/**
The main client function of the GSSAPI plugin.
*/
static int gssapi_auth_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql)
{
int packet_len;
unsigned char *packet;
char spn[PRINCIPAL_NAME_MAX + 1];
char mech[MECH_NAME_MAX + 1];
/* read from server for service principal name */
packet_len= vio->read_packet(vio, &packet);
if (packet_len < 0)
{
return CR_ERROR;
}
parse_server_packet((char *)packet, (size_t)packet_len, spn, mech);
return auth_client(spn, mech, mysql, vio);
}
void cmd_user(t_message *msg, t_client *client)
{
if (msg == NULL || client == NULL)
return;
if (get_nb_params(msg->params) != 4)
{
dprintf(client->client, ERR_NEEDMOREPARAMS, S_NAME, S_ADDR, \
client->nick, "USER");
return;
}
if (client->isAuth >= 3 || client->isAuth == 1)
{
dprintf(client->client, ERR_ALREADYREGISTRED, S_NAME, S_ADDR, \
client->nick);
return;
}
strcpy(client->user, msg->params[0]);
strcpy(client->rname, msg->params[3]);
if (client->isAuth == 0)
client->isAuth = 1;
else if (client->isAuth == 2)
auth_client(client);
check_op(client);
}
void
check_socket(int num)
/* check for new connection, command, connection closed */
{
int fd = -1, avoid_fd = -1, addr_len = sizeof(struct sockaddr_un);
struct sockaddr_un client_addr;
long int buf_int[SOCKET_MSG_LEN];
int read_len = 0;
struct fcrondyn_cl *client = NULL, *prev_client = NULL;
if ( num <= 0 )
/* no socket to check : go directly to the end of that function */
goto final_settings;
debug("Checking socket ...");
if ( FD_ISSET(listen_fd, &read_set) ) {
debug("got new connection ...");
if ((fd = accept(listen_fd, (struct sockaddr *)&client_addr, &addr_len)) == -1) {
error_e("could not accept new connection : isset(listen_fd = %d) = %d",
listen_fd, FD_ISSET(listen_fd, &read_set));
}
else {
fcntl(fd, F_SETFD, 1);
/* set fd to O_NONBLOCK : we do not want fcron to be stopped on error, etc */
if (fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) | O_NONBLOCK) == -1) {
error_e("Could not set fd attribute O_NONBLOCK : connection rejected.");
shutdown(fd, SHUT_RDWR);
close(fd);
}
else {
Alloc(client, fcrondyn_cl);
client->fcl_sock_fd = fd;
/* means : not authenticated yet : */
client->fcl_user = NULL;
client->fcl_cmd = NULL;
/* include new entry in client list */
client->fcl_next = fcrondyn_cl_base;
fcrondyn_cl_base = client;
client->fcl_idle_since = now;
/* to avoid trying to read from it in this call */
avoid_fd = fd;
FD_SET(fd, &master_set);
if ( fd > set_max_fd )
set_max_fd = fd;
fcrondyn_cl_num += 1;
debug("Added connection fd : %d - %d connections", fd, fcrondyn_cl_num);
}
}
}
client = fcrondyn_cl_base;
while ( client != NULL ) {
if (! FD_ISSET(client->fcl_sock_fd, &read_set) || client->fcl_sock_fd==avoid_fd){
/* check if the connection has not been idle for too long ... */
if (client->fcl_user==NULL && now - client->fcl_idle_since > MAX_AUTH_TIME ){
warn("Connection with no auth for more than %ds : closing it.",
MAX_AUTH_TIME);
remove_connection(&client, prev_client);
}
else if ( now - client->fcl_idle_since > MAX_IDLE_TIME ) {
warn("Connection of %s is idle for more than %ds : closing it.",
client->fcl_user, MAX_IDLE_TIME);
remove_connection(&client, prev_client);
}
else {
/* nothing to do on this one ... check the next one */
prev_client = client;
client = client->fcl_next;
}
continue;
}
if ( (read_len = recv(client->fcl_sock_fd, buf_int, sizeof(buf_int), 0)) <= 0 ) {
if (read_len == 0) {
/* connection closed by client */
remove_connection(&client, prev_client);
}
else {
error_e("error recv() from sock fd %d", client->fcl_sock_fd);
prev_client = client;
client = client->fcl_next;
}
}
else {
client->fcl_cmd_len = read_len;
client->fcl_cmd = buf_int;
if ( client->fcl_user == NULL )
/* not authenticated yet */
auth_client(client);
else {
/* we've just read a command ... */
client->fcl_idle_since = now;
exe_cmd(client);
}
prev_client = client;
client = client->fcl_next;
}
}
final_settings:
/* copy master_set in read_set, because read_set is modified by select() */
read_set = master_set;
}
/*
int cshit3(struct conn_info * sci, int fx) {
int cnt = 0, cnt2=0;
int nnl = sci->resend_buf.frames.rel_head;
int nnf = sci->resend_buf.free_frames.rel_head;
while(nnl > -1) {
cnt++;
nnl = sci->resend_buf.frames_buf[nnl].rel_next;
}
while(nnf > -1) {
cnt++;
nnf = sci->resend_buf.frames_buf[nnf].rel_next;
}
vtun_syslog(LOG_INFO, "%d count l: %d f: %d", fx, cnt, cnt2);
return 0;
}
*/
void client(struct vtun_host *host)
{
struct sockaddr_in my_addr,svr_addr;
struct sigaction sa;
int s, opt, reconnect, sss, len;
int shm_new = 0;
struct sockaddr_un remote;
vtun_syslog(LOG_INFO,"vtrunkd client ver %s %s started",VTUN_VER, BUILD_DATE);
memset(&sa,0,sizeof(sa));
sa.sa_handler=SIG_IGN;
sa.sa_flags = SA_NOCLDWAIT;
sigaction(SIGHUP,&sa,NULL);
sigaction(SIGQUIT,&sa,NULL);
sigaction(SIGPIPE,&sa,NULL);
sigaction(SIGCHLD,&sa,NULL);
sa.sa_handler=sig_term;
sigaction(SIGTERM,&sa,NULL);
sigaction(SIGINT,&sa,NULL);
// now init everything...
int shmid;
key_t key;
struct conn_info *shm_conn_info;
struct timeval cur_time;
/*
* We'll name our shared memory segment
* "5678".
*/
key = SHM_TUN_KEY;
/*
* First, try to open shm
*/
if ((shmid = shmget(key, sizeof(struct conn_info), 0666)) < 0) {
/*
* Create the segment.
*/
vtun_syslog(LOG_INFO,"client: init new shm...");
if ((shmid = shmget(key, sizeof(struct conn_info), IPC_CREAT | 0666)) < 0) {
vtun_syslog(LOG_ERR,"shmget 2 size %d", sizeof(struct conn_info));
exit(1);
}
shm_new = 1;
} else {
vtun_syslog(LOG_INFO,"client: reusing shm...");
shm_new = 0;
}
/*
* Now we attach the segment to our data space.
*/
if ((shm_conn_info = shmat(shmid, NULL, 0)) == (struct conn_info *) -1) {
vtun_syslog(LOG_ERR,"shmat 2");
exit(1);
}
//cshit3(&shm_conn_info[0], 36);
// now try to connect to socket if shm_new ==0
if(!shm_new) {
if ((sss = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
vtun_syslog(LOG_ERR, "socket 44");
exit(1);
}
remote.sun_family = AF_UNIX;
strcpy(remote.sun_path, shm_conn_info[0].devname);
len = strlen(remote.sun_path) + sizeof(remote.sun_family);
if ( (shm_conn_info->rdy) && (connect(sss, (struct sockaddr *)&remote, len) == -1)) {
vtun_syslog(LOG_INFO, "SHM ready but socket not open! Assuming we're only process running;");
shm_new = 1; // could not connect; assume we're new!
} else {
vtun_syslog(LOG_INFO, "Socket connected OK seems all OK");
}
close(sss);
}
if(shm_new) {
vtun_syslog(LOG_INFO, "client doing memset");
memset(shm_conn_info, 0, sizeof(struct conn_info));
}
//cshit3(&shm_conn_info[0], 37);
client_term = 0; reconnect = 0;
while( (!client_term) || (client_term == VTUN_SIG_HUP) ){
if( reconnect && (client_term != VTUN_SIG_HUP) ){
if( vtun.persist || host->persist ){
/* Persist mode. Sleep and reconnect. */
sleep(5);
} else {
/* Exit */
break;
}
} else {
reconnect = 1;
}
set_title("%s init initializing", host->host);
/* Set server address */
if( server_addr(&svr_addr, host) < 0 )
continue;
/* Set local address */
if( local_addr(&my_addr, host, 0) < 0 )
continue;
/* We have to create socket again every time
* we want to connect, since STREAM sockets
* can be successfully connected only once.
*/
if( (s = socket(AF_INET,SOCK_STREAM,0))==-1 ){
vtun_syslog(LOG_ERR,"Can't create socket. %s(%d)",
strerror(errno), errno);
continue;
}
//cshit3(&shm_conn_info[0], 38);
/* Required when client is forced to bind to specific port */
opt=1;
setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
#ifndef W_O_SO_MARK
if(host->RT_MARK != -1) {
if (setsockopt(s, SOL_SOCKET, SO_MARK, &host->RT_MARK, sizeof(host->RT_MARK))) {
vtun_syslog(LOG_ERR,"client socket rt mark error %s(%d)",
strerror(errno), errno);
break;
}
}
#endif
if( bind(s,(struct sockaddr *)&my_addr,sizeof(my_addr)) ){
vtun_syslog(LOG_ERR,"Can't bind socket. %s(%d)",
strerror(errno), errno);
continue;
}
/*
* Clear speed and flags which will be supplied by server.
*/
host->spd_in = host->spd_out = 0;
host->flags &= VTUN_CLNT_MASK;
io_init();
set_title("%s connecting to %s", host->host, vtun.svr_name);
vtun_syslog(LOG_INFO,"Connecting to %s", vtun.svr_name);
if( connect_t(s,(struct sockaddr *) &svr_addr, host->timeout) ){
vtun_syslog(LOG_INFO,"Connect to %s failed. %s(%d)", vtun.svr_name,
strerror(errno), errno);
} else {
if( auth_client(s, host) ){
vtun_syslog(LOG_INFO,"Session %s[%s] opened",host->host,vtun.svr_name);
host->rmt_fd = s;
//cshit3(&shm_conn_info[0], 39);
/* Start the tunnel */
client_term = tunnel(host, 0);
gettimeofday(&cur_time, NULL);
shm_conn_info->alive = cur_time.tv_sec; // show we are alive and trying to reconnect still.. (or fd_server will quit)
vtun_syslog(LOG_INFO,"Session %s[%s] closed",host->host,vtun.svr_name);
} else {
vtun_syslog(LOG_INFO,"Connection denied by %s",vtun.svr_name);
}
}
close(s);
free_sopt(&host->sopt);
}
vtun_syslog(LOG_INFO, "Exit");
return;
}
int start_socket_client(char *host, char *path, int argc, char *argv[])
{
int fd, i;
char *sargs[MAX_ARGS];
int sargc=0;
char line[MAXPATHLEN];
char *p, *user=NULL;
extern int remote_version;
extern int am_sender;
if (*path == '/') {
rprintf(FERROR,"ERROR: The remote path must start with a module name\n");
return -1;
}
p = strchr(host, '@');
if (p) {
user = host;
host = p+1;
*p = 0;
}
if (!user) user = getenv("USER");
if (!user) user = getenv("LOGNAME");
fd = open_socket_out(host, rsync_port);
if (fd == -1) {
exit_cleanup(RERR_SOCKETIO);
}
server_options(sargs,&sargc);
sargs[sargc++] = ".";
if (path && *path)
sargs[sargc++] = path;
sargs[sargc] = NULL;
io_printf(fd,"@RSYNCD: %d\n", PROTOCOL_VERSION);
if (!read_line(fd, line, sizeof(line)-1)) {
return -1;
}
if (sscanf(line,"@RSYNCD: %d", &remote_version) != 1) {
return -1;
}
p = strchr(path,'/');
if (p) *p = 0;
io_printf(fd,"%s\n",path);
if (p) *p = '/';
while (1) {
if (!read_line(fd, line, sizeof(line)-1)) {
return -1;
}
if (strncmp(line,"@RSYNCD: AUTHREQD ",18) == 0) {
auth_client(fd, user, line+18);
continue;
}
if (strcmp(line,"@RSYNCD: OK") == 0) break;
rprintf(FINFO,"%s\n", line);
}
for (i=0;i<sargc;i++) {
io_printf(fd,"%s\n", sargs[i]);
}
io_printf(fd,"\n");
if (remote_version > 17 && !am_sender)
io_start_multiplex_in(fd);
return client_run(fd, fd, -1, argc, argv);
}
void client(struct vtun_host *host)
{
struct sockaddr_in my_addr,svr_addr;
struct sigaction sa;
int s, opt, reconnect;
vtun_syslog(LOG_INFO,"VTun client ver %s started",VTUN_VER);
memset(&sa,0,sizeof(sa));
sa.sa_handler=SIG_IGN;
sa.sa_flags = SA_NOCLDWAIT;
sigaction(SIGHUP,&sa,NULL);
sigaction(SIGQUIT,&sa,NULL);
sigaction(SIGPIPE,&sa,NULL);
sigaction(SIGCHLD,&sa,NULL);
sa.sa_handler=sig_term;
sigaction(SIGTERM,&sa,NULL);
sigaction(SIGINT,&sa,NULL);
client_term = 0; reconnect = 0;
while( (!client_term) || (client_term == VTUN_SIG_HUP) ){
if( reconnect && (client_term != VTUN_SIG_HUP) ){
if( vtun.persist || host->persist ){
/* Persist mode. Sleep and reconnect. */
sleep(5);
} else {
/* Exit */
break;
}
} else {
reconnect = 1;
}
set_title("%s init initializing", host->host);
/* Set server address */
if( server_addr(&svr_addr, host) < 0 )
continue;
/* Set local address */
if( local_addr(&my_addr, host, 0) < 0 )
continue;
/* We have to create socket again every time
* we want to connect, since STREAM sockets
* can be successfully connected only once.
*/
if( (s = socket(AF_INET,SOCK_STREAM,0))==-1 ){
vtun_syslog(LOG_ERR,"Can't create socket. %s(%d)",
strerror(errno), errno);
continue;
}
/* Required when client is forced to bind to specific port */
opt=1;
setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
if( bind(s,(struct sockaddr *)&my_addr,sizeof(my_addr)) ){
vtun_syslog(LOG_ERR,"Can't bind socket. %s(%d)",
strerror(errno), errno);
continue;
}
/*
* Clear speed and flags which will be supplied by server.
*/
host->spd_in = host->spd_out = 0;
host->flags &= VTUN_CLNT_MASK;
io_init();
set_title("%s connecting to %s", host->host, vtun.svr_name);
if (!vtun.quiet)
vtun_syslog(LOG_INFO,"Connecting to %s", vtun.svr_name);
if( connect_t(s,(struct sockaddr *) &svr_addr, host->timeout) ){
if (!vtun.quiet || errno != ETIMEDOUT)
vtun_syslog(LOG_INFO,"Connect to %s failed. %s(%d)", vtun.svr_name,
strerror(errno), errno);
} else {
if( auth_client(s, host) ){
vtun_syslog(LOG_INFO,"Session %s[%s] opened",host->host,vtun.svr_name);
host->rmt_fd = s;
/* Start the tunnel */
client_term = tunnel(host);
vtun_syslog(LOG_INFO,"Session %s[%s] closed",host->host,vtun.svr_name);
} else {
vtun_syslog(LOG_INFO,"Connection denied by %s",vtun.svr_name);
}
}
close(s);
free_sopt(&host->sopt);
}
vtun_syslog(LOG_INFO, "Exit");
return;
}
int start_TCP_socket(int port)
{ int result = 0;
int pid;
int socket_fd;
struct sockaddr_in server_address;
socklen_t client_addr_len;
int buff_size = 255;
//Open socket here
socket_fd = socket(AF_INET, SOCK_STREAM, 0);
if (socket_fd < 0)
{
printf("Error in creating socket");
log_server("Error in creating socket");
} else
{
//Declare socket address
//First, clear structure
memset((char *)&server_address, 0, sizeof(server_address));
//Assign value to server address
server_address.sin_family = AF_INET;
server_address.sin_port = htons(port);
server_address.sin_addr.s_addr = htonl(INADDR_ANY);
// socket binding
if (bind(socket_fd, (struct sockaddr *)&server_address, sizeof(server_address)) >= 0)
{
//Create a struct to store peer address:
struct sockaddr_in peer_addr;
memset((char *)&peer_addr, 0, sizeof(peer_addr));
socklen_t peer_addr_len = sizeof(peer_addr);
listen(socket_fd, 5);
//Allocate space for the buffer server is about to receive
struct tcpquery * buffer = malloc(sizeof(struct tcpquery));
struct tcpquery * buffer2 = malloc(sizeof(struct tcpquery));
while (breaking_signal)
{
//Accept connection
int new_sock = accept(socket_fd, (struct sockaddr *) &peer_addr, &peer_addr_len );
sprintf(ip, "Client IP %s", inet_ntoa(peer_addr.sin_addr));
sprintf(log_c, "New connection accpeted from IP %s\n", ip);
log_server(log_c);
if (new_sock == -1)
{
exit(1);
}
pid = fork();
if (pid < 0)
{
perror("Erro creating new process\n");
sprintf(log_c, "Erro creating new process\n");
log_server(log_c);
}
else if (pid == 0)
{
for (;;) {
//Receiving connection request from client.This is an username send for verification
int n = recv(new_sock, buffer, sizeof(*buffer), 0 );
if (n < 0)
{
perror("Data receiving from socket failed. Exit.\n");
sprintf(log_c, "%s :Data receiving from socket failed. Exit.\n", ip);
log_server(log_c);
exit(1);
} else if (n == 0)
{
printf("Connection closed\n");
sprintf(log_c, "%s :Connection closed\n", ip);
log_server(log_c);
break;
}
struct tcpquery incoming = deserialization_tcp(buffer);
//Free allocated buffer received
//free(buffer);
if (verify_tcp_packet(&incoming) == 1)
{
int password = getpassword(incoming.command);
if (password != 0)
{
if (randomtokenhandling(new_sock) < 0)
{
perror("Socket writing error.\n");
sprintf(log_c, "%s :Socket writing error.\n", ip);
log_server(log_c);
exit(1);
}
int n = recv(new_sock, buffer2, sizeof(*buffer2), 0);
if (n < 0)
{
perror("Data receiving from socket failed. Exit.\n");
sprintf(log_c, "%s :Data receiving from socket failed. Exit.\n", ip);
log_server(log_c);
exit(1);
} else if (n == 0)
{
printf("Connection closed\n");
sprintf(log_c, "%s :Connection closed\n", ip);
log_server(log_c);
break;
}
if (generateH2value(new_sock, password, R))
{
if (H_value_compare(buffer2) == 1)
{
printf("Authentication completed. Success...\n");
sprintf(log_c, "%s :Authentication completed. Success...\n", ip);
log_server(log_c);
auth_client(new_sock, 1);
breaking_signal = 0;
result = 1;
start_UDP(H2, port);
break;
}
else
{
printf("Authentication Failed\n");
sprintf(log_c, "%s :Authentication failed\n",ip);
log_server(log_c);
auth_client(new_sock, 0);
//break;
}
} else {
printf("Cannot generate authetication token\n");
sprintf(log_c, "%s :Cannot generate authetication token\n", ip);
log_server(log_c);
break;
}
} else
{
//User not found. Reject connection.
printf("User not found. Rejected...\n");
sprintf(log_c, "%s :User not found. Rejected...\n", ip);
log_server(log_c);
rejectconnection(new_sock);
break;
}
} else
{
printf("Packet received did not follow defined protocol. Rejected. \n");
sprintf(log_c, "%s :Packet received did not follow defined protocol. Rejected.\n", ip);
log_server(log_c);
break;
}
}
//Child process suicides here
exit(0);
}
close(new_sock);
}
close(socket_fd);
free(buffer);
free(buffer2);
}
}
return result;
}
