7
8
9
10
11
12
13
14
15
16
17
18
19
20
...
340
341
342
343
344
345
346
347
348
349
350
351
352
353
...
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
|
#include <string.h>
/* posix */
#include <netinet/in.h>
#include <unistd.h>
#include <sys/socket.h>
#include <netdb.h>
/* libs */
#include <wireguard.h>
#include "wglist.h"
/* wireguard uses messy linked lists but doesn't
* provide any routines for manipulating them;
* wglist.h fills in the gap */
................................................................................
int e = wg_set_device(wg);
if(e != 0)
_fatalf("could not set wg device (error %i)", -e);
}
PQclear(rows);
}
int main(int argc, char** argv) {
setvbuf(stderr, null, _IONBF, 0);
if (argc < 3) {
_fatal("missing device name");
}
................................................................................
* get our superpowers back if we lost them */
{uid_t svuid;
getresuid(null, null, &svuid);
if (svuid == 0) setuid(0);}
if(strcmp(arg_mode, "sync") == 0) {
syncauth(db, arg_devname);
} else if(strcmp(arg_mode, "wait") == 0) {
/* foreground daemon */
} else if(strcmp(arg_mode, "fork") == 0) {
/* background daemon */
} else {
_fatal("valid modes are sync, wait, and fork");
}
/* other possibilities: a mode that generates an eventfd
* and provides it on fd4 to a subordinate process, or
* sends it with SCM_RIGHTS */
PQfinish(db);
return 0;
}
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
|
>
>
>
>
>
|
>
>
>
>
>
>
>
|
|
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
...
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
...
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
|
#include <string.h>
/* posix */
#include <netinet/in.h>
#include <unistd.h>
#include <sys/socket.h>
#include <netdb.h>
#include <poll.h>
#if __linux__
# include <sys/signalfd.h>
# include <signal.h>
#endif
/* libs */
#include <wireguard.h>
#include "wglist.h"
/* wireguard uses messy linked lists but doesn't
* provide any routines for manipulating them;
* wglist.h fills in the gap */
................................................................................
int e = wg_set_device(wg);
if(e != 0)
_fatalf("could not set wg device (error %i)", -e);
}
PQclear(rows);
}
void daemonmain(PGconn* db, const char* wgdev) {
PGresult* subscribe = PQexec(db,
"listen sync_vpn;"
"listen sync_priv;");
if (PQresultStatus(subscribe) != PGRES_COMMAND_OK)
_warn("could not subscribe to DB notification channels");
PQclear(subscribe);
int pqfd = PQsocket(db);
#if __linux__
sigset_t sigs;
sigemptyset(&sigs);
sigaddset(&sigs, SIGHUP);
sigaddset(&sigs, SIGTERM);
sigaddset(&sigs, SIGINT);
sigprocmask(SIG_BLOCK, &sigs, null);
int sigfd = signalfd(-1, &sigs, SFD_CLOEXEC);
#endif
struct pollfd polls[] = {
{ .fd = pqfd, .events = POLLIN, .revents = 0 },
#if __linux__
{ .fd = sigfd, .events = POLLIN, .revents = 0 },
#endif
};
for (;;) {
int p = poll(polls, _sz(polls), -1);
if (p > 0) {
bool didSync = false;
switch (polls[0].revents) {
case 0: break;
case POLLHUP:
_fatal("lost DB connection; terminating");
case POLLIN: {
PQconsumeInput(db);
for (;;) {
PGnotify* n = PQnotifies(db);
if(n == null) break;
if(strcmp(n->relname, "sync_vpn") == 0
|| strcmp(n->relname, "sync_priv") == 0) {
if(!didSync) {
syncauth(db, wgdev);
didSync = true;
}
}
}
}
}
#if __linux__
switch (polls[1].revents) {
case 0: break;
case POLLIN: {
struct signalfd_siginfo si;
read(sigfd, &si, sizeof si);
if(si.ssi_signo == SIGHUP && !didSync) {
syncauth(db, wgdev);
didSync = true;
} else if (si.ssi_signo == SIGTERM || si.ssi_signo == SIGINT) {
goto poll_end;
}
};
}
#endif
}
}
poll_end :;
_info("shutting down");
#if __linux__
close(sigfd);
#endif
}
int main(int argc, char** argv) {
setvbuf(stderr, null, _IONBF, 0);
if (argc < 3) {
_fatal("missing device name");
}
................................................................................
* get our superpowers back if we lost them */
{uid_t svuid;
getresuid(null, null, &svuid);
if (svuid == 0) setuid(0);}
if(strcmp(arg_mode, "sync") == 0) {
syncauth(db, arg_devname);
} else if(strcmp(arg_mode, "wait") == 0 ||
strcmp(arg_mode, "syncwait") == 0 ||
strcmp(arg_mode, "fork") == 0 ||
strcmp(arg_mode, "syncfork") == 0) {
if(strncmp(arg_mode, "sync", 4) == 0)
syncauth(db, arg_devname);
/* maybe background daemon */
if(strcmp(arg_mode, "fork") == 0 ||
strcmp(arg_mode, "syncfork") == 0) {
if (daemon(1,1) == -1)
_fatal("cannot daemonize");
}
daemonmain(db, arg_devname);
} else {
_fatal("valid modes are sync, wait, syncwait, fork, and syncfork");
}
/* other possibilities: a mode that generates an eventfd
* and provides it on fd4 to a subordinate process, or
* sends it with SCM_RIGHTS */
PQfinish(db);
return 0;
}
|