static void
tcpeek_init_setuid(void) {
struct passwd *passwd;
gid_t groups[128];
int ngroups;
if(strisempty(g.option.user)) {
return;
}
passwd = strisdigit(g.option.user) ? getpwuid((uid_t)strtol(g.option.user, NULL, 10)) : getpwnam(g.option.user);
if(!passwd) {
error_abort("%s", strerror(errno));
}
ngroups = sizeof(groups);
if(getgrouplist(g.option.user, passwd->pw_gid, groups, &ngroups) == -1) {
error_abort("getgrouplist: %s", strerror(errno));
}
if(setgroups(ngroups, groups) == -1) {
error_abort("setgroups: %s", strerror(errno));
}
if(setgid(passwd->pw_gid) == -1) {
error_abort("setgid: %s", strerror(errno));
}
if(setuid(passwd->pw_uid) == -1) {
error_abort("setuid: %s", strerror(errno));
}
}
static void
tcpeek_init_pcap(void) {
char *ifname, errmsg[PCAP_ERRBUF_SIZE], expression[] = "tcp or icmp";
struct bpf_program bpf;
if(strisempty(g.option.ifname)) {
ifname = pcap_lookupdev(errmsg);
if(!ifname) {
error_abort("%s", errmsg);
}
strncpy(g.option.ifname, ifname, sizeof(g.option.ifname) - 1);
}
g.pcap.pcap = pcap_create(g.option.ifname, errmsg);
if(!g.pcap.pcap) {
error_abort("%s", errmsg);
}
if(pcap_set_buffer_size(g.pcap.pcap, g.option.buffer * 1024 * 1024) != 0) {
error_abort("%s", "can not set buffer size");
}
if(pcap_set_snaplen(g.pcap.pcap, DEFAULT_PCAP_SNAPLEN) != 0) {
error_abort("%s", "can not set snaplen");
}
if(pcap_set_promisc(g.pcap.pcap, g.option.promisc) != 0) {
error_abort("%s", "can not set promiscuous mode");
}
if(pcap_set_timeout(g.pcap.pcap, 1) != 0) {
error_abort("%s", "can not set timeout");
}
if(pcap_activate(g.pcap.pcap) != 0) {
error_abort("%s", pcap_geterr(g.pcap.pcap));
}
if(pcap_compile(g.pcap.pcap, &bpf, expression, 0, 0) == -1) {
error_abort("%s '%s'", pcap_geterr(g.pcap.pcap), expression);
}
if(pcap_setfilter(g.pcap.pcap, &bpf) == -1){
error_abort("%s", pcap_geterr(g.pcap.pcap));
}
pcap_freecode(&bpf);
g.pcap.snapshot = pcap_snapshot(g.pcap.pcap);
g.pcap.datalink = pcap_datalink(g.pcap.pcap);
if(g.pcap.datalink != DLT_EN10MB && g.pcap.datalink != DLT_LINUX_SLL) {
error_abort("not support datalink %s (%s)",
pcap_datalink_val_to_name(g.pcap.datalink),
pcap_datalink_val_to_description(g.pcap.datalink)
);
}
}
struct nc_session *nc_session_connect_tls_socket(const char* username, const char* UNUSED(host), int sock)
{
struct nc_session *retval;
struct passwd *pw;
pthread_mutexattr_t mattr;
int verify, r;
SSL_CTX* tls_ctx;
tls_ctx = pthread_getspecific(tls_ctx_key);
if (tls_ctx == NULL) {
ERROR("TLS subsystem not initiated.");
return (NULL);
}
/* get current user if username not explicitely specified */
if (username == NULL || strisempty(username)) {
pw = getpwuid(getuid());
if (pw == NULL) {
/* unable to get correct username (errno from getpwuid) */
ERROR("Unable to set a username for the SSH connection (%s).", strerror(errno));
return (NULL);
}
username = pw->pw_name;
}
/* allocate netconf session structure */
retval = calloc(1, sizeof(struct nc_session));
if (retval == NULL) {
ERROR("Memory allocation failed (%s)", strerror(errno));
return (NULL);
}
memset(retval, 0, sizeof(struct nc_session));
if ((retval->stats = malloc (sizeof (struct nc_session_stats))) == NULL) {
ERROR("Memory allocation failed (%s)", strerror(errno));
free(retval);
return NULL;
}
/* prepare a new TLS structure */
if ((retval->tls = SSL_new(tls_ctx)) == NULL) {
ERROR("%s: Unable to prepare TLS structure (%s)", __func__, ERR_reason_error_string(ERR_get_error()));
free(retval->stats);
free(retval);
return (NULL);
}
/* connect SSL with existing socket */
SSL_set_fd(retval->tls, sock);
/* Set the SSL_MODE_AUTO_RETRY flag to allow OpenSSL perform re-handshake automatically */
SSL_set_mode(retval->tls, SSL_MODE_AUTO_RETRY);
/* connect and perform the handshake */
if (SSL_connect(retval->tls) != 1) {
ERROR("Connecting over TLS failed (%s).", ERR_reason_error_string(ERR_get_error()));
SSL_free(retval->tls);
free(retval->stats);
free(retval);
return (NULL);
}
/* check certificate checking */
verify = SSL_get_verify_result(retval->tls);
switch (verify) {
case X509_V_OK:
VERB("Server certificate successfully verified.");
break;
default:
WARN("I'm not happy with the server certificate (%s).", verify_ret_msg[verify]);
}
/* fill session structure */
retval->transport_socket = sock;
retval->fd_input = -1;
retval->fd_output = -1;
retval->username = strdup(username);
retval->groups = NULL; /* client side does not need this information */
retval->msgid = 1;
retval->queue_event = NULL;
retval->queue_msg = NULL;
retval->logintime = NULL;
retval->monitored = 0;
retval->nacm_recovery = 0; /* not needed/decidable on the client side */
retval->stats->in_rpcs = 0;
retval->stats->in_bad_rpcs = 0;
retval->stats->out_rpc_errors = 0;
retval->stats->out_notifications = 0;
if (pthread_mutexattr_init(&mattr) != 0) {
ERROR("Memory allocation failed (%s:%d).", __FILE__, __LINE__);
free(retval);
return (NULL);
}
pthread_mutexattr_settype(&mattr, PTHREAD_MUTEX_RECURSIVE);
retval->mut_channel = (pthread_mutex_t *) malloc(sizeof(pthread_mutex_t));
if ((r = pthread_mutex_init(retval->mut_channel, &mattr)) != 0 ||
(r = pthread_mutex_init(&(retval->mut_mqueue), &mattr)) != 0 ||
(r = pthread_mutex_init(&(retval->mut_equeue), &mattr)) != 0 ||
(r = pthread_mutex_init(&(retval->mut_ntf), &mattr)) != 0 ||
(r = pthread_mutex_init(&(retval->mut_session), &mattr)) != 0) {
ERROR("Mutex initialization failed (%s).", strerror(r));
pthread_mutexattr_destroy(&mattr);
free(retval);
return (NULL);
}
pthread_mutexattr_destroy(&mattr);
return (retval);
}
