source: trunk/include/slib.h@ 157

Last change on this file since 157 was 156, checked in by katerina, 17 years ago

Put result vector of rng in skey struct, fix HP-UX compile error.

File size: 14.1 KB
Line 
1/* --------------------------------------------------------------
2 *
3 * The developement of this library has been stimulated by reading
4 * a paper on 'Robust Programming' by Matt Bishop, although
5 * not all of his ideas might be implemented in the same
6 * strictness as discussed in the paper.
7 *
8 * --------------------------------------------------------------
9 */
10
11#ifndef SL_SLIB_H
12#define SL_SLIB_H
13
14#include <errno.h>
15#include <stdio.h>
16#include <stdlib.h>
17#include <stdarg.h>
18#include <sys/types.h>
19
20#include "config_xor.h"
21
22#ifdef HAVE_UNISTD_H
23#include <unistd.h>
24#endif
25
26/****************
27
28 -- Defined in config.h. --
29
30 #ifndef _(string)
31 #define _(string) string
32 #endif
33
34 #ifndef N_(string)
35 #define N_(string) string
36 #endif
37
38*****************/
39
40/* --------------------------------------------------------------
41 *
42 * Typedefs, global variables, macros.
43 *
44 * --------------------------------------------------------------
45 */
46
47extern long int sl_errno; /* Global error variable. */
48
49
50/* The ticketing system; used to hide internals from the
51 * programmer.
52 */
53typedef long int SL_TICKET; /* Unique ID for opened files. */
54
55
56/*
57 * TRUE, FALSE
58 */
59#define SL_TRUE 1
60#define SL_FALSE 0
61
62#define SH_GRBUF_SIZE 4096
63#define SH_PWBUF_SIZE 4096
64
65
66#if defined(__GNUC__) && (__GNUC__ >= 3)
67#undef SL_GNUC_CONST
68#define SL_GNUC_CONST __attribute__((const))
69#else
70#undef SL_GNUC_CONST
71#define SL_GNUC_CONST
72#endif
73
74/*
75 * The following macros are provided:
76 *
77 * SL_ISERROR(x) TRUE if return status of 'x' is an error code.
78 * SL_REQUIRE(x, xstr) Abort if 'x' is false.
79 * SL_ENTER(s) Trace entry in function 's'.
80 * SL_RETURN(x, s) Trace return from function 's'.
81 */
82
83
84/*
85 * The error codes.
86 */
87#define SL_ENONE 0
88
89#define SL_ENULL -1024 /* Invalid use of NULL pointer. */
90#define SL_ERANGE -1025 /* Argument out of range. */
91#define SL_ETRUNC -1026 /* Result truncated. */
92#define SL_EREPEAT -1027 /* Illegal repeated use of function. */
93
94#define SL_EINTERNAL -1028 /* Internal error. */
95#define SL_ETICKET -1029 /* Bad ticket. */
96#define SL_EBADFILE -1030 /* File access error. Check errno. */
97#define SL_EBOGUS -1031 /* Bogus file. */
98#define SL_EMEM -1032 /* Out of memory. */
99#define SL_EUNLINK -1033 /* Unlink error. Check errno. */
100#define SL_EREWIND -1034 /* Rewind error. Check errno. */
101#define SL_EFORWARD -1035 /* Forward error. Check errno. */
102#define SL_EREAD -1036 /* Read error. Check errno. */
103#define SL_EWRITE -1037 /* Write error. Check errno. */
104#define SL_ESYNC -1038 /* Write error. Check errno. */
105
106#define SL_EBADNAME -1040 /* Invalid name. */
107#define SL_ESTAT -1041 /* stat of file failed. Check errno. */
108
109#define SL_EBADUID -1050 /* Owner not trustworthy. */
110#define SL_EBADGID -1051 /* Group writeable and not trustworthy.*/
111#define SL_EBADOTH -1052 /* World writeable. */
112
113#define SL_TOOMANY -1053 /* Too many open files */
114#define SL_TIMEOUT -1054 /* Timeout in read */
115/*
116 * All int functions return SL_NONE on success.
117 */
118
119#ifdef __cplusplus
120extern "C" {
121#endif
122
123 int dlog (int flag, char * file, int line, const char *fmt, ...);
124
125 char * sl_get_errmsg();
126
127 /* ----------------------------------------------------------------
128 *
129 * Heap consistency routines
130 *
131 * ---------------------------------------------------------------- */
132
133 int sl_test_heap();
134
135 /* ----------------------------------------------------------------
136 *
137 * Capability routines
138 *
139 * ---------------------------------------------------------------- */
140
141 extern int sl_useCaps;
142
143 int sl_drop_cap ();
144 int sl_drop_cap_sub();
145 int sl_get_cap_sub();
146 int sl_drop_cap_qdel();
147 int sl_get_cap_qdel();
148
149 /* ----------------------------------------------------------------
150 *
151 * String handling routines
152 *
153 * ---------------------------------------------------------------- */
154
155 /*
156 * A memset that does not get optimized away
157 */
158 void *sl_memset(void *s, int c, size_t n);
159#if !defined(SH_REAL_SET)
160#undef memset
161#define memset sl_memset
162#endif
163
164 /*
165 * Copy src to dst. siz is the length of dst.
166 */
167 int sl_strlcpy(char * dst, /*@null@*/const char * src, size_t siz);
168
169 /*
170 * Append src to dst. siz is the length of dst.
171 */
172 int sl_strlcat(char * dst, /*@null@*/const char *src, size_t siz);
173
174 /*
175 * An implementation of vsnprintf. va_start/va_end are in the caller
176 * function.
177 */
178 int sl_vsnprintf(char *str, size_t n,
179 const char *format, va_list vl );
180
181 /*
182 * An implementation of snprintf.
183 */
184 int sl_snprintf(char *str, size_t n,
185 const char *format, ... );
186
187 /*
188 * A robust drop-in replacement of strncpy. strlcpy is preferable.
189 */
190 char * sl_strncpy(/*@out@*/char *dst, const char *src, size_t size);
191
192 /*
193 * Robust strncat.
194 */
195 char * sl_strncat(char *dst, const char *src, size_t n);
196
197 /*
198 * strstr
199 */
200 char * sl_strstr (const char * haystack, const char * needle);
201
202 /*
203 * robust strncmp replacement
204 */
205 int sl_strncmp(const char * a, const char * b, size_t n);
206
207 /*
208 * robust strcmp replacement
209 */
210 int sl_strcmp(const char * a, const char * b);
211
212 /*
213 * robust strlen replacement
214 */
215#define sl_strlen(arg) ((arg == NULL) ? 0 : (strlen(arg)))
216
217 /* ----------------------------------------------------------------
218 *
219 * Privilege handling routines
220 *
221 * ---------------------------------------------------------------- */
222
223 /*
224 * ONE OF THE FOLLOWING THREE FUNCTIONS
225 * SHOULD BE CALLED BEFORE ANY OTHER OF THE
226 * UID HANDLING FUNCTIONS.
227 */
228 int sl_policy_get_user(char *username); /* drop SUID to <username> */
229 int sl_policy_get_real(char *username); /* drop privs to <username> */
230 int sl_policy_get_root(void); /* drop SUID to root */
231
232 /*
233 * If not using one of the above, use this function,
234 * and then call sh_unset_suid().
235 * This function saves the uid's.
236 * It calls abort() on error.
237 */
238 int sl_save_uids(void);
239
240 /*
241 * This function returns the saved euid.
242 * It calls abort() if the uid's are not saved already.
243 */
244 int sl_get_euid(/*@out@*/uid_t * ret);
245 uid_t sl_ret_euid();
246
247 /*
248 * This function returns the saved egid.
249 * It calls abort() if the uid's are not saved already.
250 */
251 int sl_get_egid(/*@out@*/gid_t * ret);
252
253 /*
254 * This function returns the saved current ruid.
255 * It calls abort() if the uid's are not saved already.
256 */
257 int sl_get_ruid(/*@out@*/uid_t * ret);
258
259 /*
260 * This function returns the saved current rgid.
261 * It calls abort() if the uid's are not saved already.
262 */
263 int sl_get_rgid(gid_t * ret);
264
265 /*
266 * This function returns the saved original ruid.
267 * It calls abort() if the uid's are not saved already.
268 */
269 int sl_get_ruid_orig(uid_t * ret);
270
271 /*
272 * This function returns the saved original rgid.
273 * It calls abort() if the uid's are not saved already.
274 */
275 int sl_get_rgid_orig(gid_t * ret);
276
277 /*
278 * This function returns true if the program is SUID.
279 * It calls abort() if the uid's are not saved already.
280 */
281 int sl_is_suid(void);
282
283 /*
284 * This function sets the effective uid
285 * to the saved effective uid.
286 */
287 int sl_set_suid (void);
288
289 /*
290 * This function sets the effective uid to the real uid.
291 */
292 int sl_unset_suid (void);
293
294 /*
295 * This function drops SUID privileges irrevocably.
296 */
297 int sl_drop_privileges(void);
298
299 /* ----------------------------------------------------------------
300 *
301 * File handling routines
302 *
303 * ---------------------------------------------------------------- */
304
305 SL_TICKET sl_make_ticket (int fd, const char * path);
306
307 /* Open for writing.
308 */
309 SL_TICKET sl_open_write (const char * fname, int priviledge_mode);
310
311 /* Open for reading.
312 */
313 SL_TICKET sl_open_read (const char * fname, int priviledge_mode);
314
315 /* Open for reading w/minimum checking.
316 */
317 SL_TICKET sl_open_fastread (const char * fname, int priviledge_mode);
318
319 /* Open for read and write.
320 */
321 SL_TICKET sl_open_rdwr (const char * fname, int priviledge_mode);
322
323 /* Open for read and write, fail if file exists.
324 */
325 SL_TICKET sl_open_safe_rdwr (const char * fname, int priv);
326
327 /* Open for write, truncate.
328 */
329 SL_TICKET sl_open_write_trunc (const char * fname, int priviledge_mode);
330
331 /* Open for read and write, truncate.
332 */
333 SL_TICKET sl_open_rdwr_trunc (const char * fname, int priviledge_mode);
334
335 /* Close file.
336 */
337 int sl_close (SL_TICKET ticket);
338
339 /* Unlink file.
340 */
341 int sl_unlink (SL_TICKET ticket);
342
343 /* Rewind file.
344 */
345 int sl_rewind (SL_TICKET ticket);
346
347 /* Seek file.
348 */
349 int sl_seek (SL_TICKET ticket, off_t off_data);
350
351 /* Forward file.
352 */
353 int sl_forward (SL_TICKET ticket);
354
355 /* Sync file.
356 */
357 int sl_sync (SL_TICKET ticket);
358
359 /* Read file.
360 */
361 int sl_read (SL_TICKET ticket, void * buf, size_t count);
362
363 int sl_read_timeout_prep (SL_TICKET ticket);
364
365 int sl_read_timeout_fd (int fd, void * buf,
366 size_t count, int timeout, int is_nonblocking);
367
368 int sl_read_timeout (SL_TICKET ticket, void * buf,
369 size_t count, int timeout, int is_nonblocking);
370
371 int sl_read_fast (SL_TICKET ticket, void * buf_in, size_t count);
372
373 /* Write file.
374 */
375 int sl_write (SL_TICKET ticket, void * msg, long nbytes);
376
377 /* Write file, terminate with newline.
378 */
379 int sl_write_line (SL_TICKET ticket, void * msg, long nbytes);
380
381 /* As above, but only for non-constant strings.
382 */
383 int sl_write_line_fast (SL_TICKET ticket, void * msg, long nbytes);
384
385 /* Drop all metadata for file descriptors >= fd.
386 */
387 int sl_dropall(int fd, int except);
388
389 /* Check whether file is trustworthy.
390 */
391 int sl_trustfile(char * path, uid_t * ok, uid_t * bad);
392
393 /* Check whether file is trustworthy.
394 */
395 int sl_trustfile_euid(char * filename, uid_t euid);
396
397 /* purge list of trusted users
398 */
399 int sl_trust_purge_user ();
400
401 /* Add a trusted user.
402 */
403 int sl_trust_add_user (uid_t pwid);
404
405 /* Get error string.
406 */
407 char * sl_error_string(int errorcode);
408
409 /* Get error file.
410 */
411 char * sl_trust_errfile(void);
412
413 /* Overflow tests
414 */
415 int sl_ok_muli (int a, int b) SL_GNUC_CONST;
416 int sl_ok_divi (int a, int b) SL_GNUC_CONST;
417 int sl_ok_addi (int a, int b) SL_GNUC_CONST;
418 int sl_ok_subi (int a, int b) SL_GNUC_CONST;
419
420 int sl_ok_muls (size_t a, size_t b) SL_GNUC_CONST;
421 int sl_ok_adds (size_t a, size_t b) SL_GNUC_CONST;
422
423
424#ifdef __cplusplus
425}
426#endif
427
428/* Privilege modes for file access.
429 */
430#define SL_YESPRIV 0x33
431#define SL_NOPRIV 0x34
432
433/* Suitable for Linux
434 */
435#define MAXFILENAME 4096
436
437
438/*
439 * This macro is TRUE if (x) < 0.
440 */
441#define SL_ISERROR(x) ((long)(x) < 0)
442
443#if defined(WITH_TPT)
444#define TPT(arg) dlog arg ;
445#else
446#define TPT(arg)
447#endif
448
449
450/*
451 * The 'require' macro.
452 */
453#define SL_REQUIRE(assertion, astext) \
454do { \
455 /*@i@*/ if (assertion) ; \
456 else { \
457 dlog(0, FIL__, __LINE__, SDG_AFAIL, \
458 FIL__, __LINE__, astext); \
459 _exit(EXIT_FAILURE); \
460 } \
461} while (0)
462
463
464/*
465 * The enter macro. Prints the trace if TRACE is on.
466 */
467extern int slib_do_trace;
468extern int slib_trace_fd;
469
470#if defined(SL_DEBUG)
471#define SL_ENTER(s) sl_stack_push(s, FIL__, __LINE__);
472#else
473#define SL_ENTER(s) if (slib_do_trace != 0) sl_trace_in(s, FIL__, __LINE__);
474#endif
475
476/*
477 * The return macro.
478 */
479#if defined(SL_DEBUG)
480#ifndef S_SPLINT_S
481#define SL_RETURN(x, s) \
482do { \
483 sl_stack_pop(s, FIL__, __LINE__); \
484 return(x); \
485} while(0)
486#else
487/*@notfunction@*/
488#define SL_RETURN(x, s) return(x);
489#endif /* S_SPLINT_S */
490#else
491#ifndef S_SPLINT_S
492#define SL_RETURN(x, s) \
493do { \
494 if (slib_do_trace != 0) \
495 sl_trace_out(s, FIL__, __LINE__); \
496 return(x); \
497} while(0)
498#else
499/*@notfunction@*/
500#define SL_RETURN(x, s) return(x);
501#endif /* S_SPLINT_S */
502#endif /* SL_RETURN macro */
503
504#if defined(SL_DEBUG)
505#define SL_RET0(s) \
506do { \
507 sl_stack_pop(s, FIL__, __LINE__); \
508 return; \
509} while(0)
510#else
511#ifndef S_SPLINT_S
512#define SL_RET0(s) \
513do { \
514 if (slib_do_trace != 0) \
515 sl_trace_out(s, FIL__, __LINE__); \
516 return; \
517} while(0)
518#else
519/*@notfunction@*/
520#define SL_RET0(s) return;
521#endif /* S_SPLINT_S */
522#endif /* SL_RETURN macro */
523
524#if defined(SL_DEBUG)
525void sl_stack_push(char * c, char * file, int line);
526void sl_stack_pop(char * c, char * file, int line);
527void sl_stack_print();
528#endif
529void sl_trace_in (char * str, char * file, int line);
530void sl_trace_out (char * str, char * file, int line);
531int sl_trace_file (const char * str);
532int sl_trace_use (const char * str);
533
534
535
536
537/*
538 * The internal return macro. Sets sl_errno to the return value.
539 */
540
541#if defined(SL_DEBUG)
542#define SL_IRETURN(x, s) \
543do { \
544 if((long)(x) < 0) { \
545 TPT((0, FIL__, __LINE__, SDG_ERROR, (long)(x))) \
546 sl_errno=(x); \
547 } \
548 sl_stack_pop(s, FIL__, __LINE__); \
549 if (1) return(x); \
550} while(0)
551#else
552#define SL_IRETURN(x, s) \
553do { \
554 if ((long)(x) < 0) sl_errno=(x); \
555 if (slib_do_trace) \
556 sl_trace_out(s, FIL__, __LINE__); \
557 if (1) return(x); \
558} while(0)
559
560#endif /* SL_IRETURN macro */
561
562
563
564/* slib.h */
565#endif
566
567
568
569
Note: See TracBrowser for help on using the repository browser.