uintptr_t *)&s_pfnPamSetCred = (uintptr_t)RTLdrGetFunction(hModPam, "pam_setcred");
|
---|
| 364 | *(uintptr_t *)&s_pfnPamGetEnvList = (uintptr_t)RTLdrGetFunction(hModPam, "pam_getenvlist");
|
---|
| 365 | *(uintptr_t *)&s_pfnPamOpenSession = (uintptr_t)RTLdrGetFunction(hModPam, "pam_open_session");
|
---|
| 366 | *(uintptr_t *)&s_pfnPamCloseSession = (uintptr_t)RTLdrGetFunction(hModPam, "pam_close_session");
|
---|
| 367 | *(uintptr_t *)&s_pfnPamEnd = (uintptr_t)RTLdrGetFunction(hModPam, "pam_end");
|
---|
| 368 | ASMCompilerBarrier();
|
---|
[92755] | 369 |
|
---|
| 370 | RTLdrClose(hModPam);
|
---|
| 371 |
|
---|
| 372 | if ( s_pfnPamStart == NULL
|
---|
| 373 | || s_pfnPamAuthenticate == NULL
|
---|
| 374 | || s_pfnPamAcctMgmt == NULL
|
---|
| 375 | || s_pfnPamSetItem == NULL
|
---|
| 376 | || s_pfnPamEnd == NULL)
|
---|
[75725] | 377 | {
|
---|
[92755] | 378 | LogRelMax(10, ("failed to resolve symbols: %p %p %p %p %p\n",
|
---|
| 379 | s_pfnPamStart, s_pfnPamAuthenticate, s_pfnPamAcctMgmt, s_pfnPamSetItem, s_pfnPamEnd));
|
---|
| 380 | return VERR_AUTHENTICATION_FAILURE;
|
---|
| 381 | }
|
---|
| 382 | }
|
---|
[75725] | 383 |
|
---|
[92755] | 384 | # define pam_start s_pfnPamStart
|
---|
| 385 | # define pam_authenticate s_pfnPamAuthenticate
|
---|
| 386 | # define pam_acct_mgmt s_pfnPamAcctMgmt
|
---|
| 387 | # define pam_set_item s_pfnPamSetItem
|
---|
| 388 | # define pam_setcred s_pfnPamSetCred
|
---|
| 389 | # define pam_getenvlist s_pfnPamGetEnvList
|
---|
| 390 | # define pam_open_session s_pfnPamOpenSession
|
---|
| 391 | # define pam_close_session s_pfnPamCloseSession
|
---|
| 392 | # define pam_end s_pfnPamEnd
|
---|
| 393 |
|
---|
| 394 | /*
|
---|
| 395 | * Do the PAM stuff.
|
---|
| 396 | */
|
---|
| 397 | pam_handle_t *hPam = NULL;
|
---|
| 398 | RTPROCPAMARGS PamConvArgs = { pszUser, pszPassword };
|
---|
| 399 | struct pam_conv PamConversation;
|
---|
| 400 | RT_ZERO(PamConversation);
|
---|
| 401 | PamConversation.appdata_ptr = &PamConvArgs;
|
---|
| 402 | PamConversation.conv = rtPamConv;
|
---|
| 403 | int rc = pam_start(pszPamService, pszUser, &PamConversation, &hPam);
|
---|
| 404 | if (rc == PAM_SUCCESS)
|
---|
| 405 | {
|
---|
| 406 | rc = pam_set_item(hPam, PAM_RUSER, pszUser);
|
---|
[95006] | 407 | LogRel2(("rtProcPosixAuthenticateUsingPam(%s): pam_setitem/PAM_RUSER: %s\n", pszPamService, pszUser));
|
---|
[92755] | 408 | if (rc == PAM_SUCCESS)
|
---|
| 409 | {
|
---|
[95006] | 410 | /*
|
---|
| 411 | * Secure TTY fun ahead (for pam_securetty).
|
---|
| 412 | *
|
---|
[95320] | 413 | * We need to set PAM_TTY (if available) to make PAM stacks work which
|
---|
| 414 | * require a secure TTY via pam_securetty (Debian 10 + 11, for example). This
|
---|
| 415 | * is typically an issue when launching as 'root'. See @bugref{10225}.
|
---|
[95006] | 416 | *
|
---|
[95320] | 417 | * Note! We only can try (or better: guess) to a certain amount, as it really
|
---|
| 418 | * depends on the distribution or Administrator which has set up the
|
---|
| 419 | * system which (and how) things are allowed (see /etc/securetty).
|
---|
| 420 | *
|
---|
| 421 | * Note! We don't acctually try or guess anything about the distro like
|
---|
| 422 | * suggested by the above note, we just try determine the TTY of
|
---|
| 423 | * the _parent_ process and hope for the best. (bird)
|
---|
[95006] | 424 | */
|
---|
[95320] | 425 | char szTTY[64];
|
---|
| 426 | int rc2 = RTEnvGetEx(RTENV_DEFAULT, "DISPLAY", szTTY, sizeof(szTTY), NULL);
|
---|
[95006] | 427 | if (RT_FAILURE(rc2))
|
---|
| 428 | {
|
---|
[95320] | 429 | /* Virtual terminal hint given? */
|
---|
| 430 | static char const s_szPrefix[] = "tty";
|
---|
| 431 | memcpy(szTTY, s_szPrefix, sizeof(s_szPrefix));
|
---|
| 432 | rc2 = RTEnvGetEx(RTENV_DEFAULT, "XDG_VTNR", &szTTY[sizeof(s_szPrefix) - 1], sizeof(s_szPrefix) - 1, NULL);
|
---|
[95006] | 433 | }
|
---|
| 434 |
|
---|
[95147] | 435 | /** @todo Should we - distinguished from the login service - also set the hostname as PAM_TTY?
|
---|
| 436 | * The pam_access and pam_systemd talk about this. Similarly, SSH and cron use "ssh" and "cron" for PAM_TTY
|
---|
| 437 | * (see PAM_TTY_KLUDGE). */
|
---|
| 438 | #ifdef IPRT_WITH_PAM_TTY_KLUDGE
|
---|
[95006] | 439 | if (RT_FAILURE(rc2))
|
---|
[95147] | 440 | if (!RTStrICmp(pszPamService, "access")) /* Access management needed? */
|
---|
| 441 | {
|
---|
| 442 | int err = gethostname(szTTY, sizeof(szTTY));
|
---|
| 443 | if (err == 0)
|
---|
| 444 | rc2 = VINF_SUCCESS;
|
---|
| 445 | }
|
---|
| 446 | #endif
|
---|
| 447 | /* As a last resort, try stdin's TTY name instead (if any). */
|
---|
| 448 | if (RT_FAILURE(rc2))
|
---|
| 449 | {
|
---|
[95320] | 450 | rc2 = ttyname_r(0 /*stdin*/, szTTY, sizeof(szTTY));
|
---|
| 451 | if (rc2 != 0)
|
---|
| 452 | rc2 = RTErrConvertFromErrno(rc2);
|
---|
[95006] | 453 | }
|
---|
| 454 |
|
---|
[95320] | 455 | LogRel2(("rtProcPosixAuthenticateUsingPam(%s): pam_setitem/PAM_TTY: %s, rc2=%Rrc\n", pszPamService, szTTY, rc2));
|
---|
| 456 | if (szTTY[0] == '\0')
|
---|
[95007] | 457 | LogRel2(("rtProcPosixAuthenticateUsingPam(%s): Hint: Looks like running as a non-interactive user (no TTY/PTY).\n"
|
---|
[95320] | 458 | "Authentication requiring a secure terminal might fail.\n", pszPamService));
|
---|
[95006] | 459 |
|
---|
| 460 | if ( RT_SUCCESS(rc2)
|
---|
[95320] | 461 | && szTTY[0] != '\0') /* Only try using PAM_TTY if we have something to set. */
|
---|
[95006] | 462 | rc = pam_set_item(hPam, PAM_TTY, szTTY);
|
---|
| 463 |
|
---|
[75725] | 464 | if (rc == PAM_SUCCESS)
|
---|
| 465 | {
|
---|
[94984] | 466 | /* From this point on we don't allow falling back to other auth methods. */
|
---|
| 467 | if (pfMayFallBack)
|
---|
| 468 | *pfMayFallBack = false;
|
---|
| 469 |
|
---|
| 470 | rc = pam_authenticate(hPam, 0);
|
---|
| 471 | if (rc == PAM_SUCCESS)
|
---|
[92657] | 472 | {
|
---|
[94984] | 473 | rc = pam_acct_mgmt(hPam, 0);
|
---|
| 474 | if ( rc == PAM_SUCCESS
|
---|
| 475 | || rc == PAM_AUTHINFO_UNAVAIL /*??*/)
|
---|
[75725] | 476 | {
|
---|
[94984] | 477 | if ( ppapszEnv
|
---|
| 478 | && s_pfnPamGetEnvList
|
---|
| 479 | && s_pfnPamSetCred)
|
---|
| 480 | {
|
---|
| 481 | /* pam_env.so creates the environment when pam_setcred is called,. */
|
---|
| 482 | int rcSetCred = pam_setcred(hPam, PAM_ESTABLISH_CRED | PAM_SILENT);
|
---|
| 483 | /** @todo check pam_setcred status code? */
|
---|
[92657] | 484 |
|
---|
[94984] | 485 | /* Unless it does it during session opening (Ubuntu 21.10). This
|
---|
| 486 | unfortunately means we might mount user dir and other crap: */
|
---|
| 487 | /** @todo do session handling properly */
|
---|
| 488 | int rcOpenSession = PAM_ABORT;
|
---|
| 489 | if ( s_pfnPamOpenSession
|
---|
| 490 | && s_pfnPamCloseSession)
|
---|
| 491 | rcOpenSession = pam_open_session(hPam, PAM_SILENT);
|
---|
[92755] | 492 |
|
---|
[94984] | 493 | *ppapszEnv = pam_getenvlist(hPam);
|
---|
| 494 | LogFlowFunc(("pam_getenvlist -> %p ([0]=%p); rcSetCred=%d rcOpenSession=%d\n",
|
---|
| 495 | *ppapszEnv, *ppapszEnv ? **ppapszEnv : NULL, rcSetCred, rcOpenSession)); RT_NOREF(rcSetCred);
|
---|
[92755] | 496 |
|
---|
[94984] | 497 | if (rcOpenSession == PAM_SUCCESS)
|
---|
| 498 | pam_close_session(hPam, PAM_SILENT);
|
---|
| 499 | pam_setcred(hPam, PAM_DELETE_CRED);
|
---|
| 500 | }
|
---|
| 501 |
|
---|
| 502 | pam_end(hPam, PAM_SUCCESS);
|
---|
| 503 | LogFlowFunc(("pam auth (for %s) successful\n", pszPamService));
|
---|
| 504 | return VINF_SUCCESS;
|
---|
[75725] | 505 | }
|
---|
[94984] | 506 | LogFunc(("pam_acct_mgmt -> %d\n", rc));
|
---|
[75725] | 507 | }
|
---|
[94984] | 508 | else
|
---|
| 509 | LogFunc(("pam_authenticate -> %d\n", rc));
|
---|
[75725] | 510 | }
|
---|
| 511 | else
|
---|
[94984] | 512 | LogFunc(("pam_setitem/PAM_TTY -> %d\n", rc));
|
---|
[75725] | 513 | }
|
---|
| 514 | else
|
---|
[92755] | 515 | LogFunc(("pam_set_item/PAM_RUSER -> %d\n", rc));
|
---|
| 516 | pam_end(hPam, rc);
|
---|
[75725] | 517 | }
|
---|
| 518 | else
|
---|
[92755] | 519 | LogFunc(("pam_start(%s) -> %d\n", pszPamService, rc));
|
---|
[95006] | 520 |
|
---|
| 521 | LogRel2(("rtProcPosixAuthenticateUsingPam(%s): Failed authenticating user '%s' with %d\n", pszPamService, pszUser, rc));
|
---|
[75725] | 522 | return VERR_AUTHENTICATION_FAILURE;
|
---|
[92657] | 523 | }
|
---|
[75725] | 524 |
|
---|
[92657] | 525 |
|
---|
| 526 | /**
|
---|
| 527 | * Checks if the given service file is present in any of the pam.d directories.
|
---|
| 528 | */
|
---|
| 529 | static bool rtProcPosixPamServiceExists(const char *pszService)
|
---|
| 530 | {
|
---|
| 531 | char szPath[256];
|
---|
| 532 |
|
---|
| 533 | /* PAM_CONFIG_D: */
|
---|
| 534 | int rc = RTPathJoin(szPath, sizeof(szPath), "/etc/pam.d/", pszService); AssertRC(rc);
|
---|
| 535 | if (RTFileExists(szPath))
|
---|
| 536 | return true;
|
---|
| 537 |
|
---|
| 538 | /* PAM_CONFIG_DIST_D: */
|
---|
| 539 | rc = RTPathJoin(szPath, sizeof(szPath), "/usr/lib/pam.d/", pszService); AssertRC(rc);
|
---|
| 540 | if (RTFileExists(szPath))
|
---|
| 541 | return true;
|
---|
| 542 |
|
---|
| 543 | /* No support for PAM_CONFIG_DIST2_D. */
|
---|
| 544 | return false;
|
---|
| 545 | }
|
---|
| 546 |
|
---|
| 547 | #endif /* IPRT_USE_PAM */
|
---|
| 548 |
|
---|
| 549 |
|
---|
| 550 | #if defined(IPRT_WITH_DYNAMIC_CRYPT_R)
|
---|
| 551 | /** Pointer to crypt_r(). */
|
---|
| 552 | typedef char *(*PFNCRYPTR)(const char *, const char *, struct crypt_data *);
|
---|
| 553 |
|
---|
| 554 | /**
|
---|
[93216] | 555 | * Wrapper for resolving and calling crypt_r dynamically.
|
---|
[92657] | 556 | *
|
---|
| 557 | * The reason for this is that fedora 30+ wants to use libxcrypt rather than the
|
---|
| 558 | * glibc libcrypt. The two libraries has different crypt_data sizes and layout,
|
---|
| 559 | * so we allocate a 256KB data block to be on the safe size (caller does this).
|
---|
| 560 | */
|
---|
| 561 | static char *rtProcDynamicCryptR(const char *pszKey, const char *pszSalt, struct crypt_data *pData)
|
---|
| 562 | {
|
---|
| 563 | static PFNCRYPTR volatile s_pfnCryptR = NULL;
|
---|
| 564 | PFNCRYPTR pfnCryptR = s_pfnCryptR;
|
---|
| 565 | if (pfnCryptR)
|
---|
| 566 | return pfnCryptR(pszKey, pszSalt, pData);
|
---|
| 567 |
|
---|
| 568 | pfnCryptR = (PFNCRYPTR)(uintptr_t)RTLdrGetSystemSymbolEx("libcrypt.so", "crypt_r", RTLDRLOAD_FLAGS_SO_VER_RANGE(1, 6));
|
---|
| 569 | if (!pfnCryptR)
|
---|
| 570 | pfnCryptR = (PFNCRYPTR)(uintptr_t)RTLdrGetSystemSymbolEx("libxcrypt.so", "crypt_r", RTLDRLOAD_FLAGS_SO_VER_RANGE(1, 32));
|
---|
| 571 | if (pfnCryptR)
|
---|
| 572 | {
|
---|
| 573 | s_pfnCryptR = pfnCryptR;
|
---|
| 574 | return pfnCryptR(pszKey, pszSalt, pData);
|
---|
| 575 | }
|
---|
| 576 |
|
---|
| 577 | LogRel(("IPRT/RTProc: Unable to locate crypt_r!\n"));
|
---|
| 578 | return NULL;
|
---|
| 579 | }
|
---|
| 580 | #endif /* IPRT_WITH_DYNAMIC_CRYPT_R */
|
---|
| 581 |
|
---|
| 582 |
|
---|
| 583 | /** Free the environment list returned by rtCheckCredentials. */
|
---|
| 584 | static void rtProcPosixFreePamEnv(char **papszEnv)
|
---|
| 585 | {
|
---|
| 586 | if (papszEnv)
|
---|
| 587 | {
|
---|
| 588 | for (size_t i = 0; papszEnv[i] != NULL; i++)
|
---|
| 589 | free(papszEnv[i]);
|
---|
| 590 | free(papszEnv);
|
---|
| 591 | }
|
---|
| 592 | }
|
---|
| 593 |
|
---|
| 594 |
|
---|
| 595 | /**
|
---|
| 596 | * Check the credentials and return the gid/uid of user.
|
---|
| 597 | *
|
---|
| 598 | * @param pszUser The username.
|
---|
| 599 | * @param pszPasswd The password to authenticate with.
|
---|
| 600 | * @param gid Where to store the GID of the user.
|
---|
| 601 | * @param uid Where to store the UID of the user.
|
---|
| 602 | * @param ppapszEnv Where to return PAM environment variables, NULL is fine
|
---|
| 603 | * if no variables to return. Call rtProcPosixFreePamEnv to
|
---|
| 604 | * free. Optional, so NULL can be passed in.
|
---|
| 605 | * @returns IPRT status code
|
---|
| 606 | */
|
---|
| 607 | static int rtCheckCredentials(const char *pszUser, const char *pszPasswd, gid_t *pGid, uid_t *pUid, char ***ppapszEnv)
|
---|
| 608 | {
|
---|
| 609 | Log(("rtCheckCredentials: pszUser=%s\n", pszUser));
|
---|
| 610 | int rc;
|
---|
| 611 |
|
---|
| 612 | if (ppapszEnv)
|
---|
| 613 | *ppapszEnv = NULL;
|
---|
| 614 |
|
---|
[79007] | 615 | /*
|
---|
[92657] | 616 | * Resolve user to UID and GID.
|
---|
[79007] | 617 | */
|
---|
[92657] | 618 | char achBuf[_4K];
|
---|
| 619 | struct passwd Pw;
|
---|
| 620 | struct passwd *pPw;
|
---|
| 621 | if (getpwnam_r(pszUser, &Pw, achBuf, sizeof(achBuf), &pPw) != 0)
|
---|
[57869] | 622 | return VERR_AUTHENTICATION_FAILURE;
|
---|
[92657] | 623 | if (!pPw)
|
---|
[79007] | 624 | return VERR_AUTHENTICATION_FAILURE;
|
---|
[29582] | 625 |
|
---|
[92657] | 626 | *pUid = pPw->pw_uid;
|
---|
| 627 | *pGid = pPw->pw_gid;
|
---|
| 628 |
|
---|
| 629 | #ifdef IPRT_USE_PAM
|
---|
| 630 | /*
|
---|
| 631 | * Try authenticate using PAM, and falling back on crypto if allowed.
|
---|
| 632 | */
|
---|
| 633 | const char *pszService = "iprt-as-user";
|
---|
| 634 | if (!rtProcPosixPamServiceExists("iprt-as-user"))
|
---|
| 635 | # ifdef IPRT_PAM_NATIVE_SERVICE_NAME_AS_USER
|
---|
| 636 | pszService = IPRT_PAM_NATIVE_SERVICE_NAME_AS_USER;
|
---|
| 637 | # else
|
---|
| 638 | pszService = "login";
|
---|
| 639 | # endif
|
---|
| 640 | bool fMayFallBack = false;
|
---|
| 641 | rc = rtProcPosixAuthenticateUsingPam(pszService, pszUser, pszPasswd, ppapszEnv, &fMayFallBack);
|
---|
| 642 | if (RT_SUCCESS(rc) || !fMayFallBack)
|
---|
| 643 | {
|
---|
| 644 | RTMemWipeThoroughly(achBuf, sizeof(achBuf), 3);
|
---|
| 645 | return rc;
|
---|
| 646 | }
|
---|
| 647 | #endif
|
---|
| 648 |
|
---|
| 649 | #if !defined(IPRT_USE_PAM) || defined(RT_OS_LINUX) || defined(RT_OS_SOLARIS) || defined(RT_OS_OS2)
|
---|
[79007] | 650 | # if defined(RT_OS_LINUX) || defined(RT_OS_SOLARIS)
|
---|
| 651 | /*
|
---|
| 652 | * Ditto for /etc/shadow and replace pw_passwd from above if we can access it:
|
---|
[92657] | 653 | *
|
---|
| 654 | * Note! On FreeBSD and OS/2 the root user will open /etc/shadow above, so
|
---|
| 655 | * this getspnam_r step is not necessary.
|
---|
[79007] | 656 | */
|
---|
| 657 | struct spwd ShwPwd;
|
---|
[92657] | 658 | char achBuf2[_4K];
|
---|
[79007] | 659 | # if defined(RT_OS_LINUX)
|
---|
| 660 | struct spwd *pShwPwd = NULL;
|
---|
[92657] | 661 | if (getspnam_r(pszUser, &ShwPwd, achBuf2, sizeof(achBuf2), &pShwPwd) != 0)
|
---|
[79007] | 662 | pShwPwd = NULL;
|
---|
| 663 | # else
|
---|
[92657] | 664 | struct spwd *pShwPwd = getspnam_r(pszUser, &ShwPwd, achBuf2, sizeof(achBuf2));
|
---|
[79007] | 665 | # endif
|
---|
| 666 | if (pShwPwd != NULL)
|
---|
[92657] | 667 | pPw->pw_passwd = pShwPwd->sp_pwdp;
|
---|
[79007] | 668 | # endif
|
---|
[29582] | 669 |
|
---|
[79007] | 670 | /*
|
---|
| 671 | * Encrypt the passed in password and see if it matches.
|
---|
| 672 | */
|
---|
[92657] | 673 | # if defined(RT_OS_LINUX)
|
---|
| 674 | /* Default fCorrect=true if no password specified. In that case, pPw->pw_passwd
|
---|
[79007] | 675 | must be NULL (no password set for this user). Fail if a password is specified
|
---|
| 676 | but the user does not have one assigned. */
|
---|
[92657] | 677 | rc = !pszPasswd || !*pszPasswd ? VINF_SUCCESS : VERR_AUTHENTICATION_FAILURE;
|
---|
| 678 | if (pPw->pw_passwd && *pPw->pw_passwd)
|
---|
[79007] | 679 | # endif
|
---|
| 680 | {
|
---|
| 681 | # if defined(RT_OS_LINUX) || defined(RT_OS_OS2)
|
---|
[79011] | 682 | # ifdef IPRT_WITH_DYNAMIC_CRYPT_R
|
---|
| 683 | size_t const cbCryptData = RT_MAX(sizeof(struct crypt_data) * 2, _256K);
|
---|
| 684 | # else
|
---|
| 685 | size_t const cbCryptData = sizeof(struct crypt_data);
|
---|
| 686 | # endif
|
---|
| 687 | struct crypt_data *pCryptData = (struct crypt_data *)RTMemTmpAllocZ(cbCryptData);
|
---|
| 688 | if (pCryptData)
|
---|
| 689 | {
|
---|
| 690 | # ifdef IPRT_WITH_DYNAMIC_CRYPT_R
|
---|
[92657] | 691 | char *pszEncPasswd = rtProcDynamicCryptR(pszPasswd, pPw->pw_passwd, pCryptData);
|
---|
[79011] | 692 | # else
|
---|
[92657] | 693 | char *pszEncPasswd = crypt_r(pszPasswd, pPw->pw_passwd, pCryptData);
|
---|
[79011] | 694 | # endif
|
---|
[92657] | 695 | rc = pszEncPasswd && !strcmp(pszEncPasswd, pPw->pw_passwd) ? VINF_SUCCESS : VERR_AUTHENTICATION_FAILURE;
|
---|
[79011] | 696 | RTMemWipeThoroughly(pCryptData, cbCryptData, 3);
|
---|
| 697 | RTMemTmpFree(pCryptData);
|
---|
| 698 | }
|
---|
| 699 | else
|
---|
| 700 | rc = VERR_NO_TMP_MEMORY;
|
---|
[79007] | 701 | # else
|
---|
[92657] | 702 | char *pszEncPasswd = crypt(pszPasswd, pPw->pw_passwd);
|
---|
| 703 | rc = strcmp(pszEncPasswd, pPw->pw_passwd) == 0 ? VINF_SUCCESS : VERR_AUTHENTICATION_FAILURE;
|
---|
[79007] | 704 | # endif
|
---|
| 705 | }
|
---|
[29582] | 706 |
|
---|
[79007] | 707 | /*
|
---|
| 708 | * Return GID and UID on success. Always wipe stack buffers.
|
---|
| 709 | */
|
---|
| 710 | if (RT_SUCCESS(rc))
|
---|
[51180] | 711 | {
|
---|
[92657] | 712 | *pGid = pPw->pw_gid;
|
---|
| 713 | *pUid = pPw->pw_uid;
|
---|
[51180] | 714 | }
|
---|
[79007] | 715 | # if defined(RT_OS_LINUX) || defined(RT_OS_SOLARIS)
|
---|
[92657] | 716 | RTMemWipeThoroughly(achBuf2, sizeof(achBuf2), 3);
|
---|
[79007] | 717 | # endif
|
---|
[92657] | 718 | #endif
|
---|
| 719 | RTMemWipeThoroughly(achBuf, sizeof(achBuf), 3);
|
---|
[79007] | 720 | return rc;
|
---|
[29582] | 721 | }
|
---|
| 722 |
|
---|
[75725] | 723 | #ifdef RT_OS_SOLARIS
|
---|
[29582] | 724 |
|
---|
[32990] | 725 | /** @todo the error reporting of the Solaris process contract code could be
|
---|
| 726 | * a lot better, but essentially it is not meant to run into errors after
|
---|
| 727 | * the debugging phase. */
|
---|
| 728 | static int rtSolarisContractPreFork(void)
|
---|
| 729 | {
|
---|
| 730 | int templateFd = open64(CTFS_ROOT "/process/template", O_RDWR);
|
---|
| 731 | if (templateFd < 0)
|
---|
| 732 | return -1;
|
---|
| 733 |
|
---|
| 734 | /* Set template parameters and event sets. */
|
---|
| 735 | if (ct_pr_tmpl_set_param(templateFd, CT_PR_PGRPONLY))
|
---|
| 736 | {
|
---|
| 737 | close(templateFd);
|
---|
| 738 | return -1;
|
---|
| 739 | }
|
---|
| 740 | if (ct_pr_tmpl_set_fatal(templateFd, CT_PR_EV_HWERR))
|
---|
| 741 | {
|
---|
| 742 | close(templateFd);
|
---|
| 743 | return -1;
|
---|
| 744 | }
|
---|
| 745 | if (ct_tmpl_set_critical(templateFd, 0))
|
---|
| 746 | {
|
---|
| 747 | close(templateFd);
|
---|
| 748 | return -1;
|
---|
| 749 | }
|
---|
| 750 | if (ct_tmpl_set_informative(templateFd, CT_PR_EV_HWERR))
|
---|
| 751 | {
|
---|
| 752 | close(templateFd);
|
---|
| 753 | return -1;
|
---|
| 754 | }
|
---|
| 755 |
|
---|
| 756 | /* Make this the active template for the process. */
|
---|
| 757 | if (ct_tmpl_activate(templateFd))
|
---|
| 758 | {
|
---|
| 759 | close(templateFd);
|
---|
| 760 | return -1;
|
---|
| 761 | }
|
---|
| 762 |
|
---|
| 763 | return templateFd;
|
---|
| 764 | }
|
---|
| 765 |
|
---|
| 766 | static void rtSolarisContractPostForkChild(int templateFd)
|
---|
| 767 | {
|
---|
| 768 | if (templateFd == -1)
|
---|
| 769 | return;
|
---|
| 770 |
|
---|
| 771 | /* Clear the active template. */
|
---|
| 772 | ct_tmpl_clear(templateFd);
|
---|
| 773 | close(templateFd);
|
---|
| 774 | }
|
---|
| 775 |
|
---|
| 776 | static void rtSolarisContractPostForkParent(int templateFd, pid_t pid)
|
---|
| 777 | {
|
---|
| 778 | if (templateFd == -1)
|
---|
| 779 | return;
|
---|
| 780 |
|
---|
| 781 | /* Clear the active template. */
|
---|
| 782 | int cleared = ct_tmpl_clear(templateFd);
|
---|
| 783 | close(templateFd);
|
---|
| 784 |
|
---|
| 785 | /* If the clearing failed or the fork failed there's nothing more to do. */
|
---|
| 786 | if (cleared || pid <= 0)
|
---|
| 787 | return;
|
---|
| 788 |
|
---|
| 789 | /* Look up the contract which was created by this thread. */
|
---|
| 790 | int statFd = open64(CTFS_ROOT "/process/latest", O_RDONLY);
|
---|
| 791 | if (statFd == -1)
|
---|
| 792 | return;
|
---|
| 793 | ct_stathdl_t statHdl;
|
---|
| 794 | if (ct_status_read(statFd, CTD_COMMON, &statHdl))
|
---|
| 795 | {
|
---|
| 796 | close(statFd);
|
---|
| 797 | return;
|
---|
| 798 | }
|
---|
| 799 | ctid_t ctId = ct_status_get_id(statHdl);
|
---|
| 800 | ct_status_free(statHdl);
|
---|
| 801 | close(statFd);
|
---|
| 802 | if (ctId < 0)
|
---|
| 803 | return;
|
---|
| 804 |
|
---|
| 805 | /* Abandon this contract we just created. */
|
---|
| 806 | char ctlPath[PATH_MAX];
|
---|
| 807 | size_t len = snprintf(ctlPath, sizeof(ctlPath),
|
---|
[50292] | 808 | CTFS_ROOT "/process/%ld/ctl", (long)ctId);
|
---|
[32990] | 809 | if (len >= sizeof(ctlPath))
|
---|
| 810 | return;
|
---|
| 811 | int ctlFd = open64(ctlPath, O_WRONLY);
|
---|
| 812 | if (statFd == -1)
|
---|
| 813 | return;
|
---|
| 814 | if (ct_ctl_abandon(ctlFd) < 0)
|
---|
| 815 | {
|
---|
| 816 | close(ctlFd);
|
---|
| 817 | return;
|
---|
| 818 | }
|
---|
| 819 | close(ctlFd);
|
---|
| 820 | }
|
---|
| 821 |
|
---|
| 822 | #endif /* RT_OS_SOLARIS */
|
---|
| 823 |
|
---|
| 824 |
|
---|
[4475] | 825 | RTR3DECL(int) RTProcCreate(const char *pszExec, const char * const *papszArgs, RTENV Env, unsigned fFlags, PRTPROCESS pProcess)
|
---|
[1] | 826 | {
|
---|
[26802] | 827 | return RTProcCreateEx(pszExec, papszArgs, Env, fFlags,
|
---|
| 828 | NULL, NULL, NULL, /* standard handles */
|
---|
[80569] | 829 | NULL /*pszAsUser*/, NULL /* pszPassword*/, NULL /*pvExtraData*/,
|
---|
[26802] | 830 | pProcess);
|
---|
[1] | 831 | }
|
---|
| 832 |
|
---|
| 833 |
|
---|
[40571] | 834 | /**
|
---|
[57869] | 835 | * Adjust the profile environment after forking the child process and changing
|
---|
| 836 | * the UID.
|
---|
| 837 | *
|
---|
| 838 | * @returns IRPT status code.
|
---|
| 839 | * @param hEnvToUse The environment we're going to use with execve.
|
---|
| 840 | * @param fFlags The process creation flags.
|
---|
| 841 | * @param hEnv The environment passed in by the user.
|
---|
| 842 | */
|
---|
| 843 | static int rtProcPosixAdjustProfileEnvFromChild(RTENV hEnvToUse, uint32_t fFlags, RTENV hEnv)
|
---|
| 844 | {
|
---|
| 845 | int rc = VINF_SUCCESS;
|
---|
| 846 | #ifdef RT_OS_DARWIN
|
---|
| 847 | if ( RT_SUCCESS(rc)
|
---|
| 848 | && (!(fFlags & RTPROC_FLAGS_ENV_CHANGE_RECORD) || RTEnvExistEx(hEnv, "TMPDIR")) )
|
---|
| 849 | {
|
---|
[92618] | 850 | char szValue[RTPATH_MAX];
|
---|
[57871] | 851 | size_t cbNeeded = confstr(_CS_DARWIN_USER_TEMP_DIR, szValue, sizeof(szValue));
|
---|
| 852 | if (cbNeeded > 0 && cbNeeded < sizeof(szValue))
|
---|
[57869] | 853 | {
|
---|
[57871] | 854 | char *pszTmp;
|
---|
| 855 | rc = RTStrCurrentCPToUtf8(&pszTmp, szValue);
|
---|
[57869] | 856 | if (RT_SUCCESS(rc))
|
---|
| 857 | {
|
---|
| 858 | rc = RTEnvSetEx(hEnvToUse, "TMPDIR", pszTmp);
|
---|
| 859 | RTStrFree(pszTmp);
|
---|
| 860 | }
|
---|
| 861 | }
|
---|
| 862 | else
|
---|
| 863 | rc = VERR_BUFFER_OVERFLOW;
|
---|
| 864 | }
|
---|
[62564] | 865 | #else
|
---|
| 866 | RT_NOREF_PV(hEnvToUse); RT_NOREF_PV(fFlags); RT_NOREF_PV(hEnv);
|
---|
[57869] | 867 | #endif
|
---|
| 868 | return rc;
|
---|
| 869 | }
|
---|
| 870 |
|
---|
| 871 |
|
---|
| 872 | /**
|
---|
[92617] | 873 | * Undos quoting and escape sequences and looks for stop characters.
|
---|
[57869] | 874 | *
|
---|
[92617] | 875 | * @returns Where to continue scanning in @a pszString. This points to the
|
---|
| 876 | * next character after the stop character, but for the zero terminator
|
---|
| 877 | * it points to the terminator character.
|
---|
| 878 | * @param pszString The string to undo quoting and escaping for.
|
---|
| 879 | * This is both input and output as the work is
|
---|
| 880 | * done in place.
|
---|
| 881 | * @param pfStoppedOnEqual Where to return whether we stopped work on a
|
---|
| 882 | * plain equal characater or not. If this is NULL,
|
---|
| 883 | * then the equal character is not a stop
|
---|
| 884 | * character, then only newline and the zero
|
---|
| 885 | * terminator are.
|
---|
| 886 | */
|
---|
| 887 | static char *rtProcPosixProfileEnvUnquoteAndUnescapeString(char *pszString, bool *pfStoppedOnEqual)
|
---|
| 888 | {
|
---|
| 889 | if (pfStoppedOnEqual)
|
---|
| 890 | *pfStoppedOnEqual = false;
|
---|
| 891 |
|
---|
| 892 | enum { kPlain, kSingleQ, kDoubleQ } enmState = kPlain;
|
---|
| 893 | char *pszDst = pszString;
|
---|
| 894 | for (;;)
|
---|
| 895 | {
|
---|
| 896 | char ch = *pszString++;
|
---|
| 897 | switch (ch)
|
---|
| 898 | {
|
---|
| 899 | default:
|
---|
| 900 | *pszDst++ = ch;
|
---|
| 901 | break;
|
---|
| 902 |
|
---|
| 903 | case '\\':
|
---|
| 904 | {
|
---|
| 905 | char ch2;
|
---|
| 906 | if ( enmState == kSingleQ
|
---|
| 907 | || (ch2 = *pszString) == '\0'
|
---|
| 908 | || (enmState == kDoubleQ && strchr("\\$`\"\n", ch2) == NULL) )
|
---|
| 909 | *pszDst++ = ch;
|
---|
| 910 | else
|
---|
| 911 | {
|
---|
| 912 | *pszDst++ = ch2;
|
---|
| 913 | pszString++;
|
---|
| 914 | }
|
---|
| 915 | break;
|
---|
| 916 | }
|
---|
| 917 |
|
---|
| 918 | case '"':
|
---|
| 919 | if (enmState == kSingleQ)
|
---|
| 920 | *pszDst++ = ch;
|
---|
| 921 | else
|
---|
| 922 | enmState = enmState == kPlain ? kDoubleQ : kPlain;
|
---|
| 923 | break;
|
---|
| 924 |
|
---|
| 925 | case '\'':
|
---|
| 926 | if (enmState == kDoubleQ)
|
---|
| 927 | *pszDst++ = ch;
|
---|
| 928 | else
|
---|
| 929 | enmState = enmState == kPlain ? kSingleQ : kPlain;
|
---|
| 930 | break;
|
---|
| 931 |
|
---|
| 932 | case '\n':
|
---|
| 933 | if (enmState == kPlain)
|
---|
| 934 | {
|
---|
| 935 | *pszDst = '\0';
|
---|
| 936 | return pszString;
|
---|
| 937 | }
|
---|
| 938 | *pszDst++ = ch;
|
---|
| 939 | break;
|
---|
| 940 |
|
---|
| 941 | case '=':
|
---|
| 942 | if (enmState == kPlain && pfStoppedOnEqual)
|
---|
| 943 | {
|
---|
| 944 | *pszDst = '\0';
|
---|
| 945 | *pfStoppedOnEqual = true;
|
---|
| 946 | return pszString;
|
---|
| 947 | }
|
---|
| 948 | *pszDst++ = ch;
|
---|
| 949 | break;
|
---|
| 950 |
|
---|
| 951 | case '\0':
|
---|
| 952 | Assert(enmState == kPlain);
|
---|
| 953 | *pszDst = '\0';
|
---|
| 954 | return pszString - 1;
|
---|
| 955 | }
|
---|
| 956 | }
|
---|
| 957 | }
|
---|
| 958 |
|
---|
| 959 |
|
---|
| 960 | /**
|
---|
| 961 | * Worker for rtProcPosixProfileEnvRunAndHarvest that parses the environment
|
---|
| 962 | * dump and loads it into hEnvToUse.
|
---|
| 963 | *
|
---|
| 964 | * @note This isn't entirely correct should any of the profile setup scripts
|
---|
| 965 | * unset any of the environment variables in the basic initial
|
---|
| 966 | * enviornment, but since that's unlikely and it's very convenient to
|
---|
| 967 | * have something half sensible as a basis if don't don't grok the dump
|
---|
| 968 | * entirely and would skip central stuff like PATH or HOME.
|
---|
| 969 | *
|
---|
[57869] | 970 | * @returns IPRT status code.
|
---|
[92617] | 971 | * @retval -VERR_PARSE_ERROR (positive, e.g. warning) if we run into trouble.
|
---|
| 972 | * @retval -VERR_INVALID_UTF8_ENCODING (positive, e.g. warning) if there are
|
---|
| 973 | * invalid UTF-8 in the environment. This isn't unlikely if the
|
---|
| 974 | * profile doesn't use UTF-8. This is unfortunately not something we
|
---|
| 975 | * can guess to accurately up front, so we don't do any guessing and
|
---|
| 976 | * hope everyone is sensible and use UTF-8.
|
---|
[92618] | 977 | *
|
---|
[92617] | 978 | * @param hEnvToUse The basic environment to extend with what we manage
|
---|
| 979 | * to parse here.
|
---|
| 980 | * @param pszEnvDump The environment dump to parse. Nominally in Bourne
|
---|
| 981 | * shell 'export -p' format.
|
---|
| 982 | * @param fWithMarkers Whether there are markers around the dump (C shell,
|
---|
| 983 | * tmux) or not.
|
---|
| 984 | */
|
---|
| 985 | static int rtProcPosixProfileEnvHarvest(RTENV hEnvToUse, char *pszEnvDump, bool fWithMarkers)
|
---|
| 986 | {
|
---|
[92750] | 987 | LogRel3(("**** pszEnvDump start ****\n%s**** pszEnvDump end ****\n", pszEnvDump));
|
---|
| 988 | if (!LogIs3Enabled())
|
---|
| 989 | LogFunc(("**** pszEnvDump start ****\n%s**** pszEnvDump end ****\n", pszEnvDump));
|
---|
[92617] | 990 |
|
---|
| 991 | /*
|
---|
| 992 | * Clip dump at markers if we're using them (C shell).
|
---|
| 993 | */
|
---|
| 994 | if (fWithMarkers)
|
---|
| 995 | {
|
---|
| 996 | char *pszStart = strstr(pszEnvDump, g_szEnvMarkerBegin);
|
---|
| 997 | AssertReturn(pszStart, -VERR_PARSE_ERROR);
|
---|
| 998 | pszStart += sizeof(g_szEnvMarkerBegin) - 1;
|
---|
| 999 | if (*pszStart == '\n')
|
---|
| 1000 | pszStart++;
|
---|
| 1001 | pszEnvDump = pszStart;
|
---|
| 1002 |
|
---|
| 1003 | char *pszEnd = strstr(pszStart, g_szEnvMarkerEnd);
|
---|
| 1004 | AssertReturn(pszEnd, -VERR_PARSE_ERROR);
|
---|
| 1005 | *pszEnd = '\0';
|
---|
| 1006 | }
|
---|
| 1007 |
|
---|
| 1008 | /*
|
---|
| 1009 | * Since we're using /bin/sh -c "export -p" for all the dumping, we should
|
---|
| 1010 | * always get lines on the format:
|
---|
| 1011 | * export VAR1="Value 1"
|
---|
| 1012 | * export VAR2=Value2
|
---|
| 1013 | *
|
---|
| 1014 | * However, just in case something goes wrong, like bash doesn't think it
|
---|
| 1015 | * needs to be posixly correct, try deal with the alternative where
|
---|
| 1016 | * "declare -x " replaces the "export".
|
---|
| 1017 | */
|
---|
| 1018 | const char *pszPrefix;
|
---|
| 1019 | if ( strncmp(pszEnvDump, RT_STR_TUPLE("export")) == 0
|
---|
| 1020 | && RT_C_IS_BLANK(pszEnvDump[6]))
|
---|
| 1021 | pszPrefix = "export ";
|
---|
| 1022 | else if ( strncmp(pszEnvDump, RT_STR_TUPLE("declare")) == 0
|
---|
| 1023 | && RT_C_IS_BLANK(pszEnvDump[7])
|
---|
| 1024 | && pszEnvDump[8] == '-')
|
---|
| 1025 | pszPrefix = "declare -x "; /* We only need to care about the non-array, non-function lines. */
|
---|
| 1026 | else
|
---|
| 1027 | AssertFailedReturn(-VERR_PARSE_ERROR);
|
---|
| 1028 | size_t const cchPrefix = strlen(pszPrefix);
|
---|
| 1029 |
|
---|
| 1030 | /*
|
---|
| 1031 | * Process the lines, ignoring stuff which we don't grok.
|
---|
| 1032 | * The shell should quote problematic characters. Bash double quotes stuff
|
---|
| 1033 | * by default, whereas almquist's shell does it as needed and only the value
|
---|
| 1034 | * side.
|
---|
| 1035 | */
|
---|
| 1036 | int rc = VINF_SUCCESS;
|
---|
| 1037 | while (pszEnvDump && *pszEnvDump != '\0')
|
---|
| 1038 | {
|
---|
| 1039 | /*
|
---|
| 1040 | * Skip the prefixing command.
|
---|
| 1041 | */
|
---|
| 1042 | if ( cchPrefix == 0
|
---|
| 1043 | || strncmp(pszEnvDump, pszPrefix, cchPrefix) == 0)
|
---|
| 1044 | {
|
---|
| 1045 | pszEnvDump += cchPrefix;
|
---|
| 1046 | while (RT_C_IS_BLANK(*pszEnvDump))
|
---|
| 1047 | pszEnvDump++;
|
---|
| 1048 | }
|
---|
| 1049 | else
|
---|
| 1050 | {
|
---|
| 1051 | /* Oops, must find our bearings for some reason... */
|
---|
| 1052 | pszEnvDump = strchr(pszEnvDump, '\n');
|
---|
| 1053 | rc = -VERR_PARSE_ERROR;
|
---|
| 1054 | continue;
|
---|
| 1055 | }
|
---|
| 1056 |
|
---|
| 1057 | /*
|
---|
| 1058 | * Parse out the variable name using typical bourne shell escaping
|
---|
| 1059 | * and quoting rules.
|
---|
| 1060 | */
|
---|
| 1061 | /** @todo We should throw away lines that aren't propertly quoted, now we
|
---|
| 1062 | * just continue and use what we found. */
|
---|
| 1063 | const char *pszVar = pszEnvDump;
|
---|
| 1064 | bool fStoppedOnPlainEqual = false;
|
---|
| 1065 | pszEnvDump = rtProcPosixProfileEnvUnquoteAndUnescapeString(pszEnvDump, &fStoppedOnPlainEqual);
|
---|
| 1066 | const char *pszValue = pszEnvDump;
|
---|
| 1067 | if (fStoppedOnPlainEqual)
|
---|
| 1068 | pszEnvDump = rtProcPosixProfileEnvUnquoteAndUnescapeString(pszEnvDump, NULL /*pfStoppedOnPlainEqual*/);
|
---|
| 1069 | else
|
---|
| 1070 | pszValue = "";
|
---|
| 1071 |
|
---|
| 1072 | /*
|
---|
| 1073 | * Add them if valid UTF-8, otherwise we simply drop them for now.
|
---|
| 1074 | * The whole codeset stuff goes seriously wonky here as the environment
|
---|
| 1075 | * we're harvesting probably contains it's own LC_CTYPE or LANG variables,
|
---|
| 1076 | * so ignore the problem for now.
|
---|
| 1077 | */
|
---|
| 1078 | if ( RTStrIsValidEncoding(pszVar)
|
---|
| 1079 | && RTStrIsValidEncoding(pszValue))
|
---|
| 1080 | {
|
---|
| 1081 | int rc2 = RTEnvSetEx(hEnvToUse, pszVar, pszValue);
|
---|
| 1082 | AssertRCReturn(rc2, rc2);
|
---|
| 1083 | }
|
---|
| 1084 | else if (rc == VINF_SUCCESS)
|
---|
| 1085 | rc = -VERR_INVALID_UTF8_ENCODING;
|
---|
| 1086 | }
|
---|
| 1087 |
|
---|
| 1088 | return rc;
|
---|
| 1089 | }
|
---|
| 1090 |
|
---|
| 1091 |
|
---|
| 1092 | /**
|
---|
| 1093 | * Runs the user's shell in login mode with some environment dumping logic and
|
---|
| 1094 | * harvests the dump, putting it into hEnvToUse.
|
---|
| 1095 | *
|
---|
| 1096 | * This is a bit hairy, esp. with regards to codesets.
|
---|
| 1097 | *
|
---|
| 1098 | * @returns IPRT status code. Not all error statuses will be returned and the
|
---|
| 1099 | * caller should just continue with whatever is in hEnvToUse.
|
---|
[92618] | 1100 | *
|
---|
[92617] | 1101 | * @param hEnvToUse On input this is the basic user environment, on success
|
---|
| 1102 | * in is fleshed out with stuff from the login shell dump.
|
---|
[92618] | 1103 | * @param pszAsUser The user name for the profile.
|
---|
| 1104 | * @param uid The UID corrsponding to @a pszAsUser, ~0 if current user.
|
---|
| 1105 | * @param gid The GID corrsponding to @a pszAsUser, ~0 if current user.
|
---|
[92617] | 1106 | * @param pszShell The login shell. This is a writable string to avoid
|
---|
| 1107 | * needing to make a copy of it when examining the path
|
---|
| 1108 | * part, instead we make a temporary change to it which is
|
---|
| 1109 | * always reverted before returning.
|
---|
| 1110 | */
|
---|
| 1111 | static int rtProcPosixProfileEnvRunAndHarvest(RTENV hEnvToUse, const char *pszAsUser, uid_t uid, gid_t gid, char *pszShell)
|
---|
| 1112 | {
|
---|
| 1113 | LogFlowFunc(("pszAsUser=%s uid=%u gid=%u pszShell=%s; hEnvToUse contains %u variables on entry\n",
|
---|
| 1114 | pszAsUser, uid, gid, pszShell, RTEnvCountEx(hEnvToUse) ));
|
---|
| 1115 |
|
---|
| 1116 | /*
|
---|
| 1117 | * The three standard handles should be pointed to /dev/null, the 3rd handle
|
---|
| 1118 | * is used to dump the environment.
|
---|
| 1119 | */
|
---|
| 1120 | RTPIPE hPipeR, hPipeW;
|
---|
| 1121 | int rc = RTPipeCreate(&hPipeR, &hPipeW, 0);
|
---|
| 1122 | if (RT_SUCCESS(rc))
|
---|
| 1123 | {
|
---|
| 1124 | RTFILE hFileNull;
|
---|
| 1125 | rc = RTFileOpenBitBucket(&hFileNull, RTFILE_O_READWRITE);
|
---|
| 1126 | if (RT_SUCCESS(rc))
|
---|
| 1127 | {
|
---|
| 1128 | int aRedirFds[4];
|
---|
| 1129 | aRedirFds[0] = aRedirFds[1] = aRedirFds[2] = RTFileToNative(hFileNull);
|
---|
| 1130 | aRedirFds[3] = RTPipeToNative(hPipeW);
|
---|
| 1131 |
|
---|
| 1132 | /*
|
---|
| 1133 | * Allocate a buffer for receiving the environment dump.
|
---|
| 1134 | *
|
---|
| 1135 | * This is fixed sized for simplicity and safety (creative user script
|
---|
| 1136 | * shouldn't be allowed to exhaust our memory or such, after all we're
|
---|
| 1137 | * most likely running with root privileges in this code path).
|
---|
| 1138 | */
|
---|
| 1139 | size_t const cbEnvDump = _64K;
|
---|
| 1140 | char * const pszEnvDump = (char *)RTMemTmpAllocZ(cbEnvDump);
|
---|
| 1141 | if (pszEnvDump)
|
---|
| 1142 | {
|
---|
| 1143 | /*
|
---|
| 1144 | * Our default approach is using /bin/sh:
|
---|
| 1145 | */
|
---|
| 1146 | const char *pszExec = _PATH_BSHELL;
|
---|
| 1147 | const char *apszArgs[8];
|
---|
| 1148 | apszArgs[0] = "-sh"; /* First arg must start with a dash for login shells. */
|
---|
| 1149 | apszArgs[1] = "-c";
|
---|
| 1150 | apszArgs[2] = "POSIXLY_CORRECT=1;export -p >&3";
|
---|
| 1151 | apszArgs[3] = NULL;
|
---|
| 1152 |
|
---|
| 1153 | /*
|
---|
| 1154 | * But see if we can trust the shell to be a real usable shell.
|
---|
| 1155 | * This would be great as different shell typically has different profile setup
|
---|
| 1156 | * files and we'll endup with the wrong enviornment if we use a different shell.
|
---|
| 1157 | */
|
---|
| 1158 | char szDashShell[32];
|
---|
| 1159 | char szExportArg[128];
|
---|
| 1160 | bool fWithMarkers = false;
|
---|
| 1161 | const char *pszShellNm = RTPathFilename(pszShell);
|
---|
| 1162 | if ( pszShellNm
|
---|
| 1163 | && access(pszShellNm, X_OK))
|
---|
| 1164 | {
|
---|
| 1165 | /*
|
---|
| 1166 | * First the check that it's a known bin directory:
|
---|
| 1167 | */
|
---|
| 1168 | size_t const cchShellPath = pszShellNm - pszShell;
|
---|
| 1169 | char const chSaved = pszShell[cchShellPath - 1];
|
---|
| 1170 | pszShell[cchShellPath - 1] = '\0';
|
---|
| 1171 | if ( RTPathCompare(pszShell, "/bin") == 0
|
---|
| 1172 | || RTPathCompare(pszShell, "/usr/bin") == 0
|
---|
| 1173 | || RTPathCompare(pszShell, "/usr/local/bin") == 0)
|
---|
| 1174 | {
|
---|
| 1175 | /*
|
---|
| 1176 | * Then see if we recognize the shell name.
|
---|
| 1177 | */
|
---|
| 1178 | RTStrCopy(&szDashShell[1], sizeof(szDashShell) - 1, pszShellNm);
|
---|
| 1179 | szDashShell[0] = '-';
|
---|
| 1180 | if ( strcmp(pszShellNm, "bash") == 0
|
---|
| 1181 | || strcmp(pszShellNm, "ksh") == 0
|
---|
| 1182 | || strcmp(pszShellNm, "ksh93") == 0
|
---|
[92620] | 1183 | || strcmp(pszShellNm, "zsh") == 0
|
---|
| 1184 | || strcmp(pszShellNm, "fish") == 0)
|
---|
[92617] | 1185 | {
|
---|
| 1186 | pszExec = pszShell;
|
---|
| 1187 | apszArgs[0] = szDashShell;
|
---|
| 1188 |
|
---|
| 1189 | /* Use /bin/sh for doing the environment dumping so we get the same kind
|
---|
| 1190 | of output from everyone and can limit our parsing + testing efforts. */
|
---|
| 1191 | RTStrPrintf(szExportArg, sizeof(szExportArg),
|
---|
| 1192 | "%s -c 'POSIXLY_CORRECT=1;export -p >&3'", _PATH_BSHELL);
|
---|
| 1193 | apszArgs[2] = szExportArg;
|
---|
| 1194 | }
|
---|
| 1195 | /* C shell is very annoying in that it closes fd 3 without regard to what
|
---|
| 1196 | we might have put there, so we must use stdout here but with markers so
|
---|
| 1197 | we can find the dump.
|
---|
| 1198 | Seems tmux have similar issues as it doesn't work above, but works fine here. */
|
---|
| 1199 | else if ( strcmp(pszShellNm, "csh") == 0
|
---|
| 1200 | || strcmp(pszShellNm, "tcsh") == 0
|
---|
| 1201 | || strcmp(pszShellNm, "tmux") == 0)
|
---|
| 1202 | {
|
---|
| 1203 | pszExec = pszShell;
|
---|
| 1204 | apszArgs[0] = szDashShell;
|
---|
| 1205 |
|
---|
| 1206 | fWithMarkers = true;
|
---|
| 1207 | size_t cch = RTStrPrintf(szExportArg, sizeof(szExportArg),
|
---|
| 1208 | "%s -c 'set -e;POSIXLY_CORRECT=1;echo %s;export -p;echo %s'",
|
---|
| 1209 | _PATH_BSHELL, g_szEnvMarkerBegin, g_szEnvMarkerEnd);
|
---|
| 1210 | Assert(cch < sizeof(szExportArg) - 1); RT_NOREF(cch);
|
---|
| 1211 | apszArgs[2] = szExportArg;
|
---|
| 1212 |
|
---|
| 1213 | aRedirFds[1] = aRedirFds[3];
|
---|
| 1214 | aRedirFds[3] = -1;
|
---|
| 1215 | }
|
---|
| 1216 | }
|
---|
| 1217 | pszShell[cchShellPath - 1] = chSaved;
|
---|
| 1218 | }
|
---|
| 1219 |
|
---|
| 1220 | /*
|
---|
| 1221 | * Create the process and wait for the output.
|
---|
| 1222 | */
|
---|
| 1223 | LogFunc(("Executing '%s': '%s', '%s', '%s'\n", pszExec, apszArgs[0], apszArgs[1], apszArgs[2]));
|
---|
| 1224 | RTPROCESS hProcess = NIL_RTPROCESS;
|
---|
| 1225 | rc = rtProcPosixCreateInner(pszExec, apszArgs, hEnvToUse, hEnvToUse, 0 /*fFlags*/,
|
---|
[99109] | 1226 | pszAsUser, uid, gid, RT_ELEMENTS(aRedirFds), aRedirFds, NULL /*pvExtraData*/, &hProcess);
|
---|
[92617] | 1227 | if (RT_SUCCESS(rc))
|
---|
| 1228 | {
|
---|
| 1229 | RTPipeClose(hPipeW);
|
---|
| 1230 | hPipeW = NIL_RTPIPE;
|
---|
| 1231 |
|
---|
| 1232 | size_t offEnvDump = 0;
|
---|
| 1233 | uint64_t const msStart = RTTimeMilliTS();
|
---|
| 1234 | for (;;)
|
---|
| 1235 | {
|
---|
| 1236 | size_t cbRead = 0;
|
---|
| 1237 | if (offEnvDump < cbEnvDump - 1)
|
---|
| 1238 | {
|
---|
| 1239 | rc = RTPipeRead(hPipeR, &pszEnvDump[offEnvDump], cbEnvDump - 1 - offEnvDump, &cbRead);
|
---|
| 1240 | if (RT_SUCCESS(rc))
|
---|
| 1241 | offEnvDump += cbRead;
|
---|
| 1242 | else
|
---|
| 1243 | {
|
---|
| 1244 | LogFlowFunc(("Breaking out of read loop: %Rrc\n", rc));
|
---|
| 1245 | if (rc == VERR_BROKEN_PIPE)
|
---|
| 1246 | rc = VINF_SUCCESS;
|
---|
| 1247 | break;
|
---|
| 1248 | }
|
---|
| 1249 | pszEnvDump[offEnvDump] = '\0';
|
---|
| 1250 | }
|
---|
| 1251 | else
|
---|
| 1252 | {
|
---|
| 1253 | LogFunc(("Too much data in environment dump, dropping it\n"));
|
---|
| 1254 | rc = VERR_TOO_MUCH_DATA;
|
---|
| 1255 | break;
|
---|
| 1256 | }
|
---|
| 1257 |
|
---|
| 1258 | /* Do the timout check. */
|
---|
| 1259 | uint64_t const cMsElapsed = RTTimeMilliTS() - msStart;
|
---|
| 1260 | if (cMsElapsed >= RT_MS_15SEC)
|
---|
| 1261 | {
|
---|
| 1262 | LogFunc(("Timed out after %RU64 ms\n", cMsElapsed));
|
---|
| 1263 | rc = VERR_TIMEOUT;
|
---|
| 1264 | break;
|
---|
| 1265 | }
|
---|
| 1266 |
|
---|
| 1267 | /* If we got no data in above wait for more to become ready. */
|
---|
| 1268 | if (!cbRead)
|
---|
| 1269 | RTPipeSelectOne(hPipeR, RT_MS_15SEC - cMsElapsed);
|
---|
| 1270 | }
|
---|
| 1271 |
|
---|
| 1272 | /*
|
---|
| 1273 | * Kill the process and wait for it to avoid leaving zombies behind.
|
---|
| 1274 | */
|
---|
| 1275 | /** @todo do we check the exit code? */
|
---|
| 1276 | int rc2 = RTProcWait(hProcess, RTPROCWAIT_FLAGS_NOBLOCK, NULL);
|
---|
| 1277 | if (RT_SUCCESS(rc2))
|
---|
| 1278 | LogFlowFunc(("First RTProcWait succeeded\n"));
|
---|
| 1279 | else
|
---|
| 1280 | {
|
---|
| 1281 | LogFunc(("First RTProcWait failed (%Rrc), terminating and doing a blocking wait\n", rc2));
|
---|
| 1282 | RTProcTerminate(hProcess);
|
---|
| 1283 | RTProcWait(hProcess, RTPROCWAIT_FLAGS_BLOCK, NULL);
|
---|
| 1284 | }
|
---|
| 1285 |
|
---|
| 1286 | /*
|
---|
| 1287 | * Parse the result.
|
---|
| 1288 | */
|
---|
| 1289 | if (RT_SUCCESS(rc))
|
---|
| 1290 | rc = rtProcPosixProfileEnvHarvest(hEnvToUse, pszEnvDump, fWithMarkers);
|
---|
| 1291 | else
|
---|
| 1292 | {
|
---|
| 1293 | LogFunc(("Ignoring rc=%Rrc from the pipe read loop and continues with basic environment\n", rc));
|
---|
| 1294 | rc = -rc;
|
---|
| 1295 | }
|
---|
| 1296 | }
|
---|
| 1297 | else
|
---|
| 1298 | LogFunc(("Failed to create process '%s': %Rrc\n", pszExec, rc));
|
---|
| 1299 | RTMemTmpFree(pszEnvDump);
|
---|
| 1300 | }
|
---|
| 1301 | else
|
---|
| 1302 | {
|
---|
| 1303 | LogFunc(("Failed to allocate %#zx bytes for the dump\n", cbEnvDump));
|
---|
| 1304 | rc = VERR_NO_TMP_MEMORY;
|
---|
| 1305 | }
|
---|
| 1306 | RTFileClose(hFileNull);
|
---|
| 1307 | }
|
---|
| 1308 | else
|
---|
| 1309 | LogFunc(("Failed to open /dev/null: %Rrc\n", rc));
|
---|
| 1310 | RTPipeClose(hPipeR);
|
---|
| 1311 | RTPipeClose(hPipeW);
|
---|
| 1312 | }
|
---|
| 1313 | else
|
---|
| 1314 | LogFunc(("Failed to create pipe: %Rrc\n", rc));
|
---|
| 1315 | LogFlowFunc(("returns %Rrc (hEnvToUse contains %u variables now)\n", rc, RTEnvCountEx(hEnvToUse)));
|
---|
| 1316 | return rc;
|
---|
| 1317 | }
|
---|
| 1318 |
|
---|
| 1319 |
|
---|
| 1320 | /**
|
---|
| 1321 | * Create an environment for the given user.
|
---|
| 1322 | *
|
---|
| 1323 | * This starts by creating a very basic environment and then tries to do it
|
---|
| 1324 | * properly by running the user's shell in login mode with some environment
|
---|
| 1325 | * dumping attached. The latter may fail and we'll ignore that for now and move
|
---|
| 1326 | * ahead with the very basic environment.
|
---|
| 1327 | *
|
---|
| 1328 | * @returns IPRT status code.
|
---|
[57869] | 1329 | * @param phEnvToUse Where to return the created environment.
|
---|
[92617] | 1330 | * @param pszAsUser The user name for the profile. NULL if the current
|
---|
| 1331 | * user.
|
---|
| 1332 | * @param uid The UID corrsponding to @a pszAsUser, ~0 if NULL.
|
---|
| 1333 | * @param gid The GID corrsponding to @a pszAsUser, ~0 if NULL.
|
---|
| 1334 | * @param fFlags RTPROC_FLAGS_XXX
|
---|
[92657] | 1335 | * @param papszPamEnv Array of environment variables returned by PAM, if
|
---|
| 1336 | * it was used for authentication and produced anything.
|
---|
| 1337 | * Otherwise NULL.
|
---|
[57869] | 1338 | */
|
---|
[92657] | 1339 | static int rtProcPosixCreateProfileEnv(PRTENV phEnvToUse, const char *pszAsUser, uid_t uid, gid_t gid,
|
---|
| 1340 | uint32_t fFlags, char **papszPamEnv)
|
---|
[57869] | 1341 | {
|
---|
[92618] | 1342 | /*
|
---|
| 1343 | * Get the passwd entry for the user.
|
---|
| 1344 | */
|
---|
[57869] | 1345 | struct passwd Pwd;
|
---|
| 1346 | struct passwd *pPwd = NULL;
|
---|
| 1347 | char achBuf[_4K];
|
---|
| 1348 | int rc;
|
---|
| 1349 | errno = 0;
|
---|
[92617] | 1350 | if (pszAsUser)
|
---|
| 1351 | rc = getpwnam_r(pszAsUser, &Pwd, achBuf, sizeof(achBuf), &pPwd);
|
---|
[57869] | 1352 | else
|
---|
| 1353 | rc = getpwuid_r(getuid(), &Pwd, achBuf, sizeof(achBuf), &pPwd);
|
---|
| 1354 | if (rc == 0 && pPwd)
|
---|
| 1355 | {
|
---|
[92618] | 1356 | /*
|
---|
| 1357 | * Convert stuff to UTF-8 since the environment is UTF-8.
|
---|
| 1358 | */
|
---|
[57869] | 1359 | char *pszDir;
|
---|
| 1360 | rc = RTStrCurrentCPToUtf8(&pszDir, pPwd->pw_dir);
|
---|
| 1361 | if (RT_SUCCESS(rc))
|
---|
| 1362 | {
|
---|
[92617] | 1363 | #if 0 /* Enable and modify this to test shells other that your login shell. */
|
---|
| 1364 | pPwd->pw_shell = (char *)"/bin/tmux";
|
---|
| 1365 | #endif
|
---|
[57869] | 1366 | char *pszShell;
|
---|
| 1367 | rc = RTStrCurrentCPToUtf8(&pszShell, pPwd->pw_shell);
|
---|
| 1368 | if (RT_SUCCESS(rc))
|
---|
| 1369 | {
|
---|
[92617] | 1370 | char *pszAsUserFree = NULL;
|
---|
| 1371 | if (!pszAsUser)
|
---|
[57869] | 1372 | {
|
---|
[92617] | 1373 | rc = RTStrCurrentCPToUtf8(&pszAsUserFree, pPwd->pw_name);
|
---|
[57869] | 1374 | if (RT_SUCCESS(rc))
|
---|
[92617] | 1375 | pszAsUser = pszAsUserFree;
|
---|
[57869] | 1376 | }
|
---|
| 1377 | if (RT_SUCCESS(rc))
|
---|
| 1378 | {
|
---|
[92618] | 1379 | /*
|
---|
| 1380 | * Create and populate the environment.
|
---|
| 1381 | */
|
---|
[57869] | 1382 | rc = RTEnvCreate(phEnvToUse);
|
---|
| 1383 | if (RT_SUCCESS(rc))
|
---|
| 1384 | {
|
---|
| 1385 | RTENV hEnvToUse = *phEnvToUse;
|
---|
| 1386 | rc = RTEnvSetEx(hEnvToUse, "HOME", pszDir);
|
---|
| 1387 | if (RT_SUCCESS(rc))
|
---|
| 1388 | rc = RTEnvSetEx(hEnvToUse, "SHELL", pszShell);
|
---|
| 1389 | if (RT_SUCCESS(rc))
|
---|
[92617] | 1390 | rc = RTEnvSetEx(hEnvToUse, "USER", pszAsUser);
|
---|
[57869] | 1391 | if (RT_SUCCESS(rc))
|
---|
[92617] | 1392 | rc = RTEnvSetEx(hEnvToUse, "LOGNAME", pszAsUser);
|
---|
[57869] | 1393 | if (RT_SUCCESS(rc))
|
---|
| 1394 | rc = RTEnvSetEx(hEnvToUse, "PATH", pPwd->pw_uid == 0 ? _PATH_STDPATH : _PATH_DEFPATH);
|
---|
[92618] | 1395 | char szTmpPath[RTPATH_MAX];
|
---|
[57869] | 1396 | if (RT_SUCCESS(rc))
|
---|
| 1397 | {
|
---|
[92618] | 1398 | RTStrPrintf(szTmpPath, sizeof(szTmpPath), "%s/%s", _PATH_MAILDIR, pszAsUser);
|
---|
| 1399 | rc = RTEnvSetEx(hEnvToUse, "MAIL", szTmpPath);
|
---|
[57869] | 1400 | }
|
---|
| 1401 | #ifdef RT_OS_DARWIN
|
---|
[92619] | 1402 | if (RT_SUCCESS(rc))
|
---|
[57869] | 1403 | {
|
---|
[92619] | 1404 | /* TMPDIR is some unique per user directory under /var/folders on darwin,
|
---|
| 1405 | so get the one for the current user. If we're launching the process as
|
---|
| 1406 | a different user, rtProcPosixAdjustProfileEnvFromChild will update it
|
---|
| 1407 | again for the actual child process user (provided we set it here). See
|
---|
[92618] | 1408 | https://opensource.apple.com/source/Libc/Libc-997.1.1/darwin/_dirhelper.c
|
---|
[92619] | 1409 | for the implementation of this query. */
|
---|
[92618] | 1410 | size_t cbNeeded = confstr(_CS_DARWIN_USER_TEMP_DIR, szTmpPath, sizeof(szTmpPath));
|
---|
| 1411 | if (cbNeeded > 0 && cbNeeded < sizeof(szTmpPath))
|
---|
[57869] | 1412 | {
|
---|
[57871] | 1413 | char *pszTmp;
|
---|
[92618] | 1414 | rc = RTStrCurrentCPToUtf8(&pszTmp, szTmpPath);
|
---|
[57869] | 1415 | if (RT_SUCCESS(rc))
|
---|
| 1416 | {
|
---|
| 1417 | rc = RTEnvSetEx(hEnvToUse, "TMPDIR", pszTmp);
|
---|
| 1418 | RTStrFree(pszTmp);
|
---|
| 1419 | }
|
---|
| 1420 | }
|
---|
| 1421 | else
|
---|
| 1422 | rc = VERR_BUFFER_OVERFLOW;
|
---|
| 1423 | }
|
---|
| 1424 | #endif
|
---|
[92657] | 1425 | /*
|
---|
| 1426 | * Add everything from the PAM environment.
|
---|
| 1427 | */
|
---|
| 1428 | if (RT_SUCCESS(rc) && papszPamEnv != NULL)
|
---|
| 1429 | for (size_t i = 0; papszPamEnv[i] != NULL && RT_SUCCESS(rc); i++)
|
---|
| 1430 | {
|
---|
| 1431 | char *pszEnvVar;
|
---|
| 1432 | rc = RTStrCurrentCPToUtf8(&pszEnvVar, papszPamEnv[i]);
|
---|
| 1433 | if (RT_SUCCESS(rc))
|
---|
| 1434 | {
|
---|
| 1435 | char *pszValue = strchr(pszEnvVar, '=');
|
---|
| 1436 | if (pszValue)
|
---|
| 1437 | *pszValue++ = '\0';
|
---|
| 1438 | rc = RTEnvSetEx(hEnvToUse, pszEnvVar, pszValue ? pszValue : "");
|
---|
| 1439 | RTStrFree(pszEnvVar);
|
---|
| 1440 | }
|
---|
| 1441 | /* Ignore conversion issue, though LogRel them. */
|
---|
| 1442 | else if (rc != VERR_NO_STR_MEMORY && rc != VERR_NO_MEMORY)
|
---|
| 1443 | {
|
---|
| 1444 | LogRelMax(256, ("RTStrCurrentCPToUtf8(,%.*Rhxs) -> %Rrc\n", strlen(pszEnvVar), pszEnvVar, rc));
|
---|
| 1445 | rc = -rc;
|
---|
| 1446 | }
|
---|
| 1447 | }
|
---|
[92617] | 1448 | if (RT_SUCCESS(rc))
|
---|
| 1449 | {
|
---|
| 1450 | /*
|
---|
| 1451 | * Now comes the fun part where we need to try run a shell in login mode
|
---|
| 1452 | * and harvest its final environment to get the proper environment for
|
---|
| 1453 | * the user. We ignore some failures here so buggy login scrips and
|
---|
| 1454 | * other weird stuff won't trip us up too badly.
|
---|
| 1455 | */
|
---|
| 1456 | if (!(fFlags & RTPROC_FLAGS_ONLY_BASIC_PROFILE))
|
---|
| 1457 | rc = rtProcPosixProfileEnvRunAndHarvest(hEnvToUse, pszAsUser, uid, gid, pszShell);
|
---|
| 1458 | }
|
---|
[57869] | 1459 |
|
---|
| 1460 | if (RT_FAILURE(rc))
|
---|
| 1461 | RTEnvDestroy(hEnvToUse);
|
---|
| 1462 | }
|
---|
[92617] | 1463 | RTStrFree(pszAsUserFree);
|
---|
[57869] | 1464 | }
|
---|
| 1465 | RTStrFree(pszShell);
|
---|
| 1466 | }
|
---|
| 1467 | RTStrFree(pszDir);
|
---|
| 1468 | }
|
---|
| 1469 | }
|
---|
| 1470 | else
|
---|
| 1471 | rc = errno ? RTErrConvertFromErrno(errno) : VERR_ACCESS_DENIED;
|
---|
| 1472 | return rc;
|
---|
| 1473 | }
|
---|
| 1474 |
|
---|
| 1475 |
|
---|
| 1476 | /**
|
---|
[92671] | 1477 | * Converts the arguments to the child's LC_CTYPE charset if necessary.
|
---|
| 1478 | *
|
---|
| 1479 | * @returns IPRT status code.
|
---|
| 1480 | * @param papszArgs The arguments (UTF-8).
|
---|
| 1481 | * @param hEnvToUse The child process environment.
|
---|
| 1482 | * @param ppapszArgs Where to return the converted arguments. The array
|
---|
| 1483 | * entries must be freed by RTStrFree and the array itself
|
---|
| 1484 | * by RTMemFree.
|
---|
| 1485 | */
|
---|
| 1486 | static int rtProcPosixConvertArgv(const char * const *papszArgs, RTENV hEnvToUse, char ***ppapszArgs)
|
---|
| 1487 | {
|
---|
| 1488 | *ppapszArgs = (char **)papszArgs;
|
---|
| 1489 |
|
---|
| 1490 | /*
|
---|
| 1491 | * The first thing we need to do here is to try guess the codeset of the
|
---|
| 1492 | * child process and check if it's UTF-8 or not.
|
---|
| 1493 | */
|
---|
| 1494 | const char *pszEncoding;
|
---|
| 1495 | char szEncoding[512];
|
---|
| 1496 | if (hEnvToUse == RTENV_DEFAULT)
|
---|
| 1497 | {
|
---|
| 1498 | /* Same environment as us, assume setlocale is up to date: */
|
---|
| 1499 | pszEncoding = rtStrGetLocaleCodeset();
|
---|
| 1500 | }
|
---|
| 1501 | else
|
---|
| 1502 | {
|
---|
[95623] | 1503 | /*
|
---|
| 1504 | * LC_ALL overrides everything else. The LC_* environment variables are often set
|
---|
[96820] | 1505 | * to the empty string so move on the next variable if that is the case (that's
|
---|
| 1506 | * what setlocale in glibc does).
|
---|
[95623] | 1507 | */
|
---|
[92671] | 1508 | const char *pszVar;
|
---|
| 1509 | int rc = RTEnvGetEx(hEnvToUse, pszVar = "LC_ALL", szEncoding, sizeof(szEncoding), NULL);
|
---|
[96820] | 1510 | if (rc == VERR_ENV_VAR_NOT_FOUND || (RT_SUCCESS(rc) && szEncoding[0] == '\0'))
|
---|
[92671] | 1511 | rc = RTEnvGetEx(hEnvToUse, pszVar = "LC_CTYPE", szEncoding, sizeof(szEncoding), NULL);
|
---|
[96820] | 1512 | if (rc == VERR_ENV_VAR_NOT_FOUND || (RT_SUCCESS(rc) && szEncoding[0] == '\0'))
|
---|
[92671] | 1513 | rc = RTEnvGetEx(hEnvToUse, pszVar = "LANG", szEncoding, sizeof(szEncoding), NULL);
|
---|
[96820] | 1514 | if (RT_SUCCESS(rc) && szEncoding[0] != '\0')
|
---|
[92671] | 1515 | {
|
---|
[95623] | 1516 | /*
|
---|
| 1517 | * LC_ALL can contain a composite locale consisting of the locales of each of the
|
---|
| 1518 | * categories in two different formats depending on the OS. On Solaris, macOS, and
|
---|
| 1519 | * *BSD composite locale names use slash ('/') as the separator and the following
|
---|
| 1520 | * order for the categories:
|
---|
| 1521 | * LC_CTYPE/LC_NUMERIC/LC_TIME/LC_COLLATE/LC_MONETARY/LC_MESSAGES
|
---|
| 1522 | * e.g.:
|
---|
| 1523 | * en_US.UTF-8/POSIX/el_GR.UTF-8/el_CY.UTF-8/en_GB.UTF-8/es_ES.UTF-8
|
---|
[96820] | 1524 | *
|
---|
| 1525 | * On Solaris there is also a leading slash.
|
---|
| 1526 | *
|
---|
| 1527 | * On Linux and OS/2 the composite locale format is made up of key-value pairs
|
---|
| 1528 | * of category names and locales of the form 'name=value' with each element
|
---|
| 1529 | * separated by a semicolon in the same order as above with following additional
|
---|
| 1530 | * categories included as well:
|
---|
[95623] | 1531 | * LC_PAPER/LC_NAME/LC_ADDRESS/LC_TELEPHONE/LC_MEASUREMENT/LC_IDENTIFICATION
|
---|
| 1532 | * e.g.
|
---|
| 1533 | * LC_CTYPE=fr_BE;LC_NUMERIC=fr_BE@euro;LC_TIME=fr_BE.utf8;LC_COLLATE=fr_CA;\
|
---|
| 1534 | * LC_MONETARY=fr_CA.utf8;LC_MESSAGES=fr_CH;LC_PAPER=fr_CH.utf8;LC_NAME=fr_FR;\
|
---|
| 1535 | * LC_ADDRESS=fr_FR.utf8;LC_TELEPHONE=fr_LU;LC_MEASUREMENT=fr_LU@euro;\
|
---|
| 1536 | * LC_IDENTIFICATION=fr_LU.utf8
|
---|
| 1537 | */
|
---|
[96820] | 1538 | char *pszEncodingStart = szEncoding;
|
---|
| 1539 | #if !defined(RT_OS_LINUX) && !defined(RT_OS_OS2)
|
---|
| 1540 | if (*pszEncodingStart == '/')
|
---|
| 1541 | pszEncodingStart++;
|
---|
| 1542 | char *pszSlash = strchr(pszEncodingStart, '/');
|
---|
[95623] | 1543 | if (pszSlash)
|
---|
[96820] | 1544 | *pszSlash = '\0'; /* This ASSUMES the first one is LC_CTYPE! */
|
---|
[95623] | 1545 | #else
|
---|
[96820] | 1546 | char *pszCType = strstr(pszEncodingStart, "LC_CTYPE=");
|
---|
| 1547 | if (pszCType)
|
---|
[92671] | 1548 | {
|
---|
[96820] | 1549 | pszEncodingStart = pszCType + sizeof("LC_CTYPE=") - 1;
|
---|
| 1550 |
|
---|
| 1551 | char *pszSemiColon = strchr(pszEncodingStart, ';');
|
---|
| 1552 | if (pszSemiColon)
|
---|
| 1553 | *pszSemiColon = '\0';
|
---|
[92671] | 1554 | }
|
---|
[95623] | 1555 | #endif
|
---|
[96820] | 1556 |
|
---|
[95623] | 1557 | /*
|
---|
| 1558 | * Use newlocale and nl_langinfo_l to determine the default codeset for the locale
|
---|
| 1559 | * specified in the child's environment. These routines have been around since
|
---|
| 1560 | * ancient days on Linux and for quite a long time on macOS, Solaris, and *BSD but
|
---|
| 1561 | * to ensure their availability check that LC_CTYPE_MASK is defined.
|
---|
[96820] | 1562 | *
|
---|
| 1563 | * Note! The macOS nl_langinfo(3)/nl_langinfo_l(3) routines return a pointer to an
|
---|
| 1564 | * empty string for "short" locale names like en_NZ, it_IT, el_GR, etc. so use
|
---|
| 1565 | * UTF-8 in those cases as it is the default for short name locales on macOS
|
---|
| 1566 | * (see also rtStrGetLocaleCodeset).
|
---|
[95623] | 1567 | */
|
---|
| 1568 | #ifdef LC_CTYPE_MASK
|
---|
[96820] | 1569 | locale_t hLocale = newlocale(LC_CTYPE_MASK, pszEncodingStart, (locale_t)0);
|
---|
[95623] | 1570 | if (hLocale != (locale_t)0)
|
---|
[92671] | 1571 | {
|
---|
[95623] | 1572 | const char *pszCodeset = nl_langinfo_l(CODESET, hLocale);
|
---|
[96820] | 1573 | Log2Func(("nl_langinfo_l(CODESET, %s=%s) -> %s\n", pszVar, pszEncodingStart, pszCodeset));
|
---|
| 1574 | if (!pszCodeset || *pszCodeset == '\0')
|
---|
[95623] | 1575 | # ifdef RT_OS_DARWIN
|
---|
[96820] | 1576 | pszEncoding = "UTF-8";
|
---|
| 1577 | # else
|
---|
| 1578 | pszEncoding = "ASCII";
|
---|
[95623] | 1579 | # endif
|
---|
[96820] | 1580 | else
|
---|
| 1581 | {
|
---|
| 1582 | rc = RTStrCopy(szEncoding, sizeof(szEncoding), pszCodeset);
|
---|
| 1583 | AssertRC(rc); /* cannot possibly overflow */
|
---|
| 1584 | }
|
---|
[92671] | 1585 |
|
---|
[95623] | 1586 | freelocale(hLocale);
|
---|
| 1587 | pszEncoding = szEncoding;
|
---|
| 1588 | }
|
---|
| 1589 | else
|
---|
[92671] | 1590 | #endif
|
---|
[95623] | 1591 | {
|
---|
[96820] | 1592 | /* If there is something that ought to be a character set encoding, try use it: */
|
---|
| 1593 | const char *pszDot = strchr(pszEncodingStart, '.');
|
---|
| 1594 | if (pszDot)
|
---|
| 1595 | pszDot = RTStrStripL(pszDot + 1);
|
---|
| 1596 | if (pszDot && *pszDot != '\0')
|
---|
| 1597 | {
|
---|
| 1598 | pszEncoding = pszDot;
|
---|
| 1599 | Log2Func(("%s=%s -> %s (simple)\n", pszVar, szEncoding, pszEncoding));
|
---|
| 1600 | }
|
---|
| 1601 | else
|
---|
| 1602 | {
|
---|
| 1603 | /* This is mostly wrong, but I cannot think of anything better now: */
|
---|
| 1604 | pszEncoding = rtStrGetLocaleCodeset();
|
---|
| 1605 | LogFunc(("No newlocale or it failed (on '%s=%s', errno=%d), falling back on %s that we're using...\n",
|
---|
| 1606 | pszVar, pszEncodingStart, errno, pszEncoding));
|
---|
| 1607 | }
|
---|
[95623] | 1608 | }
|
---|
| 1609 | RT_NOREF_PV(pszVar);
|
---|
[92671] | 1610 | }
|
---|
| 1611 | else
|
---|
[93543] | 1612 | #ifdef RT_OS_DARWIN /* @bugref{10153}: Darwin defaults to UTF-8. */
|
---|
| 1613 | pszEncoding = "UTF-8";
|
---|
| 1614 | #else
|
---|
[92755] | 1615 | pszEncoding = "ASCII";
|
---|
[93543] | 1616 | #endif
|
---|
[92671] | 1617 | }
|
---|
| 1618 |
|
---|
| 1619 | /*
|
---|
| 1620 | * Do nothing if it's UTF-8.
|
---|
| 1621 | */
|
---|
| 1622 | if (rtStrIsCodesetUtf8(pszEncoding))
|
---|
| 1623 | {
|
---|
| 1624 | LogFlowFunc(("No conversion needed (%s)\n", pszEncoding));
|
---|
| 1625 | return VINF_SUCCESS;
|
---|
| 1626 | }
|
---|
| 1627 |
|
---|
| 1628 |
|
---|
| 1629 | /*
|
---|
| 1630 | * Do the conversion.
|
---|
| 1631 | */
|
---|
| 1632 | size_t cArgs = 0;
|
---|
| 1633 | while (papszArgs[cArgs] != NULL)
|
---|
| 1634 | cArgs++;
|
---|
| 1635 | LogFunc(("Converting #%u arguments to %s...\n", cArgs, pszEncoding));
|
---|
| 1636 |
|
---|
| 1637 | char **papszArgsConverted = (char **)RTMemAllocZ(sizeof(papszArgsConverted[0]) * (cArgs + 2));
|
---|
| 1638 | AssertReturn(papszArgsConverted, VERR_NO_MEMORY);
|
---|
| 1639 |
|
---|
| 1640 | void *pvConversionCache = NULL;
|
---|
| 1641 | rtStrLocalCacheInit(&pvConversionCache);
|
---|
| 1642 | for (size_t i = 0; i < cArgs; i++)
|
---|
| 1643 | {
|
---|
| 1644 | int rc = rtStrLocalCacheConvert(papszArgs[i], strlen(papszArgs[i]), "UTF-8",
|
---|
| 1645 | &papszArgsConverted[i], 0, pszEncoding, &pvConversionCache);
|
---|
| 1646 | if (RT_SUCCESS(rc) && rc != VWRN_NO_TRANSLATION)
|
---|
| 1647 | { /* likely */ }
|
---|
| 1648 | else
|
---|
| 1649 | {
|
---|
[92750] | 1650 | LogRelMax(100, ("Failed to convert argument #%u '%s' to '%s': %Rrc\n", i, papszArgs[i], pszEncoding, rc));
|
---|
[92671] | 1651 | while (i-- > 0)
|
---|
| 1652 | RTStrFree(papszArgsConverted[i]);
|
---|
| 1653 | RTMemFree(papszArgsConverted);
|
---|
| 1654 | rtStrLocalCacheDelete(&pvConversionCache);
|
---|
[92672] | 1655 | return rc == VWRN_NO_TRANSLATION || rc == VERR_NO_TRANSLATION ? VERR_PROC_NO_ARG_TRANSLATION : rc;
|
---|
[92671] | 1656 | }
|
---|
| 1657 | }
|
---|
| 1658 |
|
---|
| 1659 | rtStrLocalCacheDelete(&pvConversionCache);
|
---|
| 1660 | *ppapszArgs = papszArgsConverted;
|
---|
| 1661 | return VINF_SUCCESS;
|
---|
| 1662 | }
|
---|
| 1663 |
|
---|
| 1664 |
|
---|
| 1665 | /**
|
---|
| 1666 | * The result structure for rtPathFindExec/RTPathTraverseList.
|
---|
| 1667 | * @todo move to common path code?
|
---|
| 1668 | */
|
---|
| 1669 | typedef struct RTPATHINTSEARCH
|
---|
| 1670 | {
|
---|
| 1671 | /** For EACCES or EPERM errors that we continued on.
|
---|
| 1672 | * @note Must be initialized to VINF_SUCCESS. */
|
---|
| 1673 | int rcSticky;
|
---|
| 1674 | /** Buffer containing the filename. */
|
---|
| 1675 | char szFound[RTPATH_MAX];
|
---|
| 1676 | } RTPATHINTSEARCH;
|
---|
| 1677 | /** Pointer to a rtPathFindExec/RTPathTraverseList result. */
|
---|
| 1678 | typedef RTPATHINTSEARCH *PRTPATHINTSEARCH;
|
---|
| 1679 |
|
---|
| 1680 |
|
---|
| 1681 | /**
|
---|
[40571] | 1682 | * RTPathTraverseList callback used by RTProcCreateEx to locate the executable.
|
---|
| 1683 | */
|
---|
| 1684 | static DECLCALLBACK(int) rtPathFindExec(char const *pchPath, size_t cchPath, void *pvUser1, void *pvUser2)
|
---|
| 1685 | {
|
---|
[92671] | 1686 | const char *pszExec = (const char *)pvUser1;
|
---|
| 1687 | PRTPATHINTSEARCH pResult = (PRTPATHINTSEARCH)pvUser2;
|
---|
[96609] | 1688 | int rc = RTPathJoinEx(pResult->szFound, sizeof(pResult->szFound), pchPath, cchPath, pszExec, RTSTR_MAX,
|
---|
| 1689 | RTPATH_STR_F_STYLE_HOST);
|
---|
[92671] | 1690 | if (RT_SUCCESS(rc))
|
---|
| 1691 | {
|
---|
| 1692 | const char *pszNativeExec = NULL;
|
---|
| 1693 | rc = rtPathToNative(&pszNativeExec, pResult->szFound, NULL);
|
---|
| 1694 | if (RT_SUCCESS(rc))
|
---|
| 1695 | {
|
---|
| 1696 | if (!access(pszNativeExec, X_OK))
|
---|
| 1697 | rc = VINF_SUCCESS;
|
---|
| 1698 | else
|
---|
| 1699 | {
|
---|
| 1700 | if ( errno == EACCES
|
---|
| 1701 | || errno == EPERM)
|
---|
| 1702 | pResult->rcSticky = RTErrConvertFromErrno(errno);
|
---|
| 1703 | rc = VERR_TRY_AGAIN;
|
---|
| 1704 | }
|
---|
| 1705 | rtPathFreeNative(pszNativeExec, pResult->szFound);
|
---|
| 1706 | }
|
---|
| 1707 | else
|
---|
| 1708 | AssertRCStmt(rc, rc = VERR_TRY_AGAIN /* don't stop on this, whatever it is */);
|
---|
| 1709 | }
|
---|
| 1710 | return rc;
|
---|
[40571] | 1711 | }
|
---|
| 1712 |
|
---|
| 1713 |
|
---|
[26802] | 1714 | RTR3DECL(int) RTProcCreateEx(const char *pszExec, const char * const *papszArgs, RTENV hEnv, uint32_t fFlags,
|
---|
| 1715 | PCRTHANDLE phStdIn, PCRTHANDLE phStdOut, PCRTHANDLE phStdErr, const char *pszAsUser,
|
---|
[80569] | 1716 | const char *pszPassword, void *pvExtraData, PRTPROCESS phProcess)
|
---|
[26802] | 1717 | {
|
---|
| 1718 | int rc;
|
---|
[92758] | 1719 | LogFlow(("RTProcCreateEx: pszExec=%s pszAsUser=%s fFlags=%#x phStdIn=%p phStdOut=%p phStdErr=%p\n",
|
---|
| 1720 | pszExec, pszAsUser, fFlags, phStdIn, phStdOut, phStdErr));
|
---|
[26802] | 1721 |
|
---|
| 1722 | /*
|
---|
| 1723 | * Input validation
|
---|
| 1724 | */
|
---|
| 1725 | AssertPtrReturn(pszExec, VERR_INVALID_POINTER);
|
---|
| 1726 | AssertReturn(*pszExec, VERR_INVALID_PARAMETER);
|
---|
[55530] | 1727 | AssertReturn(!(fFlags & ~RTPROC_FLAGS_VALID_MASK), VERR_INVALID_PARAMETER);
|
---|
[27743] | 1728 | AssertReturn(!(fFlags & RTPROC_FLAGS_DETACHED) || !phProcess, VERR_INVALID_PARAMETER);
|
---|
[26802] | 1729 | AssertReturn(hEnv != NIL_RTENV, VERR_INVALID_PARAMETER);
|
---|
| 1730 | AssertPtrReturn(papszArgs, VERR_INVALID_PARAMETER);
|
---|
| 1731 | AssertPtrNullReturn(pszAsUser, VERR_INVALID_POINTER);
|
---|
[27667] | 1732 | AssertReturn(!pszAsUser || *pszAsUser, VERR_INVALID_PARAMETER);
|
---|
| 1733 | AssertReturn(!pszPassword || pszAsUser, VERR_INVALID_PARAMETER);
|
---|
| 1734 | AssertPtrNullReturn(pszPassword, VERR_INVALID_POINTER);
|
---|
[44489] | 1735 | #if defined(RT_OS_OS2)
|
---|
| 1736 | if (fFlags & RTPROC_FLAGS_DETACHED)
|
---|
| 1737 | return VERR_PROC_DETACH_NOT_SUPPORTED;
|
---|
| 1738 | #endif
|
---|
[26802] | 1739 |
|
---|
[99483] | 1740 | /* Extra data: */
|
---|
| 1741 | if (fFlags & RTPROC_FLAGS_CWD)
|
---|
| 1742 | {
|
---|
| 1743 | AssertPtrReturn(pvExtraData, VERR_INVALID_POINTER);
|
---|
| 1744 | }
|
---|
| 1745 | else
|
---|
| 1746 | AssertReturn(pvExtraData == NULL, VERR_INVALID_PARAMETER);
|
---|
| 1747 | /* Note: Windows-specific flags will be quietly ignored. */
|
---|
| 1748 |
|
---|
[26802] | 1749 | /*
|
---|
| 1750 | * Get the file descriptors for the handles we've been passed.
|
---|
| 1751 | */
|
---|
| 1752 | PCRTHANDLE paHandles[3] = { phStdIn, phStdOut, phStdErr };
|
---|
| 1753 | int aStdFds[3] = { -1, -1, -1 };
|
---|
| 1754 | for (int i = 0; i < 3; i++)
|
---|
| 1755 | {
|
---|
| 1756 | if (paHandles[i])
|
---|
| 1757 | {
|
---|
| 1758 | AssertPtrReturn(paHandles[i], VERR_INVALID_POINTER);
|
---|
| 1759 | switch (paHandles[i]->enmType)
|
---|
| 1760 | {
|
---|
| 1761 | case RTHANDLETYPE_FILE:
|
---|
| 1762 | aStdFds[i] = paHandles[i]->u.hFile != NIL_RTFILE
|
---|
| 1763 | ? (int)RTFileToNative(paHandles[i]->u.hFile)
|
---|
| 1764 | : -2 /* close it */;
|
---|
| 1765 | break;
|
---|
| 1766 |
|
---|
| 1767 | case RTHANDLETYPE_PIPE:
|
---|
| 1768 | aStdFds[i] = paHandles[i]->u.hPipe != NIL_RTPIPE
|
---|
| 1769 | ? (int)RTPipeToNative(paHandles[i]->u.hPipe)
|
---|
| 1770 | : -2 /* close it */;
|
---|
| 1771 | break;
|
---|
| 1772 |
|
---|
[27503] | 1773 | case RTHANDLETYPE_SOCKET:
|
---|
| 1774 | aStdFds[i] = paHandles[i]->u.hSocket != NIL_RTSOCKET
|
---|
| 1775 | ? (int)RTSocketToNative(paHandles[i]->u.hSocket)
|
---|
| 1776 | : -2 /* close it */;
|
---|
| 1777 | break;
|
---|
[26802] | 1778 |
|
---|
| 1779 | default:
|
---|
| 1780 | AssertMsgFailedReturn(("%d: %d\n", i, paHandles[i]->enmType), VERR_INVALID_PARAMETER);
|
---|
| 1781 | }
|
---|
| 1782 | /** @todo check the close-on-execness of these handles? */
|
---|
| 1783 | }
|
---|
| 1784 | }
|
---|
| 1785 |
|
---|
| 1786 | for (int i = 0; i < 3; i++)
|
---|
| 1787 | if (aStdFds[i] == i)
|
---|
| 1788 | aStdFds[i] = -1;
|
---|
[92758] | 1789 | LogFlowFunc(("aStdFds={%d, %d, %d}\n", aStdFds[0], aStdFds[1], aStdFds[2]));
|
---|
[26802] | 1790 |
|
---|
| 1791 | for (int i = 0; i < 3; i++)
|
---|
| 1792 | AssertMsgReturn(aStdFds[i] < 0 || aStdFds[i] > i,
|
---|
| 1793 | ("%i := %i not possible because we're lazy\n", i, aStdFds[i]),
|
---|
| 1794 | VERR_NOT_SUPPORTED);
|
---|
| 1795 |
|
---|
| 1796 | /*
|
---|
[92657] | 1797 | * Validate the credentials if a user is specified.
|
---|
[26802] | 1798 | */
|
---|
[92657] | 1799 | bool const fNeedLoginEnv = (fFlags & RTPROC_FLAGS_PROFILE)
|
---|
| 1800 | && ((fFlags & RTPROC_FLAGS_ENV_CHANGE_RECORD) || hEnv == RTENV_DEFAULT);
|
---|
| 1801 | uid_t uid = ~(uid_t)0;
|
---|
| 1802 | gid_t gid = ~(gid_t)0;
|
---|
| 1803 | char **papszPamEnv = NULL;
|
---|
[26802] | 1804 | if (pszAsUser)
|
---|
| 1805 | {
|
---|
[92657] | 1806 | rc = rtCheckCredentials(pszAsUser, pszPassword, &gid, &uid, fNeedLoginEnv ? &papszPamEnv : NULL);
|
---|
[29582] | 1807 | if (RT_FAILURE(rc))
|
---|
| 1808 | return rc;
|
---|
[26802] | 1809 | }
|
---|
[92657] | 1810 | #ifdef IPRT_USE_PAM
|
---|
| 1811 | /*
|
---|
| 1812 | * User unchanged, but if PROFILE is request we must try get the PAM
|
---|
| 1813 | * environmnet variables.
|
---|
| 1814 | *
|
---|
| 1815 | * For this to work, we'll need a special PAM service profile which doesn't
|
---|
| 1816 | * actually do any authentication, only concerns itself with the enviornment
|
---|
| 1817 | * setup. gdm-launch-environment is such one, and we use it if we haven't
|
---|
| 1818 | * got an IPRT specific one there.
|
---|
| 1819 | */
|
---|
| 1820 | else if (fNeedLoginEnv)
|
---|
| 1821 | {
|
---|
| 1822 | const char *pszService;
|
---|
| 1823 | if (rtProcPosixPamServiceExists("iprt-environment"))
|
---|
| 1824 | pszService = "iprt-environment";
|
---|
| 1825 | # ifdef IPRT_PAM_NATIVE_SERVICE_NAME_ENVIRONMENT
|
---|
| 1826 | else if (rtProcPosixPamServiceExists(IPRT_PAM_NATIVE_SERVICE_NAME_ENVIRONMENT))
|
---|
| 1827 | pszService = IPRT_PAM_NATIVE_SERVICE_NAME_ENVIRONMENT;
|
---|
| 1828 | # endif
|
---|
| 1829 | else if (rtProcPosixPamServiceExists("gdm-launch-environment"))
|
---|
| 1830 | pszService = "gdm-launch-environment";
|
---|
| 1831 | else
|
---|
| 1832 | pszService = NULL;
|
---|
| 1833 | if (pszService)
|
---|
| 1834 | {
|
---|
| 1835 | char szLoginName[512];
|
---|
| 1836 | rc = getlogin_r(szLoginName, sizeof(szLoginName));
|
---|
| 1837 | if (rc == 0)
|
---|
| 1838 | rc = rtProcPosixAuthenticateUsingPam(pszService, szLoginName, "xxx", &papszPamEnv, NULL);
|
---|
| 1839 | }
|
---|
| 1840 | }
|
---|
| 1841 | #endif
|
---|
[26802] | 1842 |
|
---|
| 1843 | /*
|
---|
[57869] | 1844 | * Create the child environment if either RTPROC_FLAGS_PROFILE or
|
---|
| 1845 | * RTPROC_FLAGS_ENV_CHANGE_RECORD are in effect.
|
---|
| 1846 | */
|
---|
| 1847 | RTENV hEnvToUse = hEnv;
|
---|
| 1848 | if ( (fFlags & (RTPROC_FLAGS_ENV_CHANGE_RECORD | RTPROC_FLAGS_PROFILE))
|
---|
| 1849 | && ( (fFlags & RTPROC_FLAGS_ENV_CHANGE_RECORD)
|
---|
| 1850 | || hEnv == RTENV_DEFAULT) )
|
---|
| 1851 | {
|
---|
| 1852 | if (fFlags & RTPROC_FLAGS_PROFILE)
|
---|
[92657] | 1853 | rc = rtProcPosixCreateProfileEnv(&hEnvToUse, pszAsUser, uid, gid, fFlags, papszPamEnv);
|
---|
[57869] | 1854 | else
|
---|
| 1855 | rc = RTEnvClone(&hEnvToUse, RTENV_DEFAULT);
|
---|
[92657] | 1856 | rtProcPosixFreePamEnv(papszPamEnv);
|
---|
| 1857 | papszPamEnv = NULL;
|
---|
[92617] | 1858 | if (RT_FAILURE(rc))
|
---|
| 1859 | return rc;
|
---|
| 1860 |
|
---|
| 1861 | if ((fFlags & RTPROC_FLAGS_ENV_CHANGE_RECORD) && hEnv != RTENV_DEFAULT)
|
---|
[57869] | 1862 | {
|
---|
[92617] | 1863 | rc = RTEnvApplyChanges(hEnvToUse, hEnv);
|
---|
[57869] | 1864 | if (RT_FAILURE(rc))
|
---|
[92617] | 1865 | {
|
---|
[57869] | 1866 | RTEnvDestroy(hEnvToUse);
|
---|
[92617] | 1867 | return rc;
|
---|
| 1868 | }
|
---|
[57869] | 1869 | }
|
---|
| 1870 | }
|
---|
[92657] | 1871 | Assert(papszPamEnv == NULL);
|
---|
[57869] | 1872 |
|
---|
| 1873 | /*
|
---|
[92671] | 1874 | * Check for execute access to the file, searching the PATH if needed.
|
---|
[26802] | 1875 | */
|
---|
[92671] | 1876 | const char *pszNativeExec = NULL;
|
---|
| 1877 | rc = rtPathToNative(&pszNativeExec, pszExec, NULL);
|
---|
| 1878 | if (RT_SUCCESS(rc))
|
---|
[40571] | 1879 | {
|
---|
[92671] | 1880 | if (access(pszNativeExec, X_OK) == 0)
|
---|
| 1881 | rc = VINF_SUCCESS;
|
---|
[57869] | 1882 | else
|
---|
| 1883 | {
|
---|
[92671] | 1884 | rc = errno;
|
---|
| 1885 | rtPathFreeNative(pszNativeExec, pszExec);
|
---|
| 1886 |
|
---|
| 1887 | if ( !(fFlags & RTPROC_FLAGS_SEARCH_PATH)
|
---|
| 1888 | || rc != ENOENT
|
---|
| 1889 | || RTPathHavePath(pszExec) )
|
---|
| 1890 | rc = RTErrConvertFromErrno(rc);
|
---|
[57869] | 1891 | else
|
---|
[92671] | 1892 | {
|
---|
| 1893 | /* Search the PATH for it: */
|
---|
| 1894 | char *pszPath = RTEnvDupEx(hEnvToUse, "PATH");
|
---|
| 1895 | if (pszPath)
|
---|
| 1896 | {
|
---|
| 1897 | PRTPATHINTSEARCH pResult = (PRTPATHINTSEARCH)alloca(sizeof(*pResult));
|
---|
| 1898 | pResult->rcSticky = VINF_SUCCESS;
|
---|
| 1899 | rc = RTPathTraverseList(pszPath, ':', rtPathFindExec, (void *)pszExec, pResult);
|
---|
| 1900 | RTStrFree(pszPath);
|
---|
| 1901 | if (RT_SUCCESS(rc))
|
---|
| 1902 | {
|
---|
| 1903 | /* Found it. Now, convert to native path: */
|
---|
| 1904 | pszExec = pResult->szFound;
|
---|
| 1905 | rc = rtPathToNative(&pszNativeExec, pszExec, NULL);
|
---|
| 1906 | }
|
---|
| 1907 | else
|
---|
| 1908 | rc = rc != VERR_END_OF_STRING ? rc
|
---|
| 1909 | : pResult->rcSticky == VINF_SUCCESS ? VERR_FILE_NOT_FOUND : pResult->rcSticky;
|
---|
| 1910 | }
|
---|
| 1911 | else
|
---|
| 1912 | rc = VERR_NO_STR_MEMORY;
|
---|
| 1913 | }
|
---|
[57869] | 1914 | }
|
---|
[92671] | 1915 | if (RT_SUCCESS(rc))
|
---|
| 1916 | {
|
---|
| 1917 | /*
|
---|
| 1918 | * Convert arguments to child codeset if necessary.
|
---|
| 1919 | */
|
---|
| 1920 | char **papszArgsConverted = (char **)papszArgs;
|
---|
| 1921 | if (!(fFlags & RTPROC_FLAGS_UTF8_ARGV))
|
---|
| 1922 | rc = rtProcPosixConvertArgv(papszArgs, hEnvToUse, &papszArgsConverted);
|
---|
| 1923 | if (RT_SUCCESS(rc))
|
---|
| 1924 | {
|
---|
| 1925 | /*
|
---|
| 1926 | * The rest of the process creation is reused internally by rtProcPosixCreateProfileEnv.
|
---|
| 1927 | */
|
---|
| 1928 | rc = rtProcPosixCreateInner(pszNativeExec, papszArgsConverted, hEnv, hEnvToUse, fFlags, pszAsUser, uid, gid,
|
---|
[99109] | 1929 | RT_ELEMENTS(aStdFds), aStdFds, pvExtraData, phProcess);
|
---|
[92671] | 1930 |
|
---|
| 1931 | }
|
---|
| 1932 |
|
---|
| 1933 | /* Free the translated argv copy, if needed. */
|
---|
| 1934 | if (papszArgsConverted != (char **)papszArgs)
|
---|
| 1935 | {
|
---|
| 1936 | for (size_t i = 0; papszArgsConverted[i] != NULL; i++)
|
---|
| 1937 | RTStrFree(papszArgsConverted[i]);
|
---|
| 1938 | RTMemFree(papszArgsConverted);
|
---|
| 1939 | }
|
---|
| 1940 | rtPathFreeNative(pszNativeExec, pszExec);
|
---|
| 1941 | }
|
---|
[40571] | 1942 | }
|
---|
[92617] | 1943 | if (hEnvToUse != hEnv)
|
---|
| 1944 | RTEnvDestroy(hEnvToUse);
|
---|
| 1945 | return rc;
|
---|
| 1946 | }
|
---|
[40571] | 1947 |
|
---|
[92617] | 1948 |
|
---|
| 1949 | /**
|
---|
| 1950 | * The inner 2nd half of RTProcCreateEx.
|
---|
| 1951 | *
|
---|
| 1952 | * This is also used by rtProcPosixCreateProfileEnv().
|
---|
| 1953 | *
|
---|
| 1954 | * @returns IPRT status code.
|
---|
[92671] | 1955 | * @param pszNativeExec The executable to run (absolute path, X_OK).
|
---|
| 1956 | * Native path.
|
---|
| 1957 | * @param papszArgs The arguments. Caller has done codeset conversions.
|
---|
| 1958 | * @param hEnv The original enviornment request, needed for
|
---|
| 1959 | * adjustments if starting as different user.
|
---|
| 1960 | * @param hEnvToUse The environment we should use.
|
---|
| 1961 | * @param fFlags The process creation flags, RTPROC_FLAGS_XXX.
|
---|
| 1962 | * @param pszAsUser The user to start the process as, if requested.
|
---|
| 1963 | * @param uid The UID corrsponding to @a pszAsUser, ~0 if NULL.
|
---|
| 1964 | * @param gid The GID corrsponding to @a pszAsUser, ~0 if NULL.
|
---|
| 1965 | * @param cRedirFds Number of redirection file descriptors.
|
---|
| 1966 | * @param paRedirFds Pointer to redirection file descriptors. Entries
|
---|
| 1967 | * containing -1 are not modified (inherit from parent),
|
---|
| 1968 | * -2 indicates that the descriptor should be closed in the
|
---|
| 1969 | * child.
|
---|
| 1970 | * @param phProcess Where to return the process ID on success.
|
---|
[92617] | 1971 | */
|
---|
[92671] | 1972 | static int rtProcPosixCreateInner(const char *pszNativeExec, const char * const *papszArgs, RTENV hEnv, RTENV hEnvToUse,
|
---|
[92617] | 1973 | uint32_t fFlags, const char *pszAsUser, uid_t uid, gid_t gid,
|
---|
[99109] | 1974 | unsigned cRedirFds, int *paRedirFds, void *pvExtraData, PRTPROCESS phProcess)
|
---|
[92617] | 1975 | {
|
---|
| 1976 | /*
|
---|
| 1977 | * Get the environment block.
|
---|
| 1978 | */
|
---|
[57869] | 1979 | const char * const *papszEnv = RTEnvGetExecEnvP(hEnvToUse);
|
---|
[92617] | 1980 | AssertPtrReturn(papszEnv, VERR_INVALID_HANDLE);
|
---|
[33044] | 1981 |
|
---|
[92617] | 1982 | /*
|
---|
| 1983 | * Optimize the redirections.
|
---|
| 1984 | */
|
---|
| 1985 | while (cRedirFds > 0 && paRedirFds[cRedirFds - 1] == -1)
|
---|
| 1986 | cRedirFds--;
|
---|
[57869] | 1987 |
|
---|
[26802] | 1988 | /*
|
---|
[92617] | 1989 | * Child PID.
|
---|
| 1990 | */
|
---|
| 1991 | pid_t pid = -1;
|
---|
| 1992 |
|
---|
| 1993 | /*
|
---|
[33044] | 1994 | * Take care of detaching the process.
|
---|
[26802] | 1995 | *
|
---|
| 1996 | * HACK ALERT! Put the process into a new process group with pgid = pid
|
---|
| 1997 | * to make sure it differs from that of the parent process to ensure that
|
---|
[33044] | 1998 | * the IPRT waitpid call doesn't race anyone (read XPCOM) doing group wide
|
---|
| 1999 | * waits. setsid() includes the setpgid() functionality.
|
---|
| 2000 | * 2010-10-11 XPCOM no longer waits for anything, but it cannot hurt.
|
---|
[26802] | 2001 | */
|
---|
[33044] | 2002 | #ifndef RT_OS_OS2
|
---|
| 2003 | if (fFlags & RTPROC_FLAGS_DETACHED)
|
---|
| 2004 | {
|
---|
| 2005 | # ifdef RT_OS_SOLARIS
|
---|
[35558] | 2006 | int templateFd = -1;
|
---|
| 2007 | if (!(fFlags & RTPROC_FLAGS_SAME_CONTRACT))
|
---|
| 2008 | {
|
---|
| 2009 | templateFd = rtSolarisContractPreFork();
|
---|
| 2010 | if (templateFd == -1)
|
---|
[92617] | 2011 | return VERR_OPEN_FAILED;
|
---|
[35558] | 2012 | }
|
---|
[33044] | 2013 | # endif /* RT_OS_SOLARIS */
|
---|
| 2014 | pid = fork();
|
---|
| 2015 | if (!pid)
|
---|
| 2016 | {
|
---|
| 2017 | # ifdef RT_OS_SOLARIS
|
---|
[35558] | 2018 | if (!(fFlags & RTPROC_FLAGS_SAME_CONTRACT))
|
---|
| 2019 | rtSolarisContractPostForkChild(templateFd);
|
---|
[57869] | 2020 | # endif
|
---|
[33044] | 2021 | setsid(); /* see comment above */
|
---|
| 2022 |
|
---|
| 2023 | pid = -1;
|
---|
| 2024 | /* Child falls through to the actual spawn code below. */
|
---|
| 2025 | }
|
---|
| 2026 | else
|
---|
| 2027 | {
|
---|
[57869] | 2028 | # ifdef RT_OS_SOLARIS
|
---|
[35558] | 2029 | if (!(fFlags & RTPROC_FLAGS_SAME_CONTRACT))
|
---|
| 2030 | rtSolarisContractPostForkParent(templateFd, pid);
|
---|
[57869] | 2031 | # endif
|
---|
[33044] | 2032 | if (pid > 0)
|
---|
| 2033 | {
|
---|
| 2034 | /* Must wait for the temporary process to avoid a zombie. */
|
---|
[33134] | 2035 | int status = 0;
|
---|
[33135] | 2036 | pid_t pidChild = 0;
|
---|
| 2037 |
|
---|
| 2038 | /* Restart if we get interrupted. */
|
---|
| 2039 | do
|
---|
| 2040 | {
|
---|
| 2041 | pidChild = waitpid(pid, &status, 0);
|
---|
| 2042 | } while ( pidChild == -1
|
---|
| 2043 | && errno == EINTR);
|
---|
| 2044 |
|
---|
[33044] | 2045 | /* Assume that something wasn't found. No detailed info. */
|
---|
| 2046 | if (status)
|
---|
[92617] | 2047 | return VERR_PROCESS_NOT_FOUND;
|
---|
[33044] | 2048 | if (phProcess)
|
---|
| 2049 | *phProcess = 0;
|
---|
[92617] | 2050 | return VINF_SUCCESS;
|
---|
[33044] | 2051 | }
|
---|
[92617] | 2052 | return RTErrConvertFromErrno(errno);
|
---|
[33044] | 2053 | }
|
---|
| 2054 | }
|
---|
| 2055 | #endif
|
---|
| 2056 |
|
---|
| 2057 | /*
|
---|
| 2058 | * Spawn the child.
|
---|
| 2059 | *
|
---|
| 2060 | * Any spawn code MUST not execute any atexit functions if it is for a
|
---|
| 2061 | * detached process. It would lead to running the atexit functions which
|
---|
| 2062 | * make only sense for the parent. libORBit e.g. gets confused by multiple
|
---|
| 2063 | * execution. Remember, there was only a fork() so far, and until exec()
|
---|
| 2064 | * is successfully run there is nothing which would prevent doing anything
|
---|
| 2065 | * silly with the (duplicated) file descriptors.
|
---|
| 2066 | */
|
---|
[92617] | 2067 | int rc;
|
---|
[26802] | 2068 | #ifdef HAVE_POSIX_SPAWN
|
---|
[27747] | 2069 | /** @todo OS/2: implement DETACHED (BACKGROUND stuff), see VbglR3Daemonize. */
|
---|
[33044] | 2070 | if ( uid == ~(uid_t)0
|
---|
[99109] | 2071 | && gid == ~(gid_t)0
|
---|
| 2072 | && !(fFlags & RTPROC_FLAGS_CWD))
|
---|
[26802] | 2073 | {
|
---|
| 2074 | /* Spawn attributes. */
|
---|
| 2075 | posix_spawnattr_t Attr;
|
---|
| 2076 | rc = posix_spawnattr_init(&Attr);
|
---|
| 2077 | if (!rc)
|
---|
| 2078 | {
|
---|
[44555] | 2079 | /* Indicate that process group and signal mask are to be changed,
|
---|
| 2080 | and that the child should use default signal actions. */
|
---|
| 2081 | rc = posix_spawnattr_setflags(&Attr, POSIX_SPAWN_SETPGROUP | POSIX_SPAWN_SETSIGMASK | POSIX_SPAWN_SETSIGDEF);
|
---|
[26802] | 2082 | Assert(rc == 0);
|
---|
[44555] | 2083 |
|
---|
| 2084 | /* The child starts in its own process group. */
|
---|
[26802] | 2085 | if (!rc)
|
---|
| 2086 | {
|
---|
| 2087 | rc = posix_spawnattr_setpgroup(&Attr, 0 /* pg == child pid */);
|
---|
| 2088 | Assert(rc == 0);
|
---|
| 2089 | }
|
---|
| 2090 |
|
---|
[44555] | 2091 | /* Unmask all signals. */
|
---|
| 2092 | if (!rc)
|
---|
| 2093 | {
|
---|
| 2094 | sigset_t SigMask;
|
---|
| 2095 | sigemptyset(&SigMask);
|
---|
| 2096 | rc = posix_spawnattr_setsigmask(&Attr, &SigMask); Assert(rc == 0);
|
---|
| 2097 | }
|
---|
| 2098 |
|
---|
[26802] | 2099 | /* File changes. */
|
---|
| 2100 | posix_spawn_file_actions_t FileActions;
|
---|
| 2101 | posix_spawn_file_actions_t *pFileActions = NULL;
|
---|
[92617] | 2102 | if (!rc && cRedirFds > 0)
|
---|
[26802] | 2103 | {
|
---|
| 2104 | rc = posix_spawn_file_actions_init(&FileActions);
|
---|
| 2105 | if (!rc)
|
---|
| 2106 | {
|
---|
| 2107 | pFileActions = &FileActions;
|
---|
[92617] | 2108 | for (unsigned i = 0; i < cRedirFds; i++)
|
---|
[26802] | 2109 | {
|
---|
[92617] | 2110 | int fd = paRedirFds[i];
|
---|
[26824] | 2111 | if (fd == -2)
|
---|
[26802] | 2112 | rc = posix_spawn_file_actions_addclose(&FileActions, i);
|
---|
[92617] | 2113 | else if (fd >= 0 && fd != (int)i)
|
---|
[26802] | 2114 | {
|
---|
[26824] | 2115 | rc = posix_spawn_file_actions_adddup2(&FileActions, fd, i);
|
---|
[26802] | 2116 | if (!rc)
|
---|
[26824] | 2117 | {
|
---|
[92617] | 2118 | for (unsigned j = i + 1; j < cRedirFds; j++)
|
---|
| 2119 | if (paRedirFds[j] == fd)
|
---|
[26824] | 2120 | {
|
---|
| 2121 | fd = -1;
|
---|
| 2122 | break;
|
---|
| 2123 | }
|
---|
| 2124 | if (fd >= 0)
|
---|
| 2125 | rc = posix_spawn_file_actions_addclose(&FileActions, fd);
|
---|
| 2126 | }
|
---|
[26802] | 2127 | }
|
---|
| 2128 | if (rc)
|
---|
| 2129 | break;
|
---|
| 2130 | }
|
---|
| 2131 | }
|
---|
| 2132 | }
|
---|
| 2133 |
|
---|
| 2134 | if (!rc)
|
---|
[92671] | 2135 | rc = posix_spawn(&pid, pszNativeExec, pFileActions, &Attr, (char * const *)papszArgs,
|
---|
[26802] | 2136 | (char * const *)papszEnv);
|
---|
| 2137 |
|
---|
| 2138 | /* cleanup */
|
---|
| 2139 | int rc2 = posix_spawnattr_destroy(&Attr); Assert(rc2 == 0); NOREF(rc2);
|
---|
| 2140 | if (pFileActions)
|
---|
| 2141 | {
|
---|
| 2142 | rc2 = posix_spawn_file_actions_destroy(pFileActions);
|
---|
| 2143 | Assert(rc2 == 0);
|
---|
| 2144 | }
|
---|
| 2145 |
|
---|
| 2146 | /* return on success.*/
|
---|
| 2147 | if (!rc)
|
---|
| 2148 | {
|
---|
[33044] | 2149 | /* For a detached process this happens in the temp process, so
|
---|
| 2150 | * it's not worth doing anything as this process must exit. */
|
---|
| 2151 | if (fFlags & RTPROC_FLAGS_DETACHED)
|
---|
[44555] | 2152 | _Exit(0);
|
---|
[26802] | 2153 | if (phProcess)
|
---|
| 2154 | *phProcess = pid;
|
---|
[92617] | 2155 | return VINF_SUCCESS;
|
---|
[26802] | 2156 | }
|
---|
| 2157 | }
|
---|
[33044] | 2158 | /* For a detached process this happens in the temp process, so
|
---|
| 2159 | * it's not worth doing anything as this process must exit. */
|
---|
| 2160 | if (fFlags & RTPROC_FLAGS_DETACHED)
|
---|
| 2161 | _Exit(124);
|
---|
[26802] | 2162 | }
|
---|
| 2163 | else
|
---|
| 2164 | #endif
|
---|
| 2165 | {
|
---|
[32990] | 2166 | #ifdef RT_OS_SOLARIS
|
---|
[47104] | 2167 | int templateFd = -1;
|
---|
[47102] | 2168 | if (!(fFlags & RTPROC_FLAGS_SAME_CONTRACT))
|
---|
| 2169 | {
|
---|
[47104] | 2170 | templateFd = rtSolarisContractPreFork();
|
---|
[47102] | 2171 | if (templateFd == -1)
|
---|
[92617] | 2172 | return VERR_OPEN_FAILED;
|
---|
[47102] | 2173 | }
|
---|
[32990] | 2174 | #endif /* RT_OS_SOLARIS */
|
---|
[26802] | 2175 | pid = fork();
|
---|
| 2176 | if (!pid)
|
---|
| 2177 | {
|
---|
[32990] | 2178 | #ifdef RT_OS_SOLARIS
|
---|
[47102] | 2179 | if (!(fFlags & RTPROC_FLAGS_SAME_CONTRACT))
|
---|
| 2180 | rtSolarisContractPostForkChild(templateFd);
|
---|
[32990] | 2181 | #endif /* RT_OS_SOLARIS */
|
---|
[33044] | 2182 | if (!(fFlags & RTPROC_FLAGS_DETACHED))
|
---|
| 2183 | setpgid(0, 0); /* see comment above */
|
---|
[26802] | 2184 |
|
---|
| 2185 | /*
|
---|
| 2186 | * Change group and user if requested.
|
---|
| 2187 | */
|
---|
| 2188 | #if 1 /** @todo This needs more work, see suplib/hardening. */
|
---|
[49530] | 2189 | if (pszAsUser)
|
---|
| 2190 | {
|
---|
| 2191 | int ret = initgroups(pszAsUser, gid);
|
---|
| 2192 | if (ret)
|
---|
| 2193 | {
|
---|
| 2194 | if (fFlags & RTPROC_FLAGS_DETACHED)
|
---|
| 2195 | _Exit(126);
|
---|
| 2196 | else
|
---|
| 2197 | exit(126);
|
---|
| 2198 | }
|
---|
| 2199 | }
|
---|
[26802] | 2200 | if (gid != ~(gid_t)0)
|
---|
| 2201 | {
|
---|
| 2202 | if (setgid(gid))
|
---|
[33044] | 2203 | {
|
---|
| 2204 | if (fFlags & RTPROC_FLAGS_DETACHED)
|
---|
| 2205 | _Exit(126);
|
---|
| 2206 | else
|
---|
| 2207 | exit(126);
|
---|
| 2208 | }
|
---|
[26802] | 2209 | }
|
---|
| 2210 |
|
---|
| 2211 | if (uid != ~(uid_t)0)
|
---|
| 2212 | {
|
---|
| 2213 | if (setuid(uid))
|
---|
[33044] | 2214 | {
|
---|
| 2215 | if (fFlags & RTPROC_FLAGS_DETACHED)
|
---|
| 2216 | _Exit(126);
|
---|
| 2217 | else
|
---|
| 2218 | exit(126);
|
---|
| 2219 | }
|
---|
[26802] | 2220 | }
|
---|
| 2221 | #endif
|
---|
[99109] | 2222 | if (fFlags & RTPROC_FLAGS_CWD)
|
---|
| 2223 | {
|
---|
| 2224 | const char *pszCwd = (const char *)pvExtraData;
|
---|
| 2225 | if (pszCwd && *pszCwd)
|
---|
| 2226 | {
|
---|
| 2227 | rc = RTPathSetCurrent(pszCwd);
|
---|
| 2228 | if (RT_FAILURE(rc))
|
---|
| 2229 | {
|
---|
| 2230 | /** @todo r=bela What is the right exit code here?? */
|
---|
| 2231 | if (fFlags & RTPROC_FLAGS_DETACHED)
|
---|
| 2232 | _Exit(126);
|
---|
| 2233 | else
|
---|
| 2234 | /*exit*/_Exit(126);
|
---|
| 2235 | }
|
---|
| 2236 | }
|
---|
| 2237 | }
|
---|
[26802] | 2238 |
|
---|
| 2239 | /*
|
---|
[57869] | 2240 | * Some final profile environment tweaks, if running as user.
|
---|
| 2241 | */
|
---|
| 2242 | if ( (fFlags & RTPROC_FLAGS_PROFILE)
|
---|
| 2243 | && pszAsUser
|
---|
| 2244 | && ( (fFlags & RTPROC_FLAGS_ENV_CHANGE_RECORD)
|
---|
| 2245 | || hEnv == RTENV_DEFAULT) )
|
---|
| 2246 | {
|
---|
| 2247 | rc = rtProcPosixAdjustProfileEnvFromChild(hEnvToUse, fFlags, hEnv);
|
---|
| 2248 | papszEnv = RTEnvGetExecEnvP(hEnvToUse);
|
---|
| 2249 | if (RT_FAILURE(rc) || !papszEnv)
|
---|
| 2250 | {
|
---|
| 2251 | if (fFlags & RTPROC_FLAGS_DETACHED)
|
---|
| 2252 | _Exit(126);
|
---|
| 2253 | else
|
---|
| 2254 | exit(126);
|
---|
| 2255 | }
|
---|
| 2256 | }
|
---|
| 2257 |
|
---|
| 2258 | /*
|
---|
[44549] | 2259 | * Unset the signal mask.
|
---|
| 2260 | */
|
---|
[44555] | 2261 | sigset_t SigMask;
|
---|
| 2262 | sigemptyset(&SigMask);
|
---|
| 2263 | rc = sigprocmask(SIG_SETMASK, &SigMask, NULL);
|
---|
| 2264 | Assert(rc == 0);
|
---|
[44549] | 2265 |
|
---|
| 2266 | /*
|
---|
[26802] | 2267 | * Apply changes to the standard file descriptor and stuff.
|
---|
| 2268 | */
|
---|
[92617] | 2269 | for (unsigned i = 0; i < cRedirFds; i++)
|
---|
[26802] | 2270 | {
|
---|
[92617] | 2271 | int fd = paRedirFds[i];
|
---|
[26824] | 2272 | if (fd == -2)
|
---|
| 2273 | close(i);
|
---|
| 2274 | else if (fd >= 0)
|
---|
[26802] | 2275 | {
|
---|
[26824] | 2276 | int rc2 = dup2(fd, i);
|
---|
[92617] | 2277 | if (rc2 != (int)i)
|
---|
[33044] | 2278 | {
|
---|
| 2279 | if (fFlags & RTPROC_FLAGS_DETACHED)
|
---|
| 2280 | _Exit(125);
|
---|
| 2281 | else
|
---|
| 2282 | exit(125);
|
---|
| 2283 | }
|
---|
[92617] | 2284 | for (unsigned j = i + 1; j < cRedirFds; j++)
|
---|
| 2285 | if (paRedirFds[j] == fd)
|
---|
[26824] | 2286 | {
|
---|
| 2287 | fd = -1;
|
---|
| 2288 | break;
|
---|
| 2289 | }
|
---|
| 2290 | if (fd >= 0)
|
---|
| 2291 | close(fd);
|
---|
[26802] | 2292 | }
|
---|
| 2293 | }
|
---|
| 2294 |
|
---|
| 2295 | /*
|
---|
| 2296 | * Finally, execute the requested program.
|
---|
| 2297 | */
|
---|
[92671] | 2298 | rc = execve(pszNativeExec, (char * const *)papszArgs, (char * const *)papszEnv);
|
---|
[30312] | 2299 | if (errno == ENOEXEC)
|
---|
| 2300 | {
|
---|
| 2301 | /* This can happen when trying to start a shell script without the magic #!/bin/sh */
|
---|
| 2302 | RTAssertMsg2Weak("Cannot execute this binary format!\n");
|
---|
| 2303 | }
|
---|
| 2304 | else
|
---|
[92761] | 2305 | RTAssertMsg2Weak("execve returns %d errno=%d (%s)\n", rc, errno, pszNativeExec);
|
---|
[30312] | 2306 | RTAssertReleasePanic();
|
---|
[33044] | 2307 | if (fFlags & RTPROC_FLAGS_DETACHED)
|
---|
| 2308 | _Exit(127);
|
---|
| 2309 | else
|
---|
| 2310 | exit(127);
|
---|
[26802] | 2311 | }
|
---|
[32990] | 2312 | #ifdef RT_OS_SOLARIS
|
---|
[47102] | 2313 | if (!(fFlags & RTPROC_FLAGS_SAME_CONTRACT))
|
---|
| 2314 | rtSolarisContractPostForkParent(templateFd, pid);
|
---|
[32990] | 2315 | #endif /* RT_OS_SOLARIS */
|
---|
[26802] | 2316 | if (pid > 0)
|
---|
| 2317 | {
|
---|
[33044] | 2318 | /* For a detached process this happens in the temp process, so
|
---|
| 2319 | * it's not worth doing anything as this process must exit. */
|
---|
| 2320 | if (fFlags & RTPROC_FLAGS_DETACHED)
|
---|
| 2321 | _Exit(0);
|
---|
[26802] | 2322 | if (phProcess)
|
---|
| 2323 | *phProcess = pid;
|
---|
[92617] | 2324 | return VINF_SUCCESS;
|
---|
[26802] | 2325 | }
|
---|
[33044] | 2326 | /* For a detached process this happens in the temp process, so
|
---|
| 2327 | * it's not worth doing anything as this process must exit. */
|
---|
| 2328 | if (fFlags & RTPROC_FLAGS_DETACHED)
|
---|
| 2329 | _Exit(124);
|
---|
[92617] | 2330 | return RTErrConvertFromErrno(errno);
|
---|
[26802] | 2331 | }
|
---|
| 2332 |
|
---|
[92617] | 2333 | return VERR_NOT_IMPLEMENTED;
|
---|
[26802] | 2334 | }
|
---|
| 2335 |
|
---|
| 2336 |
|
---|
[27743] | 2337 | RTR3DECL(int) RTProcDaemonizeUsingFork(bool fNoChDir, bool fNoClose, const char *pszPidfile)
|
---|
[11337] | 2338 | {
|
---|
| 2339 | /*
|
---|
| 2340 | * Fork the child process in a new session and quit the parent.
|
---|
| 2341 | *
|
---|
| 2342 | * - fork once and create a new session (setsid). This will detach us
|
---|
| 2343 | * from the controlling tty meaning that we won't receive the SIGHUP
|
---|
| 2344 | * (or any other signal) sent to that session.
|
---|
| 2345 | * - The SIGHUP signal is ignored because the session/parent may throw
|
---|
| 2346 | * us one before we get to the setsid.
|
---|
| 2347 | * - When the parent exit(0) we will become an orphan and re-parented to
|
---|
| 2348 | * the init process.
|
---|
| 2349 | * - Because of the sometimes unexpected semantics of assigning the
|
---|
| 2350 | * controlling tty automagically when a session leader first opens a tty,
|
---|
| 2351 | * we will fork() once more to get rid of the session leadership role.
|
---|
| 2352 | */
|
---|
| 2353 |
|
---|
| 2354 | /* We start off by opening the pidfile, so that we can fail straight away
|
---|
| 2355 | * if it already exists. */
|
---|
| 2356 | int fdPidfile = -1;
|
---|
| 2357 | if (pszPidfile != NULL)
|
---|
| 2358 | {
|
---|
| 2359 | /* @note the exclusive create is not guaranteed on all file
|
---|
| 2360 | * systems (e.g. NFSv2) */
|
---|
| 2361 | if ((fdPidfile = open(pszPidfile, O_RDWR | O_CREAT | O_EXCL, 0644)) == -1)
|
---|
| 2362 | return RTErrConvertFromErrno(errno);
|
---|
| 2363 | }
|
---|
| 2364 |
|
---|
| 2365 | /* Ignore SIGHUP straight away. */
|
---|
| 2366 | struct sigaction OldSigAct;
|
---|
| 2367 | struct sigaction SigAct;
|
---|
| 2368 | memset(&SigAct, 0, sizeof(SigAct));
|
---|
| 2369 | SigAct.sa_handler = SIG_IGN;
|
---|
| 2370 | int rcSigAct = sigaction(SIGHUP, &SigAct, &OldSigAct);
|
---|
| 2371 |
|
---|
| 2372 | /* First fork, to become independent process. */
|
---|
| 2373 | pid_t pid = fork();
|
---|
| 2374 | if (pid == -1)
|
---|
[40046] | 2375 | {
|
---|
| 2376 | if (fdPidfile != -1)
|
---|
| 2377 | close(fdPidfile);
|
---|
[11337] | 2378 | return RTErrConvertFromErrno(errno);
|
---|
[40046] | 2379 | }
|
---|
[11337] | 2380 | if (pid != 0)
|
---|
| 2381 | {
|
---|
[26415] | 2382 | /* Parent exits, no longer necessary. The child gets reparented
|
---|
[11337] | 2383 | * to the init process. */
|
---|
| 2384 | exit(0);
|
---|
| 2385 | }
|
---|
| 2386 |
|
---|
| 2387 | /* Create new session, fix up the standard file descriptors and the
|
---|
| 2388 | * current working directory. */
|
---|
[35558] | 2389 | /** @todo r=klaus the webservice uses this function and assumes that the
|
---|
| 2390 | * contract id of the daemon is the same as that of the original process.
|
---|
| 2391 | * Whenever this code is changed this must still remain possible. */
|
---|
[11337] | 2392 | pid_t newpgid = setsid();
|
---|
| 2393 | int SavedErrno = errno;
|
---|
| 2394 | if (rcSigAct != -1)
|
---|
| 2395 | sigaction(SIGHUP, &OldSigAct, NULL);
|
---|
| 2396 | if (newpgid == -1)
|
---|
[40046] | 2397 | {
|
---|
| 2398 | if (fdPidfile != -1)
|
---|
| 2399 | close(fdPidfile);
|
---|
[11337] | 2400 | return RTErrConvertFromErrno(SavedErrno);
|
---|
[40046] | 2401 | }
|
---|
[11337] | 2402 |
|
---|
| 2403 | if (!fNoClose)
|
---|
| 2404 | {
|
---|
| 2405 | /* Open stdin(0), stdout(1) and stderr(2) as /dev/null. */
|
---|
| 2406 | int fd = open("/dev/null", O_RDWR);
|
---|
| 2407 | if (fd == -1) /* paranoia */
|
---|
| 2408 | {
|
---|
| 2409 | close(STDIN_FILENO);
|
---|
| 2410 | close(STDOUT_FILENO);
|
---|
| 2411 | close(STDERR_FILENO);
|
---|
| 2412 | fd = open("/dev/null", O_RDWR);
|
---|
| 2413 | }
|
---|
| 2414 | if (fd != -1)
|
---|
| 2415 | {
|
---|
| 2416 | dup2(fd, STDIN_FILENO);
|
---|
| 2417 | dup2(fd, STDOUT_FILENO);
|
---|
| 2418 | dup2(fd, STDERR_FILENO);
|
---|
| 2419 | if (fd > 2)
|
---|
| 2420 | close(fd);
|
---|
| 2421 | }
|
---|
| 2422 | }
|
---|
| 2423 |
|
---|
| 2424 | if (!fNoChDir)
|
---|
[27321] | 2425 | {
|
---|
[39032] | 2426 | int rcIgnored = chdir("/");
|
---|
| 2427 | NOREF(rcIgnored);
|
---|
[27321] | 2428 | }
|
---|
[11337] | 2429 |
|
---|
| 2430 | /* Second fork to lose session leader status. */
|
---|
| 2431 | pid = fork();
|
---|
| 2432 | if (pid == -1)
|
---|
[40046] | 2433 | {
|
---|
| 2434 | if (fdPidfile != -1)
|
---|
| 2435 | close(fdPidfile);
|
---|
[11337] | 2436 | return RTErrConvertFromErrno(errno);
|
---|
[40046] | 2437 | }
|
---|
[26317] | 2438 |
|
---|
[11337] | 2439 | if (pid != 0)
|
---|
| 2440 | {
|
---|
| 2441 | /* Write the pid file, this is done in the parent, before exiting. */
|
---|
| 2442 | if (fdPidfile != -1)
|
---|
| 2443 | {
|
---|
| 2444 | char szBuf[256];
|
---|
| 2445 | size_t cbPid = RTStrPrintf(szBuf, sizeof(szBuf), "%d\n", pid);
|
---|
[39032] | 2446 | ssize_t cbIgnored = write(fdPidfile, szBuf, cbPid); NOREF(cbIgnored);
|
---|
[11337] | 2447 | close(fdPidfile);
|
---|
| 2448 | }
|
---|
| 2449 | exit(0);
|
---|
| 2450 | }
|
---|
| 2451 |
|
---|
[40046] | 2452 | if (fdPidfile != -1)
|
---|
| 2453 | close(fdPidfile);
|
---|
| 2454 |
|
---|
[26318] | 2455 | return VINF_SUCCESS;
|
---|
[11337] | 2456 | }
|
---|
| 2457 |
|
---|