/*
* Types
*/
+typedef enum
+{
+ PRIV_LOW,
+ PRIV_HIGH
+} socket_privilege;
+
struct listen_socket_s
{
int fd;
- char path[PATH_MAX + 1];
+ char addr[PATH_MAX + 1];
+ int family;
+ socket_privilege privilege;
};
typedef struct listen_socket_s listen_socket_t;
#define CI_FLAGS_IN_QUEUE (1<<1)
int flags;
pthread_cond_t flushed;
+ cache_item_t *prev;
cache_item_t *next;
};
static int config_flush_at_shutdown = 0;
static char *config_pid_file = NULL;
static char *config_base_dir = NULL;
+static size_t _config_base_dir_len = 0;
+static int config_write_base_only = 0;
-static char **config_listen_address_list = NULL;
+static listen_socket_t **config_listen_address_list = NULL;
static int config_listen_address_list_len = 0;
static uint64_t stats_queue_length = 0;
return (0);
} /* }}} ssize_t swrite */
-static void _wipe_ci_values(cache_item_t *ci, time_t when)
+static void wipe_ci_values(cache_item_t *ci, time_t when)
{
ci->values = NULL;
ci->values_num = 0;
ci->last_flush_time = when;
if (config_write_jitter > 0)
ci->last_flush_time += (random() % config_write_jitter);
-
- ci->flags &= ~(CI_FLAGS_IN_QUEUE);
}
+/* remove_from_queue
+ * remove a "cache_item_t" item from the queue.
+ * must hold 'cache_lock' when calling this
+ */
+static void remove_from_queue(cache_item_t *ci) /* {{{ */
+{
+ if (ci == NULL) return;
+
+ if (ci->prev == NULL)
+ cache_queue_head = ci->next; /* reset head */
+ else
+ ci->prev->next = ci->next;
+
+ if (ci->next == NULL)
+ cache_queue_tail = ci->prev; /* reset the tail */
+ else
+ ci->next->prev = ci->prev;
+
+ ci->next = ci->prev = NULL;
+ ci->flags &= ~CI_FLAGS_IN_QUEUE;
+} /* }}} static void remove_from_queue */
+
/*
* enqueue_cache_item:
* `cache_lock' must be acquired before calling this function!
static int enqueue_cache_item (cache_item_t *ci, /* {{{ */
queue_side_t side)
{
- int did_insert = 0;
-
if (ci == NULL)
return (-1);
if (side == HEAD)
{
- if ((ci->flags & CI_FLAGS_IN_QUEUE) == 0)
- {
- assert (ci->next == NULL);
- ci->next = cache_queue_head;
- cache_queue_head = ci;
-
- if (cache_queue_tail == NULL)
- cache_queue_tail = cache_queue_head;
-
- did_insert = 1;
- }
- else if (cache_queue_head == ci)
- {
- /* do nothing */
- }
- else /* enqueued, but not first entry */
- {
- cache_item_t *prev;
+ if (cache_queue_head == ci)
+ return 0;
- /* find previous entry */
- for (prev = cache_queue_head; prev != NULL; prev = prev->next)
- if (prev->next == ci)
- break;
- assert (prev != NULL);
+ /* remove from the double linked list */
+ if (ci->flags & CI_FLAGS_IN_QUEUE)
+ remove_from_queue(ci);
- /* move to the front */
- prev->next = ci->next;
- ci->next = cache_queue_head;
- cache_queue_head = ci;
+ ci->prev = NULL;
+ ci->next = cache_queue_head;
+ if (ci->next != NULL)
+ ci->next->prev = ci;
+ cache_queue_head = ci;
- /* check if we need to adapt the tail */
- if (cache_queue_tail == ci)
- cache_queue_tail = prev;
- }
+ if (cache_queue_tail == NULL)
+ cache_queue_tail = cache_queue_head;
}
else /* (side == TAIL) */
{
/* We don't move values back in the list.. */
- if ((ci->flags & CI_FLAGS_IN_QUEUE) != 0)
+ if (ci->flags & CI_FLAGS_IN_QUEUE)
return (0);
assert (ci->next == NULL);
+ assert (ci->prev == NULL);
+
+ ci->prev = cache_queue_tail;
if (cache_queue_tail == NULL)
cache_queue_head = ci;
else
cache_queue_tail->next = ci;
- cache_queue_tail = ci;
- did_insert = 1;
+ cache_queue_tail = ci;
}
ci->flags |= CI_FLAGS_IN_QUEUE;
- if (did_insert)
- {
- pthread_cond_broadcast(&cache_cond);
- pthread_mutex_lock (&stats_lock);
- stats_queue_length++;
- pthread_mutex_unlock (&stats_lock);
- }
+ pthread_cond_broadcast(&cache_cond);
+ pthread_mutex_lock (&stats_lock);
+ stats_queue_length++;
+ pthread_mutex_unlock (&stats_lock);
return (0);
} /* }}} int enqueue_cache_item */
values = ci->values;
values_num = ci->values_num;
- _wipe_ci_values(ci, time(NULL));
-
- cache_queue_head = ci->next;
- if (cache_queue_head == NULL)
- cache_queue_tail = NULL;
- ci->next = NULL;
+ wipe_ci_values(ci, time(NULL));
+ remove_from_queue(ci);
pthread_mutex_lock (&stats_lock);
assert (stats_queue_length > 0);
return (0);
} /* }}} int buffer_get_field */
+/* if we're restricting writes to the base directory,
+ * check whether the file falls within the dir
+ * returns 1 if OK, otherwise 0
+ */
+static int check_file_access (const char *file, int fd) /* {{{ */
+{
+ char error[CMD_MAX];
+ assert(file != NULL);
+
+ if (!config_write_base_only
+ || fd < 0 /* journal replay */
+ || config_base_dir == NULL)
+ return 1;
+
+ if (strstr(file, "../") != NULL) goto err;
+
+ /* relative paths without "../" are ok */
+ if (*file != '/') return 1;
+
+ /* file must be of the format base + "/" + <1+ char filename> */
+ if (strlen(file) < _config_base_dir_len + 2) goto err;
+ if (strncmp(file, config_base_dir, _config_base_dir_len) != 0) goto err;
+ if (*(file + _config_base_dir_len) != '/') goto err;
+
+ return 1;
+
+err:
+ snprintf(error, sizeof(error)-1, "-1 %s\n", rrd_strerror(EACCES));
+ swrite(fd, error, strlen(error));
+ return 0;
+} /* }}} static int check_file_access */
+
static int flush_file (const char *filename) /* {{{ */
{
cache_item_t *ci;
return (ENOENT);
}
- /* Enqueue at head */
- enqueue_cache_item (ci, HEAD);
+ if (ci->values_num > 0)
+ {
+ /* Enqueue at head */
+ enqueue_cache_item (ci, HEAD);
+ pthread_cond_wait(&ci->flushed, &cache_lock);
+ }
- pthread_cond_wait(&ci->flushed, &cache_lock);
pthread_mutex_unlock(&cache_lock);
return (0);
stats_flush_received++;
pthread_mutex_unlock(&stats_lock);
+ if (!check_file_access(file, fd)) return 0;
+
status = flush_file (file);
if (status == 0)
snprintf (result, sizeof (result), "0 Successfully flushed %s.\n", file);
stats_updates_received++;
pthread_mutex_unlock(&stats_lock);
+ if (!check_file_access(file, fd)) return 0;
+
pthread_mutex_lock (&cache_lock);
ci = g_tree_lookup (cache_tree, file);
return (0);
}
- _wipe_ci_values(ci, now);
+ wipe_ci_values(ci, now);
ci->flags = CI_FLAGS_IN_TREE;
pthread_mutex_lock(&cache_lock);
free(ci->values);
}
- _wipe_ci_values(ci, time(NULL));
+ wipe_ci_values(ci, time(NULL));
+ remove_from_queue(ci);
pthread_mutex_unlock(&cache_lock);
return (0);
} /* }}} int handle_request_wrote */
+/* returns 1 if we have the required privilege level */
+static int has_privilege (socket_privilege priv, /* {{{ */
+ socket_privilege required, int fd)
+{
+ int status;
+ char error[CMD_MAX];
+
+ if (priv >= required)
+ return 1;
+
+ sprintf(error, "-1 %s\n", rrd_strerror(EACCES));
+ status = swrite(fd, error, strlen(error));
+
+ if (status < 0)
+ return status;
+ else
+ return 0;
+} /* }}} static int has_privilege */
+
/* if fd < 0, we are in journal replay mode */
-static int handle_request (int fd, char *buffer, size_t buffer_size) /* {{{ */
+static int handle_request (int fd, socket_privilege privilege, /* {{{ */
+ char *buffer, size_t buffer_size)
{
char *buffer_ptr;
char *command;
if (strcasecmp (command, "update") == 0)
{
+ status = has_privilege(privilege, PRIV_HIGH, fd);
+ if (status <= 0)
+ return status;
+
/* don't re-write updates in replay mode */
if (fd >= 0)
journal_write(command, buffer_ptr);
}
else if (strcasecmp (command, "flushall") == 0)
{
+ status = has_privilege(privilege, PRIV_HIGH, fd);
+ if (status <= 0)
+ return status;
+
return (handle_request_flushall(fd));
}
else if (strcasecmp (command, "stats") == 0)
size_t entry_len;
++line;
- fgets(entry, sizeof(entry), fh);
+ if (fgets(entry, sizeof(entry), fh) == NULL)
+ break;
entry_len = strlen(entry);
/* check \n termination in case journal writing crashed mid-line */
entry[entry_len - 1] = '\0';
- if (handle_request(-1, entry, entry_len) == 0)
+ if (handle_request(-1, PRIV_HIGH, entry, entry_len) == 0)
++entry_cnt;
else
++fail_cnt;
static void *connection_thread_main (void *args) /* {{{ */
{
pthread_t self;
+ listen_socket_t *sock;
int i;
int fd;
-
- fd = *((int *) args);
- free (args);
+
+ sock = (listen_socket_t *) args;
+ fd = sock->fd;
pthread_mutex_lock (&connection_threads_lock);
{
break;
}
- status = handle_request (fd, buffer, /*buffer_size=*/ status);
+ status = handle_request (fd, sock->privilege, buffer, status);
if (status != 0)
break;
}
close(fd);
+ free(args);
self = pthread_self ();
/* Remove this thread from the connection threads list */
return (NULL);
} /* }}} void *connection_thread_main */
-static int open_listen_socket_unix (const char *path) /* {{{ */
+static int open_listen_socket_unix (const listen_socket_t *sock) /* {{{ */
{
int fd;
struct sockaddr_un sa;
listen_socket_t *temp;
int status;
+ const char *path;
+
+ path = sock->addr;
+ if (strncmp(path, "unix:", strlen("unix:")) == 0)
+ path += strlen("unix:");
temp = (listen_socket_t *) realloc (listen_fds,
sizeof (listen_fds[0]) * (listen_fds_num + 1));
return (-1);
}
listen_fds = temp;
- memset (listen_fds + listen_fds_num, 0, sizeof (listen_fds[0]));
+ memcpy (listen_fds + listen_fds_num, sock, sizeof (listen_fds[0]));
fd = socket (PF_UNIX, SOCK_STREAM, /* protocol = */ 0);
if (fd < 0)
unlink (path);
return (-1);
}
-
+
listen_fds[listen_fds_num].fd = fd;
- snprintf (listen_fds[listen_fds_num].path,
- sizeof (listen_fds[listen_fds_num].path) - 1,
- "unix:%s", path);
+ listen_fds[listen_fds_num].family = PF_UNIX;
+ strncpy(listen_fds[listen_fds_num].addr, path,
+ sizeof (listen_fds[listen_fds_num].addr) - 1);
listen_fds_num++;
return (0);
} /* }}} int open_listen_socket_unix */
-static int open_listen_socket (const char *addr_orig) /* {{{ */
+static int open_listen_socket_network(const listen_socket_t *sock) /* {{{ */
{
struct addrinfo ai_hints;
struct addrinfo *ai_res;
char *port;
int status;
- assert (addr_orig != NULL);
-
- strncpy (addr_copy, addr_orig, sizeof (addr_copy));
+ strncpy (addr_copy, sock->addr, sizeof (addr_copy));
addr_copy[sizeof (addr_copy) - 1] = 0;
addr = addr_copy;
- if (strncmp ("unix:", addr, strlen ("unix:")) == 0)
- return (open_listen_socket_unix (addr + strlen ("unix:")));
- else if (addr[0] == '/')
- return (open_listen_socket_unix (addr));
-
memset (&ai_hints, 0, sizeof (ai_hints));
ai_hints.ai_flags = 0;
#ifdef AI_ADDRCONFIG
ai_hints.ai_socktype = SOCK_STREAM;
port = NULL;
- if (*addr == '[') /* IPv6+port format */
+ if (*addr == '[') /* IPv6+port format */
{
/* `addr' is something like "[2001:780:104:2:211:24ff:feab:26f8]:12345" */
addr++;
port = strchr (addr, ']');
if (port == NULL)
{
- RRDD_LOG (LOG_ERR, "open_listen_socket: Malformed address: %s",
- addr_orig);
+ RRDD_LOG (LOG_ERR, "open_listen_socket_network: Malformed address: %s",
+ sock->addr);
return (-1);
}
*port = 0;
port = NULL;
else
{
- RRDD_LOG (LOG_ERR, "open_listen_socket: Garbage after address: %s",
+ RRDD_LOG (LOG_ERR, "open_listen_socket_network: Garbage after address: %s",
port);
return (-1);
}
&ai_hints, &ai_res);
if (status != 0)
{
- RRDD_LOG (LOG_ERR, "open_listen_socket: getaddrinfo(%s) failed: "
+ RRDD_LOG (LOG_ERR, "open_listen_socket_network: getaddrinfo(%s) failed: "
"%s", addr, gai_strerror (status));
return (-1);
}
sizeof (listen_fds[0]) * (listen_fds_num + 1));
if (temp == NULL)
{
- RRDD_LOG (LOG_ERR, "open_listen_socket: realloc failed.");
+ RRDD_LOG (LOG_ERR, "open_listen_socket_network: realloc failed.");
continue;
}
listen_fds = temp;
- memset (listen_fds + listen_fds_num, 0, sizeof (listen_fds[0]));
+ memcpy (listen_fds + listen_fds_num, sock, sizeof (listen_fds[0]));
fd = socket (ai_ptr->ai_family, ai_ptr->ai_socktype, ai_ptr->ai_protocol);
if (fd < 0)
{
- RRDD_LOG (LOG_ERR, "open_listen_socket: socket(2) failed.");
+ RRDD_LOG (LOG_ERR, "open_listen_socket_network: socket(2) failed.");
continue;
}
status = bind (fd, ai_ptr->ai_addr, ai_ptr->ai_addrlen);
if (status != 0)
{
- RRDD_LOG (LOG_ERR, "open_listen_socket: bind(2) failed.");
+ RRDD_LOG (LOG_ERR, "open_listen_socket_network: bind(2) failed.");
close (fd);
continue;
}
status = listen (fd, /* backlog = */ 10);
if (status != 0)
{
- RRDD_LOG (LOG_ERR, "open_listen_socket: listen(2) failed.");
+ RRDD_LOG (LOG_ERR, "open_listen_socket_network: listen(2) failed.");
close (fd);
return (-1);
}
listen_fds[listen_fds_num].fd = fd;
- strncpy (listen_fds[listen_fds_num].path, addr,
- sizeof (listen_fds[listen_fds_num].path) - 1);
+ listen_fds[listen_fds_num].family = ai_ptr->ai_family;
listen_fds_num++;
} /* for (ai_ptr) */
return (0);
+} /* }}} static int open_listen_socket_network */
+
+static int open_listen_socket (const listen_socket_t *sock) /* {{{ */
+{
+ assert(sock != NULL);
+ assert(sock->addr != NULL);
+
+ if (strncmp ("unix:", sock->addr, strlen ("unix:")) == 0
+ || sock->addr[0] == '/')
+ return (open_listen_socket_unix(sock));
+ else
+ return (open_listen_socket_network(sock));
} /* }}} int open_listen_socket */
static int close_listen_sockets (void) /* {{{ */
for (i = 0; i < listen_fds_num; i++)
{
close (listen_fds[i].fd);
- if (strncmp ("unix:", listen_fds[i].path, strlen ("unix:")) == 0)
- unlink (listen_fds[i].path + strlen ("unix:"));
+
+ if (listen_fds[i].family == PF_UNIX)
+ unlink(listen_fds[i].addr);
}
free (listen_fds);
open_listen_socket (config_listen_address_list[i]);
if (config_listen_address_list_len < 1)
- open_listen_socket (RRDCACHED_DEFAULT_ADDRESS);
+ {
+ listen_socket_t sock;
+ memset(&sock, 0, sizeof(sock));
+ strncpy(sock.addr, RRDCACHED_DEFAULT_ADDRESS, sizeof(sock.addr));
+ open_listen_socket (&sock);
+ }
if (listen_fds_num < 1)
{
for (i = 0; i < pollfds_num; i++)
{
- int *client_sd;
+ listen_socket_t *client_sock;
struct sockaddr_storage client_sa;
socklen_t client_sa_size;
pthread_t tid;
continue;
}
- client_sd = (int *) malloc (sizeof (int));
- if (client_sd == NULL)
+ client_sock = (listen_socket_t *) malloc (sizeof (listen_socket_t));
+ if (client_sock == NULL)
{
RRDD_LOG (LOG_ERR, "listen_thread_main: malloc failed.");
continue;
}
+ memcpy(client_sock, &listen_fds[i], sizeof(listen_fds[0]));
client_sa_size = sizeof (client_sa);
- *client_sd = accept (pollfds[i].fd,
+ client_sock->fd = accept (pollfds[i].fd,
(struct sockaddr *) &client_sa, &client_sa_size);
- if (*client_sd < 0)
+ if (client_sock->fd < 0)
{
RRDD_LOG (LOG_ERR, "listen_thread_main: accept(2) failed.");
+ free(client_sock);
continue;
}
pthread_attr_setdetachstate (&attr, PTHREAD_CREATE_DETACHED);
status = pthread_create (&tid, &attr, connection_thread_main,
- /* args = */ (void *) client_sd);
+ client_sock);
if (status != 0)
{
RRDD_LOG (LOG_ERR, "listen_thread_main: pthread_create failed.");
- close (*client_sd);
- free (client_sd);
+ close (client_sock->fd);
+ free (client_sock);
continue;
}
} /* for (pollfds_num) */
{
int status;
int fd;
+ char *base_dir;
fd = open_pidfile();
if (fd < 0) return fd;
if (!stay_foreground)
{
pid_t child;
- char *base_dir;
child = fork ();
if (child < 0)
return (1);
}
- /* Change into the /tmp directory. */
- base_dir = (config_base_dir != NULL)
- ? config_base_dir
- : "/tmp";
- status = chdir (base_dir);
- if (status != 0)
- {
- fprintf (stderr, "daemonize: chdir (%s) failed.\n", base_dir);
- return (-1);
- }
-
/* Become session leader */
setsid ();
dup (0);
} /* if (!stay_foreground) */
+ /* Change into the /tmp directory. */
+ base_dir = (config_base_dir != NULL)
+ ? config_base_dir
+ : "/tmp";
+ status = chdir (base_dir);
+ if (status != 0)
+ {
+ fprintf (stderr, "daemonize: chdir (%s) failed.\n", base_dir);
+ return (-1);
+ }
+
install_signal_handlers();
openlog ("rrdcached", LOG_PID, LOG_DAEMON);
int option;
int status = 0;
- while ((option = getopt(argc, argv, "gl:f:w:b:z:p:j:h?F")) != -1)
+ while ((option = getopt(argc, argv, "gl:L:f:w:b:Bz:p:j:h?F")) != -1)
{
switch (option)
{
stay_foreground=1;
break;
+ case 'L':
case 'l':
{
- char **temp;
+ listen_socket_t **temp;
+ listen_socket_t *new;
- temp = (char **) realloc (config_listen_address_list,
- sizeof (char *) * (config_listen_address_list_len + 1));
+ new = malloc(sizeof(listen_socket_t));
+ if (new == NULL)
+ {
+ fprintf(stderr, "read_options: malloc failed.\n");
+ return(2);
+ }
+ memset(new, 0, sizeof(listen_socket_t));
+
+ temp = (listen_socket_t **) realloc (config_listen_address_list,
+ sizeof (listen_socket_t *) * (config_listen_address_list_len + 1));
if (temp == NULL)
{
fprintf (stderr, "read_options: realloc failed.\n");
}
config_listen_address_list = temp;
- temp[config_listen_address_list_len] = strdup (optarg);
- if (temp[config_listen_address_list_len] == NULL)
- {
- fprintf (stderr, "read_options: strdup failed.\n");
- return (2);
- }
+ strncpy(new->addr, optarg, sizeof(new->addr)-1);
+ new->privilege = (option == 'l') ? PRIV_HIGH : PRIV_LOW;
+
+ temp[config_listen_address_list_len] = new;
config_listen_address_list_len++;
}
break;
break;
}
+ case 'B':
+ config_write_base_only = 1;
+ break;
+
case 'b':
{
size_t len;
fprintf (stderr, "Invalid base directory: %s\n", optarg);
return (4);
}
+
+ _config_base_dir_len = len;
}
break;
"\n"
"Valid options are:\n"
" -l <address> Socket address to listen to.\n"
+ " -L <address> Socket address to listen to ('FLUSH' only).\n"
" -w <seconds> Interval in which to write data.\n"
" -z <delay> Delay writes up to <delay> seconds to spread load\n"
" -f <seconds> Interval in which to flush dead data.\n"
" -p <file> Location of the PID-file.\n"
" -b <dir> Base directory to change to.\n"
+ " -B Restrict file access to paths within -b <dir>\n"
" -g Do not fork and run in the foreground.\n"
" -j <dir> Directory in which to create the journal files.\n"
" -F Always flush all updates at shutdown\n"
fprintf(stderr, "WARNING: write delay (-z) should NOT be larger than"
" write interval (-w) !\n");
+ if (config_write_base_only && config_base_dir == NULL)
+ fprintf(stderr, "WARNING: -B does not make sense without -b!\n"
+ " Consult the rrdcached documentation\n");
+
if (journal_cur == NULL)
config_flush_at_shutdown = 1;