[481] | 1 | /* SAMHAIN file system integrity testing */
|
---|
| 2 | /* Copyright (C) 1999, 2000, 2015 Rainer Wichmann */
|
---|
| 3 | /* */
|
---|
| 4 | /* This program is free software; you can redistribute it */
|
---|
| 5 | /* and/or modify */
|
---|
| 6 | /* it under the terms of the GNU General Public License as */
|
---|
| 7 | /* published by */
|
---|
| 8 | /* the Free Software Foundation; either version 2 of the License, or */
|
---|
| 9 | /* (at your option) any later version. */
|
---|
| 10 | /* */
|
---|
| 11 | /* This program is distributed in the hope that it will be useful, */
|
---|
| 12 | /* but WITHOUT ANY WARRANTY; without even the implied warranty of */
|
---|
| 13 | /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
|
---|
| 14 | /* GNU General Public License for more details. */
|
---|
| 15 | /* */
|
---|
| 16 | /* You should have received a copy of the GNU General Public License */
|
---|
| 17 | /* along with this program; if not, write to the Free Software */
|
---|
| 18 | /* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
|
---|
| 19 |
|
---|
| 20 | #include "config_xor.h"
|
---|
| 21 |
|
---|
| 22 | #include <string.h>
|
---|
| 23 | #include <stdio.h>
|
---|
| 24 | #include <stdlib.h>
|
---|
| 25 |
|
---|
| 26 |
|
---|
| 27 | /* Must be early on FreeBSD
|
---|
| 28 | */
|
---|
| 29 | #include <sys/types.h>
|
---|
| 30 |
|
---|
| 31 | /* must be .le. than (1020 * 64)
|
---|
| 32 | * (see sh_tools.c -- put_header)
|
---|
| 33 | *
|
---|
| 34 | * also: must be (N * 16), otherwise
|
---|
| 35 | * binary files cannot be transferred encrypted
|
---|
| 36 | *
|
---|
| 37 | * 65280 = (1020*64)
|
---|
| 38 | * #define TRANS_BYTES 8000 V0.8
|
---|
| 39 | */
|
---|
| 40 | #ifdef SH_ENCRYPT
|
---|
| 41 | #define TRANS_BYTES 65120
|
---|
| 42 | #else
|
---|
| 43 | #define TRANS_BYTES 65280
|
---|
| 44 | #endif
|
---|
| 45 |
|
---|
| 46 | /* timeout for session key
|
---|
| 47 | */
|
---|
| 48 | #define TIMEOUT_KEY 7200
|
---|
| 49 |
|
---|
| 50 | /* max time between connection attempts
|
---|
| 51 | */
|
---|
| 52 | #define TIMEOUT_CON 2048
|
---|
| 53 |
|
---|
| 54 | /* #undef SRP_DEBUG */
|
---|
| 55 | /* #define SRP_DEBUG */
|
---|
| 56 |
|
---|
| 57 | #ifdef HAVE_MEMORY_H
|
---|
| 58 | #include <memory.h>
|
---|
| 59 | #endif
|
---|
| 60 |
|
---|
| 61 | #if HAVE_SYS_TIME_H
|
---|
| 62 | #include <sys/time.h>
|
---|
[583] | 63 | #endif
|
---|
[481] | 64 | #include <time.h>
|
---|
| 65 |
|
---|
| 66 | #ifdef HAVE_SYS_SELECT_H
|
---|
| 67 | #include <sys/select.h>
|
---|
| 68 | #endif
|
---|
| 69 |
|
---|
| 70 | #ifdef HAVE_UNISTD_H
|
---|
| 71 | #include <errno.h>
|
---|
| 72 | #include <signal.h>
|
---|
| 73 | #include <setjmp.h>
|
---|
| 74 | #include <pwd.h>
|
---|
| 75 | #include <grp.h>
|
---|
| 76 | #include <sys/stat.h>
|
---|
| 77 | #include <sys/resource.h>
|
---|
| 78 | #include <fcntl.h>
|
---|
| 79 | #include <sys/wait.h>
|
---|
| 80 | #include <unistd.h>
|
---|
| 81 | #endif
|
---|
| 82 |
|
---|
| 83 | #ifndef FD_SET
|
---|
| 84 | #define NFDBITS 32
|
---|
| 85 | #define FD_SET(n, p) ((p)->fds_bits[(n)/NFDBITS] |= (1 << ((n) % NFDBITS)))
|
---|
| 86 | #define FD_CLR(n, p) ((p)->fds_bits[(n)/NFDBITS] &= ~(1 << ((n) % NFDBITS)))
|
---|
| 87 | #define FD_ISSET(n, p) ((p)->fds_bits[(n)/NFDBITS] & (1 << ((n) % NFDBITS)))
|
---|
| 88 | #endif /* !FD_SET */
|
---|
| 89 | #ifndef FD_SETSIZE
|
---|
| 90 | #define FD_SETSIZE 32
|
---|
| 91 | #endif
|
---|
| 92 | #ifndef FD_ZERO
|
---|
[541] | 93 | #define FD_ZERO(p) memset((char *)(p), 0, sizeof(*(p)))
|
---|
[481] | 94 | #endif
|
---|
| 95 |
|
---|
| 96 | #if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
|
---|
| 97 | #include <sys/mman.h>
|
---|
| 98 | #endif
|
---|
| 99 |
|
---|
| 100 |
|
---|
| 101 | #include <netdb.h>
|
---|
| 102 | #include <sys/types.h>
|
---|
| 103 | #include <netinet/in.h>
|
---|
| 104 | #include <sys/socket.h>
|
---|
| 105 | #ifndef S_SPLINT_S
|
---|
| 106 | #include <arpa/inet.h>
|
---|
| 107 | #endif
|
---|
| 108 |
|
---|
| 109 | #include "sh_ipvx.h"
|
---|
| 110 | #include "samhain.h"
|
---|
| 111 | #include "sh_tiger.h"
|
---|
| 112 | #include "sh_utils.h"
|
---|
| 113 | #include "sh_unix.h"
|
---|
| 114 | #include "sh_xfer.h"
|
---|
| 115 | #include "sh_srp.h"
|
---|
| 116 | #include "sh_fifo.h"
|
---|
| 117 | #include "sh_tools.h"
|
---|
| 118 | #include "sh_entropy.h"
|
---|
| 119 | #include "sh_html.h"
|
---|
| 120 | #include "sh_nmail.h"
|
---|
| 121 | #include "sh_socket.h"
|
---|
| 122 | #define SH_NEED_GETHOSTBYXXX
|
---|
| 123 | #include "sh_static.h"
|
---|
| 124 |
|
---|
| 125 | #ifdef SH_ENCRYPT
|
---|
| 126 | #include "rijndael-api-fst.h"
|
---|
| 127 | char * sh_tools_makePack (unsigned char * header, int flag,
|
---|
| 128 | char * payload, unsigned long payload_size,
|
---|
| 129 | keyInstance * keyInstE);
|
---|
| 130 | char * sh_tools_revertPack (unsigned char * header, int flag, char * message,
|
---|
| 131 | keyInstance * keyInstE,
|
---|
| 132 | unsigned long message_size);
|
---|
| 133 | #endif
|
---|
| 134 |
|
---|
| 135 | /* define this if you want to debug the client/server communication */
|
---|
| 136 | /* #define SH_DBG_PROT 1 */
|
---|
| 137 |
|
---|
| 138 | #ifdef SH_DBG_PROT
|
---|
| 139 | #define SH_SHOWPROT(c,d) sh_tools_show_header((c), (d))
|
---|
| 140 | #else
|
---|
| 141 | #define SH_SHOWPROT(c,d)
|
---|
| 142 | #endif
|
---|
| 143 |
|
---|
| 144 | /* the port client will be connecting to
|
---|
| 145 | */
|
---|
| 146 | #ifndef SH_DEFAULT_PORT
|
---|
| 147 | #define SH_DEFAULT_PORT 49777
|
---|
| 148 | #endif
|
---|
| 149 |
|
---|
| 150 | #ifndef SH_SELECT_REPEAT
|
---|
| 151 | #define SH_SELECT_REPEAT 60
|
---|
| 152 | #endif
|
---|
| 153 |
|
---|
| 154 | #ifndef SH_HEADER_SIZE
|
---|
| 155 | #define SH_HEADER_SIZE 7
|
---|
| 156 | #endif
|
---|
| 157 |
|
---|
| 158 | #ifndef SH_CHALLENGE_SIZE
|
---|
| 159 | #define SH_CHALLENGE_SIZE 9
|
---|
| 160 | #endif
|
---|
| 161 |
|
---|
| 162 | #undef FIL__
|
---|
| 163 | #define FIL__ _("sh_xfer_client.c")
|
---|
| 164 |
|
---|
| 165 | extern int flag_err_debug;
|
---|
| 166 | extern int flag_err_info;
|
---|
| 167 |
|
---|
| 168 | #ifndef SH_STANDALONE
|
---|
| 169 |
|
---|
| 170 | #if defined(WITH_TRACE) || defined(WITH_TPT)
|
---|
| 171 | char * hu_trans(const char * ihu)
|
---|
| 172 | {
|
---|
| 173 | static char ohu[17];
|
---|
| 174 | sprintf(ohu, _("%c%03o"), '\\', /* known to fit */
|
---|
| 175 | (unsigned char) ihu[0]);
|
---|
| 176 | sprintf(&(ohu[4]), _("%c%03o"), '\\', /* known to fit */
|
---|
| 177 | (unsigned char) ihu[1]);
|
---|
| 178 | sprintf(&(ohu[8]), _("%c%03o"), '\\', /* known to fit */
|
---|
| 179 | (unsigned char) ihu[2]);
|
---|
| 180 | sprintf(&(ohu[12]), _("%c%03o"), '\\', /* known to fit */
|
---|
| 181 | (unsigned char) ihu[3]);
|
---|
| 182 | ohu[16] = '\0';
|
---|
| 183 | return ohu;
|
---|
| 184 | }
|
---|
| 185 | #endif
|
---|
| 186 | /* #ifndef SH_STANDALONE */
|
---|
| 187 | #endif
|
---|
| 188 |
|
---|
| 189 | #if !defined(USE_SRP_PROTOCOL)
|
---|
| 190 | void sh_passwd (char * salt, char * password, char * nounce, char *hash)
|
---|
| 191 | {
|
---|
| 192 |
|
---|
| 193 | char *combi;
|
---|
| 194 | size_t len;
|
---|
| 195 | unsigned char * tmp = NULL;
|
---|
| 196 | char hashbuf[KEYBUF_SIZE];
|
---|
| 197 |
|
---|
| 198 | if (password == NULL)
|
---|
| 199 | {
|
---|
| 200 | tmp = (unsigned char *) &(skey->pw[0]);
|
---|
| 201 | memcpy(skey->vernam, tmp, PW_LEN);
|
---|
| 202 | sl_strlcpy (skey->vernam,
|
---|
| 203 | sh_tiger_hash(skey->vernam, TIGER_DATA, PW_LEN,
|
---|
| 204 | hashbuf, sizeof(hashbuf)),
|
---|
| 205 | KEY_LEN+1);
|
---|
| 206 | }
|
---|
| 207 | else if (sl_strlen(password) < PW_LEN)
|
---|
| 208 | {
|
---|
| 209 | fprintf(stderr, _("Password has less than %d chars !\n"),
|
---|
| 210 | PW_LEN);
|
---|
| 211 | _exit(EXIT_FAILURE);
|
---|
| 212 | }
|
---|
| 213 | else
|
---|
| 214 | {
|
---|
| 215 | sl_strlcpy (skey->vernam, password, KEY_LEN+1);
|
---|
| 216 | }
|
---|
| 217 |
|
---|
| 218 | len = sl_strlen(salt) + 1;
|
---|
| 219 | if (sl_ok_adds(len, sl_strlen(skey->vernam)))
|
---|
| 220 | len += sl_strlen(skey->vernam);
|
---|
| 221 | if (nounce != NULL && sl_ok_adds(len, sl_strlen(nounce)))
|
---|
| 222 | len += sl_strlen(nounce);
|
---|
| 223 |
|
---|
| 224 | /* H(s,P)
|
---|
| 225 | */
|
---|
| 226 | combi = SH_ALLOC(len);
|
---|
| 227 | (void) sl_strlcpy (combi, salt, len);
|
---|
| 228 | (void) sl_strlcat (combi, skey->vernam, len);
|
---|
| 229 | if (nounce != NULL)
|
---|
| 230 | (void) sl_strlcat (combi, nounce, len);
|
---|
| 231 | (void) sl_strlcpy (hash,
|
---|
| 232 | sh_tiger_hash(combi, TIGER_DATA,
|
---|
| 233 | (unsigned long) sl_strlen(combi),
|
---|
| 234 | hashbuf, sizeof(hashbuf)),
|
---|
| 235 | KEY_LEN+1);
|
---|
| 236 | SH_FREE (combi);
|
---|
| 237 | hash[KEY_LEN] = '\0';
|
---|
| 238 | return;
|
---|
| 239 | }
|
---|
| 240 | #endif
|
---|
| 241 |
|
---|
| 242 | #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
|
---|
| 243 |
|
---|
| 244 | /* Server addresses in use
|
---|
| 245 | */
|
---|
| 246 | static int count_dev_server = 0;
|
---|
| 247 |
|
---|
| 248 | void reset_count_dev_server(void)
|
---|
| 249 | {
|
---|
| 250 | count_dev_server = 0;
|
---|
| 251 | return;
|
---|
| 252 | }
|
---|
| 253 |
|
---|
| 254 | int sh_xfer_set_logserver (const char * address)
|
---|
| 255 | {
|
---|
| 256 | SL_ENTER(_("sh_xfer_set_logserver"));
|
---|
| 257 |
|
---|
| 258 | if (address != NULL && count_dev_server < 2
|
---|
| 259 | && sl_strlen(address) < SH_PATHBUF && sl_strlen(address) > 0)
|
---|
| 260 | {
|
---|
| 261 | if (count_dev_server == 0)
|
---|
| 262 | (void) sl_strlcpy (sh.srvexport.name, address, SH_PATHBUF);
|
---|
| 263 | else
|
---|
| 264 | (void) sl_strlcpy (sh.srvexport.alt, address, SH_PATHBUF);
|
---|
| 265 |
|
---|
| 266 | ++count_dev_server;
|
---|
| 267 | SL_RETURN (0, _("sh_xfer_set_logserver"));
|
---|
| 268 | }
|
---|
| 269 | SL_RETURN (-1, _("sh_xfer_set_logserver"));
|
---|
| 270 | }
|
---|
| 271 |
|
---|
| 272 | static
|
---|
| 273 | int xfer_send_intern (int mysocket, const int protocol, char * micro,
|
---|
| 274 | char * msgbuf, unsigned long length, int docrypt)
|
---|
| 275 | {
|
---|
| 276 | unsigned long numbytes, countbytes;
|
---|
| 277 | int flag_err = 0;
|
---|
| 278 | unsigned char head[SH_HEADER_SIZE];
|
---|
| 279 | char * outbuf;
|
---|
| 280 | #ifdef SH_ENCRYPT
|
---|
| 281 | char * msg2buf = NULL;
|
---|
| 282 | #else
|
---|
| 283 | (void) docrypt;
|
---|
| 284 | #endif
|
---|
| 285 |
|
---|
| 286 | SL_ENTER(_("xfer_send_intern"));
|
---|
| 287 |
|
---|
| 288 | #ifdef SH_ENCRYPT
|
---|
| 289 | if ((S_TRUE == docrypt) && ((protocol & SH_PROTO_ENC) != 0))
|
---|
| 290 | {
|
---|
| 291 | put_header (head, protocol, &length, micro);
|
---|
| 292 | msg2buf = sh_tools_makePack (head, 0, msgbuf, length,
|
---|
| 293 | &(skey->keyInstE));
|
---|
| 294 | length = (unsigned long) (256 * (unsigned int)head[1] +
|
---|
| 295 | (unsigned int)head[2]);
|
---|
| 296 | outbuf = msg2buf;
|
---|
| 297 | }
|
---|
| 298 | else
|
---|
| 299 | {
|
---|
| 300 | outbuf = msgbuf;
|
---|
| 301 | put_header (head, protocol, &length, micro);
|
---|
| 302 | }
|
---|
| 303 | #else
|
---|
| 304 | outbuf = msgbuf;
|
---|
| 305 | put_header (head, protocol, &length, micro);
|
---|
| 306 | #endif
|
---|
| 307 |
|
---|
| 308 | SH_SHOWPROT(head,'>');
|
---|
| 309 |
|
---|
| 310 | numbytes = SH_HEADER_SIZE;
|
---|
| 311 | countbytes = write_port (mysocket, (char *)head, numbytes, &flag_err, 300);
|
---|
| 312 |
|
---|
| 313 | if (countbytes == numbytes && outbuf != NULL)
|
---|
| 314 | {
|
---|
| 315 | numbytes = length;
|
---|
| 316 | countbytes = write_port (mysocket, outbuf, numbytes, &flag_err, 300);
|
---|
| 317 | }
|
---|
| 318 |
|
---|
| 319 | #ifdef SH_ENCRYPT
|
---|
| 320 | if (msg2buf != NULL)
|
---|
| 321 | SH_FREE(msg2buf);
|
---|
| 322 | #endif
|
---|
| 323 |
|
---|
| 324 | if (countbytes == numbytes)
|
---|
| 325 | SL_RETURN( 0, _("xfer_send_intern"));
|
---|
| 326 | else
|
---|
| 327 | SL_RETURN( flag_err, _("xfer_send_intern"));
|
---|
| 328 | }
|
---|
| 329 |
|
---|
| 330 | static
|
---|
| 331 | int xfer_send (int mysocket, const int protocol, char * micro,
|
---|
| 332 | char * msgbuf, unsigned long length)
|
---|
| 333 | {
|
---|
| 334 | int i;
|
---|
| 335 | SL_ENTER(_("xfer_send"));
|
---|
| 336 | TPT(( 0, FIL__, __LINE__, _("msg=<Send.>\n")));
|
---|
| 337 | i = xfer_send_intern (mysocket, protocol, micro,
|
---|
| 338 | msgbuf, length, S_FALSE);
|
---|
| 339 | SL_RETURN(i, _("xfer_send"));
|
---|
| 340 | }
|
---|
| 341 | static
|
---|
| 342 | int xfer_send_crypt (int mysocket, const int protocol, char * micro,
|
---|
| 343 | char * msgbuf, unsigned long length)
|
---|
| 344 | {
|
---|
| 345 | int i;
|
---|
| 346 | SL_ENTER(_("xfer_send_crypt"));
|
---|
| 347 | #ifdef SH_ENCRYPT
|
---|
| 348 | TPT(( 0, FIL__, __LINE__, _("msg=<Send encrypted.>\n")));
|
---|
| 349 | #else
|
---|
| 350 | TPT(( 0, FIL__, __LINE__, _("msg=<Send.>\n")));
|
---|
| 351 | #endif
|
---|
| 352 | i = xfer_send_intern (mysocket, protocol, micro,
|
---|
| 353 | msgbuf, length, S_TRUE);
|
---|
| 354 | SL_RETURN(i, _("xfer_send_crypt"));
|
---|
| 355 | }
|
---|
| 356 |
|
---|
| 357 |
|
---|
| 358 | /* receive answer, add a trailing NULL to terminate string
|
---|
| 359 | * decrypt answer
|
---|
| 360 | */
|
---|
| 361 | static
|
---|
| 362 | long xfer_receive_intern (int mysocket, const int protocol, char * micro,
|
---|
| 363 | char * msgbuf, unsigned long length,
|
---|
| 364 | int docrypt)
|
---|
| 365 | {
|
---|
| 366 | unsigned long numbytes, countbytes;
|
---|
| 367 | int flag_err = -1;
|
---|
| 368 | unsigned char head[SH_HEADER_SIZE];
|
---|
| 369 | #ifndef SH_ENCRYPT
|
---|
| 370 | (void) docrypt;
|
---|
| 371 | #endif
|
---|
| 372 |
|
---|
| 373 | SL_ENTER(_("xfer_receive_intern"));
|
---|
| 374 |
|
---|
| 375 | #ifdef SH_ENCRYPT
|
---|
| 376 | /* make sure length is not multiple of B_SIZ, see below
|
---|
| 377 | */
|
---|
| 378 | ASSERT_RET((length % B_SIZ != 0), _("length % 16 != 0"), flag_err);
|
---|
| 379 | #endif
|
---|
| 380 |
|
---|
| 381 | if (micro != NULL)
|
---|
| 382 | micro[4] = '\0';
|
---|
| 383 | if (msgbuf != NULL)
|
---|
| 384 | msgbuf[0] = '\0';
|
---|
| 385 |
|
---|
| 386 | numbytes = SH_HEADER_SIZE;
|
---|
| 387 | countbytes = read_port (mysocket, (char *)head, numbytes, &flag_err, 300);
|
---|
| 388 |
|
---|
| 389 | if (countbytes != numbytes)
|
---|
| 390 | {
|
---|
| 391 | TPT(( 0, FIL__, __LINE__, _("msg=<countbytes != numbytes>\n")));
|
---|
| 392 | SL_RETURN(flag_err, _("xfer_receive_intern"));
|
---|
| 393 | }
|
---|
| 394 | else if (msgbuf == NULL)
|
---|
| 395 | {
|
---|
| 396 | sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
|
---|
| 397 | _("msgbuf is NULL"), _("xfer_receive_intern"));
|
---|
| 398 | SL_RETURN((-1), _("xfer_receive_intern"));
|
---|
| 399 | }
|
---|
| 400 | else if (head[0] != protocol && (head[0] & SH_PROTO_SRP) == 0)
|
---|
| 401 | {
|
---|
| 402 | sh_error_handle((-1), FIL__, __LINE__, 0, MSG_TCP_MISMATCH);
|
---|
| 403 | SL_RETURN((-1), _("xfer_receive_intern"));
|
---|
| 404 | }
|
---|
| 405 | else
|
---|
| 406 | {
|
---|
| 407 | get_header (head, &numbytes, micro);
|
---|
| 408 | SH_SHOWPROT(head, '<');
|
---|
| 409 |
|
---|
| 410 | if (numbytes > 0)
|
---|
| 411 | {
|
---|
| 412 | numbytes = (numbytes > length ? length : numbytes);
|
---|
| 413 |
|
---|
| 414 | countbytes = read_port (mysocket, msgbuf, numbytes, &flag_err, 300);
|
---|
| 415 |
|
---|
| 416 | if (countbytes < length)
|
---|
| 417 | msgbuf[countbytes] = '\0';
|
---|
| 418 | else
|
---|
| 419 | msgbuf[length-1] = '\0';
|
---|
| 420 |
|
---|
| 421 | if (flag_err != 0)
|
---|
| 422 | {
|
---|
| 423 | TPT(( 0, FIL__, __LINE__, _("msg=<read error>\n")));
|
---|
| 424 | SL_RETURN((-1), _("xfer_receive_intern"));
|
---|
| 425 | }
|
---|
| 426 | }
|
---|
| 427 | }
|
---|
| 428 |
|
---|
| 429 | #ifdef SH_ENCRYPT
|
---|
| 430 | if ((S_TRUE == docrypt) && ((protocol & SH_PROTO_ENC) != 0))
|
---|
| 431 | {
|
---|
| 432 | unsigned long head_length;
|
---|
| 433 | char * tmp = SH_ALLOC((size_t)length);
|
---|
| 434 |
|
---|
| 435 | memcpy(tmp, msgbuf, (size_t)length);
|
---|
| 436 | tmp = sh_tools_revertPack (head, 0, tmp, &(skey->keyInstD), countbytes);
|
---|
| 437 |
|
---|
| 438 | head_length = (unsigned long) (256 * (unsigned int)head[1] +
|
---|
| 439 | (unsigned int)head[2]);
|
---|
| 440 |
|
---|
| 441 | /*
|
---|
| 442 | * revertPack returns header with length <= (original_length-16), so
|
---|
| 443 | * the following msgbuf[length] = '\0' is always safe.
|
---|
| 444 | * Nevertheless, check for proper length.
|
---|
| 445 | */
|
---|
| 446 | if (head_length <= (length-1))
|
---|
| 447 | length = head_length;
|
---|
| 448 | else
|
---|
| 449 | --length;
|
---|
| 450 |
|
---|
| 451 | memcpy(msgbuf, tmp, (size_t)length);
|
---|
| 452 | msgbuf[length] = '\0';
|
---|
| 453 | SH_FREE(tmp);
|
---|
| 454 | if (countbytes == numbytes)
|
---|
| 455 | countbytes = length; /* to avoid error on return, see below */
|
---|
| 456 | numbytes = length;
|
---|
| 457 | }
|
---|
| 458 | #endif
|
---|
| 459 |
|
---|
| 460 | if (countbytes == numbytes)
|
---|
| 461 | SL_RETURN(((long)numbytes), _("xfer_receive_intern"));
|
---|
| 462 | else
|
---|
| 463 | {
|
---|
| 464 | TPT(( 0, FIL__, __LINE__, _("msg=<short read>\n")));
|
---|
| 465 | SL_RETURN(flag_err, _("xfer_receive_intern"));
|
---|
| 466 | }
|
---|
| 467 | }
|
---|
| 468 |
|
---|
| 469 | static
|
---|
| 470 | long xfer_receive (int mysocket, const int protocol, char * micro,
|
---|
| 471 | char * msgbuf, unsigned long length)
|
---|
| 472 | {
|
---|
| 473 | long i;
|
---|
| 474 | SL_ENTER(_("xfer_receive"));
|
---|
| 475 | TPT(( 0, FIL__, __LINE__, _("msg=<Receive.>\n")));
|
---|
| 476 | i = xfer_receive_intern (mysocket, protocol, micro,
|
---|
| 477 | msgbuf, length, S_FALSE);
|
---|
| 478 | SL_RETURN(i, _("xfer_receive"));
|
---|
| 479 | }
|
---|
| 480 |
|
---|
| 481 | static
|
---|
| 482 | long xfer_receive_crypt (int mysocket, const int protocol, char * micro,
|
---|
| 483 | char * msgbuf, unsigned long length)
|
---|
| 484 | {
|
---|
| 485 | long i;
|
---|
| 486 | SL_ENTER(_("xfer_receive_crypt"));
|
---|
| 487 | #ifdef SH_ENCRYPT
|
---|
| 488 | TPT(( 0, FIL__, __LINE__, _("msg=<Receive encrypted.>\n")));
|
---|
| 489 | #else
|
---|
| 490 | TPT(( 0, FIL__, __LINE__, _("msg=<Receive.>\n")));
|
---|
| 491 | #endif
|
---|
| 492 | i = xfer_receive_intern (mysocket, protocol, micro,
|
---|
| 493 | msgbuf, length, S_TRUE);
|
---|
| 494 | SL_RETURN(i, _("xfer_receive_crypt"));
|
---|
| 495 | }
|
---|
| 496 |
|
---|
| 497 | /**************************************************
|
---|
| 498 | *
|
---|
| 499 | *
|
---|
| 500 | * C L I E N T
|
---|
| 501 | *
|
---|
| 502 | *
|
---|
| 503 | ***************************************************/
|
---|
| 504 |
|
---|
| 505 |
|
---|
| 506 | #include <time.h>
|
---|
| 507 |
|
---|
| 508 | static SH_FIFO * fifo = NULL;
|
---|
| 509 |
|
---|
| 510 | static long xfer_try_report (char * errmsg);
|
---|
| 511 |
|
---|
| 512 | unsigned int ServerPort = SH_DEFAULT_PORT;
|
---|
| 513 |
|
---|
| 514 | int sh_xfer_server_port (const char * str)
|
---|
| 515 | {
|
---|
| 516 | unsigned long l;
|
---|
| 517 | char * endptr;
|
---|
| 518 |
|
---|
| 519 | SL_ENTER(_("sh_xfer_server_port"));
|
---|
| 520 |
|
---|
| 521 | l = strtoul (str, &endptr, 0);
|
---|
| 522 | if (l > 65535 || endptr == str)
|
---|
| 523 | {
|
---|
| 524 | SL_RETURN (-1, _("sh_xfer_server_port"));
|
---|
| 525 | }
|
---|
| 526 | ServerPort = (unsigned int) l;
|
---|
| 527 | SL_RETURN (0, _("sh_xfer_server_port"));
|
---|
| 528 | }
|
---|
| 529 |
|
---|
| 530 | long sh_xfer_report (char * errmsg)
|
---|
| 531 | {
|
---|
| 532 | static int have_server = S_TRUE;
|
---|
| 533 | long status;
|
---|
| 534 | char * popmsg;
|
---|
| 535 | static int nofail = S_TRUE;
|
---|
| 536 |
|
---|
| 537 | SL_ENTER(_("sh_xfer_report"));
|
---|
| 538 |
|
---|
| 539 | /* --- No log server available. ---
|
---|
| 540 | */
|
---|
| 541 | if (have_server == S_TRUE && sh.srvexport.name[0] == '\0')
|
---|
| 542 | {
|
---|
| 543 | have_server = S_FALSE;
|
---|
| 544 | sh_error_handle((-1), FIL__, __LINE__, 0, MSG_TCP_NONAME);
|
---|
| 545 | SL_RETURN (-1, _("sh_xfer_report"));
|
---|
| 546 | }
|
---|
| 547 | else if (have_server == BAD)
|
---|
| 548 | {
|
---|
| 549 | SL_RETURN (-1, _("sh_xfer_report"));
|
---|
| 550 | }
|
---|
| 551 |
|
---|
| 552 | /* --- Allocate fifo. ---
|
---|
| 553 | */
|
---|
| 554 | if (fifo == NULL)
|
---|
| 555 | {
|
---|
| 556 | fifo = SH_ALLOC(sizeof(SH_FIFO));
|
---|
| 557 | fifo_init(fifo);
|
---|
| 558 | }
|
---|
| 559 |
|
---|
| 560 | /* --- Check for messages on the queue, and send them first. ---
|
---|
| 561 | */
|
---|
| 562 | while (NULL != (popmsg = pop_list(fifo)) )
|
---|
| 563 | {
|
---|
| 564 | status = xfer_try_report (popmsg);
|
---|
| 565 | if (status != 0)
|
---|
| 566 | {
|
---|
| 567 | (void) push_tail_list (fifo, popmsg, 0, NULL);
|
---|
| 568 | SH_FREE(popmsg);
|
---|
| 569 | if (SH_FIFO_MAX == push_list (fifo, errmsg, 0,NULL))
|
---|
| 570 | SL_RETURN (-2, _("sh_xfer_report"));
|
---|
| 571 | SL_RETURN (-1, _("sh_xfer_report"));
|
---|
| 572 | }
|
---|
| 573 | SH_FREE(popmsg);
|
---|
| 574 | }
|
---|
| 575 |
|
---|
| 576 | /* --- Now send the error message. ---
|
---|
| 577 | */
|
---|
| 578 | status = xfer_try_report (errmsg);
|
---|
| 579 | if (status != 0)
|
---|
| 580 | {
|
---|
| 581 | if (nofail == S_TRUE)
|
---|
| 582 | sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_SRV_FAIL,
|
---|
| 583 | _("log server"), sh.srvexport.name);
|
---|
| 584 | nofail = S_FALSE;
|
---|
| 585 | if (SH_FIFO_MAX == push_list (fifo, errmsg, 0, NULL))
|
---|
| 586 | SL_RETURN (-2, _("sh_xfer_report"));
|
---|
| 587 | SL_RETURN (-1, _("sh_xfer_report"));
|
---|
| 588 | }
|
---|
| 589 |
|
---|
| 590 | nofail = S_TRUE;
|
---|
| 591 | SL_RETURN (0, _("sh_xfer_report"));
|
---|
| 592 | }
|
---|
| 593 |
|
---|
| 594 | static long xfer_try_report_int (char * errmsg, const int what);
|
---|
| 595 |
|
---|
| 596 | static long xfer_try_report (char * errmsg)
|
---|
| 597 | {
|
---|
| 598 | long i;
|
---|
| 599 | SL_ENTER(_("xfer_try_report"));
|
---|
| 600 | i = xfer_try_report_int (errmsg, SH_PROTO_MSG);
|
---|
| 601 | SL_RETURN(i, _("xfer_try_report"));
|
---|
| 602 | }
|
---|
| 603 |
|
---|
| 604 | long sh_xfer_request_file (const char * file)
|
---|
| 605 | {
|
---|
| 606 | long i;
|
---|
| 607 | char tmp_file[64];
|
---|
| 608 | SL_ENTER(_("sh_xfer_request_file"));
|
---|
| 609 | sl_strlcpy(tmp_file, file, sizeof(tmp_file));
|
---|
| 610 | i = xfer_try_report_int (tmp_file, SH_PROTO_BIG);
|
---|
| 611 | SL_RETURN(i, _("sh_xfer_request_file"));
|
---|
| 612 | }
|
---|
| 613 |
|
---|
| 614 | static unsigned long sh_throttle_delay = 0;
|
---|
| 615 |
|
---|
| 616 | int sh_xfer_set_throttle_delay (const char * c)
|
---|
| 617 | {
|
---|
| 618 | long val;
|
---|
| 619 |
|
---|
| 620 | SL_ENTER(_("sh_xfer_set_throttle_delay"));
|
---|
| 621 | val = strtol (c, (char **)NULL, 10);
|
---|
| 622 | if (val < 0)
|
---|
| 623 | SL_RETURN( (-1), _("sh_xfer_set_throttle_delay"));
|
---|
| 624 |
|
---|
| 625 | val = (val > 1000) ? 1000 : val;
|
---|
| 626 |
|
---|
| 627 | sh_throttle_delay = (unsigned long) val;
|
---|
| 628 | SL_RETURN( (0), _("sh_xfer_set_throttle_delay"));
|
---|
| 629 | }
|
---|
| 630 |
|
---|
| 631 | static time_t xfer_timeout_val = 1;
|
---|
| 632 |
|
---|
| 633 | static int xfer_conn_state(int initialized, int conn_state)
|
---|
| 634 | {
|
---|
| 635 | static time_t time_now = 1200;
|
---|
| 636 | static time_t time_last = 0;
|
---|
| 637 |
|
---|
| 638 | if (initialized == S_FALSE || conn_state == S_FALSE)
|
---|
| 639 | {
|
---|
| 640 | xfer_timeout_val =
|
---|
| 641 | ((xfer_timeout_val > TIMEOUT_CON) ? TIMEOUT_CON : xfer_timeout_val);
|
---|
| 642 |
|
---|
| 643 | /* --- Retry bad attempt only after some time. ---
|
---|
| 644 | */
|
---|
| 645 | time_now = time (NULL);
|
---|
| 646 | if ((time_now - time_last) < xfer_timeout_val)
|
---|
| 647 | {
|
---|
| 648 | TPT(( 0, FIL__, __LINE__, _("msg=<Within deadtime, no retry.>\n")));
|
---|
| 649 | return -1;
|
---|
| 650 | }
|
---|
| 651 | TPT(( 0, FIL__, __LINE__, _("msg=<Retry.>\n")));
|
---|
| 652 | }
|
---|
| 653 | time_last = time (NULL);
|
---|
| 654 | return 0;
|
---|
| 655 | }
|
---|
| 656 |
|
---|
| 657 | static int xfer_connect(int * conn_state)
|
---|
| 658 | {
|
---|
| 659 | char error_msg[256];
|
---|
| 660 | char error_call[SH_MINIBUF] = { 0 };
|
---|
| 661 | int error_num = 0;
|
---|
| 662 |
|
---|
| 663 | int sockfd = connect_port_2 (sh.srvexport.name, sh.srvexport.alt, ServerPort,
|
---|
| 664 | error_call, &error_num, error_msg, 256);
|
---|
| 665 |
|
---|
| 666 | if (sockfd < 3)
|
---|
| 667 | {
|
---|
| 668 | *conn_state = S_FALSE;
|
---|
| 669 | xfer_timeout_val *= 2;
|
---|
| 670 | sh_error_handle ((-1), FIL__, __LINE__, error_num,
|
---|
| 671 | MSG_E_NET, error_msg, error_call,
|
---|
| 672 | _("export"), sh.srvexport.name);
|
---|
| 673 | return -1;
|
---|
| 674 | }
|
---|
| 675 |
|
---|
| 676 | *conn_state = S_TRUE;
|
---|
| 677 | return sockfd;
|
---|
| 678 | }
|
---|
| 679 |
|
---|
| 680 | int xfer_greet_server(int sockfd, char * answer)
|
---|
| 681 | {
|
---|
| 682 | int flag_err;
|
---|
| 683 | char head_u[5];
|
---|
| 684 | int theProto = SH_PROTO_SRP;
|
---|
| 685 |
|
---|
| 686 | TPT(( 0, FIL__, __LINE__, _("msg=<c/r: entry>\n")));
|
---|
| 687 |
|
---|
| 688 | sl_strlcpy (answer, sh.host.name, 512);
|
---|
| 689 |
|
---|
| 690 | flag_err = xfer_send (sockfd, theProto, _("SALT"),
|
---|
| 691 | answer, (unsigned long)sl_strlen(answer));
|
---|
| 692 |
|
---|
| 693 | TPT(( 0, FIL__, __LINE__, _("msg=<c/r: sent SALT, flag_err = %d>\n"),
|
---|
| 694 | flag_err));
|
---|
| 695 |
|
---|
| 696 | /* get nonce from server
|
---|
| 697 | */
|
---|
| 698 | if (flag_err == 0)
|
---|
| 699 | {
|
---|
| 700 | flag_err = xfer_receive (sockfd, (char)theProto, head_u,
|
---|
| 701 | answer, 511);
|
---|
| 702 | flag_err = (flag_err < 0) ? flag_err : 0;
|
---|
| 703 | TPT(( 0, FIL__, __LINE__,
|
---|
| 704 | _("msg=<c/r: rcvt nonce, flag_err = %d>\n"),
|
---|
| 705 | flag_err));
|
---|
| 706 | }
|
---|
| 707 |
|
---|
| 708 | if ( 0 != check_request (head_u, _("INIT")) )
|
---|
| 709 | {
|
---|
| 710 | TPT(( 0, FIL__, __LINE__, _("msg=<srp: u = %03o-%03o-%03o-%03o>\n"), head_u[0], head_u[1], head_u[2], head_u[3]));
|
---|
| 711 | flag_err = -1;
|
---|
| 712 | }
|
---|
| 713 | return flag_err;
|
---|
| 714 | }
|
---|
| 715 |
|
---|
| 716 |
|
---|
| 717 | #if !defined(USE_SRP_PROTOCOL)
|
---|
| 718 |
|
---|
| 719 | static int xfer_auth(int is_reinit, int * initialized,
|
---|
| 720 | int sockfd, char * answer)
|
---|
| 721 | {
|
---|
| 722 | /**************************************************
|
---|
| 723 | *
|
---|
| 724 | * --- challenge/response authentication ---
|
---|
| 725 | *
|
---|
| 726 | **************************************************/
|
---|
| 727 |
|
---|
| 728 | int flag_err = 0;
|
---|
| 729 | int theProto = 0;
|
---|
| 730 | char nounce[KEY_LEN+1];
|
---|
| 731 | char temp[2*KEY_LEN+1];
|
---|
| 732 | char nonce_u[KEY_LEN+1];
|
---|
| 733 | UINT32 ticks;
|
---|
| 734 |
|
---|
| 735 | char head_u[5];
|
---|
| 736 | char foo_M1[KEY_LEN+1];
|
---|
| 737 | char hashbuf[KEYBUF_SIZE];
|
---|
| 738 | #ifdef SH_ENCRYPT
|
---|
| 739 | int err_num;
|
---|
| 740 | char expbuf[SH_ERRBUF_SIZE];
|
---|
| 741 | #endif
|
---|
| 742 |
|
---|
| 743 | SL_REQUIRE((sockfd > 2), _("sockfd > 2"));
|
---|
| 744 |
|
---|
| 745 | if (is_reinit == S_FALSE)
|
---|
| 746 | flag_err = xfer_greet_server(sockfd, answer);
|
---|
| 747 | else
|
---|
| 748 | sh_tools_probe_reset();
|
---|
| 749 |
|
---|
| 750 | /* entry point for jump from message forward if session key must
|
---|
| 751 | * be re-initialized
|
---|
| 752 | */
|
---|
| 753 |
|
---|
| 754 | if ( flag_err == 0 && sl_strlen(answer) > KEY_LEN )
|
---|
| 755 | (void) sl_strlcpy(nounce, &answer[KEY_LEN], KEY_LEN+1);
|
---|
| 756 | else
|
---|
| 757 | flag_err = (-1);
|
---|
| 758 |
|
---|
| 759 | TPT(( 0, FIL__, __LINE__, _("msg=<c/r: rcvt INIT, flag_err = %d>\n"),
|
---|
| 760 | flag_err));
|
---|
| 761 |
|
---|
| 762 | /* verify random nonce v from server H(v, P)v
|
---|
| 763 | */
|
---|
| 764 | sh_passwd (nounce, NULL, NULL, temp);
|
---|
[544] | 765 | if ( 0 != sl_ts_strncmp(temp, answer, KEY_LEN))
|
---|
[481] | 766 | flag_err = (-1);
|
---|
| 767 |
|
---|
| 768 | TPT(( 0, FIL__, __LINE__, _("msg=<c/r: vrfy nonce, flag_err = %d>\n"),
|
---|
| 769 | flag_err));
|
---|
| 770 |
|
---|
| 771 |
|
---|
| 772 | /* --- Create own nonce. ---
|
---|
| 773 | */
|
---|
| 774 | ticks = (UINT32) taus_get ();
|
---|
| 775 |
|
---|
| 776 | (void) sl_strlcpy(nonce_u,
|
---|
| 777 | sh_tiger_hash((char *) &ticks,
|
---|
| 778 | TIGER_DATA,
|
---|
| 779 | (unsigned long)sizeof(UINT32),
|
---|
| 780 | hashbuf, sizeof(hashbuf)),
|
---|
| 781 | KEY_LEN+1);
|
---|
| 782 |
|
---|
| 783 | /* --- Form the message H(H(u,v),P)u ---
|
---|
| 784 | */
|
---|
| 785 | (void) sl_strlcpy(temp, nonce_u, 2*KEY_LEN+1);
|
---|
| 786 | (void) sl_strlcat(temp, nounce, 2*KEY_LEN+1);
|
---|
| 787 | (void) sl_strlcpy(temp,
|
---|
| 788 | sh_tiger_hash(temp,
|
---|
| 789 | TIGER_DATA,
|
---|
| 790 | (unsigned long)sl_strlen(temp),
|
---|
| 791 | hashbuf, sizeof(hashbuf)),
|
---|
| 792 | KEY_LEN+1);
|
---|
| 793 | sh_passwd (temp, NULL, NULL, foo_M1);
|
---|
| 794 | (void) sl_strlcpy(temp, foo_M1, 2*KEY_LEN+1);
|
---|
| 795 | (void) sl_strlcat(temp, nonce_u, 2*KEY_LEN+1);
|
---|
| 796 |
|
---|
| 797 | /* --- Send it to server. ---
|
---|
| 798 | */
|
---|
| 799 | if (flag_err == 0)
|
---|
| 800 | {
|
---|
| 801 | flag_err = xfer_send (sockfd,
|
---|
| 802 | (theProto|SH_PROTO_SRP),
|
---|
| 803 | _("PASS"), temp,
|
---|
| 804 | (unsigned long)sl_strlen(temp));
|
---|
| 805 | TPT(( 0, FIL__, __LINE__, _("msg=<c/r: sent PASS, flag_err = %d>\n"),
|
---|
| 806 | flag_err));
|
---|
| 807 | }
|
---|
| 808 |
|
---|
| 809 | if (flag_err == 0)
|
---|
| 810 | {
|
---|
| 811 | flag_err = xfer_receive (sockfd,
|
---|
| 812 | (theProto|SH_PROTO_SRP),
|
---|
| 813 | head_u, answer, 511);
|
---|
| 814 | sh_passwd (nounce, NULL, nonce_u, foo_M1);
|
---|
| 815 | (void) sl_strlcpy (skey->session, foo_M1, KEY_LEN+1);
|
---|
| 816 | #ifdef SH_ENCRYPT
|
---|
| 817 | err_num = rijndael_makeKey(&(skey->keyInstE),
|
---|
| 818 | (BYTE)DIR_ENCRYPT, 192, skey->session);
|
---|
| 819 | if (err_num < 0)
|
---|
| 820 | sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
|
---|
| 821 | errorExplain(err_num, expbuf, sizeof(expbuf)),
|
---|
| 822 | _("xfer_try_report_int: makeKey"));
|
---|
| 823 |
|
---|
| 824 | err_num = rijndael_makeKey(&(skey->keyInstD),
|
---|
| 825 | (BYTE)DIR_DECRYPT, 192, skey->session);
|
---|
| 826 | if (err_num < 0)
|
---|
| 827 | sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
|
---|
| 828 | errorExplain(err_num, expbuf, sizeof(expbuf)),
|
---|
| 829 | _("xfer_try_report_int: make_key"));
|
---|
| 830 | #endif
|
---|
| 831 | *initialized = S_TRUE;
|
---|
| 832 | }
|
---|
| 833 |
|
---|
| 834 | if (*initialized == S_FALSE)
|
---|
| 835 | {
|
---|
| 836 | xfer_timeout_val *= 2;
|
---|
| 837 | sh_error_handle((-1), FIL__, __LINE__, 0, MSG_TCP_NOAUTH);
|
---|
| 838 | memset(answer, 0, 512);
|
---|
| 839 | MUNLOCK(answer, 512);
|
---|
| 840 | SH_FREE(answer);
|
---|
| 841 | return -1;
|
---|
| 842 | }
|
---|
| 843 | else
|
---|
| 844 | {
|
---|
| 845 | sh_error_handle((-1), FIL__, __LINE__, 0, MSG_TCP_AUTH);
|
---|
| 846 | }
|
---|
| 847 | return 0;
|
---|
| 848 | }
|
---|
| 849 | #else
|
---|
| 850 |
|
---|
| 851 | static void noise()
|
---|
| 852 | {
|
---|
| 853 | UINT32 n = taus_get();
|
---|
| 854 | retry_msleep(0, (n & 0x0000007F));
|
---|
| 855 | return;
|
---|
| 856 | }
|
---|
| 857 |
|
---|
| 858 |
|
---|
| 859 | static int xfer_auth(int is_reinit, int * initialized,
|
---|
| 860 | int sockfd, char * answer)
|
---|
| 861 | {
|
---|
| 862 | /* This is the SRP authenticated key exchange protocol.
|
---|
| 863 | * Produces a session key skey->session.
|
---|
| 864 | */
|
---|
| 865 |
|
---|
| 866 | int flag_err = 0;
|
---|
| 867 | int theProto = 0;
|
---|
| 868 |
|
---|
| 869 | char head_u[5];
|
---|
| 870 | char u_real[SH_CHALLENGE_SIZE];
|
---|
| 871 | char * foo_A;
|
---|
| 872 | char * foo_Sc;
|
---|
| 873 | char * M;
|
---|
| 874 | char foo_M1[KEY_LEN+1];
|
---|
| 875 | char hashbuf[KEYBUF_SIZE];
|
---|
| 876 | #ifdef SH_ENCRYPT
|
---|
| 877 | int err_num;
|
---|
| 878 | char expbuf[SH_ERRBUF_SIZE];
|
---|
| 879 | #endif
|
---|
| 880 |
|
---|
| 881 | SL_REQUIRE((sockfd > 2), _("sockfd > 2"));
|
---|
| 882 |
|
---|
| 883 | if (is_reinit == S_FALSE)
|
---|
| 884 | flag_err = xfer_greet_server(sockfd, answer);
|
---|
| 885 | else
|
---|
| 886 | sh_tools_probe_reset();
|
---|
| 887 |
|
---|
| 888 | /* Entry point for jump from message forward if session key must
|
---|
| 889 | * be re-initialized.
|
---|
| 890 | */
|
---|
| 891 | TPT(( 0, FIL__, __LINE__, _("msg=<srp: INIT>\n")));
|
---|
| 892 |
|
---|
| 893 | if ( flag_err == 0 )
|
---|
| 894 | {
|
---|
| 895 | if (0 != sh_srp_init())
|
---|
| 896 | sh_error_handle((-1), FIL__, __LINE__, 0, MSG_TCP_EBGN);
|
---|
| 897 | else
|
---|
| 898 | {
|
---|
| 899 | TPT(( 0, FIL__, __LINE__, _("msg=<srp: bignum initialized>\n")));
|
---|
| 900 |
|
---|
| 901 | sh_srp_x (answer, NULL); /* x password */
|
---|
| 902 | sh_srp_make_a (); /* a random number */
|
---|
| 903 | foo_A = sh_srp_A(); /* g^a */
|
---|
| 904 |
|
---|
| 905 | TPT(( 0, FIL__, __LINE__, _("msg=<srp: A = %s>\n"), foo_A));
|
---|
| 906 |
|
---|
| 907 | if (foo_A == NULL)
|
---|
| 908 | flag_err = (-1);
|
---|
| 909 |
|
---|
| 910 | noise();
|
---|
| 911 |
|
---|
| 912 | if (flag_err == 0)
|
---|
| 913 | flag_err = xfer_send (sockfd,
|
---|
| 914 | (theProto|SH_PROTO_SRP),
|
---|
| 915 | _("PC01"),
|
---|
| 916 | foo_A, sl_strlen(foo_A)+1);
|
---|
| 917 | if (flag_err == 0)
|
---|
| 918 | {
|
---|
| 919 | flag_err = xfer_receive (sockfd,
|
---|
| 920 | (theProto|SH_PROTO_SRP),
|
---|
| 921 | head_u,
|
---|
| 922 | answer, 511);
|
---|
| 923 | flag_err = (flag_err < 0) ? flag_err : 0;
|
---|
| 924 | TPT(( 0, FIL__, __LINE__, _("msg=<srp: B = %s>\n"), answer));
|
---|
| 925 | TPT(( 0, FIL__, __LINE__, _("msg=<srp: u = %03o-%03o-%03o-%03o>\n"), head_u[0], head_u[1], head_u[2], head_u[3]));
|
---|
| 926 | }
|
---|
| 927 |
|
---|
| 928 | /* u nounce */
|
---|
| 929 | /* B answer */
|
---|
| 930 | /* S = (B-g^x)^(a+ux) */
|
---|
| 931 |
|
---|
| 932 |
|
---|
| 933 | if (flag_err == 0)
|
---|
| 934 | {
|
---|
| 935 | noise();
|
---|
| 936 |
|
---|
| 937 | if (0 != sh_srp_check_zero (answer))
|
---|
| 938 | sh_error_handle((-1), FIL__, __LINE__, 0, MSG_TCP_EZERO);
|
---|
| 939 | else
|
---|
| 940 | {
|
---|
| 941 | sl_strlcpy(u_real, sh_tiger_hash(head_u, TIGER_DATA, 4,
|
---|
| 942 | hashbuf, sizeof(hashbuf)),
|
---|
| 943 | SH_CHALLENGE_SIZE);
|
---|
| 944 | foo_Sc = sh_srp_S_c (u_real, answer);
|
---|
| 945 |
|
---|
| 946 | TPT(( 0, FIL__, __LINE__, _("msg=<srp: U = %s>\n"),
|
---|
| 947 | u_real));
|
---|
| 948 | TPT(( 0, FIL__, __LINE__, _("msg=<srp:Sc = %s>\n"),
|
---|
| 949 | foo_Sc));
|
---|
| 950 |
|
---|
| 951 | /* --- Now send H(A,B,H(Sc)) and check. ---
|
---|
| 952 | */
|
---|
| 953 | if (foo_Sc != NULL && 0 == sh_srp_check_zero (foo_Sc))
|
---|
| 954 | {
|
---|
| 955 | sh_srp_M(foo_A,
|
---|
| 956 | answer,
|
---|
| 957 | sh_tiger_hash(foo_Sc,
|
---|
| 958 | TIGER_DATA,
|
---|
| 959 | sl_strlen(foo_Sc),
|
---|
| 960 | hashbuf, sizeof(hashbuf)),
|
---|
| 961 | foo_M1, KEY_LEN+1);
|
---|
| 962 |
|
---|
| 963 |
|
---|
| 964 | TPT(( 0, FIL__, __LINE__, _("msg=<srp:M1 = %s>\n"),
|
---|
| 965 | foo_M1));
|
---|
| 966 |
|
---|
| 967 | flag_err = xfer_send(sockfd,
|
---|
| 968 | (theProto|SH_PROTO_SRP),
|
---|
| 969 | _("PC02"),
|
---|
| 970 | foo_M1, KEY_LEN+1);
|
---|
| 971 | }
|
---|
| 972 | else
|
---|
| 973 | flag_err = (-1);
|
---|
| 974 |
|
---|
| 975 | if (flag_err == 0)
|
---|
| 976 | {
|
---|
| 977 | flag_err = xfer_receive(sockfd,
|
---|
| 978 | (theProto|SH_PROTO_SRP),
|
---|
| 979 | head_u,
|
---|
| 980 | answer, 511);
|
---|
| 981 | flag_err = (flag_err < 0) ? flag_err : 0;
|
---|
| 982 | TPT(( 0, FIL__, __LINE__, _("msg=<srp: M = %s>\n"),
|
---|
| 983 | answer));
|
---|
| 984 | }
|
---|
| 985 |
|
---|
| 986 | if (flag_err == 0 && 0 == check_request (head_u, _("PARP")) )
|
---|
| 987 | {
|
---|
| 988 | /* ------ verify M2 = H(A, M1, K) --------
|
---|
| 989 | */
|
---|
| 990 | char M_buf[KEY_LEN+1];
|
---|
| 991 | M = sh_srp_M (foo_A, foo_M1,
|
---|
| 992 | sh_tiger_hash(foo_Sc,
|
---|
| 993 | TIGER_DATA,
|
---|
| 994 | sl_strlen(foo_Sc),
|
---|
| 995 | hashbuf, sizeof(hashbuf)),
|
---|
| 996 | M_buf, sizeof(M_buf)
|
---|
| 997 | );
|
---|
| 998 | if (M != NULL &&
|
---|
[544] | 999 | 0 == sl_ts_strncmp (answer, M, KEY_LEN+1))
|
---|
[481] | 1000 | {
|
---|
| 1001 | sl_strlcpy (skey->session,
|
---|
| 1002 | sh_tiger_hash(foo_Sc,
|
---|
| 1003 | TIGER_DATA,
|
---|
| 1004 | sl_strlen(foo_Sc),
|
---|
| 1005 | hashbuf, sizeof(hashbuf)),
|
---|
| 1006 | KEY_LEN+1);
|
---|
| 1007 | TPT(( 0, FIL__, __LINE__,
|
---|
| 1008 | _("msg=<srp: Key = %s>\n"),
|
---|
| 1009 | skey->session));
|
---|
| 1010 |
|
---|
| 1011 | #ifdef SH_ENCRYPT
|
---|
| 1012 | err_num = rijndael_makeKey(&(skey->keyInstE),
|
---|
| 1013 | DIR_ENCRYPT,
|
---|
| 1014 | 192, skey->session);
|
---|
| 1015 | if (err_num < 0)
|
---|
| 1016 | sh_error_handle((-1), FIL__, __LINE__, -1,
|
---|
| 1017 | MSG_E_SUBGEN,
|
---|
| 1018 | errorExplain(err_num, expbuf, sizeof(expbuf)),
|
---|
| 1019 | _("xfer_try_report_int: makeKey"));
|
---|
| 1020 | err_num = rijndael_makeKey(&(skey->keyInstD),
|
---|
| 1021 | DIR_DECRYPT,
|
---|
| 1022 | 192, skey->session);
|
---|
| 1023 | if (err_num < 0)
|
---|
| 1024 | sh_error_handle((-1), FIL__, __LINE__, -1,
|
---|
| 1025 | MSG_E_SUBGEN,
|
---|
| 1026 | errorExplain(err_num, expbuf, sizeof(expbuf)),
|
---|
| 1027 | _("xfer_try_report_int: makeKey"));
|
---|
| 1028 | #endif
|
---|
| 1029 | *initialized = S_TRUE;
|
---|
| 1030 | noise();
|
---|
| 1031 | }
|
---|
| 1032 | }
|
---|
| 1033 | if (foo_Sc != NULL)
|
---|
| 1034 | SH_FREE(foo_Sc);
|
---|
| 1035 | }
|
---|
| 1036 | }
|
---|
| 1037 | if (foo_A != NULL)
|
---|
| 1038 | SH_FREE(foo_A);
|
---|
| 1039 | sh_srp_exit();
|
---|
| 1040 | }
|
---|
| 1041 | }
|
---|
| 1042 |
|
---|
| 1043 | if (*initialized == S_FALSE)
|
---|
| 1044 | {
|
---|
| 1045 | xfer_timeout_val *= 2;
|
---|
| 1046 | sh_error_handle((-1), FIL__, __LINE__, 0, MSG_TCP_NOAUTH);
|
---|
[541] | 1047 | memset(answer, 0, 512);
|
---|
[481] | 1048 | MUNLOCK(answer, 512);
|
---|
| 1049 | SH_FREE(answer);
|
---|
| 1050 | return -1;
|
---|
| 1051 | }
|
---|
| 1052 | else
|
---|
| 1053 | {
|
---|
| 1054 | if (flag_err_info == S_TRUE)
|
---|
| 1055 | sh_error_handle((-1), FIL__, __LINE__, 0, MSG_TCP_AUTH);
|
---|
| 1056 | }
|
---|
| 1057 | return 0;
|
---|
| 1058 | }
|
---|
| 1059 | #endif
|
---|
| 1060 |
|
---|
| 1061 | int xfer_check_server_cmd(char * answer, char * buffer)
|
---|
| 1062 | {
|
---|
| 1063 | int flag_err;
|
---|
| 1064 | size_t pos;
|
---|
| 1065 | char sigbuf[KEYBUF_SIZE];
|
---|
| 1066 |
|
---|
| 1067 | /* --- SERVER CMD --- */
|
---|
| 1068 | if (answer[KEY_LEN] != '\0' &&
|
---|
| 1069 | sl_strlen(answer) > (2*KEY_LEN))
|
---|
| 1070 | {
|
---|
| 1071 | pos = sl_strlen(answer) - (2*KEY_LEN);
|
---|
| 1072 | /*
|
---|
| 1073 | * buffer is >= 256
|
---|
| 1074 | * answer has <= 255 bytes
|
---|
| 1075 | */
|
---|
| 1076 | (void) sl_strlcpy(buffer, &answer[KEY_LEN],
|
---|
| 1077 | pos+1);
|
---|
| 1078 | flag_err =
|
---|
[544] | 1079 | sl_ts_strncmp(&answer[KEY_LEN+pos],
|
---|
[481] | 1080 | sh_util_siggen(skey->session,
|
---|
| 1081 | buffer,
|
---|
| 1082 | pos,
|
---|
| 1083 | sigbuf, sizeof(sigbuf)),
|
---|
| 1084 | KEY_LEN);
|
---|
| 1085 |
|
---|
| 1086 | TPT((0, FIL__, __LINE__,
|
---|
| 1087 | _("CONF RECV <%d> <%s>\n"),
|
---|
| 1088 | flag_err, &answer[KEY_LEN]));
|
---|
| 1089 |
|
---|
| 1090 | if (flag_err != 0) {
|
---|
| 1091 | sh_error_handle((-1), FIL__, __LINE__,
|
---|
| 1092 | flag_err,
|
---|
| 1093 | MSG_TCP_NOCONF);
|
---|
| 1094 | }
|
---|
| 1095 | #ifdef SH_WITH_CLIENT
|
---|
| 1096 | else {
|
---|
| 1097 | sh_socket_server_cmd(buffer);
|
---|
| 1098 | }
|
---|
| 1099 | #endif
|
---|
| 1100 | flag_err = 0;
|
---|
| 1101 |
|
---|
| 1102 | } else {
|
---|
| 1103 |
|
---|
| 1104 | TPT((0, FIL__, __LINE__,
|
---|
| 1105 | _("CONF RECV <0> <[null]>\n")));
|
---|
| 1106 |
|
---|
| 1107 | }
|
---|
| 1108 | /* --- SERVER CMD END --- */
|
---|
| 1109 | return 0;
|
---|
| 1110 | }
|
---|
| 1111 |
|
---|
| 1112 |
|
---|
| 1113 |
|
---|
| 1114 | int xfer_send_message(char * errmsg, int sockfd, char * answer)
|
---|
| 1115 | {
|
---|
| 1116 | char hash[KEY_LEN+1];
|
---|
| 1117 | size_t len;
|
---|
| 1118 | char * buffer;
|
---|
| 1119 | char nsrv[KEY_LEN+1];
|
---|
| 1120 | char sigbuf[KEYBUF_SIZE];
|
---|
| 1121 | char head_u[5];
|
---|
| 1122 | int flag_err;
|
---|
| 1123 |
|
---|
| 1124 | SL_REQUIRE((sockfd > 2), _("sockfd > 2"));
|
---|
| 1125 |
|
---|
| 1126 | /* --- Save the challenge. ---
|
---|
| 1127 | */
|
---|
| 1128 | (void) sl_strlcpy(nsrv, answer, KEY_LEN + 1);
|
---|
| 1129 |
|
---|
| 1130 | /* --- Hash(msg,challenge,sessionkey). ---
|
---|
| 1131 | */
|
---|
| 1132 | len = sl_strlen(errmsg) + sl_strlen(answer)
|
---|
| 1133 | + KEY_LEN + 1;
|
---|
| 1134 | len = (size_t)((len < 256) ? 256 : len);
|
---|
| 1135 | buffer = SH_ALLOC(len);
|
---|
| 1136 | MLOCK(buffer, len);
|
---|
| 1137 | (void) sl_strlcpy(buffer, errmsg, len);
|
---|
| 1138 | (void) sl_strlcat(buffer, answer, len);
|
---|
| 1139 | (void) sl_strlcpy(hash,
|
---|
| 1140 | sh_util_siggen (skey->session,
|
---|
| 1141 | buffer,
|
---|
| 1142 | sl_strlen(buffer),
|
---|
| 1143 | sigbuf, sizeof(sigbuf)),
|
---|
| 1144 | KEY_LEN+1);
|
---|
| 1145 | TPT((0, FIL__, __LINE__, _("msg=<sign %s.>\n"),
|
---|
| 1146 | sh_util_siggen(skey->session, buffer,
|
---|
| 1147 | sl_strlen(buffer), sigbuf, sizeof(sigbuf))));
|
---|
| 1148 |
|
---|
| 1149 | (void) sl_strlcpy(buffer, errmsg, len);
|
---|
| 1150 | (void) sl_strlcat(buffer, hash, len);
|
---|
| 1151 |
|
---|
| 1152 | flag_err =
|
---|
| 1153 | xfer_send_crypt (sockfd,
|
---|
| 1154 | #ifdef SH_ENCRYPT
|
---|
| 1155 | (char)(SH_PROTO_MSG|SH_PROTO_ENC),
|
---|
| 1156 | #else
|
---|
| 1157 | (char)(SH_PROTO_MSG),
|
---|
| 1158 | #endif
|
---|
| 1159 | _("MESG"),
|
---|
| 1160 | buffer,
|
---|
| 1161 | (unsigned long)(sl_strlen(buffer)+1));
|
---|
| 1162 | TPT(( 0, FIL__, __LINE__,
|
---|
| 1163 | _("msg=<Sent %s, status %d.>\n"),
|
---|
| 1164 | answer, flag_err));
|
---|
| 1165 |
|
---|
| 1166 | /* --- Get confirmation. ---
|
---|
| 1167 | */
|
---|
| 1168 | if (flag_err == 0)
|
---|
| 1169 | {
|
---|
| 1170 | flag_err = (int)
|
---|
| 1171 | xfer_receive_crypt (sockfd,
|
---|
| 1172 | #ifdef SH_ENCRYPT
|
---|
| 1173 | (char)(SH_PROTO_MSG|SH_PROTO_ENC|SH_PROTO_END),
|
---|
| 1174 | #else
|
---|
| 1175 | (char)(SH_PROTO_MSG|SH_PROTO_END),
|
---|
| 1176 | #endif
|
---|
| 1177 | head_u,
|
---|
| 1178 | answer, 255);
|
---|
| 1179 | TPT(( 0, FIL__, __LINE__,
|
---|
| 1180 | _("msg=<Rcvt %s, u %s, status %d.>\n"),
|
---|
| 1181 | answer, hu_trans(head_u), flag_err));
|
---|
| 1182 | flag_err = (flag_err < 0) ? flag_err : 0;
|
---|
| 1183 | }
|
---|
| 1184 |
|
---|
| 1185 |
|
---|
| 1186 | /* --- Check confirmation. ---
|
---|
| 1187 | */
|
---|
| 1188 | if (flag_err == 0)
|
---|
| 1189 | {
|
---|
| 1190 | /* CLIENT CONF RECV
|
---|
| 1191 | *
|
---|
| 1192 | * first KEY_LEN bytes must be
|
---|
| 1193 | * sig(skey->session (errmsg nsrv))
|
---|
| 1194 | *
|
---|
| 1195 | */
|
---|
| 1196 | (void) sl_strlcpy(buffer, errmsg, len);
|
---|
| 1197 | (void) sl_strlcat(buffer, nsrv, len);
|
---|
[544] | 1198 | flag_err = sl_ts_strncmp(answer,
|
---|
| 1199 | sh_util_siggen(skey->session,
|
---|
| 1200 | buffer,
|
---|
| 1201 | sl_strlen(buffer),
|
---|
| 1202 | sigbuf, sizeof(sigbuf)),
|
---|
| 1203 | KEY_LEN);
|
---|
[481] | 1204 | TPT((0, FIL__, __LINE__, _("msg=<sign %s.>\n"),
|
---|
| 1205 | sh_util_siggen(skey->session, buffer,
|
---|
| 1206 | sl_strlen(buffer), sigbuf, sizeof(sigbuf))));
|
---|
| 1207 |
|
---|
| 1208 | if (flag_err != 0)
|
---|
| 1209 | {
|
---|
| 1210 | #ifdef ENOMSG
|
---|
| 1211 | flag_err = ENOMSG;
|
---|
| 1212 | #else
|
---|
| 1213 | flag_err = EIO;
|
---|
| 1214 | #endif
|
---|
| 1215 | sh_error_handle((-1), FIL__, __LINE__, flag_err,
|
---|
| 1216 | MSG_TCP_NOCONF);
|
---|
| 1217 | }
|
---|
| 1218 | else
|
---|
| 1219 | {
|
---|
| 1220 | #ifdef SH_ENCRYPT
|
---|
| 1221 | flag_err = xfer_check_server_cmd(answer, buffer);
|
---|
| 1222 | #endif
|
---|
| 1223 | if (flag_err_debug == S_TRUE)
|
---|
| 1224 | sh_error_handle((-1), FIL__, __LINE__, 0,
|
---|
| 1225 | MSG_TCP_CONF);
|
---|
| 1226 | }
|
---|
| 1227 | }
|
---|
| 1228 |
|
---|
| 1229 | memset(buffer, 0, len);
|
---|
| 1230 | MUNLOCK(buffer, len);
|
---|
| 1231 | SH_FREE(buffer);
|
---|
| 1232 |
|
---|
| 1233 | if (flag_err != 0)
|
---|
| 1234 | return -1;
|
---|
| 1235 | return 0;
|
---|
| 1236 | }
|
---|
| 1237 |
|
---|
| 1238 |
|
---|
| 1239 | static SL_TICKET xfer_get_file(int sockfd, char * answer,
|
---|
| 1240 | char * nclt, char * foo_M1, const int theProto)
|
---|
| 1241 | {
|
---|
| 1242 | /* --- Open a temporary file. ---
|
---|
| 1243 | */
|
---|
| 1244 | int flag_err = 0;
|
---|
| 1245 | SL_TICKET sfd;
|
---|
| 1246 |
|
---|
| 1247 | SL_REQUIRE((sockfd > 2), _("sockfd > 2"));
|
---|
| 1248 |
|
---|
| 1249 | if ( (sfd = open_tmp ()) < 0)
|
---|
| 1250 | {
|
---|
| 1251 | flag_err = (-1);
|
---|
| 1252 | sh_error_handle((-1), FIL__, __LINE__, flag_err, MSG_TCP_EFIL);
|
---|
| 1253 | }
|
---|
| 1254 | else
|
---|
| 1255 | {
|
---|
| 1256 | /* --- Read from socket into tmp file. ---
|
---|
| 1257 | */
|
---|
| 1258 | int transfercount = 0;
|
---|
| 1259 | char head_u[5];
|
---|
| 1260 |
|
---|
| 1261 | do {
|
---|
| 1262 | flag_err = (int)
|
---|
| 1263 | xfer_receive_crypt (sockfd,
|
---|
| 1264 | #ifdef SH_ENCRYPT
|
---|
| 1265 | (char)(SH_PROTO_BIG|SH_PROTO_ENC),
|
---|
| 1266 | #else
|
---|
| 1267 | (char)(SH_PROTO_BIG),
|
---|
| 1268 | #endif
|
---|
| 1269 | head_u,
|
---|
| 1270 | answer,
|
---|
| 1271 | TRANS_BYTES + 255);
|
---|
| 1272 |
|
---|
| 1273 | TPT(( 0, FIL__, __LINE__,
|
---|
| 1274 | _("msg=<Received: %d bytes, marked %s.>\n"),
|
---|
| 1275 | flag_err, hu_trans(head_u)));
|
---|
| 1276 |
|
---|
| 1277 | if (flag_err > 0 && 0 == check_request_nerr(head_u, _("FILE")))
|
---|
| 1278 | {
|
---|
| 1279 | if (0 == hash_check (foo_M1, answer, flag_err))
|
---|
| 1280 | {
|
---|
| 1281 | (void) sl_write(sfd, &answer[KEY_LEN],
|
---|
| 1282 | flag_err-KEY_LEN);
|
---|
| 1283 | ++transfercount;
|
---|
| 1284 |
|
---|
| 1285 | /* Delay for throughput throttling
|
---|
| 1286 | */
|
---|
| 1287 | if (sh_throttle_delay > 0)
|
---|
| 1288 | retry_msleep(sh_throttle_delay/1000, sh_throttle_delay % 1000);
|
---|
| 1289 |
|
---|
| 1290 | flag_err = xfer_send_crypt (sockfd, theProto,
|
---|
| 1291 | _("RECV"),
|
---|
| 1292 | nclt,
|
---|
| 1293 | (unsigned long)sl_strlen(nclt));
|
---|
| 1294 |
|
---|
| 1295 | }
|
---|
| 1296 | else
|
---|
| 1297 | {
|
---|
| 1298 | TPT(( 0, FIL__, __LINE__,
|
---|
| 1299 | _("msg=<File transfer: Hash check failed.>\n")));
|
---|
| 1300 | break;
|
---|
| 1301 | }
|
---|
| 1302 | }
|
---|
| 1303 | else
|
---|
| 1304 | {
|
---|
| 1305 | TPT(( 0, FIL__, __LINE__,
|
---|
| 1306 | _("msg=<File transfer: No more data.>\n")));
|
---|
| 1307 | break;
|
---|
| 1308 | }
|
---|
| 1309 | } while (transfercount < 32000); /* 64 Mbyte */
|
---|
| 1310 |
|
---|
| 1311 | if (0 == check_request_nerr(head_u, _("EEOT")) &&
|
---|
| 1312 | 0 < flag_err &&
|
---|
| 1313 | 0 == hash_check (foo_M1, answer, (int)sl_strlen(answer)))
|
---|
| 1314 | {
|
---|
| 1315 | flag_err = xfer_send_crypt (sockfd, theProto,
|
---|
| 1316 | _("EOTE"),
|
---|
| 1317 | nclt,
|
---|
| 1318 | (unsigned int) sl_strlen(nclt));
|
---|
| 1319 |
|
---|
| 1320 | (void) rewind_tmp (sfd);
|
---|
| 1321 | (void) sl_sync(sfd);
|
---|
| 1322 | if (flag_err_info == S_TRUE)
|
---|
| 1323 | sh_error_handle((-1), FIL__, __LINE__, flag_err, MSG_TCP_FOK);
|
---|
| 1324 | }
|
---|
| 1325 | else
|
---|
| 1326 | {
|
---|
| 1327 | (void) sl_close (sfd);
|
---|
| 1328 | sfd = (-1);
|
---|
| 1329 | }
|
---|
| 1330 | }
|
---|
| 1331 |
|
---|
| 1332 | return sfd;
|
---|
| 1333 | }
|
---|
| 1334 |
|
---|
| 1335 | static long xfer_try_report_int (char * errmsg, const int what)
|
---|
| 1336 | {
|
---|
| 1337 | static int initialized = S_FALSE;
|
---|
| 1338 | static int conn_state = S_TRUE;
|
---|
| 1339 | int sockfd;
|
---|
| 1340 | int flag_err = 0;
|
---|
| 1341 | char * answer;
|
---|
| 1342 | int theProto = 0;
|
---|
| 1343 |
|
---|
| 1344 | UINT32 ticks;
|
---|
| 1345 | char head_u[5];
|
---|
| 1346 | char * buffer;
|
---|
| 1347 | char nsrv[KEY_LEN+1];
|
---|
| 1348 | char nclt[KEY_LEN+1];
|
---|
| 1349 | char foo_M1[KEY_LEN+1];
|
---|
| 1350 |
|
---|
| 1351 | char hashbuf[KEYBUF_SIZE];
|
---|
| 1352 | char sigbuf[KEYBUF_SIZE];
|
---|
| 1353 |
|
---|
| 1354 | SL_ENTER(_("xfer_try_report_int"));
|
---|
| 1355 |
|
---|
| 1356 | /* --- No message to transmit. ---
|
---|
| 1357 | */
|
---|
| 1358 | if (errmsg == NULL && initialized == S_TRUE)
|
---|
| 1359 | SL_RETURN( 0, _("xfer_try_report_int"));
|
---|
| 1360 |
|
---|
| 1361 | /* --- Connection in bad state. ---
|
---|
| 1362 | */
|
---|
| 1363 | if (xfer_conn_state(initialized, conn_state) < 0)
|
---|
| 1364 | SL_RETURN( (-1), _("xfer_try_report_int"));
|
---|
| 1365 |
|
---|
| 1366 | /* --- Try to connect to log server. ---
|
---|
| 1367 | */
|
---|
| 1368 | sockfd = xfer_connect(&conn_state);
|
---|
| 1369 | if (sockfd < 0)
|
---|
| 1370 | SL_RETURN( (-1), _("xfer_try_report_int"));
|
---|
| 1371 |
|
---|
| 1372 |
|
---|
| 1373 | /*************************
|
---|
| 1374 | *
|
---|
| 1375 | * initialization
|
---|
| 1376 | *
|
---|
| 1377 | */
|
---|
| 1378 | flag_err = 0;
|
---|
| 1379 | answer = SH_ALLOC(512);
|
---|
| 1380 | MLOCK(answer, 512);
|
---|
| 1381 |
|
---|
| 1382 | if (initialized == S_FALSE)
|
---|
| 1383 | {
|
---|
| 1384 | if (xfer_auth(S_FALSE, &initialized, sockfd, answer) < 0)
|
---|
| 1385 | SL_RETURN( (-1), _("xfer_try_report_int"));
|
---|
| 1386 | }
|
---|
| 1387 |
|
---|
| 1388 | retry_send:
|
---|
| 1389 |
|
---|
| 1390 | /* no message, just session key negotiated
|
---|
| 1391 | */
|
---|
| 1392 | if (errmsg == NULL)
|
---|
| 1393 | {
|
---|
| 1394 | xfer_timeout_val = 1;
|
---|
| 1395 | memset(answer, 0, 512);
|
---|
| 1396 | MUNLOCK(answer, 512);
|
---|
| 1397 | SH_FREE(answer);
|
---|
| 1398 | TPT(( 0, FIL__, __LINE__, _("msg=<No message.>\n")));
|
---|
| 1399 | SL_RETURN( (0), _("xfer_try_report_int"));
|
---|
| 1400 | }
|
---|
| 1401 | else if (what == SH_PROTO_BIG)
|
---|
| 1402 | {
|
---|
| 1403 | MUNLOCK(answer, 512);
|
---|
| 1404 | SH_FREE (answer);
|
---|
| 1405 | answer = SH_ALLOC(TRANS_BYTES + 256);
|
---|
| 1406 | MLOCK(answer, TRANS_BYTES + 256);
|
---|
| 1407 | TPT(( 0, FIL__, __LINE__, _("msg=<File transfer.>\n")));
|
---|
| 1408 | }
|
---|
| 1409 |
|
---|
| 1410 | sl_strlcpy (answer,
|
---|
| 1411 | sh_util_siggen(skey->session,
|
---|
| 1412 | sh.host.name,
|
---|
| 1413 | sl_strlen(sh.host.name),
|
---|
| 1414 | sigbuf, sizeof(sigbuf)),
|
---|
| 1415 | KEY_LEN+1);
|
---|
| 1416 |
|
---|
| 1417 | TPT((0, FIL__, __LINE__, _("msg=<host %s>\n"), sh.host.name));
|
---|
| 1418 | TPT((0, FIL__, __LINE__, _("msg=<ckey %s>\n"), skey->session));
|
---|
| 1419 | TPT((0, FIL__, __LINE__, _("msg=<sign %s>\n"), answer));
|
---|
| 1420 |
|
---|
| 1421 | sl_strlcat (answer, sh.host.name, 512);
|
---|
| 1422 |
|
---|
| 1423 | TPT((0, FIL__, __LINE__, _("msg=<mesg %s>\n"), answer));
|
---|
| 1424 |
|
---|
| 1425 | /***********************************************
|
---|
| 1426 | *
|
---|
| 1427 | * send the message
|
---|
| 1428 | *
|
---|
| 1429 | */
|
---|
| 1430 |
|
---|
| 1431 | if (what == SH_PROTO_MSG)
|
---|
| 1432 | theProto = SH_PROTO_MSG;
|
---|
| 1433 | else if (what == SH_PROTO_BIG)
|
---|
| 1434 | theProto = SH_PROTO_BIG;
|
---|
| 1435 |
|
---|
| 1436 | /* --- Say HELO ---
|
---|
| 1437 | */
|
---|
| 1438 | flag_err = xfer_send (sockfd, theProto, _("HELO"),
|
---|
| 1439 | answer, sl_strlen(answer));
|
---|
| 1440 | TPT(( 0, FIL__, __LINE__, _("msg=<Sent %s, status %d.>\n"),
|
---|
| 1441 | answer, flag_err));
|
---|
| 1442 |
|
---|
| 1443 | if (flag_err == 0)
|
---|
| 1444 | {
|
---|
| 1445 | /* --- Get NSRV. ---
|
---|
| 1446 | */
|
---|
| 1447 | flag_err = (int) xfer_receive (sockfd, theProto, head_u, answer, 255);
|
---|
| 1448 | TPT(( 0, FIL__, __LINE__, _("msg=<Rcvt %s, u %s, status %d.>\n"),
|
---|
| 1449 | answer, hu_trans(head_u), flag_err));
|
---|
| 1450 | flag_err = (flag_err < 0) ? flag_err : 0;
|
---|
| 1451 | }
|
---|
| 1452 |
|
---|
| 1453 | if (what == SH_PROTO_MSG)
|
---|
| 1454 | {
|
---|
| 1455 | if (flag_err == 0)
|
---|
| 1456 | {
|
---|
| 1457 | /* --- Re-negotiate key. ---
|
---|
| 1458 | */
|
---|
| 1459 | if (0 == check_request_nerr(head_u, _("INIT")))
|
---|
| 1460 | {
|
---|
| 1461 | flag_err = 0;
|
---|
| 1462 | initialized = S_FALSE;
|
---|
| 1463 | if (xfer_auth(S_TRUE, &initialized, sockfd, answer) == 0)
|
---|
| 1464 | goto retry_send;
|
---|
| 1465 | }
|
---|
| 1466 |
|
---|
| 1467 | else if (0 == check_request(head_u, _("TALK")))
|
---|
| 1468 | {
|
---|
| 1469 | flag_err = xfer_send_message(errmsg, sockfd, answer);
|
---|
| 1470 | }
|
---|
| 1471 |
|
---|
| 1472 | else
|
---|
| 1473 | {
|
---|
| 1474 | /* --- Unexpected reply from server. ---
|
---|
| 1475 | */
|
---|
| 1476 | sh_error_handle((-1), FIL__, __LINE__, 0,
|
---|
| 1477 | MSG_TCP_UNEXP);
|
---|
| 1478 | flag_err = (-1);
|
---|
| 1479 |
|
---|
| 1480 | }
|
---|
| 1481 | }
|
---|
| 1482 | }
|
---|
| 1483 |
|
---|
| 1484 |
|
---|
| 1485 | else if (what == SH_PROTO_BIG)
|
---|
| 1486 | {
|
---|
| 1487 | if (flag_err == 0)
|
---|
| 1488 | {
|
---|
| 1489 |
|
---|
| 1490 | /* --- Re-negotiate key. ---
|
---|
| 1491 | */
|
---|
| 1492 | if (0 == check_request_nerr(head_u, _("INIT")))
|
---|
| 1493 | {
|
---|
| 1494 | flag_err = 0;
|
---|
| 1495 | initialized = BAD;
|
---|
| 1496 | if (xfer_auth(S_TRUE, &initialized, sockfd, answer) == 0)
|
---|
| 1497 | goto retry_send;
|
---|
| 1498 | }
|
---|
| 1499 |
|
---|
| 1500 |
|
---|
| 1501 | else if (0 == check_request(head_u, _("NSRV")))
|
---|
| 1502 | {
|
---|
| 1503 | size_t buffersize;
|
---|
| 1504 | #ifdef SH_ENCRYPT
|
---|
| 1505 | /* --- Set encryption flag. ---
|
---|
| 1506 | */
|
---|
| 1507 | theProto = (SH_PROTO_BIG|SH_PROTO_ENC);
|
---|
| 1508 | #endif
|
---|
| 1509 |
|
---|
| 1510 | (void) sl_strlcpy(nsrv, answer, KEY_LEN+1);
|
---|
| 1511 |
|
---|
| 1512 | /* --- Generate a nonce. ---
|
---|
| 1513 | */
|
---|
| 1514 | ticks = (UINT32) taus_get ();
|
---|
| 1515 |
|
---|
| 1516 | (void) sl_strlcpy(nclt,
|
---|
| 1517 | sh_tiger_hash((char *) &ticks,
|
---|
| 1518 | TIGER_DATA,
|
---|
| 1519 | (unsigned long)sizeof(UINT32),
|
---|
| 1520 | hashbuf, sizeof(hashbuf)),
|
---|
| 1521 | KEY_LEN+1);
|
---|
| 1522 |
|
---|
| 1523 | /* --- Compute H(nsrv, nclt, skey). ---
|
---|
| 1524 | */
|
---|
| 1525 | buffer = sh_util_strconcat (nsrv, nclt,
|
---|
| 1526 | skey->session, NULL);
|
---|
| 1527 | (void)sl_strlcpy(foo_M1,
|
---|
| 1528 | sh_tiger_hash(buffer, TIGER_DATA,
|
---|
| 1529 | (unsigned long)sl_strlen(buffer),
|
---|
| 1530 | hashbuf, sizeof(hashbuf)),
|
---|
| 1531 | KEY_LEN+1);
|
---|
| 1532 | memset (buffer, 0, sl_strlen(buffer));
|
---|
| 1533 | SH_FREE(buffer);
|
---|
| 1534 |
|
---|
| 1535 | /* --- Send (nclt, msg) ---
|
---|
| 1536 | */
|
---|
[489] | 1537 | if (S_TRUE == sl_ok_adds(strlen(errmsg), strlen(nclt)+2+KEY_LEN))
|
---|
| 1538 | {
|
---|
| 1539 | buffersize = strlen(nclt)+strlen(errmsg)+2;
|
---|
| 1540 |
|
---|
| 1541 | #if !defined(SH_ENCRYPT)
|
---|
| 1542 | buffersize += KEY_LEN;
|
---|
| 1543 | #endif
|
---|
| 1544 | buffer = SH_ALLOC(buffersize);
|
---|
[481] | 1545 |
|
---|
[489] | 1546 | sl_strlcpy(buffer, nclt, buffersize);
|
---|
| 1547 | sl_strlcat(buffer, errmsg, buffersize);
|
---|
| 1548 |
|
---|
[481] | 1549 | #if !defined(SH_ENCRYPT)
|
---|
[489] | 1550 | if (4 == sl_strlen(errmsg)) { /* backward compatibility */
|
---|
| 1551 | buffersize = sl_strlen(buffer);
|
---|
| 1552 | buffer[buffersize] = theProto; /* nctl//DATA//theProto */
|
---|
| 1553 | buffer[buffersize+1] = '\0';
|
---|
| 1554 | }
|
---|
| 1555 | sh_tools_hash_add(foo_M1, buffer, buffersize+1);
|
---|
| 1556 | #endif
|
---|
| 1557 |
|
---|
| 1558 | flag_err =
|
---|
| 1559 | xfer_send_crypt (sockfd, (char) theProto, _("NCLT"),
|
---|
| 1560 | buffer,
|
---|
| 1561 | (unsigned long) sl_strlen(buffer));
|
---|
| 1562 |
|
---|
| 1563 | TPT(( 0, FIL__, __LINE__, _("msg=<Sent %s, status %d.>\n"),
|
---|
| 1564 | buffer, flag_err));
|
---|
| 1565 | SH_FREE (buffer);
|
---|
| 1566 | }
|
---|
| 1567 | else {
|
---|
| 1568 | flag_err = -1;
|
---|
[481] | 1569 | }
|
---|
[489] | 1570 | }
|
---|
[481] | 1571 | }
|
---|
| 1572 |
|
---|
| 1573 | if (flag_err == 0)
|
---|
| 1574 | {
|
---|
| 1575 | /* --- Receive the file. ---
|
---|
| 1576 | */
|
---|
| 1577 | SL_TICKET sfd = xfer_get_file(sockfd, answer, nclt, foo_M1, theProto);
|
---|
| 1578 | if (!SL_ISERROR(sfd))
|
---|
| 1579 | {
|
---|
| 1580 | (void) sl_close_fd (FIL__, __LINE__, sockfd);
|
---|
| 1581 | memset(answer, 0, TRANS_BYTES + 256);
|
---|
| 1582 | MUNLOCK(answer, TRANS_BYTES + 256);
|
---|
| 1583 | SH_FREE(answer);
|
---|
| 1584 | xfer_timeout_val = 1;
|
---|
| 1585 |
|
---|
| 1586 | SL_RETURN( (sfd), _("xfer_try_report_int"));
|
---|
| 1587 | }
|
---|
| 1588 | }
|
---|
| 1589 |
|
---|
| 1590 | (void) sl_close_fd (FIL__, __LINE__, sockfd);
|
---|
| 1591 | memset(answer, 0, TRANS_BYTES + 256);
|
---|
| 1592 | MUNLOCK(answer, TRANS_BYTES + 256);
|
---|
| 1593 | SH_FREE(answer);
|
---|
| 1594 | xfer_timeout_val *= 2;
|
---|
| 1595 |
|
---|
| 1596 | SL_RETURN( (-1), _("xfer_try_report_int"));
|
---|
| 1597 | }
|
---|
| 1598 |
|
---|
| 1599 | (void) sl_close_fd (FIL__, __LINE__, sockfd);
|
---|
| 1600 | memset(answer, 0, 512);
|
---|
| 1601 | MUNLOCK(answer, 512);
|
---|
| 1602 | SH_FREE(answer);
|
---|
| 1603 |
|
---|
| 1604 | #ifndef EIO
|
---|
| 1605 | #define EIO 5
|
---|
| 1606 | #endif
|
---|
| 1607 |
|
---|
| 1608 |
|
---|
| 1609 | #ifdef SH_ERROR_H
|
---|
| 1610 | if (flag_err != 0)
|
---|
| 1611 | {
|
---|
| 1612 | char errbuf[SH_ERRBUF_SIZE];
|
---|
| 1613 | conn_state = S_FALSE;
|
---|
| 1614 | xfer_timeout_val *= 2;
|
---|
| 1615 | if (flag_err < 0 || NULL == sh_error_message(flag_err, errbuf, sizeof(errbuf)))
|
---|
| 1616 | flag_err = EIO;
|
---|
| 1617 | sh_error_handle((-1), FIL__, __LINE__, flag_err, MSG_TCP_ECONN,
|
---|
| 1618 | sh_error_message(flag_err, errbuf, sizeof(errbuf)));
|
---|
| 1619 | SL_RETURN( (-1), _("xfer_try_report_int"));
|
---|
| 1620 | }
|
---|
| 1621 | #endif
|
---|
| 1622 | xfer_timeout_val = 1;
|
---|
| 1623 |
|
---|
| 1624 | SL_RETURN( (0), _("xfer_try_report_int"));
|
---|
| 1625 | }
|
---|
| 1626 |
|
---|
| 1627 | /* #ifdef SH_WITH_CLIENT */
|
---|
| 1628 | #endif
|
---|
| 1629 |
|
---|
| 1630 |
|
---|
| 1631 |
|
---|
| 1632 |
|
---|