2 * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
3 * Copyright (c) 2018 Florian Obser <florian@openbsd.org>
4 * Copyright (c) 2005 Claudio Jeker <claudio@openbsd.org>
5 * Copyright (c) 2004 Esben Norby <norby@openbsd.org>
6 * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
8 * Permission to use, copy, modify, and distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 #include <sys/socket.h>
24 #include <arpa/inet.h>
25 #include <netinet/in.h>
52 const char *saved_argv0;
53 static int debug, nflag;
56 ATTR_DEAD void usage(void);
58 void main_sig_handler(int, short, void *);
59 void main_dispatch_listener(int, short, void *);
60 int main_reload(void);
61 int main_imsg_send_config(struct kd_conf *);
62 void main_dispatch_listener(int, short, void *);
63 ATTR_DEAD void main_shutdown(void);
65 static pid_t start_child(enum kd_process, int, int, int);
67 struct kd_conf *main_conf;
68 static struct imsgev *iev_listener;
76 fprintf(stderr, "usage: %s [-dnv] [-f file] [-s socket]\n",
82 main(int argc, char **argv)
84 struct event ev_sigint, ev_sigterm, ev_sighup;
86 int listener_flag = 0, client_flag = 0;
87 int pipe_main2listener[2];
91 conffile = KD_CONF_FILE;
94 log_init(1, LOG_DAEMON); /* Log to stderr until deamonized. */
97 saved_argv0 = argv[0];
98 if (saved_argv0 == NULL)
99 saved_argv0 = "kamid";
101 while ((ch = getopt(argc, argv, "D:df:nsT:v")) != -1) {
104 if (cmdline_symset(optarg) == -1)
105 log_warnx("could not parse macro definition %s",
129 fatalx("invalid process spec %c", *optarg);
142 if (argc > 0 || (listener_flag && client_flag))
146 client(debug, verbose);
147 else if (listener_flag)
148 listener(debug, verbose);
150 if ((main_conf = parse_config(conffile)) == NULL)
154 fprintf(stderr, "configuration OK\n");
158 /* Check for root privileges. */
160 fatalx("need root privileges");
162 /* Check for assigned daemon user. */
163 if (getpwnam(KD_USER) == NULL)
164 fatalx("unknown user %s", KD_USER);
166 log_init(debug, LOG_DAEMON);
167 log_setverbose(verbose);
174 if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC | SOCK_NONBLOCK,
175 PF_UNSPEC, pipe_main2listener) == -1)
176 fatal("main2listener socketpair");
178 /* Start children. */
179 listener_pid = start_child(PROC_LISTENER, pipe_main2listener[1],
182 log_procinit("main");
186 /* Setup signal handler */
187 signal_set(&ev_sigint, SIGINT, main_sig_handler, NULL);
188 signal_set(&ev_sigterm, SIGTERM, main_sig_handler, NULL);
189 signal_set(&ev_sighup, SIGHUP, main_sig_handler, NULL);
191 signal_add(&ev_sigint, NULL);
192 signal_add(&ev_sigterm, NULL);
193 signal_add(&ev_sighup, NULL);
195 signal(SIGCHLD, SIG_IGN);
196 signal(SIGPIPE, SIG_IGN);
198 if ((iev_listener = malloc(sizeof(*iev_listener))) == NULL)
200 imsg_init(&iev_listener->ibuf, pipe_main2listener[0]);
201 iev_listener->handler = main_dispatch_listener;
203 /* Setup event handlers for pipes to listener. */
204 iev_listener->events = EV_READ;
205 event_set(&iev_listener->ev, iev_listener->ibuf.fd,
206 iev_listener->events, iev_listener->handler, iev_listener);
207 event_add(&iev_listener->ev, NULL);
209 if ((control_fd = control_init(csock)) == -1)
210 fatalx("control socket setup failed");
212 main_imsg_compose_listener(IMSG_CONTROLFD, control_fd, 0,
214 main_imsg_send_config(main_conf);
225 main_sig_handler(int sig, short event, void *arg)
228 * Normal signal handler rules don't apply because libevent
238 if (main_reload() == -1)
239 log_warnx("configuration reload failed");
241 log_debug("configuration reloaded");
244 fatalx("unexpected signal %d", sig);
248 static inline struct table *
249 auth_table_by_id(uint32_t id)
251 struct kd_listen_conf *listen;
253 STAILQ_FOREACH(listen, &main_conf->listen_head, entry) {
254 if (listen->id == id)
255 return listen->auth_table;
262 do_auth_tls(struct imsg *imsg)
264 char *username = NULL;
267 struct kd_auth_req auth;
270 if (sizeof(auth) != IMSG_DATA_SIZE(*imsg))
271 fatal("wrong size for IMSG_AUTH_TLS: "
272 "got %lu; want %lu", IMSG_DATA_SIZE(*imsg),
274 memcpy(&auth, imsg->data, sizeof(auth));
276 if (memmem(auth.hash, sizeof(auth.hash), "", 1) == NULL)
277 fatal("non NUL-terminated hash received");
279 log_debug("tls id=%u hash=%s", auth.listen_id, auth.hash);
281 if ((t = auth_table_by_id(auth.listen_id)) == NULL)
282 fatal("request for invalid listener id %d", imsg->hdr.pid);
284 if (table_lookup(t, auth.hash, &username) == -1) {
285 log_warnx("login failed for hash %s", auth.hash);
289 log_debug("matched local user %s", username);
291 if ((pw = getpwnam(username)) == NULL) {
292 log_warnx("getpwnam(%s) failed", username);
296 if (socketpair(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK,
300 start_child(PROC_CLIENTCONN, p[1], debug, verbose);
302 main_imsg_compose_listener(IMSG_AUTH, p[0], imsg->hdr.peerid,
303 username, strlen(username)+1);
304 main_imsg_compose_listener(IMSG_AUTH_DIR, -1, imsg->hdr.peerid,
305 pw->pw_dir, strlen(pw->pw_dir)+1);
312 main_imsg_compose_listener(IMSG_AUTH, -1, imsg->hdr.peerid,
317 main_dispatch_listener(int fd, short event, void *d)
319 struct imsgev *iev = d;
320 struct imsgbuf *ibuf;
327 if (event & EV_READ) {
328 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
329 fatal("imsg_read error");
330 if (n == 0) /* Connection closed. */
333 if (event & EV_WRITE) {
334 if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN)
335 fatal("msgbuf_write");
336 if (n == 0) /* Connection closed. */
341 if ((n = imsg_get(ibuf, &imsg)) == -1)
343 if (n == 0) /* No more messages. */
346 switch (imsg.hdr.type) {
351 log_debug("%s: error handling imsg %d", __func__,
360 /* This pipe is dead. Remove its event handler. */
362 event_loopexit(NULL);
369 struct kd_conf *xconf;
371 if ((xconf = parse_config(conffile)) == NULL)
374 if (main_imsg_send_config(xconf) == -1)
377 merge_config(main_conf, xconf);
383 make_socket_for(struct kd_listen_conf *l)
385 struct sockaddr_in addr4;
389 memset(&addr4, 0, sizeof(addr4));
390 addr4.sin_family = AF_INET;
391 addr4.sin_port = htons(l->port);
392 addr4.sin_addr.s_addr = INADDR_ANY;
394 if ((fd = socket(AF_INET, SOCK_STREAM, 0)) == -1)
398 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &v, sizeof(v)) == -1)
399 fatal("setsockopt(SO_REUSEADDR)");
402 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &v, sizeof(v)) == -1)
403 fatal("setsockopt(SO_REUSEPORT)");
406 if (bind(fd, (struct sockaddr *)&addr4, len) == -1)
407 fatal("bind(%s, %d)", l->iface, l->port);
409 if (listen(fd, 16) == -1)
410 fatal("l(%s, %d)", l->iface, l->port);
416 main_imsg_send_config(struct kd_conf *xconf)
418 struct kd_pki_conf *pki;
419 struct kd_listen_conf *listen;
421 #define SEND(type, fd, data, len) do { \
422 if (main_imsg_compose_listener(type, fd, 0, data, len) \
427 /* Send fixed part of config to children. */
428 SEND(IMSG_RECONF_CONF, -1, xconf, sizeof(*xconf));
430 STAILQ_FOREACH(pki, &xconf->pki_head, entry) {
431 log_debug("sending pki %s", pki->name);
432 SEND(IMSG_RECONF_PKI, -1, pki->name, sizeof(pki->name));
433 SEND(IMSG_RECONF_PKI_CERT, -1, pki->cert, pki->certlen);
434 SEND(IMSG_RECONF_PKI_KEY, -1, pki->key, pki->keylen);
437 STAILQ_FOREACH(listen, &xconf->listen_head, entry) {
438 log_debug("sending listen on port %d", listen->port);
439 SEND(IMSG_RECONF_LISTEN, make_socket_for(listen), listen,
443 SEND(IMSG_RECONF_END, -1, NULL, 0);
450 merge_config(struct kd_conf *conf, struct kd_conf *xconf)
458 config_new_empty(void)
460 struct kd_conf *xconf;
462 if ((xconf = calloc(1, sizeof(*xconf))) == NULL)
465 /* set default values */
471 config_clear(struct kd_conf *conf)
473 struct kd_conf *xconf;
475 /* Merge current config with an empty one. */
476 xconf = config_new_empty();
477 merge_config(conf, xconf);
489 config_clear(main_conf);
491 log_debug("waiting for children to terminate");
495 if (errno != EINTR && errno != ECHILD)
497 } else if (WIFSIGNALED(status))
498 log_warnx("%s terminated; signal %d",
499 (pid == listener_pid) ? "logger" : "clientconn",
501 } while (pid != -1 || (pid == -1 && errno == EINTR));
505 log_info("terminating");
510 start_child(enum kd_process p, int fd, int debug, int verbose)
516 switch (pid = fork()) {
518 fatal("cannot fork");
527 if (dup2(fd, 3) == -1)
528 fatal("cannot setup imsg fd");
529 } else if (fcntl(F_SETFD, 0) == -1)
530 fatal("cannot setup imsg fd");
532 argv[argc++] = saved_argv0;
535 fatalx("Can not start main process");
537 argv[argc++] = "-Tl";
539 case PROC_CLIENTCONN:
540 argv[argc++] = "-Tc";
550 execvp(saved_argv0, (char *const *)argv);
555 main_imsg_compose_listener(int type, int fd, uint32_t peerid,
556 const void *data, uint16_t datalen)
559 return imsg_compose_event(iev_listener, type, peerid, 0,