1 /*
2  * Copyright (c) 2020, 2021, 2022 Omar Polo <op@omarpolo.com>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include "gmid.h"
18 
19 #include <sys/stat.h>
20 
21 #include <errno.h>
22 #include <fcntl.h>
23 #include <getopt.h>
24 #include <locale.h>
25 #include <libgen.h>
26 #include <limits.h>
27 #include <grp.h>
28 #include <pwd.h>
29 #include <signal.h>
30 #include <string.h>
31 
32 #include "logger.h"
33 
34 static const char	*opts = "c:D:fhnP:Vv";
35 
36 static const struct option longopts[] = {
37 	{"help",	no_argument,		NULL,	'h'},
38 	{"version",	no_argument,		NULL,	'V'},
39 	{NULL,		0,			NULL,	0},
40 };
41 
42 struct fcgi fcgi[FCGI_MAX];
43 
44 struct vhosthead hosts;
45 
46 int sock4, sock6;
47 
48 struct imsgbuf logibuf, servibuf[PREFORK_MAX];
49 
50 const char *config_path = "/etc/gmid.conf";
51 const char *pidfile;
52 
53 struct conf conf;
54 
55 static void
56 dummy_handler(int signo)
57 {
58 	return;
59 }
60 
61 int
62 make_socket(int port, int family)
63 {
64 	int sock, v;
65 	struct sockaddr_in addr4;
66 	struct sockaddr_in6 addr6;
67 	struct sockaddr *addr;
68 	socklen_t len;
69 
70 	switch (family) {
71 	case AF_INET:
72 		memset(&addr4, 0, sizeof(addr4));
73 		addr4.sin_family = family;
74 		addr4.sin_port = htons(port);
75 		addr4.sin_addr.s_addr = INADDR_ANY;
76 		addr = (struct sockaddr*)&addr4;
77 		len = sizeof(addr4);
78 		break;
79 
80 	case AF_INET6:
81 		memset(&addr6, 0, sizeof(addr6));
82 		addr6.sin6_family = AF_INET6;
83 		addr6.sin6_port = htons(port);
84 		addr6.sin6_addr = in6addr_any;
85 		addr = (struct sockaddr*)&addr6;
86 		len = sizeof(addr6);
87 		break;
88 
89 	default:
90 		/* unreachable */
91 		abort();
92 	}
93 
94 	if ((sock = socket(family, SOCK_STREAM, 0)) == -1)
95 		fatal("socket");
96 
97 	v = 1;
98 	if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &v, sizeof(v)) == -1)
99 		fatal("setsockopt(SO_REUSEADDR)");
100 
101 	v = 1;
102 	if (setsockopt(sock, SOL_SOCKET, SO_REUSEPORT, &v, sizeof(v)) == -1)
103 		fatal("setsockopt(SO_REUSEPORT)");
104 
105 	mark_nonblock(sock);
106 
107 	if (bind(sock, addr, len) == -1)
108 		fatal("bind");
109 
110 	if (listen(sock, 16) == -1)
111 		fatal("listen");
112 
113 	return sock;
114 }
115 
116 static int
117 wait_signal(void)
118 {
119 	sigset_t mask;
120 	int signo;
121 
122 	sigemptyset(&mask);
123 	sigaddset(&mask, SIGHUP);
124 	sigaddset(&mask, SIGINT);
125 	sigaddset(&mask, SIGTERM);
126 	sigwait(&mask, &signo);
127 
128 	return signo == SIGHUP;
129 }
130 
131 void
132 drop_priv(void)
133 {
134 	struct passwd *pw = NULL;
135 
136 	if (*conf.chroot != '\0' && *conf.user == '\0')
137 		fatalx("can't chroot without an user to switch to after.");
138 
139 	if (*conf.user != '\0') {
140 		if ((pw = getpwnam(conf.user)) == NULL)
141 			fatalx("can't find user %s", conf.user);
142 	}
143 
144 	if (*conf.chroot != '\0') {
145 		if (chroot(conf.chroot) != 0 || chdir("/") != 0)
146 			fatal("%s", conf.chroot);
147 	}
148 
149 	if (pw != NULL) {
150 		if (setgroups(1, &pw->pw_gid) == -1 ||
151 		    setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1 ||
152 		    setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1)
153 			fatal("cannot drop privileges");
154 	}
155 
156 	if (getuid() == 0)
157 		log_warn(NULL,
158 		    "not a good idea to run a network daemon as root");
159 }
160 
161 static void
162 usage(void)
163 {
164 	fprintf(stderr,
165 	    "Version: " GMID_STRING "\n"
166 	    "Usage: %s [-fnv] [-c config] [-D macro=value] [-P pidfile]\n",
167 	    getprogname());
168 }
169 
170 static void
171 logger_init(void)
172 {
173 	int p[2];
174 
175 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, p) == -1)
176 		err(1, "socketpair");
177 
178 	switch (fork()) {
179 	case -1:
180 		err(1, "fork");
181 	case 0:
182 		signal(SIGHUP, SIG_IGN);
183 		close(p[0]);
184 		setproctitle("logger");
185 		imsg_init(&logibuf, p[1]);
186 		drop_priv();
187 		_exit(logger_main(p[1], &logibuf));
188 	default:
189 		close(p[1]);
190 		imsg_init(&logibuf, p[0]);
191 		return;
192 	}
193 }
194 
195 static void
196 serve(void)
197 {
198 	int i, p[2];
199 
200 	for (i = 0; i < conf.prefork; ++i) {
201 		if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC,
202 		    PF_UNSPEC, p) == -1)
203 			fatal("socketpair");
204 
205 		switch (fork()) {
206 		case -1:
207 			fatal("fork");
208 		case 0:		/* child */
209 			close(p[0]);
210 			imsg_init(&servibuf[i], p[1]);
211 			setproctitle("server");
212 			_exit(server_main(&servibuf[i], sock4, sock6));
213 		default:
214 			close(p[1]);
215 			imsg_init(&servibuf[i], p[0]);
216 		}
217 	}
218 }
219 
220 static int
221 write_pidfile(const char *pidfile)
222 {
223 	struct flock	lock;
224 	int		fd;
225 
226 	if (pidfile == NULL)
227 		return -1;
228 
229 	if ((fd = open(pidfile, O_WRONLY|O_CREAT|O_CLOEXEC, 0600)) == -1)
230 		fatal("can't open pidfile %s", pidfile);
231 
232 	lock.l_start = 0;
233 	lock.l_len = 0;
234 	lock.l_type = F_WRLCK;
235 	lock.l_whence = SEEK_SET;
236 
237 	if (fcntl(fd, F_SETLK, &lock) == -1)
238 		fatalx("can't lock %s, gmid is already running?", pidfile);
239 
240 	if (ftruncate(fd, 0) == -1)
241 		fatal("ftruncate %s", pidfile);
242 
243 	dprintf(fd, "%d\n", getpid());
244 
245 	return fd;
246 }
247 
248 int
249 main(int argc, char **argv)
250 {
251 	int i, ch, conftest = 0;
252 	int pidfd, old_ipv6, old_port;
253 
254 	setlocale(LC_CTYPE, "");
255 
256 	logger_init();
257 	config_init();
258 
259 	while ((ch = getopt_long(argc, argv, opts, longopts, NULL)) != -1) {
260 		switch (ch) {
261 		case 'c':
262 			config_path = absolutify_path(optarg);
263 			break;
264 		case 'D':
265 			if (cmdline_symset(optarg) == -1)
266 				fatalx("could not parse macro definition: %s",
267 				    optarg);
268 			break;
269 		case 'f':
270 			conf.foreground = 1;
271 			break;
272 		case 'h':
273 			usage();
274 			return 0;
275 		case 'n':
276 			conftest++;
277 			break;
278 		case 'P':
279 			pidfile = optarg;
280 			break;
281 		case 'V':
282 			puts("Version: " GMID_STRING);
283 			return 0;
284 		case 'v':
285 			conf.verbose++;
286 			break;
287 		default:
288 			usage();
289 			return 1;
290 		}
291 	}
292 	argc -= optind;
293 	argv += optind;
294 
295 	if (argc != 0)
296 		usage();
297 
298 	parse_conf(config_path);
299 
300 	if (conftest) {
301 		fprintf(stderr, "config OK\n");
302 		if (conftest > 1)
303 			print_conf();
304 		return 0;
305 	}
306 
307 	if (!conf.foreground) {
308 		/* log to syslog */
309 		imsg_compose(&logibuf, IMSG_LOG_TYPE, 0, 0, -1, NULL, 0);
310 		imsg_flush(&logibuf);
311 
312 		if (daemon(1, 1) == -1)
313 			fatal("daemon");
314 	}
315 
316 	sock4 = make_socket(conf.port, AF_INET);
317 	sock6 = -1;
318 	if (conf.ipv6)
319 		sock6 = make_socket(conf.port, AF_INET6);
320 
321 	signal(SIGPIPE, SIG_IGN);
322 
323 	pidfd = write_pidfile(pidfile);
324 
325 	/*
326 	 * Linux seems to call the event handlers even when we're
327 	 * doing a sigwait.  These dummy handlers are here to avoid
328 	 * being terminated on SIGHUP, SIGINT or SIGTERM.
329 	 */
330 	signal(SIGHUP, dummy_handler);
331 	signal(SIGINT, dummy_handler);
332 	signal(SIGTERM, dummy_handler);
333 
334 	/* wait a sighup and reload the daemon */
335 	for (;;) {
336 		serve();
337 
338 		if (!wait_signal())
339 			break;
340 
341 		log_info(NULL, "reloading configuration %s", config_path);
342 
343 		/* close the servers */
344 		for (i = 0; i < conf.prefork; ++i) {
345 			imsg_compose(&servibuf[i], IMSG_QUIT, 0, 0, -1,
346 			    NULL, 0);
347 			imsg_flush(&servibuf[i]);
348 			close(servibuf[i].fd);
349 		}
350 
351 		old_ipv6 = conf.ipv6;
352 		old_port = conf.port;
353 
354 		config_free();
355 		config_init();
356 		parse_conf(config_path);
357 
358 		if (old_port != conf.port) {
359 			close(sock4);
360 			close(sock6);
361 			sock4 = -1;
362 			sock6 = -1;
363 		}
364 
365 		if (sock6 != -1 && old_ipv6 != conf.ipv6) {
366 			close(sock6);
367 			sock6 = -1;
368 		}
369 
370 		if (sock4 == -1)
371 			sock4 = make_socket(conf.port, AF_INET);
372 		if (sock6 == -1 && conf.ipv6)
373 			sock6 = make_socket(conf.port, AF_INET6);
374 	}
375 
376 	for (i = 0; i < conf.prefork; ++i) {
377 		imsg_compose(&servibuf[i], IMSG_QUIT, 0, 0, -1, NULL, 0);
378 		imsg_flush(&servibuf[i]);
379 		close(servibuf[i].fd);
380 	}
381 
382 	imsg_compose(&logibuf, IMSG_QUIT, 0, 0, -1, NULL, 0);
383 	imsg_flush(&logibuf);
384 	close(logibuf.fd);
385 
386 	if (pidfd != -1)
387 		close(pidfd);
388 
389 	return 0;
390 }