/*++
/* NAME
/*	master_status 3
/* SUMMARY
/*	Postfix master - process child status reports
/* SYNOPSIS
/*	#include "master.h"
/*
/*	void	master_status_init(serv)
/*	MASTER_SERV *serv;
/*
/*	void	master_status_cleanup(serv)
/*	MASTER_SERV *serv;
/* DESCRIPTION
/*	This module reads and processes status reports from child processes.
/*
/*	master_status_init() enables the processing of child status updates
/*	for the specified service. Child process status updates (process
/*	available, process taken) are passed on to the master_avail_XXX()
/*	routines.
/*
/*	master_status_cleanup() disables child status update processing
/*	for the specified service.
/* DIAGNOSTICS
/*	Panic: internal inconsistency. Warnings: a child process sends
/*	incomplete or incorrect information.
/* BUGS
/* SEE ALSO
/*	master_avail(3)
/* LICENSE
/* .ad
/* .fi
/*	The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/*	Wietse Venema
/*	IBM T.J. Watson Research
/*	P.O. Box 704
/*	Yorktown Heights, NY 10598, USA
/*--*/

/* System libraries. */

#include <sys_defs.h>
#include <unistd.h>

/* Utility library. */

#include <msg.h>
#include <events.h>
#include <binhash.h>
#include <iostuff.h>

/* Application-specific. */

#include "master_proto.h"
#include "master.h"

/* master_status_event - status read event handler */

static void master_status_event(int event, void *context)
{
    const char *myname = "master_status_event";
    MASTER_SERV *serv = (MASTER_SERV *) context;
    MASTER_STATUS stat;
    MASTER_PROC *proc;
    MASTER_PID pid;
    int     n;

    if (event == 0)				/* XXX Can this happen?  */
	return;

    /*
     * We always keep the child end of the status pipe open, so an EOF read
     * condition means that we're seriously confused. We use non-blocking
     * reads so that we don't get stuck when someone sends a partial message.
     * Messages are short, so a partial read means someone wrote less than a
     * whole status message. Hopefully the next read will be in sync again...
     * We use a global child process status table because when a child dies
     * only its pid is known - we do not know what service it came from.
     */
    switch (n = read(serv->status_fd[0], (void *) &stat, sizeof(stat))) {

    case -1:
	msg_warn("%s: read: %m", myname);
	return;

    case 0:
	msg_panic("%s: read EOF status", myname);
	/* NOTREACHED */

    default:
	msg_warn("service %s(%s): child (pid %d) sent partial status update (%d bytes)",
		 serv->ext_name, serv->name, stat.pid, n);
	return;

    case sizeof(stat):
	pid = stat.pid;
	if (msg_verbose)
	    msg_info("%s: pid %d gen %u avail %d",
		     myname, stat.pid, stat.gen, stat.avail);
    }

    /*
     * Sanity checks. Do not freak out when the child sends garbage because
     * it is confused or for other reasons. However, be sure to freak out
     * when our own data structures are inconsistent. A process not found
     * condition can happen when we reap a process before receiving its
     * status update, so this is not an error.
     */
    if ((proc = (MASTER_PROC *) binhash_find(master_child_table,
					(void *) &pid, sizeof(pid))) == 0) {
	if (msg_verbose)
	    msg_info("%s: process id not found: %d", myname, stat.pid);
	return;
    }
    if (proc->gen != stat.gen) {
	msg_info("ignoring status update from child pid %d generation %u",
		 pid, stat.gen);
	return;
    }
    if (proc->serv != serv)
	msg_panic("%s: pointer corruption: %p != %p",
		  myname, (void *) proc->serv, (void *) serv);

    /*
     * Update our idea of the child process status. Allow redundant status
     * updates, because different types of events may be processed out of
     * order. Otherwise, warn about weird status updates but do not take
     * action. It's all gossip after all.
     */
    if (proc->avail == stat.avail)
	return;
    switch (stat.avail) {
    case MASTER_STAT_AVAIL:
	proc->use_count++;
	master_avail_more(serv, proc);
	break;
    case MASTER_STAT_TAKEN:
	master_avail_less(serv, proc);
	break;
    default:
	msg_warn("%s: ignoring unknown status: %d allegedly from pid: %d",
		 myname, stat.pid, stat.avail);
	break;
    }
}

/* master_status_init - start status event processing for this service */

void    master_status_init(MASTER_SERV *serv)
{
    const char *myname = "master_status_init";

    /*
     * Sanity checks.
     */
    if (serv->status_fd[0] >= 0 || serv->status_fd[1] >= 0)
	msg_panic("%s: status events already enabled", myname);
    if (msg_verbose)
	msg_info("%s: %s", myname, serv->name);

    /*
     * Make the read end of this service's status pipe non-blocking so that
     * we can detect partial writes on the child side. We use a duplex pipe
     * so that the child side becomes readable when the master goes away.
     */
    if (duplex_pipe(serv->status_fd) < 0)
	msg_fatal("pipe: %m");
    non_blocking(serv->status_fd[0], BLOCKING);
    close_on_exec(serv->status_fd[0], CLOSE_ON_EXEC);
    close_on_exec(serv->status_fd[1], CLOSE_ON_EXEC);
    event_enable_read(serv->status_fd[0], master_status_event, (void *) serv);
}

/* master_status_cleanup - stop status event processing for this service */

void    master_status_cleanup(MASTER_SERV *serv)
{
    const char *myname = "master_status_cleanup";

    /*
     * Sanity checks.
     */
    if (serv->status_fd[0] < 0 || serv->status_fd[1] < 0)
	msg_panic("%s: status events not enabled", myname);
    if (msg_verbose)
	msg_info("%s: %s", myname, serv->name);

    /*
     * Dispose of this service's status pipe after disabling read events.
     */
    event_disable_readwrite(serv->status_fd[0]);
    if (close(serv->status_fd[0]) != 0)
	msg_warn("%s: close status descriptor (read side): %m", myname);
    if (close(serv->status_fd[1]) != 0)
	msg_warn("%s: close status descriptor (write side): %m", myname);
    serv->status_fd[0] = serv->status_fd[1] = -1;
}