2 * Amanda, The Advanced Maryland Automatic Network Disk Archiver
3 * Copyright (c) 1991-1999 University of Maryland at College Park
4 * Copyright (c) 2007-2012 Zmanda, Inc. All Rights Reserved.
7 * Permission to use, copy, modify, distribute, and sell this software and its
8 * documentation for any purpose is hereby granted without fee, provided that
9 * the above copyright notice appear in all copies and that both that
10 * copyright notice and this permission notice appear in supporting
11 * documentation, and that the name of U.M. not be used in advertising or
12 * publicity pertaining to distribution of the software without specific,
13 * written prior permission. U.M. makes no representations about the
14 * suitability of this software for any purpose. It is provided "as is"
15 * without express or implied warranty.
17 * U.M. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL U.M.
19 * BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
20 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
21 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
22 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
24 * Authors: the Amanda Development Team. Its members are listed in a
25 * file named AUTHORS, in the root directory of this distribution.
28 * $Id: bsdudp-security.c,v 1.7 2006/07/05 13:18:20 martinea Exp $
30 * "BSD" security module
40 #include "security-util.h"
44 #undef DUMPER_SOCKET_BUFFERING
50 static void bsdudp_connect(const char *,
51 char *(*)(char *, void *),
52 void (*)(void *, security_handle_t *, security_status_t), void *, void *);
53 static void bsdudp_accept(const struct security_driver *,
54 char *(*)(char *, void *),
56 void (*)(security_handle_t *, pkt_t *),
58 static void bsdudp_close(void *);
61 * This is our interface to the outside world
63 const security_driver_t bsdudp_security_driver = {
67 sec_get_authenticated_peer_name_hostname,
80 tcpm_stream_read_sync,
81 tcpm_stream_read_cancel,
82 sec_close_connection_none,
88 * This is data local to the datagram socket. We have one datagram
89 * per process, so it is global.
91 static udp_handle_t netfd4;
92 static udp_handle_t netfd6;
93 static int not_init4 = 1;
94 static int not_init6 = 1;
96 /* generate new handles from here */
97 static unsigned int newhandle = 0;
100 * Setup and return a handle outgoing to a client
104 const char *hostname,
105 char * (*conf_fn)(char *, void *),
106 void (*fn)(void *, security_handle_t *, security_status_t),
110 struct sec_handle *bh;
112 struct timeval sequence_time;
117 struct addrinfo *res = NULL, *res_addr;
121 (void)conf_fn; /* Quiet unused parameter warning */
122 (void)datap; /* Quiet unused parameter warning */
123 assert(hostname != NULL);
125 bh = g_new0(struct sec_handle, 1);
126 bh->proto_handle=NULL;
128 security_handleinit(&bh->sech, &bsdudp_security_driver);
130 result = resolve_hostname(hostname, SOCK_DGRAM, &res, &canonname);
132 dbprintf(_("resolve_hostname(%s): %s\n"), hostname, gai_strerror(result));
133 security_seterror(&bh->sech, _("resolve_hostname(%s): %s\n"), hostname,
134 gai_strerror(result));
135 (*fn)(arg, &bh->sech, S_ERROR);
138 if (canonname == NULL) {
139 dbprintf(_("resolve_hostname(%s) did not return a canonical name\n"), hostname);
140 security_seterror(&bh->sech,
141 _("resolve_hostname(%s) did not return a canonical name\n"), hostname);
142 (*fn)(arg, &bh->sech, S_ERROR);
146 dbprintf(_("resolve_hostname(%s): no results\n"), hostname);
147 security_seterror(&bh->sech,
148 _("resolve_hostname(%s): no results\n"), hostname);
149 (*fn)(arg, &bh->sech, S_ERROR);
154 for (res_addr = res; res_addr != NULL; res_addr = res_addr->ai_next) {
156 /* IPv6 socket already bound */
157 if (res_addr->ai_addr->sa_family == AF_INET6 && not_init6 == 0) {
161 * Only init the IPv6 socket once
163 if (res_addr->ai_addr->sa_family == AF_INET6 && not_init6 == 1) {
164 dgram_zero(&netfd6.dgram);
167 result_bind = dgram_bind(&netfd6.dgram,
168 res_addr->ai_addr->sa_family, &port);
170 if (result_bind != 0) {
173 netfd6.handle = NULL;
174 netfd6.pkt.body = NULL;
175 netfd6.recv_security_ok = &bsd_recv_security_ok;
176 netfd6.prefix_packet = &bsd_prefix_packet;
178 * We must have a reserved port. Bomb if we didn't get one.
180 if (port >= IPPORT_RESERVED) {
181 security_seterror(&bh->sech,
182 _("unable to bind to a reserved port (got port %u)"),
184 (*fn)(arg, &bh->sech, S_ERROR);
195 /* IPv4 socket already bound */
196 if (res_addr->ai_addr->sa_family == AF_INET && not_init4 == 0) {
201 * Only init the IPv4 socket once
203 if (res_addr->ai_addr->sa_family == AF_INET && not_init4 == 1) {
204 dgram_zero(&netfd4.dgram);
207 result_bind = dgram_bind(&netfd4.dgram,
208 res_addr->ai_addr->sa_family, &port);
210 if (result_bind != 0) {
213 netfd4.handle = NULL;
214 netfd4.pkt.body = NULL;
215 netfd4.recv_security_ok = &bsd_recv_security_ok;
216 netfd4.prefix_packet = &bsd_prefix_packet;
218 * We must have a reserved port. Bomb if we didn't get one.
220 if (port >= IPPORT_RESERVED) {
221 security_seterror(&bh->sech,
222 "unable to bind to a reserved port (got port %u)",
224 (*fn)(arg, &bh->sech, S_ERROR);
235 if (res_addr == NULL) {
236 dbprintf(_("Can't bind a socket to connect to %s\n"), hostname);
237 security_seterror(&bh->sech,
238 _("Can't bind a socket to connect to %s\n"), hostname);
239 (*fn)(arg, &bh->sech, S_ERROR);
245 if (res_addr->ai_addr->sa_family == AF_INET6)
251 auth_debug(1, _("Resolved hostname=%s\n"), canonname);
253 service = conf_fn("client_port", datap);
254 if (!service || strlen(service) <= 1)
259 port = find_port_for_service(service, "udp");
261 security_seterror(&bh->sech, _("%s/udp unknown protocol"), service);
262 (*fn)(arg, &bh->sech, S_ERROR);
267 amanda_gettimeofday(&sequence_time);
268 sequence = (int)sequence_time.tv_sec ^ (int)sequence_time.tv_usec;
270 g_snprintf(handle,14,"000-%08x", newhandle++);
271 if (udp_inithandle(bh->udp, bh, canonname,
272 (sockaddr_union *)res_addr->ai_addr, port,
273 handle, sequence) < 0) {
274 (*fn)(arg, &bh->sech, S_ERROR);
275 amfree(bh->hostname);
278 (*fn)(arg, &bh->sech, S_OK);
283 if (res) freeaddrinfo(res);
287 * Setup to accept new incoming connections
291 const struct security_driver *driver,
292 char * (*conf_fn)(char *, void *),
295 void (*fn)(security_handle_t *, pkt_t *),
298 (void)driver; /* Quiet unused parameter warning */
299 (void)out; /* Quiet unused parameter warning */
303 assert(in >= 0 && out >= 0);
307 * We assume in and out point to the same socket, and just use
310 dgram_socket(&netfd4.dgram, in);
311 dgram_socket(&netfd6.dgram, in);
314 * Assign the function and return. When they call recvpkt later,
315 * the recvpkt callback will call this function when it discovers
316 * new incoming connections
318 netfd4.accept_fn = fn;
319 netfd4.recv_security_ok = &bsd_recv_security_ok;
320 netfd4.prefix_packet = &bsd_prefix_packet;
321 netfd4.driver = &bsdudp_security_driver;
324 udp_addref(&netfd4, &udp_netfd_read_callback);
328 * Frees a handle allocated by the above
334 struct sec_handle *bh = cookie;
336 if(bh->proto_handle == NULL) {
340 auth_debug(1, _("bsdudp: close handle '%s'\n"), bh->proto_handle);
342 udp_recvpkt_cancel(bh);
344 bh->next->prev = bh->prev;
347 if (!not_init6 && netfd6.bh_last == bh)
348 netfd6.bh_last = bh->prev;
350 netfd4.bh_last = bh->prev;
353 bh->prev->next = bh->next;
356 if (!not_init6 && netfd6.bh_first == bh)
357 netfd6.bh_first = bh->next;
359 netfd4.bh_first = bh->next;
362 amfree(bh->proto_handle);
363 amfree(bh->hostname);