diff --git a/src/rrd_daemon.c b/src/rrd_daemon.c
index 0422389a7567706b82ae7bc1fb6a4e1065ee2e99..17153ce98be3309f985b885b486e3a0fc7b5fd6d 100644 (file)
--- a/src/rrd_daemon.c
+++ b/src/rrd_daemon.c
* Now for some includes..
*/
/* {{{ */
-#if defined(_WIN32) && !defined(__CYGWIN__) && !defined(__CYGWIN32__) && !defined(HAVE_CONFIG_H)
-#include "../win32/config.h"
-#else
-#ifdef HAVE_CONFIG_H
-#include "../rrd_config.h"
-#endif
-#endif
-
-#include "rrd.h"
+#include "rrd_tool.h"
#include "rrd_client.h"
+#include "unused.h"
#include <stdlib.h>
#include <sys/time.h>
#include <time.h>
#include <libgen.h>
+#include <grp.h>
+
+#ifdef HAVE_LIBWRAP
+#include <tcpd.h>
+#endif /* HAVE_LIBWRAP */
#include <glib-2.0/glib.h>
/* }}} */
-#define RRDD_LOG(severity, ...) syslog ((severity), __VA_ARGS__)
-
-#ifndef __GNUC__
-# define __attribute__(x) /**/
-#endif
+#define RRDD_LOG(severity, ...) \
+ do { \
+ if (stay_foreground) { \
+ fprintf(stderr, __VA_ARGS__); \
+ fprintf(stderr, "\n"); } \
+ syslog ((severity), __VA_ARGS__); \
+ } while (0)
/*
* Types
ssize_t wbuf_len;
uint32_t permissions;
+
+ gid_t socket_group;
+ mode_t socket_permissions;
};
typedef struct listen_socket_s listen_socket_t;
struct command_s;
typedef struct command_s command_t;
/* note: guard against "unused" warnings in the handlers */
-#define DISPATCH_PROTO listen_socket_t *sock __attribute__((unused)),\
- time_t now __attribute__((unused)),\
- char *buffer __attribute__((unused)),\
- size_t buffer_size __attribute__((unused))
+#define DISPATCH_PROTO listen_socket_t UNUSED(*sock),\
+ time_t UNUSED(now),\
+ char UNUSED(*buffer),\
+ size_t UNUSED(buffer_size)
-#define HANDLER_PROTO command_t *cmd __attribute__((unused)),\
+#define HANDLER_PROTO command_t UNUSED(*cmd),\
DISPATCH_PROTO
struct command_s {
char **values;
size_t values_num;
time_t last_flush_time;
- time_t last_update_stamp;
+ double last_update_stamp;
#define CI_FLAGS_IN_TREE (1<<0)
#define CI_FLAGS_IN_QUEUE (1<<1)
int flags;
static listen_socket_t *listen_fds = NULL;
static size_t listen_fds_num = 0;
+static listen_socket_t default_socket;
+
enum {
RUNNING, /* normal operation */
FLUSHING, /* flushing remaining values */
static pthread_mutex_t stats_lock = PTHREAD_MUTEX_INITIALIZER;
/* Journaled updates */
+#define JOURNAL_REPLAY(s) ((s) == NULL)
#define JOURNAL_BASE "rrd.journal"
static journal_set *journal_cur = NULL;
static journal_set *journal_old = NULL;
pthread_cond_broadcast(&queue_cond);
} /* }}} void sig_common */
-static void sig_int_handler (int s __attribute__((unused))) /* {{{ */
+static void sig_int_handler (int UNUSED(s)) /* {{{ */
{
sig_common("INT");
} /* }}} void sig_int_handler */
-static void sig_term_handler (int s __attribute__((unused))) /* {{{ */
+static void sig_term_handler (int UNUSED(s)) /* {{{ */
{
sig_common("TERM");
} /* }}} void sig_term_handler */
-static void sig_usr1_handler (int s __attribute__((unused))) /* {{{ */
+static void sig_usr1_handler (int UNUSED(s)) /* {{{ */
{
config_flush_at_shutdown = 1;
sig_common("USR1");
} /* }}} void sig_usr1_handler */
-static void sig_usr2_handler (int s __attribute__((unused))) /* {{{ */
+static void sig_usr2_handler (int UNUSED(s)) /* {{{ */
{
config_flush_at_shutdown = 0;
sig_common("USR2");
char buffer[CMD_MAX];
int len;
- if (sock == NULL) return 0; /* journal replay mode */
+ if (JOURNAL_REPLAY(sock)) return 0;
if (sock->batch_start) return 0; /* no extra info returned when in BATCH */
va_start(argp, fmt);
ssize_t wrote;
int rclen, len;
- if (sock == NULL) return rc; /* journal replay mode */
+ if (JOURNAL_REPLAY(sock)) return rc;
if (sock->batch_start)
{
for (k = 0; k < cfd.keys_num; k++)
{
+ gboolean status = g_tree_remove(cache_tree, cfd.keys[k]);
/* should never fail, since we have held the cache_lock
* the entire time */
- assert( g_tree_remove(cache_tree, cfd.keys[k]) == TRUE );
+ assert(status == TRUE);
}
if (cfd.keys != NULL)
return (0);
} /* int flush_old_values */
-static void *flush_thread_main (void *args __attribute__((unused))) /* {{{ */
+static void *flush_thread_main (void UNUSED(*args)) /* {{{ */
{
struct timeval now;
struct timespec next_flush;
return NULL;
} /* void *flush_thread_main */
-static void *queue_thread_main (void *args __attribute__((unused))) /* {{{ */
+static void *queue_thread_main (void UNUSED(*args)) /* {{{ */
{
pthread_mutex_lock (&cache_lock);
@@ -1043,7 +1050,7 @@ static int check_file_access (const char *file, listen_socket_t *sock) /* {{{ */
assert(file != NULL);
if (!config_write_base_only
- || sock == NULL /* journal replay */
+ || JOURNAL_REPLAY(sock)
|| config_base_dir == NULL)
return 1;
if (found == TRUE)
{
- if (sock != NULL)
+ if (!JOURNAL_REPLAY(sock))
journal_write("forget", file);
return send_response(sock, RESP_OK, "Gone!\n");
cache_item_t *ci;
/* save it for the journal later */
- strncpy(orig_buf, buffer, sizeof(orig_buf)-1);
+ if (!JOURNAL_REPLAY(sock))
+ strncpy(orig_buf, buffer, min(CMD_MAX,buffer_size));
status = buffer_get_field (&buffer, &buffer_size, &file);
if (status != 0)
assert (ci != NULL);
/* don't re-write updates in replay mode */
- if (sock != NULL)
+ if (!JOURNAL_REPLAY(sock))
journal_write("update", orig_buf);
while (buffer_size > 0)
{
char *value;
- time_t stamp;
+ double stamp;
char *eostamp;
status = buffer_get_field (&buffer, &buffer_size, &value);
break;
}
- /* make sure update time is always moving forward */
- stamp = strtol(value, &eostamp, 10);
+ /* make sure update time is always moving forward. We use double here since
+ update does support subsecond precision for timestamps ... */
+ stamp = strtod(value, &eostamp);
if (eostamp == value || eostamp == NULL || *eostamp != ':')
{
pthread_mutex_unlock(&cache_lock);
{
pthread_mutex_unlock(&cache_lock);
return send_response(sock, RESP_ERR,
- "illegal attempt to update using time %ld when last"
- " update time is %ld (minimum one second step)\n",
+ "illegal attempt to update using time %lf when last"
+ " update time is %lf (minimum one second step)\n",
stamp, ci->last_update_stamp);
}
else
{
ssize_t i;
+ if (JOURNAL_REPLAY(sock))
+ return (1);
+
if (cmd == NULL)
return (-1);
return (0);
} /* }}} int socket_permission_add */
+static void socket_permission_clear (listen_socket_t *sock) /* {{{ */
+{
+ sock->permissions = 0;
+} /* }}} socket_permission_clear */
+
+static void socket_permission_copy (listen_socket_t *dest, /* {{{ */
+ listen_socket_t *src)
+{
+ dest->permissions = src->permissions;
+} /* }}} socket_permission_copy */
+
+static void socket_permission_set_all (listen_socket_t *sock) /* {{{ */
+{
+ size_t i;
+
+ sock->permissions = 0;
+ for (i = 0; i < list_of_commands_len; i++)
+ sock->permissions |= (1 << i);
+} /* }}} void socket_permission_set_all */
+
/* check whether commands are received in the expected context */
static int command_check_context(listen_socket_t *sock, command_t *cmd)
{
- if (sock == NULL)
+ if (JOURNAL_REPLAY(sock))
return (cmd->context & CMD_CONTEXT_JOURNAL);
else if (sock->batch_start)
return (cmd->context & CMD_CONTEXT_BATCH);
return send_response(sock, RESP_OK, resp_txt);
} /* }}} int handle_request_help */
-/* if sock==NULL, we are in journal replay mode */
static int handle_request (DISPATCH_PROTO) /* {{{ */
{
char *buffer_ptr = buffer;
}
dir = opendir(journal_dir);
+ if (!dir) {
+ RRDD_LOG(LOG_CRIT, "journal_init: opendir(%s) failed\n", journal_dir);
+ return;
+ }
while ((dent = readdir(dir)) != NULL)
{
/* looks like a journal file? */
}
pthread_mutex_lock (&connection_threads_lock);
+#ifdef HAVE_LIBWRAP
+ /* LIBWRAP does not support multiple threads! By putting this code
+ inside pthread_mutex_lock we do not have to worry about request_info
+ getting overwritten by another thread.
+ */
+ struct request_info req;
+ request_init(&req, RQ_DAEMON, "rrdcached\0", RQ_FILE, fd, NULL );
+ fromhost(&req);
+ if(!hosts_access(&req)) {
+ RRDD_LOG(LOG_INFO, "refused connection from %s", eval_client(&req));
+ pthread_mutex_unlock (&connection_threads_lock);
+ close_connection(sock);
+ return NULL;
+ }
+#endif /* HAVE_LIBWRAP */
connection_threads_num++;
pthread_mutex_unlock (&connection_threads_lock);
return (-1);
}
+ /* tweak the sockets group ownership */
+ if (sock->socket_group != (gid_t)-1)
+ {
+ if ( (chown(path, getuid(), sock->socket_group) != 0) ||
+ (chmod(path, (S_IRUSR|S_IWUSR|S_IXUSR | S_IRGRP|S_IWGRP)) != 0) )
+ {
+ fprintf(stderr, "rrdcached: failed to set socket group permissions (%s)\n", strerror(errno));
+ }
+ }
+
+ if (sock->socket_permissions != (mode_t)-1)
+ {
+ if (chmod(path, sock->socket_permissions) != 0)
+ fprintf(stderr, "rrdcached: failed to set socket file permissions (%o): %s\n",
+ (unsigned int)sock->socket_permissions, strerror(errno));
+ }
+
status = listen (fd, /* backlog = */ 10);
if (status != 0)
{
fprintf (stderr, "rrdcached: Garbage after address: %s\n", port);
return (-1);
}
- } /* if (*addr = ']') */
- else if (strchr (addr, '.') != NULL) /* Hostname or IPv4 */
+ } /* if (*addr == '[') */
+ else
{
port = rindex(addr, ':');
if (port != NULL)
return (0);
} /* }}} int close_listen_sockets */
-static void *listen_thread_main (void *args __attribute__((unused))) /* {{{ */
+static void *listen_thread_main (void UNUSED(*args)) /* {{{ */
{
struct pollfd *pollfds;
int pollfds_num;
}
else
{
- listen_socket_t sock;
- memset(&sock, 0, sizeof(sock));
- strncpy(sock.addr, RRDCACHED_DEFAULT_ADDRESS, sizeof(sock.addr)-1);
- open_listen_socket (&sock);
+ strncpy(default_socket.addr, RRDCACHED_DEFAULT_ADDRESS,
+ sizeof(default_socket.addr) - 1);
+ default_socket.addr[sizeof(default_socket.addr) - 1] = '\0';
+
+ if (default_socket.permissions == 0)
+ socket_permission_set_all (&default_socket);
+
+ open_listen_socket (&default_socket);
}
if (listen_fds_num < 1)
int option;
int status = 0;
- char **permissions = NULL;
- size_t permissions_len = 0;
+ socket_permission_clear (&default_socket);
- while ((option = getopt(argc, argv, "gl:P:f:w:z:t:Bb:p:Fj:h?")) != -1)
+ default_socket.socket_group = (gid_t)-1;
+ default_socket.socket_permissions = (mode_t)-1;
+
+ while ((option = getopt(argc, argv, "gl:s:m:P:f:w:z:t:Bb:p:Fj:h?")) != -1)
{
switch (option)
{
strncpy(new->addr, optarg, sizeof(new->addr)-1);
/* Add permissions to the socket {{{ */
- if (permissions_len != 0)
+ if (default_socket.permissions != 0)
{
- size_t i;
- for (i = 0; i < permissions_len; i++)
- {
- status = socket_permission_add (new, permissions[i]);
- if (status != 0)
- {
- fprintf (stderr, "read_options: Adding permission \"%s\" to "
- "socket failed. Most likely, this permission doesn't "
- "exist. Check your command line.\n", permissions[i]);
- status = 4;
- }
- }
+ socket_permission_copy (new, &default_socket);
}
- else /* if (permissions_len == 0) */
+ else /* if (default_socket.permissions == 0) */
{
/* Add permission for ALL commands to the socket. */
- size_t i;
- for (i = 0; i < list_of_commands_len; i++)
- {
- status = socket_permission_add (new, list_of_commands[i].cmd);
- if (status != 0)
- {
- fprintf (stderr, "read_options: Adding permission \"%s\" to "
- "socket failed. This should never happen, ever! Sorry.\n",
- permissions[i]);
- status = 4;
- }
- }
+ socket_permission_set_all (new);
}
/* }}} Done adding permissions. */
+ new->socket_group = default_socket.socket_group;
+ new->socket_permissions = default_socket.socket_permissions;
+
if (!rrd_add_ptr((void ***)&config_listen_address_list,
&config_listen_address_list_len, new))
{
}
break;
+ /* set socket group permissions */
+ case 's':
+ {
+ gid_t group_gid;
+ struct group *grp;
+
+ group_gid = strtoul(optarg, NULL, 10);
+ if (errno != EINVAL && group_gid>0)
+ {
+ /* we were passed a number */
+ grp = getgrgid(group_gid);
+ }
+ else
+ {
+ grp = getgrnam(optarg);
+ }
+
+ if (grp)
+ {
+ default_socket.socket_group = grp->gr_gid;
+ }
+ else
+ {
+ /* no idea what the user wanted... */
+ fprintf (stderr, "read_options: couldn't map \"%s\" to a group, Sorry\n", optarg);
+ return (5);
+ }
+ }
+ break;
+
+ /* set socket file permissions */
+ case 'm':
+ {
+ long tmp;
+ char *endptr = NULL;
+
+ tmp = strtol (optarg, &endptr, 8);
+ if ((endptr == optarg) || (! endptr) || (*endptr != '\0')
+ || (tmp > 07777) || (tmp < 0)) {
+ fprintf (stderr, "read_options: Invalid file mode \"%s\".\n",
+ optarg);
+ return (5);
+ }
+
+ default_socket.socket_permissions = (mode_t)tmp;
+ }
+ break;
+
case 'P':
{
char *optcopy;
char *dummy;
char *ptr;
- rrd_free_ptrs ((void *) &permissions, &permissions_len);
+ socket_permission_clear (&default_socket);
optcopy = strdup (optarg);
dummy = optcopy;
while ((ptr = strtok_r (dummy, ", ", &saveptr)) != NULL)
{
dummy = NULL;
- rrd_add_strdup ((void *) &permissions, &permissions_len, ptr);
+ status = socket_permission_add (&default_socket, ptr);
+ if (status != 0)
+ {
+ fprintf (stderr, "read_options: Adding permission \"%s\" to "
+ "socket failed. Most likely, this permission doesn't "
+ "exist. Check your command line.\n", ptr);
+ status = 4;
+ }
}
free (optcopy);
case 'j':
{
- const char *dir = journal_dir = strdup(optarg);
+ char journal_dir_actual[PATH_MAX];
+ const char *dir;
+ dir = journal_dir = strdup(realpath((const char *)optarg, journal_dir_actual));
status = rrd_mkdir_p(dir, 0777);
if (status != 0)
"\n"
"Valid options are:\n"
" -l <address> Socket address to listen to.\n"
+ " Default: "RRDCACHED_DEFAULT_ADDRESS"\n"
" -P <perms> Sets the permissions to assign to all following "
"sockets\n"
" -w <seconds> Interval in which to write data.\n"
" -g Do not fork and run in the foreground.\n"
" -j <dir> Directory in which to create the journal files.\n"
" -F Always flush all updates at shutdown\n"
+ " -s <id|name> Group owner of all following UNIX sockets\n"
+ " (the socket will also have read/write permissions "
+ "for that group)\n"
+ " -m <mode> File permissions (octal) of all following UNIX "
+ "sockets\n"
"\n"
"For more information and a detailed description of all options "
"please refer\n"
"to the rrdcached(1) manual page.\n",
VERSION);
- status = -1;
+ if (option == 'h')
+ status = -1;
+ else
+ status = 1;
break;
} /* switch (option) */
} /* while (getopt) */
if (journal_dir == NULL)
config_flush_at_shutdown = 1;
- rrd_free_ptrs ((void *) &permissions, &permissions_len);
-
return (status);
} /* }}} int read_options */