static void tcpeek_init_setuid(void) { struct passwd *passwd; gid_t groups[128]; int ngroups; if(strisempty(g.option.user)) { return; } passwd = strisdigit(g.option.user) ? getpwuid((uid_t)strtol(g.option.user, NULL, 10)) : getpwnam(g.option.user); if(!passwd) { error_abort("%s", strerror(errno)); } ngroups = sizeof(groups); if(getgrouplist(g.option.user, passwd->pw_gid, groups, &ngroups) == -1) { error_abort("getgrouplist: %s", strerror(errno)); } if(setgroups(ngroups, groups) == -1) { error_abort("setgroups: %s", strerror(errno)); } if(setgid(passwd->pw_gid) == -1) { error_abort("setgid: %s", strerror(errno)); } if(setuid(passwd->pw_uid) == -1) { error_abort("setuid: %s", strerror(errno)); } }
static void tcpeek_init_pcap(void) { char *ifname, errmsg[PCAP_ERRBUF_SIZE], expression[] = "tcp or icmp"; struct bpf_program bpf; if(strisempty(g.option.ifname)) { ifname = pcap_lookupdev(errmsg); if(!ifname) { error_abort("%s", errmsg); } strncpy(g.option.ifname, ifname, sizeof(g.option.ifname) - 1); } g.pcap.pcap = pcap_create(g.option.ifname, errmsg); if(!g.pcap.pcap) { error_abort("%s", errmsg); } if(pcap_set_buffer_size(g.pcap.pcap, g.option.buffer * 1024 * 1024) != 0) { error_abort("%s", "can not set buffer size"); } if(pcap_set_snaplen(g.pcap.pcap, DEFAULT_PCAP_SNAPLEN) != 0) { error_abort("%s", "can not set snaplen"); } if(pcap_set_promisc(g.pcap.pcap, g.option.promisc) != 0) { error_abort("%s", "can not set promiscuous mode"); } if(pcap_set_timeout(g.pcap.pcap, 1) != 0) { error_abort("%s", "can not set timeout"); } if(pcap_activate(g.pcap.pcap) != 0) { error_abort("%s", pcap_geterr(g.pcap.pcap)); } if(pcap_compile(g.pcap.pcap, &bpf, expression, 0, 0) == -1) { error_abort("%s '%s'", pcap_geterr(g.pcap.pcap), expression); } if(pcap_setfilter(g.pcap.pcap, &bpf) == -1){ error_abort("%s", pcap_geterr(g.pcap.pcap)); } pcap_freecode(&bpf); g.pcap.snapshot = pcap_snapshot(g.pcap.pcap); g.pcap.datalink = pcap_datalink(g.pcap.pcap); if(g.pcap.datalink != DLT_EN10MB && g.pcap.datalink != DLT_LINUX_SLL) { error_abort("not support datalink %s (%s)", pcap_datalink_val_to_name(g.pcap.datalink), pcap_datalink_val_to_description(g.pcap.datalink) ); } }
struct nc_session *nc_session_connect_tls_socket(const char* username, const char* UNUSED(host), int sock) { struct nc_session *retval; struct passwd *pw; pthread_mutexattr_t mattr; int verify, r; SSL_CTX* tls_ctx; tls_ctx = pthread_getspecific(tls_ctx_key); if (tls_ctx == NULL) { ERROR("TLS subsystem not initiated."); return (NULL); } /* get current user if username not explicitely specified */ if (username == NULL || strisempty(username)) { pw = getpwuid(getuid()); if (pw == NULL) { /* unable to get correct username (errno from getpwuid) */ ERROR("Unable to set a username for the SSH connection (%s).", strerror(errno)); return (NULL); } username = pw->pw_name; } /* allocate netconf session structure */ retval = calloc(1, sizeof(struct nc_session)); if (retval == NULL) { ERROR("Memory allocation failed (%s)", strerror(errno)); return (NULL); } memset(retval, 0, sizeof(struct nc_session)); if ((retval->stats = malloc (sizeof (struct nc_session_stats))) == NULL) { ERROR("Memory allocation failed (%s)", strerror(errno)); free(retval); return NULL; } /* prepare a new TLS structure */ if ((retval->tls = SSL_new(tls_ctx)) == NULL) { ERROR("%s: Unable to prepare TLS structure (%s)", __func__, ERR_reason_error_string(ERR_get_error())); free(retval->stats); free(retval); return (NULL); } /* connect SSL with existing socket */ SSL_set_fd(retval->tls, sock); /* Set the SSL_MODE_AUTO_RETRY flag to allow OpenSSL perform re-handshake automatically */ SSL_set_mode(retval->tls, SSL_MODE_AUTO_RETRY); /* connect and perform the handshake */ if (SSL_connect(retval->tls) != 1) { ERROR("Connecting over TLS failed (%s).", ERR_reason_error_string(ERR_get_error())); SSL_free(retval->tls); free(retval->stats); free(retval); return (NULL); } /* check certificate checking */ verify = SSL_get_verify_result(retval->tls); switch (verify) { case X509_V_OK: VERB("Server certificate successfully verified."); break; default: WARN("I'm not happy with the server certificate (%s).", verify_ret_msg[verify]); } /* fill session structure */ retval->transport_socket = sock; retval->fd_input = -1; retval->fd_output = -1; retval->username = strdup(username); retval->groups = NULL; /* client side does not need this information */ retval->msgid = 1; retval->queue_event = NULL; retval->queue_msg = NULL; retval->logintime = NULL; retval->monitored = 0; retval->nacm_recovery = 0; /* not needed/decidable on the client side */ retval->stats->in_rpcs = 0; retval->stats->in_bad_rpcs = 0; retval->stats->out_rpc_errors = 0; retval->stats->out_notifications = 0; if (pthread_mutexattr_init(&mattr) != 0) { ERROR("Memory allocation failed (%s:%d).", __FILE__, __LINE__); free(retval); return (NULL); } pthread_mutexattr_settype(&mattr, PTHREAD_MUTEX_RECURSIVE); retval->mut_channel = (pthread_mutex_t *) malloc(sizeof(pthread_mutex_t)); if ((r = pthread_mutex_init(retval->mut_channel, &mattr)) != 0 || (r = pthread_mutex_init(&(retval->mut_mqueue), &mattr)) != 0 || (r = pthread_mutex_init(&(retval->mut_equeue), &mattr)) != 0 || (r = pthread_mutex_init(&(retval->mut_ntf), &mattr)) != 0 || (r = pthread_mutex_init(&(retval->mut_session), &mattr)) != 0) { ERROR("Mutex initialization failed (%s).", strerror(r)); pthread_mutexattr_destroy(&mattr); free(retval); return (NULL); } pthread_mutexattr_destroy(&mattr); return (retval); }