static int
ktest_equal_dh_rep_info(krb5_dh_rep_info *ref, krb5_dh_rep_info *var)
{
int p = TRUE;
if (ref == var) return TRUE;
else if (ref == NULL || var == NULL) return FALSE;
p = p && equal_str(dhSignedData);
p = p && equal_str(serverDHNonce);
p = p && ptr_equal(kdfID, ktest_equal_data);
return p;
}
static int
ktest_equal_algorithm_identifier(krb5_algorithm_identifier *ref,
krb5_algorithm_identifier *var)
{
int p = TRUE;
if (ref == var) return TRUE;
else if (ref == NULL || var == NULL) return FALSE;
p = p && equal_str(algorithm);
p = p && equal_str(parameters);
return p;
}
int
ktest_equal_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *ref,
krb5_pa_pk_as_req_draft9 *var)
{
int p = TRUE;
if (ref == var) return TRUE;
else if (ref == NULL || var == NULL) return FALSE;
p = p && equal_str(signedAuthPack);
p = p && equal_str(kdcCert);
return p;
}
int
ktest_equal_pa_pk_as_req(krb5_pa_pk_as_req *ref, krb5_pa_pk_as_req *var)
{
int p = TRUE;
if (ref == var) return TRUE;
else if (ref == NULL || var == NULL) return FALSE;
p = p && equal_str(signedAuthPack);
p = p && ptr_equal(trustedCertifiers,
ktest_equal_sequence_of_external_principal_identifier);
p = p && equal_str(kdcPkId);
return p;
}
static int
ktest_equal_external_principal_identifier(
krb5_external_principal_identifier *ref,
krb5_external_principal_identifier *var)
{
int p = TRUE;
if (ref == var) return TRUE;
else if (ref == NULL || var == NULL) return FALSE;
p = p && equal_str(subjectName);
p = p && equal_str(issuerAndSerialNumber);
p = p && equal_str(subjectKeyIdentifier);
return p;
}
int
ktest_equal_pa_otp_challenge(krb5_pa_otp_challenge *ref,
krb5_pa_otp_challenge *var)
{
int p = TRUE;
if (ref == var) return TRUE;
else if (ref == NULL || var == NULL) return FALSE;
p = p && equal_str(nonce);
p = p && equal_str(service);
p = p && ptr_equal(tokeninfo, ktest_equal_sequence_of_otp_tokeninfo);
p = p && equal_str(salt);
p = p && equal_str(s2kparams);
return p;
}
static ret_t
add_method (char *method, void *data)
{
cherokee_config_entry_t *entry = CONF_ENTRY(data);
if (equal_str (method, "basic"))
entry->authentication |= http_auth_basic;
else if (equal_str (method, "digest"))
entry->authentication |= http_auth_digest;
else {
LOG_ERROR (CHEROKEE_ERROR_VALIDATOR_METHOD_UNKNOWN, method);
return ret_error;
}
return ret_ok;
}
int process_command_line(command_line* cmd_line) {
int child_pid = fork();
if (child_pid == 0) {
// use pipe's fd for piping
if (cmd_line->piped) {
dup3(cmd_line->pipe_filedes[0], FD_STDIN);
dup3(cmd_line->target_command_line->pipe_filedes[1], FD_STDOUT);
}
usleep(DELAY_EXEC_IN_MICRO_SECOND);
char **argv = build_argv(cmd_line);
execvp(argv[0], argv);
fprintf(stderr, "failed to execute command \'%s\': No such file or directory\n", argv[0]);
exit(-1);
}
cmd_line->pid = child_pid;
if (equal_str(cmd_line->action, "wait")) {
pid_t pid;
int status;
while ((pid = waitpid(child_pid, &status, 0))) {
if (pid == -1 && errno == EINTR) {
continue;
}
break;
}
}
return 0;
}
void signal_handler(int signo) {
if (signo == SIGINT) {
will_dead = 1;
broadcasting_signal(signo);
fprintf(stderr, "terminated by SIGNAL(%d)\n", SIGINT);
exit(1);
} else if (signo == SIGCHLD) {
if (will_dead) {
return;
}
int state;
pid_t pid_child = waitpid(-1, &state, WNOHANG);
for (int i = 0; i < command_line_list->num_of_elements; i++) {
command_line* cmd_line = (command_line*)command_line_list->elements[i];
if (cmd_line->pid == pid_child && equal_str(cmd_line->action, "respawn")) {
process_command_line(cmd_line);
break;
}
}
} else if (signo == SIGTERM) {
will_dead = 1;
broadcasting_signal(signo);
fprintf(stderr, "terminated by SIGNAL(%d)\n", SIGTERM);
exit(1);
}
}
int
ktest_equal_otp_tokeninfo(krb5_otp_tokeninfo *ref, krb5_otp_tokeninfo *var)
{
int p = TRUE;
if (ref == var) return TRUE;
else if (ref == NULL || var == NULL) return FALSE;
p = p && scalar_equal(flags);
p = p && equal_str(vendor);
p = p && equal_str(challenge);
p = p && scalar_equal(length);
p = p && scalar_equal(format);
p = p && equal_str(token_id);
p = p && equal_str(alg_id);
p = p && ptr_equal(supported_hash_alg,
ktest_equal_sequence_of_algorithm_identifier);
p = p && scalar_equal(iteration_count);
return p;
}
command_line* find_command_line_by_id(const char *id) {
for (int i = 0; i < command_line_list->num_of_elements; i++) {
command_line* elem = (command_line*)command_line_list->elements[i];
if (equal_str(elem->id, id)) {
return command_line_list->elements[i];
}
}
return NULL;
}
static int
ktest_equal_subject_pk_info(krb5_subject_pk_info *ref,
krb5_subject_pk_info *var)
{
int p = TRUE;
if (ref == var) return TRUE;
else if (ref == NULL || var == NULL) return FALSE;
p = p && struct_equal(algorithm, ktest_equal_algorithm_identifier);
p = p && equal_str(subjectPublicKey);
return p;
}
int
ktest_equal_pa_for_user(krb5_pa_for_user *ref, krb5_pa_for_user *var)
{
int p = TRUE;
if (ref == var) return TRUE;
else if (ref == NULL || var == NULL) return FALSE;
p = p && ptr_equal(user, ktest_equal_principal_data);
p = p && struct_equal(cksum, ktest_equal_checksum);
p = p && equal_str(auth_package);
return p;
}
int
ktest_equal_sam_challenge_2(krb5_sam_challenge_2 *ref,
krb5_sam_challenge_2 *var)
{
int p = TRUE;
if (ref == var) return TRUE;
else if (ref == NULL || var == NULL) return FALSE;
p = p && equal_str(sam_challenge_2_body);
p = p && ptr_equal(sam_cksum,ktest_equal_sequence_of_checksum);
return p;
}
int
ktest_equal_kdc_dh_key_info(krb5_kdc_dh_key_info *ref,
krb5_kdc_dh_key_info *var)
{
int p = TRUE;
if (ref == var) return TRUE;
else if (ref == NULL || var == NULL) return FALSE;
p = p && equal_str(subjectPublicKey);
p = p && scalar_equal(nonce);
p = p && scalar_equal(dhKeyExpiration);
return p;
}
int run(const char* filename) {
FILE *fp = fopen(filename, "r");
if (fp == NULL) {
return -1;
}
command_line_list = list_create();
char line[256];
while (!feof(fp)) {
memset_zero(line);
fgets(line, sizeof(line), fp);
line_number ++;
command_line* cmd_line = validate_command_line(line);
if (cmd_line == NULL) {
continue;
}
list_push_back(command_line_list, cmd_line);
// create pipe for piping
pipe(cmd_line->pipe_filedes);
}
fclose(fp);
// run commands line by line
for (int i = 0; i < command_line_list->num_of_elements; i++) {
command_line* cmd_line = (command_line*)command_line_list->elements[i];
process_command_line(cmd_line);
}
// wait until all child processes are exited
while (1) {
int status;
pid_t pid = wait(&status);
if (pid == -1 && errno == EINTR) {
continue;
}
// but if exited command's action type is respwan, re-run that command
for (int i = 0; i < command_line_list->num_of_elements; i++) {
command_line* cmd_line = (command_line*)command_line_list->elements[i];
if (cmd_line->pid == pid && equal_str(cmd_line->action, "respawn")) {
process_command_line(cmd_line);
break;
}
}
}
return 0;
}
int
ktest_equal_pa_pk_as_rep(krb5_pa_pk_as_rep *ref, krb5_pa_pk_as_rep *var)
{
int p = TRUE;
if (ref == var) return TRUE;
else if (ref == NULL || var == NULL) return FALSE;
if (ref->choice != var->choice) return FALSE;
if (ref->choice == choice_pa_pk_as_rep_dhInfo)
p = p && struct_equal(u.dh_Info, ktest_equal_dh_rep_info);
else if (ref->choice == choice_pa_pk_as_rep_encKeyPack)
p = p && equal_str(u.encKeyPack);
return p;
}
int
ktest_equal_auth_pack(krb5_auth_pack *ref, krb5_auth_pack *var)
{
int p = TRUE;
if (ref == var) return TRUE;
else if (ref == NULL || var == NULL) return FALSE;
p = p && struct_equal(pkAuthenticator, ktest_equal_pk_authenticator);
p = p && ptr_equal(clientPublicValue, ktest_equal_subject_pk_info);
p = p && ptr_equal(supportedCMSTypes,
ktest_equal_sequence_of_algorithm_identifier);
p = p && equal_str(clientDHNonce);
p = p && ptr_equal(supportedKDFs, ktest_equal_sequence_of_data);
return p;
}
int
ktest_equal_pa_otp_req(krb5_pa_otp_req *ref, krb5_pa_otp_req *var)
{
int p = TRUE;
if (ref == var) return TRUE;
else if (ref == NULL || var == NULL) return FALSE;
p = p && scalar_equal(flags);
p = p && equal_str(nonce);
p = p && struct_equal(enc_data, ktest_equal_enc_data);
p = p && ptr_equal(hash_alg, ktest_equal_algorithm_identifier);
p = p && scalar_equal(iteration_count);
p = p && equal_str(otp_value);
p = p && equal_str(pin);
p = p && equal_str(challenge);
p = p && scalar_equal(time);
p = p && equal_str(counter);
p = p && scalar_equal(format);
p = p && equal_str(token_id);
p = p && equal_str(alg_id);
p = p && equal_str(vendor);
return p;
}
int
ktest_equal_sam_challenge_2_body(krb5_sam_challenge_2_body *ref,
krb5_sam_challenge_2_body *var)
{
int p = TRUE;
if (ref == var) return TRUE;
else if (ref == NULL || var == NULL) return FALSE;
p = p && scalar_equal(sam_type);
p = p && scalar_equal(sam_flags);
p = p && equal_str(sam_type_name);
p = p && equal_str(sam_track_id);
p = p && equal_str(sam_challenge_label);
p = p && equal_str(sam_challenge);
p = p && equal_str(sam_response_prompt);
p = p && equal_str(sam_pk_for_sad);
p = p && scalar_equal(sam_nonce);
p = p && scalar_equal(sam_etype);
return p;
}
ret_t
cherokee_validator_parse_digest (cherokee_validator_t *validator,
char *str, cuint_t str_len)
{
cuint_t len;
char *end;
char *entry;
char *comma;
char *equal;
cherokee_buffer_t auth = CHEROKEE_BUF_INIT;
cherokee_buffer_t *entry_buf;
/* Copy authentication string
*/
cherokee_buffer_add (&auth, str, str_len);
entry = auth.buf;
end = auth.buf + auth.len;
do {
/* Skip some chars
*/
while ((*entry == CHR_SP) ||
(*entry == CHR_CR) ||
(*entry == CHR_LF)) entry++;
/* Check for the end
*/
if (entry >= end)
break;
comma = strchr(entry, ',');
if (equal_str (entry, "nc")) {
entry_buf = &validator->nc;
} else if (equal_str (entry, "uri")) {
entry_buf = &validator->uri;
} else if (equal_str (entry, "qop")) {
entry_buf = &validator->qop;
} else if (equal_str (entry, "realm")) {
entry_buf = &validator->realm;
} else if (equal_str (entry, "nonce")) {
entry_buf = &validator->nonce;
} else if (equal_str (entry, "cnonce")) {
entry_buf = &validator->cnonce;
} else if (equal_str (entry, "username")) {
entry_buf = &validator->user;
} else if (equal_str (entry, "response")) {
entry_buf = &validator->response;
} else if (equal_str (entry, "algorithm")) {
entry_buf = &validator->algorithm;
} else {
entry = comma + 1;
continue;
}
/* Split the string [1]
*/
if (comma) *comma = '\0';
equal = strchr (entry, '=');
if (equal == NULL) {
if (comma) *comma = ','; /* [1] */
continue;
}
/* Check for "s and skip it
*/
equal += (equal[1] == '"') ? 2 : 1;
len = strlen(equal);
while ((len > 0) &&
((equal[len-1] == '"') ||
(equal[len-1] == CHR_CR) ||
(equal[len-1] == CHR_LF))) len--;
/* Copy the entry value
*/
cherokee_buffer_add (entry_buf, equal, len);
/* Resore [1], and prepare next loop
*/
if (comma)
*comma = ',';
entry = comma + 1;
} while (comma != NULL);
#if 0
printf ("nc %s\n", validator->nc.buf);
printf ("uri %s\n", validator->uri.buf);
printf ("qop %s\n", validator->qop.buf);
printf ("realm %s\n", validator->realm.buf);
printf ("nonce %s\n", validator->nonce.buf);
printf ("cnonce %s\n", validator->cnonce.buf);
printf ("username %s\n", validator->user.buf);
printf ("reponse %s\n", validator->response.buf);
printf ("algorithm %s\n", validator->algorithm.buf);
#endif
/* Clean up and exit
*/
cherokee_buffer_mrproper (&auth);
return ret_ok;
}
command_line* validate_command_line(char* line) {
// remove LF
if (line[strlen(line) - 1] == '\n') {
line[strlen(line) - 1] = 0;
}
// pass blank line
if (strlen(line) == 0) {
return NULL;
}
// skip comment line
if (line[0] == '#') {
return NULL;
}
if (test_format(line) < 0) {
return NULL;
}
struct command_line* cmd_line = tokenizing_line(line);
if (id_validate(cmd_line->id) < 0) {
fprintf(stderr, "invalid id \'%s\' in line %d, ignored\n", cmd_line->id, line_number);
free(cmd_line);
return NULL;
}
if (find_command_line_by_id(cmd_line->id) != NULL) {
fprintf(stderr, "duplicate id \'%s\' in line %d, ignored\n", cmd_line->id, line_number);
free(cmd_line);
return NULL;
}
if (strlen(cmd_line->action) == 0 ||
(! equal_str (cmd_line->action, "once")
&& ! equal_str (cmd_line->action, "wait")
&& ! equal_str (cmd_line->action, "respawn"))) {
fprintf(stderr, "invalid action \'%s\' in line %d, ignored\n", cmd_line->action, line_number);
free(cmd_line);
return NULL;
}
if (strlen(cmd_line->pipe_id) > 0) {
command_line* target_command_line = find_command_line_by_id(cmd_line->pipe_id);
if (target_command_line == NULL) {
if (id_validate(cmd_line->pipe_id) < 0) {
fprintf(stderr, "invalid pipe-id \'%s\' in line %d, ignored\n", cmd_line->pipe_id, line_number);
} else {
fprintf(stderr, "unknown pipe-id \'%s\' in line %d, ignored\n", cmd_line->pipe_id, line_number);
}
free(cmd_line);
return NULL;
} else {
if (equal_str(cmd_line->action, "respawn") || equal_str(target_command_line->action, "respawn")) {
fprintf(stderr, "pipe not allowed for \'respawn\' tasks in line %d, ignored\n", line_number);
free(cmd_line);
return NULL;
}
if (target_command_line->piped) {
fprintf(stderr, "pipe not allowed for already piped tasks in line %d, ignored\n", line_number);
free(cmd_line);
return NULL;
}
// link each commands for piping feature
target_command_line->piped = 1;
target_command_line->target_command_line = cmd_line;
cmd_line->piped = 1;
cmd_line->target_command_line = target_command_line;
}
}
if (strlen(cmd_line->command) == 0) {
fprintf(stderr, "empty command in line %d, ignored\n", line_number);
free(cmd_line);
return NULL;
}
return cmd_line;
}