2 * Sub-authentication Daemon
4 * (c) 2017 Martin Mares <mj@ucw.cz>
13 #include <ucw/trans.h>
17 #include <sys/socket.h>
25 static char *socket_path = "subauthd.socket";
26 static uint max_connections = ~0U;
28 char *database_name = "subauthd.db";
30 char *log_stream_name;
31 static uint max_packet_size = 16384;
32 uint max_comment_size = 100;
34 static struct main_file listen_socket;
35 static uint num_connections;
37 static byte *packet_buffer;
38 static byte oob_data_buffer[MAX_OOB_DATA_SIZE];
40 static int socket_read_handler(struct main_file *fi);
41 static int socket_write_handler(struct main_file *fi);
43 static void client_close(struct client *c)
45 DBG("Closing connection");
50 mp_delete(c->pool); // This includes the connection structure
54 static void socket_timeout_handler(struct main_timer *tm)
56 struct client *c = tm->data;
57 msg(L_INFO, "Client timeout");
61 static void try_send_reply(struct client *c)
68 fbbuf_init_write(&fb, packet_buffer, max_packet_size);
70 json_write(c->json, &fb, c->reply);
71 len = fbbuf_count_written(&fb);
75 msg(L_ERROR, "Unable to construct reply, it is probably too long");
77 fbbuf_init_write(&fb2, packet_buffer, max_packet_size);
78 bputs(&fb2, "{ \"error\": \"Reply too long\" }\n");
79 len = fbbuf_count_written(&fb2);
83 DBG("Sending reply of %d bytes", len);
84 if (send(c->socket.fd, packet_buffer, len, 0) < 0)
86 if (errno == EAGAIN || errno == EINTR)
88 DBG("Postponed send");
89 c->socket.write_handler = socket_write_handler;
92 msg(L_ERROR, "Client write error: %m");
98 c->socket.read_handler = socket_read_handler;
99 c->socket.write_handler = NULL;
100 file_chg(&c->socket);
101 timer_add_rel(&c->timer, SOCKET_TIMEOUT);
105 static void send_reply(struct client *c)
107 timer_add_rel(&c->timer, SOCKET_TIMEOUT);
111 static void received_packet(struct client *c, byte *pkt, int len)
116 fbbuf_init_read(&fb, pkt, len, 0);
118 c->reply = json_new_object(c->json);
122 c->request = json_parse(c->json, &fb);
126 json_object_set(c->reply, "error", json_new_string_ref(c->json, "Parse error"));
136 static int socket_write_handler(struct main_file *fi)
138 struct client *c = fi->data;
143 static int socket_read_handler(struct main_file *fi)
145 struct client *c = fi->data;
148 .iov_base = packet_buffer,
149 .iov_len = max_packet_size,
155 .msg_control = oob_data_buffer,
156 .msg_controllen = MAX_OOB_DATA_SIZE,
159 ssize_t len = recvmsg(fi->fd, &mh, 0);
162 if (errno != EAGAIN && errno != EINTR)
163 msg(L_ERROR, "Socket read: %m");
173 struct ucred *cred = NULL;
174 for (struct cmsghdr *cm = CMSG_FIRSTHDR(&mh); cm; cm = CMSG_NXTHDR(&mh, cm))
176 if (cm->cmsg_level == SOL_SOCKET)
178 if (cm->cmsg_type == SCM_RIGHTS)
180 // We are not interested in receiving file descriptor, but despite
181 // that they could be attached to the message. If it happens, simply
183 int *fdptr = (int *) CMSG_DATA(cm);
184 int nfd = cm->cmsg_len / sizeof(int);
185 for (int i=0; i<nfd; i++)
188 else if (cm->cmsg_type == SCM_CREDENTIALS)
190 ASSERT(cm->cmsg_len >= sizeof(cred));
191 cred = (struct ucred *) CMSG_DATA(cm);
198 msg(L_ERROR, "Dropping message with no credentials");
202 DBG("Got message from UID %d", (int) cred->uid);
205 fi->read_handler = NULL;
208 received_packet(c, packet_buffer, len);
212 static int listen_read_handler(struct main_file *fi)
214 struct sockaddr_un client;
215 socklen_t addr_len = sizeof(client);
217 int new_sk = accept(fi->fd, &client, &addr_len);
220 if (errno != EAGAIN && errno != EINTR)
221 msg(L_ERROR, "Socket accept: %m");
225 if (num_connections >= max_connections)
227 msg(L_WARN, "Too many connections (you might need to increase MaxConnections)");
233 DBG("Accepted connection");
235 if (fcntl(new_sk, F_SETFL, fcntl(new_sk, F_GETFL) | O_NONBLOCK) < 0)
236 die("Cannot set O_NONBLOCK: %m");
238 struct mempool *mp = mp_new(4096);
239 struct client *c = mp_alloc_zero(mp, sizeof(*c));
241 c->json = json_new();
243 c->socket.fd = new_sk;
244 c->socket.read_handler = socket_read_handler;
246 file_add(&c->socket);
248 c->timer.handler = socket_timeout_handler;
250 timer_add_rel(&c->timer, SOCKET_TIMEOUT);
255 static void init_socket(void)
257 packet_buffer = xmalloc(max_packet_size);
259 int sk = socket(PF_UNIX, SOCK_SEQPACKET, 0);
261 die("socket(PF_UNIX, SOCK_SEQPACKET): %m");
263 if (fcntl(sk, F_SETFL, fcntl(sk, F_GETFL) | O_NONBLOCK) < 0)
264 die("Cannot set O_NONBLOCK: %m");
266 struct sockaddr_un sun;
267 sun.sun_family = AF_UNIX;
268 if (strlen(socket_path) >= sizeof(sun.sun_path))
269 die("SocketPath too long");
270 strcpy(sun.sun_path, socket_path);
272 if (unlink(socket_path) < 0 && errno != ENOENT)
273 die("Cannot unlink old socket %s: %m", socket_path);
275 if (bind(sk, (struct sockaddr *) &sun, sizeof(sun)) < 0)
276 die("Cannot bind to %s: %m", socket_path);
278 if (listen(sk, 64) < 0)
282 if (setsockopt(sk, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
283 die("setsockopt(SO_PASSCRED): %m");
285 listen_socket.fd = sk;
286 listen_socket.read_handler = listen_read_handler;
287 file_add(&listen_socket);
289 if (chmod(socket_path, 0666) < 0)
290 die("Cannot chmod socket: %m");
292 msg(L_INFO, "Listening on %s", socket_path);
295 static char *zone_commit(void *z_)
297 struct auth_zone *z = z_;
299 return "A zone must have a name";
303 static struct cf_section zone_config = {
304 CF_TYPE(struct auth_zone),
305 CF_COMMIT(zone_commit),
307 CF_STRING("Name", PTR_TO(struct auth_zone, name)),
308 CF_STRING("Description", PTR_TO(struct auth_zone, desc)),
309 CF_UINT("AutoCreateAcct", PTR_TO(struct auth_zone, auto_create_acct)),
310 CF_UINT("AllowPasswd", PTR_TO(struct auth_zone, allow_passwd)),
311 CF_UINT("AllowTokens", PTR_TO(struct auth_zone, allow_tokens)),
312 CF_UINT("MaxTempValidity", PTR_TO(struct auth_zone, max_temp_validity)),
317 static struct cf_section daemon_config = {
319 CF_STRING("SocketPath", &socket_path),
320 CF_UINT("MaxConnections", &max_connections),
321 CF_UINT("MaxPacketSize", &max_packet_size),
322 CF_UINT("MaxCommentSize", &max_comment_size),
323 CF_LIST("Zone", &zone_list, &zone_config),
324 CF_STRING("Database", &database_name),
325 CF_STRING("TempKeyFile", &temp_key_file),
326 CF_STRING("LogStream", &log_stream_name),
331 static const struct opt_section options = {
333 OPT_HELP("A sub-authentication daemon."),
334 OPT_HELP("Usage: subauthd [options]"),
336 OPT_HELP("Options:"),
343 int main(int argc UNUSED, char **argv)
347 cf_def_file = CONFIG_DIR "/subauthd";
348 cf_declare_section("SubauthD", &daemon_config, 0);
349 opt_parse(&options, argv+1);
352 log_configured(log_stream_name);