1 /* assuan-socket-server.c - Assuan socket based server
2  * Copyright (C) 2002, 2007, 2009 Free Software Foundation, Inc.
3  *
4  * This file is part of Assuan.
5  *
6  * Assuan is free software; you can redistribute it and/or modify it
7  * under the terms of the GNU Lesser General Public License as
8  * published by the Free Software Foundation; either version 2.1 of
9  * the License, or (at your option) any later version.
10  *
11  * Assuan is distributed in the hope that it will be useful, but
12  * WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this program; if not, see <http://www.gnu.org/licenses/>.
18  * SPDX-License-Identifier: LGPL-2.1+
19  */
20 
21 #ifdef HAVE_CONFIG_H
22 #include <config.h>
23 #endif
24 
25 #include <stdlib.h>
26 #include <stdio.h>
27 #include <errno.h>
28 #ifdef HAVE_UNISTD_H
29 # include <unistd.h>
30 #endif
31 #ifdef HAVE_SYS_TYPES_H
32 # include <sys/types.h>
33 #endif
34 #ifdef HAVE_W32_SYSTEM
35 # ifdef HAVE_WINSOCK2_H
36 #  include <winsock2.h>
37 # endif
38 # include <windows.h>
39 # if HAVE_SYS_SOCKET_H
40 #  include <sys/socket.h>
41 # elif HAVE_WS2TCPIP_H
42 #  include <ws2tcpip.h>
43 # endif
44 #else
45 # include <sys/socket.h>
46 # include <sys/un.h>
47 #endif
48 #ifdef HAVE_SYS_UCRED_H
49 #include <sys/ucred.h>
50 #endif
51 #ifdef HAVE_UCRED_H
52 #include <ucred.h>
53 #endif
54 
55 #include "debug.h"
56 #include "assuan-defs.h"
57 
58 static gpg_error_t
accept_connection_bottom(assuan_context_t ctx)59 accept_connection_bottom (assuan_context_t ctx)
60 {
61   assuan_fd_t fd = ctx->connected_fd;
62 
63   TRACE (ctx, ASSUAN_LOG_SYSIO, "accept_connection_bottom", ctx);
64 
65   ctx->peercred_valid = 0;
66 #ifdef SO_PEERCRED
67   {
68 #ifdef HAVE_STRUCT_SOCKPEERCRED_PID
69     struct sockpeercred cr;     /* OpenBSD */
70 #else
71     struct ucred cr;            /* GNU/Linux */
72 #endif
73     socklen_t cl = sizeof cr;
74 
75     if (!getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &cr, &cl))
76       {
77         ctx->peercred_valid = 1;
78         ctx->peercred.pid = cr.pid;
79         ctx->peercred.uid = cr.uid;
80         ctx->peercred.gid = cr.gid;
81       }
82   }
83 #elif defined (LOCAL_PEERPID)
84   {                             /* macOS */
85     socklen_t len = sizeof (pid_t);
86 
87     if (!getsockopt (fd, SOL_LOCAL, LOCAL_PEERPID, &ctx->peercred.pid, &len))
88       {
89         ctx->peercred_valid = 1;
90 
91 #if defined (LOCAL_PEERCRED)
92         {
93           struct xucred cr;
94           len = sizeof (struct xucred);
95 
96           if (!getsockopt (fd, SOL_LOCAL, LOCAL_PEERCRED, &cr, &len))
97             {
98               ctx->peercred.uid = cr.cr_uid;
99               ctx->peercred.gid = cr.cr_gid;
100             }
101         }
102 #endif
103       }
104   }
105 #elif defined (LOCAL_PEEREID)
106   {                             /* NetBSD */
107     struct unpcbid unp;
108     socklen_t unpl = sizeof unp;
109 
110     if (getsockopt (fd, 0, LOCAL_PEEREID, &unp, &unpl) != -1)
111       {
112         ctx->peercred_valid = 1;
113         ctx->peercred.pid = unp.unp_pid;
114         ctx->peercred.uid = unp.unp_euid;
115         ctx->peercred.gid = unp.unp_egid;
116       }
117   }
118 #elif defined (HAVE_GETPEERUCRED)
119   {                             /* Solaris */
120     ucred_t *ucred = NULL;
121 
122     if (getpeerucred (fd, &ucred) != -1)
123       {
124         ctx->peercred_valid = 1;
125         ctx->peercred.pid = ucred_getpid (ucred);
126         ctx->peercred.uid = ucred_geteuid (ucred);
127         ctx->peercred.gid = ucred_getegid (ucred);
128 
129         ucred_free (ucred);
130       }
131   }
132 #elif defined(HAVE_GETPEEREID)
133   {                             /* FreeBSD */
134     if (getpeereid (fd, &ctx->peercred.uid, &ctx->peercred.gid) != -1)
135       {
136         ctx->peercred_valid = 1;
137         ctx->peercred.pid = ASSUAN_INVALID_PID;
138       }
139   }
140 #endif
141 
142   /* This overrides any already set PID if the function returns
143      a valid one. */
144   if (ctx->peercred_valid && ctx->peercred.pid != ASSUAN_INVALID_PID)
145     ctx->pid = ctx->peercred.pid;
146 
147   ctx->inbound.fd = fd;
148   ctx->inbound.eof = 0;
149   ctx->inbound.linelen = 0;
150   ctx->inbound.attic.linelen = 0;
151   ctx->inbound.attic.pending = 0;
152 
153   ctx->outbound.fd = fd;
154   ctx->outbound.data.linelen = 0;
155   ctx->outbound.data.error = 0;
156 
157   ctx->flags.confidential = 0;
158 
159   return 0;
160 }
161 
162 
163 static gpg_error_t
accept_connection(assuan_context_t ctx)164 accept_connection (assuan_context_t ctx)
165 {
166   assuan_fd_t fd;
167   struct sockaddr_un clnt_addr;
168   socklen_t len = sizeof clnt_addr;
169 
170   TRACE1 (ctx, ASSUAN_LOG_SYSIO, "accept_connection", ctx,
171          "listen_fd=0x%x", ctx->listen_fd);
172 
173   fd = SOCKET2HANDLE(accept (HANDLE2SOCKET(ctx->listen_fd),
174                              (struct sockaddr*)&clnt_addr, &len ));
175   if (fd == ASSUAN_INVALID_FD)
176     {
177       return _assuan_error (ctx, gpg_err_code_from_syserror ());
178     }
179   TRACE1 (ctx, ASSUAN_LOG_SYSIO, "accept_connection", ctx,
180           "fd->0x%x", fd);
181   if (_assuan_sock_check_nonce (ctx, fd, &ctx->listen_nonce))
182     {
183       _assuan_close (ctx, fd);
184       return _assuan_error (ctx, GPG_ERR_ASS_ACCEPT_FAILED);
185     }
186 
187   ctx->connected_fd = fd;
188   return accept_connection_bottom (ctx);
189 }
190 
191 
192 /*
193    Flag bits: 0 - use sendmsg/recvmsg to allow descriptor passing
194               1 - FD has already been accepted.
195 */
196 gpg_error_t
assuan_init_socket_server(assuan_context_t ctx,assuan_fd_t fd,unsigned int flags)197 assuan_init_socket_server (assuan_context_t ctx, assuan_fd_t fd,
198 			   unsigned int flags)
199 {
200   gpg_error_t rc;
201   TRACE_BEG2 (ctx, ASSUAN_LOG_CTX, "assuan_init_socket_server", ctx,
202 	      "fd=0x%x, flags=0x%x", fd, flags);
203 
204   rc = _assuan_register_std_commands (ctx);
205   if (rc)
206     return TRACE_ERR (rc);
207 
208   ctx->engine.release = _assuan_server_release;
209   ctx->engine.readfnc = _assuan_simple_read;
210   ctx->engine.writefnc = _assuan_simple_write;
211   ctx->engine.sendfd = NULL;
212   ctx->engine.receivefd = NULL;
213   ctx->is_server = 1;
214   if (flags & ASSUAN_SOCKET_SERVER_ACCEPTED)
215     /* We want a second accept to indicate EOF. */
216     ctx->max_accepts = 1;
217   else
218     ctx->max_accepts = -1;
219   ctx->input_fd = ASSUAN_INVALID_FD;
220   ctx->output_fd = ASSUAN_INVALID_FD;
221 
222   ctx->inbound.fd = ASSUAN_INVALID_FD;
223   ctx->outbound.fd = ASSUAN_INVALID_FD;
224 
225   if (flags & ASSUAN_SOCKET_SERVER_ACCEPTED)
226     {
227       ctx->listen_fd = ASSUAN_INVALID_FD;
228       ctx->connected_fd = fd;
229     }
230   else
231     {
232       ctx->listen_fd = fd;
233       ctx->connected_fd = ASSUAN_INVALID_FD;
234     }
235   ctx->accept_handler = ((flags & ASSUAN_SOCKET_SERVER_ACCEPTED)
236                          ? accept_connection_bottom
237                          : accept_connection);
238   ctx->finish_handler = _assuan_server_finish;
239 
240   if (flags & ASSUAN_SOCKET_SERVER_FDPASSING)
241     _assuan_init_uds_io (ctx);
242 
243   rc = _assuan_register_std_commands (ctx);
244   if (rc)
245     _assuan_reset (ctx);
246   return TRACE_ERR (rc);
247 }
248 
249 
250 /* Save a copy of NONCE in context CTX.  This should be used to
251    register the server's nonce with an context established by
252    assuan_init_socket_server.  */
253 void
assuan_set_sock_nonce(assuan_context_t ctx,assuan_sock_nonce_t * nonce)254 assuan_set_sock_nonce (assuan_context_t ctx, assuan_sock_nonce_t *nonce)
255 {
256   if (ctx && nonce)
257     ctx->listen_nonce = *nonce;
258 }
259