X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=src%2Ffrontend%2Fconnection.c;h=b27b3dd28bfbfd0324941d1861bc2bdd5d60a8ca;hb=f8809a7d245d9147bba60d907dd11a398941d868;hp=bb0f494f2d432c849e4c60be174b3cfec3f786ab;hpb=8a9f437224378cfcb738603db86620bb3763d50d;p=sysdb.git diff --git a/src/frontend/connection.c b/src/frontend/connection.c index bb0f494..b27b3dd 100644 --- a/src/frontend/connection.c +++ b/src/frontend/connection.c @@ -25,6 +25,10 @@ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include "sysdb.h" #include "core/object.h" #include "core/plugin.h" @@ -42,6 +46,19 @@ #include #include +#include +#include +#include + +#ifdef HAVE_UCRED_H +# include +#endif +#ifdef HAVE_SYS_UCRED_H +# include +#endif + +#include + #include /* @@ -49,7 +66,7 @@ */ static pthread_key_t conn_ctx_key; -static _Bool conn_ctx_key_initialized = 0; +static bool conn_ctx_key_initialized = 0; /* * private types @@ -59,6 +76,36 @@ static _Bool conn_ctx_key_initialized = 0; #define CONN_FD_PREFIX "conn#" #define CONN_FD_PLACEHOLDER "XXXXXXX" +/* XXX: only supports UNIX sockets so far */ +static char * +peer(int sockfd) +{ + uid_t uid; + + struct passwd pw_entry; + struct passwd *result = NULL; + char buf[1024]; + +#ifdef SO_PEERCRED + struct ucred cred; + socklen_t len = sizeof(cred); + + if (getsockopt(sockfd, SOL_SOCKET, SO_PEERCRED, &cred, &len) + || (len != sizeof(cred))) + return NULL; + uid = cred.uid; +#else /* SO_PEERCRED */ + errno = ENOSYS; + return NULL; +#endif + + memset(&pw_entry, 0, sizeof(pw_entry)); + if (getpwuid_r(uid, &pw_entry, buf, sizeof(buf), &result) + || (! result)) + return NULL; + return strdup(result->pw_name); +} /* peer */ + static int connection_init(sdb_object_t *obj, va_list ap) { @@ -111,10 +158,20 @@ connection_init(sdb_object_t *obj, va_list ap) return -1; } + conn->username = peer(conn->fd); + if (! conn->username) { + char buf[1024]; + sdb_log(SDB_LOG_ERR, "frontend: Failed to retrieve peer for " + "connection conn#%i: %s", conn->fd, + sdb_strerror(errno, buf, sizeof(buf))); + return -1; + } + conn->ready = 0; + sdb_log(SDB_LOG_DEBUG, "frontend: Accepted connection on fd=%i", conn->fd); - conn->cmd = CONNECTION_IDLE; + conn->cmd = SDB_CONNECTION_IDLE; conn->cmd_len = 0; conn->skip_len = 0; @@ -241,7 +298,7 @@ connection_log(int prio, const char *msg, memcpy(tmp, &p, sizeof(p)); strcpy(tmp + sizeof(p), msg); - if (sdb_connection_send(conn, CONNECTION_LOG, len, tmp) < 0) + if (sdb_connection_send(conn, SDB_CONNECTION_LOG, len, tmp) < 0) return -1; return 0; } /* connection_log */ @@ -251,23 +308,23 @@ command_handle(sdb_conn_t *conn) { int status = -1; - assert(conn && (conn->cmd != CONNECTION_IDLE)); + assert(conn && (conn->cmd != SDB_CONNECTION_IDLE)); assert(! conn->skip_len); sdb_log(SDB_LOG_DEBUG, "frontend: Handling command %u (len: %u)", conn->cmd, conn->cmd_len); - if (conn->cmd == CONNECTION_PING) + if (conn->cmd == SDB_CONNECTION_PING) status = sdb_connection_ping(conn); - else if (conn->cmd == CONNECTION_STARTUP) + else if (conn->cmd == SDB_CONNECTION_STARTUP) status = sdb_fe_session_start(conn); - else if (conn->cmd == CONNECTION_QUERY) + else if (conn->cmd == SDB_CONNECTION_QUERY) status = sdb_fe_query(conn); - else if (conn->cmd == CONNECTION_FETCH) + else if (conn->cmd == SDB_CONNECTION_FETCH) status = sdb_fe_fetch(conn); - else if (conn->cmd == CONNECTION_LIST) + else if (conn->cmd == SDB_CONNECTION_LIST) status = sdb_fe_list(conn); - else if (conn->cmd == CONNECTION_LOOKUP) + else if (conn->cmd == SDB_CONNECTION_LOOKUP) status = sdb_fe_lookup(conn); else { sdb_log(SDB_LOG_WARNING, "frontend: Ignoring invalid command %#x", @@ -279,7 +336,7 @@ command_handle(sdb_conn_t *conn) if (status) { if (! sdb_strbuf_len(conn->errbuf)) sdb_strbuf_sprintf(conn->errbuf, "Failed to execute command"); - sdb_connection_send(conn, CONNECTION_ERROR, + sdb_connection_send(conn, SDB_CONNECTION_ERROR, (uint32_t)sdb_strbuf_len(conn->errbuf), sdb_strbuf_string(conn->errbuf)); } @@ -292,7 +349,7 @@ command_init(sdb_conn_t *conn) { const char *errmsg = NULL; - assert(conn && (conn->cmd == CONNECTION_IDLE) && (! conn->cmd_len)); + assert(conn && (conn->cmd == SDB_CONNECTION_IDLE) && (! conn->cmd_len)); if (conn->skip_len) return -1; @@ -305,19 +362,19 @@ command_init(sdb_conn_t *conn) sdb_strbuf_skip(conn->buf, 0, 2 * sizeof(uint32_t)); - if ((! conn->ready) && (conn->cmd != CONNECTION_STARTUP)) + if ((! conn->ready) && (conn->cmd != SDB_CONNECTION_STARTUP)) errmsg = "Authentication required"; - else if (conn->cmd == CONNECTION_IDLE) + else if (conn->cmd == SDB_CONNECTION_IDLE) errmsg = "Invalid command 0"; if (errmsg) { size_t len = sdb_strbuf_len(conn->buf); sdb_strbuf_sprintf(conn->errbuf, "%s", errmsg); - sdb_connection_send(conn, CONNECTION_ERROR, + sdb_connection_send(conn, SDB_CONNECTION_ERROR, (uint32_t)strlen(errmsg), errmsg); conn->skip_len += conn->cmd_len; - conn->cmd = CONNECTION_IDLE; + conn->cmd = SDB_CONNECTION_IDLE; conn->cmd_len = 0; if (len > conn->skip_len) @@ -419,17 +476,17 @@ sdb_connection_read(sdb_conn_t *conn) while (42) { ssize_t status = connection_read(conn); - if ((conn->cmd == CONNECTION_IDLE) && (! conn->cmd_len) + if ((conn->cmd == SDB_CONNECTION_IDLE) && (! conn->cmd_len) && (sdb_strbuf_len(conn->buf) >= 2 * sizeof(int32_t))) command_init(conn); - if ((conn->cmd != CONNECTION_IDLE) + if ((conn->cmd != SDB_CONNECTION_IDLE) && (sdb_strbuf_len(conn->buf) >= conn->cmd_len)) { command_handle(conn); /* remove the command from the buffer */ if (conn->cmd_len) sdb_strbuf_skip(conn->buf, 0, conn->cmd_len); - conn->cmd = CONNECTION_IDLE; + conn->cmd = SDB_CONNECTION_IDLE; conn->cmd_len = 0; } @@ -472,11 +529,11 @@ sdb_connection_send(sdb_conn_t *conn, uint32_t code, int sdb_connection_ping(sdb_conn_t *conn) { - if ((! conn) || (conn->cmd != CONNECTION_PING)) + if ((! conn) || (conn->cmd != SDB_CONNECTION_PING)) return -1; /* we're alive */ - sdb_connection_send(conn, CONNECTION_OK, 0, NULL); + sdb_connection_send(conn, SDB_CONNECTION_OK, 0, NULL); return 0; } /* sdb_connection_ping */