From cb75d7915b10da21506b4fdeb52b7eab3c867765 Mon Sep 17 00:00:00 2001 From: remi Date: Sat, 1 Sep 2018 19:21:10 +0000 Subject: [PATCH] Prevent ospf6d from starting when another process is listening on the control socket. ok florian@ --- usr.sbin/ospf6d/control.c | 33 +++++++++++++++++++++++++++++---- usr.sbin/ospf6d/control.h | 3 ++- usr.sbin/ospf6d/ospf6d.c | 18 +++++++++++++++++- usr.sbin/ospf6d/ospf6d.h | 4 +++- usr.sbin/ospf6d/ospfe.c | 19 +++++++++++++------ 5 files changed, 64 insertions(+), 13 deletions(-) diff --git a/usr.sbin/ospf6d/control.c b/usr.sbin/ospf6d/control.c index 29bb254f0f2..191d09c25c1 100644 --- a/usr.sbin/ospf6d/control.c +++ b/usr.sbin/ospf6d/control.c @@ -1,4 +1,4 @@ -/* $OpenBSD: control.c,v 1.26 2017/08/12 16:27:50 benno Exp $ */ +/* $OpenBSD: control.c,v 1.27 2018/09/01 19:21:10 remi Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -38,6 +38,33 @@ struct ctl_conn *control_connbyfd(int); struct ctl_conn *control_connbypid(pid_t); void control_close(int); +int +control_check(char *path) +{ + struct sockaddr_un sun; + int fd; + + bzero(&sun, sizeof(sun)); + sun.sun_family = AF_UNIX; + strlcpy(sun.sun_path, path, sizeof(sun.sun_path)); + + if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { + log_warn("control_check: socket check"); + return (-1); + } + + if (connect(fd, (struct sockaddr *)&sun, sizeof(sun)) == 0) { + log_warnx("control_check: socket in use"); + close(fd); + return (-1); + } + + close(fd); + + return (0); +} + + int control_init(char *path) { @@ -78,9 +105,7 @@ control_init(char *path) return (-1); } - control_state.fd = fd; - - return (0); + return (fd); } int diff --git a/usr.sbin/ospf6d/control.h b/usr.sbin/ospf6d/control.h index c71a8189828..dc91fd09cee 100644 --- a/usr.sbin/ospf6d/control.h +++ b/usr.sbin/ospf6d/control.h @@ -1,4 +1,4 @@ -/* $OpenBSD: control.h,v 1.5 2015/02/10 05:39:10 claudio Exp $ */ +/* $OpenBSD: control.h,v 1.6 2018/09/01 19:21:10 remi Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -34,6 +34,7 @@ struct ctl_conn { struct imsgev iev; }; +int control_check(char *); int control_init(char *); int control_listen(void); void control_accept(int, short, void *); diff --git a/usr.sbin/ospf6d/ospf6d.c b/usr.sbin/ospf6d/ospf6d.c index e8ef83f575b..440907c0d6b 100644 --- a/usr.sbin/ospf6d/ospf6d.c +++ b/usr.sbin/ospf6d/ospf6d.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ospf6d.c,v 1.38 2018/07/12 13:45:03 remi Exp $ */ +/* $OpenBSD: ospf6d.c,v 1.39 2018/09/01 19:21:10 remi Exp $ */ /* * Copyright (c) 2005 Claudio Jeker @@ -115,6 +115,7 @@ main(int argc, char *argv[]) int mib[4]; size_t len; char *sockname = NULL; + int control_fd; conffile = CONF_FILE; ospfd_process = PROC_MAIN; @@ -209,6 +210,9 @@ main(int argc, char *argv[]) log_init(debug, LOG_DAEMON); log_setverbose(ospfd_conf->opts & OSPFD_OPT_VERBOSE); + if ((control_check(ospfd_conf->csock)) == -1) + fatalx("control socket check failed"); + if (!debug) daemon(1, 0); @@ -266,6 +270,10 @@ main(int argc, char *argv[]) iev_rde->handler, iev_rde); event_add(&iev_rde->ev, NULL); + if ((control_fd = control_init(ospfd_conf->csock)) == -1) + fatalx("control socket setup failed"); + main_imsg_compose_ospfe_fd(IMSG_CONTROLFD, 0, control_fd); + if (kr_init(!(ospfd_conf->flags & OSPFD_FLAG_NO_FIB_UPDATE), ospfd_conf->rdomain) == -1) fatalx("kr_init failed"); @@ -456,6 +464,14 @@ main_imsg_compose_ospfe(int type, pid_t pid, void *data, u_int16_t datalen) imsg_compose_event(iev_ospfe, type, 0, pid, -1, data, datalen); } +void +main_imsg_compose_ospfe_fd(int type, pid_t pid, int fd) +{ + if (iev_ospfe == NULL) + return; + imsg_compose_event(iev_ospfe, type, 0, pid, fd, NULL, 0); +} + void main_imsg_compose_rde(int type, pid_t pid, void *data, u_int16_t datalen) { diff --git a/usr.sbin/ospf6d/ospf6d.h b/usr.sbin/ospf6d/ospf6d.h index 25972892395..38193ff23b6 100644 --- a/usr.sbin/ospf6d/ospf6d.h +++ b/usr.sbin/ospf6d/ospf6d.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ospf6d.h,v 1.37 2018/07/12 13:45:03 remi Exp $ */ +/* $OpenBSD: ospf6d.h,v 1.38 2018/09/01 19:21:10 remi Exp $ */ /* * Copyright (c) 2004, 2007 Esben Norby @@ -99,6 +99,7 @@ enum imsg_type { IMSG_CTL_KROUTE_ADDR, IMSG_CTL_END, IMSG_CTL_LOG_VERBOSE, + IMSG_CONTROLFD, IMSG_KROUTE_CHANGE, IMSG_KROUTE_DELETE, IMSG_IFINFO, @@ -577,6 +578,7 @@ void rtlabel_tag(u_int16_t, u_int32_t); /* ospf6d.c */ void main_imsg_compose_ospfe(int, pid_t, void *, u_int16_t); +void main_imsg_compose_ospfe_fd(int, pid_t, int); void main_imsg_compose_rde(int, pid_t, void *, u_int16_t); int ospf_redistribute(struct kroute *, u_int32_t *); void merge_config(struct ospfd_conf *, struct ospfd_conf *); diff --git a/usr.sbin/ospf6d/ospfe.c b/usr.sbin/ospf6d/ospfe.c index 3f03589ab49..b6dfe33b306 100644 --- a/usr.sbin/ospf6d/ospfe.c +++ b/usr.sbin/ospf6d/ospfe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ospfe.c,v 1.54 2018/07/12 13:45:03 remi Exp $ */ +/* $OpenBSD: ospfe.c,v 1.55 2018/09/01 19:21:10 remi Exp $ */ /* * Copyright (c) 2005 Claudio Jeker @@ -88,10 +88,6 @@ ospfe(struct ospfd_conf *xconf, int pipe_parent2ospfe[2], int pipe_ospfe2rde[2], return (pid); } - /* create ospfd control socket outside chroot */ - if (control_init(xconf->csock) == -1) - fatalx("control socket setup failed"); - /* create the raw ip socket */ if ((xconf->ospf_socket = socket(AF_INET6, SOCK_RAW | SOCK_CLOEXEC | SOCK_NONBLOCK, IPPROTO_OSPF)) == -1) @@ -133,7 +129,7 @@ ospfe(struct ospfd_conf *xconf, int pipe_parent2ospfe[2], int pipe_ospfe2rde[2], setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) fatal("can't drop privileges"); - if (pledge("stdio inet mcast", NULL) == -1) + if (pledge("stdio inet mcast recvfd", NULL) == -1) fatal("pledge"); event_init(); @@ -445,6 +441,17 @@ ospfe_dispatch_main(int fd, short event, void *bula) case IMSG_CTL_END: control_imsg_relay(&imsg); break; + case IMSG_CONTROLFD: + if ((fd = imsg.fd) == -1) + fatalx("%s: expected to receive imsg control" + "fd but didn't receive any", __func__); + control_state.fd = fd; + /* Listen on control socket. */ + TAILQ_INIT(&ctl_conns); + control_listen(); + if (pledge("stdio inet mcast", NULL) == -1) + fatal("pledge"); + break; default: log_debug("ospfe_dispatch_main: error handling imsg %d", imsg.hdr.type); -- 2.20.1