1
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2
/* lib/krad/remote.c - Protocol code for libkrad */
3
/*
4
 * Copyright 2013 Red Hat, Inc.  All rights reserved.
5
 *
6
 * Redistribution and use in source and binary forms, with or without
7
 * modification, are permitted provided that the following conditions are met:
8
 *
9
 *    1. Redistributions of source code must retain the above copyright
10
 *       notice, this list of conditions and the following disclaimer.
11
 *
12
 *    2. Redistributions in binary form must reproduce the above copyright
13
 *       notice, this list of conditions and the following disclaimer in
14
 *       the documentation and/or other materials provided with the
15
 *       distribution.
16
 *
17
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
18
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
19
 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
20
 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
21
 * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
23
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
24
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
25
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
26
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28
 */
29

30
#include <k5-int.h>
31
#include <k5-queue.h>
32
#include "internal.h"
33

34
#include <string.h>
35
#include <unistd.h>
36

37
#include <sys/un.h>
38

39
#define FLAGS_NONE  VERTO_EV_FLAG_NONE
40
#define FLAGS_READ  VERTO_EV_FLAG_IO_READ
41
#define FLAGS_WRITE VERTO_EV_FLAG_IO_WRITE
42
#define FLAGS_BASE  VERTO_EV_FLAG_PERSIST | VERTO_EV_FLAG_IO_ERROR
43

44
K5_TAILQ_HEAD(request_head, request_st);
45

46
typedef struct request_st request;
47
struct request_st {
48
    K5_TAILQ_ENTRY(request_st) list;
49
    krad_remote *rr;
50
    krad_packet *request;
51
    krad_cb cb;
52
    void *data;
53
    verto_ev *timer;
54
    int timeout;
55
    size_t retries;
56
    size_t sent;
57
};
58

59
struct krad_remote_st {
60
    krb5_context kctx;
61
    verto_ctx *vctx;
62
    int fd;
63
    verto_ev *io;
64
    char *secret;
65
    struct addrinfo *info;
66
    struct request_head list;
67
    char buffer_[KRAD_PACKET_SIZE_MAX];
68
    krb5_data buffer;
69
};
70

71
static void
72
on_io(verto_ctx *ctx, verto_ev *ev);
73

74
static void
75
on_timeout(verto_ctx *ctx, verto_ev *ev);
76

77
/* Iterate over the set of outstanding packets. */
78
static const krad_packet *
79
iterator(void *data, krb5_boolean cancel)
80
{
81
    request **rptr = data, *req = *rptr;
82

83
    if (cancel || req == NULL)
84
        return NULL;
85

86
    *rptr = K5_TAILQ_NEXT(req, list);
87
    return req->request;
88
}
89

90
/* Create a new request. */
91
static krb5_error_code
92
request_new(krad_remote *rr, krad_packet *rqst, int timeout, size_t retries,
93
            krad_cb cb, void *data, request **out)
94
{
95
    request *tmp;
96

97
    tmp = calloc(1, sizeof(request));
98
    if (tmp == NULL)
99
        return ENOMEM;
100

101
    tmp->rr = rr;
102
    tmp->request = rqst;
103
    tmp->cb = cb;
104
    tmp->data = data;
105
    tmp->timeout = timeout;
106
    tmp->retries = retries;
107

108
    *out = tmp;
109
    return 0;
110
}
111

112
/* Finish a request, calling the callback and freeing it. */
113
static inline void
114
request_finish(request *req, krb5_error_code retval,
115
               const krad_packet *response)
116
{
117
    if (retval != ETIMEDOUT)
118
        K5_TAILQ_REMOVE(&req->rr->list, req, list);
119

120
    req->cb(retval, req->request, response, req->data);
121

122
    if (retval != ETIMEDOUT) {
123
        krad_packet_free(req->request);
124
        verto_del(req->timer);
125
        free(req);
126
    }
127
}
128

129
/* Start the timeout timer for the request. */
130
static krb5_error_code
131
request_start_timer(request *r, verto_ctx *vctx)
132
{
133
    verto_del(r->timer);
134

135
    r->timer = verto_add_timeout(vctx, VERTO_EV_FLAG_NONE, on_timeout,
136
                                 r->timeout);
137
    if (r->timer != NULL)
138
        verto_set_private(r->timer, r, NULL);
139

140
    return (r->timer == NULL) ? ENOMEM : 0;
141
}
142

143
/* Disconnect from the remote host. */
144
static void
145
remote_disconnect(krad_remote *rr)
146
{
147
    if (rr->fd >= 0)
148
        close(rr->fd);
149
    verto_del(rr->io);
150
    rr->fd = -1;
151
    rr->io = NULL;
152
}
153

154
/* Add the specified flags to the remote. This automatically manages the
155
 * lifecycle of the underlying event. Also connects if disconnected. */
156
static krb5_error_code
157
remote_add_flags(krad_remote *remote, verto_ev_flag flags)
158
{
159
    verto_ev_flag curflags = VERTO_EV_FLAG_NONE;
160
    int i;
161

162
    flags &= (FLAGS_READ | FLAGS_WRITE);
163
    if (remote == NULL || flags == FLAGS_NONE)
164
        return EINVAL;
165

166
    /* If there is no connection, connect. */
167
    if (remote->fd < 0) {
168
        verto_del(remote->io);
169
        remote->io = NULL;
170

171
        remote->fd = socket(remote->info->ai_family, remote->info->ai_socktype,
172
                            remote->info->ai_protocol);
173
        if (remote->fd < 0)
174
            return errno;
175

176
        i = connect(remote->fd, remote->info->ai_addr,
177
                    remote->info->ai_addrlen);
178
        if (i < 0) {
179
            i = errno;
180
            remote_disconnect(remote);
181
            return i;
182
        }
183
    }
184

185
    if (remote->io == NULL) {
186
        remote->io = verto_add_io(remote->vctx, FLAGS_BASE | flags,
187
                                  on_io, remote->fd);
188
        if (remote->io == NULL)
189
            return ENOMEM;
190
        verto_set_private(remote->io, remote, NULL);
191
    }
192

193
    curflags = verto_get_flags(remote->io);
194
    if ((curflags & flags) != flags)
195
        verto_set_flags(remote->io, FLAGS_BASE | curflags | flags);
196

197
    return 0;
198
}
199

200
/* Remove the specified flags to the remote. This automatically manages the
201
 * lifecycle of the underlying event. */
202
static void
203
remote_del_flags(krad_remote *remote, verto_ev_flag flags)
204
{
205
    if (remote == NULL || remote->io == NULL)
206
        return;
207

208
    flags = verto_get_flags(remote->io) & (FLAGS_READ | FLAGS_WRITE) & ~flags;
209
    if (flags == FLAGS_NONE) {
210
        verto_del(remote->io);
211
        remote->io = NULL;
212
        return;
213
    }
214

215
    verto_set_flags(remote->io, FLAGS_BASE | flags);
216
}
217

218
/* Close the connection and start the timers of all outstanding requests. */
219
static void
220
remote_shutdown(krad_remote *rr)
221
{
222
    krb5_error_code retval;
223
    request *r, *next;
224

225
    remote_disconnect(rr);
226

227
    /* Start timers for all unsent packets. */
228
    K5_TAILQ_FOREACH_SAFE(r, &rr->list, list, next) {
229
        if (r->timer == NULL) {
230
            retval = request_start_timer(r, rr->vctx);
231
            if (retval != 0)
232
                request_finish(r, retval, NULL);
233
        }
234
    }
235
}
236

237
/* Handle when packets receive no response within their allotted time. */
238
static void
239
on_timeout(verto_ctx *ctx, verto_ev *ev)
240
{
241
    request *req = verto_get_private(ev);
242
    krb5_error_code retval = ETIMEDOUT;
243

244
    req->timer = NULL;          /* Void the timer event. */
245

246
    /* If we have more retries to perform, resend the packet. */
247
    if (req->retries-- > 0) {
248
        req->sent = 0;
249
        retval = remote_add_flags(req->rr, FLAGS_WRITE);
250
        if (retval == 0)
251
            return;
252
    }
253

254
    request_finish(req, retval, NULL);
255
}
256

257
/* Write data to the socket. */
258
static void
259
on_io_write(krad_remote *rr)
260
{
261
    const krb5_data *tmp;
262
    ssize_t written;
263
    request *r;
264

265
    K5_TAILQ_FOREACH(r, &rr->list, list) {
266
        tmp = krad_packet_encode(r->request);
267

268
        /* If the packet has already been sent, do nothing. */
269
        if (r->sent == tmp->length)
270
            continue;
271

272
        /* Send the packet. */
273
        written = sendto(verto_get_fd(rr->io), tmp->data + r->sent,
274
                         tmp->length - r->sent, 0, NULL, 0);
275
        if (written < 0) {
276
            /* Should we try again? */
277
            if (errno == EWOULDBLOCK || errno == EAGAIN || errno == ENOBUFS ||
278
                errno == EINTR)
279
                return;
280

281
            /* This error can't be worked around. */
282
            remote_shutdown(rr);
283
            return;
284
        }
285

286
        /* If the packet was completely sent, set a timeout. */
287
        r->sent += written;
288
        if (r->sent == tmp->length) {
289
            if (request_start_timer(r, rr->vctx) != 0) {
290
                request_finish(r, ENOMEM, NULL);
291
                return;
292
            }
293

294
            if (remote_add_flags(rr, FLAGS_READ) != 0) {
295
                remote_shutdown(rr);
296
                return;
297
            }
298
        }
299

300
        return;
301
    }
302

303
    remote_del_flags(rr, FLAGS_WRITE);
304
    return;
305
}
306

307
/* Read data from the socket. */
308
static void
309
on_io_read(krad_remote *rr)
310
{
311
    const krad_packet *req = NULL;
312
    krad_packet *rsp = NULL;
313
    krb5_error_code retval;
314
    ssize_t pktlen;
315
    request *tmp, *r;
316
    int i;
317

318
    pktlen = sizeof(rr->buffer_) - rr->buffer.length;
319
    if (rr->info->ai_socktype == SOCK_STREAM) {
320
        pktlen = krad_packet_bytes_needed(&rr->buffer);
321
        if (pktlen < 0) {
322
            /* If we received a malformed packet on a stream socket,
323
             * assume the socket to be unrecoverable. */
324
            remote_shutdown(rr);
325
            return;
326
        }
327
    }
328

329
    /* Read the packet. */
330
    i = recv(verto_get_fd(rr->io), rr->buffer.data + rr->buffer.length,
331
             pktlen, 0);
332

333
    /* On these errors, try again. */
334
    if (i < 0 && (errno == EWOULDBLOCK || errno == EAGAIN || errno == EINTR))
335
        return;
336

337
    /* On any other errors or on EOF, the socket is unrecoverable. */
338
    if (i <= 0) {
339
        remote_shutdown(rr);
340
        return;
341
    }
342

343
    /* If we have a partial read or just the header, try again. */
344
    rr->buffer.length += i;
345
    pktlen = krad_packet_bytes_needed(&rr->buffer);
346
    if (rr->info->ai_socktype == SOCK_STREAM && pktlen > 0)
347
        return;
348

349
    /* Decode the packet. */
350
    tmp = K5_TAILQ_FIRST(&rr->list);
351
    retval = krad_packet_decode_response(rr->kctx, rr->secret, &rr->buffer,
352
                                         iterator, &tmp, &req, &rsp);
353
    rr->buffer.length = 0;
354
    if (retval != 0)
355
        return;
356

357
    /* Match the response with an outstanding request. */
358
    if (req != NULL) {
359
        K5_TAILQ_FOREACH(r, &rr->list, list) {
360
            if (r->request == req &&
361
                r->sent == krad_packet_encode(req)->length) {
362
                request_finish(r, 0, rsp);
363
                break;
364
            }
365
        }
366
    }
367

368
    krad_packet_free(rsp);
369
}
370

371
/* Handle when IO is ready on the socket. */
372
static void
373
on_io(verto_ctx *ctx, verto_ev *ev)
374
{
375
    krad_remote *rr;
376

377
    rr = verto_get_private(ev);
378

379
    if (verto_get_fd_state(ev) & VERTO_EV_FLAG_IO_WRITE)
380
        on_io_write(rr);
381
    else
382
        on_io_read(rr);
383
}
384

385
krb5_error_code
386
kr_remote_new(krb5_context kctx, verto_ctx *vctx, const struct addrinfo *info,
387
              const char *secret, krad_remote **rr)
388
{
389
    krb5_error_code retval = ENOMEM;
390
    krad_remote *tmp = NULL;
391

392
    tmp = calloc(1, sizeof(krad_remote));
393
    if (tmp == NULL)
394
        goto error;
395
    tmp->kctx = kctx;
396
    tmp->vctx = vctx;
397
    tmp->buffer = make_data(tmp->buffer_, 0);
398
    K5_TAILQ_INIT(&tmp->list);
399
    tmp->fd = -1;
400

401
    tmp->secret = strdup(secret);
402
    if (tmp->secret == NULL)
403
        goto error;
404

405
    tmp->info = k5memdup(info, sizeof(*info), &retval);
406
    if (tmp->info == NULL)
407
        goto error;
408

409
    tmp->info->ai_addr = k5memdup(info->ai_addr, info->ai_addrlen, &retval);
410
    if (tmp->info == NULL)
411
        goto error;
412
    tmp->info->ai_next = NULL;
413
    tmp->info->ai_canonname = NULL;
414

415
    *rr = tmp;
416
    return 0;
417

418
error:
419
    kr_remote_free(tmp);
420
    return retval;
421
}
422

423
void
424
kr_remote_cancel_all(krad_remote *rr)
425
{
426
    while (!K5_TAILQ_EMPTY(&rr->list))
427
        request_finish(K5_TAILQ_FIRST(&rr->list), ECANCELED, NULL);
428
}
429

430
void
431
kr_remote_free(krad_remote *rr)
432
{
433
    if (rr == NULL)
434
        return;
435

436
    kr_remote_cancel_all(rr);
437
    free(rr->secret);
438
    if (rr->info != NULL)
439
        free(rr->info->ai_addr);
440
    free(rr->info);
441
    remote_disconnect(rr);
442
    free(rr);
443
}
444

445
krb5_error_code
446
kr_remote_send(krad_remote *rr, krad_code code, krad_attrset *attrs,
447
               krad_cb cb, void *data, int timeout, size_t retries,
448
               const krad_packet **pkt)
449
{
450
    krad_packet *tmp = NULL;
451
    krb5_error_code retval;
452
    request *r, *new_request = NULL;
453

454
    if (rr->info->ai_socktype == SOCK_STREAM)
455
        retries = 0;
456

457
    r = K5_TAILQ_FIRST(&rr->list);
458
    retval = krad_packet_new_request(rr->kctx, rr->secret, code, attrs,
459
                                     iterator, &r, &tmp);
460
    if (retval != 0)
461
        goto error;
462

463
    K5_TAILQ_FOREACH(r, &rr->list, list) {
464
        if (r->request == tmp) {
465
            retval = EALREADY;
466
            goto error;
467
        }
468
    }
469

470
    timeout = timeout / (retries + 1);
471
    retval = request_new(rr, tmp, timeout, retries, cb, data, &new_request);
472
    if (retval != 0)
473
        goto error;
474

475
    retval = remote_add_flags(rr, FLAGS_WRITE);
476
    if (retval != 0)
477
        goto error;
478

479
    K5_TAILQ_INSERT_TAIL(&rr->list, new_request, list);
480
    if (pkt != NULL)
481
        *pkt = tmp;
482
    return 0;
483

484
error:
485
    free(new_request);
486
    krad_packet_free(tmp);
487
    return retval;
488
}
489

490
void
491
kr_remote_cancel(krad_remote *rr, const krad_packet *pkt)
492
{
493
    request *r;
494

495
    K5_TAILQ_FOREACH(r, &rr->list, list) {
496
        if (r->request == pkt) {
497
            request_finish(r, ECANCELED, NULL);
498
            return;
499
        }
500
    }
501
}
502

503
krb5_boolean
504
kr_remote_equals(const krad_remote *rr, const struct addrinfo *info,
505
                 const char *secret)
506
{
507
    struct sockaddr_un *a, *b;
508

509
    if (strcmp(rr->secret, secret) != 0)
510
        return FALSE;
511

512
    if (info->ai_addrlen != rr->info->ai_addrlen)
513
        return FALSE;
514

515
    if (info->ai_family != rr->info->ai_family)
516
        return FALSE;
517

518
    if (info->ai_socktype != rr->info->ai_socktype)
519
        return FALSE;
520

521
    if (info->ai_protocol != rr->info->ai_protocol)
522
        return FALSE;
523

524
    if (info->ai_flags != rr->info->ai_flags)
525
        return FALSE;
526

527
    if (memcmp(rr->info->ai_addr, info->ai_addr, info->ai_addrlen) != 0) {
528
        /* AF_UNIX fails the memcmp() test due to uninitialized bytes after the
529
         * socket name. */
530
        if (info->ai_family != AF_UNIX)
531
            return FALSE;
532

533
        a = (struct sockaddr_un *)info->ai_addr;
534
        b = (struct sockaddr_un *)rr->info->ai_addr;
535
        if (strncmp(a->sun_path, b->sun_path, sizeof(a->sun_path)) != 0)
536
            return FALSE;
537
    }
538

539
    return TRUE;
540
}
541

542