Head

GCC Code Coverage Report

Directory:	./		Exec	Total	Coverage
File:	usr.sbin/ypldap/ypldap.c	Lines:	0	303	0.0 %
Date:	2017-11-07	Branches:	0	157	0.0 %


/*	$OpenBSD: ypldap.c,v 1.21 2017/01/20 12:39:36 benno Exp $ */

/*
 * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <sys/types.h>
#include <sys/queue.h>
#include <sys/socket.h>
#include <sys/signal.h>
#include <sys/tree.h>
#include <sys/wait.h>

#include <netinet/in.h>
#include <arpa/inet.h>

#include <err.h>
#include <errno.h>
#include <event.h>
#include <unistd.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <limits.h>

#include "ypldap.h"
#include "log.h"

__dead void	 usage(void);
int		 check_child(pid_t, const char *);
void		 main_sig_handler(int, short, void *);
void		 main_shutdown(void);
void		 main_dispatch_client(int, short, void *);
void		 main_configure_client(struct env *);
void		 main_init_timer(int, short, void *);
void		 main_start_update(struct env *);
void		 main_trash_update(struct env *);
void		 main_end_update(struct env *);
int		 main_create_user_groups(struct env *);
void		 purge_config(struct env *);
void		 reconfigure(struct env *);

int		 pipe_main2client[2];

pid_t		 client_pid = 0;
char		*conffile = YPLDAP_CONF_FILE;
int		 opts = 0;

void
usage(void)
{
	extern const char	*__progname;

	fprintf(stderr, "usage: %s [-dnv] [-D macro=value] [-f file]\n",
	    __progname);
	exit(1);
}

int
check_child(pid_t pid, const char *pname)
{
	int	status;

	if (waitpid(pid, &status, WNOHANG) > 0) {
		if (WIFEXITED(status)) {
			log_warnx("check_child: lost child %s exited", pname);
			return (1);
		}
		if (WIFSIGNALED(status)) {
			log_warnx("check_child: lost child %s terminated; "
			    "signal %d", pname, WTERMSIG(status));
			return (1);
		}
	}
	return (0);
}

/* ARGUSED */
void
main_sig_handler(int sig, short event, void *p)
{
	int		 die = 0;

	switch (sig) {
	case SIGTERM:
	case SIGINT:
		die = 1;
		/* FALLTHROUGH */
	case SIGCHLD:
		if (check_child(client_pid, "ldap client")) {
			client_pid = 0;
			die = 1;
		}
		if (die)
			main_shutdown();
		break;
	case SIGHUP:
		/* reconfigure */
		break;
	default:
		fatalx("unexpected signal");
	}
}

void
main_shutdown(void)
{
	_exit(0);
}

void
main_start_update(struct env *env)
{
	env->update_trashed = 0;

	log_debug("starting directory update");
	env->sc_user_line_len = 0;
	env->sc_group_line_len = 0;
	if ((env->sc_user_names_t = calloc(1,
	    sizeof(*env->sc_user_names_t))) == NULL ||
	    (env->sc_group_names_t = calloc(1,
	    sizeof(*env->sc_group_names_t))) == NULL)
		fatal(NULL);
	RB_INIT(env->sc_user_names_t);
	RB_INIT(env->sc_group_names_t);
}

/*
 * XXX: Currently this function should only be called when updating is
 * finished. A notification should be send to ldapclient that it should stop
 * sending new pwd/grp entries before it can be called from different places.
 */
void
main_trash_update(struct env *env)
{
	struct userent	*ue;
	struct groupent	*ge;

	env->update_trashed = 1;

	while ((ue = RB_ROOT(env->sc_user_names_t)) != NULL) {
		RB_REMOVE(user_name_tree,
		    env->sc_user_names_t, ue);
		free(ue->ue_line);
		free(ue->ue_netid_line);
		free(ue);
	}
	free(env->sc_user_names_t);
	env->sc_user_names_t = NULL;
	while ((ge = RB_ROOT(env->sc_group_names_t))
	    != NULL) {
		RB_REMOVE(group_name_tree,
		    env->sc_group_names_t, ge);
		free(ge->ge_line);
		free(ge);
	}
	free(env->sc_group_names_t);
	env->sc_group_names_t = NULL;
}

int
main_create_user_groups(struct env *env)
{
	struct userent		*ue;
	struct userent		 ukey;
	struct groupent		*ge;
	gid_t			 pw_gid;
	char			*bp, *cp;
	char			*p;
	const char		*errstr = NULL;
	size_t			 len;

	RB_FOREACH(ue, user_name_tree, env->sc_user_names_t) {
		bp = cp = ue->ue_line;

		/* name */
		bp += strlen(bp) + 1;

		/* password */
		bp += strcspn(bp, ":") + 1;

		/* uid */
		bp += strcspn(bp, ":") + 1;

		/* gid */
		bp[strcspn(bp, ":")] = '\0';

		pw_gid = (gid_t)strtonum(bp, 0, GID_MAX, &errstr);
		if (errstr) {
			log_warnx("main: failed to parse gid for uid: %d\n", ue->ue_uid);
			return (-1);
		}

		/* bring gid column back to its proper state */
		bp[strlen(bp)] = ':';

		if ((ue->ue_netid_line = calloc(1, LINE_WIDTH)) == NULL) {
			return (-1);
		}

		if (snprintf(ue->ue_netid_line, LINE_WIDTH-1, "%d:%d", ue->ue_uid, pw_gid) >= LINE_WIDTH) {

			return (-1);
		}

		ue->ue_gid = pw_gid;
	}

	RB_FOREACH(ge, group_name_tree, env->sc_group_names_t) {
		bp = cp = ge->ge_line;

		/* name */
		bp += strlen(bp) + 1;

		/* password */
		bp += strcspn(bp, ":") + 1;

		/* gid */
		bp += strcspn(bp, ":") + 1;

		cp = bp;
		if (*bp == '\0')
			continue;
		bp = cp;
		for (;;) {
			if (!(cp = strsep(&bp, ",")))
				break;
			ukey.ue_line = cp;
			if ((ue = RB_FIND(user_name_tree, env->sc_user_names_t,
			    &ukey)) == NULL) {
				/* User not found */
				log_warnx("main: unknown user %s in group %s\n",
				    ukey.ue_line, ge->ge_line);
				if (bp != NULL)
					*(bp-1) = ',';
				continue;
			}
			if (bp != NULL)
				*(bp-1) = ',';

			/* Make sure the new group doesn't equal to the main gid */
			if (ge->ge_gid == ue->ue_gid)
				continue;

			len = strlen(ue->ue_netid_line);
			p = ue->ue_netid_line + len;

			if ((snprintf(p, LINE_WIDTH-len-1, ",%d",
				ge->ge_gid)) >= (int)(LINE_WIDTH-len)) {
				return (-1);
			}
		}
	}

	return (0);
}

void
main_end_update(struct env *env)
{
	struct userent		*ue;
	struct groupent		*ge;

	if (env->update_trashed)
		return;

	log_debug("updates are over, cleaning up trees now");

	if (main_create_user_groups(env) == -1) {
		main_trash_update(env);
		return;
	}

	if (env->sc_user_names == NULL) {
		env->sc_user_names = env->sc_user_names_t;
		env->sc_user_lines = NULL;
		env->sc_user_names_t = NULL;

		env->sc_group_names = env->sc_group_names_t;
		env->sc_group_lines = NULL;
		env->sc_group_names_t = NULL;

		flatten_entries(env);
		goto make_uids;
	}

	/*
	 * clean previous tree.
	 */
	while ((ue = RB_ROOT(env->sc_user_names)) != NULL) {
		RB_REMOVE(user_name_tree, env->sc_user_names,
		    ue);
		free(ue->ue_netid_line);
		free(ue);
	}
	free(env->sc_user_names);
	free(env->sc_user_lines);

	env->sc_user_names = env->sc_user_names_t;
	env->sc_user_lines = NULL;
	env->sc_user_names_t = NULL;

	while ((ge = RB_ROOT(env->sc_group_names)) != NULL) {
		RB_REMOVE(group_name_tree,
		    env->sc_group_names, ge);
		free(ge);
	}
	free(env->sc_group_names);
	free(env->sc_group_lines);

	env->sc_group_names = env->sc_group_names_t;
	env->sc_group_lines = NULL;
	env->sc_group_names_t = NULL;


	flatten_entries(env);

	/*
	 * trees are flat now. build up uid, gid and netid trees.
	 */

make_uids:
	RB_INIT(&env->sc_user_uids);
	RB_INIT(&env->sc_group_gids);
	RB_FOREACH(ue, user_name_tree, env->sc_user_names)
		RB_INSERT(user_uid_tree,
		    &env->sc_user_uids, ue);
	RB_FOREACH(ge, group_name_tree, env->sc_group_names)
		RB_INSERT(group_gid_tree,
		    &env->sc_group_gids, ge);

}

void
main_dispatch_client(int fd, short events, void *p)
{
	int		 n;
	int		 shut = 0;
	struct env	*env = p;
	struct imsgev	*iev = env->sc_iev;
	struct imsgbuf	*ibuf = &iev->ibuf;
	struct idm_req	 ir;
	struct imsg	 imsg;

	if ((events & (EV_READ | EV_WRITE)) == 0)
		fatalx("unknown event");

	if (events & EV_READ) {
		if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
			fatal("imsg_read error");
		if (n == 0)
			shut = 1;
	}
	if (events & EV_WRITE) {
		if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN)
			fatal("msgbuf_write");
		if (n == 0)
			shut = 1;
		goto done;
	}

	for (;;) {
		if ((n = imsg_get(ibuf, &imsg)) == -1)
			fatal("main_dispatch_client: imsg_get error");
		if (n == 0)
			break;

		switch (imsg.hdr.type) {
		case IMSG_START_UPDATE:
			main_start_update(env);
			break;
		case IMSG_PW_ENTRY: {
			struct userent	*ue;
			size_t		 len;

			if (env->update_trashed)
				break;

			(void)memcpy(&ir, imsg.data, sizeof(ir));
			if ((ue = calloc(1, sizeof(*ue))) == NULL ||
			    (ue->ue_line = strdup(ir.ir_line)) == NULL) {
				/*
				 * should cancel tree update instead.
				 */
				fatal("out of memory");
			}
			ue->ue_uid = ir.ir_key.ik_uid;
			len = strlen(ue->ue_line) + 1;
			ue->ue_line[strcspn(ue->ue_line, ":")] = '\0';
			if (RB_INSERT(user_name_tree, env->sc_user_names_t,
			    ue) != NULL) { /* dup */
				free(ue->ue_line);
				free(ue);
			} else
				env->sc_user_line_len += len;
			break;
		}
		case IMSG_GRP_ENTRY: {
			struct groupent	*ge;
			size_t		 len;

			if (env->update_trashed)
				break;

			(void)memcpy(&ir, imsg.data, sizeof(ir));
			if ((ge = calloc(1, sizeof(*ge))) == NULL ||
			    (ge->ge_line = strdup(ir.ir_line)) == NULL) {
				/*
				 * should cancel tree update instead.
				 */
				fatal("out of memory");
			}
			ge->ge_gid = ir.ir_key.ik_gid;
			len = strlen(ge->ge_line) + 1;
			ge->ge_line[strcspn(ge->ge_line, ":")] = '\0';
			if (RB_INSERT(group_name_tree, env->sc_group_names_t,
			    ge) != NULL) { /* dup */
				free(ge->ge_line);
				free(ge);
			} else
				env->sc_group_line_len += len;
			break;
		}
		case IMSG_TRASH_UPDATE:
			main_trash_update(env);
			break;
		case IMSG_END_UPDATE: {
			main_end_update(env);
			break;
		}
		default:
			log_debug("main_dispatch_client: unexpected imsg %d",
			   imsg.hdr.type);
			break;
		}
		imsg_free(&imsg);
	}

done:
	if (!shut)
		imsg_event_add(iev);
	else {
		log_debug("king bula sez: ran into dead pipe");
		event_del(&iev->ev);
		event_loopexit(NULL);
	}
}

void
main_configure_client(struct env *env)
{
	struct idm	*idm;
	struct imsgev	*iev = env->sc_iev;

	imsg_compose_event(iev, IMSG_CONF_START, 0, 0, -1, env, sizeof(*env));
	TAILQ_FOREACH(idm, &env->sc_idms, idm_entry) {
		imsg_compose_event(iev, IMSG_CONF_IDM, 0, 0, -1,
		    idm, sizeof(*idm));
	}
	imsg_compose_event(iev, IMSG_CONF_END, 0, 0, -1, NULL, 0);
}

void
main_init_timer(int fd, short event, void *p)
{
	struct env	*env = p;

	main_configure_client(env);
}

void
purge_config(struct env *env)
{
	struct idm	*idm;

	while ((idm = TAILQ_FIRST(&env->sc_idms)) != NULL) {
		TAILQ_REMOVE(&env->sc_idms, idm, idm_entry);
		free(idm);
	}
}

int
main(int argc, char *argv[])
{
	int		 c;
	int		 debug;
	struct passwd	*pw;
	struct env	 env;
	struct event	 ev_sigint;
	struct event	 ev_sigterm;
	struct event	 ev_sigchld;
	struct event	 ev_sighup;
	struct event	 ev_timer;
	struct timeval	 tv;

	debug = 0;
	ypldap_process = PROC_MAIN;
	log_procname = log_procnames[ypldap_process];

	log_init(1);

	while ((c = getopt(argc, argv, "dD:nf:v")) != -1) {
		switch (c) {
		case 'd':
			debug = 2;
			log_verbose(debug);
			break;
		case 'D':
			if (cmdline_symset(optarg) < 0)
				log_warnx("could not parse macro definition %s",
				    optarg);
			break;
		case 'n':
			debug = 2;
			opts |= YPLDAP_OPT_NOACTION;
			break;
		case 'f':
			conffile = optarg;
			break;
		case 'v':
			opts |= YPLDAP_OPT_VERBOSE;
			break;
		default:
			usage();
		}
	}

	argc -= optind;
	argv += optind;

	if (argc)
		usage();

	RB_INIT(&env.sc_user_uids);
	RB_INIT(&env.sc_group_gids);

	if (parse_config(&env, conffile, opts))
		exit(1);
	if (opts & YPLDAP_OPT_NOACTION) {
		fprintf(stderr, "configuration OK\n");
		exit(0);
	}

	if (geteuid())
		errx(1, "need root privileges");

	log_init(debug);

	if (!debug) {
		if (daemon(1, 0) == -1)
			err(1, "failed to daemonize");
	}

	log_info("startup%s", (debug > 1)?" [debug mode]":"");

	if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, PF_UNSPEC,
	    pipe_main2client) == -1)
		fatal("socketpair");

	client_pid = ldapclient(pipe_main2client);

	setproctitle("parent");
	event_init();

	signal_set(&ev_sigint, SIGINT, main_sig_handler, &env);
	signal_set(&ev_sigterm, SIGTERM, main_sig_handler, &env);
	signal_set(&ev_sighup, SIGHUP, main_sig_handler, &env);
	signal_set(&ev_sigchld, SIGCHLD, main_sig_handler, &env);
	signal_add(&ev_sigint, NULL);
	signal_add(&ev_sigterm, NULL);
	signal_add(&ev_sighup, NULL);
	signal_add(&ev_sigchld, NULL);

	close(pipe_main2client[1]);
	if ((env.sc_iev = calloc(1, sizeof(*env.sc_iev))) == NULL)
		fatal(NULL);
	imsg_init(&env.sc_iev->ibuf, pipe_main2client[0]);
	env.sc_iev->handler = main_dispatch_client;

	env.sc_iev->events = EV_READ;
	env.sc_iev->data = &env;
	event_set(&env.sc_iev->ev, env.sc_iev->ibuf.fd, env.sc_iev->events,
	     env.sc_iev->handler, &env);
	event_add(&env.sc_iev->ev, NULL);

	yp_init(&env);

	if ((pw = getpwnam(YPLDAP_USER)) == NULL)
		fatal("getpwnam");

#ifndef DEBUG
	if (setgroups(1, &pw->pw_gid) ||
	    setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
	    setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
		fatal("cannot drop privileges");
#else
#warning disabling privilege revocation in debug mode
#endif

	if (pledge("stdio inet flock rpath cpath wpath", NULL) == -1)
		fatal("pledge");

	memset(&tv, 0, sizeof(tv));
	evtimer_set(&ev_timer, main_init_timer, &env);
	evtimer_add(&ev_timer, &tv);

	yp_enable_events();
	event_dispatch();
	main_shutdown();

	return (0);
}

void
imsg_event_add(struct imsgev *iev)
{
	if (iev->handler == NULL) {
		imsg_flush(&iev->ibuf);
		return;
	}

	iev->events = EV_READ;
	if (iev->ibuf.w.queued)
		iev->events |= EV_WRITE;

	event_del(&iev->ev);
	event_set(&iev->ev, iev->ibuf.fd, iev->events, iev->handler, iev->data);
	event_add(&iev->ev, NULL);
}

int
imsg_compose_event(struct imsgev *iev, u_int16_t type, u_int32_t peerid,
    pid_t pid, int fd, void *data, u_int16_t datalen)
{
	int	ret;

	if ((ret = imsg_compose(&iev->ibuf, type, peerid,
	    pid, fd, data, datalen)) != -1)
		imsg_event_add(iev);
	return (ret);
}


Generated by: GCOVR (Version 3.3)

Line	Branch	Exec	Source
1			/* $OpenBSD: ypldap.c,v 1.21 2017/01/20 12:39:36 benno Exp $ */
2
3			/*
4			* Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
5			*
6			* Permission to use, copy, modify, and distribute this software for any
7			* purpose with or without fee is hereby granted, provided that the above
8			* copyright notice and this permission notice appear in all copies.
9			*
10			* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11			* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12			* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13			* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14			* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15			* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16			* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17			*/
18
19			#include <sys/types.h>
20			#include <sys/queue.h>
21			#include <sys/socket.h>
22			#include <sys/signal.h>
23			#include <sys/tree.h>
24			#include <sys/wait.h>
25
26			#include <netinet/in.h>
27			#include <arpa/inet.h>
28
29			#include <err.h>
30			#include <errno.h>
31			#include <event.h>
32			#include <unistd.h>
33			#include <pwd.h>
34			#include <stdio.h>
35			#include <stdlib.h>
36			#include <string.h>
37			#include <limits.h>
38
39			#include "ypldap.h"
40			#include "log.h"
41
42			__dead void usage(void);
43			int check_child(pid_t, const char *);
44			void main_sig_handler(int, short, void *);
45			void main_shutdown(void);
46			void main_dispatch_client(int, short, void *);
47			void main_configure_client(struct env *);
48			void main_init_timer(int, short, void *);
49			void main_start_update(struct env *);
50			void main_trash_update(struct env *);
51			void main_end_update(struct env *);
52			int main_create_user_groups(struct env *);
53			void purge_config(struct env *);
54			void reconfigure(struct env *);
55
56			int pipe_main2client[2];
57
58			pid_t client_pid = 0;
59			char *conffile = YPLDAP_CONF_FILE;
60			int opts = 0;
61
62			void
63			usage(void)
64			{
65			extern const char *__progname;
66
67			fprintf(stderr, "usage: %s [-dnv] [-D macro=value] [-f file]\n",
68			__progname);
69			exit(1);
70			}
71
72			int
73			check_child(pid_t pid, const char *pname)
74			{
75			int status;
76
77			if (waitpid(pid, &status, WNOHANG) > 0) {
78			if (WIFEXITED(status)) {
79			log_warnx("check_child: lost child %s exited", pname);
80			return (1);
81			}
82			if (WIFSIGNALED(status)) {
83			log_warnx("check_child: lost child %s terminated; "
84			"signal %d", pname, WTERMSIG(status));
85			return (1);
86			}
87			}
88			return (0);
89			}
90
91			/* ARGUSED */
92			void
93			main_sig_handler(int sig, short event, void *p)
94			{
95			int die = 0;
96
97			switch (sig) {
98			case SIGTERM:
99			case SIGINT:
100			die = 1;
101			/* FALLTHROUGH */
102			case SIGCHLD:
103			if (check_child(client_pid, "ldap client")) {
104			client_pid = 0;
105			die = 1;
106			}
107			if (die)
108			main_shutdown();
109			break;
110			case SIGHUP:
111			/* reconfigure */
112			break;
113			default:
114			fatalx("unexpected signal");
115			}
116			}
117
118			void
119			main_shutdown(void)
120			{
121			_exit(0);
122			}
123
124			void
125			main_start_update(struct env *env)
126			{
127			env->update_trashed = 0;
128
129			log_debug("starting directory update");
130			env->sc_user_line_len = 0;
131			env->sc_group_line_len = 0;
132			if ((env->sc_user_names_t = calloc(1,
133			sizeof(*env->sc_user_names_t))) == NULL \|\|
134			(env->sc_group_names_t = calloc(1,
135			sizeof(*env->sc_group_names_t))) == NULL)
136			fatal(NULL);
137			RB_INIT(env->sc_user_names_t);
138			RB_INIT(env->sc_group_names_t);
139			}
140
141			/*
142			* XXX: Currently this function should only be called when updating is
143			* finished. A notification should be send to ldapclient that it should stop
144			* sending new pwd/grp entries before it can be called from different places.
145			*/
146			void
147			main_trash_update(struct env *env)
148			{
149			struct userent *ue;
150			struct groupent *ge;
151
152			env->update_trashed = 1;
153
154			while ((ue = RB_ROOT(env->sc_user_names_t)) != NULL) {
155			RB_REMOVE(user_name_tree,
156			env->sc_user_names_t, ue);
157			free(ue->ue_line);
158			free(ue->ue_netid_line);
159			free(ue);
160			}
161			free(env->sc_user_names_t);
162			env->sc_user_names_t = NULL;
163			while ((ge = RB_ROOT(env->sc_group_names_t))
164			!= NULL) {
165			RB_REMOVE(group_name_tree,
166			env->sc_group_names_t, ge);
167			free(ge->ge_line);
168			free(ge);
169			}
170			free(env->sc_group_names_t);
171			env->sc_group_names_t = NULL;
172			}
173
174			int
175			main_create_user_groups(struct env *env)
176			{
177			struct userent *ue;
178			struct userent ukey;
179			struct groupent *ge;
180			gid_t pw_gid;
181			char bp, cp;
182			char *p;
183			const char *errstr = NULL;
184			size_t len;
185
186			RB_FOREACH(ue, user_name_tree, env->sc_user_names_t) {
187			bp = cp = ue->ue_line;
188
189			/* name */
190			bp += strlen(bp) + 1;
191
192			/* password */
193			bp += strcspn(bp, ":") + 1;
194
195			/* uid */
196			bp += strcspn(bp, ":") + 1;
197
198			/* gid */
199			bp[strcspn(bp, ":")] = '\0';
200
201			pw_gid = (gid_t)strtonum(bp, 0, GID_MAX, &errstr);
202			if (errstr) {
203			log_warnx("main: failed to parse gid for uid: %d\n", ue->ue_uid);
204			return (-1);
205			}
206
207			/* bring gid column back to its proper state */
208			bp[strlen(bp)] = ':';
209
210			if ((ue->ue_netid_line = calloc(1, LINE_WIDTH)) == NULL) {
211			return (-1);
212			}
213
214			if (snprintf(ue->ue_netid_line, LINE_WIDTH-1, "%d:%d", ue->ue_uid, pw_gid) >= LINE_WIDTH) {
215
216			return (-1);
217			}
218
219			ue->ue_gid = pw_gid;
220			}
221
222			RB_FOREACH(ge, group_name_tree, env->sc_group_names_t) {
223			bp = cp = ge->ge_line;
224
225			/* name */
226			bp += strlen(bp) + 1;
227
228			/* password */
229			bp += strcspn(bp, ":") + 1;
230
231			/* gid */
232			bp += strcspn(bp, ":") + 1;
233
234			cp = bp;
235			if (*bp == '\0')
236			continue;
237			bp = cp;
238			for (;;) {
239			if (!(cp = strsep(&bp, ",")))
240			break;
241			ukey.ue_line = cp;
242			if ((ue = RB_FIND(user_name_tree, env->sc_user_names_t,
243			&ukey)) == NULL) {
244			/* User not found */
245			log_warnx("main: unknown user %s in group %s\n",
246			ukey.ue_line, ge->ge_line);
247			if (bp != NULL)
248			*(bp-1) = ',';
249			continue;
250			}
251			if (bp != NULL)
252			*(bp-1) = ',';
253
254			/* Make sure the new group doesn't equal to the main gid */
255			if (ge->ge_gid == ue->ue_gid)
256			continue;
257
258			len = strlen(ue->ue_netid_line);
259			p = ue->ue_netid_line + len;
260
261			if ((snprintf(p, LINE_WIDTH-len-1, ",%d",
262			ge->ge_gid)) >= (int)(LINE_WIDTH-len)) {
263			return (-1);
264			}
265			}
266			}
267
268			return (0);
269			}
270
271			void
272			main_end_update(struct env *env)
273			{
274			struct userent *ue;
275			struct groupent *ge;
276
277			if (env->update_trashed)
278			return;
279
280			log_debug("updates are over, cleaning up trees now");
281
282			if (main_create_user_groups(env) == -1) {
283			main_trash_update(env);
284			return;
285			}
286
287			if (env->sc_user_names == NULL) {
288			env->sc_user_names = env->sc_user_names_t;
289			env->sc_user_lines = NULL;
290			env->sc_user_names_t = NULL;
291
292			env->sc_group_names = env->sc_group_names_t;
293			env->sc_group_lines = NULL;
294			env->sc_group_names_t = NULL;
295
296			flatten_entries(env);
297			goto make_uids;
298			}
299
300			/*
301			* clean previous tree.
302			*/
303			while ((ue = RB_ROOT(env->sc_user_names)) != NULL) {
304			RB_REMOVE(user_name_tree, env->sc_user_names,
305			ue);
306			free(ue->ue_netid_line);
307			free(ue);
308			}
309			free(env->sc_user_names);
310			free(env->sc_user_lines);
311
312			env->sc_user_names = env->sc_user_names_t;
313			env->sc_user_lines = NULL;
314			env->sc_user_names_t = NULL;
315
316			while ((ge = RB_ROOT(env->sc_group_names)) != NULL) {
317			RB_REMOVE(group_name_tree,
318			env->sc_group_names, ge);
319			free(ge);
320			}
321			free(env->sc_group_names);
322			free(env->sc_group_lines);
323
324			env->sc_group_names = env->sc_group_names_t;
325			env->sc_group_lines = NULL;
326			env->sc_group_names_t = NULL;
327
328
329			flatten_entries(env);
330
331			/*
332			* trees are flat now. build up uid, gid and netid trees.
333			*/
334
335			make_uids:
336			RB_INIT(&env->sc_user_uids);
337			RB_INIT(&env->sc_group_gids);
338			RB_FOREACH(ue, user_name_tree, env->sc_user_names)
339			RB_INSERT(user_uid_tree,
340			&env->sc_user_uids, ue);
341			RB_FOREACH(ge, group_name_tree, env->sc_group_names)
342			RB_INSERT(group_gid_tree,
343			&env->sc_group_gids, ge);
344
345			}
346
347			void
348			main_dispatch_client(int fd, short events, void *p)
349			{
350			int n;
351			int shut = 0;
352			struct env *env = p;
353			struct imsgev *iev = env->sc_iev;
354			struct imsgbuf *ibuf = &iev->ibuf;
355			struct idm_req ir;
356			struct imsg imsg;
357
358			if ((events & (EV_READ \| EV_WRITE)) == 0)
359			fatalx("unknown event");
360
361			if (events & EV_READ) {
362			if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
363			fatal("imsg_read error");
364			if (n == 0)
365			shut = 1;
366			}
367			if (events & EV_WRITE) {
368			if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN)
369			fatal("msgbuf_write");
370			if (n == 0)
371			shut = 1;
372			goto done;
373			}
374
375			for (;;) {
376			if ((n = imsg_get(ibuf, &imsg)) == -1)
377			fatal("main_dispatch_client: imsg_get error");
378			if (n == 0)
379			break;
380
381			switch (imsg.hdr.type) {
382			case IMSG_START_UPDATE:
383			main_start_update(env);
384			break;
385			case IMSG_PW_ENTRY: {
386			struct userent *ue;
387			size_t len;
388
389			if (env->update_trashed)
390			break;
391
392			(void)memcpy(&ir, imsg.data, sizeof(ir));
393			if ((ue = calloc(1, sizeof(*ue))) == NULL \|\|
394			(ue->ue_line = strdup(ir.ir_line)) == NULL) {
395			/*
396			* should cancel tree update instead.
397			*/
398			fatal("out of memory");
399			}
400			ue->ue_uid = ir.ir_key.ik_uid;
401			len = strlen(ue->ue_line) + 1;
402			ue->ue_line[strcspn(ue->ue_line, ":")] = '\0';
403			if (RB_INSERT(user_name_tree, env->sc_user_names_t,
404			ue) != NULL) { /* dup */
405			free(ue->ue_line);
406			free(ue);
407			} else
408			env->sc_user_line_len += len;
409			break;
410			}
411			case IMSG_GRP_ENTRY: {
412			struct groupent *ge;
413			size_t len;
414
415			if (env->update_trashed)
416			break;
417
418			(void)memcpy(&ir, imsg.data, sizeof(ir));
419			if ((ge = calloc(1, sizeof(*ge))) == NULL \|\|
420			(ge->ge_line = strdup(ir.ir_line)) == NULL) {
421			/*
422			* should cancel tree update instead.
423			*/
424			fatal("out of memory");
425			}
426			ge->ge_gid = ir.ir_key.ik_gid;
427			len = strlen(ge->ge_line) + 1;
428			ge->ge_line[strcspn(ge->ge_line, ":")] = '\0';
429			if (RB_INSERT(group_name_tree, env->sc_group_names_t,
430			ge) != NULL) { /* dup */
431			free(ge->ge_line);
432			free(ge);
433			} else
434			env->sc_group_line_len += len;
435			break;
436			}
437			case IMSG_TRASH_UPDATE:
438			main_trash_update(env);
439			break;
440			case IMSG_END_UPDATE: {
441			main_end_update(env);
442			break;
443			}
444			default:
445			log_debug("main_dispatch_client: unexpected imsg %d",
446			imsg.hdr.type);
447			break;
448			}
449			imsg_free(&imsg);
450			}
451
452			done:
453			if (!shut)
454			imsg_event_add(iev);
455			else {
456			log_debug("king bula sez: ran into dead pipe");
457			event_del(&iev->ev);
458			event_loopexit(NULL);
459			}
460			}
461
462			void
463			main_configure_client(struct env *env)
464			{
465			struct idm *idm;
466			struct imsgev *iev = env->sc_iev;
467
468			imsg_compose_event(iev, IMSG_CONF_START, 0, 0, -1, env, sizeof(*env));
469			TAILQ_FOREACH(idm, &env->sc_idms, idm_entry) {
470			imsg_compose_event(iev, IMSG_CONF_IDM, 0, 0, -1,
471			idm, sizeof(*idm));
472			}
473			imsg_compose_event(iev, IMSG_CONF_END, 0, 0, -1, NULL, 0);
474			}
475
476			void
477			main_init_timer(int fd, short event, void *p)
478			{
479			struct env *env = p;
480
481			main_configure_client(env);
482			}
483
484			void
485			purge_config(struct env *env)
486			{
487			struct idm *idm;
488
489			while ((idm = TAILQ_FIRST(&env->sc_idms)) != NULL) {
490			TAILQ_REMOVE(&env->sc_idms, idm, idm_entry);
491			free(idm);
492			}
493			}
494
495			int
496			main(int argc, char *argv[])
497			{
498			int c;
499			int debug;
500			struct passwd *pw;
501			struct env env;
502			struct event ev_sigint;
503			struct event ev_sigterm;
504			struct event ev_sigchld;
505			struct event ev_sighup;
506			struct event ev_timer;
507			struct timeval tv;
508
509			debug = 0;
510			ypldap_process = PROC_MAIN;
511			log_procname = log_procnames[ypldap_process];
512
513			log_init(1);
514
515			while ((c = getopt(argc, argv, "dD:nf:v")) != -1) {
516			switch (c) {
517			case 'd':
518			debug = 2;
519			log_verbose(debug);
520			break;
521			case 'D':
522			if (cmdline_symset(optarg) < 0)
523			log_warnx("could not parse macro definition %s",
524			optarg);
525			break;
526			case 'n':
527			debug = 2;
528			opts \|= YPLDAP_OPT_NOACTION;
529			break;
530			case 'f':
531			conffile = optarg;
532			break;
533			case 'v':
534			opts \|= YPLDAP_OPT_VERBOSE;
535			break;
536			default:
537			usage();
538			}
539			}
540
541			argc -= optind;
542			argv += optind;
543
544			if (argc)
545			usage();
546
547			RB_INIT(&env.sc_user_uids);
548			RB_INIT(&env.sc_group_gids);
549
550			if (parse_config(&env, conffile, opts))
551			exit(1);
552			if (opts & YPLDAP_OPT_NOACTION) {
553			fprintf(stderr, "configuration OK\n");
554			exit(0);
555			}
556
557			if (geteuid())
558			errx(1, "need root privileges");
559
560			log_init(debug);
561
562			if (!debug) {
563			if (daemon(1, 0) == -1)
564			err(1, "failed to daemonize");
565			}
566
567			log_info("startup%s", (debug > 1)?" [debug mode]":"");
568
569			if (socketpair(AF_UNIX, SOCK_STREAM \| SOCK_NONBLOCK, PF_UNSPEC,
570			pipe_main2client) == -1)
571			fatal("socketpair");
572
573			client_pid = ldapclient(pipe_main2client);
574
575			setproctitle("parent");
576			event_init();
577
578			signal_set(&ev_sigint, SIGINT, main_sig_handler, &env);
579			signal_set(&ev_sigterm, SIGTERM, main_sig_handler, &env);
580			signal_set(&ev_sighup, SIGHUP, main_sig_handler, &env);
581			signal_set(&ev_sigchld, SIGCHLD, main_sig_handler, &env);
582			signal_add(&ev_sigint, NULL);
583			signal_add(&ev_sigterm, NULL);
584			signal_add(&ev_sighup, NULL);
585			signal_add(&ev_sigchld, NULL);
586
587			close(pipe_main2client[1]);
588			if ((env.sc_iev = calloc(1, sizeof(*env.sc_iev))) == NULL)
589			fatal(NULL);
590			imsg_init(&env.sc_iev->ibuf, pipe_main2client[0]);
591			env.sc_iev->handler = main_dispatch_client;
592
593			env.sc_iev->events = EV_READ;
594			env.sc_iev->data = &env;
595			event_set(&env.sc_iev->ev, env.sc_iev->ibuf.fd, env.sc_iev->events,
596			env.sc_iev->handler, &env);
597			event_add(&env.sc_iev->ev, NULL);
598
599			yp_init(&env);
600
601			if ((pw = getpwnam(YPLDAP_USER)) == NULL)
602			fatal("getpwnam");
603
604			#ifndef DEBUG
605			if (setgroups(1, &pw->pw_gid) \|\|
606			setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) \|\|
607			setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
608			fatal("cannot drop privileges");
609			#else
610			#warning disabling privilege revocation in debug mode
611			#endif
612
613			if (pledge("stdio inet flock rpath cpath wpath", NULL) == -1)
614			fatal("pledge");
615
616			memset(&tv, 0, sizeof(tv));
617			evtimer_set(&ev_timer, main_init_timer, &env);
618			evtimer_add(&ev_timer, &tv);
619
620			yp_enable_events();
621			event_dispatch();
622			main_shutdown();
623
624			return (0);
625			}
626
627			void
628			imsg_event_add(struct imsgev *iev)
629			{
630			if (iev->handler == NULL) {
631			imsg_flush(&iev->ibuf);
632			return;
633			}
634
635			iev->events = EV_READ;
636			if (iev->ibuf.w.queued)
637			iev->events \|= EV_WRITE;
638
639			event_del(&iev->ev);
640			event_set(&iev->ev, iev->ibuf.fd, iev->events, iev->handler, iev->data);
641			event_add(&iev->ev, NULL);
642			}
643
644			int
645			imsg_compose_event(struct imsgev *iev, u_int16_t type, u_int32_t peerid,
646			pid_t pid, int fd, void *data, u_int16_t datalen)
647			{
648			int ret;
649
650			if ((ret = imsg_compose(&iev->ibuf, type, peerid,
651			pid, fd, data, datalen)) != -1)
652			imsg_event_add(iev);
653			return (ret);
654			}