Annotation of fam/fam/Listener.c++, Revision 1.1.1.1
1.1 trev 1: // Copyright (C) 1999 Silicon Graphics, Inc. All Rights Reserved.
2: //
3: // This program is free software; you can redistribute it and/or modify it
4: // under the terms of version 2 of the GNU General Public License as
5: // published by the Free Software Foundation.
6: //
7: // This program is distributed in the hope that it would be useful, but
8: // WITHOUT ANY WARRANTY; without even the implied warranty of
9: // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Further, any
10: // license provided herein, whether implied or otherwise, is limited to
11: // this program in accordance with the express provisions of the GNU
12: // General Public License. Patent licenses, if any, provided herein do not
13: // apply to combinations of this program with other product or programs, or
14: // any other product whatsoever. This program is distributed without any
15: // warranty that the program is delivered free of the rightful claim of any
16: // third person by way of infringement or the like. See the GNU General
17: // Public License for more details.
18: //
19: // You should have received a copy of the GNU General Public License along
20: // with this program; if not, write the Free Software Foundation, Inc., 59
21: // Temple Place - Suite 330, Boston MA 02111-1307, USA.
22:
23: #include "Listener.h"
24:
25: #include <assert.h>
26: #include <fcntl.h>
27: #include <stdlib.h>
28: #include <sys/types.h>
29: #include <netinet/in.h>
30: #include <arpa/inet.h> // for inet_ntoa
31: #include <rpc/rpc.h>
32: #include <rpc/pmap_clnt.h>
33: #include <rpc/clnt.h>
34: #include <sys/ioctl.h>
35: #include <sys/socket.h>
36: #include <sys/stat.h>
37: #include <sys/un.h>
38: #include <unistd.h>
39:
40: #include <errno.h>
41:
42: #include "Log.h"
43: #include "LocalClient.h"
44: #include "Scheduler.h"
45: #include "Cred.h"
46: #include "BTree.h"
47:
48: #if !(HAVE_BINDRESVPORT_PROTO)
49: extern "C" int bindresvport(int sd, struct sockaddr_in *);
50: #endif
51:
52: struct NegotiatingClient
53: {
54: NegotiatingClient(int fd, uid_t u, struct sockaddr_un *s);
55: int sock;
56: uid_t uid;
57: struct sockaddr_un sun;
58: };
59:
60: BTree<int, NegotiatingClient *> negotiating_clients;
61:
62: static void cleanup_negotiation(void *closure);
63:
64: Listener::Listener(bool sbi, bool lo, unsigned long p, unsigned long v)
65: : program(p),
66: version(v),
67: rendezvous_fd(-1),
68: started_by_inetd(sbi),
69: _ugly_sock(-1),
70: local_only(lo)
71: {
72: if (started_by_inetd)
73: {
74: // Portmapper already knows about
75: // us, so just wait for the requests to start rolling in.
76:
77: set_rendezvous_fd(RENDEZVOUS_FD);
78:
79: dirty_ugly_hack();
80: }
81: else
82: {
83: // Need to register with portmapper.
84: // Unless we're debugging, fork and close all descriptors.
85:
86: int sock = socket(PF_INET, SOCK_STREAM, 0);
87: if (sock < 0)
88: { Log::perror("can't create TCP/IP socket for rendezvous");
89: exit(1);
90: }
91: struct sockaddr_in addr;
92: memset(&addr, 0, sizeof addr);
93: addr.sin_family = AF_INET;
94: addr.sin_addr.s_addr = local_only ? htonl(INADDR_LOOPBACK) : 0;
95: addr.sin_port = htons(0);
96: if (bindresvport(sock, &addr) < 0)
97: {
98: Log::perror("can't bind to reserved port");
99: exit(1);
100: }
101: if (listen(sock, 1) < 0)
102: {
103: Log::perror("can't listen for rendezvous");
104: exit(1);
105: }
106: (void) pmap_unset(program, version);
107: if (!pmap_set(program, version, IPPROTO_TCP, ntohs(addr.sin_port)))
108: {
109: Log::error("can't register with portmapper.");
110: exit(1);
111: }
112: set_rendezvous_fd(sock);
113: }
114: }
115:
116: Listener::~Listener()
117: {
118: if (rendezvous_fd >= 0)
119: { if (!started_by_inetd)
120: pmap_unset(program, version);
121: int rc = close(rendezvous_fd);
122: if (rc < 0)
123: Log::perror("close rendezvous port(%d)", rendezvous_fd);
124: else
125: Log::debug("fam service closed");
126: (void) Scheduler::remove_read_handler(rendezvous_fd);
127: }
128: if (_ugly_sock >= 0)
129: { (void) close(_ugly_sock);
130: (void) unlink("/tmp/.fam_socket");
131: }
132: }
133:
134: void
135: Listener::set_rendezvous_fd(int newfd)
136: {
137: if (rendezvous_fd >= 0)
138: { (void) Scheduler::remove_read_handler(rendezvous_fd);
139: (void) close(rendezvous_fd);
140: }
141: rendezvous_fd = newfd;
142: if (rendezvous_fd >= 0)
143: { (void) Scheduler::install_read_handler(rendezvous_fd,
144: accept_client, this);
145: Log::debug("listening for clients on descriptor %d", rendezvous_fd);
146: }
147: }
148:
149: void
150: Listener::accept_client(int rendezvous_fd, void *closure)
151: {
152: Listener *listener = (Listener *)closure;
153:
154: // Get the new socket.
155:
156: struct sockaddr_in addr;
157: CONFIG_SOCKLEN_T addrlen = sizeof addr;
158: int client_fd = accept(rendezvous_fd, (struct sockaddr *) &addr, &addrlen);
159: if (client_fd < 0)
160: {
161: Log::perror("failed to accept new client");
162: return;
163: }
164:
165: if (ntohl(addr.sin_addr.s_addr) == INADDR_LOOPBACK)
166: {
167: Log::debug("client fd %d is local/untrusted.", client_fd);
168: // Client is local.
169:
170: Cred cred = Cred::get_cred_for_untrusted_conn(client_fd);
171: new TCP_Client(addr.sin_addr, client_fd, cred);
172: // We don't need a reference to this object. The constructor
173: // takes care of registering it with the Scheduler.
174: }
175: else
176: {
177: assert(!listener->local_only);
178:
179: // Check that client is superuser.
180: Cred cred;
181: if (ntohs(addr.sin_port) >= IPPORT_RESERVED)
182: {
183: // Client isn't connecting on a privileged port, so we will
184: // ignore who they say they are, and treat them as our
185: // untrusted-user.
186: cred = Cred::get_cred_for_untrusted_conn(client_fd);
187: }
188: Log::debug("client fd %d from %s is remote/%strusted",
189: client_fd, inet_ntoa(addr.sin_addr),
190: cred.is_valid() ? "un" : "");
191:
192: new TCP_Client(addr.sin_addr, client_fd, cred);
193: // We don't need a reference to this object. The constructor
194: // takes care of registering it with the Scheduler.
195: }
196: }
197:
198: void
199: Listener::create_local_client(TCP_Client &inet_client, uid_t uid)
200: {
201: // This TCP_Client wants to use a UNIX domain socket instead of the
202: // inet socket for communication. Create the new socket owned by the
203: // requested user and pass the name back to the client.
204:
205: // Unset TMPDIR to ensure that tempnam() works as desired
206: putenv("TMPDIR=");
207:
208: char *tmpfile = tempnam("/tmp", ".fam");
209: #if defined(__FreeBSD__)
210: sockaddr_un sun = { sizeof(sockaddr_un), AF_UNIX, "" };
211: #else
212: sockaddr_un sun = { AF_UNIX, "" };
213: #endif
214: if(strlen(tmpfile) >= (sizeof(sun.sun_path) - 1))
215: {
216: Log::error("tmpnam() too long for sun_path (%d >= %d)!",
217: strlen(tmpfile), sizeof(sun.sun_path) - 1);
218: free(tmpfile);
219: return;
220: }
221: strcpy(sun.sun_path, tmpfile);
222: free(tmpfile);
223:
224: Cred::SuperUser.become_user();
225: int client_sock = socket(PF_UNIX, SOCK_STREAM, 0);
226: if (client_sock < 0)
227: { Log::perror("localclient socket(PF_UNIX, SOCK_STREAM, 0)");
228: return;
229: }
230:
231: Log::debug("client %s said uid %d; creating %s",
232: inet_client.name(), uid, sun.sun_path);
233:
234: unlink(sun.sun_path);
235: if (bind(client_sock, (sockaddr *) &sun, sizeof sun) != 0)
236: { Log::perror("localclient bind");
237: close(client_sock);
238: return;
239: }
240:
241: if (chmod(sun.sun_path, 0600) != 0)
242: { Log::perror("localclient chmod");
243: close(client_sock);
244: return;
245: }
246:
247: if (chown(sun.sun_path, uid, (gid_t)-1) != 0)
248: { Log::perror("localclient chown");
249: close(client_sock);
250: return;
251: }
252:
253: // Since we're going to start listening on this socket, set a task
254: // to clean it up if we don't receive a connection within 60 seconds.
255: NegotiatingClient *nc = new NegotiatingClient(client_sock, uid, &sun);
256: negotiating_clients.insert(client_sock, nc);
257: timeval nto;
258: gettimeofday(&nto, NULL);
259: nto.tv_sec += 60; // XXX that should be configurable
260: Scheduler::install_onetime_task(nto, cleanup_negotiation, nc);
261:
262: if (listen(client_sock, 1) != 0)
263: { Log::perror("localclient listen");
264: close(client_sock);
265: return;
266: }
267:
268: Scheduler::install_read_handler(client_sock, accept_localclient, NULL);
269: Log::debug("listening for requests for uid %d on descriptor %d (%s)",
270: uid, client_sock, sun.sun_path);
271:
272: inet_client.send_sockaddr_un(sun);
273: }
274:
275: void
276: Listener::accept_localclient(int ofd, void *)
277: {
278: NegotiatingClient *nc = negotiating_clients.find(ofd);
279: assert(nc);
280:
281: // Get the new socket.
282:
283: #if defined(__FreeBSD__)
284: struct sockaddr_un sun = { sizeof(sockaddr_un), AF_UNIX, "" };
285: #else
286: struct sockaddr_un sun = { AF_UNIX, "" };
287: #endif
288: CONFIG_SOCKLEN_T sunlen = sizeof(sun);
289: int client_fd = accept(ofd, (struct sockaddr *) &sun, &sunlen);
290: if (client_fd < 0)
291: {
292: Log::perror("failed to accept new client");
293: return;
294: }
295:
296: // Keep the scheduler from helpfully cleaning this up.
297: Scheduler::remove_onetime_task(cleanup_negotiation, nc);
298:
299: Log::debug("client fd %d is local/trusted (socket %s, uid %d).",
300: client_fd, nc->sun.sun_path, nc->uid);
301: Cred cred(nc->uid, client_fd);
302: new LocalClient(client_fd, &(nc->sun), cred);
303: // We don't need a reference to this object. The constructor
304: // takes care of registering it with the Scheduler.
305:
306: // Stop listening for new connections on that socket.
307: Scheduler::remove_read_handler(ofd);
308: close(ofd);
309:
310: // This client is no longer negotiating, so remove it from the list
311: // and delete it.
312: negotiating_clients.remove(ofd);
313: delete nc;
314: }
315:
316: // Here's the problem. If the network is stopped and restarted,
317: // inetd and portmapper are killed and new ones are launched in their
318: // place. Since they have no idea that fam is already running, inetd
319: // opens a new TCP/IP socket and registers it with the new portmapper.
320: // Meanwhile, the old fam has /dev/imon open, and any new fam launched
321: // by the new inetd won't be able to use imon. The old fam can't just
322: // quit; it has all the state of all its existing clients to contend with.
323:
324: // So here's the dirty, ugly, hack solution. The first fam to run is
325: // the master. The master opens the UNIX domain socket,
326: // /tmp/.fam_socket, and listens for connections from slaves. Each
327: // subsequent fam is a slave. It knows it's a slave because it can
328: // connect to the master. The slave passes its rendezvous descriptor
329: // (the one that fam clients will connect to) through to the master
330: // using the access rights mechanism of Unix domain sockets. The
331: // master receives the new descriptor and starts accepting clients on
332: // it. Meanwhile, the slave blocks, waiting for the master to close
333: // the connection on /tmp/.fam_socket. That happens when the master
334: // exits.
335:
336: // This master/slave stuff has nothing to do with fam forwarding
337: // requests to fams on other hosts. That's called client/server
338: // fams.
339:
340: // Why not just kill fam when we kill the rest of the network
341: // services? Because too many programs need it. The desktop, the
342: // desktop sysadmin tools, MediaMail... None of those should go down
343: // when the network goes down, and none of them are designed to
344: // handle fam dying.
345:
346: void
347: Listener::dirty_ugly_hack()
348: {
349: #if defined(__FreeBSD__)
350: static sockaddr_un sun = { sizeof (sockaddr_un), AF_UNIX, "/tmp/.fam_socket" };
351: #else
352: static sockaddr_un sun = { AF_UNIX, "/tmp/.fam_socket" };
353: #endif
354:
355: int sock = socket(PF_UNIX, SOCK_STREAM, 0);
356: if (sock < 0)
357: { Log::perror("socket(PF_UNIX, SOCK_STREAM, 0)");
358: exit(1);
359: }
360:
361: struct stat sb;
362: if (lstat(sun.sun_path, &sb) == 0 &&
363: sb.st_uid == 0 && S_ISSOCK(sb.st_mode))
364: {
365: if (connect(sock, (sockaddr *) &sun, sizeof sun) == 0)
366: {
367: // Another fam is listening to /tmp/.fam_socket.
368: // Pass our rendezvous fd to the other fam and
369: // sleep until that fam exits.
370:
371: int rights[1] = { rendezvous_fd };
372: msghdr msg = { NULL, 0, NULL, 0, (caddr_t) rights, sizeof rights };
373: if (sendmsg(sock, &msg, 0) < 0)
374: { Log::perror("sendmsg");
375: exit(1);
376: }
377: Log::debug("fam (process %d) enslaved to master fam", getpid());
378: char data[1];
379: int nb = read(sock, &data, sizeof data);
380: assert(nb == 0);
381: exit(0);
382: }
383: else
384: Log::debug("could not enslave myself: %m");
385: }
386:
387: // We were unable to connect to another fam.
388: // We'll create our own dirty ugly hack socket and accept connections.
389:
390: (void) unlink(sun.sun_path);
391: if (bind(sock, (sockaddr *) &sun, sizeof sun) != 0)
392: { Log::perror("bind");
393: exit(1);
394: }
395:
396: if (chmod(sun.sun_path, 0700) != 0)
397: { Log::perror("chmod");
398: exit(1);
399: }
400:
401: if (listen(sock, 1) != 0)
402: { Log::perror("listen");
403: exit(1);
404: }
405:
406: (void) Scheduler::install_read_handler(sock, accept_ugly_hack, this);
407: _ugly_sock = sock;
408: Log::debug("fam (process %d) is master fam.", getpid());
409: }
410:
411: void
412: Listener::accept_ugly_hack(int ugly, void *closure)
413: {
414: Listener *listener = (Listener *) closure;
415: assert(ugly == listener->_ugly_sock);
416:
417: // Accept a new ugly connection.
418:
419: struct sockaddr_un sun;
420: CONFIG_SOCKLEN_T sunlen = sizeof sun;
421: int sock = accept(ugly, (struct sockaddr *)(&sun), &sunlen);
422: if (sock < 0)
423: { Log::perror("accept");
424: return;
425: }
426:
427: (void) Scheduler::install_read_handler(sock, read_ugly_hack, listener);
428: }
429:
430: void
431: Listener::read_ugly_hack(int sock, void *closure)
432: {
433: Listener *listener = (Listener *) closure;
434:
435: int rights[1] = { -1 };
436: msghdr msg = { NULL, 0, NULL, 0, (caddr_t) rights, sizeof rights };
437: if (recvmsg(sock, &msg, 0) >= 0)
438: {
439: Log::debug("master fam (process %d) has new slave", getpid());
440:
441: assert(rights[0] >= 0);
442: listener->set_rendezvous_fd(rights[0]);
443:
444: // Turn the inactivity timeout all the way down. We want to
445: // clean up this dirty ugly hack as soon as possible after
446: // the last Activity is destroyed.
447: Activity::timeout(0);
448:
449: // Forget socket -- it will be closed on exit.
450: // Slave is blocked waiting for socket to close, so slave
451: // will exit when master exits.
452:
453: (void) Scheduler::remove_read_handler(sock);
454: }
455: else
456: { Log::perror("recvmsg");
457: (void) Scheduler::remove_read_handler(sock);
458: (void) close(sock);
459: }
460: }
461:
462: NegotiatingClient::NegotiatingClient(int fd, uid_t u, struct sockaddr_un *sunp)
463: : sock(fd), uid(u)
464: {
465: sun.sun_family = AF_UNIX;
466: strcpy(sun.sun_path, sunp->sun_path);
467: }
468:
469: static void
470: cleanup_negotiation(void *closure)
471: {
472: NegotiatingClient *nc = (NegotiatingClient *)closure;
473:
474: Log::debug("cleaning up incomplete negotiation for client %d", nc->sock);
475:
476: // Remove client from list
477: negotiating_clients.remove(nc->sock);
478:
479: // Remove the read handler & close the socket
480: Scheduler::remove_read_handler(nc->sock);
481: close(nc->sock);
482: nc->sock = -1;
483:
484: // Remove the temp file
485: uid_t preveuid = geteuid();
486: if (preveuid) seteuid(0);
487: seteuid(nc->uid);
488: unlink(nc->sun.sun_path);
489: if (nc->uid) seteuid(0);
490: seteuid(preveuid);
491:
492: delete nc;
493: }
494:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to Listener.c++ CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [Development] / fam / fam