*
* by Kern Sibbald
*
- * Adapted and enhanced for Bacula, originally written
+ * Adapted and enhanced for Bacula, originally written
* for inclusion in the Apcupsd package
*
* Version $Id$
*/
/*
- Copyright (C) 2000-2004 Kern Sibbald and John Walker
+ Copyright (C) 2000-2005 Kern Sibbald
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ version 2 as ammended with additional clauses defined in the
+ file LICENSE in the main source directory.
- This library is distributed in the hope that it will be useful,
+ This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free
- Software Foundation, Inc., 59 Temple Place, Suite 330, Boston,
- MA 02111-1307, USA.
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ the file LICENSE for additional details.
*/
#define socketClose(fd) close(fd)
#endif
+static pthread_mutex_t ip_mutex = PTHREAD_MUTEX_INITIALIZER;
/*
* Read a nbytes from the network.
{
int32_t nleft, nread;
+#ifdef HAVE_TLS
+ if (bsock->tls) {
+ /* TLS enabled */
+ return (tls_bsock_readn(bsock, ptr, nbytes));
+ }
+#endif /* HAVE_TLS */
+
nleft = nbytes;
while (nleft > 0) {
do {
nwritten = fwrite(ptr, 1, nbytes, bsock->spool_fd);
if (nwritten != nbytes) {
berrno be;
+ bsock->b_errno = errno;
Qmsg1(bsock->jcr, M_FATAL, 0, _("Attr spool write error. ERR=%s\n"),
be.strerror());
Dmsg2(400, "nwritten=%d nbytes=%d.\n", nwritten, nbytes);
+ errno = bsock->b_errno;
return -1;
}
return nbytes;
}
+
+#ifdef HAVE_TLS
+ if (bsock->tls) {
+ /* TLS enabled */
+ return (tls_bsock_writen(bsock, ptr, nbytes));
+ }
+#endif /* HAVE_TLS */
+
nleft = nbytes;
while (nleft > 0) {
do {
return nbytes - nleft;
}
-/*
+/*
* Receive a message from the other end. Each message consists of
* two packets. The first is a header that contains the size
* of the data that follows in the second packet.
* Returns number of bytes read (may return zero)
- * Returns -1 on signal (BNET_SIGNAL)
+ * Returns -1 on signal (BNET_SIGNAL)
* Returns -2 on hard end of file (BNET_HARDEOF)
* Returns -3 on error (BNET_ERROR)
*
* four return types:
* 1. Normal data
* 2. Signal including end of data stream
- * 3. Hard end of file
+ * 3. Hard end of file
* 4. Error
* Using is_bnet_stop() and is_bnet_error() you can figure this all out.
*/
ASSERT(bsock != NULL);
bsock->msg[0] = 0;
+ bsock->msglen = 0;
if (bsock->errors || bsock->terminated) {
return BNET_HARDEOF;
}
/*
- * Return 1 if there are errors on this bsock or it is closed,
+ * Return 1 if there are errors on this bsock or it is closed,
* i.e. stop communicating on this line.
*/
bool is_bnet_stop(BSOCK * bsock)
}
/*
- * Return number of errors on socket
+ * Return number of errors on socket
*/
int is_bnet_error(BSOCK * bsock)
{
+ errno = bsock->b_errno;
return bsock->errors;
}
* two network packets. The first is sends a 32 bit integer containing
* the length of the data packet which follows.
*
- * Returns: 0 on failure
- * 1 on success
+ * Returns: false on failure
+ * true on success
*/
bool bnet_send(BSOCK * bsock)
{
if (rc < 0) {
if (!bsock->suppress_error_msgs && !bsock->timed_out) {
Qmsg4(bsock->jcr, M_ERROR, 0,
- _("Write error sending to %s:%s:%d: ERR=%s\n"), bsock->who,
+ _("Write error sending len to %s:%s:%d: ERR=%s\n"), bsock->who,
bsock->host, bsock->port, bnet_strerror(bsock));
}
} else {
}
if (rc < 0) {
if (!bsock->suppress_error_msgs) {
- Qmsg4(bsock->jcr, M_ERROR, 0,
- _("Write error sending to %s:%s:%d: ERR=%s\n"), bsock->who,
+ Qmsg5(bsock->jcr, M_ERROR, 0,
+ _("Write error sending %d bytes to %s:%s:%d: ERR=%s\n"),
+ bsock->msglen, bsock->who,
bsock->host, bsock->port, bnet_strerror(bsock));
}
} else {
}
/*
- * Establish an SSL connection -- server side
- * Codes that ssl_need and ssl_has can take
- * BNET_SSL_NONE I cannot do ssl
- * BNET_SSL_OK I can do ssl, but it is not required on my end
- * BNET_SSL_REQUIRED ssl is required on my end
+ * Establish a TLS connection -- server side
+ * Returns: 1 on success
+ * 0 failure
*/
-int bnet_ssl_server(BSOCK * bsock, char *password, int ssl_need, int ssl_has)
+#ifdef HAVE_TLS
+int bnet_tls_server(TLS_CONTEXT *ctx, BSOCK * bsock, alist *verify_list)
{
- /* Check to see if what we need (ssl_need) corresponds to what he has (ssl_has) */
- /* The other side expects a response from us */
+ TLS_CONNECTION *tls;
+
+ tls = new_tls_connection(ctx, bsock->fd);
+ if (!tls) {
+ Qmsg0(bsock->jcr, M_FATAL, 0, _("TLS connection initialization failed.\n"));
+ return 0;
+ }
+
+ bsock->tls = tls;
+
+ /* Initiate TLS Negotiation */
+ if (!tls_bsock_accept(bsock)) {
+ Qmsg0(bsock->jcr, M_FATAL, 0, _("TLS Negotiation failed.\n"));
+ goto err;
+ }
+
+ if (verify_list) {
+ if (!tls_postconnect_verify_cn(tls, verify_list)) {
+ Qmsg1(bsock->jcr, M_FATAL, 0, _("TLS certificate verification failed."
+ " Peer certificate did not match a required commonName\n"),
+ bsock->host);
+ goto err;
+ }
+ }
+
return 1;
+
+err:
+ free_tls_connection(tls);
+ bsock->tls = NULL;
+ return 0;
}
/*
- * Establish an SSL connection -- client side
+ * Establish a TLS connection -- client side
+ * Returns: 1 on success
+ * 0 failure
*/
-int bnet_ssl_client(BSOCK * bsock, char *password, int ssl_need)
+int bnet_tls_client(TLS_CONTEXT *ctx, BSOCK * bsock)
{
- /* We are the client so we must wait for the server to notify us */
+ TLS_CONNECTION *tls;
+
+ tls = new_tls_connection(ctx, bsock->fd);
+ if (!tls) {
+ Qmsg0(bsock->jcr, M_FATAL, 0, _("TLS connection initialization failed.\n"));
+ return 0;
+ }
+
+ bsock->tls = tls;
+
+ /* Initiate TLS Negotiation */
+ if (!tls_bsock_connect(bsock)) {
+ goto err;
+ }
+
+ if (!tls_postconnect_verify_host(tls, bsock->host)) {
+ Qmsg1(bsock->jcr, M_FATAL, 0, _("TLS host certificate verification failed. Host %s did not match presented certificate\n"), bsock->host);
+ goto err;
+ }
+
return 1;
-}
+err:
+ free_tls_connection(tls);
+ bsock->tls = NULL;
+ return 0;
+}
+#endif /* HAVE_TLS */
/*
* Wait for a specified time for data to appear on
FD_SET((unsigned)bsock->fd, &fdset);
tv.tv_sec = sec;
tv.tv_usec = 0;
- for (;;) {
- switch (select(bsock->fd + 1, &fdset, NULL, NULL, &tv)) {
- case 0: /* timeout */
- bsock->b_errno = 0;
- return 0;
- case -1:
- bsock->b_errno = errno;
- return -1; /* error return */
- default:
- bsock->b_errno = 0;
- return 1;
- }
+ switch (select(bsock->fd + 1, &fdset, NULL, NULL, &tv)) {
+ case 0: /* timeout */
+ bsock->b_errno = 0;
+ return 0;
+ case -1:
+ bsock->b_errno = errno;
+ return -1; /* error return */
+ default:
+ bsock->b_errno = 0;
}
+ return 1;
}
#ifndef NETDB_INTERNAL
static const char *gethost_strerror()
{
const char *msg;
+ berrno be;
switch (h_errno) {
case NETDB_INTERNAL:
- msg = strerror(errno);
+ msg = be.strerror();
break;
case NETDB_SUCCESS:
msg = "No problem.";
}
-static pthread_mutex_t ip_mutex = PTHREAD_MUTEX_INITIALIZER;
static IPADDR *add_any(int family)
return addr_list;
}
-/*
+/*
* Open a TCP connection to the UPS network server
* Returns NULL
* Returns BSOCK * pointer on success
const char *errstr;
int save_errno = 0;
- /*
+ /*
* Fill in the structure serv_addr with the address of
* the server that we want to connect with.
*/
ipaddr->set_port_net(htons(port));
char allbuf[256 * 10];
char curbuf[256];
- Dmsg2(100, "Current %sAll %s\n",
- ipaddr->build_address_str(curbuf, sizeof(curbuf)),
+ Dmsg2(100, "Current %sAll %s\n",
+ ipaddr->build_address_str(curbuf, sizeof(curbuf)),
build_addresses_str(addr_list, allbuf, sizeof(allbuf)));
/* Open a TCP socket */
if ((sockfd = socket(ipaddr->get_family(), SOCK_STREAM, 0)) < 0) {
berrno be;
save_errno = errno;
*fatal = 1;
- Pmsg3(000, "Socket open error. proto=%d port=%d. ERR=%s\n",
+ Pmsg3(000, "Socket open error. proto=%d port=%d. ERR=%s\n",
ipaddr->get_family(), ipaddr->get_port_host_order(), be.strerror());
continue;
}
if (i < 0) {
i = 60 * 5; /* complain again in 5 minutes */
if (verbose)
- Qmsg4(jcr, M_WARNING, 0, "Could not connect to %s on %s:%d. ERR=%s\n\
-Retrying ...\n", name, host, port, be.strerror());
+ Qmsg4(jcr, M_WARNING, 0, "Could not connect to %s on %s:%d. ERR=%s\n"
+"Retrying ...\n", name, host, port, be.strerror());
}
bmicrosleep(retry_interval, 0);
max_retry_time -= retry_interval;
* Return the string for the error that occurred
* on the socket. Only the first error is retained.
*/
-char *bnet_strerror(BSOCK * bsock)
+const char *bnet_strerror(BSOCK * bsock)
{
- return strerror(bsock->b_errno);
+ berrno be;
+ if (bsock->errmsg == NULL) {
+ bsock->errmsg = get_pool_memory(PM_MESSAGE);
+ }
+ pm_strcpy(bsock->errmsg, be.strerror(bsock->b_errno));
+ return bsock->errmsg;
}
/*
return bnet_send(bs);
}
-/*
+/*
* Set the network buffer size, suggested size is in size.
* Actual size obtained is returned in bs->msglen
*
return false;
}
if (rw & BNET_SETBUF_READ) {
- while ((dbuf_size > TAPE_BSIZE) && (setsockopt(bs->fd, SOL_SOCKET,
+ while ((dbuf_size > TAPE_BSIZE) && (setsockopt(bs->fd, SOL_SOCKET,
SO_RCVBUF, (sockopt_val_t) & dbuf_size, sizeof(dbuf_size)) < 0)) {
berrno be;
Qmsg1(bs->jcr, M_ERROR, 0, _("sockopt error: %s\n"), be.strerror());
}
start_size = dbuf_size;
if (rw & BNET_SETBUF_WRITE) {
- while ((dbuf_size > TAPE_BSIZE) && (setsockopt(bs->fd, SOL_SOCKET,
+ while ((dbuf_size > TAPE_BSIZE) && (setsockopt(bs->fd, SOL_SOCKET,
SO_SNDBUF, (sockopt_val_t) & dbuf_size, sizeof(dbuf_size)) < 0)) {
berrno be;
Qmsg1(bs->jcr, M_ERROR, 0, _("sockopt error: %s\n"), be.strerror());
}
/*
- * Send a network "signal" to the other end
+ * Set socket non-blocking
+ * Returns previous socket flag
+ */
+int bnet_set_nonblocking (BSOCK *bsock) {
+#ifndef WIN32
+ int oflags;
+
+ /* Get current flags */
+ if((oflags = fcntl(bsock->fd, F_GETFL, 0)) < 0) {
+ berrno be;
+ Emsg1(M_ABORT, 0, "fcntl F_GETFL error. ERR=%s\n", be.strerror());
+ }
+
+ /* Set O_NONBLOCK flag */
+ if((fcntl(bsock->fd, F_SETFL, oflags|O_NONBLOCK)) < 0) {
+ berrno be;
+ Emsg1(M_ABORT, 0, "fcntl F_SETFL error. ERR=%s\n", be.strerror());
+ }
+
+ bsock->blocking = 0;
+ return oflags;
+#else
+ int flags;
+ u_long ioctlArg = 1;
+
+ flags = bsock->blocking;
+ ioctlsocket(bsock->fd, FIONBIO, &ioctlArg);
+ bsock->blocking = 0;
+
+ return (flags);
+#endif
+}
+
+/*
+ * Set socket blocking
+ * Returns previous socket flags
+ */
+int bnet_set_blocking (BSOCK *bsock) {
+#ifndef WIN32
+ int oflags;
+ /* Get current flags */
+ if((oflags = fcntl(bsock->fd, F_GETFL, 0)) < 0) {
+ berrno be;
+ Emsg1(M_ABORT, 0, "fcntl F_GETFL error. ERR=%s\n", be.strerror());
+ }
+
+ /* Set O_NONBLOCK flag */
+ if((fcntl(bsock->fd, F_SETFL, oflags & ~O_NONBLOCK)) < 0) {
+ berrno be;
+ Emsg1(M_ABORT, 0, "fcntl F_SETFL error. ERR=%s\n", be.strerror());
+ }
+
+ bsock->blocking = 1;
+ return (oflags);
+#else
+ int flags;
+ u_long ioctlArg = 0;
+
+ flags = bsock->blocking;
+ ioctlsocket(bsock->fd, FIONBIO, &ioctlArg);
+ bsock->blocking = 1;
+
+ return (flags);
+#endif
+}
+
+/*
+ * Restores socket flags
+ */
+void bnet_restore_blocking (BSOCK *bsock, int flags) {
+#ifndef WIN32
+ if((fcntl(bsock->fd, F_SETFL, flags)) < 0) {
+ berrno be;
+ Emsg1(M_ABORT, 0, "fcntl F_SETFL error. ERR=%s\n", be.strerror());
+ }
+
+ bsock->blocking = (flags & O_NONBLOCK);
+#else
+ u_long ioctlArg = flags;
+
+ ioctlsocket(bsock->fd, FIONBIO, &ioctlArg);
+ bsock->blocking = 1;
+#endif
+}
+
+
+/*
+ * Send a network "signal" to the other end
* This consists of sending a negative packet length
*
* Returns: false on failure
bool bnet_sig(BSOCK * bs, int sig)
{
bs->msglen = sig;
+ if (sig == BNET_TERMINATE) {
+ bs->suppress_error_msgs = true;
+ }
return bnet_send(bs);
}
case BNET_PROMPT:
return "BNET_PROMPT";
default:
- sprintf(buf, "Unknown sig %d", bs->msglen);
+ sprintf(buf, "Unknown sig %d", (int)bs->msglen);
return buf;
}
}
-/* Initialize internal socket structure.
+/* Initialize internal socket structure.
* This probably should be done in net_open
*/
BSOCK *init_bsock(JCR * jcr, int sockfd, const char *who, const char *host, int port,
BSOCK *bsock = (BSOCK *)malloc(sizeof(BSOCK));
memset(bsock, 0, sizeof(BSOCK));
bsock->fd = sockfd;
+ bsock->tls = NULL;
bsock->errors = 0;
+ bsock->blocking = 1;
bsock->msg = get_pool_memory(PM_MESSAGE);
bsock->errmsg = get_pool_memory(PM_MESSAGE);
bsock->who = bstrdup(who);
bsock->port = port;
memcpy(&bsock->client_addr, client_addr, sizeof(bsock->client_addr));
/*
- * ****FIXME**** reduce this to a few hours once
+ * ****FIXME**** reduce this to a few hours once
* heartbeats are implemented
*/
bsock->timeout = 60 * 60 * 6 * 24; /* 6 days timeout */
for (; bsock != NULL; bsock = next) {
next = bsock->next;
if (!bsock->duped) {
+#ifdef HAVE_TLS
+ /* Shutdown tls cleanly. */
+ if (bsock->tls) {
+ tls_bsock_shutdown(bsock);
+ free_tls_connection(bsock->tls);
+ bsock->tls = NULL;
+ }
+#endif /* HAVE_TLS */
if (bsock->timed_out) {
shutdown(bsock->fd, 2); /* discard any pending I/O */
}