Gotweb

Blob

Date:: Sat Mar 30 17:21:23 2024 UTC
Message:: display process title in syslog when a gotd child process exits
Actions:: History | Blame | Raw File
1 /*
2  * Copyright (c) 2022 Stefan Sperling <stsp@openbsd.org>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include "got_compat.h"
18 
19 #include <sys/types.h>
20 #include <sys/queue.h>
21 #include <sys/socket.h>
22 #include <sys/uio.h>
23 
24 #include <errno.h>
25 #include <event.h>
26 #include <stdint.h>
27 #include <stdio.h>
28 #include <stdlib.h>
29 #include <string.h>
30 #include <imsg.h>
31 #include <limits.h>
32 #include <signal.h>
33 #include <unistd.h>
34 
35 #include "got_error.h"
36 #include "got_path.h"
37 
38 #include "got_compat.h"
39 
40 #include "gotd.h"
41 #include "log.h"
42 #include "listen.h"
43 
44 #ifndef nitems
45 #define nitems(_a)	(sizeof((_a)) / sizeof((_a)[0]))
46 #endif
47 
48 struct gotd_listen_client {
49 	STAILQ_ENTRY(gotd_listen_client)	 entry;
50 	uint32_t			 id;
51 	int				 fd;
52 	uid_t				 euid;
53 };
54 STAILQ_HEAD(gotd_listen_clients, gotd_listen_client);
55 
56 static struct gotd_listen_clients gotd_listen_clients[GOTD_CLIENT_TABLE_SIZE];
57 static SIPHASH_KEY clients_hash_key;
58 static volatile int listen_client_cnt;
59 static int inflight;
60 
61 struct gotd_uid_connection_counter {
62 	STAILQ_ENTRY(gotd_uid_connection_counter) entry;
63 	uid_t euid;
64 	int nconnections;
65 };
66 STAILQ_HEAD(gotd_client_uids, gotd_uid_connection_counter);
67 static struct gotd_client_uids gotd_client_uids[GOTD_CLIENT_TABLE_SIZE];
68 static SIPHASH_KEY uid_hash_key;
69 
70 static struct {
71 	pid_t pid;
72 	const char *title;
73 	int fd;
74 	struct gotd_imsgev iev;
75 	struct gotd_imsgev pause;
76 	struct gotd_uid_connection_limit *connection_limits;
77 	size_t nconnection_limits;
78 } gotd_listen;
79 
80 static int inflight;
81 
82 static void listen_shutdown(void);
83 
84 static void
85 listen_sighdlr(int sig, short event, void *arg)
86 {
87 	/*
88 	 * Normal signal handler rules don't apply because libevent
89 	 * decouples for us.
90 	 */
91 
92 	switch (sig) {
93 	case SIGHUP:
94 		break;
95 	case SIGUSR1:
96 		break;
97 	case SIGTERM:
98 	case SIGINT:
99 		listen_shutdown();
100 		/* NOTREACHED */
101 		break;
102 	default:
103 		fatalx("unexpected signal");
104 	}
105 }
106 
107 static uint64_t
108 client_hash(uint32_t client_id)
109 {
110 	return SipHash24(&clients_hash_key, &client_id, sizeof(client_id));
111 }
112 
113 static void
114 add_client(struct gotd_listen_client *client)
115 {
116 	uint64_t slot = client_hash(client->id) % nitems(gotd_listen_clients);
117 	STAILQ_INSERT_HEAD(&gotd_listen_clients[slot], client, entry);
118 	listen_client_cnt++;
119 }
120 
121 static struct gotd_listen_client *
122 find_client(uint32_t client_id)
123 {
124 	uint64_t slot;
125 	struct gotd_listen_client *c;
126 
127 	slot = client_hash(client_id) % nitems(gotd_listen_clients);
128 	STAILQ_FOREACH(c, &gotd_listen_clients[slot], entry) {
129 		if (c->id == client_id)
130 			return c;
131 	}
132 
133 	return NULL;
134 }
135 
136 static uint32_t
137 get_client_id(void)
138 {
139 	int duplicate = 0;
140 	uint32_t id;
141 
142 	do {
143 		id = arc4random();
144 		duplicate = (find_client(id) != NULL);
145 	} while (duplicate || id == 0);
146 
147 	return id;
148 }
149 
150 static uint64_t
151 uid_hash(uid_t euid)
152 {
153 	return SipHash24(&uid_hash_key, &euid, sizeof(euid));
154 }
155 
156 static void
157 add_uid_connection_counter(struct gotd_uid_connection_counter *counter)
158 {
159 	uint64_t slot = uid_hash(counter->euid) % nitems(gotd_client_uids);
160 	STAILQ_INSERT_HEAD(&gotd_client_uids[slot], counter, entry);
161 }
162 
163 static void
164 remove_uid_connection_counter(struct gotd_uid_connection_counter *counter)
165 {
166 	uint64_t slot = uid_hash(counter->euid) % nitems(gotd_client_uids);
167 	STAILQ_REMOVE(&gotd_client_uids[slot], counter,
168 	    gotd_uid_connection_counter, entry);
169 }
170 
171 static struct gotd_uid_connection_counter *
172 find_uid_connection_counter(uid_t euid)
173 {
174 	uint64_t slot;
175 	struct gotd_uid_connection_counter *c;
176 
177 	slot = uid_hash(euid) % nitems(gotd_client_uids);
178 	STAILQ_FOREACH(c, &gotd_client_uids[slot], entry) {
179 		if (c->euid == euid)
180 			return c;
181 	}
182 
183 	return NULL;
184 }
185 
186 static const struct got_error *
187 disconnect(struct gotd_listen_client *client)
188 {
189 	struct gotd_uid_connection_counter *counter;
190 	uint64_t slot;
191 	int client_fd;
192 
193 	log_debug("client on fd %d disconnecting", client->fd);
194 
195 	slot = client_hash(client->id) % nitems(gotd_listen_clients);
196 	STAILQ_REMOVE(&gotd_listen_clients[slot], client,
197 	    gotd_listen_client, entry);
198 
199 	counter = find_uid_connection_counter(client->euid);
200 	if (counter) {
201 		if (counter->nconnections > 0)
202 			counter->nconnections--;
203 		if (counter->nconnections == 0) {
204 			remove_uid_connection_counter(counter);
205 			free(counter);
206 		}
207 	}
208 
209 	client_fd = client->fd;
210 	free(client);
211 	inflight--;
212 	listen_client_cnt--;
213 	if (close(client_fd) == -1)
214 		return got_error_from_errno("close");
215 
216 	return NULL;
217 }
218 
219 static int
220 accept_reserve(int fd, struct sockaddr *addr, socklen_t *addrlen,
221     int reserve, volatile int *counter)
222 {
223 	int ret;
224 	int sock_flags = SOCK_NONBLOCK;
225 
226 #ifdef SOCK_CLOEXEC
227 	sock_flags |= SOCK_CLOEXEC;
228 #endif
229 
230 	if (getdtablecount() + reserve +
231 	    ((*counter + 1) * GOTD_FD_NEEDED) >= getdtablesize()) {
232 		log_debug("inflight fds exceeded");
233 		errno = EMFILE;
234 		return -1;
235 	}
236 #ifdef __APPLE__
237 	/* TA:  silence warning from GCC. */
238 	(void)sock_flags;
239 	ret = accept(fd, addr, addrlen);
240 #else
241 	ret = accept4(fd, addr, addrlen, sock_flags);
242 #endif
243 
244 	if (ret > -1) {
245 		(*counter)++;
246 	}
247 
248 	return ret;
249 }
250 
251 static void
252 gotd_accept_paused(int fd, short event, void *arg)
253 {
254 	event_add(&gotd_listen.iev.ev, NULL);
255 }
256 
257 static void
258 gotd_accept(int fd, short event, void *arg)
259 {
260 	struct gotd_imsgev *iev = arg;
261 	struct sockaddr_storage ss;
262 	struct timeval backoff;
263 	socklen_t len;
264 	int s = -1;
265 	struct gotd_listen_client *client = NULL;
266 	struct gotd_uid_connection_counter *counter = NULL;
267 	struct gotd_imsg_connect iconn;
268 	uid_t euid;
269 	gid_t egid;
270 
271 	backoff.tv_sec = 1;
272 	backoff.tv_usec = 0;
273 
274 	if (event_add(&gotd_listen.iev.ev, NULL) == -1) {
275 		log_warn("event_add");
276 		return;
277 	}
278 	if (event & EV_TIMEOUT)
279 		return;
280 
281 	len = sizeof(ss);
282 
283 	/* Other backoff conditions apart from EMFILE/ENFILE? */
284 	s = accept_reserve(fd, (struct sockaddr *)&ss, &len, GOTD_FD_RESERVE,
285 	    &inflight);
286 	if (s == -1) {
287 		switch (errno) {
288 		case EINTR:
289 		case EWOULDBLOCK:
290 		case ECONNABORTED:
291 			return;
292 		case EMFILE:
293 		case ENFILE:
294 			event_del(&gotd_listen.iev.ev);
295 			evtimer_add(&gotd_listen.pause.ev, &backoff);
296 			return;
297 		default:
298 			log_warn("accept");
299 			return;
300 		}
301 	}
302 
303 	if (listen_client_cnt >= GOTD_MAXCLIENTS)
304 		goto err;
305 
306 	if (getpeereid(s, &euid, &egid) == -1) {
307 		log_warn("getpeerid");
308 		goto err;
309 	}
310 
311 	counter = find_uid_connection_counter(euid);
312 	if (counter == NULL) {
313 		counter = calloc(1, sizeof(*counter));
314 		if (counter == NULL) {
315 			log_warn("%s: calloc", __func__);
316 			goto err;
317 		}
318 		counter->euid = euid;
319 		counter->nconnections = 1;
320 		add_uid_connection_counter(counter);
321 	} else {
322 		int max_connections = GOTD_MAX_CONN_PER_UID;
323 		struct gotd_uid_connection_limit *limit;
324 
325 		limit = gotd_find_uid_connection_limit(
326 		    gotd_listen.connection_limits,
327 		    gotd_listen.nconnection_limits, euid);
328 		if (limit)
329 			max_connections = limit->max_connections;
330 
331 		if (counter->nconnections >= max_connections) {
332 			log_warnx("maximum connections exceeded for uid %d",
333 			    euid);
334 			goto err;
335 		}
336 		counter->nconnections++;
337 	}
338 
339 	client = calloc(1, sizeof(*client));
340 	if (client == NULL) {
341 		log_warn("%s: calloc", __func__);
342 		goto err;
343 	}
344 	client->id = get_client_id();
345 	client->fd = s;
346 	client->euid = euid;
347 	s = -1;
348 	add_client(client);
349 	log_debug("%s: new client connected on fd %d uid %d gid %d", __func__,
350 	    client->fd, euid, egid);
351 
352 	memset(&iconn, 0, sizeof(iconn));
353 	iconn.client_id = client->id;
354 	iconn.euid = euid;
355 	iconn.egid = egid;
356 	s = dup(client->fd);
357 	if (s == -1) {
358 		log_warn("%s: dup", __func__);
359 		goto err;
360 	}
361 	if (gotd_imsg_compose_event(iev, GOTD_IMSG_CONNECT, PROC_LISTEN, s,
362 	    &iconn, sizeof(iconn)) == -1) {
363 		log_warn("imsg compose CONNECT");
364 		goto err;
365 	}
366 
367 	return;
368 err:
369 	inflight--;
370 	if (client)
371 		disconnect(client);
372 	if (s != -1)
373 		close(s);
374 }
375 
376 static const struct got_error *
377 recv_disconnect(struct imsg *imsg)
378 {
379 	struct gotd_imsg_disconnect idisconnect;
380 	size_t datalen;
381 	struct gotd_listen_client *client = NULL;
382 
383 	datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
384 	if (datalen != sizeof(idisconnect))
385 		return got_error(GOT_ERR_PRIVSEP_LEN);
386 	memcpy(&idisconnect, imsg->data, sizeof(idisconnect));
387 
388 	log_debug("client disconnecting");
389 
390 	client = find_client(idisconnect.client_id);
391 	if (client == NULL)
392 		return got_error(GOT_ERR_CLIENT_ID);
393 
394 	return disconnect(client);
395 }
396 
397 static void
398 listen_dispatch(int fd, short event, void *arg)
399 {
400 	const struct got_error *err = NULL;
401 	struct gotd_imsgev *iev = arg;
402 	struct imsgbuf *ibuf = &iev->ibuf;
403 	struct imsg imsg;
404 	ssize_t n;
405 	int shut = 0;
406 
407 	if (event & EV_READ) {
408 		if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
409 			fatal("imsg_read error");
410 		if (n == 0)	/* Connection closed. */
411 			shut = 1;
412 	}
413 
414 	if (event & EV_WRITE) {
415 		n = msgbuf_write(&ibuf->w);
416 		if (n == -1 && errno != EAGAIN)
417 			fatal("msgbuf_write");
418 		if (n == 0)	/* Connection closed. */
419 			shut = 1;
420 	}
421 
422 	for (;;) {
423 		if ((n = imsg_get(ibuf, &imsg)) == -1)
424 			fatal("%s: imsg_get", __func__);
425 		if (n == 0)	/* No more messages. */
426 			break;
427 
428 		switch (imsg.hdr.type) {
429 		case GOTD_IMSG_DISCONNECT:
430 			err = recv_disconnect(&imsg);
431 			if (err)
432 				log_warnx("disconnect: %s", err->msg);
433 			break;
434 		default:
435 			log_debug("unexpected imsg %d", imsg.hdr.type);
436 			break;
437 		}
438 
439 		imsg_free(&imsg);
440 	}
441 
442 	if (!shut) {
443 		gotd_imsg_event_add(iev);
444 	} else {
445 		/* This pipe is dead. Remove its event handler */
446 		event_del(&iev->ev);
447 		event_loopexit(NULL);
448 	}
449 }
450 
451 void
452 listen_main(const char *title, int gotd_socket,
453     struct gotd_uid_connection_limit *connection_limits,
454     size_t nconnection_limits)
455 {
456 	struct gotd_imsgev iev;
457 	struct event evsigint, evsigterm, evsighup, evsigusr1;
458 
459 	arc4random_buf(&clients_hash_key, sizeof(clients_hash_key));
460 	arc4random_buf(&uid_hash_key, sizeof(uid_hash_key));
461 
462 	gotd_listen.title = title;
463 	gotd_listen.pid = getpid();
464 	gotd_listen.fd = gotd_socket;
465 	gotd_listen.connection_limits = connection_limits;
466 	gotd_listen.nconnection_limits = nconnection_limits;
467 
468 	signal_set(&evsigint, SIGINT, listen_sighdlr, NULL);
469 	signal_set(&evsigterm, SIGTERM, listen_sighdlr, NULL);
470 	signal_set(&evsighup, SIGHUP, listen_sighdlr, NULL);
471 	signal_set(&evsigusr1, SIGUSR1, listen_sighdlr, NULL);
472 	signal(SIGPIPE, SIG_IGN);
473 
474 	signal_add(&evsigint, NULL);
475 	signal_add(&evsigterm, NULL);
476 	signal_add(&evsighup, NULL);
477 	signal_add(&evsigusr1, NULL);
478 
479 	imsg_init(&iev.ibuf, GOTD_FILENO_MSG_PIPE);
480 	iev.handler = listen_dispatch;
481 	iev.events = EV_READ;
482 	iev.handler_arg = NULL;
483 	event_set(&iev.ev, iev.ibuf.fd, EV_READ, listen_dispatch, &iev);
484 	if (event_add(&iev.ev, NULL) == -1)
485 		fatalx("event add");
486 
487 	event_set(&gotd_listen.iev.ev, gotd_listen.fd, EV_READ | EV_PERSIST,
488 	    gotd_accept, &iev);
489 	if (event_add(&gotd_listen.iev.ev, NULL))
490 		fatalx("event add");
491 	evtimer_set(&gotd_listen.pause.ev, gotd_accept_paused, NULL);
492 
493 	event_dispatch();
494 
495 	listen_shutdown();
496 }
497 
498 static void
499 listen_shutdown(void)
500 {
501 	log_debug("%s: shutting down", gotd_listen.title);
502 
503 	free(gotd_listen.connection_limits);
504 	if (gotd_listen.fd != -1)
505 		close(gotd_listen.fd);
506 
507 	exit(0);
508 }