2 * Socket functions used in rsync.
4 * Copyright (C) 1992-2001 Andrew Tridgell <tridge@samba.org>
5 * Copyright (C) 2001, 2002 Martin Pool <mbp@samba.org>
6 * Copyright (C) 2003-2020 Wayne Davison
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, visit the http://fsf.org website.
22 /* This file is now converted to use the new-style getaddrinfo()
23 * interface, which supports IPv6 but is also supported on recent
24 * IPv4-only machines. On systems that don't have that interface, we
25 * emulate it using the KAME implementation. */
30 #ifdef HAVE_NETINET_IN_SYSTM_H
31 #include <netinet/in_systm.h>
33 #ifdef HAVE_NETINET_IP_H
34 #include <netinet/ip.h>
36 #include <netinet/tcp.h>
38 extern char *bind_address
;
39 extern char *sockopts
;
40 extern int default_af_hint
;
41 extern int connect_timeout
;
42 extern int pid_file_fd
;
45 static struct sigaction sigact
;
48 static int sock_exec(const char *prog
);
50 /* Establish a proxy connection on an open socket to a web proxy by using the
51 * CONNECT method. If proxy_user and proxy_pass are not NULL, they are used to
52 * authenticate to the proxy using the "Basic" proxy-authorization protocol. */
53 static int establish_proxy_connection(int fd
, char *host
, int port
, char *proxy_user
, char *proxy_pass
)
55 char *cp
, buffer
[1024];
56 char *authhdr
, authbuf
[1024];
59 if (proxy_user
&& proxy_pass
) {
60 stringjoin(buffer
, sizeof buffer
,
61 proxy_user
, ":", proxy_pass
, NULL
);
64 if ((len
*8 + 5) / 6 >= (int)sizeof authbuf
- 3) {
66 "authentication information is too long\n");
70 base64_encode(buffer
, len
, authbuf
, 1);
71 authhdr
= "\r\nProxy-Authorization: Basic ";
77 len
= snprintf(buffer
, sizeof buffer
, "CONNECT %s:%d HTTP/1.0%s%s\r\n\r\n", host
, port
, authhdr
, authbuf
);
78 assert(len
> 0 && len
< (int)sizeof buffer
);
79 if (write(fd
, buffer
, len
) != len
) {
80 rsyserr(FERROR
, errno
, "failed to write to proxy");
84 for (cp
= buffer
; cp
< &buffer
[sizeof buffer
- 1]; cp
++) {
85 if (read(fd
, cp
, 1) != 1) {
86 rsyserr(FERROR
, errno
, "failed to read from proxy");
98 if (strncmp(buffer
, "HTTP/", 5) != 0) {
99 rprintf(FERROR
, "bad response from proxy -- %s\n",
103 for (cp
= &buffer
[5]; isDigit(cp
) || *cp
== '.'; cp
++) {}
107 rprintf(FERROR
, "bad response from proxy -- %s\n",
111 /* throw away the rest of the HTTP header */
113 for (cp
= buffer
; cp
< &buffer
[sizeof buffer
- 1]; cp
++) {
114 if (read(fd
, cp
, 1) != 1) {
115 rsyserr(FERROR
, errno
,
116 "failed to read from proxy");
122 if (cp
> buffer
&& *cp
== '\n')
124 if (cp
== buffer
&& (*cp
== '\n' || *cp
== '\r'))
131 /* Try to set the local address for a newly-created socket.
132 * Return -1 if this fails. */
133 int try_bind_local(int s
, int ai_family
, int ai_socktype
,
134 const char *bind_addr
)
137 struct addrinfo bhints
, *bres_all
, *r
;
139 memset(&bhints
, 0, sizeof bhints
);
140 bhints
.ai_family
= ai_family
;
141 bhints
.ai_socktype
= ai_socktype
;
142 bhints
.ai_flags
= AI_PASSIVE
;
143 if ((error
= getaddrinfo(bind_addr
, NULL
, &bhints
, &bres_all
))) {
144 rprintf(FERROR
, RSYNC_NAME
": getaddrinfo %s: %s\n",
145 bind_addr
, gai_strerror(error
));
149 for (r
= bres_all
; r
; r
= r
->ai_next
) {
150 if (bind(s
, r
->ai_addr
, r
->ai_addrlen
) == -1)
152 freeaddrinfo(bres_all
);
156 /* no error message; there might be some problem that allows
157 * creation of the socket but not binding, perhaps if the
158 * machine has no ipv6 address of this name. */
159 freeaddrinfo(bres_all
);
163 /* connect() timeout handler based on alarm() */
164 static void contimeout_handler(UNUSED(int val
))
166 connect_timeout
= -1;
169 /* Open a socket to a tcp remote host with the specified port.
171 * Based on code from Warren. Proxy support by Stephen Rothwell.
172 * getaddrinfo() rewrite contributed by KAME.net.
174 * Now that we support IPv6 we need to look up the remote machine's address
175 * first, using af_hint to set a preference for the type of address. Then
176 * depending on whether it has v4 or v6 addresses we try to open a connection.
178 * The loop allows for machines with some addresses which may not be reachable,
179 * perhaps because we can't e.g. route ipv6 to that network but we can get ip4
182 * bind_addr: local address to use. Normally NULL to bind the wildcard address.
184 * af_hint: address family, e.g. AF_INET or AF_INET6. */
185 int open_socket_out(char *host
, int port
, const char *bind_addr
, int af_hint
)
187 int type
= SOCK_STREAM
;
188 int error
, s
, j
, addr_cnt
, *errnos
;
189 struct addrinfo hints
, *res0
, *res
;
194 char *proxy_user
= NULL
, *proxy_pass
= NULL
;
196 /* if we have a RSYNC_PROXY env variable then redirect our
197 * connection via a web proxy at the given address. */
198 h
= getenv("RSYNC_PROXY");
199 proxied
= h
!= NULL
&& *h
!= '\0';
202 strlcpy(buffer
, h
, sizeof buffer
);
204 /* Is the USER:PASS@ prefix present? */
205 if ((cp
= strrchr(buffer
, '@')) != NULL
) {
207 /* The remainder is the HOST:PORT part. */
210 if ((cp
= strchr(buffer
, ':')) == NULL
) {
212 "invalid proxy specification: should be USER:PASS@HOST:PORT\n");
220 /* The whole buffer is the HOST:PORT part. */
224 if ((cp
= strchr(h
, ':')) == NULL
) {
226 "invalid proxy specification: should be HOST:PORT\n");
230 strlcpy(portbuf
, cp
, sizeof portbuf
);
231 if (DEBUG_GTE(CONNECT
, 1)) {
232 rprintf(FINFO
, "connection via http proxy %s port %s\n",
236 snprintf(portbuf
, sizeof portbuf
, "%d", port
);
240 memset(&hints
, 0, sizeof hints
);
241 hints
.ai_family
= af_hint
;
242 hints
.ai_socktype
= type
;
243 error
= getaddrinfo(h
, portbuf
, &hints
, &res0
);
245 rprintf(FERROR
, RSYNC_NAME
": getaddrinfo: %s %s: %s\n",
246 h
, portbuf
, gai_strerror(error
));
250 for (res
= res0
, addr_cnt
= 0; res
; res
= res
->ai_next
, addr_cnt
++) {}
251 errnos
= new_array0(int, addr_cnt
);
254 /* Try to connect to all addresses for this machine until we get
255 * through. It might e.g. be multi-homed, or have both IPv4 and IPv6
256 * addresses. We need to create a socket for each record, since the
257 * address record tells us what protocol to use to try to connect. */
258 for (res
= res0
, j
= 0; res
; res
= res
->ai_next
, j
++) {
259 s
= socket(res
->ai_family
, res
->ai_socktype
, res
->ai_protocol
);
264 && try_bind_local(s
, res
->ai_family
, type
,
270 if (connect_timeout
> 0) {
271 SIGACTION(SIGALRM
, contimeout_handler
);
272 alarm(connect_timeout
);
275 set_socket_options(s
, sockopts
);
276 while (connect(s
, res
->ai_addr
, res
->ai_addrlen
) < 0) {
277 if (connect_timeout
< 0)
278 exit_cleanup(RERR_CONTIMEOUT
);
286 if (connect_timeout
> 0)
294 if (proxied
&& establish_proxy_connection(s
, host
, port
, proxy_user
, proxy_pass
) != 0) {
299 if (DEBUG_GTE(CONNECT
, 2)) {
301 if ((error
= getnameinfo(res
->ai_addr
, res
->ai_addrlen
, buf
, sizeof buf
, NULL
, 0, NI_NUMERICHOST
)) != 0)
302 snprintf(buf
, sizeof buf
, "*getnameinfo failure: %s*", gai_strerror(error
));
303 rprintf(FINFO
, "Connected to %s (%s)\n", h
, buf
);
308 if (s
< 0 || DEBUG_GTE(CONNECT
, 2)) {
310 for (res
= res0
, j
= 0; res
; res
= res
->ai_next
, j
++) {
313 if ((error
= getnameinfo(res
->ai_addr
, res
->ai_addrlen
, buf
, sizeof buf
, NULL
, 0, NI_NUMERICHOST
)) != 0)
314 snprintf(buf
, sizeof buf
, "*getnameinfo failure: %s*", gai_strerror(error
));
315 rsyserr(FERROR
, errnos
[j
], "failed to connect to %s (%s)", h
, buf
);
328 /* Open an outgoing socket, but allow for it to be intercepted by
329 * $RSYNC_CONNECT_PROG, which will execute a program across a TCP
330 * socketpair rather than really opening a socket.
332 * We use this primarily in testing to detect TCP flow bugs, but not
333 * cause security problems by really opening remote connections.
335 * This is based on the Samba LIBSMB_PROG feature.
337 * bind_addr: local address to use. Normally NULL to get the stack default. */
338 int open_socket_out_wrapped(char *host
, int port
, const char *bind_addr
, int af_hint
)
340 char *prog
= getenv("RSYNC_CONNECT_PROG");
342 if (prog
&& strchr(prog
, '%')) {
343 int hlen
= strlen(host
);
344 int len
= strlen(prog
) + 1;
346 for (f
= prog
; *f
; f
++) {
349 /* Compute more than enough room. */
356 prog
= new_array(char, len
);
357 for (t
= prog
; *f
; f
++) {
361 /* Just skips the extra '%'. */
364 memcpy(t
, host
, hlen
);
368 f
--; /* pass % through */
377 if (DEBUG_GTE(CONNECT
, 1)) {
378 rprintf(FINFO
, "%sopening tcp connection to %s port %d\n",
379 prog
? "Using RSYNC_CONNECT_PROG instead of " : "",
383 return sock_exec(prog
);
384 return open_socket_out(host
, port
, bind_addr
, af_hint
);
388 /* Open one or more sockets for incoming data using the specified type,
391 * The getaddrinfo() call may return several address results, e.g. for
392 * the machine's IPv4 and IPv6 name.
394 * We return an array of file-descriptors to the sockets, with a trailing
395 * -1 value to indicate the end of the list.
397 * bind_addr: local address to bind, or NULL to allow it to default. */
398 static int *open_socket_in(int type
, int port
, const char *bind_addr
,
402 int s
, *socks
, maxs
, i
, ecnt
;
403 struct addrinfo hints
, *all_ai
, *resp
;
404 char portbuf
[10], **errmsgs
;
407 memset(&hints
, 0, sizeof hints
);
408 hints
.ai_family
= af_hint
;
409 hints
.ai_socktype
= type
;
410 hints
.ai_flags
= AI_PASSIVE
;
411 snprintf(portbuf
, sizeof portbuf
, "%d", port
);
412 error
= getaddrinfo(bind_addr
, portbuf
, &hints
, &all_ai
);
414 rprintf(FERROR
, RSYNC_NAME
": getaddrinfo: bind address %s: %s\n",
415 bind_addr
, gai_strerror(error
));
419 /* Count max number of sockets we might open. */
420 for (maxs
= 0, resp
= all_ai
; resp
; resp
= resp
->ai_next
, maxs
++) {}
422 socks
= new_array(int, maxs
+ 1);
423 errmsgs
= new_array(char *, maxs
);
425 /* We may not be able to create the socket, if for example the
426 * machine knows about IPv6 in the C library, but not in the
428 for (resp
= all_ai
, i
= ecnt
= 0; resp
; resp
= resp
->ai_next
) {
429 s
= socket(resp
->ai_family
, resp
->ai_socktype
,
433 int r
= asprintf(&errmsgs
[ecnt
++],
434 "socket(%d,%d,%d) failed: %s\n",
435 (int)resp
->ai_family
, (int)resp
->ai_socktype
,
436 (int)resp
->ai_protocol
, strerror(errno
));
438 out_of_memory("open_socket_in");
439 /* See if there's another address that will work... */
443 setsockopt(s
, SOL_SOCKET
, SO_REUSEADDR
,
444 (char *)&one
, sizeof one
);
446 set_socket_options(s
, sockopts
);
448 set_socket_options(s
, lp_socket_options());
451 if (resp
->ai_family
== AF_INET6
) {
452 if (setsockopt(s
, IPPROTO_IPV6
, IPV6_V6ONLY
, (char *)&one
, sizeof one
) < 0
453 && default_af_hint
!= AF_INET6
) {
460 /* Now we've got a socket - we need to bind it. */
461 if (bind(s
, resp
->ai_addr
, resp
->ai_addrlen
) < 0) {
462 /* Nope, try another */
463 int r
= asprintf(&errmsgs
[ecnt
++],
464 "bind() failed: %s (address-family %d)\n",
465 strerror(errno
), (int)resp
->ai_family
);
467 out_of_memory("open_socket_in");
477 freeaddrinfo(all_ai
);
479 /* Only output the socket()/bind() messages if we were totally
480 * unsuccessful, or if the daemon is being run with -vv. */
481 for (s
= 0; s
< ecnt
; s
++) {
482 if (!i
|| DEBUG_GTE(BIND
, 1))
483 rwrite(FLOG
, errmsgs
[s
], strlen(errmsgs
[s
]), 0);
490 "unable to bind any inbound sockets on port %d\n",
499 /* Determine if a file descriptor is in fact a socket. */
500 int is_a_socket(int fd
)
503 socklen_t l
= sizeof (int);
505 /* Parameters to getsockopt, setsockopt etc are very
506 * unstandardized across platforms, so don't be surprised if
507 * there are compiler warnings on e.g. SCO OpenSwerver or AIX.
508 * It seems they all eventually get the right idea.
510 * Debian says: ``The fifth argument of getsockopt and
511 * setsockopt is in reality an int [*] (and this is what BSD
512 * 4.* and libc4 and libc5 have). Some POSIX confusion
513 * resulted in the present socklen_t. The draft standard has
514 * not been adopted yet, but glibc2 already follows it and
515 * also has socklen_t [*]. See also accept(2).''
517 * We now return to your regularly scheduled programming. */
518 return getsockopt(fd
, SOL_SOCKET
, SO_TYPE
, (char *)&v
, &l
) == 0;
522 static void sigchld_handler(UNUSED(int val
))
525 while (waitpid(-1, NULL
, WNOHANG
) > 0) {}
527 #ifndef HAVE_SIGACTION
528 signal(SIGCHLD
, sigchld_handler
);
533 void start_accept_loop(int port
, int (*fn
)(int, int))
538 #ifdef HAVE_SIGACTION
539 sigact
.sa_flags
= SA_NOCLDSTOP
;
542 /* open an incoming socket */
543 sp
= open_socket_in(SOCK_STREAM
, port
, bind_address
, default_af_hint
);
545 exit_cleanup(RERR_SOCKETIO
);
547 /* ready to listen */
549 for (i
= 0, maxfd
= -1; sp
[i
] >= 0; i
++) {
550 if (listen(sp
[i
], lp_listen_backlog()) < 0) {
551 rsyserr(FERROR
, errno
, "listen() on socket failed");
553 if (errno
== EADDRINUSE
&& i
> 0) {
554 rprintf(FINFO
, "Try using --ipv4 or --ipv6 to avoid this listen() error.\n");
557 exit_cleanup(RERR_SOCKETIO
);
559 FD_SET(sp
[i
], &deffds
);
564 /* now accept incoming connections - forking a new process
565 * for each incoming connection */
570 struct sockaddr_storage addr
;
571 socklen_t addrlen
= sizeof addr
;
573 /* close log file before the potentially very long select so
574 * file can be trimmed by another process instead of growing
579 FD_COPY(&deffds
, &fds
);
584 if (select(maxfd
+ 1, &fds
, NULL
, NULL
, NULL
) < 1)
587 for (i
= 0, fd
= -1; sp
[i
] >= 0; i
++) {
588 if (FD_ISSET(sp
[i
], &fds
)) {
589 fd
= accept(sp
[i
], (struct sockaddr
*)&addr
, &addrlen
);
597 SIGACTION(SIGCHLD
, sigchld_handler
);
599 if ((pid
= fork()) == 0) {
601 if (pid_file_fd
>= 0)
603 for (i
= 0; sp
[i
] >= 0; i
++)
605 /* Re-open log file in child before possibly giving
606 * up privileges (see logfile_close() above). */
611 } else if (pid
< 0) {
612 rsyserr(FERROR
, errno
,
613 "could not create child server process");
615 /* This might have happened because we're
616 * overloaded. Sleep briefly before trying to
620 /* Parent doesn't need this fd anymore. */
627 enum SOCK_OPT_TYPES
{OPT_BOOL
,OPT_INT
,OPT_ON
};
636 } socket_options
[] = {
637 {"SO_KEEPALIVE", SOL_SOCKET
, SO_KEEPALIVE
, 0, OPT_BOOL
},
638 {"SO_REUSEADDR", SOL_SOCKET
, SO_REUSEADDR
, 0, OPT_BOOL
},
640 {"SO_BROADCAST", SOL_SOCKET
, SO_BROADCAST
, 0, OPT_BOOL
},
643 {"TCP_NODELAY", IPPROTO_TCP
, TCP_NODELAY
, 0, OPT_BOOL
},
645 #ifdef IPTOS_LOWDELAY
646 {"IPTOS_LOWDELAY", IPPROTO_IP
, IP_TOS
, IPTOS_LOWDELAY
, OPT_ON
},
648 #ifdef IPTOS_THROUGHPUT
649 {"IPTOS_THROUGHPUT", IPPROTO_IP
, IP_TOS
, IPTOS_THROUGHPUT
, OPT_ON
},
652 {"SO_SNDBUF", SOL_SOCKET
, SO_SNDBUF
, 0, OPT_INT
},
655 {"SO_RCVBUF", SOL_SOCKET
, SO_RCVBUF
, 0, OPT_INT
},
658 {"SO_SNDLOWAT", SOL_SOCKET
, SO_SNDLOWAT
, 0, OPT_INT
},
661 {"SO_RCVLOWAT", SOL_SOCKET
, SO_RCVLOWAT
, 0, OPT_INT
},
664 {"SO_SNDTIMEO", SOL_SOCKET
, SO_SNDTIMEO
, 0, OPT_INT
},
667 {"SO_RCVTIMEO", SOL_SOCKET
, SO_RCVTIMEO
, 0, OPT_INT
},
673 /* Set user socket options. */
674 void set_socket_options(int fd
, char *options
)
678 if (!options
|| !*options
)
681 options
= strdup(options
);
683 for (tok
= strtok(options
, " \t,"); tok
; tok
= strtok(NULL
," \t,")) {
689 if ((p
= strchr(tok
,'='))) {
695 for (i
= 0; socket_options
[i
].name
; i
++) {
696 if (strcmp(socket_options
[i
].name
,tok
)==0)
700 if (!socket_options
[i
].name
) {
701 rprintf(FERROR
,"Unknown socket option %s\n",tok
);
705 switch (socket_options
[i
].opttype
) {
708 ret
= setsockopt(fd
,socket_options
[i
].level
,
709 socket_options
[i
].option
,
710 (char *)&value
, sizeof (int));
715 rprintf(FERROR
,"syntax error -- %s does not take a value\n",tok
);
718 int on
= socket_options
[i
].value
;
719 ret
= setsockopt(fd
,socket_options
[i
].level
,
720 socket_options
[i
].option
,
721 (char *)&on
, sizeof (int));
727 rsyserr(FERROR
, errno
,
728 "failed to set socket option %s", tok
);
736 /* This is like socketpair but uses tcp. The function guarantees that nobody
737 * else can attach to the socket, or if they do that this function fails and
738 * the socket gets closed. Returns 0 on success, -1 on failure. The resulting
739 * file descriptors are symmetrical. Currently only for RSYNC_CONNECT_PROG. */
740 static int socketpair_tcp(int fd
[2])
743 struct sockaddr_in sock
;
744 struct sockaddr_in sock2
;
745 socklen_t socklen
= sizeof sock
;
746 int connect_done
= 0;
748 fd
[0] = fd
[1] = listener
= -1;
750 memset(&sock
, 0, sizeof sock
);
752 if ((listener
= socket(PF_INET
, SOCK_STREAM
, 0)) == -1)
755 memset(&sock2
, 0, sizeof sock2
);
756 #ifdef HAVE_SOCKADDR_IN_LEN
757 sock2
.sin_len
= sizeof sock2
;
759 sock2
.sin_family
= PF_INET
;
760 sock2
.sin_addr
.s_addr
= htonl(INADDR_LOOPBACK
);
762 if (bind(listener
, (struct sockaddr
*)&sock2
, sizeof sock2
) != 0
763 || listen(listener
, 1) != 0
764 || getsockname(listener
, (struct sockaddr
*)&sock
, &socklen
) != 0
765 || (fd
[1] = socket(PF_INET
, SOCK_STREAM
, 0)) == -1)
768 set_nonblocking(fd
[1]);
770 sock
.sin_addr
.s_addr
= htonl(INADDR_LOOPBACK
);
772 if (connect(fd
[1], (struct sockaddr
*)&sock
, sizeof sock
) == -1) {
773 if (errno
!= EINPROGRESS
)
778 if ((fd
[0] = accept(listener
, (struct sockaddr
*)&sock2
, &socklen
)) == -1)
786 if (connect_done
== 0) {
787 if (connect(fd
[1], (struct sockaddr
*)&sock
, sizeof sock
) != 0 && errno
!= EISCONN
)
805 /* Run a program on a local tcp socket, so that we can talk to it's stdin and
806 * stdout. This is used to fake a connection to a daemon for testing -- not
807 * for the normal case of running SSH.
809 * Returns a socket which is attached to a subprocess running "prog". stdin and
810 * stdout are attached. stderr is left attached to the original stderr. */
811 static int sock_exec(const char *prog
)
816 if (socketpair_tcp(fd
) != 0) {
817 rsyserr(FERROR
, errno
, "socketpair_tcp failed");
820 if (DEBUG_GTE(CMD
, 1))
821 rprintf(FINFO
, "Running socket program: \"%s\"\n", prog
);
825 rsyserr(FERROR
, errno
, "fork");
826 exit_cleanup(RERR_IPC
);
831 if (dup2(fd
[1], STDIN_FILENO
) < 0
832 || dup2(fd
[1], STDOUT_FILENO
) < 0) {
833 fprintf(stderr
, "Failed to run \"%s\"\n", prog
);
836 exit(shell_exec(prog
));