From: tobhe <tobhe@openbsd.org>
Date: Sun, 5 Mar 2023 22:17:22 +0000 (+0000)
Subject: Fix clean process shutdown by storing env globally like vmd and httpd do
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=e8e9d77f12a916d795d31bc9df5d15b6def0b148;p=openbsd

Fix clean process shutdown by storing env globally like vmd and httpd do
instead of getting it from p_ps.  The old approach does not work anymore
after the recent fork + exec update.

ok patrick@
---

diff --git a/sbin/iked/ca.c b/sbin/iked/ca.c
index 10e5eb29ca4..409e8a67796 100644
--- a/sbin/iked/ca.c
+++ b/sbin/iked/ca.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ca.c,v 1.90 2023/03/04 22:22:50 tobhe Exp $	*/
+/*	$OpenBSD: ca.c,v 1.91 2023/03/05 22:17:22 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -46,7 +46,7 @@
 #include "ikev2.h"
 
 void	 ca_run(struct privsep *, struct privsep_proc *, void *);
-void	 ca_shutdown(struct privsep_proc *);
+void	 ca_shutdown(void);
 void	 ca_reset(struct privsep *);
 int	 ca_reload(struct iked *);
 
@@ -107,7 +107,7 @@ caproc(struct privsep *ps, struct privsep_proc *p)
 void
 ca_run(struct privsep *ps, struct privsep_proc *p, void *arg)
 {
-	struct iked	*env = ps->ps_env;
+	struct iked	*env = iked_env;
 	struct ca_store	*store;
 
 	/*
@@ -127,17 +127,11 @@ ca_run(struct privsep *ps, struct privsep_proc *p, void *arg)
 }
 
 void
-ca_shutdown(struct privsep_proc *p)
+ca_shutdown(void)
 {
-	struct iked		*env;
+	struct iked		*env = iked_env;
 	struct ca_store		*store;
 
-	if (p->p_ps == NULL)
-		return;
-
-	env = p->p_ps->ps_env;
-	if (env == NULL)
-		return;
 	ibuf_release(env->sc_certreq);
 	if ((store = env->sc_priv) == NULL)
 		return;
@@ -151,7 +145,7 @@ ca_shutdown(struct privsep_proc *p)
 void
 ca_getkey(struct privsep *ps, struct iked_id *key, enum imsg_type type)
 {
-	struct iked	*env = ps->ps_env;
+	struct iked	*env = iked_env;
 	struct ca_store	*store = env->sc_priv;
 	struct iked_id	*id = NULL;
 	const char	*name;
@@ -184,7 +178,7 @@ ca_getkey(struct privsep *ps, struct iked_id *key, enum imsg_type type)
 void
 ca_reset(struct privsep *ps)
 {
-	struct iked	*env = ps->ps_env;
+	struct iked	*env = iked_env;
 	struct ca_store	*store = env->sc_priv;
 
 	if (store->ca_privkey.id_type == IKEV2_ID_NONE ||
@@ -213,7 +207,7 @@ ca_reset(struct privsep *ps)
 int
 ca_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg)
 {
-	struct iked		*env = p->p_ps->ps_env;
+	struct iked		*env = iked_env;
 	unsigned int		 mode;
 
 	switch (imsg->hdr.type) {
@@ -248,7 +242,7 @@ ca_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg)
 int
 ca_dispatch_ikev2(int fd, struct privsep_proc *p, struct imsg *imsg)
 {
-	struct iked	*env = p->p_ps->ps_env;
+	struct iked	*env = iked_env;
 
 	switch (imsg->hdr.type) {
 	case IMSG_CERTREQ:
@@ -270,7 +264,7 @@ ca_dispatch_ikev2(int fd, struct privsep_proc *p, struct imsg *imsg)
 int
 ca_dispatch_control(int fd, struct privsep_proc *p, struct imsg *imsg)
 {
-	struct iked	*env = p->p_ps->ps_env;
+	struct iked	*env = iked_env;
 	struct ca_store	*store = env->sc_priv;
 
 	switch (imsg->hdr.type) {
diff --git a/sbin/iked/control.c b/sbin/iked/control.c
index 2aa3f9a5968..32437fcb8aa 100644
--- a/sbin/iked/control.c
+++ b/sbin/iked/control.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: control.c,v 1.35 2023/03/04 22:22:50 tobhe Exp $	*/
+/*	$OpenBSD: control.c,v 1.36 2023/03/05 22:17:22 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -76,7 +76,7 @@ control_run(struct privsep *ps, struct privsep_proc *p, void *arg)
 int
 control_init(struct privsep *ps, struct control_sock *cs)
 {
-	struct iked		*env = ps->ps_env;
+	struct iked		*env = iked_env;
 	struct sockaddr_un	 s_un;
 	int			 fd;
 	mode_t			 old_umask, mode;
diff --git a/sbin/iked/iked.c b/sbin/iked/iked.c
index 858d1e2b80f..aa824d6f196 100644
--- a/sbin/iked/iked.c
+++ b/sbin/iked/iked.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: iked.c,v 1.63 2023/03/04 22:22:50 tobhe Exp $	*/
+/*	$OpenBSD: iked.c,v 1.64 2023/03/05 22:17:22 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -47,6 +47,8 @@ int	 parent_dispatch_control(int, struct privsep_proc *, struct imsg *);
 int	 parent_dispatch_ikev2(int, struct privsep_proc *, struct imsg *);
 int	 parent_configure(struct iked *);
 
+struct iked	*iked_env;
+
 static struct privsep_proc procs[] = {
 	{ "ca",		PROC_CERT,	parent_dispatch_ca, caproc, IKED_CA },
 	{ "control",	PROC_CONTROL,	parent_dispatch_control, control },
@@ -161,6 +163,7 @@ main(int argc, char *argv[])
 	if ((env = calloc(1, sizeof(*env))) == NULL)
 		fatal("calloc: env");
 
+	iked_env = env;
 	env->sc_opts = opts;
 	env->sc_nattmode = natt_mode;
 	env->sc_nattport = port;
@@ -421,7 +424,7 @@ parent_sig_handler(int sig, short event, void *arg)
 int
 parent_dispatch_ca(int fd, struct privsep_proc *p, struct imsg *imsg)
 {
-	struct iked	*env = p->p_ps->ps_env;
+	struct iked	*env = iked_env;
 
 	switch (imsg->hdr.type) {
 	case IMSG_OCSP_FD:
@@ -437,7 +440,7 @@ parent_dispatch_ca(int fd, struct privsep_proc *p, struct imsg *imsg)
 int
 parent_dispatch_control(int fd, struct privsep_proc *p, struct imsg *imsg)
 {
-	struct iked	*env = p->p_ps->ps_env;
+	struct iked	*env = iked_env;
 	int		 v;
 	char		*str = NULL;
 	unsigned int	 type = imsg->hdr.type;
@@ -476,7 +479,7 @@ parent_dispatch_control(int fd, struct privsep_proc *p, struct imsg *imsg)
 int
 parent_dispatch_ikev2(int fd, struct privsep_proc *p, struct imsg *imsg)
 {
-	struct iked	*env = p->p_ps->ps_env;
+	struct iked	*env = iked_env;
 
 	switch (imsg->hdr.type) {
 	case IMSG_IF_ADDADDR:
diff --git a/sbin/iked/iked.h b/sbin/iked/iked.h
index 8f84b2aaeff..6eac02342a3 100644
--- a/sbin/iked/iked.h
+++ b/sbin/iked/iked.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: iked.h,v 1.209 2023/03/04 22:22:50 tobhe Exp $	*/
+/*	$OpenBSD: iked.h,v 1.210 2023/03/05 22:17:22 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -743,7 +743,7 @@ struct privsep_proc {
 	const char		*p_chroot;
 	struct passwd		*p_pw;
 	struct privsep		*p_ps;
-	void			(*p_shutdown)(struct privsep_proc *);
+	void			(*p_shutdown)(void);
 };
 
 struct privsep_fd {
@@ -875,6 +875,8 @@ struct ipsec_mode {
 /* iked.c */
 void	 parent_reload(struct iked *, int, const char *);
 
+extern struct iked	*iked_env;
+
 /* control.c */
 void	 control(struct privsep *, struct privsep_proc *);
 int	 control_init(struct privsep *, struct control_sock *);
diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
index d4ff5cb41b8..8c625df451c 100644
--- a/sbin/iked/ikev2.c
+++ b/sbin/iked/ikev2.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2.c,v 1.363 2023/03/04 22:22:50 tobhe Exp $	*/
+/*	$OpenBSD: ikev2.c,v 1.364 2023/03/05 22:17:22 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -57,7 +57,7 @@ void	 ikev2_log_proposal(struct iked_sa *, struct iked_proposals *);
 void	 ikev2_log_cert_info(const char *, struct iked_id *);
 
 void	 ikev2_run(struct privsep *, struct privsep_proc *, void *);
-void	 ikev2_shutdown(struct privsep_proc *);
+void	 ikev2_shutdown(void);
 int	 ikev2_dispatch_parent(int, struct privsep_proc *, struct imsg *);
 int	 ikev2_dispatch_cert(int, struct privsep_proc *, struct imsg *);
 int	 ikev2_dispatch_control(int, struct privsep_proc *, struct imsg *);
@@ -218,16 +218,9 @@ ikev2_run(struct privsep *ps, struct privsep_proc *p, void *arg)
 }
 
 void
-ikev2_shutdown(struct privsep_proc *p)
+ikev2_shutdown(void)
 {
-	struct iked		*env;
-
-	if (p->p_ps == NULL)
-		return;
-
-	env = p->p_ps->ps_env;
-	if (env == NULL)
-		return;
+	struct iked		*env = iked_env;
 
 	ibuf_release(env->sc_certreq);
 	env->sc_certreq = NULL;
@@ -237,7 +230,7 @@ ikev2_shutdown(struct privsep_proc *p)
 int
 ikev2_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg)
 {
-	struct iked		*env = p->p_ps->ps_env;
+	struct iked		*env = iked_env;
 	struct iked_sa		*sa, *satmp;
 	struct iked_policy	*pol, *old;
 
@@ -313,7 +306,7 @@ ikev2_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg)
 int
 ikev2_dispatch_cert(int fd, struct privsep_proc *p, struct imsg *imsg)
 {
-	struct iked		*env = p->p_ps->ps_env;
+	struct iked		*env = iked_env;
 	struct iked_sahdr	 sh;
 	struct iked_sa		*sa;
 	uint8_t			 type;
@@ -513,7 +506,7 @@ ikev2_dispatch_cert(int fd, struct privsep_proc *p, struct imsg *imsg)
 int
 ikev2_dispatch_control(int fd, struct privsep_proc *p, struct imsg *imsg)
 {
-	struct iked		*env = p->p_ps->ps_env;
+	struct iked		*env = iked_env;
 
 	switch (imsg->hdr.type) {
 	case IMSG_CTL_RESET_ID:
diff --git a/sbin/iked/proc.c b/sbin/iked/proc.c
index a75de447d19..87a80674856 100644
--- a/sbin/iked/proc.c
+++ b/sbin/iked/proc.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: proc.c,v 1.37 2023/03/04 22:22:51 tobhe Exp $	*/
+/*	$OpenBSD: proc.c,v 1.38 2023/03/05 22:17:22 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2010 - 2016 Reyk Floeter <reyk@openbsd.org>
@@ -476,7 +476,7 @@ proc_shutdown(struct privsep_proc *p)
 	struct privsep	*ps = p->p_ps;
 
 	if (p->p_shutdown != NULL)
-		(*p->p_shutdown)(p);
+		(*p->p_shutdown)();
 
 	proc_close(ps);