)
STRICT_CFLAGS += $(call cc-option, -Wformat-signedness)
+STRICT_CFLAGS += $(call cc-option, -Wdiscarded-qualifiers)
# To put more focus on warnings, be less verbose as default
# Use 'make V=1' to see the full commands
NEWS
====
+-------------------------------------------
+0.6.2 (to be announced) "elastic diversity"
+-------------------------------------------
+
+- para_gui no longer waits up to one second to update the screen when
+ the geometry of the terminal changes.
+- Minor documentation improvements.
+- Improvements to the crypto subsystem.
+- The server subcommand "task" has been deprecated. It still works,
+ but prints nothing. It will be removed in the next major release.
+- Server log output is now serialized, avoiding issues with partial
+ lines.
+- It is now possible to switch to a different afs database by changing
+ the server configuration and sending SIGHUP to the server process.
+- New server options: --listen--address, --http-listen-address and
+ --dccp-listen-address. These options restrict the set of listening
+ addresses of the TCP and DCCP sockets of the server process.
+- The help commands of server, audiod, play now support --long. By default,
+ the short help is shown.
+- The code which merges the command line options with the config file
+ options has been consolidated.
+
+Download: [tarball](./releases/paraslash-git.tar.xz)
+
----------------------------------------
0.6.1 (2017-09-23) "segmented iteration"
----------------------------------------
/**
* Return true if addr_1 matches addr_2 in the first `netmask' bits.
*/
-static int v4_addr_match(uint32_t addr_1, uint32_t addr_2, uint8_t netmask)
+static bool v4_addr_match(uint32_t addr_1, uint32_t addr_2, uint8_t netmask)
{
uint32_t mask = ~0U;
+ if (netmask == 0) /* avoid 32-bit shift, which is undefined in C. */
+ return true;
if (netmask < 32)
mask <<= (32 - netmask);
return (htonl(addr_1) & mask) == (htonl(addr_2) & mask);
struct access_info *ai, *tmp;
struct in_addr to_delete;
+ PARA_NOTICE_LOG("removing entries matching %s/%u\n", addr, netmask);
inet_pton(AF_INET, addr, &to_delete);
list_for_each_entry_safe(ai, tmp, acl, node) {
-
if (v4_addr_match(to_delete.s_addr, ai->addr.s_addr,
PARA_MIN(netmask, ai->netmask))) {
- PARA_NOTICE_LOG("removing %s/%u from access list\n",
- addr, ai->netmask);
+ char dst[INET_ADDRSTRLEN + 1];
+ const char *p = inet_ntop(AF_INET, &ai->addr.s_addr,
+ dst, sizeof(dst));
+ if (p)
+ PARA_INFO_LOG("removing %s/%u\n", p,
+ ai->netmask);
list_del(&ai->node);
free(ai);
}
return socket_fd;
}
+static char *database_dir;
+
static void close_afs_tables(void)
{
int i;
PARA_NOTICE_LOG("closing afs_tables\n");
for (i = 0; i < NUM_AFS_TABLES; i++)
afs_tables[i].close();
+ free(database_dir);
+ database_dir = NULL;
}
-static char *database_dir;
-
static void get_database_dir(void)
{
if (!database_dir) {
}
ret = schedule(&s);
sched_shutdown(&s);
+ close_current_mood();
out_close:
close_afs_tables();
out:
+ signal_shutdown(signal_task);
+ free_status_items();
+ free(current_mop);
+ free_lpr();
if (ret < 0)
PARA_EMERG_LOG("%s\n", para_strerror(-ret));
exit(EXIT_FAILURE);
int i, ret;
close_afs_tables();
+ get_database_dir();
for (i = 0; i < NUM_AFS_TABLES; i++) {
struct afs_table *t = &afs_tables[i];
int get_audio_file_path_of_row(const struct osl_row *row, char **path);
int audio_file_loop(void *private_data, osl_rbtree_loop_func *func);
int aft_check_callback(struct afs_callback_arg *aca);
+void free_status_items(void);
/* playlist */
int playlist_open(const char *name);
WRITE_STATUS_ITEM(pb, SI_file_size, "%ld\n", statbuf.st_size / 1024);
}
+void free_status_items(void)
+{
+ freep(&status_items);
+ freep(&parser_friendly_status_items);
+}
+
static int make_status_items(void)
{
const struct lls_command *cmd = SERVER_CMD_CMD_PTR(LS);
time_t current_time;
int ret;
+ free_status_items();
if (!status_item_ls_data.path) /* no audio file open */
return 0;
ret = lls_parse(ARRAY_SIZE(argv), argv, cmd, &opts.lpr, NULL);
if (ret < 0)
goto out;
make_inode_status_items(&pb);
- free(status_items);
status_items = pb.buf;
memset(&pb, 0, sizeof(pb));
pb.max_size = shm_get_shmmax() - 1;
pb.flags = PBF_SIZE_PREFIX;
ret = print_list_item(&status_item_ls_data, &opts, &pb, current_time);
- if (ret < 0) {
- free(status_items);
- status_items = NULL;
- return ret;
- }
+ if (ret < 0)
+ goto out;
make_inode_status_items(&pb);
- free(parser_friendly_status_items);
parser_friendly_status_items = pb.buf;
ret = 1;
out:
+ if (ret < 0)
+ free_status_items();
lls_free_parse_result(opts.lpr, cmd);
return ret;
}
version_handle_flag("audiod", OPT_GIVEN(VERSION));
handle_help_flags();
parse_config_or_die();
- init_random_seed_or_die();
+ crypt_init();
daemon_set_priority(OPT_UINT32_VAL(PRIORITY));
recv_init();
if (daemon_init_colors_or_die(OPT_UINT32_VAL(COLOR), COLOR_AUTO,
audiod_cleanup();
sched_shutdown(&sched);
signal_shutdown(signal_task);
-
+ crypt_shutdown();
out:
lls_free_parse_result(lpr, CMD_PTR);
if (errctx)
{
int ret;
- init_random_seed_or_die();
+ crypt_init();
sched.default_timeout.tv_sec = 1;
ret = client_parse_config(argc, argv, &ct, &client_loglevel);
}
}
sched_shutdown(&sched);
+ crypt_shutdown();
out:
if (ret < 0)
PARA_ERROR_LOG("%s\n", para_strerror(-ret));
}
n = sbb.iov.iov_len;
PARA_INFO_LOG("<-- [challenge] (%zu bytes)\n", n);
- ret = priv_decrypt(ct->key_file, crypt_buf,
+ ret = apc_priv_decrypt(ct->key_file, crypt_buf,
sbb.iov.iov_base, n);
free(sbb.iov.iov_base);
if (ret < 0)
goto out;
ct->challenge_hash = para_malloc(HASH_SIZE);
- hash_function((char *)crypt_buf, CHALLENGE_SIZE, ct->challenge_hash);
- ct->scc.send = sc_new(crypt_buf + CHALLENGE_SIZE, SESSION_KEY_LEN);
- ct->scc.recv = sc_new(crypt_buf + CHALLENGE_SIZE + SESSION_KEY_LEN,
+ hash_function((char *)crypt_buf, APC_CHALLENGE_SIZE, ct->challenge_hash);
+ ct->scc.send = sc_new(crypt_buf + APC_CHALLENGE_SIZE, SESSION_KEY_LEN);
+ ct->scc.recv = sc_new(crypt_buf + APC_CHALLENGE_SIZE + SESSION_KEY_LEN,
SESSION_KEY_LEN);
hash_to_asc(ct->challenge_hash, buf);
PARA_INFO_LOG("--> %s\n", buf);
}
}
-/**
- * Close all fds in the list and destroy all list entries.
- *
- * This function calls close(3) for each fd in the close-on-fork list
- * and empties the list afterwards.
- */
-void close_listed_fds(void)
+static void deplete_cof_list(bool close_fds)
{
struct close_on_fork *cof, *tmp;
return;
list_for_each_entry_safe(cof, tmp, &close_on_fork_list, node) {
PARA_DEBUG_LOG("closing fd %d\n", cof->fd);
- close(cof->fd);
+ if (close_fds)
+ close(cof->fd);
list_del(&cof->node);
free(cof);
}
}
+
+/**
+ * Close all fds in the list and destroy all list entries.
+ *
+ * This function calls close(3) for each fd in the close-on-fork list
+ * and empties the list afterwards.
+ *
+ * \sa \ref deplete_close_on_fork_list().
+ */
+void close_listed_fds(void)
+{
+ deplete_cof_list(true);
+}
+
+/**
+ * Remove all listed fds from the close on fork list.
+ *
+ * This is like \ref close_listed_fds() but does not close the fds.
+ */
+void deplete_close_on_fork_list(void)
+{
+ deplete_cof_list(false);
+}
void del_close_on_fork_list(int fd);
void add_close_on_fork_list(int fd);
void close_listed_fds(void);
+void deplete_close_on_fork_list(void);
extern int mmd_mutex;
extern struct misc_meta_data *mmd;
-extern struct sender senders[];
int send_afs_status(struct command_context *cc, int parser_friendly);
+static bool subcmd_should_die;
-static void dummy(__a_unused int s)
+static void command_handler_sighandler(int s)
{
+ if (s != SIGTERM)
+ return;
+ PARA_EMERG_LOG("terminating on signal %d\n", SIGTERM);
+ subcmd_should_die = true;
}
/*
return ret;
}
arg = lls_input(0, lpr);
- for (i = 0; senders[i].name; i++)
- if (!strcmp(senders[i].name, arg))
+ FOR_EACH_SENDER(i)
+ if (strcmp(senders[i]->name, arg) == 0)
break;
- if (!senders[i].name)
+ if (!senders[i])
return -E_COMMAND_SYNTAX;
scd->sender_num = i;
arg = lls_input(1, lpr);
if (i == NUM_SENDER_CMDS)
return -E_COMMAND_SYNTAX;
scd->cmd_num = i;
- if (!senders[scd->sender_num].client_cmds[scd->cmd_num])
+ if (!senders[scd->sender_num]->client_cmds[scd->cmd_num])
return -E_SENDER_CMD;
switch (scd->cmd_num) {
case SENDER_on:
struct sender_command_data scd;
if (lls_num_inputs(lpr) == 0) {
- for (i = 0; senders[i].name; i++) {
+ FOR_EACH_SENDER(i) {
char *tmp;
ret = xasprintf(&tmp, "%s%s\n", msg? msg : "",
- senders[i].name);
+ senders[i]->name);
free(msg);
msg = tmp;
}
if (scd.sender_num < 0)
return ret;
if (strcmp(lls_input(1, lpr), "status") == 0)
- msg = senders[scd.sender_num].status();
+ msg = senders[scd.sender_num]->status();
else
- msg = senders[scd.sender_num].help();
+ msg = senders[scd.sender_num]->help();
return send_sb(&cc->scc, msg, strlen(msg), SBD_OUTPUT, false);
}
switch (scd.cmd_num) {
case SENDER_add:
case SENDER_delete:
- assert(senders[scd.sender_num].resolve_target);
- ret = senders[scd.sender_num].resolve_target(lls_input(2, lpr),
+ assert(senders[scd.sender_num]->resolve_target);
+ ret = senders[scd.sender_num]->resolve_target(lls_input(2, lpr),
&scd);
if (ret < 0)
return ret;
bool parser_friendly = SERVER_CMD_OPT_GIVEN(STAT, PARSER_FRIENDLY,
lpr) > 0;
uint32_t num = SERVER_CMD_UINT32_VAL(STAT, NUM, lpr);
+ const struct timespec ts = {.tv_sec = 50, .tv_nsec = 0};
- para_sigaction(SIGUSR1, dummy);
+ para_sigaction(SIGINT, SIG_IGN);
+ para_sigaction(SIGUSR1, command_handler_sighandler);
+ para_sigaction(SIGTERM, command_handler_sighandler);
+ /*
+ * Simply checking subcmd_should_die is racy because a signal may
+ * arrive after the check but before the subsequent call to sleep(3).
+ * If this happens, sleep(3) would not be interrupted by the signal.
+ * To avoid this we block SIGTERM here and allow it to arrive only
+ * while we sleep.
+ */
+ para_block_signal(SIGTERM);
for (;;) {
+ sigset_t set;
/*
* Copy the mmd structure to minimize the time we hold the mmd
* lock.
ret = 1;
if (num > 0 && !--num)
goto out;
- sleep(50);
+ sigemptyset(&set); /* empty set means: unblock all signals */
+ /*
+ * pselect(2) allows to atomically unblock signals, then go to
+ * sleep. Calling sigprocmask(2) followed by sleep(3) would
+ * open a race window similar to the one described above.
+ */
+ pselect(1, NULL, NULL, NULL, &ts, &set);
+ if (subcmd_should_die)
+ goto out;
ret = -E_SERVER_CRASH;
if (getppid() == 1)
goto out;
}
EXPORT_SERVER_CMD_HANDLER(nomore);
-static int com_ff(__a_unused struct command_context *cc,
- struct lls_parse_result *lpr)
+static int com_ff(struct command_context *cc, struct lls_parse_result *lpr)
{
long promille;
int ret, backwards = 0;
ret = -E_NO_AUDIO_FILE;
if (!mmd->afd.afhi.chunks_total || !mmd->afd.afhi.seconds_total)
goto out;
+ ret = 1;
promille = (1000 * mmd->current_chunk) / mmd->afd.afhi.chunks_total;
if (backwards)
promille -= 1000 * i / mmd->afd.afhi.seconds_total;
mmd->new_vss_status_flags |= VSS_REPOS;
mmd->new_vss_status_flags &= ~VSS_NEXT;
mmd->events++;
- ret = 1;
out:
mutex_unlock(mmd_mutex);
return ret;
}
EXPORT_SERVER_CMD_HANDLER(ff);
-static int com_jmp(__a_unused struct command_context *cc,
- struct lls_parse_result *lpr)
+static int com_jmp(struct command_context *cc, struct lls_parse_result *lpr)
{
long unsigned int i;
int ret;
int dummy; /* none at the moment */
};
-static int parse_auth_request(char *buf, int len, struct user **u,
+static int parse_auth_request(char *buf, int len, const struct user **u,
struct connection_features *cf)
{
int ret;
}
}
PARA_DEBUG_LOG("received auth request for user %s\n", username);
- *u = lookup_user(username);
+ *u = user_list_lookup(username);
ret = 1;
out:
free_argv(features);
* the function if the connection was not authenticated when the timeout
* expires.
*
- * \sa alarm(2), \ref crypt.c, \ref crypt.h.
+ * \return Standard.
+ *
+ * \sa alarm(2), \ref openssl.c, \ref crypt.h.
*/
-__noreturn void handle_connect(int fd)
+int handle_connect(int fd)
{
int ret;
- unsigned char rand_buf[CHALLENGE_SIZE + 2 * SESSION_KEY_LEN];
+ unsigned char rand_buf[APC_CHALLENGE_SIZE + 2 * SESSION_KEY_LEN];
unsigned char challenge_hash[HASH_SIZE];
char *command = NULL, *buf = para_malloc(HANDSHAKE_BUFSIZE) /* must be on the heap */;
size_t numbytes;
goto net_err;
if (cc->u) {
get_random_bytes_or_die(rand_buf, sizeof(rand_buf));
- ret = pub_encrypt(cc->u->pubkey, rand_buf, sizeof(rand_buf),
+ ret = apc_pub_encrypt(cc->u->pubkey, rand_buf, sizeof(rand_buf),
(unsigned char *)buf);
if (ret < 0)
goto net_err;
get_random_bytes_or_die((unsigned char *)buf, numbytes);
}
PARA_DEBUG_LOG("sending %d byte challenge + session key (%zu bytes)\n",
- CHALLENGE_SIZE, numbytes);
+ APC_CHALLENGE_SIZE, numbytes);
ret = send_sb(&cc->scc, buf, numbytes, SBD_CHALLENGE, false);
buf = NULL;
if (ret < 0)
if (!cc->u)
goto net_err;
/*
- * The correct response is the hash of the first CHALLENGE_SIZE bytes
+ * The correct response is the hash of the first APC_CHALLENGE_SIZE bytes
* of the random data.
*/
ret = -E_BAD_AUTH;
if (numbytes != HASH_SIZE)
goto net_err;
- hash_function((char *)rand_buf, CHALLENGE_SIZE, challenge_hash);
+ hash_function((char *)rand_buf, APC_CHALLENGE_SIZE, challenge_hash);
if (memcmp(challenge_hash, buf, HASH_SIZE))
goto net_err;
/* auth successful */
alarm(0);
PARA_INFO_LOG("good auth for %s\n", cc->u->name);
/* init stream cipher keys with the second part of the random buffer */
- cc->scc.recv = sc_new(rand_buf + CHALLENGE_SIZE, SESSION_KEY_LEN);
- cc->scc.send = sc_new(rand_buf + CHALLENGE_SIZE + SESSION_KEY_LEN,
+ cc->scc.recv = sc_new(rand_buf + APC_CHALLENGE_SIZE, SESSION_KEY_LEN);
+ cc->scc.send = sc_new(rand_buf + APC_CHALLENGE_SIZE + SESSION_KEY_LEN,
SESSION_KEY_LEN);
ret = send_sb(&cc->scc, NULL, 0, SBD_PROCEED, false);
if (ret < 0)
}
sc_free(cc->scc.recv);
sc_free(cc->scc.send);
- exit(ret < 0? EXIT_FAILURE : EXIT_SUCCESS);
+ return ret;
}
/** Per connection data available to command handlers. */
struct command_context {
/** The paraslash user that executes this command. */
- struct user *u;
+ const struct user *u;
/** File descriptor and crypto keys. */
struct stream_cipher_context scc;
};
lsu
"
if test "$CRYPTOLIB" = openssl; then
- server_errlist_objs="$server_errlist_objs crypt"
+ server_errlist_objs="$server_errlist_objs openssl"
else
server_errlist_objs="$server_errlist_objs gcrypt"
fi
version
"
if test "$CRYPTOLIB" = openssl; then
- client_errlist_objs="$client_errlist_objs crypt"
+ client_errlist_objs="$client_errlist_objs openssl"
else
client_errlist_objs="$client_errlist_objs gcrypt"
fi
lsu
"
if test "$CRYPTOLIB" = openssl; then
- audiod_errlist_objs="$audiod_errlist_objs crypt"
+ audiod_errlist_objs="$audiod_errlist_objs openssl"
else
audiod_errlist_objs="$audiod_errlist_objs gcrypt"
fi
+++ /dev/null
-/* Copyright (C) 2005 Andre Noll <maan@tuebingen.mpg.de>, see file COPYING. */
-
-/** \file crypt.c Openssl-based encryption/decryption routines. */
-
-#include <regex.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/sha.h>
-#include <openssl/bn.h>
-#include <openssl/aes.h>
-
-#include "para.h"
-#include "error.h"
-#include "string.h"
-#include "crypt.h"
-#include "fd.h"
-#include "crypt_backend.h"
-#include "base64.h"
-#include "portable_io.h"
-
-struct asymmetric_key {
- RSA *rsa;
-};
-
-void get_random_bytes_or_die(unsigned char *buf, int num)
-{
- unsigned long err;
-
- /* RAND_bytes() returns 1 on success, 0 otherwise. */
- if (RAND_bytes(buf, num) == 1)
- return;
- err = ERR_get_error();
- PARA_EMERG_LOG("%s\n", ERR_reason_error_string(err));
- exit(EXIT_FAILURE);
-}
-
-/*
- * Read 64 bytes from /dev/urandom and add them to the SSL PRNG. Seed the PRNG
- * used by random(3) with a random seed obtained from SSL. If /dev/urandom is
- * not readable, the function calls exit().
- *
- * \sa RAND_load_file(3), \ref get_random_bytes_or_die(), srandom(3),
- * random(3), \ref para_random().
- */
-void init_random_seed_or_die(void)
-{
- int seed, ret = RAND_load_file("/dev/urandom", 64);
-
- if (ret != 64) {
- PARA_EMERG_LOG("could not seed PRNG (ret = %d)\n", ret);
- exit(EXIT_FAILURE);
- }
- get_random_bytes_or_die((unsigned char *)&seed, sizeof(seed));
- srandom(seed);
-}
-
-static int get_private_key(const char *path, RSA **rsa)
-{
- EVP_PKEY *pkey;
- BIO *bio = BIO_new(BIO_s_file());
-
- *rsa = NULL;
- if (!bio)
- return -E_PRIVATE_KEY;
- if (BIO_read_filename(bio, path) <= 0)
- goto bio_free;
- pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
- if (!pkey)
- goto bio_free;
- *rsa = EVP_PKEY_get1_RSA(pkey);
- EVP_PKEY_free(pkey);
-bio_free:
- BIO_free(bio);
- return *rsa? RSA_size(*rsa) : -E_PRIVATE_KEY;
-}
-
-/*
- * The public key loading functions below were inspired by corresponding code
- * of openssh-5.2p1, Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo,
- * Finland. However, not much of the original code remains.
- */
-
-static int read_bignum(const unsigned char *buf, size_t len, BIGNUM **result)
-{
- const unsigned char *p = buf, *end = buf + len;
- uint32_t bnsize;
- BIGNUM *bn;
-
- if (p + 4 < p)
- return -E_BIGNUM;
- if (p + 4 > end)
- return -E_BIGNUM;
- bnsize = read_u32_be(p);
- PARA_DEBUG_LOG("bnsize: %u\n", bnsize);
- p += 4;
- if (p + bnsize < p)
- return -E_BIGNUM;
- if (p + bnsize > end)
- return -E_BIGNUM;
- if (bnsize > 8192)
- return -E_BIGNUM;
- bn = BN_bin2bn(p, bnsize, NULL);
- if (!bn)
- return -E_BIGNUM;
- *result = bn;
- return bnsize + 4;
-}
-
-static int read_rsa_bignums(const unsigned char *blob, int blen, RSA **result)
-{
- int ret;
- RSA *rsa;
- BIGNUM *n, *e;
- const unsigned char *p = blob, *end = blob + blen;
-
- rsa = RSA_new();
- if (!rsa)
- return -E_BIGNUM;
- ret = read_bignum(p, end - p, &e);
- if (ret < 0)
- goto fail;
- p += ret;
- ret = read_bignum(p, end - p, &n);
- if (ret < 0)
- goto fail;
-#ifdef HAVE_RSA_SET0_KEY
- RSA_set0_key(rsa, n, e, NULL);
-#else
- rsa->n = n;
- rsa->e = e;
-#endif
- *result = rsa;
- return 1;
-fail:
- RSA_free(rsa);
- return ret;
-}
-
-int get_public_key(const char *key_file, struct asymmetric_key **result)
-{
- struct asymmetric_key *key = NULL;
- void *map = NULL;
- unsigned char *blob = NULL;
- size_t map_size, encoded_size, decoded_size;
- int ret, ret2;
- char *cp;
-
- key = para_malloc(sizeof(*key));
- ret = mmap_full_file(key_file, O_RDONLY, &map, &map_size, NULL);
- if (ret < 0)
- goto out;
- ret = is_ssh_rsa_key(map, map_size);
- if (!ret) {
- ret = -E_SSH_PARSE;
- goto out_unmap;
- }
- cp = map + ret;
- encoded_size = map_size - ret;
- PARA_INFO_LOG("decoding public rsa-ssh key %s\n", key_file);
- ret = uudecode(cp, encoded_size, (char **)&blob, &decoded_size);
- if (ret < 0)
- goto out_unmap;
- ret = check_ssh_key_header(blob, decoded_size);
- if (ret < 0)
- goto out_unmap;
- ret = read_rsa_bignums(blob + ret, decoded_size - ret, &key->rsa);
- if (ret < 0)
- goto out_unmap;
- ret = RSA_size(key->rsa);
-out_unmap:
- ret2 = para_munmap(map, map_size);
- if (ret >= 0 && ret2 < 0)
- ret = ret2;
-out:
- if (ret < 0) {
- free(key);
- *result = NULL;
- PARA_ERROR_LOG("key %s: %s\n", key_file, para_strerror(-ret));
- } else
- *result = key;
- free(blob);
- return ret;
-}
-
-void free_public_key(struct asymmetric_key *key)
-{
- if (!key)
- return;
- RSA_free(key->rsa);
- free(key);
-}
-
-int priv_decrypt(const char *key_file, unsigned char *outbuf,
- unsigned char *inbuf, int inlen)
-{
- struct asymmetric_key *priv;
- int ret;
-
- ret = check_private_key_file(key_file);
- if (ret < 0)
- return ret;
- if (inlen < 0)
- return -E_RSA;
- priv = para_malloc(sizeof(*priv));
- ret = get_private_key(key_file, &priv->rsa);
- if (ret < 0) {
- free(priv);
- return ret;
- }
- /*
- * RSA is vulnerable to timing attacks. Generate a random blinding
- * factor to protect against this kind of attack.
- */
- ret = -E_BLINDING;
- if (RSA_blinding_on(priv->rsa, NULL) == 0)
- goto out;
- ret = RSA_private_decrypt(inlen, inbuf, outbuf, priv->rsa,
- RSA_PKCS1_OAEP_PADDING);
- RSA_blinding_off(priv->rsa);
- if (ret <= 0)
- ret = -E_DECRYPT;
-out:
- RSA_free(priv->rsa);
- free(priv);
- return ret;
-}
-
-int pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf,
- unsigned len, unsigned char *outbuf)
-{
- int ret, flen = len; /* RSA_public_encrypt expects a signed int */
-
- if (flen < 0)
- return -E_ENCRYPT;
- ret = RSA_public_encrypt(flen, inbuf, outbuf, pub->rsa,
- RSA_PKCS1_OAEP_PADDING);
- return ret < 0? -E_ENCRYPT : ret;
-}
-
-struct stream_cipher {
- EVP_CIPHER_CTX *aes;
-};
-
-struct stream_cipher *sc_new(const unsigned char *data, int len)
-{
- struct stream_cipher *sc = para_malloc(sizeof(*sc));
-
- assert(len >= 2 * AES_CRT128_BLOCK_SIZE);
- sc->aes = EVP_CIPHER_CTX_new();
- EVP_EncryptInit_ex(sc->aes, EVP_aes_128_ctr(), NULL, data,
- data + AES_CRT128_BLOCK_SIZE);
- return sc;
-}
-
-void sc_free(struct stream_cipher *sc)
-{
- if (!sc)
- return;
- EVP_CIPHER_CTX_free(sc->aes);
- free(sc);
-}
-
-static void aes_ctr128_crypt(EVP_CIPHER_CTX *ctx, struct iovec *src,
- struct iovec *dst)
-{
- int ret, inlen = src->iov_len, outlen, tmplen;
-
- *dst = (typeof(*dst)) {
- /* Add one for the terminating zero byte. */
- .iov_base = para_malloc(inlen + 1),
- .iov_len = inlen
- };
- ret = EVP_EncryptUpdate(ctx, dst->iov_base, &outlen, src->iov_base, inlen);
- assert(ret != 0);
- ret = EVP_EncryptFinal_ex(ctx, dst->iov_base + outlen, &tmplen);
- assert(ret != 0);
- outlen += tmplen;
- ((char *)dst->iov_base)[outlen] = '\0';
- dst->iov_len = outlen;
-}
-
-void sc_crypt(struct stream_cipher *sc, struct iovec *src, struct iovec *dst)
-{
- return aes_ctr128_crypt(sc->aes, src, dst);
-}
-
-void hash_function(const char *data, unsigned long len, unsigned char *hash)
-{
- SHA_CTX c;
- SHA1_Init(&c);
- SHA1_Update(&c, data, len);
- SHA1_Final(hash, &c);
-}
/** \file crypt.h Public crypto interface. */
+/*
+ * Asymmetric pubkey cryptosystem (apc).
+ *
+ * This is just RSA, but this fact is a hidden implementation detail.
+ */
-/* These are used to distinguish between loading of private/public key. */
-
-/** The key to load is a public key. */
-#define LOAD_PUBLIC_KEY 0
-/** The key to load is a private key. */
-#define LOAD_PRIVATE_KEY 1
/** The size of the challenge sent to the client. */
-#define CHALLENGE_SIZE 64
+#define APC_CHALLENGE_SIZE 64
/** Opaque structure for public and private keys. */
struct asymmetric_key;
*
* \return The size of the encrypted data on success, negative on errors.
*/
-int pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf,
+int apc_pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf,
unsigned len, unsigned char *outbuf);
/**
*
* \return The size of the recovered plaintext on success, negative on errors.
*/
-int priv_decrypt(const char *key_file, unsigned char *outbuf,
+int apc_priv_decrypt(const char *key_file, unsigned char *outbuf,
unsigned char *inbuf, int inlen);
/**
*
* \return The size of the key on success, negative on errors.
*/
-int get_public_key(const char *key_file, struct asymmetric_key **result);
+int apc_get_pubkey(const char *key_file, struct asymmetric_key **result);
/**
* Deallocate a public key.
*
* \param key Pointer to the key structure to free.
*
- * This should be called for keys obtained by get_public_key() if the key is no
+ * This should be called for keys obtained by \ref apc_get_pubkey() if the key is no
* longer needed.
*/
-void free_public_key(struct asymmetric_key *key);
+void apc_free_pubkey(struct asymmetric_key *key);
/**
void get_random_bytes_or_die(unsigned char *buf, int num);
/**
- * Seed pseudo random number generators.
+ * Initialize the crypto backend.
*
- * This function seeds the PRNG used by random() with a random seed obtained
- * from the crypto implementation. On errors, an error message is logged and
- * the function calls exit().
+ * This function initializes the crypto library and seeds the pseudo random
+ * number generator used by random() with a random seed obtained from the
+ * crypto implementation. On errors, an error message is logged and the
+ * function calls exit().
*
* \sa \ref get_random_bytes_or_die(), srandom(3), random(3), \ref
* para_random().
*/
-void init_random_seed_or_die(void);
+void crypt_init(void);
+/** Allocate all resources of the crypto backend. */
+void crypt_shutdown(void);
/** Opaque structure for stream ciphers. */
struct stream_cipher;
/** AES block size in bytes. */
#define AES_CRT128_BLOCK_SIZE 16
-size_t is_ssh_rsa_key(char *data, size_t size);
-int check_ssh_key_header(const unsigned char *blob, int blen);
+int decode_ssh_key(const char *filename, unsigned char **blob,
+ size_t *decoded_size);
int check_private_key_file(const char *file);
#include "crypt.h"
#include "crypt_backend.h"
#include "portable_io.h"
+#include "fd.h"
+#include "base64.h"
/** If the key begins with this text, we treat it as an ssh key. */
#define KEY_TYPE_TXT "ssh-rsa"
-/**
- * Check if given buffer starts with a ssh rsa key signature.
- *
- * \param data The buffer.
- * \param size Number of data bytes.
+/*
+ * Check if the given buffer starts with an ssh rsa key signature.
*
- * \return Number of header bytes to be skipped on success, zero if
- * ssh rsa signature was not found.
+ * Returns number of header bytes to be skipped on success, zero if no ssh rsa
+ * signature was found.
*/
-size_t is_ssh_rsa_key(char *data, size_t size)
+static size_t is_ssh_rsa_key(char *data, size_t size)
{
char *cp;
return cp - data;
}
-/**
- * Sanity checks for the header of an ssh key.
- *
- * \param blob The buffer.
- * \param blen The number of bytes of \a blob.
+/*
+ * Perform some sanity checks on the decoded ssh key.
*
- * This performs some checks to make sure we really have an ssh key. It also
- * computes the offset in bytes of the start of the key values (modulus,
- * exponent..).
- *
- * \return The number of bytes to skip until the start of the first encoded
- * number (usually 11).
+ * This function returns the size of the header. Usually, the header is 11
+ * bytes long: four bytes for the length field, and the string "ssh-rsa".
*/
-int check_ssh_key_header(const unsigned char *blob, int blen)
+static int check_ssh_key_header(const unsigned char *blob, int blen)
{
const unsigned char *p = blob, *end = blob + blen;
uint32_t rlen;
return 4 + rlen;
}
+/**
+ * Perform sanity checks and base64-decode an ssh-rsa key.
+ *
+ * \param filename The public key file (usually id_rsa.pub).
+ * \param blob Pointer to base64-decoded blob is returned here.
+ * \param decoded_size The size of the decoded blob.
+ *
+ * The memory pointed at by the returned blob pointer has to be freed by the
+ * caller.
+ *
+ * \return On success, the offset in bytes of the start of the key values
+ * (modulus, exponent..). This is the number of bytes to skip from the blob
+ * until the start of the first encoded number. On failure, a negative error
+ * code is returned.
+ *
+ * \sa \ref uudecode().
+ */
+int decode_ssh_key(const char *filename, unsigned char **blob,
+ size_t *decoded_size)
+{
+ int ret, ret2;
+ void *map;
+ size_t map_size;
+
+ ret = mmap_full_file(filename, O_RDONLY, &map, &map_size, NULL);
+ if (ret < 0)
+ return ret;
+ ret = is_ssh_rsa_key(map, map_size);
+ if (ret == 0) {
+ ret = -E_SSH_PARSE;
+ goto unmap;
+ }
+ ret = uudecode(map + ret, map_size - ret, (char **)blob, decoded_size);
+ if (ret < 0)
+ goto unmap;
+ ret = check_ssh_key_header(*blob, *decoded_size);
+ if (ret < 0)
+ goto unmap;
+unmap:
+ ret2 = para_munmap(map, map_size);
+ if (ret >= 0 && ret2 < 0)
+ ret = ret2;
+ return ret;
+}
+
/**
* Check existence and permissions of a private key file.
*
/** Used for colored log messages. */
char log_colors[NUM_LOGLEVELS][COLOR_MAXLEN];
char *old_cwd;
+ /*
+ * If these pointers are non-NULL, the functions are called from
+ * daemon_log() before and after writing each log message.
+ */
+ void (*pre_log_hook)(void);
+ void (*post_log_hook)(void);
};
static struct daemon the_daemon, *me = &the_daemon;
me->loglevel = ret;
}
+void daemon_set_hooks(void (*pre_log_hook)(void), void (*post_log_hook)(void))
+{
+ me->pre_log_hook = pre_log_hook;
+ me->post_log_hook = post_log_hook;
+}
+
/**
* Set one of the daemon config flags.
*
return;
fp = me->logfile? me->logfile : stderr;
+ if (me->pre_log_hook)
+ me->pre_log_hook();
color = daemon_test_flag(DF_COLOR_LOG)? me->log_colors[ll] : NULL;
if (color)
fprintf(fp, "%s", color);
va_end(argp);
if (color)
fprintf(fp, "%s", COLOR_RESET);
+ if (me->post_log_hook)
+ me->post_log_hook();
}
time_t daemon_get_uptime(const struct timeval *current_time);
__malloc char *daemon_get_uptime_str(const struct timeval *current_time);
void daemon_set_logfile(const char *logfile_name);
+void daemon_set_hooks(void (*pre_log_hook)(void), void (*post_log_hook)(void));
void daemon_set_flag(unsigned flag);
void daemon_set_loglevel(const char *loglevel);
bool daemon_init_colors_or_die(int color_arg, int color_arg_auto,
#include "sched.h"
#include "vss.h"
#include "fd.h"
-#include "close_on_fork.h"
-#include "chunk_queue.h"
-#include "acl.h"
static struct sender_status dccp_sender_status, *dss = &dccp_sender_status;
static void dccp_pre_select(int *max_fileno, fd_set *rfds,
__a_unused fd_set *wfds)
{
- if (dss->listen_fd >= 0)
- para_fd_set(dss->listen_fd, rfds, max_fileno);
+ unsigned n;
+
+ FOR_EACH_LISTEN_FD(n, dss)
+ if (dss->listen_fds[n] >= 0)
+ para_fd_set(dss->listen_fds[n], rfds, max_fileno);
}
/**
dccp_shutdown_client(sc);
}
+static void dccp_shutdown(void)
+{
+ dccp_shutdown_clients();
+ generic_acl_deplete(&dss->acl);
+}
+
/** * Obtain current MPS according to RFC 4340, sec. 14. */
static int dccp_init_fec(struct sender_client *sc)
{
return result;
}
-/**
- * The init function of the dccp sender.
- *
- * \param s pointer to the dccp sender struct.
- *
- * It initializes all function pointers of \a s and starts
- * listening on the given port.
+/*
+ * Initialize the client list and the access control list and listen on the
+ * dccp port.
*/
-void dccp_send_init(struct sender *s)
+static void dccp_send_init(void)
{
- s->status = dccp_status;
- s->send = NULL;
- s->pre_select = dccp_pre_select;
- s->post_select = dccp_post_select;
- s->shutdown_clients = dccp_shutdown_clients;
- s->resolve_target = NULL;
- s->help = generic_sender_help;
- s->client_cmds[SENDER_on] = dccp_com_on;
- s->client_cmds[SENDER_off] = dccp_com_off;
- s->client_cmds[SENDER_deny] = dccp_com_deny;
- s->client_cmds[SENDER_allow] = dccp_com_allow;
- s->client_cmds[SENDER_add] = NULL;
- s->client_cmds[SENDER_delete] = NULL;
-
init_sender_status(dss, OPT_RESULT(DCCP_ACCESS),
+ OPT_RESULT(DCCP_LISTEN_ADDRESS),
OPT_UINT32_VAL(DCCP_PORT), OPT_UINT32_VAL(DCCP_MAX_CLIENTS),
OPT_GIVEN(DCCP_DEFAULT_DENY));
generic_com_on(dss, IPPROTO_DCCP);
}
+
+/**
+ * The DCCP sender.
+ *
+ * This sender offers congestion control not available in plain TCP. Most
+ * methods of the sender structure are implemented as simple wrappers for the
+ * generic functions defined in \ref send_common.c. Like UDP streams, DCCP
+ * streams are sent FEC-encoded.
+ */
+const struct sender dccp_sender = {
+ .name = "dccp",
+ .init = dccp_send_init,
+ .shutdown = dccp_shutdown,
+ .pre_select = dccp_pre_select,
+ .post_select = dccp_post_select,
+ .shutdown_clients = dccp_shutdown_clients,
+ .client_cmds = {
+ [SENDER_on] = dccp_com_on,
+ [SENDER_off] = dccp_com_off,
+ [SENDER_deny] = dccp_com_deny,
+ [SENDER_allow] = dccp_com_allow,
+ },
+ .help = generic_sender_help,
+ .status = dccp_status,
+};
PARA_ERROR(BTR_EOF, "buffer tree: end of file"), \
PARA_ERROR(BTR_NAVAIL, "btr node: value currently unavailable"), \
PARA_ERROR(BTR_NO_CHILD, "btr node has no children"), \
+ PARA_ERROR(CHILD_CONTEXT, "now running in child context"), \
PARA_ERROR(CHMOD, "failed to set socket mode"), \
PARA_ERROR(CLIENT_SYNTAX, "syntax error"), \
PARA_ERROR(CLIENT_WRITE, "client write error"), \
PARA_ERROR(TARGET_EXISTS, "requested target is already present"),\
PARA_ERROR(TARGET_NOT_FOUND, "requested target not found"), \
PARA_ERROR(TASK_STARTED, "task started"), \
+ PARA_ERROR(DEADLY_SIGNAL, "termination request by signal"), \
PARA_ERROR(TOO_MANY_CLIENTS, "maximal number of stat clients exceeded"), \
PARA_ERROR(UCRED_PERM, "permission denied"), \
PARA_ERROR(UDP_OVERRUN, "output buffer overrun"), \
*max_fileno = PARA_MAX(*max_fileno, fd);
}
-/**
- * Paraslash's wrapper for fgets(3).
- *
- * \param line Pointer to the buffer to store the line.
- * \param size The size of the buffer given by \a line.
- * \param f The stream to read from.
- *
- * \return Unlike the standard fgets() function, an integer value
- * is returned. On success, this function returns 1. On errors, -E_FGETS
- * is returned. A zero return value indicates an end of file condition.
- */
-__must_check int para_fgets(char *line, int size, FILE *f)
-{
-again:
- if (fgets(line, size, f))
- return 1;
- if (feof(f))
- return 0;
- if (!ferror(f))
- return -E_FGETS;
- if (errno != EINTR) {
- PARA_ERROR_LOG("%s\n", strerror(errno));
- return -E_FGETS;
- }
- clearerr(f);
- goto again;
-}
-
/**
* Paraslash's wrapper for mmap.
*
__must_check int mark_fd_nonblocking(int fd);
__must_check int mark_fd_blocking(int fd);
void para_fd_set(int fd, fd_set *fds, int *max_fileno);
-__must_check int para_fgets(char *line, int size, FILE *f);
int para_mmap(size_t length, int prot, int flags, int fd, void *map);
int para_open(const char *path, int flags, mode_t mode);
int para_mkdir(const char *path, mode_t mode);
* call to gcry_check_version() initializes the gcrypt library and checks that
* we have at least the minimal required version.
*/
-void init_random_seed_or_die(void)
+void crypt_init(void)
{
const char *req_ver = "1.5.0";
int seed;
req_ver, gcry_check_version(NULL));
exit(EXIT_FAILURE);
}
+
+ /*
+ * Allocate a pool of secure memory. This also drops privileges where
+ * needed.
+ */
+ gcry_control(GCRYCTL_INIT_SECMEM, 65536, 0);
+
+ /* Tell Libgcrypt that initialization has completed. */
+ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+
get_random_bytes_or_die((unsigned char *)&seed, sizeof(seed));
srandom(seed);
}
+void crypt_shutdown(void)
+{
+ /*
+ * WK does not see a way to apply a patch for the sake of Valgrind, so
+ * as of 2018 libgrypt has no deinitialization routine to free the
+ * resources on exit.
+ */
+}
+
/** S-expression for the public part of an RSA key. */
#define RSA_PUBKEY_SEXP "(public-key (rsa (n %m) (e %m)))"
/** S-expression for a private RSA key. */
return ret;
}
-static int get_ssh_public_key(unsigned char *data, int size, gcry_sexp_t *result)
+int apc_get_pubkey(const char *key_file, struct asymmetric_key **result)
{
+ unsigned char *blob, *p, *end;
int ret;
gcry_error_t gret;
- unsigned char *blob = NULL, *p, *end;
size_t nr_scanned, erroff, decoded_size;
- gcry_mpi_t e = NULL, n = NULL;
+ gcry_mpi_t e, n;
+ gcry_sexp_t sexp;
+ struct asymmetric_key *key;
- PARA_DEBUG_LOG("decoding %d byte public rsa-ssh key\n", size);
- ret = uudecode((char *)data, size, (char **)&blob, &decoded_size);
+ ret = decode_ssh_key(key_file, &blob, &decoded_size);
if (ret < 0)
- goto free_blob;
- end = blob + decoded_size;
- dump_buffer("decoded key", blob, decoded_size);
- ret = check_ssh_key_header(blob, decoded_size);
- if (ret < 0)
- goto free_blob;
+ return ret;
p = blob + ret;
- ret = -E_SSH_PARSE;
- if (p >= end)
- goto free_blob;
+ end = blob + decoded_size;
PARA_DEBUG_LOG("scanning modulus and public exponent\n");
gret = gcry_mpi_scan(&e, GCRYMPI_FMT_SSH, p, end - p, &nr_scanned);
if (gret) {
goto free_blob;
}
PARA_DEBUG_LOG("scanned e (%zu bytes)\n", nr_scanned);
-// gcry_mpi_aprint(GCRYMPI_FMT_HEX, &buf, NULL, rsa_e);
-// PARA_CRIT_LOG("e: %s\n", buf);
p += nr_scanned;
if (p >= end)
goto release_e;
goto release_e;
}
PARA_DEBUG_LOG("scanned n (%zu bytes)\n", nr_scanned);
-// gcry_mpi_aprint(GCRYMPI_FMT_HEX, &buf, NULL, rsa_n);
-// PARA_CRIT_LOG("n: %s\n", buf);
- gret = gcry_sexp_build(result, &erroff, RSA_PUBKEY_SEXP, n, e);
+ gret = gcry_sexp_build(&sexp, &erroff, RSA_PUBKEY_SEXP, n, e);
if (gret) {
PARA_ERROR_LOG("offset %zu: %s\n", erroff,
gcry_strerror(gcry_err_code(gret)));
ret = -E_SEXP_BUILD;
goto release_n;
}
- ret = nr_scanned / 32 * 32;
+ ret = ROUND_DOWN(nr_scanned, 32);
PARA_INFO_LOG("successfully read %d bit ssh public key\n", ret * 8);
+ key = para_malloc(sizeof(*key));
+ key->num_bytes = ret;
+ key->sexp = sexp;
+ *result = key;
release_n:
gcry_mpi_release(n);
release_e:
return ret;
}
-int get_public_key(const char *key_file, struct asymmetric_key **result)
-{
- int ret, ret2;
- void *map;
- size_t map_size;
- unsigned char *start, *end;
- gcry_sexp_t sexp;
- struct asymmetric_key *key;
-
- ret = mmap_full_file(key_file, O_RDONLY, &map, &map_size, NULL);
- if (ret < 0)
- return ret;
- ret = is_ssh_rsa_key(map, map_size);
- if (!ret) {
- para_munmap(map, map_size);
- return -E_SSH_PARSE;
- }
- start = map + ret;
- end = map + map_size;
- ret = -E_SSH_PARSE;
- if (start >= end)
- goto unmap;
- ret = get_ssh_public_key(start, end - start, &sexp);
- if (ret < 0)
- goto unmap;
- key = para_malloc(sizeof(*key));
- key->num_bytes = ret;
- key->sexp = sexp;
- *result = key;
-unmap:
- ret2 = para_munmap(map, map_size);
- if (ret >= 0 && ret2 < 0)
- ret = ret2;
- return ret;
-}
-
-void free_public_key(struct asymmetric_key *key)
+void apc_free_pubkey(struct asymmetric_key *key)
{
if (!key)
return;
return 1;
}
-int priv_decrypt(const char *key_file, unsigned char *outbuf,
+int apc_priv_decrypt(const char *key_file, unsigned char *outbuf,
unsigned char *inbuf, int inlen)
{
gcry_error_t gret;
return ret;
}
-int pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf,
+int apc_pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf,
unsigned len, unsigned char *outbuf)
{
gcry_error_t gret;
switch (ret) {
case SIGTERM:
die(EXIT_FAILURE, "only the good die young (caught SIGTERM)\n");
+ case SIGWINCH:
+ PARA_NOTICE_LOG("got SIGWINCH\n");
+ if (curses_active()) {
+ shutdown_curses();
+ init_curses();
+ redraw_bot_win();
+ }
+ return 1;
case SIGINT:
return 1;
case SIGUSR1:
ret = wgetch(top.win);
if (ret == ERR)
return 0;
- if (ret == KEY_RESIZE) {
- if (curses_active()) {
- shutdown_curses();
- init_curses();
- redraw_bot_win();
- }
+ if (ret == KEY_RESIZE) /* already handled in signal_post_select() */
return 0;
- }
if (exs == EXEC_IDLE)
handle_command(ret);
else if (exec_pid > 0)
para_install_sighandler(SIGTERM);
para_install_sighandler(SIGCHLD);
para_install_sighandler(SIGUSR1);
+ para_install_sighandler(SIGWINCH);
signal_task->task = task_register(&(struct task_info) {
.name = "signal",
.pre_select = signal_pre_select,
#include "close_on_fork.h"
#include "fd.h"
#include "chunk_queue.h"
-#include "acl.h"
/** Message sent to clients that do not send a valid get request. */
#define HTTP_ERR_MSG "HTTP/1.0 400 Bad Request\n"
shutdown_clients(hss);
}
+static void http_shutdown(void)
+{
+ http_shutdown_clients();
+ generic_acl_deplete(&hss->acl);
+}
+
static int queue_chunk_or_shutdown(struct sender_client *sc,
struct sender_status *ss, const char *buf, size_t num_bytes)
{
static void http_pre_select(int *max_fileno, fd_set *rfds, fd_set *wfds)
{
struct sender_client *sc, *tmp;
+ unsigned n;
- if (hss->listen_fd < 0)
- return;
- para_fd_set(hss->listen_fd, rfds, max_fileno);
+ FOR_EACH_LISTEN_FD(n, hss) {
+ if (hss->listen_fds[n] < 0)
+ continue;
+ para_fd_set(hss->listen_fds[n], rfds, max_fileno);
+ }
list_for_each_entry_safe(sc, tmp, &hss->client_list, node) {
struct private_http_sender_data *phsd = sc->private_data;
if (phsd->status == HTTP_CONNECTED) /* need to recv get request */
return generic_sender_status(hss, "http");
}
-/**
- * The init function of the http sender.
- *
- * \param s Pointer to the http sender struct.
- *
- * It initializes all function pointers of \a s, the client list and the access
- * control list. If the autostart option was given, the tcp port is opened.
+/*
+ * Initialize the client list and the access control list, and optionally
+ * listen on the tcp port.
*/
-void http_send_init(struct sender *s)
+static void http_send_init(void)
{
- s->status = http_status;
- s->send = http_send;
- s->pre_select = http_pre_select;
- s->post_select = http_post_select;
- s->shutdown_clients = http_shutdown_clients;
- s->resolve_target = NULL;
- s->help = generic_sender_help;
- s->client_cmds[SENDER_on] = http_com_on;
- s->client_cmds[SENDER_off] = http_com_off;
- s->client_cmds[SENDER_deny] = http_com_deny;
- s->client_cmds[SENDER_allow] = http_com_allow;
- s->client_cmds[SENDER_add] = NULL;
- s->client_cmds[SENDER_delete] = NULL;
-
init_sender_status(hss, OPT_RESULT(HTTP_ACCESS),
+ OPT_RESULT(HTTP_LISTEN_ADDRESS),
OPT_UINT32_VAL(HTTP_PORT), OPT_UINT32_VAL(HTTP_MAX_CLIENTS),
OPT_GIVEN(HTTP_DEFAULT_DENY));
if (OPT_GIVEN(HTTP_NO_AUTOSTART))
return;
generic_com_on(hss, IPPROTO_TCP);
}
+
+/**
+ * The HTTP sender.
+ *
+ * This is the only sender which does not FEC-encode the stream. This is not
+ * necessary because HTTP sits on top of TCP, a reliable transport which
+ * retransmits lost packets automatically. The sender employs per-client queues
+ * which queue chunks of audio data if they can not be sent immediately because
+ * the write operation would block. Most methods of the sender are implemented
+ * as wrappers for the generic functions defined in \ref send_common.c.
+ */
+const struct sender http_sender = {
+ .name = "http",
+ .init = http_send_init,
+ .shutdown = http_shutdown,
+ .pre_select = http_pre_select,
+ .post_select = http_post_select,
+ .send = http_send,
+ .shutdown_clients = http_shutdown_clients,
+ .client_cmds = {
+ [SENDER_on] = http_com_on,
+ [SENDER_off] = http_com_off,
+ [SENDER_deny] = http_com_deny,
+ [SENDER_allow] = http_com_allow,
+ },
+ .help = generic_sender_help,
+ .status = http_status,
+};
purpose = communicate with para_audiod through a local socket
non-opts-name = [command [options]]
[description]
- The client program to control para_audiod at runtime. It allows to
- enable/disable streaming, to receive status info, or to grab the
- audio stream at any point of the decoding process.
+ The client program to control para_audiod at runtime. It can
+ enable/disable streaming, receive status info, or grab the audio
+ stream at any point of the decoding process.
If no command is given, para_audioc enters interactive mode.
[/description]
[supercommand para_filter]
purpose = decode or process audio data from STDIN to STDOUT
[description]
- This program allows to specify a chain of filters which transform the
- audio stream read from STDIN. A common mode of operation is to decode
- an mp3 file with the mp3dec filter, but many other filters exist which
+ This program transforms the audio stream read from STDIN by chaining
+ one or more filters. A common mode of operation is to decode an
+ mp3 file with the mp3dec filter, but many other filters exist which
transform the audio stream in different ways.
[/description]
m4_include(common-option-section.m4)
through all given filters (in a single thread without copying the
data). The same filter may appear more than once, and order matters.
[/help]
+[section Examples]
+ .IP \(bu 4
+ Decode a wma file to wav format:
+ .EX
+ \ para_filter -f wmadec -f wav < file.wma > file.wav
+ .EE
+ .IP \(bu 4
+ Amplify a raw audio file by a factor of 1.5:
+ .EX
+ \ para_filter -f amp --amp 32 < foo.raw > bar.raw
+ .EE
+[/section]
summary = show milliseconds in log messages
[help]
Selecting this option causes milliseconds to be included in
- the log message output. This allows to measure the interval
+ the log message output. This allows measuring of the interval
between log messages in milliseconds which is useful for
identifying timing problems.
[/help]
purpose = command line audio player
non-opts-name = <audio_file>...
[description]
- para_play operates either in command mode or in insert mode. In
- insert mode it presents a prompt and allows to enter commands like
+ para_play operates either in command mode or in insert mode. In insert
+ mode it presents a prompt and allows the user to enter commands like
stop, play, pause etc. In command mode the current audio file and the
playback position are shown and the program reads single key strokes
from stdin. Keys may be mapped to commands so that the configured
m4_include(log-timing.m4)
m4_include(color.m4)
m4_include(per-command-options-section.m4)
+ [option listen-address]
+ summary = local listening addresses for the control service
+ arg_info = required_arg
+ arg_type = string
+ typestr = addr
+ flag multiple
+ [help]
+ para_server listens on a TCP socket for incoming connections from
+ para_client or para_audiod. This option controls on which addresses
+ the server should listen. If the option is not given, the server
+ listens on all local addresses (INADDR_ANY for IPv4 addresses,
+ IN6ADDR_ANY_INIT for IPv6 addresses).
+
+ The argument specifies an IPv4 or an IPv6 address, either a numerical
+ network address (for IPv4, numbers-and-dots notation as supported
+ by inet_aton(3); for IPv6, hexadecimal string format as supported
+ by inet_pton(3)), or a network hostname, whose network addresses is
+ looked up and resolved. The address can optionally include a port
+ number. For addresses for which no port number is given, the argument
+ of the --port option (see below) is implied.
+
+ This option may be given multiple times. The server will then listen
+ on each of the specified addresses.
+
+ Examples: 10.10.1.1, 10.10.1.2:2991, localhost, localhost:2991,
+ [::1]:2991, [badc0de::1].
+ [/help]
[option port]
short_opt = p
- summary = listening port of the paraslash control service
+ summary = listening port of the control service
arg_info = required_arg
arg_type = uint32
typestr = portnumber
default_val = 2990
[help]
- para_server listens on this TCP port for incoming connections
- from clients such as para_client. If the default port is changed,
- the corresponding option of para_client must be used to connect
- to para_server.
+ This option applies only to addresses given to --listen-address
+ (see above) which do no include a port number. If the default port
+ is changed, the corresponding option of para_client must be used to
+ connect to para_server.
[/help]
[option user-list]
summary = file which contains user names and credentials
[option http]
summary = Options for the http sender
flag ignored
+ [option http-listen-address]
+ summary = listening addresses of the http sender
+ arg_info = required_arg
+ arg_type = string
+ typestr = addr
+ flag multiple
+ [help]
+ The http sender of para_server listens on this port for incoming data
+ connections. This option controls on which addresses the http sender
+ should listen. See the documentation of the --listen-address above
+ for the format of the address argument and the defaults.
+ [/help]
[option http-port]
summary = TCP port for http streaming
arg_info = required_arg
typestr = portnumber
default_val = 8000
[help]
- The http sender of para_server listens on this port for incoming
- connections. Clients are expected to send the usual http request
- message such as 'GET / HTTP/'.
+ This option has the same meaning as --port, but applies to http
+ data connections and applies to the addresses specified as arguments
+ to --http-listen-address.
[/help]
[option http-default-deny]
summary = make the http access control list a whitelist
[help]
The default is to use blacklists, i.e. connections to the http sender
- are allowed unless the connecting host matches a pattern given by a
- http-access option. This allows to use access control the other way
- round: Connections are denied from hosts which are not explicitly
- allowed by one or more http-access options.
+ are allowed unless the connecting host matches a pattern given by
+ a http-access option. This option allows using access control lists
+ the other way round: Connections are denied from hosts which are not
+ explicitly allowed by one or more http-access options.
[/help]
[option http-access]
summary = add an entry to the http access control list
[option dccp]
summary = Options for the dccp sender
flag ignored
+ [option dccp-listen-address]
+ summary = listening addresses of the dccp sender
+ arg_info = required_arg
+ arg_type = string
+ typestr = addr
+ flag multiple
+ [help]
+ Like --http-listen-address, but for the dccp sender.
+ [/help]
[option dccp-port]
summary = port for dccp streaming
arg_info = required_arg
(path MTU) of an incoming connection, i.e. on the largest packet size
that can be transmitted without causing fragmentation.
- This option allows to use a value less than the MPS in order to
- fine-tune application performance. Values greater than the MPS of an
- incoming connection can not be set.
+ This option allows values less than the MPS in order to fine-tune
+ application performance. Values greater than the MPS of an incoming
+ connection can not be set.
[/help]
[option dccp-data-slices-per-group]
summary = the number of non-redundant slices per FEC group
[subcommand sender]
purpose = control paraslash senders
- synopsis = [sender cmd [arguments]]
+ synopsis = [sender subcmd [arguments]]
aux_info = VSS_READ | VSS_WRITE
[description]
- Send a command to a specific sender. The following commands are
- available, but not all senders support every command.
+ This command executes a subcommand for the given sender, which is
+ one of "http", "dccp" or "udp". Various subcommands exist to print
+ information about the sender, to activate and deactivate the sender,
+ and to change the access permissions and targets. The following
+ subcommands are available:
- help, on, off, add, delete, allow, deny, status.
+ help, status, on, off, allow, deny, add, delete.
- The help command prints the help text of the given sender. If no
- command is given the list of available senders is shown.
+ All senders support the first four commands. The "allow" and "deny"
+ commands are supported by the http and the dccp senders while "add"
+ and "delete" are only supported by the udp sender. If no sender is
+ given, the list of available senders is shown.
- Example:
+ Examples:
+
+ Get help for the udp sender (contains further examples):
+
+ sender udp help
+
+ Show the access control list and the number of connected clients of
+ the http sender:
+
+ sender http status
+
+ Senders may be activated and deactivated independently of each
+ other. The following command switches off the dccp sender:
+
+ sender dccp off
+
+ Add an UDP unicast for a client to the target list of the UDP sender:
+
+ sender udp add client.foo.org
+
+ Start UDP multicast, using the default multicast address:
- para_client sender http help
+ sender udp add 224.0.1.38
[/description]
* This file contains the public and the private API of the flex/bison based
* mood parser.
*
- * The public API (at the bottom of the file) allows to parse the same mood
+ * The public API (at the bottom of the file) allows parsing the same mood
* definition many times in an efficient manner.
*
* The first function to call is \ref mp_init(), which analyzes the given mood
*
* This function turns a generalized C99 string literal like "xyz\n" into a C
* string (containing the three characters 'x', 'y' and 'z', followed by a
- * newline character and the terminating zero byte). The function allows to
- * specify different quote characters so that, for example, regular expression
+ * newline character and the terminating zero byte). The function receives
+ * quote characters as an argument so that, for example, regular expression
* patterns enclosed in '/' can be parsed as well. To parse a proper string
* literal, one has to pass two double quotes as the second argument.
*
return NULL;
}
+/**
+ * Pretty-print a host/port pair.
+ *
+ * \param url NULL, or any string accepted by \ref parse_url().
+ * \param default_port Applies if url has no port.
+ *
+ * If the url argument is NULL, the function returns the string
+ * 0.0.0.0:default_port. Otherwise it calls \ref parse_url() to check the
+ * syntax of the input string given by url. On errors the string "?" is
+ * returned. Otherwise, if url contains a port, a copy of url is returned. If
+ * no port was supplied, a colon and the default port are appended to url.
+ *
+ * \return In all cases the returned string is a allocated with malloc(3) and
+ * has to be freed by the caller.
+ */
+char *format_url(const char *url, int default_port)
+{
+ char host[MAX_HOSTLEN];
+ int url_port;
+
+ if (!url)
+ return make_message("0.0.0.0:%d", default_port);
+ if (!parse_url(url, host, sizeof(host), &url_port))
+ return make_message("?");
+ if (url_port < 0)
+ return make_message("%s:%d", url, default_port);
+ else
+ return para_strdup(url);
+}
+
/**
* Stringify port number, resolve into service name where defined.
*
* Create a passive / listening socket.
*
* \param l4type The transport-layer type (\p IPPROTO_xxx).
- * \param port The decimal port number to listen on.
+ * \param addr Passed to \ref parse_url() if not NULL.
+ * \param port Ignored if addr contains a port number.
*
* \return Positive integer (socket descriptor) on success, negative value
* otherwise.
*
* \sa \ref makesock(), ip(7), ipv6(7), bind(2), listen(2).
*/
-int para_listen_simple(unsigned l4type, uint16_t port)
+int para_listen(unsigned l4type, const char *addr, uint16_t port)
{
- int ret, fd = makesock(l4type, 1, NULL, port, NULL);
-
+ char host[MAX_HOSTLEN];
+ int ret, fd, addr_port;
+
+ if (addr) {
+ if (!parse_url(addr, host, sizeof(host), &addr_port))
+ return -ERRNO_TO_PARA_ERROR(EINVAL);
+ if (addr_port > 0)
+ port = addr_port;
+ addr = host;
+ }
+ fd = makesock(l4type, true /* passive */, addr, port,
+ NULL /* no flowopts */);
if (fd > 0) {
ret = listen(fd, BACKLOG);
if (ret < 0) {
return fd;
}
+/**
+ * Create a socket which listens on all network addresses.
+ *
+ * \param l4type See \ref para_listen().
+ * \param port See \ref para_listen().
+ *
+ * This is a simple wrapper for \ref para_listen() which passes a NULL pointer
+ * as the address information.
+ *
+ * \return See \ref para_listen().
+ */
+int para_listen_simple(unsigned l4type, uint16_t port)
+{
+ return para_listen(l4type, NULL, port);
+}
+
/**
* Determine IPv4/v6 socket address length.
* \param sa Container of IPv4 or IPv6 address.
char *addr, ssize_t addrlen, int32_t *netmask);
extern char *parse_url(const char *url,
char *host, ssize_t hostlen, int32_t *port);
+char *format_url(const char *url, int default_port);
extern const char *stringify_port(int port, const char *transport);
/**
* Ensure that string conforms to the IPv4 address format.
/** How many pending connections queue of a listening server will hold. */
#define BACKLOG 10
+int para_listen(unsigned l4type, const char *addr, uint16_t port);
int para_listen_simple(unsigned l4type, uint16_t port);
/** Pretty-printing of IPv4/6 socket addresses */
--- /dev/null
+/* Copyright (C) 2005 Andre Noll <maan@tuebingen.mpg.de>, see file COPYING. */
+
+/** \file openssl.c Openssl-based encryption/decryption routines. */
+
+#include <regex.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/sha.h>
+#include <openssl/bn.h>
+#include <openssl/aes.h>
+
+#include "para.h"
+#include "error.h"
+#include "string.h"
+#include "crypt.h"
+#include "crypt_backend.h"
+#include "portable_io.h"
+
+struct asymmetric_key {
+ RSA *rsa;
+};
+
+void get_random_bytes_or_die(unsigned char *buf, int num)
+{
+ unsigned long err;
+
+ /* RAND_bytes() returns 1 on success, 0 otherwise. */
+ if (RAND_bytes(buf, num) == 1)
+ return;
+ err = ERR_get_error();
+ PARA_EMERG_LOG("%s\n", ERR_reason_error_string(err));
+ exit(EXIT_FAILURE);
+}
+
+/*
+ * Read 64 bytes from /dev/urandom and add them to the SSL PRNG. Seed the PRNG
+ * used by random(3) with a random seed obtained from SSL. If /dev/urandom is
+ * not readable, the function calls exit().
+ *
+ * \sa RAND_load_file(3), \ref get_random_bytes_or_die(), srandom(3),
+ * random(3), \ref para_random().
+ */
+void crypt_init(void)
+{
+ int seed, ret = RAND_load_file("/dev/urandom", 64);
+
+ if (ret != 64) {
+ PARA_EMERG_LOG("could not seed PRNG (ret = %d)\n", ret);
+ exit(EXIT_FAILURE);
+ }
+ get_random_bytes_or_die((unsigned char *)&seed, sizeof(seed));
+ srandom(seed);
+}
+
+void crypt_shutdown(void)
+{
+ CRYPTO_cleanup_all_ex_data();
+}
+
+static int get_private_key(const char *path, RSA **rsa)
+{
+ EVP_PKEY *pkey;
+ BIO *bio = BIO_new(BIO_s_file());
+
+ *rsa = NULL;
+ if (!bio)
+ return -E_PRIVATE_KEY;
+ if (BIO_read_filename(bio, path) <= 0)
+ goto bio_free;
+ pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
+ if (!pkey)
+ goto bio_free;
+ *rsa = EVP_PKEY_get1_RSA(pkey);
+ EVP_PKEY_free(pkey);
+bio_free:
+ BIO_free(bio);
+ return *rsa? RSA_size(*rsa) : -E_PRIVATE_KEY;
+}
+
+/*
+ * The public key loading functions below were inspired by corresponding code
+ * of openssh-5.2p1, Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo,
+ * Finland. However, not much of the original code remains.
+ */
+
+static int read_bignum(const unsigned char *buf, size_t len, BIGNUM **result)
+{
+ const unsigned char *p = buf, *end = buf + len;
+ uint32_t bnsize;
+ BIGNUM *bn;
+
+ if (p + 4 < p)
+ return -E_BIGNUM;
+ if (p + 4 > end)
+ return -E_BIGNUM;
+ bnsize = read_u32_be(p);
+ PARA_DEBUG_LOG("bnsize: %u\n", bnsize);
+ p += 4;
+ if (p + bnsize < p)
+ return -E_BIGNUM;
+ if (p + bnsize > end)
+ return -E_BIGNUM;
+ if (bnsize > 8192)
+ return -E_BIGNUM;
+ bn = BN_bin2bn(p, bnsize, NULL);
+ if (!bn)
+ return -E_BIGNUM;
+ *result = bn;
+ return bnsize + 4;
+}
+
+static int read_rsa_bignums(const unsigned char *blob, int blen, RSA **result)
+{
+ int ret;
+ RSA *rsa;
+ BIGNUM *n, *e;
+ const unsigned char *p = blob, *end = blob + blen;
+
+ rsa = RSA_new();
+ if (!rsa)
+ return -E_BIGNUM;
+ ret = read_bignum(p, end - p, &e);
+ if (ret < 0)
+ goto fail;
+ p += ret;
+ ret = read_bignum(p, end - p, &n);
+ if (ret < 0)
+ goto fail;
+#ifdef HAVE_RSA_SET0_KEY
+ RSA_set0_key(rsa, n, e, NULL);
+#else
+ rsa->n = n;
+ rsa->e = e;
+#endif
+ *result = rsa;
+ return 1;
+fail:
+ RSA_free(rsa);
+ return ret;
+}
+
+int apc_get_pubkey(const char *key_file, struct asymmetric_key **result)
+{
+ unsigned char *blob;
+ size_t decoded_size;
+ int ret;
+ struct asymmetric_key *key = para_malloc(sizeof(*key));
+
+ ret = decode_ssh_key(key_file, &blob, &decoded_size);
+ if (ret < 0)
+ goto out;
+ ret = read_rsa_bignums(blob + ret, decoded_size - ret, &key->rsa);
+ if (ret < 0)
+ goto free_blob;
+ ret = RSA_size(key->rsa);
+ assert(ret > 0);
+ *result = key;
+free_blob:
+ free(blob);
+out:
+ if (ret < 0) {
+ free(key);
+ *result = NULL;
+ PARA_ERROR_LOG("can not load key %s\n", key_file);
+ }
+ return ret;
+}
+
+void apc_free_pubkey(struct asymmetric_key *key)
+{
+ if (!key)
+ return;
+ RSA_free(key->rsa);
+ free(key);
+}
+
+int apc_priv_decrypt(const char *key_file, unsigned char *outbuf,
+ unsigned char *inbuf, int inlen)
+{
+ struct asymmetric_key *priv;
+ int ret;
+
+ ret = check_private_key_file(key_file);
+ if (ret < 0)
+ return ret;
+ if (inlen < 0)
+ return -E_RSA;
+ priv = para_malloc(sizeof(*priv));
+ ret = get_private_key(key_file, &priv->rsa);
+ if (ret < 0) {
+ free(priv);
+ return ret;
+ }
+ /*
+ * RSA is vulnerable to timing attacks. Generate a random blinding
+ * factor to protect against this kind of attack.
+ */
+ ret = -E_BLINDING;
+ if (RSA_blinding_on(priv->rsa, NULL) == 0)
+ goto out;
+ ret = RSA_private_decrypt(inlen, inbuf, outbuf, priv->rsa,
+ RSA_PKCS1_OAEP_PADDING);
+ RSA_blinding_off(priv->rsa);
+ if (ret <= 0)
+ ret = -E_DECRYPT;
+out:
+ RSA_free(priv->rsa);
+ free(priv);
+ return ret;
+}
+
+int apc_pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf,
+ unsigned len, unsigned char *outbuf)
+{
+ int ret, flen = len; /* RSA_public_encrypt expects a signed int */
+
+ if (flen < 0)
+ return -E_ENCRYPT;
+ ret = RSA_public_encrypt(flen, inbuf, outbuf, pub->rsa,
+ RSA_PKCS1_OAEP_PADDING);
+ return ret < 0? -E_ENCRYPT : ret;
+}
+
+struct stream_cipher {
+ EVP_CIPHER_CTX *aes;
+};
+
+struct stream_cipher *sc_new(const unsigned char *data, int len)
+{
+ struct stream_cipher *sc = para_malloc(sizeof(*sc));
+
+ assert(len >= 2 * AES_CRT128_BLOCK_SIZE);
+ sc->aes = EVP_CIPHER_CTX_new();
+ EVP_EncryptInit_ex(sc->aes, EVP_aes_128_ctr(), NULL, data,
+ data + AES_CRT128_BLOCK_SIZE);
+ return sc;
+}
+
+void sc_free(struct stream_cipher *sc)
+{
+ if (!sc)
+ return;
+ EVP_CIPHER_CTX_free(sc->aes);
+ free(sc);
+}
+
+static void aes_ctr128_crypt(EVP_CIPHER_CTX *ctx, struct iovec *src,
+ struct iovec *dst)
+{
+ int ret, inlen = src->iov_len, outlen, tmplen;
+
+ *dst = (typeof(*dst)) {
+ /* Add one for the terminating zero byte. */
+ .iov_base = para_malloc(inlen + 1),
+ .iov_len = inlen
+ };
+ ret = EVP_EncryptUpdate(ctx, dst->iov_base, &outlen, src->iov_base, inlen);
+ assert(ret != 0);
+ ret = EVP_EncryptFinal_ex(ctx, dst->iov_base + outlen, &tmplen);
+ assert(ret != 0);
+ outlen += tmplen;
+ ((char *)dst->iov_base)[outlen] = '\0';
+ dst->iov_len = outlen;
+}
+
+void sc_crypt(struct stream_cipher *sc, struct iovec *src, struct iovec *dst)
+{
+ return aes_ctr128_crypt(sc->aes, src, dst);
+}
+
+void hash_function(const char *data, unsigned long len, unsigned char *hash)
+{
+ SHA_CTX c;
+ SHA1_Init(&c);
+ SHA1_Update(&c, data, len);
+ SHA1_Final(hash, &c);
+}
* \param tptr Identifies the task to reap.
*
* This function is similar to wait(2) in that it returns information about a
- * terminated task and allows to release the resources associated with the
+ * terminated task which allows releasing the resources associated with the
* task. Until this function is called, the terminated task remains in a zombie
* state.
*
/** The name of the sender. */
const char *name;
/**
- * The init function of this sender.
- *
- * It must fill in all function pointers of \a s as well as the \a
- * client_cmds array, see below. It should also do all necessary
- * preparations to init this sending facility, for example it could
- * open a tcp port.
+ * Parse the command line options and initialize this sender (e.g.,
+ * initialize target or access control lists, listen on a network
+ * socket, etc.).
*/
- void (*init)(struct sender *s);
+ void (*init)(void);
/**
* Return the help text of this sender.
*
* the clients aware of the end-of-file condition.
*/
void (*shutdown_clients)(void);
+ /** Dellocate all resources. Only called on exit. */
+ void (*shutdown)(void);
/**
* Array of function pointers for the sender subcommands.
*
int (*resolve_target)(const char *, struct sender_command_data *);
};
+/** NULL-terminated list, defined in \ref vss.c. */
+extern const struct sender * const senders[];
+/** Iterate over all senders. */
+#define FOR_EACH_SENDER(_i) for ((_i) = 0; senders[(_i)]; (_i)++)
+
/** Describes one client, connected to a paraslash sender. */
struct sender_client {
/** The file descriptor of the client. */
/** Describes the current status of one paraslash sender. */
struct sender_status {
- /** The file descriptor of the socket this sender is listening on. */
- int listen_fd;
- /** The TCP/DCCP port used by this sender. */
- int port;
+ /** Number of sockets to listen on, size of the two arrays below. */
+ unsigned num_listen_fds;
+ /** Derived from --http-listen-address and --dccp-listen-address. */
+ char **listen_addresses;
+ /** Default TCP/DCCP port number for addresses w/o port. */
+ int default_port;
+ /** The socket fd(s) this sender is listening on. */
+ int *listen_fds;
/** The current number of simultaneous connections. */
int num_clients;
/** The maximal number of simultaneous connections. */
struct list_head client_list;
};
+/** Iterate over all listening addresses of the http/dccp sender. */
+#define FOR_EACH_LISTEN_FD(_n, _ss) for (_n = 0; _n < (_ss)->num_listen_fds; _n++)
+
void shutdown_client(struct sender_client *sc, struct sender_status *ss);
void shutdown_clients(struct sender_status *ss);
void init_sender_status(struct sender_status *ss,
- const struct lls_opt_result *acl_opt_result, int port,
- int max_clients, int default_deny);
+ const struct lls_opt_result *acl_opt_result,
+ const struct lls_opt_result *listen_address_opt_result,
+ int default_port, int max_clients, int default_deny);
char *generic_sender_status(struct sender_status *ss, const char *name);
void generic_com_allow(struct sender_command_data *scd,
struct sender_status *ss);
void generic_com_deny(struct sender_command_data *scd,
struct sender_status *ss);
void generic_com_on(struct sender_status *ss, unsigned protocol);
+void generic_acl_deplete(struct list_head *acl);
void generic_com_off(struct sender_status *ss);
char *generic_sender_help(void);
struct sender_client *accept_sender_client(struct sender_status *ss, fd_set *rfds);
{
PARA_INFO_LOG("shutting down %s on fd %d\n", sc->name, sc->fd);
free(sc->name);
- close(sc->fd);
- del_close_on_fork_list(sc->fd);
+ if (!process_is_command_handler()) {
+ close(sc->fd);
+ del_close_on_fork_list(sc->fd);
+ }
cq_destroy(sc->cq);
list_del(&sc->node);
free(sc->private_data);
*
* \param ss The struct to initialize.
* \param acl_opt_result Contains array of --{http|dccp}-access arguments.
- * \param port The tcp or dccp port to listen on.
+ * \param listen_address_opt_result Where to listen on.
+ * \param default_port Used for addresses with no specified port.
* \param max_clients The maximal number of simultaneous connections.
* \param default_deny Whether a blacklist should be used for access control.
*/
void init_sender_status(struct sender_status *ss,
- const struct lls_opt_result *acl_opt_result, int port,
- int max_clients, int default_deny)
+ const struct lls_opt_result *acl_opt_result,
+ const struct lls_opt_result *listen_address_opt_result,
+ int default_port, int max_clients, int default_deny)
{
int i;
+ unsigned n = lls_opt_given(listen_address_opt_result);
- ss->listen_fd = -1;
- INIT_LIST_HEAD(&ss->client_list);
- ss->port = port;
+ if (n == 0) {
+ ss->num_listen_fds = 1;
+ ss->listen_addresses = para_malloc(sizeof(char *));
+ ss->listen_addresses[0] = NULL;
+ ss->listen_fds = para_malloc(sizeof(int));
+ ss->listen_fds[0] = -1;
+ } else {
+ ss->num_listen_fds = n;
+ ss->listen_addresses = para_malloc(n * sizeof(char *));
+ ss->listen_fds = para_malloc(n * sizeof(int));
+ FOR_EACH_LISTEN_FD(i, ss) {
+ ss->listen_addresses[i] = para_strdup(lls_string_val(i,
+ listen_address_opt_result));
+ ss->listen_fds[i] = -1;
+ }
+ }
+ ss->default_port = default_port;
+ INIT_LIST_HEAD(&ss->client_list);
/* Initialize an access control list */
INIT_LIST_HEAD(&ss->acl);
for (i = 0; i < lls_opt_given(acl_opt_result); i++) {
*/
char *generic_sender_status(struct sender_status *ss, const char *name)
{
- char *clnts = NULL, *ret;
+ char *clnts = NULL, *ret, *addr = NULL;
struct sender_client *sc, *tmp_sc;
-
+ unsigned n;
char *acl_contents = acl_get_contents(&ss->acl);
+
list_for_each_entry_safe(sc, tmp_sc, &ss->client_list, node) {
char *tmp = make_message("%s%s ", clnts? clnts : "", sc->name);
free(clnts);
clnts = tmp;
}
+ FOR_EACH_LISTEN_FD(n, ss) {
+ char *url = format_url(ss->listen_addresses[n], ss->default_port);
+ char *tmp = make_message("%s%s%s (fd %d)", addr?
+ addr : "", addr? ", " : "", url,
+ ss->listen_fds[n]);
+ free(url);
+ free(addr);
+ addr = tmp;
+ }
ret = make_message(
- "status: %s\n"
- "port: %s\n"
+ "listening address(es): %s\n"
+ "default port: %s\n"
"number of connected clients: %d\n"
"maximal number of clients: %d%s\n"
"connected clients: %s\n"
"access %s list: %s\n",
- (ss->listen_fd >= 0)? "on" : "off",
- stringify_port(ss->port, strcmp(name, "http") ? "dccp" : "tcp"),
+ addr,
+ stringify_port(ss->default_port,
+ strcmp(name, "http")? "dccp" : "tcp"),
ss->num_clients,
ss->max_clients,
ss->max_clients > 0? "" : " (unlimited)",
acl_allow(scd->host, scd->netmask, &ss->acl, ss->default_deny);
}
+/**
+ * Empty the access control list of a sender.
+ *
+ * \param acl The access control list of the sender.
+ *
+ * This is called from the ->shutdown methods of the http and the dccp sender.
+ */
+void generic_acl_deplete(struct list_head *acl)
+{
+ /*
+ * Since default_deny is false, the ACL is considered a blacklist. A
+ * netmask of zero matches any IP address, so this call empties the ACL.
+ */
+ acl_allow("0.0.0.0", 0 /* netmask */, acl, 0 /* default_deny */);
+}
+
/**
* Deny connections from the given range of IP addresses.
*
*/
void generic_com_on(struct sender_status *ss, unsigned protocol)
{
- int fd, ret;
+ int ret;
+ unsigned n;
- if (ss->listen_fd >= 0)
- return;
- ret = para_listen_simple(protocol, ss->port);
- if (ret < 0) {
- PARA_ERROR_LOG("could not listen on port %d: %s\n", ss->port,
- para_strerror(-ret));
- return;
- }
- fd = ret;
- ret = mark_fd_nonblocking(fd);
- if (ret < 0) {
- PARA_ERROR_LOG("could not set %s socket fd for port %d to "
- "nonblocking mode: %s\n",
- protocol == IPPROTO_TCP? "TCP" : "DCCP", ss->port,
- para_strerror(-ret));
- close(fd);
- return;
+ FOR_EACH_LISTEN_FD(n, ss) {
+ if (ss->listen_fds[n] >= 0)
+ continue;
+ ret = para_listen(protocol, ss->listen_addresses[n],
+ ss->default_port);
+ if (ret < 0) {
+ char *url = format_url(ss->listen_addresses[n],
+ ss->default_port);
+ PARA_ERROR_LOG("could not listen on %s %s: %s\n",
+ protocol == IPPROTO_TCP? "TCP" : "DCCP",
+ url, para_strerror(-ret));
+ free(url);
+ continue;
+ }
+ ss->listen_fds[n] = ret;
+ ret = mark_fd_nonblocking(ss->listen_fds[n]);
+ if (ret < 0) {
+ char *url = format_url(ss->listen_addresses[n],
+ ss->default_port);
+ PARA_ERROR_LOG("could not set %s socket fd for %s to "
+ "nonblocking mode: %s\n",
+ protocol == IPPROTO_TCP? "TCP" : "DCCP", url,
+ para_strerror(-ret));
+ free(url);
+ close(ss->listen_fds[n]);
+ ss->listen_fds[n] = -1;
+ continue;
+ }
+ add_close_on_fork_list(ss->listen_fds[n]);
}
- add_close_on_fork_list(fd);
- ss->listen_fd = ret;
- return;
}
/**
*/
void generic_com_off(struct sender_status *ss)
{
- if (ss->listen_fd < 0)
- return;
- PARA_NOTICE_LOG("closing port %d\n", ss->port);
- close(ss->listen_fd);
- del_close_on_fork_list(ss->listen_fd);
- shutdown_clients(ss);
- ss->listen_fd = -1;
+ unsigned n;
+
+ FOR_EACH_LISTEN_FD(n, ss) {
+ if (ss->listen_fds[n] < 0)
+ return;
+ close(ss->listen_fds[n]);
+ del_close_on_fork_list(ss->listen_fds[n]);
+ shutdown_clients(ss);
+ ss->listen_fds[n] = -1;
+ }
}
/**
- * Accept a connection on the socket this server is listening on.
+ * Accept a connection on the socket(s) this server is listening on.
*
* \param ss The sender whose listening fd is ready for reading.
* \param rfds Passed to para_accept(),
*
- * This calls para_accept() and performs the following actions on the resulting
- * file descriptor fd:
+ * This accepts incoming connections on any of the listening sockets of the
+ * server. If there is a connection pending, the function
*
* - Checks whether the maximal number of connections are exceeded.
* - Sets \a fd to nonblocking mode.
{
struct sender_client *sc;
int fd, ret;
+ unsigned n;
- if (ss->listen_fd < 0)
- return NULL;
- ret = para_accept(ss->listen_fd, rfds, NULL, 0, &fd);
- if (ret < 0)
- PARA_ERROR_LOG("%s\n", para_strerror(-ret));
- if (ret <= 0)
- return NULL;
- ret = -E_MAX_CLIENTS;
- if (ss->max_clients > 0 && ss->num_clients >= ss->max_clients)
- goto err_out;
- ret = mark_fd_nonblocking(fd);
- if (ret < 0)
- goto err_out;
- ret = acl_check_access(fd, &ss->acl, ss->default_deny);
- if (ret < 0)
- goto err_out;
- ss->num_clients++;
- sc = para_calloc(sizeof(*sc));
- sc->fd = fd;
- sc->name = para_strdup(remote_name(fd));
- sc->cq = cq_new(MAX_CQ_BYTES);
- para_list_add(&sc->node, &ss->client_list);
- add_close_on_fork_list(fd);
- PARA_INFO_LOG("accepted client #%d: %s (fd %d)\n", ss->num_clients,
- sc->name, fd);
- return sc;
-err_out:
- PARA_WARNING_LOG("%s\n", para_strerror(-ret));
- close(fd);
+ FOR_EACH_LISTEN_FD(n, ss) {
+ if (ss->listen_fds[n] < 0)
+ continue;
+ ret = para_accept(ss->listen_fds[n], rfds, NULL, 0, &fd);
+ if (ret < 0)
+ goto warn;
+ if (ret == 0)
+ continue;
+ ret = -E_MAX_CLIENTS;
+ if (ss->max_clients > 0 && ss->num_clients >= ss->max_clients)
+ goto close_fd_and_warn;
+ ret = mark_fd_nonblocking(fd);
+ if (ret < 0)
+ goto close_fd_and_warn;
+ ret = acl_check_access(fd, &ss->acl, ss->default_deny);
+ if (ret < 0)
+ goto close_fd_and_warn;
+ ss->num_clients++;
+ sc = para_calloc(sizeof(*sc));
+ sc->fd = fd;
+ sc->name = para_strdup(remote_name(fd));
+ sc->cq = cq_new(MAX_CQ_BYTES);
+ para_list_add(&sc->node, &ss->client_list);
+ add_close_on_fork_list(fd);
+ PARA_INFO_LOG("accepted client #%d: %s (fd %d)\n", ss->num_clients,
+ sc->name, fd);
+ return sc;
+close_fd_and_warn:
+ close(fd);
+warn:
+ PARA_WARNING_LOG("%s\n", para_strerror(-ret));
+ }
return NULL;
}
/** The mutex protecting the shared memory area containing the mmd struct. */
int mmd_mutex;
+/* Serializes log output. */
+static int log_mutex;
+
static struct sched sched;
static struct signal_task *signal_task;
/** The process id of the audio file selector process. */
pid_t afs_pid = 0;
+/* The the main server process (parent of afs and the command handlers). */
+static pid_t server_pid;
+
+/**
+ * Tell whether the executing process is a command handler.
+ *
+ * Cleanup on exit must be performed differently for command handlers.
+ *
+ * \return True if the pid of the executing process is neither the server pid
+ * nor the afs pid.
+ */
+bool process_is_command_handler(void)
+{
+ pid_t pid = getpid();
+
+ return pid != afs_pid && pid != server_pid;
+}
+
/** The task responsible for server command handling. */
struct server_command_task {
- /** TCP port on which para_server listens for connections. */
- int listen_fd;
+ unsigned num_listen_fds; /* only one by default */
+ /** TCP socket(s) on which para_server listens for connections. */
+ int *listen_fds;
+ /* File descriptor for the accepted socket. */
+ int child_fd;
/** Copied from para_server's main function. */
int argc;
/** Argument vector passed to para_server's main function. */
return get_task_list(&sched);
}
-/*
- * setup shared memory area and get mutex for locking
- */
+static void pre_log_hook(void)
+{
+ mutex_lock(log_mutex);
+}
+
+static void post_log_hook(void)
+{
+ mutex_unlock(log_mutex);
+}
+
+/* Setup shared memory area and init mutexes */
static void init_ipc_or_die(void)
{
void *shm;
if (ret < 0)
goto err_out;
mmd_mutex = ret;
+ ret = mutex_new();
+ if (ret < 0)
+ goto destroy_mmd_mutex;
+ log_mutex = ret;
mmd->num_played = 0;
mmd->num_commands = 0;
mmd->vss_status_flags = VSS_NEXT;
mmd->new_vss_status_flags = VSS_NEXT;
return;
+destroy_mmd_mutex:
+ mutex_destroy(mmd_mutex);
err_out:
PARA_EMERG_LOG("%s\n", para_strerror(-ret));
exit(EXIT_FAILURE);
user_list_file = make_message("%s/.paraslash/server.users", home);
free(home);
}
- init_user_list(user_list_file);
+ user_list_init(user_list_file);
free(user_list_file);
}
return;
static int signal_post_select(struct sched *s, __a_unused void *context)
{
- int signum = para_next_signal(&s->rfds);
+ int ret, signum;
+ ret = task_get_notification(signal_task->task);
+ if (ret < 0)
+ return ret;
+ signum = para_next_signal(&s->rfds);
switch (signum) {
case 0:
return 0;
case SIGCHLD:
for (;;) {
pid_t pid;
- int ret = para_reap_child(&pid);
+ ret = para_reap_child(&pid);
if (ret <= 0)
break;
if (pid != afs_pid)
PARA_EMERG_LOG("terminating on signal %d\n", signum);
kill(0, SIGTERM);
/*
- * We must wait for afs because afs catches SIGINT/SIGTERM.
- * Before reacting to the signal, afs might want to use the
+ * We must wait for all of our children to die. For the afs
+ * process or a command handler might want to use the
* shared memory area and the mmd mutex. If we destroy this
* mutex too early and afs tries to lock the shared memory
* area, the call to mutex_lock() will fail and terminate the
* afs process. This leads to dirty osl tables.
- *
- * There's no such problem with the other children of the
- * server process (the command handlers) as these reset their
- * SIGINT/SIGTERM handlers to the default action, i.e. these
- * processes get killed immediately by the above kill().
*/
- PARA_INFO_LOG("waiting for afs (pid %d) to die\n",
- (int)afs_pid);
- waitpid(afs_pid, NULL, 0);
+ PARA_INFO_LOG("waiting for child processes to die\n");
+ mutex_unlock(mmd_mutex);
+ while (wait(NULL) != -1 || errno != ECHILD)
+ ; /* still at least one child alive */
+ mutex_lock(mmd_mutex);
cleanup:
free(mmd->afd.afhi.chunk_table);
- close_listed_fds();
- mutex_destroy(mmd_mutex);
- shm_detach(mmd);
- exit(EXIT_FAILURE);
+ task_notify_all(s, E_DEADLY_SIGNAL);
+ return -E_DEADLY_SIGNAL;
}
return 0;
}
static void command_pre_select(struct sched *s, void *context)
{
+ unsigned n;
struct server_command_task *sct = context;
- para_fd_set(sct->listen_fd, &s->rfds, &s->max_fileno);
+
+ for (n = 0; n < sct->num_listen_fds; n++)
+ para_fd_set(sct->listen_fds[n], &s->rfds, &s->max_fileno);
}
-static int command_post_select(struct sched *s, void *context)
+static int command_task_accept(unsigned listen_idx, struct sched *s,
+ struct server_command_task *sct)
{
- struct server_command_task *sct = context;
-
int new_fd, ret, i;
char *peer_name;
pid_t child_pid;
uint32_t *chunk_table;
- ret = para_accept(sct->listen_fd, &s->rfds, NULL, 0, &new_fd);
+ ret = para_accept(sct->listen_fds[listen_idx], &s->rfds, NULL, 0, &new_fd);
if (ret <= 0)
goto out;
mmd->num_connects++;
PARA_INFO_LOG("accepted connection from %s\n", peer_name);
/* mmd might already have changed at this point */
free(chunk_table);
- alarm(ALARM_TIMEOUT);
- close_listed_fds();
- signal_shutdown(signal_task);
+ sct->child_fd = new_fd;
/*
* put info on who we are serving into argv[0] to make
* client ip visible in top/ps
memset(sct->argv[i], 0, strlen(sct->argv[i]));
i = sct->argc - 1 - lls_num_inputs(cmdline_lpr);
sprintf(sct->argv[i], "para_server (serving %s)", peer_name);
- handle_connect(new_fd);
- /* never reached*/
+ /* ask other tasks to terminate */
+ task_notify_all(s, E_CHILD_CONTEXT);
+ /*
+ * After we return, the scheduler calls server_select() with a minimal
+ * timeout value, because the remaining tasks have a notification
+ * pending. Next it calls the ->post_select method of these tasks,
+ * which will return negative in view of the notification. This causes
+ * schedule() to return as there are no more runnable tasks.
+ *
+ * Note that semaphores are not inherited across a fork(), so we don't
+ * hold the lock at this point. Since server_select() drops the lock
+ * prior to calling para_select(), we need to acquire it here.
+ */
+ mutex_lock(mmd_mutex);
+ return -E_CHILD_CONTEXT;
out:
if (ret < 0)
PARA_CRIT_LOG("%s\n", para_strerror(-ret));
return 0;
}
-static void init_server_command_task(int argc, char **argv)
+static int command_post_select(struct sched *s, void *context)
{
+ struct server_command_task *sct = context;
+ unsigned n;
int ret;
- static struct server_command_task server_command_task_struct,
- *sct = &server_command_task_struct;
+
+ ret = task_get_notification(sct->task);
+ if (ret < 0)
+ return ret;
+ for (n = 0; n < sct->num_listen_fds; n++) {
+ ret = command_task_accept(n, s, sct);
+ if (ret < 0) {
+ free(sct->listen_fds);
+ return ret;
+ }
+ }
+ return 0;
+}
+
+static void init_server_command_task(struct server_command_task *sct,
+ int argc, char **argv)
+{
+ int ret;
+ unsigned n;
+ uint32_t port = OPT_UINT32_VAL(PORT);
PARA_NOTICE_LOG("initializing tcp command socket\n");
+ sct->child_fd = -1;
sct->argc = argc;
sct->argv = argv;
- ret = para_listen_simple(IPPROTO_TCP, OPT_UINT32_VAL(PORT));
- if (ret < 0)
- goto err;
- sct->listen_fd = ret;
- ret = mark_fd_nonblocking(sct->listen_fd);
- if (ret < 0)
- goto err;
- add_close_on_fork_list(sct->listen_fd); /* child doesn't need the listener */
+ if (!OPT_GIVEN(LISTEN_ADDRESS)) {
+ sct->num_listen_fds = 1;
+ sct->listen_fds = para_malloc(sizeof(int));
+ ret = para_listen_simple(IPPROTO_TCP, port);
+ if (ret < 0)
+ goto err;
+ sct->listen_fds[0] = ret;
+ } else {
+ sct->num_listen_fds = OPT_GIVEN(LISTEN_ADDRESS);
+ sct->listen_fds = para_malloc(sct->num_listen_fds * sizeof(int));
+ for (n = 0; n < OPT_GIVEN(LISTEN_ADDRESS); n++) {
+ const char *arg;
+ arg = lls_string_val(n, OPT_RESULT(LISTEN_ADDRESS));
+ ret = para_listen(IPPROTO_TCP, arg, port);
+ if (ret < 0)
+ goto err;
+ sct->listen_fds[n] = ret;
+ }
+ }
+ for (n = 0; n < sct->num_listen_fds; n++) {
+ ret = mark_fd_nonblocking(sct->listen_fds[n]);
+ if (ret < 0)
+ goto err;
+ /* child doesn't need the listener */
+ add_close_on_fork_list(sct->listen_fds[n]);
+ }
+
sct->task = task_register(&(struct task_info) {
.name = "server command",
.pre_select = command_pre_select,
int i;
afs_pid = getpid();
+ crypt_shutdown();
+ user_list_deplete();
for (i = argc - 1; i >= 0; i--)
memset(argv[i], 0, strlen(argv[i]));
i = argc - lls_num_inputs(cmdline_lpr) - 1;
exit(EXIT_SUCCESS);
}
-static void server_init(int argc, char **argv)
+static void server_init(int argc, char **argv, struct server_command_task *sct)
{
int ret, afs_socket, daemon_pipe = -1;
char *errctx;
/* become daemon */
if (OPT_GIVEN(DAEMON))
daemon_pipe = daemonize(true /* parent waits for SIGTERM */);
- init_random_seed_or_die();
+ server_pid = getpid();
+ crypt_init();
daemon_log_welcome("server");
- init_ipc_or_die(); /* init mmd struct and mmd->lock */
+ init_ipc_or_die(); /* init mmd struct, mmd and log mutex */
daemon_set_start_time();
+ daemon_set_hooks(pre_log_hook, post_log_hook);
PARA_NOTICE_LOG("initializing audio format handlers\n");
afh_init();
para_unblock_signal(SIGCHLD);
PARA_NOTICE_LOG("initializing virtual streaming system\n");
vss_init(afs_socket, &sched);
- init_server_command_task(argc, argv);
+ init_server_command_task(sct, argc, argv);
if (daemon_pipe >= 0) {
if (write(daemon_pipe, "\0", 1) < 0) {
PARA_EMERG_LOG("daemon_pipe: %s", strerror(errno));
return ret;
}
+/**
+ * Deallocate all lopsub parse results.
+ *
+ * The server allocates a parse result for command line options and optionally
+ * a second parse result for the effective configuration, defined by merging
+ * the command line options with the options stored in the configuration file.
+ * This function frees both structures.
+ */
+void free_lpr(void)
+{
+ lls_free_parse_result(server_lpr, CMD_PTR);
+ if (server_lpr != cmdline_lpr)
+ lls_free_parse_result(cmdline_lpr, CMD_PTR);
+}
+
/**
* The main function of para_server.
*
int main(int argc, char *argv[])
{
int ret;
+ struct server_command_task server_command_task_struct,
+ *sct = &server_command_task_struct;
sched.default_timeout.tv_sec = 1;
sched.select_function = server_select;
- server_init(argc, argv);
+ server_init(argc, argv, sct);
mutex_lock(mmd_mutex);
ret = schedule(&sched);
+ /*
+ * We hold the mmd lock: it was re-acquired in server_select()
+ * after the select call.
+ */
+ mutex_unlock(mmd_mutex);
sched_shutdown(&sched);
- lls_free_parse_result(server_lpr, CMD_PTR);
- if (server_lpr != cmdline_lpr)
- lls_free_parse_result(cmdline_lpr, CMD_PTR);
- if (ret < 0)
- PARA_EMERG_LOG("%s\n", para_strerror(-ret));
+ crypt_shutdown();
+ signal_shutdown(signal_task);
+ if (!process_is_command_handler()) { /* parent (server) */
+ mutex_destroy(mmd_mutex);
+ daemon_set_hooks(NULL, NULL); /* only one process remaining */
+ mutex_destroy(log_mutex);
+ deplete_close_on_fork_list();
+ if (ret < 0)
+ PARA_EMERG_LOG("%s\n", para_strerror(-ret));
+ } else {
+ alarm(ALARM_TIMEOUT);
+ close_listed_fds();
+ ret = handle_connect(sct->child_fd);
+ }
+ vss_shutdown();
+ shm_detach(mmd);
+ user_list_deplete();
+ free_lpr();
exit(ret < 0? EXIT_FAILURE : EXIT_SUCCESS);
}
#define ENUM_STRING_VAL(_name) (lls_enum_string_val(OPT_UINT32_VAL(_name), \
lls_opt(LSG_SERVER_PARA_SERVER_OPT_ ## _name, CMD_PTR)))
-__noreturn void handle_connect(int fd);
+int handle_connect(int fd);
void parse_config_or_die(bool reload);
char *server_get_tasks(void);
+bool process_is_command_handler(void);
+void free_lpr(void);
/**
* The type of a sideband transformation.
*
- * The sideband API allows to filter all data through an arbitrary
+ * The sideband API allows the filtering of data through an arbitrary
* transformation, which is useful for crypto purposes. The transformation may
* either transform the data in place, or return a pointer to a new buffer
* which contains the transformed source buffer. The internal sideband
PARA_NOTICE_LOG("deleting %s (%s) from list\n", sc->name, msg);
udp_close_target(sc);
- close(sc->fd);
- del_close_on_fork_list(sc->fd);
+ /* command handlers already called close_listed_fds() */
+ if (!process_is_command_handler()) {
+ close(sc->fd);
+ del_close_on_fork_list(sc->fd);
+ }
vss_del_fec_client(ut->fc);
list_del(&sc->node);
free(sc->name);
udp_close_target(sc);
}
+static void udp_shutdown(void)
+{
+ struct sender_client *sc, *tmp;
+ list_for_each_entry_safe(sc, tmp, &targets, node)
+ udp_delete_target(sc, "shutdown");
+}
+
static int udp_resolve_target(const char *url, struct sender_command_data *scd)
{
const char *result;
);
}
-/**
- * The init function of para_server's udp sender.
- *
- * \param s Pointer to the udp sender struct.
- *
- * It initializes all function pointers of \a s and the list of udp targets.
- */
-void udp_send_init(struct sender *s)
+/* Initialize the list of udp targets. */
+static void udp_send_init(void)
{
INIT_LIST_HEAD(&targets);
- s->status = udp_status;
- s->help = udp_help;
- s->send = NULL;
- s->pre_select = NULL;
- s->post_select = NULL;
- s->shutdown_clients = udp_shutdown_targets;
- s->resolve_target = udp_resolve_target;
- s->client_cmds[SENDER_on] = udp_com_on;
- s->client_cmds[SENDER_off] = udp_com_off;
- s->client_cmds[SENDER_deny] = NULL;
- s->client_cmds[SENDER_allow] = NULL;
- s->client_cmds[SENDER_add] = udp_com_add;
- s->client_cmds[SENDER_delete] = udp_com_delete;
sender_status = SENDER_off;
udp_init_target_list();
if (!OPT_GIVEN(UDP_NO_AUTOSTART))
sender_status = SENDER_on;
PARA_DEBUG_LOG("udp sender init complete\n");
}
+
+/**
+ * The UDP sender.
+ *
+ * In contrast to the other senders the UDP sender is active in the sense that
+ * it initiates the network connection according to its list of targets rather
+ * than passively waiting for clients to connect. Like DCCP streams, UDP
+ * streams are always sent FEC-encoded. The UDP sender is the only sender which
+ * supports IP multicasting.
+ */
+const struct sender udp_sender = {
+ .name = "udp",
+ .init = udp_send_init,
+ .shutdown = udp_shutdown,
+ .shutdown_clients = udp_shutdown_targets,
+ .resolve_target = udp_resolve_target,
+ .client_cmds = {
+ [SENDER_on] = udp_com_on,
+ [SENDER_off] = udp_com_off,
+ [SENDER_add] = udp_com_add,
+ [SENDER_delete] = udp_com_delete,
+ },
+ .help = udp_help,
+ .status = udp_status,
+};
#include "list.h"
#include "user_list.h"
-static struct list_head user_list;
+static INITIALIZED_LIST_HEAD(user_list);
/*
- * Fill the list of users known to para_server.
+ * Wrapper for fgets(3).
*
- * Populates a linked list of all users in \a user_list_file. Returns on
- * success, calls exit() on errors.
+ * Unlike fgets(3), an integer value is returned. On success, this function
+ * returns 1. On errors, -E_FGETS is returned. A zero return value indicates an
+ * end of file condition.
*/
-static void populate_user_list(char *user_list_file)
+static int xfgets(char *line, int size, FILE *f)
+{
+again:
+ if (fgets(line, size, f))
+ return 1;
+ if (feof(f))
+ return 0;
+ if (!ferror(f))
+ return -E_FGETS;
+ if (errno != EINTR) {
+ PARA_ERROR_LOG("%s\n", strerror(errno));
+ return -E_FGETS;
+ }
+ clearerr(f);
+ goto again;
+}
+
+/**
+ * Remove all entries from the user list.
+ *
+ * This is called on shutdown and when the user list is reloaded because the
+ * server received SIGHUP.
+ */
+void user_list_deplete(void)
+{
+ struct user *u, *tmpu;
+
+ list_for_each_entry_safe(u, tmpu, &user_list, node) {
+ list_del(&u->node);
+ free(u->name);
+ apc_free_pubkey(u->pubkey);
+ free(u);
+ }
+}
+
+/**
+ * Initialize the list of users allowed to connect to para_server.
+ *
+ * \param user_list_file The file containing access information.
+ *
+ * If this function is called for the second time, the contents of the
+ * previous call are discarded, i.e. the user list is reloaded.
+ *
+ * This function either succeeds or calls exit(3).
+ */
+void user_list_init(const char *user_list_file)
{
int ret = -E_USERLIST;
FILE *file_ptr = fopen(user_list_file, "r");
+ struct user *u;
if (!file_ptr)
goto err;
+
+ user_list_deplete();
for (;;) {
int num;
char line[255];
/* keyword, name, key, perms */
char w[255], n[255], k[255], p[255], tmp[4][255];
- struct user *u;
struct asymmetric_key *pubkey;
- ret = para_fgets(line, sizeof(line), file_ptr);
+ ret = xfgets(line, sizeof(line), file_ptr);
if (ret <= 0)
break;
if (sscanf(line,"%200s %200s %200s %200s", w, n, k, p) < 3)
if (strcmp(w, "user"))
continue;
PARA_DEBUG_LOG("found entry for user %s\n", n);
- ret = get_public_key(k, &pubkey);
+ ret = apc_get_pubkey(k, &pubkey);
if (ret < 0) {
PARA_NOTICE_LOG("skipping entry for user %s: %s\n", n,
para_strerror(-ret));
continue;
}
/*
- * In order to encrypt len := CHALLENGE_SIZE + 2 * SESSION_KEY_LEN
+ * In order to encrypt len := APC_CHALLENGE_SIZE + 2 * SESSION_KEY_LEN
* bytes using RSA_public_encrypt() with EME-OAEP padding mode,
* RSA_size(rsa) must be greater than len + 41. So ignore keys
* which are too short. For details see RSA_public_encrypt(3).
*/
- if (ret <= CHALLENGE_SIZE + 2 * SESSION_KEY_LEN + 41) {
+ if (ret <= APC_CHALLENGE_SIZE + 2 * SESSION_KEY_LEN + 41) {
PARA_WARNING_LOG("public key %s too short (%d)\n",
k, ret);
- free_public_key(pubkey);
+ apc_free_pubkey(pubkey);
continue;
}
u = para_malloc(sizeof(*u));
exit(EXIT_FAILURE);
}
-/**
- * Initialize the list of users allowed to connect to para_server.
- *
- * \param user_list_file The file containing access information.
- *
- * If this function is called for the second time, the contents of the
- * previous call are discarded, i.e. the user list is reloaded.
- */
-void init_user_list(char *user_list_file)
-{
- struct user *u, *tmp;
- static int initialized;
-
- if (initialized) {
- list_for_each_entry_safe(u, tmp, &user_list, node) {
- list_del(&u->node);
- free(u->name);
- free_public_key(u->pubkey);
- free(u);
- }
- } else
- INIT_LIST_HEAD(&user_list);
- initialized = 1;
- populate_user_list(user_list_file);
-}
-
/**
* Lookup a user in the user list.
*
* \return A pointer to the corresponding user struct if the user was found, \p
* NULL otherwise.
*/
-struct user *lookup_user(const char *name)
+const struct user *user_list_lookup(const char *name)
{
- struct user *u;
+ const struct user *u;
list_for_each_entry(u, &user_list, node) {
if (strcmp(u->name, name))
continue;
unsigned int perms;
};
-void init_user_list(char *user_list_file);
-struct user *lookup_user(const char *name);
+void user_list_init(const char *user_list_file);
+void user_list_deplete(void);
+const struct user *user_list_lookup(const char *name);
extern void http_send_init(struct sender *);
extern void udp_send_init(struct sender *);
-/** The list of supported senders. */
-struct sender senders[] = {
- {
- .name = "http",
- .init = http_send_init,
- },
- {
- .name = "dccp",
- .init = dccp_send_init,
- },
- {
- .name = "udp",
- .init = udp_send_init,
- },
- {
- .name = NULL,
- }
-};
+extern const struct sender udp_sender, dccp_sender, http_sender;
+const struct sender * const senders[] = {
+ &http_sender, &dccp_sender, &udp_sender, NULL};
/** The possible states of the afs socket. */
enum afs_socket_status {
if (fcp->init_fec) {
/*
* Set the maximum slice size to the Maximum Packet Size if the
- * transport protocol allows to determine this value. The user
+ * transport protocol allows determination of this value. The user
* can specify a slice size up to this value.
*/
ret = fcp->init_fec(fc->sc);
vsst->afsss = AFS_SOCKET_CHECK_FOR_WRITE;
} else
para_fd_set(vsst->afs_socket, &s->rfds, &s->max_fileno);
- for (i = 0; senders[i].name; i++) {
- if (!senders[i].pre_select)
+ FOR_EACH_SENDER(i) {
+ if (!senders[i]->pre_select)
continue;
- senders[i].pre_select(&s->max_fileno, &s->rfds, &s->wfds);
+ senders[i]->pre_select(&s->max_fileno, &s->rfds, &s->wfds);
}
vss_compute_timeout(s, vsst);
}
* We call ->send() even if len is zero because senders might
* have data queued which can be sent now.
*/
- for (i = 0; senders[i].name; i++) {
- if (!senders[i].send)
+ FOR_EACH_SENDER(i) {
+ if (!senders[i]->send)
continue;
- senders[i].send(mmd->current_chunk, mmd->chunks_sent,
+ senders[i]->send(mmd->current_chunk, mmd->chunks_sent,
buf, len, vsst->header_buf, vsst->header_len);
}
}
int ret, i;
struct vss_task *vsst = context;
+ ret = task_get_notification(vsst->task);
+ if (ret < 0) {
+ afh_free_header(vsst->header_buf, mmd->afd.audio_format_id);
+ return ret;
+ }
if (!vsst->map || vss_next() || vss_paused() || vss_repos()) {
/* shut down senders and fec clients */
struct fec_client *fc, *tmp;
- for (i = 0; senders[i].name; i++)
- if (senders[i].shutdown_clients)
- senders[i].shutdown_clients();
+ FOR_EACH_SENDER(i)
+ if (senders[i]->shutdown_clients)
+ senders[i]->shutdown_clients();
list_for_each_entry_safe(fc, tmp, &fec_client_list, node)
fc->state = FEC_STATE_NONE;
mmd->stream_start.tv_sec = 0;
int num = mmd->sender_cmd_data.cmd_num,
sender_num = mmd->sender_cmd_data.sender_num;
- if (senders[sender_num].client_cmds[num]) {
- ret = senders[sender_num].client_cmds[num]
+ if (senders[sender_num]->client_cmds[num]) {
+ ret = senders[sender_num]->client_cmds[num]
(&mmd->sender_cmd_data);
if (ret < 0)
PARA_ERROR_LOG("%s\n", para_strerror(-ret));
else
vsst->afsss = AFS_SOCKET_AFD_PENDING;
}
- for (i = 0; senders[i].name; i++) {
- if (!senders[i].post_select)
+ FOR_EACH_SENDER(i) {
+ if (!senders[i]->post_select)
continue;
- senders[i].post_select(&s->rfds, &s->wfds);
+ senders[i]->post_select(&s->rfds, &s->wfds);
}
if ((vss_playing() && !(mmd->vss_status_flags & VSS_PLAYING)) ||
(vss_next() && vss_playing()))
ms2tv(announce_time, &vsst->announce_tv);
PARA_INFO_LOG("announce timeval: %lums\n", tv2ms(&vsst->announce_tv));
INIT_LIST_HEAD(&fec_client_list);
- for (i = 0; senders[i].name; i++) {
- PARA_NOTICE_LOG("initializing %s sender\n", senders[i].name);
- senders[i].init(&senders[i]);
+ FOR_EACH_SENDER(i) {
+ PARA_NOTICE_LOG("initializing %s sender\n", senders[i]->name);
+ senders[i]->init();
}
mmd->sender_cmd_data.cmd_num = -1;
if (OPT_GIVEN(AUTOPLAY)) {
.context = vsst,
}, s);
}
+
+/**
+ * Turn off the virtual streaming system.
+ *
+ * This is only executed on exit. It calls the ->shutdowwn method of all senders.
+ */
+void vss_shutdown(void)
+{
+ int i;
+
+ FOR_EACH_SENDER(i) {
+ if (!senders[i]->shutdown)
+ continue;
+ PARA_NOTICE_LOG("shutting down %s sender\n", senders[i]->name);
+ senders[i]->shutdown();
+ }
+}
unsigned int vss_paused(void);
unsigned int vss_stopped(void);
struct timeval *vss_chunk_time(void);
+void vss_shutdown(void);
/** Stop playing after current audio file. */
#define VSS_NOMORE 1
<p> The repository contains the full history of the
project since 2006, all work in progress and the source
- code for the web pages. Choosing this option allows to
- check out any of the four integration branches maint,
+ code for the web pages. Choosing this option allows the
+ checkout of any of the four integration branches maint,
master, next, pu (see the
<a href="manual.html#Git.branches">Git branches</a>
<a href="http://git.tuebingen.mpg.de/paraslash.git">gitweb</a>
page contains a snapshot link for each revision. This
- allows to get a specific revision without downloading
+ allows getting a specific revision without downloading
the full history.
</li>
In addition to the three network streaming modes, para_recv can also
operate in local (afh) mode. In this mode it writes the content of
an audio file on the local file system in complete chunks to stdout,
-optionally 'just in time'. This allows to cut an audio file without
-first decoding it, and it enables third-party software which is unaware
-of the particular audio format to send complete frames in real time.
+optionally 'just in time'. This allows cutting audio files without
+decoding, and it enables third-party software which is unaware of
+the particular audio format to send complete frames in real time.
<h3> para_filter </h3>
para_client si
-The sender command of para_server prints information about senders,
-like the various access control lists, and it allows to (de-)activate
-senders and to change the access permissions at runtime.
-
--> List all senders
-
- para_client sender
-
--> Obtain general help for the sender command:
-
- para_client help sender
-
--> Get help for a specific sender (contains further examples):
-
- s=http # or dccp or udp
- para_client sender $s help
-
--> Show status of the http sender
-
- para_client sender http status
-
By default para_server activates both the HTTP and th DCCP sender on
startup. This can be changed via command line options or para_server's
config file.
para_server -h
-All senders share the "on" and "off" commands, so senders may be
-activated and deactivated independently of each other.
-
--> Switch off the http sender:
-
- para_client sender http off
-
-> Receive a DCCP stream using CCID2 and write the output into a file:
host=foo.org; ccid=2; filename=bar
line parser, so arguments for the dccp receiver must be protected
from being interpreted by para_recv.
--> Start UDP multicast, using the default multicast address:
-
- para_client sender udp add 224.0.1.38
-
-> Receive FEC-encoded multicast stream and write the output into a file:
filename=foo
para_recv -r udp > $filename
--> Add an UDP unicast for a client to the target list of the UDP sender:
-
- t=client.foo.org
- para_client sender udp add $t
-
-> Receive this (FEC-encoded) unicast stream:
filename=foo
all. The wav filter is only useful with para_filter and in connection
with a decoder. It asks the decoder for the number of channels and the
sample rate of the stream and adds a Microsoft wave header containing
-this information at the beginning. This allows to write wav files
+this information at the beginning. This allows writing wav files
rather than raw PCM files (which do not contain any information about
the number of channels and the sample rate).
operating on uncompressed audio streams, since data buffers are simply
"pushed down" rather than copied.
-Examples
---------
-
--> Decode an mp3 file to wav format:
-
- para_filter -f mp3dec -f wav < file.mp3 > file.wav
-
--> Amplify a raw audio file by a factor of 1.5:
-
- para_filter -f amp --amp 32 < foo.raw > bar.raw
-
======
Output
======
also limited. For example only one application can open the device
at any time. The OSS writer is activated by default on BSD Systems.
-- *FILE*. The file writer allows to capture the audio stream and
-write the PCM data to a file on the file system rather than playing
+- *FILE*. The file writer allows capturing the audio stream and
+writing the PCM data to a file on the file system rather than playing
it through a sound device. It is supported on all platforms and is
always compiled in.
projects / paraslash.git / commitdiff