X-Git-Url: https://git.tokkee.org/?p=sysdb.git;a=blobdiff_plain;f=src%2Ffrontend%2Fconnection.c;h=f35f7b39c82a8278f47137e65810163094c33044;hp=91196dcd4448125864073bff616ce24f9d406809;hb=ad77ec3d257ac66d74e91452d098882247abdc0a;hpb=7dbab14d8d2113e0160a9c372b40be1ca8eea2d1 diff --git a/src/frontend/connection.c b/src/frontend/connection.c index 91196dc..f35f7b3 100644 --- a/src/frontend/connection.c +++ b/src/frontend/connection.c @@ -25,6 +25,10 @@ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include "sysdb.h" #include "core/object.h" #include "core/plugin.h" @@ -32,6 +36,7 @@ #include "utils/error.h" #include "utils/strbuf.h" #include "utils/proto.h" +#include "utils/os.h" #include #include @@ -42,6 +47,19 @@ #include #include +#include +#include +#include + +#ifdef HAVE_UCRED_H +# include +#endif +#ifdef HAVE_SYS_UCRED_H +# include +#endif + +#include + #include /* @@ -49,7 +67,7 @@ */ static pthread_key_t conn_ctx_key; -static _Bool conn_ctx_key_initialized = 0; +static bool conn_ctx_key_initialized = 0; /* * private types @@ -59,6 +77,48 @@ static _Bool conn_ctx_key_initialized = 0; #define CONN_FD_PREFIX "conn#" #define CONN_FD_PLACEHOLDER "XXXXXXX" +/* XXX: only supports UNIX sockets so far */ +static char * +peer(int sockfd) +{ + uid_t uid; + + struct passwd pw_entry; + struct passwd *result = NULL; + char buf[1024]; + +#ifdef SO_PEERCRED + struct ucred cred; + socklen_t len = sizeof(cred); + + if (getsockopt(sockfd, SOL_SOCKET, SO_PEERCRED, &cred, &len) + || (len != sizeof(cred))) + return NULL; + uid = cred.uid; +#else /* SO_PEERCRED */ + errno = ENOSYS; + return NULL; +#endif + + memset(&pw_entry, 0, sizeof(pw_entry)); + if (getpwuid_r(uid, &pw_entry, buf, sizeof(buf), &result) + || (! result)) + return NULL; + return strdup(result->pw_name); +} /* peer */ + +static ssize_t +conn_read(sdb_conn_t *conn, size_t len) +{ + return sdb_strbuf_read(conn->buf, conn->fd, len); +} /* conn_read */ + +static ssize_t +conn_write(sdb_conn_t *conn, const void *buf, size_t len) +{ + return sdb_write(conn->fd, len, buf); +} /* conn_write */ + static int connection_init(sdb_object_t *obj, va_list ap) { @@ -96,6 +156,12 @@ connection_init(sdb_object_t *obj, va_list ap) return -1; } + /* defaults */ + conn->read = conn_read; + conn->write = conn_write; + conn->finish = NULL; + conn->session = NULL; + if (conn->client_addr.ss_family != AF_UNIX) { sdb_log(SDB_LOG_ERR, "frontend: Accepted connection using " "unexpected family type %d", conn->client_addr.ss_family); @@ -111,11 +177,22 @@ connection_init(sdb_object_t *obj, va_list ap) return -1; } + conn->username = peer(conn->fd); + if (! conn->username) { + char buf[1024]; + sdb_log(SDB_LOG_ERR, "frontend: Failed to retrieve peer for " + "connection conn#%i: %s", conn->fd, + sdb_strerror(errno, buf, sizeof(buf))); + return -1; + } + conn->ready = 0; + sdb_log(SDB_LOG_DEBUG, "frontend: Accepted connection on fd=%i", conn->fd); - conn->cmd = CONNECTION_IDLE; + conn->cmd = SDB_CONNECTION_IDLE; conn->cmd_len = 0; + conn->skip_len = 0; /* update the object name */ snprintf(obj->name + strlen(CONN_FD_PREFIX), @@ -132,6 +209,12 @@ connection_destroy(sdb_object_t *obj) assert(obj); conn = CONN(obj); + conn->ready = 0; + + if (conn->finish) + conn->finish(conn); + conn->finish = NULL; + if (conn->buf) { len = sdb_strbuf_len(conn->buf); if (len) @@ -139,10 +222,12 @@ connection_destroy(sdb_object_t *obj) "(%zu byte%s left in buffer)", len, len == 1 ? "" : "s"); } - sdb_log(SDB_LOG_DEBUG, "frontend: Closing connection on fd=%i", - conn->fd); - close(conn->fd); - conn->fd = -1; + sdb_log(SDB_LOG_DEBUG, "frontend: Closing connection %s", obj->name); + sdb_connection_close(conn); + + if (conn->username) + free(conn->username); + conn->username = NULL; sdb_strbuf_destroy(conn->buf); conn->buf = NULL; @@ -183,7 +268,13 @@ sdb_conn_ctx_init(void) static void sdb_conn_set_ctx(sdb_conn_t *conn) { + sdb_conn_t *old; + sdb_conn_ctx_init(); + + old = pthread_getspecific(conn_ctx_key); + if (old) + sdb_object_deref(SDB_OBJ(old)); if (conn) sdb_object_ref(SDB_OBJ(conn)); pthread_setspecific(conn_ctx_key, conn); @@ -209,134 +300,69 @@ static int connection_log(int prio, const char *msg, sdb_object_t __attribute__((unused)) *user_data) { + uint32_t len = (uint32_t)sizeof(uint32_t) + (uint32_t)strlen(msg); + uint32_t p = htonl((uint32_t)prio); + char tmp[len + 1]; + sdb_conn_t *conn; conn = sdb_conn_get_ctx(); /* no connection associated to this thread - * or user not authenticated yet => don't leak any information */ - if ((! conn) || (! conn->username)) + * or startup not done yet => don't leak any information */ + if ((! conn) || (! conn->ready)) return 0; /* XXX: make the log-level configurable by the client at runtime */ if (prio >= SDB_LOG_DEBUG) return 0; - /* TODO: Use CONNECTION_LOG_? */ - if (sdb_connection_send(conn, CONNECTION_LOG, - (uint32_t)strlen(msg), msg) < 0) + memcpy(tmp, &p, sizeof(p)); + strcpy(tmp + sizeof(p), msg); + + if (sdb_connection_send(conn, SDB_CONNECTION_LOG, len, tmp) < 0) return -1; return 0; } /* connection_log */ -static uint32_t -connection_get_int32(sdb_conn_t *conn, size_t offset) -{ - const char *data; - uint32_t n; - - assert(conn && (sdb_strbuf_len(conn->buf) >= offset + sizeof(uint32_t))); - - data = sdb_strbuf_string(conn->buf); - memcpy(&n, data + offset, sizeof(n)); - n = ntohl(n); - return n; -} /* connection_get_int32 */ - static int command_handle(sdb_conn_t *conn) { int status = -1; - assert(conn && (conn->cmd != CONNECTION_IDLE)); + assert(conn && (conn->cmd != SDB_CONNECTION_IDLE)); + assert(! conn->skip_len); sdb_log(SDB_LOG_DEBUG, "frontend: Handling command %u (len: %u)", conn->cmd, conn->cmd_len); - if ((! conn->username) && (conn->cmd != CONNECTION_STARTUP)) { - const char *errmsg = "Authentication required"; - sdb_connection_send(conn, CONNECTION_ERROR, - (uint32_t)strlen(errmsg), errmsg); - return -1; + if (conn->cmd == SDB_CONNECTION_PING) + status = sdb_connection_ping(conn); + else if (conn->cmd == SDB_CONNECTION_STARTUP) + status = sdb_fe_session_start(conn); + else if (conn->cmd == SDB_CONNECTION_QUERY) + status = sdb_fe_query(conn); + else if (conn->cmd == SDB_CONNECTION_FETCH) + status = sdb_fe_fetch(conn); + else if (conn->cmd == SDB_CONNECTION_LIST) + status = sdb_fe_list(conn); + else if (conn->cmd == SDB_CONNECTION_LOOKUP) + status = sdb_fe_lookup(conn); + else if (conn->cmd == SDB_CONNECTION_STORE) + status = sdb_fe_store(conn); + else { + sdb_log(SDB_LOG_WARNING, "frontend: Ignoring invalid command %#x", + conn->cmd); + sdb_strbuf_sprintf(conn->errbuf, "Invalid command %#x", conn->cmd); + status = -1; } - /* reset */ - sdb_strbuf_sprintf(conn->errbuf, ""); - - switch (conn->cmd) { - case CONNECTION_PING: - status = sdb_connection_ping(conn); - break; - case CONNECTION_STARTUP: - status = sdb_fe_session_start(conn); - break; - - case CONNECTION_QUERY: - { - sdb_llist_t *parsetree; - sdb_conn_node_t *node = NULL; - - parsetree = sdb_fe_parse(sdb_strbuf_string(conn->buf), - (int)conn->cmd_len); - if (! parsetree) { - sdb_log(SDB_LOG_ERR, "frontend: Failed to parse query '%s'", - sdb_strbuf_string(conn->buf)); - status = -1; - break; - } - - switch (sdb_llist_len(parsetree)) { - case 0: - /* skipping empty command */ - break; - case 1: - node = SDB_CONN_NODE(sdb_llist_get(parsetree, 0)); - break; - - default: - sdb_log(SDB_LOG_WARNING, "frontend: Ignoring %d command%s " - "in multi-statement query '%s'", - sdb_llist_len(parsetree) - 1, - sdb_llist_len(parsetree) == 2 ? "" : "s", - sdb_strbuf_string(conn->buf)); - node = SDB_CONN_NODE(sdb_llist_get(parsetree, 0)); - } - - if (node) { - status = sdb_fe_exec(conn, node); - sdb_object_deref(SDB_OBJ(node)); - } - - sdb_llist_destroy(parsetree); - break; - } - - case CONNECTION_FETCH: - status = sdb_fe_fetch(conn, sdb_strbuf_string(conn->buf)); - break; - case CONNECTION_LIST: - status = sdb_fe_list(conn); - break; - - default: - { - sdb_log(SDB_LOG_WARNING, "frontend: Ignoring invalid command %#x", - conn->cmd); - sdb_strbuf_sprintf(conn->errbuf, "Invalid command %#x", conn->cmd); - status = -1; - break; - } - } - - if (status) - sdb_connection_send(conn, CONNECTION_ERROR, + if (status) { + if (! sdb_strbuf_len(conn->errbuf)) + sdb_strbuf_sprintf(conn->errbuf, "Failed to execute command"); + sdb_connection_send(conn, SDB_CONNECTION_ERROR, (uint32_t)sdb_strbuf_len(conn->errbuf), sdb_strbuf_string(conn->errbuf)); - - /* remove the command from the buffer */ - if (conn->cmd_len) - sdb_strbuf_skip(conn->buf, 0, conn->cmd_len); - conn->cmd = CONNECTION_IDLE; - conn->cmd_len = 0; + } return status; } /* command_handle */ @@ -344,17 +370,42 @@ command_handle(sdb_conn_t *conn) static int command_init(sdb_conn_t *conn) { - size_t len; + const char *errmsg = NULL; + + assert(conn && (conn->cmd == SDB_CONNECTION_IDLE) && (! conn->cmd_len)); + + if (conn->skip_len) + return -1; + + /* reset */ + sdb_strbuf_clear(conn->errbuf); - assert(conn && (conn->cmd == CONNECTION_IDLE) && (! conn->cmd_len)); + if (sdb_proto_unmarshal_header(SDB_STRBUF_STR(conn->buf), + &conn->cmd, &conn->cmd_len) < 0) + return -1; + sdb_strbuf_skip(conn->buf, 0, 2 * sizeof(uint32_t)); + + if ((! conn->ready) && (conn->cmd != SDB_CONNECTION_STARTUP)) + errmsg = "Authentication required"; + else if (conn->cmd == SDB_CONNECTION_IDLE) + errmsg = "Invalid command 0"; - conn->cmd = connection_get_int32(conn, 0); - conn->cmd_len = connection_get_int32(conn, sizeof(uint32_t)); + if (errmsg) { + size_t len = sdb_strbuf_len(conn->buf); - len = 2 * sizeof(uint32_t); - if (conn->cmd == CONNECTION_IDLE) - len += conn->cmd_len; - sdb_strbuf_skip(conn->buf, 0, len); + sdb_strbuf_sprintf(conn->errbuf, "%s", errmsg); + sdb_connection_send(conn, SDB_CONNECTION_ERROR, + (uint32_t)strlen(errmsg), errmsg); + conn->skip_len += conn->cmd_len; + conn->cmd = SDB_CONNECTION_IDLE; + conn->cmd_len = 0; + + if (len > conn->skip_len) + len = conn->skip_len; + sdb_strbuf_skip(conn->buf, 0, len); + conn->skip_len -= len; + /* connection_read will handle anything else */ + } return 0; } /* command_init */ @@ -364,20 +415,37 @@ connection_read(sdb_conn_t *conn) { ssize_t n = 0; + if ((! conn) || (conn->fd < 0)) + return -1; + while (42) { ssize_t status; errno = 0; - status = sdb_strbuf_read(conn->buf, conn->fd, 1024); + status = conn->read(conn, 1024); if (status < 0) { if ((errno == EAGAIN) || (errno == EWOULDBLOCK)) break; + + sdb_connection_close(conn); return (int)status; } else if (! status) /* EOF */ break; + if (conn->skip_len) { + size_t len = (size_t)status < conn->skip_len + ? (size_t)status : conn->skip_len; + sdb_strbuf_skip(conn->buf, 0, len); + conn->skip_len -= len; + } + n += status; + + /* give the main loop a chance to execute commands (and free up buffer + * space) on large amounts of incoming traffic */ + if (n > 1024 * 1024) + break; } return n; @@ -409,11 +477,21 @@ sdb_connection_accept(int fd) void sdb_connection_close(sdb_conn_t *conn) { - sdb_object_deref(SDB_OBJ(conn)); + if (! conn) + return; + + if (conn->finish) + conn->finish(conn); + conn->finish = NULL; + + /* close the connection even if someone else still references it */ + if (conn->fd >= 0) + close(conn->fd); + conn->fd = -1; } /* sdb_connection_close */ ssize_t -sdb_connection_read(sdb_conn_t *conn) +sdb_connection_handle(sdb_conn_t *conn) { ssize_t n = 0; @@ -422,13 +500,20 @@ sdb_connection_read(sdb_conn_t *conn) while (42) { ssize_t status = connection_read(conn); - if ((conn->cmd == CONNECTION_IDLE) && (! conn->cmd_len) + if ((conn->cmd == SDB_CONNECTION_IDLE) && (! conn->cmd_len) && (sdb_strbuf_len(conn->buf) >= 2 * sizeof(int32_t))) command_init(conn); - if ((conn->cmd != CONNECTION_IDLE) - && (sdb_strbuf_len(conn->buf) >= conn->cmd_len)) + if ((conn->cmd != SDB_CONNECTION_IDLE) + && (sdb_strbuf_len(conn->buf) >= conn->cmd_len)) { command_handle(conn); + /* remove the command from the buffer */ + if (conn->cmd_len) + sdb_strbuf_skip(conn->buf, 0, conn->cmd_len); + conn->cmd = SDB_CONNECTION_IDLE; + conn->cmd_len = 0; + } + if (status <= 0) break; @@ -437,21 +522,29 @@ sdb_connection_read(sdb_conn_t *conn) sdb_conn_set_ctx(NULL); return n; -} /* sdb_connection_read */ +} /* sdb_connection_handle */ ssize_t sdb_connection_send(sdb_conn_t *conn, uint32_t code, uint32_t msg_len, const char *msg) { + char buf[2 * sizeof(uint32_t) + msg_len]; ssize_t status; if ((! conn) || (conn->fd < 0)) return -1; + if (sdb_proto_marshal(buf, sizeof(buf), code, msg_len, msg) < 0) + return -1; - status = sdb_proto_send_msg(conn->fd, code, msg_len, msg); + status = conn->write(conn, buf, sizeof(buf)); if (status < 0) { char errbuf[1024]; + /* tell other code that there was a problem and, more importantly, + * make sure we don't try to send further logs to the connection */ + sdb_connection_close(conn); + conn->ready = 0; + sdb_log(SDB_LOG_ERR, "frontend: Failed to send msg " "(code: %u, len: %u) to client: %s", code, msg_len, sdb_strerror(errno, errbuf, sizeof(errbuf))); @@ -462,11 +555,11 @@ sdb_connection_send(sdb_conn_t *conn, uint32_t code, int sdb_connection_ping(sdb_conn_t *conn) { - if ((! conn) || (conn->cmd != CONNECTION_PING)) + if ((! conn) || (conn->cmd != SDB_CONNECTION_PING)) return -1; /* we're alive */ - sdb_connection_send(conn, CONNECTION_OK, 0, NULL); + sdb_connection_send(conn, SDB_CONNECTION_OK, 0, NULL); return 0; } /* sdb_connection_ping */