2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
21 * @brief Execute external programs.
23 * @copyright 2000-2004,2006 The FreeRADIUS server project
28 #include <freeradius-devel/radiusd.h>
29 #include <freeradius-devel/rad_assert.h>
37 #ifdef HAVE_SYS_WAIT_H
38 # include <sys/wait.h>
41 # define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8)
44 # define WIFEXITED(stat_val) (((stat_val) & 255) == 0)
47 #define MAX_ARGV (256)
50 static void tv_sub(struct timeval *end, struct timeval *start,
51 struct timeval *elapsed)
53 elapsed->tv_sec = end->tv_sec - start->tv_sec;
54 if (elapsed->tv_sec > 0) {
56 elapsed->tv_usec = USEC;
60 elapsed->tv_usec += end->tv_usec;
61 elapsed->tv_usec -= start->tv_usec;
63 if (elapsed->tv_usec >= USEC) {
64 elapsed->tv_usec -= USEC;
72 * @param cmd Command to execute. This is parsed into argv[] parts,
73 * then each individual argv part is xlat'ed.
74 * @param request Current reuqest
75 * @param exec_wait set to 1 if you want to read from or write to child
76 * @param[in,out] input_fd pointer to int, receives the stdin file.
77 * descriptor. Set to NULL and the child will have /dev/null on stdin
78 * @param[in,out] output_fd pinter to int, receives the stdout file
79 * descriptor. Set to NULL and child will have /dev/null on stdout.
80 * @param input_pairs list of value pairs - these will be put into
81 * the environment variables of the child.
82 * @param shell_escape values before passing them as arguments.
83 * @return PID of the child process, -1 on error.
85 pid_t radius_start_program(char const *cmd, REQUEST *request,
89 VALUE_PAIR *input_pairs,
96 int to_child[2] = {-1, -1};
97 int from_child[2] = {-1, -1};
102 char *argv[MAX_ARGV];
104 #define MAX_ENVP 1024
105 char *envp[MAX_ENVP];
107 argc = rad_expand_xlat(request, cmd, MAX_ARGV, argv, true, sizeof(argv_buf), argv_buf);
109 RDEBUG("invalid command line '%s'.", cmd);
115 if (debug_flag > 2) {
116 RDEBUG3("executing cmd %s", cmd);
117 for (i = 0; i < argc; i++) {
118 RDEBUG3("\t[%d] %s", i, argv[i]);
125 * Open a pipe for child/parent communication, if necessary.
129 if (pipe(to_child) != 0) {
130 RDEBUG("Couldn't open pipe to child: %s", strerror(errno));
135 if (pipe(from_child) != 0) {
136 RDEBUG("Couldn't open pipe from child: %s", strerror(errno));
137 /* safe because these either need closing or are == -1 */
153 * Set up the environment variables in the
154 * parent, so we don't call libc functions that
155 * hold mutexes. They might be locked when we fork,
156 * and will remain locked in the child.
160 for (vp = paircursor(&cursor, &input_pairs); vp; vp = pairnext(&cursor)) {
162 * Hmm... maybe we shouldn't pass the
163 * user's password in an environment
166 snprintf(buffer, sizeof(buffer), "%s=", vp->da->name);
168 for (p = buffer; *p != '='; p++) {
171 } else if (isalpha((int) *p)) {
178 vp_prints_value(buffer+n, sizeof(buffer) - n, vp, shell_escape ? '"' : 0);
180 envp[envlen++] = strdup(buffer);
183 * Don't add too many attributes.
185 if (envlen == (MAX_ENVP - 1)) break;
191 pid = rad_fork(); /* remember PID */
193 pid = fork(); /* don't wait */
202 * We try to be fail-safe here. So if ANYTHING
203 * goes wrong, we exit with status 1.
207 * Open STDIN to /dev/null
209 devnull = open("/dev/null", O_RDWR);
211 RDEBUG("Failed opening /dev/null: %s\n", strerror(errno));
214 * Where the status code is interpreted as a module rcode
215 * one is subtracted from it, to allow 0 to equal success
217 * 2 is RLM_MODULE_FAIL + 1
223 * Only massage the pipe handles if the parent
230 dup2(to_child[0], STDIN_FILENO);
232 dup2(devnull, STDIN_FILENO);
236 close(from_child[0]);
237 dup2(from_child[1], STDOUT_FILENO);
239 dup2(devnull, STDOUT_FILENO);
242 } else { /* no pipe, STDOUT should be /dev/null */
243 dup2(devnull, STDIN_FILENO);
244 dup2(devnull, STDOUT_FILENO);
248 * If we're not debugging, then we can't do
249 * anything with the error messages, so we throw
252 * If we are debugging, then we want the error
253 * messages to go to the STDERR of the server.
255 if (debug_flag == 0) {
256 dup2(devnull, STDERR_FILENO);
261 * The server may have MANY FD's open. We don't
262 * want to leave dangling FD's for the child process
263 * to play funky games with, so we close them.
268 * I swear the signature for execve is wrong and should take 'char const * const argv[]'.
270 execve(argv[0], argv, envp);
271 printf("Failed to execute \"%s\": %s", argv[0], strerror(errno)); /* fork output will be captured */
274 * Where the status code is interpreted as a module rcode
275 * one is subtracted from it, to allow 0 to equal success
277 * 2 is RLM_MODULE_FAIL + 1
283 * Free child environment variables
285 for (i = 0; envp[i] != NULL; i++) {
293 RDEBUG("Couldn't fork %s: %s", argv[0], strerror(errno));
295 /* safe because these either need closing or are == -1 */
298 close(from_child[0]);
299 close(from_child[0]);
305 * We're not waiting, exit, and ignore any child's status.
309 * Close the ends of the pipe(s) the child is using
310 * return the ends of the pipe(s) our caller wants
314 *input_fd = to_child[1];
318 *output_fd = from_child[0];
319 close(from_child[1]);
326 RDEBUG("Wait is not supported");
332 * The _spawn and _exec families of functions are
333 * found in Windows compiler libraries for
334 * portability from UNIX. There is a variety of
335 * functions, including the ability to pass
336 * either a list or array of parameters, to
337 * search in the PATH or otherwise, and whether
338 * or not to pass an environment (a set of
339 * environment variables). Using _spawn, you can
340 * also specify whether you want the new process
341 * to close your program (_P_OVERLAY), to wait
342 * until the new process is finished (_P_WAIT) or
343 * for the two to run concurrently (_P_NOWAIT).
345 * _spawn and _exec are useful for instances in
346 * which you have simple requirements for running
347 * the program, don't want the overhead of the
348 * Windows header file, or are interested
349 * primarily in portability.
353 * FIXME: check return code... what is it?
355 _spawnve(_P_NOWAIT, argv[0], argv, envp);
362 /** Read from the child process.
364 * @param request The current request.
365 * @param fd file descriptor to read from.
366 * @param pid pid of child, will be reaped if it dies.
367 * @param timeout amount of time to wait, in seconds.
368 * @param answer buffer to write into.
369 * @param left length of buffer.
370 * @return -1 on error, or length of output.
372 int radius_readfrom_program(REQUEST *request, int fd, pid_t pid, int timeout,
373 char *answer, int left)
378 struct timeval start;
385 * Try to set it non-blocking.
390 if ((flags = fcntl(fd, F_GETFL, NULL)) < 0) {
396 if( fcntl(fd, F_SETFL, flags) < 0) {
405 * Read from the pipe until we doesn't get any more or
406 * until the message is full.
408 gettimeofday(&start, NULL);
412 struct timeval when, elapsed, wake;
417 gettimeofday(&when, NULL);
418 tv_sub(&when, &start, &elapsed);
419 if (elapsed.tv_sec >= timeout) goto too_long;
421 when.tv_sec = timeout;
423 tv_sub(&when, &elapsed, &wake);
425 rcode = select(fd + 1, &fds, NULL, NULL, &wake);
428 RDEBUG("Child PID %u is taking too much time: forcing failure and killing child.", pid);
430 close(fd); /* should give SIGPIPE to child, too */
433 * Clean up the child entry.
435 rad_waitpid(pid, &status);
439 if (errno == EINTR) continue;
445 * Read as many bytes as possible. The kernel
446 * will return the number of bytes available.
449 status = read(fd, answer + done, left);
453 * There's at least 1 byte ready: read it.
455 status = read(fd, answer + done, 1);
458 * Nothing more to read: stop.
465 * Error: See if we have to continue.
469 * We were interrupted: continue reading.
471 if (errno == EINTR) {
476 * There was another error. Most likely
477 * The child process has finished, and
485 if (left <= 0) break;
487 #endif /* __MINGW32__ */
491 /** Execute a program.
493 * @param[in] request Current request.
494 * @param[in] cmd Command to execute. This is parsed into argv[] parts, then each individual argv part
496 * @param[in] exec_wait set to 1 if you want to read from or write to child.
497 * @param[in] shell_escape values before passing them as arguments.
498 * @param[in] user_msg buffer to append plaintext (non valuepair) output.
499 * @param[in] msg_len length of user_msg buffer.
500 * @param[in] timeout amount of time to wait, in seconds.
501 * @param[in] input_pairs list of value pairs - these will be available in the environment of the child.
502 * @param[out] output_pairs list of value pairs - child stdout will be parsed and added into this list
504 * @return 0 if exec_wait==0, exit code if exec_wait!=0, -1 on error.
506 int radius_exec_program(REQUEST *request, char const *cmd, bool exec_wait, bool shell_escape,
507 char *user_msg, size_t msg_len, int timeout,
508 VALUE_PAIR *input_pairs, VALUE_PAIR **output_pairs)
522 RDEBUG2("Executing: \"%s\"", cmd);
524 if (user_msg) *user_msg = '\0';
526 pid = radius_start_program(cmd, request, exec_wait, NULL, &from_child, input_pairs, shell_escape);
536 done = radius_readfrom_program(request, from_child, pid, timeout, answer, sizeof(answer));
539 * failure - radius_readfrom_program will
540 * have called close(from_child) for us
542 DEBUG("Failed to read from child output");
549 * Make sure that the writer can't block while writing to
550 * a pipe that no one is reading from anymore.
555 * Parse the output, if any.
561 * For backwards compatibility, first check
562 * for plain text (user_msg).
565 n = userparse(request, answer, &vp);
571 if (n == T_OP_INVALID) {
573 strlcpy(user_msg, answer, msg_len);
577 * HACK: Replace '\n' with ',' so that
578 * userparse() can parse the buffer in
579 * one go (the proper way would be to
580 * fix userparse(), but oh well).
582 for (p = answer; *p; p++) {
584 *p = comma ? ' ' : ',';
588 if (*p == ',') comma++;
592 * Replace any trailing comma by a NUL.
594 if (answer[strlen(answer) - 1] == ',') {
595 answer[strlen(answer) - 1] = '\0';
598 if (userparse(request, answer, &vp) == T_OP_INVALID) {
599 REDEBUG("Unparsable reply from '%s'", cmd);
604 * Tell the caller about the value
609 } /* else the answer was a set of VP's, not a text message */
610 } /* else we didn't read anything from the child */
613 * Call rad_waitpid (should map to waitpid on non-threaded
614 * or single-server systems).
616 child_pid = rad_waitpid(pid, &status);
617 if (child_pid == 0) {
618 REDEBUG("Timeout waiting for child");
623 if (child_pid == pid) {
624 if (WIFEXITED(status)) {
625 status = WEXITSTATUS(status);
627 RDEBUG("Program returned code (%d): %s", status, answer);
633 REDEBUG("Abnormal child exit: %s", strerror(errno));
634 #endif /* __MINGW32__ */