void Server::Run() {
serverSocket.Listen(maxConnections);
std::cout << "Server now listening for incoming connections at port " << serverSocket.GetPort() << '\n';
threadPool.Startup();
running = true;
while(running) {
if(serverSocket.IsReady()) {
try {
auto clientSocketPtr = std::make_shared<Socket>(serverSocket.Accept());
threadPool.EnqueueTask([this, clientSocketPtr]() mutable {
clientSocketPtr->SetReceiveTimeout(1);
clientSocketPtr->SetSendTimeout(1);
this->ServeClient(*clientSocketPtr);
});
} catch(const SystemException& e) {
std::lock_guard<std::mutex> guard(stderrMutex);
std::cerr << e.what() << '\n';
}
}
}
}
void TCPClient::Init()
{
CreateTCPSocket();
SetReceiveTimeout(this->_tcp_socket);
SetSendTimeout(this->_tcp_socket);
Connect();
cout << "Connected to " << this->address << ":" << this->port << endl;
}
UDPClient::UDPClient(string address, unsigned int port) : Client(address, port)
{
this->serverAddressInfo = (sockaddr*)CreateAddressInfoForClient();
_udp_socket = CreateUDPSocket();
SetReceiveTimeout(this->_udp_socket, GetTimeout(UDP_RECV_TIMEOUT));
for (auto i = 0; i < PACKAGE_COUNT; i++)
{
auto _pair = new pair<fpos_t, char*>();
_pair->second = new char[UDP_BUFFER_SIZE];
this->receivedBuffer.push_back(_pair);
}
}
Server::Server(unsigned int port)
{
this->port = port;
_udp_socket = CreateUDPSocket();
CreateTCPSocket();
Bind(_udp_socket);
Bind(this->_tcp_socket);
SetSendTimeout(this->_tcp_socket);
SetReceiveTimeout(_udp_socket, GetTimeout(100));
Listen();
FD_ZERO(&this->clientsSet);
FD_ZERO(&this->serverSet);
FD_SET(this->_tcp_socket, &this->serverSet);
FD_SET(_udp_socket, &this->serverSet);
std::cout << "Server started at port: " << this->port << std::endl;
}
static void *HandleConnection(ServerConnectionState *conn)
{
int ret;
char output[CF_BUFSIZE];
/* Set logging prefix to be the IP address for all of thread's lifetime. */
/* Should be valid for all lifetime of the thread. Just make sure that
* after calling DeleteConn(), you exit right away. */
LoggingPrivContext log_ctx = {
.log_hook = LogHook,
.param = conn->ipaddr
};
LoggingPrivSetContext(&log_ctx);
if (!ThreadLock(cft_server_children))
{
DeleteConn(conn);
return NULL;
}
ACTIVE_THREADS++;
if (ACTIVE_THREADS >= CFD_MAXPROCESSES)
{
ACTIVE_THREADS--;
if (TRIES++ > MAXTRIES) /* When to say we're hung / apoptosis threshold */
{
Log(LOG_LEVEL_ERR, "Server seems to be paralyzed. DOS attack? Committing apoptosis...");
FatalError(conn->ctx, "Terminating");
}
if (!ThreadUnlock(cft_server_children))
{
}
Log(LOG_LEVEL_ERR, "Too many threads (>=%d) -- increase server maxconnections?", CFD_MAXPROCESSES);
snprintf(output, CF_BUFSIZE, "BAD: Server is currently too busy -- increase maxconnections or splaytime?");
SendTransaction(conn->conn_info, output, 0, CF_DONE);
DeleteConn(conn);
return NULL;
}
else
{
ThreadUnlock(cft_server_children);
}
TRIES = 0; /* As long as there is activity, we're not stuck */
DisableSendDelays(ConnectionInfoSocket(conn->conn_info));
struct timeval tv = {
.tv_sec = CONNTIMEOUT * 20,
};
SetReceiveTimeout(ConnectionInfoSocket(conn->conn_info), &tv);
if (ConnectionInfoConnectionStatus(conn->conn_info) != CF_CONNECTION_ESTABLISHED)
{
/* Decide the protocol used. */
ret = ServerTLSPeek(conn->conn_info);
if (ret == -1)
{
DeleteConn(conn);
return NULL;
}
}
switch (ConnectionInfoProtocolVersion(conn->conn_info))
{
case CF_PROTOCOL_CLASSIC:
{
while (BusyWithClassicConnection(conn->ctx, conn))
{
}
break;
}
case CF_PROTOCOL_TLS:
{
ret = ServerTLSSessionEstablish(conn);
if (ret == -1)
{
DeleteConn(conn);
return NULL;
}
while (BusyWithNewProtocol(conn->ctx, conn))
{
}
break;
}
default:
UnexpectedError("HandleConnection: ProtocolVersion %d!",
ConnectionInfoProtocolVersion(conn->conn_info));
}
Log(LOG_LEVEL_INFO, "Connection closed, terminating thread",
conn->ipaddr);
if (!ThreadLock(cft_server_children))
{
DeleteConn(conn);
return NULL;
}
ACTIVE_THREADS--;
if (!ThreadUnlock(cft_server_children))
{
}
DeleteConn(conn);
return NULL;
}
/***************************************************************/
/* Toolkit/Class: conn */
/***************************************************************/
static ServerConnectionState *NewConn(EvalContext *ctx, ConnectionInfo *info)
{
ServerConnectionState *conn = NULL;
struct sockaddr_storage addr;
socklen_t size = sizeof(addr);
if (getsockname(ConnectionInfoSocket(info), (struct sockaddr *)&addr, &size) == -1)
{
Log(LOG_LEVEL_ERR, "Could not obtain socket address. (getsockname: '%s')", GetErrorStr());
return NULL;
}
conn = xcalloc(1, sizeof(*conn));
conn->ctx = ctx;
conn->conn_info = info;
conn->id_verified = false;
conn->rsa_auth = false;
conn->hostname[0] = '\0';
conn->ipaddr[0] = '\0';
conn->username[0] = '\0';
conn->session_key = NULL;
conn->encryption_type = 'c';
conn->maproot = false; /* Only public files (chmod o+r) accessible */
Log(LOG_LEVEL_DEBUG, "New socket %d", ConnectionInfoSocket(info));
return conn;
}
/***************************************************************/
static void DeleteConn(ServerConnectionState *conn)
{
cf_closesocket(ConnectionInfoSocket(conn->conn_info));
ConnectionInfoDestroy(&conn->conn_info);
free(conn->session_key);
if (conn->ipaddr != NULL)
{
if (!ThreadLock(cft_count))
{
return;
}
DeleteItemMatching(&SV.connectionlist, MapAddress(conn->ipaddr));
if (!ThreadUnlock(cft_count))
{
return;
}
}
*conn = (ServerConnectionState) {0};
free(conn);
}
/**
Tries to connect() to server #host, returns the socket descriptor and the
IP address that succeeded in #txtaddr.
@param #connect_timeout how long to wait for connect(), zero blocks forever
@param #txtaddr If connected successfully return the IP connected in
textual representation
@return Connected socket descriptor or -1 in case of failure.
*/
int SocketConnect(const char *host, const char *port,
unsigned int connect_timeout, bool force_ipv4,
char *txtaddr, size_t txtaddr_size)
{
struct addrinfo *response = NULL, *ap;
bool connected = false;
int sd = -1;
struct addrinfo query = {
.ai_family = force_ipv4 ? AF_INET : AF_UNSPEC,
.ai_socktype = SOCK_STREAM
};
int ret = getaddrinfo(host, port, &query, &response);
if (ret != 0)
{
Log(LOG_LEVEL_INFO,
"Unable to find host '%s' service '%s' (%s)",
host, port, gai_strerror(ret));
if (response != NULL)
{
freeaddrinfo(response);
}
return -1;
}
for (ap = response; !connected && ap != NULL; ap = ap->ai_next)
{
/* Convert address to string. */
getnameinfo(ap->ai_addr, ap->ai_addrlen,
txtaddr, txtaddr_size,
NULL, 0, NI_NUMERICHOST);
Log(LOG_LEVEL_VERBOSE,
"Connecting to host %s, port %s as address %s",
host, port, txtaddr);
sd = socket(ap->ai_family, ap->ai_socktype, ap->ai_protocol);
if (sd == -1)
{
Log(LOG_LEVEL_ERR, "Couldn't open a socket to '%s' (socket: %s)",
txtaddr, GetErrorStr());
}
else
{
/* Bind socket to specific interface, if requested. */
if (BINDINTERFACE[0] != '\0')
{
struct addrinfo query2 = {
.ai_family = force_ipv4 ? AF_INET : AF_UNSPEC,
.ai_socktype = SOCK_STREAM,
/* returned address is for bind() */
.ai_flags = AI_PASSIVE
};
struct addrinfo *response2 = NULL, *ap2;
int ret2 = getaddrinfo(BINDINTERFACE, NULL, &query2, &response2);
if (ret2 != 0)
{
Log(LOG_LEVEL_ERR,
"Unable to lookup interface '%s' to bind. (getaddrinfo: %s)",
BINDINTERFACE, gai_strerror(ret2));
if (response2 != NULL)
{
freeaddrinfo(response2);
}
assert(response); /* first getaddrinfo was successful */
freeaddrinfo(response);
cf_closesocket(sd);
return -1;
}
for (ap2 = response2; ap2 != NULL; ap2 = ap2->ai_next)
{
if (bind(sd, ap2->ai_addr, ap2->ai_addrlen) == 0)
{
break;
}
}
if (ap2 == NULL)
{
Log(LOG_LEVEL_ERR,
"Unable to bind to interface '%s'. (bind: %s)",
BINDINTERFACE, GetErrorStr());
}
assert(response2); /* second getaddrinfo was successful */
freeaddrinfo(response2);
}
connected = TryConnect(sd, connect_timeout * 1000,
ap->ai_addr, ap->ai_addrlen);
if (!connected)
{
Log(LOG_LEVEL_VERBOSE, "Unable to connect to address %s (%s)",
txtaddr, GetErrorStr());
cf_closesocket(sd);
sd = -1;
}
}
}
assert(response != NULL); /* first getaddrinfo was successful */
freeaddrinfo(response);
if (connected)
{
Log(LOG_LEVEL_VERBOSE,
"Connected to host %s address %s port %s",
host, txtaddr, port);
}
else
{
Log(LOG_LEVEL_VERBOSE,
"Unable to connect to host %s port %s",
host, port);
}
return sd;
}
#if !defined(__MINGW32__)
#if defined(__hpux) && defined(__GNUC__)
#pragma GCC diagnostic ignored "-Wstrict-aliasing"
// HP-UX GCC type-pun warning on FD_SET() macro:
// While the "fd_set" type is defined in /usr/include/sys/_fd_macros.h as a
// struct of an array of "long" values in accordance with the XPG4 standard's
// requirements, the macros for the FD operations "pretend it is an array of
// int32_t's so the binary layout is the same for both Narrow and Wide
// processes," as described in _fd_macros.h. In the FD_SET, FD_CLR, and
// FD_ISSET macros at line 101, the result is cast to an "__fd_mask *" type,
// which is defined as int32_t at _fd_macros.h:82.
//
// This conflict between the "long fds_bits[]" array in the XPG4-compliant
// fd_set structure, and the cast to an int32_t - not long - pointer in the
// macros, causes a type-pun warning if -Wstrict-aliasing is enabled.
// The warning is merely a side effect of HP-UX working as designed,
// so it can be ignored.
#endif
/**
* Tries to connect for #timeout_ms milliseconds. On success sets the recv()
* timeout to #timeout_ms as well.
*
* @param #timeout_ms How long to wait for connect(), if zero wait forever.
* @return true on success, false otherwise.
**/
bool TryConnect(int sd, unsigned long timeout_ms,
const struct sockaddr *sa, socklen_t sa_len)
{
assert(sa != NULL);
if (sd >= FD_SETSIZE)
{
Log(LOG_LEVEL_ERR, "Open connections exceed FD_SETSIZE limit of %d",
FD_SETSIZE);
return false;
}
/* set non-blocking socket */
int arg = fcntl(sd, F_GETFL, NULL);
int ret = fcntl(sd, F_SETFL, arg | O_NONBLOCK);
if (ret == -1)
{
Log(LOG_LEVEL_ERR,
"Failed to set socket to non-blocking mode (fcntl: %s)",
GetErrorStr());
}
ret = connect(sd, sa, sa_len);
if (ret == -1)
{
if (errno != EINPROGRESS)
{
Log(LOG_LEVEL_INFO, "Failed to connect to server (connect: %s)",
GetErrorStr());
return false;
}
int errcode;
socklen_t opt_len = sizeof(errcode);
fd_set myset;
FD_ZERO(&myset);
FD_SET(sd, &myset);
Log(LOG_LEVEL_VERBOSE, "Waiting to connect...");
struct timeval tv, *tvp;
if (timeout_ms > 0)
{
tv.tv_sec = timeout_ms / 1000;
tv.tv_usec = (timeout_ms % 1000) * 1000;
tvp = &tv;
}
else
{
tvp = NULL; /* wait indefinitely */
}
ret = select(sd + 1, NULL, &myset, NULL, tvp);
if (ret == 0)
{
Log(LOG_LEVEL_INFO, "Timeout connecting to server");
return false;
}
if (ret == -1)
{
if (errno == EINTR)
{
Log(LOG_LEVEL_ERR,
"Socket connect was interrupted by signal");
}
else
{
Log(LOG_LEVEL_ERR,
"Failure while connecting (select: %s)",
GetErrorStr());
}
return false;
}
ret = getsockopt(sd, SOL_SOCKET, SO_ERROR,
(void *) &errcode, &opt_len);
if (ret == -1)
{
Log(LOG_LEVEL_ERR,
"Could not check connection status (getsockopt: %s)",
GetErrorStr());
return false;
}
if (errcode != 0)
{
Log(LOG_LEVEL_INFO, "Failed to connect to server: %s",
GetErrorStrFromCode(errcode));
return false;
}
}
/* Connection succeeded, return to blocking mode. */
ret = fcntl(sd, F_SETFL, arg);
if (ret == -1)
{
Log(LOG_LEVEL_ERR,
"Failed to set socket back to blocking mode (fcntl: %s)",
GetErrorStr());
}
if (timeout_ms > 0)
{
SetReceiveTimeout(sd, timeout_ms);
}
return true;
}
#if defined(__hpux) && defined(__GNUC__)
#pragma GCC diagnostic warning "-Wstrict-aliasing"
#endif
#endif /* !defined(__MINGW32__) */
/**
* Set timeout for recv(), in milliseconds.
* @param ms must be > 0.
*/
int SetReceiveTimeout(int fd, unsigned long ms)
{
assert(ms > 0);
Log(LOG_LEVEL_VERBOSE, "Setting socket timeout to %lu seconds.", ms/1000);
/* On windows SO_RCVTIMEO is set by a DWORD indicating the timeout in
* milliseconds, on UNIX it's a struct timeval. */
#if !defined(__MINGW32__)
struct timeval tv = {
.tv_sec = ms / 1000,
.tv_usec = (ms % 1000) * 1000
};
int ret = setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv));
#else
int ret = setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, &ms, sizeof(ms));
#endif
if (ret != 0)
{
Log(LOG_LEVEL_INFO,
"Failed to set socket timeout to %lu milliseconds.", ms);
return -1;
}
return 0;
}
static void *HandleConnection(void *c)
{
ServerConnectionState *conn = c;
int ret;
/* Set logging prefix to be the IP address for all of thread's lifetime. */
/* This stack-allocated struct should be valid for all the lifetime of the
* thread. Just make sure that after calling DeleteConn() (which frees
* ipaddr), you exit the thread right away. */
LoggingPrivContext log_ctx = {
.log_hook = LogHook,
.param = conn->ipaddr
};
LoggingPrivSetContext(&log_ctx);
Log(LOG_LEVEL_INFO, "Accepting connection");
/* We test if number of active threads is greater than max, if so we deny
connection, if it happened too many times within a short timeframe then we
kill ourself.TODO this test should be done *before* spawning the thread. */
ret = ThreadLock(cft_server_children);
if (!ret)
{
Log(LOG_LEVEL_ERR, "Unable to thread-lock, closing connection!");
goto ret2;
}
else if (ACTIVE_THREADS > CFD_MAXPROCESSES)
{
if (TRIES > MAXTRIES)
{
/* This happens when no thread was freed while we had to drop 5
* (or maxconnections/3) consecutive connections, because none of
* the existing threads finished. */
Log(LOG_LEVEL_CRIT,
"Server seems to be paralyzed. DOS attack? "
"Committing apoptosis...");
ThreadUnlock(cft_server_children);
FatalError(conn->ctx, "Terminating");
}
TRIES++;
Log(LOG_LEVEL_ERR,
"Too many threads (%d > %d), dropping connection! "
"Increase server maxconnections?",
ACTIVE_THREADS, CFD_MAXPROCESSES);
ThreadUnlock(cft_server_children);
goto ret2;
}
ACTIVE_THREADS++;
TRIES = 0;
ThreadUnlock(cft_server_children);
DisableSendDelays(ConnectionInfoSocket(conn->conn_info));
/* 20 times the connect() timeout should be enough to avoid MD5
* computation timeouts on big files on old slow Solaris 8 machines. */
SetReceiveTimeout(ConnectionInfoSocket(conn->conn_info),
CONNTIMEOUT * 20 * 1000);
if (ConnectionInfoConnectionStatus(conn->conn_info) != CF_CONNECTION_ESTABLISHED)
{
/* Decide the protocol used. */
ret = ServerTLSPeek(conn->conn_info);
if (ret == -1)
{
goto ret1;
}
}
ProtocolVersion protocol_version = ConnectionInfoProtocolVersion(conn->conn_info);
if (protocol_version == CF_PROTOCOL_LATEST)
{
ret = ServerTLSSessionEstablish(conn);
if (ret == -1)
{
goto ret1;
}
}
else if (protocol_version < CF_PROTOCOL_LATEST &&
protocol_version > CF_PROTOCOL_UNDEFINED)
{
/* This connection is legacy protocol. Do we allow it? */
if (SV.allowlegacyconnects != NULL && /* By default we do */
!IsMatchItemIn(SV.allowlegacyconnects, conn->ipaddr))
{
Log(LOG_LEVEL_INFO,
"Connection is not using latest protocol, denying");
goto ret1;
}
}
else
{
UnexpectedError("HandleConnection: ProtocolVersion %d!",
ConnectionInfoProtocolVersion(conn->conn_info));
goto ret1;
}
/* ========================= MAIN LOOPS ========================= */
if (protocol_version >= CF_PROTOCOL_TLS)
{
/* New protocol does DNS reverse look up of the connected
* IP address, to check hostname access_rules. */
if (NEED_REVERSE_LOOKUP)
{
ret = getnameinfo((const struct sockaddr *) &conn->conn_info->ss,
conn->conn_info->ss_len,
conn->revdns, sizeof(conn->revdns),
NULL, 0, NI_NAMEREQD);
if (ret != 0)
{
Log(LOG_LEVEL_INFO,
"Reverse lookup failed (getnameinfo: %s)!",
gai_strerror(ret));
}
else
{
Log(LOG_LEVEL_INFO,
"Hostname (reverse looked up): %s",
conn->revdns);
}
}
while (BusyWithNewProtocol(conn->ctx, conn))
{
}
}
else if (protocol_version == CF_PROTOCOL_CLASSIC)
{
while (BusyWithClassicConnection(conn->ctx, conn))
{
}
}
/* ============================================================ */
Log(LOG_LEVEL_INFO, "Connection closed, terminating thread");
ret1:
ThreadLock(cft_server_children);
ACTIVE_THREADS--;
ThreadUnlock(cft_server_children);
ret2:
DeleteConn(conn);
return NULL;
}
/***************************************************************/
/* Toolkit/Class: conn */
/***************************************************************/
static ServerConnectionState *NewConn(EvalContext *ctx, ConnectionInfo *info)
{
ServerConnectionState *conn = NULL;
struct sockaddr_storage addr;
socklen_t size = sizeof(addr);
if (getsockname(ConnectionInfoSocket(info), (struct sockaddr *)&addr, &size) == -1)
{
Log(LOG_LEVEL_ERR, "Could not obtain socket address. (getsockname: '%s')", GetErrorStr());
return NULL;
}
conn = xcalloc(1, sizeof(*conn));
conn->ctx = ctx;
conn->conn_info = info;
conn->user_data_set = false;
conn->rsa_auth = false;
conn->hostname[0] = '\0';
conn->ipaddr[0] = '\0';
conn->username[0] = '\0';
conn->session_key = NULL;
conn->encryption_type = 'c';
conn->maproot = false; /* Only public files (chmod o+r) accessible */
conn->revdns[0] = '\0';
Log(LOG_LEVEL_DEBUG, "New socket %d", ConnectionInfoSocket(info));
return conn;
}
