Changeset 131
- Timestamp:
- Oct 22, 2007, 11:19:15 PM (17 years ago)
- Location:
- trunk
- Files:
-
- 26 edited
-
configure.ac (modified) (1 diff)
-
docs/Changelog (modified) (1 diff)
-
docs/TODO (modified) (1 diff)
-
include/samhain.h (modified) (1 diff)
-
include/sh_files.h (modified) (1 diff)
-
include/sh_static.h (modified) (2 diffs)
-
include/slib.h (modified) (1 diff)
-
src/samhain.c (modified) (7 diffs)
-
src/sh_entropy.c (modified) (5 diffs)
-
src/sh_error.c (modified) (1 diff)
-
src/sh_extern.c (modified) (3 diffs)
-
src/sh_files.c (modified) (9 diffs)
-
src/sh_gpg.c (modified) (7 diffs)
-
src/sh_hash.c (modified) (1 diff)
-
src/sh_html.c (modified) (4 diffs)
-
src/sh_kern.c (modified) (3 diffs)
-
src/sh_mail.c (modified) (24 diffs)
-
src/sh_portcheck.c (modified) (3 diffs)
-
src/sh_prelink.c (modified) (1 diff)
-
src/sh_prelude.c (modified) (5 diffs)
-
src/sh_schedule.c (modified) (6 diffs)
-
src/sh_suidchk.c (modified) (5 diffs)
-
src/sh_tiger0.c (modified) (1 diff)
-
src/sh_unix.c (modified) (19 diffs)
-
src/slib.c (modified) (9 diffs)
-
src/trustfile.c (modified) (8 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/configure.ac
r129 r131 273 273 initgroups getpagesize \ 274 274 ttyname fchmod \ 275 getsid getpriority getpgid statvfs 275 getsid getpriority getpgid statvfs \ 276 fpathconf dirfd \ 277 getgrgid_r getpwnam_r getpwuid_r gmtime_r localtime_r rand_r readdir_r strtok_r 276 278 ) 277 279 AC_CHECK_FUNC(statfs, AC_DEFINE(HAVE_STATFS) statfs="yes", statfs="no") -
trunk/docs/Changelog
r128 r131 1 2.4.0: 2 * eliminate alarm() for I/O timeout (replaced by select) 3 * use getgrgid_r, getpwnam_r, getpwuid_r, gmtime_r, localtime_r, 4 rand_r, strtok_r if available 5 * protect readdir() with mutex (readdir_r considered harmful) 6 1 7 2.3.8: 2 8 * new option PortCheckIgnore = interface:portlist -
trunk/docs/TODO
r18 r131 1 1 2 sh_unix_time: not thread_safe (static buffer) 3 sh_error_message: not thread_safe (static buffer) 4 5 check thread_safe sh_entropy 6 7 lock NEED_LOCK 8 9 globber 10 11 sh_alloc/sh_free 12 -
trunk/include/samhain.h
r115 r131 42 42 #define SH_MAXBUF 4096 43 43 #define SH_PATHBUF 256 44 45 #define SH_GRBUF_SIZE 4096 46 #define SH_PWBUF_SIZE 4096 44 47 45 48 /* Sizes for arrays (user, group, timestamp). -
trunk/include/sh_files.h
r27 r131 21 21 #define SH_FILES_H 22 22 23 struct sh_dirent { 24 char * sh_d_name; 25 struct sh_dirent * next; 26 }; 27 28 /* free a directory listing 29 */ 30 void kill_sh_dirlist (struct sh_dirent * dirlist); 31 32 /* add an entry to a directory listing 33 */ 34 struct sh_dirent * addto_sh_dirlist (struct dirent * thisEntry, 35 struct sh_dirent * dirlist); 23 36 /* register exceptions to hardlink check 24 37 */ -
trunk/include/sh_static.h
r111 r131 15 15 void sh_setpwent(void); 16 16 struct group * sh_getgrnam(const char *name); 17 17 18 struct passwd * sh_getpwnam(const char *name); 19 int getpwnam_r(const char *name, struct passwd *pwbuf, 20 char *buf, size_t buflen, struct passwd **pwbufp); 21 18 22 struct group * sh_getgrgid(gid_t gid); 23 int getgrgid_r(gid_t gid, struct group *gbuf, 24 char *buf, size_t buflen, struct group **gbufp); 25 19 26 struct passwd * sh_getpwuid(uid_t uid); 27 int getpwuid_r(uid_t uid, struct passwd *pwbuf, 28 char *buf, size_t buflen, struct passwd **pwbufp); 29 20 30 #endif 21 31 … … 29 39 #define sh_initgroups initgroups 30 40 #define sh_getgrgid getgrgid 41 #define sh_getgrgid_r getgrgid_r 42 #define sh_getpwnam getpwnam 43 #define sh_getpwnam_r getpwnam_r 44 #define sh_getpwuid getpwuid 45 #define sh_getpwuid_r getpwuid_r 31 46 #define sh_getpwent getpwent 32 #define sh_getpwnam getpwnam33 #define sh_getpwuid getpwuid34 47 #define sh_endpwent endpwent 35 48 #define sh_setpwent setpwent -
trunk/include/slib.h
r76 r131 353 353 int sl_read_timeout_prep (SL_TICKET ticket); 354 354 355 int sl_read_timeout_fd (int fd, void * buf, 356 size_t count, int timeout, int is_nonblocking); 357 355 358 int sl_read_timeout (SL_TICKET ticket, void * buf, 356 size_t count, int timeout );359 size_t count, int timeout, int is_nonblocking); 357 360 358 361 int sl_read_fast (SL_TICKET ticket, void * buf_in, size_t count); -
trunk/src/samhain.c
r96 r131 63 63 64 64 #include "samhain.h" 65 #include "sh_pthread.h" 65 66 #include "sh_files.h" 66 67 #include "sh_utils.h" … … 450 451 if (0 == strcmp (DEFAULT_MAILADDRESS, _("NULL"))) 451 452 { 453 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) 454 char * saveptr; 455 (void) sl_strncpy(q, DEFAULT_MAILADDRESS, SH_PATHBUF); 456 p = strtok_r (q, ", \t", &saveptr); 457 if (p) 458 { 459 (void) sh_mail_setaddress_int (p); 460 while (NULL != (p = strtok_r (NULL, ", \t", &saveptr))) 461 (void) sh_mail_setaddress_int (p); 462 } 463 #else 452 464 (void) sl_strncpy(q, DEFAULT_MAILADDRESS, SH_PATHBUF); 453 465 p = strtok (q, ", \t"); … … 458 470 (void) sh_mail_setaddress_int (p); 459 471 } 472 #endif 460 473 } 461 474 #endif … … 747 760 return NULL; 748 761 } 762 763 SH_MUTEX_LOCK(readdir_lock); 764 749 765 while (NULL != (d = readdir(dp)) && i < 65535) 750 766 { … … 767 783 } 768 784 } 785 786 SH_MUTEX_UNLOCK(readdir_lock); 787 769 788 closedir(dp); 770 789 return pidlist; … … 1294 1313 if ( 0 == strcmp(argv[1], NOCL_CODE) ) 1295 1314 { 1315 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) 1316 char * saveptr; 1317 #endif 1296 1318 my_argv[0] = argv[0]; ++my_argc; 1297 1319 command_line[0] = '\0'; … … 1299 1321 command_line[sizeof(command_line)-1] = '\0'; 1300 1322 do { 1323 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) 1301 1324 my_argv[my_argc] = 1302 strtok( (my_argc == 1) ? command_line : NULL, " \n"); 1325 strtok_r( (my_argc == 1) ? command_line : NULL, " \n", &saveptr); 1326 #else 1327 my_argv[my_argc] = 1328 strtok( (my_argc == 1) ? command_line : NULL, " \n"); 1329 #endif 1303 1330 if (my_argv[my_argc] != NULL) { 1304 1331 ++my_argc; -
trunk/src/sh_entropy.c
r102 r131 276 276 #if defined (HAVE_URANDOM) 277 277 278 #include <setjmp.h>279 280 static jmp_buf entropy_timeout;281 282 static void sh_entropy_alarmhandle (int mysignal)283 {284 (void) mysignal; /* avoid compiler warning */285 longjmp (entropy_timeout, 1);286 }287 288 289 278 int read_mbytes(int timeout_val, char * path, char * nbuf, int nbytes) 290 279 { 291 int count,m_count;280 int m_count; 292 281 int fd2; 293 294 struct sigaction new_act;295 sigset_t unblock;296 297 struct sigaction old_act;298 volatile unsigned int old_alarm = 0;299 300 new_act.sa_handler = sh_entropy_alarmhandle;301 sigemptyset( &new_act.sa_mask ); /* set an empty mask */302 new_act.sa_flags = 0; /* init sa_flags */303 304 sigemptyset(&unblock);305 sigaddset (&unblock, SIGALRM);306 282 307 283 SL_ENTER(_("read_mbytes")); … … 314 290 if (0 == sh_unix_device_readable(fd2)) 315 291 { 316 317 /* alarm was triggered 318 */ 319 if (setjmp(entropy_timeout) != 0) 320 { 321 alarm(0); 322 sigaction (SIGALRM, &old_act, NULL); 323 alarm(old_alarm); 324 sigprocmask(SIG_UNBLOCK, &unblock, NULL); 325 TPT((0,FIL__,__LINE__, _("msg=<read_mbytes: timeout>\n"))); 326 close (fd2); 327 SL_RETURN(0, _("read_mbytes")); 328 } 329 330 /* timeout after 30 seconds 331 */ 332 old_alarm = alarm(0); 333 sigaction (SIGALRM, &new_act, &old_act); 334 alarm(timeout_val); 335 336 m_count = 0; 337 338 while (m_count < nbytes) 339 { 340 errno = 0; /* paranoia */ 341 count = read (fd2, &nbuf[m_count], nbytes-m_count); 342 343 switch (count) 344 { 345 case -1: 346 #ifdef EWOULDBLOCK 347 if (errno == EINTR || errno == EAGAIN || 348 errno == EWOULDBLOCK) 349 #else 350 if (errno == EINTR || errno == EAGAIN) 351 #endif 352 continue; 353 354 /* if errno == -1 && no continue: fallthrough to this */ 355 case 0: 356 break; 357 default: 358 m_count += count; 359 } 360 } 361 close (fd2); 362 363 alarm(0); 364 sigaction (SIGALRM, &old_act, NULL); 365 alarm(old_alarm); 366 sigprocmask(SIG_UNBLOCK, &unblock, NULL); 292 m_count = sl_read_timeout_fd(fd2, &nbuf, nbytes, 293 timeout_val, SL_FALSE); 294 if (m_count < 0) 295 m_count = 0; 367 296 } 368 297 else … … 371 300 else 372 301 m_count = 0; 302 303 close(fd2); 373 304 374 305 TPT((0, FIL__, __LINE__, _("msg=<read_mbytes: OK>\n"))); … … 568 499 int pipedes[2]; 569 500 FILE *outf = NULL; 570 struct passwd * tempres;571 501 char * arg[4]; 572 502 char * envp[2]; … … 645 575 */ 646 576 i = 0; 647 if (0 == geteuid()) { 648 tempres = sh_getpwnam(DEFAULT_IDENT); 649 if (NULL != tempres) { 650 i = aud_setgid(FIL__, __LINE__, tempres->pw_gid); 651 if (i == 0) 652 i = sh_unix_initgroups(DEFAULT_IDENT ,tempres->pw_gid); 653 if (i == 0) 654 i = aud_setuid(FIL__, __LINE__, tempres->pw_uid); 655 /* make sure we cannot get root again 656 */ 657 if ((tempres->pw_uid != 0) && (aud_setuid(FIL__, __LINE__, 0) >= 0)) 577 if (0 == geteuid()) 578 { 579 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) 580 struct passwd pwd; 581 char buffer[SH_PWBUF_SIZE]; 582 struct passwd * tempres; 583 sh_getpwnam_r(DEFAULT_IDENT, &pwd, buffer, sizeof(buffer), &tempres); 584 #else 585 struct passwd * tempres = sh_getpwnam(DEFAULT_IDENT); 586 #endif 587 588 if (NULL != tempres) { 589 i = aud_setgid(FIL__, __LINE__, tempres->pw_gid); 590 if (i == 0) 591 i = sh_unix_initgroups(DEFAULT_IDENT ,tempres->pw_gid); 592 if (i == 0) 593 i = aud_setuid(FIL__, __LINE__, tempres->pw_uid); 594 /* make sure we cannot get root again 595 */ 596 if ((tempres->pw_uid != 0) && (aud_setuid(FIL__, __LINE__, 0) >= 0)) 597 i = -1; 598 } else { 658 599 i = -1; 659 } else { 660 i = -1; 600 } 661 601 } 662 }663 602 664 603 /* some problem ... -
trunk/src/sh_error.c
r86 r131 257 257 258 258 do { 259 if (num == 0) 260 { 261 p = strtok (c, " ,\t"); 262 ++num; 263 } 264 else 259 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) 260 char * saveptr; 261 if (num == 0) { 262 p = strtok_r (c, " ,\t", &saveptr); 263 ++num; 264 } else { 265 p = strtok_r (NULL, " ,\t", &saveptr); 266 } 267 #else 268 if (num == 0) { 269 p = strtok (c, " ,\t"); 270 ++num; 271 } else { 265 272 p = strtok (NULL, " ,\t"); 273 } 274 #endif 266 275 267 276 if (p == NULL) -
trunk/src/sh_extern.c
r102 r131 914 914 int sh_ext_uid (const char * user, /*@out@*/uid_t * uid, /*@out@*/gid_t * gid) 915 915 { 916 struct passwd * tempres; 916 struct passwd * tempres; 917 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) 918 struct passwd pwd; 919 char buffer[SH_PWBUF_SIZE]; 920 #endif 917 921 918 922 SL_ENTER(_("sh_ext_uid")); … … 924 928 SL_RETURN (-1, _("sh_ext_uid")); 925 929 } 930 931 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) 932 sh_getpwnam_r(user, &pwd, buffer, sizeof(buffer), &tempres); 933 #else 926 934 tempres = sh_getpwnam(user); 935 #endif 927 936 928 937 if (NULL != tempres) … … 959 968 do 960 969 { 970 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) 971 char * saveptr; 972 if (i == 0) 973 p = strtok_r (new, ", \t", &saveptr); 974 else 975 p = strtok_r (NULL, ", \t", &saveptr); 976 #else 961 977 if (i == 0) 962 978 p = strtok (new, ", \t"); 963 979 else 964 980 p = strtok (NULL, ", \t"); 981 #endif 982 965 983 if (p == NULL) 966 984 break; -
trunk/src/sh_files.c
r114 r131 60 60 #if (defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)) 61 61 62 #include "sh_pthread.h" 62 63 #include "sh_error.h" 63 64 #include "sh_utils.h" … … 191 192 SL_RETURN((0), _("sh_files_setrecursion")); 192 193 } 193 194 194 195 195 unsigned long sh_files_chk () … … 1340 1340 } 1341 1341 1342 /** 1342 1343 struct sh_dirent { 1343 /* char sh_d_name[NAME_MAX + 2]; */1344 1344 char * sh_d_name; 1345 1345 struct sh_dirent * next; 1346 1346 }; 1347 1348 static void kill_sh_dirlist (struct sh_dirent * dirlist) 1347 **/ 1348 1349 void kill_sh_dirlist (struct sh_dirent * dirlist) 1349 1350 { 1350 1351 struct sh_dirent * this; … … 1362 1363 /* -- add an entry to a directory listing 1363 1364 */ 1364 st atic struct sh_dirent * addto_sh_dirlist (struct dirent * thisEntry,1365 1365 struct sh_dirent * addto_sh_dirlist (struct dirent * thisEntry, 1366 struct sh_dirent * dirlist) 1366 1367 { 1367 1368 struct sh_dirent * this; … … 1485 1486 dir_type theDir; 1486 1487 ShFileType checkit; 1487 1488 static unsigned int state = 1; 1488 1489 1489 1490 file_type theFile; … … 1633 1634 /* ---- read ---- 1634 1635 */ 1636 SH_MUTEX_LOCK(readdir_lock); 1637 1635 1638 do { 1636 1639 thisEntry = readdir (thisDir); … … 1652 1655 } while (thisEntry != NULL); 1653 1656 1657 SH_MUTEX_UNLOCK(readdir_lock); 1658 1654 1659 closedir (thisDir); 1655 1660 … … 1672 1677 1673 1678 BREAKEXIT(sh_derr); 1674 if (0 == (rand() % 5)) 1675 (void) sh_derr(); 1679 1680 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_RAND_R) 1681 if (0 == (rand_r(&state) % 5)) (void) sh_derr(); 1682 #else 1683 if (0 == state * (rand() % 5)) (void) sh_derr(); 1684 #endif 1676 1685 1677 1686 /* ---- Check the file. ---- … … 1929 1938 char * fileName; 1930 1939 struct utimbuf utime_buf; 1940 static unsigned int state = 1; 1931 1941 1932 1942 SL_ENTER(_("sh_files_filecheck")); 1933 1943 1934 1944 BREAKEXIT(sh_derr); 1935 if (0 == (rand() % 2)) 1936 (void) sh_derr(); 1945 1946 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_RAND_R) 1947 if (0 == (rand_r(&state) % 2)) (void) sh_derr(); 1948 #else 1949 if (0 == state * (rand() % 2)) (void) sh_derr(); 1950 #endif 1937 1951 1938 1952 if (dirName && infileName && (dirName[0] == '/') && (dirName[1] == '\0') -
trunk/src/sh_gpg.c
r111 r131 292 292 struct stat lbuf; 293 293 int status_stat = 0; 294 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) 295 struct passwd pwd; 296 char buffer[SH_PWBUF_SIZE]; 297 struct passwd * tempres; 298 sh_getpwnam_r(DEFAULT_IDENT, &pwd, buffer, sizeof(buffer), &tempres); 299 #else 294 300 struct passwd * tempres = sh_getpwnam(DEFAULT_IDENT); 301 #endif 295 302 296 303 if (!tempres) … … 844 851 while (NULL != fgets(line, sizeof(line), source.pipe)) 845 852 { 853 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) 854 char * saveptr = NULL; 855 #endif 846 856 if (line[strlen(line)-1] == '\n') 847 857 line[strlen(line)-1] = ' '; … … 852 862 if (sl_strlen(line) < 18) 853 863 continue; 864 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) 865 ptr = strtok_r (line, " ", &saveptr); 866 #else 854 867 ptr = strtok (line, " "); 868 #endif 855 869 while (ptr) 856 870 { 871 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) 872 ptr = strtok_r (NULL, " ", &saveptr); 873 #else 857 874 ptr = strtok (NULL, " "); 875 #endif 858 876 if (ptr && 0 == sl_strncmp (ptr, _("fingerprint"), 11)) 859 877 { 878 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) 879 ptr = strtok_r (NULL, " ", &saveptr); /* to '=' */ 880 #else 860 881 ptr = strtok (NULL, " "); /* to '=' */ 882 #endif 861 883 sign_fp[0] = '\0'; 862 884 while (ptr) 863 885 { 886 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) 887 ptr = strtok_r (NULL, " ", &saveptr); /* part of fingerprint */ 888 #else 864 889 ptr = strtok (NULL, " "); /* part of fingerprint */ 890 #endif 865 891 sl_strlcat (sign_fp, ptr, SH_MINIBUF+1); 866 892 } … … 923 949 #if defined(SH_WITH_SERVER) 924 950 struct passwd * tempres; 925 #endif 951 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) 952 struct passwd pwd; 953 char buffer[SH_PWBUF_SIZE]; 954 #endif 955 #endif 956 926 957 #ifdef USE_FINGERPRINT 927 958 #include "sh_gpg_fp.h" … … 952 983 TPT(((0), FIL__, __LINE__, _("msg=<GPG_CHECK: FD1 = %d>\n"), fd1)); 953 984 #if defined(SH_WITH_SERVER) 985 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) 986 sh_getpwnam_r(DEFAULT_IDENT, &pwd, buffer, sizeof(buffer), &tempres); 987 #else 954 988 tempres = sh_getpwnam(DEFAULT_IDENT); 989 #endif 955 990 956 991 if ((tempres != NULL) && (0 == sl_ret_euid())) … … 969 1004 TPT(((0), FIL__, __LINE__, _("msg=<GPG_CHECK: FD2 = %d>\n"), fd2)); 970 1005 #if defined(SH_WITH_SERVER) 1006 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) 1007 sh_getpwnam_r(DEFAULT_IDENT, &pwd, buffer, sizeof(buffer), &tempres); 1008 #else 971 1009 tempres = sh_getpwnam(DEFAULT_IDENT); 1010 #endif 972 1011 973 1012 if ((tempres != NULL) && (0 == sl_ret_euid())) … … 1077 1116 1078 1117 #if defined(SH_WITH_SERVER) 1118 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) 1119 struct passwd e_pwd; 1120 char e_buffer[SH_PWBUF_SIZE]; 1121 struct passwd * e_tempres; 1122 sh_getpwnam_r(DEFAULT_IDENT, &e_pwd, e_buffer, sizeof(e_buffer), &e_tempres); 1123 #else 1079 1124 struct passwd * e_tempres = sh_getpwnam(DEFAULT_IDENT); 1125 #endif 1080 1126 1081 1127 if ((e_tempres != NULL) && (0 == sl_ret_euid())) -
trunk/src/sh_hash.c
r115 r131 3665 3665 time_t then = (time_t) p->theFile.mtime; 3666 3666 3667 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GMTIME_R) 3668 struct tm * time_ptr; 3669 struct tm time_tm; 3670 3671 time_ptr = gmtime_r(&then, &time_tm); 3672 strftime(thetime, 127, _("%b %d %Y"), time_ptr); 3673 time_ptr = gmtime_r(&now, &time_tm); 3674 strftime(nowtime, 127, _("%b %d %Y"), time_ptr); 3675 if (0 == strncmp(&nowtime[7], &thetime[7], 4)) 3676 { 3677 time_ptr = gmtime_r(&then, &time_tm); 3678 strftime(thetime, 127, _("%b %d %H:%M"), time_ptr); 3679 } 3680 #else 3667 3681 strftime(thetime, 127, _("%b %d %Y"), gmtime(&then)); 3668 3682 strftime(nowtime, 127, _("%b %d %Y"), gmtime(&now)); 3669 3683 if (0 == strncmp(&nowtime[7], &thetime[7], 4)) 3670 3684 strftime(thetime, 127, _("%b %d %H:%M"), gmtime(&then)); 3685 #endif 3671 3686 3672 3687 tmp = sh_util_safe_name(p->fullpath); -
trunk/src/sh_html.c
r34 r131 34 34 #endif 35 35 #endif 36 #include <unistd.h> 36 37 37 38 … … 90 91 time_t now; 91 92 struct tm * time_ptr; 93 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R) 94 struct tm time_tm; 95 #endif 92 96 93 97 char * formatted; … … 148 152 if (!SL_ISERROR(status)) 149 153 { 154 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R) 155 time_ptr = localtime_r (&(server_status.start), &time_tm); 156 #else 150 157 time_ptr = localtime (&(server_status.start)); 158 #endif 151 159 if (time_ptr != NULL) 152 160 status = strftime (ts1, 80, _("%d-%m-%Y %H:%M:%S"), time_ptr); 153 161 now = time(NULL); 162 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R) 163 time_ptr = localtime_r (&now, &time_tm); 164 #else 154 165 time_ptr = localtime (&now); 166 #endif 155 167 if (time_ptr != NULL) 156 168 status = strftime (ts2, 80, _("%d-%m-%Y %H:%M:%S"), time_ptr); … … 174 186 if (server_status.last > (time_t) 0) 175 187 { 188 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R) 189 time_ptr = localtime_r (&(server_status.last), &time_tm); 190 #else 176 191 time_ptr = localtime (&(server_status.last)); 192 #endif 177 193 if (time_ptr != NULL) 178 194 status = strftime (ts1, 80, _("%d-%m-%Y %H:%M:%S"), time_ptr); -
trunk/src/sh_kern.c
r114 r131 58 58 59 59 #include "samhain.h" 60 #include "sh_pthread.h" 60 61 #include "sh_utils.h" 61 62 #include "sh_error.h" … … 966 967 if (df) 967 968 { 969 SH_MUTEX_LOCK(readdir_lock); 970 968 971 while (NULL != (entry = readdir(df))) 969 972 { … … 977 980 SH_FREE(pcipath); 978 981 } 982 983 SH_MUTEX_UNLOCK(readdir_lock); 984 979 985 closedir(df); 980 986 } -
trunk/src/sh_mail.c
r34 r131 654 654 /* The mailer. 655 655 */ 656 static int sh_mail_end_conn (FILE * connfile );657 static FILE * sh_mail_start_conn (int aFlag );656 static int sh_mail_end_conn (FILE * connfile, int fd); 657 static FILE * sh_mail_start_conn (int aFlag, int * fd); 658 658 659 659 static … … 797 797 798 798 static int ma_block = 0; 799 800 int ma_socket = -1; 799 801 800 802 SH_FIFO * fifo_temp = NULL; … … 1065 1067 while (address_list[i] != NULL && i < address_num) 1066 1068 { 1067 connfile = sh_mail_start_conn (i );1069 connfile = sh_mail_start_conn (i, &ma_socket); 1068 1070 1069 1071 if (NULL != connfile) … … 1073 1075 wrlen -= sl_strlen(mailMsg); 1074 1076 if (wrlen == 0) 1075 status = sh_mail_end_conn (connfile );1077 status = sh_mail_end_conn (connfile, ma_socket); 1076 1078 else 1077 1079 status = -1; … … 1101 1103 else 1102 1104 { 1103 connfile = sh_mail_start_conn ( -9 );1105 connfile = sh_mail_start_conn ( -9 , &ma_socket); 1104 1106 1105 1107 if (NULL != connfile) … … 1108 1110 wrlen -= sl_strlen(mailMsg); 1109 1111 if (wrlen == 0) 1110 status = sh_mail_end_conn (connfile );1112 status = sh_mail_end_conn (connfile, ma_socket); 1111 1113 else 1112 1114 status = -1; … … 1287 1289 static time_t time_wait = 300; 1288 1290 1289 static FILE * sh_mail_start_conn (int aFlag )1291 static FILE * sh_mail_start_conn (int aFlag, int * ma_socket) 1290 1292 { 1291 1293 char * address; … … 1302 1304 FILE * connFile = NULL; 1303 1305 struct tm * my_tm; 1306 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R) 1307 struct tm time_tm; 1308 #endif 1304 1309 time_t my_time; 1305 1310 char my_tbuf[128]; … … 1312 1317 SL_ENTER(_("sh_mail_start_conn")); 1313 1318 1314 time_wait = 300; 1319 *ma_socket = -1; 1320 time_wait = 300; 1315 1321 1316 1322 if (aFlag >= 0) … … 1416 1422 /* say HELO to the other socket 1417 1423 */ 1418 if (0 == sh_mail_wait (220, connFile))1424 if (0 == sh_mail_wait (220, fd)) 1419 1425 { 1420 1426 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_NET, … … 1446 1452 (void) fflush(connFile); 1447 1453 1448 if (0 == sh_mail_wait(250, connFile))1454 if (0 == sh_mail_wait(250, fd)) 1449 1455 { 1450 1456 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_NET, … … 1479 1485 (void) fflush(connFile); 1480 1486 1481 if (0 == sh_mail_wait(250, connFile))1487 if (0 == sh_mail_wait(250, fd)) 1482 1488 { 1483 1489 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_NET, … … 1500 1506 (void) fflush(connFile); 1501 1507 1502 if (0 == sh_mail_wait(250, connFile))1508 if (0 == sh_mail_wait(250, fd)) 1503 1509 { 1504 1510 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_NET, … … 1524 1530 (void) fflush(connFile); 1525 1531 1526 if (0 == sh_mail_wait(250, connFile))1532 if (0 == sh_mail_wait(250, fd)) 1527 1533 { 1528 1534 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_NET, … … 1549 1555 (void) fflush(connFile); 1550 1556 1551 if (0 == sh_mail_wait(354, connFile))1557 if (0 == sh_mail_wait(354, fd)) 1552 1558 { 1553 1559 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_NET, … … 1561 1567 1562 1568 my_time = time(NULL); 1569 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R) 1570 my_tm = localtime_r(&my_time, &time_tm); 1571 #else 1563 1572 my_tm = localtime(&my_time); 1573 #endif 1564 1574 (void) strftime(my_tbuf, 127, _("%a, %d %b %Y %H:%M:%S %Z"), my_tm); 1565 1575 … … 1576 1586 my_tbuf, 13, 10); 1577 1587 1588 *ma_socket = fd; 1578 1589 SL_RETURN( connFile, _("sh_mail_start_conn")); 1579 1590 } … … 1585 1596 */ 1586 1597 1587 static int sh_mail_end_conn (FILE * connFile )1598 static int sh_mail_end_conn (FILE * connFile, int fd) 1588 1599 { 1589 1600 SL_ENTER(_("sh_mail_end_conn")); … … 1597 1608 TPT(( 0, FIL__, __LINE__, _("msg=<message end written>\n"))); 1598 1609 1599 if (0 != sh_mail_wait(250, connFile))1610 if (0 != sh_mail_wait(250, fd)) 1600 1611 { 1601 1612 (void) fflush(connFile); … … 1625 1636 */ 1626 1637 1627 static jmp_buf wait_timeout; 1628 1629 static void sh_mail_alarmhandle (int mysignal) 1630 { 1631 /*@-noeffect@*/ 1632 (void) mysignal; /* avoid compiler warning */ 1633 /*@+noeffect@*/ 1634 1635 longjmp(wait_timeout, 1); 1636 } 1637 1638 static int sh_mail_wait(int code, FILE * ma_socket) 1638 static int sh_mail_wait(int code, int ma_socket) 1639 1639 { 1640 1640 int rcode, g; 1641 1642 char c; 1641 1643 1642 1644 char errmsg[128]; … … 1651 1653 time_t waited_time; 1652 1654 1653 struct sigaction old_act;1654 volatile unsigned int old_alarm = 0;1655 1656 struct sigaction new_act;1657 sigset_t unblock;1658 1659 (void) sigemptyset(&unblock);1660 (void) sigaddset (&unblock, SIGALRM);1661 1662 new_act.sa_handler = sh_mail_alarmhandle;1663 (void) sigemptyset( &new_act.sa_mask ); /* set an empty mask */1664 new_act.sa_flags = 0; /* init sa_flags */1665 1666 1655 SL_ENTER(_("mail_wait")); 1667 1656 1668 /* alarm was triggered1669 */1670 if (setjmp(wait_timeout) != 0)1671 {1672 (void) alarm(0);1673 (void) sigaction (SIGALRM, &old_act, NULL);1674 (void) alarm(old_alarm);1675 (void) sigprocmask(SIG_UNBLOCK, &unblock, NULL);1676 TPT((0, FIL__, __LINE__, _("msg=<mail_wait: timeout>\n")));1677 SL_RETURN( 0, _("mail_wait"));1678 }1679 1680 1657 waited_time = time(NULL); 1681 1658 1682 1659 /* timeout after 5 minutes 1683 1660 */ 1684 old_alarm = alarm(0);1685 (void) sigaction (SIGALRM, &new_act, &old_act);1686 (void) alarm((unsigned int) time_wait);1687 1661 1688 1662 rcode = 0; 1689 1663 state = WAIT_CODE_START; 1690 1664 1691 while (0 == feof(ma_socket) && 0 == ferror(ma_socket)) { 1665 while (sl_read_timeout_fd (ma_socket, &c, 1, time_wait, SL_FALSE) > 0) { 1666 1667 g = (int) c; 1692 1668 1693 1669 if ( (g=fgetc(ma_socket)) == EOF) 1694 1670 { 1695 (void) alarm(0);1696 (void) sigaction (SIGALRM, &old_act, NULL);1697 (void) alarm(old_alarm);1698 (void) sigprocmask(SIG_UNBLOCK, &unblock, NULL);1699 1671 TPT((0, FIL__, __LINE__, _("msg=<mail_wait: EOF>\n"))); 1700 1672 SL_RETURN( 0, _("mail_wait")); … … 1733 1705 break; 1734 1706 /*@-charintliteral@*/ 1735 (void) alarm(0);1736 (void) sigaction (SIGALRM, &old_act, NULL);1737 (void) alarm(old_alarm);1738 (void) sigprocmask(SIG_UNBLOCK, &unblock, NULL);1739 1707 1740 1708 TPT((0, FIL__, __LINE__, … … 1769 1737 1770 1738 default: 1771 (void) alarm(0);1772 (void) sigaction (SIGALRM, &old_act, NULL);1773 (void) alarm(old_alarm);1774 (void) sigprocmask(SIG_UNBLOCK, &unblock, NULL);1775 1739 1776 1740 TPT((0, FIL__, __LINE__, _("msg=<mail_wait: bad>\n"))); … … 1779 1743 } 1780 1744 } 1781 1782 (void) alarm(0); /* Disable alarm */1783 (void) sigaction (SIGALRM, &old_act, NULL);1784 (void) alarm(old_alarm);1785 (void) sigprocmask(SIG_UNBLOCK, &unblock, NULL);1786 1745 1787 1746 TPT((0, FIL__, __LINE__, _("msg=<mail_wait: failed>\n"))); -
trunk/src/sh_portcheck.c
r128 r131 1145 1145 char * list; 1146 1146 char * p; 1147 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) 1148 char * saveptr; 1149 #endif 1147 1150 1148 1151 if (!str) … … 1187 1190 1188 1191 list = sh_util_strdup(&str[ll]); 1192 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) 1193 p = strtok_r (list, " ,\t", &saveptr); 1194 #else 1189 1195 p = strtok (list, " ,\t"); 1196 #endif 1190 1197 if (!p) 1191 1198 { … … 1202 1209 return -1; 1203 1210 } 1211 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) 1212 p = strtok_r (NULL, " ,\t", &saveptr); 1213 #else 1204 1214 p = strtok (NULL, " ,\t"); 1215 #endif 1205 1216 } 1206 1217 SH_FREE(interface); -
trunk/src/sh_prelink.c
r107 r131 84 84 return S_FALSE; 85 85 86 status = sl_read_timeout (fd, magic, 4, alert_timeout );86 status = sl_read_timeout (fd, magic, 4, alert_timeout, SL_FALSE); 87 87 (void) sl_rewind(fd); 88 88 if (status == 4) -
trunk/src/sh_prelude.c
r108 r131 83 83 #include "sh_error_min.h" 84 84 #include "sh_prelude.h" 85 #define SH_NEED_PWD_GRP 1 86 #include "sh_static.h" 85 87 86 88 /* … … 138 140 char * p; 139 141 char * dup = strdup (str); 142 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) 143 char * saveptr; 144 #endif 140 145 141 146 if (!dup) 142 147 return -1; 143 148 149 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) 150 p = strtok_r (dup, ", \t", &saveptr); 151 #else 144 152 p = strtok (dup, ", \t"); 153 #endif 145 154 if (p) { 146 155 do { … … 165 174 return -1; 166 175 } 176 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) 177 p = strtok_r (NULL, ", \t", &saveptr); 178 #else 167 179 p = strtok (NULL, ", \t"); 180 #endif 168 181 } while (p); 169 182 } … … 679 692 idmef_node_t *node; 680 693 struct passwd *pw; 694 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) 695 struct passwd pwd; 696 char buffer[SH_PWBUF_SIZE]; 697 #endif 681 698 prelude_string_t *str; 682 699 idmef_user_id_t *user_id; … … 763 780 idmef_user_id_set_type(user_id, IDMEF_USER_ID_TYPE_TARGET_USER); 764 781 765 pw = getpwnam(ptr); 782 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) 783 sh_getpwnam_r(ptr, &pwd, buffer, sizeof(buffer), &pw); 784 #else 785 pw = sh_getpwnam(ptr); 786 #endif 766 787 if ( pw ) 767 788 idmef_user_id_set_number(user_id, pw->pw_uid); -
trunk/src/sh_schedule.c
r34 r131 130 130 struct tm * tval; 131 131 int count, i, nval; 132 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R) 133 struct tm time_tm; 134 #endif 132 135 133 136 if (!isched) … … 135 138 136 139 now = time(NULL); 140 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R) 141 tval = localtime_r(&now, &time_tm); 142 #else 137 143 tval = localtime(&now); 138 144 #endif 139 145 count = 0; 140 146 for (i = 0; i < 5; ++i) … … 320 326 int i = 0; 321 327 size_t len; 328 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) 329 char * saveptr; 330 #endif 322 331 323 332 if (!ssched || !isched) … … 332 341 sl_strlcpy(copy, ssched, len); 333 342 343 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) 344 p = strtok_r(copy, " \t", &saveptr); /* parse crontab-style schedule */ 345 #else 334 346 p = strtok(copy, " \t"); /* parse crontab-style schedule */ 347 #endif 348 335 349 if (!p) 336 350 goto err; … … 340 354 for (i = 1; i < 5; ++i) 341 355 { 356 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) 357 p = strtok_r(NULL, " \t", &saveptr); /* parse crontab-style schedule */ 358 #else 342 359 p = strtok(NULL, " \t"); /* parse crontab-style schedule */ 360 #endif 343 361 if (!p) 344 362 goto err; … … 420 438 { 421 439 if (test_sched(&isched)) 422 printf("EXECUTE at: %s", ctime(&(isched.last_exec))); 440 printf("EXECUTE at: %s", ctime(&(isched.last_exec))); /* TESTONLY */ 423 441 sleep (1); /* TESTONLY */ 424 442 } -
trunk/src/sh_suidchk.c
r119 r131 71 71 72 72 #include "samhain.h" 73 #include "sh_pthread.h" 73 74 #include "sh_utils.h" 74 75 #include "sh_error.h" … … 842 843 char fileHash[2*(KEY_LEN + 1)]; 843 844 845 struct sh_dirent * dirlist = NULL; 846 struct sh_dirent * dirlist_orig = NULL; 844 847 845 848 SL_ENTER(_("sh_suidchk_check_internal")); … … 870 873 /* Loop over directory entries 871 874 */ 875 SH_MUTEX_LOCK(readdir_lock); 876 872 877 do { 873 878 … … 886 891 continue; 887 892 888 tmpcat = SH_ALLOC(PATH_MAX); 889 (void) sl_strlcpy(tmpcat, iname, PATH_MAX); 890 891 if ((sl_strlen(tmpcat) != sl_strlen(iname)) || (tmpcat[0] == '\0')) 892 { 893 sl_status = SL_ETRUNC; 894 } 895 else 896 { 897 if (tmpcat[1] != '\0') 898 sl_status = sl_strlcat(tmpcat, "/", PATH_MAX); 899 } 900 901 if (! SL_ISERROR(sl_status)) 902 sl_status = sl_strlcat(tmpcat, thisEntry->d_name, PATH_MAX); 903 904 if (SL_ISERROR(sl_status)) 905 { 906 tmp = sh_util_safe_name(tmpcat); 907 sh_error_handle ((-1), FIL__, __LINE__, (int) sl_status, 908 MSG_E_SUBGPATH, 909 _("path too long"), 910 _("sh_suidchk_check_internal"), tmp ); 911 SH_FREE(tmp); 912 continue; 913 } 914 915 ++FileLimNum; 916 ++FileLimTotal; 917 918 /* Rate limit (Fps == Files per second) 919 */ 920 if ((ShSuidchkFps > 0 && FileLimNum > ShSuidchkFps && FileLimTotal > 0)&& 921 (ShSuidchkYield == S_FALSE)) 922 { 923 FileLimNum = 0; 924 FileLimNow = time(NULL); 925 926 if ( (FileLimNow - FileLimStart) > 0 && 927 FileLimTotal/(FileLimNow - FileLimStart) > ShSuidchkFps ) 928 (void) retry_msleep((int)((FileLimTotal/(FileLimNow-FileLimStart))/ 929 ShSuidchkFps) , 0); 930 } 893 dirlist = addto_sh_dirlist (thisEntry, dirlist); 894 } 895 896 } while (thisEntry != NULL); 897 898 SH_MUTEX_UNLOCK(readdir_lock); 899 900 closedir(thisDir); 901 902 dirlist_orig = dirlist; 903 904 do { 905 906 /* If the directory is empty, dirlist = NULL 907 */ 908 if (!dirlist) 909 break; 910 911 tmpcat = SH_ALLOC(PATH_MAX); 912 (void) sl_strlcpy(tmpcat, iname, PATH_MAX); 913 914 if ((sl_strlen(tmpcat) != sl_strlen(iname)) || (tmpcat[0] == '\0')) 915 { 916 sl_status = SL_ETRUNC; 917 } 918 else 919 { 920 if (tmpcat[1] != '\0') 921 sl_status = sl_strlcat(tmpcat, "/", PATH_MAX); 922 } 923 924 if (! SL_ISERROR(sl_status)) 925 sl_status = sl_strlcat(tmpcat, dirlist->sh_d_name, PATH_MAX); 926 927 if (SL_ISERROR(sl_status)) 928 { 929 tmp = sh_util_safe_name(tmpcat); 930 sh_error_handle ((-1), FIL__, __LINE__, (int) sl_status, 931 MSG_E_SUBGPATH, 932 _("path too long"), 933 _("sh_suidchk_check_internal"), tmp ); 934 SH_FREE(tmp); 935 dirlist = dirlist->next; 936 continue; 937 } 938 939 ++FileLimNum; 940 ++FileLimTotal; 941 942 /* Rate limit (Fps == Files per second) 943 */ 944 if ((ShSuidchkFps > 0 && FileLimNum > ShSuidchkFps && FileLimTotal > 0)&& 945 (ShSuidchkYield == S_FALSE)) 946 { 947 FileLimNum = 0; 948 FileLimNow = time(NULL); 949 950 if ( (FileLimNow - FileLimStart) > 0 && 951 FileLimTotal/(FileLimNow - FileLimStart) > ShSuidchkFps ) 952 (void) retry_msleep((int)((FileLimTotal/(FileLimNow-FileLimStart))/ 953 ShSuidchkFps) , 0); 954 } 931 955 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 956 status = (int) retry_lstat(FIL__, __LINE__, tmpcat, &buf); 957 958 if (status != 0) 959 { 960 status = errno; 961 tmp = sh_util_safe_name(tmpcat); 962 sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, status, MSG_ERR_LSTAT, 963 sh_error_message(status), 964 tmpcat ); 965 SH_FREE(tmp); 966 } 967 else 968 { 969 if (/*@-usedef@*/S_ISDIR(buf.st_mode)/*@+usedef@*/ && 970 (ShSuidchkExclude == NULL || 971 0 != strcmp(tmpcat, ShSuidchkExclude))) 972 { 973 /* fs is a STATIC string or NULL 974 */ 975 fs = filesystem_type (tmpcat, tmpcat, &buf); 976 if (fs != NULL 953 977 #ifndef SH_SUIDTESTDIR 954 955 956 957 958 959 960 961 962 963 978 && 979 0 != strncmp (_("afs"), fs, 3) && 980 0 != strncmp (_("devfs"), fs, 5) && 981 0 != strncmp (_("iso9660"), fs, 7) && 982 0 != strncmp (_("lustre"), fs, 6) && 983 0 != strncmp (_("mmfs"), fs, 4) && 984 0 != strncmp (_("msdos"), fs, 5) && 985 0 != strncmp (_("nfs"), fs, 3) && 986 0 != strncmp (_("proc"), fs, 4) && 987 0 != strncmp (_("vfat"), fs, 4) 964 988 #endif 989 ) 990 { 991 if ((ShSuidchkNosuid == S_TRUE) || 992 (0 != strncmp (_("nosuid"), fs, 6))) 993 /* fprintf(stderr, "%s: %s\n", fs, tmpcat); */ 994 (void) sh_suidchk_check_internal(tmpcat); 995 } 996 } 997 else if (S_ISREG(buf.st_mode) && 998 (0 !=(S_ISUID & buf.st_mode) || 999 #if defined(HOST_IS_LINUX) 1000 (0 !=(S_ISGID & buf.st_mode) && 1001 0 !=(S_IXGRP & buf.st_mode)) 1002 #else 1003 0 !=(S_ISGID & buf.st_mode) 1004 #endif 965 1005 ) 966 { 967 if ((ShSuidchkNosuid == S_TRUE) || 968 (0 != strncmp (_("nosuid"), fs, 6))) 969 /* fprintf(stderr, "%s: %s\n", fs, tmpcat); */ 970 (void) sh_suidchk_check_internal(tmpcat); 971 } 972 } 973 else if (S_ISREG(buf.st_mode) && 974 (0 !=(S_ISUID & buf.st_mode) || 975 #if defined(HOST_IS_LINUX) 976 (0 !=(S_ISGID & buf.st_mode) && 977 0 !=(S_IXGRP & buf.st_mode)) 978 #else 979 0 !=(S_ISGID & buf.st_mode) 980 #endif 981 ) 982 ) 983 { 984 985 (void) sl_strlcpy (theFile.fullpath, tmpcat, PATH_MAX); 986 theFile.check_mask = sh_files_maskof(SH_LEVEL_READONLY); 987 CLEAR_SH_FFLAG_REPORTED(theFile.file_reported); 988 theFile.attr_string = NULL; 989 990 status = sh_unix_getinfo (ShDFLevel[SH_ERR_T_RO], 991 thisEntry->d_name, 992 &theFile, fileHash, 0); 993 994 tmp = sh_util_safe_name(tmpcat); 995 996 if (status != 0) 997 { 998 sh_error_handle (ShSuidchkSeverity, FIL__, __LINE__, 999 0, MSG_E_SUBGPATH, 1000 _("Could not check suid/sgid file"), 1001 _("sh_suidchk_check_internal"), 1002 tmp); 1003 } 1004 else 1005 { 1006 1007 if ( sh.flag.update == S_TRUE && 1008 (sh.flag.checkSum == SH_CHECK_INIT || 1009 sh.flag.checkSum == SH_CHECK_CHECK)) 1010 { 1011 /* Updating database. Report new files that 1012 * are not in database already. Then compare 1013 * to database and report changes. 1014 */ 1015 if (-1 == sh_hash_have_it (tmpcat)) 1016 { 1017 sh_error_handle ((-1), FIL__, __LINE__, 1018 0, MSG_SUID_FOUND, tmp ); 1019 } 1020 else 1021 { 1022 sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, 1023 0, MSG_SUID_FOUND, tmp ); 1024 } 1025 1026 if (0 == sh_hash_compdata (SH_LEVEL_READONLY, 1006 ) 1007 { 1008 1009 (void) sl_strlcpy (theFile.fullpath, tmpcat, PATH_MAX); 1010 theFile.check_mask = sh_files_maskof(SH_LEVEL_READONLY); 1011 CLEAR_SH_FFLAG_REPORTED(theFile.file_reported); 1012 theFile.attr_string = NULL; 1013 1014 status = sh_unix_getinfo (ShDFLevel[SH_ERR_T_RO], 1015 thisEntry->d_name, 1016 &theFile, fileHash, 0); 1017 1018 tmp = sh_util_safe_name(tmpcat); 1019 1020 if (status != 0) 1021 { 1022 sh_error_handle (ShSuidchkSeverity, FIL__, __LINE__, 1023 0, MSG_E_SUBGPATH, 1024 _("Could not check suid/sgid file"), 1025 _("sh_suidchk_check_internal"), 1026 tmp); 1027 } 1028 else 1029 { 1030 1031 if ( sh.flag.update == S_TRUE && 1032 (sh.flag.checkSum == SH_CHECK_INIT || 1033 sh.flag.checkSum == SH_CHECK_CHECK)) 1034 { 1035 /* Updating database. Report new files that 1036 * are not in database already. Then compare 1037 * to database and report changes. 1038 */ 1039 if (-1 == sh_hash_have_it (tmpcat)) 1040 { 1041 sh_error_handle ((-1), FIL__, __LINE__, 1042 0, MSG_SUID_FOUND, tmp ); 1043 } 1044 else 1045 { 1046 sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, 1047 0, MSG_SUID_FOUND, tmp ); 1048 } 1049 1050 if (0 == sh_hash_compdata (SH_LEVEL_READONLY, 1051 &theFile, fileHash, 1052 _("[SuidCheck]"), 1053 ShSuidchkSeverity)) 1054 { 1055 sh_hash_pushdata_memory (&theFile, fileHash); 1056 } 1057 1058 sh_hash_addflag(tmpcat, SH_FFLAG_SUIDCHK); 1059 1060 } 1061 1062 else if (sh.flag.checkSum == SH_CHECK_INIT && 1063 sh.flag.update == S_FALSE ) 1064 { 1065 /* Running init. Report on files detected. 1066 */ 1067 sh_hash_pushdata (&theFile, fileHash); 1068 sh_error_handle ((-1), FIL__, __LINE__, 1069 0, MSG_SUID_FOUND, tmp ); 1070 } 1071 1072 else if (sh.flag.checkSum == SH_CHECK_CHECK ) 1073 { 1074 /* Running file check. Report on new files 1075 * detected, and quarantine them. 1076 */ 1077 sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, 1078 0, MSG_SUID_FOUND, tmp ); 1079 1080 fflags = sh_hash_getflags(tmpcat); 1081 1082 if ( (-1 == fflags) || (!SH_FFLAG_SUIDCHK_SET(fflags))) 1083 { 1084 if (-1 == fflags) 1085 report_file(tmpcat, &theFile, timestrc, timestra, timestrm); 1086 1087 /* Quarantine file according to configured method 1088 */ 1089 if (ShSuidchkQEnable == S_TRUE) 1090 { 1091 switch (ShSuidchkQMethod) 1092 { 1093 case SH_Q_DELETE: 1094 sh_q_delete(theFile.fullpath); 1095 break; 1096 case SH_Q_CHANGEPERM: 1097 sh_q_changeperm(theFile.fullpath); 1098 break; 1099 case SH_Q_MOVE: 1100 sh_q_move(theFile.fullpath, &theFile, timestrc, timestra, timestrm); 1101 break; 1102 default: 1103 sh_error_handle (ShSuidchkSeverity, FIL__, 1104 __LINE__, 0, MSG_SUID_QREPORT, 1105 _("Bad quarantine method"), tmp); 1106 break; 1107 } 1108 } 1109 else 1110 { 1111 /* 1.8.1 push file to in-memory database 1112 */ 1113 (void) sh_hash_compdata (SH_LEVEL_READONLY, 1114 &theFile, fileHash, 1115 _("[SuidCheck]"), 1116 ShSuidchkSeverity); 1117 1118 sh_hash_addflag(tmpcat, SH_FFLAG_SUIDCHK); 1119 1120 } 1121 } 1122 else 1123 { 1124 /* File exists. Check for modifications. 1125 */ 1126 (void) sh_hash_compdata (SH_LEVEL_READONLY, 1027 1127 &theFile, fileHash, 1028 _("[SuidCheck]"), 1029 ShSuidchkSeverity)) 1030 { 1031 sh_hash_pushdata_memory (&theFile, fileHash); 1032 } 1033 1034 sh_hash_addflag(tmpcat, SH_FFLAG_SUIDCHK); 1035 1036 } 1037 1038 else if (sh.flag.checkSum == SH_CHECK_INIT && 1039 sh.flag.update == S_FALSE ) 1040 { 1041 /* Running init. Report on files detected. 1042 */ 1043 sh_hash_pushdata (&theFile, fileHash); 1044 sh_error_handle ((-1), FIL__, __LINE__, 1045 0, MSG_SUID_FOUND, tmp ); 1046 } 1047 1048 else if (sh.flag.checkSum == SH_CHECK_CHECK ) 1049 { 1050 /* Running file check. Report on new files 1051 * detected, and quarantine them. 1052 */ 1053 sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, 1054 0, MSG_SUID_FOUND, tmp ); 1055 1056 fflags = sh_hash_getflags(tmpcat); 1057 1058 if ( (-1 == fflags) || (!SH_FFLAG_SUIDCHK_SET(fflags))) 1059 { 1060 if (-1 == fflags) 1061 report_file(tmpcat, &theFile, timestrc, timestra, timestrm); 1062 1063 /* Quarantine file according to configured method 1064 */ 1065 if (ShSuidchkQEnable == S_TRUE) 1066 { 1067 switch (ShSuidchkQMethod) 1068 { 1069 case SH_Q_DELETE: 1070 sh_q_delete(theFile.fullpath); 1071 break; 1072 case SH_Q_CHANGEPERM: 1073 sh_q_changeperm(theFile.fullpath); 1074 break; 1075 case SH_Q_MOVE: 1076 sh_q_move(theFile.fullpath, &theFile, timestrc, timestra, timestrm); 1077 break; 1078 default: 1079 sh_error_handle (ShSuidchkSeverity, FIL__, 1080 __LINE__, 0, MSG_SUID_QREPORT, 1081 _("Bad quarantine method"), tmp); 1082 break; 1083 } 1084 } 1085 else 1086 { 1087 /* 1.8.1 push file to in-memory database 1088 */ 1089 (void) sh_hash_compdata (SH_LEVEL_READONLY, 1090 &theFile, fileHash, 1091 _("[SuidCheck]"), 1092 ShSuidchkSeverity); 1093 1094 sh_hash_addflag(tmpcat, SH_FFLAG_SUIDCHK); 1095 1096 } 1097 } 1098 else 1099 { 1100 /* File exists. Check for modifications. 1101 */ 1102 (void) sh_hash_compdata (SH_LEVEL_READONLY, 1103 &theFile, fileHash, 1104 _("[SuidCheck]"), 1105 ShSuidchkSeverity); 1106 1107 sh_hash_addflag(tmpcat, SH_FFLAG_SUIDCHK); 1108 1109 } 1110 } 1111 } 1112 SH_FREE(tmp); 1113 if (theFile.attr_string) 1114 SH_FREE(theFile.attr_string); 1115 } 1116 } 1117 SH_FREE(tmpcat); 1118 } 1119 1128 _("[SuidCheck]"), 1129 ShSuidchkSeverity); 1130 1131 sh_hash_addflag(tmpcat, SH_FFLAG_SUIDCHK); 1132 1133 } 1134 } 1135 } 1136 SH_FREE(tmp); 1137 if (theFile.attr_string) 1138 SH_FREE(theFile.attr_string); 1139 } 1140 } 1141 SH_FREE(tmpcat); 1142 1143 1120 1144 #ifdef HAVE_SCHED_YIELD 1121 1145 if (ShSuidchkYield == S_TRUE) … … 1125 1149 status = errno; 1126 1150 sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, 1127 1151 _("Failed to release time slice"), 1128 1152 _("sh_suidchk_check_internal") ); 1129 1153 } 1130 1154 } 1131 1155 #endif 1132 1133 } while (thisEntry != NULL); 1134 1135 (void) closedir (thisDir); 1156 1157 dirlist = dirlist->next; 1158 1159 } while (dirlist != NULL); 1160 1161 1162 kill_sh_dirlist (dirlist_orig); 1163 1136 1164 SL_RETURN( (0), _("sh_suidchk_check_internal")); 1137 1165 } -
trunk/src/sh_tiger0.c
r107 r131 206 206 { 207 207 if (timeout > 0) 208 count = sl_read_timeout (fd, buffer, PRIV_MAX, timeout );208 count = sl_read_timeout (fd, buffer, PRIV_MAX, timeout, SL_TRUE); 209 209 else 210 210 count = sl_read (fd, buffer, PRIV_MAX); -
trunk/src/sh_unix.c
r114 r131 598 598 strncpy (sh_sig_msg, sh_unix_siglist(mysignal), 40); 599 599 #endif 600 sh_sig_msg[63] = '\0'; 600 601 601 602 sl_stack_print(); … … 648 649 if (mysignal == SIGQUIT) 649 650 { 650 sig_terminate 651 sig_terminate = 1; 651 652 ++sig_urgent; 652 653 } … … 770 771 #endif 771 772 #ifdef SIGTERM 772 retry_sigaction(FIL__, __LINE__, SIGTERM, 773 retry_sigaction(FIL__, __LINE__, SIGTERM, &act, &oldact); 773 774 #endif 774 775 … … 951 952 uid_t pwid = (uid_t)-1; 952 953 954 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) 955 struct passwd pwd; 956 char buffer[SH_PWBUF_SIZE]; 957 #endif 958 953 959 SL_ENTER(_("tf_add_trusted_user_int")); 954 960 955 961 /* First check for a user name. 956 962 */ 957 if ((w = sh_getpwnam(c)) != NULL && ((pwid = w->pw_uid) > 0)) 963 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) 964 status = sh_getpwnam_r(c, &pwd, buffer, sizeof(buffer), &w); 965 #else 966 w = sh_getpwnam(c); 967 #endif 968 969 if ((w != NULL) && ((pwid = w->pw_uid) > 0)) 958 970 goto succe; 959 971 … … 978 990 char * q; 979 991 char * p = sh_util_strdup (c); 980 992 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) 993 char * saveptr; 994 #endif 995 981 996 SL_ENTER(_("tf_add_trusted_user")); 982 997 998 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) 999 q = strtok_r(p, ", \t", &saveptr); 1000 #else 983 1001 q = strtok(p, ", \t"); 1002 #endif 984 1003 if (!q) 985 1004 { … … 995 1014 SL_RETURN((i), _("tf_add_trusted_user")); 996 1015 } 1016 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) 1017 q = strtok_r(NULL, ", \t", &saveptr); 1018 #else 997 1019 q = strtok(NULL, ", \t"); 1020 #endif 998 1021 } 999 1022 SH_FREE(p); … … 1031 1054 if (0 == sl_ret_euid()) /* privileges not dropped yet */ 1032 1055 { 1056 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) 1057 struct passwd pwd; 1058 char buffer[SH_PWBUF_SIZE]; 1059 struct passwd * tempres; 1060 sh_getpwnam_r(DEFAULT_IDENT, &pwd, buffer, sizeof(buffer), &tempres); 1061 #else 1033 1062 struct passwd * tempres = sh_getpwnam(DEFAULT_IDENT); 1063 #endif 1034 1064 1035 1065 if (!tempres) … … 1964 1994 SL_ENTER(_("t_zone")); 1965 1995 1966 1996 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GMTIME_R) 1997 cc = gmtime_r (xx, &aa); 1998 #else 1967 1999 cc = gmtime (xx); 1968 2000 memcpy (&aa, cc, sizeof(struct tm)); 2001 #endif 2002 2003 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R) 2004 cc = localtime_r (xx, &bb); 2005 #else 1969 2006 cc = localtime (xx); 1970 2007 memcpy (&bb, cc, sizeof(struct tm)); 2008 #endif 1971 2009 1972 2010 /* Check for datum wrap-around. … … 2064 2102 time_t time_now; 2065 2103 struct tm * time_ptr; 2104 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R) 2105 struct tm time_tm; 2106 #endif 2066 2107 static char AsciiTime[81]; /* local time */ 2067 2108 static char RetTime[81]; /* local time */ … … 2164 2205 SL_RETURN( _(deftime), _("sh_unix_time")); 2165 2206 else 2166 time_ptr = localtime (&time_now); 2167 2207 { 2208 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R) 2209 time_ptr = localtime_r (&time_now, &time_tm); 2210 #else 2211 time_ptr = localtime (&time_now); 2212 #endif 2213 } 2168 2214 if (time_ptr != NULL) 2169 2215 { … … 2208 2254 2209 2255 struct tm * time_ptr; 2256 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) 2257 struct tm time_tm; 2258 #endif 2210 2259 static char AsciiTime[81]; /* GMT time */ 2211 2260 #ifdef SH_USE_XML … … 2218 2267 2219 2268 if (sh_unix_use_localtime == S_FALSE) 2220 time_ptr = gmtime (&thetime); 2269 { 2270 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GMTIME_R) 2271 time_ptr = gmtime_r (&thetime, &time_tm); 2272 #else 2273 time_ptr = gmtime (&thetime); 2274 #endif 2275 } 2221 2276 else 2222 time_ptr = localtime (&thetime); 2223 2277 { 2278 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R) 2279 time_ptr = localtime_r (&thetime, &time_tm); 2280 #else 2281 time_ptr = localtime (&thetime); 2282 #endif 2283 } 2224 2284 if (time_ptr != NULL) 2225 2285 { … … 2249 2309 struct passwd * tempres; 2250 2310 int status = 0; 2311 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWUID_R) 2312 struct passwd pwd; 2313 char buffer[SH_PWBUF_SIZE]; 2314 #endif 2251 2315 2252 2316 SL_ENTER(_("sh_unix_getUIDdir")); 2253 2317 2318 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWUID_R) 2319 sh_getpwuid_r(uid, &pwd, buffer, sizeof(buffer), &tempres); 2320 #else 2254 2321 errno = 0; 2255 2322 tempres = sh_getpwuid(uid); 2256 2323 status = errno; 2324 #endif 2257 2325 2258 2326 if (tempres == NULL) { … … 2276 2344 { 2277 2345 struct passwd * tempres; 2346 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWUID_R) 2347 struct passwd pwd; 2348 char buffer[SH_PWBUF_SIZE]; 2349 #endif 2278 2350 int status = 0; 2279 2351 static uid_t old_uid; … … 2286 2358 } 2287 2359 2360 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWUID_R) 2361 sh_getpwuid_r(uid, &pwd, buffer, sizeof(buffer), &tempres); 2362 #else 2288 2363 errno = 0; 2289 2364 tempres = sh_getpwuid(uid); 2290 2365 status = errno; 2366 #endif 2291 2367 2292 2368 if (tempres == NULL) { … … 2299 2375 2300 2376 if (tempres->pw_name != NULL) { 2377 /* NEED_LOCK */ 2301 2378 sl_strlcpy(name, tempres->pw_name, sizeof(name)); 2302 2379 old_uid = uid; 2380 /* END_LOCK */ 2303 2381 SL_RETURN( name, _("sh_unix_getUIDname")); 2304 2382 } else { … … 2316 2394 static gid_t old_gid; 2317 2395 static char name[32] = { '\0' }; 2396 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) 2397 struct group grp; 2398 char buffer[SH_GRBUF_SIZE]; 2399 #endif 2400 2318 2401 2319 2402 SL_ENTER(_("sh_unix_getGIDname")); … … 2323 2406 } 2324 2407 2408 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) 2409 status = sh_getgrgid_r(gid, &grp, buffer, sizeof(buffer), &tempres); 2410 #else 2325 2411 errno = 0; 2326 2412 tempres = sh_getgrgid(gid); 2327 2413 status = errno; 2414 #endif 2328 2415 2329 2416 if (tempres == NULL) { … … 2336 2423 2337 2424 if (tempres->gr_name != NULL) { 2425 /* NEED_LOCK */ 2338 2426 sl_strlcpy(name, tempres->gr_name, sizeof(name)); 2339 2427 old_gid = gid; 2428 /* END_LOCK */ 2340 2429 SL_RETURN( name, _("sh_unix_getGIDname")); 2341 2430 } else { -
trunk/src/slib.c
r76 r131 1425 1425 int sl_policy_get_real(char * user) 1426 1426 { 1427 struct passwd * tempres;1428 1429 1427 SL_ENTER(_("sl_policy_get_real")); 1430 1428 SL_REQUIRE(uids_are_stored == SL_FALSE, _("uids_are_stored == SL_FALSE")); … … 1433 1431 if (euid == 0 || ruid == 0) 1434 1432 { 1435 tempres = sh_getpwnam(user); 1433 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) 1434 struct passwd pwd; 1435 char buffer[SH_PWBUF_SIZE]; 1436 struct passwd * tempres; 1437 sh_getpwnam_r(user, &pwd, buffer, sizeof(buffer), &tempres); 1438 #else 1439 struct passwd * tempres = sh_getpwnam(user); 1440 #endif 1436 1441 1437 1442 SL_REQUIRE (NULL != tempres, _("tempres != NULL")); … … 1471 1476 if (euid != ruid || egid != rgid) 1472 1477 { 1473 tempres = sh_getpwnam(user); 1478 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) 1479 struct passwd pwd; 1480 char buffer[SH_PWBUF_SIZE]; 1481 struct passwd * tempres; 1482 sh_getpwnam_r(user, &pwd, buffer, sizeof(buffer), &tempres); 1483 #else 1484 struct passwd * tempres = sh_getpwnam(user); 1485 #endif 1474 1486 1475 1487 SL_REQUIRE (NULL != tempres, _("tempres != NULL")); 1476 1488 1477 #if 01478 rgid = tempres->pw_gid;1479 ruid = tempres->pw_uid;1480 SL_REQUIRE(sl_unset_suid() == SL_ENONE,1481 _("sl_unset_suid() == SL_ENONE"));1482 #endif1483 1489 SL_REQUIRE (sl_drop_privileges() == SL_ENONE, 1484 1490 _("sl_drop_privileges() == SL_ENONE")); … … 2115 2121 SL_IRETURN(SL_ENONE, _("sl_read_timeout_prep")); 2116 2122 } 2117 2118 2119 int sl_read_timeout (SL_TICKET ticket, void * buf_in, size_t count, 2120 int timeout) 2121 { 2123 2124 2125 int sl_read_timeout_fd (int fd, void * buf_in, size_t count, 2126 int timeout, int is_nonblocking) 2127 { 2128 int sflags; 2122 2129 fd_set readfds; 2123 2130 struct timeval tv; … … 2135 2142 extern volatile int sig_termfast; 2136 2143 2137 if (buf_in == NULL || SL_ISERROR(fd = get_the_fd(ticket))) 2138 { 2139 if (buf_in == NULL) 2140 { 2141 TPT(( 0, FIL__, __LINE__, _("msg=<null buffer>"))); 2142 return (SL_ENULL); 2143 } 2144 if (SL_ISERROR(fd = get_the_fd(ticket))) 2145 { 2146 TPT(( 0, FIL__, __LINE__, _("msg=<ticket error> errno=<%d>"), fd)); 2147 return (fd); 2148 } 2144 if (is_nonblocking == SL_FALSE) 2145 { 2146 /* set to non-blocking mode 2147 */ 2148 sflags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0); 2149 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags | O_NONBLOCK); 2149 2150 } 2150 2151 … … 2190 2191 else 2191 2192 { 2193 if (is_nonblocking == SL_FALSE) 2194 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags); 2192 2195 return (SL_EREAD); 2193 2196 } … … 2203 2206 else if (retval == 0) 2204 2207 { 2208 if (is_nonblocking == SL_FALSE) 2209 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags); 2205 2210 return (SL_TIMEOUT); 2206 2211 } 2207 2212 else 2208 2213 { 2214 if (is_nonblocking == SL_FALSE) 2215 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags); 2209 2216 return (SL_EREAD); 2210 2217 } … … 2212 2219 if (sig_termfast == 1) 2213 2220 { 2221 if (is_nonblocking == SL_FALSE) 2222 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags); 2214 2223 return (SL_EREAD); 2215 2224 } … … 2220 2229 if (tdiff > timeout) 2221 2230 { 2231 if (is_nonblocking == SL_FALSE) 2232 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags); 2222 2233 return (SL_TIMEOUT); 2223 2234 } 2224 2235 } 2225 2236 2237 if (is_nonblocking == SL_FALSE) 2238 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags); 2226 2239 return ((int) bytes); 2240 } 2241 2242 int sl_read_timeout (SL_TICKET ticket, void * buf_in, size_t count, 2243 int timeout, int is_nonblocking) 2244 { 2245 int fd; 2246 2247 if (buf_in == NULL || SL_ISERROR(fd = get_the_fd(ticket))) 2248 { 2249 if (buf_in == NULL) 2250 { 2251 TPT(( 0, FIL__, __LINE__, _("msg=<null buffer>"))); 2252 return (SL_ENULL); 2253 } 2254 if (SL_ISERROR(fd = get_the_fd(ticket))) 2255 { 2256 TPT(( 0, FIL__, __LINE__, _("msg=<ticket error> errno=<%d>"), fd)); 2257 return (fd); 2258 } 2259 } 2260 2261 return sl_read_timeout_fd (fd, buf_in, count, timeout, is_nonblocking); 2227 2262 } 2228 2263 -
trunk/src/trustfile.c
r111 r131 99 99 100 100 #ifndef TRUST_MAIN 101 101 102 #include "slib.h" 102 103 #define SH_NEED_PWD_GRP 1 103 104 #include "sh_static.h" 105 #define SH_GRBUF_SIZE 4096 106 #define SH_PWBUF_SIZE 4096 104 107 105 108 #else 106 109 107 110 #define sh_getgrgid getgrgid 111 #define sh_getgrgid_r getgrgid_r 112 #define sh_getpwnam getpwnam 113 #define sh_getpwnam_r getpwnam_r 114 #define sh_getpwuid getpwuid 115 #define sh_getpwuid_r getpwuid_r 108 116 #define sh_getpwent getpwent 109 #define sh_getpwnam getpwnam110 #define sh_getpwuid getpwuid111 117 #define sh_endpwent endpwent 112 118 … … 410 416 register struct group *g; /* pointer to group information */ 411 417 418 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) 419 struct group gr; 420 char buffer[SH_GRBUF_SIZE]; 421 struct passwd pwd; 422 char pbuffer[SH_PWBUF_SIZE]; 423 #endif 424 412 425 SL_ENTER(_("isingrp")); 413 426 414 if ((g = sh_getgrgid(grp)) == NULL) 427 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) 428 sh_getgrgid_r(grp, &gr, buffer, sizeof(buffer), &g); 429 #else 430 g = sh_getgrgid(grp); 431 #endif 432 433 if (g == NULL) 415 434 { 416 435 SL_IRETURN(SL_FALSE, _("isingrp") ); … … 428 447 { 429 448 /* map user name to UID and compare */ 449 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) 450 sh_getpwnam_r(*p, &pwd, pbuffer, sizeof(pbuffer), &w); 451 #else 452 w = sh_getpwnam(*p); 453 #endif 454 430 455 #ifdef TRUST_MAIN 431 if ( (w = sh_getpwnam(*p))!= NULL && *u == (uid_t)(w->pw_uid) )456 if (w != NULL && *u == (uid_t)(w->pw_uid) ) 432 457 SL_IRETURN(SL_TRUE, _("isingrp")); 433 458 #else 434 if ( (w = sh_getpwnam(*p))!= NULL && *u == (uid_t)(w->pw_uid) )459 if (w != NULL && *u == (uid_t)(w->pw_uid) ) 435 460 { 436 461 SL_IRETURN(SL_TRUE, _("isingrp")); … … 444 469 for(u = ulist; *u != tf_uid_neg; u++) 445 470 { 471 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWUID_R) 472 sh_getpwuid_r(*u, &pwd, pbuffer, sizeof(pbuffer), &w); 473 #else 474 w = sh_getpwuid(*u); 475 #endif 446 476 #ifdef TRUST_MAIN 447 if ( (w = sh_getpwuid(*u))!= NULL && grp == (gid_t)(w->pw_gid) )477 if (w != NULL && grp == (gid_t)(w->pw_gid) ) 448 478 SL_IRETURN(SL_TRUE, _("isingrp")); 449 479 #else 450 if ( (w = sh_getpwuid(*u))!= NULL && grp == (gid_t)(w->pw_gid) )480 if (w != NULL && grp == (gid_t)(w->pw_gid) ) 451 481 { 452 482 SL_IRETURN(SL_TRUE, _("isingrp")); … … 470 500 register int flag = -1; /* group member found */ 471 501 502 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) 503 struct group gr; 504 char buffer[SH_GRBUF_SIZE]; 505 struct group pw; 506 char pbuffer[SH_PWBUF_SIZE]; 507 #endif 508 472 509 SL_ENTER(_("onlytrustedingrp")); 473 510 … … 477 514 #endif 478 515 479 if ((g = sh_getgrgid(grp)) == NULL) 516 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) 517 sh_getgrgid_r(grp, &gr, buffer, sizeof(buffer), &g); 518 #else 519 g = sh_getgrgid(grp); 520 #endif 521 522 if (g == NULL) 480 523 { 481 524 #ifdef TRUST_DEBUG … … 503 546 /* map user name to UID and compare 504 547 */ 548 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) 549 sh_getpwnam_r(*p, &pw, pbuffer, sizeof(pbuffer), &w); 550 #else 505 551 w = sh_getpwnam(*p); 506 #ifndef TRUST_MAIN 507 if (!w) 508 w = sh_getpwnam(*p); 509 #endif 552 #endif 553 510 554 if (w == NULL) /* not a valid user, ignore */ 511 555 { … … 961 1005 tf_path[0] = '\0'; 962 1006 #if defined(SH_WITH_SERVER) 963 pass = sh_getpwnam(SH_IDENT); 1007 pass = sh_getpwnam(SH_IDENT); /* TESTONLY */ 964 1008 if (pass != NULL) 965 1009 tf_euid = pass->pw_uid;
Note:
See TracChangeset
for help on using the changeset viewer.
