char *filename(char *user, char *domain, char *directory, char *sizo) { char right[BUFF_SIZE]; char left[20]; char middle[BUFF_SIZE]; struct timeval tv; char *p = NULL; int i = 1; #if HAVE_VPOPMAIL struct vqpasswd *vret; struct stat buf; #endif long int timo = time(NULL); if (timo == -1) return NULL; /* Left */ sprintf(left, "%ld", timo); /* Middle */ middle[0] = 'M'; if (gettimeofday(&tv, NULL) == -1) return NULL; i += sprintf(middle+1, "%ld", tv.tv_usec); middle[i++] = 'P'; i += sprintf(middle+i, "%d", getpid()); #if HAVE_VPOPMAIL middle[i++] = 'V'; if ((vret = vauth_getpw(user, domain)) == NULL) return NULL; p = calloc(strlen(vret->pw_dir) + 13 + strlen(directory) + 3, sizeof(char)); if (vret->pw_dir == NULL) return NULL; sprintf(p, "%s/Maildir/%s/new", vret->pw_dir, directory); if (stat(p, &buf) == -1) return NULL; i += sprintf(middle+i, "%.16X", (unsigned int)buf.st_dev); middle[i++] = 'I'; i += sprintf(middle+i, "%.16X_0", (unsigned int)buf.st_ino); #endif /* Right */ if (gethostname((char *)&right, BUFF_SIZE) == -1) return NULL; check_hostname((char *)&right); sprintf(right, "%s,S=%s", right, sizo); p = realloc(p, strlen(p)+strlen(left)+strlen(middle)+strlen(right)); sprintf(p, "%s/%s.%s.%s", p, left, middle, right); return p; }
void decrypt_file(FILE* enc_file, FILE* raw_file, unsigned char* key) { int size = file_size(enc_file); char* enc_buf = calloc(1, size); fread(enc_buf, 1, size, enc_file); if(decrypt_buffer(enc_buf, size, (char*)key, 16) != 0) { printf("There was an error decrypting the file!\n"); return; } char* raw_buf = enc_buf; file_header* header = (file_header*) raw_buf; if(header->magic_number != MAGIC) { printf("Invalid password!\n"); return; } if(!check_hostname(header)) { printf("[#] Warning: File not encrypted by current machine.\n"); } printf("=> Decrypted file successfully\n"); int write_size = MIN(header->file_size, size - sizeof(file_header)); fwrite(raw_buf+sizeof(file_header), 1, write_size, raw_file); free(enc_buf); }
static gfarm_error_t check_hostaliases(int nhostaliases, char **hostaliases) { int i; for (i = 0; i < nhostaliases; i++) { if (check_hostname(hostaliases[i]) != GFARM_ERR_NO_ERROR) return (APP_ERR_HOSTALIAS_IS_ALREADY_REGISERED); } return (GFARM_ERR_NO_ERROR); }
int main(int argc, char *argv[]) { int interval; char *command; struct in_addr *ips; FILE *pidfd; if (argc < 5) usage(); interval = atoi(argv[2]); if (interval < 1) { fprintf(stderr, "Invalid interval %d\n", interval); exit(3); } command = argv[3]; ips = calloc(argc - 4, sizeof(struct in_addr)); if (ips == NULL) { fprintf(stderr, "calloc failed\n"); exit(2); } /* go into background */ if (daemon(0, 0) == -1) exit(1); /* write PID to file */ pidfd = fopen(argv[1], "w"); if (pidfd) { fprintf(pidfd, "%d\n", getpid()); fclose(pidfd); } while (1) { int i; int changes = 0; for (i = 4; i < argc; i++) changes += check_hostname(argv[i], &ips[i-4]); if (changes > 0) system(command); sleep(interval); } return 0; }
/* Loop through all the common name entries until we find a match or * an error occurs. */ int check_subject_cn(X509 *cert, const char *manager) { X509_NAME *name = NULL; int result = VERIFY_FALSE; int i = 0; if ((name = X509_get_subject_name(cert))) { while ((i = X509_NAME_get_index_by_NID(name, NID_commonName, i)) >= 0 && result == VERIFY_FALSE) { X509_NAME_ENTRY *ne = X509_NAME_get_entry(name, i); result = check_hostname(X509_NAME_ENTRY_get_data(ne), manager); } } return result; }
gfarm_error_t add_host(char *hostname, int port, char **hostaliases, char *architecture, int ncpu, int flags) { int nhostaliases = gfarm_strarray_length(hostaliases); gfarm_error_t e; e = check_hostname(hostname); if (e != GFARM_ERR_NO_ERROR) return (e); e = check_hostaliases(nhostaliases, hostaliases); if (e != GFARM_ERR_NO_ERROR) return (e); return (update_host(hostname, port, nhostaliases, hostaliases, architecture, ncpu, flags, gfm_client_host_info_set)); }
/* Loop through all the subject_alt_name entries until we find a match or * an error occurs. Only entries containing a normal domain name or IP * address are considered. */ int check_subject_alt_names(X509 *cert, const char *manager) { GENERAL_NAMES *names = NULL; int result = VERIFY_FALSE; int i = 0; if ((names = (GENERAL_NAMES *) X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL))) { for (i = 0; i < sk_GENERAL_NAME_num(names) && result == VERIFY_FALSE; i++) { GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i); if (name->type == GEN_DNS) { result = check_hostname(name->d.dNSName, manager); } else if (name->type == GEN_IPADD) { result = check_ipaddr(name->d.iPAddress, manager); } } GENERAL_NAMES_free(names); } return result; }
/****************************************************************************** * NETCON_secure_connect * Initiates a secure connection over an existing plaintext connection. */ BOOL NETCON_secure_connect(WININET_NETCONNECTION *connection, LPCWSTR hostname) { #ifdef SONAME_LIBSSL long verify_res; X509 *cert; int len; char *hostname_unix; /* can't connect if we are already connected */ if (connection->useSSL) { ERR("already connected\n"); return FALSE; } ctx = pSSL_CTX_new(meth); if (!pSSL_CTX_set_default_verify_paths(ctx)) { ERR("SSL_CTX_set_default_verify_paths failed: %s\n", pERR_error_string(pERR_get_error(), 0)); INTERNET_SetLastError(ERROR_OUTOFMEMORY); return FALSE; } connection->ssl_s = pSSL_new(ctx); if (!connection->ssl_s) { ERR("SSL_new failed: %s\n", pERR_error_string(pERR_get_error(), 0)); INTERNET_SetLastError(ERROR_OUTOFMEMORY); goto fail; } if (!pSSL_set_fd(connection->ssl_s, connection->socketFD)) { ERR("SSL_set_fd failed: %s\n", pERR_error_string(pERR_get_error(), 0)); INTERNET_SetLastError(ERROR_INTERNET_SECURITY_CHANNEL_ERROR); goto fail; } if (pSSL_connect(connection->ssl_s) <= 0) { ERR("SSL_connect failed: %s\n", pERR_error_string(pERR_get_error(), 0)); INTERNET_SetLastError(ERROR_INTERNET_SECURITY_CHANNEL_ERROR); goto fail; } cert = pSSL_get_peer_certificate(connection->ssl_s); if (!cert) { ERR("no certificate for server %s\n", debugstr_w(hostname)); /* FIXME: is this the best error? */ INTERNET_SetLastError(ERROR_INTERNET_INVALID_CA); goto fail; } verify_res = pSSL_get_verify_result(connection->ssl_s); if (verify_res != X509_V_OK) { ERR("couldn't verify the security of the connection, %ld\n", verify_res); /* FIXME: we should set an error and return, but we only warn at * the moment */ } len = WideCharToMultiByte(CP_UNIXCP, 0, hostname, -1, NULL, 0, NULL, NULL); hostname_unix = HeapAlloc(GetProcessHeap(), 0, len); if (!hostname_unix) { INTERNET_SetLastError(ERROR_OUTOFMEMORY); goto fail; } WideCharToMultiByte(CP_UNIXCP, 0, hostname, -1, hostname_unix, len, NULL, NULL); if (!check_hostname(cert, hostname_unix)) { HeapFree(GetProcessHeap(), 0, hostname_unix); INTERNET_SetLastError(ERROR_INTERNET_SEC_CERT_CN_INVALID); goto fail; } HeapFree(GetProcessHeap(), 0, hostname_unix); connection->useSSL = TRUE; return TRUE; fail: if (connection->ssl_s) { pSSL_shutdown(connection->ssl_s); pSSL_free(connection->ssl_s); connection->ssl_s = NULL; } #endif return FALSE; }
int tds_ssl_init(TDSSOCKET *tds) { #define OPENSSL_CIPHERS \ "DHE-RSA-AES256-SHA DHE-DSS-AES256-SHA " \ "AES256-SHA EDH-RSA-DES-CBC3-SHA " \ "EDH-DSS-DES-CBC3-SHA DES-CBC3-SHA " \ "DES-CBC3-MD5 DHE-RSA-AES128-SHA " \ "DHE-DSS-AES128-SHA AES128-SHA RC2-CBC-MD5 RC4-SHA RC4-MD5" SSL *con; SSL_CTX *ctx; BIO *b, *b2; int ret; const char *tls_msg; con = NULL; b = NULL; b2 = NULL; ret = 1; tds_check_wildcard_test(); tds_ssl_deinit(tds->conn); tls_msg = "initializing tls"; ctx = tds_init_openssl(); if (!ctx) goto cleanup; if (!tds_dstr_isempty(&tds->login->cafile)) { tls_msg = "loading CA file"; if (strcasecmp(tds_dstr_cstr(&tds->login->cafile), "system") == 0) ret = SSL_CTX_set_default_verify_paths(ctx); else ret = SSL_CTX_load_verify_locations(ctx, tds_dstr_cstr(&tds->login->cafile), NULL); if (ret != 1) goto cleanup; if (!tds_dstr_isempty(&tds->login->crlfile)) { X509_STORE *store = SSL_CTX_get_cert_store(ctx); X509_LOOKUP *lookup; tls_msg = "loading CRL file"; if (!(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())) || (!X509_load_crl_file(lookup, tds_dstr_cstr(&tds->login->crlfile), X509_FILETYPE_PEM))) goto cleanup; X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); } SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); } /* Initialize TLS session */ tls_msg = "initializing session"; con = SSL_new(ctx); if (!con) goto cleanup; tls_msg = "creating bio"; b = BIO_new(&tds_method_login); if (!b) goto cleanup; b2 = BIO_new(&tds_method); if (!b2) goto cleanup; b->shutdown=1; b->init=1; b->num= -1; b->ptr = tds; BIO_set_conn_hostname(b, tds_dstr_cstr(&tds->login->server_host_name)); SSL_set_bio(con, b, b); b = NULL; /* use priorities... */ SSL_set_cipher_list(con, OPENSSL_CIPHERS); #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS /* this disable a security improvement but allow connection... */ SSL_set_options(con, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); #endif /* Perform the TLS handshake */ tls_msg = "handshake"; SSL_set_connect_state(con); ret = SSL_connect(con) != 1 || con->state != SSL_ST_OK; if (ret != 0) goto cleanup; /* check certificate hostname */ if (!tds_dstr_isempty(&tds->login->cafile) && tds->login->check_ssl_hostname) { X509 *cert; cert = SSL_get_peer_certificate(con); tls_msg = "checking hostname"; if (!cert || !check_hostname(cert, tds_dstr_cstr(&tds->login->server_host_name))) goto cleanup; } tdsdump_log(TDS_DBG_INFO1, "handshake succeeded!!\n"); b2->shutdown = 1; b2->init = 1; b2->num = -1; b2->ptr = tds->conn; SSL_set_bio(con, b2, b2); tds->conn->tls_session = con; tds->conn->tls_ctx = ctx; return TDS_SUCCESS; cleanup: if (b2) BIO_free(b2); if (b) BIO_free(b); if (con) { SSL_shutdown(con); SSL_free(con); } SSL_CTX_free(ctx); tdsdump_log(TDS_DBG_ERROR, "%s failed\n", tls_msg); return TDS_FAIL; }