1
0

konfd.c 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684
  1. /*
  2. * konfd.c
  3. *
  4. * The konfd daemon to store user configuration commands.
  5. *
  6. */
  7. #ifdef HAVE_CONFIG_H
  8. #include "config.h"
  9. #endif /* HAVE_CONFIG_H */
  10. #include <stdio.h>
  11. #include <stdlib.h>
  12. #include <unistd.h>
  13. #include <sys/types.h>
  14. #include <sys/stat.h>
  15. #include <fcntl.h>
  16. #include <sys/wait.h>
  17. #include <errno.h>
  18. #include <assert.h>
  19. #include <sys/socket.h>
  20. #include <sys/un.h>
  21. #include <string.h>
  22. #include <sys/select.h>
  23. #include <signal.h>
  24. #include <syslog.h>
  25. #ifdef HAVE_GETOPT_H
  26. #include <getopt.h>
  27. #endif
  28. #ifdef HAVE_PWD_H
  29. #include <pwd.h>
  30. #endif
  31. #ifdef HAVE_GRP_H
  32. #include <grp.h>
  33. #endif
  34. #include "clish/internal.h"
  35. #include "clish/private.h"
  36. #include "konf/tree.h"
  37. #include "konf/query.h"
  38. #include "konf/buf.h"
  39. #include "lub/argv.h"
  40. #include "lub/string.h"
  41. #ifndef VERSION
  42. #define VERSION 1.2.2
  43. #endif
  44. #define QUOTE(t) #t
  45. #define version(v) printf("%s\n", v)
  46. #define KONFD_PIDFILE "/var/run/konfd.pid"
  47. /* UNIX socket path */
  48. #ifndef UNIX_PATH_MAX
  49. #define UNIX_PATH_MAX 108
  50. #endif
  51. /* OpenBSD has no MSG_NOSIGNAL flag */
  52. #ifndef MSG_NOSIGNAL
  53. #define MSG_NOSIGNAL 0
  54. #endif
  55. #define MAXMSG 1024
  56. /* Global signal vars */
  57. static volatile int sigterm = 0;
  58. static void sighandler(int signo);
  59. static void help(int status, const char *argv0);
  60. static char * process_query(int sock, konf_tree_t * conf, char *str);
  61. int answer_send(int sock, char *command);
  62. static int dump_running_config(int sock, konf_tree_t *conf, konf_query_t *query);
  63. int daemonize(int nochdir, int noclose);
  64. struct options *opts_init(void);
  65. void opts_free(struct options *opts);
  66. static int opts_parse(int argc, char *argv[], struct options *opts);
  67. /* Command line options */
  68. struct options {
  69. char *socket_path;
  70. char *pidfile;
  71. char *chroot;
  72. int debug; /* Don't daemonize in debug mode */
  73. uid_t uid;
  74. gid_t gid;
  75. };
  76. /*--------------------------------------------------------- */
  77. int main(int argc, char **argv)
  78. {
  79. int retval = -1;
  80. unsigned i;
  81. char *str;
  82. konf_tree_t *conf;
  83. lub_bintree_t bufs;
  84. konf_buf_t *tbuf;
  85. struct options *opts = NULL;
  86. int pidfd = -1;
  87. /* Network vars */
  88. int sock = -1;
  89. struct sockaddr_un laddr;
  90. struct sockaddr_un raddr;
  91. fd_set active_fd_set, read_fd_set;
  92. const int reuseaddr = 1;
  93. /* Signal vars */
  94. struct sigaction sig_act, sigpipe_act;
  95. sigset_t sig_set, sigpipe_set;
  96. /* Initialize syslog */
  97. openlog(argv[0], LOG_CONS, LOG_DAEMON);
  98. /* Parse command line options */
  99. opts = opts_init();
  100. if (opts_parse(argc, argv, opts))
  101. goto err;
  102. /* Fork the daemon */
  103. if (!opts->debug) {
  104. /* Daemonize */
  105. if (daemonize(0, 0) < 0) {
  106. syslog(LOG_ERR, "Can't daemonize\n");
  107. goto err;
  108. }
  109. /* Write pidfile */
  110. if ((pidfd = open(opts->pidfile,
  111. O_WRONLY | O_CREAT | O_EXCL | O_TRUNC,
  112. S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH)) < 0) {
  113. syslog(LOG_WARNING, "Can't open pidfile %s: %s",
  114. opts->pidfile, strerror(errno));
  115. } else {
  116. char str[20];
  117. snprintf(str, sizeof(str), "%u\n", getpid());
  118. if (write(pidfd, str, strlen(str)) < 0)
  119. syslog(LOG_WARNING, "Can't write to %s: %s",
  120. opts->pidfile, strerror(errno));
  121. close(pidfd);
  122. }
  123. }
  124. /* Create listen socket */
  125. if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
  126. syslog(LOG_ERR, "Can't create listen socket: %s\n",
  127. strerror(errno));
  128. goto err;
  129. }
  130. if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR,
  131. &reuseaddr, sizeof(reuseaddr))) {
  132. syslog(LOG_ERR, "Can't set socket options: %s\n", strerror(errno));
  133. goto err;
  134. }
  135. laddr.sun_family = AF_UNIX;
  136. strncpy(laddr.sun_path, opts->socket_path, UNIX_PATH_MAX);
  137. laddr.sun_path[UNIX_PATH_MAX - 1] = '\0';
  138. if (bind(sock, (struct sockaddr *)&laddr, sizeof(laddr))) {
  139. syslog(LOG_ERR, "Can't bind socket: %s\n",
  140. strerror(errno));
  141. goto err;
  142. }
  143. if (chown(opts->socket_path, opts->uid, opts->gid)) {
  144. syslog(LOG_ERR, "Can't chown UNIX socket: %s\n",
  145. strerror(errno));
  146. goto err;
  147. }
  148. listen(sock, 5);
  149. /* Change GID */
  150. if (opts->gid != getgid()) {
  151. if (setgid(opts->gid)) {
  152. syslog(LOG_ERR, "Can't set GID to %u: %s",
  153. opts->gid, strerror(errno));
  154. goto err;
  155. }
  156. }
  157. #ifdef HAVE_CHROOT
  158. /* Chroot */
  159. if (opts->chroot) {
  160. if (chroot(opts->chroot) < 0) {
  161. syslog(LOG_ERR, "Can't chroot to %s: %s",
  162. opts->chroot, strerror(errno));
  163. goto err;
  164. }
  165. }
  166. #endif
  167. /* Change UID */
  168. if (opts->uid != getuid()) {
  169. if (setuid(opts->uid)) {
  170. syslog(LOG_ERR, "Can't set UID to %u: %s",
  171. opts->uid, strerror(errno));
  172. goto err;
  173. }
  174. }
  175. /* Create configuration tree */
  176. conf = konf_tree_new("", 0);
  177. /* Initialize the tree of buffers */
  178. lub_bintree_init(&bufs,
  179. konf_buf_bt_offset(),
  180. konf_buf_bt_compare, konf_buf_bt_getkey);
  181. /* Set signal handler */
  182. sigemptyset(&sig_set);
  183. sigaddset(&sig_set, SIGTERM);
  184. sigaddset(&sig_set, SIGINT);
  185. sigaddset(&sig_set, SIGQUIT);
  186. sig_act.sa_flags = 0;
  187. sig_act.sa_mask = sig_set;
  188. sig_act.sa_handler = &sighandler;
  189. sigaction(SIGTERM, &sig_act, NULL);
  190. sigaction(SIGINT, &sig_act, NULL);
  191. sigaction(SIGQUIT, &sig_act, NULL);
  192. /* Ignore SIGPIPE */
  193. sigemptyset(&sigpipe_set);
  194. sigaddset(&sigpipe_set, SIGPIPE);
  195. sigpipe_act.sa_flags = 0;
  196. sigpipe_act.sa_mask = sigpipe_set;
  197. sigpipe_act.sa_handler = SIG_IGN;
  198. sigaction(SIGPIPE, &sigpipe_act, NULL);
  199. /* Initialize the set of active sockets. */
  200. FD_ZERO(&active_fd_set);
  201. FD_SET(sock, &active_fd_set);
  202. /* Main loop */
  203. while (!sigterm) {
  204. int num;
  205. /* Block until input arrives on one or more active sockets. */
  206. read_fd_set = active_fd_set;
  207. num = select(FD_SETSIZE, &read_fd_set, NULL, NULL, NULL);
  208. if (num < 0) {
  209. if (EINTR == errno)
  210. continue;
  211. break;
  212. }
  213. if (0 == num)
  214. continue;
  215. /* Service all the sockets with input pending. */
  216. for (i = 0; i < FD_SETSIZE; ++i) {
  217. if (!FD_ISSET(i, &read_fd_set))
  218. continue;
  219. if (i == sock) {
  220. /* Connection request on listen socket. */
  221. int new;
  222. socklen_t size = sizeof(raddr);
  223. new = accept(sock,
  224. (struct sockaddr *)&raddr, &size);
  225. if (new < 0) {
  226. fprintf(stderr, "accept");
  227. continue;
  228. }
  229. #ifdef DEBUG
  230. fprintf(stderr, "Connection established %u\n", new);
  231. #endif
  232. konf_buftree_remove(&bufs, new);
  233. tbuf = konf_buf_new(new);
  234. /* insert it into the binary tree for this conf */
  235. lub_bintree_insert(&bufs, tbuf);
  236. FD_SET(new, &active_fd_set);
  237. } else {
  238. int nbytes;
  239. /* Data arriving on an already-connected socket. */
  240. if ((nbytes = konf_buftree_read(&bufs, i)) <= 0) {
  241. close(i);
  242. FD_CLR(i, &active_fd_set);
  243. konf_buftree_remove(&bufs, i);
  244. continue;
  245. }
  246. while ((str = konf_buftree_parse(&bufs, i))) {
  247. char *answer;
  248. if (!(answer = process_query(i, conf, str)))
  249. answer = lub_string_dup("-e");
  250. lub_string_free(str);
  251. answer_send(i, answer);
  252. lub_string_free(answer);
  253. }
  254. }
  255. }
  256. }
  257. /* Free resources */
  258. konf_tree_delete(conf);
  259. /* delete each buf */
  260. while ((tbuf = lub_bintree_findfirst(&bufs))) {
  261. /* remove the buf from the tree */
  262. lub_bintree_remove(&bufs, tbuf);
  263. /* release the instance */
  264. konf_buf_delete(tbuf);
  265. }
  266. retval = 0;
  267. err:
  268. /* Close listen socket */
  269. if (sock >= 0) {
  270. close(sock);
  271. unlink(opts->socket_path);
  272. }
  273. /* Remove pidfile */
  274. if (pidfd >= 0) {
  275. if (unlink(opts->pidfile) < 0) {
  276. syslog(LOG_ERR, "Can't remove pid-file %s: %s\n",
  277. opts->pidfile, strerror(errno));
  278. }
  279. }
  280. /* Free command line options */
  281. opts_free(opts);
  282. return retval;
  283. }
  284. /*--------------------------------------------------------- */
  285. static char * process_query(int sock, konf_tree_t * conf, char *str)
  286. {
  287. unsigned i;
  288. int res;
  289. konf_tree_t *iconf;
  290. konf_tree_t *tmpconf;
  291. konf_query_t *query;
  292. char *retval = NULL;
  293. konf_query_op_t ret;
  294. #ifdef DEBUG
  295. fprintf(stderr, "----------------------\n");
  296. fprintf(stderr, "REQUEST: %s\n", str);
  297. #endif
  298. /* Parse query */
  299. query = konf_query_new();
  300. res = konf_query_parse_str(query, str);
  301. if (res < 0) {
  302. konf_query_free(query);
  303. return NULL;
  304. }
  305. #ifdef DEBUG
  306. konf_query_dump(query);
  307. #endif
  308. /* Go through the pwd */
  309. iconf = conf;
  310. for (i = 0; i < konf_query__get_pwdc(query); i++) {
  311. if (!(iconf = konf_tree_find_conf(iconf,
  312. konf_query__get_pwd(query, i), 0, 0))) {
  313. iconf = NULL;
  314. break;
  315. }
  316. }
  317. if (!iconf) {
  318. fprintf(stderr, "Unknown path\n");
  319. konf_query_free(query);
  320. return NULL;
  321. }
  322. switch (konf_query__get_op(query)) {
  323. case KONF_QUERY_OP_SET:
  324. if (konf_query__get_unique(query)) {
  325. if (konf_tree_find_conf(iconf,
  326. konf_query__get_line(query), 0, 0)) {
  327. ret = KONF_QUERY_OP_OK;
  328. break;
  329. }
  330. konf_tree_del_pattern(iconf,
  331. konf_query__get_pattern(query),
  332. konf_query__get_priority(query),
  333. konf_query__get_seq(query),
  334. konf_query__get_seq_num(query));
  335. }
  336. tmpconf = konf_tree_new_conf(iconf,
  337. konf_query__get_line(query), konf_query__get_priority(query),
  338. konf_query__get_seq(query), konf_query__get_seq_num(query));
  339. if (!tmpconf) {
  340. ret = KONF_QUERY_OP_ERROR;
  341. break;
  342. }
  343. konf_tree__set_splitter(tmpconf, konf_query__get_splitter(query));
  344. konf_tree__set_depth(tmpconf, konf_query__get_pwdc(query));
  345. ret = KONF_QUERY_OP_OK;
  346. break;
  347. case KONF_QUERY_OP_UNSET:
  348. konf_tree_del_pattern(iconf,
  349. konf_query__get_pattern(query), konf_query__get_priority(query),
  350. konf_query__get_seq(query), konf_query__get_seq_num(query));
  351. ret = KONF_QUERY_OP_OK;
  352. break;
  353. case KONF_QUERY_OP_DUMP:
  354. if (dump_running_config(sock, iconf, query))
  355. ret = KONF_QUERY_OP_ERROR;
  356. else
  357. ret = KONF_QUERY_OP_OK;
  358. break;
  359. default:
  360. ret = KONF_QUERY_OP_ERROR;
  361. break;
  362. }
  363. #ifdef DEBUG
  364. /* Print whole tree */
  365. konf_tree_fprintf(conf, stderr, NULL, -1, BOOL_TRUE, 0);
  366. #endif
  367. /* Free resources */
  368. konf_query_free(query);
  369. switch (ret) {
  370. case KONF_QUERY_OP_OK:
  371. lub_string_cat(&retval, "-o");
  372. break;
  373. case KONF_QUERY_OP_ERROR:
  374. lub_string_cat(&retval, "-e");
  375. break;
  376. default:
  377. lub_string_cat(&retval, "-e");
  378. break;
  379. };
  380. return retval;
  381. }
  382. /*--------------------------------------------------------- */
  383. /*
  384. * Signal handler for temination signals (like SIGTERM, SIGINT, ...)
  385. */
  386. static void sighandler(int signo)
  387. {
  388. sigterm = 1;
  389. }
  390. /*--------------------------------------------------------- */
  391. int answer_send(int sock, char *command)
  392. {
  393. return send(sock, command, strlen(command) + 1, MSG_NOSIGNAL);
  394. }
  395. /*--------------------------------------------------------- */
  396. static int dump_running_config(int sock, konf_tree_t *conf, konf_query_t *query)
  397. {
  398. FILE *fd;
  399. char *filename;
  400. int dupsock = -1;
  401. if ((filename = konf_query__get_path(query))) {
  402. if (!(fd = fopen(filename, "w")))
  403. return -1;
  404. } else {
  405. if ((dupsock = dup(sock)) < 0)
  406. return -1;
  407. fd = fdopen(dupsock, "w");
  408. }
  409. if (!filename) {
  410. fprintf(fd, "-t\n");
  411. #ifdef DEBUG
  412. fprintf(stderr, "ANSWER: -t\n");
  413. #endif
  414. }
  415. konf_tree_fprintf(conf,
  416. fd,
  417. konf_query__get_pattern(query),
  418. konf_query__get_pwdc(query) - 1,
  419. konf_query__get_seq(query),
  420. 0);
  421. if (!filename) {
  422. fprintf(fd, "\n");
  423. #ifdef DEBUG
  424. fprintf(stderr, "SEND DATA: \n");
  425. #endif
  426. }
  427. fclose(fd);
  428. return 0;
  429. }
  430. /*--------------------------------------------------------- */
  431. /* Implement own simple daemon() to don't use Non-POSIX */
  432. int daemonize(int nochdir, int noclose)
  433. {
  434. int fd;
  435. int pid;
  436. pid = fork();
  437. if (-1 == pid)
  438. return -1;
  439. if (pid > 0)
  440. _exit(0); /* Exit parent */
  441. if (setsid() == -1)
  442. return -1;
  443. if (!nochdir)
  444. chdir("/");
  445. if (!noclose) {
  446. fd = open("/dev/null", O_RDWR, 0);
  447. if (fd < 0)
  448. return -1;
  449. dup2(fd, STDIN_FILENO);
  450. dup2(fd, STDOUT_FILENO);
  451. dup2(fd, STDERR_FILENO);
  452. if (fd > 2)
  453. close(fd);
  454. }
  455. return 0;
  456. }
  457. /*--------------------------------------------------------- */
  458. /* Initialize option structure by defaults */
  459. struct options *opts_init(void)
  460. {
  461. struct options *opts = NULL;
  462. opts = malloc(sizeof(*opts));
  463. assert(opts);
  464. opts->debug = 0; /* daemonize by default */
  465. opts->socket_path = lub_string_dup(KONFD_SOCKET_PATH);
  466. opts->pidfile = lub_string_dup(KONFD_PIDFILE);
  467. opts->chroot = NULL;
  468. opts->uid = getuid();
  469. opts->gid = getgid();
  470. return opts;
  471. }
  472. /*--------------------------------------------------------- */
  473. /* Free option structure */
  474. void opts_free(struct options *opts)
  475. {
  476. if (opts->socket_path)
  477. lub_string_free(opts->socket_path);
  478. if (opts->pidfile)
  479. lub_string_free(opts->pidfile);
  480. if (opts->chroot)
  481. lub_string_free(opts->chroot);
  482. free(opts);
  483. }
  484. /*--------------------------------------------------------- */
  485. /* Parse command line options */
  486. static int opts_parse(int argc, char *argv[], struct options *opts)
  487. {
  488. static const char *shortopts = "hvs:p:u:g:dr:";
  489. #ifdef HAVE_GETOPT_H
  490. static const struct option longopts[] = {
  491. {"help", 0, NULL, 'h'},
  492. {"version", 0, NULL, 'v'},
  493. {"socket", 1, NULL, 's'},
  494. {"pid", 1, NULL, 'p'},
  495. {"user", 1, NULL, 'u'},
  496. {"group", 1, NULL, 'g'},
  497. {"debug", 0, NULL, 'd'},
  498. {"chroot", 1, NULL, 'r'},
  499. {NULL, 0, NULL, 0}
  500. };
  501. #endif
  502. optind = 0;
  503. while(1) {
  504. int opt;
  505. #ifdef HAVE_GETOPT_H
  506. opt = getopt_long(argc, argv, shortopts, longopts, NULL);
  507. #else
  508. opt = getopt(argc, argv, shortopts);
  509. #endif
  510. if (-1 == opt)
  511. break;
  512. switch (opt) {
  513. case 's':
  514. if (opts->socket_path)
  515. lub_string_free(opts->socket_path);
  516. opts->socket_path = lub_string_dup(optarg);
  517. break;
  518. case 'p':
  519. if (opts->pidfile)
  520. lub_string_free(opts->pidfile);
  521. opts->pidfile = lub_string_dup(optarg);
  522. break;
  523. case 'r':
  524. #ifdef HAVE_CHROOT
  525. if (opts->chroot)
  526. lub_string_free(opts->chroot);
  527. opts->chroot = lub_string_dup(optarg);
  528. #else
  529. syslog(LOG_ERR, "The --chroot option is not supported\n");
  530. return -1;
  531. #endif
  532. break;
  533. case 'd':
  534. opts->debug = 1;
  535. break;
  536. case 'u': {
  537. #ifdef HAVE_PWD_H
  538. struct passwd *pwd = getpwnam(optarg);
  539. if (!pwd) {
  540. syslog(LOG_ERR, "Can't identify user \"%s\"\n",
  541. optarg);
  542. return -1;
  543. }
  544. opts->uid = pwd->pw_uid;
  545. #else
  546. syslog(LOG_ERR, "The --user option is not supported\n");
  547. return -1;
  548. #endif
  549. break;
  550. }
  551. case 'g': {
  552. #ifdef HAVE_GRP_H
  553. struct group *grp = getgrnam(optarg);
  554. if (!grp) {
  555. syslog(LOG_ERR, "Can't identify group \"%s\"\n",
  556. optarg);
  557. return -1;
  558. }
  559. opts->gid = grp->gr_gid;
  560. #else
  561. syslog(LOG_ERR, "The --group option is not supported\n");
  562. return -1;
  563. #endif
  564. break;
  565. }
  566. case 'h':
  567. help(0, argv[0]);
  568. exit(0);
  569. break;
  570. case 'v':
  571. version(VERSION);
  572. exit(0);
  573. break;
  574. default:
  575. help(-1, argv[0]);
  576. exit(-1);
  577. break;
  578. }
  579. }
  580. return 0;
  581. }
  582. /*--------------------------------------------------------- */
  583. /* Print help message */
  584. static void help(int status, const char *argv0)
  585. {
  586. const char *name = NULL;
  587. if (!argv0)
  588. return;
  589. /* Find the basename */
  590. name = strrchr(argv0, '/');
  591. if (name)
  592. name++;
  593. else
  594. name = argv0;
  595. if (status != 0) {
  596. fprintf(stderr, "Try `%s -h' for more information.\n",
  597. name);
  598. } else {
  599. printf("Usage: %s [options]\n", name);
  600. printf("Daemon to store user configuration (i.e. commands). "
  601. "The part of the klish project.\n");
  602. printf("Options:\n");
  603. printf("\t-v, --version\tPrint version.\n");
  604. printf("\t-h, --help\tPrint this help.\n");
  605. printf("\t-d, --debug\tDebug mode. Don't daemonize.\n");
  606. printf("\t-s <path>, --socket=<path>\tSpecify the UNIX socket "
  607. "filesystem path to listen on.\n");
  608. printf("\t-p <path>, --pid=<path>\tFile to save daemon's PID to.\n");
  609. printf("\t-r <path>, --chroot=<path>\tDirectory to chroot.\n");
  610. printf("\t-u <user>, --user=<user>\tExecute process as"
  611. " specified user.\n");
  612. printf("\t-g <group>, --group=<group>\tExecute process as"
  613. " specified group.\n");
  614. }
  615. }