diff options
| -rw-r--r-- | source3/Makefile.in | 4 | ||||
| -rw-r--r-- | source3/configure.in | 8 | ||||
| -rw-r--r-- | source3/include/includes.h | 6 | ||||
| -rw-r--r-- | source3/include/socket_wrapper.h | 48 | ||||
| -rw-r--r-- | source3/lib/socket_wrapper.c | 467 |
5 files changed, 531 insertions, 2 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 8a39e56af0..ade84b6bad 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -181,6 +181,8 @@ ERRORMAP_OBJ = libsmb/errormap.o PASSCHANGE_OBJ = libsmb/passchange.o +SOCKET_WRAPPER_OBJ = lib/socket_wrapper.o + RPC_PARSE_OBJ0 = rpc_parse/parse_prs.o rpc_parse/parse_misc.o LIB_OBJ = $(VERSION_OBJ) lib/charcnv.o lib/debug.o lib/fault.o \ @@ -202,7 +204,7 @@ LIB_OBJ = $(VERSION_OBJ) lib/charcnv.o lib/debug.o lib/fault.o \ lib/pam_errors.o intl/lang_tdb.o lib/account_pol.o \ lib/adt_tree.o lib/gencache.o $(TDB_OBJ) \ lib/module.o lib/ldap_escape.o @CHARSET_STATIC@ \ - lib/privileges.o lib/secdesc.o lib/secace.o lib/secacl.o + lib/privileges.o lib/secdesc.o lib/secace.o lib/secacl.o @SOCKWRAP@ LIB_NONSMBD_OBJ = $(LIB_OBJ) lib/dummysmbd.o lib/dummyroot.o diff --git a/source3/configure.in b/source3/configure.in index fb73c8a58e..d84c543597 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -237,6 +237,14 @@ AC_ARG_ENABLE(debug, CFLAGS="${CFLAGS} -g" fi]) +AC_SUBST(SOCKWRAP) +AC_ARG_ENABLE(socket-wrapper, +[ --enable-socket-wrapper Turn on socket wrapper library (default=no)], + [if eval "test x$enable_socket_wrapper = xyes"; then + AC_DEFINE(SOCKET_WRAPPER,1,[Use socket wrapper library]) + SOCKWRAP="\$(SOCKET_WRAPPER_OBJ)" + fi]) + # compile with optimization and without debugging by default, but # allow people to set their own preference. # do this here since AC_CACHE_CHECK apparently sets the CFLAGS to "-g -O2" diff --git a/source3/include/includes.h b/source3/include/includes.h index a6db058708..1fabe44e0e 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -276,7 +276,6 @@ #include <net/if.h> #endif - #ifdef HAVE_SYS_MOUNT_H #include <sys/mount.h> #endif @@ -788,6 +787,11 @@ extern int errno; #define NGROUPS_MAX 32 /* Guess... */ #endif +#ifdef SOCKET_WRAPPER +#define SOCKET_WRAPPER_REPLACE +#include "include/socket_wrapper.h" +#endif + /* Our own pstrings and fstrings */ #include "pstring.h" diff --git a/source3/include/socket_wrapper.h b/source3/include/socket_wrapper.h new file mode 100644 index 0000000000..6da5a2980c --- /dev/null +++ b/source3/include/socket_wrapper.h @@ -0,0 +1,48 @@ +/* + Copyright (C) Jelmer Vernooij 2005 <jelmer@samba.org> + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef __SOCKET_WRAPPER_H__ +#define __SOCKET_WRAPPER_H__ + +int swrap_socket(int domain, int type, int protocol); +int swrap_accept(int s, struct sockaddr *addr, socklen_t *addrlen); +int swrap_connect(int s, const struct sockaddr *serv_addr, socklen_t addrlen); +int swrap_bind(int s, const struct sockaddr *myaddr, socklen_t addrlen); +int swrap_getpeername(int s, struct sockaddr *name, socklen_t *addrlen); +int swrap_getsockname(int s, struct sockaddr *name, socklen_t *addrlen); +int swrap_getsockopt(int s, int level, int optname, void *optval, socklen_t *optlen); +int swrap_setsockopt(int s, int level, int optname, const void *optval, socklen_t optlen); +ssize_t swrap_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlen); +ssize_t swrap_sendto(int s, const void *buf, size_t len, int flags, const struct sockaddr *to, socklen_t tolen); +int swrap_close(int); + +#ifdef SOCKET_WRAPPER_REPLACE +#define accept swrap_accept +#define connect swrap_connect +#define bind swrap_bind +#define getpeername swrap_getpeername +#define getsockname swrap_getsockname +#define getsockopt swrap_getsockopt +#define setsockopt swrap_setsockopt +#define recvfrom swrap_recvfrom +#define sendto swrap_sendto +#define socket swrap_socket +#define close swrap_close +#endif + +#endif /* __SOCKET_WRAPPER_H__ */ diff --git a/source3/lib/socket_wrapper.c b/source3/lib/socket_wrapper.c new file mode 100644 index 0000000000..2a26ba1534 --- /dev/null +++ b/source3/lib/socket_wrapper.c @@ -0,0 +1,467 @@ +/* + Socket wrapper library. Passes all socket communication over + unix domain sockets if the environment variable SOCKET_WRAPPER_DIR + is set. + Copyright (C) Jelmer Vernooij 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifdef _SAMBA_BUILD +#include "includes.h" +#include "system/network.h" +#else +#include <sys/types.h> +#include <sys/socket.h> +#include <errno.h> +#include <sys/un.h> +#include <netinet/in.h> +#include <netinet/tcp.h> +#include <stdlib.h> +#include <unistd.h> +#include <string.h> +#include <stdio.h> +#include "dlinklist.h" +#endif + +/* LD_PRELOAD doesn't work yet, so REWRITE_CALLS is all we support + * for now */ +#define REWRITE_CALLS + +#ifdef REWRITE_CALLS +#define real_accept accept +#define real_connect connect +#define real_bind bind +#define real_getpeername getpeername +#define real_getsockname getsockname +#define real_getsockopt getsockopt +#define real_setsockopt setsockopt +#define real_recvfrom recvfrom +#define real_sendto sendto +#define real_socket socket +#define real_close close +#endif + +static struct sockaddr *sockaddr_dup(const void *data, socklen_t len) +{ + struct sockaddr *ret = (struct sockaddr *)malloc(len); + memcpy(ret, data, len); + return ret; +} + +struct socket_info +{ + int fd; + + int domain; + int type; + int protocol; + int bound; + + char *path; + char *tmp_path; + + struct sockaddr *myname; + socklen_t myname_len; + + struct sockaddr *peername; + socklen_t peername_len; + + struct socket_info *prev, *next; +}; + +static struct socket_info *sockets = NULL; + +static int convert_un_in(const struct sockaddr_un *un, struct sockaddr_in *in, socklen_t *len) +{ + unsigned int prt; + const char *p; + int type; + + if ((*len) < sizeof(struct sockaddr_in)) { + return 0; + } + + in->sin_family = AF_INET; + in->sin_port = 1025; /* Default to 1025 */ + p = strchr(un->sun_path, '/'); + if (p) p++; else p = un->sun_path; + + if (sscanf(p, "sock_ip_%d_%u", &type, &prt) == 2) { + in->sin_port = htons(prt); + } + in->sin_addr.s_addr = htonl(INADDR_LOOPBACK); + *len = sizeof(struct sockaddr_in); + return 0; +} + +static int convert_in_un(int type, const struct sockaddr_in *in, struct sockaddr_un *un) +{ + uint16_t prt = ntohs(in->sin_port); + snprintf(un->sun_path, sizeof(un->sun_path), "%s/sock_ip_%d_%u", + getenv("SOCKET_WRAPPER_DIR"), type, prt); + return 0; +} + +static struct socket_info *find_socket_info(int fd) +{ + struct socket_info *i; + for (i = sockets; i; i = i->next) { + if (i->fd == fd) + return i; + } + + return NULL; +} + +static int sockaddr_convert_to_un(const struct socket_info *si, const struct sockaddr *in_addr, socklen_t in_len, + struct sockaddr_un *out_addr) +{ + if (!out_addr) + return 0; + + out_addr->sun_family = AF_UNIX; + + switch (in_addr->sa_family) { + case AF_INET: + return convert_in_un(si->type, (const struct sockaddr_in *)in_addr, out_addr); + case AF_UNIX: + memcpy(out_addr, in_addr, sizeof(*out_addr)); + return 0; + default: + break; + } + + errno = EAFNOSUPPORT; + return -1; +} + +static int sockaddr_convert_from_un(const struct socket_info *si, + const struct sockaddr_un *in_addr, + socklen_t un_addrlen, + int family, + struct sockaddr *out_addr, + socklen_t *out_len) +{ + if (out_addr == NULL || out_len == NULL) + return 0; + + if (un_addrlen == 0) { + *out_len = 0; + return 0; + } + + switch (family) { + case AF_INET: + return convert_un_in(in_addr, (struct sockaddr_in *)out_addr, out_len); + case AF_UNIX: + memcpy(out_addr, in_addr, sizeof(*in_addr)); + *out_len = sizeof(*in_addr); + return 0; + default: + break; + } + + errno = EAFNOSUPPORT; + return -1; +} + +int swrap_socket(int domain, int type, int protocol) +{ + struct socket_info *si; + int fd; + + if (!getenv("SOCKET_WRAPPER_DIR")) { + return real_socket(domain, type, protocol); + } + + fd = real_socket(AF_UNIX, type, 0); + + if (fd == -1) return -1; + + si = calloc(1, sizeof(struct socket_info)); + + si->domain = domain; + si->type = type; + si->protocol = protocol; + si->fd = fd; + + DLIST_ADD(sockets, si); + + return si->fd; +} + +int swrap_accept(int s, struct sockaddr *addr, socklen_t *addrlen) +{ + struct socket_info *parent_si, *child_si; + int fd; + socklen_t un_addrlen = sizeof(struct sockaddr_un); + struct sockaddr_un un_addr; + int ret; + + parent_si = find_socket_info(s); + if (!parent_si) { + return real_accept(s, addr, addrlen); + } + + ret = real_accept(s, (struct sockaddr *)&un_addr, &un_addrlen); + if (ret == -1) return ret; + + fd = ret; + + ret = sockaddr_convert_from_un(parent_si, &un_addr, un_addrlen, + parent_si->domain, addr, addrlen); + if (ret == -1) return ret; + + child_si = malloc(sizeof(struct socket_info)); + memset(child_si, 0, sizeof(*child_si)); + + child_si->fd = fd; + + if (addr && addrlen) { + child_si->myname_len = *addrlen; + child_si->myname = sockaddr_dup(addr, *addrlen); + } + + return fd; +} + +int swrap_connect(int s, const struct sockaddr *serv_addr, socklen_t addrlen) +{ + int ret; + struct sockaddr_un un_addr; + struct socket_info *si = find_socket_info(s); + + if (!si) { + return real_connect(s, serv_addr, addrlen); + } + + /* only allow pseudo loopback connections */ + if (serv_addr->sa_family == AF_INET && + ((const struct sockaddr_in *)serv_addr)->sin_addr.s_addr != + htonl(INADDR_LOOPBACK)) { + errno = ENETUNREACH; + return -1; + } + + ret = sockaddr_convert_to_un(si, (const struct sockaddr *)serv_addr, addrlen, &un_addr); + if (ret == -1) return -1; + + ret = real_connect(s, (struct sockaddr *)&un_addr, + sizeof(struct sockaddr_un)); + + if (ret == 0) { + si->peername_len = addrlen; + si->peername = sockaddr_dup(serv_addr, addrlen); + } + + return ret; +} + +int swrap_bind(int s, const struct sockaddr *myaddr, socklen_t addrlen) +{ + int ret; + struct sockaddr_un un_addr; + struct socket_info *si = find_socket_info(s); + + if (!si) { + return real_bind(s, myaddr, addrlen); + } + + ret = sockaddr_convert_to_un(si, (const struct sockaddr *)myaddr, addrlen, &un_addr); + if (ret == -1) return -1; + + unlink(un_addr.sun_path); + + ret = real_bind(s, (struct sockaddr *)&un_addr, + sizeof(struct sockaddr_un)); + + if (ret == 0) { + si->myname_len = addrlen; + si->myname = sockaddr_dup(myaddr, addrlen); + si->bound = 1; + } + + return ret; +} + +int swrap_getpeername(int s, struct sockaddr *name, socklen_t *addrlen) +{ + struct socket_info *si = find_socket_info(s); + + if (!si) { + return real_getpeername(s, name, addrlen); + } + + if (!si->peername) + { + errno = ENOTCONN; + return -1; + } + + memcpy(name, si->peername, si->peername_len); + *addrlen = si->peername_len; + + return 0; +} + +int swrap_getsockname(int s, struct sockaddr *name, socklen_t *addrlen) +{ + struct socket_info *si = find_socket_info(s); + + if (!si) { + return real_getsockname(s, name, addrlen); + } + + memcpy(name, si->myname, si->myname_len); + *addrlen = si->myname_len; + + return 0; +} + +int swrap_getsockopt(int s, int level, int optname, void *optval, socklen_t *optlen) +{ + struct socket_info *si = find_socket_info(s); + + if (!si) { + return real_getsockopt(s, level, optname, optval, optlen); + } + + if (level == SOL_SOCKET) { + return real_getsockopt(s, level, optname, optval, optlen); + } + + switch (si->domain) { + case AF_UNIX: + return real_getsockopt(s, level, optname, optval, optlen); + default: + errno = ENOPROTOOPT; + return -1; + } +} + +int swrap_setsockopt(int s, int level, int optname, const void *optval, socklen_t optlen) +{ + struct socket_info *si = find_socket_info(s); + + if (!si) { + return real_setsockopt(s, level, optname, optval, optlen); + } + + if (level == SOL_SOCKET) { + return real_setsockopt(s, level, optname, optval, optlen); + } + + switch (si->domain) { + case AF_UNIX: + return real_setsockopt(s, level, optname, optval, optlen); + case AF_INET: + /* Silence some warnings */ +#ifdef TCP_NODELAY + if (optname == TCP_NODELAY) + return 0; +#endif + default: + errno = ENOPROTOOPT; + return -1; + } +} + +ssize_t swrap_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlen) +{ + struct sockaddr_un un_addr; + socklen_t un_addrlen = sizeof(un_addr); + int ret; + struct socket_info *si = find_socket_info(s); + + if (!si) { + return real_recvfrom(s, buf, len, flags, from, fromlen); + } + + ret = real_recvfrom(s, buf, len, flags, (struct sockaddr *)&un_addr, &un_addrlen); + if (ret == -1) + return ret; + + if (sockaddr_convert_from_un(si, &un_addr, un_addrlen, + si->domain, from, fromlen) == -1) { + return -1; + } + + return ret; +} + +ssize_t swrap_sendto(int s, const void *buf, size_t len, int flags, const struct sockaddr *to, socklen_t tolen) +{ + struct sockaddr_un un_addr; + int ret; + struct socket_info *si = find_socket_info(s); + + if (!si) { + return real_sendto(s, buf, len, flags, to, tolen); + } + + /* using sendto() on an unbound DGRAM socket would give the + recipient no way to reply, as unlike UDP, a unix domain socket + can't auto-assign emphemeral port numbers, so we need to assign + it here */ + if (si->bound == 0 && si->type == SOCK_DGRAM) { + int i; + + un_addr.sun_family = AF_UNIX; + + for (i=0;i<1000;i++) { + snprintf(un_addr.sun_path, sizeof(un_addr.sun_path), + "%s/sock_ip_%u_%u", getenv("SOCKET_WRAPPER_DIR"), + SOCK_DGRAM, i + 10000); + if (bind(si->fd, (struct sockaddr *)&un_addr, + sizeof(un_addr)) == 0) { + si->tmp_path = strdup(un_addr.sun_path); + si->bound = 1; + break; + } + } + if (i == 1000) { + return -1; + } + } + + + ret = sockaddr_convert_to_un(si, to, tolen, &un_addr); + if (ret == -1) return -1; + + ret = real_sendto(s, buf, len, flags, (struct sockaddr *)&un_addr, sizeof(un_addr)); + + return ret; +} + +int swrap_close(int fd) +{ + struct socket_info *si = find_socket_info(fd); + + if (si) { + DLIST_REMOVE(sockets, si); + + free(si->path); + free(si->myname); + free(si->peername); + if (si->tmp_path) { + unlink(si->tmp_path); + free(si->tmp_path); + } + free(si); + } + + return real_close(fd); +} |