static void
tryCVS(const char *path,
const char **vers_,
time_t * date_,
const char **lock_)
{
char working[MAXPATHLEN];
char *leaf;
char *s;
CVS_WORK *cache;
if (strlen(path) >= sizeof(working))
return;
if ((leaf = fleaf(path)) == 0)
return;
strcpy(working, path);
if ((s = fleaf_delim(working)) != 0)
*s = EOS;
/*
* Look for cached data for this working directory.
*/
for (cache = my_work; cache != 0; cache = cache->next) {
if (!strcmp(cache->working, working)) {
if (check_timestamp(cache)) {
break;
}
if (read_from_cache(cache, leaf, vers_, date_, lock_))
return;
}
}
/*
* If we did not find it in the cache list, or our cache is obsolete,
* look for new information.
*/
if (cache == 0) {
cache = typealloc(CVS_WORK);
cache->next = my_work;
my_work = cache;
cache->timestamp = 0;
cache->working = txtalloc(working);
cache->num_entries = 0;
cache->Entries = 0;
cache->Repository = 0;
cache->Root = 0;
read_entries(cache);
(void) check_timestamp(cache);
} else {
read_entries(cache);
}
(void) read_from_cache(cache, leaf, vers_, date_, lock_);
}
int
pmiWrite(int sec, int usec)
{
int sts;
if (current == NULL)
return PM_ERR_NOCONTEXT;
if (current->result == NULL)
return current->last_sts = PMI_ERR_NODATA;
if (sec < 0) {
pmtimevalNow(¤t->result->timestamp);
}
else {
current->result->timestamp.tv_sec = sec;
current->result->timestamp.tv_usec = usec;
}
if ((sts = check_timestamp()) == 0) {
sts = _pmi_put_result(current, current->result);
current->last_stamp = current->result->timestamp;
}
pmFreeResult(current->result);
current->result = NULL;
return current->last_sts = sts;
}
/**
* Validate a given file service s. Events are posted according to
* its configuration. In case of a fatal event FALSE is returned.
*/
int check_file(Service_T s) {
struct stat stat_buf;
ASSERT(s);
if (stat(s->path, &stat_buf) != 0) {
Event_post(s, Event_Nonexist, STATE_FAILED, s->action_NONEXIST, "file doesn't exist");
return FALSE;
} else {
s->inf->st_mode = stat_buf.st_mode;
if (s->inf->priv.file.st_ino == 0) {
s->inf->priv.file.st_ino_prev = stat_buf.st_ino;
s->inf->priv.file.readpos = stat_buf.st_size;
} else
s->inf->priv.file.st_ino_prev = s->inf->priv.file.st_ino;
s->inf->priv.file.st_ino = stat_buf.st_ino;
s->inf->st_uid = stat_buf.st_uid;
s->inf->st_gid = stat_buf.st_gid;
s->inf->priv.file.st_size = stat_buf.st_size;
s->inf->timestamp = MAX(stat_buf.st_mtime, stat_buf.st_ctime);
DEBUG("'%s' file exists check succeeded\n", s->name);
Event_post(s, Event_Nonexist, STATE_SUCCEEDED, s->action_NONEXIST, "file exist");
}
if (!S_ISREG(s->inf->st_mode)) {
Event_post(s, Event_Invalid, STATE_FAILED, s->action_INVALID, "is not a regular file");
return FALSE;
} else {
DEBUG("'%s' is a regular file\n", s->name);
Event_post(s, Event_Invalid, STATE_SUCCEEDED, s->action_INVALID, "is a regular file");
}
if (s->checksum)
check_checksum(s);
if (s->perm)
check_perm(s);
if (s->uid)
check_uid(s);
if (s->gid)
check_gid(s);
if (s->sizelist)
check_size(s);
if (s->timestamplist)
check_timestamp(s);
if (s->matchlist)
check_match(s);
return TRUE;
}
int
pmiPutResult(const pmResult *result)
{
int sts;
if (current == NULL)
return PM_ERR_NOCONTEXT;
current->result = (pmResult *)result;
if ((sts = check_timestamp()) == 0) {
sts = _pmi_put_result(current, current->result);
current->last_stamp = current->result->timestamp;
}
current->result = NULL;
return current->last_sts = sts;
}
/**
* Validate a given fifo service s. Events are posted according to
* its configuration. In case of a fatal event FALSE is returned.
*/
int check_fifo(Service_T s) {
struct stat stat_buf;
ASSERT(s);
if (stat(s->path, &stat_buf) != 0) {
Event_post(s, Event_Nonexist, STATE_FAILED, s->action_NONEXIST, "fifo doesn't exist");
return FALSE;
} else {
s->inf->st_mode = stat_buf.st_mode;
s->inf->st_uid = stat_buf.st_uid;
s->inf->st_gid = stat_buf.st_gid;
s->inf->timestamp = MAX(stat_buf.st_mtime, stat_buf.st_ctime);
DEBUG("'%s' fifo exists check succeeded\n", s->name);
Event_post(s, Event_Nonexist, STATE_SUCCEEDED, s->action_NONEXIST, "fifo exist");
}
if (!S_ISFIFO(s->inf->st_mode)) {
Event_post(s, Event_Invalid, STATE_FAILED, s->action_INVALID, "is not fifo");
return FALSE;
} else {
DEBUG("'%s' is fifo\n", s->name);
Event_post(s, Event_Invalid, STATE_SUCCEEDED, s->action_INVALID, "is fifo");
}
if (s->perm)
check_perm(s);
if (s->uid)
check_uid(s);
if (s->gid)
check_gid(s);
if (s->timestamplist)
check_timestamp(s);
return TRUE;
}
static int write_func (const void *buf, size_t length)
{
static DWORD block = 0;
if (debug_on < 2)
debug_on = 2;
if (block == 0)
{
tot_size = 0UL;
start = time (NULL);
fname = tftp_boot_local_file;
fprintf (stderr, "opening `%s'\n", fname);
file = fopen (fname, tftp_openmode ? tftp_openmode : "wb");
}
if (!file)
{
perror (fname);
return (-1);
}
#if defined(__DJGPP__) && 0
/*
* Look for optional Watt-32 stubinfo in block 4.
* If .exe file isn't newer, kill the connection
*/
if (block == 4 && is_exe && check_timestamp(buf) < our_timestamp)
{
close_func();
return (-1);
}
#endif
if (fwrite (buf, 1, length, file) < length)
return (-1);
tot_size += length;
block++;
return (0);
}
/**
* Run SSL handshake and store the resulting time value in the
* 'time_map'.
*
* @param time_map where to store the current time
* @param time_is_an_illusion
* @param http whether to do an http request and take the date from that
* instead.
*/
static void
run_ssl (uint32_t *time_map, int time_is_an_illusion, int http)
{
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
proxy_polarssl_ctx proxy_ctx;
x509_cert cacert;
struct stat statbuf;
int ret = 0, server_fd = 0;
char *pers = "tlsdate-helper";
memset (&ssl, 0, sizeof(ssl_context));
memset (&cacert, 0, sizeof(x509_cert));
verb("V: Using PolarSSL for SSL");
if (ca_racket)
{
if (-1 == stat (ca_cert_container, &statbuf))
{
die("Unable to stat CA certficate container %s", ca_cert_container);
}
else
{
switch (statbuf.st_mode & S_IFMT)
{
case S_IFREG:
if (0 > x509parse_crtfile(&cacert, ca_cert_container))
fprintf(stderr, "x509parse_crtfile failed");
break;
case S_IFDIR:
if (0 > x509parse_crtpath(&cacert, ca_cert_container))
fprintf(stderr, "x509parse_crtpath failed");
break;
default:
die("Unable to load CA certficate container %s", ca_cert_container);
}
}
}
entropy_init (&entropy);
if (0 != ctr_drbg_init (&ctr_drbg, entropy_func, &entropy,
(unsigned char *) pers, strlen(pers)))
{
die("Failed to initialize CTR_DRBG");
}
if (0 != ssl_init (&ssl))
{
die("SSL initialization failed");
}
ssl_set_endpoint (&ssl, SSL_IS_CLIENT);
ssl_set_rng (&ssl, ctr_drbg_random, &ctr_drbg);
ssl_set_ca_chain (&ssl, &cacert, NULL, hostname_to_verify);
if (ca_racket)
{
// You can do SSL_VERIFY_REQUIRED here, but then the check in
// inspect_key() never happens as the ssl_handshake() will fail.
ssl_set_authmode (&ssl, SSL_VERIFY_OPTIONAL);
}
if (proxy)
{
char *scheme;
char *proxy_host;
char *proxy_port;
parse_proxy_uri (proxy, &scheme, &proxy_host, &proxy_port);
verb("V: opening socket to proxy %s:%s", proxy_host, proxy_port);
if (0 != net_connect (&server_fd, proxy_host, atoi(proxy_port)))
{
die ("SSL connection failed");
}
proxy_polarssl_init (&proxy_ctx);
proxy_polarssl_set_bio (&proxy_ctx, net_recv, &server_fd, net_send, &server_fd);
proxy_polarssl_set_host (&proxy_ctx, host);
proxy_polarssl_set_port (&proxy_ctx, atoi(port));
proxy_polarssl_set_scheme (&proxy_ctx, scheme);
ssl_set_bio (&ssl, proxy_polarssl_recv, &proxy_ctx, proxy_polarssl_send, &proxy_ctx);
verb("V: Handle proxy connection");
if (0 == proxy_ctx.f_connect (&proxy_ctx))
die("Proxy connection failed");
}
else
{
verb("V: opening socket to %s:%s", host, port);
if (0 != net_connect (&server_fd, host, atoi(port)))
{
die ("SSL connection failed");
}
ssl_set_bio (&ssl, net_recv, &server_fd, net_send, &server_fd);
}
verb("V: starting handshake");
if (0 != ssl_do_handshake_part (&ssl))
die("SSL handshake first part failed");
uint32_t timestamp = ( (uint32_t) ssl.in_msg[6] << 24 )
| ( (uint32_t) ssl.in_msg[7] << 16 )
| ( (uint32_t) ssl.in_msg[8] << 8 )
| ( (uint32_t) ssl.in_msg[9] );
check_timestamp (timestamp);
verb("V: continuing handshake");
/* Continue with handshake */
while (0 != (ret = ssl_handshake (&ssl)))
{
if (POLARSSL_ERR_NET_WANT_READ != ret &&
POLARSSL_ERR_NET_WANT_WRITE != ret)
{
die("SSL handshake failed");
}
}
// Verify the peer certificate against the CA certs on the local system
if (ca_racket) {
inspect_key (&ssl, hostname_to_verify);
} else {
verb ("V: Certificate verification skipped!");
}
check_key_length (&ssl);
memcpy (time_map, ×tamp, sizeof(uint32_t));
proxy_polarssl_free (&proxy_ctx);
ssl_free (&ssl);
x509_free (&cacert);
}
