2 * Amanda, The Advanced Maryland Automatic Network Disk Archiver
3 * Copyright (c) 1999 University of Maryland
6 * Permission to use, copy, modify, distribute, and sell this software and its
7 * documentation for any purpose is hereby granted without fee, provided that
8 * the above copyright notice appear in all copies and that both that
9 * copyright notice and this permission notice appear in supporting
10 * documentation, and that the name of U.M. not be used in advertising or
11 * publicity pertaining to distribution of the software without specific,
12 * written prior permission. U.M. makes no representations about the
13 * suitability of this software for any purpose. It is provided "as is"
14 * without express or implied warranty.
16 * U.M. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL U.M.
18 * BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
19 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
20 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
21 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
23 * Authors: the Amanda Development Team. Its members are listed in a
24 * file named AUTHORS, in the root directory of this distribution.
28 * $Id: bsdtcp-security.c,v 1.7.2.2 2006/09/29 11:28:55 martinea Exp $
30 * bsdtcp-security.c - security and transport over bsdtcp or a bsdtcp-like command.
32 * XXX still need to check for initial keyword on connect so we can skip
33 * over shell garbage and other stuff that bsdtcp might want to spew out.
42 #include "security-util.h"
46 #ifdef BSDTCP_SECURITY
48 /*#define BSDTCP_DEBUG*/
51 #define bsdtcpprintf(x) dbprintf(x)
53 #define bsdtcpprintf(x)
58 * Number of seconds bsdtcp has to start up
60 #define CONNECT_TIMEOUT 20
65 static void bsdtcp_accept(const struct security_driver *, int, int,
66 void (*)(security_handle_t *, pkt_t *));
67 static void bsdtcp_connect(const char *,
68 char *(*)(char *, void *),
69 void (*)(void *, security_handle_t *, security_status_t), void *, void *);
72 * This is our interface to the outside world.
74 const security_driver_t bsdtcp_security_driver = {
81 stream_recvpkt_cancel,
90 tcpm_stream_read_sync,
91 tcpm_stream_read_cancel,
92 tcpm_close_connection,
95 static int newhandle = 1;
100 static int runbsdtcp(struct sec_handle *);
104 * bsdtcp version of a security handle allocator. Logically sets
105 * up a network "connection".
109 const char *hostname,
110 char * (*conf_fn)(char *, void *),
111 void (*fn)(void *, security_handle_t *, security_status_t),
115 struct sec_handle *rh;
119 assert(hostname != NULL);
120 (void)conf_fn; /* Quiet unused parameter warning */
121 (void)datap; /* Quiet unused parameter warning */
123 bsdtcpprintf(("%s: bsdtcp: bsdtcp_connect: %s\n", debug_prefix_time(NULL),
126 rh = alloc(sizeof(*rh));
127 security_handleinit(&rh->sech, &bsdtcp_security_driver);
130 rh->ev_timeout = NULL;
133 if ((he = gethostbyname(hostname)) == NULL) {
134 security_seterror(&rh->sech,
135 "%s: could not resolve hostname", hostname);
136 (*fn)(arg, &rh->sech, S_ERROR);
139 rh->hostname = stralloc(he->h_name); /* will be replaced */
140 rh->rs = tcpma_stream_client(rh, newhandle++);
141 rh->rc->recv_security_ok = &bsd_recv_security_ok;
142 rh->rc->prefix_packet = &bsd_prefix_packet;
147 amfree(rh->hostname);
148 rh->hostname = stralloc(rh->rs->rc->hostname);
151 * We need to open a new connection.
153 * XXX need to eventually limit number of outgoing connections here.
155 if(rh->rc->read == -1) {
156 if (runbsdtcp(rh) < 0)
162 * The socket will be opened async so hosts that are down won't
163 * block everything. We need to register a write event
164 * so we will know when the socket comes alive.
166 * Overload rh->rs->ev_read to provide a write event handle.
167 * We also register a timeout.
171 rh->rs->ev_read = event_register((event_id_t)(rh->rs->rc->write),
172 EV_WRITEFD, sec_connect_callback, rh);
173 rh->ev_timeout = event_register(CONNECT_TIMEOUT, EV_TIME,
174 sec_connect_timeout, rh);
179 (*fn)(arg, &rh->sech, S_ERROR);
183 * Setup to handle new incoming connections
187 const struct security_driver *driver,
190 void (*fn)(security_handle_t *, pkt_t *))
192 struct sockaddr_in sin;
198 if (getpeername(in, (struct sockaddr *)&sin, &len) < 0) {
199 dbprintf(("%s: getpeername returned: %s\n", debug_prefix_time(NULL),
203 he = gethostbyaddr((void *)&sin.sin_addr, sizeof(sin.sin_addr), AF_INET);
205 dbprintf(("%s: he returned NULL: h_errno = %d\n",
206 debug_prefix_time(NULL), h_errno));
210 rc = sec_tcp_conn_get(he->h_name, 0);
211 rc->recv_security_ok = &bsd_recv_security_ok;
212 rc->prefix_packet = &bsd_prefix_packet;
213 memcpy(&rc->peer.sin_addr, he->h_addr, sizeof(rc->peer.sin_addr));
214 rc->peer.sin_port = sin.sin_port;
219 sec_tcp_conn_read(rc);
223 * Forks a bsdtcp to the host listed in rc->hostname
224 * Returns negative on error, with an errmsg in rc->errmsg.
228 struct sec_handle * rh)
234 struct tcp_conn * rc = rh->rc;
236 if ((sp = getservbyname(AMANDA_SERVICE_NAME, "tcp")) == NULL) {
237 error("%s/tcp unknown protocol", "amanda");
243 server_socket = stream_client_privileged(rc->hostname,
244 (in_port_t)(ntohs((in_port_t)sp->s_port)),
250 if(server_socket < 0) {
251 security_seterror(&rh->sech,
252 "%s", strerror(errno));
258 if(my_port >= IPPORT_RESERVED) {
259 security_seterror(&rh->sech,
260 "did not get a reserved port: %d", my_port);
263 rc->read = rc->write = server_socket;
267 #endif /* BSDTCP_SECURITY */