/*	$OpenBSD: monitor.c,v 1.22 2017/05/21 02:37:52 deraadt Exp $	*/

/*
 * Copyright (c) 2005 H�kan Olsson.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include <sys/types.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/sysctl.h>
#include <sys/queue.h>
#include <sys/wait.h>
#include <sys/un.h>
#include <net/pfkeyv2.h>

#include <errno.h>
#include <fcntl.h>
#include <pwd.h>
#include <signal.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <limits.h>
#include <imsg.h>

#include "types.h"	/* iked imsg types */

#include "monitor.h"
#include "sasyncd.h"

struct m_state {
	pid_t	pid;
	int	s;
} m_state;

volatile sig_atomic_t		sigchld = 0;

static void	got_sigchld(int);
static void	sig_to_child(int);
static void	m_priv_pfkey_snap(int);
static int	m_priv_control_activate(void);
static int	m_priv_control_passivate(void);
static ssize_t	m_write(int, void *, size_t);
static ssize_t	m_read(int, void *, size_t);

pid_t
monitor_init(void)
{
	struct passwd	*pw = getpwnam(SASYNCD_USER);
	extern char	*__progname;
	char		root[PATH_MAX];
	int		p[2];

	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, p) != 0) {
		log_err("%s: socketpair failed - %s", __progname,
		    strerror(errno));
		exit(1);
	}

	if (!pw) {
		log_err("%s: getpwnam(\"%s\") failed", __progname,
		    SASYNCD_USER);
		exit(1);
	}
	strlcpy(root, pw->pw_dir, sizeof root);
	endpwent();

	signal(SIGCHLD, got_sigchld);
	signal(SIGTERM, sig_to_child);
	signal(SIGHUP, sig_to_child);
	signal(SIGINT, sig_to_child);

	m_state.pid = fork();

	if (m_state.pid == -1) {
		log_err("%s: fork failed - %s", __progname, strerror(errno));
		exit(1);
	} else if (m_state.pid == 0) {
		/* Child */
		m_state.s = p[0];
		close(p[1]);

		if (chroot(pw->pw_dir) != 0 || chdir("/") != 0) {
			log_err("%s: chroot failed", __progname);
			exit(1);
		}

		if (setgroups(1, &pw->pw_gid) ||
		    setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
		    setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) {
			log_err("%s: failed to drop privileges", __progname);
			exit(1);
		}
	} else {
		/* Parent */
		setproctitle("[priv]");
		m_state.s = p[1];
		close(p[0]);
	}
	return m_state.pid;
}

static void
got_sigchld(int s)
{
	sigchld = 1;
}

static void
sig_to_child(int s)
{
	if (m_state.pid != -1)
		kill(m_state.pid, s);
}

static void
monitor_drain_input(void)
{
	int		one = 1;
	u_int8_t	tmp;

	ioctl(m_state.s, FIONBIO, &one);
	while (m_read(m_state.s, &tmp, 1) > 0)
		;
	ioctl(m_state.s, FIONBIO, 0);
}

/* We only use privsep to get in-kernel SADB and SPD snapshots via sysctl */
void
monitor_loop(void)
{
	u_int32_t	 v, vn;
	ssize_t		 r;
	fd_set		 rfds;
	int		 ret;
	struct timeval	*tvp, tv;

	FD_ZERO(&rfds);
	tvp = NULL;
	vn = 0;

	for (;;) {
		ret = 0;
		v = 0;

		if (sigchld) {
			pid_t	pid;
			int	status;
			do {
				pid = waitpid(m_state.pid, &status, WNOHANG);
			} while (pid == -1 && errno == EINTR);

			if (pid == m_state.pid &&
			    (WIFEXITED(status) || WIFSIGNALED(status)))
				break;
		}

		FD_SET(m_state.s, &rfds);
		if (select(m_state.s + 1, &rfds, NULL, NULL, tvp) == -1) {
			if (errno == EINTR || errno == EAGAIN)
				continue;
			log_err("monitor_loop: select()");
			break;
		}

		/* Wait for next task */
		if (FD_ISSET(m_state.s, &rfds)) {
			if ((r = m_read(m_state.s, &v, sizeof v)) < 1) {
				if (r == -1)
					log_err("monitor_loop: read()");
				break;
			}
		}

		/* Retry after timeout */
		if (v == 0 && tvp != NULL) {
			v = vn;
			tvp = NULL;
			vn = 0;
		}

		switch (v) {
		case MONITOR_GETSNAP:
			/* Get the data. */
			m_priv_pfkey_snap(m_state.s);
			break;
		case MONITOR_CARPINC:
			carp_demote(CARP_INC, 1);
			break;
		case MONITOR_CARPDEC:
			carp_demote(CARP_DEC, 1);
			break;
		case MONITOR_CONTROL_ACTIVATE:
			ret = m_priv_control_activate();
			break;
		case MONITOR_CONTROL_PASSIVATE:
			ret = m_priv_control_passivate();
			break;
		}

		if (ret == -1) {
			/* Trigger retry after timeout */
			tv.tv_sec = MONITOR_RETRY_TIMEOUT;
			tv.tv_usec = 0;
			tvp = &tv;
			vn = v;
		}
	}

	monitor_carpundemote(NULL);

	if (!sigchld)
		log_msg(0, "monitor_loop: priv process exiting abnormally");
	exit(0);
}

void
monitor_carpundemote(void *v)
{
	u_int32_t mtype = MONITOR_CARPDEC;
	if (!carp_demoted)
		return;
	if (m_write(m_state.s, &mtype, sizeof mtype) < 1)
		log_msg(1, "monitor_carpundemote: unable to write to monitor");
	else
		carp_demoted = 0;
}

void
monitor_carpdemote(void *v)
{
	u_int32_t mtype = MONITOR_CARPINC;
	if (carp_demoted)
		return;
	if (m_write(m_state.s, &mtype, sizeof mtype) < 1)
		log_msg(1, "monitor_carpdemote: unable to write to monitor");
	else
		carp_demoted = 1;
}

int
monitor_get_pfkey_snap(u_int8_t **sadb, u_int32_t *sadbsize, u_int8_t **spd,
    u_int32_t *spdsize)
{
	u_int32_t	v;
	ssize_t		rbytes;

	v = MONITOR_GETSNAP;
	if (m_write(m_state.s, &v, sizeof v) < 1)
		return -1;

	/* Read SADB data. */
	*sadb = *spd = NULL;
	*spdsize = 0;
	if (m_read(m_state.s, sadbsize, sizeof *sadbsize) < 1)
		return -1;
	if (*sadbsize) {
		*sadb = malloc(*sadbsize);
		if (!*sadb) {
			log_err("monitor_get_pfkey_snap: malloc()");
			monitor_drain_input();
			return -1;
		}
		rbytes = m_read(m_state.s, *sadb, *sadbsize);
		if (rbytes < 1) {
			freezero(*sadb, *sadbsize);
			return -1;
		}
	}

	/* Read SPD data */
	if (m_read(m_state.s, spdsize, sizeof *spdsize) < 1) {
		freezero(*sadb, *sadbsize);
		return -1;
	}
	if (*spdsize) {
		*spd = malloc(*spdsize);
		if (!*spd) {
			log_err("monitor_get_pfkey_snap: malloc()");
			monitor_drain_input();
			freezero(*sadb, *sadbsize);
			return -1;
		}
		rbytes = m_read(m_state.s, *spd, *spdsize);
		if (rbytes < 1) {
			freezero(*spd, *spdsize);
			freezero(*sadb, *sadbsize);
			return -1;
		}
	}

	log_msg(2, "monitor_get_pfkey_snap: got %u bytes SADB, %u bytes SPD",
	    *sadbsize, *spdsize);
	return 0;
}

int
monitor_control_active(int active)
{
	u_int32_t	cmd =
	    active ? MONITOR_CONTROL_ACTIVATE : MONITOR_CONTROL_PASSIVATE;
	if (write(m_state.s, &cmd, sizeof cmd) < 1)
		return -1;
	return 0;
}

/* Privileged */
static void
m_priv_pfkey_snap(int s)
{
	u_int8_t	*sadb_buf = NULL, *spd_buf = NULL;
	size_t		 sadb_buflen = 0, spd_buflen = 0, sz;
	int		 mib[5];
	u_int32_t	 v;

	mib[0] = CTL_NET;
	mib[1] = PF_KEY;
	mib[2] = PF_KEY_V2;
	mib[3] = NET_KEY_SADB_DUMP;
	mib[4] = 0; /* Unspec SA type */

	/* First, fetch SADB data */
	for (;;) {
		if (sysctl(mib, sizeof mib / sizeof mib[0], NULL, &sz, NULL, 0)
		    == -1)
			break;

		if (!sz)
			break;

		/* Try to catch newly added data */
		sz *= 2;

		if ((sadb_buf = malloc(sz)) == NULL)
			break;

		if (sysctl(mib, sizeof mib / sizeof mib[0], sadb_buf, &sz, NULL, 0)
		    == -1) {
			free(sadb_buf);
			sadb_buf = NULL;
			/*
			 * If new SAs were added meanwhile and the given buffer is
			 * too small, retry.
			 */
			if (errno == ENOMEM)
				continue;
			break;
		}

		sadb_buflen = sz;
		break;
	}

	/* Next, fetch SPD data */
	mib[3] = NET_KEY_SPD_DUMP;

	for (;;) {
		if (sysctl(mib, sizeof mib / sizeof mib[0], NULL, &sz, NULL, 0)
		    == -1)
			break;

		if (!sz)
			break;

		/* Try to catch newly added data */
		sz *= 2;

		if ((spd_buf = malloc(sz)) == NULL)
			break;

		if (sysctl(mib, sizeof mib / sizeof mib[0], spd_buf, &sz, NULL, 0)
		    == -1) {
			free(spd_buf);
			spd_buf = NULL;
			/*
			 * If new SPDs were added meanwhile and the given buffer is
			 * too small, retry.
			 */
			if (errno == ENOMEM)
				continue;
			break;
		}

		spd_buflen = sz;
		break;
	}

	/* Return SADB data */
	v = (u_int32_t)sadb_buflen;
	if (m_write(s, &v, sizeof v) == -1) {
		log_err("m_priv_pfkey_snap: write");
		goto cleanup;
	}
	if (m_write(s, sadb_buf, sadb_buflen) == -1) {
		log_err("m_priv_pfkey_snap: write");
		goto cleanup;
	}

	/* Return SPD data */
	v = (u_int32_t)spd_buflen;
	if (m_write(s, &v, sizeof v) == -1) {
		log_err("m_priv_pfkey_snap: write");
		goto cleanup;
	}
	if (m_write(s, spd_buf, spd_buflen) == -1) {
		log_err("m_priv_pfkey_snap: write");
		goto cleanup;
	}

cleanup:
	freezero(sadb_buf, sadb_buflen);
	freezero(spd_buf, spd_buflen);
}

static int
m_priv_isakmpd_fifocmd(const char *cmd)
{
	struct stat	sb;
	int		fd = -1, ret = -1;

	if ((fd = open(ISAKMPD_FIFO, O_WRONLY)) == -1) {
		log_err("m_priv_isakmpd_fifocmd: open(%s)", ISAKMPD_FIFO);
		goto out;
	}
	if (fstat(fd, &sb) == -1) {
		log_err("m_priv_isakmpd_fifocmd: fstat(%s)", ISAKMPD_FIFO);
		goto out;
	}
	if (!S_ISFIFO(sb.st_mode)) {
		log_err("m_priv_isakmpd_fifocmd: %s not a fifo", ISAKMPD_FIFO);
		goto out;
	}

	if (write(fd, cmd, strlen(cmd)) == -1) {
		log_err("m_priv_isakmpd_fifocmd write");
		goto out;
	}

	ret = 0;
 out:
	if (fd != -1)
		close(fd);

	return (ret);
}

static int
m_priv_iked_imsg(u_int cmd)
{
	struct sockaddr_un	 sun;
	int			 fd = -1, ret = -1;
	struct imsgbuf		 ibuf;

	if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
		log_err("m_priv_iked_imsg: socket");
		goto out;
	}

	bzero(&sun, sizeof(sun));
	sun.sun_family = AF_UNIX;
	strlcpy(sun.sun_path, IKED_SOCKET, sizeof(sun.sun_path));

	if (connect(fd, (struct sockaddr *)&sun, sizeof(sun)) == -1) {
		log_err("m_priv_iked_imsg: connect");
		goto out;				
	}

	imsg_init(&ibuf, fd);
	if (imsg_compose(&ibuf, cmd, 0, 0, -1, NULL, 0) == -1) {
		log_err("m_priv_iked_imsg: compose");
		goto err;
	}
	if (imsg_flush(&ibuf) == -1) {
		log_err("m_priv_iked_imsg: flush");
		goto err;
	}

	ret = 0;
 err:
	imsg_clear(&ibuf);
 out:
	if (fd != -1)
		close(fd);

	return (ret);
}

static int
m_priv_control_activate(void)
{
	if (cfgstate.flags & CTL_ISAKMPD)
		if (m_priv_isakmpd_fifocmd("M active\n") == -1)
			return (-1);
	if (cfgstate.flags & CTL_IKED)
		if (m_priv_iked_imsg(IMSG_CTL_ACTIVE) == -1)
			return (-1);
	return (0);
}

static int
m_priv_control_passivate(void)
{
	if (cfgstate.flags & CTL_ISAKMPD)
		if (m_priv_isakmpd_fifocmd("M passive\n") == -1)
			return (-1);
	if (cfgstate.flags & CTL_IKED)
		if (m_priv_iked_imsg(IMSG_CTL_PASSIVE) == -1)
			return (-1);
	return (0);
}

ssize_t
m_write(int sock, void *buf, size_t len)
{
	ssize_t n;
	size_t pos = 0;
	char *ptr = buf;

	while (len > pos) {
		switch (n = write(sock, ptr + pos, len - pos)) {
		case -1:
			if (errno == EINTR || errno == EAGAIN)
				continue;
			/* FALLTHROUGH */
		case 0:
			return n;
			/* NOTREACHED */
		default:
			pos += n;
		}
	}
	return pos;
}

ssize_t
m_read(int sock, void *buf, size_t len)
{
	ssize_t n;
	size_t pos = 0;
	char *ptr = buf;

	while (len > pos) {
		switch (n = read(sock, ptr + pos, len - pos)) {
		case -1:
			if (errno == EINTR || errno == EAGAIN)
				continue;
			/* FALLTHROUGH */
		case 0:
			return n;
			/* NOTREACHED */
		default:
			pos += n;
		}
	}
	return pos;
}