struct Admin* Admin_new(Dict* config,
char* user,
struct event_base* eventBase,
struct ExceptionHandler* eh,
struct Allocator* allocator)
{
errno = 0;
int pipes[2][2];
if (pipe(pipes[0]) || pipe(pipes[1])) {
eh->exception(__FILE__ " Failed to create pipes.", errno, eh);
}
int pgid = getpid();
int pid = fork();
if (pid < 0) {
eh->exception(__FILE__ " Failed to fork()", errno, eh);
}
bool isChild = (pid == 0);
int inFd = pipes[isChild][0];
close(pipes[!isChild][0]);
int outFd = pipes[!isChild][1];
close(pipes[isChild][1]);
if (isChild) {
// Set the process group so that children will not
// become orphaned if the parent gets signal 11 err um 9.
setpgid(0, pgid);
if (user) {
Security_setUser(user, NULL, AbortHandler_INSTANCE);
}
struct ChildContext context;
memset(&context, 0, sizeof(struct ChildContext));
context.inFd = inFd;
context.outFd = outFd;
context.allocator = allocator;
event_reinit(eventBase);
context.eventBase = eventBase;
child(config, &context);
exit(0);
}
setpgid(pid, pgid);
struct Admin* admin = allocator->calloc(sizeof(struct Admin), 1, allocator);
admin->inFd = inFd;
admin->outFd = outFd;
admin->allocator = allocator;
admin->functionCount = 0;
admin->eventBase = eventBase;
admin->password = Dict_getString(config, BSTR("password"));
admin->pipeEv = event_new(eventBase, inFd, EV_READ | EV_PERSIST, inFromChild, admin);
event_add(admin->pipeEv, NULL);
return admin;
}
static void sendConfToCore(struct Interface* toCoreInterface,
struct Allocator* tempAlloc,
Dict* config,
struct Except* eh,
struct Log* logger)
{
#define CONFIG_BUFF_SIZE 1024
uint8_t buff[CONFIG_BUFF_SIZE + 32] = {0};
uint8_t* start = buff + 32;
struct Writer* writer = ArrayWriter_new(start, CONFIG_BUFF_SIZE - 33, tempAlloc);
if (StandardBencSerializer_get()->serializeDictionary(writer, config)) {
Except_raise(eh, -1, "Failed to serialize pre-configuration for core.");
}
struct Message* m = &(struct Message) {
.bytes = start,
.length = writer->bytesWritten,
.padding = 32
};
m = Message_clone(m, tempAlloc);
Log_keys(logger, "Sent [%d] bytes to core [%s].", m->length, m->bytes);
toCoreInterface->sendMessage(m, toCoreInterface);
}
static void setUser(char* user, struct Log* logger, struct Except* eh)
{
struct Jmp jmp;
Jmp_try(jmp) {
Security_setUser(user, logger, &jmp.handler);
} Jmp_catch {
if (jmp.code == Security_setUser_PERMISSION) {
return;
}
Except_raise(eh, jmp.code, "%s", jmp.message);
}
}
static struct Pipe* getClientPipe(int argc,
char** argv,
struct EventBase* base,
struct Except* eh,
struct Allocator* alloc)
{
int inFromClientNo;
int outToClientNo;
if (argc < 4 || (inFromClientNo = atoi(argv[2])) == 0) {
inFromClientNo = STDIN_FILENO;
}
if (argc < 4 || (outToClientNo = atoi(argv[3])) == 0) {
outToClientNo = STDOUT_FILENO;
}
// named pipe.
if (argc > 2 && inFromClientNo == STDIN_FILENO) {
return Pipe_named(argv[2], base, eh, alloc);
}
return Pipe_forFiles(inFromClientNo, outToClientNo, base, eh, alloc);
}
static void setUser(Dict* args, void* vcontext, String* txid)
{
struct Context* const ctx = (struct Context*) vcontext;
struct Jmp jmp;
Jmp_try(jmp) {
String* user = Dict_getString(args, String_CONST("user"));
Security_setUser(user->bytes, ctx->logger, &jmp.handler);
} Jmp_catch {
sendError(jmp.message, txid, ctx->admin);
return;
}
sendError("none", txid, ctx->admin);
}
static void setUser(Dict* args, void* vctx, String* txid, struct Allocator* requestAlloc)
{
struct Context* const ctx = Identity_check((struct Context*) vctx);
struct Jmp jmp;
Jmp_try(jmp) {
int64_t* user = Dict_getIntC(args, "uid");
int64_t* group = Dict_getIntC(args, "gid");
int gid = group ? (int)*group : 0;
int64_t* keepNetAdmin = Dict_getIntC(args, "keepNetAdmin");
Security_setUser(*user, gid, *keepNetAdmin, ctx->logger, &jmp.handler, requestAlloc);
} Jmp_catch {
sendError(jmp.message, txid, ctx->admin);
return;
}
sendError("none", txid, ctx->admin);
}
static void security(List* config, struct Log* logger, struct ExceptionHandler* eh)
{
if (!config) {
return;
}
bool nofiles = false;
for (int i = 0; i < List_size(config); i++) {
String* s = List_getString(config, i);
if (s && String_equals(s, BSTR("nofiles"))) {
nofiles = true;
}
}
char* user = setUser(config);
if (user) {
Log_info1(logger, "Changing user to [%s]\n", user);
Security_setUser(user, logger, eh);
}
if (nofiles) {
Log_info(logger, "Setting max open files to zero.\n");
Security_noFiles(eh);
}
}
static void sendConfToCore(struct Interface* toCoreInterface,
struct Allocator* alloc,
Dict* config,
struct Except* eh,
struct Log* logger)
{
#define CONFIG_BUFF_SIZE 1024
uint8_t buff[CONFIG_BUFF_SIZE + 32] = {0};
uint8_t* start = buff + 32;
struct Writer* writer = ArrayWriter_new(start, CONFIG_BUFF_SIZE - 33, alloc);
if (StandardBencSerializer_get()->serializeDictionary(writer, config)) {
Except_raise(eh, -1, "Failed to serialize pre-configuration for core.");
}
struct Message m = {
.bytes = start,
.length = writer->bytesWritten(writer),
.padding = 32
};
Log_keys(logger, "Sent [%d] bytes to core [%s].", m.length, m.bytes);
toCoreInterface->sendMessage(&m, toCoreInterface);
}
static void setUser(char* user, struct Log* logger, struct Except* eh)
{
struct Jmp jmp;
Jmp_try(jmp) {
Security_setUser(user, logger, &jmp.handler);
} Jmp_catch {
if (jmp.code == Security_setUser_PERMISSION) {
return;
}
Except_raise(eh, jmp.code, "%s", jmp.message);
}
}
/**
* Input:
* {
* "admin": {
* "core": "/path/to/core/binary",
* "bind": "127.0.0.1:12345",
* "pass": "******",
* "user": "******"
* }
* }
* for example:
* d5:admind4:core30:./build/admin/angel/cjdns-core4:bind15:127.0.0.1:123454:pass4:abcdee
*
* Pre-existing core mode:
* {
* "admin": {
* "core": {
* "fromCore": 12,
* "toCore": 14
* },
* "bind": "127.0.0.1:12345",
* "pass": "******",
* "user": "******"
* }
* }
*
* If "core" is a dictionary, the angel will behave as though the core is already spawned and
* it will read from the core on the file descriptor given by "fromCore" and write to the file
* given by "toCore".
*
* "user" is optional, if set the angel will setuid() that user's uid.
*/
int AngelInit_main(int argc, char** argv)
{
struct Except* eh = NULL;
int inFromClientNo;
int outToClientNo;
if (argc < 3 || (inFromClientNo = atoi(argv[2])) == 0) {
inFromClientNo = STDIN_FILENO;
}
if (argc < 4 || (outToClientNo = atoi(argv[3])) == 0) {
outToClientNo = STDOUT_FILENO;
}
struct Allocator* alloc = MallocAllocator_new(1<<21);
struct Writer* logWriter = FileWriter_new(stdout, alloc);
struct Log* logger = WriterLog_new(logWriter, alloc);
struct Random* rand = Random_new(alloc, logger, eh);
alloc = CanaryAllocator_new(alloc, rand);
struct Allocator* tempAlloc = Allocator_child(alloc);
struct EventBase* eventBase = EventBase_new(alloc);
Log_debug(logger, "Initializing angel with input [%d] and output [%d]",
inFromClientNo, outToClientNo);
Log_debug(logger, "Getting pre-configuration from client");
#define CONFIG_BUFF_SIZE 1024
uint8_t buff[CONFIG_BUFF_SIZE] = {0};
Waiter_getData(buff, CONFIG_BUFF_SIZE, inFromClientNo, eventBase, eh);
Log_debug(logger, "Finished getting pre-configuration from client");
struct Reader* reader = ArrayReader_new(buff, CONFIG_BUFF_SIZE, tempAlloc);
Dict config;
if (StandardBencSerializer_get()->parseDictionary(reader, tempAlloc, &config)) {
Except_raise(eh, -1, "Failed to parse configuration.");
}
Dict* admin = Dict_getDict(&config, String_CONST("admin"));
String* core = Dict_getString(admin, String_CONST("core"));
String* bind = Dict_getString(admin, String_CONST("bind"));
String* pass = Dict_getString(admin, String_CONST("pass"));
String* user = Dict_getString(admin, String_CONST("user"));
int toCore = -1;
int fromCore = -1;
if (!core) {
Dict* coreDict = Dict_getDict(admin, String_CONST("core"));
int64_t* toCorePtr = Dict_getInt(coreDict, String_CONST("toCore"));
int64_t* fromCorePtr = Dict_getInt(coreDict, String_CONST("fromCore"));
toCore = (toCorePtr) ? *toCorePtr : -1;
fromCore = (fromCorePtr) ? *fromCorePtr : -1;
}
if (!bind || !pass || (!core && (toCore == -1 || fromCore == -1))) {
Except_raise(eh, -1, "missing configuration params in preconfig. [%s]", buff);
}
if (core) {
Log_info(logger, "Initializing core [%s]", core->bytes);
initCore(core->bytes, &toCore, &fromCore, eh);
}
Log_debug(logger, "Sending pre-configuration to core.");
struct PipeInterface* pif =
PipeInterface_new(fromCore, toCore, eventBase, logger, alloc, rand);
struct Interface* coreIface = &pif->generic;
PipeInterface_waitUntilReady(pif);
sendConfToCore(coreIface, tempAlloc, &config, eh, logger);
struct Message* coreResponse = InterfaceWaiter_waitForData(coreIface, eventBase, tempAlloc, eh);
if (write(outToClientNo, coreResponse->bytes, coreResponse->length)) {
// Ignore the result of write() without the compiler complaining.
}
#ifdef Log_KEYS
uint8_t lastChar = coreResponse->bytes[coreResponse->length-1];
coreResponse->bytes[coreResponse->length-1] = 0;
Log_keys(logger, "Sent [%s%c] to client.", coreResponse->bytes, lastChar);
coreResponse->bytes[coreResponse->length-1] = lastChar;
#endif
if (user) {
setUser(user->bytes, logger, eh);
}
Allocator_free(tempAlloc);
Angel_start(coreIface, eventBase, logger, alloc);
return 0;
}
void Admin_sendMessage(Dict* message, String* txid, struct Admin* admin)
{
if (!admin) {
return;
}
Assert_true(txid);
uint8_t buff[MAX_API_REQUEST_SIZE + TXID_LEN];
// Write the inter-process txid.
Bits_memcpyConst(buff, txid->bytes, TXID_LEN);
uint8_t allocBuff[256];
struct Allocator* allocator = BufferAllocator_new(allocBuff, 256);
// Bounce back the user-supplied txid.
String userTxid = { .bytes = txid->bytes + TXID_LEN, .len = txid->len - TXID_LEN };
if (txid->len > TXID_LEN) {
Dict_putString(message, TXID, &userTxid, allocator);
}
struct Writer* w = ArrayWriter_new(buff + TXID_LEN, MAX_API_REQUEST_SIZE, allocator);
StandardBencSerializer_get()->serializeDictionary(w, message);
write(admin->outFd, buff, w->bytesWritten(w) + TXID_LEN);
}
struct Admin* Admin_new(struct sockaddr_storage* addr,
int addrLen,
String* password,
char* user,
struct event_base* eventBase,
struct ExceptionHandler* eh,
struct Log* logger,
struct Allocator* allocator)
{
errno = 0;
int pipes[2][2];
if (pipe(pipes[0]) || pipe(pipes[1])) {
eh->exception(__FILE__ " Failed to create pipes.", errno, eh);
}
int pgid = getpid();
int pid = fork();
if (pid < 0) {
eh->exception(__FILE__ " Failed to fork()", errno, eh);
}
bool isChild = (pid == 0);
int inFd = pipes[isChild][0];
close(pipes[!isChild][0]);
int outFd = pipes[!isChild][1];
close(pipes[isChild][1]);
if (isChild) {
// Set the process group so that children will not
// become orphaned if the parent gets signal 11 err um 9.
setpgid(0, pgid);
if (user) {
Security_setUser(user, NULL, AbortHandler_INSTANCE);
}
struct ChildContext context;
memset(&context, 0, sizeof(struct ChildContext));
context.inFd = inFd;
context.outFd = outFd;
context.allocator = allocator;
event_reinit(eventBase);
context.eventBase = eventBase;
child(addr, addrLen, user, &context);
fprintf(stderr, "Admin process exiting.");
exit(0);
}
setpgid(pid, pgid);
struct Admin* admin = allocator->calloc(sizeof(struct Admin), 1, allocator);
admin->inFd = inFd;
admin->outFd = outFd;
admin->allocator = allocator;
admin->logger = logger;
admin->functionCount = 0;
admin->eventBase = eventBase;
admin->password = password;
Bits_memcpyConst(&admin->address, addr, sizeof(struct sockaddr_storage));
admin->addressLength = addrLen;
admin->pipeEv = event_new(eventBase, inFd, EV_READ | EV_PERSIST, inFromChild, admin);
event_add(admin->pipeEv, NULL);
event_base_dispatch(eventBase);
return admin;
}
void setUser(String* name)
{
if (name) {
Security_setUser(name->bytes, NULL, AbortHandler_INSTANCE);
}
}
