1 /*
2  * Copyright (c) 2016, 2019, 2020-2021 Tracey Emery <tracey@traceyemery.net>
3  * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #include <sys/param.h>
19 #include <sys/queue.h>
20 #include <sys/socket.h>
21 #include <sys/wait.h>
22 
23 #include <net/if.h>
24 #include <netinet/in.h>
25 
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <termios.h>
30 #include <err.h>
31 #include <errno.h>
32 #include <event.h>
33 #include <fcntl.h>
34 #include <pwd.h>
35 #include <signal.h>
36 #include <syslog.h>
37 #include <unistd.h>
38 #include <ctype.h>
39 
40 #include "got_compat.h"
41 #include "got_opentemp.h"
42 #include "got_reference.h"
43 
44 #include "gotwebd.h"
45 
46 __dead void usage(void);
47 
48 int	 main(int, char **);
49 int	 gotwebd_configure(struct gotwebd *);
50 void	 gotwebd_configure_done(struct gotwebd *);
51 void	 gotwebd_sighdlr(int sig, short event, void *arg);
52 void	 gotwebd_shutdown(void);
53 void	 gotwebd_dispatch_sockets(int, short, void *);
54 
55 struct gotwebd	*gotwebd_env;
56 
57 void
58 imsg_event_add(struct imsgev *iev)
59 {
60 	if (iev->handler == NULL) {
61 		imsg_flush(&iev->ibuf);
62 		return;
63 	}
64 
65 	iev->events = EV_READ;
66 	if (iev->ibuf.w.queued)
67 		iev->events |= EV_WRITE;
68 
69 	event_del(&iev->ev);
70 	event_set(&iev->ev, iev->ibuf.fd, iev->events, iev->handler, iev->data);
71 	event_add(&iev->ev, NULL);
72 }
73 
74 int
75 imsg_compose_event(struct imsgev *iev, uint16_t type, uint32_t peerid,
76     pid_t pid, int fd, const void *data, uint16_t datalen)
77 {
78 	int ret;
79 
80 	ret = imsg_compose(&iev->ibuf, type, peerid, pid, fd, data, datalen);
81 	if (ret == -1)
82 		return (ret);
83 	imsg_event_add(iev);
84 	return (ret);
85 }
86 
87 int
88 main_compose_sockets(struct gotwebd *env, uint32_t type, int fd,
89     const void *data, uint16_t len)
90 {
91 	size_t	 i;
92 	int	 ret, d;
93 
94 	for (i = 0; i < env->nserver; ++i) {
95 		d = -1;
96 		if (fd != -1 && (d = dup(fd)) == -1)
97 			goto err;
98 
99 		ret = imsg_compose_event(&env->iev_server[i], type, 0, -1,
100 		    d, data, len);
101 		if (ret == -1)
102 			goto err;
103 
104 		/* prevent fd exhaustion */
105 		if (d != -1) {
106 			do {
107 				ret = imsg_flush(&env->iev_server[i].ibuf);
108 			} while (ret == -1 && errno == EAGAIN);
109 			if (ret == -1)
110 				goto err;
111 			imsg_event_add(&env->iev_server[i]);
112 		}
113 	}
114 
115 	if (fd != -1)
116 		close(fd);
117 	return 0;
118 
119 err:
120 	if (fd != -1)
121 		close(fd);
122 	return -1;
123 }
124 
125 int
126 sockets_compose_main(struct gotwebd *env, uint32_t type, const void *d,
127     uint16_t len)
128 {
129 	return (imsg_compose_event(env->iev_parent, type, 0, -1, -1, d, len));
130 }
131 
132 void
133 gotwebd_dispatch_sockets(int fd, short event, void *arg)
134 {
135 	struct imsgev		*iev = arg;
136 	struct imsgbuf		*ibuf;
137 	struct imsg		 imsg;
138 	struct gotwebd		*env = gotwebd_env;
139 	ssize_t			 n;
140 	int			 shut = 0;
141 
142 	ibuf = &iev->ibuf;
143 
144 	if (event & EV_READ) {
145 		if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
146 			fatal("imsg_read error");
147 		if (n == 0)	/* Connection closed */
148 			shut = 1;
149 	}
150 	if (event & EV_WRITE) {
151 		if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN)
152 			fatal("msgbuf_write");
153 		if (n == 0)	/* Connection closed */
154 			shut = 1;
155 	}
156 
157 	for (;;) {
158 		if ((n = imsg_get(ibuf, &imsg)) == -1)
159 			fatal("imsg_get");
160 		if (n == 0)	/* No more messages. */
161 			break;
162 
163 		switch (imsg.hdr.type) {
164 		case IMSG_CFG_DONE:
165 			gotwebd_configure_done(env);
166 			break;
167 		default:
168 			fatalx("%s: unknown imsg type %d", __func__,
169 			    imsg.hdr.type);
170 		}
171 
172 		imsg_free(&imsg);
173 	}
174 
175 	if (!shut)
176 		imsg_event_add(iev);
177 	else {
178 		/* This pipe is dead.  Remove its event handler */
179 		event_del(&iev->ev);
180 		event_loopexit(NULL);
181 	}
182 }
183 
184 void
185 gotwebd_sighdlr(int sig, short event, void *arg)
186 {
187 	/* struct privsep	*ps = arg; */
188 
189 	switch (sig) {
190 	case SIGHUP:
191 		log_info("%s: ignoring SIGHUP", __func__);
192 		break;
193 	case SIGPIPE:
194 		log_info("%s: ignoring SIGPIPE", __func__);
195 		break;
196 	case SIGUSR1:
197 		log_info("%s: ignoring SIGUSR1", __func__);
198 		break;
199 	case SIGTERM:
200 	case SIGINT:
201 		gotwebd_shutdown();
202 		break;
203 	default:
204 		fatalx("unexpected signal");
205 	}
206 }
207 
208 static int
209 spawn_socket_process(struct gotwebd *env, const char *argv0, int n)
210 {
211 	const char	*argv[5];
212 	int		 argc = 0;
213 	int		 p[2];
214 	pid_t		 pid;
215 
216 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, p) == -1)
217 		fatal("socketpair");
218 
219 	switch (pid = fork()) {
220 	case -1:
221 		fatal("fork");
222 	case 0:		/* child */
223 		break;
224 	default:	/* parent */
225 		close(p[0]);
226 		imsg_init(&env->iev_server[n].ibuf, p[1]);
227 		env->iev_server[n].handler = gotwebd_dispatch_sockets;
228 		env->iev_server[n].data = &env->iev_server[n];
229 		event_set(&env->iev_server[n].ev, p[1], EV_READ,
230 		    gotwebd_dispatch_sockets, &env->iev_server[n]);
231 		event_add(&env->iev_server[n].ev, NULL);
232 		return 0;
233 	}
234 
235 	close(p[1]);
236 
237 	argv[argc++] = argv0;
238 	argv[argc++] = "-S";
239 	if (env->gotwebd_debug)
240 		argv[argc++] = "-d";
241 	if (env->gotwebd_verbose)
242 		argv[argc++] = "-v";
243 	argv[argc] = NULL;
244 
245 	if (p[0] != GOTWEBD_SOCK_FILENO) {
246 		if (dup2(p[0], GOTWEBD_SOCK_FILENO) == -1)
247 			fatal("dup2");
248 	} else if (fcntl(p[0], F_SETFD, 0) == -1)
249 		fatal("fcntl");
250 
251 	/* obnoxious cast */
252 	execvp(argv0, (char * const *)argv);
253 	fatal("execvp %s", argv0);
254 }
255 
256 __dead void
257 usage(void)
258 {
259 	fprintf(stderr, "usage: %s [-dnv] [-D macro=value] [-f file]\n",
260 	    getprogname());
261 	exit(1);
262 }
263 
264 int
265 main(int argc, char **argv)
266 {
267 	struct event		 sigint, sigterm, sighup, sigpipe, sigusr1;
268 	struct gotwebd		*env;
269 	struct passwd		*pw;
270 	int			 ch, i;
271 	int			 no_action = 0;
272 	int			 server_proc = 0;
273 	const char		*conffile = GOTWEBD_CONF;
274 	const char		*argv0;
275 
276 	if ((argv0 = argv[0]) == NULL)
277 		argv0 = "gotwebd";
278 
279 	/* log to stderr until daemonized */
280 	log_init(1, LOG_DAEMON);
281 
282 	env = calloc(1, sizeof(*env));
283 	if (env == NULL)
284 		fatal("%s: calloc", __func__);
285 	config_init(env);
286 
287 	while ((ch = getopt(argc, argv, "D:df:nSv")) != -1) {
288 		switch (ch) {
289 		case 'D':
290 			if (cmdline_symset(optarg) < 0)
291 				log_warnx("could not parse macro definition %s",
292 				    optarg);
293 			break;
294 		case 'd':
295 			env->gotwebd_debug = 1;
296 			break;
297 		case 'f':
298 			conffile = optarg;
299 			break;
300 		case 'n':
301 			no_action = 1;
302 			break;
303 		case 'S':
304 			server_proc = 1;
305 			break;
306 		case 'v':
307 			env->gotwebd_verbose++;
308 			break;
309 		default:
310 			usage();
311 		}
312 	}
313 
314 	argc -= optind;
315 	if (argc > 0)
316 		usage();
317 
318 	gotwebd_env = env;
319 	env->gotwebd_conffile = conffile;
320 
321 	if (parse_config(env->gotwebd_conffile, env) == -1)
322 		exit(1);
323 
324 	if (no_action) {
325 		fprintf(stderr, "configuration OK\n");
326 		exit(0);
327 	}
328 
329 	/* check for root privileges */
330 	if (geteuid())
331 		fatalx("need root privileges");
332 
333 	pw = getpwnam(GOTWEBD_USER);
334 	if (pw == NULL)
335 		fatalx("unknown user %s", GOTWEBD_USER);
336 	env->pw = pw;
337 
338 	log_init(env->gotwebd_debug, LOG_DAEMON);
339 	log_setverbose(env->gotwebd_verbose);
340 
341 	if (server_proc) {
342 		setproctitle("sockets");
343 		log_procinit("sockets");
344 
345 		if (chroot(pw->pw_dir) == -1)
346 			fatal("chroot %s", pw->pw_dir);
347 		if (chdir("/") == -1)
348 			fatal("chdir /");
349 		if (setgroups(1, &pw->pw_gid) == -1 ||
350 		    setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1 ||
351 		    setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1)
352 			fatal("failed to drop privileges");
353 
354 		sockets(env, GOTWEBD_SOCK_FILENO);
355 		return 1;
356 	}
357 
358 	if (!env->gotwebd_debug && daemon(1, 0) == -1)
359 		fatal("daemon");
360 
361 	event_init();
362 
363 	env->nserver = env->prefork_gotwebd;
364 	env->iev_server = calloc(env->nserver, sizeof(*env->iev_server));
365 	if (env->iev_server == NULL)
366 		fatal("calloc");
367 
368 	for (i = 0; i < env->nserver; ++i) {
369 		if (spawn_socket_process(env, argv0, i) == -1)
370 			fatal("spawn_socket_process");
371 	}
372 
373 	if (chdir("/") == -1)
374 		fatal("chdir /");
375 
376 	log_procinit("gotwebd");
377 
378 	log_info("%s startup", getprogname());
379 
380 	signal_set(&sigint, SIGINT, gotwebd_sighdlr, env);
381 	signal_set(&sigterm, SIGTERM, gotwebd_sighdlr, env);
382 	signal_set(&sighup, SIGHUP, gotwebd_sighdlr, env);
383 	signal_set(&sigpipe, SIGPIPE, gotwebd_sighdlr, env);
384 	signal_set(&sigusr1, SIGUSR1, gotwebd_sighdlr, env);
385 
386 	signal_add(&sigint, NULL);
387 	signal_add(&sigterm, NULL);
388 	signal_add(&sighup, NULL);
389 	signal_add(&sigpipe, NULL);
390 	signal_add(&sigusr1, NULL);
391 
392 	if (gotwebd_configure(env) == -1)
393 		fatalx("configuration failed");
394 
395 #ifdef PROFILE
396 	if (unveil("gmon.out", "rwc") != 0)
397 		err(1, "gmon.out");
398 #endif
399 
400 	if (unveil(env->httpd_chroot, "r") == -1)
401 		err(1, "unveil");
402 
403 	if (unveil(GOTWEBD_CONF, "r") == -1)
404 		err(1, "unveil");
405 
406 	if (unveil(NULL, NULL) != 0)
407 		err(1, "unveil");
408 
409 #ifndef PROFILE
410 	if (pledge("stdio", NULL) == -1)
411 		err(1, "pledge");
412 #endif
413 
414 	event_dispatch();
415 
416 	log_debug("%s gotwebd exiting", getprogname());
417 
418 	return (0);
419 }
420 
421 int
422 gotwebd_configure(struct gotwebd *env)
423 {
424 	struct server *srv;
425 	struct socket *sock;
426 
427 	/* gotweb need to reload its config. */
428 	env->gotwebd_reload = env->prefork_gotwebd;
429 
430 	/* send our gotweb servers */
431 	TAILQ_FOREACH(srv, &env->servers, entry) {
432 		if (config_setserver(env, srv) == -1)
433 			fatalx("%s: send server error", __func__);
434 	}
435 
436 	/* send our sockets */
437 	TAILQ_FOREACH(sock, &env->sockets, entry) {
438 		if (config_setsock(env, sock) == -1)
439 			fatalx("%s: send socket error", __func__);
440 		if (config_setfd(env, sock) == -1)
441 			fatalx("%s: send priv_fd error", __func__);
442 	}
443 
444 	if (main_compose_sockets(env, IMSG_CFG_DONE, -1, NULL, 0) == -1)
445 		fatal("main_compose_sockets IMSG_CFG_DONE");
446 
447 	return (0);
448 }
449 
450 void
451 gotwebd_configure_done(struct gotwebd *env)
452 {
453 	if (env->gotwebd_reload == 0) {
454 		log_warnx("%s: configuration already finished", __func__);
455 		return;
456 	}
457 
458 	env->gotwebd_reload--;
459 	if (env->gotwebd_reload == 0 &&
460 	    main_compose_sockets(env, IMSG_CTL_START, -1, NULL, 0) == -1)
461 		fatal("main_compose_sockets IMSG_CTL_START");
462 }
463 
464 void
465 gotwebd_shutdown(void)
466 {
467 	struct gotwebd	*env = gotwebd_env;
468 	pid_t		 pid;
469 	int		 i, status;
470 
471 	for (i = 0; i < env->nserver; ++i) {
472 		event_del(&env->iev_server[i].ev);
473 		imsg_clear(&env->iev_server[i].ibuf);
474 		close(env->iev_server[i].ibuf.fd);
475 		env->iev_server[i].ibuf.fd = -1;
476 	}
477 
478 	do {
479 		pid = waitpid(WAIT_ANY, &status, 0);
480 		if (pid <= 0)
481 			continue;
482 
483 		if (WIFSIGNALED(status))
484 			log_warnx("lost child: pid %u terminated; signal %d",
485 			    pid, WTERMSIG(status));
486 		else if (WIFEXITED(status) && WEXITSTATUS(status) != 0)
487 			log_warnx("lost child: pid %u exited abnormally",
488 			    pid);
489 	} while (pid != -1 || (pid == -1 && errno == EINTR));
490 
491 	free(gotwebd_env);
492 
493 	log_warnx("gotwebd terminating");
494 	exit(0);
495 }