2 * Amanda, The Advanced Maryland Automatic Network Disk Archiver
3 * Copyright (c) 1999 University of Maryland
6 * Permission to use, copy, modify, distribute, and sell this software and its
7 * documentation for any purpose is hereby granted without fee, provided that
8 * the above copyright notice appear in all copies and that both that
9 * copyright notice and this permission notice appear in supporting
10 * documentation, and that the name of U.M. not be used in advertising or
11 * publicity pertaining to distribution of the software without specific,
12 * written prior permission. U.M. makes no representations about the
13 * suitability of this software for any purpose. It is provided "as is"
14 * without express or implied warranty.
16 * U.M. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL U.M.
18 * BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
19 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
20 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
21 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
23 * Authors: the Amanda Development Team. Its members are listed in a
24 * file named AUTHORS, in the root directory of this distribution.
28 * $Id: bsdtcp-security.c,v 1.7 2006/07/13 03:22:20 paddy_s Exp $
30 * bsdtcp-security.c - security and transport over bsdtcp or a bsdtcp-like command.
32 * XXX still need to check for initial keyword on connect so we can skip
33 * over shell garbage and other stuff that bsdtcp might want to spew out.
41 #include "security-util.h"
42 #include "sockaddr-util.h"
46 * Number of seconds bsdtcp has to start up
48 #define CONNECT_TIMEOUT 20
53 static void bsdtcp_accept(const struct security_driver *,
54 char *(*)(char *, void *),
56 void (*)(security_handle_t *, pkt_t *),
58 static void bsdtcp_connect(const char *,
59 char *(*)(char *, void *),
60 void (*)(void *, security_handle_t *, security_status_t), void *, void *);
63 * This is our interface to the outside world.
65 const security_driver_t bsdtcp_security_driver = {
69 sec_get_authenticated_peer_name_hostname,
73 stream_recvpkt_cancel,
82 tcpm_stream_read_sync,
83 tcpm_stream_read_cancel,
84 tcpm_close_connection,
89 static int newhandle = 1;
94 static int runbsdtcp(struct sec_handle *, in_port_t port);
98 * bsdtcp version of a security handle allocator. Logically sets
99 * up a network "connection".
103 const char *hostname,
104 char * (*conf_fn)(char *, void *),
105 void (*fn)(void *, security_handle_t *, security_status_t),
109 struct sec_handle *rh;
116 assert(hostname != NULL);
117 (void)conf_fn; /* Quiet unused parameter warning */
118 (void)datap; /* Quiet unused parameter warning */
120 auth_debug(1, _("bsdtcp: bsdtcp_connect: %s\n"), hostname);
122 rh = g_new0(struct sec_handle, 1);
123 security_handleinit(&rh->sech, &bsdtcp_security_driver);
126 rh->ev_timeout = NULL;
129 result = resolve_hostname(hostname, 0, NULL, &canonname);
131 dbprintf(_("resolve_hostname(%s): %s\n"), hostname, gai_strerror(result));
132 security_seterror(&rh->sech, _("resolve_hostname(%s): %s\n"), hostname,
133 gai_strerror(result));
134 (*fn)(arg, &rh->sech, S_ERROR);
137 if (canonname == NULL) {
138 dbprintf(_("resolve_hostname(%s) did not return a canonical name\n"), hostname);
139 security_seterror(&rh->sech,
140 _("resolve_hostname(%s) did not return a canonical name\n"), hostname);
141 (*fn)(arg, &rh->sech, S_ERROR);
145 rh->hostname = canonname; /* will be replaced */
146 canonname = NULL; /* steal reference */
147 rh->rs = tcpma_stream_client(rh, newhandle++);
148 rh->rc->recv_security_ok = &bsd_recv_security_ok;
149 rh->rc->prefix_packet = &bsd_prefix_packet;
154 amfree(rh->hostname);
155 rh->hostname = stralloc(rh->rs->rc->hostname);
158 service = conf_fn("client_port", datap);
159 if (!service || strlen(service) <= 1)
164 port = find_port_for_service(service, "tcp");
166 security_seterror(&rh->sech, _("%s/tcp unknown protocol"), service);
171 * We need to open a new connection.
173 * XXX need to eventually limit number of outgoing connections here.
175 if(rh->rc->read == -1) {
176 if (runbsdtcp(rh, port) < 0)
182 * The socket will be opened async so hosts that are down won't
183 * block everything. We need to register a write event
184 * so we will know when the socket comes alive.
186 * Overload rh->rs->ev_read to provide a write event handle.
187 * We also register a timeout.
191 rh->rs->ev_read = event_register((event_id_t)(rh->rs->rc->write),
192 EV_WRITEFD, sec_connect_callback, rh);
193 rh->ev_timeout = event_register(CONNECT_TIMEOUT, EV_TIME,
194 sec_connect_timeout, rh);
199 (*fn)(arg, &rh->sech, S_ERROR);
203 * Setup to handle new incoming connections
207 const struct security_driver *driver,
208 char * (*conf_fn)(char *, void *),
211 void (*fn)(security_handle_t *, pkt_t *),
217 char hostname[NI_MAXHOST];
222 if (getpeername(in, (struct sockaddr *)&sin, &len) < 0) {
223 dbprintf(_("getpeername returned: %s\n"), strerror(errno));
226 if ((result = getnameinfo((struct sockaddr *)&sin, len,
227 hostname, NI_MAXHOST, NULL, 0, 0) != 0)) {
228 dbprintf(_("getnameinfo failed: %s\n"),
229 gai_strerror(result));
232 if (check_name_give_sockaddr(hostname,
233 (struct sockaddr *)&sin, &errmsg) < 0) {
238 rc = sec_tcp_conn_get(hostname, 0);
239 rc->recv_security_ok = &bsd_recv_security_ok;
240 rc->prefix_packet = &bsd_prefix_packet;
241 copy_sockaddr(&rc->peer, &sin);
246 rc->conf_fn = conf_fn;
248 sec_tcp_conn_read(rc);
252 * Forks a bsdtcp to the host listed in rc->hostname
253 * Returns negative on error, with an errmsg in rc->errmsg.
257 struct sec_handle * rh,
262 struct tcp_conn * rc = rh->rc;
266 server_socket = stream_client_privileged(rc->hostname,
274 if(server_socket < 0) {
275 security_seterror(&rh->sech,
276 "%s", strerror(errno));
281 if(my_port >= IPPORT_RESERVED) {
282 security_seterror(&rh->sech,
283 _("did not get a reserved port: %d"), my_port);
286 rc->read = rc->write = server_socket;