source: trunk/include/slib.h@ 134

Last change on this file since 134 was 131, checked in by rainer, 17 years ago

Use thread-safe libc functions.
File size: 13.8 KB
RevLine 
[1]1/* --------------------------------------------------------------
2 *
3 * The developement of this library has been stimulated by reading
4 * a paper on 'Robust Programming' by Matt Bishop, although
5 * not all of his ideas might be implemented in the same
6 * strictness as discussed in the paper.
7 *
8 * --------------------------------------------------------------
9 */
10
11#ifndef SL_SLIB_H
12#define SL_SLIB_H
13
14#include <errno.h>
15#include <stdio.h>
16#include <stdlib.h>
17#include <stdarg.h>
18#include <sys/types.h>
19
20#include "config_xor.h"
21
22#ifdef HAVE_UNISTD_H
23#include <unistd.h>
24#endif
25
26/****************
27
28 -- Defined in config.h. --
29
30 #ifndef _(string)
31 #define _(string) string
32 #endif
33
34 #ifndef N_(string)
35 #define N_(string) string
36 #endif
37
38*****************/
39
40/* --------------------------------------------------------------
41 *
42 * Typedefs, global variables, macros.
43 *
44 * --------------------------------------------------------------
45 */
46
47extern long int sl_errno; /* Global error variable. */
48
49
50/* The ticketing system; used to hide internals from the
51 * programmer.
52 */
53typedef long int SL_TICKET; /* Unique ID for opened files. */
54
55
56/*
57 * TRUE, FALSE
58 */
59#define SL_TRUE 1
60#define SL_FALSE 0
61
62
63
64/*
65 * The following macros are provided:
66 *
67 * SL_ISERROR(x) TRUE if return status of 'x' is an error code.
68 * SL_REQUIRE(x, xstr) Abort if 'x' is false.
69 * SL_ENTER(s) Trace entry in function 's'.
70 * SL_RETURN(x, s) Trace return from function 's'.
71 */
72
73
74/*
75 * The error codes.
76 */
77#define SL_ENONE 0
78
79#define SL_ENULL -1024 /* Invalid use of NULL pointer. */
80#define SL_ERANGE -1025 /* Argument out of range. */
81#define SL_ETRUNC -1026 /* Result truncated. */
82#define SL_EREPEAT -1027 /* Illegal repeated use of function. */
83
84#define SL_EINTERNAL -1028 /* Internal error. */
85#define SL_ETICKET -1029 /* Bad ticket. */
86#define SL_EBADFILE -1030 /* File access error. Check errno. */
87#define SL_EBOGUS -1031 /* Bogus file. */
88#define SL_EMEM -1032 /* Out of memory. */
89#define SL_EUNLINK -1033 /* Unlink error. Check errno. */
90#define SL_EREWIND -1034 /* Rewind error. Check errno. */
91#define SL_EFORWARD -1035 /* Forward error. Check errno. */
92#define SL_EREAD -1036 /* Read error. Check errno. */
93#define SL_EWRITE -1037 /* Write error. Check errno. */
94#define SL_ESYNC -1038 /* Write error. Check errno. */
95
96#define SL_EBADNAME -1040 /* Invalid name. */
97#define SL_ESTAT -1041 /* stat of file failed. Check errno. */
98
99#define SL_EBADUID -1050 /* Owner not trustworthy. */
100#define SL_EBADGID -1051 /* Group writeable and not trustworthy.*/
101#define SL_EBADOTH -1052 /* World writeable. */
102
103#define SL_TOOMANY -1053 /* Too many open files */
104#define SL_TIMEOUT -1054 /* Timeout in read */
105/*
106 * All int functions return SL_NONE on success.
107 */
108
109#ifdef __cplusplus
110extern "C" {
111#endif
112
113 int dlog (int flag, char * file, int line, const char *fmt, ...);
114
115 char * sl_get_errmsg();
116
117 /* ----------------------------------------------------------------
118 *
119 * Heap consistency routines
120 *
121 * ---------------------------------------------------------------- */
122
123 int sl_test_heap();
124
125 /* ----------------------------------------------------------------
126 *
127 * Capability routines
128 *
129 * ---------------------------------------------------------------- */
130
131 extern int sl_useCaps;
132
133 int sl_drop_cap ();
134 int sl_drop_cap_sub();
135 int sl_get_cap_sub();
136 int sl_drop_cap_qdel();
137 int sl_get_cap_qdel();
138
139 /* ----------------------------------------------------------------
140 *
141 * String handling routines
142 *
143 * ---------------------------------------------------------------- */
144
145 /*
146 * A memset that does not get optimized away
147 */
148 void *sl_memset(void *s, int c, size_t n);
[11]149#if !defined(SH_REAL_SET)
[1]150#undef memset
151#define memset sl_memset
[11]152#endif
[1]153
154 /*
155 * Copy src to dst. siz is the length of dst.
156 */
157 int sl_strlcpy(char * dst, /*@null@*/const char * src, size_t siz);
158
159 /*
160 * Append src to dst. siz is the length of dst.
161 */
162 int sl_strlcat(char * dst, /*@null@*/const char *src, size_t siz);
163
164 /*
165 * An implementation of vsnprintf. va_start/va_end are in the caller
166 * function.
167 */
168 int sl_vsnprintf(char *str, size_t n,
169 const char *format, va_list vl );
170
171 /*
172 * An implementation of snprintf.
173 */
174 int sl_snprintf(char *str, size_t n,
175 const char *format, ... );
176
177 /*
178 * A robust drop-in replacement of strncpy. strlcpy is preferable.
179 */
180 char * sl_strncpy(/*@out@*/char *dst, const char *src, size_t size);
181
182 /*
183 * Robust strncat.
184 */
185 char * sl_strncat(char *dst, const char *src, size_t n);
186
187 /*
188 * strstr
189 */
190 char * sl_strstr (const char * haystack, const char * needle);
191
192 /*
193 * robust strncmp replacement
194 */
195 int sl_strncmp(const char * a, const char * b, size_t n);
196
197 /*
198 * robust strcmp replacement
199 */
200 int sl_strcmp(const char * a, const char * b);
201
202 /*
203 * robust strlen replacement
204 */
205#define sl_strlen(arg) ((arg == NULL) ? 0 : (strlen(arg)))
206
207 /* ----------------------------------------------------------------
208 *
209 * Privilege handling routines
210 *
211 * ---------------------------------------------------------------- */
212
213 /*
214 * ONE OF THE FOLLOWING THREE FUNCTIONS
215 * SHOULD BE CALLED BEFORE ANY OTHER OF THE
216 * UID HANDLING FUNCTIONS.
217 */
218 int sl_policy_get_user(char *username); /* drop SUID to <username> */
219 int sl_policy_get_real(char *username); /* drop privs to <username> */
220 int sl_policy_get_root(void); /* drop SUID to root */
221
222 /*
223 * If not using one of the above, use this function,
224 * and then call sh_unset_suid().
225 * This function saves the uid's.
226 * It calls abort() on error.
227 */
228 int sl_save_uids(void);
229
230 /*
231 * This function returns the saved euid.
232 * It calls abort() if the uid's are not saved already.
233 */
234 int sl_get_euid(/*@out@*/uid_t * ret);
235 uid_t sl_ret_euid();
236
237 /*
238 * This function returns the saved egid.
239 * It calls abort() if the uid's are not saved already.
240 */
241 int sl_get_egid(/*@out@*/gid_t * ret);
242
243 /*
244 * This function returns the saved current ruid.
245 * It calls abort() if the uid's are not saved already.
246 */
247 int sl_get_ruid(/*@out@*/uid_t * ret);
248
249 /*
250 * This function returns the saved current rgid.
251 * It calls abort() if the uid's are not saved already.
252 */
253 int sl_get_rgid(gid_t * ret);
254
255 /*
256 * This function returns the saved original ruid.
257 * It calls abort() if the uid's are not saved already.
258 */
259 int sl_get_ruid_orig(uid_t * ret);
260
261 /*
262 * This function returns the saved original rgid.
263 * It calls abort() if the uid's are not saved already.
264 */
265 int sl_get_rgid_orig(gid_t * ret);
266
267 /*
268 * This function returns true if the program is SUID.
269 * It calls abort() if the uid's are not saved already.
270 */
271 int sl_is_suid(void);
272
273 /*
274 * This function sets the effective uid
275 * to the saved effective uid.
276 */
277 int sl_set_suid (void);
278
279 /*
280 * This function sets the effective uid to the real uid.
281 */
282 int sl_unset_suid (void);
283
284 /*
285 * This function drops SUID privileges irrevocably.
286 */
287 int sl_drop_privileges(void);
288
289 /* ----------------------------------------------------------------
290 *
291 * File handling routines
292 *
293 * ---------------------------------------------------------------- */
294
[76]295 SL_TICKET sl_make_ticket (int fd, const char * path);
[1]296
297 /* Open for writing.
298 */
[20]299 SL_TICKET sl_open_write (const char * fname, int priviledge_mode);
[1]300
301 /* Open for reading.
302 */
[20]303 SL_TICKET sl_open_read (const char * fname, int priviledge_mode);
[1]304
305 /* Open for reading w/minimum checking.
306 */
[20]307 SL_TICKET sl_open_fastread (const char * fname, int priviledge_mode);
[1]308
309 /* Open for read and write.
310 */
[20]311 SL_TICKET sl_open_rdwr (const char * fname, int priviledge_mode);
[1]312
313 /* Open for read and write, fail if file exists.
314 */
[20]315 SL_TICKET sl_open_safe_rdwr (const char * fname, int priv);
[1]316
317 /* Open for write, truncate.
318 */
[20]319 SL_TICKET sl_open_write_trunc (const char * fname, int priviledge_mode);
[1]320
321 /* Open for read and write, truncate.
322 */
[20]323 SL_TICKET sl_open_rdwr_trunc (const char * fname, int priviledge_mode);
[1]324
325 /* Close file.
326 */
327 int sl_close (SL_TICKET ticket);
328
329 /* Unlink file.
330 */
331 int sl_unlink (SL_TICKET ticket);
332
333 /* Rewind file.
334 */
335 int sl_rewind (SL_TICKET ticket);
336
337 /* Seek file.
338 */
339 int sl_seek (SL_TICKET ticket, off_t off_data);
340
341 /* Forward file.
342 */
343 int sl_forward (SL_TICKET ticket);
344
345 /* Sync file.
346 */
347 int sl_sync (SL_TICKET ticket);
348
349 /* Read file.
350 */
351 int sl_read (SL_TICKET ticket, void * buf, size_t count);
352
[8]353 int sl_read_timeout_prep (SL_TICKET ticket);
354
[131]355 int sl_read_timeout_fd (int fd, void * buf,
356 size_t count, int timeout, int is_nonblocking);
357
[1]358 int sl_read_timeout (SL_TICKET ticket, void * buf,
[131]359 size_t count, int timeout, int is_nonblocking);
[1]360
361 int sl_read_fast (SL_TICKET ticket, void * buf_in, size_t count);
362
363 /* Write file.
364 */
365 int sl_write (SL_TICKET ticket, void * msg, long nbytes);
366
367 /* Write file, terminate with newline.
368 */
369 int sl_write_line (SL_TICKET ticket, void * msg, long nbytes);
370
[76]371 /* As above, but only for non-constant strings.
372 */
373 int sl_write_line_fast (SL_TICKET ticket, void * msg, long nbytes);
374
[1]375 /* Drop all metadata for file descriptors >= fd.
376 */
377 int sl_dropall(int fd, int except);
378
379 /* Check whether file is trustworthy.
380 */
381 int sl_trustfile(char * path, uid_t * ok, uid_t * bad);
382
383 /* Check whether file is trustworthy.
384 */
385 int sl_trustfile_euid(char * filename, uid_t euid);
386
387 /* purge list of trusted users
388 */
389 int sl_trust_purge_user ();
390
391 /* Add a trusted user.
392 */
393 int sl_trust_add_user (uid_t pwid);
394
395 /* Get error string.
396 */
397 char * sl_error_string(int errorcode);
398
399 /* Get error file.
400 */
401 char * sl_trust_errfile(void);
402
[20]403 /* Overflow tests
404 */
405 int sl_ok_muli (int a, int b);
406 int sl_ok_divi (int a, int b);
407 int sl_ok_addi (int a, int b);
408 int sl_ok_subi (int a, int b);
[1]409
[34]410 int sl_ok_muls (size_t a, size_t b);
411 int sl_ok_adds (size_t a, size_t b);
412
413
[1]414#ifdef __cplusplus
415}
416#endif
417
418/* Privilege modes for file access.
419 */
420#define SL_YESPRIV 0x33
421#define SL_NOPRIV 0x34
422
[76]423/* Suitable for Linux
424 */
425#define MAXFILENAME 4096
[1]426
427
428/*
429 * This macro is TRUE if (x) < 0.
430 */
431#define SL_ISERROR(x) ((long)(x) < 0)
432
433#if defined(WITH_TPT)
434#define TPT(arg) dlog arg ;
435#else
436#define TPT(arg)
437#endif
438
439
440/*
441 * The 'require' macro.
442 */
443#define SL_REQUIRE(assertion, astext) \
444do { \
445 /*@i@*/ if (assertion) ; \
446 else { \
447 dlog(0, FIL__, __LINE__, SDG_AFAIL, \
448 FIL__, __LINE__, astext); \
449 _exit(EXIT_FAILURE); \
450 } \
451} while (0)
452
453
454/*
455 * The enter macro. Prints the trace if TRACE is on.
456 */
457extern int slib_do_trace;
458extern int slib_trace_fd;
459
460#if defined(SL_DEBUG)
461#define SL_ENTER(s) sl_stack_push(s, FIL__, __LINE__);
462#else
463#define SL_ENTER(s) if (slib_do_trace != 0) sl_trace_in(s, FIL__, __LINE__);
464#endif
465
466/*
467 * The return macro.
468 */
469#if defined(SL_DEBUG)
470#ifndef S_SPLINT_S
471#define SL_RETURN(x, s) \
472do { \
473 sl_stack_pop(s, FIL__, __LINE__); \
474 return(x); \
475} while(0)
476#else
477/*@notfunction@*/
478#define SL_RETURN(x, s) return(x);
479#endif /* S_SPLINT_S */
480#else
481#ifndef S_SPLINT_S
482#define SL_RETURN(x, s) \
483do { \
484 if (slib_do_trace != 0) \
485 sl_trace_out(s, FIL__, __LINE__); \
486 return(x); \
487} while(0)
488#else
489/*@notfunction@*/
490#define SL_RETURN(x, s) return(x);
491#endif /* S_SPLINT_S */
492#endif /* SL_RETURN macro */
493
494#if defined(SL_DEBUG)
495#define SL_RET0(s) \
496do { \
497 sl_stack_pop(s, FIL__, __LINE__); \
498 return; \
499} while(0)
500#else
501#ifndef S_SPLINT_S
502#define SL_RET0(s) \
503do { \
504 if (slib_do_trace != 0) \
505 sl_trace_out(s, FIL__, __LINE__); \
506 return; \
507} while(0)
508#else
509/*@notfunction@*/
510#define SL_RET0(s) return;
511#endif /* S_SPLINT_S */
512#endif /* SL_RETURN macro */
513
514#if defined(SL_DEBUG)
515void sl_stack_push(char * c, char * file, int line);
516void sl_stack_pop(char * c, char * file, int line);
517void sl_stack_print();
518#endif
519void sl_trace_in (char * str, char * file, int line);
520void sl_trace_out (char * str, char * file, int line);
[20]521int sl_trace_file (const char * str);
522int sl_trace_use (const char * str);
[1]523
524
525
526
527/*
528 * The internal return macro. Sets sl_errno to the return value.
529 */
530
531#if defined(SL_DEBUG)
532#define SL_IRETURN(x, s) \
533do { \
534 if((long)(x) < 0) { \
535 TPT((0, FIL__, __LINE__, SDG_ERROR, (long)(x))) \
536 sl_errno=(x); \
537 } \
538 sl_stack_pop(s, FIL__, __LINE__); \
539 if (1) return(x); \
540} while(0)
541#else
542#define SL_IRETURN(x, s) \
543do { \
544 if ((long)(x) < 0) sl_errno=(x); \
545 if (slib_do_trace) \
546 sl_trace_out(s, FIL__, __LINE__); \
547 if (1) return(x); \
548} while(0)
549
550#endif /* SL_IRETURN macro */
551
552
553
554/* slib.h */
555#endif
556
557
558
559
Note: See TracBrowser for help on using the repository browser.