rpc: More robust localhost-UNIX detection

laanwj · laanwj · commit 695e854a0444 · 2017-03-12T15:11:39.000+01:00
evhttp has no direct support for UNIX sockets thus
is not able to recognize UNIX peers. Add custom code in
HTTPRequest::GetPeer and evunix to recognize these connections
as coming from localhost.

The previous solution did not work on some libevent versions.
diff --git a/src/httpserver.cpp b/src/httpserver.cpp
@@ -663,16 +663,21 @@ CService HTTPRequest::GetPeer()
     evhttp_connection* con = evhttp_request_get_connection(req);
     CService peer;
     if (con) {
+#ifdef HAVE_SOCKADDR_UN
+        // evhttp has no way to query what bindsocket a connection
+        // came in on, so we need this low-level code to be able to
+        // correctly mark UNIX socket connections as coming from localhost.
+        struct bufferevent *bev = evhttp_connection_get_bufferevent(con);
+        if (bev && evunix_is_conn_from_unix(bev)) {
+            // As we have no way to signify "UNIX localhost" here, just return
+            // IPv6 localhost.
+            return LookupNumeric("::1", 0);
+        }
+#endif
         // evhttp retains ownership over returned address string
         const char* address = "";
         uint16_t port = 0;
         evhttp_connection_get_peer(con, (char**)&address, &port);
-        if (!strcmp(address, "localhost")) {
-            /* Special: will get here for UNIX sockets. As we have no way to indicate that,
-             * just pass localhost IPv6.
-             */
-            address = "::1";
-        }
         peer = LookupNumeric(address, port);
     }
     return peer;
diff --git a/src/support/evunix.cpp b/src/support/evunix.cpp
@@ -84,6 +84,18 @@ int evunix_connect_fd(const boost::filesystem::path &path)
     return fd;
 }
 
+bool evunix_is_conn_from_unix_fd(int fd)
+{
+    struct sockaddr_un peer_unix;
+    socklen_t peer_unix_len = sizeof(peer_unix);
+    if (getpeername(fd, (sockaddr*)&peer_unix, &peer_unix_len) == 0) {
+        if (peer_unix.sun_family == AF_UNIX) {
+            return true;
+        }
+    }
+    return false;
+}
+
 struct bufferevent *evunix_bind(struct event_base *base, const boost::filesystem::path &path)
 {
     struct bufferevent *rv;
@@ -105,3 +117,12 @@ struct bufferevent *evunix_connect(struct event_base *base, const boost::filesys
     }
     return rv;
 }
+
+bool evunix_is_conn_from_unix(struct bufferevent *bev)
+{
+    int fd;
+    if ((fd = bufferevent_getfd(bev)) != -1) {
+        return evunix_is_conn_from_unix_fd(fd);
+    }
+    return false;
+}
diff --git a/src/support/evunix.h b/src/support/evunix.h
@@ -11,6 +11,10 @@
 struct event_base;
 struct bufferevent;
 
+// All these functions come in a plain (high-level) and _fd (low-level)
+// variant. The plain version takes/yields a libevent bufferevent*, the _fd
+// functions file descriptor.
+
 /** Bind on a UNIX socket.
  * Returns a bufferevent that can be used to send or receive data on the socket, or NULL
  * on failure.
@@ -39,4 +43,14 @@ int evunix_connect_fd(const boost::filesystem::path &path);
  */
 bool evunix_remove_socket(const boost::filesystem::path &path);
 
+/** Return whether incoming connection fd came in on a UNIX socket.
+ */
+bool evunix_is_conn_from_unix_fd(int fd);
+
+/** Return whether incoming connection bev came in on a UNIX socket.
+ * This is a hack because evhttp won't let us know what bound socket a connection
+ * came in on.
+ */
+bool evunix_is_conn_from_unix(struct bufferevent *bev);
+
 #endif
