diff options
| -rw-r--r-- | src/forward.c | 2 | ||||
| -rw-r--r-- | src/jail.c | 65 | ||||
| -rw-r--r-- | src/jail.h | 7 | ||||
| -rw-r--r-- | src/main.c | 12 | ||||
| -rw-r--r-- | src/server.c | 4 | ||||
| -rw-r--r-- | src/server.h | 2 | ||||
| -rw-r--r-- | src/utils.c | 6 |
7 files changed, 78 insertions, 20 deletions
diff --git a/src/forward.c b/src/forward.c index f12a6f8..6ab7de5 100644 --- a/src/forward.c +++ b/src/forward.c @@ -32,10 +32,12 @@ int fwd_setup(forward_ctx *ctx, const char *host, const char *port) E_GAIERR(s, "Could not initialise forward socket"); return 1; } + if (!ctx->fwd_cbs.on_listen) return 1; if (ctx->fwd_cbs.on_listen(ctx, host, port)) return 1; + if (socket_connect_in(&ctx->sock, &fwd_addr)) { E_STRERR("Connection to forward socket"); return 1; @@ -3,9 +3,11 @@ #include <sched.h> #include <signal.h> #include <sys/epoll.h> +#include <sys/prctl.h> #include <assert.h> #include "jail.h" +#include "socket.h" #include "utils.h" #include "log.h" @@ -13,7 +15,7 @@ static int jail_daemonfn(jail_ctx *ctx); static int jail_childfn(void *arg); -void jail_init(jail_ctx **ctx, size_t stacksize) +void jail_init_ctx(jail_ctx **ctx, size_t stacksize) { assert(ctx); if (stacksize > BUFSIZ) @@ -27,6 +29,43 @@ void jail_init(jail_ctx **ctx, size_t stacksize) (*ctx)->stack_beg = (unsigned char *) (*ctx)->stack_ptr + (*ctx)->stacksize; + assert( (*ctx)->stack_ptr ); +} + +int jail_setup(jail_ctx *ctx, + const char *listen_addr, const char *listen_port) +{ + int s; + struct addrinfo *srv_addr = NULL; + + assert(ctx); + assert(listen_addr || listen_port); + + D2("Try to listen on %s:%s", + (listen_addr ? listen_addr : "*"), listen_port); + s = socket_init_in(listen_addr, listen_port, &srv_addr); + if (s) { + E_GAIERR(s, "Could not initialise server socket"); + return 1; + } + if (socket_bind_in(&ctx->sock, &srv_addr)) { + E_STRERR("Could not bind server socket"); + return 1; + } + if (socket_listen_in(&ctx->sock)) { + E_STRERR("Could not listen on server socket"); + return 1; + } + + return 0; +} + +int jail_validate_ctx(const jail_ctx *ctx) +{ + assert(ctx); + assert(ctx->sock.addr_len > 0); + + return 0; } void jail_free(jail_ctx **ctx) @@ -38,7 +77,15 @@ void jail_free(jail_ctx **ctx) int jail_daemonize(jail_ctx *ctx) { + int s; + assert(ctx); + s = socket_addrtostr_in(&ctx->sock, + ctx->host_buf, ctx->service_buf); + if (s) { + E_GAIERR(s, "Could not initialise jail daemon socket"); + return 1; + } ctx->jail_pid = fork(); switch (ctx->jail_pid) { @@ -64,6 +111,7 @@ static int jail_daemonfn(jail_ctx *ctx) assert(ctx); set_procname("[potd] jaild"); assert( set_child_sighandler() == 0 ); + assert( signal(SIGCHLD, SIG_IGN) != SIG_ERR ); fd = epoll_create1(0); if (fd < 0) { @@ -72,7 +120,7 @@ static int jail_daemonfn(jail_ctx *ctx) } while (1) { ctx->jail_pid = clone(jail_childfn, ctx->stack_beg, - SIGCHLD|clone_flags, ctx); + SIGCHLD|clone_flags, NULL); sleep(1); printf("---\n"); } @@ -82,9 +130,14 @@ static int jail_daemonfn(jail_ctx *ctx) static int jail_childfn(void *arg) { + (void) arg; + + if (prctl(PR_SET_PDEATHSIG, SIGKILL) != 0) { + E_STRERR("Jail child prctl"); + return 1; + } printf("----> CHILD FN <----\n"); - FILE *log = fopen("./test.log", "wb"); - fprintf(log, "---> CHILD FN <----\n"); - sleep(200); - return 0; + sleep(10); + + exit(EXIT_SUCCESS); } @@ -18,7 +18,12 @@ typedef struct jail_ctx { } jail_ctx; -void jail_init(jail_ctx **ctx, size_t stacksize); +void jail_init_ctx(jail_ctx **ctx, size_t stacksize); + +int jail_setup(jail_ctx *ctx, + const char *listen_addr, const char *listen_port); + +int jail_validate_ctx(const jail_ctx *ctx); void jail_free(jail_ctx **ctx); @@ -42,7 +42,11 @@ int main(int argc, char *argv[]) } { - jail_init(&jail, BUFSIZ); + jail_init_ctx(&jail, MAX_STACKSIZE); + ABORT_ON_FATAL( jail_setup(jail, "127.0.0.1", "33333"), + "Jail daemon setup" ); + ABORT_ON_FATAL( jail_validate_ctx(jail), + "Jail validation" ); ABORT_ON_FATAL( jail_daemonize(jail), "Jail daemon startup" ); } @@ -64,8 +68,7 @@ int main(int argc, char *argv[]) for (size_t i = 0; i < srv_siz; ++i) { D("Initialising redirector service on port %s", ssh_ports[i]); - ABORT_ON_FATAL( server_init_ctx(&srv[i], ssh_fwd), - "Server initialisation" ); + server_init_ctx(&srv[i], ssh_fwd); ABORT_ON_FATAL( server_setup(srv[i], NULL, ssh_ports[i]), "Server setup" ); ABORT_ON_FATAL( server_validate_ctx(srv[i]), @@ -77,6 +80,9 @@ int main(int argc, char *argv[]) D2("epoll_fd: %d", epoll_fd); ABORT_ON_FATAL( epoll_fd < 0, "Server epoll setup" ); + ABORT_ON_FATAL( setgid(65534), "Change group" ); + ABORT_ON_FATAL( setuid(65534), "Change user" ); + N("%s", "Server epoll mainloop"); ABORT_ON_FATAL( server_mainloop_epoll( epoll_fd, srv, srv_siz ), "Server epoll mainloop" ); diff --git a/src/server.c b/src/server.c index 9da5407..49837e6 100644 --- a/src/server.c +++ b/src/server.c @@ -31,7 +31,7 @@ static connection_state client_io_epoll(struct epoll_event *ev, int dest_fd); -int server_init_ctx(server_ctx **ctx, forward_ctx *fwd_ctx) +void server_init_ctx(server_ctx **ctx, forward_ctx *fwd_ctx) { assert(ctx && fwd_ctx); if (!*ctx) @@ -40,8 +40,6 @@ int server_init_ctx(server_ctx **ctx, forward_ctx *fwd_ctx) memset(*ctx, 0, sizeof(**ctx)); (*ctx)->fwd_ctx = fwd_ctx; - - return 0; } int server_setup(server_ctx *ctx, diff --git a/src/server.h b/src/server.h index 2460507..c1a64e0 100644 --- a/src/server.h +++ b/src/server.h @@ -14,7 +14,7 @@ typedef struct server_ctx { } server_ctx; -int server_init_ctx(server_ctx **ctx, forward_ctx *fwd_ctx); +void server_init_ctx(server_ctx **ctx, forward_ctx *fwd_ctx); int server_setup(server_ctx *ctx, const char *listen_addr, const char *listen_port); diff --git a/src/utils.c b/src/utils.c index 10ec2af..a5fa5a9 100644 --- a/src/utils.c +++ b/src/utils.c @@ -31,7 +31,6 @@ static void sighandler_child(int signo) int set_child_sighandler(void) { - /* not portable */ if (prctl(PR_SET_PDEATHSIG, SIGHUP) != 0) return 1; return signal(SIGHUP, sighandler_child) == SIG_ERR; @@ -70,11 +69,6 @@ pid_t daemonize(int stay_foreground) exit(EXIT_FAILURE); } - /* Catch, ignore and handle signals */ - //TODO: Implement a working signal handler */ - //signal(SIGCHLD, SIG_IGN); - //signal(SIGHUP, SIG_IGN); - /* Fork off for the second time*/ if (!stay_foreground) { pid = fork(); |