From eb6d8d221b34a93e57c22cefa47d924350251c4c Mon Sep 17 00:00:00 2001

From: Ray Strode <rstrode@redhat.com>

Date: Thu, 15 Oct 2015 14:37:33 -0400

Subject: [PATCH] daemon: fork before threads are spawned

It's not really a good idea to fork after glib has initialized,

since it has helper threads that may have taken locks etc.

This commit forks really early to prevent locks from leaking

and causing deadlock.

---

 daemon/gkd-main.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++---------

 1 file changed, 63 insertions(+), 12 deletions(-)

diff --git a/daemon/gkd-main.c b/daemon/gkd-main.c

index f567633..4cc8552 100644

--- a/daemon/gkd-main.c

+++ b/daemon/gkd-main.c

@@ -98,60 +98,61 @@ EGG_SECURE_DECLARE (daemon_main);

 #	else

 #		define DEFAULT_COMPONENTS  GKD_COMP_PKCS11 "," GKD_COMP_SECRETS

 #	endif

 #endif

 /*

  * If --login is used and then daemon is not initialized within LOGIN_TIMEOUT

  * seconds, then we exit. See on_login_timeout() below.

  */

 #define LOGIN_TIMEOUT 120

 static gchar* run_components = DEFAULT_COMPONENTS;

 static gboolean pkcs11_started = FALSE;

 static gboolean secrets_started = FALSE;

 static gboolean ssh_started = FALSE;

 static gboolean dbus_started = FALSE;

 static gboolean run_foreground = FALSE;

 static gboolean run_daemonized = FALSE;

 static gboolean run_version = FALSE;

 static gboolean run_for_login = FALSE;

 static gboolean perform_unlock = FALSE;

 static gboolean run_for_start = FALSE;

 static gboolean run_for_replace = FALSE;

 static gchar* login_password = NULL;

 static gchar* control_directory = NULL;

 static guint timeout_id = 0;

 static gboolean initialization_completed = FALSE;

 static GMainLoop *loop = NULL;

+static int parent_wakeup_fd = -1;

 static GOptionEntry option_entries[] = {

 	{ "start", 's', 0, G_OPTION_ARG_NONE, &run_for_start,

 	  "Start a dameon or initialize an already running daemon." },

 	{ "replace", 'r', 0, G_OPTION_ARG_NONE, &run_for_replace,

 	  "Replace the daemon for this desktop login environment." },

 	{ "foreground", 'f', 0, G_OPTION_ARG_NONE, &run_foreground,

 	  "Run in the foreground", NULL },

 	{ "daemonize", 'd', 0, G_OPTION_ARG_NONE, &run_daemonized,

 	  "Run as a daemon", NULL },

 	{ "login", 'l', 0, G_OPTION_ARG_NONE, &run_for_login,

 	  "Run by PAM for a user login. Read login password from stdin", NULL },

 	{ "unlock", 0, 0, G_OPTION_ARG_NONE, &perform_unlock,

 	  "Prompt for login keyring password, or read from stdin", NULL },

 	{ "components", 'c', 0, G_OPTION_ARG_STRING, &run_components,

 	  "The optional components to run", DEFAULT_COMPONENTS },

 	{ "control-directory", 'C', 0, G_OPTION_ARG_FILENAME, &control_directory,

 	  "The directory for sockets and control data", NULL },

 	{ "version", 'V', 0, G_OPTION_ARG_NONE, &run_version,

 	  "Show the version number and exit.", NULL },

 	{ NULL }

 };

 static void

 parse_arguments (int *argc, char** argv[])

 {

 	GError *err = NULL;

 	GOptionContext *context;

 	context = g_option_context_new ("- The Gnome Keyring Daemon");

@@ -474,60 +475,110 @@ read_login_password (int fd)

 	}

 	egg_secure_free (buf);

 	return ret;

 }

 static void

 cleanup_and_exit (int code)

 {

 	egg_cleanup_perform ();

 	exit (code);

 }

 static void

 clear_login_password (void)

 {

 	if(login_password)

 		egg_secure_strfree (login_password);

 	login_password = NULL;

 }

 static void

 print_environment (void)

 {

 	const gchar **env;

 	for (env = gkd_util_get_environment (); *env; ++env)

 		printf ("%s\n", *env);

 	fflush (stdout);

 }

+

+static void

+print_environment_from_fd (int fd)

+{

+	char *output;

+	gsize output_size;

+	gsize bytes_read;

+

+	bytes_read = read (fd, &output_size, sizeof (output_size));

+

+	if (bytes_read < sizeof (output_size))

+		exit (1);

+

+	output = g_malloc0 (output_size);

+	bytes_read = read (fd, output, output_size);

+

+	if (bytes_read < output_size)

+		exit (1);

+

+	printf ("%s\n", output);

+	fflush (stdout);

+	g_free (output);

+}

+

+static void

+send_environment_and_finish_parent (int fd)

+{

+	char *output;

+	gsize output_size;

+	gsize bytes_written;

+

+	if (fd < 0) {

+		print_environment ();

+		return;

+	}

+

+	output = g_strjoinv ("\n", (gchar **) gkd_util_get_environment ());

+	output_size = strlen (output) + 1;

+	bytes_written = write (fd, &output_size, sizeof (output_size));

+

+	if (bytes_written < sizeof (output_size))

+		exit (1);

+

+	bytes_written = write (fd, output, output_size);

+	if (bytes_written < output_size)

+		exit (1);

+

+	g_free (output);

+}

+

 static gboolean

 initialize_daemon_at (const gchar *directory)

 {

 	gchar **ourenv, **daemonenv, **e;

 	/* Exchange environment variables, and try to initialize daemon */

 	ourenv = gkd_util_build_environment (GKD_UTIL_IN_ENVIRONMENT);

 	daemonenv = gkd_control_initialize (directory, run_components,

 	                                    (const gchar**)ourenv);

 	g_strfreev (ourenv);

 	/* Initialization failed, start this process up as a daemon */

 	if (!daemonenv)

 		return FALSE;

 	/* Setup all the environment variables we were passed */

 	for (e = daemonenv; *e; ++e)

 		gkd_util_push_environment_full (*e);

 	g_strfreev (daemonenv);

 	return TRUE;

 }

 static gboolean

 replace_daemon_at (const gchar *directory)

 {

 	gboolean ret;

 	/*

 	 * The first control_directory is the environment one, always

@@ -577,136 +628,134 @@ discover_other_daemon (DiscoverFunc callback, gboolean acquire)

 	/* Or the default location when no evironment variable */

 	control_env = g_getenv ("XDG_RUNTIME_DIR");

 	if (control_env) {

 		control = g_build_filename (control_env, "keyring", NULL);

 		ret = (callback) (control);

 		g_free (control);

 		if (ret == TRUE)

 			return TRUE;

 	}

 	/* See if we can contact a daemon running, that didn't set an env variable */

 	if (acquire && !gkd_dbus_singleton_acquire (&acquired))

 		return FALSE;

 	/* We're the main daemon */

 	if (acquired)

 		return FALSE;

 	control = gkd_dbus_singleton_control ();

 	if (control) {

 		ret = (callback) (control);

 		g_free (control);

 		if (ret == TRUE)

 			return TRUE;

 	}

 	return FALSE;

 }

-static void

+static int

 fork_and_print_environment (void)

 {

 	int status;

 	pid_t pid;

 	int fd, i;

+	int wakeup_fds[2] = { -1, -1 };

-	if (run_foreground) {

-		print_environment ();

-		return;

-	}

+	g_unix_open_pipe (wakeup_fds, FD_CLOEXEC, NULL);

 	pid = fork ();

 	if (pid != 0) {

-

 		/* Here we are in the initial process */

 		if (run_daemonized) {

 			/* Initial process, waits for intermediate child */

 			if (pid == -1)

 				exit (1);

 			waitpid (pid, &status, 0);

 			if (WEXITSTATUS (status) != 0)

 				exit (WEXITSTATUS (status));

 		} else {

 			/* Not double forking */

-			print_environment ();

+			print_environment_from_fd (wakeup_fds[0]);

 		}

 		/* The initial process exits successfully */

 		exit (0);

 	}

 	if (run_daemonized) {

 		/*

 		 * Become session leader of a new session, process group leader of a new

 		 * process group, and detach from the controlling TTY, so that SIGHUP is

 		 * not sent to this process when the previous session leader dies

 		 */

 		setsid ();

 		/* Double fork if need to daemonize properly */

 		pid = fork ();

 		if (pid != 0) {

-

 			/* Here we are in the intermediate child process */

 			/*

 			 * This process exits, so that the final child will inherit

 			 * init as parent to avoid zombies

 			 */

 			if (pid == -1)

 				exit (1);

 			/* We've done two forks. */

-			print_environment ();

+			print_environment_from_fd (wakeup_fds[0]);

 			/* The intermediate child exits */

 			exit (0);

 		}

 	}

 	/* Here we are in the resulting daemon or background process. */

 	for (i = 0; i < 3; ++i) {

 		fd = open ("/dev/null", O_RDONLY);

 		sane_dup2 (fd, i);

 		close (fd);

 	}

+

+	return wakeup_fds[1];

 }

 static gboolean

 gkr_daemon_startup_steps (const gchar *components)

 {

 	g_assert (components);

 	/*

 	 * Startup that must run before forking.

 	 * Note that we set initialized flags early so that two

 	 * initializations don't overlap

 	 */

 #ifdef WITH_SSH

 	if (strstr (components, GKD_COMP_SSH)) {

 		if (ssh_started) {

 			g_message ("The SSH agent was already initialized");

 		} else {

 			ssh_started = TRUE;

 			if (!gkd_daemon_startup_ssh ()) {

 				ssh_started = FALSE;

 				return FALSE;

 			}

 		}

 	}

 #endif

 	return TRUE;

 }

@@ -849,112 +898,114 @@ main (int argc, char *argv[])

 #ifdef HAVE_LOCALE_H

 	/* internationalisation */

 	setlocale (LC_ALL, "");

 #endif

 #ifdef HAVE_GETTEXT

 	bindtextdomain (GETTEXT_PACKAGE, GNOMELOCALEDIR);

 	textdomain (GETTEXT_PACKAGE);

 	bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8");

 #endif

 	egg_libgcrypt_initialize ();

 	/* Send all warning or error messages to syslog */

 	prepare_logging ();

 	parse_arguments (&argc, &argv);

 	/* The --version option. This is machine parseable output */

 	if (run_version) {

 		g_print ("gnome-keyring-daemon: %s\n", VERSION);

 		g_print ("testing: %s\n",

 #ifdef WITH_DEBUG

 		         "enabled");

 #else

 		         "disabled");

 #endif

 		exit (0);

 	}

+	/* The whole forking and daemonizing dance starts here. */

+	parent_wakeup_fd = fork_and_print_environment();

+

 	/* The --start option */

 	if (run_for_start) {

 		if (discover_other_daemon (initialize_daemon_at, TRUE)) {

 			/*

 			 * Another daemon was initialized, print out environment

 			 * for any callers, and quit or go comatose.

 			 */

-			print_environment ();

+			send_environment_and_finish_parent (parent_wakeup_fd);

 			if (run_foreground)

 				while (sleep(0x08000000) == 0);

 			cleanup_and_exit (0);

 		}

 	/* The --replace option */

 	} else if (run_for_replace) {

 		discover_other_daemon (replace_daemon_at, FALSE);

 		if (control_directory)

 			g_message ("Replacing daemon, using directory: %s", control_directory);

 		else

 			g_message ("Could not find daemon to replace, staring normally");

 	}

 	/* Initialize the main directory */

 	gkd_util_init_master_directory (control_directory);

 	/* Initialize our daemon main loop and threading */

 	loop = g_main_loop_new (NULL, FALSE);

 	/* Initialize our control socket */

 	if (!gkd_control_listen ())

 		return FALSE;

 	if (perform_unlock) {

 		login_password = read_login_password (STDIN);

 		atexit (clear_login_password);

 	}

 	/* The --login option. Delayed initialization */

 	if (run_for_login) {

 		timeout_id = g_timeout_add_seconds (LOGIN_TIMEOUT, (GSourceFunc) on_login_timeout, NULL);

 	/* Not a login daemon. Startup stuff now.*/

 	} else {

 		/* These are things that can run before forking */

 		if (!gkr_daemon_startup_steps (run_components))

 			cleanup_and_exit (1);

 	}

 	signal (SIGPIPE, SIG_IGN);

-	/* The whole forking and daemonizing dance starts here. */

-	fork_and_print_environment();

+	send_environment_and_finish_parent (parent_wakeup_fd);

 	g_unix_signal_add (SIGTERM, on_signal_term, loop);

 	g_unix_signal_add (SIGHUP, on_signal_term, loop);

 	g_unix_signal_add (SIGUSR1, on_signal_usr1, loop);

 	/* Prepare logging a second time, since we may be in a different process */

 	prepare_logging();

 	/* Remainder initialization after forking, if initialization not delayed */

 	if (!run_for_login) {

 		gkr_daemon_initialize_steps (run_components);

 		/*

 		 * Close stdout and so that the caller knows that we're

 		 * all initialized, (when run in foreground mode).

 		 *

 		 * However since some logging goes to stdout, redirect that

 		 * to stderr. We don't want the caller confusing that with

 		 * valid output anyway.

 		 */

 		if (dup2 (2, 1) < 1)

 			g_warning ("couldn't redirect stdout to stderr");

 		g_debug ("initialization complete");

 	}

 	g_main_loop_run (loop);

 	/* This wraps everything up in order */

 	egg_cleanup_perform ();

-- 

2.5.0