Commit | Line | Data |
---|---|---|
7c1b4daa MP |
1 | /* -*- c-file-style: "linux" -*- |
2 | ||
d54765c4 MP |
3 | rsync -- fast file replication program |
4 | ||
eecd22ff | 5 | Copyright (C) 1992-2001 by Andrew Tridgell <tridge@samba.org> |
362099a5 | 6 | Copyright (C) 2001, 2002 by Martin Pool <mbp@samba.org> |
bc2e93eb AT |
7 | |
8 | This program is free software; you can redistribute it and/or modify | |
9 | it under the terms of the GNU General Public License as published by | |
10 | the Free Software Foundation; either version 2 of the License, or | |
11 | (at your option) any later version. | |
12 | ||
13 | This program is distributed in the hope that it will be useful, | |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
16 | GNU General Public License for more details. | |
17 | ||
18 | You should have received a copy of the GNU General Public License | |
19 | along with this program; if not, write to the Free Software | |
20 | Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. | |
21 | */ | |
22 | ||
d5d4b282 MP |
23 | /** |
24 | * @file socket.c | |
25 | * | |
26 | * Socket functions used in rsync. | |
362099a5 MP |
27 | * |
28 | * This file is now converted to use the new-style getaddrinfo() | |
29 | * interface, which supports IPv6 but is also supported on recent | |
30 | * IPv4-only machines. On systems that don't have that interface, we | |
31 | * emulate it using the KAME implementation. | |
d5d4b282 | 32 | **/ |
bc2e93eb | 33 | |
f0fca04e AT |
34 | #include "rsync.h" |
35 | ||
885448d7 MP |
36 | static const char default_name[] = "UNKNOWN"; |
37 | ||
9a5a8673 | 38 | |
660c6fbd MP |
39 | /* Establish a proxy connection on an open socket to a web roxy by |
40 | * using the CONNECT method. */ | |
4c3b4b25 AT |
41 | static int establish_proxy_connection(int fd, char *host, int port) |
42 | { | |
43 | char buffer[1024]; | |
44 | char *cp; | |
45 | ||
8950ac03 | 46 | snprintf(buffer, sizeof(buffer), "CONNECT %s:%d HTTP/1.0\r\n\r\n", host, port); |
00d943d5 | 47 | if (write(fd, buffer, strlen(buffer)) != (int) strlen(buffer)) { |
660c6fbd | 48 | rprintf(FERROR, "failed to write to proxy: %s\n", |
4c3b4b25 AT |
49 | strerror(errno)); |
50 | return -1; | |
51 | } | |
52 | ||
53 | for (cp = buffer; cp < &buffer[sizeof(buffer) - 1]; cp++) { | |
54 | if (read(fd, cp, 1) != 1) { | |
660c6fbd MP |
55 | rprintf(FERROR, "failed to read from proxy: %s\n", |
56 | strerror(errno)); | |
4c3b4b25 AT |
57 | return -1; |
58 | } | |
59 | if (*cp == '\n') | |
60 | break; | |
61 | } | |
62 | ||
63 | if (*cp != '\n') | |
64 | cp++; | |
65 | *cp-- = '\0'; | |
66 | if (*cp == '\r') | |
67 | *cp = '\0'; | |
68 | if (strncmp(buffer, "HTTP/", 5) != 0) { | |
69 | rprintf(FERROR, "bad response from proxy - %s\n", | |
70 | buffer); | |
71 | return -1; | |
72 | } | |
73 | for (cp = &buffer[5]; isdigit(*cp) || (*cp == '.'); cp++) | |
74 | ; | |
75 | while (*cp == ' ') | |
76 | cp++; | |
77 | if (*cp != '2') { | |
78 | rprintf(FERROR, "bad response from proxy - %s\n", | |
79 | buffer); | |
80 | return -1; | |
81 | } | |
82 | /* throw away the rest of the HTTP header */ | |
83 | while (1) { | |
84 | for (cp = buffer; cp < &buffer[sizeof(buffer) - 1]; | |
85 | cp++) { | |
86 | if (read(fd, cp, 1) != 1) { | |
660c6fbd MP |
87 | rprintf(FERROR, "failed to read from proxy: %s\n", |
88 | strerror(errno)); | |
4c3b4b25 AT |
89 | return -1; |
90 | } | |
91 | if (*cp == '\n') | |
92 | break; | |
93 | } | |
94 | if ((cp > buffer) && (*cp == '\n')) | |
95 | cp--; | |
96 | if ((cp == buffer) && ((*cp == '\n') || (*cp == '\r'))) | |
97 | break; | |
98 | } | |
99 | return 0; | |
100 | } | |
101 | ||
102 | ||
f8be7d42 MP |
103 | /** |
104 | * Try to set the local address for a newly-created socket. Return -1 | |
105 | * if this fails. | |
106 | **/ | |
107 | int try_bind_local(int s, | |
108 | int ai_family, int ai_socktype, | |
109 | const char *bind_address) | |
110 | { | |
111 | int error; | |
112 | struct addrinfo bhints, *bres_all, *r; | |
113 | ||
114 | memset(&bhints, 0, sizeof(bhints)); | |
115 | bhints.ai_family = ai_family; | |
116 | bhints.ai_socktype = ai_socktype; | |
117 | bhints.ai_flags = AI_PASSIVE; | |
98355b80 | 118 | if ((error = getaddrinfo(bind_address, NULL, &bhints, &bres_all))) { |
f8be7d42 MP |
119 | rprintf(FERROR, RSYNC_NAME ": getaddrinfo %s: %s\n", |
120 | bind_address, gai_strerror(error)); | |
121 | return -1; | |
122 | } | |
123 | ||
124 | for (r = bres_all; r; r = r->ai_next) { | |
9ec75284 | 125 | if (bind(s, r->ai_addr, r->ai_addrlen) == -1) |
f8be7d42 MP |
126 | continue; |
127 | return s; | |
128 | } | |
129 | ||
130 | /* no error message; there might be some problem that allows | |
131 | * creation of the socket but not binding, perhaps if the | |
132 | * machine has no ipv6 address of this name. */ | |
133 | return -1; | |
134 | } | |
135 | ||
eecd22ff | 136 | |
d5d4b282 MP |
137 | /** |
138 | * Open a socket to a tcp remote host with the specified port . | |
06963d0f | 139 | * |
d5d4b282 MP |
140 | * Based on code from Warren. Proxy support by Stephen Rothwell. |
141 | * getaddrinfo() rewrite contributed by KAME.net. | |
06963d0f | 142 | * |
d5d4b282 MP |
143 | * Now that we support IPv6 we need to look up the remote machine's |
144 | * address first, using @p af_hint to set a preference for the type | |
145 | * of address. Then depending on whether it has v4 or v6 addresses we | |
146 | * try to open a connection. | |
06963d0f | 147 | * |
d5d4b282 MP |
148 | * The loop allows for machines with some addresses which may not be |
149 | * reachable, perhaps because we can't e.g. route ipv6 to that network | |
150 | * but we can get ip4 packets through. | |
151 | * | |
152 | * @param bind_address Local address to use. Normally NULL to bind | |
153 | * the wildcard address. | |
154 | * | |
155 | * @param af_hint Address family, e.g. AF_INET or AF_INET6. | |
06963d0f | 156 | **/ |
d5d4b282 MP |
157 | int open_socket_out(char *host, int port, const char *bind_address, |
158 | int af_hint) | |
bc2e93eb | 159 | { |
f0fca04e | 160 | int type = SOCK_STREAM; |
06963d0f MP |
161 | int error; |
162 | int s; | |
06963d0f MP |
163 | struct addrinfo hints, *res0, *res; |
164 | char portbuf[10]; | |
4c3b4b25 | 165 | char *h; |
4c3b4b25 AT |
166 | int proxied = 0; |
167 | char buffer[1024]; | |
168 | char *cp; | |
169 | ||
660c6fbd MP |
170 | /* if we have a RSYNC_PROXY env variable then redirect our |
171 | * connetcion via a web proxy at the given address. The format | |
172 | * is hostname:port */ | |
4c3b4b25 AT |
173 | h = getenv("RSYNC_PROXY"); |
174 | proxied = (h != NULL) && (*h != '\0'); | |
175 | ||
176 | if (proxied) { | |
177 | strlcpy(buffer, h, sizeof(buffer)); | |
178 | cp = strchr(buffer, ':'); | |
179 | if (cp == NULL) { | |
660c6fbd MP |
180 | rprintf(FERROR, |
181 | "invalid proxy specification: should be HOST:PORT\n"); | |
4c3b4b25 AT |
182 | return -1; |
183 | } | |
184 | *cp++ = '\0'; | |
06963d0f | 185 | strcpy(portbuf, cp); |
4c3b4b25 AT |
186 | h = buffer; |
187 | } else { | |
06963d0f | 188 | snprintf(portbuf, sizeof(portbuf), "%d", port); |
4c3b4b25 | 189 | h = host; |
4c3b4b25 | 190 | } |
f0fca04e | 191 | |
06963d0f | 192 | memset(&hints, 0, sizeof(hints)); |
d5d4b282 | 193 | hints.ai_family = af_hint; |
06963d0f MP |
194 | hints.ai_socktype = type; |
195 | error = getaddrinfo(h, portbuf, &hints, &res0); | |
196 | if (error) { | |
d5d4b282 MP |
197 | rprintf(FERROR, RSYNC_NAME ": getaddrinfo: %s %s: %s\n", |
198 | h, portbuf, gai_strerror(error)); | |
f0fca04e AT |
199 | return -1; |
200 | } | |
201 | ||
06963d0f | 202 | s = -1; |
2d6dbe29 MP |
203 | /* Try to connect to all addresses for this machine until we get |
204 | * through. It might e.g. be multi-homed, or have both IPv4 and IPv6 | |
205 | * addresses. We need to create a socket for each record, since the | |
206 | * address record tells us what protocol to use to try to connect. */ | |
06963d0f MP |
207 | for (res = res0; res; res = res->ai_next) { |
208 | s = socket(res->ai_family, res->ai_socktype, res->ai_protocol); | |
209 | if (s < 0) | |
210 | continue; | |
f0fca04e | 211 | |
f8be7d42 MP |
212 | if (bind_address) |
213 | if (try_bind_local(s, res->ai_family, type, | |
214 | bind_address) == -1) { | |
215 | close(s); | |
216 | s = -1; | |
06963d0f MP |
217 | continue; |
218 | } | |
e30f0657 | 219 | |
06963d0f MP |
220 | if (connect(s, res->ai_addr, res->ai_addrlen) < 0) { |
221 | close(s); | |
222 | s = -1; | |
223 | continue; | |
224 | } | |
225 | if (proxied && | |
226 | establish_proxy_connection(s, host, port) != 0) { | |
227 | close(s); | |
228 | s = -1; | |
229 | continue; | |
230 | } else | |
231 | break; | |
4c3b4b25 | 232 | } |
06963d0f MP |
233 | freeaddrinfo(res0); |
234 | if (s < 0) { | |
7ef6aa64 MP |
235 | rprintf(FERROR, RSYNC_NAME ": failed to connect to %s: %s\n", |
236 | h, strerror(errno)); | |
f0fca04e AT |
237 | return -1; |
238 | } | |
06963d0f | 239 | return s; |
f0fca04e AT |
240 | } |
241 | ||
242 | ||
eecd22ff MP |
243 | /** |
244 | * Open an outgoing socket, but allow for it to be intercepted by | |
245 | * $RSYNC_CONNECT_PROG, which will execute a program across a TCP | |
246 | * socketpair rather than really opening a socket. | |
247 | * | |
248 | * We use this primarily in testing to detect TCP flow bugs, but not | |
249 | * cause security problems by really opening remote connections. | |
250 | * | |
251 | * This is based on the Samba LIBSMB_PROG feature. | |
06963d0f MP |
252 | * |
253 | * @param bind_address Local address to use. Normally NULL to get the stack default. | |
eecd22ff MP |
254 | **/ |
255 | int open_socket_out_wrapped (char *host, | |
256 | int port, | |
d5d4b282 MP |
257 | const char *bind_address, |
258 | int af_hint) | |
eecd22ff MP |
259 | { |
260 | char *prog; | |
261 | ||
262 | if ((prog = getenv ("RSYNC_CONNECT_PROG")) != NULL) | |
263 | return sock_exec (prog); | |
264 | else | |
d5d4b282 MP |
265 | return open_socket_out (host, port, bind_address, |
266 | af_hint); | |
eecd22ff MP |
267 | } |
268 | ||
269 | ||
270 | ||
06963d0f MP |
271 | /** |
272 | * Open a socket of the specified type, port and address for incoming data | |
273 | * | |
b8771f96 MP |
274 | * Try to be better about handling the results of getaddrinfo(): when |
275 | * opening an inbound socket, we might get several address results, | |
276 | * e.g. for the machine's ipv4 and ipv6 name. | |
277 | * | |
278 | * If binding a wildcard, then any one of them should do. If an address | |
279 | * was specified but it's insufficiently specific then that's not our | |
280 | * fault. | |
281 | * | |
282 | * However, some of the advertized addresses may not work because e.g. we | |
283 | * don't have IPv6 support in the kernel. In that case go on and try all | |
284 | * addresses until one succeeds. | |
285 | * | |
06963d0f MP |
286 | * @param bind_address Local address to bind, or NULL to allow it to |
287 | * default. | |
288 | **/ | |
d5d4b282 MP |
289 | static int open_socket_in(int type, int port, const char *bind_address, |
290 | int af_hint) | |
f0fca04e | 291 | { |
f0fca04e | 292 | int one=1; |
06963d0f | 293 | int s; |
13e29995 | 294 | struct addrinfo hints, *all_ai, *resp; |
06963d0f MP |
295 | char portbuf[10]; |
296 | int error; | |
297 | ||
298 | memset(&hints, 0, sizeof(hints)); | |
d5d4b282 | 299 | hints.ai_family = af_hint; |
06963d0f MP |
300 | hints.ai_socktype = type; |
301 | hints.ai_flags = AI_PASSIVE; | |
302 | snprintf(portbuf, sizeof(portbuf), "%d", port); | |
13e29995 | 303 | error = getaddrinfo(bind_address, portbuf, &hints, &all_ai); |
06963d0f | 304 | if (error) { |
7ef6aa64 MP |
305 | rprintf(FERROR, RSYNC_NAME ": getaddrinfo: bind address %s: %s\n", |
306 | bind_address, gai_strerror(error)); | |
06963d0f MP |
307 | return -1; |
308 | } | |
06963d0f | 309 | |
13e29995 MP |
310 | /* We may not be able to create the socket, if for example the |
311 | * machine knows about IPv6 in the C library, but not in the | |
312 | * kernel. */ | |
313 | for (resp = all_ai; resp; resp = resp->ai_next) { | |
314 | s = socket(resp->ai_family, resp->ai_socktype, | |
315 | resp->ai_protocol); | |
316 | ||
317 | if (s == -1) | |
318 | /* See if there's another address that will work... */ | |
319 | continue; | |
320 | ||
321 | setsockopt(s, SOL_SOCKET, SO_REUSEADDR, | |
322 | (char *)&one, sizeof one); | |
323 | ||
324 | /* now we've got a socket - we need to bind it */ | |
325 | if (bind(s, all_ai->ai_addr, all_ai->ai_addrlen) < 0) { | |
326 | /* Nope, try another */ | |
327 | close(s); | |
328 | continue; | |
b8771f96 MP |
329 | } |
330 | ||
13e29995 | 331 | return s; |
f0fca04e AT |
332 | } |
333 | ||
13e29995 MP |
334 | rprintf(FERROR, RSYNC_NAME ": open inbound socket on port %d failed: " |
335 | "%s\n", | |
336 | port, | |
337 | strerror(errno)); | |
b8771f96 | 338 | |
13e29995 | 339 | freeaddrinfo(all_ai); |
b8771f96 | 340 | return -1; |
f0fca04e AT |
341 | } |
342 | ||
343 | ||
7c1b4daa MP |
344 | /* |
345 | * Determine if a file descriptor is in fact a socket | |
346 | */ | |
f0fca04e AT |
347 | int is_a_socket(int fd) |
348 | { | |
ac2a1a44 MP |
349 | int v; |
350 | socklen_t l; | |
3eb38818 | 351 | l = sizeof(int); |
7c1b4daa MP |
352 | |
353 | /* Parameters to getsockopt, setsockopt etc are very | |
354 | * unstandardized across platforms, so don't be surprised if | |
ac2a1a44 MP |
355 | * there are compiler warnings on e.g. SCO OpenSwerver or AIX. |
356 | * It seems they all eventually get the right idea. | |
7c1b4daa MP |
357 | * |
358 | * Debian says: ``The fifth argument of getsockopt and | |
359 | * setsockopt is in reality an int [*] (and this is what BSD | |
360 | * 4.* and libc4 and libc5 have). Some POSIX confusion | |
361 | * resulted in the present socklen_t. The draft standard has | |
362 | * not been adopted yet, but glibc2 already follows it and | |
363 | * also has socklen_t [*]. See also accept(2).'' | |
364 | * | |
365 | * We now return to your regularly scheduled programming. */ | |
3eb38818 | 366 | return(getsockopt(fd, SOL_SOCKET, SO_TYPE, (char *)&v, &l) == 0); |
f0fca04e AT |
367 | } |
368 | ||
369 | ||
8ef4ffd6 | 370 | void start_accept_loop(int port, int (*fn)(int )) |
f0fca04e AT |
371 | { |
372 | int s; | |
06963d0f | 373 | extern char *bind_address; |
13e29995 | 374 | extern int default_af_hint; |
f0fca04e | 375 | |
f0fca04e | 376 | /* open an incoming socket */ |
13e29995 | 377 | s = open_socket_in(SOCK_STREAM, port, bind_address, default_af_hint); |
f0fca04e | 378 | if (s == -1) |
65417579 | 379 | exit_cleanup(RERR_SOCKETIO); |
f0fca04e AT |
380 | |
381 | /* ready to listen */ | |
382 | if (listen(s, 5) == -1) { | |
383 | close(s); | |
65417579 | 384 | exit_cleanup(RERR_SOCKETIO); |
f0fca04e AT |
385 | } |
386 | ||
387 | ||
388 | /* now accept incoming connections - forking a new process | |
389 | for each incoming connection */ | |
390 | while (1) { | |
391 | fd_set fds; | |
392 | int fd; | |
2d6dbe29 | 393 | struct sockaddr_storage addr; |
d54765c4 | 394 | socklen_t addrlen = sizeof addr; |
f0fca04e | 395 | |
15b84e14 DD |
396 | /* close log file before the potentially very long select so |
397 | file can be trimmed by another process instead of growing | |
398 | forever */ | |
399 | log_close(); | |
45a83540 | 400 | |
f0fca04e AT |
401 | FD_ZERO(&fds); |
402 | FD_SET(s, &fds); | |
403 | ||
404 | if (select(s+1, &fds, NULL, NULL, NULL) != 1) { | |
405 | continue; | |
406 | } | |
407 | ||
408 | if(!FD_ISSET(s, &fds)) continue; | |
409 | ||
2d6dbe29 | 410 | fd = accept(s,(struct sockaddr *)&addr,&addrlen); |
f0fca04e AT |
411 | |
412 | if (fd == -1) continue; | |
413 | ||
31f440e6 AT |
414 | signal(SIGCHLD, SIG_IGN); |
415 | ||
416 | /* we shouldn't have any children left hanging around | |
417 | but I have had reports that on Digital Unix zombies | |
418 | are produced, so this ensures that they are reaped */ | |
419 | #ifdef WNOHANG | |
0503f060 | 420 | while (waitpid(-1, NULL, WNOHANG) > 0); |
31f440e6 AT |
421 | #endif |
422 | ||
f0fca04e AT |
423 | if (fork()==0) { |
424 | close(s); | |
15b84e14 DD |
425 | /* open log file in child before possibly giving |
426 | up privileges */ | |
427 | log_open(); | |
f0fca04e AT |
428 | _exit(fn(fd)); |
429 | } | |
430 | ||
431 | close(fd); | |
432 | } | |
f0fca04e AT |
433 | } |
434 | ||
435 | ||
436 | enum SOCK_OPT_TYPES {OPT_BOOL,OPT_INT,OPT_ON}; | |
437 | ||
438 | struct | |
439 | { | |
440 | char *name; | |
441 | int level; | |
442 | int option; | |
443 | int value; | |
444 | int opttype; | |
445 | } socket_options[] = { | |
446 | {"SO_KEEPALIVE", SOL_SOCKET, SO_KEEPALIVE, 0, OPT_BOOL}, | |
447 | {"SO_REUSEADDR", SOL_SOCKET, SO_REUSEADDR, 0, OPT_BOOL}, | |
448 | {"SO_BROADCAST", SOL_SOCKET, SO_BROADCAST, 0, OPT_BOOL}, | |
449 | #ifdef TCP_NODELAY | |
450 | {"TCP_NODELAY", IPPROTO_TCP, TCP_NODELAY, 0, OPT_BOOL}, | |
451 | #endif | |
452 | #ifdef IPTOS_LOWDELAY | |
453 | {"IPTOS_LOWDELAY", IPPROTO_IP, IP_TOS, IPTOS_LOWDELAY, OPT_ON}, | |
454 | #endif | |
455 | #ifdef IPTOS_THROUGHPUT | |
456 | {"IPTOS_THROUGHPUT", IPPROTO_IP, IP_TOS, IPTOS_THROUGHPUT, OPT_ON}, | |
457 | #endif | |
458 | #ifdef SO_SNDBUF | |
459 | {"SO_SNDBUF", SOL_SOCKET, SO_SNDBUF, 0, OPT_INT}, | |
460 | #endif | |
461 | #ifdef SO_RCVBUF | |
462 | {"SO_RCVBUF", SOL_SOCKET, SO_RCVBUF, 0, OPT_INT}, | |
463 | #endif | |
464 | #ifdef SO_SNDLOWAT | |
465 | {"SO_SNDLOWAT", SOL_SOCKET, SO_SNDLOWAT, 0, OPT_INT}, | |
466 | #endif | |
467 | #ifdef SO_RCVLOWAT | |
468 | {"SO_RCVLOWAT", SOL_SOCKET, SO_RCVLOWAT, 0, OPT_INT}, | |
469 | #endif | |
470 | #ifdef SO_SNDTIMEO | |
471 | {"SO_SNDTIMEO", SOL_SOCKET, SO_SNDTIMEO, 0, OPT_INT}, | |
472 | #endif | |
473 | #ifdef SO_RCVTIMEO | |
474 | {"SO_RCVTIMEO", SOL_SOCKET, SO_RCVTIMEO, 0, OPT_INT}, | |
475 | #endif | |
476 | {NULL,0,0,0,0}}; | |
477 | ||
478 | ||
479 | ||
480 | /**************************************************************************** | |
481 | set user socket options | |
482 | ****************************************************************************/ | |
483 | void set_socket_options(int fd, char *options) | |
484 | { | |
485 | char *tok; | |
a6801c39 AT |
486 | if (!options || !*options) return; |
487 | ||
f0fca04e AT |
488 | options = strdup(options); |
489 | ||
490 | if (!options) out_of_memory("set_socket_options"); | |
491 | ||
492 | for (tok=strtok(options, " \t,"); tok; tok=strtok(NULL," \t,")) { | |
493 | int ret=0,i; | |
494 | int value = 1; | |
495 | char *p; | |
496 | int got_value = 0; | |
497 | ||
498 | if ((p = strchr(tok,'='))) { | |
499 | *p = 0; | |
500 | value = atoi(p+1); | |
501 | got_value = 1; | |
502 | } | |
503 | ||
504 | for (i=0;socket_options[i].name;i++) | |
505 | if (strcmp(socket_options[i].name,tok)==0) | |
506 | break; | |
507 | ||
508 | if (!socket_options[i].name) { | |
509 | rprintf(FERROR,"Unknown socket option %s\n",tok); | |
510 | continue; | |
511 | } | |
512 | ||
513 | switch (socket_options[i].opttype) { | |
514 | case OPT_BOOL: | |
515 | case OPT_INT: | |
516 | ret = setsockopt(fd,socket_options[i].level, | |
517 | socket_options[i].option,(char *)&value,sizeof(int)); | |
518 | break; | |
519 | ||
520 | case OPT_ON: | |
521 | if (got_value) | |
522 | rprintf(FERROR,"syntax error - %s does not take a value\n",tok); | |
523 | ||
524 | { | |
525 | int on = socket_options[i].value; | |
526 | ret = setsockopt(fd,socket_options[i].level, | |
527 | socket_options[i].option,(char *)&on,sizeof(int)); | |
528 | } | |
529 | break; | |
530 | } | |
531 | ||
532 | if (ret != 0) | |
660c6fbd MP |
533 | rprintf(FERROR, "failed to set socket option %s: %s\n", tok, |
534 | strerror(errno)); | |
f0fca04e AT |
535 | } |
536 | ||
537 | free(options); | |
538 | } | |
539 | ||
540 | /**************************************************************************** | |
541 | become a daemon, discarding the controlling terminal | |
542 | ****************************************************************************/ | |
543 | void become_daemon(void) | |
544 | { | |
b11ed3b1 AT |
545 | int i; |
546 | ||
c46ded46 | 547 | if (fork()) { |
f0fca04e | 548 | _exit(0); |
c46ded46 | 549 | } |
f0fca04e AT |
550 | |
551 | /* detach from the terminal */ | |
552 | #ifdef HAVE_SETSID | |
553 | setsid(); | |
554 | #else | |
555 | #ifdef TIOCNOTTY | |
c46ded46 AT |
556 | i = open("/dev/tty", O_RDWR); |
557 | if (i >= 0) { | |
558 | ioctl(i, (int) TIOCNOTTY, (char *)0); | |
559 | close(i); | |
f0fca04e AT |
560 | } |
561 | #endif /* TIOCNOTTY */ | |
562 | #endif | |
b11ed3b1 AT |
563 | /* make sure that stdin, stdout an stderr don't stuff things |
564 | up (library functions, for example) */ | |
565 | for (i=0;i<3;i++) { | |
566 | close(i); | |
567 | open("/dev/null", O_RDWR); | |
568 | } | |
bc2e93eb | 569 | } |
ff8b29b8 | 570 | |
1f0fa931 MP |
571 | /** |
572 | * Return the IP addr of the client as a string | |
573 | **/ | |
ff8b29b8 AT |
574 | char *client_addr(int fd) |
575 | { | |
2d6dbe29 | 576 | struct sockaddr_storage ss; |
d54765c4 | 577 | socklen_t length = sizeof ss; |
ff8b29b8 | 578 | static char addr_buf[100]; |
11a5a3c7 AT |
579 | static int initialised; |
580 | ||
581 | if (initialised) return addr_buf; | |
582 | ||
583 | initialised = 1; | |
ff8b29b8 | 584 | |
07d70ff5 | 585 | client_sockaddr(fd, &ss, &length); |
06963d0f | 586 | |
2d6dbe29 | 587 | getnameinfo((struct sockaddr *)&ss, length, |
07d70ff5 MP |
588 | addr_buf, sizeof(addr_buf), NULL, 0, NI_NUMERICHOST); |
589 | ||
ff8b29b8 AT |
590 | return addr_buf; |
591 | } | |
592 | ||
593 | ||
51f289d1 | 594 | static int get_sockaddr_family(const struct sockaddr_storage *ss) |
d91c8c50 MP |
595 | { |
596 | return ((struct sockaddr *) ss)->sa_family; | |
597 | } | |
598 | ||
599 | ||
1f0fa931 | 600 | /** |
d1d15050 MP |
601 | * Return the DNS name of the client. |
602 | * | |
603 | * The name is statically cached so that repeated lookups are quick, | |
604 | * so there is a limit of one lookup per customer. | |
885448d7 MP |
605 | * |
606 | * If anything goes wrong, including the name->addr->name check, then | |
607 | * we just use "UNKNOWN", so you can use that value in hosts allow | |
608 | * lines. | |
1f0fa931 | 609 | **/ |
ff8b29b8 AT |
610 | char *client_name(int fd) |
611 | { | |
2d6dbe29 | 612 | struct sockaddr_storage ss; |
9a5a8673 | 613 | socklen_t ss_len = sizeof ss; |
ff8b29b8 | 614 | static char name_buf[100]; |
06963d0f | 615 | static char port_buf[100]; |
11a5a3c7 AT |
616 | static int initialised; |
617 | ||
618 | if (initialised) return name_buf; | |
619 | ||
885448d7 | 620 | strcpy(name_buf, default_name); |
11a5a3c7 | 621 | initialised = 1; |
ff8b29b8 | 622 | |
07d70ff5 | 623 | client_sockaddr(fd, &ss, &ss_len); |
ff8b29b8 | 624 | |
2974e205 MP |
625 | if (!lookup_name(fd, &ss, ss_len, name_buf, sizeof name_buf, port_buf, sizeof port_buf)) |
626 | check_name(fd, &ss, ss_len, name_buf, port_buf); | |
9a5a8673 MP |
627 | |
628 | return name_buf; | |
629 | } | |
630 | ||
631 | ||
07d70ff5 | 632 | |
9a5a8673 | 633 | /** |
07d70ff5 | 634 | * Get the sockaddr for the client. |
9a5a8673 | 635 | **/ |
07d70ff5 MP |
636 | void client_sockaddr(int fd, |
637 | struct sockaddr_storage *ss, | |
638 | socklen_t *ss_len) | |
9a5a8673 | 639 | { |
07d70ff5 MP |
640 | if (getpeername(fd, (struct sockaddr *)&ss, ss_len)) { |
641 | /* FIXME: Can we really not continue? */ | |
642 | rprintf(FERROR, RSYNC_NAME ": getpeername on fd%d failed: %s\n", | |
643 | fd, strerror(errno)); | |
644 | exit_cleanup(RERR_SOCKETIO); | |
645 | } | |
646 | ||
06963d0f | 647 | #ifdef INET6 |
9a5a8673 MP |
648 | if (get_sockaddr_family(ss) == AF_INET6 && |
649 | IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)ss)->sin6_addr)) { | |
362099a5 MP |
650 | /* OK, so ss is in the IPv6 family, but it is really |
651 | * an IPv4 address: something like | |
652 | * "::ffff:10.130.1.2". If we use it as-is, then the | |
653 | * reverse lookup might fail or perhaps something else | |
654 | * bad might happen. So instead we convert it to an | |
655 | * equivalent address in the IPv4 address family. */ | |
06963d0f MP |
656 | struct sockaddr_in6 sin6; |
657 | struct sockaddr_in *sin; | |
658 | ||
9a5a8673 MP |
659 | memcpy(&sin6, ss, sizeof(sin6)); |
660 | sin = (struct sockaddr_in *)ss; | |
06963d0f MP |
661 | memset(sin, 0, sizeof(*sin)); |
662 | sin->sin_family = AF_INET; | |
07d70ff5 | 663 | *ss_len = sizeof(struct sockaddr_in); |
06963d0f | 664 | #ifdef HAVE_SOCKADDR_LEN |
07d70ff5 | 665 | sin->sin_len = *ss_len; |
06963d0f MP |
666 | #endif |
667 | sin->sin_port = sin6.sin6_port; | |
07d70ff5 MP |
668 | |
669 | /* There is a macro to extract the mapped part | |
670 | * (IN6_V4MAPPED_TO_SINADDR ?), but it does not seem | |
671 | * to be present in the Linux headers. */ | |
06963d0f MP |
672 | memcpy(&sin->sin_addr, &sin6.sin6_addr.s6_addr[12], |
673 | sizeof(sin->sin_addr)); | |
674 | } | |
675 | #endif | |
07d70ff5 MP |
676 | } |
677 | ||
06963d0f | 678 | |
07d70ff5 MP |
679 | /** |
680 | * Look up a name from @p ss into @p name_buf. | |
681 | **/ | |
682 | int lookup_name(int fd, const struct sockaddr_storage *ss, | |
683 | socklen_t ss_len, | |
684 | char *name_buf, size_t name_buf_len, | |
685 | char *port_buf, size_t port_buf_len) | |
686 | { | |
687 | int name_err; | |
688 | ||
06963d0f | 689 | /* reverse lookup */ |
b14545b3 MP |
690 | name_err = getnameinfo((struct sockaddr *) ss, ss_len, |
691 | name_buf, name_buf_len, | |
692 | port_buf, port_buf_len, | |
693 | NI_NAMEREQD | NI_NUMERICSERV); | |
694 | if (name_err != 0) { | |
885448d7 | 695 | strcpy(name_buf, default_name); |
2974e205 MP |
696 | rprintf(FERROR, RSYNC_NAME ": name lookup failed for %s: %s\n", |
697 | client_addr(fd), | |
9a5a8673 MP |
698 | gai_strerror(name_err)); |
699 | return name_err; | |
ff8b29b8 AT |
700 | } |
701 | ||
9a5a8673 MP |
702 | return 0; |
703 | } | |
704 | ||
705 | ||
706 | ||
707 | /* Do a forward lookup on name_buf and make sure it corresponds to ss | |
708 | * -- otherwise we may be being spoofed. If we suspect we are, then | |
709 | * we don't abort the connection but just emit a warning. */ | |
2974e205 MP |
710 | int check_name(int fd, |
711 | const struct sockaddr_storage *ss, | |
712 | socklen_t ss_len, | |
713 | char *name_buf, | |
714 | const char *port_buf) | |
9a5a8673 MP |
715 | { |
716 | struct addrinfo hints, *res, *res0; | |
717 | int error; | |
718 | ||
06963d0f MP |
719 | memset(&hints, 0, sizeof(hints)); |
720 | hints.ai_family = PF_UNSPEC; | |
721 | hints.ai_flags = AI_CANONNAME; | |
722 | hints.ai_socktype = SOCK_STREAM; | |
723 | error = getaddrinfo(name_buf, port_buf, &hints, &res0); | |
724 | if (error) { | |
7ef6aa64 | 725 | rprintf(FERROR, |
9a5a8673 MP |
726 | RSYNC_NAME ": forward name lookup for %s:%s failed: %s\n", |
727 | name_buf, port_buf, | |
7ef6aa64 | 728 | gai_strerror(error)); |
71c780da | 729 | strcpy(name_buf, default_name); |
9a5a8673 | 730 | return error; |
06963d0f | 731 | } |
de5fb374 | 732 | |
9a5a8673 MP |
733 | |
734 | /* We expect that one of the results will be the same as ss. */ | |
06963d0f | 735 | for (res = res0; res; res = res->ai_next) { |
9a5a8673 | 736 | if (res->ai_family != get_sockaddr_family(ss)) |
06963d0f | 737 | continue; |
9a5a8673 | 738 | if (res->ai_addrlen != ss_len) |
06963d0f | 739 | continue; |
9a5a8673 | 740 | if (memcmp(res->ai_addr, ss, res->ai_addrlen) == 0) |
06963d0f MP |
741 | break; |
742 | } | |
743 | ||
06963d0f | 744 | if (res == NULL) { |
9a5a8673 MP |
745 | /* We hit the end of the list without finding an |
746 | * address that was the same as ss. */ | |
747 | rprintf(FERROR, RSYNC_NAME | |
71c780da | 748 | ": %s is not a known address for \"%s\": " |
2974e205 | 749 | "spoofed address?\n", |
71c780da MP |
750 | client_addr(fd), |
751 | name_buf); | |
752 | strcpy(name_buf, default_name); | |
de5fb374 AT |
753 | } |
754 | ||
06963d0f | 755 | freeaddrinfo(res0); |
9a5a8673 | 756 | return 0; |
ff8b29b8 | 757 | } |
5c9730a4 | 758 | |
eecd22ff MP |
759 | |
760 | /******************************************************************* | |
761 | this is like socketpair but uses tcp. It is used by the Samba | |
762 | regression test code | |
763 | The function guarantees that nobody else can attach to the socket, | |
764 | or if they do that this function fails and the socket gets closed | |
765 | returns 0 on success, -1 on failure | |
766 | the resulting file descriptors are symmetrical | |
767 | ******************************************************************/ | |
768 | static int socketpair_tcp(int fd[2]) | |
769 | { | |
770 | int listener; | |
771 | struct sockaddr_in sock; | |
772 | struct sockaddr_in sock2; | |
773 | socklen_t socklen = sizeof(sock); | |
774 | int connect_done = 0; | |
775 | ||
776 | fd[0] = fd[1] = listener = -1; | |
777 | ||
778 | memset(&sock, 0, sizeof(sock)); | |
779 | ||
780 | if ((listener = socket(PF_INET, SOCK_STREAM, 0)) == -1) goto failed; | |
781 | ||
782 | memset(&sock2, 0, sizeof(sock2)); | |
783 | #ifdef HAVE_SOCK_SIN_LEN | |
784 | sock2.sin_len = sizeof(sock2); | |
785 | #endif | |
786 | sock2.sin_family = PF_INET; | |
787 | ||
788 | bind(listener, (struct sockaddr *)&sock2, sizeof(sock2)); | |
789 | ||
790 | if (listen(listener, 1) != 0) goto failed; | |
791 | ||
792 | if (getsockname(listener, (struct sockaddr *)&sock, &socklen) != 0) goto failed; | |
793 | ||
794 | if ((fd[1] = socket(PF_INET, SOCK_STREAM, 0)) == -1) goto failed; | |
795 | ||
796 | set_nonblocking(fd[1]); | |
797 | ||
798 | sock.sin_addr.s_addr = htonl(INADDR_LOOPBACK); | |
799 | ||
800 | if (connect(fd[1],(struct sockaddr *)&sock,sizeof(sock)) == -1) { | |
801 | if (errno != EINPROGRESS) goto failed; | |
802 | } else { | |
803 | connect_done = 1; | |
804 | } | |
805 | ||
806 | if ((fd[0] = accept(listener, (struct sockaddr *)&sock, &socklen)) == -1) goto failed; | |
807 | ||
808 | close(listener); | |
809 | if (connect_done == 0) { | |
810 | if (connect(fd[1],(struct sockaddr *)&sock,sizeof(sock)) != 0 | |
811 | && errno != EISCONN) goto failed; | |
812 | } | |
813 | ||
814 | set_blocking (fd[1]); | |
815 | ||
816 | /* all OK! */ | |
817 | return 0; | |
818 | ||
819 | failed: | |
820 | if (fd[0] != -1) close(fd[0]); | |
821 | if (fd[1] != -1) close(fd[1]); | |
822 | if (listener != -1) close(listener); | |
823 | return -1; | |
824 | } | |
825 | ||
826 | ||
d02984bb MP |
827 | |
828 | /** | |
829 | * Run a program on a local tcp socket, so that we can talk to it's | |
255810c0 MP |
830 | * stdin and stdout. This is used to fake a connection to a daemon |
831 | * for testing -- not for the normal case of running SSH. | |
d02984bb MP |
832 | * |
833 | * @return a socket which is attached to a subprocess running | |
834 | * "prog". stdin and stdout are attached. stderr is left attached to | |
835 | * the original stderr | |
836 | **/ | |
eecd22ff MP |
837 | int sock_exec(const char *prog) |
838 | { | |
839 | int fd[2]; | |
5d264037 | 840 | |
eecd22ff MP |
841 | if (socketpair_tcp(fd) != 0) { |
842 | rprintf (FERROR, RSYNC_NAME | |
843 | ": socketpair_tcp failed (%s)\n", | |
844 | strerror(errno)); | |
845 | return -1; | |
846 | } | |
847 | if (fork() == 0) { | |
848 | close(fd[0]); | |
849 | close(0); | |
850 | close(1); | |
851 | dup(fd[1]); | |
852 | dup(fd[1]); | |
5d264037 MP |
853 | if (verbose > 3) { |
854 | /* Can't use rprintf because we've forked. */ | |
eecd22ff MP |
855 | fprintf (stderr, |
856 | RSYNC_NAME ": execute socket program \"%s\"\n", | |
857 | prog); | |
5d264037 | 858 | } |
eecd22ff MP |
859 | exit (system (prog)); |
860 | } | |
861 | close (fd[1]); | |
862 | return fd[0]; | |
863 | } | |
864 | ||
865 | ||
866 |