| 1 | /* |
| 2 | ** Copyright 1998 - 2000 Double Precision, Inc. See COPYING for |
| 3 | ** distribution information. |
| 4 | */ |
| 5 | |
| 6 | /* Based on code by Christian Loitsch <courier-imap@abc.fgecko.com> */ |
| 7 | |
| 8 | #include <stdio.h> |
| 9 | #include <stdlib.h> |
| 10 | #include <string.h> |
| 11 | #include <errno.h> |
| 12 | |
| 13 | #include <unistd.h> |
| 14 | /* for fork */ |
| 15 | #include <sys/types.h> |
| 16 | /* used to avoid zombies */ |
| 17 | #include <signal.h> |
| 18 | #include <sys/wait.h> |
| 19 | #include <sys/time.h> |
| 20 | #include <sys/select.h> |
| 21 | |
| 22 | #include "auth.h" |
| 23 | #include "authcustom.h" |
| 24 | #include "courierauthdebug.h" |
| 25 | |
| 26 | #include "courierauthdebug.h" |
| 27 | |
| 28 | #include "authpipelib.h" |
| 29 | #include "authpiperc.h" |
| 30 | |
| 31 | static int lastIn = -1; |
| 32 | static int lastOut = -1; |
| 33 | static pid_t childPID = -1; |
| 34 | |
| 35 | static void eliminatePipe(pid_t child); |
| 36 | |
| 37 | static void execChild(int to[], int from[]) |
| 38 | { |
| 39 | DPRINTF("executing %s", PIPE_PROGRAM); |
| 40 | |
| 41 | close(STDIN_FILENO); dup2(to[0], STDIN_FILENO); |
| 42 | close(STDOUT_FILENO); dup2(from[1], STDOUT_FILENO); |
| 43 | close(to[0]); close(to[1]); close(from[0]); close(from[1]); |
| 44 | |
| 45 | execl(PIPE_PROGRAM, PIPE_PROGRAM, NULL); |
| 46 | |
| 47 | DPRINTF("pipe: failed to execute %s: %s",PIPE_PROGRAM, strerror(errno)); |
| 48 | exit(1); |
| 49 | } |
| 50 | |
| 51 | void closePipe(void) |
| 52 | { |
| 53 | DPRINTF("closing pipe"); |
| 54 | if (lastIn >= 0) { close(lastIn); lastIn = -1; } |
| 55 | if (lastOut >= 0) { close (lastOut); lastOut = -1; } |
| 56 | if (childPID > 1) { eliminatePipe(childPID); childPID = -1; } |
| 57 | } |
| 58 | |
| 59 | static int forkPipe(int *dataIn, int *dataOut, pid_t *child) |
| 60 | { |
| 61 | int to[2], from[2]; |
| 62 | |
| 63 | /* let's create 2 pipes */ |
| 64 | if(pipe(to) < 0) { |
| 65 | DPRINTF("pipe: failed to create pipe: %s", strerror(errno)); |
| 66 | return 1; |
| 67 | } |
| 68 | |
| 69 | if(pipe(from) < 0) { |
| 70 | DPRINTF("pipe: failed to create pipe: %s", strerror(errno)); |
| 71 | close(to[0]); close(to[1]); |
| 72 | return 1; |
| 73 | } |
| 74 | |
| 75 | DPRINTF("attempting to fork"); |
| 76 | *child = fork(); |
| 77 | if(*child < 0) { |
| 78 | DPRINTF("pipe: failed to fork: %s", strerror(errno)); |
| 79 | close(to[0]); close(to[1]); close(from[0]); close(from[1]); |
| 80 | return 1; |
| 81 | } |
| 82 | |
| 83 | /* child */ |
| 84 | if(*child == 0) execChild(to, from); |
| 85 | |
| 86 | /* parent */ |
| 87 | DPRINTF("Pipe auth. started Pipe-program (pid %d)", *child); |
| 88 | |
| 89 | close(to[0]); close(from[1]); |
| 90 | *dataIn = from[0]; *dataOut = to[1]; |
| 91 | return 0; |
| 92 | } |
| 93 | |
| 94 | /* kills and waits for child |
| 95 | * in a quite inefficient way, but this shouldn't happen very often */ |
| 96 | static void eliminatePipe(pid_t child) |
| 97 | { |
| 98 | unsigned int seconds; |
| 99 | |
| 100 | /* let's first look, if child is already terminated */ |
| 101 | DPRINTF("trying to wait for child (WNOHANG) (pid %d)", child); |
| 102 | if (waitpid(child, NULL, WNOHANG) > 0) return; |
| 103 | |
| 104 | DPRINTF("sleep 2 seconds and try again to wait for pid %d", child); |
| 105 | /* let's give the pipe-program a few seconds to terminate */ |
| 106 | sleep(2); /* don't care if interrupted earlier */ |
| 107 | if (waitpid(child, NULL, WNOHANG) > 0) return; |
| 108 | |
| 109 | /* let's TERM it */ |
| 110 | DPRINTF("killing (SIGTERM) child pid %d", child); |
| 111 | kill(child, SIGTERM); |
| 112 | |
| 113 | /* give it a few seconds */ |
| 114 | for (seconds = 10; seconds > 0; sleep(1), seconds--) |
| 115 | if (waitpid(child, NULL, WNOHANG) > 0) return; |
| 116 | |
| 117 | /* ok, let's KILL it */ |
| 118 | DPRINTF("killing (SIGKILL) child pid %d", child); |
| 119 | if (kill(child, SIGKILL) == 0) |
| 120 | { |
| 121 | /* and wait, unless we have a kernel bug, it MUST terminate */ |
| 122 | DPRINTF("waitpiding for child pid (blocking!) %d)", child); |
| 123 | waitpid(child, NULL, 0); |
| 124 | } |
| 125 | else |
| 126 | { |
| 127 | |
| 128 | DPRINTF("error when sending sigkill to %d", child); |
| 129 | if (errno != ESRCH) return; |
| 130 | /* strange, we can not kill our own child with SIGKILL*/ |
| 131 | |
| 132 | /* errno indicates process does not exist, maybe it's dead |
| 133 | * by now, let's try 1 final time, else, ignore it */ |
| 134 | DPRINTF("maybe because already dead (pid: %d)", child); |
| 135 | waitpid(child, NULL, WNOHANG); |
| 136 | } |
| 137 | } |
| 138 | |
| 139 | int getPipe(int *dataIn, int *dataOut) |
| 140 | { |
| 141 | int rv; |
| 142 | |
| 143 | if (childPID > 1) |
| 144 | { |
| 145 | /* Simple test if the child is still usable: do a read |
| 146 | ** poll on dataIn. If the child has closed the pipe, |
| 147 | ** or there is spurious data, the fd will be ready. */ |
| 148 | fd_set fdr; |
| 149 | struct timeval tv; |
| 150 | FD_ZERO(&fdr); |
| 151 | FD_SET(lastIn, &fdr); |
| 152 | tv.tv_sec=0; |
| 153 | tv.tv_usec=0; |
| 154 | rv = select(lastIn+1, &fdr, 0, 0, &tv); |
| 155 | if (rv == 0) |
| 156 | { |
| 157 | DPRINTF("reusing pipe, with in: %d out: %d", lastIn, lastOut); |
| 158 | *dataIn = lastIn; |
| 159 | *dataOut = lastOut; |
| 160 | return 0; |
| 161 | } |
| 162 | if (rv < 0) |
| 163 | perror("authpipe: getPipe: select"); |
| 164 | else |
| 165 | { |
| 166 | DPRINTF("child died or sent spurious data (pid: %d)", childPID); |
| 167 | } |
| 168 | } |
| 169 | |
| 170 | /* ok pipe was not usable; either this is the first call, or |
| 171 | * the pipe broke the connection. |
| 172 | * We have to clean up and start a new one */ |
| 173 | |
| 174 | closePipe(); |
| 175 | DPRINTF("forking new one"); |
| 176 | rv = forkPipe(&lastIn, &lastOut, &childPID); |
| 177 | if (rv) |
| 178 | { |
| 179 | DPRINTF("couldn't fork new pipe"); |
| 180 | lastIn = -1; |
| 181 | lastOut = -1; |
| 182 | childPID = -1; |
| 183 | } |
| 184 | else |
| 185 | { |
| 186 | DPRINTF("new pipe has in: %d, out: %d", lastIn, lastOut); |
| 187 | *dataIn = lastIn; |
| 188 | *dataOut = lastOut; |
| 189 | } |
| 190 | return rv; |
| 191 | } |
| 192 | |