2024-09-24 16:11:08 +09:00
|
|
|
/*
|
|
|
|
Package helper runs external helpers and manages their status and args FDs.
|
|
|
|
*/
|
|
|
|
package helper
|
2024-09-25 01:16:06 +09:00
|
|
|
|
|
|
|
import (
|
|
|
|
"errors"
|
|
|
|
"io"
|
|
|
|
"os"
|
|
|
|
"os/exec"
|
|
|
|
"sync"
|
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
|
|
|
ErrStatusFault = errors.New("generic status pipe fault")
|
|
|
|
ErrStatusRead = errors.New("unexpected status response")
|
|
|
|
)
|
|
|
|
|
2024-09-29 14:40:01 +09:00
|
|
|
const (
|
|
|
|
FortifyHelper = "FORTIFY_HELPER"
|
|
|
|
FortifyStatus = "FORTIFY_STATUS"
|
|
|
|
)
|
|
|
|
|
2024-09-25 01:16:06 +09:00
|
|
|
// Helper wraps *exec.Cmd and manages status and args fd.
|
|
|
|
// Args is always 3 and status if set is always 4.
|
|
|
|
type Helper struct {
|
|
|
|
args io.WriterTo
|
|
|
|
|
|
|
|
statP [2]*os.File
|
|
|
|
argsP [2]*os.File
|
|
|
|
|
|
|
|
ready chan error
|
|
|
|
|
|
|
|
// ExtraFiles specifies additional open files to be inherited by the
|
|
|
|
// new process. It does not include standard input, standard output, or
|
|
|
|
// standard error. If non-nil, entry i becomes file descriptor 5+i.
|
|
|
|
ExtraFiles []*os.File
|
|
|
|
|
2024-09-25 14:00:30 +09:00
|
|
|
lock sync.RWMutex
|
2024-09-25 01:16:06 +09:00
|
|
|
*exec.Cmd
|
|
|
|
}
|
|
|
|
|
|
|
|
func (h *Helper) StartNotify(ready chan error) error {
|
|
|
|
h.lock.Lock()
|
|
|
|
defer h.lock.Unlock()
|
|
|
|
|
|
|
|
// Check for doubled Start calls before we defer failure cleanup. If the prior
|
|
|
|
// call to Start succeeded, we don't want to spuriously close its pipes.
|
|
|
|
if h.Cmd.Process != nil {
|
|
|
|
return errors.New("exec: already started")
|
|
|
|
}
|
|
|
|
|
|
|
|
// create pipes
|
|
|
|
if pr, pw, err := os.Pipe(); err != nil {
|
|
|
|
return err
|
|
|
|
} else {
|
|
|
|
h.argsP[0], h.argsP[1] = pr, pw
|
|
|
|
}
|
|
|
|
// create status pipes if ready signal is requested
|
2024-09-29 14:40:01 +09:00
|
|
|
var sv string
|
2024-09-25 01:16:06 +09:00
|
|
|
if ready != nil {
|
|
|
|
if pr, pw, err := os.Pipe(); err != nil {
|
|
|
|
return err
|
|
|
|
} else {
|
|
|
|
h.statP[0], h.statP[1] = pr, pw
|
|
|
|
}
|
2024-09-29 14:40:01 +09:00
|
|
|
|
|
|
|
sv = FortifyStatus + "=1"
|
|
|
|
} else {
|
|
|
|
sv = FortifyStatus + "=0"
|
2024-09-25 01:16:06 +09:00
|
|
|
}
|
|
|
|
|
2024-09-29 14:40:01 +09:00
|
|
|
// prepare extra files from caller
|
2024-09-25 01:16:06 +09:00
|
|
|
el := len(h.ExtraFiles)
|
|
|
|
if ready != nil {
|
|
|
|
el += 2
|
|
|
|
} else {
|
|
|
|
el++
|
|
|
|
}
|
|
|
|
ef := make([]*os.File, 0, el)
|
|
|
|
ef = append(ef, h.argsP[0])
|
|
|
|
if ready != nil {
|
|
|
|
ef = append(ef, h.statP[1])
|
|
|
|
}
|
|
|
|
ef = append(ef, h.ExtraFiles...)
|
|
|
|
|
|
|
|
// prepare and start process
|
|
|
|
h.Cmd.ExtraFiles = ef
|
2024-09-29 14:40:01 +09:00
|
|
|
h.Cmd.Env = append(h.Cmd.Env, FortifyHelper+"=1", sv)
|
2024-09-25 01:16:06 +09:00
|
|
|
if err := h.Cmd.Start(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
statsP, argsP := h.statP[0], h.argsP[1]
|
|
|
|
|
|
|
|
// write arguments and close args pipe
|
|
|
|
if _, err := h.args.WriteTo(argsP); err != nil {
|
|
|
|
if err1 := h.Cmd.Process.Kill(); err1 != nil {
|
|
|
|
panic(err1)
|
|
|
|
}
|
|
|
|
return err
|
|
|
|
} else {
|
|
|
|
if err = argsP.Close(); err != nil {
|
|
|
|
if err1 := h.Cmd.Process.Kill(); err1 != nil {
|
|
|
|
panic(err1)
|
|
|
|
}
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if ready != nil {
|
|
|
|
h.ready = ready
|
|
|
|
|
|
|
|
// monitor stat pipe
|
|
|
|
go func() {
|
|
|
|
n, err := statsP.Read(make([]byte, 1))
|
|
|
|
switch n {
|
|
|
|
case -1:
|
|
|
|
if err1 := h.Cmd.Process.Kill(); err1 != nil {
|
|
|
|
panic(err1)
|
|
|
|
}
|
|
|
|
// ensure error is not nil
|
|
|
|
if err == nil {
|
|
|
|
err = ErrStatusFault
|
|
|
|
}
|
|
|
|
ready <- err
|
|
|
|
case 0:
|
|
|
|
// ensure error is not nil
|
|
|
|
if err == nil {
|
|
|
|
err = ErrStatusRead
|
|
|
|
}
|
|
|
|
ready <- err
|
|
|
|
case 1:
|
|
|
|
ready <- nil
|
|
|
|
default:
|
|
|
|
panic("unreachable") // unexpected read count
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (h *Helper) Wait() error {
|
|
|
|
h.lock.RLock()
|
|
|
|
defer h.lock.RUnlock()
|
|
|
|
|
|
|
|
if h.Cmd.Process == nil {
|
|
|
|
return errors.New("exec: not started")
|
|
|
|
}
|
|
|
|
if h.Cmd.ProcessState != nil {
|
|
|
|
return errors.New("exec: Wait was already called")
|
|
|
|
}
|
|
|
|
|
|
|
|
// ensure pipe close
|
|
|
|
defer func() {
|
|
|
|
if err := h.argsP[0].Close(); err != nil && !errors.Is(err, os.ErrClosed) {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
if err := h.argsP[1].Close(); err != nil && !errors.Is(err, os.ErrClosed) {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if h.ready != nil {
|
|
|
|
if err := h.statP[0].Close(); err != nil && !errors.Is(err, os.ErrClosed) {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
if err := h.statP[1].Close(); err != nil && !errors.Is(err, os.ErrClosed) {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
|
|
|
return h.Cmd.Wait()
|
|
|
|
}
|
|
|
|
|
|
|
|
func (h *Helper) Close() error {
|
|
|
|
if h.ready == nil {
|
|
|
|
panic("attempted to close helper with no status pipe")
|
|
|
|
}
|
|
|
|
|
|
|
|
return h.statP[0].Close()
|
|
|
|
}
|
|
|
|
|
|
|
|
func (h *Helper) Start() error {
|
|
|
|
return h.StartNotify(nil)
|
|
|
|
}
|
|
|
|
|
2024-09-29 14:40:01 +09:00
|
|
|
var execCommand = exec.Command
|
|
|
|
|
2024-09-25 01:16:06 +09:00
|
|
|
func New(wt io.WriterTo, name string, arg ...string) *Helper {
|
|
|
|
if wt == nil {
|
2024-09-25 14:00:30 +09:00
|
|
|
panic("attempted to create helper with invalid argument writer")
|
2024-09-25 01:16:06 +09:00
|
|
|
}
|
|
|
|
|
2024-09-29 14:40:01 +09:00
|
|
|
return &Helper{args: wt, Cmd: execCommand(name, arg...)}
|
2024-09-25 01:16:06 +09:00
|
|
|
}
|