X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=blobdiff_plain;f=command.c;h=5b17f116d53c93956faf60f88d903b233b7e9b69;hp=69564336c6f8228a072f699ad83dbbe19d154338;hb=HEAD;hpb=66b97974ebba5c6ea967b713f84f62a1b72da8d2 diff --git a/command.c b/command.c index 69564336..60c2aeba 100644 --- a/command.c +++ b/command.c @@ -1,8 +1,4 @@ -/* - * Copyright (C) 1997 Andre Noll - * - * Licensed under the GPL v2. For licencing details see COPYING. - */ +/* Copyright (C) 1997 Andre Noll , see file COPYING. */ /** \file command.c Client authentication and server commands. */ @@ -10,28 +6,24 @@ #include #include #include -#include -#include #include -#include #include #include -#include "server.lsg.h" #include "para.h" #include "error.h" +#include "lsu.h" #include "crypt.h" #include "sideband.h" #include "command.h" #include "string.h" #include "afh.h" -#include "afs.h" +#include "net.h" #include "server.h" #include "list.h" -#include "send.h" #include "sched.h" +#include "send.h" #include "vss.h" -#include "net.h" #include "daemon.h" #include "fd.h" #include "ipc.h" @@ -52,11 +44,17 @@ static const char * const server_command_perms_txt[] = {LSG_SERVER_CMD_AUX_INFOS extern int mmd_mutex; extern struct misc_meta_data *mmd; -extern struct sender senders[]; int send_afs_status(struct command_context *cc, int parser_friendly); +static bool subcmd_should_die; -static void dummy(__a_unused int s) +/* + * Don't call PARA_XXX_LOG() here as we might already hold the log mutex. See + * generic_signal_handler() for details. + */ +static void command_handler_sighandler(int s) { + if (s == SIGTERM) + subcmd_should_die = true; } /* @@ -82,7 +80,7 @@ static char *vss_status_tohuman(unsigned int flags) */ static char *vss_get_status_flags(unsigned int flags) { - char *msg = para_malloc(5 * sizeof(char)); + char *msg = alloc(5 * sizeof(char)); msg[0] = (flags & VSS_PLAYING)? 'P' : '_'; msg[1] = (flags & VSS_NOMORE)? 'O' : '_'; @@ -239,10 +237,10 @@ static int check_sender_args(struct command_context *cc, return ret; } arg = lls_input(0, lpr); - for (i = 0; senders[i].name; i++) - if (!strcmp(senders[i].name, arg)) + FOR_EACH_SENDER(i) + if (strcmp(senders[i]->name, arg) == 0) break; - if (!senders[i].name) + if (!senders[i]) return -E_COMMAND_SYNTAX; scd->sender_num = i; arg = lls_input(1, lpr); @@ -252,7 +250,7 @@ static int check_sender_args(struct command_context *cc, if (i == NUM_SENDER_CMDS) return -E_COMMAND_SYNTAX; scd->cmd_num = i; - if (!senders[scd->sender_num].client_cmds[scd->cmd_num]) + if (!senders[scd->sender_num]->client_cmds[scd->cmd_num]) return -E_SENDER_CMD; switch (scd->cmd_num) { case SENDER_on: @@ -278,7 +276,7 @@ static int check_sender_args(struct command_context *cc, } /** - * Send a sideband packet through a blocking file descriptor. + * Receive a sideband packet from a blocking file descriptor. * * \param scc fd and crypto keys. * \param expected_band The expected band designator. @@ -334,10 +332,10 @@ static int com_sender(struct command_context *cc, struct lls_parse_result *lpr) struct sender_command_data scd; if (lls_num_inputs(lpr) == 0) { - for (i = 0; senders[i].name; i++) { + FOR_EACH_SENDER(i) { char *tmp; ret = xasprintf(&tmp, "%s%s\n", msg? msg : "", - senders[i].name); + senders[i]->name); free(msg); msg = tmp; } @@ -348,17 +346,17 @@ static int com_sender(struct command_context *cc, struct lls_parse_result *lpr) if (scd.sender_num < 0) return ret; if (strcmp(lls_input(1, lpr), "status") == 0) - msg = senders[scd.sender_num].status(); + msg = senders[scd.sender_num]->status(); else - msg = senders[scd.sender_num].help(); + msg = senders[scd.sender_num]->help(); return send_sb(&cc->scc, msg, strlen(msg), SBD_OUTPUT, false); } switch (scd.cmd_num) { case SENDER_add: case SENDER_delete: - assert(senders[scd.sender_num].resolve_target); - ret = senders[scd.sender_num].resolve_target(lls_input(2, lpr), + assert(senders[scd.sender_num]->resolve_target); + ret = senders[scd.sender_num]->resolve_target(lls_input(2, lpr), &scd); if (ret < 0) return ret; @@ -394,15 +392,13 @@ static int com_si(struct command_context *cc, "server_pid: %d\n" "afs_pid: %d\n" "connections (active/accepted/total): %u/%u/%u\n" - "current loglevel: %s\n" "supported audio formats: %s\n", ut, mmd->num_played, (int)getppid(), - (int)mmd->afs_pid, + (int)afs_pid, mmd->active_connections, mmd->num_commands, mmd->num_connects, - ENUM_STRING_VAL(LOGLEVEL), AUDIO_FORMAT_HANDLERS ); mutex_unlock(mmd_mutex); @@ -456,6 +452,7 @@ EXPORT_SERVER_CMD_HANDLER(version); ITEM(chunk_time) \ ITEM(num_chunks) \ ITEM(amplification) \ + ITEM(play_time) \ /* * Create a set of audio-file related status items with empty values. These are @@ -497,9 +494,22 @@ static int com_stat(struct command_context *cc, struct lls_parse_result *lpr) bool parser_friendly = SERVER_CMD_OPT_GIVEN(STAT, PARSER_FRIENDLY, lpr) > 0; uint32_t num = SERVER_CMD_UINT32_VAL(STAT, NUM, lpr); + const struct timespec ts = {.tv_sec = 50, .tv_nsec = 0}; - para_sigaction(SIGUSR1, dummy); + para_sigaction(SIGINT, SIG_IGN); + para_sigaction(SIGUSR1, command_handler_sighandler); + para_sigaction(SIGTERM, command_handler_sighandler); + /* + * Simply checking subcmd_should_die is racy because a signal may + * arrive after the check but before the subsequent call to sleep(3). + * If this happens, sleep(3) would not be interrupted by the signal. + * To avoid this we block SIGTERM here and allow it to arrive only + * while we sleep. + */ + para_block_signal(SIGTERM); + para_block_signal(SIGUSR1); for (;;) { + sigset_t set; /* * Copy the mmd structure to minimize the time we hold the mmd * lock. @@ -522,7 +532,17 @@ static int com_stat(struct command_context *cc, struct lls_parse_result *lpr) ret = 1; if (num > 0 && !--num) goto out; - sleep(50); + sigemptyset(&set); /* empty set means: unblock all signals */ + /* + * pselect(2) allows to atomically unblock signals, then go to + * sleep. Calling sigprocmask(2) followed by sleep(3) would + * open a race window similar to the one described above. + */ + pselect(1, NULL, NULL, NULL, &ts, &set); + if (subcmd_should_die) { + PARA_EMERG_LOG("terminating on SIGTERM\n"); + goto out; + } ret = -E_SERVER_CRASH; if (getppid() == 1) goto out; @@ -532,63 +552,35 @@ out: } EXPORT_SERVER_CMD_HANDLER(stat); -/* fixed-length, human readable permission string */ -const char *server_cmd_perms_str(unsigned int perms) +static const char *aux_info_cb(unsigned cmd_num, bool verbose) { - static char result[5]; + static char result[80]; + unsigned perms = server_command_perms[cmd_num]; - result[0] = perms & AFS_READ? 'a' : '-'; - result[1] = perms & AFS_WRITE? 'A' : '-'; - result[2] = perms & VSS_READ? 'v' : '-'; - result[3] = perms & VSS_WRITE? 'V' : '-'; - result[4] = '\0'; - return result; -} - -static int send_list_of_commands(struct command_context *cc) -{ - int i; - const struct lls_command *cmd; - char *msg = para_strdup(""); - - for (i = 1; (cmd = lls_cmd(i, server_cmd_suite)); i++) { - const char *perms = server_cmd_perms_str(server_command_perms[i]); - char *tmp = make_message("%s%s\t%s\t%s\n", msg, - lls_command_name(cmd), perms, lls_purpose(cmd)); - free(msg); - msg = tmp; + if (verbose) { + /* permissions: VSS_READ | VSS_WRITE */ + sprintf(result, "permissions: %s", + server_command_perms_txt[cmd_num]); + } else { + result[0] = perms & AFS_READ? 'a' : '-'; + result[1] = perms & AFS_WRITE? 'A' : '-'; + result[2] = perms & VSS_READ? 'v' : '-'; + result[3] = perms & VSS_WRITE? 'V' : '-'; + result[4] = '\0'; } - return send_sb(&cc->scc, msg, strlen(msg), SBD_OUTPUT, false); + return result; } static int com_help(struct command_context *cc, struct lls_parse_result *lpr) { - const char *perms; - char *long_help, *buf, *errctx; + char *buf; int ret; - const struct lls_command *cmd; + unsigned n; + bool long_help = SERVER_CMD_OPT_GIVEN(HELP, LONG, lpr); - ret = lls(lls_check_arg_count(lpr, 0, 1, &errctx)); - if (ret < 0) { - send_errctx(cc, errctx); - return ret; - } - if (lls_num_inputs(lpr) == 0) - return send_list_of_commands(cc); - /* argument given for help */ - ret = lls(lls_lookup_subcmd(lls_input(0, lpr), server_cmd_suite, - &errctx)); - if (ret < 0) { - send_errctx(cc, errctx); - return ret; - } - cmd = lls_cmd(ret, server_cmd_suite); - perms = server_command_perms_txt[ret]; - long_help = lls_long_help(cmd); - assert(long_help); - ret = xasprintf(&buf, "%spermissions: %s\n", long_help, perms); - free(long_help); - return send_sb(&cc->scc, buf, ret, SBD_OUTPUT, false); + lsu_com_help(long_help, lpr, server_cmd_suite, aux_info_cb, &buf, &n); + ret = send_sb(&cc->scc, buf, n, SBD_OUTPUT, false); + return ret; } EXPORT_SERVER_CMD_HANDLER(help); @@ -600,9 +592,56 @@ static int com_hup(__a_unused struct command_context *cc, } EXPORT_SERVER_CMD_HANDLER(hup); +static int com_ll(struct command_context *cc, struct lls_parse_result *lpr) +{ + unsigned ll, perms; + char *errctx; + const char *sev[] = {SEVERITIES}, *arg; + int ret = lls(lls_check_arg_count(lpr, 0, 1, &errctx)); + + if (ret < 0) { + send_errctx(cc, errctx); + return ret; + } + if (lls_num_inputs(lpr) == 0) { /* reporting is an unprivileged op. */ + const char *severity; + mutex_lock(mmd_mutex); + severity = sev[mmd->loglevel]; + mutex_unlock(mmd_mutex); + return send_sb_va(&cc->scc, SBD_OUTPUT, "%s\n", severity); + } + /* + * Changing the loglevel changes the state of both the afs and the vss, + * so we require both AFS_WRITE and VSS_WRITE. + */ + perms = AFS_WRITE | VSS_WRITE; + if ((cc->u->perms & perms) != perms) + return -ERRNO_TO_PARA_ERROR(EPERM); + arg = lls_input(0, lpr); + for (ll = 0; ll < NUM_LOGLEVELS; ll++) + if (!strcmp(arg, sev[ll])) + break; + if (ll >= NUM_LOGLEVELS) + return -ERRNO_TO_PARA_ERROR(EINVAL); + PARA_INFO_LOG("new log level: %s\n", sev[ll]); + /* Ask the server and afs processes to adjust their log level. */ + mutex_lock(mmd_mutex); + mmd->loglevel = ll; + mutex_unlock(mmd_mutex); + return 1; +} +EXPORT_SERVER_CMD_HANDLER(ll); + static int com_term(__a_unused struct command_context *cc, __a_unused struct lls_parse_result *lpr) { + /* + * The server catches SIGTERM and propagates this signal to all its + * children. We are about to exit anyway, but we'd leak tons of memory + * if being terminated by the signal. So we ignore the signal here and + * terminate via the normal exit path, deallocating all memory. + */ + para_sigaction(SIGTERM, SIG_IGN); kill(getppid(), SIGTERM); return 1; } @@ -667,32 +706,31 @@ static int com_nomore(__a_unused struct command_context *cc, } EXPORT_SERVER_CMD_HANDLER(nomore); -static int com_ff(__a_unused struct command_context *cc, - struct lls_parse_result *lpr) +static int com_ff(struct command_context *cc, struct lls_parse_result *lpr) { long promille; - int ret, backwards = 0; - unsigned i; - char c, *errctx; + int i, ret; + char *errctx; ret = lls(lls_check_arg_count(lpr, 1, 1, &errctx)); if (ret < 0) { send_errctx(cc, errctx); return ret; } - if (!(ret = sscanf(lls_input(0, lpr), "%u%c", &i, &c))) - return -E_COMMAND_SYNTAX; - if (ret > 1 && c == '-') - backwards = 1; /* jmp backwards */ + ret = para_atoi32(lls_input(0, lpr), &i); + if (ret < 0) + return ret; mutex_lock(mmd_mutex); ret = -E_NO_AUDIO_FILE; if (!mmd->afd.afhi.chunks_total || !mmd->afd.afhi.seconds_total) goto out; + ret = 1; promille = (1000 * mmd->current_chunk) / mmd->afd.afhi.chunks_total; - if (backwards) - promille -= 1000 * i / mmd->afd.afhi.seconds_total; - else - promille += 1000 * i / mmd->afd.afhi.seconds_total; + /* + * We need this cast because without it the expression on the right + * hand side is of unsigned type. + */ + promille += 1000 * i / (int)mmd->afd.afhi.seconds_total; if (promille < 0) promille = 0; if (promille > 1000) { @@ -703,18 +741,15 @@ static int com_ff(__a_unused struct command_context *cc, mmd->new_vss_status_flags |= VSS_REPOS; mmd->new_vss_status_flags &= ~VSS_NEXT; mmd->events++; - ret = 1; out: mutex_unlock(mmd_mutex); return ret; } EXPORT_SERVER_CMD_HANDLER(ff); -static int com_jmp(__a_unused struct command_context *cc, - struct lls_parse_result *lpr) +static int com_jmp(struct command_context *cc, struct lls_parse_result *lpr) { - long unsigned int i; - int ret; + int i, ret; char *errctx; ret = lls(lls_check_arg_count(lpr, 1, 1, &errctx)); @@ -722,18 +757,16 @@ static int com_jmp(__a_unused struct command_context *cc, send_errctx(cc, errctx); return ret; } - if (sscanf(lls_input(0, lpr), "%lu", &i) <= 0) + if (sscanf(lls_input(0, lpr), "%d", &i) <= 0) + return -ERRNO_TO_PARA_ERROR(EINVAL); + if (i < 0 || i > 100) return -ERRNO_TO_PARA_ERROR(EINVAL); mutex_lock(mmd_mutex); ret = -E_NO_AUDIO_FILE; if (!mmd->afd.afhi.chunks_total) goto out; - if (i > 100) - i = 100; - PARA_INFO_LOG("jumping to %lu%%\n", i); + PARA_INFO_LOG("jumping to %d%%\n", i); mmd->repos_request = (mmd->afd.afhi.chunks_total * i + 50) / 100; - PARA_INFO_LOG("sent: %lu, offset before jmp: %li\n", - mmd->chunks_sent, mmd->offset); mmd->new_vss_status_flags |= VSS_REPOS; mmd->new_vss_status_flags &= ~VSS_NEXT; ret = 1; @@ -744,15 +777,6 @@ out: } EXPORT_SERVER_CMD_HANDLER(jmp); -static int com_tasks(struct command_context *cc, - __a_unused struct lls_parse_result *lpr) -{ - char *tl = server_get_tasks(); - assert(tl); - return send_sb(&cc->scc, tl, strlen(tl), SBD_OUTPUT, false); -} -EXPORT_SERVER_CMD_HANDLER(tasks); - static void reset_signals(void) { para_sigaction(SIGCHLD, SIG_IGN); @@ -762,10 +786,10 @@ static void reset_signals(void) } struct connection_features { - int dummy; /* none at the moment */ + bool sha256_requested; /* can be removed after 0.7.0 */ }; -static int parse_auth_request(char *buf, int len, struct user **u, +static int parse_auth_request(char *buf, int len, const struct user **u, struct connection_features *cf) { int ret; @@ -788,10 +812,13 @@ static int parse_auth_request(char *buf, int len, struct user **u, p++; create_argv(p, ",", &features); for (i = 0; features[i]; i++) { - if (strcmp(features[i], "sideband") == 0) - continue; - if (strcmp(features[i], "aes_ctr128") == 0) - continue; + /* + * ->sha256_requested can go away after 0.7.0 so that + * sha256 is used unconditionally, but we need to + * accept the feature request until 0.9.0. + */ + if (strcmp(features[i], "sha256") == 0) + cf->sha256_requested = true; else { ret = -E_BAD_FEATURE; goto out; @@ -799,7 +826,7 @@ static int parse_auth_request(char *buf, int len, struct user **u, } } PARA_DEBUG_LOG("received auth request for user %s\n", username); - *u = lookup_user(username); + *u = user_list_lookup(username); ret = 1; out: free_argv(features); @@ -808,8 +835,7 @@ out: #define HANDSHAKE_BUFSIZE 4096 -static int run_command(struct command_context *cc, struct iovec *iov, - const char *peername) +static int run_command(struct command_context *cc, struct iovec *iov) { int ret, i, argc; char *p, *end, **argv; @@ -830,20 +856,20 @@ static int run_command(struct command_context *cc, struct iovec *iov, } perms = server_command_perms[ret]; if ((perms & cc->u->perms) != perms) - return -E_PERM; + return -ERRNO_TO_PARA_ERROR(EPERM); lcmd = lls_cmd(ret, server_cmd_suite); end = iov->iov_base + iov->iov_len; for (i = 0; p < end; i++) p += strlen(p) + 1; argc = i; - argv = para_malloc((argc + 1) * sizeof(char *)); + argv = arr_alloc(argc + 1, sizeof(char *)); for (i = 0, p = iov->iov_base; p < end; i++) { argv[i] = para_strdup(p); p += strlen(p) + 1; } argv[argc] = NULL; - PARA_NOTICE_LOG("calling com_%s() for %s@%s\n", lls_command_name(lcmd), - cc->u->name, peername); + PARA_NOTICE_LOG("calling com_%s() for user %s\n", + lls_command_name(lcmd), cc->u->name); ret = lls(lls_parse(argc, argv, lcmd, &lpr, &errctx)); if (ret >= 0) { const struct server_cmd_user_data *ud = lls_user_data(lcmd); @@ -864,33 +890,34 @@ static int run_command(struct command_context *cc, struct iovec *iov, * Perform user authentication and execute a command. * * \param fd The file descriptor to send output to. - * \param peername Identifies the connecting peer. * * Whenever para_server accepts an incoming tcp connection on the port it * listens on, it forks and the resulting child calls this function. * - * An RSA-based challenge/response is used to authenticate the peer. It that + * An RSA-based challenge/response is used to authenticate the peer. If the * authentication succeeds, a random session key is generated and sent back to * the peer, encrypted with its RSA public key. From this point on, all - * transfers are crypted with this session key. + * transfers are encrypted with this session key using a stream cipher. * * Next it is checked if the peer supplied a valid server command or a command * for the audio file selector. If yes, and if the user has sufficient - * permissions to execute that command, the function calls the corresponding - * command handler which does argument checking and further processing. + * permissions to execute this command, the function calls the corresponding + * command handler which performs argument checking and further processing. * - * In order to cope with a DOS attacks, a timeout is set up which terminates - * the function if the connection was not authenticated when the timeout - * expires. + * To cope with DOS attacks, a timer is set up right after the fork. If the + * connection was still not authenticated when the timeout expires, the child + * process is terminated. * - * \sa alarm(2), \ref crypt.c, \ref crypt.h. + * \return Standard. + * + * \sa alarm(2), \ref openssl.c, \ref crypt.h. */ -__noreturn void handle_connect(int fd, const char *peername) +int handle_connect(int fd) { int ret; - unsigned char rand_buf[CHALLENGE_SIZE + 2 * SESSION_KEY_LEN]; - unsigned char challenge_hash[HASH_SIZE]; - char *command = NULL, *buf = para_malloc(HANDSHAKE_BUFSIZE) /* must be on the heap */; + unsigned char rand_buf[APC_CHALLENGE_SIZE + 2 * SESSION_KEY_LEN]; + unsigned char challenge_hash[HASH2_SIZE]; + char *command = NULL, *buf = alloc(HANDSHAKE_BUFSIZE) /* must be on the heap */; size_t numbytes; struct command_context cc_struct = {.u = NULL}, *cc = &cc_struct; struct iovec iov; @@ -905,7 +932,7 @@ __noreturn void handle_connect(int fd, const char *peername) /* send Welcome message */ ret = write_va_buffer(fd, "This is para_server, version " PACKAGE_VERSION ".\n" - "Features: sideband,aes_ctr128\n" + "Features: sha256\n" /* no longer announce this after 0.8.0 */ ); if (ret < 0) goto net_err; @@ -918,7 +945,7 @@ __noreturn void handle_connect(int fd, const char *peername) goto net_err; if (cc->u) { get_random_bytes_or_die(rand_buf, sizeof(rand_buf)); - ret = pub_encrypt(cc->u->pubkey, rand_buf, sizeof(rand_buf), + ret = apc_pub_encrypt(cc->u->pubkey, rand_buf, sizeof(rand_buf), (unsigned char *)buf); if (ret < 0) goto net_err; @@ -933,7 +960,7 @@ __noreturn void handle_connect(int fd, const char *peername) get_random_bytes_or_die((unsigned char *)buf, numbytes); } PARA_DEBUG_LOG("sending %d byte challenge + session key (%zu bytes)\n", - CHALLENGE_SIZE, numbytes); + APC_CHALLENGE_SIZE, numbytes); ret = send_sb(&cc->scc, buf, numbytes, SBD_CHALLENGE, false); buf = NULL; if (ret < 0) @@ -949,21 +976,29 @@ __noreturn void handle_connect(int fd, const char *peername) if (!cc->u) goto net_err; /* - * The correct response is the hash of the first CHALLENGE_SIZE bytes + * The correct response is the hash of the first APC_CHALLENGE_SIZE bytes * of the random data. */ ret = -E_BAD_AUTH; - if (numbytes != HASH_SIZE) - goto net_err; - hash_function((char *)rand_buf, CHALLENGE_SIZE, challenge_hash); - if (memcmp(challenge_hash, buf, HASH_SIZE)) - goto net_err; + if (cf.sha256_requested) { + if (numbytes != HASH2_SIZE) + goto net_err; + hash2_function((char *)rand_buf, APC_CHALLENGE_SIZE, challenge_hash); + if (memcmp(challenge_hash, buf, HASH2_SIZE)) + goto net_err; + } else { /* old client. This can be removed after 0.7.0 */ + if (numbytes != HASH_SIZE) + goto net_err; + hash_function((char *)rand_buf, APC_CHALLENGE_SIZE, challenge_hash); + if (memcmp(challenge_hash, buf, HASH_SIZE)) + goto net_err; + } /* auth successful */ alarm(0); PARA_INFO_LOG("good auth for %s\n", cc->u->name); /* init stream cipher keys with the second part of the random buffer */ - cc->scc.recv = sc_new(rand_buf + CHALLENGE_SIZE, SESSION_KEY_LEN); - cc->scc.send = sc_new(rand_buf + CHALLENGE_SIZE + SESSION_KEY_LEN, + cc->scc.recv = sc_new(rand_buf + APC_CHALLENGE_SIZE, SESSION_KEY_LEN); + cc->scc.send = sc_new(rand_buf + APC_CHALLENGE_SIZE + SESSION_KEY_LEN, SESSION_KEY_LEN); ret = send_sb(&cc->scc, NULL, 0, SBD_PROCEED, false); if (ret < 0) @@ -971,7 +1006,7 @@ __noreturn void handle_connect(int fd, const char *peername) ret = recv_sb(&cc->scc, SBD_COMMAND, MAX_COMMAND_LEN, &iov); if (ret < 0) goto net_err; - ret = run_command(cc, &iov, peername); + ret = run_command(cc, &iov); free(iov.iov_base); if (ret < 0) goto err_out; @@ -995,5 +1030,5 @@ out: } sc_free(cc->scc.recv); sc_free(cc->scc.send); - exit(ret < 0? EXIT_FAILURE : EXIT_SUCCESS); + return ret; }