#include <sys/wait.h>
#include <netinet/in.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <arpa/inet.h>
+
#define STDERRSTR_CONST(m) write(2,m,sizeof(m)-1)
#define STDERRSTR_STRING(m) write(2,m,strlen(m))
}
#define socket_args int domain, int type, int protocol
-#define WRAPS(X) X(socket, (domain,type,protocol))
+#define bind_args int fd, const struct sockaddr *addr, socklen_t addrlen
+#define WRAPS(X) \
+ X(socket, (domain,type,protocol)) \
+ X(bind, (fd,addr,addrlen))
#define DEF_OLD(fn,args) \
typedef int fn##_fn_type(fn##_args); \
#define WRAP(fn) int fn(fn##_args)
-WRAP(socket) {
- errno=EMSGSIZE; return -1;
-}
-
-#if 0
-WRAP(bind, (int fd, const struct sockaddr *addr, socklen_t addrlen), {
-
-});
-
-static bindfn_type find_bind, *old_bind= find_bind;
+typedef struct{
+ int af;
+} fdinfo;
+static fdinfo **table;
+static int tablesz;
-int find_bind(int fd, const struct sockaddr *addr, socklen_t addrlen) {
- anyfn_type *anyfn;
- anyfn= find_any("bind"); if (!anyfn) return -1;
- old_bind= (bindfn_type*)anyfn;
- return old_bind(fd,addr,addrlen);
+static fdinfo *lookup(int fd) {
+ if (fd>=tablesz) return 0;
+ return table[fd];
}
-static int exiterrno(int e) {
- _exit(e>0 && e<128 ? e : -1);
-}
-
-static void removepreload(void) {
- const char *myself, *found;
- char *newval, *preload;
- int lpreload, lmyself, before, after;
-
- preload= getenv(PRELOAD_VAR);
- myself= getenv(AUTHBINDLIB_VAR);
- if (!myself || !preload) return;
-
- lpreload= strlen(preload);
- lmyself= strlen(myself);
-
- if (lmyself < 1 || lpreload<lmyself) return;
- if (lpreload==lmyself) {
- if (!strcmp(preload,myself)) unsetenv(PRELOAD_VAR);
- return;
- }
- if (!memcmp(preload,myself,lmyself) && preload[lmyself]==':') {
- before= 0; after= lpreload-(lmyself+1);
- } else if (!memcmp(preload+lpreload-lmyself,myself,lmyself) &&
- preload[lpreload-(lmyself+1)]==':') {
- before= lpreload-(lmyself+1); after= 0;
- } else {
- if (lpreload<lmyself+2) return;
- found= preload+1;
- for (;;) {
- found= strstr(found,myself); if (!found) return;
- if (found > preload+lpreload-(lmyself+1)) return;
- if (found[-1]==':' && found[lmyself]==':') break;
- found++;
+#define ADDRPORTSTRLEN (INET6_ADDRSTRLEN+1+5) /* not including nul */
+
+static int addrport2str(char buf[ADDRPORTSTRLEN+1],
+ const struct sockaddr *addr, socklen_t addrlen) {
+ const void *addrv=addr;
+ const void *iav;
+ const struct sockaddr_in *sin;
+ const struct sockaddr_in6 *sin6;
+ uint16_t port;
+ socklen_t el;
+ switch (addr->sa_family) {
+ case AF_INET: sin =addrv; el=sizeof(*sin ); iav=&sin ->sin_addr ; port=sin ->sin_port ; break;
+ case AF_INET6: sin6=addrv; el=sizeof(*sin6); iav=&sin6->sin6_addr; port=sin6->sin6_port; break;
+ default: errno=ESRCH; return -1;
}
- before= found-preload;
- after= lpreload-(before+lmyself+1);
- }
- newval= malloc(before+after+1);
- if (newval) {
- memcpy(newval,preload,before);
- strcpy(newval+before,preload+lpreload-after);
- if (setenv(PRELOAD_VAR,newval,1)) return;
- free(newval);
- }
- strcpy(preload+before,preload+lpreload-after);
- return;
+//fprintf(stderr,"af=%lu el=%lu addrlen=%lu\n",
+// (unsigned long)addr->sa_family,
+// (unsigned long)el,
+// (unsigned long)addrlen);
+ if (addrlen!=el) { errno=EINVAL; return -1; }
+ char *p=buf;
+ if (!inet_ntop(addr->sa_family,iav,p,INET6_ADDRSTRLEN)) return -1;
+ p+=strlen(p);
+ sprintf(p,",%u",(unsigned)ntohs(port));
+ return 0;
}
-int _init(void);
-int _init(void) {
- char *levels;
- int levelno;
-
- /* If AUTHBIND_LEVELS is
- * unset => always strip from preload
- * set and starts with `y' => never strip from preload, keep AUTHBIND_LEVELS
- * set to integer > 1 => do not strip now, subtract one from AUTHBIND_LEVELS
- * set to integer 1 => do not strip now, unset AUTHBIND_LEVELS
- * set to empty string or 0 => strip now, unset AUTHBIND_LEVELS
- */
- levels= getenv(AUTHBIND_LEVELS_VAR);
- if (levels) {
- if (levels[0]=='y') return 0;
- levelno= atoi(levels);
- if (levelno > 0) {
- levelno--;
- if (levelno > 0) sprintf(levels,"%d",levelno);
- else unsetenv(AUTHBIND_LEVELS_VAR);
- return 0;
+WRAP(socket) {
+ if (!((domain==AF_INET || domain==AF_INET6) &&
+ type==SOCK_DGRAM))
+ return old_socket(domain,type,protocol);
+ int fd=socket(AF_UNIX,SOCK_DGRAM,0);
+ if (fd<0) return fd;
+ if (fd>=tablesz) {
+ int newsz=(fd+1)*2;
+ table=realloc(table,newsz*sizeof(*table));
+ if (!table) goto fail;
+ while (tablesz<newsz) table[tablesz++]=0;
}
- unsetenv(AUTHBIND_LEVELS_VAR);
- }
- removepreload();
- return 0;
+ free(table[fd]);
+ table[fd]=malloc(sizeof(*table[fd]));
+ if (!table[fd]) goto fail;
+ table[fd]->af=domain;
+ return fd;
+
+ fail:
+ close(fd);
+ return -1;
}
-static const int evilsignals[]= { SIGFPE, SIGILL, SIGSEGV, SIGBUS, 0 };
-
-int bind(int fd, const struct sockaddr *addr, socklen_t addrlen) {
- pid_t child, rchild;
- char portarg[5], addrarg[33];
- const char *afarg;
- int i, r, status, restore_sigchild;
- const int *evilsignal;
- sigset_t block, saved;
- struct sigaction old_sigchild;
- unsigned int portval;
-
- switch (addr->sa_family) {
- case AF_INET:
- portval = ((struct sockaddr_in*)addr)->sin_port;
- if (addrlen != sizeof(struct sockaddr_in)) goto bail;
- break;
- case AF_INET6:
- portval = ((struct sockaddr_in6*)addr)->sin6_port;
- if (addrlen != sizeof(struct sockaddr_in6)) goto bail;
- break;
- default:
- goto bail;
- }
-
- if (!geteuid() || portval == 0 || ntohs(portval) >= IPPORT_RESERVED) {
- bail:
- return old_bind(fd,addr,addrlen);
- }
-
- sigfillset(&block);
- for (evilsignal=evilsignals;
- *evilsignal;
- evilsignal++)
- sigdelset(&block,*evilsignal);
- if (sigprocmask(SIG_BLOCK,&block,&saved)) return -1;
-
- switch (addr->sa_family) {
- case AF_INET:
- afarg = 0;
- sprintf(addrarg,"%08lx",
- ((unsigned long)(((struct sockaddr_in*)addr)->sin_addr.s_addr))
- &0x0ffffffffUL);
- break;
- case AF_INET6:
- afarg = "6";
- for (i=0; i<16; i++)
- sprintf(addrarg+i*2,"%02x",
- ((struct sockaddr_in6*)addr)->sin6_addr.s6_addr[i]);
- break;
- default:
- abort();
- }
- sprintf(portarg,"%04x",
- portval&0x0ffff);
-
- restore_sigchild= 0;
- if (sigaction(SIGCHLD,NULL,&old_sigchild)) return -1;
- if (old_sigchild.sa_handler == SIG_IGN) {
- struct sigaction new_sigchild;
-
- new_sigchild.sa_handler= SIG_DFL;
- sigemptyset(&new_sigchild.sa_mask);
- new_sigchild.sa_flags= 0;
- if (sigaction(SIGCHLD,&new_sigchild,&old_sigchild)) return -1;
- restore_sigchild= 1;
- }
-
- child= fork(); if (child==-1) goto x_err;
-
- if (!child) {
- if (dup2(fd,0)) exiterrno(errno);
- removepreload();
- execl(HELPER,HELPER,addrarg,portarg,afarg,(char*)0);
- status= errno > 0 && errno < 127 ? errno : 127;
- STDERRSTR_CONST("libauthbind: possible installation problem - "
- "could not invoke " HELPER "\n");
- exiterrno(status);
- }
-
- rchild= waitpid(child,&status,0);
- if (rchild==-1) goto x_err;
- if (rchild!=child) { errno= ECHILD; goto x_err; }
-
- if (WIFEXITED(status)) {
- if (WEXITSTATUS(status)) {
- errno= WEXITSTATUS(status);
- if (errno >= 127) errno= ENXIO;
- goto x_err;
+WRAP(bind) {
+ fdinfo *ent=lookup(fd);
+ if (!ent) return old_bind(fd,addr,addrlen);
+ const char *dir = getenv("UDP_PRELOAD_DIR");
+ if (!dir) { errno=ECHILD; return -1; }
+ struct sockaddr_un sun;
+ memset(&sun,0,sizeof(sun));
+ sun.sun_family=AF_UNIX;
+ int dl = strlen(dir);
+ if (dl + 1 + ADDRPORTSTRLEN + 1 > sizeof(sun.sun_path)) {
+ errno=ENAMETOOLONG; return -1;
}
- r= 0;
- goto x;
- } else {
- errno= ENOSYS;
- goto x_err;
- }
-
-x_err:
- r= -1;
-x:
- if (sigprocmask(SIG_SETMASK,&saved,0)) abort();
- if (restore_sigchild) {
- if (sigaction(SIGCHLD,&old_sigchild,NULL)) return -1;
- if (old_sigchild.sa_handler == SIG_IGN) {
- int discard;
- while (waitpid(-1, &discard, WNOHANG) > 0)
- ;
- }
- }
- return r;
+ strcpy(sun.sun_path,dir);
+ char *p=sun.sun_path+dl;
+ *p++='/';
+ if (addrport2str(p,addr,addrlen)) return -1;
+//fprintf(stderr,"binding %s\n",sun.sun_path);
+ if (unlink(sun.sun_path) && errno!=ENOENT) return -1;
+ return old_bind(fd,(const void*)&sun,sizeof(sun));
}
-#endif
+
+//udp (test/tmp/outside.conf:19): setsockopt(,IPV6_V6ONLY,&1,): Operation not supported
~ianmdlvl / secnet.git / blobdiff