static int _name_auth_pipe (char **pipe_name_p) { /* Creates a unique filename for the authentication pipe, storing the result * in a newly-allocated string referenced by [pipe_name_p]. * The caller is responsible for freeing the string returned by [pipe_name_p]. * The auth pipe name is of the form "AUTH_PIPE_DIR/.munge-RANDOM.pipe". * Returns 0 on success, -1 on error. */ unsigned char *nonce_bin = NULL; int nonce_bin_len; char *nonce_asc = NULL; int nonce_asc_len; char *dst = NULL; int dst_len; int n; *pipe_name_p = NULL; assert (conf->auth_rnd_bytes > 0); assert (conf->auth_server_dir != NULL); nonce_bin_len = conf->auth_rnd_bytes; if (!(nonce_bin = malloc (nonce_bin_len))) { goto err; } nonce_asc_len = (2 * nonce_bin_len) + 1; if (!(nonce_asc = malloc (nonce_asc_len))) { goto err; } dst_len = strlen (conf->auth_server_dir) + 8 /* strlen ("/.munge-") */ + (2 * conf->auth_rnd_bytes) + 6; /* strlen (".pipe") + "\0" */ if (!(dst = malloc (dst_len))) { goto err; } random_pseudo_bytes (nonce_bin, nonce_bin_len); if (!(strbin2hex (nonce_asc, nonce_asc_len, nonce_bin, nonce_bin_len))) { goto err; } n = snprintf (dst, dst_len, "%s/.munge-%s.pipe", conf->auth_server_dir, nonce_asc); if ((n < 0) || (n >= dst_len)) { goto err; } free (nonce_bin); free (nonce_asc); *pipe_name_p = dst; return (0); err: if (nonce_bin) { free (nonce_bin); } if (nonce_asc) { free (nonce_asc); } if (dst) { free (dst); } return (-1); }
static int _name_auth_file (const char *pipe_name, const char *file_dir, char **file_name_p) { /* Creates a unique filename based on the name of authentication pipe * [pipe_name] and authentication file directory [file_dir], storing the * result in a newly-allocated string referenced by [file_name_p]. * The caller is responsible for freeing the string returned by [file_name_p]. * The auth pipe name is of the form "AUTH_PIPE_DIR/.munge-RANDOM.pipe". * The auth file name is of the form "AUTH_FILE_DIR/.munge-RANDOM.file". * Returns 0 on success, -1 on error. * * The random component of the authentication file is computed by XORing the * first half of the random component of the authentication pipe with the * second half. Consequently, it is half the length. * The random component of the client is based off that of the server because * the client does not have access to the PRNG. At the same time, we don't * want to allow an attacker to derive the name of the authentication pipe * from that of the authentication file (assuming the directory containing * the authentication pipe is unreadable). */ char *p; char *q; int rnd_bin_len; char *rnd_bin = NULL; int rnd_asc_len; char *rnd_asc = NULL; int m; int i; int dst_len; char *dst = NULL; int n; *file_name_p = NULL; if (!pipe_name || !file_dir) { goto err; } p = (p = strrchr (pipe_name, '-')) ? p + 1 : NULL; q = strrchr (pipe_name, '.'); if (!p || !q) { goto err; } rnd_bin_len = (q - p) / 2; if (!(rnd_bin = malloc (rnd_bin_len))) { goto err; } rnd_asc_len = rnd_bin_len + 1; if (!(rnd_asc = malloc (rnd_asc_len))) { goto err; } if (!(strhex2bin (rnd_bin, rnd_bin_len, p, q - p))) { goto err; } m = rnd_bin_len / 2; for (i = 0; i < m; i++) { rnd_bin [i] ^= rnd_bin [i + m]; } if (!(strbin2hex (rnd_asc, rnd_asc_len, rnd_bin, m))) { goto err; } dst_len = strlen (file_dir) + 8 /* strlen ("/.munge-") */ + strlen (rnd_asc) + 6; /* strlen (".file") + "\0" */ if (!(dst = malloc (dst_len))) { goto err; } n = snprintf (dst, dst_len, "%s/.munge-%s.file", file_dir, rnd_asc); if ((n < 0) || (n >= dst_len)) { goto err; } free (rnd_bin); free (rnd_asc); *file_name_p = dst; return (0); err: if (rnd_bin) { free (rnd_bin); } if (rnd_asc) { free (rnd_asc); } if (dst) { free (dst); } return (-1); }