2 * Socket functions used in rsync.
4 * Copyright (C) 1992-2001 Andrew Tridgell <tridge@samba.org>
5 * Copyright (C) 2001, 2002 Martin Pool <mbp@samba.org>
6 * Copyright (C) 2003-2009 Wayne Davison
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, visit the http://fsf.org website.
22 /* This file is now converted to use the new-style getaddrinfo()
23 * interface, which supports IPv6 but is also supported on recent
24 * IPv4-only machines. On systems that don't have that interface, we
25 * emulate it using the KAME implementation. */
29 #include <netinet/in_systm.h>
30 #include <netinet/ip.h>
31 #include <netinet/tcp.h>
33 extern char *bind_address;
34 extern char *sockopts;
35 extern int default_af_hint;
36 extern int connect_timeout;
39 static struct sigaction sigact;
42 static int sock_exec(const char *prog);
44 /* Establish a proxy connection on an open socket to a web proxy by using the
45 * CONNECT method. If proxy_user and proxy_pass are not NULL, they are used to
46 * authenticate to the proxy using the "Basic" proxy-authorization protocol. */
47 static int establish_proxy_connection(int fd, char *host, int port,
48 char *proxy_user, char *proxy_pass)
50 char *cp, buffer[1024];
51 char *authhdr, authbuf[1024];
54 if (proxy_user && proxy_pass) {
55 stringjoin(buffer, sizeof buffer,
56 proxy_user, ":", proxy_pass, NULL);
59 if ((len*8 + 5) / 6 >= (int)sizeof authbuf - 3) {
61 "authentication information is too long\n");
65 base64_encode(buffer, len, authbuf, 1);
66 authhdr = "\r\nProxy-Authorization: Basic ";
72 snprintf(buffer, sizeof buffer, "CONNECT %s:%d HTTP/1.0%s%s\r\n\r\n",
73 host, port, authhdr, authbuf);
75 if (write(fd, buffer, len) != len) {
76 rsyserr(FERROR, errno, "failed to write to proxy");
80 for (cp = buffer; cp < &buffer[sizeof buffer - 1]; cp++) {
81 if (read(fd, cp, 1) != 1) {
82 rsyserr(FERROR, errno, "failed to read from proxy");
94 if (strncmp(buffer, "HTTP/", 5) != 0) {
95 rprintf(FERROR, "bad response from proxy -- %s\n",
99 for (cp = &buffer[5]; isDigit(cp) || *cp == '.'; cp++) {}
103 rprintf(FERROR, "bad response from proxy -- %s\n",
107 /* throw away the rest of the HTTP header */
109 for (cp = buffer; cp < &buffer[sizeof buffer - 1]; cp++) {
110 if (read(fd, cp, 1) != 1) {
111 rsyserr(FERROR, errno,
112 "failed to read from proxy");
118 if (cp > buffer && *cp == '\n')
120 if (cp == buffer && (*cp == '\n' || *cp == '\r'))
127 /* Try to set the local address for a newly-created socket.
128 * Return -1 if this fails. */
129 int try_bind_local(int s, int ai_family, int ai_socktype,
130 const char *bind_addr)
133 struct addrinfo bhints, *bres_all, *r;
135 memset(&bhints, 0, sizeof bhints);
136 bhints.ai_family = ai_family;
137 bhints.ai_socktype = ai_socktype;
138 bhints.ai_flags = AI_PASSIVE;
139 if ((error = getaddrinfo(bind_addr, NULL, &bhints, &bres_all))) {
140 rprintf(FERROR, RSYNC_NAME ": getaddrinfo %s: %s\n",
141 bind_addr, gai_strerror(error));
145 for (r = bres_all; r; r = r->ai_next) {
146 if (bind(s, r->ai_addr, r->ai_addrlen) == -1)
148 freeaddrinfo(bres_all);
152 /* no error message; there might be some problem that allows
153 * creation of the socket but not binding, perhaps if the
154 * machine has no ipv6 address of this name. */
155 freeaddrinfo(bres_all);
159 /* connect() timeout handler based on alarm() */
160 static RETSIGTYPE contimeout_handler(UNUSED(int val))
162 connect_timeout = -1;
165 /* Open a socket to a tcp remote host with the specified port.
167 * Based on code from Warren. Proxy support by Stephen Rothwell.
168 * getaddrinfo() rewrite contributed by KAME.net.
170 * Now that we support IPv6 we need to look up the remote machine's address
171 * first, using af_hint to set a preference for the type of address. Then
172 * depending on whether it has v4 or v6 addresses we try to open a connection.
174 * The loop allows for machines with some addresses which may not be reachable,
175 * perhaps because we can't e.g. route ipv6 to that network but we can get ip4
178 * bind_addr: local address to use. Normally NULL to bind the wildcard address.
180 * af_hint: address family, e.g. AF_INET or AF_INET6. */
181 int open_socket_out(char *host, int port, const char *bind_addr,
184 int type = SOCK_STREAM;
186 struct addrinfo hints, *res0, *res;
191 char *proxy_user = NULL, *proxy_pass = NULL;
193 /* if we have a RSYNC_PROXY env variable then redirect our
194 * connetcion via a web proxy at the given address. */
195 h = getenv("RSYNC_PROXY");
196 proxied = h != NULL && *h != '\0';
199 strlcpy(buffer, h, sizeof buffer);
201 /* Is the USER:PASS@ prefix present? */
202 if ((cp = strrchr(buffer, '@')) != NULL) {
204 /* The remainder is the HOST:PORT part. */
207 if ((cp = strchr(buffer, ':')) == NULL) {
209 "invalid proxy specification: should be USER:PASS@HOST:PORT\n");
217 /* The whole buffer is the HOST:PORT part. */
221 if ((cp = strchr(h, ':')) == NULL) {
223 "invalid proxy specification: should be HOST:PORT\n");
227 strlcpy(portbuf, cp, sizeof portbuf);
228 if (DEBUG_GTE(CONNECT, 1)) {
229 rprintf(FINFO, "connection via http proxy %s port %s\n",
233 snprintf(portbuf, sizeof portbuf, "%d", port);
237 memset(&hints, 0, sizeof hints);
238 hints.ai_family = af_hint;
239 hints.ai_socktype = type;
240 error = getaddrinfo(h, portbuf, &hints, &res0);
242 rprintf(FERROR, RSYNC_NAME ": getaddrinfo: %s %s: %s\n",
243 h, portbuf, gai_strerror(error));
248 /* Try to connect to all addresses for this machine until we get
249 * through. It might e.g. be multi-homed, or have both IPv4 and IPv6
250 * addresses. We need to create a socket for each record, since the
251 * address record tells us what protocol to use to try to connect. */
252 for (res = res0; res; res = res->ai_next) {
253 s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
258 && try_bind_local(s, res->ai_family, type,
264 if (connect_timeout > 0) {
265 SIGACTION(SIGALRM, contimeout_handler);
266 alarm(connect_timeout);
269 set_socket_options(s, sockopts);
270 while (connect(s, res->ai_addr, res->ai_addrlen) < 0) {
271 if (connect_timeout < 0)
272 exit_cleanup(RERR_CONTIMEOUT);
280 if (connect_timeout > 0)
287 && establish_proxy_connection(s, host, port,
288 proxy_user, proxy_pass) != 0) {
297 rsyserr(FERROR, errno, "failed to connect to %s", h);
304 /* Open an outgoing socket, but allow for it to be intercepted by
305 * $RSYNC_CONNECT_PROG, which will execute a program across a TCP
306 * socketpair rather than really opening a socket.
308 * We use this primarily in testing to detect TCP flow bugs, but not
309 * cause security problems by really opening remote connections.
311 * This is based on the Samba LIBSMB_PROG feature.
313 * bind_addr: local address to use. Normally NULL to get the stack default. */
314 int open_socket_out_wrapped(char *host, int port, const char *bind_addr,
317 char *prog = getenv("RSYNC_CONNECT_PROG");
319 if (prog && strchr(prog, '%')) {
320 int hlen = strlen(host);
321 int len = strlen(prog) + 1;
323 for (f = prog; *f; f++) {
326 /* Compute more than enough room. */
333 if (!(prog = new_array(char, len)))
334 out_of_memory("open_socket_out_wrapped");
335 for (t = prog; *f; f++) {
339 /* Just skips the extra '%'. */
342 memcpy(t, host, hlen);
346 f--; /* pass % through */
355 if (DEBUG_GTE(CONNECT, 1)) {
356 rprintf(FINFO, "%sopening tcp connection to %s port %d\n",
357 prog ? "Using RSYNC_CONNECT_PROG instead of " : "",
361 return sock_exec(prog);
362 return open_socket_out(host, port, bind_addr, af_hint);
366 /* Open one or more sockets for incoming data using the specified type,
369 * The getaddrinfo() call may return several address results, e.g. for
370 * the machine's IPv4 and IPv6 name.
372 * We return an array of file-descriptors to the sockets, with a trailing
373 * -1 value to indicate the end of the list.
375 * bind_addr: local address to bind, or NULL to allow it to default. */
376 static int *open_socket_in(int type, int port, const char *bind_addr,
380 int s, *socks, maxs, i, ecnt;
381 struct addrinfo hints, *all_ai, *resp;
382 char portbuf[10], **errmsgs;
385 memset(&hints, 0, sizeof hints);
386 hints.ai_family = af_hint;
387 hints.ai_socktype = type;
388 hints.ai_flags = AI_PASSIVE;
389 snprintf(portbuf, sizeof portbuf, "%d", port);
390 error = getaddrinfo(bind_addr, portbuf, &hints, &all_ai);
392 rprintf(FERROR, RSYNC_NAME ": getaddrinfo: bind address %s: %s\n",
393 bind_addr, gai_strerror(error));
397 /* Count max number of sockets we might open. */
398 for (maxs = 0, resp = all_ai; resp; resp = resp->ai_next, maxs++) {}
400 socks = new_array(int, maxs + 1);
401 errmsgs = new_array(char *, maxs);
402 if (!socks || !errmsgs)
403 out_of_memory("open_socket_in");
405 /* We may not be able to create the socket, if for example the
406 * machine knows about IPv6 in the C library, but not in the
408 for (resp = all_ai, i = ecnt = 0; resp; resp = resp->ai_next) {
409 s = socket(resp->ai_family, resp->ai_socktype,
413 int r = asprintf(&errmsgs[ecnt++],
414 "socket(%d,%d,%d) failed: %s\n",
415 (int)resp->ai_family, (int)resp->ai_socktype,
416 (int)resp->ai_protocol, strerror(errno));
418 out_of_memory("open_socket_in");
419 /* See if there's another address that will work... */
423 setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
424 (char *)&one, sizeof one);
426 set_socket_options(s, sockopts);
428 set_socket_options(s, lp_socket_options());
431 if (resp->ai_family == AF_INET6) {
432 if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
433 (char *)&one, sizeof one) < 0
434 && default_af_hint != AF_INET6) {
441 /* Now we've got a socket - we need to bind it. */
442 if (bind(s, resp->ai_addr, resp->ai_addrlen) < 0) {
443 /* Nope, try another */
444 int r = asprintf(&errmsgs[ecnt++],
445 "bind() failed: %s (address-family %d)\n",
446 strerror(errno), (int)resp->ai_family);
448 out_of_memory("open_socket_in");
458 freeaddrinfo(all_ai);
460 /* Only output the socket()/bind() messages if we were totally
461 * unsuccessful, or if the daemon is being run with -vv. */
462 for (s = 0; s < ecnt; s++) {
463 if (!i || DEBUG_GTE(BIND, 1))
464 rwrite(FLOG, errmsgs[s], strlen(errmsgs[s]), 0);
471 "unable to bind any inbound sockets on port %d\n",
480 /* Determine if a file descriptor is in fact a socket. */
481 int is_a_socket(int fd)
484 socklen_t l = sizeof (int);
486 /* Parameters to getsockopt, setsockopt etc are very
487 * unstandardized across platforms, so don't be surprised if
488 * there are compiler warnings on e.g. SCO OpenSwerver or AIX.
489 * It seems they all eventually get the right idea.
491 * Debian says: ``The fifth argument of getsockopt and
492 * setsockopt is in reality an int [*] (and this is what BSD
493 * 4.* and libc4 and libc5 have). Some POSIX confusion
494 * resulted in the present socklen_t. The draft standard has
495 * not been adopted yet, but glibc2 already follows it and
496 * also has socklen_t [*]. See also accept(2).''
498 * We now return to your regularly scheduled programming. */
499 return getsockopt(fd, SOL_SOCKET, SO_TYPE, (char *)&v, &l) == 0;
503 static RETSIGTYPE sigchld_handler(UNUSED(int val))
506 while (waitpid(-1, NULL, WNOHANG) > 0) {}
508 #ifndef HAVE_SIGACTION
509 signal(SIGCHLD, sigchld_handler);
514 void start_accept_loop(int port, int (*fn)(int, int))
519 #ifdef HAVE_SIGACTION
520 sigact.sa_flags = SA_NOCLDSTOP;
523 /* open an incoming socket */
524 sp = open_socket_in(SOCK_STREAM, port, bind_address, default_af_hint);
526 exit_cleanup(RERR_SOCKETIO);
528 /* ready to listen */
530 for (i = 0, maxfd = -1; sp[i] >= 0; i++) {
531 if (listen(sp[i], 5) < 0) {
532 rsyserr(FERROR, errno, "listen() on socket failed");
534 if (errno == EADDRINUSE && i > 0) {
536 "Try using --ipv4 or --ipv6 to avoid this listen() error.\n");
539 exit_cleanup(RERR_SOCKETIO);
541 FD_SET(sp[i], &deffds);
546 /* now accept incoming connections - forking a new process
547 * for each incoming connection */
552 struct sockaddr_storage addr;
553 socklen_t addrlen = sizeof addr;
555 /* close log file before the potentially very long select so
556 * file can be trimmed by another process instead of growing
561 FD_COPY(&deffds, &fds);
566 if (select(maxfd + 1, &fds, NULL, NULL, NULL) < 1)
569 for (i = 0, fd = -1; sp[i] >= 0; i++) {
570 if (FD_ISSET(sp[i], &fds)) {
571 fd = accept(sp[i], (struct sockaddr *)&addr,
580 SIGACTION(SIGCHLD, sigchld_handler);
582 if ((pid = fork()) == 0) {
584 for (i = 0; sp[i] >= 0; i++)
586 /* Re-open log file in child before possibly giving
587 * up privileges (see logfile_close() above). */
592 } else if (pid < 0) {
593 rsyserr(FERROR, errno,
594 "could not create child server process");
596 /* This might have happened because we're
597 * overloaded. Sleep briefly before trying to
601 /* Parent doesn't need this fd anymore. */
608 enum SOCK_OPT_TYPES {OPT_BOOL,OPT_INT,OPT_ON};
617 } socket_options[] = {
618 {"SO_KEEPALIVE", SOL_SOCKET, SO_KEEPALIVE, 0, OPT_BOOL},
619 {"SO_REUSEADDR", SOL_SOCKET, SO_REUSEADDR, 0, OPT_BOOL},
620 {"SO_BROADCAST", SOL_SOCKET, SO_BROADCAST, 0, OPT_BOOL},
622 {"TCP_NODELAY", IPPROTO_TCP, TCP_NODELAY, 0, OPT_BOOL},
624 #ifdef IPTOS_LOWDELAY
625 {"IPTOS_LOWDELAY", IPPROTO_IP, IP_TOS, IPTOS_LOWDELAY, OPT_ON},
627 #ifdef IPTOS_THROUGHPUT
628 {"IPTOS_THROUGHPUT", IPPROTO_IP, IP_TOS, IPTOS_THROUGHPUT, OPT_ON},
631 {"SO_SNDBUF", SOL_SOCKET, SO_SNDBUF, 0, OPT_INT},
634 {"SO_RCVBUF", SOL_SOCKET, SO_RCVBUF, 0, OPT_INT},
637 {"SO_SNDLOWAT", SOL_SOCKET, SO_SNDLOWAT, 0, OPT_INT},
640 {"SO_RCVLOWAT", SOL_SOCKET, SO_RCVLOWAT, 0, OPT_INT},
643 {"SO_SNDTIMEO", SOL_SOCKET, SO_SNDTIMEO, 0, OPT_INT},
646 {"SO_RCVTIMEO", SOL_SOCKET, SO_RCVTIMEO, 0, OPT_INT},
652 /* Set user socket options. */
653 void set_socket_options(int fd, char *options)
657 if (!options || !*options)
660 options = strdup(options);
663 out_of_memory("set_socket_options");
665 for (tok = strtok(options, " \t,"); tok; tok = strtok(NULL," \t,")) {
671 if ((p = strchr(tok,'='))) {
677 for (i = 0; socket_options[i].name; i++) {
678 if (strcmp(socket_options[i].name,tok)==0)
682 if (!socket_options[i].name) {
683 rprintf(FERROR,"Unknown socket option %s\n",tok);
687 switch (socket_options[i].opttype) {
690 ret = setsockopt(fd,socket_options[i].level,
691 socket_options[i].option,
692 (char *)&value, sizeof (int));
697 rprintf(FERROR,"syntax error -- %s does not take a value\n",tok);
700 int on = socket_options[i].value;
701 ret = setsockopt(fd,socket_options[i].level,
702 socket_options[i].option,
703 (char *)&on, sizeof (int));
709 rsyserr(FERROR, errno,
710 "failed to set socket option %s", tok);
718 /* This is like socketpair but uses tcp. The function guarantees that nobody
719 * else can attach to the socket, or if they do that this function fails and
720 * the socket gets closed. Returns 0 on success, -1 on failure. The resulting
721 * file descriptors are symmetrical. Currently only for RSYNC_CONNECT_PROG. */
722 static int socketpair_tcp(int fd[2])
725 struct sockaddr_in sock;
726 struct sockaddr_in sock2;
727 socklen_t socklen = sizeof sock;
728 int connect_done = 0;
730 fd[0] = fd[1] = listener = -1;
732 memset(&sock, 0, sizeof sock);
734 if ((listener = socket(PF_INET, SOCK_STREAM, 0)) == -1)
737 memset(&sock2, 0, sizeof sock2);
738 #ifdef HAVE_SOCKADDR_IN_LEN
739 sock2.sin_len = sizeof sock2;
741 sock2.sin_family = PF_INET;
742 sock2.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
744 if (bind(listener, (struct sockaddr *)&sock2, sizeof sock2) != 0
745 || listen(listener, 1) != 0
746 || getsockname(listener, (struct sockaddr *)&sock, &socklen) != 0
747 || (fd[1] = socket(PF_INET, SOCK_STREAM, 0)) == -1)
750 set_nonblocking(fd[1]);
752 sock.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
754 if (connect(fd[1], (struct sockaddr *)&sock, sizeof sock) == -1) {
755 if (errno != EINPROGRESS)
760 if ((fd[0] = accept(listener, (struct sockaddr *)&sock2, &socklen)) == -1)
768 if (connect_done == 0) {
769 if (connect(fd[1], (struct sockaddr *)&sock, sizeof sock) != 0
788 /* Run a program on a local tcp socket, so that we can talk to it's stdin and
789 * stdout. This is used to fake a connection to a daemon for testing -- not
790 * for the normal case of running SSH.
792 * Retruns a socket which is attached to a subprocess running "prog". stdin and
793 * stdout are attached. stderr is left attached to the original stderr. */
794 static int sock_exec(const char *prog)
799 if (socketpair_tcp(fd) != 0) {
800 rsyserr(FERROR, errno, "socketpair_tcp failed");
803 if (DEBUG_GTE(CMD, 1))
804 rprintf(FINFO, "Running socket program: \"%s\"\n", prog);
808 rsyserr(FERROR, errno, "fork");
809 exit_cleanup(RERR_IPC);
814 if (dup2(fd[1], STDIN_FILENO) < 0
815 || dup2(fd[1], STDOUT_FILENO) < 0) {
816 fprintf(stderr, "Failed to run \"%s\"\n", prog);