Annotation of fam/fam/TCP_Client.c++, Revision 1.1.1.1
1.1 trev 1: // Copyright (C) 1999 Silicon Graphics, Inc. All Rights Reserved.
2: //
3: // This program is free software; you can redistribute it and/or modify it
4: // under the terms of version 2 of the GNU General Public License as
5: // published by the Free Software Foundation.
6: //
7: // This program is distributed in the hope that it would be useful, but
8: // WITHOUT ANY WARRANTY; without even the implied warranty of
9: // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Further, any
10: // license provided herein, whether implied or otherwise, is limited to
11: // this program in accordance with the express provisions of the GNU
12: // General Public License. Patent licenses, if any, provided herein do not
13: // apply to combinations of this program with other product or programs, or
14: // any other product whatsoever. This program is distributed without any
15: // warranty that the program is delivered free of the rightful claim of any
16: // third person by way of infringement or the like. See the GNU General
17: // Public License for more details.
18: //
19: // You should have received a copy of the GNU General Public License along
20: // with this program; if not, write the Free Software Foundation, Inc., 59
21: // Temple Place - Suite 330, Boston MA 02111-1307, USA.
22:
23: #include "TCP_Client.h"
24:
25: #include <assert.h>
26: #include <ctype.h>
27: #include <stdio.h>
28: #include <stdlib.h>
29: #include <string.h>
30: #include <unistd.h>
31:
32: #include "Cred.h"
33: #include "Event.h"
34: #include "Interest.h"
35: #include "Log.h"
36: #include "Scanner.h"
37: #include "Listener.h"
38:
39: //////////////////////////////////////////////////////////////////////////////
40: // Construction/destruction
41:
42: TCP_Client::TCP_Client(in_addr host, int fd, Cred &cr)
43: : MxClient(host), cred(cr), my_scanner(NULL),
44: conn(fd, input_handler, unblock_handler, this),
45: insecure_compat_suggested(false)
46: {
47: assert(fd >= 0);
48:
49: // Set client's name.
50:
51: char namebuf[20];
52: sprintf(namebuf, "client %d", fd);
53: name(namebuf);
54: Log::debug("new connection from %s", name());
55: }
56:
57: TCP_Client::~TCP_Client()
58: {
59: }
60:
61: //////////////////////////////////////////////////////////////////////////////
62: // Input
63:
64: bool
65: TCP_Client::input_handler(const char *msg, unsigned nbytes, void *closure)
66: {
67: TCP_Client *client = (TCP_Client *) closure;
68: if (msg) {
69: return client->input_msg(msg, nbytes);
70: }
71: else
72: { Log::debug("lost connection from %s", client->name());
73: delete client; // NULL msg means connection closed.
74: return true;
75: }
76: }
77:
78: bool
79: TCP_Client::input_msg(const char *msg, int size)
80: {
81: // Parse the first message.
82: // The first message is:
83: // opcode, request number, uid, gid, file name.
84:
85: // If there's an error parsing the message, return false to cause
86: // the connection to the misbehaving client to be closed.
87:
88: bool got_N_with_groups = false;
89: char *p = (char *) msg, *q;
90: char opcode = *p++;
91: Request reqnum = strtol(p, &q, 10);
92: if (p == q)
93: {
94: Log::error("bad message (no request id)");
95: return false;
96: }
97: p = q;
98: uid_t uid = strtol(p, &q, 10);
99: if (p == q)
100: {
101: Log::error("bad message (no uid)");
102: return false;
103: }
104: p = q;
105: gid_t gid = strtol(p, &q, 10);
106: if (p == q)
107: {
108: Log::error("bad message (no gid)");
109: return false;
110: }
111: p = q;
112:
113: // Advance past the space
114: p++;
115:
116: char filename[PATH_MAX + 1];
117: int i;
118: for (i = 0; *p; i++)
119: { if (i >= PATH_MAX)
120: { Log::error("%s path name too long (%d chars)", name(), i);
121: return false;
122: }
123: filename[i] = *p++;
124: }
125: filename[i] = '\0';
126: if (i > 0 && filename[i - 1] == '\n')
127: filename[i - 1] = '\0'; // strip the trailing newline
128: p++;
129:
130: // Parse the second message, if any.
131: // The second message is:
132: // ngroups, group, group, group ...
133:
134: // This is a raging kludge. got_N_with_groups is how a client says
135: // "create a UNIX domain socket for local communication with me."
136: // You guessed that, right?
137: //
138: // The reason it's done this way, rather than by having fam listen
139: // for connections from local clients on a unix domain socket in addition
140: // to the internet domain socket, is that when fam is started by inetd,
141: // the first client would have to connect on the internet domain socket
142: // anyway to make inetd exec fam.
143: if ((opcode == 'N') && (p < msg + size - 1)) got_N_with_groups = true;
144:
145: // If no Cred is set on the connection, that means we trust the uid
146: // & gids supplied in the message.
147: Cred msg_cred = cred;
148: if (!msg_cred.is_valid())
149: {
150: gid_t *grouplist = &gid;
151: int ngroups = 1;
152: if (p < msg + size - 1)
153: {
154: ngroups += strtol(p, &p, 10);
155: int maxgroups = sysconf(_SC_NGROUPS_MAX);
156:
157: if (ngroups > maxgroups)
158: {
159: Log::info("message contained %i groups, but group list was"
160: " truncated to %i because of _SC_NGROUPS_MAX",
161: ngroups, maxgroups);
162: ngroups = maxgroups;
163: }
164: grouplist = new gid_t[ngroups];
165: grouplist[0] = gid;
166: for (int i = 1; i < ngroups; i++)
167: {
168: grouplist[i] = strtol(p, &q, 10);
169: if (p == q)
170: {
171: Log::error("bad message (%d additional groups expected, %d found)", ngroups - 1, i);
172: ngroups = i;
173: break;
174: }
175: p = q;
176: }
177: }
178:
179: Cred c(uid, ngroups, grouplist, conn.get_fd());
180: msg_cred = c;
181: if (grouplist != &gid) delete [] grouplist;
182: }
183:
184: // Process the message.
185:
186: switch (opcode)
187: {
188: case 'W': // Monitor File
189: {
190: Log::debug("%s said: request %d monitor file \"%s\"",
191: name(), reqnum, filename);
192: monitor_file(reqnum, filename, msg_cred);
193: break;
194: }
195: case 'M': // Monitor Directory
196: Log::debug("%s said: request %d monitor dir \"%s\"",
197: name(), reqnum, filename);
198: monitor_dir(reqnum, filename, msg_cred);
199: break;
200:
201: case 'C': // Cancel
202: Log::debug("%s said: cancel request %d", name(), reqnum);
203: cancel(reqnum);
204: break;
205:
206: case 'S': // Suspend
207: Log::debug("%s said: suspend request %d", name(), reqnum);
208: MxClient::suspend(reqnum);
209: break;
210:
211: case 'U': // Resume
212: Log::debug("%s said: resume request %d", name(), reqnum);
213: MxClient::resume(reqnum);
214: break;
215:
216: case 'N': // Client Name
217: Log::debug("%s said: %s is %s, and %s a unix domain socket",
218: name(), name(), filename,
219: (got_N_with_groups ? "wants" : "doesn't want"));
220: if (*filename && strcmp(filename, "test"))
221: name(filename); // set this client's name
222:
223: // Check to see whether this client wants to switch to a unix
224: // domain socket. Create it owned by the uid the client says
225: // they're running as.
226: if (got_N_with_groups) Listener::create_local_client(*this, uid);
227:
228: break;
229:
230: //
231: // Ignore these obsolete messages.
232: //
233: case 'D':
234: case 'V':
235: case 'E':
236: break;
237:
238: default:
239: Log::error("%s said unknown request '%c' ('\\%3o')",
240: name(), opcode, opcode & 0377);
241: return false;
242: }
243:
244: return true;
245: }
246:
247: //////////////////////////////////////////////////////////////////////////////
248: // Output
249:
250: void
251: TCP_Client::unblock_handler(void *closure)
252: {
253: TCP_Client *client = (TCP_Client *) closure;
254:
255: // Continue scanner, if any.
256:
257: Scanner *scanner = client->my_scanner;
258: if (scanner)
259: { if (scanner->done())
260: client->my_scanner = NULL;
261: else
262: return;
263: }
264:
265: // After scanner has run, scan more interests.
266:
267: Interest *ip;
268: while (client->ready_for_events() && (ip = client->to_be_scanned.first()))
269: { client->to_be_scanned.remove(ip);
270: ip->scan();
271: }
272:
273: // Enable input if all enqueued work is done.
274:
275: if (client->ready_for_events())
276: client->conn.ready_for_input(true);
277: }
278:
279: bool
280: TCP_Client::ready_for_events()
281: {
282: return conn.ready_for_output();
283: }
284:
285: void
286: TCP_Client::enqueue_for_scan(Interest *ip)
287: {
288: if (!to_be_scanned.size())
289: conn.ready_for_input(false);
290: to_be_scanned.insert(ip);
291: }
292:
293: void
294: TCP_Client::dequeue_from_scan(Interest *ip)
295: {
296: to_be_scanned.remove(ip);
297: if (!to_be_scanned.size())
298: conn.ready_for_input(true);
299: }
300:
301: void
302: TCP_Client::enqueue_scanner(Scanner *sp)
303: {
304: assert(!my_scanner);
305: my_scanner = sp;
306: conn.ready_for_input(false);
307: }
308:
309: void
310: TCP_Client::post_event(const Event& event, Request request, const char *path)
311: {
312: conn.send_event(event, request, path);
313: Log::debug("sent event to %s: request %d \"%s\" %s",
314: name(), request, path, event.name());
315: }
316:
317: //////////////////////////////////////////////////////////////////////////////
318: // Random kludges
319:
320: // If we're not running in insecure_compatibility mode,
321: // and we haven't already logged a message for this connection,
322: // put a message in the syslog saying "this client was denied...
323: // try insecure_compat mode."
324: void
325: TCP_Client::suggest_insecure_compat(const char *path)
326: {
327: if (insecure_compat_suggested) return;
328:
329: // if cred isn't valid it could be a remote connection.
330: if ((cred.is_valid()) &&
331: (!Cred::insecure_compat_enabled()) &&
332: (cred.uid() == Cred::get_untrusted_uid()))
333: {
334: // XXX add a config option to turn off this message!
335: Log::log(Log::INFO, "Client \"%s\", whose requests are being serviced "
336: "as uid %d, was denied access on %s. If this client might "
337: "be running as uid %d because it failed authentication, you "
338: "might disable authentication. See the fam(1M) man page.",
339: name(), cred.uid(), path, cred.uid());
340: insecure_compat_suggested = true;
341: }
342: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to TCP_Client.c++ CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [Development] / fam / fam