static int
_name_auth_pipe (char **pipe_name_p)
{
/* Creates a unique filename for the authentication pipe, storing the result
* in a newly-allocated string referenced by [pipe_name_p].
* The caller is responsible for freeing the string returned by [pipe_name_p].
* The auth pipe name is of the form "AUTH_PIPE_DIR/.munge-RANDOM.pipe".
* Returns 0 on success, -1 on error.
*/
unsigned char *nonce_bin = NULL;
int nonce_bin_len;
char *nonce_asc = NULL;
int nonce_asc_len;
char *dst = NULL;
int dst_len;
int n;
*pipe_name_p = NULL;
assert (conf->auth_rnd_bytes > 0);
assert (conf->auth_server_dir != NULL);
nonce_bin_len = conf->auth_rnd_bytes;
if (!(nonce_bin = malloc (nonce_bin_len))) {
goto err;
}
nonce_asc_len = (2 * nonce_bin_len) + 1;
if (!(nonce_asc = malloc (nonce_asc_len))) {
goto err;
}
dst_len = strlen (conf->auth_server_dir)
+ 8 /* strlen ("/.munge-") */
+ (2 * conf->auth_rnd_bytes)
+ 6; /* strlen (".pipe") + "\0" */
if (!(dst = malloc (dst_len))) {
goto err;
}
random_pseudo_bytes (nonce_bin, nonce_bin_len);
if (!(strbin2hex (nonce_asc, nonce_asc_len, nonce_bin, nonce_bin_len))) {
goto err;
}
n = snprintf (dst, dst_len, "%s/.munge-%s.pipe",
conf->auth_server_dir, nonce_asc);
if ((n < 0) || (n >= dst_len)) {
goto err;
}
free (nonce_bin);
free (nonce_asc);
*pipe_name_p = dst;
return (0);
err:
if (nonce_bin) {
free (nonce_bin);
}
if (nonce_asc) {
free (nonce_asc);
}
if (dst) {
free (dst);
}
return (-1);
}
static int
_name_auth_file (const char *pipe_name, const char *file_dir,
char **file_name_p)
{
/* Creates a unique filename based on the name of authentication pipe
* [pipe_name] and authentication file directory [file_dir], storing the
* result in a newly-allocated string referenced by [file_name_p].
* The caller is responsible for freeing the string returned by [file_name_p].
* The auth pipe name is of the form "AUTH_PIPE_DIR/.munge-RANDOM.pipe".
* The auth file name is of the form "AUTH_FILE_DIR/.munge-RANDOM.file".
* Returns 0 on success, -1 on error.
*
* The random component of the authentication file is computed by XORing the
* first half of the random component of the authentication pipe with the
* second half. Consequently, it is half the length.
* The random component of the client is based off that of the server because
* the client does not have access to the PRNG. At the same time, we don't
* want to allow an attacker to derive the name of the authentication pipe
* from that of the authentication file (assuming the directory containing
* the authentication pipe is unreadable).
*/
char *p;
char *q;
int rnd_bin_len;
char *rnd_bin = NULL;
int rnd_asc_len;
char *rnd_asc = NULL;
int m;
int i;
int dst_len;
char *dst = NULL;
int n;
*file_name_p = NULL;
if (!pipe_name || !file_dir) {
goto err;
}
p = (p = strrchr (pipe_name, '-')) ? p + 1 : NULL;
q = strrchr (pipe_name, '.');
if (!p || !q) {
goto err;
}
rnd_bin_len = (q - p) / 2;
if (!(rnd_bin = malloc (rnd_bin_len))) {
goto err;
}
rnd_asc_len = rnd_bin_len + 1;
if (!(rnd_asc = malloc (rnd_asc_len))) {
goto err;
}
if (!(strhex2bin (rnd_bin, rnd_bin_len, p, q - p))) {
goto err;
}
m = rnd_bin_len / 2;
for (i = 0; i < m; i++) {
rnd_bin [i] ^= rnd_bin [i + m];
}
if (!(strbin2hex (rnd_asc, rnd_asc_len, rnd_bin, m))) {
goto err;
}
dst_len = strlen (file_dir)
+ 8 /* strlen ("/.munge-") */
+ strlen (rnd_asc)
+ 6; /* strlen (".file") + "\0" */
if (!(dst = malloc (dst_len))) {
goto err;
}
n = snprintf (dst, dst_len, "%s/.munge-%s.file", file_dir, rnd_asc);
if ((n < 0) || (n >= dst_len)) {
goto err;
}
free (rnd_bin);
free (rnd_asc);
*file_name_p = dst;
return (0);
err:
if (rnd_bin) {
free (rnd_bin);
}
if (rnd_asc) {
free (rnd_asc);
}
if (dst) {
free (dst);
}
return (-1);
}
