/* * stunnel TLS offloading and load-balancing proxy * Copyright (C) 1998-2017 Michal Trojnara * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your * option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * See the GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, see . * * Linking stunnel statically or dynamically with other modules is making * a combined work based on stunnel. Thus, the terms and conditions of * the GNU General Public License cover the whole combination. * * In addition, as a special exception, the copyright holder of stunnel * gives you permission to combine stunnel with free software programs or * libraries that are released under the GNU LGPL and with code included * in the standard release of OpenSSL under the OpenSSL License (or * modified versions of such code, with unchanged license). You may copy * and distribute such a system following the terms of the GNU GPL for * stunnel and the licenses of the other code concerned. * * Note that people who make modified versions of stunnel are not obligated * to grant this special exception for their modified versions; it is their * choice whether to do so. The GNU General Public License gives permission * to release a modified version without this exception; this exception * also makes it possible to release a modified version which carries * forward this exception. */ #include "common.h" #include "prototypes.h" /* http://www.openssl.org/support/faq.html#PROG2 */ #ifdef USE_WIN32 #ifdef __GNUC__ #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wpedantic" #endif /* __GNUC__ */ #include #ifdef __GNUC__ #pragma GCC diagnostic pop #endif /* __GNUC__ */ #endif /* USE_WIN32 */ /**************************************** prototypes */ #ifdef __INNOTEK_LIBC__ struct sockaddr_un { u_char sun_len; /* sockaddr len including null */ u_char sun_family; /* AF_OS2 or AF_UNIX */ char sun_path[108]; /* path name */ }; #endif NOEXPORT int accept_connection(SERVICE_OPTIONS *, unsigned); NOEXPORT void unbind_port(SERVICE_OPTIONS *, unsigned); NOEXPORT SOCKET bind_port(SERVICE_OPTIONS *, int, unsigned); #ifdef HAVE_CHROOT NOEXPORT int change_root(void); #endif NOEXPORT int signal_pipe_init(void); NOEXPORT int signal_pipe_dispatch(void); #ifdef USE_FORK NOEXPORT void client_status(void); /* dead children detected */ #endif NOEXPORT char *signal_name(int); /**************************************** global variables */ static SOCKET signal_pipe[2]={INVALID_SOCKET, INVALID_SOCKET}; #ifndef USE_FORK long max_clients=0; /* -1 before a valid config is loaded, then the current number of clients */ volatile long num_clients=-1; #endif s_poll_set *fds; /* file descriptors of listening sockets */ int systemd_fds; /* number of file descriptors passed by systemd */ int listen_fds_start; /* base for systemd-provided file descriptors */ /**************************************** startup */ void main_init() { /* one-time initialization */ #ifdef USE_SYSTEMD int i; systemd_fds=sd_listen_fds(1); if(systemd_fds<0) fatal("systemd initialization failed"); listen_fds_start=SD_LISTEN_FDS_START; /* set non-blocking mode on systemd file descriptors */ for(i=0; i0) s_log(LOG_INFO, "Systemd socket activation: %d descriptors received", systemd_fds); } /* return values: 0 - configuration accepted 1 - error 2 - information printed */ /* configuration-dependent initialization */ int main_configure(char *arg1, char *arg2) { int cmdline_status; cmdline_status=options_cmdline(arg1, arg2); if(cmdline_status) /* cannot proceed */ return cmdline_status; options_apply(); str_canary_init(); /* needs prng initialization from options_cmdline */ #if !defined(USE_WIN32) && !defined(__vms) /* syslog_open() must be called before change_root() * to be able to access /dev/log socket */ syslog_open(); #endif /* !defined(USE_WIN32) && !defined(__vms) */ if(bind_ports()) return 1; #ifdef HAVE_CHROOT /* change_root() must be called before drop_privileges() * since chroot() needs root privileges */ if(change_root()) return 1; #endif /* HAVE_CHROOT */ if(drop_privileges(1)) return 1; /* log_open() must be called after drop_privileges() * or logfile rotation won't be possible */ /* log_open() must be called before daemonize() * since daemonize() invalidates stderr */ if(log_open()) return 1; #ifndef USE_FORK num_clients=0; /* the first valid config */ #endif return 0; } int drop_privileges(int critical) { #if defined(USE_WIN32) || defined(__vms) || defined(USE_OS2) (void)critical; /* squash the unused parameter warning */ #else #ifdef HAVE_SETGROUPS gid_t gr_list[1]; #endif /* set uid and gid */ if(service_options.gid) { if(setgid(service_options.gid) && critical) { sockerror("setgid"); return 1; } #ifdef HAVE_SETGROUPS gr_list[0]=service_options.gid; if(setgroups(1, gr_list) && critical) { sockerror("setgroups"); return 1; } #endif } if(service_options.uid) { if(setuid(service_options.uid) && critical) { sockerror("setuid"); return 1; } } #endif /* standard Unix */ return 0; } void main_cleanup() { unbind_ports(); s_poll_free(fds); fds=NULL; #if 0 str_stats(); /* main thread allocation tracking */ #endif log_flush(LOG_MODE_ERROR); #if !defined(USE_WIN32) && !defined(__vms) syslog_close(); #endif /* !defined(USE_WIN32) && !defined(__vms) */ } /**************************************** Unix-specific initialization */ #ifndef USE_WIN32 #ifdef USE_FORK NOEXPORT void client_status(void) { /* dead children detected */ int pid, status; #ifdef HAVE_WAIT_FOR_PID while((pid=wait_for_pid(-1, &status, WNOHANG))>0) { #else if((pid=wait(&status))>0) { #endif #ifdef WIFSIGNALED if(WIFSIGNALED(status)) { char *sig_name=signal_name(WTERMSIG(status)); s_log(LOG_DEBUG, "Process %d terminated on %s", pid, sig_name); str_free(sig_name); } else { s_log(LOG_DEBUG, "Process %d finished with code %d", pid, WEXITSTATUS(status)); } } #else s_log(LOG_DEBUG, "Process %d finished with code %d", pid, status); } #endif } #endif /* defined USE_FORK */ #ifndef USE_OS2 void child_status(void) { /* dead libwrap or 'exec' process detected */ int pid, status; #ifdef HAVE_WAIT_FOR_PID while((pid=wait_for_pid(-1, &status, WNOHANG))>0) { #else if((pid=wait(&status))>0) { #endif #ifdef WIFSIGNALED if(WIFSIGNALED(status)) { char *sig_name=signal_name(WTERMSIG(status)); s_log(LOG_INFO, "Child process %d terminated on %s", pid, sig_name); str_free(sig_name); } else { s_log(LOG_INFO, "Child process %d finished with code %d", pid, WEXITSTATUS(status)); } #else s_log(LOG_INFO, "Child process %d finished with status %d", pid, status); #endif } } #endif /* !defined(USE_OS2) */ #endif /* !defined(USE_WIN32) */ /**************************************** main loop accepting connections */ void daemon_loop(void) { if(cron_init()) /* initialize periodic events */ fatal("Cron initialization failed"); while(1) { int temporary_lack_of_resources=0; int num=s_poll_wait(fds, -1, -1); if(num>=0) { SERVICE_OPTIONS *opt; s_log(LOG_DEBUG, "Found %d ready file descriptor(s)", num); if(service_options.log_level>=LOG_DEBUG) /* performance optimization */ s_poll_dump(fds, LOG_DEBUG); if(s_poll_canread(fds, signal_pipe[0])) if(signal_pipe_dispatch()) /* SIGNAL_TERMINATE or error */ break; /* terminate daemon_loop */ for(opt=service_options.next; opt; opt=opt->next) { unsigned i; for(i=0; ilocal_addr.num; ++i) if(s_poll_canread(fds, opt->local_addr.fd[i])) if(accept_connection(opt, i)) temporary_lack_of_resources=1; } } else { log_error(LOG_NOTICE, get_last_socket_error(), "daemon_loop: s_poll_wait"); temporary_lack_of_resources=1; } if(temporary_lack_of_resources) { s_log(LOG_NOTICE, "Accepting new connections suspended for 1 second"); sleep(1); /* to avoid log trashing */ } } } /* return 1 when a short delay is needed before another try */ NOEXPORT int accept_connection(SERVICE_OPTIONS *opt, unsigned i) { SOCKADDR_UNION addr; char *from_address; SOCKET s, fd=opt->local_addr.fd[i]; socklen_t addrlen; addrlen=sizeof addr; for(;;) { s=s_accept(fd, &addr.sa, &addrlen, 1, "local socket"); if(s!=INVALID_SOCKET) /* success! */ break; switch(get_last_socket_error()) { case S_EINTR: /* interrupted by a signal */ break; /* retry now */ case S_EMFILE: #ifdef S_ENFILE case S_ENFILE: #endif #ifdef S_ENOBUFS case S_ENOBUFS: #endif #ifdef S_ENOMEM case S_ENOMEM: #endif return 1; /* temporary lack of resources */ default: return 0; /* any other error */ } } from_address=s_ntop(&addr, addrlen); s_log(LOG_DEBUG, "Service [%s] accepted (FD=%ld) from %s", opt->servname, (long)s, from_address); str_free(from_address); #ifdef USE_FORK RAND_add("", 1, 0.0); /* each child needs a unique entropy pool */ #else if(max_clients && num_clients>=max_clients) { s_log(LOG_WARNING, "Connection rejected: too many clients (>=%ld)", max_clients); closesocket(s); return 0; } #endif if(create_client(fd, s, alloc_client_session(opt, s, s), client_thread)) { s_log(LOG_ERR, "Connection rejected: create_client failed"); closesocket(s); return 0; } return 0; } /**************************************** initialization helpers */ /* clear fds, close old ports */ void unbind_ports(void) { SERVICE_OPTIONS *opt; s_poll_init(fds); s_poll_add(fds, signal_pipe[0], 1, 0); for(opt=service_options.next; opt; opt=opt->next) { unsigned i; s_log(LOG_DEBUG, "Unbinding service [%s]", opt->servname); for(i=0; ilocal_addr.num; ++i) unbind_port(opt, i); /* exec+connect service */ if(opt->exec_name && opt->connect_addr.names) { /* create exec+connect services */ /* FIXME: this is just a crude workaround */ /* is it better to kill the service? */ opt->option.retry=0; } /* purge session cache of the old SSL_CTX object */ /* this workaround won't be needed anymore after */ /* delayed deallocation calls SSL_CTX_free() */ if(opt->ctx) SSL_CTX_flush_sessions(opt->ctx, (long)time(NULL)+opt->session_timeout+1); s_log(LOG_DEBUG, "Service [%s] closed", opt->servname); } } NOEXPORT void unbind_port(SERVICE_OPTIONS *opt, unsigned i) { SOCKET fd=opt->local_addr.fd[i]; SOCKADDR_UNION *addr=opt->local_addr.addr+i; #ifdef HAVE_STRUCT_SOCKADDR_UN struct stat sb; /* buffer for lstat() */ #endif if(fd==INVALID_SOCKET) return; opt->local_addr.fd[i]=INVALID_SOCKET; if(fd<(SOCKET)listen_fds_start || fd>=(SOCKET)(listen_fds_start+systemd_fds)) closesocket(fd); s_log(LOG_DEBUG, "Service [%s] closed (FD=%ld)", opt->servname, (long)fd); #ifdef HAVE_STRUCT_SOCKADDR_UN if(addr->sa.sa_family==AF_UNIX) { if(lstat(addr->un.sun_path, &sb)) sockerror(addr->un.sun_path); else if(!S_ISSOCK(sb.st_mode)) s_log(LOG_ERR, "Not a socket: %s", addr->un.sun_path); else if(unlink(addr->un.sun_path)) sockerror(addr->un.sun_path); else s_log(LOG_DEBUG, "Socket removed: %s", addr->un.sun_path); } #endif } /* open new ports, update fds */ int bind_ports(void) { SERVICE_OPTIONS *opt; int listening_section; #ifdef USE_LIBWRAP /* execute after options_cmdline() to know service_options.next, * but as early as possible to avoid leaking file descriptors */ /* retry on each bind_ports() in case stunnel.conf was reloaded without "libwrap = no" */ libwrap_init(); #endif /* USE_LIBWRAP */ s_poll_init(fds); s_poll_add(fds, signal_pipe[0], 1, 0); /* allow clean unbind_ports() even though bind_ports() was not fully performed */ for(opt=service_options.next; opt; opt=opt->next) { unsigned i; for(i=0; ilocal_addr.num; ++i) opt->local_addr.fd[i]=INVALID_SOCKET; } listening_section=0; for(opt=service_options.next; opt; opt=opt->next) { unsigned i; s_log(LOG_DEBUG, "Binding service [%s]", opt->servname); for(i=0; ilocal_addr.num; ++i) { SOCKET fd; fd=bind_port(opt, listening_section, i); if(fd==INVALID_SOCKET) return 1; s_poll_add(fds, fd, 1, 0); opt->local_addr.fd[i]=fd; } if(opt->local_addr.num) ++listening_section; /* create exec+connect services */ if(opt->exec_name && opt->connect_addr.names) { /* FIXME: needs to be delayed on reload with opt->option.retry set */ create_client(INVALID_SOCKET, INVALID_SOCKET, alloc_client_session(opt, INVALID_SOCKET, INVALID_SOCKET), client_thread); } } if(listening_sectionlocal_addr.addr+i; char *local_address; #ifdef HAVE_STRUCT_SOCKADDR_UN struct stat sb; /* buffer for lstat() */ #endif if(listening_sectionsa.sa_family, SOCK_STREAM, 0, 1, "accept socket"); if(fd==INVALID_SOCKET) return INVALID_SOCKET; s_log(LOG_DEBUG, "Listening file descriptor created (FD=%ld)", (long)fd); } if(set_socket_options(fd, 0)<0) { closesocket(fd); return INVALID_SOCKET; } /* local socket can't be unnamed */ local_address=s_ntop(addr, addr_len(addr)); /* we don't bind or listen on a socket inherited from systemd */ if(listening_section>=systemd_fds) { if(bind(fd, &addr->sa, addr_len(addr))) { sockerror("bind"); s_log(LOG_ERR, "Error binding service [%s] to %s", opt->servname, local_address); str_free(local_address); closesocket(fd); return INVALID_SOCKET; } if(listen(fd, SOMAXCONN)) { sockerror("listen"); str_free(local_address); closesocket(fd); return INVALID_SOCKET; } } #ifdef HAVE_STRUCT_SOCKADDR_UN /* chown the UNIX socket, errors are ignored */ if(addr->sa.sa_family==AF_UNIX && (opt->uid || opt->gid)) { /* fchown() does *not* work on UNIX sockets */ if(!lchown(addr->un.sun_path, opt->uid, opt->gid)) s_log(LOG_DEBUG, "Socket chown succeeded: %s, UID=%u, GID=%u", addr->un.sun_path, (unsigned)opt->uid, (unsigned)opt->gid); else if(lstat(addr->un.sun_path, &sb)) sockerror(addr->un.sun_path); else if(sb.st_uid==opt->uid && sb.st_gid==opt->gid) s_log(LOG_DEBUG, "Socket chown unneeded: %s, UID=%u, GID=%u", addr->un.sun_path, (unsigned)opt->uid, (unsigned)opt->gid); else s_log(LOG_ERR, "Socket chown failed: %s, UID=%u, GID=%u", addr->un.sun_path, (unsigned)opt->uid, (unsigned)opt->gid); } #endif s_log(LOG_DEBUG, "Service [%s] (FD=%ld) bound to %s", opt->servname, (long)fd, local_address); str_free(local_address); return fd; } #ifdef HAVE_CHROOT NOEXPORT int change_root(void) { if(!global_options.chroot_dir) return 0; if(chroot(global_options.chroot_dir)) { sockerror("chroot"); return 1; } if(chdir("/")) { sockerror("chdir"); return 1; } return 0; } #endif /* HAVE_CHROOT */ /**************************************** signal pipe handling */ NOEXPORT int signal_pipe_init(void) { #ifdef USE_WIN32 if(make_sockets(signal_pipe)) return 1; #elif defined(__INNOTEK_LIBC__) /* Innotek port of GCC can not use select on a pipe: * use local socket instead */ struct sockaddr_un un; fd_set set_pipe; int pipe_in; FD_ZERO(&set_pipe); signal_pipe[0]=s_socket(PF_OS2, SOCK_STREAM, 0, 0, "socket#1"); signal_pipe[1]=s_socket(PF_OS2, SOCK_STREAM, 0, 0, "socket#2"); /* connect the two endpoints */ memset(&un, 0, sizeof un); un.sun_len=sizeof un; un.sun_family=AF_OS2; sprintf(un.sun_path, "\\socket\\stunnel-%u", getpid()); /* make the first endpoint listen */ bind(signal_pipe[0], (struct sockaddr *)&un, sizeof un); listen(signal_pipe[0], 1); connect(signal_pipe[1], (struct sockaddr *)&un, sizeof un); FD_SET(signal_pipe[0], &set_pipe); if(select(signal_pipe[0]+1, &set_pipe, NULL, NULL, NULL)>0) { pipe_in=signal_pipe[0]; signal_pipe[0]=s_accept(signal_pipe[0], NULL, 0, 0, "accept"); closesocket(pipe_in); } else { sockerror("select"); return 1; } #else /* Unix */ if(s_pipe(signal_pipe, 1, "signal_pipe")) return 1; #endif /* USE_WIN32 */ return 0; } #ifdef __GNUC__ #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wunused-result" #endif /* __GNUC__ */ void signal_post(int sig) { /* no meaningful way here to handle the result */ writesocket(signal_pipe[1], (char *)&sig, sizeof sig); } #ifdef __GNUC__ #pragma GCC diagnostic pop #endif /* __GNUC__ */ NOEXPORT int signal_pipe_dispatch(void) { static int sig; static size_t ptr=0; ssize_t num; char *sig_name; s_log(LOG_DEBUG, "Dispatching signals from the signal pipe"); for(;;) { num=readsocket(signal_pipe[0], (char *)&sig+ptr, sizeof sig-ptr); if(num==-1 && get_last_socket_error()==S_EWOULDBLOCK) { s_log(LOG_DEBUG, "Signal pipe is empty"); return 0; } if(num==-1 || num==0) { if(num) sockerror("signal pipe read"); else s_log(LOG_ERR, "Signal pipe closed"); s_poll_remove(fds, signal_pipe[0]); closesocket(signal_pipe[0]); closesocket(signal_pipe[1]); if(signal_pipe_init()) { s_log(LOG_ERR, "Signal pipe reinitialization failed; terminating"); return 1; } s_poll_add(fds, signal_pipe[0], 1, 0); s_log(LOG_ERR, "Signal pipe reinitialized"); return 0; } ptr+=(size_t)num; if(ptr