From e3aeb3b63b9996bd06c20861e1dac1c9421d9312 Mon Sep 17 00:00:00 2001 From: Laurent Bercot Date: Wed, 7 Jan 2015 01:12:01 +0000 Subject: Experimental decoupling of socketbinders and daemons in ucspi servers. Rewrite of s6-ipcserver as a small wrapper. s6-tcpserver4 and s6-tcpserver6 will follow. --- src/conn-tools/deps-exe/s6-ipcserver | 1 - src/conn-tools/deps-exe/s6-ipcserver-socketbinder | 2 + src/conn-tools/deps-exe/s6-ipcserverd | 2 + src/conn-tools/deps-exe/s6-tcpserver4-socketbinder | 2 + src/conn-tools/deps-exe/s6-tcpserver4d | 2 + src/conn-tools/deps-exe/s6-tcpserver6-socketbinder | 2 + src/conn-tools/deps-exe/s6-tcpserver6d | 2 + src/conn-tools/s6-ipcserver-socketbinder.c | 49 +++ src/conn-tools/s6-ipcserver.c | 472 ++++----------------- src/conn-tools/s6-ipcserverd.c | 401 +++++++++++++++++ src/conn-tools/s6-tcpserver4-socketbinder.c | 49 +++ src/conn-tools/s6-tcpserver4d.c | 375 ++++++++++++++++ src/conn-tools/s6-tcpserver6-socketbinder.c | 49 +++ src/conn-tools/s6-tcpserver6d.c | 373 ++++++++++++++++ 14 files changed, 1386 insertions(+), 395 deletions(-) create mode 100644 src/conn-tools/deps-exe/s6-ipcserver-socketbinder create mode 100644 src/conn-tools/deps-exe/s6-ipcserverd create mode 100644 src/conn-tools/deps-exe/s6-tcpserver4-socketbinder create mode 100644 src/conn-tools/deps-exe/s6-tcpserver4d create mode 100644 src/conn-tools/deps-exe/s6-tcpserver6-socketbinder create mode 100644 src/conn-tools/deps-exe/s6-tcpserver6d create mode 100644 src/conn-tools/s6-ipcserver-socketbinder.c create mode 100644 src/conn-tools/s6-ipcserverd.c create mode 100644 src/conn-tools/s6-tcpserver4-socketbinder.c create mode 100644 src/conn-tools/s6-tcpserver4d.c create mode 100644 src/conn-tools/s6-tcpserver6-socketbinder.c create mode 100644 src/conn-tools/s6-tcpserver6d.c (limited to 'src') diff --git a/src/conn-tools/deps-exe/s6-ipcserver b/src/conn-tools/deps-exe/s6-ipcserver index 19869b2..e7187fe 100644 --- a/src/conn-tools/deps-exe/s6-ipcserver +++ b/src/conn-tools/deps-exe/s6-ipcserver @@ -1,2 +1 @@ -lskarnet -${SOCKET_LIB} diff --git a/src/conn-tools/deps-exe/s6-ipcserver-socketbinder b/src/conn-tools/deps-exe/s6-ipcserver-socketbinder new file mode 100644 index 0000000..19869b2 --- /dev/null +++ b/src/conn-tools/deps-exe/s6-ipcserver-socketbinder @@ -0,0 +1,2 @@ +-lskarnet +${SOCKET_LIB} diff --git a/src/conn-tools/deps-exe/s6-ipcserverd b/src/conn-tools/deps-exe/s6-ipcserverd new file mode 100644 index 0000000..19869b2 --- /dev/null +++ b/src/conn-tools/deps-exe/s6-ipcserverd @@ -0,0 +1,2 @@ +-lskarnet +${SOCKET_LIB} diff --git a/src/conn-tools/deps-exe/s6-tcpserver4-socketbinder b/src/conn-tools/deps-exe/s6-tcpserver4-socketbinder new file mode 100644 index 0000000..19869b2 --- /dev/null +++ b/src/conn-tools/deps-exe/s6-tcpserver4-socketbinder @@ -0,0 +1,2 @@ +-lskarnet +${SOCKET_LIB} diff --git a/src/conn-tools/deps-exe/s6-tcpserver4d b/src/conn-tools/deps-exe/s6-tcpserver4d new file mode 100644 index 0000000..19869b2 --- /dev/null +++ b/src/conn-tools/deps-exe/s6-tcpserver4d @@ -0,0 +1,2 @@ +-lskarnet +${SOCKET_LIB} diff --git a/src/conn-tools/deps-exe/s6-tcpserver6-socketbinder b/src/conn-tools/deps-exe/s6-tcpserver6-socketbinder new file mode 100644 index 0000000..19869b2 --- /dev/null +++ b/src/conn-tools/deps-exe/s6-tcpserver6-socketbinder @@ -0,0 +1,2 @@ +-lskarnet +${SOCKET_LIB} diff --git a/src/conn-tools/deps-exe/s6-tcpserver6d b/src/conn-tools/deps-exe/s6-tcpserver6d new file mode 100644 index 0000000..19869b2 --- /dev/null +++ b/src/conn-tools/deps-exe/s6-tcpserver6d @@ -0,0 +1,2 @@ +-lskarnet +${SOCKET_LIB} diff --git a/src/conn-tools/s6-ipcserver-socketbinder.c b/src/conn-tools/s6-ipcserver-socketbinder.c new file mode 100644 index 0000000..b5a32f3 --- /dev/null +++ b/src/conn-tools/s6-ipcserver-socketbinder.c @@ -0,0 +1,49 @@ +/* ISC license. */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#define USAGE "s6-ipcserver-socketbinder [ -d | -D ] [ -b backlog ] path prog..." +#define dieusage() strerr_dieusage(100, USAGE) + +int main (int argc, char const *const *argv, char const *const *envp) +{ + unsigned int backlog = 20 ; + int flagreuse = 1 ; + PROG = "s6-ipcserver-socketbinder" ; + { + subgetopt_t l = SUBGETOPT_ZERO ; + for (;;) + { + register int opt = subgetopt_r(argc, argv, "Ddb:", &l) ; + if (opt == -1) break ; + switch (opt) + { + case 'D' : flagreuse = 0 ; break ; + case 'd' : flagreuse = 1 ; break ; + case 'b' : if (!uint0_scan(l.arg, &backlog)) dieusage() ; break ; + default : dieusage() ; + } + } + argc -= l.ind ; argv += l.ind ; + } + if (argc < 2) dieusage() ; + close(0) ; + if (ipc_stream()) strerr_diefu1sys(111, "create socket") ; + { + mode_t m = umask(0) ; + if ((flagreuse ? ipc_bind_reuse(0, argv[0]) : ipc_bind(0, argv[0])) < 0) + strerr_diefu2sys(111, "bind to ", argv[0]) ; + umask(m) ; + } + if (ipc_listen(0, backlog) < 0) strerr_diefu2sys(111, "listen to ", argv[0]) ; + + pathexec_run(argv[1], argv + 1, envp) ; + strerr_dieexec(111, argv[1]) ; +} diff --git a/src/conn-tools/s6-ipcserver.c b/src/conn-tools/s6-ipcserver.c index 1210139..890fc3d 100644 --- a/src/conn-tools/s6-ipcserver.c +++ b/src/conn-tools/s6-ipcserver.c @@ -1,316 +1,34 @@ /* ISC license. */ -#include #include -#include -#include -#include -#include -#include -#include #include -#include #include #include -#include -#include -#include -#include #include #include -#include -#include #include -#include -#include -#include -#include +#include +#include #define USAGE "s6-ipcserver [ -q | -Q | -v ] [ -d | -D ] [ -P | -p ] [ -1 ] [ -c maxconn ] [ -C localmaxconn ] [ -b backlog ] [ -G gid,gid,... ] [ -g gid ] [ -u uid ] [ -U ] path prog..." - -#define ABSOLUTE_MAXCONN 1000 - -static unsigned int maxconn = 40 ; -static unsigned int localmaxconn = 40 ; -static char fmtmaxconn[UINT_FMT+1] = "/" ; -static char fmtlocalmaxconn[UINT_FMT+1] = "/" ; -static int flaglookup = 1 ; -static unsigned int verbosity = 1 ; -static int cont = 1 ; - -static diuint *piduid ; -static unsigned int numconn = 0 ; -static diuint *uidnum ; -static unsigned int uidlen = 0 ; - - - /* Utility functions */ - -static inline void dieusage () -{ - strerr_dieusage(100, USAGE) ; -} - -static inline void X (void) -{ - strerr_dief1x(101, "internal inconsistency. Please submit a bug-report.") ; -} - - - /* Lookup primitives */ - -static unsigned int lookup_diuint (diuint const *tab, unsigned int tablen, unsigned int key) -{ - register unsigned int i = 0 ; - for (; i < tablen ; i++) if (key == tab[i].left) break ; - return i ; -} - -static inline unsigned int lookup_pid (unsigned int pid) -{ - return lookup_diuint(piduid, numconn, pid) ; -} - -static inline unsigned int lookup_uid (unsigned int uid) -{ - return lookup_diuint(uidnum, uidlen, uid) ; -} - - - /* Logging */ - -static inline void log_start (char const *path) -{ - strerr_warni2x("starting - listening on ", path) ; -} - -static inline void log_exit (void) -{ - strerr_warni1x("exiting") ; -} - -static void log_status (void) -{ - char fmt[UINT_FMT] ; - fmt[uint_fmt(fmt, numconn)] = 0 ; - strerr_warni3x("status: ", fmt, fmtmaxconn) ; -} - -static void log_deny (unsigned int uid, unsigned int gid, unsigned int num) -{ - char fmtuid[UINT_FMT] = "?" ; - char fmtgid[UINT_FMT] = "?" ; - char fmtnum[UINT_FMT] = "?" ; - if (flaglookup) - { - fmtuid[uint_fmt(fmtuid, uid)] = 0 ; - fmtgid[uint_fmt(fmtgid, gid)] = 0 ; - fmtnum[uint_fmt(fmtnum, num)] = 0 ; - } - strerr_warni7sys("deny ", fmtuid, ":", fmtgid, " count ", fmtnum, fmtlocalmaxconn) ; -} - -static void log_accept (unsigned int pid, unsigned int uid, unsigned int gid, unsigned int num) -{ - char fmtuidgid[UINT_FMT * 2 + 1] = "?:?" ; - char fmtpid[UINT_FMT] ; - char fmtnum[UINT_FMT] = "?" ; - if (flaglookup) - { - register unsigned int n = uint_fmt(fmtuidgid, uid) ; - fmtuidgid[n++] = ':' ; - n += uint_fmt(fmtuidgid + n, gid) ; - fmtuidgid[n] = 0 ; - fmtnum[uint_fmt(fmtnum, num)] = 0 ; - } - fmtpid[uint_fmt(fmtpid, pid)] = 0 ; - strerr_warni7x("allow ", fmtuidgid, " pid ", fmtpid, " count ", fmtnum, fmtlocalmaxconn) ; -} - -static void log_close (unsigned int pid, unsigned int uid, int w) -{ - char fmtpid[UINT_FMT] ; - char fmtuid[UINT_FMT] = "?" ; - char fmtw[UINT_FMT] ; - fmtpid[uint_fmt(fmtpid, pid)] = 0 ; - if (flaglookup) fmtuid[uint_fmt(fmtuid, uid)] = 0 ; - fmtw[uint_fmt(fmtw, WIFSIGNALED(w) ? WTERMSIG(w) : WEXITSTATUS(w))] = 0 ; - strerr_warni6x("end pid ", fmtpid, " uid ", fmtuid, WIFSIGNALED(w) ? " signal " : " exitcode ", fmtw) ; -} - - - /* Signal handling */ - -static void killthem (int sig) -{ - register unsigned int i = 0 ; - for (; i < numconn ; i++) kill(piduid[i].left, sig) ; -} - -static void wait_children (void) -{ - for (;;) - { - unsigned int i ; - int w ; - register int pid = wait_nohang(&w) ; - if (pid < 0) - if (errno != ECHILD) strerr_diefu1sys(111, "wait_nohang") ; - else break ; - else if (!pid) break ; - i = lookup_pid(pid) ; - if (i < numconn) - { - unsigned int uid = piduid[i].right ; - register unsigned int j = lookup_uid(uid) ; - if (j >= uidlen) X() ; - if (!--uidnum[j].right) uidnum[j] = uidnum[--uidlen] ; - piduid[i] = piduid[--numconn] ; - if (verbosity >= 2) - { - log_close(pid, uid, w) ; - log_status() ; - } - } - } -} - -static void handle_signals (void) -{ - for (;;) switch (selfpipe_read()) - { - case -1 : strerr_diefu1sys(111, "read selfpipe") ; - case 0 : return ; - case SIGCHLD : wait_children() ; break ; - case SIGTERM : - { - if (verbosity >= 2) - strerr_warni3x("received ", "SIGTERM,", " quitting") ; - cont = 0 ; - break ; - } - case SIGHUP : - { - if (verbosity >= 2) - strerr_warni5x("received ", "SIGHUP,", " sending ", "SIGTERM+SIGCONT", " to all connections") ; - killthem(SIGTERM) ; - killthem(SIGCONT) ; - break ; - } - case SIGQUIT : - { - if (verbosity >= 2) - strerr_warni6x("received ", "SIGQUIT,", " sending ", "SIGTERM+SIGCONT", " to all connections", " and quitting") ; - cont = 0 ; - killthem(SIGTERM) ; - killthem(SIGCONT) ; - break ; - } - case SIGABRT : - { - if (verbosity >= 2) - strerr_warni6x("received ", "SIGABRT,", " sending ", "SIGKILL", " to all connections", " and quitting") ; - cont = 0 ; - killthem(SIGKILL) ; - break ; - } - default : X() ; - } -} - - - /* New connection handling */ - -static void run_child (int, unsigned int, unsigned int, unsigned int, char const *, char const *const *, char const *const *) gccattr_noreturn ; -static void run_child (int s, unsigned int uid, unsigned int gid, unsigned int num, char const *remotepath, char const *const *argv, char const *const *envp) -{ - unsigned int rplen = str_len(remotepath) + 1 ; - unsigned int n = 0 ; - char fmt[65 + UINT_FMT * 3 + rplen] ; - PROG = "s6-ipcserver (child)" ; - if ((fd_move(0, s) < 0) || (fd_copy(1, 0) < 0)) - strerr_diefu1sys(111, "move fds") ; - byte_copy(fmt+n, 23, "PROTO=IPC\0IPCREMOTEEUID") ; n += 23 ; - if (flaglookup) - { - fmt[n++] = '=' ; - n += uint_fmt(fmt+n, uid) ; - } - fmt[n++] = 0 ; - byte_copy(fmt+n, 13, "IPCREMOTEEGID") ; n += 13 ; - if (flaglookup) - { - fmt[n++] = '=' ; - n += uint_fmt(fmt+n, gid) ; - } - fmt[n++] = 0 ; - byte_copy(fmt+n, 11, "IPCCONNNUM=") ; n += 11 ; - if (flaglookup) n += uint_fmt(fmt+n, num) ; - fmt[n++] = 0 ; - byte_copy(fmt+n, 14, "IPCREMOTEPATH=") ; n += 14 ; - byte_copy(fmt+n, rplen, remotepath) ; n += rplen ; - pathexec_r(argv, envp, env_len(envp), fmt, n) ; - strerr_dieexec(111, argv[0]) ; -} - -static void new_connection (int s, char const *remotepath, char const *const *argv, char const *const *envp) -{ - unsigned int uid = 0, gid = 0 ; - unsigned int num, i ; - register int pid ; - if (flaglookup && (ipc_eid(s, &uid, &gid) < 0)) - { - if (verbosity) strerr_warnwu1sys("ipc_eid") ; - return ; - } - i = lookup_uid(uid) ; - num = (i < uidlen) ? uidnum[i].right : 0 ; - if (num >= localmaxconn) - { - log_deny(uid, gid, num) ; - return ; - } - pid = fork() ; - if (pid < 0) - { - if (verbosity) strerr_warnwu1sys("fork") ; - return ; - } - else if (!pid) - { - selfpipe_finish() ; - run_child(s, uid, gid, num+1, remotepath, argv, envp) ; - } - - if (i < uidlen) uidnum[i].right = num + 1 ; - else - { - uidnum[uidlen].left = uid ; - uidnum[uidlen++].right = 1 ; - } - piduid[numconn].left = (unsigned int)pid ; - piduid[numconn++].right = uid ; - if (verbosity >= 2) - { - log_accept((unsigned int)pid, uid, gid, uidnum[i].right) ; - log_status() ; - } -} - - - /* And the main */ +#define dieusage() strerr_dieusage(100, USAGE) int main (int argc, char const *const *argv, char const *const *envp) { - iopause_fd x[2] = { { -1, IOPAUSE_READ, 0 }, { -1, IOPAUSE_READ | IOPAUSE_EXCEPT, 0 } } ; + unsigned int verbosity = 1 ; + int flag1 = 0 ; + int flagU = 0 ; + int flaglookup = 1 ; + int flagreuse = 1 ; + unsigned int uid = 0, gid = 0 ; + gid_t gids[NGROUPS_MAX] ; + unsigned int gidn = (unsigned int)-1 ; + unsigned int maxconn = 0 ; + unsigned int localmaxconn = 0 ; + unsigned int backlog = (unsigned int)-1 ; PROG = "s6-ipcserver" ; { subgetopt_t l = SUBGETOPT_ZERO ; - unsigned int uid = 0, gid = 0 ; - gid_t gids[NGROUPS_MAX] ; - unsigned int gidn = 0 ; - unsigned int backlog = 20 ; - int flagreuse = 1, flag1 = 0 ; for (;;) { register int opt = subgetopt_r(argc, argv, "qQvDd1UPpc:C:b:u:g:G:", &l) ; @@ -324,121 +42,87 @@ int main (int argc, char const *const *argv, char const *const *envp) case 'd' : flagreuse = 1 ; break ; case 'P' : flaglookup = 0 ; break ; case 'p' : flaglookup = 1 ; break ; - case 'c' : if (!uint0_scan(l.arg, &maxconn)) dieusage() ; break ; - case 'C' : if (!uint0_scan(l.arg, &localmaxconn)) dieusage() ; break ; + case 'c' : if (!uint0_scan(l.arg, &maxconn)) dieusage() ; if (!maxconn) maxconn = 1 ; break ; + case 'C' : if (!uint0_scan(l.arg, &localmaxconn)) dieusage() ; if (!localmaxconn) localmaxconn = 1 ; break ; case 'b' : if (!uint0_scan(l.arg, &backlog)) dieusage() ; break ; case 'u' : if (!uint0_scan(l.arg, &uid)) dieusage() ; break ; case 'g' : if (!uint0_scan(l.arg, &gid)) dieusage() ; break ; - case 'G' : if (!gid_scanlist(gids, NGROUPS_MAX, l.arg, &gidn)) dieusage() ; break ; + case 'G' : if (!gid_scanlist(gids, NGROUPS_MAX, l.arg, &gidn) && *l.arg) dieusage() ; break ; case '1' : flag1 = 1 ; break ; - case 'U' : - { - char const *x = env_get2(envp, "UID") ; - if (!x) strerr_dienotset(100, "UID") ; - if (!uint0_scan(x, &uid)) strerr_dieinvalid(100, "UID") ; - x = env_get2(envp, "GID") ; - if (!x) strerr_dienotset(100, "GID") ; - if (!uint0_scan(x, &gid)) strerr_dieinvalid(100, "GID") ; - x = env_get2(envp, "GIDLIST") ; - if (!x) strerr_dienotset(100, "GIDLIST") ; - if (!gid_scanlist(gids, NGROUPS_MAX, x, &gidn) && *x) - strerr_dieinvalid(100, "GIDLIST") ; - break ; - } + case 'U' : flagU = 1 ; uid = 0 ; gid = 0 ; gidn = (unsigned int)-1 ; break ; default : dieusage() ; } } argc -= l.ind ; argv += l.ind ; if (argc < 2) dieusage() ; - if (!*argv[0]) dieusage() ; - close(0) ; - if (flag1) - { - if (fcntl(1, F_GETFD) < 0) - strerr_dief1sys(100, "called with option -1 but stdout said") ; - } - else close(1) ; - if (!maxconn) maxconn = 1 ; - if (maxconn > ABSOLUTE_MAXCONN) maxconn = ABSOLUTE_MAXCONN ; - if (!flaglookup || (localmaxconn > maxconn)) localmaxconn = maxconn ; - x[1].fd = ipc_stream() ; - if ((x[1].fd < 0) || (coe(x[1].fd) < 0)) - strerr_diefu1sys(111, "create socket") ; - { - mode_t m = umask(0) ; - if ((flagreuse ? ipc_bind_reuse(x[1].fd, argv[0]) : ipc_bind(x[1].fd, argv[0])) < 0) - strerr_diefu2sys(111, "bind to ", argv[0]) ; - umask(m) ; - } - if (ipc_listen(x[1].fd, backlog) < 0) strerr_diefu1sys(111, "listen") ; - if (gidn && (setgroups(gidn, gids) < 0)) strerr_diefu1sys(111, "setgroups") ; - if (gid && (setgid(gid) < 0)) strerr_diefu1sys(111, "drop gid") ; - if (uid && (setuid(uid) < 0)) strerr_diefu1sys(111, "drop uid") ; + } - x[0].fd = selfpipe_init() ; - if (x[0].fd == -1) strerr_diefu1sys(111, "create selfpipe") ; - if (sig_ignore(SIGPIPE) < 0) strerr_diefu1sys(111, "ignore SIGPIPE") ; + { + unsigned int m = 0 ; + unsigned int pos = 0 ; + char fmt[UINT_FMT * 5 + GID_FMT * NGROUPS_MAX] ; + char const *newargv[24 + argc] ; + newargv[m++] = S6_NETWORKING_BINPREFIX "s6-ipcserver-socketbinder" ; + if (!flagreuse) newargv[m++] = "-D" ; + if (backlog != (unsigned int)-1) { - sigset_t set ; - sigemptyset(&set) ; - sigaddset(&set, SIGCHLD) ; - sigaddset(&set, SIGTERM) ; - sigaddset(&set, SIGHUP) ; - sigaddset(&set, SIGQUIT) ; - sigaddset(&set, SIGABRT) ; - if (selfpipe_trapset(&set) < 0) strerr_diefu1sys(111, "trap signals") ; + newargv[m++] = "-b" ; + newargv[m++] = fmt + pos ; + pos += uint_fmt(fmt + pos, backlog) ; + fmt[pos++] = 0 ; } - - if (flag1) + newargv[m++] = "--" ; + newargv[m++] = *argv++ ; + if (flagU || uid || gid || gidn != (unsigned int)-1) { - unsigned int n = str_len(argv[0]) ; - char s[n+1] ; - byte_copy(s, n, argv[0]) ; - s[n++] = '\n' ; - allwrite(1, s, n) ; - fd_close(1) ; + newargv[m++] = S6_EXTBINPREFIX "s6-applyuidgid" ; + if (flagU) newargv[m++] = "-Uz" ; + if (uid) + { + newargv[m++] = "-u" ; + newargv[m++] = fmt + pos ; + pos += uint_fmt(fmt + pos, uid) ; + fmt[pos++] = 0 ; + } + if (gid) + { + newargv[m++] = "-g" ; + newargv[m++] = fmt + pos ; + pos += uint_fmt(fmt + pos, gid) ; + fmt[pos++] = 0 ; + } + if (gidn != (unsigned int)-1) + { + newargv[m++] = "-G" ; + newargv[m++] = fmt + pos ; + pos += gid_fmtlist(fmt + pos, gids, gidn) ; + fmt[pos++] = 0 ; + } + newargv[m++] = "--" ; } - fmtlocalmaxconn[1+uint_fmt(fmtlocalmaxconn+1, localmaxconn)] = 0 ; - if (verbosity >= 2) + newargv[m++] = S6_NETWORKING_BINPREFIX "s6-ipcserverd" ; + if (!verbosity) newargv[m++] = "-q" ; + else if (verbosity == 2) newargv[m++] = "-v" ; + if (flag1) newargv[m++] = "-1" ; + if (!flaglookup) newargv[m++] = "-P" ; + if (maxconn) { - fmtmaxconn[1+uint_fmt(fmtmaxconn+1, maxconn)] = 0 ; - log_start(argv[0]) ; - log_status() ; + newargv[m++] = "-c" ; + newargv[m++] = fmt + pos ; + pos += uint_fmt(fmt + pos, maxconn) ; + fmt[pos++] = 0 ; } - } - - { - diuint inyostack[maxconn + (flaglookup ? maxconn : 1)] ; - piduid = inyostack ; uidnum = inyostack + maxconn ; - - while (cont) + if (localmaxconn) { - if (iopause_g(x, 1 + (numconn < maxconn), 0) < 0) - strerr_diefu1sys(111, "iopause") ; - - if (x[0].revents & IOPAUSE_EXCEPT) strerr_dief1x(111, "trouble with selfpipe") ; - if (x[0].revents & IOPAUSE_READ) handle_signals() ; - if (numconn < maxconn) - { - if (x[1].revents & IOPAUSE_EXCEPT) strerr_dief1x(111, "trouble with socket") ; - if (x[1].revents & IOPAUSE_READ) - { - int dummy ; - char remotepath[IPCPATH_MAX+1] ; - register int s = ipc_accept(x[1].fd, remotepath, IPCPATH_MAX+1, &dummy) ; - if (s < 0) - { - if (verbosity) strerr_warnwu1sys("accept") ; - } - else - { - new_connection(s, remotepath, argv+1, envp) ; - fd_close(s) ; - } - } - } + newargv[m++] = "-C" ; + newargv[m++] = fmt + pos ; + pos += uint_fmt(fmt + pos, localmaxconn) ; + fmt[pos++] = 0 ; } + newargv[m++] = "--" ; + while (*argv) newargv[m++] = *argv++ ; + newargv[m++] = 0 ; + pathexec_run(newargv[0], newargv, envp) ; + strerr_dieexec(111, newargv[0]) ; } - if (verbosity >= 2) log_exit() ; - return 0 ; } diff --git a/src/conn-tools/s6-ipcserverd.c b/src/conn-tools/s6-ipcserverd.c new file mode 100644 index 0000000..419b123 --- /dev/null +++ b/src/conn-tools/s6-ipcserverd.c @@ -0,0 +1,401 @@ +/* ISC license. */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define USAGE "s6-ipcserverd [ -q | -Q | -v ] [ -1 ] [ -P | -p ] [ -c maxconn ] [ -C localmaxconn ] prog..." + +#define ABSOLUTE_MAXCONN 1000 + +static unsigned int maxconn = 40 ; +static unsigned int localmaxconn = 40 ; +static char fmtmaxconn[UINT_FMT+1] = "/" ; +static char fmtlocalmaxconn[UINT_FMT+1] = "/" ; +static int flaglookup = 1 ; +static unsigned int verbosity = 1 ; +static int cont = 1 ; + +static diuint *piduid ; +static unsigned int numconn = 0 ; +static diuint *uidnum ; +static unsigned int uidlen = 0 ; + + + /* Utility functions */ + +static inline void dieusage () +{ + strerr_dieusage(100, USAGE) ; +} + +static inline void X (void) +{ + strerr_dief1x(101, "internal inconsistency. Please submit a bug-report.") ; +} + + + /* Lookup primitives */ + +static unsigned int lookup_diuint (diuint const *tab, unsigned int tablen, unsigned int key) +{ + register unsigned int i = 0 ; + for (; i < tablen ; i++) if (key == tab[i].left) break ; + return i ; +} + +static inline unsigned int lookup_pid (unsigned int pid) +{ + return lookup_diuint(piduid, numconn, pid) ; +} + +static inline unsigned int lookup_uid (unsigned int uid) +{ + return lookup_diuint(uidnum, uidlen, uid) ; +} + + + /* Logging */ + +static inline void log_start (void) +{ + strerr_warni1x("starting") ; +} + +static inline void log_exit (void) +{ + strerr_warni1x("exiting") ; +} + +static void log_status (void) +{ + char fmt[UINT_FMT] ; + fmt[uint_fmt(fmt, numconn)] = 0 ; + strerr_warni3x("status: ", fmt, fmtmaxconn) ; +} + +static void log_deny (unsigned int uid, unsigned int gid, unsigned int num) +{ + char fmtuid[UINT_FMT] = "?" ; + char fmtgid[UINT_FMT] = "?" ; + char fmtnum[UINT_FMT] = "?" ; + if (flaglookup) + { + fmtuid[uint_fmt(fmtuid, uid)] = 0 ; + fmtgid[uint_fmt(fmtgid, gid)] = 0 ; + fmtnum[uint_fmt(fmtnum, num)] = 0 ; + } + strerr_warni7sys("deny ", fmtuid, ":", fmtgid, " count ", fmtnum, fmtlocalmaxconn) ; +} + +static void log_accept (unsigned int pid, unsigned int uid, unsigned int gid, unsigned int num) +{ + char fmtuidgid[UINT_FMT * 2 + 1] = "?:?" ; + char fmtpid[UINT_FMT] ; + char fmtnum[UINT_FMT] = "?" ; + if (flaglookup) + { + register unsigned int n = uint_fmt(fmtuidgid, uid) ; + fmtuidgid[n++] = ':' ; + n += uint_fmt(fmtuidgid + n, gid) ; + fmtuidgid[n] = 0 ; + fmtnum[uint_fmt(fmtnum, num)] = 0 ; + } + fmtpid[uint_fmt(fmtpid, pid)] = 0 ; + strerr_warni7x("allow ", fmtuidgid, " pid ", fmtpid, " count ", fmtnum, fmtlocalmaxconn) ; +} + +static void log_close (unsigned int pid, unsigned int uid, int w) +{ + char fmtpid[UINT_FMT] ; + char fmtuid[UINT_FMT] = "?" ; + char fmtw[UINT_FMT] ; + fmtpid[uint_fmt(fmtpid, pid)] = 0 ; + if (flaglookup) fmtuid[uint_fmt(fmtuid, uid)] = 0 ; + fmtw[uint_fmt(fmtw, WIFSIGNALED(w) ? WTERMSIG(w) : WEXITSTATUS(w))] = 0 ; + strerr_warni6x("end pid ", fmtpid, " uid ", fmtuid, WIFSIGNALED(w) ? " signal " : " exitcode ", fmtw) ; +} + + + /* Signal handling */ + +static void killthem (int sig) +{ + register unsigned int i = 0 ; + for (; i < numconn ; i++) kill(piduid[i].left, sig) ; +} + +static void wait_children (void) +{ + for (;;) + { + unsigned int i ; + int w ; + register pid_t pid = wait_nohang(&w) ; + if (pid < 0) + if (errno != ECHILD) strerr_diefu1sys(111, "wait_nohang") ; + else break ; + else if (!pid) break ; + i = lookup_pid(pid) ; + if (i < numconn) + { + unsigned int uid = piduid[i].right ; + register unsigned int j = lookup_uid(uid) ; + if (j >= uidlen) X() ; + if (!--uidnum[j].right) uidnum[j] = uidnum[--uidlen] ; + piduid[i] = piduid[--numconn] ; + if (verbosity >= 2) + { + log_close(pid, uid, w) ; + log_status() ; + } + } + } +} + +static void handle_signals (void) +{ + for (;;) switch (selfpipe_read()) + { + case -1 : strerr_diefu1sys(111, "read selfpipe") ; + case 0 : return ; + case SIGCHLD : wait_children() ; break ; + case SIGTERM : + { + if (verbosity >= 2) + strerr_warni3x("received ", "SIGTERM,", " quitting") ; + cont = 0 ; + break ; + } + case SIGHUP : + { + if (verbosity >= 2) + strerr_warni5x("received ", "SIGHUP,", " sending ", "SIGTERM+SIGCONT", " to all connections") ; + killthem(SIGTERM) ; + killthem(SIGCONT) ; + break ; + } + case SIGQUIT : + { + if (verbosity >= 2) + strerr_warni6x("received ", "SIGQUIT,", " sending ", "SIGTERM+SIGCONT", " to all connections", " and quitting") ; + cont = 0 ; + killthem(SIGTERM) ; + killthem(SIGCONT) ; + break ; + } + case SIGABRT : + { + if (verbosity >= 2) + strerr_warni6x("received ", "SIGABRT,", " sending ", "SIGKILL", " to all connections", " and quitting") ; + cont = 0 ; + killthem(SIGKILL) ; + break ; + } + default : X() ; + } +} + + + /* New connection handling */ + +static void run_child (int, unsigned int, unsigned int, unsigned int, char const *, char const *const *, char const *const *) gccattr_noreturn ; +static void run_child (int s, unsigned int uid, unsigned int gid, unsigned int num, char const *remotepath, char const *const *argv, char const *const *envp) +{ + unsigned int rplen = str_len(remotepath) + 1 ; + unsigned int n = 0 ; + char fmt[65 + UINT_FMT * 3 + rplen] ; + PROG = "s6-ipcserver (child)" ; + if ((fd_move(0, s) < 0) || (fd_copy(1, 0) < 0)) + strerr_diefu1sys(111, "move fds") ; + byte_copy(fmt+n, 23, "PROTO=IPC\0IPCREMOTEEUID") ; n += 23 ; + if (flaglookup) + { + fmt[n++] = '=' ; + n += uint_fmt(fmt+n, uid) ; + } + fmt[n++] = 0 ; + byte_copy(fmt+n, 13, "IPCREMOTEEGID") ; n += 13 ; + if (flaglookup) + { + fmt[n++] = '=' ; + n += uint_fmt(fmt+n, gid) ; + } + fmt[n++] = 0 ; + byte_copy(fmt+n, 11, "IPCCONNNUM=") ; n += 11 ; + if (flaglookup) n += uint_fmt(fmt+n, num) ; + fmt[n++] = 0 ; + byte_copy(fmt+n, 14, "IPCREMOTEPATH=") ; n += 14 ; + byte_copy(fmt+n, rplen, remotepath) ; n += rplen ; + pathexec_r(argv, envp, env_len(envp), fmt, n) ; + strerr_dieexec(111, argv[0]) ; +} + +static void new_connection (int s, char const *remotepath, char const *const *argv, char const *const *envp) +{ + unsigned int uid = 0, gid = 0 ; + unsigned int num, i ; + register pid_t pid ; + if (flaglookup && (ipc_eid(s, &uid, &gid) < 0)) + { + if (verbosity) strerr_warnwu1sys("ipc_eid") ; + return ; + } + i = lookup_uid(uid) ; + num = (i < uidlen) ? uidnum[i].right : 0 ; + if (num >= localmaxconn) + { + log_deny(uid, gid, num) ; + return ; + } + pid = fork() ; + if (pid < 0) + { + if (verbosity) strerr_warnwu1sys("fork") ; + return ; + } + else if (!pid) + { + selfpipe_finish() ; + run_child(s, uid, gid, num+1, remotepath, argv, envp) ; + } + + if (i < uidlen) uidnum[i].right = num + 1 ; + else + { + uidnum[uidlen].left = uid ; + uidnum[uidlen++].right = 1 ; + } + piduid[numconn].left = (unsigned int)pid ; + piduid[numconn++].right = uid ; + if (verbosity >= 2) + { + log_accept((unsigned int)pid, uid, gid, uidnum[i].right) ; + log_status() ; + } +} + + + /* And the main */ + +int main (int argc, char const *const *argv, char const *const *envp) +{ + iopause_fd x[2] = { { .events = IOPAUSE_READ }, { .fd = 0, .events = IOPAUSE_READ | IOPAUSE_EXCEPT } } ; + PROG = "s6-ipcserverd" ; + { + subgetopt_t l = SUBGETOPT_ZERO ; + int flag1 = 0 ; + for (;;) + { + register int opt = subgetopt_r(argc, argv, "qQv1Ppc:C:", &l) ; + if (opt == -1) break ; + switch (opt) + { + case 'q' : verbosity = 0 ; break ; + case 'Q' : verbosity = 1 ; break ; + case 'v' : verbosity = 2 ; break ; + case '1' : flag1 = 1 ; break ; + case 'P' : flaglookup = 0 ; break ; + case 'p' : flaglookup = 1 ; break ; + case 'c' : if (!uint0_scan(l.arg, &maxconn)) dieusage() ; break ; + case 'C' : if (!uint0_scan(l.arg, &localmaxconn)) dieusage() ; break ; + default : dieusage() ; + } + } + argc -= l.ind ; argv += l.ind ; + if (!argc || !*argv[0]) dieusage() ; + { + struct stat st ; + if (fstat(0, &st) < 0) strerr_diefu1sys(111, "fstat stdin") ; + if (!S_ISSOCK(st.st_mode)) strerr_dief1x(100, "stdin is not a socket") ; + } + if (coe(0) < 0) strerr_diefu1sys(111, "make socket close-on-exec") ; + if (flag1) + { + if (fcntl(1, F_GETFD) < 0) + strerr_dief1sys(100, "called with option -1 but stdout said") ; + } + else close(1) ; + if (!maxconn) maxconn = 1 ; + if (maxconn > ABSOLUTE_MAXCONN) maxconn = ABSOLUTE_MAXCONN ; + if (!flaglookup || (localmaxconn > maxconn)) localmaxconn = maxconn ; + + x[0].fd = selfpipe_init() ; + if (x[0].fd == -1) strerr_diefu1sys(111, "create selfpipe") ; + if (sig_ignore(SIGPIPE) < 0) strerr_diefu1sys(111, "ignore SIGPIPE") ; + { + sigset_t set ; + sigemptyset(&set) ; + sigaddset(&set, SIGCHLD) ; + sigaddset(&set, SIGTERM) ; + sigaddset(&set, SIGHUP) ; + sigaddset(&set, SIGQUIT) ; + sigaddset(&set, SIGABRT) ; + if (selfpipe_trapset(&set) < 0) strerr_diefu1sys(111, "trap signals") ; + } + + fmtlocalmaxconn[1+uint_fmt(fmtlocalmaxconn+1, localmaxconn)] = 0 ; + if (verbosity >= 2) + { + fmtmaxconn[1+uint_fmt(fmtmaxconn+1, maxconn)] = 0 ; + log_start() ; + log_status() ; + } + if (flag1) + { + fd_write(1, "\n", 1) ; + fd_close(1) ; + } + } + + { + diuint inyostack[maxconn + (flaglookup ? maxconn : 1)] ; + piduid = inyostack ; uidnum = inyostack + maxconn ; + + while (cont) + { + if (iopause_g(x, 1 + (numconn < maxconn), 0) < 0) + strerr_diefu1sys(111, "iopause") ; + + if (x[0].revents & IOPAUSE_EXCEPT) strerr_dief1x(111, "trouble with selfpipe") ; + if (x[0].revents & IOPAUSE_READ) handle_signals() ; + if (numconn < maxconn) + { + if (x[1].revents & IOPAUSE_EXCEPT) strerr_dief1x(111, "trouble with socket") ; + if (x[1].revents & IOPAUSE_READ) + { + int dummy ; + char remotepath[IPCPATH_MAX+1] ; + register int s = ipc_accept(x[1].fd, remotepath, IPCPATH_MAX+1, &dummy) ; + if (s < 0) + { + if (verbosity) strerr_warnwu1sys("accept") ; + } + else + { + new_connection(s, remotepath, argv, envp) ; + fd_close(s) ; + } + } + } + } + } + if (verbosity >= 2) log_exit() ; + return 0 ; +} diff --git a/src/conn-tools/s6-tcpserver4-socketbinder.c b/src/conn-tools/s6-tcpserver4-socketbinder.c new file mode 100644 index 0000000..86f5390 --- /dev/null +++ b/src/conn-tools/s6-tcpserver4-socketbinder.c @@ -0,0 +1,49 @@ +/* ISC license. */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#define USAGE "s6-tcpserver4-socketbinder [ -d | -D ] [ -b backlog ] ip4 port prog..." +#define dieusage() strerr_dieusage(100, USAGE) + +int main (int argc, char const *const *argv, char const *const *envp) +{ + unsigned int backlog = 20 ; + int flagreuse = 1 ; + char ip[4] ; + uint16 port ; + PROG = "s6-tcpserver4-socketbinder" ; + { + subgetopt_t l = SUBGETOPT_ZERO ; + for (;;) + { + register int opt = subgetopt_r(argc, argv, "Ddb:", &l) ; + if (opt == -1) break ; + switch (opt) + { + case 'D' : flagreuse = 0 ; break ; + case 'd' : flagreuse = 1 ; break ; + case 'b' : if (!uint0_scan(l.arg, &backlog)) dieusage() ; break ; + default : dieusage() ; + } + } + argc -= l.ind ; argv += l.ind ; + } + if (argc < 3) dieusage() ; + if (!ip4_scan(argv[0], ip) || !uint160_scan(argv[1], &port)) dieusage() ; + close(0) ; + if (socket_tcp4()) strerr_diefu1sys(111, "create socket") ; + if ((flagreuse ? socket_bind4_reuse(0, ip, port) : socket_bind4(0, ip, port)) < 0) + strerr_diefu5sys(111, "bind to ", argv[0], ":", argv[1], " ") ; + if (socket_listen(0, backlog) < 0) + strerr_diefu5sys(111, "listen to ", argv[0], ":", argv[1], " ") ; + + pathexec_run(argv[2], argv + 2, envp) ; + strerr_dieexec(111, argv[2]) ; +} diff --git a/src/conn-tools/s6-tcpserver4d.c b/src/conn-tools/s6-tcpserver4d.c new file mode 100644 index 0000000..c594b41 --- /dev/null +++ b/src/conn-tools/s6-tcpserver4d.c @@ -0,0 +1,375 @@ +/* ISC license. */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define ABSOLUTE_MAXCONN 1000 + +#define USAGE "s6-tcpserver4d [ -v verbosity ] [ -1 ] [ -c maxconn ] [ -C localmaxconn ] prog..." + +static unsigned int maxconn = 40 ; +static unsigned int localmaxconn = 40 ; +static unsigned int verbosity = 1 ; +static int cont = 1 ; +static diuint32 *pidip = 0 ; +static unsigned int numconn = 0 ; +static diuint32 *ipnum = 0 ; +static unsigned int iplen = 0 ; + +static char fmtmaxconn[UINT_FMT+1] = "/" ; +static char fmtlocalmaxconn[UINT_FMT+1] = "/" ; + + + /* Utility functions */ + +static inline void dieusage () +{ + strerr_dieusage(100, USAGE) ; +} + +static inline void X (void) +{ + strerr_dief1x(101, "internal inconsistency. Please submit a bug-report.") ; +} + + + /* Lookup primitives */ + +static unsigned int lookup_diuint32 (diuint32 const *, unsigned int, unsigned int) gccattr_pure ; +static unsigned int lookup_diuint32 (diuint32 const *tab, unsigned int tablen, unsigned int key) +{ + register unsigned int i = 0 ; + for (; i < tablen ; i++) if (key == tab[i].left) break ; + return i ; +} + +static inline unsigned int lookup_pid (uint32 pid) +{ + return lookup_diuint32(pidip, numconn, pid) ; +} + +static inline unsigned int lookup_ip (uint32 ip) +{ + return lookup_diuint32(ipnum, iplen, ip) ; +} + + + /* Logging */ + +static void log_start (void) +{ + strerr_warni1x("starting") ; +} + +static inline void log_exit (void) +{ + strerr_warni1x("exiting") ; +} + +static void log_status (void) +{ + char fmt[UINT_FMT] ; + fmt[uint_fmt(fmt, numconn)] = 0 ; + strerr_warni3x("status: ", fmt, fmtmaxconn) ; +} + +static void log_deny (uint32 ip, uint16 port, unsigned int num) +{ + char fmtip[UINT32_FMT] ; + char fmtport[UINT16_FMT] ; + char fmtnum[UINT_FMT] ; + fmtip[ip4_fmtu32(fmtip, ip)] = 0 ; + fmtport[uint16_fmt(fmtport, port)] = 0 ; + fmtnum[uint_fmt(fmtnum, num)] = 0 ; + strerr_warni7sys("deny ", fmtip, ":", fmtport, " count ", fmtnum, fmtlocalmaxconn) ; +} + +static void log_accept (uint32 pid, uint32 ip, uint16 port, unsigned int num) +{ + char fmtipport[IP4_FMT + UINT16_FMT + 1] ; + char fmtpid[UINT32_FMT] ; + char fmtnum[UINT_FMT] ; + register unsigned int n ; + n = ip4_fmtu32(fmtipport, ip) ; + fmtipport[n++] = ':' ; + n += uint16_fmt(fmtipport + n, port) ; + fmtipport[n] = 0 ; + fmtnum[uint_fmt(fmtnum, num)] = 0 ; + fmtpid[uint32_fmt(fmtpid, pid)] = 0 ; + strerr_warni7x("allow ", fmtipport, " pid ", fmtpid, " count ", fmtnum, fmtlocalmaxconn) ; +} + +static void log_close (uint32 pid, uint32 ip, int w) +{ + char fmtpid[UINT32_FMT] ; + char fmtip[IP4_FMT] = "?" ; + char fmtw[UINT_FMT] ; + fmtpid[uint32_fmt(fmtpid, pid)] = 0 ; + fmtip[ip4_fmtu32(fmtip, ip)] = 0 ; + fmtw[uint_fmt(fmtw, WIFSIGNALED(w) ? WTERMSIG(w) : WEXITSTATUS(w))] = 0 ; + strerr_warni6x("end pid ", fmtpid, " ip ", fmtip, WIFSIGNALED(w) ? " signal " : " exitcode ", fmtw) ; +} + + + /* Signal handling */ + +static void killthem (int sig) +{ + register unsigned int i = 0 ; + for (; i < numconn ; i++) kill(pidip[i].left, sig) ; +} + +static void wait_children (void) +{ + for (;;) + { + unsigned int i ; + int w ; + register int pid = wait_nohang(&w) ; + if (pid < 0) + if (errno != ECHILD) strerr_diefu1sys(111, "wait_nohang") ; + else break ; + else if (!pid) break ; + i = lookup_pid(pid) ; + if (i < numconn) /* it's one of ours ! */ + { + uint32 ip = pidip[i].right ; + register unsigned int j = lookup_ip(ip) ; + if (j >= iplen) X() ; + if (!--ipnum[j].right) ipnum[j] = ipnum[--iplen] ; + pidip[i] = pidip[--numconn] ; + if (verbosity >= 2) + { + log_close(pid, ip, w) ; + log_status() ; + } + } + } +} + +static void handle_signals (void) +{ + for (;;) switch (selfpipe_read()) + { + case -1 : strerr_diefu1sys(111, "read selfpipe") ; + case 0 : return ; + case SIGCHLD : wait_children() ; break ; + case SIGTERM : + { + if (verbosity >= 2) + strerr_warni3x("received ", "SIGTERM,", " quitting") ; + cont = 0 ; + break ; + } + case SIGHUP : + { + if (verbosity >= 2) + strerr_warni5x("received ", "SIGHUP,", " sending ", "SIGTERM+SIGCONT", " to all connections") ; + killthem(SIGTERM) ; + killthem(SIGCONT) ; + break ; + } + case SIGQUIT : + { + if (verbosity >= 2) + strerr_warni6x("received ", "SIGQUIT,", " sending ", "SIGTERM+SIGCONT", " to all connections", " and quitting") ; + cont = 0 ; + killthem(SIGTERM) ; + killthem(SIGCONT) ; + break ; + } + case SIGABRT : + { + if (verbosity >= 2) + strerr_warni6x("received ", "SIGABRT,", " sending ", "SIGKILL", " to all connections", " and quitting") ; + cont = 0 ; + killthem(SIGKILL) ; + break ; + } + default : X() ; + } +} + + + /* New connection handling */ + +static void run_child (int, uint32, uint16, unsigned int, char const *const *, char const *const *) gccattr_noreturn ; +static void run_child (int s, uint32 ip, uint16 port, unsigned int num, char const *const *argv, char const *const *envp) +{ + char fmt[74] ; + unsigned int n = 0 ; + PROG = "s6-tcpserver (child)" ; + if ((fd_move(0, s) < 0) || (fd_copy(1, 0) < 0)) + strerr_diefu1sys(111, "move fds") ; + byte_copy(fmt+n, 22, "PROTO=TCP\0TCPREMOTEIP=") ; n += 22 ; + n += ip4_fmtu32(fmt+n, ip) ; fmt[n++] = 0 ; + byte_copy(fmt+n, 14, "TCPREMOTEPORT=") ; n += 14 ; + n += uint16_fmt(fmt+n, port) ; fmt[n++] = 0 ; + byte_copy(fmt+n, 11, "TCPCONNNUM=") ; n += 11 ; + n += uint_fmt(fmt+n, num) ; fmt[n++] = 0 ; + pathexec_r(argv, envp, env_len(envp), fmt, n) ; + strerr_dieexec(111, argv[0]) ; +} + +static void new_connection (int s, uint32 ip, uint16 port, char const *const *argv, char const *const *envp) +{ + unsigned int i = lookup_ip(ip) ; + unsigned int num = (i < iplen) ? ipnum[i].right : 0 ; + register int pid ; + if (num >= localmaxconn) + { + log_deny(ip, port, num) ; + return ; + } + pid = fork() ; + if (pid < 0) + { + if (verbosity) strerr_warnwu1sys("fork") ; + return ; + } + else if (!pid) + { + selfpipe_finish() ; + run_child(s, ip, port, num+1, argv, envp) ; + } + + if (i < iplen) ipnum[i].right = num + 1 ; + else + { + ipnum[iplen].left = ip ; + ipnum[iplen++].right = 1 ; + } + pidip[numconn].left = (uint32)pid ; + pidip[numconn++].right = ip ; + if (verbosity >= 2) + { + log_accept((uint32)pid, ip, port, ipnum[i].right) ; + log_status() ; + } +} + + + /* And the main */ + +int main (int argc, char const *const *argv, char const *const *envp) +{ + iopause_fd x[2] = { { .events = IOPAUSE_READ }, { .fd = 0, .events = IOPAUSE_READ | IOPAUSE_EXCEPT } } ; + PROG = "s6-tcpserver4d" ; + { + subgetopt_t l = SUBGETOPT_ZERO ; + int flag1 = 0 ; + for (;;) + { + register int opt = subgetopt_r(argc, argv, "1c:C:v:", &l) ; + if (opt == -1) break ; + switch (opt) + { + case '1' : flag1 = 1 ; break ; + case 'c' : if (!uint0_scan(l.arg, &maxconn)) dieusage() ; break ; + case 'C' : if (!uint0_scan(l.arg, &localmaxconn)) dieusage() ; break ; + case 'v' : if (!uint0_scan(l.arg, &verbosity)) dieusage() ; break ; + default : dieusage() ; + } + } + argc -= l.ind ; argv += l.ind ; + if (!argc || !*argv[0]) dieusage() ; + { + struct stat st ; + if (fstat(0, &st) < 0) strerr_diefu1sys(111, "fstat stdin") ; + if (!S_ISSOCK(st.st_mode)) strerr_dief1x(100, "stdin is not a socket") ; + } + if (coe(0) < 0) strerr_diefu1sys(111, "make socket close-on-exec") ; + if (flag1) + { + if (fcntl(1, F_GETFD) < 0) + strerr_dief1sys(100, "called with option -1 but stdout said") ; + } + else close(1) ; + if (!maxconn) maxconn = 1 ; + if (maxconn > ABSOLUTE_MAXCONN) maxconn = ABSOLUTE_MAXCONN ; + if (localmaxconn > maxconn) localmaxconn = maxconn ; + + x[0].fd = selfpipe_init() ; + if (x[0].fd == -1) strerr_diefu1sys(111, "create selfpipe") ; + if (sig_ignore(SIGPIPE) < 0) strerr_diefu1sys(111, "ignore SIGPIPE") ; + { + sigset_t set ; + sigemptyset(&set) ; + sigaddset(&set, SIGCHLD) ; + sigaddset(&set, SIGTERM) ; + sigaddset(&set, SIGHUP) ; + sigaddset(&set, SIGQUIT) ; + sigaddset(&set, SIGABRT) ; + if (selfpipe_trapset(&set) < 0) strerr_diefu1sys(111, "trap signals") ; + } + fmtlocalmaxconn[1+uint_fmt(fmtlocalmaxconn+1, localmaxconn)] = 0 ; + if (verbosity >= 2) + { + fmtmaxconn[1+uint_fmt(fmtmaxconn+1, maxconn)] = 0 ; + log_start() ; + log_status() ; + } + if (flag1) + { + fd_write(1, "\n", 1) ; + fd_close(1) ; + } + } + + { + diuint32 inyostack[maxconn<<1] ; + pidip = inyostack ; ipnum = inyostack + maxconn ; + while (cont) + { + if (iopause_g(x, 1 + (numconn < maxconn), 0) < 0) + strerr_diefu1sys(111, "iopause") ; + + if (x[0].revents & IOPAUSE_EXCEPT) strerr_dief1x(111, "trouble with selfpipe") ; + if (x[0].revents & IOPAUSE_READ) handle_signals() ; + if (numconn < maxconn) + { + if (x[1].revents & IOPAUSE_EXCEPT) strerr_dief1x(111, "trouble with socket") ; + if (x[1].revents & IOPAUSE_READ) + { + char packedip[4] ; + uint16 port ; + register int fd = socket_accept4(x[1].fd, packedip, &port) ; + if (fd < 0) + { + if (verbosity) strerr_warnwu1sys("accept") ; + } + else + { + uint32 ip ; + uint32_unpack_big(packedip, &ip) ; + new_connection(fd, ip, port, argv, envp) ; + fd_close(fd) ; + } + } + } + } + } + if (verbosity >= 2) log_exit() ; + return 0 ; +} diff --git a/src/conn-tools/s6-tcpserver6-socketbinder.c b/src/conn-tools/s6-tcpserver6-socketbinder.c new file mode 100644 index 0000000..6f020b2 --- /dev/null +++ b/src/conn-tools/s6-tcpserver6-socketbinder.c @@ -0,0 +1,49 @@ +/* ISC license. */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#define USAGE "s6-tcpserver6-socketbinder [ -d | -D ] [ -b backlog ] ip6 port prog..." +#define dieusage() strerr_dieusage(100, USAGE) + +int main (int argc, char const *const *argv, char const *const *envp) +{ + unsigned int backlog = 20 ; + int flagreuse = 1 ; + char ip[16] ; + uint16 port ; + PROG = "s6-tcpserver6-socketbinder" ; + { + subgetopt_t l = SUBGETOPT_ZERO ; + for (;;) + { + register int opt = subgetopt_r(argc, argv, "Ddb:", &l) ; + if (opt == -1) break ; + switch (opt) + { + case 'D' : flagreuse = 0 ; break ; + case 'd' : flagreuse = 1 ; break ; + case 'b' : if (!uint0_scan(l.arg, &backlog)) dieusage() ; break ; + default : dieusage() ; + } + } + argc -= l.ind ; argv += l.ind ; + } + if (argc < 3) dieusage() ; + if (!ip6_scan(argv[0], ip) || !uint160_scan(argv[1], &port)) dieusage() ; + close(0) ; + if (socket_tcp6()) strerr_diefu1sys(111, "create socket") ; + if ((flagreuse ? socket_bind6_reuse(0, ip, port) : socket_bind6(0, ip, port)) < 0) + strerr_diefu5sys(111, "bind to ", argv[0], ":", argv[1], " ") ; + if (socket_listen(0, backlog) < 0) + strerr_diefu5sys(111, "listen to ", argv[0], ":", argv[1], " ") ; + + pathexec_run(argv[2], argv + 2, envp) ; + strerr_dieexec(111, argv[2]) ; +} diff --git a/src/conn-tools/s6-tcpserver6d.c b/src/conn-tools/s6-tcpserver6d.c new file mode 100644 index 0000000..3e535c5 --- /dev/null +++ b/src/conn-tools/s6-tcpserver6d.c @@ -0,0 +1,373 @@ +/* ISC license. */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define ABSOLUTE_MAXCONN 1000 + +#define USAGE "s6-tcpserver6d [ -v verbosity ] [ -1 ] [ -c maxconn ] [ -C localmaxconn ] prog..." + +typedef struct ipnum_s ipnum_t, *ipnum_t_ref ; +struct ipnum_s +{ + char ip[16] ; + unsigned int num ; +} ; +#define IPNUM_ZERO { "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 0 } + +static unsigned int maxconn = 40 ; +static unsigned int localmaxconn = 40 ; +static unsigned int verbosity = 1 ; +static int cont = 1 ; +static ipnum_t_ref pidip = 0 ; +static unsigned int numconn = 0 ; +static ipnum_t_ref ipnum = 0 ; +static unsigned int iplen = 0 ; + +static char fmtmaxconn[UINT_FMT+1] = "/" ; +static char fmtlocalmaxconn[UINT_FMT+1] = "/" ; + + + /* Utility functions */ + +static inline void dieusage () +{ + strerr_dieusage(100, USAGE) ; +} + +static inline void X (void) +{ + strerr_dief1x(101, "internal inconsistency. Please submit a bug-report.") ; +} + + + /* Lookup primitives */ + +static unsigned int lookup_pid (unsigned int pid) +{ + register unsigned int i = 0 ; + for (; i < numconn ; i++) if (pid == pidip[i].num) break ; + return i ; +} + +static unsigned int lookup_ip (char const *ip) +{ + register unsigned int i = 0 ; + for (; i < iplen ; i++) if (!byte_diff(ip, 16, ipnum[i].ip)) break ; + return i ; +} + + + /* Logging */ + +static void log_start (void) +{ + strerr_warni1x("starting") ; +} + +static inline void log_exit (void) +{ + strerr_warni1x("exiting") ; +} + +static void log_status (void) +{ + char fmt[UINT_FMT] ; + fmt[uint_fmt(fmt, numconn)] = 0 ; + strerr_warni3x("status: ", fmt, fmtmaxconn) ; +} + +static void log_deny (char const *ip, uint16 port, unsigned int num) +{ + char fmtip[IP6_FMT] ; + char fmtport[UINT16_FMT] ; + char fmtnum[UINT_FMT] ; + fmtip[ip6_fmt(fmtip, ip)] = 0 ; + fmtport[uint16_fmt(fmtport, port)] = 0 ; + fmtnum[uint_fmt(fmtnum, num)] = 0 ; + strerr_warni7sys("deny ", fmtip, " port ", fmtport, " count ", fmtnum, fmtlocalmaxconn) ; +} + +static void log_accept (unsigned int pid, char const *ip, uint16 port, unsigned int num) +{ + char fmtipport[IP6_FMT + UINT16_FMT + 6] ; + char fmtpid[UINT_FMT] ; + char fmtnum[UINT_FMT] ; + register unsigned int n ; + n = ip6_fmt(fmtipport, ip) ; + byte_copy(fmtipport + n, 6, " port ") ; n += 6 ; + n += uint16_fmt(fmtipport + n, port) ; + fmtipport[n] = 0 ; + fmtnum[uint_fmt(fmtnum, num)] = 0 ; + fmtpid[uint_fmt(fmtpid, pid)] = 0 ; + strerr_warni7x("allow ", fmtipport, " pid ", fmtpid, " count ", fmtnum, fmtlocalmaxconn) ; +} + +static void log_close (unsigned int pid, char const *ip, int w) +{ + char fmtpid[UINT_FMT] ; + char fmtip[IP6_FMT] = "?" ; + char fmtw[UINT_FMT] ; + fmtpid[uint_fmt(fmtpid, pid)] = 0 ; + fmtip[ip6_fmt(fmtip, ip)] = 0 ; + fmtw[uint_fmt(fmtw, WIFSIGNALED(w) ? WTERMSIG(w) : WEXITSTATUS(w))] = 0 ; + strerr_warni6x("end pid ", fmtpid, " ip ", fmtip, WIFSIGNALED(w) ? " signal " : " exitcode ", fmtw) ; +} + + + /* Signal handling */ + +static void killthem (int sig) +{ + register unsigned int i = 0 ; + for (; i < numconn ; i++) kill(pidip[i].num, sig) ; +} + +static void wait_children (void) +{ + for (;;) + { + unsigned int i ; + int w ; + register pid_t pid = wait_nohang(&w) ; + if (pid < 0) + if (errno != ECHILD) strerr_diefu1sys(111, "wait_nohang") ; + else break ; + else if (!pid) break ; + i = lookup_pid(pid) ; + if (i < numconn) /* it's one of ours ! */ + { + register unsigned int j = lookup_ip(pidip[i].ip) ; + if (j >= iplen) X() ; + if (!--ipnum[j].num) ipnum[j] = ipnum[--iplen] ; + --numconn ; + if (verbosity >= 2) + { + log_close(pid, pidip[i].ip, w) ; + log_status() ; + } + pidip[i] = pidip[numconn] ; + } + } +} + +static void handle_signals (void) +{ + for (;;) switch (selfpipe_read()) + { + case -1 : strerr_diefu1sys(111, "read selfpipe") ; + case 0 : return ; + case SIGCHLD : wait_children() ; break ; + case SIGTERM : + { + if (verbosity >= 2) + strerr_warni3x("received ", "SIGTERM,", " quitting") ; + cont = 0 ; + break ; + } + case SIGHUP : + { + if (verbosity >= 2) + strerr_warni5x("received ", "SIGHUP,", " sending ", "SIGTERM+SIGCONT", " to all connections") ; + killthem(SIGTERM) ; + killthem(SIGCONT) ; + break ; + } + case SIGQUIT : + { + if (verbosity >= 2) + strerr_warni6x("received ", "SIGQUIT,", " sending ", "SIGTERM+SIGCONT", " to all connections", " and quitting") ; + cont = 0 ; + killthem(SIGTERM) ; + killthem(SIGCONT) ; + break ; + } + case SIGABRT : + { + if (verbosity >= 2) + strerr_warni6x("received ", "SIGABRT,", " sending ", "SIGKILL", " to all connections", " and quitting") ; + cont = 0 ; + killthem(SIGKILL) ; + break ; + } + default : X() ; + } +} + + + /* New connection handling */ + +static void run_child (int, char const *, uint16, unsigned int, char const *const *, char const *const *) gccattr_noreturn ; +static void run_child (int s, char const *ip, uint16 port, unsigned int num, char const *const *argv, char const *const *envp) +{ + char fmt[98] ; + unsigned int n = 0 ; + PROG = "s6-tcpserver6 (child)" ; + if ((fd_move(0, s) < 0) || (fd_copy(1, 0) < 0)) + strerr_diefu1sys(111, "move fds") ; + byte_copy(fmt+n, 24, "PROTO=TCP\0TCPREMOTEIP=") ; n += 22 ; + n += ip6_fmt(fmt+n, ip) ; fmt[n++] = 0 ; + byte_copy(fmt+n, 14, "TCPREMOTEPORT=") ; n += 14 ; + n += uint16_fmt(fmt+n, port) ; fmt[n++] = 0 ; + byte_copy(fmt+n, 11, "TCPCONNNUM=") ; n += 11 ; + n += uint_fmt(fmt+n, num) ; fmt[n++] = 0 ; + pathexec_r(argv, envp, env_len(envp), fmt, n) ; + strerr_dieexec(111, argv[0]) ; +} + +static void new_connection (int s, char const *ip, uint16 port, char const *const *argv, char const *const *envp) +{ + unsigned int i = lookup_ip(ip) ; + unsigned int num = (i < iplen) ? ipnum[i].num : 0 ; + register pid_t pid ; + if (num >= localmaxconn) + { + log_deny(ip, port, num) ; + return ; + } + pid = fork() ; + if (pid < 0) + { + if (verbosity) strerr_warnwu1sys("fork") ; + return ; + } + else if (!pid) + { + selfpipe_finish() ; + run_child(s, ip, port, num+1, argv, envp) ; + } + + if (i < iplen) ipnum[i].num = num + 1 ; + else + { + byte_copy(ipnum[iplen].ip, 16, ip) ; + ipnum[iplen++].num = 1 ; + } + pidip[numconn].num = pid ; + byte_copy(pidip[numconn++].ip, 16, ip) ; + if (verbosity >= 2) + { + log_accept(pid, ip, port, ipnum[i].num) ; + log_status() ; + } +} + + +int main (int argc, char const *const *argv, char const *const *envp) +{ + iopause_fd x[2] = { { .events = IOPAUSE_READ }, { .fd = 0, .events = IOPAUSE_READ | IOPAUSE_EXCEPT } } ; + PROG = "s6-tcpserver6d" ; + { + subgetopt_t l = SUBGETOPT_ZERO ; + int flag1 = 0 ; + for (;;) + { + register int opt = subgetopt_r(argc, argv, "1c:C:v:", &l) ; + if (opt == -1) break ; + switch (opt) + { + case '1' : flag1 = 1 ; break ; + case 'c' : if (!uint0_scan(l.arg, &maxconn)) dieusage() ; break ; + case 'C' : if (!uint0_scan(l.arg, &localmaxconn)) dieusage() ; break ; + case 'v' : if (!uint0_scan(l.arg, &verbosity)) dieusage() ; break ; + default : dieusage() ; + } + } + argc -= l.ind ; argv += l.ind ; + if (!argc || !*argv[0]) dieusage() ; + { + struct stat st ; + if (fstat(0, &st) < 0) strerr_diefu1sys(111, "fstat stdin") ; + if (!S_ISSOCK(st.st_mode)) strerr_dief1x(100, "stdin is not a socket") ; + } + if (coe(0) < 0) strerr_diefu1sys(111, "make socket close-on-exec") ; + if (flag1) + { + if (fcntl(1, F_GETFD) < 0) + strerr_dief1sys(100, "called with option -1 but stdout said") ; + } + else close(1) ; + if (!maxconn) maxconn = 1 ; + if (maxconn > ABSOLUTE_MAXCONN) maxconn = ABSOLUTE_MAXCONN ; + if (localmaxconn > maxconn) localmaxconn = maxconn ; + + x[0].fd = selfpipe_init() ; + if (x[0].fd == -1) strerr_diefu1sys(111, "create selfpipe") ; + if (sig_ignore(SIGPIPE) < 0) strerr_diefu1sys(111, "ignore SIGPIPE") ; + { + sigset_t set ; + sigemptyset(&set) ; + sigaddset(&set, SIGCHLD) ; + sigaddset(&set, SIGTERM) ; + sigaddset(&set, SIGHUP) ; + sigaddset(&set, SIGQUIT) ; + sigaddset(&set, SIGABRT) ; + if (selfpipe_trapset(&set) < 0) strerr_diefu1sys(111, "trap signals") ; + } + if (flag1) + { + fd_write(1, "\n", 1) ; + fd_close(1) ; + } + fmtlocalmaxconn[1+uint_fmt(fmtlocalmaxconn+1, localmaxconn)] = 0 ; + if (verbosity >= 2) + { + fmtmaxconn[1+uint_fmt(fmtmaxconn+1, maxconn)] = 0 ; + log_start() ; + log_status() ; + } + } + + { + ipnum_t inyostack[maxconn<<1] ; + pidip = inyostack ; ipnum = inyostack + maxconn ; + while (cont) + { + if (iopause_g(x, 1 + (numconn < maxconn), 0) < 0) + strerr_diefu1sys(111, "iopause") ; + + if (x[0].revents & IOPAUSE_EXCEPT) strerr_dief1x(111, "trouble with selfpipe") ; + if (x[0].revents & IOPAUSE_READ) handle_signals() ; + if (numconn < maxconn) + { + if (x[1].revents & IOPAUSE_EXCEPT) strerr_dief1x(111, "trouble with socket") ; + if (x[1].revents & IOPAUSE_READ) + { + char ip[16] ; + uint16 port ; + register int fd = socket_accept6(x[1].fd, ip, &port) ; + if (fd < 0) + { + if (verbosity) strerr_warnwu1sys("accept") ; + } + else + { + new_connection(fd, ip, port, argv, envp) ; + fd_close(fd) ; + } + } + } + } + } + if (verbosity >= 2) log_exit() ; + return 0 ; +} -- cgit v1.2.3