X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=blobdiff_plain;f=command.c;h=0a76f68ee03dfeadf2d48e0b5065594caecbfef0;hp=f17973048d8cf479ccf1682a3b3fe09aa90b2e21;hb=d6a87acd98b9e451d488e31b92cdae7673c30ac6;hpb=7649f22106cec2c6eb8bb10f279401e1af5451d0 diff --git a/command.c b/command.c index f1797304..0a76f68e 100644 --- a/command.c +++ b/command.c @@ -1,8 +1,4 @@ -/* - * Copyright (C) 1997 Andre Noll - * - * Licensed under the GPL v2. For licencing details see COPYING. - */ +/* Copyright (C) 1997 Andre Noll , see file COPYING. */ /** \file command.c Client authentication and server commands. */ @@ -20,18 +16,19 @@ #include "server.lsg.h" #include "para.h" #include "error.h" +#include "lsu.h" #include "crypt.h" #include "sideband.h" #include "command.h" #include "string.h" #include "afh.h" #include "afs.h" +#include "net.h" #include "server.h" #include "list.h" #include "send.h" #include "sched.h" #include "vss.h" -#include "net.h" #include "daemon.h" #include "fd.h" #include "ipc.h" @@ -52,11 +49,15 @@ static const char * const server_command_perms_txt[] = {LSG_SERVER_CMD_AUX_INFOS extern int mmd_mutex; extern struct misc_meta_data *mmd; -extern struct sender senders[]; int send_afs_status(struct command_context *cc, int parser_friendly); +static bool subcmd_should_die; -static void dummy(__a_unused int s) +static void command_handler_sighandler(int s) { + if (s != SIGTERM) + return; + PARA_EMERG_LOG("terminating on signal %d\n", SIGTERM); + subcmd_should_die = true; } /* @@ -111,14 +112,14 @@ static unsigned get_status(struct misc_meta_data *nmmd, bool parser_friendly, * clang is not smart enough to prove this and complains nevertheless. * Casting the return value to void silences clang. */ - (void)WRITE_STATUS_ITEM(&b, SI_STATUS, "%s\n", status); - (void)WRITE_STATUS_ITEM(&b, SI_STATUS_FLAGS, "%s\n", flags); - (void)WRITE_STATUS_ITEM(&b, SI_OFFSET, "%li\n", offset); - (void)WRITE_STATUS_ITEM(&b, SI_AFS_MODE, "%s\n", mmd->afs_mode_string); - (void)WRITE_STATUS_ITEM(&b, SI_STREAM_START, "%lu.%lu\n", + (void)WRITE_STATUS_ITEM(&b, SI_status, "%s\n", status); + (void)WRITE_STATUS_ITEM(&b, SI_status_flags, "%s\n", flags); + (void)WRITE_STATUS_ITEM(&b, SI_offset, "%li\n", offset); + (void)WRITE_STATUS_ITEM(&b, SI_afs_mode, "%s\n", mmd->afs_mode_string); + (void)WRITE_STATUS_ITEM(&b, SI_stream_start, "%lu.%lu\n", (long unsigned)nmmd->stream_start.tv_sec, (long unsigned)nmmd->stream_start.tv_usec); - (void)WRITE_STATUS_ITEM(&b, SI_CURRENT_TIME, "%lu.%lu\n", + (void)WRITE_STATUS_ITEM(&b, SI_current_time, "%lu.%lu\n", (long unsigned)current_time.tv_sec, (long unsigned)current_time.tv_usec); free(flags); @@ -239,10 +240,10 @@ static int check_sender_args(struct command_context *cc, return ret; } arg = lls_input(0, lpr); - for (i = 0; senders[i].name; i++) - if (!strcmp(senders[i].name, arg)) + FOR_EACH_SENDER(i) + if (strcmp(senders[i]->name, arg) == 0) break; - if (!senders[i].name) + if (!senders[i]) return -E_COMMAND_SYNTAX; scd->sender_num = i; arg = lls_input(1, lpr); @@ -252,7 +253,7 @@ static int check_sender_args(struct command_context *cc, if (i == NUM_SENDER_CMDS) return -E_COMMAND_SYNTAX; scd->cmd_num = i; - if (!senders[scd->sender_num].client_cmds[scd->cmd_num]) + if (!senders[scd->sender_num]->client_cmds[scd->cmd_num]) return -E_SENDER_CMD; switch (scd->cmd_num) { case SENDER_on: @@ -278,7 +279,7 @@ static int check_sender_args(struct command_context *cc, } /** - * Send a sideband packet through a blocking file descriptor. + * Receive a sideband packet from a blocking file descriptor. * * \param scc fd and crypto keys. * \param expected_band The expected band designator. @@ -334,10 +335,10 @@ static int com_sender(struct command_context *cc, struct lls_parse_result *lpr) struct sender_command_data scd; if (lls_num_inputs(lpr) == 0) { - for (i = 0; senders[i].name; i++) { + FOR_EACH_SENDER(i) { char *tmp; ret = xasprintf(&tmp, "%s%s\n", msg? msg : "", - senders[i].name); + senders[i]->name); free(msg); msg = tmp; } @@ -348,17 +349,17 @@ static int com_sender(struct command_context *cc, struct lls_parse_result *lpr) if (scd.sender_num < 0) return ret; if (strcmp(lls_input(1, lpr), "status") == 0) - msg = senders[scd.sender_num].status(); + msg = senders[scd.sender_num]->status(); else - msg = senders[scd.sender_num].help(); + msg = senders[scd.sender_num]->help(); return send_sb(&cc->scc, msg, strlen(msg), SBD_OUTPUT, false); } switch (scd.cmd_num) { case SENDER_add: case SENDER_delete: - assert(senders[scd.sender_num].resolve_target); - ret = senders[scd.sender_num].resolve_target(lls_input(2, lpr), + assert(senders[scd.sender_num]->resolve_target); + ret = senders[scd.sender_num]->resolve_target(lls_input(2, lpr), &scd); if (ret < 0) return ret; @@ -398,7 +399,7 @@ static int com_si(struct command_context *cc, "supported audio formats: %s\n", ut, mmd->num_played, (int)getppid(), - (int)mmd->afs_pid, + (int)afs_pid, mmd->active_connections, mmd->num_commands, mmd->num_connects, @@ -426,41 +427,41 @@ EXPORT_SERVER_CMD_HANDLER(version); /** These status items are cleared if no audio file is currently open. */ #define EMPTY_STATUS_ITEMS \ - ITEM(PATH) \ - ITEM(DIRECTORY) \ - ITEM(BASENAME) \ - ITEM(SCORE) \ - ITEM(ATTRIBUTES_BITMAP) \ - ITEM(ATTRIBUTES_TXT) \ - ITEM(HASH) \ - ITEM(IMAGE_ID) \ - ITEM(IMAGE_NAME) \ - ITEM(LYRICS_ID) \ - ITEM(LYRICS_NAME) \ - ITEM(BITRATE) \ - ITEM(FORMAT) \ - ITEM(FREQUENCY) \ - ITEM(CHANNELS) \ - ITEM(DURATION) \ - ITEM(SECONDS_TOTAL) \ - ITEM(NUM_PLAYED) \ - ITEM(LAST_PLAYED) \ - ITEM(TECHINFO) \ - ITEM(ARTIST) \ - ITEM(TITLE) \ - ITEM(YEAR) \ - ITEM(ALBUM) \ - ITEM(COMMENT) \ - ITEM(MTIME) \ - ITEM(FILE_SIZE) \ - ITEM(CHUNK_TIME) \ - ITEM(NUM_CHUNKS) \ - ITEM(AMPLIFICATION) \ + ITEM(path) \ + ITEM(directory) \ + ITEM(basename) \ + ITEM(score) \ + ITEM(attributes_bitmap) \ + ITEM(attributes_txt) \ + ITEM(hash) \ + ITEM(image_id) \ + ITEM(image_name) \ + ITEM(lyrics_id) \ + ITEM(lyrics_name) \ + ITEM(bitrate) \ + ITEM(format) \ + ITEM(frequency) \ + ITEM(channels) \ + ITEM(duration) \ + ITEM(seconds_total) \ + ITEM(num_played) \ + ITEM(last_played) \ + ITEM(techinfo) \ + ITEM(artist) \ + ITEM(title) \ + ITEM(year) \ + ITEM(album) \ + ITEM(comment) \ + ITEM(mtime) \ + ITEM(file_size) \ + ITEM(chunk_time) \ + ITEM(num_chunks) \ + ITEM(amplification) \ + ITEM(play_time) \ -/** - * Write a list of audio-file related status items with empty values. - * - * This is used by vss when currently no audio file is open. +/* + * Create a set of audio-file related status items with empty values. These are + * written to stat clients when no audio file is open. */ static unsigned empty_status_items(bool parser_friendly, char **result) { @@ -498,9 +499,21 @@ static int com_stat(struct command_context *cc, struct lls_parse_result *lpr) bool parser_friendly = SERVER_CMD_OPT_GIVEN(STAT, PARSER_FRIENDLY, lpr) > 0; uint32_t num = SERVER_CMD_UINT32_VAL(STAT, NUM, lpr); + const struct timespec ts = {.tv_sec = 50, .tv_nsec = 0}; - para_sigaction(SIGUSR1, dummy); + para_sigaction(SIGINT, SIG_IGN); + para_sigaction(SIGUSR1, command_handler_sighandler); + para_sigaction(SIGTERM, command_handler_sighandler); + /* + * Simply checking subcmd_should_die is racy because a signal may + * arrive after the check but before the subsequent call to sleep(3). + * If this happens, sleep(3) would not be interrupted by the signal. + * To avoid this we block SIGTERM here and allow it to arrive only + * while we sleep. + */ + para_block_signal(SIGTERM); for (;;) { + sigset_t set; /* * Copy the mmd structure to minimize the time we hold the mmd * lock. @@ -523,7 +536,15 @@ static int com_stat(struct command_context *cc, struct lls_parse_result *lpr) ret = 1; if (num > 0 && !--num) goto out; - sleep(50); + sigemptyset(&set); /* empty set means: unblock all signals */ + /* + * pselect(2) allows to atomically unblock signals, then go to + * sleep. Calling sigprocmask(2) followed by sleep(3) would + * open a race window similar to the one described above. + */ + pselect(1, NULL, NULL, NULL, &ts, &set); + if (subcmd_should_die) + goto out; ret = -E_SERVER_CRASH; if (getppid() == 1) goto out; @@ -533,63 +554,35 @@ out: } EXPORT_SERVER_CMD_HANDLER(stat); -/* fixed-length, human readable permission string */ -const char *server_cmd_perms_str(unsigned int perms) +const char *aux_info_cb(unsigned cmd_num, bool verbose) { - static char result[5]; - - result[0] = perms & AFS_READ? 'a' : '-'; - result[1] = perms & AFS_WRITE? 'A' : '-'; - result[2] = perms & VSS_READ? 'v' : '-'; - result[3] = perms & VSS_WRITE? 'V' : '-'; - result[4] = '\0'; - return result; -} + static char result[80]; + unsigned perms = server_command_perms[cmd_num]; -static int send_list_of_commands(struct command_context *cc) -{ - int i; - const struct lls_command *cmd; - char *msg = para_strdup(""); - - for (i = 1; (cmd = lls_cmd(i, server_cmd_suite)); i++) { - const char *perms = server_cmd_perms_str(server_command_perms[i]); - char *tmp = make_message("%s%s\t%s\t%s\n", msg, - lls_command_name(cmd), perms, lls_purpose(cmd)); - free(msg); - msg = tmp; + if (verbose) { + /* permissions: VSS_READ | VSS_WRITE */ + sprintf(result, "permissions: %s", + server_command_perms_txt[cmd_num]); + } else { + result[0] = perms & AFS_READ? 'a' : '-'; + result[1] = perms & AFS_WRITE? 'A' : '-'; + result[2] = perms & VSS_READ? 'v' : '-'; + result[3] = perms & VSS_WRITE? 'V' : '-'; + result[4] = '\0'; } - return send_sb(&cc->scc, msg, strlen(msg), SBD_OUTPUT, false); + return result; } static int com_help(struct command_context *cc, struct lls_parse_result *lpr) { - const char *perms; - char *long_help, *buf, *errctx; + char *buf; int ret; - const struct lls_command *cmd; + unsigned n; + bool long_help = SERVER_CMD_OPT_GIVEN(HELP, LONG, lpr); - ret = lls(lls_check_arg_count(lpr, 0, 1, &errctx)); - if (ret < 0) { - send_errctx(cc, errctx); - return ret; - } - if (lls_num_inputs(lpr) == 0) - return send_list_of_commands(cc); - /* argument given for help */ - ret = lls(lls_lookup_subcmd(lls_input(0, lpr), server_cmd_suite, - &errctx)); - if (ret < 0) { - send_errctx(cc, errctx); - return ret; - } - cmd = lls_cmd(ret, server_cmd_suite); - perms = server_command_perms_txt[ret]; - long_help = lls_long_help(cmd); - assert(long_help); - ret = xasprintf(&buf, "%spermissions: %s\n", long_help, perms); - free(long_help); - return send_sb(&cc->scc, buf, ret, SBD_OUTPUT, false); + lsu_com_help(long_help, lpr, server_cmd_suite, aux_info_cb, &buf, &n); + ret = send_sb(&cc->scc, buf, n, SBD_OUTPUT, false); + return ret; } EXPORT_SERVER_CMD_HANDLER(help); @@ -668,12 +661,10 @@ static int com_nomore(__a_unused struct command_context *cc, } EXPORT_SERVER_CMD_HANDLER(nomore); -static int com_ff(__a_unused struct command_context *cc, - struct lls_parse_result *lpr) +static int com_ff(struct command_context *cc, struct lls_parse_result *lpr) { long promille; - int ret, backwards = 0; - unsigned i; + int i, ret; char c, *errctx; ret = lls(lls_check_arg_count(lpr, 1, 1, &errctx)); @@ -681,19 +672,33 @@ static int com_ff(__a_unused struct command_context *cc, send_errctx(cc, errctx); return ret; } - if (!(ret = sscanf(lls_input(0, lpr), "%u%c", &i, &c))) - return -E_COMMAND_SYNTAX; - if (ret > 1 && c == '-') - backwards = 1; /* jmp backwards */ + ret = para_atoi32(lls_input(0, lpr), &i); + if (ret < 0) { + if (ret != -E_ATOI_JUNK_AT_END) + return ret; + /* + * Compatibility code to keep the historic syntax (ff 30-) + * working. This can be removed after 0.7.0. + */ + ret = sscanf(lls_input(0, lpr), "%i%c", &i, &c); + if (ret <= 0) + return -E_COMMAND_SYNTAX; + if (ret > 1 && c == '-') { + PARA_WARNING_LOG("use of obsolete syntax\n"); + i = -i; + } + } mutex_lock(mmd_mutex); ret = -E_NO_AUDIO_FILE; if (!mmd->afd.afhi.chunks_total || !mmd->afd.afhi.seconds_total) goto out; + ret = 1; promille = (1000 * mmd->current_chunk) / mmd->afd.afhi.chunks_total; - if (backwards) - promille -= 1000 * i / mmd->afd.afhi.seconds_total; - else - promille += 1000 * i / mmd->afd.afhi.seconds_total; + /* + * We need this cast because without it the expression on the right + * hand side is of unsigned type. + */ + promille += 1000 * i / (int)mmd->afd.afhi.seconds_total; if (promille < 0) promille = 0; if (promille > 1000) { @@ -704,18 +709,15 @@ static int com_ff(__a_unused struct command_context *cc, mmd->new_vss_status_flags |= VSS_REPOS; mmd->new_vss_status_flags &= ~VSS_NEXT; mmd->events++; - ret = 1; out: mutex_unlock(mmd_mutex); return ret; } EXPORT_SERVER_CMD_HANDLER(ff); -static int com_jmp(__a_unused struct command_context *cc, - struct lls_parse_result *lpr) +static int com_jmp(struct command_context *cc, struct lls_parse_result *lpr) { - long unsigned int i; - int ret; + int i, ret; char *errctx; ret = lls(lls_check_arg_count(lpr, 1, 1, &errctx)); @@ -723,18 +725,16 @@ static int com_jmp(__a_unused struct command_context *cc, send_errctx(cc, errctx); return ret; } - if (sscanf(lls_input(0, lpr), "%lu", &i) <= 0) + if (sscanf(lls_input(0, lpr), "%d", &i) <= 0) + return -ERRNO_TO_PARA_ERROR(EINVAL); + if (i < 0 || i > 100) return -ERRNO_TO_PARA_ERROR(EINVAL); mutex_lock(mmd_mutex); ret = -E_NO_AUDIO_FILE; if (!mmd->afd.afhi.chunks_total) goto out; - if (i > 100) - i = 100; - PARA_INFO_LOG("jumping to %lu%%\n", i); + PARA_INFO_LOG("jumping to %d%%\n", i); mmd->repos_request = (mmd->afd.afhi.chunks_total * i + 50) / 100; - PARA_INFO_LOG("sent: %lu, offset before jmp: %li\n", - mmd->chunks_sent, mmd->offset); mmd->new_vss_status_flags |= VSS_REPOS; mmd->new_vss_status_flags &= ~VSS_NEXT; ret = 1; @@ -745,12 +745,11 @@ out: } EXPORT_SERVER_CMD_HANDLER(jmp); -static int com_tasks(struct command_context *cc, +/* deprecated, does nothing */ +static int com_tasks(__a_unused struct command_context *cc, __a_unused struct lls_parse_result *lpr) { - char *tl = server_get_tasks(); - assert(tl); - return send_sb(&cc->scc, tl, strlen(tl), SBD_OUTPUT, false); + return 1; } EXPORT_SERVER_CMD_HANDLER(tasks); @@ -766,7 +765,7 @@ struct connection_features { int dummy; /* none at the moment */ }; -static int parse_auth_request(char *buf, int len, struct user **u, +static int parse_auth_request(char *buf, int len, const struct user **u, struct connection_features *cf) { int ret; @@ -800,7 +799,7 @@ static int parse_auth_request(char *buf, int len, struct user **u, } } PARA_DEBUG_LOG("received auth request for user %s\n", username); - *u = lookup_user(username); + *u = user_list_lookup(username); ret = 1; out: free_argv(features); @@ -809,8 +808,7 @@ out: #define HANDSHAKE_BUFSIZE 4096 -static int run_command(struct command_context *cc, struct iovec *iov, - const char *peername) +static int run_command(struct command_context *cc, struct iovec *iov) { int ret, i, argc; char *p, *end, **argv; @@ -843,8 +841,8 @@ static int run_command(struct command_context *cc, struct iovec *iov, p += strlen(p) + 1; } argv[argc] = NULL; - PARA_NOTICE_LOG("calling com_%s() for %s@%s\n", lls_command_name(lcmd), - cc->u->name, peername); + PARA_NOTICE_LOG("calling com_%s() for user %s\n", + lls_command_name(lcmd), cc->u->name); ret = lls(lls_parse(argc, argv, lcmd, &lpr, &errctx)); if (ret >= 0) { const struct server_cmd_user_data *ud = lls_user_data(lcmd); @@ -865,35 +863,36 @@ static int run_command(struct command_context *cc, struct iovec *iov, * Perform user authentication and execute a command. * * \param fd The file descriptor to send output to. - * \param peername Identifies the connecting peer. * * Whenever para_server accepts an incoming tcp connection on the port it * listens on, it forks and the resulting child calls this function. * - * An RSA-based challenge/response is used to authenticate the peer. It that + * An RSA-based challenge/response is used to authenticate the peer. If the * authentication succeeds, a random session key is generated and sent back to * the peer, encrypted with its RSA public key. From this point on, all - * transfers are crypted with this session key. + * transfers are encrypted with this session key using a stream cipher. * * Next it is checked if the peer supplied a valid server command or a command * for the audio file selector. If yes, and if the user has sufficient - * permissions to execute that command, the function calls the corresponding - * command handler which does argument checking and further processing. + * permissions to execute this command, the function calls the corresponding + * command handler which performs argument checking and further processing. * - * In order to cope with a DOS attacks, a timeout is set up which terminates - * the function if the connection was not authenticated when the timeout - * expires. + * To cope with DOS attacks, a timer is set up right after the fork. If the + * connection was still not authenticated when the timeout expires, the child + * process is terminated. * - * \sa alarm(2), \ref crypt.c, \ref crypt.h. + * \return Standard. + * + * \sa alarm(2), \ref openssl.c, \ref crypt.h. */ -__noreturn void handle_connect(int fd, const char *peername) +int handle_connect(int fd) { int ret; - unsigned char rand_buf[CHALLENGE_SIZE + 2 * SESSION_KEY_LEN]; + unsigned char rand_buf[APC_CHALLENGE_SIZE + 2 * SESSION_KEY_LEN]; unsigned char challenge_hash[HASH_SIZE]; char *command = NULL, *buf = para_malloc(HANDSHAKE_BUFSIZE) /* must be on the heap */; size_t numbytes; - struct command_context cc_struct = {.peer = peername}, *cc = &cc_struct; + struct command_context cc_struct = {.u = NULL}, *cc = &cc_struct; struct iovec iov; struct connection_features cf; @@ -919,7 +918,7 @@ __noreturn void handle_connect(int fd, const char *peername) goto net_err; if (cc->u) { get_random_bytes_or_die(rand_buf, sizeof(rand_buf)); - ret = pub_encrypt(cc->u->pubkey, rand_buf, sizeof(rand_buf), + ret = apc_pub_encrypt(cc->u->pubkey, rand_buf, sizeof(rand_buf), (unsigned char *)buf); if (ret < 0) goto net_err; @@ -934,7 +933,7 @@ __noreturn void handle_connect(int fd, const char *peername) get_random_bytes_or_die((unsigned char *)buf, numbytes); } PARA_DEBUG_LOG("sending %d byte challenge + session key (%zu bytes)\n", - CHALLENGE_SIZE, numbytes); + APC_CHALLENGE_SIZE, numbytes); ret = send_sb(&cc->scc, buf, numbytes, SBD_CHALLENGE, false); buf = NULL; if (ret < 0) @@ -950,21 +949,21 @@ __noreturn void handle_connect(int fd, const char *peername) if (!cc->u) goto net_err; /* - * The correct response is the hash of the first CHALLENGE_SIZE bytes + * The correct response is the hash of the first APC_CHALLENGE_SIZE bytes * of the random data. */ ret = -E_BAD_AUTH; if (numbytes != HASH_SIZE) goto net_err; - hash_function((char *)rand_buf, CHALLENGE_SIZE, challenge_hash); + hash_function((char *)rand_buf, APC_CHALLENGE_SIZE, challenge_hash); if (memcmp(challenge_hash, buf, HASH_SIZE)) goto net_err; /* auth successful */ alarm(0); PARA_INFO_LOG("good auth for %s\n", cc->u->name); /* init stream cipher keys with the second part of the random buffer */ - cc->scc.recv = sc_new(rand_buf + CHALLENGE_SIZE, SESSION_KEY_LEN); - cc->scc.send = sc_new(rand_buf + CHALLENGE_SIZE + SESSION_KEY_LEN, + cc->scc.recv = sc_new(rand_buf + APC_CHALLENGE_SIZE, SESSION_KEY_LEN); + cc->scc.send = sc_new(rand_buf + APC_CHALLENGE_SIZE + SESSION_KEY_LEN, SESSION_KEY_LEN); ret = send_sb(&cc->scc, NULL, 0, SBD_PROCEED, false); if (ret < 0) @@ -972,7 +971,7 @@ __noreturn void handle_connect(int fd, const char *peername) ret = recv_sb(&cc->scc, SBD_COMMAND, MAX_COMMAND_LEN, &iov); if (ret < 0) goto net_err; - ret = run_command(cc, &iov, peername); + ret = run_command(cc, &iov); free(iov.iov_base); if (ret < 0) goto err_out; @@ -996,5 +995,5 @@ out: } sc_free(cc->scc.recv); sc_free(cc->scc.send); - exit(ret < 0? EXIT_FAILURE : EXIT_SUCCESS); + return ret; }