]>
Commit | Line | Data |
---|---|---|
0f78b815 | 1 | /* |
d5d4b282 | 2 | * Socket functions used in rsync. |
362099a5 | 3 | * |
0f78b815 WD |
4 | * Copyright (C) 1992-2001 Andrew Tridgell <tridge@samba.org> |
5 | * Copyright (C) 2001, 2002 Martin Pool <mbp@samba.org> | |
3ba4db70 | 6 | * Copyright (C) 2003-2020 Wayne Davison |
0f78b815 WD |
7 | * |
8 | * This program is free software; you can redistribute it and/or modify | |
8e41b68e WD |
9 | * it under the terms of the GNU General Public License as published by |
10 | * the Free Software Foundation; either version 3 of the License, or | |
11 | * (at your option) any later version. | |
0f78b815 WD |
12 | * |
13 | * This program is distributed in the hope that it will be useful, | |
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
16 | * GNU General Public License for more details. | |
17 | * | |
e7c67065 | 18 | * You should have received a copy of the GNU General Public License along |
4fd842f9 | 19 | * with this program; if not, visit the http://fsf.org website. |
0f78b815 WD |
20 | */ |
21 | ||
22 | /* This file is now converted to use the new-style getaddrinfo() | |
362099a5 MP |
23 | * interface, which supports IPv6 but is also supported on recent |
24 | * IPv4-only machines. On systems that don't have that interface, we | |
0f78b815 | 25 | * emulate it using the KAME implementation. */ |
bc2e93eb | 26 | |
f0fca04e | 27 | #include "rsync.h" |
5dd14f0c | 28 | #include "itypes.h" |
11eb67ee | 29 | #include "ifuncs.h" |
0a77adee | 30 | #ifdef HAVE_NETINET_IN_SYSTM_H |
5899b8cf | 31 | #include <netinet/in_systm.h> |
0a77adee WD |
32 | #endif |
33 | #ifdef HAVE_NETINET_IP_H | |
5899b8cf | 34 | #include <netinet/ip.h> |
0a77adee | 35 | #endif |
0f5c1c19 | 36 | #include <netinet/tcp.h> |
f0fca04e | 37 | |
2c7d63c7 | 38 | extern char *bind_address; |
1c3e6e8b | 39 | extern char *sockopts; |
2c7d63c7 | 40 | extern int default_af_hint; |
ba22c9e2 | 41 | extern int connect_timeout; |
b177311a | 42 | extern int pid_file_fd; |
9a5a8673 | 43 | |
44e604f4 | 44 | #ifdef HAVE_SIGACTION |
2b28968d WD |
45 | static struct sigaction sigact; |
46 | #endif | |
47 | ||
292a5c2b WD |
48 | static int sock_exec(const char *prog); |
49 | ||
50 | /* Establish a proxy connection on an open socket to a web proxy by using the | |
51 | * CONNECT method. If proxy_user and proxy_pass are not NULL, they are used to | |
52 | * authenticate to the proxy using the "Basic" proxy-authorization protocol. */ | |
e63ff70e | 53 | static int establish_proxy_connection(int fd, char *host, int port, char *proxy_user, char *proxy_pass) |
4c3b4b25 | 54 | { |
a3a84107 WD |
55 | char *cp, buffer[1024]; |
56 | char *authhdr, authbuf[1024]; | |
57 | int len; | |
58 | ||
59 | if (proxy_user && proxy_pass) { | |
893c4cc0 WD |
60 | stringjoin(buffer, sizeof buffer, |
61 | proxy_user, ":", proxy_pass, NULL); | |
a3a84107 | 62 | len = strlen(buffer); |
4c3b4b25 | 63 | |
8030b28f | 64 | if ((len*8 + 5) / 6 >= (int)sizeof authbuf - 3) { |
a3a84107 WD |
65 | rprintf(FERROR, |
66 | "authentication information is too long\n"); | |
67 | return -1; | |
68 | } | |
69 | ||
6854bf69 | 70 | base64_encode(buffer, len, authbuf, 1); |
a3a84107 WD |
71 | authhdr = "\r\nProxy-Authorization: Basic "; |
72 | } else { | |
73 | *authbuf = '\0'; | |
74 | authhdr = ""; | |
75 | } | |
76 | ||
f5446552 WD |
77 | len = snprintf(buffer, sizeof buffer, "CONNECT %s:%d HTTP/1.0%s%s\r\n\r\n", host, port, authhdr, authbuf); |
78 | assert(len > 0 && len < (int)sizeof buffer); | |
a3a84107 | 79 | if (write(fd, buffer, len) != len) { |
d62bcc17 | 80 | rsyserr(FERROR, errno, "failed to write to proxy"); |
4c3b4b25 AT |
81 | return -1; |
82 | } | |
83 | ||
a3a84107 | 84 | for (cp = buffer; cp < &buffer[sizeof buffer - 1]; cp++) { |
4c3b4b25 | 85 | if (read(fd, cp, 1) != 1) { |
d62bcc17 | 86 | rsyserr(FERROR, errno, "failed to read from proxy"); |
4c3b4b25 AT |
87 | return -1; |
88 | } | |
89 | if (*cp == '\n') | |
90 | break; | |
91 | } | |
92 | ||
93 | if (*cp != '\n') | |
94 | cp++; | |
95 | *cp-- = '\0'; | |
96 | if (*cp == '\r') | |
97 | *cp = '\0'; | |
98 | if (strncmp(buffer, "HTTP/", 5) != 0) { | |
4ccfd96c | 99 | rprintf(FERROR, "bad response from proxy -- %s\n", |
4c3b4b25 AT |
100 | buffer); |
101 | return -1; | |
102 | } | |
2dc7b8bd | 103 | for (cp = &buffer[5]; isDigit(cp) || *cp == '.'; cp++) {} |
4c3b4b25 AT |
104 | while (*cp == ' ') |
105 | cp++; | |
106 | if (*cp != '2') { | |
4ccfd96c | 107 | rprintf(FERROR, "bad response from proxy -- %s\n", |
4c3b4b25 AT |
108 | buffer); |
109 | return -1; | |
110 | } | |
111 | /* throw away the rest of the HTTP header */ | |
112 | while (1) { | |
a3a84107 | 113 | for (cp = buffer; cp < &buffer[sizeof buffer - 1]; cp++) { |
4c3b4b25 | 114 | if (read(fd, cp, 1) != 1) { |
d62bcc17 WD |
115 | rsyserr(FERROR, errno, |
116 | "failed to read from proxy"); | |
4c3b4b25 AT |
117 | return -1; |
118 | } | |
119 | if (*cp == '\n') | |
120 | break; | |
121 | } | |
9c07d253 | 122 | if (cp > buffer && *cp == '\n') |
4c3b4b25 | 123 | cp--; |
9c07d253 | 124 | if (cp == buffer && (*cp == '\n' || *cp == '\r')) |
4c3b4b25 AT |
125 | break; |
126 | } | |
127 | return 0; | |
128 | } | |
129 | ||
130 | ||
292a5c2b WD |
131 | /* Try to set the local address for a newly-created socket. |
132 | * Return -1 if this fails. */ | |
e028b9ff | 133 | int try_bind_local(int s, int ai_family, int ai_socktype, |
4313d6f9 | 134 | const char *bind_addr) |
f8be7d42 MP |
135 | { |
136 | int error; | |
137 | struct addrinfo bhints, *bres_all, *r; | |
138 | ||
a3a84107 | 139 | memset(&bhints, 0, sizeof bhints); |
f8be7d42 MP |
140 | bhints.ai_family = ai_family; |
141 | bhints.ai_socktype = ai_socktype; | |
142 | bhints.ai_flags = AI_PASSIVE; | |
4313d6f9 | 143 | if ((error = getaddrinfo(bind_addr, NULL, &bhints, &bres_all))) { |
f8be7d42 | 144 | rprintf(FERROR, RSYNC_NAME ": getaddrinfo %s: %s\n", |
4313d6f9 | 145 | bind_addr, gai_strerror(error)); |
f8be7d42 MP |
146 | return -1; |
147 | } | |
148 | ||
149 | for (r = bres_all; r; r = r->ai_next) { | |
9ec75284 | 150 | if (bind(s, r->ai_addr, r->ai_addrlen) == -1) |
f8be7d42 | 151 | continue; |
6b2d24de | 152 | freeaddrinfo(bres_all); |
f8be7d42 MP |
153 | return s; |
154 | } | |
155 | ||
156 | /* no error message; there might be some problem that allows | |
157 | * creation of the socket but not binding, perhaps if the | |
158 | * machine has no ipv6 address of this name. */ | |
6b2d24de | 159 | freeaddrinfo(bres_all); |
f8be7d42 MP |
160 | return -1; |
161 | } | |
162 | ||
ba22c9e2 | 163 | /* connect() timeout handler based on alarm() */ |
23afe207 | 164 | static void contimeout_handler(UNUSED(int val)) |
ba22c9e2 WD |
165 | { |
166 | connect_timeout = -1; | |
167 | } | |
eecd22ff | 168 | |
292a5c2b | 169 | /* Open a socket to a tcp remote host with the specified port. |
06963d0f | 170 | * |
d5d4b282 MP |
171 | * Based on code from Warren. Proxy support by Stephen Rothwell. |
172 | * getaddrinfo() rewrite contributed by KAME.net. | |
06963d0f | 173 | * |
292a5c2b WD |
174 | * Now that we support IPv6 we need to look up the remote machine's address |
175 | * first, using af_hint to set a preference for the type of address. Then | |
176 | * depending on whether it has v4 or v6 addresses we try to open a connection. | |
06963d0f | 177 | * |
292a5c2b WD |
178 | * The loop allows for machines with some addresses which may not be reachable, |
179 | * perhaps because we can't e.g. route ipv6 to that network but we can get ip4 | |
180 | * packets through. | |
d5d4b282 | 181 | * |
292a5c2b | 182 | * bind_addr: local address to use. Normally NULL to bind the wildcard address. |
d5d4b282 | 183 | * |
292a5c2b | 184 | * af_hint: address family, e.g. AF_INET or AF_INET6. */ |
e63ff70e | 185 | int open_socket_out(char *host, int port, const char *bind_addr, int af_hint) |
bc2e93eb | 186 | { |
f0fca04e | 187 | int type = SOCK_STREAM; |
1c99b1d9 | 188 | int error, s, j, addr_cnt, *errnos; |
06963d0f MP |
189 | struct addrinfo hints, *res0, *res; |
190 | char portbuf[10]; | |
a3a84107 | 191 | char *h, *cp; |
4c3b4b25 AT |
192 | int proxied = 0; |
193 | char buffer[1024]; | |
a3a84107 | 194 | char *proxy_user = NULL, *proxy_pass = NULL; |
4c3b4b25 | 195 | |
660c6fbd | 196 | /* if we have a RSYNC_PROXY env variable then redirect our |
3ba4db70 | 197 | * connection via a web proxy at the given address. */ |
4c3b4b25 | 198 | h = getenv("RSYNC_PROXY"); |
9c07d253 | 199 | proxied = h != NULL && *h != '\0'; |
4c3b4b25 AT |
200 | |
201 | if (proxied) { | |
a3a84107 WD |
202 | strlcpy(buffer, h, sizeof buffer); |
203 | ||
204 | /* Is the USER:PASS@ prefix present? */ | |
b31c92ed | 205 | if ((cp = strrchr(buffer, '@')) != NULL) { |
a3a84107 WD |
206 | *cp++ = '\0'; |
207 | /* The remainder is the HOST:PORT part. */ | |
208 | h = cp; | |
209 | ||
210 | if ((cp = strchr(buffer, ':')) == NULL) { | |
211 | rprintf(FERROR, | |
212 | "invalid proxy specification: should be USER:PASS@HOST:PORT\n"); | |
213 | return -1; | |
214 | } | |
215 | *cp++ = '\0'; | |
216 | ||
217 | proxy_user = buffer; | |
218 | proxy_pass = cp; | |
219 | } else { | |
220 | /* The whole buffer is the HOST:PORT part. */ | |
221 | h = buffer; | |
222 | } | |
223 | ||
224 | if ((cp = strchr(h, ':')) == NULL) { | |
660c6fbd MP |
225 | rprintf(FERROR, |
226 | "invalid proxy specification: should be HOST:PORT\n"); | |
4c3b4b25 AT |
227 | return -1; |
228 | } | |
229 | *cp++ = '\0'; | |
a3a84107 | 230 | strlcpy(portbuf, cp, sizeof portbuf); |
951e826b | 231 | if (DEBUG_GTE(CONNECT, 1)) { |
7bea78ce MP |
232 | rprintf(FINFO, "connection via http proxy %s port %s\n", |
233 | h, portbuf); | |
234 | } | |
4c3b4b25 | 235 | } else { |
a3a84107 | 236 | snprintf(portbuf, sizeof portbuf, "%d", port); |
4c3b4b25 | 237 | h = host; |
4c3b4b25 | 238 | } |
f0fca04e | 239 | |
a3a84107 | 240 | memset(&hints, 0, sizeof hints); |
d5d4b282 | 241 | hints.ai_family = af_hint; |
06963d0f MP |
242 | hints.ai_socktype = type; |
243 | error = getaddrinfo(h, portbuf, &hints, &res0); | |
244 | if (error) { | |
d5d4b282 MP |
245 | rprintf(FERROR, RSYNC_NAME ": getaddrinfo: %s %s: %s\n", |
246 | h, portbuf, gai_strerror(error)); | |
f0fca04e AT |
247 | return -1; |
248 | } | |
249 | ||
1c99b1d9 WD |
250 | for (res = res0, addr_cnt = 0; res; res = res->ai_next, addr_cnt++) {} |
251 | errnos = new_array0(int, addr_cnt); | |
1c99b1d9 | 252 | |
06963d0f | 253 | s = -1; |
2d6dbe29 MP |
254 | /* Try to connect to all addresses for this machine until we get |
255 | * through. It might e.g. be multi-homed, or have both IPv4 and IPv6 | |
256 | * addresses. We need to create a socket for each record, since the | |
257 | * address record tells us what protocol to use to try to connect. */ | |
1c99b1d9 | 258 | for (res = res0, j = 0; res; res = res->ai_next, j++) { |
06963d0f MP |
259 | s = socket(res->ai_family, res->ai_socktype, res->ai_protocol); |
260 | if (s < 0) | |
261 | continue; | |
f0fca04e | 262 | |
4313d6f9 | 263 | if (bind_addr |
a3a84107 | 264 | && try_bind_local(s, res->ai_family, type, |
4313d6f9 | 265 | bind_addr) == -1) { |
a3a84107 WD |
266 | close(s); |
267 | s = -1; | |
268 | continue; | |
269 | } | |
ba22c9e2 WD |
270 | if (connect_timeout > 0) { |
271 | SIGACTION(SIGALRM, contimeout_handler); | |
272 | alarm(connect_timeout); | |
273 | } | |
274 | ||
1c3e6e8b | 275 | set_socket_options(s, sockopts); |
ba22c9e2 WD |
276 | while (connect(s, res->ai_addr, res->ai_addrlen) < 0) { |
277 | if (connect_timeout < 0) | |
278 | exit_cleanup(RERR_CONTIMEOUT); | |
279 | if (errno == EINTR) | |
280 | continue; | |
06963d0f MP |
281 | close(s); |
282 | s = -1; | |
ba22c9e2 | 283 | break; |
06963d0f | 284 | } |
ba22c9e2 WD |
285 | |
286 | if (connect_timeout > 0) | |
287 | alarm(0); | |
288 | ||
1c99b1d9 WD |
289 | if (s < 0) { |
290 | errnos[j] = errno; | |
ba22c9e2 | 291 | continue; |
1c99b1d9 | 292 | } |
ba22c9e2 | 293 | |
e63ff70e | 294 | if (proxied && establish_proxy_connection(s, host, port, proxy_user, proxy_pass) != 0) { |
06963d0f MP |
295 | close(s); |
296 | s = -1; | |
297 | continue; | |
a3a84107 | 298 | } |
7ae666d2 WD |
299 | if (DEBUG_GTE(CONNECT, 2)) { |
300 | char buf[2048]; | |
fb0d4403 | 301 | if ((error = getnameinfo(res->ai_addr, res->ai_addrlen, buf, sizeof buf, NULL, 0, NI_NUMERICHOST)) != 0) |
0a04a80d WD |
302 | snprintf(buf, sizeof buf, "*getnameinfo failure: %s*", gai_strerror(error)); |
303 | rprintf(FINFO, "Connected to %s (%s)\n", h, buf); | |
7ae666d2 | 304 | } |
a3a84107 | 305 | break; |
4c3b4b25 | 306 | } |
1c99b1d9 | 307 | |
7ae666d2 | 308 | if (s < 0 || DEBUG_GTE(CONNECT, 2)) { |
1c99b1d9 WD |
309 | char buf[2048]; |
310 | for (res = res0, j = 0; res; res = res->ai_next, j++) { | |
311 | if (errnos[j] == 0) | |
312 | continue; | |
fb0d4403 | 313 | if ((error = getnameinfo(res->ai_addr, res->ai_addrlen, buf, sizeof buf, NULL, 0, NI_NUMERICHOST)) != 0) |
0a04a80d | 314 | snprintf(buf, sizeof buf, "*getnameinfo failure: %s*", gai_strerror(error)); |
1c99b1d9 WD |
315 | rsyserr(FERROR, errnos[j], "failed to connect to %s (%s)", h, buf); |
316 | } | |
7ae666d2 WD |
317 | if (s < 0) |
318 | s = -1; | |
f0fca04e | 319 | } |
1c99b1d9 | 320 | |
fbf4c261 | 321 | freeaddrinfo(res0); |
1c99b1d9 WD |
322 | free(errnos); |
323 | ||
06963d0f | 324 | return s; |
f0fca04e AT |
325 | } |
326 | ||
327 | ||
292a5c2b | 328 | /* Open an outgoing socket, but allow for it to be intercepted by |
eecd22ff MP |
329 | * $RSYNC_CONNECT_PROG, which will execute a program across a TCP |
330 | * socketpair rather than really opening a socket. | |
331 | * | |
332 | * We use this primarily in testing to detect TCP flow bugs, but not | |
333 | * cause security problems by really opening remote connections. | |
334 | * | |
335 | * This is based on the Samba LIBSMB_PROG feature. | |
06963d0f | 336 | * |
292a5c2b | 337 | * bind_addr: local address to use. Normally NULL to get the stack default. */ |
e63ff70e | 338 | int open_socket_out_wrapped(char *host, int port, const char *bind_addr, int af_hint) |
eecd22ff | 339 | { |
df5cd107 | 340 | char *prog = getenv("RSYNC_CONNECT_PROG"); |
eecd22ff | 341 | |
4eff3051 | 342 | if (prog && strchr(prog, '%')) { |
e5f1a96f WD |
343 | int hlen = strlen(host); |
344 | int len = strlen(prog) + 1; | |
345 | char *f, *t; | |
346 | for (f = prog; *f; f++) { | |
347 | if (*f != '%') | |
348 | continue; | |
349 | /* Compute more than enough room. */ | |
350 | if (f[1] == '%') | |
351 | f++; | |
352 | else | |
353 | len += hlen; | |
354 | } | |
355 | f = prog; | |
11eb67ee | 356 | prog = new_array(char, len); |
e5f1a96f WD |
357 | for (t = prog; *f; f++) { |
358 | if (*f == '%') { | |
359 | switch (*++f) { | |
360 | case '%': | |
361 | /* Just skips the extra '%'. */ | |
362 | break; | |
363 | case 'H': | |
364 | memcpy(t, host, hlen); | |
365 | t += hlen; | |
366 | continue; | |
367 | default: | |
368 | f--; /* pass % through */ | |
369 | break; | |
370 | } | |
371 | } | |
372 | *t++ = *f; | |
373 | } | |
374 | *t = '\0'; | |
375 | } | |
376 | ||
951e826b | 377 | if (DEBUG_GTE(CONNECT, 1)) { |
df5cd107 WD |
378 | rprintf(FINFO, "%sopening tcp connection to %s port %d\n", |
379 | prog ? "Using RSYNC_CONNECT_PROG instead of " : "", | |
380 | host, port); | |
381 | } | |
382 | if (prog) | |
9c07d253 | 383 | return sock_exec(prog); |
4313d6f9 | 384 | return open_socket_out(host, port, bind_addr, af_hint); |
eecd22ff MP |
385 | } |
386 | ||
387 | ||
292a5c2b | 388 | /* Open one or more sockets for incoming data using the specified type, |
2c7d63c7 | 389 | * port, and address. |
06963d0f | 390 | * |
2c7d63c7 WD |
391 | * The getaddrinfo() call may return several address results, e.g. for |
392 | * the machine's IPv4 and IPv6 name. | |
9c07d253 | 393 | * |
2c7d63c7 WD |
394 | * We return an array of file-descriptors to the sockets, with a trailing |
395 | * -1 value to indicate the end of the list. | |
9c07d253 | 396 | * |
292a5c2b | 397 | * bind_addr: local address to bind, or NULL to allow it to default. */ |
4313d6f9 | 398 | static int *open_socket_in(int type, int port, const char *bind_addr, |
b0fd253a | 399 | int af_hint) |
f0fca04e | 400 | { |
2c7d63c7 | 401 | int one = 1; |
5c6d4632 | 402 | int s, *socks, maxs, i, ecnt; |
13e29995 | 403 | struct addrinfo hints, *all_ai, *resp; |
5c6d4632 | 404 | char portbuf[10], **errmsgs; |
06963d0f MP |
405 | int error; |
406 | ||
a3a84107 | 407 | memset(&hints, 0, sizeof hints); |
d5d4b282 | 408 | hints.ai_family = af_hint; |
06963d0f MP |
409 | hints.ai_socktype = type; |
410 | hints.ai_flags = AI_PASSIVE; | |
a3a84107 | 411 | snprintf(portbuf, sizeof portbuf, "%d", port); |
4313d6f9 | 412 | error = getaddrinfo(bind_addr, portbuf, &hints, &all_ai); |
06963d0f | 413 | if (error) { |
7ef6aa64 | 414 | rprintf(FERROR, RSYNC_NAME ": getaddrinfo: bind address %s: %s\n", |
4313d6f9 | 415 | bind_addr, gai_strerror(error)); |
b0fd253a WD |
416 | return NULL; |
417 | } | |
418 | ||
419 | /* Count max number of sockets we might open. */ | |
420 | for (maxs = 0, resp = all_ai; resp; resp = resp->ai_next, maxs++) {} | |
2c7d63c7 | 421 | |
5c6d4632 WD |
422 | socks = new_array(int, maxs + 1); |
423 | errmsgs = new_array(char *, maxs); | |
06963d0f | 424 | |
13e29995 MP |
425 | /* We may not be able to create the socket, if for example the |
426 | * machine knows about IPv6 in the C library, but not in the | |
427 | * kernel. */ | |
5c6d4632 | 428 | for (resp = all_ai, i = ecnt = 0; resp; resp = resp->ai_next) { |
13e29995 MP |
429 | s = socket(resp->ai_family, resp->ai_socktype, |
430 | resp->ai_protocol); | |
431 | ||
b0fd253a | 432 | if (s == -1) { |
5c6d4632 WD |
433 | int r = asprintf(&errmsgs[ecnt++], |
434 | "socket(%d,%d,%d) failed: %s\n", | |
435 | (int)resp->ai_family, (int)resp->ai_socktype, | |
436 | (int)resp->ai_protocol, strerror(errno)); | |
437 | if (r < 0) | |
438 | out_of_memory("open_socket_in"); | |
13e29995 MP |
439 | /* See if there's another address that will work... */ |
440 | continue; | |
b0fd253a | 441 | } |
9c07d253 | 442 | |
13e29995 MP |
443 | setsockopt(s, SOL_SOCKET, SO_REUSEADDR, |
444 | (char *)&one, sizeof one); | |
1c3e6e8b WD |
445 | if (sockopts) |
446 | set_socket_options(s, sockopts); | |
447 | else | |
448 | set_socket_options(s, lp_socket_options()); | |
9c07d253 | 449 | |
b0fd253a WD |
450 | #ifdef IPV6_V6ONLY |
451 | if (resp->ai_family == AF_INET6) { | |
e63ff70e WD |
452 | if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, (char *)&one, sizeof one) < 0 |
453 | && default_af_hint != AF_INET6) { | |
dcd08dc5 WD |
454 | close(s); |
455 | continue; | |
456 | } | |
b0fd253a WD |
457 | } |
458 | #endif | |
459 | ||
e028b9ff WD |
460 | /* Now we've got a socket - we need to bind it. */ |
461 | if (bind(s, resp->ai_addr, resp->ai_addrlen) < 0) { | |
13e29995 | 462 | /* Nope, try another */ |
5c6d4632 | 463 | int r = asprintf(&errmsgs[ecnt++], |
e2d774cd WD |
464 | "bind() failed: %s (address-family %d)\n", |
465 | strerror(errno), (int)resp->ai_family); | |
5c6d4632 WD |
466 | if (r < 0) |
467 | out_of_memory("open_socket_in"); | |
13e29995 MP |
468 | close(s); |
469 | continue; | |
b8771f96 | 470 | } |
e23d790f | 471 | |
2c7d63c7 | 472 | socks[i++] = s; |
f0fca04e | 473 | } |
2c7d63c7 | 474 | socks[i] = -1; |
f0fca04e | 475 | |
b0fd253a WD |
476 | if (all_ai) |
477 | freeaddrinfo(all_ai); | |
b8771f96 | 478 | |
5c6d4632 WD |
479 | /* Only output the socket()/bind() messages if we were totally |
480 | * unsuccessful, or if the daemon is being run with -vv. */ | |
481 | for (s = 0; s < ecnt; s++) { | |
951e826b | 482 | if (!i || DEBUG_GTE(BIND, 1)) |
332cf6df | 483 | rwrite(FLOG, errmsgs[s], strlen(errmsgs[s]), 0); |
5c6d4632 WD |
484 | free(errmsgs[s]); |
485 | } | |
486 | free(errmsgs); | |
487 | ||
2c7d63c7 | 488 | if (!i) { |
b0fd253a | 489 | rprintf(FERROR, |
2c7d63c7 WD |
490 | "unable to bind any inbound sockets on port %d\n", |
491 | port); | |
b0fd253a WD |
492 | free(socks); |
493 | return NULL; | |
494 | } | |
495 | return socks; | |
f0fca04e AT |
496 | } |
497 | ||
498 | ||
292a5c2b | 499 | /* Determine if a file descriptor is in fact a socket. */ |
f0fca04e AT |
500 | int is_a_socket(int fd) |
501 | { | |
ac2a1a44 | 502 | int v; |
a3a84107 WD |
503 | socklen_t l = sizeof (int); |
504 | ||
505 | /* Parameters to getsockopt, setsockopt etc are very | |
506 | * unstandardized across platforms, so don't be surprised if | |
507 | * there are compiler warnings on e.g. SCO OpenSwerver or AIX. | |
508 | * It seems they all eventually get the right idea. | |
509 | * | |
510 | * Debian says: ``The fifth argument of getsockopt and | |
511 | * setsockopt is in reality an int [*] (and this is what BSD | |
512 | * 4.* and libc4 and libc5 have). Some POSIX confusion | |
513 | * resulted in the present socklen_t. The draft standard has | |
514 | * not been adopted yet, but glibc2 already follows it and | |
515 | * also has socklen_t [*]. See also accept(2).'' | |
516 | * | |
517 | * We now return to your regularly scheduled programming. */ | |
9c07d253 | 518 | return getsockopt(fd, SOL_SOCKET, SO_TYPE, (char *)&v, &l) == 0; |
f0fca04e AT |
519 | } |
520 | ||
521 | ||
23afe207 | 522 | static void sigchld_handler(UNUSED(int val)) |
067669da | 523 | { |
ca20c7fd WD |
524 | #ifdef WNOHANG |
525 | while (waitpid(-1, NULL, WNOHANG) > 0) {} | |
526 | #endif | |
44e604f4 | 527 | #ifndef HAVE_SIGACTION |
cb984e62 | 528 | signal(SIGCHLD, sigchld_handler); |
2b28968d | 529 | #endif |
ca20c7fd WD |
530 | } |
531 | ||
532 | ||
39993af5 | 533 | void start_accept_loop(int port, int (*fn)(int, int)) |
f0fca04e | 534 | { |
b0fd253a | 535 | fd_set deffds; |
d8d36af4 | 536 | int *sp, maxfd, i; |
f0fca04e | 537 | |
44e604f4 | 538 | #ifdef HAVE_SIGACTION |
2b28968d WD |
539 | sigact.sa_flags = SA_NOCLDSTOP; |
540 | #endif | |
541 | ||
f0fca04e | 542 | /* open an incoming socket */ |
b0fd253a WD |
543 | sp = open_socket_in(SOCK_STREAM, port, bind_address, default_af_hint); |
544 | if (sp == NULL) | |
65417579 | 545 | exit_cleanup(RERR_SOCKETIO); |
f0fca04e AT |
546 | |
547 | /* ready to listen */ | |
b0fd253a | 548 | FD_ZERO(&deffds); |
2c7d63c7 | 549 | for (i = 0, maxfd = -1; sp[i] >= 0; i++) { |
050e5334 | 550 | if (listen(sp[i], lp_listen_backlog()) < 0) { |
d62bcc17 | 551 | rsyserr(FERROR, errno, "listen() on socket failed"); |
4f5b0756 | 552 | #ifdef INET6 |
2c7d63c7 | 553 | if (errno == EADDRINUSE && i > 0) { |
e63ff70e | 554 | rprintf(FINFO, "Try using --ipv4 or --ipv6 to avoid this listen() error.\n"); |
2c7d63c7 WD |
555 | } |
556 | #endif | |
b0fd253a WD |
557 | exit_cleanup(RERR_SOCKETIO); |
558 | } | |
559 | FD_SET(sp[i], &deffds); | |
560 | if (maxfd < sp[i]) | |
561 | maxfd = sp[i]; | |
f0fca04e AT |
562 | } |
563 | ||
f0fca04e | 564 | /* now accept incoming connections - forking a new process |
a3a84107 | 565 | * for each incoming connection */ |
f0fca04e AT |
566 | while (1) { |
567 | fd_set fds; | |
c4a5c57d | 568 | pid_t pid; |
f0fca04e | 569 | int fd; |
2d6dbe29 | 570 | struct sockaddr_storage addr; |
d54765c4 | 571 | socklen_t addrlen = sizeof addr; |
f0fca04e | 572 | |
15b84e14 | 573 | /* close log file before the potentially very long select so |
a3a84107 WD |
574 | * file can be trimmed by another process instead of growing |
575 | * forever */ | |
8ee6adef | 576 | logfile_close(); |
45a83540 | 577 | |
b0fd253a WD |
578 | #ifdef FD_COPY |
579 | FD_COPY(&deffds, &fds); | |
580 | #else | |
581 | fds = deffds; | |
582 | #endif | |
f0fca04e | 583 | |
bb499bd7 | 584 | if (select(maxfd + 1, &fds, NULL, NULL, NULL) < 1) |
9c07d253 | 585 | continue; |
f0fca04e | 586 | |
2c7d63c7 | 587 | for (i = 0, fd = -1; sp[i] >= 0; i++) { |
b0fd253a | 588 | if (FD_ISSET(sp[i], &fds)) { |
e63ff70e | 589 | fd = accept(sp[i], (struct sockaddr *)&addr, &addrlen); |
b0fd253a WD |
590 | break; |
591 | } | |
592 | } | |
f0fca04e | 593 | |
b0fd253a | 594 | if (fd < 0) |
9c07d253 | 595 | continue; |
f0fca04e | 596 | |
2b28968d | 597 | SIGACTION(SIGCHLD, sigchld_handler); |
31f440e6 | 598 | |
c4a5c57d | 599 | if ((pid = fork()) == 0) { |
9f639210 | 600 | int ret; |
b177311a WD |
601 | if (pid_file_fd >= 0) |
602 | close(pid_file_fd); | |
2c7d63c7 WD |
603 | for (i = 0; sp[i] >= 0; i++) |
604 | close(sp[i]); | |
1da05366 | 605 | /* Re-open log file in child before possibly giving |
8ee6adef WD |
606 | * up privileges (see logfile_close() above). */ |
607 | logfile_reopen(); | |
9f639210 DD |
608 | ret = fn(fd, fd); |
609 | close_all(); | |
610 | _exit(ret); | |
c4a5c57d | 611 | } else if (pid < 0) { |
d62bcc17 WD |
612 | rsyserr(FERROR, errno, |
613 | "could not create child server process"); | |
c4a5c57d MP |
614 | close(fd); |
615 | /* This might have happened because we're | |
616 | * overloaded. Sleep briefly before trying to | |
617 | * accept again. */ | |
618 | sleep(2); | |
bd37c666 | 619 | } else { |
79845f28 | 620 | /* Parent doesn't need this fd anymore. */ |
bd37c666 | 621 | close(fd); |
f0fca04e | 622 | } |
f0fca04e | 623 | } |
f0fca04e AT |
624 | } |
625 | ||
626 | ||
627 | enum SOCK_OPT_TYPES {OPT_BOOL,OPT_INT,OPT_ON}; | |
628 | ||
629 | struct | |
630 | { | |
631 | char *name; | |
632 | int level; | |
633 | int option; | |
634 | int value; | |
635 | int opttype; | |
636 | } socket_options[] = { | |
637 | {"SO_KEEPALIVE", SOL_SOCKET, SO_KEEPALIVE, 0, OPT_BOOL}, | |
638 | {"SO_REUSEADDR", SOL_SOCKET, SO_REUSEADDR, 0, OPT_BOOL}, | |
0a77adee | 639 | #ifdef SO_BROADCAST |
f0fca04e | 640 | {"SO_BROADCAST", SOL_SOCKET, SO_BROADCAST, 0, OPT_BOOL}, |
0a77adee | 641 | #endif |
f0fca04e AT |
642 | #ifdef TCP_NODELAY |
643 | {"TCP_NODELAY", IPPROTO_TCP, TCP_NODELAY, 0, OPT_BOOL}, | |
644 | #endif | |
645 | #ifdef IPTOS_LOWDELAY | |
646 | {"IPTOS_LOWDELAY", IPPROTO_IP, IP_TOS, IPTOS_LOWDELAY, OPT_ON}, | |
647 | #endif | |
648 | #ifdef IPTOS_THROUGHPUT | |
649 | {"IPTOS_THROUGHPUT", IPPROTO_IP, IP_TOS, IPTOS_THROUGHPUT, OPT_ON}, | |
650 | #endif | |
651 | #ifdef SO_SNDBUF | |
652 | {"SO_SNDBUF", SOL_SOCKET, SO_SNDBUF, 0, OPT_INT}, | |
653 | #endif | |
654 | #ifdef SO_RCVBUF | |
655 | {"SO_RCVBUF", SOL_SOCKET, SO_RCVBUF, 0, OPT_INT}, | |
656 | #endif | |
657 | #ifdef SO_SNDLOWAT | |
658 | {"SO_SNDLOWAT", SOL_SOCKET, SO_SNDLOWAT, 0, OPT_INT}, | |
659 | #endif | |
660 | #ifdef SO_RCVLOWAT | |
661 | {"SO_RCVLOWAT", SOL_SOCKET, SO_RCVLOWAT, 0, OPT_INT}, | |
662 | #endif | |
663 | #ifdef SO_SNDTIMEO | |
664 | {"SO_SNDTIMEO", SOL_SOCKET, SO_SNDTIMEO, 0, OPT_INT}, | |
665 | #endif | |
666 | #ifdef SO_RCVTIMEO | |
667 | {"SO_RCVTIMEO", SOL_SOCKET, SO_RCVTIMEO, 0, OPT_INT}, | |
668 | #endif | |
292a5c2b WD |
669 | {NULL,0,0,0,0} |
670 | }; | |
9c07d253 | 671 | |
f0fca04e | 672 | |
292a5c2b | 673 | /* Set user socket options. */ |
f0fca04e AT |
674 | void set_socket_options(int fd, char *options) |
675 | { | |
676 | char *tok; | |
9c07d253 WD |
677 | |
678 | if (!options || !*options) | |
679 | return; | |
a6801c39 | 680 | |
f0fca04e | 681 | options = strdup(options); |
f0fca04e | 682 | |
9c07d253 | 683 | for (tok = strtok(options, " \t,"); tok; tok = strtok(NULL," \t,")) { |
f0fca04e AT |
684 | int ret=0,i; |
685 | int value = 1; | |
686 | char *p; | |
687 | int got_value = 0; | |
688 | ||
689 | if ((p = strchr(tok,'='))) { | |
690 | *p = 0; | |
691 | value = atoi(p+1); | |
692 | got_value = 1; | |
693 | } | |
694 | ||
9c07d253 | 695 | for (i = 0; socket_options[i].name; i++) { |
f0fca04e AT |
696 | if (strcmp(socket_options[i].name,tok)==0) |
697 | break; | |
9c07d253 | 698 | } |
f0fca04e AT |
699 | |
700 | if (!socket_options[i].name) { | |
701 | rprintf(FERROR,"Unknown socket option %s\n",tok); | |
702 | continue; | |
703 | } | |
704 | ||
705 | switch (socket_options[i].opttype) { | |
706 | case OPT_BOOL: | |
707 | case OPT_INT: | |
708 | ret = setsockopt(fd,socket_options[i].level, | |
a3a84107 WD |
709 | socket_options[i].option, |
710 | (char *)&value, sizeof (int)); | |
f0fca04e | 711 | break; |
9c07d253 | 712 | |
f0fca04e AT |
713 | case OPT_ON: |
714 | if (got_value) | |
4ccfd96c | 715 | rprintf(FERROR,"syntax error -- %s does not take a value\n",tok); |
f0fca04e AT |
716 | |
717 | { | |
718 | int on = socket_options[i].value; | |
719 | ret = setsockopt(fd,socket_options[i].level, | |
a3a84107 WD |
720 | socket_options[i].option, |
721 | (char *)&on, sizeof (int)); | |
f0fca04e | 722 | } |
9c07d253 | 723 | break; |
f0fca04e | 724 | } |
9c07d253 | 725 | |
d62bcc17 WD |
726 | if (ret != 0) { |
727 | rsyserr(FERROR, errno, | |
728 | "failed to set socket option %s", tok); | |
729 | } | |
f0fca04e AT |
730 | } |
731 | ||
732 | free(options); | |
733 | } | |
734 | ||
eecd22ff | 735 | |
292a5c2b WD |
736 | /* This is like socketpair but uses tcp. The function guarantees that nobody |
737 | * else can attach to the socket, or if they do that this function fails and | |
738 | * the socket gets closed. Returns 0 on success, -1 on failure. The resulting | |
739 | * file descriptors are symmetrical. Currently only for RSYNC_CONNECT_PROG. */ | |
eecd22ff MP |
740 | static int socketpair_tcp(int fd[2]) |
741 | { | |
742 | int listener; | |
743 | struct sockaddr_in sock; | |
744 | struct sockaddr_in sock2; | |
a3a84107 | 745 | socklen_t socklen = sizeof sock; |
eb8ffa90 | 746 | int connect_done = 0; |
9c07d253 | 747 | |
eecd22ff MP |
748 | fd[0] = fd[1] = listener = -1; |
749 | ||
a3a84107 | 750 | memset(&sock, 0, sizeof sock); |
9c07d253 WD |
751 | |
752 | if ((listener = socket(PF_INET, SOCK_STREAM, 0)) == -1) | |
753 | goto failed; | |
eecd22ff | 754 | |
a3a84107 | 755 | memset(&sock2, 0, sizeof sock2); |
4f5b0756 | 756 | #ifdef HAVE_SOCKADDR_IN_LEN |
a3a84107 | 757 | sock2.sin_len = sizeof sock2; |
eecd22ff | 758 | #endif |
a3a84107 | 759 | sock2.sin_family = PF_INET; |
292a5c2b | 760 | sock2.sin_addr.s_addr = htonl(INADDR_LOOPBACK); |
eecd22ff | 761 | |
292a5c2b WD |
762 | if (bind(listener, (struct sockaddr *)&sock2, sizeof sock2) != 0 |
763 | || listen(listener, 1) != 0 | |
764 | || getsockname(listener, (struct sockaddr *)&sock, &socklen) != 0 | |
765 | || (fd[1] = socket(PF_INET, SOCK_STREAM, 0)) == -1) | |
9c07d253 | 766 | goto failed; |
eecd22ff MP |
767 | |
768 | set_nonblocking(fd[1]); | |
769 | ||
770 | sock.sin_addr.s_addr = htonl(INADDR_LOOPBACK); | |
771 | ||
a3a84107 | 772 | if (connect(fd[1], (struct sockaddr *)&sock, sizeof sock) == -1) { |
9c07d253 WD |
773 | if (errno != EINPROGRESS) |
774 | goto failed; | |
775 | } else | |
eecd22ff | 776 | connect_done = 1; |
eecd22ff | 777 | |
292a5c2b | 778 | if ((fd[0] = accept(listener, (struct sockaddr *)&sock2, &socklen)) == -1) |
9c07d253 | 779 | goto failed; |
eecd22ff MP |
780 | |
781 | close(listener); | |
ab217f7f WD |
782 | listener = -1; |
783 | ||
784 | set_blocking(fd[1]); | |
785 | ||
eecd22ff | 786 | if (connect_done == 0) { |
e63ff70e | 787 | if (connect(fd[1], (struct sockaddr *)&sock, sizeof sock) != 0 && errno != EISCONN) |
9c07d253 | 788 | goto failed; |
eecd22ff MP |
789 | } |
790 | ||
eecd22ff MP |
791 | /* all OK! */ |
792 | return 0; | |
793 | ||
794 | failed: | |
9c07d253 WD |
795 | if (fd[0] != -1) |
796 | close(fd[0]); | |
797 | if (fd[1] != -1) | |
798 | close(fd[1]); | |
799 | if (listener != -1) | |
800 | close(listener); | |
eecd22ff MP |
801 | return -1; |
802 | } | |
803 | ||
804 | ||
292a5c2b WD |
805 | /* Run a program on a local tcp socket, so that we can talk to it's stdin and |
806 | * stdout. This is used to fake a connection to a daemon for testing -- not | |
807 | * for the normal case of running SSH. | |
d02984bb | 808 | * |
3ba4db70 | 809 | * Returns a socket which is attached to a subprocess running "prog". stdin and |
292a5c2b WD |
810 | * stdout are attached. stderr is left attached to the original stderr. */ |
811 | static int sock_exec(const char *prog) | |
eecd22ff | 812 | { |
94112924 | 813 | pid_t pid; |
eecd22ff | 814 | int fd[2]; |
9c07d253 | 815 | |
eecd22ff | 816 | if (socketpair_tcp(fd) != 0) { |
d62bcc17 | 817 | rsyserr(FERROR, errno, "socketpair_tcp failed"); |
eecd22ff MP |
818 | return -1; |
819 | } | |
951e826b | 820 | if (DEBUG_GTE(CMD, 1)) |
df5cd107 | 821 | rprintf(FINFO, "Running socket program: \"%s\"\n", prog); |
94112924 WD |
822 | |
823 | pid = fork(); | |
824 | if (pid < 0) { | |
825 | rsyserr(FERROR, errno, "fork"); | |
826 | exit_cleanup(RERR_IPC); | |
827 | } | |
828 | ||
829 | if (pid == 0) { | |
eecd22ff | 830 | close(fd[0]); |
94112924 WD |
831 | if (dup2(fd[1], STDIN_FILENO) < 0 |
832 | || dup2(fd[1], STDOUT_FILENO) < 0) { | |
833 | fprintf(stderr, "Failed to run \"%s\"\n", prog); | |
834 | exit(1); | |
835 | } | |
5df9847f | 836 | exit(shell_exec(prog)); |
eecd22ff | 837 | } |
94112924 | 838 | |
9c07d253 | 839 | close(fd[1]); |
eecd22ff MP |
840 | return fd[0]; |
841 | } |