src - OpenBSD base system

diff options


context:
space:
mode:

author	Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org>	2004-03-19 14:04:44 +0000
committer	Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org>	2004-03-19 14:04:44 +0000
commit	0b9f96e56b22f3d0bd8f9fa95204ba7a9e49683f (patch)
tree	305096d9429011aed372ea12a527d10602e2a847 /sbin/isakmpd
parent	96c309c384e99b742c4307ece38772c4841ffad2 (diff)

Add missing bits to make already present privsep code work. Enable privsep.

ok ho@ deraadt@ markus@

Diffstat (limited to 'sbin/isakmpd')

-rw-r--r--

sbin/isakmpd/Makefile

-rw-r--r--

sbin/isakmpd/conf.c

-rw-r--r--

sbin/isakmpd/conf.h

-rw-r--r--

sbin/isakmpd/if.c

-rw-r--r--

sbin/isakmpd/ike_auth.c

-rw-r--r--

sbin/isakmpd/isakmpd.c

-rw-r--r--

sbin/isakmpd/log.c

-rw-r--r--

sbin/isakmpd/monitor.c

543

-rw-r--r--

sbin/isakmpd/monitor.h

-rw-r--r--

sbin/isakmpd/policy.c

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

14 files changed, 639 insertions, 150 deletions

diff --git a/sbin/isakmpd/Makefile b/sbin/isakmpd/Makefile
index eaae2825d05..1a740e9d80a 100644
--- a/sbin/isakmpd/Makefile
+++ b/sbin/isakmpd/Makefile

@@ -1,4 +1,4 @@

-# $OpenBSD: Makefile,v 1.50 2003/08/28 14:43:35 markus Exp $

+# $OpenBSD: Makefile,v 1.51 2004/03/19 14:04:43 hshoexer Exp $

# $EOM: Makefile,v 1.78 2000/10/15 21:33:42 niklas Exp $

@@ -50,7 +50,7 @@ OS= openbsd

#FEATURES+= rawkey isakmp_cfg dnssec privsep

FEATURES= tripledes des blowfish cast aes

FEATURES+= policy x509 ec aggressive debug

-FEATURES+= rawkey isakmp_cfg

+FEATURES+= rawkey isakmp_cfg privsep

.PATH: ${.CURDIR}/sysdep/${OS}

diff --git a/sbin/isakmpd/conf.c b/sbin/isakmpd/conf.c
index de4e2144579..bb929315f38 100644
--- a/sbin/isakmpd/conf.c
+++ b/sbin/isakmpd/conf.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: conf.c,v 1.61 2004/02/27 19:07:16 hshoexer Exp $ */

+/* $OpenBSD: conf.c,v 1.62 2004/03/19 14:04:43 hshoexer Exp $ */

/* $EOM: conf.c,v 1.48 2000/12/04 02:04:29 angelos Exp $ */

@@ -585,7 +585,7 @@ conf_reinit (void)

char *new_conf_addr = 0;

struct stat sb;

- if ((stat (conf_path, &sb) == 0) || (errno != ENOENT))

+ if ((monitor_stat (conf_path, &sb) == 0) || (errno != ENOENT))

{

if (check_file_secrecy (conf_path, &sz))

return;

diff --git a/sbin/isakmpd/conf.h b/sbin/isakmpd/conf.h
index fd886311498..e46d4c30046 100644
--- a/sbin/isakmpd/conf.h
+++ b/sbin/isakmpd/conf.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: conf.h,v 1.24 2003/06/03 14:28:16 ho Exp $ */

+/* $OpenBSD: conf.h,v 1.25 2004/03/19 14:04:43 hshoexer Exp $ */

/* $EOM: conf.h,v 1.13 2000/09/18 00:01:47 ho Exp $ */

@@ -38,11 +38,7 @@

#include <sys/socket.h>

#include <stdio.h>

-#if !defined (USE_PRIVSEP)

-# define ISAKMPD_ROOT "/etc/isakmpd/"

-#else

-# define ISAKMPD_ROOT ""

-#endif

+#define ISAKMPD_ROOT "/etc/isakmpd/"

#define CONFIG_FILE ISAKMPD_ROOT "isakmpd.conf"

diff --git a/sbin/isakmpd/if.c b/sbin/isakmpd/if.c
index 3794928f7c0..ab67ae42f01 100644
--- a/sbin/isakmpd/if.c
+++ b/sbin/isakmpd/if.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: if.c,v 1.16 2003/11/06 16:12:07 ho Exp $ */

+/* $OpenBSD: if.c,v 1.17 2004/03/19 14:04:43 hshoexer Exp $ */

/* $EOM: if.c,v 1.12 1999/10/01 13:45:20 niklas Exp $ */

@@ -65,7 +65,7 @@ siocgifconf (struct ifconf *ifcp)

caddr_t buf, new_buf;

/* Get a socket to ask for the network interface configurations. */

- s = socket (AF_INET, SOCK_DGRAM, 0);

+ s = monitor_socket (AF_INET, SOCK_DGRAM, 0);

if (s == -1)

{

log_error ("siocgifconf: socket (AF_INET, SOCK_DGRAM, 0) failed");

diff --git a/sbin/isakmpd/ike_auth.c b/sbin/isakmpd/ike_auth.c
index bbd5453e381..05e0c2245c9 100644
--- a/sbin/isakmpd/ike_auth.c
+++ b/sbin/isakmpd/ike_auth.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ike_auth.c,v 1.82 2004/03/17 11:10:06 ho Exp $ */

+/* $OpenBSD: ike_auth.c,v 1.83 2004/03/19 14:04:43 hshoexer Exp $ */

/* $EOM: ike_auth.c,v 1.59 2000/11/21 00:21:31 angelos Exp $ */

@@ -143,7 +143,11 @@ ike_auth_get_key (int type, char *id, char *local_id, size_t *keylen)

#if defined (USE_X509) || defined (USE_KEYNOTE)

char *keyfile;

#if defined (USE_X509)

+#if defined (USE_PRIVSEP)

+ FILE *keyfp;

+#else

BIO *keyh;

+#endif

RSA *rsakey;

size_t fsize;

#endif

@@ -223,14 +227,14 @@ ike_auth_get_key (int type, char *id, char *local_id, size_t *keylen)

PRIVATE_KEY_FILE);

keyfile = privkeyfile;

- if (stat (keyfile, &sb) < 0)

+ if (monitor_stat (keyfile, &sb) < 0)

{

free (keyfile);

goto ignorekeynote;

}

size = (size_t)sb.st_size;

- fd = open (keyfile, O_RDONLY, 0);

+ fd = monitor_open (keyfile, O_RDONLY, 0);

if (fd < 0)

{

log_print ("ike_auth_get_key: failed opening \"%s\"", keyfile);

@@ -296,6 +300,20 @@ ike_auth_get_key (int type, char *id, char *local_id, size_t *keylen)

if (check_file_secrecy (keyfile, &fsize))

return 0;

+#if defined (USE_PRIVSEP)

+ keyfp = monitor_fopen (keyfile, "r");

+ if (!keyfp)

+ {

+ log_print ("ike_auth_get_key: failed opening \"%s\"", keyfile);

+ return 0;

+ }

+#if SSLEAY_VERSION_NUMBER >= 0x00904100L

+ rsakey = PEM_read_RSAPrivateKey (keyfp, NULL, NULL, NULL);

+#else

+ rsakey = PEM_read_RSAPrivateKey (keyfp, NULL, NULL);

+#endif

+ fclose (keyfp);

+#else

keyh = BIO_new (BIO_s_file ());

if (keyh == NULL)

{

@@ -318,6 +336,8 @@ ike_auth_get_key (int type, char *id, char *local_id, size_t *keylen)

rsakey = PEM_read_bio_RSAPrivateKey (keyh, NULL, NULL);

#endif

BIO_free (keyh);

+#endif /* USE_PRIVSEP */

if (!rsakey)

{

log_print ("ike_auth_get_key: PEM_read_bio_RSAPrivateKey failed");

@@ -1052,13 +1072,6 @@ rsa_sig_encode_hash (struct message *msg)

"SA acquisition subsystem");

return 0;

}

-#if defined (USE_PRIVSEP)

- {

- /* With USE_PRIVSEP, the sent_key should be a key number. */

- void *key = sent_key;

- sent_key = monitor_RSA_upload_key (key);

- }

-#endif

}

else /* Try through the regular means. */

{

@@ -1094,12 +1107,8 @@ rsa_sig_encode_hash (struct message *msg)

return 0;

}

-#if defined (USE_PRIVSEP)

- sent_key = monitor_RSA_get_private_key (exchange->name, (char *)buf2);

-#else

sent_key = ike_auth_get_key (IKE_AUTH_RSA_SIG, exchange->name,

(char *)buf2, 0);

-#endif

free (buf2);

/* Did we find a key? */

@@ -1110,14 +1119,12 @@ rsa_sig_encode_hash (struct message *msg)

}

-#if !defined (USE_PRIVSEP)

/* Enable RSA blinding. */

if (RSA_blinding_on (sent_key, NULL) != 1)

{

log_error ("rsa_sig_encode_hash: RSA_blinding_on () failed.");

return -1;

}

-#endif

/* XXX hashsize is not necessarily prf->blocksize. */

buf = malloc (hashsize);

@@ -1138,7 +1145,6 @@ rsa_sig_encode_hash (struct message *msg)

initiator ? 'I' : 'R');

LOG_DBG_BUF ((LOG_MISC, 80, header, buf, hashsize));

-#if !defined (USE_PRIVSEP)

data = malloc (RSA_size (sent_key));

if (!data)

{

@@ -1149,17 +1155,13 @@ rsa_sig_encode_hash (struct message *msg)

datalen = RSA_private_encrypt (hashsize, buf, data, sent_key,

RSA_PKCS1_PADDING);

-#else

- datalen = monitor_RSA_private_encrypt (hashsize, buf, &data, sent_key,

- RSA_PKCS1_PADDING);

-#endif /* USE_PRIVSEP */

if (datalen == -1)

{

log_print ("rsa_sig_encode_hash: RSA_private_encrypt () failed");

if (data)

free (data);

free (buf);

- monitor_RSA_free (sent_key);

+ RSA_free (sent_key);

return -1;

}

@@ -1233,7 +1235,11 @@ get_raw_key_from_file (int type, u_int8_t *id, size_t id_len, RSA **rsa)

char filename[FILENAME_MAX];

char *fstr;

struct stat st;

+#if defined (USE_PRIVSEP)

+ FILE *keyfp;

+#else

BIO *bio;

+#endif

if (type != IKE_AUTH_RSA_SIG) /* XXX More types? */

{

@@ -1262,8 +1268,19 @@ get_raw_key_from_file (int type, u_int8_t *id, size_t id_len, RSA **rsa)

free (fstr);

/* If the file does not exist, fail silently. */

- if (stat (filename, &st) == 0)

+ if (monitor_stat (filename, &st) == 0)

{

+#if defined (USE_PRIVSEP)

+ keyfp = monitor_fopen (filename, "r");

+ if (!keyfp)

+ {

+ log_error ("get_raw_key_from_file: monitor_fopen (\"%s\", \"r\") "

+ "failed", filename);

+ return -1;

+ }

+ *rsa = PEM_read_RSA_PUBKEY (keyfp, NULL, NULL, NULL);

+ fclose (keyfp);

+#else

bio = BIO_new (BIO_s_file ());

if (!bio)

{

@@ -1281,6 +1298,7 @@ get_raw_key_from_file (int type, u_int8_t *id, size_t id_len, RSA **rsa)

filename));

*rsa = PEM_read_bio_RSA_PUBKEY (bio, NULL, NULL, NULL);

BIO_free (bio);

+#endif /* USE_PRIVSEP */

}

else

LOG_DBG ((LOG_NEGOTIATION, 50, "get_raw_key_from_file: file %s not found",

diff --git a/sbin/isakmpd/isakmpd.c b/sbin/isakmpd/isakmpd.c
index d7e5f7c1005..ec6a0cd0351 100644
--- a/sbin/isakmpd/isakmpd.c
+++ b/sbin/isakmpd/isakmpd.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: isakmpd.c,v 1.57 2004/02/19 15:35:16 hshoexer Exp $ */

+/* $OpenBSD: isakmpd.c,v 1.58 2004/03/19 14:04:43 hshoexer Exp $ */

/* $EOM: isakmpd.c,v 1.54 2000/10/05 09:28:22 niklas Exp $ */

@@ -363,11 +363,16 @@ main (int argc, char *argv[])

size_t mask_size;

struct timeval tv, *timeout;

+ closefrom (STDERR_FILENO + 1);

/* Make sure init() won't alloc fd 0, 1 or 2, as daemon() will close them. */

for (n = 0; n <= 2; n++)

if (fcntl (n, F_GETFL, 0) == -1 && errno == EBADF)

(void)open ("/dev/null", n ? O_WRONLY : O_RDONLY, 0);

+ for (n = 1; n < _NSIG; n++)

+ signal (n, SIG_DFL);

/* Log cmd line parsing and initialization errors to stderr. */

log_to (stderr);

parse_args (argc, argv);

@@ -381,15 +386,15 @@ main (int argc, char *argv[])

if (debug == 1) /* i.e '-dd' will skip this. */

signal (SIGINT, daemon_shutdown_now);

+ /* Daemonize before forking unpriv'ed child */

+ if (!debug)

+ if (daemon (0, 0))

+ log_fatal ("main: daemon (0, 0) failed");

#if defined (USE_PRIVSEP)

if (monitor_init ())

{

- /* The parent, with privileges. */

- if (!debug)

- if (daemon (0, 0))

- log_fatal ("main [priv]: daemon (0, 0) failed");

- /* Enter infinite monitor loop. */

+ /* The parent, with privileges enters infinite monitor loop. */

monitor_loop (debug);

exit (0); /* Never reached. */

}

@@ -399,10 +404,6 @@ main (int argc, char *argv[])

init ();

- if (!debug)

- if (daemon (0, 0))

- log_fatal ("main: daemon (0, 0) failed");

write_pid_file ();

/* Reinitialize on HUP reception. */

@@ -430,6 +431,10 @@ main (int argc, char *argv[])

if (!wfds)

log_fatal ("main: malloc (%lu) failed", (unsigned long)mask_size);

+#if defined (USE_PRIVSEP)

+ monitor_init_done();

+#endif

while (1)

{

/* If someone has sent SIGHUP to us, reconfigure. */

diff --git a/sbin/isakmpd/log.c b/sbin/isakmpd/log.c
index fcc9c217841..5aea77ef993 100644
--- a/sbin/isakmpd/log.c
+++ b/sbin/isakmpd/log.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: log.c,v 1.40 2004/02/25 16:01:28 hshoexer Exp $ */

+/* $OpenBSD: log.c,v 1.41 2004/03/19 14:04:43 hshoexer Exp $ */

/* $EOM: log.c,v 1.30 2000/09/29 08:19:23 niklas Exp $ */

@@ -427,7 +427,12 @@ log_packet_init (char *newname)

}

/* Does the file already exist? XXX lstat() or stat()? */

+#if defined (USE_PRIVSEP)

+ /* XXX This is a fstat! */

+ if (monitor_stat (pcaplog_file, &st) == 0)

+#else

if (lstat (pcaplog_file, &st) == 0)

+#endif

{

/* Sanity checks. */

if ((st.st_mode & S_IFMT) != S_IFREG)

diff --git a/sbin/isakmpd/monitor.c b/sbin/isakmpd/monitor.c
index 49983820dc4..3120054a343 100644
--- a/sbin/isakmpd/monitor.c
+++ b/sbin/isakmpd/monitor.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: monitor.c,v 1.12 2004/03/15 16:34:28 hshoexer Exp $ */

+/* $OpenBSD: monitor.c,v 1.13 2004/03/19 14:04:43 hshoexer Exp $ */

@@ -30,6 +30,7 @@

#include <sys/ioctl.h>

#include <sys/stat.h>

#include <sys/wait.h>

+#include <netinet/in.h>

#include <errno.h>

#include <fcntl.h>

#include <pwd.h>

@@ -57,7 +58,11 @@ struct monitor_state

} m_state;

volatile sig_atomic_t sigchlded = 0;

+volatile sig_atomic_t monitor_sighupped = 0;

extern volatile sig_atomic_t sigtermed;

+static volatile sig_atomic_t cur_state = STATE_INIT;

+extern char *ui_fifo;

/* Private functions. */

int m_write_int32 (int, int32_t);

@@ -66,12 +71,16 @@ int m_read_int32 (int, int32_t *);

int m_read_raw (int, char *, size_t);

void m_flush (int);

-void m_priv_getfd (int);

-void m_priv_getsocket (int);

-void m_priv_setsockopt (int);

-void m_priv_bind (int);

-void m_priv_mkfifo (int);

-void m_priv_local_sanitize_path (char *, size_t, int);

+static void m_priv_getfd (int);

+static void m_priv_getsocket (int);

+static void m_priv_setsockopt (int);

+static void m_priv_bind (int);

+static void m_priv_mkfifo (int);

+static int m_priv_local_sanitize_path (char *, size_t, int);

+static int m_priv_check_sockopt (int, int);

+static int m_priv_check_bind (const struct sockaddr *, socklen_t);

+static void m_priv_increase_state (int);

+static void m_priv_test_state (int);

* Public functions, unprivileged.

@@ -127,14 +136,9 @@ int

monitor_open (const char *path, int flags, mode_t mode)

{

int fd, mode32 = (int32_t) mode;

+ int32_t err;

char realpath[MAXPATHLEN];

- if (m_state.pid)

- {

- /* Called from the parent, i.e already privileged. */

- return open (path, flags, mode);

- }

if (path[0] == '/')

strlcpy (realpath, path, sizeof realpath);

else

@@ -153,12 +157,21 @@ monitor_open (const char *path, int flags, mode_t mode)

if (m_write_int32 (m_state.s, mode32))

goto errout;

+ if (m_read_int32 (m_state.s, &err))

+ goto errout;

+ if (err != 0)

+ {

+ errno = (int)err;

+ return -1;

+ }

/* Wait for response. */

fd = mm_receive_fd (m_state.s);

if (fd < 0)

{

- log_error ("monitor_open: open(\"%s\") failed", path);

+ log_error ("monitor_open: mm_receive_fd () failed: %s",

+ strerror (errno));

return -1;

}

@@ -173,7 +186,7 @@ FILE *

monitor_fopen (const char *path, const char *mode)

{

FILE *fp;

- int fd, flags = 0, umask = 0;

+ int fd, flags = 0, mask, saved_errno;

/* Only the child process is supposed to run this. */

if (m_state.pid)

@@ -194,7 +207,9 @@ monitor_fopen (const char *path, const char *mode)

log_fatal ("monitor_fopen: bad call");

}

- fd = monitor_open (path, flags, umask);

+ fd = monitor_open (path, flags, mask);

if (fd < 0)

return NULL;

@@ -203,7 +218,9 @@ monitor_fopen (const char *path, const char *mode)

if (!fp)

{

log_error ("monitor_fopen: fdopen() failed");

+ saved_errno = errno;

close (fd);

+ errno = saved_errno;

return NULL;

}

@@ -215,12 +232,10 @@ monitor_stat (const char *path, struct stat *sb)

{

int fd, r, saved_errno;

- fd = monitor_open (path, O_RDONLY, 0);

+ /* O_NONBLOCK is needed for stat'ing fifos. */

+ fd = monitor_open (path, O_RDONLY | O_NONBLOCK, 0);

if (fd < 0)

- {

- errno = EACCES; /* A good guess? */

return -1;

- }

r = fstat (fd, sb);

saved_errno = errno;

@@ -233,6 +248,7 @@ int

monitor_socket (int domain, int type, int protocol)

{

int s;

+ int32_t err;

if (m_write_int32 (m_state.s, MONITOR_GET_SOCKET))

goto errout;

@@ -246,9 +262,23 @@ monitor_socket (int domain, int type, int protocol)

if (m_write_int32 (m_state.s, (int32_t)protocol))

goto errout;

+ if (m_read_int32 (m_state.s, &err))

+ goto errout;

+ if (err != 0)

+ {

+ errno = (int)err;

+ return -1;

+ }

/* Read result. */

s = mm_receive_fd (m_state.s);

+ if (s < 0)

+ {

+ log_error ("monitor_socket: mm_receive_fd () failed: %s",

+ strerror (errno));

+ return -1;

+ }

return s;

@@ -261,11 +291,12 @@ int

monitor_setsockopt (int s, int level, int optname, const void *optval,

socklen_t optlen)

{

- int ret;

+ int32_t ret, err;

if (m_write_int32 (m_state.s, MONITOR_SETSOCKOPT))

goto errout;

- mm_send_fd (m_state.s, s); /* XXX? */

+ if (mm_send_fd (m_state.s, s))

+ goto errout;

if (m_write_int32 (m_state.s, (int32_t)level))

goto errout;

@@ -276,10 +307,16 @@ monitor_setsockopt (int s, int level, int optname, const void *optval,

if (m_write_raw (m_state.s, (char *)optval, (size_t)optlen))

goto errout;

+ if (m_read_int32 (m_state.s, &err))

+ goto errout;

+ if (err != 0)

+ errno = (int)err;

if (m_read_int32 (m_state.s, &ret))

goto errout;

- return ret;

+ return (int)ret;

errout:

log_print ("monitor_setsockopt: read/write error");

@@ -289,21 +326,28 @@ monitor_setsockopt (int s, int level, int optname, const void *optval,

int

monitor_bind (int s, const struct sockaddr *name, socklen_t namelen)

{

- int ret;

+ int32_t ret, err;

if (m_write_int32 (m_state.s, MONITOR_BIND))

goto errout;

- mm_send_fd (m_state.s, s);

+ if (mm_send_fd (m_state.s, s))

+ goto errout;

if (m_write_int32 (m_state.s, (int32_t)namelen))

goto errout;

if (m_write_raw (m_state.s, (char *)name, (size_t)namelen))

goto errout;

+ if (m_read_int32 (m_state.s, &err))

+ goto errout;

+ if (err != 0)

+ errno = (int)err;

if (m_read_int32 (m_state.s, &ret))

goto errout;

- return ret;

+ return (int)ret;

errout:

log_print ("monitor_bind: read/write error");

@@ -313,7 +357,7 @@ monitor_bind (int s, const struct sockaddr *name, socklen_t namelen)

int

monitor_mkfifo (const char *path, mode_t mode)

{

- int32_t ret;

+ int32_t ret, err;

char realpath[MAXPATHLEN];

/* Only the child process is supposed to run this. */

@@ -335,6 +379,12 @@ monitor_mkfifo (const char *path, mode_t mode)

if (m_write_int32 (m_state.s, ret))

goto errout;

+ if (m_read_int32 (m_state.s, &err))

+ goto errout;

+ if (err != 0)

+ errno = (int)err;

if (m_read_int32 (m_state.s, &ret))

goto errout;

@@ -345,23 +395,151 @@ monitor_mkfifo (const char *path, mode_t mode)

return -1;

}

+struct monitor_dirents *

+monitor_opendir (const char *path)

+ char *buf, *cp;

+ size_t bufsize;

+ int fd, nbytes, entries;

+ long base;

+ struct stat sb;

+ struct dirent *dp;

+ struct monitor_dirents *direntries;

+ fd = monitor_open (path, 0, O_RDONLY);

+ if (fd < 0)

+ {

+ log_error ("monitor_opendir: opendir(\"%s\") failed", path);

+ return NULL;

+ }

+ /* Now build a list with all dirents from fd. */

+ if (fstat (fd, &sb) < 0)

+ {

+ (void)close (fd);

+ return NULL;

+ }

+ if (!S_ISDIR (sb.st_mode))

+ {

+ (void)close (fd);

+ errno = EACCES;

+ return NULL;

+ }

+ bufsize = sb.st_size;

+ if (bufsize < sb.st_blksize)

+ bufsize = sb.st_blksize;

+ buf = calloc (bufsize, sizeof (char));

+ if (buf == NULL)

+ {

+ (void)close (fd);

+ errno = EACCES;

+ return NULL;

+ }

+ nbytes = getdirentries (fd, buf, bufsize, &base);

+ if (nbytes <= 0)

+ {

+ (void)close (fd);

+ free (buf);

+ errno = EACCES;

+ return NULL;

+ }

+ (void)close (fd);

+ for (entries = 0, cp = buf; cp < buf + nbytes; )

+ {

+ dp = (struct dirent *)cp;

+ cp += dp->d_reclen;

+ entries++;

+ }

+ direntries = calloc (1, sizeof (struct monitor_dirents));

+ if (direntries == NULL)

+ {

+ free (buf);

+ errno = EACCES;

+ return NULL;

+ }

+ direntries->dirents = calloc (entries + 1, sizeof (struct dirent *));

+ if (direntries->dirents == NULL)

+ {

+ free (buf);

+ free (direntries);

+ errno = EACCES;

+ return NULL;

+ }

+ direntries->current = 0;

+ for (entries = 0, cp = buf; cp < buf + nbytes; )

+ {

+ dp = (struct dirent *)cp;

+ direntries->dirents[entries++] = dp;

+ cp += dp->d_reclen;

+ }

+ direntries->dirents[entries] = NULL;

+ return direntries;

+struct dirent *

+monitor_readdir (struct monitor_dirents *direntries)

+ if (direntries->dirents[direntries->current] != NULL)

+ return direntries->dirents[direntries->current++];

+ return NULL;

+int

+monitor_closedir (struct monitor_dirents *direntries)

+ free (direntries->dirents);

+ free (direntries);

+ return 0;

+void

+monitor_init_done (void)

+ if (m_write_int32 (m_state.s, MONITOR_INIT_DONE))

+ log_print ("monitor_init_done: read/write error");

+ return;

* Start of code running with privileges (the monitor process).

-/* Help function for monitor_loop(). */

+/* Help functions for monitor_loop(). */

static void

monitor_got_sigchld (int sig)

{

sigchlded = 1;

}

+static void

+sig_pass_to_chld(int sig)

+ int oerrno = errno;

+ if (m_state.pid != -1)

+ kill(m_state.pid, sig);

+ errno = oerrno;

/* This function is where the privileged process waits(loops) indefinitely. */

void

monitor_loop (int debugging)

{

+ pid_t pid;

fd_set *fds;

- int n, maxfd, shutdown = 0;

+ int n, maxfd;

if (!debugging)

log_to (0);

@@ -379,7 +557,12 @@ monitor_loop (int debugging)

/* If the child dies, we should shutdown also. */

signal (SIGCHLD, monitor_got_sigchld);

- while (!shutdown)

+ /* SIGHUP, SIGUSR1 and SIGUSR2 will be forwarded to child. */

+ signal (SIGHUP, sig_pass_to_chld);

+ signal (SIGUSR1, sig_pass_to_chld);

+ signal (SIGUSR2, sig_pass_to_chld);

+ while (cur_state < STATE_QUIT)

{

* Currently, there is no need for us to hang around if the child

@@ -387,12 +570,30 @@ monitor_loop (int debugging)

if (sigtermed || sigchlded)

{

+ if (sigtermed)

+ kill (m_state.pid, SIGTERM);

if (sigchlded)

- wait (&n);

- shutdown++;

+ {

+ do

+ {

+ pid = waitpid (m_state.pid, &n, WNOHANG);

+ }

+ while (pid == -1 && errno == EINTR);

+ if (pid == m_state.pid && (WIFEXITED (n) || WIFSIGNALED (n)))

+ m_priv_increase_state (STATE_QUIT);

+ }

break;

}

+ if (monitor_sighupped)

+ {

+ kill (m_state.pid, SIGHUP);

+ monitor_sighupped = 0;

+ }

FD_ZERO (fds);

FD_SET (m_state.s, fds);

@@ -419,23 +620,38 @@ monitor_loop (int debugging)

break;

case MONITOR_GET_SOCKET:

+ LOG_DBG ((LOG_MISC, 80, "%s: MONITOR_GET_SOCKET", __func__));