X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=blobdiff_plain;f=net.c;h=00844d735c033e73a20b8a975e0bf9db142d2600;hp=2a3fc72be0ad446fa101dcbd9459107fb49f50dd;hb=3010ef96e10cb15d423eef8f9802fbed78744393;hpb=7565af270650435630bf212592286a8c6555d749

diff --git a/net.c b/net.c
index 2a3fc72b..00844d73 100644
--- a/net.c
+++ b/net.c
@@ -6,6 +6,12 @@
 
 /** \file net.c Networking-related helper functions. */
 
+/*
+ * Since glibc 2.8, the _GNU_SOURCE feature test macro must be defined in order
+ * to obtain the definition of the ucred structure.
+ */
+#define _GNU_SOURCE
+
 #include <netdb.h>
 
 /* At least NetBSD needs these. */
@@ -21,71 +27,56 @@
 
 #include <dirent.h>
 #include <regex.h>
+#include <openssl/rc4.h>
 
 #include "para.h"
 #include "error.h"
+#include "crypt.h"
 #include "net.h"
 #include "string.h"
 #include "fd.h"
 
-
-/** Information about one encrypted connection. */
-struct crypt_data {
-	/** Function used to decrypt received data. */
-	crypt_function *recv;
-	/** Function used to encrypt data to be sent. */
-	crypt_function *send;
-	/**
-	 * Context-dependent data (crypt keys), passed verbatim to the above
-	 * crypt functions.
-	 */
-	void *private_data;
-};
-/** Array holding per fd crypt data. */
-static struct crypt_data *crypt_data_array;
-/** Current size of the crypt data array. */
-static unsigned cda_size = 0;
-
 /**
- * Activate encryption for one file descriptor.
+ * Parse and validate IPv4 address/netmask string.
  *
- * \param fd The file descriptor.
- * \param recv_f The function used for decrypting received data.
- * \param send_f The function used for encrypting before sending.
- * \param private_data User data supplied by the caller.
- */
-void enable_crypt(int fd, crypt_function *recv_f, crypt_function *send_f,
-	void *private_data)
-{
-	if (fd + 1 > cda_size) {
-		crypt_data_array = para_realloc(crypt_data_array,
-			(fd + 1) * sizeof(struct crypt_data));
-		memset(crypt_data_array + cda_size, 0,
-			(fd + 1 - cda_size) * sizeof(struct crypt_data));
-		cda_size = fd + 1;
-	}
-	crypt_data_array[fd].recv = recv_f;
-	crypt_data_array[fd].send = send_f;
-	crypt_data_array[fd].private_data = private_data;
-	PARA_INFO_LOG("rc4 encryption activated for fd %d\n", fd);
-}
-
-/**
- * Deactivate encryption for a given fd.
- *
- * \param fd The file descriptor.
+ * \param cidr	  Address in CIDR notation
+ * \param addr	  Copy of the IPv4 address part of \a cidr
+ * \param addrlen Size of \a addr in bytes
+ * \param netmask Value of the netmask part in \a cidr or the
+ *		  default of 32 if not specified.
  *
- * This must be called if and only if \p fd was activated via enable_crypt().
+ * \return Pointer to \a addr if succesful, NULL on error.
+ * \sa RFC 4632
  */
-void disable_crypt(int fd)
+char *parse_cidr(const char *cidr,
+		 char	 *addr, ssize_t addrlen,
+		 int32_t *netmask)
 {
-	if (cda_size < fd + 1)
-		return;
-	crypt_data_array[fd].recv = NULL;
-	crypt_data_array[fd].send = NULL;
-	crypt_data_array[fd].private_data = NULL;
+	const char *o = cidr;
+	char *c = addr, *end = c + (addrlen - 1);
+
+	*netmask = 0x20;
+
+	if (cidr == NULL || addrlen < 1)
+		goto failed;
+
+	for (o = cidr; (*c = *o == '/'? '\0' : *o); c++, o++)
+		if (c == end)
+			goto failed;
+
+	if (*o == '/')
+		if (para_atoi32(++o, netmask) < 0 ||
+		    *netmask < 0 || *netmask > 0x20)
+			goto failed;
+
+	if (is_valid_ipv4_address(addr))
+		return addr;
+failed:
+	*addr = '\0';
+	return NULL;
 }
 
+
 /**
  * Match string as a candidate IPv4 address.
  *
@@ -97,7 +88,8 @@ static bool is_v4_dot_quad(const char *address)
 	bool result;
 	regex_t r;
 
-	assert(!regcomp(&r, "^([0-9]+\\.){3}[0-9]+$", REG_EXTENDED|REG_NOSUB));
+	assert(para_regcomp(&r, "^([0-9]+\\.){3}[0-9]+$",
+		REG_EXTENDED | REG_NOSUB) >= 0);
 	result = regexec(&r, address, 0, NULL, 0) == 0;
 	regfree(&r);
 	return result;
@@ -428,11 +420,31 @@ static char *__get_sock_name(int fd, int (*getname)(int, struct sockaddr*,
 	return host_and_port((struct sockaddr *)&ss, sslen);
 }
 
+/**
+ * Look up the local side of a connected socket structure.
+ *
+ * \param sockfd The file descriptor of the socket.
+ *
+ * \return A pointer to a static buffer containing hostname an port. This
+ * buffer must not be freed by the caller.
+ *
+ * \sa remote_name().
+ */
 char *local_name(int sockfd)
 {
 	return __get_sock_name(sockfd, getsockname);
 }
 
+/**
+ * Look up the remote side of a connected socket structure.
+ *
+ * \param sockfd The file descriptor of the socket.
+ *
+ * \return Analogous to the return value of \ref local_name() but for the
+ * remote side.
+ *
+ * \sa local_name().
+ */
 char *remote_name(int sockfd)
 {
 	return __get_sock_name(sockfd, getpeername);
@@ -450,7 +462,7 @@ struct in_addr extract_v4_addr(const struct sockaddr_storage *ss)
 	struct in_addr ia = {.s_addr = 0};
 
 	if (ss->ss_family == AF_INET)
-		 ia.s_addr = ((struct sockaddr_in *)ss)->sin_addr.s_addr;
+		ia.s_addr = ((struct sockaddr_in *)ss)->sin_addr.s_addr;
 	if (ss->ss_family == AF_INET6) {
 		const struct in6_addr v6_addr = ((struct sockaddr_in6 *)ss)->sin6_addr;
 
@@ -461,41 +473,26 @@ struct in_addr extract_v4_addr(const struct sockaddr_storage *ss)
 }
 
 /**
- * Encrypt and send a binary buffer.
+ * Send a binary buffer.
  *
  * \param fd The file descriptor.
- * \param buf The buffer to be encrypted and sent.
+ * \param buf The buffer to be sent.
  * \param len The length of \a buf.
  *
- * Check if encryption is available. If yes, encrypt the given buffer.  Send
- * out the buffer, encrypted or not, and try to resend the remaing part in case
- * of short writes.
+ * Send out the buffer and try to resend the remaining part in case of short
+ * writes.
  *
  * \return Standard.
  */
 int send_bin_buffer(int fd, const char *buf, size_t len)
 {
-	int ret;
-	crypt_function *cf = NULL;
-
 	if (!len)
 		PARA_CRIT_LOG("len == 0\n");
-	if (fd + 1 <= cda_size)
-		cf = crypt_data_array[fd].send;
-	if (cf) {
-		void *private = crypt_data_array[fd].private_data;
-		/* RC4 may write more than len to the output buffer */
-		unsigned char *outbuf = para_malloc(ROUND_UP(len, 8));
-		(*cf)(len, (unsigned char *)buf, outbuf, private);
-		ret = write_all(fd, (char *)outbuf, &len);
-		free(outbuf);
-	} else
-		ret = write_all(fd, buf, &len);
-	return ret;
+	return write_all(fd, buf, &len);
 }
 
 /**
- * Encrypt and send null terminated buffer.
+ * Send a \p NULL-terminated buffer.
  *
  * \param fd The file descriptor.
  * \param buf The null-terminated buffer to be send.
@@ -509,9 +506,8 @@ int send_buffer(int fd, const char *buf)
 	return send_bin_buffer(fd, buf, strlen(buf));
 }
 
-
 /**
- * Send and encrypt a buffer given by a format string.
+ * Send a buffer given by a format string.
  *
  * \param fd The file descriptor.
  * \param fmt A format string.
@@ -530,51 +526,37 @@ __printf_2_3 int send_va_buffer(int fd, const char *fmt, ...)
 }
 
 /**
- * Receive and decrypt.
+ * Receive data from a file descriptor.
  *
  * \param fd The file descriptor.
- * \param buf The buffer to write the decrypted data to.
+ * \param buf The buffer to write the data to.
  * \param size The size of \a buf.
  *
- * Receive at most \a size bytes from file descriptor \a fd. If encryption is
- * available, decrypt the received buffer.
+ * Receive at most \a size bytes from file descriptor \a fd.
  *
- * \return The number of bytes received on success, negative on errors.
+ * \return The number of bytes received on success, negative on errors, zero if
+ * the peer has performed an orderly shutdown.
  *
- * \sa recv(2)
+ * \sa recv(2).
  */
 __must_check int recv_bin_buffer(int fd, char *buf, size_t size)
 {
 	ssize_t n;
-	crypt_function *cf = NULL;
-
-	if (fd + 1 <= cda_size)
-		cf = crypt_data_array[fd].recv;
-	if (cf) {
-		unsigned char *tmp = para_malloc(size);
-		void *private = crypt_data_array[fd].private_data;
-		n = recv(fd, tmp, size, 0);
-		if (n > 0) {
-			size_t numbytes = n;
-			unsigned char *b = (unsigned char *)buf;
-			(*cf)(numbytes, tmp, b, private);
-		}
-		free(tmp);
-	} else
-		n = recv(fd, buf, size, 0);
+
+	n = recv(fd, buf, size, 0);
 	if (n == -1)
 		return -ERRNO_TO_PARA_ERROR(errno);
 	return n;
 }
 
 /**
- * Receive, decrypt and write terminating NULL byte.
+ * Receive and write terminating NULL byte.
  *
  * \param fd The file descriptor.
- * \param buf The buffer to write the decrypted data to.
+ * \param buf The buffer to write the data to.
  * \param size The size of \a buf.
  *
- * Read and decrypt at most \a size - 1 bytes from file descriptor \a fd and
+ * Read at most \a size - 1 bytes from file descriptor \a fd and
  * write a NULL byte at the end of the received data.
  *
  * \return The return value of the underlying call to \a recv_bin_buffer().
@@ -736,7 +718,7 @@ int recv_cred_buffer(int fd, char *buf, size_t size)
  */
 ssize_t send_cred_buffer(int sock, char *buf)
 {
-	char control[sizeof(struct cmsghdr) + 10];
+	char control[sizeof(struct cmsghdr) + sizeof(struct ucred)];
 	struct msghdr msg;
 	struct cmsghdr *cmsg;
 	static struct iovec iov;
@@ -856,10 +838,11 @@ int recv_pattern(int fd, const char *pattern, size_t bufsize)
 	ret = 1;
 out:
 	if (ret < 0) {
-		PARA_NOTICE_LOG("n = %d, did not receive pattern '%s'\n", n,
-			pattern);
+		PARA_NOTICE_LOG("did not receive pattern '%s'\n", pattern);
 		if (n > 0)
-			PARA_NOTICE_LOG("recvd: %s\n", buf);
+			PARA_NOTICE_LOG("recvd %d bytes: %s\n", n, buf);
+		else if (n < 0)
+			PARA_NOTICE_LOG("%s\n", para_strerror(-n));
 	}
 	free(buf);
 	return ret;