X-Git-Url: https://mattmccutchen.net/rsync/rsync.git/blobdiff_plain/ff8b29b8c62f377ede40fbf0cbbaa428bd8df60a..0503f06089b89aa4166d6ced8d5901ad6a112c41:/socket.c diff --git a/socket.c b/socket.c index 5ee31f6d..4c81d597 100644 --- a/socket.c +++ b/socket.c @@ -23,37 +23,133 @@ #include "rsync.h" + +/* establish a proxy connection on an open socket to a web roxy by using the CONNECT + method */ +static int establish_proxy_connection(int fd, char *host, int port) +{ + char buffer[1024]; + char *cp; + + slprintf(buffer, sizeof(buffer), "CONNECT %s:%d HTTP/1.0\r\n\r\n", host, port); + if (write(fd, buffer, strlen(buffer)) != strlen(buffer)) { + rprintf(FERROR, "failed to write to proxy - %s\n", + strerror(errno)); + return -1; + } + + for (cp = buffer; cp < &buffer[sizeof(buffer) - 1]; cp++) { + if (read(fd, cp, 1) != 1) { + rprintf(FERROR, "failed to read from proxy\n"); + return -1; + } + if (*cp == '\n') + break; + } + + if (*cp != '\n') + cp++; + *cp-- = '\0'; + if (*cp == '\r') + *cp = '\0'; + if (strncmp(buffer, "HTTP/", 5) != 0) { + rprintf(FERROR, "bad response from proxy - %s\n", + buffer); + return -1; + } + for (cp = &buffer[5]; isdigit(*cp) || (*cp == '.'); cp++) + ; + while (*cp == ' ') + cp++; + if (*cp != '2') { + rprintf(FERROR, "bad response from proxy - %s\n", + buffer); + return -1; + } + /* throw away the rest of the HTTP header */ + while (1) { + for (cp = buffer; cp < &buffer[sizeof(buffer) - 1]; + cp++) { + if (read(fd, cp, 1) != 1) { + rprintf(FERROR, "failed to read from proxy\n"); + return -1; + } + if (*cp == '\n') + break; + } + if ((cp > buffer) && (*cp == '\n')) + cp--; + if ((cp == buffer) && ((*cp == '\n') || (*cp == '\r'))) + break; + } + return 0; +} + + /* open a socket to a tcp remote host with the specified port - based on code from Warren */ + based on code from Warren + proxy support by Stephen Rothwell */ int open_socket_out(char *host, int port) { int type = SOCK_STREAM; struct sockaddr_in sock_out; int res; struct hostent *hp; - + char *h; + unsigned p; + int proxied = 0; + char buffer[1024]; + char *cp; + + /* if we have a RSYNC_PROXY env variable then redirect our connetcion via a web proxy + at the given address. The format is hostname:port */ + h = getenv("RSYNC_PROXY"); + proxied = (h != NULL) && (*h != '\0'); + + if (proxied) { + strlcpy(buffer, h, sizeof(buffer)); + cp = strchr(buffer, ':'); + if (cp == NULL) { + rprintf(FERROR, "invalid proxy specification\n"); + return -1; + } + *cp++ = '\0'; + p = atoi(cp); + h = buffer; + } else { + h = host; + p = port; + } res = socket(PF_INET, type, 0); if (res == -1) { return -1; } - hp = gethostbyname(host); + hp = gethostbyname(h); if (!hp) { - rprintf(FERROR,"unknown host: %s\n", host); + rprintf(FERROR,"unknown host: %s\n", h); + close(res); return -1; } memcpy(&sock_out.sin_addr, hp->h_addr, hp->h_length); - sock_out.sin_port = htons(port); + sock_out.sin_port = htons(p); sock_out.sin_family = PF_INET; if (connect(res,(struct sockaddr *)&sock_out,sizeof(sock_out))) { + rprintf(FERROR,"failed to connect to %s - %s\n", h, strerror(errno)); close(res); - rprintf(FERROR,"failed to connect to %s - %s\n", host, strerror(errno)); return -1; } + if (proxied && establish_proxy_connection(res, host, port) != 0) { + close(res); + return -1; + } + + set_nonblocking(res); + return res; } @@ -65,7 +161,7 @@ static int open_socket_in(int type, int port) { struct hostent *hp; struct sockaddr_in sock; - char host_name[200]; + char host_name[MAXHOSTNAMELEN]; int res; int one=1; @@ -81,7 +177,7 @@ static int open_socket_in(int type, int port) return -1; } - bzero((char *)&sock,sizeof(sock)); + memset((char *)&sock,0,sizeof(sock)); memcpy((char *)&sock.sin_addr,(char *)hp->h_addr, hp->h_length); sock.sin_port = htons(port); sock.sin_family = hp->h_addrtype; @@ -110,9 +206,9 @@ determine if a file descriptor is in fact a socket ****************************************************************************/ int is_a_socket(int fd) { - int v,l; - l = sizeof(int); - return(getsockopt(fd, SOL_SOCKET, SO_TYPE, (char *)&v, &l) == 0); + int v,l; + l = sizeof(int); + return(getsockopt(fd, SOL_SOCKET, SO_TYPE, (char *)&v, &l) == 0); } @@ -120,17 +216,15 @@ void start_accept_loop(int port, int (*fn)(int )) { int s; - signal(SIGCLD, SIG_IGN); - /* open an incoming socket */ s = open_socket_in(SOCK_STREAM, port); if (s == -1) - exit(1); + exit_cleanup(RERR_SOCKETIO); /* ready to listen */ if (listen(s, 5) == -1) { close(s); - exit(1); + exit_cleanup(RERR_SOCKETIO); } @@ -155,9 +249,20 @@ void start_accept_loop(int port, int (*fn)(int )) if (fd == -1) continue; + signal(SIGCHLD, SIG_IGN); + + /* we shouldn't have any children left hanging around + but I have had reports that on Digital Unix zombies + are produced, so this ensures that they are reaped */ +#ifdef WNOHANG + while (waitpid(-1, NULL, WNOHANG) > 0); +#endif + if (fork()==0) { close(s); + set_nonblocking(fd); + _exit(fn(fd)); } @@ -216,6 +321,8 @@ set user socket options void set_socket_options(int fd, char *options) { char *tok; + if (!options || !*options) return; + options = strdup(options); if (!options) out_of_memory("set_socket_options"); @@ -272,27 +379,30 @@ become a daemon, discarding the controlling terminal ****************************************************************************/ void become_daemon(void) { - if (fork()) + int i; + + if (fork()) { _exit(0); + } /* detach from the terminal */ #ifdef HAVE_SETSID setsid(); #else #ifdef TIOCNOTTY - { - int i = open("/dev/tty", O_RDWR); - if (i >= 0) - { - ioctl(i, (int) TIOCNOTTY, (char *)0); - close(i); - } + i = open("/dev/tty", O_RDWR); + if (i >= 0) { + ioctl(i, (int) TIOCNOTTY, (char *)0); + close(i); } #endif /* TIOCNOTTY */ #endif - close(0); - close(1); - close(2); + /* make sure that stdin, stdout an stderr don't stuff things + up (library functions, for example) */ + for (i=0;i<3;i++) { + close(i); + open("/dev/null", O_RDWR); + } } /******************************************************************* @@ -304,13 +414,17 @@ char *client_addr(int fd) struct sockaddr_in *sockin = (struct sockaddr_in *) (&sa); int length = sizeof(sa); static char addr_buf[100]; + static int initialised; - if (getpeername(fd, &sa, &length)) { - exit(1); - } + if (initialised) return addr_buf; - strlcpy(addr_buf,(char *)inet_ntoa(sockin->sin_addr), sizeof(addr_buf)-1); + initialised = 1; + if (getpeername(fd, &sa, &length)) { + exit_cleanup(RERR_SOCKETIO); + } + + strlcpy(addr_buf,(char *)inet_ntoa(sockin->sin_addr), sizeof(addr_buf)); return addr_buf; } @@ -325,18 +439,43 @@ char *client_name(int fd) int length = sizeof(sa); static char name_buf[100]; struct hostent *hp; + char **p; + char *def = "UNKNOWN"; + static int initialised; + + if (initialised) return name_buf; + + initialised = 1; - strcpy(name_buf,"UNKNOWN"); + strcpy(name_buf,def); if (getpeername(fd, &sa, &length)) { - exit(1); + exit_cleanup(RERR_SOCKETIO); } /* Look up the remote host name. */ if ((hp = gethostbyaddr((char *) &sockin->sin_addr, sizeof(sockin->sin_addr), AF_INET))) { - strlcpy(name_buf,(char *)hp->h_name,sizeof(name_buf) - 1); + strlcpy(name_buf,(char *)hp->h_name,sizeof(name_buf)); + } + + + /* do a forward lookup as well to prevent spoofing */ + hp = gethostbyname(name_buf); + if (!hp) { + strcpy(name_buf,def); + rprintf(FERROR,"reverse name lookup failed\n"); + } else { + for (p=hp->h_addr_list;*p;p++) { + if (memcmp(*p, &sockin->sin_addr, hp->h_length) == 0) { + break; + } + } + if (!*p) { + strcpy(name_buf,def); + rprintf(FERROR,"reverse name lookup mismatch - spoofed address?\n"); + } } return name_buf;