varnish-cache/bin/varnishd/mgt/mgt_acceptor.c
1
/*-
2
 * Copyright (c) 2006 Verdens Gang AS
3
 * Copyright (c) 2006-2015 Varnish Software AS
4
 * All rights reserved.
5
 *
6
 * Author: Poul-Henning Kamp <phk@phk.freebsd.dk>
7
 *
8
 * Redistribution and use in source and binary forms, with or without
9
 * modification, are permitted provided that the following conditions
10
 * are met:
11
 * 1. Redistributions of source code must retain the above copyright
12
 *    notice, this list of conditions and the following disclaimer.
13
 * 2. Redistributions in binary form must reproduce the above copyright
14
 *    notice, this list of conditions and the following disclaimer in the
15
 *    documentation and/or other materials provided with the distribution.
16
 *
17
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20
 * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
21
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27
 * SUCH DAMAGE.
28
 *
29
 * Acceptor socket management
30
 */
31
32
#include "config.h"
33
34
#include <sys/types.h>
35
#include <sys/socket.h>
36
#include <sys/un.h>
37
#include <sys/stat.h>
38
#include <errno.h>
39
#include <stdio.h>
40
#include <stdlib.h>
41
#include <string.h>
42
#include <unistd.h>
43
#include <pwd.h>
44
#include <grp.h>
45
46
#include "mgt/mgt.h"
47
#include "common/heritage.h"
48
49
#include "vav.h"
50
#include "vcli_serve.h"
51
#include "vsa.h"
52
#include "vss.h"
53
#include "vtcp.h"
54
#include "vus.h"
55
56
struct listen_arg {
57
        unsigned                        magic;
58
#define LISTEN_ARG_MAGIC                0xbb2fc333
59
        VTAILQ_ENTRY(listen_arg)        list;
60
        const char                      *endpoint;
61
        const char                      *name;
62
        VTAILQ_HEAD(,listen_sock)       socks;
63
        const struct transport          *transport;
64
        const struct uds_perms          *perms;
65
};
66
67
struct uds_perms {
68
        unsigned        magic;
69
#define UDS_PERMS_MAGIC 0x84fb5635
70
        mode_t          mode;
71
        uid_t           uid;
72
        gid_t           gid;
73
};
74
75
static VTAILQ_HEAD(,listen_arg) listen_args =
76
    VTAILQ_HEAD_INITIALIZER(listen_args);
77
78
static int
79 1450
mac_opensocket(struct listen_sock *ls)
80
{
81
        int fail;
82
        struct sockaddr_un uds;
83
84 1450
        CHECK_OBJ_NOTNULL(ls, LISTEN_SOCK_MAGIC);
85 1450
        if (ls->sock > 0) {
86 705
                MCH_Fd_Inherit(ls->sock, NULL);
87 705
                closefd(&ls->sock);
88
        }
89 1450
        if (!ls->uds)
90 1407
                ls->sock = VTCP_bind(ls->addr, NULL);
91
        else {
92 43
                uds.sun_family = PF_UNIX;
93 43
                bprintf(uds.sun_path, "%s", ls->endpoint);
94 43
                ls->sock = VUS_bind(&uds, NULL);
95
        }
96 1450
        fail = errno;
97 1450
        if (ls->sock < 0) {
98 1
                AN(fail);
99 1
                return (fail);
100
        }
101 1449
        if (ls->perms != NULL) {
102 4
                CHECK_OBJ(ls->perms, UDS_PERMS_MAGIC);
103 4
                assert(ls->uds);
104 4
                errno = 0;
105 8
                if (ls->perms->mode != 0 &&
106 4
                    chmod(ls->endpoint, ls->perms->mode) != 0)
107 0
                        return errno;
108 4
                if (chown(ls->endpoint, ls->perms->uid, ls->perms->gid) != 0)
109 0
                        return errno;
110
        }
111 1449
        MCH_Fd_Inherit(ls->sock, "sock");
112 1449
        return (0);
113
}
114
115
/*=====================================================================
116
 * Reopen the accept sockets to get rid of listen status.
117
 * returns the highest errno encountered, 0 for success
118
 */
119
120
int
121 703
MAC_reopen_sockets(void)
122
{
123
        struct listen_sock *ls;
124 703
        int err, fail = 0;
125
126 1408
        VTAILQ_FOREACH(ls, &heritage.socks, list) {
127 705
                VJ_master(JAIL_MASTER_PRIVPORT);
128 705
                err = mac_opensocket(ls);
129 705
                VJ_master(JAIL_MASTER_LOW);
130 705
                if (err == 0)
131 705
                        continue;
132 0
                if (err > fail)
133 0
                        fail = err;
134 0
                MGT_Complain(C_ERR,
135
                    "Could not reopen listen socket %s: %s",
136
                    ls->endpoint, strerror(err));
137
        }
138 703
        return fail;
139
}
140
141
/*--------------------------------------------------------------------*/
142
143
static struct listen_sock *
144 745
mk_listen_sock(const struct listen_arg *la, const struct suckaddr *sa)
145
{
146
        struct listen_sock *ls;
147
        int fail;
148
149 745
        ALLOC_OBJ(ls, LISTEN_SOCK_MAGIC);
150 745
        AN(ls);
151 745
        ls->sock = -1;
152 745
        ls->addr = VSA_Clone(sa);
153 745
        AN(ls->addr);
154 745
        ls->endpoint = strdup(la->endpoint);
155 745
        AN(ls->endpoint);
156 745
        ls->name = la->name;
157 745
        ls->transport = la->transport;
158 745
        ls->perms = la->perms;
159 745
        if (*la->endpoint == '/')
160 22
                ls->uds = 1;
161 745
        VJ_master(JAIL_MASTER_PRIVPORT);
162 745
        fail = mac_opensocket(ls);
163 745
        VJ_master(JAIL_MASTER_LOW);
164 745
        if (fail) {
165 1
                free(ls->addr);
166 1
                free(ls->endpoint);
167 1
                FREE_OBJ(ls);
168 1
                if (fail != EAFNOSUPPORT)
169 1
                        ARGV_ERR("Could not get socket %s: %s\n",
170
                            la->endpoint, strerror(fail));
171 0
                return(NULL);
172
        }
173 744
        return(ls);
174
}
175
176
static int v_matchproto_(vss_resolved_f)
177 724
mac_tcp(void *priv, const struct suckaddr *sa)
178
{
179
        struct listen_arg *la;
180
        struct listen_sock *ls;
181
        char abuf[VTCP_ADDRBUFSIZE], pbuf[VTCP_PORTBUFSIZE];
182
        char nbuf[VTCP_ADDRBUFSIZE+VTCP_PORTBUFSIZE+2];
183
184 724
        CAST_OBJ_NOTNULL(la, priv, LISTEN_ARG_MAGIC);
185
186 740
        VTAILQ_FOREACH(ls, &heritage.socks, list) {
187 17
                if (!ls->uds && !VSA_Compare(sa, ls->addr))
188 1
                        ARGV_ERR("-a arguments %s and %s have same address\n",
189
                            ls->endpoint, la->endpoint);
190
        }
191 723
        ls = mk_listen_sock(la, sa);
192 722
        if (ls == NULL)
193 0
                return(0);
194 722
        AZ(ls->uds);
195 722
        if (VSA_Port(ls->addr) == 0) {
196
                /*
197
                 * If the argv port number is zero, we adopt whatever
198
                 * port number this VTCP_bind() found us, as if
199
                 * it was specified by the argv.
200
                 */
201 721
                free(ls->addr);
202 721
                ls->addr = VTCP_my_suckaddr(ls->sock);
203 721
                VTCP_myname(ls->sock, abuf, sizeof abuf,
204
                    pbuf, sizeof pbuf);
205 721
                bprintf(nbuf, "%s:%s", abuf, pbuf);
206 721
                REPLACE(ls->endpoint, nbuf);
207
        }
208 722
        VTAILQ_INSERT_TAIL(&la->socks, ls, arglist);
209 722
        VTAILQ_INSERT_TAIL(&heritage.socks, ls, list);
210 722
        return (0);
211
}
212
213
static int v_matchproto_(vus_resolved_f)
214 23
mac_uds(void *priv, const struct sockaddr_un *uds)
215
{
216
        struct listen_arg *la;
217
        struct listen_sock *ls;
218
219 23
        CAST_OBJ_NOTNULL(la, priv, LISTEN_ARG_MAGIC);
220
221 24
        VTAILQ_FOREACH(ls, &heritage.socks, list) {
222 2
                if (ls->uds && strcmp(uds->sun_path, ls->endpoint) == 0)
223 1
                        ARGV_ERR("-a arguments %s and %s have same address\n",
224
                            ls->endpoint, la->endpoint);
225
        }
226 22
        ls = mk_listen_sock(la, bogo_ip);
227 22
        if (ls == NULL)
228 0
                return(0);
229 22
        AN(ls->uds);
230 22
        VTAILQ_INSERT_TAIL(&la->socks, ls, arglist);
231 22
        VTAILQ_INSERT_TAIL(&heritage.socks, ls, list);
232 22
        return (0);
233
}
234
235
void
236 755
MAC_Arg(const char *spec)
237
{
238
        char **av;
239
        struct listen_arg *la;
240
        const char *err;
241
        int error;
242 755
        const struct transport *xp = NULL;
243
        const char *name;
244
        char name_buf[8];
245
        static unsigned seq = 0;
246 755
        struct passwd *pwd = NULL;
247 755
        struct group *grp = NULL;
248 755
        mode_t mode = 0;
249
        struct uds_perms *perms;
250
251 755
        av = MGT_NamedArg(spec, &name, "-a");
252 755
        AN(av);
253
254 755
        ALLOC_OBJ(la, LISTEN_ARG_MAGIC);
255 755
        AN(la);
256 755
        VTAILQ_INIT(&la->socks);
257 755
        VTAILQ_INSERT_TAIL(&listen_args, la, list);
258 755
        la->endpoint = av[1];
259
260 755
        if (name == NULL) {
261 750
                bprintf(name_buf, "a%u", seq++);
262 750
                name = strdup(name_buf);
263 750
                AN(name);
264
        }
265 755
        la->name = name;
266
267 755
        if (*la->endpoint != '/' && strchr(la->endpoint, '/') != NULL)
268 1
                ARGV_ERR("Unix domain socket addresses must be"
269
                    " absolute paths in -a (%s)\n", la->endpoint);
270
271 754
        if (*la->endpoint == '/' && heritage.min_vcl < 41)
272 38
                heritage.min_vcl = 41;
273
274 771
        for (int i = 2; av[i] != NULL; i++) {
275
                char *eq, *val;
276
                int len;
277
278 39
                if ((eq = strchr(av[i], '=')) == NULL) {
279 16
                        if (xp != NULL)
280 2
                                ARGV_ERR("Too many protocol sub-args"
281
                                    " in -a (%s)\n", av[i]);
282 14
                        xp = XPORT_Find(av[i]);
283 14
                        if (xp == NULL)
284 2
                                ARGV_ERR("Unknown protocol '%s'\n", av[i]);
285 12
                        continue;
286
                }
287 23
                if (la->endpoint[0] != '/')
288 3
                        ARGV_ERR("Invalid sub-arg %s for IP addresses"
289
                            " in -a\n", av[i]);
290
291 20
                val = eq + 1;
292 20
                len = eq - av[i];
293 20
                assert(len >= 0);
294 20
                if (len == 0)
295 1
                        ARGV_ERR("Invalid sub-arg %s in -a\n", av[i]);
296
297 19
                if (strncmp(av[i], "user", len) == 0) {
298 1
                        if (pwd != NULL)
299 0
                                ARGV_ERR("Too many user sub-args in -a (%s)\n",
300
                                         av[i]);
301 1
                        pwd = getpwnam(val);
302 1
                        if (pwd == NULL)
303 0
                                ARGV_ERR("Unknown user %s in -a\n", val);
304 1
                        continue;
305
                }
306
307 18
                if (strncmp(av[i], "group", len) == 0) {
308 1
                        if (grp != NULL)
309 0
                                ARGV_ERR("Too many group sub-args in -a (%s)\n",
310
                                         av[i]);
311 1
                        grp = getgrnam(val);
312 1
                        if (grp == NULL)
313 0
                                ARGV_ERR("Unknown group %s in -a\n", val);
314 1
                        continue;
315
                }
316
317 17
                if (strncmp(av[i], "mode", len) == 0) {
318
                        long m;
319
                        char *p;
320
321 13
                        if (mode != 0)
322 1
                                ARGV_ERR("Too many mode sub-args in -a (%s)\n",
323
                                         av[i]);
324 12
                        if (*val == '\0')
325 1
                                ARGV_ERR("Empty mode sub-arg in -a\n");
326 11
                        errno = 0;
327 11
                        m = strtol(val, &p, 8);
328 11
                        if (*p != '\0')
329 3
                                ARGV_ERR("Invalid mode sub-arg %s in -a\n",
330
                                         val);
331 8
                        if (errno)
332 2
                                ARGV_ERR("Cannot parse mode sub-arg %s in -a: "
333
                                         "%s\n", val, strerror(errno));
334 6
                        if (m <= 0 || m > 0777)
335 3
                                ARGV_ERR("Mode sub-arg %s out of range in -a\n",
336
                                         val);
337 3
                        mode = (mode_t) m;
338 3
                        continue;
339
                }
340
341 4
                ARGV_ERR("Invalid sub-arg %s in -a\n", av[i]);
342
        }
343
344 732
        if (xp == NULL)
345 722
                xp = XPORT_Find("http");
346 732
        AN(xp);
347 732
        la->transport = xp;
348
349 732
        if (pwd != NULL || grp != NULL || mode != 0) {
350 2
                ALLOC_OBJ(perms, UDS_PERMS_MAGIC);
351 2
                AN(perms);
352 2
                if (pwd != NULL)
353 1
                        perms->uid = pwd->pw_uid;
354
                else
355 1
                        perms->uid = (uid_t) -1;
356 2
                if (grp != NULL)
357 1
                        perms->gid = grp->gr_gid;
358
                else
359 1
                        perms->gid = (gid_t) -1;
360 2
                perms->mode = mode;
361 2
                la->perms = perms;
362
        }
363
        else
364 730
                AZ(la->perms);
365
366 732
        if (*la->endpoint != '/')
367 708
                error = VSS_resolver(av[1], "80", mac_tcp, la, &err);
368
        else
369 24
                error = VUS_resolver(av[1], mac_uds, la, &err);
370
371 729
        if (VTAILQ_EMPTY(&la->socks) || error)
372 1
                ARGV_ERR("Got no socket(s) for %s\n", av[1]);
373 728
        VAV_Free(av);
374 728
}