Index: head/contrib/openbsm/bin/auditdistd/receiver.c =================================================================== --- head/contrib/openbsm/bin/auditdistd/receiver.c (revision 339177) +++ head/contrib/openbsm/bin/auditdistd/receiver.c (revision 339178) @@ -1,712 +1,712 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include #include #if defined(HAVE_SYS_ENDIAN_H) && defined(HAVE_BSWAP) #include #else /* !HAVE_SYS_ENDIAN_H || !HAVE_BSWAP */ #ifdef HAVE_MACHINE_ENDIAN_H #include #else /* !HAVE_MACHINE_ENDIAN_H */ #ifdef HAVE_ENDIAN_H #include #else /* !HAVE_ENDIAN_H */ #error "No supported endian.h" #endif /* !HAVE_ENDIAN_H */ #endif /* !HAVE_MACHINE_ENDIAN_H */ #include #endif /* !HAVE_SYS_ENDIAN_H || !HAVE_BSWAP */ #include #include #include #include #include #include #ifdef HAVE_LIBUTIL_H #include #endif #include #include #include #include #include #include #include #include #ifndef HAVE_STRLCPY #include #endif #ifndef HAVE_FSTATAT #include "fstatat.h" #endif #ifndef HAVE_OPENAT #include "openat.h" #endif #ifndef HAVE_RENAMEAT #include "renameat.h" #endif #include "auditdistd.h" #include "pjdlog.h" #include "proto.h" #include "sandbox.h" #include "subr.h" #include "synch.h" #include "trail.h" static struct adist_config *adcfg; static struct adist_host *adhost; static TAILQ_HEAD(, adreq) adist_free_list; static pthread_mutex_t adist_free_list_lock; static pthread_cond_t adist_free_list_cond; static TAILQ_HEAD(, adreq) adist_disk_list; static pthread_mutex_t adist_disk_list_lock; static pthread_cond_t adist_disk_list_cond; static TAILQ_HEAD(, adreq) adist_send_list; static pthread_mutex_t adist_send_list_lock; static pthread_cond_t adist_send_list_cond; static void adreq_clear(struct adreq *adreq) { adreq->adr_error = -1; adreq->adr_byteorder = ADIST_BYTEORDER_UNDEFINED; adreq->adr_cmd = ADIST_CMD_UNDEFINED; adreq->adr_seq = 0; adreq->adr_datasize = 0; } static void init_environment(void) { struct adreq *adreq; unsigned int ii; TAILQ_INIT(&adist_free_list); mtx_init(&adist_free_list_lock); cv_init(&adist_free_list_cond); TAILQ_INIT(&adist_disk_list); mtx_init(&adist_disk_list_lock); cv_init(&adist_disk_list_cond); TAILQ_INIT(&adist_send_list); mtx_init(&adist_send_list_lock); cv_init(&adist_send_list_cond); for (ii = 0; ii < ADIST_QUEUE_SIZE; ii++) { adreq = malloc(sizeof(*adreq) + ADIST_BUF_SIZE); if (adreq == NULL) { pjdlog_exitx(EX_TEMPFAIL, "Unable to allocate %zu bytes of memory for adreq object.", sizeof(*adreq) + ADIST_BUF_SIZE); } adreq_clear(adreq); TAILQ_INSERT_TAIL(&adist_free_list, adreq, adr_next); } } static void adreq_decode_and_validate_header(struct adreq *adreq) { - /* Byte-swap only is the sender is using different byte order. */ + /* Byte-swap only if the sender is using different byte order. */ if (adreq->adr_byteorder != ADIST_BYTEORDER) { adreq->adr_byteorder = ADIST_BYTEORDER; adreq->adr_seq = bswap64(adreq->adr_seq); adreq->adr_datasize = bswap32(adreq->adr_datasize); } /* Validate packet header. */ if (adreq->adr_datasize > ADIST_BUF_SIZE) { pjdlog_exitx(EX_PROTOCOL, "Invalid datasize received (%ju).", (uintmax_t)adreq->adr_datasize); } switch (adreq->adr_cmd) { case ADIST_CMD_OPEN: case ADIST_CMD_APPEND: case ADIST_CMD_CLOSE: if (adreq->adr_datasize == 0) { pjdlog_exitx(EX_PROTOCOL, "Invalid datasize received (%ju).", (uintmax_t)adreq->adr_datasize); } break; case ADIST_CMD_KEEPALIVE: case ADIST_CMD_ERROR: if (adreq->adr_datasize > 0) { pjdlog_exitx(EX_PROTOCOL, "Invalid datasize received (%ju).", (uintmax_t)adreq->adr_datasize); } break; default: pjdlog_exitx(EX_PROTOCOL, "Invalid command received (%hhu).", adreq->adr_cmd); } } static void adreq_validate_data(const struct adreq *adreq) { /* Validate packet data. */ switch (adreq->adr_cmd) { case ADIST_CMD_OPEN: case ADIST_CMD_CLOSE: /* * File name must end up with '\0' and there must be no '\0' * in the middle. */ if (adreq->adr_data[adreq->adr_datasize - 1] != '\0' || strchr(adreq->adr_data, '\0') != (const char *)adreq->adr_data + adreq->adr_datasize - 1) { pjdlog_exitx(EX_PROTOCOL, "Invalid file name received."); } break; } } /* * Thread receives requests from the sender. */ static void * recv_thread(void *arg __unused) { struct adreq *adreq; for (;;) { pjdlog_debug(3, "recv: Taking free request."); QUEUE_TAKE(adreq, &adist_free_list, 0); pjdlog_debug(3, "recv: (%p) Got request.", adreq); if (proto_recv(adhost->adh_remote, &adreq->adr_packet, sizeof(adreq->adr_packet)) == -1) { pjdlog_exit(EX_TEMPFAIL, "Unable to receive request header"); } adreq_decode_and_validate_header(adreq); switch (adreq->adr_cmd) { case ADIST_CMD_KEEPALIVE: adreq->adr_error = 0; adreq_log(LOG_DEBUG, 2, -1, adreq, "recv: (%p) Got request header: ", adreq); pjdlog_debug(3, "recv: (%p) Moving request to the send queue.", adreq); QUEUE_INSERT(adreq, &adist_send_list); continue; case ADIST_CMD_ERROR: pjdlog_error("An error occured on the sender while reading \"%s/%s\".", adhost->adh_directory, adhost->adh_trail_name); adreq_log(LOG_DEBUG, 2, ADIST_ERROR_READ, adreq, "recv: (%p) Got request header: ", adreq); pjdlog_debug(3, "recv: (%p) Moving request to the send queue.", adreq); QUEUE_INSERT(adreq, &adist_disk_list); continue; case ADIST_CMD_OPEN: case ADIST_CMD_APPEND: case ADIST_CMD_CLOSE: if (proto_recv(adhost->adh_remote, adreq->adr_data, adreq->adr_datasize) == -1) { pjdlog_exit(EX_TEMPFAIL, "Unable to receive request data"); } adreq_validate_data(adreq); adreq_log(LOG_DEBUG, 2, -1, adreq, "recv: (%p) Got request header: ", adreq); pjdlog_debug(3, "recv: (%p) Moving request to the disk queue.", adreq); QUEUE_INSERT(adreq, &adist_disk_list); break; default: PJDLOG_ABORT("Invalid condition."); } } /* NOTREACHED */ return (NULL); } /* * Function that opens trail file requested by the sender. * If the file already exist, it has to be the most recent file and it can * only be open for append. * If the file doesn't already exist, it has to be "older" than all existing * files. */ static int receiver_open(const char *filename) { int fd; /* * Previous file should be closed by now. Sending OPEN request without * sending CLOSE for the previous file is a sender bug. */ if (adhost->adh_trail_fd != -1) { pjdlog_error("Sender requested opening file \"%s\" without first closing \"%s\".", filename, adhost->adh_trail_name); return (ADIST_ERROR_WRONG_ORDER); } if (!trail_validate_name(filename, NULL)) { pjdlog_error("Sender wants to open file \"%s\", which has invalid name.", filename); return (ADIST_ERROR_INVALID_NAME); } switch (trail_name_compare(filename, adhost->adh_trail_name)) { case TRAIL_RENAMED: if (!trail_is_not_terminated(adhost->adh_trail_name)) { pjdlog_error("Terminated trail \"%s/%s\" was unterminated on the sender as \"%s/%s\"?", adhost->adh_directory, adhost->adh_trail_name, adhost->adh_directory, filename); return (ADIST_ERROR_INVALID_NAME); } if (renameat(adhost->adh_trail_dirfd, adhost->adh_trail_name, adhost->adh_trail_dirfd, filename) == -1) { pjdlog_errno(LOG_ERR, "Unable to rename file \"%s/%s\" to \"%s/%s\"", adhost->adh_directory, adhost->adh_trail_name, adhost->adh_directory, filename); PJDLOG_ASSERT(errno > 0); return (ADIST_ERROR_RENAME); } pjdlog_debug(1, "Renamed file \"%s/%s\" to \"%s/%s\".", adhost->adh_directory, adhost->adh_trail_name, adhost->adh_directory, filename); /* FALLTHROUGH */ case TRAIL_IDENTICAL: /* Opening existing file. */ fd = openat(adhost->adh_trail_dirfd, filename, O_WRONLY | O_APPEND | O_NOFOLLOW); if (fd == -1) { pjdlog_errno(LOG_ERR, "Unable to open file \"%s/%s\" for append", adhost->adh_directory, filename); PJDLOG_ASSERT(errno > 0); return (ADIST_ERROR_OPEN); } pjdlog_debug(1, "Opened file \"%s/%s\".", adhost->adh_directory, filename); break; case TRAIL_NEWER: /* Opening new file. */ fd = openat(adhost->adh_trail_dirfd, filename, O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW, 0600); if (fd == -1) { pjdlog_errno(LOG_ERR, "Unable to create file \"%s/%s\"", adhost->adh_directory, filename); PJDLOG_ASSERT(errno > 0); return (ADIST_ERROR_CREATE); } pjdlog_debug(1, "Created file \"%s/%s\".", adhost->adh_directory, filename); break; case TRAIL_OLDER: /* Trying to open old file. */ pjdlog_error("Sender wants to open an old file \"%s\".", filename); return (ADIST_ERROR_OPEN_OLD); default: PJDLOG_ABORT("Unknown return value from trail_name_compare()."); } PJDLOG_VERIFY(strlcpy(adhost->adh_trail_name, filename, sizeof(adhost->adh_trail_name)) < sizeof(adhost->adh_trail_name)); adhost->adh_trail_fd = fd; return (0); } /* * Function appends data to the trail file that is currently open. */ static int receiver_append(const unsigned char *data, size_t size) { ssize_t done; size_t osize; /* We should have opened trail file. */ if (adhost->adh_trail_fd == -1) { pjdlog_error("Sender requested append without first opening file."); return (ADIST_ERROR_WRONG_ORDER); } osize = size; while (size > 0) { done = write(adhost->adh_trail_fd, data, size); if (done == -1) { if (errno == EINTR) continue; pjdlog_errno(LOG_ERR, "Write to \"%s/%s\" failed", adhost->adh_directory, adhost->adh_trail_name); PJDLOG_ASSERT(errno > 0); return (ADIST_ERROR_WRITE); } pjdlog_debug(3, "Wrote %zd bytes into \"%s/%s\".", done, adhost->adh_directory, adhost->adh_trail_name); size -= done; } pjdlog_debug(2, "Appended %zu bytes to file \"%s/%s\".", osize, adhost->adh_directory, adhost->adh_trail_name); return (0); } static int receiver_close(const char *filename) { /* We should have opened trail file. */ if (adhost->adh_trail_fd == -1) { pjdlog_error("Sender requested closing file without first opening it."); return (ADIST_ERROR_WRONG_ORDER); } /* Validate if we can do the rename. */ if (!trail_validate_name(adhost->adh_trail_name, filename)) { pjdlog_error("Sender wants to close file \"%s\" using name \"%s\".", adhost->adh_trail_name, filename); return (ADIST_ERROR_INVALID_NAME); } PJDLOG_VERIFY(close(adhost->adh_trail_fd) == 0); adhost->adh_trail_fd = -1; pjdlog_debug(1, "Closed file \"%s/%s\".", adhost->adh_directory, adhost->adh_trail_name); if (strcmp(adhost->adh_trail_name, filename) == 0) { /* File name didn't change, we are done here. */ return (0); } if (renameat(adhost->adh_trail_dirfd, adhost->adh_trail_name, adhost->adh_trail_dirfd, filename) == -1) { pjdlog_errno(LOG_ERR, "Unable to rename \"%s\" to \"%s\"", adhost->adh_trail_name, filename); PJDLOG_ASSERT(errno > 0); return (ADIST_ERROR_RENAME); } pjdlog_debug(1, "Renamed file \"%s/%s\" to \"%s/%s\".", adhost->adh_directory, adhost->adh_trail_name, adhost->adh_directory, filename); PJDLOG_VERIFY(strlcpy(adhost->adh_trail_name, filename, sizeof(adhost->adh_trail_name)) < sizeof(adhost->adh_trail_name)); return (0); } static int receiver_error(void) { /* We should have opened trail file. */ if (adhost->adh_trail_fd == -1) { pjdlog_error("Sender send read error, but file is not open."); return (ADIST_ERROR_WRONG_ORDER); } PJDLOG_VERIFY(close(adhost->adh_trail_fd) == 0); adhost->adh_trail_fd = -1; pjdlog_debug(1, "Closed file \"%s/%s\".", adhost->adh_directory, adhost->adh_trail_name); return (0); } static void * disk_thread(void *arg __unused) { struct adreq *adreq; for (;;) { pjdlog_debug(3, "disk: Taking request."); QUEUE_TAKE(adreq, &adist_disk_list, 0); adreq_log(LOG_DEBUG, 3, -1, adreq, "disk: (%p) Got request: ", adreq); /* Handle the actual request. */ switch (adreq->adr_cmd) { case ADIST_CMD_OPEN: adreq->adr_error = receiver_open(adreq->adr_data); break; case ADIST_CMD_APPEND: adreq->adr_error = receiver_append(adreq->adr_data, adreq->adr_datasize); break; case ADIST_CMD_CLOSE: adreq->adr_error = receiver_close(adreq->adr_data); break; case ADIST_CMD_ERROR: adreq->adr_error = receiver_error(); break; default: PJDLOG_ABORT("Unexpected command (cmd=%hhu).", adreq->adr_cmd); } if (adreq->adr_error != 0) { adreq_log(LOG_ERR, 0, adreq->adr_error, adreq, "Request failed: "); } pjdlog_debug(3, "disk: (%p) Moving request to the send queue.", adreq); QUEUE_INSERT(adreq, &adist_send_list); } /* NOTREACHED */ return (NULL); } /* * Thread sends requests back to primary node. */ static void * send_thread(void *arg __unused) { struct adreq *adreq; struct adrep adrep; for (;;) { pjdlog_debug(3, "send: Taking request."); QUEUE_TAKE(adreq, &adist_send_list, 0); adreq_log(LOG_DEBUG, 3, -1, adreq, "send: (%p) Got request: ", adreq); adrep.adrp_byteorder = ADIST_BYTEORDER; adrep.adrp_seq = adreq->adr_seq; adrep.adrp_error = adreq->adr_error; if (proto_send(adhost->adh_remote, &adrep, sizeof(adrep)) == -1) { pjdlog_exit(EX_TEMPFAIL, "Unable to send reply"); } pjdlog_debug(3, "send: (%p) Moving request to the free queue.", adreq); adreq_clear(adreq); QUEUE_INSERT(adreq, &adist_free_list); } /* NOTREACHED */ return (NULL); } static void receiver_directory_create(void) { struct passwd *pw; /* * According to getpwnam(3) we have to clear errno before calling the * function to be able to distinguish between an error and missing * entry (with is not treated as error by getpwnam(3)). */ errno = 0; pw = getpwnam(ADIST_USER); if (pw == NULL) { if (errno != 0) { pjdlog_exit(EX_NOUSER, "Unable to find info about '%s' user", ADIST_USER); } else { pjdlog_exitx(EX_NOUSER, "User '%s' doesn't exist.", ADIST_USER); } } if (mkdir(adhost->adh_directory, 0700) == -1) { pjdlog_exit(EX_OSFILE, "Unable to create directory \"%s\"", adhost->adh_directory); } if (chown(adhost->adh_directory, pw->pw_uid, pw->pw_gid) == -1) { pjdlog_errno(LOG_ERR, "Unable to change owner of the directory \"%s\"", adhost->adh_directory); (void)rmdir(adhost->adh_directory); exit(EX_OSFILE); } } static void receiver_directory_open(void) { #ifdef HAVE_FDOPENDIR adhost->adh_trail_dirfd = open(adhost->adh_directory, O_RDONLY | O_DIRECTORY); if (adhost->adh_trail_dirfd == -1) { if (errno == ENOENT) { receiver_directory_create(); adhost->adh_trail_dirfd = open(adhost->adh_directory, O_RDONLY | O_DIRECTORY); } if (adhost->adh_trail_dirfd == -1) { pjdlog_exit(EX_CONFIG, "Unable to open directory \"%s\"", adhost->adh_directory); } } adhost->adh_trail_dirfp = fdopendir(adhost->adh_trail_dirfd); if (adhost->adh_trail_dirfp == NULL) { pjdlog_exit(EX_CONFIG, "Unable to fdopen directory \"%s\"", adhost->adh_directory); } #else struct stat sb; if (stat(adhost->adh_directory, &sb) == -1) { if (errno == ENOENT) { receiver_directory_create(); } else { pjdlog_exit(EX_CONFIG, "Unable to stat directory \"%s\"", adhost->adh_directory); } } adhost->adh_trail_dirfp = opendir(adhost->adh_directory); if (adhost->adh_trail_dirfp == NULL) { pjdlog_exit(EX_CONFIG, "Unable to open directory \"%s\"", adhost->adh_directory); } adhost->adh_trail_dirfd = dirfd(adhost->adh_trail_dirfp); #endif } static void receiver_connect(void) { uint64_t trail_size; struct stat sb; PJDLOG_ASSERT(adhost->adh_trail_dirfp != NULL); trail_last(adhost->adh_trail_dirfp, adhost->adh_trail_name, sizeof(adhost->adh_trail_name)); if (adhost->adh_trail_name[0] == '\0') { trail_size = 0; } else { if (fstatat(adhost->adh_trail_dirfd, adhost->adh_trail_name, &sb, AT_SYMLINK_NOFOLLOW) == -1) { pjdlog_exit(EX_CONFIG, "Unable to stat \"%s/%s\"", adhost->adh_directory, adhost->adh_trail_name); } if (!S_ISREG(sb.st_mode)) { pjdlog_exitx(EX_CONFIG, "File \"%s/%s\" is not a regular file.", adhost->adh_directory, adhost->adh_trail_name); } trail_size = sb.st_size; } trail_size = htole64(trail_size); if (proto_send(adhost->adh_remote, &trail_size, sizeof(trail_size)) == -1) { pjdlog_exit(EX_TEMPFAIL, "Unable to send size of the most recent trail file"); } if (proto_send(adhost->adh_remote, adhost->adh_trail_name, sizeof(adhost->adh_trail_name)) == -1) { pjdlog_exit(EX_TEMPFAIL, "Unable to send name of the most recent trail file"); } } void adist_receiver(struct adist_config *config, struct adist_host *adh) { sigset_t mask; pthread_t td; pid_t pid; int error, mode, debuglevel; pid = fork(); if (pid == -1) { pjdlog_errno(LOG_ERR, "Unable to fork"); proto_close(adh->adh_remote); adh->adh_remote = NULL; return; } if (pid > 0) { /* This is parent. */ proto_close(adh->adh_remote); adh->adh_remote = NULL; adh->adh_worker_pid = pid; return; } adcfg = config; adhost = adh; mode = pjdlog_mode_get(); debuglevel = pjdlog_debug_get(); descriptors_cleanup(adhost); // descriptors_assert(adhost, mode); pjdlog_init(mode); pjdlog_debug_set(debuglevel); pjdlog_prefix_set("[%s] (%s) ", adhost->adh_name, role2str(adhost->adh_role)); #ifdef HAVE_SETPROCTITLE setproctitle("%s (%s)", adhost->adh_name, role2str(adhost->adh_role)); #endif PJDLOG_VERIFY(sigemptyset(&mask) == 0); PJDLOG_VERIFY(sigprocmask(SIG_SETMASK, &mask, NULL) == 0); /* Error in setting timeout is not critical, but why should it fail? */ if (proto_timeout(adhost->adh_remote, adcfg->adc_timeout) == -1) pjdlog_errno(LOG_WARNING, "Unable to set connection timeout"); init_environment(); adhost->adh_trail_fd = -1; receiver_directory_open(); if (sandbox(ADIST_USER, true, "auditdistd: %s (%s)", role2str(adhost->adh_role), adhost->adh_name) != 0) { exit(EX_CONFIG); } pjdlog_info("Privileges successfully dropped."); receiver_connect(); error = pthread_create(&td, NULL, recv_thread, adhost); PJDLOG_ASSERT(error == 0); error = pthread_create(&td, NULL, disk_thread, adhost); PJDLOG_ASSERT(error == 0); (void)send_thread(adhost); } Index: head/contrib/openbsm/bin/auditdistd/sender.c =================================================================== --- head/contrib/openbsm/bin/auditdistd/sender.c (revision 339177) +++ head/contrib/openbsm/bin/auditdistd/sender.c (revision 339178) @@ -1,842 +1,835 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include #include #if defined(HAVE_SYS_ENDIAN_H) && defined(HAVE_BSWAP) #include #else /* !HAVE_SYS_ENDIAN_H || !HAVE_BSWAP */ #ifdef HAVE_MACHINE_ENDIAN_H #include #else /* !HAVE_MACHINE_ENDIAN_H */ #ifdef HAVE_ENDIAN_H #include #else /* !HAVE_ENDIAN_H */ #error "No supported endian.h" #endif /* !HAVE_ENDIAN_H */ #endif /* !HAVE_MACHINE_ENDIAN_H */ #include #endif /* !HAVE_SYS_ENDIAN_H || !HAVE_BSWAP */ #include #include #include #include #include #include #include #include #include #include #include #ifdef HAVE_LIBUTIL_H #include #endif #include #include #include #include #ifndef HAVE_SIGTIMEDWAIT #include "sigtimedwait.h" #endif #include "auditdistd.h" #include "pjdlog.h" #include "proto.h" #include "sandbox.h" #include "subr.h" #include "synch.h" #include "trail.h" static struct adist_config *adcfg; static struct adist_host *adhost; static pthread_rwlock_t adist_remote_lock; static pthread_mutex_t adist_remote_mtx; static pthread_cond_t adist_remote_cond; static struct trail *adist_trail; static TAILQ_HEAD(, adreq) adist_free_list; static pthread_mutex_t adist_free_list_lock; static pthread_cond_t adist_free_list_cond; static TAILQ_HEAD(, adreq) adist_send_list; static pthread_mutex_t adist_send_list_lock; static pthread_cond_t adist_send_list_cond; static TAILQ_HEAD(, adreq) adist_recv_list; static pthread_mutex_t adist_recv_list_lock; static pthread_cond_t adist_recv_list_cond; static void init_environment(void) { struct adreq *adreq; unsigned int ii; rw_init(&adist_remote_lock); mtx_init(&adist_remote_mtx); cv_init(&adist_remote_cond); TAILQ_INIT(&adist_free_list); mtx_init(&adist_free_list_lock); cv_init(&adist_free_list_cond); TAILQ_INIT(&adist_send_list); mtx_init(&adist_send_list_lock); cv_init(&adist_send_list_cond); TAILQ_INIT(&adist_recv_list); mtx_init(&adist_recv_list_lock); cv_init(&adist_recv_list_cond); for (ii = 0; ii < ADIST_QUEUE_SIZE; ii++) { adreq = malloc(sizeof(*adreq) + ADIST_BUF_SIZE); if (adreq == NULL) { pjdlog_exitx(EX_TEMPFAIL, "Unable to allocate %zu bytes of memory for adreq object.", sizeof(*adreq) + ADIST_BUF_SIZE); } adreq->adr_byteorder = ADIST_BYTEORDER; adreq->adr_cmd = ADIST_CMD_UNDEFINED; adreq->adr_seq = 0; adreq->adr_datasize = 0; TAILQ_INSERT_TAIL(&adist_free_list, adreq, adr_next); } } static int sender_connect(void) { unsigned char rnd[32], hash[32], resp[32]; struct proto_conn *conn; char welcome[8]; int16_t val; val = 1; if (proto_send(adhost->adh_conn, &val, sizeof(val)) < 0) { pjdlog_exit(EX_TEMPFAIL, "Unable to send connection request to parent"); } if (proto_recv(adhost->adh_conn, &val, sizeof(val)) < 0) { pjdlog_exit(EX_TEMPFAIL, "Unable to receive reply to connection request from parent"); } if (val != 0) { errno = val; pjdlog_errno(LOG_WARNING, "Unable to connect to %s", adhost->adh_remoteaddr); return (-1); } if (proto_connection_recv(adhost->adh_conn, true, &conn) < 0) { pjdlog_exit(EX_TEMPFAIL, "Unable to receive connection from parent"); } if (proto_connect_wait(conn, adcfg->adc_timeout) < 0) { pjdlog_errno(LOG_WARNING, "Unable to connect to %s", adhost->adh_remoteaddr); proto_close(conn); return (-1); } pjdlog_debug(1, "Connected to %s.", adhost->adh_remoteaddr); /* Error in setting timeout is not critical, but why should it fail? */ if (proto_timeout(conn, adcfg->adc_timeout) < 0) pjdlog_errno(LOG_WARNING, "Unable to set connection timeout"); else pjdlog_debug(1, "Timeout set to %d.", adcfg->adc_timeout); /* Exchange welcome message, which includes version number. */ (void)snprintf(welcome, sizeof(welcome), "ADIST%02d", ADIST_VERSION); if (proto_send(conn, welcome, sizeof(welcome)) < 0) { pjdlog_errno(LOG_WARNING, "Unable to send welcome message to %s", adhost->adh_remoteaddr); proto_close(conn); return (-1); } pjdlog_debug(1, "Welcome message sent (%s).", welcome); bzero(welcome, sizeof(welcome)); if (proto_recv(conn, welcome, sizeof(welcome)) < 0) { pjdlog_errno(LOG_WARNING, "Unable to receive welcome message from %s", adhost->adh_remoteaddr); proto_close(conn); return (-1); } if (strncmp(welcome, "ADIST", 5) != 0 || !isdigit(welcome[5]) || !isdigit(welcome[6]) || welcome[7] != '\0') { pjdlog_warning("Invalid welcome message from %s.", adhost->adh_remoteaddr); proto_close(conn); return (-1); } pjdlog_debug(1, "Welcome message received (%s).", welcome); /* * Receiver can only reply with version number lower or equal to * the one we sent. */ adhost->adh_version = atoi(welcome + 5); if (adhost->adh_version > ADIST_VERSION) { pjdlog_warning("Invalid version number from %s (%d received, up to %d supported).", adhost->adh_remoteaddr, adhost->adh_version, ADIST_VERSION); proto_close(conn); return (-1); } pjdlog_debug(1, "Version %d negotiated with %s.", adhost->adh_version, adhost->adh_remoteaddr); if (proto_send(conn, adcfg->adc_name, sizeof(adcfg->adc_name)) == -1) { pjdlog_errno(LOG_WARNING, "Unable to send name to %s", adhost->adh_remoteaddr); proto_close(conn); return (-1); } pjdlog_debug(1, "Name (%s) sent.", adcfg->adc_name); if (proto_recv(conn, rnd, sizeof(rnd)) == -1) { pjdlog_errno(LOG_WARNING, "Unable to receive challenge from %s", adhost->adh_remoteaddr); proto_close(conn); return (-1); } pjdlog_debug(1, "Challenge received."); if (HMAC(EVP_sha256(), adhost->adh_password, (int)strlen(adhost->adh_password), rnd, (int)sizeof(rnd), hash, NULL) == NULL) { pjdlog_warning("Unable to generate response."); proto_close(conn); return (-1); } pjdlog_debug(1, "Response generated."); if (proto_send(conn, hash, sizeof(hash)) == -1) { pjdlog_errno(LOG_WARNING, "Unable to send response to %s", adhost->adh_remoteaddr); proto_close(conn); return (-1); } pjdlog_debug(1, "Response sent."); if (adist_random(rnd, sizeof(rnd)) == -1) { pjdlog_warning("Unable to generate challenge."); proto_close(conn); return (-1); } pjdlog_debug(1, "Challenge generated."); if (proto_send(conn, rnd, sizeof(rnd)) == -1) { pjdlog_errno(LOG_WARNING, "Unable to send challenge to %s", adhost->adh_remoteaddr); proto_close(conn); return (-1); } pjdlog_debug(1, "Challenge sent."); if (proto_recv(conn, resp, sizeof(resp)) == -1) { pjdlog_errno(LOG_WARNING, "Unable to receive response from %s", adhost->adh_remoteaddr); proto_close(conn); return (-1); } pjdlog_debug(1, "Response received."); if (HMAC(EVP_sha256(), adhost->adh_password, (int)strlen(adhost->adh_password), rnd, (int)sizeof(rnd), hash, NULL) == NULL) { pjdlog_warning("Unable to generate hash."); proto_close(conn); return (-1); } pjdlog_debug(1, "Hash generated."); if (memcmp(resp, hash, sizeof(hash)) != 0) { pjdlog_warning("Invalid response from %s (wrong password?).", adhost->adh_remoteaddr); proto_close(conn); return (-1); } pjdlog_info("Receiver authenticated."); if (proto_recv(conn, &adhost->adh_trail_offset, sizeof(adhost->adh_trail_offset)) == -1) { pjdlog_errno(LOG_WARNING, "Unable to receive size of the most recent trail file from %s", adhost->adh_remoteaddr); proto_close(conn); return (-1); } adhost->adh_trail_offset = le64toh(adhost->adh_trail_offset); if (proto_recv(conn, &adhost->adh_trail_name, sizeof(adhost->adh_trail_name)) == -1) { pjdlog_errno(LOG_WARNING, "Unable to receive name of the most recent trail file from %s", adhost->adh_remoteaddr); proto_close(conn); return (-1); } pjdlog_debug(1, "Trail name (%s) and offset (%ju) received.", adhost->adh_trail_name, (uintmax_t)adhost->adh_trail_offset); rw_wlock(&adist_remote_lock); mtx_lock(&adist_remote_mtx); PJDLOG_ASSERT(adhost->adh_remote == NULL); PJDLOG_ASSERT(conn != NULL); adhost->adh_remote = conn; mtx_unlock(&adist_remote_mtx); rw_unlock(&adist_remote_lock); cv_signal(&adist_remote_cond); return (0); } static void sender_disconnect(void) { rw_wlock(&adist_remote_lock); /* * Check for a race between dropping rlock and acquiring wlock - * another thread can close connection in-between. */ if (adhost->adh_remote == NULL) { rw_unlock(&adist_remote_lock); return; } pjdlog_debug(2, "Closing connection to %s.", adhost->adh_remoteaddr); proto_close(adhost->adh_remote); mtx_lock(&adist_remote_mtx); adhost->adh_remote = NULL; adhost->adh_reset = true; adhost->adh_trail_name[0] = '\0'; adhost->adh_trail_offset = 0; mtx_unlock(&adist_remote_mtx); rw_unlock(&adist_remote_lock); pjdlog_warning("Disconnected from %s.", adhost->adh_remoteaddr); /* Move all in-flight requests back onto free list. */ QUEUE_CONCAT2(&adist_free_list, &adist_send_list, &adist_recv_list); } static void adreq_fill(struct adreq *adreq, uint8_t cmd, const unsigned char *data, size_t size) { static uint64_t seq = 1; PJDLOG_ASSERT(size <= ADIST_BUF_SIZE); switch (cmd) { case ADIST_CMD_OPEN: case ADIST_CMD_CLOSE: PJDLOG_ASSERT(data != NULL && size == 0); size = strlen(data) + 1; break; case ADIST_CMD_APPEND: PJDLOG_ASSERT(data != NULL && size > 0); break; case ADIST_CMD_KEEPALIVE: case ADIST_CMD_ERROR: PJDLOG_ASSERT(data == NULL && size == 0); break; default: PJDLOG_ABORT("Invalid command (%hhu).", cmd); } adreq->adr_cmd = cmd; adreq->adr_seq = seq++; adreq->adr_datasize = size; /* Don't copy if data is already in out buffer. */ if (data != NULL && data != adreq->adr_data) bcopy(data, adreq->adr_data, size); } static bool read_thread_wait(void) { bool newfile = false; mtx_lock(&adist_remote_mtx); if (adhost->adh_reset) { reset: adhost->adh_reset = false; if (trail_filefd(adist_trail) != -1) trail_close(adist_trail); trail_reset(adist_trail); while (adhost->adh_remote == NULL) cv_wait(&adist_remote_cond, &adist_remote_mtx); trail_start(adist_trail, adhost->adh_trail_name, adhost->adh_trail_offset); newfile = true; } mtx_unlock(&adist_remote_mtx); while (trail_filefd(adist_trail) == -1) { newfile = true; wait_for_dir(); /* * We may have been disconnected and reconnected in the * meantime, check if reset is set. */ mtx_lock(&adist_remote_mtx); if (adhost->adh_reset) goto reset; mtx_unlock(&adist_remote_mtx); if (trail_filefd(adist_trail) == -1) trail_next(adist_trail); } if (newfile) { pjdlog_debug(1, "Trail file \"%s/%s\" opened.", adhost->adh_directory, trail_filename(adist_trail)); (void)wait_for_file_init(trail_filefd(adist_trail)); } return (newfile); } static void * read_thread(void *arg __unused) { struct adreq *adreq; ssize_t done; bool newfile; pjdlog_debug(1, "%s started.", __func__); for (;;) { newfile = read_thread_wait(); QUEUE_TAKE(adreq, &adist_free_list, 0); if (newfile) { adreq_fill(adreq, ADIST_CMD_OPEN, trail_filename(adist_trail), 0); newfile = false; goto move; } done = read(trail_filefd(adist_trail), adreq->adr_data, ADIST_BUF_SIZE); if (done == -1) { off_t offset; int error; error = errno; offset = lseek(trail_filefd(adist_trail), 0, SEEK_CUR); errno = error; pjdlog_errno(LOG_ERR, "Error while reading \"%s/%s\" at offset %jd", adhost->adh_directory, trail_filename(adist_trail), offset); trail_close(adist_trail); adreq_fill(adreq, ADIST_CMD_ERROR, NULL, 0); goto move; } else if (done == 0) { /* End of file. */ pjdlog_debug(3, "End of \"%s/%s\".", adhost->adh_directory, trail_filename(adist_trail)); if (!trail_switch(adist_trail)) { /* More audit records can arrive. */ mtx_lock(&adist_free_list_lock); TAILQ_INSERT_TAIL(&adist_free_list, adreq, adr_next); mtx_unlock(&adist_free_list_lock); wait_for_file(); continue; } adreq_fill(adreq, ADIST_CMD_CLOSE, trail_filename(adist_trail), 0); trail_close(adist_trail); goto move; } adreq_fill(adreq, ADIST_CMD_APPEND, adreq->adr_data, done); move: pjdlog_debug(3, "read thread: Moving request %p to the send queue (%hhu).", adreq, adreq->adr_cmd); QUEUE_INSERT(adreq, &adist_send_list); } /* NOTREACHED */ return (NULL); } static void keepalive_send(void) { struct adreq *adreq; rw_rlock(&adist_remote_lock); if (adhost->adh_remote == NULL) { rw_unlock(&adist_remote_lock); return; } rw_unlock(&adist_remote_lock); mtx_lock(&adist_free_list_lock); adreq = TAILQ_FIRST(&adist_free_list); if (adreq != NULL) TAILQ_REMOVE(&adist_free_list, adreq, adr_next); mtx_unlock(&adist_free_list_lock); if (adreq == NULL) return; adreq_fill(adreq, ADIST_CMD_KEEPALIVE, NULL, 0); QUEUE_INSERT(adreq, &adist_send_list); pjdlog_debug(3, "keepalive_send: Request sent."); } -/* - * Thread sends request to secondary node. - */ static void * send_thread(void *arg __unused) { time_t lastcheck, now; struct adreq *adreq; pjdlog_debug(1, "%s started.", __func__); lastcheck = time(NULL); for (;;) { pjdlog_debug(3, "send thread: Taking request."); for (;;) { QUEUE_TAKE(adreq, &adist_send_list, ADIST_KEEPALIVE); if (adreq != NULL) break; now = time(NULL); if (lastcheck + ADIST_KEEPALIVE <= now) { keepalive_send(); lastcheck = now; } } PJDLOG_ASSERT(adreq != NULL); pjdlog_debug(3, "send thread: (%p) Got request %hhu.", adreq, adreq->adr_cmd); /* * Protect connection from disappearing. */ rw_rlock(&adist_remote_lock); /* * Move the request to the recv queue first to avoid race * where the recv thread receives the reply before we move * the request to the recv queue. */ QUEUE_INSERT(adreq, &adist_recv_list); if (adhost->adh_remote == NULL || proto_send(adhost->adh_remote, &adreq->adr_packet, ADPKT_SIZE(adreq)) == -1) { rw_unlock(&adist_remote_lock); pjdlog_debug(1, "send thread: (%p) Unable to send request.", adreq); if (adhost->adh_remote != NULL) sender_disconnect(); continue; } else { pjdlog_debug(3, "Request %p sent successfully.", adreq); adreq_log(LOG_DEBUG, 2, -1, adreq, "send: (%p) Request sent: ", adreq); rw_unlock(&adist_remote_lock); } } /* NOTREACHED */ return (NULL); } static void adrep_decode_header(struct adrep *adrep) { - /* Byte-swap only is the receiver is using different byte order. */ + /* Byte-swap only if the receiver is using different byte order. */ if (adrep->adrp_byteorder != ADIST_BYTEORDER) { adrep->adrp_byteorder = ADIST_BYTEORDER; adrep->adrp_seq = bswap64(adrep->adrp_seq); adrep->adrp_error = bswap16(adrep->adrp_error); } } -/* - * Thread receives answer from secondary node and passes it to ggate_send - * thread. - */ static void * recv_thread(void *arg __unused) { struct adrep adrep; struct adreq *adreq; pjdlog_debug(1, "%s started.", __func__); for (;;) { /* Wait until there is anything to receive. */ QUEUE_WAIT(&adist_recv_list); pjdlog_debug(3, "recv thread: Got something."); rw_rlock(&adist_remote_lock); if (adhost->adh_remote == NULL) { /* * Connection is dead. * There is a short race in sender_disconnect() between * setting adh_remote to NULL and removing entries from * the recv list, which can result in us being here. * To avoid just spinning, wait for 0.1s. */ rw_unlock(&adist_remote_lock); usleep(100000); continue; } if (proto_recv(adhost->adh_remote, &adrep, sizeof(adrep)) == -1) { rw_unlock(&adist_remote_lock); pjdlog_errno(LOG_ERR, "Unable to receive reply"); sender_disconnect(); continue; } rw_unlock(&adist_remote_lock); adrep_decode_header(&adrep); /* * Find the request that was just confirmed. */ mtx_lock(&adist_recv_list_lock); TAILQ_FOREACH(adreq, &adist_recv_list, adr_next) { if (adreq->adr_seq == adrep.adrp_seq) { TAILQ_REMOVE(&adist_recv_list, adreq, adr_next); break; } } if (adreq == NULL) { /* * If we disconnected in the meantime, just continue. * On disconnect sender_disconnect() clears the queue, * we can use that. */ if (TAILQ_EMPTY(&adist_recv_list)) { mtx_unlock(&adist_recv_list_lock); continue; } mtx_unlock(&adist_recv_list_lock); pjdlog_error("Found no request matching received 'seq' field (%ju).", (uintmax_t)adrep.adrp_seq); sender_disconnect(); continue; } mtx_unlock(&adist_recv_list_lock); adreq_log(LOG_DEBUG, 2, -1, adreq, "recv thread: (%p) Request confirmed: ", adreq); pjdlog_debug(3, "recv thread: (%p) Got request %hhu.", adreq, adreq->adr_cmd); if (adrep.adrp_error != 0) { pjdlog_error("Receiver returned error (%s), disconnecting.", adist_errstr((int)adrep.adrp_error)); sender_disconnect(); continue; } if (adreq->adr_cmd == ADIST_CMD_CLOSE) trail_unlink(adist_trail, adreq->adr_data); pjdlog_debug(3, "Request received successfully."); QUEUE_INSERT(adreq, &adist_free_list); } /* NOTREACHED */ return (NULL); } static void guard_check_connection(void) { PJDLOG_ASSERT(adhost->adh_role == ADIST_ROLE_SENDER); rw_rlock(&adist_remote_lock); if (adhost->adh_remote != NULL) { rw_unlock(&adist_remote_lock); pjdlog_debug(3, "remote_guard: Connection to %s is ok.", adhost->adh_remoteaddr); return; } /* * Upgrade the lock. It doesn't have to be atomic as no other thread * can change connection status from disconnected to connected. */ rw_unlock(&adist_remote_lock); pjdlog_debug(1, "remote_guard: Reconnecting to %s.", adhost->adh_remoteaddr); if (sender_connect() == 0) { pjdlog_info("Successfully reconnected to %s.", adhost->adh_remoteaddr); } else { pjdlog_debug(1, "remote_guard: Reconnect to %s failed.", adhost->adh_remoteaddr); } } /* * Thread guards remote connections and reconnects when needed, handles * signals, etc. */ static void * guard_thread(void *arg __unused) { struct timespec timeout; time_t lastcheck, now; sigset_t mask; int signo; lastcheck = time(NULL); PJDLOG_VERIFY(sigemptyset(&mask) == 0); PJDLOG_VERIFY(sigaddset(&mask, SIGINT) == 0); PJDLOG_VERIFY(sigaddset(&mask, SIGTERM) == 0); timeout.tv_sec = ADIST_KEEPALIVE; timeout.tv_nsec = 0; signo = -1; for (;;) { switch (signo) { case SIGINT: case SIGTERM: sigexit_received = true; pjdlog_exitx(EX_OK, "Termination signal received, exiting."); break; default: break; } pjdlog_debug(3, "remote_guard: Checking connections."); now = time(NULL); if (lastcheck + ADIST_KEEPALIVE <= now) { guard_check_connection(); lastcheck = now; } signo = sigtimedwait(&mask, NULL, &timeout); } /* NOTREACHED */ return (NULL); } void adist_sender(struct adist_config *config, struct adist_host *adh) { pthread_t td; pid_t pid; int error, mode, debuglevel; /* * Create communication channel for sending connection requests from * child to parent. */ if (proto_connect(NULL, "socketpair://", -1, &adh->adh_conn) == -1) { pjdlog_errno(LOG_ERR, "Unable to create connection sockets between child and parent"); return; } pid = fork(); if (pid == -1) { pjdlog_errno(LOG_ERR, "Unable to fork"); proto_close(adh->adh_conn); adh->adh_conn = NULL; return; } if (pid > 0) { /* This is parent. */ adh->adh_worker_pid = pid; /* Declare that we are receiver. */ proto_recv(adh->adh_conn, NULL, 0); return; } adcfg = config; adhost = adh; mode = pjdlog_mode_get(); debuglevel = pjdlog_debug_get(); /* Declare that we are sender. */ proto_send(adhost->adh_conn, NULL, 0); descriptors_cleanup(adhost); #ifdef TODO descriptors_assert(adhost, mode); #endif pjdlog_init(mode); pjdlog_debug_set(debuglevel); pjdlog_prefix_set("[%s] (%s) ", adhost->adh_name, role2str(adhost->adh_role)); #ifdef HAVE_SETPROCTITLE setproctitle("[%s] (%s) ", adhost->adh_name, role2str(adhost->adh_role)); #endif /* * The sender process should be able to remove entries from its * trail directory, but it should not be able to write to the * trail files, only read from them. */ adist_trail = trail_new(adhost->adh_directory, false); if (adist_trail == NULL) exit(EX_OSFILE); if (sandbox(ADIST_USER, true, "auditdistd: %s (%s)", role2str(adhost->adh_role), adhost->adh_name) != 0) { exit(EX_CONFIG); } pjdlog_info("Privileges successfully dropped."); /* * We can ignore wait_for_dir_init() failures. It will fall back to * using sleep(3). */ (void)wait_for_dir_init(trail_dirfd(adist_trail)); init_environment(); if (sender_connect() == 0) { pjdlog_info("Successfully connected to %s.", adhost->adh_remoteaddr); } adhost->adh_reset = true; /* * Create the guard thread first, so we can handle signals from the * very begining. */ error = pthread_create(&td, NULL, guard_thread, NULL); PJDLOG_ASSERT(error == 0); error = pthread_create(&td, NULL, send_thread, NULL); PJDLOG_ASSERT(error == 0); error = pthread_create(&td, NULL, recv_thread, NULL); PJDLOG_ASSERT(error == 0); (void)read_thread(NULL); }