void test_ReadHexKeys() { struct key* keys = NULL; TEST_ASSERT_EQUAL(3, auth_init(CreatePath("key-test-hex", INPUT_DIR), &keys)); TEST_ASSERT_TRUE(keys != NULL); struct key* result = NULL; get_key(10, &result); TEST_ASSERT_TRUE(result != NULL); TEST_ASSERT_TRUE(CompareKeysAlternative(10, 13, "MD5", "\x01\x23\x45\x67\x89\xab\xcd\xef\x01\x23\x45\x67\x89", *result)); result = NULL; get_key(20, &result); TEST_ASSERT_TRUE(result != NULL); char data1[15]; memset(data1, 0x11, 15); TEST_ASSERT_TRUE(CompareKeysAlternative(20, 15, "MD5", data1, *result)); result = NULL; get_key(30, &result); TEST_ASSERT_TRUE(result != NULL); char data2[13]; memset(data2, 0x01, 13); TEST_ASSERT_TRUE(CompareKeysAlternative(30, 13, "MD5", data2, *result)); }
TEST(keyFile, ReadHexKeys) { const char* path; struct key* keys = NULL; struct key* result = NULL; char data[15]; path = CreatePath("key-test-hex", INPUT_DIR); TEST_ASSERT_EQUAL(3, auth_init(path, &keys)); free((void*) path); TEST_ASSERT_TRUE(keys != NULL); get_key(10, &result); TEST_ASSERT_TRUE(result != NULL); TEST_ASSERT_TRUE(CompareKey(10, 13, "MD5", "\x01\x23\x45\x67\x89\xab\xcd\xef\x01\x23\x45\x67\x89", result)); result = NULL; get_key(20, &result); TEST_ASSERT_TRUE(result != NULL); memset(data, 0x11, 15); TEST_ASSERT_TRUE(CompareKey(20, 15, "MD5", data, result)); result = NULL; get_key(30, &result); TEST_ASSERT_TRUE(result != NULL); memset(data, 0x01, 13); TEST_ASSERT_TRUE(CompareKey(30, 13, "MD5", data, result)); }
void test_ReadEmptyKeyFile() { struct key* keys = NULL; TEST_ASSERT_EQUAL(0, auth_init(CreatePath("key-test-empty", INPUT_DIR), &keys)); TEST_ASSERT_TRUE(keys == NULL); }
TEST(keyFile, ReadEmptyKeyFile) { const char* path; struct key* keys = NULL; path = CreatePath("key-test-empty", INPUT_DIR); TEST_ASSERT_EQUAL(0, auth_init(path, &keys)); free((void*) path); TEST_ASSERT_TRUE(keys == NULL); }
OT_WEAK void dll_init(void) { /// Initialize Radio radio_init(); /// Initialize all upper-layer elements of the protocol stack network_init(); m2qp_init(); auth_init(); /// Load the Network settings from ISF 0 to the dll.netconf buffer, reset /// the session, and send system to idle. dll_refresh(); }
TEST(keyFile, ReadASCIIKeys) { const char* path; struct key* keys = NULL; struct key* result = NULL; path = CreatePath("key-test-ascii", INPUT_DIR); TEST_ASSERT_EQUAL(2, auth_init(path, &keys)); free((void*) path); TEST_ASSERT_TRUE(keys != NULL); get_key(40, &result); TEST_ASSERT_TRUE(result != NULL); TEST_ASSERT_TRUE(CompareKey(40, 11, "MD5", "asciikeyTwo", result)); result = NULL; get_key(50, &result); TEST_ASSERT_TRUE(result != NULL); TEST_ASSERT_TRUE(CompareKey(50, 11, "MD5", "asciikeyOne", result)); }
void auth_encrypt_init(const char *local, const char *remote, const char *name, int server) { RemoteHostName = remote; LocalHostName = local; #ifdef AUTHENTICATION auth_init(name, server); #endif #ifdef ENCRYPTION encrypt_init(name, server); #endif if (UserNameRequested) { free(UserNameRequested); UserNameRequested = 0; } }
void test_ReadASCIIKeys() { struct key* keys = NULL; TEST_ASSERT_EQUAL(2, auth_init(CreatePath("key-test-ascii", INPUT_DIR), &keys)); TEST_ASSERT_TRUE(keys != NULL); struct key* result = NULL; get_key(40, &result); TEST_ASSERT_TRUE(result != NULL); TEST_ASSERT_TRUE(CompareKeysAlternative(40, 11, "MD5", "asciikeyTwo", *result)); result = NULL; get_key(50, &result); TEST_ASSERT_TRUE(result != NULL); TEST_ASSERT_TRUE(CompareKeysAlternative(50, 11, "MD5", "asciikeyOne", *result)); }
void test_ReadKeyFileWithInvalidHex() { struct key* keys = NULL; TEST_ASSERT_EQUAL(1, auth_init(CreatePath("key-test-invalid-hex", INPUT_DIR), &keys)); TEST_ASSERT_TRUE(keys != NULL); struct key* result = NULL; get_key(10, &result); TEST_ASSERT_TRUE(result != NULL); char data[15]; memset(data, 0x01, 15); TEST_ASSERT_TRUE(CompareKeysAlternative(10, 15, "MD5", data, *result)); result = NULL; get_key(30, &result); // Should not exist, and result should remain NULL. TEST_ASSERT_TRUE(result == NULL); }
void test_ReadKeyFileWithComments() { struct key* keys = NULL; TEST_ASSERT_EQUAL(2, auth_init(CreatePath("key-test-comments", INPUT_DIR), &keys)); TEST_ASSERT_TRUE(keys != NULL); struct key* result = NULL; get_key(10, &result); TEST_ASSERT_TRUE(result != NULL); char data[15]; memset(data, 0x01, 15); TEST_ASSERT_TRUE(CompareKeysAlternative(10, 15, "MD5", data, *result)); result = NULL; get_key(34, &result); TEST_ASSERT_TRUE(result != NULL); TEST_ASSERT_TRUE(CompareKeysAlternative(34, 3, "MD5", "xyz", *result)); }
void auth_encrypt_init (char *local, char *remote, char *principal, char *name, int server) { RemoteHostName = remote; LocalHostName = local; ServerPrincipal = principal; (void) name; (void) server; /* silence gcc */ #if defined AUTHENTICATION auth_init (name, server); #endif #ifdef ENCRYPTION encrypt_init (name, server); #endif /* ENCRYPTION */ free (UserNameRequested); UserNameRequested = NULL; }
int main() { map_init(); auth_init(); printf("%d\n",get_uid_by_name("zwz")); printf("%d\n",get_uid_by_name("zwzmzd")); printf("%d\n",get_uid_by_name("nishi")); printf("%d\n",auth_user("zwz","aaa")); printf("%d\n",auth_user("iii","aaa")); printf("%d\n",auth_user("zwz","mzd")); auth_permission("/pro",1); auth_permission("/",1); auth_permission("/a/a/a/a/a",1); printf("%x\n",auth_permission("/pp",1)); return 0; }
int main(int argc, char *argv[]) { struct wpa wpa; if (os_program_init()) return -1; os_memset(&wpa, 0, sizeof(wpa)); os_memset(wpa.auth_addr, 0x12, ETH_ALEN); os_memset(wpa.supp_addr, 0x32, ETH_ALEN); os_memset(wpa.psk, 0x44, PMK_LEN); wpa_debug_level = 0; wpa_debug_show_keys = 1; if (eloop_init()) { wpa_printf(MSG_ERROR, "Failed to initialize event loop"); return -1; } if (auth_init_group(&wpa) < 0) return -1; if (supp_init(&wpa) < 0) return -1; if (auth_init(&wpa) < 0) return -1; wpa_printf(MSG_DEBUG, "Starting eloop"); eloop_run(); wpa_printf(MSG_DEBUG, "eloop done"); deinit(&wpa); eloop_destroy(); os_program_deinit(); return 0; }
TEST(keyFile, ReadKeyFileWithInvalidHex) { const char* path; struct key* keys = NULL; struct key* result = NULL; char data[15]; path = CreatePath("key-test-invalid-hex", INPUT_DIR); TEST_ASSERT_EQUAL(1, auth_init(path, &keys)); free((void*) path); TEST_ASSERT_TRUE(keys != NULL); get_key(10, &result); TEST_ASSERT_TRUE(result != NULL); memset(data, 0x01, 15); TEST_ASSERT_TRUE(CompareKey(10, 15, "MD5", data, result)); result = NULL; get_key(30, &result); /* Should not exist, and result should remain NULL. */ TEST_ASSERT_TRUE(result == NULL); }
TEST(keyFile, ReadKeyFileWithComments) { const char* path; struct key* keys = NULL; struct key* result = NULL; char data[15]; path = CreatePath("key-test-comments", INPUT_DIR); TEST_ASSERT_EQUAL(2, auth_init(path, &keys)); free((void*) path); TEST_ASSERT_TRUE(keys != NULL); get_key(10, &result); TEST_ASSERT_TRUE(result != NULL); memset(data, 0x01, 15); TEST_ASSERT_TRUE(CompareKey(10, 15, "MD5", data, result)); result = NULL; get_key(34, &result); TEST_ASSERT_TRUE(result != NULL); TEST_ASSERT_TRUE(CompareKey(34, 3, "MD5", "xyz", result)); }
void http_init(void) { httpRequest = malloc(HTTP_DATA_MAX_LEN); listen_fd = 0; auth_init(userName, usrPassword); }
int context_init(SERVICE_OPTIONS *section) { /* init SSL context */ /* create SSL context */ if(section->option.client) section->ctx=SSL_CTX_new(section->client_method); else /* server mode */ section->ctx=SSL_CTX_new(section->server_method); if(!section->ctx) { sslerror("SSL_CTX_new"); return 1; /* FAILED */ } SSL_CTX_set_ex_data(section->ctx, index_opt, section); /* for callbacks */ /* load certificate and private key to be verified by the peer server */ #if !defined(OPENSSL_NO_ENGINE) && OPENSSL_VERSION_NUMBER>=0x0090809fL /* SSL_CTX_set_client_cert_engine() was introduced in OpenSSL 0.9.8i */ if(section->option.client && section->engine) { if(SSL_CTX_set_client_cert_engine(section->ctx, section->engine)) s_log(LOG_INFO, "Client certificate engine (%s) enabled", ENGINE_get_id(section->engine)); else /* no client certificate functionality in this engine */ sslerror("SSL_CTX_set_client_cert_engine"); /* ignore error */ } #endif if(auth_init(section)) return 1; /* FAILED */ /* initialize verification of the peer server certificate */ if(verify_init(section)) return 1; /* FAILED */ /* initialize DH/ECDH server mode */ if(!section->option.client) { #ifndef OPENSSL_NO_TLSEXT SSL_CTX_set_tlsext_servername_arg(section->ctx, section); SSL_CTX_set_tlsext_servername_callback(section->ctx, servername_cb); #endif /* OPENSSL_NO_TLSEXT */ #ifndef OPENSSL_NO_DH dh_init(section); /* ignore the result (errors are not critical) */ #endif /* OPENSSL_NO_DH */ #ifndef OPENSSL_NO_ECDH ecdh_init(section); /* ignore the result (errors are not critical) */ #endif /* OPENSSL_NO_ECDH */ } /* setup session cache */ if(!section->option.client) { unsigned servname_len=(unsigned)strlen(section->servname); if(servname_len>SSL_MAX_SSL_SESSION_ID_LENGTH) servname_len=SSL_MAX_SSL_SESSION_ID_LENGTH; if(!SSL_CTX_set_session_id_context(section->ctx, (unsigned char *)section->servname, servname_len)) { sslerror("SSL_CTX_set_session_id_context"); return 1; /* FAILED */ } } #ifdef SSL_SESS_CACHE_NO_INTERNAL_STORE /* the default cache mode is just SSL_SESS_CACHE_SERVER */ SSL_CTX_set_session_cache_mode(section->ctx, SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL_STORE); #endif SSL_CTX_sess_set_cache_size(section->ctx, section->session_size); SSL_CTX_set_timeout(section->ctx, section->session_timeout); SSL_CTX_sess_set_new_cb(section->ctx, sess_new_cb); SSL_CTX_sess_set_get_cb(section->ctx, sess_get_cb); SSL_CTX_sess_set_remove_cb(section->ctx, sess_remove_cb); /* set info callback */ SSL_CTX_set_info_callback(section->ctx, info_callback); /* ciphers, options, mode */ if(section->cipher_list) if(!SSL_CTX_set_cipher_list(section->ctx, section->cipher_list)) { sslerror("SSL_CTX_set_cipher_list"); return 1; /* FAILED */ } SSL_CTX_set_options(section->ctx, (SSL_OPTIONS_TYPE)(section->ssl_options_set)); #if OPENSSL_VERSION_NUMBER>=0x009080dfL SSL_CTX_clear_options(section->ctx, (SSL_OPTIONS_TYPE)(section->ssl_options_clear)); s_log(LOG_DEBUG, "SSL options: 0x%08lX (+0x%08lX, -0x%08lX)", SSL_CTX_get_options(section->ctx), section->ssl_options_set, section->ssl_options_clear); #else /* OpenSSL older than 0.9.8m */ s_log(LOG_DEBUG, "SSL options: 0x%08lX (+0x%08lX)", SSL_CTX_get_options(section->ctx), section->ssl_options_set); #endif /* OpenSSL 0.9.8m or later */ /* initialize OpenSSL CONF options */ if(conf_init(section)) return 1; /* FAILED */ #ifdef SSL_MODE_RELEASE_BUFFERS SSL_CTX_set_mode(section->ctx, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | SSL_MODE_RELEASE_BUFFERS); #else SSL_CTX_set_mode(section->ctx, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); #endif return 0; /* OK */ }
err_status_t auth_type_self_test(const auth_type_t *at) { auth_test_case_t *test_case = at->test_data; auth_t *a; err_status_t status; uint8_t tag[SELF_TEST_TAG_BUF_OCTETS]; int i, case_num = 0; debug_print(mod_auth, "running self-test for auth function %s", at->description); /* * check to make sure that we have at least one test case, and * return an error if we don't - we need to be paranoid here */ if (test_case == NULL) return err_status_cant_check; /* loop over all test cases */ while (test_case != NULL) { /* check test case parameters */ if (test_case->tag_length_octets > SELF_TEST_TAG_BUF_OCTETS) return err_status_bad_param; /* allocate auth */ status = auth_type_alloc(at, &a, test_case->key_length_octets, test_case->tag_length_octets); if (status) return status; /* initialize auth */ status = auth_init(a, test_case->key); if (status) { auth_dealloc(a); return status; } /* zeroize tag then compute */ octet_string_set_to_zero(tag, test_case->tag_length_octets); status = auth_compute(a, test_case->data, test_case->data_length_octets, tag); if (status) { auth_dealloc(a); return status; } debug_print(mod_auth, "key: %s", octet_string_hex_string(test_case->key, test_case->key_length_octets)); debug_print(mod_auth, "data: %s", octet_string_hex_string(test_case->data, test_case->data_length_octets)); debug_print(mod_auth, "tag computed: %s", octet_string_hex_string(tag, test_case->tag_length_octets)); debug_print(mod_auth, "tag expected: %s", octet_string_hex_string(test_case->tag, test_case->tag_length_octets)); /* check the result */ status = err_status_ok; for (i=0; i < test_case->tag_length_octets; i++) if (tag[i] != test_case->tag[i]) { status = err_status_algo_fail; debug_print(mod_auth, "test case %d failed", case_num); debug_print(mod_auth, " (mismatch at octet %d)", i); } if (status) { auth_dealloc(a); return err_status_algo_fail; } /* deallocate the auth function */ status = auth_dealloc(a); if (status) return status; /* * the auth function passed the test case, so move on to the next test * case in the list; if NULL, we'll quit and return an OK */ test_case = test_case->next_test_case; ++case_num; } return err_status_ok; }
int main(int argc, char **argv) { char *export_file = _PATH_EXPORTS; char *state_dir = NFS_STATEDIR; int foreground = 0; int port = 0; int descriptors = 0; int c; struct sigaction sa; struct rlimit rlim; /* Parse the command line options and arguments. */ opterr = 0; while ((c = getopt_long(argc, argv, "o:nFd:f:p:P:hH:N:V:vrs:t:g", longopts, NULL)) != EOF) switch (c) { case 'g': manage_gids = 1; break; case 'o': descriptors = atoi(optarg); if (descriptors <= 0) { fprintf(stderr, "%s: bad descriptors: %s\n", argv [0], optarg); usage(argv [0], 1); } break; case 'F': foreground = 1; break; case 'd': xlog_sconfig(optarg, 1); break; case 'f': export_file = optarg; break; case 'H': /* PRC: specify a high-availability callout program */ ha_callout_prog = optarg; break; case 'h': usage(argv [0], 0); break; case 'P': /* XXX for nfs-server compatibility */ case 'p': port = atoi(optarg); if (port <= 0 || port > 65535) { fprintf(stderr, "%s: bad port number: %s\n", argv [0], optarg); usage(argv [0], 1); } break; case 'N': nfs_version &= ~(1 << (atoi (optarg) - 1)); break; case 'n': _rpcfdtype = SOCK_DGRAM; break; case 'r': reverse_resolve = 1; break; case 's': if ((state_dir = xstrdup(optarg)) == NULL) { fprintf(stderr, "%s: xstrdup(%s) failed!\n", argv[0], optarg); exit(1); } break; case 't': num_threads = atoi (optarg); break; case 'V': nfs_version |= 1 << (atoi (optarg) - 1); break; case 'v': printf("kmountd %s\n", VERSION); exit(0); case 0: break; case '?': default: usage(argv [0], 1); } /* No more arguments allowed. * Require at least one valid version (2, 3, or 4) */ if (optind != argc || !(nfs_version & 0xE)) usage(argv [0], 1); if (chdir(state_dir)) { fprintf(stderr, "%s: chdir(%s) failed: %s\n", argv [0], state_dir, strerror(errno)); exit(1); } if (getrlimit (RLIMIT_NOFILE, &rlim) != 0) fprintf(stderr, "%s: getrlimit (RLIMIT_NOFILE) failed: %s\n", argv [0], strerror(errno)); else { /* glibc sunrpc code dies if getdtablesize > FD_SETSIZE */ if ((descriptors == 0 && rlim.rlim_cur > FD_SETSIZE) || descriptors > FD_SETSIZE) descriptors = FD_SETSIZE; if (descriptors) { rlim.rlim_cur = descriptors; if (setrlimit (RLIMIT_NOFILE, &rlim) != 0) { fprintf(stderr, "%s: setrlimit (RLIMIT_NOFILE) failed: %s\n", argv [0], strerror(errno)); exit(1); } } } /* Initialize logging. */ if (!foreground) xlog_stderr(0); xlog_open("mountd"); sa.sa_handler = SIG_IGN; sa.sa_flags = 0; sigemptyset(&sa.sa_mask); sigaction(SIGHUP, &sa, NULL); sigaction(SIGINT, &sa, NULL); sigaction(SIGTERM, &sa, NULL); sigaction(SIGPIPE, &sa, NULL); /* WARNING: the following works on Linux and SysV, but not BSD! */ sigaction(SIGCHLD, &sa, NULL); /* Daemons should close all extra filehandles ... *before* RPC init. */ if (!foreground) closeall(3); new_cache = check_new_cache(); if (new_cache) cache_open(); if (nfs_version & 0x1) rpc_init("mountd", MOUNTPROG, MOUNTVERS, mount_dispatch, port); if (nfs_version & (0x1 << 1)) rpc_init("mountd", MOUNTPROG, MOUNTVERS_POSIX, mount_dispatch, port); if (nfs_version & (0x1 << 2)) rpc_init("mountd", MOUNTPROG, MOUNTVERS_NFSV3, mount_dispatch, port); sa.sa_handler = killer; sigaction(SIGINT, &sa, NULL); sigaction(SIGTERM, &sa, NULL); sa.sa_handler = sig_hup; sigaction(SIGHUP, &sa, NULL); auth_init(export_file); if (!foreground) { /* We first fork off a child. */ if ((c = fork()) > 0) exit(0); if (c < 0) { xlog(L_FATAL, "mountd: cannot fork: %s\n", strerror(errno)); } /* Now we remove ourselves from the foreground. Redirect stdin/stdout/stderr first. */ { int fd = open("/dev/null", O_RDWR); (void) dup2(fd, 0); (void) dup2(fd, 1); (void) dup2(fd, 2); if (fd > 2) (void) close(fd); } setsid(); } /* silently bounds check num_threads */ if (foreground) num_threads = 1; else if (num_threads < 1) num_threads = 1; else if (num_threads > MAX_THREADS) num_threads = MAX_THREADS; if (num_threads > 1) fork_workers(); my_svc_run(); xlog(L_ERROR, "Ack! Gack! svc_run returned!\n"); exit(1); }
static int set_usb_online(bool on) { if (on) { if (!usb_online) { /*init */ auth_init(); /* sleep for a second to let things settle down */ sleep(1); platform_event_unsignal(&tx_shutdown_event); platform_event_unsignal(&rx_shutdown_event); usbll_handle = novacom_usbll_create("host", MAX_MTU, 0, 0); ep1in_fd = open(ep1in_name, O_RDWR); LOG_PRINTF("ep1 %d\n", ep1in_fd); if (ep1in_fd < 0) { log_printf(LOG_ERROR, "error opening endpoint 1\n"); return -1; } fcntl(ep1in_fd, F_SETFD, FD_CLOEXEC); ep2out_fd = open(ep2out_name, O_RDWR); LOG_PRINTF("ep2 %d\n", ep2out_fd); if (ep2out_fd < 0) { log_printf(LOG_ERROR, "error opening endpoint 2\n"); close(ep1in_fd); return -1; } fcntl(ep2out_fd, F_SETFD, FD_CLOEXEC); usb_online = true; platform_event_signal(&usb_online_event); /* create the worker threads */ LOG_PRINTF("starting worker threads\n"); platform_create_thread(NULL, &tx_thread_entry, NULL); platform_create_thread(NULL, &rx_thread_entry, NULL); } else if(false == gadgetfs_online) { /* postponed_offline->online */ platform_event_signal(&usb_online_event); } } else { if (usb_online) { //change state before sending out signal! usb_online = false; platform_event_signal(&usb_online_event); /* wait for the existing worker threads to go away */ LOG_PRINTF("waiting for worker threads to go away\n"); platform_event_wait(&tx_shutdown_event); close(ep1in_fd); LOG_PRINTF("closed tx_thread\n"); platform_event_wait(&rx_shutdown_event); close(ep2out_fd); LOG_PRINTF("closed rx_thread\n"); novacom_usbll_destroy(usbll_handle); LOG_PRINTF("destroyed novacom usbll_handle\n"); /* clear auth */ auth_reset(); } } return 0; }
/* * The actual main function. */ int sntp_main ( int argc, char **argv ) { register int c; struct kod_entry *reason = NULL; int optct; /* boolean, u_int quiets gcc4 signed overflow warning */ u_int sync_data_suc; struct addrinfo **bcastaddr = NULL; struct addrinfo **resh = NULL; struct addrinfo *ai; int resc; int kodc; int ow_ret; int bcast = 0; char *hostname; optct = optionProcess(&sntpOptions, argc, argv); argc -= optct; argv += optct; /* Initialize logging system */ init_logging(); if (HAVE_OPT(LOGFILE)) open_logfile(OPT_ARG(LOGFILE)); msyslog(LOG_NOTICE, "Started sntp"); /* IPv6 available? */ if (isc_net_probeipv6() != ISC_R_SUCCESS) { ai_fam_pref = AF_INET; #ifdef DEBUG printf("No ipv6 support available, forcing ipv4\n"); #endif } else { /* Check for options -4 and -6 */ if (HAVE_OPT(IPV4)) ai_fam_pref = AF_INET; else if (HAVE_OPT(IPV6)) ai_fam_pref = AF_INET6; } /* Parse config file if declared TODO */ /* * If there's a specified KOD file init KOD system. If not use * default file. For embedded systems with no writable * filesystem, -K /dev/null can be used to disable KoD storage. */ if (HAVE_OPT(KOD)) kod_init_kod_db(OPT_ARG(KOD)); else kod_init_kod_db("/var/db/ntp-kod"); if (HAVE_OPT(KEYFILE)) auth_init(OPT_ARG(KEYFILE), &keys); #ifdef EXERCISE_KOD_DB add_entry("192.168.169.170", "DENY"); add_entry("192.168.169.171", "DENY"); add_entry("192.168.169.172", "DENY"); add_entry("192.168.169.173", "DENY"); add_entry("192.168.169.174", "DENY"); delete_entry("192.168.169.174", "DENY"); delete_entry("192.168.169.172", "DENY"); delete_entry("192.168.169.170", "DENY"); if ((kodc = search_entry("192.168.169.173", &reason)) == 0) printf("entry for 192.168.169.173 not found but should have been!\n"); else free(reason); #endif /* Considering employing a variable that prevents functions of doing anything until * everything is initialized properly */ resc = resolve_hosts((void *)argv, argc, &resh, ai_fam_pref); if (resc < 1) { printf("Unable to resolve hostname(s)\n"); return -1; } bcast = ENABLED_OPT(BROADCAST); if (bcast) { const char * myargv[2]; myargv[0] = OPT_ARG(BROADCAST); myargv[1] = NULL; bcast = resolve_hosts(myargv, 1, &bcastaddr, ai_fam_pref); } /* Select a certain ntp server according to simple criteria? For now * let's just pay attention to previous KoDs. */ sync_data_suc = FALSE; for (c = 0; c < resc && !sync_data_suc; c++) { ai = resh[c]; do { hostname = addrinfo_to_str(ai); if ((kodc = search_entry(hostname, &reason)) == 0) { if (is_reachable(ai)) { ow_ret = on_wire(ai, bcast ? bcastaddr[0] : NULL); if (0 == ow_ret) sync_data_suc = TRUE; } } else { printf("%d prior KoD%s for %s, skipping.\n", kodc, (kodc > 1) ? "s" : "", hostname); free(reason); } free(hostname); ai = ai->ai_next; } while (NULL != ai); freeaddrinfo(resh[c]); } free(resh); if (!sync_data_suc) return 1; return 0; }
/* * The actual main function. */ int sntp_main ( int argc, char **argv, const char *sntpVersion ) { int i; int exitcode; int optct; struct event_config * evcfg; /* Initialize logging system - sets up progname */ sntp_init_logging(argv[0]); if (!libevent_version_ok()) exit(EX_SOFTWARE); init_lib(); init_auth(); optct = ntpOptionProcess(&sntpOptions, argc, argv); argc -= optct; argv += optct; debug = OPT_VALUE_SET_DEBUG_LEVEL; TRACE(2, ("init_lib() done, %s%s\n", (ipv4_works) ? "ipv4_works " : "", (ipv6_works) ? "ipv6_works " : "")); ntpver = OPT_VALUE_NTPVERSION; steplimit = OPT_VALUE_STEPLIMIT / 1e3; gap.tv_usec = max(0, OPT_VALUE_GAP * 1000); gap.tv_usec = min(gap.tv_usec, 999999); if (HAVE_OPT(LOGFILE)) open_logfile(OPT_ARG(LOGFILE)); msyslog(LOG_INFO, "%s", sntpVersion); if (0 == argc && !HAVE_OPT(BROADCAST) && !HAVE_OPT(CONCURRENT)) { printf("%s: Must supply at least one of -b hostname, -c hostname, or hostname.\n", progname); exit(EX_USAGE); } /* ** Eventually, we probably want: ** - separate bcst and ucst timeouts (why?) ** - multiple --timeout values in the commandline */ response_timeout = OPT_VALUE_TIMEOUT; response_tv.tv_sec = response_timeout; response_tv.tv_usec = 0; /* IPv6 available? */ if (isc_net_probeipv6() != ISC_R_SUCCESS) { ai_fam_pref = AF_INET; TRACE(1, ("No ipv6 support available, forcing ipv4\n")); } else { /* Check for options -4 and -6 */ if (HAVE_OPT(IPV4)) ai_fam_pref = AF_INET; else if (HAVE_OPT(IPV6)) ai_fam_pref = AF_INET6; } /* TODO: Parse config file if declared */ /* ** Init the KOD system. ** For embedded systems with no writable filesystem, ** -K /dev/null can be used to disable KoD storage. */ kod_init_kod_db(OPT_ARG(KOD), FALSE); // HMS: Should we use arg-defalt for this too? if (HAVE_OPT(KEYFILE)) auth_init(OPT_ARG(KEYFILE), &keys); /* ** Considering employing a variable that prevents functions of doing ** anything until everything is initialized properly ** ** HMS: What exactly does the above mean? */ event_set_log_callback(&sntp_libevent_log_cb); if (debug > 0) event_enable_debug_mode(); #ifdef WORK_THREAD evthread_use_pthreads(); /* we use libevent from main thread only, locks should be academic */ if (debug > 0) evthread_enable_lock_debuging(); #endif evcfg = event_config_new(); if (NULL == evcfg) { printf("%s: event_config_new() failed!\n", progname); return -1; } #ifndef HAVE_SOCKETPAIR event_config_require_features(evcfg, EV_FEATURE_FDS); #endif /* all libevent calls are from main thread */ /* event_config_set_flag(evcfg, EVENT_BASE_FLAG_NOLOCK); */ base = event_base_new_with_config(evcfg); event_config_free(evcfg); if (NULL == base) { printf("%s: event_base_new() failed!\n", progname); return -1; } /* wire into intres resolver */ worker_per_query = TRUE; addremove_io_fd = &sntp_addremove_fd; open_sockets(); if (HAVE_OPT(BROADCAST)) { int cn = STACKCT_OPT( BROADCAST ); const char ** cp = STACKLST_OPT( BROADCAST ); while (cn-- > 0) { handle_lookup(*cp, CTX_BCST); cp++; } } if (HAVE_OPT(CONCURRENT)) { int cn = STACKCT_OPT( CONCURRENT ); const char ** cp = STACKLST_OPT( CONCURRENT ); while (cn-- > 0) { handle_lookup(*cp, CTX_UCST | CTX_CONC); cp++; } } for (i = 0; i < argc; ++i) handle_lookup(argv[i], CTX_UCST); gettimeofday_cached(base, &start_tv); event_base_dispatch(base); event_base_free(base); if (!time_adjusted && (ENABLED_OPT(STEP) || ENABLED_OPT(SLEW))) exitcode = 1; else exitcode = 0; return exitcode; }
int main( void ) #endif { iu8 i, len, b; /* TODO: On error? */ hal_init(); /* Send ATR */ /* TODO: Possible from EEPROM? */ hal_io_sendByteT0( 0x3B ); #if CONF_WITH_LOGGING==1 log_init(); #endif resplen = 0; #if CONF_WITH_TRANSACTIONS==1 /* Commit transactions not yet done. */ /* TODO: On error? */ ta_commit(); #endif /* CONF_WITH_TRANSACTIONS */ /* Initialize FS state in RAM. */ /* TODO: On error? */ fs_init(); #if CONF_WITH_PINAUTH==1 /* Initialize authentication state. */ /* TODO: On error? */ auth_init(); #endif /* CONF_WITH_PINAUTH==1 */ if( !(hal_eeprom_read( &len, ATR_LEN_ADDR, 1 ) && (len<=ATR_MAXLEN)) ) for(;;) {} /* XXX good loop mechanism? what is it anyway */ for( i=1; i<len; i++ ) { if( !hal_eeprom_read( &b, ATR_ADDR+i, 1 ) ) for(;;) {} hal_io_sendByteT0( b ); } /* Command loop */ for(;;) { for( i=0; i<5; i++ ) { header[i] = hal_io_recByteT0(); } #if CONF_WITH_KEYAUTH==1 if( challvalidity ) challvalidity--; #endif /* CONF_WITH_KEYAUTH==1 */ #if CONF_WITH_TRNG==1 hal_rnd_addEntropy(); #endif /* CONF_WITH_TRNG==1 */ if( (header[0]&0xFC)==CLA_PROP ) { switch( header[1]&0xFE ) { #if CONF_WITH_TESTCMDS==1 case INS_WRITE: cmd_write(); break; case INS_READ: cmd_read(); break; #endif /* CONF_WITH_TESTCMDS==1 */ #if CONF_WITH_FUNNY==1 case INS_LED: cmd_led(); break; #endif /* CONF_WITH_FUNNY==1 */ #if CONF_WITH_PINCMDS==1 case INS_CHANGE_PIN: cmd_changeUnblockPIN(); break; #endif /* CONF_WITH_PINCMDS==1 */ #if CONF_WITH_CREATECMD==1 case INS_CREATE: cmd_create(); break; #endif /* CONF_WITH_CREATECMD==1 */ #if CONF_WITH_DELETECMD==1 case INS_DELETE: cmd_delete(); break; #endif /* CONF_WITH_DELETECMD==1 */ #if CONF_WITH_KEYCMDS==1 case INS_EXTERNAL_AUTH: cmd_extAuth(); break; #endif /* CONF_WITH_KEYCMDS==1 */ #if CONF_WITH_KEYCMDS==1 case INS_GET_CHALLENGE: cmd_getChallenge(); break; #endif /* CONF_WITH_KEYCMDS==1 */ case INS_GET_RESPONSE: cmd_getResponse(); break; #if CONF_WITH_KEYCMDS==1 case INS_INTERNAL_AUTH: cmd_intAuth(); break; #endif /* CONF_WITH_KEYCMDS==1 */ case INS_READ_BINARY: cmd_readBinary(); break; case INS_SELECT: cmd_select(); break; #if CONF_WITH_PINCMDS==1 case INS_UNBLOCK_PIN: cmd_changeUnblockPIN(); break; #endif /* CONF_WITH_PINCMDS==1 */ case INS_UPDATE_BINARY: cmd_updateBinary(); break; #if CONF_WITH_KEYCMDS==1 case INS_VERIFY_KEY: cmd_verifyKeyPIN(); break; #endif /* CONF_WITH_KEYCMDS==1 */ #if CONF_WITH_PINCMDS==1 case INS_VERIFY_PIN: cmd_verifyKeyPIN(); break; #endif /* CONF_WITH_PINCMDS==1 */ default: t0_sendWord( SW_WRONG_INS ); } } else { t0_sendWord( SW_WRONG_CLA ); } #if CONF_WITH_TRNG==1 hal_rnd_addEntropy(); #endif /* Return the SW in sw */ t0_sendSw(); } }
void wk_authWorker(DS::SocketHandle sockp) { AuthServer_Private client; client.m_crypt = 0; client.m_sock = sockp; try { auth_init(client); client.m_player.m_playerId = 0; // Now that we're encrypted, we can add the client to our list s_authClientMutex.lock(); s_authClients.push_back(&client); s_authClientMutex.unlock(); // Poll the client socket and the daemon broadcast channel for messages pollfd fds[2]; fds[0].fd = DS::SockFd(sockp); fds[0].events = POLLIN; fds[1].fd = client.m_broadcast.fd(); fds[1].events = POLLIN; for ( ;; ) { int result = poll(fds, 2, NET_TIMEOUT * 1000); DS_PASSERT(result != -1); if (result == 0 || fds[0].revents & POLLHUP) throw DS::SockHup(); if (fds[0].revents & POLLIN) cb_sockRead(client); if (fds[1].revents & POLLIN) cb_broadcast(client); } } catch (const DS::AssertException& ex) { fprintf(stderr, "[Auth] Assertion failed at %s:%ld: %s\n", ex.m_file, ex.m_line, ex.m_cond); } catch (const DS::PacketSizeOutOfBounds& ex) { fprintf(stderr, "[Auth] Client packet size too large: Requested %u bytes\n", ex.requestedSize()); } catch (const DS::SockHup&) { // Socket closed... } Auth_ClientMessage disconMsg; disconMsg.m_client = &client; s_authChannel.putMessage(e_AuthDisconnect, reinterpret_cast<void*>(&disconMsg)); client.m_channel.getMessage(); s_authClientMutex.lock(); s_authClients.remove(&client); s_authClientMutex.unlock(); // Drain the broadcast channel while (client.m_broadcast.hasMessage()) { DS::FifoMessage msg = client.m_broadcast.getMessage(); reinterpret_cast<DS::BufferStream*>(msg.m_payload)->unref(); } DS::CryptStateFree(client.m_crypt); DS::FreeSock(client.m_sock); }
int main(int argc, char *argv[]) { /* Check to see if the user is running us as root, which is a nono */ if (!geteuid()) { fprintf(stderr, "ERROR: This server won't run as root/superuser\n"); return -1; } /* Setup corefile size immediately after boot -kre */ setup_corefile(); /* Save server boot time right away, so getrusage works correctly */ set_time(); /* It's not random, but it ought to be a little harder to guess */ init_genrand(SystemTime.tv_sec ^ (SystemTime.tv_usec | (getpid() << 20))); dlinkAdd(&me, &me.node, &global_client_list); ConfigGeneral.dpath = DPATH; ConfigGeneral.spath = SPATH; ConfigGeneral.mpath = MPATH; ConfigGeneral.configfile = CPATH; /* Server configuration file */ ConfigGeneral.klinefile = KPATH; /* Server kline file */ ConfigGeneral.glinefile = GPATH; /* Server gline file */ ConfigGeneral.xlinefile = XPATH; /* Server xline file */ ConfigGeneral.dlinefile = DLPATH; /* dline file */ ConfigGeneral.resvfile = RESVPATH; /* resv file */ myargv = argv; umask(077); /* umask 077: u=rwx,g=,o= */ parseargs(&argc, &argv, myopts); if (printVersion) { printf("ircd: version %s(%s)\n", ircd_version, serno); exit(EXIT_SUCCESS); } if (chdir(ConfigGeneral.dpath)) { perror("chdir"); exit(EXIT_FAILURE); } ssl_init(); if (!server_state.foreground) { make_daemon(); close_standard_fds(); /* this needs to be before init_netio()! */ } else print_startup(getpid()); setup_signals(); /* We need this to initialise the fd array before anything else */ fdlist_init(); log_set_file(LOG_TYPE_IRCD, 0, logFileName); init_netio(); /* This needs to be setup early ! -- adrian */ /* Check if there is pidfile and daemon already running */ check_pidfile(pidFileName); mp_pool_init(); init_dlink_nodes(); init_isupport(); dbuf_init(); hash_init(); ipcache_init(); client_init(); class_init(); whowas_init(); watch_init(); auth_init(); /* Initialise the auth code */ init_resolver(); /* Needs to be setup before the io loop */ modules_init(); read_conf_files(1); /* cold start init conf files */ init_uid(); initialize_server_capabs(); /* Set up default_server_capabs */ initialize_global_set_options(); /* Has to be called after read_conf_files() */ channel_init(); read_links_file(); motd_init(); user_usermodes_init(); #ifdef HAVE_LIBGEOIP geoip_ctx = GeoIP_new(GEOIP_MEMORY_CACHE); #endif if (EmptyString(ConfigServerInfo.sid)) { ilog(LOG_TYPE_IRCD, "ERROR: No server id specified in serverinfo block."); exit(EXIT_FAILURE); } strlcpy(me.id, ConfigServerInfo.sid, sizeof(me.id)); if (EmptyString(ConfigServerInfo.name)) { ilog(LOG_TYPE_IRCD, "ERROR: No server name specified in serverinfo block."); exit(EXIT_FAILURE); } strlcpy(me.name, ConfigServerInfo.name, sizeof(me.name)); /* serverinfo{} description must exist. If not, error out.*/ if (EmptyString(ConfigServerInfo.description)) { ilog(LOG_TYPE_IRCD, "ERROR: No server description specified in serverinfo block."); exit(EXIT_FAILURE); } strlcpy(me.info, ConfigServerInfo.description, sizeof(me.info)); me.from = &me; me.servptr = &me; me.connection->lasttime = CurrentTime; me.connection->since = CurrentTime; me.connection->firsttime = CurrentTime; SetMe(&me); make_server(&me); hash_add_id(&me); hash_add_client(&me); dlinkAdd(&me, make_dlink_node(), &global_server_list); load_kline_database(); load_dline_database(); load_gline_database(); load_xline_database(); load_resv_database(); load_all_modules(1); load_conf_modules(); load_core_modules(1); write_pidfile(pidFileName); ilog(LOG_TYPE_IRCD, "Server Ready"); event_addish(&event_cleanup_glines, NULL); event_addish(&event_cleanup_tklines, NULL); /* We want try_connections to be called as soon as possible now! -- adrian */ /* No, 'cause after a restart it would cause all sorts of nick collides */ event_addish(&event_try_connections, NULL); /* Setup the timeout check. I'll shift it later :) -- adrian */ event_add(&event_comm_checktimeouts, NULL); event_addish(&event_save_all_databases, NULL); if (ConfigServerHide.links_delay > 0) { event_write_links_file.when = ConfigServerHide.links_delay; event_addish(&event_write_links_file, NULL); } else ConfigServerHide.links_disabled = 1; if (splitmode) event_addish(&splitmode_event, NULL); io_loop(); return 0; }
int main (int argc, char *argv[]) { auth_t *a = NULL; err_status_t status; int i; int c; unsigned do_timing_test = 0; unsigned do_validation = 0; /* process input arguments */ while (1) { c = getopt(argc, argv, "tv"); if (c == -1) break; switch (c) { case 't': do_timing_test = 1; break; case 'v': do_validation = 1; break; default: usage(argv[0]); } } printf("auth driver\nDavid A. McGrew\nCisco Systems, Inc.\n"); if (!do_validation && !do_timing_test) usage(argv[0]); if (do_validation) { printf("running self-test for %s...", tmmhv2.description); status = tmmhv2_add_big_test(); if (status) { printf("tmmhv2_add_big_test failed with error code %d\n", status); exit(status); } status = auth_type_self_test(&tmmhv2); if (status) { printf("failed with error code %d\n", status); exit(status); } printf("passed\n"); } if (do_timing_test) { /* tmmhv2 timing test */ status = auth_type_alloc(&tmmhv2, &a, 94, 4); if (status) { fprintf(stderr, "can't allocate tmmhv2\n"); exit(status); } status = auth_init(a, (uint8_t *)key1); if (status) { printf("error initializaing auth function\n"); exit(status); } printf("timing %s (tag length %d)\n", tmmhv2.description, auth_get_tag_length(a)); for (i=8; i <= MAX_MSG_LEN; i *= 2) printf("msg len: %d\tgigabits per second: %f\n", i, auth_bits_per_second(a, i) / 1E9); status = auth_dealloc(a); if (status) { printf("error deallocating auth function\n"); exit(status); } } return 0; }