Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

source: trunk/include/slib.h@ 2

Last change on this file since 2 was 1, checked in by katerina, 19 years ago
Initial import
File size: 13.2 KB

Line
1	/* --------------------------------------------------------------
2	*
3	* The developement of this library has been stimulated by reading
4	* a paper on 'Robust Programming' by Matt Bishop, although
5	* not all of his ideas might be implemented in the same
6	* strictness as discussed in the paper.
7	*
8	* --------------------------------------------------------------
9	*/
10
11	#ifndef SL_SLIB_H
12	#define SL_SLIB_H
13
14	#include <errno.h>
15	#include <stdio.h>
16	#include <stdlib.h>
17	#include <stdarg.h>
18	#include <sys/types.h>
19
20	#include "config_xor.h"
21
22	#ifdef HAVE_UNISTD_H
23	#include <unistd.h>
24	#endif
25
26	/****************
27
28	-- Defined in config.h. --
29
30	#ifndef _(string)
31	#define _(string) string
32	#endif
33
34	#ifndef N_(string)
35	#define N_(string) string
36	#endif
37
38	*****************/
39
40	/* --------------------------------------------------------------
41	*
42	* Typedefs, global variables, macros.
43	*
44	* --------------------------------------------------------------
45	*/
46
47	extern long int sl_errno; /* Global error variable. */
48
49
50	/* The ticketing system; used to hide internals from the
51	* programmer.
52	*/
53	typedef long int SL_TICKET; /* Unique ID for opened files. */
54
55
56	/*
57	* TRUE, FALSE
58	*/
59	#define SL_TRUE 1
60	#define SL_FALSE 0
61
62
63
64	/*
65	* The following macros are provided:
66	*
67	* SL_ISERROR(x) TRUE if return status of 'x' is an error code.
68	* SL_REQUIRE(x, xstr) Abort if 'x' is false.
69	* SL_ENTER(s) Trace entry in function 's'.
70	* SL_RETURN(x, s) Trace return from function 's'.
71	*/
72
73
74	/*
75	* The error codes.
76	*/
77	#define SL_ENONE 0
78
79	#define SL_ENULL -1024 /* Invalid use of NULL pointer. */
80	#define SL_ERANGE -1025 /* Argument out of range. */
81	#define SL_ETRUNC -1026 /* Result truncated. */
82	#define SL_EREPEAT -1027 /* Illegal repeated use of function. */
83
84	#define SL_EINTERNAL -1028 /* Internal error. */
85	#define SL_ETICKET -1029 /* Bad ticket. */
86	#define SL_EBADFILE -1030 /* File access error. Check errno. */
87	#define SL_EBOGUS -1031 /* Bogus file. */
88	#define SL_EMEM -1032 /* Out of memory. */
89	#define SL_EUNLINK -1033 /* Unlink error. Check errno. */
90	#define SL_EREWIND -1034 /* Rewind error. Check errno. */
91	#define SL_EFORWARD -1035 /* Forward error. Check errno. */
92	#define SL_EREAD -1036 /* Read error. Check errno. */
93	#define SL_EWRITE -1037 /* Write error. Check errno. */
94	#define SL_ESYNC -1038 /* Write error. Check errno. */
95
96	#define SL_EBADNAME -1040 /* Invalid name. */
97	#define SL_ESTAT -1041 /* stat of file failed. Check errno. */
98
99	#define SL_EBADUID -1050 /* Owner not trustworthy. */
100	#define SL_EBADGID -1051 /* Group writeable and not trustworthy.*/
101	#define SL_EBADOTH -1052 /* World writeable. */
102
103	#define SL_TOOMANY -1053 /* Too many open files */
104	#define SL_TIMEOUT -1054 /* Timeout in read */
105	/*
106	* All int functions return SL_NONE on success.
107	*/
108
109	#ifdef __cplusplus
110	extern "C" {
111	#endif
112
113	int dlog (int flag, char * file, int line, const char *fmt, ...);
114
115	char * sl_get_errmsg();
116
117	/* ----------------------------------------------------------------
118	*
119	* Heap consistency routines
120	*
121	* ---------------------------------------------------------------- */
122
123	int sl_test_heap();
124
125	/* ----------------------------------------------------------------
126	*
127	* Capability routines
128	*
129	* ---------------------------------------------------------------- */
130
131	extern int sl_useCaps;
132
133	int sl_drop_cap ();
134	int sl_drop_cap_sub();
135	int sl_get_cap_sub();
136	int sl_drop_cap_qdel();
137	int sl_get_cap_qdel();
138
139	/* ----------------------------------------------------------------
140	*
141	* String handling routines
142	*
143	* ---------------------------------------------------------------- */
144
145	/*
146	* A memset that does not get optimized away
147	*/
148	void sl_memset(void s, int c, size_t n);
149	#undef memset
150	#define memset sl_memset
151
152	/*
153	* Copy src to dst. siz is the length of dst.
154	*/
155	int sl_strlcpy(char * dst, /@null@/const char * src, size_t siz);
156
157	/*
158	* Append src to dst. siz is the length of dst.
159	*/
160	int sl_strlcat(char * dst, /@null@/const char *src, size_t siz);
161
162	/*
163	* An implementation of vsnprintf. va_start/va_end are in the caller
164	* function.
165	*/
166	int sl_vsnprintf(char *str, size_t n,
167	const char *format, va_list vl );
168
169	/*
170	* An implementation of snprintf.
171	*/
172	int sl_snprintf(char *str, size_t n,
173	const char *format, ... );
174
175	/*
176	* A robust drop-in replacement of strncpy. strlcpy is preferable.
177	*/
178	char * sl_strncpy(/@out@/char dst, const char src, size_t size);
179
180	/*
181	* Robust strncat.
182	*/
183	char * sl_strncat(char dst, const char src, size_t n);
184
185	/*
186	* strstr
187	*/
188	char * sl_strstr (const char * haystack, const char * needle);
189
190	/*
191	* robust strncmp replacement
192	*/
193	int sl_strncmp(const char * a, const char * b, size_t n);
194
195	/*
196	* robust strcmp replacement
197	*/
198	int sl_strcmp(const char * a, const char * b);
199
200	/*
201	* robust strlen replacement
202	*/
203	#define sl_strlen(arg) ((arg == NULL) ? 0 : (strlen(arg)))
204
205	/* ----------------------------------------------------------------
206	*
207	* Privilege handling routines
208	*
209	* ---------------------------------------------------------------- */
210
211	/*
212	* ONE OF THE FOLLOWING THREE FUNCTIONS
213	* SHOULD BE CALLED BEFORE ANY OTHER OF THE
214	* UID HANDLING FUNCTIONS.
215	*/
216	int sl_policy_get_user(char username); / drop SUID to <username> */
217	int sl_policy_get_real(char username); / drop privs to <username> */
218	int sl_policy_get_root(void); /* drop SUID to root */
219
220	/*
221	* If not using one of the above, use this function,
222	* and then call sh_unset_suid().
223	* This function saves the uid's.
224	* It calls abort() on error.
225	*/
226	int sl_save_uids(void);
227
228	/*
229	* This function returns the saved euid.
230	* It calls abort() if the uid's are not saved already.
231	*/
232	int sl_get_euid(/@out@/uid_t * ret);
233	uid_t sl_ret_euid();
234
235	/*
236	* This function returns the saved egid.
237	* It calls abort() if the uid's are not saved already.
238	*/
239	int sl_get_egid(/@out@/gid_t * ret);
240
241	/*
242	* This function returns the saved current ruid.
243	* It calls abort() if the uid's are not saved already.
244	*/
245	int sl_get_ruid(/@out@/uid_t * ret);
246
247	/*
248	* This function returns the saved current rgid.
249	* It calls abort() if the uid's are not saved already.
250	*/
251	int sl_get_rgid(gid_t * ret);
252
253	/*
254	* This function returns the saved original ruid.
255	* It calls abort() if the uid's are not saved already.
256	*/
257	int sl_get_ruid_orig(uid_t * ret);
258
259	/*
260	* This function returns the saved original rgid.
261	* It calls abort() if the uid's are not saved already.
262	*/
263	int sl_get_rgid_orig(gid_t * ret);
264
265	/*
266	* This function returns true if the program is SUID.
267	* It calls abort() if the uid's are not saved already.
268	*/
269	int sl_is_suid(void);
270
271	/*
272	* This function sets the effective uid
273	* to the saved effective uid.
274	*/
275	int sl_set_suid (void);
276
277	/*
278	* This function sets the effective uid to the real uid.
279	*/
280	int sl_unset_suid (void);
281
282	/*
283	* This function drops SUID privileges irrevocably.
284	*/
285	int sl_drop_privileges(void);
286
287	/* ----------------------------------------------------------------
288	*
289	* File handling routines
290	*
291	* ---------------------------------------------------------------- */
292
293	SL_TICKET sl_make_ticket (int fd, char * path);
294
295	/* Open for writing.
296	*/
297	SL_TICKET sl_open_write (char * fname, int priviledge_mode);
298
299	/* Open for reading.
300	*/
301	SL_TICKET sl_open_read (char * fname, int priviledge_mode);
302
303	/* Open for reading w/minimum checking.
304	*/
305	SL_TICKET sl_open_fastread (char * fname, int priviledge_mode);
306
307	/* Open for read and write.
308	*/
309	SL_TICKET sl_open_rdwr (char * fname, int priviledge_mode);
310
311	/* Open for read and write, fail if file exists.
312	*/
313	SL_TICKET sl_open_safe_rdwr (char * fname, int priv);
314
315	/* Open for write, truncate.
316	*/
317	SL_TICKET sl_open_write_trunc (char * fname, int priviledge_mode);
318
319	/* Open for read and write, truncate.
320	*/
321	SL_TICKET sl_open_rdwr_trunc (char * fname, int priviledge_mode);
322
323	/* Close file.
324	*/
325	int sl_close (SL_TICKET ticket);
326
327	/* Unlink file.
328	*/
329	int sl_unlink (SL_TICKET ticket);
330
331	/* Rewind file.
332	*/
333	int sl_rewind (SL_TICKET ticket);
334
335	/* Seek file.
336	*/
337	int sl_seek (SL_TICKET ticket, off_t off_data);
338
339	/* Forward file.
340	*/
341	int sl_forward (SL_TICKET ticket);
342
343	/* Sync file.
344	*/
345	int sl_sync (SL_TICKET ticket);
346
347	/* Read file.
348	*/
349	int sl_read (SL_TICKET ticket, void * buf, size_t count);
350
351	int sl_read_timeout (SL_TICKET ticket, void * buf,
352	size_t count, int timeout);
353
354	int sl_read_fast (SL_TICKET ticket, void * buf_in, size_t count);
355
356	/* Write file.
357	*/
358	int sl_write (SL_TICKET ticket, void * msg, long nbytes);
359
360	/* Write file, terminate with newline.
361	*/
362	int sl_write_line (SL_TICKET ticket, void * msg, long nbytes);
363
364	/* Drop all metadata for file descriptors >= fd.
365	*/
366	int sl_dropall(int fd, int except);
367
368	/* Check whether file is trustworthy.
369	*/
370	int sl_trustfile(char * path, uid_t * ok, uid_t * bad);
371
372	/* Check whether file is trustworthy.
373	*/
374	int sl_trustfile_euid(char * filename, uid_t euid);
375
376	/* purge list of trusted users
377	*/
378	int sl_trust_purge_user ();
379
380	/* Add a trusted user.
381	*/
382	int sl_trust_add_user (uid_t pwid);
383
384	/* Get error string.
385	*/
386	char * sl_error_string(int errorcode);
387
388	/* Get error file.
389	*/
390	char * sl_trust_errfile(void);
391
392
393	#ifdef __cplusplus
394	}
395	#endif
396
397	/* Privilege modes for file access.
398	*/
399	#define SL_YESPRIV 0x33
400	#define SL_NOPRIV 0x34
401
402	#define MAXFILENAME 2048
403
404
405	/*
406	* This macro is TRUE if (x) < 0.
407	*/
408	#define SL_ISERROR(x) ((long)(x) < 0)
409
410	#if defined(WITH_TPT)
411	#define TPT(arg) dlog arg ;
412	#else
413	#define TPT(arg)
414	#endif
415
416
417	/*
418	* The 'require' macro.
419	*/
420	#define SL_REQUIRE(assertion, astext) \
421	do { \
422	/@i@/ if (assertion) ; \
423	else { \
424	dlog(0, FIL__, __LINE__, SDG_AFAIL, \
425	FIL__, __LINE__, astext); \
426	_exit(EXIT_FAILURE); \
427	} \
428	} while (0)
429
430
431	/*
432	* The enter macro. Prints the trace if TRACE is on.
433	*/
434	extern int slib_do_trace;
435	extern int slib_trace_fd;
436
437	#if defined(SL_DEBUG)
438	#define SL_ENTER(s) sl_stack_push(s, FIL__, __LINE__);
439	#else
440	#define SL_ENTER(s) if (slib_do_trace != 0) sl_trace_in(s, FIL__, __LINE__);
441	#endif
442
443	/*
444	* The return macro.
445	*/
446	#if defined(SL_DEBUG)
447	#ifndef S_SPLINT_S
448	#define SL_RETURN(x, s) \
449	do { \
450	sl_stack_pop(s, FIL__, __LINE__); \
451	return(x); \
452	} while(0)
453	#else
454	/@notfunction@/
455	#define SL_RETURN(x, s) return(x);
456	#endif /* S_SPLINT_S */
457	#else
458	#ifndef S_SPLINT_S
459	#define SL_RETURN(x, s) \
460	do { \
461	if (slib_do_trace != 0) \
462	sl_trace_out(s, FIL__, __LINE__); \
463	return(x); \
464	} while(0)
465	#else
466	/@notfunction@/
467	#define SL_RETURN(x, s) return(x);
468	#endif /* S_SPLINT_S */
469	#endif /* SL_RETURN macro */
470
471	#if defined(SL_DEBUG)
472	#define SL_RET0(s) \
473	do { \
474	sl_stack_pop(s, FIL__, __LINE__); \
475	return; \
476	} while(0)
477	#else
478	#ifndef S_SPLINT_S
479	#define SL_RET0(s) \
480	do { \
481	if (slib_do_trace != 0) \
482	sl_trace_out(s, FIL__, __LINE__); \
483	return; \
484	} while(0)
485	#else
486	/@notfunction@/
487	#define SL_RET0(s) return;
488	#endif /* S_SPLINT_S */
489	#endif /* SL_RETURN macro */
490
491	#if defined(SL_DEBUG)
492	void sl_stack_push(char * c, char * file, int line);
493	void sl_stack_pop(char * c, char * file, int line);
494	void sl_stack_print();
495	#endif
496	void sl_trace_in (char * str, char * file, int line);
497	void sl_trace_out (char * str, char * file, int line);
498	int sl_trace_file (char * str);
499	int sl_trace_use (char * str);
500
501
502
503
504	/*
505	* The internal return macro. Sets sl_errno to the return value.
506	*/
507
508	#if defined(SL_DEBUG)
509	#define SL_IRETURN(x, s) \
510	do { \
511	if((long)(x) < 0) { \
512	TPT((0, FIL__, __LINE__, SDG_ERROR, (long)(x))) \
513	sl_errno=(x); \
514	} \
515	sl_stack_pop(s, FIL__, __LINE__); \
516	if (1) return(x); \
517	} while(0)
518	#else
519	#define SL_IRETURN(x, s) \
520	do { \
521	if ((long)(x) < 0) sl_errno=(x); \
522	if (slib_do_trace) \
523	sl_trace_out(s, FIL__, __LINE__); \
524	if (1) return(x); \
525	} while(0)
526
527	#endif /* SL_IRETURN macro */
528
529
530
531	/* slib.h */
532	#endif
533
534
535
536

Note: See TracBrowser for help on using the repository browser.

Download in other formats: