source: trunk/include/slib.h@ 543

Last change on this file since 543 was 525, checked in by katerina, 8 years ago

Log error if the close() on the baseline database fails (ticket #420).

File size: 16.7 KB
RevLine 
[1]1/* --------------------------------------------------------------
2 *
3 * The developement of this library has been stimulated by reading
4 * a paper on 'Robust Programming' by Matt Bishop, although
5 * not all of his ideas might be implemented in the same
6 * strictness as discussed in the paper.
7 *
8 * --------------------------------------------------------------
9 */
10
11#ifndef SL_SLIB_H
12#define SL_SLIB_H
13
14#include <errno.h>
15#include <stdio.h>
16#include <stdlib.h>
17#include <stdarg.h>
18#include <sys/types.h>
19
20#include "config_xor.h"
21
22#ifdef HAVE_UNISTD_H
23#include <unistd.h>
24#endif
25
[167]26#include "sh_string.h"
27
[1]28/****************
29
30 -- Defined in config.h. --
31
32 #ifndef _(string)
33 #define _(string) string
34 #endif
35
36 #ifndef N_(string)
37 #define N_(string) string
38 #endif
39
40*****************/
41
[412]42
[1]43/* --------------------------------------------------------------
44 *
45 * Typedefs, global variables, macros.
46 *
47 * --------------------------------------------------------------
48 */
49
50extern long int sl_errno; /* Global error variable. */
51
52
53/* The ticketing system; used to hide internals from the
54 * programmer.
55 */
56typedef long int SL_TICKET; /* Unique ID for opened files. */
57
58
59/*
60 * TRUE, FALSE
61 */
[481]62#if !defined(S_TRUE)
63#define S_TRUE 1
64#define S_FALSE 0
65#endif
[1]66
[428]67#define SH_GRBUF_SIZE 4096
68#define SH_PWBUF_SIZE 32768
[1]69
70
[149]71#if defined(__GNUC__) && (__GNUC__ >= 3)
72#undef SL_GNUC_CONST
73#define SL_GNUC_CONST __attribute__((const))
74#else
[156]75#undef SL_GNUC_CONST
76#define SL_GNUC_CONST
[149]77#endif
78
[1]79/*
80 * The following macros are provided:
81 *
82 * SL_ISERROR(x) TRUE if return status of 'x' is an error code.
83 * SL_REQUIRE(x, xstr) Abort if 'x' is false.
84 * SL_ENTER(s) Trace entry in function 's'.
85 * SL_RETURN(x, s) Trace return from function 's'.
86 */
87
88
89/*
90 * The error codes.
91 */
92#define SL_ENONE 0
93
94#define SL_ENULL -1024 /* Invalid use of NULL pointer. */
95#define SL_ERANGE -1025 /* Argument out of range. */
96#define SL_ETRUNC -1026 /* Result truncated. */
97#define SL_EREPEAT -1027 /* Illegal repeated use of function. */
98
99#define SL_EINTERNAL -1028 /* Internal error. */
100#define SL_ETICKET -1029 /* Bad ticket. */
101#define SL_EBADFILE -1030 /* File access error. Check errno. */
102#define SL_EBOGUS -1031 /* Bogus file. */
103#define SL_EMEM -1032 /* Out of memory. */
104#define SL_EUNLINK -1033 /* Unlink error. Check errno. */
105#define SL_EREWIND -1034 /* Rewind error. Check errno. */
106#define SL_EFORWARD -1035 /* Forward error. Check errno. */
107#define SL_EREAD -1036 /* Read error. Check errno. */
108#define SL_EWRITE -1037 /* Write error. Check errno. */
109#define SL_ESYNC -1038 /* Write error. Check errno. */
[525]110#define SL_ECLOSE -1039 /* Close error. Check errno. */
[1]111
112#define SL_EBADNAME -1040 /* Invalid name. */
113#define SL_ESTAT -1041 /* stat of file failed. Check errno. */
[192]114#define SL_EFSTAT -1042 /* fstat of file failed. Check errno. */
[1]115
116#define SL_EBADUID -1050 /* Owner not trustworthy. */
117#define SL_EBADGID -1051 /* Group writeable and not trustworthy.*/
118#define SL_EBADOTH -1052 /* World writeable. */
119
120#define SL_TOOMANY -1053 /* Too many open files */
121#define SL_TIMEOUT -1054 /* Timeout in read */
[192]122
123#define SL_EISDIR -1055 /* Is a directory */
[243]124
125#define SL_EINTERNAL01 -1061 /* Internal error. */
126#define SL_EINTERNAL02 -1062 /* Internal error. */
127#define SL_EINTERNAL03 -1063 /* Internal error. */
128#define SL_EINTERNAL04 -1064 /* Internal error. */
129#define SL_EINTERNAL05 -1065 /* Internal error. */
130#define SL_EINTERNAL06 -1066 /* Internal error. */
131#define SL_EINTERNAL07 -1067 /* Internal error. */
132#define SL_EINTERNAL08 -1068 /* Internal error. */
133#define SL_EINTERNAL09 -1069 /* Internal error. */
134#define SL_EINTERNAL10 -1070 /* Internal error. */
135#define SL_EINTERNAL11 -1071 /* Internal error. */
136#define SL_EINTERNAL12 -1072 /* Internal error. */
137
[1]138/*
139 * All int functions return SL_NONE on success.
140 */
141
142#ifdef __cplusplus
143extern "C" {
144#endif
145
[170]146 int dlog (int flag, const char * file, int line, const char *fmt, ...);
[1]147
[170]148 char * sl_get_errmsg(void);
[1]149
150 /* ----------------------------------------------------------------
151 *
152 * Heap consistency routines
153 *
154 * ---------------------------------------------------------------- */
155
[170]156 int sl_test_heap(void);
[1]157
158 /* ----------------------------------------------------------------
159 *
160 * Capability routines
161 *
162 * ---------------------------------------------------------------- */
163
164 extern int sl_useCaps;
165
[170]166 int sl_drop_cap (void);
167 int sl_drop_cap_sub(void);
168 int sl_get_cap_sub(void);
169 int sl_drop_cap_qdel(void);
170 int sl_get_cap_qdel(void);
[1]171
172 /* ----------------------------------------------------------------
173 *
174 * String handling routines
175 *
176 * ---------------------------------------------------------------- */
177
178 /*
179 * A memset that does not get optimized away
180 */
181 void *sl_memset(void *s, int c, size_t n);
[11]182#if !defined(SH_REAL_SET)
[1]183#undef memset
184#define memset sl_memset
[11]185#endif
[1]186
187 /*
188 * Copy src to dst. siz is the length of dst.
189 */
190 int sl_strlcpy(char * dst, /*@null@*/const char * src, size_t siz);
191
192 /*
193 * Append src to dst. siz is the length of dst.
194 */
195 int sl_strlcat(char * dst, /*@null@*/const char *src, size_t siz);
196
197 /*
198 * An implementation of vsnprintf. va_start/va_end are in the caller
199 * function.
200 */
201 int sl_vsnprintf(char *str, size_t n,
202 const char *format, va_list vl );
203
204 /*
205 * An implementation of snprintf.
206 */
207 int sl_snprintf(char *str, size_t n,
208 const char *format, ... );
209
210 /*
211 * A robust drop-in replacement of strncpy. strlcpy is preferable.
212 */
213 char * sl_strncpy(/*@out@*/char *dst, const char *src, size_t size);
214
215 /*
216 * Robust strncat.
217 */
218 char * sl_strncat(char *dst, const char *src, size_t n);
219
220 /*
221 * strstr
222 */
[214]223 char * sl_strstr (const char * haystack, const char * needle);
[1]224
225 /*
[272]226 * robust strn[case]cmp replacement
[1]227 */
228 int sl_strncmp(const char * a, const char * b, size_t n);
229
[272]230 int sl_strncasecmp(const char * a, const char * b, size_t n);
231
[1]232 /*
233 * robust strcmp replacement
234 */
235 int sl_strcmp(const char * a, const char * b);
236
237 /*
[169]238 * robust strcasecmp replacement
239 */
240 int sl_strcasecmp(const char * one, const char * two);
241
242 /*
[1]243 * robust strlen replacement
244 */
245#define sl_strlen(arg) ((arg == NULL) ? 0 : (strlen(arg)))
246
247 /* ----------------------------------------------------------------
248 *
249 * Privilege handling routines
250 *
251 * ---------------------------------------------------------------- */
252
253 /*
254 * ONE OF THE FOLLOWING THREE FUNCTIONS
255 * SHOULD BE CALLED BEFORE ANY OTHER OF THE
256 * UID HANDLING FUNCTIONS.
257 */
[170]258 int sl_policy_get_user(const char *username); /* drop SUID to <username> */
[1]259 int sl_policy_get_real(char *username); /* drop privs to <username> */
260 int sl_policy_get_root(void); /* drop SUID to root */
261
262 /*
263 * If not using one of the above, use this function,
264 * and then call sh_unset_suid().
265 * This function saves the uid's.
266 * It calls abort() on error.
267 */
268 int sl_save_uids(void);
269
270 /*
271 * This function returns the saved euid.
272 * It calls abort() if the uid's are not saved already.
273 */
274 int sl_get_euid(/*@out@*/uid_t * ret);
[170]275 uid_t sl_ret_euid(void);
[1]276
277 /*
278 * This function returns the saved egid.
279 * It calls abort() if the uid's are not saved already.
280 */
281 int sl_get_egid(/*@out@*/gid_t * ret);
282
283 /*
284 * This function returns the saved current ruid.
285 * It calls abort() if the uid's are not saved already.
286 */
287 int sl_get_ruid(/*@out@*/uid_t * ret);
288
289 /*
290 * This function returns the saved current rgid.
291 * It calls abort() if the uid's are not saved already.
292 */
293 int sl_get_rgid(gid_t * ret);
294
295 /*
296 * This function returns the saved original ruid.
297 * It calls abort() if the uid's are not saved already.
298 */
299 int sl_get_ruid_orig(uid_t * ret);
300
301 /*
302 * This function returns the saved original rgid.
303 * It calls abort() if the uid's are not saved already.
304 */
305 int sl_get_rgid_orig(gid_t * ret);
306
307 /*
308 * This function returns true if the program is SUID.
309 * It calls abort() if the uid's are not saved already.
310 */
311 int sl_is_suid(void);
312
313 /*
314 * This function sets the effective uid
315 * to the saved effective uid.
316 */
317 int sl_set_suid (void);
318
319 /*
320 * This function sets the effective uid to the real uid.
321 */
322 int sl_unset_suid (void);
323
324 /*
325 * This function drops SUID privileges irrevocably.
326 */
327 int sl_drop_privileges(void);
328
329 /* ----------------------------------------------------------------
330 *
331 * File handling routines
332 *
333 * ---------------------------------------------------------------- */
334
[248]335#define SL_OFILE_SIZE 32
[1]336
[252]337 char * sl_check_badfd();
[248]338 char * sl_check_stale();
339
[252]340 /* Create a file record for an open file
341 */
[248]342 SL_TICKET sl_make_ticket (const char * ofile, int oline,
[252]343 int fd, const char * filename, FILE * stream);
[248]344
[252]345 /* Get the pointer to a stream. If none exists yet, open it
346 */
347 FILE * sl_stream (SL_TICKET ticket, char * mode);
348
[1]349 /* Open for writing.
350 */
[248]351 SL_TICKET sl_open_write (const char * ofile, int oline,
352 const char * fname, int priviledge_mode);
[1]353
354 /* Open for reading.
355 */
[248]356 SL_TICKET sl_open_read (const char * ofile, int oline,
357 const char * fname, int priviledge_mode);
[1]358
[196]359 /* Drop from cach when closing
360 */
361 int sl_set_drop_cache(const char * str);
362
[1]363 /* Open for reading w/minimum checking.
364 */
[248]365 SL_TICKET sl_open_fastread (const char * ofile, int oline,
366 const char * fname, int priviledge_mode);
[1]367
368 /* Open for read and write.
369 */
[248]370 SL_TICKET sl_open_rdwr (const char * ofile, int oline,
371 const char * fname, int priviledge_mode);
[1]372
373 /* Open for read and write, fail if file exists.
374 */
[248]375 SL_TICKET sl_open_safe_rdwr (const char * ofile, int oline,
376 const char * fname, int priv);
[1]377
378 /* Open for write, truncate.
379 */
[248]380 SL_TICKET sl_open_write_trunc (const char * ofile, int oline,
381 const char * fname, int priviledge_mode);
[1]382
383 /* Open for read and write, truncate.
384 */
[248]385 SL_TICKET sl_open_rdwr_trunc (const char * ofile, int oline,
386 const char * fname, int priviledge_mode);
[1]387
[167]388 /* Initialize the content sh_string.
389 */
390 int sl_init_content (SL_TICKET ticket, size_t size);
391
392 /* Get the (pointer to) the content sh_string.
393 */
394 sh_string * sl_get_content (SL_TICKET ticket);
395
[212]396 /* Lock file (uses fcntl F_SETLK).
397 */
398 int sl_lock (SL_TICKET ticket);
399
[1]400 /* Close file.
401 */
402 int sl_close (SL_TICKET ticket);
403
[252]404 /* Close file descriptor.
405 */
406 int sl_close_fd (const char * file, int line, int fd);
407
408 /* Close stream.
409 */
410 int sl_fclose (const char * file, int line, FILE * fp);
411
[1]412 /* Unlink file.
413 */
414 int sl_unlink (SL_TICKET ticket);
415
416 /* Rewind file.
417 */
418 int sl_rewind (SL_TICKET ticket);
419
420 /* Seek file.
421 */
422 int sl_seek (SL_TICKET ticket, off_t off_data);
423
424 /* Forward file.
425 */
426 int sl_forward (SL_TICKET ticket);
427
428 /* Sync file.
429 */
430 int sl_sync (SL_TICKET ticket);
431
432 /* Read file.
433 */
434 int sl_read (SL_TICKET ticket, void * buf, size_t count);
435
[8]436 int sl_read_timeout_prep (SL_TICKET ticket);
437
[131]438 int sl_read_timeout_fd (int fd, void * buf,
439 size_t count, int timeout, int is_nonblocking);
440
[1]441 int sl_read_timeout (SL_TICKET ticket, void * buf,
[131]442 size_t count, int timeout, int is_nonblocking);
[1]443
444 int sl_read_fast (SL_TICKET ticket, void * buf_in, size_t count);
445
446 /* Write file.
447 */
[170]448 int sl_write (SL_TICKET ticket, const void * msg, long nbytes);
[1]449
450 /* Write file, terminate with newline.
451 */
[170]452 int sl_write_line (SL_TICKET ticket, const void * msg, long nbytes);
[1]453
[76]454 /* As above, but only for non-constant strings.
455 */
456 int sl_write_line_fast (SL_TICKET ticket, void * msg, long nbytes);
457
[1]458 /* Drop all metadata for file descriptors >= fd.
459 */
460 int sl_dropall(int fd, int except);
[174]461 int sl_dropall_dirty(int fd, int except); /* don't deallocate */
[1]462
463 /* Check whether file is trustworthy.
464 */
[183]465 int sl_trustfile(const char * path, uid_t * ok, uid_t * bad);
[1]466
467 /* Check whether file is trustworthy.
468 */
[183]469 int sl_trustfile_euid(const char * filename, uid_t euid);
[1]470
471 /* purge list of trusted users
472 */
[170]473 int sl_trust_purge_user (void);
[1]474
475 /* Add a trusted user.
476 */
477 int sl_trust_add_user (uid_t pwid);
478
479 /* Get error string.
480 */
481 char * sl_error_string(int errorcode);
482
483 /* Get error file.
484 */
485 char * sl_trust_errfile(void);
486
[20]487 /* Overflow tests
488 */
[149]489 int sl_ok_muli (int a, int b) SL_GNUC_CONST;
490 int sl_ok_divi (int a, int b) SL_GNUC_CONST;
491 int sl_ok_addi (int a, int b) SL_GNUC_CONST;
492 int sl_ok_subi (int a, int b) SL_GNUC_CONST;
[1]493
[149]494 int sl_ok_muls (size_t a, size_t b) SL_GNUC_CONST;
495 int sl_ok_adds (size_t a, size_t b) SL_GNUC_CONST;
[34]496
497
[1]498#ifdef __cplusplus
499}
500#endif
501
502/* Privilege modes for file access.
503 */
504#define SL_YESPRIV 0x33
505#define SL_NOPRIV 0x34
506
[76]507/* Suitable for Linux
508 */
509#define MAXFILENAME 4096
[1]510
511
512/*
513 * This macro is TRUE if (x) < 0.
514 */
515#define SL_ISERROR(x) ((long)(x) < 0)
516
517#if defined(WITH_TPT)
518#define TPT(arg) dlog arg ;
519#else
520#define TPT(arg)
521#endif
522
523
524/*
525 * The 'require' macro.
526 */
527#define SL_REQUIRE(assertion, astext) \
528do { \
529 /*@i@*/ if (assertion) ; \
530 else { \
531 dlog(0, FIL__, __LINE__, SDG_AFAIL, \
532 FIL__, __LINE__, astext); \
533 _exit(EXIT_FAILURE); \
534 } \
535} while (0)
536
537
538/*
539 * The enter macro. Prints the trace if TRACE is on.
540 */
541extern int slib_do_trace;
542extern int slib_trace_fd;
543
544#if defined(SL_DEBUG)
545#define SL_ENTER(s) sl_stack_push(s, FIL__, __LINE__);
546#else
547#define SL_ENTER(s) if (slib_do_trace != 0) sl_trace_in(s, FIL__, __LINE__);
548#endif
549
550/*
551 * The return macro.
552 */
553#if defined(SL_DEBUG)
554#ifndef S_SPLINT_S
555#define SL_RETURN(x, s) \
556do { \
557 sl_stack_pop(s, FIL__, __LINE__); \
558 return(x); \
559} while(0)
560#else
561/*@notfunction@*/
562#define SL_RETURN(x, s) return(x);
563#endif /* S_SPLINT_S */
564#else
565#ifndef S_SPLINT_S
566#define SL_RETURN(x, s) \
567do { \
568 if (slib_do_trace != 0) \
569 sl_trace_out(s, FIL__, __LINE__); \
570 return(x); \
571} while(0)
572#else
573/*@notfunction@*/
574#define SL_RETURN(x, s) return(x);
575#endif /* S_SPLINT_S */
576#endif /* SL_RETURN macro */
577
578#if defined(SL_DEBUG)
579#define SL_RET0(s) \
580do { \
581 sl_stack_pop(s, FIL__, __LINE__); \
582 return; \
583} while(0)
584#else
585#ifndef S_SPLINT_S
586#define SL_RET0(s) \
587do { \
588 if (slib_do_trace != 0) \
589 sl_trace_out(s, FIL__, __LINE__); \
590 return; \
591} while(0)
592#else
593/*@notfunction@*/
594#define SL_RET0(s) return;
595#endif /* S_SPLINT_S */
596#endif /* SL_RETURN macro */
597
598#if defined(SL_DEBUG)
599void sl_stack_push(char * c, char * file, int line);
600void sl_stack_pop(char * c, char * file, int line);
[170]601void sl_stack_print(void);
[1]602#endif
[170]603void sl_trace_in (const char * str, const char * file, int line);
604void sl_trace_out (const char * str, const char * file, int line);
[20]605int sl_trace_file (const char * str);
606int sl_trace_use (const char * str);
[1]607
608
609
610
611/*
612 * The internal return macro. Sets sl_errno to the return value.
613 */
614
615#if defined(SL_DEBUG)
616#define SL_IRETURN(x, s) \
617do { \
618 if((long)(x) < 0) { \
619 TPT((0, FIL__, __LINE__, SDG_ERROR, (long)(x))) \
620 sl_errno=(x); \
621 } \
622 sl_stack_pop(s, FIL__, __LINE__); \
623 if (1) return(x); \
624} while(0)
625#else
626#define SL_IRETURN(x, s) \
627do { \
628 if ((long)(x) < 0) sl_errno=(x); \
629 if (slib_do_trace) \
630 sl_trace_out(s, FIL__, __LINE__); \
631 if (1) return(x); \
632} while(0)
633
634#endif /* SL_IRETURN macro */
635
636
637
638/* slib.h */
639#endif
640
641
642
643
Note: See TracBrowser for help on using the repository browser.