Commit | Line | Data |
---|---|---|
9dcdc856 MW |
1 | /* -*-c-*- |
2 | * | |
bf4d9761 | 3 | * Discover the owner of a connection (Linux version) |
9dcdc856 MW |
4 | * |
5 | * (c) 2012 Straylight/Edgeware | |
6 | */ | |
7 | ||
8 | /*----- Licensing notice --------------------------------------------------* | |
9 | * | |
10 | * This file is part of Yet Another Ident Daemon (YAID). | |
11 | * | |
12 | * YAID is free software; you can redistribute it and/or modify | |
13 | * it under the terms of the GNU General Public License as published by | |
14 | * the Free Software Foundation; either version 2 of the License, or | |
15 | * (at your option) any later version. | |
16 | * | |
17 | * YAID is distributed in the hope that it will be useful, | |
18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
20 | * GNU General Public License for more details. | |
21 | * | |
22 | * You should have received a copy of the GNU General Public License | |
23 | * along with YAID; if not, write to the Free Software Foundation, | |
24 | * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
25 | */ | |
26 | ||
27 | /*----- Header files ------------------------------------------------------*/ | |
28 | ||
9da480be | 29 | #include "yaid.h" |
9dcdc856 MW |
30 | |
31 | /*----- Static variables --------------------------------------------------*/ | |
32 | ||
b093b41d MW |
33 | static FILE *natfp; |
34 | ||
35 | /*----- Address-type operations -------------------------------------------*/ | |
36 | ||
bf4d9761 MW |
37 | struct addrops_sys { |
38 | const char *procfile; | |
2a9b8d4a | 39 | const char *nfl3name; |
bf4d9761 | 40 | int (*parseaddr)(char **, union addr *); |
9dcdc856 MW |
41 | }; |
42 | ||
3b1bed1d | 43 | #define PROCFILE_IPV4 "/proc/net/tcp" |
2a9b8d4a | 44 | #define NFL3NAME_IPV4 "ipv4" |
3b1bed1d | 45 | |
bf4d9761 | 46 | static int parseaddr_ipv4(char **pp, union addr *a) |
9da480be | 47 | { a->ipv4.s_addr = strtoul(*pp, pp, 16); return (0); } |
9dcdc856 | 48 | |
3b1bed1d | 49 | #define PROCFILE_IPV6 "/proc/net/tcp6" |
2a9b8d4a | 50 | #define NFL3NAME_IPV6 "ipv6" |
9dcdc856 | 51 | |
bf4d9761 | 52 | static int parseaddr_ipv6(char **pp, union addr *a) |
9da480be MW |
53 | { |
54 | int i, j; | |
55 | unsigned long y; | |
56 | char *p = *pp; | |
57 | unsigned x; | |
58 | ||
59 | for (i = 0; i < 4; i++) { | |
60 | y = 0; | |
61 | for (j = 0; j < 8; j++) { | |
62 | if ('0' <= *p && *p <= '9') x = *p - '0'; | |
63 | else if ('a' <= *p && *p <= 'f') x = *p - 'a'+ 10; | |
64 | else if ('A' <= *p && *p <= 'F') x = *p - 'A'+ 10; | |
65 | else return (-1); | |
66 | y = (y << 4) | x; | |
67 | p++; | |
68 | } | |
69 | a->ipv6.s6_addr32[i] = y; | |
70 | } | |
71 | *pp = p; | |
72 | return (0); | |
73 | } | |
74 | ||
3b1bed1d MW |
75 | #define DEFOPSYS(ty, TY) \ |
76 | const struct addrops_sys addrops_sys_##ty = { \ | |
2a9b8d4a | 77 | PROCFILE_##TY, NFL3NAME_##TY, parseaddr_##ty \ |
3b1bed1d MW |
78 | }; |
79 | ADDRTYPES(DEFOPSYS) | |
80 | #undef DEFOPSYS | |
9dcdc856 MW |
81 | |
82 | /*----- Main code ---------------------------------------------------------*/ | |
83 | ||
77fb54ff | 84 | static int get_default_gw(int af, union addr *a) |
9dcdc856 | 85 | { |
9da480be MW |
86 | int fd; |
87 | char buf[32768]; | |
88 | struct nlmsghdr *nlmsg; | |
89 | struct rtgenmsg *rtgen; | |
90 | const struct rtattr *rta; | |
91 | const struct rtmsg *rtm; | |
92 | ssize_t n, nn; | |
93 | int rc = 0; | |
94 | static unsigned long seq = 0x48b4aec4; | |
95 | ||
96 | if ((fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE)) < 0) | |
97 | die(1, "failed to create netlink socket: %s", strerror(errno)); | |
98 | ||
99 | nlmsg = (struct nlmsghdr *)buf; | |
100 | assert(NLMSG_SPACE(sizeof(*rtgen)) < sizeof(buf)); | |
101 | nlmsg->nlmsg_len = NLMSG_LENGTH(sizeof(*rtgen)); | |
102 | nlmsg->nlmsg_type = RTM_GETROUTE; | |
103 | nlmsg->nlmsg_flags = NLM_F_REQUEST | NLM_F_ROOT; | |
104 | nlmsg->nlmsg_seq = ++seq; | |
105 | nlmsg->nlmsg_pid = 0; | |
106 | ||
107 | rtgen = (struct rtgenmsg *)NLMSG_DATA(nlmsg); | |
108 | rtgen->rtgen_family = af; | |
109 | ||
110 | if (write(fd, nlmsg, nlmsg->nlmsg_len) < 0) | |
111 | die(1, "failed to send RTM_GETROUTE request: %s", strerror(errno)); | |
9dcdc856 | 112 | |
9da480be MW |
113 | for (;;) { |
114 | if ((n = read(fd, buf, sizeof(buf))) < 0) | |
115 | die(1, "failed to read RTM_GETROUTE response: %s", strerror(errno)); | |
116 | nlmsg = (struct nlmsghdr *)buf; | |
117 | if (nlmsg->nlmsg_seq != seq) continue; | |
118 | assert(nlmsg->nlmsg_flags & NLM_F_MULTI); | |
119 | ||
120 | for (; NLMSG_OK(nlmsg, n); nlmsg = NLMSG_NEXT(nlmsg, n)) { | |
121 | if (nlmsg->nlmsg_type == NLMSG_DONE) goto done; | |
122 | if (nlmsg->nlmsg_type != RTM_NEWROUTE) continue; | |
123 | rtm = (const struct rtmsg *)NLMSG_DATA(nlmsg); | |
124 | ||
125 | if (rtm->rtm_family != af || | |
126 | rtm->rtm_dst_len > 0 || | |
127 | rtm->rtm_src_len > 0 || | |
128 | rtm->rtm_type != RTN_UNICAST || | |
129 | rtm->rtm_scope != RT_SCOPE_UNIVERSE || | |
130 | rtm->rtm_tos != 0) | |
131 | continue; | |
9dcdc856 | 132 | |
9da480be MW |
133 | for (rta = RTM_RTA(rtm), nn = RTM_PAYLOAD(nlmsg); |
134 | RTA_OK(rta, nn); rta = RTA_NEXT(rta, nn)) { | |
135 | if (rta->rta_type == RTA_GATEWAY) { | |
136 | assert(RTA_PAYLOAD(rta) <= sizeof(*a)); | |
137 | memcpy(a, RTA_DATA(rta), RTA_PAYLOAD(rta)); | |
138 | rc = 1; | |
139 | } | |
140 | } | |
141 | } | |
142 | } | |
9dcdc856 | 143 | |
9da480be MW |
144 | done: |
145 | close(fd); | |
146 | return (rc); | |
9dcdc856 MW |
147 | } |
148 | ||
9da480be | 149 | void identify(struct query *q) |
9dcdc856 | 150 | { |
9dcdc856 MW |
151 | FILE *fp = 0; |
152 | dstr d = DSTR_INIT; | |
153 | char *p, *pp; | |
154 | struct socket s[4]; | |
155 | int i; | |
9da480be | 156 | int gwp = 0; |
9dcdc856 MW |
157 | unsigned fl; |
158 | #define F_SADDR 1u | |
159 | #define F_SPORT 2u | |
160 | #define F_DADDR 4u | |
161 | #define F_DPORT 8u | |
162 | #define F_ALL (F_SADDR | F_SPORT | F_DADDR | F_DPORT) | |
163 | #define F_ESTAB 16u | |
164 | uid_t uid; | |
165 | enum { LOC, REM, ST, UID, NFIELD }; | |
166 | int f, ff[NFIELD]; | |
167 | ||
bf4d9761 MW |
168 | if (get_default_gw(q->ao->af, &s[0].addr) && |
169 | q->ao->addreq(&s[0].addr, &q->s[R].addr)) | |
9da480be MW |
170 | gwp = 1; |
171 | ||
bf4d9761 | 172 | if ((fp = fopen(q->ao->sys->procfile, "r")) == 0) { |
9dcdc856 | 173 | logmsg(q, LOG_ERR, "failed to open `%s' for reading: %s", |
bf4d9761 | 174 | q->ao->sys->procfile, strerror(errno)); |
9dcdc856 MW |
175 | goto err_unk; |
176 | } | |
177 | ||
178 | #define NEXTFIELD do { \ | |
179 | for (p = pp; isspace((unsigned char)*p); p++); \ | |
180 | for (pp = p; *pp && !isspace((unsigned char)*pp); pp++); \ | |
181 | if (*pp) *pp++ = 0; \ | |
182 | } while (0) | |
183 | ||
184 | if (dstr_putline(&d, fp) == EOF) { | |
185 | logmsg(q, LOG_ERR, "failed to read header line from `%s': %s", | |
bf4d9761 MW |
186 | q->ao->sys->procfile, |
187 | ferror(fp) ? strerror(errno) : "unexpected EOF"); | |
9dcdc856 MW |
188 | goto err_unk; |
189 | } | |
190 | ||
191 | for (i = 0; i < NFIELD; i++) ff[i] = -1; | |
192 | pp = d.buf; | |
193 | for (f = 0;; f++) { | |
194 | NEXTFIELD; if (!*p) break; | |
195 | if (strcmp(p, "local_address") == 0) | |
196 | ff[LOC] = f; | |
197 | else if (strcmp(p, "rem_address") == 0 || | |
198 | strcmp(p, "remote_address") == 0) | |
199 | ff[REM] = f; | |
200 | else if (strcmp(p, "uid") == 0) | |
201 | ff[UID] = f; | |
202 | else if (strcmp(p, "st") == 0) | |
203 | ff[ST] = f; | |
204 | else if (strcmp(p, "rx_queue") == 0 || | |
205 | strcmp(p, "tm->when") == 0) | |
206 | f--; | |
207 | } | |
208 | for (i = 0; i < NFIELD; i++) { | |
209 | if (ff[i] < 0) { | |
210 | logmsg(q, LOG_ERR, "failed to find required fields in `%s'", | |
bf4d9761 | 211 | q->ao->sys->procfile); |
9dcdc856 MW |
212 | goto err_unk; |
213 | } | |
214 | } | |
215 | ||
216 | for (;;) { | |
217 | DRESET(&d); | |
218 | if (dstr_putline(&d, fp) == EOF) break; | |
219 | pp = d.buf; | |
220 | uid = -1; | |
221 | for (f = 0;; f++) { | |
222 | NEXTFIELD; if (!*p) break; | |
223 | if (f == ff[LOC]) { i = L; goto compare; } | |
224 | else if (f == ff[REM]) { i = R; goto compare; } | |
225 | else if (f == ff[UID]) uid = atoi(p); | |
226 | else if (f == ff[ST]) { | |
227 | if (strtol(p, 0, 16) != 1) goto next_row; | |
228 | } | |
229 | continue; | |
230 | ||
231 | compare: | |
bf4d9761 | 232 | if (q->ao->sys->parseaddr(&p, &s[0].addr)) goto next_row; |
9dcdc856 MW |
233 | if (*p != ':') break; p++; |
234 | s[0].port = strtoul(p, 0, 16); | |
bf4d9761 | 235 | if (!sockeq(q->ao, &q->s[i], &s[0]) && |
9da480be MW |
236 | (i != R || !gwp || q->s[R].port != s[0].port)) |
237 | goto next_row; | |
9dcdc856 MW |
238 | } |
239 | if (uid != -1) { | |
9da480be MW |
240 | q->resp = R_UID; |
241 | q->u.uid = uid; | |
9dcdc856 MW |
242 | goto done; |
243 | } | |
244 | next_row:; | |
245 | } | |
246 | ||
247 | if (ferror(fp)) { | |
b093b41d MW |
248 | logmsg(q, LOG_ERR, "failed to read connection table `%s': %s", |
249 | q->ao->sys->procfile, strerror(errno)); | |
9dcdc856 MW |
250 | goto err_unk; |
251 | } | |
252 | ||
2a9b8d4a | 253 | if (natfp) { |
b093b41d | 254 | rewind(natfp); |
9dcdc856 MW |
255 | |
256 | for (;;) { | |
257 | DRESET(&d); | |
b093b41d | 258 | if (dstr_putline(&d, natfp) == EOF) break; |
9dcdc856 | 259 | pp = d.buf; |
2a9b8d4a MW |
260 | |
261 | NEXTFIELD; if (!*p) break; | |
262 | if (strcmp(p, q->ao->sys->nfl3name)) continue; | |
263 | NEXTFIELD; if (!*p) break; | |
9dcdc856 MW |
264 | NEXTFIELD; if (!*p) break; |
265 | if (strcmp(p, "tcp") != 0) continue; | |
266 | i = 0; | |
267 | fl = 0; | |
268 | for (;;) { | |
269 | NEXTFIELD; if (!*p) break; | |
270 | if (strcmp(p, "ESTABLISHED") == 0) | |
271 | fl |= F_ESTAB; | |
272 | else if (strncmp(p, "src=", 4) == 0) { | |
2a9b8d4a | 273 | inet_pton(q->ao->af, p + 4, &s[i].addr); |
9dcdc856 MW |
274 | fl |= F_SADDR; |
275 | } else if (strncmp(p, "dst=", 4) == 0) { | |
2a9b8d4a | 276 | inet_pton(q->ao->af, p + 4, &s[i + 1].addr); |
9dcdc856 MW |
277 | fl |= F_DADDR; |
278 | } else if (strncmp(p, "sport=", 6) == 0) { | |
279 | s[i].port = atoi(p + 6); | |
280 | fl |= F_SPORT; | |
281 | } else if (strncmp(p, "dport=", 6) == 0) { | |
282 | s[i + 1].port = atoi(p + 6); | |
283 | fl |= F_DPORT; | |
284 | } | |
285 | if ((fl & F_ALL) == F_ALL) { | |
286 | fl &= ~F_ALL; | |
287 | if (i < 4) i += 2; | |
288 | else break; | |
289 | } | |
290 | } | |
291 | ||
292 | #ifdef notdef | |
293 | { | |
294 | dstr dd = DSTR_INIT; | |
295 | dstr_putf(&dd, "%sestab ", (fl & F_ESTAB) ? " " : "!"); | |
bf4d9761 | 296 | dputsock(&dd, q->ao, &s[0]); |
9dcdc856 | 297 | dstr_puts(&dd, "<->"); |
bf4d9761 | 298 | dputsock(&dd, q->ao, &s[1]); |
9dcdc856 | 299 | dstr_puts(&dd, " | "); |
bf4d9761 | 300 | dputsock(&dd, q->ao, &s[2]); |
9dcdc856 | 301 | dstr_puts(&dd, "<->"); |
bf4d9761 | 302 | dputsock(&dd, q->ao, &s[3]); |
9dcdc856 MW |
303 | printf("parsed: %s\n", dd.buf); |
304 | dstr_destroy(&dd); | |
305 | } | |
306 | #endif | |
307 | ||
308 | if (!(fl & F_ESTAB)) continue; | |
309 | ||
310 | for (i = 0; i < 4; i++) | |
bf4d9761 | 311 | if (sockeq(q->ao, &s[i], &q->s[L])) goto found_local; |
9dcdc856 MW |
312 | continue; |
313 | putchar('.'); | |
314 | found_local: | |
bf4d9761 MW |
315 | if (!sockeq(q->ao, &s[i^1], &s[i^2]) || |
316 | !sockeq(q->ao, &s[i^1], &q->s[R])) | |
9dcdc856 | 317 | continue; |
9da480be MW |
318 | q->resp = R_NAT; |
319 | q->u.nat = s[i^3]; | |
9dcdc856 MW |
320 | goto done; |
321 | } | |
322 | ||
2a9b8d4a | 323 | /* Reached the end of the NAT file. */ |
b093b41d | 324 | if (ferror(natfp)) { |
2a9b8d4a | 325 | logmsg(q, LOG_ERR, "failed to read `/proc/net/nf_conntrack': %s", |
9dcdc856 MW |
326 | strerror(errno)); |
327 | goto err_unk; | |
328 | } | |
329 | } | |
330 | ||
331 | #undef NEXTFIELD | |
332 | ||
b093b41d | 333 | logmsg(q, LOG_NOTICE, "connection not found"); |
9da480be MW |
334 | q->resp = R_ERROR; |
335 | q->u.error = E_NOUSER; | |
9dcdc856 MW |
336 | goto done; |
337 | err_unk: | |
9da480be MW |
338 | q->resp = R_ERROR; |
339 | q->u.error = E_UNKNOWN; | |
9dcdc856 MW |
340 | done: |
341 | dstr_destroy(&d); | |
60150b4c | 342 | if (fp) fclose(fp); |
9dcdc856 MW |
343 | } |
344 | ||
b093b41d MW |
345 | void init_sys(void) |
346 | { | |
2a9b8d4a | 347 | if ((natfp = fopen("/proc/net/nf_conntrack", "r")) == 0 && |
b093b41d | 348 | errno != ENOENT) { |
2a9b8d4a | 349 | die(1, "failed to open `/proc/net/nf_conntrack' for reading: %s", |
b093b41d MW |
350 | strerror(errno)); |
351 | } | |
352 | } | |
353 | ||
9dcdc856 | 354 | /*----- That's all, folks -------------------------------------------------*/ |