From 5c28a5e6ef49f1373602a9eb870e9bdd5680efd1 Mon Sep 17 00:00:00 2001 From: ddpbsd Date: Thu, 1 Dec 2016 07:24:47 -0500 Subject: [PATCH] Backport PR #986: Prevent manage_agents from chrooting in bulk mode Currently using -f will fail because of attempts to access random, which isn't possible in the chroot (without extra work). Prevent the chroot in this mode. Fixes issue #454 Not sure this is ready yet, I'm hoping for comments. This may be the wrong way to solve it (it feels like a hack instead of a proper fix). --- src/addagent/main.c | 8 +++++++- src/addagent/manage_agents.c | 37 +++++++++++++++++++++++++++--------- src/addagent/manage_agents.h | 3 +++ 3 files changed, 38 insertions(+), 10 deletions(-) diff --git a/src/addagent/main.c b/src/addagent/main.c index ad9d61a17..94cedc2d7 100644 --- a/src/addagent/main.c +++ b/src/addagent/main.c @@ -88,6 +88,9 @@ int main(int argc, char **argv) int ret; #endif + extern int willchroot; + willchroot = 1; + /* Set the name */ OS_SetName(ARGV0); @@ -138,6 +141,7 @@ int main(int argc, char **argv) ErrorExit("%s: -f needs an argument.", ARGV0); } cmdbulk = optarg; + willchroot = 0; printf("Bulk load file: %s\n", cmdbulk); break; case 'l': @@ -174,7 +178,9 @@ int main(int argc, char **argv) } /* Inside chroot now */ - nowChroot(); + if(willchroot > 0) { + nowChroot(); + } /* Start signal handler */ StartSIG2(ARGV0, manage_shutdown); diff --git a/src/addagent/manage_agents.c b/src/addagent/manage_agents.c index 624844a19..fc6dcb83a 100644 --- a/src/addagent/manage_agents.c +++ b/src/addagent/manage_agents.c @@ -82,17 +82,26 @@ int add_agent() os_ip c_ip; c_ip.ip = NULL; + char authfile[257]; + + if(willchroot > 0) { + snprintf(authfile, 256, "%s", AUTH_FILE); + } else { + const char *dir = DEFAULTDIR; + snprintf(authfile, 256, "%s/%s", dir, AUTH_FILE); + } + /* Check if we can open the auth_file */ - fp = fopen(AUTH_FILE, "a"); + fp = fopen(authfile, "a"); if (!fp) { - ErrorExit(FOPEN_ERROR, ARGV0, AUTH_FILE, errno, strerror(errno)); + ErrorExit(FOPEN_ERROR, ARGV0, authfile, errno, strerror(errno)); } fclose(fp); #ifndef WIN32 - if (chmod(AUTH_FILE, 0440) == -1) { - ErrorExit(CHMOD_ERROR, ARGV0, AUTH_FILE, errno, strerror(errno)); + if (chmod(authfile, 0440) == -1) { + ErrorExit(CHMOD_ERROR, ARGV0, authfile, errno, strerror(errno)); } #endif @@ -244,12 +253,12 @@ int add_agent() time3 = time(0); rand2 = random(); - fp = fopen(AUTH_FILE, "a"); + fp = fopen(authfile, "a"); if (!fp) { ErrorExit(FOPEN_ERROR, ARGV0, KEYS_FILE, errno, strerror(errno)); } #ifndef WIN32 - chmod(AUTH_FILE, 0440); + chmod(authfile, 0440); #endif /* Random 1: Time took to write the agent information @@ -295,6 +304,16 @@ int remove_agent() char u_id[FILE_SIZE + 1]; int id_exist; + extern int willchroot; + char authfile[257]; + if(willchroot > 0) { + snprintf(authfile, 256, "%s", AUTH_FILE); + } else { + const char *dir = DEFAULTDIR; + snprintf(authfile, 256, "%s/%s", dir, AUTH_FILE); + } + + u_id[FILE_SIZE] = '\0'; if (!print_agents(0, 0, 0)) { @@ -353,13 +372,13 @@ int remove_agent() return (1); } - fp = fopen(AUTH_FILE, "r+"); + fp = fopen(authfile, "r+"); if (!fp) { free(full_name); - ErrorExit(FOPEN_ERROR, ARGV0, AUTH_FILE, errno, strerror(errno)); + ErrorExit(FOPEN_ERROR, ARGV0, authfile, errno, strerror(errno)); } #ifndef WIN32 - chmod(AUTH_FILE, 0440); + chmod(authfile, 0440); #endif /* Remove the agent, but keep the id */ diff --git a/src/addagent/manage_agents.h b/src/addagent/manage_agents.h index 317688fa1..5b5366989 100644 --- a/src/addagent/manage_agents.h +++ b/src/addagent/manage_agents.h @@ -139,3 +139,6 @@ extern fpos_t fp_pos; #define GMF_BUFF_ERROR ARGV0 ": Could not get path because it is too long and was shrunk by (%d) characters with a max of (%d).\n" #define GMF_UNKN_ERROR ARGV0 ": Could not run GetModuleFileName which returned (%ld).\n" +/* Do we chroot? */ +int willchroot; +