1 | /* SAMHAIN file system integrity testing */
|
---|
2 | /* Copyright (C) 1999, 2000 Rainer Wichmann */
|
---|
3 | /* */
|
---|
4 | /* This program is free software; you can redistribute it */
|
---|
5 | /* and/or modify */
|
---|
6 | /* it under the terms of the GNU General Public License as */
|
---|
7 | /* published by */
|
---|
8 | /* the Free Software Foundation; either version 2 of the License, or */
|
---|
9 | /* (at your option) any later version. */
|
---|
10 | /* */
|
---|
11 | /* This program is distributed in the hope that it will be useful, */
|
---|
12 | /* but WITHOUT ANY WARRANTY; without even the implied warranty of */
|
---|
13 | /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
|
---|
14 | /* GNU General Public License for more details. */
|
---|
15 | /* */
|
---|
16 | /* You should have received a copy of the GNU General Public License */
|
---|
17 | /* along with this program; if not, write to the Free Software */
|
---|
18 | /* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
|
---|
19 |
|
---|
20 | #include "config_xor.h"
|
---|
21 |
|
---|
22 |
|
---|
23 | #include <stdio.h>
|
---|
24 | #include <stdlib.h>
|
---|
25 | #include <string.h>
|
---|
26 | #include <ctype.h>
|
---|
27 |
|
---|
28 | /* Must be early on FreeBSD
|
---|
29 | */
|
---|
30 | #include <sys/types.h>
|
---|
31 |
|
---|
32 | #ifdef HAVE_MEMORY_H
|
---|
33 | #include <memory.h>
|
---|
34 | #endif
|
---|
35 |
|
---|
36 | #ifdef HAVE_SYS_SELECT_H
|
---|
37 | #include <sys/select.h>
|
---|
38 | #endif
|
---|
39 |
|
---|
40 | #ifdef HAVE_UNISTD_H
|
---|
41 | #include <errno.h>
|
---|
42 | #include <signal.h>
|
---|
43 | #include <setjmp.h>
|
---|
44 | #include <pwd.h>
|
---|
45 | #include <grp.h>
|
---|
46 | #include <sys/stat.h>
|
---|
47 | #include <sys/resource.h>
|
---|
48 | #include <fcntl.h>
|
---|
49 | #include <sys/wait.h>
|
---|
50 | #include <unistd.h>
|
---|
51 | #endif
|
---|
52 |
|
---|
53 | #include <sys/socket.h>
|
---|
54 |
|
---|
55 | #ifdef HOST_IS_HPUX
|
---|
56 | #define _XOPEN_SOURCE_EXTENDED
|
---|
57 | #endif
|
---|
58 | #include <netinet/in.h>
|
---|
59 | #include <arpa/inet.h>
|
---|
60 | #include <netdb.h>
|
---|
61 |
|
---|
62 | #ifndef FD_SET
|
---|
63 | #define NFDBITS 32
|
---|
64 | #define FD_SET(n, p) ((p)->fds_bits[(n)/NFDBITS] |= (1 << ((n) % NFDBITS)))
|
---|
65 | #define FD_CLR(n, p) ((p)->fds_bits[(n)/NFDBITS] &= ~(1 << ((n) % NFDBITS)))
|
---|
66 | #define FD_ISSET(n, p) ((p)->fds_bits[(n)/NFDBITS] & (1 << ((n) % NFDBITS)))
|
---|
67 | #endif /* !FD_SET */
|
---|
68 | #ifndef FD_SETSIZE
|
---|
69 | #define FD_SETSIZE 32
|
---|
70 | #endif
|
---|
71 | #ifndef FD_ZERO
|
---|
72 | #define FD_ZERO(p) memset((char *)(p), '\0', sizeof(*(p)))
|
---|
73 | #endif
|
---|
74 |
|
---|
75 |
|
---|
76 | #if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
|
---|
77 | #include <sys/mman.h>
|
---|
78 | #endif
|
---|
79 |
|
---|
80 | #define SH_REAL_SET
|
---|
81 |
|
---|
82 | #include "samhain.h"
|
---|
83 | #include "sh_mem.h"
|
---|
84 | #include "sh_error.h"
|
---|
85 | #include "sh_tools.h"
|
---|
86 | #include "sh_utils.h"
|
---|
87 | #include "sh_tiger.h"
|
---|
88 | #define SH_NEED_GETHOSTBYXXX
|
---|
89 | #include "sh_static.h"
|
---|
90 |
|
---|
91 | #undef FIL__
|
---|
92 | #define FIL__ _("sh_tools.c")
|
---|
93 |
|
---|
94 | #ifdef SH_ENCRYPT
|
---|
95 | #include "rijndael-api-fst.h"
|
---|
96 | char * errorExplain (int err_num)
|
---|
97 | {
|
---|
98 | if (err_num == BAD_KEY_DIR)
|
---|
99 | return (_("Key direction is invalid"));
|
---|
100 | else if (err_num == BAD_KEY_MAT)
|
---|
101 | return (_("Key material not of correct length"));
|
---|
102 | else if (err_num == BAD_KEY_INSTANCE)
|
---|
103 | return (_("Key passed is not valid"));
|
---|
104 | else if (err_num == BAD_CIPHER_MODE)
|
---|
105 | return (_("Params struct passed to cipherInit invalid"));
|
---|
106 | else if (err_num == BAD_CIPHER_STATE)
|
---|
107 | return (_("Cipher in wrong state"));
|
---|
108 | else if (err_num == BAD_BLOCK_LENGTH)
|
---|
109 | return (_("Bad block length"));
|
---|
110 | else if (err_num == BAD_CIPHER_INSTANCE)
|
---|
111 | return (_("Bad cipher instance"));
|
---|
112 | else if (err_num == BAD_DATA)
|
---|
113 | return (_("Data contents are invalid"));
|
---|
114 | else
|
---|
115 | return (_("Unknown error"));
|
---|
116 | }
|
---|
117 |
|
---|
118 | #endif
|
---|
119 |
|
---|
120 | /* --- recode all \blah escapes to '=XX' format, and also code all
|
---|
121 | * remaining unprintable chars ---
|
---|
122 | */
|
---|
123 | #define SH_PUT_4(p, a, b, c) (p)[0] = (a); (p)[1] = (b); (p)[2] = (c);
|
---|
124 |
|
---|
125 | char * sh_tools_safe_name (const char * instr, int flag)
|
---|
126 | {
|
---|
127 | unsigned char c, d;
|
---|
128 | const char * p;
|
---|
129 | char tmp[4];
|
---|
130 | char * outstr;
|
---|
131 | int len = 1;
|
---|
132 | int i = 0;
|
---|
133 | unsigned char val_octal = '\0';
|
---|
134 | static char ctable[16] = { '0', '1', '2', '3', '4', '5', '6', '7',
|
---|
135 | '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
|
---|
136 |
|
---|
137 | SL_ENTER(_("sh_tools_safe_name"));
|
---|
138 |
|
---|
139 | if (instr)
|
---|
140 | len = (3 * strlen(instr)) + 4;
|
---|
141 |
|
---|
142 | outstr = SH_ALLOC(len);
|
---|
143 |
|
---|
144 | outstr[0] = '\0';
|
---|
145 | tmp[3] = '\0';
|
---|
146 |
|
---|
147 | p = instr;
|
---|
148 |
|
---|
149 | #if !defined(SH_USE_XML)
|
---|
150 | (void) flag; /* fix compiler warning */
|
---|
151 | #endif
|
---|
152 |
|
---|
153 | if (!p)
|
---|
154 | goto end;
|
---|
155 |
|
---|
156 | while (*p)
|
---|
157 | {
|
---|
158 | c = *p;
|
---|
159 |
|
---|
160 | if (*p == '\n')
|
---|
161 | {
|
---|
162 | outstr[i] = ' '; ++i; ++p;
|
---|
163 | continue;
|
---|
164 | }
|
---|
165 |
|
---|
166 | #ifdef SH_USE_XML
|
---|
167 | if (flag == 1)
|
---|
168 | {
|
---|
169 | if ((*p) == '"')
|
---|
170 | {
|
---|
171 | SH_PUT_4(&outstr[i], '=', '2', '2');
|
---|
172 | i+=3; ++p;
|
---|
173 | continue;
|
---|
174 | }
|
---|
175 | else if ((*p) == '&')
|
---|
176 | {
|
---|
177 | SH_PUT_4(&outstr[i], '=', '2', '6');
|
---|
178 | i+=3; ++p;
|
---|
179 | continue;
|
---|
180 | }
|
---|
181 | else if ((*p) == '<')
|
---|
182 | { /* left angle */
|
---|
183 | SH_PUT_4(&outstr[i], '=', '3', 'c');
|
---|
184 | i+=3; ++p;
|
---|
185 | continue;
|
---|
186 | }
|
---|
187 | else if ((*p) == '>')
|
---|
188 | { /* right angle */
|
---|
189 | SH_PUT_4(&outstr[i], '=', '3', 'e');
|
---|
190 | i+=3; ++p;
|
---|
191 | continue;
|
---|
192 | }
|
---|
193 | }
|
---|
194 | #endif
|
---|
195 |
|
---|
196 | if ( (*p) != '\\' && (*p) != '&' && (*p) != '=' && (*p) != '\'')
|
---|
197 | {
|
---|
198 | outstr[i] = *p; ++i;
|
---|
199 | ++p;
|
---|
200 |
|
---|
201 | if (c < 31 || c > 126)
|
---|
202 | {
|
---|
203 | --i;
|
---|
204 | d = c % 16; c = c / 16;
|
---|
205 | outstr[i] = '='; ++i;
|
---|
206 | outstr[i] = ctable[c]; ++i;
|
---|
207 | outstr[i] = ctable[d]; ++i;
|
---|
208 | }
|
---|
209 |
|
---|
210 | continue;
|
---|
211 | }
|
---|
212 | else if ((*p) == '\'')
|
---|
213 | {
|
---|
214 | SH_PUT_4(&outstr[i], '=', '2', '7');
|
---|
215 | i+=3; ++p;
|
---|
216 | }
|
---|
217 | else if (*p == '=')
|
---|
218 | {
|
---|
219 | if (p[1] != '"' && p[1] != '<')
|
---|
220 | {
|
---|
221 | SH_PUT_4(&outstr[i], '=', '3', 'd');
|
---|
222 | i+=3; ++p;
|
---|
223 | }
|
---|
224 | else
|
---|
225 | { outstr[i] = *p; ++i; ++p; }
|
---|
226 | }
|
---|
227 | else if (*p == '\\')
|
---|
228 | {
|
---|
229 | ++p;
|
---|
230 | if (!p)
|
---|
231 | break;
|
---|
232 | if (!(*p))
|
---|
233 | break;
|
---|
234 |
|
---|
235 | c = *p;
|
---|
236 |
|
---|
237 | switch (*p) {
|
---|
238 | case '\\':
|
---|
239 | SH_PUT_4(&outstr[i], '=', '5', 'c');
|
---|
240 | i+=3; ++p;
|
---|
241 | break;
|
---|
242 | case 'n':
|
---|
243 | SH_PUT_4(&outstr[i], '=', '0', 'a');
|
---|
244 | i+=3; ++p;
|
---|
245 | break;
|
---|
246 | case 'b':
|
---|
247 | SH_PUT_4(&outstr[i], '=', '0', '8');
|
---|
248 | i+=3; ++p;
|
---|
249 | break;
|
---|
250 | case 'r':
|
---|
251 | SH_PUT_4(&outstr[i], '=', '0', 'd');
|
---|
252 | i+=3; ++p;
|
---|
253 | break;
|
---|
254 | case 't':
|
---|
255 | SH_PUT_4(&outstr[i], '=', '0', '9');
|
---|
256 | i+=3; ++p;
|
---|
257 | break;
|
---|
258 | case 'v':
|
---|
259 | SH_PUT_4(&outstr[i], '=', '0', 'b');
|
---|
260 | i+=3; ++p;
|
---|
261 | break;
|
---|
262 | case 'f':
|
---|
263 | SH_PUT_4(&outstr[i], '=', '0', 'c');
|
---|
264 | i+=3; ++p;
|
---|
265 | break;
|
---|
266 | case '\'':
|
---|
267 | SH_PUT_4(&outstr[i], '=', '2', '7');
|
---|
268 | i+=3; ++p;
|
---|
269 | break;
|
---|
270 | case '"': /* also encode quoted '"' */
|
---|
271 | SH_PUT_4(&outstr[i], '=', '2', '2');
|
---|
272 | i+=3; ++p;
|
---|
273 | break;
|
---|
274 | case ' ':
|
---|
275 | SH_PUT_4(&outstr[i], '=', '2', '0');
|
---|
276 | i+=3; ++p;
|
---|
277 | break;
|
---|
278 | default:
|
---|
279 | if (strlen(p) < 3) /* certainly not an octal number, skip */
|
---|
280 | {
|
---|
281 | p += strlen(p);
|
---|
282 | }
|
---|
283 | else
|
---|
284 | {
|
---|
285 | tmp[0] = p[0]; tmp[1] = p[1]; tmp[2] = p[2];
|
---|
286 | val_octal = (unsigned char) strtoul(tmp, (char **)NULL, 8);
|
---|
287 | if (val_octal != '\0') {
|
---|
288 | c = val_octal;
|
---|
289 | d = c % 16; c = c / 16;
|
---|
290 | outstr[i] = '='; ++i;
|
---|
291 | outstr[i] = ctable[c]; ++i;
|
---|
292 | outstr[i] = ctable[d]; ++i;
|
---|
293 | }
|
---|
294 | p += 3;
|
---|
295 | }
|
---|
296 | }
|
---|
297 | }
|
---|
298 | else if (*p == '&')
|
---|
299 | {
|
---|
300 | ++p;
|
---|
301 | if (!p || !(*p))
|
---|
302 | {
|
---|
303 | outstr[i] = '&'; ++i;
|
---|
304 | break;
|
---|
305 | }
|
---|
306 |
|
---|
307 | if (p[0] == 'a' && p[1] == 'm' && p[2] == 'p' && p[3] == ';')
|
---|
308 | {
|
---|
309 | SH_PUT_4(&outstr[i], '=', '2', '6');
|
---|
310 | i+=3; p += 4;
|
---|
311 | }
|
---|
312 | else if (p[0] == 'q' && p[1] == 'u' && p[2] == 'o' && p[3] == 't' &&
|
---|
313 | p[4] == ';')
|
---|
314 | {
|
---|
315 | SH_PUT_4(&outstr[i], '=', '2', '2');
|
---|
316 | i+=3; p += 5;
|
---|
317 | }
|
---|
318 | else if (p[0] == 'l' && p[1] == 't' && p[2] == ';')
|
---|
319 | {
|
---|
320 | SH_PUT_4(&outstr[i], '=', '3', 'c');
|
---|
321 | i+=3; p += 3;
|
---|
322 | }
|
---|
323 | else if (p[0] == 'g' && p[1] == 't' && p[2] == ';')
|
---|
324 | {
|
---|
325 | SH_PUT_4(&outstr[i], '=', '3', 'e');
|
---|
326 | i+=3; p += 3;
|
---|
327 | }
|
---|
328 | else /* conserve the '&' */
|
---|
329 | {
|
---|
330 | outstr[i] = '&'; ++i;
|
---|
331 | }
|
---|
332 | }
|
---|
333 | else
|
---|
334 | {
|
---|
335 | outstr[i] = *p; ++i;
|
---|
336 | ++p;
|
---|
337 | }
|
---|
338 | } /* while (p && *p) */
|
---|
339 |
|
---|
340 | end:
|
---|
341 |
|
---|
342 | outstr[i] = '\0';
|
---|
343 | SL_RETURN( outstr, _("sh_tools_safe_name"));
|
---|
344 | }
|
---|
345 |
|
---|
346 |
|
---|
347 | /* extern int h_errno; */
|
---|
348 |
|
---|
349 | char * sh_tools_errmessage (int tellme)
|
---|
350 | {
|
---|
351 |
|
---|
352 | #ifdef HOST_NOT_FOUND
|
---|
353 | if (tellme == HOST_NOT_FOUND)
|
---|
354 | return _("The specified host is unknown: ");
|
---|
355 | #endif
|
---|
356 | #ifdef NO_ADDRESS
|
---|
357 | if (tellme == NO_ADDRESS)
|
---|
358 | return _("The requested name is valid but does not have an IP address: ");
|
---|
359 | #endif
|
---|
360 | #ifdef NO_RECOVERY
|
---|
361 | if (tellme == NO_RECOVERY)
|
---|
362 | return _("A non-recoverable name server error occurred: ");
|
---|
363 | #endif
|
---|
364 | #ifdef TRY_AGAIN
|
---|
365 | if (tellme == TRY_AGAIN)
|
---|
366 | return _("A temporary error occurred on an authoritative name server. The specified host is unknown: ");
|
---|
367 | #endif
|
---|
368 | return _("Unknown error");
|
---|
369 | }
|
---|
370 |
|
---|
371 | int is_numeric (const char * address)
|
---|
372 | {
|
---|
373 | int j;
|
---|
374 | int len = sl_strlen(address);
|
---|
375 |
|
---|
376 | for (j = 0; j < len; ++j)
|
---|
377 | if ( (address[j] < '0' || address[j] > '9') && address[j] != '.')
|
---|
378 | return (1 == 0);
|
---|
379 | return (1 == 1);
|
---|
380 | }
|
---|
381 |
|
---|
382 | #if defined (SH_WITH_SERVER)
|
---|
383 |
|
---|
384 | int get_open_max ()
|
---|
385 | {
|
---|
386 | int value;
|
---|
387 |
|
---|
388 | #ifdef _SC_OPEN_MAX
|
---|
389 | value = sysconf (_SC_OPEN_MAX);
|
---|
390 | #else
|
---|
391 | #ifdef OPEN_MAX
|
---|
392 | value = OPEN_MAX;
|
---|
393 | #else
|
---|
394 | value = _POSIX_OPEN_MAX;
|
---|
395 | #endif
|
---|
396 | #endif
|
---|
397 |
|
---|
398 | if (value < 0)
|
---|
399 | value = 8; /* POSIX lower limit */
|
---|
400 |
|
---|
401 | if (value > 4096)
|
---|
402 | value = 4096;
|
---|
403 |
|
---|
404 | return value;
|
---|
405 | }
|
---|
406 |
|
---|
407 | #endif
|
---|
408 |
|
---|
409 | typedef struct _sin_cache {
|
---|
410 | char * address;
|
---|
411 | struct sockaddr_in sin;
|
---|
412 | struct _sin_cache * next;
|
---|
413 | } sin_cache;
|
---|
414 |
|
---|
415 | static sin_cache * conn_cache = NULL;
|
---|
416 | static int cached_addr = 0;
|
---|
417 |
|
---|
418 | void delete_cache()
|
---|
419 | {
|
---|
420 | sin_cache * check_cache = conn_cache;
|
---|
421 | sin_cache * old_entry = conn_cache;
|
---|
422 |
|
---|
423 | SL_ENTER(_("delete_cache"));
|
---|
424 |
|
---|
425 | while (check_cache != NULL)
|
---|
426 | {
|
---|
427 | old_entry = check_cache;
|
---|
428 | check_cache = check_cache->next;
|
---|
429 | SH_FREE(old_entry->address);
|
---|
430 | SH_FREE(old_entry);
|
---|
431 | }
|
---|
432 |
|
---|
433 | cached_addr = 0;
|
---|
434 |
|
---|
435 | conn_cache = NULL;
|
---|
436 | SL_RET0(_("delete_cache"));
|
---|
437 | }
|
---|
438 |
|
---|
439 | int DoReverseLookup = S_TRUE;
|
---|
440 |
|
---|
441 | int set_reverse_lookup (const char * c)
|
---|
442 | {
|
---|
443 | return sh_util_flagval(c, &DoReverseLookup);
|
---|
444 | }
|
---|
445 |
|
---|
446 | int connect_port (char * address, int port,
|
---|
447 | char * ecall, int * errnum, char * errmsg, int errsiz)
|
---|
448 | {
|
---|
449 | struct in_addr haddr; /* host address from numeric */
|
---|
450 | /* host details returned by the DNS */
|
---|
451 | struct hostent *host_entry = NULL;
|
---|
452 | struct sockaddr_in sinr; /* socket to the remote host */
|
---|
453 |
|
---|
454 | char * host_name;
|
---|
455 |
|
---|
456 | int fd = (-1);
|
---|
457 | int status;
|
---|
458 | int fail = 0;
|
---|
459 | int cached = 0;
|
---|
460 |
|
---|
461 | int retval;
|
---|
462 | size_t len;
|
---|
463 |
|
---|
464 | sin_cache * check_cache = conn_cache;
|
---|
465 |
|
---|
466 | SL_ENTER(_("connect_port"));
|
---|
467 |
|
---|
468 | /* paranoia -- should not happen
|
---|
469 | */
|
---|
470 | if (cached_addr > 128)
|
---|
471 | delete_cache();
|
---|
472 |
|
---|
473 | if (check_cache != NULL)
|
---|
474 | {
|
---|
475 | while (check_cache && check_cache->address)
|
---|
476 | {
|
---|
477 | if ( 0 == sl_strncmp(check_cache->address,
|
---|
478 | address, sl_strlen(address)))
|
---|
479 | {
|
---|
480 | memcpy (&sinr, &(check_cache->sin), sizeof(struct sockaddr_in));
|
---|
481 | sinr.sin_family = AF_INET;
|
---|
482 | sinr.sin_port = htons (port);
|
---|
483 | cached = 1;
|
---|
484 | break;
|
---|
485 | }
|
---|
486 | if (check_cache->next)
|
---|
487 | check_cache = check_cache->next;
|
---|
488 | else
|
---|
489 | check_cache = NULL;
|
---|
490 | }
|
---|
491 | }
|
---|
492 |
|
---|
493 | /* only use gethostbyname() if neccessary
|
---|
494 | */
|
---|
495 | if (cached == 0)
|
---|
496 | {
|
---|
497 | #ifdef HAVE_INET_ATON
|
---|
498 | if (0 == inet_aton(address, &haddr))
|
---|
499 | #else
|
---|
500 | if ((unsigned long)-1 == (haddr.s_addr = inet_addr(address)))
|
---|
501 | #endif
|
---|
502 | {
|
---|
503 |
|
---|
504 | host_entry = sh_gethostbyname(address);
|
---|
505 |
|
---|
506 | if (host_entry == NULL || host_entry->h_addr == NULL)
|
---|
507 | {
|
---|
508 | sl_strlcpy(ecall, _("gethostbyname"), SH_MINIBUF);
|
---|
509 | #ifndef NO_H_ERRNO
|
---|
510 | *errnum = h_errno;
|
---|
511 | #else
|
---|
512 | *errnum = 666;
|
---|
513 | #endif
|
---|
514 | sl_strlcpy(errmsg, sh_tools_errmessage (*errnum), errsiz);
|
---|
515 | sl_strlcat(errmsg, address, errsiz);
|
---|
516 | fail = (-1);
|
---|
517 | }
|
---|
518 | else
|
---|
519 | {
|
---|
520 | sinr.sin_family = AF_INET;
|
---|
521 | sinr.sin_port = htons (port);
|
---|
522 | sinr.sin_addr = *(struct in_addr *) host_entry->h_addr;
|
---|
523 |
|
---|
524 |
|
---|
525 | /* reverse DNS lookup
|
---|
526 | */
|
---|
527 | if (DoReverseLookup == S_TRUE)
|
---|
528 | {
|
---|
529 | if (host_entry->h_name == NULL)
|
---|
530 | {
|
---|
531 | host_name = SH_ALLOC(1);
|
---|
532 | host_name[0] = '\0';
|
---|
533 | }
|
---|
534 | else
|
---|
535 | {
|
---|
536 | len = sl_strlen(host_entry->h_name) + 1;
|
---|
537 | host_name = SH_ALLOC(len);
|
---|
538 | if (len > 1)
|
---|
539 | sl_strlcpy(host_name, host_entry->h_name, len);
|
---|
540 | else
|
---|
541 | host_name[0] = '\0';
|
---|
542 | }
|
---|
543 |
|
---|
544 | host_entry = sh_gethostbyaddr ((char *) &sinr.sin_addr,
|
---|
545 | sizeof(struct in_addr),
|
---|
546 | AF_INET);
|
---|
547 | if (host_entry == NULL || host_entry->h_name == NULL)
|
---|
548 | {
|
---|
549 | sl_strlcpy(ecall, _("gethostbyaddr"), SH_MINIBUF);
|
---|
550 | #ifndef NO_H_ERRNO
|
---|
551 | *errnum = h_errno;
|
---|
552 | #else
|
---|
553 | *errnum = 666;
|
---|
554 | #endif
|
---|
555 | sl_strlcpy(errmsg,
|
---|
556 | sh_tools_errmessage (*errnum), errsiz);
|
---|
557 | sl_strlcat(errmsg,
|
---|
558 | inet_ntoa (*(struct in_addr *) &(sinr.sin_addr)),
|
---|
559 | errsiz);
|
---|
560 | fail = (-1);
|
---|
561 | }
|
---|
562 | else
|
---|
563 | {
|
---|
564 | *errnum = 0;
|
---|
565 | if (sl_strlen(host_entry->h_name) == 0 ||
|
---|
566 | (*errnum = sl_strcmp(host_name,host_entry->h_name)) != 0)
|
---|
567 | {
|
---|
568 | if (*errnum)
|
---|
569 | sl_strlcpy(ecall, _("strcmp"), SH_MINIBUF);
|
---|
570 | else
|
---|
571 | sl_strlcpy(ecall, _("strlen"), SH_MINIBUF);
|
---|
572 | sl_strlcpy(errmsg, _("Reverse lookup failed."),
|
---|
573 | errsiz);
|
---|
574 | sl_strlcat(errmsg, address, errsiz);
|
---|
575 | sl_strlcat(errmsg, _(" vs "), errsiz);
|
---|
576 | sl_strlcat(errmsg,
|
---|
577 | inet_ntoa (*(struct in_addr *) &(sinr.sin_addr)),
|
---|
578 | errsiz);
|
---|
579 | fail = -1;
|
---|
580 | }
|
---|
581 | }
|
---|
582 |
|
---|
583 | SH_FREE(host_name);
|
---|
584 | }
|
---|
585 | }
|
---|
586 | }
|
---|
587 |
|
---|
588 | else /* address was numeric */
|
---|
589 | {
|
---|
590 | sinr.sin_family = AF_INET;
|
---|
591 | sinr.sin_port = htons (port);
|
---|
592 | sinr.sin_addr = haddr;
|
---|
593 | }
|
---|
594 |
|
---|
595 |
|
---|
596 | if (fail != -1)
|
---|
597 | {
|
---|
598 | /* put it into the cache
|
---|
599 | */
|
---|
600 | check_cache = SH_ALLOC(sizeof(sin_cache));
|
---|
601 | check_cache->address = SH_ALLOC(sl_strlen(address) + 1);
|
---|
602 | sl_strlcpy (check_cache->address, address, sl_strlen(address) + 1);
|
---|
603 | memcpy(&(check_cache->sin), &sinr, sizeof(struct sockaddr_in));
|
---|
604 | ++cached_addr;
|
---|
605 |
|
---|
606 | if (conn_cache)
|
---|
607 | {
|
---|
608 | if (conn_cache->next)
|
---|
609 | check_cache->next = conn_cache->next;
|
---|
610 | else
|
---|
611 | check_cache->next = NULL;
|
---|
612 | conn_cache->next = check_cache;
|
---|
613 | }
|
---|
614 | else
|
---|
615 | {
|
---|
616 | check_cache->next = NULL;
|
---|
617 | conn_cache = check_cache;
|
---|
618 | }
|
---|
619 | }
|
---|
620 | }
|
---|
621 |
|
---|
622 |
|
---|
623 | if (fail != (-1))
|
---|
624 | {
|
---|
625 | fd = socket(AF_INET, SOCK_STREAM, 0);
|
---|
626 | if (fd < 0) {
|
---|
627 | fail = (-1);
|
---|
628 | status = errno;
|
---|
629 | sl_strlcpy(ecall, _("socket"), SH_MINIBUF);
|
---|
630 | *errnum = status;
|
---|
631 | sl_strlcpy(errmsg, sh_error_message (status), errsiz);
|
---|
632 | sl_strlcat(errmsg, _(", address "), errsiz);
|
---|
633 | sl_strlcat(errmsg, address, errsiz);
|
---|
634 | }
|
---|
635 | }
|
---|
636 |
|
---|
637 | if (fail != (-1)) {
|
---|
638 |
|
---|
639 | if ( retry_connect(FIL__, __LINE__, fd,
|
---|
640 | (struct sockaddr *) &sinr, sizeof(sinr)) < 0)
|
---|
641 | {
|
---|
642 | status = errno;
|
---|
643 | sl_strlcpy(ecall, _("connect"), SH_MINIBUF);
|
---|
644 | *errnum = status;
|
---|
645 | sl_strlcpy(errmsg, sh_error_message (status), errsiz);
|
---|
646 | sl_strlcat(errmsg, _(", address "), errsiz);
|
---|
647 | sl_strlcat(errmsg, address, errsiz);
|
---|
648 | close(fd);
|
---|
649 | fail = (-1);
|
---|
650 | }
|
---|
651 | }
|
---|
652 |
|
---|
653 | retval = (fail < 0) ? (-1) : fd;
|
---|
654 | SL_RETURN(retval, _("connect_port"));
|
---|
655 | }
|
---|
656 |
|
---|
657 | int connect_port_2 (char * address1, char * address2, int port,
|
---|
658 | char * ecall, int * errnum, char * errmsg, int errsiz)
|
---|
659 | {
|
---|
660 | int retval = (-1);
|
---|
661 |
|
---|
662 | SL_ENTER(_("connect_port_2"));
|
---|
663 |
|
---|
664 | errmsg[0] = '\0';
|
---|
665 | *errnum = 0;
|
---|
666 |
|
---|
667 | if (address1 != NULL && address1[0] != '\0')
|
---|
668 | retval = connect_port (address1, port,
|
---|
669 | ecall, errnum,
|
---|
670 | errmsg, errsiz);
|
---|
671 |
|
---|
672 | if (retval < 0 && address2 != NULL && address2[0] != '\0')
|
---|
673 | {
|
---|
674 | /* can't use sh_error_handle here, as this would cause an infinite
|
---|
675 | * loop if called from sh_unix_time
|
---|
676 | */
|
---|
677 | TPT(( 0, FIL__, __LINE__, _("msg=<Using alternative server %s.>\n"),
|
---|
678 | address2));
|
---|
679 | retval = connect_port (address2, port,
|
---|
680 | ecall, errnum,
|
---|
681 | errmsg, errsiz);
|
---|
682 | }
|
---|
683 |
|
---|
684 | if ((retval < 0) &&
|
---|
685 | (address1 == NULL || address1[0] == '\0') &&
|
---|
686 | (address1 == NULL || address1[0] == '\0'))
|
---|
687 | {
|
---|
688 | sl_strlcpy(ecall, _("connect_port_2"), SH_MINIBUF);
|
---|
689 | sl_strlcpy(errmsg, _("No server address known"), errsiz);
|
---|
690 | }
|
---|
691 | SL_RETURN(retval, _("connect_port_2"));
|
---|
692 | /* return retval; */
|
---|
693 | }
|
---|
694 |
|
---|
695 | #if defined(HAVE_NTIME) || defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
|
---|
696 | static
|
---|
697 | int sh_write_select(int type, int sockfd,
|
---|
698 | char *buf, int nbytes,
|
---|
699 | int * w_error, int timeout)
|
---|
700 | {
|
---|
701 | int countbytes, count;
|
---|
702 | fd_set fds;
|
---|
703 | struct timeval tv;
|
---|
704 | int select_now;
|
---|
705 | int num_sel;
|
---|
706 |
|
---|
707 | struct sigaction new_act;
|
---|
708 | struct sigaction old_act;
|
---|
709 |
|
---|
710 | SL_ENTER(_("sh_write_select"));
|
---|
711 |
|
---|
712 | /* ignore SIGPIPE (instead get EPIPE if connection is closed)
|
---|
713 | */
|
---|
714 | new_act.sa_handler = SIG_IGN;
|
---|
715 | sigemptyset( &new_act.sa_mask ); /* set an empty mask */
|
---|
716 | new_act.sa_flags = 0; /* init sa_flags */
|
---|
717 | sigaction (SIGPIPE, &new_act, &old_act);
|
---|
718 |
|
---|
719 | FD_ZERO(&fds);
|
---|
720 | FD_SET(sockfd, &fds);
|
---|
721 |
|
---|
722 | countbytes = 0;
|
---|
723 | tv.tv_sec = 1;
|
---|
724 | tv.tv_usec = 0;
|
---|
725 | select_now = 0;
|
---|
726 |
|
---|
727 | *w_error = 0;
|
---|
728 |
|
---|
729 | while ( countbytes < nbytes ) {
|
---|
730 |
|
---|
731 | FD_ZERO(&fds);
|
---|
732 | FD_SET(sockfd, &fds);
|
---|
733 |
|
---|
734 | if (type == SH_DO_WRITE)
|
---|
735 | {
|
---|
736 | if ( (num_sel = select (sockfd+1, NULL, &fds, NULL, &tv)) == -1)
|
---|
737 | {
|
---|
738 | if (sig_raised == 1)
|
---|
739 | {
|
---|
740 | sig_raised = 2;
|
---|
741 | continue;
|
---|
742 | }
|
---|
743 | if ( errno == EINTR) /* try again */
|
---|
744 | continue;
|
---|
745 | *w_error = errno;
|
---|
746 | TPT(( 0, FIL__, __LINE__, _("msg=<select: %s>\n"),
|
---|
747 | sh_error_message(*w_error)));
|
---|
748 | sigaction (SIGPIPE, &old_act, NULL);
|
---|
749 | SL_RETURN( countbytes, _("sh_write_select"));
|
---|
750 | }
|
---|
751 | }
|
---|
752 | else
|
---|
753 | {
|
---|
754 | if ( (num_sel = select (sockfd+1, &fds, NULL, NULL, &tv)) == -1)
|
---|
755 | {
|
---|
756 | if (sig_raised == 1)
|
---|
757 | {
|
---|
758 | sig_raised = 2;
|
---|
759 | continue;
|
---|
760 | }
|
---|
761 | if ( errno == EINTR ) /* try again */
|
---|
762 | continue;
|
---|
763 | *w_error = errno;
|
---|
764 | TPT(( 0, FIL__, __LINE__, _("msg=<select: %s>\n"),
|
---|
765 | sh_error_message(*w_error)));
|
---|
766 | sigaction (SIGPIPE, &old_act, NULL);
|
---|
767 | SL_RETURN( countbytes, _("sh_write_select"));
|
---|
768 | }
|
---|
769 | }
|
---|
770 |
|
---|
771 | /* on Linux, timeout is modified to reflect the amount of
|
---|
772 | * time not slept
|
---|
773 | */
|
---|
774 | tv.tv_sec = 1;
|
---|
775 | tv.tv_usec = 0;
|
---|
776 |
|
---|
777 |
|
---|
778 | /* let's not hang on forever
|
---|
779 | */
|
---|
780 | if (num_sel == 0)
|
---|
781 | {
|
---|
782 | ++select_now; /* timeout */
|
---|
783 | if ( select_now > timeout ) /* 5 minutes */
|
---|
784 | {
|
---|
785 | #ifdef ETIMEDOUT
|
---|
786 | *w_error = ETIMEDOUT;
|
---|
787 | #else
|
---|
788 | *w_error = 0;
|
---|
789 | #endif
|
---|
790 | sigaction (SIGPIPE, &old_act, NULL);
|
---|
791 | TPT(( 0, FIL__, __LINE__, _("msg=<Timeout>\n")));
|
---|
792 | SL_RETURN( countbytes, _("sh_write_select"));
|
---|
793 | }
|
---|
794 | }
|
---|
795 |
|
---|
796 | if ( FD_ISSET (sockfd, &fds) )
|
---|
797 | {
|
---|
798 | if (type == SH_DO_WRITE)
|
---|
799 | count = write (sockfd, buf, nbytes-countbytes);
|
---|
800 | else
|
---|
801 | count = read (sockfd, buf, nbytes-countbytes);
|
---|
802 |
|
---|
803 | if (count > 0)
|
---|
804 | {
|
---|
805 | countbytes += count;
|
---|
806 | buf += count; /* move buffer pointer forward */
|
---|
807 | if (countbytes < nbytes) FD_SET( sockfd, &fds );
|
---|
808 | }
|
---|
809 | else if (count < 0 && errno == EINTR)
|
---|
810 | {
|
---|
811 | FD_SET( sockfd, &fds );
|
---|
812 | }
|
---|
813 | else if (count < 0)
|
---|
814 | {
|
---|
815 | *w_error = errno;
|
---|
816 | sigaction (SIGPIPE, &old_act, NULL);
|
---|
817 | TPT(( 0, FIL__, __LINE__, _("msg=<count < 0>\n")));
|
---|
818 | SL_RETURN( countbytes, _("sh_write_select"));
|
---|
819 | }
|
---|
820 | else /* count == 0 */
|
---|
821 | {
|
---|
822 | *w_error = errno;
|
---|
823 | sigaction (SIGPIPE, &old_act, NULL);
|
---|
824 | TPT(( 0, FIL__, __LINE__, _("msg=<count == 0>\n")));
|
---|
825 | SL_RETURN( countbytes, _("sh_write_select"));
|
---|
826 | }
|
---|
827 | }
|
---|
828 | }
|
---|
829 |
|
---|
830 |
|
---|
831 | /* restore signal handler
|
---|
832 | */
|
---|
833 | sigaction (SIGPIPE, &old_act, NULL);
|
---|
834 |
|
---|
835 | *w_error = 0;
|
---|
836 |
|
---|
837 | TPT(( 0, FIL__, __LINE__, _("msg=<count = %d>\n"), countbytes));
|
---|
838 | SL_RETURN( countbytes, _("sh_write_select"));
|
---|
839 | }
|
---|
840 | #endif
|
---|
841 |
|
---|
842 | #if defined (SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
|
---|
843 | unsigned long write_port (int sockfd, char *buf, unsigned long nbytes,
|
---|
844 | int * w_error, int timeout)
|
---|
845 | {
|
---|
846 | unsigned long bytes;
|
---|
847 | char errmsg[256];
|
---|
848 |
|
---|
849 | SL_ENTER(_("write_port"));
|
---|
850 |
|
---|
851 | bytes = sh_write_select(SH_DO_WRITE, sockfd, buf, nbytes, w_error, timeout);
|
---|
852 | if (*w_error != 0)
|
---|
853 | {
|
---|
854 | sl_strlcpy(errmsg, sh_error_message (*w_error), sizeof(errmsg));
|
---|
855 | sh_error_handle((-1), FIL__, __LINE__, *w_error, MSG_TCP_NETRP,
|
---|
856 | errmsg, (long) sockfd, _("write_port"));
|
---|
857 | }
|
---|
858 | SL_RETURN( bytes, _("write_port"));
|
---|
859 | }
|
---|
860 | #endif
|
---|
861 |
|
---|
862 | #if defined(HAVE_NTIME) || defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
|
---|
863 |
|
---|
864 | unsigned long read_port (int sockfd, char *buf, unsigned long nbytes,
|
---|
865 | int * w_error, int timeout)
|
---|
866 | {
|
---|
867 | unsigned long bytes;
|
---|
868 | char errmsg[256];
|
---|
869 |
|
---|
870 | SL_ENTER(_("read_port"));
|
---|
871 |
|
---|
872 | bytes = sh_write_select(SH_DO_READ, sockfd, buf, nbytes, w_error, timeout);
|
---|
873 | if (*w_error != 0)
|
---|
874 | {
|
---|
875 | sl_strlcpy(errmsg, sh_error_message (*w_error), sizeof(errmsg));
|
---|
876 | sh_error_handle((-1), FIL__, __LINE__, *w_error, MSG_TCP_NETRP,
|
---|
877 | errmsg, (long) sockfd, _("read_port"));
|
---|
878 | }
|
---|
879 | SL_RETURN( bytes, _("read_port"));
|
---|
880 | }
|
---|
881 | #endif
|
---|
882 |
|
---|
883 | #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
|
---|
884 |
|
---|
885 | int check_request_nerr (char * have, char * need)
|
---|
886 | {
|
---|
887 | SL_ENTER(_("check_request_nerr"));
|
---|
888 | ASSERT_RET((have != NULL && need != NULL),
|
---|
889 | _("have != NULL && need != NULL"), (-1))
|
---|
890 |
|
---|
891 | if ( (have[0] == need[0]) && (have[1] == need[1]) &&
|
---|
892 | (have[2] == need[2]) && (have[3] == need[3]))
|
---|
893 | SL_RETURN(0, _("check_request_nerr"));
|
---|
894 | SL_RETURN((-1), _("check_request_nerr"));
|
---|
895 | }
|
---|
896 | #endif
|
---|
897 |
|
---|
898 | #if defined (SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
|
---|
899 |
|
---|
900 | int check_request (char * have, char * need)
|
---|
901 | {
|
---|
902 | char first[21], second[5];
|
---|
903 | int i;
|
---|
904 |
|
---|
905 | SL_ENTER(_("check_request"));
|
---|
906 | i = check_request_nerr (have, need);
|
---|
907 |
|
---|
908 | if (i == 0)
|
---|
909 | SL_RETURN(0, _("check_request"));
|
---|
910 |
|
---|
911 | for (i = 0; i < 4; ++i)
|
---|
912 | {
|
---|
913 | second[i] = need[i];
|
---|
914 | sprintf(&first[i*4], _("%c%03o"), /* known to fit */
|
---|
915 | '\\', (unsigned char) have[i]);
|
---|
916 | }
|
---|
917 |
|
---|
918 | first[20] = '\0'; second[4] = '\0';
|
---|
919 |
|
---|
920 | sh_error_handle((-1), FIL__, __LINE__, EINVAL, MSG_E_NETST,
|
---|
921 | second, first);
|
---|
922 | SL_RETURN((-1), _("check_request"));
|
---|
923 | }
|
---|
924 | #endif
|
---|
925 |
|
---|
926 | #if defined (SH_WITH_SERVER)
|
---|
927 |
|
---|
928 | int check_request_s (char * have, char * need, char * clt)
|
---|
929 | {
|
---|
930 | char first[21], second[5];
|
---|
931 | int i;
|
---|
932 |
|
---|
933 | SL_ENTER(_("check_request_s"));
|
---|
934 | i = check_request_nerr (have, need);
|
---|
935 |
|
---|
936 | if (i == 0)
|
---|
937 | SL_RETURN( (0), _("check_request_s"));
|
---|
938 |
|
---|
939 | for (i = 0; i < 4; ++i)
|
---|
940 | {
|
---|
941 | second[i] = need[i];
|
---|
942 | sprintf(&first[i*4], _("%c%03o"), /* known to fit */
|
---|
943 | '\\', (unsigned char) have[i]);
|
---|
944 | }
|
---|
945 | first[20] = '\0'; second[4] = '\0';
|
---|
946 | sh_error_handle((-1), FIL__, __LINE__, EINVAL, MSG_E_NETST1,
|
---|
947 | second, first, clt);
|
---|
948 | SL_RETURN( (-1), _("check_request_s"));
|
---|
949 | }
|
---|
950 | #endif
|
---|
951 |
|
---|
952 | #if defined (SH_WITH_CLIENT) || defined (SH_WITH_SERVER)
|
---|
953 |
|
---|
954 | void get_header (unsigned char * head, unsigned long * bytes, char * u)
|
---|
955 | {
|
---|
956 | SL_ENTER(_("get_header"));
|
---|
957 |
|
---|
958 | *bytes =
|
---|
959 | (256 * (unsigned int)head[1] + (unsigned int)head[2]);
|
---|
960 |
|
---|
961 | if (u != NULL)
|
---|
962 | {
|
---|
963 | u[0] = head[3];
|
---|
964 | u[1] = head[4];
|
---|
965 | u[2] = head[5];
|
---|
966 | u[3] = head[6];
|
---|
967 | u[4] = '\0';
|
---|
968 | }
|
---|
969 |
|
---|
970 | SL_RET0(_("get_header"));
|
---|
971 | }
|
---|
972 | #endif
|
---|
973 |
|
---|
974 | #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
|
---|
975 |
|
---|
976 | #ifdef SH_ENCRYPT_2
|
---|
977 | #define TRANS_BYTES 65120
|
---|
978 | #else
|
---|
979 | #define TRANS_BYTES 65280
|
---|
980 | #endif
|
---|
981 |
|
---|
982 | void put_header (unsigned char * head, int protocol,
|
---|
983 | unsigned long * length, char * u)
|
---|
984 | {
|
---|
985 |
|
---|
986 | /* static long transfer_limit = (8 * SH_BUFSIZE); V0.8 */
|
---|
987 | static unsigned long transfer_limit = TRANS_BYTES + 6 + KEY_LEN;
|
---|
988 |
|
---|
989 | SL_ENTER(_("put_header"));
|
---|
990 |
|
---|
991 | head[0] = protocol;
|
---|
992 |
|
---|
993 | ASSERT((*length < transfer_limit), _("*length < transfer_limit"))
|
---|
994 |
|
---|
995 | if (*length > transfer_limit)
|
---|
996 | *length = transfer_limit;
|
---|
997 |
|
---|
998 | head[1] = (unsigned int)(*length/256);
|
---|
999 | head[2] = (unsigned int)(*length-256 * head[1]);
|
---|
1000 | if (u == NULL)
|
---|
1001 | {
|
---|
1002 | head[3] = 0x01;
|
---|
1003 | head[4] = 0x01;
|
---|
1004 | head[5] = 0x01;
|
---|
1005 | head[6] = 0x01;
|
---|
1006 | }
|
---|
1007 | else
|
---|
1008 | {
|
---|
1009 | head[3] = u[0];
|
---|
1010 | head[4] = u[1];
|
---|
1011 | head[5] = u[2];
|
---|
1012 | head[6] = u[3];
|
---|
1013 | }
|
---|
1014 |
|
---|
1015 | SL_RET0(_("put_header"));
|
---|
1016 | }
|
---|
1017 | #endif
|
---|
1018 |
|
---|
1019 | /* ------------------------------------------
|
---|
1020 | *
|
---|
1021 | * version 2 client/server protocol
|
---|
1022 | *
|
---|
1023 | * ------------------------------------------
|
---|
1024 | *
|
---|
1025 | * header : flag size[2]
|
---|
1026 | *
|
---|
1027 | * payload: random_pad[8] protocol[4] size[4] payload[payload_size] padding
|
---|
1028 | *
|
---|
1029 | * full_size <= 8192; payload_size <= 8176 (511*16); msg_size <= 8128 (508*16)
|
---|
1030 | * (msg_size = payload_size - key_len = payload_size - 48)
|
---|
1031 | */
|
---|
1032 |
|
---|
1033 | /*
|
---|
1034 | * only SH_V2_FULLSIZE is used, and only once
|
---|
1035 | */
|
---|
1036 | #if 0
|
---|
1037 | #ifdef SH_WITH_SERVER
|
---|
1038 | #define SH_V2_FULLSIZE 240
|
---|
1039 | #define SH_V2_PAYLOAD 224
|
---|
1040 | #define SH_V2_MESSAGE 176
|
---|
1041 | #else
|
---|
1042 | #define SH_V2_FULLSIZE 1024
|
---|
1043 | #define SH_V2_PAYLOAD 1008
|
---|
1044 | #define SH_V2_MESSAGE 960
|
---|
1045 | #endif
|
---|
1046 | #endif
|
---|
1047 | #define SH_V2_FULLSIZE 1024
|
---|
1048 |
|
---|
1049 | #ifdef SH_ENCRYPT
|
---|
1050 | #include "rijndael-api-fst.h"
|
---|
1051 | #endif
|
---|
1052 |
|
---|
1053 | void sh_tools_show_header (unsigned char * head, char sign)
|
---|
1054 | {
|
---|
1055 | #define SH_IS_ASCII(c) (((c) & ~0x7f) == 0)
|
---|
1056 |
|
---|
1057 |
|
---|
1058 | int msg_size = (256 * (unsigned int)head[1] + (unsigned int)head[2]);
|
---|
1059 | char code[32];
|
---|
1060 | char * p = &code[0];
|
---|
1061 |
|
---|
1062 | memset (code, ' ', 32); /* space */
|
---|
1063 |
|
---|
1064 | if ((head[0] & SH_PROTO_SRP) != 0) { p[0]='S';p[1]='R';p[2]='P';}
|
---|
1065 | p += 4;
|
---|
1066 | if ((head[0] & SH_PROTO_MSG) != 0) { p[0]='M';p[1]='S';p[2]='G';}
|
---|
1067 | p += 4;
|
---|
1068 | if ((head[0] & SH_PROTO_BIG) != 0) { p[0]='B';p[1]='I';p[2]='G';}
|
---|
1069 | p += 4;
|
---|
1070 | if ((head[0] & SH_PROTO_END) != 0) { p[0]='E';p[1]='N';p[2]='D';}
|
---|
1071 | p += 4;
|
---|
1072 | if ((head[0] & SH_PROTO_ENC) != 0) { p[0]='E';p[1]='N';p[2]='C';}
|
---|
1073 | p += 4;
|
---|
1074 | if ((head[0] & SH_PROTO_EN2) != 0) { p[0]='E';p[1]='N';p[2]='2';}
|
---|
1075 | code[23] = '\0';
|
---|
1076 |
|
---|
1077 | if (SH_IS_ASCII(head[3]) && isalpha(head[3]) &&
|
---|
1078 | SH_IS_ASCII(head[4]) && isalpha(head[4]) &&
|
---|
1079 | SH_IS_ASCII(head[5]) && isalpha(head[5]) &&
|
---|
1080 | SH_IS_ASCII(head[6]) && isalpha(head[6])) {
|
---|
1081 | fprintf(stderr, "%c %3o %s %5d %c %c %c %c\n", sign,
|
---|
1082 | head[0], code, msg_size, head[3], head[4], head[5], head[6]);
|
---|
1083 | } else {
|
---|
1084 | fprintf(stderr, "%c %3o %s %5d %2X %2X %2X %2X\n", sign,
|
---|
1085 | head[0], code, msg_size, head[3], head[4], head[5], head[6]);
|
---|
1086 | }
|
---|
1087 | return;
|
---|
1088 | }
|
---|
1089 |
|
---|
1090 | #ifdef SH_ENCRYPT
|
---|
1091 | /*
|
---|
1092 | * #define DEBUG_EN2
|
---|
1093 | *
|
---|
1094 | * ingest version 1 7-byte header and payload, return version2 header/payload
|
---|
1095 | * last 4 bytes of outgoing header are set to dummy value
|
---|
1096 | */
|
---|
1097 | char * sh_tools_makePack (unsigned char * header,
|
---|
1098 | char * payload, int payload_size,
|
---|
1099 | keyInstance * keyInstE)
|
---|
1100 | {
|
---|
1101 | UINT32 rpad[3];
|
---|
1102 | unsigned char head[16];
|
---|
1103 | double epad;
|
---|
1104 | int i_epad = 0;
|
---|
1105 | int i_blk = payload_size / 16;
|
---|
1106 | int i_blkmax = SH_V2_FULLSIZE / 16;
|
---|
1107 | int pads = 0;
|
---|
1108 | int full_size;
|
---|
1109 | char * full_ret;
|
---|
1110 |
|
---|
1111 | char * p;
|
---|
1112 | RIJ_BYTE inBlock[B_SIZ];
|
---|
1113 | RIJ_BYTE outBlock[B_SIZ];
|
---|
1114 | int j;
|
---|
1115 | cipherInstance cipherInst;
|
---|
1116 | int err_num;
|
---|
1117 | int blkfac;
|
---|
1118 |
|
---|
1119 | /*
|
---|
1120 | SL_REQUIRE (i_blk*16 == payload_size, _("payload_size % 16 != 0"));
|
---|
1121 | */
|
---|
1122 | if ((i_blk * 16) != payload_size) ++i_blk;
|
---|
1123 | #ifdef DEBUG_EN2
|
---|
1124 | fprintf(stderr, "SEND <%d> blocks <%d>\n", payload_size, i_blk);
|
---|
1125 | #endif
|
---|
1126 | /* random_pad
|
---|
1127 | */
|
---|
1128 | rpad[1] = taus_get (&(skey->rng0[0]), &(skey->rng1[0]), &(skey->rng2[0]));
|
---|
1129 | memcpy (head, &rpad[1], 4);
|
---|
1130 | rpad[0] = taus_get (&(skey->rng0[0]), &(skey->rng1[0]), &(skey->rng2[0]));
|
---|
1131 | memcpy (&head[4], &rpad[0], 4);
|
---|
1132 | rpad[2] = taus_get (&(skey->rng0[0]), &(skey->rng1[0]), &(skey->rng2[0]));
|
---|
1133 | memcpy (&head[8], &rpad[2], 4);
|
---|
1134 |
|
---|
1135 | /* protocol
|
---|
1136 | */
|
---|
1137 | /* memcpy (&head[8], &header[3], 4); */
|
---|
1138 |
|
---|
1139 | /* size (payload)
|
---|
1140 | */
|
---|
1141 | head[12] = header[1];
|
---|
1142 | head[13] = header[2];
|
---|
1143 | head[14] = '\0';
|
---|
1144 | head[15] = '\0';
|
---|
1145 |
|
---|
1146 | if (i_blk < i_blkmax)
|
---|
1147 | {
|
---|
1148 | pads = i_blkmax - i_blk;
|
---|
1149 | /* memcpy((char *) &rpad[2], &head[12], 4); */
|
---|
1150 | epad = taus_get_double (&rpad);
|
---|
1151 | #ifdef DEBUG_EN2
|
---|
1152 | fprintf(stderr, "PAD1 <%d> <%f>\n", pads, epad);
|
---|
1153 | #endif
|
---|
1154 | i_epad = (int) (pads * epad);
|
---|
1155 | #ifdef DEBUG_EN2
|
---|
1156 | fprintf(stderr, "PAD2 <%d> <%d>\n", i_epad, (i_epad*16));
|
---|
1157 | #endif
|
---|
1158 | }
|
---|
1159 |
|
---|
1160 | full_size =
|
---|
1161 | /* head */ 16 +
|
---|
1162 | /* payload */ (i_blk*16) + /* payload_size + */
|
---|
1163 | /* pad */ (i_epad * 16);
|
---|
1164 |
|
---|
1165 | full_ret = SH_ALLOC(full_size);
|
---|
1166 | memcpy(full_ret, head, 16);
|
---|
1167 | if (payload != NULL)
|
---|
1168 | {
|
---|
1169 | memcpy(&full_ret[16], payload, payload_size);
|
---|
1170 | }
|
---|
1171 | if ((i_blk*16) > payload_size)
|
---|
1172 | {
|
---|
1173 | #ifdef DEBUG_EN2
|
---|
1174 | fprintf(stderr, "SEN2 <%d>\n", (i_blk*16) - payload_size);
|
---|
1175 | #endif
|
---|
1176 | memset(&full_ret[16+payload_size], '\0', (i_blk*16) - payload_size);
|
---|
1177 | payload_size = i_blk * 16;
|
---|
1178 | }
|
---|
1179 | memset(&full_ret[16+payload_size], '\0', i_epad*16);
|
---|
1180 | #ifdef DEBUG_EN2
|
---|
1181 | fprintf(stderr, "SEN3 <%d> <%d>\n", full_size, i_epad*16);
|
---|
1182 | #endif
|
---|
1183 |
|
---|
1184 | /* rewrite header
|
---|
1185 | */
|
---|
1186 | header[1] = (unsigned int)(full_size/256);
|
---|
1187 | header[2] = (unsigned int)(full_size - (256 * header[1]));
|
---|
1188 | /* don't erase protocol from header
|
---|
1189 | memset(&header[3], '\0', 4);
|
---|
1190 | */
|
---|
1191 | p = full_ret; blkfac = full_size / 16;
|
---|
1192 |
|
---|
1193 | err_num = cipherInit (&cipherInst, MODE_CBC, NULL);
|
---|
1194 |
|
---|
1195 | if (err_num < 0)
|
---|
1196 | {
|
---|
1197 | sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
|
---|
1198 | errorExplain(err_num),
|
---|
1199 | _("sh_tools_makePack: cipherInit"));
|
---|
1200 | }
|
---|
1201 | for (j = 0; j < blkfac; ++j)
|
---|
1202 | {
|
---|
1203 | memcpy(inBlock, p, B_SIZ);
|
---|
1204 | err_num = blockEncrypt(&cipherInst, keyInstE,
|
---|
1205 | inBlock, 128 * BNUM, outBlock);
|
---|
1206 | if (err_num < 0)
|
---|
1207 | {
|
---|
1208 | sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
|
---|
1209 | errorExplain(err_num),
|
---|
1210 | _("sh_tools_makePack: blockEncrypt"));
|
---|
1211 | }
|
---|
1212 | memcpy(p, outBlock, B_SIZ);
|
---|
1213 | p += B_SIZ;
|
---|
1214 | }
|
---|
1215 |
|
---|
1216 | return full_ret;
|
---|
1217 | }
|
---|
1218 |
|
---|
1219 | /* write a 7-byte header and return payload as expected by version 1
|
---|
1220 | * last 4 bytes of incoming header are dummy
|
---|
1221 | */
|
---|
1222 | char * sh_tools_revertPack (unsigned char * header, char * message,
|
---|
1223 | keyInstance * keyInstD,
|
---|
1224 | unsigned long message_size)
|
---|
1225 | {
|
---|
1226 | unsigned long msg_size;
|
---|
1227 | char * msg_ret;
|
---|
1228 |
|
---|
1229 | char * p;
|
---|
1230 | RIJ_BYTE inBlock[B_SIZ];
|
---|
1231 | RIJ_BYTE outBlock[B_SIZ];
|
---|
1232 | int j;
|
---|
1233 | cipherInstance cipherInst;
|
---|
1234 | int err_num;
|
---|
1235 | int blkfac;
|
---|
1236 |
|
---|
1237 | msg_size = (256 * (unsigned int)header[1] + (unsigned int)header[2]);
|
---|
1238 | #ifdef DEBUG_EN2
|
---|
1239 | fprintf(stderr, "RECV <%lu>\n", msg_size);
|
---|
1240 | #endif
|
---|
1241 | if (msg_size > message_size) {
|
---|
1242 | msg_size = message_size;
|
---|
1243 | #ifdef DEBUG_EN2
|
---|
1244 | fprintf(stderr, "RECV TRUNC1 <%lu>\n", msg_size);
|
---|
1245 | #endif
|
---|
1246 | }
|
---|
1247 |
|
---|
1248 | p = message; blkfac = msg_size / 16;
|
---|
1249 |
|
---|
1250 | err_num = cipherInit (&cipherInst, MODE_CBC, NULL);
|
---|
1251 |
|
---|
1252 | if (err_num < 0)
|
---|
1253 | {
|
---|
1254 | sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
|
---|
1255 | errorExplain(err_num),
|
---|
1256 | _("sh_tools_revertPack: cipherInit"));
|
---|
1257 | }
|
---|
1258 | for (j = 0; j < blkfac; ++j)
|
---|
1259 | {
|
---|
1260 | memcpy(inBlock, p, B_SIZ);
|
---|
1261 | err_num = blockDecrypt(&cipherInst, keyInstD,
|
---|
1262 | inBlock, 128 * BNUM, outBlock);
|
---|
1263 | if (err_num < 0)
|
---|
1264 | {
|
---|
1265 | sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
|
---|
1266 | errorExplain(err_num),
|
---|
1267 | _("sh_tools_revertPack: blockDecrypt"));
|
---|
1268 | }
|
---|
1269 | memcpy(p, outBlock, B_SIZ);
|
---|
1270 | p += B_SIZ;
|
---|
1271 | }
|
---|
1272 |
|
---|
1273 | /* rewrite size in header
|
---|
1274 | */
|
---|
1275 | header[1] = message[12];
|
---|
1276 | header[2] = message[13];
|
---|
1277 | msg_size = (256 * (unsigned int)header[1] + (unsigned int)header[2]);
|
---|
1278 |
|
---|
1279 | if (msg_size > (message_size-16))
|
---|
1280 | {
|
---|
1281 | msg_size = message_size-16;
|
---|
1282 | header[1] = (unsigned int)(msg_size/256);
|
---|
1283 | header[2] = (unsigned int)(msg_size - (256 * header[1]));
|
---|
1284 | #ifdef DEBUG_EN2
|
---|
1285 | fprintf(stderr, "RECV TRUNC2 <%lu>\n", msg_size);
|
---|
1286 | #endif
|
---|
1287 | }
|
---|
1288 | #ifdef DEBUG_EN2
|
---|
1289 | fprintf(stderr, "REC2 <%lu>\n", msg_size);
|
---|
1290 | #endif
|
---|
1291 | /* protocol
|
---|
1292 | */
|
---|
1293 | /* memcpy(&header[3], &message[8], 4); */
|
---|
1294 |
|
---|
1295 | /* payload
|
---|
1296 | */
|
---|
1297 | msg_ret = SH_ALLOC(msg_size+1);
|
---|
1298 | if (msg_size > 0)
|
---|
1299 | {
|
---|
1300 | memcpy(msg_ret, &message[16], msg_size);
|
---|
1301 | }
|
---|
1302 | msg_ret[msg_size] = '\0';
|
---|
1303 | #ifdef DEBUG_EN2
|
---|
1304 | fprintf(stderr, "REC3 <%lu>\n", msg_size);
|
---|
1305 | #endif
|
---|
1306 | SH_FREE(message);
|
---|
1307 |
|
---|
1308 | return msg_ret;
|
---|
1309 | }
|
---|
1310 | #endif
|
---|
1311 |
|
---|
1312 | int sh_tools_hash_add(char * key, char * buf, int buflen)
|
---|
1313 | {
|
---|
1314 | char * theSig;
|
---|
1315 |
|
---|
1316 | SL_ENTER(_("sh_tools_hash_add"));
|
---|
1317 |
|
---|
1318 | theSig = sh_util_siggen (key, buf, buflen);
|
---|
1319 | sl_strlcat(buf, theSig, buflen + KEY_LEN + 1);
|
---|
1320 |
|
---|
1321 | SL_RETURN((0), _("sh_tools_hash_add"));
|
---|
1322 | }
|
---|
1323 |
|
---|
1324 |
|
---|
1325 | /* return 0 (== FALSE) if no match, else 1 (== TRUE)
|
---|
1326 | */
|
---|
1327 | int sh_tools_hash_vfy(char * key, char * buf, int buflen)
|
---|
1328 | {
|
---|
1329 | char hash[KEY_LEN+1];
|
---|
1330 | register int i;
|
---|
1331 | char * theSig;
|
---|
1332 |
|
---|
1333 | SL_ENTER(_("sh_tools_hash_vfy"));
|
---|
1334 |
|
---|
1335 | theSig = sh_util_siggen (key, buf, buflen);
|
---|
1336 | sl_strlcpy(hash, theSig, KEY_LEN+1);
|
---|
1337 |
|
---|
1338 | for (i = 0; i < KEY_LEN; ++i)
|
---|
1339 | {
|
---|
1340 | if (buf[buflen + i] != hash[i])
|
---|
1341 | SL_RETURN((0), _("sh_tools_hash_vfy"));
|
---|
1342 | }
|
---|
1343 |
|
---|
1344 | SL_RETURN((1), _("sh_tools_hash_vfy"));
|
---|
1345 | }
|
---|
1346 |
|
---|
1347 | /* ------------------------------------------ */
|
---|
1348 |
|
---|
1349 | #if defined (SH_WITH_SERVER)
|
---|
1350 |
|
---|
1351 | /* add a checksum to a buffer; put checksum in front
|
---|
1352 | */
|
---|
1353 | char * hash_me (char * key, char * buf, int buflen)
|
---|
1354 | {
|
---|
1355 | char hash[KEY_LEN+1];
|
---|
1356 | char * temp;
|
---|
1357 | register int i;
|
---|
1358 | int total = 0;
|
---|
1359 | char * theSig;
|
---|
1360 |
|
---|
1361 |
|
---|
1362 | SL_ENTER(_("hash_me"));
|
---|
1363 |
|
---|
1364 | #ifdef DEBUG_EN2
|
---|
1365 | fprintf(stderr, "hash_me <%s> <%d>\n",
|
---|
1366 | (key == NULL) ? "NULL" : key, buflen);
|
---|
1367 | #endif
|
---|
1368 | /* key = H(NSRV,NCLT,SK)
|
---|
1369 | */
|
---|
1370 | ASSERT_RET((key != NULL), _("key != NULL"), (NULL));
|
---|
1371 | ASSERT_RET((buflen >= 0), _("buflen >= 0"), (NULL));
|
---|
1372 |
|
---|
1373 | theSig = sh_util_siggen (key, buf, buflen);
|
---|
1374 | sl_strlcpy(hash, theSig, KEY_LEN+1);
|
---|
1375 |
|
---|
1376 |
|
---|
1377 | total = KEY_LEN + buflen;
|
---|
1378 | temp = SH_ALLOC (total);
|
---|
1379 |
|
---|
1380 | for (i = 0; i < KEY_LEN; ++i)
|
---|
1381 | temp[i] = hash[i];
|
---|
1382 |
|
---|
1383 | for (i = 0; i < buflen; ++i)
|
---|
1384 | temp[i+KEY_LEN] = buf[i];
|
---|
1385 |
|
---|
1386 | SL_RETURN(temp, _("hash_me"));
|
---|
1387 | }
|
---|
1388 | #endif
|
---|
1389 |
|
---|
1390 | #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
|
---|
1391 |
|
---|
1392 | /* verify the checksum of a buffer; checksum comes first
|
---|
1393 | */
|
---|
1394 | int hash_check(char * key,
|
---|
1395 | char * buf, int buflen)
|
---|
1396 | {
|
---|
1397 | char hash[KEY_LEN+1];
|
---|
1398 | register int i;
|
---|
1399 | char * theSig;
|
---|
1400 |
|
---|
1401 | SL_ENTER(_("hash_check"));
|
---|
1402 |
|
---|
1403 | #ifdef DEBUG_EN2
|
---|
1404 | fprintf(stderr, "hash_check <%s> <%d>\n",
|
---|
1405 | (key == NULL) ? "NULL" : key, buflen);
|
---|
1406 | #endif
|
---|
1407 | theSig = sh_util_siggen (key, &buf[KEY_LEN], buflen-KEY_LEN);
|
---|
1408 | sl_strlcpy(hash, theSig, KEY_LEN+1);
|
---|
1409 |
|
---|
1410 | for (i = 0; i < KEY_LEN; ++i)
|
---|
1411 | {
|
---|
1412 | if (buf[i] != hash[i])
|
---|
1413 | SL_RETURN((-1), _("hash_check"));
|
---|
1414 | }
|
---|
1415 | SL_RETURN((0), _("hash_check"));
|
---|
1416 | }
|
---|
1417 |
|
---|
1418 | #endif
|
---|
1419 |
|
---|
1420 | #if defined (SH_WITH_SERVER)
|
---|
1421 |
|
---|
1422 | char * get_client_conf_file (char * peer, unsigned long * length)
|
---|
1423 | {
|
---|
1424 | char * ret;
|
---|
1425 | int size, status;
|
---|
1426 | struct stat buf;
|
---|
1427 | char * base;
|
---|
1428 |
|
---|
1429 | SL_ENTER(_("get_client_conf_file"));
|
---|
1430 |
|
---|
1431 | size = sl_strlen(DEFAULT_DATAROOT);
|
---|
1432 | base = SH_ALLOC(size + 1);
|
---|
1433 | sl_strlcpy(base, DEFAULT_DATAROOT, size + 1);
|
---|
1434 |
|
---|
1435 | size = sl_strlen(base) + sl_strlen(peer) + 5;
|
---|
1436 | ++size;
|
---|
1437 |
|
---|
1438 | ret = SH_ALLOC(size);
|
---|
1439 | sl_strlcpy(ret, base, size);
|
---|
1440 | sl_strlcat(ret, _("/rc."), size);
|
---|
1441 | sl_strlcat(ret, peer, size);
|
---|
1442 |
|
---|
1443 | status = retry_stat (FIL__, __LINE__, ret, &buf);
|
---|
1444 |
|
---|
1445 | if (status == 0)
|
---|
1446 | goto lab_end;
|
---|
1447 | else
|
---|
1448 | sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, status, MSG_E_ACCESS,
|
---|
1449 | (long) sh.effective.uid, ret);
|
---|
1450 |
|
---|
1451 | sl_strlcpy(ret, base, size);
|
---|
1452 | sl_strlcat(ret, "/rc", size);
|
---|
1453 |
|
---|
1454 | status = retry_stat (FIL__, __LINE__, ret, &buf);
|
---|
1455 |
|
---|
1456 | if (status == 0)
|
---|
1457 | goto lab_end;
|
---|
1458 | else
|
---|
1459 | sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_E_ACCESS,
|
---|
1460 | (long) sh.effective.uid, ret);
|
---|
1461 |
|
---|
1462 | SH_FREE(base);
|
---|
1463 | *length=0;
|
---|
1464 | SL_RETURN(NULL, _("get_client_conf_file"));
|
---|
1465 |
|
---|
1466 | lab_end:
|
---|
1467 | if (buf.st_size > 0x7fffffff)
|
---|
1468 | {
|
---|
1469 | sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_E_SUBGEN,
|
---|
1470 | _("File too large"), _("get_client_conf_file"));
|
---|
1471 | SH_FREE(base);
|
---|
1472 | SL_RETURN(NULL, _("get_client_conf_file"));
|
---|
1473 | }
|
---|
1474 | *length = (unsigned long) buf.st_size;
|
---|
1475 | SH_FREE(base);
|
---|
1476 | SL_RETURN(ret, _("get_client_conf_file"));
|
---|
1477 | }
|
---|
1478 |
|
---|
1479 | char * get_client_data_file (char * peer, unsigned long * length)
|
---|
1480 | {
|
---|
1481 | char * ret;
|
---|
1482 | int size, status;
|
---|
1483 | struct stat buf;
|
---|
1484 |
|
---|
1485 | char * base;
|
---|
1486 |
|
---|
1487 | SL_ENTER(_("get_client_data_file"));
|
---|
1488 |
|
---|
1489 | size = sl_strlen(DEFAULT_DATAROOT);
|
---|
1490 | base = SH_ALLOC(size + 1);
|
---|
1491 | sl_strlcpy(base, DEFAULT_DATAROOT, size + 1);
|
---|
1492 |
|
---|
1493 | size = sl_strlen(base) + sl_strlen(peer) + 7;
|
---|
1494 |
|
---|
1495 | ++size;
|
---|
1496 |
|
---|
1497 | ret = SH_ALLOC(size);
|
---|
1498 | sl_strlcpy(ret, base, size);
|
---|
1499 | sl_strlcat(ret, _("/file."), size);
|
---|
1500 | sl_strlcat(ret, peer, size);
|
---|
1501 |
|
---|
1502 | status = retry_stat (FIL__, __LINE__, ret, &buf);
|
---|
1503 |
|
---|
1504 | if (status == 0)
|
---|
1505 | goto lab1_end;
|
---|
1506 | else
|
---|
1507 | sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, status, MSG_E_ACCESS,
|
---|
1508 | (long) sh.effective.uid, ret);
|
---|
1509 |
|
---|
1510 |
|
---|
1511 | sl_strlcpy(ret, base, size);
|
---|
1512 | sl_strlcat(ret, _("/file"), size);
|
---|
1513 |
|
---|
1514 | status = retry_stat (FIL__, __LINE__, ret, &buf);
|
---|
1515 |
|
---|
1516 | if (status == 0)
|
---|
1517 | goto lab1_end;
|
---|
1518 | else
|
---|
1519 | sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, status, MSG_E_ACCESS,
|
---|
1520 | (long) sh.effective.uid, ret);
|
---|
1521 |
|
---|
1522 |
|
---|
1523 | *length = 0;
|
---|
1524 | SH_FREE(base);
|
---|
1525 | SL_RETURN(NULL, _("get_client_data_file"));
|
---|
1526 |
|
---|
1527 | lab1_end:
|
---|
1528 | if (buf.st_size > 0x7fffffff)
|
---|
1529 | {
|
---|
1530 | sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_E_SUBGEN,
|
---|
1531 | _("File too large"), _("get_client_data_file"));
|
---|
1532 | SH_FREE(base);
|
---|
1533 | SL_RETURN(NULL, _("get_client_data_file"));
|
---|
1534 | }
|
---|
1535 | *length = (unsigned long) buf.st_size;
|
---|
1536 | SH_FREE(base);
|
---|
1537 | SL_RETURN(ret, _("get_client_data_file"));
|
---|
1538 |
|
---|
1539 | }
|
---|
1540 | #endif
|
---|
1541 |
|
---|
1542 | #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) || defined(SH_STEALTH) || defined(WITH_GPG) || defined(WITH_PGP)
|
---|
1543 |
|
---|
1544 | /* --------- secure temporary file ------------ */
|
---|
1545 |
|
---|
1546 | SL_TICKET open_tmp ()
|
---|
1547 | {
|
---|
1548 | SL_TICKET fd;
|
---|
1549 | UINT32 ticks;
|
---|
1550 | char * file;
|
---|
1551 | struct stat buf;
|
---|
1552 | int error;
|
---|
1553 | int status = BAD;
|
---|
1554 | char * my_tmp_dir;
|
---|
1555 | int len;
|
---|
1556 |
|
---|
1557 | SL_ENTER(_("open_tmp"));
|
---|
1558 |
|
---|
1559 | #if defined(SH_TMPDIR)
|
---|
1560 | len = sl_strlen(SH_TMPDIR) + 1;
|
---|
1561 | my_tmp_dir = SH_ALLOC(len);
|
---|
1562 | sl_strlcpy(my_tmp_dir, SH_TMPDIR, len);
|
---|
1563 | #else
|
---|
1564 | #if defined(SH_WITH_SERVER)
|
---|
1565 | len = sl_strlen(DEFAULT_LOGDIR) + 1;
|
---|
1566 | my_tmp_dir = SH_ALLOC(len);
|
---|
1567 | sl_strlcpy(my_tmp_dir, DEFAULT_LOGDIR, len);
|
---|
1568 | #else
|
---|
1569 | len = sl_strlen(sh.effective.home) + 1;
|
---|
1570 | my_tmp_dir = SH_ALLOC(len);
|
---|
1571 | sl_strlcpy(my_tmp_dir, sh.effective.home, len);
|
---|
1572 | #endif
|
---|
1573 | #endif
|
---|
1574 |
|
---|
1575 | if (0 != tf_trust_check (my_tmp_dir, SL_YESPRIV))
|
---|
1576 | {
|
---|
1577 | dlog(1, FIL__, __LINE__,
|
---|
1578 | _("The directory for temporary files: %s is untrusted, i.e. an\nuntrusted user owns or can write to some directory in the path.\n"),
|
---|
1579 | my_tmp_dir);
|
---|
1580 | sh_error_handle ((-1), FIL__, __LINE__, EACCES, MSG_TRUST,
|
---|
1581 | (long) sh.effective.uid,
|
---|
1582 | my_tmp_dir);
|
---|
1583 | SH_FREE(my_tmp_dir);
|
---|
1584 | aud_exit (FIL__, __LINE__, EXIT_FAILURE);
|
---|
1585 | }
|
---|
1586 |
|
---|
1587 | do {
|
---|
1588 |
|
---|
1589 | /* create random filename in effective users home directory
|
---|
1590 | */
|
---|
1591 | ticks = taus_get (&(skey->rng0[0]), &(skey->rng1[0]), &(skey->rng2[0]));
|
---|
1592 | if (my_tmp_dir[0] == '/' && my_tmp_dir[1] == '\0')
|
---|
1593 | file = sh_util_strconcat (my_tmp_dir,
|
---|
1594 | sh_tiger_hash( (char *) &ticks, TIGER_DATA, 4),
|
---|
1595 | NULL);
|
---|
1596 | else
|
---|
1597 | file = sh_util_strconcat (my_tmp_dir,
|
---|
1598 | "/",
|
---|
1599 | sh_tiger_hash( (char *) &ticks, TIGER_DATA, 4),
|
---|
1600 | NULL);
|
---|
1601 |
|
---|
1602 | /* check whether it already exists (paranoia)
|
---|
1603 | */
|
---|
1604 | errno = 0;
|
---|
1605 | status = retry_lstat(FIL__, __LINE__, file, &buf);
|
---|
1606 | error = errno;
|
---|
1607 |
|
---|
1608 | if ( (status < 0) && (error == ENOENT) ) /* file does not exist */
|
---|
1609 | status = GOOD;
|
---|
1610 | else if (status < 0) /* unexpected error condition */
|
---|
1611 | {
|
---|
1612 | SH_FREE (file);
|
---|
1613 | SH_FREE(my_tmp_dir);
|
---|
1614 | TPT(( 0, FIL__, __LINE__, _("msg=<Unexpected error %d>\n"), error));
|
---|
1615 | SL_RETURN((-1), _("open_tmp"));
|
---|
1616 | }
|
---|
1617 | else /* file exists */
|
---|
1618 | {
|
---|
1619 | status = BAD;
|
---|
1620 | TPT(( 0, FIL__, __LINE__, _("msg=<Temporary file exists already>\n")));
|
---|
1621 | }
|
---|
1622 |
|
---|
1623 | if (status == GOOD)
|
---|
1624 | {
|
---|
1625 | if (0 == tf_trust_check (file, SL_YESPRIV))
|
---|
1626 | status = GOOD;
|
---|
1627 | else
|
---|
1628 | {
|
---|
1629 | status = BAD;
|
---|
1630 | TPT(( 0, FIL__, __LINE__, _("msg=<Temporary file untrusted>\n")));
|
---|
1631 | }
|
---|
1632 | }
|
---|
1633 |
|
---|
1634 | if (status == BAD)
|
---|
1635 | SH_FREE (file);
|
---|
1636 |
|
---|
1637 | } while (status == BAD);
|
---|
1638 |
|
---|
1639 | fd = sl_open_safe_rdwr (file, SL_YESPRIV);
|
---|
1640 | if (SL_ISERROR(fd))
|
---|
1641 | {
|
---|
1642 | sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, fd, MSG_E_SUBGEN,
|
---|
1643 | _("Error opening temporary file"), _("open_tmp"));
|
---|
1644 | TPT(( 0, FIL__, __LINE__, _("msg=<Error %d temporary file %s>\n"),
|
---|
1645 | fd, file));
|
---|
1646 | }
|
---|
1647 |
|
---|
1648 |
|
---|
1649 | SH_FREE (file);
|
---|
1650 | SH_FREE(my_tmp_dir);
|
---|
1651 |
|
---|
1652 | if (!SL_ISERROR(fd)) {
|
---|
1653 | sl_unlink(fd);
|
---|
1654 | }
|
---|
1655 |
|
---|
1656 | if (!SL_ISERROR(fd))
|
---|
1657 | SL_RETURN((fd), _("open_tmp"));
|
---|
1658 | else
|
---|
1659 | SL_RETURN((-1), _("open_tmp"));
|
---|
1660 | }
|
---|
1661 |
|
---|
1662 |
|
---|
1663 | int close_tmp (SL_TICKET fd)
|
---|
1664 | {
|
---|
1665 | SL_ENTER(_("close_tmp"));
|
---|
1666 |
|
---|
1667 | if (SL_ISERROR(sl_close (fd)))
|
---|
1668 | SL_RETURN((-1), _("close_tmp"));
|
---|
1669 | SL_RETURN((0), _("close_tmp"));
|
---|
1670 | }
|
---|
1671 |
|
---|
1672 | int rewind_tmp (SL_TICKET fd)
|
---|
1673 | {
|
---|
1674 | SL_ENTER(_("rewind_tmp"));
|
---|
1675 |
|
---|
1676 | if (SL_ISERROR(sl_rewind (fd)))
|
---|
1677 | SL_RETURN((-1), _("rewind_tmp"));
|
---|
1678 | SL_RETURN((0), _("rewind_tmp"));
|
---|
1679 | }
|
---|
1680 | #endif
|
---|