~azzar1/unity/add-show-desktop-key

« back to all changes in this revision

Viewing changes to trampoline/trampoline.c

Committer: mattgiuca
Date: 2007-12-20 05:25:03 UTC
Revision ID: svn-v3-trunk0:2b9c9e99-6f39-0410-b283-7f802c844ae2:trunk:103

Fix to Makefile.

files added:
www/common/jail.py

www/dispatch_handler.py

www/media/images

www/media/images/mime

www/media/images/mime/dir.png

files removed:
console/console.js

console/json2.js

console/md5.js

doc/dependencies.txt

makeuser.py

test

test/misc

test/misc/make_date_test.py

test/test_framework

test/test_framework/README-examples

test/test_framework/all_input.py

test/test_framework/all_input_text.xml

test/test_framework/fib.py

test/test_framework/fib_text.xml

test/test_framework/file_test.py

test/test_framework/filespace_test.py

test/test_framework/filesum.py

test/test_framework/filesum_text.xml

test/test_framework/hack_1.py

test/test_framework/hello.py

test/test_framework/hello_text.xml

test/test_framework/test.py

test/test_framework/test_framework_tests.py

test/test_framework/test_json.py

test/test_framework/tests.py

test/test_framework/tute_doc.tex

www/apps/browser/__init__.py

www/apps/browser/help.html

www/apps/console

www/apps/console/__init__.py

www/apps/console/help.html

www/apps/consoleservice

www/apps/consoleservice/__init__.py

www/apps/editor

www/apps/editor/__init__.py

www/apps/editor/help.html

www/apps/fileservice

www/apps/fileservice/__init__.py

www/apps/fileservice/action.py

www/apps/fileservice/listing.py

www/apps/tutorial

www/apps/tutorial/__init__.py

www/apps/tutorial/help.html

www/apps/tutorialservice

www/apps/tutorialservice/__init__.py

www/apps/tutorialservice/test

www/apps/tutorialservice/test/README-framework

www/apps/tutorialservice/test/TestFramework.py

www/apps/tutorialservice/test/__init__.py

www/apps/tutorialservice/test/parse_tute.py

www/auth

www/auth/__init__.py

www/auth/authenticate.py

www/common/makeuser.py

www/common/zip.py

www/dispatch/login.py

www/media/browser

www/media/browser/browser.css

www/media/browser/browser.js

www/media/browser/editor.js

www/media/browser/listing.js

www/media/common

www/media/common/edit_area

www/media/common/edit_area/edit_area.css

www/media/common/edit_area/edit_area.js

www/media/common/edit_area/edit_area_compressor.php

www/media/common/edit_area/edit_area_full.gz

www/media/common/edit_area/edit_area_full.js

www/media/common/edit_area/edit_area_full_with_plugins.gz

www/media/common/edit_area/edit_area_full_with_plugins.js

www/media/common/edit_area/edit_area_functions.js

www/media/common/edit_area/edit_area_loader.js

www/media/common/edit_area/elements_functions.js

www/media/common/edit_area/highlight.js

www/media/common/edit_area/images

www/media/common/edit_area/images/Thumbs.db

www/media/common/edit_area/images/close.gif

www/media/common/edit_area/images/fullscreen.gif

www/media/common/edit_area/images/go_to_line.gif

www/media/common/edit_area/images/help.gif

www/media/common/edit_area/images/highlight.gif

www/media/common/edit_area/images/load.gif

www/media/common/edit_area/images/move.gif

www/media/common/edit_area/images/newdocument.gif

www/media/common/edit_area/images/opacity.png

www/media/common/edit_area/images/processing.gif

www/media/common/edit_area/images/redo.gif

www/media/common/edit_area/images/reset_highlight.gif

www/media/common/edit_area/images/save.gif

www/media/common/edit_area/images/search.gif

www/media/common/edit_area/images/smooth_selection.gif

www/media/common/edit_area/images/spacer.gif

www/media/common/edit_area/images/statusbar_resize.gif

www/media/common/edit_area/images/undo.gif

www/media/common/edit_area/keyboard.js

www/media/common/edit_area/langs

www/media/common/edit_area/langs/de.js

www/media/common/edit_area/langs/dk.js

www/media/common/edit_area/langs/en.js

www/media/common/edit_area/langs/es.js

www/media/common/edit_area/langs/fr.js

www/media/common/edit_area/langs/hr.js

www/media/common/edit_area/langs/it.js

www/media/common/edit_area/langs/ja.js

www/media/common/edit_area/langs/nl.js

www/media/common/edit_area/langs/pl.js

www/media/common/edit_area/langs/pt.js

www/media/common/edit_area/langs/sk.js

www/media/common/edit_area/license.txt

www/media/common/edit_area/manage_area.js

www/media/common/edit_area/plugins

www/media/common/edit_area/plugins/charmap

www/media/common/edit_area/plugins/charmap/charmap.js

www/media/common/edit_area/plugins/charmap/css

www/media/common/edit_area/plugins/charmap/css/charmap.css

www/media/common/edit_area/plugins/charmap/images

www/media/common/edit_area/plugins/charmap/images/Thumbs.db

www/media/common/edit_area/plugins/charmap/images/charmap.gif

www/media/common/edit_area/plugins/charmap/jscripts

www/media/common/edit_area/plugins/charmap/jscripts/map.js

www/media/common/edit_area/plugins/charmap/langs

www/media/common/edit_area/plugins/charmap/langs/de.js

www/media/common/edit_area/plugins/charmap/langs/dk.js

www/media/common/edit_area/plugins/charmap/langs/en.js

www/media/common/edit_area/plugins/charmap/langs/es.js

www/media/common/edit_area/plugins/charmap/langs/fr.js

www/media/common/edit_area/plugins/charmap/langs/hr.js

www/media/common/edit_area/plugins/charmap/langs/it.js

www/media/common/edit_area/plugins/charmap/langs/ja.js

www/media/common/edit_area/plugins/charmap/langs/nl.js

www/media/common/edit_area/plugins/charmap/langs/pl.js

www/media/common/edit_area/plugins/charmap/langs/pt.js

www/media/common/edit_area/plugins/charmap/langs/sk.js

www/media/common/edit_area/plugins/charmap/popup.html

www/media/common/edit_area/plugins/test

www/media/common/edit_area/plugins/test/css

www/media/common/edit_area/plugins/test/css/test.css

www/media/common/edit_area/plugins/test/images

www/media/common/edit_area/plugins/test/images/test.gif

www/media/common/edit_area/plugins/test/langs

www/media/common/edit_area/plugins/test/langs/de.js

www/media/common/edit_area/plugins/test/langs/dk.js

www/media/common/edit_area/plugins/test/langs/en.js

www/media/common/edit_area/plugins/test/langs/es.js

www/media/common/edit_area/plugins/test/langs/fr.js

www/media/common/edit_area/plugins/test/langs/hr.js

www/media/common/edit_area/plugins/test/langs/it.js

www/media/common/edit_area/plugins/test/langs/ja.js

www/media/common/edit_area/plugins/test/langs/nl.js

www/media/common/edit_area/plugins/test/langs/pl.js

www/media/common/edit_area/plugins/test/langs/pt.js

www/media/common/edit_area/plugins/test/langs/sk.js

www/media/common/edit_area/plugins/test/test.js

www/media/common/edit_area/plugins/test/test2.js

www/media/common/edit_area/reg_syntax

www/media/common/edit_area/reg_syntax.js

www/media/common/edit_area/reg_syntax/basic.js

www/media/common/edit_area/reg_syntax/brainfuck.js

www/media/common/edit_area/reg_syntax/c.js

www/media/common/edit_area/reg_syntax/cpp.js

www/media/common/edit_area/reg_syntax/css.js

www/media/common/edit_area/reg_syntax/html.js

www/media/common/edit_area/reg_syntax/js.js

www/media/common/edit_area/reg_syntax/pas.js

www/media/common/edit_area/reg_syntax/php.js

www/media/common/edit_area/reg_syntax/python.js

www/media/common/edit_area/reg_syntax/sql.js

www/media/common/edit_area/reg_syntax/vb.js

www/media/common/edit_area/reg_syntax/xml.js

www/media/common/edit_area/regexp.js

www/media/common/edit_area/resize_area.js

www/media/common/edit_area/search_replace.js

www/media/common/edit_area/template.html

www/media/common/ivle.css

www/media/common/json2.js

www/media/common/md5.js

www/media/common/util.js

www/media/console

www/media/console/console.css

www/media/console/console.js

www/media/images

www/media/images/README

www/media/images/apps

www/media/images/apps/browser.png

www/media/images/apps/console.png

www/media/images/apps/editor.png

www/media/images/apps/help.png

www/media/images/apps/small

www/media/images/apps/small/browser.png

www/media/images/apps/small/console.png

www/media/images/apps/small/editor.png

www/media/images/apps/small/help.png

www/media/images/apps/small/tutorial.png

www/media/images/apps/tutorial.png

www/media/images/interface

www/media/images/interface/published.png

www/media/images/interface/sortdown.png

www/media/images/interface/sortup.png

www/media/images/mime

www/media/images/mime/dir.png

www/media/images/mime/large

www/media/images/mime/large/dir.png

www/media/images/mime/large/multi.png

www/media/images/mime/large/py.png

www/media/images/mime/large/txt.png

www/media/images/mime/py.png

www/media/images/mime/txt.png

www/media/images/svn

www/media/images/svn/added.png

www/media/images/svn/deleted.png

www/media/images/svn/missing.png

www/media/images/svn/modified.png

www/media/images/svn/normal.png

www/media/tutorial

www/media/tutorial/tutorial.css

files modified:
console/index.html

console/python-console

setup.py

trampoline/trampoline.c

userdb/users.sql

www/README

www/apps/debuginfo/__init__.py

www/apps/download/__init__.py

www/apps/dummy/__init__.py

www/apps/server/__init__.py

www/common/interpret.py

www/common/studpath.py

www/common/util.py

www/conf/__init__.py

www/conf/app/server.py

www/conf/apps.py

www/conf/mimetypes.py

www/dispatch/__init__.py

www/dispatch/html.py

www/dispatch/request.py

Show diffs side-by-side

added added

removed removed

trampoline/trampoline.c

#include "conf.h"

/* Returns TRUE if the given uid is allowed to execute trampoline.

* Only root or the web server should be allowed to execute.

* This is determined by the whitelist allowed_uids in conf.h.

int uid_allowed(int uid)

{

int i;

/* root is always allowed to execute trampoline */

if (uid == 0)

return 1;

/* loop over all allowed_uids */

for (i=(sizeof(allowed_uids)/sizeof(*allowed_uids))-1; i>=0; i--)

{

if (allowed_uids[i] == uid)

return 1;

}

/* default to disallowing */

return 0;

}

/* Turn the process into a daemon using the standard

* 2-fork technique.

void daemonize(void)

{

pid_t pid, sid;

/* already a daemon */

if ( getppid() == 1 ) return;

/* Fork off the parent process */

pid = fork();

if (pid < 0) {

exit(1);

}

/* If we got a good PID, then we can exit the parent process. */

if (pid > 0) {

exit(0);

}

/* At this point we are executing as the child process */

/* Change the file mode mask */

umask(0);

/* Create a new SID for the child process */

sid = setsid();

if (sid < 0) {

exit(1);

}

/* Change the current working directory. This prevents the current

directory from being locked; hence not being able to remove it. */

if ((chdir("/")) < 0) {

100

exit(1);

101

}

102

103

/* Redirect standard files to /dev/null */

104

freopen( "/dev/null", "r", stdin);

105

freopen( "/dev/null", "w", stdout);

106

freopen( "/dev/null", "w", stderr);

107

}

108

109

static void usage(const char* nm)

110

{

111

fprintf(stderr,

112

"usage: %s [-d] <uid> <jail> <cwd> <program> [args...]\n", nm);

113

exit(1);

114

}

/* Argument names */

#define ARG_UID 1

#define ARG_JAILPATH 2

#define ARG_CWD 3

#define ARG_PROG 4

#define MIN_ARGC 5

#define UID_ROOT 0

115

116

int main(int argc, char* const argv[])

117

{

118

char* jailpath;

119

char* work_dir;

120

char* prog;

121

char* const * args;

122

int uid;

123

int arg_num = 1;

124

int daemon_mode = 0;

125

126

/* Disallow execution from all users but the whitelisted ones, and root */

127

if (!uid_allowed(getuid()))

128

{

129

fprintf(stderr, "only the web server may execute trampoline\n");

130

exit(1);

131

}

132

133

/* Args check and usage */

134

if (argc < 5)

135

{

136

usage(argv[0]);

137

}

138

139

if (strcmp(argv[arg_num], "-d") == 0)

140

{

141

if (argc < 6)

142

{

143

usage(argv[0]);

144

}

145

daemon_mode = 1;

146

arg_num++;

147

}

148

uid = atoi(argv[arg_num++]);

149

jailpath = argv[arg_num++];

150

work_dir = argv[arg_num++];

151

prog = argv[arg_num];

152

args = argv + arg_num;

if (argc < MIN_ARGC)

{

fprintf(stderr, "usage: %s <uid> <jail> <cwd> <program> [args...]\n",

argv[0]);

exit(EXIT_FAILURE);

}

153

154

/* Disallow suiding to the root user */

155

if (uid == 0)

uid = atoi(argv[ARG_UID]);

if (uid == UID_ROOT)

156

{

157

fprintf(stderr, "cannot set up a jail as root\n");

158

exit(1);

164

* Not contain "/.."

165

* Begin with jail_base

166

jailpath = argv[ARG_JAILPATH];

167

if (strlen(jailpath) < 1 || jailpath[0] != '/'

168

|| strstr(jailpath, "/..")

169

|| strncmp(jailpath, jail_base, strlen(jail_base)))

182

}

183

184

100

/* chdir into the specified working directory */

185

if (chdir(work_dir))

101

if (chdir(argv[ARG_CWD]))

186

102

{

187

103

perror("could not chdir");

188

104

exit(1);

197

113

exit(1);

198

114

}

199

115

200

if (daemon_mode)

201

{

202

daemonize();

203

}

204

205

116

/* exec (replace this process with the a new instance of the target

206

117

* program). Pass along all the arguments.

207

118

* Note that for script execution, the "program" will be the interpreter,

208

119

* and the first argument will be the script. */

209

execv(prog, args);

120

execv(argv[ARG_PROG], argv + ARG_PROG);

210

121

211

/* XXX if (daemon_mode) use syslog? */

212

122

/* nb exec won't return unless there was an error */

213

123

perror("could not exec");

214

return 1;

124

return EXIT_FAILURE;

215

125

}

Older »