diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 12:06:34 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 12:06:34 +0000 |
commit | 5e61585d76ae77fd5e9e96ebabb57afa4d74880d (patch) | |
tree | 2b467823aaeebc7ef8bc9e3cabe8074eaef1666d /src/global/haproxy_srvr.c | |
parent | Initial commit. (diff) | |
download | postfix-upstream/3.5.24.tar.xz postfix-upstream/3.5.24.zip |
Adding upstream version 3.5.24.upstream/3.5.24upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/global/haproxy_srvr.c')
-rw-r--r-- | src/global/haproxy_srvr.c | 888 |
1 files changed, 888 insertions, 0 deletions
diff --git a/src/global/haproxy_srvr.c b/src/global/haproxy_srvr.c new file mode 100644 index 0000000..d6a22d7 --- /dev/null +++ b/src/global/haproxy_srvr.c @@ -0,0 +1,888 @@ +/*++ +/* NAME +/* haproxy_srvr 3 +/* SUMMARY +/* server-side haproxy protocol support +/* SYNOPSIS +/* #include <haproxy_srvr.h> +/* +/* const char *haproxy_srvr_parse(str, str_len, non_proxy, +/* smtp_client_addr, smtp_client_port, +/* smtp_server_addr, smtp_server_port) +/* const char *str; +/* ssize_t *str_len; +/* int *non_proxy; +/* MAI_HOSTADDR_STR *smtp_client_addr, +/* MAI_SERVPORT_STR *smtp_client_port, +/* MAI_HOSTADDR_STR *smtp_server_addr, +/* MAI_SERVPORT_STR *smtp_server_port; +/* +/* const char *haproxy_srvr_receive(fd, non_proxy, +/* smtp_client_addr, smtp_client_port, +/* smtp_server_addr, smtp_server_port) +/* int fd; +/* int *non_proxy; +/* MAI_HOSTADDR_STR *smtp_client_addr, +/* MAI_SERVPORT_STR *smtp_client_port, +/* MAI_HOSTADDR_STR *smtp_server_addr, +/* MAI_SERVPORT_STR *smtp_server_port; +/* DESCRIPTION +/* haproxy_srvr_parse() parses a haproxy v1 or v2 protocol +/* message. The result is null in case of success, a pointer +/* to text (with the error type) in case of error. If both +/* IPv6 and IPv4 support are enabled, IPV4_IN_IPV6 address +/* form (::ffff:1.2.3.4) is converted to IPV4 form. In case +/* of success, the str_len argument is updated with the number +/* of bytes parsed, and the non_proxy argument is true or false +/* if the haproxy message specifies a non-proxied connection. +/* +/* haproxy_srvr_receive() receives and parses a haproxy protocol +/* handshake. This must be called before any I/O is done on +/* the specified file descriptor. The result is 0 in case of +/* success, -1 in case of error. All errors are logged. +/* +/* The haproxy v2 protocol support is limited to TCP over IPv4, +/* TCP over IPv6, and non-proxied connections. In the latter +/* case, the caller is responsible for any local or remote +/* address/port lookup. +/* LICENSE +/* .ad +/* .fi +/* The Secure Mailer license must be distributed with this software. +/* AUTHOR(S) +/* Wietse Venema +/* IBM T.J. Watson Research +/* P.O. Box 704 +/* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA +/*--*/ + +/* System library. */ + +#include <sys_defs.h> +#include <stdarg.h> +#include <stdlib.h> +#include <string.h> + +#ifdef STRCASECMP_IN_STRINGS_H +#include <strings.h> +#endif + +/* Utility library. */ + +#include <msg.h> +#include <myaddrinfo.h> +#include <valid_hostname.h> +#include <stringops.h> +#include <mymalloc.h> +#include <inet_proto.h> +#include <split_at.h> +#include <sock_addr.h> + +/* Global library. */ + +#include <haproxy_srvr.h> + +/* Application-specific. */ + + /* + * The haproxy protocol assumes that a haproxy header will normally not + * exceed the default IPv4 TCP MSS, i.e. 576-40=536 bytes (the IPv6 default + * is larger: 1280-60=1220). With a proxy header that contains IPv6 + * addresses, that leaves room for 536-52=484 bytes of TLVs. The Postfix + * implementation does not support headers with UNIX-domain addresses. + */ +#define HAPROXY_HEADER_MAX_LEN 536 + + /* + * Begin protocol v2 definitions from haproxy/include/types/connection.h. + */ +#define PP2_SIGNATURE "\r\n\r\n\0\r\nQUIT\n" +#define PP2_SIGNATURE_LEN 12 +#define PP2_HEADER_LEN 16 + +/* ver_cmd byte */ +#define PP2_CMD_LOCAL 0x00 +#define PP2_CMD_PROXY 0x01 +#define PP2_CMD_MASK 0x0F + +#define PP2_VERSION 0x20 +#define PP2_VERSION_MASK 0xF0 + +/* fam byte */ +#define PP2_TRANS_UNSPEC 0x00 +#define PP2_TRANS_STREAM 0x01 +#define PP2_TRANS_DGRAM 0x02 +#define PP2_TRANS_MASK 0x0F + +#define PP2_FAM_UNSPEC 0x00 +#define PP2_FAM_INET 0x10 +#define PP2_FAM_INET6 0x20 +#define PP2_FAM_UNIX 0x30 +#define PP2_FAM_MASK 0xF0 + +/* len field (2 bytes) */ +#define PP2_ADDR_LEN_UNSPEC (0) +#define PP2_ADDR_LEN_INET (4 + 4 + 2 + 2) +#define PP2_ADDR_LEN_INET6 (16 + 16 + 2 + 2) +#define PP2_ADDR_LEN_UNIX (108 + 108) + +#define PP2_HDR_LEN_UNSPEC (PP2_HEADER_LEN + PP2_ADDR_LEN_UNSPEC) +#define PP2_HDR_LEN_INET (PP2_HEADER_LEN + PP2_ADDR_LEN_INET) +#define PP2_HDR_LEN_INET6 (PP2_HEADER_LEN + PP2_ADDR_LEN_INET6) +#define PP2_HDR_LEN_UNIX (PP2_HEADER_LEN + PP2_ADDR_LEN_UNIX) + +struct proxy_hdr_v2 { + uint8_t sig[PP2_SIGNATURE_LEN]; /* PP2_SIGNATURE */ + uint8_t ver_cmd; /* protocol version | command */ + uint8_t fam; /* protocol family and transport */ + uint16_t len; /* length of remainder */ + union { + struct { /* for TCP/UDP over IPv4, len = 12 */ + uint32_t src_addr; + uint32_t dst_addr; + uint16_t src_port; + uint16_t dst_port; + } ip4; + struct { /* for TCP/UDP over IPv6, len = 36 */ + uint8_t src_addr[16]; + uint8_t dst_addr[16]; + uint16_t src_port; + uint16_t dst_port; + } ip6; + struct { /* for AF_UNIX sockets, len = 216 */ + uint8_t src_addr[108]; + uint8_t dst_addr[108]; + } unx; + } addr; +}; + + /* + * End protocol v2 definitions from haproxy/include/types/connection.h. + */ + +static INET_PROTO_INFO *proto_info; + +#define STR_OR_NULL(str) ((str) ? (str) : "(null)") + +/* haproxy_srvr_parse_lit - extract and validate string literal */ + +static int haproxy_srvr_parse_lit(const char *str,...) +{ + va_list ap; + const char *cp; + int result = -1; + int count; + + if (msg_verbose) + msg_info("haproxy_srvr_parse: %s", STR_OR_NULL(str)); + + if (str != 0) { + va_start(ap, str); + for (count = 0; (cp = va_arg(ap, const char *)) != 0; count++) { + if (strcmp(str, cp) == 0) { + result = count; + break; + } + } + va_end(ap); + } + return (result); +} + +/* haproxy_srvr_parse_proto - parse and validate the protocol type */ + +static int haproxy_srvr_parse_proto(const char *str, int *addr_family) +{ + if (msg_verbose) + msg_info("haproxy_srvr_parse: proto=%s", STR_OR_NULL(str)); + + if (str == 0) + return (-1); +#ifdef AF_INET6 + if (strcasecmp(str, "TCP6") == 0) { + if (strchr((char *) proto_info->sa_family_list, AF_INET6) != 0) { + *addr_family = AF_INET6; + return (0); + } + } else +#endif + if (strcasecmp(str, "TCP4") == 0) { + if (strchr((char *) proto_info->sa_family_list, AF_INET) != 0) { + *addr_family = AF_INET; + return (0); + } + } + return (-1); +} + +/* haproxy_srvr_parse_addr - extract and validate IP address */ + +static int haproxy_srvr_parse_addr(const char *str, MAI_HOSTADDR_STR *addr, + int addr_family) +{ + struct addrinfo *res = 0; + int err; + + if (msg_verbose) + msg_info("haproxy_srvr_parse: addr=%s proto=%d", + STR_OR_NULL(str), addr_family); + + if (str == 0 || strlen(str) >= sizeof(MAI_HOSTADDR_STR)) + return (-1); + + switch (addr_family) { +#ifdef AF_INET6 + case AF_INET6: + err = !valid_ipv6_hostaddr(str, DONT_GRIPE); + break; +#endif + case AF_INET: + err = !valid_ipv4_hostaddr(str, DONT_GRIPE); + break; + default: + msg_panic("haproxy_srvr_parse: unexpected address family: %d", + addr_family); + } + if (err == 0) + err = (hostaddr_to_sockaddr(str, (char *) 0, 0, &res) + || sockaddr_to_hostaddr(res->ai_addr, res->ai_addrlen, + addr, (MAI_SERVPORT_STR *) 0, 0)); + if (res) + freeaddrinfo(res); + if (err) + return (-1); + if (addr->buf[0] == ':' && strncasecmp("::ffff:", addr->buf, 7) == 0 + && strchr((char *) proto_info->sa_family_list, AF_INET) != 0) + memmove(addr->buf, addr->buf + 7, strlen(addr->buf) + 1 - 7); + return (0); +} + +/* haproxy_srvr_parse_port - extract and validate TCP port */ + +static int haproxy_srvr_parse_port(const char *str, MAI_SERVPORT_STR *port) +{ + if (msg_verbose) + msg_info("haproxy_srvr_parse: port=%s", STR_OR_NULL(str)); + if (str == 0 || strlen(str) >= sizeof(MAI_SERVPORT_STR) + || !valid_hostport(str, DONT_GRIPE)) { + return (-1); + } else { + memcpy(port->buf, str, strlen(str) + 1); + return (0); + } +} + +/* haproxy_srvr_parse_v2_addr_v4 - parse IPv4 info from v2 header */ + +static int haproxy_srvr_parse_v2_addr_v4(uint32_t sin_addr, + unsigned sin_port, + MAI_HOSTADDR_STR *addr, + MAI_SERVPORT_STR *port) +{ + struct sockaddr_in sin; + + memset((void *) &sin, 0, sizeof(sin)); + sin.sin_family = AF_INET; + sin.sin_addr.s_addr = sin_addr; + sin.sin_port = sin_port; + if (sockaddr_to_hostaddr((struct sockaddr *) &sin, sizeof(sin), + addr, port, 0) < 0) + return (-1); + return (0); +} + +#ifdef AF_INET6 + +/* haproxy_srvr_parse_v2_addr_v6 - parse IPv6 info from v2 header */ + +static int haproxy_srvr_parse_v2_addr_v6(uint8_t *sin6_addr, + unsigned sin6_port, + MAI_HOSTADDR_STR *addr, + MAI_SERVPORT_STR *port) +{ + struct sockaddr_in6 sin6; + + memset((void *) &sin6, 0, sizeof(sin6)); + sin6.sin6_family = AF_INET6; + memcpy(&sin6.sin6_addr, sin6_addr, 16); + sin6.sin6_port = sin6_port; + if (sockaddr_to_hostaddr((struct sockaddr *) &sin6, + sizeof(sin6), addr, port, 0) < 0) + return (-1); + if (addr->buf[0] == ':' + && strncasecmp("::ffff:", addr->buf, 7) == 0 + && strchr((char *) proto_info->sa_family_list, AF_INET) != 0) + memmove(addr->buf, addr->buf + 7, + strlen(addr->buf) + 1 - 7); + return (0); +} + +#endif + +/* haproxy_srvr_parse_v2_hdr - parse v2 header address info */ + +static const char *haproxy_srvr_parse_v2_hdr(const char *str, ssize_t *str_len, + int *non_proxy, + MAI_HOSTADDR_STR *smtp_client_addr, + MAI_SERVPORT_STR *smtp_client_port, + MAI_HOSTADDR_STR *smtp_server_addr, + MAI_SERVPORT_STR *smtp_server_port) +{ + const char myname[] = "haproxy_srvr_parse_v2_hdr"; + struct proxy_hdr_v2 *hdr_v2; + + if (*str_len < PP2_HEADER_LEN) + return ("short protocol header"); + hdr_v2 = (struct proxy_hdr_v2 *) str; + if (memcmp(hdr_v2->sig, PP2_SIGNATURE, PP2_SIGNATURE_LEN) != 0) + return ("unrecognized protocol header"); + if ((hdr_v2->ver_cmd & PP2_VERSION_MASK) != PP2_VERSION) + return ("unrecognized protocol version"); + if (*str_len < PP2_HEADER_LEN + ntohs(hdr_v2->len)) + return ("short version 2 protocol header"); + + switch (hdr_v2->ver_cmd & PP2_CMD_MASK) { + + /* + * Proxied connection, use the proxy-provided connection info. + */ + case PP2_CMD_PROXY: + switch (hdr_v2->fam) { + case PP2_FAM_INET | PP2_TRANS_STREAM:{ /* TCP4 */ + if (strchr((char *) proto_info->sa_family_list, AF_INET) == 0) + return ("Postfix IPv4 support is disabled"); + if (ntohs(hdr_v2->len) < PP2_ADDR_LEN_INET) + return ("short address field"); + if (haproxy_srvr_parse_v2_addr_v4(hdr_v2->addr.ip4.src_addr, + hdr_v2->addr.ip4.src_port, + smtp_client_addr, smtp_client_port) < 0) + return ("client network address conversion error"); + if (msg_verbose) + msg_info("%s: smtp_client_addr=%s smtp_client_port=%s", + myname, smtp_client_addr->buf, smtp_client_port->buf); + if (haproxy_srvr_parse_v2_addr_v4(hdr_v2->addr.ip4.dst_addr, + hdr_v2->addr.ip4.dst_port, + smtp_server_addr, smtp_server_port) < 0) + return ("server network address conversion error"); + if (msg_verbose) + msg_info("%s: smtp_server_addr=%s smtp_server_port=%s", + myname, smtp_server_addr->buf, smtp_server_port->buf); + break; + } + case PP2_FAM_INET6 | PP2_TRANS_STREAM:{/* TCP6 */ +#ifdef AF_INET6 + if (strchr((char *) proto_info->sa_family_list, AF_INET6) == 0) + return ("Postfix IPv6 support is disabled"); + if (ntohs(hdr_v2->len) < PP2_ADDR_LEN_INET6) + return ("short address field"); + if (haproxy_srvr_parse_v2_addr_v6(hdr_v2->addr.ip6.src_addr, + hdr_v2->addr.ip6.src_port, + smtp_client_addr, + smtp_client_port) < 0) + return ("client network address conversion error"); + if (msg_verbose) + msg_info("%s: smtp_client_addr=%s smtp_client_port=%s", + myname, smtp_client_addr->buf, smtp_client_port->buf); + if (haproxy_srvr_parse_v2_addr_v6(hdr_v2->addr.ip6.dst_addr, + hdr_v2->addr.ip6.dst_port, + smtp_server_addr, + smtp_server_port) < 0) + return ("server network address conversion error"); + if (msg_verbose) + msg_info("%s: smtp_server_addr=%s smtp_server_port=%s", + myname, smtp_server_addr->buf, smtp_server_port->buf); + break; +#else + return ("Postfix IPv6 support is not compiled in"); +#endif + } + default: + return ("unsupported network protocol"); + } + /* For now, skip and ignore TLVs. */ + *non_proxy = 0; + *str_len = PP2_HEADER_LEN + ntohs(hdr_v2->len); + return (0); + + /* + * Non-proxied connection, use the proxy-to-server connection info. + */ + case PP2_CMD_LOCAL: + /* For now, skip and ignore TLVs. */ + *non_proxy = 1; + *str_len = PP2_HEADER_LEN + ntohs(hdr_v2->len); + return (0); + default: + return ("bad command in proxy header"); + } +} + +/* haproxy_srvr_parse - parse haproxy line */ + +const char *haproxy_srvr_parse(const char *str, ssize_t *str_len, + int *non_proxy, + MAI_HOSTADDR_STR *smtp_client_addr, + MAI_SERVPORT_STR *smtp_client_port, + MAI_HOSTADDR_STR *smtp_server_addr, + MAI_SERVPORT_STR *smtp_server_port) +{ + const char *err; + + if (proto_info == 0) + proto_info = inet_proto_info(); + + /* + * XXX We don't accept connections with the "UNKNOWN" protocol type, + * because those would sidestep address-based access control mechanisms. + */ + + /* + * Try version 1 protocol. + */ + if (strncmp(str, "PROXY ", 6) == 0) { + char *saved_str = mystrndup(str, *str_len); + char *cp = saved_str; + char *beyond_header = split_at(saved_str, '\n'); + int addr_family; + +#define NEXT_TOKEN mystrtok(&cp, " \r") + if (beyond_header == 0) + err = "missing protocol header terminator"; + else if (haproxy_srvr_parse_lit(NEXT_TOKEN, "PROXY", (char *) 0) < 0) + err = "unexpected protocol header"; + else if (haproxy_srvr_parse_proto(NEXT_TOKEN, &addr_family) < 0) + err = "unsupported protocol type"; + else if (haproxy_srvr_parse_addr(NEXT_TOKEN, smtp_client_addr, + addr_family) < 0) + err = "unexpected client address syntax"; + else if (haproxy_srvr_parse_addr(NEXT_TOKEN, smtp_server_addr, + addr_family) < 0) + err = "unexpected server address syntax"; + else if (haproxy_srvr_parse_port(NEXT_TOKEN, smtp_client_port) < 0) + err = "unexpected client port syntax"; + else if (haproxy_srvr_parse_port(NEXT_TOKEN, smtp_server_port) < 0) + err = "unexpected server port syntax"; + else { + err = 0; + *str_len = beyond_header - saved_str; + } + myfree(saved_str); + + *non_proxy = 0; + return (err); + } + + /* + * Try version 2 protocol. + */ + else { + return (haproxy_srvr_parse_v2_hdr(str, str_len, non_proxy, + smtp_client_addr, smtp_client_port, + smtp_server_addr, smtp_server_port)); + } +} + +/* haproxy_srvr_receive - receive and parse haproxy protocol handshake */ + +int haproxy_srvr_receive(int fd, int *non_proxy, + MAI_HOSTADDR_STR *smtp_client_addr, + MAI_SERVPORT_STR *smtp_client_port, + MAI_HOSTADDR_STR *smtp_server_addr, + MAI_SERVPORT_STR *smtp_server_port) +{ + const char *err; + VSTRING *escape_buf; + char read_buf[HAPROXY_HEADER_MAX_LEN + 1]; + ssize_t read_len; + + /* + * We must not read(2) past the end of the HaProxy handshake. The v2 + * protocol assumes that the handshake will never be fragmented, + * therefore we peek, parse the entire input, then read(2) only the + * number of bytes parsed. + */ + if ((read_len = recv(fd, read_buf, sizeof(read_buf) - 1, MSG_PEEK)) <= 0) { + msg_warn("haproxy read: EOF"); + return (-1); + } + + /* + * Parse the haproxy handshake, and determine the handshake length. + */ + read_buf[read_len] = 0; + + if ((err = haproxy_srvr_parse(read_buf, &read_len, non_proxy, + smtp_client_addr, smtp_client_port, + smtp_server_addr, smtp_server_port)) != 0) { + escape_buf = vstring_alloc(read_len * 2); + escape(escape_buf, read_buf, read_len); + msg_warn("haproxy read: %s: %s", err, vstring_str(escape_buf)); + vstring_free(escape_buf); + return (-1); + } + + /* + * Try to pop the haproxy handshake off the input queue. + */ + if (recv(fd, read_buf, read_len, 0) != read_len) { + msg_warn("haproxy read: %m"); + return (-1); + } + return (0); +} + + /* + * Test program. + */ +#ifdef TEST + + /* + * Test cases with inputs and expected outputs. A request may contain + * trailing garbage, and it may be too short. A v1 request may also contain + * malformed address or port information. + */ +typedef struct TEST_CASE { + const char *haproxy_request; /* v1 or v2 request including thrash */ + ssize_t haproxy_req_len; /* request length including thrash */ + ssize_t exp_req_len; /* parsed request length */ + int exp_non_proxy; /* request is not proxied */ + const char *exp_return; /* expected error string */ + const char *exp_client_addr; /* expected client address string */ + const char *exp_server_addr; /* expected client port string */ + const char *exp_client_port; /* expected client address string */ + const char *exp_server_port; /* expected server port string */ +} TEST_CASE; +static TEST_CASE v1_test_cases[] = { + /* IPv6. */ + {"PROXY TCP6 fc:00:00:00:1:2:3:4 fc:00:00:00:4:3:2:1 123 321\n", 0, 0, 0, 0, "fc::1:2:3:4", "fc::4:3:2:1", "123", "321"}, + {"PROXY TCP6 FC:00:00:00:1:2:3:4 FC:00:00:00:4:3:2:1 123 321\n", 0, 0, 0, 0, "fc::1:2:3:4", "fc::4:3:2:1", "123", "321"}, + {"PROXY TCP6 1.2.3.4 4.3.2.1 123 321\n", 0, 0, 0, "unexpected client address syntax"}, + {"PROXY TCP6 fc:00:00:00:1:2:3:4 4.3.2.1 123 321\n", 0, 0, 0, "unexpected server address syntax"}, + /* IPv4 in IPv6. */ + {"PROXY TCP6 ::ffff:1.2.3.4 ::ffff:4.3.2.1 123 321\n", 0, 0, 0, 0, "1.2.3.4", "4.3.2.1", "123", "321"}, + {"PROXY TCP6 ::FFFF:1.2.3.4 ::FFFF:4.3.2.1 123 321\n", 0, 0, 0, 0, "1.2.3.4", "4.3.2.1", "123", "321"}, + {"PROXY TCP4 ::ffff:1.2.3.4 ::ffff:4.3.2.1 123 321\n", 0, 0, 0, "unexpected client address syntax"}, + {"PROXY TCP4 1.2.3.4 ::ffff:4.3.2.1 123 321\n", 0, 0, 0, "unexpected server address syntax"}, + /* IPv4. */ + {"PROXY TCP4 1.2.3.4 4.3.2.1 123 321\n", 0, 0, 0, 0, "1.2.3.4", "4.3.2.1", "123", "321"}, + {"PROXY TCP4 01.02.03.04 04.03.02.01 123 321\n", 0, 0, 0, 0, "1.2.3.4", "4.3.2.1", "123", "321"}, + {"PROXY TCP4 1.2.3.4 4.3.2.1 123456 321\n", 0, 0, 0, "unexpected client port syntax"}, + {"PROXY TCP4 1.2.3.4 4.3.2.1 123 654321\n", 0, 0, 0, "unexpected server port syntax"}, + {"PROXY TCP4 1.2.3.4 4.3.2.1 0123 321\n", 0, 0, 0, "unexpected client port syntax"}, + {"PROXY TCP4 1.2.3.4 4.3.2.1 123 0321\n", 0, 0, 0, "unexpected server port syntax"}, + /* Missing fields. */ + {"PROXY TCP6 fc:00:00:00:1:2:3:4 fc:00:00:00:4:3:2:1 123\n", 0, 0, 0, "unexpected server port syntax"}, + {"PROXY TCP6 fc:00:00:00:1:2:3:4 fc:00:00:00:4:3:2:1\n", 0, 0, 0, "unexpected client port syntax"}, + {"PROXY TCP6 fc:00:00:00:1:2:3:4\n", 0, 0, 0, "unexpected server address syntax"}, + {"PROXY TCP6\n", 0, 0, 0, "unexpected client address syntax"}, + {"PROXY TCP4 1.2.3.4 4.3.2.1 123\n", 0, 0, 0, "unexpected server port syntax"}, + {"PROXY TCP4 1.2.3.4 4.3.2.1\n", 0, 0, 0, "unexpected client port syntax"}, + {"PROXY TCP4 1.2.3.4\n", 0, 0, 0, "unexpected server address syntax"}, + {"PROXY TCP4\n", 0, 0, 0, "unexpected client address syntax"}, + /* Other. */ + {"PROXY BLAH\n", 0, 0, 0, "unsupported protocol type"}, + {"BLAH\n", 0, 0, 0, "short protocol header"}, + 0, +}; + +static struct proxy_hdr_v2 v2_local_request = { + PP2_SIGNATURE, PP2_VERSION | PP2_CMD_LOCAL, +}; +static TEST_CASE v2_non_proxy_test = { + (char *) &v2_local_request, PP2_HEADER_LEN, PP2_HEADER_LEN, 1, +}; + +#define STR(x) vstring_str(x) +#define LEN(x) VSTRING_LEN(x) + +/* evaluate_test_case - evaluate one test case */ + +static int evaluate_test_case(const char *test_label, + const TEST_CASE *test_case) +{ + /* Actual results. */ + const char *act_return; + ssize_t act_req_len; + int act_non_proxy; + MAI_HOSTADDR_STR act_smtp_client_addr; + MAI_HOSTADDR_STR act_smtp_server_addr; + MAI_SERVPORT_STR act_smtp_client_port; + MAI_SERVPORT_STR act_smtp_server_port; + int test_failed; + + if (msg_verbose) + msg_info("test case=%s exp_client_addr=%s exp_server_addr=%s " + "exp_client_port=%s exp_server_port=%s", + test_label, STR_OR_NULL(test_case->exp_client_addr), + STR_OR_NULL(test_case->exp_server_addr), + STR_OR_NULL(test_case->exp_client_port), + STR_OR_NULL(test_case->exp_server_port)); + + /* + * Start the test. + */ + test_failed = 0; + act_req_len = test_case->haproxy_req_len; + act_return = + haproxy_srvr_parse(test_case->haproxy_request, &act_req_len, + &act_non_proxy, + &act_smtp_client_addr, &act_smtp_client_port, + &act_smtp_server_addr, &act_smtp_server_port); + if (act_return != test_case->exp_return) { + msg_warn("test case %s return expected=%s actual=%s", + test_label, STR_OR_NULL(test_case->exp_return), + STR_OR_NULL(act_return)); + test_failed = 1; + return (test_failed); + } + if (act_req_len != test_case->exp_req_len) { + msg_warn("test case %s str_len expected=%ld actual=%ld", + test_label, + (long) test_case->exp_req_len, (long) act_req_len); + test_failed = 1; + return (test_failed); + } + if (act_non_proxy != test_case->exp_non_proxy) { + msg_warn("test case %s non_proxy expected=%d actual=%d", + test_label, + test_case->exp_non_proxy, act_non_proxy); + test_failed = 1; + return (test_failed); + } + if (test_case->exp_non_proxy || test_case->exp_return != 0) + /* No expected address/port results. */ + return (test_failed); + + /* + * Compare address/port results against expected results. + */ + if (strcmp(test_case->exp_client_addr, act_smtp_client_addr.buf)) { + msg_warn("test case %s client_addr expected=%s actual=%s", + test_label, + test_case->exp_client_addr, act_smtp_client_addr.buf); + test_failed = 1; + } + if (strcmp(test_case->exp_server_addr, act_smtp_server_addr.buf)) { + msg_warn("test case %s server_addr expected=%s actual=%s", + test_label, + test_case->exp_server_addr, act_smtp_server_addr.buf); + test_failed = 1; + } + if (strcmp(test_case->exp_client_port, act_smtp_client_port.buf)) { + msg_warn("test case %s client_port expected=%s actual=%s", + test_label, + test_case->exp_client_port, act_smtp_client_port.buf); + test_failed = 1; + } + if (strcmp(test_case->exp_server_port, act_smtp_server_port.buf)) { + msg_warn("test case %s server_port expected=%s actual=%s", + test_label, + test_case->exp_server_port, act_smtp_server_port.buf); + test_failed = 1; + } + return (test_failed); +} + +/* convert_v1_proxy_req_to_v2 - convert well-formed v1 proxy request to v2 */ + +static void convert_v1_proxy_req_to_v2(VSTRING *buf, const char *req, + ssize_t req_len) +{ + const char myname[] = "convert_v1_proxy_req_to_v2"; + const char *err; + int non_proxy; + MAI_HOSTADDR_STR smtp_client_addr; + MAI_SERVPORT_STR smtp_client_port; + MAI_HOSTADDR_STR smtp_server_addr; + MAI_SERVPORT_STR smtp_server_port; + struct proxy_hdr_v2 *hdr_v2; + struct addrinfo *src_res; + struct addrinfo *dst_res; + + /* + * Allocate buffer space for the largest possible protocol header, so we + * don't have to worry about hidden realloc() calls. + */ + VSTRING_RESET(buf); + VSTRING_SPACE(buf, sizeof(struct proxy_hdr_v2)); + hdr_v2 = (struct proxy_hdr_v2 *) STR(buf); + + /* + * Fill in the header, + */ + memcpy(hdr_v2->sig, PP2_SIGNATURE, PP2_SIGNATURE_LEN); + hdr_v2->ver_cmd = PP2_VERSION | PP2_CMD_PROXY; + if ((err = haproxy_srvr_parse(req, &req_len, &non_proxy, &smtp_client_addr, + &smtp_client_port, &smtp_server_addr, + &smtp_server_port)) != 0 || non_proxy) + msg_fatal("%s: malformed or non-proxy request: %s", + myname, req); + + if (hostaddr_to_sockaddr(smtp_client_addr.buf, smtp_client_port.buf, 0, + &src_res) != 0) + msg_fatal("%s: unable to convert source address %s port %s", + myname, smtp_client_addr.buf, smtp_client_port.buf); + if (hostaddr_to_sockaddr(smtp_server_addr.buf, smtp_server_port.buf, 0, + &dst_res) != 0) + msg_fatal("%s: unable to convert destination address %s port %s", + myname, smtp_server_addr.buf, smtp_server_port.buf); + if (src_res->ai_family != dst_res->ai_family) + msg_fatal("%s: mixed source/destination address families", myname); +#ifdef AF_INET6 + if (src_res->ai_family == PF_INET6) { + hdr_v2->fam = PP2_FAM_INET6 | PP2_TRANS_STREAM; + hdr_v2->len = htons(PP2_ADDR_LEN_INET6); + memcpy(hdr_v2->addr.ip6.src_addr, + &SOCK_ADDR_IN6_ADDR(src_res->ai_addr), + sizeof(hdr_v2->addr.ip6.src_addr)); + hdr_v2->addr.ip6.src_port = SOCK_ADDR_IN6_PORT(src_res->ai_addr); + memcpy(hdr_v2->addr.ip6.dst_addr, + &SOCK_ADDR_IN6_ADDR(dst_res->ai_addr), + sizeof(hdr_v2->addr.ip6.dst_addr)); + hdr_v2->addr.ip6.dst_port = SOCK_ADDR_IN6_PORT(dst_res->ai_addr); + } else +#endif + if (src_res->ai_family == PF_INET) { + hdr_v2->fam = PP2_FAM_INET | PP2_TRANS_STREAM; + hdr_v2->len = htons(PP2_ADDR_LEN_INET); + hdr_v2->addr.ip4.src_addr = SOCK_ADDR_IN_ADDR(src_res->ai_addr).s_addr; + hdr_v2->addr.ip4.src_port = SOCK_ADDR_IN_PORT(src_res->ai_addr); + hdr_v2->addr.ip4.dst_addr = SOCK_ADDR_IN_ADDR(dst_res->ai_addr).s_addr; + hdr_v2->addr.ip4.dst_port = SOCK_ADDR_IN_PORT(dst_res->ai_addr); + } else { + msg_panic("unknown address family 0x%x", src_res->ai_family); + } + vstring_set_payload_size(buf, PP2_SIGNATURE_LEN + ntohs(hdr_v2->len)); + freeaddrinfo(src_res); + freeaddrinfo(dst_res); +} + +int main(int argc, char **argv) +{ + VSTRING *test_label; + TEST_CASE *v1_test_case; + TEST_CASE v2_test_case; + TEST_CASE mutated_test_case; + VSTRING *v2_request_buf; + VSTRING *mutated_request_buf; + + /* Findings. */ + int tests_failed = 0; + int test_failed; + + test_label = vstring_alloc(100); + v2_request_buf = vstring_alloc(100); + mutated_request_buf = vstring_alloc(100); + + for (tests_failed = 0, v1_test_case = v1_test_cases; + v1_test_case->haproxy_request != 0; + tests_failed += test_failed, v1_test_case++) { + + /* + * Fill in missing string length info in v1 test data. + */ + if (v1_test_case->haproxy_req_len == 0) + v1_test_case->haproxy_req_len = + strlen(v1_test_case->haproxy_request); + if (v1_test_case->exp_req_len == 0) + v1_test_case->exp_req_len = v1_test_case->haproxy_req_len; + + /* + * Evaluate each v1 test case. + */ + vstring_sprintf(test_label, "%d", (int) (v1_test_case - v1_test_cases)); + test_failed = evaluate_test_case(STR(test_label), v1_test_case); + + /* + * If the v1 test input is malformed, skip the mutation tests. + */ + if (v1_test_case->exp_return != 0) + continue; + + /* + * Mutation test: a well-formed v1 test case should still pass after + * appending a byte, and should return the actual parsed header + * length. The test uses the implicit VSTRING null safety byte. + */ + vstring_sprintf(test_label, "%d (one byte appended)", + (int) (v1_test_case - v1_test_cases)); + mutated_test_case = *v1_test_case; + mutated_test_case.haproxy_req_len += 1; + /* reuse v1_test_case->exp_req_len */ + test_failed += evaluate_test_case(STR(test_label), &mutated_test_case); + + /* + * Mutation test: a well-formed v1 test case should fail after + * stripping the terminator. + */ + vstring_sprintf(test_label, "%d (last byte stripped)", + (int) (v1_test_case - v1_test_cases)); + mutated_test_case = *v1_test_case; + mutated_test_case.exp_return = "missing protocol header terminator"; + mutated_test_case.haproxy_req_len -= 1; + mutated_test_case.exp_req_len = mutated_test_case.haproxy_req_len; + test_failed += evaluate_test_case(STR(test_label), &mutated_test_case); + + /* + * A 'well-formed' v1 test case should pass after conversion to v2. + */ + vstring_sprintf(test_label, "%d (converted to v2)", + (int) (v1_test_case - v1_test_cases)); + v2_test_case = *v1_test_case; + convert_v1_proxy_req_to_v2(v2_request_buf, + v1_test_case->haproxy_request, + v1_test_case->haproxy_req_len); + v2_test_case.haproxy_request = STR(v2_request_buf); + v2_test_case.haproxy_req_len = PP2_HEADER_LEN + + ntohs(((struct proxy_hdr_v2 *) STR(v2_request_buf))->len); + v2_test_case.exp_req_len = v2_test_case.haproxy_req_len; + test_failed += evaluate_test_case(STR(test_label), &v2_test_case); + + /* + * Mutation test: a well-formed v2 test case should still pass after + * appending a byte, and should return the actual parsed header + * length. The test uses the implicit VSTRING null safety byte. + */ + vstring_sprintf(test_label, "%d (converted to v2, one byte appended)", + (int) (v1_test_case - v1_test_cases)); + mutated_test_case = v2_test_case; + mutated_test_case.haproxy_req_len += 1; + /* reuse v2_test_case->exp_req_len */ + test_failed += evaluate_test_case(STR(test_label), &mutated_test_case); + + /* + * Mutation test: a well-formed v2 test case should fail after + * stripping one byte + */ + vstring_sprintf(test_label, "%d (converted to v2, last byte stripped)", + (int) (v1_test_case - v1_test_cases)); + mutated_test_case = v2_test_case; + mutated_test_case.haproxy_req_len -= 1; + mutated_test_case.exp_req_len = mutated_test_case.haproxy_req_len; + mutated_test_case.exp_return = "short version 2 protocol header"; + test_failed += evaluate_test_case(STR(test_label), &mutated_test_case); + } + + /* + * Additional V2-only tests. + */ + test_failed += + evaluate_test_case("v2 non-proxy request", &v2_non_proxy_test); + + /* + * Clean up. + */ + vstring_free(v2_request_buf); + vstring_free(mutated_request_buf); + vstring_free(test_label); + if (tests_failed) + msg_info("tests failed: %d", tests_failed); + exit(tests_failed != 0); +} + +#endif |