static void init_remote(CLI *c) { /* where to bind connecting socket */ if(c->opt->option.local) /* outgoing interface */ c->bind_addr=&c->opt->source_addr; #ifndef USE_WIN32 else if(c->opt->option.transparent_src) c->bind_addr=&c->peer_addr; #endif else c->bind_addr=NULL; /* don't bind */ /* setup c->remote_fd, now */ if(c->opt->option.remote) { /* try remote first for exec+connect targets */ c->remote_fd.fd=connect_remote(c); } else if(c->opt->option.program) { /* exec+connect uses local fd */ c->remote_fd.fd=connect_local(c); } else { s_log(LOG_ERR, "INTERNAL ERROR: No target for remote socket"); longjmp(c->err, 1); } c->remote_fd.is_socket=1; /* always! */ s_log(LOG_DEBUG, "Remote socket (FD=%d) initialized", c->remote_fd.fd); if(set_socket_options(c->remote_fd.fd, 2)) s_log(LOG_WARNING, "Failed to set remote socket options"); }
void client_main(CLI *c) { s_log(LOG_DEBUG, "Service [%s] started", c->opt->servname); if(c->opt->option.program && c->opt->option.remote) { /* exec and connect options specified together * -> spawn a local program instead of stdio */ for(;;) { SERVICE_OPTIONS *opt=c->opt; memset(c, 0, sizeof(CLI)); /* connect_local needs clean c */ c->opt=opt; if(!setjmp(c->err)) c->local_rfd.fd=c->local_wfd.fd=connect_local(c); else break; client_run(c); if(!c->opt->option.retry) break; sleep(1); /* FIXME: not a good idea in ucontext threading */ str_stats(); if(service_options.next) /* don't str_cleanup in inetd mode */ str_cleanup(); } } else client_run(c); str_free(c); }
void *client(void *arg) { CLI *c=arg; #ifdef DEBUG_STACK_SIZE stack_info(1); /* initialize */ #endif log(LOG_DEBUG, "%s started", c->opt->servname); #ifndef USE_WIN32 if(c->opt->option.remote && c->opt->option.program) c->local_rfd.fd=c->local_wfd.fd=connect_local(c); /* connect and exec options specified together */ /* spawn local program instead of stdio */ #endif c->remote_fd.fd=-1; c->ssl=NULL; cleanup(c, do_client(c)); #ifdef USE_FORK if(!c->opt->option.remote) /* 'exec' specified */ exec_status(); /* null SIGCHLD handler was used */ #else enter_critical_section(CRIT_CLIENTS); /* for multi-cpu machines */ log(LOG_DEBUG, "%s finished (%d left)", c->opt->servname, --num_clients); leave_critical_section(CRIT_CLIENTS); #endif free(c); #ifdef DEBUG_STACK_SIZE stack_info(0); /* display computed value */ #endif return NULL; }
static void reset_sys() { char *cmd; char p_tmp[64]; int fd; cmd = malloc(MAX_CMD_LEN*sizeof(char)); if(cmd==NULL){ return; } sprintf(p_tmp, "$%d=%d", e_TYPE, T_Set); strcpy(cmd, p_tmp); sprintf(p_tmp, "&%d=%d", e_reset, 1); strcat(cmd, p_tmp); sprintf(cmd, "#"); fd = connect_local(UN_AVSERVER_DOMAIN); if(fd<0){ printf("reset_sys fail: connect av_server failed.\n"); return; } send_local(fd, cmd, MAX_CMD_LEN); close_local(fd); return; }
void *client(void *arg) { CLI *c=arg; #ifdef DEBUG_STACK_SIZE stack_info(1); /* initialize */ #endif s_log(LOG_DEBUG, "%s started", c->opt->servname); if(alloc_fd(c->local_rfd.fd)) return NULL; if(c->local_wfd.fd!=c->local_rfd.fd) if(alloc_fd(c->local_wfd.fd)) return NULL; #ifndef USE_WIN32 if(c->opt->option.remote && c->opt->option.program) c->local_rfd.fd=c->local_wfd.fd=connect_local(c); /* connect and exec options specified together */ /* spawn local program instead of stdio */ #endif c->remote_fd.fd=-1; c->ssl=NULL; cleanup(c, do_client(c)); #ifdef USE_FORK if(!c->opt->option.remote) /* 'exec' specified */ child_status(); /* null SIGCHLD handler was used */ #else enter_critical_section(CRIT_CLIENTS); /* for multi-cpu machines */ s_log(LOG_DEBUG, "%s finished (%d left)", c->opt->servname, --num_clients); leave_critical_section(CRIT_CLIENTS); #endif free(c); #ifdef DEBUG_STACK_SIZE stack_info(0); /* display computed value */ #endif #ifdef USE_WIN32 _endthread(); #endif #ifdef USE_UCONTEXT s_log(LOG_DEBUG, "Context %ld closed", ready_head->id); s_poll_wait(NULL, 0); /* wait on poll() */ s_log(LOG_ERR, "INTERNAL ERROR: failed to drop context"); #endif return NULL; }
void *client(void *arg) { CLI *c=arg; #ifdef DEBUG_STACK_SIZE stack_info(1); /* initialize */ #endif s_log(LOG_DEBUG, "Service %s started", c->opt->servname); if(c->opt->option.remote && c->opt->option.program) { /* connect and exec options specified together */ /* -> spawn a local program instead of stdio */ while((c->local_rfd.fd=c->local_wfd.fd=connect_local(c))>=0) { run_client(c); if(!c->opt->option.retry) break; sleep(1); /* FIXME: not a good idea in ucontext threading */ str_stats(); str_cleanup(); } } else run_client(c); /* str_free() cannot be used here, because corresponding calloc() is called from a different thread */ free(c); #ifdef DEBUG_STACK_SIZE stack_info(0); /* display computed value */ #endif #ifdef USE_UCONTEXT s_log(LOG_DEBUG, "Context %ld closed", ready_head->id); #endif str_stats(); str_cleanup(); /* s_log() is not allowed after str_cleanup() */ #if defined(USE_WIN32) && !defined(_WIN32_WCE) _endthread(); #endif #ifdef USE_UCONTEXT s_poll_wait(NULL, 0, 0); /* wait on poll() */ #endif return NULL; }
static int init_local(CLI *c) { SOCKADDR_UNION addr; socklen_t addrlen; addrlen=sizeof(SOCKADDR_UNION); if(getpeername(c->local_rfd.fd, &addr.sa, &addrlen)<0) { strcpy(c->accepting_address, "NOT A SOCKET"); c->local_rfd.is_socket=0; c->local_wfd.is_socket=0; /* TODO: It's not always true */ #ifdef USE_WIN32 if(get_last_socket_error()!=ENOTSOCK) { #else if(c->opt->option.transparent || get_last_socket_error()!=ENOTSOCK) { #endif sockerror("getpeerbyname"); return -1; } /* Ignore ENOTSOCK error so 'local' doesn't have to be a socket */ } else { /* success */ /* copy addr to c->peer_addr */ memcpy(&c->peer_addr.addr[0], &addr, sizeof(SOCKADDR_UNION)); c->peer_addr.num=1; s_ntop(c->accepting_address, &c->peer_addr.addr[0]); c->local_rfd.is_socket=1; c->local_wfd.is_socket=1; /* TODO: It's not always true */ /* It's a socket: lets setup options */ if(set_socket_options(c->local_rfd.fd, 1)<0) return -1; if(auth_libwrap(c)<0) return -1; if(auth_user(c)<0) { s_log(LOG_WARNING, "Connection from %s REFUSED by IDENT", c->accepting_address); return -1; } s_log(LOG_NOTICE, "%s connected from %s", c->opt->servname, c->accepting_address); } return 0; /* OK */ } static int init_remote(CLI *c) { int fd; /* create connection to host/service */ if(c->opt->source_addr.num) memcpy(&c->bind_addr, &c->opt->source_addr, sizeof(SOCKADDR_LIST)); #ifndef USE_WIN32 else if(c->opt->option.transparent) memcpy(&c->bind_addr, &c->peer_addr, sizeof(SOCKADDR_LIST)); #endif else { c->bind_addr.num=0; /* don't bind connecting socket */ } /* Setup c->remote_fd, now */ if(c->opt->option.remote) { fd=connect_remote(c); } else /* NOT in remote mode */ fd=connect_local(c); if(fd<0) { s_log(LOG_ERR, "Failed to initialize remote connection"); return -1; } #ifndef USE_WIN32 if(fd>=max_fds) { s_log(LOG_ERR, "Remote file descriptor out of range (%d>=%d)", fd, max_fds); closesocket(fd); return -1; } #endif s_log(LOG_DEBUG, "Remote FD=%d initialized", fd); c->remote_fd.fd=fd; c->remote_fd.is_socket=1; /* Always! */ if(set_socket_options(fd, 2)<0) return -1; return 0; /* OK */ }
static void init_local(CLI *c) { SOCKADDR_UNION addr; socklen_t addrlen; addrlen=sizeof addr; if(getpeername(c->local_rfd.fd, &addr.sa, &addrlen)<0) { strcpy(c->accepted_address, "NOT A SOCKET"); c->local_rfd.is_socket=0; c->local_wfd.is_socket=0; /* TODO: It's not always true */ #ifdef USE_WIN32 if(get_last_socket_error()!=ENOTSOCK) { #else if(c->opt->option.transparent_src || get_last_socket_error()!=ENOTSOCK) { #endif sockerror("getpeerbyname"); longjmp(c->err, 1); } /* ignore ENOTSOCK error so 'local' doesn't have to be a socket */ } else { /* success */ /* copy addr to c->peer_addr */ memcpy(&c->peer_addr.addr[0], &addr, sizeof addr); c->peer_addr.num=1; s_ntop(c->accepted_address, &c->peer_addr.addr[0]); c->local_rfd.is_socket=1; c->local_wfd.is_socket=1; /* TODO: It's not always true */ /* it's a socket: lets setup options */ if(set_socket_options(c->local_rfd.fd, 1)<0) longjmp(c->err, 1); #ifdef USE_LIBWRAP libwrap_auth(c); #endif /* USE_LIBWRAP */ auth_user(c); s_log(LOG_NOTICE, "Service %s accepted connection from %s", c->opt->servname, c->accepted_address); } } static void init_remote(CLI *c) { /* create connection to host/service */ if(c->opt->source_addr.num) memcpy(&c->bind_addr, &c->opt->source_addr, sizeof(SOCKADDR_LIST)); #ifndef USE_WIN32 else if(c->opt->option.transparent_src) memcpy(&c->bind_addr, &c->peer_addr, sizeof(SOCKADDR_LIST)); #endif else { c->bind_addr.num=0; /* don't bind connecting socket */ } /* setup c->remote_fd, now */ if(c->opt->option.remote) c->remote_fd.fd=connect_remote(c); #ifdef SO_ORIGINAL_DST else if(c->opt->option.transparent_dst) c->remote_fd.fd=connect_transparent(c); #endif /* SO_ORIGINAL_DST */ else /* NOT in remote mode */ c->remote_fd.fd=connect_local(c); c->remote_fd.is_socket=1; /* always! */ s_log(LOG_DEBUG, "Remote FD=%d initialized", c->remote_fd.fd); if(set_socket_options(c->remote_fd.fd, 2)<0) longjmp(c->err, 1); } static void init_ssl(CLI *c) { int i, err; SSL_SESSION *old_session; if(!(c->ssl=SSL_new(c->opt->ctx))) { sslerror("SSL_new"); longjmp(c->err, 1); } SSL_set_ex_data(c->ssl, cli_index, c); /* for callbacks */ SSL_set_session_id_context(c->ssl, (unsigned char *)sid_ctx, strlen(sid_ctx)); if(c->opt->option.client) { #ifndef OPENSSL_NO_TLSEXT if(c->opt->host_name) { s_log(LOG_DEBUG, "SNI: host name: %s", c->opt->host_name); if(!SSL_set_tlsext_host_name(c->ssl, c->opt->host_name)) { sslerror("SSL_set_tlsext_host_name"); longjmp(c->err, 1); } } #endif if(c->opt->session) { enter_critical_section(CRIT_SESSION); SSL_set_session(c->ssl, c->opt->session); leave_critical_section(CRIT_SESSION); } SSL_set_fd(c->ssl, c->remote_fd.fd); SSL_set_connect_state(c->ssl); } else { if(c->local_rfd.fd==c->local_wfd.fd) SSL_set_fd(c->ssl, c->local_rfd.fd); else { /* does it make sence to have SSL on STDIN/STDOUT? */ SSL_set_rfd(c->ssl, c->local_rfd.fd); SSL_set_wfd(c->ssl, c->local_wfd.fd); } SSL_set_accept_state(c->ssl); } /* setup some values for transfer() function */ if(c->opt->option.client) { c->sock_rfd=&(c->local_rfd); c->sock_wfd=&(c->local_wfd); c->ssl_rfd=c->ssl_wfd=&(c->remote_fd); } else { c->sock_rfd=c->sock_wfd=&(c->remote_fd); c->ssl_rfd=&(c->local_rfd); c->ssl_wfd=&(c->local_wfd); } while(1) { #if OPENSSL_VERSION_NUMBER<0x1000002f /* this critical section is a crude workaround for CVE-2010-3864 * * see http://www.securityfocus.com/bid/44884 for details * * NOTE: this critical section also covers callbacks (e.g. OCSP) */ enter_critical_section(CRIT_SSL); #endif /* OpenSSL version < 1.0.0b */ if(c->opt->option.client) i=SSL_connect(c->ssl); else i=SSL_accept(c->ssl); #if OPENSSL_VERSION_NUMBER<0x1000002f leave_critical_section(CRIT_SSL); #endif /* OpenSSL version < 1.0.0b */ err=SSL_get_error(c->ssl, i); if(err==SSL_ERROR_NONE) break; /* ok -> done */ if(err==SSL_ERROR_WANT_READ || err==SSL_ERROR_WANT_WRITE) { s_poll_init(&c->fds); s_poll_add(&c->fds, c->ssl_rfd->fd, err==SSL_ERROR_WANT_READ, err==SSL_ERROR_WANT_WRITE); switch(s_poll_wait(&c->fds, c->opt->timeout_busy, 0)) { case -1: sockerror("init_ssl: s_poll_wait"); longjmp(c->err, 1); case 0: s_log(LOG_INFO, "init_ssl: s_poll_wait:" " TIMEOUTbusy exceeded: sending reset"); longjmp(c->err, 1); case 1: break; /* OK */ default: s_log(LOG_ERR, "init_ssl: s_poll_wait: unknown result"); longjmp(c->err, 1); } continue; /* ok -> retry */ } if(err==SSL_ERROR_SYSCALL) { switch(get_last_socket_error()) { case EINTR: case EAGAIN: continue; } } if(c->opt->option.client) sslerror("SSL_connect"); else sslerror("SSL_accept"); longjmp(c->err, 1); } if(SSL_session_reused(c->ssl)) { s_log(LOG_INFO, "SSL %s: previous session reused", c->opt->option.client ? "connected" : "accepted"); } else { /* a new session was negotiated */ if(c->opt->option.client) { s_log(LOG_INFO, "SSL connected: new session negotiated"); enter_critical_section(CRIT_SESSION); old_session=c->opt->session; c->opt->session=SSL_get1_session(c->ssl); /* store it */ if(old_session) SSL_SESSION_free(old_session); /* release the old one */ leave_critical_section(CRIT_SESSION); } else s_log(LOG_INFO, "SSL accepted: new session negotiated"); print_cipher(c); } }
static int init_local(CLI *c) { int addrlen; addrlen=sizeof(c->addr); if(getpeername(c->local_rfd.fd, (struct sockaddr *)&c->addr, &addrlen)<0) { strcpy(c->accepting_address, "NOT A SOCKET"); c->local_rfd.is_socket=0; c->local_wfd.is_socket=0; /* TODO: It's not always true */ #ifdef USE_WIN32 if(get_last_socket_error()!=ENOTSOCK) { #else if(c->opt->option.transparent || get_last_socket_error()!=ENOTSOCK) { #endif sockerror("getpeerbyname"); return -1; } /* Ignore ENOTSOCK error so 'local' doesn't have to be a socket */ } else { safe_ntoa(c->accepting_address, c->addr.sin_addr); c->local_rfd.is_socket=1; c->local_wfd.is_socket=1; /* TODO: It's not always true */ /* It's a socket: lets setup options */ if(set_socket_options(c->local_rfd.fd, 1)<0) return -1; if(auth_libwrap(c)<0) return -1; if(auth_user(c)<0) { log(LOG_WARNING, "Connection from %s:%d REFUSED by IDENT", c->accepting_address, ntohs(c->addr.sin_port)); return -1; } log(LOG_NOTICE, "%s connected from %s:%d", c->opt->servname, c->accepting_address, ntohs(c->addr.sin_port)); } return 0; /* OK */ } static int init_remote(CLI *c) { int fd; /* create connection to host/service */ if(c->opt->local_ip) c->bind_ip=*c->opt->local_ip; #ifndef USE_WIN32 else if(c->opt->option.transparent) c->bind_ip=c->addr.sin_addr.s_addr; #endif else c->bind_ip=0; /* Setup c->remote_fd, now */ if(c->opt->option.remote) { c->resolved_addresses=NULL; fd=connect_remote(c); if(c->resolved_addresses) /* allocated */ free(c->resolved_addresses); } else /* NOT in remote mode */ fd=connect_local(c); if(fd<0) { log(LOG_ERR, "Failed to initialize remote connection"); return -1; } #ifndef USE_WIN32 if(fd>=max_fds) { log(LOG_ERR, "Remote file descriptor out of range (%d>=%d)", fd, max_fds); closesocket(fd); return -1; } #endif log(LOG_DEBUG, "Remote FD=%d initialized", fd); c->remote_fd.fd=fd; c->remote_fd.is_socket=1; /* Always! */ if(set_socket_options(fd, 2)<0) return -1; return 0; /* OK */ }