/* an FQDN will match another FQDN with a trailing . */ void t5(void) { struct id a,b; zero(&a); zero(&b); printf("t5\n"); atoid("example.com", &a, FALSE); atoid("example.com.", &b,FALSE); passert(same_exact_id(&a,&b) == 1); }
/* an FROMCERT will not match FQDN */ void t6(void) { struct id a,b; zero(&a); zero(&b); printf("t6\n"); atoid("%fromcert", &a, FALSE); atoid("example.com", &b,FALSE); passert(same_exact_id(&a,&b) == 0); }
struct secret *pick_key(struct secret *host_secrets , char *idname) { struct id id; struct secret *s; err_t e; e = atoid(idname, &id, FALSE); if(e) { printf("%s: key '%s' is invalid\n", progname, idname); exit(4); } s = osw_find_secret_by_id(host_secrets, PPK_RSA , &id, NULL, TRUE /* asymmetric */); if(s==NULL) { char abuf[IDTOA_BUF]; idtoa(&id, abuf, IDTOA_BUF); printf("%s: can not find key: %s (%s)\n", progname, idname, abuf); exit(5); } return s; }
/* * Returns true if "user" is a member of "group", else false. */ static int sysgroup_query(const char *user, const char *group, const struct passwd *pwd) { char **member; struct group *grp; grp = sysgroup_getgrnam(group); if (grp == NULL && group[0] == '#' && group[1] != '\0') { const char *errstr; gid_t gid = atoid(group + 1, NULL, NULL, &errstr); if (errstr == NULL) grp = sysgroup_getgrgid(gid); } if (grp != NULL) { if (grp->gr_mem != NULL) { for (member = grp->gr_mem; *member != NULL; member++) { if (strcasecmp(user, *member) == 0) { if (sysgroup_gr_delref) sysgroup_gr_delref(grp); return true; } } } if (sysgroup_gr_delref) sysgroup_gr_delref(grp); } return false; }
void set_myid(enum myid_state s, char *idstr) { if (idstr != NULL) { struct id id; err_t ugh = atoid(idstr, &id, FALSE, FALSE); if (ugh != NULL) { loglog(RC_BADID, "myid malformed: %s \"%s\"", ugh, idstr); } else { free_id_content(&myids[s]); unshare_id_content(&id); myids[s] = id; if (s == MYID_SPECIFIED) myid_state = MYID_SPECIFIED; calc_myid_str(s); } } }
/* * BSD-compatible getgrouplist(3) using getgrset(3) */ int getgrouplist(const char *name, gid_t basegid, gid_t *groups, int *ngroupsp) { char *cp, *grset = NULL; int i, ngroups = 1; int grpsize = *ngroupsp; int rval = -1; gid_t gid; /* We support BSD semantics where the first element is the base gid */ if (grpsize <= 0) return -1; groups[0] = basegid; #ifdef HAVE_SETAUTHDB aix_setauthdb((char *) name); #endif if ((grset = getgrset(name)) != NULL) { const char *errstr; for (cp = strtok(grset, ","); cp != NULL; cp = strtok(NULL, ",")) { gid = atoid(cp, NULL, NULL, &errstr); if (errstr == NULL && gid != basegid) { if (ngroups == grpsize) goto done; groups[ngroups++] = gid; } } } rval = 0; done: free(grset); #ifdef HAVE_SETAUTHDB aix_restoreauthdb(); #endif *ngroupsp = ngroups; return rval; }
static void key_add_request(const struct whack_message *msg) { struct id keyid; err_t ugh = atoid(msg->keyid, &keyid, FALSE, FALSE); if (ugh != NULL) { loglog(RC_BADID, "bad --keyid \"%s\": %s", msg->keyid, ugh); } else { if (!msg->whack_addkey) delete_public_keys(&pluto_pubkeys, &keyid, msg->pubkey_alg); if (msg->keyval.len == 0) { struct key_add_common *oc = alloc_thing(struct key_add_common, "key add common things"); enum key_add_attempt kaa; /* initialize state shared by queries */ oc->refCount = 0; oc->whack_fd = dup_any(whack_log_fd); oc->success = FALSE; for (kaa = ka_TXT; kaa != ka_roof; kaa++) { struct key_add_continuation *kc = alloc_thing( struct key_add_continuation, "key add continuation"); oc->diag[kaa] = NULL; oc->refCount++; kc->common = oc; kc->lookingfor = kaa; switch (kaa) { case ka_TXT: ugh = start_adns_query(&keyid, &keyid, /* same */ ns_t_txt, key_add_continue, &kc->ac); break; #ifdef USE_KEYRR case ka_KEY: ugh = start_adns_query(&keyid, NULL, ns_t_key, key_add_continue, &kc->ac); break; #endif /* USE_KEYRR */ default: bad_case(kaa); /* suppress gcc warning */ } if (ugh != NULL) { oc->diag[kaa] = clone_str(ugh, "early key add failure"); oc->refCount--; } } /* Done launching queries. * Handle total failure case. */ key_add_merge(oc, &keyid); } else { ugh = add_public_key(&keyid, DAL_LOCAL, msg->pubkey_alg, &msg->keyval, &pluto_pubkeys); if (ugh != NULL) loglog(RC_LOG_SERIOUS, "%s", ugh); } }
main(int argc, char *argv[]){ int len; char *infile; FILE *idfile; char idbuf[256]; int lineno = 0; EF_PROTECT_FREE = 1; EF_FREE_WIPES = 1; lsw_init_rootdir("../../../baseconfigs/all"); progname = argv[0]; leak_detective = 1; if (argc != 3 ) { fprintf(stderr, "Usage: %s <whackrecord> <idfile>\n", progname); exit(10); } /* argv[1] == "-r" */ tool_init_log(); infile = argv[1]; readwhackmsg(infile); idfile = fopen(argv[2], "r"); if (!idfile) { perror(argv[2]); exit(11); } cur_debugging = DBG_CONTROL | DBG_CONTROLMORE; while (fgets(idbuf, sizeof(idbuf), idfile) != NULL) { struct state *st1; struct connection *nc; struct id peer_id; int aggrmode, initiate; char id1[256]; /* ignore comments */ if (idbuf[0] == '#') continue; st1 = new_state(); sscanf(idbuf, "%s %u %u", id1, &initiate, &aggrmode); /* set it to the first connection, there may be only one?? */ st1->st_connection = connections; /* safe: from new_state */ st1->st_oakley.auth = OAKLEY_RSA_SIG; passert(connections != NULL); atoid(id1, &peer_id, TRUE); nc = refine_host_connection(st1, &peer_id, initiate, aggrmode); printf("%u: %s -> conn: %s\n", ++lineno, id1, nc ? nc->name : "<none>"); } report_leaks(); tool_close_log(); exit(0); }
void chord_main(char *conf_file, int parent_sock) { fd_set interesting, readable; int nfound, nfds; struct in_addr ia; char id[4*ID_LEN]; FILE *fp; int64_t stabilize_wait; struct timeval timeout; setprogname("chord"); srandom(getpid() ^ time(0)); memset(&srv, 0, sizeof(Server)); srv.to_fix_finger = NFINGERS-1; fp = fopen(conf_file, "r"); if (fp == NULL) eprintf("fopen(%s,\"r\") failed:", conf_file); if (fscanf(fp, "%hd", (short*)&srv.node.port) != 1) eprintf("Didn't find port in \"%s\"", conf_file); if (fscanf(fp, " %s\n", id) != 1) eprintf("Didn't find id in \"%s\"", conf_file); srv.node.id = atoid(id); /* Figure out one's own address somehow */ srv.node.addr = ntohl(get_addr()); ia.s_addr = htonl(srv.node.addr); fprintf(stderr, "Chord started.\n"); fprintf(stderr, "id="); print_id(stderr, &srv.node.id); fprintf(stderr, "\n"); fprintf(stderr, "ip=%s\n", inet_ntoa(ia)); fprintf(stderr, "port=%d\n", srv.node.port); initialize(&srv); srv_ref = &srv; join(&srv, fp); fclose(fp); FD_ZERO(&interesting); FD_SET(srv.in_sock, &interesting); FD_SET(parent_sock, &interesting); nfds = MAX(srv.in_sock, parent_sock) + 1; NumKeys = read_keys(ACCLIST_FILE, KeyArray, MAX_KEY_NUM); if (NumKeys == -1) { printf("Error opening file: %s\n", ACCLIST_FILE); } if (NumKeys == 0) { printf("No key found in %s\n", ACCLIST_FILE); } /* Loop on input */ for (;;) { readable = interesting; stabilize_wait = (int64_t)(srv.next_stabilize_us - wall_time()); stabilize_wait = MAX(stabilize_wait,0); timeout.tv_sec = stabilize_wait / 1000000UL; timeout.tv_usec = stabilize_wait % 1000000UL; nfound = select(nfds, &readable, NULL, NULL, &timeout); if (nfound < 0 && errno == EINTR) { continue; } if (nfound == 0) { stabilize_wait = (int64_t)(srv.next_stabilize_us - wall_time()); if( stabilize_wait <= 0 ) { stabilize( &srv ); } continue; } if (FD_ISSET(srv.in_sock, &readable)) { handle_packet(srv.in_sock); } else if (FD_ISSET(parent_sock, &readable)) { handle_packet(parent_sock); } else { assert(0); } } }
int main(int argc, char *argv[]) { struct passwd pw, rpw; size_t len; FILE *fp; char line[2048]; char *file_in = NULL, *file_out = NULL; char *dir_in = NULL, *dir_out = NULL; const char *errstr; int state = 0; int errors = 0; int tests = 0; initprogname(argc > 0 ? argv[0] : "check_iolog_path"); if (argc != 2) usage(); fp = fopen(argv[1], "r"); if (fp == NULL) fatalx("unable to open %s", argv[1]); memset(&pw, 0, sizeof(pw)); memset(&rpw, 0, sizeof(rpw)); sudo_user.pw = &pw; sudo_user._runas_pw = &rpw; /* * Input consists of 12 lines: * sequence number * user name * user gid * runas user name * runas gid * hostname [short form] * command * dir [with escapes] * file [with escapes] * expanded dir * expanded file * empty line */ while (fgets(line, sizeof(line), fp) != NULL) { len = strcspn(line, "\n"); line[len] = '\0'; switch (state) { case 0: strlcpy(sessid, line, sizeof(sessid)); break; case 1: if (user_name != NULL) free(user_name); user_name = strdup(line); break; case 2: user_gid = (gid_t)atoid(line, NULL, NULL, &errstr); if (errstr != NULL) fatalx("group ID %s: %s", line, errstr); break; case 3: if (runas_pw->pw_name != NULL) free(runas_pw->pw_name); runas_pw->pw_name = strdup(line); break; case 4: runas_pw->pw_gid = (gid_t)atoid(line, NULL, NULL, &errstr); if (errstr != NULL) fatalx("group ID %s: %s", line, errstr); break; case 5: user_shost = strdup(line); break; case 6: user_base = strdup(line); break; case 7: dir_in = strdup(line); break; case 8: file_in = strdup(line); break; case 9: dir_out = strdup(line); break; case 10: file_out = strdup(line); break; case 11: errors += do_check(dir_in, file_in, dir_out, file_out); tests++; break; default: fatalx("internal error, invalid state %d", state); } state = (state + 1) % MAX_STATE; } if (tests != 0) { printf("iolog_path: %d test%s run, %d errors, %d%% success rate\n", tests, tests == 1 ? "" : "s", errors, (tests - errors) * 100 / tests); } exit(errors); }
/* Handle a kernel request. Supposedly, there's a message in * the kernelsock socket. */ void whack_handle(int whackctlfd) { struct whack_message msg; struct sockaddr_un whackaddr; int whackaddrlen = sizeof(whackaddr); int whackfd = accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen); ssize_t n; if (whackfd < 0) { log_errno((e, "accept() failed in whack_handle()")); return; } n = read(whackfd, &msg, sizeof(msg)); if (n == -1) { log_errno((e, "read() failed in whack_handle()")); close(whackfd); return; } whack_log_fd = whackfd; /* sanity check message */ { err_t ugh = NULL; next_str = msg.string; str_roof = (char *)&msg + n; if (next_str > str_roof) { ugh = builddiag("truncated message from whack: got %d bytes; expected %d. Message ignored." , n, (int) sizeof(msg)); } else if (msg.magic != WHACK_MAGIC) { ugh = builddiag("message from whack has bad magic %d; should be %d; probably wrong version. Message ignored" , msg.magic, WHACK_MAGIC); } else if (!unpack_str(&msg.name) /* string 1 */ || !unpack_str(&msg.left.id) /* string 2 */ || !unpack_str(&msg.left.cert) /* string 3 */ || !unpack_str(&msg.left.updown) /* string 4 */ #ifdef VIRTUAL_IP || !unpack_str(&msg.left.virt) #endif || !unpack_str(&msg.right.id) /* string 5 */ || !unpack_str(&msg.right.cert) /* string 6 */ || !unpack_str(&msg.right.updown) /* string 7 */ #ifdef VIRTUAL_IP || !unpack_str(&msg.right.virt) #endif || !unpack_str(&msg.keyid) /* string 8 */ || !unpack_str(&msg.ike) /* string 9 */ || !unpack_str(&msg.esp) /* string 10 */ || !unpack_str(&msg.dnshostname) /* string 11 */ || str_roof - next_str != (ptrdiff_t)msg.keyval.len) /* check chunk */ { ugh = "message from whack contains bad string"; } else { msg.keyval.ptr = next_str; /* grab chunk */ } if (ugh != NULL) { loglog(RC_BADWHACKMESSAGE, "%s", ugh); whack_log_fd = NULL_FD; close(whackfd); return; } } if (msg.whack_options) { #ifdef DEBUG if (msg.name == NULL) { /* we do a two-step so that if either old or new would * cause the message to print, it will be printed. */ cur_debugging |= msg.debugging; DBG(DBG_CONTROL , DBG_log("base debugging = %s" , bitnamesof(debug_bit_names, msg.debugging))); cur_debugging = base_debugging = msg.debugging; } else if (!msg.whack_connection) { struct connection *c = con_by_name(msg.name, TRUE); if (c != NULL) { c->extra_debugging = msg.debugging; DBG(DBG_CONTROL , DBG_log("\"%s\" extra_debugging = %s" , c->name , bitnamesof(debug_bit_names, c->extra_debugging))); } } #endif } /* Deleting combined with adding a connection works as replace. * To make this more useful, in only this combination, * delete will silently ignore the lack of the connection. */ if (msg.whack_delete) { struct connection *c = con_by_name(msg.name, !msg.whack_connection); /* note: this is a "while" because road warrior * leads to multiple connections with the same name. */ for (; c != NULL; c = con_by_name(msg.name, FALSE)) delete_connection(c); } if (msg.whack_deletestate) { struct state *st = state_with_serialno(msg.whack_deletestateno); if (st == NULL) { loglog(RC_UNKNOWN_NAME, "no state #%lu to delete" , msg.whack_deletestateno); } else { delete_state(st); } } if (msg.whack_connection) add_connection(&msg); /* process "listen" before any operation that could require it */ if (msg.whack_listen) { log("listening for IKE messages"); listening = TRUE; find_ifaces(); load_preshared_secrets(); } if (msg.whack_unlisten) { log("no longer listening for IKE messages"); listening = FALSE; } if (msg.whack_reread & REREAD_SECRETS) { load_preshared_secrets(); } if (msg.whack_reread & REREAD_MYCERT) { load_mycert(); } if (msg.whack_reread & REREAD_CACERTS) { load_cacerts(); } if (msg.whack_reread & REREAD_CRLS) { load_crls(); } if (msg.whack_list & LIST_PUBKEYS) { list_public_keys(msg.whack_utc); } if (msg.whack_list & LIST_CERTS) { list_certs(msg.whack_utc); } if (msg.whack_list & LIST_CACERTS) { list_cacerts(msg.whack_utc); } if (msg.whack_list & LIST_CRLS) { list_crls(msg.whack_utc); } if (msg.whack_key) { /* add a public key */ struct id keyid; err_t ugh = atoid(msg.keyid, &keyid); if (ugh != NULL) { loglog(RC_BADID, "bad --keyid \"%s\": %s", msg.keyid, ugh); } else { if (!msg.whack_addkey) delete_public_keys(&keyid, msg.pubkey_alg); if (msg.keyval.len == 0) { struct key_add_continuation *kc = alloc_thing(struct key_add_continuation , "key add continuation"); int wfd = dup_any(whackfd); kc->whack_fd = wfd; ugh = start_adns_query(&keyid , NULL , T_KEY , key_add_continue , &kc->ac); if (ugh != NULL) { key_add_ugh(&keyid, ugh); close_any(wfd); } } else { ugh = add_public_key(&keyid, DAL_LOCAL, msg.pubkey_alg , &msg.keyval, &pubkeys); if (ugh != NULL) loglog(RC_LOG_SERIOUS, "%s", ugh); } } }