static void init_remote(CLI *c) {
/* where to bind connecting socket */
if(c->opt->option.local) /* outgoing interface */
c->bind_addr=&c->opt->source_addr;
#ifndef USE_WIN32
else if(c->opt->option.transparent_src)
c->bind_addr=&c->peer_addr;
#endif
else
c->bind_addr=NULL; /* don't bind */
/* setup c->remote_fd, now */
if(c->opt->option.remote) { /* try remote first for exec+connect targets */
c->remote_fd.fd=connect_remote(c);
} else if(c->opt->option.program) { /* exec+connect uses local fd */
c->remote_fd.fd=connect_local(c);
} else {
s_log(LOG_ERR, "INTERNAL ERROR: No target for remote socket");
longjmp(c->err, 1);
}
c->remote_fd.is_socket=1; /* always! */
s_log(LOG_DEBUG, "Remote socket (FD=%d) initialized", c->remote_fd.fd);
if(set_socket_options(c->remote_fd.fd, 2))
s_log(LOG_WARNING, "Failed to set remote socket options");
}
void client_main(CLI *c) {
s_log(LOG_DEBUG, "Service [%s] started", c->opt->servname);
if(c->opt->option.program && c->opt->option.remote) {
/* exec and connect options specified together
* -> spawn a local program instead of stdio */
for(;;) {
SERVICE_OPTIONS *opt=c->opt;
memset(c, 0, sizeof(CLI)); /* connect_local needs clean c */
c->opt=opt;
if(!setjmp(c->err))
c->local_rfd.fd=c->local_wfd.fd=connect_local(c);
else
break;
client_run(c);
if(!c->opt->option.retry)
break;
sleep(1); /* FIXME: not a good idea in ucontext threading */
str_stats();
if(service_options.next) /* don't str_cleanup in inetd mode */
str_cleanup();
}
} else
client_run(c);
str_free(c);
}
void *client(void *arg) {
CLI *c=arg;
#ifdef DEBUG_STACK_SIZE
stack_info(1); /* initialize */
#endif
log(LOG_DEBUG, "%s started", c->opt->servname);
#ifndef USE_WIN32
if(c->opt->option.remote && c->opt->option.program)
c->local_rfd.fd=c->local_wfd.fd=connect_local(c);
/* connect and exec options specified together */
/* spawn local program instead of stdio */
#endif
c->remote_fd.fd=-1;
c->ssl=NULL;
cleanup(c, do_client(c));
#ifdef USE_FORK
if(!c->opt->option.remote) /* 'exec' specified */
exec_status(); /* null SIGCHLD handler was used */
#else
enter_critical_section(CRIT_CLIENTS); /* for multi-cpu machines */
log(LOG_DEBUG, "%s finished (%d left)", c->opt->servname,
--num_clients);
leave_critical_section(CRIT_CLIENTS);
#endif
free(c);
#ifdef DEBUG_STACK_SIZE
stack_info(0); /* display computed value */
#endif
return NULL;
}
static void reset_sys()
{
char *cmd;
char p_tmp[64];
int fd;
cmd = malloc(MAX_CMD_LEN*sizeof(char));
if(cmd==NULL){
return;
}
sprintf(p_tmp, "$%d=%d", e_TYPE, T_Set);
strcpy(cmd, p_tmp);
sprintf(p_tmp, "&%d=%d", e_reset, 1);
strcat(cmd, p_tmp);
sprintf(cmd, "#");
fd = connect_local(UN_AVSERVER_DOMAIN);
if(fd<0){
printf("reset_sys fail: connect av_server failed.\n");
return;
}
send_local(fd, cmd, MAX_CMD_LEN);
close_local(fd);
return;
}
void *client(void *arg) {
CLI *c=arg;
#ifdef DEBUG_STACK_SIZE
stack_info(1); /* initialize */
#endif
s_log(LOG_DEBUG, "%s started", c->opt->servname);
if(alloc_fd(c->local_rfd.fd))
return NULL;
if(c->local_wfd.fd!=c->local_rfd.fd)
if(alloc_fd(c->local_wfd.fd))
return NULL;
#ifndef USE_WIN32
if(c->opt->option.remote && c->opt->option.program)
c->local_rfd.fd=c->local_wfd.fd=connect_local(c);
/* connect and exec options specified together */
/* spawn local program instead of stdio */
#endif
c->remote_fd.fd=-1;
c->ssl=NULL;
cleanup(c, do_client(c));
#ifdef USE_FORK
if(!c->opt->option.remote) /* 'exec' specified */
child_status(); /* null SIGCHLD handler was used */
#else
enter_critical_section(CRIT_CLIENTS); /* for multi-cpu machines */
s_log(LOG_DEBUG, "%s finished (%d left)", c->opt->servname,
--num_clients);
leave_critical_section(CRIT_CLIENTS);
#endif
free(c);
#ifdef DEBUG_STACK_SIZE
stack_info(0); /* display computed value */
#endif
#ifdef USE_WIN32
_endthread();
#endif
#ifdef USE_UCONTEXT
s_log(LOG_DEBUG, "Context %ld closed", ready_head->id);
s_poll_wait(NULL, 0); /* wait on poll() */
s_log(LOG_ERR, "INTERNAL ERROR: failed to drop context");
#endif
return NULL;
}
void *client(void *arg) {
CLI *c=arg;
#ifdef DEBUG_STACK_SIZE
stack_info(1); /* initialize */
#endif
s_log(LOG_DEBUG, "Service %s started", c->opt->servname);
if(c->opt->option.remote && c->opt->option.program) {
/* connect and exec options specified together */
/* -> spawn a local program instead of stdio */
while((c->local_rfd.fd=c->local_wfd.fd=connect_local(c))>=0) {
run_client(c);
if(!c->opt->option.retry)
break;
sleep(1); /* FIXME: not a good idea in ucontext threading */
str_stats();
str_cleanup();
}
} else
run_client(c);
/* str_free() cannot be used here, because corresponding
calloc() is called from a different thread */
free(c);
#ifdef DEBUG_STACK_SIZE
stack_info(0); /* display computed value */
#endif
#ifdef USE_UCONTEXT
s_log(LOG_DEBUG, "Context %ld closed", ready_head->id);
#endif
str_stats();
str_cleanup();
/* s_log() is not allowed after str_cleanup() */
#if defined(USE_WIN32) && !defined(_WIN32_WCE)
_endthread();
#endif
#ifdef USE_UCONTEXT
s_poll_wait(NULL, 0, 0); /* wait on poll() */
#endif
return NULL;
}
static int init_local(CLI *c) {
SOCKADDR_UNION addr;
socklen_t addrlen;
addrlen=sizeof(SOCKADDR_UNION);
if(getpeername(c->local_rfd.fd, &addr.sa, &addrlen)<0) {
strcpy(c->accepting_address, "NOT A SOCKET");
c->local_rfd.is_socket=0;
c->local_wfd.is_socket=0; /* TODO: It's not always true */
#ifdef USE_WIN32
if(get_last_socket_error()!=ENOTSOCK) {
#else
if(c->opt->option.transparent || get_last_socket_error()!=ENOTSOCK) {
#endif
sockerror("getpeerbyname");
return -1;
}
/* Ignore ENOTSOCK error so 'local' doesn't have to be a socket */
} else { /* success */
/* copy addr to c->peer_addr */
memcpy(&c->peer_addr.addr[0], &addr, sizeof(SOCKADDR_UNION));
c->peer_addr.num=1;
s_ntop(c->accepting_address, &c->peer_addr.addr[0]);
c->local_rfd.is_socket=1;
c->local_wfd.is_socket=1; /* TODO: It's not always true */
/* It's a socket: lets setup options */
if(set_socket_options(c->local_rfd.fd, 1)<0)
return -1;
if(auth_libwrap(c)<0)
return -1;
if(auth_user(c)<0) {
s_log(LOG_WARNING, "Connection from %s REFUSED by IDENT",
c->accepting_address);
return -1;
}
s_log(LOG_NOTICE, "%s connected from %s",
c->opt->servname, c->accepting_address);
}
return 0; /* OK */
}
static int init_remote(CLI *c) {
int fd;
/* create connection to host/service */
if(c->opt->source_addr.num)
memcpy(&c->bind_addr, &c->opt->source_addr, sizeof(SOCKADDR_LIST));
#ifndef USE_WIN32
else if(c->opt->option.transparent)
memcpy(&c->bind_addr, &c->peer_addr, sizeof(SOCKADDR_LIST));
#endif
else {
c->bind_addr.num=0; /* don't bind connecting socket */
}
/* Setup c->remote_fd, now */
if(c->opt->option.remote) {
fd=connect_remote(c);
} else /* NOT in remote mode */
fd=connect_local(c);
if(fd<0) {
s_log(LOG_ERR, "Failed to initialize remote connection");
return -1;
}
#ifndef USE_WIN32
if(fd>=max_fds) {
s_log(LOG_ERR, "Remote file descriptor out of range (%d>=%d)",
fd, max_fds);
closesocket(fd);
return -1;
}
#endif
s_log(LOG_DEBUG, "Remote FD=%d initialized", fd);
c->remote_fd.fd=fd;
c->remote_fd.is_socket=1; /* Always! */
if(set_socket_options(fd, 2)<0)
return -1;
return 0; /* OK */
}
static void init_local(CLI *c) {
SOCKADDR_UNION addr;
socklen_t addrlen;
addrlen=sizeof addr;
if(getpeername(c->local_rfd.fd, &addr.sa, &addrlen)<0) {
strcpy(c->accepted_address, "NOT A SOCKET");
c->local_rfd.is_socket=0;
c->local_wfd.is_socket=0; /* TODO: It's not always true */
#ifdef USE_WIN32
if(get_last_socket_error()!=ENOTSOCK) {
#else
if(c->opt->option.transparent_src || get_last_socket_error()!=ENOTSOCK) {
#endif
sockerror("getpeerbyname");
longjmp(c->err, 1);
}
/* ignore ENOTSOCK error so 'local' doesn't have to be a socket */
} else { /* success */
/* copy addr to c->peer_addr */
memcpy(&c->peer_addr.addr[0], &addr, sizeof addr);
c->peer_addr.num=1;
s_ntop(c->accepted_address, &c->peer_addr.addr[0]);
c->local_rfd.is_socket=1;
c->local_wfd.is_socket=1; /* TODO: It's not always true */
/* it's a socket: lets setup options */
if(set_socket_options(c->local_rfd.fd, 1)<0)
longjmp(c->err, 1);
#ifdef USE_LIBWRAP
libwrap_auth(c);
#endif /* USE_LIBWRAP */
auth_user(c);
s_log(LOG_NOTICE, "Service %s accepted connection from %s",
c->opt->servname, c->accepted_address);
}
}
static void init_remote(CLI *c) {
/* create connection to host/service */
if(c->opt->source_addr.num)
memcpy(&c->bind_addr, &c->opt->source_addr, sizeof(SOCKADDR_LIST));
#ifndef USE_WIN32
else if(c->opt->option.transparent_src)
memcpy(&c->bind_addr, &c->peer_addr, sizeof(SOCKADDR_LIST));
#endif
else {
c->bind_addr.num=0; /* don't bind connecting socket */
}
/* setup c->remote_fd, now */
if(c->opt->option.remote)
c->remote_fd.fd=connect_remote(c);
#ifdef SO_ORIGINAL_DST
else if(c->opt->option.transparent_dst)
c->remote_fd.fd=connect_transparent(c);
#endif /* SO_ORIGINAL_DST */
else /* NOT in remote mode */
c->remote_fd.fd=connect_local(c);
c->remote_fd.is_socket=1; /* always! */
s_log(LOG_DEBUG, "Remote FD=%d initialized", c->remote_fd.fd);
if(set_socket_options(c->remote_fd.fd, 2)<0)
longjmp(c->err, 1);
}
static void init_ssl(CLI *c) {
int i, err;
SSL_SESSION *old_session;
if(!(c->ssl=SSL_new(c->opt->ctx))) {
sslerror("SSL_new");
longjmp(c->err, 1);
}
SSL_set_ex_data(c->ssl, cli_index, c); /* for callbacks */
SSL_set_session_id_context(c->ssl, (unsigned char *)sid_ctx,
strlen(sid_ctx));
if(c->opt->option.client) {
#ifndef OPENSSL_NO_TLSEXT
if(c->opt->host_name) {
s_log(LOG_DEBUG, "SNI: host name: %s", c->opt->host_name);
if(!SSL_set_tlsext_host_name(c->ssl, c->opt->host_name)) {
sslerror("SSL_set_tlsext_host_name");
longjmp(c->err, 1);
}
}
#endif
if(c->opt->session) {
enter_critical_section(CRIT_SESSION);
SSL_set_session(c->ssl, c->opt->session);
leave_critical_section(CRIT_SESSION);
}
SSL_set_fd(c->ssl, c->remote_fd.fd);
SSL_set_connect_state(c->ssl);
} else {
if(c->local_rfd.fd==c->local_wfd.fd)
SSL_set_fd(c->ssl, c->local_rfd.fd);
else {
/* does it make sence to have SSL on STDIN/STDOUT? */
SSL_set_rfd(c->ssl, c->local_rfd.fd);
SSL_set_wfd(c->ssl, c->local_wfd.fd);
}
SSL_set_accept_state(c->ssl);
}
/* setup some values for transfer() function */
if(c->opt->option.client) {
c->sock_rfd=&(c->local_rfd);
c->sock_wfd=&(c->local_wfd);
c->ssl_rfd=c->ssl_wfd=&(c->remote_fd);
} else {
c->sock_rfd=c->sock_wfd=&(c->remote_fd);
c->ssl_rfd=&(c->local_rfd);
c->ssl_wfd=&(c->local_wfd);
}
while(1) {
#if OPENSSL_VERSION_NUMBER<0x1000002f
/* this critical section is a crude workaround for CVE-2010-3864 *
* see http://www.securityfocus.com/bid/44884 for details *
* NOTE: this critical section also covers callbacks (e.g. OCSP) */
enter_critical_section(CRIT_SSL);
#endif /* OpenSSL version < 1.0.0b */
if(c->opt->option.client)
i=SSL_connect(c->ssl);
else
i=SSL_accept(c->ssl);
#if OPENSSL_VERSION_NUMBER<0x1000002f
leave_critical_section(CRIT_SSL);
#endif /* OpenSSL version < 1.0.0b */
err=SSL_get_error(c->ssl, i);
if(err==SSL_ERROR_NONE)
break; /* ok -> done */
if(err==SSL_ERROR_WANT_READ || err==SSL_ERROR_WANT_WRITE) {
s_poll_init(&c->fds);
s_poll_add(&c->fds, c->ssl_rfd->fd,
err==SSL_ERROR_WANT_READ,
err==SSL_ERROR_WANT_WRITE);
switch(s_poll_wait(&c->fds, c->opt->timeout_busy, 0)) {
case -1:
sockerror("init_ssl: s_poll_wait");
longjmp(c->err, 1);
case 0:
s_log(LOG_INFO, "init_ssl: s_poll_wait:"
" TIMEOUTbusy exceeded: sending reset");
longjmp(c->err, 1);
case 1:
break; /* OK */
default:
s_log(LOG_ERR, "init_ssl: s_poll_wait: unknown result");
longjmp(c->err, 1);
}
continue; /* ok -> retry */
}
if(err==SSL_ERROR_SYSCALL) {
switch(get_last_socket_error()) {
case EINTR:
case EAGAIN:
continue;
}
}
if(c->opt->option.client)
sslerror("SSL_connect");
else
sslerror("SSL_accept");
longjmp(c->err, 1);
}
if(SSL_session_reused(c->ssl)) {
s_log(LOG_INFO, "SSL %s: previous session reused",
c->opt->option.client ? "connected" : "accepted");
} else { /* a new session was negotiated */
if(c->opt->option.client) {
s_log(LOG_INFO, "SSL connected: new session negotiated");
enter_critical_section(CRIT_SESSION);
old_session=c->opt->session;
c->opt->session=SSL_get1_session(c->ssl); /* store it */
if(old_session)
SSL_SESSION_free(old_session); /* release the old one */
leave_critical_section(CRIT_SESSION);
} else
s_log(LOG_INFO, "SSL accepted: new session negotiated");
print_cipher(c);
}
}
static int init_local(CLI *c) {
int addrlen;
addrlen=sizeof(c->addr);
if(getpeername(c->local_rfd.fd, (struct sockaddr *)&c->addr, &addrlen)<0) {
strcpy(c->accepting_address, "NOT A SOCKET");
c->local_rfd.is_socket=0;
c->local_wfd.is_socket=0; /* TODO: It's not always true */
#ifdef USE_WIN32
if(get_last_socket_error()!=ENOTSOCK) {
#else
if(c->opt->option.transparent || get_last_socket_error()!=ENOTSOCK) {
#endif
sockerror("getpeerbyname");
return -1;
}
/* Ignore ENOTSOCK error so 'local' doesn't have to be a socket */
} else {
safe_ntoa(c->accepting_address, c->addr.sin_addr);
c->local_rfd.is_socket=1;
c->local_wfd.is_socket=1; /* TODO: It's not always true */
/* It's a socket: lets setup options */
if(set_socket_options(c->local_rfd.fd, 1)<0)
return -1;
if(auth_libwrap(c)<0)
return -1;
if(auth_user(c)<0) {
log(LOG_WARNING, "Connection from %s:%d REFUSED by IDENT",
c->accepting_address, ntohs(c->addr.sin_port));
return -1;
}
log(LOG_NOTICE, "%s connected from %s:%d", c->opt->servname,
c->accepting_address, ntohs(c->addr.sin_port));
}
return 0; /* OK */
}
static int init_remote(CLI *c) {
int fd;
/* create connection to host/service */
if(c->opt->local_ip)
c->bind_ip=*c->opt->local_ip;
#ifndef USE_WIN32
else if(c->opt->option.transparent)
c->bind_ip=c->addr.sin_addr.s_addr;
#endif
else
c->bind_ip=0;
/* Setup c->remote_fd, now */
if(c->opt->option.remote) {
c->resolved_addresses=NULL;
fd=connect_remote(c);
if(c->resolved_addresses) /* allocated */
free(c->resolved_addresses);
} else /* NOT in remote mode */
fd=connect_local(c);
if(fd<0) {
log(LOG_ERR, "Failed to initialize remote connection");
return -1;
}
#ifndef USE_WIN32
if(fd>=max_fds) {
log(LOG_ERR, "Remote file descriptor out of range (%d>=%d)",
fd, max_fds);
closesocket(fd);
return -1;
}
#endif
log(LOG_DEBUG, "Remote FD=%d initialized", fd);
c->remote_fd.fd=fd;
c->remote_fd.is_socket=1; /* Always! */
if(set_socket_options(fd, 2)<0)
return -1;
return 0; /* OK */
}
