[apple/security.git] / Keychain / ExecCLITool.cpp


#include <sys/wait.h>
#include "ExecCLITool.h"
#include <Security/utilities.h>
#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>

#pragma mark -------------------- ExecCLITool implementation --------------------

ExecCLITool::ExecCLITool() : dataRead(NULL),dataLength(0),dataToWrite(NULL),dataToWriteLength(0)
{
	stdinpipe[0]=0, stdinpipe[1]=0;
    stdoutpipe [0]=0, stdoutpipe [1]=0;
}

ExecCLITool::~ExecCLITool()
{
	if (dataRead)
        free(dataRead);
    reset();
}

int ExecCLITool::run(const char *toolPath, const char *toolEnvVar, ...)
{
    try
    {
        reset();
        initialize();
        
        // try to run the tool
        switch (pid_t pid = fork())
        {
        case 0:		// child
            {
                VAArgList arglist;
                va_list params;
                va_start(params, toolEnvVar);
                arglist.set(toolPath,params);
                va_end(params);
                child(toolPath,toolEnvVar,arglist);
            }
            break;
        case -1:	// error (in parent)
            UnixError::throwMe();
            break;
        default:	// parent
            parent(pid);
            break;
        }
    }
    catch (...)
    {
        closeAllPipes();
        return errno;
    }
    
	closeAllPipes();
    return 0;
}

void ExecCLITool::reset()
{
	closeAllPipes();
#if 0
    if (dataToWrite)
    {
        free(dataToWrite);
        dataToWrite = NULL;
    }
    dataToWriteLength = 0;
#endif
}

void ExecCLITool::input(const char *data,unsigned int length)
{
    if (dataToWrite)
    {
        ::free(dataToWrite);
        dataToWrite = NULL;
    }
    dataToWriteLength=length;
    if (!data)
        return;

    dataToWrite=reinterpret_cast<char *>(malloc(length));
    ::memmove(dataToWrite, data, dataToWriteLength);
}

void ExecCLITool::input(CFStringRef theString, bool appendNULL)
{
	// Used mainly for preserving UTF-8 passwords
    // hdiutil et al require the NULL to be sent as part of the password string from STDIN
    Boolean isExternalRepresentation = false;
    CFStringEncoding encoding = kCFStringEncodingUTF8;
    CFIndex usedBufLen = 0;
    UInt8 lossByte = 0;

    if (!theString)
        MacOSError::throwMe(paramErr);

    CFRange stringRange = CFRangeMake(0,CFStringGetLength(theString));
    // Call once first just to get length
    CFIndex length = CFStringGetBytes(theString, stringRange, encoding, lossByte,
        isExternalRepresentation, NULL, 0, &usedBufLen);
        
    if (dataToWrite)
        ::free(dataToWrite);
    dataToWriteLength=usedBufLen;
    if (appendNULL)
    {
        dataToWriteLength++;
        dataToWriteLength++;
}

    dataToWrite=reinterpret_cast<char *>(malloc(dataToWriteLength));
    length = CFStringGetBytes(theString, stringRange, encoding, lossByte, isExternalRepresentation, 
        reinterpret_cast<UInt8 *>(dataToWrite), dataToWriteLength, &usedBufLen);

    if (appendNULL)
    {
        dataToWrite[dataToWriteLength-1]=0;
        dataToWrite[dataToWriteLength]='\n';
    }
}

void ExecCLITool::initialize()
{
    dataLength = 0;								// ignore any previous output on new run
   
    if (!dataRead)								// Allocate buffer for child's STDOUT return
    {
        dataRead = (char *)malloc(256);
        if (!dataRead)
            UnixError::throwMe();
    }

    // Create pipe to catch tool output
    if (pipe(stdoutpipe))						// for reading data from child into parent
        UnixError::throwMe();

    if (pipe(stdinpipe))						// for writing data from parent to child
        UnixError::throwMe();
}
        
void ExecCLITool::child(const char *toolPath, const char *toolEnvVar, VAArgList& arglist)
{
    // construct path to tool
    try
    {
        char toolExecutable[PATH_MAX + 1];
        const char *path = toolEnvVar ? getenv(toolEnvVar) : NULL;
        if (!path)
            path = toolPath;
        snprintf(toolExecutable, sizeof(toolExecutable), "%s", toolPath);
    
        close(stdoutpipe[0]);			// parent read
        close(STDOUT_FILENO);
        if (dup2(stdoutpipe[1], STDOUT_FILENO) < 0)
            UnixError::throwMe();
        close(stdoutpipe[1]);

        close(stdinpipe[1]);			// parent write
        close(STDIN_FILENO);
        if (dup2(stdinpipe[0], STDIN_FILENO) < 0)
            UnixError::throwMe();
        close(stdinpipe[0]);

    //  std::cerr << "execl(\"" << toolExecutable << "\")" << std::endl;
        execv(toolPath, const_cast<char * const *>(arglist.get()));
    //  std::cerr << "execl of " << toolExecutable << " failed, errno=" << errno << std::endl;
    }
    catch (...)
    {
        int err = errno;
//		closeAllPipes();
        _exit(err);
    }
    
    // Unconditional suicide follows.
    _exit(1);
}

void ExecCLITool::parent(pid_t pid)
{
	static const int timeout = 300;
	static const bool dontNeedToWait = false;

    close(stdinpipe[0]);			// child read
    close(stdoutpipe[1]);			// child write

	parentWriteInput();

    parentReadOutput();
    
    struct timespec rqtp = {0,};
    rqtp.tv_nsec = 100000000;		// 10^8 nanoseconds = 1/10th of a second
    for (int nn = timeout; nn > 0; nanosleep(&rqtp, NULL), nn--)
    {
        if (dontNeedToWait)
            break;
        int status;
        switch (waitpid(pid, &status, WNOHANG))
        {
        case 0:				// child still running
            break;
        case -1:			// error
            switch (errno)
            {
            case EINTR:
            case EAGAIN:	// transient
                continue;
            case ECHILD:	// no such child (dead; already reaped elsewhere)
                CssmError::throwMe(CSSM_ERRCODE_NO_USER_INTERACTION);
            default:
                UnixError::throwMe();
            }
        default:
        //  std::cerr << "waitpid succeeded, pid=" << rc << std::endl;
            return;
        }
    }
}

void ExecCLITool::parentReadOutput()
{
    // parent - resulting blob comes in on stdoutpipe[0]
	unsigned int totalRead = 0;
	char buffer[kReadBufSize];
	
	for (;;)
    {
		int thisRead = read(stdoutpipe[0], buffer, kReadBufSize);
		if (thisRead < 0)
        {
			if (errno==EINTR)			// try some more
                continue;
//			std::cerr << "abnormal read end:" << errno << std::endl;
            break;
		}
		if (thisRead == 0)				// normal termination
        {
			dataLength = totalRead;
//			std::cerr << "Normal read end" << std::endl;
			break;
		}

		// Resize dataRead if necessary
        if (kReadBufSize < (totalRead + (unsigned int)thisRead))
        {
			uint32 newLen = dataLength + kReadBufSize;
			dataRead = (char *)realloc(dataRead, newLen);
			dataLength = newLen;
		}

		// Append the data to dataRead
        memmove(dataRead + totalRead, buffer, thisRead);
		totalRead += thisRead;
	}
    close(stdoutpipe[0]);

}

void ExecCLITool::parentWriteInput()
{
	if (dataToWriteLength>0)
    {
        int bytesWritten = write(stdinpipe[1],dataToWrite,dataToWriteLength);
        if (bytesWritten < 0)
            UnixError::throwMe();
    }
    close(stdinpipe[1]);
}

void ExecCLITool::closeAllPipes()
{
    for (int ix=0;ix<2;ix++)
        if (stdoutpipe[ix])
        {
            close(stdoutpipe[ix]);
            stdoutpipe[ix]=0;
        }

    for (int ix=0;ix<2;ix++)
        if (stdinpipe[ix])
        {
            close(stdinpipe[ix]);
            stdinpipe[ix]=0;
        }
}

#pragma mark -------------------- VAArgList implementation --------------------

int VAArgList::set(const char *path,va_list params)
{
    va_list params2;
    va_copy(params2, params);

	// Count up the number of arguments
    int nn = 1;
	while (va_arg(params,const char *) != NULL)
        nn++;
    argn = nn;
    argv = (ArgvArgPtr *)malloc((nn + 1) * sizeof(*argv));
    if (argv == NULL)
        return 0;

    nn = 1;
	argv[0]=path;
    while ((argv[nn]=va_arg(params2,const char *)) != NULL)
    	nn++;
    mSet = true;
    return 0;
}
Commit	Line	Data
df0e469f A	1
	2	#include <sys/wait.h>
	3	#include "ExecCLITool.h"
	4	#include <Security/utilities.h>
	5	#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
	6
	7	#pragma mark -------------------- ExecCLITool implementation --------------------
	8
	9	ExecCLITool::ExecCLITool() : dataRead(NULL),dataLength(0),dataToWrite(NULL),dataToWriteLength(0)
	10	{
	11	stdinpipe[0]=0, stdinpipe[1]=0;
	12	stdoutpipe [0]=0, stdoutpipe [1]=0;
	13	}
	14
	15	ExecCLITool::~ExecCLITool()
	16	{
	17	if (dataRead)
	18	free(dataRead);
	19	reset();
	20	}
	21
	22	int ExecCLITool::run(const char toolPath, const char toolEnvVar, ...)
	23	{
	24	try
	25	{
	26	reset();
	27	initialize();
	28
	29	// try to run the tool
	30	switch (pid_t pid = fork())
	31	{
	32	case 0: // child
	33	{
	34	VAArgList arglist;
	35	va_list params;
	36	va_start(params, toolEnvVar);
	37	arglist.set(toolPath,params);
	38	va_end(params);
	39	child(toolPath,toolEnvVar,arglist);
	40	}
	41	break;
	42	case -1: // error (in parent)
	43	UnixError::throwMe();
	44	break;
	45	default: // parent
	46	parent(pid);
	47	break;
	48	}
	49	}
	50	catch (...)
	51	{
	52	closeAllPipes();
	53	return errno;
	54	}
	55
	56	closeAllPipes();
	57	return 0;
	58	}
	59
	60	void ExecCLITool::reset()
	61	{
	62	closeAllPipes();
	63	#if 0
	64	if (dataToWrite)
65	{
66	free(dataToWrite);
67	dataToWrite = NULL;
68	}
69	dataToWriteLength = 0;
70	#endif
71	}
72
73	void ExecCLITool::input(const char *data,unsigned int length)
74	{
75	if (dataToWrite)
76	{
77	::free(dataToWrite);
78	dataToWrite = NULL;
79	}
80	dataToWriteLength=length;
81	if (!data)
82	return;
83
84	dataToWrite=reinterpret_cast<char *>(malloc(length));
85	::memmove(dataToWrite, data, dataToWriteLength);
86	}
87
88	void ExecCLITool::input(CFStringRef theString, bool appendNULL)
89	{
90	// Used mainly for preserving UTF-8 passwords
91	// hdiutil et al require the NULL to be sent as part of the password string from STDIN
92	Boolean isExternalRepresentation = false;
93	CFStringEncoding encoding = kCFStringEncodingUTF8;
94	CFIndex usedBufLen = 0;
95	UInt8 lossByte = 0;
96
97	if (!theString)
98	MacOSError::throwMe(paramErr);
99
100	CFRange stringRange = CFRangeMake(0,CFStringGetLength(theString));
101	// Call once first just to get length
102	CFIndex length = CFStringGetBytes(theString, stringRange, encoding, lossByte,
103	isExternalRepresentation, NULL, 0, &usedBufLen);
104
105	if (dataToWrite)
106	::free(dataToWrite);
107	dataToWriteLength=usedBufLen;
108	if (appendNULL)
109	{
110	dataToWriteLength++;
111	dataToWriteLength++;
112	}
113
114	dataToWrite=reinterpret_cast<char *>(malloc(dataToWriteLength));
115	length = CFStringGetBytes(theString, stringRange, encoding, lossByte, isExternalRepresentation,
116	reinterpret_cast<UInt8 *>(dataToWrite), dataToWriteLength, &usedBufLen);
117
118	if (appendNULL)
119	{
120	dataToWrite[dataToWriteLength-1]=0;
121	dataToWrite[dataToWriteLength]='\n';
122	}
123	}
124
125	void ExecCLITool::initialize()
126	{
127	dataLength = 0; // ignore any previous output on new run
128
129	if (!dataRead) // Allocate buffer for child's STDOUT return
130	{
131	dataRead = (char *)malloc(256);
132	if (!dataRead)
133	UnixError::throwMe();
134	}
135
136	// Create pipe to catch tool output
137	if (pipe(stdoutpipe)) // for reading data from child into parent
138	UnixError::throwMe();
139
140	if (pipe(stdinpipe)) // for writing data from parent to child
141	UnixError::throwMe();
142	}
143
144	void ExecCLITool::child(const char toolPath, const char toolEnvVar, VAArgList& arglist)
145	{
146	// construct path to tool
147	try
148	{
149	char toolExecutable[PATH_MAX + 1];
150	const char *path = toolEnvVar ? getenv(toolEnvVar) : NULL;
151	if (!path)
152	path = toolPath;
153	snprintf(toolExecutable, sizeof(toolExecutable), "%s", toolPath);
154
155	close(stdoutpipe[0]); // parent read
156	close(STDOUT_FILENO);
157	if (dup2(stdoutpipe[1], STDOUT_FILENO) < 0)
158	UnixError::throwMe();
159	close(stdoutpipe[1]);
160
161	close(stdinpipe[1]); // parent write
162	close(STDIN_FILENO);
163	if (dup2(stdinpipe[0], STDIN_FILENO) < 0)
164	UnixError::throwMe();
165	close(stdinpipe[0]);
166
167	// std::cerr << "execl(\"" << toolExecutable << "\")" << std::endl;
168	execv(toolPath, const_cast<char * const *>(arglist.get()));
169	// std::cerr << "execl of " << toolExecutable << " failed, errno=" << errno << std::endl;
170	}
171	catch (...)
172	{
173	int err = errno;
174	// closeAllPipes();
175	_exit(err);
176	}
177
178	// Unconditional suicide follows.
179	_exit(1);
180	}
181
182	void ExecCLITool::parent(pid_t pid)
183	{
184	static const int timeout = 300;
185	static const bool dontNeedToWait = false;
186
187	close(stdinpipe[0]); // child read
188	close(stdoutpipe[1]); // child write
189
190	parentWriteInput();
191
192	parentReadOutput();
193
194	struct timespec rqtp = {0,};
195	rqtp.tv_nsec = 100000000; // 10^8 nanoseconds = 1/10th of a second
196	for (int nn = timeout; nn > 0; nanosleep(&rqtp, NULL), nn--)
197	{
198	if (dontNeedToWait)
199	break;
200	int status;
201	switch (waitpid(pid, &status, WNOHANG))
202	{
203	case 0: // child still running
204	break;
205	case -1: // error
206	switch (errno)
207	{
208	case EINTR:
209	case EAGAIN: // transient
210	continue;
211	case ECHILD: // no such child (dead; already reaped elsewhere)
212	CssmError::throwMe(CSSM_ERRCODE_NO_USER_INTERACTION);
213	default:
214	UnixError::throwMe();
215	}
216	default:
217	// std::cerr << "waitpid succeeded, pid=" << rc << std::endl;
218	return;
219	}
220	}
221	}
222
223	void ExecCLITool::parentReadOutput()
224	{
225	// parent - resulting blob comes in on stdoutpipe[0]
226	unsigned int totalRead = 0;
227	char buffer[kReadBufSize];
228
229	for (;;)
230	{
231	int thisRead = read(stdoutpipe[0], buffer, kReadBufSize);
232	if (thisRead < 0)
233	{
234	if (errno==EINTR) // try some more
235	continue;
236	// std::cerr << "abnormal read end:" << errno << std::endl;
237	break;
238	}
239	if (thisRead == 0) // normal termination
240	{
241	dataLength = totalRead;
242	// std::cerr << "Normal read end" << std::endl;
243	break;
244	}
245
246	// Resize dataRead if necessary
247	if (kReadBufSize < (totalRead + (unsigned int)thisRead))
248	{
249	uint32 newLen = dataLength + kReadBufSize;
250	dataRead = (char *)realloc(dataRead, newLen);
251	dataLength = newLen;
252	}
253
254	// Append the data to dataRead
255	memmove(dataRead + totalRead, buffer, thisRead);
256	totalRead += thisRead;
257	}
258	close(stdoutpipe[0]);
259
260	}
261
262	void ExecCLITool::parentWriteInput()
263	{
264	if (dataToWriteLength>0)
265	{
266	int bytesWritten = write(stdinpipe[1],dataToWrite,dataToWriteLength);
267	if (bytesWritten < 0)
268	UnixError::throwMe();
269	}
270	close(stdinpipe[1]);
271	}
272
273	void ExecCLITool::closeAllPipes()
274	{
275	for (int ix=0;ix<2;ix++)
276	if (stdoutpipe[ix])
277	{
278	close(stdoutpipe[ix]);
279	stdoutpipe[ix]=0;
280	}
281
282	for (int ix=0;ix<2;ix++)
283	if (stdinpipe[ix])
284	{
285	close(stdinpipe[ix]);
286	stdinpipe[ix]=0;
287	}
288	}
289
290	#pragma mark -------------------- VAArgList implementation --------------------
291
292	int VAArgList::set(const char *path,va_list params)
293	{
294	va_list params2;
295	va_copy(params2, params);
296
297	// Count up the number of arguments
298	int nn = 1;
299	while (va_arg(params,const char *) != NULL)
300	nn++;
301	argn = nn;
302	argv = (ArgvArgPtr )malloc((nn + 1) sizeof(*argv));
303	if (argv == NULL)
304	return 0;
305
306	nn = 1;
307	argv[0]=path;
308	while ((argv[nn]=va_arg(params2,const char *)) != NULL)
309	nn++;
310	mSet = true;
311	return 0;
312	}
313