/*
void show(const char *desc, stralloc *s)
{
buffer_puts(buffer_2,desc);
buffer_puthex(buffer_2,s->s,s->len);
buffer_putsflush(buffer_2,"\n");
}
*/
int main(int argc, char * argv[])
{
int r;
const char* pk0;
const char* sk0;
/* Check args */
pk0 = ((argc<2) ? env_get("NACL_PUBLICKEY_FILE") : argv[1]);
sk0 = ((argc<3) ? env_get("NACL_SECRETKEY_FILE") : argv[2]);
if(pk0==0 || sk0==0)
strerr_die1x(100,"crypto-box: usage: crypto-box [ publickeyfile ] [ secretkeyfile ]");
/* Read public key */
if(openreadclose(argv[1],&pk,crypto_box_PUBLICKEYBYTES)<=0)
strerr_die2sys(111,FATAL,"unable to read public key: ");
/* Read secret key */
if(openreadclose(argv[2],&sk,crypto_box_SECRETKEYBYTES)<=0)
strerr_die2sys(111,FATAL,"unable to read secret key: ");
/* Create shared key */
if(crypto_str_box_beforenm(&k,&pk,&sk))
strerr_die2x(111,FATAL,"failed to create shared-key");
/* Decrypt each chunk */
for (;;) {
/* Read nonce */
if((r=netstring_read(buffer_0,&n))!=0)
strerr_die2x(111,FATAL,"failed to read nonce");
if(n.len==0) break;
if(n.len!=crypto_box_NONCEBYTES)
strerr_die2x(111,FATAL,"nonce was incorrect size");
/* Read cipher */
if(netstring_read(buffer_0,&c)!=0)
strerr_die2x(111,FATAL,"failed to read cipher");
/* Decrypt message */
if(crypto_str_box_open_afternm(&m,&c,&n,&k)!=0)
strerr_die2x(111,FATAL,"decryption failed");
/* Write message */
if(buffer_put(buffer_1,m.s,m.len)!=0)
strerr_die2sys(111,FATAL,"failed to output message: ");
}
buffer_flush(buffer_1);
return 0;
}
int ipsvd_check_direntry(stralloc *d, stralloc *m, char *ip,
time_t now, unsigned long t, int *rc) {
int i;
struct stat s;
if (stat(m->s, &s) != -1) {
if (t && (s.st_mode & S_IWUSR) && (now >= s.st_atime))
if ((now -s.st_atime) >= t) {
if (unlink(m->s) == -1)
strerr_warn4(progname, ": warning: unable to unlink: ", m->s, ": ",
&strerr_sys);
return(0);
}
if (! (s.st_mode & S_IXUSR) && ! (s.st_mode & S_IRUSR)) {
*rc =IPSVD_DENY; return(1);
}
if (s.st_mode & S_IXUSR) {
if (openreadclose(m->s, d, 256) <= 0) return(-1);
if (d->len && (d->s[d->len -1] == '\n')) d->len--;
if (! stralloc_0(d)) return(-1);
*rc =IPSVD_EXEC;
return(1);
}
if (s.st_mode & S_IRUSR) {
if (openreadclose(m->s, d, 256) <= 0) return(-1);
if (d->len && (d->s[d->len -1] == '\n')) d->len--;
for (i =0; i < d->len; i++) if (d->s[i] == '\n') d->s[i] =0;
if (! stralloc_0(d)) return(-1);
if ((*rc =ipsvd_instruct(d, m, ip)) == -1) return(-1);
return(1);
}
if (! stralloc_copys(m, "")) return(-1);
if (! stralloc_0(m)) return(-1);
*rc =IPSVD_DEFAULT;
return(1);
}
else if (errno != error_noent) return(-1);
return(0);
}
static int init(char ip[64])
{
int i;
unsigned int j;
int iplen = 0;
char *x;
x = env_get("DNSCACHEIP");
if (x)
while (iplen <= 60) {
if (*x == '.')
++x;
else {
i = ip4_scan(x,ip + iplen);
if (!i) break;
x += i;
iplen += 4;
}
}
if (!iplen) {
i = openreadclose("/etc/resolv.conf",&data,64);
if (i == -1) return -1;
if (i) {
if (!stralloc_append(&data,'\n')) return -1;
i = 0;
for (j = 0;j < data.len;++j)
if (data.s[j] == '\n') {
if (byte_equal("nameserver ",11,data.s + i) || byte_equal("nameserver\t",11,data.s + i)) {
i += 10;
while ((data.s[i] == ' ') || (data.s[i] == '\t'))
++i;
if (iplen <= 60)
if (ip4_scan(data.s + i,ip + iplen)) {
if (byte_equal(ip + iplen,4,"\0\0\0\0"))
byte_copy(ip + iplen,4,"\177\0\0\1");
iplen += 4;
}
}
i = j + 1;
}
}
}
if (!iplen) {
byte_copy(ip,4,"\177\0\0\1");
iplen = 4;
}
byte_zero(ip + iplen,64 - iplen);
return 0;
}
int readme (stralloc *sa)
{
int fddir;
fddir = open_read(".");
if (fddir == -1)
STRERR_SYS(0, readme_err, "unable to switch to current directory: ")
if (chdir(auto_qmail) == -1)
STRERR_SYS3(0, readme_err, "unable to switch to ", auto_qmail, ": ")
if (openreadclose("control/me", sa, 64) != 1)
STRERR_SYS3(0, readme_err, "unable to read ", auto_qmail, "/control/me: ")
sa->len = byte_chr(sa->s, sa->len, '\n');
if (!stralloc_0(sa)) STRERR(0, readme_err, "out of memory")
if (fchdir(fddir) == -1)
STRERR_SYS(0, readme_err, "unable to switch to starting directory: ")
close(fddir);
return 1;
}
void edir(const char *dirname) {
int wdir;
DIR *dir;
direntry *d;
int i;
if ((wdir =open_read(".")) == -1)
fatal("unable to open current working directory");
if (chdir(dirname)) fatal2("unable to switch to directory", dirname);
if (! (dir =opendir("."))) fatal2("unable to open directory", dirname);
for (;;) {
errno =0;
d =readdir(dir);
if (! d) {
if (errno) fatal2("unable to read directory", dirname);
break;
}
if (d->d_name[0] == '.') continue;
if (openreadclose(d->d_name, &sa, 256) == -1) {
if ((errno == error_isdir) && env_dir) {
if (verbose)
strerr_warn6(WARNING, "unable to read ", dirname, "/",
d->d_name, ": ", &strerr_sys);
continue;
}
else
strerr_die6sys(111, FATAL, "unable to read ", dirname, "/",
d->d_name, ": ");
}
if (sa.len) {
sa.len =byte_chr(sa.s, sa.len, '\n');
while (sa.len && (sa.s[sa.len -1] == ' ' || sa.s[sa.len -1] == '\t'))
--sa.len;
for (i =0; i < sa.len; ++i) if (! sa.s[i]) sa.s[i] ='\n';
if (! stralloc_0(&sa)) die_nomem();
if (! pathexec_env(d->d_name, sa.s)) die_nomem();
}
else
if (! pathexec_env(d->d_name, 0)) die_nomem();
}
closedir(dir);
if (fchdir(wdir) == -1) fatal("unable to switch to starting directory");
close(wdir);
}
static int init2(DIR *dir)
{
direntry *d;
const char *fqdn;
static char *q;
static stralloc text;
char servers[64];
int serverslen;
int i;
int j;
for (;;) {
errno = 0;
d = readdir(dir);
if (!d) {
if (errno) return 0;
return 1;
}
if (d->d_name[0] != '.') {
if (openreadclose(d->d_name,&text,32) != 1) return 0;
if (!stralloc_append(&text,"\n")) return 0;
fqdn = d->d_name;
if (str_equal(fqdn,"@")) fqdn = ".";
if (!dns_domain_fromdot(&q,fqdn,str_len(fqdn))) return 0;
serverslen = 0;
j = 0;
for (i = 0;i < text.len;++i)
if (text.s[i] == '\n') {
if (serverslen <= 60)
if (ip4_scan(text.s + j,servers + serverslen))
serverslen += 4;
j = i + 1;
}
byte_zero(servers + serverslen,64 - serverslen);
if (!stralloc_catb(&data,q,dns_domain_length(q))) return 0;
if (!stralloc_catb(&data,servers,64)) return 0;
}
}
}
static int init(stralloc *rules)
{
char host[256];
const char *x;
int i;
int j;
int k;
if (!stralloc_copys(rules,"")) return -1;
x = env_get("DNSREWRITEFILE");
if (!x) x = "/etc/dnsrewrite";
i = openreadclose(x,&data,64);
if (i == -1) return -1;
if (i) {
if (!stralloc_append(&data,"\n")) return -1;
i = 0;
for (j = 0; (unsigned)j < data.len;++j)
if (data.s[j] == '\n') {
if (!stralloc_catb(rules,data.s + i,j - i)) return -1;
while (rules->len) {
if (rules->s[rules->len - 1] != ' ')
if (rules->s[rules->len - 1] != '\t')
if (rules->s[rules->len - 1] != '\r')
break;
--rules->len;
}
if (!stralloc_0(rules)) return -1;
i = j + 1;
}
return 0;
}
x = env_get("LOCALDOMAIN");
if (x) {
if (!stralloc_copys(&data,x)) return -1;
if (!stralloc_append(&data," ")) return -1;
if (!stralloc_copys(rules,"?:")) return -1;
i = 0;
for (j = 0; (unsigned)j < data.len;++j)
if (data.s[j] == ' ') {
if (!stralloc_cats(rules,"+.")) return -1;
if (!stralloc_catb(rules,data.s + i,j - i)) return -1;
i = j + 1;
}
if (!stralloc_0(rules)) return -1;
if (!stralloc_cats(rules,"*.:")) return -1;
if (!stralloc_0(rules)) return -1;
return 0;
}
i = openreadclose("/etc/resolv.conf",&data,64);
if (i == -1) return -1;
if (i) {
if (!stralloc_append(&data,"\n")) return -1;
i = 0;
for (j = 0; (unsigned)j < data.len;++j)
if (data.s[j] == '\n') {
if (byte_equal("search ",7,data.s + i) || byte_equal("search\t",7,data.s + i) || byte_equal("domain ",7,data.s + i) || byte_equal("domain\t",7,data.s + i)) {
if (!stralloc_copys(rules,"?:")) return -1;
i += 7;
while (i < j) {
k = byte_chr(data.s + i,j - i,' ');
k = byte_chr(data.s + i,k,'\t');
if (!k) { ++i; continue; }
if (!stralloc_cats(rules,"+.")) return -1;
if (!stralloc_catb(rules,data.s + i,k)) return -1;
i += k;
}
if (!stralloc_0(rules)) return -1;
if (!stralloc_cats(rules,"*.:")) return -1;
if (!stralloc_0(rules)) return -1;
return 0;
}
i = j + 1;
}
}
host[0] = 0;
if (gethostname(host,sizeof host) == -1) return -1;
host[(sizeof host) - 1] = 0;
i = str_chr(host,'.');
if (host[i]) {
if (!stralloc_copys(rules,"?:")) return -1;
if (!stralloc_cats(rules,host + i)) return -1;
if (!stralloc_0(rules)) return -1;
}
if (!stralloc_cats(rules,"*.:")) return -1;
if (!stralloc_0(rules)) return -1;
return 0;
}
static bool
Load_DH_params(void)
{
#ifdef HAVE_LIBSSL
FILE *fp;
bool ret = true;
if (!Conf_SSLOptions.DHFile) {
Log(LOG_NOTICE, "Configuration option \"DHFile\" not set!");
return false;
}
fp = fopen(Conf_SSLOptions.DHFile, "r");
if (!fp) {
Log(LOG_ERR, "%s: %s", Conf_SSLOptions.DHFile, strerror(errno));
return false;
}
dh_params = PEM_read_DHparams(fp, NULL, NULL, NULL);
if (!dh_params) {
Log(LOG_ERR, "%s: Failed to read SSL DH parameters!",
Conf_SSLOptions.DHFile);
ret = false;
}
fclose(fp);
return ret;
#endif
#ifdef HAVE_LIBGNUTLS
bool need_dhgenerate = true;
int err;
gnutls_dh_params_t tmp_dh_params;
err = gnutls_dh_params_init(&tmp_dh_params);
if (err < 0) {
Log(LOG_ERR, "Failed to initialize SSL DH parameters: %s",
gnutls_strerror(err));
return false;
}
if (Conf_SSLOptions.DHFile) {
gnutls_datum_t dhparms;
size_t size;
dhparms.data = (unsigned char *) openreadclose(Conf_SSLOptions.DHFile, &size);
if (dhparms.data) {
dhparms.size = size;
err = gnutls_dh_params_import_pkcs3(tmp_dh_params, &dhparms, GNUTLS_X509_FMT_PEM);
if (err == 0)
need_dhgenerate = false;
else
Log(LOG_ERR,
"Failed to initialize SSL DH parameters: %s",
gnutls_strerror(err));
memset(dhparms.data, 0, size);
free(dhparms.data);
}
}
if (need_dhgenerate) {
Log(LOG_WARNING,
"DHFile not set, generating %u bit DH parameters. This may take a while ...",
DH_BITS);
err = gnutls_dh_params_generate2(tmp_dh_params, DH_BITS);
if (err < 0) {
Log(LOG_ERR, "Failed to generate SSL DH parameters: %s",
gnutls_strerror(err));
return false;
}
}
dh_params = tmp_dh_params;
return true;
#endif
}
int cinit_build_argv(char *basename, struct ba_argv *bav)
{
int tmp;
int argc;
char pathtmp[PATH_MAX + 1];
char *sbuf = NULL;
char *p;
/*
* sane values
*/
bav->argv = NULL;
bav->envp = NULL;
/***********************************************************************
* Try to get realname (for links)
*/
if((tmp = readlink(basename, pathtmp, PATH_MAX)) == -1) {
/*
* nothing there?
*/
if(errno == ENOENT) {
return BA_E_NOTFOUND;
}
if(errno != EINVAL) {
return BA_E_OTHER;
}
tmp = strlen(basename);
strncpy(pathtmp, basename, tmp);
}
pathtmp[tmp] = '\0';
++tmp; /* the byte to add to memory for \0; neither
* readlink nor strlen count the \0 */
/***********************************************************************
* prepare argv0
*/
bav->argv = malloc(sizeof(char *));
if(bav->argv == NULL)
return BA_E_MEM;
*bav->argv = malloc(tmp);
if(*(bav->argv) == NULL)
return BA_E_MEM;
strncpy(*(bav->argv), pathtmp, tmp);
/********************** read params *********************/
/*
* FIXME check bounds!
*/
strcpy(pathtmp, basename);
strcat(pathtmp, C_PARAMS);
/*
* ORC_ERR_NONEXISTENT: Ok, have sbuf set to NULL ORC_OK: Ok, have a filled
* buffer (perhaps NULL, too) other: Error, print errno
*/
tmp = openreadclose(pathtmp, &sbuf);
if(tmp != ORC_ERR_NONEXISTENT && tmp != ORC_OK) {
print_errno(pathtmp);
return BA_E_PARAMS;
}
sbuf = strip_final_newline(sbuf);
/***********************************************************************
* Now split the string, converting \n to \0
*/
argc = 1; /* argv0 */
while(sbuf != NULL) {
p = strchr(sbuf, '\n');
bav->argv = realloc(bav->argv, sizeof(char *) * (argc + 1));
if(bav->argv == NULL)
return BA_E_MEM;
bav->argv[argc] = sbuf; /* here begins the current argument */
if(p != NULL) { /* found another \n */
*p = '\0';
sbuf = p + 1;
} else { /* end of string */
sbuf = NULL;
}
++argc;
}
/************ close argv list **************/
bav->argv = realloc(bav->argv, sizeof(char *) * (argc + 1));
if(bav->argv == NULL)
return BA_E_MEM;
bav->argv[argc] = NULL; /* terminate argv list */
/********************** read environment *********************/
strcpy(pathtmp, basename);
strcat(pathtmp, C_ENV);
tmp = argc = 0;
sbuf = NULL;
tmp = openreadclose(pathtmp, &sbuf);
if(tmp != ORC_ERR_NONEXISTENT && tmp != ORC_OK) {
print_errno(pathtmp);
return BA_E_PARAMS;
}
sbuf = strip_final_newline(sbuf);
/************** build environment string **************/
argc = 0;
while(sbuf != NULL) {
p = strchr(sbuf, '\n');
bav->envp = realloc(bav->envp, sizeof(char *) * (argc + 1));
if(bav->envp == NULL)
return BA_E_MEM;
bav->envp[argc] = sbuf;
/*
* if we found \n
*/
if(p != NULL) {
*p = '\0';
sbuf = p + 1;
} else {
sbuf = NULL;
}
++argc;
}
/************ close env list **************/
bav->envp = realloc(bav->envp, sizeof(char *) * (argc + 1));
if(bav->envp == NULL) {
return BA_E_MEM;
}
bav->envp[argc] = NULL;
return BA_OK;
}
static int
init(char ip[256]) {
unsigned long int i;
unsigned long int j;
int iplen = 0;
char* x;
#if WINDOWS
FIXED_INFO* pFixedInfo;
ULONG ulOutBufLen;
typedef DWORD (WINAPI get_network_params_fn)(PFIXED_INFO pFixedInfo,PULONG pOutBufLen);
static get_network_params_fn* get_network_params;
if(get_network_params == 0) {
HANDLE iphlpapi = LoadLibraryA("iphlpapi.dll");
if(iphlpapi != INVALID_HANDLE_VALUE) {
if((get_network_params = (get_network_params_fn*)GetProcAddress(iphlpapi, "GetNetworkParams")) == 0)
return -1;
}
}
#endif
x = getenv("DNSCACHEIP");
#if WINDOWS
#define MALLOC(x) HeapAlloc(GetProcessHeap(), 0, (x))
#define FREE(x) HeapFree(GetProcessHeap(), 0, (x))
if(!x) {
/* Make an initial call to GetAdaptersInfo to get the necessary size into the ulOutBufLen variable */
pFixedInfo = (FIXED_INFO*)MALLOC(sizeof(FIXED_INFO));
if(pFixedInfo) {
ulOutBufLen = sizeof(FIXED_INFO);
if((*get_network_params)(pFixedInfo, &ulOutBufLen) == ERROR_BUFFER_OVERFLOW) {
FREE(pFixedInfo);
pFixedInfo = (FIXED_INFO*)MALLOC(ulOutBufLen);
}
}
if(pFixedInfo) {
if((*get_network_params)(pFixedInfo, &ulOutBufLen) == NO_ERROR) {
x = pFixedInfo->DnsServerList.IpAddress.String;
}
}
}
#endif
if(x)
while(iplen <= 60) {
if(*x == '.')
++x;
else {
i = scan_ip6(x, ip + iplen);
if(!i) break;
x += i;
iplen += 16;
}
}
if(!iplen) {
i = openreadclose("/etc/resolv.conf", &data, 64);
if(i == (unsigned long int)-1) return -1;
if(i) {
if(!stralloc_append(&data, "\n")) return -1;
i = 0;
for(j = 0; j < data.len; ++j)
if(data.s[j] == '\n') {
if(byte_equal("nameserver ", 11, data.s + i) || byte_equal("nameserver\t", 11, data.s + i)) {
i += 10;
while((data.s[i] == ' ') || (data.s[i] == '\t')) ++i;
if(iplen <= 60)
if(scan_ip6(data.s + i, ip + iplen)) {
iplen += 16;
}
}
i = j + 1;
}
}
}
if(!iplen) {
byte_copy(ip, 16, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1");
iplen = 16;
}
byte_zero(ip + iplen, 256 - iplen);
return 0;
}
int main()
{
char *x;
unsigned int i, j, k;
unsigned long cachesize;
static stralloc sa = {0};
x = env_get("INTERFACE");
if (x) scan_ulong(x,&interface);
x = env_get("IP");
if (!x)
strerr_die2x(111,FATAL,"$IP not set");
if (!ip6_scan(x,myipincoming))
strerr_die3x(111,FATAL,"unable to parse IP address ",x);
#if 0
/* if if IP is a mapped-IPv4 address, disable IPv6 functionality */
/* this is actually a bad idea */
if (ip6_isv4mapped(myipincoming))
noipv6 = 1;
#endif
udp53 = socket_udp6();
if (udp53 == -1)
strerr_die2sys(111,FATAL,"unable to create UDP socket: ");
if (socket_bind6_reuse(udp53,myipincoming,53,interface) == -1)
strerr_die2sys(111,FATAL,"unable to bind UDP socket: ");
tcp53 = socket_tcp6();
if (tcp53 == -1)
strerr_die2sys(111,FATAL,"unable to create TCP socket: ");
if (socket_bind6_reuse(tcp53,myipincoming,53,interface) == -1)
strerr_die2sys(111,FATAL,"unable to bind TCP socket: ");
droproot(FATAL);
socket_tryreservein(udp53,131072);
byte_zero(seed,sizeof seed);
read(0,seed,sizeof seed);
dns_random_init(seed);
close(0);
x = env_get("IPSEND");
if (!x)
strerr_die2x(111,FATAL,"$IPSEND not set");
if (!ip6_scan(x,myipoutgoing))
strerr_die3x(111,FATAL,"unable to parse IP address ",x);
x = env_get("CACHESIZE");
if (!x)
strerr_die2x(111,FATAL,"$CACHESIZE not set");
scan_ulong(x,&cachesize);
if (!cache_init(cachesize))
strerr_die3x(111,FATAL,"not enough memory for cache of size ",x);
if (openreadclose("ignoreip",&sa,64) < 0)
strerr_die2x(111,FATAL,"trouble reading ignoreip");
for(j = k = i = 0; i < sa.len; i++)
if (sa.s[i] == '\n') {
sa.s[i] = '\0';
if (!stralloc_readyplus(&ignoreip,16))
strerr_die2x(111,FATAL,"out of memory parsing ignoreip");
if (!ip6_scan(sa.s+k,ignoreip.s+j))
strerr_die3x(111,FATAL,"unable to parse address in ignoreip ",ignoreip.s+k);
j += 16;
k = i + 1;
}
ignoreip.len = j;
if (env_get("HIDETTL"))
response_hidettl();
if (env_get("FORWARDONLY"))
query_forwardonly();
if (!roots_init())
strerr_die2sys(111,FATAL,"unable to read servers: ");
if (socket_listen(tcp53,20) == -1)
strerr_die2sys(111,FATAL,"unable to listen on TCP socket: ");
log_startup();
doit();
}