1 /* $OpenBSD: ypldap.c,v 1.16 2015/11/02 10:06:06 jmatthew Exp $ */
5 * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 #include <sys/types.h>
21 #include <sys/param.h>
22 #include <sys/queue.h>
23 #include <sys/socket.h>
24 #include <sys/signal.h>
28 #include <netinet/in.h>
29 #include <arpa/inet.h>
43 enum ypldap_process_type ypldap_process;
45 __dead2 void usage(void);
46 int check_child(pid_t, const char *);
47 void main_sig_handler(int, short, void *);
48 void main_shutdown(void);
49 void main_dispatch_client(int, short, void *);
50 void main_configure_client(struct env *);
51 void main_init_timer(int, short, void *);
52 void main_start_update(struct env *);
53 void main_trash_update(struct env *);
54 void main_end_update(struct env *);
55 int main_create_user_groups(struct env *);
56 void purge_config(struct env *);
57 void reconfigure(struct env *);
59 int pipe_main2client[2];
62 char *conffile = YPLDAP_CONF_FILE;
68 extern const char *__progname;
70 fprintf(stderr, "usage: %s [-dnv] [-D macro=value] [-f file]\n",
76 check_child(pid_t pid, const char *pname)
80 if (waitpid(pid, &status, WNOHANG) > 0) {
81 if (WIFEXITED(status)) {
82 log_warnx("check_child: lost child %s exited", pname);
85 if (WIFSIGNALED(status)) {
86 log_warnx("check_child: lost child %s terminated; "
87 "signal %d", pname, WTERMSIG(status));
96 main_sig_handler(int sig, short event, void *p)
106 if (check_child(client_pid, "ldap client")) {
117 fatalx("unexpected signal");
128 main_start_update(struct env *env)
130 env->update_trashed = 0;
132 log_debug("starting directory update");
133 env->sc_user_line_len = 0;
134 env->sc_group_line_len = 0;
135 if ((env->sc_user_names_t = calloc(1,
136 sizeof(*env->sc_user_names_t))) == NULL ||
137 (env->sc_group_names_t = calloc(1,
138 sizeof(*env->sc_group_names_t))) == NULL)
140 RB_INIT(env->sc_user_names_t);
141 RB_INIT(env->sc_group_names_t);
145 * XXX: Currently this function should only be called when updating is
146 * finished. A notification should be send to ldapclient that it should stop
147 * sending new pwd/grp entries before it can be called from different places.
150 main_trash_update(struct env *env)
155 env->update_trashed = 1;
157 while ((ue = RB_ROOT(env->sc_user_names_t)) != NULL) {
158 RB_REMOVE(user_name_tree,
159 env->sc_user_names_t, ue);
161 free(ue->ue_netid_line);
164 free(env->sc_user_names_t);
165 env->sc_user_names_t = NULL;
166 while ((ge = RB_ROOT(env->sc_group_names_t))
168 RB_REMOVE(group_name_tree,
169 env->sc_group_names_t, ge);
173 free(env->sc_group_names_t);
174 env->sc_group_names_t = NULL;
178 main_create_user_groups(struct env *env)
186 const char *errstr = NULL;
189 RB_FOREACH(ue, user_name_tree, env->sc_user_names_t) {
190 bp = cp = ue->ue_line;
193 bp += strlen(bp) + 1;
196 bp += strcspn(bp, ":") + 1;
199 bp += strcspn(bp, ":") + 1;
202 bp[strcspn(bp, ":")] = '\0';
204 pw_gid = (gid_t)strtonum(bp, 0, GID_MAX, &errstr);
206 log_warnx("main: failed to parse gid for uid: %d\n", ue->ue_uid);
210 /* bring gid column back to its proper state */
211 bp[strlen(bp)] = ':';
213 if ((ue->ue_netid_line = calloc(1, LINE_WIDTH)) == NULL) {
217 if (snprintf(ue->ue_netid_line, LINE_WIDTH-1, "%d:%d", ue->ue_uid, pw_gid) >= LINE_WIDTH) {
225 RB_FOREACH(ge, group_name_tree, env->sc_group_names_t) {
226 bp = cp = ge->ge_line;
229 bp += strlen(bp) + 1;
232 bp += strcspn(bp, ":") + 1;
235 bp += strcspn(bp, ":") + 1;
242 if (!(cp = strsep(&bp, ",")))
245 if ((ue = RB_FIND(user_name_tree, env->sc_user_names_t,
248 log_warnx("main: unknown user %s in group %s\n",
249 ukey.ue_line, ge->ge_line);
257 /* Make sure the new group doesn't equal to the main gid */
258 if (ge->ge_gid == ue->ue_gid)
261 len = strlen(ue->ue_netid_line);
262 p = ue->ue_netid_line + len;
264 if ((snprintf(p, LINE_WIDTH-len-1, ",%d",
265 ge->ge_gid)) >= (int)(LINE_WIDTH-len)) {
275 main_end_update(struct env *env)
280 if (env->update_trashed)
283 log_debug("updates are over, cleaning up trees now");
285 if (main_create_user_groups(env) == -1) {
286 main_trash_update(env);
290 if (env->sc_user_names == NULL) {
291 env->sc_user_names = env->sc_user_names_t;
292 env->sc_user_lines = NULL;
293 env->sc_user_names_t = NULL;
295 env->sc_group_names = env->sc_group_names_t;
296 env->sc_group_lines = NULL;
297 env->sc_group_names_t = NULL;
299 flatten_entries(env);
304 * clean previous tree.
306 while ((ue = RB_ROOT(env->sc_user_names)) != NULL) {
307 RB_REMOVE(user_name_tree, env->sc_user_names,
309 free(ue->ue_netid_line);
312 free(env->sc_user_names);
313 free(env->sc_user_lines);
315 env->sc_user_names = env->sc_user_names_t;
316 env->sc_user_lines = NULL;
317 env->sc_user_names_t = NULL;
319 while ((ge = RB_ROOT(env->sc_group_names)) != NULL) {
320 RB_REMOVE(group_name_tree,
321 env->sc_group_names, ge);
324 free(env->sc_group_names);
325 free(env->sc_group_lines);
327 env->sc_group_names = env->sc_group_names_t;
328 env->sc_group_lines = NULL;
329 env->sc_group_names_t = NULL;
332 flatten_entries(env);
335 * trees are flat now. build up uid, gid and netid trees.
339 RB_INIT(&env->sc_user_uids);
340 RB_INIT(&env->sc_group_gids);
341 RB_FOREACH(ue, user_name_tree, env->sc_user_names)
342 RB_INSERT(user_uid_tree,
343 &env->sc_user_uids, ue);
344 RB_FOREACH(ge, group_name_tree, env->sc_group_names)
345 RB_INSERT(group_gid_tree,
346 &env->sc_group_gids, ge);
351 main_dispatch_client(int fd, short events, void *p)
356 struct imsgev *iev = env->sc_iev;
357 struct imsgbuf *ibuf = &iev->ibuf;
361 if ((events & (EV_READ | EV_WRITE)) == 0)
362 fatalx("unknown event");
364 if (events & EV_READ) {
365 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
366 fatal("imsg_read error");
370 if (events & EV_WRITE) {
371 if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN)
372 fatal("msgbuf_write");
379 if ((n = imsg_get(ibuf, &imsg)) == -1)
380 fatal("main_dispatch_client: imsg_get error");
384 switch (imsg.hdr.type) {
385 case IMSG_START_UPDATE:
386 main_start_update(env);
388 case IMSG_PW_ENTRY: {
392 if (env->update_trashed)
395 (void)memcpy(&ir, imsg.data, sizeof(ir));
396 if ((ue = calloc(1, sizeof(*ue))) == NULL ||
397 (ue->ue_line = strdup(ir.ir_line)) == NULL) {
399 * should cancel tree update instead.
401 fatal("out of memory");
403 ue->ue_uid = ir.ir_key.ik_uid;
404 len = strlen(ue->ue_line) + 1;
405 ue->ue_line[strcspn(ue->ue_line, ":")] = '\0';
406 if (RB_INSERT(user_name_tree, env->sc_user_names_t,
407 ue) != NULL) { /* dup */
411 env->sc_user_line_len += len;
414 case IMSG_GRP_ENTRY: {
418 if (env->update_trashed)
421 (void)memcpy(&ir, imsg.data, sizeof(ir));
422 if ((ge = calloc(1, sizeof(*ge))) == NULL ||
423 (ge->ge_line = strdup(ir.ir_line)) == NULL) {
425 * should cancel tree update instead.
427 fatal("out of memory");
429 ge->ge_gid = ir.ir_key.ik_gid;
430 len = strlen(ge->ge_line) + 1;
431 ge->ge_line[strcspn(ge->ge_line, ":")] = '\0';
432 if (RB_INSERT(group_name_tree, env->sc_group_names_t,
433 ge) != NULL) { /* dup */
437 env->sc_group_line_len += len;
440 case IMSG_TRASH_UPDATE:
441 main_trash_update(env);
443 case IMSG_END_UPDATE: {
444 main_end_update(env);
448 log_debug("main_dispatch_client: unexpected imsg %d",
459 log_debug("king bula sez: ran into dead pipe");
461 event_loopexit(NULL);
466 main_configure_client(struct env *env)
469 struct imsgev *iev = env->sc_iev;
471 imsg_compose_event(iev, IMSG_CONF_START, 0, 0, -1, env, sizeof(*env));
472 TAILQ_FOREACH(idm, &env->sc_idms, idm_entry) {
473 imsg_compose_event(iev, IMSG_CONF_IDM, 0, 0, -1,
476 imsg_compose_event(iev, IMSG_CONF_END, 0, 0, -1, NULL, 0);
480 main_init_timer(int fd, short event, void *p)
484 main_configure_client(env);
488 purge_config(struct env *env)
492 while ((idm = TAILQ_FIRST(&env->sc_idms)) != NULL) {
493 TAILQ_REMOVE(&env->sc_idms, idm, idm_entry);
499 main(int argc, char *argv[])
505 struct event ev_sigint;
506 struct event ev_sigterm;
507 struct event ev_sigchld;
508 struct event ev_sighup;
509 struct event ev_timer;
513 ypldap_process = PROC_MAIN;
517 while ((c = getopt(argc, argv, "dD:nf:v")) != -1) {
523 if (cmdline_symset(optarg) < 0)
524 log_warnx("could not parse macro definition %s",
529 opts |= YPLDAP_OPT_NOACTION;
535 opts |= YPLDAP_OPT_VERBOSE;
548 RB_INIT(&env.sc_user_uids);
549 RB_INIT(&env.sc_group_gids);
551 if (parse_config(&env, conffile, opts))
553 if (opts & YPLDAP_OPT_NOACTION) {
554 fprintf(stderr, "configuration OK\n");
559 errx(1, "need root privileges");
564 if (daemon(1, 0) == -1)
565 err(1, "failed to daemonize");
568 log_info("startup%s", (debug > 1)?" [debug mode]":"");
570 if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, PF_UNSPEC,
571 pipe_main2client) == -1)
574 client_pid = ldapclient(pipe_main2client);
576 setproctitle("parent");
579 signal_set(&ev_sigint, SIGINT, main_sig_handler, &env);
580 signal_set(&ev_sigterm, SIGTERM, main_sig_handler, &env);
581 signal_set(&ev_sighup, SIGHUP, main_sig_handler, &env);
582 signal_set(&ev_sigchld, SIGCHLD, main_sig_handler, &env);
583 signal_add(&ev_sigint, NULL);
584 signal_add(&ev_sigterm, NULL);
585 signal_add(&ev_sighup, NULL);
586 signal_add(&ev_sigchld, NULL);
588 close(pipe_main2client[1]);
589 if ((env.sc_iev = calloc(1, sizeof(*env.sc_iev))) == NULL)
591 imsg_init(&env.sc_iev->ibuf, pipe_main2client[0]);
592 env.sc_iev->handler = main_dispatch_client;
594 env.sc_iev->events = EV_READ;
595 env.sc_iev->data = &env;
596 event_set(&env.sc_iev->ev, env.sc_iev->ibuf.fd, env.sc_iev->events,
597 env.sc_iev->handler, &env);
598 event_add(&env.sc_iev->ev, NULL);
602 if ((pw = getpwnam(YPLDAP_USER)) == NULL)
606 if (setgroups(1, &pw->pw_gid) ||
607 setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
608 setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
609 fatal("cannot drop privileges");
611 #warning disabling privilege revocation in debug mode
614 memset(&tv, 0, sizeof(tv));
615 evtimer_set(&ev_timer, main_init_timer, &env);
616 evtimer_add(&ev_timer, &tv);
626 imsg_event_add(struct imsgev *iev)
628 if (iev->handler == NULL) {
629 imsg_flush(&iev->ibuf);
633 iev->events = EV_READ;
634 if (iev->ibuf.w.queued)
635 iev->events |= EV_WRITE;
638 event_set(&iev->ev, iev->ibuf.fd, iev->events, iev->handler, iev->data);
639 event_add(&iev->ev, NULL);
643 imsg_compose_event(struct imsgev *iev, u_int16_t type, u_int32_t peerid,
644 pid_t pid, int fd, void *data, u_int16_t datalen)
648 if ((ret = imsg_compose(&iev->ibuf, type, peerid,
649 pid, fd, data, datalen)) != -1)