int
metadata_write(struct hast_resource *res)
{
struct ebuf *eb;
struct nv *nv;
unsigned char *buf, *ptr;
size_t size;
ssize_t done;
int ret;
buf = calloc(1, METADATA_SIZE);
if (buf == NULL) {
pjdlog_error("Unable to allocate %zu bytes for metadata.",
(size_t)METADATA_SIZE);
return (-1);
}
ret = -1;
nv = nv_alloc();
nv_add_string(nv, res->hr_name, "resource");
nv_add_uint64(nv, (uint64_t)res->hr_datasize, "datasize");
nv_add_uint32(nv, (uint32_t)res->hr_extentsize, "extentsize");
nv_add_uint32(nv, (uint32_t)res->hr_keepdirty, "keepdirty");
nv_add_uint64(nv, (uint64_t)res->hr_localoff, "offset");
nv_add_uint64(nv, res->hr_resuid, "resuid");
if (res->hr_role == HAST_ROLE_PRIMARY ||
res->hr_role == HAST_ROLE_INIT) {
nv_add_uint64(nv, res->hr_primary_localcnt, "localcnt");
nv_add_uint64(nv, res->hr_primary_remotecnt, "remotecnt");
} else /* if (res->hr_role == HAST_ROLE_SECONDARY) */ {
PJDLOG_ASSERT(res->hr_role == HAST_ROLE_SECONDARY);
nv_add_uint64(nv, res->hr_secondary_localcnt, "localcnt");
nv_add_uint64(nv, res->hr_secondary_remotecnt, "remotecnt");
}
nv_add_string(nv, role2str(res->hr_role), "prevrole");
if (nv_error(nv) != 0) {
pjdlog_error("Unable to create metadata.");
goto end;
}
res->hr_previous_role = res->hr_role;
eb = nv_hton(nv);
PJDLOG_ASSERT(eb != NULL);
ptr = ebuf_data(eb, &size);
PJDLOG_ASSERT(ptr != NULL);
PJDLOG_ASSERT(size < METADATA_SIZE);
bcopy(ptr, buf, size);
done = pwrite(res->hr_localfd, buf, METADATA_SIZE, 0);
if (done == -1 || done != METADATA_SIZE) {
pjdlog_errno(LOG_ERR, "Unable to write metadata");
goto end;
}
ret = 0;
end:
free(buf);
nv_free(nv);
return (ret);
}
void
hastd_secondary(struct hast_resource *res, struct nv *nvin)
{
sigset_t mask;
pthread_t td;
pid_t pid;
int error, mode, debuglevel;
/*
* Create communication channel between parent and child.
*/
if (proto_client(NULL, "socketpair://", &res->hr_ctrl) < 0) {
KEEP_ERRNO((void)pidfile_remove(pfh));
pjdlog_exit(EX_OSERR,
"Unable to create control sockets between parent and child");
}
/*
* Create communication channel between child and parent.
*/
if (proto_client(NULL, "socketpair://", &res->hr_event) < 0) {
KEEP_ERRNO((void)pidfile_remove(pfh));
pjdlog_exit(EX_OSERR,
"Unable to create event sockets between child and parent");
}
pid = fork();
if (pid < 0) {
KEEP_ERRNO((void)pidfile_remove(pfh));
pjdlog_exit(EX_OSERR, "Unable to fork");
}
if (pid > 0) {
/* This is parent. */
proto_close(res->hr_remotein);
res->hr_remotein = NULL;
proto_close(res->hr_remoteout);
res->hr_remoteout = NULL;
/* Declare that we are receiver. */
proto_recv(res->hr_event, NULL, 0);
/* Declare that we are sender. */
proto_send(res->hr_ctrl, NULL, 0);
res->hr_workerpid = pid;
return;
}
gres = res;
mode = pjdlog_mode_get();
debuglevel = pjdlog_debug_get();
/* Declare that we are sender. */
proto_send(res->hr_event, NULL, 0);
/* Declare that we are receiver. */
proto_recv(res->hr_ctrl, NULL, 0);
descriptors_cleanup(res);
descriptors_assert(res, mode);
pjdlog_init(mode);
pjdlog_debug_set(debuglevel);
pjdlog_prefix_set("[%s] (%s) ", res->hr_name, role2str(res->hr_role));
setproctitle("%s (%s)", res->hr_name, role2str(res->hr_role));
PJDLOG_VERIFY(sigemptyset(&mask) == 0);
PJDLOG_VERIFY(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);
/* Error in setting timeout is not critical, but why should it fail? */
if (proto_timeout(res->hr_remotein, 2 * HAST_KEEPALIVE) < 0)
pjdlog_errno(LOG_WARNING, "Unable to set connection timeout");
if (proto_timeout(res->hr_remoteout, res->hr_timeout) < 0)
pjdlog_errno(LOG_WARNING, "Unable to set connection timeout");
init_local(res);
init_environment();
if (drop_privs(res) != 0)
exit(EX_CONFIG);
pjdlog_info("Privileges successfully dropped.");
/*
* Create the control thread before sending any event to the parent,
* as we can deadlock when parent sends control request to worker,
* but worker has no control thread started yet, so parent waits.
* In the meantime worker sends an event to the parent, but parent
* is unable to handle the event, because it waits for control
* request response.
*/
error = pthread_create(&td, NULL, ctrl_thread, res);
PJDLOG_ASSERT(error == 0);
init_remote(res, nvin);
event_send(res, EVENT_CONNECT);
error = pthread_create(&td, NULL, recv_thread, res);
PJDLOG_ASSERT(error == 0);
error = pthread_create(&td, NULL, disk_thread, res);
PJDLOG_ASSERT(error == 0);
(void)send_thread(res);
}
int cmd_pan_discovery(struct command *cmd)
{
int role = AFFIX_PAN_NAP;
int fd, i, found = 0;
__u32 length = 8;
int err;
INQUIRY_ITEM devs[20];
char *devnames[20];
char name[248];
__u8 num;
uint16_t ServiceID;
uint16_t count;
slist_t *searchList = NULL;
slist_t *attrList = NULL;
slist_t *svcList = NULL;
sdpsvc_t *svcRec;
struct sockaddr_affix saddr;
__argv = &__argv[optind];
if (*__argv) {
role = str2role(*__argv);
if (!role) {
fprintf(stderr, "invalid role: %s\n", *__argv);
return 1;
}
if (*(++__argv))
sscanf(*__argv, "%x", &length);
}
fd = hci_open(btdev);
if (fd < 0) {
printf("Unable to open device %s: %s\n", btdev, strerror(errno));
return -1;
}
printf("Searching %d sec ...\n", length);
err = HCI_Inquiry(fd, length, 20, devs, &num);
if (err) {
fprintf(stderr, "%s\n", hci_error(err));
exit(1);
}
if (num == 0) {
printf("done.\nNo devices found.\n");
} else {
printf("Searching done. Checking for service %s ...\n", role2str(role));
btdev_cache_reload();
btdev_cache_retire();
for (i = 0; i < num; i++) {
if (!(devs[i].Class_of_Device & HCI_COD_NETWORKING))
continue;
saddr.family = PF_AFFIX;
saddr.bda = devs[i].bda;
saddr.devnum = HCIDEV_ANY;
printf("% 2d: %s ", ++found, bda2str(&saddr.bda));
devs[i].Clock_Offset |= 0x8000;
err = HCI_RemoteNameRequest(fd, &devs[i], name);
if (!err)
devnames[i] = strdup(name);
else
devnames[i] = NULL;
printf("(%s)... ", name);
#if defined(CONFIG_AFFIX_SDP)
if (role == AFFIX_PAN_NAP)
ServiceID = SDP_UUID_NAP;
else if (role == AFFIX_PAN_GN)
ServiceID = SDP_UUID_GN;
else
ServiceID = SDP_UUID_PANU;
/* search for service ServiceID */
s_list_append_uuid16(&searchList, ServiceID);
/* set attributes to find */
s_list_append_uint(&attrList, SDP_ATTR_SERVICE_RECORD_HANDLE);
s_list_append_uint(&attrList, SDP_ATTR_PROTO_DESC_LIST);
err = __sdp_search_attr_req(&saddr, searchList, IndividualAttributes, attrList, 0xffff, &svcList, &count);
s_list_destroy(&searchList);
s_list_free(&attrList);
hci_disconnect(&saddr);
if (err) {
//fprintf(stderr, "%s\n", sdp_error(err));
printf("no\n");
continue;
}
if (count == 0) {
printf("no\n");
continue;
}
printf("yes\n");
svcRec = s_list_dequeue(&svcList);
sdp_free_svc(svcRec);
sdp_free_svclist(&svcList);
//hci_get_conn();
#else
fprintf(stderr, "Affix SDP support disabled at compile time!\n");
break;
#endif
__btdev_cache_add(devs[i].bda, devs[i].Class_of_Device, devnames[i]);
if (devnames[i])
free(devnames[i]);
}
btdev_cache_save();
}
close(fd);
return 0;
}
int
drop_privs(const struct hast_resource *res)
{
char jailhost[sizeof(res->hr_name) * 2];
struct jail jailst;
struct passwd *pw;
uid_t ruid, euid, suid;
gid_t rgid, egid, sgid;
gid_t gidset[1];
bool capsicum, jailed;
/*
* According to getpwnam(3) we have to clear errno before calling the
* function to be able to distinguish between an error and missing
* entry (with is not treated as error by getpwnam(3)).
*/
errno = 0;
pw = getpwnam(HAST_USER);
if (pw == NULL) {
if (errno != 0) {
pjdlog_errno(LOG_ERR,
"Unable to find info about '%s' user", HAST_USER);
return (-1);
} else {
pjdlog_error("'%s' user doesn't exist.", HAST_USER);
errno = ENOENT;
return (-1);
}
}
bzero(&jailst, sizeof(jailst));
jailst.version = JAIL_API_VERSION;
jailst.path = pw->pw_dir;
if (res == NULL) {
(void)snprintf(jailhost, sizeof(jailhost), "hastctl");
} else {
(void)snprintf(jailhost, sizeof(jailhost), "hastd: %s (%s)",
res->hr_name, role2str(res->hr_role));
}
jailst.hostname = jailhost;
jailst.jailname = NULL;
jailst.ip4s = 0;
jailst.ip4 = NULL;
jailst.ip6s = 0;
jailst.ip6 = NULL;
if (jail(&jailst) >= 0) {
jailed = true;
} else {
jailed = false;
pjdlog_errno(LOG_WARNING,
"Unable to jail to directory to %s", pw->pw_dir);
if (chroot(pw->pw_dir) == -1) {
pjdlog_errno(LOG_ERR,
"Unable to change root directory to %s",
pw->pw_dir);
return (-1);
}
}
PJDLOG_VERIFY(chdir("/") == 0);
gidset[0] = pw->pw_gid;
if (setgroups(1, gidset) == -1) {
pjdlog_errno(LOG_ERR, "Unable to set groups to gid %u",
(unsigned int)pw->pw_gid);
return (-1);
}
if (setgid(pw->pw_gid) == -1) {
pjdlog_errno(LOG_ERR, "Unable to set gid to %u",
(unsigned int)pw->pw_gid);
return (-1);
}
if (setuid(pw->pw_uid) == -1) {
pjdlog_errno(LOG_ERR, "Unable to set uid to %u",
(unsigned int)pw->pw_uid);
return (-1);
}
#ifdef HAVE_CAPSICUM
capsicum = (cap_enter() == 0);
if (!capsicum) {
pjdlog_common(LOG_DEBUG, 1, errno,
"Unable to sandbox using capsicum");
} else if (res != NULL) {
cap_rights_t rights;
static const unsigned long geomcmds[] = {
DIOCGDELETE,
DIOCGFLUSH
};
PJDLOG_ASSERT(res->hr_role == HAST_ROLE_PRIMARY ||
res->hr_role == HAST_ROLE_SECONDARY);
cap_rights_init(&rights, CAP_FLOCK, CAP_IOCTL, CAP_PREAD,
CAP_PWRITE);
if (cap_rights_limit(res->hr_localfd, &rights) == -1) {
pjdlog_errno(LOG_ERR,
"Unable to limit capability rights on local descriptor");
}
if (cap_ioctls_limit(res->hr_localfd, geomcmds,
sizeof(geomcmds) / sizeof(geomcmds[0])) == -1) {
pjdlog_errno(LOG_ERR,
"Unable to limit allowed GEOM ioctls");
}
if (res->hr_role == HAST_ROLE_PRIMARY) {
static const unsigned long ggatecmds[] = {
G_GATE_CMD_MODIFY,
G_GATE_CMD_START,
G_GATE_CMD_DONE,
G_GATE_CMD_DESTROY
};
cap_rights_init(&rights, CAP_IOCTL);
if (cap_rights_limit(res->hr_ggatefd, &rights) == -1) {
pjdlog_errno(LOG_ERR,
"Unable to limit capability rights to CAP_IOCTL on ggate descriptor");
}
if (cap_ioctls_limit(res->hr_ggatefd, ggatecmds,
sizeof(ggatecmds) / sizeof(ggatecmds[0])) == -1) {
pjdlog_errno(LOG_ERR,
"Unable to limit allowed ggate ioctls");
}
}
}
#else
capsicum = false;
#endif
/*
* Better be sure that everything succeeded.
*/
PJDLOG_VERIFY(getresuid(&ruid, &euid, &suid) == 0);
PJDLOG_VERIFY(ruid == pw->pw_uid);
PJDLOG_VERIFY(euid == pw->pw_uid);
PJDLOG_VERIFY(suid == pw->pw_uid);
PJDLOG_VERIFY(getresgid(&rgid, &egid, &sgid) == 0);
PJDLOG_VERIFY(rgid == pw->pw_gid);
PJDLOG_VERIFY(egid == pw->pw_gid);
PJDLOG_VERIFY(sgid == pw->pw_gid);
PJDLOG_VERIFY(getgroups(0, NULL) == 1);
PJDLOG_VERIFY(getgroups(1, gidset) == 1);
PJDLOG_VERIFY(gidset[0] == pw->pw_gid);
pjdlog_debug(1,
"Privileges successfully dropped using %s%s+setgid+setuid.",
capsicum ? "capsicum+" : "", jailed ? "jail" : "chroot");
return (0);
}
