From owner-svn-src-stable-11@freebsd.org Fri May 5 21:52:16 2017 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1EBC0D5FAEC; Fri, 5 May 2017 21:52:16 +0000 (UTC) (envelope-from jilles@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E104F1034; Fri, 5 May 2017 21:52:15 +0000 (UTC) (envelope-from jilles@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v45LqFrx077753; Fri, 5 May 2017 21:52:15 GMT (envelope-from jilles@FreeBSD.org) Received: (from jilles@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v45LqEV7077751; Fri, 5 May 2017 21:52:14 GMT (envelope-from jilles@FreeBSD.org) Message-Id: <201705052152.v45LqEV7077751@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jilles set sender to jilles@FreeBSD.org using -f From: Jilles Tjoelker Date: Fri, 5 May 2017 21:52:14 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r317855 - stable/11/usr.sbin/daemon X-SVN-Group: stable-11 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 May 2017 21:52:16 -0000 Author: jilles Date: Fri May 5 21:52:14 2017 New Revision: 317855 URL: https://svnweb.freebsd.org/changeset/base/317855 Log: MFC r307769: daemon: Allow logging daemon stdout/stderr to file or syslog. There are various new options, documented in the man page, to send the daemon's standard output and/or standard error to a file or to syslog. Relnotes: yes Modified: stable/11/usr.sbin/daemon/daemon.8 stable/11/usr.sbin/daemon/daemon.c Directory Properties: stable/11/ (props changed) Modified: stable/11/usr.sbin/daemon/daemon.8 ============================================================================== --- stable/11/usr.sbin/daemon/daemon.8 Fri May 5 21:29:28 2017 (r317854) +++ stable/11/usr.sbin/daemon/daemon.8 Fri May 5 21:52:14 2017 (r317855) @@ -26,7 +26,7 @@ .\" .\" $FreeBSD$ .\" -.Dd March 2, 2016 +.Dd October 22, 2016 .Dt DAEMON 8 .Os .Sh NAME @@ -34,11 +34,16 @@ .Nd run detached from the controlling terminal .Sh SYNOPSIS .Nm -.Op Fl cfr +.Op Fl cfrS .Op Fl p Ar child_pidfile .Op Fl P Ar supervisor_pidfile .Op Fl t Ar title .Op Fl u Ar user +.Op Fl m Ar output_mask +.Op Fl o Ar output_file +.Op Fl s Ar syslog_priority +.Op Fl T Ar syslog_tag +.Op Fl s Ar syslog_facility .Ar command arguments ... .Sh DESCRIPTION The @@ -46,6 +51,8 @@ The utility detaches itself from the controlling terminal and executes the program specified by its arguments. Privileges may be lowered to the specified user. +The output of the daemonized process may be redirected to syslog and to a +log file. .Pp The options are as follows: .Bl -tag -width indent @@ -55,6 +62,19 @@ Change the current working directory to .It Fl f Redirect standard input, standard output and standard error to .Pa /dev/null . +.It Fl S +Enable syslog output. +This is implicitly applied if other syslog parameters are provided. +The default values are daemon, notice, and daemon for facility, priority, and +tag, respectively. +.It Fl o Ar output_file +Append output from the daemonized process to +.Pa output_file . +If the file does not exist, it is created with permissions 0600. +.It Fl m Ar output_mask +Redirect output from the child process stdout (1), stderr (2), or both (3). +This value specifies what is sent to syslog and the log file. +The default is 3. .It Fl p Ar child_pidfile Write the ID of the created process into the .Ar child_pidfile @@ -96,18 +116,37 @@ option is used or not. .It Fl r Supervise and restart the program if it has been terminated. .It Fl t Ar title -Process title for the daemon to make it easily identifiable. +Set the title for the daemon process. +The default is the daemonized invocation. .It Fl u Ar user Login name of the user to execute the program under. Requires adequate superuser privileges. +.It Fl s Ar syslog_priority +These priorities are accepted: emerg, alert, crit, err, warning, +notice, info, and debug. +The default is info. +.It Fl l Ar syslog_facility +These facilities are accepted: auth, authpriv, console, cron, daemon, +ftp, kern, lpr, mail, news, ntp, security, syslog, user, uucp, and +local0, ..., local7. +The default is daemon. +.It Fl T Ar syslog_tag +Set the tag which is appended to all syslog messages. +The default is daemon. .El .Pp -If the +If any of the options .Fl p , -.Fl P +.Fl P , +.Fl r , +.Fl o , +.Fl s , +.Fl T , +.Fl m , +.Fl S , or -.Fl r -option is specified the program is executed in a spawned child process. +.Fl l +are specified, the program is executed in a spawned child process. The .Nm waits until it terminates to keep the pid file(s) locked and removes them @@ -119,6 +158,13 @@ spawned process. Normally it will cause the child to exit, remove the pidfile(s) and then terminate. .Pp +If neither file or syslog output are selected, all output is redirected to the +.Nm +process and written to stdout. +The +.Fl f +option may be used to suppress the stdout output completely. +.Pp The .Fl P option is useful combined with the @@ -145,13 +191,21 @@ library routine, 2 if or .Ar supervisor_pidfile is requested, but cannot be opened, 3 if process is already running (pidfile -exists and is locked), -otherwise 0. +exists and is locked), 4 if +.Ar syslog_priority +is not accepted, 5 if +.Ar syslog_facility +is not accepted, 6 if +.Ar output_mask +is not within the accepted range, 7 if +.Ar output_file +cannot be opened for appending, and otherwise 0. .Sh DIAGNOSTICS -If the command cannot be executed, an error message is displayed on -standard error unless the +If the command cannot be executed, an error message is printed to +standard error. +The exact behavior depends on the logging parameters and the .Fl f -flag is specified. +flag. .Sh SEE ALSO .Xr setregid 2 , .Xr setreuid 2 , Modified: stable/11/usr.sbin/daemon/daemon.c ============================================================================== --- stable/11/usr.sbin/daemon/daemon.c Fri May 5 21:29:28 2017 (r317854) +++ stable/11/usr.sbin/daemon/daemon.c Fri May 5 21:52:14 2017 (r317855) @@ -35,6 +35,7 @@ __FBSDID("$FreeBSD$"); #include #include +#include #include #include #include @@ -44,25 +45,59 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include +#include +#define SYSLOG_NAMES +#include +#include +#include + +#define LBUF_SIZE 4096 + +struct log_params { + int dosyslog; + int logpri; + int noclose; + int outfd; +}; -static void dummy_sighandler(int); static void restrict_process(const char *); -static int wait_child(pid_t pid, sigset_t *mask); +static void handle_term(int); +static void handle_chld(int); +static int listen_child(int, struct log_params *); +static int get_log_mapping(const char *, const CODE *); +static void open_pid_files(const char *, const char *, struct pidfh **, + struct pidfh **); +static void do_output(const unsigned char *, size_t, struct log_params *); +static void daemon_sleep(time_t, long); static void usage(void); +static volatile sig_atomic_t terminate = 0, child_gone = 0, pid = 0; + int main(int argc, char *argv[]) { - struct pidfh *ppfh, *pfh; - sigset_t mask, oldmask; - int ch, nochdir, noclose, restart, serrno; - const char *pidfile, *ppidfile, *title, *user; - pid_t otherpid, pid; - + const char *pidfile, *ppidfile, *title, *user, *outfn, *logtag; + int ch, nochdir, noclose, restart, dosyslog, child_eof; + sigset_t mask_susp, mask_orig, mask_read, mask_term; + struct log_params logpar; + int pfd[2] = { -1, -1 }, outfd = -1; + int stdmask, logpri, logfac; + struct pidfh *ppfh, *pfh; + char *p; + + memset(&logpar, 0, sizeof(logpar)); + stdmask = STDOUT_FILENO | STDERR_FILENO; + ppidfile = pidfile = user = NULL; nochdir = noclose = 1; + logpri = LOG_NOTICE; + logfac = LOG_DAEMON; + logtag = "daemon"; restart = 0; - ppidfile = pidfile = title = user = NULL; - while ((ch = getopt(argc, argv, "cfp:P:rt:u:")) != -1) { + dosyslog = 0; + outfn = NULL; + title = NULL; + while ((ch = getopt(argc, argv, "cfSp:P:ru:o:s:l:t:l:m:T:")) != -1) { switch (ch) { case 'c': nochdir = 0; @@ -70,6 +105,20 @@ main(int argc, char *argv[]) case 'f': noclose = 0; break; + case 'l': + logfac = get_log_mapping(optarg, facilitynames); + if (logfac == -1) + errx(5, "unrecognized syslog facility"); + dosyslog = 1; + break; + case 'm': + stdmask = strtol(optarg, &p, 10); + if (p == optarg || stdmask < 0 || stdmask > 3) + errx(6, "unrecognized listening mask"); + break; + case 'o': + outfn = optarg; + break; case 'p': pidfile = optarg; break; @@ -79,9 +128,22 @@ main(int argc, char *argv[]) case 'r': restart = 1; break; + case 's': + logpri = get_log_mapping(optarg, prioritynames); + if (logpri == -1) + errx(4, "unrecognized syslog priority"); + dosyslog = 1; + break; + case 'S': + dosyslog = 1; + break; case 't': title = optarg; break; + case 'T': + logtag = optarg; + dosyslog = 1; + break; case 'u': user = optarg; break; @@ -95,43 +157,30 @@ main(int argc, char *argv[]) if (argc == 0) usage(); + if (!title) + title = argv[0]; + + if (outfn) { + outfd = open(outfn, O_CREAT | O_WRONLY | O_APPEND | O_CLOEXEC, 0600); + if (outfd == -1) + err(7, "open"); + } + + if (dosyslog) + openlog(logtag, LOG_PID | LOG_NDELAY, logfac); + ppfh = pfh = NULL; /* * Try to open the pidfile before calling daemon(3), * to be able to report the error intelligently */ - if (pidfile != NULL) { - pfh = pidfile_open(pidfile, 0600, &otherpid); - if (pfh == NULL) { - if (errno == EEXIST) { - errx(3, "process already running, pid: %d", - otherpid); - } - err(2, "pidfile ``%s''", pidfile); - } - } - /* Do the same for actual daemon process. */ - if (ppidfile != NULL) { - ppfh = pidfile_open(ppidfile, 0600, &otherpid); - if (ppfh == NULL) { - serrno = errno; - pidfile_remove(pfh); - errno = serrno; - if (errno == EEXIST) { - errx(3, "process already running, pid: %d", - otherpid); - } - err(2, "ppidfile ``%s''", ppidfile); - } - } - + open_pid_files(pidfile, ppidfile, &pfh, &ppfh); if (daemon(nochdir, noclose) == -1) { warn("daemon"); goto exit; } /* Write out parent pidfile if needed. */ pidfile_write(ppfh); - /* * If the pidfile or restart option is specified the daemon * executes the command in a forked process and wait on child @@ -139,34 +188,50 @@ main(int argc, char *argv[]) * we don't want the monitoring daemon to be terminated * leaving the running process and the stale pidfile, so we * catch SIGTERM and forward it to the children expecting to - * get SIGCHLD eventually. + * get SIGCHLD eventually. We also must fork() to obtain a + * readable pipe with the child for writing to a log file + * and syslog. */ pid = -1; - if (pidfile != NULL || ppidfile != NULL || restart) { + if (pidfile || ppidfile || restart || outfd != -1 || dosyslog) { + struct sigaction act_term, act_chld; + + /* Avoid PID racing with SIGCHLD and SIGTERM. */ + memset(&act_term, 0, sizeof(act_term)); + act_term.sa_handler = handle_term; + sigemptyset(&act_term.sa_mask); + sigaddset(&act_term.sa_mask, SIGCHLD); + + memset(&act_chld, 0, sizeof(act_chld)); + act_chld.sa_handler = handle_chld; + sigemptyset(&act_chld.sa_mask); + sigaddset(&act_chld.sa_mask, SIGTERM); + + /* Block these when avoiding racing before sigsuspend(). */ + sigemptyset(&mask_susp); + sigaddset(&mask_susp, SIGTERM); + sigaddset(&mask_susp, SIGCHLD); + /* Block SIGTERM when we lack a valid child PID. */ + sigemptyset(&mask_term); + sigaddset(&mask_term, SIGTERM); /* - * Restore default action for SIGTERM in case the - * parent process decided to ignore it. + * When reading, we wish to avoid SIGCHLD. SIGTERM + * has to be caught, otherwise we'll be stuck until + * the read() returns - if it returns. */ - if (signal(SIGTERM, SIG_DFL) == SIG_ERR) { - warn("signal"); + sigemptyset(&mask_read); + sigaddset(&mask_read, SIGCHLD); + /* Block SIGTERM to avoid racing until we have forked. */ + if (sigprocmask(SIG_BLOCK, &mask_term, &mask_orig)) { + warn("sigprocmask"); goto exit; } - /* - * Because SIGCHLD is ignored by default, setup dummy handler - * for it, so we can mask it. - */ - if (signal(SIGCHLD, dummy_sighandler) == SIG_ERR) { - warn("signal"); + if (sigaction(SIGTERM, &act_term, NULL) == -1) { + warn("sigaction"); goto exit; } - /* - * Block interesting signals. - */ - sigemptyset(&mask); - sigaddset(&mask, SIGTERM); - sigaddset(&mask, SIGCHLD); - if (sigprocmask(SIG_SETMASK, &mask, &oldmask) == -1) { - warn("sigprocmask"); + if (sigaction(SIGCHLD, &act_chld, NULL) == -1) { + warn("sigaction"); goto exit; } /* @@ -175,56 +240,190 @@ main(int argc, char *argv[]) * not have superuser privileges. */ (void)madvise(NULL, 0, MADV_PROTECT); + logpar.outfd = outfd; + logpar.dosyslog = dosyslog; + logpar.logpri = logpri; + logpar.noclose = noclose; restart: + if (pipe(pfd)) + err(1, "pipe"); /* - * Spawn a child to exec the command, so in the parent - * we could wait for it to exit and remove pidfile. + * Spawn a child to exec the command. */ + child_gone = 0; pid = fork(); if (pid == -1) { warn("fork"); goto exit; + } else if (pid > 0) { + /* + * Unblock SIGTERM after we know we have a valid + * child PID to signal. + */ + if (sigprocmask(SIG_UNBLOCK, &mask_term, NULL)) { + warn("sigprocmask"); + goto exit; + } + close(pfd[1]); + pfd[1] = -1; } } if (pid <= 0) { - if (pid == 0) { - /* Restore old sigmask in the child. */ - if (sigprocmask(SIG_SETMASK, &oldmask, NULL) == -1) - err(1, "sigprocmask"); - } /* Now that we are the child, write out the pid. */ pidfile_write(pfh); if (user != NULL) restrict_process(user); - + /* + * When forking, the child gets the original sigmask, + * and dup'd pipes. + */ + if (pid == 0) { + close(pfd[0]); + if (sigprocmask(SIG_SETMASK, &mask_orig, NULL)) + err(1, "sigprogmask"); + if (stdmask & STDERR_FILENO) { + if (dup2(pfd[1], STDERR_FILENO) == -1) + err(1, "dup2"); + } + if (stdmask & STDOUT_FILENO) { + if (dup2(pfd[1], STDOUT_FILENO) == -1) + err(1, "dup2"); + } + if (pfd[1] != STDERR_FILENO && + pfd[1] != STDOUT_FILENO) + close(pfd[1]); + } execvp(argv[0], argv); - /* * execvp() failed -- report the error. The child is * now running, so the exit status doesn't matter. */ err(1, "%s", argv[0]); } - - if (title != NULL) - setproctitle("%s[%d]", title, pid); - else - setproctitle("%s[%d]", argv[0], pid); - if (wait_child(pid, &mask) == 0 && restart) { - sleep(1); + setproctitle("%s[%d]", title, (int)pid); + /* + * As we have closed the write end of pipe for parent process, + * we might detect the child's exit by reading EOF. The child + * might have closed its stdout and stderr, so we must wait for + * the SIGCHLD to ensure that the process is actually gone. + */ + child_eof = 0; + for (;;) { + /* + * We block SIGCHLD when listening, but SIGTERM we accept + * so the read() won't block if we wish to depart. + * + * Upon receiving SIGTERM, we have several options after + * sending the SIGTERM to our child: + * - read until EOF + * - read until EOF but only for a while + * - bail immediately + * + * We go for the third, as otherwise we have no guarantee + * that we won't block indefinitely if the child refuses + * to depart. To handle the second option, a different + * approach would be needed (procctl()?) + */ + if (child_gone && child_eof) { + break; + } else if (terminate) { + goto exit; + } else if (!child_eof) { + if (sigprocmask(SIG_BLOCK, &mask_read, NULL)) { + warn("sigprocmask"); + goto exit; + } + child_eof = !listen_child(pfd[0], &logpar); + if (sigprocmask(SIG_UNBLOCK, &mask_read, NULL)) { + warn("sigprocmask"); + goto exit; + } + } else { + if (sigprocmask(SIG_BLOCK, &mask_susp, NULL)) { + warn("sigprocmask"); + goto exit; + } + while (!terminate && !child_gone) + sigsuspend(&mask_orig); + if (sigprocmask(SIG_UNBLOCK, &mask_susp, NULL)) { + warn("sigprocmask"); + goto exit; + } + } + } + if (sigprocmask(SIG_BLOCK, &mask_term, NULL)) { + warn("sigprocmask"); + goto exit; + } + if (restart && !terminate) { + daemon_sleep(1, 0); + close(pfd[0]); + pfd[0] = -1; goto restart; } exit: + close(outfd); + close(pfd[0]); + close(pfd[1]); + if (dosyslog) + closelog(); pidfile_remove(pfh); pidfile_remove(ppfh); exit(1); /* If daemon(3) succeeded exit status does not matter. */ } static void -dummy_sighandler(int sig __unused) +daemon_sleep(time_t secs, long nsecs) { - /* Nothing to do. */ + struct timespec ts = { secs, nsecs }; + while (nanosleep(&ts, &ts) == -1) { + if (errno != EINTR) + err(1, "nanosleep"); + } +} + +static void +open_pid_files(const char *pidfile, const char *ppidfile, + struct pidfh **pfh, struct pidfh **ppfh) +{ + pid_t fpid; + int serrno; + + if (pidfile) { + *pfh = pidfile_open(pidfile, 0600, &fpid); + if (*pfh == NULL) { + if (errno == EEXIST) { + errx(3, "process already running, pid: %d", + fpid); + } + err(2, "pidfile ``%s''", pidfile); + } + } + /* Do the same for the actual daemon process. */ + if (ppidfile) { + *ppfh = pidfile_open(ppidfile, 0600, &fpid); + if (*ppfh == NULL) { + serrno = errno; + pidfile_remove(*pfh); + errno = serrno; + if (errno == EEXIST) { + errx(3, "process already running, pid: %d", + fpid); + } + err(2, "ppidfile ``%s''", ppidfile); + } + } +} + +static int +get_log_mapping(const char *str, const CODE *c) +{ + const CODE *cp; + for (cp = c; cp->c_name; cp++) + if (strcmp(cp->c_name, str) == 0) + return cp->c_val; + return -1; } static void @@ -240,34 +439,112 @@ restrict_process(const char *user) errx(1, "failed to set user environment"); } +/* + * We try to collect whole lines terminated by '\n'. Otherwise we collect a + * full buffer, and then output it. + * + * Return value of 0 is assumed to mean EOF or error, and 1 indicates to + * continue reading. + */ static int -wait_child(pid_t pid, sigset_t *mask) +listen_child(int fd, struct log_params *logpar) +{ + static unsigned char buf[LBUF_SIZE]; + static size_t bytes_read = 0; + int rv; + + assert(logpar); + assert(bytes_read < LBUF_SIZE - 1); + + rv = read(fd, buf + bytes_read, LBUF_SIZE - bytes_read - 1); + if (rv > 0) { + unsigned char *cp; + + bytes_read += rv; + assert(bytes_read <= LBUF_SIZE - 1); + /* Always NUL-terminate just in case. */ + buf[LBUF_SIZE - 1] = '\0'; + /* + * Chomp line by line until we run out of buffer. + * This does not take NUL characters into account. + */ + while ((cp = memchr(buf, '\n', bytes_read)) != NULL) { + size_t bytes_line = cp - buf + 1; + assert(bytes_line <= bytes_read); + do_output(buf, bytes_line, logpar); + bytes_read -= bytes_line; + memmove(buf, cp + 1, bytes_read); + } + /* Wait until the buffer is full. */ + if (bytes_read < LBUF_SIZE - 1) + return 1; + do_output(buf, bytes_read, logpar); + bytes_read = 0; + return 1; + } else if (rv == -1) { + /* EINTR should trigger another read. */ + if (errno == EINTR) { + return 1; + } else { + warn("read"); + return 0; + } + } + /* Upon EOF, we have to flush what's left of the buffer. */ + if (bytes_read > 0) { + do_output(buf, bytes_read, logpar); + bytes_read = 0; + } + return 0; +} + +/* + * The default behavior is to stay silent if the user wants to redirect + * output to a file and/or syslog. If neither are provided, then we bounce + * everything back to parent's stdout. + */ +static void +do_output(const unsigned char *buf, size_t len, struct log_params *logpar) { - int terminate, signo; + assert(len <= LBUF_SIZE); + assert(logpar); + + if (len < 1) + return; + if (logpar->dosyslog) + syslog(logpar->logpri, "%.*s", (int)len, buf); + if (logpar->outfd != -1) { + if (write(logpar->outfd, buf, len) == -1) + warn("write"); + } + if (logpar->noclose && !logpar->dosyslog && logpar->outfd == -1) + printf("%.*s", (int)len, buf); +} - terminate = 0; +/* + * We use the global PID acquired directly from fork. If there is no valid + * child pid, the handler should be blocked and/or child_gone == 1. + */ +static void +handle_term(int signo) +{ + if (pid > 0 && !child_gone) + kill(pid, signo); + terminate = 1; +} + +static void +handle_chld(int signo) +{ + (void)signo; for (;;) { - if (sigwait(mask, &signo) == -1) { - warn("sigwaitinfo"); - return (-1); - } - switch (signo) { - case SIGCHLD: - if (waitpid(pid, NULL, WNOHANG) == -1) { - warn("waitpid"); - return (-1); - } - return (terminate); - case SIGTERM: - terminate = 1; - if (kill(pid, signo) == -1) { - warn("kill"); - return (-1); - } - continue; - default: - warnx("sigwaitinfo: invalid signal: %d", signo); - return (-1); + int rv = waitpid(-1, NULL, WNOHANG); + if (pid == rv) { + child_gone = 1; + break; + } else if (rv == -1 && errno != EINTR) { + warn("waitpid"); + return; } } } @@ -275,8 +552,11 @@ wait_child(pid_t pid, sigset_t *mask) static void usage(void) { - (void)fprintf(stderr, "%s\n\t%s\n", - "usage: daemon [-cfr] [-p child_pidfile] [-P supervisor_pidfile]", - "[-t title] [-u user] command arguments ..."); + (void)fprintf(stderr, + "usage: daemon [-cfrS] [-p child_pidfile] [-P supervisor_pidfile]\n" + " [-u user] [-o output_file] [-t title]\n" + " [-l syslog_facility] [-s syslog_priority]\n" + " [-T syslog_tag] [-m output_mask]\n" + "command arguments ...\n"); exit(1); }