1 | /* SAMHAIN file system integrity testing */
|
---|
2 | /* Copyright (C) 1999, 2000 Rainer Wichmann */
|
---|
3 | /* */
|
---|
4 | /* This program is free software; you can redistribute it */
|
---|
5 | /* and/or modify */
|
---|
6 | /* it under the terms of the GNU General Public License as */
|
---|
7 | /* published by */
|
---|
8 | /* the Free Software Foundation; either version 2 of the License, or */
|
---|
9 | /* (at your option) any later version. */
|
---|
10 | /* */
|
---|
11 | /* This program is distributed in the hope that it will be useful, */
|
---|
12 | /* but WITHOUT ANY WARRANTY; without even the implied warranty of */
|
---|
13 | /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
|
---|
14 | /* GNU General Public License for more details. */
|
---|
15 | /* */
|
---|
16 | /* You should have received a copy of the GNU General Public License */
|
---|
17 | /* along with this program; if not, write to the Free Software */
|
---|
18 | /* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
|
---|
19 |
|
---|
20 | #include "config_xor.h"
|
---|
21 |
|
---|
22 |
|
---|
23 | #include <stdio.h>
|
---|
24 | #include <stdlib.h>
|
---|
25 | #include <string.h>
|
---|
26 | #include <ctype.h>
|
---|
27 |
|
---|
28 | /* Must be early on FreeBSD
|
---|
29 | */
|
---|
30 | #include <sys/types.h>
|
---|
31 |
|
---|
32 | #ifdef HAVE_MEMORY_H
|
---|
33 | #include <memory.h>
|
---|
34 | #endif
|
---|
35 |
|
---|
36 | #ifdef HAVE_SYS_SELECT_H
|
---|
37 | #include <sys/select.h>
|
---|
38 | #endif
|
---|
39 |
|
---|
40 | #ifdef HAVE_UNISTD_H
|
---|
41 | #include <errno.h>
|
---|
42 | #include <signal.h>
|
---|
43 | #include <setjmp.h>
|
---|
44 | #include <pwd.h>
|
---|
45 | #include <grp.h>
|
---|
46 | #include <sys/stat.h>
|
---|
47 | #include <sys/resource.h>
|
---|
48 | #include <fcntl.h>
|
---|
49 | #include <sys/wait.h>
|
---|
50 | #include <unistd.h>
|
---|
51 | #endif
|
---|
52 |
|
---|
53 | #include <sys/socket.h>
|
---|
54 |
|
---|
55 | #ifdef HOST_IS_HPUX
|
---|
56 | #define _XOPEN_SOURCE_EXTENDED
|
---|
57 | #endif
|
---|
58 | #include <netinet/in.h>
|
---|
59 | #include <arpa/inet.h>
|
---|
60 | #include <netdb.h>
|
---|
61 |
|
---|
62 | #ifndef FD_SET
|
---|
63 | #define NFDBITS 32
|
---|
64 | #define FD_SET(n, p) ((p)->fds_bits[(n)/NFDBITS] |= (1 << ((n) % NFDBITS)))
|
---|
65 | #define FD_CLR(n, p) ((p)->fds_bits[(n)/NFDBITS] &= ~(1 << ((n) % NFDBITS)))
|
---|
66 | #define FD_ISSET(n, p) ((p)->fds_bits[(n)/NFDBITS] & (1 << ((n) % NFDBITS)))
|
---|
67 | #endif /* !FD_SET */
|
---|
68 | #ifndef FD_SETSIZE
|
---|
69 | #define FD_SETSIZE 32
|
---|
70 | #endif
|
---|
71 | #ifndef FD_ZERO
|
---|
72 | #define FD_ZERO(p) memset((char *)(p), '\0', sizeof(*(p)))
|
---|
73 | #endif
|
---|
74 |
|
---|
75 |
|
---|
76 | #if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
|
---|
77 | #include <sys/mman.h>
|
---|
78 | #endif
|
---|
79 |
|
---|
80 | #define SH_REAL_SET
|
---|
81 |
|
---|
82 | #include "samhain.h"
|
---|
83 | #include "sh_mem.h"
|
---|
84 | #include "sh_error.h"
|
---|
85 | #include "sh_tools.h"
|
---|
86 | #include "sh_utils.h"
|
---|
87 | #include "sh_tiger.h"
|
---|
88 | #define SH_NEED_GETHOSTBYXXX
|
---|
89 | #include "sh_static.h"
|
---|
90 | #include "sh_pthread.h"
|
---|
91 |
|
---|
92 | #undef FIL__
|
---|
93 | #define FIL__ _("sh_tools.c")
|
---|
94 |
|
---|
95 | #ifdef SH_ENCRYPT
|
---|
96 | #include "rijndael-api-fst.h"
|
---|
97 | char * errorExplain (int err_num, char * buffer, size_t len)
|
---|
98 | {
|
---|
99 | char * p;
|
---|
100 |
|
---|
101 | if (err_num == BAD_KEY_DIR)
|
---|
102 | p = (_("Key direction is invalid"));
|
---|
103 | else if (err_num == BAD_KEY_MAT)
|
---|
104 | p = (_("Key material not of correct length"));
|
---|
105 | else if (err_num == BAD_KEY_INSTANCE)
|
---|
106 | p = (_("Key passed is not valid"));
|
---|
107 | else if (err_num == BAD_CIPHER_MODE)
|
---|
108 | p = (_("Params struct passed to cipherInit invalid"));
|
---|
109 | else if (err_num == BAD_CIPHER_STATE)
|
---|
110 | p = (_("Cipher in wrong state"));
|
---|
111 | else if (err_num == BAD_BLOCK_LENGTH)
|
---|
112 | p = (_("Bad block length"));
|
---|
113 | else if (err_num == BAD_CIPHER_INSTANCE)
|
---|
114 | p = (_("Bad cipher instance"));
|
---|
115 | else if (err_num == BAD_DATA)
|
---|
116 | p = (_("Data contents are invalid"));
|
---|
117 | else
|
---|
118 | p = (_("Unknown error"));
|
---|
119 | sl_strlcpy (buffer, p, len);
|
---|
120 | return buffer;
|
---|
121 | }
|
---|
122 |
|
---|
123 | #endif
|
---|
124 |
|
---|
125 | /* --- recode all \blah escapes to '=XX' format, and also code all
|
---|
126 | * remaining unprintable chars ---
|
---|
127 | */
|
---|
128 | #define SH_PUT_4(p, a, b, c) (p)[0] = (a); (p)[1] = (b); (p)[2] = (c);
|
---|
129 |
|
---|
130 | char * sh_tools_safe_name (const char * instr, int flag)
|
---|
131 | {
|
---|
132 | unsigned char c, d;
|
---|
133 | const char * p;
|
---|
134 | char tmp[4];
|
---|
135 | char * outstr;
|
---|
136 | size_t len = 1;
|
---|
137 | int i = 0;
|
---|
138 | unsigned char val_octal = '\0';
|
---|
139 | static char ctable[16] = { '0', '1', '2', '3', '4', '5', '6', '7',
|
---|
140 | '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
|
---|
141 |
|
---|
142 | SL_ENTER(_("sh_tools_safe_name"));
|
---|
143 |
|
---|
144 | if (instr)
|
---|
145 | {
|
---|
146 | len = strlen(instr);
|
---|
147 | if (sl_ok_muls (3, len) && sl_ok_adds ((3*len), 4))
|
---|
148 | {
|
---|
149 | len = (3 * len) + 4;
|
---|
150 | p = instr;
|
---|
151 | }
|
---|
152 | else
|
---|
153 | {
|
---|
154 | len = 1;
|
---|
155 | p = NULL;
|
---|
156 | }
|
---|
157 | }
|
---|
158 | else
|
---|
159 | {
|
---|
160 | p = NULL;
|
---|
161 | }
|
---|
162 |
|
---|
163 | outstr = SH_ALLOC(len);
|
---|
164 |
|
---|
165 | outstr[0] = '\0';
|
---|
166 | tmp[3] = '\0';
|
---|
167 |
|
---|
168 | #if !defined(SH_USE_XML)
|
---|
169 | (void) flag; /* fix compiler warning */
|
---|
170 | #endif
|
---|
171 |
|
---|
172 | if (!p)
|
---|
173 | goto end;
|
---|
174 |
|
---|
175 | while (*p)
|
---|
176 | {
|
---|
177 | c = *p;
|
---|
178 |
|
---|
179 | if (*p == '\n')
|
---|
180 | {
|
---|
181 | outstr[i] = ' '; ++i; ++p;
|
---|
182 | continue;
|
---|
183 | }
|
---|
184 |
|
---|
185 | #ifdef SH_USE_XML
|
---|
186 | if (flag == 1)
|
---|
187 | {
|
---|
188 | if ((*p) == '"')
|
---|
189 | {
|
---|
190 | SH_PUT_4(&outstr[i], '=', '2', '2');
|
---|
191 | i+=3; ++p;
|
---|
192 | continue;
|
---|
193 | }
|
---|
194 | else if ((*p) == '&')
|
---|
195 | {
|
---|
196 | SH_PUT_4(&outstr[i], '=', '2', '6');
|
---|
197 | i+=3; ++p;
|
---|
198 | continue;
|
---|
199 | }
|
---|
200 | else if ((*p) == '<')
|
---|
201 | { /* left angle */
|
---|
202 | SH_PUT_4(&outstr[i], '=', '3', 'c');
|
---|
203 | i+=3; ++p;
|
---|
204 | continue;
|
---|
205 | }
|
---|
206 | else if ((*p) == '>')
|
---|
207 | { /* right angle */
|
---|
208 | SH_PUT_4(&outstr[i], '=', '3', 'e');
|
---|
209 | i+=3; ++p;
|
---|
210 | continue;
|
---|
211 | }
|
---|
212 | }
|
---|
213 | #endif
|
---|
214 |
|
---|
215 | if ( (*p) != '\\' && (*p) != '&' && (*p) != '=' && (*p) != '\'')
|
---|
216 | {
|
---|
217 | outstr[i] = *p; ++i;
|
---|
218 | ++p;
|
---|
219 |
|
---|
220 | if (c < 32 || c > 126)
|
---|
221 | {
|
---|
222 | --i;
|
---|
223 | d = c % 16; c = c / 16;
|
---|
224 | outstr[i] = '='; ++i;
|
---|
225 | outstr[i] = ctable[c]; ++i;
|
---|
226 | outstr[i] = ctable[d]; ++i;
|
---|
227 | }
|
---|
228 |
|
---|
229 | continue;
|
---|
230 | }
|
---|
231 | else if ((*p) == '\'')
|
---|
232 | {
|
---|
233 | SH_PUT_4(&outstr[i], '=', '2', '7');
|
---|
234 | i+=3; ++p;
|
---|
235 | }
|
---|
236 | else if (*p == '=')
|
---|
237 | {
|
---|
238 | if (p[1] != '"' && p[1] != '<')
|
---|
239 | {
|
---|
240 | SH_PUT_4(&outstr[i], '=', '3', 'd');
|
---|
241 | i+=3; ++p;
|
---|
242 | }
|
---|
243 | else
|
---|
244 | { outstr[i] = *p; ++i; ++p; }
|
---|
245 | }
|
---|
246 | else if (*p == '\\')
|
---|
247 | {
|
---|
248 | ++p;
|
---|
249 | if (!p)
|
---|
250 | break;
|
---|
251 | if (!(*p))
|
---|
252 | break;
|
---|
253 |
|
---|
254 | c = *p;
|
---|
255 |
|
---|
256 | switch (*p) {
|
---|
257 | case '\\':
|
---|
258 | SH_PUT_4(&outstr[i], '=', '5', 'c');
|
---|
259 | i+=3; ++p;
|
---|
260 | break;
|
---|
261 | case 'n':
|
---|
262 | SH_PUT_4(&outstr[i], '=', '0', 'a');
|
---|
263 | i+=3; ++p;
|
---|
264 | break;
|
---|
265 | case 'b':
|
---|
266 | SH_PUT_4(&outstr[i], '=', '0', '8');
|
---|
267 | i+=3; ++p;
|
---|
268 | break;
|
---|
269 | case 'r':
|
---|
270 | SH_PUT_4(&outstr[i], '=', '0', 'd');
|
---|
271 | i+=3; ++p;
|
---|
272 | break;
|
---|
273 | case 't':
|
---|
274 | SH_PUT_4(&outstr[i], '=', '0', '9');
|
---|
275 | i+=3; ++p;
|
---|
276 | break;
|
---|
277 | case 'v':
|
---|
278 | SH_PUT_4(&outstr[i], '=', '0', 'b');
|
---|
279 | i+=3; ++p;
|
---|
280 | break;
|
---|
281 | case 'f':
|
---|
282 | SH_PUT_4(&outstr[i], '=', '0', 'c');
|
---|
283 | i+=3; ++p;
|
---|
284 | break;
|
---|
285 | case '\'':
|
---|
286 | SH_PUT_4(&outstr[i], '=', '2', '7');
|
---|
287 | i+=3; ++p;
|
---|
288 | break;
|
---|
289 | case '"': /* also encode quoted '"' */
|
---|
290 | SH_PUT_4(&outstr[i], '=', '2', '2');
|
---|
291 | i+=3; ++p;
|
---|
292 | break;
|
---|
293 | case ' ':
|
---|
294 | SH_PUT_4(&outstr[i], '=', '2', '0');
|
---|
295 | i+=3; ++p;
|
---|
296 | break;
|
---|
297 | default:
|
---|
298 | if (strlen(p) < 3) /* certainly not an octal number, skip */
|
---|
299 | {
|
---|
300 | p += strlen(p);
|
---|
301 | }
|
---|
302 | else
|
---|
303 | {
|
---|
304 | tmp[0] = p[0]; tmp[1] = p[1]; tmp[2] = p[2];
|
---|
305 | val_octal = (unsigned char) strtoul(tmp, (char **)NULL, 8);
|
---|
306 | if (val_octal != '\0') {
|
---|
307 | c = val_octal;
|
---|
308 | d = c % 16; c = c / 16;
|
---|
309 | outstr[i] = '='; ++i;
|
---|
310 | outstr[i] = ctable[c]; ++i;
|
---|
311 | outstr[i] = ctable[d]; ++i;
|
---|
312 | }
|
---|
313 | p += 3;
|
---|
314 | }
|
---|
315 | }
|
---|
316 | }
|
---|
317 | else if (*p == '&')
|
---|
318 | {
|
---|
319 | ++p;
|
---|
320 | if (!p || !(*p))
|
---|
321 | {
|
---|
322 | outstr[i] = '&'; ++i;
|
---|
323 | break;
|
---|
324 | }
|
---|
325 |
|
---|
326 | if (p[0] == 'a' && p[1] == 'm' && p[2] == 'p' && p[3] == ';')
|
---|
327 | {
|
---|
328 | SH_PUT_4(&outstr[i], '=', '2', '6');
|
---|
329 | i+=3; p += 4;
|
---|
330 | }
|
---|
331 | else if (p[0] == 'q' && p[1] == 'u' && p[2] == 'o' && p[3] == 't' &&
|
---|
332 | p[4] == ';')
|
---|
333 | {
|
---|
334 | SH_PUT_4(&outstr[i], '=', '2', '2');
|
---|
335 | i+=3; p += 5;
|
---|
336 | }
|
---|
337 | else if (p[0] == 'l' && p[1] == 't' && p[2] == ';')
|
---|
338 | {
|
---|
339 | SH_PUT_4(&outstr[i], '=', '3', 'c');
|
---|
340 | i+=3; p += 3;
|
---|
341 | }
|
---|
342 | else if (p[0] == 'g' && p[1] == 't' && p[2] == ';')
|
---|
343 | {
|
---|
344 | SH_PUT_4(&outstr[i], '=', '3', 'e');
|
---|
345 | i+=3; p += 3;
|
---|
346 | }
|
---|
347 | else /* conserve the '&' */
|
---|
348 | {
|
---|
349 | outstr[i] = '&'; ++i;
|
---|
350 | }
|
---|
351 | }
|
---|
352 | else
|
---|
353 | {
|
---|
354 | outstr[i] = *p; ++i;
|
---|
355 | ++p;
|
---|
356 | }
|
---|
357 | } /* while (p && *p) */
|
---|
358 |
|
---|
359 | end:
|
---|
360 |
|
---|
361 | outstr[i] = '\0';
|
---|
362 | SL_RETURN( outstr, _("sh_tools_safe_name"));
|
---|
363 | }
|
---|
364 |
|
---|
365 |
|
---|
366 | /* extern int h_errno; */
|
---|
367 |
|
---|
368 | char * sh_tools_errmessage (int tellme, char * errbuf, size_t len)
|
---|
369 | {
|
---|
370 | char * p = NULL;
|
---|
371 | #ifdef HOST_NOT_FOUND
|
---|
372 | if (tellme == HOST_NOT_FOUND)
|
---|
373 | p = _("The specified host is unknown: ");
|
---|
374 | #endif
|
---|
375 | #ifdef NO_ADDRESS
|
---|
376 | if (tellme == NO_ADDRESS)
|
---|
377 | p = _("The requested name is valid but does not have an IP address: ");
|
---|
378 | #endif
|
---|
379 | #ifdef NO_RECOVERY
|
---|
380 | if (tellme == NO_RECOVERY)
|
---|
381 | p = _("A non-recoverable name server error occurred: ");
|
---|
382 | #endif
|
---|
383 | #ifdef TRY_AGAIN
|
---|
384 | if (tellme == TRY_AGAIN)
|
---|
385 | p = _("A temporary error occurred on an authoritative name server. The specified host is unknown: ");
|
---|
386 | #endif
|
---|
387 | if (!p) p = _("Unknown error");
|
---|
388 | sl_strlcpy(errbuf, p, len);
|
---|
389 | return errbuf;
|
---|
390 | }
|
---|
391 |
|
---|
392 | int is_numeric (const char * address)
|
---|
393 | {
|
---|
394 | int j;
|
---|
395 | int len = sl_strlen(address);
|
---|
396 |
|
---|
397 | for (j = 0; j < len; ++j)
|
---|
398 | if ( (address[j] < '0' || address[j] > '9') && address[j] != '.')
|
---|
399 | return (1 == 0);
|
---|
400 | return (1 == 1);
|
---|
401 | }
|
---|
402 |
|
---|
403 | #if defined (SH_WITH_SERVER)
|
---|
404 |
|
---|
405 | int get_open_max ()
|
---|
406 | {
|
---|
407 | int value;
|
---|
408 |
|
---|
409 | #ifdef _SC_OPEN_MAX
|
---|
410 | value = sysconf (_SC_OPEN_MAX);
|
---|
411 | #else
|
---|
412 | #ifdef OPEN_MAX
|
---|
413 | value = OPEN_MAX;
|
---|
414 | #else
|
---|
415 | value = _POSIX_OPEN_MAX;
|
---|
416 | #endif
|
---|
417 | #endif
|
---|
418 |
|
---|
419 | if (value < 0)
|
---|
420 | value = 8; /* POSIX lower limit */
|
---|
421 |
|
---|
422 | if (value > 4096)
|
---|
423 | value = 4096;
|
---|
424 |
|
---|
425 | return value;
|
---|
426 | }
|
---|
427 |
|
---|
428 | #endif
|
---|
429 |
|
---|
430 | typedef struct _sin_cache {
|
---|
431 | char * address;
|
---|
432 | struct sockaddr_in sin;
|
---|
433 | struct _sin_cache * next;
|
---|
434 | } sin_cache;
|
---|
435 |
|
---|
436 | static sin_cache * conn_cache = NULL;
|
---|
437 | static int cached_addr = 0;
|
---|
438 |
|
---|
439 | void delete_cache()
|
---|
440 | {
|
---|
441 | sin_cache * check_cache = conn_cache;
|
---|
442 | sin_cache * old_entry = conn_cache;
|
---|
443 |
|
---|
444 | SL_ENTER(_("delete_cache"));
|
---|
445 |
|
---|
446 | while (check_cache != NULL)
|
---|
447 | {
|
---|
448 | old_entry = check_cache;
|
---|
449 | check_cache = check_cache->next;
|
---|
450 | SH_FREE(old_entry->address);
|
---|
451 | SH_FREE(old_entry);
|
---|
452 | }
|
---|
453 |
|
---|
454 | cached_addr = 0;
|
---|
455 |
|
---|
456 | conn_cache = NULL;
|
---|
457 | SL_RET0(_("delete_cache"));
|
---|
458 | }
|
---|
459 |
|
---|
460 | int DoReverseLookup = S_TRUE;
|
---|
461 |
|
---|
462 | int set_reverse_lookup (const char * c)
|
---|
463 | {
|
---|
464 | return sh_util_flagval(c, &DoReverseLookup);
|
---|
465 | }
|
---|
466 |
|
---|
467 | int connect_port (char * address, int port,
|
---|
468 | char * ecall, int * errnum, char * errmsg, int errsiz)
|
---|
469 | {
|
---|
470 | struct in_addr haddr; /* host address from numeric */
|
---|
471 | /* host details returned by the DNS */
|
---|
472 | struct hostent *host_entry = NULL;
|
---|
473 | struct sockaddr_in sinr; /* socket to the remote host */
|
---|
474 |
|
---|
475 | char * host_name;
|
---|
476 |
|
---|
477 | volatile int fd = (-1);
|
---|
478 | int status;
|
---|
479 | volatile int fail = 0;
|
---|
480 | int cached = 0;
|
---|
481 |
|
---|
482 | int retval;
|
---|
483 | char errbuf[SH_ERRBUF_SIZE];
|
---|
484 |
|
---|
485 | sin_cache * check_cache = conn_cache;
|
---|
486 |
|
---|
487 | SL_ENTER(_("connect_port"));
|
---|
488 |
|
---|
489 | /* paranoia -- should not happen
|
---|
490 | */
|
---|
491 | if (cached_addr > 128)
|
---|
492 | delete_cache();
|
---|
493 |
|
---|
494 | if (check_cache != NULL)
|
---|
495 | {
|
---|
496 | while (check_cache && check_cache->address)
|
---|
497 | {
|
---|
498 | if ( 0 == sl_strncmp(check_cache->address,
|
---|
499 | address, sl_strlen(address)))
|
---|
500 | {
|
---|
501 | memcpy (&sinr, &(check_cache->sin), sizeof(struct sockaddr_in));
|
---|
502 | sinr.sin_family = AF_INET;
|
---|
503 | sinr.sin_port = htons (port);
|
---|
504 | cached = 1;
|
---|
505 | break;
|
---|
506 | }
|
---|
507 | if (check_cache->next)
|
---|
508 | check_cache = check_cache->next;
|
---|
509 | else
|
---|
510 | check_cache = NULL;
|
---|
511 | }
|
---|
512 | }
|
---|
513 |
|
---|
514 | /* only use gethostbyname() if neccessary
|
---|
515 | */
|
---|
516 | if (cached == 0)
|
---|
517 | {
|
---|
518 | #ifdef HAVE_INET_ATON
|
---|
519 | if (0 == inet_aton(address, &haddr))
|
---|
520 | #else
|
---|
521 | if ((unsigned long)-1 == (haddr.s_addr = inet_addr(address)))
|
---|
522 | #endif
|
---|
523 | {
|
---|
524 | SH_MUTEX_LOCK(mutex_resolv);
|
---|
525 |
|
---|
526 | host_name = NULL;
|
---|
527 |
|
---|
528 | host_entry = sh_gethostbyname(address);
|
---|
529 |
|
---|
530 | if (host_entry == NULL || host_entry->h_addr == NULL)
|
---|
531 | {
|
---|
532 | sl_strlcpy(ecall, _("gethostbyname"), SH_MINIBUF);
|
---|
533 | #ifndef NO_H_ERRNO
|
---|
534 | *errnum = h_errno;
|
---|
535 | #else
|
---|
536 | *errnum = 666;
|
---|
537 | #endif
|
---|
538 | (void) sh_tools_errmessage (*errnum, errmsg, errsiz);
|
---|
539 | sl_strlcat(errmsg, address, errsiz);
|
---|
540 | fail = (-1);
|
---|
541 | }
|
---|
542 | else
|
---|
543 | {
|
---|
544 | sinr.sin_family = AF_INET;
|
---|
545 | sinr.sin_port = htons (port);
|
---|
546 | sinr.sin_addr = *(struct in_addr *) host_entry->h_addr;
|
---|
547 |
|
---|
548 |
|
---|
549 | /* reverse DNS lookup
|
---|
550 | */
|
---|
551 | if (DoReverseLookup == S_TRUE)
|
---|
552 | {
|
---|
553 | if (host_entry->h_name == NULL)
|
---|
554 | {
|
---|
555 | host_name = SH_ALLOC(1);
|
---|
556 | host_name[0] = '\0';
|
---|
557 | }
|
---|
558 | else
|
---|
559 | {
|
---|
560 | host_name = sh_util_strdup(host_entry->h_name);
|
---|
561 | }
|
---|
562 |
|
---|
563 | host_entry = sh_gethostbyaddr ((char *) &sinr.sin_addr,
|
---|
564 | sizeof(struct in_addr),
|
---|
565 | AF_INET);
|
---|
566 | if (host_entry == NULL || host_entry->h_name == NULL)
|
---|
567 | {
|
---|
568 | sl_strlcpy(ecall, _("gethostbyaddr"), SH_MINIBUF);
|
---|
569 | #ifndef NO_H_ERRNO
|
---|
570 | *errnum = h_errno;
|
---|
571 | #else
|
---|
572 | *errnum = 666;
|
---|
573 | #endif
|
---|
574 | (void) sh_tools_errmessage (*errnum, errmsg, errsiz);
|
---|
575 | sl_strlcat(errmsg,
|
---|
576 | inet_ntoa (*(struct in_addr *) &(sinr.sin_addr)),
|
---|
577 | errsiz);
|
---|
578 | fail = (-1);
|
---|
579 | }
|
---|
580 | else
|
---|
581 | {
|
---|
582 | *errnum = 0;
|
---|
583 | if (sl_strlen(host_entry->h_name) == 0 ||
|
---|
584 | (*errnum = sl_strcasecmp(host_name,host_entry->h_name)) != 0)
|
---|
585 | {
|
---|
586 | if (*errnum)
|
---|
587 | sl_strlcpy(ecall, _("strcmp"), SH_MINIBUF);
|
---|
588 | else
|
---|
589 | sl_strlcpy(ecall, _("strlen"), SH_MINIBUF);
|
---|
590 | sl_strlcpy(errmsg, _("Reverse lookup failed: "),
|
---|
591 | errsiz);
|
---|
592 | sl_strlcat(errmsg, address, errsiz);
|
---|
593 | sl_strlcat(errmsg, _(" vs "), errsiz);
|
---|
594 | sl_strlcat(errmsg,
|
---|
595 | inet_ntoa (*(struct in_addr *) &(sinr.sin_addr)),
|
---|
596 | errsiz);
|
---|
597 | fail = -1;
|
---|
598 | }
|
---|
599 | }
|
---|
600 | }
|
---|
601 | }
|
---|
602 | SH_MUTEX_UNLOCK(mutex_resolv);
|
---|
603 | if (host_name) SH_FREE(host_name);
|
---|
604 | }
|
---|
605 |
|
---|
606 | else /* address was numeric */
|
---|
607 | {
|
---|
608 | sinr.sin_family = AF_INET;
|
---|
609 | sinr.sin_port = htons (port);
|
---|
610 | sinr.sin_addr = haddr;
|
---|
611 | }
|
---|
612 |
|
---|
613 |
|
---|
614 | if (fail != -1)
|
---|
615 | {
|
---|
616 | /* put it into the cache
|
---|
617 | */
|
---|
618 | check_cache = SH_ALLOC(sizeof(sin_cache));
|
---|
619 | check_cache->address = SH_ALLOC(sl_strlen(address) + 1);
|
---|
620 | sl_strlcpy (check_cache->address, address, sl_strlen(address) + 1);
|
---|
621 | memcpy(&(check_cache->sin), &sinr, sizeof(struct sockaddr_in));
|
---|
622 | ++cached_addr;
|
---|
623 |
|
---|
624 | if (conn_cache)
|
---|
625 | {
|
---|
626 | if (conn_cache->next)
|
---|
627 | check_cache->next = conn_cache->next;
|
---|
628 | else
|
---|
629 | check_cache->next = NULL;
|
---|
630 | conn_cache->next = check_cache;
|
---|
631 | }
|
---|
632 | else
|
---|
633 | {
|
---|
634 | check_cache->next = NULL;
|
---|
635 | conn_cache = check_cache;
|
---|
636 | }
|
---|
637 | }
|
---|
638 | }
|
---|
639 |
|
---|
640 |
|
---|
641 | if (fail != (-1))
|
---|
642 | {
|
---|
643 | fd = socket(AF_INET, SOCK_STREAM, 0);
|
---|
644 | if (fd < 0) {
|
---|
645 | fail = (-1);
|
---|
646 | status = errno;
|
---|
647 | sl_strlcpy(ecall, _("socket"), SH_MINIBUF);
|
---|
648 | *errnum = status;
|
---|
649 | sl_strlcpy(errmsg, sh_error_message (status, errbuf, sizeof(errbuf)), errsiz);
|
---|
650 | sl_strlcat(errmsg, _(", address "), errsiz);
|
---|
651 | sl_strlcat(errmsg, address, errsiz);
|
---|
652 | }
|
---|
653 | }
|
---|
654 |
|
---|
655 | if (fail != (-1)) {
|
---|
656 |
|
---|
657 | if ( retry_connect(FIL__, __LINE__, fd,
|
---|
658 | (struct sockaddr *) &sinr, sizeof(sinr)) < 0)
|
---|
659 | {
|
---|
660 | status = errno;
|
---|
661 | sl_strlcpy(ecall, _("connect"), SH_MINIBUF);
|
---|
662 | *errnum = status;
|
---|
663 | sl_strlcpy(errmsg, sh_error_message (status, errbuf, sizeof(errbuf)), errsiz);
|
---|
664 | sl_strlcat(errmsg, _(", address "), errsiz);
|
---|
665 | sl_strlcat(errmsg, address, errsiz);
|
---|
666 | close(fd);
|
---|
667 | fail = (-1);
|
---|
668 | }
|
---|
669 | }
|
---|
670 |
|
---|
671 | retval = (fail < 0) ? (-1) : fd;
|
---|
672 | SL_RETURN(retval, _("connect_port"));
|
---|
673 | }
|
---|
674 |
|
---|
675 | int connect_port_2 (char * address1, char * address2, int port,
|
---|
676 | char * ecall, int * errnum, char * errmsg, int errsiz)
|
---|
677 | {
|
---|
678 | int retval = (-1);
|
---|
679 |
|
---|
680 | SL_ENTER(_("connect_port_2"));
|
---|
681 |
|
---|
682 | errmsg[0] = '\0';
|
---|
683 | *errnum = 0;
|
---|
684 |
|
---|
685 | if (address1 != NULL && address1[0] != '\0')
|
---|
686 | retval = connect_port (address1, port,
|
---|
687 | ecall, errnum,
|
---|
688 | errmsg, errsiz);
|
---|
689 |
|
---|
690 | if (retval < 0 && address2 != NULL && address2[0] != '\0')
|
---|
691 | {
|
---|
692 | /* can't use sh_error_handle here, as this would cause an infinite
|
---|
693 | * loop if called from sh_unix_time
|
---|
694 | */
|
---|
695 | TPT(( 0, FIL__, __LINE__, _("msg=<Using alternative server %s.>\n"),
|
---|
696 | address2));
|
---|
697 | retval = connect_port (address2, port,
|
---|
698 | ecall, errnum,
|
---|
699 | errmsg, errsiz);
|
---|
700 | }
|
---|
701 |
|
---|
702 | if ((retval < 0) &&
|
---|
703 | (address1 == NULL || address1[0] == '\0') &&
|
---|
704 | (address1 == NULL || address1[0] == '\0'))
|
---|
705 | {
|
---|
706 | sl_strlcpy(ecall, _("connect_port_2"), SH_MINIBUF);
|
---|
707 | sl_strlcpy(errmsg, _("No server address known"), errsiz);
|
---|
708 | }
|
---|
709 | SL_RETURN(retval, _("connect_port_2"));
|
---|
710 | /* return retval; */
|
---|
711 | }
|
---|
712 |
|
---|
713 | #if defined(HAVE_NTIME) || defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
|
---|
714 | static
|
---|
715 | int sh_write_select(int type, int sockfd,
|
---|
716 | char *buf, int nbytes,
|
---|
717 | int * w_error, int timeout)
|
---|
718 | {
|
---|
719 | int countbytes, count;
|
---|
720 | fd_set fds;
|
---|
721 | struct timeval tv;
|
---|
722 | int select_now;
|
---|
723 | int num_sel;
|
---|
724 |
|
---|
725 | struct sigaction new_act;
|
---|
726 | struct sigaction old_act;
|
---|
727 | char errbuf[SH_ERRBUF_SIZE];
|
---|
728 |
|
---|
729 | SL_ENTER(_("sh_write_select"));
|
---|
730 |
|
---|
731 | /* ignore SIGPIPE (instead get EPIPE if connection is closed)
|
---|
732 | */
|
---|
733 | new_act.sa_handler = SIG_IGN;
|
---|
734 | sigemptyset( &new_act.sa_mask ); /* set an empty mask */
|
---|
735 | new_act.sa_flags = 0; /* init sa_flags */
|
---|
736 | sigaction (SIGPIPE, &new_act, &old_act);
|
---|
737 |
|
---|
738 | FD_ZERO(&fds);
|
---|
739 | FD_SET(sockfd, &fds);
|
---|
740 |
|
---|
741 | countbytes = 0;
|
---|
742 | tv.tv_sec = 1;
|
---|
743 | tv.tv_usec = 0;
|
---|
744 | select_now = 0;
|
---|
745 |
|
---|
746 | *w_error = 0;
|
---|
747 |
|
---|
748 | while ( countbytes < nbytes ) {
|
---|
749 |
|
---|
750 | FD_ZERO(&fds);
|
---|
751 | FD_SET(sockfd, &fds);
|
---|
752 |
|
---|
753 | if (type == SH_DO_WRITE)
|
---|
754 | {
|
---|
755 | if ( (num_sel = select (sockfd+1, NULL, &fds, NULL, &tv)) == -1)
|
---|
756 | {
|
---|
757 | if (sig_raised == 1)
|
---|
758 | {
|
---|
759 | sig_raised = 2;
|
---|
760 | continue;
|
---|
761 | }
|
---|
762 | if ( errno == EINTR || errno == EINPROGRESS ) /* try again */
|
---|
763 | continue;
|
---|
764 | *w_error = errno;
|
---|
765 | sigaction (SIGPIPE, &old_act, NULL);
|
---|
766 | sh_error_message(*w_error, errbuf, sizeof(errbuf));
|
---|
767 | sh_error_handle (SH_ERR_INFO, FIL__, __LINE__, errno, MSG_E_SUBGEN,
|
---|
768 | errbuf,
|
---|
769 | _("sh_write_select (ws)") );
|
---|
770 | TPT(( 0, FIL__, __LINE__, _("msg=<select: %s>\n"), errbuf ));
|
---|
771 | SL_RETURN( countbytes, _("sh_write_select"));
|
---|
772 | }
|
---|
773 | }
|
---|
774 | else
|
---|
775 | {
|
---|
776 | if ( (num_sel = select (sockfd+1, &fds, NULL, NULL, &tv)) == -1)
|
---|
777 | {
|
---|
778 | if (sig_raised == 1)
|
---|
779 | {
|
---|
780 | sig_raised = 2;
|
---|
781 | continue;
|
---|
782 | }
|
---|
783 | if ( errno == EINTR || errno == EINPROGRESS ) /* try again */
|
---|
784 | continue;
|
---|
785 | *w_error = errno;
|
---|
786 | sigaction (SIGPIPE, &old_act, NULL);
|
---|
787 | sh_error_message(*w_error, errbuf, sizeof(errbuf));
|
---|
788 | sh_error_handle (SH_ERR_INFO, FIL__, __LINE__, errno, MSG_E_SUBGEN,
|
---|
789 | errbuf,
|
---|
790 | _("sh_write_select (rs)") );
|
---|
791 | TPT(( 0, FIL__, __LINE__, _("msg=<select: %s>\n"), errbuf ));
|
---|
792 | SL_RETURN( countbytes, _("sh_write_select"));
|
---|
793 | }
|
---|
794 | }
|
---|
795 |
|
---|
796 | /* on Linux, timeout is modified to reflect the amount of
|
---|
797 | * time not slept
|
---|
798 | */
|
---|
799 | tv.tv_sec = 1;
|
---|
800 | tv.tv_usec = 0;
|
---|
801 |
|
---|
802 |
|
---|
803 | /* let's not hang on forever
|
---|
804 | */
|
---|
805 | if (num_sel == 0)
|
---|
806 | {
|
---|
807 | ++select_now; /* timeout */
|
---|
808 | if ( select_now > timeout ) /* 5 minutes */
|
---|
809 | {
|
---|
810 | #ifdef ETIMEDOUT
|
---|
811 | *w_error = ETIMEDOUT;
|
---|
812 | #else
|
---|
813 | *w_error = 0;
|
---|
814 | #endif
|
---|
815 | sigaction (SIGPIPE, &old_act, NULL);
|
---|
816 | TPT(( 0, FIL__, __LINE__, _("msg=<Timeout>\n")));
|
---|
817 | SL_RETURN( countbytes, _("sh_write_select"));
|
---|
818 | }
|
---|
819 | }
|
---|
820 |
|
---|
821 | if ( FD_ISSET (sockfd, &fds) )
|
---|
822 | {
|
---|
823 | if (type == SH_DO_WRITE)
|
---|
824 | count = write (sockfd, buf, nbytes-countbytes);
|
---|
825 | else
|
---|
826 | count = read (sockfd, buf, nbytes-countbytes);
|
---|
827 |
|
---|
828 | if (count > 0)
|
---|
829 | {
|
---|
830 | countbytes += count;
|
---|
831 | buf += count; /* move buffer pointer forward */
|
---|
832 | if (countbytes < nbytes) FD_SET( sockfd, &fds );
|
---|
833 | }
|
---|
834 | else if (count < 0 && errno == EINTR)
|
---|
835 | {
|
---|
836 | FD_SET( sockfd, &fds );
|
---|
837 | }
|
---|
838 | else if (count < 0)
|
---|
839 | {
|
---|
840 | *w_error = errno;
|
---|
841 | sigaction (SIGPIPE, &old_act, NULL);
|
---|
842 | sh_error_message(*w_error, errbuf, sizeof(errbuf));
|
---|
843 | sh_error_handle (SH_ERR_INFO, FIL__, __LINE__, errno, MSG_E_SUBGEN,
|
---|
844 | errbuf,
|
---|
845 | (type == SH_DO_WRITE) ?
|
---|
846 | _("sh_write_select (w)") : _("sh_write_select (r)"));
|
---|
847 | TPT(( 0, FIL__, __LINE__, _("msg=<count < 0>\n")));
|
---|
848 | SL_RETURN( countbytes, _("sh_write_select"));
|
---|
849 | }
|
---|
850 | else /* count == 0 */
|
---|
851 | {
|
---|
852 | *w_error = errno;
|
---|
853 | sigaction (SIGPIPE, &old_act, NULL);
|
---|
854 | TPT(( 0, FIL__, __LINE__, _("msg=<count == 0>\n")));
|
---|
855 | SL_RETURN( countbytes, _("sh_write_select"));
|
---|
856 | }
|
---|
857 | }
|
---|
858 | }
|
---|
859 |
|
---|
860 |
|
---|
861 | /* restore signal handler
|
---|
862 | */
|
---|
863 | sigaction (SIGPIPE, &old_act, NULL);
|
---|
864 |
|
---|
865 | *w_error = 0;
|
---|
866 |
|
---|
867 | TPT(( 0, FIL__, __LINE__, _("msg=<count = %d>\n"), countbytes));
|
---|
868 | SL_RETURN( countbytes, _("sh_write_select"));
|
---|
869 | }
|
---|
870 | #endif
|
---|
871 |
|
---|
872 | #if defined (SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
|
---|
873 | unsigned long write_port (int sockfd, char *buf, unsigned long nbytes,
|
---|
874 | int * w_error, int timeout)
|
---|
875 | {
|
---|
876 | unsigned long bytes;
|
---|
877 |
|
---|
878 | SL_ENTER(_("write_port"));
|
---|
879 |
|
---|
880 | bytes = sh_write_select(SH_DO_WRITE, sockfd, buf, nbytes, w_error, timeout);
|
---|
881 | if (*w_error != 0)
|
---|
882 | {
|
---|
883 | char errbuf[SH_ERRBUF_SIZE];
|
---|
884 | sh_error_handle((-1), FIL__, __LINE__, *w_error, MSG_TCP_NETRP,
|
---|
885 | sh_error_message (*w_error, errbuf, sizeof(errbuf)),
|
---|
886 | (long) sockfd, _("write_port"));
|
---|
887 | }
|
---|
888 | SL_RETURN( bytes, _("write_port"));
|
---|
889 | }
|
---|
890 | #endif
|
---|
891 |
|
---|
892 | #if defined(HAVE_NTIME) || defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
|
---|
893 |
|
---|
894 | unsigned long read_port (int sockfd, char *buf, unsigned long nbytes,
|
---|
895 | int * w_error, int timeout)
|
---|
896 | {
|
---|
897 | unsigned long bytes;
|
---|
898 |
|
---|
899 | SL_ENTER(_("read_port"));
|
---|
900 |
|
---|
901 | bytes = sh_write_select(SH_DO_READ, sockfd, buf, nbytes, w_error, timeout);
|
---|
902 | if (*w_error != 0)
|
---|
903 | {
|
---|
904 | char errbuf[SH_ERRBUF_SIZE];
|
---|
905 | sh_error_handle((-1), FIL__, __LINE__, *w_error, MSG_TCP_NETRP,
|
---|
906 | sh_error_message (*w_error, errbuf, sizeof(errbuf)),
|
---|
907 | (long) sockfd, _("read_port"));
|
---|
908 | }
|
---|
909 | SL_RETURN( bytes, _("read_port"));
|
---|
910 | }
|
---|
911 | #endif
|
---|
912 |
|
---|
913 | #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
|
---|
914 |
|
---|
915 | int check_request_nerr (char * have, char * need)
|
---|
916 | {
|
---|
917 | SL_ENTER(_("check_request_nerr"));
|
---|
918 | ASSERT_RET((have != NULL && need != NULL),
|
---|
919 | _("have != NULL && need != NULL"), (-1))
|
---|
920 |
|
---|
921 | if ( (have[0] == need[0]) && (have[1] == need[1]) &&
|
---|
922 | (have[2] == need[2]) && (have[3] == need[3]))
|
---|
923 | SL_RETURN(0, _("check_request_nerr"));
|
---|
924 | SL_RETURN((-1), _("check_request_nerr"));
|
---|
925 | }
|
---|
926 | #endif
|
---|
927 |
|
---|
928 | #if defined (SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
|
---|
929 |
|
---|
930 | int check_request (char * have, char * need)
|
---|
931 | {
|
---|
932 | char first[21], second[5];
|
---|
933 | int i;
|
---|
934 |
|
---|
935 | SL_ENTER(_("check_request"));
|
---|
936 | i = check_request_nerr (have, need);
|
---|
937 |
|
---|
938 | if (i == 0)
|
---|
939 | SL_RETURN(0, _("check_request"));
|
---|
940 |
|
---|
941 | for (i = 0; i < 4; ++i)
|
---|
942 | {
|
---|
943 | second[i] = need[i];
|
---|
944 | sprintf(&first[i*4], _("%c%03o"), /* known to fit */
|
---|
945 | '\\', (unsigned char) have[i]);
|
---|
946 | }
|
---|
947 |
|
---|
948 | first[20] = '\0'; second[4] = '\0';
|
---|
949 |
|
---|
950 | sh_error_handle((-1), FIL__, __LINE__, EINVAL, MSG_E_NETST,
|
---|
951 | second, first);
|
---|
952 | SL_RETURN((-1), _("check_request"));
|
---|
953 | }
|
---|
954 | #endif
|
---|
955 |
|
---|
956 | #if defined (SH_WITH_SERVER)
|
---|
957 |
|
---|
958 | int check_request_s (char * have, char * need, char * clt)
|
---|
959 | {
|
---|
960 | char first[21], second[5];
|
---|
961 | int i;
|
---|
962 |
|
---|
963 | SL_ENTER(_("check_request_s"));
|
---|
964 | i = check_request_nerr (have, need);
|
---|
965 |
|
---|
966 | if (i == 0)
|
---|
967 | SL_RETURN( (0), _("check_request_s"));
|
---|
968 |
|
---|
969 | for (i = 0; i < 4; ++i)
|
---|
970 | {
|
---|
971 | second[i] = need[i];
|
---|
972 | sprintf(&first[i*4], _("%c%03o"), /* known to fit */
|
---|
973 | '\\', (unsigned char) have[i]);
|
---|
974 | }
|
---|
975 | first[20] = '\0'; second[4] = '\0';
|
---|
976 | sh_error_handle((-1), FIL__, __LINE__, EINVAL, MSG_E_NETST1,
|
---|
977 | second, first, clt);
|
---|
978 | SL_RETURN( (-1), _("check_request_s"));
|
---|
979 | }
|
---|
980 | #endif
|
---|
981 |
|
---|
982 | #if defined (SH_WITH_CLIENT) || defined (SH_WITH_SERVER)
|
---|
983 |
|
---|
984 | void get_header (unsigned char * head, unsigned long * bytes, char * u)
|
---|
985 | {
|
---|
986 | SL_ENTER(_("get_header"));
|
---|
987 |
|
---|
988 | *bytes =
|
---|
989 | (256 * (unsigned int)head[1] + (unsigned int)head[2]);
|
---|
990 |
|
---|
991 | if (u != NULL)
|
---|
992 | {
|
---|
993 | u[0] = head[3];
|
---|
994 | u[1] = head[4];
|
---|
995 | u[2] = head[5];
|
---|
996 | u[3] = head[6];
|
---|
997 | u[4] = '\0';
|
---|
998 | }
|
---|
999 |
|
---|
1000 | SL_RET0(_("get_header"));
|
---|
1001 | }
|
---|
1002 | #endif
|
---|
1003 |
|
---|
1004 | #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
|
---|
1005 |
|
---|
1006 | #ifdef SH_ENCRYPT_2
|
---|
1007 | #define TRANS_BYTES 65120
|
---|
1008 | #else
|
---|
1009 | #define TRANS_BYTES 65280
|
---|
1010 | #endif
|
---|
1011 |
|
---|
1012 | void put_header (unsigned char * head, int protocol,
|
---|
1013 | unsigned long * length, char * u)
|
---|
1014 | {
|
---|
1015 |
|
---|
1016 | /* static long transfer_limit = (8 * SH_BUFSIZE); V0.8 */
|
---|
1017 | static unsigned long transfer_limit = TRANS_BYTES + 6 + KEY_LEN;
|
---|
1018 |
|
---|
1019 | SL_ENTER(_("put_header"));
|
---|
1020 |
|
---|
1021 | head[0] = protocol;
|
---|
1022 |
|
---|
1023 | ASSERT((*length < transfer_limit), _("*length < transfer_limit"))
|
---|
1024 |
|
---|
1025 | if (*length > transfer_limit)
|
---|
1026 | *length = transfer_limit;
|
---|
1027 |
|
---|
1028 | head[1] = (unsigned int)(*length/256);
|
---|
1029 | head[2] = (unsigned int)(*length-256 * head[1]);
|
---|
1030 | if (u == NULL)
|
---|
1031 | {
|
---|
1032 | head[3] = 0x01;
|
---|
1033 | head[4] = 0x01;
|
---|
1034 | head[5] = 0x01;
|
---|
1035 | head[6] = 0x01;
|
---|
1036 | }
|
---|
1037 | else
|
---|
1038 | {
|
---|
1039 | head[3] = u[0];
|
---|
1040 | head[4] = u[1];
|
---|
1041 | head[5] = u[2];
|
---|
1042 | head[6] = u[3];
|
---|
1043 | }
|
---|
1044 |
|
---|
1045 | SL_RET0(_("put_header"));
|
---|
1046 | }
|
---|
1047 | #endif
|
---|
1048 |
|
---|
1049 | /* ------------------------------------------
|
---|
1050 | *
|
---|
1051 | * version 2 client/server protocol
|
---|
1052 | *
|
---|
1053 | * ------------------------------------------
|
---|
1054 | *
|
---|
1055 | * header : flag size[2]
|
---|
1056 | *
|
---|
1057 | * payload: random_pad[8] protocol[4] size[4] payload[payload_size] padding
|
---|
1058 | *
|
---|
1059 | * full_size <= 8192; payload_size <= 8176 (511*16); msg_size <= 8128 (508*16)
|
---|
1060 | * (msg_size = payload_size - key_len = payload_size - 48)
|
---|
1061 | */
|
---|
1062 |
|
---|
1063 | /*
|
---|
1064 | * only SH_V2_FULLSIZE is used, and only once
|
---|
1065 | */
|
---|
1066 | #if 0
|
---|
1067 | #ifdef SH_WITH_SERVER
|
---|
1068 | #define SH_V2_FULLSIZE 240
|
---|
1069 | #define SH_V2_PAYLOAD 224
|
---|
1070 | #define SH_V2_MESSAGE 176
|
---|
1071 | #else
|
---|
1072 | #define SH_V2_FULLSIZE 1024
|
---|
1073 | #define SH_V2_PAYLOAD 1008
|
---|
1074 | #define SH_V2_MESSAGE 960
|
---|
1075 | #endif
|
---|
1076 | #endif
|
---|
1077 | #define SH_V2_FULLSIZE 1024
|
---|
1078 |
|
---|
1079 | #ifdef SH_ENCRYPT
|
---|
1080 | #include "rijndael-api-fst.h"
|
---|
1081 | #endif
|
---|
1082 |
|
---|
1083 | void sh_tools_show_header (unsigned char * head, char sign)
|
---|
1084 | {
|
---|
1085 | #define SH_IS_ASCII(c) (((c) & ~0x7f) == 0)
|
---|
1086 |
|
---|
1087 |
|
---|
1088 | int msg_size = (256 * (unsigned int)head[1] + (unsigned int)head[2]);
|
---|
1089 | char code[32];
|
---|
1090 | char * p = &code[0];
|
---|
1091 |
|
---|
1092 | memset (code, ' ', 32); /* space */
|
---|
1093 |
|
---|
1094 | if ((head[0] & SH_PROTO_SRP) != 0) { p[0]='S';p[1]='R';p[2]='P';}
|
---|
1095 | p += 4;
|
---|
1096 | if ((head[0] & SH_PROTO_MSG) != 0) { p[0]='M';p[1]='S';p[2]='G';}
|
---|
1097 | p += 4;
|
---|
1098 | if ((head[0] & SH_PROTO_BIG) != 0) { p[0]='B';p[1]='I';p[2]='G';}
|
---|
1099 | p += 4;
|
---|
1100 | if ((head[0] & SH_PROTO_END) != 0) { p[0]='E';p[1]='N';p[2]='D';}
|
---|
1101 | p += 4;
|
---|
1102 | if ((head[0] & SH_PROTO_ENC) != 0) { p[0]='E';p[1]='N';p[2]='C';}
|
---|
1103 | p += 4;
|
---|
1104 | if ((head[0] & SH_PROTO_EN2) != 0) { p[0]='E';p[1]='N';p[2]='2';}
|
---|
1105 | code[23] = '\0';
|
---|
1106 |
|
---|
1107 | if (SH_IS_ASCII(head[3]) && isalpha(head[3]) &&
|
---|
1108 | SH_IS_ASCII(head[4]) && isalpha(head[4]) &&
|
---|
1109 | SH_IS_ASCII(head[5]) && isalpha(head[5]) &&
|
---|
1110 | SH_IS_ASCII(head[6]) && isalpha(head[6])) {
|
---|
1111 | fprintf(stderr, "%c %3o %s %5d %c %c %c %c\n", sign,
|
---|
1112 | head[0], code, msg_size, head[3], head[4], head[5], head[6]);
|
---|
1113 | } else {
|
---|
1114 | fprintf(stderr, "%c %3o %s %5d %2X %2X %2X %2X\n", sign,
|
---|
1115 | head[0], code, msg_size, head[3], head[4], head[5], head[6]);
|
---|
1116 | }
|
---|
1117 | return;
|
---|
1118 | }
|
---|
1119 |
|
---|
1120 | #ifdef SH_ENCRYPT
|
---|
1121 | /*
|
---|
1122 | * #define DEBUG_EN2
|
---|
1123 | *
|
---|
1124 | * ingest version 1 7-byte header and payload, return version2 header/payload
|
---|
1125 | * last 4 bytes of outgoing header are set to dummy value
|
---|
1126 | */
|
---|
1127 | char * sh_tools_makePack (unsigned char * header,
|
---|
1128 | char * payload, unsigned long payload_size,
|
---|
1129 | keyInstance * keyInstE)
|
---|
1130 | {
|
---|
1131 | UINT32 rpad[3];
|
---|
1132 | unsigned char head[16];
|
---|
1133 | double epad;
|
---|
1134 | unsigned long i_epad = 0;
|
---|
1135 | unsigned long i_blk = payload_size / 16;
|
---|
1136 | unsigned long i_blkmax = SH_V2_FULLSIZE / 16;
|
---|
1137 | unsigned long pads = 0;
|
---|
1138 | size_t full_size;
|
---|
1139 | char * full_ret;
|
---|
1140 |
|
---|
1141 | char * p;
|
---|
1142 | RIJ_BYTE inBlock[B_SIZ];
|
---|
1143 | RIJ_BYTE outBlock[B_SIZ];
|
---|
1144 | int j;
|
---|
1145 | cipherInstance cipherInst;
|
---|
1146 | int err_num;
|
---|
1147 | int blkfac;
|
---|
1148 | int oflow = 0;
|
---|
1149 |
|
---|
1150 | /*
|
---|
1151 | SL_REQUIRE (i_blk*16 == payload_size, _("payload_size % 16 != 0"));
|
---|
1152 | */
|
---|
1153 | if ((i_blk * 16) != payload_size) ++i_blk;
|
---|
1154 | #ifdef DEBUG_EN2
|
---|
1155 | fprintf(stderr, "SEND <%d> blocks <%d>\n", payload_size, i_blk);
|
---|
1156 | #endif
|
---|
1157 | /* random_pad
|
---|
1158 | */
|
---|
1159 | rpad[1] = taus_get ();
|
---|
1160 | memcpy (head, &rpad[1], 4);
|
---|
1161 | rpad[0] = taus_get ();
|
---|
1162 | memcpy (&head[4], &rpad[0], 4);
|
---|
1163 | rpad[2] = taus_get ();
|
---|
1164 | memcpy (&head[8], &rpad[2], 4);
|
---|
1165 |
|
---|
1166 | /* protocol
|
---|
1167 | */
|
---|
1168 | /* memcpy (&head[8], &header[3], 4); */
|
---|
1169 |
|
---|
1170 | /* size (payload)
|
---|
1171 | */
|
---|
1172 | head[12] = header[1];
|
---|
1173 | head[13] = header[2];
|
---|
1174 | head[14] = '\0';
|
---|
1175 | head[15] = '\0';
|
---|
1176 |
|
---|
1177 | if (i_blk < i_blkmax)
|
---|
1178 | {
|
---|
1179 | pads = i_blkmax - i_blk;
|
---|
1180 | /* memcpy((char *) &rpad[2], &head[12], 4); */
|
---|
1181 | epad = taus_get_double (&rpad);
|
---|
1182 | #ifdef DEBUG_EN2
|
---|
1183 | fprintf(stderr, "PAD1 <%d> <%f>\n", pads, epad);
|
---|
1184 | #endif
|
---|
1185 | i_epad = (unsigned long) (pads * epad);
|
---|
1186 | #ifdef DEBUG_EN2
|
---|
1187 | fprintf(stderr, "PAD2 <%d> <%d>\n", i_epad, (i_epad*16));
|
---|
1188 | #endif
|
---|
1189 | }
|
---|
1190 |
|
---|
1191 | full_size = 16; /* head */
|
---|
1192 | if (sl_ok_muls(i_blk, 16) && sl_ok_adds(full_size, (i_blk*16)))
|
---|
1193 | full_size = full_size + (i_blk*16); /* payload */
|
---|
1194 | else
|
---|
1195 | oflow = 1;
|
---|
1196 | if (sl_ok_adds(full_size, (i_epad*16)))
|
---|
1197 | full_size = full_size + (i_epad*16); /* pad */
|
---|
1198 | else
|
---|
1199 | i_epad = 0;
|
---|
1200 |
|
---|
1201 | if (oflow)
|
---|
1202 | {
|
---|
1203 | sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
|
---|
1204 | _("integer overflow"),
|
---|
1205 | _("sh_tools_makePack"));
|
---|
1206 | }
|
---|
1207 |
|
---|
1208 | full_ret = SH_ALLOC(full_size);
|
---|
1209 | memcpy(full_ret, head, 16);
|
---|
1210 | if (payload != NULL && !oflow)
|
---|
1211 | {
|
---|
1212 | memcpy(&full_ret[16], payload, payload_size);
|
---|
1213 | }
|
---|
1214 | if ((i_blk*16) > payload_size && !oflow)
|
---|
1215 | {
|
---|
1216 | #ifdef DEBUG_EN2
|
---|
1217 | fprintf(stderr, "SEN2 <%d>\n", (i_blk*16) - payload_size);
|
---|
1218 | #endif
|
---|
1219 | memset(&full_ret[16+payload_size], '\0', (i_blk*16) - payload_size);
|
---|
1220 | payload_size = i_blk * 16;
|
---|
1221 | }
|
---|
1222 | memset(&full_ret[16+payload_size], '\0', i_epad*16);
|
---|
1223 | #ifdef DEBUG_EN2
|
---|
1224 | fprintf(stderr, "SEN3 <%d> <%d>\n", full_size, i_epad*16);
|
---|
1225 | #endif
|
---|
1226 |
|
---|
1227 | /* rewrite header
|
---|
1228 | */
|
---|
1229 | header[1] = (unsigned int)(full_size/256);
|
---|
1230 | header[2] = (unsigned int)(full_size - (256 * header[1]));
|
---|
1231 | /* don't erase protocol from header
|
---|
1232 | memset(&header[3], '\0', 4);
|
---|
1233 | */
|
---|
1234 | p = full_ret; blkfac = full_size / 16;
|
---|
1235 |
|
---|
1236 | err_num = cipherInit (&cipherInst, MODE_CBC, NULL);
|
---|
1237 |
|
---|
1238 | if (err_num < 0)
|
---|
1239 | {
|
---|
1240 | char expbuf[SH_ERRBUF_SIZE];
|
---|
1241 | sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
|
---|
1242 | errorExplain(err_num, expbuf, sizeof(expbuf)),
|
---|
1243 | _("sh_tools_makePack: cipherInit"));
|
---|
1244 | }
|
---|
1245 | for (j = 0; j < blkfac; ++j)
|
---|
1246 | {
|
---|
1247 | memcpy(inBlock, p, B_SIZ);
|
---|
1248 | err_num = blockEncrypt(&cipherInst, keyInstE,
|
---|
1249 | inBlock, 128 * BNUM, outBlock);
|
---|
1250 | if (err_num < 0)
|
---|
1251 | {
|
---|
1252 | char expbuf[SH_ERRBUF_SIZE];
|
---|
1253 | sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
|
---|
1254 | errorExplain(err_num, expbuf, sizeof(expbuf)),
|
---|
1255 | _("sh_tools_makePack: blockEncrypt"));
|
---|
1256 | }
|
---|
1257 | memcpy(p, outBlock, B_SIZ);
|
---|
1258 | p += B_SIZ;
|
---|
1259 | }
|
---|
1260 |
|
---|
1261 | return full_ret;
|
---|
1262 | }
|
---|
1263 |
|
---|
1264 | /* write a 7-byte header and return payload as expected by version 1
|
---|
1265 | * last 4 bytes of incoming header are dummy
|
---|
1266 | */
|
---|
1267 | char * sh_tools_revertPack (unsigned char * header, char * message,
|
---|
1268 | keyInstance * keyInstD,
|
---|
1269 | unsigned long message_size)
|
---|
1270 | {
|
---|
1271 | unsigned long msg_size;
|
---|
1272 | char * msg_ret;
|
---|
1273 |
|
---|
1274 | char * p;
|
---|
1275 | RIJ_BYTE inBlock[B_SIZ];
|
---|
1276 | RIJ_BYTE outBlock[B_SIZ];
|
---|
1277 | int j;
|
---|
1278 | cipherInstance cipherInst;
|
---|
1279 | int err_num;
|
---|
1280 | int blkfac;
|
---|
1281 | char expbuf[SH_ERRBUF_SIZE];
|
---|
1282 |
|
---|
1283 | msg_size = (256 * (unsigned int)header[1] + (unsigned int)header[2]);
|
---|
1284 | #ifdef DEBUG_EN2
|
---|
1285 | fprintf(stderr, "RECV <%lu>\n", msg_size);
|
---|
1286 | #endif
|
---|
1287 | if (msg_size > message_size) {
|
---|
1288 | msg_size = message_size;
|
---|
1289 | #ifdef DEBUG_EN2
|
---|
1290 | fprintf(stderr, "RECV TRUNC1 <%lu>\n", msg_size);
|
---|
1291 | #endif
|
---|
1292 | }
|
---|
1293 |
|
---|
1294 | p = message; blkfac = msg_size / 16;
|
---|
1295 |
|
---|
1296 | err_num = cipherInit (&cipherInst, MODE_CBC, NULL);
|
---|
1297 |
|
---|
1298 | if (err_num < 0)
|
---|
1299 | {
|
---|
1300 | sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
|
---|
1301 | errorExplain(err_num, expbuf, sizeof(expbuf)),
|
---|
1302 | _("sh_tools_revertPack: cipherInit"));
|
---|
1303 | }
|
---|
1304 | for (j = 0; j < blkfac; ++j)
|
---|
1305 | {
|
---|
1306 | memcpy(inBlock, p, B_SIZ);
|
---|
1307 | err_num = blockDecrypt(&cipherInst, keyInstD,
|
---|
1308 | inBlock, 128 * BNUM, outBlock);
|
---|
1309 | if (err_num < 0)
|
---|
1310 | {
|
---|
1311 | sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
|
---|
1312 | errorExplain(err_num, expbuf, sizeof(expbuf)),
|
---|
1313 | _("sh_tools_revertPack: blockDecrypt"));
|
---|
1314 | }
|
---|
1315 | memcpy(p, outBlock, B_SIZ);
|
---|
1316 | p += B_SIZ;
|
---|
1317 | }
|
---|
1318 |
|
---|
1319 | /* rewrite size in header
|
---|
1320 | */
|
---|
1321 | header[1] = message[12];
|
---|
1322 | header[2] = message[13];
|
---|
1323 | msg_size = (256 * (unsigned int)header[1] + (unsigned int)header[2]);
|
---|
1324 |
|
---|
1325 | if (msg_size > (message_size-16))
|
---|
1326 | {
|
---|
1327 | msg_size = message_size-16;
|
---|
1328 | header[1] = (unsigned int)(msg_size/256);
|
---|
1329 | header[2] = (unsigned int)(msg_size - (256 * header[1]));
|
---|
1330 | #ifdef DEBUG_EN2
|
---|
1331 | fprintf(stderr, "RECV TRUNC2 <%lu>\n", msg_size);
|
---|
1332 | #endif
|
---|
1333 | }
|
---|
1334 | #ifdef DEBUG_EN2
|
---|
1335 | fprintf(stderr, "REC2 <%lu>\n", msg_size);
|
---|
1336 | #endif
|
---|
1337 | /* protocol
|
---|
1338 | */
|
---|
1339 | /* memcpy(&header[3], &message[8], 4); */
|
---|
1340 |
|
---|
1341 | /* payload
|
---|
1342 | */
|
---|
1343 | msg_ret = SH_ALLOC(msg_size+1);
|
---|
1344 | if (msg_size > 0)
|
---|
1345 | {
|
---|
1346 | memcpy(msg_ret, &message[16], msg_size);
|
---|
1347 | }
|
---|
1348 | msg_ret[msg_size] = '\0';
|
---|
1349 | #ifdef DEBUG_EN2
|
---|
1350 | fprintf(stderr, "REC3 <%lu>\n", msg_size);
|
---|
1351 | #endif
|
---|
1352 | SH_FREE(message);
|
---|
1353 |
|
---|
1354 | return msg_ret;
|
---|
1355 | }
|
---|
1356 | #endif
|
---|
1357 |
|
---|
1358 | int sh_tools_hash_add(char * key, char * buf, int buflen)
|
---|
1359 | {
|
---|
1360 | char * theSig;
|
---|
1361 | char sigbuf[KEYBUF_SIZE];
|
---|
1362 |
|
---|
1363 | SL_ENTER(_("sh_tools_hash_add"));
|
---|
1364 |
|
---|
1365 | theSig = sh_util_siggen (key, buf, buflen, sigbuf, sizeof(sigbuf));
|
---|
1366 | sl_strlcat(buf, theSig, buflen + KEY_LEN + 1);
|
---|
1367 |
|
---|
1368 | SL_RETURN((0), _("sh_tools_hash_add"));
|
---|
1369 | }
|
---|
1370 |
|
---|
1371 |
|
---|
1372 | /* return 0 (== FALSE) if no match, else 1 (== TRUE)
|
---|
1373 | */
|
---|
1374 | int sh_tools_hash_vfy(char * key, char * buf, int buflen)
|
---|
1375 | {
|
---|
1376 | char hash[KEY_LEN+1];
|
---|
1377 | register int i;
|
---|
1378 | char * theSig;
|
---|
1379 | char sigbuf[KEYBUF_SIZE];
|
---|
1380 |
|
---|
1381 | SL_ENTER(_("sh_tools_hash_vfy"));
|
---|
1382 |
|
---|
1383 | theSig = sh_util_siggen (key, buf, buflen, sigbuf, sizeof(sigbuf));
|
---|
1384 | sl_strlcpy(hash, theSig, KEY_LEN+1);
|
---|
1385 |
|
---|
1386 | for (i = 0; i < KEY_LEN; ++i)
|
---|
1387 | {
|
---|
1388 | if (buf[buflen + i] != hash[i])
|
---|
1389 | SL_RETURN((0), _("sh_tools_hash_vfy"));
|
---|
1390 | }
|
---|
1391 |
|
---|
1392 | SL_RETURN((1), _("sh_tools_hash_vfy"));
|
---|
1393 | }
|
---|
1394 |
|
---|
1395 | /* ------------------------------------------ */
|
---|
1396 |
|
---|
1397 | #if defined (SH_WITH_SERVER)
|
---|
1398 |
|
---|
1399 | /* add a checksum to a buffer; put checksum in front
|
---|
1400 | */
|
---|
1401 | char * hash_me (char * key, char * buf, int buflen)
|
---|
1402 | {
|
---|
1403 | char hash[KEY_LEN+1];
|
---|
1404 | char * temp = NULL;
|
---|
1405 | register int i;
|
---|
1406 | int total = 0;
|
---|
1407 | char * theSig;
|
---|
1408 | char sigbuf[KEYBUF_SIZE];
|
---|
1409 |
|
---|
1410 |
|
---|
1411 | SL_ENTER(_("hash_me"));
|
---|
1412 |
|
---|
1413 | #ifdef DEBUG_EN2
|
---|
1414 | fprintf(stderr, "hash_me <%s> <%d>\n",
|
---|
1415 | (key == NULL) ? "NULL" : key, buflen);
|
---|
1416 | #endif
|
---|
1417 | /* key = H(NSRV,NCLT,SK)
|
---|
1418 | */
|
---|
1419 | ASSERT_RET((key != NULL), _("key != NULL"), (NULL));
|
---|
1420 | ASSERT_RET((buflen >= 0), _("buflen >= 0"), (NULL));
|
---|
1421 |
|
---|
1422 | theSig = sh_util_siggen (key, buf, buflen, sigbuf, sizeof(sigbuf));
|
---|
1423 | sl_strlcpy(hash, theSig, KEY_LEN+1);
|
---|
1424 |
|
---|
1425 | if (sl_ok_adds(buflen, KEY_LEN))
|
---|
1426 | {
|
---|
1427 | total = KEY_LEN + buflen;
|
---|
1428 | temp = SH_ALLOC (total);
|
---|
1429 |
|
---|
1430 | for (i = 0; i < KEY_LEN; ++i)
|
---|
1431 | temp[i] = hash[i];
|
---|
1432 |
|
---|
1433 | for (i = 0; i < buflen; ++i)
|
---|
1434 | temp[i+KEY_LEN] = buf[i];
|
---|
1435 | }
|
---|
1436 | else
|
---|
1437 | {
|
---|
1438 | sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
|
---|
1439 | _("integer overflow"),
|
---|
1440 | _("hash_me"));
|
---|
1441 | temp = sh_util_strdup(buf);
|
---|
1442 | }
|
---|
1443 | SL_RETURN(temp, _("hash_me"));
|
---|
1444 | }
|
---|
1445 | #endif
|
---|
1446 |
|
---|
1447 | #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
|
---|
1448 |
|
---|
1449 | /* verify the checksum of a buffer; checksum comes first
|
---|
1450 | */
|
---|
1451 | int hash_check(char * key,
|
---|
1452 | char * buf, int buflen)
|
---|
1453 | {
|
---|
1454 | char hash[KEY_LEN+1];
|
---|
1455 | register int i;
|
---|
1456 | char * theSig;
|
---|
1457 | char sigbuf[KEYBUF_SIZE];
|
---|
1458 |
|
---|
1459 | SL_ENTER(_("hash_check"));
|
---|
1460 |
|
---|
1461 | #ifdef DEBUG_EN2
|
---|
1462 | fprintf(stderr, "hash_check <%s> <%d>\n",
|
---|
1463 | (key == NULL) ? "NULL" : key, buflen);
|
---|
1464 | #endif
|
---|
1465 | theSig = sh_util_siggen (key, &buf[KEY_LEN], buflen-KEY_LEN,
|
---|
1466 | sigbuf, sizeof(sigbuf));
|
---|
1467 | sl_strlcpy(hash, theSig, KEY_LEN+1);
|
---|
1468 |
|
---|
1469 | for (i = 0; i < KEY_LEN; ++i)
|
---|
1470 | {
|
---|
1471 | if (buf[i] != hash[i])
|
---|
1472 | SL_RETURN((-1), _("hash_check"));
|
---|
1473 | }
|
---|
1474 | SL_RETURN((0), _("hash_check"));
|
---|
1475 | }
|
---|
1476 |
|
---|
1477 | #endif
|
---|
1478 |
|
---|
1479 | #if defined (SH_WITH_SERVER)
|
---|
1480 |
|
---|
1481 | char * get_client_conf_file (char * peer, unsigned long * length)
|
---|
1482 | {
|
---|
1483 | char * ret;
|
---|
1484 | int status;
|
---|
1485 | struct stat buf;
|
---|
1486 | char * base;
|
---|
1487 | size_t size;
|
---|
1488 |
|
---|
1489 | SL_ENTER(_("get_client_conf_file"));
|
---|
1490 |
|
---|
1491 | base = sh_util_strdup(DEFAULT_DATAROOT);
|
---|
1492 |
|
---|
1493 | size = sl_strlen(base);
|
---|
1494 | if (sl_ok_adds(size, sl_strlen(peer)))
|
---|
1495 | size += sl_strlen(peer);
|
---|
1496 | if (sl_ok_adds(size, 6))
|
---|
1497 | size += 6;
|
---|
1498 |
|
---|
1499 | ret = SH_ALLOC(size);
|
---|
1500 | sl_strlcpy(ret, base, size);
|
---|
1501 | sl_strlcat(ret, _("/rc."), size);
|
---|
1502 | sl_strlcat(ret, peer, size);
|
---|
1503 |
|
---|
1504 | status = retry_stat (FIL__, __LINE__, ret, &buf);
|
---|
1505 |
|
---|
1506 | if (status == 0)
|
---|
1507 | goto lab_end;
|
---|
1508 | else
|
---|
1509 | sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, status, MSG_E_ACCESS,
|
---|
1510 | (long) sh.effective.uid, ret);
|
---|
1511 |
|
---|
1512 | sl_strlcpy(ret, base, size);
|
---|
1513 | sl_strlcat(ret, "/rc", size);
|
---|
1514 |
|
---|
1515 | status = retry_stat (FIL__, __LINE__, ret, &buf);
|
---|
1516 |
|
---|
1517 | if (status == 0)
|
---|
1518 | goto lab_end;
|
---|
1519 | else
|
---|
1520 | sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_E_ACCESS,
|
---|
1521 | (long) sh.effective.uid, ret);
|
---|
1522 |
|
---|
1523 | SH_FREE(base);
|
---|
1524 | SH_FREE(ret);
|
---|
1525 | *length=0;
|
---|
1526 | SL_RETURN(NULL, _("get_client_conf_file"));
|
---|
1527 |
|
---|
1528 | lab_end:
|
---|
1529 | if (buf.st_size > 0x7fffffff)
|
---|
1530 | {
|
---|
1531 | sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_E_SUBGEN,
|
---|
1532 | _("File too large"), _("get_client_conf_file"));
|
---|
1533 | SH_FREE(base);
|
---|
1534 | SL_RETURN(NULL, _("get_client_conf_file"));
|
---|
1535 | }
|
---|
1536 | *length = (unsigned long) buf.st_size;
|
---|
1537 | SH_FREE(base);
|
---|
1538 | SL_RETURN(ret, _("get_client_conf_file"));
|
---|
1539 | }
|
---|
1540 |
|
---|
1541 | char * get_client_data_file (char * peer, unsigned long * length)
|
---|
1542 | {
|
---|
1543 | char * ret;
|
---|
1544 | int status;
|
---|
1545 | struct stat buf;
|
---|
1546 |
|
---|
1547 | char * base;
|
---|
1548 | size_t size;
|
---|
1549 |
|
---|
1550 | SL_ENTER(_("get_client_data_file"));
|
---|
1551 |
|
---|
1552 | base = sh_util_strdup(DEFAULT_DATAROOT);
|
---|
1553 |
|
---|
1554 | size = sl_strlen(base);
|
---|
1555 | if (sl_ok_adds(size, sl_strlen(peer)))
|
---|
1556 | size += sl_strlen(peer);
|
---|
1557 | if (sl_ok_adds(size, 8))
|
---|
1558 | size += 8;
|
---|
1559 |
|
---|
1560 | ret = SH_ALLOC(size);
|
---|
1561 | sl_strlcpy(ret, base, size);
|
---|
1562 | sl_strlcat(ret, _("/file."), size);
|
---|
1563 | sl_strlcat(ret, peer, size);
|
---|
1564 |
|
---|
1565 | status = retry_stat (FIL__, __LINE__, ret, &buf);
|
---|
1566 |
|
---|
1567 | if (status == 0)
|
---|
1568 | goto lab1_end;
|
---|
1569 | else
|
---|
1570 | sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, status, MSG_E_ACCESS,
|
---|
1571 | (long) sh.effective.uid, ret);
|
---|
1572 |
|
---|
1573 |
|
---|
1574 | sl_strlcpy(ret, base, size);
|
---|
1575 | sl_strlcat(ret, _("/file"), size);
|
---|
1576 |
|
---|
1577 | status = retry_stat (FIL__, __LINE__, ret, &buf);
|
---|
1578 |
|
---|
1579 | if (status == 0)
|
---|
1580 | goto lab1_end;
|
---|
1581 | else
|
---|
1582 | sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, status, MSG_E_ACCESS,
|
---|
1583 | (long) sh.effective.uid, ret);
|
---|
1584 |
|
---|
1585 |
|
---|
1586 | *length = 0;
|
---|
1587 | SH_FREE(base);
|
---|
1588 | SH_FREE(ret);
|
---|
1589 | SL_RETURN(NULL, _("get_client_data_file"));
|
---|
1590 |
|
---|
1591 | lab1_end:
|
---|
1592 | if (buf.st_size > 0x7fffffff)
|
---|
1593 | {
|
---|
1594 | sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_E_SUBGEN,
|
---|
1595 | _("File too large"), _("get_client_data_file"));
|
---|
1596 | SH_FREE(base);
|
---|
1597 | SL_RETURN(NULL, _("get_client_data_file"));
|
---|
1598 | }
|
---|
1599 | *length = (unsigned long) buf.st_size;
|
---|
1600 | SH_FREE(base);
|
---|
1601 | SL_RETURN(ret, _("get_client_data_file"));
|
---|
1602 |
|
---|
1603 | }
|
---|
1604 | #endif
|
---|
1605 |
|
---|
1606 | #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) || defined(SH_STEALTH) || defined(WITH_GPG) || defined(WITH_PGP)
|
---|
1607 |
|
---|
1608 | /* --------- secure temporary file ------------ */
|
---|
1609 |
|
---|
1610 | SL_TICKET open_tmp ()
|
---|
1611 | {
|
---|
1612 | SL_TICKET fd;
|
---|
1613 | UINT32 ticks;
|
---|
1614 | char * file;
|
---|
1615 | struct stat buf;
|
---|
1616 | int error;
|
---|
1617 | int status = BAD;
|
---|
1618 | char * my_tmp_dir;
|
---|
1619 | char hashbuf[KEYBUF_SIZE];
|
---|
1620 |
|
---|
1621 | SL_ENTER(_("open_tmp"));
|
---|
1622 |
|
---|
1623 | #if defined(SH_TMPDIR)
|
---|
1624 | my_tmp_dir = sh_util_strdup(SH_TMPDIR);
|
---|
1625 | #else
|
---|
1626 | #if defined(SH_WITH_SERVER)
|
---|
1627 | my_tmp_dir = sh_util_strdup(DEFAULT_LOGDIR);
|
---|
1628 | #else
|
---|
1629 | my_tmp_dir = sh_util_strdup(sh.effective.home);
|
---|
1630 | #endif
|
---|
1631 | #endif
|
---|
1632 |
|
---|
1633 | if (0 != tf_trust_check (my_tmp_dir, SL_YESPRIV))
|
---|
1634 | {
|
---|
1635 | dlog(1, FIL__, __LINE__,
|
---|
1636 | _("The directory for temporary files: %s is untrusted, i.e. an\nuntrusted user owns or can write to some directory in the path.\n"),
|
---|
1637 | my_tmp_dir);
|
---|
1638 | sh_error_handle ((-1), FIL__, __LINE__, EACCES, MSG_TRUST,
|
---|
1639 | (long) sh.effective.uid,
|
---|
1640 | my_tmp_dir);
|
---|
1641 | SH_FREE(my_tmp_dir);
|
---|
1642 | aud_exit (FIL__, __LINE__, EXIT_FAILURE);
|
---|
1643 | }
|
---|
1644 |
|
---|
1645 | do {
|
---|
1646 |
|
---|
1647 | /* create random filename in effective users home directory
|
---|
1648 | */
|
---|
1649 | ticks = taus_get ();
|
---|
1650 | if (my_tmp_dir[0] == '/' && my_tmp_dir[1] == '\0')
|
---|
1651 | file = sh_util_strconcat (my_tmp_dir,
|
---|
1652 | sh_tiger_hash( (char *) &ticks, TIGER_DATA, 4,
|
---|
1653 | hashbuf, sizeof(hashbuf)),
|
---|
1654 | NULL);
|
---|
1655 | else
|
---|
1656 | file = sh_util_strconcat (my_tmp_dir,
|
---|
1657 | "/",
|
---|
1658 | sh_tiger_hash( (char *) &ticks, TIGER_DATA, 4,
|
---|
1659 | hashbuf, sizeof(hashbuf)),
|
---|
1660 | NULL);
|
---|
1661 |
|
---|
1662 | /* check whether it already exists (paranoia)
|
---|
1663 | */
|
---|
1664 | errno = 0;
|
---|
1665 | status = retry_lstat(FIL__, __LINE__, file, &buf);
|
---|
1666 | error = errno;
|
---|
1667 |
|
---|
1668 | if ( (status < 0) && (error == ENOENT) ) /* file does not exist */
|
---|
1669 | status = GOOD;
|
---|
1670 | else if (status < 0) /* unexpected error condition */
|
---|
1671 | {
|
---|
1672 | SH_FREE (file);
|
---|
1673 | SH_FREE(my_tmp_dir);
|
---|
1674 | sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, status, MSG_E_SUBGEN,
|
---|
1675 | _("Error (lstat) while opening temporary file"), _("open_tmp"));
|
---|
1676 | TPT(( 0, FIL__, __LINE__, _("msg=<Unexpected error %d>\n"), error));
|
---|
1677 | SL_RETURN((-1), _("open_tmp"));
|
---|
1678 | }
|
---|
1679 | else /* file exists */
|
---|
1680 | {
|
---|
1681 | status = BAD;
|
---|
1682 | TPT(( 0, FIL__, __LINE__, _("msg=<Temporary file exists already>\n")));
|
---|
1683 | }
|
---|
1684 |
|
---|
1685 | if (status == GOOD)
|
---|
1686 | {
|
---|
1687 | if (0 == tf_trust_check (file, SL_YESPRIV))
|
---|
1688 | status = GOOD;
|
---|
1689 | else
|
---|
1690 | {
|
---|
1691 | status = BAD;
|
---|
1692 | TPT(( 0, FIL__, __LINE__, _("msg=<Temporary file untrusted>\n")));
|
---|
1693 | }
|
---|
1694 | }
|
---|
1695 |
|
---|
1696 | if (status == BAD)
|
---|
1697 | SH_FREE (file);
|
---|
1698 |
|
---|
1699 | } while (status == BAD);
|
---|
1700 |
|
---|
1701 | fd = sl_open_safe_rdwr (file, SL_YESPRIV);
|
---|
1702 | if (SL_ISERROR(fd))
|
---|
1703 | {
|
---|
1704 | sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, fd, MSG_E_SUBGEN,
|
---|
1705 | _("Error opening temporary file"), _("open_tmp"));
|
---|
1706 | TPT(( 0, FIL__, __LINE__, _("msg=<Error %d temporary file %s>\n"),
|
---|
1707 | fd, file));
|
---|
1708 | }
|
---|
1709 |
|
---|
1710 |
|
---|
1711 | SH_FREE (file);
|
---|
1712 | SH_FREE(my_tmp_dir);
|
---|
1713 |
|
---|
1714 | if (!SL_ISERROR(fd)) {
|
---|
1715 | sl_unlink(fd);
|
---|
1716 | }
|
---|
1717 |
|
---|
1718 | if (!SL_ISERROR(fd))
|
---|
1719 | SL_RETURN((fd), _("open_tmp"));
|
---|
1720 | else
|
---|
1721 | SL_RETURN((-1), _("open_tmp"));
|
---|
1722 | }
|
---|
1723 |
|
---|
1724 |
|
---|
1725 | int close_tmp (SL_TICKET fd)
|
---|
1726 | {
|
---|
1727 | SL_ENTER(_("close_tmp"));
|
---|
1728 |
|
---|
1729 | if (SL_ISERROR(sl_close (fd)))
|
---|
1730 | SL_RETURN((-1), _("close_tmp"));
|
---|
1731 | SL_RETURN((0), _("close_tmp"));
|
---|
1732 | }
|
---|
1733 |
|
---|
1734 | int rewind_tmp (SL_TICKET fd)
|
---|
1735 | {
|
---|
1736 | SL_ENTER(_("rewind_tmp"));
|
---|
1737 |
|
---|
1738 | if (SL_ISERROR(sl_rewind (fd)))
|
---|
1739 | SL_RETURN((-1), _("rewind_tmp"));
|
---|
1740 | SL_RETURN((0), _("rewind_tmp"));
|
---|
1741 | }
|
---|
1742 | #endif
|
---|