source: trunk/include/slib.h@ 139

Last change on this file since 139 was 138, checked in by rainer, 17 years ago

More fixes for compile and runtime errors.

File size: 13.9 KB
Line 
1/* --------------------------------------------------------------
2 *
3 * The developement of this library has been stimulated by reading
4 * a paper on 'Robust Programming' by Matt Bishop, although
5 * not all of his ideas might be implemented in the same
6 * strictness as discussed in the paper.
7 *
8 * --------------------------------------------------------------
9 */
10
11#ifndef SL_SLIB_H
12#define SL_SLIB_H
13
14#include <errno.h>
15#include <stdio.h>
16#include <stdlib.h>
17#include <stdarg.h>
18#include <sys/types.h>
19
20#include "config_xor.h"
21
22#ifdef HAVE_UNISTD_H
23#include <unistd.h>
24#endif
25
26/****************
27
28 -- Defined in config.h. --
29
30 #ifndef _(string)
31 #define _(string) string
32 #endif
33
34 #ifndef N_(string)
35 #define N_(string) string
36 #endif
37
38*****************/
39
40/* --------------------------------------------------------------
41 *
42 * Typedefs, global variables, macros.
43 *
44 * --------------------------------------------------------------
45 */
46
47extern long int sl_errno; /* Global error variable. */
48
49
50/* The ticketing system; used to hide internals from the
51 * programmer.
52 */
53typedef long int SL_TICKET; /* Unique ID for opened files. */
54
55
56/*
57 * TRUE, FALSE
58 */
59#define SL_TRUE 1
60#define SL_FALSE 0
61
62#define SH_GRBUF_SIZE 4096
63#define SH_PWBUF_SIZE 4096
64
65
66/*
67 * The following macros are provided:
68 *
69 * SL_ISERROR(x) TRUE if return status of 'x' is an error code.
70 * SL_REQUIRE(x, xstr) Abort if 'x' is false.
71 * SL_ENTER(s) Trace entry in function 's'.
72 * SL_RETURN(x, s) Trace return from function 's'.
73 */
74
75
76/*
77 * The error codes.
78 */
79#define SL_ENONE 0
80
81#define SL_ENULL -1024 /* Invalid use of NULL pointer. */
82#define SL_ERANGE -1025 /* Argument out of range. */
83#define SL_ETRUNC -1026 /* Result truncated. */
84#define SL_EREPEAT -1027 /* Illegal repeated use of function. */
85
86#define SL_EINTERNAL -1028 /* Internal error. */
87#define SL_ETICKET -1029 /* Bad ticket. */
88#define SL_EBADFILE -1030 /* File access error. Check errno. */
89#define SL_EBOGUS -1031 /* Bogus file. */
90#define SL_EMEM -1032 /* Out of memory. */
91#define SL_EUNLINK -1033 /* Unlink error. Check errno. */
92#define SL_EREWIND -1034 /* Rewind error. Check errno. */
93#define SL_EFORWARD -1035 /* Forward error. Check errno. */
94#define SL_EREAD -1036 /* Read error. Check errno. */
95#define SL_EWRITE -1037 /* Write error. Check errno. */
96#define SL_ESYNC -1038 /* Write error. Check errno. */
97
98#define SL_EBADNAME -1040 /* Invalid name. */
99#define SL_ESTAT -1041 /* stat of file failed. Check errno. */
100
101#define SL_EBADUID -1050 /* Owner not trustworthy. */
102#define SL_EBADGID -1051 /* Group writeable and not trustworthy.*/
103#define SL_EBADOTH -1052 /* World writeable. */
104
105#define SL_TOOMANY -1053 /* Too many open files */
106#define SL_TIMEOUT -1054 /* Timeout in read */
107/*
108 * All int functions return SL_NONE on success.
109 */
110
111#ifdef __cplusplus
112extern "C" {
113#endif
114
115 int dlog (int flag, char * file, int line, const char *fmt, ...);
116
117 char * sl_get_errmsg();
118
119 /* ----------------------------------------------------------------
120 *
121 * Heap consistency routines
122 *
123 * ---------------------------------------------------------------- */
124
125 int sl_test_heap();
126
127 /* ----------------------------------------------------------------
128 *
129 * Capability routines
130 *
131 * ---------------------------------------------------------------- */
132
133 extern int sl_useCaps;
134
135 int sl_drop_cap ();
136 int sl_drop_cap_sub();
137 int sl_get_cap_sub();
138 int sl_drop_cap_qdel();
139 int sl_get_cap_qdel();
140
141 /* ----------------------------------------------------------------
142 *
143 * String handling routines
144 *
145 * ---------------------------------------------------------------- */
146
147 /*
148 * A memset that does not get optimized away
149 */
150 void *sl_memset(void *s, int c, size_t n);
151#if !defined(SH_REAL_SET)
152#undef memset
153#define memset sl_memset
154#endif
155
156 /*
157 * Copy src to dst. siz is the length of dst.
158 */
159 int sl_strlcpy(char * dst, /*@null@*/const char * src, size_t siz);
160
161 /*
162 * Append src to dst. siz is the length of dst.
163 */
164 int sl_strlcat(char * dst, /*@null@*/const char *src, size_t siz);
165
166 /*
167 * An implementation of vsnprintf. va_start/va_end are in the caller
168 * function.
169 */
170 int sl_vsnprintf(char *str, size_t n,
171 const char *format, va_list vl );
172
173 /*
174 * An implementation of snprintf.
175 */
176 int sl_snprintf(char *str, size_t n,
177 const char *format, ... );
178
179 /*
180 * A robust drop-in replacement of strncpy. strlcpy is preferable.
181 */
182 char * sl_strncpy(/*@out@*/char *dst, const char *src, size_t size);
183
184 /*
185 * Robust strncat.
186 */
187 char * sl_strncat(char *dst, const char *src, size_t n);
188
189 /*
190 * strstr
191 */
192 char * sl_strstr (const char * haystack, const char * needle);
193
194 /*
195 * robust strncmp replacement
196 */
197 int sl_strncmp(const char * a, const char * b, size_t n);
198
199 /*
200 * robust strcmp replacement
201 */
202 int sl_strcmp(const char * a, const char * b);
203
204 /*
205 * robust strlen replacement
206 */
207#define sl_strlen(arg) ((arg == NULL) ? 0 : (strlen(arg)))
208
209 /* ----------------------------------------------------------------
210 *
211 * Privilege handling routines
212 *
213 * ---------------------------------------------------------------- */
214
215 /*
216 * ONE OF THE FOLLOWING THREE FUNCTIONS
217 * SHOULD BE CALLED BEFORE ANY OTHER OF THE
218 * UID HANDLING FUNCTIONS.
219 */
220 int sl_policy_get_user(char *username); /* drop SUID to <username> */
221 int sl_policy_get_real(char *username); /* drop privs to <username> */
222 int sl_policy_get_root(void); /* drop SUID to root */
223
224 /*
225 * If not using one of the above, use this function,
226 * and then call sh_unset_suid().
227 * This function saves the uid's.
228 * It calls abort() on error.
229 */
230 int sl_save_uids(void);
231
232 /*
233 * This function returns the saved euid.
234 * It calls abort() if the uid's are not saved already.
235 */
236 int sl_get_euid(/*@out@*/uid_t * ret);
237 uid_t sl_ret_euid();
238
239 /*
240 * This function returns the saved egid.
241 * It calls abort() if the uid's are not saved already.
242 */
243 int sl_get_egid(/*@out@*/gid_t * ret);
244
245 /*
246 * This function returns the saved current ruid.
247 * It calls abort() if the uid's are not saved already.
248 */
249 int sl_get_ruid(/*@out@*/uid_t * ret);
250
251 /*
252 * This function returns the saved current rgid.
253 * It calls abort() if the uid's are not saved already.
254 */
255 int sl_get_rgid(gid_t * ret);
256
257 /*
258 * This function returns the saved original ruid.
259 * It calls abort() if the uid's are not saved already.
260 */
261 int sl_get_ruid_orig(uid_t * ret);
262
263 /*
264 * This function returns the saved original rgid.
265 * It calls abort() if the uid's are not saved already.
266 */
267 int sl_get_rgid_orig(gid_t * ret);
268
269 /*
270 * This function returns true if the program is SUID.
271 * It calls abort() if the uid's are not saved already.
272 */
273 int sl_is_suid(void);
274
275 /*
276 * This function sets the effective uid
277 * to the saved effective uid.
278 */
279 int sl_set_suid (void);
280
281 /*
282 * This function sets the effective uid to the real uid.
283 */
284 int sl_unset_suid (void);
285
286 /*
287 * This function drops SUID privileges irrevocably.
288 */
289 int sl_drop_privileges(void);
290
291 /* ----------------------------------------------------------------
292 *
293 * File handling routines
294 *
295 * ---------------------------------------------------------------- */
296
297 SL_TICKET sl_make_ticket (int fd, const char * path);
298
299 /* Open for writing.
300 */
301 SL_TICKET sl_open_write (const char * fname, int priviledge_mode);
302
303 /* Open for reading.
304 */
305 SL_TICKET sl_open_read (const char * fname, int priviledge_mode);
306
307 /* Open for reading w/minimum checking.
308 */
309 SL_TICKET sl_open_fastread (const char * fname, int priviledge_mode);
310
311 /* Open for read and write.
312 */
313 SL_TICKET sl_open_rdwr (const char * fname, int priviledge_mode);
314
315 /* Open for read and write, fail if file exists.
316 */
317 SL_TICKET sl_open_safe_rdwr (const char * fname, int priv);
318
319 /* Open for write, truncate.
320 */
321 SL_TICKET sl_open_write_trunc (const char * fname, int priviledge_mode);
322
323 /* Open for read and write, truncate.
324 */
325 SL_TICKET sl_open_rdwr_trunc (const char * fname, int priviledge_mode);
326
327 /* Close file.
328 */
329 int sl_close (SL_TICKET ticket);
330
331 /* Unlink file.
332 */
333 int sl_unlink (SL_TICKET ticket);
334
335 /* Rewind file.
336 */
337 int sl_rewind (SL_TICKET ticket);
338
339 /* Seek file.
340 */
341 int sl_seek (SL_TICKET ticket, off_t off_data);
342
343 /* Forward file.
344 */
345 int sl_forward (SL_TICKET ticket);
346
347 /* Sync file.
348 */
349 int sl_sync (SL_TICKET ticket);
350
351 /* Read file.
352 */
353 int sl_read (SL_TICKET ticket, void * buf, size_t count);
354
355 int sl_read_timeout_prep (SL_TICKET ticket);
356
357 int sl_read_timeout_fd (int fd, void * buf,
358 size_t count, int timeout, int is_nonblocking);
359
360 int sl_read_timeout (SL_TICKET ticket, void * buf,
361 size_t count, int timeout, int is_nonblocking);
362
363 int sl_read_fast (SL_TICKET ticket, void * buf_in, size_t count);
364
365 /* Write file.
366 */
367 int sl_write (SL_TICKET ticket, void * msg, long nbytes);
368
369 /* Write file, terminate with newline.
370 */
371 int sl_write_line (SL_TICKET ticket, void * msg, long nbytes);
372
373 /* As above, but only for non-constant strings.
374 */
375 int sl_write_line_fast (SL_TICKET ticket, void * msg, long nbytes);
376
377 /* Drop all metadata for file descriptors >= fd.
378 */
379 int sl_dropall(int fd, int except);
380
381 /* Check whether file is trustworthy.
382 */
383 int sl_trustfile(char * path, uid_t * ok, uid_t * bad);
384
385 /* Check whether file is trustworthy.
386 */
387 int sl_trustfile_euid(char * filename, uid_t euid);
388
389 /* purge list of trusted users
390 */
391 int sl_trust_purge_user ();
392
393 /* Add a trusted user.
394 */
395 int sl_trust_add_user (uid_t pwid);
396
397 /* Get error string.
398 */
399 char * sl_error_string(int errorcode);
400
401 /* Get error file.
402 */
403 char * sl_trust_errfile(void);
404
405 /* Overflow tests
406 */
407 int sl_ok_muli (int a, int b);
408 int sl_ok_divi (int a, int b);
409 int sl_ok_addi (int a, int b);
410 int sl_ok_subi (int a, int b);
411
412 int sl_ok_muls (size_t a, size_t b);
413 int sl_ok_adds (size_t a, size_t b);
414
415
416#ifdef __cplusplus
417}
418#endif
419
420/* Privilege modes for file access.
421 */
422#define SL_YESPRIV 0x33
423#define SL_NOPRIV 0x34
424
425/* Suitable for Linux
426 */
427#define MAXFILENAME 4096
428
429
430/*
431 * This macro is TRUE if (x) < 0.
432 */
433#define SL_ISERROR(x) ((long)(x) < 0)
434
435#if defined(WITH_TPT)
436#define TPT(arg) dlog arg ;
437#else
438#define TPT(arg)
439#endif
440
441
442/*
443 * The 'require' macro.
444 */
445#define SL_REQUIRE(assertion, astext) \
446do { \
447 /*@i@*/ if (assertion) ; \
448 else { \
449 dlog(0, FIL__, __LINE__, SDG_AFAIL, \
450 FIL__, __LINE__, astext); \
451 _exit(EXIT_FAILURE); \
452 } \
453} while (0)
454
455
456/*
457 * The enter macro. Prints the trace if TRACE is on.
458 */
459extern int slib_do_trace;
460extern int slib_trace_fd;
461
462#if defined(SL_DEBUG)
463#define SL_ENTER(s) sl_stack_push(s, FIL__, __LINE__);
464#else
465#define SL_ENTER(s) if (slib_do_trace != 0) sl_trace_in(s, FIL__, __LINE__);
466#endif
467
468/*
469 * The return macro.
470 */
471#if defined(SL_DEBUG)
472#ifndef S_SPLINT_S
473#define SL_RETURN(x, s) \
474do { \
475 sl_stack_pop(s, FIL__, __LINE__); \
476 return(x); \
477} while(0)
478#else
479/*@notfunction@*/
480#define SL_RETURN(x, s) return(x);
481#endif /* S_SPLINT_S */
482#else
483#ifndef S_SPLINT_S
484#define SL_RETURN(x, s) \
485do { \
486 if (slib_do_trace != 0) \
487 sl_trace_out(s, FIL__, __LINE__); \
488 return(x); \
489} while(0)
490#else
491/*@notfunction@*/
492#define SL_RETURN(x, s) return(x);
493#endif /* S_SPLINT_S */
494#endif /* SL_RETURN macro */
495
496#if defined(SL_DEBUG)
497#define SL_RET0(s) \
498do { \
499 sl_stack_pop(s, FIL__, __LINE__); \
500 return; \
501} while(0)
502#else
503#ifndef S_SPLINT_S
504#define SL_RET0(s) \
505do { \
506 if (slib_do_trace != 0) \
507 sl_trace_out(s, FIL__, __LINE__); \
508 return; \
509} while(0)
510#else
511/*@notfunction@*/
512#define SL_RET0(s) return;
513#endif /* S_SPLINT_S */
514#endif /* SL_RETURN macro */
515
516#if defined(SL_DEBUG)
517void sl_stack_push(char * c, char * file, int line);
518void sl_stack_pop(char * c, char * file, int line);
519void sl_stack_print();
520#endif
521void sl_trace_in (char * str, char * file, int line);
522void sl_trace_out (char * str, char * file, int line);
523int sl_trace_file (const char * str);
524int sl_trace_use (const char * str);
525
526
527
528
529/*
530 * The internal return macro. Sets sl_errno to the return value.
531 */
532
533#if defined(SL_DEBUG)
534#define SL_IRETURN(x, s) \
535do { \
536 if((long)(x) < 0) { \
537 TPT((0, FIL__, __LINE__, SDG_ERROR, (long)(x))) \
538 sl_errno=(x); \
539 } \
540 sl_stack_pop(s, FIL__, __LINE__); \
541 if (1) return(x); \
542} while(0)
543#else
544#define SL_IRETURN(x, s) \
545do { \
546 if ((long)(x) < 0) sl_errno=(x); \
547 if (slib_do_trace) \
548 sl_trace_out(s, FIL__, __LINE__); \
549 if (1) return(x); \
550} while(0)
551
552#endif /* SL_IRETURN macro */
553
554
555
556/* slib.h */
557#endif
558
559
560
561
Note: See TracBrowser for help on using the repository browser.