empire/empserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

client: Improve the client's messages

Browse source 
Use a "Warning: " prefix for server output violating the protocol and
for rogue redirections and executes.  Don't shout "WARNING!"

In redir_authorized(), check for server issues (conflicting
redirections, rogue redirections and executes) before enforcing
restrictions (restricted mode, executing batch file), so server issues
aren't masked.

Surprisingly, popen() may not set errno on failure.  Avoid reporting a
bogus errno in dopipe().

doexecute() complains about an "execute file".  We call that a "batch
file" elsewhere.  Reword for consistency.

Signed-off-by: Markus Armbruster <armbru@pond.sub.org>
This commit is contained in:
Markus Armbruster 2015-12-27 15:54:10 +01:00
parent 8fe0221634
commit a2f6ea968c
1 changed files with 21 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

40
src/client/servcmd.c
View file

@ -69,7 +69,8 @@ servercmd(int code, char *arg, int len)
switch (code) { switch (code) {
case C_PROMPT: case C_PROMPT:
if (sscanf(arg, "%d %d", &nmin, &nbtu) != 2) { if (sscanf(arg, "%d %d", &nmin, &nbtu) != 2) {
fprintf(stderr, "prompt: bad server prompt %s", arg); fprintf(stderr, "Warning: server sent malformed prompt %s",
arg);
} }
snprintf(the_prompt, sizeof(the_prompt), "[%d:%d] Command : ", snprintf(the_prompt, sizeof(the_prompt), "[%d:%d] Command : ",
nmin, nbtu); nmin, nbtu);
@ -162,6 +163,19 @@ redir_authorized(char *arg, char *attempt, int expected)
{ {
size_t seen = seen_input(arg); size_t seen = seen_input(arg);
if (!expected) {
fprintf(stderr, "Warning: dropped conflicting %s %s",
attempt, arg);
return 0;
}
if (!seen || (input_to_forget && input_to_forget != seen)) {
fprintf(stderr, "Warning: server attempted to %s %s",
attempt, arg);
return 0;
}
input_to_forget = seen;
if (restricted) { if (restricted) {
fprintf(stderr, "Can't %s in restricted mode\n", attempt); fprintf(stderr, "Can't %s in restricted mode\n", attempt);
return 0; return 0;
@ -171,19 +185,6 @@ redir_authorized(char *arg, char *attempt, int expected)
fprintf(stderr, "Can't %s in a batch file\n", attempt); fprintf(stderr, "Can't %s in a batch file\n", attempt);
return 0; return 0;
} }
if (!expected) {
fprintf(stderr, "WARNING! Server attempted to %s unexpectedly\n",
attempt);
return 0;
}
if (!seen || (input_to_forget && input_to_forget != seen)) {
fprintf(stderr, "WARNING! Server attempted to %s %s",
attempt, arg);
return 0;
}
input_to_forget = seen;
return 1; return 1;
} }
@ -196,7 +197,7 @@ doredir(char *p)
if (!redir_authorized(p, "redirect to file", !redir_fp)) if (!redir_authorized(p, "redirect to file", !redir_fp))
return; return;
if (*p++ != '>') { if (*p++ != '>') {
fprintf(stderr, "WARNING! Weird redirection %s", p); fprintf(stderr, "Warning: dropped weird redirection %s", p);
return; return;
} }
@ -231,7 +232,7 @@ dopipe(char *p)
if (!redir_authorized(p, "pipe to shell command", !redir_fp)) if (!redir_authorized(p, "pipe to shell command", !redir_fp))
return; return;
if (*p++ != '|') { if (*p++ != '|') {
fprintf(stderr, "WARNING! Weird pipe %s", p); fprintf(stderr, "Warning: dropped weird pipe %s", p);
return; return;
} }
@ -245,9 +246,10 @@ dopipe(char *p)
p[strlen(p) - 1] = 0; p[strlen(p) - 1] = 0;
redir_is_pipe = 1; redir_is_pipe = 1;
errno = 0;
if ((redir_fp = popen(p, "w")) == NULL) { if ((redir_fp = popen(p, "w")) == NULL) {
fprintf(stderr, "Can't redirect to pipe %s: %s\n", fprintf(stderr, "Can't redirect to pipe %s%s%s\n",
p, strerror(errno)); p, errno ? ": " : "", errno ? strerror(errno) : "");
} }
} }
@ -266,7 +268,7 @@ doexecute(char *p)
} }
if ((fd = open(p, O_RDONLY)) < 0) { if ((fd = open(p, O_RDONLY)) < 0) {
fprintf(stderr, "Can't open execute file %s: %s\n", fprintf(stderr, "Can't open batch file %s: %s\n",
p, strerror(errno)); p, strerror(errno));
return -1; return -1;
} }