1 /* Copyright StrongLoop, Inc. All rights reserved.
2  *
3  * Permission is hereby granted, free of charge, to any person obtaining a copy
4  * of this software and associated documentation files (the "Software"), to
5  * deal in the Software without restriction, including without limitation the
6  * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
7  * sell copies of the Software, and to permit persons to whom the Software is
8  * furnished to do so, subject to the following conditions:
9  *
10  * The above copyright notice and this permission notice shall be included in
11  * all copies or substantial portions of the Software.
12  *
13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
18  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
19  * IN THE SOFTWARE.
20  */
21 
22 #include "defs.h"
23 #include <netinet/in.h>  /* INET6_ADDRSTRLEN */
24 #include <stdlib.h>
25 #include <string.h>
26 
27 #ifndef INET6_ADDRSTRLEN
28 # define INET6_ADDRSTRLEN 63
29 #endif
30 
31 typedef struct {
32   uv_getaddrinfo_t getaddrinfo_req;
33   server_config config;
34   server_ctx *servers;
35   uv_loop_t *loop;
36 } server_state;
37 
38 static void do_bind(uv_getaddrinfo_t *req, int status, struct addrinfo *ai);
39 static void on_connection(uv_stream_t *server, int status);
40 
server_run(const server_config * cf,uv_loop_t * loop)41 int server_run(const server_config *cf, uv_loop_t *loop) {
42   struct addrinfo hints;
43   server_state state;
44   int err;
45 
46   memset(&state, 0, sizeof(state));
47   state.servers = NULL;
48   state.config = *cf;
49   state.loop = loop;
50 
51   /* Resolve the address of the interface that we should bind to.
52    * The getaddrinfo callback starts the server and everything else.
53    */
54   memset(&hints, 0, sizeof(hints));
55   hints.ai_family = AF_UNSPEC;
56   hints.ai_socktype = SOCK_STREAM;
57   hints.ai_protocol = IPPROTO_TCP;
58 
59   err = uv_getaddrinfo(loop,
60                        &state.getaddrinfo_req,
61                        do_bind,
62                        cf->bind_host,
63                        NULL,
64                        &hints);
65   if (err != 0) {
66     pr_err("getaddrinfo: %s", uv_strerror(err));
67     return err;
68   }
69 
70   /* Start the event loop.  Control continues in do_bind(). */
71   if (uv_run(loop, UV_RUN_DEFAULT)) {
72     abort();
73   }
74 
75   /* Please Valgrind. */
76   uv_loop_delete(loop);
77   free(state.servers);
78   return 0;
79 }
80 
81 /* Bind a server to each address that getaddrinfo() reported. */
do_bind(uv_getaddrinfo_t * req,int status,struct addrinfo * addrs)82 static void do_bind(uv_getaddrinfo_t *req, int status, struct addrinfo *addrs) {
83   char addrbuf[INET6_ADDRSTRLEN + 1];
84   unsigned int ipv4_naddrs;
85   unsigned int ipv6_naddrs;
86   server_state *state;
87   server_config *cf;
88   struct addrinfo *ai;
89   const void *addrv;
90   const char *what;
91   uv_loop_t *loop;
92   server_ctx *sx;
93   unsigned int n;
94   int err;
95   union {
96     struct sockaddr addr;
97     struct sockaddr_in addr4;
98     struct sockaddr_in6 addr6;
99   } s;
100 
101   state = CONTAINER_OF(req, server_state, getaddrinfo_req);
102   loop = state->loop;
103   cf = &state->config;
104 
105   if (status < 0) {
106     pr_err("getaddrinfo(\"%s\"): %s", cf->bind_host, uv_strerror(status));
107     uv_freeaddrinfo(addrs);
108     return;
109   }
110 
111   ipv4_naddrs = 0;
112   ipv6_naddrs = 0;
113   for (ai = addrs; ai != NULL; ai = ai->ai_next) {
114     if (ai->ai_family == AF_INET) {
115       ipv4_naddrs += 1;
116     } else if (ai->ai_family == AF_INET6) {
117       ipv6_naddrs += 1;
118     }
119   }
120 
121   if (ipv4_naddrs == 0 && ipv6_naddrs == 0) {
122     pr_err("%s has no IPv4/6 addresses", cf->bind_host);
123     uv_freeaddrinfo(addrs);
124     return;
125   }
126 
127   state->servers =
128       xmalloc((ipv4_naddrs + ipv6_naddrs) * sizeof(state->servers[0]));
129 
130   n = 0;
131   for (ai = addrs; ai != NULL; ai = ai->ai_next) {
132     if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) {
133       continue;
134     }
135 
136     if (ai->ai_family == AF_INET) {
137       s.addr4 = *(const struct sockaddr_in *) ai->ai_addr;
138       s.addr4.sin_port = htons(cf->bind_port);
139       addrv = &s.addr4.sin_addr;
140     } else if (ai->ai_family == AF_INET6) {
141       s.addr6 = *(const struct sockaddr_in6 *) ai->ai_addr;
142       s.addr6.sin6_port = htons(cf->bind_port);
143       addrv = &s.addr6.sin6_addr;
144     } else {
145       UNREACHABLE();
146     }
147 
148     if (uv_inet_ntop(s.addr.sa_family, addrv, addrbuf, sizeof(addrbuf))) {
149       UNREACHABLE();
150     }
151 
152     sx = state->servers + n;
153     sx->loop = loop;
154     sx->idle_timeout = state->config.idle_timeout;
155     CHECK(0 == uv_tcp_init(loop, &sx->tcp_handle));
156 
157     what = "uv_tcp_bind";
158     err = uv_tcp_bind(&sx->tcp_handle, &s.addr, 0);
159     if (err == 0) {
160       what = "uv_listen";
161       err = uv_listen((uv_stream_t *) &sx->tcp_handle, 128, on_connection);
162     }
163 
164     if (err != 0) {
165       pr_err("%s(\"%s:%hu\"): %s",
166              what,
167              addrbuf,
168              cf->bind_port,
169              uv_strerror(err));
170       while (n > 0) {
171         n -= 1;
172         uv_close((uv_handle_t *) (state->servers + n), NULL);
173       }
174       break;
175     }
176 
177     pr_info("listening on %s:%hu", addrbuf, cf->bind_port);
178     n += 1;
179   }
180 
181   uv_freeaddrinfo(addrs);
182 }
183 
on_connection(uv_stream_t * server,int status)184 static void on_connection(uv_stream_t *server, int status) {
185   server_ctx *sx;
186   client_ctx *cx;
187 
188   CHECK(status == 0);
189   sx = CONTAINER_OF(server, server_ctx, tcp_handle);
190   cx = xmalloc(sizeof(*cx));
191   CHECK(0 == uv_tcp_init(sx->loop, &cx->incoming.handle.tcp));
192   CHECK(0 == uv_accept(server, &cx->incoming.handle.stream));
193   client_finish_init(sx, cx);
194 }
195 
can_auth_none(const server_ctx * sx,const client_ctx * cx)196 int can_auth_none(const server_ctx *sx, const client_ctx *cx) {
197   return 1;
198 }
199 
can_auth_passwd(const server_ctx * sx,const client_ctx * cx)200 int can_auth_passwd(const server_ctx *sx, const client_ctx *cx) {
201   return 0;
202 }
203 
can_access(const server_ctx * sx,const client_ctx * cx,const struct sockaddr * addr)204 int can_access(const server_ctx *sx,
205                const client_ctx *cx,
206                const struct sockaddr *addr) {
207   const struct sockaddr_in6 *addr6;
208   const struct sockaddr_in *addr4;
209   const uint32_t *p;
210   uint32_t a;
211   uint32_t b;
212   uint32_t c;
213   uint32_t d;
214 
215   /* TODO(bnoordhuis) Implement proper access checks.  For now, just reject
216    * traffic to localhost.
217    */
218   if (addr->sa_family == AF_INET) {
219     addr4 = (const struct sockaddr_in *) addr;
220     d = ntohl(addr4->sin_addr.s_addr);
221     return (d >> 24) != 0x7F;
222   }
223 
224   if (addr->sa_family == AF_INET6) {
225     addr6 = (const struct sockaddr_in6 *) addr;
226     p = (const uint32_t *) &addr6->sin6_addr.s6_addr;
227     a = ntohl(p[0]);
228     b = ntohl(p[1]);
229     c = ntohl(p[2]);
230     d = ntohl(p[3]);
231     if (a == 0 && b == 0 && c == 0 && d == 1) {
232       return 0;  /* "::1" style address. */
233     }
234     if (a == 0 && b == 0 && c == 0xFFFF && (d >> 24) == 0x7F) {
235       return 0;  /* "::ffff:127.x.x.x" style address. */
236     }
237     return 1;
238   }
239 
240   return 0;
241 }
242