#include <sys/socket.h>
#include <regex.h>
#include <signal.h>
-#include <sys/types.h>
-#include <osl.h>
#include <arpa/inet.h>
-#include <sys/un.h>
#include <netdb.h>
#include <lopsub.h>
-#include "server.lsg.h"
#include "para.h"
#include "error.h"
+#include "lsu.h"
#include "crypt.h"
#include "sideband.h"
#include "command.h"
#include "string.h"
#include "afh.h"
-#include "afs.h"
+#include "net.h"
#include "server.h"
#include "list.h"
-#include "send.h"
#include "sched.h"
+#include "send.h"
#include "vss.h"
-#include "net.h"
#include "daemon.h"
#include "fd.h"
#include "ipc.h"
extern int mmd_mutex;
extern struct misc_meta_data *mmd;
-extern struct sender senders[];
int send_afs_status(struct command_context *cc, int parser_friendly);
+static bool subcmd_should_die;
-static void dummy(__a_unused int s)
+/*
+ * Don't call PARA_XXX_LOG() here as we might already hold the log mutex. See
+ * generic_signal_handler() for details.
+ */
+static void command_handler_sighandler(int s)
{
+ if (s == SIGTERM)
+ subcmd_should_die = true;
}
/*
*/
static char *vss_get_status_flags(unsigned int flags)
{
- char *msg = para_malloc(5 * sizeof(char));
+ char *msg = alloc(5 * sizeof(char));
msg[0] = (flags & VSS_PLAYING)? 'P' : '_';
msg[1] = (flags & VSS_NOMORE)? 'O' : '_';
return ret;
}
arg = lls_input(0, lpr);
- for (i = 0; senders[i].name; i++)
- if (!strcmp(senders[i].name, arg))
+ FOR_EACH_SENDER(i)
+ if (strcmp(senders[i]->name, arg) == 0)
break;
- if (!senders[i].name)
+ if (!senders[i])
return -E_COMMAND_SYNTAX;
scd->sender_num = i;
arg = lls_input(1, lpr);
if (i == NUM_SENDER_CMDS)
return -E_COMMAND_SYNTAX;
scd->cmd_num = i;
- if (!senders[scd->sender_num].client_cmds[scd->cmd_num])
+ if (!senders[scd->sender_num]->client_cmds[scd->cmd_num])
return -E_SENDER_CMD;
switch (scd->cmd_num) {
case SENDER_on:
}
/**
- * Send a sideband packet through a blocking file descriptor.
+ * Receive a sideband packet from a blocking file descriptor.
*
* \param scc fd and crypto keys.
* \param expected_band The expected band designator.
struct sender_command_data scd;
if (lls_num_inputs(lpr) == 0) {
- for (i = 0; senders[i].name; i++) {
+ FOR_EACH_SENDER(i) {
char *tmp;
ret = xasprintf(&tmp, "%s%s\n", msg? msg : "",
- senders[i].name);
+ senders[i]->name);
free(msg);
msg = tmp;
}
if (scd.sender_num < 0)
return ret;
if (strcmp(lls_input(1, lpr), "status") == 0)
- msg = senders[scd.sender_num].status();
+ msg = senders[scd.sender_num]->status();
else
- msg = senders[scd.sender_num].help();
+ msg = senders[scd.sender_num]->help();
return send_sb(&cc->scc, msg, strlen(msg), SBD_OUTPUT, false);
}
switch (scd.cmd_num) {
case SENDER_add:
case SENDER_delete:
- assert(senders[scd.sender_num].resolve_target);
- ret = senders[scd.sender_num].resolve_target(lls_input(2, lpr),
+ assert(senders[scd.sender_num]->resolve_target);
+ ret = senders[scd.sender_num]->resolve_target(lls_input(2, lpr),
&scd);
if (ret < 0)
return ret;
"server_pid: %d\n"
"afs_pid: %d\n"
"connections (active/accepted/total): %u/%u/%u\n"
- "current loglevel: %s\n"
"supported audio formats: %s\n",
ut, mmd->num_played,
(int)getppid(),
- (int)mmd->afs_pid,
+ (int)afs_pid,
mmd->active_connections,
mmd->num_commands,
mmd->num_connects,
- ENUM_STRING_VAL(LOGLEVEL),
AUDIO_FORMAT_HANDLERS
);
mutex_unlock(mmd_mutex);
ITEM(chunk_time) \
ITEM(num_chunks) \
ITEM(amplification) \
+ ITEM(play_time) \
/*
* Create a set of audio-file related status items with empty values. These are
bool parser_friendly = SERVER_CMD_OPT_GIVEN(STAT, PARSER_FRIENDLY,
lpr) > 0;
uint32_t num = SERVER_CMD_UINT32_VAL(STAT, NUM, lpr);
+ const struct timespec ts = {.tv_sec = 50, .tv_nsec = 0};
- para_sigaction(SIGUSR1, dummy);
+ para_sigaction(SIGINT, SIG_IGN);
+ para_sigaction(SIGUSR1, command_handler_sighandler);
+ para_sigaction(SIGTERM, command_handler_sighandler);
+ /*
+ * Simply checking subcmd_should_die is racy because a signal may
+ * arrive after the check but before the subsequent call to sleep(3).
+ * If this happens, sleep(3) would not be interrupted by the signal.
+ * To avoid this we block SIGTERM here and allow it to arrive only
+ * while we sleep.
+ */
+ para_block_signal(SIGTERM);
+ para_block_signal(SIGUSR1);
for (;;) {
+ sigset_t set;
/*
* Copy the mmd structure to minimize the time we hold the mmd
* lock.
ret = 1;
if (num > 0 && !--num)
goto out;
- sleep(50);
+ sigemptyset(&set); /* empty set means: unblock all signals */
+ /*
+ * pselect(2) allows to atomically unblock signals, then go to
+ * sleep. Calling sigprocmask(2) followed by sleep(3) would
+ * open a race window similar to the one described above.
+ */
+ pselect(1, NULL, NULL, NULL, &ts, &set);
+ if (subcmd_should_die) {
+ PARA_EMERG_LOG("terminating on SIGTERM\n");
+ goto out;
+ }
ret = -E_SERVER_CRASH;
if (getppid() == 1)
goto out;
}
EXPORT_SERVER_CMD_HANDLER(stat);
-/* fixed-length, human readable permission string */
-const char *server_cmd_perms_str(unsigned int perms)
+static const char *aux_info_cb(unsigned cmd_num, bool verbose)
{
- static char result[5];
-
- result[0] = perms & AFS_READ? 'a' : '-';
- result[1] = perms & AFS_WRITE? 'A' : '-';
- result[2] = perms & VSS_READ? 'v' : '-';
- result[3] = perms & VSS_WRITE? 'V' : '-';
- result[4] = '\0';
- return result;
-}
+ static char result[80];
+ unsigned perms = server_command_perms[cmd_num];
-static int send_list_of_commands(struct command_context *cc)
-{
- int i;
- const struct lls_command *cmd;
- char *msg = para_strdup("");
-
- for (i = 1; (cmd = lls_cmd(i, server_cmd_suite)); i++) {
- const char *perms = server_cmd_perms_str(server_command_perms[i]);
- char *tmp = make_message("%s%s\t%s\t%s\n", msg,
- lls_command_name(cmd), perms, lls_purpose(cmd));
- free(msg);
- msg = tmp;
+ if (verbose) {
+ /* permissions: VSS_READ | VSS_WRITE */
+ sprintf(result, "permissions: %s",
+ server_command_perms_txt[cmd_num]);
+ } else {
+ result[0] = perms & AFS_READ? 'a' : '-';
+ result[1] = perms & AFS_WRITE? 'A' : '-';
+ result[2] = perms & VSS_READ? 'v' : '-';
+ result[3] = perms & VSS_WRITE? 'V' : '-';
+ result[4] = '\0';
}
- return send_sb(&cc->scc, msg, strlen(msg), SBD_OUTPUT, false);
+ return result;
}
static int com_help(struct command_context *cc, struct lls_parse_result *lpr)
{
- const char *perms;
- char *long_help, *buf, *errctx;
+ char *buf;
int ret;
- const struct lls_command *cmd;
+ unsigned n;
+ bool long_help = SERVER_CMD_OPT_GIVEN(HELP, LONG, lpr);
- ret = lls(lls_check_arg_count(lpr, 0, 1, &errctx));
- if (ret < 0) {
- send_errctx(cc, errctx);
- return ret;
- }
- if (lls_num_inputs(lpr) == 0)
- return send_list_of_commands(cc);
- /* argument given for help */
- ret = lls(lls_lookup_subcmd(lls_input(0, lpr), server_cmd_suite,
- &errctx));
- if (ret < 0) {
- send_errctx(cc, errctx);
- return ret;
- }
- cmd = lls_cmd(ret, server_cmd_suite);
- perms = server_command_perms_txt[ret];
- long_help = lls_long_help(cmd);
- assert(long_help);
- ret = xasprintf(&buf, "%spermissions: %s\n", long_help, perms);
- free(long_help);
- return send_sb(&cc->scc, buf, ret, SBD_OUTPUT, false);
+ lsu_com_help(long_help, lpr, server_cmd_suite, aux_info_cb, &buf, &n);
+ ret = send_sb(&cc->scc, buf, n, SBD_OUTPUT, false);
+ return ret;
}
EXPORT_SERVER_CMD_HANDLER(help);
}
EXPORT_SERVER_CMD_HANDLER(hup);
+static int com_ll(struct command_context *cc, struct lls_parse_result *lpr)
+{
+ unsigned ll, perms;
+ char *errctx;
+ const char *sev[] = {SEVERITIES}, *arg;
+ int ret = lls(lls_check_arg_count(lpr, 0, 1, &errctx));
+
+ if (ret < 0) {
+ send_errctx(cc, errctx);
+ return ret;
+ }
+ if (lls_num_inputs(lpr) == 0) { /* reporting is an unprivileged op. */
+ const char *severity;
+ mutex_lock(mmd_mutex);
+ severity = sev[mmd->loglevel];
+ mutex_unlock(mmd_mutex);
+ return send_sb_va(&cc->scc, SBD_OUTPUT, "%s\n", severity);
+ }
+ /*
+ * Changing the loglevel changes the state of both the afs and the vss,
+ * so we require both AFS_WRITE and VSS_WRITE.
+ */
+ perms = AFS_WRITE | VSS_WRITE;
+ if ((cc->u->perms & perms) != perms)
+ return -ERRNO_TO_PARA_ERROR(EPERM);
+ arg = lls_input(0, lpr);
+ for (ll = 0; ll < NUM_LOGLEVELS; ll++)
+ if (!strcmp(arg, sev[ll]))
+ break;
+ if (ll >= NUM_LOGLEVELS)
+ return -ERRNO_TO_PARA_ERROR(EINVAL);
+ PARA_INFO_LOG("new log level: %s\n", sev[ll]);
+ /* Ask the server and afs processes to adjust their log level. */
+ mutex_lock(mmd_mutex);
+ mmd->loglevel = ll;
+ mutex_unlock(mmd_mutex);
+ return 1;
+}
+EXPORT_SERVER_CMD_HANDLER(ll);
+
static int com_term(__a_unused struct command_context *cc,
__a_unused struct lls_parse_result *lpr)
{
+ /*
+ * The server catches SIGTERM and propagates this signal to all its
+ * children. We are about to exit anyway, but we'd leak tons of memory
+ * if being terminated by the signal. So we ignore the signal here and
+ * terminate via the normal exit path, deallocating all memory.
+ */
+ para_sigaction(SIGTERM, SIG_IGN);
kill(getppid(), SIGTERM);
return 1;
}
}
EXPORT_SERVER_CMD_HANDLER(nomore);
-static int com_ff(__a_unused struct command_context *cc,
- struct lls_parse_result *lpr)
+static int com_ff(struct command_context *cc, struct lls_parse_result *lpr)
{
long promille;
- int ret, backwards = 0;
- unsigned i;
- char c, *errctx;
+ int i, ret;
+ char *errctx;
ret = lls(lls_check_arg_count(lpr, 1, 1, &errctx));
if (ret < 0) {
send_errctx(cc, errctx);
return ret;
}
- if (!(ret = sscanf(lls_input(0, lpr), "%u%c", &i, &c)))
- return -E_COMMAND_SYNTAX;
- if (ret > 1 && c == '-')
- backwards = 1; /* jmp backwards */
+ ret = para_atoi32(lls_input(0, lpr), &i);
+ if (ret < 0)
+ return ret;
mutex_lock(mmd_mutex);
ret = -E_NO_AUDIO_FILE;
if (!mmd->afd.afhi.chunks_total || !mmd->afd.afhi.seconds_total)
goto out;
+ ret = 1;
promille = (1000 * mmd->current_chunk) / mmd->afd.afhi.chunks_total;
- if (backwards)
- promille -= 1000 * i / mmd->afd.afhi.seconds_total;
- else
- promille += 1000 * i / mmd->afd.afhi.seconds_total;
+ /*
+ * We need this cast because without it the expression on the right
+ * hand side is of unsigned type.
+ */
+ promille += 1000 * i / (int)mmd->afd.afhi.seconds_total;
if (promille < 0)
promille = 0;
if (promille > 1000) {
mmd->new_vss_status_flags |= VSS_REPOS;
mmd->new_vss_status_flags &= ~VSS_NEXT;
mmd->events++;
- ret = 1;
out:
mutex_unlock(mmd_mutex);
return ret;
}
EXPORT_SERVER_CMD_HANDLER(ff);
-static int com_jmp(__a_unused struct command_context *cc,
- struct lls_parse_result *lpr)
+static int com_jmp(struct command_context *cc, struct lls_parse_result *lpr)
{
- long unsigned int i;
- int ret;
+ int i, ret;
char *errctx;
ret = lls(lls_check_arg_count(lpr, 1, 1, &errctx));
send_errctx(cc, errctx);
return ret;
}
- if (sscanf(lls_input(0, lpr), "%lu", &i) <= 0)
+ if (sscanf(lls_input(0, lpr), "%d", &i) <= 0)
+ return -ERRNO_TO_PARA_ERROR(EINVAL);
+ if (i < 0 || i > 100)
return -ERRNO_TO_PARA_ERROR(EINVAL);
mutex_lock(mmd_mutex);
ret = -E_NO_AUDIO_FILE;
if (!mmd->afd.afhi.chunks_total)
goto out;
- if (i > 100)
- i = 100;
- PARA_INFO_LOG("jumping to %lu%%\n", i);
+ PARA_INFO_LOG("jumping to %d%%\n", i);
mmd->repos_request = (mmd->afd.afhi.chunks_total * i + 50) / 100;
- PARA_INFO_LOG("sent: %lu, offset before jmp: %li\n",
- mmd->chunks_sent, mmd->offset);
mmd->new_vss_status_flags |= VSS_REPOS;
mmd->new_vss_status_flags &= ~VSS_NEXT;
ret = 1;
}
EXPORT_SERVER_CMD_HANDLER(jmp);
-static int com_tasks(struct command_context *cc,
- __a_unused struct lls_parse_result *lpr)
-{
- char *tl = server_get_tasks();
- assert(tl);
- return send_sb(&cc->scc, tl, strlen(tl), SBD_OUTPUT, false);
-}
-EXPORT_SERVER_CMD_HANDLER(tasks);
-
static void reset_signals(void)
{
para_sigaction(SIGCHLD, SIG_IGN);
}
struct connection_features {
- int dummy; /* none at the moment */
+ bool sha256_requested; /* can be removed after 0.7.0 */
};
-static int parse_auth_request(char *buf, int len, struct user **u,
+static int parse_auth_request(char *buf, int len, const struct user **u,
struct connection_features *cf)
{
int ret;
p++;
create_argv(p, ",", &features);
for (i = 0; features[i]; i++) {
- if (strcmp(features[i], "sideband") == 0)
- continue;
- if (strcmp(features[i], "aes_ctr128") == 0)
- continue;
+ /*
+ * ->sha256_requested can go away after 0.7.0 so that
+ * sha256 is used unconditionally, but we need to
+ * accept the feature request until 0.9.0.
+ */
+ if (strcmp(features[i], "sha256") == 0)
+ cf->sha256_requested = true;
else {
ret = -E_BAD_FEATURE;
goto out;
}
}
PARA_DEBUG_LOG("received auth request for user %s\n", username);
- *u = lookup_user(username);
+ *u = user_list_lookup(username);
ret = 1;
out:
free_argv(features);
#define HANDSHAKE_BUFSIZE 4096
-static int run_command(struct command_context *cc, struct iovec *iov,
- const char *peername)
+static int run_command(struct command_context *cc, struct iovec *iov)
{
int ret, i, argc;
char *p, *end, **argv;
}
perms = server_command_perms[ret];
if ((perms & cc->u->perms) != perms)
- return -E_PERM;
+ return -ERRNO_TO_PARA_ERROR(EPERM);
lcmd = lls_cmd(ret, server_cmd_suite);
end = iov->iov_base + iov->iov_len;
for (i = 0; p < end; i++)
p += strlen(p) + 1;
argc = i;
- argv = para_malloc((argc + 1) * sizeof(char *));
+ argv = arr_alloc(argc + 1, sizeof(char *));
for (i = 0, p = iov->iov_base; p < end; i++) {
argv[i] = para_strdup(p);
p += strlen(p) + 1;
}
argv[argc] = NULL;
- PARA_NOTICE_LOG("calling com_%s() for %s@%s\n", lls_command_name(lcmd),
- cc->u->name, peername);
+ PARA_NOTICE_LOG("calling com_%s() for user %s\n",
+ lls_command_name(lcmd), cc->u->name);
ret = lls(lls_parse(argc, argv, lcmd, &lpr, &errctx));
if (ret >= 0) {
const struct server_cmd_user_data *ud = lls_user_data(lcmd);
* Perform user authentication and execute a command.
*
* \param fd The file descriptor to send output to.
- * \param peername Identifies the connecting peer.
*
* Whenever para_server accepts an incoming tcp connection on the port it
* listens on, it forks and the resulting child calls this function.
*
- * An RSA-based challenge/response is used to authenticate the peer. It that
+ * An RSA-based challenge/response is used to authenticate the peer. If the
* authentication succeeds, a random session key is generated and sent back to
* the peer, encrypted with its RSA public key. From this point on, all
- * transfers are crypted with this session key.
+ * transfers are encrypted with this session key using a stream cipher.
*
* Next it is checked if the peer supplied a valid server command or a command
* for the audio file selector. If yes, and if the user has sufficient
- * permissions to execute that command, the function calls the corresponding
- * command handler which does argument checking and further processing.
+ * permissions to execute this command, the function calls the corresponding
+ * command handler which performs argument checking and further processing.
*
- * In order to cope with a DOS attacks, a timeout is set up which terminates
- * the function if the connection was not authenticated when the timeout
- * expires.
+ * To cope with DOS attacks, a timer is set up right after the fork. If the
+ * connection was still not authenticated when the timeout expires, the child
+ * process is terminated.
*
- * \sa alarm(2), \ref crypt.c, \ref crypt.h.
+ * \return Standard.
+ *
+ * \sa alarm(2), \ref openssl.c, \ref crypt.h.
*/
-__noreturn void handle_connect(int fd, const char *peername)
+int handle_connect(int fd)
{
int ret;
- unsigned char rand_buf[CHALLENGE_SIZE + 2 * SESSION_KEY_LEN];
- unsigned char challenge_hash[HASH_SIZE];
- char *command = NULL, *buf = para_malloc(HANDSHAKE_BUFSIZE) /* must be on the heap */;
+ unsigned char rand_buf[APC_CHALLENGE_SIZE + 2 * SESSION_KEY_LEN];
+ unsigned char challenge_hash[HASH2_SIZE];
+ char *command = NULL, *buf = alloc(HANDSHAKE_BUFSIZE) /* must be on the heap */;
size_t numbytes;
struct command_context cc_struct = {.u = NULL}, *cc = &cc_struct;
struct iovec iov;
/* send Welcome message */
ret = write_va_buffer(fd, "This is para_server, version "
PACKAGE_VERSION ".\n"
- "Features: sideband,aes_ctr128\n"
+ "Features: sha256\n" /* no longer announce this after 0.8.0 */
);
if (ret < 0)
goto net_err;
goto net_err;
if (cc->u) {
get_random_bytes_or_die(rand_buf, sizeof(rand_buf));
- ret = pub_encrypt(cc->u->pubkey, rand_buf, sizeof(rand_buf),
+ ret = apc_pub_encrypt(cc->u->pubkey, rand_buf, sizeof(rand_buf),
(unsigned char *)buf);
if (ret < 0)
goto net_err;
get_random_bytes_or_die((unsigned char *)buf, numbytes);
}
PARA_DEBUG_LOG("sending %d byte challenge + session key (%zu bytes)\n",
- CHALLENGE_SIZE, numbytes);
+ APC_CHALLENGE_SIZE, numbytes);
ret = send_sb(&cc->scc, buf, numbytes, SBD_CHALLENGE, false);
buf = NULL;
if (ret < 0)
if (!cc->u)
goto net_err;
/*
- * The correct response is the hash of the first CHALLENGE_SIZE bytes
+ * The correct response is the hash of the first APC_CHALLENGE_SIZE bytes
* of the random data.
*/
ret = -E_BAD_AUTH;
- if (numbytes != HASH_SIZE)
- goto net_err;
- hash_function((char *)rand_buf, CHALLENGE_SIZE, challenge_hash);
- if (memcmp(challenge_hash, buf, HASH_SIZE))
- goto net_err;
+ if (cf.sha256_requested) {
+ if (numbytes != HASH2_SIZE)
+ goto net_err;
+ hash2_function((char *)rand_buf, APC_CHALLENGE_SIZE, challenge_hash);
+ if (memcmp(challenge_hash, buf, HASH2_SIZE))
+ goto net_err;
+ } else { /* old client. This can be removed after 0.7.0 */
+ if (numbytes != HASH_SIZE)
+ goto net_err;
+ hash_function((char *)rand_buf, APC_CHALLENGE_SIZE, challenge_hash);
+ if (memcmp(challenge_hash, buf, HASH_SIZE))
+ goto net_err;
+ }
/* auth successful */
alarm(0);
PARA_INFO_LOG("good auth for %s\n", cc->u->name);
/* init stream cipher keys with the second part of the random buffer */
- cc->scc.recv = sc_new(rand_buf + CHALLENGE_SIZE, SESSION_KEY_LEN);
- cc->scc.send = sc_new(rand_buf + CHALLENGE_SIZE + SESSION_KEY_LEN,
+ cc->scc.recv = sc_new(rand_buf + APC_CHALLENGE_SIZE, SESSION_KEY_LEN);
+ cc->scc.send = sc_new(rand_buf + APC_CHALLENGE_SIZE + SESSION_KEY_LEN,
SESSION_KEY_LEN);
ret = send_sb(&cc->scc, NULL, 0, SBD_PROCEED, false);
if (ret < 0)
ret = recv_sb(&cc->scc, SBD_COMMAND, MAX_COMMAND_LEN, &iov);
if (ret < 0)
goto net_err;
- ret = run_command(cc, &iov, peername);
+ ret = run_command(cc, &iov);
free(iov.iov_base);
if (ret < 0)
goto err_out;
}
sc_free(cc->scc.recv);
sc_free(cc->scc.send);
- exit(ret < 0? EXIT_FAILURE : EXIT_SUCCESS);
+ return ret;
}
projects / paraslash.git / blobdiff