Create a pidfile for sudo_logsrvd when not run with the -n flag.

11 files changed, 120 insertions, 9 deletions

diff --git a/configure b/configure
index cb980946e..010172fed 100755
--- a/configure
+++ b/configure
@@ -26498,6 +26498,10 @@ cat >>confdefs.h <<EOF
 #define _PATH_SUDO_TIMEDIR "$rundir/ts"
 EOF
 
+cat >>confdefs.h <<EOF
+#define _PATH_SUDO_LOGSRVD_PID "$rundir/sudo_logsrvd.pid"
+EOF
+
 
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sudo var dir location" >&5
 $as_echo_n "checking for sudo var dir location... " >&6; }
diff --git a/doc/sudo_logsrvd.conf.man.in b/doc/sudo_logsrvd.conf.man.in
index 0439716c6..4b7825014 100644
--- a/doc/sudo_logsrvd.conf.man.in
+++ b/doc/sudo_logsrvd.conf.man.in
@@ -16,7 +16,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.TH "SUDO_LOGSRVD.CONF" "@mansectform@" "February 15, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDO_LOGSRVD.CONF" "@mansectform@" "March 28, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -105,6 +105,17 @@ Multiple
 \fIlisten_address\fR
 lines may be specified to listen on more than one interface.
 .TP 10n
+pid_file = path
+The path to the file containing the process ID of the running
+\fBsudo_logsrvd\fR.
+This file is not created when
+\fBsudo_logsrvd\fR
+is run with the
+\fB\-n\fR
+option.
+The default value is
+\fI@rundir@/sudo_logsrvd.pid\fR.
+.TP 10n
 tcp_keepalive = boolean
 If true,
 \fBsudo_logsrvd\fR
@@ -555,6 +566,9 @@ Sudo log server configuration file
 # The default is to listen on all addresses.
 #listen_address = *:30344
 
+# The file containing the ID of the running sudo_logsrvd process.
+#pid_file = @rundir@/sudo_logsrvd.pid
+
 # If set, enable the SO_KEEPALIVE socket option on the connected socket.
 #tcp_keepalive = true
 
diff --git a/doc/sudo_logsrvd.conf.mdoc.in b/doc/sudo_logsrvd.conf.mdoc.in
index e840db142..39a40587c 100644
--- a/doc/sudo_logsrvd.conf.mdoc.in
+++ b/doc/sudo_logsrvd.conf.mdoc.in
@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd February 15, 2020
+.Dd March 28, 2020
 .Dt SUDO_LOGSRVD.CONF @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -96,6 +96,16 @@ which will listen on all configured network interfaces.
 Multiple
 .Em listen_address
 lines may be specified to listen on more than one interface.
+.It pid_file = path
+The path to the file containing the process ID of the running
+.Nm sudo_logsrvd .
+This file is not created when
+.Nm sudo_logsrvd
+is run with the
+.Fl n
+option.
+The default value is
+.Pa @rundir@/sudo_logsrvd.pid .
 .It tcp_keepalive = boolean
 If true,
 .Nm sudo_logsrvd
@@ -504,6 +514,9 @@ Sudo log server configuration file
 # The default is to listen on all addresses.
 #listen_address = *:30344
 
+# The file containing the ID of the running sudo_logsrvd process.
+#pid_file = @rundir@/sudo_logsrvd.pid
+
 # If set, enable the SO_KEEPALIVE socket option on the connected socket.
 #tcp_keepalive = true
 
diff --git a/doc/sudo_logsrvd.man.in b/doc/sudo_logsrvd.man.in
index 24e193f77..f89c96f2f 100644
--- a/doc/sudo_logsrvd.man.in
+++ b/doc/sudo_logsrvd.man.in
@@ -121,6 +121,11 @@ Sudo log server configuration file
 .TP 26n
 \fI@iolog_dir@\fR
 Default I/O log file location
+.TP 26n
+\fI@rundir@/sudo_logsrvd.pid\fR
+.br
+Process ID file for
+\fBsudo_logsrvd\fR
 .SH "EXAMPLES"
 .SS "Creating self-signed certificates"
 Unless you are using certificates signed by a well-known Certificate
diff --git a/doc/sudo_logsrvd.mdoc.in b/doc/sudo_logsrvd.mdoc.in
index be39f52c4..9d436c7ef 100644
--- a/doc/sudo_logsrvd.mdoc.in
+++ b/doc/sudo_logsrvd.mdoc.in
@@ -1,7 +1,7 @@
 .\"
 .\" SPDX-License-Identifier: ISC
 .\"
-.\" Copyright (c) 2019 Todd C. Miller <Todd.Miller@sudo.ws>
+.\" Copyright (c) 2019-2020 Todd C. Miller <Todd.Miller@sudo.ws>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd October 16, 2019
+.Dd March 28, 2020
 .Dt SUDO_LOGSRVD @mansectsu@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -114,6 +114,9 @@ Sudo front end configuration
 Sudo log server configuration file
 .It Pa @iolog_dir@
 Default I/O log file location
+.It Pa @rundir@/sudo_logsrvd.pid
+Process ID file for
+.Nm
 .El
 .Sh EXAMPLES
 .Ss Creating self-signed certificates
diff --git a/examples/sudo_logsrvd.conf b/examples/sudo_logsrvd.conf
index f43e8ad85..15af7c406 100644
--- a/examples/sudo_logsrvd.conf
+++ b/examples/sudo_logsrvd.conf
@@ -17,6 +17,9 @@
 # The default is to listen on all addresses.
 #listen_address = *:30344
 
+# The file containing the ID of the running sudo_logsrvd process.
+#pid_file = /var/run/sudo/sudo_logsrvd.pid
+
 # If set, enable the SO_KEEPALIVE socket option on the connected socket.
 #tcp_keepalive = true
 
diff --git a/logsrvd/logsrvd.c b/logsrvd/logsrvd.c
index df5ff6e01..983836c23 100644
--- a/logsrvd/logsrvd.c
+++ b/logsrvd/logsrvd.c
@@ -1651,7 +1651,7 @@ logsrvd_cleanup(void)
 }
 
 /*
- * Fork and detatch from the terminal.
+ * Fork, detatch from the terminal and write pid file unless nofork set.
  */
 static void
 daemonize(bool nofork)
@@ -1660,18 +1660,29 @@ daemonize(bool nofork)
     debug_decl(daemonize, SUDO_DEBUG_UTIL);
 
     if (!nofork) {
+	FILE *fp;
+
 	switch (fork()) {
 	case -1:
 	    sudo_fatal("fork");
 	case 0:
-	    /* child, detach from terminal */
-	    if (setsid() == -1)
-	    sudo_fatal("setsid");
+	    /* child */
 	    break;
 	default:
 	    /* parent, exit */
 	    _exit(EXIT_SUCCESS);
 	}
+
+	/* detach from terminal and write pid file. */
+	if (setsid() == -1)
+	    sudo_fatal("setsid");
+	fp = fopen(logsrvd_conf_pid_file(), "w");
+	if (fp == NULL) {
+	    sudo_warn("%s", logsrvd_conf_pid_file());
+	} else {
+	    fprintf(fp, "%d\n", getpid());
+	    fclose(fp);
+	}
     }
 
     if (chdir("/") == -1)
@@ -1804,7 +1815,8 @@ main(int argc, char *argv[])
     signal(SIGPIPE, SIG_IGN);
 
     sudo_ev_dispatch(evbase);
+    if (!nofork)
+	unlink(logsrvd_conf_pid_file());
 
-    /* NOTREACHED */
     debug_return_int(1);
 }
diff --git a/logsrvd/logsrvd.h b/logsrvd/logsrvd.h
index 0d2550990..bf49de04a 100644
--- a/logsrvd/logsrvd.h
+++ b/logsrvd/logsrvd.h
@@ -195,6 +195,7 @@ const char *logsrvd_conf_iolog_dir(void);
 const char *logsrvd_conf_iolog_file(void);
 struct listen_address_list *logsrvd_conf_listen_address(void);
 bool logsrvd_conf_tcp_keepalive(void);
+const char *logsrvd_conf_pid_file(void);
 struct timespec *logsrvd_conf_get_sock_timeout(void);
 #if defined(HAVE_OPENSSL)
 bool logsrvd_conf_get_tls_opt(void);
diff --git a/logsrvd/logsrvd_conf.c b/logsrvd/logsrvd_conf.c
index 47bcf2cba..d9c7195bf 100644
--- a/logsrvd/logsrvd_conf.c
+++ b/logsrvd/logsrvd_conf.c
@@ -78,6 +78,7 @@ static struct logsrvd_config {
         struct listen_address_list addresses;
         struct timespec timeout;
         bool tcp_keepalive;
+	char *pid_file;
 #if defined(HAVE_OPENSSL)
         bool tls;
         struct logsrvd_tls_config tls_config;
@@ -144,6 +145,13 @@ logsrvd_conf_tcp_keepalive(void)
 {
     return logsrvd_config->server.tcp_keepalive;
 }
+
+const char *
+logsrvd_conf_pid_file(void)
+{
+    return logsrvd_config->server.pid_file;
+}
+
 struct timespec *
 logsrvd_conf_get_sock_timeout(void)
 {
@@ -444,6 +452,28 @@ cb_keepalive(struct logsrvd_config *config, const char *str)
     debug_return_bool(true);
 }
 
+static bool
+cb_pid_file(struct logsrvd_config *config, const char *str)
+{
+    char *copy = NULL;
+    debug_decl(cb_pid_file, SUDO_DEBUG_UTIL);
+
+    if (*str != '/') {
+	debug_return_bool(false);
+	sudo_warnx(U_("%s: not a fully qualified path"), str);
+	debug_return_bool(false);
+    }
+    if ((copy = strdup(str)) == NULL) {
+	sudo_warn(NULL);
+	debug_return_bool(false);
+    }
+
+    free(config->server.pid_file);
+    config->server.pid_file = copy;
+
+    debug_return_bool(true);
+}
+
 #if defined(HAVE_OPENSSL)
 static bool
 cb_tls_opt(struct logsrvd_config *config, const char *str)
@@ -722,6 +752,7 @@ static struct logsrvd_config_entry server_conf_entries[] = {
     { "listen_address", cb_listen_address },
     { "timeout", cb_timeout },
     { "tcp_keepalive", cb_keepalive },
+    { "pid_file", cb_pid_file },
 #if defined(HAVE_OPENSSL)
     { "tls", cb_tls_opt },
     { "tls_key", cb_tls_key },
@@ -904,6 +935,7 @@ logsrvd_conf_free(struct logsrvd_config *config)
 	TAILQ_REMOVE(&config->server.addresses, addr, entries);
 	free(addr);
     }
+    free(config->server.pid_file);
 
     /* struct logsrvd_config_iolog */
     free(config->iolog.iolog_dir);
@@ -948,10 +980,23 @@ logsrvd_conf_alloc(void)
     TAILQ_INIT(&config->server.addresses);
     config->server.timeout.tv_sec = DEFAULT_SOCKET_TIMEOUT_SEC;
     config->server.tcp_keepalive = true;
+    config->server.pid_file = strdup(_PATH_SUDO_LOGSRVD_PID);
+    if (config->server.pid_file == NULL) {
+	sudo_warn(NULL);
+	goto bad;
+    }
 
 #if defined(HAVE_OPENSSL)
     config->server.tls_config.cacert_path = strdup(DEFAULT_CA_CERT_PATH);
+    if (config->server.tls_config.cacert_path == NULL) {
+	sudo_warn(NULL);
+	goto bad;
+    }
     config->server.tls_config.cert_path = strdup(DEFAULT_SERVER_CERT_PATH);
+    if (config->server.tls_config.cert_path == NULL) {
+	sudo_warn(NULL);
+	goto bad;
+    }
     config->server.tls_config.verify = true;
     config->server.tls_config.check_peer = false;
 #endif
diff --git a/m4/sudo.m4 b/m4/sudo.m4
index 428cc9a30..c679166ba 100644
--- a/m4/sudo.m4
+++ b/m4/sudo.m4
@@ -129,6 +129,7 @@ if test -z "$rundir"; then
 fi
 AC_MSG_RESULT([$rundir])
 SUDO_DEFINE_UNQUOTED(_PATH_SUDO_TIMEDIR, "$rundir/ts")
+SUDO_DEFINE_UNQUOTED(_PATH_SUDO_LOGSRVD_PID, "$rundir/sudo_logsrvd.pid")
 ])dnl
 
 dnl
diff --git a/pathnames.h.in b/pathnames.h.in
index 6d3703115..a39f9198d 100644
--- a/pathnames.h.in
+++ b/pathnames.h.in
@@ -90,6 +90,16 @@
  */
 
 /*
+ * Where sudo_logsrvd stores its pid file files.  Defaults to
+ * /var/run/sudo/sudo_logsrvd.pid, /var/db/sudo/sudo_logsrvd.pid,
+ * /var/lib/sudo/sudo_logsrvd.pid, /var/adm/sudo/sudo_logsrvd.pid or
+ * /usr/adm/sudo/sudo_logsrvd.pid depending on what exists on the system.
+ */
+#ifndef _PATH_SUDO_LOGSRVD_PID
+# undef _PATH_SUDO_LOGSRVD_PID
+#endif /* _PATH_SUDO_LOGSRVD_PID */
+
+/*
  * Where to store the time stamp files.  Defaults to /var/run/sudo/ts,
  * /var/db/sudo/ts, /var/lib/sudo/ts, /var/adm/sudo/ts or /usr/adm/sudo/ts
  * depending on what exists on the system.