2020-06-15 14:18:57 +00:00
|
|
|
/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
|
|
|
|
|
│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│
|
|
|
|
|
╞══════════════════════════════════════════════════════════════════════════════╡
|
2021-03-25 09:21:13 +00:00
|
|
|
│ Copyright 2021 Justine Alexandra Roberts Tunney │
|
2020-06-15 14:18:57 +00:00
|
|
|
│ │
|
2020-12-28 01:18:44 +00:00
|
|
|
│ Permission to use, copy, modify, and/or distribute this software for │
|
|
|
|
|
│ any purpose with or without fee is hereby granted, provided that the │
|
|
|
|
|
│ above copyright notice and this permission notice appear in all copies. │
|
2020-06-15 14:18:57 +00:00
|
|
|
│ │
|
2020-12-28 01:18:44 +00:00
|
|
|
│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │
|
|
|
|
|
│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │
|
|
|
|
|
│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │
|
|
|
|
|
│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │
|
|
|
|
|
│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │
|
|
|
|
|
│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │
|
|
|
|
|
│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │
|
|
|
|
|
│ PERFORMANCE OF THIS SOFTWARE. │
|
2020-06-15 14:18:57 +00:00
|
|
|
╚─────────────────────────────────────────────────────────────────────────────*/
|
|
|
|
|
#include "libc/bits/bits.h"
|
|
|
|
|
#include "libc/calls/calls.h"
|
2022-06-09 03:01:28 +00:00
|
|
|
#include "libc/calls/struct/stat.h"
|
2022-05-28 12:50:01 +00:00
|
|
|
#include "libc/calls/struct/timeval.h"
|
2022-04-20 16:56:53 +00:00
|
|
|
#include "libc/dce.h"
|
2020-06-15 14:18:57 +00:00
|
|
|
#include "libc/errno.h"
|
2020-12-09 23:04:54 +00:00
|
|
|
#include "libc/fmt/conv.h"
|
2020-06-15 14:18:57 +00:00
|
|
|
#include "libc/log/check.h"
|
|
|
|
|
#include "libc/log/log.h"
|
2022-04-20 16:56:53 +00:00
|
|
|
#include "libc/macros.internal.h"
|
2021-08-26 04:35:58 +00:00
|
|
|
#include "libc/nexgen32e/crc32.h"
|
2021-03-08 04:23:29 +00:00
|
|
|
#include "libc/runtime/gc.internal.h"
|
2020-06-15 14:18:57 +00:00
|
|
|
#include "libc/runtime/runtime.h"
|
|
|
|
|
#include "libc/sock/sock.h"
|
2022-08-06 10:51:50 +00:00
|
|
|
#include "libc/sock/struct/pollfd.h"
|
|
|
|
|
#include "libc/sock/struct/sockaddr.h"
|
2020-06-15 14:18:57 +00:00
|
|
|
#include "libc/stdio/stdio.h"
|
|
|
|
|
#include "libc/str/str.h"
|
|
|
|
|
#include "libc/sysv/consts/af.h"
|
|
|
|
|
#include "libc/sysv/consts/ex.h"
|
|
|
|
|
#include "libc/sysv/consts/exit.h"
|
|
|
|
|
#include "libc/sysv/consts/f.h"
|
|
|
|
|
#include "libc/sysv/consts/fd.h"
|
|
|
|
|
#include "libc/sysv/consts/inaddr.h"
|
|
|
|
|
#include "libc/sysv/consts/ipproto.h"
|
2021-02-05 20:19:43 +00:00
|
|
|
#include "libc/sysv/consts/itimer.h"
|
2020-06-15 14:18:57 +00:00
|
|
|
#include "libc/sysv/consts/o.h"
|
|
|
|
|
#include "libc/sysv/consts/poll.h"
|
|
|
|
|
#include "libc/sysv/consts/sa.h"
|
2022-05-22 15:13:13 +00:00
|
|
|
#include "libc/sysv/consts/sig.h"
|
2020-06-15 14:18:57 +00:00
|
|
|
#include "libc/sysv/consts/so.h"
|
|
|
|
|
#include "libc/sysv/consts/sock.h"
|
|
|
|
|
#include "libc/sysv/consts/sol.h"
|
2021-01-25 21:08:05 +00:00
|
|
|
#include "libc/sysv/consts/w.h"
|
2021-02-05 20:19:43 +00:00
|
|
|
#include "libc/time/time.h"
|
2020-06-15 14:18:57 +00:00
|
|
|
#include "libc/x/x.h"
|
2021-08-14 13:17:56 +00:00
|
|
|
#include "net/https/https.h"
|
2020-06-15 14:18:57 +00:00
|
|
|
#include "third_party/getopt/getopt.h"
|
2021-08-07 20:22:35 +00:00
|
|
|
#include "third_party/mbedtls/ssl.h"
|
2022-05-15 06:17:22 +00:00
|
|
|
#include "third_party/zlib/zlib.h"
|
2021-08-07 20:22:35 +00:00
|
|
|
#include "tool/build/lib/eztls.h"
|
2021-08-14 13:17:56 +00:00
|
|
|
#include "tool/build/lib/psk.h"
|
2020-06-15 14:18:57 +00:00
|
|
|
#include "tool/build/runit.h"
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @fileoverview Remote test runner daemon.
|
|
|
|
|
* Delivers 10x latency improvement over SSH (100x if Debian defaults)
|
|
|
|
|
*
|
|
|
|
|
* Here's how it handles connections:
|
|
|
|
|
*
|
|
|
|
|
* 1. Receives atomically-written request header, comprised of:
|
|
|
|
|
*
|
|
|
|
|
* - 4 byte nbo magic = 0xFEEDABEEu
|
|
|
|
|
* - 1 byte command = kRunitExecute
|
|
|
|
|
* - 4 byte nbo name length in bytes, e.g. "test1"
|
|
|
|
|
* - 4 byte nbo executable file length in bytes
|
|
|
|
|
* - <name bytes> (no NUL terminator)
|
|
|
|
|
* - <file bytes> (it's binary data)
|
|
|
|
|
*
|
|
|
|
|
* 2. Runs program, after verifying it came from the IP that spawned
|
|
|
|
|
* this program via SSH. Be sure to only run this over a trusted
|
|
|
|
|
* physically-wired network. To use this software on untrustworthy
|
|
|
|
|
* networks, wrap it with stunnel and use your own CA.
|
|
|
|
|
*
|
|
|
|
|
* 3. Sends stdout/stderr fragments, potentially multiple times:
|
|
|
|
|
*
|
|
|
|
|
* - 4 byte nbo magic = 0xFEEDABEEu
|
|
|
|
|
* - 1 byte command = kRunitStdout/Stderr
|
|
|
|
|
* - 4 byte nbo byte length
|
|
|
|
|
* - <chunk bytes>
|
|
|
|
|
*
|
|
|
|
|
* 4. Sends process exit code:
|
|
|
|
|
*
|
|
|
|
|
* - 4 byte nbo magic = 0xFEEDABEEu
|
|
|
|
|
* - 1 byte command = kRunitExit
|
|
|
|
|
* - 1 byte exit status
|
|
|
|
|
*/
|
|
|
|
|
|
2022-03-24 07:05:59 +00:00
|
|
|
#define DEATH_CLOCK_SECONDS 128
|
2021-06-24 19:31:26 +00:00
|
|
|
|
2020-06-15 14:18:57 +00:00
|
|
|
#define kLogFile "o/runitd.log"
|
|
|
|
|
#define kLogMaxBytes (2 * 1000 * 1000)
|
|
|
|
|
|
2022-04-15 06:39:48 +00:00
|
|
|
bool use_ftrace;
|
|
|
|
|
bool use_strace;
|
2020-06-15 14:18:57 +00:00
|
|
|
char *g_exepath;
|
2021-01-28 23:49:15 +00:00
|
|
|
volatile bool g_interrupted;
|
2020-06-15 14:18:57 +00:00
|
|
|
struct sockaddr_in g_servaddr;
|
|
|
|
|
unsigned char g_buf[PAGESIZE];
|
2022-04-20 16:56:53 +00:00
|
|
|
bool g_daemonize, g_sendready;
|
2022-04-16 17:40:23 +00:00
|
|
|
int g_timeout, g_bogusfd, g_servfd, g_clifd, g_exefd;
|
2020-06-15 14:18:57 +00:00
|
|
|
|
2021-01-28 23:49:15 +00:00
|
|
|
void OnInterrupt(int sig) {
|
|
|
|
|
g_interrupted = true;
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-28 03:34:02 +00:00
|
|
|
void OnChildTerminated(int sig) {
|
|
|
|
|
int ws, pid;
|
2022-05-22 15:13:13 +00:00
|
|
|
sigset_t ss, oldss;
|
|
|
|
|
sigfillset(&ss);
|
|
|
|
|
sigdelset(&ss, SIGTERM);
|
|
|
|
|
sigprocmask(SIG_BLOCK, &ss, &oldss);
|
2020-06-15 14:18:57 +00:00
|
|
|
for (;;) {
|
2022-05-22 15:13:13 +00:00
|
|
|
INFOF("waitpid");
|
2021-01-28 03:34:02 +00:00
|
|
|
if ((pid = waitpid(-1, &ws, WNOHANG)) != -1) {
|
|
|
|
|
if (pid) {
|
|
|
|
|
if (WIFEXITED(ws)) {
|
|
|
|
|
DEBUGF("worker %d exited with %d", pid, WEXITSTATUS(ws));
|
|
|
|
|
} else {
|
|
|
|
|
DEBUGF("worker %d terminated with %s", pid, strsignal(WTERMSIG(ws)));
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
if (errno == EINTR) continue;
|
|
|
|
|
if (errno == ECHILD) break;
|
|
|
|
|
FATALF("waitpid failed in sigchld");
|
2021-01-25 21:08:05 +00:00
|
|
|
}
|
2020-06-15 14:18:57 +00:00
|
|
|
}
|
2022-05-22 15:13:13 +00:00
|
|
|
sigprocmask(SIG_SETMASK, &oldss, 0);
|
2020-06-15 14:18:57 +00:00
|
|
|
}
|
|
|
|
|
|
2020-12-05 20:20:41 +00:00
|
|
|
wontreturn void ShowUsage(FILE *f, int rc) {
|
2020-06-15 14:18:57 +00:00
|
|
|
fprintf(f, "%s: %s %s\n", "Usage", program_invocation_name,
|
|
|
|
|
"[-d] [-r] [-l LISTENIP] [-p PORT] [-t TIMEOUTMS]");
|
|
|
|
|
exit(rc);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void GetOpts(int argc, char *argv[]) {
|
|
|
|
|
int opt;
|
|
|
|
|
g_timeout = RUNITD_TIMEOUT_MS;
|
|
|
|
|
g_servaddr.sin_family = AF_INET;
|
|
|
|
|
g_servaddr.sin_port = htons(RUNITD_PORT);
|
|
|
|
|
g_servaddr.sin_addr.s_addr = INADDR_ANY;
|
2022-04-15 06:39:48 +00:00
|
|
|
while ((opt = getopt(argc, argv, "fqhvsdrl:p:t:w:")) != -1) {
|
2020-06-15 14:18:57 +00:00
|
|
|
switch (opt) {
|
2022-04-15 06:39:48 +00:00
|
|
|
case 'f':
|
|
|
|
|
use_ftrace = true;
|
|
|
|
|
break;
|
Improve ZIP filesystem and change its prefix
The ZIP filesystem has a breaking change. You now need to use /zip/ to
open() / opendir() / etc. assets within the ZIP structure of your APE
binary, instead of the previous convention of using zip: or zip! URIs.
This is needed because Python likes to use absolute paths, and having
ZIP paths encoded like URIs simply broke too many things.
Many more system calls have been updated to be able to operate on ZIP
files and file descriptors. In particular fcntl() and ioctl() since
Python would do things like ask if a ZIP file is a terminal and get
confused when the old implementation mistakenly said yes, because the
fastest way to guarantee native file descriptors is to dup(2). This
change also improves the async signal safety of zipos and ensures it
doesn't maintain any open file descriptors beyond that which the user
has opened.
This change makes a lot of progress towards adding magic numbers that
are specific to platforms other than Linux. The philosophy here is that,
if you use an operating system like FreeBSD, then you should be able to
take advantage of FreeBSD exclusive features, even if we don't polyfill
them on other platforms. For example, you can now open() a file with the
O_VERIFY flag. If your program runs on other platforms, then Cosmo will
automatically set O_VERIFY to zero. This lets you safely use it without
the need for #ifdef or ifstatements which detract from readability.
One of the blindspots of the ASAN memory hardening we use to offer Rust
like assurances has always been that memory passed to the kernel via
system calls (e.g. writev) can't be checked automatically since the
kernel wasn't built with MODE=asan. This change makes more progress
ensuring that each system call will verify the soundness of memory
before it's passed to the kernel. The code for doing these checks is
fast, particularly for buffers, where it can verify 64 bytes a cycle.
- Correct O_LOOP definition on NT
- Introduce program_executable_name
- Add ASAN guards to more system calls
- Improve termios compatibility with BSDs
- Fix bug in Windows auxiliary value encoding
- Add BSD and XNU specific errnos and open flags
- Add check to ensure build doesn't talk to internet
2021-08-22 08:04:18 +00:00
|
|
|
case 's':
|
2022-04-15 06:39:48 +00:00
|
|
|
use_strace = true;
|
|
|
|
|
break;
|
|
|
|
|
case 'q':
|
Improve ZIP filesystem and change its prefix
The ZIP filesystem has a breaking change. You now need to use /zip/ to
open() / opendir() / etc. assets within the ZIP structure of your APE
binary, instead of the previous convention of using zip: or zip! URIs.
This is needed because Python likes to use absolute paths, and having
ZIP paths encoded like URIs simply broke too many things.
Many more system calls have been updated to be able to operate on ZIP
files and file descriptors. In particular fcntl() and ioctl() since
Python would do things like ask if a ZIP file is a terminal and get
confused when the old implementation mistakenly said yes, because the
fastest way to guarantee native file descriptors is to dup(2). This
change also improves the async signal safety of zipos and ensures it
doesn't maintain any open file descriptors beyond that which the user
has opened.
This change makes a lot of progress towards adding magic numbers that
are specific to platforms other than Linux. The philosophy here is that,
if you use an operating system like FreeBSD, then you should be able to
take advantage of FreeBSD exclusive features, even if we don't polyfill
them on other platforms. For example, you can now open() a file with the
O_VERIFY flag. If your program runs on other platforms, then Cosmo will
automatically set O_VERIFY to zero. This lets you safely use it without
the need for #ifdef or ifstatements which detract from readability.
One of the blindspots of the ASAN memory hardening we use to offer Rust
like assurances has always been that memory passed to the kernel via
system calls (e.g. writev) can't be checked automatically since the
kernel wasn't built with MODE=asan. This change makes more progress
ensuring that each system call will verify the soundness of memory
before it's passed to the kernel. The code for doing these checks is
fast, particularly for buffers, where it can verify 64 bytes a cycle.
- Correct O_LOOP definition on NT
- Introduce program_executable_name
- Add ASAN guards to more system calls
- Improve termios compatibility with BSDs
- Fix bug in Windows auxiliary value encoding
- Add BSD and XNU specific errnos and open flags
- Add check to ensure build doesn't talk to internet
2021-08-22 08:04:18 +00:00
|
|
|
--__log_level;
|
|
|
|
|
break;
|
|
|
|
|
case 'v':
|
|
|
|
|
++__log_level;
|
|
|
|
|
break;
|
2020-06-15 14:18:57 +00:00
|
|
|
case 'd':
|
|
|
|
|
g_daemonize = true;
|
|
|
|
|
break;
|
|
|
|
|
case 'r':
|
|
|
|
|
g_sendready = true;
|
|
|
|
|
break;
|
|
|
|
|
case 't':
|
|
|
|
|
g_timeout = atoi(optarg);
|
|
|
|
|
break;
|
|
|
|
|
case 'p':
|
|
|
|
|
CHECK_NE(0xFFFF, (g_servaddr.sin_port = htons(parseport(optarg))));
|
|
|
|
|
break;
|
|
|
|
|
case 'l':
|
|
|
|
|
CHECK_EQ(1, inet_pton(AF_INET, optarg, &g_servaddr.sin_addr));
|
|
|
|
|
break;
|
|
|
|
|
case 'h':
|
|
|
|
|
ShowUsage(stdout, EXIT_SUCCESS);
|
|
|
|
|
unreachable;
|
|
|
|
|
default:
|
|
|
|
|
ShowUsage(stderr, EX_USAGE);
|
|
|
|
|
unreachable;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
Import C++ Standard Template Library
You can now use the hardest fastest and most dangerous language there is
with Cosmopolitan. So far about 75% of LLVM libcxx has been added. A few
breaking changes needed to be made to help this go smoothly.
- Rename nothrow to dontthrow
- Rename nodiscard to dontdiscard
- Add some libm functions, e.g. lgamma, nan, etc.
- Change intmax_t from int128 to int64 like everything else
- Introduce %jjd formatting directive for int128_t
- Introduce strtoi128(), strtou128(), etc.
- Rename bsrmax() to bsr128()
Some of the templates that should be working currently are std::vector,
std::string, std::map, std::set, std::deque, etc.
2022-03-22 12:51:41 +00:00
|
|
|
dontdiscard char *DescribeAddress(struct sockaddr_in *addr) {
|
2020-06-15 14:18:57 +00:00
|
|
|
char ip4buf[16];
|
|
|
|
|
return xasprintf("%s:%hu",
|
|
|
|
|
inet_ntop(addr->sin_family, &addr->sin_addr.s_addr, ip4buf,
|
|
|
|
|
sizeof(ip4buf)),
|
|
|
|
|
ntohs(addr->sin_port));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void StartTcpServer(void) {
|
|
|
|
|
int yes = true;
|
|
|
|
|
uint32_t asize;
|
2021-08-26 04:35:58 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* TODO: How can we make close(serversocket) on Windows go fast?
|
|
|
|
|
* That way we can put back SOCK_CLOEXEC.
|
|
|
|
|
*/
|
2022-04-16 17:40:23 +00:00
|
|
|
CHECK_NE(-1, (g_servfd =
|
|
|
|
|
socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, IPPROTO_TCP)));
|
2021-08-26 04:35:58 +00:00
|
|
|
|
2022-05-28 12:50:01 +00:00
|
|
|
struct timeval timeo = {30};
|
|
|
|
|
setsockopt(g_servfd, SOL_SOCKET, SO_RCVTIMEO, &timeo, sizeof(timeo));
|
|
|
|
|
setsockopt(g_servfd, SOL_SOCKET, SO_SNDTIMEO, &timeo, sizeof(timeo));
|
|
|
|
|
|
2021-01-25 21:08:05 +00:00
|
|
|
LOGIFNEG1(setsockopt(g_servfd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes)));
|
2020-06-15 14:18:57 +00:00
|
|
|
if (bind(g_servfd, &g_servaddr, sizeof(g_servaddr)) == -1) {
|
2022-06-12 14:32:14 +00:00
|
|
|
FATALF("bind failed %m");
|
2020-06-15 14:18:57 +00:00
|
|
|
}
|
|
|
|
|
CHECK_NE(-1, listen(g_servfd, 10));
|
|
|
|
|
asize = sizeof(g_servaddr);
|
|
|
|
|
CHECK_NE(-1, getsockname(g_servfd, &g_servaddr, &asize));
|
2021-09-04 04:14:26 +00:00
|
|
|
INFOF("%s:%s", "listening on tcp", gc(DescribeAddress(&g_servaddr)));
|
2020-06-15 14:18:57 +00:00
|
|
|
if (g_sendready) {
|
|
|
|
|
printf("ready %hu\n", ntohs(g_servaddr.sin_port));
|
|
|
|
|
fflush(stdout);
|
2021-01-25 21:08:05 +00:00
|
|
|
fclose(stdout);
|
2022-04-16 17:40:23 +00:00
|
|
|
dup2(g_bogusfd, stdout->fd);
|
2020-06-15 14:18:57 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-07 20:22:35 +00:00
|
|
|
void SendExitMessage(int rc) {
|
2020-06-15 14:18:57 +00:00
|
|
|
unsigned char msg[4 + 1 + 1];
|
2021-09-28 05:58:51 +00:00
|
|
|
msg[0 + 0] = (RUNITD_MAGIC & 0xff000000) >> 030;
|
|
|
|
|
msg[0 + 1] = (RUNITD_MAGIC & 0x00ff0000) >> 020;
|
|
|
|
|
msg[0 + 2] = (RUNITD_MAGIC & 0x0000ff00) >> 010;
|
|
|
|
|
msg[0 + 3] = (RUNITD_MAGIC & 0x000000ff) >> 000;
|
2020-06-15 14:18:57 +00:00
|
|
|
msg[4] = kRunitExit;
|
2021-09-28 05:58:51 +00:00
|
|
|
msg[5] = rc;
|
2022-05-22 15:13:13 +00:00
|
|
|
INFOF("mbedtls_ssl_write");
|
2021-08-07 20:22:35 +00:00
|
|
|
CHECK_EQ(sizeof(msg), mbedtls_ssl_write(&ezssl, msg, sizeof(msg)));
|
2021-08-09 21:45:52 +00:00
|
|
|
CHECK_EQ(0, EzTlsFlush(&ezbio, 0, 0));
|
2020-06-15 14:18:57 +00:00
|
|
|
}
|
|
|
|
|
|
2021-08-07 20:22:35 +00:00
|
|
|
void SendOutputFragmentMessage(enum RunitCommand kind, unsigned char *buf,
|
|
|
|
|
size_t size) {
|
2020-06-15 14:18:57 +00:00
|
|
|
ssize_t rc;
|
|
|
|
|
size_t sent;
|
|
|
|
|
unsigned char msg[4 + 1 + 4];
|
2021-09-28 05:58:51 +00:00
|
|
|
msg[0 + 0] = (RUNITD_MAGIC & 0xff000000) >> 030;
|
|
|
|
|
msg[0 + 1] = (RUNITD_MAGIC & 0x00ff0000) >> 020;
|
|
|
|
|
msg[0 + 2] = (RUNITD_MAGIC & 0x0000ff00) >> 010;
|
|
|
|
|
msg[0 + 3] = (RUNITD_MAGIC & 0x000000ff) >> 000;
|
2020-06-15 14:18:57 +00:00
|
|
|
msg[4 + 0] = kind;
|
2021-09-28 05:58:51 +00:00
|
|
|
msg[5 + 0] = (size & 0xff000000) >> 030;
|
|
|
|
|
msg[5 + 1] = (size & 0x00ff0000) >> 020;
|
|
|
|
|
msg[5 + 2] = (size & 0x0000ff00) >> 010;
|
|
|
|
|
msg[5 + 3] = (size & 0x000000ff) >> 000;
|
2022-05-22 15:13:13 +00:00
|
|
|
INFOF("mbedtls_ssl_write");
|
2021-08-07 20:22:35 +00:00
|
|
|
CHECK_EQ(sizeof(msg), mbedtls_ssl_write(&ezssl, msg, sizeof(msg)));
|
2020-06-15 14:18:57 +00:00
|
|
|
while (size) {
|
2021-08-07 20:22:35 +00:00
|
|
|
CHECK_NE(-1, (rc = mbedtls_ssl_write(&ezssl, buf, size)));
|
2020-06-15 14:18:57 +00:00
|
|
|
CHECK_LE((sent = (size_t)rc), size);
|
|
|
|
|
size -= sent;
|
|
|
|
|
buf += sent;
|
|
|
|
|
}
|
2021-08-09 21:45:52 +00:00
|
|
|
CHECK_EQ(0, EzTlsFlush(&ezbio, 0, 0));
|
2020-06-15 14:18:57 +00:00
|
|
|
}
|
|
|
|
|
|
2022-05-15 06:17:22 +00:00
|
|
|
void Recv(void *output, size_t outputsize) {
|
|
|
|
|
int rc;
|
2022-06-13 18:02:13 +00:00
|
|
|
ssize_t tx, chunk, received, totalgot;
|
2022-05-15 06:17:22 +00:00
|
|
|
static bool once;
|
|
|
|
|
static int zstatus;
|
2022-05-28 12:50:01 +00:00
|
|
|
static char buf[32768];
|
2022-05-15 06:17:22 +00:00
|
|
|
static z_stream zs;
|
|
|
|
|
static struct {
|
|
|
|
|
size_t off;
|
|
|
|
|
size_t len;
|
|
|
|
|
size_t cap;
|
|
|
|
|
char *data;
|
|
|
|
|
} rbuf;
|
|
|
|
|
if (!once) {
|
|
|
|
|
CHECK_EQ(Z_OK, inflateInit(&zs));
|
|
|
|
|
once = true;
|
|
|
|
|
}
|
2022-06-13 18:02:13 +00:00
|
|
|
totalgot = 0;
|
2022-05-15 06:17:22 +00:00
|
|
|
for (;;) {
|
|
|
|
|
if (rbuf.len >= outputsize) {
|
|
|
|
|
tx = MIN(outputsize, rbuf.len);
|
|
|
|
|
memcpy(output, rbuf.data + rbuf.off, outputsize);
|
|
|
|
|
rbuf.len -= outputsize;
|
|
|
|
|
rbuf.off += outputsize;
|
|
|
|
|
// trim dymanic buffer once it empties
|
|
|
|
|
if (!rbuf.len) {
|
|
|
|
|
rbuf.off = 0;
|
|
|
|
|
rbuf.cap = 4096;
|
|
|
|
|
rbuf.data = realloc(rbuf.data, rbuf.cap);
|
|
|
|
|
}
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
if (zstatus == Z_STREAM_END) {
|
2022-05-28 12:50:01 +00:00
|
|
|
close(g_clifd);
|
2022-05-15 06:17:22 +00:00
|
|
|
FATALF("recv zlib unexpected eof");
|
|
|
|
|
}
|
|
|
|
|
// get another fixed-size data packet from network
|
|
|
|
|
// pass along error conditions to caller
|
|
|
|
|
// pass along eof condition to zlib
|
|
|
|
|
received = mbedtls_ssl_read(&ezssl, buf, sizeof(buf));
|
2022-06-09 04:52:47 +00:00
|
|
|
if (!received) {
|
|
|
|
|
close(g_clifd);
|
|
|
|
|
TlsDie("got unexpected eof", received);
|
|
|
|
|
}
|
|
|
|
|
if (received < 0) {
|
|
|
|
|
close(g_clifd);
|
|
|
|
|
TlsDie("read failed", received);
|
|
|
|
|
}
|
2022-06-13 18:02:13 +00:00
|
|
|
totalgot += received;
|
2022-05-15 06:17:22 +00:00
|
|
|
// decompress packet completely
|
|
|
|
|
// into a dynamical size buffer
|
|
|
|
|
zs.avail_in = received;
|
|
|
|
|
zs.next_in = (unsigned char *)buf;
|
|
|
|
|
CHECK_EQ(Z_OK, zstatus);
|
2021-08-26 04:35:58 +00:00
|
|
|
do {
|
2022-05-15 06:17:22 +00:00
|
|
|
// make sure we have a reasonable capacity for zlib output
|
|
|
|
|
if (rbuf.cap - (rbuf.off + rbuf.len) < sizeof(buf)) {
|
|
|
|
|
rbuf.cap += sizeof(buf);
|
|
|
|
|
rbuf.data = realloc(rbuf.data, rbuf.cap);
|
|
|
|
|
}
|
|
|
|
|
// inflate packet, which naturally can be much larger
|
|
|
|
|
// permit zlib no delay flushes that come from sender
|
|
|
|
|
zs.next_out = (unsigned char *)rbuf.data + (rbuf.off + rbuf.len);
|
|
|
|
|
zs.avail_out = chunk = rbuf.cap - (rbuf.off + rbuf.len);
|
|
|
|
|
zstatus = inflate(&zs, Z_SYNC_FLUSH);
|
|
|
|
|
CHECK_NE(Z_STREAM_ERROR, zstatus);
|
|
|
|
|
switch (zstatus) {
|
|
|
|
|
case Z_NEED_DICT:
|
2022-06-13 18:02:13 +00:00
|
|
|
WARNF("tls recv Z_NEED_DICT %ld total %ld", received, totalgot);
|
|
|
|
|
exit(1);
|
2022-05-15 06:17:22 +00:00
|
|
|
case Z_DATA_ERROR:
|
2022-06-13 18:02:13 +00:00
|
|
|
WARNF("tls recv Z_DATA_ERROR %ld total %ld", received, totalgot);
|
|
|
|
|
exit(1);
|
2022-05-15 06:17:22 +00:00
|
|
|
case Z_MEM_ERROR:
|
2022-06-13 18:02:13 +00:00
|
|
|
WARNF("tls recv Z_MEM_ERROR %ld total %ld", received, totalgot);
|
|
|
|
|
exit(1);
|
2022-05-15 06:17:22 +00:00
|
|
|
case Z_BUF_ERROR:
|
|
|
|
|
zstatus = Z_OK; // harmless? nothing for inflate to do
|
|
|
|
|
break; // it probably just our wraparound eof
|
|
|
|
|
default:
|
|
|
|
|
rbuf.len += chunk - zs.avail_out;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
} while (!zs.avail_out);
|
2021-08-26 04:35:58 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-15 14:18:57 +00:00
|
|
|
void HandleClient(void) {
|
2021-03-29 01:22:36 +00:00
|
|
|
const size_t kMaxNameSize = 128;
|
2020-06-15 14:18:57 +00:00
|
|
|
const size_t kMaxFileSize = 10 * 1024 * 1024;
|
2021-08-26 04:35:58 +00:00
|
|
|
uint32_t crc;
|
2020-06-15 14:18:57 +00:00
|
|
|
ssize_t got, wrote;
|
|
|
|
|
struct sockaddr_in addr;
|
2022-04-20 16:56:53 +00:00
|
|
|
long double now, deadline;
|
2021-01-28 03:34:02 +00:00
|
|
|
sigset_t chldmask, savemask;
|
2021-08-26 04:35:58 +00:00
|
|
|
char *addrstr, *exename, *exe;
|
|
|
|
|
unsigned char msg[4 + 1 + 4 + 4 + 4];
|
2021-01-28 03:34:02 +00:00
|
|
|
struct sigaction ignore, saveint, savequit;
|
2020-06-15 14:18:57 +00:00
|
|
|
uint32_t addrsize, namesize, filesize, remaining;
|
2022-04-20 16:56:53 +00:00
|
|
|
int rc, events, exitcode, wstatus, child, pipefds[2];
|
2020-06-15 14:18:57 +00:00
|
|
|
|
|
|
|
|
/* read request to run program */
|
|
|
|
|
addrsize = sizeof(addr);
|
2022-05-22 15:13:13 +00:00
|
|
|
INFOF("accept");
|
2022-05-28 12:50:01 +00:00
|
|
|
do {
|
|
|
|
|
g_clifd = accept4(g_servfd, &addr, &addrsize, SOCK_CLOEXEC);
|
|
|
|
|
} while (g_clifd == -1 && errno == EAGAIN);
|
|
|
|
|
CHECK_NE(-1, g_clifd);
|
2021-01-25 21:08:05 +00:00
|
|
|
if (fork()) {
|
|
|
|
|
close(g_clifd);
|
|
|
|
|
return;
|
|
|
|
|
}
|
2021-08-14 13:17:56 +00:00
|
|
|
EzFd(g_clifd);
|
2022-05-22 15:13:13 +00:00
|
|
|
INFOF("EzHandshake");
|
2021-08-09 21:45:52 +00:00
|
|
|
EzHandshake();
|
2020-06-15 14:18:57 +00:00
|
|
|
addrstr = gc(DescribeAddress(&addr));
|
|
|
|
|
DEBUGF("%s %s %s", gc(DescribeAddress(&g_servaddr)), "accepted", addrstr);
|
2022-05-15 06:17:22 +00:00
|
|
|
|
2021-08-26 04:35:58 +00:00
|
|
|
Recv(msg, sizeof(msg));
|
|
|
|
|
CHECK_EQ(RUNITD_MAGIC, READ32BE(msg));
|
|
|
|
|
CHECK_EQ(kRunitExecute, msg[4]);
|
|
|
|
|
namesize = READ32BE(msg + 5);
|
|
|
|
|
filesize = READ32BE(msg + 9);
|
|
|
|
|
crc = READ32BE(msg + 13);
|
|
|
|
|
exename = gc(calloc(1, namesize + 1));
|
|
|
|
|
Recv(exename, namesize);
|
2020-06-15 14:18:57 +00:00
|
|
|
g_exepath = gc(xasprintf("o/%d.%s", getpid(), basename(exename)));
|
2021-09-04 04:14:26 +00:00
|
|
|
INFOF("%s asked we run %`'s (%,u bytes @ %`'s)", addrstr, exename, filesize,
|
|
|
|
|
g_exepath);
|
2020-06-15 14:18:57 +00:00
|
|
|
|
2021-08-26 04:35:58 +00:00
|
|
|
exe = malloc(filesize);
|
|
|
|
|
Recv(exe, filesize);
|
|
|
|
|
if (crc32_z(0, exe, filesize) != crc) {
|
|
|
|
|
FATALF("%s crc mismatch! %`'s", addrstr, exename);
|
2020-06-15 14:18:57 +00:00
|
|
|
}
|
2021-08-26 04:35:58 +00:00
|
|
|
CHECK_NE(-1, (g_exefd = creat(g_exepath, 0700)));
|
|
|
|
|
LOGIFNEG1(ftruncate(g_exefd, filesize));
|
2022-05-22 15:13:13 +00:00
|
|
|
INFOF("xwrite");
|
2021-08-26 04:35:58 +00:00
|
|
|
CHECK_NE(-1, xwrite(g_exefd, exe, filesize));
|
2021-01-25 21:08:05 +00:00
|
|
|
LOGIFNEG1(close(g_exefd));
|
2020-06-15 14:18:57 +00:00
|
|
|
|
|
|
|
|
/* run program, tee'ing stderr to both log and client */
|
|
|
|
|
DEBUGF("spawning %s", exename);
|
2021-01-28 03:34:02 +00:00
|
|
|
ignore.sa_flags = 0;
|
|
|
|
|
ignore.sa_handler = SIG_IGN;
|
2022-04-20 16:56:53 +00:00
|
|
|
sigemptyset(&ignore.sa_mask);
|
|
|
|
|
sigaction(SIGINT, &ignore, &saveint);
|
|
|
|
|
sigaction(SIGQUIT, &ignore, &savequit);
|
|
|
|
|
sigemptyset(&chldmask);
|
|
|
|
|
sigaddset(&chldmask, SIGCHLD);
|
|
|
|
|
sigprocmask(SIG_BLOCK, &chldmask, &savemask);
|
2021-01-25 21:08:05 +00:00
|
|
|
CHECK_NE(-1, pipe2(pipefds, O_CLOEXEC));
|
2021-01-28 03:34:02 +00:00
|
|
|
CHECK_NE(-1, (child = fork()));
|
|
|
|
|
if (!child) {
|
2022-04-20 16:56:53 +00:00
|
|
|
dup2(g_bogusfd, 0);
|
2021-08-26 04:35:58 +00:00
|
|
|
dup2(pipefds[1], 1);
|
2021-01-25 21:08:05 +00:00
|
|
|
dup2(pipefds[1], 2);
|
2022-04-20 16:56:53 +00:00
|
|
|
sigaction(SIGINT, &(struct sigaction){0}, 0);
|
|
|
|
|
sigaction(SIGQUIT, &(struct sigaction){0}, 0);
|
|
|
|
|
sigprocmask(SIG_SETMASK, &savemask, 0);
|
2022-04-15 06:39:48 +00:00
|
|
|
int i = 0;
|
|
|
|
|
char *args[4] = {0};
|
|
|
|
|
args[i++] = g_exepath;
|
|
|
|
|
if (use_strace) args[i++] = "--strace";
|
|
|
|
|
if (use_ftrace) args[i++] = "--ftrace";
|
|
|
|
|
execv(g_exepath, args);
|
2022-04-20 16:56:53 +00:00
|
|
|
_Exit(127);
|
2021-01-25 21:08:05 +00:00
|
|
|
}
|
2022-04-20 16:56:53 +00:00
|
|
|
close(pipefds[1]);
|
2020-06-15 14:18:57 +00:00
|
|
|
DEBUGF("communicating %s[%d]", exename, child);
|
2022-04-20 16:56:53 +00:00
|
|
|
deadline = nowl() + DEATH_CLOCK_SECONDS;
|
2021-06-24 19:31:26 +00:00
|
|
|
for (;;) {
|
2022-04-20 16:56:53 +00:00
|
|
|
now = nowl();
|
|
|
|
|
if (now >= deadline) {
|
|
|
|
|
WARNF("%s worker timed out", exename);
|
|
|
|
|
LOGIFNEG1(kill(child, 9));
|
|
|
|
|
LOGIFNEG1(waitpid(child, 0, 0));
|
|
|
|
|
LOGIFNEG1(close(g_clifd));
|
|
|
|
|
LOGIFNEG1(close(pipefds[0]));
|
|
|
|
|
LOGIFNEG1(unlink(g_exepath));
|
|
|
|
|
_exit(1);
|
|
|
|
|
}
|
|
|
|
|
struct pollfd fds[2];
|
|
|
|
|
fds[0].fd = g_clifd;
|
|
|
|
|
fds[0].events = POLLIN;
|
|
|
|
|
fds[1].fd = pipefds[0];
|
|
|
|
|
fds[1].events = POLLIN;
|
2022-05-22 15:13:13 +00:00
|
|
|
INFOF("poll");
|
2022-04-20 16:56:53 +00:00
|
|
|
events = poll(fds, ARRAYLEN(fds), (deadline - now) * 1000);
|
|
|
|
|
CHECK_NE(-1, events); // EINTR shouldn't be possible
|
|
|
|
|
if (fds[0].revents) {
|
|
|
|
|
if (!(fds[0].revents & POLLHUP)) {
|
|
|
|
|
WARNF("%s got unexpected input event from client %#x", exename,
|
|
|
|
|
fds[0].revents);
|
|
|
|
|
}
|
2022-05-19 07:34:15 +00:00
|
|
|
WARNF("%s client disconnected so killing worker %d", exename, child);
|
2022-04-20 16:56:53 +00:00
|
|
|
LOGIFNEG1(kill(child, 9));
|
|
|
|
|
LOGIFNEG1(waitpid(child, 0, 0));
|
|
|
|
|
LOGIFNEG1(close(g_clifd));
|
|
|
|
|
LOGIFNEG1(close(pipefds[0]));
|
|
|
|
|
LOGIFNEG1(unlink(g_exepath));
|
|
|
|
|
_exit(1);
|
2021-06-24 19:31:26 +00:00
|
|
|
}
|
2022-05-22 15:13:13 +00:00
|
|
|
INFOF("read");
|
2022-04-20 16:56:53 +00:00
|
|
|
got = read(pipefds[0], g_buf, sizeof(g_buf));
|
|
|
|
|
CHECK_NE(-1, got); // EINTR shouldn't be possible
|
|
|
|
|
if (!got) {
|
|
|
|
|
LOGIFNEG1(close(pipefds[0]));
|
2021-06-24 19:31:26 +00:00
|
|
|
break;
|
2021-02-05 20:19:43 +00:00
|
|
|
}
|
2022-04-20 16:56:53 +00:00
|
|
|
fwrite(g_buf, got, 1, stderr);
|
|
|
|
|
SendOutputFragmentMessage(kRunitStderr, g_buf, got);
|
2021-01-25 21:08:05 +00:00
|
|
|
}
|
2022-05-22 15:13:13 +00:00
|
|
|
INFOF("waitpid");
|
2022-04-20 16:56:53 +00:00
|
|
|
CHECK_NE(-1, waitpid(child, &wstatus, 0)); // EINTR shouldn't be possible
|
2021-01-28 03:34:02 +00:00
|
|
|
if (WIFEXITED(wstatus)) {
|
2021-08-26 04:35:58 +00:00
|
|
|
if (WEXITSTATUS(wstatus)) {
|
|
|
|
|
WARNF("%s exited with %d", exename, WEXITSTATUS(wstatus));
|
|
|
|
|
} else {
|
2022-04-20 16:56:53 +00:00
|
|
|
VERBOSEF("%s exited with %d", exename, WEXITSTATUS(wstatus));
|
2021-08-26 04:35:58 +00:00
|
|
|
}
|
2021-01-28 03:34:02 +00:00
|
|
|
exitcode = WEXITSTATUS(wstatus);
|
2021-01-25 21:08:05 +00:00
|
|
|
} else {
|
2021-08-26 04:35:58 +00:00
|
|
|
WARNF("%s terminated with %s", exename, strsignal(WTERMSIG(wstatus)));
|
2021-01-28 03:34:02 +00:00
|
|
|
exitcode = 128 + WTERMSIG(wstatus);
|
2020-06-15 14:18:57 +00:00
|
|
|
}
|
2022-04-20 16:56:53 +00:00
|
|
|
LOGIFNEG1(unlink(g_exepath));
|
2021-08-07 20:22:35 +00:00
|
|
|
SendExitMessage(exitcode);
|
2022-05-22 15:13:13 +00:00
|
|
|
INFOF("mbedtls_ssl_close_notify");
|
2021-08-07 20:22:35 +00:00
|
|
|
mbedtls_ssl_close_notify(&ezssl);
|
2021-01-25 21:08:05 +00:00
|
|
|
LOGIFNEG1(close(g_clifd));
|
|
|
|
|
_exit(0);
|
2020-06-15 14:18:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int Poll(void) {
|
2021-01-25 21:08:05 +00:00
|
|
|
int i, wait, evcount;
|
|
|
|
|
struct pollfd fds[1];
|
2020-06-15 14:18:57 +00:00
|
|
|
TryAgain:
|
2021-01-28 23:49:15 +00:00
|
|
|
if (g_interrupted) return 0;
|
2021-01-25 21:08:05 +00:00
|
|
|
fds[0].fd = g_servfd;
|
2022-06-12 14:32:14 +00:00
|
|
|
fds[0].events = POLLIN | POLLERR | POLLHUP;
|
2021-01-25 21:08:05 +00:00
|
|
|
wait = MIN(1000, g_timeout);
|
|
|
|
|
evcount = poll(fds, ARRAYLEN(fds), wait);
|
|
|
|
|
if (!evcount) g_timeout -= wait;
|
2020-06-15 14:18:57 +00:00
|
|
|
if (evcount == -1 && errno == EINTR) goto TryAgain;
|
|
|
|
|
CHECK_NE(-1, evcount);
|
|
|
|
|
for (i = 0; i < evcount; ++i) {
|
|
|
|
|
CHECK(fds[i].revents & POLLIN);
|
|
|
|
|
HandleClient();
|
|
|
|
|
}
|
2021-01-25 21:08:05 +00:00
|
|
|
/* manually do this because of nt */
|
|
|
|
|
while (waitpid(-1, NULL, WNOHANG) > 0) donothing;
|
2020-06-15 14:18:57 +00:00
|
|
|
return evcount;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int Serve(void) {
|
|
|
|
|
StartTcpServer();
|
2022-04-20 16:56:53 +00:00
|
|
|
sigaction(SIGINT, (&(struct sigaction){.sa_handler = OnInterrupt}), 0);
|
2021-01-28 03:34:02 +00:00
|
|
|
sigaction(SIGCHLD,
|
2022-04-20 16:56:53 +00:00
|
|
|
(&(struct sigaction){.sa_handler = OnChildTerminated,
|
2021-01-28 03:34:02 +00:00
|
|
|
.sa_flags = SA_RESTART}),
|
2022-04-20 16:56:53 +00:00
|
|
|
0);
|
2021-01-28 03:34:02 +00:00
|
|
|
for (;;) {
|
2021-01-28 23:49:15 +00:00
|
|
|
if (!Poll() && (!g_timeout || g_interrupted)) break;
|
2020-06-15 14:18:57 +00:00
|
|
|
}
|
2021-01-28 03:34:02 +00:00
|
|
|
close(g_servfd);
|
2021-01-29 09:27:09 +00:00
|
|
|
if (!g_timeout) {
|
2021-09-04 04:14:26 +00:00
|
|
|
INFOF("timeout expired, shutting down");
|
2021-01-29 09:27:09 +00:00
|
|
|
} else {
|
2021-09-04 04:14:26 +00:00
|
|
|
INFOF("got ctrl-c, shutting down");
|
2021-01-29 09:27:09 +00:00
|
|
|
}
|
2021-01-28 03:34:02 +00:00
|
|
|
return 0;
|
2020-06-15 14:18:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void Daemonize(void) {
|
|
|
|
|
struct stat st;
|
|
|
|
|
if (fork() > 0) _exit(0);
|
|
|
|
|
setsid();
|
|
|
|
|
if (fork() > 0) _exit(0);
|
2022-04-16 17:40:23 +00:00
|
|
|
dup2(g_bogusfd, stdin->fd);
|
|
|
|
|
if (!g_sendready) dup2(g_bogusfd, stdout->fd);
|
2021-01-28 03:34:02 +00:00
|
|
|
freopen(kLogFile, "ae", stderr);
|
|
|
|
|
if (fstat(fileno(stderr), &st) != -1 && st.st_size > kLogMaxBytes) {
|
|
|
|
|
ftruncate(fileno(stderr), 0);
|
|
|
|
|
}
|
2020-06-15 14:18:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int main(int argc, char *argv[]) {
|
2022-04-20 16:56:53 +00:00
|
|
|
int i;
|
2021-08-14 13:17:56 +00:00
|
|
|
SetupPresharedKeySsl(MBEDTLS_SSL_IS_SERVER, GetRunitPsk());
|
2022-06-11 16:27:14 +00:00
|
|
|
__log_level = kLogWarn;
|
2020-06-15 14:18:57 +00:00
|
|
|
GetOpts(argc, argv);
|
2022-04-20 16:56:53 +00:00
|
|
|
for (i = 3; i < 16; ++i) close(i);
|
2022-04-29 13:06:23 +00:00
|
|
|
errno = 0;
|
2022-04-16 17:40:23 +00:00
|
|
|
// poll()'ing /dev/null stdin file descriptor on xnu returns POLLNVAL?!
|
|
|
|
|
if (IsWindows()) {
|
|
|
|
|
CHECK_EQ(3, (g_bogusfd = open("/dev/null", O_RDONLY | O_CLOEXEC)));
|
|
|
|
|
} else {
|
|
|
|
|
CHECK_EQ(3, (g_bogusfd = open("/dev/zero", O_RDONLY | O_CLOEXEC)));
|
|
|
|
|
}
|
|
|
|
|
defer(close_s, &g_bogusfd);
|
2020-06-15 14:18:57 +00:00
|
|
|
if (!isdirectory("o")) CHECK_NE(-1, mkdir("o", 0700));
|
|
|
|
|
if (g_daemonize) Daemonize();
|
|
|
|
|
return Serve();
|
|
|
|
|
}
|
