2 * Sub-authentication Daemon
4 * (c) 2017 Martin Mares <mj@ucw.cz>
11 #include <ucw/trans.h>
15 #include <sys/socket.h>
21 static char *socket_path = "subauthd.socket";
22 static uint max_connections = ~0U;
24 static struct main_file listen_socket;
25 static uint num_connections;
27 static byte packet_buffer[MAX_PACKET_SIZE];
28 static byte oob_data_buffer[MAX_OOB_DATA_SIZE];
30 static int socket_read_handler(struct main_file *fi);
31 static int socket_write_handler(struct main_file *fi);
33 static void client_close(struct client *c)
35 msg(L_INFO, "Closing connection");
44 static void socket_timeout_handler(struct main_timer *tm)
46 struct client *c = tm->data;
47 msg(L_INFO, "Client timeout");
51 static void try_send_reply(struct client *c)
54 fbbuf_init_write(&fb, packet_buffer, MAX_PACKET_SIZE);
58 json_write(c->json, &fb, c->reply);
62 msg(L_ERROR, "Unable to construct reply, it is probably too long");
63 fbbuf_init_write(&fb, packet_buffer, MAX_PACKET_SIZE);
64 bputs(&fb, "{ \"error\": \"Reply too long\" }\n");
68 int len = fbbuf_count_written(&fb);
69 msg(L_INFO, "Sending reply of %d bytes", len);
70 if (send(c->socket.fd, packet_buffer, len, 0) < 0)
72 if (errno == EAGAIN || errno == EINTR)
74 msg(L_INFO, "Postponed send");
75 c->socket.write_handler = socket_write_handler;
78 msg(L_ERROR, "Client write error: %m");
83 msg(L_INFO, "Reply sent");
84 c->socket.read_handler = socket_read_handler;
85 c->socket.write_handler = NULL;
87 timer_add_rel(&c->timer, SOCKET_TIMEOUT);
91 static void send_reply(struct client *c)
93 timer_add_rel(&c->timer, SOCKET_TIMEOUT);
97 static void received_packet(struct client *c, byte *pkt, int len)
102 fbbuf_init_read(&fb, pkt, len, 0);
104 c->reply = json_new_object(c->json);
108 c->request = json_parse(c->json, &fb);
112 cmd_error(c, "Parse error");
122 static int socket_write_handler(struct main_file *fi)
124 struct client *c = fi->data;
129 static int socket_read_handler(struct main_file *fi)
131 struct client *c = fi->data;
134 .iov_base = packet_buffer,
135 .iov_len = MAX_PACKET_SIZE,
141 .msg_control = oob_data_buffer,
142 .msg_controllen = MAX_OOB_DATA_SIZE,
145 ssize_t len = recvmsg(fi->fd, &mh, 0);
148 if (errno != EAGAIN && errno != EINTR)
149 msg(L_ERROR, "Socket read: %m");
159 struct ucred *cred = NULL;
160 for (struct cmsghdr *cm = CMSG_FIRSTHDR(&mh); cm; cm = CMSG_NXTHDR(&mh, cm))
162 if (cm->cmsg_level == SOL_SOCKET)
164 if (cm->cmsg_type == SCM_RIGHTS)
166 // We are not interested in receiving file descriptor, but despite
167 // that they could be attached to the message. If it happens, simply
169 int *fdptr = (int *) CMSG_DATA(cm);
170 int nfd = cm->cmsg_len / sizeof(int);
171 for (int i=0; i<nfd; i++)
174 else if (cm->cmsg_type == SCM_CREDENTIALS)
176 ASSERT(cm->cmsg_len >= sizeof(cred));
177 cred = (struct ucred *) CMSG_DATA(cm);
184 msg(L_ERROR, "Dropping message with no credentials");
188 msg(L_INFO, "Got message from UID %d", (int) cred->uid);
191 fi->read_handler = NULL;
194 received_packet(c, packet_buffer, len);
198 static int listen_read_handler(struct main_file *fi)
200 struct sockaddr_un client;
201 socklen_t addr_len = sizeof(client);
203 int new_sk = accept(fi->fd, &client, &addr_len);
206 if (errno != EAGAIN && errno != EINTR)
207 msg(L_ERROR, "Socket accept: %m");
211 if (num_connections >= max_connections)
213 msg(L_WARN, "Too many connections (you might need to increase MaxConnections)");
219 msg(L_INFO, "Accepted connection");
221 if (fcntl(new_sk, F_SETFL, fcntl(new_sk, F_GETFL) | O_NONBLOCK) < 0)
222 die("Cannot set O_NONBLOCK: %m");
224 struct client *c = xmalloc_zero(sizeof(*c));
225 c->json = json_new();
227 c->socket.fd = new_sk;
228 c->socket.read_handler = socket_read_handler;
230 file_add(&c->socket);
232 c->timer.handler = socket_timeout_handler;
234 timer_add_rel(&c->timer, SOCKET_TIMEOUT);
239 static void init_socket(void)
241 int sk = socket(PF_UNIX, SOCK_SEQPACKET, 0);
243 die("socket(PF_UNIX, SOCK_SEQPACKET): %m");
245 if (fcntl(sk, F_SETFL, fcntl(sk, F_GETFL) | O_NONBLOCK) < 0)
246 die("Cannot set O_NONBLOCK: %m");
248 struct sockaddr_un sun;
249 sun.sun_family = AF_UNIX;
250 if (strlen(socket_path) >= sizeof(sun.sun_path))
251 die("SocketPath too long");
252 strcpy(sun.sun_path, socket_path);
254 if (unlink(socket_path) < 0 && errno != ENOENT)
255 die("Cannot unlink old socket %s: %m", socket_path);
257 if (bind(sk, (struct sockaddr *) &sun, sizeof(sun)) < 0)
258 die("Cannot bind to %s: %m", socket_path);
260 if (listen(sk, 64) < 0)
264 if (setsockopt(sk, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
265 die("setsockopt(SO_PASSCRED): %m");
267 listen_socket.fd = sk;
268 listen_socket.read_handler = listen_read_handler;
269 file_add(&listen_socket);
271 msg(L_INFO, "Listening on %s", socket_path);
274 static struct cf_section daemon_config = {
276 CF_STRING("SocketPath", &socket_path),
277 CF_UINT("MaxConnections", &max_connections),
282 static const struct opt_section options = {
284 OPT_HELP("A sub-authentication daemon."),
285 OPT_HELP("Usage: subauthd [options]"),
287 OPT_HELP("Options:"),
294 int main(int argc UNUSED, char **argv)
296 cf_def_file = CONFIG_DIR "/subauthd";
297 cf_declare_section("SubauthD", &daemon_config, 0);
298 opt_parse(&options, argv+1);