static void
mcf_auth(struct cli *cli, const char *const *av, void *priv)
{
int fd;
char buf[CLI_AUTH_RESPONSE_LEN + 1];
AN(av[2]);
(void)priv;
if (secret_file == NULL) {
VCLI_Out(cli, "Secret file not configured\n");
VCLI_SetResult(cli, CLIS_CANT);
return;
}
fd = open(secret_file, O_RDONLY);
if (fd < 0) {
VCLI_Out(cli, "Cannot open secret file (%s)\n",
strerror(errno));
VCLI_SetResult(cli, CLIS_CANT);
return;
}
mgt_got_fd(fd);
VCLI_AuthResponse(fd, cli->challenge, buf);
AZ(close(fd));
if (strcasecmp(buf, av[2])) {
mgt_cli_challenge(cli);
return;
}
cli->auth = MCF_AUTH;
memset(cli->challenge, 0, sizeof cli->challenge);
VCLI_SetResult(cli, CLIS_OK);
mcf_banner(cli, av, priv);
}
void
mgt_cli_secret(const char *S_arg)
{
int i, fd;
char buf[BUFSIZ];
char *p;
/* Save in shmem */
i = strlen(S_arg);
p = VSM_Alloc(i + 1, "Arg", "-S", "");
AN(p);
strcpy(p, S_arg);
srandomdev();
fd = open(S_arg, O_RDONLY);
if (fd < 0) {
fprintf(stderr, "Can not open secret-file \"%s\"\n", S_arg);
exit (2);
}
mgt_got_fd(fd);
i = read(fd, buf, sizeof buf);
if (i == 0) {
fprintf(stderr, "Empty secret-file \"%s\"\n", S_arg);
exit (2);
}
if (i < 0) {
fprintf(stderr, "Can not read secret-file \"%s\"\n", S_arg);
exit (2);
}
AZ(close(fd));
secret_file = S_arg;
}
void
mgt_cli_secret(const char *S_arg)
{
int i, fd;
char buf[BUFSIZ];
/* Save in shmem */
mgt_SHM_static_alloc(S_arg, strlen(S_arg) + 1L, "Arg", "-S", "");
srandomdev(); /* XXX: why here ??? */
fd = open(S_arg, O_RDONLY);
if (fd < 0) {
fprintf(stderr, "Can not open secret-file \"%s\"\n", S_arg);
exit (2);
}
mgt_got_fd(fd);
i = read(fd, buf, sizeof buf);
if (i == 0) {
fprintf(stderr, "Empty secret-file \"%s\"\n", S_arg);
exit (2);
}
if (i < 0) {
fprintf(stderr, "Can not read secret-file \"%s\"\n", S_arg);
exit (2);
}
AZ(close(fd));
secret_file = S_arg;
}
Marg_poker(const struct vev *e, int what)
{
int s;
struct m_addr *ma;
assert(e == M_poker);
(void)what;
M_poker->timeout = M_poll; /* XXX nasty ? */
if (M_fd > 0)
return (0);
ma = VTAILQ_FIRST(&m_addr_list);
AN(ma);
/* Try to connect asynchronously */
s = VTCP_connect(ma->sa, -1);
if (s < 0)
return (0);
mgt_got_fd(s);
M_conn = vev_new();
AN(M_conn);
M_conn->callback = Marg_connect;
M_conn->name = "-M connector";
M_conn->fd_flags = EV_WR;
M_conn->fd = s;
M_fd = s;
AZ(vev_add(mgt_evb, M_conn));
return (0);
}
void
mgt_cli_secret(const char *S_arg)
{
int i, fd;
char buf[BUFSIZ];
/* Save in shmem */
mgt_SHM_static_alloc(S_arg, strlen(S_arg) + 1L, "Arg", "-S", "");
VJ_master(JAIL_MASTER_FILE);
fd = open(S_arg, O_RDONLY);
if (fd < 0) {
fprintf(stderr, "Can not open secret-file \"%s\"\n", S_arg);
exit(2);
}
VJ_master(JAIL_MASTER_LOW);
mgt_got_fd(fd);
i = read(fd, buf, sizeof buf);
if (i == 0) {
fprintf(stderr, "Empty secret-file \"%s\"\n", S_arg);
exit(2);
}
if (i < 0) {
fprintf(stderr, "Can not read secret-file \"%s\"\n", S_arg);
exit(2);
}
AZ(close(fd));
secret_file = S_arg;
}
static int
Marg_poker(const struct vev *e, int what)
{
struct vsb *vsb;
int s, k;
socklen_t l;
(void)what; /* XXX: ??? */
if (e == M_conn) {
/* Our connect(2) returned, check result */
l = sizeof k;
AZ(getsockopt(M_fd, SOL_SOCKET, SO_ERROR, &k, &l));
if (k) {
errno = k;
syslog(LOG_INFO, "Could not connect to CLI-master: %m");
(void)close(M_fd);
M_fd = -1;
/* Try next address */
if (++M_nxt >= M_nta) {
M_nxt = 0;
if (M_poll < 10)
M_poll *= 2;
}
return (1);
}
vsb = sock_id("master", M_fd);
mgt_cli_setup(M_fd, M_fd, 0, VSB_data(vsb), Marg_closer, NULL);
VSB_delete(vsb);
M_poll = 1;
return (1);
}
assert(e == M_poker);
M_poker->timeout = M_poll; /* XXX nasty ? */
if (M_fd >= 0)
return (0);
/* Try to connect asynchronously */
s = VSS_connect(M_ta[M_nxt], 1);
if (s < 0)
return (0);
mgt_got_fd(s);
M_conn = vev_new();
AN(M_conn);
M_conn->callback = Marg_poker;
M_conn->name = "-M connector";
M_conn->fd_flags = EV_WR;
M_conn->fd = s;
M_fd = s;
AZ(vev_add(mgt_evb, M_conn));
return (0);
}
static void
mcf_auth(struct cli *cli, const char *const *av, void *priv)
{
int fd;
char buf[CLI_AUTH_RESPONSE_LEN + 1];
AN(av[2]);
(void)priv;
if (secret_file == NULL) {
VCLI_Out(cli, "Secret file not configured\n");
VCLI_SetResult(cli, CLIS_CANT);
return;
}
VJ_master(JAIL_MASTER_FILE);
fd = open(secret_file, O_RDONLY);
if (fd < 0) {
VCLI_Out(cli, "Cannot open secret file (%s)\n",
strerror(errno));
VCLI_SetResult(cli, CLIS_CANT);
VJ_master(JAIL_MASTER_LOW);
return;
}
VJ_master(JAIL_MASTER_LOW);
mgt_got_fd(fd);
VCLI_AuthResponse(fd, cli->challenge, buf);
AZ(close(fd));
if (strcasecmp(buf, av[2])) {
MGT_complain(C_SECURITY,
"CLI Authentication failure from %s", cli->ident);
VCLI_SetResult(cli, CLIS_CLOSE);
return;
}
cli->auth = MCF_AUTH;
memset(cli->challenge, 0, sizeof cli->challenge);
VCLI_SetResult(cli, CLIS_OK);
mcf_banner(cli, av, priv);
}
static int
telnet_accept(const struct vev *ev, int what)
{
struct vsb *vsb;
struct sockaddr_storage addr;
socklen_t addrlen;
struct telnet *tn;
int i;
(void)what;
addrlen = sizeof addr;
i = accept(ev->fd, (void *)&addr, &addrlen);
if (i < 0 && errno == EBADF)
return (1);
if (i < 0)
return (0);
mgt_got_fd(i);
tn = telnet_new(i);
vsb = sock_id("telnet", i);
mgt_cli_setup(i, i, 0, VSB_data(vsb), telnet_close, tn);
VSB_delete(vsb);
return (0);
}