]>
Commit | Line | Data |
---|---|---|
91b6eb11 | 1 | /* Capture output from a subprocess. |
2b778ceb | 2 | Copyright (C) 2017-2021 Free Software Foundation, Inc. |
91b6eb11 FW |
3 | This file is part of the GNU C Library. |
4 | ||
5 | The GNU C Library is free software; you can redistribute it and/or | |
6 | modify it under the terms of the GNU Lesser General Public | |
7 | License as published by the Free Software Foundation; either | |
8 | version 2.1 of the License, or (at your option) any later version. | |
9 | ||
10 | The GNU C Library is distributed in the hope that it will be useful, | |
11 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
13 | Lesser General Public License for more details. | |
14 | ||
15 | You should have received a copy of the GNU Lesser General Public | |
16 | License along with the GNU C Library; if not, see | |
5a82c748 | 17 | <https://www.gnu.org/licenses/>. */ |
91b6eb11 | 18 | |
0e169691 | 19 | #include <support/subprocess.h> |
91b6eb11 FW |
20 | #include <support/capture_subprocess.h> |
21 | ||
22 | #include <errno.h> | |
716a3bdc | 23 | #include <fcntl.h> |
91b6eb11 FW |
24 | #include <stdlib.h> |
25 | #include <support/check.h> | |
26 | #include <support/xunistd.h> | |
27 | #include <support/xsocket.h> | |
0e169691 | 28 | #include <support/xspawn.h> |
716a3bdc SP |
29 | #include <support/support.h> |
30 | #include <support/test-driver.h> | |
91b6eb11 FW |
31 | |
32 | static void | |
33 | transfer (const char *what, struct pollfd *pfd, struct xmemstream *stream) | |
34 | { | |
35 | if (pfd->revents != 0) | |
36 | { | |
37 | char buf[1024]; | |
38 | ssize_t ret = TEMP_FAILURE_RETRY (read (pfd->fd, buf, sizeof (buf))); | |
39 | if (ret < 0) | |
40 | { | |
41 | support_record_failure (); | |
95c68080 | 42 | printf ("error: reading from subprocess %s: %m\n", what); |
91b6eb11 FW |
43 | pfd->events = 0; |
44 | pfd->revents = 0; | |
45 | } | |
46 | else if (ret == 0) | |
47 | { | |
48 | /* EOF reached. Stop listening. */ | |
49 | pfd->events = 0; | |
50 | pfd->revents = 0; | |
51 | } | |
52 | else | |
53 | /* Store the data just read. */ | |
54 | TEST_VERIFY (fwrite (buf, ret, 1, stream->out) == 1); | |
55 | } | |
56 | } | |
57 | ||
0e169691 AZ |
58 | static void |
59 | support_capture_poll (struct support_capture_subprocess *result, | |
60 | struct support_subprocess *proc) | |
91b6eb11 | 61 | { |
91b6eb11 FW |
62 | struct pollfd fds[2] = |
63 | { | |
0e169691 AZ |
64 | { .fd = proc->stdout_pipe[0], .events = POLLIN }, |
65 | { .fd = proc->stderr_pipe[0], .events = POLLIN }, | |
91b6eb11 FW |
66 | }; |
67 | ||
68 | do | |
69 | { | |
70 | xpoll (fds, 2, -1); | |
0e169691 AZ |
71 | transfer ("stdout", &fds[0], &result->out); |
72 | transfer ("stderr", &fds[1], &result->err); | |
91b6eb11 FW |
73 | } |
74 | while (fds[0].events != 0 || fds[1].events != 0); | |
91b6eb11 | 75 | |
0e169691 AZ |
76 | xfclose_memstream (&result->out); |
77 | xfclose_memstream (&result->err); | |
78 | ||
79 | result->status = support_process_wait (proc); | |
80 | } | |
81 | ||
82 | struct support_capture_subprocess | |
83 | support_capture_subprocess (void (*callback) (void *), void *closure) | |
84 | { | |
85 | struct support_capture_subprocess result; | |
86 | xopen_memstream (&result.out); | |
87 | xopen_memstream (&result.err); | |
88 | ||
89 | struct support_subprocess proc = support_subprocess (callback, closure); | |
90 | ||
91 | support_capture_poll (&result, &proc); | |
92 | return result; | |
93 | } | |
94 | ||
95 | struct support_capture_subprocess | |
96 | support_capture_subprogram (const char *file, char *const argv[]) | |
97 | { | |
98 | struct support_capture_subprocess result; | |
99 | xopen_memstream (&result.out); | |
100 | xopen_memstream (&result.err); | |
101 | ||
102 | struct support_subprocess proc = support_subprogram (file, argv); | |
103 | ||
104 | support_capture_poll (&result, &proc); | |
91b6eb11 FW |
105 | return result; |
106 | } | |
107 | ||
716a3bdc SP |
108 | /* Copies the executable into a restricted directory, so that we can |
109 | safely make it SGID with the TARGET group ID. Then runs the | |
110 | executable. */ | |
111 | static int | |
112 | copy_and_spawn_sgid (char *child_id, gid_t gid) | |
113 | { | |
114 | char *dirname = xasprintf ("%s/tst-tunables-setuid.%jd", | |
115 | test_dir, (intmax_t) getpid ()); | |
116 | char *execname = xasprintf ("%s/bin", dirname); | |
117 | int infd = -1; | |
118 | int outfd = -1; | |
119 | int ret = 1, status = 1; | |
120 | ||
121 | TEST_VERIFY (mkdir (dirname, 0700) == 0); | |
122 | if (support_record_failure_is_failed ()) | |
123 | goto err; | |
124 | ||
125 | infd = open ("/proc/self/exe", O_RDONLY); | |
126 | if (infd < 0) | |
127 | FAIL_UNSUPPORTED ("unsupported: Cannot read binary from procfs\n"); | |
128 | ||
129 | outfd = open (execname, O_WRONLY | O_CREAT | O_EXCL, 0700); | |
130 | TEST_VERIFY (outfd >= 0); | |
131 | if (support_record_failure_is_failed ()) | |
132 | goto err; | |
133 | ||
134 | char buf[4096]; | |
135 | for (;;) | |
136 | { | |
137 | ssize_t rdcount = read (infd, buf, sizeof (buf)); | |
138 | TEST_VERIFY (rdcount >= 0); | |
139 | if (support_record_failure_is_failed ()) | |
140 | goto err; | |
141 | if (rdcount == 0) | |
142 | break; | |
143 | char *p = buf; | |
144 | char *end = buf + rdcount; | |
145 | while (p != end) | |
146 | { | |
147 | ssize_t wrcount = write (outfd, buf, end - p); | |
148 | if (wrcount == 0) | |
149 | errno = ENOSPC; | |
150 | TEST_VERIFY (wrcount > 0); | |
151 | if (support_record_failure_is_failed ()) | |
152 | goto err; | |
153 | p += wrcount; | |
154 | } | |
155 | } | |
156 | TEST_VERIFY (fchown (outfd, getuid (), gid) == 0); | |
157 | if (support_record_failure_is_failed ()) | |
158 | goto err; | |
159 | TEST_VERIFY (fchmod (outfd, 02750) == 0); | |
160 | if (support_record_failure_is_failed ()) | |
161 | goto err; | |
162 | TEST_VERIFY (close (outfd) == 0); | |
163 | if (support_record_failure_is_failed ()) | |
164 | goto err; | |
165 | TEST_VERIFY (close (infd) == 0); | |
166 | if (support_record_failure_is_failed ()) | |
167 | goto err; | |
168 | ||
169 | /* We have the binary, now spawn the subprocess. Avoid using | |
170 | support_subprogram because we only want the program exit status, not the | |
171 | contents. */ | |
172 | ret = 0; | |
173 | ||
174 | char * const args[] = {execname, child_id, NULL}; | |
175 | ||
176 | status = support_subprogram_wait (args[0], args); | |
177 | ||
178 | err: | |
179 | if (outfd >= 0) | |
180 | close (outfd); | |
181 | if (infd >= 0) | |
182 | close (infd); | |
183 | if (execname != NULL) | |
184 | { | |
185 | unlink (execname); | |
186 | free (execname); | |
187 | } | |
188 | if (dirname != NULL) | |
189 | { | |
190 | rmdir (dirname); | |
191 | free (dirname); | |
192 | } | |
193 | ||
194 | if (ret != 0) | |
195 | FAIL_EXIT1("Failed to make sgid executable for test\n"); | |
196 | ||
197 | return status; | |
198 | } | |
199 | ||
200 | int | |
201 | support_capture_subprogram_self_sgid (char *child_id) | |
202 | { | |
203 | gid_t target = 0; | |
204 | const int count = 64; | |
205 | gid_t groups[count]; | |
206 | ||
207 | /* Get a GID which is not our current GID, but is present in the | |
208 | supplementary group list. */ | |
209 | int ret = getgroups (count, groups); | |
210 | if (ret < 0) | |
211 | FAIL_UNSUPPORTED("Could not get group list for user %jd\n", | |
212 | (intmax_t) getuid ()); | |
213 | ||
214 | gid_t current = getgid (); | |
215 | for (int i = 0; i < ret; ++i) | |
216 | { | |
217 | if (groups[i] != current) | |
218 | { | |
219 | target = groups[i]; | |
220 | break; | |
221 | } | |
222 | } | |
223 | ||
224 | if (target == 0) | |
225 | FAIL_UNSUPPORTED("Could not find a suitable GID for user %jd\n", | |
226 | (intmax_t) getuid ()); | |
227 | ||
228 | return copy_and_spawn_sgid (child_id, target); | |
229 | } | |
230 | ||
91b6eb11 FW |
231 | void |
232 | support_capture_subprocess_free (struct support_capture_subprocess *p) | |
233 | { | |
234 | free (p->out.buffer); | |
235 | free (p->err.buffer); | |
236 | } |