konfd.c 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690
  1. /*
  2. * konfd.c
  3. *
  4. * The konfd daemon to store user configuration commands.
  5. *
  6. */
  7. #ifdef HAVE_CONFIG_H
  8. #include "config.h"
  9. #endif /* HAVE_CONFIG_H */
  10. #include <stdio.h>
  11. #include <stdlib.h>
  12. #include <unistd.h>
  13. #include <sys/types.h>
  14. #include <sys/stat.h>
  15. #include <fcntl.h>
  16. #include <sys/wait.h>
  17. #include <errno.h>
  18. #include <assert.h>
  19. #include <sys/socket.h>
  20. #include <sys/un.h>
  21. #include <string.h>
  22. #include <sys/select.h>
  23. #include <signal.h>
  24. #include <syslog.h>
  25. #ifdef HAVE_GETOPT_H
  26. #include <getopt.h>
  27. #endif
  28. #ifdef HAVE_PWD_H
  29. #include <pwd.h>
  30. #endif
  31. #ifdef HAVE_GRP_H
  32. #include <grp.h>
  33. #endif
  34. #include "clish/internal.h"
  35. #include "konf/tree.h"
  36. #include "konf/query.h"
  37. #include "konf/buf.h"
  38. #include "lub/argv.h"
  39. #include "lub/string.h"
  40. #ifndef VERSION
  41. #define VERSION 1.2.2
  42. #endif
  43. #define QUOTE(t) #t
  44. #define version(v) printf("%s\n", v)
  45. #define KONFD_PIDFILE "/var/run/konfd.pid"
  46. /* UNIX socket path */
  47. /* Don't use UNIX_PATH_MAX due to portability issues */
  48. #define USOCK_PATH_MAX sizeof(((struct sockaddr_un *)0)->sun_path)
  49. /* OpenBSD has no MSG_NOSIGNAL flag */
  50. #ifndef MSG_NOSIGNAL
  51. #define MSG_NOSIGNAL 0
  52. #endif
  53. /* Global signal vars */
  54. static volatile int sigterm = 0;
  55. static void sighandler(int signo);
  56. static void help(int status, const char *argv0);
  57. static char * process_query(int sock, konf_tree_t * conf, char *str);
  58. int answer_send(int sock, char *command);
  59. static int dump_running_config(int sock, konf_tree_t *conf, konf_query_t *query);
  60. int daemonize(int nochdir, int noclose);
  61. struct options *opts_init(void);
  62. void opts_free(struct options *opts);
  63. static int opts_parse(int argc, char *argv[], struct options *opts);
  64. /* Command line options */
  65. struct options {
  66. char *socket_path;
  67. char *pidfile;
  68. char *chroot;
  69. int debug; /* Don't daemonize in debug mode */
  70. uid_t uid;
  71. gid_t gid;
  72. };
  73. /*--------------------------------------------------------- */
  74. int main(int argc, char **argv)
  75. {
  76. int retval = -1;
  77. unsigned i;
  78. char *str;
  79. konf_tree_t *conf;
  80. lub_bintree_t bufs;
  81. konf_buf_t *tbuf;
  82. struct options *opts = NULL;
  83. int pidfd = -1;
  84. /* Network vars */
  85. int sock = -1;
  86. struct sockaddr_un laddr;
  87. struct sockaddr_un raddr;
  88. fd_set active_fd_set, read_fd_set;
  89. const int reuseaddr = 1;
  90. /* Signal vars */
  91. struct sigaction sig_act, sigpipe_act;
  92. sigset_t sig_set, sigpipe_set;
  93. /* Initialize syslog */
  94. openlog(argv[0], LOG_CONS, LOG_DAEMON);
  95. /* Parse command line options */
  96. opts = opts_init();
  97. if (opts_parse(argc, argv, opts))
  98. goto err;
  99. /* Fork the daemon */
  100. if (!opts->debug) {
  101. /* Daemonize */
  102. if (daemonize(0, 0) < 0) {
  103. syslog(LOG_ERR, "Can't daemonize\n");
  104. goto err;
  105. }
  106. /* Write pidfile */
  107. if ((pidfd = open(opts->pidfile,
  108. O_WRONLY | O_CREAT | O_EXCL | O_TRUNC,
  109. S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH)) < 0) {
  110. syslog(LOG_WARNING, "Can't open pidfile %s: %s",
  111. opts->pidfile, strerror(errno));
  112. } else {
  113. char str[20];
  114. snprintf(str, sizeof(str), "%u\n", getpid());
  115. if (write(pidfd, str, strlen(str)) < 0)
  116. syslog(LOG_WARNING, "Can't write to %s: %s",
  117. opts->pidfile, strerror(errno));
  118. close(pidfd);
  119. }
  120. }
  121. /* Create listen socket */
  122. if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
  123. syslog(LOG_ERR, "Can't create listen socket: %s\n",
  124. strerror(errno));
  125. goto err;
  126. }
  127. if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR,
  128. &reuseaddr, sizeof(reuseaddr))) {
  129. syslog(LOG_ERR, "Can't set socket options: %s\n", strerror(errno));
  130. goto err;
  131. }
  132. laddr.sun_family = AF_UNIX;
  133. strncpy(laddr.sun_path, opts->socket_path, USOCK_PATH_MAX);
  134. laddr.sun_path[USOCK_PATH_MAX - 1] = '\0';
  135. if (bind(sock, (struct sockaddr *)&laddr, sizeof(laddr))) {
  136. syslog(LOG_ERR, "Can't bind socket: %s\n",
  137. strerror(errno));
  138. goto err;
  139. }
  140. if (chown(opts->socket_path, opts->uid, opts->gid)) {
  141. syslog(LOG_ERR, "Can't chown UNIX socket: %s\n",
  142. strerror(errno));
  143. goto err;
  144. }
  145. listen(sock, 5);
  146. /* Change GID */
  147. if (opts->gid != getgid()) {
  148. if (setgid(opts->gid)) {
  149. syslog(LOG_ERR, "Can't set GID to %u: %s",
  150. opts->gid, strerror(errno));
  151. goto err;
  152. }
  153. }
  154. #ifdef HAVE_CHROOT
  155. /* Chroot */
  156. if (opts->chroot) {
  157. if (chroot(opts->chroot) < 0) {
  158. syslog(LOG_ERR, "Can't chroot to %s: %s",
  159. opts->chroot, strerror(errno));
  160. goto err;
  161. }
  162. }
  163. #endif
  164. /* Change UID */
  165. if (opts->uid != getuid()) {
  166. if (setuid(opts->uid)) {
  167. syslog(LOG_ERR, "Can't set UID to %u: %s",
  168. opts->uid, strerror(errno));
  169. goto err;
  170. }
  171. }
  172. /* Create configuration tree */
  173. conf = konf_tree_new("", 0);
  174. /* Initialize the tree of buffers */
  175. lub_bintree_init(&bufs,
  176. konf_buf_bt_offset(),
  177. konf_buf_bt_compare, konf_buf_bt_getkey);
  178. /* Set signal handler */
  179. sigemptyset(&sig_set);
  180. sigaddset(&sig_set, SIGTERM);
  181. sigaddset(&sig_set, SIGINT);
  182. sigaddset(&sig_set, SIGQUIT);
  183. sig_act.sa_flags = 0;
  184. sig_act.sa_mask = sig_set;
  185. sig_act.sa_handler = &sighandler;
  186. sigaction(SIGTERM, &sig_act, NULL);
  187. sigaction(SIGINT, &sig_act, NULL);
  188. sigaction(SIGQUIT, &sig_act, NULL);
  189. /* Ignore SIGPIPE */
  190. sigemptyset(&sigpipe_set);
  191. sigaddset(&sigpipe_set, SIGPIPE);
  192. sigpipe_act.sa_flags = 0;
  193. sigpipe_act.sa_mask = sigpipe_set;
  194. sigpipe_act.sa_handler = SIG_IGN;
  195. sigaction(SIGPIPE, &sigpipe_act, NULL);
  196. /* Initialize the set of active sockets. */
  197. FD_ZERO(&active_fd_set);
  198. FD_SET(sock, &active_fd_set);
  199. /* Main loop */
  200. while (!sigterm) {
  201. int num;
  202. /* Block until input arrives on one or more active sockets. */
  203. read_fd_set = active_fd_set;
  204. num = select(FD_SETSIZE, &read_fd_set, NULL, NULL, NULL);
  205. if (num < 0) {
  206. if (EINTR == errno)
  207. continue;
  208. break;
  209. }
  210. if (0 == num)
  211. continue;
  212. /* Service all the sockets with input pending. */
  213. for (i = 0; i < FD_SETSIZE; ++i) {
  214. if (!FD_ISSET(i, &read_fd_set))
  215. continue;
  216. if (i == sock) {
  217. /* Connection request on listen socket. */
  218. int new;
  219. socklen_t size = sizeof(raddr);
  220. new = accept(sock,
  221. (struct sockaddr *)&raddr, &size);
  222. if (new < 0) {
  223. fprintf(stderr, "accept");
  224. continue;
  225. }
  226. #ifdef DEBUG
  227. fprintf(stderr, "Connection established %u\n", new);
  228. #endif
  229. konf_buftree_remove(&bufs, new);
  230. tbuf = konf_buf_new(new);
  231. /* insert it into the binary tree for this conf */
  232. lub_bintree_insert(&bufs, tbuf);
  233. FD_SET(new, &active_fd_set);
  234. } else {
  235. int nbytes;
  236. /* Data arriving on an already-connected socket. */
  237. if ((nbytes = konf_buftree_read(&bufs, i)) <= 0) {
  238. close(i);
  239. FD_CLR(i, &active_fd_set);
  240. konf_buftree_remove(&bufs, i);
  241. continue;
  242. }
  243. while ((str = konf_buftree_parse(&bufs, i))) {
  244. char *answer;
  245. if (!(answer = process_query(i, conf, str)))
  246. answer = strdup("-e");
  247. free(str);
  248. answer_send(i, answer);
  249. free(answer);
  250. }
  251. }
  252. }
  253. }
  254. /* Free resources */
  255. konf_tree_delete(conf);
  256. /* delete each buf */
  257. while ((tbuf = lub_bintree_findfirst(&bufs))) {
  258. /* remove the buf from the tree */
  259. lub_bintree_remove(&bufs, tbuf);
  260. /* release the instance */
  261. konf_buf_delete(tbuf);
  262. }
  263. retval = 0;
  264. err:
  265. /* Close listen socket */
  266. if (sock >= 0) {
  267. close(sock);
  268. unlink(opts->socket_path);
  269. }
  270. /* Remove pidfile */
  271. if (pidfd >= 0) {
  272. if (unlink(opts->pidfile) < 0) {
  273. syslog(LOG_ERR, "Can't remove pid-file %s: %s\n",
  274. opts->pidfile, strerror(errno));
  275. }
  276. }
  277. /* Free command line options */
  278. opts_free(opts);
  279. return retval;
  280. }
  281. /*--------------------------------------------------------- */
  282. static char * process_query(int sock, konf_tree_t * conf, char *str)
  283. {
  284. unsigned i;
  285. int res;
  286. konf_tree_t *iconf;
  287. konf_tree_t *tmpconf;
  288. konf_query_t *query;
  289. char *retval = NULL;
  290. konf_query_op_t ret = KONF_QUERY_OP_ERROR;
  291. #ifdef DEBUG
  292. fprintf(stderr, "----------------------\n");
  293. fprintf(stderr, "REQUEST: %s\n", str);
  294. #endif
  295. /* Parse query */
  296. query = konf_query_new();
  297. res = konf_query_parse_str(query, str);
  298. if (res < 0) {
  299. konf_query_free(query);
  300. return NULL;
  301. }
  302. #ifdef DEBUG
  303. konf_query_dump(query);
  304. #endif
  305. /* Go through the pwd */
  306. iconf = conf;
  307. for (i = 0; i < konf_query__get_pwdc(query); i++) {
  308. if (!(iconf = konf_tree_find_conf(iconf,
  309. konf_query__get_pwd(query, i), 0, 0))) {
  310. iconf = NULL;
  311. break;
  312. }
  313. }
  314. if (!iconf) {
  315. fprintf(stderr, "Unknown path\n");
  316. konf_query_free(query);
  317. return NULL;
  318. }
  319. switch (konf_query__get_op(query)) {
  320. case KONF_QUERY_OP_SET:
  321. if (konf_query__get_unique(query)) {
  322. int exist = 0;
  323. exist = konf_tree_del_pattern(iconf,
  324. konf_query__get_line(query),
  325. konf_query__get_unique(query),
  326. konf_query__get_pattern(query),
  327. konf_query__get_priority(query),
  328. konf_query__get_seq(query),
  329. konf_query__get_seq_num(query));
  330. if (exist < 0)
  331. break;
  332. if (exist > 0) {
  333. ret = KONF_QUERY_OP_OK;
  334. break;
  335. }
  336. }
  337. tmpconf = konf_tree_new_conf(iconf,
  338. konf_query__get_line(query), konf_query__get_priority(query),
  339. konf_query__get_seq(query), konf_query__get_seq_num(query));
  340. if (!tmpconf)
  341. break;
  342. konf_tree__set_splitter(tmpconf, konf_query__get_splitter(query));
  343. konf_tree__set_depth(tmpconf, konf_query__get_pwdc(query));
  344. ret = KONF_QUERY_OP_OK;
  345. break;
  346. case KONF_QUERY_OP_UNSET:
  347. if (konf_tree_del_pattern(iconf,
  348. NULL,
  349. BOOL_TRUE,
  350. konf_query__get_pattern(query),
  351. konf_query__get_priority(query),
  352. konf_query__get_seq(query),
  353. konf_query__get_seq_num(query)) < 0)
  354. break;
  355. ret = KONF_QUERY_OP_OK;
  356. break;
  357. case KONF_QUERY_OP_DUMP:
  358. if (dump_running_config(sock, iconf, query))
  359. break;
  360. ret = KONF_QUERY_OP_OK;
  361. break;
  362. default:
  363. break;
  364. }
  365. #ifdef DEBUG
  366. /* Print whole tree */
  367. konf_tree_fprintf(conf, stderr, NULL, -1, -1, BOOL_TRUE, 0);
  368. #endif
  369. /* Free resources */
  370. konf_query_free(query);
  371. switch (ret) {
  372. case KONF_QUERY_OP_OK:
  373. lub_string_cat(&retval, "-o");
  374. break;
  375. case KONF_QUERY_OP_ERROR:
  376. lub_string_cat(&retval, "-e");
  377. break;
  378. default:
  379. lub_string_cat(&retval, "-e");
  380. break;
  381. };
  382. #ifdef DEBUG
  383. fprintf(stderr, "ANSWER: %s\n", retval);
  384. #endif
  385. return retval;
  386. }
  387. /*--------------------------------------------------------- */
  388. /*
  389. * Signal handler for temination signals (like SIGTERM, SIGINT, ...)
  390. */
  391. static void sighandler(int signo)
  392. {
  393. sigterm = 1;
  394. }
  395. /*--------------------------------------------------------- */
  396. int answer_send(int sock, char *command)
  397. {
  398. return send(sock, command, strlen(command) + 1, MSG_NOSIGNAL);
  399. }
  400. /*--------------------------------------------------------- */
  401. static int dump_running_config(int sock, konf_tree_t *conf, konf_query_t *query)
  402. {
  403. FILE *fd;
  404. char *filename;
  405. int dupsock = -1;
  406. if ((filename = konf_query__get_path(query))) {
  407. if (!(fd = fopen(filename, "w")))
  408. return -1;
  409. } else {
  410. if ((dupsock = dup(sock)) < 0)
  411. return -1;
  412. fd = fdopen(dupsock, "w");
  413. }
  414. if (!filename) {
  415. fprintf(fd, "-t\n");
  416. #ifdef DEBUG
  417. fprintf(stderr, "ANSWER: -t\n");
  418. #endif
  419. }
  420. konf_tree_fprintf(conf,
  421. fd,
  422. konf_query__get_pattern(query),
  423. konf_query__get_pwdc(query) - 1,
  424. konf_query__get_depth(query),
  425. konf_query__get_seq(query),
  426. 0);
  427. if (!filename) {
  428. fprintf(fd, "\n");
  429. #ifdef DEBUG
  430. fprintf(stderr, "SEND DATA: \n");
  431. #endif
  432. }
  433. fclose(fd);
  434. return 0;
  435. }
  436. /*--------------------------------------------------------- */
  437. /* Implement own simple daemon() to don't use Non-POSIX */
  438. int daemonize(int nochdir, int noclose)
  439. {
  440. int fd;
  441. int pid;
  442. pid = fork();
  443. if (-1 == pid)
  444. return -1;
  445. if (pid > 0)
  446. _exit(0); /* Exit parent */
  447. if (setsid() == -1)
  448. return -1;
  449. if (!nochdir)
  450. chdir("/");
  451. if (!noclose) {
  452. fd = open("/dev/null", O_RDWR, 0);
  453. if (fd < 0)
  454. return -1;
  455. dup2(fd, STDIN_FILENO);
  456. dup2(fd, STDOUT_FILENO);
  457. dup2(fd, STDERR_FILENO);
  458. if (fd > 2)
  459. close(fd);
  460. }
  461. return 0;
  462. }
  463. /*--------------------------------------------------------- */
  464. /* Initialize option structure by defaults */
  465. struct options *opts_init(void)
  466. {
  467. struct options *opts = NULL;
  468. opts = malloc(sizeof(*opts));
  469. assert(opts);
  470. opts->debug = 0; /* daemonize by default */
  471. opts->socket_path = strdup(KONFD_SOCKET_PATH);
  472. opts->pidfile = strdup(KONFD_PIDFILE);
  473. opts->chroot = NULL;
  474. opts->uid = getuid();
  475. opts->gid = getgid();
  476. return opts;
  477. }
  478. /*--------------------------------------------------------- */
  479. /* Free option structure */
  480. void opts_free(struct options *opts)
  481. {
  482. if (opts->socket_path)
  483. free(opts->socket_path);
  484. if (opts->pidfile)
  485. free(opts->pidfile);
  486. if (opts->chroot)
  487. free(opts->chroot);
  488. free(opts);
  489. }
  490. /*--------------------------------------------------------- */
  491. /* Parse command line options */
  492. static int opts_parse(int argc, char *argv[], struct options *opts)
  493. {
  494. static const char *shortopts = "hvs:p:u:g:dr:";
  495. #ifdef HAVE_GETOPT_H
  496. static const struct option longopts[] = {
  497. {"help", 0, NULL, 'h'},
  498. {"version", 0, NULL, 'v'},
  499. {"socket", 1, NULL, 's'},
  500. {"pid", 1, NULL, 'p'},
  501. {"user", 1, NULL, 'u'},
  502. {"group", 1, NULL, 'g'},
  503. {"debug", 0, NULL, 'd'},
  504. {"chroot", 1, NULL, 'r'},
  505. {NULL, 0, NULL, 0}
  506. };
  507. #endif
  508. optind = 1;
  509. while(1) {
  510. int opt;
  511. #ifdef HAVE_GETOPT_H
  512. opt = getopt_long(argc, argv, shortopts, longopts, NULL);
  513. #else
  514. opt = getopt(argc, argv, shortopts);
  515. #endif
  516. if (-1 == opt)
  517. break;
  518. switch (opt) {
  519. case 's':
  520. if (opts->socket_path)
  521. free(opts->socket_path);
  522. opts->socket_path = strdup(optarg);
  523. break;
  524. case 'p':
  525. if (opts->pidfile)
  526. free(opts->pidfile);
  527. opts->pidfile = strdup(optarg);
  528. break;
  529. case 'r':
  530. #ifdef HAVE_CHROOT
  531. if (opts->chroot)
  532. free(opts->chroot);
  533. opts->chroot = strdup(optarg);
  534. #else
  535. syslog(LOG_ERR, "The --chroot option is not supported\n");
  536. return -1;
  537. #endif
  538. break;
  539. case 'd':
  540. opts->debug = 1;
  541. break;
  542. case 'u': {
  543. #ifdef HAVE_PWD_H
  544. struct passwd *pwd = getpwnam(optarg);
  545. if (!pwd) {
  546. syslog(LOG_ERR, "Can't identify user \"%s\"\n",
  547. optarg);
  548. return -1;
  549. }
  550. opts->uid = pwd->pw_uid;
  551. #else
  552. syslog(LOG_ERR, "The --user option is not supported\n");
  553. return -1;
  554. #endif
  555. break;
  556. }
  557. case 'g': {
  558. #ifdef HAVE_GRP_H
  559. struct group *grp = getgrnam(optarg);
  560. if (!grp) {
  561. syslog(LOG_ERR, "Can't identify group \"%s\"\n",
  562. optarg);
  563. return -1;
  564. }
  565. opts->gid = grp->gr_gid;
  566. #else
  567. syslog(LOG_ERR, "The --group option is not supported\n");
  568. return -1;
  569. #endif
  570. break;
  571. }
  572. case 'h':
  573. help(0, argv[0]);
  574. exit(0);
  575. break;
  576. case 'v':
  577. version(VERSION);
  578. exit(0);
  579. break;
  580. default:
  581. help(-1, argv[0]);
  582. exit(-1);
  583. break;
  584. }
  585. }
  586. return 0;
  587. }
  588. /*--------------------------------------------------------- */
  589. /* Print help message */
  590. static void help(int status, const char *argv0)
  591. {
  592. const char *name = NULL;
  593. if (!argv0)
  594. return;
  595. /* Find the basename */
  596. name = strrchr(argv0, '/');
  597. if (name)
  598. name++;
  599. else
  600. name = argv0;
  601. if (status != 0) {
  602. fprintf(stderr, "Try `%s -h' for more information.\n",
  603. name);
  604. } else {
  605. printf("Usage: %s [options]\n", name);
  606. printf("Daemon to store user configuration (i.e. commands). "
  607. "The part of the klish project.\n");
  608. printf("Options:\n");
  609. printf("\t-v, --version\tPrint version.\n");
  610. printf("\t-h, --help\tPrint this help.\n");
  611. printf("\t-d, --debug\tDebug mode. Don't daemonize.\n");
  612. printf("\t-s <path>, --socket=<path>\tSpecify the UNIX socket "
  613. "filesystem path to listen on.\n");
  614. printf("\t-p <path>, --pid=<path>\tFile to save daemon's PID to.\n");
  615. printf("\t-r <path>, --chroot=<path>\tDirectory to chroot.\n");
  616. printf("\t-u <user>, --user=<user>\tExecute process as"
  617. " specified user.\n");
  618. printf("\t-g <group>, --group=<group>\tExecute process as"
  619. " specified group.\n");
  620. }
  621. }