/*- * Copyright (c) 2005 Andrey Simonenko * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "uc_common.h" #ifndef LISTENQ # define LISTENQ 1 #endif #ifndef TIMEOUT # define TIMEOUT 2 #endif #define SYNC_SERVER 0 #define SYNC_CLIENT 1 #define SYNC_RECV 0 #define SYNC_SEND 1 #define LOGMSG_SIZE 128 void uc_output(const char *format, ...) { char buf[LOGMSG_SIZE]; va_list ap; va_start(ap, format); if (vsnprintf(buf, sizeof(buf), format, ap) < 0) err(EXIT_FAILURE, "output: vsnprintf failed"); write(STDOUT_FILENO, buf, strlen(buf)); va_end(ap); } void uc_logmsg(const char *format, ...) { char buf[LOGMSG_SIZE]; va_list ap; int errno_save; errno_save = errno; va_start(ap, format); if (vsnprintf(buf, sizeof(buf), format, ap) < 0) err(EXIT_FAILURE, "logmsg: vsnprintf failed"); if (errno_save == 0) uc_output("%s: %s\n", uc_cfg.proc_name, buf); else uc_output("%s: %s: %s\n", uc_cfg.proc_name, buf, strerror(errno_save)); va_end(ap); errno = errno_save; } void uc_vlogmsgx(const char *format, va_list ap) { char buf[LOGMSG_SIZE]; if (vsnprintf(buf, sizeof(buf), format, ap) < 0) err(EXIT_FAILURE, "uc_logmsgx: vsnprintf failed"); uc_output("%s: %s\n", uc_cfg.proc_name, buf); } void uc_logmsgx(const char *format, ...) { va_list ap; va_start(ap, format); uc_vlogmsgx(format, ap); va_end(ap); } void uc_dbgmsg(const char *format, ...) { va_list ap; if (uc_cfg.debug) { va_start(ap, format); uc_vlogmsgx(format, ap); va_end(ap); } } int uc_socket_create(void) { struct timeval tv; int fd; fd = socket(PF_LOCAL, uc_cfg.sock_type, 0); if (fd < 0) { uc_logmsg("socket_create: socket(PF_LOCAL, %s, 0)", uc_cfg.sock_type_str); return (-1); } if (uc_cfg.server_flag) uc_cfg.serv_sock_fd = fd; tv.tv_sec = TIMEOUT; tv.tv_usec = 0; if (setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)) < 0 || setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv)) < 0) { uc_logmsg("socket_create: setsockopt(SO_RCVTIMEO/SO_SNDTIMEO)"); goto failed; } if (uc_cfg.server_flag) { if (bind(fd, (struct sockaddr *)&uc_cfg.serv_addr_sun, uc_cfg.serv_addr_sun.sun_len) < 0) { uc_logmsg("socket_create: bind(%s)", uc_cfg.serv_addr_sun.sun_path); goto failed; } if (uc_cfg.sock_type == SOCK_STREAM) { int val; if (listen(fd, LISTENQ) < 0) { uc_logmsg("socket_create: listen"); goto failed; } val = fcntl(fd, F_GETFL, 0); if (val < 0) { uc_logmsg("socket_create: fcntl(F_GETFL)"); goto failed; } if (fcntl(fd, F_SETFL, val | O_NONBLOCK) < 0) { uc_logmsg("socket_create: fcntl(F_SETFL)"); goto failed; } } } return (fd); failed: if (close(fd) < 0) uc_logmsg("socket_create: close"); if (uc_cfg.server_flag) if (unlink(uc_cfg.serv_addr_sun.sun_path) < 0) uc_logmsg("socket_close: unlink(%s)", uc_cfg.serv_addr_sun.sun_path); return (-1); } int uc_socket_close(int fd) { int rv; rv = 0; if (close(fd) < 0) { uc_logmsg("socket_close: close"); rv = -1; } if (uc_cfg.server_flag && fd == uc_cfg.serv_sock_fd) if (unlink(uc_cfg.serv_addr_sun.sun_path) < 0) { uc_logmsg("socket_close: unlink(%s)", uc_cfg.serv_addr_sun.sun_path); rv = -1; } return (rv); } int uc_socket_connect(int fd) { uc_dbgmsg("connect"); if (connect(fd, (struct sockaddr *)&uc_cfg.serv_addr_sun, uc_cfg.serv_addr_sun.sun_len) < 0) { uc_logmsg("socket_connect: connect(%s)", uc_cfg.serv_addr_sun.sun_path); return (-1); } return (0); } int uc_sync_recv(void) { ssize_t ssize; int fd; char buf; uc_dbgmsg("sync: wait"); fd = uc_cfg.sync_fd[uc_cfg.server_flag ? SYNC_SERVER : SYNC_CLIENT][SYNC_RECV]; ssize = read(fd, &buf, 1); if (ssize < 0) { uc_logmsg("sync_recv: read"); return (-1); } if (ssize < 1) { uc_logmsgx("sync_recv: read %zd of 1 byte", ssize); return (-1); } uc_dbgmsg("sync: received"); return (0); } int uc_sync_send(void) { ssize_t ssize; int fd; uc_dbgmsg("sync: send"); fd = uc_cfg.sync_fd[uc_cfg.server_flag ? SYNC_CLIENT : SYNC_SERVER][SYNC_SEND]; ssize = write(fd, "", 1); if (ssize < 0) { uc_logmsg("uc_sync_send: write"); return (-1); } if (ssize < 1) { uc_logmsgx("uc_sync_send: sent %zd of 1 byte", ssize); return (-1); } return (0); } int uc_message_send(int fd, const struct msghdr *msghdr) { const struct cmsghdr *cmsghdr; size_t size; ssize_t ssize; size = msghdr->msg_iov != 0 ? msghdr->msg_iov->iov_len : 0; uc_dbgmsg("send: data size %zu", size); uc_dbgmsg("send: msghdr.msg_controllen %u", (u_int)msghdr->msg_controllen); cmsghdr = CMSG_FIRSTHDR(msghdr); if (cmsghdr != NULL) uc_dbgmsg("send: cmsghdr.cmsg_len %u", (u_int)cmsghdr->cmsg_len); ssize = sendmsg(fd, msghdr, 0); if (ssize < 0) { uc_logmsg("message_send: sendmsg"); return (-1); } if ((size_t)ssize != size) { uc_logmsgx("message_send: sendmsg: sent %zd of %zu bytes", ssize, size); return (-1); } if (!uc_cfg.send_data_flag) if (uc_sync_send() < 0) return (-1); return (0); } int uc_message_sendn(int fd, struct msghdr *msghdr) { u_int i; for (i = 1; i <= uc_cfg.ipc_msg.msg_num; ++i) { uc_dbgmsg("message #%u", i); if (uc_message_send(fd, msghdr) < 0) return (-1); } return (0); } int uc_message_recv(int fd, struct msghdr *msghdr) { const struct cmsghdr *cmsghdr; size_t size; ssize_t ssize; if (!uc_cfg.send_data_flag) if (uc_sync_recv() < 0) return (-1); size = msghdr->msg_iov != NULL ? msghdr->msg_iov->iov_len : 0; ssize = recvmsg(fd, msghdr, MSG_WAITALL); if (ssize < 0) { uc_logmsg("message_recv: recvmsg"); return (-1); } if ((size_t)ssize != size) { uc_logmsgx("message_recv: recvmsg: received %zd of %zu bytes", ssize, size); return (-1); } uc_dbgmsg("recv: data size %zd", ssize); uc_dbgmsg("recv: msghdr.msg_controllen %u", (u_int)msghdr->msg_controllen); cmsghdr = CMSG_FIRSTHDR(msghdr); if (cmsghdr != NULL) uc_dbgmsg("recv: cmsghdr.cmsg_len %u", (u_int)cmsghdr->cmsg_len); if (memcmp(uc_cfg.ipc_msg.buf_recv, uc_cfg.ipc_msg.buf_send, size) != 0) { uc_logmsgx("message_recv: received message has wrong content"); return (-1); } return (0); } int uc_socket_accept(int listenfd) { fd_set rset; struct timeval tv; int fd, rv, val; uc_dbgmsg("accept"); FD_ZERO(&rset); FD_SET(listenfd, &rset); tv.tv_sec = TIMEOUT; tv.tv_usec = 0; rv = select(listenfd + 1, &rset, (fd_set *)NULL, (fd_set *)NULL, &tv); if (rv < 0) { uc_logmsg("socket_accept: select"); return (-1); } if (rv == 0) { uc_logmsgx("socket_accept: select timeout"); return (-1); } fd = accept(listenfd, (struct sockaddr *)NULL, (socklen_t *)NULL); if (fd < 0) { uc_logmsg("socket_accept: accept"); return (-1); } val = fcntl(fd, F_GETFL, 0); if (val < 0) { uc_logmsg("socket_accept: fcntl(F_GETFL)"); goto failed; } if (fcntl(fd, F_SETFL, val & ~O_NONBLOCK) < 0) { uc_logmsg("socket_accept: fcntl(F_SETFL)"); goto failed; } return (fd); failed: if (close(fd) < 0) uc_logmsg("socket_accept: close"); return (-1); } int uc_check_msghdr(const struct msghdr *msghdr, size_t size) { if (msghdr->msg_flags & MSG_TRUNC) { uc_logmsgx("msghdr.msg_flags has MSG_TRUNC"); return (-1); } if (msghdr->msg_flags & MSG_CTRUNC) { uc_logmsgx("msghdr.msg_flags has MSG_CTRUNC"); return (-1); } if (msghdr->msg_controllen < size) { uc_logmsgx("msghdr.msg_controllen %u < %zu", (u_int)msghdr->msg_controllen, size); return (-1); } if (msghdr->msg_controllen > 0 && size == 0) { uc_logmsgx("msghdr.msg_controllen %u > 0", (u_int)msghdr->msg_controllen); return (-1); } return (0); } int uc_check_cmsghdr(const struct cmsghdr *cmsghdr, int type, size_t size) { if (cmsghdr == NULL) { uc_logmsgx("cmsghdr is NULL"); return (-1); } if (cmsghdr->cmsg_level != SOL_SOCKET) { uc_logmsgx("cmsghdr.cmsg_level %d != SOL_SOCKET", cmsghdr->cmsg_level); return (-1); } if (cmsghdr->cmsg_type != type) { uc_logmsgx("cmsghdr.cmsg_type %d != %d", cmsghdr->cmsg_type, type); return (-1); } if (cmsghdr->cmsg_len != CMSG_LEN(size)) { uc_logmsgx("cmsghdr.cmsg_len %u != %zu", (u_int)cmsghdr->cmsg_len, CMSG_LEN(size)); return (-1); } return (0); } static void uc_msghdr_init_generic(struct msghdr *msghdr, struct iovec *iov, void *cmsg_data) { msghdr->msg_name = NULL; msghdr->msg_namelen = 0; if (uc_cfg.send_data_flag) { iov->iov_base = uc_cfg.server_flag ? uc_cfg.ipc_msg.buf_recv : uc_cfg.ipc_msg.buf_send; iov->iov_len = uc_cfg.ipc_msg.buf_size; msghdr->msg_iov = iov; msghdr->msg_iovlen = 1; } else { msghdr->msg_iov = NULL; msghdr->msg_iovlen = 0; } msghdr->msg_control = cmsg_data; msghdr->msg_flags = 0; } void uc_msghdr_init_server(struct msghdr *msghdr, struct iovec *iov, void *cmsg_data, size_t cmsg_size) { uc_msghdr_init_generic(msghdr, iov, cmsg_data); msghdr->msg_controllen = cmsg_size; uc_dbgmsg("init: data size %zu", msghdr->msg_iov != NULL ? msghdr->msg_iov->iov_len : (size_t)0); uc_dbgmsg("init: msghdr.msg_controllen %u", (u_int)msghdr->msg_controllen); } void uc_msghdr_init_client(struct msghdr *msghdr, struct iovec *iov, void *cmsg_data, size_t cmsg_size, int type, size_t arr_size) { struct cmsghdr *cmsghdr; uc_msghdr_init_generic(msghdr, iov, cmsg_data); if (cmsg_data != NULL) { if (uc_cfg.send_array_flag) uc_dbgmsg("sending an array"); else uc_dbgmsg("sending a scalar"); msghdr->msg_controllen = uc_cfg.send_array_flag ? cmsg_size : CMSG_SPACE(0); cmsghdr = CMSG_FIRSTHDR(msghdr); cmsghdr->cmsg_level = SOL_SOCKET; cmsghdr->cmsg_type = type; cmsghdr->cmsg_len = CMSG_LEN(uc_cfg.send_array_flag ? arr_size : 0); } else msghdr->msg_controllen = 0; } int uc_client_fork(void) { int fd1, fd2; if (pipe(uc_cfg.sync_fd[SYNC_SERVER]) < 0 || pipe(uc_cfg.sync_fd[SYNC_CLIENT]) < 0) { uc_logmsg("client_fork: pipe"); return (-1); } uc_cfg.client_pid = fork(); if (uc_cfg.client_pid == (pid_t)-1) { uc_logmsg("client_fork: fork"); return (-1); } if (uc_cfg.client_pid == 0) { uc_cfg.proc_name = "CLIENT"; uc_cfg.server_flag = false; fd1 = uc_cfg.sync_fd[SYNC_SERVER][SYNC_RECV]; fd2 = uc_cfg.sync_fd[SYNC_CLIENT][SYNC_SEND]; } else { fd1 = uc_cfg.sync_fd[SYNC_SERVER][SYNC_SEND]; fd2 = uc_cfg.sync_fd[SYNC_CLIENT][SYNC_RECV]; } if (close(fd1) < 0 || close(fd2) < 0) { uc_logmsg("client_fork: close"); return (-1); } return (uc_cfg.client_pid != 0); } void uc_client_exit(int rv) { if (close(uc_cfg.sync_fd[SYNC_SERVER][SYNC_SEND]) < 0 || close(uc_cfg.sync_fd[SYNC_CLIENT][SYNC_RECV]) < 0) { uc_logmsg("client_exit: close"); rv = -1; } rv = rv == 0 ? EXIT_SUCCESS : -rv; uc_dbgmsg("exit: code %d", rv); _exit(rv); } int uc_client_wait(void) { int status; pid_t pid; uc_dbgmsg("waiting for client"); if (close(uc_cfg.sync_fd[SYNC_SERVER][SYNC_RECV]) < 0 || close(uc_cfg.sync_fd[SYNC_CLIENT][SYNC_SEND]) < 0) { uc_logmsg("client_wait: close"); return (-1); } pid = waitpid(uc_cfg.client_pid, &status, 0); if (pid == (pid_t)-1) { uc_logmsg("client_wait: waitpid"); return (-1); } if (WIFEXITED(status)) { if (WEXITSTATUS(status) != EXIT_SUCCESS) { uc_logmsgx("client exit status is %d", WEXITSTATUS(status)); return (-WEXITSTATUS(status)); } } else { if (WIFSIGNALED(status)) uc_logmsgx("abnormal termination of client, signal %d%s", WTERMSIG(status), WCOREDUMP(status) ? " (core file generated)" : ""); else uc_logmsgx("termination of client, unknown status"); return (-1); } return (0); } int uc_check_groups(const char *gid_arr_str, const gid_t *gid_arr, const char *gid_num_str, int gid_num, bool all_gids) { int i; for (i = 0; i < gid_num; ++i) uc_dbgmsg("%s[%d] %lu", gid_arr_str, i, (u_long)gid_arr[i]); if (all_gids) { if (gid_num != uc_cfg.proc_cred.gid_num) { uc_logmsgx("%s %d != %d", gid_num_str, gid_num, uc_cfg.proc_cred.gid_num); return (-1); } } else { if (gid_num > uc_cfg.proc_cred.gid_num) { uc_logmsgx("%s %d > %d", gid_num_str, gid_num, uc_cfg.proc_cred.gid_num); return (-1); } } if (memcmp(gid_arr, uc_cfg.proc_cred.gid_arr, gid_num * sizeof(*gid_arr)) != 0) { uc_logmsgx("%s content is wrong", gid_arr_str); for (i = 0; i < gid_num; ++i) if (gid_arr[i] != uc_cfg.proc_cred.gid_arr[i]) { uc_logmsgx("%s[%d] %lu != %lu", gid_arr_str, i, (u_long)gid_arr[i], (u_long)uc_cfg.proc_cred.gid_arr[i]); break; } return (-1); } return (0); } int uc_check_scm_creds_cmsgcred(struct cmsghdr *cmsghdr) { const struct cmsgcred *cmcred; int rc; if (uc_check_cmsghdr(cmsghdr, SCM_CREDS, sizeof(struct cmsgcred)) < 0) return (-1); cmcred = (struct cmsgcred *)CMSG_DATA(cmsghdr); uc_dbgmsg("cmsgcred.cmcred_pid %ld", (long)cmcred->cmcred_pid); uc_dbgmsg("cmsgcred.cmcred_uid %lu", (u_long)cmcred->cmcred_uid); uc_dbgmsg("cmsgcred.cmcred_euid %lu", (u_long)cmcred->cmcred_euid); uc_dbgmsg("cmsgcred.cmcred_gid %lu", (u_long)cmcred->cmcred_gid); uc_dbgmsg("cmsgcred.cmcred_ngroups %d", cmcred->cmcred_ngroups); rc = 0; if (cmcred->cmcred_pid != uc_cfg.client_pid) { uc_logmsgx("cmsgcred.cmcred_pid %ld != %ld", (long)cmcred->cmcred_pid, (long)uc_cfg.client_pid); rc = -1; } if (cmcred->cmcred_uid != uc_cfg.proc_cred.uid) { uc_logmsgx("cmsgcred.cmcred_uid %lu != %lu", (u_long)cmcred->cmcred_uid, (u_long)uc_cfg.proc_cred.uid); rc = -1; } if (cmcred->cmcred_euid != uc_cfg.proc_cred.euid) { uc_logmsgx("cmsgcred.cmcred_euid %lu != %lu", (u_long)cmcred->cmcred_euid, (u_long)uc_cfg.proc_cred.euid); rc = -1; } if (cmcred->cmcred_gid != uc_cfg.proc_cred.gid) { uc_logmsgx("cmsgcred.cmcred_gid %lu != %lu", (u_long)cmcred->cmcred_gid, (u_long)uc_cfg.proc_cred.gid); rc = -1; } if (cmcred->cmcred_ngroups == 0) { uc_logmsgx("cmsgcred.cmcred_ngroups == 0"); rc = -1; } if (cmcred->cmcred_ngroups < 0) { uc_logmsgx("cmsgcred.cmcred_ngroups %d < 0", cmcred->cmcred_ngroups); rc = -1; } if (cmcred->cmcred_ngroups > CMGROUP_MAX) { uc_logmsgx("cmsgcred.cmcred_ngroups %d > %d", cmcred->cmcred_ngroups, CMGROUP_MAX); rc = -1; } if (cmcred->cmcred_groups[0] != uc_cfg.proc_cred.egid) { uc_logmsgx("cmsgcred.cmcred_groups[0] %lu != %lu (EGID)", (u_long)cmcred->cmcred_groups[0], (u_long)uc_cfg.proc_cred.egid); rc = -1; } if (uc_check_groups("cmsgcred.cmcred_groups", cmcred->cmcred_groups, "cmsgcred.cmcred_ngroups", cmcred->cmcred_ngroups, false) < 0) rc = -1; return (rc); } int uc_check_scm_creds_sockcred(struct cmsghdr *cmsghdr) { const struct sockcred *sc; int rc; if (uc_check_cmsghdr(cmsghdr, SCM_CREDS, SOCKCREDSIZE(uc_cfg.proc_cred.gid_num)) < 0) return (-1); sc = (struct sockcred *)CMSG_DATA(cmsghdr); rc = 0; uc_dbgmsg("sockcred.sc_uid %lu", (u_long)sc->sc_uid); uc_dbgmsg("sockcred.sc_euid %lu", (u_long)sc->sc_euid); uc_dbgmsg("sockcred.sc_gid %lu", (u_long)sc->sc_gid); uc_dbgmsg("sockcred.sc_egid %lu", (u_long)sc->sc_egid); uc_dbgmsg("sockcred.sc_ngroups %d", sc->sc_ngroups); if (sc->sc_uid != uc_cfg.proc_cred.uid) { uc_logmsgx("sockcred.sc_uid %lu != %lu", (u_long)sc->sc_uid, (u_long)uc_cfg.proc_cred.uid); rc = -1; } if (sc->sc_euid != uc_cfg.proc_cred.euid) { uc_logmsgx("sockcred.sc_euid %lu != %lu", (u_long)sc->sc_euid, (u_long)uc_cfg.proc_cred.euid); rc = -1; } if (sc->sc_gid != uc_cfg.proc_cred.gid) { uc_logmsgx("sockcred.sc_gid %lu != %lu", (u_long)sc->sc_gid, (u_long)uc_cfg.proc_cred.gid); rc = -1; } if (sc->sc_egid != uc_cfg.proc_cred.egid) { uc_logmsgx("sockcred.sc_egid %lu != %lu", (u_long)sc->sc_egid, (u_long)uc_cfg.proc_cred.egid); rc = -1; } if (sc->sc_ngroups == 0) { uc_logmsgx("sockcred.sc_ngroups == 0"); rc = -1; } if (sc->sc_ngroups < 0) { uc_logmsgx("sockcred.sc_ngroups %d < 0", sc->sc_ngroups); rc = -1; } if (sc->sc_ngroups != uc_cfg.proc_cred.gid_num) { uc_logmsgx("sockcred.sc_ngroups %d != %u", sc->sc_ngroups, uc_cfg.proc_cred.gid_num); rc = -1; } if (uc_check_groups("sockcred.sc_groups", sc->sc_groups, "sockcred.sc_ngroups", sc->sc_ngroups, true) < 0) rc = -1; return (rc); }