/* * This file is part of the KDE project, module tdesu. * Copyright (C) 1999,2000 Geert Jansen <jansen@kde.org> * * handler.cpp: A connection handler for tdesud. */ #include <stdlib.h> #include <string.h> #include <assert.h> #include <unistd.h> #include <signal.h> #include <errno.h> #include <string.h> #include <sys/types.h> #include <sys/socket.h> #include <sys/types.h> #include <tqcstring.h> #include <kdebug.h> #include <tdesu/su.h> #include <tdesu/ssh.h> #include "handler.h" #include "repo.h" #include "lexer.h" #include "secure.h" // Global repository extern Repository *repo; void tdesud_cleanup(); ConnectionHandler::ConnectionHandler(int fd) : SocketSecurity(fd), m_exitCode(0), m_hasExitCode(false), m_needExitCode(false), m_pid(0) { m_Fd = fd; m_Priority = 50; m_Scheduler = SuProcess::SchedNormal; } ConnectionHandler::~ConnectionHandler() { m_Buf.fill('x'); m_Pass.fill('x'); close(m_Fd); } /* * Handle a connection: make sure we don't block */ int ConnectionHandler::handle() { int ret, nbytes; // Add max 100 bytes to connection buffer char tmpbuf[100]; nbytes = recv(m_Fd, tmpbuf, 99, 0); if (nbytes < 0) { if (errno == EINTR) return 0; // read error return -1; } else if (nbytes == 0) { // eof return -1; } tmpbuf[nbytes] = '\000'; if (m_Buf.length()+nbytes > 1024) { kdWarning(1205) << "line too long"; return -1; } m_Buf.append(tmpbuf); memset(tmpbuf, 'x', nbytes); // Do we have a complete command yet? int n; TQCString newbuf; while ((n = m_Buf.find('\n')) != -1) { newbuf = m_Buf.left(n+1); m_Buf.fill('x', n+1); m_Buf.remove(0, n+1); ret = doCommand(newbuf); if (ret < 0) return ret; } return 0; } TQCString ConnectionHandler::makeKey(int _namespace, TQCString s1, TQCString s2, TQCString s3) { TQCString res; res.setNum(_namespace); res += "*"; res += s1 + "*" + s2 + "*" + s3; return res; } void ConnectionHandler::sendExitCode() { if (!m_needExitCode) return; TQCString buf; buf.setNum(m_exitCode); buf.prepend("OK "); buf.append("\n"); send(m_Fd, buf.data(), buf.length(), 0); } void ConnectionHandler::respond(int ok, TQCString s) { TQCString buf; switch (ok) { case Res_OK: buf = "OK"; break; case Res_NO: default: buf = "NO"; break; } if (!s.isEmpty()) { buf += ' '; buf += s; } buf += '\n'; send(m_Fd, buf.data(), buf.length(), 0); } /* * Parse and do one command. On a parse error, return -1. This will * close the socket in the main accept loop. */ int ConnectionHandler::doCommand(TQCString buf) { if ((uid_t) peerUid() != getuid()) { kdWarning(1205) << "Peer uid not equal to me\n"; kdWarning(1205) << "Peer: " << peerUid() << " Me: " << getuid() << endl; return -1; } TQCString key, command, pass, name, user, value, env_check; Data_entry data; Lexer *l = new Lexer(buf); int tok = l->lex(); switch (tok) { case Lexer::Tok_pass: // "PASS password:string timeout:int\n" tok = l->lex(); if (tok != Lexer::Tok_str) goto parse_error; m_Pass.fill('x'); m_Pass = l->lval(); tok = l->lex(); if (tok != Lexer::Tok_num) goto parse_error; m_Timeout = l->lval().toInt(); if (l->lex() != '\n') goto parse_error; if (m_Pass.isNull()) m_Pass = ""; kdDebug(1205) << "Password set!\n"; respond(Res_OK); break; case Lexer::Tok_host: // "HOST host:string\n" tok = l->lex(); if (tok != Lexer::Tok_str) goto parse_error; m_Host = l->lval(); if (l->lex() != '\n') goto parse_error; kdDebug(1205) << "Host set to " << m_Host << endl; respond(Res_OK); break; case Lexer::Tok_prio: // "PRIO priority:int\n" tok = l->lex(); if (tok != Lexer::Tok_num) goto parse_error; m_Priority = l->lval().toInt(); if (l->lex() != '\n') goto parse_error; kdDebug(1205) << "priority set to " << m_Priority << endl; respond(Res_OK); break; case Lexer::Tok_sched: // "SCHD scheduler:int\n" tok = l->lex(); if (tok != Lexer::Tok_num) goto parse_error; m_Scheduler = l->lval().toInt(); if (l->lex() != '\n') goto parse_error; kdDebug(1205) << "Scheduler set to " << m_Scheduler << endl; respond(Res_OK); break; case Lexer::Tok_exec: // "EXEC command:string user:string [options:string (env:string)*]\n" { TQCString options; QCStringList env; tok = l->lex(); if (tok != Lexer::Tok_str) goto parse_error; command = l->lval(); tok = l->lex(); if (tok != Lexer::Tok_str) goto parse_error; user = l->lval(); tok = l->lex(); if (tok != '\n') { if (tok != Lexer::Tok_str) goto parse_error; options = l->lval(); tok = l->lex(); while (tok != '\n') { if (tok != Lexer::Tok_str) goto parse_error; TQCString env_str = l->lval(); env.append(env_str); if (strncmp(env_str, "DESKTOP_STARTUP_ID=", strlen("DESKTOP_STARTUP_ID=")) != 0) env_check += "*"+env_str; tok = l->lex(); } } TQCString auth_user; if ((m_Scheduler != SuProcess::SchedNormal) || (m_Priority > 50)) auth_user = "root"; else auth_user = user; key = makeKey(2, m_Host, auth_user, command); // We only use the command if the environment is the same. if (repo->find(key) == env_check) { key = makeKey(0, m_Host, auth_user, command); pass = repo->find(key); } if (pass.isNull()) // isNull() means no password, isEmpty() can mean empty password { if (m_Pass.isNull()) { respond(Res_NO); break; } data.value = env_check; data.timeout = m_Timeout; key = makeKey(2, m_Host, auth_user, command); repo->add(key, data); data.value = m_Pass; data.timeout = m_Timeout; key = makeKey(0, m_Host, auth_user, command); repo->add(key, data); pass = m_Pass; } // Execute the command asynchronously kdDebug(1205) << "Executing command: " << command << endl; pid_t pid = fork(); if (pid < 0) { kdDebug(1205) << "fork(): " << strerror(errno) << endl; respond(Res_NO); break; } else if (pid > 0) { m_pid = pid; respond(Res_OK); break; } // Ignore SIGCHLD because "class SuProcess" needs waitpid() signal(SIGCHLD, SIG_DFL); int ret; if (m_Host.isEmpty()) { SuProcess proc; proc.setCommand(command); proc.setUser(user); if (options.contains('x')) proc.setXOnly(true); if (options.contains('f')) proc.setDCOPForwarding(true); proc.setPriority(m_Priority); proc.setScheduler(m_Scheduler); proc.setEnvironment(env); ret = proc.exec(pass.data()); } else { SshProcess proc; proc.setCommand(command); proc.setUser(user); proc.setHost(m_Host); ret = proc.exec(pass.data()); } kdDebug(1205) << "Command completed: " << command << endl; _exit(ret); } case Lexer::Tok_delCmd: // "DEL command:string user:string\n" tok = l->lex(); if (tok != Lexer::Tok_str) goto parse_error; command = l->lval(); tok = l->lex(); if (tok != Lexer::Tok_str) goto parse_error; user = l->lval(); if (l->lex() != '\n') goto parse_error; key = makeKey(0, m_Host, user, command); if (repo->remove(key) < 0) { kdDebug(1205) << "Unknown command: " << command << endl; respond(Res_NO); } else { kdDebug(1205) << "Deleted command: " << command << ", user = " << user << endl; respond(Res_OK); } break; case Lexer::Tok_delVar: // "DELV name:string \n" { tok = l->lex(); if (tok != Lexer::Tok_str) goto parse_error; name = l->lval(); tok = l->lex(); if (tok != '\n') goto parse_error; key = makeKey(1, name); if (repo->remove(key) < 0) { kdDebug(1205) << "Unknown name: " << name << endl; respond(Res_NO); } else { kdDebug(1205) << "Deleted name: " << name << endl; respond(Res_OK); } break; } case Lexer::Tok_delGroup: // "DELG group:string\n" tok = l->lex(); if (tok != Lexer::Tok_str) goto parse_error; name = l->lval(); if (repo->removeGroup(name) < 0) { kdDebug(1205) << "No keys found under group: " << name << endl; respond(Res_NO); } else { kdDebug(1205) << "Removed all keys under group: " << name << endl; respond(Res_OK); } break; case Lexer::Tok_delSpecialKey: // "DELS special_key:string\n" tok = l->lex(); if (tok != Lexer::Tok_str) goto parse_error; name = l->lval(); if (repo->removeSpecialKey(name) < 0) respond(Res_NO); else respond(Res_OK); break; case Lexer::Tok_set: // "SET name:string value:string group:string timeout:int\n" tok = l->lex(); if (tok != Lexer::Tok_str) goto parse_error; name = l->lval(); tok = l->lex(); if (tok != Lexer::Tok_str) goto parse_error; data.value = l->lval(); tok = l->lex(); if (tok != Lexer::Tok_str) goto parse_error; data.group = l->lval(); tok = l->lex(); if (tok != Lexer::Tok_num) goto parse_error; data.timeout = l->lval().toInt(); if (l->lex() != '\n') goto parse_error; key = makeKey(1, name); repo->add(key, data); kdDebug(1205) << "Stored key: " << key << endl; respond(Res_OK); break; case Lexer::Tok_get: // "GET name:string\n" tok = l->lex(); if (tok != Lexer::Tok_str) goto parse_error; name = l->lval(); if (l->lex() != '\n') goto parse_error; key = makeKey(1, name); kdDebug(1205) << "Request for key: " << key << endl; value = repo->find(key); if (!value.isEmpty()) respond(Res_OK, value); else respond(Res_NO); break; case Lexer::Tok_getKeys: // "GETK groupname:string\n" tok = l->lex(); if (tok != Lexer::Tok_str) goto parse_error; name = l->lval(); if (l->lex() != '\n') goto parse_error; kdDebug(1205) << "Request for group key: " << name << endl; value = repo->findKeys(name); if (!value.isEmpty()) respond(Res_OK, value); else respond(Res_NO); break; case Lexer::Tok_chkGroup: // "CHKG groupname:string\n" tok = l->lex(); if (tok != Lexer::Tok_str) goto parse_error; name = l->lval(); if (l->lex() != '\n') goto parse_error; kdDebug(1205) << "Checking for group key: " << name << endl; if ( repo->hasGroup( name ) < 0 ) respond(Res_NO); else respond(Res_OK); break; case Lexer::Tok_ping: // "PING\n" tok = l->lex(); if (tok != '\n') goto parse_error; respond(Res_OK); break; case Lexer::Tok_exit: // "EXIT\n" tok = l->lex(); if (tok != '\n') goto parse_error; m_needExitCode = true; if (m_hasExitCode) sendExitCode(); break; case Lexer::Tok_stop: // "STOP\n" tok = l->lex(); if (tok != '\n') goto parse_error; kdDebug(1205) << "Stopping by command" << endl; respond(Res_OK); tdesud_cleanup(); exit(0); default: kdWarning(1205) << "Unknown command: " << l->lval() << endl; respond(Res_NO); goto parse_error; } delete l; return 0; parse_error: kdWarning(1205) << "Parse error" << endl; delete l; return -1; }