xref: /freebsd/contrib/blocklist/lib/bl.c (revision 7899f917b1c0ea178f1d2be0cfb452086d079d23) 
1 /*	$NetBSD: bl.c,v 1.28 2016/07/29 17:13:09 christos Exp $	*/
2 
3 /*-
4  * Copyright (c) 2014 The NetBSD Foundation, Inc.
5  * All rights reserved.
6  *
7  * This code is derived from software contributed to The NetBSD Foundation
8  * by Christos Zoulas.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
20  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
21  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
23  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29  * POSSIBILITY OF SUCH DAMAGE.
30  */
31 #ifdef HAVE_CONFIG_H
32 #include "config.h"
33 #endif
34 
35 #include <sys/cdefs.h>
36 __RCSID("$NetBSD: bl.c,v 1.28 2016/07/29 17:13:09 christos Exp $");
37 
38 #include <sys/param.h>
39 #include <sys/types.h>
40 #include <sys/socket.h>
41 #include <sys/stat.h>
42 #include <sys/un.h>
43 
44 #include <stdio.h>
45 #include <string.h>
46 #include <syslog.h>
47 #include <signal.h>
48 #include <fcntl.h>
49 #include <stdlib.h>
50 #include <unistd.h>
51 #include <stdint.h>
52 #include <stdbool.h>
53 #include <errno.h>
54 #include <stdarg.h>
55 #include <netinet/in.h>
56 #ifdef _REENTRANT
57 #include <pthread.h>
58 #endif
59 
60 #include "bl.h"
61 
62 typedef struct {
63 	uint32_t bl_len;
64 	uint32_t bl_version;
65 	uint32_t bl_type;
66 	uint32_t bl_salen;
67 	struct sockaddr_storage bl_ss;
68 	char bl_data[];
69 } bl_message_t;
70 
71 struct blacklist {
72 #ifdef _REENTRANT
73 	pthread_mutex_t b_mutex;
74 # define BL_INIT(b)	pthread_mutex_init(&b->b_mutex, NULL)
75 # define BL_LOCK(b)	pthread_mutex_lock(&b->b_mutex)
76 # define BL_UNLOCK(b)	pthread_mutex_unlock(&b->b_mutex)
77 #else
78 # define BL_INIT(b)	do {} while(/*CONSTCOND*/0)
79 # define BL_LOCK(b)	BL_INIT(b)
80 # define BL_UNLOCK(b)	BL_INIT(b)
81 #endif
82 	int b_fd;
83 	int b_connected;
84 	struct sockaddr_un b_sun;
85 	void (*b_fun)(int, const char *, va_list);
86 	bl_info_t b_info;
87 };
88 
89 #define BL_VERSION	1
90 
91 bool
92 bl_isconnected(bl_t b)
93 {
94 	return b->b_connected == 0;
95 }
96 
97 int
98 bl_getfd(bl_t b)
99 {
100 	return b->b_fd;
101 }
102 
103 static void
104 bl_reset(bl_t b, bool locked)
105 {
106 	int serrno = errno;
107 	if (!locked)
108 		BL_LOCK(b);
109 	close(b->b_fd);
110 	errno = serrno;
111 	b->b_fd = -1;
112 	b->b_connected = -1;
113 	if (!locked)
114 		BL_UNLOCK(b);
115 }
116 
117 static void
118 bl_log(void (*fun)(int, const char *, va_list), int level,
119     const char *fmt, ...)
120 {
121 	va_list ap;
122 	int serrno = errno;
123 
124 	va_start(ap, fmt);
125 	(*fun)(level, fmt, ap);
126 	va_end(ap);
127 	errno = serrno;
128 }
129 
130 static int
131 bl_init(bl_t b, bool srv)
132 {
133 	static int one = 1;
134 	/* AF_UNIX address of local logger */
135 	mode_t om;
136 	int rv, serrno;
137 	struct sockaddr_un *sun = &b->b_sun;
138 
139 #ifndef SOCK_NONBLOCK
140 #define SOCK_NONBLOCK 0
141 #endif
142 #ifndef SOCK_CLOEXEC
143 #define SOCK_CLOEXEC 0
144 #endif
145 #ifndef SOCK_NOSIGPIPE
146 #define SOCK_NOSIGPIPE 0
147 #endif
148 
149 	BL_LOCK(b);
150 
151 	if (b->b_fd == -1) {
152 		b->b_fd = socket(PF_LOCAL,
153 		    SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK|SOCK_NOSIGPIPE, 0);
154 		if (b->b_fd == -1) {
155 			bl_log(b->b_fun, LOG_ERR, "%s: socket failed (%s)",
156 			    __func__, strerror(errno));
157 			BL_UNLOCK(b);
158 			return -1;
159 		}
160 #if SOCK_CLOEXEC == 0
161 		fcntl(b->b_fd, F_SETFD, FD_CLOEXEC);
162 #endif
163 #if SOCK_NONBLOCK == 0
164 		fcntl(b->b_fd, F_SETFL, fcntl(b->b_fd, F_GETFL) | O_NONBLOCK);
165 #endif
166 #if SOCK_NOSIGPIPE == 0
167 #ifdef SO_NOSIGPIPE
168 		int o = 1;
169 		setsockopt(b->b_fd, SOL_SOCKET, SO_NOSIGPIPE, &o, sizeof(o));
170 #else
171 		signal(SIGPIPE, SIG_IGN);
172 #endif
173 #endif
174 	}
175 
176 	if (bl_isconnected(b)) {
177 		BL_UNLOCK(b);
178 		return 0;
179 	}
180 
181 	/*
182 	 * We try to connect anyway even when we are a server to verify
183 	 * that no other server is listening to the socket. If we succeed
184 	 * to connect and we are a server, someone else owns it.
185 	 */
186 	rv = connect(b->b_fd, (const void *)sun, (socklen_t)sizeof(*sun));
187 	if (rv == 0) {
188 		if (srv) {
189 			bl_log(b->b_fun, LOG_ERR,
190 			    "%s: another daemon is handling `%s'",
191 			    __func__, sun->sun_path);
192 			goto out;
193 		}
194 	} else {
195 		if (!srv) {
196 			/*
197 			 * If the daemon is not running, we just try a
198 			 * connect, so leave the socket alone until it does
199 			 * and only log once.
200 			 */
201 			if (b->b_connected != 1) {
202 				bl_log(b->b_fun, LOG_DEBUG,
203 				    "%s: connect failed for `%s' (%s)",
204 				    __func__, sun->sun_path, strerror(errno));
205 				b->b_connected = 1;
206 			}
207 			BL_UNLOCK(b);
208 			return -1;
209 		}
210 		bl_log(b->b_fun, LOG_DEBUG, "Connected to blacklist server",
211 		    __func__);
212 	}
213 
214 	if (srv) {
215 		(void)unlink(sun->sun_path);
216 		om = umask(0);
217 		rv = bind(b->b_fd, (const void *)sun, (socklen_t)sizeof(*sun));
218 		serrno = errno;
219 		(void)umask(om);
220 		errno = serrno;
221 		if (rv == -1) {
222 			bl_log(b->b_fun, LOG_ERR,
223 			    "%s: bind failed for `%s' (%s)",
224 			    __func__, sun->sun_path, strerror(errno));
225 			goto out;
226 		}
227 	}
228 
229 	b->b_connected = 0;
230 #define GOT_FD		1
231 #if defined(LOCAL_CREDS)
232 #define CRED_LEVEL	0
233 #define	CRED_NAME	LOCAL_CREDS
234 #define CRED_SC_UID	sc_euid
235 #define CRED_SC_GID	sc_egid
236 #define CRED_MESSAGE	SCM_CREDS
237 #define CRED_SIZE	SOCKCREDSIZE(NGROUPS_MAX)
238 #define CRED_TYPE	struct sockcred
239 #define GOT_CRED	2
240 #elif defined(SO_PASSCRED)
241 #define CRED_LEVEL	SOL_SOCKET
242 #define	CRED_NAME	SO_PASSCRED
243 #define CRED_SC_UID	uid
244 #define CRED_SC_GID	gid
245 #define CRED_MESSAGE	SCM_CREDENTIALS
246 #define CRED_SIZE	sizeof(struct ucred)
247 #define CRED_TYPE	struct ucred
248 #define GOT_CRED	2
249 #else
250 #define GOT_CRED	0
251 /*
252  * getpeereid() and LOCAL_PEERCRED don't help here
253  * because we are not a stream socket!
254  */
255 #define	CRED_SIZE	0
256 #define CRED_TYPE	void * __unused
257 #endif
258 
259 #ifdef CRED_LEVEL
260 	if (setsockopt(b->b_fd, CRED_LEVEL, CRED_NAME,
261 	    &one, (socklen_t)sizeof(one)) == -1) {
262 		bl_log(b->b_fun, LOG_ERR, "%s: setsockopt %s "
263 		    "failed (%s)", __func__, __STRING(CRED_NAME),
264 		    strerror(errno));
265 		goto out;
266 	}
267 #endif
268 
269 	BL_UNLOCK(b);
270 	return 0;
271 out:
272 	bl_reset(b, true);
273 	BL_UNLOCK(b);
274 	return -1;
275 }
276 
277 bl_t
278 bl_create(bool srv, const char *path, void (*fun)(int, const char *, va_list))
279 {
280 	bl_t b = calloc(1, sizeof(*b));
281 	if (b == NULL)
282 		goto out;
283 	b->b_fun = fun == NULL ? vsyslog : fun;
284 	b->b_fd = -1;
285 	b->b_connected = -1;
286 	BL_INIT(b);
287 
288 	memset(&b->b_sun, 0, sizeof(b->b_sun));
289 	b->b_sun.sun_family = AF_LOCAL;
290 #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
291 	b->b_sun.sun_len = sizeof(b->b_sun);
292 #endif
293 	strlcpy(b->b_sun.sun_path,
294 	    path ? path : _PATH_BLSOCK, sizeof(b->b_sun.sun_path));
295 
296 	bl_init(b, srv);
297 	return b;
298 out:
299 	free(b);
300 	bl_log(fun, LOG_ERR, "%s: malloc failed (%s)", __func__,
301 	    strerror(errno));
302 	return NULL;
303 }
304 
305 void
306 bl_destroy(bl_t b)
307 {
308 	bl_reset(b, false);
309 	free(b);
310 }
311 
312 static int
313 bl_getsock(bl_t b, struct sockaddr_storage *ss, const struct sockaddr *sa,
314     socklen_t slen, const char *ctx)
315 {
316 	uint8_t family;
317 
318 	memset(ss, 0, sizeof(*ss));
319 
320 	switch (slen) {
321 	case 0:
322 		return 0;
323 	case sizeof(struct sockaddr_in):
324 		family = AF_INET;
325 		break;
326 	case sizeof(struct sockaddr_in6):
327 		family = AF_INET6;
328 		break;
329 	default:
330 		bl_log(b->b_fun, LOG_ERR, "%s: invalid socket len %u (%s)",
331 		    __func__, (unsigned)slen, ctx);
332 		errno = EINVAL;
333 		return -1;
334 	}
335 
336 	memcpy(ss, sa, slen);
337 
338 	if (ss->ss_family != family) {
339 		bl_log(b->b_fun, LOG_INFO,
340 		    "%s: correcting socket family %d to %d (%s)",
341 		    __func__, ss->ss_family, family, ctx);
342 		ss->ss_family = family;
343 	}
344 
345 #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
346 	if (ss->ss_len != slen) {
347 		bl_log(b->b_fun, LOG_INFO,
348 		    "%s: correcting socket len %u to %u (%s)",
349 		    __func__, ss->ss_len, (unsigned)slen, ctx);
350 		ss->ss_len = (uint8_t)slen;
351 	}
352 #endif
353 	return 0;
354 }
355 
356 int
357 bl_send(bl_t b, bl_type_t e, int pfd, const struct sockaddr *sa,
358     socklen_t slen, const char *ctx)
359 {
360 	struct msghdr   msg;
361 	struct iovec    iov;
362 	union {
363 		char ctrl[CMSG_SPACE(sizeof(int))];
364 		uint32_t fd;
365 	} ua;
366 	struct cmsghdr *cmsg;
367 	union {
368 		bl_message_t bl;
369 		char buf[512];
370 	} ub;
371 	size_t ctxlen, tried;
372 #define NTRIES	5
373 
374 	ctxlen = strlen(ctx);
375 	if (ctxlen > 128)
376 		ctxlen = 128;
377 
378 	iov.iov_base = ub.buf;
379 	iov.iov_len = sizeof(bl_message_t) + ctxlen;
380 	ub.bl.bl_len = (uint32_t)iov.iov_len;
381 	ub.bl.bl_version = BL_VERSION;
382 	ub.bl.bl_type = (uint32_t)e;
383 
384 	if (bl_getsock(b, &ub.bl.bl_ss, sa, slen, ctx) == -1)
385 		return -1;
386 
387 
388 	ub.bl.bl_salen = slen;
389 	memcpy(ub.bl.bl_data, ctx, ctxlen);
390 
391 	msg.msg_name = NULL;
392 	msg.msg_namelen = 0;
393 	msg.msg_iov = &iov;
394 	msg.msg_iovlen = 1;
395 	msg.msg_flags = 0;
396 
397 	msg.msg_control = ua.ctrl;
398 	msg.msg_controllen = sizeof(ua.ctrl);
399 
400 	cmsg = CMSG_FIRSTHDR(&msg);
401 	cmsg->cmsg_len = CMSG_LEN(sizeof(int));
402 	cmsg->cmsg_level = SOL_SOCKET;
403 	cmsg->cmsg_type = SCM_RIGHTS;
404 
405 	memcpy(CMSG_DATA(cmsg), &pfd, sizeof(pfd));
406 
407 	tried = 0;
408 again:
409 	if (bl_init(b, false) == -1)
410 		return -1;
411 
412 	if ((sendmsg(b->b_fd, &msg, 0) == -1) && tried++ < NTRIES) {
413 		bl_reset(b, false);
414 		goto again;
415 	}
416 	return tried >= NTRIES ? -1 : 0;
417 }
418 
419 bl_info_t *
420 bl_recv(bl_t b)
421 {
422         struct msghdr   msg;
423         struct iovec    iov;
424 	union {
425 		char ctrl[CMSG_SPACE(sizeof(int)) + CMSG_SPACE(CRED_SIZE)];
426 		uint32_t fd;
427 		CRED_TYPE sc;
428 	} ua;
429 	struct cmsghdr *cmsg;
430 	CRED_TYPE *sc;
431 	union {
432 		bl_message_t bl;
433 		char buf[512];
434 	} ub;
435 	int got;
436 	ssize_t rlen;
437 	size_t rem;
438 	bl_info_t *bi = &b->b_info;
439 
440 	got = 0;
441 	memset(bi, 0, sizeof(*bi));
442 
443 	iov.iov_base = ub.buf;
444 	iov.iov_len = sizeof(ub);
445 
446 	msg.msg_name = NULL;
447 	msg.msg_namelen = 0;
448 	msg.msg_iov = &iov;
449 	msg.msg_iovlen = 1;
450 	msg.msg_flags = 0;
451 
452 	msg.msg_control = ua.ctrl;
453 	msg.msg_controllen = sizeof(ua.ctrl) + 100;
454 
455         rlen = recvmsg(b->b_fd, &msg, 0);
456         if (rlen == -1) {
457 		bl_log(b->b_fun, LOG_ERR, "%s: recvmsg failed (%s)", __func__,
458 		    strerror(errno));
459 		return NULL;
460         }
461 
462 	for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
463 		if (cmsg->cmsg_level != SOL_SOCKET) {
464 			bl_log(b->b_fun, LOG_ERR,
465 			    "%s: unexpected cmsg_level %d",
466 			    __func__, cmsg->cmsg_level);
467 			continue;
468 		}
469 		switch (cmsg->cmsg_type) {
470 		case SCM_RIGHTS:
471 			if (cmsg->cmsg_len != CMSG_LEN(sizeof(int))) {
472 				bl_log(b->b_fun, LOG_ERR,
473 				    "%s: unexpected cmsg_len %d != %zu",
474 				    __func__, cmsg->cmsg_len,
475 				    CMSG_LEN(2 * sizeof(int)));
476 				continue;
477 			}
478 			memcpy(&bi->bi_fd, CMSG_DATA(cmsg), sizeof(bi->bi_fd));
479 			got |= GOT_FD;
480 			break;
481 #ifdef CRED_MESSAGE
482 		case CRED_MESSAGE:
483 			sc = (void *)CMSG_DATA(cmsg);
484 			bi->bi_uid = sc->CRED_SC_UID;
485 			bi->bi_gid = sc->CRED_SC_GID;
486 			got |= GOT_CRED;
487 			break;
488 #endif
489 		default:
490 			bl_log(b->b_fun, LOG_ERR,
491 			    "%s: unexpected cmsg_type %d",
492 			    __func__, cmsg->cmsg_type);
493 			continue;
494 		}
495 
496 	}
497 
498 	if (got != (GOT_CRED|GOT_FD)) {
499 		bl_log(b->b_fun, LOG_ERR, "message missing %s %s",
500 #if GOT_CRED != 0
501 		    (got & GOT_CRED) == 0 ? "cred" :
502 #endif
503 		    "", (got & GOT_FD) == 0 ? "fd" : "");
504 		return NULL;
505 	}
506 
507 	rem = (size_t)rlen;
508 	if (rem < sizeof(ub.bl)) {
509 		bl_log(b->b_fun, LOG_ERR, "message too short %zd", rlen);
510 		return NULL;
511 	}
512 	rem -= sizeof(ub.bl);
513 
514 	if (ub.bl.bl_version != BL_VERSION) {
515 		bl_log(b->b_fun, LOG_ERR, "bad version %d", ub.bl.bl_version);
516 		return NULL;
517 	}
518 
519 	bi->bi_type = ub.bl.bl_type;
520 	bi->bi_slen = ub.bl.bl_salen;
521 	bi->bi_ss = ub.bl.bl_ss;
522 #ifndef CRED_MESSAGE
523 	bi->bi_uid = -1;
524 	bi->bi_gid = -1;
525 #endif
526 	rem = MIN(sizeof(bi->bi_msg), rem);
527 	if (rem == 0)
528 		bi->bi_msg[0] = '\0';
529 	else
530 		strlcpy(bi->bi_msg, ub.bl.bl_data, rem);
531 	return bi;
532 }
533