2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
21 * @brief Execute external programs.
23 * @copyright 2000-2004,2006 The FreeRADIUS server project
28 #include <freeradius-devel/radiusd.h>
29 #include <freeradius-devel/rad_assert.h>
36 #ifdef HAVE_SYS_WAIT_H
37 # include <sys/wait.h>
40 # define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8)
43 # define WIFEXITED(stat_val) (((stat_val) & 255) == 0)
46 #define MAX_ARGV (256)
49 static void tv_sub(struct timeval *end, struct timeval *start,
50 struct timeval *elapsed)
52 elapsed->tv_sec = end->tv_sec - start->tv_sec;
53 if (elapsed->tv_sec > 0) {
55 elapsed->tv_usec = USEC;
59 elapsed->tv_usec += end->tv_usec;
60 elapsed->tv_usec -= start->tv_usec;
62 if (elapsed->tv_usec >= USEC) {
63 elapsed->tv_usec -= USEC;
71 * @param cmd Command to execute. This is parsed into argv[] parts,
72 * then each individual argv part is xlat'ed.
73 * @param request Current reuqest
74 * @param exec_wait set to 1 if you want to read from or write to child
75 * @param[in,out] input_fd pointer to int, receives the stdin file.
76 * descriptor. Set to NULL and the child will have /dev/null on stdin
77 * @param[in,out] output_fd pinter to int, receives the stdout file
78 * descriptor. Set to NULL and child will have /dev/null on stdout.
79 * @param input_pairs list of value pairs - these will be put into
80 * the environment variables of the child.
81 * @param shell_escape values before passing them as arguments.
82 * @return PID of the child process, -1 on error.
84 pid_t radius_start_program(char const *cmd, REQUEST *request, bool exec_wait,
85 int *input_fd, int *output_fd,
86 VALUE_PAIR *input_pairs, bool shell_escape)
91 int to_child[2] = {-1, -1};
92 int from_child[2] = {-1, -1};
98 char *argv[MAX_ARGV], **argv_start = argv;
100 #define MAX_ENVP 1024
101 char *envp[MAX_ENVP];
105 * Stupid array decomposition...
107 * If we do memcpy(&argv_p, &argv, sizeof(argv_p)) src ends up being a char **
108 * pointing to the value of the first element.
110 memcpy(&argv_p, &argv_start, sizeof(argv_p));
111 argc = rad_expand_xlat(request, cmd, MAX_ARGV, argv_p, true, sizeof(argv_buf), argv_buf);
113 DEBUG("invalid command line '%s'.", cmd);
119 if (rad_debug_lvl > 2) {
120 DEBUG3("executing cmd %s", cmd);
121 for (i = 0; i < argc; i++) {
122 DEBUG3("\t[%d] %s", i, argv[i]);
129 * Open a pipe for child/parent communication, if necessary.
133 if (pipe(to_child) != 0) {
134 DEBUG("Couldn't open pipe to child: %s", fr_syserror(errno));
139 if (pipe(from_child) != 0) {
140 DEBUG("Couldn't open pipe from child: %s", fr_syserror(errno));
141 /* safe because these either need closing or are == -1 */
156 * Set up the environment variables in the
157 * parent, so we don't call libc functions that
158 * hold mutexes. They might be locked when we fork,
159 * and will remain locked in the child.
161 for (vp = fr_cursor_init(&cursor, &input_pairs);
163 vp = fr_cursor_next(&cursor)) {
165 * Hmm... maybe we shouldn't pass the
166 * user's password in an environment
169 snprintf(buffer, sizeof(buffer), "%s=", vp->da->name);
173 for (p = buffer; *p != '='; p++) {
176 } else if (isalpha((int) *p)) {
183 vp_prints_value(buffer + n, sizeof(buffer) - n, vp, shell_escape ? '"' : 0);
185 envp[envlen++] = strdup(buffer);
188 * Don't add too many attributes.
190 if (envlen == (MAX_ENVP - 1)) break;
193 * NULL terminate for execve
200 pid = rad_fork(); /* remember PID */
202 pid = fork(); /* don't wait */
211 * We try to be fail-safe here. So if ANYTHING
212 * goes wrong, we exit with status 1.
216 * Open STDIN to /dev/null
218 devnull = open("/dev/null", O_RDWR);
220 DEBUG("Failed opening /dev/null: %s\n", fr_syserror(errno));
223 * Where the status code is interpreted as a module rcode
224 * one is subtracted from it, to allow 0 to equal success
226 * 2 is RLM_MODULE_FAIL + 1
232 * Only massage the pipe handles if the parent
238 dup2(to_child[0], STDIN_FILENO);
240 dup2(devnull, STDIN_FILENO);
244 close(from_child[0]);
245 dup2(from_child[1], STDOUT_FILENO);
247 dup2(devnull, STDOUT_FILENO);
250 } else { /* no pipe, STDOUT should be /dev/null */
251 dup2(devnull, STDIN_FILENO);
252 dup2(devnull, STDOUT_FILENO);
256 * If we're not debugging, then we can't do
257 * anything with the error messages, so we throw
260 * If we are debugging, then we want the error
261 * messages to go to the STDERR of the server.
263 if (rad_debug_lvl == 0) {
264 dup2(devnull, STDERR_FILENO);
269 * The server may have MANY FD's open. We don't
270 * want to leave dangling FD's for the child process
271 * to play funky games with, so we close them.
276 * I swear the signature for execve is wrong and should
277 * take 'char const * const argv[]'.
279 * Note: execve(), unlike system(), treats all the space
280 * delimited arguments as literals, so there's no need
281 * to perform additional escaping.
283 execve(argv[0], argv, envp);
284 printf("Failed to execute \"%s\": %s", argv[0], fr_syserror(errno)); /* fork output will be captured */
287 * Where the status code is interpreted as a module rcode
288 * one is subtracted from it, to allow 0 to equal success
290 * 2 is RLM_MODULE_FAIL + 1
296 * Free child environment variables
298 for (i = 0; i < envlen; i++) {
306 DEBUG("Couldn't fork %s: %s", argv[0], fr_syserror(errno));
308 /* safe because these either need closing or are == -1 */
311 close(from_child[0]);
312 close(from_child[1]);
318 * We're not waiting, exit, and ignore any child's status.
322 * Close the ends of the pipe(s) the child is using
323 * return the ends of the pipe(s) our caller wants
327 *input_fd = to_child[1];
331 *output_fd = from_child[0];
332 close(from_child[1]);
339 DEBUG("Wait is not supported");
345 * The _spawn and _exec families of functions are
346 * found in Windows compiler libraries for
347 * portability from UNIX. There is a variety of
348 * functions, including the ability to pass
349 * either a list or array of parameters, to
350 * search in the PATH or otherwise, and whether
351 * or not to pass an environment (a set of
352 * environment variables). Using _spawn, you can
353 * also specify whether you want the new process
354 * to close your program (_P_OVERLAY), to wait
355 * until the new process is finished (_P_WAIT) or
356 * for the two to run concurrently (_P_NOWAIT).
358 * _spawn and _exec are useful for instances in
359 * which you have simple requirements for running
360 * the program, don't want the overhead of the
361 * Windows header file, or are interested
362 * primarily in portability.
366 * FIXME: check return code... what is it?
368 _spawnve(_P_NOWAIT, argv[0], argv, envp);
375 /** Read from the child process.
377 * @param fd file descriptor to read from.
378 * @param pid pid of child, will be reaped if it dies.
379 * @param timeout amount of time to wait, in seconds.
380 * @param answer buffer to write into.
381 * @param left length of buffer.
382 * @return -1 on error, or length of output.
384 int radius_readfrom_program(int fd, pid_t pid, int timeout,
385 char *answer, int left)
390 struct timeval start;
392 bool nonblock = true;
397 * Try to set it non-blocking.
402 if ((flags = fcntl(fd, F_GETFL, NULL)) < 0) {
408 if( fcntl(fd, F_SETFL, flags) < 0) {
417 * Read from the pipe until we doesn't get any more or
418 * until the message is full.
420 gettimeofday(&start, NULL);
424 struct timeval when, elapsed, wake;
429 gettimeofday(&when, NULL);
430 tv_sub(&when, &start, &elapsed);
431 if (elapsed.tv_sec >= timeout) goto too_long;
433 when.tv_sec = timeout;
435 tv_sub(&when, &elapsed, &wake);
437 rcode = select(fd + 1, &fds, NULL, NULL, &wake);
440 DEBUG("Child PID %u is taking too much time: forcing failure and killing child.", (unsigned int) pid);
442 close(fd); /* should give SIGPIPE to child, too */
445 * Clean up the child entry.
447 rad_waitpid(pid, &status);
451 if (errno == EINTR) continue;
457 * Read as many bytes as possible. The kernel
458 * will return the number of bytes available.
461 status = read(fd, answer + done, left);
465 * There's at least 1 byte ready: read it.
467 status = read(fd, answer + done, 1);
470 * Nothing more to read: stop.
477 * Error: See if we have to continue.
481 * We were interrupted: continue reading.
483 if (errno == EINTR) {
488 * There was another error. Most likely
489 * The child process has finished, and
497 if (left <= 0) break;
499 #endif /* __MINGW32__ */
501 /* Strip trailing new lines */
502 while ((done > 0) && (answer[done - 1] == '\n')) {
503 answer[--done] = '\0';
509 /** Execute a program.
511 * @param[in,out] ctx to allocate new VALUE_PAIR (s) in.
512 * @param[out] out buffer to append plaintext (non valuepair) output.
513 * @param[in] outlen length of out buffer.
514 * @param[out] output_pairs list of value pairs - child stdout will be parsed and added into this list
516 * @param[in] request Current request (may be NULL).
517 * @param[in] cmd Command to execute. This is parsed into argv[] parts, then each individual argv part
519 * @param[in] input_pairs list of value pairs - these will be available in the environment of the child.
520 * @param[in] exec_wait set to 1 if you want to read from or write to child.
521 * @param[in] shell_escape values before passing them as arguments.
522 * @param[in] timeout amount of time to wait, in seconds.
524 * @return 0 if exec_wait==0, exit code if exec_wait!=0, -1 on error.
526 int radius_exec_program(TALLOC_CTX *ctx, char *out, size_t outlen, VALUE_PAIR **output_pairs,
527 REQUEST *request, char const *cmd, VALUE_PAIR *input_pairs,
528 bool exec_wait, bool shell_escape, int timeout)
542 RDEBUG2("Executing: %s:", cmd);
544 if (out) *out = '\0';
546 pid = radius_start_program(cmd, request, exec_wait, NULL, &from_child, input_pairs, shell_escape);
556 len = radius_readfrom_program(from_child, pid, timeout, answer, sizeof(answer));
559 * Failure - radius_readfrom_program will
560 * have called close(from_child) for us
562 RERROR("Failed to read from child output");
569 * Make sure that the writer can't block while writing to
570 * a pipe that no one is reading from anymore.
579 * Parse the output, if any.
583 * HACK: Replace '\n' with ',' so that
584 * fr_pair_list_afrom_str() can parse the buffer in
585 * one go (the proper way would be to
586 * fix fr_pair_list_afrom_str(), but oh well).
588 for (p = answer; *p; p++) {
590 *p = comma ? ' ' : ',';
600 * Replace any trailing comma by a NUL.
602 if (answer[len - 1] == ',') {
603 answer[--len] = '\0';
606 if (fr_pair_list_afrom_str(ctx, answer, output_pairs) == T_INVALID) {
607 RERROR("Failed parsing output from: %s: %s", cmd, fr_strerror());
608 strlcpy(out, answer, len);
612 * We've not been told to extract output pairs,
613 * just copy the programs output to the out
618 strlcpy(out, answer, outlen);
622 * Call rad_waitpid (should map to waitpid on non-threaded
623 * or single-server systems).
626 child_pid = rad_waitpid(pid, &status);
627 if (child_pid == 0) {
628 RERROR("Timeout waiting for child");
633 if (child_pid == pid) {
634 if (WIFEXITED(status)) {
635 status = WEXITSTATUS(status);
636 if ((status != 0) || (ret < 0)) {
637 RERROR("Program returned code (%d) and output '%s'", status, answer);
639 RDEBUG2("Program returned code (%d) and output '%s'", status, answer);
642 return ret < 0 ? ret : status;
646 RERROR("Abnormal child exit: %s", fr_syserror(errno));
647 #endif /* __MINGW32__ */