Andre Noll [Fri, 31 Aug 2018 10:59:06 +0000 (12:59 +0200)]
manual: Instruct the user to create RFC4716 keys.
We support both types of keys, but it would be lovely to get rid of
the open-coded parser for PEM keys in grcypt.c. This is the first
step to deprecate the use of PEM keys.
Andre Noll [Thu, 30 Aug 2018 13:32:34 +0000 (15:32 +0200)]
openssl: Add support for RFC4716 keys
The decode_private_key() helper of gcrypt.c base64-decodes the key
but does not read the RSA bignums. It is thus independent of gcrypt
and openssl. To add support for RFC4716 keys to the openssl backend,
we need to move it to crypt_common.c, making it a crypo backend
function. That is, non-static and declared in crypt_backend.h. The
patch also documents the function using doxgen comments.
With decode_private_key() and find_openssh_bignum_offset() to
our disposal, supporting RFC4716 keys is simple. We only need to
initialize the openssl-specific rsa structure with the six bignums
stored in a private RFC4716 key. This is implemented in the new
read_private_rsa_params() which calls the existing read_bignum()
six times.
The fields of the rsa structure are exposed to applications in
openssl-1.0, but the structure was made opaque in openssl-1.1. We
use the existing HAVE_RSA_SET0_KEY macro to decide whether or not
we must use the accessor functions of openssl-1.1 to initialize the
rsa structure.
Andre Noll [Tue, 28 Aug 2018 18:38:52 +0000 (20:38 +0200)]
gcrypt: Add support for RFC4716 private keys.
This teaches the gcrypt backend to parse private keys generated
with ssh-keygen -m RFC4716. Support for the openssl backend will be
implemented in a subsequent patch. The new find_openssh_bignum_offset()
is independent of the gcrypt API. We put this function into
crypt_common.c rather then into gcrypt.c so that openssh.c can also
use it.
Andre Noll [Tue, 28 Aug 2018 19:38:33 +0000 (21:38 +0200)]
crypt: Rename decoding functions.
decode_ssh_key() and decode_key() operate on public and private keys
respectively. This should be obvious from the naming. Also, the
two functions will soon be grouped together in the same file. The
inconsistent naming would even increase the possible confusion,
so it's better to rename the functions now.
Andre Noll [Wed, 29 Aug 2018 10:20:39 +0000 (12:20 +0200)]
gcrypt: Introduce read_openssh_bignum().
This functionality was open-coded twice in apc_get_pubkey() which
reads the two public rsa params. Use the new function instead to
get rid of the duplication. It will be turn out to be useful for
the subsequent work which adds support for RFC4716 keys. Since the
function is specific to libgcrypt, it has to stay in gcrypt.c.
Andre Noll [Tue, 28 Aug 2018 18:50:53 +0000 (20:50 +0200)]
gcrypt: Factor out read_pem_rsa_params().
We'll soon add a similar function which reads bignums from an RFC4716
key file, so it's good to separate this functionality from the rest
of get_private_key().
The patch also introduces struct rsa_params which contains
the six bignums used for RSA private key operations. This way
read_pem_rsa_params() only needs three arguments.
Andre Noll [Tue, 28 Aug 2018 18:18:02 +0000 (20:18 +0200)]
gcrypt: Let read_bignum() return bits, not bytes.
Callers need this to check if the size of the public key is acceptable.
Since sizes of cryptographic keys are generally measured in bits,
its natural to return bits here.
Andre Noll [Mon, 27 Aug 2018 16:32:58 +0000 (18:32 +0200)]
gcrypt: Let decode_key() return blob size through additional argument.
Currently we communicate the blob size through the return value, which
implies an implicit conversion from size_t to int. The new blob_size
argument guarantees type safety and simplifies the logic a bit.
After this patch the return value is only used for the (negative)
error code in the failure case while non-negative return values have
no meaning other than indicating success. Therefore this change also
allows us to convey the key type via the return value. This will turn
out to be handy for supporting RFC4716 keys.
Andre Noll [Sat, 8 Sep 2018 18:31:38 +0000 (20:31 +0200)]
Improve description of para_play.
For one, there is no stop command. Furthermore, make it clear that
the path and the playback position are shown *instead of* the prompt
and the command line.
Andre Noll [Wed, 5 Sep 2018 10:13:35 +0000 (12:13 +0200)]
blob: Avoid direct access to blob IDs.
Some places of blob.c use read_u32() to get the blob ID from the
osl object while others directly access the mapped memory through
a uint32_t pointer. Besides alignment issues, this causes trouble
on big endian machines. Make sure we always use the primitives from
portable_io.h.
Andre Noll [Wed, 19 Sep 2018 19:08:14 +0000 (21:08 +0200)]
spxdec: Use read_u16() from portable_io.h.
It's about 1% slower on my little endian system, but this is not
reason enough to keep the le_short() macro of spxdec.c. If anything,
the primitives in portable_io.h should be improved.
Andre Noll [Wed, 19 Sep 2018 18:50:01 +0000 (20:50 +0200)]
server: Remove declarations of sender init functions.
The init functions of the three senders have been made static long ago.
Since then vss_init() calls these functions indirectly through the
function pointer of the sender struct. Hence the declarations in
vss.c are no longer needed.
Andre Noll [Wed, 1 Aug 2018 16:29:05 +0000 (18:29 +0200)]
oss: Bail out on unsupported audio formats.
This is better than assuming signed 16 bit little endian. The patch
also improves the error message in oss.c that gets printed when the
audio format could not be set.
Andre Noll [Sat, 8 Sep 2018 13:29:44 +0000 (15:29 +0200)]
aft: Consolidate comments for sorting/listing enums.
This saves a couple of lines and improves readability.
The patch also changes the format of the doxygen comments from -sX
to -s=X and similar for -l, as this has become the required syntax
for -s, and is preferred (albeit not required) also for -l.
Andre Noll [Tue, 4 Sep 2018 11:21:06 +0000 (13:21 +0200)]
ao: Improve help text.
It was not clear how to obtain the list of available drivers and
their keys. This commit adds this information to the help text and
the man page of the ao writer.
Andre Noll [Tue, 4 Sep 2018 10:48:46 +0000 (12:48 +0200)]
write: Remove osx writer from write_cmd suite.
The osx writer seems to be kind of a zombie: osx_write.c came back
through a mistake in a merge commit, see commit 7d9e3454 (remove
osx_write.c, this time for real) from last year. But we also missed
to remove the osx subcommand from the write_cmd lopsub suite.
Andre Noll [Sat, 11 Aug 2018 19:52:05 +0000 (21:52 +0200)]
net.c: Remove compat macros for AI_V4MAPPED et al.
These were added 11 years ago during NetBSD-3.1 days because this
version of NetBSD lacked the three macros. At least on NetBSD-7.1
(released 2017), the compat macros are no longer necessary while
FreeBSD and Linux never needed them. So let's get rid of them.
Andre Noll [Mon, 27 Aug 2018 12:34:46 +0000 (14:34 +0200)]
doc: Advise the user to generate PEM keys.
With openssh-7.8 the default has been changed to write OpenSSH format
private keys instead of OpenSSL's PEM format. paraslash can only read
the latter, so make sure everyone stays at PEM for now.
Andre Noll [Tue, 28 Aug 2018 09:08:00 +0000 (11:08 +0200)]
gcrypt: Fix gcrypt error log message in read_bignum().
The message says the error occured while scanning for the public
modulus n, which is not true because the function is called for each
of the five bignums stored in an RSA private key file.
Andre Noll [Mon, 27 Aug 2018 14:56:26 +0000 (16:56 +0200)]
t0004: Always create PEM keys.
New versions of ssh-keygen create RFC4716 keys by default, which
breakes the test suite. Fortunately, the fix is easy and works also
for old versions of openssh/ssh-keygen.
Andre Noll [Mon, 30 Apr 2018 18:31:05 +0000 (20:31 +0200)]
Check for abstract sockets only once.
In net.c there is a static variable which is supposed to cache whether
the abstract local socket namespace is supported. This variable is
pointless because it is only ever set by command handlers, which exit
after the command completed. Hence the command handler process of
each subsequent afs command checks again. To make the caching work as
intended we must initialize the variable in the *parent* process. The
parent process, however, does not create any local sockets.
This patch changes init_unix_addr() to initialize the variable
without creating a socket when NULL is passed as the name parameter.
The server process passes NULL to initialize the static variable
while command handlers pass non NULL.
Andre Noll [Mon, 25 Jun 2018 18:12:27 +0000 (20:12 +0200)]
Merge branch 'refs/heads/t/aft_fixes'
Two fixes related to the audio file table.
Cooking for three weeks.
* refs/heads/t/aft_fixes:
aft: Remember current audio file after SIGHUP.
aft: Honor AUDIO_FILE_REMOVE events.
server: Update status items on file renames.
Andre Noll [Sun, 10 Jun 2018 16:59:36 +0000 (18:59 +0200)]
Merge branch 'refs/heads/t/long-help'
This series introduces lsu.c and lsu.h which contain helpers related to
the lopsub library. These helpers are designed to be shared between
the executables. The series starts by implementing a generic help
command for lopsub suites and converts para_server. Subsequent patches
convert audiod and para_play.
The second part of the series adds another lopsub related helper which
merges command line options and config file options. Each executable
is modified to make use of the new helper, getting rid of quite some
code duplication.
The conflict resolution for server.c has been tested for a while.
Cooking for five weeks.
* refs/heads/t/long-help:
play: Use lsu_merge_config_file_options().
mixer: Use lsu_merge_config_file_options().
gui: Use lsu_merge_config_file_options().
filter: Use lsu_merge_config_file_options().
audioc: Use lsu_merge_config_file_options().
audiod: Use lsu_merge_config_file_options().
client: Use lsu_merge_config_file_options().
lsu: Add helper to merge config file options, convert server.
Trivial: Rename completion_result variables.
play: Implement help --long.
audiod: Implement help --long.
Introduce lsu.{c,h}, implement help --long for para_server.
Andre Noll [Sun, 20 May 2018 09:26:26 +0000 (11:26 +0200)]
Merge branch 'refs/heads/t/clean_server_exit'
This series removes many memory leaks of para_server by refactoring
the shutdown and signal handling code. Most of the leaks happen only
at shutdown and are hence harmless. But it is still good to plug
the leaks because this puts more focus on real memory leaks in the
valgrind output.
The merge conflicted rather badly due to the changes introduced with
the crypt branch that was merged last week. The resolution has been
thoroughly tested, though.
* refs/heads/t/clean_server_exit: (32 commits)
command.c: Document return value of handle_connect().
user_list: Make list head static.
afs: Allow database switching on sighup.
afs: Free current mood or playlist on exit.
afs: Free status items on exit.
afs: Shutdown signals on exit.
server: Free parse result also in afs.
afs: Deplete user list at startup.
server: Free audio file header on exit.
sender: Deplete ACLs on exit.
Remove some unused includes from {dccp,http}_send.c.
server: Make argument of user_list_init() constant.
server: Deplete user list on exit.
server: Combine user_list_init() and populate().
server: Move para_fgets() to user_list.c.
server: Initialize user list at compile time.
server: Rename functions related to user lists.
server: Constify return value of lookup_user().
server: Let stat command handler perform cleanup on signals.
server: Have afs process close the current mood on exit().
...
Andre Noll [Sun, 13 May 2018 12:03:20 +0000 (14:03 +0200)]
Merge branch 'refs/heads/t/crypt'
A couple of simple patches which clean up the openssl and gcrypt crypto
backends. The non-trivial parts are the get_public_key() unification,
the memory leak fixes for openssl and the activation of the secmem
pool for gcrypt.
* refs/heads/t/crypt:
gcrypt: Allocate a secmem pool at startup.
crypt: Introduce crypt_shutdown().
crypt: Rename init_random_seed_or_die() -> crypt_init().
gcrypt: Use ROUND_DOWN() macro.
crypt: Rename RSA functions.
crypt: Deduplicate get_public_key().
crypt.h: Remove two unused constants.
Rename crypt.c -> openssl.c.
Andre Noll [Mon, 16 Apr 2018 18:41:39 +0000 (20:41 +0200)]
aft: Remember current audio file after SIGHUP.
The current_aft_row pointer becomes stale when the osl tables are
re-opened because SIGHUP has been received. If the current audio file
is renamed, or its metadate (afs info or afh info) are modified,
the table event dispatcher of the audio file table compares the
stale row pointer against the (non-stale) row pointer of the audio
file that has been obtained by path lookup. The two pointers never
compare equal under normal circumstances due to ASLR, so the file
modification does not trigger an update of the status items.
This patch fixes this inconvenience by remembering the hash of the
current audio file at table close time. On SIGHUP, after the table
has been re-opened, we lookup the stored hash to replace the stale
row pointer.
Andre Noll [Mon, 9 Apr 2018 19:05:56 +0000 (21:05 +0200)]
server: Update status items on file renames.
The audio file table currently ignores rename events. This has the
effect that the status items, hence the display of para_gui, is not
updated when the current file has been renamed. Fix this oversight.
Andre Noll [Mon, 30 Apr 2018 19:18:01 +0000 (21:18 +0200)]
server: Fix return value of com_ff().
We set the VSS_NEXT flag if the amount of seconds to jump forward
would exceed the end of the current audio file. However, in this case
we fail the command by returning -E_NO_AUDIO_FILE, which is incorrect.
This bug was present since day one of the git repo (2006).
Andre Noll [Thu, 15 Mar 2018 01:31:10 +0000 (02:31 +0100)]
play: Use lsu_merge_config_file_options().
Besides parsing the command line options and the config file,
parse_config_or_die() also checks the key map arguments
syntactically. This check needs to be kept of course.
play.c already includes lsu.h because it calls lsu_com_help().
Andre Noll [Thu, 15 Mar 2018 01:14:37 +0000 (02:14 +0100)]
mixer: Use lsu_merge_config_file_options().
para_mixer is special in the way the config file is handled because
it is the only executable which allows options for subcommands
to be stored in the config file. Therefore the mixer specific
parse_and_merge_config_file() is called twice. First to merge the
global (supercommand) options, then to merge the subcommand options.
This does not cause any problems regarding the conversion, though.
Andre Noll [Thu, 15 Mar 2018 00:36:19 +0000 (01:36 +0100)]
gui: Use lsu_merge_config_file_options().
para_gui supports config file reloading, so parse_config_file_or_die()
needs to set MCF_DONT_FREE to keep a reference to the command line
parse result and MCF_OVERRIDE in the reload case. Also, the code to
check the key maps and to initialize the theme needs to be kept.
Andre Noll [Wed, 14 Mar 2018 23:04:06 +0000 (00:04 +0100)]
audiod: Use lsu_merge_config_file_options().
Besides reading and merging the config file, parse_config_or_die()
also creates the uid whitelist. This part has to be retained, but we
can reduce the indentation level by returning early if --user-allow
was not given.
Andre Noll [Wed, 14 Mar 2018 19:42:57 +0000 (20:42 +0100)]
lsu: Add helper to merge config file options, convert server.
After the command line options have been parsed, most paraslash
executables read options from a config file. The two lopsub parse
result structures are then merged in a way that command line options
take preference over config file options. This logic is duplicated
in all executables.
This patch introduces a generic helper to eliminate the duplication.
The new lsu_merge_config_file_options() will eventually be employed
by all executables which need to parse the config file. This patch,
however, only converts para_server.
Andre Noll [Tue, 13 Mar 2018 23:10:42 +0000 (00:10 +0100)]
play: Implement help --long.
Also para_play benefits from the conversion to the generic
lsu_com_help(). After this patch, the three help commands of server,
audiod and play have the same syntax and their output is formatted
in the same way.
Andre Noll [Tue, 13 Mar 2018 22:47:11 +0000 (23:47 +0100)]
audiod: Implement help --long.
This converts the help command of para_audiod to the generic
lsu_com_help(), adding --long and removing quite a few lines of
duplicated code. This patch also touches audioc.c since para_audioc
needs to learn to complete the new --long option. Moreover the help
text of the help command is made a bit more useful.
Andre Noll [Tue, 13 Mar 2018 21:37:39 +0000 (22:37 +0100)]
Introduce lsu.{c,h}, implement help --long for para_server.
This adds the --long option to the server help subcommand. The former
help output becomes the long help while the short help text is shown
if --long is not given.
Although only the help command of para_server is converted in this
patch, the new functionality is implemented in a generic way so
that the help commands of para_audiod and para_play can use the same
implementation. Those will be converted in subsequent patches.
t0004 parses the help output and thus needs to be changed to include
--long.
Andre Noll [Mon, 16 Apr 2018 17:43:09 +0000 (19:43 +0200)]
aft: Reorder global static variables of aft.c.
These variables constitute the state of the audio file table. The
overall logic is easier to understand if they are combined at one
spot at the top of the file.
The definition of struct ls_data needs to be moved up because of
this. Pure code movement, no semantic changes.
Andre Noll [Sat, 17 Mar 2018 01:11:01 +0000 (02:11 +0100)]
server: Add --http-listen-address and --dccp-listen-address.
Currently the http and the dccp sender accept connections on all IP
addresses. This commit makes it possible to configure the senders to
listen only on the specified subset of addresses.
To make this work, the sender_status structure has to be extended to
store an array of file descriptors rather than just a single one.
Several places need to iterate over all listening sockets of the
sender. The new FOR_EACH_LISTEN_FD macro helps to avoid duplicating
the corresponding loop.
The status part of the sender command now prints the listening
addresses instead of just on/off. This is why we also maintain the
ascii representation of the listening addresses in the sender_status
structure and introduce the format_url() helper to format host/port
pairs.
Andre Noll [Wed, 7 Mar 2018 18:45:09 +0000 (19:45 +0100)]
Move MAX_HOSTLEN from server.h to net.h.
This generic networking-related constant does not belong to
server.h. However, since server.h uses the constant, we have to make
sure that net.h is included before server.h.
Andre Noll [Wed, 7 Mar 2018 11:32:15 +0000 (12:32 +0100)]
server: Implement --listen-address for control service.
For hosts with multiple IP addresses one might want to configure the
listening sockets so that connections can only arrive on a subset of
the host's addresses. This patch implements this feature.
Unlike para_listen_simple() the new para_listen() receives an optional
argument to let the caller specify the listening address in addition
to the port number. para_listen_simple() is now a simple wrapper
that passes a NULL pointer as the new argument which indicates that
the socket should listen on all local addresses, just like prior to
this change.
The set of listening addresses for the control service of para_server
can be specified via the new --listen-address option. This option
can be given multiple times, once for each listening address.
Due to this change the server needs to maintain more than a single
file descriptor to dispatch incoming connections. Hence the integer
->listen_fd of struct server_command_task has to be replaced by an
array of file descriptors and the {pre,post}_select methods of the
command task have iterate over all descriptors in the array.
The meaning of the --port option has changed due to the new option:
since the argument to --listen-address can also contain a port number,
the argument to --port is only used for addresses with no port number,
or if --listen-address is not given at all.
Although the http and dccp senders also open a listening socket, this
commit affects only the control service of para_server (listening on
TCP 2990 by default). Senders will be covered in the next commit.
Andre Noll [Thu, 22 Mar 2018 01:09:43 +0000 (02:09 +0100)]
net: Improve error diagnostics of makesock_addrinfo().
Since the function iterates over all addresses in the passed
addressinfo structure, errors can be non-fatal and may even be
expected. Therefore the function does not log any errors from
socket(2), setsockopt(2), connect(2) or bind(2), but only returns
a generic -E_MAKESOCK error code if none of the addressinfo members
worked. Unfortunately, this means it's impossible to tell from the
log message which of these system calls has failed.
This patch changes the function to also log the errors from the above
system calls, but only with loglevel notice. This way the non-fatal
errors are not shown by default (since the default loglevel is
"warning"), but one can easily activate them by specifying a lower
loglevel.
Andre Noll [Sat, 17 Mar 2018 01:10:55 +0000 (02:10 +0100)]
send_common: Improve error diagnostics of generic_com_on().
Currently the function returns an error code but does not log a message
on errors. The callers, http_send_init() and dccp_send_init(), print
the strerror text with no indication that it is was generic_com_on()
which caused the error.
This commit moves the log messages from the callers to generic_com_on()
and changes the return type of generic_com_on() to void because both
callers now ignore the return value. The new log messages include a
text which tells the user what went wrong.
Andre Noll [Mon, 26 Mar 2018 22:39:48 +0000 (00:39 +0200)]
fd: Let readv_nonblock() recover from EINTR.
No need to fail the operation if the read was interrupted by a signal.
The patch also fixes some minor issues in the documentation:
a typo ("The" was incorrectly capitalized) and a missing \ref
for xwrite(). We use the opportunity to get rid of the \a and \p
font annotations. This improves the readability of the source code,
which is more imporatant than nice looking web pages. However, we
only touch those parts of the documentation which are modified anyway.
Andre Noll [Fri, 5 Jan 2018 15:11:36 +0000 (16:11 +0100)]
mixer: Improve sleep subcommand.
This avoids a pointless exec of "para_client stop" in case no fade-out
mood is given, and another pointless "para_client play" exec which
was executed when already playing.
Andre Noll [Wed, 21 Mar 2018 12:56:04 +0000 (13:56 +0100)]
http_recv: Improve error diagnostics.
If the http receiver is started when the stream is stopped or paused,
para_recv exits silently with no error message. Let's tell the user
what is going on.
Andre Noll [Tue, 9 Jan 2018 23:19:13 +0000 (00:19 +0100)]
afh_recv: Improve error diagnostics.
There are many reasons for afh_recv_open() to fail. For example, the
afh receiver could be unable to open its input file, or the given
begin chunk was larger than the end chunk. At the moment the error
reporting is a bit scarce since only the string of the error code is
printed. This commit makes afh_recv_open() print also the reason for
the error and the name of the file that caused the error.
Andre Noll [Sat, 17 Mar 2018 22:29:12 +0000 (23:29 +0100)]
client: Fix loglevel setting.
If --loglevel is given in the config file but not at the command line,
the value from the config file should be used. However, currently we
use the default value in this case. Moreover, client_parse_config()
sets the loglevel *after* it already printed some log messages.
This commit changes client_parse_config() to initialize the loglevel
pointer right after the command line and config file options have
been merged.
Andre Noll [Thu, 8 Mar 2018 20:39:24 +0000 (21:39 +0100)]
send_common: Remove outdated comment.
Commit 8dab386f (Rework para_accept()) from eight years ago changed
the function to receive also a pointer to the read fd set and pass
this pointer to para_accept() which performs the check for readability
of the socket file descriptor. Since then the comment which says that
the caller must check the fd set is stale.
Andre Noll [Wed, 3 Jan 2018 01:49:22 +0000 (02:49 +0100)]
afs: Allow database switching on sighup.
Currently the database dir is set at startup and stays unmodified even
after the sighup handler has reloaded a configuration which specifies
a different database path.
This patch makes it possible to switch to a different database after
SIGHUP was received. To make this work, we only have invalidate the
database_dir pointer after the database has been closed.
Andre Noll [Wed, 3 Jan 2018 00:01:42 +0000 (01:01 +0100)]
afs: Free status items on exit.
The server process frees the memory allocated for the status items
on exit but the afs process does not. To avoid the leak we have to
make free_status_items() public.
Andre Noll [Mon, 1 Jan 2018 03:28:29 +0000 (04:28 +0100)]
server: Free parse result also in afs.
Both the server and the afs process need to access the lopsub parse
result which is allocated and initialized prior to the fork(2) that
creates the afs process. Hence both processes should free this memory
on exit.
The new public free_lpr() frees the memory allocated by both parse result
structures.