1 /*
2  * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
3  * Copyright (c) 2018 Florian Obser <florian@openbsd.org>
4  * Copyright (c) 2005 Claudio Jeker <claudio@openbsd.org>
5  * Copyright (c) 2004 Esben Norby <norby@openbsd.org>
6  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
7  *
8  * Permission to use, copy, modify, and distribute this software for any
9  * purpose with or without fee is hereby granted, provided that the above
10  * copyright notice and this permission notice appear in all copies.
11  *
12  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19  */
20 
21 #include "compat.h"
22 
23 #include <sys/socket.h>
24 #include <sys/types.h>
25 #include <sys/uio.h>
26 #include <sys/wait.h>
27 
28 #include <arpa/inet.h>
29 #include <netinet/in.h>
30 
31 #include <errno.h>
32 #include <fcntl.h>
33 #include <pwd.h>
34 #include <signal.h>
35 #include <stdint.h>
36 #include <stdio.h>
37 #include <stdlib.h>
38 #include <string.h>
39 #include <syslog.h>
40 #include <unistd.h>
41 
42 #include "client.h"
43 #include "control.h"
44 #include "kamid.h"
45 #include "listener.h"
46 #include "log.h"
47 #include "sandbox.h"
48 #include "table.h"
49 #include "utils.h"
50 
51 enum kd_process {
52 	PROC_MAIN,
53 	PROC_LISTENER,
54 	PROC_CLIENTCONN,
55 };
56 
57 const char	*saved_argv0;
58 static int	 debug, nflag;
59 int		 verbose;
60 
61 __dead void	usage(void);
62 
63 void		main_sig_handler(int, short, void *);
64 void		main_dispatch_listener(int, short, void *);
65 int		main_reload(void);
66 int		main_imsg_send_config(struct kd_conf *);
67 void		main_dispatch_listener(int, short, void *);
68 __dead void	main_shutdown(void);
69 
70 static pid_t	start_child(enum kd_process, int, int, int);
71 
72 struct kd_conf		*main_conf;
73 static struct imsgev	*iev_listener;
74 const char		*conffile;
75 pid_t			 listener_pid;
76 uint32_t		 cmd_opts;
77 
78 __dead void
79 usage(void)
80 {
81 	fprintf(stderr, "usage: %s [-dnv] [-f file] [-s socket]\n",
82 	    getprogname());
83 	exit(1);
84 }
85 
86 int
87 main(int argc, char **argv)
88 {
89 	struct event	 ev_sigint, ev_sigterm, ev_sighup;
90 	int		 ch;
91 	int		 listener_flag = 0, client_flag = 0;
92 	int		 pipe_main2listener[2];
93 	int		 control_fd;
94 	const char	*csock;
95 
96 	conffile = KD_CONF_FILE;
97 	csock = KD_SOCKET;
98 
99 	log_init(1, LOG_DAEMON);	/* Log to stderr until deamonized. */
100 	log_setverbose(1);
101 
102 	saved_argv0 = argv[0];
103 	if (saved_argv0 == NULL)
104 		saved_argv0 = "kamid";
105 
106 	while ((ch = getopt(argc, argv, "D:df:nsT:v")) != -1) {
107 		switch (ch) {
108 		case 'D':
109 			if (cmdline_symset(optarg) == -1)
110                                 log_warnx("could not parse macro definition %s",
111 					optarg);
112 			break;
113 		case 'd':
114 			debug = 1;
115 			break;
116 		case 'f':
117 			conffile = optarg;
118 			break;
119 		case 'n':
120 			nflag = 1;
121 			break;
122 		case 's':
123 			csock = optarg;
124 			break;
125 		case 'T':
126 			switch (*optarg) {
127 			case 'c':
128 				client_flag = 1;
129 				break;
130 			case 'l':
131 				listener_flag = 1;
132 				break;
133 			default:
134 				fatalx("invalid process spec %c", *optarg);
135 			}
136 			break;
137 		case 'v':
138 			verbose = 1;
139 			break;
140 		default:
141 			usage();
142 		}
143 	}
144 
145 	argc -= optind;
146 	argv += optind;
147 	if (argc > 0 || (listener_flag && client_flag))
148 		usage();
149 
150 	if (client_flag)
151 		client(debug, verbose);
152 	else if (listener_flag)
153 		listener(debug, verbose);
154 
155 	if ((main_conf = parse_config(conffile)) == NULL)
156 		exit(1);
157 
158 	if (nflag) {
159 		fprintf(stderr, "configuration OK\n");
160 		exit(0);
161 	}
162 
163 	/* Check for root privileges. */
164         if (geteuid())
165                 fatalx("need root privileges");
166 
167 	/* Check for assigned daemon user. */
168 	if (getpwnam(KD_USER) == NULL)
169 		fatalx("unknown user %s", KD_USER);
170 
171 	log_init(debug, LOG_DAEMON);
172 	log_setverbose(verbose);
173 
174 	if (!debug)
175 		daemon(1, 0);
176 
177 	log_info("startup");
178 
179 	if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC | SOCK_NONBLOCK,
180 	    PF_UNSPEC, pipe_main2listener) == -1)
181 		fatal("main2listener socketpair");
182 
183 	/* Start children. */
184 	listener_pid = start_child(PROC_LISTENER, pipe_main2listener[1],
185 	    debug, verbose);
186 
187 	log_procinit("main");
188 
189 	event_init();
190 
191 	/* Setup signal handler */
192 	signal_set(&ev_sigint, SIGINT, main_sig_handler, NULL);
193 	signal_set(&ev_sigterm, SIGTERM, main_sig_handler, NULL);
194 	signal_set(&ev_sighup, SIGHUP, main_sig_handler, NULL);
195 
196 	signal_add(&ev_sigint, NULL);
197 	signal_add(&ev_sigterm, NULL);
198 	signal_add(&ev_sighup, NULL);
199 
200 	signal(SIGCHLD, SIG_IGN);
201 	signal(SIGPIPE, SIG_IGN);
202 
203 	if ((iev_listener = malloc(sizeof(*iev_listener))) == NULL)
204 		fatal(NULL);
205 	imsg_init(&iev_listener->ibuf, pipe_main2listener[0]);
206 	iev_listener->handler = main_dispatch_listener;
207 
208 	/* Setup event handlers for pipes to listener. */
209 	iev_listener->events = EV_READ;
210 	event_set(&iev_listener->ev, iev_listener->ibuf.fd,
211 	    iev_listener->events, iev_listener->handler, iev_listener);
212 	event_add(&iev_listener->ev, NULL);
213 
214 	if ((control_fd = control_init(csock)) == -1)
215 		fatalx("control socket setup failed");
216 	control_listen(control_fd);
217 
218 	main_imsg_send_config(main_conf);
219 
220 	sandbox_main();
221 
222 	event_dispatch();
223 
224 	main_shutdown();
225 	return 0;
226 }
227 
228 void
229 main_sig_handler(int sig, short event, void *arg)
230 {
231 	/*
232 	 * Normal signal handler rules don't apply because libevent
233 	 * decouples for us.
234 	 */
235 
236 	switch (sig) {
237 	case SIGTERM:
238 	case SIGINT:
239 		main_shutdown();
240 		break;
241 	case SIGHUP:
242 		if (main_reload() == -1)
243 			log_warnx("configuration reload failed");
244 		else
245 			log_debug("configuration reloaded");
246 		break;
247 	default:
248 		fatalx("unexpected signal %d", sig);
249 	}
250 }
251 
252 static inline struct table *
253 auth_table_by_id(uint32_t id)
254 {
255 	struct kd_listen_conf *listen;
256 
257 	STAILQ_FOREACH(listen, &main_conf->listen_head, entry) {
258 		if (listen->id == id)
259 			return listen->auth_table;
260 	}
261 
262 	return NULL;
263 }
264 
265 static inline struct table *
266 virtual_table_by_id(uint32_t id)
267 {
268 	struct kd_listen_conf *listen;
269 
270 	STAILQ_FOREACH(listen, &main_conf->listen_head, entry) {
271 		if (listen->id == id)
272 			return listen->virtual_table;
273 	}
274 
275 	return NULL;
276 }
277 
278 static inline struct table *
279 userdata_table_by_id(uint32_t id)
280 {
281 	struct kd_listen_conf *listen;
282 
283 	STAILQ_FOREACH(listen, &main_conf->listen_head, entry) {
284 		if (listen->id == id)
285 			return listen->userdata_table;
286 	}
287 
288 	return NULL;
289 }
290 
291 static inline void
292 do_auth_tls(struct imsg *imsg)
293 {
294 	char *username = NULL, *user = NULL, *home = NULL, *local_user;
295 	struct passwd *pw;
296 	struct table *auth, *virt, *userdata;
297 	struct kd_auth_req kauth;
298 	struct kd_auth_proc rauth;
299 	int p[2], free_home = 1;
300 
301 	if (sizeof(kauth) != IMSG_DATA_SIZE(*imsg))
302 		fatal("wrong size for IMSG_AUTH_TLS: "
303 		    "got %lu; want %lu", IMSG_DATA_SIZE(*imsg),
304 		    sizeof(kauth));
305 	memcpy(&kauth, imsg->data, sizeof(kauth));
306 
307 	if (memmem(kauth.hash, sizeof(kauth.hash), "", 1) == NULL)
308                 fatal("non NUL-terminated hash received");
309 
310 	log_debug("tls id=%u hash=%s", kauth.listen_id, kauth.hash);
311 
312 	if ((auth = auth_table_by_id(kauth.listen_id)) == NULL)
313 		fatal("request for invalid listener id %d", imsg->hdr.pid);
314 
315 	virt = virtual_table_by_id(kauth.listen_id);
316 	userdata = userdata_table_by_id(kauth.listen_id);
317 
318 	if (table_lookup(auth, kauth.hash, &username) == -1) {
319 		log_warnx("login failed for hash %s", kauth.hash);
320 		goto err;
321 	}
322 
323 	if (virt != NULL && table_lookup(virt, username, &user) == -1) {
324 		log_warnx("virtual lookup failed for user %s", username);
325 		goto err;
326 	}
327 
328 	/* the local user */
329 	local_user = user != NULL ? user : username;
330 
331 	if (user != NULL)
332 		log_debug("virtual user %s matched local user %s",
333 		    username, user);
334 	else
335 		log_debug("matched local user %s", username);
336 
337 	if (userdata != NULL && table_lookup(userdata, username, &home)
338 	    == -1) {
339 		log_warnx("userdata lookup failed for user %s", username);
340 		goto err;
341 	} else if (userdata == NULL) {
342 		if ((pw = getpwnam(local_user)) == NULL) {
343 			log_warnx("getpwnam(%s) failed", local_user);
344 			goto err;
345 		}
346 
347 		free_home = 0;
348 		home = pw->pw_dir;
349 	}
350 
351 	if (user != NULL)
352 		log_debug("matched home %s for virtual user %s",
353 		    home, username);
354 	else
355 		log_debug("matched home %s for local user %s",
356 		    home, username);
357 
358 	memset(&rauth, 0, sizeof(rauth));
359 	strlcpy(rauth.uname, local_user, sizeof(rauth.uname));
360 	if (strlcpy(rauth.dir, home, sizeof(rauth.dir)) >= sizeof(rauth.dir)) {
361 		log_warnx("home for %s is bigger than PATH_MAX: %s",
362 		    username, home);
363 		goto err;
364 	}
365 
366 	if (socketpair(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK,
367 	    PF_UNSPEC, p) == -1)
368 		fatal("socketpair");
369 
370 	start_child(PROC_CLIENTCONN, p[1], debug, verbose);
371 
372 	main_imsg_compose_listener(IMSG_AUTH, p[0], imsg->hdr.peerid,
373 	    &rauth, sizeof(rauth));
374 
375 	free(username);
376 	free(user);
377 	if (free_home)
378 		free(home);
379 	return;
380 
381 err:
382 	free(username);
383 	free(user);
384 	if (free_home)
385 		free(home);
386 	memset(&rauth, 0, sizeof(rauth));
387 	main_imsg_compose_listener(IMSG_AUTH, -1, imsg->hdr.peerid,
388 	    &rauth, sizeof(rauth));
389 }
390 
391 void
392 main_dispatch_listener(int fd, short event, void *d)
393 {
394 	struct imsgev	*iev = d;
395 	struct imsgbuf	*ibuf;
396 	struct imsg	 imsg;
397 	ssize_t		 n;
398 	int		 shut = 0;
399 
400 	ibuf = &iev->ibuf;
401 
402 	if (event & EV_READ) {
403 		if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
404 			fatal("imsg_read error");
405 		if (n == 0)	/* Connection closed. */
406 			shut = 1;
407 	}
408 	if (event & EV_WRITE) {
409 		if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN)
410 			fatal("msgbuf_write");
411 		if (n == 0)	/* Connection closed. */
412 			shut = 1;
413 	}
414 
415 	for (;;) {
416 		if ((n = imsg_get(ibuf, &imsg)) == -1)
417 			fatal("imsg_get");
418 		if (n == 0)	/* No more messages. */
419 			break;
420 
421 		switch (imsg.hdr.type) {
422 		case IMSG_AUTH_TLS:
423 			do_auth_tls(&imsg);
424 			break;
425 		case IMSG_CTL_DEBUG_BACK:
426 		case IMSG_CTL_DEBUG_END:
427 			control_imsg_relay(&imsg);
428 			break;
429 		default:
430 			log_debug("%s: error handling imsg %d", __func__,
431 				imsg.hdr.type);
432 			break;
433 		}
434 		imsg_free(&imsg);
435 	}
436 	if (!shut)
437 		imsg_event_add(iev);
438 	else {
439 		/* This pipe is dead.  Remove its event handler. */
440 		event_del(&iev->ev);
441 		event_loopexit(NULL);
442 	}
443 }
444 
445 int
446 main_reload(void)
447 {
448 	struct kd_conf *xconf;
449 
450 	if ((xconf = parse_config(conffile)) == NULL)
451 		return -1;
452 
453 	if (main_imsg_send_config(xconf) == -1)
454 		return -1;
455 
456 	/* replace old configuration with the new one */
457 	clear_config(main_conf);
458 	main_conf = xconf;
459 
460 	return 0;
461 }
462 
463 static inline int
464 make_socket_for(struct kd_listen_conf *l)
465 {
466 	struct sockaddr_in	addr4;
467 	size_t			len;
468 	int			fd, v;
469 
470 	memset(&addr4, 0, sizeof(addr4));
471 	addr4.sin_family = AF_INET;
472 	addr4.sin_port = htons(l->port);
473 	addr4.sin_addr.s_addr = INADDR_ANY;
474 
475 	if ((fd = socket(AF_INET, SOCK_STREAM, 0)) == -1)
476 		fatal("socket");
477 
478 	v = 1;
479 	if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &v, sizeof(v)) == -1)
480 		fatal("setsockopt(SO_REUSEADDR)");
481 
482 	v = 1;
483 	if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &v, sizeof(v)) == -1)
484 		fatal("setsockopt(SO_REUSEPORT)");
485 
486 	len = sizeof(addr4);
487 	if (bind(fd, (struct sockaddr *)&addr4, len) == -1)
488 		fatal("bind(%s, %d)", l->iface, l->port);
489 
490 	if (listen(fd, 16) == -1)
491 		fatal("l(%s, %d)", l->iface, l->port);
492 
493 	return fd;
494 }
495 
496 int
497 main_imsg_send_config(struct kd_conf *xconf)
498 {
499 	struct kd_pki_conf *pki;
500 	struct kd_listen_conf *listen;
501 
502 #define SEND(type, fd, data, len) do {					\
503 		if (main_imsg_compose_listener(type, fd, 0, data, len)	\
504 		    == -1)						\
505 			return -1;					\
506 	} while (0)
507 
508 	/* Send fixed part of config to children. */
509 	SEND(IMSG_RECONF_CONF, -1, xconf, sizeof(*xconf));
510 
511 	STAILQ_FOREACH(pki, &xconf->pki_head, entry) {
512 		log_debug("sending pki %s", pki->name);
513 		SEND(IMSG_RECONF_PKI, -1, pki->name, sizeof(pki->name));
514 		SEND(IMSG_RECONF_PKI_CERT, -1, pki->cert, pki->certlen);
515 		SEND(IMSG_RECONF_PKI_KEY, -1, pki->key, pki->keylen);
516 	}
517 
518 	STAILQ_FOREACH(listen, &xconf->listen_head, entry) {
519 		log_debug("sending listen on port %d", listen->port);
520 		SEND(IMSG_RECONF_LISTEN, make_socket_for(listen), listen,
521 		    sizeof(*listen));
522 	}
523 
524 	SEND(IMSG_RECONF_END, -1, NULL, 0);
525 	return 0;
526 
527 #undef SEND
528 }
529 
530 struct kd_conf *
531 config_new_empty(void)
532 {
533 	struct kd_conf *xconf;
534 
535 	if ((xconf = calloc(1, sizeof(*xconf))) == NULL)
536 		fatal(NULL);
537 
538 	/* set default values */
539 	STAILQ_INIT(&xconf->pki_head);
540 	STAILQ_INIT(&xconf->table_head);
541 	STAILQ_INIT(&xconf->listen_head);
542 
543 	return xconf;
544 }
545 
546 __dead void
547 main_shutdown(void)
548 {
549 	pid_t	pid;
550 	int	status;
551 
552 	/* close pipes. */
553 	msgbuf_clear(&iev_listener->ibuf.w);
554 	close(iev_listener->ibuf.fd);
555 	free(iev_listener);
556 
557 	log_debug("waiting for children to terminate");
558 	do {
559 		pid = wait(&status);
560 		if (pid == -1) {
561 			if (errno != EINTR && errno != ECHILD)
562 				fatal("wait");
563 		} else if (WIFSIGNALED(status))
564 			log_warnx("%s terminated; signal %d",
565 			    (pid == listener_pid) ? "logger" : "clientconn",
566 			    WTERMSIG(status));
567 	} while (pid != -1 || (pid == -1 && errno == EINTR));
568 
569 	log_info("terminating");
570 	exit(0);
571 }
572 
573 static pid_t
574 start_child(enum kd_process p, int fd, int debug, int verbose)
575 {
576 	const char	*argv[5];
577 	int		 argc = 0;
578 	pid_t		 pid;
579 
580 	switch (pid = fork()) {
581 	case -1:
582 		fatal("cannot fork");
583 	case 0:
584 		break;
585 	default:
586 		close(fd);
587 		return pid;
588 	}
589 
590 	if (fd != 3) {
591 		if (dup2(fd, 3) == -1)
592 			fatal("cannot setup imsg fd");
593 	} else if (fcntl(F_SETFD, 0) == -1)
594 		fatal("cannot setup imsg fd");
595 
596 	argv[argc++] = saved_argv0;
597 	switch (p) {
598 	case PROC_MAIN:
599 		fatalx("Can not start main process");
600 	case PROC_LISTENER:
601 		argv[argc++] = "-Tl";
602 		break;
603 	case PROC_CLIENTCONN:
604 		argv[argc++] = "-Tc";
605 		break;
606 	}
607 	if (debug)
608 		argv[argc++] = "-d";
609 	if (verbose)
610 		argv[argc++] = "-v";
611 	argv[argc++] = NULL;
612 
613 	/* really? */
614 	execvp(saved_argv0, (char *const *)argv);
615 	fatal("execvp");
616 }
617 
618 int
619 main_imsg_compose_listener(int type, int fd, uint32_t peerid,
620     const void *data, uint16_t datalen)
621 {
622 	if (iev_listener)
623 		return imsg_compose_event(iev_listener, type, peerid, 0,
624 		    fd, data, datalen);
625 	else
626 		return -1;
627 }