Line data Source code
1 : /*
2 : Authors:
3 : Jan Cholasta <jcholast@redhat.com>
4 :
5 : Copyright (C) 2012 Red Hat
6 :
7 : This program is free software; you can redistribute it and/or modify
8 : it under the terms of the GNU General Public License as published by
9 : the Free Software Foundation; either version 3 of the License, or
10 : (at your option) any later version.
11 :
12 : This program is distributed in the hope that it will be useful,
13 : but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : GNU General Public License for more details.
16 :
17 : You should have received a copy of the GNU General Public License
18 : along with this program. If not, see <http://www.gnu.org/licenses/>.
19 : */
20 :
21 : #include <stdio.h>
22 : #include <talloc.h>
23 : #include <unistd.h>
24 : #include <fcntl.h>
25 : #include <poll.h>
26 : #include <sys/types.h>
27 : #include <sys/socket.h>
28 : #include <netinet/in.h>
29 : #include <netinet/tcp.h>
30 : #include <netdb.h>
31 : #include <popt.h>
32 :
33 : #include "util/util.h"
34 : #include "util/crypto/sss_crypto.h"
35 : #include "util/sss_ssh.h"
36 : #include "sss_client/sss_cli.h"
37 : #include "sss_client/ssh/sss_ssh_client.h"
38 :
39 : #define BUFFER_SIZE 8192
40 :
41 : /* connect to server using socket */
42 : static int
43 0 : connect_socket(int family, struct sockaddr *addr, size_t addr_len)
44 : {
45 : int flags;
46 0 : int sock = -1;
47 : struct pollfd fds[2];
48 : char buffer[BUFFER_SIZE];
49 : int i;
50 : ssize_t res;
51 : int ret;
52 :
53 : /* set O_NONBLOCK on standard input */
54 0 : flags = fcntl(0, F_GETFL);
55 0 : if (flags == -1) {
56 0 : ret = errno;
57 0 : DEBUG(SSSDBG_OP_FAILURE, "fcntl() failed (%d): %s\n",
58 : ret, strerror(ret));
59 0 : goto done;
60 : }
61 :
62 0 : ret = fcntl(0, F_SETFL, flags | O_NONBLOCK);
63 0 : if (ret == -1) {
64 0 : ret = errno;
65 0 : DEBUG(SSSDBG_OP_FAILURE, "fcntl() failed (%d): %s\n",
66 : ret, strerror(ret));
67 0 : goto done;
68 : }
69 :
70 : /* create socket */
71 0 : sock = socket(family, SOCK_STREAM, IPPROTO_TCP);
72 0 : if (sock == -1) {
73 0 : ret = errno;
74 0 : DEBUG(SSSDBG_OP_FAILURE, "socket() failed (%d): %s\n",
75 : ret, strerror(ret));
76 0 : goto done;
77 : }
78 :
79 : /* connect to the server */
80 0 : ret = connect(sock, addr, addr_len);
81 0 : if (ret == -1) {
82 0 : ret = errno;
83 0 : DEBUG(SSSDBG_OP_FAILURE, "connect() failed (%d): %s\n",
84 : ret, strerror(ret));
85 0 : goto done;
86 : }
87 :
88 : /* set O_NONBLOCK on the socket */
89 0 : flags = fcntl(sock, F_GETFL);
90 0 : if (flags == -1) {
91 0 : ret = errno;
92 0 : DEBUG(SSSDBG_OP_FAILURE, "fcntl() failed (%d): %s\n",
93 : ret, strerror(ret));
94 0 : goto done;
95 : }
96 :
97 0 : ret = fcntl(sock, F_SETFL, flags | O_NONBLOCK);
98 0 : if (ret == -1) {
99 0 : ret = errno;
100 0 : DEBUG(SSSDBG_OP_FAILURE, "fcntl() failed (%d): %s\n",
101 : ret, strerror(ret));
102 0 : goto done;
103 : }
104 :
105 0 : fds[0].fd = 0;
106 0 : fds[0].events = POLLIN;
107 0 : fds[1].fd = sock;
108 0 : fds[1].events = POLLIN;
109 :
110 : while (1) {
111 0 : ret = poll(fds, 2, -1);
112 0 : if (ret == -1) {
113 0 : ret = errno;
114 0 : if (ret == EINTR || ret == EAGAIN) {
115 0 : continue;
116 : }
117 0 : DEBUG(SSSDBG_OP_FAILURE,
118 : "poll() failed (%d): %s\n", ret, strerror(ret));
119 0 : goto done;
120 : }
121 :
122 : /* read from standard input & write to socket */
123 : /* read from socket & write to standard output */
124 0 : for (i = 0; i < 2; i++) {
125 0 : if (fds[i].revents & POLLIN) {
126 0 : res = read(fds[i].fd, buffer, BUFFER_SIZE);
127 0 : if (res == -1) {
128 0 : ret = errno;
129 0 : if (ret == EAGAIN || ret == EINTR || ret == EWOULDBLOCK) {
130 0 : continue;
131 : }
132 0 : DEBUG(SSSDBG_OP_FAILURE,
133 : "read() failed (%d): %s\n", ret, strerror(ret));
134 0 : goto done;
135 0 : } else if (res == 0) {
136 0 : ret = EOK;
137 0 : goto done;
138 : }
139 :
140 0 : errno = 0;
141 0 : res = sss_atomic_write_s(i == 0 ? sock : 1, buffer, res);
142 0 : ret = errno;
143 0 : if (res == -1) {
144 0 : DEBUG(SSSDBG_OP_FAILURE,
145 : "sss_atomic_write_s() failed (%d): %s\n",
146 : ret, strerror(ret));
147 0 : goto done;
148 0 : } else if (ret == EPIPE) {
149 0 : ret = EOK;
150 0 : goto done;
151 : }
152 : }
153 0 : if (fds[i].revents & POLLHUP) {
154 0 : ret = EOK;
155 0 : goto done;
156 : }
157 : }
158 0 : }
159 :
160 : done:
161 0 : if (sock >= 0) close(sock);
162 :
163 0 : return ret;
164 : }
165 :
166 : /* connect to server using proxy command */
167 : static int
168 0 : connect_proxy_command(char **args)
169 : {
170 : int ret;
171 :
172 0 : execv(args[0], (char * const *)args);
173 :
174 0 : ret = errno;
175 0 : DEBUG(SSSDBG_OP_FAILURE, "execv() failed (%d): %s\n",
176 : ret, strerror(ret));
177 :
178 0 : return ret;
179 : }
180 :
181 0 : int main(int argc, const char **argv)
182 : {
183 0 : TALLOC_CTX *mem_ctx = NULL;
184 0 : int pc_debug = SSSDBG_DEFAULT;
185 0 : int pc_port = 22;
186 0 : const char *pc_domain = NULL;
187 0 : const char *pc_host = NULL;
188 0 : const char **pc_args = NULL;
189 0 : struct poptOption long_options[] = {
190 : POPT_AUTOHELP
191 : { "debug", '\0', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &pc_debug, 0,
192 0 : _("The debug level to run with"), NULL },
193 : { "port", 'p', POPT_ARG_INT, &pc_port, 0,
194 0 : _("The port to use to connect to the host"), NULL },
195 : { "domain", 'd', POPT_ARG_STRING, &pc_domain, 0,
196 0 : _("The SSSD domain to use"), NULL },
197 : POPT_TABLEEND
198 : };
199 0 : poptContext pc = NULL;
200 : char strport[6];
201 : struct addrinfo ai_hint;
202 0 : struct addrinfo *ai = NULL;
203 : char canonhost[NI_MAXHOST];
204 0 : const char *host = NULL;
205 : struct sss_ssh_ent *ent;
206 : int ret;
207 :
208 0 : debug_prg_name = argv[0];
209 :
210 0 : ret = set_locale();
211 0 : if (ret != EOK) {
212 0 : DEBUG(SSSDBG_CRIT_FAILURE,
213 : "set_locale() failed (%d): %s\n", ret, strerror(ret));
214 0 : ret = EXIT_FAILURE;
215 0 : goto fini;
216 : }
217 :
218 0 : mem_ctx = talloc_new(NULL);
219 0 : if (!mem_ctx) {
220 0 : DEBUG(SSSDBG_CRIT_FAILURE, "Not enough memory\n");
221 0 : ret = EXIT_FAILURE;
222 0 : goto fini;
223 : }
224 :
225 : /* parse parameters */
226 0 : pc = poptGetContext(NULL, argc, argv, long_options, 0);
227 0 : poptSetOtherOptionHelp(pc, "HOST [PROXY_COMMAND]");
228 0 : while ((ret = poptGetNextOpt(pc)) > 0)
229 : ;
230 :
231 0 : DEBUG_INIT(pc_debug);
232 :
233 0 : if (ret != -1) {
234 0 : BAD_POPT_PARAMS(pc, poptStrerror(ret), ret, fini);
235 : }
236 :
237 0 : if (pc_port < 1 || pc_port > 65535) {
238 0 : BAD_POPT_PARAMS(pc, _("Invalid port\n"), ret, fini);
239 : }
240 :
241 0 : pc_host = poptGetArg(pc);
242 0 : if (pc_host == NULL) {
243 0 : BAD_POPT_PARAMS(pc, _("Host not specified\n"), ret, fini);
244 : }
245 :
246 0 : pc_args = poptGetArgs(pc);
247 0 : if (pc_args && pc_args[0] && pc_args[0][0] != '/') {
248 0 : BAD_POPT_PARAMS(pc,
249 : _("The path to the proxy command must be absolute\n"),
250 : ret, fini);
251 : }
252 :
253 : /* canonicalize hostname */
254 0 : snprintf(strport, 6, "%d", pc_port);
255 :
256 0 : memset(&ai_hint, 0, sizeof(struct addrinfo));
257 0 : ai_hint.ai_family = AF_UNSPEC;
258 0 : ai_hint.ai_socktype = SOCK_STREAM;
259 0 : ai_hint.ai_protocol = IPPROTO_TCP;
260 0 : ai_hint.ai_flags = AI_ADDRCONFIG | AI_NUMERICHOST | AI_NUMERICSERV;
261 :
262 0 : ret = getaddrinfo(pc_host, strport, &ai_hint, &ai);
263 0 : if (ret) {
264 0 : ai_hint.ai_flags = AI_ADDRCONFIG | AI_CANONNAME | AI_NUMERICSERV;
265 :
266 0 : ret = getaddrinfo(pc_host, strport, &ai_hint, &ai);
267 0 : if (ret) {
268 0 : DEBUG(SSSDBG_OP_FAILURE,
269 : "getaddrinfo() failed (%d): %s\n", ret, gai_strerror(ret));
270 : } else {
271 0 : host = ai[0].ai_canonname;
272 : }
273 : } else {
274 0 : ret = getnameinfo(ai[0].ai_addr, ai[0].ai_addrlen,
275 : canonhost, NI_MAXHOST, NULL, 0, NI_NAMEREQD);
276 0 : if (ret) {
277 0 : DEBUG(SSSDBG_OP_FAILURE,
278 : "getnameinfo() failed (%d): %s\n", ret, gai_strerror(ret));
279 : } else {
280 0 : host = canonhost;
281 : }
282 : }
283 :
284 0 : if (host) {
285 : /* look up public keys */
286 0 : ret = sss_ssh_get_ent(mem_ctx, SSS_SSH_GET_HOST_PUBKEYS,
287 : host, pc_domain, pc_host, &ent);
288 0 : if (ret != EOK) {
289 0 : DEBUG(SSSDBG_OP_FAILURE,
290 : "sss_ssh_get_ent() failed (%d): %s\n", ret, strerror(ret));
291 : }
292 : }
293 :
294 : /* connect to server */
295 0 : if (pc_args) {
296 0 : ret = connect_proxy_command(discard_const(pc_args));
297 0 : } else if (ai) {
298 0 : ret = connect_socket(ai[0].ai_family, ai[0].ai_addr, ai[0].ai_addrlen);
299 : } else {
300 0 : ret = EFAULT;
301 : }
302 0 : ret = (ret == EOK) ? EXIT_SUCCESS : EXIT_FAILURE;
303 :
304 : fini:
305 0 : poptFreeContext(pc);
306 0 : if (ai) freeaddrinfo(ai);
307 0 : talloc_free(mem_ctx);
308 :
309 0 : return ret;
310 : }
|
