Context Navigation

source: trunk/src/sh_tools.c@ 275

Last change on this file since 275 was 252, checked in by katerina, 15 years ago
Add code to check for stale file records on close() and fclose(), fix sl_close() to handle open stream (ticket #163).
File size: 42.3 KB

Line
1	/* SAMHAIN file system integrity testing */
2	/* Copyright (C) 1999, 2000 Rainer Wichmann */
3	/* */
4	/* This program is free software; you can redistribute it */
5	/* and/or modify */
6	/* it under the terms of the GNU General Public License as */
7	/* published by */
8	/* the Free Software Foundation; either version 2 of the License, or */
9	/* (at your option) any later version. */
10	/* */
11	/* This program is distributed in the hope that it will be useful, */
12	/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
13	/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
14	/* GNU General Public License for more details. */
15	/* */
16	/* You should have received a copy of the GNU General Public License */
17	/* along with this program; if not, write to the Free Software */
18	/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20	#include "config_xor.h"
21
22
23	#include <stdio.h>
24	#include <stdlib.h>
25	#include <string.h>
26	#include <ctype.h>
27
28	/* Must be early on FreeBSD
29	*/
30	#include <sys/types.h>
31
32	#ifdef HAVE_MEMORY_H
33	#include <memory.h>
34	#endif
35
36	#ifdef HAVE_SYS_SELECT_H
37	#include <sys/select.h>
38	#endif
39
40	#ifdef HAVE_UNISTD_H
41	#include <errno.h>
42	#include <signal.h>
43	#include <setjmp.h>
44	#include <pwd.h>
45	#include <grp.h>
46	#include <sys/stat.h>
47	#include <sys/resource.h>
48	#include <fcntl.h>
49	#include <sys/wait.h>
50	#include <unistd.h>
51	#endif
52
53	#include <sys/socket.h>
54
55	#ifdef HOST_IS_HPUX
56	#define _XOPEN_SOURCE_EXTENDED
57	#endif
58	#include <netinet/in.h>
59	#include <arpa/inet.h>
60	#include <netdb.h>
61
62	#ifndef FD_SET
63	#define NFDBITS 32
64	#define FD_SET(n, p) ((p)->fds_bits[(n)/NFDBITS] \|= (1 << ((n) % NFDBITS)))
65	#define FD_CLR(n, p) ((p)->fds_bits[(n)/NFDBITS] &= ~(1 << ((n) % NFDBITS)))
66	#define FD_ISSET(n, p) ((p)->fds_bits[(n)/NFDBITS] & (1 << ((n) % NFDBITS)))
67	#endif /* !FD_SET */
68	#ifndef FD_SETSIZE
69	#define FD_SETSIZE 32
70	#endif
71	#ifndef FD_ZERO
72	#define FD_ZERO(p) memset((char )(p), '\0', sizeof((p)))
73	#endif
74
75
76	#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
77	#include <sys/mman.h>
78	#endif
79
80	#define SH_REAL_SET
81
82	#include "samhain.h"
83	#include "sh_mem.h"
84	#include "sh_error.h"
85	#include "sh_tools.h"
86	#include "sh_utils.h"
87	#include "sh_tiger.h"
88	#define SH_NEED_GETHOSTBYXXX
89	#include "sh_static.h"
90	#include "sh_pthread.h"
91
92	#undef FIL__
93	#define FIL__ _("sh_tools.c")
94
95	#ifdef SH_ENCRYPT
96	#include "rijndael-api-fst.h"
97	char * errorExplain (int err_num, char * buffer, size_t len)
98	{
99	char * p;
100
101	if (err_num == BAD_KEY_DIR)
102	p = (_("Key direction is invalid"));
103	else if (err_num == BAD_KEY_MAT)
104	p = (_("Key material not of correct length"));
105	else if (err_num == BAD_KEY_INSTANCE)
106	p = (_("Key passed is not valid"));
107	else if (err_num == BAD_CIPHER_MODE)
108	p = (_("Params struct passed to cipherInit invalid"));
109	else if (err_num == BAD_CIPHER_STATE)
110	p = (_("Cipher in wrong state"));
111	else if (err_num == BAD_BLOCK_LENGTH)
112	p = (_("Bad block length"));
113	else if (err_num == BAD_CIPHER_INSTANCE)
114	p = (_("Bad cipher instance"));
115	else if (err_num == BAD_DATA)
116	p = (_("Data contents are invalid"));
117	else
118	p = (_("Unknown error"));
119	sl_strlcpy (buffer, p, len);
120	return buffer;
121	}
122
123	#endif
124
125	/* --- check for an interface ---
126	*/
127	int sh_tools_iface_is_present(char *str)
128	{
129	struct sockaddr_in sin;
130	int sd;
131
132	memset(&sin, '\0', sizeof(sin));
133	sin.sin_family = AF_INET;
134	if (inet_aton(str, &(sin.sin_addr)))
135	{
136	sin.sin_port = htons(2543);
137
138	if (-1 == (sd = socket(AF_INET, SOCK_STREAM, 0)))
139	{
140	return 0;
141	}
142
143	if (-1 == bind(sd, (struct sockaddr *)&sin, sizeof(sin)))
144	{
145	int retval = 0;
146
147	/* bind() fails for access reasons, iface exists
148	*/
149	if (errno == EACCES \|\| errno == EADDRINUSE)
150	retval = 1;
151	sl_close_fd (FIL__, __LINE__, sd);
152	return retval;
153	}
154
155	/* bind() succeeds, iface exists
156	*/
157	sl_close_fd(FIL__, __LINE__, sd);
158	return 1;
159	}
160	return 0;
161	}
162
163	/* --- recode all \blah escapes to '=XX' format, and also code all
164	* remaining unprintable chars ---
165	*/
166	#define SH_PUT_4(p, a, b, c) (p)[0] = (a); (p)[1] = (b); (p)[2] = (c);
167
168	char * sh_tools_safe_name (const char * instr, int flag)
169	{
170	unsigned char c, d;
171	const char * p;
172	char tmp[4];
173	char * outstr;
174	size_t len = 1;
175	int i = 0;
176	unsigned char val_octal = '\0';
177	static char ctable[16] = { '0', '1', '2', '3', '4', '5', '6', '7',
178	'8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
179
180	SL_ENTER(_("sh_tools_safe_name"));
181
182	if (instr)
183	{
184	len = strlen(instr);
185	if (sl_ok_muls (3, len) && sl_ok_adds ((3*len), 4))
186	{
187	len = (3 * len) + 4;
188	p = instr;
189	}
190	else
191	{
192	len = 1;
193	p = NULL;
194	}
195	}
196	else
197	{
198	p = NULL;
199	}
200
201	outstr = SH_ALLOC(len);
202
203	outstr[0] = '\0';
204	tmp[3] = '\0';
205
206	#if !defined(SH_USE_XML)
207	(void) flag; /* fix compiler warning */
208	#endif
209
210	if (!p)
211	goto end;
212
213	while (*p)
214	{
215	c = *p;
216
217	if (*p == '\n')
218	{
219	outstr[i] = ' '; ++i; ++p;
220	continue;
221	}
222
223	#ifdef SH_USE_XML
224	if (flag == 1)
225	{
226	if ((*p) == '"')
227	{
228	SH_PUT_4(&outstr[i], '=', '2', '2');
229	i+=3; ++p;
230	continue;
231	}
232	else if ((*p) == '&')
233	{
234	SH_PUT_4(&outstr[i], '=', '2', '6');
235	i+=3; ++p;
236	continue;
237	}
238	else if ((*p) == '<')
239	{ /* left angle */
240	SH_PUT_4(&outstr[i], '=', '3', 'c');
241	i+=3; ++p;
242	continue;
243	}
244	else if ((*p) == '>')
245	{ /* right angle */
246	SH_PUT_4(&outstr[i], '=', '3', 'e');
247	i+=3; ++p;
248	continue;
249	}
250	}
251	#endif
252
253	if ( (p) != '\\' && (p) != '&' && (p) != '=' && (p) != '\'')
254	{
255	outstr[i] = *p; ++i;
256	++p;
257
258	if (c < 32 \|\| c > 126)
259	{
260	--i;
261	d = c % 16; c = c / 16;
262	outstr[i] = '='; ++i;
263	outstr[i] = ctable[c]; ++i;
264	outstr[i] = ctable[d]; ++i;
265	}
266
267	continue;
268	}
269	else if ((*p) == '\'')
270	{
271	SH_PUT_4(&outstr[i], '=', '2', '7');
272	i+=3; ++p;
273	}
274	else if (*p == '=')
275	{
276	if (p[1] != '"' && p[1] != '<')
277	{
278	SH_PUT_4(&outstr[i], '=', '3', 'd');
279	i+=3; ++p;
280	}
281	else
282	{ outstr[i] = *p; ++i; ++p; }
283	}
284	else if (*p == '\\')
285	{
286	++p;
287	if (!p)
288	break;
289	if (!(*p))
290	break;
291
292	c = *p;
293
294	switch (*p) {
295	case '\\':
296	SH_PUT_4(&outstr[i], '=', '5', 'c');
297	i+=3; ++p;
298	break;
299	case 'n':
300	SH_PUT_4(&outstr[i], '=', '0', 'a');
301	i+=3; ++p;
302	break;
303	case 'b':
304	SH_PUT_4(&outstr[i], '=', '0', '8');
305	i+=3; ++p;
306	break;
307	case 'r':
308	SH_PUT_4(&outstr[i], '=', '0', 'd');
309	i+=3; ++p;
310	break;
311	case 't':
312	SH_PUT_4(&outstr[i], '=', '0', '9');
313	i+=3; ++p;
314	break;
315	case 'v':
316	SH_PUT_4(&outstr[i], '=', '0', 'b');
317	i+=3; ++p;
318	break;
319	case 'f':
320	SH_PUT_4(&outstr[i], '=', '0', 'c');
321	i+=3; ++p;
322	break;
323	case '\'':
324	SH_PUT_4(&outstr[i], '=', '2', '7');
325	i+=3; ++p;
326	break;
327	case '"': /* also encode quoted '"' */
328	SH_PUT_4(&outstr[i], '=', '2', '2');
329	i+=3; ++p;
330	break;
331	case ' ':
332	SH_PUT_4(&outstr[i], '=', '2', '0');
333	i+=3; ++p;
334	break;
335	default:
336	if (strlen(p) < 3) /* certainly not an octal number, skip */
337	{
338	p += strlen(p);
339	}
340	else
341	{
342	tmp[0] = p[0]; tmp[1] = p[1]; tmp[2] = p[2];
343	val_octal = (unsigned char) strtoul(tmp, (char **)NULL, 8);
344	if (val_octal != '\0') {
345	c = val_octal;
346	d = c % 16; c = c / 16;
347	outstr[i] = '='; ++i;
348	outstr[i] = ctable[c]; ++i;
349	outstr[i] = ctable[d]; ++i;
350	}
351	p += 3;
352	}
353	}
354	}
355	else if (*p == '&')
356	{
357	++p;
358	if (!p \|\| !(*p))
359	{
360	outstr[i] = '&'; ++i;
361	break;
362	}
363
364	if (p[0] == 'a' && p[1] == 'm' && p[2] == 'p' && p[3] == ';')
365	{
366	SH_PUT_4(&outstr[i], '=', '2', '6');
367	i+=3; p += 4;
368	}
369	else if (p[0] == 'q' && p[1] == 'u' && p[2] == 'o' && p[3] == 't' &&
370	p[4] == ';')
371	{
372	SH_PUT_4(&outstr[i], '=', '2', '2');
373	i+=3; p += 5;
374	}
375	else if (p[0] == 'l' && p[1] == 't' && p[2] == ';')
376	{
377	SH_PUT_4(&outstr[i], '=', '3', 'c');
378	i+=3; p += 3;
379	}
380	else if (p[0] == 'g' && p[1] == 't' && p[2] == ';')
381	{
382	SH_PUT_4(&outstr[i], '=', '3', 'e');
383	i+=3; p += 3;
384	}
385	else /* conserve the '&' */
386	{
387	outstr[i] = '&'; ++i;
388	}
389	}
390	else
391	{
392	outstr[i] = *p; ++i;
393	++p;
394	}
395	} /* while (p && p) /
396
397	end:
398
399	outstr[i] = '\0';
400	SL_RETURN( outstr, _("sh_tools_safe_name"));
401	}
402
403
404	/* extern int h_errno; */
405
406	char * sh_tools_errmessage (int tellme, char * errbuf, size_t len)
407	{
408	char * p = NULL;
409	#ifdef HOST_NOT_FOUND
410	if (tellme == HOST_NOT_FOUND)
411	p = _("The specified host is unknown: ");
412	#endif
413	#ifdef NO_ADDRESS
414	if (tellme == NO_ADDRESS)
415	p = _("The requested name is valid but does not have an IP address: ");
416	#endif
417	#ifdef NO_RECOVERY
418	if (tellme == NO_RECOVERY)
419	p = _("A non-recoverable name server error occurred: ");
420	#endif
421	#ifdef TRY_AGAIN
422	if (tellme == TRY_AGAIN)
423	p = _("A temporary error occurred on an authoritative name server. The specified host is unknown: ");
424	#endif
425	if (!p) p = _("Unknown error");
426	sl_strlcpy(errbuf, p, len);
427	return errbuf;
428	}
429
430	int is_numeric (const char * address)
431	{
432	int j;
433	int len = sl_strlen(address);
434
435	for (j = 0; j < len; ++j)
436	if ( (address[j] < '0' \|\| address[j] > '9') && address[j] != '.')
437	return (1 == 0);
438	return (1 == 1);
439	}
440
441	#if defined (SH_WITH_SERVER)
442
443	int get_open_max ()
444	{
445	int value;
446
447	#ifdef _SC_OPEN_MAX
448	value = sysconf (_SC_OPEN_MAX);
449	#else
450	#ifdef OPEN_MAX
451	value = OPEN_MAX;
452	#else
453	value = _POSIX_OPEN_MAX;
454	#endif
455	#endif
456
457	if (value < 0)
458	value = 8; /* POSIX lower limit */
459
460	if (value > 4096)
461	value = 4096;
462
463	return value;
464	}
465
466	#endif
467
468	typedef struct _sin_cache {
469	char * address;
470	struct sockaddr_in sin;
471	struct _sin_cache * next;
472	} sin_cache;
473
474	static sin_cache * conn_cache = NULL;
475	static int cached_addr = 0;
476
477	void delete_cache()
478	{
479	sin_cache * check_cache = conn_cache;
480	sin_cache * old_entry = conn_cache;
481
482	SL_ENTER(_("delete_cache"));
483
484	while (check_cache != NULL)
485	{
486	old_entry = check_cache;
487	check_cache = check_cache->next;
488	SH_FREE(old_entry->address);
489	SH_FREE(old_entry);
490	}
491
492	cached_addr = 0;
493
494	conn_cache = NULL;
495	SL_RET0(_("delete_cache"));
496	}
497
498	int DoReverseLookup = S_TRUE;
499
500	int set_reverse_lookup (const char * c)
501	{
502	return sh_util_flagval(c, &DoReverseLookup);
503	}
504
505	int connect_port (char * address, int port,
506	char * ecall, int * errnum, char * errmsg, int errsiz)
507	{
508	struct in_addr haddr; /* host address from numeric */
509	/* host details returned by the DNS */
510	struct hostent *host_entry = NULL;
511	struct sockaddr_in sinr; /* socket to the remote host */
512
513	char * host_name;
514
515	volatile int fd = (-1);
516	int status;
517	volatile int fail = 0;
518	int cached = 0;
519
520	int retval;
521	char errbuf[SH_ERRBUF_SIZE];
522
523	sin_cache * check_cache = conn_cache;
524
525	SL_ENTER(_("connect_port"));
526
527	/* paranoia -- should not happen
528	*/
529	if (cached_addr > 128)
530	delete_cache();
531
532	if (check_cache != NULL)
533	{
534	while (check_cache && check_cache->address)
535	{
536	if ( 0 == sl_strncmp(check_cache->address,
537	address, sl_strlen(address)))
538	{
539	memcpy (&sinr, &(check_cache->sin), sizeof(struct sockaddr_in));
540	sinr.sin_family = AF_INET;
541	sinr.sin_port = htons (port);
542	cached = 1;
543	break;
544	}
545	if (check_cache->next)
546	check_cache = check_cache->next;
547	else
548	check_cache = NULL;
549	}
550	}
551
552	/* only use gethostbyname() if neccessary
553	*/
554	if (cached == 0)
555	{
556	#ifdef HAVE_INET_ATON
557	if (0 == inet_aton(address, &haddr))
558	#else
559	if ((unsigned long)-1 == (haddr.s_addr = inet_addr(address)))
560	#endif
561	{
562	SH_MUTEX_LOCK(mutex_resolv);
563
564	host_name = NULL;
565
566	host_entry = sh_gethostbyname(address);
567
568	if (host_entry == NULL \|\| host_entry->h_addr == NULL)
569	{
570	sl_strlcpy(ecall, _("gethostbyname"), SH_MINIBUF);
571	#ifndef NO_H_ERRNO
572	*errnum = h_errno;
573	#else
574	*errnum = 666;
575	#endif
576	(void) sh_tools_errmessage (*errnum, errmsg, errsiz);
577	sl_strlcat(errmsg, address, errsiz);
578	fail = (-1);
579	}
580	else
581	{
582	sinr.sin_family = AF_INET;
583	sinr.sin_port = htons (port);
584	sinr.sin_addr = (struct in_addr ) host_entry->h_addr;
585
586
587	/* reverse DNS lookup
588	*/
589	if (DoReverseLookup == S_TRUE)
590	{
591	if (host_entry->h_name == NULL)
592	{
593	host_name = SH_ALLOC(1);
594	host_name[0] = '\0';
595	}
596	else
597	{
598	host_name = sh_util_strdup(host_entry->h_name);
599	}
600
601	host_entry = sh_gethostbyaddr ((char *) &sinr.sin_addr,
602	sizeof(struct in_addr),
603	AF_INET);
604	if (host_entry == NULL \|\| host_entry->h_name == NULL)
605	{
606	sl_strlcpy(ecall, _("gethostbyaddr"), SH_MINIBUF);
607	#ifndef NO_H_ERRNO
608	*errnum = h_errno;
609	#else
610	*errnum = 666;
611	#endif
612	(void) sh_tools_errmessage (*errnum, errmsg, errsiz);
613	sl_strlcat(errmsg,
614	inet_ntoa ((struct in_addr ) &(sinr.sin_addr)),
615	errsiz);
616	fail = (-1);
617	}
618	else
619	{
620	*errnum = 0;
621	if (sl_strlen(host_entry->h_name) == 0 \|\|
622	(*errnum = sl_strcasecmp(host_name,host_entry->h_name)) != 0)
623	{
624	if (*errnum)
625	sl_strlcpy(ecall, _("strcmp"), SH_MINIBUF);
626	else
627	sl_strlcpy(ecall, _("strlen"), SH_MINIBUF);
628	sl_strlcpy(errmsg, _("Reverse lookup failed: "),
629	errsiz);
630	sl_strlcat(errmsg, address, errsiz);
631	sl_strlcat(errmsg, _(" vs "), errsiz);
632	sl_strlcat(errmsg,
633	inet_ntoa ((struct in_addr ) &(sinr.sin_addr)),
634	errsiz);
635	fail = -1;
636	}
637	}
638	}
639	}
640	SH_MUTEX_UNLOCK(mutex_resolv);
641	if (host_name) SH_FREE(host_name);
642	}
643
644	else /* address was numeric */
645	{
646	sinr.sin_family = AF_INET;
647	sinr.sin_port = htons (port);
648	sinr.sin_addr = haddr;
649	}
650
651
652	if (fail != -1)
653	{
654	/* put it into the cache
655	*/
656	check_cache = SH_ALLOC(sizeof(sin_cache));
657	check_cache->address = SH_ALLOC(sl_strlen(address) + 1);
658	sl_strlcpy (check_cache->address, address, sl_strlen(address) + 1);
659	memcpy(&(check_cache->sin), &sinr, sizeof(struct sockaddr_in));
660	++cached_addr;
661
662	if (conn_cache)
663	{
664	if (conn_cache->next)
665	check_cache->next = conn_cache->next;
666	else
667	check_cache->next = NULL;
668	conn_cache->next = check_cache;
669	}
670	else
671	{
672	check_cache->next = NULL;
673	conn_cache = check_cache;
674	}
675	}
676	}
677
678
679	if (fail != (-1))
680	{
681	fd = socket(AF_INET, SOCK_STREAM, 0);
682	if (fd < 0) {
683	fail = (-1);
684	status = errno;
685	sl_strlcpy(ecall, _("socket"), SH_MINIBUF);
686	*errnum = status;
687	sl_strlcpy(errmsg, sh_error_message (status, errbuf, sizeof(errbuf)), errsiz);
688	sl_strlcat(errmsg, _(", address "), errsiz);
689	sl_strlcat(errmsg, address, errsiz);
690	}
691	}
692
693	if (fail != (-1)) {
694
695	if ( retry_connect(FIL__, __LINE__, fd,
696	(struct sockaddr *) &sinr, sizeof(sinr)) < 0)
697	{
698	status = errno;
699	sl_strlcpy(ecall, _("connect"), SH_MINIBUF);
700	*errnum = status;
701	sl_strlcpy(errmsg, sh_error_message (status, errbuf, sizeof(errbuf)), errsiz);
702	sl_strlcat(errmsg, _(", address "), errsiz);
703	sl_strlcat(errmsg, address, errsiz);
704	sl_close_fd(FIL__, __LINE__, fd);
705	fail = (-1);
706	}
707	}
708
709	retval = (fail < 0) ? (-1) : fd;
710	SL_RETURN(retval, _("connect_port"));
711	}
712
713	int connect_port_2 (char * address1, char * address2, int port,
714	char * ecall, int * errnum, char * errmsg, int errsiz)
715	{
716	int retval = (-1);
717
718	SL_ENTER(_("connect_port_2"));
719
720	errmsg[0] = '\0';
721	*errnum = 0;
722
723	if (address1 != NULL && address1[0] != '\0')
724	retval = connect_port (address1, port,
725	ecall, errnum,
726	errmsg, errsiz);
727
728	if (retval < 0 && address2 != NULL && address2[0] != '\0')
729	{
730	/* can't use sh_error_handle here, as this would cause an infinite
731	* loop if called from sh_unix_time
732	*/
733	TPT(( 0, FIL__, __LINE__, _("msg=<Using alternative server %s.>\n"),
734	address2));
735	retval = connect_port (address2, port,
736	ecall, errnum,
737	errmsg, errsiz);
738	}
739
740	if ((retval < 0) &&
741	(address1 == NULL \|\| address1[0] == '\0') &&
742	(address1 == NULL \|\| address1[0] == '\0'))
743	{
744	sl_strlcpy(ecall, _("connect_port_2"), SH_MINIBUF);
745	sl_strlcpy(errmsg, _("No server address known"), errsiz);
746	}
747	SL_RETURN(retval, _("connect_port_2"));
748	/* return retval; */
749	}
750
751	#if defined(HAVE_NTIME) \|\| defined(SH_WITH_CLIENT) \|\| defined(SH_WITH_SERVER)
752	static
753	int sh_write_select(int type, int sockfd,
754	char *buf, int nbytes,
755	int * w_error, int timeout)
756	{
757	int countbytes, count;
758	fd_set fds;
759	struct timeval tv;
760	int select_now;
761	int num_sel;
762
763	struct sigaction new_act;
764	struct sigaction old_act;
765	char errbuf[SH_ERRBUF_SIZE];
766
767	SL_ENTER(_("sh_write_select"));
768
769	/* ignore SIGPIPE (instead get EPIPE if connection is closed)
770	*/
771	new_act.sa_handler = SIG_IGN;
772	sigemptyset( &new_act.sa_mask ); /* set an empty mask */
773	new_act.sa_flags = 0; /* init sa_flags */
774	sigaction (SIGPIPE, &new_act, &old_act);
775
776	FD_ZERO(&fds);
777	FD_SET(sockfd, &fds);
778
779	countbytes = 0;
780	tv.tv_sec = 1;
781	tv.tv_usec = 0;
782	select_now = 0;
783
784	*w_error = 0;
785
786	while ( countbytes < nbytes ) {
787
788	FD_ZERO(&fds);
789	FD_SET(sockfd, &fds);
790
791	if (type == SH_DO_WRITE)
792	{
793	if ( (num_sel = select (sockfd+1, NULL, &fds, NULL, &tv)) == -1)
794	{
795	if (sig_raised == 1)
796	{
797	sig_raised = 2;
798	continue;
799	}
800	if ( errno == EINTR \|\| errno == EINPROGRESS ) /* try again */
801	continue;
802	*w_error = errno;
803	sigaction (SIGPIPE, &old_act, NULL);
804	sh_error_message(*w_error, errbuf, sizeof(errbuf));
805	sh_error_handle (SH_ERR_INFO, FIL__, __LINE__, errno, MSG_E_SUBGEN,
806	errbuf,
807	_("sh_write_select (ws)") );
808	TPT(( 0, FIL__, __LINE__, _("msg=<select: %s>\n"), errbuf ));
809	SL_RETURN( countbytes, _("sh_write_select"));
810	}
811	}
812	else
813	{
814	if ( (num_sel = select (sockfd+1, &fds, NULL, NULL, &tv)) == -1)
815	{
816	if (sig_raised == 1)
817	{
818	sig_raised = 2;
819	continue;
820	}
821	if ( errno == EINTR \|\| errno == EINPROGRESS ) /* try again */
822	continue;
823	*w_error = errno;
824	sigaction (SIGPIPE, &old_act, NULL);
825	sh_error_message(*w_error, errbuf, sizeof(errbuf));
826	sh_error_handle (SH_ERR_INFO, FIL__, __LINE__, errno, MSG_E_SUBGEN,
827	errbuf,
828	_("sh_write_select (rs)") );
829	TPT(( 0, FIL__, __LINE__, _("msg=<select: %s>\n"), errbuf ));
830	SL_RETURN( countbytes, _("sh_write_select"));
831	}
832	}
833
834	/* on Linux, timeout is modified to reflect the amount of
835	* time not slept
836	*/
837	tv.tv_sec = 1;
838	tv.tv_usec = 0;
839
840
841	/* let's not hang on forever
842	*/
843	if (num_sel == 0)
844	{
845	++select_now; /* timeout */
846	if ( select_now > timeout ) /* 5 minutes */
847	{
848	#ifdef ETIMEDOUT
849	*w_error = ETIMEDOUT;
850	#else
851	*w_error = 0;
852	#endif
853	sigaction (SIGPIPE, &old_act, NULL);
854	TPT(( 0, FIL__, __LINE__, _("msg=<Timeout>\n")));
855	SL_RETURN( countbytes, _("sh_write_select"));
856	}
857	}
858
859	if ( FD_ISSET (sockfd, &fds) )
860	{
861	if (type == SH_DO_WRITE)
862	count = write (sockfd, buf, nbytes-countbytes);
863	else
864	count = read (sockfd, buf, nbytes-countbytes);
865
866	if (count > 0)
867	{
868	countbytes += count;
869	buf += count; /* move buffer pointer forward */
870	if (countbytes < nbytes) FD_SET( sockfd, &fds );
871	}
872	else if (count < 0 && errno == EINTR)
873	{
874	FD_SET( sockfd, &fds );
875	}
876	else if (count < 0)
877	{
878	*w_error = errno;
879	sigaction (SIGPIPE, &old_act, NULL);
880	sh_error_message(*w_error, errbuf, sizeof(errbuf));
881	sh_error_handle (SH_ERR_INFO, FIL__, __LINE__, errno, MSG_E_SUBGEN,
882	errbuf,
883	(type == SH_DO_WRITE) ?
884	_("sh_write_select (w)") : _("sh_write_select (r)"));
885	TPT(( 0, FIL__, __LINE__, _("msg=<count < 0>\n")));
886	SL_RETURN( countbytes, _("sh_write_select"));
887	}
888	else /* count == 0 */
889	{
890	*w_error = errno;
891	sigaction (SIGPIPE, &old_act, NULL);
892	TPT(( 0, FIL__, __LINE__, _("msg=<count == 0>\n")));
893	SL_RETURN( countbytes, _("sh_write_select"));
894	}
895	}
896	}
897
898
899	/* restore signal handler
900	*/
901	sigaction (SIGPIPE, &old_act, NULL);
902
903	*w_error = 0;
904
905	TPT(( 0, FIL__, __LINE__, _("msg=<count = %d>\n"), countbytes));
906	SL_RETURN( countbytes, _("sh_write_select"));
907	}
908	#endif
909
910	#if defined (SH_WITH_CLIENT) \|\| defined(SH_WITH_SERVER)
911	unsigned long write_port (int sockfd, char *buf, unsigned long nbytes,
912	int * w_error, int timeout)
913	{
914	unsigned long bytes;
915
916	SL_ENTER(_("write_port"));
917
918	bytes = sh_write_select(SH_DO_WRITE, sockfd, buf, nbytes, w_error, timeout);
919	if (*w_error != 0)
920	{
921	char errbuf[SH_ERRBUF_SIZE];
922	sh_error_handle((-1), FIL__, __LINE__, *w_error, MSG_TCP_NETRP,
923	sh_error_message (*w_error, errbuf, sizeof(errbuf)),
924	(long) sockfd, _("write_port"));
925	}
926	SL_RETURN( bytes, _("write_port"));
927	}
928	#endif
929
930	#if defined(HAVE_NTIME) \|\| defined(SH_WITH_CLIENT) \|\| defined(SH_WITH_SERVER)
931
932	unsigned long read_port (int sockfd, char *buf, unsigned long nbytes,
933	int * w_error, int timeout)
934	{
935	unsigned long bytes;
936
937	SL_ENTER(_("read_port"));
938
939	bytes = sh_write_select(SH_DO_READ, sockfd, buf, nbytes, w_error, timeout);
940	if (*w_error != 0)
941	{
942	char errbuf[SH_ERRBUF_SIZE];
943	sh_error_handle((-1), FIL__, __LINE__, *w_error, MSG_TCP_NETRP,
944	sh_error_message (*w_error, errbuf, sizeof(errbuf)),
945	(long) sockfd, _("read_port"));
946	}
947	SL_RETURN( bytes, _("read_port"));
948	}
949	#endif
950
951	#if defined(SH_WITH_CLIENT) \|\| defined(SH_WITH_SERVER)
952
953	int check_request_nerr (char * have, char * need)
954	{
955	SL_ENTER(_("check_request_nerr"));
956	ASSERT_RET((have != NULL && need != NULL),
957	_("have != NULL && need != NULL"), (-1))
958
959	if ( (have[0] == need[0]) && (have[1] == need[1]) &&
960	(have[2] == need[2]) && (have[3] == need[3]))
961	SL_RETURN(0, _("check_request_nerr"));
962	SL_RETURN((-1), _("check_request_nerr"));
963	}
964	#endif
965
966	#if defined (SH_WITH_CLIENT) \|\| defined(SH_WITH_SERVER)
967
968	int check_request (char * have, char * need)
969	{
970	char first[21], second[5];
971	int i;
972
973	SL_ENTER(_("check_request"));
974	i = check_request_nerr (have, need);
975
976	if (i == 0)
977	SL_RETURN(0, _("check_request"));
978
979	for (i = 0; i < 4; ++i)
980	{
981	second[i] = need[i];
982	sprintf(&first[i4], _("%c%03o"), / known to fit */
983	'\\', (unsigned char) have[i]);
984	}
985
986	first[20] = '\0'; second[4] = '\0';
987
988	sh_error_handle((-1), FIL__, __LINE__, EINVAL, MSG_E_NETST,
989	second, first);
990	SL_RETURN((-1), _("check_request"));
991	}
992	#endif
993
994	#if defined (SH_WITH_SERVER)
995
996	int check_request_s (char * have, char * need, char * clt)
997	{
998	char first[21], second[5];
999	int i;
1000
1001	SL_ENTER(_("check_request_s"));
1002	i = check_request_nerr (have, need);
1003
1004	if (i == 0)
1005	SL_RETURN( (0), _("check_request_s"));
1006
1007	for (i = 0; i < 4; ++i)
1008	{
1009	second[i] = need[i];
1010	sprintf(&first[i4], _("%c%03o"), / known to fit */
1011	'\\', (unsigned char) have[i]);
1012	}
1013	first[20] = '\0'; second[4] = '\0';
1014	sh_error_handle((-1), FIL__, __LINE__, EINVAL, MSG_E_NETST1,
1015	second, first, clt);
1016	SL_RETURN( (-1), _("check_request_s"));
1017	}
1018	#endif
1019
1020	#if defined (SH_WITH_CLIENT) \|\| defined (SH_WITH_SERVER)
1021
1022	void get_header (unsigned char * head, unsigned long * bytes, char * u)
1023	{
1024	SL_ENTER(_("get_header"));
1025
1026	*bytes =
1027	(256 * (unsigned int)head[1] + (unsigned int)head[2]);
1028
1029	if (u != NULL)
1030	{
1031	u[0] = head[3];
1032	u[1] = head[4];
1033	u[2] = head[5];
1034	u[3] = head[6];
1035	u[4] = '\0';
1036	}
1037
1038	SL_RET0(_("get_header"));
1039	}
1040	#endif
1041
1042	#if defined(SH_WITH_CLIENT) \|\| defined(SH_WITH_SERVER)
1043
1044	#ifdef SH_ENCRYPT_2
1045	#define TRANS_BYTES 65120
1046	#else
1047	#define TRANS_BYTES 65280
1048	#endif
1049
1050	void put_header (unsigned char * head, int protocol,
1051	unsigned long * length, char * u)
1052	{
1053
1054	/* static long transfer_limit = (8 * SH_BUFSIZE); V0.8 */
1055	static unsigned long transfer_limit = TRANS_BYTES + 6 + KEY_LEN;
1056
1057	SL_ENTER(_("put_header"));
1058
1059	head[0] = protocol;
1060
1061	ASSERT((length < transfer_limit), _("length < transfer_limit"))
1062
1063	if (*length > transfer_limit)
1064	*length = transfer_limit;
1065
1066	head[1] = (unsigned int)(*length/256);
1067	head[2] = (unsigned int)(length-256 head[1]);
1068	if (u == NULL)
1069	{
1070	head[3] = 0x01;
1071	head[4] = 0x01;
1072	head[5] = 0x01;
1073	head[6] = 0x01;
1074	}
1075	else
1076	{
1077	head[3] = u[0];
1078	head[4] = u[1];
1079	head[5] = u[2];
1080	head[6] = u[3];
1081	}
1082
1083	SL_RET0(_("put_header"));
1084	}
1085	#endif
1086
1087	/* ------------------------------------------
1088	*
1089	* version 2 client/server protocol
1090	*
1091	* ------------------------------------------
1092	*
1093	* header : flag size[2]
1094	*
1095	* payload: random_pad[8] protocol[4] size[4] payload[payload_size] padding
1096	*
1097	* full_size <= 8192; payload_size <= 8176 (51116); msg_size <= 8128 (50816)
1098	* (msg_size = payload_size - key_len = payload_size - 48)
1099	*/
1100
1101	/*
1102	* only SH_V2_FULLSIZE is used, and only once
1103	*/
1104	#if 0
1105	#ifdef SH_WITH_SERVER
1106	#define SH_V2_FULLSIZE 240
1107	#define SH_V2_PAYLOAD 224
1108	#define SH_V2_MESSAGE 176
1109	#else
1110	#define SH_V2_FULLSIZE 1024
1111	#define SH_V2_PAYLOAD 1008
1112	#define SH_V2_MESSAGE 960
1113	#endif
1114	#endif
1115	#define SH_V2_FULLSIZE 1024
1116
1117	#ifdef SH_ENCRYPT
1118	#include "rijndael-api-fst.h"
1119	#endif
1120
1121	void sh_tools_show_header (unsigned char * head, char sign)
1122	{
1123	#define SH_IS_ASCII(c) (((c) & ~0x7f) == 0)
1124
1125
1126	int msg_size = (256 * (unsigned int)head[1] + (unsigned int)head[2]);
1127	char code[32];
1128	char * p = &code[0];
1129
1130	memset (code, ' ', 32); /* space */
1131
1132	if ((head[0] & SH_PROTO_SRP) != 0) { p[0]='S';p[1]='R';p[2]='P';}
1133	p += 4;
1134	if ((head[0] & SH_PROTO_MSG) != 0) { p[0]='M';p[1]='S';p[2]='G';}
1135	p += 4;
1136	if ((head[0] & SH_PROTO_BIG) != 0) { p[0]='B';p[1]='I';p[2]='G';}
1137	p += 4;
1138	if ((head[0] & SH_PROTO_END) != 0) { p[0]='E';p[1]='N';p[2]='D';}
1139	p += 4;
1140	if ((head[0] & SH_PROTO_ENC) != 0) { p[0]='E';p[1]='N';p[2]='C';}
1141	p += 4;
1142	if ((head[0] & SH_PROTO_EN2) != 0) { p[0]='E';p[1]='N';p[2]='2';}
1143	code[23] = '\0';
1144
1145	if (SH_IS_ASCII(head[3]) && isalpha(head[3]) &&
1146	SH_IS_ASCII(head[4]) && isalpha(head[4]) &&
1147	SH_IS_ASCII(head[5]) && isalpha(head[5]) &&
1148	SH_IS_ASCII(head[6]) && isalpha(head[6])) {
1149	fprintf(stderr, "%c %3o %s %5d %c %c %c %c\n", sign,
1150	head[0], code, msg_size, head[3], head[4], head[5], head[6]);
1151	} else {
1152	fprintf(stderr, "%c %3o %s %5d %2X %2X %2X %2X\n", sign,
1153	head[0], code, msg_size, head[3], head[4], head[5], head[6]);
1154	}
1155	return;
1156	}
1157
1158	#ifdef SH_ENCRYPT
1159	/*
1160	* #define DEBUG_EN2
1161	*
1162	* ingest version 1 7-byte header and payload, return version2 header/payload
1163	* last 4 bytes of outgoing header are set to dummy value
1164	*/
1165	char * sh_tools_makePack (unsigned char * header,
1166	char * payload, unsigned long payload_size,
1167	keyInstance * keyInstE)
1168	{
1169	UINT32 rpad[3];
1170	unsigned char head[16];
1171	double epad;
1172	unsigned long i_epad = 0;
1173	unsigned long i_blk = payload_size / 16;
1174	unsigned long i_blkmax = SH_V2_FULLSIZE / 16;
1175	unsigned long pads = 0;
1176	size_t full_size;
1177	char * full_ret;
1178
1179	char * p;
1180	RIJ_BYTE inBlock[B_SIZ];
1181	RIJ_BYTE outBlock[B_SIZ];
1182	int j;
1183	cipherInstance cipherInst;
1184	int err_num;
1185	int blkfac;
1186	int oflow = 0;
1187
1188	/*
1189	SL_REQUIRE (i_blk*16 == payload_size, _("payload_size % 16 != 0"));
1190	*/
1191	if ((i_blk * 16) != payload_size) ++i_blk;
1192	#ifdef DEBUG_EN2
1193	fprintf(stderr, "SEND <%d> blocks <%d>\n", payload_size, i_blk);
1194	#endif
1195	/* random_pad
1196	*/
1197	rpad[1] = taus_get ();
1198	memcpy (head, &rpad[1], 4);
1199	rpad[0] = taus_get ();
1200	memcpy (&head[4], &rpad[0], 4);
1201	rpad[2] = taus_get ();
1202	memcpy (&head[8], &rpad[2], 4);
1203
1204	/* protocol
1205	*/
1206	/* memcpy (&head[8], &header[3], 4); */
1207
1208	/* size (payload)
1209	*/
1210	head[12] = header[1];
1211	head[13] = header[2];
1212	head[14] = '\0';
1213	head[15] = '\0';
1214
1215	if (i_blk < i_blkmax)
1216	{
1217	pads = i_blkmax - i_blk;
1218	/* memcpy((char ) &rpad[2], &head[12], 4); /
1219	epad = taus_get_double (&rpad);
1220	#ifdef DEBUG_EN2
1221	fprintf(stderr, "PAD1 <%d> <%f>\n", pads, epad);
1222	#endif
1223	i_epad = (unsigned long) (pads * epad);
1224	#ifdef DEBUG_EN2
1225	fprintf(stderr, "PAD2 <%d> <%d>\n", i_epad, (i_epad*16));
1226	#endif
1227	}
1228
1229	full_size = 16; /* head */
1230	if (sl_ok_muls(i_blk, 16) && sl_ok_adds(full_size, (i_blk*16)))
1231	full_size = full_size + (i_blk16); / payload */
1232	else
1233	oflow = 1;
1234	if (sl_ok_adds(full_size, (i_epad*16)))
1235	full_size = full_size + (i_epad16); / pad */
1236	else
1237	i_epad = 0;
1238
1239	if (oflow)
1240	{
1241	sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
1242	_("integer overflow"),
1243	_("sh_tools_makePack"));
1244	}
1245
1246	full_ret = SH_ALLOC(full_size);
1247	memcpy(full_ret, head, 16);
1248	if (payload != NULL && !oflow)
1249	{
1250	memcpy(&full_ret[16], payload, payload_size);
1251	}
1252	if ((i_blk*16) > payload_size && !oflow)
1253	{
1254	#ifdef DEBUG_EN2
1255	fprintf(stderr, "SEN2 <%d>\n", (i_blk*16) - payload_size);
1256	#endif
1257	memset(&full_ret[16+payload_size], '\0', (i_blk*16) - payload_size);
1258	payload_size = i_blk * 16;
1259	}
1260	memset(&full_ret[16+payload_size], '\0', i_epad*16);
1261	#ifdef DEBUG_EN2
1262	fprintf(stderr, "SEN3 <%d> <%d>\n", full_size, i_epad*16);
1263	#endif
1264
1265	/* rewrite header
1266	*/
1267	header[1] = (unsigned int)(full_size/256);
1268	header[2] = (unsigned int)(full_size - (256 * header[1]));
1269	/* don't erase protocol from header
1270	memset(&header[3], '\0', 4);
1271	*/
1272	p = full_ret; blkfac = full_size / 16;
1273
1274	err_num = cipherInit (&cipherInst, MODE_CBC, NULL);
1275
1276	if (err_num < 0)
1277	{
1278	char expbuf[SH_ERRBUF_SIZE];
1279	sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
1280	errorExplain(err_num, expbuf, sizeof(expbuf)),
1281	_("sh_tools_makePack: cipherInit"));
1282	}
1283	for (j = 0; j < blkfac; ++j)
1284	{
1285	memcpy(inBlock, p, B_SIZ);
1286	err_num = blockEncrypt(&cipherInst, keyInstE,
1287	inBlock, 128 * BNUM, outBlock);
1288	if (err_num < 0)
1289	{
1290	char expbuf[SH_ERRBUF_SIZE];
1291	sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
1292	errorExplain(err_num, expbuf, sizeof(expbuf)),
1293	_("sh_tools_makePack: blockEncrypt"));
1294	}
1295	memcpy(p, outBlock, B_SIZ);
1296	p += B_SIZ;
1297	}
1298
1299	return full_ret;
1300	}
1301
1302	/* write a 7-byte header and return payload as expected by version 1
1303	* last 4 bytes of incoming header are dummy
1304	*/
1305	char * sh_tools_revertPack (unsigned char * header, char * message,
1306	keyInstance * keyInstD,
1307	unsigned long message_size)
1308	{
1309	unsigned long msg_size;
1310	char * msg_ret;
1311
1312	char * p;
1313	RIJ_BYTE inBlock[B_SIZ];
1314	RIJ_BYTE outBlock[B_SIZ];
1315	int j;
1316	cipherInstance cipherInst;
1317	int err_num;
1318	int blkfac;
1319	char expbuf[SH_ERRBUF_SIZE];
1320
1321	msg_size = (256 * (unsigned int)header[1] + (unsigned int)header[2]);
1322	#ifdef DEBUG_EN2
1323	fprintf(stderr, "RECV <%lu>\n", msg_size);
1324	#endif
1325	if (msg_size > message_size) {
1326	msg_size = message_size;
1327	#ifdef DEBUG_EN2
1328	fprintf(stderr, "RECV TRUNC1 <%lu>\n", msg_size);
1329	#endif
1330	}
1331
1332	p = message; blkfac = msg_size / 16;
1333
1334	err_num = cipherInit (&cipherInst, MODE_CBC, NULL);
1335
1336	if (err_num < 0)
1337	{
1338	sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
1339	errorExplain(err_num, expbuf, sizeof(expbuf)),
1340	_("sh_tools_revertPack: cipherInit"));
1341	}
1342	for (j = 0; j < blkfac; ++j)
1343	{
1344	memcpy(inBlock, p, B_SIZ);
1345	err_num = blockDecrypt(&cipherInst, keyInstD,
1346	inBlock, 128 * BNUM, outBlock);
1347	if (err_num < 0)
1348	{
1349	sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
1350	errorExplain(err_num, expbuf, sizeof(expbuf)),
1351	_("sh_tools_revertPack: blockDecrypt"));
1352	}
1353	memcpy(p, outBlock, B_SIZ);
1354	p += B_SIZ;
1355	}
1356
1357	/* rewrite size in header
1358	*/
1359	header[1] = message[12];
1360	header[2] = message[13];
1361	msg_size = (256 * (unsigned int)header[1] + (unsigned int)header[2]);
1362
1363	if (msg_size > (message_size-16))
1364	{
1365	msg_size = message_size-16;
1366	header[1] = (unsigned int)(msg_size/256);
1367	header[2] = (unsigned int)(msg_size - (256 * header[1]));
1368	#ifdef DEBUG_EN2
1369	fprintf(stderr, "RECV TRUNC2 <%lu>\n", msg_size);
1370	#endif
1371	}
1372	#ifdef DEBUG_EN2
1373	fprintf(stderr, "REC2 <%lu>\n", msg_size);
1374	#endif
1375	/* protocol
1376	*/
1377	/* memcpy(&header[3], &message[8], 4); */
1378
1379	/* payload
1380	*/
1381	msg_ret = SH_ALLOC(msg_size+1);
1382	if (msg_size > 0)
1383	{
1384	memcpy(msg_ret, &message[16], msg_size);
1385	}
1386	msg_ret[msg_size] = '\0';
1387	#ifdef DEBUG_EN2
1388	fprintf(stderr, "REC3 <%lu>\n", msg_size);
1389	#endif
1390	SH_FREE(message);
1391
1392	return msg_ret;
1393	}
1394	#endif
1395
1396	int sh_tools_hash_add(char * key, char * buf, int buflen)
1397	{
1398	char * theSig;
1399	char sigbuf[KEYBUF_SIZE];
1400
1401	SL_ENTER(_("sh_tools_hash_add"));
1402
1403	theSig = sh_util_siggen (key, buf, buflen, sigbuf, sizeof(sigbuf));
1404	sl_strlcat(buf, theSig, buflen + KEY_LEN + 1);
1405
1406	SL_RETURN((0), _("sh_tools_hash_add"));
1407	}
1408
1409
1410	/* return 0 (== FALSE) if no match, else 1 (== TRUE)
1411	*/
1412	int sh_tools_hash_vfy(char * key, char * buf, int buflen)
1413	{
1414	char hash[KEY_LEN+1];
1415	register int i;
1416	char * theSig;
1417	char sigbuf[KEYBUF_SIZE];
1418
1419	SL_ENTER(_("sh_tools_hash_vfy"));
1420
1421	theSig = sh_util_siggen (key, buf, buflen, sigbuf, sizeof(sigbuf));
1422	sl_strlcpy(hash, theSig, KEY_LEN+1);
1423
1424	for (i = 0; i < KEY_LEN; ++i)
1425	{
1426	if (buf[buflen + i] != hash[i])
1427	SL_RETURN((0), _("sh_tools_hash_vfy"));
1428	}
1429
1430	SL_RETURN((1), _("sh_tools_hash_vfy"));
1431	}
1432
1433	/* ------------------------------------------ */
1434
1435	#if defined (SH_WITH_SERVER)
1436
1437	/* add a checksum to a buffer; put checksum in front
1438	*/
1439	char * hash_me (char * key, char * buf, int buflen)
1440	{
1441	char hash[KEY_LEN+1];
1442	char * temp = NULL;
1443	register int i;
1444	int total = 0;
1445	char * theSig;
1446	char sigbuf[KEYBUF_SIZE];
1447
1448
1449	SL_ENTER(_("hash_me"));
1450
1451	#ifdef DEBUG_EN2
1452	fprintf(stderr, "hash_me <%s> <%d>\n",
1453	(key == NULL) ? "NULL" : key, buflen);
1454	#endif
1455	/* key = H(NSRV,NCLT,SK)
1456	*/
1457	ASSERT_RET((key != NULL), _("key != NULL"), (NULL));
1458	ASSERT_RET((buflen >= 0), _("buflen >= 0"), (NULL));
1459
1460	theSig = sh_util_siggen (key, buf, buflen, sigbuf, sizeof(sigbuf));
1461	sl_strlcpy(hash, theSig, KEY_LEN+1);
1462
1463	if (sl_ok_adds(buflen, KEY_LEN))
1464	{
1465	total = KEY_LEN + buflen;
1466	temp = SH_ALLOC (total);
1467
1468	for (i = 0; i < KEY_LEN; ++i)
1469	temp[i] = hash[i];
1470
1471	for (i = 0; i < buflen; ++i)
1472	temp[i+KEY_LEN] = buf[i];
1473	}
1474	else
1475	{
1476	sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
1477	_("integer overflow"),
1478	_("hash_me"));
1479	temp = sh_util_strdup(buf);
1480	}
1481	SL_RETURN(temp, _("hash_me"));
1482	}
1483	#endif
1484
1485	#if defined(SH_WITH_CLIENT) \|\| defined(SH_WITH_SERVER)
1486
1487	/* verify the checksum of a buffer; checksum comes first
1488	*/
1489	int hash_check(char * key,
1490	char * buf, int buflen)
1491	{
1492	char hash[KEY_LEN+1];
1493	register int i;
1494	char * theSig;
1495	char sigbuf[KEYBUF_SIZE];
1496
1497	SL_ENTER(_("hash_check"));
1498
1499	#ifdef DEBUG_EN2
1500	fprintf(stderr, "hash_check <%s> <%d>\n",
1501	(key == NULL) ? "NULL" : key, buflen);
1502	#endif
1503	theSig = sh_util_siggen (key, &buf[KEY_LEN], buflen-KEY_LEN,
1504	sigbuf, sizeof(sigbuf));
1505	sl_strlcpy(hash, theSig, KEY_LEN+1);
1506
1507	for (i = 0; i < KEY_LEN; ++i)
1508	{
1509	if (buf[i] != hash[i])
1510	SL_RETURN((-1), _("hash_check"));
1511	}
1512	SL_RETURN((0), _("hash_check"));
1513	}
1514
1515	#endif
1516
1517	#if defined (SH_WITH_SERVER)
1518
1519	char * get_client_conf_file (char * peer, unsigned long * length)
1520	{
1521	char * ret;
1522	int status;
1523	struct stat buf;
1524	char * base;
1525	size_t size;
1526
1527	SL_ENTER(_("get_client_conf_file"));
1528
1529	base = sh_util_strdup(DEFAULT_DATAROOT);
1530
1531	size = sl_strlen(base);
1532	if (sl_ok_adds(size, sl_strlen(peer)))
1533	size += sl_strlen(peer);
1534	if (sl_ok_adds(size, 6))
1535	size += 6;
1536
1537	ret = SH_ALLOC(size);
1538	sl_strlcpy(ret, base, size);
1539	sl_strlcat(ret, _("/rc."), size);
1540	sl_strlcat(ret, peer, size);
1541
1542	status = retry_stat (FIL__, __LINE__, ret, &buf);
1543
1544	if (status == 0)
1545	goto lab_end;
1546	else
1547	sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, status, MSG_E_ACCESS,
1548	(long) sh.effective.uid, ret);
1549
1550	sl_strlcpy(ret, base, size);
1551	sl_strlcat(ret, "/rc", size);
1552
1553	status = retry_stat (FIL__, __LINE__, ret, &buf);
1554
1555	if (status == 0)
1556	goto lab_end;
1557	else
1558	sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_E_ACCESS,
1559	(long) sh.effective.uid, ret);
1560
1561	SH_FREE(base);
1562	SH_FREE(ret);
1563	*length=0;
1564	SL_RETURN(NULL, _("get_client_conf_file"));
1565
1566	lab_end:
1567	if (buf.st_size > 0x7fffffff)
1568	{
1569	sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_E_SUBGEN,
1570	_("File too large"), _("get_client_conf_file"));
1571	SH_FREE(base);
1572	SL_RETURN(NULL, _("get_client_conf_file"));
1573	}
1574	*length = (unsigned long) buf.st_size;
1575	SH_FREE(base);
1576	SL_RETURN(ret, _("get_client_conf_file"));
1577	}
1578
1579	char * get_client_data_file (char * peer, unsigned long * length)
1580	{
1581	char * ret;
1582	int status;
1583	struct stat buf;
1584
1585	char * base;
1586	size_t size;
1587
1588	SL_ENTER(_("get_client_data_file"));
1589
1590	base = sh_util_strdup(DEFAULT_DATAROOT);
1591
1592	size = sl_strlen(base);
1593	if (sl_ok_adds(size, sl_strlen(peer)))
1594	size += sl_strlen(peer);
1595	if (sl_ok_adds(size, 8))
1596	size += 8;
1597
1598	ret = SH_ALLOC(size);
1599	sl_strlcpy(ret, base, size);
1600	sl_strlcat(ret, _("/file."), size);
1601	sl_strlcat(ret, peer, size);
1602
1603	status = retry_stat (FIL__, __LINE__, ret, &buf);
1604
1605	if (status == 0)
1606	goto lab1_end;
1607	else
1608	sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, status, MSG_E_ACCESS,
1609	(long) sh.effective.uid, ret);
1610
1611
1612	sl_strlcpy(ret, base, size);
1613	sl_strlcat(ret, _("/file"), size);
1614
1615	status = retry_stat (FIL__, __LINE__, ret, &buf);
1616
1617	if (status == 0)
1618	goto lab1_end;
1619	else
1620	sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, status, MSG_E_ACCESS,
1621	(long) sh.effective.uid, ret);
1622
1623
1624	*length = 0;
1625	SH_FREE(base);
1626	SH_FREE(ret);
1627	SL_RETURN(NULL, _("get_client_data_file"));
1628
1629	lab1_end:
1630	if (buf.st_size > 0x7fffffff)
1631	{
1632	sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_E_SUBGEN,
1633	_("File too large"), _("get_client_data_file"));
1634	SH_FREE(base);
1635	SL_RETURN(NULL, _("get_client_data_file"));
1636	}
1637	*length = (unsigned long) buf.st_size;
1638	SH_FREE(base);
1639	SL_RETURN(ret, _("get_client_data_file"));
1640
1641	}
1642	#endif
1643
1644	#if defined(SH_WITH_CLIENT) \|\| defined(SH_WITH_SERVER) \|\| defined(SH_STEALTH) \|\| defined(WITH_GPG) \|\| defined(WITH_PGP)
1645
1646	/* --------- secure temporary file ------------ */
1647
1648	SL_TICKET open_tmp ()
1649	{
1650	SL_TICKET fd;
1651	UINT32 ticks;
1652	char * file;
1653	struct stat buf;
1654	int error;
1655	int status = BAD;
1656	char * my_tmp_dir;
1657	char hashbuf[KEYBUF_SIZE];
1658
1659	SL_ENTER(_("open_tmp"));
1660
1661	#if defined(SH_TMPDIR)
1662	my_tmp_dir = sh_util_strdup(SH_TMPDIR);
1663	#else
1664	#if defined(SH_WITH_SERVER)
1665	my_tmp_dir = sh_util_strdup(DEFAULT_LOGDIR);
1666	#else
1667	my_tmp_dir = sh_util_strdup(sh.effective.home);
1668	#endif
1669	#endif
1670
1671	if (0 != tf_trust_check (my_tmp_dir, SL_YESPRIV))
1672	{
1673	dlog(1, FIL__, __LINE__,
1674	_("The directory for temporary files: %s is untrusted, i.e. an\nuntrusted user owns or can write to some directory in the path.\n"),
1675	my_tmp_dir);
1676	sh_error_handle ((-1), FIL__, __LINE__, EACCES, MSG_TRUST,
1677	(long) sh.effective.uid,
1678	my_tmp_dir);
1679	SH_FREE(my_tmp_dir);
1680	aud_exit (FIL__, __LINE__, EXIT_FAILURE);
1681	}
1682
1683	do {
1684
1685	/* create random filename in effective users home directory
1686	*/
1687	ticks = taus_get ();
1688	if (my_tmp_dir[0] == '/' && my_tmp_dir[1] == '\0')
1689	file = sh_util_strconcat (my_tmp_dir,
1690	sh_tiger_hash( (char *) &ticks, TIGER_DATA, 4,
1691	hashbuf, sizeof(hashbuf)),
1692	NULL);
1693	else
1694	file = sh_util_strconcat (my_tmp_dir,
1695	"/",
1696	sh_tiger_hash( (char *) &ticks, TIGER_DATA, 4,
1697	hashbuf, sizeof(hashbuf)),
1698	NULL);
1699
1700	/* check whether it already exists (paranoia)
1701	*/
1702	errno = 0;
1703	status = retry_lstat(FIL__, __LINE__, file, &buf);
1704	error = errno;
1705
1706	if ( (status < 0) && (error == ENOENT) ) /* file does not exist */
1707	status = GOOD;
1708	else if (status < 0) /* unexpected error condition */
1709	{
1710	SH_FREE (file);
1711	SH_FREE(my_tmp_dir);
1712	sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, status, MSG_E_SUBGEN,
1713	_("Error (lstat) while opening temporary file"), _("open_tmp"));
1714	TPT(( 0, FIL__, __LINE__, _("msg=<Unexpected error %d>\n"), error));
1715	SL_RETURN((-1), _("open_tmp"));
1716	}
1717	else /* file exists */
1718	{
1719	status = BAD;
1720	TPT(( 0, FIL__, __LINE__, _("msg=<Temporary file exists already>\n")));
1721	}
1722
1723	if (status == GOOD)
1724	{
1725	if (0 == tf_trust_check (file, SL_YESPRIV))
1726	status = GOOD;
1727	else
1728	{
1729	status = BAD;
1730	TPT(( 0, FIL__, __LINE__, _("msg=<Temporary file untrusted>\n")));
1731	}
1732	}
1733
1734	if (status == BAD)
1735	SH_FREE (file);
1736
1737	} while (status == BAD);
1738
1739	fd = sl_open_safe_rdwr (FIL__, __LINE__, file, SL_YESPRIV);
1740	if (SL_ISERROR(fd))
1741	{
1742	sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, fd, MSG_E_SUBGEN,
1743	_("Error opening temporary file"), _("open_tmp"));
1744	TPT(( 0, FIL__, __LINE__, _("msg=<Error %d temporary file %s>\n"),
1745	fd, file));
1746	}
1747
1748
1749	SH_FREE (file);
1750	SH_FREE(my_tmp_dir);
1751
1752	if (!SL_ISERROR(fd)) {
1753	sl_unlink(fd);
1754	}
1755
1756	if (!SL_ISERROR(fd))
1757	SL_RETURN((fd), _("open_tmp"));
1758	else
1759	SL_RETURN((-1), _("open_tmp"));
1760	}
1761
1762
1763	int close_tmp (SL_TICKET fd)
1764	{
1765	SL_ENTER(_("close_tmp"));
1766
1767	if (SL_ISERROR(sl_close (fd)))
1768	SL_RETURN((-1), _("close_tmp"));
1769	SL_RETURN((0), _("close_tmp"));
1770	}
1771
1772	int rewind_tmp (SL_TICKET fd)
1773	{
1774	SL_ENTER(_("rewind_tmp"));
1775
1776	if (SL_ISERROR(sl_rewind (fd)))
1777	SL_RETURN((-1), _("rewind_tmp"));
1778	SL_RETURN((0), _("rewind_tmp"));
1779	}
1780	#endif

Note: See TracBrowser for help on using the repository browser.

Download in other formats: