From: mdw Date: Sat, 29 Nov 2003 20:36:07 +0000 (+0000) Subject: Privileged outgoing connections. X-Git-Tag: 1.3.0~28 X-Git-Url: https://git.distorted.org.uk/~mdw/fwd/commitdiff_plain/ee599f5566c155b4decd9c77bfa4d6212f20891e Privileged outgoing connections. --- diff --git a/Makefile.am b/Makefile.am index c9598c6..2889c16 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,6 +1,6 @@ ## -*-makefile-*- ## -## $Id: Makefile.am,v 1.6 2003/11/25 14:08:23 mdw Exp $ +## $Id: Makefile.am,v 1.7 2003/11/29 20:36:07 mdw Exp $ ## ## Makefile for fw ## @@ -28,6 +28,9 @@ ##----- Revision history ---------------------------------------------------- ## ## $Log: Makefile.am,v $ +## Revision 1.7 2003/11/29 20:36:07 mdw +## Privileged outgoing connections. +## ## Revision 1.6 2003/11/25 14:08:23 mdw ## Debianization. Socket target options. Internet binding. ## @@ -68,7 +71,7 @@ fw_SOURCES = \ inet.c un.c \ inet.h un.h \ \ - acl.c fattr.c identify.c \ - acl.h fattr.h identify.h rlimits.h + acl.c fattr.c identify.c privconn.c \ + acl.h fattr.h identify.h privconn.h rlimits.h ##----- That's all, folks --------------------------------------------------- diff --git a/addr.h b/addr.h index adc4cd1..6b16c52 100644 --- a/addr.h +++ b/addr.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: addr.h,v 1.3 2003/11/25 14:08:23 mdw Exp $ + * $Id: addr.h,v 1.4 2003/11/29 20:36:07 mdw Exp $ * * Generic interface to network address handlers * @@ -29,6 +29,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: addr.h,v $ + * Revision 1.4 2003/11/29 20:36:07 mdw + * Privileged outgoing connections. + * * Revision 1.3 2003/11/25 14:08:23 mdw * Debianization. Socket target options. Internet binding. * @@ -174,6 +177,20 @@ typedef struct addr_ops { int (*option)(scanner */*sc*/, addr_opts */*ao*/, unsigned /*type*/); + /* --- @confirm@ --- * + * + * Arguments: @addr *a@ = pointer to an address structure + * @unsigned type@ = kind of address this is + * @addr_opts *ao@ = address options + * + * Returns: --- + * + * Use: Called during initialization when an address is fully + * configured. + */ + + void (*confirm)(addr */*a*/, unsigned /*type*/, addr_opts */*ao*/); + /* --- @freesrcopts@ --- * * * Arguments: @addr_opts *ao@ = data block to remove diff --git a/debian/changelog b/debian/changelog index edbda91..87c21a9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,9 +3,12 @@ fw (1.2.7) experimental; urgency=low * Debianization! * Fix data corruption in chan.c. - - * Socket target option support. Currently there's just bind address. - + * Support binding to specific addresses for inet sources and targets. - -- Mark Wooding Tue, 25 Nov 2003 14:07:42 +0000 + * Require (or prevent) privileged incoming connections in ACLs. + + * Privileged outgoing connections, if started as root, with privilege + separation if requested to drop privileges after initialization. + + -- Mark Wooding Sat, 29 Nov 2003 20:35:40 +0000 diff --git a/debian/control b/debian/control index d0a1a28..c462e17 100644 --- a/debian/control +++ b/debian/control @@ -1,7 +1,7 @@ Source: fw Section: net Priority: extra -Build-Depends: mlib-dev (>= 2.0.2), debhelper (>= 4.0.2) +Build-Depends: mlib-dev (>= 2.0.3), debhelper (>= 4.0.2) Maintainer: Mark Wooding Standards-Version: 3.1.1 diff --git a/exec.c b/exec.c index 54a6547..60d1785 100644 --- a/exec.c +++ b/exec.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: exec.c,v 1.7 2003/01/24 20:12:26 mdw Exp $ + * $Id: exec.c,v 1.8 2003/11/29 20:36:07 mdw Exp $ * * Source and target for executable programs * @@ -29,6 +29,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: exec.c,v $ + * Revision 1.8 2003/11/29 20:36:07 mdw + * Privileged outgoing connections. + * * Revision 1.7 2003/01/24 20:12:26 mdw * Correctly cast uid and gid sentinel values. Parse full filenames in * exec arguments (can't do it for program, unfortunately, since the die is @@ -1195,7 +1198,7 @@ static void xtarget_destroy(target *t) target_ops xtarget_ops = { "exec", - xtarget_option, xtarget_read, xtarget_create, xtarget_destroy + xtarget_option, xtarget_read, 0, xtarget_create, xtarget_destroy }; /*----- That's all, folks -------------------------------------------------*/ diff --git a/file.c b/file.c index 7c78645..371273e 100644 --- a/file.c +++ b/file.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: file.c,v 1.5 2002/02/22 23:43:32 mdw Exp $ + * $Id: file.c,v 1.6 2003/11/29 20:36:07 mdw Exp $ * * File source and target * @@ -29,6 +29,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: file.c,v $ + * Revision 1.6 2003/11/29 20:36:07 mdw + * Privileged outgoing connections. + * * Revision 1.5 2002/02/22 23:43:32 mdw * Call @xfree@ rather than @free@. * @@ -615,7 +618,7 @@ static void ftarget_destroy(target *t) target_ops ftarget_ops = { "file", - ftarget_option, ftarget_read, ftarget_create, ftarget_destroy + ftarget_option, ftarget_read, 0, ftarget_create, ftarget_destroy }; /*----- That's all, folks -------------------------------------------------*/ diff --git a/fw.1 b/fw.1 index 251aa5a..d90d9d9 100644 --- a/fw.1 +++ b/fw.1 @@ -1,6 +1,6 @@ .\" -*-nroff-*- .\" -.\" $Id: fw.1,v 1.16 2003/11/25 14:46:50 mdw Exp $ +.\" $Id: fw.1,v 1.17 2003/11/29 20:36:07 mdw Exp $ .\" .\" Manual page for fw .\" @@ -28,6 +28,9 @@ .\" ---- Revision history --------------------------------------------------- .\" .\" $Log: fw.1,v $ +.\" Revision 1.17 2003/11/29 20:36:07 mdw +.\" Privileged outgoing connections. +.\" .\" Revision 1.16 2003/11/25 14:46:50 mdw .\" Update docco for new options. .\" @@ -1129,6 +1132,36 @@ which means to use whichever address the kernel thinks is most convenient. This option is useful if the destination is doing host-based access control and your server is multi-homed. .OE +.OS "Socket options" +.B socket.inet.dest.priv-port +.RB [=] +.BR yes | no +.OD +Make a privileged connection (i.e., from a low-numbered port) to the +target. This only works if +.B fw +was started with root privileges. However, it still works if +.B fw +has +.I dropped +privileges after initialization (the +.B \-s +option). Before dropping privileges, +.B fw +forks off a separate process which continues to run with root +privileges, and on demand passes sockets bound to privileged ports and +connected to the appropriate peer back to the main program. The +privileged child only passes back sockets connected to peer addresses +named in the configuration; even if the +.B fw +process is compromised, it can't make privileged connections to other +addresses. Note that because of this privilege separation, it's also +not possible to reconfigure +.B fw +to make privileged connections to different peer addresses later. by +changing configuration files and sending the daemon a +.BR SIGHUP . +.OE .PP The access control rules are examined in the order: local entries first, then global ones, each in the order given in the configuration file. @@ -1555,6 +1588,10 @@ exec .RB [ = ] .BR any | \c .I addr +.br +.B socket.inet.dest.priv-port +.RB [=] +.BR yes | no .PP .BR socket.unix.fattr. * . diff --git a/fw.c b/fw.c index 5a5db0f..2dec3c0 100644 --- a/fw.c +++ b/fw.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: fw.c,v 1.15 2003/11/25 14:46:50 mdw Exp $ + * $Id: fw.c,v 1.16 2003/11/29 20:36:07 mdw Exp $ * * Port forwarding thingy * @@ -29,6 +29,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: fw.c,v $ + * Revision 1.16 2003/11/29 20:36:07 mdw + * Privileged outgoing connections. + * * Revision 1.15 2003/11/25 14:46:50 mdw * Update docco for new options. * @@ -115,6 +118,7 @@ #include "fattr.h" #include "file.h" #include "fw.h" +#include "privconn.h" #include "scan.h" #include "socket.h" #include "source.h" @@ -247,6 +251,8 @@ void parse(scanner *sc) /* --- Combine the source and target --- */ s->ops->attach(s, sc, t); + if (t->ops->confirm) + t->ops->confirm(t); } /* --- Include configuration from a file --- * @@ -604,6 +610,7 @@ Socket options\n\ socket.inet.source.[allow|deny] priv-port\n\ socket.inet.source.addr [=] any|ADDR\n\ socket.inet.dest.addr [=] any|ADDR\n\ + socket.inet.dest.priv-port [=] yes|no\n\ \n\ socket.unix.fattr.*\n\ "); @@ -805,6 +812,8 @@ int main(int argc, char *argv[]) /* --- Drop privileges --- */ + if (drop != (uid_t)-1) + privconn_split(sel); #ifdef HAVE_SETGROUPS if ((dropg != (gid_t)-1 && (setgid(dropg) || setgroups(1, &dropg))) || (drop != (uid_t)-1 && setuid(drop))) diff --git a/grammar b/grammar index 6c4fc02..02b5b16 100644 --- a/grammar +++ b/grammar @@ -76,5 +76,6 @@ Socket options socket.inet.source.[allow|deny] [host] ADDR [/ ADDR] socket.inet.source.addr [=] any|ADDR socket.inet.dest.addr [=] any|ADDR + oscket.inet.dest.priv-port [=] yes|no socket.unix.source.fattr.* diff --git a/identify.c b/identify.c index 265c071..f94cc0e 100644 --- a/identify.c +++ b/identify.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: identify.c,v 1.7 2002/02/22 23:43:32 mdw Exp $ + * $Id: identify.c,v 1.8 2003/11/29 20:36:07 mdw Exp $ * * Identifies and logs the client of a connection * @@ -29,6 +29,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: identify.c,v $ + * Revision 1.8 2003/11/29 20:36:07 mdw + * Privileged outgoing connections. + * * Revision 1.7 2002/02/22 23:43:32 mdw * Call @xfree@ rather than @free@. * @@ -133,9 +136,10 @@ static void id_done(id *i) /* --- Report the final result --- */ - fw_log(i->when, "[%s] %s from %s@%s [%s]", + fw_log(i->when, "[%s] %s from %s@%s [%s:%u]", i->q.desc, i->q.act, - i->user, i->host, inet_ntoa(i->q.rsin.sin_addr)); + i->user, i->host, + inet_ntoa(i->q.rsin.sin_addr), (unsigned)ntohs(i->q.rsin.sin_port)); /* --- Dispose of the block --- */ diff --git a/inet.c b/inet.c index 70e5c90..3a4dbd5 100644 --- a/inet.c +++ b/inet.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: inet.c,v 1.5 2003/11/25 14:08:23 mdw Exp $ + * $Id: inet.c,v 1.6 2003/11/29 20:36:07 mdw Exp $ * * Protocol specific definitions for IPv4 sockets * @@ -29,6 +29,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: inet.c,v $ + * Revision 1.6 2003/11/29 20:36:07 mdw + * Privileged outgoing connections. + * * Revision 1.5 2003/11/25 14:08:23 mdw * Debianization. Socket target options. Internet binding. * @@ -77,6 +80,7 @@ #include "fw.h" #include "identify.h" #include "inet.h" +#include "privconn.h" #include "reffd.h" #include "scan.h" #include "socket.h" @@ -101,8 +105,11 @@ typedef struct inet_srcopts { typedef struct inet_targopts { inet_opts io; + int ipriv; } inet_targopts; +#define ADDRF_PRIVCONN 16u + static inet_srcopts inet_globalsrc = { { { 0 }, { INADDR_ANY } }, 0, &inet_globalsrc.acl }; static inet_targopts inet_globaltarg = @@ -201,6 +208,7 @@ static addr_opts *inet_inittargopts(void) { inet_targopts *io = CREATE(inet_targopts); *io = inet_globaltarg; + io->ipriv = -1; return (&io->io.ao); } @@ -261,7 +269,8 @@ static int srcopt(scanner *sc, addr_opts *ao) if (sc->t == CTOK_WORD && strcmp(sc->d.buf, "from") == 0) token(sc); - if (sc->t == CTOK_WORD && strcmp(sc->d.buf, "priv-port") == 0) { + if (sc->t == CTOK_WORD && (strcmp(sc->d.buf, "priv") == 0 || + strcmp(sc->d.buf, "priv-port") == 0)) { acl_addpriv(&io->acltail, act); token(sc); } else { @@ -327,6 +336,16 @@ static int targopt(scanner *sc, addr_opts *ao) addropt(sc, &io->io); CONF_ACCEPT; } + if (strcmp(sc->d.buf, "priv") == 0 || + strcmp(sc->d.buf, "priv-port") == 0) { + token(sc); + if (sc->t == '=') token(sc); + if (conf_enum(sc, "no,yes", ENUM_ABBREV, "privileged connection status")) + io->io.ao.f |= ADDRF_PRIVCONN; + else + io->io.ao.f &= ~ADDRF_PRIVCONN; + CONF_ACCEPT; + } CONF_END; } @@ -340,6 +359,23 @@ static int inet_option(scanner *sc, addr_opts *ao, unsigned type) CONF_END; } +/* --- @confirm@ --- */ + +static void inet_confirm(addr *a, unsigned type, addr_opts *ao) +{ + inet_addrx *ia = (inet_addrx *)a; + + switch (type) { + case ADDR_DEST: { + inet_targopts *io = (inet_targopts *)ao; + if ((io->io.ao.f & ADDRF_PRIVCONN) && + (io->ipriv = privconn_adddest(ia->sin.sin_addr, + ia->sin.sin_port)) < 0) + die(1, "couldn't add privileged connection target (too late)"); + } break; + } +} + /* --- @freeopts@ --- */ static void inet_freesrcopts(addr_opts *ao) @@ -431,6 +467,10 @@ static int inet_connect(addr *a, addr_opts *ao, conn *c, endpt *e) inet_targopts *io = (inet_targopts *)ao; int fd; + if (io->ipriv >= 0) { + return (privconn_connect(c, sel, io->ipriv, io->io.bind, + starget_connected, e)); + } if ((fd = socket(PF_INET, SOCK_STREAM, 0)) < 0) goto fail_0; if (io->io.bind.s_addr != INADDR_ANY) { @@ -456,7 +496,7 @@ fail_0: addr_ops inet_ops = { "inet", inet_read, inet_destroy, inet_print, - inet_initsrcopts, inet_option, inet_freesrcopts, + inet_initsrcopts, inet_option, inet_confirm, inet_freesrcopts, inet_bind, 0, inet_accept, inet_inittargopts, inet_freetargopts, inet_connect diff --git a/privconn.c b/privconn.c new file mode 100644 index 0000000..fcd292b --- /dev/null +++ b/privconn.c @@ -0,0 +1,380 @@ +/* -*-c-*- + * + * $Id: privconn.c,v 1.1 2003/11/29 20:36:07 mdw Exp $ + * + * Making privileged connections + * + * (c) 2003 Straylight/Edgeware + */ + +/*----- Licensing notice --------------------------------------------------* + * + * This file is part of the `fw' port forwarder. + * + * `fw' is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * `fw' is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with `fw'; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +/*----- Revision history --------------------------------------------------* + * + * $Log: privconn.c,v $ + * Revision 1.1 2003/11/29 20:36:07 mdw + * Privileged outgoing connections. + * + */ + +/*----- Header files ------------------------------------------------------*/ + +#include +#include +#include +#include + +#include +#include + +#include +#include +#include + +#include +#include +#include +#include +#include +#include + +#include "privconn.h" + +/*----- Data structures ---------------------------------------------------*/ + +typedef struct connrec { + struct in_addr peer; + unsigned port; +} connrec; + +typedef struct connrq { + int i; + struct in_addr bind; +} connrq; + +DA_DECL(connrec_v, connrec); + +/*----- Static variables --------------------------------------------------*/ + +static connrec_v cv = DA_INIT; +static conn *qhead = 0, **qtail = &qhead; +static int kidfd = -1; +static sel_file sf; + +/*----- Main code ---------------------------------------------------------*/ + +/* --- @doconn@ --- * + * + * Arguments: @const connrq *rq@ = index of connection record + * + * Returns: Connected file descriptor, or @-1@. + * + * Use: Main privileged connection thing. + */ + +static int doconn(const connrq *rq) +{ + struct sockaddr_in sin_bind; + struct sockaddr_in sin_peer; + int fd; + int i; + connrec *c; + + /* --- Check the argument --- */ + + if (rq->i < 0 || rq->i >= DA_LEN(&cv)) { + errno = EINVAL; + goto fail_0; + } + c = &DA(&cv)[rq->i]; + + /* --- Make a new socket --- */ + + if ((fd = socket(PF_INET, SOCK_STREAM, 0)) < 0) + goto fail_0; + + /* --- Bind it to a low-numbered port --- */ + + memset(&sin_bind, 0, sizeof(sin_bind)); + sin_bind.sin_family = AF_INET; + sin_bind.sin_addr = rq->bind; + for (i = 1023; i >= 512; i--) { + sin_bind.sin_port = htons(i); + if (!bind(fd, (struct sockaddr *)&sin_bind, sizeof(sin_bind))) + goto bound; + if (errno != EADDRINUSE) + goto fail_1; + } + goto fail_1; + + /* --- Connect to the peer --- * + * + * We can find out whether it's connected later, so there's no need to + * distinguish these cases. + */ + +bound: + memset(&sin_peer, 0, sizeof(sin_peer)); + sin_peer.sin_family = AF_INET; + sin_peer.sin_addr = c->peer; + sin_peer.sin_port = c->port; + fdflags(fd, O_NONBLOCK, O_NONBLOCK, 0, 0); + if (connect(fd, (struct sockaddr *)&sin_peer, sizeof(sin_peer)) < 0 && + errno != EINPROGRESS) + goto fail_1; + return (fd); + + /* --- Tidy up on errors --- */ + +fail_1: + close(fd); +fail_0: + return (-1); +} + +/* --- @dochild@ --- * + * + * Arguments: @int fd@ = my file descriptor + * + * Returns: Never. + * + * Use: Child process for making privileged connections, separated + * from main process after initialization. + */ + +static void dochild(int fd) +{ + int i; + connrq rq; + int nfd; + ssize_t sz; +#if defined(_SC_OPEN_MAX) + int maxfd = sysconf(_SC_OPEN_MAX); +#elif defined(OPEN_MAX) + int maxfd = OPEN_MAX; +#else + int maxfd = -1; +#endif + struct sigaction sa; + struct sigaction sa_dfl; + + /* --- Clear out unnecessary file descriptors --- */ + + if (maxfd < 0) + maxfd = 256; + for (i = 3; i < maxfd; i++) + if (i != fd) close(i); + + /* --- Close off signal handlers --- */ + + sa_dfl.sa_handler = SIG_DFL; + sigemptyset(&sa_dfl.sa_mask); + sa_dfl.sa_flags = 0; + for (i = 0; i < 256; i++) { + if (sigaction(i, 0, &sa)) + break; + if (sa.sa_handler != SIG_DFL && sa.sa_handler != SIG_IGN) + sigaction(i, &sa_dfl, 0); + } + + /* --- Main loop --- */ + + for (;;) { + sz = read(fd, &rq, sizeof(rq)); + if (!sz) + break; + if (sz < 0) + die(1, "read error in privconn child: %s", strerror(errno)); + if ((nfd = doconn(&rq)) < 0) + goto err; + i = 0; + sz = fdpass_send(fd, nfd, &i, sizeof(i)); + if (sz < 0) + goto err; + if (sz < sizeof(i)) + die(1, "short write in privconn child"); + continue; + + err: + if (write(fd, &errno, sizeof(errno)) < 0) + die(1, "write error in privconn child: %s", strerror(errno)); + } + _exit(0); +} + +/* --- @dorecvfd@ --- * + * + * Arguments: @int fd@ = file descriptor (@== kidfd@) + * @unsigned mode@ = what's happening (@== SEL_READ@) + * @void *p@ = uninteresting (@== 0@) + * + * Returns: --- + * + * Use: Receives a file descriptor from the privileged part. + */ + +void dorecvfd(int fd, unsigned mode, void *p) +{ + conn *c, *cc; + ssize_t n; + int e; + + n = fdpass_recv(kidfd, &fd, &e, sizeof(e)); + if (!n) + goto close; + assert(qhead); + c = qhead; + qhead = (conn *)c->writer.next; + if (!qhead) qtail = &qhead; + if (n < 0 || (errno = e) != 0) + goto fail; + if (fd == -1) { + errno = EIO; + goto fail; + } + conn_fd(c, c->writer.s, fd, c->func, c->p); + return; + +fail: + c->func(-1, c->p); + return; + +close: + close(kidfd); + kidfd = 0; + errno = EIO; + sel_rmfile(&sf); + for (c = qhead; c; c = cc) { + cc = (conn *)c->writer.next; + c->func(-1, c->p); + } + qhead = 0; + qtail = &qhead; + return; +} + +/* --- @privconn_split@ --- * + * + * Arguments: @sel_state *s@ = select state + * + * Returns: --- + * + * Use: Splits off the privileged binding code into a separate + * process. + */ + +void privconn_split(sel_state *s) +{ + pid_t kid; + int fd[2]; + + if (kidfd != -1) + return; + if (socketpair(PF_UNIX, SOCK_STREAM, 0, fd) < 0) + die(1, "couldn't create privconn socketpair: %s", strerror(errno)); + kidfd = fd[0]; + if ((kid = fork()) < 0) + die(1, "couldn't fork privconn child: %s", strerror(errno)); + if (!kid) { + close(kidfd); + dochild(fd[1]); + _exit(127); + } + close(fd[1]); + fdflags(kidfd, 0, 0, FD_CLOEXEC, FD_CLOEXEC); + sel_initfile(s, &sf, kidfd, SEL_READ, dorecvfd, 0); + sel_addfile(&sf); +} + +/* --- @privconn_adddest@ --- * + * + * Arguments: @struct in_addr peer@ = address to connect to + * @unsigned port@ = port to connect to + * + * Returns: Index for this destination address, or @-1@ if not + * available. + * + * Use: Adds a valid destination for a privileged connection. + */ + +int privconn_adddest(struct in_addr peer, unsigned port) +{ + int i; + struct connrec *c; + + if (kidfd != -1) + return (-1); + for (i = 0; i < DA_LEN(&cv); i++) { + c = &DA(&cv)[i]; + if (peer.s_addr == c->peer.s_addr && port == c->port) + return (i); + } + DA_ENSURE(&cv, 1); + DA_EXTEND(&cv, 1); + c = &DA(&cv)[i]; + c->peer = peer; + c->port = port; + return (i); +} + +/* --- @privconn_connect@ --- * + * + * Arguments: @conn *c@ = connection structure to fill in + * @sel_state *s@ = pointer to select state to attach to + * @int i@ = address index to connect to + * @struct in_addr bind@ = address to bind to + * @void (*func)(int, void *)@ = function to call on connect + * @void *p@ = argument for the function + * + * Returns: Zero on success, @-1@ on failure. + * + * Use: Sets up a privileged connection job. + */ + +int privconn_connect(conn *c, sel_state *s, int i, struct in_addr bind, + void (*func)(int, void *), void *p) +{ + int fd; + connrq rq; + ssize_t n; + + rq.i = i; + rq.bind = bind; + if (kidfd == -1) { + if ((fd = doconn(&rq)) < 0) + return (-1); + conn_fd(c, s, fd, func, p); + return (0); + } + + n = write(kidfd, &rq, sizeof(rq)); + if (n < 0) + return (-1); + c->writer.fd = -1; + c->writer.s = s; + c->writer.next = 0; + c->func = func; + c->p = p; + *qtail = c; + qtail = (conn **)&c->writer.next; + return (0); +} + +/*----- That's all, folks -------------------------------------------------*/ diff --git a/privconn.h b/privconn.h new file mode 100644 index 0000000..857f278 --- /dev/null +++ b/privconn.h @@ -0,0 +1,102 @@ +/* -*-c-*- + * + * $Id: privconn.h,v 1.1 2003/11/29 20:36:07 mdw Exp $ + * + * Making privileged connections + * + * (c) 2003 Straylight/Edgeware + */ + +/*----- Licensing notice --------------------------------------------------* + * + * This file is part of the `fw' port forwarder. + * + * `fw' is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * `fw' is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with `fw'; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +/*----- Revision history --------------------------------------------------* + * + * $Log: privconn.h,v $ + * Revision 1.1 2003/11/29 20:36:07 mdw + * Privileged outgoing connections. + * + */ + +#ifndef PRIVCONN_H +#define PRIVCONN_H + +#ifdef __cplusplus + extern "C" { +#endif + +/*----- Header files ------------------------------------------------------*/ + +#include + +#include +#include + +/*----- Functions provided ------------------------------------------------*/ + +/* --- @privconn_split@ --- * + * + * Arguments: @sel_state *s@ = select state + * + * Returns: --- + * + * Use: Splits off the privileged binding code into a separate + * process. + */ + +extern void privconn_split(sel_state */*s*/); + +/* --- @privconn_adddest@ --- * + * + * Arguments: @struct in_addr peer@ = address to connect to + * @unsigned port@ = port to connect to + * + * Returns: Index for this destination address, or @-1@ if not + * available. + * + * Use: Adds a valid destination for a privileged connection. + */ + +extern int privconn_adddest(struct in_addr /*peer*/, unsigned /*port*/); + +/* --- @privconn_connect@ --- * + * + * Arguments: @conn *c@ = connection structure to fill in + * @sel_state *s@ = pointer to select state to attach to + * @int i@ = address index to connect to + * @struct in_addr bind@ = address to bind to + * @void (*func)(int, void *)@ = function to call on connect + * @void *p@ = argument for the function + * + * Returns: Zero on success, @-1@ on failure. + * + * Use: Sets up a privileged connection job. + */ + +extern int privconn_connect(conn */*c*/, sel_state */*s*/, + int /*i*/, struct in_addr /*bind*/, + void (*/*func*/)(int, void *), void */*p*/); + +/*----- That's all, folks -------------------------------------------------*/ + +#ifdef __cplusplus + } +#endif + +#endif diff --git a/socket.c b/socket.c index 5f1a731..bbc1f9e 100644 --- a/socket.c +++ b/socket.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: socket.c,v 1.10 2003/11/25 14:08:23 mdw Exp $ + * $Id: socket.c,v 1.11 2003/11/29 20:36:07 mdw Exp $ * * Socket source and target definitions * @@ -29,6 +29,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: socket.c,v $ + * Revision 1.11 2003/11/29 20:36:07 mdw + * Privileged outgoing connections. + * * Revision 1.10 2003/11/25 14:08:23 mdw * Debianization. Socket target options. Internet binding. * @@ -576,6 +579,11 @@ static void ssource_attach(source *s, scanner *sc, target *t) dstr_destroy(&d); } + /* --- Confirm the address --- */ + + if (ss->a->ops->confirm) + ss->a->ops->confirm(ss->a, ADDR_SRC, ss->ao); + /* --- Initialize the socket for listening --- */ if ((fd = ss->a->ops->bind(ss->a, ss->ao)) < 0) @@ -675,15 +683,17 @@ static target *starget_read(scanner *sc) return (&st->t); } -/* --- @create@ --- * - * - * Arguments: @target *t@ = pointer to target - * @const char *desc@ = description of connection - * - * Returns: Pointer to a created endpoint. - * - * Use: Generates a target endpoint for communication. - */ +/* --- @confirm@ --- */ + +static void starget_confirm(target *t) +{ + starget *st = (starget *)t; + + if (st->a->ops->confirm) + st->a->ops->confirm(st->a, ADDR_DEST, st->ao); +} + +/* --- @create@ --- */ static endpt *starget_create(target *t, const char *desc) { @@ -722,7 +732,8 @@ static void starget_destroy(target *t) target_ops starget_ops = { "socket", - starget_option, starget_read, starget_create, starget_destroy + starget_option, starget_read, starget_confirm, + starget_create, starget_destroy }; /*----- That's all, folks -------------------------------------------------*/ diff --git a/target.h b/target.h index 862527a..1472ff3 100644 --- a/target.h +++ b/target.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: target.h,v 1.2 2003/11/25 14:08:23 mdw Exp $ + * $Id: target.h,v 1.3 2003/11/29 20:36:07 mdw Exp $ * * Description of forwarding targets * @@ -29,6 +29,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: target.h,v $ + * Revision 1.3 2003/11/29 20:36:07 mdw + * Privileged outgoing connections. + * * Revision 1.2 2003/11/25 14:08:23 mdw * Debianization. Socket target options. Internet binding. * @@ -95,6 +98,17 @@ typedef struct target_ops { target *(*read)(scanner */*sc*/); + /* --- @confirm@ --- * + * + * Arguments: @target *t@ = pointer to target + * + * Returns: --- + * + * Use: Confirms configuration of a target. + */ + + void (*confirm)(target */*t*/); + /* --- @create@ --- * * * Arguments: @target *t@ = pointer to target diff --git a/un.c b/un.c index e415256..f701f6a 100644 --- a/un.c +++ b/un.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: un.c,v 1.6 2003/11/25 14:08:23 mdw Exp $ + * $Id: un.c,v 1.7 2003/11/29 20:36:07 mdw Exp $ * * Protocol specific definitions for Unix-domain sockets * @@ -29,6 +29,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: un.c,v $ + * Revision 1.7 2003/11/29 20:36:07 mdw + * Privileged outgoing connections. + * * Revision 1.6 2003/11/25 14:08:23 mdw * Debianization. Socket target options. Internet binding. * @@ -251,7 +254,7 @@ fail_0: addr_ops un_ops = { "unix", un_read, un_destroy, un_print, - un_initopts, un_option, un_freeopts, un_bind, un_unbind, un_accept, + un_initopts, un_option, 0, un_freeopts, un_bind, un_unbind, un_accept, 0, 0, un_connect };