X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=blobdiff_plain;f=command.c;h=5b17f116d53c93956faf60f88d903b233b7e9b69;hp=bd3d17c8335bea17bcd95ec909ddeef8cf779d7f;hb=HEAD;hpb=e072e2a4feb9879f66bc4847a5007cec07b5f5f7 diff --git a/command.c b/command.c index bd3d17c8..60c2aeba 100644 --- a/command.c +++ b/command.c @@ -6,14 +6,10 @@ #include #include #include -#include -#include #include -#include #include #include -#include "server.lsg.h" #include "para.h" #include "error.h" #include "lsu.h" @@ -22,12 +18,11 @@ #include "command.h" #include "string.h" #include "afh.h" -#include "afs.h" #include "net.h" #include "server.h" #include "list.h" -#include "send.h" #include "sched.h" +#include "send.h" #include "vss.h" #include "daemon.h" #include "fd.h" @@ -49,11 +44,17 @@ static const char * const server_command_perms_txt[] = {LSG_SERVER_CMD_AUX_INFOS extern int mmd_mutex; extern struct misc_meta_data *mmd; -extern struct sender senders[]; int send_afs_status(struct command_context *cc, int parser_friendly); +static bool subcmd_should_die; -static void dummy(__a_unused int s) +/* + * Don't call PARA_XXX_LOG() here as we might already hold the log mutex. See + * generic_signal_handler() for details. + */ +static void command_handler_sighandler(int s) { + if (s == SIGTERM) + subcmd_should_die = true; } /* @@ -79,7 +80,7 @@ static char *vss_status_tohuman(unsigned int flags) */ static char *vss_get_status_flags(unsigned int flags) { - char *msg = para_malloc(5 * sizeof(char)); + char *msg = alloc(5 * sizeof(char)); msg[0] = (flags & VSS_PLAYING)? 'P' : '_'; msg[1] = (flags & VSS_NOMORE)? 'O' : '_'; @@ -236,10 +237,10 @@ static int check_sender_args(struct command_context *cc, return ret; } arg = lls_input(0, lpr); - for (i = 0; senders[i].name; i++) - if (!strcmp(senders[i].name, arg)) + FOR_EACH_SENDER(i) + if (strcmp(senders[i]->name, arg) == 0) break; - if (!senders[i].name) + if (!senders[i]) return -E_COMMAND_SYNTAX; scd->sender_num = i; arg = lls_input(1, lpr); @@ -249,7 +250,7 @@ static int check_sender_args(struct command_context *cc, if (i == NUM_SENDER_CMDS) return -E_COMMAND_SYNTAX; scd->cmd_num = i; - if (!senders[scd->sender_num].client_cmds[scd->cmd_num]) + if (!senders[scd->sender_num]->client_cmds[scd->cmd_num]) return -E_SENDER_CMD; switch (scd->cmd_num) { case SENDER_on: @@ -275,7 +276,7 @@ static int check_sender_args(struct command_context *cc, } /** - * Send a sideband packet through a blocking file descriptor. + * Receive a sideband packet from a blocking file descriptor. * * \param scc fd and crypto keys. * \param expected_band The expected band designator. @@ -331,10 +332,10 @@ static int com_sender(struct command_context *cc, struct lls_parse_result *lpr) struct sender_command_data scd; if (lls_num_inputs(lpr) == 0) { - for (i = 0; senders[i].name; i++) { + FOR_EACH_SENDER(i) { char *tmp; ret = xasprintf(&tmp, "%s%s\n", msg? msg : "", - senders[i].name); + senders[i]->name); free(msg); msg = tmp; } @@ -345,17 +346,17 @@ static int com_sender(struct command_context *cc, struct lls_parse_result *lpr) if (scd.sender_num < 0) return ret; if (strcmp(lls_input(1, lpr), "status") == 0) - msg = senders[scd.sender_num].status(); + msg = senders[scd.sender_num]->status(); else - msg = senders[scd.sender_num].help(); + msg = senders[scd.sender_num]->help(); return send_sb(&cc->scc, msg, strlen(msg), SBD_OUTPUT, false); } switch (scd.cmd_num) { case SENDER_add: case SENDER_delete: - assert(senders[scd.sender_num].resolve_target); - ret = senders[scd.sender_num].resolve_target(lls_input(2, lpr), + assert(senders[scd.sender_num]->resolve_target); + ret = senders[scd.sender_num]->resolve_target(lls_input(2, lpr), &scd); if (ret < 0) return ret; @@ -391,7 +392,6 @@ static int com_si(struct command_context *cc, "server_pid: %d\n" "afs_pid: %d\n" "connections (active/accepted/total): %u/%u/%u\n" - "current loglevel: %s\n" "supported audio formats: %s\n", ut, mmd->num_played, (int)getppid(), @@ -399,7 +399,6 @@ static int com_si(struct command_context *cc, mmd->active_connections, mmd->num_commands, mmd->num_connects, - ENUM_STRING_VAL(LOGLEVEL), AUDIO_FORMAT_HANDLERS ); mutex_unlock(mmd_mutex); @@ -453,6 +452,7 @@ EXPORT_SERVER_CMD_HANDLER(version); ITEM(chunk_time) \ ITEM(num_chunks) \ ITEM(amplification) \ + ITEM(play_time) \ /* * Create a set of audio-file related status items with empty values. These are @@ -494,9 +494,22 @@ static int com_stat(struct command_context *cc, struct lls_parse_result *lpr) bool parser_friendly = SERVER_CMD_OPT_GIVEN(STAT, PARSER_FRIENDLY, lpr) > 0; uint32_t num = SERVER_CMD_UINT32_VAL(STAT, NUM, lpr); + const struct timespec ts = {.tv_sec = 50, .tv_nsec = 0}; - para_sigaction(SIGUSR1, dummy); + para_sigaction(SIGINT, SIG_IGN); + para_sigaction(SIGUSR1, command_handler_sighandler); + para_sigaction(SIGTERM, command_handler_sighandler); + /* + * Simply checking subcmd_should_die is racy because a signal may + * arrive after the check but before the subsequent call to sleep(3). + * If this happens, sleep(3) would not be interrupted by the signal. + * To avoid this we block SIGTERM here and allow it to arrive only + * while we sleep. + */ + para_block_signal(SIGTERM); + para_block_signal(SIGUSR1); for (;;) { + sigset_t set; /* * Copy the mmd structure to minimize the time we hold the mmd * lock. @@ -519,7 +532,17 @@ static int com_stat(struct command_context *cc, struct lls_parse_result *lpr) ret = 1; if (num > 0 && !--num) goto out; - sleep(50); + sigemptyset(&set); /* empty set means: unblock all signals */ + /* + * pselect(2) allows to atomically unblock signals, then go to + * sleep. Calling sigprocmask(2) followed by sleep(3) would + * open a race window similar to the one described above. + */ + pselect(1, NULL, NULL, NULL, &ts, &set); + if (subcmd_should_die) { + PARA_EMERG_LOG("terminating on SIGTERM\n"); + goto out; + } ret = -E_SERVER_CRASH; if (getppid() == 1) goto out; @@ -529,7 +552,7 @@ out: } EXPORT_SERVER_CMD_HANDLER(stat); -const char *aux_info_cb(unsigned cmd_num, bool verbose) +static const char *aux_info_cb(unsigned cmd_num, bool verbose) { static char result[80]; unsigned perms = server_command_perms[cmd_num]; @@ -569,9 +592,56 @@ static int com_hup(__a_unused struct command_context *cc, } EXPORT_SERVER_CMD_HANDLER(hup); +static int com_ll(struct command_context *cc, struct lls_parse_result *lpr) +{ + unsigned ll, perms; + char *errctx; + const char *sev[] = {SEVERITIES}, *arg; + int ret = lls(lls_check_arg_count(lpr, 0, 1, &errctx)); + + if (ret < 0) { + send_errctx(cc, errctx); + return ret; + } + if (lls_num_inputs(lpr) == 0) { /* reporting is an unprivileged op. */ + const char *severity; + mutex_lock(mmd_mutex); + severity = sev[mmd->loglevel]; + mutex_unlock(mmd_mutex); + return send_sb_va(&cc->scc, SBD_OUTPUT, "%s\n", severity); + } + /* + * Changing the loglevel changes the state of both the afs and the vss, + * so we require both AFS_WRITE and VSS_WRITE. + */ + perms = AFS_WRITE | VSS_WRITE; + if ((cc->u->perms & perms) != perms) + return -ERRNO_TO_PARA_ERROR(EPERM); + arg = lls_input(0, lpr); + for (ll = 0; ll < NUM_LOGLEVELS; ll++) + if (!strcmp(arg, sev[ll])) + break; + if (ll >= NUM_LOGLEVELS) + return -ERRNO_TO_PARA_ERROR(EINVAL); + PARA_INFO_LOG("new log level: %s\n", sev[ll]); + /* Ask the server and afs processes to adjust their log level. */ + mutex_lock(mmd_mutex); + mmd->loglevel = ll; + mutex_unlock(mmd_mutex); + return 1; +} +EXPORT_SERVER_CMD_HANDLER(ll); + static int com_term(__a_unused struct command_context *cc, __a_unused struct lls_parse_result *lpr) { + /* + * The server catches SIGTERM and propagates this signal to all its + * children. We are about to exit anyway, but we'd leak tons of memory + * if being terminated by the signal. So we ignore the signal here and + * terminate via the normal exit path, deallocating all memory. + */ + para_sigaction(SIGTERM, SIG_IGN); kill(getppid(), SIGTERM); return 1; } @@ -636,32 +706,31 @@ static int com_nomore(__a_unused struct command_context *cc, } EXPORT_SERVER_CMD_HANDLER(nomore); -static int com_ff(__a_unused struct command_context *cc, - struct lls_parse_result *lpr) +static int com_ff(struct command_context *cc, struct lls_parse_result *lpr) { long promille; - int ret, backwards = 0; - unsigned i; - char c, *errctx; + int i, ret; + char *errctx; ret = lls(lls_check_arg_count(lpr, 1, 1, &errctx)); if (ret < 0) { send_errctx(cc, errctx); return ret; } - if (!(ret = sscanf(lls_input(0, lpr), "%u%c", &i, &c))) - return -E_COMMAND_SYNTAX; - if (ret > 1 && c == '-') - backwards = 1; /* jmp backwards */ + ret = para_atoi32(lls_input(0, lpr), &i); + if (ret < 0) + return ret; mutex_lock(mmd_mutex); ret = -E_NO_AUDIO_FILE; if (!mmd->afd.afhi.chunks_total || !mmd->afd.afhi.seconds_total) goto out; + ret = 1; promille = (1000 * mmd->current_chunk) / mmd->afd.afhi.chunks_total; - if (backwards) - promille -= 1000 * i / mmd->afd.afhi.seconds_total; - else - promille += 1000 * i / mmd->afd.afhi.seconds_total; + /* + * We need this cast because without it the expression on the right + * hand side is of unsigned type. + */ + promille += 1000 * i / (int)mmd->afd.afhi.seconds_total; if (promille < 0) promille = 0; if (promille > 1000) { @@ -672,18 +741,15 @@ static int com_ff(__a_unused struct command_context *cc, mmd->new_vss_status_flags |= VSS_REPOS; mmd->new_vss_status_flags &= ~VSS_NEXT; mmd->events++; - ret = 1; out: mutex_unlock(mmd_mutex); return ret; } EXPORT_SERVER_CMD_HANDLER(ff); -static int com_jmp(__a_unused struct command_context *cc, - struct lls_parse_result *lpr) +static int com_jmp(struct command_context *cc, struct lls_parse_result *lpr) { - long unsigned int i; - int ret; + int i, ret; char *errctx; ret = lls(lls_check_arg_count(lpr, 1, 1, &errctx)); @@ -691,18 +757,16 @@ static int com_jmp(__a_unused struct command_context *cc, send_errctx(cc, errctx); return ret; } - if (sscanf(lls_input(0, lpr), "%lu", &i) <= 0) + if (sscanf(lls_input(0, lpr), "%d", &i) <= 0) + return -ERRNO_TO_PARA_ERROR(EINVAL); + if (i < 0 || i > 100) return -ERRNO_TO_PARA_ERROR(EINVAL); mutex_lock(mmd_mutex); ret = -E_NO_AUDIO_FILE; if (!mmd->afd.afhi.chunks_total) goto out; - if (i > 100) - i = 100; - PARA_INFO_LOG("jumping to %lu%%\n", i); + PARA_INFO_LOG("jumping to %d%%\n", i); mmd->repos_request = (mmd->afd.afhi.chunks_total * i + 50) / 100; - PARA_INFO_LOG("sent: %lu, offset before jmp: %li\n", - mmd->chunks_sent, mmd->offset); mmd->new_vss_status_flags |= VSS_REPOS; mmd->new_vss_status_flags &= ~VSS_NEXT; ret = 1; @@ -713,14 +777,6 @@ out: } EXPORT_SERVER_CMD_HANDLER(jmp); -/* deprecated, does nothing */ -static int com_tasks(__a_unused struct command_context *cc, - __a_unused struct lls_parse_result *lpr) -{ - return 1; -} -EXPORT_SERVER_CMD_HANDLER(tasks); - static void reset_signals(void) { para_sigaction(SIGCHLD, SIG_IGN); @@ -730,10 +786,10 @@ static void reset_signals(void) } struct connection_features { - int dummy; /* none at the moment */ + bool sha256_requested; /* can be removed after 0.7.0 */ }; -static int parse_auth_request(char *buf, int len, struct user **u, +static int parse_auth_request(char *buf, int len, const struct user **u, struct connection_features *cf) { int ret; @@ -756,10 +812,13 @@ static int parse_auth_request(char *buf, int len, struct user **u, p++; create_argv(p, ",", &features); for (i = 0; features[i]; i++) { - if (strcmp(features[i], "sideband") == 0) - continue; - if (strcmp(features[i], "aes_ctr128") == 0) - continue; + /* + * ->sha256_requested can go away after 0.7.0 so that + * sha256 is used unconditionally, but we need to + * accept the feature request until 0.9.0. + */ + if (strcmp(features[i], "sha256") == 0) + cf->sha256_requested = true; else { ret = -E_BAD_FEATURE; goto out; @@ -767,7 +826,7 @@ static int parse_auth_request(char *buf, int len, struct user **u, } } PARA_DEBUG_LOG("received auth request for user %s\n", username); - *u = lookup_user(username); + *u = user_list_lookup(username); ret = 1; out: free_argv(features); @@ -797,13 +856,13 @@ static int run_command(struct command_context *cc, struct iovec *iov) } perms = server_command_perms[ret]; if ((perms & cc->u->perms) != perms) - return -E_PERM; + return -ERRNO_TO_PARA_ERROR(EPERM); lcmd = lls_cmd(ret, server_cmd_suite); end = iov->iov_base + iov->iov_len; for (i = 0; p < end; i++) p += strlen(p) + 1; argc = i; - argv = para_malloc((argc + 1) * sizeof(char *)); + argv = arr_alloc(argc + 1, sizeof(char *)); for (i = 0, p = iov->iov_base; p < end; i++) { argv[i] = para_strdup(p); p += strlen(p) + 1; @@ -835,28 +894,30 @@ static int run_command(struct command_context *cc, struct iovec *iov) * Whenever para_server accepts an incoming tcp connection on the port it * listens on, it forks and the resulting child calls this function. * - * An RSA-based challenge/response is used to authenticate the peer. It that + * An RSA-based challenge/response is used to authenticate the peer. If the * authentication succeeds, a random session key is generated and sent back to * the peer, encrypted with its RSA public key. From this point on, all - * transfers are crypted with this session key. + * transfers are encrypted with this session key using a stream cipher. * * Next it is checked if the peer supplied a valid server command or a command * for the audio file selector. If yes, and if the user has sufficient - * permissions to execute that command, the function calls the corresponding - * command handler which does argument checking and further processing. + * permissions to execute this command, the function calls the corresponding + * command handler which performs argument checking and further processing. + * + * To cope with DOS attacks, a timer is set up right after the fork. If the + * connection was still not authenticated when the timeout expires, the child + * process is terminated. * - * In order to cope with DOS attacks, a timeout is set up which terminates - * the function if the connection was not authenticated when the timeout - * expires. + * \return Standard. * - * \sa alarm(2), \ref crypt.c, \ref crypt.h. + * \sa alarm(2), \ref openssl.c, \ref crypt.h. */ -__noreturn void handle_connect(int fd) +int handle_connect(int fd) { int ret; - unsigned char rand_buf[CHALLENGE_SIZE + 2 * SESSION_KEY_LEN]; - unsigned char challenge_hash[HASH_SIZE]; - char *command = NULL, *buf = para_malloc(HANDSHAKE_BUFSIZE) /* must be on the heap */; + unsigned char rand_buf[APC_CHALLENGE_SIZE + 2 * SESSION_KEY_LEN]; + unsigned char challenge_hash[HASH2_SIZE]; + char *command = NULL, *buf = alloc(HANDSHAKE_BUFSIZE) /* must be on the heap */; size_t numbytes; struct command_context cc_struct = {.u = NULL}, *cc = &cc_struct; struct iovec iov; @@ -871,7 +932,7 @@ __noreturn void handle_connect(int fd) /* send Welcome message */ ret = write_va_buffer(fd, "This is para_server, version " PACKAGE_VERSION ".\n" - "Features: sideband,aes_ctr128\n" + "Features: sha256\n" /* no longer announce this after 0.8.0 */ ); if (ret < 0) goto net_err; @@ -884,7 +945,7 @@ __noreturn void handle_connect(int fd) goto net_err; if (cc->u) { get_random_bytes_or_die(rand_buf, sizeof(rand_buf)); - ret = pub_encrypt(cc->u->pubkey, rand_buf, sizeof(rand_buf), + ret = apc_pub_encrypt(cc->u->pubkey, rand_buf, sizeof(rand_buf), (unsigned char *)buf); if (ret < 0) goto net_err; @@ -899,7 +960,7 @@ __noreturn void handle_connect(int fd) get_random_bytes_or_die((unsigned char *)buf, numbytes); } PARA_DEBUG_LOG("sending %d byte challenge + session key (%zu bytes)\n", - CHALLENGE_SIZE, numbytes); + APC_CHALLENGE_SIZE, numbytes); ret = send_sb(&cc->scc, buf, numbytes, SBD_CHALLENGE, false); buf = NULL; if (ret < 0) @@ -915,21 +976,29 @@ __noreturn void handle_connect(int fd) if (!cc->u) goto net_err; /* - * The correct response is the hash of the first CHALLENGE_SIZE bytes + * The correct response is the hash of the first APC_CHALLENGE_SIZE bytes * of the random data. */ ret = -E_BAD_AUTH; - if (numbytes != HASH_SIZE) - goto net_err; - hash_function((char *)rand_buf, CHALLENGE_SIZE, challenge_hash); - if (memcmp(challenge_hash, buf, HASH_SIZE)) - goto net_err; + if (cf.sha256_requested) { + if (numbytes != HASH2_SIZE) + goto net_err; + hash2_function((char *)rand_buf, APC_CHALLENGE_SIZE, challenge_hash); + if (memcmp(challenge_hash, buf, HASH2_SIZE)) + goto net_err; + } else { /* old client. This can be removed after 0.7.0 */ + if (numbytes != HASH_SIZE) + goto net_err; + hash_function((char *)rand_buf, APC_CHALLENGE_SIZE, challenge_hash); + if (memcmp(challenge_hash, buf, HASH_SIZE)) + goto net_err; + } /* auth successful */ alarm(0); PARA_INFO_LOG("good auth for %s\n", cc->u->name); /* init stream cipher keys with the second part of the random buffer */ - cc->scc.recv = sc_new(rand_buf + CHALLENGE_SIZE, SESSION_KEY_LEN); - cc->scc.send = sc_new(rand_buf + CHALLENGE_SIZE + SESSION_KEY_LEN, + cc->scc.recv = sc_new(rand_buf + APC_CHALLENGE_SIZE, SESSION_KEY_LEN); + cc->scc.send = sc_new(rand_buf + APC_CHALLENGE_SIZE + SESSION_KEY_LEN, SESSION_KEY_LEN); ret = send_sb(&cc->scc, NULL, 0, SBD_PROCEED, false); if (ret < 0) @@ -961,5 +1030,5 @@ out: } sc_free(cc->scc.recv); sc_free(cc->scc.send); - exit(ret < 0? EXIT_FAILURE : EXIT_SUCCESS); + return ret; }