Commit 1e888a83 authored by Baptiste Daroussin's avatar Baptiste Daroussin
Browse files

triggers: only allow lua triggers and remove entirely shell triggers

parent 71379d96
......@@ -55,8 +55,6 @@ get_script_type(const char *str)
{
if (strcasecmp(str, "lua") == 0)
return (SCRIPT_LUA);
if (strcasecmp(str, "shell") == 0)
return (SCRIPT_SHELL);
return (SCRIPT_UNKNOWN);
}
......@@ -88,7 +86,7 @@ trigger_open_schema(void)
" type = { "
" type = string,"
" sandbox = boolean, "
" enum: [lua, shell];"
" enum: [lua];"
" };"
" script = { type = string };"
" }; "
......@@ -100,7 +98,7 @@ trigger_open_schema(void)
" type = { "
" type = string,"
" sandbox = boolean, "
" enum: [lua, shell];"
" enum: [lua];"
" };"
" script = { type = string };"
" }; "
......@@ -343,14 +341,10 @@ get_random_name(char name[])
}
static void
save_trigger(const char *script, bool sandbox, kh_strings_t *args, bool lua)
save_trigger(const char *script, bool sandbox, kh_strings_t *args)
{
int db = ctx.pkg_dbdirfd;
const char *dir;
const char *comment = "-- ";
if (!lua)
comment = "# ";
if (!mkdirat_p(db, "triggers"))
return;
......@@ -381,89 +375,16 @@ save_trigger(const char *script, bool sandbox, kh_strings_t *args, bool lua)
close(trigfd);
FILE *f = fdopen(fd, "w");
if (sandbox)
fprintf(f, "%ssandbox\n", comment);
fprintf(f, "%sbegin args\n", comment);
fputs("--sandbox\n", f);
fputs("--begin args\n", f);
kh_foreach_value(args, dir, {
fprintf(f, "-- %s\n", dir);
});
fprintf(f, "%send args\n--\n", comment);
fputs("--end args\n--\n", f);
fprintf(f, "%s\n", script);
fclose(f);
}
static int
trigger_execute_shell(const char *script, bool sandboxed __unused, kh_strings_t *args __unused)
{
posix_spawn_file_actions_t action;
int stdin_pipe[2] = {-1, -1};
const char *argv[3];
const char *script_p;
size_t len;
ssize_t bw;
int error, pstat;
int ret = EPKG_OK;
pid_t pid;
if (ctx.defer_triggers) {
save_trigger(script, false, args, false);
return (EPKG_OK);
}
if (pipe(stdin_pipe) < 0)
return (EPKG_FATAL);
posix_spawn_file_actions_init(&action);
posix_spawn_file_actions_adddup2(&action, stdin_pipe[0], STDIN_FILENO);
posix_spawn_file_actions_addclose(&action, stdin_pipe[1]);
argv[0] = _PATH_BSHELL;
argv[1] = "-s";
argv[2] = NULL;
if ((error = posix_spawn(&pid, _PATH_BSHELL, &action, NULL,
__DECONST(char **, argv), environ)) != 0) {
errno = error;
pkg_errno("Cannot run trigger script %s", script);
posix_spawn_file_actions_destroy(&action);
ret = EPKG_FATAL;
goto cleanup;
}
posix_spawn_file_actions_destroy(&action);
len = strlen(script);
while (len > 0) {
script_p = script;
if ((bw = write(stdin_pipe[1], script_p, len)) == -1) {
if (errno == EINTR)
continue;
ret = EPKG_FATAL;
goto cleanup;
}
script_p += bw;
len -= bw;
}
close(stdin_pipe[1]);
while (waitpid(pid, &pstat, 0) == -1) {
if (errno != EINTR) {
pkg_emit_error("waitpid() failed: %s", strerror(errno));
ret = EPKG_FATAL;
goto cleanup;
}
}
if (WEXITSTATUS(pstat) != 0)
ret = EPKG_FATAL;
cleanup:
if (stdin_pipe[0] != -1)
close(stdin_pipe[0]);
if (stdin_pipe[1] != -1)
close(stdin_pipe[1]);
return (ret);
}
static int
trigger_execute_lua(const char *script, bool sandbox, kh_strings_t *args)
{
......@@ -471,7 +392,7 @@ trigger_execute_lua(const char *script, bool sandbox, kh_strings_t *args)
int pstat;
if (ctx.defer_triggers) {
save_trigger(script, sandbox, args, true);
save_trigger(script, sandbox, args);
return (EPKG_OK);
}
......@@ -600,8 +521,6 @@ triggers_execute(struct trigger *cleanup_triggers)
if (t->cleanup.type == SCRIPT_LUA) {
ret = trigger_execute_lua(t->cleanup.script,
t->cleanup.sandbox, NULL);
} else if (t->cleanup.type == SCRIPT_SHELL) {
ret = trigger_execute_shell(t->cleanup.script, false, NULL);
}
if (ret != EPKG_OK)
goto cleanup;
......@@ -623,8 +542,6 @@ triggers_execute(struct trigger *cleanup_triggers)
if (t->script.type == SCRIPT_LUA) {
ret = trigger_execute_lua(t->script.script,
t->script.sandbox, t->matched);
} else if (t->script.type == SCRIPT_SHELL) {
ret = trigger_execute_shell(t->script.script, false, t->matched);
}
if (ret != EPKG_OK)
goto cleanup;
......@@ -661,8 +578,6 @@ append_touched_file(const char *path)
void
exec_deferred(int dfd, const char *name)
{
int (*trigger_exec)(const char *, bool , kh_strings_t *);
const char *comment = NULL;
bool sandbox = false;
kh_strings_t *args = NULL;
xstring *script = NULL;
......@@ -684,17 +599,8 @@ exec_deferred(int dfd, const char *name)
char *walk;
bool inargs = false;
while ((linelen = getline(&line, &linecap, f)) > 0) {
if (comment == NULL) {
if (*line == '#') {
trigger_exec = &trigger_execute_shell;
comment = "#";
} else {
trigger_exec = &trigger_execute_lua;
comment = "--";
}
}
walk = line;
walk += strlen(comment);
walk += 2; /* '--' aka lua comments */
if (strncmp(walk, "sandbox", 7) == 0) {
sandbox = true;
continue;
......@@ -725,7 +631,7 @@ exec_deferred(int dfd, const char *name)
return;
}
char *s = xstring_get(script);
if (trigger_exec(s, sandbox, args) == EPKG_OK) {
if (trigger_execute_lua(s, sandbox, args) == EPKG_OK) {
unlinkat(dfd, name, 0);
}
free(s);
......
......@@ -3,35 +3,8 @@
. $(atf_get_srcdir)/test_environment.sh
tests_init \
cleanup_shell \
cleanup_lua
cleanup_shell_body() {
atf_check -s exit:0 sh ${RESOURCEDIR}/test_subr.sh new_pkg "test" "test" "1" "/"
mkdir trigger_dir/
cat << EOF >> trigger_dir/trigger.ucl
path: [ "/" ]
cleanup: {
type: shell
script: <<EOS
echo "Cleaning up"
EOS
}
trigger: {
type: shell
script: <<EOS
exit 0
EOS
}
EOF
echo ${TMPDIR}/trigger_dir/trigger.ucl > plist
atf_check pkg create -M test.ucl -p plist
mkdir target
atf_check pkg -o REPOS_DIR=/dev/null -r ${TMPDIR}/target install -qfy ${TMPDIR}/test-1.pkg
atf_check pkg -o REPOS_DIR=/dev/null -o PKG_TRIGGERS_DIR="${TMPDIR}/trigger_dir" install -qfy ${TMPDIR}/test-1.pkg
atf_check -o inline:"Cleaning up\n" pkg -o REPOS_DIR=/dev/null -o PKG_TRIGGERS_DIR="${TMPDIR}/trigger_dir" delete -qy test
}
cleanup_lua_body() {
atf_check -s exit:0 sh ${RESOURCEDIR}/test_subr.sh new_pkg "test" "test" "1" "/"
mkdir trigger_dir/
......@@ -54,6 +27,7 @@ EOF
atf_check pkg create -M test.ucl -p plist
mkdir target
atf_check pkg -o REPOS_DIR=/dev/null -r ${TMPDIR}/target install -qfy ${TMPDIR}/test-1.pkg
unset PKG_TRIGGERS_DIR
atf_check pkg -o REPOS_DIR=/dev/null -o PKG_TRIGGERS_DIR="${TMPDIR}/trigger_dir" install -qfy ${TMPDIR}/test-1.pkg
atf_check -o inline:"Cleaning up\n" pkg -o REPOS_DIR=/dev/null -o PKG_TRIGGERS_DIR="${TMPDIR}/trigger_dir" delete -qy test
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment