17 #include <sys/ioctl.h>
18 #include <sys/socket.h>
22 #include <netinet/in.h>
23 #include <arpa/inet.h>
24 #include <netinet/tcp.h>
25 #include <netinet/udp.h>
28 enum { UNUSED
, STALE
, USED
};
29 enum { WANT_FRESH
, WANT_EXISTING
};
31 typedef struct aclnode
{
34 unsigned long minaddr
, maxaddr
;
35 unsigned short minport
, maxport
;
38 #define MAX_LOCAL_IPADDRS 16
39 static struct in_addr local_ipaddrs
[MAX_LOCAL_IPADDRS
];
40 static int n_local_ipaddrs
;
43 static char *sockdir
= 0;
46 static aclnode
*bind_real
, **bind_tail
= &bind_real
;
47 static aclnode
*connect_real
, **connect_tail
= &connect_real
;
49 /* --- Import magic --- */
52 _(socket, int, (int, int, int)) \
53 _(socketpair, int, (int, int, int, int *)) \
54 _(connect, int, (int, const struct sockaddr *, socklen_t)) \
55 _(bind, int, (int, const struct sockaddr *, socklen_t)) \
56 _(accept, int, (int, struct sockaddr *, socklen_t *)) \
57 _(getsockname, int, (int, struct sockaddr *, socklen_t *)) \
58 _(getpeername, int, (int, struct sockaddr *, socklen_t *)) \
59 _(getsockopt, int, (int, int, int, void *, socklen_t *)) \
60 _(setsockopt, int, (int, int, int, const void *, socklen_t)) \
61 _(sendto, ssize_t, (int, const void *buf, size_t, int, \
62 const struct sockaddr *to, socklen_t tolen)) \
63 _(recvfrom, ssize_t, (int, void *buf, size_t, int, \
64 struct sockaddr *from, socklen_t *fromlen)) \
65 _(sendmsg, ssize_t, (int, const struct msghdr *, int)) \
66 _(recvmsg, ssize_t, (int, struct msghdr *, int)) \
69 #define DECL(imp, ret, args) static ret (*real_##imp) args;
73 static void setup(void) __attribute__((constructor
));
74 static void import(void)
76 #define IMPORT(imp, ret, args) \
77 real_##imp = (ret (*)args)dlsym(RTLD_NEXT, #imp);
84 #define SA(sa) ((struct sockaddr *)(sa))
85 #define SIN(sa) ((struct sockaddr_in *)(sa))
86 #define SUN(sa) ((struct sockaddr_un *)(sa))
88 #define UC(ch) ((unsigned char)(ch))
90 #define NEW(x) ((x) = xmalloc(sizeof(*x)))
91 #define NEWV(x, n) ((x) = xmalloc(sizeof(*x) * (n)))
94 # define D(body) { if (debug) { body } }
99 #define PRESERVING_ERRNO(body) do { \
100 int _err = errno; { body } errno = _err; \
103 static void *xmalloc(size_t n
)
107 if ((p
= malloc(n
)) == 0) { perror("malloc"); exit(1); }
111 static char *xstrdup(const char *p
)
113 size_t n
= strlen(p
) + 1;
114 char *q
= xmalloc(n
);
119 static int unix_socket_status(struct sockaddr_un
*sun
, int quick_p
)
128 if (stat(sun
->sun_path
, &st
) && errno
== ENOENT
)
134 if ((fp
= fopen("/proc/net/unix", "r")) == 0)
136 fgets(buf
, sizeof(buf
), fp
); /* skip header */
137 len
= strlen(sun
->sun_path
);
138 while (fgets(buf
, sizeof(buf
), fp
)) {
140 if (n
>= len
+ 2 && buf
[n
- len
- 2] == ' ' && buf
[n
- 1] == '\n' &&
141 memcmp(buf
+ n
- len
- 1, sun
->sun_path
, len
) == 0)
154 static void dump_aclnode(aclnode
*a
)
156 char minbuf
[16], maxbuf
[16];
157 struct in_addr amin
, amax
;
159 amin
.s_addr
= htonl(a
->minaddr
);
160 amax
.s_addr
= htonl(a
->maxaddr
);
161 fprintf(stderr
, "noip: %c ", a
->act ?
'+' : '-');
162 if (a
->minaddr
== 0 && a
->maxaddr
== 0xffffffff)
163 fprintf(stderr
, "any");
165 fprintf(stderr
, "%s",
166 inet_ntop(AF_INET
, &amin
, minbuf
, sizeof(minbuf
)));
167 if (a
->maxaddr
!= a
->minaddr
) {
168 fprintf(stderr
, "-%s",
169 inet_ntop(AF_INET
, &amax
, maxbuf
, sizeof(maxbuf
)));
172 if (a
->minport
!= 0 || a
->maxport
!= 0xffff) {
173 fprintf(stderr
, ":%u", (unsigned)a
->minport
);
174 if (a
->minport
!= a
->maxport
)
175 fprintf(stderr
, "-%u", (unsigned)a
->maxport
);
182 static int acl_allows_p(aclnode
*a
, const struct sockaddr_in
*sin
)
184 unsigned long addr
= ntohl(sin
->sin_addr
.s_addr
);
185 unsigned short port
= ntohs(sin
->sin_port
);
189 fprintf(stderr
, "noip: check %s:%u\n",
190 inet_ntop(AF_INET
, &sin
->sin_addr
, buf
, sizeof(buf
)),
191 ntohs((unsigned)sin
->sin_port
)); )
192 for (; a
; a
= a
->next
) {
193 D( dump_aclnode(a
); )
194 if (a
->minaddr
<= addr
&& addr
<= a
->maxaddr
&&
195 a
->minport
<= port
&& port
<= a
->maxport
) {
196 D( fprintf(stderr
, "noip: aha! %s\n", a
->act ?
"ALLOW" : "DENY"); )
201 D( fprintf(stderr
, "noip: nothing found: %s\n", act ?
"DENY" : "ALLOW"); )
207 static void dump_acl(aclnode
*a
)
211 for (; a
; a
= a
->next
) {
215 fprintf(stderr
, "noip: [default policy: %s]\n",
216 act
== ALLOW ?
"DENY" : "ALLOW");
221 static int encode_inet_addr(struct sockaddr_un
*sun
,
222 const struct sockaddr_in
*sin
,
227 char buf
[INET_ADDRSTRLEN
];
230 D( fprintf(stderr
, "noip: encode %s:%u (%s)",
231 inet_ntop(AF_INET
, &sin
->sin_addr
, buf
, sizeof(buf
)),
232 (unsigned)ntohs(sin
->sin_port
),
233 want
== WANT_EXISTING ?
"EXISTING" : "FRESH"); )
234 sun
->sun_family
= AF_UNIX
;
235 if (sin
->sin_port
|| want
== WANT_EXISTING
) {
236 snprintf(sun
->sun_path
, sizeof(sun
->sun_path
), "%s/%s:%u", sockdir
,
237 inet_ntop(AF_INET
, &sin
->sin_addr
, buf
, sizeof(buf
)),
238 (unsigned)ntohs(sin
->sin_port
));
239 rc
= unix_socket_status(sun
, 0);
240 if (rc
== STALE
) unlink(sun
->sun_path
);
241 if (rc
!= USED
&& want
== WANT_EXISTING
) {
242 snprintf(sun
->sun_path
, sizeof(sun
->sun_path
), "%s/0.0.0.0:%u",
243 sockdir
, (unsigned)ntohs(sin
->sin_port
));
244 if (unix_socket_status(sun
, 0) == STALE
) unlink(sun
->sun_path
);
247 for (desperate_p
= 0; desperate_p
< 2; desperate_p
++) {
248 for (i
= 16384; i
< 65536; i
++) {
249 snprintf(sun
->sun_path
, sizeof(sun
->sun_path
), "%s/%s:%u", sockdir
,
250 inet_ntop(AF_INET
, &sin
->sin_addr
, buf
, sizeof(buf
)),
252 rc
= unix_socket_status(sun
, !desperate_p
);
254 case STALE
: unlink(sun
->sun_path
);
255 case UNUSED
: goto found
;
260 D( fprintf(stderr
, " -- can't resolve\n"); )
264 D( fprintf(stderr
, " -> `%s'\n", sun
->sun_path
); )
268 static int decode_inet_addr(struct sockaddr_in
*sin
,
269 const struct sockaddr_un
*sun
,
272 char buf
[INET_ADDRSTRLEN
+ 16];
274 size_t n
= strlen(sockdir
), nn
= strlen(sun
->sun_path
);
275 struct sockaddr_in sin_mine
;
280 if (sun
->sun_family
!= AF_UNIX
)
282 if (len
< sizeof(sun
)) ((char *)sun
)[len
] = 0;
283 D( fprintf(stderr
, "noip: decode (%d) `%s'",
284 *sun
->sun_path
, sun
->sun_path
); )
285 if (!sun
->sun_path
[0]) {
286 sin
->sin_family
= AF_INET
;
287 sin
->sin_addr
.s_addr
= INADDR_ANY
;
289 D( fprintf(stderr
, " -- unbound socket\n"); )
292 if (nn
< n
+ 1 || nn
- n
>= sizeof(buf
) || sun
->sun_path
[n
] != '/' ||
293 memcmp(sun
->sun_path
, sockdir
, n
) != 0) {
294 D( fprintf(stderr
, " -- not one of ours\n"); )
297 memcpy(buf
, sun
->sun_path
+ n
+ 1, nn
- n
);
298 if ((p
= strchr(buf
, ':')) == 0) {
299 D( fprintf(stderr
, " -- malformed (no port)\n"); )
303 sin
->sin_family
= AF_INET
;
304 if (inet_pton(AF_INET
, buf
, &sin
->sin_addr
) <= 0) {
305 D( fprintf(stderr
, " -- malformed (bad address `%s')\n", buf
); )
308 port
= strtoul(p
, &p
, 10);
309 if (*p
|| port
>= 65536) {
310 D( fprintf(stderr
, " -- malformed (port out of range)"); )
313 sin
->sin_port
= htons(port
);
314 D( fprintf(stderr
, " -> %s:%u\n",
315 inet_ntop(AF_INET
, &sin
->sin_addr
, buf
, sizeof(buf
)),
320 static int fixup_real_ip_socket(int sk
)
325 struct sockaddr_un sun
;
326 struct sockaddr_in sin
;
338 _(LINGER, struct linger) \
341 _(RCVTIMEO, struct timeval) \
342 _(SNDTIMEO, struct timeval)
345 if (real_getsockname(sk
, SA(&sun
), &len
))
347 if (decode_inet_addr(&sin
, &sun
, len
))
348 return (0); /* Not one of ours */
350 if (real_getsockopt(sk
, SOL_SOCKET
, SO_TYPE
, &type
, &len
) < 0 ||
351 (nsk
= real_socket(PF_INET
, type
, 0)) < 0)
353 #define FIX(opt, ty) do { \
356 if (real_getsockopt(sk, SOL_SOCKET, SO_##opt, &ov_, &len) < 0 || \
357 real_setsockopt(nsk, SOL_SOCKET, SO_##opt, &ov_, len)) { \
364 if ((f
= fcntl(sk
, F_GETFL
)) < 0 ||
365 (fd
= fcntl(sk
, F_GETFD
)) < 0 ||
366 fcntl(nsk
, F_SETFL
, f
) < 0 ||
371 unlink(sun
.sun_path
);
373 if (fcntl(sk
, F_SETFD
, fd
) < 0) {
374 perror("noip: fixup_real_ip_socket F_SETFD");
380 static int do_implicit_bind(int sk
, const struct sockaddr
**sa
,
381 socklen_t
*len
, struct sockaddr_un
*sun
)
383 struct sockaddr_in sin
;
384 socklen_t mylen
= sizeof(*sun
);
386 if (acl_allows_p(connect_real
, SIN(*sa
))) {
387 if (fixup_real_ip_socket(sk
))
390 if (real_getsockname(sk
, SA(sun
), &mylen
) < 0)
392 if (sun
->sun_family
== AF_UNIX
) {
393 if (mylen
< sizeof(*sun
)) ((char *)sun
)[mylen
] = 0;
394 if (!sun
->sun_path
[0]) {
395 sin
.sin_family
= AF_INET
;
396 sin
.sin_addr
.s_addr
= INADDR_LOOPBACK
;
398 encode_inet_addr(sun
, &sin
, WANT_FRESH
);
399 if (real_bind(sk
, SA(sun
), SUN_LEN(sun
)))
402 encode_inet_addr(sun
, SIN(*sa
), WANT_EXISTING
);
410 static void return_fake_name(struct sockaddr
*sa
, socklen_t len
,
411 struct sockaddr
*fake
, socklen_t
*fakelen
)
413 struct sockaddr_in sin
;
416 if (sa
->sa_family
== AF_UNIX
&& !decode_inet_addr(&sin
, SUN(sa
), len
)) {
424 memcpy(fake
, sa
, len
);
428 /* --- Configuration --- */
430 static char *home(void)
435 if ((p
= getenv("HOME")) != 0) return (p
);
436 else if ((pw
= getpwuid(uid
)) != 0) return (pw
->pw_dir
);
437 else return "/notexist";
440 static char *tmpdir(void)
444 if ((p
= getenv("TMPDIR")) != 0) return (p
);
445 else if ((p
= getenv("TMP")) != 0) return (p
);
446 else return ("/tmp");
449 static char *user(void)
455 if ((p
= getenv("USER")) != 0) return (p
);
456 else if ((p
= getenv("LOGNAME")) != 0) return (p
);
457 else if ((pw
= getpwuid(uid
)) != 0) return (pw
->pw_name
);
459 snprintf(buf
, sizeof(buf
), "uid-%lu", (unsigned long)uid
);
464 #define SKIPSPC do { while (*p && isspace(UC(*p))) p++; } while (0)
465 #define NEXTWORD(q) do { \
468 while (*p && !isspace(UC(*p))) p++; \
471 #define NEXTADDR(q, del) do { \
474 while (*p && (*p == '.' || isdigit(UC(*p)))) p++; \
478 #define NEXTNUMBER(q, del) do { \
481 while (*p && isdigit(UC(*p))) p++; \
485 #define RESCAN(del) do { if (del) *--p = del; } while (0)
486 #define KWMATCHP(kw) (strncmp(p, kw, sizeof(kw) - 1) == 0 && \
487 !isalnum(UC(p[sizeof(kw) - 1])) && \
488 (p += sizeof(kw) - 1))
490 static void parse_ports(char **pp
, unsigned short *min
, unsigned short *max
)
515 #define ACLNODE(tail_, act_, \
516 minaddr_, maxaddr_, minport_, maxport_) do { \
520 a_->minaddr = minaddr_; a_->maxaddr = maxaddr_; \
521 a_->minport = minport_; a_->maxport = maxport_; \
522 *tail_ = a_; tail_ = &a_->next; \
525 static void parse_acl_line(char **pp
, aclnode
***tail
)
528 unsigned long minaddr
, maxaddr
, mask
;
529 unsigned short minport
, maxport
;
537 if (*p
== '+') act
= ALLOW
;
538 else if (*p
== '-') act
= DENY
;
543 if (KWMATCHP("any")) {
545 maxaddr
= 0xffffffff;
547 } else if (KWMATCHP("local")) {
548 parse_ports(&p
, &minport
, &maxport
);
549 ACLNODE(*tail
, act
, 0, 0, minport
, maxport
);
550 ACLNODE(*tail
, act
, 0xffffffff, 0xffffffff, minport
, maxport
);
551 for (i
= 0; i
< n_local_ipaddrs
; i
++) {
552 minaddr
= ntohl(local_ipaddrs
[i
].s_addr
);
553 ACLNODE(*tail
, act
, minaddr
, minaddr
, minport
, maxport
);
558 maxaddr
= 0xffffffff;
561 if (inet_pton(AF_INET
, q
, &addr
) <= 0) goto bad
;
562 minaddr
= ntohl(addr
.s_addr
);
568 if (inet_pton(AF_INET
, q
, &addr
) <= 0) goto bad
;
570 maxaddr
= ntohl(addr
.s_addr
);
571 } else if (*p
== '/') {
574 if (strchr(q
, '.')) {
575 if (inet_pton(AF_INET
, q
, &addr
) <= 0) goto bad
;
576 mask
= ntohl(addr
.s_addr
);
579 mask
= (~0ul << (32 - n
)) & 0xffffffff;
583 maxaddr
= minaddr
| (mask
^ 0xffffffff);
588 parse_ports(&p
, &minport
, &maxport
);
589 ACLNODE(*tail
, act
, minaddr
, maxaddr
, minport
, maxport
);
594 D( fprintf(stderr
, "noip: bad acl spec (ignored)\n"); )
598 static void readconfig(void)
605 if ((p
= getenv("NOIP_CONFIG")) == 0)
606 snprintf(p
= buf
, sizeof(buf
), "%s/.noip", home());
607 D( fprintf(stderr
, "noip: config file: %s\n", p
); )
608 if ((fp
= fopen(p
, "r")) == 0)
611 while (fgets(buf
, sizeof(buf
), fp
)) {
616 if (!*p
|| *p
== '#') continue;
617 while (n
&& isspace(UC(buf
[n
- 1]))) n
--;
622 if (strcmp(cmd
, "socketdir") == 0)
623 sockdir
= xstrdup(p
);
624 else if (strcmp(cmd
, "realbind") == 0)
625 parse_acl_line(&p
, &bind_tail
);
626 else if (strcmp(cmd
, "realconnect") == 0)
627 parse_acl_line(&p
, &connect_tail
);
628 else if (strcmp(cmd
, "debug") == 0)
629 debug
= *p ?
atoi(p
) : 1;
631 D( fprintf(stderr
, "noip: bad config command %s\n", cmd
); )
639 snprintf(buf
, sizeof(buf
), "%s/noip-%s", tmpdir(), user());
640 sockdir
= xstrdup(buf
);
642 D( fprintf(stderr
, "noip: sockdir: %s\n", sockdir
);
643 fprintf(stderr
, "noip: realbind acl:\n");
645 fprintf(stderr
, "noip: realconnect acl:\n");
646 dump_acl(connect_real
); )
651 int socket(int pf
, int ty
, int proto
)
657 return real_socket(pf
, ty
, proto
);
660 int socketpair(int pf
, int ty
, int proto
, int *sk
)
666 return (real_socketpair(pf
, ty
, proto
, sk
));
669 int bind(int sk
, const struct sockaddr
*sa
, socklen_t len
)
671 struct sockaddr_un sun
;
673 if (sa
->sa_family
== AF_INET
) {
675 if (acl_allows_p(bind_real
, SIN(sa
))) {
676 if (fixup_real_ip_socket(sk
))
679 encode_inet_addr(&sun
, SIN(sa
), WANT_FRESH
);
685 return real_bind(sk
, sa
, len
);
688 int connect(int sk
, const struct sockaddr
*sa
, socklen_t len
)
690 struct sockaddr_un sun
;
692 if (sa
->sa_family
== AF_INET
) {
694 do_implicit_bind(sk
, &sa
, &len
, &sun
);
697 return real_connect(sk
, sa
, len
);
700 ssize_t
sendto(int sk
, const void *buf
, size_t len
, int flags
,
701 const struct sockaddr
*to
, socklen_t tolen
)
703 struct sockaddr_un sun
;
705 if (to
&& to
->sa_family
== AF_INET
) {
707 do_implicit_bind(sk
, &to
, &tolen
, &sun
);
710 return real_sendto(sk
, buf
, len
, flags
, to
, tolen
);
713 ssize_t
recvfrom(int sk
, void *buf
, size_t len
, int flags
,
714 struct sockaddr
*from
, socklen_t
*fromlen
)
717 socklen_t mylen
= sizeof(sabuf
);
721 return real_recvfrom(sk
, buf
, len
, flags
, 0, 0);
723 n
= real_recvfrom(sk
, buf
, len
, flags
, SA(sabuf
), &mylen
);
726 return_fake_name(SA(sabuf
), mylen
, from
, fromlen
);
731 ssize_t
sendmsg(int sk
, const struct msghdr
*msg
, int flags
)
733 struct sockaddr_un sun
;
734 const struct sockaddr
*sa
;
737 if (msg
->msg_name
&& SA(msg
->msg_name
)->sa_family
== AF_INET
) {
739 sa
= SA(msg
->msg_name
);
741 do_implicit_bind(sk
, &sa
, &mymsg
.msg_namelen
, &sun
);
742 mymsg
.msg_name
= SA(sa
);
746 return real_sendmsg(sk
, msg
, flags
);
749 ssize_t
recvmsg(int sk
, struct msghdr
*msg
, int flags
)
757 return real_recvmsg(sk
, msg
, flags
);
759 sa
= SA(msg
->msg_name
);
760 len
= msg
->msg_namelen
;
761 msg
->msg_name
= sabuf
;
762 msg
->msg_namelen
= sizeof(sabuf
);
763 n
= real_recvmsg(sk
, msg
, flags
);
766 return_fake_name(SA(sabuf
), msg
->msg_namelen
, sa
, &len
);
768 msg
->msg_namelen
= len
;
773 int accept(int sk
, struct sockaddr
*sa
, socklen_t
*len
)
776 socklen_t mylen
= sizeof(sabuf
);
777 int nsk
= real_accept(sk
, SA(sabuf
), &mylen
);
781 return_fake_name(SA(sabuf
), mylen
, sa
, len
);
785 int getsockname(int sk
, struct sockaddr
*sa
, socklen_t
*len
)
789 socklen_t mylen
= sizeof(sabuf
);
790 if (real_getsockname(sk
, SA(sabuf
), &mylen
))
792 return_fake_name(SA(sabuf
), mylen
, sa
, len
);
797 int getpeername(int sk
, struct sockaddr
*sa
, socklen_t
*len
)
801 socklen_t mylen
= sizeof(sabuf
);
802 if (real_getpeername(sk
, SA(sabuf
), &mylen
))
804 return_fake_name(SA(sabuf
), mylen
, sa
, len
);
809 int getsockopt(int sk
, int lev
, int opt
, void *p
, socklen_t
*len
)
819 return real_getsockopt(sk
, lev
, opt
, p
, len
);
822 int setsockopt(int sk
, int lev
, int opt
, const void *p
, socklen_t len
)
831 case SO_BINDTODEVICE
:
832 case SO_ATTACH_FILTER
:
833 case SO_DETACH_FILTER
:
836 return real_setsockopt(sk
, lev
, opt
, p
, len
);
839 /* --- Initialization --- */
841 static void cleanup_sockdir(void)
845 struct sockaddr_un sun
;
847 if ((dir
= opendir(sockdir
)) == 0)
849 while ((d
= readdir(dir
)) != 0) {
850 if (d
->d_name
[0] == '.') continue;
851 snprintf(sun
.sun_path
, sizeof(sun
.sun_path
),
852 "%s/%s", sockdir
, d
->d_name
);
853 if (unix_socket_status(&sun
, 0) == STALE
) {
854 D( fprintf(stderr
, "noip: clearing away stale socket %s\n",
856 unlink(sun
.sun_path
);
862 static void get_local_ipaddrs(void)
864 struct if_nameindex
*ifn
;
869 ifn
= if_nameindex();
870 if ((sk
= real_socket(PF_INET
, SOCK_STREAM
, 00)) < 0)
872 for (i
= n_local_ipaddrs
= 0;
873 n_local_ipaddrs
< MAX_LOCAL_IPADDRS
&&
874 ifn
[i
].if_name
&& *ifn
[i
].if_name
;
876 strcpy(ifr
.ifr_name
, ifn
[i
].if_name
);
877 if (ioctl(sk
, SIOCGIFADDR
, &ifr
) || ifr
.ifr_addr
.sa_family
!= AF_INET
)
879 local_ipaddrs
[n_local_ipaddrs
++] =
880 SIN(&ifr
.ifr_addr
)->sin_addr
;
881 D( fprintf(stderr
, "noip: local addr %s = %s\n", ifn
[i
].if_name
,
882 inet_ntoa(local_ipaddrs
[n_local_ipaddrs
- 1])); )
887 static void setup(void)
894 if ((p
= getenv("NOIP_DEBUG")) && atoi(p
))
898 mkdir(sockdir
, 0700);