X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=userv.git;a=blobdiff_plain;f=process.c;h=e624fb8a5e4da420cfa9127ae63d9621a8f56b32;hp=64afd5c419aba03a85e2e29c6b0b2123fc78c1e0;hb=bc730637ae2abc44a1e1013bc64d85a92923cf6e;hpb=78032a78185e751a0bf0b77863f23d005359205f

diff --git a/process.c b/process.c
index 64afd5c..e624fb8 100644
--- a/process.c
+++ b/process.c
@@ -2,7 +2,7 @@
  * userv - process.c
  * daemon code to process one request (is parent of service process)
  *
- * Copyright (C)1996-1999 Ian Jackson
+ * Copyright (C)1996-1999,2001,2003 Ian Jackson
  *
  * This is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by
@@ -49,12 +49,12 @@
 #include <syslog.h>
 #include <pwd.h>
 #include <grp.h>
-#include <ctype.h>
 #include <limits.h>
+#include <fcntl.h>
 #include <sys/wait.h>
 #include <sys/time.h>
 #include <sys/resource.h>
-#include <sys/fcntl.h>
+#include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/socket.h>
 #include <sys/un.h>
@@ -271,8 +271,18 @@ void NONRETURNING disconnect(int exitstatus) {
   _exit(exitstatus);
 }
 
-static void NONRETURNING sighandler_chld(int ignored) {
+static void reporttermination(int status) {
   struct progress_msg progress_mbuf;
+  
+  memset(&progress_mbuf,0,sizeof(progress_mbuf));
+  progress_mbuf.magic= PROGRESS_MAGIC;
+  progress_mbuf.type= pt_terminated;
+  progress_mbuf.data.terminated.status= status;
+  xfwrite(&progress_mbuf,sizeof(progress_mbuf),swfile);
+  xfflush(swfile);
+}
+
+static void NONRETURNING sighandler_chld(int ignored) {
   int status;
   pid_t returned;
 
@@ -282,13 +292,7 @@ static void NONRETURNING sighandler_chld(int ignored) {
   if (returned!=child) syscallerror("spurious child process");
   child= childtokill= -1;
 
-  memset(&progress_mbuf,0,sizeof(progress_mbuf));
-  progress_mbuf.magic= PROGRESS_MAGIC;
-  progress_mbuf.type= pt_terminated;
-  progress_mbuf.data.terminated.status= status;
-  xfwrite(&progress_mbuf,sizeof(progress_mbuf),swfile);
-  xfflush(swfile);
-
+  reporttermination(status);
   syslog(LOG_INFO,"service completed (status %d %d)",(status>>8)&0x0ff,status&0x0ff);
   _exit(0);
 }
@@ -439,6 +443,8 @@ static void receive_request(void) {
     assert(fdarray[fd].iswrite == -1);
     fdarray[fd].iswrite= (i>=request_mbuf.nreadfds);
   }
+  /* fdarray[].iswrite now set; rest is still blank
+   * (ie want reject read, no realfd holdfd). */
 
   assert(request_mbuf.nargs <= MAX_ARGSDEFVAR);
   argarray= xmalloc(sizeof(char*)*(request_mbuf.nargs));
@@ -478,6 +484,14 @@ static void establish_pipes(void) {
     if (unlink(pipepathbuf)) syscallerror("unlink pipe");
     if (close(tempfd)) syscallerror("close prelim fd onto pipe");
   }
+  /* Now fdarray[].realfd is pipe end for service in case service
+   * wants it.  If it's an input pipe, then .holdfd is the other
+   * (writing) end of the pipe - we keep it around so that the service
+   * doesn't get an apparently clean EOF if the caller disappears (eg
+   * due to a file read error) or the like (ie so that on disconnect
+   * we can guarantee to send the service SIGHUP before it gets EOF on
+   * the input fd).  Otherwise, .holdfd=-1.
+   */
 }
 
 static void groupnames(int ngids, gid_t *gids, const char ***names_r) {
@@ -641,7 +655,6 @@ static void check_fds(void) {
     case tokv_word_requirefd:
       if (fdarray[fd].realfd == -1)
 	failure("file descriptor %d required but not provided",fd);
-      assert(fdarray[fd].holdfd == -1);
       /* fall through */
     case tokv_word_allowfd:
       if (fdarray[fd].realfd == -1) {
@@ -658,6 +671,10 @@ static void check_fds(void) {
       }
     }
   }
+  /* Now fdarray[].realfd is exactly what service wants: pipe end or
+   * /dev/null or -1.  If .realfd is not -1 then .holdfd may be the fd
+   * for the writing end of the corresponding pipe.
+   */
 }
 
 static void send_progress_ok(void) {
@@ -746,6 +763,18 @@ void servicerequest(int sfd) {
   getevent(&event_mbuf);
   assert(event_mbuf.type == et_confirm);
 
+  if (execbuiltin == bisexec_shutdown && !serviceuser_uid) {
+    /* The check for the uid is just so we can give a nice
+     * error message (in the actual code for bisexec_shutdown).
+     * If this is spoofed somehow then the unlink() will simply fail.
+     */
+    r= unlink(RENDEZVOUSPATH);
+    if (r) syscallfailure("remove rendezvous socket %s",RENDEZVOUSPATH);
+    syslog(LOG_NOTICE,"arranging for termination, due to client request");
+    reporttermination(0);
+    _exit(10);
+  }
+
   fork_service_synch();
   
   getevent(&event_mbuf);