Reorganize the relayd code to use the proc.c privsep API/commodity

functions that are based on work for iked and smtpd.  This simplifies
the setup of privsep processes and moves some redundant and repeated
code to a single place - which is always good from a quality and
security point of view.  The relayd version of proc.c is different to
the current version in iked because it uses 1:N communications between
processes, eg. a single parent process is talking to many forked relay
children while iked only needs 1:1 communications.

ok sthen@ pyr@

1 files changed, 153 insertions, 81 deletions

diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h
index b5511948632..330ad861cd4 100644
--- a/usr.sbin/relayd/relayd.h
+++ b/usr.sbin/relayd/relayd.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: relayd.h,v 1.145 2011/05/05 10:20:24 phessler Exp $	*/
+/*	$OpenBSD: relayd.h,v 1.146 2011/05/09 12:08:47 reyk Exp $	*/
 
 /*
  * Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -648,70 +648,16 @@ struct router {
 };
 TAILQ_HEAD(routerlist, router);
 
-enum {
-	PROC_MAIN,
-	PROC_PFE,
-	PROC_HCE,
-	PROC_RELAY
-} relayd_process;
-
-struct relayd {
-	u_int8_t		 sc_opts;
-	u_int32_t		 sc_flags;
-	const char		*sc_confpath;
-	struct pfdata		*sc_pf;
-	int			 sc_rtsock;
-	int			 sc_rtseq;
-	int			 sc_tablecount;
-	int			 sc_rdrcount;
-	int			 sc_protocount;
-	int			 sc_relaycount;
-	int			 sc_routercount;
-	int			 sc_routecount;
-	struct timeval		 sc_interval;
-	struct timeval		 sc_timeout;
-	struct table		 sc_empty_table;
-	struct protocol		 sc_proto_default;
-	struct event		 sc_ev;
-	struct tablelist	*sc_tables;
-	struct rdrlist		*sc_rdrs;
-	struct protolist	*sc_protos;
-	struct relaylist	*sc_relays;
-	struct routerlist	*sc_rts;
-	struct netroutelist	*sc_routes;
-	u_int16_t		 sc_prefork_relay;
-	char			 sc_demote_group[IFNAMSIZ];
-	u_int16_t		 sc_id;
 
-	struct event		 sc_statev;
-	struct timeval		 sc_statinterval;
-
-	int			 sc_snmp;
-	struct event		 sc_snmpto;
-	struct event		 sc_snmpev;
-
-	int			 sc_has_icmp;
-	int			 sc_has_icmp6;
-	struct ctl_icmp_event	 sc_icmp_send;
-	struct ctl_icmp_event	 sc_icmp_recv;
-	struct ctl_icmp_event	 sc_icmp6_send;
-	struct ctl_icmp_event	 sc_icmp6_recv;
-
-	/* Event and signal handlers */
-	struct event		 sc_evsigint;
-	struct event		 sc_evsigterm;
-	struct event		 sc_evsigchld;
-	struct event		 sc_evsighup;
-	struct event		 sc_evsigpipe;
+/* initially control.h */
+struct control_sock {
+	const char	*cs_name;
+	struct event	 cs_ev;
+	int		 cs_fd;
+	int		 cs_restricted;
+	void		*cs_env;
 };
 
-#define RELAYD_OPT_VERBOSE		0x01
-#define RELAYD_OPT_NOACTION		0x04
-#define RELAYD_OPT_LOGUPDATE		0x08
-#define RELAYD_OPT_LOGNOTIFY		0x10
-#define RELAYD_OPT_LOGALL		0x18
-
-/* initially control.h */
 struct {
 	struct event	 ev;
 	int		 fd;
@@ -722,14 +668,22 @@ enum blockmodes {
 	BM_NONBLOCK
 };
 
+
 struct imsgev {
 	struct imsgbuf		 ibuf;
 	void			(*handler)(int, short, void *);
 	struct event		 ev;
+	struct privsep_proc	*proc;
 	void			*data;
 	short			 events;
 };
 
+#define IMSG_SIZE_CHECK(imsg, p) do {				\
+	if (IMSG_DATA_SIZE(imsg) < sizeof(*p))			\
+		fatalx("bad length imsg received");		\
+} while (0)
+#define IMSG_DATA_SIZE(imsg)	((imsg)->hdr.len - IMSG_HEADER_SIZE)
+
 struct ctl_conn {
 	TAILQ_ENTRY(ctl_conn)	 entry;
 	u_int8_t		 flags;
@@ -743,6 +697,7 @@ enum imsg_type {
 	IMSG_NONE,
 	IMSG_CTL_OK,		/* answer to relayctl requests */
 	IMSG_CTL_FAIL,
+	IMSG_CTL_VERBOSE,
 	IMSG_CTL_END,
 	IMSG_CTL_RDR,
 	IMSG_CTL_TABLE,
@@ -767,7 +722,6 @@ enum imsg_type {
 	IMSG_CTL_NOTIFY,
 	IMSG_CTL_RDR_STATS,
 	IMSG_CTL_RELAY_STATS,
-	IMSG_CTL_LOG_VERBOSE,
 	IMSG_RDR_ENABLE,	/* notifies from pfe to hce */
 	IMSG_RDR_DISABLE,
 	IMSG_TABLE_ENABLE,
@@ -798,15 +752,113 @@ enum imsg_type {
 	IMSG_RTMSG		/* from pfe to parent */
 };
 
-/* control.c */
-int	control_init(void);
-int	control_listen(struct relayd *, struct imsgev *, struct imsgev *);
-void    control_accept(int, short, void *);
-void    control_dispatch_imsg(int, short, void *);
-void	control_imsg_forward(struct imsg *);
-void    control_cleanup(void);
+enum privsep_procid {
+	PROC_PARENT	= 0,
+	PROC_PFE,
+	PROC_HCE,
+	PROC_RELAY,
+	PROC_MAX
+} privsep_process;
+
+/* Attach the control socket to the following process */
+#define PROC_CONTROL	PROC_PFE
+
+struct privsep {
+	int				*ps_pipes[PROC_MAX][PROC_MAX];
+	struct imsgev			*ps_ievs[PROC_MAX];
+	const char			*ps_title[PROC_MAX];
+	pid_t				 ps_pid[PROC_MAX];
 
-void    session_socket_blockmode(int, enum blockmodes);
+	u_int				 ps_instances[PROC_MAX];
+	u_int				 ps_instance;
+
+	struct control_sock		 ps_csock;
+
+	/* Event and signal handlers */
+	struct event			 ps_evsigint;
+	struct event			 ps_evsigterm;
+	struct event			 ps_evsigchld;
+	struct event			 ps_evsighup;
+	struct event			 ps_evsigpipe;
+
+	struct passwd			*ps_pw;
+	struct relayd			*ps_env;
+};
+
+struct privsep_proc {
+	const char		*p_title;
+	enum privsep_procid	 p_id;
+	int			(*p_cb)(int, struct privsep_proc *,
+				    struct imsg *);
+	pid_t			(*p_init)(struct privsep *,
+				    struct privsep_proc *);
+	void			(*p_shutdown)(void);
+	u_int			 p_instance;
+	const char		*p_chroot;
+	struct privsep		*p_ps;
+	struct relayd		*p_env;
+};
+
+struct relayd {
+	u_int8_t		 sc_opts;
+	u_int32_t		 sc_flags;
+	const char		*sc_confpath;
+	struct pfdata		*sc_pf;
+	int			 sc_rtsock;
+	int			 sc_rtseq;
+	int			 sc_tablecount;
+	int			 sc_rdrcount;
+	int			 sc_protocount;
+	int			 sc_relaycount;
+	int			 sc_routercount;
+	int			 sc_routecount;
+	struct timeval		 sc_interval;
+	struct timeval		 sc_timeout;
+	struct table		 sc_empty_table;
+	struct protocol		 sc_proto_default;
+	struct event		 sc_ev;
+	struct tablelist	*sc_tables;
+	struct rdrlist		*sc_rdrs;
+	struct protolist	*sc_protos;
+	struct relaylist	*sc_relays;
+	struct routerlist	*sc_rts;
+	struct netroutelist	*sc_routes;
+	u_int16_t		 sc_prefork_relay;
+	char			 sc_demote_group[IFNAMSIZ];
+	u_int16_t		 sc_id;
+
+	struct event		 sc_statev;
+	struct timeval		 sc_statinterval;
+
+	int			 sc_snmp;
+	struct event		 sc_snmpto;
+	struct event		 sc_snmpev;
+
+	int			 sc_has_icmp;
+	int			 sc_has_icmp6;
+	struct ctl_icmp_event	 sc_icmp_send;
+	struct ctl_icmp_event	 sc_icmp_recv;
+	struct ctl_icmp_event	 sc_icmp6_send;
+	struct ctl_icmp_event	 sc_icmp6_recv;
+
+	struct privsep		*sc_ps;
+};
+
+#define RELAYD_OPT_VERBOSE		0x01
+#define RELAYD_OPT_NOACTION		0x04
+#define RELAYD_OPT_LOGUPDATE		0x08
+#define RELAYD_OPT_LOGNOTIFY		0x10
+#define RELAYD_OPT_LOGALL		0x18
+
+/* control.c */
+int	 control_init(struct privsep *, struct control_sock *);
+int	 control_listen(struct control_sock *);
+void	 control_cleanup(struct control_sock *);
+void	 control_dispatch_imsg(int, short, void *);
+void	 control_imsg_forward(struct imsg *);
+struct ctl_conn	*
+	 control_connbyfd(int);
+void	 socket_set_blockmode(int, enum blockmodes);
 
 extern  struct ctl_connlist ctl_conns;
 
@@ -826,8 +878,7 @@ const char *printb_flags(const u_int32_t, const char *);
 
 
 /* pfe.c */
-pid_t	 pfe(struct relayd *, int [2], int [2], int [RELAY_MAXPROC][2],
-	    int [2], int [RELAY_MAXPROC][2]);
+pid_t	 pfe(struct privsep *, struct privsep_proc *);
 void	 show(struct ctl_conn *);
 void	 show_sessions(struct ctl_conn *);
 int	 enable_rdr(struct ctl_conn *, struct ctl_id *);
@@ -854,13 +905,11 @@ void	 sync_routes(struct relayd *, struct router *);
 int	 pfe_route(struct relayd *, struct ctl_netroute *);
 
 /* hce.c */
-pid_t	 hce(struct relayd *, int [2], int [2], int [RELAY_MAXPROC][2],
-	    int [2], int [RELAY_MAXPROC][2]);
+pid_t	 hce(struct privsep *, struct privsep_proc *);
 void	 hce_notify_done(struct host *, enum host_error);
 
 /* relay.c */
-pid_t	 relay(struct relayd *, int [2], int [2], int [RELAY_MAXPROC][2],
-	    int [2], int [RELAY_MAXPROC][2]);
+pid_t	 relay(struct privsep *, struct privsep_proc *);
 void	 relay_notify_done(struct host *, const char *);
 int	 relay_session_cmp(struct rsession *, struct rsession *);
 int	 relay_load_certfiles(struct relay *);
@@ -893,7 +942,7 @@ void	 check_icmp(struct relayd *, struct timeval *);
 void	 check_tcp(struct ctl_tcp_event *);
 
 /* check_script.c */
-void	 check_script(struct host *);
+void	 check_script(struct relayd *, struct host *);
 void	 script_done(struct relayd *, struct ctl_script *);
 int	 script_exec(struct relayd *, struct ctl_script *);
 
@@ -958,9 +1007,9 @@ void		 pn_unref(u_int16_t);
 void		 pn_ref(u_int16_t);
 
 /* snmp.c */
-void	 snmp_init(struct relayd *, struct imsgev *);
-int	 snmp_sendsock(struct imsgev *);
-void	 snmp_hosttrap(struct table *, struct host *);
+void	 snmp_init(struct relayd *, enum privsep_procid);
+int	 snmp_sendsock(struct relayd *, enum privsep_procid);
+void	 snmp_hosttrap(struct relayd *, struct table *, struct host *);
 
 /* shuffle.c */
 void		shuffle_init(struct shuffle *);
@@ -975,3 +1024,26 @@ void	log_info(const char *, ...);
 void	log_debug(const char *, ...);
 __dead void fatal(const char *);
 __dead void fatalx(const char *);
+
+/* proc.c */
+void	 proc_init(struct privsep *, struct privsep_proc *, u_int);
+void	 proc_kill(struct privsep *);
+void	 proc_config(struct privsep *, struct privsep_proc *, u_int);
+void	 proc_dispatch(int, short event, void *);
+pid_t	 proc_run(struct privsep *, struct privsep_proc *,
+	    struct privsep_proc *, u_int,
+	    void (*)(struct privsep *, struct privsep_proc *, void *), void *);
+int	 proc_compose_imsg(struct privsep *, enum privsep_procid, int,
+	    u_int16_t, int, void *, u_int16_t);
+int	 proc_composev_imsg(struct privsep *, enum privsep_procid, int,
+	    u_int16_t, int, const struct iovec *, int);
+int	 proc_forward_imsg(struct privsep *, struct imsg *,
+	    enum privsep_procid, int);
+void	 proc_flush_imsg(struct privsep *, enum privsep_procid, int);
+struct imsgbuf *
+	 proc_ibuf(struct privsep *, enum privsep_procid, int);
+void	 imsg_event_add(struct imsgev *);
+int	 imsg_compose_event(struct imsgev *, u_int16_t, u_int32_t,
+	    pid_t, int, void *, u_int16_t);
+int	 imsg_composev_event(struct imsgev *, u_int16_t, u_int32_t,
+	    pid_t, int, const struct iovec *, int);