+/*
+ * This file is part of secnet.
+ * See README for full list of copyright holders.
+ *
+ * secnet is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * secnet is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 3 along with secnet; if not, see
+ * https://www.gnu.org/licenses/gpl.html.
+ */
+
+#define _GNU_SOURCE
#include "secnet.h"
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>
#include <sys/wait.h>
+#include <string.h>
#include "process.h"
-/* Advice about children from Peter:
-Better way: before the fork, make a pipe. In the child close the
-+reading end. Make the writing end close-on-exec. If the dup2 or exec fails,
-+write the errno value. In the parent, close the writing end. Now you can read
-+from it. If you get an errno value from the pipe, the process failed and you
-+know why. If you get EOF, the exec succeeded.
-
-<Senji> So, close on exec only closes if exec isn't going to return then?
-<Diziet> qu: I wouldn't bother with all that with pipes. Remember that the
-+runtime system can still make exec fail when it's `too late'.
-<Senji> Diz - I would rather have a coherant error message than 'child failed'
-<Diziet> The child, if it fails to exec, should print a message to stderr
-+(giving errno and what it was trying to execute, most likely), and exit
-+nonzero.
-<Diziet> It should exit calling _exit.
-*/
-
/* Process handling - subprocesses, signals, etc. */
static bool_t signal_handling=False;
struct child {
pid_t pid;
- string_t desc;
+ cstring_t desc;
process_callback_fn *cb;
void *cst;
bool_t finished;
static int spw,spr; /* file descriptors for signal notification pipe */
-static void set_default_signals(void);
-
/* Long-lived subprocesses can only be started once we've started
signal processing so that we can catch SIGCHLD for them and report
their exit status using the callback function. We block SIGCHLD
until signal processing has begun. */
pid_t makesubproc(process_entry_fn *entry, process_callback_fn *cb,
- void *est, void *cst, string_t desc)
+ void *est, void *cst, cstring_t desc)
{
struct child *c;
pid_t p;
- c=safe_malloc(sizeof(*c),"makesubproc");
+ NEW(c);
c->desc=desc;
c->cb=cb;
c->cst=cst;
if (!signal_handling) {
- fatal("makesubproc called before signal handling started\n");
+ fatal("makesubproc called before signal handling started");
}
p=fork();
if (p==0) {
/* Child process */
- set_default_signals();
- sigprocmask(SIG_SETMASK,&emptyset,NULL);
+ afterfork();
entry(est);
abort();
} else if (p==-1) {
if (rv==i->pid) {
i->finished=True;
- nw=safe_malloc(sizeof(*nw),"sigchld_handler");
+ NEW(nw);
nw->pid=i->pid;
nw->cb=i->cb;
nw->cst=i->cst;
}
}
-int sys_cmd(const char *path, char *arg, ...)
+int sys_cmd(const char *path, const char *arg, ...)
{
va_list ap;
- int rv;
+ int rv, rc;
pid_t c;
- va_start(ap,arg);
c=fork();
if (c) {
/* Parent -> wait for child */
- waitpid(c,&rv,0);
+ do {
+ rc = waitpid(c,&rv,0);
+ } while(rc < 0 && errno == EINTR);
+ if (rc < 0)
+ fatal_perror("sys_cmd: waitpid for %s", path);
+ if (rc != c) /* OS has gone mad */
+ fatal("sys_cmd: waitpid for %s returned wrong process ID!",
+ path);
+ if (rv) {
+ /* If the command failed report its exit status */
+ lg_exitstatus(0,"sys_cmd",0,M_ERR,rv,path);
+ }
} else if (c==0) {
char *args[100];
int i;
/* Child -> exec command */
- args[0]=arg;
+ /* Really we ought to strcpy() the arguments into the args array,
+ since the arguments are const char *. Since we'll exit anyway
+ if the execvp() fails this seems somewhat pointless, and
+ increases the chance of the child process failing before it
+ gets to exec(). */
+ afterfork();
+ va_start(ap,arg);
+ args[0]=(char *)arg; /* program name */
i=1;
while ((args[i++]=va_arg(ap,char *)));
execvp(path,args);
- exit(1);
+ fprintf(stderr, "sys_cmd(%s,%s,...): %s\n", path, arg, strerror(errno));
+ _exit(1);
} else {
/* Error */
- fatal_perror("sys_cmd(%s,%s,...)");
+ fatal_perror("sys_cmd(%s,%s,...)", path, arg);
}
- va_end(ap);
return rv;
}
static beforepoll_fn signal_beforepoll;
static int signal_beforepoll(void *st, struct pollfd *fds, int *nfds_io,
- int *timeout_io, const struct timeval *tv_now,
- uint64_t *now)
+ int *timeout_io)
{
- if (*nfds_io<1) {
- *nfds_io=1;
- return ERANGE;
- }
- *nfds_io=1;
+ BEFOREPOLL_WANT_FDS(1);
fds[0].fd=spr;
fds[0].events=POLLIN;
return 0;
}
+/* Bodge to work around Ubuntu's strict header files */
+static void discard(int anything) {}
+
static afterpoll_fn signal_afterpoll;
-static void signal_afterpoll(void *st, struct pollfd *fds, int nfds,
- const struct timeval *tv, uint64_t *now)
+static void signal_afterpoll(void *st, struct pollfd *fds, int nfds)
{
uint8_t buf[16];
struct signotify *n;
sigset_t todo,old;
if (nfds && (fds->revents & POLLIN)) {
- read(spr,buf,16); /* We don't actually care what we read; as
+ discard(read(spr,buf,16));
+ /* We don't actually care what we read; as
long as there was at least one byte
(which there was) we'll pick up the
signals in the pending set */
}
}
-static void set_default_signals(void)
+void afterfork(void)
{
struct signotify *n;
sigset_t done;
struct sigaction sa;
+ clear_phase_hooks(PHASE_SHUTDOWN);
+ /* Prevents calls to fatal() etc. in the child from running off
+ and doing a lot of unhelpful things */
+
sigemptyset(&done);
for (n=sigs; n; n=n->next)
if (!sigismember(&done,n->signum)) {
sa.sa_flags=0;
sigaction(n->signum,&sa,NULL);
}
+
+ sigemptyset(&emptyset);
+ sigprocmask(SIG_SETMASK,&emptyset,NULL);
+}
+
+void childpersist_closefd_hook(void *fd_vp, uint32_t newphase)
+{
+ int *fd_p=fd_vp;
+ int fd=*fd_p;
+ if (fd<0) return;
+ *fd_p=-1;
+ setnonblock(fd); /* in case close() might block */
+ close(fd); /* discard errors - we don't care, in the child */
}
static void signal_handler(int signum)
{
+ int saved_errno;
uint8_t thing=0;
sigaddset(&pending,signum);
- write(spw,&thing,1); /* We don't care if this fails (i.e. the pipe
+ /* XXX the write() may set errno, which can make the main program fail.
+ However, signal handlers aren't allowed to modify anything which
+ is not of type sig_atomic_t. The world is broken. */
+ /* I have decided to save and restore errno anyway; on most
+ architectures on which secnet can run modifications to errno
+ will be atomic, and it seems to be the lesser of the two
+ evils. */
+ saved_errno=errno;
+ discard(write(spw,&thing,1));
+ /* We don't care if this fails (i.e. the pipe
is full) because the service routine will
spot the pending signal anyway */
+ errno=saved_errno;
}
static void register_signal_handler(struct signotify *s)
struct signotify *s;
sigset_t old;
- s=safe_malloc(sizeof(*s),"request_signal_notification");
+ NEW(s);
s->signum=signum;
s->notify=notify;
s->cst=cst;
sigemptyset(®istered);
sigemptyset(&pending);
- if (pipe(p)!=0) {
- fatal_perror("start_signal_handling: pipe");
- }
+ pipe_cloexec(p);
spw=p[1];
spr=p[0];
- if (fcntl(spw, F_SETFL, fcntl(spw, F_GETFL)|O_NONBLOCK)==-1) {
- fatal_perror("start_signal_handling: fcntl(O_NONBLOCK)");
- }
+ setnonblock(spw);
+ setnonblock(spr);
- register_for_poll(NULL,signal_beforepoll,signal_afterpoll,1,"signal");
+ register_for_poll(NULL,signal_beforepoll,signal_afterpoll,"signal");
signal_handling=True;
/* Register signal handlers for all the signals we're interested in */
~ian / secnet.git / blobdiff