diff options
Diffstat (limited to 'src/irmd/main.c')
-rw-r--r-- | src/irmd/main.c | 3040 |
1 files changed, 1283 insertions, 1757 deletions
diff --git a/src/irmd/main.c b/src/irmd/main.c index 22d94136..5d91baf0 100644 --- a/src/irmd/main.c +++ b/src/irmd/main.c @@ -1,5 +1,5 @@ /* - * Ouroboros - Copyright (C) 2016 - 2021 + * Ouroboros - Copyright (C) 2016 - 2024 * * The IPC Resource Manager * @@ -30,28 +30,28 @@ #define OUROBOROS_PREFIX "irmd" -#include <ouroboros/hash.h> +#include <ouroboros/bitmap.h> +#include <ouroboros/crypt.h> #include <ouroboros/errno.h> -#include <ouroboros/sockets.h> -#include <ouroboros/list.h> -#include <ouroboros/utils.h> +#include <ouroboros/flow.h> +#include <ouroboros/hash.h> #include <ouroboros/irm.h> +#include <ouroboros/list.h> #include <ouroboros/lockfile.h> -#include <ouroboros/shm_rbuff.h> +#include <ouroboros/logs.h> +#include <ouroboros/pthread.h> +#include <ouroboros/rib.h> #include <ouroboros/shm_rdrbuff.h> -#include <ouroboros/bitmap.h> -#include <ouroboros/qos.h> -#include <ouroboros/time_utils.h> +#include <ouroboros/sockets.h> +#include <ouroboros/time.h> #include <ouroboros/tpm.h> -#include <ouroboros/logs.h> +#include <ouroboros/utils.h> #include <ouroboros/version.h> -#include <ouroboros/pthread.h> -#include "utils.h" -#include "registry.h" -#include "irm_flow.h" -#include "proc_table.h" +#include "irmd.h" #include "ipcp.h" +#include "reg/reg.h" +#include "configfile.h" #include <sys/socket.h> #include <sys/un.h> @@ -69,60 +69,30 @@ #define IRMD_CLEANUP_TIMER ((IRMD_FLOW_TIMEOUT / 20) * MILLION) /* ns */ #define SHM_SAN_HOLDOFF 1000 /* ms */ -#define IPCP_HASH_LEN(e) hash_len(e->dir_hash_algo) -#define IB_LEN SOCK_BUF_SIZE +#define IPCP_HASH_LEN(p) hash_len((p)->dir_hash_algo) #define BIND_TIMEOUT 10 /* ms */ #define DEALLOC_TIME 300 /* s */ - -enum init_state { - IPCP_NULL = 0, - IPCP_BOOT, - IPCP_LIVE -}; - -struct ipcp_entry { - struct list_head next; - - char * name; - pid_t pid; - enum ipcp_type type; - enum hash_algo dir_hash_algo; - char * layer; - - enum init_state state; - pthread_cond_t cond; - pthread_mutex_t lock; -}; +#define MSGBUFSZ 2048 enum irm_state { IRMD_NULL = 0, - IRMD_RUNNING + IRMD_RUNNING, + IRMD_SHUTDOWN }; struct cmd { struct list_head next; - uint8_t cbuf[IB_LEN]; + uint8_t cbuf[SOCK_BUF_SIZE]; size_t len; int fd; }; struct { - struct list_head registry; /* registered names known */ - size_t n_names; /* number of names */ - - struct list_head ipcps; /* list of ipcps in system */ - size_t n_ipcps; /* number of ipcps */ - - struct list_head proc_table; /* processes */ - struct list_head prog_table; /* programs known */ - struct list_head spawned_pids; /* child processes */ - pthread_rwlock_t reg_lock; /* lock for registration info */ - - struct bmp * flow_ids; /* flow_ids for flows */ - struct list_head irm_flows; /* flow information */ - pthread_rwlock_t flows_lock; /* lock for flows */ - + bool log_stdout; /* log to stdout */ +#ifdef HAVE_TOML + char * cfg_file; /* configuration file path */ +#endif struct lockfile * lf; /* single irmd per system */ struct shm_rdrbuff * rdrb; /* rdrbuff for packets */ @@ -163,492 +133,260 @@ static void irmd_set_state(enum irm_state state) pthread_rwlock_unlock(&irmd.state_lock); } -static void clear_irm_flow(struct irm_flow * f) { - ssize_t idx; - - assert(f); - - if (f->len != 0) { - free(f->data); - f->len = 0; - } - - while ((idx = shm_rbuff_read(f->n_rb)) >= 0) - shm_rdrbuff_remove(irmd.rdrb, idx); - - while ((idx = shm_rbuff_read(f->n_1_rb)) >= 0) - shm_rdrbuff_remove(irmd.rdrb, idx); -} - -static struct irm_flow * get_irm_flow(int flow_id) +static pid_t spawn_program(char ** argv) { - struct list_head * pos = NULL; + pid_t pid; + struct stat s; - list_for_each(pos, &irmd.irm_flows) { - struct irm_flow * e = list_entry(pos, struct irm_flow, next); - if (e->flow_id == flow_id) - return e; + if (stat(argv[0], &s) != 0) { + log_warn("Program %s does not exist.", argv[0]); + return -1; } - return NULL; -} - -static struct irm_flow * get_irm_flow_n(pid_t n_pid) -{ - struct list_head * pos = NULL; - - list_for_each(pos, &irmd.irm_flows) { - struct irm_flow * e = list_entry(pos, struct irm_flow, next); - if (e->n_pid == n_pid && - irm_flow_get_state(e) == FLOW_ALLOC_PENDING) - return e; + if (!(s.st_mode & S_IXUSR)) { + log_warn("Program %s is not executable.", argv[0]); + return -1; } - return NULL; -} - -static struct ipcp_entry * ipcp_entry_create(const char * name, - enum ipcp_type type) -{ - struct ipcp_entry * e; - pthread_condattr_t cattr; - - e = malloc(sizeof(*e)); - if (e == NULL) - goto fail_malloc; - - e->layer = NULL; - e->type = type; - e->state = IPCP_BOOT; - e->name = strdup(name); - if (e->name == NULL) - goto fail_name; - - if (pthread_condattr_init(&cattr)) - goto fail_cattr; -#ifndef __APPLE__ - pthread_condattr_setclock(&cattr, PTHREAD_COND_CLOCK); -#endif - if (pthread_cond_init(&e->cond, &cattr)) - goto fail_cond; - - if (pthread_mutex_init(&e->lock, NULL)) - goto fail_mutex; - - - list_head_init(&e->next); - - pthread_condattr_destroy(&cattr); - - return e; - - fail_mutex: - pthread_cond_destroy(&e->cond); - fail_cond: - pthread_condattr_destroy(&cattr); - fail_cattr: - free(e->name); - fail_name: - free(e); - fail_malloc: - return NULL; -} - -static void ipcp_entry_destroy(struct ipcp_entry * e) -{ - assert(e); - - pthread_mutex_lock(&e->lock); - - while (e->state == IPCP_BOOT) - pthread_cond_wait(&e->cond, &e->lock); - - pthread_mutex_unlock(&e->lock); + if (posix_spawn(&pid, argv[0], NULL, NULL, argv, NULL)) { + log_err("Failed to spawn new process for %s.", argv[0]); + return -1; + } - free(e->name); - free(e->layer); - free(e); -} + log_info("Instantiated %s as process %d.", argv[0], pid); -static void ipcp_entry_set_state(struct ipcp_entry * e, - enum init_state state) -{ - pthread_mutex_lock(&e->lock); - e->state = state; - pthread_cond_broadcast(&e->cond); - pthread_mutex_unlock(&e->lock); + return pid; } -static int ipcp_entry_wait_boot(struct ipcp_entry * e) +static pid_t spawn_ipcp(struct ipcp_info * info) { - int ret = 0; - struct timespec dl; - struct timespec to = {SOCKET_TIMEOUT / 1000, - (SOCKET_TIMEOUT % 1000) * MILLION}; - - clock_gettime(PTHREAD_COND_CLOCK, &dl); - ts_add(&dl, &to, &dl); - - pthread_mutex_lock(&e->lock); - - while (e->state == IPCP_BOOT && ret != ETIMEDOUT) - ret = pthread_cond_timedwait(&e->cond, &e->lock, &dl); - - if (ret == ETIMEDOUT) { - kill(e->pid, SIGTERM); - e->state = IPCP_NULL; - pthread_cond_signal(&e->cond); + char * exec_name = NULL; + char irmd_pid[10]; + char full_name[256]; + char * argv[5]; + pid_t pid; + + switch(info->type) { + case IPCP_UNICAST: + exec_name = IPCP_UNICAST_EXEC; + break; + case IPCP_BROADCAST: + exec_name = IPCP_BROADCAST_EXEC; + break; + case IPCP_UDP: + exec_name = IPCP_UDP_EXEC; + break; + case IPCP_ETH_LLC: + exec_name = IPCP_ETH_LLC_EXEC; + break; + case IPCP_ETH_DIX: + exec_name = IPCP_ETH_DIX_EXEC; + break; + case IPCP_LOCAL: + exec_name = IPCP_LOCAL_EXEC; + break; + default: + assert(false); } - if (e->state != IPCP_LIVE) { - pthread_mutex_unlock(&e->lock); + if (exec_name == NULL) { + log_err("IPCP type not installed."); return -1; } - pthread_mutex_unlock(&e->lock); - - return 0; -} - -static struct ipcp_entry * get_ipcp_entry_by_pid(pid_t pid) -{ - struct list_head * p; + sprintf(irmd_pid, "%u", getpid()); - list_for_each(p, &irmd.ipcps) { - struct ipcp_entry * e = list_entry(p, struct ipcp_entry, next); - if (e->pid == pid) - return e; - } + strcpy(full_name, INSTALL_PREFIX"/"INSTALL_SBINDIR"/"); + strcat(full_name, exec_name); - return NULL; -} + /* log_file to be placed at the end */ + argv[0] = full_name; + argv[1] = irmd_pid; + argv[2] = (char *) info->name; + if (log_syslog) + argv[3] = "1"; + else + argv[3] = NULL; -static struct ipcp_entry * get_ipcp_entry_by_name(const char * name) -{ - struct list_head * p; + argv[4] = NULL; - list_for_each(p, &irmd.ipcps) { - struct ipcp_entry * e = list_entry(p, struct ipcp_entry, next); - if (strcmp(name, e->name) == 0) - return e; + pid = spawn_program(argv); + if (pid < 0) { + log_err("Failed to spawn IPCP %s.", info->name); + return -1; } - return NULL; -} - -static struct ipcp_entry * get_ipcp_entry_by_layer(const char * layer) -{ - struct list_head * p; + info->pid = pid; + info->state = IPCP_BOOT; - list_for_each(p, &irmd.ipcps) { - struct ipcp_entry * e = list_entry(p, struct ipcp_entry, next); - if (strcmp(layer, e->layer) == 0) - return e; - } - - return NULL; + return 0; } -static struct ipcp_entry * get_ipcp_by_dst_name(const char * name, - pid_t src) +static int kill_ipcp(pid_t pid) { - struct list_head * p; - struct list_head * h; - uint8_t * hash; - pid_t pid; - size_t len; - - pthread_rwlock_rdlock(&irmd.reg_lock); + int status; - list_for_each_safe(p, h, &irmd.ipcps) { - struct ipcp_entry * e = list_entry(p, struct ipcp_entry, next); - if (e->layer == NULL || e->pid == src) - continue; - - len = IPCP_HASH_LEN(e); - - hash = malloc(len); - if (hash == NULL) { - pthread_rwlock_unlock(&irmd.reg_lock); - return NULL; - } - - str_hash(e->dir_hash_algo, hash, name); - - pid = e->pid; - - pthread_rwlock_unlock(&irmd.reg_lock); - - if (ipcp_query(pid, hash, len) == 0) { - free(hash); - return e; - } - - free(hash); - - pthread_rwlock_rdlock(&irmd.reg_lock); + if (kill(pid, SIGTERM) < 0) { + log_err("Failed to destroy IPCP: %s.", strerror(errno)); + return -1; } - pthread_rwlock_unlock(&irmd.reg_lock); + waitpid(pid, &status, 0); - return NULL; + return 0; } -static pid_t create_ipcp(const char * name, - enum ipcp_type type) +int create_ipcp(struct ipcp_info * info) { - struct pid_el * ppid; - struct ipcp_entry * entry; - struct list_head * p; - pid_t pid; + struct timespec abstime; + struct timespec timeo = TIMESPEC_INIT_MS(SOCKET_TIMEOUT); + int status; - pthread_rwlock_rdlock(&irmd.reg_lock); + assert(info->pid == 0); - entry = get_ipcp_entry_by_name(name); - if (entry != NULL) { - pthread_rwlock_unlock(&irmd.reg_lock); - log_err("IPCP by that name already exists."); - return -EPERM; - } - - pthread_rwlock_unlock(&irmd.reg_lock); - - ppid = malloc(sizeof(*ppid)); - if (ppid == NULL) - goto fail_ppid; - - entry = ipcp_entry_create(name, type); - if (entry == NULL) { - log_err("Failed to create IPCP entry."); - goto fail_ipcp_entry; - } + clock_gettime(PTHREAD_COND_CLOCK, &abstime); + ts_add(&abstime, &timeo, &abstime); - pid = ipcp_create(name, type); - if (pid == -1) { + if (spawn_ipcp(info) < 0) { log_err("Failed to create IPCP."); goto fail_ipcp; } - entry->pid = pid; - - pthread_rwlock_wrlock(&irmd.reg_lock); - - list_for_each(p, &irmd.ipcps) { - if (list_entry(p, struct ipcp_entry, next)->type > type) - break; + if (reg_create_ipcp(info) < 0) { + log_err("Failed to create IPCP entry."); + goto fail_reg_ipcp; } - list_add_tail(&entry->next, p); - ++irmd.n_ipcps; - - ppid->pid = entry->pid; - list_add(&ppid->next, &irmd.spawned_pids); - - pthread_rwlock_unlock(&irmd.reg_lock); - - /* IRMd maintenance will clean up if booting fails. */ - if (ipcp_entry_wait_boot(entry)) { - log_err("IPCP %d failed to boot.", pid); - return -1; + if (reg_wait_ipcp_boot(info, &abstime)) { + log_err("IPCP %d failed to boot.", info->pid); + goto fail_boot; } - log_info("Created IPCP %d.", pid); + log_info("Created IPCP %d.", info->pid); - return pid; + return 0; - fail_ipcp: - ipcp_entry_destroy(entry); - fail_ipcp_entry: - free(ppid); - fail_ppid: + fail_boot: + waitpid(info->pid, &status, 0); + reg_destroy_proc(info->pid); return -1; -} - -static int create_ipcp_r(pid_t pid, - int result) -{ - struct list_head * p; - - pthread_rwlock_rdlock(&irmd.reg_lock); - - list_for_each(p, &irmd.ipcps) { - struct ipcp_entry * e = list_entry(p, struct ipcp_entry, next); - if (e->pid == pid) { - ipcp_entry_set_state(e, result ? IPCP_NULL : IPCP_LIVE); - break; - } - } - - pthread_rwlock_unlock(&irmd.reg_lock); - return 0; + fail_reg_ipcp: + kill_ipcp(info->pid); + fail_ipcp: + return -1; } -static void clear_spawned_process(pid_t pid) +static int create_ipcp_r(struct ipcp_info * info) { - struct list_head * p; - struct list_head * h; - - list_for_each_safe(p, h, &(irmd.spawned_pids)) { - struct pid_el * a = list_entry(p, struct pid_el, next); - if (a->pid == pid) { - list_del(&a->next); - free(a); - } - } + return reg_respond_ipcp(info); } static int destroy_ipcp(pid_t pid) { - struct list_head * p; - struct list_head * h; - - pthread_rwlock_wrlock(&irmd.reg_lock); - - list_for_each_safe(p, h, &irmd.ipcps) { - struct ipcp_entry * e = list_entry(p, struct ipcp_entry, next); - if (e->pid == pid) { - clear_spawned_process(pid); - if (ipcp_destroy(pid)) - log_err("Could not destroy IPCP."); - list_del(&e->next); - ipcp_entry_destroy(e); - --irmd.n_ipcps; - log_info("Destroyed IPCP %d.", pid); - } + if (kill_ipcp(pid)) { + log_err("Could not destroy IPCP."); + goto fail; } - pthread_rwlock_unlock(&irmd.reg_lock); + if (reg_destroy_proc(pid)) { + log_err("Failed to remove IPCP from registry."); + goto fail; + } return 0; + fail: + return -1; } -static int bootstrap_ipcp(pid_t pid, - ipcp_config_msg_t * conf) +int bootstrap_ipcp(pid_t pid, + struct ipcp_config * conf) { - struct ipcp_entry * entry; - struct layer_info info; + struct ipcp_info info; + struct layer_info layer; - pthread_rwlock_wrlock(&irmd.reg_lock); + info.pid = pid; - entry = get_ipcp_entry_by_pid(pid); - if (entry == NULL) { - pthread_rwlock_unlock(&irmd.reg_lock); - log_err("No such IPCP."); - return -1; + if (reg_get_ipcp(&info, NULL) < 0) { + log_err("Could not find IPCP %d.", pid); + goto fail; } - if (entry->type != (enum ipcp_type) conf->ipcp_type) { - pthread_rwlock_unlock(&irmd.reg_lock); - log_err("Configuration does not match IPCP type."); - return -1; - } + if (conf->type == IPCP_UDP) + conf->layer_info.dir_hash_algo = (enum pol_dir_hash) HASH_MD5; - if (ipcp_bootstrap(entry->pid, conf, &info)) { - pthread_rwlock_unlock(&irmd.reg_lock); + if (ipcp_bootstrap(pid, conf, &layer)) { log_err("Could not bootstrap IPCP."); - return -1; - } - - entry->layer = strdup(info.layer_name); - if (entry->layer == NULL) { - pthread_rwlock_unlock(&irmd.reg_lock); - log_warn("Failed to set name of layer."); - return -ENOMEM; + goto fail; } - entry->dir_hash_algo = info.dir_hash_algo; + info.state = IPCP_BOOTSTRAPPED; - pthread_rwlock_unlock(&irmd.reg_lock); + if (reg_set_layer_for_ipcp(&info, &layer) < 0) { + log_err("Failed to set layer info for IPCP."); + goto fail; + } - log_info("Bootstrapped IPCP %d in layer %s.", - pid, conf->layer_info->layer_name); + log_info("Bootstrapped IPCP %d.", pid); return 0; + fail: + return -1; } -static int enroll_ipcp(pid_t pid, - char * dst) +int enroll_ipcp(pid_t pid, + const char * dst) { - struct ipcp_entry * entry = NULL; - struct layer_info info; + struct layer_info layer; + struct ipcp_info info; - pthread_rwlock_wrlock(&irmd.reg_lock); + info.pid = pid; - entry = get_ipcp_entry_by_pid(pid); - if (entry == NULL) { - pthread_rwlock_unlock(&irmd.reg_lock); - log_err("No such IPCP."); - return -1; - } - - if (entry->layer != NULL) { - pthread_rwlock_unlock(&irmd.reg_lock); - log_err("IPCP in wrong state"); - return -1; + if (reg_get_ipcp(&info, NULL) < 0) { + log_err("Could not find IPCP."); + goto fail; } - pthread_rwlock_unlock(&irmd.reg_lock); - - if (ipcp_enroll(pid, dst, &info) < 0) { + if (ipcp_enroll(pid, dst, &layer) < 0) { log_err("Could not enroll IPCP %d.", pid); - return -1; - } - - pthread_rwlock_wrlock(&irmd.reg_lock); - - entry = get_ipcp_entry_by_pid(pid); - if (entry == NULL) { - pthread_rwlock_unlock(&irmd.reg_lock); - log_err("No such IPCP."); - return -1; + goto fail; } - entry->layer = strdup(info.layer_name); - if (entry->layer == NULL) { - pthread_rwlock_unlock(&irmd.reg_lock); - log_err("Failed to strdup layer_name."); - return -ENOMEM; + if (reg_set_layer_for_ipcp(&info, &layer) < 0) { + log_err("Failed to set layer info for IPCP."); + goto fail; } - entry->dir_hash_algo = info.dir_hash_algo; - - pthread_rwlock_unlock(&irmd.reg_lock); - - log_info("Enrolled IPCP %d in layer %s.", - pid, info.layer_name); + log_info("Enrolled IPCP %d in layer %s.", pid, layer.name); return 0; + fail: + return -1; } -static int connect_ipcp(pid_t pid, - const char * dst, - const char * component, - qosspec_t qs) +int connect_ipcp(pid_t pid, + const char * dst, + const char * component, + qosspec_t qs) { - struct ipcp_entry * entry = NULL; + struct ipcp_info info; - pthread_rwlock_rdlock(&irmd.reg_lock); + info.pid = pid; - entry = get_ipcp_entry_by_pid(pid); - if (entry == NULL) { - pthread_rwlock_unlock(&irmd.reg_lock); + if (reg_get_ipcp(&info, NULL) < 0) { log_err("No such IPCP."); return -EIPCP; } - if (entry->type != IPCP_UNICAST && entry->type != IPCP_BROADCAST) { - pthread_rwlock_unlock(&irmd.reg_lock); + if (info.type != IPCP_UNICAST && info.type != IPCP_BROADCAST) { log_err("Cannot establish connections for this IPCP type."); return -EIPCP; } - pthread_rwlock_unlock(&irmd.reg_lock); - log_dbg("Connecting %s to %s.", component, dst); if (ipcp_connect(pid, dst, component, qs)) { - log_err("Could not connect IPCP."); + log_err("Could not connect IPCP %d to %s.", pid, dst); return -EPERM; } @@ -662,25 +400,20 @@ static int disconnect_ipcp(pid_t pid, const char * dst, const char * component) { - struct ipcp_entry * entry = NULL; + struct ipcp_info info; - pthread_rwlock_rdlock(&irmd.reg_lock); + info.pid = pid; - entry = get_ipcp_entry_by_pid(pid); - if (entry == NULL) { - pthread_rwlock_unlock(&irmd.reg_lock); + if (reg_get_ipcp(&info, NULL) < 0) { log_err("No such IPCP."); return -EIPCP; } - if (entry->type != IPCP_UNICAST) { - pthread_rwlock_unlock(&irmd.reg_lock); + if (info.type != IPCP_UNICAST && info.type != IPCP_BROADCAST) { log_err("Cannot tear down connections for this IPCP type."); return -EIPCP; } - pthread_rwlock_unlock(&irmd.reg_lock); - if (ipcp_disconnect(pid, dst, component)) { log_err("Could not disconnect IPCP."); return -EPERM; @@ -692,173 +425,120 @@ static int disconnect_ipcp(pid_t pid, return 0; } -static int bind_program(char * prog, - char * name, - uint16_t flags, - int argc, - char ** argv) +int bind_program(char ** exec, + const char * name, + uint8_t flags) { - char * progs; - char ** argv_dup = NULL; - int i; - char * name_dup = NULL; - struct prog_entry * e = NULL; - struct reg_entry * re = NULL; - - if (prog == NULL || name == NULL) - return -EINVAL; + struct prog_info prog; + struct name_info ni; - pthread_rwlock_wrlock(&irmd.reg_lock); + if (name == NULL || exec == NULL || exec[0] == NULL) + return -EINVAL; - e = prog_table_get(&irmd.prog_table, path_strip(prog)); - if (e == NULL) { - progs = strdup(path_strip(prog)); - if (progs == NULL) { - pthread_rwlock_unlock(&irmd.reg_lock); - return -ENOMEM; - } + memset(&prog, 0, sizeof(prog)); + memset(&ni, 0, sizeof(ni)); - if ((flags & BIND_AUTO) && argc) { - /* We need to duplicate argv and set argv[0] to prog. */ - argv_dup = malloc((argc + 2) * sizeof(*argv_dup)); - argv_dup[0] = strdup(prog); - for (i = 1; i <= argc; ++i) { - argv_dup[i] = strdup(argv[i - 1]); - if (argv_dup[i] == NULL) { - pthread_rwlock_unlock(&irmd.reg_lock); - argvfree(argv_dup); - log_err("Failed to bind program " - "%s to %s.", - prog, name); - free(progs); - return -ENOMEM; - } - } - argv_dup[argc + 1] = NULL; - } - e = prog_entry_create(progs, flags, argv_dup); - if (e == NULL) { - pthread_rwlock_unlock(&irmd.reg_lock); - free(progs); - argvfree(argv_dup); - return -ENOMEM; - } - prog_table_add(&irmd.prog_table, e); + if (!reg_has_prog(exec[0])) { + strcpy(prog.name, path_strip(exec[0])); + strcpy(prog.path, exec[0]); + if (reg_create_prog(&prog) < 0) + goto fail_prog; } - name_dup = strdup(name); - if (name_dup == NULL) { - pthread_rwlock_unlock(&irmd.reg_lock); - return -ENOMEM; + if (!reg_has_name(name)) { + ni.pol_lb = LB_SPILL; + strcpy(ni.name, name); + if (reg_create_name(&ni) < 0) { + log_err("Failed to create name %s.", name); + goto fail_name; + } } - if (prog_entry_add_name(e, name_dup)) { - log_err("Failed adding name."); - pthread_rwlock_unlock(&irmd.reg_lock); - free(name_dup); - return -ENOMEM; + if (reg_bind_prog(name, exec, flags) < 0) { + log_err("Failed to bind program %s to name %s", exec[0], name); + goto fail_bind; } - re = registry_get_entry(&irmd.registry, name); - if (re != NULL && reg_entry_add_prog(re, e) < 0) - log_err("Failed adding program %s for name %s.", prog, name); - - pthread_rwlock_unlock(&irmd.reg_lock); - - log_info("Bound program %s to name %s.", prog, name); + log_info("Bound program %s to name %s.", exec[0], name); return 0; + + fail_bind: + if (strlen(ni.name) > 0) + reg_destroy_name(name); + fail_name: + if (strlen(prog.name) > 0) + reg_destroy_prog(exec[0]); + fail_prog: + return -1; } -static int bind_process(pid_t pid, - char * name) +int bind_process(pid_t pid, + const char * name) { - char * name_dup = NULL; - struct proc_entry * e = NULL; - struct reg_entry * re = NULL; - struct timespec now; - struct timespec dl = {0, 10 * MILLION}; + struct timespec abstime; + struct timespec timeo = TIMESPEC_INIT_MS(10); + struct name_info ni; if (name == NULL) return -EINVAL; - clock_gettime(PTHREAD_COND_CLOCK, &now); - - ts_add(&dl, &now, &dl); + clock_gettime(PTHREAD_COND_CLOCK, &abstime); + ts_add(&abstime, &timeo, &abstime); - pthread_rwlock_wrlock(&irmd.reg_lock); - - while (!kill(pid, 0)) { - e = proc_table_get(&irmd.proc_table, pid); - if (e != NULL || ts_diff_ms(&now, &dl) > 0) - break; - clock_gettime(PTHREAD_COND_CLOCK, &now); - sched_yield(); - } - - if (e == NULL) { + if (reg_wait_proc(pid, &abstime) < 0) { log_err("Process %d does not %s.", pid, kill(pid, 0) ? "exist" : "respond"); - pthread_rwlock_unlock(&irmd.reg_lock); - return -1; + goto fail; } - name_dup = strdup(name); - if (name_dup == NULL) { - pthread_rwlock_unlock(&irmd.reg_lock); - return -ENOMEM; + memset(&ni, 0, sizeof(ni)); + + if (!reg_has_name(name)) { + ni.pol_lb = LB_SPILL; + strcpy(ni.name, name); + if (reg_create_name(&ni) < 0) { + log_err("Failed to create name %s.", name); + goto fail; + } } - if (proc_entry_add_name(e, name_dup)) { - pthread_rwlock_unlock(&irmd.reg_lock); + if (reg_bind_proc(name, pid) < 0) { log_err("Failed to add name %s to process %d.", name, pid); - free(name_dup); - return -1; + goto fail_bind; } - re = registry_get_entry(&irmd.registry, name); - if (re != NULL && reg_entry_add_pid(re, pid) < 0) - log_err("Failed adding process %d for name %s.", pid, name); - - pthread_rwlock_unlock(&irmd.reg_lock); - log_info("Bound process %d to name %s.", pid, name); return 0; + + fail_bind: + if (strlen(ni.name) > 0) + reg_destroy_name(name); + fail: + return -1; + } -static int unbind_program(char * prog, - char * name) +static int unbind_program(const char * prog, + const char * name) { - struct reg_entry * e; - if (prog == NULL) return -EINVAL; - pthread_rwlock_wrlock(&irmd.reg_lock); - - if (name == NULL) - prog_table_del(&irmd.prog_table, prog); - else { - struct prog_entry * en = prog_table_get(&irmd.prog_table, prog); - if (en == NULL) { - pthread_rwlock_unlock(&irmd.reg_lock); - return -EINVAL; + if (name == NULL) { + if (reg_destroy_prog(prog) < 0) { + log_err("Failed to unbind %s.", prog); + return -1; } - - prog_entry_del_name(en, name); - - e = registry_get_entry(&irmd.registry, name); - if (e != NULL) - reg_entry_del_prog(e, prog); - } - - pthread_rwlock_unlock(&irmd.reg_lock); - - if (name == NULL) log_info("Program %s unbound.", prog); - else - log_info("All names matching %s unbound for %s.", name, prog); + } else { + if (reg_unbind_prog(name, prog) < 0) { + log_err("Failed to unbind %s from %s", prog, name); + return -1; + } + log_info("Name %s unbound for %s.", name, prog); + } return 0; } @@ -866,1128 +546,732 @@ static int unbind_program(char * prog, static int unbind_process(pid_t pid, const char * name) { - struct reg_entry * e; - - pthread_rwlock_wrlock(&irmd.reg_lock); - - if (name == NULL) - proc_table_del(&irmd.proc_table, pid); - else { - struct proc_entry * en = proc_table_get(&irmd.proc_table, pid); - if (en != NULL) - proc_entry_del_name(en, name); - - e = registry_get_entry(&irmd.registry, name); - if (e != NULL) - reg_entry_del_pid(e, pid); - } - - pthread_rwlock_unlock(&irmd.reg_lock); - - if (name == NULL) + if (name == NULL) { + if (reg_destroy_proc(pid) < 0) { + log_err("Failed to unbind %d.", pid); + return -1; + } log_info("Process %d unbound.", pid); - else - log_info("All names matching %s unbound for %d.", name, pid); + } else { + if (reg_unbind_proc(name, pid) < 0) { + log_err("Failed to unbind %d from %s", pid, name); + return -1; + } + log_info("Name %s unbound for process %d.", name, pid); + } return 0; } -static ssize_t list_ipcps(ipcp_info_msg_t *** ipcps, - size_t * n_ipcps) +static int list_ipcps(ipcp_list_msg_t *** ipcps, + size_t * n_ipcps) { - struct list_head * p; - int i = 0; - - pthread_rwlock_rdlock(&irmd.reg_lock); - - *n_ipcps = irmd.n_ipcps; - if (*n_ipcps == 0) { - pthread_rwlock_unlock(&irmd.reg_lock); - return 0; - } - - *ipcps = malloc(irmd.n_ipcps * sizeof(**ipcps)); - if (*ipcps == NULL) { - pthread_rwlock_unlock(&irmd.reg_lock); - *n_ipcps = 0; - return -ENOMEM; - } + int n; - list_for_each(p, &irmd.ipcps) { - struct ipcp_entry * e = list_entry(p, struct ipcp_entry, next); - (*ipcps)[i] = malloc(sizeof(***ipcps)); - if ((*ipcps)[i] == NULL) { - --i; - goto fail; - } - - ipcp_info_msg__init((*ipcps)[i]); - (*ipcps)[i]->name = strdup(e->name); - if ((*ipcps)[i]->name == NULL) - goto fail; - - (*ipcps)[i]->layer = strdup( - e->layer != NULL ? e->layer : "Not enrolled"); - if ((*ipcps)[i]->layer == NULL) - goto fail; - - (*ipcps)[i]->pid = e->pid; - (*ipcps)[i++]->type = e->type; - } + n = reg_list_ipcps(ipcps); + if (n < 0) + goto fail; - pthread_rwlock_unlock(&irmd.reg_lock); + *n_ipcps = (size_t) n; return 0; - fail: - pthread_rwlock_unlock(&irmd.reg_lock); - while (i >= 0) { - free((*ipcps)[i]->layer); - free((*ipcps)[i]->name); - free(*ipcps[i--]); - } - free(*ipcps); + *ipcps = NULL; *n_ipcps = 0; - return -ENOMEM; + return -1; } -static int name_create(const char * name, - enum pol_balance pol) +int name_create(const struct name_info * info) { - struct reg_entry * re; - struct list_head * p; + int ret; - assert(name); + assert(info != NULL); - pthread_rwlock_wrlock(&irmd.reg_lock); - - if (registry_has_name(&irmd.registry, name)) { - pthread_rwlock_unlock(&irmd.reg_lock); - log_err("Registry entry for %s already exists.", name); - return -ENAME; - } - - re = registry_add_name(&irmd.registry, name); - if (re == NULL) { - pthread_rwlock_unlock(&irmd.reg_lock); - log_err("Failed creating registry entry for %s.", name); - return -ENOMEM; - } - ++irmd.n_names; - reg_entry_set_policy(re, pol); - - /* check the tables for existing bindings */ - list_for_each(p, &irmd.proc_table) { - struct list_head * q; - struct proc_entry * e; - e = list_entry(p, struct proc_entry, next); - list_for_each(q, &e->names) { - struct str_el * s; - s = list_entry(q, struct str_el, next); - if (!strcmp(s->str, name)) - reg_entry_add_pid(re, e->pid); - } + ret = reg_create_name(info); + if (ret == -EEXIST) { + log_info("Name %s already exists.", info->name); + return 0; } - list_for_each(p, &irmd.prog_table) { - struct list_head * q; - struct prog_entry * e; - e = list_entry(p, struct prog_entry, next); - list_for_each(q, &e->names) { - struct str_el * s; - s = list_entry(q, struct str_el, next); - if (!strcmp(s->str, name)) - reg_entry_add_prog(re, e); - } + if (ret < 0) { + log_err("Failed to create name %s.", info->name); + return -1; } - pthread_rwlock_unlock(&irmd.reg_lock); - - log_info("Created new name: %s.", name); + log_info("Created new name: %s.", info->name); return 0; } static int name_destroy(const char * name) { - assert(name); - pthread_rwlock_wrlock(&irmd.reg_lock); + assert(name != NULL); - if (!registry_has_name(&irmd.registry, name)) { - pthread_rwlock_unlock(&irmd.reg_lock); - log_warn("Registry entry for %s does not exist.", name); - return -ENAME; + if (reg_destroy_name(name) < 0) { + log_err("Failed to destroy name %s.", name); + return -1; } - registry_del_name(&irmd.registry, name); - --irmd.n_names; - - pthread_rwlock_unlock(&irmd.reg_lock); - log_info("Destroyed name: %s.", name); return 0; } -static ssize_t list_names(name_info_msg_t *** names, - size_t * n_names) +static int list_names(name_info_msg_t *** names, + size_t * n_names) { - struct list_head * p; - int i = 0; - - pthread_rwlock_rdlock(&irmd.reg_lock); + int n; - *n_names = irmd.n_names; - if (*n_names == 0) { - pthread_rwlock_unlock(&irmd.reg_lock); - return 0; - } - - *names = malloc(irmd.n_names * sizeof(**names)); - if (*names == NULL) { - *n_names = 0; - pthread_rwlock_unlock(&irmd.reg_lock); - return -ENOMEM; - } - - list_for_each(p, &irmd.registry) { - struct reg_entry * e = list_entry(p, struct reg_entry, next); - - (*names)[i] = malloc(sizeof(***names)); - if ((*names)[i] == NULL) { - --i; - goto fail; - } - - name_info_msg__init((*names)[i]); - (*names)[i]->name = strdup(e->name); - if ((*names)[i]->name == NULL) - goto fail; - - (*names)[i++]->pol_lb = e->pol_lb; - } + n = reg_list_names(names); + if (n < 0) + goto fail; - pthread_rwlock_unlock(&irmd.reg_lock); + *n_names = (size_t) n; return 0; - fail: - pthread_rwlock_unlock(&irmd.reg_lock); - while (i >= 0) { - free((*names)[i]->name); - free(*names[i--]); - } - free(*names); + *names = NULL; *n_names = 0; - return -ENOMEM; + return -1; } -static int name_reg(const char * name, - pid_t pid) +int name_reg(const char * name, + pid_t pid) { - size_t len; - struct ipcp_entry * ipcp; - uint8_t * hash; - int err; + struct ipcp_info info; + struct layer_info layer; + buffer_t hash; assert(name); - pthread_rwlock_wrlock(&irmd.reg_lock); - - if (!registry_has_name(&irmd.registry, name)) { - err = -ENAME; - goto fail; - } + info.pid = pid; - ipcp = get_ipcp_entry_by_pid(pid); - if (ipcp == NULL) { - err = -EIPCP; - goto fail; + if (!reg_has_name(name)) { + log_err("Failed to get name %s.", name); + return -ENAME; } - if (ipcp->layer == NULL) { - err = -EPERM; - goto fail; + if (reg_get_ipcp(&info, &layer) < 0) { + log_err("Failed to get IPCP %d.", pid); + return -EIPCP; } - len = IPCP_HASH_LEN(ipcp); - - hash = malloc(len); - if (hash == NULL) { - err = -ENOMEM; - goto fail; + hash.len = hash_len((enum hash_algo) layer.dir_hash_algo); + hash.data = malloc(hash.len); + if (hash.data == NULL) { + log_err("Failed to malloc hash."); + return -ENOMEM; } - str_hash(ipcp->dir_hash_algo, hash, name); - pthread_rwlock_unlock(&irmd.reg_lock); + str_hash((enum hash_algo) layer.dir_hash_algo, hash.data, name); - if (ipcp_reg(pid, hash, len)) { - log_err("Could not register " HASH_FMT " with IPCP %d.", - HASH_VAL(hash), pid); - free(hash); + if (ipcp_reg(pid, hash)) { + log_err("Could not register " HASH_FMT32 " with IPCP %d.", + HASH_VAL32(hash.data), pid); + freebuf(hash); return -1; } - log_info("Registered %s with IPCP %d as " HASH_FMT ".", - name, pid, HASH_VAL(hash)); + log_info("Registered %s with IPCP %d as " HASH_FMT32 ".", + name, pid, HASH_VAL32(hash.data)); - free(hash); + freebuf(hash); return 0; - -fail: - pthread_rwlock_unlock(&irmd.reg_lock); - return err; } static int name_unreg(const char * name, pid_t pid) { - struct ipcp_entry * ipcp; - int err; - uint8_t * hash; - size_t len; + struct ipcp_info info; + struct layer_info layer; + buffer_t hash; assert(name); - pthread_rwlock_wrlock(&irmd.reg_lock); + info.pid = pid; - ipcp = get_ipcp_entry_by_pid(pid); - if (ipcp == NULL) { - err = -EIPCP; - goto fail; + if (!reg_has_name(name)) { + log_err("Failed to get name %s.", name); + return -ENAME; } - if (ipcp->layer == NULL) { - err = -EPERM; - goto fail; + if (reg_get_ipcp(&info, &layer) < 0) { + log_err("Failed to get IPCP %d.", pid); + return -EIPCP; } - len = IPCP_HASH_LEN(ipcp); - - hash = malloc(len); - if (hash == NULL) { - err = -ENOMEM; - goto fail; + hash.len = hash_len((enum hash_algo) layer.dir_hash_algo); + hash.data = malloc(hash.len); + if (hash.data == NULL) { + log_err("Failed to malloc hash."); + return -ENOMEM; } - str_hash(ipcp->dir_hash_algo, hash, name); + str_hash((enum hash_algo) layer.dir_hash_algo, hash.data, name); - pthread_rwlock_unlock(&irmd.reg_lock); - - if (ipcp_unreg(pid, hash, len)) { + if (ipcp_unreg(pid, hash)) { log_err("Could not unregister %s with IPCP %d.", name, pid); - free(hash); + freebuf(hash); return -1; } log_info("Unregistered %s from %d.", name, pid); - free(hash); + freebuf(hash); return 0; - - fail: - pthread_rwlock_unlock(&irmd.reg_lock); - return err; } -static int proc_announce(pid_t pid, - char * prog) +static int proc_announce(const struct proc_info * info) { - struct proc_entry * e; - struct prog_entry * a; - char * prog_dup; - - assert(prog); - - prog_dup = strdup(prog); - if (prog_dup == NULL) - return -ENOMEM; - - e = proc_entry_create(pid, prog_dup); - if (e == NULL) { - free(prog_dup); - return -ENOMEM; + if (reg_create_proc(info) < 0) { + log_err("Failed to add process %d.", info->pid); + goto fail_proc; } - pthread_rwlock_wrlock(&irmd.reg_lock); + log_info("Process added: %d (%s).", info->pid, info->prog); - proc_table_add(&irmd.proc_table, e); - - /* Copy listen names from program if it exists. */ - a = prog_table_get(&irmd.prog_table, e->prog); - if (a != NULL) { - struct list_head * p; - list_for_each(p, &a->names) { - struct str_el * s = list_entry(p, struct str_el, next); - struct str_el * n = malloc(sizeof(*n)); - if (n == NULL) { - pthread_rwlock_unlock(&irmd.reg_lock); - return -ENOMEM; - } + return 0; - n->str = strdup(s->str); - if (n->str == NULL) { - pthread_rwlock_unlock(&irmd.reg_lock); - free(n); - return -ENOMEM; - } + fail_proc: + return -1; +} - list_add(&n->next, &e->names); - log_dbg("Process %d inherits name %s from program %s.", - pid, n->str, e->prog); - } - } +static int proc_exit(pid_t pid) +{ + if (reg_destroy_proc(pid) < 0) + log_err("Failed to remove process %d.", pid); - pthread_rwlock_unlock(&irmd.reg_lock); + log_info("Process removed: %d.", pid); return 0; } -static int flow_accept(pid_t pid, - struct timespec * timeo, - struct irm_flow * f_out, - const void * data, - size_t len) +static void __cleanup_pkp(void * pkp) { - struct irm_flow * f = NULL; - struct proc_entry * pe = NULL; - struct reg_entry * re = NULL; - struct list_head * p = NULL; - - pid_t pid_n; - pid_t pid_n_1; - int flow_id; - int ret; - - pthread_rwlock_wrlock(&irmd.reg_lock); - - pe = proc_table_get(&irmd.proc_table, pid); - if (pe == NULL) { - pthread_rwlock_unlock(&irmd.reg_lock); - log_err("Unknown process %d calling accept.", pid); - return -EINVAL; - } - - log_dbg("New instance (%d) of %s added.", pid, pe->prog); - log_dbg("This process accepts flows for:"); - - list_for_each(p, &pe->names) { - struct str_el * s = list_entry(p, struct str_el, next); - log_dbg(" %s", s->str); - re = registry_get_entry(&irmd.registry, s->str); - if (re != NULL) - reg_entry_add_pid(re, pid); - } - - pthread_rwlock_unlock(&irmd.reg_lock); - - ret = proc_entry_sleep(pe, timeo); - if (ret == -ETIMEDOUT) - return -ETIMEDOUT; - - if (ret == -1) - return -EPIPE; - - if (irmd_get_state() != IRMD_RUNNING) - return -EIRMD; + if (pkp != NULL) + crypt_dh_pkp_destroy(pkp); +} - pthread_rwlock_rdlock(&irmd.flows_lock); +static void __cleanup_flow(void * flow) +{ + reg_destroy_flow(((struct flow_info *) flow)->id); +} - f = get_irm_flow_n(pid); - if (f == NULL) { - pthread_rwlock_unlock(&irmd.flows_lock); - log_warn("Port_id was not created yet."); - return -EPERM; +static int flow_accept(struct flow_info * flow, + buffer_t * data, + struct timespec * abstime) +{ + uint8_t buf[MSGBUFSZ]; + buffer_t lpk; /* local public key */ + buffer_t rpk; /* remote public key */ + void * pkp; /* my public/private key pair */ + ssize_t key_len; + uint8_t * s; + int err; + + /* piggyback of user data not yet implemented */ + assert(data != NULL && data->len == 0 && data->data == NULL); + + if (!reg_has_proc(flow->n_pid)) { + log_err("Unknown process %d calling accept.", flow->n_pid); + err = -EINVAL; + goto fail; } - pid_n = f->n_pid; - pid_n_1 = f->n_1_pid; - flow_id = f->flow_id; - - pthread_rwlock_unlock(&irmd.flows_lock); - pthread_rwlock_rdlock(&irmd.reg_lock); - - pe = proc_table_get(&irmd.proc_table, pid); - if (pe == NULL) { - pthread_rwlock_unlock(&irmd.reg_lock); - pthread_rwlock_wrlock(&irmd.flows_lock); - list_del(&f->next); - bmp_release(irmd.flow_ids, f->flow_id); - pthread_rwlock_unlock(&irmd.flows_lock); - ipcp_flow_alloc_resp(pid_n_1, flow_id, pid_n, -1, NULL, 0); - clear_irm_flow(f); - irm_flow_set_state(f, FLOW_NULL); - irm_flow_destroy(f); - log_dbg("Process gone while accepting flow."); - return -EPERM; + s = malloc(SYMMKEYSZ); + if (s == NULL) { + log_err("Failed to malloc symmkey."); + err = -ENOMEM; + goto fail; } - pthread_mutex_lock(&pe->lock); - - re = pe->re; - - pthread_mutex_unlock(&pe->lock); - - if (reg_entry_get_state(re) != REG_NAME_FLOW_ARRIVED) { - pthread_rwlock_unlock(&irmd.reg_lock); - pthread_rwlock_wrlock(&irmd.flows_lock); - list_del(&f->next); - bmp_release(irmd.flow_ids, f->flow_id); - pthread_rwlock_unlock(&irmd.flows_lock); - ipcp_flow_alloc_resp(pid_n_1, flow_id, pid_n, -1, NULL, 0); - clear_irm_flow(f); - irm_flow_set_state(f, FLOW_NULL); - irm_flow_destroy(f); - log_err("Entry in wrong state."); - return -EPERM; + key_len = crypt_dh_pkp_create(&pkp, buf); + if (key_len < 0) { + log_err("Failed to generate key pair."); + err = -ECRYPT; + goto fail_pkp; } - registry_del_process(&irmd.registry, pid); - - pthread_rwlock_unlock(&irmd.reg_lock); + lpk.data = buf; + lpk.len = (size_t) key_len; - pthread_rwlock_wrlock(&irmd.flows_lock); + log_dbg("Generated ephemeral keys for %d.", flow->n_pid); - f_out->flow_id = f->flow_id; - f_out->n_pid = f->n_pid; - f_out->n_1_pid = f->n_1_pid; - f_out->data = f->data; /* pass owner */ - f_out->len = f->len; - f_out->qs = f->qs; - f->data = NULL; - f->len = 0; - - pthread_rwlock_unlock(&irmd.flows_lock); - - if (f->qs.cypher_s == 0) { /* no crypto requested, don't send pubkey */ - data = NULL; - len = 0; + if (reg_create_flow(flow) < 0) { + log_err("Failed to create flow."); + err = -EBADF; + goto fail_flow; } - if (ipcp_flow_alloc_resp(pid_n_1, flow_id, pid_n, 0, data, len)) { - pthread_rwlock_wrlock(&irmd.flows_lock); - list_del(&f->next); - pthread_rwlock_unlock(&irmd.flows_lock); - log_dbg("Failed to respond to alloc. Port_id invalidated."); - clear_irm_flow(f); - irm_flow_set_state(f, FLOW_NULL); - irm_flow_destroy(f); - return -EPERM; + if (reg_prepare_flow_accept(flow, &lpk) < 0) { + log_err("Failed to prepare accept."); + err = -EBADF; + goto fail_wait; } - irm_flow_set_state(f, FLOW_ALLOCATED); - - log_info("Flow on flow_id %d allocated.", f->flow_id); - - return 0; -} + pthread_cleanup_push(__cleanup_flow, flow); + pthread_cleanup_push(__cleanup_pkp, pkp); + pthread_cleanup_push(free, s); -static int flow_alloc(pid_t pid, - const char * dst, - qosspec_t qs, - struct timespec * timeo, - struct irm_flow * f_out, - bool join, - const void * data, - size_t len) -{ - struct irm_flow * f; - struct ipcp_entry * ipcp; - int flow_id; - int state; - uint8_t * hash; - - ipcp = join ? get_ipcp_entry_by_layer(dst) - : get_ipcp_by_dst_name(dst, pid); - if (ipcp == NULL) { - log_info("Destination %s unreachable.", dst); - return -1; - } + err = reg_wait_flow_accepted(flow, &rpk, abstime); - pthread_rwlock_wrlock(&irmd.flows_lock); + pthread_cleanup_pop(false); + pthread_cleanup_pop(false); + pthread_cleanup_pop(false); - flow_id = bmp_allocate(irmd.flow_ids); - if (!bmp_is_id_valid(irmd.flow_ids, flow_id)) { - pthread_rwlock_unlock(&irmd.flows_lock); - log_err("Could not allocate flow_id."); - return -EBADF; + if (err == -ETIMEDOUT) { + log_err("Flow accept timed out."); + goto fail_wait; } - f = irm_flow_create(pid, ipcp->pid, flow_id, qs); - if (f == NULL) { - bmp_release(irmd.flow_ids, flow_id); - pthread_rwlock_unlock(&irmd.flows_lock); - log_err("Could not allocate flow_id."); - return -ENOMEM; + if (err == -1) { + log_dbg("Flow accept terminated."); + err = -EPIPE; + goto fail_wait; } - list_add(&f->next, &irmd.irm_flows); - - pthread_rwlock_unlock(&irmd.flows_lock); - - assert(irm_flow_get_state(f) == FLOW_ALLOC_PENDING); + assert(err == 0); - hash = malloc(IPCP_HASH_LEN(ipcp)); - if (hash == NULL) - /* sanitizer cleans this */ - return -ENOMEM; - - str_hash(ipcp->dir_hash_algo, hash, dst); - - if (join) { - if (ipcp_flow_join(ipcp->pid, flow_id, pid, hash, - IPCP_HASH_LEN(ipcp), qs)) { - /* sanitizer cleans this */ - log_info("Flow_join failed."); - free(hash); - return -EAGAIN; + if (flow->qs.cypher_s != 0) { /* crypto requested */ + if (crypt_dh_derive(pkp, rpk, s) < 0) { + log_err("Failed to derive secret for %d.", flow->id); + err = -ECRYPT; + goto fail_derive; } + freebuf(rpk); + data->data = s; + data->len = SYMMKEYSZ; + s= NULL; } else { - if (ipcp_flow_alloc(ipcp->pid, flow_id, pid, hash, - IPCP_HASH_LEN(ipcp), qs, data, len)) { - /* sanitizer cleans this */ - log_info("Flow_allocation failed."); - free(hash); - return -EAGAIN; - } + clrbuf(lpk); } - free(hash); - - state = irm_flow_wait_state(f, FLOW_ALLOCATED, timeo); - if (state != FLOW_ALLOCATED) { - if (state == -ETIMEDOUT) { - log_dbg("Flow allocation timed out"); - return -ETIMEDOUT; - } - - log_info("Pending flow to %s torn down.", dst); - return -EPIPE; + if (ipcp_flow_alloc_resp(flow, 0, lpk) < 0) { + log_err("Failed to respond to flow allocation."); + err = -EIPCP; + goto fail_alloc_resp; } - pthread_rwlock_wrlock(&irmd.flows_lock); - - assert(irm_flow_get_state(f) == FLOW_ALLOCATED); - - f_out->flow_id = f->flow_id; - f_out->n_pid = f->n_pid; - f_out->n_1_pid = f->n_1_pid; - f_out->data = f->data; /* pass owner */ - f_out->len = f->len; - f->data = NULL; - f->len = 0; - - pthread_rwlock_unlock(&irmd.flows_lock); - - log_info("Flow on flow_id %d allocated.", flow_id); + crypt_dh_pkp_destroy(pkp); + free(s); return 0; + + fail_derive: + freebuf(rpk); + clrbuf(lpk); + ipcp_flow_alloc_resp(flow, err, lpk); + fail_alloc_resp: + flow->state = FLOW_NULL; + fail_wait: + reg_destroy_flow(flow->id); + fail_flow: + crypt_dh_pkp_destroy(pkp); + fail_pkp: + free(s); + fail: + return err; } -static int flow_dealloc(pid_t pid, - int flow_id, - time_t timeo) +static int flow_join(struct flow_info * flow, + const char * dst, + struct timespec * abstime) { - pid_t n_1_pid = -1; - int ret = 0; - - struct irm_flow * f = NULL; + struct ipcp_info ipcp; + struct layer_info layer; + buffer_t hash; + buffer_t pbuf = {NULL, 0}; /* nothing to piggyback */ + int err; - pthread_rwlock_wrlock(&irmd.flows_lock); + log_info("Allocating flow for %d to %s.", flow->n_pid, dst); - f = get_irm_flow(flow_id); - if (f == NULL) { - pthread_rwlock_unlock(&irmd.flows_lock); - log_dbg("Deallocate unknown port %d by %d.", flow_id, pid); - return 0; + if (reg_create_flow(flow) < 0) { + log_err("Failed to create flow."); + err = -EBADF; + goto fail_flow; } - if (pid == f->n_pid) { - f->n_pid = -1; - n_1_pid = f->n_1_pid; - } else if (pid == f->n_1_pid) { - f->n_1_pid = -1; - } else { - pthread_rwlock_unlock(&irmd.flows_lock); - log_dbg("Dealloc called by wrong process."); - return -EPERM; + strcpy(layer.name, dst); + if (reg_get_ipcp_by_layer(&ipcp, &layer) < 0) { + log_err("Failed to get IPCP for layer %s.", dst); + err = -EIPCP; + goto fail_ipcp; } - if (irm_flow_get_state(f) == FLOW_DEALLOC_PENDING) { - list_del(&f->next); - if ((kill(f->n_pid, 0) < 0 && f->n_1_pid == -1) || - (kill(f->n_1_pid, 0) < 0 && f->n_pid == -1)) - irm_flow_set_state(f, FLOW_NULL); - clear_irm_flow(f); - irm_flow_destroy(f); - bmp_release(irmd.flow_ids, flow_id); - log_info("Completed deallocation of flow_id %d by process %d.", - flow_id, pid); - } else { - irm_flow_set_state(f, FLOW_DEALLOC_PENDING); - log_dbg("Partial deallocation of flow_id %d by process %d.", - flow_id, pid); + hash.len = hash_len((enum hash_algo) layer.dir_hash_algo); + hash.data = malloc(hash.len); + if (hash.data == NULL) { + log_err("Failed to malloc hash buffer."); + err = -ENOMEM; + goto fail_ipcp; } - pthread_rwlock_unlock(&irmd.flows_lock); + reg_prepare_flow_alloc(flow); - if (n_1_pid != -1) - ret = ipcp_flow_dealloc(n_1_pid, flow_id, timeo); + if (ipcp_flow_join(flow, hash)) { + log_err("Flow join with layer %s failed.", dst); + err = -ENOTALLOC; + goto fail_alloc; + } - return ret; -} + pthread_cleanup_push(__cleanup_flow, flow); + pthread_cleanup_push(free, hash.data); -static pid_t auto_execute(char ** argv) -{ - pid_t pid; - struct stat s; + err = reg_wait_flow_allocated(flow, &pbuf, abstime); - if (stat(argv[0], &s) != 0) { - log_warn("Program %s does not exist.", argv[0]); - return -1; - } + pthread_cleanup_pop(false); + pthread_cleanup_pop(false); - if (!(s.st_mode & S_IXUSR)) { - log_warn("Program %s is not executable.", argv[0]); - return -1; + if (err == -ETIMEDOUT) { + log_err("Flow join timed out."); + goto fail_alloc; } - if (posix_spawn(&pid, argv[0], NULL, NULL, argv, NULL)) { - log_err("Failed to spawn new process"); - return -1; + if (err == -1) { + log_dbg("Flow join terminated."); + err = -EPIPE; + goto fail_alloc; } - log_info("Instantiated %s as process %d.", argv[0], pid); + assert(err == 0); - return pid; + freebuf(hash); + + return 0; + + fail_alloc: + freebuf(hash); + fail_ipcp: + reg_destroy_flow(flow->id); + fail_flow: + return err; } -static int flow_req_arr(pid_t pid, - struct irm_flow * f_out, - const uint8_t * hash, - qosspec_t qs, - const void * data, - size_t len) +static int get_ipcp_by_dst(const char * dst, + pid_t * pid, + buffer_t * hash) { - struct reg_entry * re = NULL; - struct prog_entry * a = NULL; - struct proc_entry * pe = NULL; - struct irm_flow * f = NULL; + ipcp_list_msg_t ** ipcps; + int n; + int i; + int err = -EIPCP; - struct pid_el * c_pid; - struct ipcp_entry * ipcp; - pid_t h_pid; - int flow_id; + n = reg_list_ipcps(&ipcps); - struct timespec wt = {IRMD_REQ_ARR_TIMEOUT / 1000, - (IRMD_REQ_ARR_TIMEOUT % 1000) * MILLION}; + /* Clean up the ipcp_msgs in this loop */ + for (i = 0; i < n; ++i) { + enum hash_algo algo; + enum ipcp_type type; + pid_t tmp; + bool enrolled; - log_dbg("Flow req arrived from IPCP %d for " HASH_FMT ".", - pid, HASH_VAL(hash)); + type = ipcps[i]->type; + algo = ipcps[i]->hash_algo; + tmp = ipcps[i]->pid; - pthread_rwlock_rdlock(&irmd.reg_lock); + enrolled = strcmp(ipcps[i]->layer, "Not enrolled.") != 0; - ipcp = get_ipcp_entry_by_pid(pid); - if (ipcp == NULL) { - log_err("IPCP died."); - return -EIPCP; - } + ipcp_list_msg__free_unpacked(ipcps[i], NULL); - re = registry_get_entry_by_hash(&irmd.registry, ipcp->dir_hash_algo, - hash, IPCP_HASH_LEN(ipcp)); - if (re == NULL) { - pthread_rwlock_unlock(&irmd.reg_lock); - log_err("Unknown hash: " HASH_FMT ".", HASH_VAL(hash)); - return -1; - } - - log_info("Flow request arrived for %s.", re->name); - - pthread_rwlock_unlock(&irmd.reg_lock); - - /* Give the process a bit of slop time to call accept */ - if (reg_entry_leave_state(re, REG_NAME_IDLE, &wt) == -1) { - log_err("No processes for " HASH_FMT ".", HASH_VAL(hash)); - return -1; - } + if (type == IPCP_BROADCAST) + continue; - pthread_rwlock_wrlock(&irmd.reg_lock); + if (err == 0 /* solution found */ || !enrolled) + continue; - switch (reg_entry_get_state(re)) { - case REG_NAME_IDLE: - pthread_rwlock_unlock(&irmd.reg_lock); - log_err("No processes for " HASH_FMT ".", HASH_VAL(hash)); - return -1; - case REG_NAME_AUTO_ACCEPT: - c_pid = malloc(sizeof(*c_pid)); - if (c_pid == NULL) { - pthread_rwlock_unlock(&irmd.reg_lock); - return -1; + hash->len = hash_len(algo); + hash->data = malloc(hash->len); + if (hash->data == NULL) { + log_warn("Failed to malloc hash for query."); + err = -ENOMEM; + continue; } - reg_entry_set_state(re, REG_NAME_AUTO_EXEC); - a = prog_table_get(&irmd.prog_table, - reg_entry_get_prog(re)); + str_hash(algo, hash->data, dst); - if (a == NULL || (c_pid->pid = auto_execute(a->argv)) < 0) { - reg_entry_set_state(re, REG_NAME_AUTO_ACCEPT); - pthread_rwlock_unlock(&irmd.reg_lock); - log_err("Could not start program for reg_entry %s.", - re->name); - free(c_pid); - return -1; + if (ipcp_query(tmp, *hash) < 0) { + freebuf(*hash); + continue; } - list_add(&c_pid->next, &irmd.spawned_pids); + *pid = tmp; - pthread_rwlock_unlock(&irmd.reg_lock); + err = 0; + } - if (reg_entry_leave_state(re, REG_NAME_AUTO_EXEC, NULL)) - return -1; + free(ipcps); - pthread_rwlock_wrlock(&irmd.reg_lock); - /* FALLTHRU */ - case REG_NAME_FLOW_ACCEPT: - h_pid = reg_entry_get_pid(re); - if (h_pid == -1) { - pthread_rwlock_unlock(&irmd.reg_lock); - log_err("Invalid process id returned."); - return -1; + return err; +} + +static int flow_alloc(struct flow_info * flow, + const char * dst, + buffer_t * data, + struct timespec * abstime) +{ + uint8_t buf[MSGBUFSZ]; + buffer_t lpk ={NULL, 0}; /* local public key */ + buffer_t rpk; /* remote public key */ + void * pkp = NULL; /* my public/private key pair */ + uint8_t * s = NULL; + buffer_t hash; + int err; + /* piggyback of user data not yet implemented */ + assert(data != NULL && data->len == 0 && data->data == NULL); + + log_info("Allocating flow for %d to %s.", flow->n_pid, dst); + + + if (flow->qs.cypher_s > 0) { + ssize_t key_len; + + s = malloc(SYMMKEYSZ); + if (s == NULL) { + log_err("Failed to malloc symmetric key"); + err = -ENOMEM; + goto fail_malloc; } - break; - default: - pthread_rwlock_unlock(&irmd.reg_lock); - log_err("IRMd in wrong state."); - return -1; - } + key_len = crypt_dh_pkp_create(&pkp, buf); + if (key_len < 0) { + log_err("Failed to generate key pair."); + err = -ECRYPT; + goto fail_pkp; + } - pthread_rwlock_unlock(&irmd.reg_lock); - pthread_rwlock_wrlock(&irmd.flows_lock); + lpk.data = buf; + lpk.len = (size_t) key_len; - flow_id = bmp_allocate(irmd.flow_ids); - if (!bmp_is_id_valid(irmd.flow_ids, flow_id)) { - pthread_rwlock_unlock(&irmd.flows_lock); - return -1; + log_dbg("Generated ephemeral keys for %d.", flow->n_pid); } - f = irm_flow_create(h_pid, pid, flow_id, qs); - if (f == NULL) { - bmp_release(irmd.flow_ids, flow_id); - pthread_rwlock_unlock(&irmd.flows_lock); - log_err("Could not allocate flow_id."); - return -1; + if (reg_create_flow(flow) < 0) { + log_err("Failed to create flow."); + err = -EBADF; + goto fail_flow; } - if (len != 0) { - assert(data); - f->data = malloc(len); - if (f->data == NULL) { - bmp_release(irmd.flow_ids, flow_id); - pthread_rwlock_unlock(&irmd.flows_lock); - log_err("Could not piggyback data."); - return -1; - } + if (get_ipcp_by_dst(dst, &flow->n_1_pid, &hash) < 0) { + log_err("Failed to find IPCP for %s.", dst); + err = -EIPCP; + goto fail_ipcp; + } - f->len = len; + reg_prepare_flow_alloc(flow); - memcpy(f->data, data, len); + if (ipcp_flow_alloc(flow, hash, lpk)) { + log_err("Flow allocation %d failed.", flow->id); + err = -ENOTALLOC; + goto fail_alloc; } - list_add(&f->next, &irmd.irm_flows); + pthread_cleanup_push(__cleanup_flow, flow); + pthread_cleanup_push(__cleanup_pkp, pkp); + pthread_cleanup_push(free, hash.data); + pthread_cleanup_push(free, s); - pthread_rwlock_unlock(&irmd.flows_lock); - pthread_rwlock_rdlock(&irmd.reg_lock); + err = reg_wait_flow_allocated(flow, &rpk, abstime); - reg_entry_set_state(re, REG_NAME_FLOW_ARRIVED); + pthread_cleanup_pop(false); + pthread_cleanup_pop(false); + pthread_cleanup_pop(false); + pthread_cleanup_pop(false); - pe = proc_table_get(&irmd.proc_table, h_pid); - if (pe == NULL) { - pthread_rwlock_unlock(&irmd.reg_lock); - pthread_rwlock_wrlock(&irmd.flows_lock); - clear_irm_flow(f); - bmp_release(irmd.flow_ids, f->flow_id); - list_del(&f->next); - pthread_rwlock_unlock(&irmd.flows_lock); - log_err("Could not get process table entry for %d.", h_pid); - free(f->data); - f->len = 0; - irm_flow_destroy(f); - return -1; + if (err == -ETIMEDOUT) { + log_err("Flow allocation timed out."); + goto fail_alloc; } - proc_entry_wake(pe, re); + if (err == -1) { + log_dbg("Flow allocation terminated."); + err = -EPIPE; + goto fail_alloc; + } - pthread_rwlock_unlock(&irmd.reg_lock); + assert(err == 0); - reg_entry_leave_state(re, REG_NAME_FLOW_ARRIVED, NULL); + if (flow->qs.cypher_s != 0) { /* crypto requested */ + if (crypt_dh_derive(pkp, rpk, s) < 0) { + log_err("Failed to derive secret for %d.", flow->id); + err = -ECRYPT; + goto fail_derive; + } + crypt_dh_pkp_destroy(pkp); + freebuf(rpk); + data->data = s; + data->len = SYMMKEYSZ; + s = NULL; + } - f_out->flow_id = flow_id; - f_out->n_pid = h_pid; + freebuf(hash); + free(s); return 0; + + fail_derive: + freebuf(rpk); + flow->state = FLOW_DEALLOCATED; + fail_alloc: + freebuf(hash); + fail_ipcp: + reg_destroy_flow(flow->id); + fail_flow: + if (flow->qs.cypher_s > 0) + crypt_dh_pkp_destroy(pkp); + fail_pkp: + free(s); + fail_malloc: + return err; } -static int flow_alloc_reply(int flow_id, - int response, - const void * data, - size_t len) +static int wait_for_accept(enum hash_algo algo, + const uint8_t * hash) { - struct irm_flow * f; + struct timespec timeo = TIMESPEC_INIT_MS(IRMD_REQ_ARR_TIMEOUT); + struct timespec abstime; + char ** exec; + int ret; + + clock_gettime(PTHREAD_COND_CLOCK, &abstime); + ts_add(&abstime, &timeo, &abstime); + + ret = reg_wait_flow_accepting(algo, hash, &abstime); + if (ret == -ETIMEDOUT) { + if (reg_get_exec(algo, hash, &exec) < 0) { + log_dbg("No program bound to " HASH_FMT32 ".", + HASH_VAL32(hash)); + goto fail; + } - pthread_rwlock_wrlock(&irmd.flows_lock); + log_info("Autostarting %s.", exec[0]); - f = get_irm_flow(flow_id); - if (f == NULL) { - pthread_rwlock_unlock(&irmd.flows_lock); - return -1; - } + if (spawn_program(exec) < 0) { + log_dbg("Failed to autostart " HASH_FMT32 ".", + HASH_VAL32(hash)); + goto fail_spawn; + } - if (!response) - irm_flow_set_state(f, FLOW_ALLOCATED); - else - irm_flow_set_state(f, FLOW_NULL); + ts_add(&abstime, &timeo, &abstime); - f->data = malloc(len); - if (f->data == NULL) { - pthread_rwlock_unlock(&irmd.flows_lock); - return -1; - } + ret = reg_wait_flow_accepting(algo, hash, &abstime); + if (ret == -ETIMEDOUT) + goto fail_spawn; - memcpy(f->data, data, len); - f->len = len; + argvfree(exec); + } - pthread_rwlock_unlock(&irmd.flows_lock); + return ret; - return 0; + fail_spawn: + argvfree(exec); + fail: + return -1; } -static void irm_fini(void) +static int flow_req_arr(struct flow_info * flow, + const uint8_t * hash, + buffer_t * data) { - struct list_head * p; - struct list_head * h; + struct ipcp_info info; + struct layer_info layer; + enum hash_algo algo; + int ret; - if (irmd_get_state() != IRMD_NULL) - log_warn("Unsafe destroy."); + info.pid = flow->n_1_pid; - pthread_rwlock_wrlock(&irmd.reg_lock); + log_info("Flow req arrived from IPCP %d for " HASH_FMT32 ".", + info.pid, HASH_VAL32(hash)); - /* Clear the lists. */ - list_for_each_safe(p, h, &irmd.ipcps) { - struct ipcp_entry * e = list_entry(p, struct ipcp_entry, next); - list_del(&e->next); - ipcp_entry_destroy(e); + if (reg_get_ipcp(&info, &layer) < 0) { + log_err("No IPCP with pid %d.", info.pid); + ret = -EIPCP; + goto fail; } - list_for_each(p, &irmd.spawned_pids) { - struct pid_el * e = list_entry(p, struct pid_el, next); - if (kill(e->pid, SIGTERM)) - log_dbg("Could not send kill signal to %d.", e->pid); - } + algo = (enum hash_algo) layer.dir_hash_algo; - list_for_each_safe(p, h, &irmd.spawned_pids) { - struct pid_el * e = list_entry(p, struct pid_el, next); - int status; - if (waitpid(e->pid, &status, 0) < 0) - log_dbg("Error waiting for %d to exit.", e->pid); - list_del(&e->next); - registry_del_process(&irmd.registry, e->pid); - free(e); + ret = wait_for_accept(algo, hash); + if (ret < 0) { + log_err("No activeprocess for " HASH_FMT32 ".", + HASH_VAL32(hash)); + goto fail; } - list_for_each_safe(p, h, &irmd.prog_table) { - struct prog_entry * e = list_entry(p, struct prog_entry, next); - list_del(&e->next); - prog_entry_destroy(e); - } + flow->id = ret; + flow->state = FLOW_ALLOCATED; - list_for_each_safe(p, h, &irmd.proc_table) { - struct proc_entry * e = list_entry(p, struct proc_entry, next); - list_del(&e->next); - e->state = PROC_INIT; /* sanitizer already joined */ - proc_entry_destroy(e); + ret = reg_respond_accept(flow, data); + if (ret < 0) { + log_err("Failed to respond to flow %d.", flow->id); + goto fail; } - registry_destroy(&irmd.registry); - - pthread_rwlock_unlock(&irmd.reg_lock); - - close(irmd.sockfd); - - if (unlink(IRM_SOCK_PATH)) - log_dbg("Failed to unlink %s.", IRM_SOCK_PATH); - - pthread_rwlock_wrlock(&irmd.flows_lock); + return 0; + fail: + return ret; +} - if (irmd.flow_ids != NULL) - bmp_destroy(irmd.flow_ids); +static int flow_alloc_reply(struct flow_info * flow, + int response, + buffer_t * data) +{ + flow->state = response ? FLOW_DEALLOCATED : FLOW_ALLOCATED; - list_for_each_safe(p, h, &irmd.irm_flows) { - struct irm_flow * f = list_entry(p, struct irm_flow, next); - list_del(&f->next); - irm_flow_destroy(f); + if (reg_respond_alloc(flow, data) < 0) { + log_err("Failed to reply to flow %d.", flow->id); + flow->state = FLOW_DEALLOCATED; + return -EBADF; } - pthread_rwlock_unlock(&irmd.flows_lock); - - - if (irmd.rdrb != NULL) - shm_rdrbuff_destroy(irmd.rdrb); - - if (irmd.lf != NULL) - lockfile_destroy(irmd.lf); - - pthread_mutex_destroy(&irmd.cmd_lock); - pthread_cond_destroy(&irmd.cmd_cond); - pthread_rwlock_destroy(&irmd.flows_lock); - pthread_rwlock_destroy(&irmd.reg_lock); - pthread_rwlock_destroy(&irmd.state_lock); - -#ifdef HAVE_FUSE - if (rmdir(FUSE_PREFIX)) - log_dbg("Failed to remove " FUSE_PREFIX); -#endif + return 0; } -void * irm_sanitize(void * o) +static int flow_dealloc(struct flow_info * flow, + struct timespec * ts) { - struct timespec now; - struct list_head * p = NULL; - struct list_head * h = NULL; + log_info("Deallocating flow %d for process %d (timeout: %zd s).", + flow->id, flow->n_pid, ts->tv_sec); - struct timespec timeout = {IRMD_CLEANUP_TIMER / BILLION, - IRMD_CLEANUP_TIMER % BILLION}; - int s; + reg_dealloc_flow(flow); - (void) o; - - while (true) { - if (clock_gettime(CLOCK_MONOTONIC, &now) < 0) - log_warn("Failed to get time."); - - if (irmd_get_state() != IRMD_RUNNING) - return (void *) 0; - - pthread_rwlock_wrlock(&irmd.reg_lock); - - list_for_each_safe(p, h, &irmd.spawned_pids) { - struct pid_el * e = list_entry(p, struct pid_el, next); - waitpid(e->pid, &s, WNOHANG); - if (kill(e->pid, 0) >= 0) - continue; - log_dbg("Child process %d died, error %d.", e->pid, s); - list_del(&e->next); - free(e); - } - - list_for_each_safe(p, h, &irmd.proc_table) { - struct proc_entry * e = - list_entry(p, struct proc_entry, next); - if (kill(e->pid, 0) >= 0) - continue; - log_dbg("Dead process removed: %d.", e->pid); - list_del(&e->next); - proc_entry_destroy(e); - } - - list_for_each_safe(p, h, &irmd.ipcps) { - struct ipcp_entry * e = - list_entry(p, struct ipcp_entry, next); - if (kill(e->pid, 0) >= 0) - continue; - log_dbg("Dead IPCP removed: %d.", e->pid); - list_del(&e->next); - ipcp_entry_destroy(e); - } + if (ipcp_flow_dealloc(flow->n_1_pid, flow->id, ts->tv_sec) < 0) { + log_err("Failed to request dealloc from %d.", flow->n_1_pid); + return -EIPCP; + } - list_for_each_safe(p, h, &irmd.registry) { - struct list_head * p2; - struct list_head * h2; - struct reg_entry * e = - list_entry(p, struct reg_entry, next); - list_for_each_safe(p2, h2, &e->reg_pids) { - struct pid_el * a = - list_entry(p2, struct pid_el, next); - if (kill(a->pid, 0) >= 0) - continue; - log_dbg("Dead process removed from: %d %s.", - a->pid, e->name); - reg_entry_del_pid_el(e, a); - } - } + return 0; +} - pthread_rwlock_unlock(&irmd.reg_lock); - pthread_rwlock_wrlock(&irmd.flows_lock); - - list_for_each_safe(p, h, &irmd.irm_flows) { - int ipcpi; - int flow_id; - struct irm_flow * f = - list_entry(p, struct irm_flow, next); - - if (irm_flow_get_state(f) == FLOW_ALLOC_PENDING - && ts_diff_ms(&f->t0, &now) > IRMD_FLOW_TIMEOUT) { - log_dbg("Pending flow_id %d timed out.", - f->flow_id); - f->n_pid = -1; - irm_flow_set_state(f, FLOW_DEALLOC_PENDING); - continue; - } +static int flow_dealloc_resp(struct flow_info * flow) +{ + reg_dealloc_flow_resp(flow); - if (kill(f->n_pid, 0) < 0) { - log_dbg("Process %d gone, deallocating " - "flow %d.", - f->n_pid, f->flow_id); - f->n_pid = -1; - irm_flow_set_state(f, FLOW_DEALLOC_PENDING); - ipcpi = f->n_1_pid; - flow_id = f->flow_id; - pthread_rwlock_unlock(&irmd.flows_lock); - ipcp_flow_dealloc(ipcpi, flow_id, DEALLOC_TIME); - pthread_rwlock_wrlock(&irmd.flows_lock); - continue; - } + assert(flow->state == FLOW_DEALLOCATED); - if (kill(f->n_1_pid, 0) < 0) { - struct shm_flow_set * set; - log_err("IPCP %d gone, flow %d removed.", - f->n_1_pid, f->flow_id); - set = shm_flow_set_open(f->n_pid); - if (set != NULL) - shm_flow_set_destroy(set); - f->n_1_pid = -1; - irm_flow_set_state(f, FLOW_DEALLOC_PENDING); - } - } + reg_destroy_flow(flow->id); - pthread_rwlock_unlock(&irmd.flows_lock); + log_info("Completed deallocation of flow_id %d by process %d.", + flow->id, flow->n_1_pid); - nanosleep(&timeout, NULL); - } + return 0; } static void * acceptloop(void * o) { int csockfd; - struct timeval tv = {(SOCKET_TIMEOUT / 1000), - (SOCKET_TIMEOUT % 1000) * 1000}; (void) o; - while (irmd_get_state() == IRMD_RUNNING) { + while (true) { struct cmd * cmd; csockfd = accept(irmd.sockfd, 0, 0); if (csockfd < 0) continue; - if (setsockopt(csockfd, SOL_SOCKET, SO_RCVTIMEO, - (void *) &tv, sizeof(tv))) - log_warn("Failed to set timeout on socket."); - cmd = malloc(sizeof(*cmd)); if (cmd == NULL) { log_err("Out of memory."); @@ -2029,6 +1313,198 @@ static void free_msg(void * o) irm_msg__free_unpacked((irm_msg_t *) o, NULL); } +static irm_msg_t * do_command_msg(irm_msg_t * msg) +{ + struct ipcp_config conf; + struct ipcp_info ipcp; + struct flow_info flow; + struct proc_info proc; + struct name_info name; + struct timespec * abstime; + struct timespec max = TIMESPEC_INIT_MS(FLOW_ALLOC_TIMEOUT); + struct timespec now; + struct timespec ts = TIMESPEC_INIT_S(0); /* static analysis */ + int res; + irm_msg_t * ret_msg; + buffer_t data; + + memset(&flow, 0, sizeof(flow)); + + clock_gettime(PTHREAD_COND_CLOCK, &now); + + if (msg->timeo != NULL) { + ts = timespec_msg_to_s(msg->timeo); + ts_add(&ts, &now, &ts); + abstime = &ts; + } else { + ts_add(&max, &now, &max); + abstime = NULL; + } + + ret_msg = malloc(sizeof(*ret_msg)); + if (ret_msg == NULL) { + log_err("Failed to malloc return msg."); + return NULL; + } + + irm_msg__init(ret_msg); + + ret_msg->code = IRM_MSG_CODE__IRM_REPLY; + + pthread_cleanup_push(free_msg, ret_msg); + + switch (msg->code) { + case IRM_MSG_CODE__IRM_CREATE_IPCP: + ipcp = ipcp_info_msg_to_s(msg->ipcp_info); + res = create_ipcp(&ipcp); + break; + case IRM_MSG_CODE__IPCP_CREATE_R: + ipcp = ipcp_info_msg_to_s(msg->ipcp_info); + res = create_ipcp_r(&ipcp); + break; + case IRM_MSG_CODE__IRM_DESTROY_IPCP: + res = destroy_ipcp(msg->pid); + break; + case IRM_MSG_CODE__IRM_BOOTSTRAP_IPCP: + conf = ipcp_config_msg_to_s(msg->conf); + res = bootstrap_ipcp(msg->pid, &conf); + break; + case IRM_MSG_CODE__IRM_ENROLL_IPCP: + res = enroll_ipcp(msg->pid, msg->dst); + break; + case IRM_MSG_CODE__IRM_CONNECT_IPCP: + flow.qs = qos_spec_msg_to_s(msg->qosspec); + res = connect_ipcp(msg->pid, msg->dst, msg->comp, flow.qs); + break; + case IRM_MSG_CODE__IRM_DISCONNECT_IPCP: + res = disconnect_ipcp(msg->pid, msg->dst, msg->comp); + break; + case IRM_MSG_CODE__IRM_BIND_PROGRAM: + /* Make exec NULL terminated instead of empty string terminated */ + free(msg->exec[msg->n_exec - 1]); + msg->exec[msg->n_exec - 1] = NULL; + res = bind_program(msg->exec, msg->name, msg->opts); + break; + case IRM_MSG_CODE__IRM_UNBIND_PROGRAM: + res = unbind_program(msg->prog, msg->name); + break; + case IRM_MSG_CODE__IRM_PROC_ANNOUNCE: + proc.pid = msg->pid; + strcpy(proc.prog, msg->prog); + res = proc_announce(&proc); + break; + case IRM_MSG_CODE__IRM_PROC_EXIT: + res = proc_exit(msg->pid); + break; + case IRM_MSG_CODE__IRM_BIND_PROCESS: + res = bind_process(msg->pid, msg->name); + break; + case IRM_MSG_CODE__IRM_UNBIND_PROCESS: + res = unbind_process(msg->pid, msg->name); + break; + case IRM_MSG_CODE__IRM_LIST_IPCPS: + res = list_ipcps(&ret_msg->ipcps, &ret_msg->n_ipcps); + break; + case IRM_MSG_CODE__IRM_CREATE_NAME: + strcpy(name.name, msg->names[0]->name); + name.pol_lb = msg->names[0]->pol_lb; + res = name_create(&name); + break; + case IRM_MSG_CODE__IRM_DESTROY_NAME: + res = name_destroy(msg->name); + break; + case IRM_MSG_CODE__IRM_LIST_NAMES: + res = list_names(&ret_msg->names, &ret_msg->n_names); + break; + case IRM_MSG_CODE__IRM_REG_NAME: + res = name_reg(msg->name, msg->pid); + break; + case IRM_MSG_CODE__IRM_UNREG_NAME: + res = name_unreg(msg->name, msg->pid); + break; + case IRM_MSG_CODE__IRM_FLOW_ACCEPT: + data.len = msg->pk.len; + data.data = msg->pk.data; + msg->has_pk = false; + assert(data.len > 0 ? data.data != NULL : data.data == NULL); + flow = flow_info_msg_to_s(msg->flow_info); + res = flow_accept(&flow, &data, abstime); + if (res == 0) { + ret_msg->flow_info = flow_info_s_to_msg(&flow); + ret_msg->has_symmkey = data.len != 0; + ret_msg->symmkey.data = data.data; + ret_msg->symmkey.len = data.len; + } + break; + case IRM_MSG_CODE__IRM_FLOW_ALLOC: + data.len = msg->pk.len; + data.data = msg->pk.data; + msg->has_pk = false; + assert(data.len > 0 ? data.data != NULL : data.data == NULL); + flow = flow_info_msg_to_s(msg->flow_info); + abstime = abstime == NULL ? &max : abstime; + res = flow_alloc(&flow, msg->dst, &data, abstime); + if (res == 0) { + ret_msg->flow_info = flow_info_s_to_msg(&flow); + ret_msg->has_symmkey = data.len != 0; + ret_msg->symmkey.data = data.data; + ret_msg->symmkey.len = data.len; + } + break; + case IRM_MSG_CODE__IRM_FLOW_JOIN: + assert(msg->pk.len == 0 && msg->pk.data == NULL); + flow = flow_info_msg_to_s(msg->flow_info); + abstime = abstime == NULL ? &max : abstime; + res = flow_join(&flow, msg->dst, abstime); + if (res == 0) + ret_msg->flow_info = flow_info_s_to_msg(&flow); + break; + case IRM_MSG_CODE__IRM_FLOW_DEALLOC: + flow = flow_info_msg_to_s(msg->flow_info); + ts = timespec_msg_to_s(msg->timeo); + res = flow_dealloc(&flow, &ts); + break; + case IRM_MSG_CODE__IPCP_FLOW_DEALLOC: + flow = flow_info_msg_to_s(msg->flow_info); + res = flow_dealloc_resp(&flow); + break; + case IRM_MSG_CODE__IPCP_FLOW_REQ_ARR: + data.len = msg->pk.len; + data.data = msg->pk.data; + msg->pk.data = NULL; /* pass data */ + msg->pk.len = 0; + assert(data.len > 0 ? data.data != NULL : data.data == NULL); + flow = flow_info_msg_to_s(msg->flow_info); + res = flow_req_arr(&flow, msg->hash.data, &data); + if (res == 0) + ret_msg->flow_info = flow_info_s_to_msg(&flow); + break; + case IRM_MSG_CODE__IPCP_FLOW_ALLOC_REPLY: + data.len = msg->pk.len; + data.data = msg->pk.data; + msg->pk.data = NULL; /* pass data */ + msg->pk.len = 0; + assert(data.len > 0 ? data.data != NULL : data.data == NULL); + flow = flow_info_msg_to_s(msg->flow_info); + res = flow_alloc_reply(&flow, msg->response, &data); + break; + default: + log_err("Don't know that message code."); + res = -1; + break; + } + + pthread_cleanup_pop(false); + + ret_msg->has_result = true; + if (abstime == &max && res == -ETIMEDOUT) + ret_msg->result = -EPERM; /* No timeout requested */ + else + ret_msg->result = res; + + return ret_msg; +} + static void * mainloop(void * o) { int sfd; @@ -2038,26 +1514,11 @@ static void * mainloop(void * o) (void) o; while (true) { - irm_msg_t * ret_msg; - struct irm_flow e; - struct timespec * timeo = NULL; - struct timespec ts = {0, 0}; - struct cmd * cmd; - int result; - - memset(&e, 0, sizeof(e)); - - ret_msg = malloc(sizeof(*ret_msg)); - if (ret_msg == NULL) - return (void *) -1; - - irm_msg__init(ret_msg); - - ret_msg->code = IRM_MSG_CODE__IRM_REPLY; + irm_msg_t * ret_msg; + struct cmd * cmd; pthread_mutex_lock(&irmd.cmd_lock); - pthread_cleanup_push(free_msg, ret_msg); pthread_cleanup_push(__cleanup_mutex_unlock, &irmd.cmd_lock); while (list_is_empty(&irmd.cmds)) @@ -2067,7 +1528,6 @@ static void * mainloop(void * o) list_del(&cmd->next); pthread_cleanup_pop(true); - pthread_cleanup_pop(false); msg = irm_msg__unpack(NULL, cmd->len, cmd->cbuf); sfd = cmd->fd; @@ -2075,177 +1535,35 @@ static void * mainloop(void * o) free(cmd); if (msg == NULL) { + log_err("Failed to unpack command message."); close(sfd); - irm_msg__free_unpacked(msg, NULL); continue; } tpm_dec(irmd.tpm); - if (msg->has_timeo_sec) { - assert(msg->has_timeo_nsec); - - ts.tv_sec = msg->timeo_sec; - ts.tv_nsec = msg->timeo_nsec; - timeo = &ts; - } - pthread_cleanup_push(__cleanup_close_ptr, &sfd); pthread_cleanup_push(free_msg, msg); - pthread_cleanup_push(free_msg, ret_msg); - switch (msg->code) { - case IRM_MSG_CODE__IRM_CREATE_IPCP: - result = create_ipcp(msg->name, msg->ipcp_type); - break; - case IRM_MSG_CODE__IPCP_CREATE_R: - result = create_ipcp_r(msg->pid, msg->result); - break; - case IRM_MSG_CODE__IRM_DESTROY_IPCP: - result = destroy_ipcp(msg->pid); - break; - case IRM_MSG_CODE__IRM_BOOTSTRAP_IPCP: - result = bootstrap_ipcp(msg->pid, msg->conf); - break; - case IRM_MSG_CODE__IRM_ENROLL_IPCP: - result = enroll_ipcp(msg->pid, msg->dst); - break; - case IRM_MSG_CODE__IRM_CONNECT_IPCP: - result = connect_ipcp(msg->pid, msg->dst, msg->comp, - msg_to_spec(msg->qosspec)); - break; - case IRM_MSG_CODE__IRM_DISCONNECT_IPCP: - result = disconnect_ipcp(msg->pid, msg->dst, msg->comp); - break; - case IRM_MSG_CODE__IRM_BIND_PROGRAM: - result = bind_program(msg->prog, - msg->name, - msg->opts, - msg->n_args, - msg->args); - break; - case IRM_MSG_CODE__IRM_UNBIND_PROGRAM: - result = unbind_program(msg->prog, msg->name); - break; - case IRM_MSG_CODE__IRM_PROC_ANNOUNCE: - result = proc_announce(msg->pid, msg->prog); - break; - case IRM_MSG_CODE__IRM_BIND_PROCESS: - result = bind_process(msg->pid, msg->name); - break; - case IRM_MSG_CODE__IRM_UNBIND_PROCESS: - result = unbind_process(msg->pid, msg->name); - break; - case IRM_MSG_CODE__IRM_LIST_IPCPS: - result = list_ipcps(&ret_msg->ipcps, &ret_msg->n_ipcps); - break; - case IRM_MSG_CODE__IRM_CREATE_NAME: - result = name_create(msg->names[0]->name, - msg->names[0]->pol_lb); - break; - case IRM_MSG_CODE__IRM_DESTROY_NAME: - result = name_destroy(msg->name); - break; - case IRM_MSG_CODE__IRM_LIST_NAMES: - result = list_names(&ret_msg->names, &ret_msg->n_names); - break; - case IRM_MSG_CODE__IRM_REG_NAME: - result = name_reg(msg->name, msg->pid); - break; - case IRM_MSG_CODE__IRM_UNREG_NAME: - result = name_unreg(msg->name, msg->pid); - break; - case IRM_MSG_CODE__IRM_FLOW_ACCEPT: - assert(msg->pk.len > 0 ? msg->pk.data != NULL - : msg->pk.data == NULL); - result = flow_accept(msg->pid, timeo, &e, - msg->pk.data, msg->pk.len); - if (result == 0) { - qosspec_msg_t qs_msg; - ret_msg->has_flow_id = true; - ret_msg->flow_id = e.flow_id; - ret_msg->has_pid = true; - ret_msg->pid = e.n_1_pid; - qs_msg = spec_to_msg(&e.qs); - ret_msg->qosspec = &qs_msg; - ret_msg->has_pk = true; - ret_msg->pk.data = e.data; - ret_msg->pk.len = e.len; - } - break; - case IRM_MSG_CODE__IRM_FLOW_ALLOC: - assert(msg->pk.len > 0 ? msg->pk.data != NULL - : msg->pk.data == NULL); - result = flow_alloc(msg->pid, msg->dst, - msg_to_spec(msg->qosspec), - timeo, &e, false, msg->pk.data, - msg->pk.len); - if (result == 0) { - ret_msg->has_flow_id = true; - ret_msg->flow_id = e.flow_id; - ret_msg->has_pid = true; - ret_msg->pid = e.n_1_pid; - ret_msg->has_pk = true; - ret_msg->pk.data = e.data; - ret_msg->pk.len = e.len; - } - break; - case IRM_MSG_CODE__IRM_FLOW_JOIN: - assert(msg->pk.len == 0 && msg->pk.data == NULL); - result = flow_alloc(msg->pid, msg->dst, - msg_to_spec(msg->qosspec), - timeo, &e, true, NULL, 0); - if (result == 0) { - ret_msg->has_flow_id = true; - ret_msg->flow_id = e.flow_id; - ret_msg->has_pid = true; - ret_msg->pid = e.n_1_pid; - } - break; - case IRM_MSG_CODE__IRM_FLOW_DEALLOC: - result = flow_dealloc(msg->pid, - msg->flow_id, - msg->timeo_sec); - break; - case IRM_MSG_CODE__IPCP_FLOW_REQ_ARR: - assert(msg->pk.len > 0 ? msg->pk.data != NULL - : msg->pk.data == NULL); - result = flow_req_arr(msg->pid, - &e, - msg->hash.data, - msg_to_spec(msg->qosspec), - msg->pk.data, - msg->pk.len); - if (result == 0) { - ret_msg->has_flow_id = true; - ret_msg->flow_id = e.flow_id; - ret_msg->has_pid = true; - ret_msg->pid = e.n_pid; - } - break; - case IRM_MSG_CODE__IPCP_FLOW_ALLOC_REPLY: - assert(msg->pk.len > 0 ? msg->pk.data != NULL - : msg->pk.data == NULL); - result = flow_alloc_reply(msg->flow_id, - msg->response, - msg->pk.data, - msg->pk.len); - break; - default: - log_err("Don't know that message code."); - result = -1; - break; - } + ret_msg = do_command_msg(msg); - pthread_cleanup_pop(false); pthread_cleanup_pop(true); pthread_cleanup_pop(false); - if (result == -EPIPE) + if (ret_msg == NULL) { + log_err("Failed to create return message."); + goto fail_msg; + } + + if (ret_msg->result == -EPIPE) { + log_dbg("Terminated command: application closed socket."); goto fail; + } - ret_msg->has_result = true; - ret_msg->result = result; + if (ret_msg->result == -EIRMD) { + log_dbg("Terminated command: IRMd not in running state."); + goto fail; + } buffer.len = irm_msg__get_packed_size(ret_msg); if (buffer.len == 0) { @@ -2261,18 +1579,21 @@ static void * mainloop(void * o) irm_msg__pack(ret_msg, buffer.data); - /* Can't free the qosspec. */ - ret_msg->qosspec = NULL; irm_msg__free_unpacked(ret_msg, NULL); pthread_cleanup_push(__cleanup_close_ptr, &sfd); + pthread_cleanup_push(free, buffer.data); + + if (write(sfd, buffer.data, buffer.len) == -1) { + if (errno != EPIPE) + log_warn("Failed to send reply message: %s.", + strerror(errno)); + else + log_dbg("Failed to send reply message: %s.", + strerror(errno)); + } - if (write(sfd, buffer.data, buffer.len) == -1) - if (result != -EIRMD) - log_warn("Failed to send reply message."); - - free(buffer.data); - + pthread_cleanup_pop(true); pthread_cleanup_pop(true); tpm_inc(irmd.tpm); @@ -2280,6 +1601,7 @@ static void * mainloop(void * o) continue; fail: irm_msg__free_unpacked(ret_msg, NULL); + fail_msg: close(sfd); tpm_inc(irmd.tpm); continue; @@ -2288,6 +1610,116 @@ static void * mainloop(void * o) return (void *) 0; } +static void irm_fini(void) +{ +#ifdef HAVE_FUSE + struct timespec wait = TIMESPEC_INIT_MS(1); + int retries = 5; +#endif + if (irmd_get_state() != IRMD_NULL) + log_warn("Unsafe destroy."); + + tpm_destroy(irmd.tpm); + + close(irmd.sockfd); + + if (unlink(IRM_SOCK_PATH)) + log_dbg("Failed to unlink %s.", IRM_SOCK_PATH); + + if (irmd.rdrb != NULL) + shm_rdrbuff_destroy(irmd.rdrb); + + if (irmd.lf != NULL) + lockfile_destroy(irmd.lf); + + pthread_mutex_destroy(&irmd.cmd_lock); + pthread_cond_destroy(&irmd.cmd_cond); + pthread_rwlock_destroy(&irmd.state_lock); + +#ifdef HAVE_FUSE + while (rmdir(FUSE_PREFIX) < 0 && retries-- > 0) + nanosleep(&wait, NULL); + if (retries < 0) + log_err("Failed to remove " FUSE_PREFIX); +#endif +} + +#ifdef HAVE_FUSE +static void destroy_mount(char * mnt) +{ + struct stat st; + + if (stat(mnt, &st) == -1){ + switch(errno) { + case ENOENT: + log_dbg("Fuse mountpoint %s not found: %s", + mnt, strerror(errno)); + break; + case ENOTCONN: + /* FALLTHRU */ + case ECONNABORTED: + log_dbg("Cleaning up fuse mountpoint %s.", + mnt); + rib_cleanup(mnt); + break; + default: + log_err("Unhandled fuse error on mnt %s: %s.", + mnt, strerror(errno)); + } + } +} +#endif + +static int ouroboros_reset(void) +{ + shm_rdrbuff_purge(); + lockfile_destroy(irmd.lf); + + return 0; +} + +static void cleanup_pid(pid_t pid) +{ +#ifdef HAVE_FUSE + char mnt[RIB_PATH_LEN + 1]; + + if (reg_has_ipcp(pid)) { + struct ipcp_info info; + info.pid = pid; + reg_get_ipcp(&info, NULL); + sprintf(mnt, FUSE_PREFIX "/%s", info.name); + } else { + sprintf(mnt, FUSE_PREFIX "/proc.%d", pid); + } + + destroy_mount(mnt); + +#else + (void) pid; +#endif +} + +void * irm_sanitize(void * o) +{ + pid_t pid; + struct timespec ts = TIMESPEC_INIT_MS(FLOW_ALLOC_TIMEOUT / 20); + + (void) o; + + while (true) { + while((pid = reg_get_dead_proc()) != -1) { + log_info("Process %d died.", pid); + cleanup_pid(pid); + reg_destroy_proc(pid); + } + + nanosleep(&ts, NULL); + } + + return (void *) 0; +} + + static int irm_init(void) { struct stat st; @@ -2297,19 +1729,42 @@ static int irm_init(void) #endif memset(&st, 0, sizeof(st)); - if (pthread_rwlock_init(&irmd.state_lock, NULL)) { - log_err("Failed to initialize rwlock."); - goto fail_state_lock; + log_init(!irmd.log_stdout); + + irmd.lf = lockfile_create(); + if (irmd.lf == NULL) { + irmd.lf = lockfile_open(); + if (irmd.lf == NULL) { + log_err("Lockfile error."); + goto fail_lockfile; + } + + if (kill(lockfile_owner(irmd.lf), 0) < 0) { + log_warn("IRMd didn't properly shut down last time."); + if (ouroboros_reset() < 0) { + log_err("Failed to clean stale resources."); + lockfile_close(irmd.lf); + goto fail_lockfile; + } + + log_warn("Stale resources cleaned."); + irmd.lf = lockfile_create(); + } else { + log_warn("IRMd already running (%d), exiting.", + lockfile_owner(irmd.lf)); + lockfile_close(irmd.lf); + goto fail_lockfile; + } } - if (pthread_rwlock_init(&irmd.reg_lock, NULL)) { - log_err("Failed to initialize rwlock."); - goto fail_reg_lock; + if (irmd.lf == NULL) { + log_err("Failed to create lockfile."); + goto fail_lockfile; } - if (pthread_rwlock_init(&irmd.flows_lock, NULL)) { + if (pthread_rwlock_init(&irmd.state_lock, NULL)) { log_err("Failed to initialize rwlock."); - goto fail_flows_lock; + goto fail_state_lock; } if (pthread_mutex_init(&irmd.cmd_lock, NULL)) { @@ -2333,45 +1788,8 @@ static int irm_init(void) pthread_condattr_destroy(&cattr); - list_head_init(&irmd.ipcps); - list_head_init(&irmd.proc_table); - list_head_init(&irmd.prog_table); - list_head_init(&irmd.spawned_pids); - list_head_init(&irmd.registry); - list_head_init(&irmd.irm_flows); list_head_init(&irmd.cmds); - irmd.flow_ids = bmp_create(SYS_MAX_FLOWS, 0); - if (irmd.flow_ids == NULL) { - log_err("Failed to create flow_ids bitmap."); - goto fail_flow_ids; - } - - if ((irmd.lf = lockfile_create()) == NULL) { - if ((irmd.lf = lockfile_open()) == NULL) { - log_err("Lockfile error."); - goto fail_lockfile; - } - - if (kill(lockfile_owner(irmd.lf), 0) < 0) { - log_info("IRMd didn't properly shut down last time."); - shm_rdrbuff_purge(); - log_info("Stale resources cleaned."); - lockfile_destroy(irmd.lf); - irmd.lf = lockfile_create(); - } else { - log_info("IRMd already running (%d), exiting.", - lockfile_owner(irmd.lf)); - lockfile_close(irmd.lf); - goto fail_lockfile; - } - } - - if (irmd.lf == NULL) { - log_err("Failed to create lockfile."); - goto fail_lockfile; - } - if (stat(SOCK_PATH, &st) == -1) { if (mkdir(SOCK_PATH, 0777)) { log_err("Failed to create sockets directory."); @@ -2394,6 +1812,13 @@ static int irm_init(void) log_err("Failed to create rdrbuff."); goto fail_rdrbuff; } + + irmd.tpm = tpm_create(IRMD_MIN_THREADS, IRMD_ADD_THREADS, + mainloop, NULL); + if (irmd.tpm == NULL) { + log_err("Failed to greate thread pool."); + goto fail_tpm_create; + } #ifdef HAVE_FUSE mask = umask(0); @@ -2418,68 +1843,124 @@ static int irm_init(void) gcry_control(GCRYCTL_INITIALIZATION_FINISHED); #endif - irmd_set_state(IRMD_RUNNING); - - log_info("Ouroboros IPC Resource Manager daemon started..."); return 0; #ifdef HAVE_LIBGCRYPT fail_gcry_version: -#ifdef HAVE_FUSE + #ifdef HAVE_FUSE rmdir(FUSE_PREFIX); + #endif + tpm_destroy(irmd.tpm); #endif + fail_tpm_create: shm_rdrbuff_destroy(irmd.rdrb); -#endif fail_rdrbuff: close(irmd.sockfd); fail_sock_path: unlink(IRM_SOCK_PATH); fail_stat: - lockfile_destroy(irmd.lf); - fail_lockfile: - bmp_destroy(irmd.flow_ids); - fail_flow_ids: pthread_cond_destroy(&irmd.cmd_cond); fail_cmd_cond: pthread_mutex_destroy(&irmd.cmd_lock); fail_cmd_lock: - pthread_rwlock_destroy(&irmd.flows_lock); - fail_flows_lock: - pthread_rwlock_destroy(&irmd.reg_lock); - fail_reg_lock: pthread_rwlock_destroy(&irmd.state_lock); fail_state_lock: + lockfile_destroy(irmd.lf); + fail_lockfile: + log_fini(); return -1; } static void usage(void) { printf("Usage: irmd \n" +#ifdef HAVE_TOML + " [--config <path> (Path to configuration file)]\n" +#endif " [--stdout (Log to stdout instead of system log)]\n" " [--version (Print version number and exit)]\n" "\n"); } -int main(int argc, - char ** argv) +static int irm_start(void) { - sigset_t sigset; - bool use_stdout = false; - int sig; + if (tpm_start(irmd.tpm)) + goto fail_tpm_start; - sigemptyset(&sigset); - sigaddset(&sigset, SIGINT); - sigaddset(&sigset, SIGQUIT); - sigaddset(&sigset, SIGHUP); - sigaddset(&sigset, SIGTERM); - sigaddset(&sigset, SIGPIPE); + irmd_set_state(IRMD_RUNNING); + + if (pthread_create(&irmd.irm_sanitize, NULL, irm_sanitize, NULL)) + goto fail_irm_sanitize; + + if (pthread_create(&irmd.acceptor, NULL, acceptloop, NULL)) + goto fail_acceptor; + + log_info("Ouroboros IPC Resource Manager daemon started..."); + + return 0; + + fail_acceptor: + pthread_cancel(irmd.irm_sanitize); + pthread_join(irmd.irm_sanitize, NULL); + fail_irm_sanitize: + irmd_set_state(IRMD_NULL); + tpm_stop(irmd.tpm); + fail_tpm_start: + return -1; +} + +static void irm_sigwait(sigset_t sigset) +{ + int sig; + + while (irmd_get_state() != IRMD_SHUTDOWN) { + if (sigwait(&sigset, &sig) != 0) { + log_warn("Bad signal."); + continue; + } + + switch(sig) { + case SIGINT: + case SIGQUIT: + case SIGTERM: + case SIGHUP: + log_info("IRMd shutting down..."); + irmd_set_state(IRMD_SHUTDOWN); + break; + case SIGPIPE: + log_dbg("Ignored SIGPIPE."); + break; + default: + break; + } + } +} + +static void irm_stop(void) +{ + pthread_cancel(irmd.acceptor); + pthread_cancel(irmd.irm_sanitize); + + pthread_join(irmd.acceptor, NULL); + pthread_join(irmd.irm_sanitize, NULL); + + tpm_stop(irmd.tpm); + + irmd_set_state(IRMD_NULL); +} +static void irm_argparse(int argc, + char ** argv) +{ +#ifdef HAVE_TOML + irmd.cfg_file = NULL; +#endif argc--; argv++; while (argc > 0) { if (strcmp(*argv, "--stdout") == 0) { - use_stdout = true; + irmd.log_stdout = true; argc--; argv++; } else if (strcmp(*argv, "--version") == 0) { @@ -2488,96 +1969,141 @@ int main(int argc, OUROBOROS_VERSION_MINOR, OUROBOROS_VERSION_PATCH); exit(EXIT_SUCCESS); +#ifdef HAVE_TOML + } else if (strcmp (*argv, "--config") == 0) { + irmd.cfg_file = *(argv + 1); + argc -= 2; + argv += 2; +#endif } else { usage(); exit(EXIT_FAILURE); } } +} + +static void * kill_dash_nine(void * o) +{ + time_t slept = 0; +#ifdef IRMD_KILL_ALL_PROCESSES + struct timespec ts = TIMESPEC_INIT_MS(FLOW_ALLOC_TIMEOUT / 19); +#endif + (void) o; + + while (slept < IRMD_PKILL_TIMEOUT) { + time_t intv = 1; + if (reg_first_spawned() == -1) + goto finish; + sleep(intv); + slept += intv; + } + + log_dbg("I am become Death, destroyer of hung processes."); + +#ifdef IRMD_KILL_ALL_PROCESSES + reg_kill_all_proc(SIGKILL); + nanosleep(&ts, NULL); +#else + reg_kill_all_spawned(SIGKILL); +#endif + finish: + return (void *) 0; +} + +static void kill_all_spawned(void) +{ + pid_t pid; + pthread_t grimreaper; + +#ifdef IRMD_KILL_ALL_PROCESSES + reg_kill_all_proc(SIGTERM); +#else + reg_kill_all_spawned(SIGTERM); +#endif + pthread_create(&grimreaper, NULL, kill_dash_nine, NULL); + + pid = reg_first_spawned(); + while (pid != -1) { + int s; + if (kill(pid, 0) == 0) + waitpid(pid, &s, 0); + else { + log_warn("Child process %d died.", pid); + cleanup_pid(pid); + reg_destroy_proc(pid); + } + pid = reg_first_spawned(); + } + + pthread_join(grimreaper, NULL); +} + +int main(int argc, + char ** argv) +{ + sigset_t sigset; + int ret = EXIT_SUCCESS; + + sigemptyset(&sigset); + sigaddset(&sigset, SIGINT); + sigaddset(&sigset, SIGQUIT); + sigaddset(&sigset, SIGHUP); + sigaddset(&sigset, SIGTERM); + sigaddset(&sigset, SIGPIPE); + + irm_argparse(argc, argv); + + if (irmd.log_stdout) + printf(O7S_ASCII_ART); if (geteuid() != 0) { printf("IPC Resource Manager must be run as root.\n"); exit(EXIT_FAILURE); } - log_init(!use_stdout); - if (irm_init() < 0) goto fail_irm_init; - irmd.tpm = tpm_create(IRMD_MIN_THREADS, IRMD_ADD_THREADS, - mainloop, NULL); - if (irmd.tpm == NULL) { - irmd_set_state(IRMD_NULL); - goto fail_tpm_create; + if (reg_init() < 0) { + log_err("Failed to initialize registry."); + goto fail_reg; } pthread_sigmask(SIG_BLOCK, &sigset, NULL); - if (tpm_start(irmd.tpm)) { - irmd_set_state(IRMD_NULL); - goto fail_tpm_start; - } + if (irm_start() < 0) + goto fail_irm_start; - if (pthread_create(&irmd.irm_sanitize, NULL, irm_sanitize, NULL)) { - irmd_set_state(IRMD_NULL); - goto fail_irm_sanitize; +#ifdef HAVE_TOML + if (irm_configure(irmd.cfg_file) < 0) { + irmd_set_state(IRMD_SHUTDOWN); + ret = EXIT_FAILURE; } +#endif + irm_sigwait(sigset); - if (pthread_create(&irmd.acceptor, NULL, acceptloop, NULL)) { - irmd_set_state(IRMD_NULL); - goto fail_acceptor; - } + kill_all_spawned(); - while (irmd_get_state() != IRMD_NULL) { - if (sigwait(&sigset, &sig) != 0) { - log_warn("Bad signal."); - continue; - } + irm_stop(); - switch(sig) { - case SIGINT: - case SIGQUIT: - case SIGTERM: - case SIGHUP: - log_info("IRMd shutting down..."); - irmd_set_state(IRMD_NULL); - break; - case SIGPIPE: - log_dbg("Ignored SIGPIPE."); - break; - default: - break; - } - } - - pthread_cancel(irmd.acceptor); - - pthread_join(irmd.acceptor, NULL); - pthread_join(irmd.irm_sanitize, NULL); + pthread_sigmask(SIG_UNBLOCK, &sigset, NULL); - tpm_stop(irmd.tpm); + reg_clear(); - tpm_destroy(irmd.tpm); + reg_fini(); irm_fini(); - pthread_sigmask(SIG_UNBLOCK, &sigset, NULL); - - log_info("Bye."); + log_info("Ouroboros IPC Resource Manager daemon exited. Bye."); log_fini(); - exit(EXIT_SUCCESS); + exit(ret); - fail_acceptor: - pthread_join(irmd.irm_sanitize, NULL); - fail_irm_sanitize: - tpm_stop(irmd.tpm); - fail_tpm_start: - tpm_destroy(irmd.tpm); - fail_tpm_create: + fail_irm_start: + reg_fini(); + fail_reg: irm_fini(); fail_irm_init: - log_fini(); exit(EXIT_FAILURE); } |