X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=blobdiff_plain;f=command.c;h=412769336a2896555142eac66cf6c9469f9c394b;hp=5790f11d278f95d4ad09964ab76af5d0ebf9e772;hb=823a4ff87a03ff9e1d2bfe8bc501f55ee4213649;hpb=fa9e0ecb219000e07eaf694f50679a8edfb5dc9e

diff --git a/command.c b/command.c
index 5790f11d..41276933 100644
--- a/command.c
+++ b/command.c
@@ -1,16 +1,20 @@
 /*
- * Copyright (C) 1997-2012 Andre Noll <maan@systemlinux.org>
+ * Copyright (C) 1997-2014 Andre Noll <maan@systemlinux.org>
  *
  * Licensed under the GPL v2. For licencing details see COPYING.
  */
 
 /** \file command.c Client authentication and server commands. */
 
+#include <netinet/in.h>
+#include <sys/socket.h>
 #include <regex.h>
 #include <signal.h>
-#include <sys/time.h>
 #include <sys/types.h>
 #include <osl.h>
+#include <arpa/inet.h>
+#include <sys/un.h>
+#include <netdb.h>
 
 #include "para.h"
 #include "error.h"
@@ -36,6 +40,9 @@
 #include "signal.h"
 #include "version.h"
 
+static struct server_command afs_cmds[] = {DEFINE_AFS_CMD_ARRAY};
+static struct server_command server_cmds[] = {DEFINE_SERVER_CMD_ARRAY};
+
 /** Commands including options must be shorter than this. */
 #define MAX_COMMAND_LEN 32768
 
@@ -102,12 +109,12 @@ static char *vss_get_status_flags(unsigned int flags)
 	return msg;
 }
 
-static char *get_status(struct misc_meta_data *nmmd, int parser_friendly)
+static unsigned get_status(struct misc_meta_data *nmmd, int parser_friendly,
+		char **result)
 {
 	char mtime[30] = "";
 	char *status, *flags; /* vss status info */
 	/* nobody updates our version of "now" */
-	char *ut = get_server_uptime_str(NULL);
 	long offset = (nmmd->offset + 500) / 1000;
 	struct timeval current_time;
 	struct tm mtime_tm;
@@ -120,7 +127,7 @@ static char *get_status(struct misc_meta_data *nmmd, int parser_friendly)
 		localtime_r(&nmmd->mtime, &mtime_tm);
 		strftime(mtime, 29, "%b %d %Y", &mtime_tm);
 	}
-	gettimeofday(&current_time, NULL);
+	clock_get_realtime(&current_time);
 	/*
 	 * The calls to WRITE_STATUS_ITEM() below never fail because
 	 * b->max_size is zero (unlimited), see para_printf(). However, clang
@@ -141,8 +148,8 @@ static char *get_status(struct misc_meta_data *nmmd, int parser_friendly)
 		(long unsigned)current_time.tv_usec);
 	free(flags);
 	free(status);
-	free(ut);
-	return b.buf;
+	*result = b.buf;
+	return b.offset;
 }
 
 static int check_sender_args(int argc, char * const * argv, struct sender_command_data *scd)
@@ -216,8 +223,8 @@ int send_sb(struct stream_cipher_context *scc, void *buf, size_t numbytes,
 	int ret;
 	struct sb_context *sbc;
 	struct iovec iov[2];
-	struct sb_buffer sbb = SBB_INIT(band, buf, numbytes);
 	sb_transformation trafo = band < SBD_PROCEED? NULL : sc_trafo;
+	struct sb_buffer sbb = SBB_INIT(band, buf, numbytes);
 
 	sbc = sb_new_send(&sbb, dont_free, trafo, scc->send);
 	do {
@@ -254,6 +261,19 @@ __printf_3_4 int send_sb_va(struct stream_cipher_context *scc, int band,
 	return send_sb(scc, msg, ret, band, false);
 }
 
+/**
+ * Send an error message to a client.
+ *
+ * \param cc Client info.
+ * \param err The (positive) error code.
+ *
+ * \return The return value of the underlying call to send_sb_va().
+ */
+int send_strerror(struct command_context *cc, int err)
+{
+	return send_sb_va(&cc->scc, SBD_ERROR_LOG, "%s\n", para_strerror(err));
+}
+
 /**
  * Send a sideband packet through a blocking file descriptor.
  *
@@ -304,31 +324,28 @@ fail:
 	return ret;
 }
 
-int com_sender(struct command_context *cc)
+static int com_sender(struct command_context *cc)
 {
-	int i, ret;
+	int i, ret = 0;
 	char *msg = NULL;
 	struct sender_command_data scd;
 
 	if (cc->argc < 2) {
 		for (i = 0; senders[i].name; i++) {
-			char *tmp = make_message("%s%s\n",
-				msg? msg : "", senders[i].name);
+			char *tmp;
+			ret = xasprintf(&tmp, "%s%s\n", msg? msg : "",
+				senders[i].name);
 			free(msg);
 			msg = tmp;
 		}
-		ret = sc_send_buffer(&cc->scc, msg);
-		free(msg);
-		return ret;
+		return send_sb(&cc->scc, msg, ret, SBD_OUTPUT, false);
 	}
 	ret = check_sender_args(cc->argc, cc->argv, &scd);
 	if (ret < 0) {
 		if (scd.sender_num < 0)
 			return ret;
 		msg = senders[scd.sender_num].help();
-		ret = sc_send_buffer(&cc->scc, msg);
-		free(msg);
-		return ret;
+		return send_sb(&cc->scc, msg, strlen(msg), SBD_OUTPUT, false);
 	}
 
 	switch (scd.cmd_num) {
@@ -355,11 +372,10 @@ int com_sender(struct command_context *cc)
 }
 
 /* server info */
-int com_si(struct command_context *cc)
+static int com_si(struct command_context *cc)
 {
 	int i, ret;
-	char *ut;
-	char *sender_info = NULL;
+	char *msg, *ut, *sender_info = NULL;
 
 	if (cc->argc != 1)
 		return -E_COMMAND_SYNTAX;
@@ -369,8 +385,9 @@ int com_si(struct command_context *cc)
 		sender_info = para_strcat(sender_info, info);
 		free(info);
 	}
-	ut = get_server_uptime_str(now);
-	ret = sc_send_va_buffer(&cc->scc, "version: " GIT_VERSION "\n"
+	ut = daemon_get_uptime_str(now);
+	ret = xasprintf(&msg,
+		"version: %s\n"
 		"up: %s\nplayed: %u\n"
 		"server_pid: %d\n"
 		"afs_pid: %d\n"
@@ -378,6 +395,7 @@ int com_si(struct command_context *cc)
 		"current loglevel: %s\n"
 		"supported audio formats: %s\n"
 		"%s",
+		version_git(),
 		ut, mmd->num_played,
 		(int)getppid(),
 		(int)mmd->afs_pid,
@@ -385,24 +403,25 @@ int com_si(struct command_context *cc)
 		mmd->num_commands,
 		mmd->num_connects,
 		conf.loglevel_arg,
-		SERVER_AUDIO_FORMATS,
+		AUDIO_FORMAT_HANDLERS,
 		sender_info
 	);
 	mutex_unlock(mmd_mutex);
 	free(ut);
 	free(sender_info);
-	return ret;
+	return send_sb(&cc->scc, msg, ret, SBD_OUTPUT, false);
 }
 
 /* version */
-int com_version(struct command_context *cc)
+static int com_version(struct command_context *cc)
 {
+	char *msg;
+	size_t len;
+
 	if (cc->argc != 1)
 		return -E_COMMAND_SYNTAX;
-	return sc_send_buffer(&cc->scc, VERSION_TEXT("server")
-		"built: " BUILD_DATE "\n"
-		UNAME_RS ", " CC_VERSION "\n"
-	);
+	len = xasprintf(&msg, "%s", version_text("server"));
+	return send_sb(&cc->scc, msg, len, SBD_OUTPUT, false);
 }
 
 #define EMPTY_STATUS_ITEMS \
@@ -438,10 +457,13 @@ int com_version(struct command_context *cc)
  *
  * This is used by vss when currently no audio file is open.
  */
-static char *empty_status_items(int parser_friendly)
+static unsigned empty_status_items(int parser_friendly, char **result)
 {
+	char *esi;
+	unsigned len;
+
 	if (parser_friendly)
-		return make_message(
+		len = xasprintf(&esi,
 			#define ITEM(x) "0004 %02x:\n"
 			EMPTY_STATUS_ITEMS
 			#undef ITEM
@@ -449,19 +471,22 @@ static char *empty_status_items(int parser_friendly)
 			EMPTY_STATUS_ITEMS
 			#undef ITEM
 		);
-	return make_message(
-		#define ITEM(x) "%s:\n"
-		EMPTY_STATUS_ITEMS
-		#undef ITEM
-		#define ITEM(x) ,status_item_list[SI_ ## x]
-		EMPTY_STATUS_ITEMS
-		#undef ITEM
-	);
+	else
+		len = xasprintf(&esi,
+			#define ITEM(x) "%s:\n"
+			EMPTY_STATUS_ITEMS
+			#undef ITEM
+			#define ITEM(x) ,status_item_list[SI_ ## x]
+			EMPTY_STATUS_ITEMS
+			#undef ITEM
+		);
+	*result = esi;
+	return len;
 }
 #undef EMPTY_STATUS_ITEMS
 
 /* stat */
-int com_stat(struct command_context *cc)
+static int com_stat(struct command_context *cc)
 {
 	int i, ret;
 	struct misc_meta_data tmp, *nmmd = &tmp;
@@ -495,16 +520,14 @@ int com_stat(struct command_context *cc)
 		return -E_COMMAND_SYNTAX;
 	for (;;) {
 		mmd_dup(nmmd);
-		s = get_status(nmmd, parser_friendly);
-		ret = sc_send_buffer(&cc->scc, s);
-		free(s);
+		ret = get_status(nmmd, parser_friendly, &s);
+		ret = send_sb(&cc->scc, s, ret, SBD_OUTPUT, false);
 		if (ret < 0)
 			goto out;
 		if (nmmd->vss_status_flags & VSS_NEXT) {
-			static char *esi;
-			if (!esi)
-				esi = empty_status_items(parser_friendly);
-			ret = sc_send_buffer(&cc->scc, esi);
+			char *esi;
+			ret = empty_status_items(parser_friendly, &esi);
+			ret = send_sb(&cc->scc, esi, ret, SBD_OUTPUT, false);
 			if (ret < 0)
 				goto out;
 		} else
@@ -513,29 +536,29 @@ int com_stat(struct command_context *cc)
 		if (num > 0 && !--num)
 			goto out;
 		sleep(50);
+		ret = -E_SERVER_CRASH;
 		if (getppid() == 1)
-			return -E_SERVER_CRASH;
+			goto out;
 	}
 out:
 	return ret;
 }
 
-static int send_list_of_commands(struct stream_cipher_context *scc, struct server_command *cmd,
+static int send_list_of_commands(struct command_context *cc, struct server_command *cmd,
 		const char *handler)
 {
-	int ret, i;
+	char *msg = NULL;
 
-	for (i = 1; cmd->name; cmd++, i++) {
-		char *perms = cmd_perms_itohuman(cmd->perms);
-		ret = sc_send_va_buffer(scc, "%s\t%s\t%s\t%s\n", cmd->name,
-			handler,
-			perms,
-			cmd->description);
+	for (; cmd->name; cmd++) {
+		char *tmp, *perms = cmd_perms_itohuman(cmd->perms);
+		tmp = make_message("%s\t%s\t%s\t%s\n", cmd->name, handler,
+			perms, cmd->description);
 		free(perms);
-		if (ret < 0)
-			return ret;
+		msg = para_strcat(msg, tmp);
+		free(tmp);
 	}
-	return 1;
+	assert(msg);
+	return send_sb(&cc->scc, msg, strlen(msg), SBD_OUTPUT, false);
 }
 
 /* returns string that must be freed by the caller */
@@ -560,25 +583,24 @@ static struct server_command *get_cmd_ptr(const char *name, char **handler)
 }
 
 /* help */
-int com_help(struct command_context *cc)
+static int com_help(struct command_context *cc)
 {
 	struct server_command *cmd;
-	char *perms, *handler;
+	char *perms, *handler, *buf;
 	int ret;
 
 	if (cc->argc < 2) {
 		/* no argument given, print list of commands */
-		if ((ret = send_list_of_commands(&cc->scc, server_cmds, "server")) < 0)
+		if ((ret = send_list_of_commands(cc, server_cmds, "server")) < 0)
 			return ret;
-		return send_list_of_commands(&cc->scc, afs_cmds, "afs");
+		return send_list_of_commands(cc, afs_cmds, "afs");
 	}
 	/* argument given for help */
 	cmd = get_cmd_ptr(cc->argv[1], &handler);
 	if (!cmd)
 		return -E_BAD_CMD;
 	perms = cmd_perms_itohuman(cmd->perms);
-	ret = sc_send_va_buffer(&cc->scc,
-		"%s - %s\n\n"
+	ret = xasprintf(&buf, "%s - %s\n\n"
 		"handler: %s\n"
 		"permissions: %s\n"
 		"usage: %s\n\n"
@@ -592,11 +614,11 @@ int com_help(struct command_context *cc)
 	);
 	free(perms);
 	free(handler);
-	return ret;
+	return send_sb(&cc->scc, buf, ret, SBD_OUTPUT, false);
 }
 
 /* hup */
-int com_hup(struct command_context *cc)
+static int com_hup(struct command_context *cc)
 {
 	if (cc->argc != 1)
 		return -E_COMMAND_SYNTAX;
@@ -605,7 +627,7 @@ int com_hup(struct command_context *cc)
 }
 
 /* term */
-int com_term(struct command_context *cc)
+static int com_term(struct command_context *cc)
 {
 	if (cc->argc != 1)
 		return -E_COMMAND_SYNTAX;
@@ -613,7 +635,7 @@ int com_term(struct command_context *cc)
 	return 1;
 }
 
-int com_play(struct command_context *cc)
+static int com_play(struct command_context *cc)
 {
 	if (cc->argc != 1)
 		return -E_COMMAND_SYNTAX;
@@ -625,7 +647,7 @@ int com_play(struct command_context *cc)
 }
 
 /* stop */
-int com_stop(struct command_context *cc)
+static int com_stop(struct command_context *cc)
 {
 	if (cc->argc != 1)
 		return -E_COMMAND_SYNTAX;
@@ -638,7 +660,7 @@ int com_stop(struct command_context *cc)
 }
 
 /* pause */
-int com_pause(struct command_context *cc)
+static int com_pause(struct command_context *cc)
 {
 	if (cc->argc != 1)
 		return -E_COMMAND_SYNTAX;
@@ -653,7 +675,7 @@ int com_pause(struct command_context *cc)
 }
 
 /* next */
-int com_next(struct command_context *cc)
+static int com_next(struct command_context *cc)
 {
 	if (cc->argc != 1)
 		return -E_COMMAND_SYNTAX;
@@ -665,7 +687,7 @@ int com_next(struct command_context *cc)
 }
 
 /* nomore */
-int com_nomore(struct command_context *cc)
+static int com_nomore(struct command_context *cc)
 {
 	if (cc->argc != 1)
 		return -E_COMMAND_SYNTAX;
@@ -677,7 +699,7 @@ int com_nomore(struct command_context *cc)
 }
 
 /* ff */
-int com_ff(struct command_context *cc)
+static int com_ff(struct command_context *cc)
 {
 	long promille;
 	int ret, backwards = 0;
@@ -716,7 +738,7 @@ out:
 }
 
 /* jmp */
-int com_jmp(struct command_context *cc)
+static int com_jmp(struct command_context *cc)
 {
 	long unsigned int i;
 	int ret;
@@ -754,58 +776,6 @@ static int check_perms(unsigned int perms, struct server_command *cmd_ptr)
 	return (cmd_ptr->perms & perms) < cmd_ptr->perms ? -E_PERM : 0;
 }
 
-/*
- * Parse first string from *cmd and lookup in table of valid commands.
- * On error, NULL is returned.
- */
-static struct server_command *parse_cmd(const char *cmdstr)
-{
-	char buf[255];
-	int n = 0;
-
-	sscanf(cmdstr, "%200s%n", buf, &n);
-	if (!n)
-		return NULL;
-	buf[n] = '\0';
-	return get_cmd_ptr(buf, NULL);
-}
-
-static int read_command(struct stream_cipher_context *scc, char **result)
-{
-	int ret;
-	char buf[4096];
-	char *command = NULL;
-
-	for (;;) {
-		size_t numbytes;
-		char *p;
-
-		ret = sc_recv_buffer(scc, buf, sizeof(buf));
-		if (ret < 0)
-			goto out;
-		if (!ret)
-			break;
-		numbytes = ret;
-		ret = -E_COMMAND_SYNTAX;
-		if (command && numbytes + strlen(command) > MAX_COMMAND_LEN) /* DOS */
-			goto out;
-		command = para_strcat(command, buf);
-		p = strstr(command, EOC_MSG);
-		if (p) {
-			*p = '\0';
-			break;
-		}
-	}
-	ret = command? 1 : -E_COMMAND_SYNTAX;
-out:
-	if (ret < 0)
-		free(command);
-	else
-		*result = command;
-	return ret;
-
-}
-
 static void reset_signals(void)
 {
 	para_sigaction(SIGCHLD, SIG_IGN);
@@ -814,15 +784,20 @@ static void reset_signals(void)
 	para_sigaction(SIGHUP, SIG_DFL);
 }
 
+struct connection_features {
+	bool sideband_requested;
+	bool aes_ctr128_requested;
+};
+
 static int parse_auth_request(char *buf, int len, struct user **u,
-		bool *use_sideband)
+		struct connection_features *cf)
 {
 	int ret;
 	char *p, *username, **features = NULL;
 	size_t auth_rq_len = strlen(AUTH_REQUEST_MSG);
 
 	*u = NULL;
-	*use_sideband = false;
+	memset(cf, 0, sizeof(*cf));
 	if (len < auth_rq_len + 2)
 		return -E_AUTH_REQUEST;
 	if (strncmp(buf, AUTH_REQUEST_MSG, auth_rq_len) != 0)
@@ -838,15 +813,16 @@ static int parse_auth_request(char *buf, int len, struct user **u,
 		create_argv(p, ",", &features);
 		for (i = 0; features[i]; i++) {
 			if (strcmp(features[i], "sideband") == 0)
-				*use_sideband = true;
+				cf->sideband_requested = true;
+			else if (strcmp(features[i], "aes_ctr128") == 0)
+				cf->aes_ctr128_requested = true;
 			else {
 				ret = -E_BAD_FEATURE;
 				goto out;
 			}
 		}
 	}
-	PARA_DEBUG_LOG("received auth request for user %s (sideband = %s)\n",
-		username, *use_sideband? "true" : "false");
+	PARA_DEBUG_LOG("received auth request for user %s\n", username);
 	*u = lookup_user(username);
 	ret = 1;
 out:
@@ -856,6 +832,38 @@ out:
 
 #define HANDSHAKE_BUFSIZE 4096
 
+static int parse_sb_command(struct command_context *cc, struct iovec *iov)
+{
+	int ret, i;
+	char *p, *end;
+
+	ret = -E_BAD_CMD;
+	if (iov->iov_base == NULL || iov->iov_len == 0)
+		goto out;
+	p = iov->iov_base;
+	p[iov->iov_len - 1] = '\0'; /* just to be sure */
+	cc->cmd = get_cmd_ptr(p, NULL);
+	if (!cc->cmd)
+		goto out;
+	ret = check_perms(cc->u->perms, cc->cmd);
+	if (ret < 0)
+		goto out;
+	end = iov->iov_base + iov->iov_len;
+	for (i = 0; p < end; i++)
+		p += strlen(p) + 1;
+	cc->argc = i;
+	cc->argv = para_malloc((cc->argc + 1) * sizeof(char *));
+	for (i = 0, p = iov->iov_base; p < end; i++) {
+		cc->argv[i] = para_strdup(p);
+		p += strlen(p) + 1;
+	}
+	cc->argv[cc->argc] = NULL;
+	ret = cc->argc;
+out:
+	free(iov->iov_base);
+	return ret;
+}
+
 /**
  * Perform user authentication and execute a command.
  *
@@ -888,9 +896,11 @@ __noreturn void handle_connect(int fd, const char *peername)
 	int ret;
 	unsigned char rand_buf[CHALLENGE_SIZE + 2 * SESSION_KEY_LEN];
 	unsigned char challenge_hash[HASH_SIZE];
-	char *p, *command = NULL, *buf = para_malloc(HANDSHAKE_BUFSIZE) /* must be on the heap */;
+	char *command = NULL, *buf = para_malloc(HANDSHAKE_BUFSIZE) /* must be on the heap */;
 	size_t numbytes;
 	struct command_context cc_struct = {.peer = peername}, *cc = &cc_struct;
+	struct iovec iov;
+	struct connection_features cf;
 
 	cc->scc.fd = fd;
 	reset_signals();
@@ -901,7 +911,7 @@ __noreturn void handle_connect(int fd, const char *peername)
 	/* send Welcome message */
 	ret = write_va_buffer(fd, "This is para_server, version "
 		PACKAGE_VERSION  ".\n"
-		"Features: sideband,foo\n"
+		"Features: sideband,aes_ctr128\n"
 	);
 	if (ret < 0)
 		goto net_err;
@@ -909,12 +919,14 @@ __noreturn void handle_connect(int fd, const char *peername)
 	ret = recv_buffer(fd, buf, HANDSHAKE_BUFSIZE);
 	if (ret < 0)
 		goto net_err;
-	ret = parse_auth_request(buf, ret, &cc->u, &cc->use_sideband);
+	ret = parse_auth_request(buf, ret, &cc->u, &cf);
 	if (ret < 0)
 		goto net_err;
-	p = buf + strlen(AUTH_REQUEST_MSG);
-	PARA_DEBUG_LOG("received auth request for user %s\n", p);
-	cc->u = lookup_user(p);
+	if (!cf.sideband_requested) { /* sideband is mandatory */
+		PARA_ERROR_LOG("client did not request sideband\n");
+		ret = -E_BAD_FEATURE;
+		goto net_err;
+	}
 	if (cc->u) {
 		get_random_bytes_or_die(rand_buf, sizeof(rand_buf));
 		ret = pub_encrypt(cc->u->pubkey, rand_buf, sizeof(rand_buf),
@@ -931,25 +943,19 @@ __noreturn void handle_connect(int fd, const char *peername)
 		numbytes = 256;
 		get_random_bytes_or_die((unsigned char *)buf, numbytes);
 	}
-	PARA_DEBUG_LOG("sending %u byte challenge + rc4 keys (%zu bytes)\n",
+	PARA_DEBUG_LOG("sending %u byte challenge + session key (%zu bytes)\n",
 		CHALLENGE_SIZE, numbytes);
-	if (cc->use_sideband) {
-		ret = send_sb(&cc->scc, buf, numbytes, SBD_CHALLENGE, false);
-		buf = NULL;
-		if (ret < 0)
-			goto net_err;
-		buf = para_malloc(HANDSHAKE_BUFSIZE);
-	} else {
-		ret = write_all(fd, buf, numbytes);
-		if (ret < 0)
-			goto net_err;
-	}
-	/* recv challenge response */
-	ret = recv_bin_buffer(fd, buf, HASH_SIZE);
+	ret = send_sb(&cc->scc, buf, numbytes, SBD_CHALLENGE, false);
+	buf = NULL;
 	if (ret < 0)
 		goto net_err;
-	numbytes = ret;
-	PARA_DEBUG_LOG("received %d bytes challenge response\n", ret);
+	ret = recv_sb(&cc->scc, SBD_CHALLENGE_RESPONSE,
+		HANDSHAKE_BUFSIZE, &iov);
+	if (ret < 0)
+		goto net_err;
+	buf = iov.iov_base;
+	numbytes = iov.iov_len;
+	PARA_DEBUG_LOG("received %zu bytes challenge response\n", numbytes);
 	ret = -E_BAD_USER;
 	if (!cc->u)
 		goto net_err;
@@ -967,26 +973,17 @@ __noreturn void handle_connect(int fd, const char *peername)
 	alarm(0);
 	PARA_INFO_LOG("good auth for %s\n", cc->u->name);
 	/* init stream cipher keys with the second part of the random buffer */
-	cc->scc.recv = sc_new(rand_buf + CHALLENGE_SIZE, SESSION_KEY_LEN);
-	cc->scc.send = sc_new(rand_buf + CHALLENGE_SIZE + SESSION_KEY_LEN, SESSION_KEY_LEN);
-	ret = sc_send_buffer(&cc->scc, PROCEED_MSG);
+	cc->scc.recv = sc_new(rand_buf + CHALLENGE_SIZE, SESSION_KEY_LEN,
+		cf.aes_ctr128_requested);
+	cc->scc.send = sc_new(rand_buf + CHALLENGE_SIZE + SESSION_KEY_LEN,
+		SESSION_KEY_LEN, cf.aes_ctr128_requested);
+	ret = send_sb(&cc->scc, NULL, 0, SBD_PROCEED, false);
 	if (ret < 0)
 		goto net_err;
-	ret = read_command(&cc->scc, &command);
-	if (ret == -E_COMMAND_SYNTAX)
-		goto err_out;
+	ret = recv_sb(&cc->scc, SBD_COMMAND, MAX_COMMAND_LEN, &iov);
 	if (ret < 0)
 		goto net_err;
-	ret = -E_BAD_CMD;
-	cc->cmd = parse_cmd(command);
-	if (!cc->cmd)
-		goto err_out;
-	/* valid command, check permissions */
-	ret = check_perms(cc->u->perms, cc->cmd);
-	if (ret < 0)
-		goto err_out;
-	/* valid command and sufficient perms */
-	ret = create_argv(command, "\n", &cc->argv);
+	ret = parse_sb_command(cc, &iov);
 	if (ret < 0)
 		goto err_out;
 	cc->argc = ret;
@@ -1000,18 +997,24 @@ __noreturn void handle_connect(int fd, const char *peername)
 	if (ret >= 0)
 		goto out;
 err_out:
-	sc_send_va_buffer(&cc->scc, "%s\n", para_strerror(-ret));
+	if (send_strerror(cc, -ret) >= 0)
+		send_sb(&cc->scc, NULL, 0, SBD_EXIT__FAILURE, true);
 net_err:
 	PARA_NOTICE_LOG("%s\n", para_strerror(-ret));
 out:
 	free(buf);
 	free(command);
-	sc_free(cc->scc.recv);
-	sc_free(cc->scc.send);
 	mutex_lock(mmd_mutex);
 	if (cc->cmd && (cc->cmd->perms & AFS_WRITE) && ret >= 0)
 		mmd->events++;
 	mmd->active_connections--;
 	mutex_unlock(mmd_mutex);
+	if (ret >= 0) {
+		ret = send_sb(&cc->scc, NULL, 0, SBD_EXIT__SUCCESS, true);
+		if (ret < 0)
+			PARA_NOTICE_LOG("%s\n", para_strerror(-ret));
+	}
+	sc_free(cc->scc.recv);
+	sc_free(cc->scc.send);
 	exit(ret < 0? EXIT_FAILURE : EXIT_SUCCESS);
 }