bool cmd_engine_set_time(const char *args, bool *startCmd, uint8_t target)
{
#ifdef MCODE_COMMAND_MODES
if (CmdModeRoot != cmd_engine_get_mode()) {
merror(MStringWrongMode);
return true;
}
#endif /* MCODE_COMMAND_MODES */
args = string_skip_whitespace(args);
if (!args || !*args) {
/* Too few arguments */
merror(MStringWrongArgument);
return true;
}
/* Get the 'hour' argument */
uint16_t hour = -1;
args = string_next_number(args, &hour);
if (!args || hour > 23u) {
/* Wrong 'hour' argument */
merror(MStringWrongArgument);
return true;
}
/* Parse <min> argument */
args = string_skip_whitespace(args);
uint16_t mins = -1;
args = string_next_number(args, &mins);
if (!args || mins > 59u) {
/* Wrong 'min' argument */
merror(MStringWrongArgument);
return true;
}
/* Parse <seconds> argument */
args = string_skip_whitespace(args);
uint16_t secs = -1;
args = string_next_number(args, &secs);
if (args || secs > 59) {
/* Wrong 'second' argument */
merror(MStringWrongArgument);
return true;
}
switch (target) {
case CmdEngineRtcSetTimeTargetTime:
mtime_set_time(hour, mins, secs, cmd_engine_update_ready);
break;
case CmdEngineRtcSetTimeTargetAlarm:
mtime_set_alarm(hour, mins, secs, cmd_engine_update_ready);
break;
case CmdEngineRtcSetTimeTargetNewDayAlarm:
mtime_set_new_day_alarm(hour, mins, secs, cmd_engine_update_ready);
break;
default:
return false;
}
*startCmd = false;
return true;
}
bool cmd_engine_set_date(const char *args, bool *startCmd)
{
#ifdef MCODE_COMMAND_MODES
if (CmdModeRoot != cmd_engine_get_mode()) {
merror(MStringWrongMode);
return true;
}
#endif /* MCODE_COMMAND_MODES */
/* Parse the 'year' argument */
args = string_skip_whitespace(args);
if (!args || !*args) {
/* Too few arguments */
merror(MStringWrongArgument);
return true;
}
uint16_t year = 0;
args = string_next_number(args, &year);
if (!args || year < 1900 || year > 2099) {
/* Wrong 'year' argument */
merror(MStringWrongArgument);
return true;
}
/* Parse <month> argument */
args = string_skip_whitespace(args);
uint16_t month = 0;
args = string_next_number(args, &month);
if (!args || month < 1 || month > 12) {
/* Wrong 'month' argument */
merror(MStringWrongArgument);
return true;
}
/* Parse <day> argument */
args = string_skip_whitespace(args);
uint16_t day = 0;
args = string_next_number(args, &day);
if (!args || day < 1 || day > 31) {
/* Wrong 'day' argument */
merror(MStringWrongArgument);
return true;
}
/* Parse <week-day> argument */
args = string_skip_whitespace(args);
uint16_t weekday = 0;
args = string_next_number(args, &weekday);
if (args || weekday < 1 || weekday > 7) {
/* Wrong 'week-day' argument */
merror(MStringWrongArgument);
return true;
}
*startCmd = false;
mtime_set_date(year, month, day, weekday, cmd_engine_update_ready);
return true;
}
void cmd_engine_set_led(const char *args)
{
uint16_t index = -1;
uint16_t value = -1;
args = string_skip_whitespace(args);
args = string_next_number(args, &index);
args = string_skip_whitespace(args);
string_next_number(args, &value);
if (index > 2u || value > 1u) {
merror(MStringWrongArgument);
return;
}
leds_set(index, value);
}
static int
_posix1e_acl_entry_from_text(acl_t aclp, char *entry)
{
acl_tag_t t;
acl_perm_t p;
char *tag, *qualifier, *permission;
uid_t id;
int error;
assert(_acl_brand(aclp) == ACL_BRAND_POSIX);
/* Split into three ':' delimited fields. */
tag = strsep(&entry, ":");
if (tag == NULL) {
errno = EINVAL;
return (-1);
}
tag = string_skip_whitespace(tag);
if ((*tag == '\0') && (!entry)) {
/*
* Is an entirely comment line, skip to next
* comma.
*/
return (0);
}
string_trim_trailing_whitespace(tag);
qualifier = strsep(&entry, ":");
if (qualifier == NULL) {
errno = EINVAL;
return (-1);
}
qualifier = string_skip_whitespace(qualifier);
string_trim_trailing_whitespace(qualifier);
permission = strsep(&entry, ":");
if (permission == NULL || entry) {
errno = EINVAL;
return (-1);
}
permission = string_skip_whitespace(permission);
string_trim_trailing_whitespace(permission);
t = acl_string_to_tag(tag, qualifier);
if (t == -1) {
errno = EINVAL;
return (-1);
}
error = _posix1e_acl_string_to_perm(permission, &p);
if (error == -1) {
errno = EINVAL;
return (-1);
}
switch(t) {
case ACL_USER_OBJ:
case ACL_GROUP_OBJ:
case ACL_MASK:
case ACL_OTHER:
if (*qualifier != '\0') {
errno = EINVAL;
return (-1);
}
id = 0;
break;
case ACL_USER:
case ACL_GROUP:
error = _acl_name_to_id(t, qualifier, &id);
if (error == -1)
return (-1);
break;
default:
errno = EINVAL;
return (-1);
}
error = _posix1e_acl_add_entry(aclp, t, id, p);
if (error == -1)
return (-1);
return (0);
}
/*
* acl_from_text -- Convert a string into an ACL.
* Postpone most validity checking until the end and call acl_valid() to do
* that.
*/
acl_t
acl_from_text(const char *buf_p)
{
acl_t acl;
char *mybuf_p, *line, *cur, *notcomment, *comment, *entry;
int error;
/* Local copy we can mess up. */
mybuf_p = strdup(buf_p);
if (mybuf_p == NULL)
return(NULL);
acl = acl_init(3); /* XXX: WTF, 3? */
if (acl == NULL) {
free(mybuf_p);
return(NULL);
}
/* Outer loop: delimit at \n boundaries. */
cur = mybuf_p;
while ((line = strsep(&cur, "\n"))) {
/* Now split the line on the first # to strip out comments. */
comment = line;
notcomment = strsep(&comment, "#");
/* Inner loop: delimit at ',' boundaries. */
while ((entry = strsep(¬comment, ","))) {
/* Skip empty lines. */
if (strlen(string_skip_whitespace(entry)) == 0)
continue;
if (_acl_brand(acl) == ACL_BRAND_UNKNOWN) {
if (_text_is_nfs4_entry(entry))
_acl_brand_as(acl, ACL_BRAND_NFS4);
else
_acl_brand_as(acl, ACL_BRAND_POSIX);
}
switch (_acl_brand(acl)) {
case ACL_BRAND_NFS4:
error = _nfs4_acl_entry_from_text(acl, entry);
break;
case ACL_BRAND_POSIX:
error = _posix1e_acl_entry_from_text(acl, entry);
break;
default:
error = EINVAL;
break;
}
if (error)
goto error_label;
}
}
#if 0
/* XXX Should we only return ACLs valid according to acl_valid? */
/* Verify validity of the ACL we read in. */
if (acl_valid(acl) == -1) {
errno = EINVAL;
goto error_label;
}
#endif
free(mybuf_p);
return(acl);
error_label:
acl_free(acl);
free(mybuf_p);
return(NULL);
}
/**
* Parse the metaserver certificate information.
*
* @param server
* Metaserver entry.
* @return
* True on success, false on failure.
*/
static bool
parse_metaserver_cert (server_struct *server)
{
HARD_ASSERT(server != NULL);
if (server->cert == NULL || server->cert_sig == NULL) {
/* No certificate. */
return true;
}
/* Generate a SHA512 hash of the certificate's contents. */
unsigned char cert_digest[SHA512_DIGEST_LENGTH];
if (SHA512((unsigned char *) server->cert,
strlen(server->cert),
cert_digest) == NULL) {
LOG(ERROR, "SHA512() failed: %s",
ERR_error_string(ERR_get_error(), NULL));
return false;
}
char cert_hash[SHA512_DIGEST_LENGTH * 2 + 1];
SOFT_ASSERT_RC(string_tohex(VS(cert_digest),
VS(cert_hash),
false) == sizeof(cert_hash) - 1,
false,
"string_tohex failed");
string_tolower(cert_hash);
/* Verify the signature. */
if (!curl_verify(CURL_PKEY_TRUST_ULTIMATE,
cert_hash,
strlen(cert_hash),
server->cert_sig,
server->cert_sig_len)) {
LOG(ERROR, "Failed to verify signature");
return false;
}
server_cert_info_t *info = ecalloc(1, sizeof(*info));
char buf[MAX_BUF];
size_t pos = 0;
bool in_info = false;
while (string_get_word(server->cert, &pos, '\n', VS(buf), 0)) {
char *cp = buf;
string_skip_whitespace(cp);
string_strip_newline(cp);
if (*cp == '\0') {
continue;
}
if (strcmp(cp, cert_begin_str) == 0) {
in_info = true;
continue;
} else if (!in_info) {
continue;
} else if (strcmp(cp, cert_end_str) == 0) {
break;
}
char *cps[2];
if (string_split(cp, cps, arraysize(cps), ':') != arraysize(cps)) {
LOG(ERROR, "Parsing error");
continue;
}
string_tolower(cps[0]);
string_skip_whitespace(cps[1]);
const char *key = cps[0];
const char *value = cps[1];
char **content = NULL;
if (strcmp(key, "name") == 0) {
content = &info->name;
} else if (strcmp(key, "hostname") == 0) {
content = &info->hostname;
} else if (strcmp(key, "ipv4 address") == 0) {
content = &info->ipv4_address;
} else if (strcmp(key, "ipv6 address") == 0) {
content = &info->ipv6_address;
} else if (strcmp(key, "public key") == 0) {
content = &info->pubkey;
} else if (strcmp(key, "port") == 0) {
info->port = atoi(value);
} else if (strcmp(key, "crypto port") == 0) {
info->port_crypto = atoi(value);
} else {
LOG(DEVEL, "Unrecognized key: %s", key);
continue;
}
if (content != NULL) {
StringBuffer *sb = stringbuffer_new();
if (*content != NULL) {
stringbuffer_append_string(sb, *content);
stringbuffer_append_char(sb, '\n');
efree(*content);
}
stringbuffer_append_string(sb, value);
*content = stringbuffer_finish(sb);
}
}
/* Ensure we got the data we need. */
if (info->name == NULL ||
info->hostname == NULL ||
info->pubkey == NULL ||
info->port_crypto <= 0 ||
(info->ipv4_address == NULL) != (info->ipv6_address == NULL)) {
LOG(ERROR,
"Certificate is missing required data.");
goto error;
}
/* Ensure certificate attributes match the advertised ones. */
if (strcmp(info->hostname, server->hostname) != 0) {
LOG(ERROR,
"Certificate hostname does not match advertised hostname.");
goto error;
}
if (strcmp(info->name, server->name) != 0) {
LOG(ERROR,
"Certificate name does not match advertised name.");
goto error;
}
if (info->port != server->port) {
LOG(ERROR,
"Certificate port does not match advertised port.");
goto error;
}
if (info->port_crypto != server->port_crypto) {
LOG(ERROR,
"Certificate crypto port does not match advertised crypto port.");
goto error;
}
server->cert_info = info;
return true;
error:
metaserver_cert_free(info);
return false;
}
