aboutsummaryrefslogblamecommitdiffstats
path: root/src/mds.c
blob: c86b08a40497b1f47db4eaca434d3129242224dc (plain) (tree)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
















                                                                        
                
 
                                
                                
                              
 




                      

                   

                   
                   
                       
                   

                     
                   









                               
                   
 


                    
                                                            
 



                             


                                                
   
                                 
 
              
                            
                             
                          
                   
                       
          
         


           

               
  

                                                          

                                                                                    
  



                                     
                                                                   
         

                                                                                




                                                           
                                                  

                                                                        
  

                                                                                 
                  
  
                                                              
                                                        

             
  


                                                     
                                                                            



                                            
                                                      





                                              
                                      
                    

                     
         
                
            
     



                                                                                     
                        
                                               
                                       




                                                               
               


            
                                                                 
                  
  
                                      
                                                                          



                                                              
  
                                              
                                                              
                            
                                   
  
                              
                                                                           
                               
                                     
                   
                                                       


                                                                        
  
                                  
                                      
  

                                                         

      
                                              





                              
  
                        
                                                                        

                   
                           

                                                                                                           
                                                                         

                                                                                       
            
  

                

            



   
























































                                                                                       


















                                                                                           
   






                                                   


                      


                                                              
                                                   


             
  
                                        

                            
                                                   
                                         

                               
  

                                                               

      







                            
     





































                                                                                                       

     












                                                 


       
                      
                             


              



                



   














                                                                            
                                                                         



                   









                                                                             

           



                




                                                             
   

                                                             
   
                                               


                   
                                 




                                                                            
                                                                         



                   

                                            
                                       
         




                                                             
         

                            
                                                            



                          




           




                                                             
                                                                                 






                                          
                                                  

                  


                                     
                                                 
                     
                 

     
                                            
                                       








                                       
  
                            
                          
               
  


                  
            





                

 
/**
 * mds — A micro-display server
 * Copyright © 2014  Mattias Andrée (maandree@member.fsf.org)
 * 
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
#include "mds.h"

#include <libmdsserver/config.h>
#include <libmdsserver/macros.h>
#include <libmdsserver/util.h>

#include <sys/stat.h>
#include <sys/types.h>
#include <stdio.h>
#include <unistd.h>
#include <errno.h>
#include <limits.h>
#include <fcntl.h>
#include <string.h>
#include <stdlib.h>
#include <signal.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <sys/wait.h>
#include <time.h>
#include <dirent.h>


/**
 * Number of elements in `argv`
 */
static int argc;

/**
 * Command line arguments
 */
static char** argv;

/**
 * The master server
 */
static const char* master_server = LIBEXECDIR "/mds-server";


/**
 * Entry point of the program
 * 
 * @param   argc_  Number of elements in `argv_`
 * @param   argv_  Command line arguments
 * @return         Non-zero on error
 */
int main(int argc_, char** argv_)
{
  int fd = -1;
  int got_master_server = 0;
  struct sockaddr_un address;
  char pathname[PATH_MAX];
  char piddata[64];
  unsigned int display;
  FILE* f;
  int rc;
  int j, r;
  
  
  argc = argc_;
  argv = argv_;
  
  
  /* Sanity check the number of command line arguments. */
  exit_if (argc > ARGC_LIMIT,
	   eprint("that number of arguments is ridiculous, I will not allow it."););
  
  /* Parse command line arguments. */
  for (j = 1; j < argc; j++)
    {
      char* arg = argv[j];
      if (startswith(arg, "--master-server=")) /* Master server. */
	{
	  exit_if (got_master_server,
		   eprintf("duplicate declaration of %s.", "--master-server"););
	  got_master_server = 1;
	  master_server = arg + strlen("--master-server=");
	}
    }
  
  /* Stymied if the effective user is not root. */
  exit_if (geteuid() != ROOT_USER_UID,
	   eprint("the effective user is not root, cannot continue."););
  
  /* Set up to ignore SIGUSR1, used in mds for re-exec, but we cannot re-exec. */
  if (xsigaction(SIGUSR1, SIG_IGN) < 0)
    perror(*argv);
  
  /* Create directory for socket files, PID files and such. */
  if (create_directory_root(MDS_RUNTIME_ROOT_DIRECTORY))
    return 1;
  
  
  /* Determine display index. */
  for (display = 0; display < DISPLAY_MAX; display++)
    {
      xsnprintf(pathname, "%s/%u.pid", MDS_RUNTIME_ROOT_DIRECTORY, display);
      
      fd = open(pathname, O_CREAT | O_EXCL);
      if (fd == -1)
	{
	  /* Reuse display index if no longer used. */
	  f = fopen(pathname, "r");
	  if (f == NULL) /* Race, or error? */
	    {
	      perror(*argv);
	      continue;
	    }
	  r = is_pid_file_reusable(f);
	  fclose(f);
	  if (r == 0)
	    continue;
	}
      close(fd);
      break;
    }
  exit_if (display == DISPLAY_MAX,
	   eprint("sorry, too many displays on the system."););
           /* Yes, the directory could have been removed, but it probably was not. */
  
  /* Create PID file. */
  fail_if ((f = fopen(pathname, "w")) == NULL);
  xsnprintf(piddata, "%u\n", getpid());
  if (fwrite(piddata, 1, strlen(piddata), f) < strlen(piddata))
    {
      fclose(f);
      if (unlink(pathname) < 0)
	perror(*argv);
      return 1;
    }
  fflush(f);
  fclose(f);
  if (chmod(pathname, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) < 0)
    perror(*argv);
  
  /* Create data storage directory. */
  xsnprintf(pathname,  "%s/%u.data", MDS_STORAGE_ROOT_DIRECTORY, display);
  fail_if (create_directory_root(MDS_STORAGE_ROOT_DIRECTORY));
  fail_if (unlink_recursive(pathname));
  fail_if (create_directory_user(pathname));
    
  
  /* Save MDS_DISPLAY environment variable. */
  xsnprintf(pathname, /* Excuse the reuse without renaming. */
	    ":%u", display);
  setenv(DISPLAY_ENV, pathname, 1);
  
  /* Create display socket. */
  xsnprintf(pathname, "%s/%u.socket", MDS_RUNTIME_ROOT_DIRECTORY, display);
  address.sun_family = AF_UNIX;
  strcpy(address.sun_path, pathname);
  unlink(pathname);
  fail_if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0);
  fail_if (fchmod(fd, S_IRWXU) < 0);
  fail_if (bind(fd, (struct sockaddr*)(&address), sizeof(address)) < 0);
  fail_if (chown(pathname, getuid(), NOBODY_GROUP_GID) < 0);
  
  /* Start listening on socket. */
  fail_if (listen(fd, SOMAXCONN) < 0);
  
  /* Start master server and respawn it if it crashes. */
  rc = spawn_and_respawn_server(fd);
  
 done:
  /* Shutdown, close and remove the socket. */
  if (fd != -1)
    {
      shutdown(fd, SHUT_RDWR);
      close(fd);
      unlink(pathname);
    }
  
  /* Remove PID file. */
  xsnprintf(pathname, "%s/%u.pid", MDS_RUNTIME_ROOT_DIRECTORY, display);
  unlink(pathname);
  
  /* Remove directories. */
  rmdir(MDS_RUNTIME_ROOT_DIRECTORY); /* Do not care if it fails, it is probably used by another display. */
  rmdir(MDS_STORAGE_ROOT_DIRECTORY); /* Do not care if it fails, it is probably used by another display. */
  xsnprintf(pathname, "%s/%u.data", MDS_STORAGE_ROOT_DIRECTORY, display);
  unlink_recursive(pathname); /* An error will be printed on error, do nothing more. */
  
  return rc;
  
 pfail:
  perror(*argv);
  rc = 1;
  goto done;
}


/**
 * Read a PID-file and determine whether it refers to an non-existing process
 * 
 * @param   f  The PID-file
 * @return     Whether the PID-file is not longer used
 */
int is_pid_file_reusable(FILE* f)
{
  char piddata[64];
  size_t read_len;
  
  read_len = fread(piddata, 1, sizeof(piddata) / sizeof(char), f);
  if (ferror(f)) /* Failed to read. */
    perror(*argv);
  else if (feof(f) == 0) /* Did not read everything. */
    eprint("the content of a PID file is larger than expected.");
  else
    {
      pid_t pid = parse_pid_t(piddata, read_len - 1);
      if (pid == (pid_t)-1)
	eprint("the content of a PID file is invalid.");
      else
	if (kill(pid, 0) < 0) /* Check if the PID is still allocated to any process. */
	  return errno == ESRCH; /* PID is not used. */
    }
  
  return 0;
}


/**
 * Parse an LF-terminated string as a non-negative `pid_t`
 * 
 * @param   str  The string
 * @param   n    The length of the string, excluding LF-termination
 * @return       The pid, `(pid_t)-1` if malformated
 */
pid_t parse_pid_t(const char* str, size_t n)
{
  pid_t pid = 0;
  size_t i;
  
  for (i = 0; i < n; i++)
    {
      char c = str[i];
      if (('0' <= c) && (c <= '9'))
	pid = pid * 10 + (c & 15);
      else
	return (pid_t)-1;
    }
  
  if (str[n] != '\n')
    return (pid_t)-1;
  
  return pid;
}



/**
 * Drop privileges and change execution image into the master server's image.
 * This function will only return on error.
 * 
 * @param  child_args  Command line arguments for the new image
 */
static void exec_master_server(char** child_args)
{
  /* Drop privileges. They most not be propagated non-authorised components. */
  /* setgid should not be set, but just to be safe we are restoring both user and group. */
  if (drop_privileges())
    return;
  
  /* Start master server. */
  execv(master_server, child_args);
}


/**
 * Start master server and respawn it if it crashes
 * 
 * @param   fd  The file descriptor of the socket
 * @return      Non-zero on error
 */
int spawn_and_respawn_server(int fd)
{
  int time_error = 0;
  int first_spawn = 1;
  int rc = 0;
  struct timespec time_start;
  struct timespec time_end;
  char* child_args[ARGC_LIMIT + LIBEXEC_ARGC_EXTRA_LIMIT + 1];
  char fdstr[12 /* strlen("--socket-fd=") */ + 64];
  int i;
  pid_t pid;
  int status;
  
  child_args[0] = strdup(master_server);
  for (i = 1; i < argc; i++)
    child_args[i] = argv[i];
  child_args[argc + 0] = strdup("--initial-spawn");
  xsnprintf(fdstr, "--socket-fd=%i", fd);
  child_args[argc + 1] = fdstr;
  child_args[argc + 2] = NULL;
  
#if (LIBEXEC_ARGC_EXTRA_LIMIT < 2)
# error LIBEXEC_ARGC_EXTRA_LIMIT is too small, need at least 2.
#endif
  
  
 respawn:
  
  pid = fork();
  if (pid == (pid_t)-1)
    goto pfail;
  
  if (pid == 0) /* Child. */
    {
      rc++;
      exec_master_server(child_args);
      goto pfail;
    }
  
  
  /* Parent. */
  
  /* Get the current time. (Start of child process.) */
  if ((time_error = (monotone(&time_start) < 0)))
    perror(*argv);
  
  /* Wait for master server to die. */
  if (waitpid(pid, &status, 0) == (pid_t)-1)
    goto pfail;
  
  /* If the server exited normally or SIGTERM, do not respawn. */
  if (WIFEXITED(status) || (WEXITSTATUS(status) && WTERMSIG(status)))
    goto done; /* Child exited normally, stop. */
  
  /* Get the current time. (End of child process.) */
  time_error |= (monotone(&time_end) < 0);
  
  /* Do not respawn if we could not read the time. */
  if (time_error)
    {
      perror(*argv);
      eprintf("%s died abnormally, not respawning because we could not read the time.", master_server);
      goto fail;
    }
  
      /* Respawn if the server did not die too fast. */
  if (time_end.tv_sec - time_start.tv_sec >= RESPAWN_TIME_LIMIT_SECONDS)
    eprintf("%s died abnormally, respawning.", master_server);
  else
    {
      eprintf("%s died abnormally, died too fast, not respawning.", master_server);
      goto fail;
    }
  
  if (first_spawn)
    {
      first_spawn = 0;
      free(child_args[argc + 0]);
      child_args[argc + 0] = strdup("--respawn");
      if (child_args[argc + 0] == NULL)
	goto pfail;
    }
  
  goto respawn;
  
  
 done:
  rc--;
 fail:
  rc++;
  free(child_args[0]);
  free(child_args[argc + 0]);
  if (rc == 2)
    _exit(1);
  return rc;
  
 pfail:
  perror(*argv);
  goto fail;
}


/**
 * Create a directory owned by the root user and root group
 * 
 * @param   pathname  The pathname of the directory to create
 * @return            Non-zero on error
 */
int create_directory_root(const char* pathname)
{
  struct stat attr;
  
  if (stat(pathname, &attr) == 0)
    {
      /* Cannot create the directory, its pathname refers to an existing. */
      if (S_ISDIR(attr.st_mode) == 0)
	{
	  /* But it is not a directory so we cannot continue. */
	  eprintf("%s already exists but is not a directory.", pathname);
	  return 1;
	}
    }
  else
    /* Directory is missing, create it. */
    if (mkdir(pathname, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH) < 0)
      {
	if (errno != EEXIST) /* Unlikely race condition. */
	  goto pfail;
      }
    else
      /* Set ownership. */
      if (chown(pathname, ROOT_USER_UID, ROOT_GROUP_GID) < 0)
	goto pfail;
  
  return 0;

 pfail:
  perror(*argv);
  return 1;
}


/**
 * Create a directory owned by the real user and nobody group
 * 
 * @param   pathname  The pathname of the directory to create
 * @return            Non-zero on error
 */
int create_directory_user(const char* pathname)
{
  struct stat attr;
  
  if (stat(pathname, &attr) == 0)
    {
      /* Cannot create the directory, its pathname refers to an existing. */
      if (S_ISDIR(attr.st_mode) == 0)
	{
	  /* But it is not a directory so we cannot continue. */
	  eprintf("%s already exists but is not a directory.", pathname);
	  return 1;
	}
    }
  else
    {
      /* Directory is missing, create it. */
      if (mkdir(pathname, S_IRWXU) < 0)
	{
	  if (errno != EEXIST) /* Unlikely race condition. */
	    {
	      perror(*argv);
	      return 1;
	    }
	}
      else
	/* Set ownership. */
	if (chown(pathname, getuid(), NOBODY_GROUP_GID) < 0)
	  {
	    perror(*argv);
	    return 1;
	  }
    }
  
  return 0;
}


/**
 * Recursively remove a directory
 * 
 * @param   pathname  The pathname of the directory to remove
 * @return            Non-zero on error, but zero if the directory does not exist
 */
int unlink_recursive(const char* pathname)
{
  DIR* dir = opendir(pathname);
  int rc = 0;
  struct dirent* file;
  
  /* Check that we could examine the directory. */
  if (dir == NULL)
    {
      int errno_ = errno;
      struct stat _attr;
      if (stat(pathname, &_attr) < 0)
	return 0; /* Directory does not exist. */
      errno = errno_;
      goto pfail;
    }
  
  /* Remove the content of the directory. */
  while ((file = readdir(dir)) != NULL)
    if (strcmp(file->d_name, ".") &&
	strcmp(file->d_name, "..") &&
	(unlink(file->d_name) < 0))
      {
	if (errno != EISDIR)
	  goto pfail;
	unlink_recursive(file->d_name);
	eprint("pop");
      }
  
  /* Remove the drectory. */
  if (rmdir(pathname) < 0)
    goto pfail;
  
 done:
  if (dir != NULL)
    closedir(dir);
  return rc;
  
  
 pfail:
  perror(*argv);
  rc = -1;
  goto done;
}