1/* 2 Socket handling routines 3 Copyright (C) 1998-2009, Joe Orton <joe@manyfish.co.uk> 4 Copyright (C) 2004 Aleix Conchillo Flaque <aleix@member.fsf.org> 5 6 This library is free software; you can redistribute it and/or 7 modify it under the terms of the GNU Library General Public 8 License as published by the Free Software Foundation; either 9 version 2 of the License, or (at your option) any later version. 10 11 This library is distributed in the hope that it will be useful, 12 but WITHOUT ANY WARRANTY; without even the implied warranty of 13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 Library General Public License for more details. 15 16 You should have received a copy of the GNU Library General Public 17 License along with this library; if not, write to the Free 18 Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, 19 MA 02111-1307, USA 20*/ 21 22/* 23 portions were originally under GPL in Mutt, http://www.mutt.org/ 24 Relicensed under LGPL for neon, http://www.webdav.org/neon/ 25*/ 26 27#include "config.h" 28 29#include <sys/types.h> 30#ifdef HAVE_SYS_TIME_H 31#include <sys/time.h> 32#endif 33#include <sys/stat.h> 34#ifdef HAVE_SYS_SOCKET_H 35#include <sys/socket.h> 36#endif 37 38#ifdef NE_USE_POLL 39#include <sys/poll.h> 40#elif defined(HAVE_SYS_SELECT_H) 41#include <sys/select.h> 42#endif 43 44#ifdef HAVE_NETINET_IN_H 45#include <netinet/in.h> 46#endif 47#ifdef HAVE_NETINET_TCP_H 48#include <netinet/tcp.h> 49#endif 50#ifdef HAVE_ARPA_INET_H 51#include <arpa/inet.h> 52#endif 53#ifdef HAVE_NETDB_H 54#include <netdb.h> 55#endif 56 57#ifdef WIN32 58#include <winsock2.h> 59#include <stddef.h> 60#ifdef USE_GETADDRINFO 61#include <ws2tcpip.h> 62#include <wspiapi.h> 63#endif 64#endif 65 66#if defined(HAVE_OPENSSL) && defined(HAVE_LIMITS_H) 67#include <limits.h> /* for INT_MAX */ 68#endif 69#ifdef HAVE_STRING_H 70#include <string.h> 71#endif 72#ifdef HAVE_STRINGS_H 73#include <strings.h> 74#endif 75#ifdef HAVE_UNISTD_H 76#include <unistd.h> 77#endif 78#ifdef HAVE_SIGNAL_H 79#include <signal.h> 80#endif 81#ifdef HAVE_ERRNO_H 82#include <errno.h> 83#endif 84#ifdef HAVE_STDLIB_H 85#include <stdlib.h> 86#endif 87#ifdef HAVE_FCNTL_H 88#include <fcntl.h> 89#endif 90 91#ifdef HAVE_SOCKS_H 92#include <socks.h> 93#endif 94 95#ifdef HAVE_OPENSSL 96#include <openssl/ssl.h> 97#include <openssl/err.h> 98#include <openssl/pkcs12.h> /* for PKCS12_PBE_add */ 99#include <openssl/rand.h> 100#include <openssl/opensslv.h> /* for OPENSSL_VERSION_NUMBER */ 101#endif 102 103#ifdef HAVE_GNUTLS 104#include <gnutls/gnutls.h> 105#endif 106 107#define NE_INET_ADDR_DEFINED 108/* A slightly ugly hack: change the ne_inet_addr definition to be the 109 * real address type used. The API only exposes ne_inet_addr as a 110 * pointer to an opaque object, so this should be well-defined 111 * behaviour. It avoids the hassle of a real wrapper ne_inet_addr 112 * structure, or losing type-safety by using void *. */ 113#ifdef USE_GETADDRINFO 114typedef struct addrinfo ne_inet_addr; 115#else 116typedef struct in_addr ne_inet_addr; 117#endif 118 119#include "ne_privssl.h" /* MUST come after ne_inet_addr is defined */ 120 121/* To avoid doing AAAA queries unless absolutely necessary, either use 122 * AI_ADDRCONFIG where available, or a run-time check for working IPv6 123 * support; the latter is only known to work on Linux. */ 124#if defined(USE_GETADDRINFO) && !defined(USE_GAI_ADDRCONFIG) && defined(__linux__) 125#define USE_CHECK_IPV6 126#endif 127 128/* "Be Conservative In What You Build". */ 129#if defined(HAVE_FCNTL) && defined(O_NONBLOCK) && defined(F_SETFL) \ 130 && defined(HAVE_GETSOCKOPT) && defined(SO_ERROR) \ 131 && defined(HAVE_SOCKLEN_T) && defined(SOL_SOCKET) \ 132 && defined(EINPROGRESS) 133#define USE_NONBLOCKING_CONNECT 134#endif 135 136#include "ne_internal.h" 137#include "ne_utils.h" 138#include "ne_string.h" 139#include "ne_socket.h" 140#include "ne_alloc.h" 141#include "ne_sspi.h" 142 143#if defined(__BEOS__) && !defined(BONE_VERSION) 144/* pre-BONE */ 145#define ne_close(s) closesocket(s) 146#define ne_errno errno 147#elif defined(WIN32) 148#define ne_close(s) closesocket(s) 149#define ne_errno WSAGetLastError() 150#else /* really Unix! */ 151#define ne_close(s) close(s) 152#define ne_errno errno 153#endif 154 155#ifdef WIN32 156#define NE_ISRESET(e) ((e) == WSAECONNABORTED || (e) == WSAETIMEDOUT || \ 157 (e) == WSAECONNRESET || (e) == WSAENETRESET) 158#define NE_ISCLOSED(e) ((e) == WSAESHUTDOWN || (e) == WSAENOTCONN) 159#define NE_ISINTR(e) (0) 160#define NE_ISINPROGRESS(e) ((e) == WSAEWOULDBLOCK) /* says MSDN */ 161#else /* Unix */ 162/* Also treat ECONNABORTED and ENOTCONN as "connection reset" errors; 163 * both can be returned by Winsock-based sockets layers e.g. CygWin */ 164#ifndef ECONNABORTED 165#define ECONNABORTED ECONNRESET 166#endif 167#ifndef ENOTCONN 168#define ENOTCONN ECONNRESET 169#endif 170#define NE_ISRESET(e) ((e) == ECONNRESET || (e) == ECONNABORTED || (e) == ENOTCONN) 171#define NE_ISCLOSED(e) ((e) == EPIPE) 172#define NE_ISINTR(e) ((e) == EINTR) 173#define NE_ISINPROGRESS(e) ((e) == EINPROGRESS) 174#endif 175 176/* Socket read timeout */ 177#define SOCKET_READ_TIMEOUT 120 178/* Socket receive timeout*/ 179#define SOCKET_RECEIVE_TIMEOUT 30 180 181/* Critical I/O functions on a socket: useful abstraction for easily 182 * handling SSL I/O alongside raw socket I/O. */ 183struct iofns { 184 /* Read up to 'len' bytes into 'buf' from socket. Return <0 on 185 * error or EOF, or >0; number of bytes read. */ 186 ssize_t (*sread)(ne_socket *s, char *buf, size_t len); 187 /* Write up to 'len' bytes from 'buf' to socket. Return number of 188 * bytes written on success, or <0 on error. */ 189 ssize_t (*swrite)(ne_socket *s, const char *buf, size_t len); 190 /* Wait up to 'n' seconds for socket to become readable. Returns 191 * 0 when readable, otherwise NE_SOCK_TIMEOUT or NE_SOCK_ERROR. */ 192 int (*readable)(ne_socket *s, int n); 193 /* Write up to 'count' blocks described by 'vector' to socket. 194 * Return number of bytes written on success, or <0 on error. */ 195 ssize_t (*swritev)(ne_socket *s, const struct ne_iovec *vector, 196 int count); 197}; 198 199static const ne_inet_addr dummy_laddr; 200 201struct ne_socket_s { 202 int fd; 203 unsigned int lport; 204 const ne_inet_addr *laddr; 205 206 void *progress_ud; 207 int rdtimeout, cotimeout; /* timeouts */ 208 const struct iofns *ops; 209#ifdef NE_HAVE_SSL 210 ne_ssl_socket ssl; 211#endif 212 /* The read buffer: ->buffer stores byte which have been read; as 213 * these are consumed and passed back to the caller, bufpos 214 * advances through ->buffer. ->bufavail gives the number of 215 * bytes which remain to be consumed in ->buffer (from ->bufpos), 216 * and is hence always <= RDBUFSIZ. */ 217 char *bufpos; 218 size_t bufavail; 219#define RDBUFSIZ 4096 220 char buffer[RDBUFSIZ]; 221 /* Error string. */ 222 char error[192]; 223}; 224 225/* ne_sock_addr represents an Internet address. */ 226struct ne_sock_addr_s { 227#ifdef USE_GETADDRINFO 228 struct addrinfo *result, *cursor; 229#else 230 struct in_addr *addrs; 231 size_t cursor, count; 232#endif 233 int errnum; 234}; 235 236/* set_error: set socket error string to 'str'. */ 237#define set_error(s, str) ne_strnzcpy((s)->error, (str), sizeof (s)->error) 238 239/* set_strerror: set socket error to system error string for 'errnum' */ 240#ifdef WIN32 241/* Print system error message to given buffer. */ 242static void print_error(int errnum, char *buffer, size_t buflen) 243{ 244 if (FormatMessage (FORMAT_MESSAGE_FROM_SYSTEM 245 | FORMAT_MESSAGE_IGNORE_INSERTS, 246 NULL, (DWORD) errnum, 0, 247 buffer, buflen, NULL) == 0) 248 ne_snprintf(buffer, buflen, "Socket error %d", errnum); 249} 250#define set_strerror(s, e) print_error((e), (s)->error, sizeof (s)->error) 251#else /* not WIN32 */ 252#define set_strerror(s, e) ne_strerror((e), (s)->error, sizeof (s)->error) 253#endif 254 255#ifdef HAVE_OPENSSL 256/* Seed the SSL PRNG, if necessary; returns non-zero on failure. */ 257static int seed_ssl_prng(void) 258{ 259 /* Check whether the PRNG has already been seeded. */ 260 if (RAND_status() == 1) 261 return 0; 262 263#if defined(EGD_PATH) 264 NE_DEBUG(NE_DBG_SOCKET, "Seeding PRNG from " EGD_PATH "...\n"); 265 if (RAND_egd(EGD_PATH) != -1) 266 return 0; 267#elif defined(ENABLE_EGD) 268 { 269 static const char *paths[] = { "/var/run/egd-pool", "/dev/egd-pool", 270 "/etc/egd-pool", "/etc/entropy" }; 271 size_t n; 272 for (n = 0; n < sizeof(paths) / sizeof(char *); n++) { 273 NE_DEBUG(NE_DBG_SOCKET, "Seeding PRNG from %s...\n", paths[n]); 274 if (RAND_egd(paths[n]) != -1) 275 return 0; 276 } 277 } 278#endif /* EGD_PATH */ 279 280 NE_DEBUG(NE_DBG_SOCKET, "No entropy source found; could not seed PRNG.\n"); 281 return -1; 282} 283#endif /* HAVE_OPENSSL */ 284 285#ifdef USE_CHECK_IPV6 286static int ipv6_disabled = 0; 287 288/* On Linux kernels, IPv6 is typically built as a loadable module, and 289 * socket(AF_INET6, ...) will fail if this module is not loaded, so 290 * the slow AAAA lookups can be avoided for this common case. */ 291static void init_ipv6(void) 292{ 293 int fd = socket(AF_INET6, SOCK_STREAM, 0); 294 295 if (fd < 0) 296 ipv6_disabled = 1; 297 else 298 close(fd); 299} 300#elif defined(AF_INET6) 301#define ipv6_disabled (0) 302#else 303#define ipv6_disabled (1) 304#endif 305 306/* If init_state is N where > 0, ne_sock_init has been called N times; 307 * if == 0, library is not initialized; if < 0, library initialization 308 * has failed. */ 309static int init_state = 0; 310 311int ne_sock_init(void) 312{ 313#ifdef WIN32 314 WORD wVersionRequested; 315 WSADATA wsaData; 316 int err; 317#endif 318 319 if (init_state > 0) { 320 init_state++; 321 return 0; 322 } 323 else if (init_state < 0) { 324 return -1; 325 } 326 327#ifdef WIN32 328 wVersionRequested = MAKEWORD(2, 2); 329 330 err = WSAStartup(wVersionRequested, &wsaData); 331 if (err != 0) { 332 return init_state = -1; 333 } 334#ifdef HAVE_SSPI 335 if (ne_sspi_init() < 0) { 336 return init_state = -1; 337 } 338#endif 339#endif 340 341#ifdef NE_HAVE_SOCKS 342 SOCKSinit("neon"); 343#endif 344 345#if defined(HAVE_SIGNAL) && defined(SIGPIPE) 346 (void) signal(SIGPIPE, SIG_IGN); 347#endif 348 349#ifdef USE_CHECK_IPV6 350 init_ipv6(); 351#endif 352 353#ifdef NE_HAVE_SSL 354 if (ne__ssl_init()) { 355 return init_state = -1; 356 } 357#endif 358 359 init_state = 1; 360 return 0; 361} 362 363void ne_sock_exit(void) 364{ 365 if (init_state > 0 && --init_state == 0) { 366#ifdef WIN32 367 WSACleanup(); 368#endif 369#ifdef NE_HAVE_SSL 370 ne__ssl_exit(); 371#endif 372 373#ifdef HAVE_SSPI 374 ne_sspi_deinit(); 375#endif 376 } 377} 378 379/* Await readability (rdwr = 0) or writability (rdwr != 0) for socket 380 * fd for secs seconds. Returns <0 on error, zero on timeout, >0 if 381 * data is available. */ 382static int raw_poll(int fdno, int rdwr, int secs) 383{ 384 int ret; 385#ifdef NE_USE_POLL 386 struct pollfd fds; 387 int timeout = secs > 0 ? secs * 1000 : -1; 388 389 fds.fd = fdno; 390 fds.events = rdwr == 0 ? POLLIN : POLLOUT; 391 fds.revents = 0; 392 393 do { 394 ret = poll(&fds, 1, timeout); 395 } while (ret < 0 && NE_ISINTR(ne_errno)); 396#else 397 fd_set rdfds, wrfds; 398 struct timeval timeout, *tvp = (secs >= 0 ? &timeout : NULL); 399 400 /* Init the fd set */ 401 FD_ZERO(&rdfds); 402 FD_ZERO(&wrfds); 403 404 /* Note that (amazingly) the FD_SET macro does not expand 405 * correctly on Netware if not inside a compound statement 406 * block. */ 407 if (rdwr == 0) { 408 FD_SET(fdno, &rdfds); 409 } else { 410 FD_SET(fdno, &wrfds); 411 } 412 413 if (tvp) { 414 tvp->tv_sec = secs; 415 tvp->tv_usec = 0; 416 } 417 do { 418 ret = select(fdno + 1, &rdfds, &wrfds, NULL, tvp); 419 } while (ret < 0 && NE_ISINTR(ne_errno)); 420#endif 421 return ret; 422} 423 424int ne_sock_block(ne_socket *sock, int n) 425{ 426 if (sock->bufavail) 427 return 0; 428 return sock->ops->readable(sock, n); 429} 430 431/* Cast address object AD to type 'sockaddr_TY' */ 432#define SACAST(ty, ad) ((struct sockaddr_##ty *)(ad)) 433 434ssize_t ne_sock_read(ne_socket *sock, char *buffer, size_t buflen) 435{ 436 ssize_t bytes; 437 438#if 0 439 NE_DEBUG(NE_DBG_SOCKET, "buf: at %d, %d avail [%s]\n", 440 sock->bufpos - sock->buffer, sock->bufavail, sock->bufpos); 441#endif 442 443 if (sock->bufavail > 0) { 444 /* Deliver buffered data. */ 445 if (buflen > sock->bufavail) 446 buflen = sock->bufavail; 447 memcpy(buffer, sock->bufpos, buflen); 448 sock->bufpos += buflen; 449 sock->bufavail -= buflen; 450 return buflen; 451 } else if (buflen >= sizeof sock->buffer) { 452 /* No need for read buffer. */ 453 return sock->ops->sread(sock, buffer, buflen); 454 } else { 455 /* Fill read buffer. */ 456 bytes = sock->ops->sread(sock, sock->buffer, sizeof sock->buffer); 457 if (bytes <= 0) 458 return bytes; 459 460 if (buflen > (size_t)bytes) 461 buflen = bytes; 462 memcpy(buffer, sock->buffer, buflen); 463 sock->bufpos = sock->buffer + buflen; 464 sock->bufavail = bytes - buflen; 465 return buflen; 466 } 467} 468 469ssize_t ne_sock_peek(ne_socket *sock, char *buffer, size_t buflen) 470{ 471 ssize_t bytes; 472 473 if (sock->bufavail) { 474 /* just return buffered data. */ 475 bytes = sock->bufavail; 476 } else { 477 /* fill the buffer. */ 478 bytes = sock->ops->sread(sock, sock->buffer, sizeof sock->buffer); 479 if (bytes <= 0) 480 return bytes; 481 482 sock->bufpos = sock->buffer; 483 sock->bufavail = bytes; 484 } 485 486 if (buflen > (size_t)bytes) 487 buflen = bytes; 488 489 memcpy(buffer, sock->bufpos, buflen); 490 491 return buflen; 492} 493 494/* Await data on raw fd in socket. */ 495static int readable_raw(ne_socket *sock, int secs) 496{ 497 int ret = raw_poll(sock->fd, 0, secs); 498 499 if (ret < 0) { 500 set_strerror(sock, ne_errno); 501 return NE_SOCK_ERROR; 502 } 503 return (ret == 0) ? NE_SOCK_TIMEOUT : 0; 504} 505 506static ssize_t read_raw(ne_socket *sock, char *buffer, size_t len) 507{ 508 ssize_t ret; 509 510 ret = readable_raw(sock, sock->rdtimeout); 511 if (ret) return ret; 512 513 do { 514 ret = recv(sock->fd, buffer, len, 0); 515 } while (ret == -1 && NE_ISINTR(ne_errno)); 516 517 if (ret == 0) { 518 set_error(sock, _("Connection closed")); 519 ret = NE_SOCK_CLOSED; 520 } else if (ret < 0) { 521 int errnum = ne_errno; 522 ret = NE_ISRESET(errnum) ? NE_SOCK_RESET : NE_SOCK_ERROR; 523 set_strerror(sock, errnum); 524 } 525 526 return ret; 527} 528 529#define MAP_ERR(e) (NE_ISCLOSED(e) ? NE_SOCK_CLOSED : \ 530 (NE_ISRESET(e) ? NE_SOCK_RESET : NE_SOCK_ERROR)) 531 532static ssize_t write_raw(ne_socket *sock, const char *data, size_t length) 533{ 534 ssize_t ret; 535 536#ifdef __QNX__ 537 /* Test failures seen on QNX over loopback, if passing large 538 * buffer lengths to send(). */ 539 if (length > 8192) length = 8192; 540#endif 541 542 do { 543 ret = send(sock->fd, data, length, 0); 544 } while (ret == -1 && NE_ISINTR(ne_errno)); 545 546 if (ret < 0) { 547 int errnum = ne_errno; 548 set_strerror(sock, errnum); 549 return MAP_ERR(errnum); 550 } 551 return ret; 552} 553 554static ssize_t writev_raw(ne_socket *sock, const struct ne_iovec *vector, int count) 555{ 556 ssize_t ret; 557#ifdef WIN32 558 LPWSABUF wasvector = (LPWSABUF)ne_malloc(count * sizeof(WSABUF)); 559 DWORD total; 560 int i; 561 562 for (i = 0; i < count; i++){ 563 wasvector[i].buf = vector[i].base; 564 wasvector[i].len = vector[i].len; 565 } 566 567 ret = WSASend(sock->fd, wasvector, count, &total, 0, NULL, NULL); 568 if (ret == 0) 569 ret = total; 570 571 ne_free(wasvector); 572#else 573 const struct iovec *vec = (const struct iovec *) vector; 574 575 do { 576 ret = writev(sock->fd, vec, count); 577 } while (ret == -1 && NE_ISINTR(ne_errno)); 578#endif 579 580 if (ret < 0) { 581 int errnum = ne_errno; 582 set_strerror(sock, errnum); 583 return MAP_ERR(errnum); 584 } 585 586 return ret; 587} 588 589#ifdef NE_HAVE_SSL 590static ssize_t writev_dummy(ne_socket *sock, const struct ne_iovec *vector, int count) 591{ 592 return sock->ops->swrite(sock, vector[0].base, vector[0].len); 593} 594#endif 595 596static const struct iofns iofns_raw = { read_raw, write_raw, readable_raw, writev_raw }; 597 598#ifdef HAVE_OPENSSL 599/* OpenSSL I/O function implementations. */ 600static int readable_ossl(ne_socket *sock, int secs) 601{ 602 if (SSL_pending(sock->ssl)) 603 return 0; 604 return readable_raw(sock, secs); 605} 606 607/* SSL error handling, according to SSL_get_error(3). */ 608static int error_ossl(ne_socket *sock, int sret) 609{ 610 int errnum = SSL_get_error(sock->ssl, sret); 611 unsigned long err; 612 613 if (errnum == SSL_ERROR_ZERO_RETURN) { 614 set_error(sock, _("Connection closed")); 615 return NE_SOCK_CLOSED; 616 } 617 618 /* for all other errors, look at the OpenSSL error stack */ 619 err = ERR_get_error(); 620 if (err == 0) { 621 /* Empty error stack, presume this is a system call error: */ 622 if (sret == 0) { 623 /* EOF without close_notify, possible truncation */ 624 set_error(sock, _("Secure connection truncated")); 625 return NE_SOCK_TRUNC; 626 } else { 627 /* Other socket error. */ 628 errnum = ne_errno; 629 set_strerror(sock, errnum); 630 return MAP_ERR(errnum); 631 } 632 } 633 634 if (ERR_reason_error_string(err)) { 635 ne_snprintf(sock->error, sizeof sock->error, 636 _("SSL error: %s"), ERR_reason_error_string(err)); 637 } else { 638 ne_snprintf(sock->error, sizeof sock->error, 639 _("SSL error code %d/%d/%lu"), sret, errnum, err); 640 } 641 642 /* make sure the error stack is now empty. */ 643 ERR_clear_error(); 644 return NE_SOCK_ERROR; 645} 646 647/* Work around OpenSSL's use of 'int' rather than 'size_t', to prevent 648 * accidentally passing a negative number, etc. */ 649#define CAST2INT(n) (((n) > INT_MAX) ? INT_MAX : (n)) 650 651static ssize_t read_ossl(ne_socket *sock, char *buffer, size_t len) 652{ 653 int ret; 654 655 ret = readable_ossl(sock, sock->rdtimeout); 656 if (ret) return ret; 657 658 ret = SSL_read(sock->ssl, buffer, CAST2INT(len)); 659 if (ret <= 0) 660 ret = error_ossl(sock, ret); 661 662 return ret; 663} 664 665static ssize_t write_ossl(ne_socket *sock, const char *data, size_t len) 666{ 667 int ret, ilen = CAST2INT(len); 668 ret = SSL_write(sock->ssl, data, ilen); 669 /* ssl.h says SSL_MODE_ENABLE_PARTIAL_WRITE must be enabled to 670 * have SSL_write return < length... so, SSL_write should never 671 * return < length. */ 672 if (ret != ilen) 673 return error_ossl(sock, ret); 674 return ret; 675} 676 677static const struct iofns iofns_ssl = { 678 read_ossl, 679 write_ossl, 680 readable_ossl, 681 writev_dummy 682}; 683 684#elif defined(HAVE_GNUTLS) 685 686/* Return zero if an alert value can be ignored. */ 687static int check_alert(ne_socket *sock, ssize_t ret) 688{ 689 const char *alert; 690 691 if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED) { 692 alert = gnutls_alert_get_name(gnutls_alert_get(sock->ssl)); 693 NE_DEBUG(NE_DBG_SOCKET, "TLS warning alert: %s\n", alert); 694 return 0; 695 } else if (ret == GNUTLS_E_FATAL_ALERT_RECEIVED) { 696 alert = gnutls_alert_get_name(gnutls_alert_get(sock->ssl)); 697 NE_DEBUG(NE_DBG_SOCKET, "TLS fatal alert: %s\n", alert); 698 return -1; 699 } 700 return ret; 701} 702 703static int readable_gnutls(ne_socket *sock, int secs) 704{ 705 if (gnutls_record_check_pending(sock->ssl)) { 706 return 0; 707 } 708 return readable_raw(sock, secs); 709} 710 711static ssize_t error_gnutls(ne_socket *sock, ssize_t sret) 712{ 713 ssize_t ret; 714 715 switch (sret) { 716 case 0: 717 ret = NE_SOCK_CLOSED; 718 set_error(sock, _("Connection closed")); 719 break; 720 case GNUTLS_E_FATAL_ALERT_RECEIVED: 721 ret = NE_SOCK_ERROR; 722 ne_snprintf(sock->error, sizeof sock->error, 723 _("SSL alert received: %s"), 724 gnutls_alert_get_name(gnutls_alert_get(sock->ssl))); 725 break; 726 case GNUTLS_E_UNEXPECTED_PACKET_LENGTH: 727 /* It's not exactly an API guarantee but this error will 728 * always mean a premature EOF. */ 729 ret = NE_SOCK_TRUNC; 730 set_error(sock, _("Secure connection truncated")); 731 break; 732 case GNUTLS_E_PUSH_ERROR: 733 ret = NE_SOCK_RESET; 734 set_error(sock, ("SSL socket write failed")); 735 break; 736 case GNUTLS_E_PULL_ERROR: 737 ret = NE_SOCK_RESET; 738 set_error(sock, _("SSL socket read failed")); 739 break; 740 default: 741 ret = NE_SOCK_ERROR; 742 ne_snprintf(sock->error, sizeof sock->error, _("SSL error: %s"), 743 gnutls_strerror(sret)); 744 } 745 return ret; 746} 747 748#define RETRY_GNUTLS(sock, ret) ((ret < 0) \ 749 && (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN \ 750 || check_alert(sock, ret) == 0)) 751 752static ssize_t read_gnutls(ne_socket *sock, char *buffer, size_t len) 753{ 754 ssize_t ret; 755 unsigned reneg = 1; /* number of allowed rehandshakes */ 756 757 ret = readable_gnutls(sock, sock->rdtimeout); 758 if (ret) return ret; 759 760 do { 761 do { 762 ret = gnutls_record_recv(sock->ssl, buffer, len); 763 } while (RETRY_GNUTLS(sock, ret)); 764 765 } while (ret == GNUTLS_E_REHANDSHAKE && reneg-- 766 && (ret = gnutls_handshake(sock->ssl)) == GNUTLS_E_SUCCESS); 767 768 if (ret <= 0) 769 ret = error_gnutls(sock, ret); 770 771 return ret; 772} 773 774static ssize_t write_gnutls(ne_socket *sock, const char *data, size_t len) 775{ 776 ssize_t ret; 777 778 do { 779 ret = gnutls_record_send(sock->ssl, data, len); 780 } while (RETRY_GNUTLS(sock, ret)); 781 782 if (ret < 0) 783 return error_gnutls(sock, ret); 784 785 return ret; 786} 787 788static const struct iofns iofns_ssl = { 789 read_gnutls, 790 write_gnutls, 791 readable_gnutls, 792 writev_dummy 793}; 794 795#endif 796 797int ne_sock_fullwrite(ne_socket *sock, const char *data, size_t len) 798{ 799 ssize_t ret; 800 801 do { 802 ret = sock->ops->swrite(sock, data, len); 803 if (ret > 0) { 804 data += ret; 805 len -= ret; 806 } 807 } while (ret > 0 && len > 0); 808 809 return ret < 0 ? ret : 0; 810} 811 812int ne_sock_fullwritev(ne_socket *sock, const struct ne_iovec *vector, int count) 813{ 814 ssize_t ret; 815 816 do { 817 ret = sock->ops->swritev(sock, vector, count); 818 if (ret > 0) { 819 while (count && (size_t)ret >= vector[0].len) { 820 ret -= vector[0].len; 821 count--; 822 vector++; 823 } 824 825 if (ret && count) { 826 /* Partial buffer sent; send the rest. */ 827 ret = ne_sock_fullwrite(sock, (char *)vector[0].base + ret, 828 vector[0].len - ret); 829 count--; 830 vector++; 831 } 832 } 833 } while (count && ret >= 0); 834 835 return ret < 0 ? ret : 0; 836} 837 838ssize_t ne_sock_readline(ne_socket *sock, char *buf, size_t buflen) 839{ 840 char *lf; 841 size_t len; 842 843 if ((lf = memchr(sock->bufpos, '\n', sock->bufavail)) == NULL 844 && sock->bufavail < RDBUFSIZ) { 845 /* The buffered data does not contain a complete line: move it 846 * to the beginning of the buffer. */ 847 if (sock->bufavail) 848 memmove(sock->buffer, sock->bufpos, sock->bufavail); 849 sock->bufpos = sock->buffer; 850 851 /* Loop filling the buffer whilst no newline is found in the data 852 * buffered so far, and there is still buffer space available */ 853 do { 854 /* Read more data onto end of buffer. */ 855 ssize_t ret = sock->ops->sread(sock, sock->buffer + sock->bufavail, 856 RDBUFSIZ - sock->bufavail); 857 if (ret < 0) return ret; 858 sock->bufavail += ret; 859 } while ((lf = memchr(sock->buffer, '\n', sock->bufavail)) == NULL 860 && sock->bufavail < RDBUFSIZ); 861 } 862 863 if (lf) 864 len = lf - sock->bufpos + 1; 865 else 866 len = buflen; /* fall into "line too long" error... */ 867 868 if ((len + 1) > buflen) { 869 set_error(sock, _("Line too long")); 870 return NE_SOCK_ERROR; 871 } 872 873 memcpy(buf, sock->bufpos, len); 874 buf[len] = '\0'; 875 /* consume the line from buffer: */ 876 sock->bufavail -= len; 877 sock->bufpos += len; 878 return len; 879} 880 881ssize_t ne_sock_fullread(ne_socket *sock, char *buffer, size_t buflen) 882{ 883 ssize_t len; 884 885 while (buflen > 0) { 886 len = ne_sock_read(sock, buffer, buflen); 887 if (len < 0) return len; 888 buflen -= len; 889 buffer += len; 890 } 891 892 return 0; 893} 894 895#ifndef INADDR_NONE 896#define INADDR_NONE ((in_addr_t) -1) 897#endif 898 899#if !defined(USE_GETADDRINFO) && !defined(WIN32) && !HAVE_DECL_H_ERRNO 900/* Ancient versions of netdb.h don't export h_errno. */ 901extern int h_errno; 902#endif 903 904/* This implemementation does not attempt to support IPv6 using 905 * gethostbyname2 et al. */ 906ne_sock_addr *ne_addr_resolve(const char *hostname, int flags) 907{ 908 ne_sock_addr *addr = ne_calloc(sizeof *addr); 909#ifdef USE_GETADDRINFO 910 struct addrinfo hints = {0}; 911 char *pnt; 912 913 hints.ai_socktype = SOCK_STREAM; 914 915#ifdef AF_INET6 916 if (hostname[0] == '[' && ((pnt = strchr(hostname, ']')) != NULL)) { 917 char *hn = ne_strdup(hostname + 1); 918 hn[pnt - hostname - 1] = '\0'; 919#ifdef AI_NUMERICHOST /* added in the RFC2553 API */ 920 hints.ai_flags = AI_NUMERICHOST; 921#endif 922 hints.ai_family = AF_INET6; 923 addr->errnum = getaddrinfo(hn, NULL, &hints, &addr->result); 924 ne_free(hn); 925 } else 926#endif /* AF_INET6 */ 927 { 928#ifdef USE_GAI_ADDRCONFIG /* added in the RFC3493 API */ 929 hints.ai_flags = AI_ADDRCONFIG; 930 hints.ai_family = AF_UNSPEC; 931 addr->errnum = getaddrinfo(hostname, NULL, &hints, &addr->result); 932#else 933 hints.ai_family = ipv6_disabled ? AF_INET : AF_UNSPEC; 934 addr->errnum = getaddrinfo(hostname, NULL, &hints, &addr->result); 935#endif 936 } 937#else /* Use gethostbyname() */ 938 in_addr_t laddr; 939 struct hostent *hp; 940 941 laddr = inet_addr(hostname); 942 if (laddr == INADDR_NONE) { 943 hp = gethostbyname(hostname); 944 if (hp == NULL) { 945#ifdef WIN32 946 addr->errnum = WSAGetLastError(); 947#else 948 addr->errnum = h_errno; 949#endif 950 } else if (hp->h_length != sizeof(struct in_addr)) { 951 /* fail gracefully if somebody set RES_USE_INET6 */ 952 addr->errnum = NO_RECOVERY; 953 } else { 954 size_t n; 955 /* count addresses */ 956 for (n = 0; hp->h_addr_list[n] != NULL; n++) 957 /* noop */; 958 959 addr->count = n; 960 addr->addrs = ne_malloc(n * sizeof *addr->addrs); 961 962 for (n = 0; n < addr->count; n++) 963 memcpy(&addr->addrs[n], hp->h_addr_list[n], hp->h_length); 964 } 965 } else { 966 addr->addrs = ne_malloc(sizeof *addr->addrs); 967 addr->count = 1; 968 memcpy(addr->addrs, &laddr, sizeof *addr->addrs); 969 } 970#endif 971 return addr; 972} 973 974int ne_addr_result(const ne_sock_addr *addr) 975{ 976 return addr->errnum; 977} 978 979const ne_inet_addr *ne_addr_first(ne_sock_addr *addr) 980{ 981#ifdef USE_GETADDRINFO 982 addr->cursor = addr->result->ai_next; 983 return addr->result; 984#else 985 addr->cursor = 0; 986 return &addr->addrs[0]; 987#endif 988} 989 990const ne_inet_addr *ne_addr_next(ne_sock_addr *addr) 991{ 992#ifdef USE_GETADDRINFO 993 struct addrinfo *ret = addr->cursor; 994 if (addr->cursor) addr->cursor = addr->cursor->ai_next; 995#else 996 struct in_addr *ret; 997 if (++addr->cursor < addr->count) 998 ret = &addr->addrs[addr->cursor]; 999 else 1000 ret = NULL; 1001#endif 1002 return ret; 1003} 1004 1005char *ne_addr_error(const ne_sock_addr *addr, char *buf, size_t bufsiz) 1006{ 1007#ifdef WIN32 1008 print_error(addr->errnum, buf, bufsiz); 1009#else 1010 const char *err; 1011#ifdef USE_GETADDRINFO 1012 /* override horrible generic "Name or service not known" error. */ 1013 if (addr->errnum == EAI_NONAME) 1014 err = _("Host not found"); 1015 else 1016 err = gai_strerror(addr->errnum); 1017#elif defined(HAVE_HSTRERROR) 1018 err = hstrerror(addr->errnum); 1019#else 1020 err = _("Host not found"); 1021#endif 1022 ne_strnzcpy(buf, err, bufsiz); 1023#endif /* WIN32 */ 1024 return buf; 1025} 1026 1027char *ne_iaddr_print(const ne_inet_addr *ia, char *buf, size_t bufsiz) 1028{ 1029#if defined(USE_GETADDRINFO) && defined(HAVE_INET_NTOP) 1030 const char *ret; 1031#ifdef AF_INET6 1032 if (ia->ai_family == AF_INET6) { 1033 struct sockaddr_in6 *in6 = SACAST(in6, ia->ai_addr); 1034 ret = inet_ntop(AF_INET6, &in6->sin6_addr, buf, bufsiz); 1035 } else 1036#endif 1037 if (ia->ai_family == AF_INET) { 1038 struct sockaddr_in *in = SACAST(in, ia->ai_addr); 1039 ret = inet_ntop(AF_INET, &in->sin_addr, buf, bufsiz); 1040 } else 1041 ret = NULL; 1042 if (ret == NULL) 1043 ne_strnzcpy(buf, "[IP address]", bufsiz); 1044#elif defined(USE_GETADDRINFO) && defined(NI_NUMERICHOST) 1045 /* use getnameinfo instead for Win32, which lacks inet_ntop: */ 1046 if (getnameinfo(ia->ai_addr, ia->ai_addrlen, buf, bufsiz, NULL, 0, 1047 NI_NUMERICHOST)) 1048 ne_strnzcpy(buf, "[IP address]", bufsiz); 1049#else /* USE_GETADDRINFO */ 1050 ne_strnzcpy(buf, inet_ntoa(*ia), bufsiz); 1051#endif 1052 return buf; 1053} 1054 1055unsigned char *ne_iaddr_raw(const ne_inet_addr *ia, unsigned char *buf) 1056{ 1057#ifdef USE_GETADDRINFO 1058#ifdef AF_INET6 1059 if (ia->ai_family == AF_INET6) { 1060 struct sockaddr_in6 *in6 = SACAST(in6, ia->ai_addr); 1061 return memcpy(buf, in6->sin6_addr.s6_addr, sizeof in6->sin6_addr.s6_addr); 1062 } else 1063#endif /* AF_INET6 */ 1064 { 1065 struct sockaddr_in *in = SACAST(in, ia->ai_addr); 1066 return memcpy(buf, &in->sin_addr.s_addr, sizeof in->sin_addr.s_addr); 1067 } 1068#else /* !USE_GETADDRINFO */ 1069 return memcpy(buf, &ia->s_addr, sizeof ia->s_addr); 1070#endif 1071} 1072 1073ne_inet_addr *ne_iaddr_parse(const char *addr, ne_iaddr_type type) 1074{ 1075#if defined(USE_GETADDRINFO) && defined(HAVE_INET_PTON) 1076 char dst[sizeof(struct in6_addr)]; 1077 int af = type == ne_iaddr_ipv6 ? AF_INET6 : AF_INET; 1078 1079 if (inet_pton(af, addr, dst) != 1) { 1080 return NULL; 1081 } 1082 1083 return ne_iaddr_make(type, (unsigned char *)dst); 1084#elif defined(USE_GETADDRINFO) && !defined(HAVE_INET_PTON) 1085 /* For Windows, which lacks inet_pton(). */ 1086 struct addrinfo *ai, *rv, hints; 1087 1088 memset(&hints, 0, sizeof hints); 1089 hints.ai_socktype = SOCK_STREAM; 1090 hints.ai_flags = AI_NUMERICHOST; 1091 hints.ai_family = type == ne_iaddr_ipv6 ? AF_INET6 : AF_INET; 1092 1093 if (getaddrinfo(addr, NULL, &hints, &ai)) { 1094 return NULL; 1095 } 1096 1097 /* Copy the returned addrinfo, since it needs to be ne_free()-able 1098 * later; must only call freeaddrinfo() on ai. */ 1099 rv = ne_calloc(sizeof *rv); 1100 memcpy(rv, ai, sizeof *rv); 1101 rv->ai_next = NULL; 1102 rv->ai_canonname = NULL; 1103 rv->ai_addr = ne_calloc(ai->ai_addrlen); 1104 memcpy(rv->ai_addr, ai->ai_addr, ai->ai_addrlen); 1105 freeaddrinfo(ai); 1106 1107 return rv; 1108#else /* !USE_GETADDRINFO */ 1109 struct in_addr a; 1110 1111 if (type == ne_iaddr_ipv6) { 1112 return NULL; 1113 } 1114 1115#ifdef WIN32 1116 /* inet_addr() is broken because INADDR_NONE is a valid 1117 * broadcast address, so only use it on Windows. */ 1118 a.s_addr = inet_addr(addr); 1119 if (a.s_addr == INADDR_NONE) { 1120 return NULL; 1121 } 1122#else /* !WIN32 */ 1123 if (inet_aton(addr, &a) == 0) { 1124 return NULL; 1125 } 1126#endif 1127 1128 return ne_iaddr_make(ne_iaddr_ipv4, (unsigned char *)&a.s_addr); 1129#endif /* !USE_GETADDRINFO */ 1130} 1131 1132int ne_iaddr_reverse(const ne_inet_addr *ia, char *buf, size_t bufsiz) 1133{ 1134#ifdef USE_GETADDRINFO 1135 return getnameinfo(ia->ai_addr, ia->ai_addrlen, buf, bufsiz, 1136 NULL, 0, 0); 1137#else 1138 struct hostent *hp; 1139 1140 hp = gethostbyaddr(ia, sizeof *ia, AF_INET); 1141 if (hp && hp->h_name) { 1142 ne_strnzcpy(buf, hp->h_name, bufsiz); 1143 return 0; 1144 } 1145 return -1; 1146#endif 1147} 1148 1149void ne_addr_destroy(ne_sock_addr *addr) 1150{ 1151#ifdef USE_GETADDRINFO 1152 if (addr->result) 1153 freeaddrinfo(addr->result); 1154#else 1155 if (addr->addrs) 1156 ne_free(addr->addrs); 1157#endif 1158 ne_free(addr); 1159} 1160 1161/* Perform a connect() for given fd, handling EINTR retries. Returns 1162 * zero on success or -1 on failure, in which case, ne_errno is set 1163 * appropriately. */ 1164static int raw_connect(int fd, const struct sockaddr *sa, size_t salen) 1165{ 1166 int ret; 1167 1168 do { 1169 ret = connect(fd, sa, salen); 1170 } while (ret < 0 && NE_ISINTR(ne_errno)); 1171 1172 return ret; 1173} 1174 1175/* Perform a connect() for fd to address sa of length salen, with a 1176 * timeout if supported on this platform. Returns zero on success or 1177 * NE_SOCK_* on failure, with sock->error set appropriately. */ 1178static int timed_connect(ne_socket *sock, int fd, 1179 const struct sockaddr *sa, size_t salen) 1180{ 1181 int ret; 1182 1183#ifdef USE_NONBLOCKING_CONNECT 1184 if (sock->cotimeout) { 1185 int errnum, flags; 1186 1187 /* Get flags and then set O_NONBLOCK. */ 1188 flags = fcntl(fd, F_GETFL); 1189 if (flags & O_NONBLOCK) { 1190 /* This socket was created using SOCK_NONBLOCK... flip the 1191 * bit for restoring flags later. */ 1192 flags &= ~O_NONBLOCK; 1193 } 1194 else if (fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1) { 1195 set_strerror(sock, errno); 1196 return NE_SOCK_ERROR; 1197 } 1198 1199 ret = raw_connect(fd, sa, salen); 1200 if (ret == -1) { 1201 errnum = ne_errno; 1202 if (NE_ISINPROGRESS(errnum)) { 1203 ret = raw_poll(fd, 1, sock->cotimeout); 1204 if (ret > 0) { /* poll got data */ 1205 socklen_t len = sizeof(errnum); 1206 1207 /* Check whether there is a pending error for the 1208 * socket. Per Stevens UNPv1��15.4, Solaris will 1209 * return a pending error via errno by failing the 1210 * getsockopt() call. */ 1211 1212 errnum = 0; 1213 if (getsockopt(fd, SOL_SOCKET, SO_ERROR, &errnum, &len)) 1214 errnum = errno; 1215 1216 if (errnum == 0) { 1217 ret = 0; 1218 } else { 1219 set_strerror(sock, errnum); 1220 ret = NE_SOCK_ERROR; 1221 } 1222 } else if (ret == 0) { /* poll timed out */ 1223 set_error(sock, _("Connection timed out")); 1224 ret = NE_SOCK_TIMEOUT; 1225 } else /* poll failed */ { 1226 set_strerror(sock, errno); 1227 ret = NE_SOCK_ERROR; 1228 } 1229 } else /* non-EINPROGRESS error from connect() */ { 1230 set_strerror(sock, errnum); 1231 ret = NE_SOCK_ERROR; 1232 } 1233 } 1234 1235 /* Reset to old flags: */ 1236 if (fcntl(fd, F_SETFL, flags) == -1) { 1237 set_strerror(sock, errno); 1238 ret = NE_SOCK_ERROR; 1239 } 1240 } else 1241#endif /* USE_NONBLOCKING_CONNECT */ 1242 { 1243 ret = raw_connect(fd, sa, salen); 1244 1245 if (ret < 0) { 1246 set_strerror(sock, errno); 1247 ret = NE_SOCK_ERROR; 1248 } 1249 } 1250 1251 return ret; 1252} 1253 1254/* Connect socket to address 'addr' on given 'port'. Returns zero on 1255 * success or NE_SOCK_* on failure with sock->error set 1256 * appropriately. */ 1257static int connect_socket(ne_socket *sock, int fd, 1258 const ne_inet_addr *addr, unsigned int port) 1259{ 1260#ifdef USE_GETADDRINFO 1261#ifdef AF_INET6 1262 /* fill in the _family field for AIX 4.3, which forgets to do so. */ 1263 if (addr->ai_family == AF_INET6) { 1264 struct sockaddr_in6 in6; 1265 memcpy(&in6, addr->ai_addr, sizeof in6); 1266 in6.sin6_port = port; 1267 in6.sin6_family = AF_INET6; 1268 return timed_connect(sock, fd, (struct sockaddr *)&in6, sizeof in6); 1269 } else 1270#endif 1271 if (addr->ai_family == AF_INET) { 1272 struct sockaddr_in in; 1273 memcpy(&in, addr->ai_addr, sizeof in); 1274 in.sin_port = port; 1275 in.sin_family = AF_INET; 1276 return timed_connect(sock, fd, (struct sockaddr *)&in, sizeof in); 1277 } else { 1278 set_strerror(sock, EINVAL); 1279 return NE_SOCK_ERROR; 1280 } 1281#else 1282 struct sockaddr_in sa = {0}; 1283 sa.sin_family = AF_INET; 1284 sa.sin_port = port; 1285 sa.sin_addr = *addr; 1286 return timed_connect(sock, fd, (struct sockaddr *)&sa, sizeof sa); 1287#endif 1288} 1289 1290ne_socket *ne_sock_create(void) 1291{ 1292 ne_socket *sock = ne_calloc(sizeof *sock); 1293 sock->rdtimeout = SOCKET_READ_TIMEOUT; 1294 sock->cotimeout = 0; 1295 sock->bufpos = sock->buffer; 1296 sock->ops = &iofns_raw; 1297 sock->fd = -1; 1298 return sock; 1299} 1300 1301 1302#ifdef USE_GETADDRINFO 1303#define ia_family(a) ((a)->ai_family) 1304#define ia_proto(a) ((a)->ai_protocol) 1305#else 1306#define ia_family(a) AF_INET 1307#define ia_proto(a) 0 1308#endif 1309 1310void ne_sock_prebind(ne_socket *sock, const ne_inet_addr *addr, 1311 unsigned int port) 1312{ 1313 sock->lport = port; 1314 sock->laddr = addr ? addr : &dummy_laddr; 1315} 1316 1317/* Bind socket 'fd' to address/port 'addr' and 'port', for subsequent 1318 * connect() to address of family 'peer_family'. */ 1319static int do_bind(int fd, int peer_family, 1320 const ne_inet_addr *addr, unsigned int port) 1321{ 1322#if defined(HAVE_SETSOCKOPT) && defined(SO_REUSEADDR) && defined(SOL_SOCKET) 1323 { 1324 int flag = 1; 1325 1326 (void) setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &flag, sizeof flag); 1327 /* An error here is not fatal, so ignore it. */ 1328 } 1329#endif 1330 1331 1332#if defined(USE_GETADDRINFO) && defined(AF_INET6) 1333 /* Use a sockaddr_in6 if an AF_INET6 local address is specifed, or 1334 * if no address is specified and the peer address is AF_INET6: */ 1335 if ((addr != &dummy_laddr && addr->ai_family == AF_INET6) 1336 || (addr == &dummy_laddr && peer_family == AF_INET6)) { 1337 struct sockaddr_in6 in6; 1338 1339 if (addr == &dummy_laddr) 1340 memset(&in6, 0, sizeof in6); 1341 else 1342 memcpy(&in6, addr->ai_addr, sizeof in6); 1343 in6.sin6_port = htons(port); 1344 /* fill in the _family field for AIX 4.3, which forgets to do so. */ 1345 in6.sin6_family = AF_INET6; 1346 1347 return bind(fd, (struct sockaddr *)&in6, sizeof in6); 1348 } else 1349#endif 1350 { 1351 struct sockaddr_in in; 1352 1353 if (addr == &dummy_laddr) 1354 memset(&in, 0, sizeof in); 1355 else { 1356#ifdef USE_GETADDRINFO 1357 memcpy(&in, addr->ai_addr, sizeof in); 1358#else 1359 in.sin_addr = *addr; 1360#endif 1361 } 1362 in.sin_port = htons(port); 1363 in.sin_family = AF_INET; 1364 1365 return bind(fd, (struct sockaddr *)&in, sizeof in); 1366 } 1367} 1368 1369#ifdef SOCK_CLOEXEC 1370/* sock_cloexec is initialized to SOCK_CLOEXEC and cleared to zero if 1371 * a socket() call ever fails with EINVAL. */ 1372static int sock_cloexec = SOCK_CLOEXEC; 1373#define RETRY_ON_EINVAL 1374#else 1375#define sock_cloexec 0 1376#endif 1377 1378int ne_sock_connect(ne_socket *sock, 1379 const ne_inet_addr *addr, unsigned int port) 1380{ 1381 int fd, ret; 1382 int type = SOCK_STREAM | sock_cloexec; 1383 1384#if defined(RETRY_ON_EINVAL) && defined(SOCK_NONBLOCK) \ 1385 && defined(USE_NONBLOCKING_CONNECT) 1386 /* If the SOCK_NONBLOCK flag is defined, and the retry-on-EINVAL 1387 * logic is enabled, and the socket has a configured timeout, then 1388 * also use the SOCK_NONBLOCK flag to save enabling O_NONBLOCK 1389 * later. */ 1390 if (sock->cotimeout && sock_cloexec) { 1391 type |= SOCK_NONBLOCK; 1392 } 1393#endif 1394 1395 /* use SOCK_STREAM rather than ai_socktype: some getaddrinfo 1396 * implementations do not set ai_socktype, e.g. RHL6.2. */ 1397 fd = socket(ia_family(addr), type, ia_proto(addr)); 1398#ifdef RETRY_ON_EINVAL 1399 /* Handle forwards compat for new glibc on an older kernels; clear 1400 * the sock_cloexec flag and retry the call: */ 1401 if (fd < 0 && sock_cloexec && errno == EINVAL) { 1402 sock_cloexec = 0; 1403 fd = socket(ia_family(addr), SOCK_STREAM, ia_proto(addr)); 1404 } 1405#endif 1406 if (fd < 0) { 1407 set_strerror(sock, ne_errno); 1408 return -1; 1409 } 1410 1411#if !defined(NE_USE_POLL) && !defined(WIN32) 1412 if (fd > FD_SETSIZE) { 1413 ne_close(fd); 1414 set_error(sock, _("Socket descriptor number exceeds FD_SETSIZE")); 1415 return NE_SOCK_ERROR; 1416 } 1417#endif 1418 1419#if defined(HAVE_FCNTL) && defined(F_GETFD) && defined(F_SETFD) \ 1420 && defined(FD_CLOEXEC) 1421 /* Set the FD_CLOEXEC bit for the new fd, if the socket was not 1422 * created with the CLOEXEC bit already set. */ 1423 if (!sock_cloexec && (ret = fcntl(fd, F_GETFD)) >= 0) { 1424 fcntl(fd, F_SETFD, ret | FD_CLOEXEC); 1425 /* ignore failure; not a critical error. */ 1426 } 1427#endif 1428 1429 if (sock->laddr && (sock->laddr == &dummy_laddr || 1430 ia_family(sock->laddr) == ia_family(addr))) { 1431 ret = do_bind(fd, ia_family(addr), sock->laddr, sock->lport); 1432 if (ret < 0) { 1433 int errnum = errno; 1434 ne_close(fd); 1435 set_strerror(sock, errnum); 1436 return NE_SOCK_ERROR; 1437 } 1438 } 1439 1440#if defined(HAVE_SETSOCKOPT) //add by alan 1441 { /* set the socket read time out. */ 1442 struct timeval tv = {SOCKET_RECEIVE_TIMEOUT,0}; 1443 setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO,(char *)&tv, sizeof(tv)); 1444 } 1445#endif 1446 1447#if defined(HAVE_SETSOCKOPT) && (defined(TCP_NODELAY) || defined(WIN32)) 1448 { /* Disable the Nagle algorithm. */ 1449 int flag = 1; 1450 setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &flag, sizeof flag); 1451 } 1452#endif 1453 1454 ret = connect_socket(sock, fd, addr, htons(port)); 1455 if (ret == 0) 1456 sock->fd = fd; 1457 else 1458 ne_close(fd); 1459 1460 return ret; 1461} 1462 1463ne_inet_addr *ne_sock_peer(ne_socket *sock, unsigned int *port) 1464{ 1465 union saun { 1466 struct sockaddr sa; 1467 struct sockaddr_in sin; 1468#if defined(USE_GETADDRINFO) && defined(AF_INET6) 1469 struct sockaddr_in6 sin6; 1470#endif 1471 } saun; 1472 socklen_t len = sizeof saun; 1473 ne_inet_addr *ia; 1474 struct sockaddr *sad = (struct sockaddr *)&saun; 1475 1476 if (getpeername(sock->fd, sad, &len) != 0) { 1477 set_strerror(sock, errno); 1478 return NULL; 1479 } 1480 1481#if !defined(USE_GETADDRINFO) || !defined(AF_INET6) 1482 if (sad->sa_family != AF_INET) { 1483 set_error(sock, _("Socket family not supported")); 1484 return NULL; 1485 } 1486#endif 1487 1488 ia = ne_calloc(sizeof *ia); 1489#ifdef USE_GETADDRINFO 1490 ia->ai_addr = ne_malloc(sizeof *ia); 1491 ia->ai_addrlen = len; 1492 memcpy(ia->ai_addr, sad, len); 1493 ia->ai_family = saun.sa.sa_family; 1494#else 1495 memcpy(ia, &saun.sin.sin_addr.s_addr, sizeof *ia); 1496#endif 1497 1498#if defined(USE_GETADDRINFO) && defined(AF_INET6) 1499 *port = ntohs(saun.sa.sa_family == AF_INET ? 1500 saun.sin.sin_port : saun.sin6.sin6_port); 1501#else 1502 *port = ntohs(saun.sin.sin_port); 1503#endif 1504 1505 return ia; 1506} 1507 1508ne_inet_addr *ne_iaddr_make(ne_iaddr_type type, const unsigned char *raw) 1509{ 1510 ne_inet_addr *ia; 1511#if !defined(AF_INET6) || !defined(USE_GETADDRINFO) 1512 /* fail if IPv6 address is given if IPv6 is not supported. */ 1513 if (type == ne_iaddr_ipv6) 1514 return NULL; 1515#endif 1516 ia = ne_calloc(sizeof *ia); 1517#ifdef USE_GETADDRINFO 1518 /* ai_protocol and ai_socktype aren't used by connect_socket() so 1519 * ignore them here. (for now) */ 1520 if (type == ne_iaddr_ipv4) { 1521 struct sockaddr_in *in4 = ne_calloc(sizeof *in4); 1522 ia->ai_family = AF_INET; 1523 ia->ai_addr = (struct sockaddr *)in4; 1524 ia->ai_addrlen = sizeof *in4; 1525 in4->sin_family = AF_INET; 1526 memcpy(&in4->sin_addr.s_addr, raw, sizeof in4->sin_addr.s_addr); 1527 } 1528#ifdef AF_INET6 1529 else { 1530 struct sockaddr_in6 *in6 = ne_calloc(sizeof *in6); 1531 ia->ai_family = AF_INET6; 1532 ia->ai_addr = (struct sockaddr *)in6; 1533 ia->ai_addrlen = sizeof *in6; 1534 in6->sin6_family = AF_INET6; 1535 memcpy(&in6->sin6_addr, raw, sizeof in6->sin6_addr.s6_addr); 1536 } 1537#endif 1538#else /* !USE_GETADDRINFO */ 1539 memcpy(&ia->s_addr, raw, sizeof ia->s_addr); 1540#endif 1541 return ia; 1542} 1543 1544ne_iaddr_type ne_iaddr_typeof(const ne_inet_addr *ia) 1545{ 1546#if defined(USE_GETADDRINFO) && defined(AF_INET6) 1547 return ia->ai_family == AF_INET6 ? ne_iaddr_ipv6 : ne_iaddr_ipv4; 1548#else 1549 return ne_iaddr_ipv4; 1550#endif 1551} 1552 1553int ne_iaddr_cmp(const ne_inet_addr *i1, const ne_inet_addr *i2) 1554{ 1555#ifdef USE_GETADDRINFO 1556 if (i1->ai_family != i2->ai_family) 1557 return i2->ai_family - i1->ai_family; 1558 if (i1->ai_family == AF_INET) { 1559 struct sockaddr_in *in1 = SACAST(in, i1->ai_addr), 1560 *in2 = SACAST(in, i2->ai_addr); 1561 return memcmp(&in1->sin_addr.s_addr, &in2->sin_addr.s_addr, 1562 sizeof in1->sin_addr.s_addr); 1563 } 1564#ifdef AF_INET6 1565 else if (i1->ai_family == AF_INET6) { 1566 struct sockaddr_in6 *in1 = SACAST(in6, i1->ai_addr), 1567 *in2 = SACAST(in6, i2->ai_addr); 1568 return memcmp(in1->sin6_addr.s6_addr, in2->sin6_addr.s6_addr, 1569 sizeof in1->sin6_addr.s6_addr); 1570 } 1571#endif /* AF_INET6 */ 1572 else 1573 return -1; 1574#else 1575 return memcmp(&i1->s_addr, &i2->s_addr, sizeof i1->s_addr); 1576#endif /* USE_GETADDRINFO */ 1577} 1578 1579void ne_iaddr_free(ne_inet_addr *addr) 1580{ 1581#ifdef USE_GETADDRINFO 1582 ne_free(addr->ai_addr); 1583#endif 1584 ne_free(addr); 1585} 1586 1587int ne_sock_accept(ne_socket *sock, int listener) 1588{ 1589 int fd = accept(listener, NULL, NULL); 1590 1591 if (fd < 0) 1592 return -1; 1593 1594 sock->fd = fd; 1595 return 0; 1596} 1597 1598int ne_sock_fd(const ne_socket *sock) 1599{ 1600 return sock->fd; 1601} 1602 1603void ne_sock_read_timeout(ne_socket *sock, int timeout) 1604{ 1605 sock->rdtimeout = timeout; 1606} 1607 1608void ne_sock_connect_timeout(ne_socket *sock, int timeout) 1609{ 1610 sock->cotimeout = timeout; 1611} 1612 1613#ifdef NE_HAVE_SSL 1614 1615#ifdef HAVE_GNUTLS 1616/* Dumb server session cache implementation for GNUTLS; holds a single 1617 * session. */ 1618 1619/* Copy datum 'src' to 'dest'. */ 1620static void copy_datum(gnutls_datum *dest, gnutls_datum *src) 1621{ 1622 dest->size = src->size; 1623 dest->data = memcpy(gnutls_malloc(src->size), src->data, src->size); 1624} 1625 1626/* Callback to store a session 'data' with id 'key'. */ 1627static int store_sess(void *userdata, gnutls_datum key, gnutls_datum data) 1628{ 1629 ne_ssl_context *ctx = userdata; 1630 1631 if (ctx->cache.server.key.data) { 1632 gnutls_free(ctx->cache.server.key.data); 1633 gnutls_free(ctx->cache.server.data.data); 1634 } 1635 1636 copy_datum(&ctx->cache.server.key, &key); 1637 copy_datum(&ctx->cache.server.data, &data); 1638 1639 return 0; 1640} 1641 1642/* Returns non-zero if d1 and d2 are the same datum. */ 1643static int match_datum(gnutls_datum *d1, gnutls_datum *d2) 1644{ 1645 return d1->size == d2->size 1646 && memcmp(d1->data, d2->data, d1->size) == 0; 1647} 1648 1649/* Callback to retrieve a session of id 'key'. */ 1650static gnutls_datum retrieve_sess(void *userdata, gnutls_datum key) 1651{ 1652 ne_ssl_context *ctx = userdata; 1653 gnutls_datum ret = { NULL, 0 }; 1654 1655 if (match_datum(&ctx->cache.server.key, &key)) { 1656 copy_datum(&ret, &ctx->cache.server.data); 1657 } 1658 1659 return ret; 1660} 1661 1662/* Callback to remove a session of id 'key'; stub needed but 1663 * implementation seems unnecessary. */ 1664static int remove_sess(void *userdata, gnutls_datum key) 1665{ 1666 return -1; 1667} 1668#endif 1669 1670int ne_sock_accept_ssl(ne_socket *sock, ne_ssl_context *ctx) 1671{ 1672 int ret; 1673 ne_ssl_socket ssl; 1674 1675#if defined(HAVE_OPENSSL) 1676 ssl = SSL_new(ctx->ctx); 1677 1678 SSL_set_fd(ssl, sock->fd); 1679 1680 sock->ssl = ssl; 1681 ret = SSL_accept(ssl); 1682 if (ret != 1) { 1683 return error_ossl(sock, ret); 1684 } 1685 1686 if (SSL_session_reused(ssl)) { 1687 NE_DEBUG(NE_DBG_SSL, "ssl: Server reused session.\n"); 1688 } 1689#elif defined(HAVE_GNUTLS) 1690 gnutls_init(&ssl, GNUTLS_SERVER); 1691 gnutls_credentials_set(ssl, GNUTLS_CRD_CERTIFICATE, ctx->cred); 1692 gnutls_set_default_priority(ssl); 1693 1694 /* Set up dummy session cache. */ 1695 gnutls_db_set_store_function(ssl, store_sess); 1696 gnutls_db_set_retrieve_function(ssl, retrieve_sess); 1697 gnutls_db_set_remove_function(ssl, remove_sess); 1698 gnutls_db_set_ptr(ssl, ctx); 1699 1700 if (ctx->verify) 1701 gnutls_certificate_server_set_request(ssl, GNUTLS_CERT_REQUEST); 1702 1703 sock->ssl = ssl; 1704 gnutls_transport_set_ptr(sock->ssl, (gnutls_transport_ptr)(long)sock->fd); 1705 ret = gnutls_handshake(ssl); 1706 if (ret < 0) { 1707 return error_gnutls(sock, ret); 1708 } 1709 if (ctx->verify && gnutls_certificate_verify_peers(ssl)) { 1710 set_error(sock, _("Client certificate verification failed")); 1711 return NE_SOCK_ERROR; 1712 } 1713#endif 1714 sock->ops = &iofns_ssl; 1715 return 0; 1716} 1717 1718int ne_sock_connect_ssl(ne_socket *sock, ne_ssl_context *ctx, void *userdata) 1719{ 1720 int ret; 1721 1722#if defined(HAVE_OPENSSL) 1723 SSL *ssl; 1724 1725 if (seed_ssl_prng()) { 1726 set_error(sock, _("SSL disabled due to lack of entropy")); 1727 return NE_SOCK_ERROR; 1728 } 1729 1730 /* If runtime library version differs from compile-time version 1731 * number in major/minor/fix level, abort soon. */ 1732 if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & 0xFFFFF000) { 1733 set_error(sock, _("SSL disabled due to library version mismatch")); 1734 return NE_SOCK_ERROR; 1735 } 1736 1737 sock->ssl = ssl = SSL_new(ctx->ctx); 1738 if (!ssl) { 1739 set_error(sock, _("Could not create SSL structure")); 1740 return NE_SOCK_ERROR; 1741 } 1742 1743 SSL_set_app_data(ssl, userdata); 1744 SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); 1745 SSL_set_fd(ssl, sock->fd); 1746 sock->ops = &iofns_ssl; 1747 1748#ifdef SSL_set_tlsext_host_name 1749 if (ctx->hostname) { 1750 /* Try to enable SNI, but ignore failure (should only fail for 1751 * >255 char hostnames, which are probably not legal 1752 * anyway). */ 1753 if (SSL_set_tlsext_host_name(ssl, ctx->hostname) != 1) { 1754 ERR_clear_error(); 1755 } 1756 } 1757#endif 1758 1759 if (ctx->sess) 1760 SSL_set_session(ssl, ctx->sess); 1761 1762 ret = SSL_connect(ssl); 1763 if (ret != 1) { 1764 error_ossl(sock, ret); 1765 SSL_free(ssl); 1766 sock->ssl = NULL; 1767 return NE_SOCK_ERROR; 1768 } 1769#elif defined(HAVE_GNUTLS) 1770 /* DH and RSA params are set in ne_ssl_context_create */ 1771 gnutls_init(&sock->ssl, GNUTLS_CLIENT); 1772 gnutls_set_default_priority(sock->ssl); 1773 gnutls_session_set_ptr(sock->ssl, userdata); 1774 gnutls_credentials_set(sock->ssl, GNUTLS_CRD_CERTIFICATE, ctx->cred); 1775 1776#ifdef HAVE_GNUTLS_SIGN_CALLBACK_SET 1777 if (ctx->sign_func) 1778 gnutls_sign_callback_set(sock->ssl, ctx->sign_func, ctx->sign_data); 1779#endif 1780 1781 if (ctx->hostname) { 1782 gnutls_server_name_set(sock->ssl, GNUTLS_NAME_DNS, ctx->hostname, 1783 strlen(ctx->hostname)); 1784 } 1785 1786 gnutls_transport_set_ptr(sock->ssl, (gnutls_transport_ptr)(long)sock->fd); 1787 1788 if (ctx->cache.client.data) { 1789#if defined(HAVE_GNUTLS_SESSION_GET_DATA2) 1790 gnutls_session_set_data(sock->ssl, 1791 ctx->cache.client.data, 1792 ctx->cache.client.size); 1793#else 1794 gnutls_session_set_data(sock->ssl, 1795 ctx->cache.client.data, 1796 ctx->cache.client.len); 1797#endif 1798 } 1799 sock->ops = &iofns_ssl; 1800 1801 do { 1802 ret = gnutls_handshake(sock->ssl); 1803 } while (RETRY_GNUTLS(sock, ret)); 1804 if (ret < 0) { 1805 error_gnutls(sock, ret); 1806 return NE_SOCK_ERROR; 1807 } 1808 1809 if (!gnutls_session_is_resumed(sock->ssl)) { 1810 /* New session. The old method of using the _get_data 1811 * function seems to be broken with 1.3.0 and later*/ 1812#if defined(HAVE_GNUTLS_SESSION_GET_DATA2) 1813 gnutls_session_get_data2(sock->ssl, &ctx->cache.client); 1814#else 1815 ctx->cache.client.len = 0; 1816 if (gnutls_session_get_data(sock->ssl, NULL, 1817 &ctx->cache.client.len) == 0) { 1818 ctx->cache.client.data = ne_malloc(ctx->cache.client.len); 1819 gnutls_session_get_data(sock->ssl, ctx->cache.client.data, 1820 &ctx->cache.client.len); 1821 } 1822#endif 1823 } 1824#endif 1825 return 0; 1826} 1827 1828ne_ssl_socket ne__sock_sslsock(ne_socket *sock) 1829{ 1830 return sock->ssl; 1831} 1832 1833#endif 1834 1835int ne_sock_sessid(ne_socket *sock, unsigned char *buf, size_t *buflen) 1836{ 1837#ifdef NE_HAVE_SSL 1838#ifdef HAVE_GNUTLS 1839 if (sock->ssl) { 1840 return gnutls_session_get_id(sock->ssl, buf, buflen); 1841 } else { 1842 return -1; 1843 } 1844#else 1845 SSL_SESSION *sess; 1846 1847 if (!sock->ssl) { 1848 return -1; 1849 } 1850 1851 sess = SSL_get0_session(sock->ssl); 1852 1853 if (!buf) { 1854 *buflen = sess->session_id_length; 1855 return 0; 1856 } 1857 1858 if (*buflen < sess->session_id_length) { 1859 return -1; 1860 } 1861 1862 *buflen = sess->session_id_length; 1863 memcpy(buf, sess->session_id, *buflen); 1864 return 0; 1865#endif 1866#else 1867 return -1; 1868#endif 1869} 1870 1871char *ne_sock_cipher(ne_socket *sock) 1872{ 1873#ifdef NE_HAVE_SSL 1874 if (sock->ssl) { 1875#ifdef HAVE_OPENSSL 1876 const char *name = SSL_get_cipher(sock->ssl); 1877 return ne_strdup(name); 1878#elif defined(HAVE_GNUTLS) 1879 const char *name = gnutls_cipher_get_name(gnutls_cipher_get(sock->ssl)); 1880 return ne_strdup(name); 1881#endif 1882 } 1883 else 1884#endif /* NE_HAVE_SSL */ 1885 { 1886 return NULL; 1887 } 1888} 1889 1890const char *ne_sock_error(const ne_socket *sock) 1891{ 1892 return sock->error; 1893} 1894 1895void ne_sock_set_error(ne_socket *sock, const char *format, ...) 1896{ 1897 va_list params; 1898 1899 va_start(params, format); 1900 ne_vsnprintf(sock->error, sizeof sock->error, format, params); 1901 va_end(params); 1902} 1903 1904int ne_sock_close(ne_socket *sock) 1905{ 1906 int ret; 1907 1908 /* Per API description - for an SSL connection, simply send the 1909 * close_notify but do not wait for the peer's response. */ 1910#if defined(HAVE_OPENSSL) 1911 if (sock->ssl) { 1912 SSL_shutdown(sock->ssl); 1913 SSL_free(sock->ssl); 1914 } 1915#elif defined(HAVE_GNUTLS) 1916 if (sock->ssl) { 1917 do { 1918 ret = gnutls_bye(sock->ssl, GNUTLS_SHUT_WR); 1919 } while (ret < 0 1920 && (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN)); 1921 gnutls_deinit(sock->ssl); 1922 } 1923#endif 1924 1925 if (sock->fd < 0) 1926 ret = 0; 1927 else 1928 ret = ne_close(sock->fd); 1929 ne_free(sock); 1930 return ret; 1931} 1932