X-Git-Url: http://www.project-moonshot.org/gitweb/?p=trust_router.git;a=blobdiff_plain;f=mon%2Fmons.c;h=72070cffd22322d15789b38afd0978fbec2efa37;hp=f2e69c540f5f7d8e680d52b89f4b975e212445be;hb=b5117dd88f660ee157de3cf96f8fb6d952ac342a;hpb=6aa2cd2cfe08019313b3943211fb2778d7567585 diff --git a/mon/mons.c b/mon/mons.c index f2e69c5..72070cf 100644 --- a/mon/mons.c +++ b/mon/mons.c @@ -42,6 +42,7 @@ #include #include #include +#include #include #include "mons_handlers.h" @@ -72,7 +73,7 @@ MONS_INSTANCE *mons_new(TALLOC_CTX *mem_ctx) if (mons) { mons->hostname = NULL; - mons->port = 0; + mons->mon_port = 0; mons->tids = NULL; mons->trps = NULL; mons->req_handler = NULL; @@ -174,16 +175,22 @@ cleanup: * @param max_fd * @return */ -int mons_get_listener(MONS_INSTANCE *mons, MONS_REQ_FUNC *req_handler, MONS_AUTH_FUNC *auth_handler, const char *hostname, - unsigned int port, void *cookie, int *fd_out, size_t max_fd) +int mons_get_listener(MONS_INSTANCE *mons, + MONS_REQ_FUNC *req_handler, + MONS_AUTH_FUNC *auth_handler, + const char *hostname, + int port, + void *cookie, + int *fd_out, + size_t max_fd) { size_t n_fd=0; size_t ii=0; - mons->port = port; + mons->mon_port = port; n_fd = tr_sock_listen_all(port, fd_out, max_fd); if (n_fd<=0) - tr_err("mons_get_listener: Error opening port %d"); + tr_err("mons_get_listener: Error opening port %d", port); else { /* opening port succeeded */ tr_info("mons_get_listener: Opened port %d.", port); @@ -214,6 +221,48 @@ int mons_get_listener(MONS_INSTANCE *mons, MONS_REQ_FUNC *req_handler, MONS_AUTH } /** + * Process to handle an incoming monitoring request + * + * This should be run in a child process after fork(). Handles the request + * and terminates. Never returns to the caller. + * + * @param mons the monitoring server instance + * @param conn_fd file descriptor for the incoming connection + */ +static void mons_handle_proc(MONS_INSTANCE *mons, int conn_fd) +{ + struct rlimit rlim; /* for disabling core dump */ + + switch(tr_gss_handle_connection(conn_fd, + "trustmonitor", mons->hostname, /* acceptor name */ + mons->auth_handler, mons->cookie, /* auth callback and cookie */ + mons_req_cb, mons /* req callback and cookie */ + )) { + case TR_GSS_SUCCESS: + /* do nothing */ + break; + + case TR_GSS_ERROR: + tr_debug("mons_accept: Error returned by tr_gss_handle_connection()"); + break; + + default: + tr_err("mons_accept: Unexpected value returned by tr_gss_handle_connection()"); + break; + } + close(conn_fd); + + /* This ought to be an exit(0), but log4shib does not play well with fork() due to + * threading issues. To ensure we do not get stuck in the exit handler, we will + * abort. First disable core dump for this subprocess (the main process will still + * dump core if the environment allows). */ + rlim.rlim_cur = 0; /* max core size of 0 */ + rlim.rlim_max = 0; /* prevent the core size limit from being raised later */ + setrlimit(RLIMIT_CORE, &rlim); + abort(); /* exit hard */ +} + +/** * Accept and process a connection on a port opened with mons_get_listener() * * @param mons monitoring interface instance @@ -225,8 +274,8 @@ int mons_accept(MONS_INSTANCE *mons, int listen) int conn=-1; int pid=-1; - if (0 > (conn = accept(listen, NULL, NULL))) { - perror("Error from monitoring interface accept()"); + if (0 > (conn = tr_sock_accept(listen))) { + tr_err("mons_accept: Error accepting connection"); return 1; } @@ -236,18 +285,13 @@ int mons_accept(MONS_INSTANCE *mons, int listen) } if (pid == 0) { - close(listen); - tr_gss_handle_connection(conn, - "trustmonitor", mons->hostname, /* acceptor name */ - mons->auth_handler, mons->cookie, /* auth callback and cookie */ - mons_req_cb, mons /* req callback and cookie */ - ); - close(conn); - exit(0); /* exit to kill forked child process */ + /* Only the child process gets here */ + close(listen); /* this belongs to the parent */ + mons_handle_proc(mons, conn); /* never returns */ } /* Only the parent process gets here */ - close(conn); + close(conn); /* this belongs to the child */ g_array_append_val(mons->pids, pid); /* clean up any processes that have completed */