[subauth.git] / subauthd.c

/*
 *      Sub-authentication Daemon
 *
 *      (c) 2017 Martin Mares <mj@ucw.cz>
 */

#include <ucw/lib.h>
#include <ucw/conf.h>
#include <ucw/log.h>
#include <ucw/mainloop.h>
#include <ucw/opt.h>

#include <errno.h>
#include <fcntl.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <unistd.h>

#include "autoconf.h"

static char *socket_path = "subauthd.socket";
static uint max_connections = ~0U;

static struct main_file listen_socket;
static uint num_connections;

#define SOCKET_TIMEOUT 60000            // in ms
#define MAX_PACKET_SIZE 4096
#define MAX_OOB_DATA_SIZE 4096

struct client {
  struct main_file socket;
  struct main_timer timer;
};

static byte packet_buffer[MAX_PACKET_SIZE];
static byte oob_data_buffer[MAX_OOB_DATA_SIZE];

static void client_close(struct client *c)
{
  msg(L_INFO, "Closing connection");
  file_del(&c->socket);
  timer_del(&c->timer);
  close(c->socket.fd);
}

static void socket_timeout_handler(struct main_timer *tm)
{
  struct client *c = tm->data;

  msg(L_INFO, "Client timeout");

  client_close(c);
}

static int socket_read_handler(struct main_file *fi)
{
  struct client *c = fi->data;

  struct iovec iov = {
    .iov_base = packet_buffer,
    .iov_len = MAX_PACKET_SIZE,
  };

  struct msghdr mh = {
    .msg_iov = &iov,
    .msg_iovlen = 1,
    .msg_control = oob_data_buffer,
    .msg_controllen = MAX_OOB_DATA_SIZE,
  };

  ssize_t len = recvmsg(fi->fd, &mh, 0);
  if (len < 0)
    {
      if (errno != EAGAIN && errno != EINTR)
        msg(L_ERROR, "Socket read: %m");
      return HOOK_IDLE;
    }

  if (!len)
    {
      client_close(c);
      return HOOK_IDLE;
    }

  msg(L_INFO, "Got packet: len=%zd", len);

  struct ucred *cred = NULL;
  for (struct cmsghdr *cm = CMSG_FIRSTHDR(&mh); cm; cm = CMSG_NXTHDR(&mh, cm))
    {
      if (cm->cmsg_level == SOL_SOCKET)
        {
          if (cm->cmsg_type == SCM_RIGHTS)
            {
              // We are not interested in receiving file descriptor, but despite
              // that they could be attached to the message. If it happens, simply
              // close them.
              int *fdptr = (int *) CMSG_DATA(cm);
              int nfd = cm->cmsg_len / sizeof(int);
              for (int i=0; i<nfd; i++)
                close(fdptr[i]);
            }
          else if (cm->cmsg_type == SCM_CREDENTIALS)
            {
              ASSERT(cm->cmsg_len >= sizeof(cred));
              cred = (struct ucred *) CMSG_DATA(cm);
            }
        }
    }

  if (!cred)
    {
      msg(L_ERROR, "Dropping message with no credentials");
      return HOOK_RETRY;
    }

  msg(L_INFO, "Credentials: pid=%d uid=%d gid=%d", (int) cred->pid, (int) cred->uid, (int) cred->gid);

  return HOOK_RETRY;
}

static int listen_read_handler(struct main_file *fi)
{
  struct sockaddr_un client;
  socklen_t addr_len = sizeof(client);

  int new_sk = accept(fi->fd, &client, &addr_len);
  if (new_sk < 0)
    {
      if (errno != EAGAIN && errno != EINTR)
        msg(L_ERROR, "Socket accept: %m");
      return HOOK_IDLE;
    }

  if (num_connections >= max_connections)
    {
      msg(L_WARN, "Too many connections (you might need to increase MaxConnections)");
      close(new_sk);
      return HOOK_IDLE;
    }
  num_connections++;

  msg(L_INFO, "Accepted connection");

  if (fcntl(new_sk, F_SETFL, fcntl(new_sk, F_GETFL) | O_NONBLOCK) < 0)
    die("Cannot set O_NONBLOCK: %m");

  struct client *c = xmalloc_zero(sizeof(*c));
  c->socket.fd = new_sk;
  c->socket.read_handler = socket_read_handler;
  c->socket.data = c;
  file_add(&c->socket);

  c->timer.handler = socket_timeout_handler;
  c->timer.data = c;
  timer_add_rel(&c->timer, SOCKET_TIMEOUT);

  return HOOK_RETRY;
}

static void init_socket(void)
{
  int sk = socket(PF_UNIX, SOCK_SEQPACKET, 0);
  if (sk < 0)
    die("socket(PF_UNIX, SOCK_SEQPACKET): %m");

  if (fcntl(sk, F_SETFL, fcntl(sk, F_GETFL) | O_NONBLOCK) < 0)
    die("Cannot set O_NONBLOCK: %m");

  struct sockaddr_un sun;
  sun.sun_family = AF_UNIX;
  if (strlen(socket_path) >= sizeof(sun.sun_path))
    die("SocketPath too long");
  strcpy(sun.sun_path, socket_path);

  if (unlink(socket_path) < 0 && errno != ENOENT)
    die("Cannot unlink old socket %s: %m", socket_path);

  if (bind(sk, (struct sockaddr *) &sun, sizeof(sun)) < 0)
    die("Cannot bind to %s: %m", socket_path);

  if (listen(sk, 64) < 0)
    die("listen(): %m");

  int one;
  if (setsockopt(sk, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
    die("setsockopt(SO_PASSCRED): %m");

  listen_socket.fd = sk;
  listen_socket.read_handler = listen_read_handler;
  file_add(&listen_socket);

  msg(L_INFO, "Listening on %s", socket_path);
}

static struct cf_section daemon_config = {
  CF_ITEMS {
    CF_STRING("SocketPath", &socket_path),
    CF_UINT("MaxConnections", &max_connections),
    CF_END
  }
};

static const struct opt_section options = {
  OPT_ITEMS {
    OPT_HELP("A sub-authentication daemon."),
    OPT_HELP("Usage: subauthd [options]"),
    OPT_HELP(""),
    OPT_HELP("Options:"),
    OPT_HELP_OPTION,
    OPT_CONF_OPTIONS,
    OPT_END
  }
};

int main(int argc UNUSED, char **argv)
{
  cf_def_file = CONFIG_DIR "/subauthd";
  cf_declare_section("SubauthD", &daemon_config, 0);
  opt_parse(&options, argv+1);

  main_init();
  init_socket();

  main_loop();
  return 0;
}