Create a pidfile for sudo_logsrvd when not run with the -n flag.

2025-08-22 09:57:41 +00:00 · 2020-03-29 05:05:08 -06:00 · 2020-03-29 05:05:08 -06:00 · f908ddd1bf
commit f908ddd1bf
parent 1b90f65609
11 changed files with 120 additions and 9 deletions
--- a/4
+++ b/4
@ -26498,6 +26498,10 @@ cat >>confdefs.h <<EOF
 #define _PATH_SUDO_TIMEDIR "$rundir/ts"
 EOF

+cat >>confdefs.h <<EOF
+#define _PATH_SUDO_LOGSRVD_PID "$rundir/sudo_logsrvd.pid"
+EOF
+

 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sudo var dir location" >&5
 $as_echo_n "checking for sudo var dir location... " >&6; }
--- a/doc/sudo_logsrvd.conf.man.in
+++ b/doc/sudo_logsrvd.conf.man.in
@ -16,7 +16,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.TH "SUDO_LOGSRVD.CONF" "@mansectform@" "February 15, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDO_LOGSRVD.CONF" "@mansectform@" "March 28, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@ -105,6 +105,17 @@ Multiple
 \fIlisten_address\fR
 lines may be specified to listen on more than one interface.
 .TP 10n
+pid_file = path
+The path to the file containing the process ID of the running
+\fBsudo_logsrvd\fR.
+This file is not created when
+\fBsudo_logsrvd\fR
+is run with the
+\fB\-n\fR
+option.
+The default value is
+\fI@rundir@/sudo_logsrvd.pid\fR.
+.TP 10n
 tcp_keepalive = boolean
 If true,
 \fBsudo_logsrvd\fR
@ -555,6 +566,9 @@ Sudo log server configuration file
 # The default is to listen on all addresses.
 #listen_address = *:30344

+# The file containing the ID of the running sudo_logsrvd process.
+#pid_file = @rundir@/sudo_logsrvd.pid
+
 # If set, enable the SO_KEEPALIVE socket option on the connected socket.
 #tcp_keepalive = true

--- a/doc/sudo_logsrvd.conf.mdoc.in
+++ b/doc/sudo_logsrvd.conf.mdoc.in
@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd February 15, 2020
+.Dd March 28, 2020
 .Dt SUDO_LOGSRVD.CONF @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@ -96,6 +96,16 @@ which will listen on all configured network interfaces.
 Multiple
 .Em listen_address
 lines may be specified to listen on more than one interface.
+.It pid_file = path
+The path to the file containing the process ID of the running
+.Nm sudo_logsrvd .
+This file is not created when
+.Nm sudo_logsrvd
+is run with the
+.Fl n
+option.
+The default value is
+.Pa @rundir@/sudo_logsrvd.pid .
 .It tcp_keepalive = boolean
 If true,
 .Nm sudo_logsrvd
@ -504,6 +514,9 @@ Sudo log server configuration file
 # The default is to listen on all addresses.
 #listen_address = *:30344

+# The file containing the ID of the running sudo_logsrvd process.
+#pid_file = @rundir@/sudo_logsrvd.pid
+
 # If set, enable the SO_KEEPALIVE socket option on the connected socket.
 #tcp_keepalive = true

--- a/doc/sudo_logsrvd.man.in
+++ b/doc/sudo_logsrvd.man.in
@ -121,6 +121,11 @@ Sudo log server configuration file
 .TP 26n
 \fI@iolog_dir@\fR
 Default I/O log file location
+.TP 26n
+\fI@rundir@/sudo_logsrvd.pid\fR
+.br
+Process ID file for
+\fBsudo_logsrvd\fR
 .SH "EXAMPLES"
 .SS "Creating self-signed certificates"
 Unless you are using certificates signed by a well-known Certificate
--- a/doc/sudo_logsrvd.mdoc.in
+++ b/doc/sudo_logsrvd.mdoc.in
@ -1,7 +1,7 @@
 .\"
 .\" SPDX-License-Identifier: ISC
 .\"
-.\" Copyright (c) 2019 Todd C. Miller <Todd.Miller@sudo.ws>
+.\" Copyright (c) 2019-2020 Todd C. Miller <Todd.Miller@sudo.ws>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd October 16, 2019
+.Dd March 28, 2020
 .Dt SUDO_LOGSRVD @mansectsu@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@ -114,6 +114,9 @@ Sudo front end configuration
 Sudo log server configuration file
 .It Pa @iolog_dir@
 Default I/O log file location
+.It Pa @rundir@/sudo_logsrvd.pid
+Process ID file for
+.Nm
 .El
 .Sh EXAMPLES
 .Ss Creating self-signed certificates
--- a/examples/sudo_logsrvd.conf
+++ b/examples/sudo_logsrvd.conf
@ -17,6 +17,9 @@
 # The default is to listen on all addresses.
 #listen_address = *:30344

+# The file containing the ID of the running sudo_logsrvd process.
+#pid_file = /var/run/sudo/sudo_logsrvd.pid
+
 # If set, enable the SO_KEEPALIVE socket option on the connected socket.
 #tcp_keepalive = true

--- a/logsrvd/logsrvd.c
+++ b/logsrvd/logsrvd.c
@ -1651,7 +1651,7 @@ logsrvd_cleanup(void)
 }

 /*
- * Fork and detatch from the terminal.
+ * Fork, detatch from the terminal and write pid file unless nofork set.
 */
 static void
 daemonize(bool nofork)
@ -1660,18 +1660,29 @@ daemonize(bool nofork)
    debug_decl(daemonize, SUDO_DEBUG_UTIL);

    if (!nofork) {
+	FILE *fp;
+
 	switch (fork()) {
 	case -1:
 	    sudo_fatal("fork");
 	case 0:
-	    /* child, detach from terminal */
-	    if (setsid() == -1)
-	    sudo_fatal("setsid");
+	    /* child */
 	    break;
 	default:
 	    /* parent, exit */
 	    _exit(EXIT_SUCCESS);
 	}
+
+	/* detach from terminal and write pid file. */
+	if (setsid() == -1)
+	    sudo_fatal("setsid");
+	fp = fopen(logsrvd_conf_pid_file(), "w");
+	if (fp == NULL) {
+	    sudo_warn("%s", logsrvd_conf_pid_file());
+	} else {
+	    fprintf(fp, "%d\n", getpid());
+	    fclose(fp);
+	}
    }

    if (chdir("/") == -1)
@ -1804,7 +1815,8 @@ main(int argc, char *argv[])
    signal(SIGPIPE, SIG_IGN);

    sudo_ev_dispatch(evbase);
+    if (!nofork)
+	unlink(logsrvd_conf_pid_file());

-    /* NOTREACHED */
    debug_return_int(1);
 }
--- a/logsrvd/logsrvd.h
+++ b/logsrvd/logsrvd.h
@ -195,6 +195,7 @@ const char *logsrvd_conf_iolog_dir(void);
 const char *logsrvd_conf_iolog_file(void);
 struct listen_address_list *logsrvd_conf_listen_address(void);
 bool logsrvd_conf_tcp_keepalive(void);
+const char *logsrvd_conf_pid_file(void);
 struct timespec *logsrvd_conf_get_sock_timeout(void);
 #if defined(HAVE_OPENSSL)
 bool logsrvd_conf_get_tls_opt(void);
--- a/logsrvd/logsrvd_conf.c
+++ b/logsrvd/logsrvd_conf.c
@ -78,6 +78,7 @@ static struct logsrvd_config {
        struct listen_address_list addresses;
        struct timespec timeout;
        bool tcp_keepalive;
+	char *pid_file;
 #if defined(HAVE_OPENSSL)
        bool tls;
        struct logsrvd_tls_config tls_config;
@ -144,6 +145,13 @@ logsrvd_conf_tcp_keepalive(void)
 {
    return logsrvd_config->server.tcp_keepalive;
 }
+
+const char *
+logsrvd_conf_pid_file(void)
+{
+    return logsrvd_config->server.pid_file;
+}
+
 struct timespec *
 logsrvd_conf_get_sock_timeout(void)
 {
@ -444,6 +452,28 @@ cb_keepalive(struct logsrvd_config *config, const char *str)
    debug_return_bool(true);
 }

+static bool
+cb_pid_file(struct logsrvd_config *config, const char *str)
+{
+    char *copy = NULL;
+    debug_decl(cb_pid_file, SUDO_DEBUG_UTIL);
+
+    if (*str != '/') {
+	debug_return_bool(false);
+	sudo_warnx(U_("%s: not a fully qualified path"), str);
+	debug_return_bool(false);
+    }
+    if ((copy = strdup(str)) == NULL) {
+	sudo_warn(NULL);
+	debug_return_bool(false);
+    }
+
+    free(config->server.pid_file);
+    config->server.pid_file = copy;
+
+    debug_return_bool(true);
+}
+
 #if defined(HAVE_OPENSSL)
 static bool
 cb_tls_opt(struct logsrvd_config *config, const char *str)
@ -722,6 +752,7 @@ static struct logsrvd_config_entry server_conf_entries[] = {
    { "listen_address", cb_listen_address },
    { "timeout", cb_timeout },
    { "tcp_keepalive", cb_keepalive },
+    { "pid_file", cb_pid_file },
 #if defined(HAVE_OPENSSL)
    { "tls", cb_tls_opt },
    { "tls_key", cb_tls_key },
@ -904,6 +935,7 @@ logsrvd_conf_free(struct logsrvd_config *config)
 	TAILQ_REMOVE(&config->server.addresses, addr, entries);
 	free(addr);
    }
+    free(config->server.pid_file);

    /* struct logsrvd_config_iolog */
    free(config->iolog.iolog_dir);
@ -948,10 +980,23 @@ logsrvd_conf_alloc(void)
    TAILQ_INIT(&config->server.addresses);
    config->server.timeout.tv_sec = DEFAULT_SOCKET_TIMEOUT_SEC;
    config->server.tcp_keepalive = true;
+    config->server.pid_file = strdup(_PATH_SUDO_LOGSRVD_PID);
+    if (config->server.pid_file == NULL) {
+	sudo_warn(NULL);
+	goto bad;
+    }

 #if defined(HAVE_OPENSSL)
    config->server.tls_config.cacert_path = strdup(DEFAULT_CA_CERT_PATH);
+    if (config->server.tls_config.cacert_path == NULL) {
+	sudo_warn(NULL);
+	goto bad;
+    }
    config->server.tls_config.cert_path = strdup(DEFAULT_SERVER_CERT_PATH);
+    if (config->server.tls_config.cert_path == NULL) {
+	sudo_warn(NULL);
+	goto bad;
+    }
    config->server.tls_config.verify = true;
    config->server.tls_config.check_peer = false;
 #endif
--- a/m4/sudo.m4
+++ b/m4/sudo.m4
@ -129,6 +129,7 @@ if test -z "$rundir"; then
 fi
 AC_MSG_RESULT([$rundir])
 SUDO_DEFINE_UNQUOTED(_PATH_SUDO_TIMEDIR, "$rundir/ts")
+SUDO_DEFINE_UNQUOTED(_PATH_SUDO_LOGSRVD_PID, "$rundir/sudo_logsrvd.pid")
 ])dnl

 dnl
--- a/pathnames.h.in
+++ b/pathnames.h.in
@ -89,6 +89,16 @@
 * The following paths are controlled via the configure script.
 */

+/*
+ * Where sudo_logsrvd stores its pid file files.  Defaults to
+ * /var/run/sudo/sudo_logsrvd.pid, /var/db/sudo/sudo_logsrvd.pid,
+ * /var/lib/sudo/sudo_logsrvd.pid, /var/adm/sudo/sudo_logsrvd.pid or
+ * /usr/adm/sudo/sudo_logsrvd.pid depending on what exists on the system.
+ */
+#ifndef _PATH_SUDO_LOGSRVD_PID
+# undef _PATH_SUDO_LOGSRVD_PID
+#endif /* _PATH_SUDO_LOGSRVD_PID */
+
 /*
 * Where to store the time stamp files.  Defaults to /var/run/sudo/ts,
 * /var/db/sudo/ts, /var/lib/sudo/ts, /var/adm/sudo/ts or /usr/adm/sudo/ts