X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=blobdiff_plain;f=command.c;h=ffd660d63c0cdd94cd73d952a8785007873f1a97;hp=77908bf09e8fc09b073e48372ff6749a764de118;hb=199a80d5b07348e8eee1ec1a6339c4d68e85434e;hpb=93232d81798a269d4e4b6ec73588be5caa3c1e25

diff --git a/command.c b/command.c
index 77908bf0..ffd660d6 100644
--- a/command.c
+++ b/command.c
@@ -34,6 +34,9 @@
 #include "user_list.h"
 #include "server_command_list.h"
 
+/** commands including options must be shorter than this */
+#define MAX_COMMAND_LEN 4096
+
 static RC4_KEY rc4_recv_key;
 static RC4_KEY rc4_send_key;
 static unsigned char rc4_buf[2 * RC4_KEY_LEN];
@@ -43,7 +46,6 @@ extern struct misc_meta_data *mmd;
 extern struct audio_file_selector selectors[];
 extern struct sender senders[];
 extern char *user_list;
-struct sockaddr_in *in_addr;
 
 static void dummy(__a_unused int s)
 {}
@@ -72,14 +74,14 @@ static char *vss_status_tohuman(unsigned int flags)
 /*
  * return human readable permission string. Never returns NULL.
  */
-char *cmd_perms_itohuman(unsigned int perms)
+static char *cmd_perms_itohuman(unsigned int perms)
 {
-	char *msg = para_malloc(7 * sizeof(char));
+	char *msg = para_malloc(5 * sizeof(char));
 
-	msg[0] = perms & DB_READ? 'd' : '-';
-	msg[1] = perms & DB_WRITE? 'D' : '-';
-	msg[2] = perms & VSS_READ? 'a' : '-';
-	msg[3] = perms & VSS_WRITE? 'A' : '-';
+	msg[0] = perms & DB_READ? 'a' : '-';
+	msg[1] = perms & DB_WRITE? 'A' : '-';
+	msg[2] = perms & VSS_READ? 'v' : '-';
+	msg[3] = perms & VSS_WRITE? 'V' : '-';
 	msg[4] = '\0';
 	return msg;
 }
@@ -102,7 +104,7 @@ static char *vss_get_status_flags(unsigned int flags)
 /*
  * compute status bar string. Never returns NULL
  */
-char *get_sb_string(struct misc_meta_data *nmmd)
+static char *get_sb_string(struct misc_meta_data *nmmd)
 {
 	char *base, *ret;
 	long long unsigned secs = 0, rsecs = 0, percent = 0;
@@ -342,20 +344,18 @@ int com_si(int fd, int argc, __a_unused char **argv)
 }
 
 /* version */
-int com_version(int socket_fd, int argc, __a_unused char **argv)
+int com_version(int fd, int argc, __a_unused char **argv)
 {
 	if (argc != 1)
 		return -E_COMMAND_SYNTAX;
-	return send_buffer(socket_fd, "para_server-" PACKAGE_VERSION ", \""
-			CODENAME "\"\n"
-			COPYRIGHT "\n"
-			"built: " BUILD_DATE "\n"
-			SYSTEM ", " CC_VERSION "\n"
-		);
+	return send_buffer(fd, VERSION_TEXT("server")
+		"built: " BUILD_DATE "\n"
+		SYSTEM ", " CC_VERSION "\n"
+	);
 }
 
 /* sc */
-int com_sc(int socket_fd, int argc, char **argv)
+int com_sc(int fd, int argc, char **argv)
 {
 	char *name = NULL;
 	int ret, old = 0, count = -1; /* print af change forever */
@@ -370,7 +370,7 @@ repeat:
 	}
 	mmd_unlock();
 	if (name) {
-		ret = send_va_buffer(socket_fd, "%s\n", name);
+		ret = send_va_buffer(fd, "%s\n", name);
 		free(name);
 		name = NULL;
 		if (ret < 0)
@@ -383,7 +383,7 @@ repeat:
 }
 
 /* sb */
-int com_sb(int socket_fd, int argc, char **argv)
+int com_sb(int fd, int argc, char **argv)
 {
 	char *sb;
 	int ret, nr = -1;	/* status bar will be printed that many
@@ -396,7 +396,7 @@ int com_sb(int socket_fd, int argc, char **argv)
 		mmd_lock();
 		sb = get_sb_string(mmd);
 		mmd_unlock();
-		ret = send_va_buffer(socket_fd, "%s\n", sb);
+		ret = send_va_buffer(fd, "%s\n", sb);
 		free(sb);
 		if (ret < 0)
 			return ret;
@@ -410,7 +410,7 @@ int com_sb(int socket_fd, int argc, char **argv)
 }
 
 /* stat */
-int com_stat(int socket_fd, int argc, char **argv)
+int com_stat(int fd, int argc, char **argv)
 {
 	int ret, num = 0;/* status will be printed that many
 			  * times. num <= 0 means: print forever
@@ -426,7 +426,7 @@ int com_stat(int socket_fd, int argc, char **argv)
 
 		mmd_dup(nmmd);
 		s = get_status(nmmd);
-		ret = send_buffer(socket_fd, s);
+		ret = send_buffer(fd, s);
 		free(s);
 		if (ret < 0)
 			goto out;
@@ -510,20 +510,17 @@ int com_help(int fd, int argc, char **argv)
 	}
 	perms = cmd_perms_itohuman(cmd->perms);
 	ret = send_va_buffer(fd,
-		"NAME\n\t%s - %s\n"
-		"SYNOPSIS\n\t para_client %s\n"
-		"DESCRIPTION\n%s\n"
-		"HANDLER\n"
-		"This command is handled by %s.\n\n"
-		"PERMISSIONS\n"
-		"Needed privileges for %s: %s\n",
+		"%s - %s\n\n"
+		"handler: %s\n"
+		"permissions: %s\n"
+		"usage: %s\n\n"
+		"%s\n",
 		argv[1],
 		cmd->description,
-		cmd->synopsis,
-		cmd->help,
 		handler,
-		argv[1],
-		perms
+		perms,
+		cmd->usage,
+		cmd->help
 	);
 	free(perms);
 	free(handler);
@@ -531,7 +528,7 @@ int com_help(int fd, int argc, char **argv)
 }
 
 /* hup */
-int com_hup(__a_unused int socket_fd, int argc, __a_unused char **argv)
+int com_hup(__a_unused int fd, int argc, __a_unused char **argv)
 {
 	if (argc != 1)
 		return -E_COMMAND_SYNTAX;
@@ -540,7 +537,7 @@ int com_hup(__a_unused int socket_fd, int argc, __a_unused char **argv)
 }
 
 /* term */
-int com_term(__a_unused int socket_fd, int argc, __a_unused char **argv)
+int com_term(__a_unused int fd, int argc, __a_unused char **argv)
 {
 	if (argc != 1)
 		return -E_COMMAND_SYNTAX;
@@ -548,7 +545,7 @@ int com_term(__a_unused int socket_fd, int argc, __a_unused char **argv)
 	return 1;
 }
 
-int com_play(__a_unused int socket_fd, int argc, __a_unused char **argv)
+int com_play(__a_unused int fd, int argc, __a_unused char **argv)
 {
 	if (argc != 1)
 		return -E_COMMAND_SYNTAX;
@@ -561,7 +558,7 @@ int com_play(__a_unused int socket_fd, int argc, __a_unused char **argv)
 }
 
 /* stop */
-int com_stop(__a_unused int socket_fd, int argc, __a_unused char **argv)
+int com_stop(__a_unused int fd, int argc, __a_unused char **argv)
 {
 	if (argc != 1)
 		return -E_COMMAND_SYNTAX;
@@ -574,7 +571,7 @@ int com_stop(__a_unused int socket_fd, int argc, __a_unused char **argv)
 }
 
 /* pause */
-int com_pause(__a_unused int socket_fd, int argc, __a_unused char **argv)
+int com_pause(__a_unused int fd, int argc, __a_unused char **argv)
 {
 	if (argc != 1)
 		return -E_COMMAND_SYNTAX;
@@ -613,7 +610,7 @@ int com_chs(int fd, int argc, char **argv)
 }
 
 /* next */
-int com_next(__a_unused int socket_fd, int argc, __a_unused char **argv)
+int com_next(__a_unused int fd, int argc, __a_unused char **argv)
 {
 	if (argc != 1)
 		return -E_COMMAND_SYNTAX;
@@ -625,7 +622,7 @@ int com_next(__a_unused int socket_fd, int argc, __a_unused char **argv)
 }
 
 /* nomore */
-int com_nomore(__a_unused int socket_fd, int argc, __a_unused char **argv)
+int com_nomore(__a_unused int fd, int argc, __a_unused char **argv)
 {
 	if (argc != 1)
 		return -E_COMMAND_SYNTAX;
@@ -637,7 +634,7 @@ int com_nomore(__a_unused int socket_fd, int argc, __a_unused char **argv)
 }
 
 /* ff */
-int com_ff(__a_unused int socket_fd, int argc, char **argv)
+int com_ff(__a_unused int fd, int argc, char **argv)
 {
 	long promille;
 	int ret, backwards = 0;
@@ -676,7 +673,7 @@ out:
 }
 
 /* jmp */
-int com_jmp(__a_unused int socket_fd, int argc, char **argv)
+int com_jmp(__a_unused int fd, int argc, char **argv)
 {
 	long unsigned int i;
 	int ret;
@@ -730,7 +727,7 @@ static struct server_command *parse_cmd(const char *cmdstr)
 	return get_cmd_ptr(buf, NULL);
 }
 
-long int para_rand(long unsigned max)
+static long int para_rand(long unsigned max)
 {
 	return (long int) ((max + 0.0) * (random() / (RAND_MAX + 1.0)));
 }
@@ -760,12 +757,43 @@ static void rc4_send(unsigned long len, const unsigned char *indata,
 	RC4(&rc4_send_key, len, indata, outdata);
 }
 
+/**
+ * perform user authentication and execute a command
+ *
+ * \param fd the file descriptor to send output to
+ * \param addr socket address info of peer
+ *
+ * \return EXIT_SUCCESS or EXIT_FAILURE
+ *
+ * Whenever para_server accepts an incoming tcp connection on
+ * the port it listens on, it forks and the resulting child
+ * calls this function.
+ *
+ * An RSA-based challenge/response is used to authenticate
+ * the peer. It that authentication succeeds, a random RC4
+ * session key is generated and sent back to the peer,
+ * encrypted with its RSA public key.  From this point on,
+ * all transfers are crypted with this session key.
+ *
+ * Next it is checked if the peer supplied  a valid server
+ * command or a command for the audio file selector currently
+ * in use.  If yes, and if the user has sufficient
+ * permissions to execute that command, the function calls
+ * the corresponding command handler which does argument
+ * checking and further processing.
+ *
+ * In order to cope with a DOS attacks, a timeout is set up
+ * which terminates the function if the connection was not
+ * authenticated when the timeout expires.
+ *
+ * \sa alarm(2), rc4(3), crypt.c, crypt.h
+ */
 int handle_connect(int fd, struct sockaddr_in *addr)
 {
 	int numbytes, ret, argc, use_rc4 = 0;
-	char buf[STRINGSIZE];
+	char buf[4096];
 	unsigned char crypt_buf[MAXLINE];
-	struct user u;
+	struct user *u;
 	struct server_command *cmd = NULL;
 	long unsigned challenge_nr, chall_response;
 	char **argv = NULL;
@@ -777,7 +805,6 @@ int handle_connect(int fd, struct sockaddr_in *addr)
 	signal(SIGHUP, SIG_DFL);
 	signal(SIGUSR1, SIG_IGN);
 
-	in_addr = addr;
 	challenge_nr = random();
 	/* send Welcome message */
 	ret = send_va_buffer(fd, "This is para_server, version "
@@ -798,16 +825,18 @@ int handle_connect(int fd, struct sockaddr_in *addr)
 		goto err_out;
 
 	if (numbytes < 9 || strncmp(buf, "auth rc4 ", 9))
-		u.name = para_strdup(buf + 5); /* client version < 0.2.6 */
+		p = buf + 5; /* client version < 0.2.6 */
 	else {
-		u.name = para_strdup(buf + 9); /* client version >= 0.2.6 */
+		p = buf + 9; /* client version >= 0.2.6 */
 		use_rc4 = 1;
 	}
 	PARA_DEBUG_LOG("received %s request for user %s\n",
-		use_rc4? "rc4" : "auth", u.name);
-	if ((ret = lookup_user(&u)) < 0)
+		use_rc4? "rc4" : "auth", p);
+	ret = -E_BAD_USER;
+	u = lookup_user(p);
+	if (!u)
 		goto err_out;
-	ret = para_encrypt_challenge(u.rsa, challenge_nr, crypt_buf);
+	ret = para_encrypt_challenge(u->rsa, challenge_nr, crypt_buf);
 	if (ret <= 0)
 		goto err_out;
 	numbytes = ret;
@@ -828,11 +857,11 @@ int handle_connect(int fd, struct sockaddr_in *addr)
 			|| chall_response != challenge_nr)
 		goto err_out;
 	/* auth successful. Send 'Proceed' message */
-	PARA_INFO_LOG("good auth for %s (%lu)\n", u.name, challenge_nr);
+	PARA_INFO_LOG("good auth for %s (%lu)\n", u->name, challenge_nr);
 	sprintf(buf, "%s", PROCEED_MSG);
 	if (use_rc4) {
 		init_rc4_keys();
-		ret = para_encrypt_buffer(u.rsa, rc4_buf, 2 * RC4_KEY_LEN,
+		ret = para_encrypt_buffer(u->rsa, rc4_buf, 2 * RC4_KEY_LEN,
 			(unsigned char *)buf + PROCEED_MSG_LEN + 1);
 		if (ret <= 0)
 			goto err_out;
@@ -848,7 +877,7 @@ int handle_connect(int fd, struct sockaddr_in *addr)
 	while ((numbytes = recv_buffer(fd, buf, sizeof(buf))) > 0) {
 //		PARA_INFO_LOG("recvd: %s (%d)\n", buf, numbytes);
 		ret = -E_COMMAND_SYNTAX;
-		if (command && numbytes + strlen(command) > STRINGSIZE) /* DOS */
+		if (command && numbytes + strlen(command) > MAX_COMMAND_LEN) /* DOS */
 			goto err_out;
 		command = para_strcat(command, buf);
 		if ((p = strstr(command, EOC_MSG))) {
@@ -864,7 +893,7 @@ int handle_connect(int fd, struct sockaddr_in *addr)
 	if (!(cmd = parse_cmd(command)))
 		goto err_out;
 	/* valid command, check permissions */
-	ret = check_perms(u.perms, cmd);
+	ret = check_perms(u->perms, cmd);
 	if (ret < 0)
 		goto err_out;
 	/* valid command and sufficient perms */
@@ -873,7 +902,7 @@ int handle_connect(int fd, struct sockaddr_in *addr)
 	mmd_lock();
 	mmd->num_commands++;
 	mmd_unlock();
-	PARA_NOTICE_LOG("calling com_%s() for %s@%s\n", cmd->name, u.name,
+	PARA_NOTICE_LOG("calling com_%s() for %s@%s\n", cmd->name, u->name,
 		inet_ntoa(addr->sin_addr));
 	ret = cmd->handler(fd, argc, argv);
 	if (ret >= 0) {