1 |
|
|
/* $OpenBSD: proc.c,v 1.12 2017/05/29 12:56:26 benno Exp $ */ |
2 |
|
|
|
3 |
|
|
/* |
4 |
|
|
* Copyright (c) 2010 - 2016 Reyk Floeter <reyk@openbsd.org> |
5 |
|
|
* Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> |
6 |
|
|
* |
7 |
|
|
* Permission to use, copy, modify, and distribute this software for any |
8 |
|
|
* purpose with or without fee is hereby granted, provided that the above |
9 |
|
|
* copyright notice and this permission notice appear in all copies. |
10 |
|
|
* |
11 |
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
12 |
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
13 |
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
14 |
|
|
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
15 |
|
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
16 |
|
|
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
17 |
|
|
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
18 |
|
|
*/ |
19 |
|
|
|
20 |
|
|
#include <sys/types.h> |
21 |
|
|
#include <sys/queue.h> |
22 |
|
|
#include <sys/socket.h> |
23 |
|
|
#include <sys/wait.h> |
24 |
|
|
|
25 |
|
|
#include <fcntl.h> |
26 |
|
|
#include <stdio.h> |
27 |
|
|
#include <stdlib.h> |
28 |
|
|
#include <unistd.h> |
29 |
|
|
#include <string.h> |
30 |
|
|
#include <errno.h> |
31 |
|
|
#include <signal.h> |
32 |
|
|
#include <pwd.h> |
33 |
|
|
#include <event.h> |
34 |
|
|
#include <imsg.h> |
35 |
|
|
|
36 |
|
|
#include "proc.h" |
37 |
|
|
|
38 |
|
|
void proc_exec(struct privsep *, struct privsep_proc *, unsigned int, |
39 |
|
|
int, char **); |
40 |
|
|
void proc_setup(struct privsep *, struct privsep_proc *, unsigned int); |
41 |
|
|
void proc_open(struct privsep *, int, int); |
42 |
|
|
void proc_accept(struct privsep *, int, enum privsep_procid, |
43 |
|
|
unsigned int); |
44 |
|
|
void proc_close(struct privsep *); |
45 |
|
|
int proc_ispeer(struct privsep_proc *, unsigned int, enum privsep_procid); |
46 |
|
|
void proc_shutdown(struct privsep_proc *); |
47 |
|
|
void proc_sig_handler(int, short, void *); |
48 |
|
|
void proc_range(struct privsep *, enum privsep_procid, int *, int *); |
49 |
|
|
int proc_dispatch_null(int, struct privsep_proc *, struct imsg *); |
50 |
|
|
|
51 |
|
|
int |
52 |
|
|
proc_ispeer(struct privsep_proc *procs, unsigned int nproc, |
53 |
|
|
enum privsep_procid type) |
54 |
|
|
{ |
55 |
|
|
unsigned int i; |
56 |
|
|
|
57 |
|
|
for (i = 0; i < nproc; i++) |
58 |
|
|
if (procs[i].p_id == type) |
59 |
|
|
return (1); |
60 |
|
|
return (0); |
61 |
|
|
} |
62 |
|
|
|
63 |
|
|
enum privsep_procid |
64 |
|
|
proc_getid(struct privsep_proc *procs, unsigned int nproc, |
65 |
|
|
const char *proc_name) |
66 |
|
|
{ |
67 |
|
|
struct privsep_proc *p; |
68 |
|
|
unsigned int proc; |
69 |
|
|
|
70 |
|
|
for (proc = 0; proc < nproc; proc++) { |
71 |
|
|
p = &procs[proc]; |
72 |
|
|
if (strcmp(p->p_title, proc_name)) |
73 |
|
|
continue; |
74 |
|
|
|
75 |
|
|
return (p->p_id); |
76 |
|
|
} |
77 |
|
|
|
78 |
|
|
return (PROC_MAX); |
79 |
|
|
} |
80 |
|
|
|
81 |
|
|
void |
82 |
|
|
proc_exec(struct privsep *ps, struct privsep_proc *procs, unsigned int nproc, |
83 |
|
|
int argc, char **argv) |
84 |
|
|
{ |
85 |
|
|
unsigned int proc, nargc, i, proc_i; |
86 |
|
|
char **nargv; |
87 |
|
|
struct privsep_proc *p; |
88 |
|
24 |
char num[32]; |
89 |
|
|
int fd; |
90 |
|
|
|
91 |
|
|
/* Prepare the new process argv. */ |
92 |
|
12 |
nargv = calloc(argc + 5, sizeof(char *)); |
93 |
✗✓ |
12 |
if (nargv == NULL) |
94 |
|
|
fatal("%s: calloc", __func__); |
95 |
|
|
|
96 |
|
|
/* Copy call argument first. */ |
97 |
|
|
nargc = 0; |
98 |
|
12 |
nargv[nargc++] = argv[0]; |
99 |
|
|
|
100 |
|
|
/* Set process name argument and save the position. */ |
101 |
|
12 |
nargv[nargc++] = "-P"; |
102 |
|
|
proc_i = nargc; |
103 |
|
|
nargc++; |
104 |
|
|
|
105 |
|
|
/* Point process instance arg to stack and copy the original args. */ |
106 |
|
12 |
nargv[nargc++] = "-I"; |
107 |
|
12 |
nargv[nargc++] = num; |
108 |
✓✓ |
96 |
for (i = 1; i < (unsigned int) argc; i++) |
109 |
|
36 |
nargv[nargc++] = argv[i]; |
110 |
|
|
|
111 |
|
12 |
nargv[nargc] = NULL; |
112 |
|
|
|
113 |
✓✓ |
96 |
for (proc = 0; proc < nproc; proc++) { |
114 |
|
36 |
p = &procs[proc]; |
115 |
|
|
|
116 |
|
|
/* Update args with process title. */ |
117 |
|
36 |
nargv[proc_i] = (char *)(uintptr_t)p->p_title; |
118 |
|
|
|
119 |
|
|
/* Fire children processes. */ |
120 |
✓✓ |
144 |
for (i = 0; i < ps->ps_instances[p->p_id]; i++) { |
121 |
|
|
/* Update the process instance number. */ |
122 |
|
36 |
snprintf(num, sizeof(num), "%u", i); |
123 |
|
|
|
124 |
|
36 |
fd = ps->ps_pipes[p->p_id][i].pp_pipes[PROC_PARENT][0]; |
125 |
|
36 |
ps->ps_pipes[p->p_id][i].pp_pipes[PROC_PARENT][0] = -1; |
126 |
|
|
|
127 |
✗✗✓ |
36 |
switch (fork()) { |
128 |
|
|
case -1: |
129 |
|
|
fatal("%s: fork", __func__); |
130 |
|
|
break; |
131 |
|
|
case 0: |
132 |
|
|
/* First create a new session */ |
133 |
|
|
if (setsid() == -1) |
134 |
|
|
fatal("setsid"); |
135 |
|
|
|
136 |
|
|
/* Prepare parent socket. */ |
137 |
|
|
if (fd != PROC_PARENT_SOCK_FILENO) { |
138 |
|
|
if (dup2(fd, PROC_PARENT_SOCK_FILENO) |
139 |
|
|
== -1) |
140 |
|
|
fatal("dup2"); |
141 |
|
|
} else if (fcntl(fd, F_SETFD, 0) == -1) |
142 |
|
|
fatal("fcntl"); |
143 |
|
|
|
144 |
|
|
execvp(argv[0], nargv); |
145 |
|
|
fatal("%s: execvp", __func__); |
146 |
|
|
break; |
147 |
|
|
default: |
148 |
|
|
/* Close child end. */ |
149 |
|
36 |
close(fd); |
150 |
|
|
break; |
151 |
|
|
} |
152 |
|
|
} |
153 |
|
|
} |
154 |
|
12 |
free(nargv); |
155 |
|
12 |
} |
156 |
|
|
|
157 |
|
|
void |
158 |
|
|
proc_connect(struct privsep *ps) |
159 |
|
|
{ |
160 |
|
|
struct imsgev *iev; |
161 |
|
|
unsigned int src, dst, inst; |
162 |
|
|
|
163 |
|
|
/* Don't distribute any sockets if we are not really going to run. */ |
164 |
✗✓ |
24 |
if (ps->ps_noaction) |
165 |
|
|
return; |
166 |
|
|
|
167 |
✓✓ |
120 |
for (dst = 0; dst < PROC_MAX; dst++) { |
168 |
|
|
/* We don't communicate with ourselves. */ |
169 |
✓✓ |
48 |
if (dst == PROC_PARENT) |
170 |
|
|
continue; |
171 |
|
|
|
172 |
✓✓ |
144 |
for (inst = 0; inst < ps->ps_instances[dst]; inst++) { |
173 |
|
36 |
iev = &ps->ps_ievs[dst][inst]; |
174 |
|
36 |
imsg_init(&iev->ibuf, ps->ps_pp->pp_pipes[dst][inst]); |
175 |
|
72 |
event_set(&iev->ev, iev->ibuf.fd, iev->events, |
176 |
|
36 |
iev->handler, iev->data); |
177 |
|
36 |
event_add(&iev->ev, NULL); |
178 |
|
|
} |
179 |
|
|
} |
180 |
|
|
|
181 |
|
|
/* Distribute the socketpair()s for everyone. */ |
182 |
✓✓ |
120 |
for (src = 0; src < PROC_MAX; src++) |
183 |
✓✓ |
336 |
for (dst = src; dst < PROC_MAX; dst++) { |
184 |
|
|
/* Parent already distributed its fds. */ |
185 |
✓✓ |
120 |
if (src == PROC_PARENT || dst == PROC_PARENT) |
186 |
|
|
continue; |
187 |
|
|
|
188 |
|
72 |
proc_open(ps, src, dst); |
189 |
|
72 |
} |
190 |
|
24 |
} |
191 |
|
|
|
192 |
|
|
void |
193 |
|
|
proc_init(struct privsep *ps, struct privsep_proc *procs, unsigned int nproc, |
194 |
|
|
int argc, char **argv, enum privsep_procid proc_id) |
195 |
|
|
{ |
196 |
|
|
struct privsep_proc *p = NULL; |
197 |
|
|
struct privsep_pipes *pa, *pb; |
198 |
|
|
unsigned int proc; |
199 |
|
|
unsigned int dst; |
200 |
|
24 |
int fds[2]; |
201 |
|
|
|
202 |
|
|
/* Don't initiate anything if we are not really going to run. */ |
203 |
✗✓ |
12 |
if (ps->ps_noaction) |
204 |
|
|
return; |
205 |
|
|
|
206 |
✓✗ |
12 |
if (proc_id == PROC_PARENT) { |
207 |
|
12 |
privsep_process = PROC_PARENT; |
208 |
|
12 |
proc_setup(ps, procs, nproc); |
209 |
|
|
|
210 |
|
|
/* |
211 |
|
|
* Create the children sockets so we can use them |
212 |
|
|
* to distribute the rest of the socketpair()s using |
213 |
|
|
* proc_connect() later. |
214 |
|
|
*/ |
215 |
✓✓ |
120 |
for (dst = 0; dst < PROC_MAX; dst++) { |
216 |
|
|
/* Don't create socket for ourselves. */ |
217 |
✓✓ |
48 |
if (dst == PROC_PARENT) |
218 |
|
|
continue; |
219 |
|
|
|
220 |
✓✓ |
144 |
for (proc = 0; proc < ps->ps_instances[dst]; proc++) { |
221 |
|
36 |
pa = &ps->ps_pipes[PROC_PARENT][0]; |
222 |
|
36 |
pb = &ps->ps_pipes[dst][proc]; |
223 |
✗✓ |
72 |
if (socketpair(AF_UNIX, |
224 |
|
|
SOCK_STREAM | SOCK_NONBLOCK | SOCK_CLOEXEC, |
225 |
|
72 |
PF_UNSPEC, fds) == -1) |
226 |
|
|
fatal("%s: socketpair", __func__); |
227 |
|
|
|
228 |
|
36 |
pa->pp_pipes[dst][proc] = fds[0]; |
229 |
|
36 |
pb->pp_pipes[PROC_PARENT][0] = fds[1]; |
230 |
|
|
} |
231 |
|
|
} |
232 |
|
|
|
233 |
|
|
/* Engage! */ |
234 |
|
12 |
proc_exec(ps, procs, nproc, argc, argv); |
235 |
|
12 |
return; |
236 |
|
|
} |
237 |
|
|
|
238 |
|
|
/* Initialize a child */ |
239 |
|
|
for (proc = 0; proc < nproc; proc++) { |
240 |
|
|
if (procs[proc].p_id != proc_id) |
241 |
|
|
continue; |
242 |
|
|
p = &procs[proc]; |
243 |
|
|
break; |
244 |
|
|
} |
245 |
|
|
if (p == NULL || p->p_init == NULL) |
246 |
|
|
fatalx("%s: process %d missing process initialization", |
247 |
|
|
__func__, proc_id); |
248 |
|
|
|
249 |
|
|
p->p_init(ps, p); |
250 |
|
|
|
251 |
|
|
fatalx("failed to initiate child process"); |
252 |
|
12 |
} |
253 |
|
|
|
254 |
|
|
void |
255 |
|
|
proc_accept(struct privsep *ps, int fd, enum privsep_procid dst, |
256 |
|
|
unsigned int n) |
257 |
|
|
{ |
258 |
|
|
struct privsep_pipes *pp = ps->ps_pp; |
259 |
|
|
struct imsgev *iev; |
260 |
|
|
|
261 |
|
|
if (ps->ps_ievs[dst] == NULL) { |
262 |
|
|
#if DEBUG > 1 |
263 |
|
|
log_debug("%s: %s src %d %d to dst %d %d not connected", |
264 |
|
|
__func__, ps->ps_title[privsep_process], |
265 |
|
|
privsep_process, ps->ps_instance + 1, |
266 |
|
|
dst, n + 1); |
267 |
|
|
#endif |
268 |
|
|
close(fd); |
269 |
|
|
return; |
270 |
|
|
} |
271 |
|
|
|
272 |
|
|
if (pp->pp_pipes[dst][n] != -1) { |
273 |
|
|
log_warnx("%s: duplicated descriptor", __func__); |
274 |
|
|
close(fd); |
275 |
|
|
return; |
276 |
|
|
} else |
277 |
|
|
pp->pp_pipes[dst][n] = fd; |
278 |
|
|
|
279 |
|
|
iev = &ps->ps_ievs[dst][n]; |
280 |
|
|
imsg_init(&iev->ibuf, fd); |
281 |
|
|
event_set(&iev->ev, iev->ibuf.fd, iev->events, iev->handler, iev->data); |
282 |
|
|
event_add(&iev->ev, NULL); |
283 |
|
|
} |
284 |
|
|
|
285 |
|
|
void |
286 |
|
|
proc_setup(struct privsep *ps, struct privsep_proc *procs, unsigned int nproc) |
287 |
|
|
{ |
288 |
|
|
unsigned int i, j, src, dst, id; |
289 |
|
|
struct privsep_pipes *pp; |
290 |
|
|
|
291 |
|
|
/* Initialize parent title, ps_instances and procs. */ |
292 |
|
24 |
ps->ps_title[PROC_PARENT] = "parent"; |
293 |
|
|
|
294 |
✓✓ |
120 |
for (src = 0; src < PROC_MAX; src++) |
295 |
|
|
/* Default to 1 process instance */ |
296 |
✓✗ |
48 |
if (ps->ps_instances[src] < 1) |
297 |
|
48 |
ps->ps_instances[src] = 1; |
298 |
|
|
|
299 |
✓✓ |
96 |
for (src = 0; src < nproc; src++) { |
300 |
|
36 |
procs[src].p_ps = ps; |
301 |
✓✓ |
36 |
if (procs[src].p_cb == NULL) |
302 |
|
24 |
procs[src].p_cb = proc_dispatch_null; |
303 |
|
|
|
304 |
|
36 |
id = procs[src].p_id; |
305 |
|
36 |
ps->ps_title[id] = procs[src].p_title; |
306 |
✗✓ |
72 |
if ((ps->ps_ievs[id] = calloc(ps->ps_instances[id], |
307 |
|
36 |
sizeof(struct imsgev))) == NULL) |
308 |
|
|
fatal("%s: calloc", __func__); |
309 |
|
|
|
310 |
|
|
/* With this set up, we are ready to call imsg_init(). */ |
311 |
✓✓ |
144 |
for (i = 0; i < ps->ps_instances[id]; i++) { |
312 |
|
36 |
ps->ps_ievs[id][i].handler = proc_dispatch; |
313 |
|
36 |
ps->ps_ievs[id][i].events = EV_READ; |
314 |
|
36 |
ps->ps_ievs[id][i].proc = &procs[src]; |
315 |
|
36 |
ps->ps_ievs[id][i].data = &ps->ps_ievs[id][i]; |
316 |
|
|
} |
317 |
|
|
} |
318 |
|
|
|
319 |
|
|
/* |
320 |
|
|
* Allocate pipes for all process instances (incl. parent) |
321 |
|
|
* |
322 |
|
|
* - ps->ps_pipes: N:M mapping |
323 |
|
|
* N source processes connected to M destination processes: |
324 |
|
|
* [src][instances][dst][instances], for example |
325 |
|
|
* [PROC_RELAY][3][PROC_CA][3] |
326 |
|
|
* |
327 |
|
|
* - ps->ps_pp: per-process 1:M part of ps->ps_pipes |
328 |
|
|
* Each process instance has a destination array of socketpair fds: |
329 |
|
|
* [dst][instances], for example |
330 |
|
|
* [PROC_PARENT][0] |
331 |
|
|
*/ |
332 |
✓✓ |
120 |
for (src = 0; src < PROC_MAX; src++) { |
333 |
|
|
/* Allocate destination array for each process */ |
334 |
✗✓ |
96 |
if ((ps->ps_pipes[src] = calloc(ps->ps_instances[src], |
335 |
|
48 |
sizeof(struct privsep_pipes))) == NULL) |
336 |
|
|
fatal("%s: calloc", __func__); |
337 |
|
|
|
338 |
✓✓ |
192 |
for (i = 0; i < ps->ps_instances[src]; i++) { |
339 |
|
48 |
pp = &ps->ps_pipes[src][i]; |
340 |
|
|
|
341 |
✓✓ |
480 |
for (dst = 0; dst < PROC_MAX; dst++) { |
342 |
|
|
/* Allocate maximum fd integers */ |
343 |
✗✓ |
384 |
if ((pp->pp_pipes[dst] = |
344 |
|
192 |
calloc(ps->ps_instances[dst], |
345 |
|
192 |
sizeof(int))) == NULL) |
346 |
|
|
fatal("%s: calloc", __func__); |
347 |
|
|
|
348 |
|
|
/* Mark fd as unused */ |
349 |
✓✓ |
768 |
for (j = 0; j < ps->ps_instances[dst]; j++) |
350 |
|
192 |
pp->pp_pipes[dst][j] = -1; |
351 |
|
|
} |
352 |
|
|
} |
353 |
|
|
} |
354 |
|
|
|
355 |
|
12 |
ps->ps_pp = &ps->ps_pipes[privsep_process][ps->ps_instance]; |
356 |
|
12 |
} |
357 |
|
|
|
358 |
|
|
void |
359 |
|
|
proc_kill(struct privsep *ps) |
360 |
|
|
{ |
361 |
|
24 |
char *cause; |
362 |
|
|
pid_t pid; |
363 |
|
12 |
int len, status; |
364 |
|
|
|
365 |
✗✓ |
12 |
if (privsep_process != PROC_PARENT) |
366 |
|
|
return; |
367 |
|
|
|
368 |
|
12 |
proc_close(ps); |
369 |
|
|
|
370 |
|
12 |
do { |
371 |
|
48 |
pid = waitpid(WAIT_ANY, &status, 0); |
372 |
✓✓ |
48 |
if (pid <= 0) |
373 |
|
|
continue; |
374 |
|
|
|
375 |
✓✗✗✓
|
72 |
if (WIFSIGNALED(status)) { |
376 |
|
|
len = asprintf(&cause, "terminated; signal %d", |
377 |
|
|
WTERMSIG(status)); |
378 |
✓✗ |
36 |
} else if (WIFEXITED(status)) { |
379 |
✗✓ |
36 |
if (WEXITSTATUS(status) != 0) |
380 |
|
|
len = asprintf(&cause, "exited abnormally"); |
381 |
|
|
else |
382 |
|
|
len = 0; |
383 |
|
|
} else |
384 |
|
|
len = -1; |
385 |
|
|
|
386 |
✗✓ |
36 |
if (len == 0) { |
387 |
|
|
/* child exited OK, don't print a warning message */ |
388 |
|
|
} else if (len != -1) { |
389 |
|
|
log_warnx("lost child: pid %u %s", pid, cause); |
390 |
|
|
free(cause); |
391 |
|
|
} else |
392 |
|
|
log_warnx("lost child: pid %u", pid); |
393 |
✓✓✓✗ ✗✓ |
72 |
} while (pid != -1 || (pid == -1 && errno == EINTR)); |
394 |
|
24 |
} |
395 |
|
|
|
396 |
|
|
void |
397 |
|
|
proc_open(struct privsep *ps, int src, int dst) |
398 |
|
|
{ |
399 |
|
|
struct privsep_pipes *pa, *pb; |
400 |
|
144 |
struct privsep_fd pf; |
401 |
|
72 |
int fds[2]; |
402 |
|
|
unsigned int i, j; |
403 |
|
|
|
404 |
|
|
/* Exchange pipes between process. */ |
405 |
✓✓ |
288 |
for (i = 0; i < ps->ps_instances[src]; i++) { |
406 |
✓✓ |
288 |
for (j = 0; j < ps->ps_instances[dst]; j++) { |
407 |
|
|
/* Don't create sockets for ourself. */ |
408 |
✓✓✗✓
|
108 |
if (src == dst && i == j) |
409 |
|
|
continue; |
410 |
|
|
|
411 |
|
36 |
pa = &ps->ps_pipes[src][i]; |
412 |
|
36 |
pb = &ps->ps_pipes[dst][j]; |
413 |
✗✓ |
72 |
if (socketpair(AF_UNIX, |
414 |
|
|
SOCK_STREAM | SOCK_NONBLOCK | SOCK_CLOEXEC, |
415 |
|
72 |
PF_UNSPEC, fds) == -1) |
416 |
|
|
fatal("%s: socketpair", __func__); |
417 |
|
|
|
418 |
|
36 |
pa->pp_pipes[dst][j] = fds[0]; |
419 |
|
36 |
pb->pp_pipes[src][i] = fds[1]; |
420 |
|
|
|
421 |
|
36 |
pf.pf_procid = src; |
422 |
|
36 |
pf.pf_instance = i; |
423 |
✗✓ |
72 |
if (proc_compose_imsg(ps, dst, j, IMSG_CTL_PROCFD, |
424 |
|
72 |
-1, pb->pp_pipes[src][i], &pf, sizeof(pf)) == -1) |
425 |
|
|
fatal("%s: proc_compose_imsg", __func__); |
426 |
|
|
|
427 |
|
36 |
pf.pf_procid = dst; |
428 |
|
36 |
pf.pf_instance = j; |
429 |
✗✓ |
72 |
if (proc_compose_imsg(ps, src, i, IMSG_CTL_PROCFD, |
430 |
|
72 |
-1, pa->pp_pipes[dst][j], &pf, sizeof(pf)) == -1) |
431 |
|
|
fatal("%s: proc_compose_imsg", __func__); |
432 |
|
|
|
433 |
|
|
/* |
434 |
|
|
* We have to flush to send the descriptors and close |
435 |
|
|
* them to avoid the fd ramp on startup. |
436 |
|
|
*/ |
437 |
✓✗✗✓
|
72 |
if (proc_flush_imsg(ps, src, i) == -1 || |
438 |
|
36 |
proc_flush_imsg(ps, dst, j) == -1) |
439 |
|
|
fatal("%s: imsg_flush", __func__); |
440 |
|
|
} |
441 |
|
|
} |
442 |
|
72 |
} |
443 |
|
|
|
444 |
|
|
void |
445 |
|
|
proc_close(struct privsep *ps) |
446 |
|
|
{ |
447 |
|
|
unsigned int dst, n; |
448 |
|
|
struct privsep_pipes *pp; |
449 |
|
|
|
450 |
✗✓ |
24 |
if (ps == NULL) |
451 |
|
|
return; |
452 |
|
|
|
453 |
|
12 |
pp = ps->ps_pp; |
454 |
|
|
|
455 |
✓✓ |
120 |
for (dst = 0; dst < PROC_MAX; dst++) { |
456 |
✓✓ |
48 |
if (ps->ps_ievs[dst] == NULL) |
457 |
|
|
continue; |
458 |
|
|
|
459 |
✓✓ |
144 |
for (n = 0; n < ps->ps_instances[dst]; n++) { |
460 |
✓✗ |
36 |
if (pp->pp_pipes[dst][n] == -1) |
461 |
|
|
continue; |
462 |
|
|
|
463 |
|
|
/* Cancel the fd, close and invalidate the fd */ |
464 |
|
36 |
event_del(&(ps->ps_ievs[dst][n].ev)); |
465 |
|
36 |
imsg_clear(&(ps->ps_ievs[dst][n].ibuf)); |
466 |
|
36 |
close(pp->pp_pipes[dst][n]); |
467 |
|
36 |
pp->pp_pipes[dst][n] = -1; |
468 |
|
36 |
} |
469 |
|
36 |
free(ps->ps_ievs[dst]); |
470 |
|
36 |
} |
471 |
|
24 |
} |
472 |
|
|
|
473 |
|
|
void |
474 |
|
|
proc_shutdown(struct privsep_proc *p) |
475 |
|
|
{ |
476 |
|
|
struct privsep *ps = p->p_ps; |
477 |
|
|
|
478 |
|
|
if (p->p_id == PROC_CONTROL && ps) |
479 |
|
|
control_cleanup(&ps->ps_csock); |
480 |
|
|
|
481 |
|
|
if (p->p_shutdown != NULL) |
482 |
|
|
(*p->p_shutdown)(); |
483 |
|
|
|
484 |
|
|
proc_close(ps); |
485 |
|
|
|
486 |
|
|
log_info("%s exiting, pid %d", p->p_title, getpid()); |
487 |
|
|
|
488 |
|
|
exit(0); |
489 |
|
|
} |
490 |
|
|
|
491 |
|
|
void |
492 |
|
|
proc_sig_handler(int sig, short event, void *arg) |
493 |
|
|
{ |
494 |
|
|
struct privsep_proc *p = arg; |
495 |
|
|
|
496 |
|
|
switch (sig) { |
497 |
|
|
case SIGINT: |
498 |
|
|
case SIGTERM: |
499 |
|
|
proc_shutdown(p); |
500 |
|
|
break; |
501 |
|
|
case SIGCHLD: |
502 |
|
|
case SIGHUP: |
503 |
|
|
case SIGPIPE: |
504 |
|
|
case SIGUSR1: |
505 |
|
|
/* ignore */ |
506 |
|
|
break; |
507 |
|
|
default: |
508 |
|
|
fatalx("%s: unexpected signal", __func__); |
509 |
|
|
/* NOTREACHED */ |
510 |
|
|
} |
511 |
|
|
} |
512 |
|
|
|
513 |
|
|
void |
514 |
|
|
proc_run(struct privsep *ps, struct privsep_proc *p, |
515 |
|
|
struct privsep_proc *procs, unsigned int nproc, |
516 |
|
|
void (*run)(struct privsep *, struct privsep_proc *, void *), void *arg) |
517 |
|
|
{ |
518 |
|
|
struct passwd *pw; |
519 |
|
|
const char *root; |
520 |
|
|
struct control_sock *rcs; |
521 |
|
|
|
522 |
|
|
log_procinit(p->p_title); |
523 |
|
|
|
524 |
|
|
/* Set the process group of the current process */ |
525 |
|
|
setpgid(0, 0); |
526 |
|
|
|
527 |
|
|
if (p->p_id == PROC_CONTROL && ps->ps_instance == 0) { |
528 |
|
|
if (control_init(ps, &ps->ps_csock) == -1) |
529 |
|
|
fatalx("%s: control_init", __func__); |
530 |
|
|
TAILQ_FOREACH(rcs, &ps->ps_rcsocks, cs_entry) |
531 |
|
|
if (control_init(ps, rcs) == -1) |
532 |
|
|
fatalx("%s: control_init", __func__); |
533 |
|
|
} |
534 |
|
|
|
535 |
|
|
/* Use non-standard user */ |
536 |
|
|
if (p->p_pw != NULL) |
537 |
|
|
pw = p->p_pw; |
538 |
|
|
else |
539 |
|
|
pw = ps->ps_pw; |
540 |
|
|
|
541 |
|
|
/* Change root directory */ |
542 |
|
|
if (p->p_chroot != NULL) |
543 |
|
|
root = p->p_chroot; |
544 |
|
|
else |
545 |
|
|
root = pw->pw_dir; |
546 |
|
|
|
547 |
|
|
if (chroot(root) == -1) |
548 |
|
|
fatal("%s: chroot", __func__); |
549 |
|
|
if (chdir("/") == -1) |
550 |
|
|
fatal("%s: chdir(\"/\")", __func__); |
551 |
|
|
|
552 |
|
|
privsep_process = p->p_id; |
553 |
|
|
|
554 |
|
|
setproctitle("%s", p->p_title); |
555 |
|
|
|
556 |
|
|
if (setgroups(1, &pw->pw_gid) || |
557 |
|
|
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || |
558 |
|
|
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) |
559 |
|
|
fatal("%s: cannot drop privileges", __func__); |
560 |
|
|
|
561 |
|
|
event_init(); |
562 |
|
|
|
563 |
|
|
signal_set(&ps->ps_evsigint, SIGINT, proc_sig_handler, p); |
564 |
|
|
signal_set(&ps->ps_evsigterm, SIGTERM, proc_sig_handler, p); |
565 |
|
|
signal_set(&ps->ps_evsigchld, SIGCHLD, proc_sig_handler, p); |
566 |
|
|
signal_set(&ps->ps_evsighup, SIGHUP, proc_sig_handler, p); |
567 |
|
|
signal_set(&ps->ps_evsigpipe, SIGPIPE, proc_sig_handler, p); |
568 |
|
|
signal_set(&ps->ps_evsigusr1, SIGUSR1, proc_sig_handler, p); |
569 |
|
|
|
570 |
|
|
signal_add(&ps->ps_evsigint, NULL); |
571 |
|
|
signal_add(&ps->ps_evsigterm, NULL); |
572 |
|
|
signal_add(&ps->ps_evsigchld, NULL); |
573 |
|
|
signal_add(&ps->ps_evsighup, NULL); |
574 |
|
|
signal_add(&ps->ps_evsigpipe, NULL); |
575 |
|
|
signal_add(&ps->ps_evsigusr1, NULL); |
576 |
|
|
|
577 |
|
|
proc_setup(ps, procs, nproc); |
578 |
|
|
proc_accept(ps, PROC_PARENT_SOCK_FILENO, PROC_PARENT, 0); |
579 |
|
|
if (p->p_id == PROC_CONTROL && ps->ps_instance == 0) { |
580 |
|
|
TAILQ_INIT(&ctl_conns); |
581 |
|
|
if (control_listen(&ps->ps_csock) == -1) |
582 |
|
|
fatalx("%s: control_listen", __func__); |
583 |
|
|
TAILQ_FOREACH(rcs, &ps->ps_rcsocks, cs_entry) |
584 |
|
|
if (control_listen(rcs) == -1) |
585 |
|
|
fatalx("%s: control_listen", __func__); |
586 |
|
|
} |
587 |
|
|
|
588 |
|
|
DPRINTF("%s: %s %d/%d, pid %d", __func__, p->p_title, |
589 |
|
|
ps->ps_instance + 1, ps->ps_instances[p->p_id], getpid()); |
590 |
|
|
|
591 |
|
|
if (run != NULL) |
592 |
|
|
run(ps, p, arg); |
593 |
|
|
|
594 |
|
|
event_dispatch(); |
595 |
|
|
|
596 |
|
|
proc_shutdown(p); |
597 |
|
|
} |
598 |
|
|
|
599 |
|
|
void |
600 |
|
|
proc_dispatch(int fd, short event, void *arg) |
601 |
|
|
{ |
602 |
|
24 |
struct imsgev *iev = arg; |
603 |
|
12 |
struct privsep_proc *p = iev->proc; |
604 |
|
12 |
struct privsep *ps = p->p_ps; |
605 |
|
|
struct imsgbuf *ibuf; |
606 |
|
12 |
struct imsg imsg; |
607 |
|
|
ssize_t n; |
608 |
|
|
int verbose; |
609 |
|
|
const char *title; |
610 |
|
|
struct privsep_fd pf; |
611 |
|
|
|
612 |
|
12 |
title = ps->ps_title[privsep_process]; |
613 |
|
12 |
ibuf = &iev->ibuf; |
614 |
|
|
|
615 |
✗✓ |
12 |
if (event & EV_READ) { |
616 |
|
|
if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN) |
617 |
|
|
fatal("%s: imsg_read", __func__); |
618 |
|
|
if (n == 0) { |
619 |
|
|
/* this pipe is dead, so remove the event handler */ |
620 |
|
|
event_del(&iev->ev); |
621 |
|
|
event_loopexit(NULL); |
622 |
|
|
return; |
623 |
|
|
} |
624 |
|
|
} |
625 |
|
|
|
626 |
✓✗ |
12 |
if (event & EV_WRITE) { |
627 |
✗✓✗✗
|
12 |
if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN) |
628 |
|
|
fatal("%s: msgbuf_write", __func__); |
629 |
✗✓ |
12 |
if (n == 0) { |
630 |
|
|
/* this pipe is dead, so remove the event handler */ |
631 |
|
|
event_del(&iev->ev); |
632 |
|
|
event_loopexit(NULL); |
633 |
|
|
return; |
634 |
|
|
} |
635 |
|
|
} |
636 |
|
|
|
637 |
|
12 |
for (;;) { |
638 |
✗✓ |
12 |
if ((n = imsg_get(ibuf, &imsg)) == -1) |
639 |
|
|
fatal("%s: imsg_get", __func__); |
640 |
✗✓ |
12 |
if (n == 0) |
641 |
|
|
break; |
642 |
|
|
|
643 |
|
|
#if DEBUG > 1 |
644 |
|
|
log_debug("%s: %s %d got imsg %d peerid %d from %s %d", |
645 |
|
|
__func__, title, ps->ps_instance + 1, |
646 |
|
|
imsg.hdr.type, imsg.hdr.peerid, p->p_title, imsg.hdr.pid); |
647 |
|
|
#endif |
648 |
|
|
|
649 |
|
|
/* |
650 |
|
|
* Check the message with the program callback |
651 |
|
|
*/ |
652 |
|
|
if ((p->p_cb)(fd, p, &imsg) == 0) { |
653 |
|
|
/* Message was handled by the callback, continue */ |
654 |
|
|
imsg_free(&imsg); |
655 |
|
|
continue; |
656 |
|
|
} |
657 |
|
|
|
658 |
|
|
/* |
659 |
|
|
* Generic message handling |
660 |
|
|
*/ |
661 |
|
|
switch (imsg.hdr.type) { |
662 |
|
|
case IMSG_CTL_VERBOSE: |
663 |
|
|
IMSG_SIZE_CHECK(&imsg, &verbose); |
664 |
|
|
memcpy(&verbose, imsg.data, sizeof(verbose)); |
665 |
|
|
log_setverbose(verbose); |
666 |
|
|
break; |
667 |
|
|
case IMSG_CTL_PROCFD: |
668 |
|
|
IMSG_SIZE_CHECK(&imsg, &pf); |
669 |
|
|
memcpy(&pf, imsg.data, sizeof(pf)); |
670 |
|
|
proc_accept(ps, imsg.fd, pf.pf_procid, |
671 |
|
|
pf.pf_instance); |
672 |
|
|
break; |
673 |
|
|
default: |
674 |
|
|
fatalx("%s: %s %d got invalid imsg %d peerid %d " |
675 |
|
|
"from %s %d", |
676 |
|
|
__func__, title, ps->ps_instance + 1, |
677 |
|
|
imsg.hdr.type, imsg.hdr.peerid, |
678 |
|
|
p->p_title, imsg.hdr.pid); |
679 |
|
|
} |
680 |
|
|
imsg_free(&imsg); |
681 |
|
|
} |
682 |
|
12 |
imsg_event_add(iev); |
683 |
|
24 |
} |
684 |
|
|
|
685 |
|
|
int |
686 |
|
|
proc_dispatch_null(int fd, struct privsep_proc *p, struct imsg *imsg) |
687 |
|
|
{ |
688 |
|
|
return (-1); |
689 |
|
|
} |
690 |
|
|
|
691 |
|
|
/* |
692 |
|
|
* imsg helper functions |
693 |
|
|
*/ |
694 |
|
|
|
695 |
|
|
void |
696 |
|
|
imsg_event_add(struct imsgev *iev) |
697 |
|
|
{ |
698 |
✗✓ |
336 |
if (iev->handler == NULL) { |
699 |
|
|
imsg_flush(&iev->ibuf); |
700 |
|
|
return; |
701 |
|
|
} |
702 |
|
|
|
703 |
|
168 |
iev->events = EV_READ; |
704 |
✓✓ |
168 |
if (iev->ibuf.w.queued) |
705 |
|
84 |
iev->events |= EV_WRITE; |
706 |
|
|
|
707 |
|
168 |
event_del(&iev->ev); |
708 |
|
168 |
event_set(&iev->ev, iev->ibuf.fd, iev->events, iev->handler, iev->data); |
709 |
|
168 |
event_add(&iev->ev, NULL); |
710 |
|
336 |
} |
711 |
|
|
|
712 |
|
|
int |
713 |
|
|
imsg_compose_event(struct imsgev *iev, uint16_t type, uint32_t peerid, |
714 |
|
|
pid_t pid, int fd, void *data, uint16_t datalen) |
715 |
|
|
{ |
716 |
|
|
int ret; |
717 |
|
|
|
718 |
✗✓ |
252 |
if ((ret = imsg_compose(&iev->ibuf, type, peerid, |
719 |
|
84 |
pid, fd, data, datalen)) == -1) |
720 |
|
|
return (ret); |
721 |
|
84 |
imsg_event_add(iev); |
722 |
|
84 |
return (ret); |
723 |
|
84 |
} |
724 |
|
|
|
725 |
|
|
int |
726 |
|
|
imsg_composev_event(struct imsgev *iev, uint16_t type, uint32_t peerid, |
727 |
|
|
pid_t pid, int fd, const struct iovec *iov, int iovcnt) |
728 |
|
|
{ |
729 |
|
|
int ret; |
730 |
|
|
|
731 |
|
|
if ((ret = imsg_composev(&iev->ibuf, type, peerid, |
732 |
|
|
pid, fd, iov, iovcnt)) == -1) |
733 |
|
|
return (ret); |
734 |
|
|
imsg_event_add(iev); |
735 |
|
|
return (ret); |
736 |
|
|
} |
737 |
|
|
|
738 |
|
|
void |
739 |
|
|
proc_range(struct privsep *ps, enum privsep_procid id, int *n, int *m) |
740 |
|
|
{ |
741 |
✓✓ |
456 |
if (*n == -1) { |
742 |
|
|
/* Use a range of all target instances */ |
743 |
|
12 |
*n = 0; |
744 |
|
12 |
*m = ps->ps_instances[id]; |
745 |
|
12 |
} else { |
746 |
|
|
/* Use only a single slot of the specified peer process */ |
747 |
|
216 |
*m = *n + 1; |
748 |
|
|
} |
749 |
|
228 |
} |
750 |
|
|
|
751 |
|
|
int |
752 |
|
|
proc_compose_imsg(struct privsep *ps, enum privsep_procid id, int n, |
753 |
|
|
uint16_t type, uint32_t peerid, int fd, void *data, uint16_t datalen) |
754 |
|
|
{ |
755 |
|
84 |
int m; |
756 |
|
|
|
757 |
|
84 |
proc_range(ps, id, &n, &m); |
758 |
✓✓ |
336 |
for (; n < m; n++) { |
759 |
✗✓ |
252 |
if (imsg_compose_event(&ps->ps_ievs[id][n], |
760 |
|
168 |
type, peerid, ps->ps_instance + 1, fd, data, datalen) == -1) |
761 |
|
|
return (-1); |
762 |
|
|
} |
763 |
|
|
|
764 |
|
84 |
return (0); |
765 |
|
84 |
} |
766 |
|
|
|
767 |
|
|
int |
768 |
|
|
proc_compose(struct privsep *ps, enum privsep_procid id, |
769 |
|
|
uint16_t type, void *data, uint16_t datalen) |
770 |
|
|
{ |
771 |
|
|
return (proc_compose_imsg(ps, id, -1, type, -1, -1, data, datalen)); |
772 |
|
|
} |
773 |
|
|
|
774 |
|
|
int |
775 |
|
|
proc_composev_imsg(struct privsep *ps, enum privsep_procid id, int n, |
776 |
|
|
uint16_t type, uint32_t peerid, int fd, const struct iovec *iov, int iovcnt) |
777 |
|
|
{ |
778 |
|
|
int m; |
779 |
|
|
|
780 |
|
|
proc_range(ps, id, &n, &m); |
781 |
|
|
for (; n < m; n++) |
782 |
|
|
if (imsg_composev_event(&ps->ps_ievs[id][n], |
783 |
|
|
type, peerid, ps->ps_instance + 1, fd, iov, iovcnt) == -1) |
784 |
|
|
return (-1); |
785 |
|
|
|
786 |
|
|
return (0); |
787 |
|
|
} |
788 |
|
|
|
789 |
|
|
int |
790 |
|
|
proc_composev(struct privsep *ps, enum privsep_procid id, |
791 |
|
|
uint16_t type, const struct iovec *iov, int iovcnt) |
792 |
|
|
{ |
793 |
|
|
return (proc_composev_imsg(ps, id, -1, type, -1, -1, iov, iovcnt)); |
794 |
|
|
} |
795 |
|
|
|
796 |
|
|
int |
797 |
|
|
proc_forward_imsg(struct privsep *ps, struct imsg *imsg, |
798 |
|
|
enum privsep_procid id, int n) |
799 |
|
|
{ |
800 |
|
|
return (proc_compose_imsg(ps, id, n, imsg->hdr.type, |
801 |
|
|
imsg->hdr.peerid, imsg->fd, imsg->data, IMSG_DATA_SIZE(imsg))); |
802 |
|
|
} |
803 |
|
|
|
804 |
|
|
struct imsgbuf * |
805 |
|
|
proc_ibuf(struct privsep *ps, enum privsep_procid id, int n) |
806 |
|
|
{ |
807 |
|
72 |
int m; |
808 |
|
|
|
809 |
|
72 |
proc_range(ps, id, &n, &m); |
810 |
|
144 |
return (&ps->ps_ievs[id][n].ibuf); |
811 |
|
72 |
} |
812 |
|
|
|
813 |
|
|
struct imsgev * |
814 |
|
|
proc_iev(struct privsep *ps, enum privsep_procid id, int n) |
815 |
|
|
{ |
816 |
|
|
int m; |
817 |
|
|
|
818 |
|
|
proc_range(ps, id, &n, &m); |
819 |
|
|
return (&ps->ps_ievs[id][n]); |
820 |
|
|
} |
821 |
|
|
|
822 |
|
|
/* This function should only be called with care as it breaks async I/O */ |
823 |
|
|
int |
824 |
|
|
proc_flush_imsg(struct privsep *ps, enum privsep_procid id, int n) |
825 |
|
|
{ |
826 |
|
|
struct imsgbuf *ibuf; |
827 |
|
72 |
int m, ret = 0; |
828 |
|
|
|
829 |
|
72 |
proc_range(ps, id, &n, &m); |
830 |
✓✓ |
288 |
for (; n < m; n++) { |
831 |
✗✓ |
72 |
if ((ibuf = proc_ibuf(ps, id, n)) == NULL) |
832 |
|
|
return (-1); |
833 |
|
72 |
do { |
834 |
|
72 |
ret = imsg_flush(ibuf); |
835 |
✗✓✗✗
|
72 |
} while (ret == -1 && errno == EAGAIN); |
836 |
✓✗ |
72 |
if (ret == -1) |
837 |
|
|
break; |
838 |
|
72 |
imsg_event_add(&ps->ps_ievs[id][n]); |
839 |
|
|
} |
840 |
|
|
|
841 |
|
72 |
return (ret); |
842 |
|
72 |
} |