source: trunk/include/slib.h@ 191

Last change on this file since 191 was 190, checked in by katerina, 16 years ago

Constness patch by Joe MacDonald

File size: 14.6 KB
RevLine 
[1]1/* --------------------------------------------------------------
2 *
3 * The developement of this library has been stimulated by reading
4 * a paper on 'Robust Programming' by Matt Bishop, although
5 * not all of his ideas might be implemented in the same
6 * strictness as discussed in the paper.
7 *
8 * --------------------------------------------------------------
9 */
10
11#ifndef SL_SLIB_H
12#define SL_SLIB_H
13
14#include <errno.h>
15#include <stdio.h>
16#include <stdlib.h>
17#include <stdarg.h>
18#include <sys/types.h>
19
20#include "config_xor.h"
21
22#ifdef HAVE_UNISTD_H
23#include <unistd.h>
24#endif
25
[167]26#include "sh_string.h"
27
[1]28/****************
29
30 -- Defined in config.h. --
31
32 #ifndef _(string)
33 #define _(string) string
34 #endif
35
36 #ifndef N_(string)
37 #define N_(string) string
38 #endif
39
40*****************/
41
42/* --------------------------------------------------------------
43 *
44 * Typedefs, global variables, macros.
45 *
46 * --------------------------------------------------------------
47 */
48
49extern long int sl_errno; /* Global error variable. */
50
51
52/* The ticketing system; used to hide internals from the
53 * programmer.
54 */
55typedef long int SL_TICKET; /* Unique ID for opened files. */
56
57
58/*
59 * TRUE, FALSE
60 */
61#define SL_TRUE 1
62#define SL_FALSE 0
63
[138]64#define SH_GRBUF_SIZE 4096
65#define SH_PWBUF_SIZE 4096
[1]66
67
[149]68#if defined(__GNUC__) && (__GNUC__ >= 3)
69#undef SL_GNUC_CONST
70#define SL_GNUC_CONST __attribute__((const))
71#else
[156]72#undef SL_GNUC_CONST
73#define SL_GNUC_CONST
[149]74#endif
75
[1]76/*
77 * The following macros are provided:
78 *
79 * SL_ISERROR(x) TRUE if return status of 'x' is an error code.
80 * SL_REQUIRE(x, xstr) Abort if 'x' is false.
81 * SL_ENTER(s) Trace entry in function 's'.
82 * SL_RETURN(x, s) Trace return from function 's'.
83 */
84
85
86/*
87 * The error codes.
88 */
89#define SL_ENONE 0
90
91#define SL_ENULL -1024 /* Invalid use of NULL pointer. */
92#define SL_ERANGE -1025 /* Argument out of range. */
93#define SL_ETRUNC -1026 /* Result truncated. */
94#define SL_EREPEAT -1027 /* Illegal repeated use of function. */
95
96#define SL_EINTERNAL -1028 /* Internal error. */
97#define SL_ETICKET -1029 /* Bad ticket. */
98#define SL_EBADFILE -1030 /* File access error. Check errno. */
99#define SL_EBOGUS -1031 /* Bogus file. */
100#define SL_EMEM -1032 /* Out of memory. */
101#define SL_EUNLINK -1033 /* Unlink error. Check errno. */
102#define SL_EREWIND -1034 /* Rewind error. Check errno. */
103#define SL_EFORWARD -1035 /* Forward error. Check errno. */
104#define SL_EREAD -1036 /* Read error. Check errno. */
105#define SL_EWRITE -1037 /* Write error. Check errno. */
106#define SL_ESYNC -1038 /* Write error. Check errno. */
107
108#define SL_EBADNAME -1040 /* Invalid name. */
109#define SL_ESTAT -1041 /* stat of file failed. Check errno. */
110
111#define SL_EBADUID -1050 /* Owner not trustworthy. */
112#define SL_EBADGID -1051 /* Group writeable and not trustworthy.*/
113#define SL_EBADOTH -1052 /* World writeable. */
114
115#define SL_TOOMANY -1053 /* Too many open files */
116#define SL_TIMEOUT -1054 /* Timeout in read */
117/*
118 * All int functions return SL_NONE on success.
119 */
120
121#ifdef __cplusplus
122extern "C" {
123#endif
124
[170]125 int dlog (int flag, const char * file, int line, const char *fmt, ...);
[1]126
[170]127 char * sl_get_errmsg(void);
[1]128
129 /* ----------------------------------------------------------------
130 *
131 * Heap consistency routines
132 *
133 * ---------------------------------------------------------------- */
134
[170]135 int sl_test_heap(void);
[1]136
137 /* ----------------------------------------------------------------
138 *
139 * Capability routines
140 *
141 * ---------------------------------------------------------------- */
142
143 extern int sl_useCaps;
144
[170]145 int sl_drop_cap (void);
146 int sl_drop_cap_sub(void);
147 int sl_get_cap_sub(void);
148 int sl_drop_cap_qdel(void);
149 int sl_get_cap_qdel(void);
[1]150
151 /* ----------------------------------------------------------------
152 *
153 * String handling routines
154 *
155 * ---------------------------------------------------------------- */
156
157 /*
158 * A memset that does not get optimized away
159 */
160 void *sl_memset(void *s, int c, size_t n);
[11]161#if !defined(SH_REAL_SET)
[1]162#undef memset
163#define memset sl_memset
[11]164#endif
[1]165
166 /*
167 * Copy src to dst. siz is the length of dst.
168 */
169 int sl_strlcpy(char * dst, /*@null@*/const char * src, size_t siz);
170
171 /*
172 * Append src to dst. siz is the length of dst.
173 */
174 int sl_strlcat(char * dst, /*@null@*/const char *src, size_t siz);
175
176 /*
177 * An implementation of vsnprintf. va_start/va_end are in the caller
178 * function.
179 */
180 int sl_vsnprintf(char *str, size_t n,
181 const char *format, va_list vl );
182
183 /*
184 * An implementation of snprintf.
185 */
186 int sl_snprintf(char *str, size_t n,
187 const char *format, ... );
188
189 /*
190 * A robust drop-in replacement of strncpy. strlcpy is preferable.
191 */
192 char * sl_strncpy(/*@out@*/char *dst, const char *src, size_t size);
193
194 /*
195 * Robust strncat.
196 */
197 char * sl_strncat(char *dst, const char *src, size_t n);
198
199 /*
200 * strstr
201 */
[190]202 const char * sl_strstr (const char * haystack, const char * needle);
[1]203
204 /*
205 * robust strncmp replacement
206 */
207 int sl_strncmp(const char * a, const char * b, size_t n);
208
209 /*
210 * robust strcmp replacement
211 */
212 int sl_strcmp(const char * a, const char * b);
213
214 /*
[169]215 * robust strcasecmp replacement
216 */
217 int sl_strcasecmp(const char * one, const char * two);
218
219 /*
[1]220 * robust strlen replacement
221 */
222#define sl_strlen(arg) ((arg == NULL) ? 0 : (strlen(arg)))
223
224 /* ----------------------------------------------------------------
225 *
226 * Privilege handling routines
227 *
228 * ---------------------------------------------------------------- */
229
230 /*
231 * ONE OF THE FOLLOWING THREE FUNCTIONS
232 * SHOULD BE CALLED BEFORE ANY OTHER OF THE
233 * UID HANDLING FUNCTIONS.
234 */
[170]235 int sl_policy_get_user(const char *username); /* drop SUID to <username> */
[1]236 int sl_policy_get_real(char *username); /* drop privs to <username> */
237 int sl_policy_get_root(void); /* drop SUID to root */
238
239 /*
240 * If not using one of the above, use this function,
241 * and then call sh_unset_suid().
242 * This function saves the uid's.
243 * It calls abort() on error.
244 */
245 int sl_save_uids(void);
246
247 /*
248 * This function returns the saved euid.
249 * It calls abort() if the uid's are not saved already.
250 */
251 int sl_get_euid(/*@out@*/uid_t * ret);
[170]252 uid_t sl_ret_euid(void);
[1]253
254 /*
255 * This function returns the saved egid.
256 * It calls abort() if the uid's are not saved already.
257 */
258 int sl_get_egid(/*@out@*/gid_t * ret);
259
260 /*
261 * This function returns the saved current ruid.
262 * It calls abort() if the uid's are not saved already.
263 */
264 int sl_get_ruid(/*@out@*/uid_t * ret);
265
266 /*
267 * This function returns the saved current rgid.
268 * It calls abort() if the uid's are not saved already.
269 */
270 int sl_get_rgid(gid_t * ret);
271
272 /*
273 * This function returns the saved original ruid.
274 * It calls abort() if the uid's are not saved already.
275 */
276 int sl_get_ruid_orig(uid_t * ret);
277
278 /*
279 * This function returns the saved original rgid.
280 * It calls abort() if the uid's are not saved already.
281 */
282 int sl_get_rgid_orig(gid_t * ret);
283
284 /*
285 * This function returns true if the program is SUID.
286 * It calls abort() if the uid's are not saved already.
287 */
288 int sl_is_suid(void);
289
290 /*
291 * This function sets the effective uid
292 * to the saved effective uid.
293 */
294 int sl_set_suid (void);
295
296 /*
297 * This function sets the effective uid to the real uid.
298 */
299 int sl_unset_suid (void);
300
301 /*
302 * This function drops SUID privileges irrevocably.
303 */
304 int sl_drop_privileges(void);
305
306 /* ----------------------------------------------------------------
307 *
308 * File handling routines
309 *
310 * ---------------------------------------------------------------- */
311
[76]312 SL_TICKET sl_make_ticket (int fd, const char * path);
[1]313
314 /* Open for writing.
315 */
[20]316 SL_TICKET sl_open_write (const char * fname, int priviledge_mode);
[1]317
318 /* Open for reading.
319 */
[20]320 SL_TICKET sl_open_read (const char * fname, int priviledge_mode);
[1]321
322 /* Open for reading w/minimum checking.
323 */
[20]324 SL_TICKET sl_open_fastread (const char * fname, int priviledge_mode);
[1]325
326 /* Open for read and write.
327 */
[20]328 SL_TICKET sl_open_rdwr (const char * fname, int priviledge_mode);
[1]329
330 /* Open for read and write, fail if file exists.
331 */
[20]332 SL_TICKET sl_open_safe_rdwr (const char * fname, int priv);
[1]333
334 /* Open for write, truncate.
335 */
[20]336 SL_TICKET sl_open_write_trunc (const char * fname, int priviledge_mode);
[1]337
338 /* Open for read and write, truncate.
339 */
[20]340 SL_TICKET sl_open_rdwr_trunc (const char * fname, int priviledge_mode);
[1]341
[167]342 /* Initialize the content sh_string.
343 */
344 int sl_init_content (SL_TICKET ticket, size_t size);
345
346 /* Get the (pointer to) the content sh_string.
347 */
348 sh_string * sl_get_content (SL_TICKET ticket);
349
[1]350 /* Close file.
351 */
352 int sl_close (SL_TICKET ticket);
353
354 /* Unlink file.
355 */
356 int sl_unlink (SL_TICKET ticket);
357
358 /* Rewind file.
359 */
360 int sl_rewind (SL_TICKET ticket);
361
362 /* Seek file.
363 */
364 int sl_seek (SL_TICKET ticket, off_t off_data);
365
366 /* Forward file.
367 */
368 int sl_forward (SL_TICKET ticket);
369
370 /* Sync file.
371 */
372 int sl_sync (SL_TICKET ticket);
373
374 /* Read file.
375 */
376 int sl_read (SL_TICKET ticket, void * buf, size_t count);
377
[8]378 int sl_read_timeout_prep (SL_TICKET ticket);
379
[131]380 int sl_read_timeout_fd (int fd, void * buf,
381 size_t count, int timeout, int is_nonblocking);
382
[1]383 int sl_read_timeout (SL_TICKET ticket, void * buf,
[131]384 size_t count, int timeout, int is_nonblocking);
[1]385
386 int sl_read_fast (SL_TICKET ticket, void * buf_in, size_t count);
387
388 /* Write file.
389 */
[170]390 int sl_write (SL_TICKET ticket, const void * msg, long nbytes);
[1]391
392 /* Write file, terminate with newline.
393 */
[170]394 int sl_write_line (SL_TICKET ticket, const void * msg, long nbytes);
[1]395
[76]396 /* As above, but only for non-constant strings.
397 */
398 int sl_write_line_fast (SL_TICKET ticket, void * msg, long nbytes);
399
[1]400 /* Drop all metadata for file descriptors >= fd.
401 */
402 int sl_dropall(int fd, int except);
[174]403 int sl_dropall_dirty(int fd, int except); /* don't deallocate */
[1]404
405 /* Check whether file is trustworthy.
406 */
[183]407 int sl_trustfile(const char * path, uid_t * ok, uid_t * bad);
[1]408
409 /* Check whether file is trustworthy.
410 */
[183]411 int sl_trustfile_euid(const char * filename, uid_t euid);
[1]412
413 /* purge list of trusted users
414 */
[170]415 int sl_trust_purge_user (void);
[1]416
417 /* Add a trusted user.
418 */
419 int sl_trust_add_user (uid_t pwid);
420
421 /* Get error string.
422 */
423 char * sl_error_string(int errorcode);
424
425 /* Get error file.
426 */
427 char * sl_trust_errfile(void);
428
[20]429 /* Overflow tests
430 */
[149]431 int sl_ok_muli (int a, int b) SL_GNUC_CONST;
432 int sl_ok_divi (int a, int b) SL_GNUC_CONST;
433 int sl_ok_addi (int a, int b) SL_GNUC_CONST;
434 int sl_ok_subi (int a, int b) SL_GNUC_CONST;
[1]435
[149]436 int sl_ok_muls (size_t a, size_t b) SL_GNUC_CONST;
437 int sl_ok_adds (size_t a, size_t b) SL_GNUC_CONST;
[34]438
439
[1]440#ifdef __cplusplus
441}
442#endif
443
444/* Privilege modes for file access.
445 */
446#define SL_YESPRIV 0x33
447#define SL_NOPRIV 0x34
448
[76]449/* Suitable for Linux
450 */
451#define MAXFILENAME 4096
[1]452
453
454/*
455 * This macro is TRUE if (x) < 0.
456 */
457#define SL_ISERROR(x) ((long)(x) < 0)
458
459#if defined(WITH_TPT)
460#define TPT(arg) dlog arg ;
461#else
462#define TPT(arg)
463#endif
464
465
466/*
467 * The 'require' macro.
468 */
469#define SL_REQUIRE(assertion, astext) \
470do { \
471 /*@i@*/ if (assertion) ; \
472 else { \
473 dlog(0, FIL__, __LINE__, SDG_AFAIL, \
474 FIL__, __LINE__, astext); \
475 _exit(EXIT_FAILURE); \
476 } \
477} while (0)
478
479
480/*
481 * The enter macro. Prints the trace if TRACE is on.
482 */
483extern int slib_do_trace;
484extern int slib_trace_fd;
485
486#if defined(SL_DEBUG)
487#define SL_ENTER(s) sl_stack_push(s, FIL__, __LINE__);
488#else
489#define SL_ENTER(s) if (slib_do_trace != 0) sl_trace_in(s, FIL__, __LINE__);
490#endif
491
492/*
493 * The return macro.
494 */
495#if defined(SL_DEBUG)
496#ifndef S_SPLINT_S
497#define SL_RETURN(x, s) \
498do { \
499 sl_stack_pop(s, FIL__, __LINE__); \
500 return(x); \
501} while(0)
502#else
503/*@notfunction@*/
504#define SL_RETURN(x, s) return(x);
505#endif /* S_SPLINT_S */
506#else
507#ifndef S_SPLINT_S
508#define SL_RETURN(x, s) \
509do { \
510 if (slib_do_trace != 0) \
511 sl_trace_out(s, FIL__, __LINE__); \
512 return(x); \
513} while(0)
514#else
515/*@notfunction@*/
516#define SL_RETURN(x, s) return(x);
517#endif /* S_SPLINT_S */
518#endif /* SL_RETURN macro */
519
520#if defined(SL_DEBUG)
521#define SL_RET0(s) \
522do { \
523 sl_stack_pop(s, FIL__, __LINE__); \
524 return; \
525} while(0)
526#else
527#ifndef S_SPLINT_S
528#define SL_RET0(s) \
529do { \
530 if (slib_do_trace != 0) \
531 sl_trace_out(s, FIL__, __LINE__); \
532 return; \
533} while(0)
534#else
535/*@notfunction@*/
536#define SL_RET0(s) return;
537#endif /* S_SPLINT_S */
538#endif /* SL_RETURN macro */
539
540#if defined(SL_DEBUG)
541void sl_stack_push(char * c, char * file, int line);
542void sl_stack_pop(char * c, char * file, int line);
[170]543void sl_stack_print(void);
[1]544#endif
[170]545void sl_trace_in (const char * str, const char * file, int line);
546void sl_trace_out (const char * str, const char * file, int line);
[20]547int sl_trace_file (const char * str);
548int sl_trace_use (const char * str);
[1]549
550
551
552
553/*
554 * The internal return macro. Sets sl_errno to the return value.
555 */
556
557#if defined(SL_DEBUG)
558#define SL_IRETURN(x, s) \
559do { \
560 if((long)(x) < 0) { \
561 TPT((0, FIL__, __LINE__, SDG_ERROR, (long)(x))) \
562 sl_errno=(x); \
563 } \
564 sl_stack_pop(s, FIL__, __LINE__); \
565 if (1) return(x); \
566} while(0)
567#else
568#define SL_IRETURN(x, s) \
569do { \
570 if ((long)(x) < 0) sl_errno=(x); \
571 if (slib_do_trace) \
572 sl_trace_out(s, FIL__, __LINE__); \
573 if (1) return(x); \
574} while(0)
575
576#endif /* SL_IRETURN macro */
577
578
579
580/* slib.h */
581#endif
582
583
584
585
Note: See TracBrowser for help on using the repository browser.