rdelaage
/
gmid
mirror of https://github.com/omar-polo/gmid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: rdelaage:6bce8180d96c2e1076bd131572979aae54a2fa9f
Branches Tags
rdelaage:master
rdelaage:nix
rdelaage:imsg-test
rdelaage:1.8
rdelaage:2.0.2
rdelaage:2.0.1
rdelaage:2.0
rdelaage:1.8.6
rdelaage:1.8.5
rdelaage:1.8.4
rdelaage:1.8.3
rdelaage:1.8.2
rdelaage:1.8.1
rdelaage:1.8
rdelaage:1.7.5
rdelaage:1.7.4
rdelaage:1.7.3
rdelaage:1.7.2
rdelaage:1.7.1
rdelaage:1.7
rdelaage:1.6.2
rdelaage:v1.6.1
rdelaage:v1.6
rdelaage:v1.5
rdelaage:1.4.1
rdelaage:1.4
rdelaage:1.3.2
rdelaage:1.3.1
rdelaage:1.3
rdelaage:1.2
rdelaage:1.1
rdelaage:1.0
...
compare: rdelaage:2a822b03ba21a85012e996136836519dd79c2aa6
Branches Tags
rdelaage:master
rdelaage:nix
rdelaage:imsg-test
rdelaage:1.8
rdelaage:2.0.2
rdelaage:2.0.1
rdelaage:2.0
rdelaage:1.8.6
rdelaage:1.8.5
rdelaage:1.8.4
rdelaage:1.8.3
rdelaage:1.8.2
rdelaage:1.8.1
rdelaage:1.8
rdelaage:1.7.5
rdelaage:1.7.4
rdelaage:1.7.3
rdelaage:1.7.2
rdelaage:1.7.1
rdelaage:1.7
rdelaage:1.6.2
rdelaage:v1.6.1
rdelaage:v1.6
rdelaage:v1.5
rdelaage:1.4.1
rdelaage:1.4
rdelaage:1.3.2
rdelaage:1.3.1
rdelaage:1.3
rdelaage:1.2
rdelaage:1.1
rdelaage:1.0

7 Commits
6bce8180d9 ... 2a822b03ba

Author SHA1 Message Date
Omar Polo 2a822b03ba please macos 
for some reason that's not entirely clear to me, __dead doesn't
seem to work on macos, so clang thinks datalen is used un-initialized.

meh
 2024-01-21 12:53:01 +00:00
Omar Polo 3f16db6263 update imsg test: gmid now requires the new API too 2024-01-21 12:35:46 +00:00
Omar Polo 561b9f0067 convert crypto.c to the new imsg API 2024-01-21 12:33:33 +00:00
Omar Polo aa2cb5c274 rename ibuf to imsgbuf in crypto 
soon we'll be using a struct ibuf and it'll be confusing.
 2024-01-21 12:27:42 +00:00
Omar Polo 63e6b0bd0c remove proc_forward_imsg since it's unused 2024-01-21 12:23:28 +00:00
Omar Polo 6dec2ad700 convert most of gmid to the new imsg APIs 
Makes parsing and handling of imsgs simpler / clearer.  only crypto.c
is left as-is.
 2024-01-21 12:23:28 +00:00
Omar Polo b03e976aa2 convert to use imsg_get_fd() 
since proc_forward_imsg() never forwards a file descriptor (it's
never called actually) just use -1 there.
 2024-01-21 12:23:16 +00:00
6 changed files with 89 additions and 107 deletions
Show Stats Expand all files Collapse all files

90
config.c
View File

@ -474,10 +474,11 @@ config_crypto_recv_kp(struct conf *conf, struct imsg *imsg)
static struct pki *pki;
uint8_t *d;
size_t len;
int fd;
/* XXX: check for duplicates */
if (imsg->fd == -1)
if ((fd = imsg_get_fd(imsg)) == -1)
fatalx("no fd for imsg %d", imsg->hdr.type);
switch (imsg->hdr.type) {
@ -486,7 +487,7 @@ config_crypto_recv_kp(struct conf *conf, struct imsg *imsg)
fatalx("imsg in wrong order; pki is not NULL");
if ((pki = calloc(1, sizeof(*pki))) == NULL)
fatal("calloc");
if (load_file(imsg->fd, &d, &len) == -1)
if (load_file(fd, &d, &len) == -1)
fatalx("can't load file");
if ((pki->hash = ssl_pubkey_hash(d, len)) == NULL)
fatalx("failed to compute cert hash");
@ -498,7 +499,7 @@ config_crypto_recv_kp(struct conf *conf, struct imsg *imsg)
if (pki == NULL)
fatalx("got key without cert beforehand %d",
imsg->hdr.type);
if (load_file(imsg->fd, &d, &len) == -1)
if (load_file(fd, &d, &len) == -1)
fatalx("failed to load private key");
if ((pki->pkey = ssl_load_pkey(d, len)) == NULL)
fatalx("failed load private key");
@ -529,9 +530,8 @@ config_recv(struct conf *conf, struct imsg *imsg)
struct proxy *proxy;
struct address *addr;
uint8_t *d;
size_t len, datalen;
datalen = IMSG_DATA_SIZE(imsg);
size_t len;
int fd;
switch (imsg->hdr.type) {
case IMSG_RECONF_START:
@ -541,13 +541,14 @@ config_recv(struct conf *conf, struct imsg *imsg)
break;
case IMSG_RECONF_LOG_FMT:
IMSG_SIZE_CHECK(imsg, &conf->log_format);
memcpy(&conf->log_format, imsg->data, datalen);
if (imsg_get_data(imsg, &conf->log_format,
sizeof(conf->log_format)) == -1)
fatalx("bad length imsg LOG_FMT");
break;
case IMSG_RECONF_MIME:
IMSG_SIZE_CHECK(imsg, &m);
memcpy(&m, imsg->data, datalen);
if (imsg_get_data(imsg, &m, sizeof(m)) == -1)
fatalx("bad length imsg RECONF_MIME");
if (m.mime[sizeof(m.mime) - 1] != '\0' ||
m.ext[sizeof(m.ext) - 1] != '\0')
fatal("received corrupted IMSG_RECONF_MIME");
@ -557,18 +558,19 @@ config_recv(struct conf *conf, struct imsg *imsg)
break;
case IMSG_RECONF_PROTOS:
IMSG_SIZE_CHECK(imsg, &conf->protos);
memcpy(&conf->protos, imsg->data, datalen);
if (imsg_get_data(imsg, &conf->protos, sizeof(conf->protos))
== -1)
fatalx("bad length imsg RECONF_PROTOS");
break;
case IMSG_RECONF_SOCK:
addr = xcalloc(1, sizeof(*addr));
IMSG_SIZE_CHECK(imsg, addr);
memcpy(addr, imsg->data, sizeof(*addr));
if (imsg->fd == -1)
if (imsg_get_data(imsg, addr, sizeof(*addr)) == -1)
fatalx("bad length imsg RECONF_SOCK");
if ((fd = imsg_get_fd(imsg)) == -1)
fatalx("missing socket for IMSG_RECONF_SOCK");
addr->conf = conf;
addr->sock = imsg->fd;
addr->sock = fd;
event_set(&addr->evsock, addr->sock, EV_READ|EV_PERSIST,
server_accept, addr);
if ((addr->ctx = tls_server()) == NULL)
@ -577,16 +579,16 @@ config_recv(struct conf *conf, struct imsg *imsg)
break;
case IMSG_RECONF_FCGI:
IMSG_SIZE_CHECK(imsg, fcgi);
fcgi = xcalloc(1, sizeof(*fcgi));
memcpy(fcgi, imsg->data, datalen);
if (imsg_get_data(imsg, fcgi, sizeof(*fcgi)) == -1)
fatalx("bad length imsg RECONF_FCGI");
log_debug("received fcgi %s", fcgi->path);
TAILQ_INSERT_TAIL(&conf->fcgi, fcgi, fcgi);
break;
case IMSG_RECONF_HOST:
IMSG_SIZE_CHECK(imsg, &vht);
memcpy(&vht, imsg->data, datalen);
if (imsg_get_data(imsg, &vht, sizeof(vht)) == -1)
fatalx("bad length imsg RECONF_HOST");
vh = new_vhost();
strlcpy(vh->domain, vht.domain, sizeof(vh->domain));
h = vh;
@ -605,9 +607,9 @@ config_recv(struct conf *conf, struct imsg *imsg)
fatalx("recv'd cert without host");
if (h->cert != NULL)
fatalx("cert already received");
if (imsg->fd == -1)
if ((fd = imsg_get_fd(imsg)) == -1)
fatalx("no fd for IMSG_RECONF_CERT");
if (load_file(imsg->fd, &h->cert, &h->certlen) == -1)
if (load_file(fd, &h->cert, &h->certlen) == -1)
fatalx("failed to load cert for %s",
h->domain);
break;
@ -620,9 +622,9 @@ config_recv(struct conf *conf, struct imsg *imsg)
fatalx("recv'd key without host");
if (h->key != NULL)
fatalx("key already received");
if (imsg->fd == -1)
if ((fd = imsg_get_fd(imsg)) == -1)
fatalx("no fd for IMSG_RECONF_KEY");
if (load_file(imsg->fd, &h->key, &h->keylen) == -1)
if (load_file(fd, &h->key, &h->keylen) == -1)
fatalx("failed to load key for %s",
h->domain);
break;
@ -633,9 +635,9 @@ config_recv(struct conf *conf, struct imsg *imsg)
fatalx("recv'd ocsp without host");
if (h->ocsp != NULL)
fatalx("ocsp already received");
if (imsg->fd == -1)
if ((fd = imsg_get_fd(imsg)) == -1)
fatalx("no fd for IMSG_RECONF_OCSP");
if (load_file(imsg->fd, &h->ocsp, &h->ocsplen) == -1)
if (load_file(fd, &h->ocsp, &h->ocsplen) == -1)
fatalx("failed to load ocsp for %s",
h->domain);
break;
@ -644,22 +646,22 @@ config_recv(struct conf *conf, struct imsg *imsg)
log_debug("receiving host addr");
if (h == NULL)
fatalx("recv'd host address withouth host");
IMSG_SIZE_CHECK(imsg, addr);
addr = xcalloc(1, sizeof(*addr));
memcpy(addr, imsg->data, datalen);
if (imsg_get_data(imsg, addr, sizeof(*addr)) == -1)
fatalx("bad length imsg RECONF_HOST_ADDR");
TAILQ_INSERT_TAIL(&h->addrs, addr, addrs);
break;
case IMSG_RECONF_LOC:
if (h == NULL)
fatalx("recv'd location without host");
IMSG_SIZE_CHECK(imsg, loc);
loc = xcalloc(1, sizeof(*loc));
memcpy(loc, imsg->data, datalen);
if (imsg_get_data(imsg, loc, sizeof(*loc)) == -1)
fatalx("bad length imsg RECONF_LOC");
TAILQ_INIT(&loc->params);
if (imsg->fd != -1) {
if (load_file(imsg->fd, &d, &len) == -1)
if ((fd = imsg_get_fd(imsg)) != -1) {
if (load_file(fd, &d, &len) == -1)
fatal("load_file");
loc->reqca = load_ca(d, len);
if (loc->reqca == NULL)
@ -674,18 +676,18 @@ config_recv(struct conf *conf, struct imsg *imsg)
case IMSG_RECONF_ENV:
if (l == NULL)
fatalx("recv'd env without location");
IMSG_SIZE_CHECK(imsg, env);
env = xcalloc(1, sizeof(*env));
memcpy(env, imsg->data, datalen);
if (imsg_get_data(imsg, env, sizeof(*env)) == -1)
fatalx("bad length imsg RECONF_ENV");
TAILQ_INSERT_TAIL(&l->params, env, envs);
break;
case IMSG_RECONF_ALIAS:
if (h == NULL)
fatalx("recv'd alias without host");
IMSG_SIZE_CHECK(imsg, alias);
alias = xcalloc(1, sizeof(*alias));
memcpy(alias, imsg->data, datalen);
if (imsg_get_data(imsg, alias, sizeof(*alias)) == -1)
fatalx("bad length imsg RECONF_ALIAS");
TAILQ_INSERT_TAIL(&h->aliases, alias, aliases);
break;
@ -693,12 +695,12 @@ config_recv(struct conf *conf, struct imsg *imsg)
log_debug("receiving proxy");
if (h == NULL)
fatalx("recv'd proxy without host");
IMSG_SIZE_CHECK(imsg, proxy);
proxy = xcalloc(1, sizeof(*proxy));
memcpy(proxy, imsg->data, datalen);
if (imsg_get_data(imsg, proxy, sizeof(*proxy)) == -1)
fatalx("bad length imsg RECONF_PROXY");
if (imsg->fd != -1) {
if (load_file(imsg->fd, &d, &len) == -1)
if ((fd = imsg_get_fd(imsg)) != -1) {
if (load_file(fd, &d, &len) == -1)
fatal("load_file");
proxy->reqca = load_ca(d, len);
if (proxy->reqca == NULL)
@ -716,9 +718,9 @@ config_recv(struct conf *conf, struct imsg *imsg)
fatalx("recv'd proxy cert without proxy");
if (p->cert != NULL)
fatalx("proxy cert already received");
if (imsg->fd == -1)
if ((fd = imsg_get_fd(imsg)) == -1)
fatalx("no fd for IMSG_RECONF_PROXY_CERT");
if (load_file(imsg->fd, &p->cert, &p->certlen) == -1)
if (load_file(fd, &p->cert, &p->certlen) == -1)
fatalx("failed to load cert for proxy %s of %s",
p->host, h->domain);
break;
@ -729,9 +731,9 @@ config_recv(struct conf *conf, struct imsg *imsg)
fatalx("recv'd proxy key without proxy");
if (p->key != NULL)
fatalx("proxy key already received");
if (imsg->fd == -1)
if ((fd = imsg_get_fd(imsg)) == -1)
fatalx("no fd for IMSG_RECONF_PROXY_KEY");
if (load_file(imsg->fd, &p->key, &p->keylen) == -1)
if (load_file(fd, &p->key, &p->keylen) == -1)
fatalx("failed to load key for proxy %s of %s",
p->host, h->domain);
break;

66
crypto.c
View File

@ -251,14 +251,13 @@ rsae_send_imsg(int flen, const unsigned char *from, unsigned char *to,
struct imsgev *iev;
struct privsep_proc *p;
struct privsep *ps = conf->ps;
struct imsgbuf *ibuf;
struct imsgbuf *imsgbuf;
struct imsg imsg;
struct ibuf ibuf;
int ret = 0;
int n, done = 0;
const void *toptr;
char *hash;
unsigned char *data;
size_t datalen;
if ((hash = RSA_get_ex_data(rsa, 0)) == NULL)
return (0);
@ -289,56 +288,52 @@ rsae_send_imsg(int flen, const unsigned char *from, unsigned char *to,
iev = ps->ps_ievs[PROC_CRYPTO];
p = iev->proc;
ibuf = &iev->ibuf;
imsgbuf = &iev->ibuf;
while (!done) {
if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
if ((n = imsg_read(imsgbuf)) == -1 && errno != EAGAIN)
fatalx("imsg_read");
if (n == 0)
fatalx("pipe closed");
while (!done) {
if ((n = imsg_get(ibuf, &imsg)) == -1)
if ((n = imsg_get(imsgbuf, &imsg)) == -1)
fatalx("imsg_get error");
if (n == 0)
break;
#if DEBUG > 1
log_debug(
"%s: %s %d got imsg %d peerid %d from %s %d",
__func__, title, 1, imsg.hdr.type,
imsg.hdr.peerid, "crypto", imsg.hdr.pid);
"%s: %s %d got imsg %d id %d from %s %d",
__func__, title, 1, imsg_get_type(&imsg),
imsg_get_id(&imsg), "crypto", imsg_get_pid(&imsg));
#endif
if ((p->p_cb)(ibuf->fd, p, &imsg) == 0) {
if ((p->p_cb)(imsgbuf->fd, p, &imsg) == 0) {
/* Message was handled by the callback */
imsg_free(&imsg);
continue;
}
switch (imsg.hdr.type) {
switch (imsg_get_type(&imsg)) {
case IMSG_CRYPTO_RSA_PRIVENC:
case IMSG_CRYPTO_RSA_PRIVDEC:
break;
default:
fatalx("%s: %s %d got invalid imsg %d"
" peerid %d from %s %d",
" id %d from %s %d",
__func__, "server", ps->ps_instance + 1,
imsg.hdr.type, imsg.hdr.peerid,
"crypto", imsg.hdr.pid);
imsg_get_type(&imsg), imsg_get_id(&imsg),
"crypto", imsg_get_pid(&imsg));
}
data = imsg.data;
datalen = IMSG_DATA_SIZE(&imsg);
if (datalen < sizeof(res))
fatalx("size mismatch for imsg %d",
imsg.hdr.type);
memcpy(&res, data, sizeof(res));
if (datalen != sizeof(res) + res.ret)
if (imsg_get_ibuf(&imsg, &ibuf) == -1 ||
ibuf_get(&ibuf, &res, sizeof(res)) == -1 ||
(int)ibuf_size(&ibuf) != res.ret)
fatalx("size mismatch for imsg %d",
imsg.hdr.type);
ret = res.ret;
toptr = data + sizeof(res);
toptr = ibuf_data(&ibuf);
if (res.id != reqid)
fatalx("invalid id; got %llu, want %llu",
@ -399,13 +394,12 @@ ecdsae_send_enc_imsg(const unsigned char *dgst, int dgst_len,
struct imsgev *iev;
struct privsep_proc *p;
struct privsep *ps = conf->ps;
struct imsgbuf *ibuf;
struct imsgbuf *imsgbuf;
struct imsg imsg;
struct ibuf ibuf;
int n, done = 0;
const void *toptr;
char *hash;
unsigned char *data;
size_t datalen;
if ((hash = EC_KEY_get_ex_data(eckey, 0)) == NULL)
return (0);
@ -434,16 +428,16 @@ ecdsae_send_enc_imsg(const unsigned char *dgst, int dgst_len,
iev = ps->ps_ievs[PROC_CRYPTO];
p = iev->proc;
ibuf = &iev->ibuf;
imsgbuf = &iev->ibuf;
while (!done) {
if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
if ((n = imsg_read(imsgbuf)) == -1 && errno != EAGAIN)
fatalx("imsg_read");
if (n == 0)
fatalx("pipe closed");
while (!done) {
if ((n = imsg_get(ibuf, &imsg)) == -1)
if ((n = imsg_get(imsgbuf, &imsg)) == -1)
fatalx("imsg_get error");
if (n == 0)
break;
@ -456,7 +450,8 @@ ecdsae_send_enc_imsg(const unsigned char *dgst, int dgst_len,
#endif
if (imsg.hdr.type != IMSG_CRYPTO_ECDSA_SIGN &&
crypto_dispatch_server(ibuf->fd, p, &imsg) == 0) {
crypto_dispatch_server(imsgbuf->fd, p, &imsg)
== 0) {
/* Message was handled by the callback */
imsg_free(&imsg);
continue;
@ -469,16 +464,13 @@ ecdsae_send_enc_imsg(const unsigned char *dgst, int dgst_len,
imsg.hdr.type, imsg.hdr.peerid,
"crypto", imsg.hdr.pid);
data = imsg.data;
datalen = IMSG_DATA_SIZE(&imsg);
if (datalen < sizeof(res))
if (imsg_get_ibuf(&imsg, &ibuf) == -1 ||
ibuf_get(&ibuf, &res, sizeof(res)) == -1 ||
ibuf_size(&ibuf) != res.len)
fatalx("size mismatch for imsg %d",
imsg.hdr.type);
memcpy(&res, data, sizeof(res));
if (datalen != sizeof(res) + res.len)
fatalx("size mismatch for imsg %d",
imsg.hdr.type);
toptr = data + sizeof(res);
toptr = ibuf_data(&ibuf);
if (res.id != reqid)
fatalx("invalid response id");

3
have/imsg.c
View File

@ -24,7 +24,8 @@ int
main(void)
{
struct imsgbuf buf;
struct imsg imsg;
imsg_init(&buf, -1);
return 0;
return imsg_get_fd(&imsg);
}

21
logger.c
View File

@ -81,22 +81,18 @@ logger_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg)
{
switch (imsg->hdr.type) {
case IMSG_LOG_FACILITY:
if (IMSG_DATA_SIZE(imsg) != sizeof(facility))
if (imsg_get_data(imsg, &facility, sizeof(facility)) == -1)
fatal("corrupted IMSG_LOG_SYSLOG");
memcpy(&facility, imsg->data, sizeof(facility));
break;
case IMSG_LOG_SYSLOG:
if (IMSG_DATA_SIZE(imsg) != sizeof(log_to_syslog))
if (imsg_get_data(imsg, &log_to_syslog,
sizeof(log_to_syslog)) == -1)
fatal("corrupted IMSG_LOG_SYSLOG");
memcpy(&log_to_syslog, imsg->data, sizeof(log_to_syslog));
break;
case IMSG_LOG_ACCESS:
if (logfd != -1)
close(logfd);
logfd = -1;
if (imsg->fd != -1)
logfd = imsg->fd;
logfd = imsg_get_fd(imsg);
break;
default:
return -1;
@ -109,14 +105,15 @@ static int
logger_dispatch_server(int fd, struct privsep_proc *p, struct imsg *imsg)
{
char *msg;
size_t datalen;
size_t datalen = 0;
struct ibuf ibuf;
switch (imsg->hdr.type) {
case IMSG_LOG_REQUEST:
msg = imsg->data;
datalen = IMSG_DATA_SIZE(imsg);
if (datalen == 0)
if (imsg_get_ibuf(imsg, &ibuf) == -1 ||
(datalen = ibuf_size(&ibuf)) == 0)
fatal("got invalid IMSG_LOG_REQUEST");
msg = ibuf_data(&ibuf);
msg[datalen - 1] = '\0';
if (logfd != -1)
dprintf(logfd, "%s\n", msg);

14
proc.c
View File

@ -671,9 +671,9 @@ proc_dispatch(int fd, short event, void *arg)
*/
switch (imsg.hdr.type) {
case IMSG_CTL_PROCFD:
IMSG_SIZE_CHECK(&imsg, &pf);
memcpy(&pf, imsg.data, sizeof(pf));
proc_accept(ps, imsg.fd, pf.pf_procid,
if (imsg_get_data(&imsg, &pf, sizeof(pf)))
fatalx("bad length imsg CTL_PROCFD");
proc_accept(ps, imsg_get_fd(&imsg), pf.pf_procid,
pf.pf_instance);
break;
default:
@ -799,14 +799,6 @@ proc_composev(struct privsep *ps, enum privsep_procid id,
return (proc_composev_imsg(ps, id, -1, type, -1, -1, iov, iovcnt));
}
int
proc_forward_imsg(struct privsep *ps, struct imsg *imsg,
enum privsep_procid id, int n)
{
return (proc_compose_imsg(ps, id, n, imsg->hdr.type,
imsg->hdr.peerid, imsg->fd, imsg->data, IMSG_DATA_SIZE(imsg)));
}
struct imsgbuf *
proc_ibuf(struct privsep *ps, enum privsep_procid id, int n)
{

2
proc.h
View File

@ -114,8 +114,6 @@ int proc_composev_imsg(struct privsep *, enum privsep_procid, int,
uint16_t, uint32_t, int, const struct iovec *, int);
int proc_composev(struct privsep *, enum privsep_procid,
uint16_t, const struct iovec *, int);
int proc_forward_imsg(struct privsep *, struct imsg *,
enum privsep_procid, int);
struct imsgbuf *
proc_ibuf(struct privsep *, enum privsep_procid, int);
struct imsgev *