void SSH::initialize()
{
#if !LAUNCHER_LINUX
ssh_threads_set_callbacks(ssh_threads_get_std_threads());
#endif
ssh_init();
}
static int setup(void **state) {
struct hostkey_state *h;
mode_t mask;
ssh_threads_set_callbacks(ssh_threads_get_pthread());
ssh_init();
h = malloc(sizeof(struct hostkey_state));
assert_non_null(h);
h->hostkey_path = strdup("/tmp/libssh_hostkey_XXXXXX");
mask = umask(S_IRWXO | S_IRWXG);
h->fd = mkstemp(h->hostkey_path);
umask(mask);
assert_return_code(h->fd, errno);
close(h->fd);
h->key_type = SSH_KEYTYPE_ECDSA;
h->hostkey = torture_get_testkey(h->key_type, 0, 0);
torture_write_file(h->hostkey_path, h->hostkey);
*state = h;
return 0;
}
void InitSSH()
{
ssh_threads_wal.type = "threads_wal";
ssh_threads_wal.mutex_init = ssh_wal_mutex_init;
ssh_threads_wal.mutex_destroy = ssh_wal_mutex_destroy;
ssh_threads_wal.mutex_lock = ssh_wal_mutex_lock;
ssh_threads_wal.mutex_unlock = ssh_wal_mutex_unlock;
ssh_threads_wal.thread_id = ssh_wal_thread_id;
ssh_threads_set_callbacks( &ssh_threads_wal );
ssh_init();
}
SSHServer *SSHServerNew()
{
SSHServer *ts = NULL;
if( ( ts = calloc( 1, sizeof( SSHServer ) ) ) != NULL )
{
#ifdef ENABLE_SSH
ssh_threads_set_callbacks( ssh_threads_get_pthread() );
ssh_init();
ts->sshs_Thread = ThreadNew( SSHThread, ts );
#endif
}
return ts;
}
static int pkd_init_libssh(void)
{
int rc = ssh_threads_set_callbacks(ssh_threads_get_pthread());
return (rc == SSH_OK) ? 0 : 1;
}
API int nc_init(int flags)
{
int retval = 0, r, init_shm = 1, fd;
char* t, my_comm[NC_APPS_COMM_MAX+1];
pthread_rwlockattr_t rwlockattr;
mode_t mask;
#ifndef POSIX_SHM
key_t key = -4;
#endif
if (nc_init_flags & NC_INIT_DONE) {
ERROR("libnetconf already initiated!");
return (-1);
}
#ifndef DISABLE_LIBSSH
if (flags & NC_INIT_LIBSSH_PTHREAD) {
ssh_threads_set_callbacks(ssh_threads_get_pthread());
ssh_init();
nc_init_flags |= NC_INIT_LIBSSH_PTHREAD;
}
#endif
if (flags == NC_INIT_CLIENT) {
nc_init_flags |= NC_INIT_CLIENT;
return (retval);
}
if ((flags & (NC_INIT_MULTILAYER | NC_INIT_SINGLELAYER)) != NC_INIT_MULTILAYER &&
(flags & (NC_INIT_MULTILAYER | NC_INIT_SINGLELAYER)) != NC_INIT_SINGLELAYER) {
ERROR("Either single-layer or multi-layer flag must be used in initialization.");
return (-1);
}
/* some flags need other flags, so check that all dependencies are fullfilled */
if (flags & NC_INIT_NACM) {
flags |= NC_INIT_DATASTORES;
}
if (flags & NC_INIT_KEEPALIVECHECK) {
flags |= NC_INIT_MONITORING;
}
if (flags & (NC_INIT_DATASTORES | NC_INIT_MONITORING | NC_INIT_NACM)) {
#ifndef POSIX_SHM
DBG("Shared memory key: %d", key);
mask = umask(MASK_PERM);
shmid = shmget(key, sizeof(struct nc_shared_info), IPC_CREAT | IPC_EXCL | FILE_PERM);
umask(mask);
if (shmid == -1) {
if (errno == EEXIST) {
shmid = shmget(key, sizeof(struct nc_shared_info), 0);
init_shm = 0;
}
if (shmid == -1) {
ERROR("Accessing System V shared memory failed (%s).", strerror(errno));
return (-1);
}
}
DBG("Shared memory ID: %d", shmid);
/* attach memory */
nc_info = shmat(shmid, NULL, 0);
if (nc_info == (void*) -1) {
ERROR("Attaching System V shared memory failed (%s). You can try removing the memory by \"ipcrm -m %d\".", strerror(errno), shmid);
nc_info = NULL;
return (-1);
}
#else
DBG("Shared memory location: /dev/shm/"NC_POSIX_SHM_OBJECT);
mask = umask(MASK_PERM);
fd = shm_open(NC_POSIX_SHM_OBJECT, O_CREAT | O_EXCL | O_RDWR, FILE_PERM);
umask(mask);
if (fd == -1) {
if (errno == EEXIST) {
DBG("Shared memory file %s already exists - opening", NC_POSIX_SHM_OBJECT);
fd = shm_open(NC_POSIX_SHM_OBJECT, O_RDWR, 0);
init_shm = 0;
}
if (fd == -1) {
ERROR("Accessing POSIX shared memory failed (%s).", strerror(errno));
return (-1);
}
}
DBG("POSIX SHM File Descriptor: %d (%dB).", fd, sizeof(struct nc_shared_info));
if (ftruncate(fd,sizeof(struct nc_shared_info)) == -1 ) {
ERROR("Truncating POSIX shared memory failed (%s).", strerror(errno));
shm_unlink(NC_POSIX_SHM_OBJECT);
return (-1);
}
nc_info = mmap(NULL, sizeof(struct nc_shared_info), PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
if (nc_info == MAP_FAILED) {
ERROR("Mapping POSIX shared memory failed (%s).", strerror(errno));
shm_unlink(NC_POSIX_SHM_OBJECT);
return (-1);
}
#endif /* #ifndef POSIX_SHM */
/* get my comm */
my_comm[0] = '\0';
fd = open("/proc/self/comm", O_RDONLY);
if (fd != -1) {
r = read(fd, my_comm, NC_APPS_COMM_MAX);
close(fd);
if (r > 0) {
if (my_comm[r-1] == '\n') {
my_comm[r-1] = '\0';
} else {
my_comm[r] = '\0';
}
}
}
if (init_shm) {
/* we created the shared memory, consider first even for single-layer */
first_after_close = 1;
/* clear the apps structure */
memset(nc_info->apps.valid, 0, NC_APPS_MAX * sizeof(unsigned char));
/* set last session id */
nc_info->last_session_id = 0;
/* init lock */
pthread_rwlockattr_init(&rwlockattr);
pthread_rwlockattr_setpshared(&rwlockattr, PTHREAD_PROCESS_SHARED);
if ((r = pthread_rwlock_init(&(nc_info->lock), &rwlockattr)) != 0) {
ERROR("Shared information lock initialization failed (%s)", strerror(r));
#ifdef POSIX_SHM
munmap(nc_info, sizeof(struct nc_shared_info));
shm_unlink(NC_POSIX_SHM_OBJECT);
#else
shmdt(nc_info);
#endif /* #ifdef POSIX_SHM */
return (-1);
}
pthread_rwlockattr_destroy(&rwlockattr);
/* LOCK */
r = pthread_rwlock_wrlock(&(nc_info->lock));
memset(nc_info->apps.valid, 0, NC_APPS_MAX * sizeof(unsigned char));
} else {
/* LOCK */
r = pthread_rwlock_wrlock(&(nc_info->lock));
/* check if I didn't crash before */
r = nc_apps_check(my_comm, &(nc_info->apps));
if (r & 1) {
/* I crashed */
retval |= NC_INITRET_RECOVERY;
nc_info->stats.participants--;
}
if (r & 2) {
/* shared memory existed and there are actually some running libnetconf apps */
first_after_close = 0;
retval |= NC_INITRET_NOTFIRST;
} else if (flags & NC_INIT_MULTILAYER) {
/* shared memory contained only crash info, multi-layer is considered first, ... */
first_after_close = 1;
} else {
/* ... single-layer not */
first_after_close = 0;
}
}
if (first_after_close) {
/* we are certain we can do this */
nc_shared_cleanup(0);
/* init the information structure */
strncpy(nc_info->stats.start_time, t = nc_time2datetime(time(NULL), NULL), TIME_LENGTH);
free(t);
}
/* update shared memory with this process's information */
nc_info->stats.participants++;
nc_apps_add(my_comm, &(nc_info->apps));
/* UNLOCK */
r = pthread_rwlock_unlock(&(nc_info->lock));
}
/*
* check used flags according to a compile time settings
*/
if (flags & NC_INIT_MULTILAYER) {
nc_init_flags |= NC_INIT_MULTILAYER;
} else {
nc_init_flags |= NC_INIT_SINGLELAYER;
}
#ifndef DISABLE_NOTIFICATIONS
if (flags & NC_INIT_NOTIF) {
nc_init_flags |= NC_INIT_NOTIF;
}
#endif /* DISABLE_NOTIFICATIONS */
if (flags & NC_INIT_NACM) {
nc_init_flags |= NC_INIT_NACM;
}
if (flags & NC_INIT_MONITORING) {
nc_init_flags |= NC_INIT_MONITORING;
}
if (flags & NC_INIT_DATASTORES) {
nc_init_flags |= NC_INIT_DATASTORES;
}
if (flags & NC_INIT_WD) {
nc_init_flags |= NC_INIT_WD;
}
#ifndef DISABLE_VALIDATION
if (flags & NC_INIT_VALIDATE) {
nc_init_flags |= NC_INIT_VALIDATE;
}
#endif
#ifndef DISABLE_URL
if (flags & NC_INIT_URL) {
nc_init_flags |= NC_INIT_URL;
}
#endif
if (flags & NC_INIT_KEEPALIVECHECK) {
nc_init_flags |= NC_INIT_KEEPALIVECHECK;
}
if (nc_init_flags & NC_INIT_DATASTORES) {
/*
* init internal datastores - they have to be initiated before they are
* used by their subsystems initiated below
*/
if (ncds_sysinit(nc_init_flags) != EXIT_SUCCESS) {
nc_init_flags = 0;
nc_init_flags &= !(NC_INIT_NOTIF & NC_INIT_NACM & NC_INIT_MONITORING & NC_INIT_DATASTORES);
return (-1);
}
if (first_after_close) {
/* break any locks forgotten from the previous run */
ncds_break_locks(NULL);
/* apply startup to running in internal datastores */
ncds_startup_internal();
}
/* set features for ietf-netconf */
ncds_feature_enable("ietf-netconf", "writable-running");
ncds_feature_enable("ietf-netconf", "startup");
ncds_feature_enable("ietf-netconf", "candidate");
ncds_feature_enable("ietf-netconf", "rollback-on-error");
if (nc_init_flags & NC_INIT_VALIDATE) {
ncds_feature_enable("ietf-netconf", "validate");
}
if (nc_init_flags & NC_INIT_URL) {
ncds_feature_enable("ietf-netconf", "url");
}
}
/* init NETCONF sessions statistics */
if (nc_init_flags & NC_INIT_MONITORING) {
nc_session_monitoring_init();
}
/* init NETCONF with-defaults capability */
if (nc_init_flags & NC_INIT_WD) {
ncdflt_set_basic_mode(NCWD_MODE_EXPLICIT);
ncdflt_set_supported(NCWD_MODE_ALL
| NCWD_MODE_ALL_TAGGED
| NCWD_MODE_TRIM
| NCWD_MODE_EXPLICIT);
}
#ifndef DISABLE_NOTIFICATIONS
/* init Notification subsystem */
if (nc_init_flags & NC_INIT_NOTIF) {
if (ncntf_init() != EXIT_SUCCESS) {
/* remove flags of uninitiated subsystems */
nc_init_flags &= !(NC_INIT_NOTIF & NC_INIT_NACM);
nc_close();
return (-1);
}
}
#endif
/* init Access Control subsystem */
if (nc_init_flags & NC_INIT_NACM) {
if (nacm_init() != EXIT_SUCCESS) {
/* remove flags of uninitiated subsystems */
nc_init_flags &= !NC_INIT_NACM;
nc_close();
return (-1);
}
}
nc_init_flags |= NC_INIT_DONE;
return (retval);
}
int
main (int argc,
char *argv[])
{
gint ret = 1;
CockpitWebServer *server = NULL;
GOptionContext *context;
CockpitHandlerData data;
GTlsCertificate *certificate = NULL;
GError *local_error = NULL;
GError **error = &local_error;
gchar **roots = NULL;
gchar *cert_path = NULL;
GMainLoop *loop = NULL;
signal (SIGPIPE, SIG_IGN);
g_setenv ("GSETTINGS_BACKEND", "memory", TRUE);
g_setenv ("GIO_USE_PROXY_RESOLVER", "dummy", TRUE);
g_setenv ("GIO_USE_VFS", "local", TRUE);
/* Any interaction with a krb5 ccache should be explicit */
g_setenv ("KRB5CCNAME", "FILE:/dev/null", TRUE);
g_setenv ("G_TLS_GNUTLS_PRIORITY", "SECURE128:%LATEST_RECORD_VERSION:-VERS-SSL3.0:-VERS-TLS1.0", FALSE);
g_type_init ();
ssh_threads_set_callbacks (ssh_threads_get_pthread());
ssh_init ();
memset (&data, 0, sizeof (data));
context = g_option_context_new (NULL);
g_option_context_add_main_entries (context, cmd_entries, NULL);
if (!g_option_context_parse (context, &argc, &argv, error))
{
goto out;
}
if (opt_version)
{
print_version ();
ret = 0;
goto out;
}
cockpit_set_journal_logging (NULL, !isatty (2));
if (opt_no_tls)
{
/* no certificate */
}
else
{
cert_path = cockpit_certificate_locate (FALSE, error);
if (cert_path != NULL)
certificate = cockpit_certificate_load (cert_path, error);
if (certificate == NULL)
goto out;
g_info ("Using certificate: %s", cert_path);
}
loop = g_main_loop_new (NULL, FALSE);
data.os_release = cockpit_system_load_os_release ();
data.auth = cockpit_auth_new (opt_local_ssh);
roots = calculate_static_roots (data.os_release);
data.static_roots = (const gchar **)roots;
server = cockpit_web_server_new (opt_port,
certificate,
NULL,
NULL,
error);
if (server == NULL)
{
g_prefix_error (error, "Error starting web server: ");
goto out;
}
if (cockpit_web_server_get_socket_activated (server))
g_signal_connect_swapped (data.auth, "idling", G_CALLBACK (g_main_loop_quit), loop);
/* Ignores stuff it shouldn't handle */
g_signal_connect (server,
"handle-stream",
G_CALLBACK (cockpit_handler_socket),
&data);
g_signal_connect (server,
"handle-resource::/login",
G_CALLBACK (cockpit_handler_login),
&data);
/* Don't redirect to TLS for /ping */
g_object_set (server, "ssl-exception-prefix", "/ping", NULL);
g_signal_connect (server, "handle-resource::/ping",
G_CALLBACK (cockpit_handler_ping), &data);
g_signal_connect (server, "handle-resource::/",
G_CALLBACK (cockpit_handler_resource), &data);
g_signal_connect (server, "handle-resource::/cockpit/",
G_CALLBACK (cockpit_handler_resource), &data);
/* Files that cannot be cache-forever, because of well known names */
g_signal_connect (server, "handle-resource::/favicon.ico",
G_CALLBACK (cockpit_handler_root), &data);
g_signal_connect (server, "handle-resource::/apple-touch-icon.png",
G_CALLBACK (cockpit_handler_root), &data);
g_main_loop_run (loop);
ret = 0;
out:
if (loop)
g_main_loop_unref (loop);
if (local_error)
{
g_printerr ("cockpit-ws: %s\n", local_error->message);
g_error_free (local_error);
}
g_clear_object (&server);
g_clear_object (&data.auth);
if (data.os_release)
g_hash_table_unref (data.os_release);
g_clear_object (&certificate);
g_free (cert_path);
g_strfreev (roots);
cockpit_conf_cleanup ();
return ret;
}