Subversion Repositories public

/// inotify cron daemon user tables implementation

/**

 * \file usertable.cpp

 *

 * inotify cron system

 *

 * Copyright (C) 2006, 2007 Lukas Jelinek, <lukas@aiken.cz>

 *

 * This program is free software; you can use it, redistribute

 * it and/or modify it under the terms of the GNU General Public

 * License, version 2 (see LICENSE-GPL).

 *  

 */

#include <pwd.h>

#include <syslog.h>

#include <errno.h>

#include <sys/wait.h>

#include <unistd.h>

#include <grp.h>

#include <sys/stat.h>

#include "usertable.h"

#include "incroncfg.h"

#ifdef IN_DONT_FOLLOW

#define DONT_FOLLOW(mask) InotifyEvent::IsType(mask, IN_DONT_FOLLOW)

#else // IN_DONT_FOLLOW

#define DONT_FOLLOW(mask) (false)

#endif // IN_DONT_FOLLOW

PROC_MAP UserTable::s_procMap;

extern volatile bool g_fFinish;

extern SUT_MAP g_ut;

void on_proc_done(InotifyWatch* pW)

{

  pW->SetEnabled(true);

}

EventDispatcher::EventDispatcher(int iPipeFd, Inotify* pIn, InotifyWatch* pSys, InotifyWatch* pUser)

{

  m_iPipeFd = iPipeFd;

  m_iMgmtFd = pIn->GetDescriptor();

  m_pIn = pIn;

  m_pSys = pSys;

  m_pUser = pUser;

  m_size = 0;

  m_pPoll = NULL;

}

EventDispatcher::~EventDispatcher()

{

  if (m_pPoll != NULL)

    delete[] m_pPoll;

}

bool EventDispatcher::ProcessEvents()

{

  // consume pipe events if any (and report back)

  bool pipe = (m_pPoll[0].revents & POLLIN);

  if (pipe) {

    char c;

    while (read(m_pPoll[0].fd, &c, 1) > 0) {}

    m_pPoll[0].revents = 0;

  }

  // process table management events if any

  if (m_pPoll[1].revents & POLLIN) {

    ProcessMgmtEvents();

    m_pPoll[1].revents = 0;

  }

  InotifyEvent evt;

  for (size_t i=2; i<m_size; i++) {

    // process events if occurred

    if (m_pPoll[i].revents & POLLIN) {

      FDUT_MAP::iterator it = m_maps.find(m_pPoll[i].fd);

      if (it != m_maps.end()) {

        Inotify* pIn = ((*it).second)->GetInotify();

        pIn->WaitForEvents(true);

        // process events for this object

        while (pIn->GetEvent(evt)) {

          ((*it).second)->OnEvent(evt);

        }

      }

      m_pPoll[i].revents = 0;

    }

  }

  return pipe;

}

void EventDispatcher::Register(UserTable* pTab)

{

  if (pTab != NULL) {

    Inotify* pIn = pTab->GetInotify();

    if (pIn != NULL) {

      int fd = pIn->GetDescriptor();

      if (fd != -1) {

        m_maps.insert(FDUT_MAP::value_type(fd, pTab));

        Rebuild();

      }

    }

  }

}

void EventDispatcher::Unregister(UserTable* pTab)

{

  FDUT_MAP::iterator it = m_maps.find(pTab->GetInotify()->GetDescriptor());

  if (it != m_maps.end()) {

    m_maps.erase(it);

    Rebuild();

  }

}

void EventDispatcher::Rebuild()

{

  // delete old data if exists

  if (m_pPoll != NULL)

    delete[] m_pPoll;

  // allocate memory

  m_size = m_maps.size() + 2;

  m_pPoll = new struct pollfd[m_size];

  // add pipe descriptor

  m_pPoll[0].fd = m_iPipeFd;

  m_pPoll[0].events = POLLIN;

  m_pPoll[0].revents = 0;

  // add table management descriptor

  m_pPoll[1].fd = m_iMgmtFd;

  m_pPoll[1].events = POLLIN;

  m_pPoll[1].revents = 0;

  // add all inotify descriptors

  FDUT_MAP::iterator it = m_maps.begin();

  for (size_t i=2; i<m_size; i++, it++) {

    m_pPoll[i].fd = (*it).first;

    m_pPoll[i].events = POLLIN;

    m_pPoll[i].revents = 0;

  }

}

void EventDispatcher::ProcessMgmtEvents()

{

  m_pIn->WaitForEvents(true);

  InotifyEvent e;

  while (m_pIn->GetEvent(e)) {

    if (e.GetWatch() == m_pSys) {

      if (e.IsType(IN_DELETE_SELF) || e.IsType(IN_UNMOUNT)) {

        syslog(LOG_CRIT, "base directory destroyed, exitting");

        g_fFinish = true;

      }

      else if (!e.GetName().empty()) {

        SUT_MAP::iterator it = g_ut.find(IncronCfg::BuildPath(m_pSys->GetPath(), e.GetName()));

        if (it != g_ut.end()) {

          UserTable* pUt = (*it).second;

          if (e.IsType(IN_CLOSE_WRITE) || e.IsType(IN_MOVED_TO)) {

            syslog(LOG_INFO, "system table %s changed, reloading", e.GetName().c_str());

            pUt->Dispose();

            pUt->Load();

          }

          else if (e.IsType(IN_MOVED_FROM) || e.IsType(IN_DELETE)) {

            syslog(LOG_INFO, "system table %s destroyed, removing", e.GetName().c_str());

            delete pUt;

            g_ut.erase(it);

          }

        }

        else if (e.IsType(IN_CLOSE_WRITE) || e.IsType(IN_MOVED_TO)) {

          syslog(LOG_INFO, "system table %s created, loading", e.GetName().c_str());

          UserTable* pUt = new UserTable(this, e.GetName(), true);

          g_ut.insert(SUT_MAP::value_type(IncronTab::GetSystemTablePath(e.GetName()), pUt));

          pUt->Load();

        }

      }

    }

    else if (e.GetWatch() == m_pUser) {

      if (e.IsType(IN_DELETE_SELF) || e.IsType(IN_UNMOUNT)) {

        syslog(LOG_CRIT, "base directory destroyed, exitting");

        g_fFinish = true;

      }

      else if (!e.GetName().empty()) {

        SUT_MAP::iterator it = g_ut.find(IncronCfg::BuildPath(m_pUser->GetPath(), e.GetName()));

        if (it != g_ut.end()) {

          UserTable* pUt = (*it).second;

          if (e.IsType(IN_CLOSE_WRITE) || e.IsType(IN_MOVED_TO)) {

            syslog(LOG_INFO, "table for user %s changed, reloading", e.GetName().c_str());

            pUt->Dispose();

            pUt->Load();

          }

          else if (e.IsType(IN_MOVED_FROM) || e.IsType(IN_DELETE)) {

            syslog(LOG_INFO, "table for user %s destroyed, removing",  e.GetName().c_str());

            delete pUt;

            g_ut.erase(it);

          }

        }

        else if (e.IsType(IN_CLOSE_WRITE) || e.IsType(IN_MOVED_TO)) {

          if (UserTable::CheckUser(e.GetName().c_str())) {

            syslog(LOG_INFO, "table for user %s created, loading", e.GetName().c_str());

            UserTable* pUt = new UserTable(this, e.GetName(), false);

            g_ut.insert(SUT_MAP::value_type(IncronTab::GetUserTablePath(e.GetName()), pUt));

            pUt->Load();

          }

        }

      }

    }

  }

}

UserTable::UserTable(EventDispatcher* pEd, const std::string& rUser, bool fSysTable)

: m_user(rUser),

  m_fSysTable(fSysTable)

{

  m_pEd = pEd;

  m_in.SetNonBlock(true);

  m_in.SetCloseOnExec(true);

}

UserTable::~UserTable()

{

  Dispose();

}

void UserTable::Load()

{

  m_tab.Load(m_fSysTable

      ? IncronTab::GetSystemTablePath(m_user)

      : IncronTab::GetUserTablePath(m_user));

  int cnt = m_tab.GetCount();

  for (int i=0; i<cnt; i++) {

    IncronTabEntry& rE = m_tab.GetEntry(i);

    InotifyWatch* pW = new InotifyWatch(rE.GetPath(), rE.GetMask());

    // warning only - permissions may change later

    if (!(m_fSysTable || MayAccess(rE.GetPath(), DONT_FOLLOW(rE.GetMask()))))

      syslog(LOG_WARNING, "access denied on %s - events will be discarded silently", rE.GetPath().c_str());

    try {

      m_in.Add(pW);

      m_map.insert(IWCE_MAP::value_type(pW, &rE));

    } catch (InotifyException e) {

      if (m_fSysTable)

        syslog(LOG_ERR, "cannot create watch for system table %s: (%i) %s", m_user.c_str(), e.GetErrorNumber(), strerror(e.GetErrorNumber()));

      else

        syslog(LOG_ERR, "cannot create watch for user %s: (%i) %s", m_user.c_str(), e.GetErrorNumber(), strerror(e.GetErrorNumber()));

      delete pW;

    }

  }

  m_pEd->Register(this);

}

void UserTable::Dispose()

{

  m_pEd->Unregister(this);

  IWCE_MAP::iterator it = m_map.begin();

  while (it != m_map.end()) {

    InotifyWatch* pW = (*it).first;

    m_in.Remove(pW);

    PROC_MAP::iterator it2 = s_procMap.begin();

    while (it2 != s_procMap.end()) {

      if ((*it2).second.pWatch == pW) {

        PROC_MAP::iterator it3 = it2;

        it2++;

        s_procMap.erase(it3);

      }

      else {

        it2++;

      }

    }

    delete pW;

    it++;

  }

  m_map.clear();

}

void UserTable::OnEvent(InotifyEvent& rEvt)

{

  InotifyWatch* pW = rEvt.GetWatch();

  IncronTabEntry* pE = FindEntry(pW);

  // no entry found - this shouldn't occur

  if (pE == NULL)

    return;

  // discard event if user has no access rights to watch path

  if (!(m_fSysTable || MayAccess(pW->GetPath(), DONT_FOLLOW(rEvt.GetMask()))))

    return;

  std::string cmd;

  const std::string& cs = pE->GetCmd();

  size_t pos = 0;

  size_t oldpos = 0;

  size_t len = cs.length();

  while ((pos = cs.find('$', oldpos)) != std::string::npos) {

    if (pos < len - 1) {

      size_t px = pos + 1;

      if (cs[px] == '$') {

        cmd.append(cs.substr(oldpos, pos-oldpos+1));

        oldpos = pos + 2;

      }

      else {

        cmd.append(cs.substr(oldpos, pos-oldpos));

        if (cs[px] == '@') {          // base path

          cmd.append(pW->GetPath());

          oldpos = pos + 2;

        }

        else if (cs[px] == '#') {     // file name

          cmd.append(rEvt.GetName());

          oldpos = pos + 2;

        }

        else if (cs[px] == '%') {     // mask symbols

          std::string s;

          rEvt.DumpTypes(s);

          cmd.append(s);

          oldpos = pos + 2;

        }

        else if (cs[px] == '&') {     // numeric mask

          char* s;

          asprintf(&s, "%u", (unsigned) rEvt.GetMask());

          cmd.append(s);

          free(s);

          oldpos = pos + 2;

        }

        else {

          oldpos = pos + 1;

        }

      }

    }

    else {

      cmd.append(cs.substr(oldpos, pos-oldpos));

      oldpos = pos + 1;

    }

  }    

  cmd.append(cs.substr(oldpos));

  int argc;

  char** argv;

  if (!PrepareArgs(cmd, argc, argv)) {

    syslog(LOG_ERR, "cannot prepare command arguments");

    return;

  }

  if (m_fSysTable)

    syslog(LOG_INFO, "(system::%s) CMD (%s)", m_user.c_str(), cmd.c_str());

  else

    syslog(LOG_INFO, "(%s) CMD (%s)", m_user.c_str(), cmd.c_str());

  if (pE->IsNoLoop())

    pW->SetEnabled(false);

  pid_t pid = fork();

  if (pid == 0) {

    // for system table

    if (m_fSysTable) {

      if (execvp(argv[0], argv) != 0) // exec failed

      {

        syslog(LOG_ERR, "cannot exec process: %s", strerror(errno));

        _exit(1);

      }

    }

    else {

      // for user table

      struct passwd* pwd = getpwnam(m_user.c_str());

      if (    pwd == NULL                 // user not found

          ||  setgid(pwd->pw_gid) != 0    // setting GID failed

          ||  setuid(pwd->pw_uid) != 0    // setting UID failed

          ||  execvp(argv[0], argv) != 0) // exec failed

      {

        syslog(LOG_ERR, "cannot exec process: %s", strerror(errno));

        _exit(1);

      }

    }

  }

  else if (pid > 0) {

    ProcData_t pd;

    if (pE->IsNoLoop()) {

      pd.onDone = on_proc_done;

      pd.pWatch = pW;

    }

    else {

      pd.onDone = NULL;

      pd.pWatch = NULL;

    }

    s_procMap.insert(PROC_MAP::value_type(pid, pd));

  }

  else {

    if (pE->IsNoLoop())

      pW->SetEnabled(true);

    syslog(LOG_ERR, "cannot fork process: %s", strerror(errno));

  }

  CleanupArgs(argc, argv);

}

IncronTabEntry* UserTable::FindEntry(InotifyWatch* pWatch)

{

  IWCE_MAP::iterator it = m_map.find(pWatch);

  if (it == m_map.end())

    return NULL;

  return (*it).second;

}

bool UserTable::PrepareArgs(const std::string& rCmd, int& argc, char**& argv)

{

  if (rCmd.empty())

    return false;

  StringTokenizer tok(rCmd, ' ', '\\');

  std::deque<std::string> args;

  while (tok.HasMoreTokens()) {

    args.push_back(tok.GetNextToken());

  }

  if (args.empty())

    return false;

  argc = (int) args.size();

  argv = new char*[argc+1];

  argv[argc] = NULL;

  for (int i=0; i<argc; i++) {

    const std::string& s = args[i];

    size_t len = s.length();

    argv[i] = new char[len+1];

    strcpy(argv[i], s.c_str());

  }

  return true;

}

void UserTable::CleanupArgs(int argc, char** argv)

{

  for (int i=0; i<argc; i++) {

    delete[] argv[i];

  }

  delete[] argv;

}

void UserTable::FinishDone()

{

  pid_t res = 0;

  int status = 0;

  while ((res = waitpid(-1, &status, WNOHANG)) > 0) {

    PROC_MAP::iterator it = s_procMap.find(res);

    if (it != s_procMap.end()) {

      ProcData_t pd = (*it).second;

      if (pd.onDone != NULL)

        (*pd.onDone)(pd.pWatch);

      s_procMap.erase(it);

    }

  }  

}

bool UserTable::MayAccess(const std::string& rPath, bool fNoFollow) const

{

  // first, retrieve file permissions

  struct stat st;

  int res = fNoFollow

      ? lstat(rPath.c_str(), &st) // don't follow symlink

      : stat(rPath.c_str(), &st);

  if (res != 0)

    return false; // retrieving permissions failed

  // file accessible to everyone

  if (st.st_mode & S_IRWXO)

    return true;

  // retrieve user data

  struct passwd* pwd = getpwnam(m_user.c_str());

  // root may always access

  if (pwd->pw_uid == 0)

    return true;

  // file accesible to group

  if (st.st_mode & S_IRWXG) {

    // user's primary group

    if (pwd != NULL && pwd->pw_gid == st.st_gid)

        return true;

    // now check group database

    struct group *gr = getgrgid(st.st_gid);

    if (gr != NULL) {

      int pos = 0;

      const char* un;

      while ((un = gr->gr_mem[pos]) != NULL) {

        if (strcmp(un, m_user.c_str()) == 0)

          return true;

        pos++;

      }

    }

  }

  // file accessible to owner

  if (st.st_mode & S_IRWXU) {  

    if (pwd != NULL && pwd->pw_uid == st.st_uid)

      return true;

  }

  return false; // no access right found

}