2 * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
4 * Contact: Bumjin Im <bj.im@samsung.com>
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License
19 * @file socket-manager.cpp
20 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
22 * @brief Implementation of SocketManager.
28 #include <sys/select.h>
29 #include <sys/signalfd.h>
30 #include <sys/types.h>
31 #include <sys/socket.h>
32 #include <sys/smack.h>
41 #include <systemd/sd-daemon.h>
43 #include <dpl/errno_string.h>
44 #include <dpl/log/log.h>
45 #include <dpl/assert.h>
47 #include <smack-check.h>
48 #include <socket-manager.h>
52 const time_t SOCKET_TIMEOUT = 1000;
54 int getCredentialsFromSocket(int sock, CKM::Credentials &cred) {
55 CKM::Credentials credentials;
56 std::vector<char> result(1);
60 if ((0 > getsockopt(sock, SOL_SOCKET, SO_PEERSEC, result.data(), &length))
63 LogError("getsockopt failed");
67 result.resize(length);
69 if (0 > getsockopt(sock, SOL_SOCKET, SO_PEERSEC, result.data(), &length)) {
70 LogError("getsockopt failed");
74 length = sizeof(ucred);
76 if (0 > getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &peerCred, &length)) {
77 LogError("getsockopt failed");
81 result.push_back('\0');
82 cred.smackLabel = result.data();
83 cred.uid = peerCred.uid;
87 } // namespace anonymous
91 struct DummyService : public GenericSocketService {
92 ServiceDescriptionVector GetServiceDescription() {
93 return ServiceDescriptionVector();
95 void Event(const AcceptEvent &event) { (void)event; }
96 void Event(const WriteEvent &event) { (void)event; }
97 void Event(const ReadEvent &event) { (void)event; }
98 void Event(const CloseEvent &event) { (void)event; }
101 struct SignalService : public GenericSocketService {
102 int GetDescriptor() {
106 sigaddset(&mask, SIGTERM);
107 if (-1 == pthread_sigmask(SIG_BLOCK, &mask, NULL))
109 return signalfd(-1, &mask, 0);
112 ServiceDescriptionVector GetServiceDescription() {
113 return ServiceDescriptionVector();
116 void Event(const AcceptEvent &event) { (void)event; } // not supported
117 void Event(const WriteEvent &event) { (void)event; } // not supported
118 void Event(const CloseEvent &event) { (void)event; } // not supported
120 void Event(const ReadEvent &event) {
121 LogDebug("Get signal information");
123 if(sizeof(struct signalfd_siginfo) != event.rawBuffer.size()) {
124 LogError("Wrong size of signalfd_siginfo struct. Expected: "
125 << sizeof(signalfd_siginfo) << " Get: "
126 << event.rawBuffer.size());
130 signalfd_siginfo *siginfo = (signalfd_siginfo*)(&(event.rawBuffer[0]));
132 if (siginfo->ssi_signo == SIGTERM) {
133 LogInfo("Got signal: SIGTERM");
134 static_cast<SocketManager*>(m_serviceManager)->MainLoopStop();
138 LogInfo("This should not happend. Got signal: " << siginfo->ssi_signo);
142 SocketManager::SocketDescription&
143 SocketManager::CreateDefaultReadSocketDescription(int sock, bool timeout)
145 if ((int)m_socketDescriptionVector.size() <= sock)
146 m_socketDescriptionVector.resize(sock+20);
148 auto &desc = m_socketDescriptionVector[sock];
149 desc.isListen = false;
151 desc.interfaceID = 0;
153 desc.counter = ++m_counter;
156 desc.timeout = time(NULL) + SOCKET_TIMEOUT;
157 if (false == desc.isTimeout) {
159 tm.time = desc.timeout;
161 m_timeoutQueue.push(tm);
165 desc.isTimeout = timeout;
167 FD_SET(sock, &m_readSet);
168 m_maxDesc = sock > m_maxDesc ? sock : m_maxDesc;
172 SocketManager::SocketManager()
177 FD_ZERO(&m_writeSet);
178 if (-1 == pipe(m_notifyMe)) {
180 ThrowMsg(Exception::InitFailed, "Error in pipe: " << GetErrnoString(err));
182 LogInfo("Pipe: Read desc: " << m_notifyMe[0] << " Write desc: " << m_notifyMe[1]);
184 auto &desc = CreateDefaultReadSocketDescription(m_notifyMe[0], false);
185 desc.service = new DummyService;
187 // std::thread bases on pthread so this should work fine
190 sigaddset(&set, SIGPIPE);
191 pthread_sigmask(SIG_BLOCK, &set, NULL);
193 // add support for TERM signal (passed from systemd)
194 auto *signalService = new SignalService;
195 signalService->SetSocketManager(this);
196 int filefd = signalService->GetDescriptor();
198 LogError("Error in SignalService.GetDescriptor()");
199 delete signalService;
201 auto &desc2 = CreateDefaultReadSocketDescription(filefd, false);
202 desc2.service = signalService;
203 LogInfo("SignalService mounted on " << filefd << " descriptor");
207 SocketManager::~SocketManager() {
208 std::set<GenericSocketService*> serviceMap;
210 // Find all services. Set is used to remove duplicates.
211 // In this implementation, services are not able to react in any way.
212 for (size_t i=0; i < m_socketDescriptionVector.size(); ++i)
213 if (m_socketDescriptionVector[i].isOpen)
214 serviceMap.insert(m_socketDescriptionVector[i].service);
216 // Time to destroy all services.
217 for(auto it = serviceMap.begin(); it != serviceMap.end(); ++it) {
218 LogDebug("delete " << (void*)(*it));
222 for (size_t i = 0; i < m_socketDescriptionVector.size(); ++i)
223 if (m_socketDescriptionVector[i].isOpen)
226 // All socket except one were closed. Now pipe input must be closed.
227 close(m_notifyMe[1]);
230 void SocketManager::ReadyForAccept(int sock) {
231 struct sockaddr_un clientAddr;
232 unsigned int clientLen = sizeof(clientAddr);
233 int client = accept4(sock, (struct sockaddr*) &clientAddr, &clientLen, SOCK_NONBLOCK);
234 // LogInfo("Accept on sock: " << sock << " Socket opended: " << client);
237 LogDebug("Error in accept: " << GetErrnoString(err));
241 Credentials peerCred;
242 if (0 > getCredentialsFromSocket(client, peerCred)) {
243 LogDebug("Error in getCredentialsFromSocket. Socket closed.");
244 TEMP_FAILURE_RETRY(close(client));
248 auto &desc = CreateDefaultReadSocketDescription(client, true);
249 desc.interfaceID = m_socketDescriptionVector[sock].interfaceID;
250 desc.service = m_socketDescriptionVector[sock].service;
252 GenericSocketService::AcceptEvent event;
253 event.connectionID.sock = client;
254 event.connectionID.counter = desc.counter;
255 event.interfaceID = desc.interfaceID;
256 event.credentials = peerCred;
257 desc.service->Event(event);
260 void SocketManager::ReadyForRead(int sock) {
261 if (m_socketDescriptionVector[sock].isListen) {
262 ReadyForAccept(sock);
266 GenericSocketService::ReadEvent event;
267 event.connectionID.sock = sock;
268 event.connectionID.counter = m_socketDescriptionVector[sock].counter;
269 event.rawBuffer.resize(4096);
271 auto &desc = m_socketDescriptionVector[sock];
272 desc.timeout = time(NULL) + SOCKET_TIMEOUT;
274 ssize_t size = read(sock, &event.rawBuffer[0], 4096);
278 } else if (size >= 0) {
279 event.rawBuffer.resize(size);
280 desc.service->Event(event);
281 } else if (size == -1) {
288 LogDebug("Reading sock error: " << GetErrnoString(err));
294 void SocketManager::ReadyForWriteBuffer(int sock) {
295 auto &desc = m_socketDescriptionVector[sock];
296 size_t size = desc.rawBuffer.size();
297 ssize_t result = write(sock, &desc.rawBuffer[0], size);
303 // select will trigger write once again, nothing to do
307 LogDebug("Error during write: " << GetErrnoString(err));
311 return; // We do not want to propagate error to next layer
314 desc.rawBuffer.erase(desc.rawBuffer.begin(), desc.rawBuffer.begin()+result);
316 desc.timeout = time(NULL) + SOCKET_TIMEOUT;
318 if (desc.rawBuffer.empty())
319 FD_CLR(sock, &m_writeSet);
321 GenericSocketService::WriteEvent event;
322 event.connectionID.sock = sock;
323 event.connectionID.counter = desc.counter;
325 event.left = desc.rawBuffer.size();
327 desc.service->Event(event);
330 void SocketManager::ReadyForWrite(int sock) {
331 ReadyForWriteBuffer(sock);
334 void SocketManager::MainLoop() {
335 // remove evironment values passed by systemd
336 // uncomment it after removing old security-server code
339 // Daemon is ready to work.
340 sd_notify(0, "READY=1");
344 fd_set readSet = m_readSet;
345 fd_set writeSet = m_writeSet;
347 timeval localTempTimeout;
348 timeval *ptrTimeout = &localTempTimeout;
350 // I need to extract timeout from priority_queue.
351 // Timeout in priority_queue may be deprecated.
352 // I need to find some actual one.
353 while(!m_timeoutQueue.empty()) {
354 auto &top = m_timeoutQueue.top();
355 auto &desc = m_socketDescriptionVector[top.sock];
357 if (top.time == desc.timeout) {
358 // This timeout matches timeout from socket.
362 // This socket was used after timeout in priority queue was set up.
363 // We need to update timeout and find some useable one.
364 Timeout tm = { desc.timeout , top.sock};
365 m_timeoutQueue.pop();
366 m_timeoutQueue.push(tm);
370 if (m_timeoutQueue.empty()) {
371 LogDebug("No usaable timeout found.");
372 ptrTimeout = NULL; // select will wait without timeout
374 time_t currentTime = time(NULL);
375 auto &pqTimeout = m_timeoutQueue.top();
377 // 0 means that select won't block and socket will be closed ;-)
379 currentTime < pqTimeout.time ? pqTimeout.time - currentTime : 0;
380 ptrTimeout->tv_usec = 0;
381 // LogDebug("Set up timeout: " << (int)ptrTimeout->tv_sec
382 // << " seconds. Socket: " << pqTimeout.sock);
385 int ret = select(m_maxDesc+1, &readSet, &writeSet, NULL, ptrTimeout);
387 if (0 == ret) { // timeout
388 Assert(!m_timeoutQueue.empty());
390 Timeout pqTimeout = m_timeoutQueue.top();
391 m_timeoutQueue.pop();
393 auto &desc = m_socketDescriptionVector[pqTimeout.sock];
395 if (!desc.isTimeout || !desc.isOpen) {
396 // Connection was closed. Timeout is useless...
397 desc.isTimeout = false;
401 if (pqTimeout.time < desc.timeout) {
403 // This socket was used after timeout. We need to update timeout.
404 pqTimeout.time = desc.timeout;
405 m_timeoutQueue.push(pqTimeout);
409 // timeout from m_timeoutQueue matches with socket.timeout
410 // and connection is open. Time to close it!
411 // Putting new timeout in queue here is pointless.
412 desc.isTimeout = false;
413 CloseSocket(pqTimeout.sock);
415 // All done. Now we should process next select ;-)
422 LogDebug("EINTR in select");
426 LogError("Error in select: " << GetErrnoString(err));
431 for(int i = 0; i<m_maxDesc+1 && ret; ++i) {
432 if (FD_ISSET(i, &readSet)) {
436 if (FD_ISSET(i, &writeSet)) {
445 void SocketManager::MainLoopStop()
451 int SocketManager::GetSocketFromSystemD(
452 const GenericSocketService::ServiceDescription &desc)
456 // TODO optimalization - do it once in object constructor
457 // and remember all information path->sockfd
458 int n = sd_listen_fds(0);
460 LogInfo("sd_listen_fds returns: " << n);
463 LogError("Error in sd_listend_fds");
464 ThrowMsg(Exception::InitFailed, "Error in sd_listend_fds");
467 for(fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START+n; ++fd) {
468 if (0 < sd_is_socket_unix(fd, SOCK_STREAM, 1,
469 desc.serviceHandlerPath.c_str(), 0))
471 LogInfo("Useable socket " << desc.serviceHandlerPath <<
472 " was passed by SystemD under descriptor " << fd);
476 LogError("No useable sockets were passed by systemd.");
480 int SocketManager::CreateDomainSocketHelp(
481 const GenericSocketService::ServiceDescription &desc)
485 if (-1 == (sockfd = socket(AF_UNIX, SOCK_STREAM, 0))) {
487 LogError("Error in socket: " << GetErrnoString(err));
488 ThrowMsg(Exception::InitFailed, "Error in socket: " << GetErrnoString(err));
492 LogInfo("Set up smack label: " << desc.smackLabel);
494 if (0 != smack_fsetlabel(sockfd, desc.smackLabel.c_str(), SMACK_LABEL_IPIN)) {
495 LogError("Error in smack_fsetlabel");
496 ThrowMsg(Exception::InitFailed, "Error in smack_fsetlabel");
499 LogInfo("No smack on platform. Socket won't be securied with smack label!");
503 if (-1 == (flags = fcntl(sockfd, F_GETFL, 0)))
506 if (-1 == fcntl(sockfd, F_SETFL, flags | O_NONBLOCK)) {
509 LogError("Error in fcntl: " << GetErrnoString(err));
510 ThrowMsg(Exception::InitFailed, "Error in fcntl: " << GetErrnoString(err));
513 sockaddr_un serverAddress;
514 memset(&serverAddress, 0, sizeof(serverAddress));
515 serverAddress.sun_family = AF_UNIX;
516 strcpy(serverAddress.sun_path, desc.serviceHandlerPath.c_str());
517 unlink(serverAddress.sun_path);
519 mode_t originalUmask;
520 originalUmask = umask(0);
522 if (-1 == bind(sockfd, (struct sockaddr*)&serverAddress, sizeof(serverAddress))) {
525 LogError("Error in bind: " << GetErrnoString(err));
526 ThrowMsg(Exception::InitFailed, "Error in bind: " << GetErrnoString(err));
529 umask(originalUmask);
531 if (-1 == listen(sockfd, 5)) {
534 LogError("Error in listen: " << GetErrnoString(err));
535 ThrowMsg(Exception::InitFailed, "Error in listen: " << GetErrnoString(err));
541 void SocketManager::CreateDomainSocket(
542 GenericSocketService *service,
543 const GenericSocketService::ServiceDescription &desc)
545 int sockfd = GetSocketFromSystemD(desc);
547 sockfd = CreateDomainSocketHelp(desc);
549 auto &description = CreateDefaultReadSocketDescription(sockfd, false);
551 description.isListen = true;
552 description.interfaceID = desc.interfaceID;
553 description.service = service;
555 LogDebug("Listen on socket: " << sockfd <<
556 " Handler: " << desc.serviceHandlerPath.c_str());
559 void SocketManager::RegisterSocketService(GenericSocketService *service) {
560 service->SetSocketManager(this);
561 auto serviceVector = service->GetServiceDescription();
563 for (auto iter = serviceVector.begin(); iter != serviceVector.end(); ++iter)
564 CreateDomainSocket(service, *iter);
565 } Catch (Exception::Base) {
566 for (int i =0; i < (int)m_socketDescriptionVector.size(); ++i)
568 auto &desc = m_socketDescriptionVector[i];
569 if (desc.service == service && desc.isOpen) {
574 ReThrow(Exception::Base);
578 void SocketManager::Close(ConnectionID connectionID) {
580 std::lock_guard<std::mutex> ulock(m_eventQueueMutex);
581 m_closeQueue.push(connectionID);
586 void SocketManager::Write(ConnectionID connectionID, const RawBuffer &rawBuffer) {
588 buffer.connectionID = connectionID;
589 buffer.rawBuffer = rawBuffer;
591 std::lock_guard<std::mutex> ulock(m_eventQueueMutex);
592 m_writeBufferQueue.push(buffer);
597 void SocketManager::NotifyMe() {
598 TEMP_FAILURE_RETRY(write(m_notifyMe[1], "You have message ;-)", 1));
601 void SocketManager::ProcessQueue() {
604 std::lock_guard<std::mutex> ulock(m_eventQueueMutex);
605 while (!m_writeBufferQueue.empty()) {
606 buffer = m_writeBufferQueue.front();
607 m_writeBufferQueue.pop();
609 auto &desc = m_socketDescriptionVector[buffer.connectionID.sock];
612 LogDebug("Received packet for write but connection is closed. Packet ignored!");
616 if (desc.counter != buffer.connectionID.counter)
618 LogDebug("Received packet for write but counter is broken. Packet ignored!");
623 buffer.rawBuffer.begin(),
624 buffer.rawBuffer.end(),
625 std::back_inserter(desc.rawBuffer));
627 FD_SET(buffer.connectionID.sock, &m_writeSet);
633 ConnectionID connection;
635 std::lock_guard<std::mutex> ulock(m_eventQueueMutex);
636 if (m_closeQueue.empty())
638 connection = m_closeQueue.front();
642 if (!m_socketDescriptionVector[connection.sock].isOpen)
645 if (connection.counter != m_socketDescriptionVector[connection.sock].counter)
648 CloseSocket(connection.sock);
652 void SocketManager::CloseSocket(int sock) {
653 // LogInfo("Closing socket: " << sock);
654 auto &desc = m_socketDescriptionVector[sock];
656 if (!(desc.isOpen)) {
657 // This may happend when some information was waiting for write to the
658 // socket and in the same time socket was closed by the client.
659 LogError("Socket " << sock << " is not open. Nothing to do!");
663 GenericSocketService::CloseEvent event;
664 event.connectionID.sock = sock;
665 event.connectionID.counter = desc.counter;
666 auto service = desc.service;
670 desc.interfaceID = -1;
671 desc.rawBuffer.clear();
674 service->Event(event);
676 LogError("Critical! Service is NULL! This should never happend!");
678 TEMP_FAILURE_RETRY(close(sock));
679 FD_CLR(sock, &m_readSet);
680 FD_CLR(sock, &m_writeSet);
projects / platform / core / security / key-manager.git / blob