void platform_ssh_share_cleanup(const char *name)
{
char *dirname, *filename, *logtext;
dirname = make_dirname(name, &logtext);
if (!dirname) {
sfree(logtext); /* we can't do much with this */
return;
}
filename = dupcat(dirname, "/socket", (char *)NULL);
remove(filename);
sfree(filename);
filename = dupcat(dirname, "/lock", (char *)NULL);
remove(filename);
sfree(filename);
rmdir(dirname);
/*
* We deliberately _don't_ clean up the parent directory
* /tmp/putty-connshare.<username>, because if we leave it around
* then it reduces the ability for other users to be a nuisance by
* putting their own directory in the way of it. Also, the salt
* file in it can be reused.
*/
sfree(dirname);
}
void jscoverage_instrument(const char * source,
const char * destination,
int verbose,
char ** exclude,
int num_exclude,
char ** no_instrument,
int num_no_instrument)
{
assert(source != NULL);
assert(destination != NULL);
g_verbose = verbose;
/* check if they are the same */
check_same_file(source, destination);
/* check if source directory is an ancestor of destination directory */
check_contains_file(source, destination);
/* check that the source exists and is a directory */
struct stat buf;
xstat(source, &buf);
if (! S_ISDIR(buf.st_mode)) {
fatal("not a directory: %s", source);
}
/* if the destination directory exists, check that it is a jscoverage directory */
if (stat(destination, &buf) == 0) {
/* it exists */
if (! S_ISDIR(buf.st_mode)) {
fatal("not a directory: %s", destination);
}
if (! directory_is_empty(destination)) {
char * expected_file = NULL;
if (jscoverage_mode == JSCOVERAGE_MOZILLA) {
char * modules_directory = make_path(destination, "modules");
expected_file = make_path(modules_directory, "jscoverage.jsm");
free(modules_directory);
}
else {
expected_file = make_path(destination, "jscoverage.html");
}
if (stat(expected_file, &buf) == -1) {
fatal("refusing to overwrite directory: %s", destination);
}
free(expected_file);
}
}
else if (errno == ENOENT) {
xmkdir(destination);
}
else {
fatal("cannot stat directory: %s", destination);
}
/* copy the resources */
if (jscoverage_mode == JSCOVERAGE_MOZILLA) {
char * chrome_directory = make_path(destination, "chrome");
char * jscoverage_chrome_directory = make_path(chrome_directory, "jscoverage");
mkdirs(jscoverage_chrome_directory);
copy_resource("jscoverage.manifest", chrome_directory);
copy_resource("jscoverage.html", jscoverage_chrome_directory);
copy_resource("jscoverage.css", jscoverage_chrome_directory);
copy_resource("jscoverage.js", jscoverage_chrome_directory);
copy_resource("jscoverage-throbber.gif", jscoverage_chrome_directory);
copy_resource("jscoverage-highlight.css", jscoverage_chrome_directory);
copy_resource("jscoverage.xul", jscoverage_chrome_directory);
copy_resource("jscoverage-overlay.js", jscoverage_chrome_directory);
free(jscoverage_chrome_directory);
free(chrome_directory);
char * modules_directory = make_path(destination, "modules");
mkdirs(modules_directory);
copy_resource("jscoverage.jsm", modules_directory);
free(modules_directory);
}
else {
jscoverage_copy_resources(destination);
}
/* finally: copy the directory */
struct DirListEntry * list = make_recursive_dir_list(source);
for (struct DirListEntry * p = list; p != NULL; p = p->next) {
char * s = make_path(source, p->name);
char * d = make_path(destination, p->name);
/* check if it's on the exclude list */
for (int i = 0; i < num_exclude; i++) {
char * x = make_path(source, exclude[i]);
if (is_same_file(x, s) || contains_file(x, s)) {
free(x);
goto cleanup;
}
free(x);
}
char * dd = make_dirname(d);
mkdirs(dd);
free(dd);
int instrument_this = 1;
/* check if it's on the no-instrument list */
for (int i = 0; i < num_no_instrument; i++) {
char * ni = make_path(source, no_instrument[i]);
if (is_same_file(ni, s) || contains_file(ni, s)) {
instrument_this = 0;
}
free(ni);
}
instrument_file(s, d, p->name, instrument_this);
cleanup:
free(s);
free(d);
}
free_dir_list(list);
}
int platform_ssh_share(const char *pi_name, Conf *conf,
Plug downplug, Plug upplug, Socket *sock,
char **logtext, char **ds_err, char **us_err,
int can_upstream, int can_downstream)
{
char *dirname, *lockname, *sockname, *err;
int lockfd;
Socket retsock;
/*
* Sort out what we're going to call the directory in which we
* keep the socket. This has the side effect of potentially
* creating its top-level containing dir and/or the salt file
* within that, if they don't already exist.
*/
dirname = make_dirname(pi_name, logtext);
if (!dirname) {
return SHARE_NONE;
}
/*
* Now make sure the subdirectory exists.
*/
if ((err = make_dir_and_check_ours(dirname)) != NULL) {
*logtext = err;
sfree(dirname);
return SHARE_NONE;
}
/*
* Acquire a lock on a file in that directory.
*/
lockname = dupcat(dirname, "/lock", (char *)NULL);
lockfd = open(lockname, O_CREAT | O_RDWR | O_TRUNC, 0600);
if (lockfd < 0) {
*logtext = dupprintf("%s: open: %s", lockname, strerror(errno));
sfree(dirname);
sfree(lockname);
return SHARE_NONE;
}
if (flock(lockfd, LOCK_EX) < 0) {
*logtext = dupprintf("%s: flock(LOCK_EX): %s",
lockname, strerror(errno));
sfree(dirname);
sfree(lockname);
close(lockfd);
return SHARE_NONE;
}
sockname = dupprintf("%s/socket", dirname);
*logtext = NULL;
if (can_downstream) {
retsock = new_connection(unix_sock_addr(sockname),
"", 0, 0, 1, 0, 0, downplug, conf);
if (sk_socket_error(retsock) == NULL) {
sfree(*logtext);
*logtext = sockname;
*sock = retsock;
sfree(dirname);
sfree(lockname);
close(lockfd);
return SHARE_DOWNSTREAM;
}
sfree(*ds_err);
*ds_err = dupprintf("%s: %s", sockname, sk_socket_error(retsock));
sk_close(retsock);
}
if (can_upstream) {
retsock = new_unix_listener(unix_sock_addr(sockname), upplug);
if (sk_socket_error(retsock) == NULL) {
sfree(*logtext);
*logtext = sockname;
*sock = retsock;
sfree(dirname);
sfree(lockname);
close(lockfd);
return SHARE_UPSTREAM;
}
sfree(*us_err);
*us_err = dupprintf("%s: %s", sockname, sk_socket_error(retsock));
sk_close(retsock);
}
/* One of the above clauses ought to have happened. */
assert(*logtext || *ds_err || *us_err);
sfree(dirname);
sfree(lockname);
sfree(sockname);
close(lockfd);
return SHARE_NONE;
}
/* Although this marker is guessable it is not easy to use
* for a faked control packet because an attacker does not
* have enough control about the time the verification does
* take place. Of course, we can add just more random but
* than we need the random generator even for verification
* tasks - which does not make sense. */
a = aa ^ (ulong)getpid();
b = bb ^ (ulong)time(NULL);
memcpy( marker, &a, SIZEOF_UNSIGNED_LONG );
memcpy( marker+SIZEOF_UNSIGNED_LONG, &b, SIZEOF_UNSIGNED_LONG );
}
*rlen = sizeof(marker);
return marker;
}
#if 0 /* not yet needed - Note that this will require inclusion of
cmacros.am in Makefile.am */
int
check_permissions(const char *path,int extension,int checkonly)
{
#if defined(HAVE_STAT) && !defined(HAVE_DOSISH_SYSTEM)
char *tmppath;
struct stat statbuf;
int ret=1;
int isdir=0;
if(opt.no_perm_warn)
return 0;
if(extension && path[0]!=DIRSEP_C)
{
if(strchr(path,DIRSEP_C))
tmppath=make_filename(path,NULL);
else
tmppath=make_filename(GNUPG_LIBDIR,path,NULL);
}
else
tmppath=m_strdup(path);
/* It's okay if the file doesn't exist */
if(stat(tmppath,&statbuf)!=0)
{
ret=0;
goto end;
}
isdir=S_ISDIR(statbuf.st_mode);
/* Per-user files must be owned by the user. Extensions must be
owned by the user or root. */
if((!extension && statbuf.st_uid != getuid()) ||
(extension && statbuf.st_uid!=0 && statbuf.st_uid!=getuid()))
{
if(!checkonly)
log_info(_("Warning: unsafe ownership on %s \"%s\"\n"),
isdir?"directory":extension?"extension":"file",path);
goto end;
}
/* This works for both directories and files - basically, we don't
care what the owner permissions are, so long as the group and
other permissions are 0 for per-user files, and non-writable for
extensions. */
if((extension && (statbuf.st_mode & (S_IWGRP|S_IWOTH)) !=0) ||
(!extension && (statbuf.st_mode & (S_IRWXG|S_IRWXO)) != 0))
{
char *dir;
/* However, if the directory the directory/file is in is owned
by the user and is 700, then this is not a problem.
Theoretically, we could walk this test up to the root
directory /, but for the sake of sanity, I'm stopping at one
level down. */
dir= make_dirname (tmppath);
if(stat(dir,&statbuf)==0 && statbuf.st_uid==getuid() &&
S_ISDIR(statbuf.st_mode) && (statbuf.st_mode & (S_IRWXG|S_IRWXO))==0)
{
xfree (dir);
ret=0;
goto end;
}
m_free(dir);
if(!checkonly)
log_info(_("Warning: unsafe permissions on %s \"%s\"\n"),
isdir?"directory":extension?"extension":"file",path);
goto end;
}
ret=0;
end:
m_free(tmppath);
return ret;
#endif /* HAVE_STAT && !HAVE_DOSISH_SYSTEM */
return 0;
}
