/** \file command.c Client authentication and server commands. */
+#include <regex.h>
#include <signal.h>
#include <sys/time.h>
#include <sys/types.h>
#include <dirent.h>
#include <openssl/rc4.h>
+#include <osl.h>
#include "para.h"
#include "error.h"
/** Commands including options must be shorter than this. */
#define MAX_COMMAND_LEN 32768
-static unsigned char rc4_buf[2 * RC4_KEY_LEN];
-
extern int mmd_mutex;
extern struct misc_meta_data *mmd;
extern struct sender senders[];
+int send_afs_status(struct rc4_context *rc4c, int parser_friendly);
-static void init_rc4_keys(struct rc4_context *rcc)
-{
- get_random_bytes_or_die(rc4_buf, 2 * RC4_KEY_LEN);
- RC4_set_key(&rcc->recv_key, RC4_KEY_LEN, rc4_buf);
- RC4_set_key(&rcc->send_key, RC4_KEY_LEN, rc4_buf + RC4_KEY_LEN);
-}
+const char *status_item_list[] = {STATUS_ITEM_ARRAY};
static void dummy(__a_unused int s)
{
return msg;
}
-static char *get_status(struct misc_meta_data *nmmd)
+static char *get_status(struct misc_meta_data *nmmd, int parser_friendly)
{
- char *ret, mtime[30] = "";
+ char mtime[30] = "";
char *status, *flags; /* vss status info */
char *ut = uptime_str();
long offset = (nmmd->offset + 500) / 1000;
struct timeval current_time;
struct tm mtime_tm;
+ struct para_buffer b = {.flags = parser_friendly? PBF_SIZE_PREFIX : 0};
/* report real status */
status = vss_status_tohuman(nmmd->vss_status_flags);
strftime(mtime, 29, "%b %d %Y", &mtime_tm);
}
gettimeofday(¤t_time, NULL);
- ret = make_message(
- "%s: %zu\n" /* file size */
- "%s: %s\n" /* mtime */
- "%s: %s\n" /* status */
- "%s: %s\n" /* status flags */
- "%s: %li\n" /* offset */
- "%s: %s\n" /* afs mode */
- "%s: %lu.%lu\n" /* stream start */
- "%s: %lu.%lu\n" /* current server time */
- "%s", /* afs status info */
- status_item_list[SI_FILE_SIZE], nmmd->size / 1024,
- status_item_list[SI_MTIME], mtime,
- status_item_list[SI_STATUS], status,
- status_item_list[SI_STATUS_FLAGS], flags,
-
- status_item_list[SI_OFFSET], offset,
- status_item_list[SI_AFS_MODE], mmd->afs_mode_string,
-
- status_item_list[SI_STREAM_START],
- (long unsigned)nmmd->stream_start.tv_sec,
- (long unsigned)nmmd->stream_start.tv_usec,
- status_item_list[SI_CURRENT_TIME],
- (long unsigned)current_time.tv_sec,
- (long unsigned)current_time.tv_usec,
-
- nmmd->afd.verbose_ls_output
-
- );
+ WRITE_STATUS_ITEM(&b, SI_FILE_SIZE, "%zu\n", nmmd->size / 1024);
+ WRITE_STATUS_ITEM(&b, SI_MTIME, "%s\n", mtime);
+ WRITE_STATUS_ITEM(&b, SI_STATUS, "%s\n", status);
+ WRITE_STATUS_ITEM(&b, SI_STATUS_FLAGS, "%s\n", flags);
+ WRITE_STATUS_ITEM(&b, SI_OFFSET, "%li\n", offset);
+ WRITE_STATUS_ITEM(&b, SI_AFS_MODE, "%s\n", mmd->afs_mode_string);
+ WRITE_STATUS_ITEM(&b, SI_STREAM_START, "%lu.%lu\n",
+ (long unsigned)nmmd->stream_start.tv_sec,
+ (long unsigned)nmmd->stream_start.tv_usec);
+ WRITE_STATUS_ITEM(&b, SI_CURRENT_TIME, "%lu.%lu\n",
+ (long unsigned)current_time.tv_sec,
+ (long unsigned)current_time.tv_usec);
free(flags);
free(status);
free(ut);
- return ret;
+ return b.buf;
}
static int check_sender_args(int argc, char * const * argv, struct sender_command_data *scd)
break;
case SENDER_DENY:
case SENDER_ALLOW:
- if (argc != 4 && argc != 5)
+ if (argc != 4 || parse_cidr(argv[3], scd->host,
+ sizeof(scd->host), &scd->netmask) == NULL)
return -E_COMMAND_SYNTAX;
- if (!is_valid_ipv4_address(argv[3]))
- return -E_COMMAND_SYNTAX;
- scd->netmask = 32;
- if (argc == 5) {
- scd->netmask = atoi(argv[4]);
- if (scd->netmask < 0 || scd->netmask > 32)
- return -E_COMMAND_SYNTAX;
- }
- strncpy(scd->host, argv[3], sizeof(scd->host));
break;
case SENDER_ADD:
case SENDER_DELETE:
);
}
+#define EMPTY_STATUS_ITEMS \
+ ITEM(PATH) \
+ ITEM(DIRECTORY) \
+ ITEM(BASENAME) \
+ ITEM(SCORE) \
+ ITEM(ATTRIBUTES_BITMAP) \
+ ITEM(ATTRIBUTES_TXT) \
+ ITEM(HASH) \
+ ITEM(IMAGE_ID) \
+ ITEM(IMAGE_NAME) \
+ ITEM(LYRICS_ID) \
+ ITEM(LYRICS_NAME) \
+ ITEM(BITRATE) \
+ ITEM(FORMAT) \
+ ITEM(FREQUENCY) \
+ ITEM(CHANNELS) \
+ ITEM(DURATION) \
+ ITEM(SECONDS_TOTAL) \
+ ITEM(NUM_PLAYED) \
+ ITEM(LAST_PLAYED) \
+ ITEM(TECHINFO) \
+ ITEM(ARTIST) \
+ ITEM(TITLE) \
+ ITEM(YEAR) \
+ ITEM(ALBUM) \
+ ITEM(COMMENT) \
+ ITEM(AMPLIFICATION)
+
+/**
+ * Write a list of audio-file related status items with empty values.
+ *
+ * This is used by vss when currently no audio file is open.
+ */
+static char *empty_status_items(int parser_friendly)
+{
+ if (parser_friendly)
+ return make_message(
+ #define ITEM(x) "0004 %02x:\n"
+ EMPTY_STATUS_ITEMS
+ #undef ITEM
+ #define ITEM(x) , SI_ ## x
+ EMPTY_STATUS_ITEMS
+ #undef ITEM
+ );
+ return make_message(
+ #define ITEM(x) "%s:\n"
+ EMPTY_STATUS_ITEMS
+ #undef ITEM
+ #define ITEM(x) ,status_item_list[SI_ ## x]
+ EMPTY_STATUS_ITEMS
+ #undef ITEM
+ );
+}
+#undef EMPTY_STATUS_ITEMS
+
/* stat */
int com_stat(struct rc4_context *rc4c, int argc, char * const * argv)
{
- int ret, num = 0;/* status will be printed that many
- * times. num <= 0 means: print forever
- */
+ int i, ret;
struct misc_meta_data tmp, *nmmd = &tmp;
char *s;
+ int32_t num = 0;
+ int parser_friendly = 0;
para_sigaction(SIGUSR1, dummy);
- if (argc > 1)
- num = atoi(argv[1]);
+ for (i = 1; i < argc; i++) {
+ const char *arg = argv[i];
+ if (arg[0] != '-')
+ break;
+ if (!strcmp(arg, "--")) {
+ i++;
+ break;
+ }
+ if (!strncmp(arg, "-n=", 3)) {
+ ret = para_atoi32(arg + 3, &num);
+ if (ret < 0)
+ return ret;
+ continue;
+ }
+ if (!strcmp(arg, "-p")) {
+ parser_friendly = 1;
+ continue;
+ }
+ return -E_COMMAND_SYNTAX;
+ }
+ if (i != argc)
+ return -E_COMMAND_SYNTAX;
for (;;) {
-
mmd_dup(nmmd);
- s = get_status(nmmd);
+ s = get_status(nmmd, parser_friendly);
ret = rc4_send_buffer(rc4c, s);
free(s);
if (ret < 0)
goto out;
+ if (nmmd->vss_status_flags & VSS_NEXT) {
+ static char *esi;
+ if (!esi)
+ esi = empty_status_items(parser_friendly);
+ ret = rc4_send_buffer(rc4c, esi);
+ if (ret < 0)
+ goto out;
+ } else
+ send_afs_status(rc4c, parser_friendly);
ret = 1;
if (num > 0 && !--num)
goto out;
{
int ret, argc;
char buf[4096];
- unsigned char crypt_buf[MAXLINE];
+ unsigned char rand_buf[CHALLENGE_SIZE + 2 * RC4_KEY_LEN];
+ unsigned char challenge_sha1[HASH_SIZE];
struct user *u;
struct server_command *cmd = NULL;
- long unsigned challenge_nr, chall_response;
char **argv = NULL;
char *p, *command = NULL;
size_t numbytes;
if (ret < 0)
goto err_out;
if (ret < 10) {
- ret = -E_AUTH;
+ ret = -E_AUTH_REQUEST;
goto err_out;
}
numbytes = ret;
- ret = -E_AUTH;
- if (strncmp(buf, "auth rc4 ", 9))
+ ret = -E_AUTH_REQUEST;
+ if (strncmp(buf, AUTH_REQUEST_MSG, strlen(AUTH_REQUEST_MSG)))
goto err_out;
- p = buf + 9;
+ p = buf + strlen(AUTH_REQUEST_MSG);
PARA_DEBUG_LOG("received auth request for user %s\n", p);
ret = -E_BAD_USER;
u = lookup_user(p);
- if (!u)
- goto err_out;
- get_random_bytes_or_die((unsigned char *)&challenge_nr,
- sizeof(challenge_nr));
- ret = para_encrypt_challenge(u->rsa, challenge_nr, crypt_buf);
- if (ret <= 0)
- goto err_out;
- numbytes = ret;
- PARA_DEBUG_LOG("sending %zu byte challenge\n", numbytes);
- /* We can't use send_buffer here since buf may contain null bytes */
- ret = send_bin_buffer(fd,(char *) crypt_buf, numbytes);
+ if (u) {
+ get_random_bytes_or_die(rand_buf, sizeof(rand_buf));
+ ret = para_encrypt_buffer(u->rsa, rand_buf, sizeof(rand_buf),
+ (unsigned char *)buf);
+ if (ret < 0)
+ goto err_out;
+ numbytes = ret;
+ } else {
+ /*
+ * We don't want to reveal our user names, so we send a
+ * challenge to the client even if the user does not exist, and
+ * fail the authentication later.
+ */
+ numbytes = 256;
+ get_random_bytes_or_die((unsigned char *)buf, numbytes);
+ }
+ PARA_DEBUG_LOG("sending %u byte challenge + rc4 keys (%zu bytes)\n",
+ CHALLENGE_SIZE, numbytes);
+ ret = send_bin_buffer(fd, buf, numbytes);
if (ret < 0)
goto net_err;
- /* recv decrypted number */
- ret = recv_buffer(fd, buf, sizeof(buf));
+ /* recv challenge response */
+ ret = recv_bin_buffer(fd, buf, HASH_SIZE);
if (ret < 0)
goto net_err;
numbytes = ret;
- ret = -E_AUTH;
- if (!numbytes)
+ PARA_DEBUG_LOG("received %d bytes challenge response\n", ret);
+ ret = -E_BAD_USER;
+ if (!u)
goto net_err;
- if (sscanf(buf, CHALLENGE_RESPONSE_MSG "%lu", &chall_response) < 1
- || chall_response != challenge_nr)
- goto err_out;
- /* auth successful, send 'Proceed' message */
- PARA_INFO_LOG("good auth for %s (%lu)\n", u->name, challenge_nr);
- sprintf(buf, "%s", PROCEED_MSG);
- init_rc4_keys(&rc4c);
- /* Should we also encrypt the proceed message? */
- ret = para_encrypt_buffer(u->rsa, rc4_buf, 2 * RC4_KEY_LEN,
- (unsigned char *)buf + PROCEED_MSG_LEN + 1);
- if (ret <= 0)
- goto err_out;
- numbytes = ret + strlen(PROCEED_MSG) + 1;
- ret = send_bin_buffer(fd, buf, numbytes);
+ /*
+ * The correct response is the sha1 of the first CHALLENGE_SIZE bytes
+ * of the random data.
+ */
+ ret = -E_BAD_AUTH;
+ if (numbytes != HASH_SIZE)
+ goto net_err;
+ sha1_hash((char *)rand_buf, CHALLENGE_SIZE, challenge_sha1);
+ if (memcmp(challenge_sha1, buf, HASH_SIZE))
+ goto net_err;
+ /* auth successful */
+ alarm(0);
+ PARA_INFO_LOG("good auth for %s\n", u->name);
+ /* init rc4 keys with the second part of the random buffer */
+ RC4_set_key(&rc4c.recv_key, RC4_KEY_LEN, rand_buf + CHALLENGE_SIZE);
+ RC4_set_key(&rc4c.send_key, RC4_KEY_LEN, rand_buf + CHALLENGE_SIZE
+ + RC4_KEY_LEN);
+ ret = rc4_send_buffer(&rc4c, PROCEED_MSG);
if (ret < 0)
goto net_err;
ret = read_command(&rc4c, &command);
if (ret < 0)
goto err_out;
/* valid command and sufficient perms */
- alarm(0);
- argc = split_args(command, &argv, "\n");
+ ret = create_argv(command, "\n", &argv);
+ if (ret < 0)
+ goto err_out;
+ argc = ret;
PARA_NOTICE_LOG("calling com_%s() for %s@%s\n", cmd->name, u->name,
peername);
ret = cmd->handler(&rc4c, argc, argv);
+ free_argv(argv);
mutex_lock(mmd_mutex);
mmd->num_commands++;
mutex_unlock(mmd_mutex);
PARA_NOTICE_LOG("%s\n", para_strerror(-ret));
out:
free(command);
- free(argv);
mutex_lock(mmd_mutex);
if (cmd && (cmd->perms & AFS_WRITE) && ret >= 0)
mmd->events++;
projects / paraslash.git / blobdiff