void startprocessor(struct cyclog *d)
{
const char *args[4];
int fd;
sig_uncatch(sig_term);
sig_uncatch(sig_alarm);
sig_unblock(sig_term);
sig_unblock(sig_alarm);
fd = open_read("previous");
if (fd == -1) return;
if (fd_move(0,fd) == -1) return;
fd = open_trunc("processed");
if (fd == -1) return;
if (fd_move(1,fd) == -1) return;
fd = open_read("state");
if (fd == -1) return;
if (fd_move(4,fd) == -1) return;
fd = open_trunc("newstate");
if (fd == -1) return;
if (fd_move(5,fd) == -1) return;
args[0] = "sh";
args[1] = "-c";
args[2] = d->processor;
args[3] = 0;
execve("/bin/sh",args,environ);
}
int flushread(int fd,char *buf,int len)
{
int j;
for (j = 0;j < cnum;++j)
buffer_flush(&c[j].ss);
if (flagforcerotate) {
for (j = 0;j < cnum;++j)
if (c[j].bytes > 0)
fullcurrent(&c[j]);
flagforcerotate = 0;
}
if (!len) return 0;
if (flagexitasap) {
if (flagnewline) return 0;
len = 1;
}
sig_unblock(sig_term);
sig_unblock(sig_alarm);
len = read(fd,buf,len);
sig_block(sig_term);
sig_block(sig_alarm);
if (len <= 0) return len;
flagnewline = (buf[len - 1] == '\n');
return len;
}
static void startservice(struct svdir *s)
{
int p;
char *run[2];
if (s->state == S_FINISH)
run[0] = (char*)"./finish";
else {
run[0] = (char*)"./run";
custom(s, 'u');
}
run[1] = NULL;
if (s->pid != 0)
stopservice(s); /* should never happen */
while ((p = vfork()) == -1) {
warn_cannot("vfork, sleeping");
sleep(5);
}
if (p == 0) {
/* child */
if (haslog) {
/* NB: bug alert! right order is close, then dup2 */
if (s->islog) {
xchdir("./log");
close(logpipe.wr);
xdup2(logpipe.rd, 0);
} else {
close(logpipe.rd);
xdup2(logpipe.wr, 1);
}
}
bb_signals(0
+ (1 << SIGCHLD)
+ (1 << SIGTERM)
, SIG_DFL);
sig_unblock(SIGCHLD);
sig_unblock(SIGTERM);
execvp(*run, run);
fatal2_cannot(s->islog ? "start log/" : "start ", *run);
}
/* parent */
if (s->state != S_FINISH) {
gettimeofday_ns(&s->start);
s->state = S_RUN;
}
s->pid = p;
pidchanged = 1;
s->ctrl = C_NOOP;
update_status(s);
}
int run_parts(char *dir, char *cmd)
{
struct dirent **e;
int i, num;
num = scandir(dir, &e, NULL, alphasort);
if (num < 0) {
_d("No files found in %s, skipping ...", dir);
return -1;
}
for (i = 0; i < num; i++) {
int j = 0;
pid_t pid = 0;
mode_t mode;
char *args[NUM_ARGS];
char *name = e[i]->d_name;
char path[CMD_SIZE];
snprintf(path, sizeof(path), "%s/%s", dir, name);
mode = fmode(path);
if (!S_ISEXEC(mode) || S_ISDIR(mode)) {
_d("Skipping %s ...", path);
continue;
}
/* Fill in args[], starting with full path to executable */
args[j++] = path;
/* If the callee didn't supply a run_parts() argument */
if (!cmd) {
/* Check if S<NUM>service or K<NUM>service notation is used */
_d("Checking if %s is a sysvinit startstop script ...", name);
if (name[0] == 'S' && isdigit(name[1])) {
args[j++] = "start";
} else if (name[0] == 'K' && isdigit(name[1])) {
args[j++] = "stop";
}
} else {
args[j++] = cmd;
}
args[j++] = NULL;
pid = fork();
if (!pid) {
_d("Calling %s ...", path);
sig_unblock();
execv(path, args);
exit(0);
}
complete(path, pid);
}
while (num--)
free(e[num]);
free(e);
return 0;
}
/* Assuming the sig is fatal */
void kill_myself_with_sig(int sig)
{
signal(sig, SIG_DFL);
sig_unblock(sig);
raise(sig);
_exit(1); /* Should not reach it */
}
static void trystart(void)
{
pid_t pid;
fprintf(stderr, "start\n"); // FIXME path
pid = fork();
if(pid < 0) {
fprintf(stderr, "can't fork child process, sleeping 60 seconds: %s\n", strerror(errno)); // FIXME path
sleep(60);
return;
} else if(pid == 0) {
sig_uncatch(SIGCHLD);
sig_unblock(SIGCHLD);
if(opt_func) {
(*opt_func)(opt_func_data);
exit(0);
} else {
execvp(opt_argv[0], opt_argv);
fprintf(stderr, "can't execute %s: %s\n", opt_argv[0], strerror(errno)); // FIXME path
exit(127);
}
}
sleep(1);
g_pid = pid;
g_flagpaused = 0;
stat_pidchange();
stat_update();
}
/* Assuming the sig is fatal */
void FAST_FUNC kill_myself_with_sig(int sig)
{
signal(sig, SIG_DFL);
sig_unblock(sig);
raise(sig);
_exit(EXIT_FAILURE); /* Should not reach it */
}
int sh(char *tty)
{
int fd;
char *arg0;
char *args[2] = {
NULL,
NULL
};
size_t len;
struct termios term;
/* Detach from initial controlling TTY */
vhangup();
fd = open(tty, O_RDWR);
if (fd < 0)
err(1, "Failed opening %s", tty);
dup2(fd, STDIN_FILENO);
dup2(fd, STDOUT_FILENO);
dup2(fd, STDERR_FILENO);
if (ioctl(STDIN_FILENO, TIOCSCTTY, 1) < 0)
warn("Failed TIOCSCTTY");
/* The getty process is usually responsible for the UTMP login record */
utmp_set_login(tty, NULL);
/* Set up TTY, re-enabling ISIG et al. */
stty(fd, B0);
close(fd);
/* Start /bin/sh as a login shell, i.e. with a prefix '-' */
len = strlen(_PATH_BSHELL) + 2;
arg0 = malloc(len);
if (!arg0)
err(1, "Failed allocating memory");
snprintf(arg0, len, "-%s", _PATH_BSHELL);
args[0] = arg0;
/* Reenable Ctrl-D and Ctrl-C, and ... */
if (!tcgetattr(STDIN_FILENO, &term)) {
term.c_lflag |= ISIG;
term.c_cc[VEOF] = CTL('D');
term.c_cc[VINTR] = CTL('C');
tcsetattr(STDIN_FILENO, TCSANOW, &term);
}
/* ... unblock signals in general */
sig_unblock();
return execv(_PATH_BSHELL, args);
}
int main() {
int i;
sig_catch(SIGUSR1, sigusr1_handler);
sig_block(SIGUSR1);
sig_unblock(SIGUSR1);
for (i = 0; i < 3; i++)
sleep(3);
return 1;
}
void trystart(void)
{
int f;
switch(f = fork()) {
case -1:
strerr_warn4(WARNING,"unable to fork for ",dir,", sleeping 60 seconds: ",&strerr_sys);
deepsleep(60);
trigger();
return;
case 0:
sig_uncatch(sig_child);
sig_unblock(sig_child);
execve(*run,run,environ);
strerr_die4sys(111,FATAL,"unable to start ",dir,"/run: ");
}
flagpaused = 0;
pid = f;
pidchange();
announce();
deepsleep(1);
}
static void trystart()
{
int f;
switch(f = fork())
{
case -1:
write_log(fdlogwf, WARNING, "unable to fork for ", service, ", sleeping 60 seconds\n");
deepsleep(60);
trigger();
return;
case 0:
sig_uncatch(sig_child);
sig_unblock(sig_child);
execvp(cmd[0], cmdp);
write_log(fdlogwf, FATAL, "unable to start ", cmd[0], "\n");
_exit(1);
}
flagpaused = 0;
pid = f;
pidchange();
announce();
deepsleep(1);
}
int main(int argc,char **argv)
{
char *hostname, *x;
int c, s, t;
unsigned int u;
unsigned int cpid = 0;
opterr = 0;
while ((c = getopt(argc, argv, "dDoOC:k:c:")) != -1)
switch (c) {
case 'c':
limit = atoi(optarg);
if (limit == 0) usage();
break;
case 'd': flagdelay = 1; break;
case 'D': flagdelay = 0; break;
case 'O': flagkillopts = 1; break;
case 'o': flagkillopts = 0; break;
case 'C': cacheprogram = 1; break;
case 'k':
autokill = atoi(optarg);
if (autokill == 0) usage();
break;
default: abort();
}
argc -= optind;
argv += optind;
hostname = *argv++;
if (!hostname) usage();
x = *argv++;
if (!x) usage();
u = 0;
u = atoi(x);
if (u != 0) localport = u;
else usage();
if (!*argv) usage();
sig_block(sig_child);
sig_catch(sig_child,sigchld);
sig_catch(sig_term,sigterm);
sig_catch(sig_int,sigint);
sig_ignore(sig_pipe);
inet_aton(hostname, (struct in_addr *) &localip);
if (autokill != 0) pt = ptable_init(limit);
s = socket_tcp();
if (s == -1) die(111, "unable to create socket");
if (socket_bind4_reuse(s,localip,localport) == -1) die(111, "unable to bind");
if (socket_local4(s,localip,&localport) == -1) die(111, "unable to get local address");
if (socket_listen(s,20) == -1) die(111, "unable to listen");
ndelay_off(s);
fprintf(stderr, "bind: %s:%d\n", hostname, localport);
close(0);
close(1);
printstatus();
if (cacheprogram) {
FILE *fp1;
int fp2;
char path[1024];
ssize_t n;
fp1 = popen(*argv, "r");
if (fp1 == NULL) {
fprintf(stderr, "Failed to run command\n");
exit(1);
}
fp2 = open("/var/tmp/tcpd.cache", O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
if (fp2 == -1) {
fprintf(stderr, "Can't open cache file\n");
exit(1);
}
while ((n = fgets(path, sizeof(path)-1, fp1)) != NULL) {
if (write(fp2, path, n) == n) {
fprintf(stderr, "Error occured while creating cache\n");
exit(1);
}
}
/* close */
pclose(fp1);
close(fp2);
// read cache file into memory
FILE *f = fopen("/var/tmp/tcpd.cache", "rb");
fseek(f, 0, SEEK_END);
cachesize = ftell(f);
fseek(f, 0, SEEK_SET); //same as rewind(f);
cache = malloc(cachesize + 1);
n = fread(cache, cachesize, 1, f);
fclose(f);
cache[cachesize] = 0;
}
for (;;) {
while (numchildren >= limit) {
if (autokill != 0) ptable_autokill(pt, limit, autokill);
sig_pause();
}
sig_unblock(sig_child);
t = socket_accept4(s,remoteip,&remoteport);
sig_block(sig_child);
if (t == -1) continue;
++numchildren; printstatus();
fprintf(stderr, "inbound connection from %d.%d.%d.%d:%d\n", (unsigned char) remoteip[0], (unsigned char) remoteip[1], (unsigned char) remoteip[2], (unsigned char) remoteip[3], remoteport);
if (autokill != 0) ptable_autokill(pt,limit,autokill);
cpid = fork();
switch(cpid) {
case 0:
close(s);
if(flagkillopts) socket_ipoptionskill(t);
if(!flagdelay) socket_tcpnodelay(t);
if((fd_move(0,t) == -1) || (fd_copy(1,0) == -1)) die(111,"unable to setup descriptors");
sig_uncatch(sig_child);
sig_unblock(sig_child);
sig_uncatch(sig_term);
sig_uncatch(sig_int);
sig_uncatch(sig_pipe);
if (cacheprogram) {
printf("%s", cache);
close(t);
exit(0);
} else {
if(execve(*argv,argv,NULL) == 0) {
close(t);
exit(0);
} else {
die(111, "unable to run argv");
}
}
break;
case -1:
// unable to fork
eprint(P_WARN,"unable to fork");
--numchildren; printstatus();
break;
default:
fprintf(stderr, "fork: child pid %d\n", cpid);
if (autokill != 0) ptable_set(pt, limit, cpid, time(NULL));
break;
}
close(t);
}
}
void sig_childunblock() { sig_unblock(SIGCHLD); }
void doit(void)
{
iopause_fd x[2];
struct taia deadline;
struct taia stamp;
int wstat;
int r;
char ch;
announce();
for (;;) {
if (flagexit && !pid) return;
sig_unblock(sig_child);
x[0].fd = selfpipe[0];
x[0].events = IOPAUSE_READ;
x[1].fd = fdcontrol;
x[1].events = IOPAUSE_READ;
taia_now(&stamp);
taia_uint(&deadline,3600);
taia_add(&deadline,&stamp,&deadline);
iopause(x,2,&deadline,&stamp);
sig_block(sig_child);
while (read(selfpipe[0],&ch,1) == 1)
;
for (;;) {
r = wait_nohang(&wstat);
if (!r) break;
if ((r == -1) && (errno != error_intr)) break;
if (r == pid) {
pid = 0;
pidchange();
announce();
if (flagexit) return;
if (flagwant && flagwantup) trystart();
break;
}
}
if (read(fdcontrol,&ch,1) == 1)
switch(ch) {
case 'd':
flagwant = 1;
flagwantup = 0;
if (pid) { kill(pid,SIGTERM); kill(pid,SIGCONT); flagpaused = 0; }
announce();
break;
case 'u':
flagwant = 1;
flagwantup = 1;
announce();
if (!pid) trystart();
break;
case 'o':
flagwant = 0;
announce();
if (!pid) trystart();
break;
case 'a':
if (pid) kill(pid,SIGALRM);
break;
case 'h':
if (pid) kill(pid,SIGHUP);
break;
case 'k':
if (pid) kill(pid,SIGKILL);
break;
case 't':
if (pid) kill(pid,SIGTERM);
break;
case 'i':
if (pid) kill(pid,SIGINT);
break;
case 'p':
flagpaused = 1;
announce();
if (pid) kill(pid,SIGSTOP);
break;
case 'c':
flagpaused = 0;
announce();
if (pid) kill(pid,SIGCONT);
break;
case 'x':
flagexit = 1;
announce();
break;
}
}
}
int supervise_run(void)
{
g_pid = 0;
g_flagexit = 0;
g_flagwant = 1;
g_flagwantup = opt_auto_start;
g_flagpaused = 0;
sig_block(SIGCHLD);
sig_catch(SIGCHLD, sigchild_handler);
stat_pidchange();
stat_update();
if(g_flagwant && g_flagwantup) {
trystart();
}
while(1) {
char c;
ssize_t rl;
if(g_flagexit && !g_pid) { return 0; }
printf("waiting pid pid=%d\n",g_pid);
while(1) {
int stat;
int r = waitpid(-1, &stat, WNOHANG);
if(r == 0) { break; }
if(r < 0 && errno != EAGAIN && errno != EINTR) { break; }
if(r == g_pid) {
g_pid = 0;
stat_pidchange();
stat_update();
if(g_flagexit) { return 0; }
if(g_flagwant && g_flagwantup) {
trystart();
break;
}
}
}
printf("reading... pid=%d\n",g_pid);
sig_unblock(SIGCHLD);
rl = read(g_ctl_rfd, &c, 1);
if(rl <= 0) {
if(errno == EAGAIN || errno == EINTR) {
continue;
}
return -1;
}
sig_block(SIGCHLD);
switch(c) {
case 'd': /* down */
printf("down %d\n",g_pid);
g_flagwant = 1;
g_flagwantup = 0;
if(g_pid) {
kill(g_pid, SIGTERM);
kill(g_pid, SIGCONT);
g_flagpaused = 0;
}
stat_update();
break;
case 'u': /* up */
printf("up %d\n",g_pid);
g_flagwant = 1;
g_flagwantup = 1;
if(!g_pid) { trystart(); }
stat_update();
break;
case 'o': /* once */
printf("once %d\n",g_pid);
g_flagwant = 0;
if(!g_pid) { trystart(); }
stat_update();
break;
case 'x': /* exit */
printf("exit %d\n",g_pid);
g_flagexit = 1;
stat_update();
break;
case 'p': /* pause */
printf("pause %d\n",g_pid);
g_flagpaused = 1;
if(g_pid) { kill(g_pid, SIGSTOP); }
stat_update();
break;
case 'c': /* continue */
printf("continue %d\n",g_pid);
g_flagpaused = 0;
if(g_pid) { kill(g_pid, SIGCONT); }
stat_update();
break;
case 'h': /* hup */
printf("hup %d\n",g_pid);
if(g_pid) { kill(g_pid, SIGHUP); }
break;
case 'a': /* alarm */
printf("alarm %d\n",g_pid);
if(g_pid) { kill(g_pid, SIGALRM); }
break;
case 'i': /* interrupt */
printf("interrupt %d\n",g_pid);
if(g_pid) { kill(g_pid, SIGINT); }
break;
case 't': /* term */
printf("term %d\n",g_pid);
if(g_pid) { kill(g_pid, SIGTERM); }
break;
case 'k': /* kill */
printf("kill %d\n",g_pid);
if(g_pid) { kill(g_pid, SIGKILL); }
break;
case '1': /* usr1 */
printf("usr1 %d\n",g_pid);
if(g_pid) { kill(g_pid, SIGUSR1); }
break;
case '2': /* usr2 */
printf("usr2 %d\n",g_pid);
if(g_pid) { kill(g_pid, SIGUSR2); }
break;
case 's': /* sigchld */
printf("sigchld %d\n",g_pid);
if(!opt_auto_restart) {
g_flagwant = 0;
stat_update();
}
break;
case ' ': /* ping */
// FIXME touch status file
break;
}
}
}
int main(int argc, char **argv)
{
struct stat s;
time_t mtime =0;
int wstat;
int curdir;
int pid;
struct taia deadline;
struct taia now;
struct taia stampcheck;
char ch;
int i;
progname =*argv++;
if (! argv || ! *argv) usage();
if (**argv == '-')
{
switch (*(*argv +1))
{
case 'P':
pgrp =1;
case '-':
++argv;
}
if (! argv || ! *argv) usage();
}
sig_catch(sig_term, s_term);
sig_catch(sig_hangup, s_hangup);
svdir =*argv++;
if (argv && *argv)
{
rplog =*argv;
if (setup_log() != 1)
{
rplog =0;
warn3x("log service disabled.", 0, 0);
}
}
if ((curdir =open_read(".")) == -1)
fatal("unable to open current directory", 0);
coe(curdir);
taia_now(&stampcheck);
for (;;)
{
/* collect children */
for (;;)
{
if ((pid =wait_nohang(&wstat)) <= 0) break;
for (i =0; i < svnum; i++)
{
if (pid == sv[i].pid)
{
/* runsv has gone */
sv[i].pid =0;
check =1;
break;
}
}
}
taia_now(&now);
if (now.sec.x < (stampcheck.sec.x -3))
{
/* time warp */
warn3x("time warp: resetting time stamp.", 0, 0);
taia_now(&stampcheck);
taia_now(&now);
if (rplog) taia_now(&stamplog);
}
if (taia_less(&now, &stampcheck) == 0)
{
/* wait at least a second */
taia_uint(&deadline, 1);
taia_add(&stampcheck, &now, &deadline);
if (stat(svdir, &s) != -1)
{
if (check || \
s.st_mtime != mtime || s.st_ino != ino || s.st_dev != dev)
{
/* svdir modified */
if (chdir(svdir) != -1)
{
mtime =s.st_mtime;
dev =s.st_dev;
ino =s.st_ino;
check =0;
if (now.sec.x <= (4611686018427387914ULL +(uint64)mtime))
sleep(1);
runsvdir();
while (fchdir(curdir) == -1)
{
warn("unable to change directory, pausing", 0);
sleep(5);
}
}
else
warn("unable to change directory to ", svdir);
}
}
else
warn("unable to stat ", svdir);
}
if (rplog)
if (taia_less(&now, &stamplog) == 0)
{
write(logpipe[1], ".", 1);
taia_uint(&deadline, 900);
taia_add(&stamplog, &now, &deadline);
}
/* half a second */
deadline.sec.x =0;
deadline.nano =500000000UL;
deadline.atto =0;
taia_add(&deadline, &now, &deadline);
sig_block(sig_child);
if (rplog)
iopause(io, 1, &deadline, &now);
else
iopause(0, 0, &deadline, &now);
sig_unblock(sig_child);
if (rplog && (io[0].revents | IOPAUSE_READ))
while (read(logpipe[0], &ch, 1) > 0)
if (ch)
{
for (i =6; i < rploglen; i++)
rplog[i -1] =rplog[i];
rplog[rploglen -1] =ch;
}
switch(exitsoon)
{
case 1:
_exit(0);
case 2:
for (i =0; i < svnum; i++) if (sv[i].pid) kill(sv[i].pid, SIGTERM);
_exit(111);
}
} /* for (;;) */
/* not reached */
_exit(0);
}
int runsvdir_main(int argc, char **argv)
{
struct stat s;
dev_t last_dev = last_dev; /* for gcc */
ino_t last_ino = last_ino; /* for gcc */
time_t last_mtime = 0;
int wstat;
int curdir;
int pid;
unsigned deadline;
unsigned now;
unsigned stampcheck;
char ch;
int i;
argv++;
if (!*argv)
bb_show_usage();
if (argv[0][0] == '-') {
switch (argv[0][1]) {
case 'P': set_pgrp = 1;
case '-': ++argv;
}
if (!*argv)
bb_show_usage();
}
sig_catch(SIGTERM, s_term);
sig_catch(SIGHUP, s_hangup);
svdir = *argv++;
if (argv && *argv) {
rplog = *argv;
if (setup_log() != 1) {
rplog = 0;
warnx("log service disabled");
}
}
curdir = open_read(".");
if (curdir == -1)
fatal2_cannot("open current directory", "");
coe(curdir);
stampcheck = monotonic_sec();
for (;;) {
/* collect children */
for (;;) {
pid = wait_nohang(&wstat);
if (pid <= 0)
break;
for (i = 0; i < svnum; i++) {
if (pid == sv[i].pid) {
/* runsv has gone */
sv[i].pid = 0;
check = 1;
break;
}
}
}
now = monotonic_sec();
if ((int)(now - stampcheck) >= 0) {
/* wait at least a second */
stampcheck = now + 1;
if (stat(svdir, &s) != -1) {
if (check || s.st_mtime != last_mtime
|| s.st_ino != last_ino || s.st_dev != last_dev
) {
/* svdir modified */
if (chdir(svdir) != -1) {
last_mtime = s.st_mtime;
last_dev = s.st_dev;
last_ino = s.st_ino;
check = 0;
//if (now <= mtime)
// sleep(1);
runsvdir();
while (fchdir(curdir) == -1) {
warn2_cannot("change directory, pausing", "");
sleep(5);
}
} else
warn2_cannot("change directory to ", svdir);
}
} else
warn2_cannot("stat ", svdir);
}
if (rplog) {
if ((int)(now - stamplog) >= 0) {
write(logpipe[1], ".", 1);
stamplog = now + 900;
}
}
pfd[0].revents = 0;
sig_block(SIGCHLD);
deadline = (check ? 1 : 5);
if (rplog)
poll(pfd, 1, deadline*1000);
else
sleep(deadline);
sig_unblock(SIGCHLD);
if (pfd[0].revents & POLLIN) {
while (read(logpipe[0], &ch, 1) > 0) {
if (ch) {
for (i = 6; i < rploglen; i++)
rplog[i-1] = rplog[i];
rplog[rploglen-1] = ch;
}
}
}
switch (exitsoon) {
case 1:
_exit(0);
case 2:
for (i = 0; i < svnum; i++)
if (sv[i].pid)
kill(sv[i].pid, SIGTERM);
_exit(111);
}
}
/* not reached */
return 0;
}
int main(int argc,char * const *argv) {
const char *hostname;
int opt;
struct servent *se;
char *x;
unsigned long u;
int s;
int t;
io_opt = ssl_io_opt_default;
io_opt.timeout = 3600;
while ((opt = getopt(argc,argv,"46dDvqQhHrR1UXx:t:T:u:g:l:b:B:c:Z:pPoO3IiEeSsaAw:nNyYuUjJ")) != opteof)
switch(opt) {
case 'b': scan_ulong(optarg,&backlog); break;
case 'c': scan_ulong(optarg,&limit); break;
case 'X': flagallownorules = 1; break;
case 'x': fnrules = optarg; break;
case 'B': banner = optarg; break;
case 'd': flagdelay = 1; break;
case 'D': flagdelay = 0; break;
case 'v': verbosity = 2; break;
case 'q': verbosity = 0; break;
case 'Q': verbosity = 1; break;
case 'P': flagparanoid = 0; break;
case 'p': flagparanoid = 1; break;
case 'O': flagkillopts = 1; break;
case 'o': flagkillopts = 0; break;
case 'H': flagremotehost = 0; break;
case 'h': flagremotehost = 1; break;
case 'R': flagremoteinfo = 0; break;
case 'r': flagremoteinfo = 1; break;
case 't': scan_ulong(optarg,&timeout); break;
case 'T': scan_ulong(optarg,&ssltimeout); break;
case 'w': scan_uint(optarg,&io_opt.timeout); break;
case 'U': x = env_get("UID"); if (x) scan_ulong(x,&uid);
x = env_get("GID"); if (x) scan_ulong(x,&gid); break;
case 'u': scan_ulong(optarg,&uid); break;
case 'g': scan_ulong(optarg,&gid); break;
case 'Z': netif=socket_getifidx(optarg); break;
case '1': flag1 = 1; break;
case '4': noipv6 = 1; break;
case '6': forcev6 = 1; break;
case 'l': localhost = optarg; break;
case '3': flag3 = 1; break;
case 'I': flagclientcert = 0; break;
case 'i': flagclientcert = 1; break;
case 'S': flagsslenv = 0; break;
case 's': flagsslenv = 1; break;
case 'E': flagtcpenv = 0; break;
case 'e': flagtcpenv = 1; break;
case 'n': case 'y': flagsslwait = 1; break;
case 'N': case 'Y': flagsslwait = 0; break;
case 'j': io_opt.just_shutdown = 1; break;
case 'J': io_opt.just_shutdown = 0; break;
default: usage();
}
argc -= optind;
argv += optind;
if (!verbosity)
buffer_2->fd = -1;
hostname = *argv++;
if (!hostname) usage();
if (str_equal(hostname,"")) hostname = "0";
x = *argv++;
if (!x) usage();
prog = argv;
if (!*argv) usage();
if (!x[scan_ulong(x,&u)])
localport = u;
else {
se = getservbyname(x,"tcp");
if (!se)
strerr_die3x(111,FATAL,"unable to figure out port number for ",x);
uint16_unpack_big((char*)&se->s_port,&localport);
}
if (x = env_get("VERIFYDEPTH")) {
scan_ulong(x,&u);
verifydepth = u;
}
if (x = env_get("CAFILE")) cafile = x;
if (cafile && str_equal(cafile,"")) cafile = 0;
if (x = env_get("CCAFILE")) ccafile = x;
if (ccafile && str_equal(ccafile,"")) ccafile = 0;
if (!flagclientcert) ccafile = 0;
if (x = env_get("CADIR")) cadir = x;
if (cadir && str_equal(cadir,"")) cadir= 0;
if (x = env_get("CERTFILE")) certfile = x;
if (certfile && str_equal(certfile,"")) certfile = 0;
if (x = env_get("KEYFILE")) keyfile = x;
if (keyfile && str_equal(keyfile,"")) keyfile = 0;
if (x = env_get("DHFILE")) dhfile = x;
if (dhfile && str_equal(dhfile,"")) dhfile = 0;
if (x = env_get("CIPHERS")) ciphers = x;
if (ciphers && str_equal(ciphers,"")) ciphers = 0;
sig_block(sig_child);
sig_catch(sig_child,sigchld);
sig_catch(sig_term,sigterm);
sig_ignore(sig_pipe);
if (str_equal(hostname,"0")) {
byte_zero(localip,sizeof localip);
} else {
if (!stralloc_copys(&tmp,hostname))
strerr_die2x(111,FATAL,"out of memory");
if (dns_ip6_qualify(&addresses,&fqdn,&tmp) == -1)
strerr_die4sys(111,FATAL,"temporarily unable to figure out IP address for ",hostname,": ");
if (addresses.len < 16)
strerr_die3x(111,FATAL,"no IP address for ",hostname);
byte_copy(localip,16,addresses.s);
if (ip6_isv4mapped(localip))
noipv6=1;
}
s = socket_tcp6();
if (s == -1)
strerr_die2sys(111,FATAL,"unable to create socket: ");
if (socket_bind6_reuse(s,localip,localport,netif) == -1)
strerr_die2sys(111,FATAL,"unable to bind: ");
if (socket_local6(s,localip,&localport,&netif) == -1)
strerr_die2sys(111,FATAL,"unable to get local address: ");
if (socket_listen(s,backlog) == -1)
strerr_die2sys(111,FATAL,"unable to listen: ");
ndelay_off(s);
localportstr[fmt_ulong(localportstr,localport)] = 0;
if (flag1) {
buffer_init(&b,buffer_unixwrite,1,bspace,sizeof bspace);
buffer_puts(&b,localportstr);
buffer_puts(&b,"\n");
buffer_flush(&b);
}
if (flag3) read_passwd();
ctx = ssl_server();
ssl_errstr();
if (!ctx) strerr_die2x(111,FATAL,"unable to create SSL context");
switch (ssl_certkey(ctx,certfile,keyfile,passwd_cb)) {
case -1: strerr_die2x(111,FATAL,"unable to load certificate");
case -2: strerr_die2x(111,FATAL,"unable to load key");
case -3: strerr_die2x(111,FATAL,"key does not match certificate");
default: break;
}
if (!ssl_ca(ctx,cafile,cadir,verifydepth))
strerr_die2x(111,FATAL,"unable to load CA list");
if (!ssl_cca(ctx,ccafile))
strerr_die2x(111,FATAL,"unable to load client CA list");
if (!ssl_params(ctx,dhfile,rsalen))
strerr_die2x(111,FATAL,"unable to set cipher parameters");
if (!ssl_ciphers(ctx,ciphers))
strerr_die2x(111,FATAL,"unable to set cipher list");
if (verbosity >= 2) {
strnum[fmt_ulong(strnum,getpid())] = 0;
strnum2[fmt_ulong(strnum2,rsalen)] = 0;
strerr_warn4("sslserver: cafile ",strnum," ",cafile,0);
strerr_warn4("sslserver: ccafile ",strnum," ",ccafile,0);
strerr_warn4("sslserver: cadir ",strnum," ",cadir,0);
strerr_warn4("sslserver: cert ",strnum," ",certfile,0);
strerr_warn4("sslserver: key ",strnum," ",keyfile,0);
strerr_warn6("sslserver: param ",strnum," ",dhfile," ",strnum2,0);
}
close(0); open_read("/dev/null");
close(1); open_append("/dev/null");
printstatus();
for (;;) {
while (numchildren >= limit) sig_pause();
sig_unblock(sig_child);
t = socket_accept6(s,remoteip,&remoteport,&netif);
sig_block(sig_child);
if (t == -1) continue;
++numchildren; printstatus();
switch(fork()) {
case 0:
close(s);
doit(t);
strerr_die4sys(111,DROP,"unable to run ",*argv,": ");
case -1:
strerr_warn2(DROP,"unable to fork: ",&strerr_sys);
--numchildren; printstatus();
}
close(t);
}
}
static void startservice(struct svdir *s)
{
int p;
const char *arg[4];
char exitcode[sizeof(int)*3 + 2];
if (s->state == S_FINISH) {
/* Two arguments are given to ./finish. The first one is ./run exit code,
* or -1 if ./run didnt exit normally. The second one is
* the least significant byte of the exit status as determined by waitpid;
* for instance it is 0 if ./run exited normally, and the signal number
* if ./run was terminated by a signal. If runsv cannot start ./run
* for some reason, the exit code is 111 and the status is 0.
*/
arg[0] = "./finish";
arg[1] = "-1";
if (WIFEXITED(s->wstat)) {
*utoa_to_buf(WEXITSTATUS(s->wstat), exitcode, sizeof(exitcode)) = '\0';
arg[1] = exitcode;
}
//arg[2] = "0";
//if (WIFSIGNALED(s->wstat)) {
arg[2] = utoa(WTERMSIG(s->wstat));
//}
arg[3] = NULL;
} else {
arg[0] = "./run";
arg[1] = NULL;
custom(s, 'u');
}
if (s->pid != 0)
stopservice(s); /* should never happen */
while ((p = vfork()) == -1) {
warn_cannot("vfork, sleeping");
sleep(5);
}
if (p == 0) {
/* child */
if (haslog) {
/* NB: bug alert! right order is close, then dup2 */
if (s->islog) {
xchdir("./log");
close(logpipe.wr);
xdup2(logpipe.rd, 0);
} else {
close(logpipe.rd);
xdup2(logpipe.wr, 1);
}
}
/* Non-ignored signals revert to SIG_DFL on exec anyway */
/*bb_signals(0
+ (1 << SIGCHLD)
+ (1 << SIGTERM)
, SIG_DFL);*/
sig_unblock(SIGCHLD);
sig_unblock(SIGTERM);
execv(arg[0], (char**) arg);
fatal2_cannot(s->islog ? "start log/" : "start ", arg[0]);
}
/* parent */
if (s->state != S_FINISH) {
gettimeofday_ns(&s->start);
s->state = S_RUN;
}
s->pid = p;
pidchanged = 1;
s->ctrl = C_NOOP;
update_status(s);
}
int runsvdir_main(int argc UNUSED_PARAM, char **argv)
{
struct stat s;
dev_t last_dev = last_dev; /* for gcc */
ino_t last_ino = last_ino; /* for gcc */
time_t last_mtime = 0;
int wstat;
int curdir;
pid_t pid;
unsigned deadline;
unsigned now;
unsigned stampcheck;
int i;
int need_rescan = 1;
char *opt_s_argv[3];
INIT_G();
opt_complementary = "-1";
opt_s_argv[0] = NULL;
opt_s_argv[2] = NULL;
getopt32(argv, "Ps:", &opt_s_argv[0]);
argv += optind;
bb_signals(0
| (1 << SIGTERM)
| (1 << SIGHUP)
/* For busybox's init, SIGTERM == reboot,
* SIGUSR1 == halt
* SIGUSR2 == poweroff
* so we need to intercept SIGUSRn too.
* Note that we do not implement actual reboot
* (killall(TERM) + umount, etc), we just pause
* respawing and avoid exiting (-> making kernel oops).
* The user is responsible for the rest. */
| (getpid() == 1 ? ((1 << SIGUSR1) | (1 << SIGUSR2)) : 0)
, record_signo);
svdir = *argv++;
#if ENABLE_FEATURE_RUNSVDIR_LOG
/* setup log */
if (*argv) {
rplog = *argv;
rploglen = strlen(rplog);
if (rploglen < 7) {
warnx("log must have at least seven characters");
} else if (piped_pair(logpipe)) {
warnx("can't create pipe for log");
} else {
close_on_exec_on(logpipe.rd);
close_on_exec_on(logpipe.wr);
ndelay_on(logpipe.rd);
ndelay_on(logpipe.wr);
if (dup2(logpipe.wr, 2) == -1) {
warnx("can't set filedescriptor for log");
} else {
pfd[0].fd = logpipe.rd;
pfd[0].events = POLLIN;
stamplog = monotonic_sec();
goto run;
}
}
rplog = NULL;
warnx("log service disabled");
}
run:
#endif
curdir = open(".", O_RDONLY|O_NDELAY);
if (curdir == -1)
fatal2_cannot("open current directory", "");
close_on_exec_on(curdir);
stampcheck = monotonic_sec();
for (;;) {
/* collect children */
for (;;) {
pid = wait_any_nohang(&wstat);
if (pid <= 0)
break;
for (i = 0; i < svnum; i++) {
if (pid == sv[i].pid) {
/* runsv has died */
sv[i].pid = 0;
need_rescan = 1;
}
}
}
now = monotonic_sec();
if ((int)(now - stampcheck) >= 0) {
/* wait at least a second */
stampcheck = now + 1;
if (stat(svdir, &s) != -1) {
if (need_rescan || s.st_mtime != last_mtime
|| s.st_ino != last_ino || s.st_dev != last_dev
) {
/* svdir modified */
if (chdir(svdir) != -1) {
last_mtime = s.st_mtime;
last_dev = s.st_dev;
last_ino = s.st_ino;
/* if the svdir changed this very second, wait until the
* next second, because we won't be able to detect more
* changes within this second */
while (time(NULL) == last_mtime)
usleep(100000);
need_rescan = do_rescan();
while (fchdir(curdir) == -1) {
warn2_cannot("change directory, pausing", "");
sleep(5);
}
} else {
warn2_cannot("change directory to ", svdir);
}
}
} else {
warn2_cannot("stat ", svdir);
}
}
#if ENABLE_FEATURE_RUNSVDIR_LOG
if (rplog) {
if ((int)(now - stamplog) >= 0) {
write(logpipe.wr, ".", 1);
stamplog = now + 900;
}
}
pfd[0].revents = 0;
#endif
deadline = (need_rescan ? 1 : 5);
sig_block(SIGCHLD);
#if ENABLE_FEATURE_RUNSVDIR_LOG
if (rplog)
poll(pfd, 1, deadline*1000);
else
#endif
sleep(deadline);
sig_unblock(SIGCHLD);
#if ENABLE_FEATURE_RUNSVDIR_LOG
if (pfd[0].revents & POLLIN) {
char ch;
while (read(logpipe.rd, &ch, 1) > 0) {
if (ch < ' ')
ch = ' ';
for (i = 6; i < rploglen; i++)
rplog[i-1] = rplog[i];
rplog[rploglen-1] = ch;
}
}
#endif
if (!bb_got_signal)
continue;
/* -s SCRIPT: useful if we are init.
* In this case typically script never returns,
* it halts/powers off/reboots the system. */
if (opt_s_argv[0]) {
/* Single parameter: signal# */
opt_s_argv[1] = utoa(bb_got_signal);
pid = spawn(opt_s_argv);
if (pid > 0) {
/* Remembering to wait for _any_ children,
* not just pid */
while (wait(NULL) != pid)
continue;
}
}
if (bb_got_signal == SIGHUP) {
for (i = 0; i < svnum; i++)
if (sv[i].pid)
kill(sv[i].pid, SIGTERM);
}
/* SIGHUP or SIGTERM (or SIGUSRn if we are init) */
/* Exit unless we are init */
if (getpid() != 1)
return (SIGHUP == bb_got_signal) ? 111 : EXIT_SUCCESS;
/* init continues to monitor services forever */
bb_got_signal = 0;
} /* for (;;) */
}
void doit(int t) {
int fakev4=0;
int j;
SSL *ssl;
int wstat;
uint32 scope_id;
int sslctl[2];
char *s;
unsigned long tmp_long;
char sslctl_cmd;
stralloc ssl_env = { 0 };
buffer ssl_env_buf;
if (pipe(pi) == -1) strerr_die2sys(111,DROP,"unable to create pipe: ");
if (pipe(po) == -1) strerr_die2sys(111,DROP,"unable to create pipe: ");
if (socketpair(AF_UNIX, SOCK_STREAM, 0, sslctl) == -1) strerr_die2sys(111,DROP,"unable to create socketpair: ");
switch(fork()) {
case -1:
strerr_die2sys(111,DROP,"unable to fork: ");
case 0:
/* Child */
break;
default:
/* Parent */
close(pi[0]); close(po[1]); close(sslctl[1]);
if ((s=env_get("SSL_CHROOT")))
if (chroot(s) == -1)
strerr_die2x(111,DROPSSL,"unable to chroot");
if ((s=env_get("SSL_GID"))) {
scan_ulong(s,&tmp_long);
gid = tmp_long;
}
if (gid) if (prot_gid(gid) == -1) strerr_die2sys(111,DROPSSL,"unable to set gid: ");
if ((s=env_get("SSL_UID"))) {
scan_ulong(s,&tmp_long);
uid = tmp_long;
}
if (uid) if (prot_uid(uid) == -1)
strerr_die2sys(111,DROPSSL,"unable to set uid: ");
/* This will exit on a fatal error or if the client quits
* without activating SSL
*/
sslctl_cmd = ucspitls_master_wait_for_activation(sslctl[0]);
/* If we got here, SSL must have been activated */
ssl = ssl_new(ctx,t);
if (!ssl) strerr_die2x(111,DROP,"unable to create SSL instance");
if (ndelay_on(t) == -1)
strerr_die2sys(111,DROP,"unable to set socket options: ");
if (ssl_timeoutaccept(ssl,ssltimeout) == -1)
strerr_die3x(111,DROP,"unable to accept SSL: ",ssl_error_str(ssl_errno));
if (verbosity >= 2) {
strnum[fmt_ulong(strnum,getpid())] = 0;
strerr_warn3("sslserver: ssl ",strnum," accept ",0);
}
if (flagclientcert) {
switch(ssl_verify(ssl,verifyhost)) {
case -1:
strerr_die2x(111,DROP,"unable to verify client certificate");
case -2:
strerr_die2x(111,DROP,"no client certificate");
case -3:
strerr_die2x(111,DROP,"client name does not match certificate");
default: break;
}
}
if (sslctl_cmd == 'Y') {
ssl_server_env(ssl, &ssl_env);
stralloc_0(&ssl_env); /* Add another NUL */
buffer_init(&ssl_env_buf,buffer_unixwrite,sslctl[0],NULL,0);
if (buffer_putflush(&ssl_env_buf, ssl_env.s, ssl_env.len) == -1) {
strerr_die2sys(111, FATAL, "unable to write SSL environment: ");
}
} else if (sslctl_cmd != 'y') {
strerr_die2x(111,DROP,"Protocol error on SSL control descriptor: invalid command character read");
}
if (close(sslctl[0]) != 0) {
strerr_die2sys(111, DROP, "Error closing SSL control socket: ");
}
if (ssl_io(ssl,pi[1],po[0],io_opt) != 0)
strerr_die3x(111,DROP,"unable to speak SSL: ",ssl_error_str(ssl_errno));
if (wait_nohang(&wstat) > 0)
_exit(wait_exitcode(wstat));
ssl_close(ssl);
_exit(0);
}
/* Child-only below this point */
if (close(sslctl[0]) != 0) {
strerr_die2sys(111, DROP, "Error closing SSL control socket: ");
}
if (!forcev6 && ip6_isv4mapped(remoteip))
fakev4=1;
if (fakev4)
remoteipstr[ip4_fmt(remoteipstr,remoteip+12)] = 0;
else
remoteipstr[ip6_fmt(remoteipstr,remoteip)] = 0;
if (verbosity >= 2) {
strnum[fmt_ulong(strnum,getpid())] = 0;
strerr_warn4("sslserver: pid ",strnum," from ",remoteipstr,0);
}
if (socket_local6(t,localip,&localport,&scope_id) == -1)
strerr_die2sys(111,DROP,"unable to get local address: ");
if (fakev4)
localipstr[ip4_fmt(localipstr,localip+12)] = 0;
else
localipstr[ip6_fmt(localipstr,localip)] = 0;
remoteportstr[fmt_ulong(remoteportstr,remoteport)] = 0;
if (!localhost)
if (dns_name6(&localhostsa,localip) == 0)
if (localhostsa.len) {
if (!stralloc_0(&localhostsa)) drop_nomem();
localhost = localhostsa.s;
}
env("PROTO",fakev4?"SSL":"SSL6");
env("SSLLOCALIP",localipstr);
env("SSL6LOCALIP",localipstr);
env("SSLLOCALPORT",localportstr);
env("SSL6LOCALPORT",localportstr);
env("SSLLOCALHOST",localhost);
env("SSL6LOCALHOST",localhost);
if (!fakev4 && scope_id)
env("SSL6INTERFACE",socket_getifname(scope_id));
if (flagtcpenv) {
env("TCPLOCALIP",localipstr);
env("TCP6LOCALIP",localipstr);
env("TCPLOCALPORT",localportstr);
env("TCP6LOCALPORT",localportstr);
env("TCPLOCALHOST",localhost);
env("TCP6LOCALHOST",localhost);
if (!fakev4 && scope_id)
env("TCP6INTERFACE",socket_getifname(scope_id));
}
if (flagremotehost)
if (dns_name6(&remotehostsa,remoteip) == 0)
if (remotehostsa.len) {
if (flagparanoid) {
verifyhost = remoteipstr;
if (dns_ip6(&tmp,&remotehostsa) == 0)
for (j = 0;j + 16 <= tmp.len;j += 16)
if (byte_equal(remoteip,16,tmp.s + j)) {
flagparanoid = 0;
break;
}
}
if (!flagparanoid) {
if (!stralloc_0(&remotehostsa)) drop_nomem();
remotehost = remotehostsa.s;
verifyhost = remotehostsa.s;
}
}
env("SSLREMOTEIP",remoteipstr);
env("SSL6REMOTEIP",remoteipstr);
remoteipstr[ip6_fmt(remoteipstr,remoteip)]=0;
env("SSLREMOTEPORT",remoteportstr);
env("SSL6REMOTEPORT",remoteportstr);
env("SSLREMOTEHOST",remotehost);
env("SSL6REMOTEHOST",remotehost);
if (flagtcpenv) {
env("TCPREMOTEIP",remoteipstr);
env("TCP6REMOTEIP",remoteipstr);
env("TCPREMOTEPORT",remoteportstr);
env("TCP6REMOTEPORT",remoteportstr);
env("TCPREMOTEHOST",remotehost);
env("TCP6REMOTEHOST",remotehost);
}
if (flagremoteinfo) {
if (remoteinfo6(&tcpremoteinfo,remoteip,remoteport,localip,localport,timeout,netif) == -1)
flagremoteinfo = 0;
if (!stralloc_0(&tcpremoteinfo)) drop_nomem();
}
env("SSLREMOTEINFO",flagremoteinfo ? tcpremoteinfo.s : 0);
env("SSL6REMOTEINFO",flagremoteinfo ? tcpremoteinfo.s : 0);
if (flagtcpenv) {
env("TCPREMOTEINFO",flagremoteinfo ? tcpremoteinfo.s : 0);
env("TCP6REMOTEINFO",flagremoteinfo ? tcpremoteinfo.s : 0);
}
if (fnrules) {
int fdrules;
fdrules = open_read(fnrules);
if (fdrules == -1) {
if (errno != error_noent) drop_rules();
if (!flagallownorules) drop_rules();
}
else {
int fakev4=0;
char* temp;
if (!forcev6 && ip6_isv4mapped(remoteip))
fakev4=1;
if (fakev4)
temp=remoteipstr+7;
else
temp=remoteipstr;
if (rules(found,fdrules,temp,remotehost,flagremoteinfo ? tcpremoteinfo.s : 0) == -1) drop_rules();
close(fdrules);
}
}
if (verbosity >= 2) {
strnum[fmt_ulong(strnum,getpid())] = 0;
if (!stralloc_copys(&tmp,"sslserver: ")) drop_nomem();
safecats(flagdeny ? "deny" : "ok");
cats(" "); safecats(strnum);
cats(" "); if (localhost) safecats(localhost);
cats(":"); safecats(localipstr);
cats(":"); safecats(localportstr);
cats(" "); if (remotehost) safecats(remotehost);
cats(":"); safecats(remoteipstr);
cats(":"); if (flagremoteinfo) safecats(tcpremoteinfo.s);
cats(":"); safecats(remoteportstr);
cats("\n");
buffer_putflush(buffer_2,tmp.s,tmp.len);
}
if (flagdeny) _exit(100);
if (gid) if (prot_gid(gid) == -1)
strerr_die2sys(111,FATAL,"unable to set gid: ");
if (uid) if (prot_uid(uid) == -1)
strerr_die2sys(111,FATAL,"unable to set uid: ");
close(pi[1]); close(po[0]);
sig_uncatch(sig_child);
sig_unblock(sig_child);
sig_uncatch(sig_term);
sig_uncatch(sig_pipe);
if (fcntl(sslctl[1],F_SETFD,0) == -1)
strerr_die2sys(111,FATAL,"unable to clear close-on-exec flag");
strnum[fmt_ulong(strnum,sslctl[1])]=0;
setenv("SSLCTLFD",strnum,1);
if (fcntl(pi[0],F_SETFD,0) == -1)
strerr_die2sys(111,FATAL,"unable to clear close-on-exec flag");
strnum[fmt_ulong(strnum,pi[0])]=0;
setenv("SSLREADFD",strnum,1);
if (fcntl(po[1],F_SETFD,0) == -1)
strerr_die2sys(111,FATAL,"unable to clear close-on-exec flag");
strnum[fmt_ulong(strnum,po[1])]=0;
setenv("SSLWRITEFD",strnum,1);
if (flagsslwait) {
if (fd_copy(0,t) == -1)
strerr_die2sys(111,DROP,"unable to set up descriptor 0: ");
if (fd_copy(1,t) == -1)
strerr_die2sys(111,DROP,"unable to set up descriptor 1: ");
} else {
if (fd_move(0,pi[0]) == -1)
strerr_die2sys(111,DROP,"unable to set up descriptor 0: ");
if (fd_move(1,po[1]) == -1)
strerr_die2sys(111,DROP,"unable to set up descriptor 1: ");
}
if (flagkillopts)
socket_ipoptionskill(t);
if (!flagdelay)
socket_tcpnodelay(t);
if (*banner) {
buffer_init(&b,buffer_unixwrite,1,bspace,sizeof bspace);
if (buffer_putsflush(&b,banner) == -1)
strerr_die2sys(111,DROP,"unable to print banner: ");
}
if (!flagsslwait) {
strnum[fmt_ulong(strnum,flagsslenv)] = 0;
strerr_warn2("flagsslenv: ", strnum, 0);
ucspitls(flagsslenv,0,1);
}
pathexec(prog);
strerr_die4sys(111,DROP,"unable to run ",*prog,": ");
}
void sig_alarmunblock(void) { sig_unblock(SIGALRM); }
pid_t run_getty(char *cmd, char *args[], int console)
{
pid_t pid = fork();
if (!pid) {
int fd;
char c;
if (console) {
/* Detach from initial controlling TTY */
vhangup();
close(STDERR_FILENO);
close(STDOUT_FILENO);
close(STDIN_FILENO);
/* Attach TTY to console */
fd = open(CONSOLE, O_RDWR);
if (fd != STDIN_FILENO)
exit(1);
dup2(0, STDIN_FILENO);
dup2(0, STDOUT_FILENO);
dup2(0, STDERR_FILENO);
prctl(PR_SET_NAME, "console", 0, 0, 0);
}
sig_unblock();
setsid();
if (ioctl(STDIN_FILENO, TIOCSCTTY, 1) < 0)
_pe("Failed TIOCSCTTY");
while (!fexist(SYNC_SHUTDOWN)) {
static const char msg[] = "\nPlease press Enter to activate this console.";
if (fexist(SYNC_STOPPED)) {
sleep(1);
continue;
}
if (console) {
(void)write(STDERR_FILENO, msg, sizeof(msg));
while (read(STDIN_FILENO, &c, 1) == 1 && c != '\n')
continue;
}
if (fexist(SYNC_STOPPED))
continue;
execv(cmd, args);
}
if (console)
close(fd);
exit(0);
}
return pid;
}
int runsv_main(int argc UNUSED_PARAM, char **argv)
{
struct stat s;
int fd;
int r;
char buf[256];
INIT_G();
dir = single_argv(argv);
xpiped_pair(selfpipe);
close_on_exec_on(selfpipe.rd);
close_on_exec_on(selfpipe.wr);
ndelay_on(selfpipe.rd);
ndelay_on(selfpipe.wr);
sig_block(SIGCHLD);
bb_signals_recursive_norestart(1 << SIGCHLD, s_child);
sig_block(SIGTERM);
bb_signals_recursive_norestart(1 << SIGTERM, s_term);
xchdir(dir);
/* bss: svd[0].pid = 0; */
if (S_DOWN) svd[0].state = S_DOWN; /* otherwise already 0 (bss) */
if (C_NOOP) svd[0].ctrl = C_NOOP;
if (W_UP) svd[0].sd_want = W_UP;
/* bss: svd[0].islog = 0; */
/* bss: svd[1].pid = 0; */
gettimeofday_ns(&svd[0].start);
if (stat("down", &s) != -1)
svd[0].sd_want = W_DOWN;
if (stat("log", &s) == -1) {
if (errno != ENOENT)
warn_cannot("stat ./log");
} else {
if (!S_ISDIR(s.st_mode)) {
errno = 0;
warn_cannot("stat log/down: log is not a directory");
} else {
haslog = 1;
svd[1].state = S_DOWN;
svd[1].ctrl = C_NOOP;
svd[1].sd_want = W_UP;
svd[1].islog = 1;
gettimeofday_ns(&svd[1].start);
if (stat("log/down", &s) != -1)
svd[1].sd_want = W_DOWN;
xpiped_pair(logpipe);
close_on_exec_on(logpipe.rd);
close_on_exec_on(logpipe.wr);
}
}
if (mkdir("supervise", 0700) == -1) {
r = readlink("supervise", buf, sizeof(buf));
if (r != -1) {
if (r == sizeof(buf))
fatal2x_cannot("readlink ./supervise", ": name too long");
buf[r] = 0;
mkdir(buf, 0700);
} else {
if ((errno != ENOENT) && (errno != EINVAL))
fatal_cannot("readlink ./supervise");
}
}
svd[0].fdlock = xopen3("log/supervise/lock"+4,
O_WRONLY|O_NDELAY|O_APPEND|O_CREAT, 0600);
if (flock(svd[0].fdlock, LOCK_EX | LOCK_NB) == -1)
fatal_cannot("lock supervise/lock");
close_on_exec_on(svd[0].fdlock);
if (haslog) {
if (mkdir("log/supervise", 0700) == -1) {
r = readlink("log/supervise", buf, 256);
if (r != -1) {
if (r == 256)
fatal2x_cannot("readlink ./log/supervise", ": name too long");
buf[r] = 0;
fd = xopen(".", O_RDONLY|O_NDELAY);
xchdir("./log");
mkdir(buf, 0700);
if (fchdir(fd) == -1)
fatal_cannot("change back to service directory");
close(fd);
}
else {
if ((errno != ENOENT) && (errno != EINVAL))
fatal_cannot("readlink ./log/supervise");
}
}
svd[1].fdlock = xopen3("log/supervise/lock",
O_WRONLY|O_NDELAY|O_APPEND|O_CREAT, 0600);
if (flock(svd[1].fdlock, LOCK_EX) == -1)
fatal_cannot("lock log/supervise/lock");
close_on_exec_on(svd[1].fdlock);
}
mkfifo("log/supervise/control"+4, 0600);
svd[0].fdcontrol = xopen("log/supervise/control"+4, O_RDONLY|O_NDELAY);
close_on_exec_on(svd[0].fdcontrol);
svd[0].fdcontrolwrite = xopen("log/supervise/control"+4, O_WRONLY|O_NDELAY);
close_on_exec_on(svd[0].fdcontrolwrite);
update_status(&svd[0]);
if (haslog) {
mkfifo("log/supervise/control", 0600);
svd[1].fdcontrol = xopen("log/supervise/control", O_RDONLY|O_NDELAY);
close_on_exec_on(svd[1].fdcontrol);
svd[1].fdcontrolwrite = xopen("log/supervise/control", O_WRONLY|O_NDELAY);
close_on_exec_on(svd[1].fdcontrolwrite);
update_status(&svd[1]);
}
mkfifo("log/supervise/ok"+4, 0600);
fd = xopen("log/supervise/ok"+4, O_RDONLY|O_NDELAY);
close_on_exec_on(fd);
if (haslog) {
mkfifo("log/supervise/ok", 0600);
fd = xopen("log/supervise/ok", O_RDONLY|O_NDELAY);
close_on_exec_on(fd);
}
for (;;) {
struct pollfd x[3];
unsigned deadline;
char ch;
if (haslog)
if (!svd[1].pid && svd[1].sd_want == W_UP)
startservice(&svd[1]);
if (!svd[0].pid)
if (svd[0].sd_want == W_UP || svd[0].state == S_FINISH)
startservice(&svd[0]);
x[0].fd = selfpipe.rd;
x[0].events = POLLIN;
x[1].fd = svd[0].fdcontrol;
x[1].events = POLLIN;
/* x[2] is used only if haslog == 1 */
x[2].fd = svd[1].fdcontrol;
x[2].events = POLLIN;
sig_unblock(SIGTERM);
sig_unblock(SIGCHLD);
poll(x, 2 + haslog, 3600*1000);
sig_block(SIGTERM);
sig_block(SIGCHLD);
while (read(selfpipe.rd, &ch, 1) == 1)
continue;
for (;;) {
pid_t child;
int wstat;
child = wait_any_nohang(&wstat);
if (!child)
break;
if ((child == -1) && (errno != EINTR))
break;
if (child == svd[0].pid) {
svd[0].wstat = wstat;
svd[0].pid = 0;
pidchanged = 1;
svd[0].ctrl &= ~C_TERM;
if (svd[0].state != S_FINISH) {
fd = open("finish", O_RDONLY|O_NDELAY);
if (fd != -1) {
close(fd);
svd[0].state = S_FINISH;
update_status(&svd[0]);
continue;
}
}
svd[0].state = S_DOWN;
deadline = svd[0].start.tv_sec + 1;
gettimeofday_ns(&svd[0].start);
update_status(&svd[0]);
if (LESS(svd[0].start.tv_sec, deadline))
sleep(1);
}
if (haslog) {
if (child == svd[1].pid) {
svd[0].wstat = wstat;
svd[1].pid = 0;
pidchanged = 1;
svd[1].state = S_DOWN;
svd[1].ctrl &= ~C_TERM;
deadline = svd[1].start.tv_sec + 1;
gettimeofday_ns(&svd[1].start);
update_status(&svd[1]);
if (LESS(svd[1].start.tv_sec, deadline))
sleep(1);
}
}
} /* for (;;) */
if (read(svd[0].fdcontrol, &ch, 1) == 1)
ctrl(&svd[0], ch);
if (haslog)
if (read(svd[1].fdcontrol, &ch, 1) == 1)
ctrl(&svd[1], ch);
if (sigterm) {
ctrl(&svd[0], 'x');
sigterm = 0;
}
if (svd[0].sd_want == W_EXIT && svd[0].state == S_DOWN) {
if (svd[1].pid == 0)
_exit(EXIT_SUCCESS);
if (svd[1].sd_want != W_EXIT) {
svd[1].sd_want = W_EXIT;
/* stopservice(&svd[1]); */
update_status(&svd[1]);
close(logpipe.wr);
close(logpipe.rd);
}
}
} /* for (;;) */
/* not reached */
return 0;
}
int vlock_main(int argc UNUSED_PARAM, char **argv)
{
#ifdef __linux__
struct vt_mode vtm;
struct vt_mode ovtm;
#endif
struct termios term;
struct termios oterm;
struct passwd *pw;
pw = xgetpwuid(getuid());
opt_complementary = "=0"; /* no params! */
getopt32(argv, "a");
/* Ignore some signals so that we don't get killed by them */
bb_signals(0
+ (1 << SIGTSTP)
+ (1 << SIGTTIN)
+ (1 << SIGTTOU)
+ (1 << SIGHUP )
+ (1 << SIGCHLD) /* paranoia :) */
+ (1 << SIGQUIT)
+ (1 << SIGINT )
, SIG_IGN);
#ifdef __linux__
/* We will use SIGUSRx for console switch control: */
/* 1: set handlers */
signal_SA_RESTART_empty_mask(SIGUSR1, release_vt);
signal_SA_RESTART_empty_mask(SIGUSR2, acquire_vt);
/* 2: unmask them */
sig_unblock(SIGUSR1);
sig_unblock(SIGUSR2);
#endif
/* Revert stdin/out to our controlling tty
* (or die if we have none) */
xmove_fd(xopen(CURRENT_TTY, O_RDWR), STDIN_FILENO);
xdup2(STDIN_FILENO, STDOUT_FILENO);
#ifdef __linux__
xioctl(STDIN_FILENO, VT_GETMODE, &vtm);
ovtm = vtm;
/* "console switches are controlled by us, not kernel!" */
vtm.mode = VT_PROCESS;
vtm.relsig = SIGUSR1;
vtm.acqsig = SIGUSR2;
ioctl(STDIN_FILENO, VT_SETMODE, &vtm);
#endif
//TODO: use set_termios_to_raw()
tcgetattr(STDIN_FILENO, &oterm);
term = oterm;
term.c_iflag |= IGNBRK; /* ignore serial break (why? VTs don't have breaks, right?) */
term.c_iflag &= ~BRKINT; /* redundant? "dont translate break to SIGINT" */
term.c_lflag &= ~(ISIG | ECHO | ECHOCTL); /* ignore ^C ^Z, echo off */
tcsetattr_stdin_TCSANOW(&term);
while (1) {
printf("Virtual console%s locked by %s.\n",
/* "s" if -a, else "": */ "s" + !option_mask32,
pw->pw_name
);
if (ask_and_check_password(pw) > 0) {
break;
}
bb_do_delay(LOGIN_FAIL_DELAY);
puts("Incorrect password");
}
#ifdef __linux__
ioctl(STDIN_FILENO, VT_SETMODE, &ovtm);
#endif
tcsetattr_stdin_TCSANOW(&oterm);
fflush_stdout_and_exit(EXIT_SUCCESS);
}
/* p-adic logarithm */
void padiclog(mpz_t ans, const mpz_t a, unsigned long p, unsigned long prec, const mpz_t modulo) {
/* Compute the p-adic logarithm of a,
which is supposed to be congruent to 1 mod p
Algorithm:
1. we raise a at the power p^(v-1) (for a suitable v) in order
to make it closer to 1
2. we write the new a as a product
1/a = (1 - a_0*p^v) (1 - a_1*p^(2*v) (1 - a_2*p^(4*v) ...
with 0 <= a_i < p^(v*2^i).
3. we compute each log(1 - a_i*p^(v*2^i)) using Taylor expansion
and a binary spliting strategy. */
unsigned long i, v, e, N, saveN, Np, tmp, trunc, step;
double den = log(p);
mpz_t f, arg, trunc_mod, h, hpow, mpz_tmp, mpz_tmp2, d, inv, mod2;
mpz_t *num, *denom;
mpz_init(mpz_tmp);
mpz_init(mpz_tmp2);
mpz_init(arg);
mpz_set_ui(ans, 0);
mpz_fdiv_r_ui(mpz_tmp, a, p);
mpz_set(arg, a);
/* First we make the argument closer to 1 by raising it to the p^(v-1) */
if (prec < p) {
v = 0; e = 1;
} else {
v = (unsigned long)(log(prec)/den); // v here is v-1
e = pow(p,v);
mpz_mul_ui(mpz_tmp, modulo, e);
mpz_powm_ui(arg, arg, e, mpz_tmp);
prec += v;
}
/* Where do we need to truncate the Taylor expansion */
N = prec+v; N /= ++v; // note the ++v
Np = N;
den *= v;
while(1) {
tmp = Np + (unsigned long)(log(N)/den);
if (tmp == N) break;
N = tmp;
}
/* We allocate memory and initialize variables */
mpz_init(f); mpz_init(mod2);
mpz_init(h); mpz_init(hpow);
mpz_init(d); mpz_init(inv);
sig_block();
num = (mpz_t*)malloc(N*sizeof(mpz_t));
denom = (mpz_t*)malloc(N*sizeof(mpz_t));
sig_unblock();
for (i = 0; i < N; i++) {
mpz_init(num[i]);
mpz_init(denom[i]);
}
trunc = v << 1;
mpz_init(trunc_mod);
mpz_ui_pow_ui(trunc_mod, p, trunc);
while(1) {
/* We compute f = 1 - a_i*p^((v+1)*2^i)
trunc_mod is p^((v+1)*2^(i+1)) */
mpz_fdiv_r(f, arg, trunc_mod);
if (mpz_cmp_ui(f, 1) != 0) {
mpz_ui_sub(f, 2, f);
mpz_mul(arg, arg, f);
/* We compute the Taylor expansion of log(f)
For now, computations are carried out over the rationals */
for (i = 0; i < N; i++) {
mpz_set_ui(num[i], 1);
mpz_set_ui(denom[i], i+1);
}
step = 1;
mpz_ui_sub(h, 1, f); // we write f = 1 - h, i.e. h = a_i*p^(2^i)
mpz_set(hpow, h);
while(step < N) {
for (i = 0; i < N - step; i += step << 1) {
mpz_mul(mpz_tmp2, hpow, num[i+step]);
mpz_mul(mpz_tmp, mpz_tmp2, denom[i]);
mpz_mul(num[i], num[i], denom[i+step]);
mpz_add(num[i], num[i], mpz_tmp);
mpz_mul(denom[i], denom[i], denom[i+step]);
}
step <<= 1;
mpz_mul(hpow, hpow, hpow);
}
/* We simplify the fraction */
Np = N; tmp = 0;
while(Np > 0) { Np /= p; tmp += Np; }
mpz_ui_pow_ui(d, p, tmp);
mpz_divexact(mpz_tmp, num[0], d);
mpz_divexact(denom[0], denom[0], d);
mpz_divexact_ui(h, h, e);
mpz_mul(mpz_tmp, h, mpz_tmp);
/* We coerce the result from Q to Zp */
mpz_gcdext(d, inv, NULL, denom[0], modulo);
mpz_mul(mpz_tmp, mpz_tmp, inv);
/* We add this contribution to log(f) */
mpz_add(ans, ans, mpz_tmp);
}
if (trunc > prec) break;
/* We update the variables for the next step */
mpz_mul(trunc_mod, trunc_mod, trunc_mod);
trunc <<= 1;
for (i = N >> 1; i < N; i++) {
mpz_clear(num[i]);
mpz_clear(denom[i]);
}
N >>= 1;
}
mpz_fdiv_r(ans, ans, modulo);
/* We clear memory */
mpz_clear(arg);
mpz_clear(f);
mpz_clear(trunc_mod);
mpz_clear(h);
mpz_clear(hpow);
mpz_clear(mpz_tmp);
mpz_clear(d);
mpz_clear(inv);
mpz_clear(mod2);
for (i = 0; i < N; i++) {
mpz_clear(num[i]);
mpz_clear(denom[i]);
}
sig_block();
free(num);
free(denom);
sig_unblock();
}
void doit(int t) {
int j;
SSL *ssl;
int wstat;
int sslctl[2];
char *s;
unsigned long tmp_long;
char ssl_cmd;
stralloc ssl_env = { 0 };
int bytesleft;
char envbuf[8192];
int childpid;
if (pipe(pi) == -1) strerr_die2sys(111,DROP,"unable to create pipe: ");
if (pipe(po) == -1) strerr_die2sys(111,DROP,"unable to create pipe: ");
if (socketpair(AF_UNIX, SOCK_STREAM, 0, sslctl) == -1) strerr_die2sys(111,DROP,"unable to create socketpair: ");
if ((j = ip_fmt(&remoteipsa,&remoteaddr)))
strerr_die3x(111,DROP,"unable to print remote ip",gai_strerror(j));
if (flagremotehost) {
if (dns_name(&remotehostsa,&remoteaddr) == 0)
if (remotehostsa.len) {
if (flagparanoid) {
struct addrinfo *reverse, hints = {0};
verifyhost = remoteipsa.s;
hints.ai_family = remoteaddr.sa4.sin_family;
if (remoteaddr.sa6.sin6_family == AF_INET6) {
hints.ai_flags = AI_V4MAPPED | AI_ALL;
}
if (getaddrinfo(remotehostsa.s, NULL, &hints, &reverse) == 0) {
hints.ai_next = reverse;
while (hints.ai_next) {
if (hints.ai_next->ai_family == AF_INET
&& remoteaddr.sa4.sin_family == AF_INET
&& byte_equal(&remoteaddr.sa4.sin_addr, 4, &((struct sockaddr_in*) hints.ai_next->ai_addr)->sin_addr)
|| hints.ai_next->ai_family == AF_INET6
&& remoteaddr.sa6.sin6_family == AF_INET6
&& byte_equal(remoteaddr.sa6.sin6_addr.s6_addr, 16,
&((struct sockaddr_in6*) hints.ai_next->ai_addr)->sin6_addr.s6_addr)) {
flagparanoid = 0;
break;
}
hints.ai_next = hints.ai_next->ai_next;
}
freeaddrinfo(reverse);
}
}
if (!flagparanoid) {
remotehost = remotehostsa.s;
verifyhost = remotehostsa.s;
}
}
}
switch(childpid=fork()) {
case -1:
strerr_die2sys(111,DROP,"unable to fork: ");
case 0:
/* Child */
close(sslctl[0]);
break;
default:
/* Parent */
close(pi[0]); close(po[1]); close(sslctl[1]);
if ((s=env_get("SSL_CHROOT")))
if (chroot(s) == -1) {
kill(childpid, SIGTERM);
strerr_die2x(111,DROP,"unable to chroot");
}
if ((s=env_get("SSL_GID"))) {
scan_ulong(s,&tmp_long);
gid = tmp_long;
}
if (gid) if (prot_gid(gid) == -1) {
kill(childpid, SIGTERM);
strerr_die2sys(111,FATAL,"unable to set gid: ");
}
if ((s=env_get("SSL_UID"))) {
scan_ulong(s,&tmp_long);
uid = tmp_long;
}
if (uid)
if (prot_uid(uid) == -1) {
kill(childpid, SIGTERM);
strerr_die2sys(111,FATAL,"unable to set uid: ");
}
/* Read the TLS command socket. This will block until/unless
* TLS is requested.
*/
if (read(sslctl[0],&ssl_cmd,1) == 1) {
ssl = ssl_new(ctx,t);
if (!ssl) {
kill(childpid, SIGTERM);
strerr_die2x(111,DROP,"unable to create SSL instance");
}
if (ndelay_on(t) == -1) {
kill(childpid, SIGTERM);
strerr_die2sys(111,DROP,"unable to set socket options: ");
}
if (ssl_timeoutaccept(ssl,ssltimeout) == -1) {
kill(childpid, SIGTERM);
strerr_die3x(111,DROP,"unable to accept SSL: ",ssl_error_str(ssl_errno));
}
}
if (verbosity >= 2) {
strnum[fmt_ulong(strnum,getpid())] = 0;
strerr_warn3("sslserver: ssl ",strnum," accept ",0);
}
if (flagclientcert) {
switch(ssl_verify(ssl,verifyhost)) {
case -1:
kill(childpid, SIGTERM);
strerr_die2x(111,DROP,"unable to verify client certificate");
case -2:
kill(childpid, SIGTERM);
strerr_die2x(111,DROP,"no client certificate");
case -3:
kill(childpid, SIGTERM);
strerr_die3x(111,DROP,"certificate name does not match client fqdn: ",verifyhost);
default: break;
}
}
if (ssl_cmd == 'Y') {
ssl_server_env(ssl, &ssl_env);
if(!stralloc_0(&ssl_env)) drop_nomem(); /* Add another NUL */
env("SSLCTL",ssl_env.s);
for(bytesleft = ssl_env.len; bytesleft>0; bytesleft-=j)
if ( (j=write(sslctl[0], ssl_env.s, bytesleft)) < 0) {
kill(childpid, SIGTERM);
strerr_die2sys(111, FATAL, "unable to write SSL environment: ");
}
}
if (ssl_cmd == 'Y' || ssl_cmd == 'y') {
if (ssl_io(ssl,pi[1],po[0],progtimeout) != 0) {
kill(childpid, SIGTERM);
strerr_die3x(111,DROP,"unable to speak SSL: ",ssl_error_str(ssl_errno));
}
if (wait_nohang(&wstat) > 0)
_exit(wait_exitcode(wstat));
ssl_close(ssl);
}
kill(childpid, SIGTERM);
_exit(0);
}
/* Child-only below this point */
if (verbosity >= 2) {
strnum[fmt_ulong(strnum,getpid())] = 0;
strerr_warn4("sslserver: pid ",strnum," from ",remoteipsa.s,0);
}
if (socket_local(t,&localaddr,&localport) == -1)
strerr_die2sys(111,DROP,"unable to get local address: ");
if ((j = ip_fmt(&localipsa,&localaddr)))
strerr_die3x(111,DROP,"unable to print local address: ",gai_strerror(j));
remoteportstr[fmt_ulong(remoteportstr,remoteport)] = 0;
if (!localhost)
if (dns_name(&localhostsa,&localaddr) == 0)
if (localhostsa.len) {
if (!stralloc_0(&localhostsa)) drop_nomem();
localhost = localhostsa.s;
}
/* If remoteipsa.s contain ':' colon character will assume it is IPv6 */
if (byte_chr(remoteipsa.s, remoteipsa.len, ':') < remoteipsa.len)
env("PROTO","SSL6");
else
env("PROTO","SSL");
env("SSLLOCALIP",localipsa.s);
env("SSLLOCALPORT",localportstr);
env("SSLLOCALHOST",localhost);
if (flagtcpenv) {
env("TCPLOCALIP",localipsa.s);
env("TCPLOCALPORT",localportstr);
env("TCPLOCALHOST",localhost);
}
env("SSLREMOTEIP",remoteipsa.s);
env("SSLREMOTEPORT",remoteportstr);
env("SSLREMOTEHOST",remotehost);
if (flagtcpenv) {
env("TCPREMOTEIP",remoteipsa.s);
env("TCPREMOTEPORT",remoteportstr);
env("TCPREMOTEHOST",remotehost);
}
if (flagremoteinfo) {
if (remoteinfo(&tcpremoteinfo,&remoteaddr,&localaddr,timeout) == -1)
flagremoteinfo = 0;
if (!stralloc_0(&tcpremoteinfo)) drop_nomem();
}
env("SSLREMOTEINFO",flagremoteinfo ? tcpremoteinfo.s : 0);
if (flagtcpenv)
env("TCPREMOTEINFO",flagremoteinfo ? tcpremoteinfo.s : 0);
if (fnrules) {
int fdrules;
fdrules = open_read(fnrules);
if (fdrules == -1) {
if (errno != error_noent) drop_rules();
if (!flagallownorules) drop_rules();
}
else {
if (rules(found,fdrules,&remoteaddr,remotehost,flagremoteinfo ? tcpremoteinfo.s : 0) == -1)
drop_rules();
close(fdrules);
}
}
if (verbosity >= 2) {
strnum[fmt_ulong(strnum,getpid())] = 0;
if (!stralloc_copys(&tmp,"sslserver: ")) drop_nomem();
safecats(flagdeny ? "deny" : "ok");
cats(" "); safecats(strnum);
cats(" "); if (localhost) safecats(localhost);
cats(":"); safecats(localipsa.s);
cats(":"); safecats(localportstr);
cats(" "); if (remotehost) safecats(remotehost);
cats(":"); safecats(remoteipsa.s);
cats(":"); if (flagremoteinfo) safecats(tcpremoteinfo.s);
cats(":"); safecats(remoteportstr);
cats("\n");
buffer_putflush(buffer_2,tmp.s,tmp.len);
}
if (flagdeny) _exit(100);
if (gid) if (prot_gid(gid) == -1)
strerr_die2sys(111,FATAL,"unable to set gid: ");
if (uid) if (prot_uid(uid) == -1)
strerr_die2sys(111,FATAL,"unable to set uid: ");
close(pi[1]); close(po[0]); close(sslctl[0]);
sig_uncatch(sig_child);
sig_unblock(sig_child);
sig_uncatch(sig_term);
sig_uncatch(sig_pipe);
if (fcntl(sslctl[1],F_SETFD,0) == -1)
strerr_die2sys(111,FATAL,"unable to clear close-on-exec flag");
strnum[fmt_ulong(strnum,sslctl[1])]=0;
env("SSLCTLFD",strnum);
if (fcntl(pi[0],F_SETFD,0) == -1)
strerr_die2sys(111,FATAL,"unable to clear close-on-exec flag");
strnum[fmt_ulong(strnum,pi[0])]=0;
env("SSLREADFD",strnum);
if (fcntl(po[1],F_SETFD,0) == -1)
strerr_die2sys(111,FATAL,"unable to clear close-on-exec flag");
strnum[fmt_ulong(strnum,po[1])]=0;
env("SSLWRITEFD",strnum);
if (flagsslwait) {
if (fd_copy(0,t) == -1)
strerr_die2sys(111,DROP,"unable to set up descriptor 0: ");
if (fd_copy(1,t) == -1)
strerr_die2sys(111,DROP,"unable to set up descriptor 1: ");
} else {
if (fd_move(0,pi[0]) == -1)
strerr_die2sys(111,DROP,"unable to set up descriptor 0: ");
if (fd_move(1,po[1]) == -1)
strerr_die2sys(111,DROP,"unable to set up descriptor 1: ");
}
if (flagkillopts)
socket_ipoptionskill(t);
if (!flagdelay)
socket_tcpnodelay(t);
if (*banner) {
buffer_init(&b,buffer_unixwrite,1,bspace,sizeof bspace);
if (buffer_putsflush(&b,banner) == -1)
strerr_die2sys(111,DROP,"unable to print banner: ");
}
if (!flagsslwait) {
ssl_cmd = flagsslenv ? 'Y' : 'y';
if (write(sslctl[1], &ssl_cmd, 1) < 1)
strerr_die2sys(111,DROP,"unable to start SSL: ");
if (flagsslenv) {
while ((j=read(sslctl[1],envbuf,8192)) > 0) {
stralloc_catb(&ssl_env,envbuf,j);
if (ssl_env.len >= 2 && ssl_env.s[ssl_env.len-2]==0 && ssl_env.s[ssl_env.len-1]==0)
break;
}
if (j < 0)
strerr_die2sys(111,DROP,"unable to read SSL environment: ");
pathexec_multienv(&ssl_env);
}
}
pathexec(prog);
strerr_die4sys(111,DROP,"unable to run ",*prog,": ");
}
int run(char *cmd)
{
int status, result, i = 0;
char *args[NUM_ARGS + 1], *arg, *backup;
pid_t pid;
/* We must create a copy that is possible to modify. */
backup = arg = strdup(cmd);
if (!arg)
return 1; /* Failed allocating a string to be modified. */
/* Split command line into tokens of an argv[] array. */
args[i++] = strsep(&arg, "\t ");
while (arg && i < NUM_ARGS) {
/* Handle run("su -c \"dbus-daemon --system\" messagebus");
* => "su", "-c", "\"dbus-daemon --system\"", "messagebus" */
if (*arg == '\'' || *arg == '"') {
char *p, delim[2] = " ";
delim[0] = arg[0];
args[i++] = arg++;
strsep(&arg, delim);
p = arg - 1;
*p = *delim;
*arg++ = 0;
} else {
args[i++] = strsep(&arg, "\t ");
}
}
args[i] = NULL;
#if 0
_e("Splitting: '%s' =>", cmd);
for (i = 0; args[i]; i++)
_e("\t%s", args[i]);
#endif
if (i == NUM_ARGS && args[i]) {
_e("Command too long: %s", cmd);
free(backup);
errno = EOVERFLOW;
return 1;
}
pid = fork();
if (0 == pid) {
int i;
FILE *fp;
struct sigaction sa;
/* Reset signal handlers that were set by the parent process */
for (i = 1; i < NSIG; i++)
DFLSIG(sa, i, 0);
/* Always redirect stdio for run() */
fp = fopen("/dev/null", "w");
if (fp) {
int fd = fileno(fp);
dup2(fd, STDIN_FILENO);
dup2(fd, STDOUT_FILENO);
dup2(fd, STDERR_FILENO);
}
sig_unblock();
execvp(args[0], args);
_exit(1); /* Only if execv() fails. */
} else if (-1 == pid) {
_pe("%s", args[0]);
free(backup);
return -1;
}
status = complete(args[0], pid);
if (-1 == status) {
free(backup);
return 1;
}
result = WEXITSTATUS(status);
if (WIFEXITED(status)) {
_d("Started %s and ended OK: %d", args[0], result);
} else if (WIFSIGNALED(status)) {
_d("Process %s terminated by signal %d", args[0], WTERMSIG(status));
if (!result)
result = 1; /* Must alert callee that the command did complete successfully.
* This is necessary since not all programs trap signals and
* change their return code accordingly. --Jocke */
}
free(backup);
return result;
}
int main (int argc, const char * const *argv, char * const *envp) {
const char * prog[2];
int pid, pid2;
int wstat;
int st;
iopause_fd x;
#ifndef IOPAUSE_POLL
fd_set rfds;
struct timeval t;
#endif
char ch;
int ttyfd;
struct stat s;
if (getpid() != 1) strerr_die2x(111, FATAL, "must be run as process no 1.");
setsid();
sig_block(sig_alarm);
sig_block(sig_child);
sig_catch(sig_child, sig_child_handler);
sig_block(sig_cont);
sig_catch(sig_cont, sig_cont_handler);
sig_block(sig_hangup);
sig_block(sig_int);
sig_catch(sig_int, sig_int_handler);
sig_block(sig_pipe);
sig_block(sig_term);
/* console */
if ((ttyfd =open_write("/dev/console")) != -1) {
dup2(ttyfd, 0); dup2(ttyfd, 1); dup2(ttyfd, 2);
if (ttyfd > 2) close(ttyfd);
}
/* create selfpipe */
while (pipe(selfpipe) == -1) {
strerr_warn2(FATAL, "unable to create selfpipe, pausing: ", &strerr_sys);
sleep(5);
}
coe(selfpipe[0]);
coe(selfpipe[1]);
ndelay_on(selfpipe[0]);
ndelay_on(selfpipe[1]);
#ifdef RB_DISABLE_CAD
/* activate ctrlaltdel handling, glibc, dietlibc */
if (RB_DISABLE_CAD == 0) reboot_system(0);
#endif
strerr_warn3(INFO, "$Id: 25da3b86f7bed4038b8a039d2f8e8c9bbcf0822b $",
": booting.", 0);
/* runit */
for (st =0; st < 3; st++) {
/* if (st == 2) logwtmp("~", "reboot", ""); */
while ((pid =fork()) == -1) {
strerr_warn4(FATAL, "unable to fork for \"", stage[st], "\" pausing: ",
&strerr_sys);
sleep(5);
}
if (!pid) {
/* child */
prog[0] =stage[st];
prog[1] =0;
/* stage 1 gets full control of console */
if (st == 0) {
if ((ttyfd =open("/dev/console", O_RDWR)) != -1) {
#ifdef TIOCSCTTY
ioctl(ttyfd, TIOCSCTTY, (char *)0);
#endif
dup2(ttyfd, 0);
if (ttyfd > 2) close(ttyfd);
}
else
strerr_warn2(WARNING, "unable to open /dev/console: ", &strerr_sys);
}
else
setsid();
sig_unblock(sig_alarm);
sig_unblock(sig_child);
sig_uncatch(sig_child);
sig_unblock(sig_cont);
sig_ignore(sig_cont);
sig_unblock(sig_hangup);
sig_unblock(sig_int);
sig_uncatch(sig_int);
sig_unblock(sig_pipe);
sig_unblock(sig_term);
strerr_warn3(INFO, "enter stage: ", stage[st], 0);
execve(*prog, (char *const *)prog, envp);
strerr_die4sys(0, FATAL, "unable to start child: ", stage[st], ": ");
}
x.fd =selfpipe[0];
x.events =IOPAUSE_READ;
for (;;) {
int child;
sig_unblock(sig_child);
sig_unblock(sig_cont);
sig_unblock(sig_int);
#ifdef IOPAUSE_POLL
poll(&x, 1, 14000);
#else
t.tv_sec =14; t.tv_usec =0;
FD_ZERO(&rfds);
FD_SET(x.fd, &rfds);
select(x.fd +1, &rfds, (fd_set*)0, (fd_set*)0, &t);
#endif
sig_block(sig_cont);
sig_block(sig_child);
sig_block(sig_int);
while (read(selfpipe[0], &ch, 1) == 1) {}
while ((child =wait_nohang(&wstat)) > 0)
if (child == pid) break;
if (child == -1) {
strerr_warn2(WARNING, "wait_nohang, pausing: ", &strerr_sys);
sleep(5);
}
/* reget stderr */
if ((ttyfd =open_write("/dev/console")) != -1) {
dup2(ttyfd, 2);
if (ttyfd > 2) close(ttyfd);
}
if (child == pid) {
if (wait_exitcode(wstat) != 0) {
if (wait_crashed(wstat))
strerr_warn3(WARNING, "child crashed: ", stage[st], 0);
else
strerr_warn3(WARNING, "child failed: ", stage[st], 0);
if (st == 0)
/* this is stage 1 */
if (wait_crashed(wstat) || (wait_exitcode(wstat) == 100)) {
strerr_warn3(INFO, "leave stage: ", stage[st], 0);
strerr_warn2(WARNING, "skipping stage 2...", 0);
st++;
break;
}
if (st == 1)
/* this is stage 2 */
if (wait_crashed(wstat) || (wait_exitcode(wstat) == 111)) {
strerr_warn2(WARNING, "killing all processes in stage 2...", 0);
kill(-pid, 9);
sleep(5);
strerr_warn2(WARNING, "restarting.", 0);
st--;
break;
}
}
strerr_warn3(INFO, "leave stage: ", stage[st], 0);
break;
}
if (child != 0) {
/* collect terminated children */
write(selfpipe[1], "", 1);
continue;
}
/* sig? */
if (!sigc && !sigi) {
#ifdef DEBUG
strerr_warn2(WARNING, "poll: ", &strerr_sys);
#endif
continue;
}
if (st != 1) {
strerr_warn2(WARNING, "signals only work in stage 2.", 0);
sigc =sigi =0;
continue;
}
if (sigi && (stat(CTRLALTDEL, &s) != -1) && (s.st_mode & S_IXUSR)) {
strerr_warn2(INFO, "ctrl-alt-del request...", 0);
prog[0] =CTRLALTDEL; prog[1] =0;
while ((pid2 =fork()) == -1) {
strerr_warn4(FATAL, "unable to fork for \"", CTRLALTDEL,
"\" pausing: ", &strerr_sys);
sleep(5);
}
if (!pid2) {
/* child */
strerr_warn3(INFO, "enter stage: ", prog[0], 0);
execve(*prog, (char *const *) prog, envp);
strerr_die4sys(0, FATAL, "unable to start child: ", prog[0], ": ");
}
if (wait_pid(&wstat, pid2) == -1)
strerr_warn2(FATAL, "wait_pid: ", &strerr_sys);
if (wait_crashed(wstat))
strerr_warn3(WARNING, "child crashed: ", CTRLALTDEL, 0);
strerr_warn3(INFO, "leave stage: ", prog[0], 0);
sigi =0;
sigc++;
}
if (sigc && (stat(STOPIT, &s) != -1) && (s.st_mode & S_IXUSR)) {
int i;
/* unlink(STOPIT); */
chmod(STOPIT, 0);
/* kill stage 2 */
#ifdef DEBUG
strerr_warn2(WARNING, "sending sigterm...", 0);
#endif
kill(pid, sig_term);
i =0;
while (i < 5) {
if ((child =wait_nohang(&wstat)) == pid) {
#ifdef DEBUG
strerr_warn2(WARNING, "stage 2 terminated.", 0);
#endif
pid =0;
break;
}
if (child) continue;
if (child == -1)
strerr_warn2(WARNING, "wait_nohang: ", &strerr_sys);
#ifdef DEBUG
strerr_warn2(WARNING, "waiting...", 0);
#endif
sleep(1);
i++;
}
if (pid) {
/* still there */
strerr_warn2(WARNING,
"stage 2 not terminated, sending sigkill...", 0);
kill(pid, 9);
if (wait_pid(&wstat, pid) == -1)
strerr_warn2(WARNING, "wait_pid: ", &strerr_sys);
}
sigc =0;
strerr_warn3(INFO, "leave stage: ", stage[st], 0);
/* enter stage 3 */
break;
}
sigc =sigi =0;
#ifdef DEBUG
strerr_warn2(WARNING, "no request.", 0);
#endif
}
}
/* reget stderr */
if ((ttyfd =open_write("/dev/console")) != -1) {
dup2(ttyfd, 2);
if (ttyfd > 2) close(ttyfd);
}
#ifdef RB_AUTOBOOT
/* fallthrough stage 3 */
strerr_warn2(INFO, "sending KILL signal to all processes...", 0);
kill(-1, SIGKILL);
pid =fork();
switch (pid) {
case 0:
case -1:
if ((stat(REBOOT, &s) != -1) && (s.st_mode & S_IXUSR)) {
strerr_warn2(INFO, "system reboot.", 0);
sync();
reboot_system(RB_AUTOBOOT);
}
else {
#ifdef RB_POWER_OFF
strerr_warn2(INFO, "power off...", 0);
sync();
reboot_system(RB_POWER_OFF);
sleep(2);
#endif
#ifdef RB_HALT_SYSTEM
strerr_warn2(INFO, "system halt.", 0);
sync();
reboot_system(RB_HALT_SYSTEM);
#else
#ifdef RB_HALT
strerr_warn2(INFO, "system halt.", 0);
sync();
reboot_system(RB_HALT);
#else
strerr_warn2(INFO, "system reboot.", 0);
sync();
reboot_system(RB_AUTOBOOT);
#endif
#endif
}
if (pid == 0) _exit(0);
break;
default:
sig_unblock(sig_child);
while (wait_pid(0, pid) == -1);
}
#endif
for (;;) sig_pause();
/* not reached */
strerr_die2x(0, INFO, "exit.");
return(0);
}
int main(int argc,char * const *argv) {
const char *hostname;
int opt;
char *x;
unsigned long u;
int s;
int t;
int flagv4 = 1, flagv6 = 1, rc;
struct addrinfo *localai = NULL, hints = {0}, *ai;
while ((opt = getopt(argc,argv,"dDvqQhHrR1UXx:t:T:u:g:l:b:B:c:pPoO3IiEeSsw:nN46")) != opteof)
switch(opt) {
case 'b': scan_ulong(optarg,&backlog); break;
case 'c': scan_ulong(optarg,&limit); break;
case 'X': flagallownorules = 1; break;
case 'x': fnrules = optarg; break;
case 'B': banner = optarg; break;
case 'd': flagdelay = 1; break;
case 'D': flagdelay = 0; break;
case 'v': verbosity = 2; break;
case 'q': verbosity = 0; break;
case 'Q': verbosity = 1; break;
case 'P': flagparanoid = 0; break;
case 'p': flagparanoid = 1; break;
case 'O': flagkillopts = 1; break;
case 'o': flagkillopts = 0; break;
case 'H': flagremotehost = 0; break;
case 'h': flagremotehost = 1; break;
case 'R': flagremoteinfo = 0; break;
case 'r': flagremoteinfo = 1; break;
case 't': scan_ulong(optarg,&timeout); break;
case 'T': scan_ulong(optarg,&ssltimeout); break;
case 'w': scan_uint(optarg,&progtimeout); break;
case 'U': x = env_get("UID"); if (x) scan_ulong(x,&uid);
x = env_get("GID"); if (x) scan_ulong(x,&gid); break;
case 'u': scan_ulong(optarg,&uid); break;
case 'g': scan_ulong(optarg,&gid); break;
case '1': flag1 = 1; break;
case 'l': localhost = optarg; break;
case '3': flag3 = 1; break;
case 'I': flagclientcert = 0; break;
case 'i': flagclientcert = 1; break;
case 'S': flagsslenv = 0; break;
case 's': flagsslenv = 1; break;
case 'E': flagtcpenv = 0; break;
case 'e': flagtcpenv = 1; break;
case 'n': flagsslwait = 1; break;
case 'N': flagsslwait = 0; break;
case '4': flagv6 = 0; break;
case '6': flagv4 = 0; break;
default: usage();
}
if (flagv4 == flagv6) { flagv4 = flagv6 = 1; }
argc -= optind;
argv += optind;
if (!verbosity)
buffer_2->fd = -1;
hostname = *argv++;
if (!hostname) usage();
if (str_equal(hostname,"")) hostname = NULL;
if (str_equal(hostname,"0")) hostname = NULL;
x = *argv++;
if (!x) usage();
prog = argv;
if (!*argv) usage();
hints.ai_family = flagv4 == flagv6 ? AF_UNSPEC : flagv4 ? AF_INET : AF_INET6;
hints.ai_socktype = SOCK_STREAM;
hints.ai_flags = AI_PASSIVE;
if ((rc = getaddrinfo(hostname, x, &hints, &localai))) {
strerr_die(111,FATAL "unable to figure out address for ", hostname ? hostname : "0",
" ",x,": ",gai_strerror(rc),0);
}
if (!localai) {
strerr_die2x(111,FATAL,"address not found");
}
if (x = env_get("VERIFYDEPTH")) {
scan_ulong(x,&u);
verifydepth = u;
}
if (x = env_get("CAFILE")) cafile = x;
if (cafile && str_equal(cafile,"")) cafile = 0;
if (x = env_get("CCAFILE")) ccafile = x;
if (ccafile && str_equal(ccafile,"")) ccafile = 0;
if (!flagclientcert) ccafile = 0;
if (x = env_get("CADIR")) cadir = x;
if (cadir && str_equal(cadir,"")) cadir= 0;
if (x = env_get("CERTCHAINFILE")) certchainfile = x;
if (certchainfile && str_equal(certchainfile,"")) certchainfile = 0;
if (x = env_get("CERTFILE")) certfile = x;
if (certfile && str_equal(certfile,"")) certfile = 0;
if (x = env_get("KEYFILE")) keyfile = x;
if (keyfile && str_equal(keyfile,"")) keyfile = 0;
if (x = env_get("DHFILE")) dhfile = x;
if (dhfile && str_equal(dhfile,"")) dhfile = 0;
if (x = env_get("CIPHERS")) ciphers = x;
if (ciphers && str_equal(ciphers,"")) ciphers = 0;
sig_block(sig_child);
sig_catch(sig_child,sigchld);
sig_catch(sig_term,sigterm);
sig_ignore(sig_pipe);
for (ai = localai; ai; ai = ai->ai_next) {
s = socket_tcp(ai->ai_family, ai->ai_protocol);
if (s == -1)
strerr_die2sys(111,FATAL,"unable to create socket: ");
if (socket_bind_reuse(s,ai) == -1)
strerr_die2sys(111,FATAL,"unable to bind: ");
if (socket_local(s,&localaddr,&localport) == -1)
strerr_die2sys(111,FATAL,"unable to get local address: ");
if (socket_listen(s,backlog) == -1)
strerr_die2sys(111,FATAL,"unable to listen: ");
break;
}
freeaddrinfo(localai); localai = NULL;
ndelay_off(s);
localportstr[fmt_ulong(localportstr,localport)] = 0;
if (flag1) {
buffer_init(&b,buffer_unixwrite,1,bspace,sizeof bspace);
buffer_puts(&b,localportstr);
buffer_puts(&b,"\n");
buffer_flush(&b);
}
if (flag3) read_passwd();
ctx = ssl_server();
ssl_errstr();
if (!ctx) strerr_die2x(111,FATAL,"unable to create SSL context");
if (certchainfile) {
switch (ssl_chainfile(ctx,certchainfile,keyfile,passwd_cb)) {
case -1: strerr_die2x(111,FATAL,"unable to load certificate chain file");
case -2: strerr_die2x(111,FATAL,"unable to load key");
case -3: strerr_die2x(111,FATAL,"key does not match certificate");
default: break;
}
}
else {
switch (ssl_certkey(ctx,certfile,keyfile,passwd_cb)) {
case -1: strerr_die2x(111,FATAL,"unable to load certificate");
case -2: strerr_die2x(111,FATAL,"unable to load key");
case -3: strerr_die2x(111,FATAL,"key does not match certificate");
default: break;
}
}
if (!ssl_ca(ctx,cafile,cadir,verifydepth))
strerr_die2x(111,FATAL,"unable to load CA list");
if (!ssl_cca(ctx,ccafile))
strerr_die2x(111,FATAL,"unable to load client CA list");
if (!ssl_params(ctx,dhfile,rsalen))
strerr_die2x(111,FATAL,"unable to set DH/RSA parameters");
if (!ssl_ciphers(ctx,ciphers))
strerr_die2x(111,FATAL,"unable to set cipher list");
if (verbosity >= 2) {
strnum[fmt_ulong(strnum,getpid())] = 0;
strnum2[fmt_ulong(strnum2,rsalen)] = 0;
strerr_warn4("sslserver: cafile ",strnum," ",cafile,0);
strerr_warn4("sslserver: ccafile ",strnum," ",ccafile,0);
strerr_warn4("sslserver: cadir ",strnum," ",cadir,0);
strerr_warn4("sslserver: chainfile ",strnum," ",certchainfile,0);
strerr_warn4("sslserver: cert ",strnum," ",certfile,0);
strerr_warn4("sslserver: key ",strnum," ",keyfile,0);
strerr_warn6("sslserver: param ",strnum," ",dhfile," ",strnum2,0);
}
close(0); open_read("/dev/null");
close(1); open_append("/dev/null");
printstatus();
for (;;) {
while (numchildren >= limit) sig_pause();
sig_unblock(sig_child);
t = socket_accept(s,&remoteaddr,&remoteport);
sig_block(sig_child);
if (t == -1) continue;
++numchildren; printstatus();
switch(fork()) {
case 0:
close(s);
doit(t);
strerr_die4sys(111,DROP,"unable to run ",*argv,": ");
case -1:
strerr_warn2(DROP,"unable to fork: ",&strerr_sys);
--numchildren; printstatus();
}
close(t);
}
}
