ldpd: simplify initialization of the child processes

In order to have separate ASLR/cookies per process, ldpd calls exec()
in the child processes after fork() (this is also known as the fork+exec
model).

This is an important security feature but it makes the initialization
of the child processes a bit more complicated as they're not a copy of
the parent anymore, so all parameters given via command line are lost.

To solve this problem, we were creating an argv array by hand with all
necessary parameters and providing it to the exec() syscall. This works
but it's a very ugly solution. This patch introduces a different approach
to solve the problem: send an IMSG_INIT message to the child processes
with all parameters they need in order to initialize properly. This
makes adding additional initialization parameters much more convenient
and less error prone.

Signed-off-by: Renato Westphal <renato@opensourcerouting.org>

1 files changed, 49 insertions, 39 deletions

diff --git a/ldpd/ldpe.c b/ldpd/ldpe.c
index e82416276..1248d4f86 100644
--- a/ldpd/ldpe.c
+++ b/ldpd/ldpe.c
@@ -103,47 +103,17 @@ static struct quagga_signal_t ldpe_signals[] =
 
 /* label distribution protocol engine */
 void
-ldpe(const char *user, const char *group, const char *ctl_path)
+ldpe(void)
 {
 	struct thread		 thread;
 
-	leconf = config_new_empty();
-
 #ifdef HAVE_SETPROCTITLE
 	setproctitle("ldp engine");
 #endif
 	ldpd_process = PROC_LDP_ENGINE;
 	log_procname = log_procnames[ldpd_process];
 
-	LIST_INIT(&global.addr_list);
-	RB_INIT(&global.adj_tree);
-	TAILQ_INIT(&global.pending_conns);
-	if (inet_pton(AF_INET, AllRouters_v4, &global.mcast_addr_v4) != 1)
-		fatal("inet_pton");
-	if (inet_pton(AF_INET6, AllRouters_v6, &global.mcast_addr_v6) != 1)
-		fatal("inet_pton");
-#ifdef __OpenBSD__
-	global.pfkeysock = pfkey_init();
-#endif
-
-	/* drop privileges */
-	if (user)
-		ldpe_privs.user = user;
-	if (group)
-		ldpe_privs.group = group;
-	zprivs_init(&ldpe_privs);
-
-	strlcpy(ctl_sock_path, ctl_path, sizeof(ctl_sock_path));
-	if (control_init() == -1)
-		fatalx("control socket setup failed");
-
-#ifdef HAVE_PLEDGE
-	if (pledge("stdio cpath inet mcast recvfd", NULL) == -1)
-		fatal("pledge");
-#endif
-
   	master = thread_master_create();
-	accept_init();
 
 	/* setup signal handler */
 	signal_init(master, array_size(ldpe_signals), ldpe_signals);
@@ -161,7 +131,45 @@ ldpe(const char *user, const char *group, const char *ctl_path)
 		fatal(NULL);
 	imsg_init(&iev_main_sync->ibuf, LDPD_FD_SYNC);
 
+	/* create base configuration */
+	leconf = config_new_empty();
+
+	/* Fetch next active thread. */
+	while (thread_fetch(master, &thread))
+		thread_call(&thread);
+}
+
+void
+ldpe_init(struct ldpd_init *init)
+{
+	/* drop privileges */
+	if (init->user)
+		ldpe_privs.user = init->user;
+	if (init->group)
+		ldpe_privs.group = init->group;
+	zprivs_init(&ldpe_privs);
+
+	/* listen on ldpd control socket */
+	strlcpy(ctl_sock_path, init->ctl_sock_path, sizeof(ctl_sock_path));
+	if (control_init(ctl_sock_path) == -1)
+		fatalx("control socket setup failed");
+	TAILQ_INIT(&ctl_conns);
+	control_listen();
+
+#ifdef HAVE_PLEDGE
+	if (pledge("stdio cpath inet mcast recvfd", NULL) == -1)
+		fatal("pledge");
+#endif
+
+	LIST_INIT(&global.addr_list);
+	RB_INIT(&global.adj_tree);
+	TAILQ_INIT(&global.pending_conns);
+	if (inet_pton(AF_INET, AllRouters_v4, &global.mcast_addr_v4) != 1)
+		fatal("inet_pton");
+	if (inet_pton(AF_INET6, AllRouters_v6, &global.mcast_addr_v6) != 1)
+		fatal("inet_pton");
 #ifdef __OpenBSD__
+	global.pfkeysock = pfkey_init();
 	if (sysdep.no_pfkey == 0)
 		pfkey_ev = thread_add_read(master, ldpe_dispatch_pfkey,
 		    NULL, global.pfkeysock);
@@ -175,16 +183,10 @@ ldpe(const char *user, const char *group, const char *ctl_path)
 	global.ipv6.ldp_edisc_socket = -1;
 	global.ipv6.ldp_session_socket = -1;
 
-	/* listen on ldpd control socket */
-	TAILQ_INIT(&ctl_conns);
-	control_listen();
-
 	if ((pkt_ptr = calloc(1, IBUF_READ_SIZE)) == NULL)
 		fatal(__func__);
 
-	/* Fetch next active thread. */
-	while (thread_fetch(master, &thread))
-		thread_call(&thread);
+	accept_init();
 }
 
 static void
@@ -203,7 +205,7 @@ ldpe_shutdown(void)
 	msgbuf_clear(&iev_main_sync->ibuf.w);
 	close(iev_main_sync->ibuf.fd);
 
-	control_cleanup();
+	control_cleanup(ctl_sock_path);
 	config_clear(leconf);
 
 #ifdef __OpenBSD__
@@ -352,6 +354,14 @@ ldpe_dispatch_main(struct thread *thread)
 			iev_lde->handler_write = ldp_write_handler;
 			iev_lde->ev_write = NULL;
 			break;
+		case IMSG_INIT:
+			if (imsg.hdr.len != IMSG_HEADER_SIZE +
+			    sizeof(struct ldpd_init))
+				fatalx("INIT imsg with wrong len");
+
+			memcpy(&init, imsg.data, sizeof(init));
+			ldpe_init(&init);
+			break;
 		case IMSG_CLOSE_SOCKETS:
 			af = imsg.hdr.peerid;