Context Navigation

source: trunk/include/slib.h@ 462

Last change on this file since 462 was 428, checked in by katerina, 12 years ago
Fix for ticket #335 (warn if buffer for group reading is too small).
File size: 16.6 KB

Line
1	/* --------------------------------------------------------------
2	*
3	* The developement of this library has been stimulated by reading
4	* a paper on 'Robust Programming' by Matt Bishop, although
5	* not all of his ideas might be implemented in the same
6	* strictness as discussed in the paper.
7	*
8	* --------------------------------------------------------------
9	*/
10
11	#ifndef SL_SLIB_H
12	#define SL_SLIB_H
13
14	#include <errno.h>
15	#include <stdio.h>
16	#include <stdlib.h>
17	#include <stdarg.h>
18	#include <sys/types.h>
19
20	#include "config_xor.h"
21
22	#ifdef HAVE_UNISTD_H
23	#include <unistd.h>
24	#endif
25
26	#include "sh_string.h"
27
28	/****************
29
30	-- Defined in config.h. --
31
32	#ifndef _(string)
33	#define _(string) string
34	#endif
35
36	#ifndef N_(string)
37	#define N_(string) string
38	#endif
39
40	*****************/
41
42
43	/* --------------------------------------------------------------
44	*
45	* Typedefs, global variables, macros.
46	*
47	* --------------------------------------------------------------
48	*/
49
50	extern long int sl_errno; /* Global error variable. */
51
52
53	/* The ticketing system; used to hide internals from the
54	* programmer.
55	*/
56	typedef long int SL_TICKET; /* Unique ID for opened files. */
57
58
59	/*
60	* TRUE, FALSE
61	*/
62	#define SL_TRUE 1
63	#define SL_FALSE 0
64
65	#define SH_GRBUF_SIZE 4096
66	#define SH_PWBUF_SIZE 32768
67
68
69	#if defined(__GNUC__) && (__GNUC__ >= 3)
70	#undef SL_GNUC_CONST
71	#define SL_GNUC_CONST __attribute__((const))
72	#else
73	#undef SL_GNUC_CONST
74	#define SL_GNUC_CONST
75	#endif
76
77	/*
78	* The following macros are provided:
79	*
80	* SL_ISERROR(x) TRUE if return status of 'x' is an error code.
81	* SL_REQUIRE(x, xstr) Abort if 'x' is false.
82	* SL_ENTER(s) Trace entry in function 's'.
83	* SL_RETURN(x, s) Trace return from function 's'.
84	*/
85
86
87	/*
88	* The error codes.
89	*/
90	#define SL_ENONE 0
91
92	#define SL_ENULL -1024 /* Invalid use of NULL pointer. */
93	#define SL_ERANGE -1025 /* Argument out of range. */
94	#define SL_ETRUNC -1026 /* Result truncated. */
95	#define SL_EREPEAT -1027 /* Illegal repeated use of function. */
96
97	#define SL_EINTERNAL -1028 /* Internal error. */
98	#define SL_ETICKET -1029 /* Bad ticket. */
99	#define SL_EBADFILE -1030 /* File access error. Check errno. */
100	#define SL_EBOGUS -1031 /* Bogus file. */
101	#define SL_EMEM -1032 /* Out of memory. */
102	#define SL_EUNLINK -1033 /* Unlink error. Check errno. */
103	#define SL_EREWIND -1034 /* Rewind error. Check errno. */
104	#define SL_EFORWARD -1035 /* Forward error. Check errno. */
105	#define SL_EREAD -1036 /* Read error. Check errno. */
106	#define SL_EWRITE -1037 /* Write error. Check errno. */
107	#define SL_ESYNC -1038 /* Write error. Check errno. */
108
109	#define SL_EBADNAME -1040 /* Invalid name. */
110	#define SL_ESTAT -1041 /* stat of file failed. Check errno. */
111	#define SL_EFSTAT -1042 /* fstat of file failed. Check errno. */
112
113	#define SL_EBADUID -1050 /* Owner not trustworthy. */
114	#define SL_EBADGID -1051 /* Group writeable and not trustworthy.*/
115	#define SL_EBADOTH -1052 /* World writeable. */
116
117	#define SL_TOOMANY -1053 /* Too many open files */
118	#define SL_TIMEOUT -1054 /* Timeout in read */
119
120	#define SL_EISDIR -1055 /* Is a directory */
121
122	#define SL_EINTERNAL01 -1061 /* Internal error. */
123	#define SL_EINTERNAL02 -1062 /* Internal error. */
124	#define SL_EINTERNAL03 -1063 /* Internal error. */
125	#define SL_EINTERNAL04 -1064 /* Internal error. */
126	#define SL_EINTERNAL05 -1065 /* Internal error. */
127	#define SL_EINTERNAL06 -1066 /* Internal error. */
128	#define SL_EINTERNAL07 -1067 /* Internal error. */
129	#define SL_EINTERNAL08 -1068 /* Internal error. */
130	#define SL_EINTERNAL09 -1069 /* Internal error. */
131	#define SL_EINTERNAL10 -1070 /* Internal error. */
132	#define SL_EINTERNAL11 -1071 /* Internal error. */
133	#define SL_EINTERNAL12 -1072 /* Internal error. */
134
135	/*
136	* All int functions return SL_NONE on success.
137	*/
138
139	#ifdef __cplusplus
140	extern "C" {
141	#endif
142
143	int dlog (int flag, const char * file, int line, const char *fmt, ...);
144
145	char * sl_get_errmsg(void);
146
147	/* ----------------------------------------------------------------
148	*
149	* Heap consistency routines
150	*
151	* ---------------------------------------------------------------- */
152
153	int sl_test_heap(void);
154
155	/* ----------------------------------------------------------------
156	*
157	* Capability routines
158	*
159	* ---------------------------------------------------------------- */
160
161	extern int sl_useCaps;
162
163	int sl_drop_cap (void);
164	int sl_drop_cap_sub(void);
165	int sl_get_cap_sub(void);
166	int sl_drop_cap_qdel(void);
167	int sl_get_cap_qdel(void);
168
169	/* ----------------------------------------------------------------
170	*
171	* String handling routines
172	*
173	* ---------------------------------------------------------------- */
174
175	/*
176	* A memset that does not get optimized away
177	*/
178	void sl_memset(void s, int c, size_t n);
179	#if !defined(SH_REAL_SET)
180	#undef memset
181	#define memset sl_memset
182	#endif
183
184	/*
185	* Copy src to dst. siz is the length of dst.
186	*/
187	int sl_strlcpy(char * dst, /@null@/const char * src, size_t siz);
188
189	/*
190	* Append src to dst. siz is the length of dst.
191	*/
192	int sl_strlcat(char * dst, /@null@/const char *src, size_t siz);
193
194	/*
195	* An implementation of vsnprintf. va_start/va_end are in the caller
196	* function.
197	*/
198	int sl_vsnprintf(char *str, size_t n,
199	const char *format, va_list vl );
200
201	/*
202	* An implementation of snprintf.
203	*/
204	int sl_snprintf(char *str, size_t n,
205	const char *format, ... );
206
207	/*
208	* A robust drop-in replacement of strncpy. strlcpy is preferable.
209	*/
210	char * sl_strncpy(/@out@/char dst, const char src, size_t size);
211
212	/*
213	* Robust strncat.
214	*/
215	char * sl_strncat(char dst, const char src, size_t n);
216
217	/*
218	* strstr
219	*/
220	char * sl_strstr (const char * haystack, const char * needle);
221
222	/*
223	* robust strn[case]cmp replacement
224	*/
225	int sl_strncmp(const char * a, const char * b, size_t n);
226
227	int sl_strncasecmp(const char * a, const char * b, size_t n);
228
229	/*
230	* robust strcmp replacement
231	*/
232	int sl_strcmp(const char * a, const char * b);
233
234	/*
235	* robust strcasecmp replacement
236	*/
237	int sl_strcasecmp(const char * one, const char * two);
238
239	/*
240	* robust strlen replacement
241	*/
242	#define sl_strlen(arg) ((arg == NULL) ? 0 : (strlen(arg)))
243
244	/* ----------------------------------------------------------------
245	*
246	* Privilege handling routines
247	*
248	* ---------------------------------------------------------------- */
249
250	/*
251	* ONE OF THE FOLLOWING THREE FUNCTIONS
252	* SHOULD BE CALLED BEFORE ANY OTHER OF THE
253	* UID HANDLING FUNCTIONS.
254	*/
255	int sl_policy_get_user(const char username); / drop SUID to <username> */
256	int sl_policy_get_real(char username); / drop privs to <username> */
257	int sl_policy_get_root(void); /* drop SUID to root */
258
259	/*
260	* If not using one of the above, use this function,
261	* and then call sh_unset_suid().
262	* This function saves the uid's.
263	* It calls abort() on error.
264	*/
265	int sl_save_uids(void);
266
267	/*
268	* This function returns the saved euid.
269	* It calls abort() if the uid's are not saved already.
270	*/
271	int sl_get_euid(/@out@/uid_t * ret);
272	uid_t sl_ret_euid(void);
273
274	/*
275	* This function returns the saved egid.
276	* It calls abort() if the uid's are not saved already.
277	*/
278	int sl_get_egid(/@out@/gid_t * ret);
279
280	/*
281	* This function returns the saved current ruid.
282	* It calls abort() if the uid's are not saved already.
283	*/
284	int sl_get_ruid(/@out@/uid_t * ret);
285
286	/*
287	* This function returns the saved current rgid.
288	* It calls abort() if the uid's are not saved already.
289	*/
290	int sl_get_rgid(gid_t * ret);
291
292	/*
293	* This function returns the saved original ruid.
294	* It calls abort() if the uid's are not saved already.
295	*/
296	int sl_get_ruid_orig(uid_t * ret);
297
298	/*
299	* This function returns the saved original rgid.
300	* It calls abort() if the uid's are not saved already.
301	*/
302	int sl_get_rgid_orig(gid_t * ret);
303
304	/*
305	* This function returns true if the program is SUID.
306	* It calls abort() if the uid's are not saved already.
307	*/
308	int sl_is_suid(void);
309
310	/*
311	* This function sets the effective uid
312	* to the saved effective uid.
313	*/
314	int sl_set_suid (void);
315
316	/*
317	* This function sets the effective uid to the real uid.
318	*/
319	int sl_unset_suid (void);
320
321	/*
322	* This function drops SUID privileges irrevocably.
323	*/
324	int sl_drop_privileges(void);
325
326	/* ----------------------------------------------------------------
327	*
328	* File handling routines
329	*
330	* ---------------------------------------------------------------- */
331
332	#define SL_OFILE_SIZE 32
333
334	char * sl_check_badfd();
335	char * sl_check_stale();
336
337	/* Create a file record for an open file
338	*/
339	SL_TICKET sl_make_ticket (const char * ofile, int oline,
340	int fd, const char * filename, FILE * stream);
341
342	/* Get the pointer to a stream. If none exists yet, open it
343	*/
344	FILE * sl_stream (SL_TICKET ticket, char * mode);
345
346	/* Open for writing.
347	*/
348	SL_TICKET sl_open_write (const char * ofile, int oline,
349	const char * fname, int priviledge_mode);
350
351	/* Open for reading.
352	*/
353	SL_TICKET sl_open_read (const char * ofile, int oline,
354	const char * fname, int priviledge_mode);
355
356	/* Drop from cach when closing
357	*/
358	int sl_set_drop_cache(const char * str);
359
360	/* Open for reading w/minimum checking.
361	*/
362	SL_TICKET sl_open_fastread (const char * ofile, int oline,
363	const char * fname, int priviledge_mode);
364
365	/* Open for read and write.
366	*/
367	SL_TICKET sl_open_rdwr (const char * ofile, int oline,
368	const char * fname, int priviledge_mode);
369
370	/* Open for read and write, fail if file exists.
371	*/
372	SL_TICKET sl_open_safe_rdwr (const char * ofile, int oline,
373	const char * fname, int priv);
374
375	/* Open for write, truncate.
376	*/
377	SL_TICKET sl_open_write_trunc (const char * ofile, int oline,
378	const char * fname, int priviledge_mode);
379
380	/* Open for read and write, truncate.
381	*/
382	SL_TICKET sl_open_rdwr_trunc (const char * ofile, int oline,
383	const char * fname, int priviledge_mode);
384
385	/* Initialize the content sh_string.
386	*/
387	int sl_init_content (SL_TICKET ticket, size_t size);
388
389	/* Get the (pointer to) the content sh_string.
390	*/
391	sh_string * sl_get_content (SL_TICKET ticket);
392
393	/* Lock file (uses fcntl F_SETLK).
394	*/
395	int sl_lock (SL_TICKET ticket);
396
397	/* Close file.
398	*/
399	int sl_close (SL_TICKET ticket);
400
401	/* Close file descriptor.
402	*/
403	int sl_close_fd (const char * file, int line, int fd);
404
405	/* Close stream.
406	*/
407	int sl_fclose (const char * file, int line, FILE * fp);
408
409	/* Unlink file.
410	*/
411	int sl_unlink (SL_TICKET ticket);
412
413	/* Rewind file.
414	*/
415	int sl_rewind (SL_TICKET ticket);
416
417	/* Seek file.
418	*/
419	int sl_seek (SL_TICKET ticket, off_t off_data);
420
421	/* Forward file.
422	*/
423	int sl_forward (SL_TICKET ticket);
424
425	/* Sync file.
426	*/
427	int sl_sync (SL_TICKET ticket);
428
429	/* Read file.
430	*/
431	int sl_read (SL_TICKET ticket, void * buf, size_t count);
432
433	int sl_read_timeout_prep (SL_TICKET ticket);
434
435	int sl_read_timeout_fd (int fd, void * buf,
436	size_t count, int timeout, int is_nonblocking);
437
438	int sl_read_timeout (SL_TICKET ticket, void * buf,
439	size_t count, int timeout, int is_nonblocking);
440
441	int sl_read_fast (SL_TICKET ticket, void * buf_in, size_t count);
442
443	/* Write file.
444	*/
445	int sl_write (SL_TICKET ticket, const void * msg, long nbytes);
446
447	/* Write file, terminate with newline.
448	*/
449	int sl_write_line (SL_TICKET ticket, const void * msg, long nbytes);
450
451	/* As above, but only for non-constant strings.
452	*/
453	int sl_write_line_fast (SL_TICKET ticket, void * msg, long nbytes);
454
455	/* Drop all metadata for file descriptors >= fd.
456	*/
457	int sl_dropall(int fd, int except);
458	int sl_dropall_dirty(int fd, int except); /* don't deallocate */
459
460	/* Check whether file is trustworthy.
461	*/
462	int sl_trustfile(const char * path, uid_t * ok, uid_t * bad);
463
464	/* Check whether file is trustworthy.
465	*/
466	int sl_trustfile_euid(const char * filename, uid_t euid);
467
468	/* purge list of trusted users
469	*/
470	int sl_trust_purge_user (void);
471
472	/* Add a trusted user.
473	*/
474	int sl_trust_add_user (uid_t pwid);
475
476	/* Get error string.
477	*/
478	char * sl_error_string(int errorcode);
479
480	/* Get error file.
481	*/
482	char * sl_trust_errfile(void);
483
484	/* Overflow tests
485	*/
486	int sl_ok_muli (int a, int b) SL_GNUC_CONST;
487	int sl_ok_divi (int a, int b) SL_GNUC_CONST;
488	int sl_ok_addi (int a, int b) SL_GNUC_CONST;
489	int sl_ok_subi (int a, int b) SL_GNUC_CONST;
490
491	int sl_ok_muls (size_t a, size_t b) SL_GNUC_CONST;
492	int sl_ok_adds (size_t a, size_t b) SL_GNUC_CONST;
493
494
495	#ifdef __cplusplus
496	}
497	#endif
498
499	/* Privilege modes for file access.
500	*/
501	#define SL_YESPRIV 0x33
502	#define SL_NOPRIV 0x34
503
504	/* Suitable for Linux
505	*/
506	#define MAXFILENAME 4096
507
508
509	/*
510	* This macro is TRUE if (x) < 0.
511	*/
512	#define SL_ISERROR(x) ((long)(x) < 0)
513
514	#if defined(WITH_TPT)
515	#define TPT(arg) dlog arg ;
516	#else
517	#define TPT(arg)
518	#endif
519
520
521	/*
522	* The 'require' macro.
523	*/
524	#define SL_REQUIRE(assertion, astext) \
525	do { \
526	/@i@/ if (assertion) ; \
527	else { \
528	dlog(0, FIL__, __LINE__, SDG_AFAIL, \
529	FIL__, __LINE__, astext); \
530	_exit(EXIT_FAILURE); \
531	} \
532	} while (0)
533
534
535	/*
536	* The enter macro. Prints the trace if TRACE is on.
537	*/
538	extern int slib_do_trace;
539	extern int slib_trace_fd;
540
541	#if defined(SL_DEBUG)
542	#define SL_ENTER(s) sl_stack_push(s, FIL__, __LINE__);
543	#else
544	#define SL_ENTER(s) if (slib_do_trace != 0) sl_trace_in(s, FIL__, __LINE__);
545	#endif
546
547	/*
548	* The return macro.
549	*/
550	#if defined(SL_DEBUG)
551	#ifndef S_SPLINT_S
552	#define SL_RETURN(x, s) \
553	do { \
554	sl_stack_pop(s, FIL__, __LINE__); \
555	return(x); \
556	} while(0)
557	#else
558	/@notfunction@/
559	#define SL_RETURN(x, s) return(x);
560	#endif /* S_SPLINT_S */
561	#else
562	#ifndef S_SPLINT_S
563	#define SL_RETURN(x, s) \
564	do { \
565	if (slib_do_trace != 0) \
566	sl_trace_out(s, FIL__, __LINE__); \
567	return(x); \
568	} while(0)
569	#else
570	/@notfunction@/
571	#define SL_RETURN(x, s) return(x);
572	#endif /* S_SPLINT_S */
573	#endif /* SL_RETURN macro */
574
575	#if defined(SL_DEBUG)
576	#define SL_RET0(s) \
577	do { \
578	sl_stack_pop(s, FIL__, __LINE__); \
579	return; \
580	} while(0)
581	#else
582	#ifndef S_SPLINT_S
583	#define SL_RET0(s) \
584	do { \
585	if (slib_do_trace != 0) \
586	sl_trace_out(s, FIL__, __LINE__); \
587	return; \
588	} while(0)
589	#else
590	/@notfunction@/
591	#define SL_RET0(s) return;
592	#endif /* S_SPLINT_S */
593	#endif /* SL_RETURN macro */
594
595	#if defined(SL_DEBUG)
596	void sl_stack_push(char * c, char * file, int line);
597	void sl_stack_pop(char * c, char * file, int line);
598	void sl_stack_print(void);
599	#endif
600	void sl_trace_in (const char * str, const char * file, int line);
601	void sl_trace_out (const char * str, const char * file, int line);
602	int sl_trace_file (const char * str);
603	int sl_trace_use (const char * str);
604
605
606
607
608	/*
609	* The internal return macro. Sets sl_errno to the return value.
610	*/
611
612	#if defined(SL_DEBUG)
613	#define SL_IRETURN(x, s) \
614	do { \
615	if((long)(x) < 0) { \
616	TPT((0, FIL__, __LINE__, SDG_ERROR, (long)(x))) \
617	sl_errno=(x); \
618	} \
619	sl_stack_pop(s, FIL__, __LINE__); \
620	if (1) return(x); \
621	} while(0)
622	#else
623	#define SL_IRETURN(x, s) \
624	do { \
625	if ((long)(x) < 0) sl_errno=(x); \
626	if (slib_do_trace) \
627	sl_trace_out(s, FIL__, __LINE__); \
628	if (1) return(x); \
629	} while(0)
630
631	#endif /* SL_IRETURN macro */
632
633
634
635	/* slib.h */
636	#endif
637
638
639
640

Note: See TracBrowser for help on using the repository browser.

Download in other formats: