Context Navigation

source: trunk/src/sh_tools.c@ 307

Last change on this file since 307 was 295, checked in by katerina, 14 years ago
Support for IPv6 (ticket #222).
File size: 48.2 KB

Line
1	/* SAMHAIN file system integrity testing */
2	/* Copyright (C) 1999, 2000 Rainer Wichmann */
3	/* */
4	/* This program is free software; you can redistribute it */
5	/* and/or modify */
6	/* it under the terms of the GNU General Public License as */
7	/* published by */
8	/* the Free Software Foundation; either version 2 of the License, or */
9	/* (at your option) any later version. */
10	/* */
11	/* This program is distributed in the hope that it will be useful, */
12	/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
13	/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
14	/* GNU General Public License for more details. */
15	/* */
16	/* You should have received a copy of the GNU General Public License */
17	/* along with this program; if not, write to the Free Software */
18	/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20	#include "config_xor.h"
21
22
23	#include <stdio.h>
24	#include <stdlib.h>
25	#include <string.h>
26	#include <ctype.h>
27
28	/* Must be early on FreeBSD
29	*/
30	#include <sys/types.h>
31
32	#ifdef HAVE_MEMORY_H
33	#include <memory.h>
34	#endif
35
36	#ifdef HAVE_SYS_SELECT_H
37	#include <sys/select.h>
38	#endif
39
40	#ifdef HAVE_UNISTD_H
41	#include <errno.h>
42	#include <signal.h>
43	#include <setjmp.h>
44	#include <pwd.h>
45	#include <grp.h>
46	#include <sys/stat.h>
47	#include <sys/resource.h>
48	#include <fcntl.h>
49	#include <sys/wait.h>
50	#include <unistd.h>
51	#endif
52
53	#include <sys/socket.h>
54
55	#ifdef HOST_IS_HPUX
56	#define _XOPEN_SOURCE_EXTENDED
57	#endif
58	#include <netinet/in.h>
59	#include <arpa/inet.h>
60	#include <netdb.h>
61
62	#ifndef FD_SET
63	#define NFDBITS 32
64	#define FD_SET(n, p) ((p)->fds_bits[(n)/NFDBITS] \|= (1 << ((n) % NFDBITS)))
65	#define FD_CLR(n, p) ((p)->fds_bits[(n)/NFDBITS] &= ~(1 << ((n) % NFDBITS)))
66	#define FD_ISSET(n, p) ((p)->fds_bits[(n)/NFDBITS] & (1 << ((n) % NFDBITS)))
67	#endif /* !FD_SET */
68	#ifndef FD_SETSIZE
69	#define FD_SETSIZE 32
70	#endif
71	#ifndef FD_ZERO
72	#define FD_ZERO(p) memset((char )(p), '\0', sizeof((p)))
73	#endif
74
75
76	#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
77	#include <sys/mman.h>
78	#endif
79
80	#define SH_REAL_SET
81
82	#include "samhain.h"
83	#include "sh_mem.h"
84	#include "sh_error.h"
85	#include "sh_tools.h"
86	#include "sh_utils.h"
87	#include "sh_tiger.h"
88	#define SH_NEED_GETHOSTBYXXX
89	#include "sh_static.h"
90	#include "sh_pthread.h"
91	#include "sh_ipvx.h"
92
93	#undef FIL__
94	#define FIL__ _("sh_tools.c")
95
96	#ifdef SH_ENCRYPT
97	#include "rijndael-api-fst.h"
98	char * errorExplain (int err_num, char * buffer, size_t len)
99	{
100	char * p;
101
102	if (err_num == BAD_KEY_DIR)
103	p = (_("Key direction is invalid"));
104	else if (err_num == BAD_KEY_MAT)
105	p = (_("Key material not of correct length"));
106	else if (err_num == BAD_KEY_INSTANCE)
107	p = (_("Key passed is not valid"));
108	else if (err_num == BAD_CIPHER_MODE)
109	p = (_("Params struct passed to cipherInit invalid"));
110	else if (err_num == BAD_CIPHER_STATE)
111	p = (_("Cipher in wrong state"));
112	else if (err_num == BAD_BLOCK_LENGTH)
113	p = (_("Bad block length"));
114	else if (err_num == BAD_CIPHER_INSTANCE)
115	p = (_("Bad cipher instance"));
116	else if (err_num == BAD_DATA)
117	p = (_("Data contents are invalid"));
118	else
119	p = (_("Unknown error"));
120	sl_strlcpy (buffer, p, len);
121	return buffer;
122	}
123
124	#endif
125
126	/* --- check for an interface ---
127	*/
128	int sh_tools_iface_is_present(char *str)
129	{
130	#if defined(USE_IPVX)
131	struct addrinfo *ai;
132	struct addrinfo hints;
133	int res;
134
135	memset (&hints, '\0', sizeof (hints));
136	hints.ai_flags = AI_PASSIVE \| AI_ADDRCONFIG;
137	hints.ai_socktype = SOCK_STREAM;
138	res = getaddrinfo (str, _("2543"), &hints, &ai);
139
140	if (res == 0)
141	{
142	struct addrinfo *p = ai;
143	while (p != NULL)
144	{
145	int fd = socket (p->ai_family, p->ai_socktype,
146	p->ai_protocol);
147
148	if (fd < 0)
149	{
150	freeaddrinfo (ai);
151	return 0;
152	}
153
154	if (bind (fd, p->ai_addr, p->ai_addrlen) != 0)
155	{
156	/* bind() fails for access reasons, iface exists
157	*/
158	if (errno == EACCES \|\| errno == EADDRINUSE)
159	{
160	sl_close_fd (FIL__, __LINE__, fd);
161	freeaddrinfo (ai);
162	return 1;
163	}
164
165	sl_close_fd (FIL__, __LINE__, fd);
166	freeaddrinfo (ai);
167	return 0;
168	}
169
170	sl_close_fd (FIL__, __LINE__, fd);
171	freeaddrinfo (ai);
172	return 1;
173	/* p = p->ai_next; */
174	}
175	}
176	#else
177	struct sockaddr_in sin;
178	int sd;
179
180	memset(&sin, '\0', sizeof(sin));
181	sin.sin_family = AF_INET;
182	if (inet_aton(str, &(sin.sin_addr)))
183	{
184	sin.sin_port = htons(2543);
185
186	if (-1 == (sd = socket(AF_INET, SOCK_STREAM, 0)))
187	{
188	return 0;
189	}
190
191	if (-1 == bind(sd, (struct sockaddr *)&sin, sizeof(sin)))
192	{
193	int retval = 0;
194
195	/* bind() fails for access reasons, iface exists
196	*/
197	if (errno == EACCES \|\| errno == EADDRINUSE)
198	retval = 1;
199	sl_close_fd (FIL__, __LINE__, sd);
200	return retval;
201	}
202
203	/* bind() succeeds, iface exists
204	*/
205	sl_close_fd(FIL__, __LINE__, sd);
206	return 1;
207	}
208	#endif
209	return 0;
210	}
211
212	/* --- recode all \blah escapes to '=XX' format, and also code all
213	* remaining unprintable chars ---
214	*/
215	#define SH_PUT_4(p, a, b, c) (p)[0] = (a); (p)[1] = (b); (p)[2] = (c);
216
217	char * sh_tools_safe_name (const char * instr, int flag)
218	{
219	unsigned char c, d;
220	const char * p;
221	char tmp[4];
222	char * outstr;
223	size_t len = 1;
224	int i = 0;
225	unsigned char val_octal = '\0';
226	static char ctable[16] = { '0', '1', '2', '3', '4', '5', '6', '7',
227	'8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
228
229	SL_ENTER(_("sh_tools_safe_name"));
230
231	if (instr)
232	{
233	len = strlen(instr);
234	if (sl_ok_muls (3, len) && sl_ok_adds ((3*len), 4))
235	{
236	len = (3 * len) + 4;
237	p = instr;
238	}
239	else
240	{
241	len = 1;
242	p = NULL;
243	}
244	}
245	else
246	{
247	p = NULL;
248	}
249
250	outstr = SH_ALLOC(len);
251
252	outstr[0] = '\0';
253	tmp[3] = '\0';
254
255	#if !defined(SH_USE_XML)
256	(void) flag; /* fix compiler warning */
257	#endif
258
259	if (!p)
260	goto end;
261
262	while (*p)
263	{
264	c = *p;
265
266	if (*p == '\n')
267	{
268	outstr[i] = ' '; ++i; ++p;
269	continue;
270	}
271
272	#ifdef SH_USE_XML
273	if (flag == 1)
274	{
275	if ((*p) == '"')
276	{
277	SH_PUT_4(&outstr[i], '=', '2', '2');
278	i+=3; ++p;
279	continue;
280	}
281	else if ((*p) == '&')
282	{
283	SH_PUT_4(&outstr[i], '=', '2', '6');
284	i+=3; ++p;
285	continue;
286	}
287	else if ((*p) == '<')
288	{ /* left angle */
289	SH_PUT_4(&outstr[i], '=', '3', 'c');
290	i+=3; ++p;
291	continue;
292	}
293	else if ((*p) == '>')
294	{ /* right angle */
295	SH_PUT_4(&outstr[i], '=', '3', 'e');
296	i+=3; ++p;
297	continue;
298	}
299	}
300	#endif
301
302	if ( (p) != '\\' && (p) != '&' && (p) != '=' && (p) != '\'')
303	{
304	outstr[i] = *p; ++i;
305	++p;
306
307	if (c < 32 \|\| c > 126)
308	{
309	--i;
310	d = c % 16; c = c / 16;
311	outstr[i] = '='; ++i;
312	outstr[i] = ctable[c]; ++i;
313	outstr[i] = ctable[d]; ++i;
314	}
315
316	continue;
317	}
318	else if ((*p) == '\'')
319	{
320	SH_PUT_4(&outstr[i], '=', '2', '7');
321	i+=3; ++p;
322	}
323	else if (*p == '=')
324	{
325	if (p[1] != '"' && p[1] != '<')
326	{
327	SH_PUT_4(&outstr[i], '=', '3', 'd');
328	i+=3; ++p;
329	}
330	else
331	{ outstr[i] = *p; ++i; ++p; }
332	}
333	else if (*p == '\\')
334	{
335	++p;
336	if (!p)
337	break;
338	if (!(*p))
339	break;
340
341	c = *p;
342
343	switch (*p) {
344	case '\\':
345	SH_PUT_4(&outstr[i], '=', '5', 'c');
346	i+=3; ++p;
347	break;
348	case 'n':
349	SH_PUT_4(&outstr[i], '=', '0', 'a');
350	i+=3; ++p;
351	break;
352	case 'b':
353	SH_PUT_4(&outstr[i], '=', '0', '8');
354	i+=3; ++p;
355	break;
356	case 'r':
357	SH_PUT_4(&outstr[i], '=', '0', 'd');
358	i+=3; ++p;
359	break;
360	case 't':
361	SH_PUT_4(&outstr[i], '=', '0', '9');
362	i+=3; ++p;
363	break;
364	case 'v':
365	SH_PUT_4(&outstr[i], '=', '0', 'b');
366	i+=3; ++p;
367	break;
368	case 'f':
369	SH_PUT_4(&outstr[i], '=', '0', 'c');
370	i+=3; ++p;
371	break;
372	case '\'':
373	SH_PUT_4(&outstr[i], '=', '2', '7');
374	i+=3; ++p;
375	break;
376	case '"': /* also encode quoted '"' */
377	SH_PUT_4(&outstr[i], '=', '2', '2');
378	i+=3; ++p;
379	break;
380	case ' ':
381	SH_PUT_4(&outstr[i], '=', '2', '0');
382	i+=3; ++p;
383	break;
384	default:
385	if (strlen(p) < 3) /* certainly not an octal number, skip */
386	{
387	p += strlen(p);
388	}
389	else
390	{
391	tmp[0] = p[0]; tmp[1] = p[1]; tmp[2] = p[2];
392	val_octal = (unsigned char) strtoul(tmp, (char **)NULL, 8);
393	if (val_octal != '\0') {
394	c = val_octal;
395	d = c % 16; c = c / 16;
396	outstr[i] = '='; ++i;
397	outstr[i] = ctable[c]; ++i;
398	outstr[i] = ctable[d]; ++i;
399	}
400	p += 3;
401	}
402	}
403	}
404	else if (*p == '&')
405	{
406	++p;
407	if (!p \|\| !(*p))
408	{
409	outstr[i] = '&'; ++i;
410	break;
411	}
412
413	if (p[0] == 'a' && p[1] == 'm' && p[2] == 'p' && p[3] == ';')
414	{
415	SH_PUT_4(&outstr[i], '=', '2', '6');
416	i+=3; p += 4;
417	}
418	else if (p[0] == 'q' && p[1] == 'u' && p[2] == 'o' && p[3] == 't' &&
419	p[4] == ';')
420	{
421	SH_PUT_4(&outstr[i], '=', '2', '2');
422	i+=3; p += 5;
423	}
424	else if (p[0] == 'l' && p[1] == 't' && p[2] == ';')
425	{
426	SH_PUT_4(&outstr[i], '=', '3', 'c');
427	i+=3; p += 3;
428	}
429	else if (p[0] == 'g' && p[1] == 't' && p[2] == ';')
430	{
431	SH_PUT_4(&outstr[i], '=', '3', 'e');
432	i+=3; p += 3;
433	}
434	else /* conserve the '&' */
435	{
436	outstr[i] = '&'; ++i;
437	}
438	}
439	else
440	{
441	outstr[i] = *p; ++i;
442	++p;
443	}
444	} /* while (p && p) /
445
446	end:
447
448	outstr[i] = '\0';
449	SL_RETURN( outstr, _("sh_tools_safe_name"));
450	}
451
452
453	/* extern int h_errno; */
454
455	char * sh_tools_errmessage (int tellme, char * errbuf, size_t len)
456	{
457	char * p = NULL;
458	#ifdef HOST_NOT_FOUND
459	if (tellme == HOST_NOT_FOUND)
460	p = _("The specified host is unknown: ");
461	#endif
462	#ifdef NO_ADDRESS
463	if (tellme == NO_ADDRESS)
464	p = _("The requested name is valid but does not have an IP address: ");
465	#endif
466	#ifdef NO_RECOVERY
467	if (tellme == NO_RECOVERY)
468	p = _("A non-recoverable name server error occurred: ");
469	#endif
470	#ifdef TRY_AGAIN
471	if (tellme == TRY_AGAIN)
472	p = _("A temporary error occurred on an authoritative name server. The specified host is unknown: ");
473	#endif
474	if (!p) p = _("Unknown error");
475	sl_strlcpy(errbuf, p, len);
476	return errbuf;
477	}
478
479	#if defined (SH_WITH_SERVER)
480
481	int get_open_max ()
482	{
483	int value;
484
485	#ifdef _SC_OPEN_MAX
486	value = sysconf (_SC_OPEN_MAX);
487	#else
488	#ifdef OPEN_MAX
489	value = OPEN_MAX;
490	#else
491	value = _POSIX_OPEN_MAX;
492	#endif
493	#endif
494
495	if (value < 0)
496	value = 8; /* POSIX lower limit */
497
498	if (value > 4096)
499	value = 4096;
500
501	return value;
502	}
503
504	#endif
505
506	typedef struct _sin_cache {
507	char * address;
508	struct sh_sockaddr saddr;
509	struct _sin_cache * next;
510	} sin_cache;
511
512	static sin_cache * conn_cache = NULL;
513	static int cached_addr = 0;
514
515	void delete_cache()
516	{
517	sin_cache * check_cache = conn_cache;
518	sin_cache * old_entry = conn_cache;
519
520	SL_ENTER(_("delete_cache"));
521
522	while (check_cache != NULL)
523	{
524	old_entry = check_cache;
525	check_cache = check_cache->next;
526	SH_FREE(old_entry->address);
527	SH_FREE(old_entry);
528	}
529
530	cached_addr = 0;
531
532	conn_cache = NULL;
533	SL_RET0(_("delete_cache"));
534	}
535
536	int DoReverseLookup = S_TRUE;
537
538	int set_reverse_lookup (const char * c)
539	{
540	return sh_util_flagval(c, &DoReverseLookup);
541	}
542
543	#if !defined(USE_IPVX)
544	int connect_port (char * address, int port,
545	char * ecall, int * errnum, char * errmsg, int errsiz)
546	{
547	struct in_addr haddr; /* host address from numeric */
548	/* host details returned by the DNS */
549	struct hostent *host_entry = NULL;
550	struct sockaddr_in sinr; /* socket to the remote host */
551
552	char * host_name;
553
554	volatile int fd = (-1);
555	int status;
556	volatile int fail = 0;
557	int cached = 0;
558
559	int retval;
560	char errbuf[SH_ERRBUF_SIZE];
561
562	sin_cache * check_cache = conn_cache;
563
564	SL_ENTER(_("connect_port"));
565
566	/* paranoia -- should not happen
567	*/
568	if (cached_addr > 128)
569	delete_cache();
570
571	if (check_cache != NULL)
572	{
573	while (check_cache && check_cache->address)
574	{
575	if ( 0 == sl_strncmp(check_cache->address,
576	address, sl_strlen(address)))
577	{
578	memcpy (&sinr, &((check_cache->saddr).sin), sizeof(struct sockaddr_in));
579	sinr.sin_family = AF_INET;
580	sinr.sin_port = htons (port);
581	cached = 1;
582	break;
583	}
584	if (check_cache->next)
585	check_cache = check_cache->next;
586	else
587	check_cache = NULL;
588	}
589	}
590
591	/* only use gethostbyname() if neccessary
592	*/
593	if (cached == 0)
594	{
595	#ifdef HAVE_INET_ATON
596	if (0 == inet_aton(address, &haddr))
597	#else
598	if ((unsigned long)-1 == (haddr.s_addr = inet_addr(address)))
599	#endif
600	{
601	SH_MUTEX_LOCK(mutex_resolv);
602
603	host_name = NULL;
604
605	host_entry = sh_gethostbyname(address);
606
607	if (host_entry == NULL \|\| host_entry->h_addr == NULL)
608	{
609	sl_strlcpy(ecall, _("gethostbyname"), SH_MINIBUF);
610	#ifndef NO_H_ERRNO
611	*errnum = h_errno;
612	#else
613	*errnum = 666;
614	#endif
615	(void) sh_tools_errmessage (*errnum, errmsg, errsiz);
616	sl_strlcat(errmsg, address, errsiz);
617	fail = (-1);
618	}
619	else
620	{
621	sinr.sin_family = AF_INET;
622	sinr.sin_port = htons (port);
623	sinr.sin_addr = (struct in_addr ) host_entry->h_addr;
624
625
626	/* reverse DNS lookup
627	*/
628	if (DoReverseLookup == S_TRUE)
629	{
630	if (host_entry->h_name == NULL)
631	{
632	host_name = SH_ALLOC(1);
633	host_name[0] = '\0';
634	}
635	else
636	{
637	host_name = sh_util_strdup(host_entry->h_name);
638	}
639
640	host_entry = sh_gethostbyaddr ((char *) &sinr.sin_addr,
641	sizeof(struct in_addr),
642	AF_INET);
643	if (host_entry == NULL \|\| host_entry->h_name == NULL)
644	{
645	sl_strlcpy(ecall, _("gethostbyaddr"), SH_MINIBUF);
646	#ifndef NO_H_ERRNO
647	*errnum = h_errno;
648	#else
649	*errnum = 666;
650	#endif
651	(void) sh_tools_errmessage (*errnum, errmsg, errsiz);
652	sl_strlcat(errmsg,
653	inet_ntoa ((struct in_addr ) &(sinr.sin_addr)),
654	errsiz);
655	fail = (-1);
656	}
657	else
658	{
659	*errnum = 0;
660	if (sl_strlen(host_entry->h_name) == 0 \|\|
661	(*errnum = sl_strcasecmp(host_name,host_entry->h_name)) != 0)
662	{
663	if (*errnum)
664	sl_strlcpy(ecall, _("strcmp"), SH_MINIBUF);
665	else
666	sl_strlcpy(ecall, _("strlen"), SH_MINIBUF);
667	sl_strlcpy(errmsg, _("Reverse lookup failed: "),
668	errsiz);
669	sl_strlcat(errmsg, address, errsiz);
670	sl_strlcat(errmsg, _(" vs "), errsiz);
671	sl_strlcat(errmsg,
672	inet_ntoa ((struct in_addr ) &(sinr.sin_addr)),
673	errsiz);
674	fail = -1;
675	}
676	}
677	}
678	}
679	SH_MUTEX_UNLOCK(mutex_resolv);
680	if (host_name) SH_FREE(host_name);
681	}
682
683	else /* address was numeric */
684	{
685	sinr.sin_family = AF_INET;
686	sinr.sin_port = htons (port);
687	sinr.sin_addr = haddr;
688	}
689
690
691	if (fail != -1)
692	{
693	/* put it into the cache
694	*/
695	check_cache = SH_ALLOC(sizeof(sin_cache));
696	check_cache->address = SH_ALLOC(sl_strlen(address) + 1);
697	sl_strlcpy (check_cache->address, address, sl_strlen(address) + 1);
698
699	sh_ipvx_save(&(check_cache->saddr), AF_INET, (struct sockaddr *) &sinr);
700
701	++cached_addr;
702
703	if (conn_cache)
704	{
705	if (conn_cache->next)
706	check_cache->next = conn_cache->next;
707	else
708	check_cache->next = NULL;
709	conn_cache->next = check_cache;
710	}
711	else
712	{
713	check_cache->next = NULL;
714	conn_cache = check_cache;
715	}
716	}
717	}
718
719
720	if (fail != (-1))
721	{
722	fd = socket(AF_INET, SOCK_STREAM, 0);
723	if (fd < 0) {
724	fail = (-1);
725	status = errno;
726	sl_strlcpy(ecall, _("socket"), SH_MINIBUF);
727	*errnum = status;
728	sl_strlcpy(errmsg, sh_error_message (status, errbuf, sizeof(errbuf)), errsiz);
729	sl_strlcat(errmsg, _(", address "), errsiz);
730	sl_strlcat(errmsg, address, errsiz);
731	}
732	}
733
734	if (fail != (-1)) {
735
736	if ( retry_connect(FIL__, __LINE__, fd,
737	(struct sockaddr *) &sinr, sizeof(sinr)) < 0)
738	{
739	status = errno;
740	sl_strlcpy(ecall, _("connect"), SH_MINIBUF);
741	*errnum = status;
742	sl_strlcpy(errmsg, sh_error_message (status, errbuf, sizeof(errbuf)), errsiz);
743	sl_strlcat(errmsg, _(", address "), errsiz);
744	sl_strlcat(errmsg, address, errsiz);
745	sl_close_fd(FIL__, __LINE__, fd);
746	fail = (-1);
747	}
748	}
749
750	retval = (fail < 0) ? (-1) : fd;
751	SL_RETURN(retval, _("connect_port"));
752	}
753	#else
754	int connect_port (char * address, int port,
755	char * ecall, int * errnum, char * errmsg, int errsiz)
756	{
757	struct sockaddr_in *sin;
758	struct sockaddr_in6 *sin6;
759	struct sh_sockaddr ss;
760	sin_cache * check_cache = conn_cache;
761	int cached = 0;
762	int fail = 0;
763	int fd = -1;
764	int status = 0;
765
766	int retval;
767	char errbuf[SH_ERRBUF_SIZE];
768
769	SL_ENTER(_("connect_port"));
770
771	/* paranoia -- should not happen
772	*/
773	if (cached_addr > 128)
774	delete_cache();
775
776	if (check_cache != NULL)
777	{
778	while (check_cache && check_cache->address)
779	{
780	if ( 0 == sl_strncmp(check_cache->address,
781	address, sl_strlen(address)))
782	{
783	memcpy (&ss, &(check_cache->saddr), sizeof(struct sh_sockaddr));
784	switch (ss.ss_family)
785	{
786	case AF_INET:
787	sin = &(ss.sin);
788	sin->sin_port = htons (port);
789	case AF_INET6:
790	sin6 = &(ss.sin6);
791	sin6->sin6_port = htons (port);
792	}
793	cached = 1;
794	break;
795	}
796	if (check_cache->next)
797	check_cache = check_cache->next;
798	else
799	check_cache = NULL;
800	}
801	}
802
803	if (cached != 0)
804	{
805	fd = socket(ss.ss_family, SOCK_STREAM, 0);
806	if (fd < 0)
807	{
808	status = errno;
809	fail = (-1);
810	sl_strlcpy(ecall, _("socket"), SH_MINIBUF);
811	*errnum = status;
812	sl_strlcpy(errmsg, sh_error_message (status, errbuf, sizeof(errbuf)), errsiz);
813	sl_strlcat(errmsg, _(", address "), errsiz);
814	sl_strlcat(errmsg, address, errsiz);
815	}
816
817
818	if (fail != (-1))
819	{
820	int addrlen = SH_SS_LEN(ss);
821
822	if ( retry_connect(FIL__, __LINE__, fd,
823	sh_ipvx_sockaddr_cast(&ss), addrlen) < 0)
824	{
825	status = errno;
826	sl_strlcpy(ecall, _("connect"), SH_MINIBUF);
827	*errnum = status;
828	sl_strlcpy(errmsg, sh_error_message (status, errbuf, sizeof(errbuf)), errsiz);
829	sl_strlcat(errmsg, _(", address "), errsiz);
830	sl_strlcat(errmsg, address, errsiz);
831	sl_close_fd(FIL__, __LINE__, fd);
832	fail = (-1);
833	}
834	}
835
836	if (fail != 0)
837	{
838	delete_cache();
839	cached = 0;
840	}
841	}
842
843	if (cached == 0)
844	{
845	int res;
846	char sport[32];
847	struct addrinfo *ai;
848	struct addrinfo hints;
849
850	memset (&hints, '\0', sizeof (hints));
851	hints.ai_flags = AI_ADDRCONFIG;
852	#if defined(AI_CANONNAME)
853	hints.ai_flags \|= AI_CANONNAME;
854	#endif
855	hints.ai_socktype = SOCK_STREAM;
856	sl_snprintf(sport, sizeof(sport), "%d", port);
857
858	res = getaddrinfo (address, sport, &hints, &ai);
859	if (res != 0)
860	{
861	fail = (-1);
862	status = errno;
863	sl_strlcpy(ecall, _("getaddrinfo"), SH_MINIBUF);
864	*errnum = status;
865	sl_strlcpy(errmsg, gai_strerror (res), errsiz);
866	sl_strlcat(errmsg, _(", address "), errsiz);
867	sl_strlcat(errmsg, address, errsiz);
868	}
869
870	if (fail != (-1) && (DoReverseLookup == S_TRUE) && !sh_ipvx_is_numeric(address))
871	{
872	struct addrinfo *p = ai;
873	int success = 0;
874	char hostname[SH_BUFSIZE];
875	const char * canonical;
876
877	#if defined(AI_CANONNAME)
878	if (ai->ai_canonname && strlen(ai->ai_canonname) > 0)
879	{
880	canonical = ai->ai_canonname;
881	}
882	else
883	{
884	canonical = address;
885	}
886	#else
887	canonical = address;
888	#endif
889
890	while (p != NULL)
891	{
892	int e = getnameinfo (p->ai_addr, p->ai_addrlen,
893	hostname, sizeof(hostname),
894	NULL, 0, NI_NAMEREQD);
895
896	if (e == 0)
897	{
898	if (sl_strcasecmp(hostname, canonical) == 0)
899	{
900	success = 1;
901	break;
902	}
903	}
904
905	p = p->ai_next;
906	}
907
908	if (success == 0)
909	{
910	sl_strlcpy(ecall, _("strcmp"), SH_MINIBUF);
911	sl_strlcpy(errmsg, _("Reverse lookup failed: "),
912	errsiz);
913	sl_strlcat(errmsg, address, errsiz);
914	fail = -1;
915	freeaddrinfo (ai);
916	}
917	}
918
919	if (fail != (-1))
920	{
921	struct addrinfo *p = ai;
922
923	while (p != NULL)
924	{
925	fd = socket(p->ai_family, p->ai_socktype,
926	p->ai_protocol);
927
928	if (fd != (-1))
929	{
930	if (retry_connect(FIL__, __LINE__, fd,
931	p->ai_addr, p->ai_addrlen) >= 0)
932	{
933	/* put it into the cache
934	*/
935	check_cache = SH_ALLOC(sizeof(sin_cache));
936	check_cache->address = SH_ALLOC(sl_strlen(address) + 1);
937	sl_strlcpy (check_cache->address, address, sl_strlen(address) + 1);
938
939	sh_ipvx_save(&(check_cache->saddr), p->ai_family, p->ai_addr);
940
941	++cached_addr;
942
943	if (conn_cache)
944	{
945	if (conn_cache->next)
946	check_cache->next = conn_cache->next;
947	else
948	check_cache->next = NULL;
949	conn_cache->next = check_cache;
950	}
951	else
952	{
953	check_cache->next = NULL;
954	conn_cache = check_cache;
955	}
956
957	freeaddrinfo (ai);
958	goto end;
959	}
960	status = errno;
961	sl_close_fd(FIL__, __LINE__, fd);
962	}
963	else
964	{
965	status = errno;
966	}
967	p = p->ai_next;
968	}
969	fail = (-1);
970	freeaddrinfo (ai);
971
972	sl_strlcpy(ecall, _("connect"), SH_MINIBUF);
973	*errnum = status;
974	sl_strlcpy(errmsg, sh_error_message (status, errbuf, sizeof(errbuf)), errsiz);
975	sl_strlcat(errmsg, _(", address "), errsiz);
976	sl_strlcat(errmsg, address, errsiz);
977	}
978	}
979
980	end:
981	retval = (fail < 0) ? (-1) : fd;
982	SL_RETURN(retval, _("connect_port"));
983
984	}
985	#endif
986
987	int connect_port_2 (char * address1, char * address2, int port,
988	char * ecall, int * errnum, char * errmsg, int errsiz)
989	{
990	int retval = (-1);
991
992	SL_ENTER(_("connect_port_2"));
993
994	errmsg[0] = '\0';
995	*errnum = 0;
996
997	if (address1 != NULL && address1[0] != '\0')
998	retval = connect_port (address1, port,
999	ecall, errnum,
1000	errmsg, errsiz);
1001
1002	if (retval < 0 && address2 != NULL && address2[0] != '\0')
1003	{
1004	/* can't use sh_error_handle here, as this would cause an infinite
1005	* loop if called from sh_unix_time
1006	*/
1007	TPT(( 0, FIL__, __LINE__, _("msg=<Using alternative server %s.>\n"),
1008	address2));
1009	retval = connect_port (address2, port,
1010	ecall, errnum,
1011	errmsg, errsiz);
1012	}
1013
1014	if ((retval < 0) &&
1015	(address1 == NULL \|\| address1[0] == '\0') &&
1016	(address1 == NULL \|\| address1[0] == '\0'))
1017	{
1018	sl_strlcpy(ecall, _("connect_port_2"), SH_MINIBUF);
1019	sl_strlcpy(errmsg, _("No server address known"), errsiz);
1020	}
1021	SL_RETURN(retval, _("connect_port_2"));
1022	/* return retval; */
1023	}
1024
1025	#if defined(HAVE_NTIME) \|\| defined(SH_WITH_CLIENT) \|\| defined(SH_WITH_SERVER)
1026	static
1027	int sh_write_select(int type, int sockfd,
1028	char *buf, int nbytes,
1029	int * w_error, int timeout)
1030	{
1031	int countbytes, count;
1032	fd_set fds;
1033	struct timeval tv;
1034	int select_now;
1035	int num_sel;
1036
1037	struct sigaction new_act;
1038	struct sigaction old_act;
1039	char errbuf[SH_ERRBUF_SIZE];
1040
1041	SL_ENTER(_("sh_write_select"));
1042
1043	/* ignore SIGPIPE (instead get EPIPE if connection is closed)
1044	*/
1045	new_act.sa_handler = SIG_IGN;
1046	sigemptyset( &new_act.sa_mask ); /* set an empty mask */
1047	new_act.sa_flags = 0; /* init sa_flags */
1048	sigaction (SIGPIPE, &new_act, &old_act);
1049
1050	FD_ZERO(&fds);
1051	FD_SET(sockfd, &fds);
1052
1053	countbytes = 0;
1054	tv.tv_sec = 1;
1055	tv.tv_usec = 0;
1056	select_now = 0;
1057
1058	*w_error = 0;
1059
1060	while ( countbytes < nbytes ) {
1061
1062	FD_ZERO(&fds);
1063	FD_SET(sockfd, &fds);
1064
1065	if (type == SH_DO_WRITE)
1066	{
1067	if ( (num_sel = select (sockfd+1, NULL, &fds, NULL, &tv)) == -1)
1068	{
1069	if (sig_raised == 1)
1070	{
1071	sig_raised = 2;
1072	continue;
1073	}
1074	if ( errno == EINTR \|\| errno == EINPROGRESS ) /* try again */
1075	continue;
1076	*w_error = errno;
1077	sigaction (SIGPIPE, &old_act, NULL);
1078	sh_error_message(*w_error, errbuf, sizeof(errbuf));
1079	sh_error_handle (SH_ERR_INFO, FIL__, __LINE__, errno, MSG_E_SUBGEN,
1080	errbuf,
1081	_("sh_write_select (ws)") );
1082	TPT(( 0, FIL__, __LINE__, _("msg=<select: %s>\n"), errbuf ));
1083	SL_RETURN( countbytes, _("sh_write_select"));
1084	}
1085	}
1086	else
1087	{
1088	if ( (num_sel = select (sockfd+1, &fds, NULL, NULL, &tv)) == -1)
1089	{
1090	if (sig_raised == 1)
1091	{
1092	sig_raised = 2;
1093	continue;
1094	}
1095	if ( errno == EINTR \|\| errno == EINPROGRESS ) /* try again */
1096	continue;
1097	*w_error = errno;
1098	sigaction (SIGPIPE, &old_act, NULL);
1099	sh_error_message(*w_error, errbuf, sizeof(errbuf));
1100	sh_error_handle (SH_ERR_INFO, FIL__, __LINE__, errno, MSG_E_SUBGEN,
1101	errbuf,
1102	_("sh_write_select (rs)") );
1103	TPT(( 0, FIL__, __LINE__, _("msg=<select: %s>\n"), errbuf ));
1104	SL_RETURN( countbytes, _("sh_write_select"));
1105	}
1106	}
1107
1108	/* on Linux, timeout is modified to reflect the amount of
1109	* time not slept
1110	*/
1111	tv.tv_sec = 1;
1112	tv.tv_usec = 0;
1113
1114
1115	/* let's not hang on forever
1116	*/
1117	if (num_sel == 0)
1118	{
1119	++select_now; /* timeout */
1120	if ( select_now > timeout ) /* 5 minutes */
1121	{
1122	#ifdef ETIMEDOUT
1123	*w_error = ETIMEDOUT;
1124	#else
1125	*w_error = 0;
1126	#endif
1127	sigaction (SIGPIPE, &old_act, NULL);
1128	TPT(( 0, FIL__, __LINE__, _("msg=<Timeout>\n")));
1129	SL_RETURN( countbytes, _("sh_write_select"));
1130	}
1131	}
1132
1133	if ( FD_ISSET (sockfd, &fds) )
1134	{
1135	if (type == SH_DO_WRITE)
1136	count = write (sockfd, buf, nbytes-countbytes);
1137	else
1138	count = read (sockfd, buf, nbytes-countbytes);
1139
1140	if (count > 0)
1141	{
1142	countbytes += count;
1143	buf += count; /* move buffer pointer forward */
1144	if (countbytes < nbytes) FD_SET( sockfd, &fds );
1145	}
1146	else if (count < 0 && errno == EINTR)
1147	{
1148	FD_SET( sockfd, &fds );
1149	}
1150	else if (count < 0)
1151	{
1152	*w_error = errno;
1153	sigaction (SIGPIPE, &old_act, NULL);
1154	sh_error_message(*w_error, errbuf, sizeof(errbuf));
1155	sh_error_handle (SH_ERR_INFO, FIL__, __LINE__, errno, MSG_E_SUBGEN,
1156	errbuf,
1157	(type == SH_DO_WRITE) ?
1158	_("sh_write_select (w)") : _("sh_write_select (r)"));
1159	TPT(( 0, FIL__, __LINE__, _("msg=<count < 0>\n")));
1160	SL_RETURN( countbytes, _("sh_write_select"));
1161	}
1162	else /* count == 0 */
1163	{
1164	*w_error = errno;
1165	sigaction (SIGPIPE, &old_act, NULL);
1166	TPT(( 0, FIL__, __LINE__, _("msg=<count == 0>\n")));
1167	SL_RETURN( countbytes, _("sh_write_select"));
1168	}
1169	}
1170	}
1171
1172
1173	/* restore signal handler
1174	*/
1175	sigaction (SIGPIPE, &old_act, NULL);
1176
1177	*w_error = 0;
1178
1179	TPT(( 0, FIL__, __LINE__, _("msg=<count = %d>\n"), countbytes));
1180	SL_RETURN( countbytes, _("sh_write_select"));
1181	}
1182	#endif
1183
1184	#if defined (SH_WITH_CLIENT) \|\| defined(SH_WITH_SERVER)
1185	unsigned long write_port (int sockfd, char *buf, unsigned long nbytes,
1186	int * w_error, int timeout)
1187	{
1188	unsigned long bytes;
1189
1190	SL_ENTER(_("write_port"));
1191
1192	bytes = sh_write_select(SH_DO_WRITE, sockfd, buf, nbytes, w_error, timeout);
1193	if (*w_error != 0)
1194	{
1195	char errbuf[SH_ERRBUF_SIZE];
1196	sh_error_handle((-1), FIL__, __LINE__, *w_error, MSG_TCP_NETRP,
1197	sh_error_message (*w_error, errbuf, sizeof(errbuf)),
1198	(long) sockfd, _("write_port"));
1199	}
1200	SL_RETURN( bytes, _("write_port"));
1201	}
1202	#endif
1203
1204	#if defined(HAVE_NTIME) \|\| defined(SH_WITH_CLIENT) \|\| defined(SH_WITH_SERVER)
1205
1206	unsigned long read_port (int sockfd, char *buf, unsigned long nbytes,
1207	int * w_error, int timeout)
1208	{
1209	unsigned long bytes;
1210
1211	SL_ENTER(_("read_port"));
1212
1213	bytes = sh_write_select(SH_DO_READ, sockfd, buf, nbytes, w_error, timeout);
1214	if (*w_error != 0)
1215	{
1216	char errbuf[SH_ERRBUF_SIZE];
1217	sh_error_handle((-1), FIL__, __LINE__, *w_error, MSG_TCP_NETRP,
1218	sh_error_message (*w_error, errbuf, sizeof(errbuf)),
1219	(long) sockfd, _("read_port"));
1220	}
1221	SL_RETURN( bytes, _("read_port"));
1222	}
1223	#endif
1224
1225	#if defined(SH_WITH_CLIENT) \|\| defined(SH_WITH_SERVER)
1226
1227	int check_request_nerr (char * have, char * need)
1228	{
1229	SL_ENTER(_("check_request_nerr"));
1230	ASSERT_RET((have != NULL && need != NULL),
1231	_("have != NULL && need != NULL"), (-1))
1232
1233	if ( (have[0] == need[0]) && (have[1] == need[1]) &&
1234	(have[2] == need[2]) && (have[3] == need[3]))
1235	SL_RETURN(0, _("check_request_nerr"));
1236	SL_RETURN((-1), _("check_request_nerr"));
1237	}
1238	#endif
1239
1240	#if defined (SH_WITH_CLIENT) \|\| defined(SH_WITH_SERVER)
1241
1242	int check_request (char * have, char * need)
1243	{
1244	char first[21], second[5];
1245	int i;
1246
1247	SL_ENTER(_("check_request"));
1248	i = check_request_nerr (have, need);
1249
1250	if (i == 0)
1251	SL_RETURN(0, _("check_request"));
1252
1253	for (i = 0; i < 4; ++i)
1254	{
1255	second[i] = need[i];
1256	sprintf(&first[i4], _("%c%03o"), / known to fit */
1257	'\\', (unsigned char) have[i]);
1258	}
1259
1260	first[20] = '\0'; second[4] = '\0';
1261
1262	sh_error_handle((-1), FIL__, __LINE__, EINVAL, MSG_E_NETST,
1263	second, first);
1264	SL_RETURN((-1), _("check_request"));
1265	}
1266	#endif
1267
1268	#if defined (SH_WITH_SERVER)
1269
1270	int check_request_s (char * have, char * need, char * clt)
1271	{
1272	char first[21], second[5];
1273	int i;
1274
1275	SL_ENTER(_("check_request_s"));
1276	i = check_request_nerr (have, need);
1277
1278	if (i == 0)
1279	SL_RETURN( (0), _("check_request_s"));
1280
1281	for (i = 0; i < 4; ++i)
1282	{
1283	second[i] = need[i];
1284	sprintf(&first[i4], _("%c%03o"), / known to fit */
1285	'\\', (unsigned char) have[i]);
1286	}
1287	first[20] = '\0'; second[4] = '\0';
1288	sh_error_handle((-1), FIL__, __LINE__, EINVAL, MSG_E_NETST1,
1289	second, first, clt);
1290	SL_RETURN( (-1), _("check_request_s"));
1291	}
1292	#endif
1293
1294	#if defined (SH_WITH_CLIENT) \|\| defined (SH_WITH_SERVER)
1295
1296	void get_header (unsigned char * head, unsigned long * bytes, char * u)
1297	{
1298	SL_ENTER(_("get_header"));
1299
1300	*bytes =
1301	(256 * (unsigned int)head[1] + (unsigned int)head[2]);
1302
1303	if (u != NULL)
1304	{
1305	u[0] = head[3];
1306	u[1] = head[4];
1307	u[2] = head[5];
1308	u[3] = head[6];
1309	u[4] = '\0';
1310	}
1311
1312	SL_RET0(_("get_header"));
1313	}
1314	#endif
1315
1316	#if defined(SH_WITH_CLIENT) \|\| defined(SH_WITH_SERVER)
1317
1318	#ifdef SH_ENCRYPT_2
1319	#define TRANS_BYTES 65120
1320	#else
1321	#define TRANS_BYTES 65280
1322	#endif
1323
1324	void put_header (unsigned char * head, int protocol,
1325	unsigned long * length, char * u)
1326	{
1327
1328	/* static long transfer_limit = (8 * SH_BUFSIZE); V0.8 */
1329	static unsigned long transfer_limit = TRANS_BYTES + 6 + KEY_LEN;
1330
1331	SL_ENTER(_("put_header"));
1332
1333	head[0] = protocol;
1334
1335	ASSERT((length < transfer_limit), _("length < transfer_limit"))
1336
1337	if (*length > transfer_limit)
1338	*length = transfer_limit;
1339
1340	head[1] = (unsigned int)(*length/256);
1341	head[2] = (unsigned int)(length-256 head[1]);
1342	if (u == NULL)
1343	{
1344	head[3] = 0x01;
1345	head[4] = 0x01;
1346	head[5] = 0x01;
1347	head[6] = 0x01;
1348	}
1349	else
1350	{
1351	head[3] = u[0];
1352	head[4] = u[1];
1353	head[5] = u[2];
1354	head[6] = u[3];
1355	}
1356
1357	SL_RET0(_("put_header"));
1358	}
1359	#endif
1360
1361	/* ------------------------------------------
1362	*
1363	* version 2 client/server protocol
1364	*
1365	* ------------------------------------------
1366	*
1367	* header : flag size[2]
1368	*
1369	* payload: random_pad[8] protocol[4] size[4] payload[payload_size] padding
1370	*
1371	* full_size <= 8192; payload_size <= 8176 (51116); msg_size <= 8128 (50816)
1372	* (msg_size = payload_size - key_len = payload_size - 48)
1373	*/
1374
1375	/*
1376	* only SH_V2_FULLSIZE is used, and only once
1377	*/
1378	#if 0
1379	#ifdef SH_WITH_SERVER
1380	#define SH_V2_FULLSIZE 240
1381	#define SH_V2_PAYLOAD 224
1382	#define SH_V2_MESSAGE 176
1383	#else
1384	#define SH_V2_FULLSIZE 1024
1385	#define SH_V2_PAYLOAD 1008
1386	#define SH_V2_MESSAGE 960
1387	#endif
1388	#endif
1389	#define SH_V2_FULLSIZE 1024
1390
1391	#ifdef SH_ENCRYPT
1392	#include "rijndael-api-fst.h"
1393	#endif
1394
1395	void sh_tools_show_header (unsigned char * head, char sign)
1396	{
1397	#define SH_IS_ASCII(c) (((c) & ~0x7f) == 0)
1398
1399
1400	int msg_size = (256 * (unsigned int)head[1] + (unsigned int)head[2]);
1401	char code[32];
1402	char * p = &code[0];
1403
1404	memset (code, ' ', 32); /* space */
1405
1406	if ((head[0] & SH_PROTO_SRP) != 0) { p[0]='S';p[1]='R';p[2]='P';}
1407	p += 4;
1408	if ((head[0] & SH_PROTO_MSG) != 0) { p[0]='M';p[1]='S';p[2]='G';}
1409	p += 4;
1410	if ((head[0] & SH_PROTO_BIG) != 0) { p[0]='B';p[1]='I';p[2]='G';}
1411	p += 4;
1412	if ((head[0] & SH_PROTO_END) != 0) { p[0]='E';p[1]='N';p[2]='D';}
1413	p += 4;
1414	if ((head[0] & SH_PROTO_ENC) != 0) { p[0]='E';p[1]='N';p[2]='C';}
1415	p += 4;
1416	if ((head[0] & SH_PROTO_EN2) != 0) { p[0]='E';p[1]='N';p[2]='2';}
1417	code[23] = '\0';
1418
1419	if (SH_IS_ASCII(head[3]) && isalpha(head[3]) &&
1420	SH_IS_ASCII(head[4]) && isalpha(head[4]) &&
1421	SH_IS_ASCII(head[5]) && isalpha(head[5]) &&
1422	SH_IS_ASCII(head[6]) && isalpha(head[6])) {
1423	fprintf(stderr, "%c %3o %s %5d %c %c %c %c\n", sign,
1424	head[0], code, msg_size, head[3], head[4], head[5], head[6]);
1425	} else {
1426	fprintf(stderr, "%c %3o %s %5d %2X %2X %2X %2X\n", sign,
1427	head[0], code, msg_size, head[3], head[4], head[5], head[6]);
1428	}
1429	return;
1430	}
1431
1432	#ifdef SH_ENCRYPT
1433	/*
1434	* #define DEBUG_EN2
1435	*
1436	* ingest version 1 7-byte header and payload, return version2 header/payload
1437	* last 4 bytes of outgoing header are set to dummy value
1438	*/
1439	char * sh_tools_makePack (unsigned char * header,
1440	char * payload, unsigned long payload_size,
1441	keyInstance * keyInstE)
1442	{
1443	UINT32 rpad[3];
1444	unsigned char head[16];
1445	double epad;
1446	unsigned long i_epad = 0;
1447	unsigned long i_blk = payload_size / 16;
1448	unsigned long i_blkmax = SH_V2_FULLSIZE / 16;
1449	unsigned long pads = 0;
1450	size_t full_size;
1451	char * full_ret;
1452
1453	char * p;
1454	RIJ_BYTE inBlock[B_SIZ];
1455	RIJ_BYTE outBlock[B_SIZ];
1456	int j;
1457	cipherInstance cipherInst;
1458	int err_num;
1459	int blkfac;
1460	int oflow = 0;
1461
1462	/*
1463	SL_REQUIRE (i_blk*16 == payload_size, _("payload_size % 16 != 0"));
1464	*/
1465	if ((i_blk * 16) != payload_size) ++i_blk;
1466	#ifdef DEBUG_EN2
1467	fprintf(stderr, "SEND <%d> blocks <%d>\n", payload_size, i_blk);
1468	#endif
1469	/* random_pad
1470	*/
1471	rpad[1] = taus_get ();
1472	memcpy (head, &rpad[1], 4);
1473	rpad[0] = taus_get ();
1474	memcpy (&head[4], &rpad[0], 4);
1475	rpad[2] = taus_get ();
1476	memcpy (&head[8], &rpad[2], 4);
1477
1478	/* protocol
1479	*/
1480	/* memcpy (&head[8], &header[3], 4); */
1481
1482	/* size (payload)
1483	*/
1484	head[12] = header[1];
1485	head[13] = header[2];
1486	head[14] = '\0';
1487	head[15] = '\0';
1488
1489	if (i_blk < i_blkmax)
1490	{
1491	pads = i_blkmax - i_blk;
1492	/* memcpy((char ) &rpad[2], &head[12], 4); /
1493	epad = taus_get_double (&rpad);
1494	#ifdef DEBUG_EN2
1495	fprintf(stderr, "PAD1 <%d> <%f>\n", pads, epad);
1496	#endif
1497	i_epad = (unsigned long) (pads * epad);
1498	#ifdef DEBUG_EN2
1499	fprintf(stderr, "PAD2 <%d> <%d>\n", i_epad, (i_epad*16));
1500	#endif
1501	}
1502
1503	full_size = 16; /* head */
1504	if (sl_ok_muls(i_blk, 16) && sl_ok_adds(full_size, (i_blk*16)))
1505	full_size = full_size + (i_blk16); / payload */
1506	else
1507	oflow = 1;
1508	if (sl_ok_adds(full_size, (i_epad*16)))
1509	full_size = full_size + (i_epad16); / pad */
1510	else
1511	i_epad = 0;
1512
1513	if (oflow)
1514	{
1515	sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
1516	_("integer overflow"),
1517	_("sh_tools_makePack"));
1518	}
1519
1520	full_ret = SH_ALLOC(full_size);
1521	memcpy(full_ret, head, 16);
1522	if (payload != NULL && !oflow)
1523	{
1524	memcpy(&full_ret[16], payload, payload_size);
1525	}
1526	if ((i_blk*16) > payload_size && !oflow)
1527	{
1528	#ifdef DEBUG_EN2
1529	fprintf(stderr, "SEN2 <%d>\n", (i_blk*16) - payload_size);
1530	#endif
1531	memset(&full_ret[16+payload_size], '\0', (i_blk*16) - payload_size);
1532	payload_size = i_blk * 16;
1533	}
1534	memset(&full_ret[16+payload_size], '\0', i_epad*16);
1535	#ifdef DEBUG_EN2
1536	fprintf(stderr, "SEN3 <%d> <%d>\n", full_size, i_epad*16);
1537	#endif
1538
1539	/* rewrite header
1540	*/
1541	header[1] = (unsigned int)(full_size/256);
1542	header[2] = (unsigned int)(full_size - (256 * header[1]));
1543	/* don't erase protocol from header
1544	memset(&header[3], '\0', 4);
1545	*/
1546	p = full_ret; blkfac = full_size / 16;
1547
1548	err_num = cipherInit (&cipherInst, MODE_CBC, NULL);
1549
1550	if (err_num < 0)
1551	{
1552	char expbuf[SH_ERRBUF_SIZE];
1553	sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
1554	errorExplain(err_num, expbuf, sizeof(expbuf)),
1555	_("sh_tools_makePack: cipherInit"));
1556	}
1557	for (j = 0; j < blkfac; ++j)
1558	{
1559	memcpy(inBlock, p, B_SIZ);
1560	err_num = blockEncrypt(&cipherInst, keyInstE,
1561	inBlock, 128 * BNUM, outBlock);
1562	if (err_num < 0)
1563	{
1564	char expbuf[SH_ERRBUF_SIZE];
1565	sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
1566	errorExplain(err_num, expbuf, sizeof(expbuf)),
1567	_("sh_tools_makePack: blockEncrypt"));
1568	}
1569	memcpy(p, outBlock, B_SIZ);
1570	p += B_SIZ;
1571	}
1572
1573	return full_ret;
1574	}
1575
1576	/* write a 7-byte header and return payload as expected by version 1
1577	* last 4 bytes of incoming header are dummy
1578	*/
1579	char * sh_tools_revertPack (unsigned char * header, char * message,
1580	keyInstance * keyInstD,
1581	unsigned long message_size)
1582	{
1583	unsigned long msg_size;
1584	char * msg_ret;
1585
1586	char * p;
1587	RIJ_BYTE inBlock[B_SIZ];
1588	RIJ_BYTE outBlock[B_SIZ];
1589	int j;
1590	cipherInstance cipherInst;
1591	int err_num;
1592	int blkfac;
1593	char expbuf[SH_ERRBUF_SIZE];
1594
1595	msg_size = (256 * (unsigned int)header[1] + (unsigned int)header[2]);
1596	#ifdef DEBUG_EN2
1597	fprintf(stderr, "RECV <%lu>\n", msg_size);
1598	#endif
1599	if (msg_size > message_size) {
1600	msg_size = message_size;
1601	#ifdef DEBUG_EN2
1602	fprintf(stderr, "RECV TRUNC1 <%lu>\n", msg_size);
1603	#endif
1604	}
1605
1606	p = message; blkfac = msg_size / 16;
1607
1608	err_num = cipherInit (&cipherInst, MODE_CBC, NULL);
1609
1610	if (err_num < 0)
1611	{
1612	sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
1613	errorExplain(err_num, expbuf, sizeof(expbuf)),
1614	_("sh_tools_revertPack: cipherInit"));
1615	}
1616	for (j = 0; j < blkfac; ++j)
1617	{
1618	memcpy(inBlock, p, B_SIZ);
1619	err_num = blockDecrypt(&cipherInst, keyInstD,
1620	inBlock, 128 * BNUM, outBlock);
1621	if (err_num < 0)
1622	{
1623	sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
1624	errorExplain(err_num, expbuf, sizeof(expbuf)),
1625	_("sh_tools_revertPack: blockDecrypt"));
1626	}
1627	memcpy(p, outBlock, B_SIZ);
1628	p += B_SIZ;
1629	}
1630
1631	/* rewrite size in header
1632	*/
1633	header[1] = message[12];
1634	header[2] = message[13];
1635	msg_size = (256 * (unsigned int)header[1] + (unsigned int)header[2]);
1636
1637	if (msg_size > (message_size-16))
1638	{
1639	msg_size = message_size-16;
1640	header[1] = (unsigned int)(msg_size/256);
1641	header[2] = (unsigned int)(msg_size - (256 * header[1]));
1642	#ifdef DEBUG_EN2
1643	fprintf(stderr, "RECV TRUNC2 <%lu>\n", msg_size);
1644	#endif
1645	}
1646	#ifdef DEBUG_EN2
1647	fprintf(stderr, "REC2 <%lu>\n", msg_size);
1648	#endif
1649	/* protocol
1650	*/
1651	/* memcpy(&header[3], &message[8], 4); */
1652
1653	/* payload
1654	*/
1655	msg_ret = SH_ALLOC(msg_size+1);
1656	if (msg_size > 0)
1657	{
1658	memcpy(msg_ret, &message[16], msg_size);
1659	}
1660	msg_ret[msg_size] = '\0';
1661	#ifdef DEBUG_EN2
1662	fprintf(stderr, "REC3 <%lu>\n", msg_size);
1663	#endif
1664	SH_FREE(message);
1665
1666	return msg_ret;
1667	}
1668	#endif
1669
1670	int sh_tools_hash_add(char * key, char * buf, int buflen)
1671	{
1672	char * theSig;
1673	char sigbuf[KEYBUF_SIZE];
1674
1675	SL_ENTER(_("sh_tools_hash_add"));
1676
1677	theSig = sh_util_siggen (key, buf, buflen, sigbuf, sizeof(sigbuf));
1678	sl_strlcat(buf, theSig, buflen + KEY_LEN + 1);
1679
1680	SL_RETURN((0), _("sh_tools_hash_add"));
1681	}
1682
1683
1684	/* return 0 (== FALSE) if no match, else 1 (== TRUE)
1685	*/
1686	int sh_tools_hash_vfy(char * key, char * buf, int buflen)
1687	{
1688	char hash[KEY_LEN+1];
1689	register int i;
1690	char * theSig;
1691	char sigbuf[KEYBUF_SIZE];
1692
1693	SL_ENTER(_("sh_tools_hash_vfy"));
1694
1695	theSig = sh_util_siggen (key, buf, buflen, sigbuf, sizeof(sigbuf));
1696	sl_strlcpy(hash, theSig, KEY_LEN+1);
1697
1698	for (i = 0; i < KEY_LEN; ++i)
1699	{
1700	if (buf[buflen + i] != hash[i])
1701	SL_RETURN((0), _("sh_tools_hash_vfy"));
1702	}
1703
1704	SL_RETURN((1), _("sh_tools_hash_vfy"));
1705	}
1706
1707	/* ------------------------------------------ */
1708
1709	#if defined (SH_WITH_SERVER)
1710
1711	/* add a checksum to a buffer; put checksum in front
1712	*/
1713	char * hash_me (char * key, char * buf, int buflen)
1714	{
1715	char hash[KEY_LEN+1];
1716	char * temp = NULL;
1717	register int i;
1718	int total = 0;
1719	char * theSig;
1720	char sigbuf[KEYBUF_SIZE];
1721
1722
1723	SL_ENTER(_("hash_me"));
1724
1725	#ifdef DEBUG_EN2
1726	fprintf(stderr, "hash_me <%s> <%d>\n",
1727	(key == NULL) ? "NULL" : key, buflen);
1728	#endif
1729	/* key = H(NSRV,NCLT,SK)
1730	*/
1731	ASSERT_RET((key != NULL), _("key != NULL"), (NULL));
1732	ASSERT_RET((buflen >= 0), _("buflen >= 0"), (NULL));
1733
1734	theSig = sh_util_siggen (key, buf, buflen, sigbuf, sizeof(sigbuf));
1735	sl_strlcpy(hash, theSig, KEY_LEN+1);
1736
1737	if (sl_ok_adds(buflen, KEY_LEN))
1738	{
1739	total = KEY_LEN + buflen;
1740	temp = SH_ALLOC (total);
1741
1742	for (i = 0; i < KEY_LEN; ++i)
1743	temp[i] = hash[i];
1744
1745	for (i = 0; i < buflen; ++i)
1746	temp[i+KEY_LEN] = buf[i];
1747	}
1748	else
1749	{
1750	sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
1751	_("integer overflow"),
1752	_("hash_me"));
1753	temp = sh_util_strdup(buf);
1754	}
1755	SL_RETURN(temp, _("hash_me"));
1756	}
1757	#endif
1758
1759	#if defined(SH_WITH_CLIENT) \|\| defined(SH_WITH_SERVER)
1760
1761	/* verify the checksum of a buffer; checksum comes first
1762	*/
1763	int hash_check(char * key,
1764	char * buf, int buflen)
1765	{
1766	char hash[KEY_LEN+1];
1767	register int i;
1768	char * theSig;
1769	char sigbuf[KEYBUF_SIZE];
1770
1771	SL_ENTER(_("hash_check"));
1772
1773	#ifdef DEBUG_EN2
1774	fprintf(stderr, "hash_check <%s> <%d>\n",
1775	(key == NULL) ? "NULL" : key, buflen);
1776	#endif
1777	theSig = sh_util_siggen (key, &buf[KEY_LEN], buflen-KEY_LEN,
1778	sigbuf, sizeof(sigbuf));
1779	sl_strlcpy(hash, theSig, KEY_LEN+1);
1780
1781	for (i = 0; i < KEY_LEN; ++i)
1782	{
1783	if (buf[i] != hash[i])
1784	SL_RETURN((-1), _("hash_check"));
1785	}
1786	SL_RETURN((0), _("hash_check"));
1787	}
1788
1789	#endif
1790
1791	#if defined (SH_WITH_SERVER)
1792
1793	char * get_client_conf_file (char * peer, unsigned long * length)
1794	{
1795	char * ret;
1796	int status;
1797	struct stat buf;
1798	char * base;
1799	size_t size;
1800
1801	SL_ENTER(_("get_client_conf_file"));
1802
1803	base = sh_util_strdup(DEFAULT_DATAROOT);
1804
1805	size = sl_strlen(base);
1806	if (sl_ok_adds(size, sl_strlen(peer)))
1807	size += sl_strlen(peer);
1808	if (sl_ok_adds(size, 6))
1809	size += 6;
1810
1811	ret = SH_ALLOC(size);
1812	sl_strlcpy(ret, base, size);
1813	sl_strlcat(ret, _("/rc."), size);
1814	sl_strlcat(ret, peer, size);
1815
1816	status = retry_stat (FIL__, __LINE__, ret, &buf);
1817
1818	if (status == 0)
1819	goto lab_end;
1820	else
1821	sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, status, MSG_E_ACCESS,
1822	(long) sh.effective.uid, ret);
1823
1824	sl_strlcpy(ret, base, size);
1825	sl_strlcat(ret, "/rc", size);
1826
1827	status = retry_stat (FIL__, __LINE__, ret, &buf);
1828
1829	if (status == 0)
1830	goto lab_end;
1831	else
1832	sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_E_ACCESS,
1833	(long) sh.effective.uid, ret);
1834
1835	SH_FREE(base);
1836	SH_FREE(ret);
1837	*length=0;
1838	SL_RETURN(NULL, _("get_client_conf_file"));
1839
1840	lab_end:
1841	if (buf.st_size > 0x7fffffff)
1842	{
1843	sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_E_SUBGEN,
1844	_("File too large"), _("get_client_conf_file"));
1845	SH_FREE(base);
1846	SL_RETURN(NULL, _("get_client_conf_file"));
1847	}
1848	*length = (unsigned long) buf.st_size;
1849	SH_FREE(base);
1850	SL_RETURN(ret, _("get_client_conf_file"));
1851	}
1852
1853	char * get_client_data_file (char * peer, unsigned long * length)
1854	{
1855	char * ret;
1856	int status;
1857	struct stat buf;
1858
1859	char * base;
1860	size_t size;
1861
1862	SL_ENTER(_("get_client_data_file"));
1863
1864	base = sh_util_strdup(DEFAULT_DATAROOT);
1865
1866	size = sl_strlen(base);
1867	if (sl_ok_adds(size, sl_strlen(peer)))
1868	size += sl_strlen(peer);
1869	if (sl_ok_adds(size, 8))
1870	size += 8;
1871
1872	ret = SH_ALLOC(size);
1873	sl_strlcpy(ret, base, size);
1874	sl_strlcat(ret, _("/file."), size);
1875	sl_strlcat(ret, peer, size);
1876
1877	status = retry_stat (FIL__, __LINE__, ret, &buf);
1878
1879	if (status == 0)
1880	goto lab1_end;
1881	else
1882	sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, status, MSG_E_ACCESS,
1883	(long) sh.effective.uid, ret);
1884
1885
1886	sl_strlcpy(ret, base, size);
1887	sl_strlcat(ret, _("/file"), size);
1888
1889	status = retry_stat (FIL__, __LINE__, ret, &buf);
1890
1891	if (status == 0)
1892	goto lab1_end;
1893	else
1894	sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, status, MSG_E_ACCESS,
1895	(long) sh.effective.uid, ret);
1896
1897
1898	*length = 0;
1899	SH_FREE(base);
1900	SH_FREE(ret);
1901	SL_RETURN(NULL, _("get_client_data_file"));
1902
1903	lab1_end:
1904	if (buf.st_size > 0x7fffffff)
1905	{
1906	sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_E_SUBGEN,
1907	_("File too large"), _("get_client_data_file"));
1908	SH_FREE(base);
1909	SL_RETURN(NULL, _("get_client_data_file"));
1910	}
1911	*length = (unsigned long) buf.st_size;
1912	SH_FREE(base);
1913	SL_RETURN(ret, _("get_client_data_file"));
1914
1915	}
1916	#endif
1917
1918	#if defined(SH_WITH_CLIENT) \|\| defined(SH_WITH_SERVER) \|\| defined(SH_STEALTH) \|\| defined(WITH_GPG) \|\| defined(WITH_PGP)
1919
1920	/* --------- secure temporary file ------------ */
1921
1922	SL_TICKET open_tmp ()
1923	{
1924	SL_TICKET fd;
1925	UINT32 ticks;
1926	char * file;
1927	struct stat buf;
1928	int error;
1929	int status = BAD;
1930	char * my_tmp_dir;
1931	char hashbuf[KEYBUF_SIZE];
1932
1933	SL_ENTER(_("open_tmp"));
1934
1935	#if defined(SH_TMPDIR)
1936	my_tmp_dir = sh_util_strdup(SH_TMPDIR);
1937	#else
1938	#if defined(SH_WITH_SERVER)
1939	my_tmp_dir = sh_util_strdup(DEFAULT_LOGDIR);
1940	#else
1941	my_tmp_dir = sh_util_strdup(sh.effective.home);
1942	#endif
1943	#endif
1944
1945	if (0 != tf_trust_check (my_tmp_dir, SL_YESPRIV))
1946	{
1947	dlog(1, FIL__, __LINE__,
1948	_("The directory for temporary files: %s is untrusted, i.e. an\nuntrusted user owns or can write to some directory in the path.\n"),
1949	my_tmp_dir);
1950	sh_error_handle ((-1), FIL__, __LINE__, EACCES, MSG_TRUST,
1951	(long) sh.effective.uid,
1952	my_tmp_dir);
1953	SH_FREE(my_tmp_dir);
1954	aud_exit (FIL__, __LINE__, EXIT_FAILURE);
1955	}
1956
1957	do {
1958
1959	/* create random filename in effective users home directory
1960	*/
1961	ticks = taus_get ();
1962	if (my_tmp_dir[0] == '/' && my_tmp_dir[1] == '\0')
1963	file = sh_util_strconcat (my_tmp_dir,
1964	sh_tiger_hash( (char *) &ticks, TIGER_DATA, 4,
1965	hashbuf, sizeof(hashbuf)),
1966	NULL);
1967	else
1968	file = sh_util_strconcat (my_tmp_dir,
1969	"/",
1970	sh_tiger_hash( (char *) &ticks, TIGER_DATA, 4,
1971	hashbuf, sizeof(hashbuf)),
1972	NULL);
1973
1974	/* check whether it already exists (paranoia)
1975	*/
1976	errno = 0;
1977	status = retry_lstat(FIL__, __LINE__, file, &buf);
1978	error = errno;
1979
1980	if ( (status < 0) && (error == ENOENT) ) /* file does not exist */
1981	status = GOOD;
1982	else if (status < 0) /* unexpected error condition */
1983	{
1984	SH_FREE (file);
1985	SH_FREE(my_tmp_dir);
1986	sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, status, MSG_E_SUBGEN,
1987	_("Error (lstat) while opening temporary file"), _("open_tmp"));
1988	TPT(( 0, FIL__, __LINE__, _("msg=<Unexpected error %d>\n"), error));
1989	SL_RETURN((-1), _("open_tmp"));
1990	}
1991	else /* file exists */
1992	{
1993	status = BAD;
1994	TPT(( 0, FIL__, __LINE__, _("msg=<Temporary file exists already>\n")));
1995	}
1996
1997	if (status == GOOD)
1998	{
1999	if (0 == tf_trust_check (file, SL_YESPRIV))
2000	status = GOOD;
2001	else
2002	{
2003	status = BAD;
2004	TPT(( 0, FIL__, __LINE__, _("msg=<Temporary file untrusted>\n")));
2005	}
2006	}
2007
2008	if (status == BAD)
2009	SH_FREE (file);
2010
2011	} while (status == BAD);
2012
2013	fd = sl_open_safe_rdwr (FIL__, __LINE__, file, SL_YESPRIV);
2014	if (SL_ISERROR(fd))
2015	{
2016	sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, fd, MSG_E_SUBGEN,
2017	_("Error opening temporary file"), _("open_tmp"));
2018	TPT(( 0, FIL__, __LINE__, _("msg=<Error %d temporary file %s>\n"),
2019	fd, file));
2020	}
2021
2022
2023	SH_FREE (file);
2024	SH_FREE(my_tmp_dir);
2025
2026	if (!SL_ISERROR(fd)) {
2027	sl_unlink(fd);
2028	}
2029
2030	if (!SL_ISERROR(fd))
2031	SL_RETURN((fd), _("open_tmp"));
2032	else
2033	SL_RETURN((-1), _("open_tmp"));
2034	}
2035
2036
2037	int close_tmp (SL_TICKET fd)
2038	{
2039	SL_ENTER(_("close_tmp"));
2040
2041	if (SL_ISERROR(sl_close (fd)))
2042	SL_RETURN((-1), _("close_tmp"));
2043	SL_RETURN((0), _("close_tmp"));
2044	}
2045
2046	int rewind_tmp (SL_TICKET fd)
2047	{
2048	SL_ENTER(_("rewind_tmp"));
2049
2050	if (SL_ISERROR(sl_rewind (fd)))
2051	SL_RETURN((-1), _("rewind_tmp"));
2052	SL_RETURN((0), _("rewind_tmp"));
2053	}
2054	#endif

Note: See TracBrowser for help on using the repository browser.

Download in other formats: