#include <sys/socket.h>
#include <regex.h>
#include <signal.h>
-#include <sys/types.h>
-#include <osl.h>
#include <arpa/inet.h>
-#include <sys/un.h>
#include <netdb.h>
#include <lopsub.h>
#include "command.h"
#include "string.h"
#include "afh.h"
-#include "afs.h"
#include "net.h"
#include "server.h"
#include "list.h"
}
/**
- * Send a sideband packet through a blocking file descriptor.
+ * Receive a sideband packet from a blocking file descriptor.
*
* \param scc fd and crypto keys.
* \param expected_band The expected band designator.
ITEM(chunk_time) \
ITEM(num_chunks) \
ITEM(amplification) \
+ ITEM(play_time) \
/*
* Create a set of audio-file related status items with empty values. These are
}
EXPORT_SERVER_CMD_HANDLER(stat);
-const char *aux_info_cb(unsigned cmd_num, bool verbose)
+static const char *aux_info_cb(unsigned cmd_num, bool verbose)
{
static char result[80];
unsigned perms = server_command_perms[cmd_num];
static int com_ff(struct command_context *cc, struct lls_parse_result *lpr)
{
long promille;
- int i, ret, backwards = 0;
+ int i, ret;
char c, *errctx;
ret = lls(lls_check_arg_count(lpr, 1, 1, &errctx));
send_errctx(cc, errctx);
return ret;
}
- if (!(ret = sscanf(lls_input(0, lpr), "%i%c", &i, &c)))
- return -E_COMMAND_SYNTAX;
- if (ret > 1 && c == '-')
- backwards = 1; /* jmp backwards */
+ ret = para_atoi32(lls_input(0, lpr), &i);
+ if (ret < 0) {
+ if (ret != -E_ATOI_JUNK_AT_END)
+ return ret;
+ /*
+ * Compatibility code to keep the historic syntax (ff 30-)
+ * working. This can be removed after 0.7.0.
+ */
+ ret = sscanf(lls_input(0, lpr), "%i%c", &i, &c);
+ if (ret <= 0)
+ return -E_COMMAND_SYNTAX;
+ if (ret > 1 && c == '-') {
+ PARA_WARNING_LOG("use of obsolete syntax\n");
+ i = -i;
+ }
+ }
mutex_lock(mmd_mutex);
ret = -E_NO_AUDIO_FILE;
if (!mmd->afd.afhi.chunks_total || !mmd->afd.afhi.seconds_total)
ret = 1;
promille = (1000 * mmd->current_chunk) / mmd->afd.afhi.chunks_total;
/*
- * We need these casts because without them the expression on the right
+ * We need this cast because without it the expression on the right
* hand side is of unsigned type.
*/
- if (backwards)
- promille -= 1000 * i / (int)mmd->afd.afhi.seconds_total;
- else
- promille += 1000 * i / (int)mmd->afd.afhi.seconds_total;
+ promille += 1000 * i / (int)mmd->afd.afhi.seconds_total;
if (promille < 0)
promille = 0;
if (promille > 1000) {
static int com_jmp(struct command_context *cc, struct lls_parse_result *lpr)
{
- long unsigned int i;
- int ret;
+ int i, ret;
char *errctx;
ret = lls(lls_check_arg_count(lpr, 1, 1, &errctx));
send_errctx(cc, errctx);
return ret;
}
- if (sscanf(lls_input(0, lpr), "%lu", &i) <= 0)
+ if (sscanf(lls_input(0, lpr), "%d", &i) <= 0)
+ return -ERRNO_TO_PARA_ERROR(EINVAL);
+ if (i < 0 || i > 100)
return -ERRNO_TO_PARA_ERROR(EINVAL);
mutex_lock(mmd_mutex);
ret = -E_NO_AUDIO_FILE;
if (!mmd->afd.afhi.chunks_total)
goto out;
- if (i > 100)
- i = 100;
- PARA_INFO_LOG("jumping to %lu%%\n", i);
+ PARA_INFO_LOG("jumping to %d%%\n", i);
mmd->repos_request = (mmd->afd.afhi.chunks_total * i + 50) / 100;
- PARA_INFO_LOG("sent: %lu, offset before jmp: %li\n",
- mmd->chunks_sent, mmd->offset);
mmd->new_vss_status_flags |= VSS_REPOS;
mmd->new_vss_status_flags &= ~VSS_NEXT;
ret = 1;
}
EXPORT_SERVER_CMD_HANDLER(jmp);
-/* deprecated, does nothing */
-static int com_tasks(__a_unused struct command_context *cc,
- __a_unused struct lls_parse_result *lpr)
-{
- return 1;
-}
-EXPORT_SERVER_CMD_HANDLER(tasks);
-
static void reset_signals(void)
{
para_sigaction(SIGCHLD, SIG_IGN);
}
struct connection_features {
- int dummy; /* none at the moment */
+ bool sha256_requested; /* can be removed after 0.7.0 */
};
static int parse_auth_request(char *buf, int len, const struct user **u,
*p = '\0';
p++;
create_argv(p, ",", &features);
+ /*
+ * Still accept sideband and AES feature requests (as a no-op)
+ * because some 0.6.x clients request them. The two checks
+ * below may be removed after 0.7.1.
+ */
for (i = 0; features[i]; i++) {
if (strcmp(features[i], "sideband") == 0)
continue;
if (strcmp(features[i], "aes_ctr128") == 0)
continue;
+ /*
+ * ->sha256_requested can go away after 0.7.0 but the
+ * check has to stay until 0.9.0.
+ */
+ if (strcmp(features[i], "sha256") == 0)
+ cf->sha256_requested = true;
else {
ret = -E_BAD_FEATURE;
goto out;
}
perms = server_command_perms[ret];
if ((perms & cc->u->perms) != perms)
- return -E_PERM;
+ return -ERRNO_TO_PARA_ERROR(EPERM);
lcmd = lls_cmd(ret, server_cmd_suite);
end = iov->iov_base + iov->iov_len;
for (i = 0; p < end; i++)
* Whenever para_server accepts an incoming tcp connection on the port it
* listens on, it forks and the resulting child calls this function.
*
- * An RSA-based challenge/response is used to authenticate the peer. It that
+ * An RSA-based challenge/response is used to authenticate the peer. If the
* authentication succeeds, a random session key is generated and sent back to
* the peer, encrypted with its RSA public key. From this point on, all
- * transfers are crypted with this session key.
+ * transfers are encrypted with this session key using a stream cipher.
*
* Next it is checked if the peer supplied a valid server command or a command
* for the audio file selector. If yes, and if the user has sufficient
- * permissions to execute that command, the function calls the corresponding
- * command handler which does argument checking and further processing.
+ * permissions to execute this command, the function calls the corresponding
+ * command handler which performs argument checking and further processing.
*
- * In order to cope with DOS attacks, a timeout is set up which terminates
- * the function if the connection was not authenticated when the timeout
- * expires.
+ * To cope with DOS attacks, a timer is set up right after the fork. If the
+ * connection was still not authenticated when the timeout expires, the child
+ * process is terminated.
*
* \return Standard.
*
{
int ret;
unsigned char rand_buf[APC_CHALLENGE_SIZE + 2 * SESSION_KEY_LEN];
- unsigned char challenge_hash[HASH_SIZE];
+ unsigned char challenge_hash[HASH2_SIZE];
char *command = NULL, *buf = para_malloc(HANDSHAKE_BUFSIZE) /* must be on the heap */;
size_t numbytes;
struct command_context cc_struct = {.u = NULL}, *cc = &cc_struct;
/* send Welcome message */
ret = write_va_buffer(fd, "This is para_server, version "
PACKAGE_VERSION ".\n"
- "Features: sideband,aes_ctr128\n"
+ "Features: sha256\n" /* no longer announce this after 0.8.0 */
);
if (ret < 0)
goto net_err;
* of the random data.
*/
ret = -E_BAD_AUTH;
- if (numbytes != HASH_SIZE)
- goto net_err;
- hash_function((char *)rand_buf, APC_CHALLENGE_SIZE, challenge_hash);
- if (memcmp(challenge_hash, buf, HASH_SIZE))
- goto net_err;
+ if (cf.sha256_requested) {
+ if (numbytes != HASH2_SIZE)
+ goto net_err;
+ hash2_function((char *)rand_buf, APC_CHALLENGE_SIZE, challenge_hash);
+ if (memcmp(challenge_hash, buf, HASH2_SIZE))
+ goto net_err;
+ } else { /* old client. This can be removed after 0.7.0 */
+ if (numbytes != HASH_SIZE)
+ goto net_err;
+ hash_function((char *)rand_buf, APC_CHALLENGE_SIZE, challenge_hash);
+ if (memcmp(challenge_hash, buf, HASH_SIZE))
+ goto net_err;
+ }
/* auth successful */
alarm(0);
PARA_INFO_LOG("good auth for %s\n", cc->u->name);