1 /* $NetBSD: bl.c,v 1.27 2015/12/30 16:42:48 christos Exp $ */
4 * Copyright (c) 2014 The NetBSD Foundation, Inc.
7 * This code is derived from software contributed to The NetBSD Foundation
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 * POSSIBILITY OF SUCH DAMAGE.
35 #include <sys/cdefs.h>
36 __RCSID("$NetBSD: bl.c,v 1.27 2015/12/30 16:42:48 christos Exp $");
38 #include <sys/param.h>
39 #include <sys/types.h>
40 #include <sys/socket.h>
55 #include <netinet/in.h>
67 struct sockaddr_storage bl_ss;
73 pthread_mutex_t b_mutex;
74 # define BL_INIT(b) pthread_mutex_init(&b->b_mutex, NULL)
75 # define BL_LOCK(b) pthread_mutex_lock(&b->b_mutex)
76 # define BL_UNLOCK(b) pthread_mutex_unlock(&b->b_mutex)
78 # define BL_INIT(b) do {} while(/*CONSTCOND*/0)
79 # define BL_LOCK(b) BL_INIT(b)
80 # define BL_UNLOCK(b) BL_INIT(b)
84 struct sockaddr_un b_sun;
85 void (*b_fun)(int, const char *, va_list);
92 bl_isconnected(bl_t b)
94 return b->b_connected == 0;
104 bl_reset(bl_t b, bool locked)
118 bl_log(void (*fun)(int, const char *, va_list), int level,
119 const char *fmt, ...)
125 (*fun)(level, fmt, ap);
131 bl_init(bl_t b, bool srv)
134 /* AF_UNIX address of local logger */
137 struct sockaddr_un *sun = &b->b_sun;
139 #ifndef SOCK_NONBLOCK
140 #define SOCK_NONBLOCK 0
143 #define SOCK_CLOEXEC 0
145 #ifndef SOCK_NOSIGPIPE
146 #define SOCK_NOSIGPIPE 0
152 b->b_fd = socket(PF_LOCAL,
153 SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK|SOCK_NOSIGPIPE, 0);
155 bl_log(b->b_fun, LOG_ERR, "%s: socket failed (%s)",
156 __func__, strerror(errno));
160 #if SOCK_CLOEXEC == 0
161 fcntl(b->b_fd, F_SETFD, FD_CLOEXEC);
163 #if SOCK_NONBLOCK == 0
164 fcntl(b->b_fd, F_SETFL, fcntl(b->b_fd, F_GETFL) | O_NONBLOCK);
166 #if SOCK_NOSIGPIPE == 0
169 setsockopt(b->b_fd, SOL_SOCKET, SO_NOSIGPIPE, &o, sizeof(o));
171 signal(SIGPIPE, SIG_IGN);
176 if (bl_isconnected(b)) {
182 * We try to connect anyway even when we are a server to verify
183 * that no other server is listening to the socket. If we succeed
184 * to connect and we are a server, someone else owns it.
186 rv = connect(b->b_fd, (const void *)sun, (socklen_t)sizeof(*sun));
189 bl_log(b->b_fun, LOG_ERR,
190 "%s: another daemon is handling `%s'",
191 __func__, sun->sun_path);
197 * If the daemon is not running, we just try a
198 * connect, so leave the socket alone until it does
201 if (b->b_connected != 1) {
202 bl_log(b->b_fun, LOG_DEBUG,
203 "%s: connect failed for `%s' (%s)",
204 __func__, sun->sun_path, strerror(errno));
210 bl_log(b->b_fun, LOG_DEBUG, "Connected to blacklist server",
215 (void)unlink(sun->sun_path);
217 rv = bind(b->b_fd, (const void *)sun, (socklen_t)sizeof(*sun));
222 bl_log(b->b_fun, LOG_ERR,
223 "%s: bind failed for `%s' (%s)",
224 __func__, sun->sun_path, strerror(errno));
231 #if defined(LOCAL_CREDS)
233 #define CRED_NAME LOCAL_CREDS
234 #define CRED_SC_UID sc_euid
235 #define CRED_SC_GID sc_egid
236 #define CRED_MESSAGE SCM_CREDS
237 #define CRED_SIZE SOCKCREDSIZE(NGROUPS_MAX)
238 #define CRED_TYPE struct sockcred
240 #elif defined(SO_PASSCRED)
241 #define CRED_LEVEL SOL_SOCKET
242 #define CRED_NAME SO_PASSCRED
243 #define CRED_SC_UID uid
244 #define CRED_SC_GID gid
245 #define CRED_MESSAGE SCM_CREDENTIALS
246 #define CRED_SIZE sizeof(struct ucred)
247 #define CRED_TYPE struct ucred
252 * getpeereid() and LOCAL_PEERCRED don't help here
253 * because we are not a stream socket!
256 #define CRED_TYPE void * __unused
260 if (setsockopt(b->b_fd, CRED_LEVEL, CRED_NAME,
261 &one, (socklen_t)sizeof(one)) == -1) {
262 bl_log(b->b_fun, LOG_ERR, "%s: setsockopt %s "
263 "failed (%s)", __func__, __STRING(CRED_NAME),
278 bl_create(bool srv, const char *path, void (*fun)(int, const char *, va_list))
280 bl_t b = calloc(1, sizeof(*b));
283 b->b_fun = fun == NULL ? vsyslog : fun;
288 memset(&b->b_sun, 0, sizeof(b->b_sun));
289 b->b_sun.sun_family = AF_LOCAL;
290 #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
291 b->b_sun.sun_len = sizeof(b->b_sun);
293 strlcpy(b->b_sun.sun_path,
294 path ? path : _PATH_BLSOCK, sizeof(b->b_sun.sun_path));
300 bl_log(fun, LOG_ERR, "%s: malloc failed (%s)", __func__,
313 bl_getsock(bl_t b, struct sockaddr_storage *ss, const struct sockaddr *sa,
314 socklen_t slen, const char *ctx)
318 memset(ss, 0, sizeof(*ss));
323 case sizeof(struct sockaddr_in):
326 case sizeof(struct sockaddr_in6):
330 bl_log(b->b_fun, LOG_ERR, "%s: invalid socket len %u (%s)",
331 __func__, (unsigned)slen, ctx);
336 memcpy(ss, sa, slen);
338 if (ss->ss_family != family) {
339 bl_log(b->b_fun, LOG_INFO,
340 "%s: correcting socket family %d to %d (%s)",
341 __func__, ss->ss_family, family, ctx);
342 ss->ss_family = family;
345 #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
346 if (ss->ss_len != slen) {
347 bl_log(b->b_fun, LOG_INFO,
348 "%s: correcting socket len %u to %u (%s)",
349 __func__, ss->ss_len, (unsigned)slen, ctx);
350 ss->ss_len = (uint8_t)slen;
357 bl_send(bl_t b, bl_type_t e, int pfd, const struct sockaddr *sa,
358 socklen_t slen, const char *ctx)
363 char ctrl[CMSG_SPACE(sizeof(int))];
366 struct cmsghdr *cmsg;
371 size_t ctxlen, tried;
374 ctxlen = strlen(ctx);
378 iov.iov_base = ub.buf;
379 iov.iov_len = sizeof(bl_message_t) + ctxlen;
380 ub.bl.bl_len = (uint32_t)iov.iov_len;
381 ub.bl.bl_version = BL_VERSION;
382 ub.bl.bl_type = (uint32_t)e;
384 if (bl_getsock(b, &ub.bl.bl_ss, sa, slen, ctx) == -1)
388 ub.bl.bl_salen = slen;
389 memcpy(ub.bl.bl_data, ctx, ctxlen);
397 msg.msg_control = ua.ctrl;
398 msg.msg_controllen = sizeof(ua.ctrl);
400 cmsg = CMSG_FIRSTHDR(&msg);
401 cmsg->cmsg_len = CMSG_LEN(sizeof(int));
402 cmsg->cmsg_level = SOL_SOCKET;
403 cmsg->cmsg_type = SCM_RIGHTS;
405 memcpy(CMSG_DATA(cmsg), &pfd, sizeof(pfd));
409 if (bl_init(b, false) == -1)
412 if ((sendmsg(b->b_fd, &msg, 0) == -1) && tried++ < NTRIES) {
416 return tried >= NTRIES ? -1 : 0;
425 char ctrl[CMSG_SPACE(sizeof(int)) + CMSG_SPACE(CRED_SIZE)];
429 struct cmsghdr *cmsg;
437 bl_info_t *bi = &b->b_info;
440 memset(bi, 0, sizeof(*bi));
442 iov.iov_base = ub.buf;
443 iov.iov_len = sizeof(ub);
451 msg.msg_control = ua.ctrl;
452 msg.msg_controllen = sizeof(ua.ctrl) + 100;
454 rlen = recvmsg(b->b_fd, &msg, 0);
456 bl_log(b->b_fun, LOG_ERR, "%s: recvmsg failed (%s)", __func__,
461 for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
462 if (cmsg->cmsg_level != SOL_SOCKET) {
463 bl_log(b->b_fun, LOG_ERR,
464 "%s: unexpected cmsg_level %d",
465 __func__, cmsg->cmsg_level);
468 switch (cmsg->cmsg_type) {
470 if (cmsg->cmsg_len != CMSG_LEN(sizeof(int))) {
471 bl_log(b->b_fun, LOG_ERR,
472 "%s: unexpected cmsg_len %d != %zu",
473 __func__, cmsg->cmsg_len,
474 CMSG_LEN(2 * sizeof(int)));
477 memcpy(&bi->bi_fd, CMSG_DATA(cmsg), sizeof(bi->bi_fd));
482 sc = (void *)CMSG_DATA(cmsg);
483 bi->bi_uid = sc->CRED_SC_UID;
484 bi->bi_gid = sc->CRED_SC_GID;
489 bl_log(b->b_fun, LOG_ERR,
490 "%s: unexpected cmsg_type %d",
491 __func__, cmsg->cmsg_type);
497 if (got != (GOT_CRED|GOT_FD)) {
498 bl_log(b->b_fun, LOG_ERR, "message missing %s %s",
500 (got & GOT_CRED) == 0 ? "cred" :
502 "", (got & GOT_FD) == 0 ? "fd" : "");
507 if ((size_t)rlen <= sizeof(ub.bl)) {
508 bl_log(b->b_fun, LOG_ERR, "message too short %zd", rlen);
512 if (ub.bl.bl_version != BL_VERSION) {
513 bl_log(b->b_fun, LOG_ERR, "bad version %d", ub.bl.bl_version);
517 bi->bi_type = ub.bl.bl_type;
518 bi->bi_slen = ub.bl.bl_salen;
519 bi->bi_ss = ub.bl.bl_ss;
524 strlcpy(bi->bi_msg, ub.bl.bl_data, MIN(sizeof(bi->bi_msg),
525 ((size_t)rlen - sizeof(ub.bl) + 1)));