Refactor keyring open/seed out of server()

Now the keyring is opened and seeded before the server daemon process is
forked, and any keyring error prevents the server from starting

No longer necessary to pass a (cli_parsed*) argument to server()
This commit is contained in:
Andrew Bettison 2014-04-07 16:11:11 +09:30
parent 6371203703
commit bb677e50fd
5 changed files with 39 additions and 29 deletions

View File

@ -862,16 +862,27 @@ int app_server_start(const struct cli_parsed *parsed, struct cli_context *contex
instance directory when it starts up. */
if (server_remove_stopfile() == -1)
RETURN(-1);
// Open the keyring and ensure it contains at least one unlocked identity.
keyring = keyring_open_instance_cli(parsed);
if (!keyring)
RETURN(WHY("Could not open keyring file"));
if (keyring_seed(keyring) == -1) {
WHY("Could not seed keyring");
goto exit;
}
overlayMode = 1;
if (foregroundP)
RETURN(server(parsed));
if (foregroundP) {
ret = server();
goto exit;
}
const char *dir = getenv("SERVALD_SERVER_CHDIR");
if (!dir)
dir = config.server.chdir;
switch (cpid = fork()) {
case -1:
/* Main process. Fork failed. There is no child process. */
RETURN(WHY_perror("fork"));
WHY_perror("fork");
goto exit;
case 0: {
/* Child process. Fork then exit, to disconnect daemon from parent process, so that
when daemon exits it does not live on as a zombie. N.B. Do not return from within this
@ -912,7 +923,7 @@ int app_server_start(const struct cli_parsed *parsed, struct cli_context *contex
WHYF_perror("execl(%s,\"start\",\"foreground\")", alloca_str_toprint(execpath));
_exit(-1);
}
_exit(server(parsed));
_exit(server());
// NOT REACHED
}
}
@ -927,9 +938,11 @@ int app_server_start(const struct cli_parsed *parsed, struct cli_context *contex
sleep_ms(200); // 5 Hz
} while ((pid = server_pid()) == 0 && gettime_ms() < timeout);
if (pid == -1)
RETURN(-1);
if (pid == 0)
RETURN(WHY("Server process did not start"));
goto exit;
if (pid == 0) {
WHY("Server process did not start");
goto exit;
}
ret = 0;
}
const char *ipath = instance_path();
@ -963,6 +976,9 @@ int app_server_start(const struct cli_parsed *parsed, struct cli_context *contex
sleep_ms(milliseconds);
}
}
exit:
keyring_free(keyring);
keyring = NULL;
RETURN(ret);
OUT();
}

View File

@ -2058,10 +2058,6 @@ keyring_file *keyring_open_instance_cli(const struct cli_parsed *parsed)
This identity will not be pin protected (initially). */
int keyring_seed(keyring_file *k)
{
if (config.debug.keyring)
DEBUGF("k=%p", k);
if (!k) return WHY("keyring is null");
/* nothing to do if there is already an identity */
unsigned cn;
for (cn = 0; cn < k->context_count; ++cn)
@ -2070,16 +2066,20 @@ int keyring_seed(keyring_file *k)
int i;
char did[65];
/* Securely generate random telephone number */
urandombytes((unsigned char *)did, 11);
if (urandombytes((unsigned char *)did, 11) == -1)
return -1;
/* Make DID start with 2 through 9, as 1 is special in many number spaces,
and 0 is commonly used for escaping to national or international dialling. */
did[0]='2'+(((unsigned char)did[0])%8);
/* Then add 10 more digits, which is what we do in the mobile phone software */
for(i=1;i<11;i++) did[i]='0'+(((unsigned char)did[i])%10); did[11]=0;
keyring_identity *id=keyring_create_identity(k,k->contexts[0],"");
if (!id) return WHY("Could not create new identity");
if (keyring_set_did(id, did, "")) return WHY("Could not set DID of new identity");
if (keyring_commit(k)) return WHY("Could not commit new identity to keyring file");
if (!id)
return WHY("Could not create new identity");
if (keyring_set_did(id, did, ""))
return WHY("Could not set DID of new identity");
if (keyring_commit(k))
return WHY("Could not commit new identity to keyring file");
{
const sid_t *sidp = NULL;
const char *did = NULL;

View File

@ -80,7 +80,10 @@ int overlayMode=0;
keyring_file *keyring=NULL;
int overlayServerMode(const struct cli_parsed *parsed)
/* The caller must set up the keyring before calling this function, and the keyring must contain at
* least one identity, otherwise MDP and routing will not work.
*/
int overlayServerMode()
{
IN();
@ -99,15 +102,6 @@ int overlayServerMode(const struct cli_parsed *parsed)
if (server_write_pid())
RETURN(-1);
/* Get keyring available for use.
Required for MDP, and very soon as a complete replacement for the
HLR for DNA lookups, even in non-overlay mode. */
keyring = keyring_open_instance_cli(parsed);
if (!keyring)
RETURN(WHY("Could not open serval keyring file."));
/* put initial identity in if we don't have any visible */
keyring_seed(keyring);
overlay_queue_init();
/* Get the set of socket file descriptors we need to monitor.

View File

@ -226,7 +226,7 @@ int server_pid();
const char *_server_pidfile_path(struct __sourceloc);
#define server_pidfile_path() (_server_pidfile_path(__WHENCE__))
void server_save_argv(int argc, const char *const *argv);
int server(const struct cli_parsed *parsed);
int server(void);
int server_write_pid();
int server_write_proc_state(const char *path, const char *fmt, ...);
int server_get_proc_state(const char *path, char *buff, size_t buff_len);
@ -258,7 +258,7 @@ void overlay_rhizome_advertise(struct sched_ent *alarm);
void rhizome_sync_status_html(struct strbuf *b, struct subscriber *subscriber);
int rhizome_cache_count();
int overlayServerMode(const struct cli_parsed *parsed);
int overlayServerMode(void);
int overlay_payload_enqueue(struct overlay_frame *p);
int overlay_queue_remaining(int queue);
int overlay_queue_schedule_next(time_ms_t next_allowed_packet);

View File

@ -99,7 +99,7 @@ void server_save_argv(int argc, const char *const *argv)
exec_args[exec_argc] = NULL;
}
int server(const struct cli_parsed *parsed)
int server()
{
IN();
/* For testing, it can be very helpful to delay the start of the server process, for example to
@ -131,7 +131,7 @@ int server(const struct cli_parsed *parsed)
sigaction(SIGHUP, &sig, NULL);
sigaction(SIGINT, &sig, NULL);
overlayServerMode(parsed);
overlayServerMode();
RETURN(0);
OUT();