1 /* $NetBSD: bl.c,v 1.28 2016/07/29 17:13:09 christos Exp $ */ 2 3 /*- 4 * Copyright (c) 2014 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Christos Zoulas. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 #ifdef HAVE_CONFIG_H 32 #include "config.h" 33 #endif 34 35 #include <sys/cdefs.h> 36 __RCSID("$NetBSD: bl.c,v 1.28 2016/07/29 17:13:09 christos Exp $"); 37 38 #include <sys/param.h> 39 #include <sys/types.h> 40 #include <sys/socket.h> 41 #include <sys/stat.h> 42 #include <sys/un.h> 43 44 #include <stdio.h> 45 #include <string.h> 46 #include <syslog.h> 47 #include <signal.h> 48 #include <fcntl.h> 49 #include <stdlib.h> 50 #include <unistd.h> 51 #include <stdint.h> 52 #include <stdbool.h> 53 #include <errno.h> 54 #include <stdarg.h> 55 #include <netinet/in.h> 56 #ifdef _REENTRANT 57 #include <pthread.h> 58 #endif 59 60 #include "bl.h" 61 62 typedef struct { 63 uint32_t bl_len; 64 uint32_t bl_version; 65 uint32_t bl_type; 66 uint32_t bl_salen; 67 struct sockaddr_storage bl_ss; 68 char bl_data[]; 69 } bl_message_t; 70 71 struct blacklist { 72 #ifdef _REENTRANT 73 pthread_mutex_t b_mutex; 74 # define BL_INIT(b) pthread_mutex_init(&b->b_mutex, NULL) 75 # define BL_LOCK(b) pthread_mutex_lock(&b->b_mutex) 76 # define BL_UNLOCK(b) pthread_mutex_unlock(&b->b_mutex) 77 #else 78 # define BL_INIT(b) do {} while(/*CONSTCOND*/0) 79 # define BL_LOCK(b) BL_INIT(b) 80 # define BL_UNLOCK(b) BL_INIT(b) 81 #endif 82 int b_fd; 83 int b_connected; 84 struct sockaddr_un b_sun; 85 void (*b_fun)(int, const char *, va_list); 86 bl_info_t b_info; 87 }; 88 89 #define BL_VERSION 1 90 91 bool bl_isconnected(bl_t b)92 bl_isconnected(bl_t b) 93 { 94 return b->b_connected == 0; 95 } 96 97 int bl_getfd(bl_t b)98 bl_getfd(bl_t b) 99 { 100 return b->b_fd; 101 } 102 103 static void bl_reset(bl_t b,bool locked)104 bl_reset(bl_t b, bool locked) 105 { 106 int serrno = errno; 107 if (!locked) 108 BL_LOCK(b); 109 close(b->b_fd); 110 errno = serrno; 111 b->b_fd = -1; 112 b->b_connected = -1; 113 if (!locked) 114 BL_UNLOCK(b); 115 } 116 117 static void bl_log(void (* fun)(int,const char *,va_list),int level,const char * fmt,...)118 bl_log(void (*fun)(int, const char *, va_list), int level, 119 const char *fmt, ...) 120 { 121 va_list ap; 122 int serrno = errno; 123 124 va_start(ap, fmt); 125 (*fun)(level, fmt, ap); 126 va_end(ap); 127 errno = serrno; 128 } 129 130 static int bl_init(bl_t b,bool srv)131 bl_init(bl_t b, bool srv) 132 { 133 static int one = 1; 134 /* AF_UNIX address of local logger */ 135 mode_t om; 136 int rv, serrno; 137 struct sockaddr_un *sun = &b->b_sun; 138 139 #ifndef SOCK_NONBLOCK 140 #define SOCK_NONBLOCK 0 141 #endif 142 #ifndef SOCK_CLOEXEC 143 #define SOCK_CLOEXEC 0 144 #endif 145 #ifndef SOCK_NOSIGPIPE 146 #define SOCK_NOSIGPIPE 0 147 #endif 148 149 BL_LOCK(b); 150 151 if (b->b_fd == -1) { 152 b->b_fd = socket(PF_LOCAL, 153 SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK|SOCK_NOSIGPIPE, 0); 154 if (b->b_fd == -1) { 155 bl_log(b->b_fun, LOG_ERR, "%s: socket failed (%s)", 156 __func__, strerror(errno)); 157 BL_UNLOCK(b); 158 return -1; 159 } 160 #if SOCK_CLOEXEC == 0 161 fcntl(b->b_fd, F_SETFD, FD_CLOEXEC); 162 #endif 163 #if SOCK_NONBLOCK == 0 164 fcntl(b->b_fd, F_SETFL, fcntl(b->b_fd, F_GETFL) | O_NONBLOCK); 165 #endif 166 #if SOCK_NOSIGPIPE == 0 167 #ifdef SO_NOSIGPIPE 168 int o = 1; 169 setsockopt(b->b_fd, SOL_SOCKET, SO_NOSIGPIPE, &o, sizeof(o)); 170 #else 171 signal(SIGPIPE, SIG_IGN); 172 #endif 173 #endif 174 } 175 176 if (bl_isconnected(b)) { 177 BL_UNLOCK(b); 178 return 0; 179 } 180 181 /* 182 * We try to connect anyway even when we are a server to verify 183 * that no other server is listening to the socket. If we succeed 184 * to connect and we are a server, someone else owns it. 185 */ 186 rv = connect(b->b_fd, (const void *)sun, (socklen_t)sizeof(*sun)); 187 if (rv == 0) { 188 if (srv) { 189 bl_log(b->b_fun, LOG_ERR, 190 "%s: another daemon is handling `%s'", 191 __func__, sun->sun_path); 192 goto out; 193 } 194 } else { 195 if (!srv) { 196 /* 197 * If the daemon is not running, we just try a 198 * connect, so leave the socket alone until it does 199 * and only log once. 200 */ 201 if (b->b_connected != 1) { 202 bl_log(b->b_fun, LOG_DEBUG, 203 "%s: connect failed for `%s' (%s)", 204 __func__, sun->sun_path, strerror(errno)); 205 b->b_connected = 1; 206 } 207 BL_UNLOCK(b); 208 return -1; 209 } 210 bl_log(b->b_fun, LOG_DEBUG, "Connected to blacklist server", 211 __func__); 212 } 213 214 if (srv) { 215 (void)unlink(sun->sun_path); 216 om = umask(0); 217 rv = bind(b->b_fd, (const void *)sun, (socklen_t)sizeof(*sun)); 218 serrno = errno; 219 (void)umask(om); 220 errno = serrno; 221 if (rv == -1) { 222 bl_log(b->b_fun, LOG_ERR, 223 "%s: bind failed for `%s' (%s)", 224 __func__, sun->sun_path, strerror(errno)); 225 goto out; 226 } 227 } 228 229 b->b_connected = 0; 230 #define GOT_FD 1 231 #if defined(LOCAL_CREDS) 232 #define CRED_LEVEL 0 233 #define CRED_NAME LOCAL_CREDS 234 #define CRED_SC_UID sc_euid 235 #define CRED_SC_GID sc_egid 236 #define CRED_MESSAGE SCM_CREDS 237 #define CRED_SIZE SOCKCREDSIZE(NGROUPS_MAX) 238 #define CRED_TYPE struct sockcred 239 #define GOT_CRED 2 240 #elif defined(SO_PASSCRED) 241 #define CRED_LEVEL SOL_SOCKET 242 #define CRED_NAME SO_PASSCRED 243 #define CRED_SC_UID uid 244 #define CRED_SC_GID gid 245 #define CRED_MESSAGE SCM_CREDENTIALS 246 #define CRED_SIZE sizeof(struct ucred) 247 #define CRED_TYPE struct ucred 248 #define GOT_CRED 2 249 #else 250 #define GOT_CRED 0 251 /* 252 * getpeereid() and LOCAL_PEERCRED don't help here 253 * because we are not a stream socket! 254 */ 255 #define CRED_SIZE 0 256 #define CRED_TYPE void * __unused 257 #endif 258 259 #ifdef CRED_LEVEL 260 if (setsockopt(b->b_fd, CRED_LEVEL, CRED_NAME, 261 &one, (socklen_t)sizeof(one)) == -1) { 262 bl_log(b->b_fun, LOG_ERR, "%s: setsockopt %s " 263 "failed (%s)", __func__, __STRING(CRED_NAME), 264 strerror(errno)); 265 goto out; 266 } 267 #endif 268 269 BL_UNLOCK(b); 270 return 0; 271 out: 272 bl_reset(b, true); 273 BL_UNLOCK(b); 274 return -1; 275 } 276 277 bl_t bl_create(bool srv,const char * path,void (* fun)(int,const char *,va_list))278 bl_create(bool srv, const char *path, void (*fun)(int, const char *, va_list)) 279 { 280 bl_t b = calloc(1, sizeof(*b)); 281 if (b == NULL) 282 goto out; 283 b->b_fun = fun == NULL ? vsyslog : fun; 284 b->b_fd = -1; 285 b->b_connected = -1; 286 BL_INIT(b); 287 288 memset(&b->b_sun, 0, sizeof(b->b_sun)); 289 b->b_sun.sun_family = AF_LOCAL; 290 #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN 291 b->b_sun.sun_len = sizeof(b->b_sun); 292 #endif 293 strlcpy(b->b_sun.sun_path, 294 path ? path : _PATH_BLSOCK, sizeof(b->b_sun.sun_path)); 295 296 bl_init(b, srv); 297 return b; 298 out: 299 free(b); 300 bl_log(fun, LOG_ERR, "%s: malloc failed (%s)", __func__, 301 strerror(errno)); 302 return NULL; 303 } 304 305 void bl_destroy(bl_t b)306 bl_destroy(bl_t b) 307 { 308 bl_reset(b, false); 309 free(b); 310 } 311 312 static int bl_getsock(bl_t b,struct sockaddr_storage * ss,const struct sockaddr * sa,socklen_t slen,const char * ctx)313 bl_getsock(bl_t b, struct sockaddr_storage *ss, const struct sockaddr *sa, 314 socklen_t slen, const char *ctx) 315 { 316 uint8_t family; 317 318 memset(ss, 0, sizeof(*ss)); 319 320 switch (slen) { 321 case 0: 322 return 0; 323 case sizeof(struct sockaddr_in): 324 family = AF_INET; 325 break; 326 case sizeof(struct sockaddr_in6): 327 family = AF_INET6; 328 break; 329 default: 330 bl_log(b->b_fun, LOG_ERR, "%s: invalid socket len %u (%s)", 331 __func__, (unsigned)slen, ctx); 332 errno = EINVAL; 333 return -1; 334 } 335 336 memcpy(ss, sa, slen); 337 338 if (ss->ss_family != family) { 339 bl_log(b->b_fun, LOG_INFO, 340 "%s: correcting socket family %d to %d (%s)", 341 __func__, ss->ss_family, family, ctx); 342 ss->ss_family = family; 343 } 344 345 #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN 346 if (ss->ss_len != slen) { 347 bl_log(b->b_fun, LOG_INFO, 348 "%s: correcting socket len %u to %u (%s)", 349 __func__, ss->ss_len, (unsigned)slen, ctx); 350 ss->ss_len = (uint8_t)slen; 351 } 352 #endif 353 return 0; 354 } 355 356 int bl_send(bl_t b,bl_type_t e,int pfd,const struct sockaddr * sa,socklen_t slen,const char * ctx)357 bl_send(bl_t b, bl_type_t e, int pfd, const struct sockaddr *sa, 358 socklen_t slen, const char *ctx) 359 { 360 struct msghdr msg; 361 struct iovec iov; 362 union { 363 char ctrl[CMSG_SPACE(sizeof(int))]; 364 uint32_t fd; 365 } ua; 366 struct cmsghdr *cmsg; 367 union { 368 bl_message_t bl; 369 char buf[512]; 370 } ub; 371 size_t ctxlen, tried; 372 #define NTRIES 5 373 374 ctxlen = strlen(ctx); 375 if (ctxlen > 128) 376 ctxlen = 128; 377 378 iov.iov_base = ub.buf; 379 iov.iov_len = sizeof(bl_message_t) + ctxlen; 380 ub.bl.bl_len = (uint32_t)iov.iov_len; 381 ub.bl.bl_version = BL_VERSION; 382 ub.bl.bl_type = (uint32_t)e; 383 384 if (bl_getsock(b, &ub.bl.bl_ss, sa, slen, ctx) == -1) 385 return -1; 386 387 388 ub.bl.bl_salen = slen; 389 memcpy(ub.bl.bl_data, ctx, ctxlen); 390 391 msg.msg_name = NULL; 392 msg.msg_namelen = 0; 393 msg.msg_iov = &iov; 394 msg.msg_iovlen = 1; 395 msg.msg_flags = 0; 396 397 msg.msg_control = ua.ctrl; 398 msg.msg_controllen = sizeof(ua.ctrl); 399 400 cmsg = CMSG_FIRSTHDR(&msg); 401 cmsg->cmsg_len = CMSG_LEN(sizeof(int)); 402 cmsg->cmsg_level = SOL_SOCKET; 403 cmsg->cmsg_type = SCM_RIGHTS; 404 405 memcpy(CMSG_DATA(cmsg), &pfd, sizeof(pfd)); 406 407 tried = 0; 408 again: 409 if (bl_init(b, false) == -1) 410 return -1; 411 412 if ((sendmsg(b->b_fd, &msg, 0) == -1) && tried++ < NTRIES) { 413 bl_reset(b, false); 414 goto again; 415 } 416 return tried >= NTRIES ? -1 : 0; 417 } 418 419 bl_info_t * bl_recv(bl_t b)420 bl_recv(bl_t b) 421 { 422 struct msghdr msg; 423 struct iovec iov; 424 union { 425 char ctrl[CMSG_SPACE(sizeof(int)) + CMSG_SPACE(CRED_SIZE)]; 426 uint32_t fd; 427 CRED_TYPE sc; 428 } ua; 429 struct cmsghdr *cmsg; 430 CRED_TYPE *sc; 431 union { 432 bl_message_t bl; 433 char buf[512]; 434 } ub; 435 int got; 436 ssize_t rlen; 437 size_t rem; 438 bl_info_t *bi = &b->b_info; 439 440 got = 0; 441 memset(bi, 0, sizeof(*bi)); 442 443 iov.iov_base = ub.buf; 444 iov.iov_len = sizeof(ub); 445 446 msg.msg_name = NULL; 447 msg.msg_namelen = 0; 448 msg.msg_iov = &iov; 449 msg.msg_iovlen = 1; 450 msg.msg_flags = 0; 451 452 msg.msg_control = ua.ctrl; 453 msg.msg_controllen = sizeof(ua.ctrl) + 100; 454 455 rlen = recvmsg(b->b_fd, &msg, 0); 456 if (rlen == -1) { 457 bl_log(b->b_fun, LOG_ERR, "%s: recvmsg failed (%s)", __func__, 458 strerror(errno)); 459 return NULL; 460 } 461 462 for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) { 463 if (cmsg->cmsg_level != SOL_SOCKET) { 464 bl_log(b->b_fun, LOG_ERR, 465 "%s: unexpected cmsg_level %d", 466 __func__, cmsg->cmsg_level); 467 continue; 468 } 469 switch (cmsg->cmsg_type) { 470 case SCM_RIGHTS: 471 if (cmsg->cmsg_len != CMSG_LEN(sizeof(int))) { 472 bl_log(b->b_fun, LOG_ERR, 473 "%s: unexpected cmsg_len %d != %zu", 474 __func__, cmsg->cmsg_len, 475 CMSG_LEN(2 * sizeof(int))); 476 continue; 477 } 478 memcpy(&bi->bi_fd, CMSG_DATA(cmsg), sizeof(bi->bi_fd)); 479 got |= GOT_FD; 480 break; 481 #ifdef CRED_MESSAGE 482 case CRED_MESSAGE: 483 sc = (void *)CMSG_DATA(cmsg); 484 bi->bi_uid = sc->CRED_SC_UID; 485 bi->bi_gid = sc->CRED_SC_GID; 486 got |= GOT_CRED; 487 break; 488 #endif 489 default: 490 bl_log(b->b_fun, LOG_ERR, 491 "%s: unexpected cmsg_type %d", 492 __func__, cmsg->cmsg_type); 493 continue; 494 } 495 496 } 497 498 if (got != (GOT_CRED|GOT_FD)) { 499 bl_log(b->b_fun, LOG_ERR, "message missing %s %s", 500 #if GOT_CRED != 0 501 (got & GOT_CRED) == 0 ? "cred" : 502 #endif 503 "", (got & GOT_FD) == 0 ? "fd" : ""); 504 return NULL; 505 } 506 507 rem = (size_t)rlen; 508 if (rem < sizeof(ub.bl)) { 509 bl_log(b->b_fun, LOG_ERR, "message too short %zd", rlen); 510 return NULL; 511 } 512 rem -= sizeof(ub.bl); 513 514 if (ub.bl.bl_version != BL_VERSION) { 515 bl_log(b->b_fun, LOG_ERR, "bad version %d", ub.bl.bl_version); 516 return NULL; 517 } 518 519 bi->bi_type = ub.bl.bl_type; 520 bi->bi_slen = ub.bl.bl_salen; 521 bi->bi_ss = ub.bl.bl_ss; 522 #ifndef CRED_MESSAGE 523 bi->bi_uid = -1; 524 bi->bi_gid = -1; 525 #endif 526 rem = MIN(sizeof(bi->bi_msg), rem); 527 if (rem == 0) 528 bi->bi_msg[0] = '\0'; 529 else 530 strlcpy(bi->bi_msg, ub.bl.bl_data, rem); 531 return bi; 532 } 533