struct chirp_file *chirp_global_open(const char *host, const char *path, INT64_T flags, INT64_T mode, time_t stoptime)
{
if(is_multi_path(host)) {
char mhost[CHIRP_PATH_MAX];
char mpath[CHIRP_PATH_MAX];
parse_multi_path(path, mhost, mpath);
return chirp_multi_open(mhost, mpath, flags, mode, stoptime);
} else if(not_empty(path)) {
return chirp_reli_open(host, path, flags, mode, stoptime);
} else if(not_empty(host)) {
if(server_lookup(host, stoptime)) {
errno = EISDIR;
return 0;
} else {
if(flags & O_CREAT) {
errno = EACCES;
} else {
errno = ENOENT;
}
return 0;
}
} else {
errno = EISDIR;
return 0;
}
}
/*
* This function is invoked when a SIGCLD is received
*/
void child_exit(void)
{
const char *func = "child_exit" ;
for ( ;; ) /* Find all children that exited */
{
int status ;
pid_t pid ;
struct server *serp ;
#ifdef HAVE_WAITPID
pid = waitpid( -1, &status, WNOHANG ) ;
#else
#if defined( sun ) && defined( lint )
pid = wait3( (union wait *)&status, WNOHANG, RUSAGE_NULL ) ;
#else
pid = wait3( &status, WNOHANG, RUSAGE_NULL ) ;
#endif
#endif
if ( debug.on )
#ifdef HAVE_WAITPID
msg( LOG_DEBUG, func, "waitpid returned = %d", pid ) ;
#else
msg( LOG_DEBUG, func, "wait3 returned = %d", pid ) ;
#endif
if ( pid == -1 ) {
if ( errno == EINTR )
continue ;
else
break ;
}
if ( pid == 0 )
break ;
if ( ( serp = server_lookup( pid ) ) != NULL )
{
serp->svr_exit_status = status ;
server_end( serp ) ;
}
else
msg( LOG_NOTICE, func, "unknown child process %d %s", pid,
PROC_STOPPED( status ) ? "stopped" : "died" ) ;
}
}
/*
* Get address client connected to, by doing a DIOCNATLOOK call.
* Uses server_lookup code from ftp-proxy.
*/
void
getcaddr(struct con *cp) {
struct sockaddr_storage spamd_end;
struct sockaddr *sep = (struct sockaddr *) &spamd_end;
struct sockaddr_storage original_destination;
struct sockaddr *odp = (struct sockaddr *) &original_destination;
socklen_t len = sizeof(struct sockaddr_storage);
int error;
cp->caddr[0] = '\0';
if (getsockname(cp->fd, sep, &len) == -1)
return;
if (server_lookup((struct sockaddr *)&cp->ss, sep, odp) != 0)
return;
error = getnameinfo(odp, odp->sa_len, cp->caddr, sizeof(cp->caddr),
NULL, 0, NI_NUMERICHOST);
if (error)
cp->caddr[0] = '\0';
}
INT64_T chirp_global_access(const char *host, const char *path, INT64_T mode, time_t stoptime)
{
if(is_multi_path(host)) {
char mhost[CHIRP_PATH_MAX];
char mpath[CHIRP_PATH_MAX];
parse_multi_path(path, mhost, mpath);
return chirp_multi_access(mhost, mpath, mode, stoptime);
} else if(not_empty(path)) {
return chirp_reli_access(host, path, mode, stoptime);
} else if(not_empty(host)) {
if(server_lookup(host, stoptime)) {
return 0;
} else {
return chirp_reli_access(host, path, mode, stoptime);
}
} else {
return 0;
}
}
INT64_T chirp_global_setxattr(const char *host, const char *path, const char *name, const void *data, size_t size, int flags, time_t stoptime)
{
if(is_multi_path(host)) {
errno = EACCES;
return -1;
} else if(not_empty(path)) {
return chirp_reli_setxattr(host, path, name, data, size, flags, stoptime);
} else if(not_empty(host)) {
if(server_lookup(host, stoptime)) {
errno = EACCES;
return -1;
} else {
errno = ENOENT;
return -1;
}
} else {
errno = EACCES;
return -1;
}
}
INT64_T chirp_global_llistxattr(const char *host, const char *path, char *list, size_t size, time_t stoptime)
{
if(is_multi_path(host)) {
errno = EACCES;
return -1;
} else if(not_empty(path)) {
return chirp_reli_llistxattr(host, path, list, size, stoptime);
} else if(not_empty(host)) {
if(server_lookup(host, stoptime)) {
errno = EACCES;
return -1;
} else {
errno = ENOENT;
return -1;
}
} else {
errno = EACCES;
return -1;
}
}
INT64_T chirp_global_rmall(const char *host, const char *path, time_t stoptime)
{
if(is_multi_path(host)) {
errno = ENOSYS;
return -1;
} else if(not_empty(path)) {
return chirp_reli_rmall(host, path, stoptime);
} else if(not_empty(host)) {
if(server_lookup(host, stoptime)) {
errno = EACCES;
return -1;
} else {
errno = ENOENT;
return -1;
}
} else {
errno = EACCES;
return -1;
}
}
INT64_T chirp_global_utime(const char *host, const char *path, time_t actime, time_t modtime, time_t stoptime)
{
if(is_multi_path(host)) {
char mhost[CHIRP_PATH_MAX];
char mpath[CHIRP_PATH_MAX];
parse_multi_path(path, mhost, mpath);
return chirp_multi_utime(mhost, mpath, actime, modtime, stoptime);
} else if(not_empty(path)) {
return chirp_reli_utime(host, path, actime, modtime, stoptime);
} else if(not_empty(host)) {
if(server_lookup(host, stoptime)) {
errno = EISDIR;
return -1;
} else {
errno = ENOENT;
return -1;
}
} else {
errno = EISDIR;
return -1;
}
}
INT64_T chirp_global_lchown(const char *host, const char *path, INT64_T uid, INT64_T gid, time_t stoptime)
{
if(is_multi_path(host)) {
char mhost[CHIRP_PATH_MAX];
char mpath[CHIRP_PATH_MAX];
parse_multi_path(path, mhost, mpath);
return chirp_multi_lchown(mhost, mpath, uid, gid, stoptime);
} else if(not_empty(path)) {
return chirp_reli_lchown(host, path, uid, gid, stoptime);
} else if(not_empty(host)) {
if(server_lookup(host, stoptime)) {
errno = EACCES;
return -1;
} else {
errno = ENOENT;
return -1;
}
} else {
errno = EACCES;
return -1;
}
}
INT64_T chirp_global_lstat(const char *host, const char *path, struct chirp_stat * buf, time_t stoptime)
{
if(is_multi_path(host)) {
char mhost[CHIRP_PATH_MAX];
char mpath[CHIRP_PATH_MAX];
parse_multi_path(path, mhost, mpath);
return chirp_multi_lstat(mhost, mpath, buf, stoptime);
} else if(not_empty(path)) {
return chirp_reli_lstat(host, path, buf, stoptime);
} else if(not_empty(host)) {
struct jx *j = server_lookup(host, stoptime);
if(j) {
chirp_jx_to_stat(j, buf);
return 0;
} else {
return chirp_reli_lstat(host, "/", buf, stoptime);
}
} else {
chirp_blank_stat(buf);
return 0;
}
}
INT64_T chirp_global_readlink(const char *host, const char *path, char *buf, INT64_T length, time_t stoptime)
{
if(is_multi_path(host)) {
char mhost[CHIRP_PATH_MAX];
char mpath[CHIRP_PATH_MAX];
parse_multi_path(path, mhost, mpath);
return chirp_multi_readlink(mhost, mpath, buf, length, stoptime);
} else if(not_empty(path)) {
return chirp_reli_readlink(host, path, buf, length, stoptime);
} else if(not_empty(host)) {
if(server_lookup(host, stoptime)) {
errno = EINVAL;
return -1;
} else {
errno = ENOENT;
return -1;
}
} else {
errno = EINVAL;
return -1;
}
}
INT64_T chirp_global_putfile_buffer(const char *host, const char *path, const char *buffer, INT64_T mode, INT64_T length, time_t stoptime)
{
if(is_multi_path(host)) {
char mhost[CHIRP_PATH_MAX];
char mpath[CHIRP_PATH_MAX];
parse_multi_path(path, mhost, mpath);
return chirp_multi_putfile_buffer(mhost, mpath, buffer, mode, length, stoptime);
} else if(not_empty(path)) {
return chirp_reli_putfile_buffer(host, path, buffer, mode, length, stoptime);
} else if(not_empty(host)) {
if(server_lookup(host, stoptime)) {
errno = EISDIR;
return -1;
} else {
errno = EACCES;
return -1;
}
} else {
errno = EACCES;
return -1;
}
}
INT64_T chirp_global_getfile(const char *host, const char *path, FILE * stream, time_t stoptime)
{
if(is_multi_path(host)) {
char mhost[CHIRP_PATH_MAX];
char mpath[CHIRP_PATH_MAX];
parse_multi_path(path, mhost, mpath);
return chirp_multi_getfile(mhost, mpath, stream, stoptime);
} else if(not_empty(path)) {
return chirp_reli_getfile(host, path, stream, stoptime);
} else if(not_empty(host)) {
if(server_lookup(host, stoptime)) {
errno = EISDIR;
return -1;
} else {
errno = EACCES;
return -1;
}
} else {
errno = EACCES;
return -1;
}
}
int
main(int argc, char *argv[])
{
int c, fd = 0, on = 1, out_fd = 0, peer, reqsize = 0;
int transwait = DEFTRANSWAIT;
char *p;
struct tftphdr *tp;
struct passwd *pw;
size_t cbuflen;
char *cbuf;
char req[PKTSIZE];
struct cmsghdr *cmsg;
struct msghdr msg;
struct iovec iov;
struct sockaddr_storage from, proxy, server, proxy_to_server, s_in;
struct sockaddr_in sock_out;
socklen_t j;
in_port_t bindport;
openlog(__progname, LOG_PID | LOG_NDELAY, LOG_DAEMON);
while ((c = getopt(argc, argv, "vw:")) != -1)
switch (c) {
case 'v':
verbose++;
break;
case 'w':
transwait = strtoll(optarg, &p, 10);
if (transwait < 1) {
syslog(LOG_ERR, "invalid -w value");
exit(1);
}
break;
default:
usage();
break;
}
/* open /dev/pf */
init_filter(NULL, verbose);
tzset();
pw = getpwnam(NOPRIV_USER);
if (!pw) {
syslog(LOG_ERR, "no such user %s: %m", NOPRIV_USER);
exit(1);
}
if (chroot(CHROOT_DIR) || chdir("/")) {
syslog(LOG_ERR, "chroot %s: %m", CHROOT_DIR);
exit(1);
}
#ifdef __NetBSD__
if (setgroups(1, &pw->pw_gid) ||
setgid(pw->pw_gid) ||
setuid(pw->pw_uid)) {
syslog(LOG_ERR, "can't revoke privs: %m");
exit(1);
}
#else
if (setgroups(1, &pw->pw_gid) ||
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) {
syslog(LOG_ERR, "can't revoke privs: %m");
exit(1);
}
#endif /* !__NetBSD__ */
/* non-blocking io */
if (ioctl(fd, FIONBIO, &on) < 0) {
syslog(LOG_ERR, "ioctl(FIONBIO): %m");
exit(1);
}
if (setsockopt(fd, IPPROTO_IP, IP_RECVDSTADDR, &on, sizeof(on)) == -1) {
syslog(LOG_ERR, "setsockopt(IP_RECVDSTADDR): %m");
exit(1);
}
j = sizeof(s_in);
if (getsockname(fd, (struct sockaddr *)&s_in, &j) == -1) {
syslog(LOG_ERR, "getsockname: %m");
exit(1);
}
bindport = ((struct sockaddr_in *)&s_in)->sin_port;
/* req will be pushed back out at the end, unchanged */
j = sizeof(from);
if ((reqsize = recvfrom(fd, req, sizeof(req), MSG_PEEK,
(struct sockaddr *)&from, &j)) < 0) {
syslog(LOG_ERR, "recvfrom: %m");
exit(1);
}
bzero(&msg, sizeof(msg));
iov.iov_base = req;
iov.iov_len = sizeof(req);
msg.msg_name = &from;
msg.msg_namelen = sizeof(from);
msg.msg_iov = &iov;
msg.msg_iovlen = 1;
cbuflen = CMSG_SPACE(sizeof(struct sockaddr_storage));
if ((cbuf = malloc(cbuflen)) == NULL) {
syslog(LOG_ERR, "malloc: %m");
exit(1);
}
msg.msg_control = cbuf;
msg.msg_controllen = cbuflen;
if (recvmsg(fd, &msg, 0) < 0) {
syslog(LOG_ERR, "recvmsg: %m");
exit(1);
}
close(fd);
close(1);
peer = socket(from.ss_family, SOCK_DGRAM, 0);
if (peer < 0) {
syslog(LOG_ERR, "socket: %m");
exit(1);
}
memset(&s_in, 0, sizeof(s_in));
s_in.ss_family = from.ss_family;
s_in.ss_len = from.ss_len;
/* get local address if possible */
for (cmsg = CMSG_FIRSTHDR(&msg); cmsg != NULL;
cmsg = CMSG_NXTHDR(&msg, cmsg)) {
if (cmsg->cmsg_level == IPPROTO_IP &&
cmsg->cmsg_type == IP_RECVDSTADDR) {
memcpy(&((struct sockaddr_in *)&s_in)->sin_addr,
CMSG_DATA(cmsg), sizeof(struct in_addr));
break;
}
}
if (bind(peer, (struct sockaddr *)&s_in, s_in.ss_len) < 0) {
syslog(LOG_ERR, "bind: %m");
exit(1);
}
if (connect(peer, (struct sockaddr *)&from, from.ss_len) < 0) {
syslog(LOG_ERR, "connect: %m");
exit(1);
}
tp = (struct tftphdr *)req;
if (!(ntohs(tp->th_opcode) == RRQ || ntohs(tp->th_opcode) == WRQ)) {
/* not a tftp request, bail */
if (verbose) {
syslog(LOG_WARNING, "not a valid tftp request");
exit(1);
} else
/* exit 0 so inetd doesn't log anything */
exit(0);
}
j = sizeof(struct sockaddr_storage);
if (getsockname(fd, (struct sockaddr *)&proxy, &j) == -1) {
syslog(LOG_ERR, "getsockname: %m");
exit(1);
}
((struct sockaddr_in *)&proxy)->sin_port = bindport;
/* find the un-rdr'd server and port the client wanted */
if (server_lookup((struct sockaddr *)&from,
(struct sockaddr *)&proxy, (struct sockaddr *)&server,
IPPROTO_UDP) != 0) {
syslog(LOG_ERR, "pf connection lookup failed (no rdr?)");
exit(1);
}
/* establish a new outbound connection to the remote server */
if ((out_fd = socket(((struct sockaddr *)&from)->sa_family,
SOCK_DGRAM, IPPROTO_UDP)) < 0) {
syslog(LOG_ERR, "couldn't create new socket");
exit(1);
}
bzero((char *)&sock_out, sizeof(sock_out));
sock_out.sin_family = from.ss_family;
sock_out.sin_port = htons(pick_proxy_port());
if (bind(out_fd, (struct sockaddr *)&sock_out, sizeof(sock_out)) < 0) {
syslog(LOG_ERR, "couldn't bind to new socket: %m");
exit(1);
}
if (connect(out_fd, (struct sockaddr *)&server,
((struct sockaddr *)&server)->sa_len) < 0 && errno != EINPROGRESS) {
syslog(LOG_ERR, "couldn't connect to remote server: %m");
exit(1);
}
j = sizeof(struct sockaddr_storage);
if ((getsockname(out_fd, (struct sockaddr *)&proxy_to_server,
&j)) < 0) {
syslog(LOG_ERR, "getsockname: %m");
exit(1);
}
if (verbose)
syslog(LOG_INFO, "%s:%d -> %s:%d/%s:%d -> %s:%d \"%s %s\"",
sock_ntop((struct sockaddr *)&from),
ntohs(((struct sockaddr_in *)&from)->sin_port),
sock_ntop((struct sockaddr *)&proxy),
ntohs(((struct sockaddr_in *)&proxy)->sin_port),
sock_ntop((struct sockaddr *)&proxy_to_server),
ntohs(((struct sockaddr_in *)&proxy_to_server)->sin_port),
sock_ntop((struct sockaddr *)&server),
ntohs(((struct sockaddr_in *)&server)->sin_port),
opcode(ntohs(tp->th_opcode)),
tp->th_stuff);
/* get ready to add rdr and pass rules */
if (prepare_commit(1) == -1) {
syslog(LOG_ERR, "couldn't prepare pf commit");
exit(1);
}
/* rdr from server to us on our random port -> client on its port */
if (add_rdr(1, (struct sockaddr *)&server,
(struct sockaddr *)&proxy_to_server, ntohs(sock_out.sin_port),
(struct sockaddr *)&from,
ntohs(((struct sockaddr_in *)&from)->sin_port),
IPPROTO_UDP) == -1) {
syslog(LOG_ERR, "couldn't add rdr");
exit(1);
}
/* explicitly allow the packets to return back to the client (which pf
* will see post-rdr) */
if (add_filter(1, PF_IN, (struct sockaddr *)&server,
(struct sockaddr *)&from,
ntohs(((struct sockaddr_in *)&from)->sin_port),
IPPROTO_UDP) == -1) {
syslog(LOG_ERR, "couldn't add pass in");
exit(1);
}
if (add_filter(1, PF_OUT, (struct sockaddr *)&server,
(struct sockaddr *)&from,
ntohs(((struct sockaddr_in *)&from)->sin_port),
IPPROTO_UDP) == -1) {
syslog(LOG_ERR, "couldn't add pass out");
exit(1);
}
/* and just in case, to pass out from us to the server */
if (add_filter(1, PF_OUT, (struct sockaddr *)&proxy_to_server,
(struct sockaddr *)&server,
ntohs(((struct sockaddr_in *)&server)->sin_port),
IPPROTO_UDP) == -1) {
syslog(LOG_ERR, "couldn't add pass out");
exit(1);
}
if (do_commit() == -1) {
syslog(LOG_ERR, "couldn't commit pf rules");
exit(1);
}
/* forward the initial tftp request and start the insanity */
if (send(out_fd, tp, reqsize, 0) < 0) {
syslog(LOG_ERR, "couldn't forward tftp packet: %m");
exit(1);
}
/* allow the transfer to start to establish a state */
sleep(transwait);
/* delete our rdr rule and clean up */
prepare_commit(1);
do_commit();
return(0);
}
