IRC bouncer
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

208 lines
5.2KB

  1. /* Copyright (C) 2019 C. McEnroe <june@causal.agency>
  2. *
  3. * This program is free software: you can redistribute it and/or modify
  4. * it under the terms of the GNU General Public License as published by
  5. * the Free Software Foundation, either version 3 of the License, or
  6. * (at your option) any later version.
  7. *
  8. * This program is distributed in the hope that it will be useful,
  9. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  10. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  11. * GNU General Public License for more details.
  12. *
  13. * You should have received a copy of the GNU General Public License
  14. * along with this program. If not, see <https://www.gnu.org/licenses/>.
  15. */
  16. #include <err.h>
  17. #include <errno.h>
  18. #include <fcntl.h>
  19. #include <limits.h>
  20. #include <netdb.h>
  21. #include <netinet/in.h>
  22. #include <stdbool.h>
  23. #include <stdio.h>
  24. #include <stdlib.h>
  25. #include <string.h>
  26. #include <sys/socket.h>
  27. #include <sys/stat.h>
  28. #include <sys/un.h>
  29. #include <sysexits.h>
  30. #include <tls.h>
  31. #include <unistd.h>
  32. #ifdef __FreeBSD__
  33. #include <sys/capsicum.h>
  34. #endif
  35. #include "bounce.h"
  36. static struct tls *server;
  37. static byte *readFile(size_t *len, FILE *file) {
  38. struct stat stat;
  39. int error = fstat(fileno(file), &stat);
  40. if (error) err(EX_IOERR, "fstat");
  41. byte *buf = malloc(stat.st_size);
  42. if (!buf) err(EX_OSERR, "malloc");
  43. *len = fread(buf, 1, stat.st_size, file);
  44. if (ferror(file)) err(EX_IOERR, "fread");
  45. return buf;
  46. }
  47. void localConfig(FILE *cert, FILE *priv) {
  48. tls_free(server);
  49. server = tls_server();
  50. if (!server) errx(EX_SOFTWARE, "tls_server");
  51. struct tls_config *config = tls_config_new();
  52. if (!config) errx(EX_SOFTWARE, "tls_config_new");
  53. size_t len;
  54. byte *buf = readFile(&len, cert);
  55. int error = tls_config_set_cert_mem(config, buf, len);
  56. if (error) {
  57. errx(EX_CONFIG, "tls_config_set_cert_mem: %s", tls_config_error(config));
  58. }
  59. free(buf);
  60. buf = readFile(&len, priv);
  61. error = tls_config_set_key_mem(config, buf, len);
  62. if (error) {
  63. errx(EX_CONFIG, "tls_config_set_key_mem: %s", tls_config_error(config));
  64. }
  65. free(buf);
  66. error = tls_configure(server, config);
  67. if (error) errx(EX_SOFTWARE, "tls_configure: %s", tls_error(server));
  68. tls_config_free(config);
  69. }
  70. size_t localBind(int fds[], size_t cap, const char *host, const char *port) {
  71. struct addrinfo *head;
  72. struct addrinfo hints = {
  73. .ai_family = AF_UNSPEC,
  74. .ai_socktype = SOCK_STREAM,
  75. .ai_protocol = IPPROTO_TCP,
  76. };
  77. int error = getaddrinfo(host, port, &hints, &head);
  78. if (error) errx(EX_NOHOST, "%s:%s: %s", host, port, gai_strerror(error));
  79. size_t len = 0;
  80. for (struct addrinfo *ai = head; ai && len < cap; ai = ai->ai_next) {
  81. fds[len] = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
  82. if (fds[len] < 0) err(EX_OSERR, "socket");
  83. int yes = 1;
  84. error = setsockopt(fds[len], SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes));
  85. if (error) err(EX_OSERR, "setsockopt");
  86. error = bind(fds[len], ai->ai_addr, ai->ai_addrlen);
  87. if (error) {
  88. warn("%s:%s", host, port);
  89. close(fds[len]);
  90. continue;
  91. }
  92. len++;
  93. }
  94. freeaddrinfo(head);
  95. if (!len) errx(EX_UNAVAILABLE, "could not bind any sockets");
  96. return len;
  97. }
  98. static bool unix;
  99. static int unixDir = -1;
  100. static char unixFile[PATH_MAX];
  101. static void unixUnlink(void) {
  102. int error = unlinkat(unixDir, unixFile, 0);
  103. if (error) warn("unlinkat");
  104. }
  105. size_t localUnix(int fds[], size_t cap, const char *path) {
  106. if (!cap) return 0;
  107. int sock = socket(PF_UNIX, SOCK_STREAM, 0);
  108. if (sock < 0) err(EX_OSERR, "socket");
  109. struct sockaddr_un addr = { .sun_family = AF_UNIX };
  110. size_t len = strlcpy(addr.sun_path, path, sizeof(addr.sun_path));
  111. if (len >= sizeof(addr.sun_path)) {
  112. errx(EX_CONFIG, "path too long: %s", path);
  113. }
  114. int error = bind(sock, (struct sockaddr *)&addr, SUN_LEN(&addr));
  115. if (error) err(EX_UNAVAILABLE, "%s", path);
  116. char dir[PATH_MAX] = ".";
  117. const char *base = strrchr(path, '/');
  118. if (base) {
  119. snprintf(dir, sizeof(dir), "%.*s", (int)(base - path), path);
  120. base++;
  121. } else {
  122. base = path;
  123. }
  124. snprintf(unixFile, sizeof(unixFile), "%s", base);
  125. unixDir = open(dir, O_DIRECTORY);
  126. if (unixDir < 0) err(EX_UNAVAILABLE, "%s", dir);
  127. atexit(unixUnlink);
  128. #ifdef __FreeBSD__
  129. cap_rights_t rights;
  130. error = cap_rights_limit(unixDir, cap_rights_init(&rights, CAP_UNLINKAT));
  131. if (error) err(EX_OSERR, "cap_rights_limit");
  132. #endif
  133. unix = true;
  134. fds[0] = sock;
  135. return 1;
  136. }
  137. static int recvfd(int sock) {
  138. char buf[CMSG_SPACE(sizeof(int))];
  139. char x;
  140. struct iovec iov = { .iov_base = &x, .iov_len = 1 };
  141. struct msghdr msg = {
  142. .msg_iov = &iov,
  143. .msg_iovlen = 1,
  144. .msg_control = buf,
  145. .msg_controllen = sizeof(buf),
  146. };
  147. if (0 > recvmsg(sock, &msg, 0)) return -1;
  148. struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);
  149. if (!cmsg || cmsg->cmsg_type != SCM_RIGHTS) {
  150. errno = ENOMSG;
  151. return -1;
  152. }
  153. return *(int *)CMSG_DATA(cmsg);
  154. }
  155. struct tls *localAccept(int *fd, int bind) {
  156. *fd = accept(bind, NULL, NULL);
  157. if (*fd < 0) err(EX_IOERR, "accept");
  158. if (unix) {
  159. int sent = recvfd(*fd);
  160. if (sent < 0) err(EX_IOERR, "recvfd");
  161. close(*fd);
  162. *fd = sent;
  163. }
  164. int yes = 1;
  165. int error = setsockopt(*fd, SOL_SOCKET, SO_NOSIGPIPE, &yes, sizeof(yes));
  166. if (error) err(EX_OSERR, "setsockopt");
  167. struct tls *client;
  168. error = tls_accept_socket(server, &client, *fd);
  169. if (error) errx(EX_SOFTWARE, "tls_accept_socket: %s", tls_error(server));
  170. return client;
  171. }