diff options
author | pjd <pjd@FreeBSD.org> | 2011-01-24 15:04:15 +0000 |
---|---|---|
committer | pjd <pjd@FreeBSD.org> | 2011-01-24 15:04:15 +0000 |
commit | b9551ad06fa31179aa0660647d8e5c086e14d3a5 (patch) | |
tree | c94a787f7df270529dda90e308b832bb7bcbbe53 /sbin/hastd/primary.c | |
parent | 1becfffbbab2786ca68799e6aabbabd97698932a (diff) | |
download | FreeBSD-src-b9551ad06fa31179aa0660647d8e5c086e14d3a5.zip FreeBSD-src-b9551ad06fa31179aa0660647d8e5c086e14d3a5.tar.gz |
Don't open configuration file from worker process. Handle SIGHUP in the
master process only and pass changes to the worker processes over control
socket. This removes access to global namespace in preparation for capsicum
sandboxing.
MFC after: 2 weeks
Diffstat (limited to 'sbin/hastd/primary.c')
-rw-r--r-- | sbin/hastd/primary.c | 77 |
1 files changed, 27 insertions, 50 deletions
diff --git a/sbin/hastd/primary.c b/sbin/hastd/primary.c index e1083975..a4cd172 100644 --- a/sbin/hastd/primary.c +++ b/sbin/hastd/primary.c @@ -836,6 +836,7 @@ hastd_primary(struct hast_resource *res) init_local(res); init_ggate(res); init_environment(res); + /* * Create the guard thread first, so we can handle signals from the * very begining. @@ -1844,47 +1845,32 @@ free_queue: return (NULL); } -static void -config_reload(void) +void +primary_config_reload(struct hast_resource *res, struct nv *nv) { - struct hastd_config *newcfg; - struct hast_resource *res; unsigned int ii, ncomps; - int modified; + int modified, vint; + const char *vstr; pjdlog_info("Reloading configuration..."); - ncomps = HAST_NCOMPONENTS; - - newcfg = yy_config_parse(cfgpath, false); - if (newcfg == NULL) - goto failed; + assert(res->hr_role == HAST_ROLE_PRIMARY); + assert(gres == res); + nv_assert(nv, "remoteaddr"); + nv_assert(nv, "replication"); + nv_assert(nv, "timeout"); + nv_assert(nv, "exec"); - TAILQ_FOREACH(res, &newcfg->hc_resources, hr_next) { - if (strcmp(res->hr_name, gres->hr_name) == 0) - break; - } - /* - * If resource was removed from the configuration file, resource - * name, provider name or path to local component was modified we - * shouldn't be here. This means that someone modified configuration - * file and send SIGHUP to us instead of main hastd process. - * Log advice and ignore the signal. - */ - if (res == NULL || strcmp(gres->hr_name, res->hr_name) != 0 || - strcmp(gres->hr_provname, res->hr_provname) != 0 || - strcmp(gres->hr_localpath, res->hr_localpath) != 0) { - pjdlog_warning("To reload configuration send SIGHUP to the main hastd process (pid %u).", - (unsigned int)getppid()); - goto failed; - } + ncomps = HAST_NCOMPONENTS; #define MODIFIED_REMOTEADDR 0x1 #define MODIFIED_REPLICATION 0x2 #define MODIFIED_TIMEOUT 0x4 #define MODIFIED_EXEC 0x8 modified = 0; - if (strcmp(gres->hr_remoteaddr, res->hr_remoteaddr) != 0) { + + vstr = nv_get_string(nv, "remoteaddr"); + if (strcmp(gres->hr_remoteaddr, vstr) != 0) { /* * Don't copy res->hr_remoteaddr to gres just yet. * We want remote_close() to log disconnect from the old @@ -1892,18 +1878,22 @@ config_reload(void) */ modified |= MODIFIED_REMOTEADDR; } - if (gres->hr_replication != res->hr_replication) { - gres->hr_replication = res->hr_replication; + vint = nv_get_int32(nv, "replication"); + if (gres->hr_replication != vint) { + gres->hr_replication = vint; modified |= MODIFIED_REPLICATION; } - if (gres->hr_timeout != res->hr_timeout) { - gres->hr_timeout = res->hr_timeout; + vint = nv_get_int32(nv, "timeout"); + if (gres->hr_timeout != vint) { + gres->hr_timeout = vint; modified |= MODIFIED_TIMEOUT; } - if (strcmp(gres->hr_exec, res->hr_exec) != 0) { - strlcpy(gres->hr_exec, res->hr_exec, sizeof(gres->hr_exec)); + vstr = nv_get_string(nv, "exec"); + if (strcmp(gres->hr_exec, vstr) != 0) { + strlcpy(gres->hr_exec, vstr, sizeof(gres->hr_exec)); modified |= MODIFIED_EXEC; } + /* * If only timeout was modified we only need to change it without * reconnecting. @@ -1937,7 +1927,8 @@ config_reload(void) remote_close(gres, ii); } if (modified & MODIFIED_REMOTEADDR) { - strlcpy(gres->hr_remoteaddr, res->hr_remoteaddr, + vstr = nv_get_string(nv, "remoteaddr"); + strlcpy(gres->hr_remoteaddr, vstr, sizeof(gres->hr_remoteaddr)); } } @@ -1947,16 +1938,6 @@ config_reload(void) #undef MODIFIED_EXEC pjdlog_info("Configuration reloaded successfully."); - return; -failed: - if (newcfg != NULL) { - if (newcfg->hc_controlconn != NULL) - proto_close(newcfg->hc_controlconn); - if (newcfg->hc_listenconn != NULL) - proto_close(newcfg->hc_listenconn); - yy_config_free(newcfg); - } - pjdlog_warning("Configuration not reloaded."); } static void @@ -2032,7 +2013,6 @@ guard_thread(void *arg) lastcheck = time(NULL); PJDLOG_VERIFY(sigemptyset(&mask) == 0); - PJDLOG_VERIFY(sigaddset(&mask, SIGHUP) == 0); PJDLOG_VERIFY(sigaddset(&mask, SIGINT) == 0); PJDLOG_VERIFY(sigaddset(&mask, SIGTERM) == 0); @@ -2042,9 +2022,6 @@ guard_thread(void *arg) for (;;) { switch (signo) { - case SIGHUP: - config_reload(); - break; case SIGINT: case SIGTERM: sigexit_received = true; |