1/* $OpenBSD: ypldap.c,v 1.16 2015/11/02 10:06:06 jmatthew Exp $ */ 2 3/* 4 * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19#include <sys/types.h> 20#include <sys/param.h> 21#include <sys/queue.h> 22#include <sys/socket.h> 23#include <sys/signal.h> 24#include <sys/tree.h> 25#include <sys/wait.h> 26 27#include <netinet/in.h> 28#include <arpa/inet.h> 29 30#include <err.h> 31#include <errno.h> 32#include <event.h> 33#include <unistd.h> 34#include <pwd.h> 35#include <stdio.h> 36#include <stdlib.h> 37#include <string.h> 38#include <limits.h> 39 40#include "ypldap.h" 41 42enum ypldap_process_type ypldap_process; 43 44__dead2 void usage(void); 45int check_child(pid_t, const char *); 46void main_sig_handler(int, short, void *); 47void main_shutdown(void); 48void main_dispatch_client(int, short, void *); 49void main_configure_client(struct env *); 50void main_init_timer(int, short, void *); 51void main_start_update(struct env *); 52void main_trash_update(struct env *); 53void main_end_update(struct env *); 54int main_create_user_groups(struct env *); 55void purge_config(struct env *); 56void reconfigure(struct env *); 57 58int pipe_main2client[2]; 59 60pid_t client_pid = 0; 61char *conffile = YPLDAP_CONF_FILE; 62int opts = 0; 63 64void 65usage(void) 66{ 67 extern const char *__progname; 68 69 fprintf(stderr, "usage: %s [-dnv] [-D macro=value] [-f file]\n", 70 __progname); 71 exit(1); 72} 73 74int 75check_child(pid_t pid, const char *pname) 76{ 77 int status; 78 79 if (waitpid(pid, &status, WNOHANG) > 0) { 80 if (WIFEXITED(status)) { 81 log_warnx("check_child: lost child %s exited", pname); 82 return (1); 83 } 84 if (WIFSIGNALED(status)) { 85 log_warnx("check_child: lost child %s terminated; " 86 "signal %d", pname, WTERMSIG(status)); 87 return (1); 88 } 89 } 90 return (0); 91} 92 93/* ARGUSED */ 94void 95main_sig_handler(int sig, short event, void *p) 96{ 97 int die = 0; 98 99 switch (sig) { 100 case SIGTERM: 101 case SIGINT: 102 die = 1; 103 /* FALLTHROUGH */ 104 case SIGCHLD: 105 if (check_child(client_pid, "ldap client")) { 106 client_pid = 0; 107 die = 1; 108 } 109 if (die) 110 main_shutdown(); 111 break; 112 case SIGHUP: 113 /* reconfigure */ 114 break; 115 default: 116 fatalx("unexpected signal"); 117 } 118} 119 120void 121main_shutdown(void) 122{ 123 _exit(0); 124} 125 126void 127main_start_update(struct env *env) 128{ 129 env->update_trashed = 0; 130 131 log_debug("starting directory update"); 132 env->sc_user_line_len = 0; 133 env->sc_group_line_len = 0; 134 if ((env->sc_user_names_t = calloc(1, 135 sizeof(*env->sc_user_names_t))) == NULL || 136 (env->sc_group_names_t = calloc(1, 137 sizeof(*env->sc_group_names_t))) == NULL) 138 fatal(NULL); 139 RB_INIT(env->sc_user_names_t); 140 RB_INIT(env->sc_group_names_t); 141} 142 143/* 144 * XXX: Currently this function should only be called when updating is 145 * finished. A notification should be sent to ldapclient that it should stop 146 * sending new pwd/grp entries before it can be called from different places. 147 */ 148void 149main_trash_update(struct env *env) 150{ 151 struct userent *ue; 152 struct groupent *ge; 153 154 env->update_trashed = 1; 155 156 while ((ue = RB_ROOT(env->sc_user_names_t)) != NULL) { 157 RB_REMOVE(user_name_tree, 158 env->sc_user_names_t, ue); 159 free(ue->ue_line); 160 free(ue->ue_netid_line); 161 free(ue); 162 } 163 free(env->sc_user_names_t); 164 env->sc_user_names_t = NULL; 165 while ((ge = RB_ROOT(env->sc_group_names_t)) 166 != NULL) { 167 RB_REMOVE(group_name_tree, 168 env->sc_group_names_t, ge); 169 free(ge->ge_line); 170 free(ge); 171 } 172 free(env->sc_group_names_t); 173 env->sc_group_names_t = NULL; 174} 175 176int 177main_create_user_groups(struct env *env) 178{ 179 struct userent *ue; 180 struct userent ukey; 181 struct groupent *ge; 182 gid_t pw_gid; 183 char *bp, *cp; 184 char *p; 185 const char *errstr = NULL; 186 size_t len; 187 188 RB_FOREACH(ue, user_name_tree, env->sc_user_names_t) { 189 bp = cp = ue->ue_line; 190 191 /* name */ 192 bp += strlen(bp) + 1; 193 194 /* password */ 195 bp += strcspn(bp, ":") + 1; 196 197 /* uid */ 198 bp += strcspn(bp, ":") + 1; 199 200 /* gid */ 201 bp[strcspn(bp, ":")] = '\0'; 202 203 pw_gid = (gid_t)strtonum(bp, 0, GID_MAX, &errstr); 204 if (errstr) { 205 log_warnx("main: failed to parse gid for uid: %d\n", ue->ue_uid); 206 return (-1); 207 } 208 209 /* bring gid column back to its proper state */ 210 bp[strlen(bp)] = ':'; 211 212 if ((ue->ue_netid_line = calloc(1, LINE_WIDTH)) == NULL) { 213 return (-1); 214 } 215 216 if (snprintf(ue->ue_netid_line, LINE_WIDTH-1, "%d:%d", ue->ue_uid, pw_gid) >= LINE_WIDTH) { 217 218 return (-1); 219 } 220 221 ue->ue_gid = pw_gid; 222 } 223 224 RB_FOREACH(ge, group_name_tree, env->sc_group_names_t) { 225 bp = cp = ge->ge_line; 226 227 /* name */ 228 bp += strlen(bp) + 1; 229 230 /* password */ 231 bp += strcspn(bp, ":") + 1; 232 233 /* gid */ 234 bp += strcspn(bp, ":") + 1; 235 236 cp = bp; 237 if (*bp == '\0') 238 continue; 239 bp = cp; 240 for (;;) { 241 if (!(cp = strsep(&bp, ","))) 242 break; 243 ukey.ue_line = cp; 244 if ((ue = RB_FIND(user_name_tree, env->sc_user_names_t, 245 &ukey)) == NULL) { 246 /* User not found */ 247 log_warnx("main: unknown user %s in group %s\n", 248 ukey.ue_line, ge->ge_line); 249 if (bp != NULL) 250 *(bp-1) = ','; 251 continue; 252 } 253 if (bp != NULL) 254 *(bp-1) = ','; 255 256 /* Make sure the new group doesn't equal to the main gid */ 257 if (ge->ge_gid == ue->ue_gid) 258 continue; 259 260 len = strlen(ue->ue_netid_line); 261 p = ue->ue_netid_line + len; 262 263 if ((snprintf(p, LINE_WIDTH-len-1, ",%d", 264 ge->ge_gid)) >= (int)(LINE_WIDTH-len)) { 265 return (-1); 266 } 267 } 268 } 269 270 return (0); 271} 272 273void 274main_end_update(struct env *env) 275{ 276 struct userent *ue; 277 struct groupent *ge; 278 279 if (env->update_trashed) 280 return; 281 282 log_debug("updates are over, cleaning up trees now"); 283 284 if (main_create_user_groups(env) == -1) { 285 main_trash_update(env); 286 return; 287 } 288 289 if (env->sc_user_names == NULL) { 290 env->sc_user_names = env->sc_user_names_t; 291 env->sc_user_lines = NULL; 292 env->sc_user_names_t = NULL; 293 294 env->sc_group_names = env->sc_group_names_t; 295 env->sc_group_lines = NULL; 296 env->sc_group_names_t = NULL; 297 298 flatten_entries(env); 299 goto make_uids; 300 } 301 302 /* 303 * clean previous tree. 304 */ 305 while ((ue = RB_ROOT(env->sc_user_names)) != NULL) { 306 RB_REMOVE(user_name_tree, env->sc_user_names, 307 ue); 308 free(ue->ue_netid_line); 309 free(ue); 310 } 311 free(env->sc_user_names); 312 free(env->sc_user_lines); 313 314 env->sc_user_names = env->sc_user_names_t; 315 env->sc_user_lines = NULL; 316 env->sc_user_names_t = NULL; 317 318 while ((ge = RB_ROOT(env->sc_group_names)) != NULL) { 319 RB_REMOVE(group_name_tree, 320 env->sc_group_names, ge); 321 free(ge); 322 } 323 free(env->sc_group_names); 324 free(env->sc_group_lines); 325 326 env->sc_group_names = env->sc_group_names_t; 327 env->sc_group_lines = NULL; 328 env->sc_group_names_t = NULL; 329 330 331 flatten_entries(env); 332 333 /* 334 * trees are flat now. build up uid, gid and netid trees. 335 */ 336 337make_uids: 338 RB_INIT(&env->sc_user_uids); 339 RB_INIT(&env->sc_group_gids); 340 RB_FOREACH(ue, user_name_tree, env->sc_user_names) 341 RB_INSERT(user_uid_tree, 342 &env->sc_user_uids, ue); 343 RB_FOREACH(ge, group_name_tree, env->sc_group_names) 344 RB_INSERT(group_gid_tree, 345 &env->sc_group_gids, ge); 346 347} 348 349void 350main_dispatch_client(int fd, short events, void *p) 351{ 352 int n; 353 int shut = 0; 354 struct env *env = p; 355 struct imsgev *iev = env->sc_iev; 356 struct imsgbuf *ibuf = &iev->ibuf; 357 struct idm_req ir; 358 struct imsg imsg; 359 360 if ((events & (EV_READ | EV_WRITE)) == 0) 361 fatalx("unknown event"); 362 363 if (events & EV_READ) { 364 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN) 365 fatal("imsg_read error"); 366 if (n == 0) 367 shut = 1; 368 } 369 if (events & EV_WRITE) { 370 if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN) 371 fatal("msgbuf_write"); 372 if (n == 0) 373 shut = 1; 374 goto done; 375 } 376 377 for (;;) { 378 if ((n = imsg_get(ibuf, &imsg)) == -1) 379 fatal("main_dispatch_client: imsg_get error"); 380 if (n == 0) 381 break; 382 383 switch (imsg.hdr.type) { 384 case IMSG_START_UPDATE: 385 main_start_update(env); 386 break; 387 case IMSG_PW_ENTRY: { 388 struct userent *ue; 389 size_t len; 390 391 if (env->update_trashed) 392 break; 393 394 (void)memcpy(&ir, imsg.data, sizeof(ir)); 395 if ((ue = calloc(1, sizeof(*ue))) == NULL || 396 (ue->ue_line = strdup(ir.ir_line)) == NULL) { 397 /* 398 * should cancel tree update instead. 399 */ 400 fatal("out of memory"); 401 } 402 ue->ue_uid = ir.ir_key.ik_uid; 403 len = strlen(ue->ue_line) + 1; 404 ue->ue_line[strcspn(ue->ue_line, ":")] = '\0'; 405 if (RB_INSERT(user_name_tree, env->sc_user_names_t, 406 ue) != NULL) { /* dup */ 407 free(ue->ue_line); 408 free(ue); 409 } else 410 env->sc_user_line_len += len; 411 break; 412 } 413 case IMSG_GRP_ENTRY: { 414 struct groupent *ge; 415 size_t len; 416 417 if (env->update_trashed) 418 break; 419 420 (void)memcpy(&ir, imsg.data, sizeof(ir)); 421 if ((ge = calloc(1, sizeof(*ge))) == NULL || 422 (ge->ge_line = strdup(ir.ir_line)) == NULL) { 423 /* 424 * should cancel tree update instead. 425 */ 426 fatal("out of memory"); 427 } 428 ge->ge_gid = ir.ir_key.ik_gid; 429 len = strlen(ge->ge_line) + 1; 430 ge->ge_line[strcspn(ge->ge_line, ":")] = '\0'; 431 if (RB_INSERT(group_name_tree, env->sc_group_names_t, 432 ge) != NULL) { /* dup */ 433 free(ge->ge_line); 434 free(ge); 435 } else 436 env->sc_group_line_len += len; 437 break; 438 } 439 case IMSG_TRASH_UPDATE: 440 main_trash_update(env); 441 break; 442 case IMSG_END_UPDATE: { 443 main_end_update(env); 444 break; 445 } 446 default: 447 log_debug("main_dispatch_client: unexpected imsg %d", 448 imsg.hdr.type); 449 break; 450 } 451 imsg_free(&imsg); 452 } 453 454done: 455 if (!shut) 456 imsg_event_add(iev); 457 else { 458 log_debug("king bula sez: ran into dead pipe"); 459 event_del(&iev->ev); 460 event_loopexit(NULL); 461 } 462} 463 464void 465main_configure_client(struct env *env) 466{ 467 struct idm *idm; 468 struct imsgev *iev = env->sc_iev; 469 470 imsg_compose_event(iev, IMSG_CONF_START, 0, 0, -1, env, sizeof(*env)); 471 TAILQ_FOREACH(idm, &env->sc_idms, idm_entry) { 472 imsg_compose_event(iev, IMSG_CONF_IDM, 0, 0, -1, 473 idm, sizeof(*idm)); 474 } 475 imsg_compose_event(iev, IMSG_CONF_END, 0, 0, -1, NULL, 0); 476} 477 478void 479main_init_timer(int fd, short event, void *p) 480{ 481 struct env *env = p; 482 483 main_configure_client(env); 484} 485 486void 487purge_config(struct env *env) 488{ 489 struct idm *idm; 490 491 while ((idm = TAILQ_FIRST(&env->sc_idms)) != NULL) { 492 TAILQ_REMOVE(&env->sc_idms, idm, idm_entry); 493 free(idm); 494 } 495} 496 497int 498main(int argc, char *argv[]) 499{ 500 int c; 501 int debug; 502 struct passwd *pw; 503 struct env env; 504 struct event ev_sigint; 505 struct event ev_sigterm; 506 struct event ev_sigchld; 507 struct event ev_sighup; 508 struct event ev_timer; 509 struct timeval tv; 510 511 debug = 0; 512 ypldap_process = PROC_MAIN; 513 514 log_init(1); 515 516 while ((c = getopt(argc, argv, "dD:nf:v")) != -1) { 517 switch (c) { 518 case 'd': 519 debug = 2; 520 break; 521 case 'D': 522 if (cmdline_symset(optarg) < 0) 523 log_warnx("could not parse macro definition %s", 524 optarg); 525 break; 526 case 'n': 527 debug = 2; 528 opts |= YPLDAP_OPT_NOACTION; 529 break; 530 case 'f': 531 conffile = optarg; 532 break; 533 case 'v': 534 opts |= YPLDAP_OPT_VERBOSE; 535 break; 536 default: 537 usage(); 538 } 539 } 540 541 argc -= optind; 542 argv += optind; 543 544 if (argc) 545 usage(); 546 547 RB_INIT(&env.sc_user_uids); 548 RB_INIT(&env.sc_group_gids); 549 550 if (parse_config(&env, conffile, opts)) 551 exit(1); 552 if (opts & YPLDAP_OPT_NOACTION) { 553 fprintf(stderr, "configuration OK\n"); 554 exit(0); 555 } 556 557 if (geteuid()) 558 errx(1, "need root privileges"); 559 560 log_init(debug); 561 562 if (!debug) { 563 if (daemon(1, 0) == -1) 564 err(1, "failed to daemonize"); 565 } 566 567 log_info("startup%s", (debug > 1)?" [debug mode]":""); 568 569 if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, PF_UNSPEC, 570 pipe_main2client) == -1) 571 fatal("socketpair"); 572 573 client_pid = ldapclient(pipe_main2client); 574 575 setproctitle("parent"); 576 event_init(); 577 578 signal_set(&ev_sigint, SIGINT, main_sig_handler, &env); 579 signal_set(&ev_sigterm, SIGTERM, main_sig_handler, &env); 580 signal_set(&ev_sighup, SIGHUP, main_sig_handler, &env); 581 signal_set(&ev_sigchld, SIGCHLD, main_sig_handler, &env); 582 signal_add(&ev_sigint, NULL); 583 signal_add(&ev_sigterm, NULL); 584 signal_add(&ev_sighup, NULL); 585 signal_add(&ev_sigchld, NULL); 586 587 close(pipe_main2client[1]); 588 if ((env.sc_iev = calloc(1, sizeof(*env.sc_iev))) == NULL) 589 fatal(NULL); 590 imsg_init(&env.sc_iev->ibuf, pipe_main2client[0]); 591 env.sc_iev->handler = main_dispatch_client; 592 593 env.sc_iev->events = EV_READ; 594 env.sc_iev->data = &env; 595 event_set(&env.sc_iev->ev, env.sc_iev->ibuf.fd, env.sc_iev->events, 596 env.sc_iev->handler, &env); 597 event_add(&env.sc_iev->ev, NULL); 598 599 yp_init(&env); 600 601 if ((pw = getpwnam(YPLDAP_USER)) == NULL) 602 fatal("getpwnam"); 603 604#ifndef DEBUG 605 if (setgroups(1, &pw->pw_gid) || 606 setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || 607 setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) 608 fatal("cannot drop privileges"); 609#else 610#warning disabling privilege revocation in debug mode 611#endif 612 613 memset(&tv, 0, sizeof(tv)); 614 evtimer_set(&ev_timer, main_init_timer, &env); 615 evtimer_add(&ev_timer, &tv); 616 617 yp_enable_events(); 618 event_dispatch(); 619 main_shutdown(); 620 621 return (0); 622} 623 624void 625imsg_event_add(struct imsgev *iev) 626{ 627 if (iev->handler == NULL) { 628 imsg_flush(&iev->ibuf); 629 return; 630 } 631 632 iev->events = EV_READ; 633 if (iev->ibuf.w.queued) 634 iev->events |= EV_WRITE; 635 636 event_del(&iev->ev); 637 event_set(&iev->ev, iev->ibuf.fd, iev->events, iev->handler, iev->data); 638 event_add(&iev->ev, NULL); 639} 640 641int 642imsg_compose_event(struct imsgev *iev, u_int16_t type, u_int32_t peerid, 643 pid_t pid, int fd, void *data, u_int16_t datalen) 644{ 645 int ret; 646 647 if ((ret = imsg_compose(&iev->ibuf, type, peerid, 648 pid, fd, data, datalen)) != -1) 649 imsg_event_add(iev); 650 return (ret); 651} 652