void PromiseLoggingFinish(const EvalContext *eval_context)
{
LoggingPrivContext *pctx = LoggingPrivGetContext();
if (pctx == NULL)
{
ProgrammingError("Promise logging: Unable to finish, PromiseLoggingInit was not called before");
}
PromiseLoggingContext *plctx = pctx->param;
if (plctx->eval_context != eval_context)
{
ProgrammingError("Promise logging: Unable to finish, passed EvalContext does not correspond to current one");
}
if (plctx->promise_level > 0)
{
ProgrammingError("Promise logging: Unable to finish, promise is still active");
}
assert(plctx->last_message == NULL);
LoggingPrivSetContext(NULL);
free(plctx);
free(pctx);
}
void PromiseLoggingInit(const EvalContext *eval_context)
{
LoggingPrivContext *pctx = LoggingPrivGetContext();
if (pctx != NULL)
{
ProgrammingError("Promise logging: Still bound to another EvalContext");
}
PromiseLoggingContext *plctx = xcalloc(1, sizeof(PromiseLoggingContext));
plctx->eval_context = eval_context;
pctx = xcalloc(1, sizeof(LoggingPrivContext));
pctx->param = plctx;
pctx->log_hook = &LogHook;
LoggingPrivSetContext(pctx);
}
static void *CFTestD_ServeReport(void *config_arg)
{
CFTestD_Config *config = (CFTestD_Config *) config_arg;
/* Set prefix for all Log()ging: */
LoggingPrivContext *prior = LoggingPrivGetContext();
LoggingPrivContext log_ctx = {
.log_hook = LogAddPrefix,
.param = config->address
};
LoggingPrivSetContext(&log_ctx);
char *priv_key_path = NULL;
char *pub_key_path = NULL;
if (config->key_file != NULL)
{
priv_key_path = config->key_file;
pub_key_path = xstrdup(priv_key_path);
StringReplace(pub_key_path, strlen(pub_key_path) + 1,
"priv", "pub");
}
LoadSecretKeys(priv_key_path, pub_key_path, &(config->priv_key), &(config->pub_key));
free(pub_key_path);
char *report_file = config->report_file;
if (report_file != NULL)
{
Log(LOG_LEVEL_NOTICE, "Got file argument: '%s'", report_file);
if (!FileCanOpen(report_file, "r"))
{
Log(LOG_LEVEL_ERR,
"Can't open file '%s' for reading",
report_file);
exit(EXIT_FAILURE);
}
Writer *contents = FileRead(report_file, SIZE_MAX, NULL);
if (!contents)
{
Log(LOG_LEVEL_ERR, "Error reading report file '%s'", report_file);
exit(EXIT_FAILURE);
}
size_t report_data_len = StringWriterLength(contents);
config->report_data = StringWriterClose(contents);
Seq *report = SeqNew(64, NULL);
size_t report_len = 0;
StringRef ts_ref = StringGetToken(config->report_data, report_data_len, 0, "\n");
char *ts = (char *) ts_ref.data;
*(ts + ts_ref.len) = '\0';
SeqAppend(report, ts);
/* start right after the newline after the timestamp header */
char *position = ts + ts_ref.len + 1;
char *report_line;
size_t report_line_len;
while (CFTestD_GetReportLine(position, &report_line, &report_line_len))
{
*(report_line + report_line_len) = '\0';
SeqAppend(report, report_line);
report_len += report_line_len;
position = report_line + report_line_len + 1; /* there's an extra newline after each report_line */
}
config->report = report;
config->report_len = report_len;
Log(LOG_LEVEL_NOTICE,
"Read %d bytes for report contents",
config->report_len);
if (config->report_len <= 0)
{
Log(LOG_LEVEL_ERR, "Report file contained no bytes");
exit(EXIT_FAILURE);
}
}
Log(LOG_LEVEL_INFO, "Starting server at %s...", config->address);
fflush(stdout); // for debugging startup
config->ret = CFTestD_StartServer(config);
free(config->report_data);
/* we don't really need to do this here because the process is about the
* terminate, but it's a good way the cleanup actually works and doesn't
* cause a segfault or something */
ServerTLSDeInitialize(&(config->priv_key), &(config->pub_key), &(config->ssl_ctx));
LoggingPrivSetContext(prior);
return NULL;
}
static void HandleSignal(int signum)
{
switch (signum)
{
case SIGTERM:
case SIGINT:
// flush all logging before process ends.
fflush(stdout);
fprintf(stderr, "Terminating...\n");
TERMINATE = true;
break;
default:
break;
}
}
/**
* @param ip_str string representation of an IPv4 address (the usual one, with
* 4 octets separated by dots)
* @return a new string representing the incremented IP address (HAS TO BE FREED)
*/
static char *IncrementIPaddress(const char *ip_str)
{
uint32_t ip = (uint32_t) inet_addr(ip_str);
if (ip == INADDR_NONE)
{
Log(LOG_LEVEL_ERR, "Failed to parse address: '%s'", ip_str);
return NULL;
}
int step = 1;
char *last_dot = strrchr(ip_str, '.');
assert(last_dot != NULL); /* the doc comment says there must be dots! */
if (StringSafeEqual(last_dot + 1, "255"))
{
/* avoid the network address (ending with 0) */
step = 2;
}
else if (StringSafeEqual(last_dot + 1, "254"))
{
/* avoid the broadcast address and the network address */
step = 3;
}
uint32_t ip_num = ntohl(ip);
ip_num += step;
ip = htonl(ip_num);
struct in_addr ip_struct;
ip_struct.s_addr = ip;
return xstrdup(inet_ntoa(ip_struct));
}
static void *HandleConnection(ServerConnectionState *conn)
{
int ret;
char output[CF_BUFSIZE];
/* Set logging prefix to be the IP address for all of thread's lifetime. */
/* Should be valid for all lifetime of the thread. Just make sure that
* after calling DeleteConn(), you exit right away. */
LoggingPrivContext log_ctx = {
.log_hook = LogHook,
.param = conn->ipaddr
};
LoggingPrivSetContext(&log_ctx);
if (!ThreadLock(cft_server_children))
{
DeleteConn(conn);
return NULL;
}
ACTIVE_THREADS++;
if (ACTIVE_THREADS >= CFD_MAXPROCESSES)
{
ACTIVE_THREADS--;
if (TRIES++ > MAXTRIES) /* When to say we're hung / apoptosis threshold */
{
Log(LOG_LEVEL_ERR, "Server seems to be paralyzed. DOS attack? Committing apoptosis...");
FatalError(conn->ctx, "Terminating");
}
if (!ThreadUnlock(cft_server_children))
{
}
Log(LOG_LEVEL_ERR, "Too many threads (>=%d) -- increase server maxconnections?", CFD_MAXPROCESSES);
snprintf(output, CF_BUFSIZE, "BAD: Server is currently too busy -- increase maxconnections or splaytime?");
SendTransaction(conn->conn_info, output, 0, CF_DONE);
DeleteConn(conn);
return NULL;
}
else
{
ThreadUnlock(cft_server_children);
}
TRIES = 0; /* As long as there is activity, we're not stuck */
DisableSendDelays(ConnectionInfoSocket(conn->conn_info));
struct timeval tv = {
.tv_sec = CONNTIMEOUT * 20,
};
SetReceiveTimeout(ConnectionInfoSocket(conn->conn_info), &tv);
if (ConnectionInfoConnectionStatus(conn->conn_info) != CF_CONNECTION_ESTABLISHED)
{
/* Decide the protocol used. */
ret = ServerTLSPeek(conn->conn_info);
if (ret == -1)
{
DeleteConn(conn);
return NULL;
}
}
switch (ConnectionInfoProtocolVersion(conn->conn_info))
{
case CF_PROTOCOL_CLASSIC:
{
while (BusyWithClassicConnection(conn->ctx, conn))
{
}
break;
}
case CF_PROTOCOL_TLS:
{
ret = ServerTLSSessionEstablish(conn);
if (ret == -1)
{
DeleteConn(conn);
return NULL;
}
while (BusyWithNewProtocol(conn->ctx, conn))
{
}
break;
}
default:
UnexpectedError("HandleConnection: ProtocolVersion %d!",
ConnectionInfoProtocolVersion(conn->conn_info));
}
Log(LOG_LEVEL_INFO, "Connection closed, terminating thread",
conn->ipaddr);
if (!ThreadLock(cft_server_children))
{
DeleteConn(conn);
return NULL;
}
ACTIVE_THREADS--;
if (!ThreadUnlock(cft_server_children))
{
}
DeleteConn(conn);
return NULL;
}
/***************************************************************/
/* Toolkit/Class: conn */
/***************************************************************/
static ServerConnectionState *NewConn(EvalContext *ctx, ConnectionInfo *info)
{
ServerConnectionState *conn = NULL;
struct sockaddr_storage addr;
socklen_t size = sizeof(addr);
if (getsockname(ConnectionInfoSocket(info), (struct sockaddr *)&addr, &size) == -1)
{
Log(LOG_LEVEL_ERR, "Could not obtain socket address. (getsockname: '%s')", GetErrorStr());
return NULL;
}
conn = xcalloc(1, sizeof(*conn));
conn->ctx = ctx;
conn->conn_info = info;
conn->id_verified = false;
conn->rsa_auth = false;
conn->hostname[0] = '\0';
conn->ipaddr[0] = '\0';
conn->username[0] = '\0';
conn->session_key = NULL;
conn->encryption_type = 'c';
conn->maproot = false; /* Only public files (chmod o+r) accessible */
Log(LOG_LEVEL_DEBUG, "New socket %d", ConnectionInfoSocket(info));
return conn;
}
/***************************************************************/
static void DeleteConn(ServerConnectionState *conn)
{
cf_closesocket(ConnectionInfoSocket(conn->conn_info));
ConnectionInfoDestroy(&conn->conn_info);
free(conn->session_key);
if (conn->ipaddr != NULL)
{
if (!ThreadLock(cft_count))
{
return;
}
DeleteItemMatching(&SV.connectionlist, MapAddress(conn->ipaddr));
if (!ThreadUnlock(cft_count))
{
return;
}
}
*conn = (ServerConnectionState) {0};
free(conn);
}
static void *HandleConnection(void *c)
{
ServerConnectionState *conn = c;
int ret;
/* Set logging prefix to be the IP address for all of thread's lifetime. */
/* This stack-allocated struct should be valid for all the lifetime of the
* thread. Just make sure that after calling DeleteConn() (which frees
* ipaddr), you exit the thread right away. */
LoggingPrivContext log_ctx = {
.log_hook = LogHook,
.param = conn->ipaddr
};
LoggingPrivSetContext(&log_ctx);
Log(LOG_LEVEL_INFO, "Accepting connection");
/* We test if number of active threads is greater than max, if so we deny
connection, if it happened too many times within a short timeframe then we
kill ourself.TODO this test should be done *before* spawning the thread. */
ret = ThreadLock(cft_server_children);
if (!ret)
{
Log(LOG_LEVEL_ERR, "Unable to thread-lock, closing connection!");
goto ret2;
}
else if (ACTIVE_THREADS > CFD_MAXPROCESSES)
{
if (TRIES > MAXTRIES)
{
/* This happens when no thread was freed while we had to drop 5
* (or maxconnections/3) consecutive connections, because none of
* the existing threads finished. */
Log(LOG_LEVEL_CRIT,
"Server seems to be paralyzed. DOS attack? "
"Committing apoptosis...");
ThreadUnlock(cft_server_children);
FatalError(conn->ctx, "Terminating");
}
TRIES++;
Log(LOG_LEVEL_ERR,
"Too many threads (%d > %d), dropping connection! "
"Increase server maxconnections?",
ACTIVE_THREADS, CFD_MAXPROCESSES);
ThreadUnlock(cft_server_children);
goto ret2;
}
ACTIVE_THREADS++;
TRIES = 0;
ThreadUnlock(cft_server_children);
DisableSendDelays(ConnectionInfoSocket(conn->conn_info));
/* 20 times the connect() timeout should be enough to avoid MD5
* computation timeouts on big files on old slow Solaris 8 machines. */
SetReceiveTimeout(ConnectionInfoSocket(conn->conn_info),
CONNTIMEOUT * 20 * 1000);
if (ConnectionInfoConnectionStatus(conn->conn_info) != CF_CONNECTION_ESTABLISHED)
{
/* Decide the protocol used. */
ret = ServerTLSPeek(conn->conn_info);
if (ret == -1)
{
goto ret1;
}
}
ProtocolVersion protocol_version = ConnectionInfoProtocolVersion(conn->conn_info);
if (protocol_version == CF_PROTOCOL_LATEST)
{
ret = ServerTLSSessionEstablish(conn);
if (ret == -1)
{
goto ret1;
}
}
else if (protocol_version < CF_PROTOCOL_LATEST &&
protocol_version > CF_PROTOCOL_UNDEFINED)
{
/* This connection is legacy protocol. Do we allow it? */
if (SV.allowlegacyconnects != NULL && /* By default we do */
!IsMatchItemIn(SV.allowlegacyconnects, conn->ipaddr))
{
Log(LOG_LEVEL_INFO,
"Connection is not using latest protocol, denying");
goto ret1;
}
}
else
{
UnexpectedError("HandleConnection: ProtocolVersion %d!",
ConnectionInfoProtocolVersion(conn->conn_info));
goto ret1;
}
/* ========================= MAIN LOOPS ========================= */
if (protocol_version >= CF_PROTOCOL_TLS)
{
/* New protocol does DNS reverse look up of the connected
* IP address, to check hostname access_rules. */
if (NEED_REVERSE_LOOKUP)
{
ret = getnameinfo((const struct sockaddr *) &conn->conn_info->ss,
conn->conn_info->ss_len,
conn->revdns, sizeof(conn->revdns),
NULL, 0, NI_NAMEREQD);
if (ret != 0)
{
Log(LOG_LEVEL_INFO,
"Reverse lookup failed (getnameinfo: %s)!",
gai_strerror(ret));
}
else
{
Log(LOG_LEVEL_INFO,
"Hostname (reverse looked up): %s",
conn->revdns);
}
}
while (BusyWithNewProtocol(conn->ctx, conn))
{
}
}
else if (protocol_version == CF_PROTOCOL_CLASSIC)
{
while (BusyWithClassicConnection(conn->ctx, conn))
{
}
}
/* ============================================================ */
Log(LOG_LEVEL_INFO, "Connection closed, terminating thread");
ret1:
ThreadLock(cft_server_children);
ACTIVE_THREADS--;
ThreadUnlock(cft_server_children);
ret2:
DeleteConn(conn);
return NULL;
}
/***************************************************************/
/* Toolkit/Class: conn */
/***************************************************************/
static ServerConnectionState *NewConn(EvalContext *ctx, ConnectionInfo *info)
{
ServerConnectionState *conn = NULL;
struct sockaddr_storage addr;
socklen_t size = sizeof(addr);
if (getsockname(ConnectionInfoSocket(info), (struct sockaddr *)&addr, &size) == -1)
{
Log(LOG_LEVEL_ERR, "Could not obtain socket address. (getsockname: '%s')", GetErrorStr());
return NULL;
}
conn = xcalloc(1, sizeof(*conn));
conn->ctx = ctx;
conn->conn_info = info;
conn->user_data_set = false;
conn->rsa_auth = false;
conn->hostname[0] = '\0';
conn->ipaddr[0] = '\0';
conn->username[0] = '\0';
conn->session_key = NULL;
conn->encryption_type = 'c';
conn->maproot = false; /* Only public files (chmod o+r) accessible */
conn->revdns[0] = '\0';
Log(LOG_LEVEL_DEBUG, "New socket %d", ConnectionInfoSocket(info));
return conn;
}
