source: code/icbd.c@ 8886035

Last change on this file since 8886035 was 0b802fa, checked in by Mike Belopuhov <mike@…>, 15 years ago

OpenBSD now ships with bufferevent_setwatermark prototype defined
  • Property mode set to 100644
File size: 10.4 KB
RevLine 
[cd7b81d]1/*
2 * Copyright (c) 2009 Mike Belopuhov
3 * Copyright (c) 2007 Oleg Safiullin
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <sys/types.h>
19#include <sys/queue.h>
20#include <sys/socket.h>
21#include <sys/stat.h>
[c8c9ccf]22#include <netinet/in_systm.h>
[cd7b81d]23#include <netinet/in.h>
[c8c9ccf]24#include <netinet/ip.h>
[cd7b81d]25#include <arpa/inet.h>
26#include <fcntl.h>
27#include <stdio.h>
28#include <stdlib.h>
29#include <unistd.h>
30#include <string.h>
31#include <sysexits.h>
32#include <syslog.h>
33#include <pwd.h>
34#include <login_cap.h>
35#include <locale.h>
36#include <netdb.h>
37#include <event.h>
38#include <errno.h>
39#include <err.h>
40
41#include "icb.h"
42#include "icbd.h"
43
44extern char *__progname;
45
[a785c27]46char srvname[MAXHOSTNAMELEN];
47int creategroups;
48int foreground;
49int verbose;
[cd7b81d]50
51void usage(void);
52void getpeerinfo(struct icb_session *);
53void icbd_accept(int, short, void *);
54void icbd_drop(struct icb_session *, char *);
55void icbd_ioerr(struct bufferevent *, short, void *);
56void icbd_dispatch(struct bufferevent *, void *);
57void icbd_log(struct icb_session *, int, const char *, ...);
58void icbd_grplist(char *);
59void icbd_restrict(void);
60void icbd_write(struct icb_session *, char *, ssize_t);
61
62int
63main(int argc, char *argv[])
64{
65 struct icbd_callbacks ic = { icbd_drop, icbd_log, icbd_write };
66 const char *cause = NULL;
67 int ch, nsocks = 0, save_errno = 0;
68 int inet4 = 0, inet6 = 0;
69
70 /* init group lists before calling icb_addgroup */
71 icb_init(&ic);
72
[a785c27]73 while ((ch = getopt(argc, argv, "46CdG:S:v")) != -1)
[cd7b81d]74 switch (ch) {
75 case '4':
76 inet4++;
77 break;
78 case '6':
79 inet6++;
80 break;
81 case 'C':
82 creategroups++;
83 break;
84 case 'd':
85 foreground++;
86 break;
87 case 'G':
88 icbd_grplist(optarg);
89 break;
[a785c27]90 case 'S':
91 strlcpy(srvname, optarg, sizeof srvname);
92 break;
[cd7b81d]93 case 'v':
94 verbose++;
95 break;
96 default:
97 usage();
98 /* NOTREACHED */
99 }
100 argc -= optind;
101 argv += optind;
102
103 /* add group "1" as it's a login group for most of the clients */
104 if (icb_addgroup(NULL, "1", NULL) == NULL)
105 err(EX_UNAVAILABLE, NULL);
106
107 if (argc == 0)
108 argc++;
109
110 if (inet4 && inet6)
111 errx(EX_CONFIG, "Can't specify both -4 and -6");
112
113 tzset();
114 (void)setlocale(LC_ALL, "C");
115
116 if (foreground)
117 openlog("icbd", LOG_PID | LOG_PERROR, LOG_DAEMON);
118 else
119 openlog("icbd", LOG_PID | LOG_NDELAY, LOG_DAEMON);
120
121 if (!foreground && daemon(0, 0) < 0)
122 err(EX_OSERR, NULL);
123
124 (void)event_init();
125
126 for (ch = 0; ch < argc; ch++) {
127 struct addrinfo hints, *res, *res0;
128 struct event *ev;
129 char *addr, *port;
130 int error, s, on = 1;
131
132 addr = port = NULL;
133 if (argv[ch] != NULL) {
134 if (argv[ch][0] != ':')
135 addr = argv[ch];
136 if ((port = strrchr(argv[ch], ':')) != NULL)
137 *port++ = '\0';
138 }
139
140 bzero(&hints, sizeof hints);
141 if (inet4 || inet6)
142 hints.ai_family = inet4 ? PF_INET : PF_INET6;
143 else
144 hints.ai_family = PF_UNSPEC;
145 hints.ai_socktype = SOCK_STREAM;
146 hints.ai_flags = AI_PASSIVE;
147 if ((error = getaddrinfo(addr, port ? port : "icb", &hints,
148 &res0)) != 0) {
149 syslog(LOG_ERR, "%s", gai_strerror(error));
150 return (EX_UNAVAILABLE);
151 }
152
153 for (res = res0; res != NULL; res = res->ai_next) {
154 if ((s = socket(res->ai_family, res->ai_socktype,
155 res->ai_protocol)) < 0) {
156 cause = "socket";
157 save_errno = errno;
158 continue;
159 }
160
161 if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &on,
162 sizeof on) < 0) {
163 cause = "SO_REUSEADDR";
164 save_errno = errno;
165 (void)close(s);
166 continue;
167 }
168
169 if (bind(s, res->ai_addr, res->ai_addrlen) < 0) {
170 cause = "bind";
171 save_errno = errno;
172 (void)close(s);
173 continue;
174 }
175
176 (void)listen(s, TCP_BACKLOG);
177
178 if ((ev = calloc(1, sizeof *ev)) == NULL)
179 err(EX_UNAVAILABLE, NULL);
180 event_set(ev, s, EV_READ | EV_PERSIST, icbd_accept, ev);
181 if (event_add(ev, NULL) < 0) {
182 syslog(LOG_ERR, "event_add: %m");
183 return (EX_UNAVAILABLE);
184 }
185
186 nsocks++;
187 }
188
189 freeaddrinfo(res0);
190 }
191
192 if (nsocks == 0) {
193 errno = save_errno;
194 syslog(LOG_ERR, "%s: %m", cause);
195 return (EX_UNAVAILABLE);
196 }
197
198 /* start a dns resolver thread */
199 icbd_dns_init();
200
201 if (!foreground)
202 icbd_restrict();
203
204 (void)signal(SIGPIPE, SIG_IGN);
205
206 (void)event_dispatch();
207
208 syslog(LOG_ERR, "event_dispatch: %m");
209
210 return (EX_UNAVAILABLE);
211}
212
213void
214icbd_dns(int fd, short event, void *arg)
215{
216 struct icb_session *is = arg;
217
218 if (event != EV_READ)
219 return;
220
221 if (read(fd, is->host, sizeof is->host) < 0)
222 syslog(LOG_ERR, "read: %m");
223
224 is->host[sizeof is->host - 1] = '\0';
225
226 if (verbose)
227 syslog(LOG_DEBUG, "icbd_dns: resolved %s", is->host);
228}
229
230void
231icbd_accept(int fd, short event __attribute__((__unused__)),
232 void *arg __attribute__((__unused__)))
233{
234 struct sockaddr_storage ss;
235 struct icb_session *is;
236 socklen_t ss_len = sizeof ss;
[c8c9ccf]237 int s, tos = IPTOS_LOWDELAY;
[cd7b81d]238
239 ss.ss_len = ss_len;
240 if ((s = accept(fd, (struct sockaddr *)&ss, &ss_len)) < 0) {
241 syslog(LOG_ERR, "accept: %m");
242 return;
243 }
[c8c9ccf]244 if (ss.ss_family == AF_INET)
245 if (setsockopt(s, IPPROTO_IP, IP_TOS, &tos, sizeof tos) < 0)
246 syslog(LOG_WARNING, "IP_TOS: %m");
[cd7b81d]247 if ((is = calloc(1, sizeof *is)) == NULL) {
248 syslog(LOG_ERR, "calloc: %m");
249 (void)close(s);
250 return;
251 }
252 if ((is->bev = bufferevent_new(s, icbd_dispatch, NULL, icbd_ioerr,
253 is)) == NULL) {
254 syslog(LOG_ERR, "bufferevent_new: %m");
255 (void)close(s);
256 free(is);
257 return;
258 }
259 if (bufferevent_enable(is->bev, EV_READ)) {
260 syslog(LOG_ERR, "bufferevent_enable: %m");
261 (void)close(s);
262 bufferevent_free(is->bev);
263 free(is);
264 return;
265 }
266
267 /* save host information */
268 getpeerinfo(is);
269
270 /* start icb conversation */
271 icb_start(is);
272}
273
274__dead void
275usage(void)
276{
277 (void)fprintf(stderr, "usage: %s [-46Cdv] [-G group1[,group2,...]] "
[c45628b]278 "[-S name] [[addr][:port] ...]\n", __progname);
[cd7b81d]279 exit(EX_USAGE);
280}
281
282/*
283 * bufferevent functions
284 */
285
286void
287icbd_dispatch(struct bufferevent *bev, void *arg)
288{
289 struct icb_session *is = (struct icb_session *)arg;
290
291 if (is->length == 0) {
292 bzero(is->buffer, sizeof is->buffer);
293 /* read length */
294 (void)bufferevent_read(bev, is->buffer, 1);
295 /* we're about to read the whole packet */
296 is->length = (size_t)(unsigned char)is->buffer[0];
297 if (is->length == 0) {
298 icbd_drop(is, "invalid packet");
299 return;
300 }
301 if (EVBUFFER_LENGTH(EVBUFFER_INPUT(bev)) < is->length) {
302 /* set watermark to the expected length */
303 bufferevent_setwatermark(bev, EV_READ, is->length, 0);
304 return;
305 }
306 }
307 (void)bufferevent_read(bev, &is->buffer[1], is->length);
308#ifdef DEBUG
309 {
310 int i;
311
312 printf("-> read from %s:%d:\n", is->host, is->port);
313 for (i = 0; i < (int)is->length + 1; i++)
314 printf(" %02x", (unsigned char)is->buffer[i]);
315 printf("\n");
316 }
317#endif
318 icb_input(is);
319 is->length = 0;
320}
321
322void
323icbd_write(struct icb_session *is, char *buf, ssize_t size)
324{
325 if (bufferevent_write(is->bev, buf, size) == -1)
326 syslog(LOG_ERR, "bufferevent_write: %m");
327#ifdef DEBUG
328 {
329 int i;
330
331 printf("-> wrote to %s:%d:\n", is->host, is->port);
332 for (i = 0; i < size; i++)
333 printf(" %02x", (unsigned char)buf[i]);
334 printf("\n");
335 }
336#endif
337}
338
339void
340icbd_drop(struct icb_session *is, char *reason)
341{
342 if (reason) {
343 icb_remove(is, reason);
344 icbd_log(is, LOG_DEBUG, reason);
345 } else
346 icb_remove(is, NULL);
347 (void)evbuffer_write(EVBUFFER_OUTPUT(is->bev), EVBUFFER_FD(is->bev));
348 (void)close(EVBUFFER_FD(is->bev));
349 bufferevent_free(is->bev);
350 free(is);
351}
352
353void
354icbd_ioerr(struct bufferevent *bev __attribute__((__unused__)), short what,
355 void *arg)
356{
357 struct icb_session *is = (struct icb_session *)arg;
358
359 if (what & EVBUFFER_TIMEOUT)
360 icbd_drop(is, "timeout");
361 else if (what & EVBUFFER_EOF)
362 icbd_drop(is, NULL);
363 else if (what & EVBUFFER_ERROR)
364 icbd_drop(is, (what & EVBUFFER_READ) ? "read error" :
365 "write error");
366}
367
368void
369icbd_log(struct icb_session *is, int level, const char *fmt, ...)
370{
371 char buf[512];
372 va_list ap;
373
374 if (!verbose && level == LOG_DEBUG)
375 return;
376
377 va_start(ap, fmt);
378 (void)vsnprintf(buf, sizeof buf, fmt, ap);
379 va_end(ap);
380 if (is)
381 syslog(level, "%s:%u: %s", is->host, is->port, buf);
382 else
383 syslog(level, "%s", buf);
384}
385
386void
387icbd_restrict(void)
388{
389 struct stat sb;
390 struct passwd *pw;
391
392 if ((pw = getpwnam(ICBD_USER)) == NULL) {
393 syslog(LOG_ERR, "No passwd entry for %s", ICBD_USER);
394 exit(EX_NOUSER);
395 }
396
397 if (setusercontext(NULL, pw, pw->pw_uid,
398 LOGIN_SETALL & ~LOGIN_SETUSER) < 0) {
399 syslog(LOG_ERR, "%s: %m", pw->pw_name);
400 exit(EX_NOPERM);
401 }
402
403 if (stat(pw->pw_dir, &sb) == -1) {
404 syslog(LOG_ERR, "%s: %m", pw->pw_name);
405 exit(EX_NOPERM);
406 }
407
408 if (sb.st_uid != 0 || (sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
409 syslog(LOG_ERR, "bad directory permissions");
410 exit(EX_NOPERM);
411 }
412
413 if (chroot(pw->pw_dir) < 0) {
414 syslog(LOG_ERR, "%s: %m", pw->pw_dir);
415 exit(EX_UNAVAILABLE);
416 }
417
418 if (setuid(pw->pw_uid) < 0) {
419 syslog(LOG_ERR, "%d: %m", pw->pw_uid);
420 exit(EX_NOPERM);
421 }
422
423 if (chdir("/") < 0) {
424 syslog(LOG_ERR, "/: %m");
425 exit(EX_UNAVAILABLE);
426 }
427
428 (void)setproctitle("icbd");
429}
430
431void
432icbd_grplist(char *list)
433{
434 char *s, *s1, *s2;
435 int last = 0;
436
437 if (!list || strlen(list) == 0)
438 return;
439
440 /* "group1[:pass1][,group2[:pass2],...]" */
441 s = list;
442 s1 = s2 = NULL;
443 while (!last && s) {
444 if ((s1 = strchr(s, ',')) != NULL)
445 *s1 = '\0';
446 else {
447 last = 1;
448 s1 = s;
449 }
450 if ((s2 = strchr(s, ':')) != NULL)
451 *s2 = '\0';
452 if (icb_addgroup(NULL, s, s2 ? ++s2 : NULL) == NULL)
453 err(EX_UNAVAILABLE, NULL);
454 s = ++s1;
455 s1 = s2 = NULL;
456 }
457}
458
459time_t
460getmonotime(void)
461{
462 struct timespec ts;
463
464 if (clock_gettime(CLOCK_MONOTONIC, &ts) != 0) {
465 syslog(LOG_ERR, "%m");
466 exit(EX_OSERR);
467 }
468 return (ts.tv_sec);
469}
470
471void
472getpeerinfo(struct icb_session *is)
473{
474 struct sockaddr_storage ss;
475 socklen_t ss_len = sizeof ss;
476
477 bzero(&ss, sizeof ss);
478 if (getpeername(EVBUFFER_FD(is->bev), (struct sockaddr *)&ss,
479 &ss_len) != 0)
480 return;
481
482 is->port = 0;
483 switch (ss.ss_family) {
484 case AF_INET:
485 is->port = ntohs(((struct sockaddr_in *)&ss)->sin_port);
486 break;
487
488 case AF_INET6:
489 is->port = ntohs(((struct sockaddr_in6 *)&ss)->sin6_port);
490 break;
491 }
492
493 dns_rresolv(is, &ss);
494}
Note: See TracBrowser for help on using the repository browser.