Merge commit 'fml/master'
[paraslash.git] / net.c
1 /*
2 * Copyright (C) 2005-2009 Andre Noll <maan@systemlinux.org>
3 *
4 * Licensed under the GPL v2. For licencing details see COPYING.
5 */
6
7 /** \file net.c Networking-related helper functions. */
8
9 /*
10 * Since glibc 2.8, the _GNU_SOURCE feature test macro must be defined in order
11 * to obtain the definition of the ucred structure.
12 */
13 #define _GNU_SOURCE
14
15 #include <netdb.h>
16
17 /* At least NetBSD needs these. */
18 #ifndef AI_V4MAPPED
19 #define AI_V4MAPPED 0
20 #endif
21 #ifndef AI_ALL
22 #define AI_ALL 0
23 #endif
24 #ifndef AI_ADDRCONFIG
25 #define AI_ADDRCONFIG 0
26 #endif
27
28 #include <dirent.h>
29 #include <regex.h>
30
31 #include "para.h"
32 #include "error.h"
33 #include "net.h"
34 #include "string.h"
35 #include "fd.h"
36
37
38 /** Information about one encrypted connection. */
39 struct crypt_data {
40 /** Function used to decrypt received data. */
41 crypt_function *recv;
42 /** Function used to encrypt data to be sent. */
43 crypt_function *send;
44 /**
45 * Context-dependent data (crypt keys), passed verbatim to the above
46 * crypt functions.
47 */
48 void *private_data;
49 };
50 /** Array holding per fd crypt data. */
51 static struct crypt_data *crypt_data_array;
52 /** Current size of the crypt data array. */
53 static unsigned cda_size = 0;
54
55 /**
56 * Activate encryption for one file descriptor.
57 *
58 * \param fd The file descriptor.
59 * \param recv_f The function used for decrypting received data.
60 * \param send_f The function used for encrypting before sending.
61 * \param private_data User data supplied by the caller.
62 */
63 void enable_crypt(int fd, crypt_function *recv_f, crypt_function *send_f,
64 void *private_data)
65 {
66 if (fd + 1 > cda_size) {
67 crypt_data_array = para_realloc(crypt_data_array,
68 (fd + 1) * sizeof(struct crypt_data));
69 memset(crypt_data_array + cda_size, 0,
70 (fd + 1 - cda_size) * sizeof(struct crypt_data));
71 cda_size = fd + 1;
72 }
73 crypt_data_array[fd].recv = recv_f;
74 crypt_data_array[fd].send = send_f;
75 crypt_data_array[fd].private_data = private_data;
76 PARA_INFO_LOG("rc4 encryption activated for fd %d\n", fd);
77 }
78
79 /**
80 * Deactivate encryption for a given fd.
81 *
82 * \param fd The file descriptor.
83 *
84 * This must be called if and only if \p fd was activated via enable_crypt().
85 */
86 void disable_crypt(int fd)
87 {
88 if (cda_size < fd + 1)
89 return;
90 crypt_data_array[fd].recv = NULL;
91 crypt_data_array[fd].send = NULL;
92 crypt_data_array[fd].private_data = NULL;
93 }
94
95 /**
96 * Parse and validate IPv4 address/netmask string.
97 *
98 * \param cidr Address in CIDR notation
99 * \param addr Copy of the IPv4 address part of \a cidr
100 * \param addrlen Size of \a addr in bytes
101 * \param netmask Value of the netmask part in \a cidr or the
102 * default of 32 if not specified.
103 *
104 * \return Pointer to \a addr if succesful, NULL on error.
105 * \sa RFC 4632
106 */
107 char *parse_cidr(const char *cidr,
108 char *addr, ssize_t addrlen,
109 int32_t *netmask)
110 {
111 const char *o = cidr;
112 char *c = addr, *end = c + (addrlen - 1);
113
114 *netmask = 0x20;
115
116 if (cidr == NULL || addrlen < 1)
117 goto failed;
118
119 for (o = cidr; (*c = *o == '/'? '\0' : *o); c++, o++)
120 if (c == end)
121 goto failed;
122
123 if (*o == '/')
124 if (para_atoi32(++o, netmask) < 0 ||
125 *netmask < 0 || *netmask > 0x20)
126 goto failed;
127
128 if (is_valid_ipv4_address(addr))
129 return addr;
130 failed:
131 *addr = '\0';
132 return NULL;
133 }
134
135
136 /**
137 * Match string as a candidate IPv4 address.
138 *
139 * \param address The string to match.
140 * \return True if \a address has "dot-quad" format.
141 */
142 static bool is_v4_dot_quad(const char *address)
143 {
144 bool result;
145 regex_t r;
146
147 assert(!regcomp(&r, "^([0-9]+\\.){3}[0-9]+$", REG_EXTENDED|REG_NOSUB));
148 result = regexec(&r, address, 0, NULL, 0) == 0;
149 regfree(&r);
150 return result;
151 }
152
153 /**
154 * Perform basic syntax checking on the host-part of an URL:
155 *
156 * - Since ':' is invalid in IPv4 addresses and DNS names, the
157 * presence of ':' causes interpretation as IPv6 address;
158 * - next the first-match-wins algorithm from RFC 3986 is applied;
159 * - else the string is considered as DNS name, to be resolved later.
160 *
161 * \param host The host string to check.
162 * \return True if \a host passes the syntax checks.
163 *
164 * \sa RFC 3986, 3.2.2; RFC 1123, 2.1; RFC 1034, 3.5
165 */
166 static bool host_string_ok(const char *host)
167 {
168 if (host == NULL || *host == '\0')
169 return false;
170 if (strchr(host, ':') != NULL)
171 return is_valid_ipv6_address(host);
172 if (is_v4_dot_quad(host))
173 return is_valid_ipv4_address(host);
174 return true;
175 }
176
177 /**
178 * Parse and validate URL string.
179 *
180 * The URL syntax is loosely based on RFC 3986, supporting one of
181 * - "["host"]"[:port] for native IPv6 addresses and
182 * - host[:port] for IPv4 hostnames and DNS names.
183 *
184 * Native IPv6 addresses must be enclosed in square brackets, since
185 * otherwise there is an ambiguity with the port separator `:'.
186 * The 'port' part is always considered to be a number; if absent,
187 * it is set to -1, to indicate that a default port is to be used.
188 *
189 * The following are valid examples:
190 * - 10.10.1.1
191 * - 10.10.1.2:8000
192 * - localhost
193 * - localhost:8001
194 * - [::1]:8000
195 * - [badc0de::1]
196 *
197 * \param url The URL string to take apart.
198 * \param host To return the copied host part of \a url.
199 * \param hostlen The maximum length of \a host.
200 * \param port To return the port number (if any) of \a url.
201 *
202 * \return Pointer to \a host, or NULL if failed.
203 * If NULL is returned, \a host and \a portnum are undefined. If no
204 * port number was present in \a url, \a portnum is set to -1.
205 *
206 * \sa RFC 3986, 3.2.2/3.2.3
207 */
208 char *parse_url(const char *url,
209 char *host, ssize_t hostlen,
210 int32_t *port)
211 {
212 const char *o = url;
213 char *c = host, *end = c + (hostlen - 1);
214
215 *port = -1;
216
217 if (o == NULL || hostlen < 1)
218 goto failed;
219
220 if (*o == '[') {
221 for (++o; (*c = *o == ']' ? '\0' : *o); c++, o++)
222 if (c == end)
223 goto failed;
224
225 if (*o++ != ']' || (*o != '\0' && *o != ':'))
226 goto failed;
227 } else {
228 for (; (*c = *o == ':'? '\0' : *o); c++, o++)
229 if (c == end)
230 goto failed;
231 }
232
233 if (*o == ':')
234 if (para_atoi32(++o, port) < 0 ||
235 *port < 0 || *port > 0xffff)
236 goto failed;
237
238 if (host_string_ok(host))
239 return host;
240 failed:
241 *host = '\0';
242 return NULL;
243 }
244
245 /**
246 * Determine the socket type for a given layer-4 protocol.
247 *
248 * \param l4type The symbolic name of the transport-layer protocol.
249 *
250 * \sa ip(7), socket(2)
251 */
252 static inline int sock_type(const unsigned l4type)
253 {
254 switch (l4type) {
255 case IPPROTO_UDP: return SOCK_DGRAM;
256 case IPPROTO_TCP: return SOCK_STREAM;
257 case IPPROTO_DCCP: return SOCK_DCCP;
258 }
259 return -1; /* not supported here */
260 }
261
262 /**
263 * Pretty-print transport-layer name.
264 */
265 static const char *layer4_name(const unsigned l4type)
266 {
267 switch (l4type) {
268 case IPPROTO_UDP: return "UDP";
269 case IPPROTO_TCP: return "TCP";
270 case IPPROTO_DCCP: return "DCCP";
271 }
272 return "UNKNOWN PROTOCOL";
273 }
274
275 /**
276 * Resolve IPv4/IPv6 address and create a ready-to-use active or passive socket.
277 *
278 * \param l3type The layer-3 type (\p AF_INET, \p AF_INET6, \p AF_UNSPEC).
279 * \param l4type The layer-4 type (\p IPPROTO_xxx).
280 * \param passive Whether this is a passive (1) or active (0) socket.
281 * \param host Remote or local hostname or IPv/6 address string.
282 * \param port_number Decimal port number.
283 *
284 * This creates a ready-made IPv4/v6 socket structure after looking up the
285 * necessary parameters. The interpretation of \a host depends on the value of
286 * \a passive:
287 * - on a passive socket host is interpreted as an interface IPv4/6 address
288 * (can be left NULL);
289 * - on an active socket, \a host is the peer DNS name or IPv4/6 address
290 * to connect to;
291 * - \a port_number is in either case the numeric port number (not service
292 * string).
293 *
294 * Furthermore, bind(2) is called on passive sockets, and connect(2) on active
295 * sockets. The algorithm tries all possible address combinations until it
296 * succeeds.
297 *
298 * \return This function returns 1 on success and \a -E_ADDRESS_LOOKUP when no
299 * matching connection could be set up (with details in the error log).
300 *
301 * \sa ipv6(7), getaddrinfo(3), bind(2), connect(2).
302 */
303 int makesock(unsigned l3type, unsigned l4type, int passive,
304 const char *host, unsigned short port_number)
305 {
306 struct addrinfo *local = NULL, *src,
307 *remote = NULL, *dst, hints;
308 int rc, on = 1, sockfd = -1,
309 socktype = sock_type(l4type);
310 char port[6]; /* port number has at most 5 digits */
311
312 sprintf(port, "%u", port_number);
313 /* Set up address hint structure */
314 memset(&hints, 0, sizeof(hints));
315 hints.ai_family = l3type;
316 hints.ai_socktype = socktype;
317 /*
318 * getaddrinfo does not support SOCK_DCCP, so for the sake of lookup
319 * (and only then) pretend to be UDP.
320 */
321 if (l4type == IPPROTO_DCCP)
322 hints.ai_socktype = SOCK_DGRAM;
323
324 /* only use addresses available on the host */
325 hints.ai_flags = AI_ADDRCONFIG;
326 if (l3type == AF_INET6)
327 /* use v4-mapped-v6 if no v6 addresses found */
328 hints.ai_flags |= AI_V4MAPPED | AI_ALL;
329
330 if (passive && host == NULL)
331 hints.ai_flags |= AI_PASSIVE;
332
333 /* Obtain local/remote address information */
334 if ((rc = getaddrinfo(host, port, &hints, passive ? &local : &remote))) {
335 PARA_ERROR_LOG("can not resolve %s address %s#%s: %s.\n",
336 layer4_name(l4type),
337 host? host : (passive? "[loopback]" : "[localhost]"),
338 port, gai_strerror(rc));
339 return -E_ADDRESS_LOOKUP;
340 }
341
342 /* Iterate over all src/dst combination, exhausting dst first */
343 for (src = local, dst = remote; src != NULL || dst != NULL; /* no op */ ) {
344 if (src && dst && src->ai_family == AF_INET
345 && dst->ai_family == AF_INET6)
346 goto get_next_dst; /* v4 -> v6 is not possible */
347
348 sockfd = socket(src ? src->ai_family : dst->ai_family,
349 socktype, l4type);
350 if (sockfd < 0)
351 goto get_next_dst;
352
353 /*
354 * Set those options that need to be set before establishing
355 * the connection. Reuse the address on passive (listening)
356 * sockets to avoid failure on restart.
357 */
358 if (passive && setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR,
359 &on, sizeof(on)) == -1) {
360 PARA_ERROR_LOG("can not set SO_REUSEADDR: %s\n",
361 strerror(errno));
362 return -ERRNO_TO_PARA_ERROR(errno);
363 }
364
365 if (src) {
366 if (bind(sockfd, src->ai_addr, src->ai_addrlen) < 0) {
367 close(sockfd);
368 goto get_next_src;
369 }
370 if (!dst) /* bind-only completed successfully */
371 break;
372 }
373
374 if (dst && connect(sockfd, dst->ai_addr, dst->ai_addrlen) == 0)
375 break; /* connection completed successfully */
376 close(sockfd);
377 get_next_dst:
378 if (dst && (dst = dst->ai_next))
379 continue;
380 get_next_src:
381 if (src && (src = src->ai_next)) /* restart inner loop */
382 dst = remote;
383 }
384 if (local)
385 freeaddrinfo(local);
386 if (remote)
387 freeaddrinfo(remote);
388
389 if (src == NULL && dst == NULL) {
390 PARA_ERROR_LOG("can not create %s socket %s#%s.\n",
391 layer4_name(l4type), host? host : (passive?
392 "[loopback]" : "[localhost]"), port);
393 return -ERRNO_TO_PARA_ERROR(errno);
394 }
395 return sockfd;
396 }
397
398 /**
399 * Create a passive / listening socket.
400 *
401 * \param l3type The network-layer type (\p AF_xxx).
402 * \param l4type The transport-layer type (\p IPPROTO_xxx).
403 * \param port The decimal port number to listen on.
404 *
405 * \return Positive integer (socket descriptor) on success, negative value
406 * otherwise.
407 *
408 * \sa makesock(), ip(7), ipv6(7), bind(2), listen(2).
409 */
410 int para_listen(unsigned l3type, unsigned l4type, unsigned short port)
411 {
412 int ret, fd = makesock(l3type, l4type, 1, NULL, port);
413
414 if (fd > 0) {
415 ret = listen(fd, BACKLOG);
416 if (ret < 0) {
417 close(fd);
418 return -ERRNO_TO_PARA_ERROR(errno);
419 }
420 PARA_INFO_LOG("listening on %s port %u, fd %d\n",
421 layer4_name(l4type), port, fd);
422 }
423 return fd;
424 }
425
426 /**
427 * Print numeric host and port number (beware - uses static char).
428 *
429 * \param sa The IPv4/IPv6 socket address to use.
430 * \param len The length of \p sa.
431 *
432 * \sa getnameinfo(3).
433 */
434 static char *host_and_port(struct sockaddr *sa, socklen_t len)
435 {
436 static char output[NI_MAXHOST + NI_MAXSERV + 2];
437 char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
438 int ret;
439
440 ret = getnameinfo(sa, len, hbuf, sizeof(hbuf), sbuf, sizeof(sbuf),
441 NI_NUMERICHOST | NI_NUMERICSERV);
442 if (ret) {
443 PARA_WARNING_LOG("hostname lookup error (%s).\n",
444 gai_strerror(ret));
445 sprintf(output, "(unknown)");
446 } else
447 sprintf(output, "%s#%s", hbuf, sbuf);
448 return output;
449 }
450
451 /**
452 * Look up the local or remote side of a connected socket structure.
453 *
454 * \param fd The socket descriptor of the connected socket.
455 * \param getname Either \p getsockname() for local, or \p getpeername() for
456 * remote side.
457 *
458 * \return A static character string identifying hostname and port of the
459 * chosen side.
460 *
461 * \sa getsockname(2), getpeername(2).
462 */
463 static char *__get_sock_name(int fd, int (*getname)(int, struct sockaddr*,
464 socklen_t *))
465 {
466 struct sockaddr_storage ss;
467 socklen_t sslen = sizeof(ss);
468
469 if (getname(fd, (struct sockaddr *)&ss, &sslen) < 0) {
470 static char *dont_know = "(don't know)";
471 PARA_ERROR_LOG("can not determine address from fd %d: %s\n",
472 fd, strerror(errno));
473 return dont_know;
474 }
475 return host_and_port((struct sockaddr *)&ss, sslen);
476 }
477
478 /**
479 * Look up the local side of a connected socket structure.
480 *
481 * \param sockfd The file descriptor of the socket.
482 *
483 * \return A pointer to a static buffer containing hostname an port. This
484 * buffer must not be freed by the caller.
485 *
486 * \sa remote_name().
487 */
488 char *local_name(int sockfd)
489 {
490 return __get_sock_name(sockfd, getsockname);
491 }
492
493 /**
494 * Look up the remote side of a connected socket structure.
495 *
496 * \param sockfd The file descriptor of the socket.
497 *
498 * \return Analogous to the return value of \ref local_name() but for the
499 * remote side.
500 *
501 * \sa local_name().
502 */
503 char *remote_name(int sockfd)
504 {
505 return __get_sock_name(sockfd, getpeername);
506 }
507
508 /**
509 * Extract IPv4 or IPv6-mapped-IPv4 address from sockaddr_storage.
510 * \param ss Container of IPv4/6 address
511 * \return Extracted IPv4 address (different from 0) or 0 if unsuccessful.
512 *
513 * \sa RFC 3493
514 */
515 struct in_addr extract_v4_addr(const struct sockaddr_storage *ss)
516 {
517 struct in_addr ia = {.s_addr = 0};
518
519 if (ss->ss_family == AF_INET)
520 ia.s_addr = ((struct sockaddr_in *)ss)->sin_addr.s_addr;
521 if (ss->ss_family == AF_INET6) {
522 const struct in6_addr v6_addr = ((struct sockaddr_in6 *)ss)->sin6_addr;
523
524 if (IN6_IS_ADDR_V4MAPPED(&v6_addr))
525 memcpy(&ia.s_addr, &(v6_addr.s6_addr[12]), 4);
526 }
527 return ia;
528 }
529
530 /**
531 * Encrypt and send a binary buffer.
532 *
533 * \param fd The file descriptor.
534 * \param buf The buffer to be encrypted and sent.
535 * \param len The length of \a buf.
536 *
537 * Check if encryption is available. If yes, encrypt the given buffer. Send
538 * out the buffer, encrypted or not, and try to resend the remaining part in
539 * case of short writes.
540 *
541 * \return Standard.
542 */
543 int send_bin_buffer(int fd, const char *buf, size_t len)
544 {
545 int ret;
546 crypt_function *cf = NULL;
547
548 if (!len)
549 PARA_CRIT_LOG("len == 0\n");
550 if (fd + 1 <= cda_size)
551 cf = crypt_data_array[fd].send;
552 if (cf) {
553 void *private = crypt_data_array[fd].private_data;
554 /* RC4 may write more than len to the output buffer */
555 unsigned char *outbuf = para_malloc(ROUND_UP(len, 8));
556 (*cf)(len, (unsigned char *)buf, outbuf, private);
557 ret = write_all(fd, (char *)outbuf, &len);
558 free(outbuf);
559 } else
560 ret = write_all(fd, buf, &len);
561 return ret;
562 }
563
564 /**
565 * Encrypt and send null terminated buffer.
566 *
567 * \param fd The file descriptor.
568 * \param buf The null-terminated buffer to be send.
569 *
570 * This is equivalent to send_bin_buffer(fd, buf, strlen(buf)).
571 *
572 * \return Standard.
573 */
574 int send_buffer(int fd, const char *buf)
575 {
576 return send_bin_buffer(fd, buf, strlen(buf));
577 }
578
579
580 /**
581 * Send and encrypt a buffer given by a format string.
582 *
583 * \param fd The file descriptor.
584 * \param fmt A format string.
585 *
586 * \return Standard.
587 */
588 __printf_2_3 int send_va_buffer(int fd, const char *fmt, ...)
589 {
590 char *msg;
591 int ret;
592
593 PARA_VSPRINTF(fmt, msg);
594 ret = send_buffer(fd, msg);
595 free(msg);
596 return ret;
597 }
598
599 /**
600 * Receive and decrypt.
601 *
602 * \param fd The file descriptor.
603 * \param buf The buffer to write the decrypted data to.
604 * \param size The size of \a buf.
605 *
606 * Receive at most \a size bytes from file descriptor \a fd. If encryption is
607 * available, decrypt the received buffer.
608 *
609 * \return The number of bytes received on success, negative on errors.
610 *
611 * \sa recv(2)
612 */
613 __must_check int recv_bin_buffer(int fd, char *buf, size_t size)
614 {
615 ssize_t n;
616 crypt_function *cf = NULL;
617
618 if (fd + 1 <= cda_size)
619 cf = crypt_data_array[fd].recv;
620 if (cf) {
621 unsigned char *tmp = para_malloc(size);
622 void *private = crypt_data_array[fd].private_data;
623 n = recv(fd, tmp, size, 0);
624 if (n > 0) {
625 size_t numbytes = n;
626 unsigned char *b = (unsigned char *)buf;
627 (*cf)(numbytes, tmp, b, private);
628 }
629 free(tmp);
630 } else
631 n = recv(fd, buf, size, 0);
632 if (n == -1)
633 return -ERRNO_TO_PARA_ERROR(errno);
634 return n;
635 }
636
637 /**
638 * Receive, decrypt and write terminating NULL byte.
639 *
640 * \param fd The file descriptor.
641 * \param buf The buffer to write the decrypted data to.
642 * \param size The size of \a buf.
643 *
644 * Read and decrypt at most \a size - 1 bytes from file descriptor \a fd and
645 * write a NULL byte at the end of the received data.
646 *
647 * \return The return value of the underlying call to \a recv_bin_buffer().
648 *
649 * \sa recv_bin_buffer()
650 */
651 int recv_buffer(int fd, char *buf, size_t size)
652 {
653 int n;
654
655 assert(size);
656 n = recv_bin_buffer(fd, buf, size - 1);
657 if (n >= 0)
658 buf[n] = '\0';
659 else
660 *buf = '\0';
661 return n;
662 }
663
664 /**
665 * Wrapper around the accept system call.
666 *
667 * \param fd The listening socket.
668 * \param addr Structure which is filled in with the address of the peer socket.
669 * \param size Should contain the size of the structure pointed to by \a addr.
670 *
671 * Accept incoming connections on \a addr. Retry if interrupted.
672 *
673 * \return The new file descriptor on success, negative on errors.
674 *
675 * \sa accept(2).
676 */
677 int para_accept(int fd, void *addr, socklen_t size)
678 {
679 int new_fd;
680
681 do
682 new_fd = accept(fd, (struct sockaddr *) addr, &size);
683 while (new_fd < 0 && errno == EINTR);
684 return new_fd < 0? -ERRNO_TO_PARA_ERROR(errno) : new_fd;
685 }
686
687 /**
688 * Prepare a structure for \p AF_UNIX socket addresses.
689 *
690 * \param u Pointer to the struct to be prepared.
691 * \param name The socket pathname.
692 *
693 * This just copies \a name to the sun_path component of \a u.
694 *
695 * \return Positive on success, \p -E_NAME_TOO_LONG if \a name is longer
696 * than \p UNIX_PATH_MAX.
697 */
698 static int init_unix_addr(struct sockaddr_un *u, const char *name)
699 {
700 if (strlen(name) >= UNIX_PATH_MAX)
701 return -E_NAME_TOO_LONG;
702 memset(u->sun_path, 0, UNIX_PATH_MAX);
703 u->sun_family = PF_UNIX;
704 strcpy(u->sun_path, name);
705 return 1;
706 }
707
708 /**
709 * Prepare, create, and bind a socket for local communication.
710 *
711 * \param name The socket pathname.
712 * \param unix_addr Pointer to the \p AF_UNIX socket structure.
713 * \param mode The desired mode of the socket.
714 *
715 * This function creates a local socket for sequenced, reliable,
716 * two-way, connection-based byte streams.
717 *
718 * \return The file descriptor, on success, negative on errors.
719 *
720 * \sa socket(2)
721 * \sa bind(2)
722 * \sa chmod(2)
723 */
724 int create_local_socket(const char *name, struct sockaddr_un *unix_addr,
725 mode_t mode)
726 {
727 int fd, ret;
728
729 ret = init_unix_addr(unix_addr, name);
730 if (ret < 0)
731 return ret;
732 ret = socket(PF_UNIX, SOCK_STREAM, 0);
733 if (ret < 0)
734 return -ERRNO_TO_PARA_ERROR(errno);
735 fd = ret;
736 ret = bind(fd, (struct sockaddr *) unix_addr, UNIX_PATH_MAX);
737 if (ret < 0) {
738 ret = -ERRNO_TO_PARA_ERROR(errno);
739 goto err;
740 }
741 ret = -E_CHMOD;
742 if (chmod(name, mode) < 0)
743 goto err;
744 return fd;
745 err:
746 close(fd);
747 return ret;
748 }
749
750 /**
751 * Prepare, create, and connect to a Unix domain socket for local communication.
752 *
753 * \param name The socket pathname.
754 *
755 * This function creates a local socket for sequenced, reliable, two-way,
756 * connection-based byte streams.
757 *
758 * \return The file descriptor, on success, negative on errors.
759 *
760 * \sa create_local_socket(), unix(7), connect(2).
761 */
762 int create_remote_socket(const char *name)
763 {
764 struct sockaddr_un unix_addr;
765 int fd, ret;
766
767 ret = init_unix_addr(&unix_addr, name);
768 if (ret < 0)
769 return ret;
770 fd = socket(PF_UNIX, SOCK_STREAM, 0);
771 if (fd < 0)
772 return -ERRNO_TO_PARA_ERROR(errno);
773 if (connect(fd, (struct sockaddr *)&unix_addr, sizeof(unix_addr)) == -1) {
774 ret = -ERRNO_TO_PARA_ERROR(errno);
775 goto err;
776 }
777 return fd;
778 err:
779 close(fd);
780 return ret;
781 }
782
783 #ifndef HAVE_UCRED
784 ssize_t send_cred_buffer(int sock, char *buf)
785 {
786 return send_buffer(sock, buf);
787 }
788 int recv_cred_buffer(int fd, char *buf, size_t size)
789 {
790 return recv_buffer(fd, buf, size) > 0? 1 : -E_RECVMSG;
791 }
792 #else /* HAVE_UCRED */
793 /**
794 * Send \p NULL-terminated buffer and Unix credentials of the current process.
795 *
796 * \param sock The socket file descriptor.
797 * \param buf The buffer to be sent.
798 *
799 * \return On success, this call returns the number of characters sent. On
800 * error, \p -E_SENDMSG is returned.
801 *
802 * \sa sendmsg(2), okir's Black Hats Manual.
803 */
804 ssize_t send_cred_buffer(int sock, char *buf)
805 {
806 char control[sizeof(struct cmsghdr) + sizeof(struct ucred)];
807 struct msghdr msg;
808 struct cmsghdr *cmsg;
809 static struct iovec iov;
810 struct ucred c;
811 int ret;
812
813 /* Response data */
814 iov.iov_base = buf;
815 iov.iov_len = strlen(buf);
816 c.pid = getpid();
817 c.uid = getuid();
818 c.gid = getgid();
819 /* compose the message */
820 memset(&msg, 0, sizeof(msg));
821 msg.msg_iov = &iov;
822 msg.msg_iovlen = 1;
823 msg.msg_control = control;
824 msg.msg_controllen = sizeof(control);
825 /* attach the ucred struct */
826 cmsg = CMSG_FIRSTHDR(&msg);
827 cmsg->cmsg_level = SOL_SOCKET;
828 cmsg->cmsg_type = SCM_CREDENTIALS;
829 cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
830 *(struct ucred *)CMSG_DATA(cmsg) = c;
831 msg.msg_controllen = cmsg->cmsg_len;
832 ret = sendmsg(sock, &msg, 0);
833 if (ret < 0)
834 ret = -E_SENDMSG;
835 return ret;
836 }
837
838 static void dispose_fds(int *fds, unsigned num)
839 {
840 int i;
841
842 for (i = 0; i < num; i++)
843 close(fds[i]);
844 }
845
846 /**
847 * Receive a buffer and the Unix credentials of the sending process.
848 *
849 * \param fd the socket file descriptor.
850 * \param buf the buffer to store the message.
851 * \param size the size of \a buffer.
852 *
853 * \return negative on errors, the user id on success.
854 *
855 * \sa recvmsg(2), okir's Black Hats Manual.
856 */
857 int recv_cred_buffer(int fd, char *buf, size_t size)
858 {
859 char control[255];
860 struct msghdr msg;
861 struct cmsghdr *cmsg;
862 struct iovec iov;
863 int result = 0;
864 int yes = 1;
865 struct ucred cred;
866
867 setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &yes, sizeof(int));
868 memset(&msg, 0, sizeof(msg));
869 memset(buf, 0, size);
870 iov.iov_base = buf;
871 iov.iov_len = size;
872 msg.msg_iov = &iov;
873 msg.msg_iovlen = 1;
874 msg.msg_control = control;
875 msg.msg_controllen = sizeof(control);
876 if (recvmsg(fd, &msg, 0) < 0)
877 return -E_RECVMSG;
878 result = -E_SCM_CREDENTIALS;
879 cmsg = CMSG_FIRSTHDR(&msg);
880 while (cmsg) {
881 if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type
882 == SCM_CREDENTIALS) {
883 memcpy(&cred, CMSG_DATA(cmsg), sizeof(struct ucred));
884 result = cred.uid;
885 } else
886 if (cmsg->cmsg_level == SOL_SOCKET
887 && cmsg->cmsg_type == SCM_RIGHTS) {
888 dispose_fds((int *) CMSG_DATA(cmsg),
889 (cmsg->cmsg_len - CMSG_LEN(0))
890 / sizeof(int));
891 }
892 cmsg = CMSG_NXTHDR(&msg, cmsg);
893 }
894 return result;
895 }
896 #endif /* HAVE_UCRED */
897
898 /**
899 * Receive a buffer and check for a pattern.
900 *
901 * \param fd The file descriptor to receive from.
902 * \param pattern The expected pattern.
903 * \param bufsize The size of the internal buffer.
904 *
905 * \return Positive if \a pattern was received, negative otherwise.
906 *
907 * This function tries to receive at most \a bufsize bytes from file descriptor
908 * \a fd. If at least \p strlen(\a pattern) bytes were received, the beginning
909 * of the received buffer is compared with \a pattern, ignoring case.
910 *
911 * \sa recv_buffer(), \sa strncasecmp(3).
912 */
913 int recv_pattern(int fd, const char *pattern, size_t bufsize)
914 {
915 size_t len = strlen(pattern);
916 char *buf = para_malloc(bufsize + 1);
917 int ret = -E_RECV_PATTERN, n = recv_buffer(fd, buf, bufsize + 1);
918
919 if (n < len)
920 goto out;
921 if (strncasecmp(buf, pattern, len))
922 goto out;
923 ret = 1;
924 out:
925 if (ret < 0) {
926 PARA_NOTICE_LOG("n = %d, did not receive pattern '%s'\n", n,
927 pattern);
928 if (n > 0)
929 PARA_NOTICE_LOG("recvd: %s\n", buf);
930 }
931 free(buf);
932 return ret;
933 }