From 87c5b2118efcee65eeda3f743d081ea9c2b866d9 Mon Sep 17 00:00:00 2001 From: Laurent Bercot Date: Thu, 15 Jan 2015 20:14:44 +0000 Subject: Move Unix domain utilities and access control utilites, as well as the accessrules library, from s6-networking to here --- doc/fifodir.html | 8 +- doc/ftrig.html | 184 ++++++++++ doc/index.html | 50 ++- doc/libftrig.html | 184 ---------- doc/libftrigr.html | 283 --------------- doc/libftrigw.html | 115 ------ doc/libs6/accessrules.html | 331 +++++++++++++++++ doc/libs6/ftrigr.html | 268 ++++++++++++++ doc/libs6/ftrigw.html | 100 ++++++ doc/libs6/index.html | 72 ++++ doc/libs6/s6-ftrigrd.html | 80 +++++ doc/libs6/s6lock.html | 238 ++++++++++++ doc/libs6/s6lockd-helper.html | 52 +++ doc/libs6/s6lockd.html | 73 ++++ doc/libs6lock/index.html | 256 ------------- doc/libs6lock/s6lockd-helper.html | 52 --- doc/libs6lock/s6lockd.html | 73 ---- doc/localservice.html | 153 ++++++++ doc/s6-accessrules-cdb-from-fs.html | 141 ++++++++ doc/s6-accessrules-fs-from-cdb.html | 60 ++++ doc/s6-cleanfifodir.html | 2 +- doc/s6-connlimit.html | 107 ++++++ doc/s6-ftrig-notify.html | 2 +- doc/s6-ftrigrd.html | 79 ---- doc/s6-ioconnect.html | 90 +++++ doc/s6-ipcclient.html | 74 ++++ doc/s6-ipcserver-access.html | 172 +++++++++ doc/s6-ipcserver-socketbinder.html | 72 ++++ doc/s6-ipcserver.html | 173 +++++++++ doc/s6-ipcserverd.html | 131 +++++++ doc/s6-notifywhenup.html | 8 +- doc/s6-setlock.html | 2 +- doc/s6-sudo.html | 59 +++ doc/s6-sudoc.html | 80 +++++ doc/s6-sudod.html | 170 +++++++++ doc/s6-supervise.html | 2 +- doc/s6-svc.html | 2 +- doc/s6-svwait.html | 4 +- doc/upgrade.html | 8 + doc/why.html | 4 +- package/deps.mak | 50 ++- package/info | 2 +- package/modes | 70 ++-- package/targets.mak | 12 + src/conn-tools/deps-exe/s6-accessrules-cdb-from-fs | 3 + src/conn-tools/deps-exe/s6-accessrules-fs-from-cdb | 1 + src/conn-tools/deps-exe/s6-connlimit | 1 + src/conn-tools/deps-exe/s6-ioconnect | 3 + src/conn-tools/deps-exe/s6-ipcclient | 2 + src/conn-tools/deps-exe/s6-ipcserver | 1 + src/conn-tools/deps-exe/s6-ipcserver-access | 3 + src/conn-tools/deps-exe/s6-ipcserver-socketbinder | 2 + src/conn-tools/deps-exe/s6-ipcserverd | 2 + src/conn-tools/deps-exe/s6-sudo | 1 + src/conn-tools/deps-exe/s6-sudoc | 3 + src/conn-tools/deps-exe/s6-sudod | 3 + src/conn-tools/s6-accessrules-cdb-from-fs.c | 195 ++++++++++ src/conn-tools/s6-accessrules-fs-from-cdb.c | 177 +++++++++ src/conn-tools/s6-connlimit.c | 39 ++ src/conn-tools/s6-ioconnect.c | 187 ++++++++++ src/conn-tools/s6-ipcclient.c | 66 ++++ src/conn-tools/s6-ipcserver-access.c | 211 +++++++++++ src/conn-tools/s6-ipcserver-socketbinder.c | 49 +++ src/conn-tools/s6-ipcserver.c | 127 +++++++ src/conn-tools/s6-ipcserverd.c | 399 +++++++++++++++++++++ src/conn-tools/s6-sudo.c | 67 ++++ src/conn-tools/s6-sudo.h | 11 + src/conn-tools/s6-sudoc.c | 115 ++++++ src/conn-tools/s6-sudod.c | 233 ++++++++++++ src/include/s6/accessrules.h | 53 +++ src/include/s6/s6.h | 1 + src/libs6/deps-lib/s6 | 8 + src/libs6/s6_accessrules_backend_cdb.c | 38 ++ src/libs6/s6_accessrules_backend_fs.c | 58 +++ src/libs6/s6_accessrules_keycheck_ip4.c | 24 ++ src/libs6/s6_accessrules_keycheck_ip6.c | 27 ++ src/libs6/s6_accessrules_keycheck_reversedns.c | 27 ++ src/libs6/s6_accessrules_keycheck_uidgid.c | 16 + src/libs6/s6_accessrules_uidgid_cdb.c | 11 + src/libs6/s6_accessrules_uidgid_fs.c | 10 + 80 files changed, 5221 insertions(+), 1101 deletions(-) create mode 100644 doc/ftrig.html delete mode 100644 doc/libftrig.html delete mode 100644 doc/libftrigr.html delete mode 100644 doc/libftrigw.html create mode 100644 doc/libs6/accessrules.html create mode 100644 doc/libs6/ftrigr.html create mode 100644 doc/libs6/ftrigw.html create mode 100644 doc/libs6/index.html create mode 100644 doc/libs6/s6-ftrigrd.html create mode 100644 doc/libs6/s6lock.html create mode 100644 doc/libs6/s6lockd-helper.html create mode 100644 doc/libs6/s6lockd.html delete mode 100644 doc/libs6lock/index.html delete mode 100644 doc/libs6lock/s6lockd-helper.html delete mode 100644 doc/libs6lock/s6lockd.html create mode 100644 doc/localservice.html create mode 100644 doc/s6-accessrules-cdb-from-fs.html create mode 100644 doc/s6-accessrules-fs-from-cdb.html create mode 100644 doc/s6-connlimit.html delete mode 100644 doc/s6-ftrigrd.html create mode 100644 doc/s6-ioconnect.html create mode 100644 doc/s6-ipcclient.html create mode 100644 doc/s6-ipcserver-access.html create mode 100644 doc/s6-ipcserver-socketbinder.html create mode 100644 doc/s6-ipcserver.html create mode 100644 doc/s6-ipcserverd.html create mode 100644 doc/s6-sudo.html create mode 100644 doc/s6-sudoc.html create mode 100644 doc/s6-sudod.html create mode 100644 src/conn-tools/deps-exe/s6-accessrules-cdb-from-fs create mode 100644 src/conn-tools/deps-exe/s6-accessrules-fs-from-cdb create mode 100644 src/conn-tools/deps-exe/s6-connlimit create mode 100644 src/conn-tools/deps-exe/s6-ioconnect create mode 100644 src/conn-tools/deps-exe/s6-ipcclient create mode 100644 src/conn-tools/deps-exe/s6-ipcserver create mode 100644 src/conn-tools/deps-exe/s6-ipcserver-access create mode 100644 src/conn-tools/deps-exe/s6-ipcserver-socketbinder create mode 100644 src/conn-tools/deps-exe/s6-ipcserverd create mode 100644 src/conn-tools/deps-exe/s6-sudo create mode 100644 src/conn-tools/deps-exe/s6-sudoc create mode 100644 src/conn-tools/deps-exe/s6-sudod create mode 100644 src/conn-tools/s6-accessrules-cdb-from-fs.c create mode 100644 src/conn-tools/s6-accessrules-fs-from-cdb.c create mode 100644 src/conn-tools/s6-connlimit.c create mode 100644 src/conn-tools/s6-ioconnect.c create mode 100644 src/conn-tools/s6-ipcclient.c create mode 100644 src/conn-tools/s6-ipcserver-access.c create mode 100644 src/conn-tools/s6-ipcserver-socketbinder.c create mode 100644 src/conn-tools/s6-ipcserver.c create mode 100644 src/conn-tools/s6-ipcserverd.c create mode 100644 src/conn-tools/s6-sudo.c create mode 100644 src/conn-tools/s6-sudo.h create mode 100644 src/conn-tools/s6-sudoc.c create mode 100644 src/conn-tools/s6-sudod.c create mode 100644 src/include/s6/accessrules.h create mode 100644 src/libs6/s6_accessrules_backend_cdb.c create mode 100644 src/libs6/s6_accessrules_backend_fs.c create mode 100644 src/libs6/s6_accessrules_keycheck_ip4.c create mode 100644 src/libs6/s6_accessrules_keycheck_ip6.c create mode 100644 src/libs6/s6_accessrules_keycheck_reversedns.c create mode 100644 src/libs6/s6_accessrules_keycheck_uidgid.c create mode 100644 src/libs6/s6_accessrules_uidgid_cdb.c create mode 100644 src/libs6/s6_accessrules_uidgid_fs.c diff --git a/doc/fifodir.html b/doc/fifodir.html index 99805ed..c45dea5 100644 --- a/doc/fifodir.html +++ b/doc/fifodir.html @@ -31,13 +31,13 @@ create fifodirs in a RAM filesystem.

- The libftrig interface takes care of all + The libftrig interface takes care of all the subtleties.

diff --git a/doc/ftrig.html b/doc/ftrig.html new file mode 100644 index 0000000..f4c4d6e --- /dev/null +++ b/doc/ftrig.html @@ -0,0 +1,184 @@ + + + + + s6: libftrig + + + + + + +

+s6
+Software
+skarnet.org +

+ +

libftrig

+ +

+libftrig is a portable Unix C programming interface allowing a +process (the subscriber or listener) to be instantly +notified when another process (the notifier or writer) +signals an event. +

+ + +

What is notification ?

+
+ +

Notification vs. polling

+ +

+ Process A is notified of an event E when it gets a instant +notice that event E has happened; the notice may disrupt A's execution +flow. Notification is the opposite of polling, where A has to +periodically (every T milliseconds) check whether E happened and has no +other way to be informed of it. +

+ +

+ Polling is generally considered bad practice - and is inferior to +notification in practically every case - for three reasons: +

+ + + +

+ Notification, on the other hand, is generally optimal: reaction time is +zero, and resource consumption is minimal - a process can sleep as soon as +it's not handling an event, and only wake up when needed. +

+ +

+ Of course, the problem of notification is that it's often more difficult +to implement. Notification frameworks are generally more complex, involving +lots of asynchronism; polling is widely used +because +it's easy. +

+ +

Notifications and Unix

+ +

+ Unix provides several frameworks so that a process B (or the kernel) can +notify process A. +

+ + + +

What we want

+ +

+ We need a general framework to: +

+ + + +

+ This requires a many-to-many approach that Unix does not provide natively, and +that is what libftrig does. +

+ + +

That's what a bus is for. D-Bus already does all this.

+
+ +

+ Yes, a bus is a good many-to-many notification mechanism indeed. However, +a Unix bus can only be implemented via a daemon - you need a long-running +process, i.e. a service, to implement a bus. And s6 is a +supervision suite, i.e. a set of programs designed to manage +services; we would like to be able to use notifications in the supervision +suite, to be able to wait for a service to be up or down... without +relying on a particular service to be up. libftrig provides a notification +mechanism that does not need a bus service to be up, that's its +main advantage over a bus. +

+ +

+ If you are not concerned with supervision and can depend on a bus service, +though, then yes, by all means, use a bus for your notification needs. +There is a skabus +project in the making, which aims to be simpler, smaller and more +maintainable than D-Bus. +

+ +

How to use libftrig

+ +

+ libftrig is really a part of libs6: all the functions +are implemented in the libs6.a archive, or the libs6.so +dynamic shared object. However, the interfaces are different for notifiers +and listeners: +

+ + + + + diff --git a/doc/index.html b/doc/index.html index 1507705..9e3dde3 100644 --- a/doc/index.html +++ b/doc/index.html @@ -37,7 +37,8 @@ supervision that might help you understand the basics. @@ -67,7 +68,7 @@ supervision that might help you understand the basics.

Download

@@ -151,7 +152,7 @@ counterpart. These programs are a clean rewrite of the obsolete "pipe-tools" package; they are now based on a properly designed notification library. They provide a command-line interface to -inter-process notification and +inter-process notification and synchronization.

@@ -172,21 +173,51 @@ synchronization.
  • The s6-ftrig-listen program
  • +

    Local service management and access control

    + + +

    + +

    + + +

    suidless privilege gain

    + + +

    Internal commands

    Libraries

    Definitions

    @@ -195,7 +226,8 @@ synchronization.
  • What is a fifodir
  • What is a service directory
  • What is a scan directory
  • -
  • Why are the libftrigw and libftrigr needed
  • +
  • What is a local service
  • +
  • Why are the libftrigw and libftrigr needed

  • diff --git a/doc/libftrig.html b/doc/libftrig.html deleted file mode 100644 index da4c25b..0000000 --- a/doc/libftrig.html +++ /dev/null @@ -1,184 +0,0 @@ - - - - - s6: libftrig - - - - - - -

    -s6
    -Software
    -skarnet.org -

    - -

    libftrig

    - -

    -libftrig is a portable Unix C programming interface allowing a -process (the subscriber or listener) to be instantly -notified when another process (the notifier or writer) -signals an event. -

    - - -

    What is notification ?

    -
    - -

    Notification vs. polling

    - -

    - Process A is notified of an event E when it gets a instant -notice that event E has happened; the notice may disrupt A's execution -flow. Notification is the opposite of polling, where A has to -periodically (every T milliseconds) check whether E happened and has no -other way to be informed of it. -

    - -

    - Polling is generally considered bad practice - and is inferior to -notification in practically every case - for three reasons: -

    - - - -

    - Notification, on the other hand, is generally optimal: reaction time is -zero, and resource consumption is minimal - a process can sleep as soon as -it's not handling an event, and only wake up when needed. -

    - -

    - Of course, the problem of notification is that it's often more difficult -to implement. Notification frameworks are generally more complex, involving -lots of asynchronism; polling is widely used -because -it's easy. -

    - -

    Notifications and Unix

    - -

    - Unix provides several frameworks so that a process B (or the kernel) can -notify process A. -

    - - - -

    What we want

    - -

    - We need a general framework to: -

    - - - -

    - This requires a many-to-many approach that Unix does not provide natively, and -that is what libftrig does. -

    - - -

    That's what a bus is for. D-Bus already does all this.

    -
    - -

    - Yes, a bus is a good many-to-many notification mechanism indeed. However, -a Unix bus can only be implemented via a daemon - you need a long-running -process, i.e. a service, to implement a bus. And s6 is a -supervision suite, i.e. a set of programs designed to manage -services; we would like to be able to use notifications in the supervision -suite, to be able to wait for a service to be up or down... without -relying on a particular service to be up. libftrig provides a notification -mechanism that does not need a bus service to be up, that's its -main advantage over a bus. -

    - -

    - If you are not concerned with supervision and can depend on a bus service, -though, then yes, by all means, use a bus for your notification needs. -There is a skabus -project in the making, which aims to be simpler, smaller and more -maintainable than D-Bus. -

    - -

    How to use libftrig

    - -

    - libftrig is really a part of libs6: all the functions -are implemented in the libs6.a archive, or the libs6.so -dynamic shared object. However, the interfaces are different for notifiers -and listeners: -

    - - - - - diff --git a/doc/libftrigr.html b/doc/libftrigr.html deleted file mode 100644 index 79c7694..0000000 --- a/doc/libftrigr.html +++ /dev/null @@ -1,283 +0,0 @@ - - - - - s6: the ftrigr library interface - - - - - - -

    -s6
    -Software
    -skarnet.org -

    - -

    The ftrigr library interface

    - -

    - The ftrigr library provides an API for listeners, i.e. -programs that want to subscribe to fifodirs and be instantly -notified when the proper sequence of events happens. -

    - -

    Compiling

    - - - -

    Linking

    - - - -

    Programming

    - -

    - Check the s6/ftrigr.h header for the -exact function prototypes. -

    - -

    - Make sure your application is not disturbed by children it doesn't -know it has. This means paying some attention to the SIGCHLD handler, -if any, and to the way you perform waitpid()s. The best -practice is to use a -self-pipe -to handle SIGCHLD (as well as other signals the application needs to trap), -and to always use wait_nohang() to reap children, -simply ignoring pids you don't know. -

    - -

    - If your (badly programmed) application has trouble handling unknown -children, consider using a ftrigrd service. -

    - -

    A programming example

    - -

    - The src/pipe-tools/s6-ftrig-listen1.c and -src/supervision/s6-svwait.c files in the s6 package, -for instance, illustrate how to use the ftrigr library. -

    - - -

    Synchronous functions with a specified maximum execution time

    - - - - -

    Starting and ending a session

    - -
    -ftrigr_t a = FTRIGR_ZERO ;
    -tain_t deadline, stamp ;
    -
    -tain_now(&stamp) ;
    -tain_addsec(&deadline, &stamp, 2)
    -
    -// char const *path = FTRIGR_IPCPATH ;
    -// ftrigr_start(&a, path, &deadline, &stamp) ;
    -ftrigr_startf(&a, &deadline, &stamp) ;
    -
    - -

    -ftrigr_start starts a session with a ftrigrd service listening on -path.
    -ftrigr_startf starts a session with a ftrigrd process as a child -(which is the simplest usage).
    -a is a ftrigr_t structure that must be declared in the stack and -initialized to FTRIGR_ZERO. -stamp must be an accurate enough timestamp.
    -If the session initialization fails, the function returns 0 and errno is set; -else the function returns 1. -

    -

    -If the absolute time deadline is reached and the function -has not returned yet, it immediately returns 0 with errno set to ETIMEDOUT. - -Only local interprocess communications are involved; unless your system is -heavily overloaded, the function should return near-instantly. One or two -seconds of delay between stamp and deadline should be -enough: if the function takes more than that to return, then there is a -problem with the underlying processes. -

    - -

    - You can have more than one session open in parallel, by declaring -several distinct ftrigr_t structures and calling -ftrigr_startf (or ftrigr_start) more than once. -However, this is useless, since one single session can handle -virtually as many concurrent fifodirs as your application needs. -

    - -
    -ftrigr_end(&a) ;
    -
    - -

    -ftrigr_end frees all the resources used by the session. The -a structure is then reusable for another session. -

    - -

    Subscribing to a fifodir

    - -
    -char const *path = "/var/lib/myservice/fifodir" ;
    -char const *re = "a.*b|c*d" ;
    -uint32 options = 0 ;
    -
    -uint16 id = ftrigr_subscribe (&a, path, re, options, &deadline, &stamp) ;
    -
    - -

    -ftrigr_subscribe instructs the -s6-ftrigrd daemon, related to the open -session represented by the a structure, to subscribe to the -path fifodir, and to notify the application when it receives -a series of events that matches the re regexp. -options can be 0 or FTRIGR_REPEAT. If it is 0, the daemon will -automatically unsubscribe from path once re has been -matched by a series of events. If it is FTRIGR_REPEAT, it will remain -subscribed until told otherwise. -

    - -

    - ftrigr_subscribe() returns 0 and sets errno in case of failure, or -a nonzero 16-bit number identifying the subscription in case of success. -

    - -

    -ftrigr_subscribe should return near-instantly, but if -deadline is reached, it will return 0 ETIMEDOUT. If -ftrigr_subscribe returns successfully, then the -s6-ftrigrd daemon is guaranteed to be listening on path, -and events can be sent without the risk of a race condition. -

    - -

    Synchronously waiting for events

    - -
    -uint16 list[1] ;
    -unsigned int n = 1 ;
    -char trigger ;
    -list[0] = id ;
    -
    -// r = ftrigr_wait_and(&a, list, n, &deadline) ;
    -r = ftrigr_wait_or(&a, list, n, &deadline, &trigger) ;
    -
    - -

    - ftrigr_wait_and() waits for all the n fifodirs -whose ids are listed in list to receive an event. It returns -1 -in case of error or timeout, or a non-negative integer in case of success.
    - ftrigr_wait_or() waits for one of the n fifodirs -whose ids are listed in list to receive an event. It returns -1 -in case of error or timeout; if it succeeds, the return value is the -position in list, starting at 0, of the identifier that received -an event; and trigger is set to the character that triggered that -event, i.e. the last character of a sequence that matched the regular -expression re used in the subscription. -

    - -

    Asynchronously waiting for events

    - -

    - (from now on, the functions are listed with their prototypes instead -of usage examples.) -

    - -
    -int ftrigr_fd (ftrigr_t const *a)
    -
    - -

    - Returns a file descriptor to select on for reading. Do not -read() it though. -

    - -
    -int ftrigr_update (ftrigr_t *a)
    -
    - -

    - Call this function whenever the fd checks readability: it will -update a's internal structures with information from the -s6-ftrigrd daemon. It returns -1 if an error -occurs; in case of success, it returns the number of identifiers for -which something happened. -

    - -

    - When ftrigr_update returns, -genalloc_s(uint16, &a->list) points to an array of -genalloc_len(uint16, &a->list) 16-bit unsigned -integers. Those integers are ids waiting to be passed to -ftrigr_check. -

    - -
    -int ftrigr_check (ftrigr_t *a, uint16 id, char *what)
    -
    - -

    - Checks whether an event happened to id. Use after a -call to ftrigr_update(). -

    - - - - - diff --git a/doc/libftrigw.html b/doc/libftrigw.html deleted file mode 100644 index d625f2b..0000000 --- a/doc/libftrigw.html +++ /dev/null @@ -1,115 +0,0 @@ - - - - - s6: the ftrigw library interface - - - - - - -

    -s6
    -Software
    -skarnet.org -

    - -

    The ftrigw library interface

    - -

    - The ftrigw library provides an API for notifiers, i.e. -programs that want to regularly announce what they're doing. -

    - -

    - Notifiers should create a fifodir in a hardcoded place in the -filesystem, and document its location. Listeners will then be -able to subscribe to that fifodir, and receive the events. -

    - -

    Compiling

    - - - -

    Linking

    - - - -

    Programming

    - -

    - Check the s6/ftrigw.h header for the -exact function prototypes. -

    - -

    Creating a fifodir

    - -
    -char const *path = "/var/lib/myservice/fifodir" ;
    -int gid = -1 ;
    -int forceperms = 0 ;
    -int r = ftrigw_fifodir_make(path, gid, forceperms) ;
    -
    - -

    -ftrigw_fifodir_make creates a fifodir at the path location. -It returns 0, and sets errno, if an error occurs. -It returns 1 if it succeeds.
    -If a fifodir, owned by the user, already exists at path, and -forceperms is zero, then ftrigw_fifodir_make immediately -returns a success. If forceperms is nonzero, then -it tries to adjust path's permissions before returning. -

    - -

    -If gid is negative, then path is created "public". -Any listener will be able to subscribe to path. -If gid is nonnegative, then path is created "private". -Only processes belonging to group gid will be able to -subscribe to path. -

    - -

    Sending an event

    - -
    -char event = 'a' ;
    -r = ftrigw_notify(path, event) ;
    -
    - -

    -ftrigw_notify sends event to all the processes that are -currently subscribed to path. -It returns -1 if an error occurs, or the number of successfully notified -processes. -

    - -

    Cleaning up

    - -

    -When stray KILL signals hit s6-ftrigrd processes, -1. it's a sign of incorrect system administration, 2. they can leave -unused named pipes in the fifodir. It's the fifodir's owner's job, i.e. -the notifier's job, to periodically do some housecleaning and remove -those unused pipes. -

    - -
    -r = ftrigw_clean(path) ;
    -
    - -

    -ftrigw_clean cleans path. It returns 0, and sets errno, -if it encounters an error. It returns 1 if it succeeds. -

    - - - diff --git a/doc/libs6/accessrules.html b/doc/libs6/accessrules.html new file mode 100644 index 0000000..bd98b5f --- /dev/null +++ b/doc/libs6/accessrules.html @@ -0,0 +1,331 @@ + + + + + s6: the accessrules library interface + + + + + + +

    +libs6
    +s6
    +Software
    +skarnet.org +

    + +

    The accessrules library interface

    + +

    + The following functions and structures are declared in the s6/accessrules.h header, +and implemented in the libs6.a or libs6.so library. +

    + +

    General information

    + +

    + accessrules is an access control library. It looks up +a key in a user-specified database, then returns a code depending on +whether the database allows access (in which case additional information +can also be returned), denies access, or does not contain the key. +

    + +

    + accessrules has been designed to be easily extensible to any +database format and any key format. +

    + +

    + Check the s6/accessrules.h header for the exact definitions. +

    + +

    Data structures

    + + + +

    Function types

    + +

    Backend lookups

    + +

    + A s6_accessrules_backend_func_t is the type of a function +that takes a single key, looks it up in a database, and returns the result. +Namely: +

    + +

    +s6_accessrules_result_t f (char const *key, unsigned int keylen, void *handle, s6_accessrules_params_t *params) +

    + +

    + f looks up key key of length keylen in the database +represented by handle in an implementation-defined way. It returns a +number that says the key has been allowed, denied or not found, or an error +occurred. If the key has been allowed, f stores additional information +from the database into *params. +

    + +

    + Two s6_accessrules_backend_func_t functions are natively implemented: +

    + + + +

    Frontend key checking

    + +

    + A s6_accessrules_keycheck_func_t is the type of a function that +takes a user-level key, makes a list of corresponding backend-level keys and +calls a s6_accessrules_backend_func_t function until it finds +a match. Namely: +

    + +

    +s6_accessrules_result_t f (void const *key, void *handle, s6_accessrules_params_t *params, s6_accessrules_backend_func_t *backend) +

    + +

    + f derives a list of low-level keys to check from key. +Then, for each key k of length klen in this list, it calls +(*backend)(k, klen, handle, params), returning *backend's result if it +is not S6_ACCESSRULES_NOTFOUND. If no match can be found in the whole list, +f finally returns S6_ACCESSRULES_NOTFOUND. +

    + +

    + Five s6_accessrules_keycheck_func_t functions are natively implemented: +

    + + + +

    Ready-to-use functions

    + + Those functions are mostly macros; they're built by associating a frontend +function with a backend function. + +

    + s6_accessrules_result_t s6_accessrules_uidgid_cdb +(unsigned int u, unsigned int g, struct cdb *c, +s6_accessrules_params_t *params)
    +Checks the *c CDB database for an authorization for uid u +and gid g. If the result is S6_ACCESSRULES_ALLOW, additional +information may be stored into params. +

    + +

    + s6_accessrules_result_t s6_accessrules_uidgid_fs +(unsigned int u, unsigned int g, char const *dir, +s6_accessrules_params_t *params)
    +Checks the dir base directory for an authorization for uid u +and gid g. If the result is S6_ACCESSRULES_ALLOW, additional +information may be stored into params. +

    + +

    + s6_accessrules_result_t s6_accessrules_reversedns_cdb +(char const *name, struct cdb *c, +s6_accessrules_params_t *params)
    +Checks the *c CDB database for an authorization for the +name FQDN. If the result is S6_ACCESSRULES_ALLOW, additional +information may be stored into params. +

    + +

    + s6_accessrules_result_t s6_accessrules_reversedns_fs +(char const *name, char const *dir, +s6_accessrules_params_t *params)
    +Checks the dir base directory for an authorization for the +name FQDN. If the result is S6_ACCESSRULES_ALLOW, additional +information may be stored into params. +

    + +

    + s6_accessrules_result_t s6_accessrules_ip4_cdb +(char const *ip4, struct cdb *c, +s6_accessrules_params_t *params)
    +Checks the *c CDB database for an authorization for the +ip4 IPv4 address (4 network byte order characters). +If the result is S6_ACCESSRULES_ALLOW, additional +information may be stored into params. +

    + +

    + s6_accessrules_result_t s6_accessrules_ip4_fs +(char const *ip4, char const *dir, +s6_accessrules_params_t *params)
    +Checks the dir base directory for an authorization for the +ip4 IPv4 address (4 network byte order characters). +If the result is S6_ACCESSRULES_ALLOW, additional +information may be stored into params. +

    + +

    + s6_accessrules_result_t s6_accessrules_ip6_cdb +(char const *ip6, struct cdb *c, +s6_accessrules_params_t *params)
    +Checks the *c CDB database for an authorization for the +ip6 IPv6 address (16 network byte order characters). +If the result is S6_ACCESSRULES_ALLOW, additional +information may be stored into params. +

    + +

    + s6_accessrules_result_t s6_accessrules_ip6_fs +(char const *ip6, char const *dir, +s6_accessrules_params_t *params)
    +Checks the dir base directory for an authorization for the +ip6 IPv6 address (16 network byte order characters). +If the result is S6_ACCESSRULES_ALLOW, additional +information may be stored into params. +

    + +

    + s6_accessrules_result_t s6_accessrules_ip46_cdb +(ip46_t *ip, struct cdb *c, +s6_accessrules_params_t *params)
    +Checks the *c CDB database for an authorization for the +ip IP address. +If the result is S6_ACCESSRULES_ALLOW, additional +information may be stored into params. +

    + +

    + s6_accessrules_result_t s6_accessrules_ip46_fs +(ip46_t const *ip, char const *dir, +s6_accessrules_params_t *params)
    +Checks the dir base directory for an authorization for the +ip IP address. +If the result is S6_ACCESSRULES_ALLOW, additional +information may be stored into params. +

    + + + diff --git a/doc/libs6/ftrigr.html b/doc/libs6/ftrigr.html new file mode 100644 index 0000000..2c9bf88 --- /dev/null +++ b/doc/libs6/ftrigr.html @@ -0,0 +1,268 @@ + + + + + s6: the ftrigr library interface + + + + + + +

    +libs6
    +s6
    +Software
    +skarnet.org +

    + +

    The ftrigr library interface

    + +

    + The ftrigr library provides an API for listeners, i.e. +programs that want to subscribe to fifodirs and be instantly +notified when the proper sequence of events happens. +

    + +

    Programming

    + +

    + Check the s6/ftrigr.h header for the +exact function prototypes. +

    + +

    + Make sure your application is not disturbed by children it doesn't +know it has. This means paying some attention to the SIGCHLD handler, +if any, and to the way you perform waitpid()s. The best +practice is to use a +self-pipe +to handle SIGCHLD (as well as other signals the application needs to trap), +and to always use wait_nohang() to reap children, +simply ignoring pids you don't know. +

    + +

    + If your (badly programmed) application has trouble handling unknown +children, consider using a ftrigrd service. +

    + +

    A programming example

    + +

    + The src/pipe-tools/s6-ftrig-listen1.c and +src/supervision/s6-svwait.c files in the s6 package, +for instance, illustrate how to use the ftrigr library. +

    + + +

    Synchronous functions with a specified maximum execution time

    + + + + +

    Starting and ending a session

    + +
    +ftrigr_t a = FTRIGR_ZERO ;
    +tain_t deadline, stamp ;
    +
    +tain_now(&stamp) ;
    +tain_addsec(&deadline, &stamp, 2)
    +
    +// char const *path = FTRIGR_IPCPATH ;
    +// ftrigr_start(&a, path, &deadline, &stamp) ;
    +ftrigr_startf(&a, &deadline, &stamp) ;
    +
    + +

    +ftrigr_start starts a session with a ftrigrd service listening on +path.
    +ftrigr_startf starts a session with a ftrigrd process as a child +(which is the simplest usage).
    +a is a ftrigr_t structure that must be declared in the stack and +initialized to FTRIGR_ZERO. +stamp must be an accurate enough timestamp.
    +If the session initialization fails, the function returns 0 and errno is set; +else the function returns 1. +

    +

    +If the absolute time deadline is reached and the function +has not returned yet, it immediately returns 0 with errno set to ETIMEDOUT. + +Only local interprocess communications are involved; unless your system is +heavily overloaded, the function should return near-instantly. One or two +seconds of delay between stamp and deadline should be +enough: if the function takes more than that to return, then there is a +problem with the underlying processes. +

    + +

    + You can have more than one session open in parallel, by declaring +several distinct ftrigr_t structures and calling +ftrigr_startf (or ftrigr_start) more than once. +However, this is useless, since one single session can handle +virtually as many concurrent fifodirs as your application needs. +

    + +
    +ftrigr_end(&a) ;
    +
    + +

    +ftrigr_end frees all the resources used by the session. The +a structure is then reusable for another session. +

    + +

    Subscribing to a fifodir

    + +
    +char const *path = "/var/lib/myservice/fifodir" ;
    +char const *re = "a.*b|c*d" ;
    +uint32 options = 0 ;
    +
    +uint16 id = ftrigr_subscribe (&a, path, re, options, &deadline, &stamp) ;
    +
    + +

    +ftrigr_subscribe instructs the +s6-ftrigrd daemon, related to the open +session represented by the a structure, to subscribe to the +path fifodir, and to notify the application when it receives +a series of events that matches the re regexp. +options can be 0 or FTRIGR_REPEAT. If it is 0, the daemon will +automatically unsubscribe from path once re has been +matched by a series of events. If it is FTRIGR_REPEAT, it will remain +subscribed until told otherwise. +

    + +

    + ftrigr_subscribe() returns 0 and sets errno in case of failure, or +a nonzero 16-bit number identifying the subscription in case of success. +

    + +

    +ftrigr_subscribe should return near-instantly, but if +deadline is reached, it will return 0 ETIMEDOUT. If +ftrigr_subscribe returns successfully, then the +s6-ftrigrd daemon is guaranteed to be listening on path, +and events can be sent without the risk of a race condition. +

    + +

    Synchronously waiting for events

    + +
    +uint16 list[1] ;
    +unsigned int n = 1 ;
    +char trigger ;
    +list[0] = id ;
    +
    +// r = ftrigr_wait_and(&a, list, n, &deadline) ;
    +r = ftrigr_wait_or(&a, list, n, &deadline, &trigger) ;
    +
    + +

    + ftrigr_wait_and() waits for all the n fifodirs +whose ids are listed in list to receive an event. It returns -1 +in case of error or timeout, or a non-negative integer in case of success.
    + ftrigr_wait_or() waits for one of the n fifodirs +whose ids are listed in list to receive an event. It returns -1 +in case of error or timeout; if it succeeds, the return value is the +position in list, starting at 0, of the identifier that received +an event; and trigger is set to the character that triggered that +event, i.e. the last character of a sequence that matched the regular +expression re used in the subscription. +

    + +

    Asynchronously waiting for events

    + +

    + (from now on, the functions are listed with their prototypes instead +of usage examples.) +

    + +
    +int ftrigr_fd (ftrigr_t const *a)
    +
    + +

    + Returns a file descriptor to select on for reading. Do not +read() it though. +

    + +
    +int ftrigr_update (ftrigr_t *a)
    +
    + +

    + Call this function whenever the fd checks readability: it will +update a's internal structures with information from the +s6-ftrigrd daemon. It returns -1 if an error +occurs; in case of success, it returns the number of identifiers for +which something happened. +

    + +

    + When ftrigr_update returns, +genalloc_s(uint16, &a->list) points to an array of +genalloc_len(uint16, &a->list) 16-bit unsigned +integers. Those integers are ids waiting to be passed to +ftrigr_check. +

    + +
    +int ftrigr_check (ftrigr_t *a, uint16 id, char *what)
    +
    + +

    + Checks whether an event happened to id. Use after a +call to ftrigr_update(). +

    + + + + + diff --git a/doc/libs6/ftrigw.html b/doc/libs6/ftrigw.html new file mode 100644 index 0000000..b0feb31 --- /dev/null +++ b/doc/libs6/ftrigw.html @@ -0,0 +1,100 @@ + + + + + s6: the ftrigw library interface + + + + + + +

    +libs6
    +s6
    +Software
    +skarnet.org +

    + +

    The ftrigw library interface

    + +

    + The ftrigw library provides an API for notifiers, i.e. +programs that want to regularly announce what they're doing. +

    + +

    + Notifiers should create a fifodir in a hardcoded place in the +filesystem, and document its location. Listeners will then be +able to subscribe to that fifodir, and receive the events. +

    + +

    Programming

    + +

    + Check the s6/ftrigw.h header for the +exact function prototypes. +

    + +

    Creating a fifodir

    + +
    +char const *path = "/var/lib/myservice/fifodir" ;
    +int gid = -1 ;
    +int forceperms = 0 ;
    +int r = ftrigw_fifodir_make(path, gid, forceperms) ;
    +
    + +

    +ftrigw_fifodir_make creates a fifodir at the path location. +It returns 0, and sets errno, if an error occurs. +It returns 1 if it succeeds.
    +If a fifodir, owned by the user, already exists at path, and +forceperms is zero, then ftrigw_fifodir_make immediately +returns a success. If forceperms is nonzero, then +it tries to adjust path's permissions before returning. +

    + +

    +If gid is negative, then path is created "public". +Any listener will be able to subscribe to path. +If gid is nonnegative, then path is created "private". +Only processes belonging to group gid will be able to +subscribe to path. +

    + +

    Sending an event

    + +
    +char event = 'a' ;
    +r = ftrigw_notify(path, event) ;
    +
    + +

    +ftrigw_notify sends event to all the processes that are +currently subscribed to path. +It returns -1 if an error occurs, or the number of successfully notified +processes. +

    + +

    Cleaning up

    + +

    +When stray KILL signals hit s6-ftrigrd processes, +1. it's a sign of incorrect system administration, 2. they can leave +unused named pipes in the fifodir. It's the fifodir's owner's job, i.e. +the notifier's job, to periodically do some housecleaning and remove +those unused pipes. +

    + +
    +r = ftrigw_clean(path) ;
    +
    + +

    +ftrigw_clean cleans path. It returns 0, and sets errno, +if it encounters an error. It returns 1 if it succeeds. +

    + + + diff --git a/doc/libs6/index.html b/doc/libs6/index.html new file mode 100644 index 0000000..9fe7e65 --- /dev/null +++ b/doc/libs6/index.html @@ -0,0 +1,72 @@ + + + + + s6: the s6 library interface + + + + + + +

    +s6
    +Software
    +skarnet.org +

    + +

    The s6 library interface

    + +

    General information

    + +

    + libs6 is a collection of utility +C interfaces, used in the s6 executables. +

    + +

    Compiling

    + + + +

    Linking

    + + + +

    Programming

    + +

    + The s6/s6.h header is actually a +concatenation of other headers: +the libs6net is separated into several modules, each of them with its +own header. +

    + + + + + diff --git a/doc/libs6/s6-ftrigrd.html b/doc/libs6/s6-ftrigrd.html new file mode 100644 index 0000000..4bbfc69 --- /dev/null +++ b/doc/libs6/s6-ftrigrd.html @@ -0,0 +1,80 @@ + + + + + s6: the s6-ftrigrd program + + + + + + +

    +libs6
    +s6
    +Software
    +skarnet.org +

    + +

    The s6-ftrigrd program

    + +

    +s6-ftrigrd is a helper program that manages a set of subscriptions to fifodirs as well +as regular expressions on events. It takes orders from its client program that controls +it via the ftrigr library, and notifies it when desired +events happen. +

    + +

    Interface

    + +

    + s6-ftrigrd is not meant to be called directly. +

    + + + +

    + s6-ftrigrd handles the grunt work of creating fifos in a +fifodir for a subscriber. It also wakes up on every +event, and compares the chain of events it received on a given fifodir with the +client-provided regexp. If the chain of events matches the regexp, it notifies +the client. +

    + +

    Notes

    + +

    + The connection management between the client and s6-ftrigrd is entirely done +by the skaclient +library. +

    + +

    + s6-ftrigrd is entirely asynchronous. It stores unread notifications into heap +memory; it can grow in size if there are a lot of events and the client fails +to read them. To avoid uncontrolled growth, make sure your client calls +ftrigr_update() as soon as ftrigr_fd() becomes readable. +

    + +

    + A s6-ftrigrd instance can only handle up to FTRIGRD_MAX (defined in s6/ftrigr.h) +subscriptions at once. By default, this number is 1000, which is more than enough for +any reasonable system. +

    + + + diff --git a/doc/libs6/s6lock.html b/doc/libs6/s6lock.html new file mode 100644 index 0000000..ca22fe4 --- /dev/null +++ b/doc/libs6/s6lock.html @@ -0,0 +1,238 @@ + + + + + s6: the s6lock library interface + + + + + + +

    +libs6
    +s6
    +Software
    +skarnet.org +

    + +

    The s6lock library interface

    + +

    General information

    + +

    + s6lock is a C interface to timed locks. Unix natively provides +locks, but the locking primitives are synchronous, so either they are +unbounded in execution time or they require polling. s6lock provides +poll-free locks that can timeout during attempted acquisition. +

    + +

    Programming

    + + + +

    Starting and ending a session

    + +
    +s6lock_t a = S6LOCK_ZERO ;
    +tain_t deadline ;
    +
    +tain_now_g() ;
    +tain_addsec_g(&deadline, 2)
    +
    +char const *path = S6LOCK_IPCPATH ;
    +s6lock_start_g(&a, path, &deadline) ;
    +// char const *lockdir = "/tmp/lock" ;
    +// s6lock_startf_g(&a, lockdir, &deadline) ;
    +
    + +

    +s6lock_start_g starts a session by connecting to a s6lockd service +listening on path. The working directory is set by the administrator +of the service.
    +s6lock_startf_g starts a session with a s6lockd process as a child, +using lockdir as its working directory. +
    +a is a s6lock_t structure that must be declared in the stack and +initialized to S6LOCK_ZERO. +If the session initialization fails, the function returns 0 and errno is set; +else the function returns 1. +

    +

    +If the absolute time deadline is reached and the function +has not returned yet, it immediately returns 0 with errno set to ETIMEDOUT. + +Only local interprocess communications are involved; unless your system is +heavily overloaded, the function should return near-instantly. One or two +seconds of delay between the current time and deadline should be +enough: if the function takes more than that to return, then there is a +problem with the underlying processes. +

    + +

    + You can have more than one session open in parallel, by declaring +several distinct s6lock_t structures and calling +s6lock_startf_g (or s6lock_start_g) more than once. +However, one single session can handle +virtually as many concurrent locks as your application needs, so +opening several sessions is only useful if you need to acquire locks +in various distinct lock directories. +

    + +
    +s6lock_end(&a) ;
    +
    + +

    +s6lock_end frees all the resources used by the session. The +a structure is then reusable for another session. +

    + +

    Acquiring and releasing locks

    + +
    +uint16 id ;
    +char const *file = "lockfile" ;
    +tain_t limit ;
    +tain_t deadline ;
    +
    +int r = s6lock_acquire_sh_g (&a, &id, file, &limit, &deadline) ;
    +/* int r = s6lock_acquire_ex_g (&a, &id, file, &limit, &deadline) ; */
    +r = s6lock_release_g(&a, id, &deadline) ;
    +
    + +

    +s6lock_acquire_sh_g instructs the +s6lockd daemon, related to the open +session represented by the a handle, to try and acquire a +shared lock on the +file file located under that daemon's working directory +(typically /var/lock). file will be interpreted as +relative to the daemon's working directory even if it starts with a +slash; however, slashes in the middle of file are likely to +result in an error. +

    + +

    +limit and deadline are two absolute dates. +deadline is a deadline for the execution of the +function: if by deadline the function has not returned, +then it instantly returns 0 and sets errno to ETIMEDOUT. The +function is normally near-instantaneous, so deadline can +be very close in the future and serves only as a protection against +malicious servers. limit is the acquisition deadline: if +by limit the daemon still has not been able to acquire a lock +on file, then it will report a timeout to the client. +

    + +

    +The function returns 1 in case of success, or 0 if an error occurs, +with errno set to a suitable value. If it succeeds, then a 16-bit +number is stored into *id; this number serves as an identifier +for this lock. +

    + +

    +s6lock_acquire_ex_g works just like s6lock_acquire_sh_g, +except that the daemon tries to acquire an exclusive lock. +

    + +

    +s6lock_release_g releases the lock identified by id. +It normally returns 1. It can return 0 with errno set to a suitable +value if it fails. id is not valid after the corresponding +lock has been released. The function normally returns instantly, with +deadline as a safeguard. +

    + +

    Asynchronously waiting for locks

    + +

    + (from now on, the functions are listed with their prototypes instead +of usage examples.) +

    + +
    +int s6lock_fd (s6lock_t const *a)
    +
    + +

    + Returns a file descriptor to select on for reading. Do not +read() it though. +

    + +
    +int s6lock_update (s6lock_t *a)
    +
    + +

    + Call this function whenever the fd checks readability: it will +update a's internal structures with information from the +s6lockd daemon. It returns -1 if an error +occurs; in case of success, it returns the number of identifiers for +which something happened. +

    + +

    + When s6lock_update returns, +genalloc_s(uint16, &a->list) points to an array of +genalloc_len(uint16, &a->list) 16-bit unsigned +integers. Those integers are ids waiting to be passed to +s6lock_check. +

    + +
    +int s6lock_check (s6lock_t *a, uint16 id, char *what)
    +
    + +

    + Checks whether the lock identified by id has +been acquired. Use after a call to s6lock_update(). +

    + + + +

    Synchronously waiting for locks

    + +

    + int s6lock_wait_or_g (s6lock_t *a, uint16 const *idlist, unsigned int n, tain_t const *deadline)
    +Synchronously waits for one of the locks represented by the array pointed to +by idlist of length n to be acquired. Returns -1 if it fails, +or a nonnegative number on success, which is the index in idlist of the +acquired lock's id. If no result has been obtained by deadline, the +function returns -1 ETIMEDOUT. +

    + +

    + int s6lock_wait_and_g (s6lock_t *a, uint16 const *idlist, unsigned int n, tain_t const *deadline)
    +Synchronously waits for all of the locks represented by the array pointed to +by idlist of length n to be acquired. Returns -1 if it fails and +0 if it succeeds. If no result has been obtained by deadline, the +function returns -1 ETIMEDOUT. +

    + + + diff --git a/doc/libs6/s6lockd-helper.html b/doc/libs6/s6lockd-helper.html new file mode 100644 index 0000000..2c54e5c --- /dev/null +++ b/doc/libs6/s6lockd-helper.html @@ -0,0 +1,52 @@ + + + + + s6: the s6lockd-helper internal program + + + + + + +libs6
    +s6
    +Software
    +skarnet.org

    + +

    The s6lockd-helper program

    + +

    +s6lockd-helper is a helper program for the s6lock daemon. +It just acquires a lock and holds it until it is killed or told to +exit by its parent daemon. +

    + +

    Interface

    + +

    + s6lockd-helper is not meant to be invoked directly by the user: +it will be spawned by the +s6lockd program. +

    + +

    Notes

    + + + + + diff --git a/doc/libs6/s6lockd.html b/doc/libs6/s6lockd.html new file mode 100644 index 0000000..7db76be --- /dev/null +++ b/doc/libs6/s6lockd.html @@ -0,0 +1,73 @@ + + + + + s6: the s6lockd internal program + + + + + + +libs6
    +s6
    +Software
    +skarnet.org

    + +

    The s6lockd program

    + +

    +s6lockd is the s6lock daemon. It is a program that manages +a set of lock files in a given directory, and associated timeouts. +

    + +

    Interface

    + +

    + s6lockd does not fork, does not background itself automatically, +and does not use syslog. It is not meant to be run directly by the +user: it will be spawned by the +s6lock client library. +

    + +

    + There are 2 ways to use s6lockd: +

    + +
      +
    1. Use the s6lock_startf() library call. +A s6lockd child will then be spawned from your +calling process, and automatically reaped when you call +s6lock_end(). It requires care with applications that +trap SIGCHLD. It also requires care with lock file permissions: +a s6lockd instance might not be able +to open a lock file created by a former instance run by another +client with different permissions.
    2. +
    3. Use the s6lock_start() library call, together with a +s6lockd service. +For once, this is the recommended setup: s6lockd creates empty +lock files, and having all s6lockd instances run under the same user +simplifies permissions management considerably.
    4. + +
    + +

    +When run as a service, s6lockd has no "standalone" mode: it is +designed to work with a Unix +domain superserver, like +s6-ipcserver. +s6lockd follows the UCSPI +interface, it can be directly executed from the superserver. +

    + +

    Notes

    + + + + + diff --git a/doc/libs6lock/index.html b/doc/libs6lock/index.html deleted file mode 100644 index 7237823..0000000 --- a/doc/libs6lock/index.html +++ /dev/null @@ -1,256 +0,0 @@ - - - - - s6: the s6lock library interface - - - - - - -

    -s6
    -Software
    -skarnet.org -

    - -

    The s6lock library interface

    - -

    General information

    - -

    - libs6lock is a C interface to timed locks. Unix natively provides -locks, but the locking primitives are synchronous, so either they are -unbounded in execution time or they require polling. libs6lock provides -poll-free locks that can timeout during attempted acquisition. -

    - -

    Compiling

    - - - -

    Linking

    - - - -

    Programming

    - - - -

    Starting and ending a session

    - -
    -s6lock_t a = S6LOCK_ZERO ;
    -tain_t deadline ;
    -
    -tain_now_g() ;
    -tain_addsec_g(&deadline, 2)
    -
    -char const *path = S6LOCK_IPCPATH ;
    -s6lock_start_g(&a, path, &deadline) ;
    -// char const *lockdir = "/tmp/lock" ;
    -// s6lock_startf_g(&a, lockdir, &deadline) ;
    -
    - -

    -s6lock_start_g starts a session by connecting to a s6lockd service -listening on path. The working directory is set by the administrator -of the service.
    -s6lock_startf_g starts a session with a s6lockd process as a child, -using lockdir as its working directory. -
    -a is a s6lock_t structure that must be declared in the stack and -initialized to S6LOCK_ZERO. -If the session initialization fails, the function returns 0 and errno is set; -else the function returns 1. -

    -

    -If the absolute time deadline is reached and the function -has not returned yet, it immediately returns 0 with errno set to ETIMEDOUT. - -Only local interprocess communications are involved; unless your system is -heavily overloaded, the function should return near-instantly. One or two -seconds of delay between the current time and deadline should be -enough: if the function takes more than that to return, then there is a -problem with the underlying processes. -

    - -

    - You can have more than one session open in parallel, by declaring -several distinct s6lock_t structures and calling -s6lock_startf_g (or s6lock_start_g) more than once. -However, one single session can handle -virtually as many concurrent locks as your application needs, so -opening several sessions is only useful if you need to acquire locks -in various distinct lock directories. -

    - -
    -s6lock_end(&a) ;
    -
    - -

    -s6lock_end frees all the resources used by the session. The -a structure is then reusable for another session. -

    - -

    Acquiring and releasing locks

    - -
    -uint16 id ;
    -char const *file = "lockfile" ;
    -tain_t limit ;
    -tain_t deadline ;
    -
    -int r = s6lock_acquire_sh_g (&a, &id, file, &limit, &deadline) ;
    -/* int r = s6lock_acquire_ex_g (&a, &id, file, &limit, &deadline) ; */
    -r = s6lock_release_g(&a, id, &deadline) ;
    -
    - -

    -s6lock_acquire_sh_g instructs the -s6lockd daemon, related to the open -session represented by the a handle, to try and acquire a -shared lock on the -file file located under that daemon's working directory -(typically /var/lock). file will be interpreted as -relative to the daemon's working directory even if it starts with a -slash; however, slashes in the middle of file are likely to -result in an error. -

    - -

    -limit and deadline are two absolute dates. -deadline is a deadline for the execution of the -function: if by deadline the function has not returned, -then it instantly returns 0 and sets errno to ETIMEDOUT. The -function is normally near-instantaneous, so deadline can -be very close in the future and serves only as a protection against -malicious servers. limit is the acquisition deadline: if -by limit the daemon still has not been able to acquire a lock -on file, then it will report a timeout to the client. -

    - -

    -The function returns 1 in case of success, or 0 if an error occurs, -with errno set to a suitable value. If it succeeds, then a 16-bit -number is stored into *id; this number serves as an identifier -for this lock. -

    - -

    -s6lock_acquire_ex_g works just like s6lock_acquire_sh_g, -except that the daemon tries to acquire an exclusive lock. -

    - -

    -s6lock_release_g releases the lock identified by id. -It normally returns 1. It can return 0 with errno set to a suitable -value if it fails. id is not valid after the corresponding -lock has been released. The function normally returns instantly, with -deadline as a safeguard. -

    - -

    Asynchronously waiting for locks

    - -

    - (from now on, the functions are listed with their prototypes instead -of usage examples.) -

    - -
    -int s6lock_fd (s6lock_t const *a)
    -
    - -

    - Returns a file descriptor to select on for reading. Do not -read() it though. -

    - -
    -int s6lock_update (s6lock_t *a)
    -
    - -

    - Call this function whenever the fd checks readability: it will -update a's internal structures with information from the -s6lockd daemon. It returns -1 if an error -occurs; in case of success, it returns the number of identifiers for -which something happened. -

    - -

    - When s6lock_update returns, -genalloc_s(uint16, &a->list) points to an array of -genalloc_len(uint16, &a->list) 16-bit unsigned -integers. Those integers are ids waiting to be passed to -s6lock_check. -

    - -
    -int s6lock_check (s6lock_t *a, uint16 id, char *what)
    -
    - -

    - Checks whether the lock identified by id has -been acquired. Use after a call to s6lock_update(). -

    - - - -

    Synchronously waiting for locks

    - -

    - int s6lock_wait_or_g (s6lock_t *a, uint16 const *idlist, unsigned int n, tain_t const *deadline)
    -Synchronously waits for one of the locks represented by the array pointed to -by idlist of length n to be acquired. Returns -1 if it fails, -or a nonnegative number on success, which is the index in idlist of the -acquired lock's id. If no result has been obtained by deadline, the -function returns -1 ETIMEDOUT. -

    - -

    - int s6lock_wait_and_g (s6lock_t *a, uint16 const *idlist, unsigned int n, tain_t const *deadline)
    -Synchronously waits for all of the locks represented by the array pointed to -by idlist of length n to be acquired. Returns -1 if it fails and -0 if it succeeds. If no result has been obtained by deadline, the -function returns -1 ETIMEDOUT. -

    - - - diff --git a/doc/libs6lock/s6lockd-helper.html b/doc/libs6lock/s6lockd-helper.html deleted file mode 100644 index 839dce4..0000000 --- a/doc/libs6lock/s6lockd-helper.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - s6: the s6lockd-helper internal program - - - - - - -libs6lock
    -s6
    -Software
    -skarnet.org

    - -

    The s6lockd-helper program

    - -

    -s6lockd-helper is a helper program for the s6lock daemon. -It just acquires a lock and holds it until it is killed or told to -exit by its parent daemon. -

    - -

    Interface

    - -

    - s6lockd-helper is not meant to be invoked directly by the user: -it will be spawned by the -s6lockd program. -

    - -

    Notes

    - - - - - diff --git a/doc/libs6lock/s6lockd.html b/doc/libs6lock/s6lockd.html deleted file mode 100644 index 726d2f8..0000000 --- a/doc/libs6lock/s6lockd.html +++ /dev/null @@ -1,73 +0,0 @@ - - - - - s6: the s6lockd internal program - - - - - - -libs6lock
    -s6
    -Software
    -skarnet.org

    - -

    The s6lockd program

    - -

    -s6lockd is the s6lock daemon. It is a program that manages -a set of lock files in a given directory, and associated timeouts. -

    - -

    Interface

    - -

    - s6lockd does not fork, does not background itself automatically, -and does not use syslog. It is not meant to be run directly by the -user: it will be spawned by the -s6lock client library. -

    - -

    - There are 2 ways to use s6lockd: -

    - -
      -
    1. Use the s6lock_startf() library call. -A s6lockd child will then be spawned from your -calling process, and automatically reaped when you call -s6lock_end(). It requires care with applications that -trap SIGCHLD. It also requires care with lock file permissions: -a s6lockd instance might not be able -to open a lock file created by a former instance run by another -client with different permissions.
    2. -
    3. Use the s6lock_start() library call, together with a -s6lockd service. -For once, this is the recommended setup: s6lockd creates empty -lock files, and having all s6lockd instances run under the same user -simplifies permissions management considerably.
    4. - -
    - -

    -When run as a service, s6lockd has no "standalone" mode: it is -designed to work with a Unix -domain superserver, like -s6-ipcserver. -s6lockd follows the UCSPI -interface, it can be directly executed from the superserver. -

    - -

    Notes

    - - - - - diff --git a/doc/localservice.html b/doc/localservice.html new file mode 100644 index 0000000..3b555fd --- /dev/null +++ b/doc/localservice.html @@ -0,0 +1,153 @@ + + + + + s6: what is a local service + + + + + + +

    +s6
    +Software
    +skarnet.org +

    + +

    Local services

    + +

    + A local service is a daemon that listens to incoming connections +on a Unix domain socket. Clients of the service are programs connecting to +this socket: the daemon performs operations on their behalf. +

    + +

    + The service is called local because it is not accessible to +clients from the network. +

    + +

    + A widely known example of a local service is the syslogd daemon. +On most implementations, it listens to the /dev/log socket. +Its clients connect to it and send their logs via the socket. The +openlog() function is just a wrapper arround the connect() +system call, the syslog() function a wrapper around write(), +and so on. +

    + +

    Benefits

    + +

    Privileges

    + +

    + The most important benefit of a local service is that it permits +controlled privilege gains without using setuid programs. +The daemon is run as user S; a client running as user C and connecting to +the daemon asks it to perform operations: those will be done as user S. +

    + +

    + Standard Unix permissions on the listening socket can be used to implement +some basic access control: to restrict access to clients belonging to group +G, change the socket to user S and group G, and give it 0420 permissions. +This is functionally equivalent to the basic access control for setuid +programs: a program having user S, group G and permissions 4750 will be +executable by group G and run with S rights. +

    + +

    + But modern systems implement the +getpeereid() +system call or library function. This function allows the server to know the +client's credentials: so fine-grained access control is possible. On those +systems, local services can do as much authentication as setuid programs, +in a much more controlled environment. +

    + +

    fd-passing

    + +

    + The most obvious difference between a local service and a network service +is that a local service does not serve network clients. But local services +have another nice perk: while network services usually only provide you +with a single channel (a TCP or UDP socket) of communication between the +client and the server, forcing you to multiplex your data into that +channel, local services allow you to have as many +communication channels as you want. +

    + +

    +(The SCTP transport layer provides a way for network services to use +several communication channels. Unfortunately, it is not widely deployed +yet, and a lot of network services still depend on TCP.) +

    + +

    + The fd-passing mechanism is Unix domain socket black magic +that allows one peer of the socket to send open file descriptors to +the other peer. So, if the server opens a pipe and sends one end of +this pipe to a client via this mechanism, there is effectively a +socket and a pipe between the client and the server. +

    + +

    UCSPI

    + +

    + The UCSPI protocol +is an easy way of abstracting clients and servers from the network. +A server written as a UCSPI server, just as it can be run +under inetd or +s6-tcpserver, +can be run under +s6-ipcserver: choose a socket +location and you have a local service. +

    + +

    + Fine-grained access control can be added by inserting +s6-ipcserver-access in +your server command line after s6-ipcserver. +

    + +

    + A client written as an UCSPI client, i.e. assuming it has descriptor +6 (resp. 7) open and reading from (resp. writing to) the server socket, +can be run under s6-ipcclient. +

    + +

    Use in skarnet.org software

    + +

    + skarnet.org libraries often use a separate process to handle +asynchronicity and background work in a way that's invisible to +the user. Among them are: +

    + + + +

    + Those processes are usually spawned from a client, via the corresponding +*_startf*() library call. But they can also be spawned from a +s6-ipcserver program in a local service configuration. In both cases, they +need an additional control channel to be passed from the server to +the client: the main socket is used for synchronous commands from the client +to the server and their answers, whereas the additional channel, which is +now implemented as a socket as well (but created by the server on-demand +and not bound to a local path), is used for asynchronous +notifications from the server to the client. The fd-passing mechanism +is used to transfer the additional channel from the server to the client. +

    + + + diff --git a/doc/s6-accessrules-cdb-from-fs.html b/doc/s6-accessrules-cdb-from-fs.html new file mode 100644 index 0000000..f7b6be0 --- /dev/null +++ b/doc/s6-accessrules-cdb-from-fs.html @@ -0,0 +1,141 @@ + + + + + s6: the s6-accessrules-cdb-from-fs program + + + + + + +

    +s6
    +Software
    +skarnet.org +

    + +

    The s6-accessrules-cdb-from-fs program

    + +

    +s6-accessrules-cdb-from-fs compiles a directory +containing a ruleset suitable for +s6-ipcserver-access or +s6-tcpserver-access into a +CDB file. +

    + +

    Interface

    + +
    +     s6-accessrules-cdb-from-fs cdbfile dir
    +
    + + + +

    Ruleset directory format

    + +

    + To be understood by s6-accessrules-cdb-from-fs, +s6-ipcserver-access, or +s6-tcpserver-access, +dir must have a specific format. +

    + +

    + dir contains a series of directories: +

    + + + +

    +Depending on the application, other directories can appear in dir +and be compiled into cdbfile, but +s6-tcpserver-access only +uses the first three, and +s6-ipcserver-access only +uses the last two. +

    + +

    + Each of those directories contains a set of rules. A rule is +a subdirectory named after the set of keys it matches, and containing +actions that will be executed if the rule is the first matching rule +for the tested key. +

    + +

    + The syntax for the rule name is dependent on the nature of keys, and +fully documented on the +accessrules +library page. For instance, a subdirectory named 192.168.0.0_27 +in the ip4 directory will match every IPv4 address in the +192.168.0.0/27 network that does not match a more precise rule. +

    + +

    + The syntax for the actions, however, is the same for every type of key. +A rule subdirectory can contain the following elements: +

    + + + +

    Notes

    + + + + + diff --git a/doc/s6-accessrules-fs-from-cdb.html b/doc/s6-accessrules-fs-from-cdb.html new file mode 100644 index 0000000..b8c6b12 --- /dev/null +++ b/doc/s6-accessrules-fs-from-cdb.html @@ -0,0 +1,60 @@ + + + + + s6: the s6-accessrules-fs-from-cdb program + + + + + + +

    +s6
    +Software
    +skarnet.org +

    + +

    The s6-accessrules-fs-from-cdb program

    + +

    +s6-accessrules-fs-from-cdb decompiles a CDB database +containing a ruleset suitable for +s6-ipcserver-access or +s6-tcpserver-access and +that has been compiled with +s6-accessrules-cdb-from-fs. +

    + +

    Interface

    + +
    +     s6-accessrules-fs-from-cdb dir cdbfile
    +
    + +
    + +

    Notes

    + + + + + diff --git a/doc/s6-cleanfifodir.html b/doc/s6-cleanfifodir.html index 5724666..cfbbc90 100644 --- a/doc/s6-cleanfifodir.html +++ b/doc/s6-cleanfifodir.html @@ -34,7 +34,7 @@ That means it removes all stale FIFOs in fifodir.

    In normal use, it is not necessary to call s6-cleanfifodir. However, stale -FIFOs can be left by s6-ftrigrd processes that +FIFOs can be left by s6-ftrigrd processes that were violently killed, so it's good practice to regularly clean up fifodirs.

    diff --git a/doc/s6-connlimit.html b/doc/s6-connlimit.html new file mode 100644 index 0000000..fc316cf --- /dev/null +++ b/doc/s6-connlimit.html @@ -0,0 +1,107 @@ + + + + + s6: the s6-connlimit program + + + + + + +

    +s6
    +Software
    +skarnet.org +

    + +

    The s6-connlimit program

    + +

    +s6-connlimit is a small utility to perform IP-based +control on the number of client connections to a TCP socket, and +uid-based control on the number of client connections to a Unix +domain socket. +

    + +

    Interface

    + +
    +     s6-connlimit prog...
    +
    + + + +

    Usage

    + +

    + The s6-tcpserver4 and +s6-tcpserver6 define the PROTO environment +variable to "TCP", and spawn every child server with the TCPCONNNUM environment +variable set to the number of connections from the same IP address. + The s6-tcpserver-access program +can set environment variables depending on the client's IP address. If the +s6-tcpserver-access database is configured to set the TCPCONNMAX environment +variable for a given set of IP addresses, and s6-tcpserver-access execs into +s6-connlimit, then s6-connlimit will drop connections if there already are +${TCPCONNMAX} connections from the same client IP address. +

    + +

    + The s6-ipcserver and +s6-ipcserver-access programs can +be used the same way, with "IPC" instead of "TCP", to limit the number +of client connections by UID. +

    + +

    Example

    + +

    + The following command line: +

    + +
    +     s6-tcpserver4 -v2 -c1000 -C40 1.2.3.4 80 \
    +     s6-tcpserver-access -v2 -RHl0 -i dir \
    +     s6-connlimit \
    +     prog...
    +
    + +

    + will run a server listening to IPv4 address 1.2.3.4, on port 80, +serving up to 1000 concurrent connections, and up to 40 concurrent +connections from the same IP address, no matter what the IP address. +For every client connection, it will look up the database set up +in dir; if the connection is accepted, it will run prog.... +

    + +

    + If the dir/ip4/5.6.7.8_32/env/TCPCONNMAX file +exists and contains the string 30, then at most 30 concurrent +connections from 5.6.7.8 will execute prog..., instead of the +default of 40. +

    + +

    Notes

    + + + + + diff --git a/doc/s6-ftrig-notify.html b/doc/s6-ftrig-notify.html index 4f881eb..c10bf71 100644 --- a/doc/s6-ftrig-notify.html +++ b/doc/s6-ftrig-notify.html @@ -37,7 +37,7 @@ with all the characters in message.

    s6-ftrig-notify cannot be used to send the null character (event 0x00). If you need to send the null character, use the C API: -ftrigw_notify(). +ftrigw_notify().

    diff --git a/doc/s6-ftrigrd.html b/doc/s6-ftrigrd.html deleted file mode 100644 index 049164d..0000000 --- a/doc/s6-ftrigrd.html +++ /dev/null @@ -1,79 +0,0 @@ - - - - - s6: the s6-ftrigrd program - - - - - - -

    -s6
    -Software
    -skarnet.org -

    - -

    The s6-ftrigrd program

    - -

    -s6-ftrigrd is a helper program that manages a set of subscriptions to fifodirs as well -as regular expressions on events. It takes orders from its client program that controls -it via the ftrigr library, and notifies it when desired -events happen. -

    - -

    Interface

    - -

    - s6-ftrigrd is not meant to be called directly. -

    - - - -

    - s6-ftrigrd handles the grunt work of creating fifos in a -fifodir for a subscriber. It also wakes up on every -event, and compares the chain of events it received on a given fifodir with the -client-provided regexp. If the chain of events matches the regexp, it notifies -the client. -

    - -

    Notes

    - -

    - The connection management between the client and s6-ftrigrd is entirely done -by the skaclient -library. -

    - -

    - s6-ftrigrd is entirely asynchronous. It stores unread notifications into heap -memory; it can grow in size if there are a lot of events and the client fails -to read them. To avoid uncontrolled growth, make sure your client calls -ftrigr_update() as soon as ftrigr_fd() becomes readable. -

    - -

    - A s6-ftrigrd instance can only handle up to FTRIGRD_MAX (defined in s6/ftrigr.h) -subscriptions at once. By default, this number is 1000, which is more than enough for -any reasonable system. -

    - - - diff --git a/doc/s6-ioconnect.html b/doc/s6-ioconnect.html new file mode 100644 index 0000000..9972222 --- /dev/null +++ b/doc/s6-ioconnect.html @@ -0,0 +1,90 @@ + + + + + s6: the s6-ioconnect program + + + + + + +

    +s6
    +Software
    +skarnet.org +

    + +

    The s6-ioconnect program

    + +

    +s6-ioconnect performs full-duplex data transmission +between two sets of open file descriptors. +

    + +

    Interface

    + +
    +     s6-ioconnect [ -t millisecs ] [ -r fdr ] [ -w fdw ] [ -0 ] [ -1 ] [ -6 ] [ -7 ]
    +
    + + + +

    Options

    + + + +

    Notes

    + + + + + diff --git a/doc/s6-ipcclient.html b/doc/s6-ipcclient.html new file mode 100644 index 0000000..fee6e52 --- /dev/null +++ b/doc/s6-ipcclient.html @@ -0,0 +1,74 @@ + + + + + s6: the s6-ipcclient program + + + + + + +

    +s6
    +Software
    +skarnet.org +

    + +

    The s6-ipcclient program

    + +

    +s6-ipcclient is an +UCSPI client tool for +Unix domain sockets. It connects to a socket, then executes into +a program. +

    + +

    Interface

    + +
    +     s6-ipcclient [ -q | -Q | -v ] [ -p bindpath ] [ -l localname ] path prog...
    +
    + + + +

    Environment variables

    + +

    + prog... is run with +the following variables set: +

    + + + +

    Options

    + + + +

    Notes

    + + + + + diff --git a/doc/s6-ipcserver-access.html b/doc/s6-ipcserver-access.html new file mode 100644 index 0000000..a462c4f --- /dev/null +++ b/doc/s6-ipcserver-access.html @@ -0,0 +1,172 @@ + + + + + s6: the s6-ipcserver-access program + + + + + + +

    +s6
    +Software
    +skarnet.org +

    + +

    The s6-ipcserver-access program

    + +

    +s6-ipcserver-access is a command-line access +control tool for Unix domain sockets on systems where the +getpeereid() system call can be implemented. +It is meant to be run after +s6-ipcserverd and before +the application program on the s6-ipcserver command line. +

    + +

    Interface

    + +
    +     s6-ipcserver-access [ -v verbosity ] [ -E | -e ] [ -l localname ] [ -i rulesdir | -x rulesfile ] prog...
    +
    + + + +

    Environment variables

    + +

    +s6-ipcserver-access expects to inherit some environment variables from +its parent: +

    + + + +

    + Additionally, it exports the following variables before executing into +prog...: +

    + + + +

    + Also, the access rules database can instruct s6-ipcserver-access to set +up, or unset, more environment variables, depending on the client address. +

    + +

    Options

    + + + +

    Access rule checking

    + +

    + s6-ipcserver-access checks its client connection against +a ruleset. This ruleset can be implemented: +

    + + + +

    + The exact format of the ruleset is described on the +s6-accessrules-cdb-from-fs page. +

    + +

    +s6-ipcserver-access first reads the client UID uid and +GID gid from the +${PROTO}REMOTEEUID and ${PROTO}REMOTEEGID environment variables, and checks +them with the +s6_accessrules_keycheck_uidgid() +function. In other words, it tries to match: + +

    + +

    + in that order. If no S6_ACCESSRULES_ALLOW result can be obtained, +the connection is denied. +

    + +

    Environment and executable modifications

    + +

    + s6-ipcserver-access interprets non-empty env subdirectories +and exec files +it finds in the first matching rule of the ruleset, as explained +in the s6-accessrules-cdb-from-fs +page. +

    + + + + + diff --git a/doc/s6-ipcserver-socketbinder.html b/doc/s6-ipcserver-socketbinder.html new file mode 100644 index 0000000..1edfe19 --- /dev/null +++ b/doc/s6-ipcserver-socketbinder.html @@ -0,0 +1,72 @@ + + + + + s6: the s6-ipcserver-socketbinder program + + + + + + +

    +s6
    +Software
    +skarnet.org +

    + +

    The s6-ipcserver-socketbinder program

    + +

    +s6-ipcserver-socketbinder binds a Unix domain +socket, then executes a program. +

    + +

    Interface

    + +
    +     s6-ipcserver-socketbinder [ -d | -D ] [ -b backlog ] path prog...
    +
    + + + +

    Options

    + + + +

    Notes

    + + + + + diff --git a/doc/s6-ipcserver.html b/doc/s6-ipcserver.html new file mode 100644 index 0000000..855fe4b --- /dev/null +++ b/doc/s6-ipcserver.html @@ -0,0 +1,173 @@ + + + + + s6: the s6-ipcserver program + + + + + + +

    +s6
    +Software
    +skarnet.org +

    + +

    The s6-ipcserver program

    + +

    +s6-ipcserver is an +UCSPI server tool for +Unix domain sockets, i.e. a super-server. +It accepts connections from clients, and forks a +program to handle each connection. +

    + +

    Interface

    + +
    +     s6-ipcserver [ -1 ] [ -q | -Q | -v ] [ -d | -D ] [ -P | -p ] [ -c maxconn ] [ -C localmaxconn ] [ -b backlog ] [ -G gidlist ] [ -g gid ] [ -u uid ] [ -U ] path prog...
    +
    + + + +

    Implementation

    + + + + +

    Options

    + + + +

    Implementation

    + + + +

    Notes

    + + + + + diff --git a/doc/s6-ipcserverd.html b/doc/s6-ipcserverd.html new file mode 100644 index 0000000..8bf5ea4 --- /dev/null +++ b/doc/s6-ipcserverd.html @@ -0,0 +1,131 @@ + + + + + s6: the s6-ipcserverd program + + + + + + +

    +s6
    +Software
    +skarnet.org +

    + +

    The s6-ipcserverd program

    + +

    +s6-ipcserverd is the serving part of the +s6-ipcserver super-server. +It assumes that its stdin is a bound and listening Unix +domain socket, and +it accepts connections from clients connecting to it, forking a +program to handle each connection. +

    + +

    Interface

    + +
    +     s6-ipcserverd [ -1 ] [ -v verbosity ] [ -P | -p ] [ -c maxconn ] [ -C localmaxconn ] prog...
    +
    + + + +

    Environment variables

    + +

    + For each connection, an instance of prog... is spawned with +the following variables set: +

    + + + +

    + If client credentials lookup has been disabled, IPCREMOTEEUID and +IPCREMOTEEUID will be set, but empty. +

    + + +

    Options

    + + + +

    Signals

    + + + +

    Notes

    + + + + + diff --git a/doc/s6-notifywhenup.html b/doc/s6-notifywhenup.html index b772925..054e0f5 100644 --- a/doc/s6-notifywhenup.html +++ b/doc/s6-notifywhenup.html @@ -68,11 +68,11 @@ Default is 0, meaning infinite. for prog to keep the same pid, which is vital for supervised processes.
  • s6-notifywhenup can be used, for instance, with -s6-tcpserver +s6-ipcserver and its -1 option, so that reliable startup notification is -achieved. s6-notifywhenup -f s6-tcpserver -1 args will -send a 'U' event to ./event when s6-tcpserver is actually -listening to its network socket.
  • +achieved. s6-notifywhenup -f s6-ipcserver -1 args will +send a 'U' event to ./event when s6-ipcserver is actually +listening to its socket.
  • The s6-svwait program can be used to wait for 'U' events.
  • diff --git a/doc/s6-setlock.html b/doc/s6-setlock.html index f425656..f163336 100644 --- a/doc/s6-setlock.html +++ b/doc/s6-setlock.html @@ -55,7 +55,7 @@ execution. This is intended: the fd holds the lock, which is released when prog exits. prog must not touch fds it does not know about.
  • If the timed lock option is chosen, s6-setlock does not acquire the lock -itself. Instead, it spawns a s6lockd-helper +itself. Instead, it spawns a s6lockd-helper process that acquires the lock while s6-setlock controls the timeout; the s6lockd-helper process then holds the lock and lives as long as prog.
  • diff --git a/doc/s6-sudo.html b/doc/s6-sudo.html new file mode 100644 index 0000000..0120816 --- /dev/null +++ b/doc/s6-sudo.html @@ -0,0 +1,59 @@ + + + + + s6: the s6-sudo program + + + + + + +

    +s6
    +Software
    +skarnet.org +

    + +

    The s6-sudo program

    + +

    +s6-sudo connects to a Unix domain socket and passes +its standard file descriptors, command-line arguments and +environment to a program running on the server side, potentially +with different privileges. +

    + +

    Interface

    + +
    +     s6-sudo [ -q | -Q | -v ] [ -p bindpath ] [ -l localname ] [ -e ] [ -t timeoutconn ] [ -T timeoutrun ] path [ args... ]
    +
    + + + +

    Options

    + + + + + diff --git a/doc/s6-sudoc.html b/doc/s6-sudoc.html new file mode 100644 index 0000000..0eec1c9 --- /dev/null +++ b/doc/s6-sudoc.html @@ -0,0 +1,80 @@ + + + + + s6: the s6-sudoc program + + + + + + +

    +s6
    +Software
    +skarnet.org +

    + +

    The s6-sudoc program

    + +

    +s6-sudoc talks to a peer s6-sudod +program over a Unix socket, passing it command-line arguments, environment +variables and standard descriptors. +

    + +

    Interface

    + +
    +     s6-sudoc [ -e ] [ -t timeoutconn ] [ -T timeoutrun ] [ args... ]
    +
    + + + +

    Options

    + + + +

    Notes

    + + + + + diff --git a/doc/s6-sudod.html b/doc/s6-sudod.html new file mode 100644 index 0000000..37ac996 --- /dev/null +++ b/doc/s6-sudod.html @@ -0,0 +1,170 @@ + + + + + s6: the s6-sudod program + + + + + + +

    +s6
    +Software
    +skarnet.org +

    + +

    The s6-sudod program

    + +

    +s6-sudod receives command-line arguments, environment variables +and standard descriptors from a peer s6-sudoc +program over a Unix socket, then forks another program. +

    + +

    Interface

    + +
    +     s6-sudod [ -0 ] [ -1 ] [ -2 ] [ -s ] [ -t timeout ] [ sargv... ]
    +
    + + + +

    Environment

    + +

    +s6-sudod transmits its own environment to its child, plus the environment sent +by s6-sudoc, filtered in the following manner: +for every variable sent by s6-sudoc, if the +variable is present but empty in s6-sudod's environment, then +its value is overriden by the value given by s6-sudoc. A variable that is +already nonempty, or that doesn't exist, in s6-sudod's environment, will not +be transmitted to the child. +

    + +

    Options

    + + + +

    Usage example

    + +

    + The typical use of s6-sudod is in a +local service with a +s6-ipcserver process listening on a Unix +socket, a s6-ipcserver-access process +performing client authentication and access control, and possibly a +s6-envdir +process setting up the environment variables that will be accepted by +s6-sudod. The following script, meant to be a run script in a +service directory, +will set up a privileged program: +

    + +
    +#!/command/execlineb -P
    +fdmove -c 2 1
    +s6-envuidgid serveruser
    +s6-notifywhenup -f
    +s6-ipcserver -U -1 -- serversocket
    +s6-ipcserver-access -v2 -l0 -i rules --
    +exec -c
    +s6-envdir env
    +s6-sudod
    +sargv
    +
    + + + +

    + This means that user clientuser running +s6-sudo serversocket cargv will be +able, if authorized by the configuration in rules, to run +sargv cargv as user serveruser, with stdin, +stdout, stderr and the environment variables properly listed in env +transmitted to sargv. +

    + +

    Notes

    + + + + + diff --git a/doc/s6-supervise.html b/doc/s6-supervise.html index 60c72b5..b080626 100644 --- a/doc/s6-supervise.html +++ b/doc/s6-supervise.html @@ -39,7 +39,7 @@ being a leaf. s6-supervise creates it and allows subscriptions to it from processes having the same effective group id as the s6-supervise process. If it already exists, it uses it as is, without modifying the subscription rights. -
  • It sends a 's' event to ./event.
  • +
  • It sends a 's' event to ./event.
  • If the default service state is up, s6-supervise spawns ./run.
  • s6-supervise sends a 'u' event to ./event whenever it successfully spawns ./run.
  • diff --git a/doc/s6-svc.html b/doc/s6-svc.html index 72f0776..606cc16 100644 --- a/doc/s6-svc.html +++ b/doc/s6-svc.html @@ -57,7 +57,7 @@ a SIGTERM and a SIGCONT. Do not restart it.
  • -u : up. If the supervised process is down, start it. Automatically restart it when it dies.
  • -x : exit. When the service is asked to be down and -the supervised process dies, supervise will exit too. This command should +the supervised process dies, s6-supervise will exit too. This command should normally never be used on a working system.
  • -O : Once at most. Do not restart the supervised process when it dies. If it is down when the command is received, do not even start diff --git a/doc/s6-svwait.html b/doc/s6-svwait.html index 5f3cb08..11e9821 100644 --- a/doc/s6-svwait.html +++ b/doc/s6-svwait.html @@ -55,7 +55,7 @@ See the explanation on this page.
  • given services comes up or down.
  • -a : and. s6-svwait will wait until all of the given services come up or down. This is the default.
  • -
  • -t timeout : if the requested events have not +
  • -t timeout : if the requested events have not happened after timeout milliseconds, s6-svwait will print a message to stderr and exit 1. By default, timeout is 0, which means no time limit.
  • @@ -64,7 +64,7 @@ limit.

    Internals

    -s6-svwait spawns a s6-ftrigrd child to +s6-svwait spawns a s6-ftrigrd child to listen to notifications sent by s6-supervise. It also checks supervise/status files, as well as the supervise/ready files if necessary, to get the current service diff --git a/doc/upgrade.html b/doc/upgrade.html index 0851534..5a1b1ec 100644 --- a/doc/upgrade.html +++ b/doc/upgrade.html @@ -17,6 +17,14 @@

    What has changed in s6

    +

    in 2.0.2.0

    + + +

    in 2.0.1.0

    diff --git a/package/deps.mak b/package/deps.mak index 3c9cd26..5db02c4 100644 --- a/package/deps.mak +++ b/package/deps.mak @@ -3,8 +3,20 @@ # src/include/s6/ftrigr.h: src/include/s6/config.h -src/include/s6/s6.h: src/include/s6/ftrigr.h src/include/s6/ftrigw.h src/include/s6/s6-supervise.h src/include/s6/s6lock.h +src/include/s6/s6.h: src/include/s6/accessrules.h src/include/s6/ftrigr.h src/include/s6/ftrigw.h src/include/s6/s6-supervise.h src/include/s6/s6lock.h src/include/s6/s6lock.h: src/include/s6/config.h +src/conn-tools/s6-accessrules-cdb-from-fs.o src/conn-tools/s6-accessrules-cdb-from-fs.lo: src/conn-tools/s6-accessrules-cdb-from-fs.c +src/conn-tools/s6-accessrules-fs-from-cdb.o src/conn-tools/s6-accessrules-fs-from-cdb.lo: src/conn-tools/s6-accessrules-fs-from-cdb.c +src/conn-tools/s6-connlimit.o src/conn-tools/s6-connlimit.lo: src/conn-tools/s6-connlimit.c +src/conn-tools/s6-ioconnect.o src/conn-tools/s6-ioconnect.lo: src/conn-tools/s6-ioconnect.c +src/conn-tools/s6-ipcclient.o src/conn-tools/s6-ipcclient.lo: src/conn-tools/s6-ipcclient.c +src/conn-tools/s6-ipcserver-access.o src/conn-tools/s6-ipcserver-access.lo: src/conn-tools/s6-ipcserver-access.c src/include/s6/accessrules.h +src/conn-tools/s6-ipcserver-socketbinder.o src/conn-tools/s6-ipcserver-socketbinder.lo: src/conn-tools/s6-ipcserver-socketbinder.c +src/conn-tools/s6-ipcserver.o src/conn-tools/s6-ipcserver.lo: src/conn-tools/s6-ipcserver.c src/include/s6/config.h +src/conn-tools/s6-ipcserverd.o src/conn-tools/s6-ipcserverd.lo: src/conn-tools/s6-ipcserverd.c +src/conn-tools/s6-sudo.o src/conn-tools/s6-sudo.lo: src/conn-tools/s6-sudo.c src/include/s6/config.h +src/conn-tools/s6-sudoc.o src/conn-tools/s6-sudoc.lo: src/conn-tools/s6-sudoc.c src/conn-tools/s6-sudo.h +src/conn-tools/s6-sudod.o src/conn-tools/s6-sudod.lo: src/conn-tools/s6-sudod.c src/conn-tools/s6-sudo.h src/daemontools-extras/s6-applyuidgid.o src/daemontools-extras/s6-applyuidgid.lo: src/daemontools-extras/s6-applyuidgid.c src/daemontools-extras/s6-envdir.o src/daemontools-extras/s6-envdir.lo: src/daemontools-extras/s6-envdir.c src/daemontools-extras/s6-envuidgid.o src/daemontools-extras/s6-envuidgid.lo: src/daemontools-extras/s6-envuidgid.c @@ -36,6 +48,14 @@ src/libs6/ftrigw_fifodir_make.o src/libs6/ftrigw_fifodir_make.lo: src/libs6/ftri src/libs6/ftrigw_notify.o src/libs6/ftrigw_notify.lo: src/libs6/ftrigw_notify.c src/include/s6/ftrigw.h src/libs6/ftrigw_notifyb.o src/libs6/ftrigw_notifyb.lo: src/libs6/ftrigw_notifyb.c src/libs6/ftrig1.h src/include/s6/ftrigw.h src/libs6/s6-ftrigrd.o src/libs6/s6-ftrigrd.lo: src/libs6/s6-ftrigrd.c src/libs6/ftrig1.h src/include/s6/ftrigr.h +src/libs6/s6_accessrules_backend_cdb.o src/libs6/s6_accessrules_backend_cdb.lo: src/libs6/s6_accessrules_backend_cdb.c src/include/s6/accessrules.h +src/libs6/s6_accessrules_backend_fs.o src/libs6/s6_accessrules_backend_fs.lo: src/libs6/s6_accessrules_backend_fs.c src/include/s6/accessrules.h +src/libs6/s6_accessrules_keycheck_ip4.o src/libs6/s6_accessrules_keycheck_ip4.lo: src/libs6/s6_accessrules_keycheck_ip4.c src/include/s6/accessrules.h +src/libs6/s6_accessrules_keycheck_ip6.o src/libs6/s6_accessrules_keycheck_ip6.lo: src/libs6/s6_accessrules_keycheck_ip6.c src/include/s6/accessrules.h +src/libs6/s6_accessrules_keycheck_reversedns.o src/libs6/s6_accessrules_keycheck_reversedns.lo: src/libs6/s6_accessrules_keycheck_reversedns.c src/include/s6/accessrules.h +src/libs6/s6_accessrules_keycheck_uidgid.o src/libs6/s6_accessrules_keycheck_uidgid.lo: src/libs6/s6_accessrules_keycheck_uidgid.c src/include/s6/accessrules.h +src/libs6/s6_accessrules_uidgid_cdb.o src/libs6/s6_accessrules_uidgid_cdb.lo: src/libs6/s6_accessrules_uidgid_cdb.c src/include/s6/accessrules.h +src/libs6/s6_accessrules_uidgid_fs.o src/libs6/s6_accessrules_uidgid_fs.lo: src/libs6/s6_accessrules_uidgid_fs.c src/include/s6/accessrules.h src/libs6/s6_supervise_lock.o src/libs6/s6_supervise_lock.lo: src/libs6/s6_supervise_lock.c src/include/s6/s6-supervise.h src/libs6/s6_supervise_lock_mode.o src/libs6/s6_supervise_lock_mode.lo: src/libs6/s6_supervise_lock_mode.c src/include/s6/s6-supervise.h src/libs6/s6_svc_main.o src/libs6/s6_svc_main.lo: src/libs6/s6_svc_main.c src/include/s6/s6-supervise.h @@ -70,6 +90,30 @@ src/supervision/s6-svscanctl.o src/supervision/s6-svscanctl.lo: src/supervision/ src/supervision/s6-svstat.o src/supervision/s6-svstat.lo: src/supervision/s6-svstat.c src/include/s6/s6-supervise.h src/supervision/s6-svwait.o src/supervision/s6-svwait.lo: src/supervision/s6-svwait.c src/include/s6/ftrigr.h src/include/s6/s6-supervise.h +s6-accessrules-cdb-from-fs: private EXTRA_LIBS := ${SOCKET_LIB} ${TAINNOW_LIB} +s6-accessrules-cdb-from-fs: src/conn-tools/s6-accessrules-cdb-from-fs.o -lskarnet +s6-accessrules-fs-from-cdb: private EXTRA_LIBS := +s6-accessrules-fs-from-cdb: src/conn-tools/s6-accessrules-fs-from-cdb.o -lskarnet +s6-connlimit: private EXTRA_LIBS := +s6-connlimit: src/conn-tools/s6-connlimit.o -lskarnet +s6-ioconnect: private EXTRA_LIBS := ${SOCKET_LIB} ${TAINNOW_LIB} +s6-ioconnect: src/conn-tools/s6-ioconnect.o -lskarnet +s6-ipcclient: private EXTRA_LIBS := ${SOCKET_LIB} +s6-ipcclient: src/conn-tools/s6-ipcclient.o -lskarnet +s6-ipcserver: private EXTRA_LIBS := +s6-ipcserver: src/conn-tools/s6-ipcserver.o -lskarnet +s6-ipcserver-access: private EXTRA_LIBS := ${SOCKET_LIB} +s6-ipcserver-access: src/conn-tools/s6-ipcserver-access.o ${LIBS6} -lskarnet +s6-ipcserver-socketbinder: private EXTRA_LIBS := ${SOCKET_LIB} +s6-ipcserver-socketbinder: src/conn-tools/s6-ipcserver-socketbinder.o -lskarnet +s6-ipcserverd: private EXTRA_LIBS := ${SOCKET_LIB} +s6-ipcserverd: src/conn-tools/s6-ipcserverd.o -lskarnet +s6-sudo: private EXTRA_LIBS := +s6-sudo: src/conn-tools/s6-sudo.o -lskarnet +s6-sudoc: private EXTRA_LIBS := ${SOCKET_LIB} ${TAINNOW_LIB} +s6-sudoc: src/conn-tools/s6-sudoc.o -lskarnet +s6-sudod: private EXTRA_LIBS := ${SOCKET_LIB} ${TAINNOW_LIB} +s6-sudod: src/conn-tools/s6-sudod.o -lskarnet s6-applyuidgid: private EXTRA_LIBS := s6-applyuidgid: src/daemontools-extras/s6-applyuidgid.o -lskarnet s6-envdir: private EXTRA_LIBS := @@ -96,8 +140,8 @@ s6-tai64nlocal: private EXTRA_LIBS := s6-tai64nlocal: src/daemontools-extras/s6-tai64nlocal.o -lskarnet ucspilogd: private EXTRA_LIBS := ucspilogd: src/daemontools-extras/ucspilogd.o -lskarnet -libs6.a: src/libs6/ftrigr1_zero.o src/libs6/ftrigr_check.o src/libs6/ftrigr_end.o src/libs6/ftrigr_start.o src/libs6/ftrigr_startf.o src/libs6/ftrigr_subscribe.o src/libs6/ftrigr_unsubscribe.o src/libs6/ftrigr_update.o src/libs6/ftrigr_wait_and.o src/libs6/ftrigr_wait_or.o src/libs6/ftrigr_zero.o src/libs6/ftrigw_clean.o src/libs6/ftrigw_fifodir_make.o src/libs6/ftrigw_notify.o src/libs6/ftrigw_notifyb.o src/libs6/s6_supervise_lock.o src/libs6/s6_supervise_lock_mode.o src/libs6/s6_svc_main.o src/libs6/s6_svc_write.o src/libs6/s6_svstatus_pack.o src/libs6/s6_svstatus_read.o src/libs6/s6_svstatus_unpack.o src/libs6/s6_svstatus_write.o src/libs6/s6lock_acquire.o src/libs6/s6lock_check.o src/libs6/s6lock_end.o src/libs6/s6lock_release.o src/libs6/s6lock_start.o src/libs6/s6lock_startf.o src/libs6/s6lock_update.o src/libs6/s6lock_wait_and.o src/libs6/s6lock_wait_or.o src/libs6/s6lock_zero.o -libs6.so: src/libs6/ftrigr1_zero.lo src/libs6/ftrigr_check.lo src/libs6/ftrigr_end.lo src/libs6/ftrigr_start.lo src/libs6/ftrigr_startf.lo src/libs6/ftrigr_subscribe.lo src/libs6/ftrigr_unsubscribe.lo src/libs6/ftrigr_update.lo src/libs6/ftrigr_wait_and.lo src/libs6/ftrigr_wait_or.lo src/libs6/ftrigr_zero.lo src/libs6/ftrigw_clean.lo src/libs6/ftrigw_fifodir_make.lo src/libs6/ftrigw_notify.lo src/libs6/ftrigw_notifyb.lo src/libs6/s6_supervise_lock.lo src/libs6/s6_supervise_lock_mode.lo src/libs6/s6_svc_main.lo src/libs6/s6_svc_write.lo src/libs6/s6_svstatus_pack.lo src/libs6/s6_svstatus_read.lo src/libs6/s6_svstatus_unpack.lo src/libs6/s6_svstatus_write.lo src/libs6/s6lock_acquire.lo src/libs6/s6lock_check.lo src/libs6/s6lock_end.lo src/libs6/s6lock_release.lo src/libs6/s6lock_start.lo src/libs6/s6lock_startf.lo src/libs6/s6lock_update.lo src/libs6/s6lock_wait_and.lo src/libs6/s6lock_wait_or.lo src/libs6/s6lock_zero.lo +libs6.a: src/libs6/ftrigr1_zero.o src/libs6/ftrigr_check.o src/libs6/ftrigr_end.o src/libs6/ftrigr_start.o src/libs6/ftrigr_startf.o src/libs6/ftrigr_subscribe.o src/libs6/ftrigr_unsubscribe.o src/libs6/ftrigr_update.o src/libs6/ftrigr_wait_and.o src/libs6/ftrigr_wait_or.o src/libs6/ftrigr_zero.o src/libs6/ftrigw_clean.o src/libs6/ftrigw_fifodir_make.o src/libs6/ftrigw_notify.o src/libs6/ftrigw_notifyb.o src/libs6/s6_accessrules_backend_cdb.o src/libs6/s6_accessrules_backend_fs.o src/libs6/s6_accessrules_keycheck_ip4.o src/libs6/s6_accessrules_keycheck_ip6.o src/libs6/s6_accessrules_keycheck_reversedns.o src/libs6/s6_accessrules_keycheck_uidgid.o src/libs6/s6_accessrules_uidgid_cdb.o src/libs6/s6_accessrules_uidgid_fs.o src/libs6/s6_supervise_lock.o src/libs6/s6_supervise_lock_mode.o src/libs6/s6_svc_main.o src/libs6/s6_svc_write.o src/libs6/s6_svstatus_pack.o src/libs6/s6_svstatus_read.o src/libs6/s6_svstatus_unpack.o src/libs6/s6_svstatus_write.o src/libs6/s6lock_acquire.o src/libs6/s6lock_check.o src/libs6/s6lock_end.o src/libs6/s6lock_release.o src/libs6/s6lock_start.o src/libs6/s6lock_startf.o src/libs6/s6lock_update.o src/libs6/s6lock_wait_and.o src/libs6/s6lock_wait_or.o src/libs6/s6lock_zero.o +libs6.so: src/libs6/ftrigr1_zero.lo src/libs6/ftrigr_check.lo src/libs6/ftrigr_end.lo src/libs6/ftrigr_start.lo src/libs6/ftrigr_startf.lo src/libs6/ftrigr_subscribe.lo src/libs6/ftrigr_unsubscribe.lo src/libs6/ftrigr_update.lo src/libs6/ftrigr_wait_and.lo src/libs6/ftrigr_wait_or.lo src/libs6/ftrigr_zero.lo src/libs6/ftrigw_clean.lo src/libs6/ftrigw_fifodir_make.lo src/libs6/ftrigw_notify.lo src/libs6/ftrigw_notifyb.lo src/libs6/s6_accessrules_backend_cdb.lo src/libs6/s6_accessrules_backend_fs.lo src/libs6/s6_accessrules_keycheck_ip4.lo src/libs6/s6_accessrules_keycheck_ip6.lo src/libs6/s6_accessrules_keycheck_reversedns.lo src/libs6/s6_accessrules_keycheck_uidgid.lo src/libs6/s6_accessrules_uidgid_cdb.lo src/libs6/s6_accessrules_uidgid_fs.lo src/libs6/s6_supervise_lock.lo src/libs6/s6_supervise_lock_mode.lo src/libs6/s6_svc_main.lo src/libs6/s6_svc_write.lo src/libs6/s6_svstatus_pack.lo src/libs6/s6_svstatus_read.lo src/libs6/s6_svstatus_unpack.lo src/libs6/s6_svstatus_write.lo src/libs6/s6lock_acquire.lo src/libs6/s6lock_check.lo src/libs6/s6lock_end.lo src/libs6/s6lock_release.lo src/libs6/s6lock_start.lo src/libs6/s6lock_startf.lo src/libs6/s6lock_update.lo src/libs6/s6lock_wait_and.lo src/libs6/s6lock_wait_or.lo src/libs6/s6lock_zero.lo s6-ftrigrd: private EXTRA_LIBS := ${SOCKET_LIB} ${TAINNOW_LIB} s6-ftrigrd: src/libs6/s6-ftrigrd.o src/libs6/ftrig1_free.o src/libs6/ftrig1_make.o -lskarnet s6lockd: private EXTRA_LIBS := ${SOCKET_LIB} ${TAINNOW_LIB} diff --git a/package/info b/package/info index 64279ff..89aa8d3 100644 --- a/package/info +++ b/package/info @@ -1,4 +1,4 @@ package=s6 -version=2.0.1.0 +version=2.0.2.0 category=admin package_macro_name=S6 diff --git a/package/modes b/package/modes index 4b86721..15c8899 100644 --- a/package/modes +++ b/package/modes @@ -1,29 +1,41 @@ -s6-ftrigrd 0755 -s6-ftrig-listen1 0755 -s6-ftrig-listen 0755 -s6-ftrig-notify 0755 -s6-ftrig-wait 0755 -s6lockd 0755 -s6lockd-helper 0755 -s6-cleanfifodir 0755 -s6-mkfifodir 0755 -s6-notifywhenup 0755 -s6-svscan 0755 -s6-supervise 0755 -s6-svc 0755 -s6-svscanctl 0755 -s6-svok 0755 -s6-svstat 0755 -s6-svwait 0755 -s6-applyuidgid 0700 -s6-envdir 0755 -s6-envuidgid 0755 -s6-fghack 0755 -s6-log 0755 -s6-setlock 0755 -s6-setsid 0755 -s6-setuidgid 0700 -s6-softlimit 0755 -s6-tai64n 0755 -s6-tai64nlocal 0755 -ucspilogd 0755 +s6-ftrigrd 0755 +s6-ftrig-listen1 0755 +s6-ftrig-listen 0755 +s6-ftrig-notify 0755 +s6-ftrig-wait 0755 +s6lockd 0755 +s6lockd-helper 0755 +s6-cleanfifodir 0755 +s6-mkfifodir 0755 +s6-notifywhenup 0755 +s6-svscan 0755 +s6-supervise 0755 +s6-svc 0755 +s6-svscanctl 0755 +s6-svok 0755 +s6-svstat 0755 +s6-svwait 0755 +s6-applyuidgid 0700 +s6-envdir 0755 +s6-envuidgid 0755 +s6-fghack 0755 +s6-log 0755 +s6-setlock 0755 +s6-setsid 0755 +s6-setuidgid 0700 +s6-softlimit 0755 +s6-tai64n 0755 +s6-tai64nlocal 0755 +s6-accessrules-cdb-from-fs 0755 +s6-accessrules-fs-from-cdb 0755 +s6-connlimit 0755 +s6-ioconnect 0755 +s6-ipcclient 0755 +s6-ipcserver-access 0755 +s6-ipcserver-socketbinder 0755 +s6-ipcserver 0755 +s6-ipcserverd 0755 +s6-sudo 0755 +s6-sudoc 0755 +s6-sudod 0755 +ucspilogd 0755 diff --git a/package/targets.mak b/package/targets.mak index cf5bc6d..fc69447 100644 --- a/package/targets.mak +++ b/package/targets.mak @@ -24,6 +24,18 @@ s6-setsid \ s6-softlimit \ s6-tai64n \ s6-tai64nlocal \ +s6-accessrules-cdb-from-fs \ +s6-accessrules-fs-from-cdb \ +s6-connlimit \ +s6-ioconnect \ +s6-ipcclient \ +s6-ipcserver-access \ +s6-ipcserver-socketbinder \ +s6-ipcserver \ +s6-ipcserverd \ +s6-sudo \ +s6-sudoc \ +s6-sudod \ ucspilogd SBIN_TARGETS := \ diff --git a/src/conn-tools/deps-exe/s6-accessrules-cdb-from-fs b/src/conn-tools/deps-exe/s6-accessrules-cdb-from-fs new file mode 100644 index 0000000..e027835 --- /dev/null +++ b/src/conn-tools/deps-exe/s6-accessrules-cdb-from-fs @@ -0,0 +1,3 @@ +-lskarnet +${SOCKET_LIB} +${TAINNOW_LIB} diff --git a/src/conn-tools/deps-exe/s6-accessrules-fs-from-cdb b/src/conn-tools/deps-exe/s6-accessrules-fs-from-cdb new file mode 100644 index 0000000..e7187fe --- /dev/null +++ b/src/conn-tools/deps-exe/s6-accessrules-fs-from-cdb @@ -0,0 +1 @@ +-lskarnet diff --git a/src/conn-tools/deps-exe/s6-connlimit b/src/conn-tools/deps-exe/s6-connlimit new file mode 100644 index 0000000..e7187fe --- /dev/null +++ b/src/conn-tools/deps-exe/s6-connlimit @@ -0,0 +1 @@ +-lskarnet diff --git a/src/conn-tools/deps-exe/s6-ioconnect b/src/conn-tools/deps-exe/s6-ioconnect new file mode 100644 index 0000000..e027835 --- /dev/null +++ b/src/conn-tools/deps-exe/s6-ioconnect @@ -0,0 +1,3 @@ +-lskarnet +${SOCKET_LIB} +${TAINNOW_LIB} diff --git a/src/conn-tools/deps-exe/s6-ipcclient b/src/conn-tools/deps-exe/s6-ipcclient new file mode 100644 index 0000000..19869b2 --- /dev/null +++ b/src/conn-tools/deps-exe/s6-ipcclient @@ -0,0 +1,2 @@ +-lskarnet +${SOCKET_LIB} diff --git a/src/conn-tools/deps-exe/s6-ipcserver b/src/conn-tools/deps-exe/s6-ipcserver new file mode 100644 index 0000000..e7187fe --- /dev/null +++ b/src/conn-tools/deps-exe/s6-ipcserver @@ -0,0 +1 @@ +-lskarnet diff --git a/src/conn-tools/deps-exe/s6-ipcserver-access b/src/conn-tools/deps-exe/s6-ipcserver-access new file mode 100644 index 0000000..bfcb622 --- /dev/null +++ b/src/conn-tools/deps-exe/s6-ipcserver-access @@ -0,0 +1,3 @@ +${LIBS6} +-lskarnet +${SOCKET_LIB} diff --git a/src/conn-tools/deps-exe/s6-ipcserver-socketbinder b/src/conn-tools/deps-exe/s6-ipcserver-socketbinder new file mode 100644 index 0000000..19869b2 --- /dev/null +++ b/src/conn-tools/deps-exe/s6-ipcserver-socketbinder @@ -0,0 +1,2 @@ +-lskarnet +${SOCKET_LIB} diff --git a/src/conn-tools/deps-exe/s6-ipcserverd b/src/conn-tools/deps-exe/s6-ipcserverd new file mode 100644 index 0000000..19869b2 --- /dev/null +++ b/src/conn-tools/deps-exe/s6-ipcserverd @@ -0,0 +1,2 @@ +-lskarnet +${SOCKET_LIB} diff --git a/src/conn-tools/deps-exe/s6-sudo b/src/conn-tools/deps-exe/s6-sudo new file mode 100644 index 0000000..e7187fe --- /dev/null +++ b/src/conn-tools/deps-exe/s6-sudo @@ -0,0 +1 @@ +-lskarnet diff --git a/src/conn-tools/deps-exe/s6-sudoc b/src/conn-tools/deps-exe/s6-sudoc new file mode 100644 index 0000000..e027835 --- /dev/null +++ b/src/conn-tools/deps-exe/s6-sudoc @@ -0,0 +1,3 @@ +-lskarnet +${SOCKET_LIB} +${TAINNOW_LIB} diff --git a/src/conn-tools/deps-exe/s6-sudod b/src/conn-tools/deps-exe/s6-sudod new file mode 100644 index 0000000..e027835 --- /dev/null +++ b/src/conn-tools/deps-exe/s6-sudod @@ -0,0 +1,3 @@ +-lskarnet +${SOCKET_LIB} +${TAINNOW_LIB} diff --git a/src/conn-tools/s6-accessrules-cdb-from-fs.c b/src/conn-tools/s6-accessrules-cdb-from-fs.c new file mode 100644 index 0000000..20fef4d --- /dev/null +++ b/src/conn-tools/s6-accessrules-cdb-from-fs.c @@ -0,0 +1,195 @@ +/* ISC license. */ + +#include +#include +#include /* for rename() */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define USAGE "s6-accessrules-cdb-from-fs cdbfile dir" + +static stralloc tmp = STRALLOC_ZERO ; + +static void cleanup (void) +{ + register int e = errno ; + unlink(tmp.s) ; + errno = e ; +} + +static void dienomem (void) +{ + cleanup() ; + strerr_diefu1sys(111, "stralloc_catb") ; +} + +static void doit (struct cdb_make *c, stralloc *sa, unsigned int start) +{ + unsigned int tmpbase = tmp.len ; + unsigned int k = sa->len ; + if (!stralloc_readyplus(sa, 10)) dienomem() ; + stralloc_catb(sa, "/allow", 7) ; + tmp.s[tmpbase] = 0 ; + if (access(sa->s, F_OK) < 0) + { + if ((errno != ENOENT) && (errno != EACCES)) + { + cleanup() ; + strerr_diefu2sys(111, "access ", sa->s) ; + } + sa->len = k+1 ; + stralloc_catb(sa, "deny", 5) ; + if (access(sa->s, F_OK) < 0) + if ((errno != ENOENT) && (errno != EACCES)) + { + cleanup() ; + strerr_diefu2sys(111, "access ", sa->s) ; + } + else return ; + else if (cdb_make_add(c, sa->s + start, k - start, "D", 1) < 0) + { + cleanup() ; + strerr_diefu1sys(111, "cdb_make_add") ; + } + } + else + { + uint16 envlen = 0 ; + uint16 execlen = 0 ; + register int r ; + tmp.s[tmpbase] = 'A' ; + sa->len = k+1 ; + stralloc_catb(sa, "env", 4) ; + tmp.len = tmpbase + 3 ; + if ((envdir(sa->s, &tmp) < 0) && (errno != ENOENT)) + { + cleanup() ; + strerr_diefu2sys(111, "envdir ", sa->s) ; + } + if (tmp.len > tmpbase + 4103) + { + cleanup() ; + strerr_diefu2sys(100, sa->s, "too big") ; + } + envlen = tmp.len - tmpbase - 3 ; + tmp.len = tmpbase ; + uint16_pack_big(tmp.s + tmpbase + 1, envlen) ; + sa->len = k+1 ; + stralloc_catb(sa, "exec", 5) ; + r = openreadnclose(sa->s, tmp.s + tmpbase + 5 + envlen, 4096) ; + if ((r < 0) && (errno != ENOENT)) + { + cleanup() ; + strerr_diefu2sys(111, "openreadnclose ", sa->s) ; + } + if (r > 0) execlen = r ; + if (execlen == 4096) strerr_warnw2x("possibly truncated file ", sa->s) ; + uint16_pack_big(tmp.s + tmpbase + 3 + envlen, execlen) ; + if (cdb_make_add(c, sa->s + start, k - start, tmp.s + tmpbase, 5 + envlen + execlen) < 0) + { + cleanup() ; + strerr_diefu1sys(111, "cdb_make_add") ; + } + } +} + +int main (int argc, char const *const *argv) +{ + stralloc sa = STRALLOC_ZERO ; + struct cdb_make c = CDB_MAKE_ZERO ; + DIR *dir ; + unsigned int start ; + int fd ; + PROG = "s6-accessrules-cdb-from-fs" ; + if (argc < 3) strerr_dieusage(100, USAGE) ; + if (!stralloc_cats(&tmp, argv[1])) return 0 ; + if (random_sauniquename(&tmp, 8) < 0) + strerr_diefu1sys(111, "random_sauniquename") ; + if (!stralloc_readyplus(&tmp, 8210)) + strerr_diefu1sys(111, "stralloc_catb") ; + stralloc_0(&tmp) ; + fd = open_trunc(tmp.s) ; + if (fd < 0) strerr_diefu2sys(111, "open_trunc ", tmp.s) ; + if (cdb_make_start(&c, fd) < 0) + { + cleanup() ; + strerr_diefu1sys(111, "cdb_make_start") ; + } + dir = opendir(argv[2]) ; + if (!dir) + { + cleanup() ; + strerr_diefu2sys(111, "opendir ", argv[2]) ; + } + if (!stralloc_cats(&sa, argv[2]) || !stralloc_catb(&sa, "/", 1)) dienomem() ; + start = sa.len ; + + for (;;) + { + DIR *subdir ; + direntry *d ; + unsigned int base ; + errno = 0 ; + d = readdir(dir) ; + if (!d) break ; + if (d->d_name[0] == '.') continue ; + sa.len = start ; + if (!stralloc_cats(&sa, d->d_name) || !stralloc_0(&sa)) dienomem() ; + base = sa.len ; + subdir = opendir(sa.s) ; + if (!subdir) + { + cleanup() ; + strerr_diefu2sys(111, "opendir ", sa.s) ; + } + sa.s[base-1] = '/' ; + for (;;) + { + errno = 0 ; + d = readdir(subdir) ; + if (!d) break ; + if (d->d_name[0] == '.') continue ; + sa.len = base ; + if (!stralloc_cats(&sa, d->d_name)) dienomem() ; + doit(&c, &sa, start) ; + } + if (errno) + { + sa.s[base-1] = 0 ; + cleanup() ; + strerr_diefu2sys(111, "readdir ", sa.s) ; + } + dir_close(subdir) ; + } + if (errno) + { + cleanup() ; + strerr_diefu2sys(111, "readdir ", argv[2]) ; + } + dir_close(dir) ; + if (cdb_make_finish(&c) < 0) + { + cleanup() ; + strerr_diefu1sys(111, "cdb_make_finish") ; + } + if (fd_sync(fd) < 0) + { + cleanup() ; + strerr_diefu1sys(111, "fd_sync") ; + } + fd_close(fd) ; + if (rename(tmp.s, argv[1]) < 0) + { + cleanup() ; + strerr_diefu4sys(111, "rename ", tmp.s, " to ", argv[1]) ; + } + return 0 ; +} diff --git a/src/conn-tools/s6-accessrules-fs-from-cdb.c b/src/conn-tools/s6-accessrules-fs-from-cdb.c new file mode 100644 index 0000000..cbe67ef --- /dev/null +++ b/src/conn-tools/s6-accessrules-fs-from-cdb.c @@ -0,0 +1,177 @@ +/* ISC license. */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define USAGE "s6-accessrules-fs-from-cdb dir cdbfile" + +static char const *basedir ; +unsigned int basedirlen ; + +static void cleanup () +{ + int e = errno ; + rm_rf(basedir) ; + errno = e ; +} + +static int domkdir (char const *s) +{ + return mkdir(s, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH | S_ISGID) < 0 ? (errno == EEXIST) : 1 ; +} + +static void mkdirp (char *s) +{ + mode_t m = umask(0) ; + unsigned int len = str_len(s) ; + register unsigned int i = basedirlen + 1 ; + for (; i < len ; i++) if (s[i] == '/') + { + s[i] = 0 ; + if (!domkdir(s)) goto err ; + s[i] = '/' ; + } + if (!domkdir(s)) goto err ; + umask(m) ; + return ; + + err: + cleanup() ; + strerr_diefu2sys(111, "mkdir ", s) ; +} + +static void touchtrunc (char const *file) +{ + register int fd = open_trunc(file) ; + if (fd < 0) strerr_diefu2sys(111, "open_trunc ", file) ; + fd_close(fd) ; +} + +static int doenv (char const *dir, unsigned int dirlen, char *env, unsigned int envlen) +{ + mode_t m = umask(0) ; + unsigned int i = 0 ; + if (!domkdir(dir)) + { + cleanup() ; + strerr_diefu2sys(111, "mkdir ", dir) ; + } + umask(m) ; + while (i < envlen) + { + unsigned int n = byte_chr(env + i, envlen - i, 0) ; + if (i + n >= envlen) return 0 ; + { + unsigned int p = byte_chr(env + i, n, '=') ; + char tmp[dirlen + p + 2] ; + byte_copy(tmp, dirlen, dir) ; + tmp[dirlen] = '/' ; + byte_copy(tmp + dirlen + 1, p, env + i) ; + tmp[dirlen + p + 1] = 0 ; + if (p < n) + { + env[i+n] = '\n' ; + if (!openwritenclose_unsafe(tmp, env + i + p + 1, n - p)) + { + cleanup() ; + strerr_diefu2sys(111, "openwritenclose_unsafe ", tmp) ; + } + } + else touchtrunc(tmp) ; + } + i += n + 1 ; + } + return 1 ; +} + +static int doit (struct cdb *c) +{ + unsigned int klen = cdb_keylen(c) ; + unsigned int dlen = cdb_datalen(c) ; + { + uint16 envlen, execlen ; + char name[basedirlen + klen + 8] ; + char data[dlen] ; + byte_copy(name, basedirlen, basedir) ; + name[basedirlen] = '/' ; + if (!dlen || (dlen > 8201)) return (errno = EINVAL, 0) ; + if ((cdb_read(c, name+basedirlen+1, klen, cdb_keypos(c)) < 0) + || (cdb_read(c, data, dlen, cdb_datapos(c)) < 0)) + { + cleanup() ; + strerr_diefu1sys(111, "cdb_read") ; + } + name[basedirlen + klen + 1] = 0 ; + mkdirp(name) ; + name[basedirlen + klen + 1] = '/' ; + if (data[0] == 'A') + { + byte_copy(name + basedirlen + klen + 2, 6, "allow") ; + touchtrunc(name) ; + } + else if (data[0] == 'D') + { + byte_copy(name + basedirlen + klen + 2, 5, "deny") ; + touchtrunc(name) ; + } + if (dlen < 3) return 1 ; + uint16_unpack_big(data + 1, &envlen) ; + if ((envlen > 4096U) || (3U + envlen > dlen)) return (errno = EINVAL, 0) ; + uint16_unpack_big(data + 3 + envlen, &execlen) ; + if ((execlen > 4096U) || (5U + envlen + execlen != dlen)) return (errno = EINVAL, 0) ; + if (envlen) + { + byte_copy(name + basedirlen + klen + 2, 4, "env") ; + if (!doenv(name, basedirlen + klen + 5, data + 3, envlen)) return (errno = EINVAL, 0) ; + } + byte_copy(name + basedirlen + klen + 2, 5, "exec") ; + if (execlen && !openwritenclose_unsafe(name, data + 5 + envlen, execlen)) + { + cleanup() ; + strerr_diefu2sys(111, "openwritenclose_unsafe ", name) ; + } + } + return 1 ; +} + +int main (int argc, char const *const *argv) +{ + struct cdb c = CDB_ZERO ; + uint32 kpos ; + PROG = "s6-accessrules-fs-from-cdb" ; + if (argc < 3) strerr_dieusage(100, USAGE) ; + if (cdb_mapfile(&c, argv[2]) < 0) strerr_diefu1sys(111, "cdb_mapfile") ; + basedir = argv[1] ; + basedirlen = str_len(argv[1]) ; + { + mode_t m = umask(0) ; + if (mkdir(basedir, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH | S_ISGID) < 0) + strerr_diefu2sys(111, "mkdir ", basedir) ; + umask(m) ; + } + cdb_traverse_init(&c, &kpos) ; + for (;;) + { + register int r = cdb_nextkey(&c, &kpos) ; + if (r < 0) + { + cleanup() ; + strerr_diefu1sys(111, "cdb_nextkey") ; + } + else if (!r) break ; + else if (!doit(&c)) + { + cleanup() ; + strerr_diefu1sys(111, "handle key") ; + } + } + return 0 ; +} diff --git a/src/conn-tools/s6-connlimit.c b/src/conn-tools/s6-connlimit.c new file mode 100644 index 0000000..19f4a2d --- /dev/null +++ b/src/conn-tools/s6-connlimit.c @@ -0,0 +1,39 @@ +/* ISC license. */ + +#include +#include +#include +#include +#include + +int main (int argc, char const *const *argv, char const *const *envp) +{ + char const *x ; + unsigned int protolen ; + PROG = "s6-connlimit" ; + x = env_get2(envp, "PROTO") ; + if (!x) strerr_dienotset(100, "PROTO") ; + protolen = str_len(x) ; + if (!protolen) strerr_dief1x(100, "empty PROTO") ; + { + unsigned int num ; + char s[protolen + 8] ; + byte_copy(s, protolen, x) ; + byte_copy(s + protolen, 8, "CONNNUM") ; + x = env_get2(envp, s) ; + if (!x) strerr_dienotset(100, s) ; + if (!uint0_scan(x, &num)) strerr_dief2x(100, "invalid ", s) ; + byte_copy(s + protolen + 4, 4, "MAX") ; + x = env_get2(envp, s) ; + if (x) + { + unsigned int max ; + if (!uint0_scan(x, &max)) strerr_dief2x(100, "invalid ", s) ; + if (num > max) + strerr_dief2x(1, "number of connections from this client limited to ", x) ; + } + } + pathexec0_run(argv+1, envp) ; + (void)argc ; + strerr_dieexec(111, argv[1]) ; +} diff --git a/src/conn-tools/s6-ioconnect.c b/src/conn-tools/s6-ioconnect.c new file mode 100644 index 0000000..a0217bb --- /dev/null +++ b/src/conn-tools/s6-ioconnect.c @@ -0,0 +1,187 @@ +/* ISC license. */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define USAGE "s6-ioconnect [ -t timeout ] [ -r fdr ] [ -w fdw ] [ -0 ] [ -1 ] [ -6 ] [ -7 ]" +#define dieusage() strerr_dieusage(100, USAGE) + + +typedef struct ioblah_s ioblah_t, *ioblah_t_ref ; +struct ioblah_s +{ + unsigned int fd ; + unsigned int xindex ; + unsigned int flagsocket : 1 ; + unsigned int flagopen : 1 ; +} ; + +static ioblah_t a[2][2] = { { { 0, 4, 0, 1 }, { 7, 4, 0, 1 } }, { { 6, 4, 0, 1 }, { 1, 4, 0, 1 } } } ; +static iobuffer b[2] ; +static iopause_fd x[5] = { { -1, IOPAUSE_READ, 0 } } ; + +static void closeit (unsigned int i, unsigned int j) +{ + if (a[i][j].flagsocket) + { + if ((shutdown(a[i][j].fd, j) < 0) && (errno != ENOTSOCK) && (errno != ENOTCONN)) + strerr_warnwu4sys("shutdown ", i ? "incoming" : "outgoing", " socket for ", j ? "writing" : "reading") ; + } + fd_close(a[i][j].fd) ; + a[i][j].flagopen = 0 ; + a[i][j].xindex = 5 ; +} + +static inline void finishit (unsigned int i) +{ + closeit(i, 1) ; + iobuffer_finish(&b[i]) ; +} + +static void handle_signals (void) +{ + for (;;) + { + char c = selfpipe_read() ; + switch (c) + { + case -1 : strerr_diefu1sys(111, "selfpipe_read") ; + case 0 : return ; + case SIGTERM : + { + if (a[0][0].xindex < 5) x[a[0][0].xindex].revents |= IOPAUSE_EXCEPT ; + if (a[1][0].xindex < 5) x[a[1][0].xindex].revents |= IOPAUSE_EXCEPT ; + break ; + } + default : + strerr_dief1x(101, "internal error: inconsistent signal state. Please submit a bug-report.") ; + } + } +} + +int main (int argc, char const *const *argv) +{ + tain_t tto ; + register unsigned int i, j ; + PROG = "s6-ioconnect" ; + { + subgetopt_t l = SUBGETOPT_ZERO ; + unsigned int t = 0 ; + for (;;) + { + register int opt = subgetopt_r(argc, argv, "0167t:r:w:", &l) ; + if (opt < 0) break ; + switch (opt) + { + case '0' : a[0][0].flagsocket = 1 ; break ; + case '1' : a[1][1].flagsocket = 1 ; break ; + case '6' : a[1][0].flagsocket = 1 ; break ; + case '7' : a[0][1].flagsocket = 1 ; break ; + case 't' : if (!uint0_scan(l.arg, &t)) dieusage() ; break ; + case 'r' : if (!uint0_scan(l.arg, &a[1][0].fd)) dieusage() ; break ; + case 'w' : if (!uint0_scan(l.arg, &a[0][1].fd)) dieusage() ; break ; + default : dieusage() ; + } + } + if (t) tain_from_millisecs(&tto, t) ; else tto = tain_infinite_relative ; + argc -= l.ind ; argv += l.ind ; + } + if ((a[0][1].fd < 3) || (a[1][0].fd < 3)) dieusage() ; + for (i = 0 ; i < 2 ; i++) + { + for (j = 0 ; j < 2 ; j++) + if (ndelay_on(a[i][j].fd) == -1) strerr_diefu1sys(111, "ndelay_on") ; + if (!iobuffer_init(&b[i], a[i][0].fd, a[i][1].fd) < 0) strerr_diefu1sys(111, "iobuffer_init") ; + } + if (sig_ignore(SIGPIPE) == -1) strerr_diefu1sys(111, "sig_ignore") ; + tain_now_g() ; + x[0].fd = selfpipe_init() ; + if (x[0].fd < 0) strerr_diefu1sys(111, "selfpipe_init") ; + if (selfpipe_trap(SIGTERM) < 0) + strerr_diefu1sys(111, "trap SIGTERM") ; + + for (;;) + { + tain_t deadline ; + unsigned int xlen = 1 ; + int r ; + + tain_add_g(&deadline, iobuffer_isempty(&b[0]) && iobuffer_isempty(&b[1]) ? &tto : &tain_infinite_relative) ; + for (i = 0 ; i < 2 ; i++) + { + a[i][0].xindex = 5 ; + if (a[i][0].flagopen && iobuffer_isreadable(&b[i])) + { + x[xlen].fd = a[i][0].fd ; + x[xlen].events = IOPAUSE_READ ; + a[i][0].xindex = xlen++ ; + } + a[i][1].xindex = 5 ; + if (a[i][1].flagopen) + { + x[xlen].fd = a[i][1].fd ; + x[xlen].events = IOPAUSE_EXCEPT | (iobuffer_isempty(&b[i]) ? 0 : IOPAUSE_WRITE) ; + a[i][1].xindex = xlen++ ; + } + } + if (xlen <= 1) break ; + + r = iopause_g(x, xlen, &deadline) ; + if (r < 0) strerr_diefu1sys(111, "iopause") ; + else if (!r) return 1 ; + + if (x[0].revents & IOPAUSE_READ) handle_signals() ; + + for (i = 0 ; i < 2 ; i++) if (a[i][1].xindex < 5) + { + if (x[a[i][1].xindex].revents & IOPAUSE_WRITE) + { + if (!iobuffer_flush(&b[i])) + { + if (!error_isagain(errno)) x[a[i][1].xindex].revents |= IOPAUSE_EXCEPT ; + } + else if (!a[i][0].flagopen) finishit(i) ; + } + if (x[a[i][1].xindex].revents & IOPAUSE_EXCEPT) + { + if (!iobuffer_isempty(&b[i])) + { + iobuffer_flush(&b[i]) ; /* sets errno */ + strerr_warnwu3sys("write ", i ? "incoming" : "outgoing", " data") ; + } + closeit(i, 0) ; finishit(i) ; + } + } + + for (i = 0 ; i < 2 ; i++) if (a[i][0].xindex < 5) + { + if (x[a[i][0].xindex].revents & IOPAUSE_READ) + { + if (sanitize_read(iobuffer_fill(&b[i])) < 0) + { + if (errno != EPIPE) strerr_warnwu3sys("read ", i ? "incoming" : "outgoing", " data") ; + x[a[i][0].xindex].revents |= IOPAUSE_EXCEPT ; + } + } + if (x[a[i][0].xindex].revents & IOPAUSE_EXCEPT) + { + closeit(i, 0) ; + if (iobuffer_isempty(&b[i])) finishit(i) ; + } + } + } + return 0 ; +} diff --git a/src/conn-tools/s6-ipcclient.c b/src/conn-tools/s6-ipcclient.c new file mode 100644 index 0000000..61864bc --- /dev/null +++ b/src/conn-tools/s6-ipcclient.c @@ -0,0 +1,66 @@ +/* ISC license. */ + +#include +#include +#include +#include +#include + +#define USAGE "s6-ipcclient [ -q | -Q | -v ] [ -p bindpath ] [ -l localname ] path prog..." + +int main (int argc, char const *const *argv, char const *const *envp) +{ + char const *bindpath = 0 ; + char const *localname = 0 ; + unsigned int verbosity = 1 ; + PROG = "s6-ipcclient" ; + { + subgetopt_t l = SUBGETOPT_ZERO ; + for (;;) + { + register int opt = subgetopt_r(argc, argv, "qQvp:l:", &l) ; + if (opt == -1) break ; + switch (opt) + { + case 'q' : if (verbosity) verbosity-- ; break ; + case 'Q' : verbosity = 1 ; break ; + case 'v' : verbosity++ ; break ; + case 'p' : bindpath = l.arg ; break ; + case 'l' : localname = l.arg ; break ; + default : strerr_dieusage(100, USAGE) ; + } + } + argc -= l.ind ; argv += l.ind ; + } + if (argc < 2) strerr_dieusage(100, USAGE) ; + { + char modif[24 + IPCPATH_MAX] = "PROTO=IPC\0IPCLOCALPATH=" ; + unsigned int i = 23 ; + int s = ipc_stream() ; + if (s < 0) strerr_diefu1sys(111, "create socket") ; + if (bindpath && (ipc_bind(s, bindpath) == -1)) + strerr_diefu2sys(111, "bind socket to ", bindpath) ; + if (!ipc_connect(s, argv[0])) + strerr_diefu2sys(111, "connect to ", argv[0]) ; + if (verbosity >= 2) strerr_warn3x(PROG, ": connected to ", argv[0]) ; + if (localname) + { + register unsigned int n = str_len(localname) ; + if (n > IPCPATH_MAX) n = IPCPATH_MAX ; + byte_copy(modif + i, n, localname) ; + i += n ; modif[i++] = 0 ; + } + else + { + int dummy ; + if (ipc_local(s, modif + i, IPCPATH_MAX, &dummy) < 0) modif[--i] = 0 ; + else i += str_len(modif + i) + 1 ; + } + if (fd_move(6, s) < 0) + strerr_diefu2sys(111, "set up fd ", "6") ; + if (fd_copy(7, 6) < 0) + strerr_diefu2sys(111, "set up fd ", "7") ; + pathexec_r(argv+1, envp, env_len(envp), modif, i) ; + } + strerr_dieexec(111, argv[1]) ; +} diff --git a/src/conn-tools/s6-ipcserver-access.c b/src/conn-tools/s6-ipcserver-access.c new file mode 100644 index 0000000..629fabb --- /dev/null +++ b/src/conn-tools/s6-ipcserver-access.c @@ -0,0 +1,211 @@ +/* ISC license. */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define USAGE "s6-ipcserver-access [ -v verbosity ] [ -e | -E ] [ -l localname ] [ -i rulesdir | -x rulesfile ] prog..." + +static unsigned int verbosity = 1 ; + + /* Utility functions */ + +static inline void dieusage (void) gccattr_noreturn ; +static inline void dieusage () +{ + strerr_dieusage(100, USAGE) ; +} + +static inline void dienomem (void) gccattr_noreturn ; +static inline void dienomem () +{ + strerr_diefu1sys(111, "update environment") ; +} + +static inline void X (void) gccattr_noreturn ; +static inline void X () +{ + strerr_dief1x(101, "internal inconsistency. Please submit a bug-report.") ; +} + + + /* Logging */ + +static void logit (unsigned int pid, unsigned int uid, unsigned int gid, int h) +{ + char fmtpid[UINT_FMT] ; + char fmtuid[UINT_FMT] ; + char fmtgid[UINT_FMT] ; + fmtpid[uint_fmt(fmtpid, pid)] = 0 ; + fmtuid[uint_fmt(fmtuid, uid)] = 0 ; + fmtgid[uint_fmt(fmtgid, gid)] = 0 ; + if (h) strerr_warni7x("allow", " pid ", fmtpid, " uid ", fmtuid, " gid ", fmtgid) ; + else strerr_warni7sys("deny", " pid ", fmtpid, " uid ", fmtuid, " gid ", fmtgid) ; +} + +static inline void log_accept (unsigned int pid, unsigned int uid, unsigned int gid) +{ + logit(pid, uid, gid, 1) ; +} + +static inline void log_deny (unsigned int pid, unsigned int uid, unsigned int gid) +{ + logit(pid, uid, gid, 0) ; +} + + + /* Checking */ + +static s6_accessrules_result_t check_cdb (unsigned int uid, unsigned int gid, char const *file, s6_accessrules_params_t *params) +{ + struct cdb c = CDB_ZERO ; + int fd = open_readb(file) ; + register s6_accessrules_result_t r ; + if (fd < 0) return -1 ; + if (cdb_init(&c, fd) < 0) strerr_diefu2sys(111, "cdb_init ", file) ; + r = s6_accessrules_uidgid_cdb(uid, gid, &c, params) ; + cdb_free(&c) ; + fd_close(fd) ; + return r ; +} + +static inline int check (s6_accessrules_params_t *params, char const *rules, unsigned int rulestype, unsigned int uid, unsigned int gid) +{ + char const *x = "" ; + s6_accessrules_result_t r ; + switch (rulestype) + { + case 0 : + if (verbosity >= 2) strerr_warnw1x("invoked without a ruleset!") ; + return 1 ; + case 1 : + r = s6_accessrules_uidgid_fs(uid, gid, rules, params) ; + x = "fs" ; + break ; + case 2 : + r = check_cdb(uid, gid, rules, params) ; + x = "cdb" ; + break ; + default : X() ; + } + switch (r) + { + case S6_ACCESSRULES_ERROR : strerr_diefu4sys(111, "check ", x, " ruleset in ", rules) ; + case S6_ACCESSRULES_ALLOW : return 1 ; + case S6_ACCESSRULES_DENY : return (errno = EACCES, 0) ; + case S6_ACCESSRULES_NOTFOUND : return (errno = ENOENT, 0) ; + default : X() ; + } +} + + +int main (int argc, char const *const *argv, char const *const *envp) +{ + s6_accessrules_params_t params = S6_ACCESSRULES_PARAMS_ZERO ; + char const *rules = 0 ; + char const *localname = 0 ; + char const *proto ; + unsigned int protolen ; + unsigned int uid = 0, gid = 0 ; + unsigned int rulestype = 0 ; + int doenv = 1 ; + PROG = "s6-ipcserver-access" ; + { + subgetopt_t l = SUBGETOPT_ZERO ; + for (;;) + { + register int opt = subgetopt_r(argc, argv, "v:Eel:i:x:", &l) ; + if (opt == -1) break ; + switch (opt) + { + case 'v' : if (!uint0_scan(l.arg, &verbosity)) dieusage() ; break ; + case 'E' : doenv = 0 ; break ; + case 'e' : doenv = 1 ; break ; + case 'l' : localname = l.arg ; break ; + case 'i' : rules = l.arg ; rulestype = 1 ; break ; + case 'x' : rules = l.arg ; rulestype = 2 ; break ; + default : dieusage() ; + } + } + argc -= l.ind ; argv += l.ind ; + } + if (!argc) dieusage() ; + if (!*argv[0]) dieusage() ; + + proto = env_get2(envp, "PROTO") ; + if (!proto) strerr_dienotset(100, "PROTO") ; + protolen = str_len(proto) ; + + { + char const *x ; + char tmp[protolen + 11] ; + byte_copy(tmp, protolen, proto) ; + byte_copy(tmp + protolen, 11, "REMOTEEUID") ; + x = env_get2(envp, tmp) ; + if (!x) strerr_dienotset(100, tmp) ; + if (!uint0_scan(x, &uid)) strerr_dieinvalid(100, tmp) ; + tmp[protolen + 7] = 'G' ; + x = env_get2(envp, tmp) ; + if (!x) strerr_dienotset(100, tmp) ; + if (!uint0_scan(x, &gid)) strerr_dieinvalid(100, tmp) ; + } + + if (!check(¶ms, rules, rulestype, uid, gid)) + { + if (verbosity >= 2) log_deny(getpid(), uid, gid) ; + return 1 ; + } + if (verbosity) log_accept(getpid(), uid, gid) ; + + if (doenv) + { + char tmp[protolen + 10] ; + byte_copy(tmp, protolen, proto) ; + byte_copy(tmp + protolen, 10, "LOCALPATH") ; + if (localname) + { + if (!env_addmodif(¶ms.env, tmp, localname)) dienomem() ; + } + else + { + char curname[IPCPATH_MAX+1] ; + int dummy ; + if (ipc_local(0, curname, IPCPATH_MAX+1, &dummy) < 0) + strerr_diefu1sys(111, "ipc_local") ; + if (!env_addmodif(¶ms.env, tmp, curname)) dienomem() ; + } + } + else + { + char tmp[protolen + 11] ; + byte_copy(tmp, protolen, proto) ; + byte_copy(tmp + protolen, 11, "REMOTEEUID") ; + if (!env_addmodif(¶ms.env, "PROTO", 0)) dienomem() ; + if (!env_addmodif(¶ms.env, tmp, 0)) dienomem() ; + tmp[protolen + 7] = 'G' ; + if (!env_addmodif(¶ms.env, tmp, 0)) dienomem() ; + byte_copy(tmp + protolen + 6, 5, "PATH") ; + if (!env_addmodif(¶ms.env, tmp, 0)) dienomem() ; + byte_copy(tmp + protolen, 10, "LOCALPATH") ; + if (!env_addmodif(¶ms.env, tmp, 0)) dienomem() ; + } + + if (params.exec.len) + { + char *specialargv[4] = { EXECLINE_EXTBINPREFIX "execlineb", "-c", params.exec.s, 0 } ; + pathexec_r((char const *const *)specialargv, envp, env_len(envp), params.env.s, params.env.len) ; + strerr_dieexec(111, specialargv[0]) ; + } + + pathexec_r(argv, envp, env_len(envp), params.env.s, params.env.len) ; + strerr_dieexec(111, argv[0]) ; +} diff --git a/src/conn-tools/s6-ipcserver-socketbinder.c b/src/conn-tools/s6-ipcserver-socketbinder.c new file mode 100644 index 0000000..b5a32f3 --- /dev/null +++ b/src/conn-tools/s6-ipcserver-socketbinder.c @@ -0,0 +1,49 @@ +/* ISC license. */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#define USAGE "s6-ipcserver-socketbinder [ -d | -D ] [ -b backlog ] path prog..." +#define dieusage() strerr_dieusage(100, USAGE) + +int main (int argc, char const *const *argv, char const *const *envp) +{ + unsigned int backlog = 20 ; + int flagreuse = 1 ; + PROG = "s6-ipcserver-socketbinder" ; + { + subgetopt_t l = SUBGETOPT_ZERO ; + for (;;) + { + register int opt = subgetopt_r(argc, argv, "Ddb:", &l) ; + if (opt == -1) break ; + switch (opt) + { + case 'D' : flagreuse = 0 ; break ; + case 'd' : flagreuse = 1 ; break ; + case 'b' : if (!uint0_scan(l.arg, &backlog)) dieusage() ; break ; + default : dieusage() ; + } + } + argc -= l.ind ; argv += l.ind ; + } + if (argc < 2) dieusage() ; + close(0) ; + if (ipc_stream()) strerr_diefu1sys(111, "create socket") ; + { + mode_t m = umask(0) ; + if ((flagreuse ? ipc_bind_reuse(0, argv[0]) : ipc_bind(0, argv[0])) < 0) + strerr_diefu2sys(111, "bind to ", argv[0]) ; + umask(m) ; + } + if (ipc_listen(0, backlog) < 0) strerr_diefu2sys(111, "listen to ", argv[0]) ; + + pathexec_run(argv[1], argv + 1, envp) ; + strerr_dieexec(111, argv[1]) ; +} diff --git a/src/conn-tools/s6-ipcserver.c b/src/conn-tools/s6-ipcserver.c new file mode 100644 index 0000000..ccc76f6 --- /dev/null +++ b/src/conn-tools/s6-ipcserver.c @@ -0,0 +1,127 @@ +/* ISC license. */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#define USAGE "s6-ipcserver [ -q | -Q | -v ] [ -d | -D ] [ -P | -p ] [ -1 ] [ -c maxconn ] [ -C localmaxconn ] [ -b backlog ] [ -G gid,gid,... ] [ -g gid ] [ -u uid ] [ -U ] path prog..." +#define dieusage() strerr_dieusage(100, USAGE) + +int main (int argc, char const *const *argv, char const *const *envp) +{ + unsigned int verbosity = 1 ; + int flag1 = 0 ; + int flagU = 0 ; + int flaglookup = 1 ; + int flagreuse = 1 ; + unsigned int uid = 0, gid = 0 ; + gid_t gids[NGROUPS_MAX] ; + unsigned int gidn = (unsigned int)-1 ; + unsigned int maxconn = 0 ; + unsigned int localmaxconn = 0 ; + unsigned int backlog = (unsigned int)-1 ; + PROG = "s6-ipcserver" ; + { + subgetopt_t l = SUBGETOPT_ZERO ; + for (;;) + { + register int opt = subgetopt_r(argc, argv, "qQvDd1UPpc:C:b:u:g:G:", &l) ; + if (opt == -1) break ; + switch (opt) + { + case 'q' : verbosity = 0 ; break ; + case 'Q' : verbosity = 1 ; break ; + case 'v' : verbosity = 2 ; break ; + case 'D' : flagreuse = 0 ; break ; + case 'd' : flagreuse = 1 ; break ; + case 'P' : flaglookup = 0 ; break ; + case 'p' : flaglookup = 1 ; break ; + case 'c' : if (!uint0_scan(l.arg, &maxconn)) dieusage() ; if (!maxconn) maxconn = 1 ; break ; + case 'C' : if (!uint0_scan(l.arg, &localmaxconn)) dieusage() ; if (!localmaxconn) localmaxconn = 1 ; break ; + case 'b' : if (!uint0_scan(l.arg, &backlog)) dieusage() ; break ; + case 'u' : if (!uint0_scan(l.arg, &uid)) dieusage() ; break ; + case 'g' : if (!uint0_scan(l.arg, &gid)) dieusage() ; break ; + case 'G' : if (!gid_scanlist(gids, NGROUPS_MAX, l.arg, &gidn) && *l.arg) dieusage() ; break ; + case '1' : flag1 = 1 ; break ; + case 'U' : flagU = 1 ; uid = 0 ; gid = 0 ; gidn = (unsigned int)-1 ; break ; + default : dieusage() ; + } + } + argc -= l.ind ; argv += l.ind ; + if (argc < 2) dieusage() ; + } + + { + unsigned int m = 0 ; + unsigned int pos = 0 ; + char fmt[UINT_FMT * 5 + GID_FMT * NGROUPS_MAX] ; + char const *newargv[24 + argc] ; + newargv[m++] = S6_BINPREFIX "s6-ipcserver-socketbinder" ; + if (!flagreuse) newargv[m++] = "-D" ; + if (backlog != (unsigned int)-1) + { + newargv[m++] = "-b" ; + newargv[m++] = fmt + pos ; + pos += uint_fmt(fmt + pos, backlog) ; + fmt[pos++] = 0 ; + } + newargv[m++] = "--" ; + newargv[m++] = *argv++ ; + if (flagU || uid || gid || gidn != (unsigned int)-1) + { + newargv[m++] = S6_BINPREFIX "s6-applyuidgid" ; + if (flagU) newargv[m++] = "-Uz" ; + if (uid) + { + newargv[m++] = "-u" ; + newargv[m++] = fmt + pos ; + pos += uint_fmt(fmt + pos, uid) ; + fmt[pos++] = 0 ; + } + if (gid) + { + newargv[m++] = "-g" ; + newargv[m++] = fmt + pos ; + pos += uint_fmt(fmt + pos, gid) ; + fmt[pos++] = 0 ; + } + if (gidn != (unsigned int)-1) + { + newargv[m++] = "-G" ; + newargv[m++] = fmt + pos ; + pos += gid_fmtlist(fmt + pos, gids, gidn) ; + fmt[pos++] = 0 ; + } + newargv[m++] = "--" ; + } + newargv[m++] = S6_BINPREFIX "s6-ipcserverd" ; + if (!verbosity) newargv[m++] = "-v0" ; + else if (verbosity == 2) newargv[m++] = "-v2" ; + if (flag1) newargv[m++] = "-1" ; + if (!flaglookup) newargv[m++] = "-P" ; + if (maxconn) + { + newargv[m++] = "-c" ; + newargv[m++] = fmt + pos ; + pos += uint_fmt(fmt + pos, maxconn) ; + fmt[pos++] = 0 ; + } + if (localmaxconn) + { + newargv[m++] = "-C" ; + newargv[m++] = fmt + pos ; + pos += uint_fmt(fmt + pos, localmaxconn) ; + fmt[pos++] = 0 ; + } + newargv[m++] = "--" ; + while (*argv) newargv[m++] = *argv++ ; + newargv[m++] = 0 ; + pathexec_run(newargv[0], newargv, envp) ; + strerr_dieexec(111, newargv[0]) ; + } +} diff --git a/src/conn-tools/s6-ipcserverd.c b/src/conn-tools/s6-ipcserverd.c new file mode 100644 index 0000000..4afe5cc --- /dev/null +++ b/src/conn-tools/s6-ipcserverd.c @@ -0,0 +1,399 @@ +/* ISC license. */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define USAGE "s6-ipcserverd [ -v verbosity ] [ -1 ] [ -P | -p ] [ -c maxconn ] [ -C localmaxconn ] prog..." + +#define ABSOLUTE_MAXCONN 1000 + +static unsigned int maxconn = 40 ; +static unsigned int localmaxconn = 40 ; +static char fmtmaxconn[UINT_FMT+1] = "/" ; +static char fmtlocalmaxconn[UINT_FMT+1] = "/" ; +static int flaglookup = 1 ; +static unsigned int verbosity = 1 ; +static int cont = 1 ; + +static diuint *piduid ; +static unsigned int numconn = 0 ; +static diuint *uidnum ; +static unsigned int uidlen = 0 ; + + + /* Utility functions */ + +static inline void dieusage () +{ + strerr_dieusage(100, USAGE) ; +} + +static inline void X (void) +{ + strerr_dief1x(101, "internal inconsistency. Please submit a bug-report.") ; +} + + + /* Lookup primitives */ + +static unsigned int lookup_diuint (diuint const *tab, unsigned int tablen, unsigned int key) +{ + register unsigned int i = 0 ; + for (; i < tablen ; i++) if (key == tab[i].left) break ; + return i ; +} + +static inline unsigned int lookup_pid (unsigned int pid) +{ + return lookup_diuint(piduid, numconn, pid) ; +} + +static inline unsigned int lookup_uid (unsigned int uid) +{ + return lookup_diuint(uidnum, uidlen, uid) ; +} + + + /* Logging */ + +static inline void log_start (void) +{ + strerr_warni1x("starting") ; +} + +static inline void log_exit (void) +{ + strerr_warni1x("exiting") ; +} + +static void log_status (void) +{ + char fmt[UINT_FMT] ; + fmt[uint_fmt(fmt, numconn)] = 0 ; + strerr_warni3x("status: ", fmt, fmtmaxconn) ; +} + +static void log_deny (unsigned int uid, unsigned int gid, unsigned int num) +{ + char fmtuid[UINT_FMT] = "?" ; + char fmtgid[UINT_FMT] = "?" ; + char fmtnum[UINT_FMT] = "?" ; + if (flaglookup) + { + fmtuid[uint_fmt(fmtuid, uid)] = 0 ; + fmtgid[uint_fmt(fmtgid, gid)] = 0 ; + fmtnum[uint_fmt(fmtnum, num)] = 0 ; + } + strerr_warni7sys("deny ", fmtuid, ":", fmtgid, " count ", fmtnum, fmtlocalmaxconn) ; +} + +static void log_accept (unsigned int pid, unsigned int uid, unsigned int gid, unsigned int num) +{ + char fmtuidgid[UINT_FMT * 2 + 1] = "?:?" ; + char fmtpid[UINT_FMT] ; + char fmtnum[UINT_FMT] = "?" ; + if (flaglookup) + { + register unsigned int n = uint_fmt(fmtuidgid, uid) ; + fmtuidgid[n++] = ':' ; + n += uint_fmt(fmtuidgid + n, gid) ; + fmtuidgid[n] = 0 ; + fmtnum[uint_fmt(fmtnum, num)] = 0 ; + } + fmtpid[uint_fmt(fmtpid, pid)] = 0 ; + strerr_warni7x("allow ", fmtuidgid, " pid ", fmtpid, " count ", fmtnum, fmtlocalmaxconn) ; +} + +static void log_close (unsigned int pid, unsigned int uid, int w) +{ + char fmtpid[UINT_FMT] ; + char fmtuid[UINT_FMT] = "?" ; + char fmtw[UINT_FMT] ; + fmtpid[uint_fmt(fmtpid, pid)] = 0 ; + if (flaglookup) fmtuid[uint_fmt(fmtuid, uid)] = 0 ; + fmtw[uint_fmt(fmtw, WIFSIGNALED(w) ? WTERMSIG(w) : WEXITSTATUS(w))] = 0 ; + strerr_warni6x("end pid ", fmtpid, " uid ", fmtuid, WIFSIGNALED(w) ? " signal " : " exitcode ", fmtw) ; +} + + + /* Signal handling */ + +static void killthem (int sig) +{ + register unsigned int i = 0 ; + for (; i < numconn ; i++) kill(piduid[i].left, sig) ; +} + +static void wait_children (void) +{ + for (;;) + { + unsigned int i ; + int w ; + register pid_t pid = wait_nohang(&w) ; + if (pid < 0) + if (errno != ECHILD) strerr_diefu1sys(111, "wait_nohang") ; + else break ; + else if (!pid) break ; + i = lookup_pid(pid) ; + if (i < numconn) + { + unsigned int uid = piduid[i].right ; + register unsigned int j = lookup_uid(uid) ; + if (j >= uidlen) X() ; + if (!--uidnum[j].right) uidnum[j] = uidnum[--uidlen] ; + piduid[i] = piduid[--numconn] ; + if (verbosity >= 2) + { + log_close(pid, uid, w) ; + log_status() ; + } + } + } +} + +static void handle_signals (void) +{ + for (;;) switch (selfpipe_read()) + { + case -1 : strerr_diefu1sys(111, "read selfpipe") ; + case 0 : return ; + case SIGCHLD : wait_children() ; break ; + case SIGTERM : + { + if (verbosity >= 2) + strerr_warni3x("received ", "SIGTERM,", " quitting") ; + cont = 0 ; + break ; + } + case SIGHUP : + { + if (verbosity >= 2) + strerr_warni5x("received ", "SIGHUP,", " sending ", "SIGTERM+SIGCONT", " to all connections") ; + killthem(SIGTERM) ; + killthem(SIGCONT) ; + break ; + } + case SIGQUIT : + { + if (verbosity >= 2) + strerr_warni6x("received ", "SIGQUIT,", " sending ", "SIGTERM+SIGCONT", " to all connections", " and quitting") ; + cont = 0 ; + killthem(SIGTERM) ; + killthem(SIGCONT) ; + break ; + } + case SIGABRT : + { + if (verbosity >= 2) + strerr_warni6x("received ", "SIGABRT,", " sending ", "SIGKILL", " to all connections", " and quitting") ; + cont = 0 ; + killthem(SIGKILL) ; + break ; + } + default : X() ; + } +} + + + /* New connection handling */ + +static void run_child (int, unsigned int, unsigned int, unsigned int, char const *, char const *const *, char const *const *) gccattr_noreturn ; +static void run_child (int s, unsigned int uid, unsigned int gid, unsigned int num, char const *remotepath, char const *const *argv, char const *const *envp) +{ + unsigned int rplen = str_len(remotepath) + 1 ; + unsigned int n = 0 ; + char fmt[65 + UINT_FMT * 3 + rplen] ; + PROG = "s6-ipcserver (child)" ; + if ((fd_move(0, s) < 0) || (fd_copy(1, 0) < 0)) + strerr_diefu1sys(111, "move fds") ; + byte_copy(fmt+n, 23, "PROTO=IPC\0IPCREMOTEEUID") ; n += 23 ; + if (flaglookup) + { + fmt[n++] = '=' ; + n += uint_fmt(fmt+n, uid) ; + } + fmt[n++] = 0 ; + byte_copy(fmt+n, 13, "IPCREMOTEEGID") ; n += 13 ; + if (flaglookup) + { + fmt[n++] = '=' ; + n += uint_fmt(fmt+n, gid) ; + } + fmt[n++] = 0 ; + byte_copy(fmt+n, 11, "IPCCONNNUM=") ; n += 11 ; + if (flaglookup) n += uint_fmt(fmt+n, num) ; + fmt[n++] = 0 ; + byte_copy(fmt+n, 14, "IPCREMOTEPATH=") ; n += 14 ; + byte_copy(fmt+n, rplen, remotepath) ; n += rplen ; + pathexec_r(argv, envp, env_len(envp), fmt, n) ; + strerr_dieexec(111, argv[0]) ; +} + +static void new_connection (int s, char const *remotepath, char const *const *argv, char const *const *envp) +{ + unsigned int uid = 0, gid = 0 ; + unsigned int num, i ; + register pid_t pid ; + if (flaglookup && (ipc_eid(s, &uid, &gid) < 0)) + { + if (verbosity) strerr_warnwu1sys("ipc_eid") ; + return ; + } + i = lookup_uid(uid) ; + num = (i < uidlen) ? uidnum[i].right : 0 ; + if (num >= localmaxconn) + { + log_deny(uid, gid, num) ; + return ; + } + pid = fork() ; + if (pid < 0) + { + if (verbosity) strerr_warnwu1sys("fork") ; + return ; + } + else if (!pid) + { + selfpipe_finish() ; + run_child(s, uid, gid, num+1, remotepath, argv, envp) ; + } + + if (i < uidlen) uidnum[i].right = num + 1 ; + else + { + uidnum[uidlen].left = uid ; + uidnum[uidlen++].right = 1 ; + } + piduid[numconn].left = (unsigned int)pid ; + piduid[numconn++].right = uid ; + if (verbosity >= 2) + { + log_accept((unsigned int)pid, uid, gid, uidnum[i].right) ; + log_status() ; + } +} + + + /* And the main */ + +int main (int argc, char const *const *argv, char const *const *envp) +{ + iopause_fd x[2] = { { .events = IOPAUSE_READ }, { .fd = 0, .events = IOPAUSE_READ | IOPAUSE_EXCEPT } } ; + PROG = "s6-ipcserverd" ; + { + subgetopt_t l = SUBGETOPT_ZERO ; + int flag1 = 0 ; + for (;;) + { + register int opt = subgetopt_r(argc, argv, "Pp1c:C:v:", &l) ; + if (opt == -1) break ; + switch (opt) + { + case 'P' : flaglookup = 0 ; break ; + case 'p' : flaglookup = 1 ; break ; + case '1' : flag1 = 1 ; break ; + case 'c' : if (!uint0_scan(l.arg, &maxconn)) dieusage() ; break ; + case 'C' : if (!uint0_scan(l.arg, &localmaxconn)) dieusage() ; break ; + case 'v' : if (!uint0_scan(l.arg, &verbosity)) dieusage() ; break ; + default : dieusage() ; + } + } + argc -= l.ind ; argv += l.ind ; + if (!argc || !*argv[0]) dieusage() ; + { + struct stat st ; + if (fstat(0, &st) < 0) strerr_diefu1sys(111, "fstat stdin") ; + if (!S_ISSOCK(st.st_mode)) strerr_dief1x(100, "stdin is not a socket") ; + } + if (coe(0) < 0) strerr_diefu1sys(111, "make socket close-on-exec") ; + if (flag1) + { + if (fcntl(1, F_GETFD) < 0) + strerr_dief1sys(100, "called with option -1 but stdout said") ; + } + else close(1) ; + if (!maxconn) maxconn = 1 ; + if (maxconn > ABSOLUTE_MAXCONN) maxconn = ABSOLUTE_MAXCONN ; + if (!flaglookup || (localmaxconn > maxconn)) localmaxconn = maxconn ; + + x[0].fd = selfpipe_init() ; + if (x[0].fd == -1) strerr_diefu1sys(111, "create selfpipe") ; + if (sig_ignore(SIGPIPE) < 0) strerr_diefu1sys(111, "ignore SIGPIPE") ; + { + sigset_t set ; + sigemptyset(&set) ; + sigaddset(&set, SIGCHLD) ; + sigaddset(&set, SIGTERM) ; + sigaddset(&set, SIGHUP) ; + sigaddset(&set, SIGQUIT) ; + sigaddset(&set, SIGABRT) ; + if (selfpipe_trapset(&set) < 0) strerr_diefu1sys(111, "trap signals") ; + } + + fmtlocalmaxconn[1+uint_fmt(fmtlocalmaxconn+1, localmaxconn)] = 0 ; + if (verbosity >= 2) + { + fmtmaxconn[1+uint_fmt(fmtmaxconn+1, maxconn)] = 0 ; + log_start() ; + log_status() ; + } + if (flag1) + { + fd_write(1, "\n", 1) ; + fd_close(1) ; + } + } + + { + diuint inyostack[maxconn + (flaglookup ? maxconn : 1)] ; + piduid = inyostack ; uidnum = inyostack + maxconn ; + + while (cont) + { + if (iopause_g(x, 1 + (numconn < maxconn), 0) < 0) + strerr_diefu1sys(111, "iopause") ; + + if (x[0].revents & IOPAUSE_EXCEPT) strerr_dief1x(111, "trouble with selfpipe") ; + if (x[0].revents & IOPAUSE_READ) handle_signals() ; + if (numconn < maxconn) + { + if (x[1].revents & IOPAUSE_EXCEPT) strerr_dief1x(111, "trouble with socket") ; + if (x[1].revents & IOPAUSE_READ) + { + int dummy ; + char remotepath[IPCPATH_MAX+1] ; + register int s = ipc_accept(x[1].fd, remotepath, IPCPATH_MAX+1, &dummy) ; + if (s < 0) + { + if (verbosity) strerr_warnwu1sys("accept") ; + } + else + { + new_connection(s, remotepath, argv, envp) ; + fd_close(s) ; + } + } + } + } + } + if (verbosity >= 2) log_exit() ; + return 0 ; +} diff --git a/src/conn-tools/s6-sudo.c b/src/conn-tools/s6-sudo.c new file mode 100644 index 0000000..865b681 --- /dev/null +++ b/src/conn-tools/s6-sudo.c @@ -0,0 +1,67 @@ +/* ISC license. */ + +#include +#include +#include +#include +#include + +#define USAGE "s6-sudo [ -q | -Q | -v ] [ -p bindpath ] [ -l localname ] [ -e ] [ -t timeout ] [ -T timeoutrun ] path [ args... ]" +#define dieusage() strerr_dieusage(100, USAGE) + +int main (int argc, char const *const *argv, char const *const *envp) +{ + unsigned int verbosity = 1, t = 0, T = 0 ; + char const *bindpath = 0 ; + char const *localname = 0 ; + int nodoenv = 0 ; + PROG = "s6-sudo" ; + { + subgetopt_t l = SUBGETOPT_ZERO ; + for (;;) + { + register int opt = subgetopt_r(argc, argv, "qQvp:l:et:T:", &l) ; + if (opt == -1) break ; + switch (opt) + { + case 'q' : if (verbosity) verbosity-- ; break ; + case 'Q' : verbosity = 1 ; break ; + case 'v' : verbosity++ ; break ; + case 'p' : bindpath = l.arg ; break ; + case 'l' : localname = l.arg ; break ; + case 'e' : nodoenv = 1 ; break ; + case 't' : if (!uint0_scan(l.arg, &t)) dieusage() ; break ; + case 'T' : if (!uint0_scan(l.arg, &T)) dieusage() ; break ; + default : dieusage() ; + } + } + argc -= l.ind ; argv += l.ind ; + } + if (!argc) dieusage() ; + { + char const *eargv[9 + argc + ((verbosity < 2 ? 1 : verbosity-1)) + ((!!bindpath + !!localname) << 1) + nodoenv] ; + char fmt1[UINT_FMT] ; + char fmt2[UINT_FMT] ; + unsigned int n = 0 ; + eargv[n++] = S6_BINPREFIX "s6-ipcclient" ; + if (!verbosity) eargv[n++] = "-Q" ; + else while (--verbosity) eargv[n++] = "-v" ; + if (bindpath) { eargv[n++] = "-p" ; eargv[n++] = bindpath ; } + if (localname) { eargv[n++] = "-l" ; eargv[n++] = localname ; } + eargv[n++] = "--" ; + eargv[n++] = *argv++ ; argc-- ; + eargv[n++] = S6_BINPREFIX "s6-sudoc" ; + if (nodoenv) eargv[n++] = "-e" ; + eargv[n++] = "-t" ; + fmt1[uint_fmt(fmt1, t)] = 0 ; + eargv[n++] = fmt1 ; + eargv[n++] = "-T" ; + fmt2[uint_fmt(fmt2, T)] = 0 ; + eargv[n++] = fmt2 ; + eargv[n++] = "--" ; + while (argc--) eargv[n++] = *argv++ ; + eargv[n++] = 0 ; + pathexec_run(eargv[0], eargv, envp) ; + } + strerr_dieexec(111, S6_BINPREFIX "s6-ipcclient") ; +} diff --git a/src/conn-tools/s6-sudo.h b/src/conn-tools/s6-sudo.h new file mode 100644 index 0000000..8c5797f --- /dev/null +++ b/src/conn-tools/s6-sudo.h @@ -0,0 +1,11 @@ +/* ISC license. */ + +#ifndef S6_SUDO_H +#define S6_SUDO_H + +#define S6_SUDO_BANNERB "s6-sudo b v1.0\n" +#define S6_SUDO_BANNERB_LEN (sizeof(S6_SUDO_BANNERB) - 1) +#define S6_SUDO_BANNERA "s6-sudo a v1.0\n" +#define S6_SUDO_BANNERA_LEN (sizeof(S6_SUDO_BANNERA) - 1) + +#endif diff --git a/src/conn-tools/s6-sudoc.c b/src/conn-tools/s6-sudoc.c new file mode 100644 index 0000000..823d7cb --- /dev/null +++ b/src/conn-tools/s6-sudoc.c @@ -0,0 +1,115 @@ +/* ISC license. */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "s6-sudo.h" + +#define USAGE "s6-sudoc [ -e ] [ -t timeoutconn ] [ -T timeoutrun ] [ args... ]" +#define dieusage() strerr_dieusage(100, USAGE) +#define dienomem() strerr_diefu1sys(111, "stralloc_catb") + +int main (int argc, char const *const *argv, char const *const *envp) +{ + char buf6[64] ; + buffer b6 = BUFFER_INIT(&buffer_read, 6, buf6, 64) ; + unixmessage_sender_t b7 = UNIXMESSAGE_SENDER_INIT(7) ; + subgetopt_t l = SUBGETOPT_ZERO ; + unsigned int t = 0, T = 0 ; + int doenv = 1 ; + + tain_t deadline = TAIN_INFINITE_RELATIVE ; + PROG = "s6-sudoc" ; + for (;;) + { + register int opt = subgetopt_r(argc, argv, "et:T:", &l) ; + if (opt < 0) break ; + switch (opt) + { + case 'e' : doenv = 0 ; break ; + case 't' : if (!uint0_scan(l.arg, &t)) dieusage() ; break ; + case 'T' : if (!uint0_scan(l.arg, &T)) dieusage() ; break ; + default : dieusage() ; + } + } + argc -= l.ind ; argv += l.ind ; + if (t) tain_from_millisecs(&deadline, t) ; + if ((ndelay_on(6) < 0) || (ndelay_on(7) < 0)) + strerr_diefu1sys(111, "make socket non-blocking") ; + if (!fd_sanitize() || !fd_ensure_open(2, 1)) + strerr_diefu1sys(111, "sanitize stdin/stdout/stderr") ; + + tain_now_g() ; + tain_add_g(&deadline, &deadline) ; + { + char tmp[S6_SUDO_BANNERB_LEN] ; + if (buffer_timed_get_g(&b6, tmp, S6_SUDO_BANNERB_LEN, &deadline) < S6_SUDO_BANNERB_LEN) + strerr_diefu1sys(111, "read banner from s6-sudod") ; + if (str_diffn(tmp, S6_SUDO_BANNERB, S6_SUDO_BANNERB_LEN)) + strerr_dief1x(100, "wrong server banner") ; + } + { + int fds[3] = { 0, 1, 2 } ; + char pack[16] ; + siovec_t v[4] = { + { .s = S6_SUDO_BANNERA, .len = S6_SUDO_BANNERA_LEN }, + { .s = pack, .len = 16 }, + { .s = 0, .len = 0 }, + { .s = 0, .len = 0 } } ; + unixmessage_v_t mv = { .v = v, .vlen = 4, .fds = fds, .nfds = 3 } ; + stralloc sa = STRALLOC_ZERO ; + unsigned int envlen = doenv ? env_len(envp) : 0 ; + uint32_pack_big(pack, (uint32)argc) ; + uint32_pack_big(pack + 4, (uint32)envlen) ; + if (!env_string(&sa, argv, argc)) dienomem() ; + v[2].len = sa.len ; + uint32_pack_big(pack + 8, (uint32)v[2].len) ; + if (doenv) + { + if (!env_string(&sa, envp, envlen)) dienomem() ; + v[3].len = sa.len - v[2].len ; + } + uint32_pack_big(pack + 12, (uint32)v[3].len) ; + v[2].s = sa.s ; + v[3].s = sa.s + v[2].len ; + if (!unixmessage_putv_and_close(&b7, &mv, (unsigned char const *)"\003")) + strerr_diefu1sys(111, "unixmessage_putv") ; + stralloc_free(&sa) ; + } + if (!unixmessage_sender_timed_flush_g(&b7, &deadline)) + strerr_diefu1sys(111, "send args to server") ; + unixmessage_sender_free(&b7) ; + { + char c ; + if (buffer_timed_get_g(&b6, &c, 1, &deadline) < 1) + strerr_diefu1sys(111, "get confirmation from server") ; + if (c) + { + errno = c ; + strerr_diefu1sys(111, "start privileged program: server answered: ") ; + } + } + + if (T) tain_from_millisecs(&deadline, T) ; else deadline = tain_infinite_relative ; + tain_add_g(&deadline, &deadline) ; + { + char pack[UINT_PACK] ; + if (buffer_timed_get_g(&b6, pack, UINT_PACK, &deadline) < UINT_PACK) + strerr_diefu1sys(111, "get exit status from server") ; + uint_unpack_big(pack, &t) ; + } + if (WIFSIGNALED(t)) raise(WTERMSIG(t)) ; + return WEXITSTATUS(t) ; +} diff --git a/src/conn-tools/s6-sudod.c b/src/conn-tools/s6-sudod.c new file mode 100644 index 0000000..8c52bb9 --- /dev/null +++ b/src/conn-tools/s6-sudod.c @@ -0,0 +1,233 @@ +/* ISC license. */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "s6-sudo.h" + +#define USAGE "s6-sudod [ -0 ] [ -1 ] [ -2 ] [ -t timeout ] args..." +#define dieusage() strerr_dieusage(100, USAGE) +#define dienomem() strerr_diefu1sys(111, "stralloc_catb") + +int main (int argc, char const *const *argv, char const *const *envp) +{ + subgetopt_t l = SUBGETOPT_ZERO ; + unixmessage_t m ; + unsigned int nullfds = 0, t = 2000 ; + pid_t pid ; + uint32 envc = env_len(envp) ; + uint32 cargc, cenvc, carglen, cenvlen ; + int spfd ; + tain_t deadline = TAIN_INFINITE_RELATIVE ; + PROG = "s6-sudod" ; + for (;;) + { + register int opt = subgetopt_r(argc, argv, "012t:", &l) ; + if (opt < 0) break ; + switch (opt) + { + case '0' : nullfds |= 1 ; break ; + case '1' : nullfds |= 2 ; break ; + case '2' : nullfds |= 4 ; break ; + case 't' : if (!uint0_scan(l.arg, &t)) dieusage() ; break ; + default : dieusage() ; + } + } + argc -= l.ind ; argv += l.ind ; + if (t) tain_from_millisecs(&deadline, t) ; + if ((ndelay_on(0) < 0) || (ndelay_on(1) < 0)) + strerr_diefu1sys(111, "make socket non-blocking") ; + + tain_now_g() ; + tain_add_g(&deadline, &deadline) ; + buffer_putnoflush(buffer_1small, S6_SUDO_BANNERB, S6_SUDO_BANNERB_LEN) ; + if (!buffer_timed_flush_g(buffer_1small, &deadline)) + strerr_diefu1sys(111, "write banner to client") ; + if (unixmessage_timed_receive_g(unixmessage_receiver_0, &m, &deadline) <= 0) + strerr_diefu1sys(111, "read message from client") ; + if (m.nfds != 3) + strerr_dief1x(100, "client did not send 3 fds") ; + if (m.len < 16 + S6_SUDO_BANNERA_LEN) + strerr_dief1x(100, "wrong client message") ; + if (str_diffn(m.s, S6_SUDO_BANNERA, S6_SUDO_BANNERA_LEN)) + strerr_dief1x(100, "wrong client banner") ; + uint32_unpack_big(m.s + S6_SUDO_BANNERA_LEN, &cargc) ; + uint32_unpack_big(m.s + S6_SUDO_BANNERA_LEN + 4, &cenvc) ; + uint32_unpack_big(m.s + S6_SUDO_BANNERA_LEN + 8, &carglen) ; + uint32_unpack_big(m.s + S6_SUDO_BANNERA_LEN + 12, &cenvlen) ; + if (S6_SUDO_BANNERA_LEN + 16 + carglen + cenvlen != m.len) + strerr_dief1x(100, "wrong client argc/envlen") ; + if ((cargc > 131072) || (cenvc > 131072)) + strerr_dief1x(100, "too many args/envvars from client") ; + + if (nullfds & 1) + { + close(m.fds[0]) ; + m.fds[0] = open2("/dev/null", O_RDONLY) ; + if (m.fds[0] < 0) strerr_diefu2sys(111, "open /dev/null for ", "reading") ; + } + if (nullfds & 2) + { + close(m.fds[1]) ; + m.fds[1] = open2("/dev/null", O_WRONLY) ; + if (m.fds[1] < 0) strerr_diefu2sys(111, "open /dev/null for ", "writing") ; + } + if (nullfds & 4) + { + close(m.fds[2]) ; + m.fds[2] = 2 ; + } + + { + char const *targv[argc + 1 + cargc] ; + char const *tenvp[envc + 1 + cenvc] ; + int p[2] ; + register unsigned int i = 0 ; + for (; i < (unsigned int)argc ; i++) targv[i] = argv[i] ; + for (i = 0 ; i <= envc ; i++) tenvp[i] = envp[i] ; + if (!env_make(targv + argc, cargc, m.s + S6_SUDO_BANNERA_LEN + 16, carglen)) + { + char c = errno ; + buffer_putnoflush(buffer_1small, &c, 1) ; + buffer_timed_flush_g(buffer_1small, &deadline) ; + errno = c ; + strerr_diefu1sys(111, "make child argv") ; + } + if (!env_make(tenvp + envc + 1, cenvc, m.s + S6_SUDO_BANNERA_LEN + 16 + carglen, cenvlen)) + { + char c = errno ; + buffer_putnoflush(buffer_1small, &c, 1) ; + buffer_timed_flush_g(buffer_1small, &deadline) ; + errno = c ; + strerr_diefu1sys(111, "make child envp") ; + } + targv[argc + cargc] = 0 ; + + for (i = 0 ; i < cenvc ; i++) + { + char const *var = tenvp[envc + 1 + i] ; + register unsigned int j = 0 ; + register unsigned int len = str_chr(var, '=') ; + if (!var[len]) + { + char c = EINVAL ; + buffer_putnoflush(buffer_1small, &c, 1) ; + buffer_timed_flush_g(buffer_1small, &deadline) ; + strerr_dief1x(100, "bad environment from client") ; + } + for (; j < envc ; j++) if (!str_diffn(var, tenvp[j], len+1)) break ; + if ((j < envc) && !tenvp[j][len+1]) tenvp[j] = var ; + } + + spfd = selfpipe_init() ; + if (spfd < 0) strerr_diefu1sys(111, "selfpipe_init") ; + if (selfpipe_trap(SIGCHLD) < 0) strerr_diefu1sys(111, "trap SIGCHLD") ; + if (pipe(p) < 0) strerr_diefu1sys(111, "pipe") ; + if (coe(p[1]) < 0) strerr_diefu1sys(111, "coe pipe") ; + pid = fork() ; + if (pid < 0) strerr_diefu1sys(111, "fork") ; + if (!pid) + { + PROG = "s6-sudod (child)" ; + fd_close(p[0]) ; + if ((fd_move(2, m.fds[2]) < 0) + || (fd_move(1, m.fds[1]) < 0) + || (fd_move(0, m.fds[0]) < 0)) + { + char c = errno ; + fd_write(p[1], &c, 1) ; + strerr_diefu1sys(111, "move fds") ; + } + selfpipe_finish() ; + pathexec0_run(targv, tenvp) ; + { + char c = errno ; + fd_write(p[1], &c, 1) ; + } + strerr_dieexec(111, targv[0]) ; + } + fd_close(p[1]) ; + { + char c ; + register int r = fd_read(p[0], &c, 1) ; + if (r < 0) strerr_diefu1sys(111, "read from child") ; + if (r) + { + buffer_putnoflush(buffer_1small, &c, 1) ; + buffer_timed_flush_g(buffer_1small, &deadline) ; + return 111 ; + } + } + fd_close(p[0]) ; + } + + fd_close(m.fds[0]) ; + fd_close(m.fds[1]) ; + if (!(nullfds & 4)) fd_close(m.fds[2]) ; + unixmessage_receiver_free(unixmessage_receiver_0) ; + buffer_putnoflush(buffer_1small, "", 1) ; + if (!buffer_timed_flush_g(buffer_1small, &deadline)) + strerr_diefu1sys(111, "send confirmation to client") ; + + { + iopause_fd x[2] = { { .fd = 0, .events = 0 }, { .fd = spfd, .events = IOPAUSE_READ } } ; + int cont = 1 ; + while (cont) + { + if (iopause_g(x, 2, 0) < 0) strerr_diefu1sys(111, "iopause") ; + if (x[1].revents) + { + for (;;) + { + int c = selfpipe_read() ; + if (c < 0) strerr_diefu1sys(111, "read from selfpipe") ; + else if (!c) break ; + else if (c == SIGCHLD) + { + int wstat ; + register int r = wait_pid_nohang(pid, &wstat) ; + if ((r < 0) && (errno != ECHILD)) + strerr_diefu1sys(111, "wait_pid_nohang") ; + else if (r > 0) + { + char pack[UINT_PACK] ; + uint_pack_big(pack, (unsigned int)wstat) ; + buffer_putnoflush(buffer_1small, pack, UINT_PACK) ; + cont = 0 ; + } + } + else + strerr_dief1sys(101, "internal inconsistency, please submit a bug-report") ; + } + } + if (x[0].revents && cont) + { + kill(pid, SIGTERM) ; + kill(pid, SIGCONT) ; + x[0].fd = -1 ; + return 1 ; + } + } + } + if (ndelay_off(1) < 0) + strerr_diefu1sys(111, "set stdout blocking") ; + if (!buffer_flush(buffer_1small)) + strerr_diefu1sys(111, "write status to client") ; + return 0 ; +} diff --git a/src/include/s6/accessrules.h b/src/include/s6/accessrules.h new file mode 100644 index 0000000..3edf8b6 --- /dev/null +++ b/src/include/s6/accessrules.h @@ -0,0 +1,53 @@ +/* ISC license. */ + +#ifndef S6_ACCESSRULES_H +#define S6_ACCESSRULES_H + +#include +#include +#include + +typedef struct s6_accessrules_params_s s6_accessrules_params_t, *s6_accessrules_params_t_ref ; +struct s6_accessrules_params_s +{ + stralloc env ; + stralloc exec ; +} ; +#define S6_ACCESSRULES_PARAMS_ZERO { .env = STRALLOC_ZERO, .exec = STRALLOC_ZERO } + +typedef enum s6_accessrules_result_e s6_accessrules_result_t, *s6_accessrules_result_t_ref ; +enum s6_accessrules_result_e +{ + S6_ACCESSRULES_ERROR = -1, + S6_ACCESSRULES_DENY = 0, + S6_ACCESSRULES_ALLOW = 1, + S6_ACCESSRULES_NOTFOUND = 2 +} ; + +typedef s6_accessrules_result_t s6_accessrules_backend_func_t (char const *, unsigned int, void *, s6_accessrules_params_t *) ; +typedef s6_accessrules_backend_func_t *s6_accessrules_backend_func_t_ref ; + +extern s6_accessrules_backend_func_t s6_accessrules_backend_fs ; +extern s6_accessrules_backend_func_t s6_accessrules_backend_cdb ; + +typedef s6_accessrules_result_t s6_accessrules_keycheck_func_t (void const *, void *, s6_accessrules_params_t *, s6_accessrules_backend_func_t_ref) ; +typedef s6_accessrules_keycheck_func_t *s6_accessrules_keycheck_func_t_ref ; + +extern s6_accessrules_keycheck_func_t s6_accessrules_keycheck_uidgid ; +extern s6_accessrules_keycheck_func_t s6_accessrules_keycheck_ip4 ; +extern s6_accessrules_keycheck_func_t s6_accessrules_keycheck_ip6 ; +extern s6_accessrules_keycheck_func_t s6_accessrules_keycheck_reversedns ; +#define s6_accessrules_keycheck_ip46(key, data, params, f) (ip46_is6((ip46_t const *)(key)) ? s6_accessrules_keycheck_ip6(((ip46_t const *)(key))->ip, data, params, f) : s6_accessrules_keycheck_ip4(((ip46_t const *)(key))->ip, data, params, f)) + +extern s6_accessrules_result_t s6_accessrules_uidgid_cdb (unsigned int, unsigned int, struct cdb *, s6_accessrules_params_t *) ; +extern s6_accessrules_result_t s6_accessrules_uidgid_fs (unsigned int, unsigned int, char const *, s6_accessrules_params_t *) ; +#define s6_accessrules_ip4_cdb(ip4, c, params) s6_accessrules_keycheck_ip4(ip4, c, (params), &s6_accessrules_backend_cdb) +#define s6_accessrules_ip4_fs(ip4, rulesdir, params) s6_accessrules_keycheck_ip4(ip4, rulesdir, (params), &s6_accessrules_backend_fs) +#define s6_accessrules_ip6_cdb(ip6, c, params) s6_accessrules_keycheck_ip6(ip6, c, (params), &s6_accessrules_backend_cdb) +#define s6_accessrules_ip6_fs(ip6, rulesdir, params) s6_accessrules_keycheck_ip6(ip6, rulesdir, (params), &s6_accessrules_backend_fs) +#define s6_accessrules_ip46_cdb(ip, c, params) s6_accessrules_keycheck_ip46(ip, c, (params), &s6_accessrules_backend_cdb) +#define s6_accessrules_ip46_fs(ip, rulesdir, params) s6_accessrules_keycheck_ip46(ip, rulesdir, (params), &s6_accessrules_backend_fs) +#define s6_accessrules_reversedns_cdb(name, c, params) s6_accessrules_keycheck_reversedns(name, c, (params), &s6_accessrules_backend_cdb) +#define s6_accessrules_reversedns_fs(name, c, params) s6_accessrules_keycheck_reversedns(name, c, (params), &s6_accessrules_backend_fs) + +#endif diff --git a/src/include/s6/s6.h b/src/include/s6/s6.h index 84c552d..98e23e1 100644 --- a/src/include/s6/s6.h +++ b/src/include/s6/s6.h @@ -6,6 +6,7 @@ #include #include #include +#include #include #endif diff --git a/src/libs6/deps-lib/s6 b/src/libs6/deps-lib/s6 index 502694e..579d844 100644 --- a/src/libs6/deps-lib/s6 +++ b/src/libs6/deps-lib/s6 @@ -13,6 +13,14 @@ ftrigw_clean.o ftrigw_fifodir_make.o ftrigw_notify.o ftrigw_notifyb.o +s6_accessrules_backend_cdb.o +s6_accessrules_backend_fs.o +s6_accessrules_keycheck_ip4.o +s6_accessrules_keycheck_ip6.o +s6_accessrules_keycheck_reversedns.o +s6_accessrules_keycheck_uidgid.o +s6_accessrules_uidgid_cdb.o +s6_accessrules_uidgid_fs.o s6_supervise_lock.o s6_supervise_lock_mode.o s6_svc_main.o diff --git a/src/libs6/s6_accessrules_backend_cdb.c b/src/libs6/s6_accessrules_backend_cdb.c new file mode 100644 index 0000000..fc564bb --- /dev/null +++ b/src/libs6/s6_accessrules_backend_cdb.c @@ -0,0 +1,38 @@ +/* ISC license. */ + +#include +#include +#include +#include +#include +#include +#include + +s6_accessrules_result_t s6_accessrules_backend_cdb (char const *key, unsigned int keylen, void *data, s6_accessrules_params_t *params) +{ + struct cdb *c = data ; + unsigned int execbase, n ; + uint16 envlen, execlen ; + register int r = cdb_find(c, key, keylen) ; + if (r < 0) return S6_ACCESSRULES_ERROR ; + else if (!r) return S6_ACCESSRULES_NOTFOUND ; + n = cdb_datalen(c) ; + if ((n < 5U) || (n > 8197U)) return (errno = EINVAL, S6_ACCESSRULES_ERROR) ; + if (!stralloc_readyplus(¶ms->exec, n)) return S6_ACCESSRULES_ERROR ; + execbase = params->exec.len ; + if (cdb_read(c, params->exec.s + execbase, n, cdb_datapos(c)) < 0) return S6_ACCESSRULES_ERROR ; + if (params->exec.s[execbase] == 'D') return S6_ACCESSRULES_DENY ; + else if (params->exec.s[execbase] != 'A') return S6_ACCESSRULES_NOTFOUND ; + uint16_unpack_big(params->exec.s + execbase + 1U, &envlen) ; + if ((envlen > 4096U) || (envlen+5U > n)) return (errno = EINVAL, S6_ACCESSRULES_ERROR) ; + uint16_unpack_big(params->exec.s + execbase + 3 + envlen, &execlen) ; + if ((execlen > 4096U) || (5U + envlen + execlen != n)) return (errno = EINVAL, S6_ACCESSRULES_ERROR) ; + if (!stralloc_catb(¶ms->env, params->exec.s + execbase + 3U, envlen)) return S6_ACCESSRULES_ERROR ; + byte_copy(params->exec.s + execbase, execlen, params->exec.s + execbase + 5U + envlen) ; + if (execlen) + { + params->exec.len += execlen ; + params->exec.s[params->exec.len++] = 0 ; + } + return S6_ACCESSRULES_ALLOW ; +} diff --git a/src/libs6/s6_accessrules_backend_fs.c b/src/libs6/s6_accessrules_backend_fs.c new file mode 100644 index 0000000..5723db6 --- /dev/null +++ b/src/libs6/s6_accessrules_backend_fs.c @@ -0,0 +1,58 @@ +/* ISC license. */ + +#include +#include +#include +#include +#include +#include +#include + +s6_accessrules_result_t s6_accessrules_backend_fs (char const *key, unsigned int keylen, void *data, s6_accessrules_params_t *params) +{ + char *dir = data ; + unsigned int dirlen = str_len(dir) ; + unsigned int envbase = params->env.len ; + int wasnull = !params->env.s ; + { + char tmp[dirlen + keylen + 10] ; + byte_copy(tmp, dirlen, dir) ; + tmp[dirlen] = '/' ; + byte_copy(tmp + dirlen + 1, keylen, key) ; + byte_copy(tmp + dirlen + keylen + 1, 7, "/allow") ; + if (access(tmp, R_OK) < 0) + { + if ((errno != EACCES) && (errno != ENOENT)) + return S6_ACCESSRULES_ERROR ; + byte_copy(tmp + dirlen + keylen + 2, 5, "deny") ; + return (access(tmp, R_OK) == 0) ? S6_ACCESSRULES_DENY : + (errno != EACCES) && (errno != ENOENT) ? S6_ACCESSRULES_ERROR : + S6_ACCESSRULES_NOTFOUND ; + } + byte_copy(tmp + dirlen + keylen + 2, 4, "env") ; + if ((envdir(tmp, ¶ms->env) < 0) && (errno != ENOENT)) + return S6_ACCESSRULES_ERROR ; + if (!stralloc_readyplus(¶ms->exec, 4097)) + { + if (wasnull) stralloc_free(¶ms->env) ; + else params->env.len = envbase ; + return S6_ACCESSRULES_ERROR ; + } + byte_copy(tmp + dirlen + keylen + 2, 5, "exec") ; + { + register int r = openreadnclose(tmp, params->exec.s + params->exec.len, 4096) ; + if ((r < 0) && (errno != EACCES) && (errno != ENOENT)) + { + if (wasnull) stralloc_free(¶ms->env) ; + else params->env.len = envbase ; + return S6_ACCESSRULES_ERROR ; + } + if (r > 0) + { + params->exec.len += r ; + params->exec.s[params->exec.len++] = 0 ; + } + } + } + return S6_ACCESSRULES_ALLOW ; +} diff --git a/src/libs6/s6_accessrules_keycheck_ip4.c b/src/libs6/s6_accessrules_keycheck_ip4.c new file mode 100644 index 0000000..66ace93 --- /dev/null +++ b/src/libs6/s6_accessrules_keycheck_ip4.c @@ -0,0 +1,24 @@ +/* ISC license. */ + +#include +#include +#include +#include + +s6_accessrules_result_t s6_accessrules_keycheck_ip4 (void const *key, void *data, s6_accessrules_params_t *params, s6_accessrules_backend_func_t_ref check1) +{ + char fmt[IP4_FMT + UINT_FMT + 6] = "ip4/" ; + uint32 ip ; + unsigned int i = 0 ; + uint32_unpack_big((char const *)key, &ip) ; + for (; i <= 32 ; i++) + { + register s6_accessrules_result_t r ; + register unsigned int len = 4 + ip4_fmtu32(fmt+4, (i == 32) ? 0 : ip & ~((1U << i) - 1)) ; + fmt[len++] = '_' ; + len += uint_fmt(fmt + len, 32 - i) ; + r = (*check1)(fmt, len, data, params) ; + if (r != S6_ACCESSRULES_NOTFOUND) return r ; + } + return S6_ACCESSRULES_NOTFOUND ; +} diff --git a/src/libs6/s6_accessrules_keycheck_ip6.c b/src/libs6/s6_accessrules_keycheck_ip6.c new file mode 100644 index 0000000..a476f3d --- /dev/null +++ b/src/libs6/s6_accessrules_keycheck_ip6.c @@ -0,0 +1,27 @@ +/* ISC license. */ + +#include +#include +#include +#include +#include + +s6_accessrules_result_t s6_accessrules_keycheck_ip6 (void const *key, void *data, s6_accessrules_params_t *params, s6_accessrules_backend_func_t_ref check1) +{ + char fmt[IP6_FMT + UINT_FMT + 6] = "ip6/" ; + char ip6[16] ; + unsigned int i = 0 ; + byte_copy(ip6, 16, (char const *)key) ; + for (; i <= 128 ; i++) + { + unsigned int len ; + register s6_accessrules_result_t r ; + if (i) bitarray_clear(ip6, 128 - i) ; + len = 4 + ip6_fmt(fmt+4, ip6) ; + fmt[len++] = '_' ; + len += uint_fmt(fmt + len, 128 - i) ; + r = (*check1)(fmt, len, data, params) ; + if (r != S6_ACCESSRULES_NOTFOUND) return r ; + } + return S6_ACCESSRULES_NOTFOUND ; +} diff --git a/src/libs6/s6_accessrules_keycheck_reversedns.c b/src/libs6/s6_accessrules_keycheck_reversedns.c new file mode 100644 index 0000000..00d7e21 --- /dev/null +++ b/src/libs6/s6_accessrules_keycheck_reversedns.c @@ -0,0 +1,27 @@ +/* ISC license. */ + +#include +#include +#include + +s6_accessrules_result_t s6_accessrules_keycheck_reversedns (void const *key, void *data, s6_accessrules_params_t *params, s6_accessrules_backend_func_t_ref check1) +{ + char const *name = key ; + unsigned int len = str_len(name) ; + if (!len) return (errno = EINVAL, S6_ACCESSRULES_ERROR) ; + if (name[len-1] == '.') len-- ; + { + unsigned int i = 0 ; + char tmp[len + 11] ; + byte_copy(tmp, 11, "reversedns/") ; + while (i < len) + { + register s6_accessrules_result_t r ; + byte_copy(tmp+11, len-i, name+i) ; + r = (*check1)(tmp, 11+len-i, data, params) ; + if (r != S6_ACCESSRULES_NOTFOUND) return r ; + i += byte_chr(name+i, len-i, '.') + 1 ; + } + } + return (*check1)("reversedns/@", 12, data, params) ; +} diff --git a/src/libs6/s6_accessrules_keycheck_uidgid.c b/src/libs6/s6_accessrules_keycheck_uidgid.c new file mode 100644 index 0000000..08f0f9c --- /dev/null +++ b/src/libs6/s6_accessrules_keycheck_uidgid.c @@ -0,0 +1,16 @@ +/* ISC license. */ + +#include +#include +#include + +s6_accessrules_result_t s6_accessrules_keycheck_uidgid (void const *key, void *data, s6_accessrules_params_t *params, s6_accessrules_backend_func_t_ref check1) +{ + char fmt[4 + UINT_FMT] = "uid/" ; + register s6_accessrules_result_t r = (*check1)(fmt, 4 + uint_fmt(fmt+4, ((diuint const *)key)->left), data, params) ; + if (r != S6_ACCESSRULES_NOTFOUND) return r ; + fmt[0] = 'g' ; + r = (*check1)(fmt, 4 + uint_fmt(fmt+4, ((diuint const *)key)->right), data, params) ; + return (r != S6_ACCESSRULES_NOTFOUND) ? r : + (*check1)("uid/default", 11, data, params) ; +} diff --git a/src/libs6/s6_accessrules_uidgid_cdb.c b/src/libs6/s6_accessrules_uidgid_cdb.c new file mode 100644 index 0000000..a1a83d6 --- /dev/null +++ b/src/libs6/s6_accessrules_uidgid_cdb.c @@ -0,0 +1,11 @@ +/* ISC license. */ + +#include +#include +#include + +s6_accessrules_result_t s6_accessrules_uidgid_cdb (unsigned int uid, unsigned int gid, struct cdb *c, s6_accessrules_params_t *params) +{ + diuint uidgid = { .left = uid, .right = gid } ; + return s6_accessrules_keycheck_uidgid(&uidgid, c, params, &s6_accessrules_backend_cdb) ; +} diff --git a/src/libs6/s6_accessrules_uidgid_fs.c b/src/libs6/s6_accessrules_uidgid_fs.c new file mode 100644 index 0000000..848fa89 --- /dev/null +++ b/src/libs6/s6_accessrules_uidgid_fs.c @@ -0,0 +1,10 @@ +/* ISC license. */ + +#include +#include + +s6_accessrules_result_t s6_accessrules_uidgid_fs (unsigned int uid, unsigned int gid, char const *rulesdir, s6_accessrules_params_t *params) +{ + diuint uidgid = { .left = uid, .right = gid } ; + return s6_accessrules_keycheck_uidgid(&uidgid, (void *)rulesdir, params, &s6_accessrules_backend_fs) ; +} -- cgit v1.3.1