1 /* Copyright StrongLoop, Inc. All rights reserved.
2 *
3 * Permission is hereby granted, free of charge, to any person obtaining a copy
4 * of this software and associated documentation files (the "Software"), to
5 * deal in the Software without restriction, including without limitation the
6 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
7 * sell copies of the Software, and to permit persons to whom the Software is
8 * furnished to do so, subject to the following conditions:
9 *
10 * The above copyright notice and this permission notice shall be included in
11 * all copies or substantial portions of the Software.
12 *
13 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
18 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
19 * IN THE SOFTWARE.
20 */
21
22 #include "defs.h"
23 #include <netinet/in.h> /* INET6_ADDRSTRLEN */
24 #include <stdlib.h>
25 #include <string.h>
26
27 #ifndef INET6_ADDRSTRLEN
28 # define INET6_ADDRSTRLEN 63
29 #endif
30
31 typedef struct {
32 uv_getaddrinfo_t getaddrinfo_req;
33 server_config config;
34 server_ctx *servers;
35 uv_loop_t *loop;
36 } server_state;
37
38 static void do_bind(uv_getaddrinfo_t *req, int status, struct addrinfo *ai);
39 static void on_connection(uv_stream_t *server, int status);
40
server_run(const server_config * cf,uv_loop_t * loop)41 int server_run(const server_config *cf, uv_loop_t *loop) {
42 struct addrinfo hints;
43 server_state state;
44 int err;
45
46 memset(&state, 0, sizeof(state));
47 state.servers = NULL;
48 state.config = *cf;
49 state.loop = loop;
50
51 /* Resolve the address of the interface that we should bind to.
52 * The getaddrinfo callback starts the server and everything else.
53 */
54 memset(&hints, 0, sizeof(hints));
55 hints.ai_family = AF_UNSPEC;
56 hints.ai_socktype = SOCK_STREAM;
57 hints.ai_protocol = IPPROTO_TCP;
58
59 err = uv_getaddrinfo(loop,
60 &state.getaddrinfo_req,
61 do_bind,
62 cf->bind_host,
63 NULL,
64 &hints);
65 if (err != 0) {
66 pr_err("getaddrinfo: %s", uv_strerror(err));
67 return err;
68 }
69
70 /* Start the event loop. Control continues in do_bind(). */
71 if (uv_run(loop, UV_RUN_DEFAULT)) {
72 abort();
73 }
74
75 /* Please Valgrind. */
76 uv_loop_delete(loop);
77 free(state.servers);
78 return 0;
79 }
80
81 /* Bind a server to each address that getaddrinfo() reported. */
do_bind(uv_getaddrinfo_t * req,int status,struct addrinfo * addrs)82 static void do_bind(uv_getaddrinfo_t *req, int status, struct addrinfo *addrs) {
83 char addrbuf[INET6_ADDRSTRLEN + 1];
84 unsigned int ipv4_naddrs;
85 unsigned int ipv6_naddrs;
86 server_state *state;
87 server_config *cf;
88 struct addrinfo *ai;
89 const void *addrv;
90 const char *what;
91 uv_loop_t *loop;
92 server_ctx *sx;
93 unsigned int n;
94 int err;
95 union {
96 struct sockaddr addr;
97 struct sockaddr_in addr4;
98 struct sockaddr_in6 addr6;
99 } s;
100
101 state = CONTAINER_OF(req, server_state, getaddrinfo_req);
102 loop = state->loop;
103 cf = &state->config;
104
105 if (status < 0) {
106 pr_err("getaddrinfo(\"%s\"): %s", cf->bind_host, uv_strerror(status));
107 uv_freeaddrinfo(addrs);
108 return;
109 }
110
111 ipv4_naddrs = 0;
112 ipv6_naddrs = 0;
113 for (ai = addrs; ai != NULL; ai = ai->ai_next) {
114 if (ai->ai_family == AF_INET) {
115 ipv4_naddrs += 1;
116 } else if (ai->ai_family == AF_INET6) {
117 ipv6_naddrs += 1;
118 }
119 }
120
121 if (ipv4_naddrs == 0 && ipv6_naddrs == 0) {
122 pr_err("%s has no IPv4/6 addresses", cf->bind_host);
123 uv_freeaddrinfo(addrs);
124 return;
125 }
126
127 state->servers =
128 xmalloc((ipv4_naddrs + ipv6_naddrs) * sizeof(state->servers[0]));
129
130 n = 0;
131 for (ai = addrs; ai != NULL; ai = ai->ai_next) {
132 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) {
133 continue;
134 }
135
136 if (ai->ai_family == AF_INET) {
137 s.addr4 = *(const struct sockaddr_in *) ai->ai_addr;
138 s.addr4.sin_port = htons(cf->bind_port);
139 addrv = &s.addr4.sin_addr;
140 } else if (ai->ai_family == AF_INET6) {
141 s.addr6 = *(const struct sockaddr_in6 *) ai->ai_addr;
142 s.addr6.sin6_port = htons(cf->bind_port);
143 addrv = &s.addr6.sin6_addr;
144 } else {
145 UNREACHABLE();
146 }
147
148 if (uv_inet_ntop(s.addr.sa_family, addrv, addrbuf, sizeof(addrbuf))) {
149 UNREACHABLE();
150 }
151
152 sx = state->servers + n;
153 sx->loop = loop;
154 sx->idle_timeout = state->config.idle_timeout;
155 CHECK(0 == uv_tcp_init(loop, &sx->tcp_handle));
156
157 what = "uv_tcp_bind";
158 err = uv_tcp_bind(&sx->tcp_handle, &s.addr, 0);
159 if (err == 0) {
160 what = "uv_listen";
161 err = uv_listen((uv_stream_t *) &sx->tcp_handle, 128, on_connection);
162 }
163
164 if (err != 0) {
165 pr_err("%s(\"%s:%hu\"): %s",
166 what,
167 addrbuf,
168 cf->bind_port,
169 uv_strerror(err));
170 while (n > 0) {
171 n -= 1;
172 uv_close((uv_handle_t *) (state->servers + n), NULL);
173 }
174 break;
175 }
176
177 pr_info("listening on %s:%hu", addrbuf, cf->bind_port);
178 n += 1;
179 }
180
181 uv_freeaddrinfo(addrs);
182 }
183
on_connection(uv_stream_t * server,int status)184 static void on_connection(uv_stream_t *server, int status) {
185 server_ctx *sx;
186 client_ctx *cx;
187
188 CHECK(status == 0);
189 sx = CONTAINER_OF(server, server_ctx, tcp_handle);
190 cx = xmalloc(sizeof(*cx));
191 CHECK(0 == uv_tcp_init(sx->loop, &cx->incoming.handle.tcp));
192 CHECK(0 == uv_accept(server, &cx->incoming.handle.stream));
193 client_finish_init(sx, cx);
194 }
195
can_auth_none(const server_ctx * sx,const client_ctx * cx)196 int can_auth_none(const server_ctx *sx, const client_ctx *cx) {
197 return 1;
198 }
199
can_auth_passwd(const server_ctx * sx,const client_ctx * cx)200 int can_auth_passwd(const server_ctx *sx, const client_ctx *cx) {
201 return 0;
202 }
203
can_access(const server_ctx * sx,const client_ctx * cx,const struct sockaddr * addr)204 int can_access(const server_ctx *sx,
205 const client_ctx *cx,
206 const struct sockaddr *addr) {
207 const struct sockaddr_in6 *addr6;
208 const struct sockaddr_in *addr4;
209 const uint32_t *p;
210 uint32_t a;
211 uint32_t b;
212 uint32_t c;
213 uint32_t d;
214
215 /* TODO(bnoordhuis) Implement proper access checks. For now, just reject
216 * traffic to localhost.
217 */
218 if (addr->sa_family == AF_INET) {
219 addr4 = (const struct sockaddr_in *) addr;
220 d = ntohl(addr4->sin_addr.s_addr);
221 return (d >> 24) != 0x7F;
222 }
223
224 if (addr->sa_family == AF_INET6) {
225 addr6 = (const struct sockaddr_in6 *) addr;
226 p = (const uint32_t *) &addr6->sin6_addr.s6_addr;
227 a = ntohl(p[0]);
228 b = ntohl(p[1]);
229 c = ntohl(p[2]);
230 d = ntohl(p[3]);
231 if (a == 0 && b == 0 && c == 0 && d == 1) {
232 return 0; /* "::1" style address. */
233 }
234 if (a == 0 && b == 0 && c == 0xFFFF && (d >> 24) == 0x7F) {
235 return 0; /* "::ffff:127.x.x.x" style address. */
236 }
237 return 1;
238 }
239
240 return 0;
241 }
242