2 * Copyright (c) 2022 Omar Polo <op@omarpolo.com>
3 * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 #include <sys/types.h>
19 #include <sys/queue.h>
21 #include <sys/socket.h>
24 #include <netinet/in.h>
25 #include <arpa/inet.h>
47 static int parent_configure(struct galileo *);
48 static void parent_configure_done(struct galileo *);
49 static void parent_reload(struct galileo *);
50 static void parent_sig_handler(int, short, void *);
51 static int parent_dispatch_proxy(int, struct privsep_proc *,
53 static __dead void parent_shutdown(struct galileo *);
55 static struct privsep_proc procs[] = {
56 { "proxy", PROC_PROXY, parent_dispatch_proxy, proxy },
61 const char *conffile = CONF_FILE;
66 fprintf(stderr, "usage: %s [-dnv] [-D macro=value] [-f file]",
72 main(int argc, char **argv)
77 const char *title = NULL;
79 int conftest = 0, debug = 0, verbose = 0;
81 int proc_id = PROC_PARENT;
82 int proc_instance = 0;
84 setlocale(LC_CTYPE, "");
86 /* log to stderr until daemonized */
87 log_init(1, LOG_DAEMON);
88 log_setverbose(verbose);
90 while ((ch = getopt(argc, argv, "D:df:I:nP:v")) != -1) {
93 if (cmdline_symset(optarg) < 0)
94 log_warnx("could not parse macro definition %s",
104 proc_instance = strtonum(optarg, 0, PROC_MAX_INSTANCES,
107 fatalx("invalid process instance");
114 proc_id = proc_getid(procs, nitems(procs), title);
115 if (proc_id == PROC_MAX)
116 fatalx("invalid process name");
130 fatalx("need root privileges");
132 log_setverbose(verbose);
134 env = xcalloc(1, sizeof(*env));
136 if (parse_config(conffile, env) == -1)
140 fprintf(stderr, "configuration OK\n");
144 ps = xcalloc(1, sizeof(*ps));
147 if ((ps->ps_pw = getpwnam(GALILEO_USER)) == NULL)
148 fatalx("unknown user %s", GALILEO_USER);
150 ps->ps_instances[PROC_PROXY] = env->sc_prefork;
151 ps->ps_instance = proc_instance;
153 ps->ps_title[proc_id] = title;
155 if (*env->sc_chroot == '\0') {
156 if (strlcpy(env->sc_chroot, ps->ps_pw->pw_dir,
157 sizeof(env->sc_chroot)) >= sizeof(env->sc_chroot))
158 fatalx("chroot path too long!");
161 for (i = 0; i < nitems(procs); ++i)
162 procs[i].p_chroot = env->sc_chroot;
164 /* only the parent returns */
165 proc_init(ps, procs, nitems(procs), debug, argc0, argv, proc_id);
167 log_procinit("parent");
168 if (!debug && daemon(0, 0) == -1)
169 fatal("failed to daemonize");
171 log_init(debug, LOG_DAEMON);
175 /* if (pledge("stdio rpath wpath cpath unix fattr sendfd", NULL) == -1) */
176 /* fatal("pledge"); */
180 signal(SIGPIPE, SIG_IGN);
182 signal_set(&ps->ps_evsigint, SIGINT, parent_sig_handler, ps);
183 signal_set(&ps->ps_evsigterm, SIGTERM, parent_sig_handler, ps);
184 signal_set(&ps->ps_evsigchld, SIGCHLD, parent_sig_handler, ps);
185 signal_set(&ps->ps_evsighup, SIGHUP, parent_sig_handler, ps);
187 signal_add(&ps->ps_evsigint, NULL);
188 signal_add(&ps->ps_evsigterm, NULL);
189 signal_add(&ps->ps_evsigchld, NULL);
190 signal_add(&ps->ps_evsighup, NULL);
194 if (parent_configure(env) == -1)
195 fatalx("configuration failed");
199 parent_shutdown(env);
206 parent_configure(struct galileo *env)
211 TAILQ_FOREACH(srv, &env->sc_servers, srv_entry) {
212 if (config_setserver(env, srv) == -1)
213 fatal("send server");
216 /* XXX: eventually they will be more than just one */
217 if (config_setsock(env) == -1)
218 fatal("send socket");
220 /* The servers need to reload their config. */
221 env->sc_reload = env->sc_prefork;
223 for (id = 0; id < PROC_MAX; id++) {
224 if (id == privsep_process)
226 proc_compose(env->sc_ps, id, IMSG_CFG_DONE, env, sizeof(env));
234 parent_configure_done(struct galileo *env)
238 if (env->sc_reload == 0) {
239 log_warnx("configuration already finished");
244 if (env->sc_reload == 0) {
245 for (id = 0; id < PROC_MAX; ++id) {
246 if (id == privsep_process)
249 proc_compose(env->sc_ps, id, IMSG_CTL_START, NULL, 0);
255 parent_reload(struct galileo *env)
257 if (env->sc_reload) {
258 log_debug("%s: already in progress: %d pending",
259 __func__, env->sc_reload);
262 log_debug("%s: config file %s", __func__, conffile);
266 if (parse_config(conffile, env) == -1) {
267 log_warnx("failed to load config file: %s", conffile);
271 config_setreset(env);
272 parent_configure(env);
276 parent_sig_handler(int sig, short ev, void *arg)
278 struct privsep *ps = arg;
281 * Normal signal handler rules don't apply because libevent
287 if (privsep_process != PROC_PARENT)
289 log_info("reload requested with SIGHUP");
290 parent_reload(ps->ps_env);
293 log_warnx("one child died, quitting.");
296 parent_shutdown(ps->ps_env);
299 fatalx("unexpected signal %d", sig);
304 parent_dispatch_proxy(int fd, struct privsep_proc *p, struct imsg *imsg)
306 struct privsep *ps = p->p_ps;
307 struct galileo *env = ps->ps_env;
309 switch (imsg->hdr.type) {
311 parent_configure_done(env);
321 parent_shutdown(struct galileo *env)
325 proc_kill(env->sc_ps);
330 log_info("parent terminating, pid %d", getpid());
335 accept_reserve(int sockfd, struct sockaddr *addr, socklen_t *addrlen,
336 int reserve, volatile int *counter)
339 if (getdtablecount() + reserve +
340 *counter >= getdtablesize()) {
345 if ((ret = accept4(sockfd, addr, addrlen, SOCK_NONBLOCK)) > -1) {
347 log_debug("%s: inflight incremented, now %d",__func__, *counter);