void test_ReadHexKeys() {
struct key* keys = NULL;
TEST_ASSERT_EQUAL(3, auth_init(CreatePath("key-test-hex", INPUT_DIR), &keys));
TEST_ASSERT_TRUE(keys != NULL);
struct key* result = NULL;
get_key(10, &result);
TEST_ASSERT_TRUE(result != NULL);
TEST_ASSERT_TRUE(CompareKeysAlternative(10, 13, "MD5",
"\x01\x23\x45\x67\x89\xab\xcd\xef\x01\x23\x45\x67\x89", *result));
result = NULL;
get_key(20, &result);
TEST_ASSERT_TRUE(result != NULL);
char data1[15]; memset(data1, 0x11, 15);
TEST_ASSERT_TRUE(CompareKeysAlternative(20, 15, "MD5", data1, *result));
result = NULL;
get_key(30, &result);
TEST_ASSERT_TRUE(result != NULL);
char data2[13]; memset(data2, 0x01, 13);
TEST_ASSERT_TRUE(CompareKeysAlternative(30, 13, "MD5", data2, *result));
}
TEST(keyFile, ReadHexKeys) {
const char* path;
struct key* keys = NULL;
struct key* result = NULL;
char data[15];
path = CreatePath("key-test-hex", INPUT_DIR);
TEST_ASSERT_EQUAL(3, auth_init(path, &keys));
free((void*) path);
TEST_ASSERT_TRUE(keys != NULL);
get_key(10, &result);
TEST_ASSERT_TRUE(result != NULL);
TEST_ASSERT_TRUE(CompareKey(10, 13, "MD5",
"\x01\x23\x45\x67\x89\xab\xcd\xef\x01\x23\x45\x67\x89", result));
result = NULL;
get_key(20, &result);
TEST_ASSERT_TRUE(result != NULL);
memset(data, 0x11, 15);
TEST_ASSERT_TRUE(CompareKey(20, 15, "MD5", data, result));
result = NULL;
get_key(30, &result);
TEST_ASSERT_TRUE(result != NULL);
memset(data, 0x01, 13);
TEST_ASSERT_TRUE(CompareKey(30, 13, "MD5", data, result));
}
void test_ReadEmptyKeyFile() {
struct key* keys = NULL;
TEST_ASSERT_EQUAL(0, auth_init(CreatePath("key-test-empty", INPUT_DIR), &keys));
TEST_ASSERT_TRUE(keys == NULL);
}
TEST(keyFile, ReadEmptyKeyFile) {
const char* path;
struct key* keys = NULL;
path = CreatePath("key-test-empty", INPUT_DIR);
TEST_ASSERT_EQUAL(0, auth_init(path, &keys));
free((void*) path);
TEST_ASSERT_TRUE(keys == NULL);
}
OT_WEAK void dll_init(void) {
/// Initialize Radio
radio_init();
/// Initialize all upper-layer elements of the protocol stack
network_init();
m2qp_init();
auth_init();
/// Load the Network settings from ISF 0 to the dll.netconf buffer, reset
/// the session, and send system to idle.
dll_refresh();
}
TEST(keyFile, ReadASCIIKeys) {
const char* path;
struct key* keys = NULL;
struct key* result = NULL;
path = CreatePath("key-test-ascii", INPUT_DIR);
TEST_ASSERT_EQUAL(2, auth_init(path, &keys));
free((void*) path);
TEST_ASSERT_TRUE(keys != NULL);
get_key(40, &result);
TEST_ASSERT_TRUE(result != NULL);
TEST_ASSERT_TRUE(CompareKey(40, 11, "MD5", "asciikeyTwo", result));
result = NULL;
get_key(50, &result);
TEST_ASSERT_TRUE(result != NULL);
TEST_ASSERT_TRUE(CompareKey(50, 11, "MD5", "asciikeyOne", result));
}
void
auth_encrypt_init(const char *local, const char *remote, const char *name,
int server)
{
RemoteHostName = remote;
LocalHostName = local;
#ifdef AUTHENTICATION
auth_init(name, server);
#endif
#ifdef ENCRYPTION
encrypt_init(name, server);
#endif
if (UserNameRequested) {
free(UserNameRequested);
UserNameRequested = 0;
}
}
void test_ReadASCIIKeys() {
struct key* keys = NULL;
TEST_ASSERT_EQUAL(2, auth_init(CreatePath("key-test-ascii", INPUT_DIR), &keys));
TEST_ASSERT_TRUE(keys != NULL);
struct key* result = NULL;
get_key(40, &result);
TEST_ASSERT_TRUE(result != NULL);
TEST_ASSERT_TRUE(CompareKeysAlternative(40, 11, "MD5", "asciikeyTwo", *result));
result = NULL;
get_key(50, &result);
TEST_ASSERT_TRUE(result != NULL);
TEST_ASSERT_TRUE(CompareKeysAlternative(50, 11, "MD5", "asciikeyOne", *result));
}
void test_ReadKeyFileWithInvalidHex() {
struct key* keys = NULL;
TEST_ASSERT_EQUAL(1, auth_init(CreatePath("key-test-invalid-hex", INPUT_DIR), &keys));
TEST_ASSERT_TRUE(keys != NULL);
struct key* result = NULL;
get_key(10, &result);
TEST_ASSERT_TRUE(result != NULL);
char data[15]; memset(data, 0x01, 15);
TEST_ASSERT_TRUE(CompareKeysAlternative(10, 15, "MD5", data, *result));
result = NULL;
get_key(30, &result); // Should not exist, and result should remain NULL.
TEST_ASSERT_TRUE(result == NULL);
}
void test_ReadKeyFileWithComments() {
struct key* keys = NULL;
TEST_ASSERT_EQUAL(2, auth_init(CreatePath("key-test-comments", INPUT_DIR), &keys));
TEST_ASSERT_TRUE(keys != NULL);
struct key* result = NULL;
get_key(10, &result);
TEST_ASSERT_TRUE(result != NULL);
char data[15]; memset(data, 0x01, 15);
TEST_ASSERT_TRUE(CompareKeysAlternative(10, 15, "MD5", data, *result));
result = NULL;
get_key(34, &result);
TEST_ASSERT_TRUE(result != NULL);
TEST_ASSERT_TRUE(CompareKeysAlternative(34, 3, "MD5", "xyz", *result));
}
void
auth_encrypt_init (char *local, char *remote, char *principal,
char *name, int server)
{
RemoteHostName = remote;
LocalHostName = local;
ServerPrincipal = principal;
(void) name;
(void) server; /* silence gcc */
#if defined AUTHENTICATION
auth_init (name, server);
#endif
#ifdef ENCRYPTION
encrypt_init (name, server);
#endif /* ENCRYPTION */
free (UserNameRequested);
UserNameRequested = NULL;
}
int main()
{
map_init();
auth_init();
printf("%d\n",get_uid_by_name("zwz"));
printf("%d\n",get_uid_by_name("zwzmzd"));
printf("%d\n",get_uid_by_name("nishi"));
printf("%d\n",auth_user("zwz","aaa"));
printf("%d\n",auth_user("iii","aaa"));
printf("%d\n",auth_user("zwz","mzd"));
auth_permission("/pro",1);
auth_permission("/",1);
auth_permission("/a/a/a/a/a",1);
printf("%x\n",auth_permission("/pp",1));
return 0;
}
int main(int argc, char *argv[])
{
struct wpa wpa;
if (os_program_init())
return -1;
os_memset(&wpa, 0, sizeof(wpa));
os_memset(wpa.auth_addr, 0x12, ETH_ALEN);
os_memset(wpa.supp_addr, 0x32, ETH_ALEN);
os_memset(wpa.psk, 0x44, PMK_LEN);
wpa_debug_level = 0;
wpa_debug_show_keys = 1;
if (eloop_init()) {
wpa_printf(MSG_ERROR, "Failed to initialize event loop");
return -1;
}
if (auth_init_group(&wpa) < 0)
return -1;
if (supp_init(&wpa) < 0)
return -1;
if (auth_init(&wpa) < 0)
return -1;
wpa_printf(MSG_DEBUG, "Starting eloop");
eloop_run();
wpa_printf(MSG_DEBUG, "eloop done");
deinit(&wpa);
eloop_destroy();
os_program_deinit();
return 0;
}
TEST(keyFile, ReadKeyFileWithInvalidHex) {
const char* path;
struct key* keys = NULL;
struct key* result = NULL;
char data[15];
path = CreatePath("key-test-invalid-hex", INPUT_DIR);
TEST_ASSERT_EQUAL(1, auth_init(path, &keys));
free((void*) path);
TEST_ASSERT_TRUE(keys != NULL);
get_key(10, &result);
TEST_ASSERT_TRUE(result != NULL);
memset(data, 0x01, 15);
TEST_ASSERT_TRUE(CompareKey(10, 15, "MD5", data, result));
result = NULL;
get_key(30, &result); /* Should not exist, and result should remain NULL. */
TEST_ASSERT_TRUE(result == NULL);
}
TEST(keyFile, ReadKeyFileWithComments) {
const char* path;
struct key* keys = NULL;
struct key* result = NULL;
char data[15];
path = CreatePath("key-test-comments", INPUT_DIR);
TEST_ASSERT_EQUAL(2, auth_init(path, &keys));
free((void*) path);
TEST_ASSERT_TRUE(keys != NULL);
get_key(10, &result);
TEST_ASSERT_TRUE(result != NULL);
memset(data, 0x01, 15);
TEST_ASSERT_TRUE(CompareKey(10, 15, "MD5", data, result));
result = NULL;
get_key(34, &result);
TEST_ASSERT_TRUE(result != NULL);
TEST_ASSERT_TRUE(CompareKey(34, 3, "MD5", "xyz", result));
}
void http_init(void)
{
httpRequest = malloc(HTTP_DATA_MAX_LEN);
listen_fd = 0;
auth_init(userName, usrPassword);
}
int context_init(SERVICE_OPTIONS *section) { /* init SSL context */
/* create SSL context */
if(section->option.client)
section->ctx=SSL_CTX_new(section->client_method);
else /* server mode */
section->ctx=SSL_CTX_new(section->server_method);
if(!section->ctx) {
sslerror("SSL_CTX_new");
return 1; /* FAILED */
}
SSL_CTX_set_ex_data(section->ctx, index_opt, section); /* for callbacks */
/* load certificate and private key to be verified by the peer server */
#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_VERSION_NUMBER>=0x0090809fL
/* SSL_CTX_set_client_cert_engine() was introduced in OpenSSL 0.9.8i */
if(section->option.client && section->engine) {
if(SSL_CTX_set_client_cert_engine(section->ctx, section->engine))
s_log(LOG_INFO, "Client certificate engine (%s) enabled",
ENGINE_get_id(section->engine));
else /* no client certificate functionality in this engine */
sslerror("SSL_CTX_set_client_cert_engine"); /* ignore error */
}
#endif
if(auth_init(section))
return 1; /* FAILED */
/* initialize verification of the peer server certificate */
if(verify_init(section))
return 1; /* FAILED */
/* initialize DH/ECDH server mode */
if(!section->option.client) {
#ifndef OPENSSL_NO_TLSEXT
SSL_CTX_set_tlsext_servername_arg(section->ctx, section);
SSL_CTX_set_tlsext_servername_callback(section->ctx, servername_cb);
#endif /* OPENSSL_NO_TLSEXT */
#ifndef OPENSSL_NO_DH
dh_init(section); /* ignore the result (errors are not critical) */
#endif /* OPENSSL_NO_DH */
#ifndef OPENSSL_NO_ECDH
ecdh_init(section); /* ignore the result (errors are not critical) */
#endif /* OPENSSL_NO_ECDH */
}
/* setup session cache */
if(!section->option.client) {
unsigned servname_len=(unsigned)strlen(section->servname);
if(servname_len>SSL_MAX_SSL_SESSION_ID_LENGTH)
servname_len=SSL_MAX_SSL_SESSION_ID_LENGTH;
if(!SSL_CTX_set_session_id_context(section->ctx,
(unsigned char *)section->servname, servname_len)) {
sslerror("SSL_CTX_set_session_id_context");
return 1; /* FAILED */
}
}
#ifdef SSL_SESS_CACHE_NO_INTERNAL_STORE
/* the default cache mode is just SSL_SESS_CACHE_SERVER */
SSL_CTX_set_session_cache_mode(section->ctx,
SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL_STORE);
#endif
SSL_CTX_sess_set_cache_size(section->ctx, section->session_size);
SSL_CTX_set_timeout(section->ctx, section->session_timeout);
SSL_CTX_sess_set_new_cb(section->ctx, sess_new_cb);
SSL_CTX_sess_set_get_cb(section->ctx, sess_get_cb);
SSL_CTX_sess_set_remove_cb(section->ctx, sess_remove_cb);
/* set info callback */
SSL_CTX_set_info_callback(section->ctx, info_callback);
/* ciphers, options, mode */
if(section->cipher_list)
if(!SSL_CTX_set_cipher_list(section->ctx, section->cipher_list)) {
sslerror("SSL_CTX_set_cipher_list");
return 1; /* FAILED */
}
SSL_CTX_set_options(section->ctx,
(SSL_OPTIONS_TYPE)(section->ssl_options_set));
#if OPENSSL_VERSION_NUMBER>=0x009080dfL
SSL_CTX_clear_options(section->ctx,
(SSL_OPTIONS_TYPE)(section->ssl_options_clear));
s_log(LOG_DEBUG, "SSL options: 0x%08lX (+0x%08lX, -0x%08lX)",
SSL_CTX_get_options(section->ctx),
section->ssl_options_set, section->ssl_options_clear);
#else /* OpenSSL older than 0.9.8m */
s_log(LOG_DEBUG, "SSL options: 0x%08lX (+0x%08lX)",
SSL_CTX_get_options(section->ctx),
section->ssl_options_set);
#endif /* OpenSSL 0.9.8m or later */
/* initialize OpenSSL CONF options */
if(conf_init(section))
return 1; /* FAILED */
#ifdef SSL_MODE_RELEASE_BUFFERS
SSL_CTX_set_mode(section->ctx,
SSL_MODE_ENABLE_PARTIAL_WRITE |
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
SSL_MODE_RELEASE_BUFFERS);
#else
SSL_CTX_set_mode(section->ctx,
SSL_MODE_ENABLE_PARTIAL_WRITE |
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
#endif
return 0; /* OK */
}
err_status_t
auth_type_self_test(const auth_type_t *at) {
auth_test_case_t *test_case = at->test_data;
auth_t *a;
err_status_t status;
uint8_t tag[SELF_TEST_TAG_BUF_OCTETS];
int i, case_num = 0;
debug_print(mod_auth, "running self-test for auth function %s",
at->description);
/*
* check to make sure that we have at least one test case, and
* return an error if we don't - we need to be paranoid here
*/
if (test_case == NULL)
return err_status_cant_check;
/* loop over all test cases */
while (test_case != NULL) {
/* check test case parameters */
if (test_case->tag_length_octets > SELF_TEST_TAG_BUF_OCTETS)
return err_status_bad_param;
/* allocate auth */
status = auth_type_alloc(at, &a, test_case->key_length_octets,
test_case->tag_length_octets);
if (status)
return status;
/* initialize auth */
status = auth_init(a, test_case->key);
if (status) {
auth_dealloc(a);
return status;
}
/* zeroize tag then compute */
octet_string_set_to_zero(tag, test_case->tag_length_octets);
status = auth_compute(a, test_case->data,
test_case->data_length_octets, tag);
if (status) {
auth_dealloc(a);
return status;
}
debug_print(mod_auth, "key: %s",
octet_string_hex_string(test_case->key,
test_case->key_length_octets));
debug_print(mod_auth, "data: %s",
octet_string_hex_string(test_case->data,
test_case->data_length_octets));
debug_print(mod_auth, "tag computed: %s",
octet_string_hex_string(tag, test_case->tag_length_octets));
debug_print(mod_auth, "tag expected: %s",
octet_string_hex_string(test_case->tag,
test_case->tag_length_octets));
/* check the result */
status = err_status_ok;
for (i=0; i < test_case->tag_length_octets; i++)
if (tag[i] != test_case->tag[i]) {
status = err_status_algo_fail;
debug_print(mod_auth, "test case %d failed", case_num);
debug_print(mod_auth, " (mismatch at octet %d)", i);
}
if (status) {
auth_dealloc(a);
return err_status_algo_fail;
}
/* deallocate the auth function */
status = auth_dealloc(a);
if (status)
return status;
/*
* the auth function passed the test case, so move on to the next test
* case in the list; if NULL, we'll quit and return an OK
*/
test_case = test_case->next_test_case;
++case_num;
}
return err_status_ok;
}
int
main(int argc, char **argv)
{
char *export_file = _PATH_EXPORTS;
char *state_dir = NFS_STATEDIR;
int foreground = 0;
int port = 0;
int descriptors = 0;
int c;
struct sigaction sa;
struct rlimit rlim;
/* Parse the command line options and arguments. */
opterr = 0;
while ((c = getopt_long(argc, argv, "o:nFd:f:p:P:hH:N:V:vrs:t:g", longopts, NULL)) != EOF)
switch (c) {
case 'g':
manage_gids = 1;
break;
case 'o':
descriptors = atoi(optarg);
if (descriptors <= 0) {
fprintf(stderr, "%s: bad descriptors: %s\n",
argv [0], optarg);
usage(argv [0], 1);
}
break;
case 'F':
foreground = 1;
break;
case 'd':
xlog_sconfig(optarg, 1);
break;
case 'f':
export_file = optarg;
break;
case 'H': /* PRC: specify a high-availability callout program */
ha_callout_prog = optarg;
break;
case 'h':
usage(argv [0], 0);
break;
case 'P': /* XXX for nfs-server compatibility */
case 'p':
port = atoi(optarg);
if (port <= 0 || port > 65535) {
fprintf(stderr, "%s: bad port number: %s\n",
argv [0], optarg);
usage(argv [0], 1);
}
break;
case 'N':
nfs_version &= ~(1 << (atoi (optarg) - 1));
break;
case 'n':
_rpcfdtype = SOCK_DGRAM;
break;
case 'r':
reverse_resolve = 1;
break;
case 's':
if ((state_dir = xstrdup(optarg)) == NULL) {
fprintf(stderr, "%s: xstrdup(%s) failed!\n",
argv[0], optarg);
exit(1);
}
break;
case 't':
num_threads = atoi (optarg);
break;
case 'V':
nfs_version |= 1 << (atoi (optarg) - 1);
break;
case 'v':
printf("kmountd %s\n", VERSION);
exit(0);
case 0:
break;
case '?':
default:
usage(argv [0], 1);
}
/* No more arguments allowed.
* Require at least one valid version (2, 3, or 4)
*/
if (optind != argc || !(nfs_version & 0xE))
usage(argv [0], 1);
if (chdir(state_dir)) {
fprintf(stderr, "%s: chdir(%s) failed: %s\n",
argv [0], state_dir, strerror(errno));
exit(1);
}
if (getrlimit (RLIMIT_NOFILE, &rlim) != 0)
fprintf(stderr, "%s: getrlimit (RLIMIT_NOFILE) failed: %s\n",
argv [0], strerror(errno));
else {
/* glibc sunrpc code dies if getdtablesize > FD_SETSIZE */
if ((descriptors == 0 && rlim.rlim_cur > FD_SETSIZE) ||
descriptors > FD_SETSIZE)
descriptors = FD_SETSIZE;
if (descriptors) {
rlim.rlim_cur = descriptors;
if (setrlimit (RLIMIT_NOFILE, &rlim) != 0) {
fprintf(stderr, "%s: setrlimit (RLIMIT_NOFILE) failed: %s\n",
argv [0], strerror(errno));
exit(1);
}
}
}
/* Initialize logging. */
if (!foreground) xlog_stderr(0);
xlog_open("mountd");
sa.sa_handler = SIG_IGN;
sa.sa_flags = 0;
sigemptyset(&sa.sa_mask);
sigaction(SIGHUP, &sa, NULL);
sigaction(SIGINT, &sa, NULL);
sigaction(SIGTERM, &sa, NULL);
sigaction(SIGPIPE, &sa, NULL);
/* WARNING: the following works on Linux and SysV, but not BSD! */
sigaction(SIGCHLD, &sa, NULL);
/* Daemons should close all extra filehandles ... *before* RPC init. */
if (!foreground)
closeall(3);
new_cache = check_new_cache();
if (new_cache)
cache_open();
if (nfs_version & 0x1)
rpc_init("mountd", MOUNTPROG, MOUNTVERS,
mount_dispatch, port);
if (nfs_version & (0x1 << 1))
rpc_init("mountd", MOUNTPROG, MOUNTVERS_POSIX,
mount_dispatch, port);
if (nfs_version & (0x1 << 2))
rpc_init("mountd", MOUNTPROG, MOUNTVERS_NFSV3,
mount_dispatch, port);
sa.sa_handler = killer;
sigaction(SIGINT, &sa, NULL);
sigaction(SIGTERM, &sa, NULL);
sa.sa_handler = sig_hup;
sigaction(SIGHUP, &sa, NULL);
auth_init(export_file);
if (!foreground) {
/* We first fork off a child. */
if ((c = fork()) > 0)
exit(0);
if (c < 0) {
xlog(L_FATAL, "mountd: cannot fork: %s\n",
strerror(errno));
}
/* Now we remove ourselves from the foreground.
Redirect stdin/stdout/stderr first. */
{
int fd = open("/dev/null", O_RDWR);
(void) dup2(fd, 0);
(void) dup2(fd, 1);
(void) dup2(fd, 2);
if (fd > 2) (void) close(fd);
}
setsid();
}
/* silently bounds check num_threads */
if (foreground)
num_threads = 1;
else if (num_threads < 1)
num_threads = 1;
else if (num_threads > MAX_THREADS)
num_threads = MAX_THREADS;
if (num_threads > 1)
fork_workers();
my_svc_run();
xlog(L_ERROR, "Ack! Gack! svc_run returned!\n");
exit(1);
}
static int set_usb_online(bool on)
{
if (on) {
if (!usb_online) {
/*init */
auth_init();
/* sleep for a second to let things settle down */
sleep(1);
platform_event_unsignal(&tx_shutdown_event);
platform_event_unsignal(&rx_shutdown_event);
usbll_handle = novacom_usbll_create("host", MAX_MTU, 0, 0);
ep1in_fd = open(ep1in_name, O_RDWR);
LOG_PRINTF("ep1 %d\n", ep1in_fd);
if (ep1in_fd < 0) {
log_printf(LOG_ERROR, "error opening endpoint 1\n");
return -1;
}
fcntl(ep1in_fd, F_SETFD, FD_CLOEXEC);
ep2out_fd = open(ep2out_name, O_RDWR);
LOG_PRINTF("ep2 %d\n", ep2out_fd);
if (ep2out_fd < 0) {
log_printf(LOG_ERROR, "error opening endpoint 2\n");
close(ep1in_fd);
return -1;
}
fcntl(ep2out_fd, F_SETFD, FD_CLOEXEC);
usb_online = true;
platform_event_signal(&usb_online_event);
/* create the worker threads */
LOG_PRINTF("starting worker threads\n");
platform_create_thread(NULL, &tx_thread_entry, NULL);
platform_create_thread(NULL, &rx_thread_entry, NULL);
} else if(false == gadgetfs_online) {
/* postponed_offline->online */
platform_event_signal(&usb_online_event);
}
} else {
if (usb_online) {
//change state before sending out signal!
usb_online = false;
platform_event_signal(&usb_online_event);
/* wait for the existing worker threads to go away */
LOG_PRINTF("waiting for worker threads to go away\n");
platform_event_wait(&tx_shutdown_event);
close(ep1in_fd);
LOG_PRINTF("closed tx_thread\n");
platform_event_wait(&rx_shutdown_event);
close(ep2out_fd);
LOG_PRINTF("closed rx_thread\n");
novacom_usbll_destroy(usbll_handle);
LOG_PRINTF("destroyed novacom usbll_handle\n");
/* clear auth */
auth_reset();
}
}
return 0;
}
/*
* The actual main function.
*/
int
sntp_main (
int argc,
char **argv
)
{
register int c;
struct kod_entry *reason = NULL;
int optct;
/* boolean, u_int quiets gcc4 signed overflow warning */
u_int sync_data_suc;
struct addrinfo **bcastaddr = NULL;
struct addrinfo **resh = NULL;
struct addrinfo *ai;
int resc;
int kodc;
int ow_ret;
int bcast = 0;
char *hostname;
optct = optionProcess(&sntpOptions, argc, argv);
argc -= optct;
argv += optct;
/* Initialize logging system */
init_logging();
if (HAVE_OPT(LOGFILE))
open_logfile(OPT_ARG(LOGFILE));
msyslog(LOG_NOTICE, "Started sntp");
/* IPv6 available? */
if (isc_net_probeipv6() != ISC_R_SUCCESS) {
ai_fam_pref = AF_INET;
#ifdef DEBUG
printf("No ipv6 support available, forcing ipv4\n");
#endif
} else {
/* Check for options -4 and -6 */
if (HAVE_OPT(IPV4))
ai_fam_pref = AF_INET;
else if (HAVE_OPT(IPV6))
ai_fam_pref = AF_INET6;
}
/* Parse config file if declared TODO */
/*
* If there's a specified KOD file init KOD system. If not use
* default file. For embedded systems with no writable
* filesystem, -K /dev/null can be used to disable KoD storage.
*/
if (HAVE_OPT(KOD))
kod_init_kod_db(OPT_ARG(KOD));
else
kod_init_kod_db("/var/db/ntp-kod");
if (HAVE_OPT(KEYFILE))
auth_init(OPT_ARG(KEYFILE), &keys);
#ifdef EXERCISE_KOD_DB
add_entry("192.168.169.170", "DENY");
add_entry("192.168.169.171", "DENY");
add_entry("192.168.169.172", "DENY");
add_entry("192.168.169.173", "DENY");
add_entry("192.168.169.174", "DENY");
delete_entry("192.168.169.174", "DENY");
delete_entry("192.168.169.172", "DENY");
delete_entry("192.168.169.170", "DENY");
if ((kodc = search_entry("192.168.169.173", &reason)) == 0)
printf("entry for 192.168.169.173 not found but should have been!\n");
else
free(reason);
#endif
/* Considering employing a variable that prevents functions of doing anything until
* everything is initialized properly
*/
resc = resolve_hosts((void *)argv, argc, &resh, ai_fam_pref);
if (resc < 1) {
printf("Unable to resolve hostname(s)\n");
return -1;
}
bcast = ENABLED_OPT(BROADCAST);
if (bcast) {
const char * myargv[2];
myargv[0] = OPT_ARG(BROADCAST);
myargv[1] = NULL;
bcast = resolve_hosts(myargv, 1, &bcastaddr, ai_fam_pref);
}
/* Select a certain ntp server according to simple criteria? For now
* let's just pay attention to previous KoDs.
*/
sync_data_suc = FALSE;
for (c = 0; c < resc && !sync_data_suc; c++) {
ai = resh[c];
do {
hostname = addrinfo_to_str(ai);
if ((kodc = search_entry(hostname, &reason)) == 0) {
if (is_reachable(ai)) {
ow_ret = on_wire(ai, bcast ? bcastaddr[0] : NULL);
if (0 == ow_ret)
sync_data_suc = TRUE;
}
} else {
printf("%d prior KoD%s for %s, skipping.\n",
kodc, (kodc > 1) ? "s" : "", hostname);
free(reason);
}
free(hostname);
ai = ai->ai_next;
} while (NULL != ai);
freeaddrinfo(resh[c]);
}
free(resh);
if (!sync_data_suc)
return 1;
return 0;
}
/*
* The actual main function.
*/
int
sntp_main (
int argc,
char **argv,
const char *sntpVersion
)
{
int i;
int exitcode;
int optct;
struct event_config * evcfg;
/* Initialize logging system - sets up progname */
sntp_init_logging(argv[0]);
if (!libevent_version_ok())
exit(EX_SOFTWARE);
init_lib();
init_auth();
optct = ntpOptionProcess(&sntpOptions, argc, argv);
argc -= optct;
argv += optct;
debug = OPT_VALUE_SET_DEBUG_LEVEL;
TRACE(2, ("init_lib() done, %s%s\n",
(ipv4_works)
? "ipv4_works "
: "",
(ipv6_works)
? "ipv6_works "
: ""));
ntpver = OPT_VALUE_NTPVERSION;
steplimit = OPT_VALUE_STEPLIMIT / 1e3;
gap.tv_usec = max(0, OPT_VALUE_GAP * 1000);
gap.tv_usec = min(gap.tv_usec, 999999);
if (HAVE_OPT(LOGFILE))
open_logfile(OPT_ARG(LOGFILE));
msyslog(LOG_INFO, "%s", sntpVersion);
if (0 == argc && !HAVE_OPT(BROADCAST) && !HAVE_OPT(CONCURRENT)) {
printf("%s: Must supply at least one of -b hostname, -c hostname, or hostname.\n",
progname);
exit(EX_USAGE);
}
/*
** Eventually, we probably want:
** - separate bcst and ucst timeouts (why?)
** - multiple --timeout values in the commandline
*/
response_timeout = OPT_VALUE_TIMEOUT;
response_tv.tv_sec = response_timeout;
response_tv.tv_usec = 0;
/* IPv6 available? */
if (isc_net_probeipv6() != ISC_R_SUCCESS) {
ai_fam_pref = AF_INET;
TRACE(1, ("No ipv6 support available, forcing ipv4\n"));
} else {
/* Check for options -4 and -6 */
if (HAVE_OPT(IPV4))
ai_fam_pref = AF_INET;
else if (HAVE_OPT(IPV6))
ai_fam_pref = AF_INET6;
}
/* TODO: Parse config file if declared */
/*
** Init the KOD system.
** For embedded systems with no writable filesystem,
** -K /dev/null can be used to disable KoD storage.
*/
kod_init_kod_db(OPT_ARG(KOD), FALSE);
// HMS: Should we use arg-defalt for this too?
if (HAVE_OPT(KEYFILE))
auth_init(OPT_ARG(KEYFILE), &keys);
/*
** Considering employing a variable that prevents functions of doing
** anything until everything is initialized properly
**
** HMS: What exactly does the above mean?
*/
event_set_log_callback(&sntp_libevent_log_cb);
if (debug > 0)
event_enable_debug_mode();
#ifdef WORK_THREAD
evthread_use_pthreads();
/* we use libevent from main thread only, locks should be academic */
if (debug > 0)
evthread_enable_lock_debuging();
#endif
evcfg = event_config_new();
if (NULL == evcfg) {
printf("%s: event_config_new() failed!\n", progname);
return -1;
}
#ifndef HAVE_SOCKETPAIR
event_config_require_features(evcfg, EV_FEATURE_FDS);
#endif
/* all libevent calls are from main thread */
/* event_config_set_flag(evcfg, EVENT_BASE_FLAG_NOLOCK); */
base = event_base_new_with_config(evcfg);
event_config_free(evcfg);
if (NULL == base) {
printf("%s: event_base_new() failed!\n", progname);
return -1;
}
/* wire into intres resolver */
worker_per_query = TRUE;
addremove_io_fd = &sntp_addremove_fd;
open_sockets();
if (HAVE_OPT(BROADCAST)) {
int cn = STACKCT_OPT( BROADCAST );
const char ** cp = STACKLST_OPT( BROADCAST );
while (cn-- > 0) {
handle_lookup(*cp, CTX_BCST);
cp++;
}
}
if (HAVE_OPT(CONCURRENT)) {
int cn = STACKCT_OPT( CONCURRENT );
const char ** cp = STACKLST_OPT( CONCURRENT );
while (cn-- > 0) {
handle_lookup(*cp, CTX_UCST | CTX_CONC);
cp++;
}
}
for (i = 0; i < argc; ++i)
handle_lookup(argv[i], CTX_UCST);
gettimeofday_cached(base, &start_tv);
event_base_dispatch(base);
event_base_free(base);
if (!time_adjusted &&
(ENABLED_OPT(STEP) || ENABLED_OPT(SLEW)))
exitcode = 1;
else
exitcode = 0;
return exitcode;
}
int main( void )
#endif
{
iu8 i, len, b;
/* TODO: On error? */
hal_init();
/* Send ATR */
/* TODO: Possible from EEPROM? */
hal_io_sendByteT0( 0x3B );
#if CONF_WITH_LOGGING==1
log_init();
#endif
resplen = 0;
#if CONF_WITH_TRANSACTIONS==1
/* Commit transactions not yet done. */
/* TODO: On error? */
ta_commit();
#endif /* CONF_WITH_TRANSACTIONS */
/* Initialize FS state in RAM. */
/* TODO: On error? */
fs_init();
#if CONF_WITH_PINAUTH==1
/* Initialize authentication state. */
/* TODO: On error? */
auth_init();
#endif /* CONF_WITH_PINAUTH==1 */
if( !(hal_eeprom_read( &len, ATR_LEN_ADDR, 1 ) && (len<=ATR_MAXLEN)) )
for(;;) {} /* XXX good loop mechanism? what is it anyway */
for( i=1; i<len; i++ ) {
if( !hal_eeprom_read( &b, ATR_ADDR+i, 1 ) ) for(;;) {}
hal_io_sendByteT0( b );
}
/* Command loop */
for(;;) {
for( i=0; i<5; i++ ) {
header[i] = hal_io_recByteT0();
}
#if CONF_WITH_KEYAUTH==1
if( challvalidity ) challvalidity--;
#endif /* CONF_WITH_KEYAUTH==1 */
#if CONF_WITH_TRNG==1
hal_rnd_addEntropy();
#endif /* CONF_WITH_TRNG==1 */
if( (header[0]&0xFC)==CLA_PROP ) {
switch( header[1]&0xFE ) {
#if CONF_WITH_TESTCMDS==1
case INS_WRITE:
cmd_write();
break;
case INS_READ:
cmd_read();
break;
#endif /* CONF_WITH_TESTCMDS==1 */
#if CONF_WITH_FUNNY==1
case INS_LED:
cmd_led();
break;
#endif /* CONF_WITH_FUNNY==1 */
#if CONF_WITH_PINCMDS==1
case INS_CHANGE_PIN:
cmd_changeUnblockPIN();
break;
#endif /* CONF_WITH_PINCMDS==1 */
#if CONF_WITH_CREATECMD==1
case INS_CREATE:
cmd_create();
break;
#endif /* CONF_WITH_CREATECMD==1 */
#if CONF_WITH_DELETECMD==1
case INS_DELETE:
cmd_delete();
break;
#endif /* CONF_WITH_DELETECMD==1 */
#if CONF_WITH_KEYCMDS==1
case INS_EXTERNAL_AUTH:
cmd_extAuth();
break;
#endif /* CONF_WITH_KEYCMDS==1 */
#if CONF_WITH_KEYCMDS==1
case INS_GET_CHALLENGE:
cmd_getChallenge();
break;
#endif /* CONF_WITH_KEYCMDS==1 */
case INS_GET_RESPONSE:
cmd_getResponse();
break;
#if CONF_WITH_KEYCMDS==1
case INS_INTERNAL_AUTH:
cmd_intAuth();
break;
#endif /* CONF_WITH_KEYCMDS==1 */
case INS_READ_BINARY:
cmd_readBinary();
break;
case INS_SELECT:
cmd_select();
break;
#if CONF_WITH_PINCMDS==1
case INS_UNBLOCK_PIN:
cmd_changeUnblockPIN();
break;
#endif /* CONF_WITH_PINCMDS==1 */
case INS_UPDATE_BINARY:
cmd_updateBinary();
break;
#if CONF_WITH_KEYCMDS==1
case INS_VERIFY_KEY:
cmd_verifyKeyPIN();
break;
#endif /* CONF_WITH_KEYCMDS==1 */
#if CONF_WITH_PINCMDS==1
case INS_VERIFY_PIN:
cmd_verifyKeyPIN();
break;
#endif /* CONF_WITH_PINCMDS==1 */
default:
t0_sendWord( SW_WRONG_INS );
}
} else {
t0_sendWord( SW_WRONG_CLA );
}
#if CONF_WITH_TRNG==1
hal_rnd_addEntropy();
#endif
/* Return the SW in sw */
t0_sendSw();
}
}
void wk_authWorker(DS::SocketHandle sockp)
{
AuthServer_Private client;
client.m_crypt = 0;
client.m_sock = sockp;
try {
auth_init(client);
client.m_player.m_playerId = 0;
// Now that we're encrypted, we can add the client to our list
s_authClientMutex.lock();
s_authClients.push_back(&client);
s_authClientMutex.unlock();
// Poll the client socket and the daemon broadcast channel for messages
pollfd fds[2];
fds[0].fd = DS::SockFd(sockp);
fds[0].events = POLLIN;
fds[1].fd = client.m_broadcast.fd();
fds[1].events = POLLIN;
for ( ;; ) {
int result = poll(fds, 2, NET_TIMEOUT * 1000);
DS_PASSERT(result != -1);
if (result == 0 || fds[0].revents & POLLHUP)
throw DS::SockHup();
if (fds[0].revents & POLLIN)
cb_sockRead(client);
if (fds[1].revents & POLLIN)
cb_broadcast(client);
}
} catch (const DS::AssertException& ex) {
fprintf(stderr, "[Auth] Assertion failed at %s:%ld: %s\n",
ex.m_file, ex.m_line, ex.m_cond);
} catch (const DS::PacketSizeOutOfBounds& ex) {
fprintf(stderr, "[Auth] Client packet size too large: Requested %u bytes\n",
ex.requestedSize());
} catch (const DS::SockHup&) {
// Socket closed...
}
Auth_ClientMessage disconMsg;
disconMsg.m_client = &client;
s_authChannel.putMessage(e_AuthDisconnect, reinterpret_cast<void*>(&disconMsg));
client.m_channel.getMessage();
s_authClientMutex.lock();
s_authClients.remove(&client);
s_authClientMutex.unlock();
// Drain the broadcast channel
while (client.m_broadcast.hasMessage()) {
DS::FifoMessage msg = client.m_broadcast.getMessage();
reinterpret_cast<DS::BufferStream*>(msg.m_payload)->unref();
}
DS::CryptStateFree(client.m_crypt);
DS::FreeSock(client.m_sock);
}
int
main(int argc, char *argv[])
{
/* Check to see if the user is running us as root, which is a nono */
if (!geteuid())
{
fprintf(stderr, "ERROR: This server won't run as root/superuser\n");
return -1;
}
/* Setup corefile size immediately after boot -kre */
setup_corefile();
/* Save server boot time right away, so getrusage works correctly */
set_time();
/* It's not random, but it ought to be a little harder to guess */
init_genrand(SystemTime.tv_sec ^ (SystemTime.tv_usec | (getpid() << 20)));
dlinkAdd(&me, &me.node, &global_client_list);
ConfigGeneral.dpath = DPATH;
ConfigGeneral.spath = SPATH;
ConfigGeneral.mpath = MPATH;
ConfigGeneral.configfile = CPATH; /* Server configuration file */
ConfigGeneral.klinefile = KPATH; /* Server kline file */
ConfigGeneral.glinefile = GPATH; /* Server gline file */
ConfigGeneral.xlinefile = XPATH; /* Server xline file */
ConfigGeneral.dlinefile = DLPATH; /* dline file */
ConfigGeneral.resvfile = RESVPATH; /* resv file */
myargv = argv;
umask(077); /* umask 077: u=rwx,g=,o= */
parseargs(&argc, &argv, myopts);
if (printVersion)
{
printf("ircd: version %s(%s)\n", ircd_version, serno);
exit(EXIT_SUCCESS);
}
if (chdir(ConfigGeneral.dpath))
{
perror("chdir");
exit(EXIT_FAILURE);
}
ssl_init();
if (!server_state.foreground)
{
make_daemon();
close_standard_fds(); /* this needs to be before init_netio()! */
}
else
print_startup(getpid());
setup_signals();
/* We need this to initialise the fd array before anything else */
fdlist_init();
log_set_file(LOG_TYPE_IRCD, 0, logFileName);
init_netio(); /* This needs to be setup early ! -- adrian */
/* Check if there is pidfile and daemon already running */
check_pidfile(pidFileName);
mp_pool_init();
init_dlink_nodes();
init_isupport();
dbuf_init();
hash_init();
ipcache_init();
client_init();
class_init();
whowas_init();
watch_init();
auth_init(); /* Initialise the auth code */
init_resolver(); /* Needs to be setup before the io loop */
modules_init();
read_conf_files(1); /* cold start init conf files */
init_uid();
initialize_server_capabs(); /* Set up default_server_capabs */
initialize_global_set_options(); /* Has to be called after read_conf_files() */
channel_init();
read_links_file();
motd_init();
user_usermodes_init();
#ifdef HAVE_LIBGEOIP
geoip_ctx = GeoIP_new(GEOIP_MEMORY_CACHE);
#endif
if (EmptyString(ConfigServerInfo.sid))
{
ilog(LOG_TYPE_IRCD, "ERROR: No server id specified in serverinfo block.");
exit(EXIT_FAILURE);
}
strlcpy(me.id, ConfigServerInfo.sid, sizeof(me.id));
if (EmptyString(ConfigServerInfo.name))
{
ilog(LOG_TYPE_IRCD, "ERROR: No server name specified in serverinfo block.");
exit(EXIT_FAILURE);
}
strlcpy(me.name, ConfigServerInfo.name, sizeof(me.name));
/* serverinfo{} description must exist. If not, error out.*/
if (EmptyString(ConfigServerInfo.description))
{
ilog(LOG_TYPE_IRCD, "ERROR: No server description specified in serverinfo block.");
exit(EXIT_FAILURE);
}
strlcpy(me.info, ConfigServerInfo.description, sizeof(me.info));
me.from = &me;
me.servptr = &me;
me.connection->lasttime = CurrentTime;
me.connection->since = CurrentTime;
me.connection->firsttime = CurrentTime;
SetMe(&me);
make_server(&me);
hash_add_id(&me);
hash_add_client(&me);
dlinkAdd(&me, make_dlink_node(), &global_server_list);
load_kline_database();
load_dline_database();
load_gline_database();
load_xline_database();
load_resv_database();
load_all_modules(1);
load_conf_modules();
load_core_modules(1);
write_pidfile(pidFileName);
ilog(LOG_TYPE_IRCD, "Server Ready");
event_addish(&event_cleanup_glines, NULL);
event_addish(&event_cleanup_tklines, NULL);
/* We want try_connections to be called as soon as possible now! -- adrian */
/* No, 'cause after a restart it would cause all sorts of nick collides */
event_addish(&event_try_connections, NULL);
/* Setup the timeout check. I'll shift it later :) -- adrian */
event_add(&event_comm_checktimeouts, NULL);
event_addish(&event_save_all_databases, NULL);
if (ConfigServerHide.links_delay > 0)
{
event_write_links_file.when = ConfigServerHide.links_delay;
event_addish(&event_write_links_file, NULL);
}
else
ConfigServerHide.links_disabled = 1;
if (splitmode)
event_addish(&splitmode_event, NULL);
io_loop();
return 0;
}
int
main (int argc, char *argv[]) {
auth_t *a = NULL;
err_status_t status;
int i;
int c;
unsigned do_timing_test = 0;
unsigned do_validation = 0;
/* process input arguments */
while (1) {
c = getopt(argc, argv, "tv");
if (c == -1)
break;
switch (c) {
case 't':
do_timing_test = 1;
break;
case 'v':
do_validation = 1;
break;
default:
usage(argv[0]);
}
}
printf("auth driver\nDavid A. McGrew\nCisco Systems, Inc.\n");
if (!do_validation && !do_timing_test)
usage(argv[0]);
if (do_validation) {
printf("running self-test for %s...", tmmhv2.description);
status = tmmhv2_add_big_test();
if (status) {
printf("tmmhv2_add_big_test failed with error code %d\n", status);
exit(status);
}
status = auth_type_self_test(&tmmhv2);
if (status) {
printf("failed with error code %d\n", status);
exit(status);
}
printf("passed\n");
}
if (do_timing_test) {
/* tmmhv2 timing test */
status = auth_type_alloc(&tmmhv2, &a, 94, 4);
if (status) {
fprintf(stderr, "can't allocate tmmhv2\n");
exit(status);
}
status = auth_init(a, (uint8_t *)key1);
if (status) {
printf("error initializaing auth function\n");
exit(status);
}
printf("timing %s (tag length %d)\n",
tmmhv2.description, auth_get_tag_length(a));
for (i=8; i <= MAX_MSG_LEN; i *= 2)
printf("msg len: %d\tgigabits per second: %f\n",
i, auth_bits_per_second(a, i) / 1E9);
status = auth_dealloc(a);
if (status) {
printf("error deallocating auth function\n");
exit(status);
}
}
return 0;
}
