1 /* assuan-socket-server.c - Assuan socket based server
2 * Copyright (C) 2002, 2007, 2009 Free Software Foundation, Inc.
3 *
4 * This file is part of Assuan.
5 *
6 * Assuan is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU Lesser General Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Assuan is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, see <http://www.gnu.org/licenses/>.
18 * SPDX-License-Identifier: LGPL-2.1+
19 */
20
21 #ifdef HAVE_CONFIG_H
22 #include <config.h>
23 #endif
24
25 #include <stdlib.h>
26 #include <stdio.h>
27 #include <errno.h>
28 #ifdef HAVE_UNISTD_H
29 # include <unistd.h>
30 #endif
31 #ifdef HAVE_SYS_TYPES_H
32 # include <sys/types.h>
33 #endif
34 #ifdef HAVE_W32_SYSTEM
35 # ifdef HAVE_WINSOCK2_H
36 # include <winsock2.h>
37 # endif
38 # include <windows.h>
39 # if HAVE_SYS_SOCKET_H
40 # include <sys/socket.h>
41 # elif HAVE_WS2TCPIP_H
42 # include <ws2tcpip.h>
43 # endif
44 #else
45 # include <sys/socket.h>
46 # include <sys/un.h>
47 #endif
48 #ifdef HAVE_SYS_UCRED_H
49 #include <sys/ucred.h>
50 #endif
51 #ifdef HAVE_UCRED_H
52 #include <ucred.h>
53 #endif
54
55 #include "debug.h"
56 #include "assuan-defs.h"
57
58 static gpg_error_t
accept_connection_bottom(assuan_context_t ctx)59 accept_connection_bottom (assuan_context_t ctx)
60 {
61 assuan_fd_t fd = ctx->connected_fd;
62
63 TRACE (ctx, ASSUAN_LOG_SYSIO, "accept_connection_bottom", ctx);
64
65 ctx->peercred_valid = 0;
66 #ifdef SO_PEERCRED
67 {
68 #ifdef HAVE_STRUCT_SOCKPEERCRED_PID
69 struct sockpeercred cr; /* OpenBSD */
70 #else
71 struct ucred cr; /* GNU/Linux */
72 #endif
73 socklen_t cl = sizeof cr;
74
75 if (!getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &cr, &cl))
76 {
77 ctx->peercred_valid = 1;
78 ctx->peercred.pid = cr.pid;
79 ctx->peercred.uid = cr.uid;
80 ctx->peercred.gid = cr.gid;
81 }
82 }
83 #elif defined (LOCAL_PEERPID)
84 { /* macOS */
85 socklen_t len = sizeof (pid_t);
86
87 if (!getsockopt (fd, SOL_LOCAL, LOCAL_PEERPID, &ctx->peercred.pid, &len))
88 {
89 ctx->peercred_valid = 1;
90
91 #if defined (LOCAL_PEERCRED)
92 {
93 struct xucred cr;
94 len = sizeof (struct xucred);
95
96 if (!getsockopt (fd, SOL_LOCAL, LOCAL_PEERCRED, &cr, &len))
97 {
98 ctx->peercred.uid = cr.cr_uid;
99 ctx->peercred.gid = cr.cr_gid;
100 }
101 }
102 #endif
103 }
104 }
105 #elif defined (LOCAL_PEEREID)
106 { /* NetBSD */
107 struct unpcbid unp;
108 socklen_t unpl = sizeof unp;
109
110 if (getsockopt (fd, 0, LOCAL_PEEREID, &unp, &unpl) != -1)
111 {
112 ctx->peercred_valid = 1;
113 ctx->peercred.pid = unp.unp_pid;
114 ctx->peercred.uid = unp.unp_euid;
115 ctx->peercred.gid = unp.unp_egid;
116 }
117 }
118 #elif defined (HAVE_GETPEERUCRED)
119 { /* Solaris */
120 ucred_t *ucred = NULL;
121
122 if (getpeerucred (fd, &ucred) != -1)
123 {
124 ctx->peercred_valid = 1;
125 ctx->peercred.pid = ucred_getpid (ucred);
126 ctx->peercred.uid = ucred_geteuid (ucred);
127 ctx->peercred.gid = ucred_getegid (ucred);
128
129 ucred_free (ucred);
130 }
131 }
132 #elif defined(HAVE_GETPEEREID)
133 { /* FreeBSD */
134 if (getpeereid (fd, &ctx->peercred.uid, &ctx->peercred.gid) != -1)
135 {
136 ctx->peercred_valid = 1;
137 ctx->peercred.pid = ASSUAN_INVALID_PID;
138 }
139 }
140 #endif
141
142 /* This overrides any already set PID if the function returns
143 a valid one. */
144 if (ctx->peercred_valid && ctx->peercred.pid != ASSUAN_INVALID_PID)
145 ctx->pid = ctx->peercred.pid;
146
147 ctx->inbound.fd = fd;
148 ctx->inbound.eof = 0;
149 ctx->inbound.linelen = 0;
150 ctx->inbound.attic.linelen = 0;
151 ctx->inbound.attic.pending = 0;
152
153 ctx->outbound.fd = fd;
154 ctx->outbound.data.linelen = 0;
155 ctx->outbound.data.error = 0;
156
157 ctx->flags.confidential = 0;
158
159 return 0;
160 }
161
162
163 static gpg_error_t
accept_connection(assuan_context_t ctx)164 accept_connection (assuan_context_t ctx)
165 {
166 assuan_fd_t fd;
167 struct sockaddr_un clnt_addr;
168 socklen_t len = sizeof clnt_addr;
169
170 TRACE1 (ctx, ASSUAN_LOG_SYSIO, "accept_connection", ctx,
171 "listen_fd=0x%x", ctx->listen_fd);
172
173 fd = SOCKET2HANDLE(accept (HANDLE2SOCKET(ctx->listen_fd),
174 (struct sockaddr*)&clnt_addr, &len ));
175 if (fd == ASSUAN_INVALID_FD)
176 {
177 return _assuan_error (ctx, gpg_err_code_from_syserror ());
178 }
179 TRACE1 (ctx, ASSUAN_LOG_SYSIO, "accept_connection", ctx,
180 "fd->0x%x", fd);
181 if (_assuan_sock_check_nonce (ctx, fd, &ctx->listen_nonce))
182 {
183 _assuan_close (ctx, fd);
184 return _assuan_error (ctx, GPG_ERR_ASS_ACCEPT_FAILED);
185 }
186
187 ctx->connected_fd = fd;
188 return accept_connection_bottom (ctx);
189 }
190
191
192 /*
193 Flag bits: 0 - use sendmsg/recvmsg to allow descriptor passing
194 1 - FD has already been accepted.
195 */
196 gpg_error_t
assuan_init_socket_server(assuan_context_t ctx,assuan_fd_t fd,unsigned int flags)197 assuan_init_socket_server (assuan_context_t ctx, assuan_fd_t fd,
198 unsigned int flags)
199 {
200 gpg_error_t rc;
201 TRACE_BEG2 (ctx, ASSUAN_LOG_CTX, "assuan_init_socket_server", ctx,
202 "fd=0x%x, flags=0x%x", fd, flags);
203
204 rc = _assuan_register_std_commands (ctx);
205 if (rc)
206 return TRACE_ERR (rc);
207
208 ctx->engine.release = _assuan_server_release;
209 ctx->engine.readfnc = _assuan_simple_read;
210 ctx->engine.writefnc = _assuan_simple_write;
211 ctx->engine.sendfd = NULL;
212 ctx->engine.receivefd = NULL;
213 ctx->is_server = 1;
214 if (flags & ASSUAN_SOCKET_SERVER_ACCEPTED)
215 /* We want a second accept to indicate EOF. */
216 ctx->max_accepts = 1;
217 else
218 ctx->max_accepts = -1;
219 ctx->input_fd = ASSUAN_INVALID_FD;
220 ctx->output_fd = ASSUAN_INVALID_FD;
221
222 ctx->inbound.fd = ASSUAN_INVALID_FD;
223 ctx->outbound.fd = ASSUAN_INVALID_FD;
224
225 if (flags & ASSUAN_SOCKET_SERVER_ACCEPTED)
226 {
227 ctx->listen_fd = ASSUAN_INVALID_FD;
228 ctx->connected_fd = fd;
229 }
230 else
231 {
232 ctx->listen_fd = fd;
233 ctx->connected_fd = ASSUAN_INVALID_FD;
234 }
235 ctx->accept_handler = ((flags & ASSUAN_SOCKET_SERVER_ACCEPTED)
236 ? accept_connection_bottom
237 : accept_connection);
238 ctx->finish_handler = _assuan_server_finish;
239
240 if (flags & ASSUAN_SOCKET_SERVER_FDPASSING)
241 _assuan_init_uds_io (ctx);
242
243 rc = _assuan_register_std_commands (ctx);
244 if (rc)
245 _assuan_reset (ctx);
246 return TRACE_ERR (rc);
247 }
248
249
250 /* Save a copy of NONCE in context CTX. This should be used to
251 register the server's nonce with an context established by
252 assuan_init_socket_server. */
253 void
assuan_set_sock_nonce(assuan_context_t ctx,assuan_sock_nonce_t * nonce)254 assuan_set_sock_nonce (assuan_context_t ctx, assuan_sock_nonce_t *nonce)
255 {
256 if (ctx && nonce)
257 ctx->listen_nonce = *nonce;
258 }
259