Use timeout support for all network operations

Add timeout support to the token functions.  Adjust all callers
accordingly.  Use a one hour timeout for all server network calls.
Add the data and hook for setting a client timeout, although currently
there's no way to set it.

Change-Id: Ife4c6cd1b4fbc94623b82bd85e17a0d9a3919fb4

4 files changed, 28 insertions, 15 deletions

diff --git a/server/generic.c b/server/generic.c
index 7477aa7..9c77d93 100644
--- a/server/generic.c
+++ b/server/generic.c
@@ -6,7 +6,7 @@
  *
  * Written by Russ Allbery <rra@stanford.edu>
  * Based on work by Anton Ushakov
- * Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
+ * Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2012
  *     The Board of Trustees of the Leland Stanford Junior University
  *
  * See LICENSE for licensing terms.
@@ -83,7 +83,8 @@ server_new_client(int fd, gss_cred_id_t creds)
         free(buffer);
 
     /* Accept the initial (worthless) token. */
-    status = token_recv(client->fd, &flags, &recv_tok, TOKEN_MAX_LENGTH);
+    status = token_recv(client->fd, &flags, &recv_tok, TOKEN_MAX_LENGTH,
+                        TIMEOUT);
     if (status != TOKEN_OK) {
         warn_token("receiving initial token", status, major, minor);
         goto fail;
@@ -100,7 +101,8 @@ server_new_client(int fd, gss_cred_id_t creds)
 
     /* Now, do the real work of negotiating the context. */
     do {
-        status = token_recv(client->fd, &flags, &recv_tok, TOKEN_MAX_LENGTH);
+        status = token_recv(client->fd, &flags, &recv_tok, TOKEN_MAX_LENGTH,
+                            TIMEOUT);
         if (status != TOKEN_OK) {
             warn_token("receiving context token", status, major, minor);
             goto fail;
@@ -126,7 +128,7 @@ server_new_client(int fd, gss_cred_id_t creds)
             flags = TOKEN_CONTEXT;
             if (client->protocol > 1)
                 flags |= TOKEN_PROTOCOL;
-            status = token_send(client->fd, flags, &send_tok);
+            status = token_send(client->fd, flags, &send_tok, TIMEOUT);
             if (status != TOKEN_OK) {
                 warn_token("sending context token", status, major, minor);
                 gss_release_buffer(&minor, &send_tok);
diff --git a/server/internal.h b/server/internal.h
index 73419f2..8a48fb4 100644
--- a/server/internal.h
+++ b/server/internal.h
@@ -2,7 +2,7 @@
  * Internal support functions for the remctld daemon.
  *
  * Written by Russ Allbery <rra@stanford.edu>
- * Copyright 2006, 2007, 2008, 2009, 2010
+ * Copyright 2006, 2007, 2008, 2009, 2010, 2012
  *     The Board of Trustees of the Leland Stanford Junior University
  *
  * See LICENSE for licensing terms.
@@ -33,6 +33,12 @@ struct iovec;
  */
 #define MAXCMDARGS (4 * 1024)
 
+/*
+ * The timeout.  We won't wait for longer than this number of seconds for more
+ * data from the client.  This needs to be configurable.
+ */
+#define TIMEOUT (60 * 60)
+
 /* Holds the information about a client connection. */
 struct client {
     int fd;                     /* File descriptor of client connection. */
diff --git a/server/server-v1.c b/server/server-v1.c
index 27b9169..d52b781 100644
--- a/server/server-v1.c
+++ b/server/server-v1.c
@@ -7,7 +7,7 @@
  *
  * Written by Russ Allbery <rra@stanford.edu>
  * Based on work by Anton Ushakov
- * Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
+ * Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2012
  *     The Board of Trustees of the Leland Stanford Junior University
  *
  * See LICENSE for licensing terms.
@@ -54,7 +54,7 @@ server_v1_send_output(struct client *client, int exit_status)
     
     /* Send the token. */
     status = token_send_priv(client->fd, client->context, TOKEN_DATA, &token,
-                             &major, &minor);
+                             TIMEOUT, &major, &minor);
     if (status != TOKEN_OK) {
         warn_token("sending output token", status, major, minor);
         free(token.value);
@@ -80,7 +80,7 @@ server_v1_handle_messages(struct client *client, struct config *config)
 
     /* Receive the message. */
     status = token_recv_priv(client->fd, client->context, &flags, &token,
-                             TOKEN_MAX_LENGTH, &major, &minor);
+                             TOKEN_MAX_LENGTH, TIMEOUT, &major, &minor);
     if (status != TOKEN_OK) {
         warn_token("receiving command token", status, major, minor);
         if (status == TOKEN_FAIL_LARGE)
diff --git a/server/server-v2.c b/server/server-v2.c
index 0a5151a..a058916 100644
--- a/server/server-v2.c
+++ b/server/server-v2.c
@@ -5,7 +5,7 @@
  *
  * Written by Russ Allbery <rra@stanford.edu>
  * Based on work by Anton Ushakov
- * Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
+ * Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2012
  *     The Board of Trustees of the Leland Stanford Junior University
  *
  * See LICENSE for licensing terms.
@@ -59,7 +59,8 @@ server_v2_send_output(struct client *client, int stream)
 
     /* Send the token. */
     status = token_send_priv(client->fd, client->context,
-                 TOKEN_DATA | TOKEN_PROTOCOL, &token, &major, &minor);
+                             TOKEN_DATA | TOKEN_PROTOCOL, &token, TIMEOUT,
+                             &major, &minor);
     if (status != TOKEN_OK) {
         warn_token("sending output token", status, major, minor);
         free(token.value);
@@ -93,7 +94,8 @@ server_v2_send_status(struct client *client, int exit_status)
 
     /* Send the token. */
     status = token_send_priv(client->fd, client->context,
-                 TOKEN_DATA | TOKEN_PROTOCOL, &token, &major, &minor);
+                             TOKEN_DATA | TOKEN_PROTOCOL, &token, TIMEOUT,
+                             &major, &minor);
     if (status != TOKEN_OK) {
         warn_token("sending status token", status, major, minor);
         client->fatal = true;
@@ -135,7 +137,8 @@ server_v2_send_error(struct client *client, enum error_codes code,
 
     /* Send the token. */
     status = token_send_priv(client->fd, client->context,
-                 TOKEN_DATA | TOKEN_PROTOCOL, &token, &major, &minor);
+                             TOKEN_DATA | TOKEN_PROTOCOL, &token, TIMEOUT,
+                             &major, &minor);
     if (status != TOKEN_OK) {
         warn_token("sending error token", status, major, minor);
         free(token.value);
@@ -169,7 +172,8 @@ server_v2_send_version(struct client *client)
 
     /* Send the token. */
     status = token_send_priv(client->fd, client->context,
-                 TOKEN_DATA | TOKEN_PROTOCOL, &token, &major, &minor);
+                             TOKEN_DATA | TOKEN_PROTOCOL, &token, TIMEOUT,
+                             &major, &minor);
     if (status != TOKEN_OK) {
         warn_token("sending version token", status, major, minor);
         client->fatal = true;
@@ -200,7 +204,8 @@ server_v3_send_noop(struct client *client)
 
     /* Send the token. */
     status = token_send_priv(client->fd, client->context,
-                 TOKEN_DATA | TOKEN_PROTOCOL, &token, &major, &minor);
+                             TOKEN_DATA | TOKEN_PROTOCOL, &token, TIMEOUT,
+                             &major, &minor);
     if (status != TOKEN_OK) {
         warn_token("sending no-op token", status, major, minor);
         client->fatal = true;
@@ -223,7 +228,7 @@ server_v2_read_token(struct client *client, gss_buffer_t token)
     int status, flags;
     
     status = token_recv_priv(client->fd, client->context, &flags, token,
-                             TOKEN_MAX_LENGTH, &major, &minor);
+                             TOKEN_MAX_LENGTH, TIMEOUT, &major, &minor);
     if (status != TOKEN_OK) {
         warn_token("receiving token", status, major, minor);
         if (status != TOKEN_FAIL_EOF)