Commit 68d6d42d authored by Niels Möller's avatar Niels Möller
Browse files

* src/unix_user.c (do_fork_process): Deleted function.

(do_exec_shell): Deleted function.

* src/unix_user.c (make_process_resource): Deleted old code.

Rev: src/unix_user.c:1.46
parent 0371ba40
......@@ -82,160 +82,6 @@ struct unix_user_db;
#include "unix_user.c.x"
#if 0
/* ;; GABA:
(class
(name logout_cleanup)
(super exit_callback)
(vars
(process object resource)
(log space "struct utmp")
(c object exit_callback)))
*/
static void
do_logout_cleanup(struct exit_callback *s,
int signaled, int core, int value)
{
CAST(logout_cleanup, self, s);
/* No need to signal the process. */
self->process->alive = 0;
#if defined(WITH_UTMP) && defined(HAVE_LOGWTMP)
if (self->log)
logwtmp(self->log->ut_line,
"",
self->log->ut_host);
#endif /* WITH_UTMP && HAVE_LOGWTMP */
EXIT_CALLBACK(self->c, signaled, core, value);
}
static struct exit_callback *
make_logout_cleanup(struct resource *process,
struct utmp *log,
struct exit_callback *c)
{
NEW(logout_cleanup, self);
self->super.exit = do_logout_cleanup;
self->process = process;
self->log = log;
self->c = c;
return &self->super;
}
#if WITH_UTMP
static void
lsh_strncpy(char *dst, unsigned n, struct lsh_string *s)
{
unsigned length = MIN(n - 1, s->length);
memcpy(dst, s->data, length);
dst[length] = '\0';
}
/* Strips the leading "/dev/" part of s. */
static void
lsh_strncpy_tty(char *dst, unsigned n, struct lsh_string *s)
{
/* "/dev/" is 5 characters */
if (s->length <= 5)
lsh_strncpy(dst, n, s);
{
unsigned length = MIN(n - 1, s->length - 5);
memcpy(dst, s->data + 5, length);
dst[length] = '\0';
}
}
#define CP(dst, src) lsh_strncpy(dst, sizeof(dst), src);
#define CP_TTY(dst, src) lsh_strncpy_tty(dst, sizeof(dst), src);
static struct utmp *
lsh_make_utmp(struct lsh_user *user,
struct address_info *peer,
struct lsh_string *ttyname)
{
struct utmp *log;
NEW_SPACE(log);
#if HAVE_STRUCT_UTMP_UT_NAME
CP(log->ut_name, user->name);
#elif HAVE_STRUCT_UTMP_UT_USER
CP(log->ut_user, user->name);
#endif
CP_TTY(log->ut_line, ttyname);
#if HAVE_STRUCT_UTMP_UT_HOST
CP(log->ut_host, peer->ip);
#endif
return log;
}
#undef CP
#undef CP_TTY
#endif /* WITH_UTMP */
/* ;; GABA:
(class
(name process_resource)
(super lsh_process)
(vars
(pid . pid_t)
; Signal used for killing the process.
(signal . int)))
*/
static void
do_kill_process(struct resource *r)
{
CAST(process_resource, self, r);
if (self->super.super.alive)
{
self->super.super.alive = 0;
/* NOTE: This function only makes one attempt at killing the
* process. An improvement would be to install a callout handler
* which will kill -9 the process after a delay, if it hasn't died
* voluntarily. */
if (kill(self->pid, self->signal) < 0)
{
werror("do_kill_process: kill failed (errno = %i): %z\n",
errno, STRERROR(errno));
}
}
}
static int
do_signal_process(struct lsh_process *s, int signal)
{
CAST(process_resource, self, s);
return self->super.super.alive
&& (kill(self->pid, signal) == 0);
}
static struct lsh_process *
make_process_resource(pid_t pid, int signal)
{
NEW(process_resource, self);
init_resource(&self->super.super, do_kill_process);
self->super.signal = do_signal_process;
self->pid = pid;
self->signal = signal;
return &self->super;
}
#endif
/* GABA:
(class
(name unix_user)
......@@ -757,81 +603,6 @@ change_uid(struct unix_user *user)
return 1;
}
/* FIXME: In child processes, between do_fork_process and do_exec_shell,
* we're running with the user's uid, which seems dangerous.
* It seems better to move uid handling to exec-time, and perhaps
* to a separate program.
*
* The potential problem is that a user can read the process memory
* before exec, and learn the host key or other secrets. The safest
* way seems to be to be to exec a separate program, which changes
* persona and then exec's the real login shell. */
static int
do_fork_process(struct lsh_user *u,
struct lsh_process **process,
struct exit_callback *c,
struct address_info *peer, struct lsh_string *tty)
{
CAST(unix_user, user, u);
pid_t child;
#if 0
struct utmp *log = NULL;
#endif
/* Don't start any processes unless the user has a login shell. */
if (!user->shell)
return 0;
#if 0
#if WITH_UTMP
if (tty)
log = lsh_make_utmp(u, peer, tty);
#endif
#endif
child = fork();
switch(child)
{
case -1:
werror("fork failed: %z\n", STRERROR(errno));
return 0;
case 0: /* Child */
#if 0
/* FIXME: Create utmp entry as well. */
#if defined(WITH_UTMP) && defined(HAVE_LOGWTMP)
if (log)
/* FIXME: It should be safe to perform a blocking reverse dns lookup here,
* as we have forked. */
#if HAVE_STRUCT_UTMP_UT_NAME
logwtmp(log->ut_line, log->ut_name, log->ut_host);
#elif HAVE_STRUCT_UTMP_UT_USER
logwtmp(log->ut_line, log->ut_user, log->ut_host);
#endif
#endif /* WITH_UTMP && HAVE_LOGWTMP */
#endif
if (getuid() != user->super.uid)
if (!change_uid(user))
{
werror("Changing uid failed!\n");
_exit(EXIT_FAILURE);
}
*process = NULL;
return 1;
default: /* Parent */
*process = unix_process_setup(child, 0, &user->super, &c, peer, tty);
REAP(user->ctx->reaper, child, c);
return 1;
}
}
#define USE_LOGIN_DASH_CONVENTION 1
static const char *
......@@ -1151,93 +922,6 @@ do_spawn(struct lsh_user *u,
}
}
static void
do_exec_shell(struct lsh_user *u, int login,
const char **argv,
unsigned env_length,
const struct env_value *env)
{
CAST(unix_user, user, u);
const char **envp;
char *tz = getenv("TZ");
unsigned i, j;
assert(user->shell);
/* Make up an initial environment */
debug("do_exec_shell: Setting up environment.\n");
/* We need place for the caller's values,
*
* SHELL, HOME, USER, LOGNAME, TZ, PATH
*
* and a terminating NULL */
#define MAX_ENV 6
envp = alloca(sizeof(char *) * (env_length + MAX_ENV + 1));
i = 0;
envp[i++] = format_env_pair("SHELL", user->shell);
if (user->home)
envp[i++] = format_env_pair("HOME", user->home);
/* FIXME: The value of $PATH should not be hard-coded */
envp[i++] = "PATH=/bin:/usr/bin";
envp[i++] = format_env_pair("USER", user->super.name);
envp[i++] = format_env_pair("LOGNAME", user->super.name);
if (tz)
envp[i++] = format_env_pair_c("TZ", tz);
assert(i <= MAX_ENV);
#undef MAX_ENV
for (j = 0; j<env_length; j++)
envp[i++] = format_env_pair(env[j].name, env[j].value);
envp[i] = NULL;
debug("do_exec_shell: Environment:\n");
for (i=0; envp[i]; i++)
debug(" '%z'\n", envp[i]);
#if USE_LOGIN_DASH_CONVENTION
if (login)
{
/* Fixup argv[0], so that it starts with a dash */
const char *p;
const char *shell = lsh_get_cstring(user->shell);
char *loginshell;
debug("do_exec_shell: fixing up name of shell...\n");
loginshell = alloca(user->shell->length + 2);
/* Make sure that the shell's name begins with a -. */
p = strrchr (shell, '/');
if (!p)
p = shell;
else
p ++;
loginshell[0] = '-';
strncpy (loginshell + 1, p, user->shell->length);
argv[0] = loginshell;
}
else
#endif /* USE_LOGIN_DASH_CONVENTION */
argv[0] = lsh_get_cstring(user->shell);
debug("do_exec_shell: argv[0] = '%z'.\n", argv[0]);
/* FIXME: Is there a better way? The execve prototype uses char *
* const argv, and similarly for envp. */
execve(lsh_get_cstring(user->shell), (char **) argv, (char **) envp);
}
static struct lsh_user *
make_unix_user(struct lsh_string *name,
uid_t uid, gid_t gid,
......@@ -1254,9 +938,6 @@ make_unix_user(struct lsh_string *name,
user->super.verify_password = do_verify_password;
user->super.file_exists = do_file_exists;
user->super.read_file = do_read_file;
user->super.chdir_home = do_chdir_home;
user->super.fork_process = do_fork_process;
user->super.exec_shell = do_exec_shell;
user->super.spawn = do_spawn;
user->super.uid = uid;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment