2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2013 The FreeBSD Foundation
5 * Copyright (c) 2015 Mariusz Zaborski <oshogbo@FreeBSD.org>
8 * This software was developed by Pawel Jakub Dawidek under sponsorship from
9 * the FreeBSD Foundation.
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
36 #include <sys/types.h>
37 #include <sys/queue.h>
38 #include <sys/socket.h>
54 #include "libcasper.h"
55 #include "libcasper_impl.h"
58 * Currently there is only one service_connection per service.
59 * In the future we may want multiple connections from multiple clients
60 * per one service instance, but it has to be carefully designed.
61 * The problem is that we may restrict/sandbox service instance according
62 * to the limits provided. When new connection comes in with different
63 * limits we won't be able to access requested resources.
64 * Not to mention one process will serve to mutiple mutually untrusted
65 * clients and compromise of this service instance by one of its clients
66 * can lead to compromise of the other clients.
70 * Client connections to the given service.
72 #define SERVICE_CONNECTION_MAGIC 0x5e91c0ec
73 struct service_connection {
75 cap_channel_t *sc_chan;
77 TAILQ_ENTRY(service_connection) sc_next;
80 #define SERVICE_MAGIC 0x5e91ce
85 service_limit_func_t *s_limit;
86 service_command_func_t *s_command;
87 TAILQ_HEAD(, service_connection) s_connections;
91 service_alloc(const char *name, service_limit_func_t *limitfunc,
92 service_command_func_t *commandfunc, uint64_t flags)
94 struct service *service;
96 service = malloc(sizeof(*service));
99 service->s_name = strdup(name);
100 if (service->s_name == NULL) {
104 service->s_limit = limitfunc;
105 service->s_command = commandfunc;
106 service->s_flags = flags;
107 TAILQ_INIT(&service->s_connections);
108 service->s_magic = SERVICE_MAGIC;
114 service_free(struct service *service)
116 struct service_connection *sconn;
118 assert(service->s_magic == SERVICE_MAGIC);
120 service->s_magic = 0;
121 while ((sconn = service_connection_first(service)) != NULL)
122 service_connection_remove(service, sconn);
123 free(service->s_name);
127 struct service_connection *
128 service_connection_add(struct service *service, int sock,
129 const nvlist_t *limits)
131 struct service_connection *sconn;
134 assert(service->s_magic == SERVICE_MAGIC);
136 sconn = malloc(sizeof(*sconn));
139 sconn->sc_chan = cap_wrap(sock,
140 service_get_channel_flags(service));
141 if (sconn->sc_chan == NULL) {
147 if (limits == NULL) {
148 sconn->sc_limits = NULL;
150 sconn->sc_limits = nvlist_clone(limits);
151 if (sconn->sc_limits == NULL) {
153 (void)cap_unwrap(sconn->sc_chan, NULL);
159 sconn->sc_magic = SERVICE_CONNECTION_MAGIC;
160 TAILQ_INSERT_TAIL(&service->s_connections, sconn, sc_next);
165 service_connection_remove(struct service *service,
166 struct service_connection *sconn)
169 assert(service->s_magic == SERVICE_MAGIC);
170 assert(sconn->sc_magic == SERVICE_CONNECTION_MAGIC);
172 TAILQ_REMOVE(&service->s_connections, sconn, sc_next);
174 nvlist_destroy(sconn->sc_limits);
175 cap_close(sconn->sc_chan);
180 service_connection_clone(struct service *service,
181 struct service_connection *sconn)
183 struct service_connection *newsconn;
186 if (socketpair(PF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, 0, sock) < 0)
189 newsconn = service_connection_add(service, sock[0],
190 service_connection_get_limits(sconn));
191 if (newsconn == NULL) {
202 struct service_connection *
203 service_connection_first(struct service *service)
205 struct service_connection *sconn;
207 assert(service->s_magic == SERVICE_MAGIC);
209 sconn = TAILQ_FIRST(&service->s_connections);
210 assert(sconn == NULL ||
211 sconn->sc_magic == SERVICE_CONNECTION_MAGIC);
215 struct service_connection *
216 service_connection_next(struct service_connection *sconn)
219 assert(sconn->sc_magic == SERVICE_CONNECTION_MAGIC);
221 sconn = TAILQ_NEXT(sconn, sc_next);
222 assert(sconn == NULL ||
223 sconn->sc_magic == SERVICE_CONNECTION_MAGIC);
228 service_connection_get_chan(const struct service_connection *sconn)
231 assert(sconn->sc_magic == SERVICE_CONNECTION_MAGIC);
233 return (sconn->sc_chan);
237 service_connection_get_sock(const struct service_connection *sconn)
240 assert(sconn->sc_magic == SERVICE_CONNECTION_MAGIC);
242 return (cap_sock(sconn->sc_chan));
246 service_connection_get_limits(const struct service_connection *sconn)
249 assert(sconn->sc_magic == SERVICE_CONNECTION_MAGIC);
251 return (sconn->sc_limits);
255 service_connection_set_limits(struct service_connection *sconn,
259 assert(sconn->sc_magic == SERVICE_CONNECTION_MAGIC);
261 nvlist_destroy(sconn->sc_limits);
262 sconn->sc_limits = limits;
266 service_message(struct service *service, struct service_connection *sconn)
268 nvlist_t *nvlin, *nvlout;
273 if ((service->s_flags & CASPER_SERVICE_NO_UNIQ_LIMITS) != 0)
274 flags = NV_FLAG_NO_UNIQUE;
276 nvlin = cap_recv_nvlist(service_connection_get_chan(sconn));
278 service_connection_remove(service, sconn);
283 nvlout = nvlist_create(flags);
285 cmd = nvlist_get_string(nvlin, "cmd");
286 if (strcmp(cmd, "limit_set") == 0) {
289 nvllim = nvlist_take_nvlist(nvlin, "limits");
290 if (service->s_limit == NULL) {
293 error = service->s_limit(
294 service_connection_get_limits(sconn), nvllim);
297 service_connection_set_limits(sconn, nvllim);
298 /* Function consumes nvllim. */
300 nvlist_destroy(nvllim);
302 } else if (strcmp(cmd, "limit_get") == 0) {
303 const nvlist_t *nvllim;
305 nvllim = service_connection_get_limits(sconn);
307 nvlist_add_nvlist(nvlout, "limits", nvllim);
309 nvlist_add_null(nvlout, "limits");
311 } else if (strcmp(cmd, "clone") == 0) {
314 sock = service_connection_clone(service, sconn);
318 nvlist_move_descriptor(nvlout, "sock", sock);
322 error = service->s_command(cmd,
323 service_connection_get_limits(sconn), nvlin, nvlout);
326 nvlist_destroy(nvlin);
327 nvlist_add_number(nvlout, "error", (uint64_t)error);
329 if (cap_send_nvlist(service_connection_get_chan(sconn), nvlout) == -1)
330 service_connection_remove(service, sconn);
332 nvlist_destroy(nvlout);
336 fd_add(fd_set *fdsp, int maxfd, int fd)
340 return (fd > maxfd ? fd : maxfd);
344 service_name(struct service *service)
347 assert(service->s_magic == SERVICE_MAGIC);
348 return (service->s_name);
352 service_get_channel_flags(struct service *service)
356 assert(service->s_magic == SERVICE_MAGIC);
359 if ((service->s_flags & CASPER_SERVICE_NO_UNIQ_LIMITS) != 0)
360 flags |= CASPER_NO_UNIQ;
370 fd = open(_PATH_DEVNULL, O_RDWR);
372 errx(1, "Unable to open %s", _PATH_DEVNULL);
375 errx(1, "Unable to detach from session");
377 if (dup2(fd, STDIN_FILENO) == -1)
378 errx(1, "Unable to cover stdin");
379 if (dup2(fd, STDOUT_FILENO) == -1)
380 errx(1, "Unable to cover stdout");
381 if (dup2(fd, STDERR_FILENO) == -1)
382 errx(1, "Unable to cover stderr");
384 if (fd > STDERR_FILENO)
389 service_clean(int sock, int procfd, uint64_t flags)
391 int fd, maxfd, minfd;
393 assert(sock > STDERR_FILENO);
394 assert(procfd > STDERR_FILENO);
395 assert(sock != procfd);
397 if ((flags & CASPER_SERVICE_STDIO) == 0)
400 if ((flags & CASPER_SERVICE_FD) == 0) {
409 for (fd = STDERR_FILENO + 1; fd < maxfd; fd++) {
413 closefrom(maxfd + 1);
418 service_start(struct service *service, int sock, int procfd)
420 struct service_connection *sconn, *sconntmp;
424 assert(service != NULL);
425 assert(service->s_magic == SERVICE_MAGIC);
426 setproctitle("%s", service->s_name);
427 service_clean(sock, procfd, service->s_flags);
429 if (service_connection_add(service, sock, NULL) == NULL)
435 for (sconn = service_connection_first(service); sconn != NULL;
436 sconn = service_connection_next(sconn)) {
437 maxfd = fd_add(&fds, maxfd,
438 service_connection_get_sock(sconn));
442 assert(maxfd + 1 <= (int)FD_SETSIZE);
443 nfds = select(maxfd + 1, &fds, NULL, NULL, NULL);
448 } else if (nfds == 0) {
453 for (sconn = service_connection_first(service); sconn != NULL;
456 * Prepare for connection to be removed from the list
459 sconntmp = service_connection_next(sconn);
460 if (FD_ISSET(service_connection_get_sock(sconn), &fds))
461 service_message(service, sconn);
463 if (service_connection_first(service) == NULL) {
465 * No connections left, exiting.