01_convert-v6-mapped-v4-addresses.diff
[paraslash.git] / net.c
1 /*
2 * Copyright (C) 2005-2009 Andre Noll <maan@systemlinux.org>
3 *
4 * Licensed under the GPL v2. For licencing details see COPYING.
5 */
6
7 /** \file net.c Networking-related helper functions. */
8
9 /*
10 * Since glibc 2.8, the _GNU_SOURCE feature test macro must be defined in order
11 * to obtain the definition of the ucred structure.
12 */
13 #define _GNU_SOURCE
14
15 #include <netdb.h>
16
17 /* At least NetBSD needs these. */
18 #ifndef AI_V4MAPPED
19 #define AI_V4MAPPED 0
20 #endif
21 #ifndef AI_ALL
22 #define AI_ALL 0
23 #endif
24 #ifndef AI_ADDRCONFIG
25 #define AI_ADDRCONFIG 0
26 #endif
27
28 #include <dirent.h>
29 #include <regex.h>
30 #include <openssl/rc4.h>
31
32 #include "para.h"
33 #include "error.h"
34 #include "crypt.h"
35 #include "net.h"
36 #include "string.h"
37 #include "fd.h"
38
39 /**
40 * Parse and validate IPv4 address/netmask string.
41 *
42 * \param cidr Address in CIDR notation
43 * \param addr Copy of the IPv4 address part of \a cidr
44 * \param addrlen Size of \a addr in bytes
45 * \param netmask Value of the netmask part in \a cidr or the
46 * default of 32 if not specified.
47 *
48 * \return Pointer to \a addr if succesful, NULL on error.
49 * \sa RFC 4632
50 */
51 char *parse_cidr(const char *cidr,
52 char *addr, ssize_t addrlen,
53 int32_t *netmask)
54 {
55 const char *o = cidr;
56 char *c = addr, *end = c + (addrlen - 1);
57
58 *netmask = 0x20;
59
60 if (cidr == NULL || addrlen < 1)
61 goto failed;
62
63 for (o = cidr; (*c = *o == '/'? '\0' : *o); c++, o++)
64 if (c == end)
65 goto failed;
66
67 if (*o == '/')
68 if (para_atoi32(++o, netmask) < 0 ||
69 *netmask < 0 || *netmask > 0x20)
70 goto failed;
71
72 if (is_valid_ipv4_address(addr))
73 return addr;
74 failed:
75 *addr = '\0';
76 return NULL;
77 }
78
79
80 /**
81 * Match string as a candidate IPv4 address.
82 *
83 * \param address The string to match.
84 * \return True if \a address has "dot-quad" format.
85 */
86 static bool is_v4_dot_quad(const char *address)
87 {
88 bool result;
89 regex_t r;
90
91 assert(para_regcomp(&r, "^([0-9]+\\.){3}[0-9]+$",
92 REG_EXTENDED | REG_NOSUB) >= 0);
93 result = regexec(&r, address, 0, NULL, 0) == 0;
94 regfree(&r);
95 return result;
96 }
97
98 /**
99 * Perform basic syntax checking on the host-part of an URL:
100 *
101 * - Since ':' is invalid in IPv4 addresses and DNS names, the
102 * presence of ':' causes interpretation as IPv6 address;
103 * - next the first-match-wins algorithm from RFC 3986 is applied;
104 * - else the string is considered as DNS name, to be resolved later.
105 *
106 * \param host The host string to check.
107 * \return True if \a host passes the syntax checks.
108 *
109 * \sa RFC 3986, 3.2.2; RFC 1123, 2.1; RFC 1034, 3.5
110 */
111 static bool host_string_ok(const char *host)
112 {
113 if (host == NULL || *host == '\0')
114 return false;
115 if (strchr(host, ':') != NULL)
116 return is_valid_ipv6_address(host);
117 if (is_v4_dot_quad(host))
118 return is_valid_ipv4_address(host);
119 return true;
120 }
121
122 /**
123 * Parse and validate URL string.
124 *
125 * The URL syntax is loosely based on RFC 3986, supporting one of
126 * - "["host"]"[:port] for native IPv6 addresses and
127 * - host[:port] for IPv4 hostnames and DNS names.
128 *
129 * Native IPv6 addresses must be enclosed in square brackets, since
130 * otherwise there is an ambiguity with the port separator `:'.
131 * The 'port' part is always considered to be a number; if absent,
132 * it is set to -1, to indicate that a default port is to be used.
133 *
134 * The following are valid examples:
135 * - 10.10.1.1
136 * - 10.10.1.2:8000
137 * - localhost
138 * - localhost:8001
139 * - [::1]:8000
140 * - [badc0de::1]
141 *
142 * \param url The URL string to take apart.
143 * \param host To return the copied host part of \a url.
144 * \param hostlen The maximum length of \a host.
145 * \param port To return the port number (if any) of \a url.
146 *
147 * \return Pointer to \a host, or NULL if failed.
148 * If NULL is returned, \a host and \a portnum are undefined. If no
149 * port number was present in \a url, \a portnum is set to -1.
150 *
151 * \sa RFC 3986, 3.2.2/3.2.3
152 */
153 char *parse_url(const char *url,
154 char *host, ssize_t hostlen,
155 int32_t *port)
156 {
157 const char *o = url;
158 char *c = host, *end = c + (hostlen - 1);
159
160 *port = -1;
161
162 if (o == NULL || hostlen < 1)
163 goto failed;
164
165 if (*o == '[') {
166 for (++o; (*c = *o == ']' ? '\0' : *o); c++, o++)
167 if (c == end)
168 goto failed;
169
170 if (*o++ != ']' || (*o != '\0' && *o != ':'))
171 goto failed;
172 } else {
173 for (; (*c = *o == ':'? '\0' : *o); c++, o++)
174 if (c == end)
175 goto failed;
176 }
177
178 if (*o == ':')
179 if (para_atoi32(++o, port) < 0 ||
180 *port < 0 || *port > 0xffff)
181 goto failed;
182
183 if (host_string_ok(host))
184 return host;
185 failed:
186 *host = '\0';
187 return NULL;
188 }
189
190 /**
191 * Determine the socket type for a given layer-4 protocol.
192 *
193 * \param l4type The symbolic name of the transport-layer protocol.
194 *
195 * \sa ip(7), socket(2)
196 */
197 static inline int sock_type(const unsigned l4type)
198 {
199 switch (l4type) {
200 case IPPROTO_UDP: return SOCK_DGRAM;
201 case IPPROTO_TCP: return SOCK_STREAM;
202 case IPPROTO_DCCP: return SOCK_DCCP;
203 }
204 return -1; /* not supported here */
205 }
206
207 /**
208 * Pretty-print transport-layer name.
209 */
210 static const char *layer4_name(const unsigned l4type)
211 {
212 switch (l4type) {
213 case IPPROTO_UDP: return "UDP";
214 case IPPROTO_TCP: return "TCP";
215 case IPPROTO_DCCP: return "DCCP";
216 }
217 return "UNKNOWN PROTOCOL";
218 }
219
220 /**
221 * Resolve IPv4/IPv6 address and create a ready-to-use active or passive socket.
222 *
223 * \param l3type The layer-3 type (\p AF_INET, \p AF_INET6, \p AF_UNSPEC).
224 * \param l4type The layer-4 type (\p IPPROTO_xxx).
225 * \param passive Whether this is a passive (1) or active (0) socket.
226 * \param host Remote or local hostname or IPv/6 address string.
227 * \param port_number Decimal port number.
228 *
229 * This creates a ready-made IPv4/v6 socket structure after looking up the
230 * necessary parameters. The interpretation of \a host depends on the value of
231 * \a passive:
232 * - on a passive socket host is interpreted as an interface IPv4/6 address
233 * (can be left NULL);
234 * - on an active socket, \a host is the peer DNS name or IPv4/6 address
235 * to connect to;
236 * - \a port_number is in either case the numeric port number (not service
237 * string).
238 *
239 * Furthermore, bind(2) is called on passive sockets, and connect(2) on active
240 * sockets. The algorithm tries all possible address combinations until it
241 * succeeds.
242 *
243 * \return This function returns 1 on success and \a -E_ADDRESS_LOOKUP when no
244 * matching connection could be set up (with details in the error log).
245 *
246 * \sa ipv6(7), getaddrinfo(3), bind(2), connect(2).
247 */
248 int makesock(unsigned l3type, unsigned l4type, int passive,
249 const char *host, unsigned short port_number)
250 {
251 struct addrinfo *local = NULL, *src,
252 *remote = NULL, *dst, hints;
253 int rc, on = 1, sockfd = -1,
254 socktype = sock_type(l4type);
255 char port[6]; /* port number has at most 5 digits */
256
257 sprintf(port, "%u", port_number);
258 /* Set up address hint structure */
259 memset(&hints, 0, sizeof(hints));
260 hints.ai_family = l3type;
261 hints.ai_socktype = socktype;
262 /*
263 * getaddrinfo does not support SOCK_DCCP, so for the sake of lookup
264 * (and only then) pretend to be UDP.
265 */
266 if (l4type == IPPROTO_DCCP)
267 hints.ai_socktype = SOCK_DGRAM;
268
269 /* only use addresses available on the host */
270 hints.ai_flags = AI_ADDRCONFIG;
271 if (l3type == AF_INET6)
272 /* use v4-mapped-v6 if no v6 addresses found */
273 hints.ai_flags |= AI_V4MAPPED | AI_ALL;
274
275 if (passive && host == NULL)
276 hints.ai_flags |= AI_PASSIVE;
277
278 /* Obtain local/remote address information */
279 if ((rc = getaddrinfo(host, port, &hints, passive ? &local : &remote))) {
280 PARA_ERROR_LOG("can not resolve %s address %s#%s: %s.\n",
281 layer4_name(l4type),
282 host? host : (passive? "[loopback]" : "[localhost]"),
283 port, gai_strerror(rc));
284 return -E_ADDRESS_LOOKUP;
285 }
286
287 /* Iterate over all src/dst combination, exhausting dst first */
288 for (src = local, dst = remote; src != NULL || dst != NULL; /* no op */ ) {
289 if (src && dst && src->ai_family == AF_INET
290 && dst->ai_family == AF_INET6)
291 goto get_next_dst; /* v4 -> v6 is not possible */
292
293 sockfd = socket(src ? src->ai_family : dst->ai_family,
294 socktype, l4type);
295 if (sockfd < 0)
296 goto get_next_dst;
297
298 /*
299 * Set those options that need to be set before establishing
300 * the connection. Reuse the address on passive (listening)
301 * sockets to avoid failure on restart.
302 */
303 if (passive && setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR,
304 &on, sizeof(on)) == -1) {
305 PARA_ERROR_LOG("can not set SO_REUSEADDR: %s\n",
306 strerror(errno));
307 return -ERRNO_TO_PARA_ERROR(errno);
308 }
309
310 if (src) {
311 if (bind(sockfd, src->ai_addr, src->ai_addrlen) < 0) {
312 close(sockfd);
313 goto get_next_src;
314 }
315 if (!dst) /* bind-only completed successfully */
316 break;
317 }
318
319 if (dst && connect(sockfd, dst->ai_addr, dst->ai_addrlen) == 0)
320 break; /* connection completed successfully */
321 close(sockfd);
322 get_next_dst:
323 if (dst && (dst = dst->ai_next))
324 continue;
325 get_next_src:
326 if (src && (src = src->ai_next)) /* restart inner loop */
327 dst = remote;
328 }
329 if (local)
330 freeaddrinfo(local);
331 if (remote)
332 freeaddrinfo(remote);
333
334 if (src == NULL && dst == NULL) {
335 PARA_ERROR_LOG("can not create %s socket %s#%s.\n",
336 layer4_name(l4type), host? host : (passive?
337 "[loopback]" : "[localhost]"), port);
338 return -ERRNO_TO_PARA_ERROR(errno);
339 }
340 return sockfd;
341 }
342
343 /**
344 * Create a passive / listening socket.
345 *
346 * \param l3type The network-layer type (\p AF_xxx).
347 * \param l4type The transport-layer type (\p IPPROTO_xxx).
348 * \param port The decimal port number to listen on.
349 *
350 * \return Positive integer (socket descriptor) on success, negative value
351 * otherwise.
352 *
353 * \sa makesock(), ip(7), ipv6(7), bind(2), listen(2).
354 */
355 int para_listen(unsigned l3type, unsigned l4type, unsigned short port)
356 {
357 int ret, fd = makesock(l3type, l4type, 1, NULL, port);
358
359 if (fd > 0) {
360 ret = listen(fd, BACKLOG);
361 if (ret < 0) {
362 close(fd);
363 return -ERRNO_TO_PARA_ERROR(errno);
364 }
365 PARA_INFO_LOG("listening on %s port %u, fd %d\n",
366 layer4_name(l4type), port, fd);
367 }
368 return fd;
369 }
370
371 /**
372 * Determine IPv4/v6 socket address length.
373 * \param sa Container of IPv4 or IPv6 address.
374 * \return Address-family dependent address length.
375 */
376 static socklen_t salen(const struct sockaddr *sa)
377 {
378 assert(sa->sa_family == AF_INET || sa->sa_family == AF_INET6);
379
380 return sa->sa_family == AF_INET6
381 ? sizeof(struct sockaddr_in6)
382 : sizeof(struct sockaddr_in);
383 }
384
385 /**
386 * Process IPv4/v6 address, turn v6-mapped-v4 address into normal IPv4 address.
387 * \param ss Container of IPv4/6 address.
388 * \return Pointer to normalized address (may be static storage).
389 *
390 * \sa RFC 3493
391 */
392 static const struct sockaddr *
393 normalize_ip_address(const struct sockaddr_storage *ss)
394 {
395 const struct sockaddr_in6 *ia6 = (const struct sockaddr_in6 *)ss;
396
397 assert(ss->ss_family == AF_INET || ss->ss_family == AF_INET6);
398
399 if (ss->ss_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(&ia6->sin6_addr)) {
400 static struct sockaddr_in ia;
401
402 ia.sin_family = AF_INET;
403 ia.sin_port = ia6->sin6_port;
404 memcpy(&ia.sin_addr.s_addr, &(ia6->sin6_addr.s6_addr[12]), 4);
405 return (const struct sockaddr *)&ia;
406 }
407 return (const struct sockaddr *)ss;
408 }
409
410 /**
411 * Print numeric host and port number (beware - uses static char).
412 *
413 * \param sa The IPv4/IPv6 socket address to use.
414 *
415 * \sa getnameinfo(3).
416 */
417 static char *host_and_port(const struct sockaddr_storage *ss)
418 {
419 const struct sockaddr *sa = normalize_ip_address(ss);
420 char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
421 static char output[sizeof(hbuf) + sizeof(sbuf) + 2];
422 int ret;
423
424 ret = getnameinfo(sa, salen(sa),
425 hbuf, sizeof(hbuf),
426 sbuf, sizeof(sbuf),
427 NI_NUMERICHOST | NI_NUMERICSERV);
428 if (ret == 0) {
429 snprintf(output, sizeof(output), "%s#%s", hbuf, sbuf);
430 } else {
431 snprintf(output, sizeof(output), "(unknown)");
432 PARA_WARNING_LOG("hostname lookup error (%s).\n",
433 gai_strerror(ret));
434 }
435 return output;
436 }
437
438 /**
439 * Look up the local or remote side of a connected socket structure.
440 *
441 * \param fd The socket descriptor of the connected socket.
442 * \param getname Either \p getsockname() for local, or \p getpeername() for
443 * remote side.
444 *
445 * \return A static character string identifying hostname and port of the
446 * chosen side.
447 *
448 * \sa getsockname(2), getpeername(2).
449 */
450 static char *__get_sock_name(int fd, int (*getname)(int, struct sockaddr*,
451 socklen_t *))
452 {
453 struct sockaddr_storage ss;
454 socklen_t sslen = sizeof(ss);
455
456 if (getname(fd, (struct sockaddr *)&ss, &sslen) < 0) {
457 static char *dont_know = "(don't know)";
458 PARA_ERROR_LOG("can not determine address from fd %d: %s\n",
459 fd, strerror(errno));
460 return dont_know;
461 }
462 return host_and_port(&ss);
463 }
464
465 /**
466 * Look up the local side of a connected socket structure.
467 *
468 * \param sockfd The file descriptor of the socket.
469 *
470 * \return A pointer to a static buffer containing hostname an port. This
471 * buffer must not be freed by the caller.
472 *
473 * \sa remote_name().
474 */
475 char *local_name(int sockfd)
476 {
477 return __get_sock_name(sockfd, getsockname);
478 }
479
480 /**
481 * Look up the remote side of a connected socket structure.
482 *
483 * \param sockfd The file descriptor of the socket.
484 *
485 * \return Analogous to the return value of \ref local_name() but for the
486 * remote side.
487 *
488 * \sa local_name().
489 */
490 char *remote_name(int sockfd)
491 {
492 return __get_sock_name(sockfd, getpeername);
493 }
494
495 /**
496 * Extract IPv4 or IPv6-mapped-IPv4 address from sockaddr_storage.
497 * \param ss Container of IPv4/6 address
498 * \return Extracted IPv4 address (different from 0) or 0 if unsuccessful.
499 *
500 * \sa RFC 3493
501 */
502 struct in_addr extract_v4_addr(const struct sockaddr_storage *ss)
503 {
504 struct in_addr ia = {.s_addr = 0};
505 const struct sockaddr *sa = normalize_ip_address(ss);
506
507 if (sa->sa_family == AF_INET)
508 ia = ((struct sockaddr_in *)sa)->sin_addr;
509 return ia;
510 }
511
512 /**
513 * Send a binary buffer.
514 *
515 * \param fd The file descriptor.
516 * \param buf The buffer to be sent.
517 * \param len The length of \a buf.
518 *
519 * Send out the buffer and try to resend the remaining part in case of short
520 * writes.
521 *
522 * \return Standard.
523 */
524 int send_bin_buffer(int fd, const char *buf, size_t len)
525 {
526 if (!len)
527 PARA_CRIT_LOG("len == 0\n");
528 return write_all(fd, buf, &len);
529 }
530
531 /**
532 * Send a \p NULL-terminated buffer.
533 *
534 * \param fd The file descriptor.
535 * \param buf The null-terminated buffer to be send.
536 *
537 * This is equivalent to send_bin_buffer(fd, buf, strlen(buf)).
538 *
539 * \return Standard.
540 */
541 int send_buffer(int fd, const char *buf)
542 {
543 return send_bin_buffer(fd, buf, strlen(buf));
544 }
545
546 /**
547 * Send a buffer given by a format string.
548 *
549 * \param fd The file descriptor.
550 * \param fmt A format string.
551 *
552 * \return Standard.
553 */
554 __printf_2_3 int send_va_buffer(int fd, const char *fmt, ...)
555 {
556 char *msg;
557 int ret;
558
559 PARA_VSPRINTF(fmt, msg);
560 ret = send_buffer(fd, msg);
561 free(msg);
562 return ret;
563 }
564
565 /**
566 * Receive data from a file descriptor.
567 *
568 * \param fd The file descriptor.
569 * \param buf The buffer to write the data to.
570 * \param size The size of \a buf.
571 *
572 * Receive at most \a size bytes from file descriptor \a fd.
573 *
574 * \return The number of bytes received on success, negative on errors, zero if
575 * the peer has performed an orderly shutdown.
576 *
577 * \sa recv(2).
578 */
579 __must_check int recv_bin_buffer(int fd, char *buf, size_t size)
580 {
581 ssize_t n;
582
583 n = recv(fd, buf, size, 0);
584 if (n == -1)
585 return -ERRNO_TO_PARA_ERROR(errno);
586 return n;
587 }
588
589 /**
590 * Receive and write terminating NULL byte.
591 *
592 * \param fd The file descriptor.
593 * \param buf The buffer to write the data to.
594 * \param size The size of \a buf.
595 *
596 * Read at most \a size - 1 bytes from file descriptor \a fd and
597 * write a NULL byte at the end of the received data.
598 *
599 * \return The return value of the underlying call to \a recv_bin_buffer().
600 *
601 * \sa recv_bin_buffer()
602 */
603 int recv_buffer(int fd, char *buf, size_t size)
604 {
605 int n;
606
607 assert(size);
608 n = recv_bin_buffer(fd, buf, size - 1);
609 if (n >= 0)
610 buf[n] = '\0';
611 else
612 *buf = '\0';
613 return n;
614 }
615
616 /**
617 * Wrapper around the accept system call.
618 *
619 * \param fd The listening socket.
620 * \param addr Structure which is filled in with the address of the peer socket.
621 * \param size Should contain the size of the structure pointed to by \a addr.
622 *
623 * Accept incoming connections on \a addr. Retry if interrupted.
624 *
625 * \return The new file descriptor on success, negative on errors.
626 *
627 * \sa accept(2).
628 */
629 int para_accept(int fd, void *addr, socklen_t size)
630 {
631 int new_fd;
632
633 do
634 new_fd = accept(fd, (struct sockaddr *) addr, &size);
635 while (new_fd < 0 && errno == EINTR);
636 return new_fd < 0? -ERRNO_TO_PARA_ERROR(errno) : new_fd;
637 }
638
639 /**
640 * Prepare a structure for \p AF_UNIX socket addresses.
641 *
642 * \param u Pointer to the struct to be prepared.
643 * \param name The socket pathname.
644 *
645 * This just copies \a name to the sun_path component of \a u.
646 *
647 * \return Positive on success, \p -E_NAME_TOO_LONG if \a name is longer
648 * than \p UNIX_PATH_MAX.
649 */
650 static int init_unix_addr(struct sockaddr_un *u, const char *name)
651 {
652 if (strlen(name) >= UNIX_PATH_MAX)
653 return -E_NAME_TOO_LONG;
654 memset(u->sun_path, 0, UNIX_PATH_MAX);
655 u->sun_family = PF_UNIX;
656 strcpy(u->sun_path, name);
657 return 1;
658 }
659
660 /**
661 * Prepare, create, and bind a socket for local communication.
662 *
663 * \param name The socket pathname.
664 * \param unix_addr Pointer to the \p AF_UNIX socket structure.
665 * \param mode The desired mode of the socket.
666 *
667 * This function creates a local socket for sequenced, reliable,
668 * two-way, connection-based byte streams.
669 *
670 * \return The file descriptor, on success, negative on errors.
671 *
672 * \sa socket(2)
673 * \sa bind(2)
674 * \sa chmod(2)
675 */
676 int create_local_socket(const char *name, struct sockaddr_un *unix_addr,
677 mode_t mode)
678 {
679 int fd, ret;
680
681 ret = init_unix_addr(unix_addr, name);
682 if (ret < 0)
683 return ret;
684 ret = socket(PF_UNIX, SOCK_STREAM, 0);
685 if (ret < 0)
686 return -ERRNO_TO_PARA_ERROR(errno);
687 fd = ret;
688 ret = bind(fd, (struct sockaddr *) unix_addr, UNIX_PATH_MAX);
689 if (ret < 0) {
690 ret = -ERRNO_TO_PARA_ERROR(errno);
691 goto err;
692 }
693 ret = -E_CHMOD;
694 if (chmod(name, mode) < 0)
695 goto err;
696 return fd;
697 err:
698 close(fd);
699 return ret;
700 }
701
702 /**
703 * Prepare, create, and connect to a Unix domain socket for local communication.
704 *
705 * \param name The socket pathname.
706 *
707 * This function creates a local socket for sequenced, reliable, two-way,
708 * connection-based byte streams.
709 *
710 * \return The file descriptor, on success, negative on errors.
711 *
712 * \sa create_local_socket(), unix(7), connect(2).
713 */
714 int create_remote_socket(const char *name)
715 {
716 struct sockaddr_un unix_addr;
717 int fd, ret;
718
719 ret = init_unix_addr(&unix_addr, name);
720 if (ret < 0)
721 return ret;
722 fd = socket(PF_UNIX, SOCK_STREAM, 0);
723 if (fd < 0)
724 return -ERRNO_TO_PARA_ERROR(errno);
725 if (connect(fd, (struct sockaddr *)&unix_addr, sizeof(unix_addr)) == -1) {
726 ret = -ERRNO_TO_PARA_ERROR(errno);
727 goto err;
728 }
729 return fd;
730 err:
731 close(fd);
732 return ret;
733 }
734
735 #ifndef HAVE_UCRED
736 ssize_t send_cred_buffer(int sock, char *buf)
737 {
738 return send_buffer(sock, buf);
739 }
740 int recv_cred_buffer(int fd, char *buf, size_t size)
741 {
742 return recv_buffer(fd, buf, size) > 0? 1 : -E_RECVMSG;
743 }
744 #else /* HAVE_UCRED */
745 /**
746 * Send \p NULL-terminated buffer and Unix credentials of the current process.
747 *
748 * \param sock The socket file descriptor.
749 * \param buf The buffer to be sent.
750 *
751 * \return On success, this call returns the number of characters sent. On
752 * error, \p -E_SENDMSG is returned.
753 *
754 * \sa sendmsg(2), okir's Black Hats Manual.
755 */
756 ssize_t send_cred_buffer(int sock, char *buf)
757 {
758 char control[sizeof(struct cmsghdr) + sizeof(struct ucred)];
759 struct msghdr msg;
760 struct cmsghdr *cmsg;
761 static struct iovec iov;
762 struct ucred c;
763 int ret;
764
765 /* Response data */
766 iov.iov_base = buf;
767 iov.iov_len = strlen(buf);
768 c.pid = getpid();
769 c.uid = getuid();
770 c.gid = getgid();
771 /* compose the message */
772 memset(&msg, 0, sizeof(msg));
773 msg.msg_iov = &iov;
774 msg.msg_iovlen = 1;
775 msg.msg_control = control;
776 msg.msg_controllen = sizeof(control);
777 /* attach the ucred struct */
778 cmsg = CMSG_FIRSTHDR(&msg);
779 cmsg->cmsg_level = SOL_SOCKET;
780 cmsg->cmsg_type = SCM_CREDENTIALS;
781 cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
782 *(struct ucred *)CMSG_DATA(cmsg) = c;
783 msg.msg_controllen = cmsg->cmsg_len;
784 ret = sendmsg(sock, &msg, 0);
785 if (ret < 0)
786 ret = -E_SENDMSG;
787 return ret;
788 }
789
790 static void dispose_fds(int *fds, unsigned num)
791 {
792 int i;
793
794 for (i = 0; i < num; i++)
795 close(fds[i]);
796 }
797
798 /**
799 * Receive a buffer and the Unix credentials of the sending process.
800 *
801 * \param fd the socket file descriptor.
802 * \param buf the buffer to store the message.
803 * \param size the size of \a buffer.
804 *
805 * \return negative on errors, the user id on success.
806 *
807 * \sa recvmsg(2), okir's Black Hats Manual.
808 */
809 int recv_cred_buffer(int fd, char *buf, size_t size)
810 {
811 char control[255];
812 struct msghdr msg;
813 struct cmsghdr *cmsg;
814 struct iovec iov;
815 int result = 0;
816 int yes = 1;
817 struct ucred cred;
818
819 setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &yes, sizeof(int));
820 memset(&msg, 0, sizeof(msg));
821 memset(buf, 0, size);
822 iov.iov_base = buf;
823 iov.iov_len = size;
824 msg.msg_iov = &iov;
825 msg.msg_iovlen = 1;
826 msg.msg_control = control;
827 msg.msg_controllen = sizeof(control);
828 if (recvmsg(fd, &msg, 0) < 0)
829 return -E_RECVMSG;
830 result = -E_SCM_CREDENTIALS;
831 cmsg = CMSG_FIRSTHDR(&msg);
832 while (cmsg) {
833 if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type
834 == SCM_CREDENTIALS) {
835 memcpy(&cred, CMSG_DATA(cmsg), sizeof(struct ucred));
836 result = cred.uid;
837 } else
838 if (cmsg->cmsg_level == SOL_SOCKET
839 && cmsg->cmsg_type == SCM_RIGHTS) {
840 dispose_fds((int *) CMSG_DATA(cmsg),
841 (cmsg->cmsg_len - CMSG_LEN(0))
842 / sizeof(int));
843 }
844 cmsg = CMSG_NXTHDR(&msg, cmsg);
845 }
846 return result;
847 }
848 #endif /* HAVE_UCRED */
849
850 /**
851 * Receive a buffer and check for a pattern.
852 *
853 * \param fd The file descriptor to receive from.
854 * \param pattern The expected pattern.
855 * \param bufsize The size of the internal buffer.
856 *
857 * \return Positive if \a pattern was received, negative otherwise.
858 *
859 * This function tries to receive at most \a bufsize bytes from file descriptor
860 * \a fd. If at least \p strlen(\a pattern) bytes were received, the beginning
861 * of the received buffer is compared with \a pattern, ignoring case.
862 *
863 * \sa recv_buffer(), \sa strncasecmp(3).
864 */
865 int recv_pattern(int fd, const char *pattern, size_t bufsize)
866 {
867 size_t len = strlen(pattern);
868 char *buf = para_malloc(bufsize + 1);
869 int ret = -E_RECV_PATTERN, n = recv_buffer(fd, buf, bufsize + 1);
870
871 if (n < len)
872 goto out;
873 if (strncasecmp(buf, pattern, len))
874 goto out;
875 ret = 1;
876 out:
877 if (ret < 0) {
878 PARA_NOTICE_LOG("did not receive pattern '%s'\n", pattern);
879 if (n > 0)
880 PARA_NOTICE_LOG("recvd %d bytes: %s\n", n, buf);
881 else if (n < 0)
882 PARA_NOTICE_LOG("%s\n", para_strerror(-n));
883 }
884 free(buf);
885 return ret;
886 }