#include <mon_internal.h>
#include <tr_socket.h>
#include <sys/wait.h>
+#include <sys/resource.h>
#include <tr_gss.h>
#include "mons_handlers.h"
+static void mons_sweep_procs(MONS_INSTANCE *mons);
+
static int mons_destructor(void *object)
{
MONS_INSTANCE *mons = talloc_get_type_abort(object, MONS_INSTANCE);
- if (mons->handlers) {
+ if (mons->handlers)
g_ptr_array_unref(mons->handlers);
- }
+
+ if (mons->pids)
+ g_array_unref(mons->pids);
+
return 0;
}
if (mons) {
mons->hostname = NULL;
- mons->port = 0;
+ mons->mon_port = 0;
mons->tids = NULL;
mons->trps = NULL;
mons->req_handler = NULL;
talloc_free(mons);
return NULL;
}
+
+ mons->pids = g_array_new(FALSE, FALSE, sizeof(pid_t));
+ if (mons->pids == NULL) {
+ talloc_free(mons);
+ return NULL;
+ }
}
return mons;
}
* @param max_fd
* @return
*/
-int mons_get_listener(MONS_INSTANCE *mons, MONS_REQ_FUNC *req_handler, MONS_AUTH_FUNC *auth_handler, const char *hostname,
- unsigned int port, void *cookie, int *fd_out, size_t max_fd)
+int mons_get_listener(MONS_INSTANCE *mons,
+ MONS_REQ_FUNC *req_handler,
+ MONS_AUTH_FUNC *auth_handler,
+ const char *hostname,
+ int port,
+ void *cookie,
+ int *fd_out,
+ size_t max_fd)
{
size_t n_fd=0;
size_t ii=0;
- mons->port = port;
+ mons->mon_port = port;
n_fd = tr_sock_listen_all(port, fd_out, max_fd);
if (n_fd<=0)
tr_err("mons_get_listener: Error opening port %d");
}
/**
+ * Process to handle an incoming monitoring request
+ *
+ * This should be run in a child process after fork(). Handles the request
+ * and terminates. Never returns to the caller.
+ *
+ * @param mons the monitoring server instance
+ * @param conn_fd file descriptor for the incoming connection
+ */
+static void mons_handle_proc(MONS_INSTANCE *mons, int conn_fd)
+{
+ struct rlimit rlim; /* for disabling core dump */
+
+ switch(tr_gss_handle_connection(conn_fd,
+ "trustmonitor", mons->hostname, /* acceptor name */
+ mons->auth_handler, mons->cookie, /* auth callback and cookie */
+ mons_req_cb, mons /* req callback and cookie */
+ )) {
+ case TR_GSS_SUCCESS:
+ /* do nothing */
+ break;
+
+ case TR_GSS_ERROR:
+ tr_debug("mons_accept: Error returned by tr_gss_handle_connection()");
+ break;
+
+ default:
+ tr_err("mons_accept: Unexpected value returned by tr_gss_handle_connection()");
+ break;
+ }
+ close(conn_fd);
+
+ /* This ought to be an exit(0), but log4shib does not play well with fork() due to
+ * threading issues. To ensure we do not get stuck in the exit handler, we will
+ * abort. First disable core dump for this subprocess (the main process will still
+ * dump core if the environment allows). */
+ rlim.rlim_cur = 0; /* max core size of 0 */
+ rlim.rlim_max = 0; /* prevent the core size limit from being raised later */
+ setrlimit(RLIMIT_CORE, &rlim);
+ abort(); /* exit hard */
+}
+
+/**
* Accept and process a connection on a port opened with mons_get_listener()
*
* @param mons monitoring interface instance
int conn=-1;
int pid=-1;
- if (0 > (conn = accept(listen, NULL, NULL))) {
- perror("Error from monitoring interface accept()");
+ if (0 > (conn = tr_sock_accept(listen))) {
+ tr_err("mons_accept: Error accepting connection");
return 1;
}
}
if (pid == 0) {
- close(listen);
- tr_gss_handle_connection(conn,
- "trustmonitor", mons->hostname, /* acceptor name */
- mons->auth_handler, mons->cookie, /* auth callback and cookie */
- mons_req_cb, mons /* req callback and cookie */
- );
- close(conn);
- exit(0); /* exit to kill forked child process */
- } else {
- close(conn);
+ /* Only the child process gets here */
+ close(listen); /* this belongs to the parent */
+ mons_handle_proc(mons, conn); /* never returns */
}
+ /* Only the parent process gets here */
+ close(conn); /* this belongs to the child */
+ g_array_append_val(mons->pids, pid);
+
/* clean up any processes that have completed */
- while (waitpid(-1, 0, WNOHANG) > 0);
+ mons_sweep_procs(mons);
return 0;
}
+
+void mons_sweep_procs(MONS_INSTANCE *mons)
+{
+ guint ii;
+ pid_t pid;
+ int status;
+
+ /* loop backwards over the array so we can remove elements as we go */
+ for (ii=mons->pids->len; ii > 0; ii--) {
+ /* ii-1 is the current index */
+ pid = g_array_index(mons->pids, pid_t, ii-1);
+ if (waitpid(pid, &status, WNOHANG) > 0) {
+ /* the process exited */
+ tr_debug("mons_sweep_procs: monitoring process %d terminated.", pid);
+
+ g_array_remove_index_fast(mons->pids, ii-1); /* disturbs only indices >= ii-1 which we've already handled */
+ if (WIFEXITED(status)) {
+ if (WEXITSTATUS(status) == 0)
+ tr_debug("mons_sweep_procs: monitoring process %d succeeded.", pid);
+ else
+ tr_debug("mons_sweep_procs: monitoring process %d exited with status %d.", pid, WTERMSIG(status));
+ } else if (WIFSIGNALED(status)) {
+ tr_debug("mons_sweep_procs: monitoring process %d terminated by signal %d.", pid, WTERMSIG(status));
+ }
+ }
+ }
+}