2 b0a6bcf7 2022-09-13 op * Copyright (c) 2022 Omar Polo <op@omarpolo.com>
3 b0a6bcf7 2022-09-13 op * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
5 b0a6bcf7 2022-09-13 op * Permission to use, copy, modify, and distribute this software for any
6 b0a6bcf7 2022-09-13 op * purpose with or without fee is hereby granted, provided that the above
7 b0a6bcf7 2022-09-13 op * copyright notice and this permission notice appear in all copies.
9 b0a6bcf7 2022-09-13 op * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 b0a6bcf7 2022-09-13 op * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 b0a6bcf7 2022-09-13 op * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 b0a6bcf7 2022-09-13 op * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 b0a6bcf7 2022-09-13 op * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 b0a6bcf7 2022-09-13 op * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 b0a6bcf7 2022-09-13 op * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 b0a6bcf7 2022-09-13 op #include <sys/types.h>
19 b0a6bcf7 2022-09-13 op #include <sys/queue.h>
20 b0a6bcf7 2022-09-13 op #include <sys/tree.h>
21 b0a6bcf7 2022-09-13 op #include <sys/socket.h>
22 b0a6bcf7 2022-09-13 op #include <sys/uio.h>
24 b0a6bcf7 2022-09-13 op #include <netinet/in.h>
25 b0a6bcf7 2022-09-13 op #include <arpa/inet.h>
27 b0a6bcf7 2022-09-13 op #include <errno.h>
28 b0a6bcf7 2022-09-13 op #include <event.h>
29 b0a6bcf7 2022-09-13 op #include <limits.h>
30 b0a6bcf7 2022-09-13 op #include <locale.h>
31 b0a6bcf7 2022-09-13 op #include <pwd.h>
32 b0a6bcf7 2022-09-13 op #include <signal.h>
33 b0a6bcf7 2022-09-13 op #include <stdint.h>
34 b0a6bcf7 2022-09-13 op #include <stdio.h>
35 b0a6bcf7 2022-09-13 op #include <stdlib.h>
36 b0a6bcf7 2022-09-13 op #include <string.h>
37 b0a6bcf7 2022-09-13 op #include <syslog.h>
38 b0a6bcf7 2022-09-13 op #include <unistd.h>
39 b0a6bcf7 2022-09-13 op #include <imsg.h>
41 b0a6bcf7 2022-09-13 op #include "log.h"
42 b0a6bcf7 2022-09-13 op #include "proc.h"
43 b0a6bcf7 2022-09-13 op #include "xmalloc.h"
45 b0a6bcf7 2022-09-13 op #include "galileo.h"
47 b0a6bcf7 2022-09-13 op static int parent_configure(struct galileo *);
48 b0a6bcf7 2022-09-13 op static void parent_configure_done(struct galileo *);
49 b0a6bcf7 2022-09-13 op static void parent_reload(struct galileo *);
50 b0a6bcf7 2022-09-13 op static void parent_sig_handler(int, short, void *);
51 b0a6bcf7 2022-09-13 op static int parent_dispatch_proxy(int, struct privsep_proc *,
52 b0a6bcf7 2022-09-13 op struct imsg *);
53 b0a6bcf7 2022-09-13 op static __dead void parent_shutdown(struct galileo *);
55 b0a6bcf7 2022-09-13 op static struct privsep_proc procs[] = {
56 b0a6bcf7 2022-09-13 op { "proxy", PROC_PROXY, parent_dispatch_proxy, proxy },
59 b0a6bcf7 2022-09-13 op int privsep_process;
61 83f0f95a 2022-09-29 op const char *conffile = GALILEO_CONF;
63 b0a6bcf7 2022-09-13 op static __dead void
66 b0a6bcf7 2022-09-13 op fprintf(stderr, "usage: %s [-dnv] [-D macro=value] [-f file]",
67 b0a6bcf7 2022-09-13 op getprogname());
72 b0a6bcf7 2022-09-13 op main(int argc, char **argv)
74 b0a6bcf7 2022-09-13 op struct galileo *env;
75 b0a6bcf7 2022-09-13 op struct privsep *ps;
76 b0a6bcf7 2022-09-13 op const char *errstr;
77 b0a6bcf7 2022-09-13 op const char *title = NULL;
79 b0a6bcf7 2022-09-13 op int conftest = 0, debug = 0, verbose = 0;
80 b0a6bcf7 2022-09-13 op int argc0 = argc, ch;
81 b0a6bcf7 2022-09-13 op int proc_id = PROC_PARENT;
82 b0a6bcf7 2022-09-13 op int proc_instance = 0;
84 b0a6bcf7 2022-09-13 op setlocale(LC_CTYPE, "");
86 b0a6bcf7 2022-09-13 op /* log to stderr until daemonized */
87 b0a6bcf7 2022-09-13 op log_init(1, LOG_DAEMON);
88 b0a6bcf7 2022-09-13 op log_setverbose(verbose);
90 b0a6bcf7 2022-09-13 op while ((ch = getopt(argc, argv, "D:df:I:nP:v")) != -1) {
93 b0a6bcf7 2022-09-13 op if (cmdline_symset(optarg) < 0)
94 b0a6bcf7 2022-09-13 op log_warnx("could not parse macro definition %s",
101 b0a6bcf7 2022-09-13 op conffile = optarg;
104 b0a6bcf7 2022-09-13 op proc_instance = strtonum(optarg, 0, PROC_MAX_INSTANCES,
106 b0a6bcf7 2022-09-13 op if (errstr != NULL)
107 b0a6bcf7 2022-09-13 op fatalx("invalid process instance");
110 b0a6bcf7 2022-09-13 op conftest = 1;
113 b0a6bcf7 2022-09-13 op title = optarg;
114 b0a6bcf7 2022-09-13 op proc_id = proc_getid(procs, nitems(procs), title);
115 b0a6bcf7 2022-09-13 op if (proc_id == PROC_MAX)
116 b0a6bcf7 2022-09-13 op fatalx("invalid process name");
125 b0a6bcf7 2022-09-13 op argc -= optind;
126 b0a6bcf7 2022-09-13 op if (argc != 0)
129 b0a6bcf7 2022-09-13 op if (geteuid())
130 b0a6bcf7 2022-09-13 op fatalx("need root privileges");
132 b0a6bcf7 2022-09-13 op log_setverbose(verbose);
134 b0a6bcf7 2022-09-13 op env = xcalloc(1, sizeof(*env));
135 b0a6bcf7 2022-09-13 op config_init(env);
136 b0a6bcf7 2022-09-13 op if (parse_config(conffile, env) == -1)
139 b0a6bcf7 2022-09-13 op if (conftest) {
140 b0a6bcf7 2022-09-13 op fprintf(stderr, "configuration OK\n");
144 b0a6bcf7 2022-09-13 op ps = xcalloc(1, sizeof(*ps));
145 b0a6bcf7 2022-09-13 op ps->ps_env = env;
146 b0a6bcf7 2022-09-13 op env->sc_ps = ps;
147 b0a6bcf7 2022-09-13 op if ((ps->ps_pw = getpwnam(GALILEO_USER)) == NULL)
148 b0a6bcf7 2022-09-13 op fatalx("unknown user %s", GALILEO_USER);
150 b0a6bcf7 2022-09-13 op ps->ps_instances[PROC_PROXY] = env->sc_prefork;
151 b0a6bcf7 2022-09-13 op ps->ps_instance = proc_instance;
152 b0a6bcf7 2022-09-13 op if (title != NULL)
153 b0a6bcf7 2022-09-13 op ps->ps_title[proc_id] = title;
155 b0a6bcf7 2022-09-13 op if (*env->sc_chroot == '\0') {
156 b0a6bcf7 2022-09-13 op if (strlcpy(env->sc_chroot, ps->ps_pw->pw_dir,
157 b0a6bcf7 2022-09-13 op sizeof(env->sc_chroot)) >= sizeof(env->sc_chroot))
158 b0a6bcf7 2022-09-13 op fatalx("chroot path too long!");
161 b0a6bcf7 2022-09-13 op for (i = 0; i < nitems(procs); ++i)
162 b0a6bcf7 2022-09-13 op procs[i].p_chroot = env->sc_chroot;
164 b0a6bcf7 2022-09-13 op /* only the parent returns */
165 b0a6bcf7 2022-09-13 op proc_init(ps, procs, nitems(procs), debug, argc0, argv, proc_id);
167 b0a6bcf7 2022-09-13 op log_procinit("parent");
168 b0a6bcf7 2022-09-13 op if (!debug && daemon(0, 0) == -1)
169 b0a6bcf7 2022-09-13 op fatal("failed to daemonize");
171 b0a6bcf7 2022-09-13 op log_init(debug, LOG_DAEMON);
173 b0a6bcf7 2022-09-13 op log_info("startup");
175 b0a6bcf7 2022-09-13 op /* if (pledge("stdio rpath wpath cpath unix fattr sendfd", NULL) == -1) */
176 b0a6bcf7 2022-09-13 op /* fatal("pledge"); */
178 b0a6bcf7 2022-09-13 op event_init();
180 b0a6bcf7 2022-09-13 op signal(SIGPIPE, SIG_IGN);
182 b0a6bcf7 2022-09-13 op signal_set(&ps->ps_evsigint, SIGINT, parent_sig_handler, ps);
183 b0a6bcf7 2022-09-13 op signal_set(&ps->ps_evsigterm, SIGTERM, parent_sig_handler, ps);
184 b0a6bcf7 2022-09-13 op signal_set(&ps->ps_evsigchld, SIGCHLD, parent_sig_handler, ps);
185 b0a6bcf7 2022-09-13 op signal_set(&ps->ps_evsighup, SIGHUP, parent_sig_handler, ps);
187 b0a6bcf7 2022-09-13 op signal_add(&ps->ps_evsigint, NULL);
188 b0a6bcf7 2022-09-13 op signal_add(&ps->ps_evsigterm, NULL);
189 b0a6bcf7 2022-09-13 op signal_add(&ps->ps_evsigchld, NULL);
190 b0a6bcf7 2022-09-13 op signal_add(&ps->ps_evsighup, NULL);
192 b0a6bcf7 2022-09-13 op proc_connect(ps);
194 b0a6bcf7 2022-09-13 op if (parent_configure(env) == -1)
195 b0a6bcf7 2022-09-13 op fatalx("configuration failed");
197 b0a6bcf7 2022-09-13 op event_dispatch();
199 b0a6bcf7 2022-09-13 op parent_shutdown(env);
200 b0a6bcf7 2022-09-13 op /* NOTREACHED */
206 b0a6bcf7 2022-09-13 op parent_configure(struct galileo *env)
208 afb86b2c 2022-09-23 op struct proxy *proxy;
211 afb86b2c 2022-09-23 op TAILQ_FOREACH(proxy, &env->sc_proxies, pr_entry) {
212 afb86b2c 2022-09-23 op if (config_setproxy(env, proxy) == -1)
213 afb86b2c 2022-09-23 op fatal("send proxy");
216 b0a6bcf7 2022-09-13 op /* XXX: eventually they will be more than just one */
217 b0a6bcf7 2022-09-13 op if (config_setsock(env) == -1)
218 b0a6bcf7 2022-09-13 op fatal("send socket");
220 afb86b2c 2022-09-23 op /* The proxiess need to reload their config. */
221 b0a6bcf7 2022-09-13 op env->sc_reload = env->sc_prefork;
223 b0a6bcf7 2022-09-13 op for (id = 0; id < PROC_MAX; id++) {
224 b0a6bcf7 2022-09-13 op if (id == privsep_process)
226 b0a6bcf7 2022-09-13 op proc_compose(env->sc_ps, id, IMSG_CFG_DONE, env, sizeof(env));
229 b0a6bcf7 2022-09-13 op config_purge(env);
234 b0a6bcf7 2022-09-13 op parent_configure_done(struct galileo *env)
238 b0a6bcf7 2022-09-13 op if (env->sc_reload == 0) {
239 b0a6bcf7 2022-09-13 op log_warnx("configuration already finished");
243 b0a6bcf7 2022-09-13 op env->sc_reload--;
244 b0a6bcf7 2022-09-13 op if (env->sc_reload == 0) {
245 b0a6bcf7 2022-09-13 op for (id = 0; id < PROC_MAX; ++id) {
246 b0a6bcf7 2022-09-13 op if (id == privsep_process)
249 b0a6bcf7 2022-09-13 op proc_compose(env->sc_ps, id, IMSG_CTL_START, NULL, 0);
255 b0a6bcf7 2022-09-13 op parent_reload(struct galileo *env)
257 b0a6bcf7 2022-09-13 op if (env->sc_reload) {
258 b0a6bcf7 2022-09-13 op log_debug("%s: already in progress: %d pending",
259 b0a6bcf7 2022-09-13 op __func__, env->sc_reload);
262 b0a6bcf7 2022-09-13 op log_debug("%s: config file %s", __func__, conffile);
264 b0a6bcf7 2022-09-13 op config_purge(env);
266 b0a6bcf7 2022-09-13 op if (parse_config(conffile, env) == -1) {
267 b0a6bcf7 2022-09-13 op log_warnx("failed to load config file: %s", conffile);
271 b0a6bcf7 2022-09-13 op config_setreset(env);
272 b0a6bcf7 2022-09-13 op parent_configure(env);
276 b0a6bcf7 2022-09-13 op parent_sig_handler(int sig, short ev, void *arg)
278 b0a6bcf7 2022-09-13 op struct privsep *ps = arg;
281 b0a6bcf7 2022-09-13 op * Normal signal handler rules don't apply because libevent
282 b0a6bcf7 2022-09-13 op * decouples for us.
285 b0a6bcf7 2022-09-13 op switch (sig) {
287 b0a6bcf7 2022-09-13 op if (privsep_process != PROC_PARENT)
289 b0a6bcf7 2022-09-13 op log_info("reload requested with SIGHUP");
290 b0a6bcf7 2022-09-13 op parent_reload(ps->ps_env);
292 b0a6bcf7 2022-09-13 op case SIGCHLD:
293 b0a6bcf7 2022-09-13 op log_warnx("one child died, quitting.");
294 02be3606 2022-09-29 op /* fallthrough */
295 b0a6bcf7 2022-09-13 op case SIGTERM:
297 b0a6bcf7 2022-09-13 op parent_shutdown(ps->ps_env);
300 b0a6bcf7 2022-09-13 op fatalx("unexpected signal %d", sig);
305 b0a6bcf7 2022-09-13 op parent_dispatch_proxy(int fd, struct privsep_proc *p, struct imsg *imsg)
307 b0a6bcf7 2022-09-13 op struct privsep *ps = p->p_ps;
308 b0a6bcf7 2022-09-13 op struct galileo *env = ps->ps_env;
310 b0a6bcf7 2022-09-13 op switch (imsg->hdr.type) {
311 b0a6bcf7 2022-09-13 op case IMSG_CFG_DONE:
312 b0a6bcf7 2022-09-13 op parent_configure_done(env);
321 b0a6bcf7 2022-09-13 op static __dead void
322 b0a6bcf7 2022-09-13 op parent_shutdown(struct galileo *env)
324 b0a6bcf7 2022-09-13 op config_purge(env);
326 b0a6bcf7 2022-09-13 op proc_kill(env->sc_ps);
328 b0a6bcf7 2022-09-13 op free(env->sc_ps);
331 b0a6bcf7 2022-09-13 op log_info("parent terminating, pid %d", getpid());
336 b0a6bcf7 2022-09-13 op accept_reserve(int sockfd, struct sockaddr *addr, socklen_t *addrlen,
337 b0a6bcf7 2022-09-13 op int reserve, volatile int *counter)
340 b0a6bcf7 2022-09-13 op if (getdtablecount() + reserve +
341 b0a6bcf7 2022-09-13 op *counter >= getdtablesize()) {
342 b0a6bcf7 2022-09-13 op errno = EMFILE;
346 b0a6bcf7 2022-09-13 op if ((ret = accept4(sockfd, addr, addrlen, SOCK_NONBLOCK)) > -1) {
347 b0a6bcf7 2022-09-13 op (*counter)++;
348 b0a6bcf7 2022-09-13 op log_debug("%s: inflight incremented, now %d",__func__, *counter);
350 b0a6bcf7 2022-09-13 op return (ret);