diff options
Diffstat (limited to 'listen.c')
| -rw-r--r-- | listen.c | 208 |
1 files changed, 0 insertions, 208 deletions
diff --git a/listen.c b/listen.c deleted file mode 100644 index 727a1e1..0000000 --- a/listen.c +++ /dev/null @@ -1,208 +0,0 @@ -/* Copyright (C) 2019 C. McEnroe <june@causal.agency> - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see <https://www.gnu.org/licenses/>. - */ - -#include <err.h> -#include <errno.h> -#include <fcntl.h> -#include <limits.h> -#include <netdb.h> -#include <netinet/in.h> -#include <stdbool.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <sys/socket.h> -#include <sys/stat.h> -#include <sys/un.h> -#include <sysexits.h> -#include <tls.h> -#include <unistd.h> - -#ifdef __FreeBSD__ -#include <sys/capsicum.h> -#endif - -#include "bounce.h" - -static struct tls *server; - -static byte *readFile(size_t *len, FILE *file) { - struct stat stat; - int error = fstat(fileno(file), &stat); - if (error) err(EX_IOERR, "fstat"); - - byte *buf = malloc(stat.st_size); - if (!buf) err(EX_OSERR, "malloc"); - - *len = fread(buf, 1, stat.st_size, file); - if (ferror(file)) err(EX_IOERR, "fread"); - - return buf; -} - -void listenConfig(FILE *cert, FILE *priv) { - tls_free(server); - server = tls_server(); - if (!server) errx(EX_SOFTWARE, "tls_server"); - - struct tls_config *config = tls_config_new(); - if (!config) errx(EX_SOFTWARE, "tls_config_new"); - - size_t len; - byte *buf = readFile(&len, cert); - int error = tls_config_set_cert_mem(config, buf, len); - if (error) { - errx(EX_CONFIG, "tls_config_set_cert_mem: %s", tls_config_error(config)); - } - free(buf); - - buf = readFile(&len, priv); - error = tls_config_set_key_mem(config, buf, len); - if (error) { - errx(EX_CONFIG, "tls_config_set_key_mem: %s", tls_config_error(config)); - } - free(buf); - - error = tls_configure(server, config); - if (error) errx(EX_SOFTWARE, "tls_configure: %s", tls_error(server)); - tls_config_free(config); -} - -size_t listenBind(int fds[], size_t cap, const char *host, const char *port) { - struct addrinfo *head; - struct addrinfo hints = { - .ai_family = AF_UNSPEC, - .ai_socktype = SOCK_STREAM, - .ai_protocol = IPPROTO_TCP, - }; - int error = getaddrinfo(host, port, &hints, &head); - if (error) errx(EX_NOHOST, "%s:%s: %s", host, port, gai_strerror(error)); - - size_t len = 0; - for (struct addrinfo *ai = head; ai && len < cap; ai = ai->ai_next) { - fds[len] = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); - if (fds[len] < 0) err(EX_OSERR, "socket"); - - int yes = 1; - error = setsockopt(fds[len], SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes)); - if (error) err(EX_OSERR, "setsockopt"); - - error = bind(fds[len], ai->ai_addr, ai->ai_addrlen); - if (error) { - warn("%s:%s", host, port); - close(fds[len]); - continue; - } - - len++; - } - freeaddrinfo(head); - - if (!len) errx(EX_UNAVAILABLE, "could not bind any sockets"); - return len; -} - -static bool unix; -static int unixDir = -1; -static char unixFile[PATH_MAX]; - -static void unixUnlink(void) { - int error = unlinkat(unixDir, unixFile, 0); - if (error) warn("unlinkat"); -} - -size_t listenUnix(int fds[], size_t cap, const char *path) { - if (!cap) return 0; - - int sock = socket(PF_UNIX, SOCK_STREAM, 0); - if (sock < 0) err(EX_OSERR, "socket"); - - struct sockaddr_un addr = { .sun_family = AF_UNIX }; - if (strlen(path) > sizeof(addr.sun_path)) { - errx(EX_CONFIG, "path too long: %s", path); - } - strncpy(addr.sun_path, path, sizeof(addr.sun_path)); - - int error = bind(sock, (struct sockaddr *)&addr, SUN_LEN(&addr)); - if (error) err(EX_UNAVAILABLE, "%s", path); - - char dir[PATH_MAX] = "."; - const char *base = strrchr(path, '/'); - if (base) { - snprintf(dir, sizeof(dir), "%.*s", (int)(base - path), path); - base++; - } else { - base = path; - } - snprintf(unixFile, sizeof(unixFile), "%s", base); - - unixDir = open(dir, O_DIRECTORY); - if (unixDir < 0) err(EX_UNAVAILABLE, "%s", dir); - atexit(unixUnlink); - -#ifdef __FreeBSD__ - cap_rights_t rights; - error = cap_rights_limit(unixDir, cap_rights_init(&rights, CAP_UNLINKAT)); - if (error) err(EX_OSERR, "cap_rights_limit"); -#endif - - unix = true; - fds[0] = sock; - return 1; -} - -static int recvfd(int sock) { - size_t len = CMSG_SPACE(sizeof(int)); - char buf[len]; - - char x; - struct iovec iov = { .iov_base = &x, .iov_len = 1 }; - struct msghdr msg = { - .msg_iov = &iov, - .msg_iovlen = 1, - .msg_control = buf, - .msg_controllen = len, - }; - if (0 > recvmsg(sock, &msg, 0)) return -1; - - struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg); - if (!cmsg || cmsg->cmsg_type != SCM_RIGHTS) { - errno = ENOMSG; - return -1; - } - return *(int *)CMSG_DATA(cmsg); -} - -struct tls *listenAccept(int *fd, int bind) { - *fd = accept(bind, NULL, NULL); - if (*fd < 0) err(EX_IOERR, "accept"); - - if (unix) { - int sent = recvfd(*fd); - if (sent < 0) err(EX_IOERR, "recvfd"); - close(*fd); - *fd = sent; - } - - int yes = 1; - int error = setsockopt(*fd, SOL_SOCKET, SO_NOSIGPIPE, &yes, sizeof(yes)); - if (error) err(EX_OSERR, "setsockopt"); - - struct tls *client; - error = tls_accept_socket(server, &client, *fd); - if (error) errx(EX_SOFTWARE, "tls_accept_socket: %s", tls_error(server)); - return client; -} |