/*
- * Copyright (C) 2005-2008 Andre Noll <maan@systemlinux.org>
+ * Copyright (C) 2005-2009 Andre Noll <maan@systemlinux.org>
*
* Licensed under the GPL v2. For licencing details see COPYING.
*/
/** \file net.c Networking-related helper functions. */
+/*
+ * Since glibc 2.8, the _GNU_SOURCE feature test macro must be defined in order
+ * to obtain the definition of the ucred structure.
+ */
+#define _GNU_SOURCE
+
#include <netdb.h>
/* At least NetBSD needs these. */
#endif
#include <dirent.h>
+#include <regex.h>
+#include <openssl/rc4.h>
#include "para.h"
#include "error.h"
+#include "crypt.h"
#include "net.h"
#include "string.h"
#include "fd.h"
+/**
+ * Parse and validate IPv4 address/netmask string.
+ *
+ * \param cidr Address in CIDR notation
+ * \param addr Copy of the IPv4 address part of \a cidr
+ * \param addrlen Size of \a addr in bytes
+ * \param netmask Value of the netmask part in \a cidr or the
+ * default of 32 if not specified.
+ *
+ * \return Pointer to \a addr if succesful, NULL on error.
+ * \sa RFC 4632
+ */
+char *parse_cidr(const char *cidr,
+ char *addr, ssize_t addrlen,
+ int32_t *netmask)
+{
+ const char *o = cidr;
+ char *c = addr, *end = c + (addrlen - 1);
+
+ *netmask = 0x20;
+
+ if (cidr == NULL || addrlen < 1)
+ goto failed;
+
+ for (o = cidr; (*c = *o == '/'? '\0' : *o); c++, o++)
+ if (c == end)
+ goto failed;
+
+ if (*o == '/')
+ if (para_atoi32(++o, netmask) < 0 ||
+ *netmask < 0 || *netmask > 0x20)
+ goto failed;
+
+ if (is_valid_ipv4_address(addr))
+ return addr;
+failed:
+ *addr = '\0';
+ return NULL;
+}
-/** Information about one encrypted connection. */
-struct crypt_data {
- /** Function used to decrypt received data. */
- crypt_function *recv;
- /** Function used to encrypt data to be sent. */
- crypt_function *send;
- /**
- * Context-dependent data (crypt keys), passed verbatim to the above
- * crypt functions.
- */
- void *private_data;
-};
-/** Array holding per fd crypt data. */
-static struct crypt_data *crypt_data_array;
-/** Current size of the crypt data array. */
-static unsigned cda_size = 0;
/**
- * Activate encryption for one file descriptor.
+ * Match string as a candidate IPv4 address.
*
- * \param fd The file descriptor.
- * \param recv_f The function used for decrypting received data.
- * \param send_f The function used for encrypting before sending.
- * \param private_data User data supplied by the caller.
+ * \param address The string to match.
+ * \return True if \a address has "dot-quad" format.
*/
-void enable_crypt(int fd, crypt_function *recv_f, crypt_function *send_f,
- void *private_data)
+static bool is_v4_dot_quad(const char *address)
{
- if (fd + 1 > cda_size) {
- crypt_data_array = para_realloc(crypt_data_array,
- (fd + 1) * sizeof(struct crypt_data));
- memset(crypt_data_array + cda_size, 0,
- (fd + 1 - cda_size) * sizeof(struct crypt_data));
- cda_size = fd + 1;
- }
- crypt_data_array[fd].recv = recv_f;
- crypt_data_array[fd].send = send_f;
- crypt_data_array[fd].private_data = private_data;
- PARA_INFO_LOG("rc4 encryption activated for fd %d\n", fd);
+ bool result;
+ regex_t r;
+
+ assert(para_regcomp(&r, "^([0-9]+\\.){3}[0-9]+$",
+ REG_EXTENDED | REG_NOSUB) >= 0);
+ result = regexec(&r, address, 0, NULL, 0) == 0;
+ regfree(&r);
+ return result;
}
/**
- * Deactivate encryption for a given fd.
+ * Perform basic syntax checking on the host-part of an URL:
*
- * \param fd The file descriptor.
+ * - Since ':' is invalid in IPv4 addresses and DNS names, the
+ * presence of ':' causes interpretation as IPv6 address;
+ * - next the first-match-wins algorithm from RFC 3986 is applied;
+ * - else the string is considered as DNS name, to be resolved later.
+ *
+ * \param host The host string to check.
+ * \return True if \a host passes the syntax checks.
*
- * This must be called if and only if \p fd was activated via enable_crypt().
+ * \sa RFC 3986, 3.2.2; RFC 1123, 2.1; RFC 1034, 3.5
*/
-void disable_crypt(int fd)
+static bool host_string_ok(const char *host)
{
- if (cda_size < fd + 1)
- return;
- crypt_data_array[fd].recv = NULL;
- crypt_data_array[fd].send = NULL;
- crypt_data_array[fd].private_data = NULL;
+ if (host == NULL || *host == '\0')
+ return false;
+ if (strchr(host, ':') != NULL)
+ return is_valid_ipv6_address(host);
+ if (is_v4_dot_quad(host))
+ return is_valid_ipv4_address(host);
+ return true;
}
+/**
+ * Parse and validate URL string.
+ *
+ * The URL syntax is loosely based on RFC 3986, supporting one of
+ * - "["host"]"[:port] for native IPv6 addresses and
+ * - host[:port] for IPv4 hostnames and DNS names.
+ *
+ * Native IPv6 addresses must be enclosed in square brackets, since
+ * otherwise there is an ambiguity with the port separator `:'.
+ * The 'port' part is always considered to be a number; if absent,
+ * it is set to -1, to indicate that a default port is to be used.
+ *
+ * The following are valid examples:
+ * - 10.10.1.1
+ * - 10.10.1.2:8000
+ * - localhost
+ * - localhost:8001
+ * - [::1]:8000
+ * - [badc0de::1]
+ *
+ * \param url The URL string to take apart.
+ * \param host To return the copied host part of \a url.
+ * \param hostlen The maximum length of \a host.
+ * \param port To return the port number (if any) of \a url.
+ *
+ * \return Pointer to \a host, or NULL if failed.
+ * If NULL is returned, \a host and \a portnum are undefined. If no
+ * port number was present in \a url, \a portnum is set to -1.
+ *
+ * \sa RFC 3986, 3.2.2/3.2.3
+ */
+char *parse_url(const char *url,
+ char *host, ssize_t hostlen,
+ int32_t *port)
+{
+ const char *o = url;
+ char *c = host, *end = c + (hostlen - 1);
+
+ *port = -1;
+
+ if (o == NULL || hostlen < 1)
+ goto failed;
+
+ if (*o == '[') {
+ for (++o; (*c = *o == ']' ? '\0' : *o); c++, o++)
+ if (c == end)
+ goto failed;
+
+ if (*o++ != ']' || (*o != '\0' && *o != ':'))
+ goto failed;
+ } else {
+ for (; (*c = *o == ':'? '\0' : *o); c++, o++)
+ if (c == end)
+ goto failed;
+ }
+
+ if (*o == ':')
+ if (para_atoi32(++o, port) < 0 ||
+ *port < 0 || *port > 0xffff)
+ goto failed;
+
+ if (host_string_ok(host))
+ return host;
+failed:
+ *host = '\0';
+ return NULL;
+}
/**
* Determine the socket type for a given layer-4 protocol.
return host_and_port((struct sockaddr *)&ss, sslen);
}
+/**
+ * Look up the local side of a connected socket structure.
+ *
+ * \param sockfd The file descriptor of the socket.
+ *
+ * \return A pointer to a static buffer containing hostname an port. This
+ * buffer must not be freed by the caller.
+ *
+ * \sa remote_name().
+ */
char *local_name(int sockfd)
{
return __get_sock_name(sockfd, getsockname);
}
+/**
+ * Look up the remote side of a connected socket structure.
+ *
+ * \param sockfd The file descriptor of the socket.
+ *
+ * \return Analogous to the return value of \ref local_name() but for the
+ * remote side.
+ *
+ * \sa local_name().
+ */
char *remote_name(int sockfd)
{
return __get_sock_name(sockfd, getpeername);
struct in_addr ia = {.s_addr = 0};
if (ss->ss_family == AF_INET)
- ia.s_addr = ((struct sockaddr_in *)ss)->sin_addr.s_addr;
+ ia.s_addr = ((struct sockaddr_in *)ss)->sin_addr.s_addr;
if (ss->ss_family == AF_INET6) {
const struct in6_addr v6_addr = ((struct sockaddr_in6 *)ss)->sin6_addr;
}
/**
- * Encrypt and send a binary buffer.
+ * Send a binary buffer.
*
* \param fd The file descriptor.
- * \param buf The buffer to be encrypted and sent.
+ * \param buf The buffer to be sent.
* \param len The length of \a buf.
*
- * Check if encryption is available. If yes, encrypt the given buffer. Send
- * out the buffer, encrypted or not, and try to resend the remaing part in case
- * of short writes.
+ * Send out the buffer and try to resend the remaining part in case of short
+ * writes.
*
* \return Standard.
*/
int send_bin_buffer(int fd, const char *buf, size_t len)
{
- int ret;
- crypt_function *cf = NULL;
-
if (!len)
PARA_CRIT_LOG("len == 0\n");
- if (fd + 1 <= cda_size)
- cf = crypt_data_array[fd].send;
- if (cf) {
- void *private = crypt_data_array[fd].private_data;
- /* RC4 may write more than len to the output buffer */
- unsigned char *outbuf = para_malloc(ROUND_UP(len, 8));
- (*cf)(len, (unsigned char *)buf, outbuf, private);
- ret = write_all(fd, (char *)outbuf, &len);
- free(outbuf);
- } else
- ret = write_all(fd, buf, &len);
- return ret;
+ return write_all(fd, buf, &len);
}
/**
- * Encrypt and send null terminated buffer.
+ * Send a \p NULL-terminated buffer.
*
* \param fd The file descriptor.
* \param buf The null-terminated buffer to be send.
return send_bin_buffer(fd, buf, strlen(buf));
}
-
/**
- * Send and encrypt a buffer given by a format string.
+ * Send a buffer given by a format string.
*
* \param fd The file descriptor.
* \param fmt A format string.
}
/**
- * Receive and decrypt.
+ * Receive data from a file descriptor.
*
* \param fd The file descriptor.
- * \param buf The buffer to write the decrypted data to.
+ * \param buf The buffer to write the data to.
* \param size The size of \a buf.
*
- * Receive at most \a size bytes from file descriptor \a fd. If encryption is
- * available, decrypt the received buffer.
+ * Receive at most \a size bytes from file descriptor \a fd.
*
- * \return The number of bytes received on success, negative on errors.
+ * \return The number of bytes received on success, negative on errors, zero if
+ * the peer has performed an orderly shutdown.
*
- * \sa recv(2)
+ * \sa recv(2).
*/
__must_check int recv_bin_buffer(int fd, char *buf, size_t size)
{
ssize_t n;
- crypt_function *cf = NULL;
-
- if (fd + 1 <= cda_size)
- cf = crypt_data_array[fd].recv;
- if (cf) {
- unsigned char *tmp = para_malloc(size);
- void *private = crypt_data_array[fd].private_data;
- n = recv(fd, tmp, size, 0);
- if (n > 0) {
- size_t numbytes = n;
- unsigned char *b = (unsigned char *)buf;
- (*cf)(numbytes, tmp, b, private);
- }
- free(tmp);
- } else
- n = recv(fd, buf, size, 0);
+
+ n = recv(fd, buf, size, 0);
if (n == -1)
return -ERRNO_TO_PARA_ERROR(errno);
return n;
}
/**
- * Receive, decrypt and write terminating NULL byte.
+ * Receive and write terminating NULL byte.
*
* \param fd The file descriptor.
- * \param buf The buffer to write the decrypted data to.
+ * \param buf The buffer to write the data to.
* \param size The size of \a buf.
*
- * Read and decrypt at most \a size - 1 bytes from file descriptor \a fd and
+ * Read at most \a size - 1 bytes from file descriptor \a fd and
* write a NULL byte at the end of the received data.
*
* \return The return value of the underlying call to \a recv_bin_buffer().
*/
ssize_t send_cred_buffer(int sock, char *buf)
{
- char control[sizeof(struct cmsghdr) + 10];
+ char control[sizeof(struct cmsghdr) + sizeof(struct ucred)];
struct msghdr msg;
struct cmsghdr *cmsg;
static struct iovec iov;
ret = 1;
out:
if (ret < 0) {
- PARA_NOTICE_LOG("n = %d, did not receive pattern '%s'\n", n,
- pattern);
+ PARA_NOTICE_LOG("did not receive pattern '%s'\n", pattern);
if (n > 0)
- PARA_NOTICE_LOG("recvd: %s\n", buf);
+ PARA_NOTICE_LOG("recvd %d bytes: %s\n", n, buf);
+ else if (n < 0)
+ PARA_NOTICE_LOG("%s\n", para_strerror(-n));
}
free(buf);
return ret;
}
-
-static int resolve(const char *hostname, unsigned short port,
- struct sockaddr_in *addr)
-{
- struct hostent *host;
-
- assert(hostname);
- host = gethostbyname(hostname);
- if (!host)
- return -ERRNO_TO_PARA_ERROR(h_errno);
- if (addr) {
- memcpy(&addr->sin_addr, host->h_addr_list[0], host->h_length);
- addr->sin_port = port;
- }
- return 1;
-}
-
-/*
- * Create an UDP socket.
- *
- * If the given address is a multicast adress, the socket will be set
- * to use the multicast TTL ttl and sets the datagrams to loop back.
- *
- * \return The fd of the socket on success, negative on errors.
- */
-static int create_udp_socket(struct sockaddr_in *addr,
- unsigned short port, unsigned char ttl)
-{
- int ret, fd, yes = 1;
-
- assert(addr);
- ret = socket(PF_INET, SOCK_DGRAM, 0);
- if (ret < 0)
- return -ERRNO_TO_PARA_ERROR(errno);
- fd = ret;
- /* reuse addresses */
- ret = setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes));
- if (ret < 0) {
- ret = -ERRNO_TO_PARA_ERROR(errno);
- goto err;
- }
- addr->sin_family = AF_INET;
- addr->sin_port = htons(port);
- /* set the TTL and turn on multicast loop */
- if (IN_MULTICAST(htonl(addr->sin_addr.s_addr))) {
- unsigned char loop = 1;
- ret = setsockopt(fd, IPPROTO_IP, IP_MULTICAST_TTL, &ttl,
- sizeof(ttl));
- if (ret < 0) {
- ret = -ERRNO_TO_PARA_ERROR(errno);
- goto err;
- }
- ret = setsockopt(fd, IPPROTO_IP, IP_MULTICAST_LOOP, &loop,
- sizeof(loop));
- if (ret < 0) {
- ret = -ERRNO_TO_PARA_ERROR(errno);
- goto err;
- }
- }
- return fd;
-err:
- close(fd);
- return ret;
-}
-
-/**
- * Create and connect a sending UDP socket.
- *
- * \param hostname Where to send to (name or IPv4 address).
- * \param port The udp port to use.
- * \param ttl Time to live (only relevant for multicast).
- *
- * \return The fd of the socket on success, negative on error.
- */
-int create_udp_send_socket(char *hostname, unsigned short port,
- unsigned char ttl)
-{
- struct sockaddr_in addr;
- int fd, ret = resolve(hostname, port, &addr);
-
- if (ret < 0)
- return ret;
- ret = create_udp_socket(&addr, port, ttl);
- if (ret < 0)
- return ret;
- fd = ret;
- ret = connect(fd, (struct sockaddr *)&addr, sizeof(addr));
- if (ret >= 0)
- return fd;
- ret = -ERRNO_TO_PARA_ERROR(errno);
- close(fd);
- return ret;
-}
-
-/**
- * Create and bind a receiving UDP socket.
- *
- * Bind the created UDP socket to \a hostname, and add multicast membership if
- * hostname is a multicast hostname.
- *
- * \param hostname Name or IPv4 address to receive from.
- * \param port The udp port.
- *
- * \return The fd of the socket on success, negative on errors.
- */
-int create_udp_recv_socket(char *hostname, unsigned short port)
-{
- struct sockaddr_in addr;
- int fd, ret = resolve(hostname, port, &addr);
-
- if (ret < 0)
- memset(&addr.sin_addr, 0, sizeof(addr.sin_addr));
- ret = create_udp_socket(&addr, port, 1);
- if (ret < 0)
- return ret;
- fd = ret;
- ret = bind(fd, (struct sockaddr *)&addr, sizeof(addr));
- if (ret < 0) {
- ret = -ERRNO_TO_PARA_ERROR(errno);
- goto err;
- }
- /* Add multicast membership */
- if (IN_MULTICAST(htonl(addr.sin_addr.s_addr))) {
- struct ip_mreq mreq;
-
- mreq.imr_multiaddr.s_addr = addr.sin_addr.s_addr;
- mreq.imr_interface.s_addr = htonl(INADDR_ANY);
- ret = setsockopt(fd, IPPROTO_IP, IP_ADD_MEMBERSHIP,
- &mreq, sizeof(mreq));
- if (ret < 0) {
- ret = -ERRNO_TO_PARA_ERROR(errno);
- goto err;
- }
- }
- return fd;
-err:
- close(fd);
- return ret;
-}
projects / paraslash.git / blobdiff