2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
21 * @brief Execute external programs.
23 * @copyright 2000-2004,2006 The FreeRADIUS server project
28 #include <freeradius-devel/radiusd.h>
29 #include <freeradius-devel/rad_assert.h>
36 #ifdef HAVE_SYS_WAIT_H
37 # include <sys/wait.h>
40 # define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8)
43 # define WIFEXITED(stat_val) (((stat_val) & 255) == 0)
46 #define MAX_ARGV (256)
49 static void tv_sub(struct timeval *end, struct timeval *start,
50 struct timeval *elapsed)
52 elapsed->tv_sec = end->tv_sec - start->tv_sec;
53 if (elapsed->tv_sec > 0) {
55 elapsed->tv_usec = USEC;
59 elapsed->tv_usec += end->tv_usec;
60 elapsed->tv_usec -= start->tv_usec;
62 if (elapsed->tv_usec >= USEC) {
63 elapsed->tv_usec -= USEC;
71 * @param cmd Command to execute. This is parsed into argv[] parts,
72 * then each individual argv part is xlat'ed.
73 * @param request Current reuqest
74 * @param exec_wait set to 1 if you want to read from or write to child
75 * @param[in,out] input_fd pointer to int, receives the stdin file.
76 * descriptor. Set to NULL and the child will have /dev/null on stdin
77 * @param[in,out] output_fd pinter to int, receives the stdout file
78 * descriptor. Set to NULL and child will have /dev/null on stdout.
79 * @param input_pairs list of value pairs - these will be put into
80 * the environment variables of the child.
81 * @param shell_escape values before passing them as arguments.
82 * @return PID of the child process, -1 on error.
84 pid_t radius_start_program(char const *cmd, REQUEST *request, bool exec_wait,
85 int *input_fd, int *output_fd,
86 VALUE_PAIR *input_pairs, bool shell_escape)
92 int to_child[2] = {-1, -1};
93 int from_child[2] = {-1, -1};
100 #define MAX_ENVP 1024
101 char *envp[MAX_ENVP];
104 argc = rad_expand_xlat(request, cmd, MAX_ARGV, argv, true, sizeof(argv_buf), argv_buf);
106 RDEBUG("invalid command line '%s'.", cmd);
112 if (debug_flag > 2) {
113 RDEBUG3("executing cmd %s", cmd);
114 for (i = 0; i < argc; i++) {
115 RDEBUG3("\t[%d] %s", i, argv[i]);
122 * Open a pipe for child/parent communication, if necessary.
126 if (pipe(to_child) != 0) {
127 RDEBUG("Couldn't open pipe to child: %s", fr_syserror(errno));
132 if (pipe(from_child) != 0) {
133 RDEBUG("Couldn't open pipe from child: %s", fr_syserror(errno));
134 /* safe because these either need closing or are == -1 */
149 * Set up the environment variables in the
150 * parent, so we don't call libc functions that
151 * hold mutexes. They might be locked when we fork,
152 * and will remain locked in the child.
154 for (vp = fr_cursor_init(&cursor, &input_pairs); vp; vp = fr_cursor_next(&cursor)) {
156 * Hmm... maybe we shouldn't pass the
157 * user's password in an environment
160 snprintf(buffer, sizeof(buffer), "%s=", vp->da->name);
162 for (p = buffer; *p != '='; p++) {
165 } else if (isalpha((int) *p)) {
172 vp_prints_value(buffer + n, sizeof(buffer) - n, vp, shell_escape ? '"' : 0);
174 envp[envlen++] = strdup(buffer);
177 * Don't add too many attributes.
179 if (envlen == (MAX_ENVP - 1)) break;
182 * NULL terminate for execve
189 pid = rad_fork(); /* remember PID */
191 pid = fork(); /* don't wait */
200 * We try to be fail-safe here. So if ANYTHING
201 * goes wrong, we exit with status 1.
205 * Open STDIN to /dev/null
207 devnull = open("/dev/null", O_RDWR);
209 RDEBUG("Failed opening /dev/null: %s\n", fr_syserror(errno));
212 * Where the status code is interpreted as a module rcode
213 * one is subtracted from it, to allow 0 to equal success
215 * 2 is RLM_MODULE_FAIL + 1
221 * Only massage the pipe handles if the parent
227 dup2(to_child[0], STDIN_FILENO);
229 dup2(devnull, STDIN_FILENO);
233 close(from_child[0]);
234 dup2(from_child[1], STDOUT_FILENO);
236 dup2(devnull, STDOUT_FILENO);
239 } else { /* no pipe, STDOUT should be /dev/null */
240 dup2(devnull, STDIN_FILENO);
241 dup2(devnull, STDOUT_FILENO);
245 * If we're not debugging, then we can't do
246 * anything with the error messages, so we throw
249 * If we are debugging, then we want the error
250 * messages to go to the STDERR of the server.
252 if (debug_flag == 0) {
253 dup2(devnull, STDERR_FILENO);
258 * The server may have MANY FD's open. We don't
259 * want to leave dangling FD's for the child process
260 * to play funky games with, so we close them.
265 * I swear the signature for execve is wrong and should take 'char const * const argv[]'.
267 execve(argv[0], argv, envp);
268 printf("Failed to execute \"%s\": %s", argv[0], fr_syserror(errno)); /* fork output will be captured */
271 * Where the status code is interpreted as a module rcode
272 * one is subtracted from it, to allow 0 to equal success
274 * 2 is RLM_MODULE_FAIL + 1
280 * Free child environment variables
282 for (i = 0; i < envlen; i++) {
290 RDEBUG("Couldn't fork %s: %s", argv[0], fr_syserror(errno));
292 /* safe because these either need closing or are == -1 */
295 close(from_child[0]);
296 close(from_child[1]);
302 * We're not waiting, exit, and ignore any child's status.
306 * Close the ends of the pipe(s) the child is using
307 * return the ends of the pipe(s) our caller wants
311 *input_fd = to_child[1];
315 *output_fd = from_child[0];
316 close(from_child[1]);
323 RDEBUG("Wait is not supported");
329 * The _spawn and _exec families of functions are
330 * found in Windows compiler libraries for
331 * portability from UNIX. There is a variety of
332 * functions, including the ability to pass
333 * either a list or array of parameters, to
334 * search in the PATH or otherwise, and whether
335 * or not to pass an environment (a set of
336 * environment variables). Using _spawn, you can
337 * also specify whether you want the new process
338 * to close your program (_P_OVERLAY), to wait
339 * until the new process is finished (_P_WAIT) or
340 * for the two to run concurrently (_P_NOWAIT).
342 * _spawn and _exec are useful for instances in
343 * which you have simple requirements for running
344 * the program, don't want the overhead of the
345 * Windows header file, or are interested
346 * primarily in portability.
350 * FIXME: check return code... what is it?
352 _spawnve(_P_NOWAIT, argv[0], argv, envp);
359 /** Read from the child process.
361 * @param request The current request.
362 * @param fd file descriptor to read from.
363 * @param pid pid of child, will be reaped if it dies.
364 * @param timeout amount of time to wait, in seconds.
365 * @param answer buffer to write into.
366 * @param left length of buffer.
367 * @return -1 on error, or length of output.
369 int radius_readfrom_program(REQUEST *request, int fd, pid_t pid, int timeout,
370 char *answer, int left)
375 struct timeval start;
377 bool nonblock = true;
382 * Try to set it non-blocking.
387 if ((flags = fcntl(fd, F_GETFL, NULL)) < 0) {
393 if( fcntl(fd, F_SETFL, flags) < 0) {
402 * Read from the pipe until we doesn't get any more or
403 * until the message is full.
405 gettimeofday(&start, NULL);
409 struct timeval when, elapsed, wake;
414 gettimeofday(&when, NULL);
415 tv_sub(&when, &start, &elapsed);
416 if (elapsed.tv_sec >= timeout) goto too_long;
418 when.tv_sec = timeout;
420 tv_sub(&when, &elapsed, &wake);
422 rcode = select(fd + 1, &fds, NULL, NULL, &wake);
425 RDEBUG("Child PID %u is taking too much time: forcing failure and killing child.", pid);
427 close(fd); /* should give SIGPIPE to child, too */
430 * Clean up the child entry.
432 rad_waitpid(pid, &status);
436 if (errno == EINTR) continue;
442 * Read as many bytes as possible. The kernel
443 * will return the number of bytes available.
446 status = read(fd, answer + done, left);
450 * There's at least 1 byte ready: read it.
452 status = read(fd, answer + done, 1);
455 * Nothing more to read: stop.
462 * Error: See if we have to continue.
466 * We were interrupted: continue reading.
468 if (errno == EINTR) {
473 * There was another error. Most likely
474 * The child process has finished, and
482 if (left <= 0) break;
484 #endif /* __MINGW32__ */
486 /* Strip trailing new lines */
487 while ((done > 0) && (answer[done - 1] == '\n')) {
488 answer[--done] = '\0';
494 /** Execute a program.
496 * @param[in] request Current request (may be NULL).
497 * @param[in] cmd Command to execute. This is parsed into argv[] parts, then each individual argv part
499 * @param[in] exec_wait set to 1 if you want to read from or write to child.
500 * @param[in] shell_escape values before passing them as arguments.
501 * @param[in] user_msg buffer to append plaintext (non valuepair) output.
502 * @param[in] msg_len length of user_msg buffer.
503 * @param[in] timeout amount of time to wait, in seconds.
504 * @param[in] input_pairs list of value pairs - these will be available in the environment of the child.
505 * @param[out] output_pairs list of value pairs - child stdout will be parsed and added into this list
507 * @return 0 if exec_wait==0, exit code if exec_wait!=0, -1 on error.
509 int radius_exec_program(REQUEST *request, char const *cmd, bool exec_wait, bool shell_escape,
510 char *user_msg, size_t msg_len, int timeout,
511 VALUE_PAIR *input_pairs, VALUE_PAIR **output_pairs)
525 DEBUG2("Executing: %s:", cmd);
527 if (user_msg) *user_msg = '\0';
529 pid = radius_start_program(cmd, request, exec_wait, NULL, &from_child, input_pairs, shell_escape);
539 len = radius_readfrom_program(request, from_child, pid, timeout, answer, sizeof(answer));
542 * Failure - radius_readfrom_program will
543 * have called close(from_child) for us
545 DEBUG("Failed to read from child output");
552 * Make sure that the writer can't block while writing to
553 * a pipe that no one is reading from anymore.
562 * Parse the output, if any.
566 * HACK: Replace '\n' with ',' so that
567 * userparse() can parse the buffer in
568 * one go (the proper way would be to
569 * fix userparse(), but oh well).
571 for (p = answer; *p; p++) {
573 *p = comma ? ' ' : ',';
583 * Replace any trailing comma by a NUL.
585 if (answer[len - 1] == ',') {
586 answer[--len] = '\0';
589 if (userparse(request, answer, output_pairs) == T_OP_INVALID) {
590 ERROR("Failed parsing output from: %s: %s", cmd, fr_strerror());
591 strlcpy(user_msg, answer, len);
595 * We've not been told to extract output pairs,
596 * just copy the programs output to the user_msg
600 } else if (user_msg) {
601 strlcpy(user_msg, answer, msg_len);
605 * Call rad_waitpid (should map to waitpid on non-threaded
606 * or single-server systems).
609 child_pid = rad_waitpid(pid, &status);
610 if (child_pid == 0) {
611 ERROR("Timeout waiting for child");
616 if (child_pid == pid) {
617 if (WIFEXITED(status)) {
618 status = WEXITSTATUS(status);
619 if ((status != 0) || (ret < 0)) {
620 ERROR("Program returned code (%d) and output '%s'", status, answer);
622 DEBUG2("Program returned code (%d) and output '%s'", status, answer);
625 return ret < 0 ? ret : status;
629 ERROR("Abnormal child exit: %s", fr_syserror(errno));
630 #endif /* __MINGW32__ */