1/* $NetBSD: pt_filter.c,v 1.10 2008/04/28 20:23:09 martin Exp $ */ 2 3/* 4 * Copyright (c) 1999 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD 8 * Foundation by Brian Grayson, and is dedicated to Rebecca 9 * Margaret Pollard-Grayson. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 24 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33#include <sys/cdefs.h> 34#ifndef lint 35__RCSID("$NetBSD: pt_filter.c,v 1.10 2008/04/28 20:23:09 martin Exp $"); 36#endif /* not lint */ 37 38#include <stdio.h> 39#include <unistd.h> 40#include <stdlib.h> 41#include <errno.h> 42#include <string.h> 43#include <err.h> 44#include <sys/types.h> 45#include <sys/param.h> 46#include <sys/syslog.h> 47 48#include "portald.h" 49 50/* 51 * Key will be <key><path>. We let the configuration file 52 * tell us how to filter the file. 53 */ 54 55#define FILTER_CMD_SIZE 8192 56 57static void fill_cmd(char **, char *, char *, int); 58 59static void 60fill_cmd(char **cmdv, char *path, char *buff, int n) 61{ 62 int i; 63 /* Make tempbuff at least as large as buff. */ 64 char *tempbuff = malloc(n);; 65 if (tempbuff == NULL) 66 err(1, NULL); 67 68 strncpy(tempbuff, cmdv[0], n); 69 for (i = 1; cmdv[i]; i++) { 70 strncat(tempbuff, " ", n - strlen(tempbuff)); 71 strncat(tempbuff, cmdv[i], n - strlen(tempbuff)); 72 } 73 strncat(tempbuff, " ", n - strlen(tempbuff)); 74 /* Now do the snprintf into buff. */ 75 snprintf(buff, n, tempbuff, path); 76 free(tempbuff); 77} 78 79 80/* 81 * Strip v[1], replace %s in v[2] v[3] ... with the remainder 82 * of the path, and exec v[2] v[3] ... on the remainder. 83 */ 84int 85portal_rfilter(struct portal_cred *pcr, char *key, char **v, int *fdp) 86{ 87 char cmd[FILTER_CMD_SIZE]; 88 char *path; 89 FILE *fp; 90 int error = 0; 91 char percent_s[] = "%s"; 92 93 error = lose_credentials(pcr); 94 if (error != 0) 95 return error; 96 97#ifdef DEBUG 98 fprintf(stderr, "rfilter: Got key %s\n", key); 99#endif 100 101 if (!v[1] || !v[2]) { 102 syslog(LOG_ERR, 103 "rfilter: got strip-key of %s, and command start of %s\n", 104 v[1], v[2]); 105 exit(1); 106 } 107 /* 108 * Format for rfilter in config file: 109 * 110 * matchkey rfilter stripkey cmd [arg1] [arg2] ... 111 * any of arg1, arg2, etc. can have %s, in which case %s 112 * will be replaced by the full path. If arg1 is 113 * missing, %s is assumed, i.e. 114 * bogus1 rfilter bogus1/ cmd1 115 * is equivalent to 116 * bogus1 rfilter bogus1/ cmd1 %s 117 */ 118 /* 119 * v[3] could be NULL, or could point to "". 120 */ 121 if (!v[3] || strlen(v[3]) == 0) 122 v[3] = percent_s; /* Handle above assumption. */ 123 path = key; 124 /* Strip out stripkey if it matches leading part of key. */ 125 if (!strncmp(v[1], key, strlen(v[1]))) 126 path += strlen(v[1]); 127 /* 128 * v[0] is key match, v[1] says how much to strip, v[2] 129 * is beginning of command proper. The first %s in v[2] 130 * ... will be replaced with the path. 131 */ 132 fill_cmd(v + 2, path, cmd, FILTER_CMD_SIZE); 133 if (strlen(cmd) >= FILTER_CMD_SIZE) { 134 syslog(LOG_WARNING, 135 "Warning: potential overflow on string! Length was %lu\n", 136 (unsigned long)strlen(cmd)); 137 return ENAMETOOLONG; 138 } 139#ifdef DEBUG 140 fprintf(stderr, "rfilter: Using cmd of %s\n", cmd); 141#endif 142 fp = popen(cmd, "r"); 143 if (fp == NULL) 144 return errno; 145 146 /* Before returning, restore original uid and gid. */ 147 /* But only do this if we were root to start with. */ 148 if (getuid() == 0) { 149 if ((seteuid((uid_t) 0) < 0) || (setegid((gid_t) 0) < 0)) { 150 error = errno; 151 syslog(LOG_WARNING, "setcred: %m"); 152 pclose(fp); 153 fp = NULL; 154 } 155 } 156 if (fp) 157 fdp[0] = fileno(fp); 158 return error; 159} 160 161int 162portal_wfilter(struct portal_cred *pcr, char *key, char **v, int *fdp) 163{ 164 char cmd[FILTER_CMD_SIZE]; 165 char *path; 166 FILE *fp; 167 int error = 0; 168 int cred_change_err = 0; 169 170 cred_change_err = lose_credentials(pcr); 171 if (cred_change_err != 0) 172 return cred_change_err; 173 174 path = key + (v[1] ? strlen(v[1]) : 0); 175 /* 176 * v[0] is key match, v[1] says how much to strip, v[2] 177 * is beginning of command proper. 178 */ 179 fill_cmd(v + 2, path, cmd, FILTER_CMD_SIZE); 180 if (strlen(cmd) >= FILTER_CMD_SIZE) { 181 syslog(LOG_WARNING, 182 "Warning: potential overflow on string! Length was %lu\n", 183 (unsigned long)strlen(cmd)); 184 return ENAMETOOLONG; 185 } 186 fp = popen(cmd, "w"); 187 if (fp == NULL) { 188 return errno; 189 } 190 /* Before returning, restore original uid and gid. */ 191 /* But only do this if we were root to start with. */ 192 if (getuid() == 0) { 193 if ((seteuid((uid_t) 0) < 0) || (setegid((gid_t) 0) < 0)) { 194 error = errno; 195 syslog(LOG_WARNING, "setcred: %m"); 196 pclose(fp); 197 fp = NULL; 198 } 199 } 200 if (fp) 201 fdp[0] = fileno(fp); 202 return error; 203} 204