libaudit.pm.in 16 KB
Newer Older
1 2 3
#!/usr/bin/perl -w

#
4
# Copyright (c) 2000-2015 University of Utah and the Flux Group.
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
# 
# {{{EMULAB-LICENSE
# 
# This file is part of the Emulab network testbed software.
# 
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
# 
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public
# License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this file.  If not, see <http://www.gnu.org/licenses/>.
# 
# }}}
24 25 26 27 28 29 30
#

package libaudit;
use Exporter;

@ISA = "Exporter";
@EXPORT =
31
    qw ( AuditStart AuditEnd AuditAbort AuditFork AuditSetARGV AuditGetARGV
Kevin Atkinson's avatar
Kevin Atkinson committed
32
	 AddAuditInfo
33
	 LogStart LogEnd LogAbort AuditDisconnect AuditPrefork
34
	 LIBAUDIT_NODAEMON LIBAUDIT_DAEMON LIBAUDIT_LOGONLY
35
	 LIBAUDIT_NODELETE LIBAUDIT_FANCY LIBAUDIT_LOGTBOPS LIBAUDIT_LOGTBLOGS
36
	 LIBAUDIT_DEBUG
37
       );
38 39 40

# After package decl.
use English;
41
use POSIX qw(isatty setsid dup2);
42 43
use File::Basename;
use IO::Handle;
Kevin Atkinson's avatar
Kevin Atkinson committed
44
use Carp;
45 46 47 48 49 50 51 52 53

#
# Testbed Support libraries
#
use libtestbed;

my $TBOPS	= "@TBOPSEMAIL@";
my $TBAUDIT	= "@TBAUDITEMAIL@";
my $TBLOGS	= "@TBLOGSEMAIL@";
54
my $OURDOMAIN   = "@OURDOMAIN@";
55 56
my $SCRIPTNAME	= "Unknown";
my $USERNAME    = "Unknown";
57
my $GCOS        = "Unknown";
58 59
my @SAVEARGV	= @ARGV;
my $SAVEPID	= $PID;
60 61
my $SAVE_STDOUT = 0;
my $SAVE_STDERR = 0;
62 63 64 65 66 67 68

# Indicates, this script is being audited.
my $auditing	= 0;

# Where the log is going. When not defined, do not send it in email!
my $logfile;

69 70 71
# Sleazy.
my $prefork;

72 73
# Logonly, not to audit list.
my $logonly     = 0;
74 75
# Log to tbops or tblogs
my $logtblogs   = 0;
76

77 78 79
# Save log when logging only.
my $savelog     = 0;

Kevin Atkinson's avatar
Kevin Atkinson committed
80 81 82 83
# If set than send "fancy" email and also call tblog_find_error
# on errors
my $fancy       = 0;

84 85 86
# We be forked.
my $forked      = 0;

Kevin Atkinson's avatar
Kevin Atkinson committed
87 88 89
# Extra info used when AUDIT_FANCY is set
my %AUDIT_INFO;

90 91 92 93 94 95 96 97 98
# Untainted scriptname for email below.
if ($PROGRAM_NAME =~ /^([-\w\.\/]+)$/) {
    $SCRIPTNAME = basename($1);
}
else {
    $SCRIPTNAME = "Tainted";
}

# The user running the script.
99
if (my ($name,undef,undef,undef,undef,undef,$gcos) = getpwuid($UID)) {
100
    $USERNAME = $name;
101
    $GCOS     = $gcos;
102 103
}

104 105 106 107 108 109 110 111 112 113 114 115 116 117 118
#
# Debugging audit is a pain.
#
my $debugfile;

sub DebugAudit($)
{
    my ($msg) = @_;
    
    if (defined($debugfile)) {
	system("/bin/date >> $debugfile");
	system("/bin/echo '$msg' >> $debugfile");
    }
}

119 120 121 122 123 124 125
#
# Options to AuditStart.
#
sub LIBAUDIT_NODAEMON	{ 0; }
sub LIBAUDIT_DAEMON	{ 0x01; }
sub LIBAUDIT_LOGONLY	{ 0x02; }
sub LIBAUDIT_NODELETE	{ 0x04; }
Kevin Atkinson's avatar
Kevin Atkinson committed
126 127
sub LIBAUDIT_FANCY      { 0x08; } # Only use if libdb and libtblog are
                                  # already in use
128
sub LIBAUDIT_LOGTBOPS	{ 0x10; }
129
sub LIBAUDIT_LOGTBLOGS	{ 0x20; }
130
sub LIBAUDIT_DEBUG	{ 0x40; }
131

132 133 134 135 136 137
#
# Start an audit (or log) of a script. First arg is a flag indicating if
# the script should fork/detach. The second (optional) arg is a file name
# into which the log should be written. The return value is non-zero in the
# parent, and zero in the child (if detaching).
# 
138
sub AuditStart($;$$)
139
{
140
    my($daemon, $logname, $options) = @_;
141 142 143 144 145 146 147 148 149 150

    #
    # If we are already auditing, then do not audit a child script. This
    # would result in a blizzard of email! We wrote the scripts, so we
    # should now what they do!
    #
    if (defined($ENV{'TBAUDITON'})) {
	return;
    }

151
    # Logging instead of "auditing" ...
152
    if (defined($options)) {
153 154 155
	if ($options & LIBAUDIT_NODELETE()) {
	    $savelog = 1;
	}
156 157 158
	if ($options & LIBAUDIT_DEBUG()) {
	    $debugfile = "/var/tmp/auditdebug.$$";
	}
159 160 161
	if ($options & LIBAUDIT_LOGONLY()) {
	    $logonly = 1;

162 163 164
	    if ($options & LIBAUDIT_LOGTBOPS()) {
		$logtbops = 1;
	    }
165 166 167
	    elsif ($options & LIBAUDIT_LOGTBLOGS()) {
		$logtblogs = 1;
	    }
168
	}
Kevin Atkinson's avatar
Kevin Atkinson committed
169 170 171 172 173 174
	if ($options & LIBAUDIT_FANCY()) {
	    if (!$INC{"libdb.pm"} || !$INC{"libtblog.pm"}) {
		croak "libdb and libtblog must be loaded when using LIBAUDIT_FANCY";
	    }
	    $fancy = 1;
	}
175 176
    }

177 178 179 180 181 182 183
    #
    # If this is an interactive session, then do not bother with a log
    # file. Just send it to the output and hope the user is smart enough to
    # save it off. We still want to audit the operation though, sending a
    # "what was done" message to the audit list, and CC it to tbops if it
    # exits with an error. But the log is the responsibility of the user.
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
184 185 186 187 188
    if (!$daemon && isatty(STDIN)) {
	$auditing = 1;
	$ENV{'TBAUDITON'} = "$SCRIPTNAME:$USERNAME";
	return;
    }
189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207

    if (!defined($logname)) {
	$logfile = TBMakeLogname("$SCRIPTNAME");
    }
    else {
	$logfile = $logname;
    }
    $ENV{'TBAUDITLOG'} = $logfile;
    $ENV{'TBAUDITON'}  = "$SCRIPTNAME:$USERNAME";

    #
    # Okay, daemonize.
    #
    if ($daemon) {
	my $mypid = fork();
	if ($mypid) {
	    select(undef, undef, undef, 0.2);
	    return $mypid;
	}
Kevin Atkinson's avatar
Kevin Atkinson committed
208 209 210
	if (defined(&libtblog::tblog_new_child_process)) {
	    libtblog::tblog_new_child_process();
	}
211 212 213 214 215 216 217 218 219 220 221 222 223
    }
    $auditing = 1;

    #
    # If setuid, lets reset the owner/mode of the log file. Otherwise its
    # owned by root, mode 600 and a pain to deal with later, especially if
    # the script drops its privs!
    #
    if ($UID != $EUID) {
	chown($UID, $EUID, $logfile);
	chmod(0664, $logfile);
    }

224
    # Save old stderr and stdout.
225
    if (!$daemon && $PERL_VERSION >= 5.008) {
226 227 228 229 230
	eval("open(OLDOUT, \">&\", \*STDOUT); ".
	     "\$libaudit::SAVE_STDOUT = *OLDOUT; ".
	     "open(OLDERR, \">&\", \*STDERR); ".
	     "\$libaudit::SAVE_STDERR = *OLDERR;");
    }
231

232 233 234 235 236 237 238 239 240 241 242
    open(STDOUT, ">> $logfile") or
	die("opening $logfile for STDOUT: $!");
    open(STDERR, ">> $logfile") or
	die("opening $logfile for STDERR: $!");

    #
    # Turn off line buffering on output
    #
    STDOUT->autoflush(1);
    STDERR->autoflush(1);

243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258
    if ($daemon) {
	#
	# We have to disconnect from the caller by redirecting both
	# STDIN and STDOUT away from the pipe. Otherwise the caller
	# will continue to wait even though the parent has exited.
	#
	open(STDIN, "< /dev/null") or
	    die("opening /dev/null for STDIN: $!");

	#
	# Create a new session to ensure we are clear of any process group
	#
        POSIX::setsid() or
	    die("setsid failed: $!");
    }

259 260 261
    return 0;
}

262
# Logging, not auditing.
263
sub LogStart($;$$)
264
{
265 266 267
    my($daemon, $logname, $options) = @_;
    $options = 0
	if (!defined($options));
268

269
    return AuditStart($daemon, $logname, $options|LIBAUDIT_LOGONLY());
270 271
}

272
sub LogEnd(;$)
273
{
274 275 276
    my ($status) = @_;
    
    return AuditEnd($status);
277 278
}

279 280 281 282 283
sub LogAbort()
{
    return AuditAbort();
}

284 285 286
#
# Finish an Audit. 
#
287
sub AuditEnd(;$)
288
{
289 290 291 292 293 294
    my ($status) = @_;

    $status = 0
	if (!defined($status));
    
    SendAuditMail($status);
295
    delete @ENV{'TBAUDITLOG', 'TBAUDITON'};
296 297
    unlink($logfile)
	if (defined($logfile) && !$savelog);
298 299 300
    return 0;
}

301 302 303 304 305 306 307 308
#
# Overwrite our saved argv. Usefull when script contains something that
# should not go into a mail log.
#
sub AuditSetARGV(@)
{
    @SAVEARGV = @_;
}
309 310 311 312
sub AuditGetARGV()
{
    return @SAVEARGV;
}
313

314 315 316 317 318 319 320 321 322 323 324 325 326 327
sub AuditDisconnect()
{
    if ($auditing) {
	if (!$daemon && $PERL_VERSION >= 5.008 && $libaudit::SAVE_STDOUT) {
	    close($libaudit::SAVE_STDOUT);
	    close($libaudit::SAVE_STDERR);

	    open(FOO, "> /dev/null");
	    $libaudit::SAVE_STDOUT = *FOO;
	    $libaudit::SAVE_STDERR = *FOO;
	}
    }
}

328 329 330 331 332 333 334 335
#
# Abort an Audit. Dump the log file and do not send email.
#
sub AuditAbort()
{
    if ($auditing) {
	$auditing = 0;

336
	if (!$daemon && $PERL_VERSION >= 5.008 && $libaudit::SAVE_STDOUT) {
337 338 339 340
	    eval("open(STDOUT, \">&\", \$libaudit::SAVE_STDOUT); ".
		 "open(STDERR, \">&\", \$libaudit::SAVE_STDERR);");
	}

341 342 343 344 345
	if (defined($logfile)) {
	    #
	    # This should be okay; the process will keep writing to it,
	    # but will be deleted once the process ends and its closed.
	    #
346 347
	    unlink($logfile)
	    	if (!$savelog);
348 349
	    undef($logfile);
	}
350
	delete @ENV{'TBAUDITLOG', 'TBAUDITON'};
351

352
	system("/usr/bin/touch $prefork")
353
	    if (defined($prefork));
354 355 356 357
    }
    return 0;
}

358 359 360 361 362 363 364 365 366 367 368 369 370 371
#
# Indicate we are about to fork. In general, we want the parent to exit
# first so the first part of the logging email gets sent. Otherwise the
# file might get deleted out from under the child.
# So we use some sleaze to make sure that happens.
#
sub AuditPrefork()
{
    return 0
	if (!$auditing);

    $prefork = "/var/tmp/auditfork_$PID";
}

372 373 374 375 376 377
#
# Ug, forked children result in multiple copies. It does not happen often
# since most forks result in an exec.
#
sub AuditFork()
{
378 379 380
    return 0
	if (!$auditing || !defined($logfile));

381 382 383 384 385 386 387 388 389 390 391 392
    #
    # If prefork is set, we want the parent to exit first. So we wait for
    # that to happen.
    #
    if (defined($prefork)) {
	while (! -e $prefork) {
	    sleep(1);
	}
	unlink($prefork);
    }
    $prefork = undef;

393 394
    open(LOG, ">> $logfile") or
	die("opening $logfile for $logfile: $!");
395

396 397 398 399 400 401 402 403 404 405 406 407 408 409 410
    close(STDOUT);
    close(STDERR);
    POSIX::dup2(fileno(LOG), 1);
    POSIX::dup2(fileno(LOG), 2);
    STDOUT->fdopen(1, "a");
    STDERR->fdopen(2, "a");
    close(LOG);

    #
    # Turn off line buffering on output
    #
    STDOUT->autoflush(1);
    STDERR->autoflush(1);

    #
411
    # Need to close these so that this side of the fork is disconnected.
412 413 414 415
    # Do NOT close the saved STDOUT/STDERR descriptors until the new
    # ones are open and dup'ed into fileno 1 and 2, and the LOG descriptor
    # closed. This was causing SelfLoader to get confused abut something!
    #
416
    if (!$daemon && $PERL_VERSION >= 5.008) {
417
	close($libaudit::SAVE_STDOUT)
418 419
	    if ($libaudit::SAVE_STDOUT &&
		fileno($libaudit::SAVE_STDOUT) != 1);
420
	close($libaudit::SAVE_STDERR)
421 422
	    if ($libaudit::SAVE_STDERR &&
		fileno($libaudit::SAVE_STDERR) != 2);
423 424
	$libaudit::SAVE_STDOUT = 0;
	$libaudit::SAVE_STDERR = 0;
425 426
    }

427 428 429 430 431 432
    #
    # We have to disconnect STDIN from the caller too.
    #
    open(STDIN, "< /dev/null") or
	die("opening /dev/null for STDIN: $!");

433 434 435 436
    #
    # Create a new session to ensure we are clear of any process group.
    #
    POSIX::setsid();
437 438 439 440

    # For exit handling.
    $SAVEPID = $PID;
    $forked  = 1;
441
    
442
    return 0;
443 444 445 446 447 448 449 450 451 452
}

#
# Internal function to send the email. First argument is exit status.
#
# Two messages are sent. A topical message is sent to the audit list. This
# is a short message that says what was done and by who. The actual log of
# what happened is sent to the logs list so that we can go back and see the
# details if needed.
# 
Kevin Atkinson's avatar
Kevin Atkinson committed
453
sub SendFancyMail($);
454 455 456 457 458 459 460 461
sub SendAuditMail($)
{
    my($exitstatus) = @_;
    
    if ($auditing) {
	# Avoid duplicate messages.
	$auditing = 0;

Kevin Atkinson's avatar
Kevin Atkinson committed
462 463 464 465 466 467
	# Needs to called here before STDOUT and STDERR is
	# redirectected below
	if ($exitstatus && $fancy) {
	    &libtblog::tblog_find_error(); 
	}

468
	if (!$daemon && $PERL_VERSION >= 5.008 && $libaudit::SAVE_STDOUT) {
469 470 471 472
	    eval("open(STDOUT, \">&\", \$libaudit::SAVE_STDOUT); ".
		 "open(STDERR, \">&\", \$libaudit::SAVE_STDERR);");
	}

473
	my $subject  = "$SCRIPTNAME @SAVEARGV";
474
	if ($exitstatus) {
475 476 477
	    $subject = "Failed: $subject";
	}

478 479
	my $body     = "$SCRIPTNAME @SAVEARGV\n" .
	               "Invoked by $USERNAME ($GCOS)";
480 481
	if ($exitstatus) {
	    $body   .= "\nExited with status: $exitstatus";
482
	}
483 484 485
	if (defined($AUDIT_INFO{'message'})) {
	    $body   .= "\n" . $AUDIT_INFO{'message'};
	}
486
	my $FROM     = "$GCOS <${USERNAME}\@${OURDOMAIN}>";
487

488 489 490
	if (! $logonly) {
	    SENDMAIL($TBAUDIT, $subject, $body, $FROM, undef, ());
	}
491 492

	# Success and no log ...
493
	if ($exitstatus == 0 && !(defined($logfile) && -s $logfile)) {
494 495 496
	    # Do not save empty logfile. 
	    unlink($logfile)
		if (defined($logfile));
497
	    goto done;
498 499
	}

Kevin Atkinson's avatar
Kevin Atkinson committed
500 501
	if ($fancy) {
	    SendFancyMail($exitstatus);
502
	    goto done;
Kevin Atkinson's avatar
Kevin Atkinson committed
503 504
	}

505 506 507 508 509 510 511 512
	#
	# Send logfile to tblogs. Carbon to tbops if it failed. If no logfile
	# then no point in sending to tblogs, obviously.
	#
	my $TO;
	my $HDRS  = "Reply-To: $TBOPS";
	my @FILES = ();
	
513
	if (defined($logfile) && -s $logfile) {
514
	    @FILES = ($logfile);
515 516

	    if ($logonly) {
517 518 519 520
		if (defined($AUDIT_INFO{'to'})) {
		    $TO    = join(', ', @{ $AUDIT_INFO{'to'} });
		}
		elsif ($logtbops) {
521 522
		    $TO    = $TBOPS;
		}
523 524 525 526
		elsif ($logtblogs) {
		    $TO    = $TBLOGS;
		    $HDRS .= "\nCC: $TBOPS" if ($exitstatus);
		}
527 528 529 530
		else {
		    $TO    = $FROM;
		    $HDRS .= "\nCC: ". ($exitstatus ? $TBOPS : $TBLOGS);
		}
531 532 533 534 535
	    }
	    else {
		$TO    = $TBLOGS;
		$HDRS .= "\nCC: $TBOPS" if ($exitstatus);
	    }
536
	}
537 538 539 540
	elsif ($logtblogs) {
	    $TO    = $TBLOGS;
	    $HDRS .= "\nCC: $TBOPS" if ($exitstatus);
	}
541 542 543
	else {
	    $TO    = $TBOPS;
	}
544 545 546 547
	if (defined($AUDIT_INFO{'cc'})) {
	    $HDRS .= "\n";
	    $HDRS .= "CC: " . join(', ', @{ $AUDIT_INFO{'cc'} });
	}
548

549 550 551
	# Leave logfile if sendmail fails. 
	if (SENDMAIL($TO, $subject, $body, $FROM, $HDRS, @FILES)) {
	    unlink($logfile)
552
		if (defined($logfile) && !$savelog);
553
	}
554 555 556
      done:
	system("/usr/bin/touch $prefork")
	    if (defined($prefork));
557 558 559
    }
}

Kevin Atkinson's avatar
Kevin Atkinson committed
560 561 562 563
sub SendFancyMail($)
{
    import libdb;
    import libtblog;
564
    import User;
Kevin Atkinson's avatar
Kevin Atkinson committed
565 566 567 568 569

    my ($exitstatus) = @_;
    
    my ($TO, $FROM);
    my ($name, $email);
570 571 572 573 574
    my $this_user = User->ThisUser();
    if (defined($this_user)) {
	$name  = $this_user->name();
	$email = $this_user->email();
	$TO    = "$name <$email>";
Kevin Atkinson's avatar
Kevin Atkinson committed
575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636
    } else {
	$TO = "$GCOS <${USERNAME}\@${OURDOMAIN}>";
    }
    $FROM = $TO;

    my @FILES;
    
    if (defined($logfile) && -s $logfile) {
	@FILES = ($logfile);
    }

    # Avoid sending a person the same email twice
    my $extra_cc;
    if (defined ($AUDIT_INFO{cc})) {
	my @cc;
	my @prev_emails = ($email);
	OUTER: foreach (@{$AUDIT_INFO{cc}}) {
	    ($email) = /([^<> \t@]+@[^<> \t@]+)/;
	    foreach my $e (@prev_emails) {
		next OUTER if $email eq $e;
		push @prev_email, $e;
	    }
	    push @cc, $_;
	}
	if (@cc) {
	    $extra_cc = "Cc: ";
	    $extra_cc .= join(', ', @cc);
	}
    }

    my $sendmail_res;
    if ($exitstatus) {
	my $d = tblog_lookup_error();
	my $prefix;
	$prefix .= "$SCRIPTNAME @SAVEARGV\n";
	$prefix .= "Exited with status: $exitstatus";
	my $what = "Failed: $SCRIPTNAME";
	$what = $AUDIT_INFO{failure_frag} if defined $AUDIT_INFO{failure_frag};
	$which = $AUDIT_INFO{which};
	$sendmail_res 
	    = tblog_email_error($d, $TO, $what,	$which, 
				$FROM, $extra_cc, "Cc: $TBOPS",
				$prefix, @FILES); 

    } else {

	my $subject  = "$SCRIPTNAME succeeded";
	$subject = $AUDIT_INFO{success_frag} if defined $AUDIT_INFO{success_frag};
	$subject .= ": $AUDIT_INFO{which}" if defined $AUDIT_INFO{which};
	my $body     = "$SCRIPTNAME @SAVEARGV\n";

	my $HDRS;
	$HDRS .= "$extra_cc\n" if defined $extra_cc;
	$HDRS .= "Reply-To: $TBOPS\n";
	$HDRS .= "Bcc: $TBLOGS";
	
	$sendmail_res 
	    = SENDMAIL($TO, $subject, $body, $FROM, $HDRS, @FILES);
    }
    
    if ($sendmail_res) {
	unlink($logfile)
637
	    if (defined($logfile) && !$savelog);
Kevin Atkinson's avatar
Kevin Atkinson committed
638 639 640 641 642 643 644 645 646 647
    }
}


# Info on possibe values for AUDIT_INFO
# [KEY => string|list]
my %AUDIT_METAINFO = 
    ( which => 'string',        # ex "PROJ/EXP"
      success_frag => 'string', # ex "T. Swapped In"
      failure_frag => 'string', # ie "Bla Failure"
648
      message      => 'string',
649 650
      to           => 'list',   # Send audit mail to these people
      cc           => 'list');  # Cc audit mail to these people
Kevin Atkinson's avatar
Kevin Atkinson committed
651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688

#
# AddAuditInfo($key, $value)
#   add additional information for libaudit to use in SendAuditMail
#   when AUDIT_FANCY is set
#
# TODO: Eventually child scripts should be able to use AddAuditInfo, not 
#   just the script in which AuditStart(...) was called.  This will probably
#   involve storing the values in the database somehow.
#
sub AddAuditInfo ($$) {
    my ($key, $value) = @_;

    if (!$auditing) {

	carp "AddAuditInfo($key, ...) ignored since the script isn't being audited.";
	return 0;

    }

    if ($AUDIT_METAINFO{$key} eq 'string') {
	
	$AUDIT_INFO{$key} = $value;
	return 1;

    } elsif ($AUDIT_METAINFO{$key} eq 'list') {

	push @{$AUDIT_INFO{$key}}, $value;
	return 1;

    } else {

	carp "Unknown key, \"$key\" in AddAuditInfo";
	return 0;

    }
}

689 690 691 692
#
# When the script ends, if the audit has not been sent, send it. 
# 
END {
693 694 695
    return
	if ($forked && $PID != $SAVEPID);
    
696 697 698 699 700 701 702 703 704
    # Save, since shell commands will alter it.
    my $exitstatus = $?;
    
    SendAuditMail($exitstatus);

    $? = $exitstatus;
}

1;