File: debug.c

package info (click to toggle)
userv 1.2.0
  • links: PTS
  • area: main
  • in suites: bullseye, buster, sid, stretch
  • size: 700 kB
  • ctags: 1,013
  • sloc: ansic: 4,220; lex: 287; sh: 207; makefile: 206
file content (247 lines) | stat: -rw-r--r-- 8,013 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
/*
 * userv - ddebug.c
 * routines which are different for -DDEBUG
 *
 * userv is
 * Copyright 1996-2017 Ian Jackson <ian@davenant.greenend.org.uk>.
 * Copyright 2000      Ben Harris <bjh21@cam.ac.uk>
 * Copyright 2016-2017 Peter Benie <pjb1008@cam.ac.uk>
 *
 * This is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with userv; if not, see <http://www.gnu.org/licenses/>.
 */

#include <stdarg.h>
#include <syslog.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <grp.h>
#include <sys/types.h>

#include "config.h"
#include "common.h"
#include "daemon.h"
#include "lib.h"
#include "tokens.h"

static void fdwantdumprwhead(int *donehead, const char *whichstr, const char *rwstr) {
  if (*donehead) return;
  printf("fds %s%s%s:",whichstr,rwstr?" ":"",rwstr?rwstr:"");
  *donehead= 1;
}

static void fdwantdumprw(const char *whichstr, int whichval,
			 int rw, const char *rwstr) {
  int donehead= 0;
  int fd;
  
  for (fd=0; fd<fdarrayused; fd++) {
    if (!(fdarray[fd].wantstate == whichval && fdarray[fd].wantrw == rw)) continue;
    fdwantdumprwhead(&donehead,whichstr,rwstr);
    printf(" %d",fd);
  }
  if (restfdwantstate == whichval && restfdwantrw == rw) {
    fdwantdumprwhead(&donehead,whichstr,rwstr);
    printf(" %d-",fdarrayused);
  }
  if (donehead) printf("\n");
}

static void fdwantdump(const char *whichstr, int whichval, const char *rwunspecstr) {
  if (rwunspecstr) {
    fdwantdumprw(whichstr,whichval,tokv_word_read,"read");
    fdwantdumprw(whichstr,whichval,tokv_word_write,"write");
    fdwantdumprw(whichstr,whichval,0,rwunspecstr);
  } else {
    fdwantdumprw(whichstr,whichval,0,0);
  }
}

static void truefalsedump(const char *whichstr, int val) {
  printf("%s: %s\n",whichstr,val?"yes":"no");
}

void always_dumpparameter(const char *parm, char **values) {
  printf("config parameter `%s':",parm);
  while (*values) printf(" `%s'",*values++);
  printf("\n");
}

void always_dumpexecsettings(void) {
  char **cpp;
  
  if (userrcfile) printf("user-rcfile: `%s'\n",userrcfile);
  else printf("user-rcfile: <none>\n");
  fdwantdump("required",tokv_word_requirefd,"ERROR");
  fdwantdump("allowed",tokv_word_allowfd,"either");
  fdwantdump("ignored",tokv_word_ignorefd,0);
  fdwantdump("null",tokv_word_nullfd,"both");
  fdwantdump("rejected",tokv_word_rejectfd,0);
  fputs("execute: ",stdout);
  switch (execute) {
  case tokv_word_reject: printf("reject"); break;
  case tokv_word_execute: printf("`%s'",execpath); break;
  case tokv_word_executefromdirectory: printf("from directory, `%s'",execpath); break;
  case tokv_word_executefrompath: printf("from path"); break;
  case tokv_word_executebuiltin: printf("builtin %s",execpath); break;
  default: abort();
  }
  if (execargs) {
    fputs("\n" "no exec arguments\n",stdout);
  } else {
    fputs("\n" "exec arguments:",stdout);
    for (cpp= execargs; cpp; cpp++) printf(" `%s'",*cpp);
    putchar('\n');
  }
  truefalsedump("set-environment",setenvironment);
  truefalsedump("suppress-args",suppressargs);
  truefalsedump("disconnect-hup",disconnecthup);
  truefalsedump("set-environment",setenvironment);
}

#ifdef DEBUG

static const char *sl_ident= "UNSET";
static int sl_option=0, sl_facility=0;

void openlog(const char *ident, int option, int facility) {
  sl_ident= ident;
  sl_option= option;
  sl_facility= facility;
}

void syslog(int priority, const char *fmt, ...) {
  va_list al;
  fprintf(stderr,"syslog: %s<%d.%d>(%d): ",sl_ident,sl_facility,priority,sl_option);
  va_start(al,fmt);
  vfprintf(stderr,fmt,al);
  va_end(al);
  fputc('\n',stderr);
}

void closelog(void) {
  sl_ident= "CLOSED";
  sl_option= sl_facility= 0;
}

static void groupsdump(int ngids, const gid_t *gids, const char *const *groups) {
  int i;
  
  for (i=0; i<ngids; i++) printf(" %ld(%s)",(long)gids[i],groups[i]);
}

void debug_dumprequest(pid_t mypid) {
  int i, fd;
  
  printf("server pid: %ld\n"
         "client pid: %ld\n"
         "service: `%s'\n"
         "service user: `%s'\n"
	 "service uid: %ld\n"
         "service user shell: `%s'\n"
         "service user dir: `%s'\n"
	 "service groups:",
         (long)mypid, (long)request_mbuf.clientpid,
         service, serviceuser, (long)serviceuser_uid,
	 serviceuser_shell, serviceuser_dir);
  groupsdump(service_ngids,service_gids,service_groups);
  printf("\n"
	 "calling user: `%s'\n"
	 "calling uid: %ld\n"
         "calling user shell: `%s'\n"
	 "calling groups:",
	 loginname, (long)request_mbuf.callinguid,
	 callinguser_shell);
  groupsdump(request_mbuf.ngids,calling_gids,calling_groups);
  printf("\n"
	 "calling cwd: `%s'\n"
	 "fds:",
         cwd);
  for (fd=0; fd<fdarrayused; fd++)
    if (fdarray[fd].iswrite != -1)
      printf(" %d%s",fd,fdarray[fd].iswrite ? "w" : "r");
  printf("\n" "arguments:");
  for (i=0; i<request_mbuf.nargs; i++) printf(" `%s'",argarray[i]);
  printf("\n" "variables:");
  for (i=0; i<request_mbuf.nvars; i++)
    printf(" `%s'=`%s'",defvararray[i].key,defvararray[i].value);
  printf("\n");
  if (overridedata) printf("override data: `%s'\n",overridedata);
  else printf("not overridden\n");
  if (getenv("USERVD_SLEEP")) sleep(atoi(getenv("USERVD_SLEEP")));
}

void debug_dumpexecsettings(void) {
  printf("configuration parsed\n");
  always_dumpexecsettings();
}

void debug_dumpparameter(const char *parm, char **values) {
  always_dumpparameter(parm,values);
}

static int groupsallin(int na, const gid_t *lista,
                       int nb, const gid_t *listb) {
  int i,j;
  for (i=0; i<na; i++) {
    for (j=0; j<nb && listb[j] != lista[i]; j++);
    if (j>=nb) return 0;
  }
  return 1;
}

int setgroups(size_t wantsize, const gid_t *wantlist) {
  /* This is a bit of a hack really.  What we want when we're in debug mode is to
   * have initgroups() be a no-op iff the groups are already set right (so that
   * we notice if we're trying to change to the wrong user) but to fail if they're
   * not.
   *
   * We can't just call initgroups() because it unconditionally calls
   * setgroups, which always fails for non-root even if the two group
   * lists are the same.  So here we have a faked-up setgroups which
   * uses getgroups to see what the group list is and `succeeds' if
   * the actual group list and the desired one have the same set of
   * groups, and fails with EPERM if the real setgroups would have
   * added group(s) or otherwise EINVAL if it would have removed some.
   *
   * The usual magic with dynamic linking makes the libc initgroups(3) call
   * pick up our setgroups() rather than the real setgroups(2).
   */
  int realsize, e;
  gid_t *reallist;

  realsize= getgroups(0,0); if (realsize == -1) return -1;
  reallist= malloc(sizeof(gid_t)*realsize); if (!reallist) return -1;
  if (getgroups(realsize,reallist) != realsize)
    { e= errno; free(reallist); errno= e; return -1; }
  if (!groupsallin(wantsize,wantlist,realsize,reallist))
    { free(reallist); errno= EPERM; return -1; }
  if (!groupsallin(realsize,reallist,wantsize,wantlist))
    { free(reallist); errno= EINVAL; return -1; }
  free(reallist); return 0;
}

pid_t nondebug_fork(void) { return 0; }
const char *nondebug_serviceuserdir(const char *ifnondebug) { return SERVICEUSERDIR; }

#else

void debug_dumprequest(pid_t mypid) { }
void debug_dumpexecsettings(void) { }
void debug_dumpparameter(const char *parm, char **values) { }
pid_t nondebug_fork(void) { return fork(); }
const char *nondebug_serviceuserdir(const char *ifnondebug) { return ifnondebug; }

#endif