-rw-r--r-- | src/eyefiworker.cc | 287 |
1 files changed, 286 insertions, 1 deletions
diff --git a/src/eyefiworker.cc b/src/eyefiworker.cc index 450661a..ac75fc1 100644 --- a/src/eyefiworker.cc +++ b/src/eyefiworker.cc @@ -1,54 +1,339 @@ #include <signal.h> #ifndef NDEBUG # include <sys/resource.h> #endif #include <syslog.h> +#include <cassert> +#include <iostream> +#include <fstream> #include <stdexcept> +#include <iterator> +#include <algorithm> +#include <sys/wait.h> +#include <autosprintf.h> +#include "eyekinfig.h" +#include "eyetil.h" #include "eyefiworker.h" #ifdef HAVE_SQLITE -# include "sqlite3.h" +# include "iiidb.h" #endif eyefiworker::eyefiworker() : eyefiService(SOAP_IO_STORE|SOAP_IO_KEEPALIVE) { bind_flags = SO_REUSEADDR; max_keep_alive = 0; socket_flags = #if defined(MSG_NOSIGNAL) MSG_NOSIGNAL #elif defined(SO_NOSIGPIPE) SO_NOSIGPIPE #else #error Something is wrong with sigpipe prevention on the platform #endif ; } int eyefiworker::run(int bindport) { #ifdef HAVE_SQLITE sqlite3_initialize(); #endif if(!soap_valid_socket(bind(0,bindport,64))) throw std::runtime_error("failed to bind()"); signal(SIGCHLD,SIG_IGN); while(true) { if(!soap_valid_socket(accept())) throw std::runtime_error("failed to accept()"); pid_t p = fork(); if(p<0) throw std::runtime_error("failed to fork()"); if(!p) { recv_timeout = 600; send_timeout = 120; (void)serve(); soap_destroy(this); soap_end(this); soap_done(this); #ifndef NDEBUG struct rusage ru; if(getrusage(RUSAGE_SELF,&ru)) { syslog(LOG_NOTICE,"Failed to getrusage(): %d",errno); }else{ syslog(LOG_INFO,"maxrss: %ld\n",ru.ru_maxrss); } #endif /* NDEBUG */ _exit(0); } close(socket); socket = SOAP_INVALID_SOCKET; } } + +static binary_t session_nonce; +#ifdef HAVE_SQLITE + static struct { + std::string filesignature; + long filesize; + std::string filename; + inline void reset() { filesignature.erase(); filename.erase(); filesize=0; } + inline void set(const std::string n,const std::string sig,long siz) { + filename = n; filesignature = sig; filesize = siz; + } + inline bool is(const std::string n,const std::string sig,long siz) { + return filesize==siz && filename==n && filesignature==sig; + } + } already; +#endif /* HAVE_SQLITE */ + +static bool detached_child() { + pid_t p = fork(); + if(p<0) { + syslog(LOG_ERR,"Failed to fork away for hook execution"); + _exit(-1); + } + if(!p) { + setsid(); + for(int i=getdtablesize();i>=0;--i) close(i); + int i=open("/dev/null",O_RDWR); assert(i==0); + i = dup(i); assert(i==1); + i = dup(i); assert(i==2); + return true; + } + return false; +} + +static int E(eyefiworker* efs,const char *c,const std::exception& e) { + efs->keep_alive=0; + syslog(LOG_ERR,"error while processing %s: %s",c,e.what()); + return soap_sender_fault(efs,gnu::autosprintf("error processing %s",c),0); +} + +int eyefiworker::StartSession( + std::string macaddress,std::string cnonce, + int transfermode,long transfermodetimestamp, + struct rns__StartSessionResponse &r ) try { + syslog(LOG_INFO, + "StartSession request from %s with cnonce=%s, transfermode=%d, transfermodetimestamp=%ld", + macaddress.c_str(), cnonce.c_str(), transfermode, transfermodetimestamp ); + eyekinfig_t eyekinfig(macaddress); + r.credential = binary_t(macaddress+cnonce+eyekinfig.get_upload_key()).md5().hex(); + + r.snonce = session_nonce.make_nonce().hex(); + r.transfermode=transfermode; + r.transfermodetimestamp=transfermodetimestamp; + r.upsyncallowed=false; + + std::string cmd = eyekinfig.get_on_start_session(); + if(!cmd.empty()) { + if(detached_child()) { + putenv( gnu::autosprintf("EYEFI_MACADDRESS=%s",macaddress.c_str()) ); + putenv( gnu::autosprintf("EYEFI_TRANSFERMODE=%d",transfermode) ); + putenv( gnu::autosprintf("EYEFI_TRANSFERMODETIMESTAMP=%ld",transfermodetimestamp) ); + char *argv[] = { (char*)"/bin/sh", (char*)"-c", (char*)cmd.c_str(), 0 }; + execv("/bin/sh",argv); + syslog(LOG_ERR,"Failed to execute '%s'",cmd.c_str()); + _exit(-1); + } + } + return SOAP_OK; +}catch(const std::exception& e) { return E(this,"StartSession",e); } + +int eyefiworker::GetPhotoStatus( + std::string credential, std::string macaddress, + std::string filename, long filesize, std::string filesignature, + int flags, + struct rns__GetPhotoStatusResponse &r ) try { + syslog(LOG_INFO, + "GetPhotoStatus request from %s with credential=%s, filename=%s, filesize=%ld, filesignature=%s, flags=%d; session nonce=%s", + macaddress.c_str(), credential.c_str(), filename.c_str(), filesize, filesignature.c_str(), flags, + session_nonce.hex().c_str() ); + + eyekinfig_t eyekinfig(macaddress); + std::string computed_credential = binary_t(macaddress+eyekinfig.get_upload_key()+session_nonce.hex()).md5().hex(); + +#ifndef NDEBUG + syslog(LOG_DEBUG, " computed credential=%s", computed_credential.c_str()); +#endif + + if (credential != computed_credential) throw std::runtime_error("card authentication failed"); + +#ifdef HAVE_SQLITE + iiidb_t D(eyekinfig); + seclude::stmt_t S = D.prepare( + "SELECT fileid FROM photo" + " WHERE mac=:mac AND filename=:filename" + " AND filesize=:filesize AND filesignature=:filesignature" + ).bind(":mac",macaddress) + .bind(":filename",filename).bind(":filesize",filesize) + .bind(":filesignature",filesignature); + if(!S.step()) { + r.fileid = 1; r.offset = 0; + }else{ + r.fileid = S.column<long>(0); + r.offset = filesize; + already.set(filename,filesignature,filesize); + } +#else /* HAVE_SQLITE */ + r.fileid=1, r.offset=0; +#endif /* HAVE_SQLITE */ + return SOAP_OK; +}catch(const std::exception& e) { return E(this,"GetPhotoStatus",e); } + +int eyefiworker::MarkLastPhotoInRoll( + std::string macaddress, int mergedelta, + struct rns__MarkLastPhotoInRollResponse&/* r */ ) try { + syslog(LOG_INFO, + "MarkLastPhotoInRoll request from %s with mergedelta=%d", + macaddress.c_str(), mergedelta ); + std::string cmd = eyekinfig_t(macaddress).get_on_mark_last_photo_in_roll(); + if(!cmd.empty()) { + if(detached_child()) { + putenv( gnu::autosprintf("EYEFI_MACADDRESS=%s",macaddress.c_str()) ); + putenv( gnu::autosprintf("EYEFI_MERGEDELTA=%d",mergedelta) ); + char *argv[] = { (char*)"/bin/sh", (char*)"-c", (char*)cmd.c_str(), 0 }; + execv("/bin/sh",argv); + syslog(LOG_ERR,"Failed to execute '%s'",cmd.c_str()); + _exit(-1); + } + } + keep_alive = 0; + return SOAP_OK; +}catch(const std::exception& e) { return E(this,"MarkLastPhotoInRoll",e); } + +int eyefiworker::UploadPhoto( + int fileid, std::string macaddress, + std::string filename, long filesize, std::string filesignature, + std::string encryption, int flags, + struct rns__UploadPhotoResponse& r ) try { + syslog(LOG_INFO, + "UploadPhoto request from %s with fileid=%d, filename=%s, filesize=%ld," + " filesignature=%s, encryption=%s, flags=%04X", + macaddress.c_str(), fileid, filename.c_str(), filesize, + filesignature.c_str(), encryption.c_str(), flags ); + std::string::size_type fnl=filename.length(); + if(fnl<sizeof(".tar") || strncmp(filename.c_str()+fnl-sizeof(".tar")+sizeof(""),".tar",sizeof(".tar"))) + throw std::runtime_error(gnu::autosprintf("honestly, I expected the tarball coming here, not '%s'",filename.c_str())); + std::string the_file(filename,0,fnl-sizeof(".tar")+sizeof("")); + std::string the_log = the_file+".log"; + + eyekinfig_t eyekinfig(macaddress); + + umask(eyekinfig.get_umask()); + + std::string td = eyekinfig.get_targetdir(); + tmpdir_t indir(td+"/.incoming.XXXXXX"); + + std::string tf,lf; + binary_t digest, idigest; +#ifdef HAVE_SQLITE + bool beenthere = false; +#endif + + for(soap_multipart::iterator i=mime.begin(),ie=mime.end();i!=ie;++i) { +#ifndef NDEBUG + syslog(LOG_DEBUG, + " MIME attachment with id=%s, type=%s, size=%ld", + (*i).id, (*i).type, (long)(*i).size ); +#endif + + if((*i).id && !strcmp((*i).id,"INTEGRITYDIGEST")) { + std::string idigestr((*i).ptr,(*i).size); +#ifndef NDEBUG + syslog(LOG_DEBUG, " INTEGRITYDIGEST=%s", idigestr.c_str()); +#endif + idigest.from_hex(idigestr); + } + if( (*i).id && !strcmp((*i).id,"FILENAME") ) { + assert( (*i).type && !strcmp((*i).type,"application/x-tar") ); +#ifdef III_SAVE_TARS + std::string tarfile = indir.get_file(filename); + { + std::ofstream(tarfile.c_str(),std::ios::out|std::ios::binary).write((*i).ptr,(*i).size); + } +#endif + + if(!tf.empty()) throw std::runtime_error("already seen tarball"); + if(!digest.empty()) throw std::runtime_error("already have integrity digest"); + digest = integrity_digest((*i).ptr,(*i).size,eyekinfig.get_upload_key()); +#ifndef NDEBUG + syslog(LOG_DEBUG," computed integrity digest=%s", digest.hex().c_str()); +#endif +#ifdef HAVE_SQLITE + if(!(*i).size) { + if(!already.is(filename,filesignature,filesize)) + throw std::runtime_error("got zero-length upload for unknown file"); + beenthere = true; continue; + } +#endif + + tarchive_t a((*i).ptr,(*i).size); + while(a.read_next_header()) { + std::string ep = a.entry_pathname(), f = indir.get_file(ep); + if(ep==the_file) tf = f; + else if(ep==the_log) lf = f; + else continue; + int fd=open(f.c_str(),O_CREAT|O_WRONLY,0666); + if(fd<0) + throw std::runtime_error(gnu::autosprintf("failed to create output file '%s'",f.c_str())); + if(!a.read_data_into_fd(fd)) + throw std::runtime_error(gnu::autosprintf("failed to untar file into '%s'",f.c_str())); + close(fd); + } + } + } + +#ifdef HAVE_SQLITE + if(beenthere) { + r.success=true; + return SOAP_OK; + } +#endif + + if(tf.empty()) throw std::runtime_error("haven't seen THE file"); + if(digest!=idigest) throw std::runtime_error("integrity digest verification failed"); + + std::string::size_type ls = tf.rfind('/'); + // XXX: actually, lack of '/' signifies error here + std::string tbn = (ls==std::string::npos)?tf:tf.substr(ls+1); + ls = lf.rfind('/'); + std::string lbn = (ls==std::string::npos)?lf:lf.substr(ls+1); + std::string ttf,tlf; + bool success = false; + for(int i=0;i<32767;++i) { + const char *fmt = i ? "%1$s/(%3$05d)%2$s" : "%1$s/%2$s"; + ttf = (const char*)gnu::autosprintf(fmt,td.c_str(),tbn.c_str(),i); + if(!lf.empty()) tlf = (const char*)gnu::autosprintf(fmt,td.c_str(),lbn.c_str(),i); + if( (!link(tf.c_str(),ttf.c_str())) && (lf.empty() || !link(lf.c_str(),tlf.c_str())) ) { + unlink(tf.c_str()); + if(!lf.empty()) unlink(lf.c_str()); + success=true; + break; + } + } + std::string cmd = eyekinfig.get_on_upload_photo(); + if(success) { +#ifdef HAVE_SQLITE + { + iiidb_t D(eyekinfig); + D.prepare( + "INSERT INTO photo" + " (ctime,mac,fileid,filename,filesize,filesignature,encryption,flags)" + " VALUES" + " (:ctime,:mac,:fileid,:filename,:filesize,:filesignature,:encryption,:flags)" + ).bind(":ctime",time(0)) + .bind(":mac",macaddress) + .bind(":fileid",fileid).bind(":filename",filename) + .bind(":filesize",filesize).bind(":filesignature",filesignature) + .bind(":encryption",encryption).bind(":flags",flags) + .step(); + } +#endif /* HAVE_SQLITE */ + if((!cmd.empty()) && detached_child()) { + putenv( gnu::autosprintf("EYEFI_UPLOADED_ORIG=%s",tbn.c_str()) ); + putenv( gnu::autosprintf("EYEFI_MACADDRESS=%s",macaddress.c_str()) ); + putenv( gnu::autosprintf("EYEFI_UPLOADED=%s",ttf.c_str()) ); + if(!lf.empty()) putenv( gnu::autosprintf("EYEFI_LOG=%s",tlf.c_str()) ); + char *argv[] = { (char*)"/bin/sh", (char*)"-c", (char*)cmd.c_str(), 0 }; + execv("/bin/sh",argv); + syslog(LOG_ERR,"Failed to execute '%s'",cmd.c_str()); + _exit(-1); + } + } + + r.success = true; + return SOAP_OK; +}catch(const std::exception& e) { return E(this,"UploadPhoto",e); } + |