X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=blobdiff_plain;f=net.c;h=6248de5506eb131828bc4a63f5a55a88c4bc30b4;hp=59b8616a56be2cd0dec066a5c431d3fbea9cab43;hb=c2eecbd1d8445b6605f0d07aea0ed9a66499e5dd;hpb=2ed89c59f0efcd0a2763f47c7d3455663241e623 diff --git a/net.c b/net.c index 59b8616a..6248de55 100644 --- a/net.c +++ b/net.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2006 Andre Noll + * Copyright (C) 2005-2007 Andre Noll * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -20,22 +20,75 @@ #include "para.h" #include "net.h" -#include "gcc-compat.h" -#include -#include "error.h" #include "string.h" +#include "error.h" + + +/** holds information about one encrypted connection */ +struct crypt_data { + /** function used to decrypt received data */ + crypt_function *recv; + /** function used to encrypt data to be sent */ + crypt_function *send; + /** context-dependent data, passed to \a recv() and \a send() */ + void *private_data; +}; +/** array holding per fd crypt data per */ +static struct crypt_data *crypt_data_array; +/** current size of the crypt data array */ +static unsigned cda_size = 0; + + +/** + * activate encryption for one file descriptor + * + * \param fd the file descriptor + * \param recv_f the function used for decrypting received data + * \param send_f the function used for encrypting before sending + * \param private_data user data supplied by the caller + */ +void enable_crypt(int fd, crypt_function *recv_f, crypt_function *send_f, + void *private_data) +{ + if (fd + 1 > cda_size) { + crypt_data_array = para_realloc(crypt_data_array, + (fd + 1) * sizeof(struct crypt_data)); + memset(crypt_data_array + cda_size, 0, + (fd + 1 - cda_size) * sizeof(struct crypt_data)); + cda_size = fd + 1; + } + crypt_data_array[fd].recv = recv_f; + crypt_data_array[fd].send = send_f; + crypt_data_array[fd].private_data = private_data; + PARA_INFO_LOG("rc4 encryption activated for fd %d\n", fd); +} + +/** + * deactivate encryption for a given fd + * + * \param fd the file descriptor + * + * This must be called if and only if \p fd was activated via enable_crypt(). + */ +void disable_crypt(int fd) +{ + if (cda_size < fd + 1) + return; + crypt_data_array[fd].recv = NULL; + crypt_data_array[fd].send = NULL; + crypt_data_array[fd].private_data = NULL; +} -extern void (*crypt_function_recv)(unsigned long len, const unsigned char *indata, unsigned char *outdata); -extern void (*crypt_function_send)(unsigned long len, const unsigned char *indata, unsigned char *outdata); /** * initialize a struct sockaddr_in - * @param addr A pointer to the struct to be initialized - * @param port The port number to use - * @param he The address to use * - * If \a he is null (server mode), \a addr->sin_addr is initialized with \p INADDR_ANY. - * Otherwise, the address given by \a he is copied to addr. + * \param addr A pointer to the struct to be initialized + * \param port The port number to use + * \param he The address to use + * + * If \a he is null (server mode), \a addr->sin_addr is initialized with \p + * INADDR_ANY. Otherwise, the address given by \a he is copied to addr. */ void init_sockaddr(struct sockaddr_in *addr, int port, const struct hostent *he) { @@ -53,18 +106,21 @@ void init_sockaddr(struct sockaddr_in *addr, int port, const struct hostent *he) /* * send out a buffer, resend on short writes - * @param fd the file descriptor - * @param buf The buffer to be sent - * @len The length of \a buf + * + * \param fd the file descriptor + * \param buf The buffer to be sent + * \param len The length of \a buf * * Due to circumstances beyond your control, the kernel might not send all the * data out in one chunk, and now, my friend, it's up to us to get the data out * there (Beej's Guide to Network Programming). + * + * \return This function returns 1 on success and \a -E_SEND on errors. The + * number of bytes actually sent is stored upon successful return in \a len. */ static int sendall(int fd, const char *buf, size_t *len) { - int total = 0; /* how many bytes we've sent */ - int bytesleft = *len; /* how many we have left to send */ + size_t total = 0, bytesleft = *len; /* how many we have left to send */ int n = -1; while (total < *len) { @@ -74,7 +130,7 @@ static int sendall(int fd, const char *buf, size_t *len) total += n; bytesleft -= n; if (total < *len) - PARA_DEBUG_LOG("short write (%d byte(s) left)", + PARA_DEBUG_LOG("short write (%zd byte(s) left)", *len - total); } *len = total; /* return number actually sent here */ @@ -83,25 +139,30 @@ static int sendall(int fd, const char *buf, size_t *len) /** * encrypt and send buffer - * @param fd: the file descriptor - * @param buf the buffer to be encrypted and sent - * @param len the length of \a buf * - * Check if encrytion is available. If yes, encrypt the given buffer. Send out + * \param fd: the file descriptor + * \param buf the buffer to be encrypted and sent + * \param len the length of \a buf + * + * Check if encrytpion is available. If yes, encrypt the given buffer. Send out * the buffer, encrypted or not, and try to resend the remaing part in case of * short writes. * - * @return Positive on success, \p -E_SEND on errors. + * \return Positive on success, \p -E_SEND on errors. */ int send_bin_buffer(int fd, const char *buf, size_t len) { int ret; + crypt_function *cf = NULL; if (!len) PARA_CRIT_LOG("%s", "len == 0\n"); - if (crypt_function_send) { + if (fd + 1 <= cda_size) + cf = crypt_data_array[fd].send; + if (cf) { + void *private = crypt_data_array[fd].private_data; unsigned char *outbuf = para_malloc(len); - crypt_function_send(len, (unsigned char *)buf, outbuf); + (*cf)(len, (unsigned char *)buf, outbuf, private); ret = sendall(fd, (char *)outbuf, &len); free(outbuf); } else @@ -111,12 +172,13 @@ int send_bin_buffer(int fd, const char *buf, size_t len) /** * encrypt and send null terminated buffer. - * @param fd the file descriptor - * @param buf the null-terminated buffer to be send + * + * \param fd the file descriptor + * \param buf the null-terminated buffer to be send * * This is equivalent to send_bin_buffer(fd, buf, strlen(buf)). * - * @return Positive on success, \p -E_SEND on errors. + * \return Positive on success, \p -E_SEND on errors. */ int send_buffer(int fd, const char *buf) { @@ -126,12 +188,13 @@ int send_buffer(int fd, const char *buf) /** * send and encrypt a buffer given by a format string - * @param fd the file descriptor - * @param fmt a format string * - * @return Positive on success, \p -E_SEND on errors. + * \param fd the file descriptor + * \param fmt a format string + * + * \return Positive on success, \p -E_SEND on errors. */ -__printf_2_3 int send_va_buffer(int fd, char *fmt, ...) +__printf_2_3 int send_va_buffer(int fd, const char *fmt, ...) { char *msg; int ret; @@ -145,27 +208,35 @@ __printf_2_3 int send_va_buffer(int fd, char *fmt, ...) /** * receive and decrypt. * - * @param fd the file descriptor - * @param buf the buffer to write the decrypted data to - * @param size the size of @param buf + * \param fd the file descriptor + * \param buf the buffer to write the decrypted data to + * \param size the size of \a buf * - * Receive at most \a size bytes from filedescriptor fd. If encrytion is + * Receive at most \a size bytes from filedescriptor fd. If encryption is * available, decrypt the received buffer. * - * @return the number of bytes received on success. On receive errors, -E_RECV + * \return The number of bytes received on success. On receive errors, -E_RECV * is returned. On crypt errors, the corresponding crypt error number is * returned. + * * \sa recv(2) */ -__must_check int recv_bin_buffer(int fd, char *buf, ssize_t size) +__must_check int recv_bin_buffer(int fd, char *buf, size_t size) { - int n; + ssize_t n; + crypt_function *cf = NULL; - if (crypt_function_recv) { + if (fd + 1 <= cda_size) + cf = crypt_data_array[fd].recv; + if (cf) { unsigned char *tmp = para_malloc(size); + void *private = crypt_data_array[fd].private_data; n = recv(fd, tmp, size, 0); - if (n > 0) - crypt_function_recv(n, tmp, (unsigned char *)buf); + if (n > 0) { + size_t numbytes = n; + unsigned char *b = (unsigned char *)buf; + (*cf)(numbytes, tmp, b, private); + } free(tmp); } else n = recv(fd, buf, size, 0); @@ -177,35 +248,48 @@ __must_check int recv_bin_buffer(int fd, char *buf, ssize_t size) /** * receive, decrypt and write terminating NULL byte * - * @param fd the file descriptor - * @param buf the buffer to write the decrypted data to - * @param size the size of \a buf + * \param fd the file descriptor + * \param buf the buffer to write the decrypted data to + * \param size the size of \a buf * - * Read and decrypt at most size - 1 bytes from file descriptor \a fd and write - * a NULL byte at the end of the received data. + * Read and decrypt at most \a size - 1 bytes from file descriptor \a fd and + * write a NULL byte at the end of the received data. * -*/ -int recv_buffer(int fd, char *buf, ssize_t size) + * \return: The return value of the underlying call to \a recv_bin_buffer(). + * + * \sa recv_bin_buffer() + */ +int recv_buffer(int fd, char *buf, size_t size) { int n; - if ((n = recv_bin_buffer(fd, buf, size - 1)) >= 0) + if (!size) + return -E_RECV; + n = recv_bin_buffer(fd, buf, size - 1); + if (n >= 0) buf[n] = '\0'; + else + *buf = '\0'; return n; } /** * wrapper around gethostbyname * - * @param host hostname or IPv4 address - * \return The hostent structure or a NULL pointer if an error occurs + * \param host hostname or IPv4 address + * \param ret the hostent structure is returned here + * + * \return positive on success, negative on errors. On success, \a ret + * contains the return value of the underlying gethostbyname() call. + * * \sa gethostbyname(2) */ -struct hostent *get_host_info(char *host) +int get_host_info(char *host, struct hostent **ret) { PARA_INFO_LOG("getting host info of %s\n", host); /* FIXME: gethostbyname() is obsolete */ - return gethostbyname(host); + *ret = gethostbyname(host); + return *ret? 1 : -E_HOST_INFO; } /** @@ -214,7 +298,8 @@ struct hostent *get_host_info(char *host) * Create an IPv4 socket for sequenced, reliable, two-way, connection-based * byte streams. * - * @return The socket fd on success, -E_SOCKET on errors. + * \return The socket fd on success, -E_SOCKET on errors. + * * \sa socket(2) */ int get_socket(void) @@ -229,10 +314,11 @@ int get_socket(void) /** * a wrapper around connect(2) * - * @param fd the file descriptor - * @param their_addr the address to connect + * \param fd the file descriptor + * \param their_addr the address to connect + * + * \return \p -E_CONNECT on errors, 1 on success * - * @return \p -E_CONNECT on errors, 1 on success * \sa connect(2) */ int para_connect(int fd, struct sockaddr_in *their_addr) @@ -248,18 +334,24 @@ int para_connect(int fd, struct sockaddr_in *their_addr) /** * paraslash's wrapper around the accept system call * - * @param fd the listening socket - * @param addr structure which is filled in with the address of the peer socket - * @param size should contain the size of the structure pointed to by \a addr + * \param fd the listening socket + * \param addr structure which is filled in with the address of the peer socket + * \param size should contain the size of the structure pointed to by \a addr + * + * Accept incoming connections on \a addr. Retry if interrupted. + * + * \return The new file descriptor on success, \a -E_ACCEPT on errors. * * \sa accept(2). */ -int para_accept(int fd, void *addr, size_t size) +int para_accept(int fd, void *addr, socklen_t size) { int new_fd; - new_fd = accept(fd, (struct sockaddr *) addr, &size); - return new_fd == -1? -E_ACCEPT : new_fd; + do + new_fd = accept(fd, (struct sockaddr *) addr, &size); + while (new_fd < 0 && errno == EINTR); + return new_fd < 0? -E_ACCEPT : new_fd; } static int setserversockopts(int socket_fd) @@ -272,14 +364,6 @@ static int setserversockopts(int socket_fd) return 1; } -static int do_bind(int socket_fd, struct sockaddr_in *my_addr) -{ - if (bind(socket_fd, (struct sockaddr *)my_addr, - sizeof(struct sockaddr)) == -1) - return -E_BIND; - return 1; -} - /** * prepare a structure for \p AF_UNIX socket addresses * @@ -310,11 +394,15 @@ int init_unix_addr(struct sockaddr_un *u, const char *name) * * This functions creates a local socket for sequenced, reliable, * two-way, connection-based byte streams. + * + * \return The file descriptor, on success, negative on errors. + * * \sa socket(2) * \sa bind(2) * \sa chmod(2) */ -int create_pf_socket(const char *name, struct sockaddr_un *unix_addr, int mode) +int create_pf_socket(const char *name, struct sockaddr_un *unix_addr, + mode_t mode) { int fd, ret; @@ -332,6 +420,16 @@ int create_pf_socket(const char *name, struct sockaddr_un *unix_addr, int mode) return fd; } +#ifndef HAVE_UCRED +ssize_t send_cred_buffer(int sock, char *buf) +{ + return send_buffer(sock, buf); +} +int recv_cred_buffer(int fd, char *buf, size_t size) +{ + return recv_buffer(fd, buf, size) > 0? 1 : -E_RECVMSG; +} +#else /* HAVE_UCRED */ /** * send NULL terminated buffer and Unix credentials of the current process * @@ -340,6 +438,7 @@ int create_pf_socket(const char *name, struct sockaddr_un *unix_addr, int mode) * * \return On success, this call returns the number of characters sent. On * error, \p -E_SENDMSG ist returned. + * * \sa okir's Black Hats Manual * \sa sendmsg(2) */ @@ -377,7 +476,7 @@ ssize_t send_cred_buffer(int sock, char *buf) return ret; } -static void dispose_fds(int *fds, int num) +static void dispose_fds(int *fds, unsigned num) { int i; @@ -391,19 +490,21 @@ static void dispose_fds(int *fds, int num) * \param fd the socket file descriptor * \param buf the buffer to store the message * \param size the size of \a buffer - * \param cred the credentials are returned here + * + * \return negative on errors, the user id on success. * * \sa okir's Black Hats Manual * \sa recvmsg(2) */ -int recv_cred_buffer(int fd, char *buf, size_t size, struct ucred *cred) +int recv_cred_buffer(int fd, char *buf, size_t size) { char control[255]; struct msghdr msg; struct cmsghdr *cmsg; struct iovec iov; - int result; + int result = 0; int yes = 1; + struct ucred cred; setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &yes, sizeof(int)); memset(&msg, 0, sizeof(msg)); @@ -416,13 +517,13 @@ int recv_cred_buffer(int fd, char *buf, size_t size, struct ucred *cred) msg.msg_controllen = sizeof(control); if (recvmsg(fd, &msg, 0) < 0) return -E_RECVMSG; - result = -SCM_CREDENTIALS; + result = -E_SCM_CREDENTIALS; cmsg = CMSG_FIRSTHDR(&msg); while (cmsg) { if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_CREDENTIALS) { - memcpy(cred, CMSG_DATA(cmsg), sizeof(struct ucred)); - result = iov.iov_len; + memcpy(&cred, CMSG_DATA(cmsg), sizeof(struct ucred)); + result = cred.uid; } else if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) { @@ -434,40 +535,50 @@ int recv_cred_buffer(int fd, char *buf, size_t size, struct ucred *cred) } return result; } +#endif /* HAVE_UCRED */ /** how many pending connections queue will hold */ #define BACKLOG 10 /** * create a socket, bind it and listen + * * \param port the tcp port to listen on * * \return The file descriptor of the created socket, negative * on errors. * - * \sa get_socket() + * \sa get_socket() * \sa setsockopt(2) * \sa bind(2) * \sa listen(2) */ int init_tcp_socket(int port) { - int sockfd, ret; struct sockaddr_in my_addr; + int fd, ret = get_socket(); - if ((sockfd = get_socket()) < 0) - return sockfd; - ret = setserversockopts(sockfd); if (ret < 0) return ret; - init_sockaddr(&my_addr, port, NULL); - ret = do_bind(sockfd, &my_addr); + fd = ret; + ret = setserversockopts(fd); if (ret < 0) - return ret; - if (listen(sockfd, BACKLOG) == -1) - return -E_LISTEN; - PARA_INFO_LOG("listening on port %d, fd %d\n", port, sockfd); - return sockfd; + goto err; + init_sockaddr(&my_addr, port, NULL); + ret = -E_BIND; + if (bind(fd, (struct sockaddr *)&my_addr, + sizeof(struct sockaddr)) == -1) { + PARA_CRIT_LOG("bind error: %s\n", strerror(errno)); + goto err; + } + ret = -E_LISTEN; + if (listen(fd, BACKLOG) == -1) + goto err; + PARA_INFO_LOG("listening on port %d, fd %d\n", port, fd); + return fd; +err: + close(fd); + return ret; } /** @@ -483,6 +594,7 @@ int init_tcp_socket(int port) * to receive at most \a bufsize bytes from file descriptor \a fd. * If at least \p strlen(\a pattern) bytes were received, the beginning of * the received buffer is compared with \a pattern, ignoring case. + * * \sa recv_buffer() * \sa strncasecmp(3) */ @@ -494,11 +606,15 @@ int recv_pattern(int fd, const char *pattern, size_t bufsize) if (n < len) goto out; - buf[n] = '\0'; if (strncasecmp(buf, pattern, len)) goto out; ret = 1; out: + if (ret < 0) { + PARA_NOTICE_LOG("n = %d, did not receive pattern '%s'\n", n, pattern); + if (n > 0) + PARA_NOTICE_LOG("recvd: %s\n", buf); + } free(buf); return ret; }