[libi2ncommon] / src / daemonfunc.cpp

/*
The software in this package is distributed under the GNU General
Public License version 2 (with a special exception described below).

A copy of GNU General Public License (GPL) is included in this distribution,
in the file COPYING.GPL.

As a special exception, if other files instantiate templates or use macros
or inline functions from this file, or you compile this file and link it
with other works to produce a work based on this file, this file
does not by itself cause the resulting work to be covered
by the GNU General Public License.

However the source code for this file must still be made available
in accordance with section (3) of the GNU General Public License.

This exception does not invalidate any other reasons why a work based
on this file might be covered by the GNU General Public License.
*/
/***************************************************************************
 *   Copyright (C) 2008 by Intra2net AG - Thomas Jarosch                   *
 ***************************************************************************/
#include <sys/types.h>
#include <unistd.h>
#include <stdlib.h>
#include <pwd.h>
#include <grp.h>

#include <string>
#include <stdexcept>
#include "daemonfunc.hpp"
#include "stringfunc.hxx"
#include "filefunc.hxx"


namespace I2n
{
namespace Daemon
{

using namespace std;

/**
 * Fork into the background.
 */
void daemonize()
{
   int pid=fork();

   if (pid < 0)
   {
      throw runtime_error("fork() failed");
   }
   if (pid > 0)
   {
      // parent process
      exit (0);
   }
   // pid==0 -> child process: continue
}

/**
 * Drop root privileges
 * @param username User to become. Don't change user if empty
 * @param group Group to become. Don't change group if empty
 * @param get_group_from_user Get group GID from user information if group is empty.
 * @return true if all is fine, false otherwise
 */
bool drop_root_privileges(const std::string &username,
                          const std::string &group, bool get_group_from_user)
{
   if (!group.empty())
   {
      Group my_group(group);
      if (!my_group.is_valid())
         return false;

      if (setgid((my_group.Gid)))
         return false;
   }

   if (!username.empty())
   {
      User my_user(username);
      if (!my_user.is_valid())
         return false;

      if (get_group_from_user && group.empty())
      {
         if (setgid((my_user.Gid)))
            return false;
      }

      // Initialize additional groups the user is a member of
      if (initgroups(username.c_str(), getgid()) == -1)
         return false;

      if (setuid(my_user.Uid))
         return false;
   }

    return true;
}

static const char *const EXE_DELETED_MARKER = " (deleted)";

/** @brief      Remove the deletion marker from a binary name, if applicable.
 *
 * @param exe   Binary name as obtained from ``/proc/$PID/exe``.
 *
 * @return      The input binary name with a trailing `` (deleted)`` removed.
 *
 * From proc(5):
 *
 *     /proc/[pid]/exe
 *            […] If the pathname has been unlinked, the symbolic link will
 *            contain the string '(deleted)' appended to the original pathname.
 *
 * Which introduces an ambiguity if the path of the actual binary ends in
 * `` (deleted)``.
 */
static inline std::string
strip_deleted_marker (const std::string &exe)
{
    if (exe.size () <= sizeof (*EXE_DELETED_MARKER)) {
        /* This binary name can’t possibly contain a deleted marker. */
        return exe;
    }

    const size_t found = exe.rfind (EXE_DELETED_MARKER);
    if (found == std::string::npos) {
        /* Input does not contain the deleted marker. */
        return exe;
    }

    return exe.substr (0, found);
}

/**
 * @brief determine the pids for a given program
 * @param[in] name name (or full path) of the binary
 * @param[out] result the pids associated with the name.
 * @return @a true if the function performed without errors.
 *
 * Walk though the /proc/\<pid\>'s and search for the name.
 *
 * @note Since this function uses /proc, it's system specific. Currently:
 * Linux only!
 *
 * @todo check cmdline and stat in /proc/\<pid\> dir for the searched name.
 */
bool pid_of(const std::string& name, std::vector< pid_t >& result)
{
   std::vector< std::string > entries;
   std::vector< pid_t > fuzz1_result;
   std::vector< pid_t > fuzz2_result;
   result.clear();

   if (name.empty()) return false;
   if (!get_dir("/proc", entries)) return false;

   for (std::vector< std::string >::const_iterator it= entries.begin();
         it != entries.end();
         ++it)
   {
      pid_t pid;
      if (! string_to<pid_t>(*it, pid)) continue;
      std::string base_path= std::string("/proc/") + *it;
      std::string exe_path= base_path + "/exe";
      I2n::Stat stat(exe_path, false);
      if (not stat or not stat.is_link()) continue;
      std::string real_exe= read_link(exe_path);
      if (!real_exe.empty())
      {
         // we got the path of the exe
         if (real_exe == name || strip_deleted_marker (real_exe) == name)
         {
                 result.push_back( pid );
                 continue;
         }
         
         std::string proc_stat= read_file( base_path + "/stat");
         if (proc_stat.empty()) continue; // process vanished
         
         //TODO some more fuzz tests here?! (cmdline, stat(us))
         
         real_exe = basename (real_exe);
         if (real_exe == name || strip_deleted_marker (real_exe) == name)
         {
                 fuzz2_result.push_back(pid);
                 continue;
         }
      }
      else
      {
         // we haven't got the path of the exe
         // this can happen e.g. with processes owned by other users
         // -> parse the commandline instead
         std::string cmdline = read_file(base_path + "/cmdline");
         if (cmdline.empty()) continue;

         // in /proc/*/cmdline, the parameters are split by nullbytes, we only care for the first parameter
         if (cmdline.find('\0') != string::npos)
            cmdline.erase(cmdline.find('\0'));

         if (cmdline == name)
         {
               result.push_back( pid );
               continue;
         }

         if (basename(cmdline) == name)
         {
               fuzz2_result.push_back(pid);
               continue;
         }
      }
   }
   if (result.empty())
   {
      result.swap(fuzz1_result);
   }
   if (result.empty())
   {
      result.swap(fuzz2_result);
   }
   return true;
} // eo pidOf(const std::string&,std::vector< pid_t >&)

}
}
Commit	Line	Data
	1	/*
	2	The software in this package is distributed under the GNU General
	3	Public License version 2 (with a special exception described below).
	4
	5	A copy of GNU General Public License (GPL) is included in this distribution,
	6	in the file COPYING.GPL.
	7
	8	As a special exception, if other files instantiate templates or use macros
	9	or inline functions from this file, or you compile this file and link it
	10	with other works to produce a work based on this file, this file
	11	does not by itself cause the resulting work to be covered
	12	by the GNU General Public License.
	13
	14	However the source code for this file must still be made available
	15	in accordance with section (3) of the GNU General Public License.
	16
	17	This exception does not invalidate any other reasons why a work based
	18	on this file might be covered by the GNU General Public License.
	19	*/
	20	/***************************************************************************
	21	* Copyright (C) 2008 by Intra2net AG - Thomas Jarosch *
	22	***************************************************************************/
	23	#include <sys/types.h>
	24	#include <unistd.h>
	25	#include <stdlib.h>
	26	#include <pwd.h>
	27	#include <grp.h>
	28
	29	#include <string>
	30	#include <stdexcept>
	31	#include "daemonfunc.hpp"
	32	#include "stringfunc.hxx"
	33	#include "filefunc.hxx"
	34
	35
	36	namespace I2n
	37	{
	38	namespace Daemon
	39	{
	40
	41	using namespace std;
	42
	43	/**
	44	* Fork into the background.
	45	*/
	46	void daemonize()
	47	{
	48	int pid=fork();
	49
	50	if (pid < 0)
	51	{
	52	throw runtime_error("fork() failed");
	53	}
	54	if (pid > 0)
	55	{
	56	// parent process
	57	exit (0);
	58	}
	59	// pid==0 -> child process: continue
	60	}
	61
	62	/**
	63	* Drop root privileges
	64	* @param username User to become. Don't change user if empty
	65	* @param group Group to become. Don't change group if empty
	66	* @param get_group_from_user Get group GID from user information if group is empty.
	67	* @return true if all is fine, false otherwise
	68	*/
	69	bool drop_root_privileges(const std::string &username,
	70	const std::string &group, bool get_group_from_user)
	71	{
	72	if (!group.empty())
	73	{
	74	Group my_group(group);
	75	if (!my_group.is_valid())
	76	return false;
	77
	78	if (setgid((my_group.Gid)))
	79	return false;
	80	}
	81
	82	if (!username.empty())
	83	{
	84	User my_user(username);
	85	if (!my_user.is_valid())
	86	return false;
	87
	88	if (get_group_from_user && group.empty())
	89	{
	90	if (setgid((my_user.Gid)))
	91	return false;
	92	}
	93
	94	// Initialize additional groups the user is a member of
	95	if (initgroups(username.c_str(), getgid()) == -1)
	96	return false;
	97
	98	if (setuid(my_user.Uid))
	99	return false;
	100	}
	101
	102	return true;
	103	}
	104
	105	static const char *const EXE_DELETED_MARKER = " (deleted)";
	106
	107	/** @brief Remove the deletion marker from a binary name, if applicable.
	108	*
	109	* @param exe Binary name as obtained from ``/proc/$PID/exe``.
	110	*
	111	* @return The input binary name with a trailing `` (deleted)`` removed.
	112	*
	113	* From proc(5):
	114	*
	115	* /proc/[pid]/exe
	116	* […] If the pathname has been unlinked, the symbolic link will
	117	* contain the string '(deleted)' appended to the original pathname.
	118	*
	119	* Which introduces an ambiguity if the path of the actual binary ends in
	120	* `` (deleted)``.
	121	*/
	122	static inline std::string
	123	strip_deleted_marker (const std::string &exe)
	124	{
	125	if (exe.size () <= sizeof (*EXE_DELETED_MARKER)) {
	126	/* This binary name can’t possibly contain a deleted marker. */
	127	return exe;
	128	}
	129
	130	const size_t found = exe.rfind (EXE_DELETED_MARKER);
	131	if (found == std::string::npos) {
	132	/* Input does not contain the deleted marker. */
	133	return exe;
	134	}
	135
	136	return exe.substr (0, found);
	137	}
	138
	139	/**
	140	* @brief determine the pids for a given program
	141	* @param[in] name name (or full path) of the binary
	142	* @param[out] result the pids associated with the name.
	143	* @return @a true if the function performed without errors.
	144	*
	145	* Walk though the /proc/\<pid\>'s and search for the name.
	146	*
	147	* @note Since this function uses /proc, it's system specific. Currently:
	148	* Linux only!
	149	*
	150	* @todo check cmdline and stat in /proc/\<pid\> dir for the searched name.
	151	*/
	152	bool pid_of(const std::string& name, std::vector< pid_t >& result)
	153	{
	154	std::vector< std::string > entries;
	155	std::vector< pid_t > fuzz1_result;
	156	std::vector< pid_t > fuzz2_result;
	157	result.clear();
	158
	159	if (name.empty()) return false;
	160	if (!get_dir("/proc", entries)) return false;
	161
	162	for (std::vector< std::string >::const_iterator it= entries.begin();
	163	it != entries.end();
	164	++it)
	165	{
	166	pid_t pid;
	167	if (! string_to<pid_t>(*it, pid)) continue;
	168	std::string base_path= std::string("/proc/") + *it;
	169	std::string exe_path= base_path + "/exe";
	170	I2n::Stat stat(exe_path, false);
	171	if (not stat or not stat.is_link()) continue;
	172	std::string real_exe= read_link(exe_path);
	173	if (!real_exe.empty())
	174	{
	175	// we got the path of the exe
	176	if (real_exe == name \|\| strip_deleted_marker (real_exe) == name)
	177	{
	178	result.push_back( pid );
	179	continue;
	180	}
	181
	182	std::string proc_stat= read_file( base_path + "/stat");
	183	if (proc_stat.empty()) continue; // process vanished
	184
	185	//TODO some more fuzz tests here?! (cmdline, stat(us))
	186
	187	real_exe = basename (real_exe);
	188	if (real_exe == name \|\| strip_deleted_marker (real_exe) == name)
	189	{
	190	fuzz2_result.push_back(pid);
	191	continue;
	192	}
	193	}
	194	else
	195	{
	196	// we haven't got the path of the exe
	197	// this can happen e.g. with processes owned by other users
	198	// -> parse the commandline instead
	199	std::string cmdline = read_file(base_path + "/cmdline");
	200	if (cmdline.empty()) continue;
	201
	202	// in /proc/*/cmdline, the parameters are split by nullbytes, we only care for the first parameter
	203	if (cmdline.find('\0') != string::npos)
	204	cmdline.erase(cmdline.find('\0'));
	205
	206	if (cmdline == name)
	207	{
	208	result.push_back( pid );
	209	continue;
	210	}
	211
	212	if (basename(cmdline) == name)
	213	{
	214	fuzz2_result.push_back(pid);
	215	continue;
	216	}
	217	}
	218	}
	219	if (result.empty())
	220	{
	221	result.swap(fuzz1_result);
	222	}
	223	if (result.empty())
	224	{
	225	result.swap(fuzz2_result);
	226	}
	227	return true;
	228	} // eo pidOf(const std::string&,std::vector< pid_t >&)
	229
	230	}
	231	}