2 * Copyright (C) 2005-2007 Andre Noll <maan@systemlinux.org>
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA.
19 /** \file net.c networking-related helper functions */
27 /** holds information about one encrypted connection */
29 /** function used to decrypt received data */
31 /** function used to encrypt data to be sent */
33 /** context-dependent data, passed to \a recv() and \a send() */
36 /** array holding per fd crypt data per */
37 static struct crypt_data *crypt_data_array;
38 /** current size of the crypt data array */
39 static unsigned cda_size = 0;
43 * activate encryption for one file descriptor
45 * \param fd the file descriptor
46 * \param recv_f the function used for decrypting received data
47 * \param send_f the function used for encrypting before sending
48 * \param private_data user data supplied by the caller
50 void enable_crypt(int fd, crypt_function *recv_f, crypt_function *send_f,
53 if (fd + 1 > cda_size) {
54 crypt_data_array = para_realloc(crypt_data_array,
55 (fd + 1) * sizeof(struct crypt_data));
56 memset(crypt_data_array + cda_size, 0,
57 (fd + 1 - cda_size) * sizeof(struct crypt_data));
60 crypt_data_array[fd].recv = recv_f;
61 crypt_data_array[fd].send = send_f;
62 crypt_data_array[fd].private_data = private_data;
63 PARA_INFO_LOG("rc4 encryption activated for fd %d\n", fd);
67 * deactivate encryption for a given fd
69 * \param fd the file descriptor
71 * This must be called if and only if \p fd was activated via enable_crypt().
73 void disable_crypt(int fd)
75 if (cda_size < fd + 1)
77 crypt_data_array[fd].recv = NULL;
78 crypt_data_array[fd].send = NULL;
79 crypt_data_array[fd].private_data = NULL;
84 * initialize a struct sockaddr_in
86 * \param addr A pointer to the struct to be initialized
87 * \param port The port number to use
88 * \param he The address to use
90 * If \a he is null (server mode), \a addr->sin_addr is initialized with \p
91 * INADDR_ANY. Otherwise, the address given by \a he is copied to addr.
93 void init_sockaddr(struct sockaddr_in *addr, int port, const struct hostent *he)
96 addr->sin_family = AF_INET;
97 /* short, network byte order */
98 addr->sin_port = htons(port);
100 addr->sin_addr = *((struct in_addr *)he->h_addr);
102 addr->sin_addr.s_addr = INADDR_ANY;
103 /* zero the rest of the struct */
104 memset(&addr->sin_zero, '\0', 8);
108 * send out a buffer, resend on short writes
110 * \param fd the file descriptor
111 * \param buf The buffer to be sent
112 * \param len The length of \a buf
114 * Due to circumstances beyond your control, the kernel might not send all the
115 * data out in one chunk, and now, my friend, it's up to us to get the data out
116 * there (Beej's Guide to Network Programming).
118 * \return This function returns 1 on success and \a -E_SEND on errors. The
119 * number of bytes actually sent is stored upon successful return in \a len.
121 static int sendall(int fd, const char *buf, size_t *len)
123 int total = 0; /* how many bytes we've sent */
124 int bytesleft = *len; /* how many we have left to send */
127 while (total < *len) {
128 n = send(fd, buf + total, bytesleft, 0);
134 PARA_DEBUG_LOG("short write (%zd byte(s) left)",
137 *len = total; /* return number actually sent here */
138 return n == -1? -E_SEND : 1; /* return 1 on success */
142 * encrypt and send buffer
144 * \param fd: the file descriptor
145 * \param buf the buffer to be encrypted and sent
146 * \param len the length of \a buf
148 * Check if encrytpion is available. If yes, encrypt the given buffer. Send out
149 * the buffer, encrypted or not, and try to resend the remaing part in case of
152 * \return Positive on success, \p -E_SEND on errors.
154 int send_bin_buffer(int fd, const char *buf, size_t len)
157 crypt_function *cf = NULL;
160 PARA_CRIT_LOG("%s", "len == 0\n");
161 if (fd + 1 <= cda_size)
162 cf = crypt_data_array[fd].send;
164 void *private = crypt_data_array[fd].private_data;
165 unsigned char *outbuf = para_malloc(len);
166 (*cf)(len, (unsigned char *)buf, outbuf, private);
167 ret = sendall(fd, (char *)outbuf, &len);
170 ret = sendall(fd, buf, &len);
175 * encrypt and send null terminated buffer.
177 * \param fd the file descriptor
178 * \param buf the null-terminated buffer to be send
180 * This is equivalent to send_bin_buffer(fd, buf, strlen(buf)).
182 * \return Positive on success, \p -E_SEND on errors.
184 int send_buffer(int fd, const char *buf)
186 return send_bin_buffer(fd, buf, strlen(buf));
191 * send and encrypt a buffer given by a format string
193 * \param fd the file descriptor
194 * \param fmt a format string
196 * \return Positive on success, \p -E_SEND on errors.
198 __printf_2_3 int send_va_buffer(int fd, const char *fmt, ...)
203 PARA_VSPRINTF(fmt, msg);
204 ret = send_buffer(fd, msg);
210 * receive and decrypt.
212 * \param fd the file descriptor
213 * \param buf the buffer to write the decrypted data to
214 * \param size the size of \a buf
216 * Receive at most \a size bytes from filedescriptor fd. If encryption is
217 * available, decrypt the received buffer.
219 * \return The number of bytes received on success. On receive errors, -E_RECV
220 * is returned. On crypt errors, the corresponding crypt error number is
225 __must_check int recv_bin_buffer(int fd, char *buf, ssize_t size)
228 crypt_function *cf = NULL;
230 if (fd + 1 <= cda_size)
231 cf = crypt_data_array[fd].recv;
233 unsigned char *tmp = para_malloc(size);
234 void *private = crypt_data_array[fd].private_data;
235 n = recv(fd, tmp, size, 0);
237 (*cf)(n, tmp, (unsigned char *)buf, private);
240 n = recv(fd, buf, size, 0);
247 * receive, decrypt and write terminating NULL byte
249 * \param fd the file descriptor
250 * \param buf the buffer to write the decrypted data to
251 * \param size the size of \a buf
253 * Read and decrypt at most \a size - 1 bytes from file descriptor \a fd and
254 * write a NULL byte at the end of the received data.
256 * \return: The return value of the underlying call to \a recv_bin_buffer().
258 * \sa recv_bin_buffer()
260 int recv_buffer(int fd, char *buf, ssize_t size)
264 n = recv_bin_buffer(fd, buf, size - 1);
273 * wrapper around gethostbyname
275 * \param host hostname or IPv4 address
276 * \param ret the hostent structure is returned here
278 * \return positive on success, negative on errors. On success, \a ret
279 * contains the return value of the underlying gethostbyname() call.
281 * \sa gethostbyname(2)
283 int get_host_info(char *host, struct hostent **ret)
285 PARA_INFO_LOG("getting host info of %s\n", host);
286 /* FIXME: gethostbyname() is obsolete */
287 *ret = gethostbyname(host);
288 return *ret? 1 : -E_HOST_INFO;
292 * a wrapper around socket(2)
294 * Create an IPv4 socket for sequenced, reliable, two-way, connection-based
297 * \return The socket fd on success, -E_SOCKET on errors.
305 if ((socket_fd = socket(AF_INET, SOCK_STREAM, 0)) == -1)
311 * a wrapper around connect(2)
313 * \param fd the file descriptor
314 * \param their_addr the address to connect
316 * \return \p -E_CONNECT on errors, 1 on success
320 int para_connect(int fd, struct sockaddr_in *their_addr)
324 if ((ret = connect(fd, (struct sockaddr *)their_addr,
325 sizeof(struct sockaddr))) == -1)
331 * paraslash's wrapper around the accept system call
333 * \param fd the listening socket
334 * \param addr structure which is filled in with the address of the peer socket
335 * \param size should contain the size of the structure pointed to by \a addr
337 * Accept incoming connections on \a addr. Retry if interrupted.
339 * \return The new file descriptor on success, \a -E_ACCEPT on errors.
343 int para_accept(int fd, void *addr, socklen_t size)
348 new_fd = accept(fd, (struct sockaddr *) addr, &size);
349 while (new_fd < 0 && errno == EINTR);
350 return new_fd < 0? -E_ACCEPT : new_fd;
353 static int setserversockopts(int socket_fd)
357 if (setsockopt(socket_fd, SOL_SOCKET, SO_REUSEADDR, &yes,
359 return -E_SETSOCKOPT;
364 * prepare a structure for \p AF_UNIX socket addresses
366 * \param u pointer to the struct to be prepared
367 * \param name the socket pathname
369 * This just copies \a name to the sun_path component of \a u.
371 * \return Positive on success, \p -E_NAME_TOO_LONG if \a name is longer
372 * than \p UNIX_PATH_MAX.
374 int init_unix_addr(struct sockaddr_un *u, const char *name)
376 if (strlen(name) >= UNIX_PATH_MAX)
377 return -E_NAME_TOO_LONG;
378 memset(u->sun_path, 0, UNIX_PATH_MAX);
379 u->sun_family = PF_UNIX;
380 strcpy(u->sun_path, name);
385 * prepare, create, and bind and socket for local communication
387 * \param name the socket pathname
388 * \param unix_addr pointer to the \p AF_UNIX socket structure
389 * \param mode the desired mode of the socket
391 * This functions creates a local socket for sequenced, reliable,
392 * two-way, connection-based byte streams.
394 * \return The file descriptor, on success, negative on errors.
400 int create_pf_socket(const char *name, struct sockaddr_un *unix_addr, int mode)
404 fd = socket(PF_UNIX, SOCK_STREAM, 0);
408 ret = init_unix_addr(unix_addr, name);
411 if (bind(fd, (struct sockaddr *) unix_addr, UNIX_PATH_MAX) < 0)
413 if (chmod(name, mode) < 0)
419 ssize_t send_cred_buffer(int sock, char *buf)
421 return send_buffer(sock, buf);
423 int recv_cred_buffer(int fd, char *buf, size_t size)
425 return recv_buffer(fd, buf, size) > 0? 1 : -E_RECVMSG;
427 #else /* HAVE_UCRED */
429 * send NULL terminated buffer and Unix credentials of the current process
431 * \param sock the socket file descriptor
432 * \param buf the buffer to be sent
434 * \return On success, this call returns the number of characters sent. On
435 * error, \p -E_SENDMSG ist returned.
437 * \sa okir's Black Hats Manual
440 ssize_t send_cred_buffer(int sock, char *buf)
442 char control[sizeof(struct cmsghdr) + 10];
444 struct cmsghdr *cmsg;
445 static struct iovec iov;
451 iov.iov_len = strlen(buf);
455 /* compose the message */
456 memset(&msg, 0, sizeof(msg));
459 msg.msg_control = control;
460 msg.msg_controllen = sizeof(control);
461 /* attach the ucred struct */
462 cmsg = CMSG_FIRSTHDR(&msg);
463 cmsg->cmsg_level = SOL_SOCKET;
464 cmsg->cmsg_type = SCM_CREDENTIALS;
465 cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
466 *(struct ucred *)CMSG_DATA(cmsg) = c;
467 msg.msg_controllen = cmsg->cmsg_len;
468 ret = sendmsg(sock, &msg, 0);
474 static void dispose_fds(int *fds, int num)
478 for (i = 0; i < num; i++)
483 * receive a buffer and the Unix credentials of the sending process
485 * \param fd the socket file descriptor
486 * \param buf the buffer to store the message
487 * \param size the size of \a buffer
489 * \return negative on errors, the user id on success.
491 * \sa okir's Black Hats Manual
494 int recv_cred_buffer(int fd, char *buf, size_t size)
498 struct cmsghdr *cmsg;
504 setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &yes, sizeof(int));
505 memset(&msg, 0, sizeof(msg));
506 memset(buf, 0, size);
511 msg.msg_control = control;
512 msg.msg_controllen = sizeof(control);
513 if (recvmsg(fd, &msg, 0) < 0)
515 result = -E_SCM_CREDENTIALS;
516 cmsg = CMSG_FIRSTHDR(&msg);
518 if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type
519 == SCM_CREDENTIALS) {
520 memcpy(&cred, CMSG_DATA(cmsg), sizeof(struct ucred));
523 if (cmsg->cmsg_level == SOL_SOCKET
524 && cmsg->cmsg_type == SCM_RIGHTS) {
525 dispose_fds((int *) CMSG_DATA(cmsg),
526 (cmsg->cmsg_len - CMSG_LEN(0))
529 cmsg = CMSG_NXTHDR(&msg, cmsg);
533 #endif /* HAVE_UCRED */
535 /** how many pending connections queue will hold */
539 * create a socket, bind it and listen
541 * \param port the tcp port to listen on
543 * \return The file descriptor of the created socket, negative
551 int init_tcp_socket(int port)
553 struct sockaddr_in my_addr;
554 int fd, ret = get_socket();
559 ret = setserversockopts(fd);
562 init_sockaddr(&my_addr, port, NULL);
564 if (bind(fd, (struct sockaddr *)&my_addr,
565 sizeof(struct sockaddr)) == -1) {
566 PARA_CRIT_LOG("bind error: %s\n", strerror(errno));
570 if (listen(fd, BACKLOG) == -1)
572 PARA_INFO_LOG("listening on port %d, fd %d\n", port, fd);
580 * receive a buffer and check for a pattern
582 * \param fd the file descriptor to receive from
583 * \param pattern the expected pattern
584 * \param bufsize the size of the internal buffer
586 * \return Positive if \a pattern was received, negative otherwise.
588 * This function creates a buffer of size \a bufsize and tries
589 * to receive at most \a bufsize bytes from file descriptor \a fd.
590 * If at least \p strlen(\a pattern) bytes were received, the beginning of
591 * the received buffer is compared with \a pattern, ignoring case.
596 int recv_pattern(int fd, const char *pattern, size_t bufsize)
598 size_t len = strlen(pattern);
599 char *buf = para_malloc(bufsize + 1);
600 int ret = -E_RECV_PATTERN, n = recv_buffer(fd, buf, bufsize);
604 if (strncasecmp(buf, pattern, len))
609 PARA_NOTICE_LOG("n = %d, did not receive pattern '%s'\n", n, pattern);
611 PARA_NOTICE_LOG("recvd: %s\n", buf);