source: trunk/include/slib.h@ 204

Last change on this file since 204 was 196, checked in by katerina, 16 years ago

New option SetDropCache ([false]/true) to drop checksummed files from file cache.

File size: 14.8 KB
RevLine 
[1]1/* --------------------------------------------------------------
2 *
3 * The developement of this library has been stimulated by reading
4 * a paper on 'Robust Programming' by Matt Bishop, although
5 * not all of his ideas might be implemented in the same
6 * strictness as discussed in the paper.
7 *
8 * --------------------------------------------------------------
9 */
10
11#ifndef SL_SLIB_H
12#define SL_SLIB_H
13
14#include <errno.h>
15#include <stdio.h>
16#include <stdlib.h>
17#include <stdarg.h>
18#include <sys/types.h>
19
20#include "config_xor.h"
21
22#ifdef HAVE_UNISTD_H
23#include <unistd.h>
24#endif
25
[167]26#include "sh_string.h"
27
[1]28/****************
29
30 -- Defined in config.h. --
31
32 #ifndef _(string)
33 #define _(string) string
34 #endif
35
36 #ifndef N_(string)
37 #define N_(string) string
38 #endif
39
40*****************/
41
42/* --------------------------------------------------------------
43 *
44 * Typedefs, global variables, macros.
45 *
46 * --------------------------------------------------------------
47 */
48
49extern long int sl_errno; /* Global error variable. */
50
51
52/* The ticketing system; used to hide internals from the
53 * programmer.
54 */
55typedef long int SL_TICKET; /* Unique ID for opened files. */
56
57
58/*
59 * TRUE, FALSE
60 */
61#define SL_TRUE 1
62#define SL_FALSE 0
63
[138]64#define SH_GRBUF_SIZE 4096
65#define SH_PWBUF_SIZE 4096
[1]66
67
[149]68#if defined(__GNUC__) && (__GNUC__ >= 3)
69#undef SL_GNUC_CONST
70#define SL_GNUC_CONST __attribute__((const))
71#else
[156]72#undef SL_GNUC_CONST
73#define SL_GNUC_CONST
[149]74#endif
75
[1]76/*
77 * The following macros are provided:
78 *
79 * SL_ISERROR(x) TRUE if return status of 'x' is an error code.
80 * SL_REQUIRE(x, xstr) Abort if 'x' is false.
81 * SL_ENTER(s) Trace entry in function 's'.
82 * SL_RETURN(x, s) Trace return from function 's'.
83 */
84
85
86/*
87 * The error codes.
88 */
89#define SL_ENONE 0
90
91#define SL_ENULL -1024 /* Invalid use of NULL pointer. */
92#define SL_ERANGE -1025 /* Argument out of range. */
93#define SL_ETRUNC -1026 /* Result truncated. */
94#define SL_EREPEAT -1027 /* Illegal repeated use of function. */
95
96#define SL_EINTERNAL -1028 /* Internal error. */
97#define SL_ETICKET -1029 /* Bad ticket. */
98#define SL_EBADFILE -1030 /* File access error. Check errno. */
99#define SL_EBOGUS -1031 /* Bogus file. */
100#define SL_EMEM -1032 /* Out of memory. */
101#define SL_EUNLINK -1033 /* Unlink error. Check errno. */
102#define SL_EREWIND -1034 /* Rewind error. Check errno. */
103#define SL_EFORWARD -1035 /* Forward error. Check errno. */
104#define SL_EREAD -1036 /* Read error. Check errno. */
105#define SL_EWRITE -1037 /* Write error. Check errno. */
106#define SL_ESYNC -1038 /* Write error. Check errno. */
107
108#define SL_EBADNAME -1040 /* Invalid name. */
109#define SL_ESTAT -1041 /* stat of file failed. Check errno. */
[192]110#define SL_EFSTAT -1042 /* fstat of file failed. Check errno. */
[1]111
112#define SL_EBADUID -1050 /* Owner not trustworthy. */
113#define SL_EBADGID -1051 /* Group writeable and not trustworthy.*/
114#define SL_EBADOTH -1052 /* World writeable. */
115
116#define SL_TOOMANY -1053 /* Too many open files */
117#define SL_TIMEOUT -1054 /* Timeout in read */
[192]118
119#define SL_EISDIR -1055 /* Is a directory */
[1]120/*
121 * All int functions return SL_NONE on success.
122 */
123
124#ifdef __cplusplus
125extern "C" {
126#endif
127
[170]128 int dlog (int flag, const char * file, int line, const char *fmt, ...);
[1]129
[170]130 char * sl_get_errmsg(void);
[1]131
132 /* ----------------------------------------------------------------
133 *
134 * Heap consistency routines
135 *
136 * ---------------------------------------------------------------- */
137
[170]138 int sl_test_heap(void);
[1]139
140 /* ----------------------------------------------------------------
141 *
142 * Capability routines
143 *
144 * ---------------------------------------------------------------- */
145
146 extern int sl_useCaps;
147
[170]148 int sl_drop_cap (void);
149 int sl_drop_cap_sub(void);
150 int sl_get_cap_sub(void);
151 int sl_drop_cap_qdel(void);
152 int sl_get_cap_qdel(void);
[1]153
154 /* ----------------------------------------------------------------
155 *
156 * String handling routines
157 *
158 * ---------------------------------------------------------------- */
159
160 /*
161 * A memset that does not get optimized away
162 */
163 void *sl_memset(void *s, int c, size_t n);
[11]164#if !defined(SH_REAL_SET)
[1]165#undef memset
166#define memset sl_memset
[11]167#endif
[1]168
169 /*
170 * Copy src to dst. siz is the length of dst.
171 */
172 int sl_strlcpy(char * dst, /*@null@*/const char * src, size_t siz);
173
174 /*
175 * Append src to dst. siz is the length of dst.
176 */
177 int sl_strlcat(char * dst, /*@null@*/const char *src, size_t siz);
178
179 /*
180 * An implementation of vsnprintf. va_start/va_end are in the caller
181 * function.
182 */
183 int sl_vsnprintf(char *str, size_t n,
184 const char *format, va_list vl );
185
186 /*
187 * An implementation of snprintf.
188 */
189 int sl_snprintf(char *str, size_t n,
190 const char *format, ... );
191
192 /*
193 * A robust drop-in replacement of strncpy. strlcpy is preferable.
194 */
195 char * sl_strncpy(/*@out@*/char *dst, const char *src, size_t size);
196
197 /*
198 * Robust strncat.
199 */
200 char * sl_strncat(char *dst, const char *src, size_t n);
201
202 /*
203 * strstr
204 */
[190]205 const char * sl_strstr (const char * haystack, const char * needle);
[1]206
207 /*
208 * robust strncmp replacement
209 */
210 int sl_strncmp(const char * a, const char * b, size_t n);
211
212 /*
213 * robust strcmp replacement
214 */
215 int sl_strcmp(const char * a, const char * b);
216
217 /*
[169]218 * robust strcasecmp replacement
219 */
220 int sl_strcasecmp(const char * one, const char * two);
221
222 /*
[1]223 * robust strlen replacement
224 */
225#define sl_strlen(arg) ((arg == NULL) ? 0 : (strlen(arg)))
226
227 /* ----------------------------------------------------------------
228 *
229 * Privilege handling routines
230 *
231 * ---------------------------------------------------------------- */
232
233 /*
234 * ONE OF THE FOLLOWING THREE FUNCTIONS
235 * SHOULD BE CALLED BEFORE ANY OTHER OF THE
236 * UID HANDLING FUNCTIONS.
237 */
[170]238 int sl_policy_get_user(const char *username); /* drop SUID to <username> */
[1]239 int sl_policy_get_real(char *username); /* drop privs to <username> */
240 int sl_policy_get_root(void); /* drop SUID to root */
241
242 /*
243 * If not using one of the above, use this function,
244 * and then call sh_unset_suid().
245 * This function saves the uid's.
246 * It calls abort() on error.
247 */
248 int sl_save_uids(void);
249
250 /*
251 * This function returns the saved euid.
252 * It calls abort() if the uid's are not saved already.
253 */
254 int sl_get_euid(/*@out@*/uid_t * ret);
[170]255 uid_t sl_ret_euid(void);
[1]256
257 /*
258 * This function returns the saved egid.
259 * It calls abort() if the uid's are not saved already.
260 */
261 int sl_get_egid(/*@out@*/gid_t * ret);
262
263 /*
264 * This function returns the saved current ruid.
265 * It calls abort() if the uid's are not saved already.
266 */
267 int sl_get_ruid(/*@out@*/uid_t * ret);
268
269 /*
270 * This function returns the saved current rgid.
271 * It calls abort() if the uid's are not saved already.
272 */
273 int sl_get_rgid(gid_t * ret);
274
275 /*
276 * This function returns the saved original ruid.
277 * It calls abort() if the uid's are not saved already.
278 */
279 int sl_get_ruid_orig(uid_t * ret);
280
281 /*
282 * This function returns the saved original rgid.
283 * It calls abort() if the uid's are not saved already.
284 */
285 int sl_get_rgid_orig(gid_t * ret);
286
287 /*
288 * This function returns true if the program is SUID.
289 * It calls abort() if the uid's are not saved already.
290 */
291 int sl_is_suid(void);
292
293 /*
294 * This function sets the effective uid
295 * to the saved effective uid.
296 */
297 int sl_set_suid (void);
298
299 /*
300 * This function sets the effective uid to the real uid.
301 */
302 int sl_unset_suid (void);
303
304 /*
305 * This function drops SUID privileges irrevocably.
306 */
307 int sl_drop_privileges(void);
308
309 /* ----------------------------------------------------------------
310 *
311 * File handling routines
312 *
313 * ---------------------------------------------------------------- */
314
[76]315 SL_TICKET sl_make_ticket (int fd, const char * path);
[1]316
317 /* Open for writing.
318 */
[20]319 SL_TICKET sl_open_write (const char * fname, int priviledge_mode);
[1]320
321 /* Open for reading.
322 */
[20]323 SL_TICKET sl_open_read (const char * fname, int priviledge_mode);
[1]324
[196]325 /* Drop from cach when closing
326 */
327 int sl_set_drop_cache(const char * str);
328
[1]329 /* Open for reading w/minimum checking.
330 */
[20]331 SL_TICKET sl_open_fastread (const char * fname, int priviledge_mode);
[1]332
333 /* Open for read and write.
334 */
[20]335 SL_TICKET sl_open_rdwr (const char * fname, int priviledge_mode);
[1]336
337 /* Open for read and write, fail if file exists.
338 */
[20]339 SL_TICKET sl_open_safe_rdwr (const char * fname, int priv);
[1]340
341 /* Open for write, truncate.
342 */
[20]343 SL_TICKET sl_open_write_trunc (const char * fname, int priviledge_mode);
[1]344
345 /* Open for read and write, truncate.
346 */
[20]347 SL_TICKET sl_open_rdwr_trunc (const char * fname, int priviledge_mode);
[1]348
[167]349 /* Initialize the content sh_string.
350 */
351 int sl_init_content (SL_TICKET ticket, size_t size);
352
353 /* Get the (pointer to) the content sh_string.
354 */
355 sh_string * sl_get_content (SL_TICKET ticket);
356
[1]357 /* Close file.
358 */
359 int sl_close (SL_TICKET ticket);
360
361 /* Unlink file.
362 */
363 int sl_unlink (SL_TICKET ticket);
364
365 /* Rewind file.
366 */
367 int sl_rewind (SL_TICKET ticket);
368
369 /* Seek file.
370 */
371 int sl_seek (SL_TICKET ticket, off_t off_data);
372
373 /* Forward file.
374 */
375 int sl_forward (SL_TICKET ticket);
376
377 /* Sync file.
378 */
379 int sl_sync (SL_TICKET ticket);
380
381 /* Read file.
382 */
383 int sl_read (SL_TICKET ticket, void * buf, size_t count);
384
[8]385 int sl_read_timeout_prep (SL_TICKET ticket);
386
[131]387 int sl_read_timeout_fd (int fd, void * buf,
388 size_t count, int timeout, int is_nonblocking);
389
[1]390 int sl_read_timeout (SL_TICKET ticket, void * buf,
[131]391 size_t count, int timeout, int is_nonblocking);
[1]392
393 int sl_read_fast (SL_TICKET ticket, void * buf_in, size_t count);
394
395 /* Write file.
396 */
[170]397 int sl_write (SL_TICKET ticket, const void * msg, long nbytes);
[1]398
399 /* Write file, terminate with newline.
400 */
[170]401 int sl_write_line (SL_TICKET ticket, const void * msg, long nbytes);
[1]402
[76]403 /* As above, but only for non-constant strings.
404 */
405 int sl_write_line_fast (SL_TICKET ticket, void * msg, long nbytes);
406
[1]407 /* Drop all metadata for file descriptors >= fd.
408 */
409 int sl_dropall(int fd, int except);
[174]410 int sl_dropall_dirty(int fd, int except); /* don't deallocate */
[1]411
412 /* Check whether file is trustworthy.
413 */
[183]414 int sl_trustfile(const char * path, uid_t * ok, uid_t * bad);
[1]415
416 /* Check whether file is trustworthy.
417 */
[183]418 int sl_trustfile_euid(const char * filename, uid_t euid);
[1]419
420 /* purge list of trusted users
421 */
[170]422 int sl_trust_purge_user (void);
[1]423
424 /* Add a trusted user.
425 */
426 int sl_trust_add_user (uid_t pwid);
427
428 /* Get error string.
429 */
430 char * sl_error_string(int errorcode);
431
432 /* Get error file.
433 */
434 char * sl_trust_errfile(void);
435
[20]436 /* Overflow tests
437 */
[149]438 int sl_ok_muli (int a, int b) SL_GNUC_CONST;
439 int sl_ok_divi (int a, int b) SL_GNUC_CONST;
440 int sl_ok_addi (int a, int b) SL_GNUC_CONST;
441 int sl_ok_subi (int a, int b) SL_GNUC_CONST;
[1]442
[149]443 int sl_ok_muls (size_t a, size_t b) SL_GNUC_CONST;
444 int sl_ok_adds (size_t a, size_t b) SL_GNUC_CONST;
[34]445
446
[1]447#ifdef __cplusplus
448}
449#endif
450
451/* Privilege modes for file access.
452 */
453#define SL_YESPRIV 0x33
454#define SL_NOPRIV 0x34
455
[76]456/* Suitable for Linux
457 */
458#define MAXFILENAME 4096
[1]459
460
461/*
462 * This macro is TRUE if (x) < 0.
463 */
464#define SL_ISERROR(x) ((long)(x) < 0)
465
466#if defined(WITH_TPT)
467#define TPT(arg) dlog arg ;
468#else
469#define TPT(arg)
470#endif
471
472
473/*
474 * The 'require' macro.
475 */
476#define SL_REQUIRE(assertion, astext) \
477do { \
478 /*@i@*/ if (assertion) ; \
479 else { \
480 dlog(0, FIL__, __LINE__, SDG_AFAIL, \
481 FIL__, __LINE__, astext); \
482 _exit(EXIT_FAILURE); \
483 } \
484} while (0)
485
486
487/*
488 * The enter macro. Prints the trace if TRACE is on.
489 */
490extern int slib_do_trace;
491extern int slib_trace_fd;
492
493#if defined(SL_DEBUG)
494#define SL_ENTER(s) sl_stack_push(s, FIL__, __LINE__);
495#else
496#define SL_ENTER(s) if (slib_do_trace != 0) sl_trace_in(s, FIL__, __LINE__);
497#endif
498
499/*
500 * The return macro.
501 */
502#if defined(SL_DEBUG)
503#ifndef S_SPLINT_S
504#define SL_RETURN(x, s) \
505do { \
506 sl_stack_pop(s, FIL__, __LINE__); \
507 return(x); \
508} while(0)
509#else
510/*@notfunction@*/
511#define SL_RETURN(x, s) return(x);
512#endif /* S_SPLINT_S */
513#else
514#ifndef S_SPLINT_S
515#define SL_RETURN(x, s) \
516do { \
517 if (slib_do_trace != 0) \
518 sl_trace_out(s, FIL__, __LINE__); \
519 return(x); \
520} while(0)
521#else
522/*@notfunction@*/
523#define SL_RETURN(x, s) return(x);
524#endif /* S_SPLINT_S */
525#endif /* SL_RETURN macro */
526
527#if defined(SL_DEBUG)
528#define SL_RET0(s) \
529do { \
530 sl_stack_pop(s, FIL__, __LINE__); \
531 return; \
532} while(0)
533#else
534#ifndef S_SPLINT_S
535#define SL_RET0(s) \
536do { \
537 if (slib_do_trace != 0) \
538 sl_trace_out(s, FIL__, __LINE__); \
539 return; \
540} while(0)
541#else
542/*@notfunction@*/
543#define SL_RET0(s) return;
544#endif /* S_SPLINT_S */
545#endif /* SL_RETURN macro */
546
547#if defined(SL_DEBUG)
548void sl_stack_push(char * c, char * file, int line);
549void sl_stack_pop(char * c, char * file, int line);
[170]550void sl_stack_print(void);
[1]551#endif
[170]552void sl_trace_in (const char * str, const char * file, int line);
553void sl_trace_out (const char * str, const char * file, int line);
[20]554int sl_trace_file (const char * str);
555int sl_trace_use (const char * str);
[1]556
557
558
559
560/*
561 * The internal return macro. Sets sl_errno to the return value.
562 */
563
564#if defined(SL_DEBUG)
565#define SL_IRETURN(x, s) \
566do { \
567 if((long)(x) < 0) { \
568 TPT((0, FIL__, __LINE__, SDG_ERROR, (long)(x))) \
569 sl_errno=(x); \
570 } \
571 sl_stack_pop(s, FIL__, __LINE__); \
572 if (1) return(x); \
573} while(0)
574#else
575#define SL_IRETURN(x, s) \
576do { \
577 if ((long)(x) < 0) sl_errno=(x); \
578 if (slib_do_trace) \
579 sl_trace_out(s, FIL__, __LINE__); \
580 if (1) return(x); \
581} while(0)
582
583#endif /* SL_IRETURN macro */
584
585
586
587/* slib.h */
588#endif
589
590
591
592
Note: See TracBrowser for help on using the repository browser.