├── tests ├── psk.txt ├── rev.c └── run.c ├── .dir-locals.el ├── .travis.script ├── .travis.docker ├── bin ├── hex.h ├── exe.h ├── non.h ├── opt.h ├── hex.c ├── exe.c ├── non.c ├── opt.c └── main.c ├── lib ├── idx.h ├── core.h ├── tlssock.h ├── core.c ├── locks.h ├── tls.h ├── locks.c ├── idx.c ├── tls-openssl.c ├── tls-gnutls.c └── tlssock.c ├── .travis.install ├── README.md ├── workflow.dot ├── .travis.yml ├── meson.build ├── LICENSE └── COPYING /tests/psk.txt: -------------------------------------------------------------------------------- 1 | foo:7df28f5439b5a051cc138b6e12128264 2 | -------------------------------------------------------------------------------- /.dir-locals.el: -------------------------------------------------------------------------------- 1 | ;;; Emacs configuration for project style 2 | ;;; 3 | ;;; Emacs doesn't support vim modeline magic, and file-local variables are 4 | ;;; either the first line of the file (which vim is already using) or very 5 | ;;; verbose at the end of the file. 6 | 7 | ((nil 8 | (fill-column . 78) 9 | (c-basic-offset . 2)) 10 | (c-mode 11 | (indent-tabs-mode)) 12 | (meson-mode 13 | (meson-indent-basic . 2)) 14 | (sh-mode 15 | (sh-basic-offset . 2)) 16 | (yaml-mode 17 | (yaml-indent-offset . 2))) 18 | -------------------------------------------------------------------------------- /.travis.script: -------------------------------------------------------------------------------- 1 | #!/bin/bash -ex 2 | 3 | function findexe() { 4 | while [ $# -gt 0 ]; do 5 | while read -d: path; do 6 | [ -f "$path/$1" -a -x "$path/$1" ] && echo "$path/$1" && return 0 7 | done <<< "$PATH:" 8 | shift 9 | done 10 | return 1 11 | } 12 | 13 | LC_ALL=`locale -a | grep -i '^en_US\.utf'` || LC_ALL=`locale -a | grep -i '^c\.utf'` 14 | export LC_ALL 15 | 16 | mkdir build 17 | cd build 18 | 19 | if ! CFLAGS="-g -coverage" meson ..; then 20 | cat build/meson-logs/meson-log.txt >&2 21 | exit 1 22 | fi 23 | 24 | ninja=`findexe ninja ninja-build` 25 | "$ninja" test 26 | 27 | curl -s https://codecov.io/bash | sed 's|execdir|exec|' | bash -s -- -a -r 28 | -------------------------------------------------------------------------------- /.travis.docker: -------------------------------------------------------------------------------- 1 | #!/bin/bash -ex 2 | 3 | case "$1" in 4 | before_install) 5 | if [ "$TRAVIS_OS_NAME" == "linux" ]; then 6 | echo '{"ipv6":true,"fixed-cidr-v6":"2001:db8:1::/64"}' \ 7 | | sudo tee /etc/docker/daemon.json 8 | sudo service docker restart 9 | 10 | docker create \ 11 | --name=$TRAVIS_COMMIT -t \ 12 | -v `pwd`:/tmp/build \ 13 | -w /tmp/build \ 14 | $DISTRO /bin/cat 15 | docker start $TRAVIS_COMMIT 16 | fi 17 | ;; 18 | 19 | after_script) 20 | if [ "$TRAVIS_OS_NAME" == "linux" ]; then 21 | docker kill $TRAVIS_COMMIT 22 | docker rm $TRAVIS_COMMIT 23 | fi 24 | ;; 25 | 26 | *) 27 | if [ -x ./.travis.$1 ]; then 28 | if [ "$TRAVIS_OS_NAME" == "linux" ]; then 29 | docker exec \ 30 | `bash <(curl -s https://codecov.io/env)` \ 31 | -e CC -e DISTRO \ 32 | $TRAVIS_COMMIT ./.travis.$1 33 | else 34 | ./.travis.$1 35 | fi 36 | fi 37 | ;; 38 | esac 39 | -------------------------------------------------------------------------------- /bin/hex.h: -------------------------------------------------------------------------------- 1 | /* vim: set tabstop=8 shiftwidth=2 softtabstop=2 expandtab smarttab colorcolumn=80: */ 2 | /* 3 | * Copyright 2018 Red Hat, Inc. 4 | * 5 | * Author: Nathaniel McCallum 6 | * 7 | * This library is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU Lesser General Public 9 | * License as published by the Free Software Foundation; either 10 | * version 2.1 of the License, or (at your option) any later version. 11 | * 12 | * This library is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | * Lesser General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public 18 | * License along with this library; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 | */ 21 | 22 | #pragma once 23 | 24 | #include 25 | #include 26 | #include 27 | 28 | bool 29 | hex2bin(const char *hex, uint8_t *bin, size_t len); 30 | -------------------------------------------------------------------------------- /lib/idx.h: -------------------------------------------------------------------------------- 1 | /* vim: set tabstop=8 shiftwidth=2 softtabstop=2 expandtab smarttab colorcolumn=80: */ 2 | /* 3 | * Copyright 2018 Red Hat, Inc. 4 | * 5 | * Author: Nathaniel McCallum 6 | * 7 | * This library is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU Lesser General Public 9 | * License as published by the Free Software Foundation; either 10 | * version 2.1 of the License, or (at your option) any later version. 11 | * 12 | * This library is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | * Lesser General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public 18 | * License along with this library; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 | */ 21 | 22 | #pragma once 23 | 24 | #include "tls.h" 25 | #include 26 | 27 | bool 28 | idx_set(int fd, tls_t *tls, tls_t **already); 29 | 30 | tls_t * 31 | idx_get(int fd); 32 | 33 | bool 34 | idx_del(int fd); 35 | -------------------------------------------------------------------------------- /.travis.install: -------------------------------------------------------------------------------- 1 | #!/bin/bash -ex 2 | 3 | case "$DISTRO" in 4 | osx:*) 5 | brew update 6 | for pkg in gnutls openssl meson; do 7 | brew ls --versions $pkg || brew install $pkg 8 | brew outdated $pkg || brew upgrade $pkg || true 9 | done 10 | ;; 11 | 12 | debian:*|ubuntu:*) 13 | apt-get clean 14 | 15 | while ! apt-get update; do 16 | sleep 2 17 | done 18 | 19 | while ! apt-get -y \ 20 | -o Dpkg::Options::="--force-confdef" \ 21 | -o Dpkg::Options::="--force-confnew" \ 22 | dist-upgrade; do 23 | sleep 2 24 | done 25 | 26 | while ! apt-get -y install build-essential $CC meson git pkg-config \ 27 | libssl-dev openssl \ 28 | libgnutls28-dev gnutls-bin \ 29 | ncat socat curl; do 30 | sleep 2 31 | done 32 | ;; 33 | 34 | fedora:*) 35 | dnf -y clean all 36 | dnf -y --setopt=deltarpm=0 update 37 | dnf -y install $CC meson git $CC pkgconfig findutils \ 38 | openssl-devel openssl \ 39 | gnutls-devel gnutls-utils \ 40 | nmap-ncat socat curl 41 | ;; 42 | esac 43 | 44 | echo -e "127.0.0.1\tlocalhost4" >> /etc/hosts 45 | echo -e "::1\tlocalhost6" >> /etc/hosts 46 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [![Build Status](https://travis-ci.org/enarx/tlssock.svg?branch=master)](https://travis-ci.org/enarx/tlssock) 2 | [![Code Coverage](https://codecov.io/gh/enarx/tlssock/branch/master/graph/badge.svg)](https://codecov.io/gh/enarx/tlssock) 3 | 4 | # TLSSock 5 | 6 | Welcome to TLSSock! 7 | 8 | TLSSock is a library which wraps the POSIX networking APIs 9 | in order to provide TLS and DTLS connectivity without invasive application 10 | restructuring. For example, you can write your application using normal TCP/IP 11 | sockets and then, with a few #ifdefs, convert your application to use TLS. 12 | 13 | This is accomplished by creating a new `PROT_TLS` protocol for the `socket()` 14 | system call. Any sockets created with this protocol will be encrypted using TLS. 15 | 16 | TLS requires additional configuration. This is accomplished by adding new 17 | protocol-level socket options for the `PROT_TLS` protocol. These options can 18 | be set using `setsockopt()`. 19 | 20 | # Workflow 21 | 22 | This directed graph demonstrats the order of calls in order to get a working 23 | TLS connection on either the server-side or the client-side. Grey function calls 24 | are optional and will depend on your application's needs. 25 | 26 | ![Workflow](https://g.gravizo.com/source/svg?https%3A%2F%2Fraw.githubusercontent.com%2Fenarx%2Ftlssock%2Fmaster%2Fworkflow.dot) 27 | -------------------------------------------------------------------------------- /bin/exe.h: -------------------------------------------------------------------------------- 1 | /* vim: set tabstop=8 shiftwidth=2 softtabstop=2 expandtab smarttab colorcolumn=80: */ 2 | /* 3 | * Copyright 2018 Red Hat, Inc. 4 | * 5 | * Author: Nathaniel McCallum 6 | * 7 | * This library is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU Lesser General Public 9 | * License as published by the Free Software Foundation; either 10 | * version 2.1 of the License, or (at your option) any later version. 11 | * 12 | * This library is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | * Lesser General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public 18 | * License along with this library; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 | */ 21 | 22 | #pragma once 23 | 24 | #include 25 | 26 | #define exe_auto_t exe_t __attribute__((cleanup(exe_cleanup))) 27 | 28 | typedef struct exe exe_t; 29 | 30 | exe_t * 31 | exe_run(const char *cmd, bool shell, int socktype); 32 | 33 | int 34 | exe_fd(const exe_t *exe); 35 | 36 | int 37 | exe_shutdown(exe_t *exe); 38 | 39 | void 40 | exe_cleanup(exe_t **exe); 41 | -------------------------------------------------------------------------------- /bin/non.h: -------------------------------------------------------------------------------- 1 | /* vim: set tabstop=8 shiftwidth=2 softtabstop=2 expandtab smarttab colorcolumn=80: */ 2 | /* 3 | * Copyright 2018 Red Hat, Inc. 4 | * 5 | * Author: Nathaniel McCallum 6 | * 7 | * This library is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU Lesser General Public 9 | * License as published by the Free Software Foundation; either 10 | * version 2.1 of the License, or (at your option) any later version. 11 | * 12 | * This library is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | * Lesser General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public 18 | * License along with this library; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 | */ 21 | 22 | #pragma once 23 | 24 | #include 25 | #include 26 | 27 | int 28 | non_accept(int sockfd, struct sockaddr *addr, socklen_t *addrlen); 29 | 30 | int 31 | non_connect(int fd, const struct sockaddr *addr, socklen_t addrlen); 32 | 33 | int 34 | non_setsockopt(int fd, int level, int name, const void *val, socklen_t len); 35 | 36 | ssize_t 37 | non_write(int fd, void *buf, size_t len); 38 | -------------------------------------------------------------------------------- /lib/core.h: -------------------------------------------------------------------------------- 1 | /* vim: set tabstop=8 shiftwidth=2 softtabstop=2 expandtab smarttab colorcolumn=80: */ 2 | /* 3 | * Copyright 2018 Red Hat, Inc. 4 | * 5 | * Author: Nathaniel McCallum 6 | * 7 | * This library is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU Lesser General Public 9 | * License as published by the Free Software Foundation; either 10 | * version 2.1 of the License, or (at your option) any later version. 11 | * 12 | * This library is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | * Lesser General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public 18 | * License along with this library; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 | */ 21 | 22 | #pragma once 23 | 24 | #include 25 | #include 26 | 27 | #define __str(s) #s 28 | #define _str(s) __str(s) 29 | #define NEXT(name) ((typeof(name) *) dlsym(RTLD_NEXT, _str(name))) 30 | 31 | bool 32 | is_tls_domain(int domain); 33 | 34 | bool 35 | is_tls_type(int type); 36 | 37 | bool 38 | is_tls_inner_protocol(int protocol); 39 | 40 | int 41 | getsockopt_int(int fd, int level, int optname, int *optval); 42 | -------------------------------------------------------------------------------- /workflow.dot: -------------------------------------------------------------------------------- 1 | digraph Workflow { 2 | compound=true; 3 | node [style=rounded, shape=box]; 4 | 5 | subgraph cluster_info { 6 | node [style="rounded,filled", shape=box]; 7 | edge [style=invis]; 8 | label=Info; 9 | 10 | "getsockopt(TLS_SELF_NAME)" -> "getsockopt(TLS_SELF_CERT)"; 11 | "getsockopt(TLS_PEER_NAME)" -> "getsockopt(TLS_PEER_CERT)"; 12 | } 13 | 14 | subgraph cluster_io { 15 | node [style="rounded,filled", shape=box]; 16 | label=IO; 17 | 18 | "write()"; 19 | "send()"; 20 | "recv()"; 21 | "read()"; 22 | } 23 | 24 | subgraph cluster_srv { 25 | label=Server; 26 | 27 | "bind()" -> "listen()"; 28 | 29 | "listen()" -> "accept()"; 30 | "accept()" -> "accept()" [label=" main loop "]; 31 | "accept()" -> "setsockopt(TLS_SRV_HANDSHAKE)" [label=" new connection "]; 32 | } 33 | 34 | subgraph cluster_clt { 35 | label=Client; 36 | 37 | "connect()" -> "setsockopt(TLS_CLT_HANDSHAKE)"; 38 | } 39 | 40 | "socket(AF_INET, SOCK_STREAM, IPPROTO_TLS)" -> "bind()"; 41 | "socket(AF_INET, SOCK_STREAM, IPPROTO_TLS)" -> "connect()"; 42 | 43 | "setsockopt(TLS_SRV_HANDSHAKE)" -> "recv()" [lhead=cluster_io]; 44 | "setsockopt(TLS_CLT_HANDSHAKE)" -> "send()" [lhead=cluster_io]; 45 | 46 | "write()" -> "getsockopt(TLS_SELF_NAME)" [ltail=cluster_io,lhead=cluster_info]; 47 | 48 | "getsockopt(TLS_SELF_CERT)" -> "close()" [ltail=cluster_info]; 49 | } 50 | -------------------------------------------------------------------------------- /bin/opt.h: -------------------------------------------------------------------------------- 1 | /* vim: set tabstop=8 shiftwidth=2 softtabstop=2 expandtab smarttab colorcolumn=80: */ 2 | /* 3 | * Copyright 2018 Red Hat, Inc. 4 | * 5 | * Author: Nathaniel McCallum 6 | * 7 | * This library is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU Lesser General Public 9 | * License as published by the Free Software Foundation; either 10 | * version 2.1 of the License, or (at your option) any later version. 11 | * 12 | * This library is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | * Lesser General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public 18 | * License along with this library; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 | */ 21 | 22 | #pragma once 23 | 24 | #include 25 | 26 | typedef struct { 27 | const char *host; 28 | const char *port; 29 | const char *exec; 30 | const char *psku; 31 | const char *pskk; 32 | 33 | bool listen : 1; 34 | bool block : 1; 35 | bool shell : 1; 36 | bool ipv4 : 1; 37 | bool ipv6 : 1; 38 | bool udp : 1; 39 | bool tls : 1; 40 | } options_t; 41 | 42 | bool 43 | opts_parse(options_t *opts, int argc, char **argv); 44 | -------------------------------------------------------------------------------- /lib/tlssock.h: -------------------------------------------------------------------------------- 1 | /* vim: set tabstop=8 shiftwidth=2 softtabstop=2 expandtab smarttab colorcolumn=80: */ 2 | /* 3 | * Copyright 2018 Red Hat, Inc. 4 | * 5 | * Author: Nathaniel McCallum 6 | * 7 | * This library is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU Lesser General Public 9 | * License as published by the Free Software Foundation; either 10 | * version 2.1 of the License, or (at your option) any later version. 11 | * 12 | * This library is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | * Lesser General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public 18 | * License along with this library; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 | */ 21 | 22 | #pragma once 23 | 24 | #include 25 | #include 26 | #include 27 | 28 | #define IPPROTO_TLS 253 29 | #define TLS_CLT_HANDSHAKE 1 30 | #define TLS_SRV_HANDSHAKE 2 31 | 32 | typedef struct { 33 | void *misc; 34 | 35 | ssize_t (*psk)(void *misc, char **username, uint8_t **key); 36 | } tls_clt_handshake_t; 37 | 38 | typedef struct { 39 | void *misc; 40 | 41 | ssize_t (*psk)(void *misc, const char *username, uint8_t **key); 42 | } tls_srv_handshake_t; 43 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2019 Red Hat 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | language: c 16 | 17 | #matrix: 18 | # include: 19 | # - osx_image: xcode9.4 20 | # compiler: clang 21 | # os: osx 22 | # env: 23 | # - DISTRO=osx:xcode9.4 24 | # - PKG_CONFIG_PATH=/usr/local/opt/openssl/lib/pkgconfig:/usr/local/opt/zlib/lib/pkgconfig 25 | # - osx_image: xcode10.1 26 | # compiler: clang 27 | # os: osx 28 | # env: 29 | # - DISTRO=osx:xcode10.1 30 | # - PKG_CONFIG_PATH=/usr/local/opt/openssl/lib/pkgconfig:/usr/local/opt/zlib/lib/pkgconfig 31 | 32 | compiler: 33 | - clang 34 | - gcc 35 | 36 | os: linux 37 | sudo: required 38 | services: docker 39 | env: 40 | matrix: 41 | - DISTRO=debian:unstable 42 | - DISTRO=fedora:rawhide 43 | - DISTRO=ubuntu:devel 44 | 45 | before_install: ./.travis.docker before_install 46 | install: ./.travis.docker install 47 | script: ./.travis.docker script 48 | after_script: ./.travis.docker after_script -------------------------------------------------------------------------------- /tests/rev.c: -------------------------------------------------------------------------------- 1 | /* vim: set tabstop=8 shiftwidth=2 softtabstop=2 expandtab smarttab colorcolumn=80: */ 2 | /* 3 | * Copyright 2018 Red Hat, Inc. 4 | * 5 | * Author: Nathaniel McCallum 6 | * 7 | * This library is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU Lesser General Public 9 | * License as published by the Free Software Foundation; either 10 | * version 2.1 of the License, or (at your option) any later version. 11 | * 12 | * This library is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | * Lesser General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public 18 | * License along with this library; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 | */ 21 | 22 | #include 23 | #include 24 | #include 25 | 26 | static void 27 | reverse(char *str, size_t len) 28 | { 29 | while (len > 0 && str[len - 1] == '\n') 30 | len--; 31 | 32 | if (len == 0) 33 | return; 34 | 35 | for (size_t f = 0, b = len - 1; f < b; f++, b--) { 36 | str[f] ^= str[b]; 37 | str[b] ^= str[f]; 38 | str[f] ^= str[b]; 39 | } 40 | } 41 | 42 | int 43 | main(int argc, char *argv[]) 44 | { 45 | while (1) { 46 | char buf[64 * 1024]; 47 | ssize_t r; 48 | 49 | memset(buf, 0, sizeof(buf)); 50 | 51 | r = read(STDIN_FILENO, buf, sizeof(buf) - 1); 52 | if (r == 0) 53 | return EXIT_SUCCESS; 54 | if (r < 0) 55 | return EXIT_FAILURE; 56 | 57 | reverse(buf, r); 58 | 59 | if (write(STDOUT_FILENO, buf, r) != r) 60 | return EXIT_FAILURE; 61 | } 62 | } 63 | -------------------------------------------------------------------------------- /lib/core.c: -------------------------------------------------------------------------------- 1 | /* vim: set tabstop=8 shiftwidth=2 softtabstop=2 expandtab smarttab colorcolumn=80: */ 2 | /* 3 | * Copyright 2018 Red Hat, Inc. 4 | * 5 | * Author: Nathaniel McCallum 6 | * 7 | * This library is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU Lesser General Public 9 | * License as published by the Free Software Foundation; either 10 | * version 2.1 of the License, or (at your option) any later version. 11 | * 12 | * This library is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | * Lesser General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public 18 | * License along with this library; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 | */ 21 | 22 | #include "core.h" 23 | #include "tlssock.h" 24 | 25 | #include 26 | #include 27 | #include 28 | 29 | bool 30 | is_tls_domain(int domain) 31 | { 32 | return domain == AF_INET || domain == AF_INET6; 33 | } 34 | 35 | bool 36 | is_tls_type(int type) 37 | { 38 | return type == SOCK_STREAM || type == SOCK_DGRAM; 39 | } 40 | 41 | bool 42 | is_tls_inner_protocol(int protocol) 43 | { 44 | return protocol == 0 || protocol == IPPROTO_TCP || protocol == IPPROTO_UDP; 45 | } 46 | 47 | int 48 | getsockopt_int(int fd, int level, int optname, int *optval) 49 | { 50 | socklen_t len = sizeof(*optval); 51 | int ret; 52 | 53 | ret = NEXT(getsockopt)(fd, level, optname, optval, &len); 54 | 55 | if (ret == 0 && len != sizeof(*optval)) { 56 | errno = EINVAL; // FIXME 57 | return -1; 58 | } 59 | 60 | return ret; 61 | } 62 | -------------------------------------------------------------------------------- /lib/locks.h: -------------------------------------------------------------------------------- 1 | /* vim: set tabstop=8 shiftwidth=2 softtabstop=2 expandtab smarttab colorcolumn=80: */ 2 | /* 3 | * Copyright 2018,2019 Red Hat, Inc. 4 | * 5 | * Author: Nathaniel McCallum & Robbie Harwood 6 | * 7 | * This library is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU Lesser General Public 9 | * License as published by the Free Software Foundation; either 10 | * version 2.1 of the License, or (at your option) any later version. 11 | * 12 | * This library is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | * Lesser General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public 18 | * License along with this library; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 | */ 21 | 22 | #pragma once 23 | 24 | #define rwhold_auto_t rwhold_t __attribute__((cleanup(rwhold_release))) 25 | #define hold_auto_t hold_t __attribute__((cleanup(hold_release))) 26 | 27 | /* Common infrastructure for scope-based locking. */ 28 | 29 | /* First, rwlocks! */ 30 | 31 | typedef struct rwlock rwlock_t; 32 | typedef struct rwhold rwhold_t; 33 | 34 | rwlock_t * 35 | rwlock_init(void); 36 | 37 | void 38 | rwlock_free(rwlock_t *lock); 39 | 40 | rwhold_t * 41 | rwlock_rdlock(rwlock_t *lock); 42 | 43 | rwhold_t * 44 | rwlock_wrlock(rwlock_t *lock); 45 | 46 | void 47 | rwhold_release(rwhold_t **hold); 48 | 49 | /* Then mutexes! */ 50 | 51 | typedef struct mutex mutex_t; 52 | typedef struct hold hold_t; 53 | 54 | mutex_t * 55 | mutex_init(void); 56 | 57 | void 58 | mutex_free(mutex_t *lock); 59 | 60 | hold_t * 61 | mutex_lock(mutex_t *lock); 62 | 63 | void 64 | hold_release(hold_t **hold); 65 | 66 | -------------------------------------------------------------------------------- /bin/hex.c: -------------------------------------------------------------------------------- 1 | /* vim: set tabstop=8 shiftwidth=2 softtabstop=2 expandtab smarttab colorcolumn=80: */ 2 | /* 3 | * Copyright 2018 Red Hat, Inc. 4 | * 5 | * Author: Nathaniel McCallum 6 | * 7 | * This library is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU Lesser General Public 9 | * License as published by the Free Software Foundation; either 10 | * version 2.1 of the License, or (at your option) any later version. 11 | * 12 | * This library is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | * Lesser General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public 18 | * License along with this library; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 | */ 21 | 22 | #include "hex.h" 23 | 24 | #include 25 | 26 | static uint8_t 27 | hex2low(uint8_t c) 28 | { 29 | static uint8_t table[UINT8_MAX] = { 30 | ['0'] = 1, ['1'] = 2, ['2'] = 3, ['3'] = 4, ['4'] = 5, 31 | ['5'] = 6, ['6'] = 7, ['7'] = 8, ['8'] = 9, ['9'] = 10, 32 | ['A'] = 11, ['B'] = 12, ['C'] = 13, ['D'] = 14, ['E'] = 15, ['F'] = 16, 33 | ['a'] = 11, ['b'] = 12, ['c'] = 13, ['d'] = 14, ['e'] = 15, ['f'] = 16, 34 | }; 35 | 36 | return table[c] - 1; 37 | } 38 | 39 | bool 40 | hex2bin(const char *hex, uint8_t *bin, size_t len) 41 | { 42 | if (strlen(hex) != len * 2) 43 | return false; 44 | 45 | for (size_t i = 0; i < len * 2; i += 2) { 46 | uint8_t h = hex2low(hex[i]); 47 | uint8_t l = hex2low(hex[i + 1]); 48 | 49 | if (h == UINT8_MAX || l == UINT8_MAX) 50 | return false; 51 | 52 | if (bin) 53 | bin[i / 2] = h << 4 | l; 54 | } 55 | 56 | return true; 57 | } 58 | -------------------------------------------------------------------------------- /lib/tls.h: -------------------------------------------------------------------------------- 1 | /* vim: set tabstop=8 shiftwidth=2 softtabstop=2 expandtab smarttab colorcolumn=80: */ 2 | /* 3 | * Copyright 2018 Red Hat, Inc. 4 | * 5 | * Author: Nathaniel McCallum 6 | * 7 | * This library is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU Lesser General Public 9 | * License as published by the Free Software Foundation; either 10 | * version 2.1 of the License, or (at your option) any later version. 11 | * 12 | * This library is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | * Lesser General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public 18 | * License along with this library; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 | */ 21 | 22 | #pragma once 23 | 24 | #include "tlssock.h" 25 | 26 | #include 27 | #include 28 | #include 29 | 30 | #define tls_auto_t tls_t __attribute__((cleanup(tls_cleanup))) 31 | 32 | typedef union { 33 | tls_clt_handshake_t clt; 34 | tls_srv_handshake_t srv; 35 | } tls_handshake_t; 36 | 37 | typedef union { 38 | tls_handshake_t handshake; 39 | } tls_opt_t; 40 | 41 | typedef struct tls tls_t; 42 | 43 | tls_t * 44 | tls_new(void); 45 | 46 | void 47 | tls_cleanup(tls_t **tls); 48 | 49 | tls_t * 50 | tls_incref(tls_t *tls); 51 | 52 | tls_t * 53 | tls_decref(tls_t *tls); 54 | 55 | ssize_t 56 | tls_read(tls_t *tls, int fd, void *buf, size_t count); 57 | 58 | ssize_t 59 | tls_write(tls_t *tls, int fd, const void *buf, size_t count); 60 | 61 | int 62 | tls_getsockopt(tls_t *tls, int fd, int optname, 63 | void *optval, socklen_t *optlen); 64 | 65 | int 66 | tls_handshake(tls_t *tls, int fd, bool client, const tls_handshake_t *hs); 67 | -------------------------------------------------------------------------------- /bin/exe.c: -------------------------------------------------------------------------------- 1 | /* vim: set tabstop=8 shiftwidth=2 softtabstop=2 expandtab smarttab colorcolumn=80: */ 2 | /* 3 | * Copyright 2018 Red Hat, Inc. 4 | * 5 | * Author: Nathaniel McCallum 6 | * 7 | * This library is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU Lesser General Public 9 | * License as published by the Free Software Foundation; either 10 | * version 2.1 of the License, or (at your option) any later version. 11 | * 12 | * This library is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | * Lesser General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public 18 | * License along with this library; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 | */ 21 | 22 | #include "exe.h" 23 | 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | #include 34 | 35 | struct exe { 36 | pid_t pid; 37 | int fd; 38 | }; 39 | 40 | exe_t * 41 | exe_run(const char *cmd, bool shell, int socktype) 42 | { 43 | int sv[2] = { -1, -1 }; 44 | exe_t *exe = NULL; 45 | 46 | exe = malloc(sizeof(exe_t)); 47 | if (!exe) 48 | return NULL; 49 | 50 | if (socketpair(AF_UNIX, socktype | SOCK_CLOEXEC, 0, sv) != 0) { 51 | free(exe); 52 | return NULL; 53 | } 54 | 55 | exe->pid = fork(); 56 | if (exe->pid < 0) { 57 | close(sv[0]); 58 | close(sv[1]); 59 | free(exe); 60 | return NULL; 61 | } 62 | 63 | if (exe->pid == 0) { 64 | const char *args[4] = { cmd }; 65 | 66 | if (shell) { 67 | args[0] = "/bin/sh"; 68 | args[1] = "-c"; 69 | args[2] = cmd; 70 | } 71 | 72 | dup2(sv[1], STDIN_FILENO); 73 | dup2(sv[1], STDOUT_FILENO); 74 | execv(args[0], (char **) args); 75 | exit(EXIT_FAILURE); 76 | } 77 | 78 | exe->fd = sv[0]; 79 | close(sv[1]); 80 | return exe; 81 | } 82 | 83 | int 84 | exe_fd(const exe_t *exe) 85 | { 86 | return exe->fd; 87 | } 88 | 89 | int 90 | exe_shutdown(exe_t *exe) 91 | { 92 | pid_t pid = exe->pid; 93 | int fd = exe->fd; 94 | int status = 0; 95 | 96 | free(exe); 97 | close(fd); 98 | 99 | for (size_t i = 0; i < 10; i++) { 100 | if (waitpid(pid, &status, WNOHANG) != -1) 101 | return status; 102 | 103 | usleep(50000); 104 | } 105 | 106 | kill(pid, SIGTERM); 107 | 108 | for (size_t i = 0; i < 10; i++) { 109 | if (waitpid(pid, &status, WNOHANG) != -1) 110 | return status; 111 | 112 | usleep(50000); 113 | } 114 | 115 | kill(pid, SIGKILL); 116 | waitpid(pid, &status, 0); 117 | return status; 118 | } 119 | 120 | void 121 | exe_cleanup(exe_t **exe) 122 | { 123 | if (!exe || !*exe) 124 | return; 125 | 126 | exe_shutdown(*exe); 127 | } 128 | -------------------------------------------------------------------------------- /bin/non.c: -------------------------------------------------------------------------------- 1 | /* vim: set tabstop=8 shiftwidth=2 softtabstop=2 expandtab smarttab colorcolumn=80: */ 2 | /* 3 | * Copyright 2018 Red Hat, Inc. 4 | * 5 | * Author: Nathaniel McCallum 6 | * 7 | * This library is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU Lesser General Public 9 | * License as published by the Free Software Foundation; either 10 | * version 2.1 of the License, or (at your option) any later version. 11 | * 12 | * This library is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | * Lesser General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public 18 | * License along with this library; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 | */ 21 | 22 | #include "non.h" 23 | 24 | #include 25 | #include 26 | #include 27 | #include 28 | 29 | int 30 | non_accept(int sockfd, struct sockaddr *addr, socklen_t *addrlen) 31 | { 32 | struct pollfd pfd = { .fd = sockfd, .events = POLLIN }; 33 | int fd; 34 | 35 | fd = accept(sockfd, addr, addrlen); 36 | if (fd >= 0) 37 | return fd; 38 | 39 | if (errno != EAGAIN && errno != EWOULDBLOCK) 40 | return -1; 41 | 42 | if (poll(&pfd, 1, -1) == -1) 43 | return -1; 44 | 45 | return non_accept(sockfd, addr, addrlen); 46 | } 47 | 48 | int 49 | non_connect(int fd, const struct sockaddr *addr, socklen_t addrlen) 50 | { 51 | struct pollfd pfd = { .fd = fd, .events = POLLOUT }; 52 | socklen_t len = sizeof(errno); 53 | 54 | if (connect(fd, addr, addrlen) == 0) 55 | return 0; 56 | 57 | if (errno == EAGAIN || errno == EWOULDBLOCK) 58 | return non_connect(fd, addr, addrlen); 59 | 60 | if (errno != EINPROGRESS) 61 | return -1; 62 | 63 | if (poll(&pfd, 1, -1) == -1) 64 | return -1; 65 | 66 | if (getsockopt(fd, SOL_SOCKET, SO_ERROR, &errno, &len) == -1) 67 | return -1; 68 | 69 | if (len != sizeof(errno)) { 70 | errno = EINVAL; 71 | return -1; 72 | } 73 | 74 | return errno == 0 ? 0 : -1; 75 | } 76 | 77 | int 78 | non_setsockopt(int fd, int level, int name, const void *val, socklen_t len) 79 | { 80 | struct pollfd pfd = { .fd = fd, .events = POLLIN }; 81 | 82 | if (setsockopt(fd, level, name, val, len) == 0) 83 | return 0; 84 | 85 | if (errno != EAGAIN && errno != EWOULDBLOCK) 86 | return -1; 87 | 88 | if (poll(&pfd, 1, -1) == -1) 89 | return -1; 90 | 91 | return non_setsockopt(fd, level, name, val, len); 92 | } 93 | 94 | ssize_t 95 | non_write(int fd, void *buf, size_t len) 96 | { 97 | struct pollfd pfd = { .fd = fd, .events = POLLOUT }; 98 | uint8_t *b = buf; 99 | ssize_t ret; 100 | 101 | ret = write(fd, buf, len); 102 | if (ret < 0) { 103 | if (errno != EAGAIN) 104 | return ret; 105 | 106 | ret = 0; 107 | } else if ((size_t) ret == len) { 108 | return ret; 109 | } 110 | 111 | if (poll(&pfd, 1, -1) == -1) 112 | return -1; 113 | 114 | return non_write(fd, &b[ret], len - ret); 115 | } 116 | -------------------------------------------------------------------------------- /lib/locks.c: -------------------------------------------------------------------------------- 1 | /* vim: set tabstop=8 shiftwidth=2 softtabstop=2 expandtab smarttab colorcolumn=80: */ 2 | /* 3 | * Copyright 2018,2019 Red Hat, Inc. 4 | * 5 | * Author: Nathaniel McCallum & Robbie Harwood 6 | * 7 | * This library is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU Lesser General Public 9 | * License as published by the Free Software Foundation; either 10 | * version 2.1 of the License, or (at your option) any later version. 11 | * 12 | * This library is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | * Lesser General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public 18 | * License along with this library; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 | */ 21 | 22 | #include "locks.h" 23 | 24 | #include 25 | #include 26 | #include 27 | 28 | struct rwhold { 29 | pthread_rwlock_t lock; 30 | }; 31 | 32 | struct rwlock { 33 | rwhold_t hold; 34 | }; 35 | 36 | struct hold { 37 | pthread_mutex_t lock; 38 | }; 39 | 40 | struct mutex { 41 | hold_t hold; 42 | }; 43 | 44 | rwlock_t * 45 | rwlock_init(void) 46 | { 47 | rwlock_t *lock = NULL; 48 | int ret = 0; 49 | 50 | lock = malloc(sizeof(*lock)); 51 | if (!lock) 52 | return NULL; 53 | 54 | ret = pthread_rwlock_init(&lock->hold.lock, NULL); 55 | if (ret != 0) { 56 | free(lock); 57 | errno = ret; 58 | return NULL; 59 | } 60 | 61 | return lock; 62 | } 63 | 64 | void 65 | rwlock_free(rwlock_t *lock) 66 | { 67 | if (!lock) 68 | return; 69 | 70 | pthread_rwlock_destroy(&lock->hold.lock); 71 | free(lock); 72 | } 73 | 74 | rwhold_t * 75 | rwlock_rdlock(rwlock_t *lock) 76 | { 77 | if (!lock) 78 | return NULL; 79 | 80 | int ret = pthread_rwlock_rdlock(&lock->hold.lock); 81 | if (ret != 0) { 82 | errno = ret; 83 | return NULL; 84 | } 85 | 86 | return &lock->hold; 87 | } 88 | 89 | rwhold_t * 90 | rwlock_wrlock(rwlock_t *lock) 91 | { 92 | if (!lock) 93 | return NULL; 94 | 95 | int ret = pthread_rwlock_wrlock(&lock->hold.lock); 96 | if (ret != 0) { 97 | errno = ret; 98 | return NULL; 99 | } 100 | 101 | return &lock->hold; 102 | } 103 | 104 | void 105 | rwhold_release(rwhold_t **hold) 106 | { 107 | if (hold && *hold) { 108 | pthread_rwlock_unlock(&(*hold)->lock); 109 | *hold = NULL; 110 | } 111 | } 112 | 113 | mutex_t * 114 | mutex_init(void) 115 | { 116 | mutex_t *lock = NULL; 117 | int ret = 0; 118 | 119 | lock = malloc(sizeof(*lock)); 120 | if (!lock) 121 | return NULL; 122 | 123 | ret = pthread_mutex_init(&lock->hold.lock, NULL); 124 | if (ret != 0) { 125 | free(lock); 126 | errno = ret; 127 | return NULL; 128 | } 129 | 130 | return lock; 131 | } 132 | 133 | void 134 | mutex_free(mutex_t *lock) 135 | { 136 | if (!lock) 137 | return; 138 | 139 | pthread_mutex_destroy(&lock->hold.lock); 140 | free(lock); 141 | } 142 | 143 | hold_t * 144 | mutex_lock(mutex_t *lock) 145 | { 146 | if (!lock) 147 | return NULL; 148 | 149 | int ret = pthread_mutex_lock(&lock->hold.lock); 150 | if (ret != 0) { 151 | errno = ret; 152 | return NULL; 153 | } 154 | 155 | return &lock->hold; 156 | } 157 | 158 | void 159 | hold_release(hold_t **hold) 160 | { 161 | if (hold && *hold) { 162 | pthread_mutex_unlock(&(*hold)->lock); 163 | *hold = NULL; 164 | } 165 | } 166 | 167 | -------------------------------------------------------------------------------- /lib/idx.c: -------------------------------------------------------------------------------- 1 | /* vim: set tabstop=8 shiftwidth=2 softtabstop=2 expandtab smarttab colorcolumn=80: */ 2 | /* 3 | * Copyright 2018 Red Hat, Inc. 4 | * 5 | * Author: Nathaniel McCallum 6 | * 7 | * This library is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU Lesser General Public 9 | * License as published by the Free Software Foundation; either 10 | * version 2.1 of the License, or (at your option) any later version. 11 | * 12 | * This library is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | * Lesser General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public 18 | * License along with this library; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 | */ 21 | 22 | #include "idx.h" 23 | 24 | #include 25 | 26 | #include 27 | #include 28 | #include 29 | #include 30 | 31 | static struct { 32 | pthread_rwlock_t rwl; 33 | tls_t **tls; 34 | size_t len; 35 | } idx = { .rwl = PTHREAD_RWLOCK_INITIALIZER }; 36 | 37 | static long pagesize; 38 | 39 | bool 40 | idx_set(int fd, tls_t *tls, tls_t **already) 41 | { 42 | if (fd < 0) 43 | return false; 44 | 45 | pthread_rwlock_wrlock(&idx.rwl); 46 | 47 | if (idx.len <= (unsigned int) fd) { 48 | const int block = pagesize / sizeof(tls_t*); 49 | tls_t **tmp = NULL; 50 | size_t len = 0; 51 | 52 | len = (fd + block) / block * block; 53 | tmp = realloc(idx.tls, sizeof(tls_t*) * len); 54 | if (!tmp) 55 | goto error; 56 | 57 | memset(&tmp[idx.len], 0, sizeof(tls_t*) * (len - idx.len)); 58 | idx.len = len; 59 | idx.tls = tmp; 60 | } 61 | 62 | if (idx.tls[fd]) { 63 | if (already) { 64 | *already = tls_incref(idx.tls[fd]); 65 | if (*already) 66 | goto error; 67 | } 68 | 69 | errno = EALREADY; 70 | goto error; 71 | } 72 | 73 | idx.tls[fd] = tls_incref(tls); 74 | if (!idx.tls[fd]) 75 | goto error; 76 | 77 | pthread_rwlock_unlock(&idx.rwl); 78 | return true; 79 | 80 | error: 81 | pthread_rwlock_unlock(&idx.rwl); 82 | return false; 83 | } 84 | 85 | tls_t * 86 | idx_get(int fd) 87 | { 88 | tls_t *tls = NULL; 89 | 90 | if (fd < 0) 91 | return NULL; 92 | 93 | pthread_rwlock_rdlock(&idx.rwl); 94 | 95 | if (idx.len <= (unsigned int) fd) 96 | goto error; 97 | 98 | tls = tls_incref(idx.tls[fd]); 99 | 100 | error: 101 | pthread_rwlock_unlock(&idx.rwl); 102 | return tls_incref(tls); 103 | } 104 | 105 | bool 106 | idx_del(int fd) 107 | { 108 | bool found = false; 109 | 110 | if (fd < 0) { 111 | errno = EBADF; // FIXME 112 | return false; 113 | } 114 | 115 | pthread_rwlock_wrlock(&idx.rwl); 116 | 117 | if (idx.len > (unsigned int) fd && idx.tls[fd]) { 118 | tls_decref(idx.tls[fd]); 119 | idx.tls[fd] = NULL; 120 | found = true; 121 | } 122 | 123 | pthread_rwlock_unlock(&idx.rwl); 124 | 125 | if (!found) 126 | errno = ENOENT; 127 | 128 | return found; 129 | } 130 | 131 | static void __attribute__((constructor)) 132 | constructor(void) 133 | { 134 | pagesize = sysconf(_SC_PAGESIZE); 135 | if (pagesize < 0) 136 | abort(); 137 | if (pagesize % sizeof(void*) != 0) 138 | abort(); 139 | } 140 | 141 | static void __attribute__((destructor)) 142 | destructor(void) 143 | { 144 | pthread_rwlock_wrlock(&idx.rwl); 145 | 146 | for (size_t i = 0; i < idx.len; i++) 147 | tls_decref(idx.tls[i]); 148 | 149 | free(idx.tls); 150 | idx.tls = NULL; 151 | idx.len = 0; 152 | 153 | pthread_rwlock_destroy(&idx.rwl); 154 | } 155 | -------------------------------------------------------------------------------- /bin/opt.c: -------------------------------------------------------------------------------- 1 | /* vim: set tabstop=8 shiftwidth=2 softtabstop=2 expandtab smarttab colorcolumn=80: */ 2 | /* 3 | * Copyright 2018 Red Hat, Inc. 4 | * 5 | * Author: Nathaniel McCallum 6 | * 7 | * This library is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU Lesser General Public 9 | * License as published by the Free Software Foundation; either 10 | * version 2.1 of the License, or (at your option) any later version. 11 | * 12 | * This library is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | * Lesser General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public 18 | * License along with this library; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 | */ 21 | 22 | #include "opt.h" 23 | #include "hex.h" 24 | 25 | #include 26 | #include 27 | #include 28 | 29 | static const char *sopts = "46hlknubTc:e:U:K:"; 30 | static const struct option lopts[] = { 31 | { "ipv4", no_argument, .val = '4' }, 32 | { "ipv6", no_argument, .val = '6' }, 33 | { "help", no_argument, .val = 'h' }, 34 | { "listen", no_argument, .val = 'l' }, 35 | { "udp", no_argument, .val = 'u' }, 36 | { "block", no_argument, .val = 'b' }, 37 | { "tls", no_argument, .val = 'T' }, 38 | { "sh-exec", required_argument, .val = 'c' }, 39 | { "exec", required_argument, .val = 'e' }, 40 | 41 | { "psk-user", required_argument, .val = 'U' }, 42 | { "psk-key", required_argument, .val = 'K' }, 43 | {} 44 | }; 45 | 46 | static const struct { 47 | int val; 48 | const char *doc; 49 | const char *arg; 50 | } docs[] = { 51 | {'4', "Use IPv4 only"}, 52 | {'6', "Use IPv6 only"}, 53 | {'c', "Execute the given shell command", "CMD"}, 54 | {'e', "Execute the given command", "CMD"}, 55 | {'l', "Bind and listen for an incoming connection"}, 56 | {'h', "Display this help message"}, 57 | {'u', "Use UDP (or DTLS) instead of default (TCP [TLS])"}, 58 | {'b', "Use blocking sockets (internally)"}, 59 | {'T', "Use TLS or DTLS instead of TCP or UDP"}, 60 | {'U', "Pre-Shared Key authentication username", "NAME"}, 61 | {'K', "Pre-Shared Key authentication key (hex)", "HEX"}, 62 | {} 63 | }; 64 | 65 | bool 66 | opts_parse(options_t *opts, int argc, char **argv) 67 | { 68 | if (!argv || !*argv) 69 | goto usage; 70 | 71 | memset(opts, 0, sizeof(*opts)); 72 | opts->host = "localhost"; 73 | opts->port = "31337"; 74 | 75 | for (int c; (c = getopt_long(argc, argv, sopts, lopts, NULL)) >= 0; ) { 76 | switch (c) { 77 | case 'h': goto usage; 78 | 79 | case '4': opts->ipv4 = true; break; 80 | case '6': opts->ipv6 = true; break; 81 | case 'l': opts->listen = true; break; 82 | case 'u': opts->udp = true; break; 83 | case 'b': opts->block = true; break; 84 | case 'T': opts->tls = true; break; 85 | case 'c': opts->exec = optarg; opts->shell = true; break; 86 | case 'e': opts->exec = optarg; opts->shell = false; break; 87 | case 'U': opts->psku = optarg; break; 88 | 89 | case 'K': 90 | opts->pskk = optarg; 91 | if (hex2bin(opts->pskk, NULL, strlen(opts->pskk) / 2)) 92 | break; 93 | 94 | fprintf(stderr, "The -K option contains invalid hex!\n\n"); 95 | goto usage; 96 | 97 | default: 98 | fprintf(stderr, "Unknown option: %c!\n\n", c); 99 | goto usage; 100 | } 101 | } 102 | 103 | if (optind < argc) 104 | opts->host = argv[optind++]; 105 | 106 | if (optind < argc) 107 | opts->port = argv[optind++]; 108 | 109 | if (opts->ipv4 && opts->ipv6) { 110 | fprintf(stderr, "Can only specify one of -4 or -6!\n\n"); 111 | goto usage; 112 | } 113 | 114 | if (opts->psku && !opts->tls) { 115 | fprintf(stderr, "The -U option requires the -T option!\n\n"); 116 | goto usage; 117 | } 118 | 119 | if (opts->pskk && !opts->tls) { 120 | fprintf(stderr, "The -K option requires the -T option!\n\n"); 121 | goto usage; 122 | } 123 | 124 | return true; 125 | 126 | usage: 127 | fprintf(stderr, "tlssock [options] [hostname] [port]\n"); 128 | fprintf(stderr, "\n"); 129 | 130 | for (size_t i = 0; lopts[i].name; i++) { 131 | for (size_t j = 0; docs[j].doc; j++) { 132 | if (lopts[i].val != docs[j].val) 133 | continue; 134 | 135 | const size_t val = docs[j].arg ? strlen(docs[j].arg) : 0; 136 | const size_t key = strlen(lopts[i].name); 137 | char lterm[key + val + 4]; 138 | char sterm[val + 4]; 139 | 140 | if (!docs[j].arg || lopts[i].has_arg == no_argument) { 141 | sprintf(sterm, ","); 142 | sprintf(lterm, "%s%s", lopts[i].name, ""); 143 | } else if (lopts[i].has_arg == required_argument) { 144 | sprintf(sterm, " %s,", docs[j].arg); 145 | sprintf(lterm, "%s=%s", lopts[i].name, docs[j].arg); 146 | } else { 147 | sprintf(sterm, " [%s],", docs[j].arg); 148 | sprintf(lterm, "%s[=%s]", lopts[i].name, docs[j].arg); 149 | } 150 | 151 | fprintf(stderr, " -%c%-7s --%-18s %s\n", 152 | docs[j].val, sterm, lterm, docs[j].doc); 153 | } 154 | } 155 | return false; 156 | } 157 | 158 | -------------------------------------------------------------------------------- /meson.build: -------------------------------------------------------------------------------- 1 | project('tlssock', 'c', 2 | meson_version: '>= 0.49.0', 3 | version: '0.1.0', 4 | ) 5 | 6 | cc = meson.get_compiler('c') 7 | 8 | add_project_arguments( 9 | '-I' + meson.current_source_dir(), 10 | '-I' + meson.current_build_dir(), 11 | '-std=gnu99', 12 | '-Wall', 13 | '-Wextra', 14 | '-Werror', 15 | '-Wstrict-aliasing', 16 | '-Wchar-subscripts', 17 | '-Wformat-security', 18 | '-Wmissing-declarations', 19 | '-Wmissing-prototypes', 20 | '-Wnested-externs', 21 | '-Wpointer-arith', 22 | '-Wshadow', 23 | '-Wsign-compare', 24 | '-Wstrict-prototypes', 25 | '-Wtype-limits', 26 | '-Wunused-function', 27 | '-Wno-missing-field-initializers', 28 | '-Wno-unused-parameter', 29 | '-Wno-unknown-pragmas', 30 | '-D_GNU_SOURCE', 31 | language: 'c' 32 | ) 33 | 34 | # Work around the fact that clang is overly-zealous in detecting unused 35 | # variables when the cleanup attribute is used. 36 | if cc.get_id() == 'clang' 37 | add_project_arguments('-Wno-unused-variable', language: 'c') 38 | endif 39 | 40 | pkg = import('pkgconfig') 41 | dl = cc.find_library('dl', required: false) 42 | 43 | openssl = dependency('openssl', version: '>=1.1.0', required: false) 44 | gnutls = dependency('gnutls', version: '>=3.6.0', required: false) 45 | threads = dependency('threads') 46 | 47 | variants = [ openssl, gnutls ] 48 | assert(variants.length() > 0, 'At least one TLS library is required!') 49 | 50 | install_headers('lib/tlssock.h') 51 | 52 | rev = executable('rev', 'tests/rev.c') 53 | run = executable('run', 'tests/run.c') 54 | 55 | tests = [] 56 | gnusrv = find_program('gnutls-serv', required: false) 57 | gnuclt = find_program('gnutls-cli', required: false) 58 | sslcli = find_program('openssl', required: false) 59 | socat = find_program('socat', required: false) 60 | ncat = find_program('ncat', required: false) 61 | cat = find_program('cat').path() 62 | 63 | psk = '7df28f5439b5a051cc138b6e12128264' 64 | foreach n: ['4', '6'] 65 | h = 'localhost' + n 66 | 67 | r = run_command('grep', h, '/etc/hosts') 68 | if r.returncode() != 0 69 | error('Failed to find localhost4/localhost6 in /etc/hosts!') 70 | endif 71 | 72 | if ncat.found() 73 | tests += [[n, 'TCP', 'clt', 'ncat', false, [ 74 | ncat.path(), h, '%PORT%' 75 | ]]] 76 | tests += [[n, 'TCP', 'esrv', 'ncat', false, [ 77 | ncat.path(), '-e', cat, '-l', h, '%PORT%' 78 | ]]] 79 | tests += [[n, 'TCP', 'rsrv', 'ncat', false,[ 80 | ncat.path(), '-e', rev.full_path(), '-l', h, '%PORT%' 81 | ]]] 82 | endif 83 | 84 | if socat.found() 85 | tests += [[n, 'TCP', 'clt', 'socat', false, [ 86 | socat.path(), 'stdio', 'tcp:' + h + ':%PORT%' 87 | ]]] 88 | tests += [[n, 'TCP', 'esrv', 'socat', false, [ 89 | socat.path(), 'tcp-listen:%PORT%,pf=ipv' + n, 'exec:' + cat 90 | ]]] 91 | tests += [[n, 'TCP', 'rsrv', 'socat', false, [ 92 | socat.path(), 'tcp-listen:%PORT%,pf=ipv' + n, 'exec:' + rev.full_path() 93 | ]]] 94 | endif 95 | 96 | if gnuclt.found() and false 97 | tests += [[n, 'PSK', 'clt', 'gnutls-cli', false, [ 98 | gnuclt.path(), '-p', '%PORT%', '--pskusername=foo', '--pskkey=' + psk, 99 | '--priority', 'NORMAL:+ECDHE-PSK:+DHE-PSK:+PSK', h 100 | ]]] 101 | endif 102 | 103 | if gnusrv.found() 104 | tests += [[n, 'PSK', 'esrv', 'gnutls-serv', true, [ 105 | gnusrv.path(), '-p', '%PORT%', '--echo', 106 | '--priority', 'NORMAL:+ECDHE-PSK:+DHE-PSK:+PSK', 107 | '--pskpasswd=' + meson.current_source_dir() + '/tests/psk.txt' 108 | ]]] 109 | endif 110 | 111 | if sslcli.found() 112 | tests += [[n, 'PSK', 'clt', 'openssl', true, [ 113 | sslcli.path(), 's_client', '-connect', h + ':%PORT%', '-quiet', 114 | '-psk_identity', 'foo', '-psk', psk 115 | ]]] 116 | tests += [[n, 'PSK', 'rsrv', 'openssl', true, [ 117 | sslcli.path(), 's_server', '-nocert', '-rev', '-psk_identity', 'foo', 118 | '-accept', h + ':%PORT%', '-psk', psk 119 | ]]] 120 | endif 121 | endforeach 122 | 123 | foreach v: variants 124 | if not v.found() 125 | continue 126 | endif 127 | 128 | lib = shared_library('tlssock-' + v.name(), [ 129 | 'lib/tlssock.c', 'lib/tlssock.h', 130 | 'lib/core.c', 'lib/core.h', 131 | 'lib/idx.c', 'lib/idx.h', 132 | 'lib/locks.c', 'lib/locks.h', 133 | 'lib/tls.h', 'lib/tls-' + v.name() + '.c', 134 | ], 135 | dependencies: [v, threads, dl], 136 | install: true, 137 | ) 138 | 139 | pkg.generate( 140 | description: 'A library for doing TLS at the socket layer using ' + v.name(), 141 | libraries: lib, 142 | name: 'tlssock-' + v.name(), 143 | version: meson.project_version(), 144 | install_dir: join_paths(get_option('libdir'), 'pkgconfig') 145 | ) 146 | 147 | tlssock = executable('tlssock-' + v.name(), [ 148 | 'bin/hex.c', 'bin/hex.h', 149 | 'bin/non.c', 'bin/non.h', 150 | 'bin/exe.c', 'bin/exe.h', 151 | 'bin/opt.c', 'bin/opt.h', 152 | 'bin/main.c', 153 | ], 154 | link_with: lib 155 | ) 156 | 157 | foreach n: ['4', '6'] 158 | h = 'localhost' + n 159 | 160 | tests += [[n, 'TCP', 'clt', 'ts-' + v.name(), false, [ 161 | tlssock, h, '%PORT%' 162 | ]]] 163 | tests += [[n, 'TCP', 'esrv', 'ts-' + v.name(), false, [ 164 | tlssock, '-e', cat, '-l', h, '%PORT%' 165 | ]]] 166 | tests += [[n, 'TCP', 'rsrv', 'ts-' + v.name(), false, [ 167 | tlssock, '-e', rev.full_path(), '-l', h, '%PORT%' 168 | ]]] 169 | 170 | tests += [[n, 'PSK', 'clt', 'ts-' + v.name(), false, [ 171 | tlssock, '-T', '-U', 'foo', '-K', psk, h, '%PORT%' 172 | ]]] 173 | tests += [[n, 'PSK', 'esrv', 'ts-' + v.name(), false, [ 174 | tlssock, '-lT', '-U', 'foo', '-K', psk, '-e', cat, h, '%PORT%' 175 | ]]] 176 | tests += [[n, 'PSK', 'rsrv', 'ts-' + v.name(), false, [ 177 | tlssock, '-lT', '-U', 'foo', '-K', psk, '-e', rev.full_path(), h, '%PORT%' 178 | ]]] 179 | endforeach 180 | endforeach 181 | 182 | # A single test consists of three elements of the tests array: a 'clt', an 183 | # 'esrv', and an 'rsrv'. The tests array is, in order: 184 | # 185 | # - IP protocol ('4' or '6') 186 | # - strategy ('TCP' or 'PSK') - used for differentiation 187 | # - behavior ('clt' (client), 'esrv' (echo), or 'rsrv' (rev)) 188 | # - name, used only for logging the (a->b) stuff 189 | # - whether to kill the particular job on completion 190 | # - an array containing argv for the executable (including the meson obj) 191 | # 192 | # So what this does: for every "clt" test, it looks for corresponding 'esrv' 193 | # and 'rsrv' tests. I can read it now, but I can't fix it. 194 | foreach ip: ['4', '6'] 195 | foreach strat: ['TCP', 'PSK'] 196 | foreach client: tests 197 | if client[0] == ip and client[1] == strat and client[2] == 'clt' 198 | foreach server: tests 199 | if server[0] == ip and server[1] == strat and (server[2] == 'esrv' or server[2] == 'rsrv') 200 | args = ['--', client[5], '--', server[5]] 201 | 202 | if server[2] == 'rsrv' 203 | args = ['-r'] + args 204 | endif 205 | 206 | if client[4] 207 | args = ['-C'] + args 208 | endif 209 | 210 | if server[4] 211 | args = ['-S'] + args 212 | endif 213 | 214 | sep = server[2] == 'rsrv' ? ' => ' : ' -> ' 215 | 216 | test(ip + strat + ': ' + client[3] + sep + server[3], run, args: args) 217 | endif 218 | endforeach 219 | endif 220 | endforeach 221 | endforeach 222 | endforeach 223 | -------------------------------------------------------------------------------- /tests/run.c: -------------------------------------------------------------------------------- 1 | /* vim: set tabstop=8 shiftwidth=2 softtabstop=2 expandtab smarttab colorcolumn=80: */ 2 | /* 3 | * Copyright 2018 Red Hat, Inc. 4 | * 5 | * Author: Nathaniel McCallum 6 | * 7 | * This library is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU Lesser General Public 9 | * License as published by the Free Software Foundation; either 10 | * version 2.1 of the License, or (at your option) any later version. 11 | * 12 | * This library is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | * Lesser General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public 18 | * License along with this library; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 | */ 21 | 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #define pid_auto_t pid_t __attribute__((cleanup(pid_cleanup))) 37 | #define fd_auto_t fd_t __attribute__((cleanup(fd_cleanup))) 38 | 39 | typedef int fd_t; 40 | 41 | static void 42 | pid_cleanup(pid_t *pid) 43 | { 44 | if (!pid || *pid < 0) 45 | return; 46 | 47 | if (waitpid(*pid, NULL, WNOHANG) != *pid) { 48 | kill(*pid, SIGTERM); 49 | waitpid(*pid, NULL, 0); 50 | } 51 | 52 | *pid = -1; 53 | } 54 | 55 | static void 56 | fd_cleanup(fd_t *fd) 57 | { 58 | if (!fd || *fd < 0) 59 | return; 60 | 61 | close(*fd); 62 | *fd = -1; 63 | } 64 | 65 | static fd_t 66 | fd_steal(fd_t *fd) 67 | { 68 | fd_t f = -1; 69 | 70 | if (fd) { 71 | f = *fd; 72 | *fd = -1; 73 | } 74 | 75 | return f; 76 | } 77 | 78 | static int 79 | pair(int flags, fd_t *rd, fd_t *wr) 80 | { 81 | int fd[2] = { -1, -1 }; 82 | int ret; 83 | 84 | ret = pipe2(fd, flags); 85 | if (ret != 0) 86 | return ret; 87 | 88 | *wr = fd[1]; 89 | *rd = fd[0]; 90 | return 0; 91 | } 92 | 93 | static pid_t 94 | spawn(char *args[], fd_t *rd, fd_t *wr) 95 | { 96 | fd_auto_t cout = -1; 97 | fd_auto_t pout = -1; 98 | fd_auto_t oout = -1; 99 | fd_auto_t cin = -1; 100 | fd_auto_t pin = -1; 101 | fd_auto_t oin = -1; 102 | int status; 103 | pid_t pid; 104 | char c; 105 | 106 | if (rd) { 107 | if (pair(O_CLOEXEC, &pin, &cout) != 0) 108 | return -1; 109 | } 110 | 111 | if (wr) { 112 | if (pair(O_CLOEXEC, &cin, &pout) != 0) 113 | return -1; 114 | } 115 | 116 | if (pair(O_CLOEXEC | O_DIRECT, &oin, &oout) != 0) 117 | return -1; 118 | 119 | pid = fork(); 120 | if (pid < 0) 121 | return pid; 122 | 123 | if (pid == 0) { 124 | dup2(cin, STDIN_FILENO); 125 | dup2(cout, STDOUT_FILENO); 126 | execvp(args[0], args); 127 | exit(EXIT_FAILURE); 128 | } 129 | 130 | fd_cleanup(&oout); 131 | read(oin, &c, 1); 132 | if (waitpid(pid, &status, WNOHANG) == pid) 133 | return -1; 134 | 135 | if (rd) 136 | *rd = fd_steal(&pin); 137 | 138 | if (wr) 139 | *wr = fd_steal(&pout); 140 | 141 | return pid; 142 | } 143 | 144 | static char * 145 | replace(char *str, const char *old, const char *new) 146 | { 147 | size_t nlen; 148 | size_t olen; 149 | 150 | olen = strlen(old); 151 | nlen = strlen(new); 152 | if (olen < nlen) 153 | abort(); 154 | 155 | for (char *s = strstr(str, old); s; s = strstr(s + nlen, old)) { 156 | memmove(s + nlen, s + olen, strlen(s + olen) + 1); 157 | strncpy(s, new, nlen); 158 | } 159 | 160 | return str; 161 | } 162 | 163 | static char * 164 | substitute(char *str, uint16_t port) 165 | { 166 | char new[] = "65535"; 167 | snprintf(new, sizeof(new), "%hu", port); 168 | replace(str, "%PORT%", new); 169 | return str; 170 | } 171 | 172 | static void 173 | reverse(char *str, size_t len) 174 | { 175 | while (len > 0 && str[len - 1] == '\n') 176 | len--; 177 | 178 | if (len == 0) 179 | return; 180 | 181 | for (size_t f = 0, b = len - 1; f < b; f++, b--) { 182 | str[f] ^= str[b]; 183 | str[b] ^= str[f]; 184 | str[f] ^= str[b]; 185 | } 186 | } 187 | 188 | int 189 | main(int argc, char *argv[]) 190 | { 191 | char msg[] = "abcdefgh\n"; 192 | struct timespec tms; 193 | char buf[1024]; 194 | uint16_t port; 195 | 196 | char *cargs[argc]; 197 | char *sargs[argc]; 198 | char **args = cargs; 199 | 200 | pid_auto_t cpid = -1; 201 | pid_auto_t spid = -1; 202 | fd_auto_t out = -1; 203 | fd_auto_t in = -1; 204 | int cstatus; 205 | int sstatus; 206 | ssize_t ret; 207 | 208 | bool ckill = false; 209 | bool skill = false; 210 | bool rev = false; 211 | 212 | clock_gettime(CLOCK_REALTIME, &tms); 213 | srand(getpid() + tms.tv_nsec); 214 | port = 1024 + rand() % 64511; 215 | 216 | memset(buf, 0, sizeof(buf)); 217 | memset(cargs, 0, sizeof(cargs)); 218 | memset(sargs, 0, sizeof(sargs)); 219 | 220 | for (int c; (c = getopt(argc, argv, "rCS")) >= 0; ) { 221 | switch (c) { 222 | case 'r': 223 | rev = true; 224 | break; 225 | 226 | case 'C': 227 | ckill = true; 228 | break; 229 | 230 | case 'S': 231 | skill = true; 232 | break; 233 | 234 | default: 235 | fprintf(stderr, "Unknown option: %c!\n", c); 236 | fprintf(stderr, "Usage: %s [-r] [-C] [-S]\n\n", argv[0]); 237 | fprintf(stderr, "-r: Server behaves like rev\n"); 238 | fprintf(stderr, "-C: Kill client when test complete\n"); 239 | fprintf(stderr, "-S: Kill server when test complete\n"); 240 | return EXIT_FAILURE; 241 | } 242 | } 243 | 244 | for (int i = optind, j = 0; i < argc; i++) { 245 | switch (strcmp(argv[i], "--")) { 246 | case 0: args = sargs; j = 0; break; 247 | default: args[j++] = substitute(argv[i], port); break; 248 | } 249 | } 250 | 251 | fprintf(stderr, "client: "); 252 | for (int i = 0; cargs[i]; i++) 253 | fprintf(stderr, "%s%s", cargs[i], cargs[i + 1] ? " " : "\n"); 254 | 255 | fprintf(stderr, "server: "); 256 | for (int i = 0; sargs[i]; i++) 257 | fprintf(stderr, "%s%s", sargs[i], sargs[i + 1] ? " " : "\n"); 258 | 259 | if (cargs[0] == NULL || sargs[0] == NULL) { 260 | fprintf(stderr, "Invalid arguments!\n"); 261 | return EXIT_FAILURE; 262 | } 263 | 264 | spid = spawn(sargs, NULL, NULL); 265 | if (spid < 0) { 266 | fprintf(stderr, "Failure spawining server!\n"); 267 | return EXIT_FAILURE; 268 | } 269 | 270 | usleep(100000); 271 | 272 | cpid = spawn(cargs, &in, &out); 273 | if (cpid < 0) { 274 | fprintf(stderr, "Failure spawining client!\n"); 275 | return EXIT_FAILURE; 276 | } 277 | 278 | ret = write(out, msg, strlen(msg)); 279 | fprintf(stderr, "wrote: %zd: %s\n", ret, msg); 280 | if (ret != (ssize_t) strlen(msg)) 281 | return EXIT_FAILURE; 282 | 283 | ret = read(in, buf, sizeof(buf) - 1); 284 | fprintf(stderr, "read: %zd: %s\n", ret, buf); 285 | if (ret != (ssize_t) strlen(msg)) 286 | return EXIT_FAILURE; 287 | 288 | fd_cleanup(&out); 289 | fd_cleanup(&in); 290 | 291 | if (rev) 292 | reverse(buf, ret); 293 | 294 | if (strcmp(msg, buf) != 0) 295 | return EXIT_FAILURE; 296 | 297 | if (ckill) { 298 | fprintf(stderr, "Killing client...\n"); 299 | kill(cpid, SIGTERM); 300 | } 301 | 302 | if (skill) { 303 | fprintf(stderr, "Killing server...\n"); 304 | kill(spid, SIGTERM); 305 | } 306 | 307 | fprintf(stderr, "Waiting for client...\n"); 308 | if (waitpid(cpid, &cstatus, 0) != cpid) 309 | return EXIT_FAILURE; 310 | cpid = -1; 311 | if (ckill) 312 | cstatus = 0; 313 | 314 | fprintf(stderr, "Waiting for server...\n"); 315 | if (waitpid(spid, &sstatus, 0) != spid) 316 | return EXIT_FAILURE; 317 | spid = -1; 318 | if (skill) 319 | sstatus = 0; 320 | 321 | fprintf(stderr, "cstatus: %d\n", cstatus); 322 | fprintf(stderr, "sstatus: %d\n", sstatus); 323 | return WEXITSTATUS(sstatus) | WEXITSTATUS(sstatus); 324 | } 325 | -------------------------------------------------------------------------------- /bin/main.c: -------------------------------------------------------------------------------- 1 | /* vim: set tabstop=8 shiftwidth=2 softtabstop=2 expandtab smarttab colorcolumn=80: */ 2 | /* 3 | * Copyright 2018 Red Hat, Inc. 4 | * 5 | * Author: Nathaniel McCallum 6 | * 7 | * This library is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU Lesser General Public 9 | * License as published by the Free Software Foundation; either 10 | * version 2.1 of the License, or (at your option) any later version. 11 | * 12 | * This library is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | * Lesser General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public 18 | * License along with this library; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 | */ 21 | 22 | #include "../lib/tlssock.h" 23 | #include "opt.h" 24 | #include "hex.h" 25 | #include "exe.h" 26 | #include "non.h" 27 | 28 | #include 29 | #include 30 | #include 31 | 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | 39 | #define addrinfo_auto_t addrinfo_t __attribute__((cleanup(addrinfo_cleanup))) 40 | #define fd_auto_t fd_t __attribute__((cleanup(fd_cleanup))) 41 | 42 | typedef struct addrinfo addrinfo_t; 43 | typedef int fd_t; 44 | 45 | typedef enum { 46 | STATUS_SUCCESS = EXIT_SUCCESS, 47 | STATUS_FAILURE = EXIT_FAILURE, 48 | STATUS_CONTINUE, 49 | } status_t; 50 | 51 | static void 52 | addrinfo_cleanup(addrinfo_t **ai) 53 | { 54 | if (!ai || !*ai) 55 | return; 56 | 57 | freeaddrinfo(*ai); 58 | } 59 | 60 | static void 61 | fd_cleanup(fd_t *fd) 62 | { 63 | if (!fd || *fd < 0) 64 | return; 65 | 66 | close(*fd); 67 | } 68 | 69 | static bool 70 | ai_family_applicable(const options_t *opts, const struct addrinfo *ai) 71 | { 72 | switch (ai->ai_family) { 73 | case AF_INET6: return !opts->ipv4 || opts->ipv6; 74 | case AF_INET: return opts->ipv4 || !opts->ipv6; 75 | default: return false; 76 | } 77 | } 78 | 79 | static bool 80 | ai_socktype_applicable(const options_t *opts, const struct addrinfo *ai) 81 | { 82 | switch (ai->ai_socktype) { 83 | case SOCK_STREAM: return !opts->udp; 84 | case SOCK_DGRAM: return opts->udp; 85 | default: return false; 86 | } 87 | } 88 | 89 | static bool 90 | ai_protocol_applicable(const options_t *opts, const struct addrinfo *ai) 91 | { 92 | switch (ai->ai_protocol) { 93 | case IPPROTO_IP: return true; 94 | case IPPROTO_TCP: return !opts->udp; 95 | case IPPROTO_UDP: return opts->udp; 96 | default: return false; 97 | } 98 | } 99 | 100 | static bool 101 | ai_applicable(const options_t *opts, const struct addrinfo *ai) 102 | { 103 | return ai_family_applicable(opts, ai) 104 | && ai_socktype_applicable(opts, ai) 105 | && ai_protocol_applicable(opts, ai); 106 | } 107 | 108 | static ssize_t 109 | keydup(const options_t *o, uint8_t **key) 110 | { 111 | size_t size = strlen(o->pskk) / 2; 112 | 113 | *key = malloc(size); 114 | if (!*key) 115 | return -1; 116 | 117 | if (!hex2bin(o->pskk, *key, size)) 118 | return -1; 119 | 120 | return size; 121 | } 122 | 123 | static ssize_t 124 | srv_psk_cb(void *m, const char *username, uint8_t **key) 125 | { 126 | const options_t *o = m; 127 | 128 | if (strcmp(username, o->psku) != 0) 129 | return -1; 130 | 131 | return keydup(o, key); 132 | } 133 | 134 | static ssize_t 135 | clt_psk_cb(void *m, char **username, uint8_t **key) 136 | { 137 | const options_t *o = m; 138 | 139 | *username = strdup(o->psku); 140 | if (!*username) 141 | return -1; 142 | 143 | return keydup(o, key); 144 | } 145 | 146 | static status_t 147 | on_conn(options_t *opts, int con, int in, int out, const struct addrinfo *ai) 148 | { 149 | int outs[] = { out, con }; 150 | struct pollfd pfds[] = { 151 | { .fd = in, .events = POLLIN }, 152 | { .fd = con, .events = POLLIN }, 153 | }; 154 | 155 | if (ai->ai_protocol == IPPROTO_TLS) { 156 | int ret; 157 | 158 | if (opts->listen) { 159 | tls_srv_handshake_t srv = { .misc = opts }; 160 | 161 | if (opts->psku) 162 | srv.psk = srv_psk_cb; 163 | 164 | ret = non_setsockopt(con, IPPROTO_TLS, 165 | TLS_SRV_HANDSHAKE, &srv, sizeof(srv)); 166 | } else { 167 | tls_clt_handshake_t clt = { .misc = opts }; 168 | 169 | if (opts->psku) 170 | clt.psk = clt_psk_cb; 171 | 172 | ret = non_setsockopt(con, IPPROTO_TLS, 173 | TLS_CLT_HANDSHAKE, &clt, sizeof(clt)); 174 | } 175 | 176 | if (ret != 0) { 177 | fprintf(stderr, "%m: Unable to complete TLS handshake!\n"); 178 | shutdown(con, SHUT_RDWR); 179 | return STATUS_FAILURE; 180 | } 181 | } 182 | 183 | while (poll(pfds, 2, -1) >= 0) { 184 | char buffer[64 * 1024] = {}; 185 | ssize_t ret; 186 | 187 | for (int i = 0; i < 2; i++) { 188 | if (!pfds[i].revents) 189 | continue; 190 | 191 | ret = read(pfds[i].fd, buffer, sizeof(buffer)); 192 | if (ret <= 0) { 193 | if (pfds[i].revents != POLLHUP && 194 | (errno == EAGAIN || errno == EWOULDBLOCK)) 195 | continue; 196 | 197 | shutdown(con, SHUT_RDWR); 198 | 199 | if (ret == 0) 200 | return STATUS_SUCCESS; 201 | 202 | if (errno == 0 || (opts->listen && errno == EIO)) 203 | return STATUS_SUCCESS; 204 | 205 | return STATUS_FAILURE; 206 | } 207 | 208 | if (non_write(outs[(i + 1) % 2], buffer, ret) != ret) { 209 | fprintf(stderr, "%m: Error during write()!\n"); 210 | shutdown(con, SHUT_RDWR); 211 | return STATUS_FAILURE; 212 | } 213 | } 214 | } 215 | 216 | fprintf(stderr, "%m: Error during poll()!\n"); 217 | shutdown(con, SHUT_RDWR); 218 | return STATUS_FAILURE; 219 | } 220 | 221 | static status_t 222 | on_sock(options_t *opts, int fd, const struct addrinfo *ai) 223 | { 224 | int out = STDOUT_FILENO; 225 | exe_auto_t *exe = NULL; 226 | int in = STDIN_FILENO; 227 | fd_auto_t con = -1; 228 | 229 | if (opts->exec) { 230 | exe = exe_run(opts->exec, opts->shell, ai->ai_socktype); 231 | if (!exe) { 232 | fprintf(stderr, "%m: error executing '%s'!\n", opts->exec); 233 | return STATUS_FAILURE; 234 | } 235 | 236 | in = out = exe_fd(exe); 237 | } 238 | 239 | if (opts->listen) { 240 | if (bind(fd, ai->ai_addr, ai->ai_addrlen) != 0) 241 | return STATUS_CONTINUE; 242 | 243 | if (listen(fd, 0) != 0) 244 | return STATUS_CONTINUE; 245 | 246 | con = non_accept(fd, NULL, NULL); 247 | if (con < 0) 248 | return STATUS_CONTINUE; 249 | 250 | shutdown(fd, SHUT_RDWR); 251 | } else if (non_connect(fd, ai->ai_addr, ai->ai_addrlen) != 0) { 252 | return STATUS_CONTINUE; 253 | } 254 | 255 | return on_conn(opts, opts->listen ? con : fd, in, out, ai); 256 | } 257 | 258 | int 259 | main(int argc, char *argv[]) 260 | { 261 | addrinfo_auto_t *ai = NULL; 262 | options_t opts = {}; 263 | 264 | signal(SIGPIPE, SIG_IGN); 265 | 266 | if (!opts_parse(&opts, argc, argv)) 267 | return EXIT_FAILURE; 268 | 269 | if (getaddrinfo(opts.host, opts.port, NULL, &ai) != 0) { 270 | fprintf(stderr, "Invalid host (%s) or port (%s)!", opts.host, opts.port); 271 | return EXIT_FAILURE; 272 | } 273 | 274 | for (struct addrinfo *i = ai; i; i = i->ai_next) { 275 | int flags = SOCK_CLOEXEC | opts.block ? 0 : SOCK_NONBLOCK; 276 | fd_auto_t fd = -1; 277 | 278 | if (opts.tls) { 279 | if (!ai_applicable(&opts, i)) 280 | continue; 281 | i->ai_protocol = IPPROTO_TLS; 282 | } 283 | 284 | fd = socket(i->ai_family, i->ai_socktype | flags, i->ai_protocol); 285 | if (fd < 0) 286 | continue; 287 | 288 | switch(on_sock(&opts, fd, i)) { 289 | case STATUS_SUCCESS: return EXIT_SUCCESS; 290 | case STATUS_FAILURE: return EXIT_FAILURE; 291 | case STATUS_CONTINUE: continue; 292 | } 293 | } 294 | 295 | fprintf(stderr, "No valid configuration!\n"); 296 | return EXIT_FAILURE; 297 | } 298 | -------------------------------------------------------------------------------- /lib/tls-openssl.c: -------------------------------------------------------------------------------- 1 | /* vim: set tabstop=8 shiftwidth=2 softtabstop=2 expandtab smarttab colorcolumn=80: */ 2 | /* 3 | * Copyright 2018 Red Hat, Inc. 4 | * 5 | * Author: Nathaniel McCallum 6 | * 7 | * This library is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU Lesser General Public 9 | * License as published by the Free Software Foundation; either 10 | * version 2.1 of the License, or (at your option) any later version. 11 | * 12 | * This library is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | * Lesser General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public 18 | * License along with this library; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 | */ 21 | 22 | #include "core.h" 23 | #include "locks.h" 24 | #include "tls.h" 25 | #include "tlssock.h" 26 | 27 | #include 28 | 29 | #include 30 | #include 31 | #include 32 | 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include 41 | 42 | static BIO_METHOD *stream = NULL; 43 | static BIO_METHOD *dgram = NULL; 44 | 45 | struct tls { 46 | rwlock_t *lock; 47 | size_t ref; 48 | 49 | SSL *ssl; 50 | }; 51 | 52 | static int 53 | o2e(tls_t *tls, int ret) 54 | { 55 | switch (SSL_get_error(tls->ssl, ret)) { 56 | case SSL_ERROR_WANT_CONNECT: 57 | case SSL_ERROR_ZERO_RETURN: 58 | case SSL_ERROR_WANT_ACCEPT: 59 | errno = ENOTCONN; // FIXME 60 | return -1; 61 | 62 | case SSL_ERROR_WANT_WRITE: 63 | case SSL_ERROR_WANT_READ: 64 | errno = EAGAIN; // FIXME 65 | return -1; 66 | 67 | case SSL_ERROR_SYSCALL: 68 | return -1; // errno already set (I think...) 69 | 70 | default: 71 | errno = EIO; // FIXME 72 | return -1; 73 | } 74 | } 75 | 76 | tls_t * 77 | tls_new(void) 78 | { 79 | tls_t *tls = NULL; 80 | 81 | tls = calloc(1, sizeof(*tls)); 82 | if (!tls) 83 | return NULL; 84 | 85 | tls->lock = rwlock_init(); 86 | if (!tls->lock) { 87 | free(tls); 88 | return NULL; 89 | } 90 | 91 | tls->ref = 1; 92 | return tls; 93 | } 94 | 95 | void 96 | tls_cleanup(tls_t **tls) 97 | { 98 | if (tls) 99 | tls_decref(*tls); 100 | } 101 | 102 | tls_t * 103 | tls_incref(tls_t *tls) 104 | { 105 | if (!tls) 106 | return NULL; 107 | { 108 | rwhold_auto_t *hold = rwlock_wrlock(tls->lock); 109 | if (!hold) 110 | return NULL; 111 | 112 | tls->ref++; 113 | } 114 | 115 | return tls; 116 | } 117 | 118 | tls_t * 119 | tls_decref(tls_t *tls) 120 | { 121 | if (!tls) 122 | return NULL; 123 | { 124 | rwhold_auto_t *hold = rwlock_wrlock(tls->lock); 125 | if (!hold) 126 | return NULL; 127 | 128 | if (tls->ref-- > 1) 129 | return tls; 130 | 131 | SSL_free(tls->ssl); 132 | } 133 | 134 | rwlock_free(tls->lock); 135 | memset(tls, 0, sizeof(*tls)); 136 | free(tls); 137 | return NULL; 138 | } 139 | 140 | ssize_t 141 | tls_read(tls_t *tls, int fd, void *buf, size_t count) 142 | { 143 | rwhold_auto_t *hold = rwlock_rdlock(tls->lock); 144 | size_t bytes = 0; 145 | int ret; 146 | 147 | ret = SSL_read_ex(tls->ssl, buf, count, &bytes); 148 | if (ret > 0) 149 | return bytes; 150 | 151 | return o2e(tls, ret); 152 | } 153 | 154 | ssize_t 155 | tls_write(tls_t *tls, int fd, const void *buf, size_t count) 156 | { 157 | rwhold_auto_t *hold = rwlock_rdlock(tls->lock); 158 | size_t bytes = 0; 159 | int ret; 160 | 161 | ret = SSL_write_ex(tls->ssl, buf, count, &bytes); 162 | if (ret > 0) 163 | return bytes; 164 | 165 | return o2e(tls, ret); 166 | } 167 | 168 | int 169 | tls_getsockopt(tls_t *tls, int fd, int optname, void *optval, socklen_t *optlen) 170 | { 171 | errno = ENOSYS; // TODO 172 | return -1; 173 | } 174 | 175 | static unsigned int 176 | psk_clt(SSL *ssl, const char *hint, char *id, unsigned int imax, 177 | unsigned char *psk, unsigned int pmax) 178 | { 179 | const tls_handshake_t *hs = SSL_get_ex_data(ssl, 0); 180 | unsigned int ret = 0; 181 | uint8_t *k = NULL; 182 | char *u = NULL; 183 | ssize_t l = 0; 184 | 185 | l = hs->clt.psk(hs->clt.misc, &u, &k); 186 | if (l < 0) 187 | return 0; 188 | 189 | if (strlen(id) < imax && l <= pmax) { 190 | strcpy(id, u); 191 | memcpy(psk, k, l); 192 | ret = l; 193 | } 194 | 195 | explicit_bzero(u, strlen(u)); 196 | explicit_bzero(k, l); 197 | free(u); 198 | free(k); 199 | return ret; 200 | } 201 | 202 | static unsigned int 203 | psk_srv(SSL *ssl, const char *identity, unsigned char *psk, 204 | unsigned int max_psk_len) 205 | { 206 | const tls_handshake_t *hs = SSL_get_ex_data(ssl, 0); 207 | unsigned int ret = 0; 208 | uint8_t *k = NULL; 209 | ssize_t l = 0; 210 | 211 | l = hs->srv.psk(hs->srv.misc, identity, &k); 212 | if (l < 0) 213 | return 0; 214 | 215 | if (l <= max_psk_len) { 216 | memcpy(psk, k, l); 217 | ret = l; 218 | } 219 | 220 | explicit_bzero(k, l); 221 | free(k); 222 | return ret; 223 | } 224 | 225 | static SSL * 226 | ssl_new(int fd, bool client) 227 | { 228 | SSL_CTX *ctx = NULL; 229 | BIO *bio = NULL; 230 | SSL *ssl = NULL; 231 | int type = 0; 232 | 233 | if (getsockopt_int(fd, SOL_SOCKET, SO_TYPE, &type) < 0) 234 | return NULL; 235 | 236 | ctx = SSL_CTX_new(type == SOCK_STREAM ? TLS_method() : DTLS_method()); 237 | if (!ctx) 238 | goto error; 239 | 240 | bio = BIO_new(type == SOCK_STREAM ? stream : dgram); 241 | if (!bio) 242 | goto error; 243 | 244 | ssl = SSL_new(ctx); 245 | if (!ssl) 246 | goto error; 247 | 248 | if (client) 249 | SSL_set_connect_state(ssl); 250 | else 251 | SSL_set_accept_state(ssl); 252 | 253 | BIO_set_data(bio, (void *) (intptr_t) fd); 254 | SSL_set_bio(ssl, bio, bio); 255 | SSL_CTX_free(ctx); 256 | return ssl; 257 | 258 | error: 259 | SSL_CTX_free(ctx); 260 | BIO_free(bio); 261 | SSL_free(ssl); 262 | 263 | errno = ENOMEM; 264 | return NULL; 265 | } 266 | 267 | int 268 | tls_handshake(tls_t *tls, int fd, bool client, const tls_handshake_t *hs) 269 | { 270 | int ret; 271 | 272 | if (!tls->ssl) { 273 | tls->ssl = ssl_new(fd, client); 274 | if (!tls->ssl) 275 | return -1; 276 | } 277 | 278 | /* Prepare callbacks for the handshake. */ 279 | SSL_set_ex_data(tls->ssl, 0, (void *) hs); 280 | if (client) 281 | SSL_set_psk_client_callback(tls->ssl, hs->clt.psk ? psk_clt : NULL); 282 | else 283 | SSL_set_psk_server_callback(tls->ssl, hs->srv.psk ? psk_srv : NULL); 284 | 285 | ret = SSL_do_handshake(tls->ssl); 286 | 287 | /* Remove callbacks from the handshake. */ 288 | SSL_set_ex_data(tls->ssl, 0, NULL); 289 | if (client) 290 | SSL_set_psk_client_callback(tls->ssl, NULL); 291 | else 292 | SSL_set_psk_server_callback(tls->ssl, NULL); 293 | 294 | if (ret == 1) 295 | return 0; 296 | 297 | return o2e(tls, ret); 298 | } 299 | 300 | static long 301 | bio_ctrl(BIO *bio, int cmd, long iarg, void *parg) 302 | { 303 | switch (cmd) { 304 | case BIO_CTRL_FLUSH: 305 | fsync((int) (intptr_t) BIO_get_data(bio)); 306 | return 1; 307 | 308 | default: 309 | return 0; 310 | } 311 | } 312 | 313 | static int 314 | bio_read_ex(BIO *bio, char *buf, size_t cnt, size_t *bytes) 315 | { 316 | ssize_t ret; 317 | 318 | ret = NEXT(read)((int) (intptr_t) BIO_get_data(bio), buf, cnt); 319 | if (ret <= 0) 320 | return 0; 321 | 322 | *bytes = ret; 323 | return 1; 324 | } 325 | 326 | static int 327 | bio_write_ex(BIO *bio, const char *buf, size_t cnt, size_t *bytes) 328 | { 329 | ssize_t ret; 330 | 331 | ret = NEXT(write)((int) (intptr_t) BIO_get_data(bio), buf, cnt); 332 | if (ret <= 0) 333 | return 0; 334 | 335 | *bytes = ret; 336 | return 1; 337 | } 338 | 339 | static void __attribute__((constructor)) 340 | constructor(void) 341 | { 342 | int sid = BIO_get_new_index() | BIO_TYPE_SOURCE_SINK | BIO_TYPE_DESCRIPTOR; 343 | int did = BIO_get_new_index() | BIO_TYPE_SOURCE_SINK | BIO_TYPE_DESCRIPTOR; 344 | 345 | stream = BIO_meth_new(sid, "tlssocks"); 346 | dgram = BIO_meth_new(did, "tlssockd"); 347 | 348 | BIO_meth_set_ctrl(stream, bio_ctrl); 349 | BIO_meth_set_ctrl(dgram, bio_ctrl); 350 | 351 | BIO_meth_set_ctrl(stream, bio_ctrl); 352 | BIO_meth_set_ctrl(dgram, bio_ctrl); 353 | 354 | BIO_meth_set_read_ex(stream, bio_read_ex); 355 | BIO_meth_set_read_ex(dgram, bio_read_ex); 356 | 357 | BIO_meth_set_write_ex(stream, bio_write_ex); 358 | BIO_meth_set_write_ex(dgram, bio_write_ex); 359 | } 360 | 361 | static void __attribute__((destructor)) 362 | destructor(void) 363 | { 364 | BIO_meth_free(dgram); 365 | BIO_meth_free(stream); 366 | } 367 | -------------------------------------------------------------------------------- /lib/tls-gnutls.c: -------------------------------------------------------------------------------- 1 | /* vim: set tabstop=8 shiftwidth=2 softtabstop=2 expandtab smarttab colorcolumn=80: */ 2 | /* 3 | * Copyright 2018 Red Hat, Inc. 4 | * 5 | * Author: Nathaniel McCallum 6 | * 7 | * This library is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU Lesser General Public 9 | * License as published by the Free Software Foundation; either 10 | * version 2.1 of the License, or (at your option) any later version. 11 | * 12 | * This library is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | * Lesser General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public 18 | * License along with this library; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 | */ 21 | 22 | #include "core.h" 23 | #include "locks.h" 24 | #include "tls.h" 25 | #include "tlssock.h" 26 | 27 | #include 28 | 29 | #include 30 | #include 31 | #include 32 | 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include 41 | 42 | struct tls { 43 | rwlock_t *lock; 44 | size_t ref; 45 | 46 | gnutls_session_t session; 47 | 48 | struct { 49 | union { 50 | struct { 51 | gnutls_psk_client_credentials_t psk; 52 | } clt; 53 | 54 | struct { 55 | gnutls_psk_server_credentials_t psk; 56 | } srv; 57 | }; 58 | } creds; 59 | }; 60 | 61 | static inline int 62 | g2e(int ret) 63 | { 64 | switch (ret) { 65 | case GNUTLS_E_SUCCESS: 66 | return 0; 67 | 68 | case GNUTLS_E_AGAIN: 69 | errno = EAGAIN; 70 | return -1; 71 | 72 | case GNUTLS_E_INTERRUPTED: 73 | errno = EINTR; 74 | return -1; 75 | 76 | case GNUTLS_E_LARGE_PACKET: 77 | errno = EMSGSIZE; 78 | return -1; 79 | 80 | case GNUTLS_E_INSUFFICIENT_CREDENTIALS: 81 | errno = EACCES; // FIXME 82 | return -1; 83 | 84 | default: 85 | if (!gnutls_error_is_fatal(ret)) 86 | return ret; 87 | 88 | errno = EIO; // FIXME 89 | return -1; 90 | } 91 | } 92 | 93 | tls_t * 94 | tls_new(void) 95 | { 96 | tls_t *tls = NULL; 97 | 98 | tls = calloc(1, sizeof(*tls)); 99 | if (!tls) 100 | return NULL; 101 | 102 | tls->lock = rwlock_init(); 103 | if (!tls->lock) { 104 | free(tls); 105 | return NULL; 106 | } 107 | 108 | tls->ref = 1; 109 | return tls; 110 | } 111 | 112 | void 113 | tls_cleanup(tls_t **tls) 114 | { 115 | if (tls) 116 | tls_decref(*tls); 117 | } 118 | 119 | tls_t * 120 | tls_incref(tls_t *tls) 121 | { 122 | if (!tls) 123 | return NULL; 124 | { 125 | rwhold_auto_t *hold = rwlock_wrlock(tls->lock); 126 | if (!hold) 127 | return NULL; 128 | 129 | tls->ref++; 130 | } 131 | 132 | return tls; 133 | } 134 | 135 | static void 136 | tls_creds_clear(tls_t *tls, bool client) 137 | { 138 | if (tls->session) 139 | gnutls_credentials_clear(tls->session); 140 | 141 | if (client) { 142 | if (tls->creds.clt.psk) 143 | gnutls_psk_free_client_credentials(tls->creds.clt.psk); 144 | tls->creds.clt.psk = NULL; 145 | } else { 146 | if (tls->creds.srv.psk) 147 | gnutls_psk_free_server_credentials(tls->creds.srv.psk); 148 | tls->creds.srv.psk = NULL; 149 | } 150 | } 151 | 152 | static void 153 | tls_clear(tls_t *tls) 154 | { 155 | if (!tls || !tls->session) 156 | return; 157 | 158 | tls_creds_clear(tls, gnutls_session_get_flags(tls->session) & GNUTLS_CLIENT); 159 | gnutls_deinit(tls->session); 160 | tls->session = NULL; 161 | } 162 | 163 | tls_t * 164 | tls_decref(tls_t *tls) 165 | { 166 | if (!tls) 167 | return NULL; 168 | 169 | { 170 | rwhold_auto_t *hold = rwlock_wrlock(tls->lock); 171 | if (!hold) 172 | return NULL; 173 | 174 | if (tls->ref-- > 1) 175 | return tls; 176 | 177 | tls_clear(tls); 178 | } 179 | 180 | rwlock_free(tls->lock); 181 | memset(tls, 0, sizeof(*tls)); 182 | return NULL; 183 | } 184 | 185 | ssize_t 186 | tls_read(tls_t *tls, int fd, void *buf, size_t count) 187 | { 188 | rwhold_auto_t *hold = rwlock_rdlock(tls->lock); 189 | return g2e(gnutls_record_recv(tls->session, buf, count)); 190 | } 191 | 192 | ssize_t 193 | tls_write(tls_t *tls, int fd, const void *buf, size_t count) 194 | { 195 | rwhold_auto_t *hold = rwlock_rdlock(tls->lock); 196 | return g2e(gnutls_record_send(tls->session, buf, count)); 197 | } 198 | 199 | int 200 | tls_getsockopt(tls_t *tls, int fd, int optname, void *optval, socklen_t *optlen) 201 | { 202 | errno = ENOSYS; // TODO 203 | return -1; 204 | } 205 | 206 | static ssize_t 207 | pull_func(gnutls_transport_ptr_t ptr, void *buf, size_t count) 208 | { 209 | return NEXT(read)((intptr_t) ptr, buf, count); 210 | } 211 | 212 | static ssize_t 213 | push_func(gnutls_transport_ptr_t ptr, const void *buf, size_t count) 214 | { 215 | return NEXT(write)((intptr_t) ptr, buf, count); 216 | } 217 | 218 | static ssize_t 219 | vec_push_func(gnutls_transport_ptr_t ptr, const giovec_t *iov, int iovcnt) 220 | { 221 | return NEXT(writev)((intptr_t) ptr, iov, iovcnt); 222 | } 223 | 224 | static int 225 | pull_timeout_func(gnutls_transport_ptr_t ptr, unsigned int ms) 226 | { 227 | struct pollfd pfd = { (intptr_t) ptr, POLLIN | POLLPRI }; 228 | int timeout = 0; 229 | 230 | if (ms == GNUTLS_INDEFINITE_TIMEOUT) 231 | timeout = -1; 232 | else if (ms > INT_MAX) 233 | timeout = INT_MAX; 234 | else 235 | timeout = ms; 236 | 237 | return poll(&pfd, 1, timeout); 238 | } 239 | 240 | static int 241 | get_flags(int fd, bool client) 242 | { 243 | int flags = client ? GNUTLS_CLIENT : GNUTLS_SERVER; 244 | int type = 0; 245 | int ret = 0; 246 | 247 | ret = fcntl(fd, F_GETFL); 248 | if (ret < 0) 249 | return ret; 250 | if (ret & O_NONBLOCK) 251 | flags |= GNUTLS_NONBLOCK; 252 | 253 | if (getsockopt_int(fd, SOL_SOCKET, SO_TYPE, &type) < 0) 254 | return -1; 255 | if (type == SOCK_DGRAM) 256 | flags |= GNUTLS_DATAGRAM; 257 | 258 | return flags; 259 | } 260 | 261 | static int 262 | psk_clt(gnutls_session_t session, char **username, gnutls_datum_t *key) 263 | { 264 | const tls_handshake_t *hs = gnutls_session_get_ptr(session); 265 | uint8_t *k = NULL; 266 | char *u = NULL; 267 | ssize_t l = 0; 268 | 269 | l = hs->clt.psk(hs->clt.misc, &u, &k); 270 | if (l < 0) 271 | return -1; 272 | 273 | *username = gnutls_strdup(u); 274 | key->data = gnutls_malloc(l); 275 | key->size = l; 276 | if (key->data) 277 | memcpy(key->data, k, l); 278 | 279 | explicit_bzero(u, strlen(u)); 280 | explicit_bzero(k, l); 281 | free(u); 282 | free(k); 283 | 284 | if (*username && key->data) 285 | return 0; 286 | 287 | if (*username) { 288 | explicit_bzero(*username, strlen(*username)); 289 | gnutls_free(*username); 290 | } 291 | 292 | if (key->data) { 293 | explicit_bzero(key->data, l); 294 | gnutls_free(key->data); 295 | } 296 | 297 | return -1; 298 | } 299 | 300 | static int 301 | psk_srv(gnutls_session_t session, const char *username, gnutls_datum_t *key) 302 | { 303 | const tls_handshake_t *hs = gnutls_session_get_ptr(session); 304 | uint8_t *k = NULL; 305 | ssize_t l = 0; 306 | 307 | l = hs->srv.psk(hs->srv.misc, username, &k); 308 | if (l < 0) 309 | return -1; 310 | 311 | key->data = gnutls_malloc(l); 312 | key->size = l; 313 | if (key->data) 314 | memcpy(key->data, k, l); 315 | 316 | explicit_bzero(k, l); 317 | free(k); 318 | 319 | return key->data ? 0 : -1; 320 | } 321 | 322 | int 323 | tls_handshake(tls_t *tls, int fd, bool client, const tls_handshake_t *hs) 324 | { 325 | int ret = -1; 326 | 327 | if (!tls->session) { 328 | static const char *priority = "+ECDHE-PSK:+DHE-PSK:+PSK"; 329 | int flags = 0; 330 | 331 | flags = get_flags(fd, client); 332 | if (flags < 0) 333 | return flags; 334 | 335 | ret = g2e(gnutls_init(&tls->session, flags)); 336 | if (ret < 0) 337 | return ret; 338 | 339 | gnutls_transport_set_int(tls->session, fd); 340 | gnutls_transport_set_pull_function(tls->session, pull_func); 341 | gnutls_transport_set_push_function(tls->session, push_func); 342 | gnutls_transport_set_vec_push_function(tls->session, vec_push_func); 343 | gnutls_transport_set_pull_timeout_function(tls->session, pull_timeout_func); 344 | gnutls_handshake_set_timeout(tls->session, 0); 345 | 346 | ret = g2e(gnutls_set_default_priority_append(tls->session, priority, NULL, 0)); 347 | if (ret < 0) 348 | goto error; 349 | } 350 | 351 | if (client && hs->clt.psk) { 352 | ret = g2e(gnutls_psk_allocate_client_credentials(&tls->creds.clt.psk)); 353 | if (ret < 0) 354 | goto error; 355 | 356 | gnutls_psk_set_client_credentials_function(tls->creds.clt.psk, psk_clt); 357 | ret = g2e(gnutls_credentials_set(tls->session, GNUTLS_CRD_PSK, 358 | tls->creds.clt.psk)); 359 | if (ret < 0) 360 | goto error; 361 | } else if (!client && hs->srv.psk) { 362 | ret = g2e(gnutls_psk_allocate_server_credentials(&tls->creds.srv.psk)); 363 | if (ret < 0) 364 | goto error; 365 | 366 | gnutls_psk_set_server_credentials_function(tls->creds.srv.psk, psk_srv); 367 | ret = g2e(gnutls_credentials_set(tls->session, GNUTLS_CRD_PSK, 368 | tls->creds.srv.psk)); 369 | if (ret < 0) 370 | goto error; 371 | } 372 | 373 | gnutls_session_set_ptr(tls->session, (void *) hs); 374 | ret = g2e(gnutls_handshake(tls->session)); 375 | gnutls_session_set_ptr(tls->session, NULL); 376 | tls_creds_clear(tls, client); 377 | if (ret >= 0 || errno == EAGAIN) 378 | return ret; 379 | 380 | error: 381 | tls_clear(tls); 382 | return ret; 383 | } 384 | -------------------------------------------------------------------------------- /lib/tlssock.c: -------------------------------------------------------------------------------- 1 | /* vim: set tabstop=8 shiftwidth=2 softtabstop=2 expandtab smarttab colorcolumn=80: */ 2 | /* 3 | * Copyright 2018 Red Hat, Inc. 4 | * 5 | * Author: Nathaniel McCallum 6 | * 7 | * This library is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU Lesser General Public 9 | * License as published by the Free Software Foundation; either 10 | * version 2.1 of the License, or (at your option) any later version. 11 | * 12 | * This library is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | * Lesser General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public 18 | * License along with this library; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 | */ 21 | 22 | #include "core.h" 23 | #include "tlssock.h" 24 | #include "idx.h" 25 | 26 | #include 27 | #include 28 | #include 29 | #include 30 | 31 | static inline bool 32 | is_tls(int fd, int errnum) 33 | { 34 | tls_auto_t *tls = NULL; 35 | tls = idx_get(fd); 36 | if (!tls && errnum != 0) 37 | errno = errnum; 38 | return tls; 39 | } 40 | 41 | static int 42 | inner_protocol(int protocol) 43 | { 44 | switch (protocol) { 45 | case IPPROTO_TLS: return 0; 46 | default: return protocol; 47 | } 48 | } 49 | 50 | static tls_t * 51 | test_tls_new(int fd) 52 | { 53 | int protocol; 54 | int domain; 55 | int type; 56 | 57 | if (getsockopt_int(fd, SOL_SOCKET, SO_DOMAIN, &domain) < 0) 58 | return NULL; 59 | 60 | if (getsockopt_int(fd, SOL_SOCKET, SO_TYPE, &type) < 0) 61 | return NULL; 62 | 63 | if (getsockopt_int(fd, SOL_SOCKET, SO_PROTOCOL, &protocol) < 0) 64 | return NULL; 65 | 66 | if (!is_tls_domain(domain)) { 67 | errno = EINVAL; // FIXME 68 | return NULL; 69 | } 70 | 71 | if (!is_tls_type(type)) { 72 | errno = EINVAL; // FIXME 73 | return NULL; 74 | } 75 | 76 | if (!is_tls_inner_protocol(protocol)) { 77 | errno = EINVAL; // FIXME 78 | return NULL; 79 | } 80 | 81 | return tls_new(); 82 | } 83 | 84 | static const tls_opt_t * 85 | tlsopt(int optname, const void *optval, socklen_t optlen) 86 | { 87 | switch (optname) { 88 | case TLS_CLT_HANDSHAKE: 89 | if (optlen == sizeof(tls_clt_handshake_t)) 90 | return optval; 91 | 92 | errno = EINVAL; 93 | return NULL; 94 | 95 | case TLS_SRV_HANDSHAKE: 96 | if (optlen == sizeof(tls_srv_handshake_t)) 97 | return optval; 98 | 99 | errno = EINVAL; 100 | return NULL; 101 | 102 | default: 103 | errno = ENOPROTOOPT; 104 | return NULL; 105 | } 106 | } 107 | 108 | int 109 | accept(int sockfd, struct sockaddr *addr, socklen_t *addrlen) 110 | { 111 | return accept4(sockfd, addr, addrlen, 0); 112 | } 113 | 114 | int 115 | accept4(int sockfd, struct sockaddr *addr, socklen_t *addrlen, int flags) 116 | { 117 | int fd; 118 | 119 | fd = NEXT(accept4)(sockfd, addr, addrlen, flags); 120 | 121 | if (fd >= 0) { 122 | tls_auto_t *lis = NULL; 123 | 124 | lis = idx_get(sockfd); 125 | if (lis) { 126 | tls_auto_t *con = NULL; 127 | 128 | con = test_tls_new(fd); 129 | if (!con || !idx_set(fd, con, NULL)) { 130 | close(fd); 131 | return -1; 132 | } 133 | } 134 | } 135 | 136 | return fd; 137 | } 138 | 139 | int 140 | close(int fd) 141 | { 142 | idx_del(fd); 143 | return NEXT(close)(fd); 144 | } 145 | 146 | int 147 | dup(int oldfd) 148 | { 149 | return is_tls(oldfd, ENOTSUP) ? -1 : 150 | NEXT(dup)(oldfd); 151 | } 152 | 153 | int 154 | dup2(int oldfd, int newfd) 155 | { 156 | return is_tls(oldfd, ENOTSUP) ? -1 : 157 | NEXT(dup2)(oldfd, newfd); 158 | } 159 | 160 | FILE * 161 | fdopen(int fd, const char *mode) 162 | { 163 | return is_tls(fd, ENOTSUP) ? NULL : 164 | NEXT(fdopen)(fd, mode); 165 | } 166 | 167 | int 168 | getsockopt(int sockfd, int level, int optname, void *optval, socklen_t *optlen) 169 | { 170 | int *prot = optval; 171 | int ret; 172 | 173 | /* Pass TLS level options into the tls_t layer. */ 174 | if (level == IPPROTO_TLS) { 175 | tls_auto_t *tls = NULL; 176 | 177 | tls = idx_get(sockfd); 178 | if (!tls) { 179 | errno = EINVAL; // FIXME 180 | return -1; 181 | } 182 | 183 | return tls_getsockopt(tls, sockfd, optname, optval, optlen); 184 | } 185 | 186 | ret = NEXT(getsockopt)(sockfd, level, optname, optval, optlen); 187 | 188 | /* Translate the inner protocol to the outer one. */ 189 | if (ret >= 0 && level == SOL_SOCKET && optname == SO_PROTOCOL && 190 | is_tls_inner_protocol(*prot)) { 191 | tls_auto_t *tls = NULL; 192 | 193 | if (*optlen != sizeof(*prot)) { 194 | errno = EINVAL; // FIXME 195 | return -1; 196 | } 197 | 198 | tls = idx_get(sockfd); 199 | if (tls) 200 | *prot = IPPROTO_TLS; 201 | } 202 | 203 | return ret; 204 | } 205 | 206 | ssize_t 207 | read(int fd, void *buf, size_t count) 208 | { 209 | tls_auto_t *tls = NULL; 210 | 211 | tls = idx_get(fd); 212 | if (!tls) 213 | return NEXT(read)(fd, buf, count); 214 | 215 | return tls_read(tls, fd, buf, count); 216 | } 217 | 218 | ssize_t 219 | recv(int sockfd, void *buf, size_t len, int flags) 220 | { 221 | tls_auto_t *tls = NULL; 222 | 223 | tls = idx_get(sockfd); 224 | if (!tls) 225 | return NEXT(recv)(sockfd, buf, len, flags); 226 | 227 | if (flags != 0) 228 | return EINVAL; // FIXME 229 | 230 | return tls_read(tls, sockfd, buf, len); 231 | } 232 | 233 | ssize_t 234 | recvfrom(int sockfd, void *buf, size_t len, int flags, 235 | struct sockaddr *src_addr, socklen_t *addrlen) 236 | { 237 | if (src_addr == NULL && addrlen == NULL) 238 | return recv(sockfd, buf, len, flags); 239 | 240 | return is_tls(sockfd, ENOSYS) ? -1 : // TODO 241 | NEXT(recvfrom)(sockfd, buf, len, flags, src_addr, addrlen); 242 | } 243 | 244 | ssize_t 245 | recvmsg(int sockfd, struct msghdr *msg, int flags) 246 | { 247 | return is_tls(sockfd, ENOSYS) ? -1 : // TODO 248 | NEXT(recvmsg)(sockfd, msg, flags); 249 | } 250 | 251 | ssize_t 252 | send(int sockfd, const void *buf, size_t len, int flags) 253 | { 254 | tls_auto_t *tls = NULL; 255 | 256 | tls = idx_get(sockfd); 257 | if (!tls) 258 | return NEXT(send)(sockfd, buf, len, flags); 259 | 260 | if (flags != 0) 261 | return EINVAL; // FIXME 262 | 263 | return tls_write(tls, sockfd, buf, len); 264 | } 265 | 266 | ssize_t 267 | sendto(int sockfd, const void *buf, size_t len, int flags, 268 | const struct sockaddr *dest_addr, socklen_t addrlen) 269 | { 270 | if (dest_addr == NULL && addrlen == 0) 271 | return send(sockfd, buf, len, flags); 272 | 273 | return is_tls(sockfd, ENOSYS) ? -1 : // TODO 274 | NEXT(sendto)(sockfd, buf, len, flags, dest_addr, addrlen); 275 | } 276 | 277 | ssize_t 278 | sendmsg(int sockfd, const struct msghdr *msg, int flags) 279 | { 280 | return is_tls(sockfd, ENOSYS) ? -1 : // TODO 281 | NEXT(sendmsg)(sockfd, msg, flags); 282 | } 283 | 284 | int 285 | setsockopt(int sockfd, int level, int optname, 286 | const void *optval, socklen_t optlen) 287 | { 288 | tls_auto_t *already = NULL; 289 | tls_auto_t *tls = NULL; 290 | 291 | /* Pass TLS level options into the tls_t layer. */ 292 | if (level == IPPROTO_TLS) { 293 | const tls_opt_t *opt; 294 | 295 | opt = tlsopt(optname, optval, optlen); 296 | if (!opt) 297 | return -1; 298 | 299 | tls = idx_get(sockfd); 300 | if (!tls) { 301 | errno = EINVAL; // FIXME 302 | return -1; 303 | } 304 | 305 | switch (optname) { 306 | case TLS_CLT_HANDSHAKE: 307 | return tls_handshake(tls, sockfd, true, &opt->handshake); 308 | 309 | case TLS_SRV_HANDSHAKE: 310 | return tls_handshake(tls, sockfd, false, &opt->handshake); 311 | } 312 | } 313 | 314 | /* We only override SO_PROTOCOL on SOL_SOCKET. */ 315 | if (level != SOL_SOCKET || optname != SO_PROTOCOL) 316 | return NEXT(setsockopt)(sockfd, level, optname, optval, optlen); 317 | 318 | /* Confirm the correct size of the input. */ 319 | if (optlen != sizeof(int)) { 320 | errno = EINVAL; // FIXME 321 | return -1; 322 | } 323 | 324 | const int *const protocol = optval; 325 | 326 | /* The caller wants to transition to TLS. */ 327 | if (*protocol == IPPROTO_TLS) { 328 | /* Create the new TLS instance. */ 329 | tls = test_tls_new(sockfd); 330 | if (!tls) 331 | return -1; 332 | 333 | /* If setting the TLS instance worked, we're now TLS. */ 334 | if (idx_set(sockfd, tls, &already)) 335 | return 0; 336 | 337 | if (already) 338 | errno = EALREADY; // FIXME 339 | 340 | return -1; 341 | 342 | /* The caller wants to transition to non-TLS. */ 343 | } else { 344 | /* If deletion succeeded, then transition was successful. */ 345 | if (idx_del(sockfd)) 346 | return 0; 347 | 348 | /* If the error is that there was no entry, 349 | * then indicated that we are already non-TLS. */ 350 | if (errno == ENOENT) 351 | errno = EALREADY; // FIXME 352 | 353 | return -1; 354 | } 355 | } 356 | 357 | int 358 | socket(int domain, int type, int protocol) 359 | { 360 | tls_auto_t *tls = NULL; 361 | int fd = -1; 362 | 363 | fd = NEXT(socket)(domain, type, inner_protocol(protocol)); 364 | if (fd < 0) 365 | return fd; 366 | 367 | switch (protocol) { 368 | case IPPROTO_TLS: 369 | tls = test_tls_new(fd); 370 | if (!tls || !idx_set(fd, tls, NULL)) { 371 | close(fd); 372 | return -1; 373 | } 374 | } 375 | 376 | return fd; 377 | } 378 | 379 | ssize_t 380 | write(int fd, const void *buf, size_t count) 381 | { 382 | tls_auto_t *tls = NULL; 383 | 384 | tls = idx_get(fd); 385 | if (!tls) 386 | return NEXT(write)(fd, buf, count); 387 | 388 | return tls_write(tls, fd, buf, count); 389 | } 390 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /COPYING: -------------------------------------------------------------------------------- 1 | GNU LESSER GENERAL PUBLIC LICENSE 2 | Version 2.1, February 1999 3 | 4 | Copyright (C) 1991, 1999 Free Software Foundation, Inc. 5 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 6 | Everyone is permitted to copy and distribute verbatim copies 7 | of this license document, but changing it is not allowed. 8 | 9 | [This is the first released version of the Lesser GPL. It also counts 10 | as the successor of the GNU Library Public License, version 2, hence 11 | the version number 2.1.] 12 | 13 | Preamble 14 | 15 | The licenses for most software are designed to take away your 16 | freedom to share and change it. By contrast, the GNU General Public 17 | Licenses are intended to guarantee your freedom to share and change 18 | free software--to make sure the software is free for all its users. 19 | 20 | This license, the Lesser General Public License, applies to some 21 | specially designated software packages--typically libraries--of the 22 | Free Software Foundation and other authors who decide to use it. You 23 | can use it too, but we suggest you first think carefully about whether 24 | this license or the ordinary General Public License is the better 25 | strategy to use in any particular case, based on the explanations below. 26 | 27 | When we speak of free software, we are referring to freedom of use, 28 | not price. Our General Public Licenses are designed to make sure that 29 | you have the freedom to distribute copies of free software (and charge 30 | for this service if you wish); that you receive source code or can get 31 | it if you want it; that you can change the software and use pieces of 32 | it in new free programs; and that you are informed that you can do 33 | these things. 34 | 35 | To protect your rights, we need to make restrictions that forbid 36 | distributors to deny you these rights or to ask you to surrender these 37 | rights. These restrictions translate to certain responsibilities for 38 | you if you distribute copies of the library or if you modify it. 39 | 40 | For example, if you distribute copies of the library, whether gratis 41 | or for a fee, you must give the recipients all the rights that we gave 42 | you. You must make sure that they, too, receive or can get the source 43 | code. If you link other code with the library, you must provide 44 | complete object files to the recipients, so that they can relink them 45 | with the library after making changes to the library and recompiling 46 | it. And you must show them these terms so they know their rights. 47 | 48 | We protect your rights with a two-step method: (1) we copyright the 49 | library, and (2) we offer you this license, which gives you legal 50 | permission to copy, distribute and/or modify the library. 51 | 52 | To protect each distributor, we want to make it very clear that 53 | there is no warranty for the free library. Also, if the library is 54 | modified by someone else and passed on, the recipients should know 55 | that what they have is not the original version, so that the original 56 | author's reputation will not be affected by problems that might be 57 | introduced by others. 58 | 59 | Finally, software patents pose a constant threat to the existence of 60 | any free program. We wish to make sure that a company cannot 61 | effectively restrict the users of a free program by obtaining a 62 | restrictive license from a patent holder. Therefore, we insist that 63 | any patent license obtained for a version of the library must be 64 | consistent with the full freedom of use specified in this license. 65 | 66 | Most GNU software, including some libraries, is covered by the 67 | ordinary GNU General Public License. This license, the GNU Lesser 68 | General Public License, applies to certain designated libraries, and 69 | is quite different from the ordinary General Public License. We use 70 | this license for certain libraries in order to permit linking those 71 | libraries into non-free programs. 72 | 73 | When a program is linked with a library, whether statically or using 74 | a shared library, the combination of the two is legally speaking a 75 | combined work, a derivative of the original library. The ordinary 76 | General Public License therefore permits such linking only if the 77 | entire combination fits its criteria of freedom. The Lesser General 78 | Public License permits more lax criteria for linking other code with 79 | the library. 80 | 81 | We call this license the "Lesser" General Public License because it 82 | does Less to protect the user's freedom than the ordinary General 83 | Public License. It also provides other free software developers Less 84 | of an advantage over competing non-free programs. These disadvantages 85 | are the reason we use the ordinary General Public License for many 86 | libraries. However, the Lesser license provides advantages in certain 87 | special circumstances. 88 | 89 | For example, on rare occasions, there may be a special need to 90 | encourage the widest possible use of a certain library, so that it becomes 91 | a de-facto standard. To achieve this, non-free programs must be 92 | allowed to use the library. A more frequent case is that a free 93 | library does the same job as widely used non-free libraries. In this 94 | case, there is little to gain by limiting the free library to free 95 | software only, so we use the Lesser General Public License. 96 | 97 | In other cases, permission to use a particular library in non-free 98 | programs enables a greater number of people to use a large body of 99 | free software. For example, permission to use the GNU C Library in 100 | non-free programs enables many more people to use the whole GNU 101 | operating system, as well as its variant, the GNU/Linux operating 102 | system. 103 | 104 | Although the Lesser General Public License is Less protective of the 105 | users' freedom, it does ensure that the user of a program that is 106 | linked with the Library has the freedom and the wherewithal to run 107 | that program using a modified version of the Library. 108 | 109 | The precise terms and conditions for copying, distribution and 110 | modification follow. Pay close attention to the difference between a 111 | "work based on the library" and a "work that uses the library". The 112 | former contains code derived from the library, whereas the latter must 113 | be combined with the library in order to run. 114 | 115 | GNU LESSER GENERAL PUBLIC LICENSE 116 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 117 | 118 | 0. This License Agreement applies to any software library or other 119 | program which contains a notice placed by the copyright holder or 120 | other authorized party saying it may be distributed under the terms of 121 | this Lesser General Public License (also called "this License"). 122 | Each licensee is addressed as "you". 123 | 124 | A "library" means a collection of software functions and/or data 125 | prepared so as to be conveniently linked with application programs 126 | (which use some of those functions and data) to form executables. 127 | 128 | The "Library", below, refers to any such software library or work 129 | which has been distributed under these terms. A "work based on the 130 | Library" means either the Library or any derivative work under 131 | copyright law: that is to say, a work containing the Library or a 132 | portion of it, either verbatim or with modifications and/or translated 133 | straightforwardly into another language. (Hereinafter, translation is 134 | included without limitation in the term "modification".) 135 | 136 | "Source code" for a work means the preferred form of the work for 137 | making modifications to it. For a library, complete source code means 138 | all the source code for all modules it contains, plus any associated 139 | interface definition files, plus the scripts used to control compilation 140 | and installation of the library. 141 | 142 | Activities other than copying, distribution and modification are not 143 | covered by this License; they are outside its scope. The act of 144 | running a program using the Library is not restricted, and output from 145 | such a program is covered only if its contents constitute a work based 146 | on the Library (independent of the use of the Library in a tool for 147 | writing it). Whether that is true depends on what the Library does 148 | and what the program that uses the Library does. 149 | 150 | 1. You may copy and distribute verbatim copies of the Library's 151 | complete source code as you receive it, in any medium, provided that 152 | you conspicuously and appropriately publish on each copy an 153 | appropriate copyright notice and disclaimer of warranty; keep intact 154 | all the notices that refer to this License and to the absence of any 155 | warranty; and distribute a copy of this License along with the 156 | Library. 157 | 158 | You may charge a fee for the physical act of transferring a copy, 159 | and you may at your option offer warranty protection in exchange for a 160 | fee. 161 | 162 | 2. You may modify your copy or copies of the Library or any portion 163 | of it, thus forming a work based on the Library, and copy and 164 | distribute such modifications or work under the terms of Section 1 165 | above, provided that you also meet all of these conditions: 166 | 167 | a) The modified work must itself be a software library. 168 | 169 | b) You must cause the files modified to carry prominent notices 170 | stating that you changed the files and the date of any change. 171 | 172 | c) You must cause the whole of the work to be licensed at no 173 | charge to all third parties under the terms of this License. 174 | 175 | d) If a facility in the modified Library refers to a function or a 176 | table of data to be supplied by an application program that uses 177 | the facility, other than as an argument passed when the facility 178 | is invoked, then you must make a good faith effort to ensure that, 179 | in the event an application does not supply such function or 180 | table, the facility still operates, and performs whatever part of 181 | its purpose remains meaningful. 182 | 183 | (For example, a function in a library to compute square roots has 184 | a purpose that is entirely well-defined independent of the 185 | application. Therefore, Subsection 2d requires that any 186 | application-supplied function or table used by this function must 187 | be optional: if the application does not supply it, the square 188 | root function must still compute square roots.) 189 | 190 | These requirements apply to the modified work as a whole. If 191 | identifiable sections of that work are not derived from the Library, 192 | and can be reasonably considered independent and separate works in 193 | themselves, then this License, and its terms, do not apply to those 194 | sections when you distribute them as separate works. But when you 195 | distribute the same sections as part of a whole which is a work based 196 | on the Library, the distribution of the whole must be on the terms of 197 | this License, whose permissions for other licensees extend to the 198 | entire whole, and thus to each and every part regardless of who wrote 199 | it. 200 | 201 | Thus, it is not the intent of this section to claim rights or contest 202 | your rights to work written entirely by you; rather, the intent is to 203 | exercise the right to control the distribution of derivative or 204 | collective works based on the Library. 205 | 206 | In addition, mere aggregation of another work not based on the Library 207 | with the Library (or with a work based on the Library) on a volume of 208 | a storage or distribution medium does not bring the other work under 209 | the scope of this License. 210 | 211 | 3. You may opt to apply the terms of the ordinary GNU General Public 212 | License instead of this License to a given copy of the Library. To do 213 | this, you must alter all the notices that refer to this License, so 214 | that they refer to the ordinary GNU General Public License, version 2, 215 | instead of to this License. (If a newer version than version 2 of the 216 | ordinary GNU General Public License has appeared, then you can specify 217 | that version instead if you wish.) Do not make any other change in 218 | these notices. 219 | 220 | Once this change is made in a given copy, it is irreversible for 221 | that copy, so the ordinary GNU General Public License applies to all 222 | subsequent copies and derivative works made from that copy. 223 | 224 | This option is useful when you wish to copy part of the code of 225 | the Library into a program that is not a library. 226 | 227 | 4. You may copy and distribute the Library (or a portion or 228 | derivative of it, under Section 2) in object code or executable form 229 | under the terms of Sections 1 and 2 above provided that you accompany 230 | it with the complete corresponding machine-readable source code, which 231 | must be distributed under the terms of Sections 1 and 2 above on a 232 | medium customarily used for software interchange. 233 | 234 | If distribution of object code is made by offering access to copy 235 | from a designated place, then offering equivalent access to copy the 236 | source code from the same place satisfies the requirement to 237 | distribute the source code, even though third parties are not 238 | compelled to copy the source along with the object code. 239 | 240 | 5. A program that contains no derivative of any portion of the 241 | Library, but is designed to work with the Library by being compiled or 242 | linked with it, is called a "work that uses the Library". Such a 243 | work, in isolation, is not a derivative work of the Library, and 244 | therefore falls outside the scope of this License. 245 | 246 | However, linking a "work that uses the Library" with the Library 247 | creates an executable that is a derivative of the Library (because it 248 | contains portions of the Library), rather than a "work that uses the 249 | library". The executable is therefore covered by this License. 250 | Section 6 states terms for distribution of such executables. 251 | 252 | When a "work that uses the Library" uses material from a header file 253 | that is part of the Library, the object code for the work may be a 254 | derivative work of the Library even though the source code is not. 255 | Whether this is true is especially significant if the work can be 256 | linked without the Library, or if the work is itself a library. The 257 | threshold for this to be true is not precisely defined by law. 258 | 259 | If such an object file uses only numerical parameters, data 260 | structure layouts and accessors, and small macros and small inline 261 | functions (ten lines or less in length), then the use of the object 262 | file is unrestricted, regardless of whether it is legally a derivative 263 | work. (Executables containing this object code plus portions of the 264 | Library will still fall under Section 6.) 265 | 266 | Otherwise, if the work is a derivative of the Library, you may 267 | distribute the object code for the work under the terms of Section 6. 268 | Any executables containing that work also fall under Section 6, 269 | whether or not they are linked directly with the Library itself. 270 | 271 | 6. As an exception to the Sections above, you may also combine or 272 | link a "work that uses the Library" with the Library to produce a 273 | work containing portions of the Library, and distribute that work 274 | under terms of your choice, provided that the terms permit 275 | modification of the work for the customer's own use and reverse 276 | engineering for debugging such modifications. 277 | 278 | You must give prominent notice with each copy of the work that the 279 | Library is used in it and that the Library and its use are covered by 280 | this License. You must supply a copy of this License. If the work 281 | during execution displays copyright notices, you must include the 282 | copyright notice for the Library among them, as well as a reference 283 | directing the user to the copy of this License. Also, you must do one 284 | of these things: 285 | 286 | a) Accompany the work with the complete corresponding 287 | machine-readable source code for the Library including whatever 288 | changes were used in the work (which must be distributed under 289 | Sections 1 and 2 above); and, if the work is an executable linked 290 | with the Library, with the complete machine-readable "work that 291 | uses the Library", as object code and/or source code, so that the 292 | user can modify the Library and then relink to produce a modified 293 | executable containing the modified Library. (It is understood 294 | that the user who changes the contents of definitions files in the 295 | Library will not necessarily be able to recompile the application 296 | to use the modified definitions.) 297 | 298 | b) Use a suitable shared library mechanism for linking with the 299 | Library. A suitable mechanism is one that (1) uses at run time a 300 | copy of the library already present on the user's computer system, 301 | rather than copying library functions into the executable, and (2) 302 | will operate properly with a modified version of the library, if 303 | the user installs one, as long as the modified version is 304 | interface-compatible with the version that the work was made with. 305 | 306 | c) Accompany the work with a written offer, valid for at 307 | least three years, to give the same user the materials 308 | specified in Subsection 6a, above, for a charge no more 309 | than the cost of performing this distribution. 310 | 311 | d) If distribution of the work is made by offering access to copy 312 | from a designated place, offer equivalent access to copy the above 313 | specified materials from the same place. 314 | 315 | e) Verify that the user has already received a copy of these 316 | materials or that you have already sent this user a copy. 317 | 318 | For an executable, the required form of the "work that uses the 319 | Library" must include any data and utility programs needed for 320 | reproducing the executable from it. However, as a special exception, 321 | the materials to be distributed need not include anything that is 322 | normally distributed (in either source or binary form) with the major 323 | components (compiler, kernel, and so on) of the operating system on 324 | which the executable runs, unless that component itself accompanies 325 | the executable. 326 | 327 | It may happen that this requirement contradicts the license 328 | restrictions of other proprietary libraries that do not normally 329 | accompany the operating system. Such a contradiction means you cannot 330 | use both them and the Library together in an executable that you 331 | distribute. 332 | 333 | 7. You may place library facilities that are a work based on the 334 | Library side-by-side in a single library together with other library 335 | facilities not covered by this License, and distribute such a combined 336 | library, provided that the separate distribution of the work based on 337 | the Library and of the other library facilities is otherwise 338 | permitted, and provided that you do these two things: 339 | 340 | a) Accompany the combined library with a copy of the same work 341 | based on the Library, uncombined with any other library 342 | facilities. This must be distributed under the terms of the 343 | Sections above. 344 | 345 | b) Give prominent notice with the combined library of the fact 346 | that part of it is a work based on the Library, and explaining 347 | where to find the accompanying uncombined form of the same work. 348 | 349 | 8. You may not copy, modify, sublicense, link with, or distribute 350 | the Library except as expressly provided under this License. Any 351 | attempt otherwise to copy, modify, sublicense, link with, or 352 | distribute the Library is void, and will automatically terminate your 353 | rights under this License. However, parties who have received copies, 354 | or rights, from you under this License will not have their licenses 355 | terminated so long as such parties remain in full compliance. 356 | 357 | 9. You are not required to accept this License, since you have not 358 | signed it. However, nothing else grants you permission to modify or 359 | distribute the Library or its derivative works. These actions are 360 | prohibited by law if you do not accept this License. Therefore, by 361 | modifying or distributing the Library (or any work based on the 362 | Library), you indicate your acceptance of this License to do so, and 363 | all its terms and conditions for copying, distributing or modifying 364 | the Library or works based on it. 365 | 366 | 10. Each time you redistribute the Library (or any work based on the 367 | Library), the recipient automatically receives a license from the 368 | original licensor to copy, distribute, link with or modify the Library 369 | subject to these terms and conditions. You may not impose any further 370 | restrictions on the recipients' exercise of the rights granted herein. 371 | You are not responsible for enforcing compliance by third parties with 372 | this License. 373 | 374 | 11. If, as a consequence of a court judgment or allegation of patent 375 | infringement or for any other reason (not limited to patent issues), 376 | conditions are imposed on you (whether by court order, agreement or 377 | otherwise) that contradict the conditions of this License, they do not 378 | excuse you from the conditions of this License. If you cannot 379 | distribute so as to satisfy simultaneously your obligations under this 380 | License and any other pertinent obligations, then as a consequence you 381 | may not distribute the Library at all. For example, if a patent 382 | license would not permit royalty-free redistribution of the Library by 383 | all those who receive copies directly or indirectly through you, then 384 | the only way you could satisfy both it and this License would be to 385 | refrain entirely from distribution of the Library. 386 | 387 | If any portion of this section is held invalid or unenforceable under any 388 | particular circumstance, the balance of the section is intended to apply, 389 | and the section as a whole is intended to apply in other circumstances. 390 | 391 | It is not the purpose of this section to induce you to infringe any 392 | patents or other property right claims or to contest validity of any 393 | such claims; this section has the sole purpose of protecting the 394 | integrity of the free software distribution system which is 395 | implemented by public license practices. Many people have made 396 | generous contributions to the wide range of software distributed 397 | through that system in reliance on consistent application of that 398 | system; it is up to the author/donor to decide if he or she is willing 399 | to distribute software through any other system and a licensee cannot 400 | impose that choice. 401 | 402 | This section is intended to make thoroughly clear what is believed to 403 | be a consequence of the rest of this License. 404 | 405 | 12. If the distribution and/or use of the Library is restricted in 406 | certain countries either by patents or by copyrighted interfaces, the 407 | original copyright holder who places the Library under this License may add 408 | an explicit geographical distribution limitation excluding those countries, 409 | so that distribution is permitted only in or among countries not thus 410 | excluded. In such case, this License incorporates the limitation as if 411 | written in the body of this License. 412 | 413 | 13. The Free Software Foundation may publish revised and/or new 414 | versions of the Lesser General Public License from time to time. 415 | Such new versions will be similar in spirit to the present version, 416 | but may differ in detail to address new problems or concerns. 417 | 418 | Each version is given a distinguishing version number. If the Library 419 | specifies a version number of this License which applies to it and 420 | "any later version", you have the option of following the terms and 421 | conditions either of that version or of any later version published by 422 | the Free Software Foundation. If the Library does not specify a 423 | license version number, you may choose any version ever published by 424 | the Free Software Foundation. 425 | 426 | 14. If you wish to incorporate parts of the Library into other free 427 | programs whose distribution conditions are incompatible with these, 428 | write to the author to ask for permission. For software which is 429 | copyrighted by the Free Software Foundation, write to the Free 430 | Software Foundation; we sometimes make exceptions for this. Our 431 | decision will be guided by the two goals of preserving the free status 432 | of all derivatives of our free software and of promoting the sharing 433 | and reuse of software generally. 434 | 435 | NO WARRANTY 436 | 437 | 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO 438 | WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. 439 | EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR 440 | OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY 441 | KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE 442 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 443 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE 444 | LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME 445 | THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 446 | 447 | 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN 448 | WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY 449 | AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU 450 | FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR 451 | CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE 452 | LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING 453 | RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A 454 | FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF 455 | SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH 456 | DAMAGES. 457 | 458 | END OF TERMS AND CONDITIONS 459 | 460 | How to Apply These Terms to Your New Libraries 461 | 462 | If you develop a new library, and you want it to be of the greatest 463 | possible use to the public, we recommend making it free software that 464 | everyone can redistribute and change. You can do so by permitting 465 | redistribution under these terms (or, alternatively, under the terms of the 466 | ordinary General Public License). 467 | 468 | To apply these terms, attach the following notices to the library. It is 469 | safest to attach them to the start of each source file to most effectively 470 | convey the exclusion of warranty; and each file should have at least the 471 | "copyright" line and a pointer to where the full notice is found. 472 | 473 | 474 | Copyright (C) 475 | 476 | This library is free software; you can redistribute it and/or 477 | modify it under the terms of the GNU Lesser General Public 478 | License as published by the Free Software Foundation; either 479 | version 2.1 of the License, or (at your option) any later version. 480 | 481 | This library is distributed in the hope that it will be useful, 482 | but WITHOUT ANY WARRANTY; without even the implied warranty of 483 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 484 | Lesser General Public License for more details. 485 | 486 | You should have received a copy of the GNU Lesser General Public 487 | License along with this library; if not, write to the Free Software 488 | Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 489 | 490 | Also add information on how to contact you by electronic and paper mail. 491 | 492 | You should also get your employer (if you work as a programmer) or your 493 | school, if any, to sign a "copyright disclaimer" for the library, if 494 | necessary. Here is a sample; alter the names: 495 | 496 | Yoyodyne, Inc., hereby disclaims all copyright interest in the 497 | library `Frob' (a library for tweaking knobs) written by James Random Hacker. 498 | 499 | , 1 April 1990 500 | Ty Coon, President of Vice 501 | 502 | That's all there is to it! 503 | --------------------------------------------------------------------------------