preload/autossl/autossl.c

   1
   2 #include <stdio.h>
   3 #include <stdlib.h>
   4 #include <sys/types.h>
   5 #include <sys/socket.h>
   6 #include <netinet/in.h>
   7 #include <arpa/inet.h>
   8 #include <dlfcn.h>
   9 #include <errno.h>
  10 #include <unistd.h>
  11 #include <bsd/unistd.h>
  12
  13 void _autossl_ip_parse_error(const char* s, const size_t len)
  14 {
  15         fprintf(stderr, "autossl: failed to parse ip address '%.*s'\n", len, s);
  16 }
  17
  18 int connect(int sockfd, const struct sockaddr_in *orig_sockaddr, socklen_t addrlen)
  19 {
  20         char *upgrade_ip_str;
  21         struct in_addr upgrade_ip;
  22         char *upgrade_port_str;
  23         in_port_t upgrade_port = 0;
  24
  25         char *tls_cmd;
  26         #define IP_STR_LEN 39+1
  27         #define PORT_STR_LEN 5+1
  28         char connect_ip[IP_STR_LEN];
  29         char connect_port[PORT_STR_LEN];
  30
  31         char *next_separator;
  32         char *autossl_errno_str;
  33
  34         struct sockaddr_in to_sockaddr;
  35         int (*orig_connect)(int, const struct sockaddr_in *, socklen_t) = dlsym(RTLD_NEXT, "connect");
  36
  37
  38
  39         if(orig_sockaddr->sin_family != AF_INET) goto stdlib;
  40
  41         upgrade_port_str = getenv("AUTOSSL_UPGRADE_PORTS");
  42         if(upgrade_port_str == NULL) goto stdlib;
  43
  44
  45         int upgrade_port_matched = 0;
  46         next_separator = NULL;
  47
  48         do{
  49                 next_separator = strchrnul(upgrade_port_str, ' ');
  50                 upgrade_port = atoi(upgrade_port_str);
  51                 if(upgrade_port == 0) { fprintf(stderr, "autossl: failed to parse port number(s): %s\n", upgrade_port_str); goto error_case; }
  52                 if(upgrade_port == ntohs(orig_sockaddr->sin_port)) upgrade_port_matched = 1;
  53                 upgrade_port_str = (char*)(next_separator + 1);
  54         }
  55         while(!upgrade_port_matched && *next_separator != '\0');
  56
  57         if(!upgrade_port_matched) goto stdlib;
  58
  59         upgrade_ip_str = getenv("AUTOSSL_UPGRADE_IPS");
  60         if(upgrade_ip_str != NULL)
  61         {
  62                 int upgrade_ip_matched = 0;
  63                 char *next_separator = NULL;
  64
  65                 do{
  66                         next_separator = strchrnul(upgrade_ip_str, ' ');
  67                         if(inet_aton(upgrade_ip_str, &upgrade_ip) == 0)
  68                         {
  69                                 _autossl_ip_parse_error(upgrade_ip_str, next_separator - upgrade_ip_str);
  70                                 goto error_case;
  71                         }
  72                         if(ntohl(orig_sockaddr->sin_addr.s_addr) == ntohl(upgrade_ip.s_addr)) {
  73                                 upgrade_ip_matched = 1;
  74                         }
  75                         upgrade_ip_str = (char*)(next_separator + 1);
  76                 }
  77                 while(!upgrade_ip_matched && *next_separator != '\0');
  78
  79                 if(!upgrade_ip_matched) goto stdlib;
  80         }
  81
  82         tls_cmd = getenv("AUTOSSL_TLS_CMD");
  83         if(tls_cmd == NULL) goto stdlib;
  84
  85
  86         int sockpair[2];
  87         if(socketpair(AF_UNIX, SOCK_STREAM, 0, sockpair) == -1)
  88         {
  89                 perror("autossl: sockpair");
  90                 goto error_case;
  91         }
  92
  93         pid_t childpid = fork();
  94         if(childpid < 0)
  95         {
  96                 perror("autossl: fork");
  97                 goto error_case;
  98         }
  99         if(childpid == 0)
 100         {
 101                 /* save the ip and port we wanted to connect to as strings */
 102                 snprintf(connect_ip, IP_STR_LEN, "%s", inet_ntoa(orig_sockaddr->sin_addr));
 103                 snprintf(connect_port, PORT_STR_LEN, "%d", ntohs(orig_sockaddr->sin_port));
 104                 /* wire STDIO to the newly created socket */
 105                 dup2(sockpair[1], 0);
 106                 dup2(sockpair[1], 1);
 107                 /* leave stderr open */
 108                 /* close dangling files */
 109                 closefrom(3);
 110                 execlp(tls_cmd, tls_cmd, connect_ip, connect_port, NULL);
 111                 _exit(127);
 112         }
 113
 114         close(sockpair[1]);
 115         if(dup2(sockpair[0], sockfd) == -1)
 116         {
 117                 perror("autossl: dup2");
 118                 close(sockpair[0]);
 119                 goto error_case;
 120         }
 121
 122         if(!getenv("AUTOSSL_SILENT"))
 123                 fprintf(stderr, "autossl: redirecting %s:%d -> fd#%d\n", inet_ntoa(orig_sockaddr->sin_addr), ntohs(orig_sockaddr->sin_port), sockpair[0]);
 124
 125         /* the caller closes sockfd only, not sockpair[0], so unused open
 126         files may pile up eventually in long running programs. */
 127
 128         /* childpid process won't be reaped, so don't be scared on the
 129         zombie processes, they will be disappear as the main program exits. */
 130
 131         return 0;
 132
 133         error_case:
 134         autossl_errno_str = getenv("AUTOSSL_ERRNO");
 135         if(autossl_errno_str)
 136         {
 137                 errno = atoi(autossl_errno_str);
 138                 return -1;
 139         }
 140
 141         stdlib:
 142         return orig_connect(sockfd, orig_sockaddr, addrlen);
 143 }