static int test_item7(void)
{
int rc = TC_PASS;
TYPE_VALUE* target_addr = NULL;
TYPE_VALUE* source_addr = NULL;
TYPE_VALUE source_value = 0;
TYPE_VALUE expect_value = 0;
int num_proc = 0;
int my_proc = 0;
num_proc = _num_pes();
my_proc = _my_pe();
target_addr = (TYPE_VALUE*)shmalloc(sizeof(*target_addr) * __max_buffer_size);
source_addr = (TYPE_VALUE*)shmalloc(sizeof(*source_addr) * __max_buffer_size);
if (target_addr && source_addr)
{
TYPE_VALUE value = DEFAULT_VALUE;
int i = 0;
int j = 0;
long cur_buf_size = 0;
for (i = 0; (i < __cycle_count) && (rc == TC_PASS); i++)
{
cur_buf_size = sys_max(1, (i + 1) * __max_buffer_size / __cycle_count);
pWrk = shmalloc(sizeof(*pWrk) * sys_max(cur_buf_size/2 + 1, _SHMEM_REDUCE_MIN_WRKDATA_SIZE));
if (pWrk)
{
/* Set initial target value */
value = DEFAULT_VALUE;
fill_buffer((void *)target_addr, cur_buf_size, (void *)&value, sizeof(value));
/* Give some time to all PE for setting their values */
shmem_barrier_all();
/* Set my value */
source_value = (TYPE_VALUE)(BASE_VALUE + my_proc);
fill_buffer((void *)source_addr, cur_buf_size, (void *)&source_value, sizeof(source_value));
/* Define expected value */
expect_value = ( my_proc % 2 ? DEFAULT_VALUE : BASE_VALUE );
/* This guarantees that PE set initial value before peer change one */
for ( j = 0; j < _SHMEM_REDUCE_SYNC_SIZE; j++ )
{
pSync[j] = _SHMEM_SYNC_VALUE;
}
shmem_barrier_all();
/* Put value to peer */
FUNC_VALUE(target_addr, source_addr, cur_buf_size, 0, 1, ((num_proc / 2) + (num_proc % 2)), pWrk, pSync);
/* Get value put by peer:
* These routines start the remote transfer and may return before the data
* is delivered to the remote PE
*/
shmem_barrier_all();
{
int wait = WAIT_COUNT;
while (wait--)
{
value = *target_addr;
if (expect_value == value) break;
sleep(1);
}
}
rc = (!compare_buffer_with_const(target_addr, cur_buf_size, &expect_value, sizeof(expect_value)) ? TC_PASS : TC_FAIL);
log_debug(OSH_TC, "my#%d source = %lld expected = %lld actual = %lld buffer size = %lld\n",
my_proc, (INT64_TYPE)source_value, (INT64_TYPE)expect_value, (INT64_TYPE)value, (INT64_TYPE)cur_buf_size);
if (rc)
{
TYPE_VALUE* check_addr = target_addr;
int odd_index = compare_buffer_with_const(check_addr, cur_buf_size, &expect_value, sizeof(expect_value));
int show_index = (odd_index > 1 ? odd_index - 2 : 0);
int show_size = sizeof(*check_addr) * sys_min(3, cur_buf_size - odd_index - 1);
log_debug(OSH_TC, "index of incorrect value: 0x%08X (%d)\n", odd_index - 1, odd_index - 1);
log_debug(OSH_TC, "buffer interval: 0x%08X - 0x%08X\n", show_index, show_index + show_size);
show_buffer(check_addr + show_index, show_size);
}
shfree(pWrk);
} else {
rc = TC_SETUP_FAIL;
}
}
}
else
{
rc = TC_SETUP_FAIL;
}
if (source_addr)
{
shfree(source_addr);
}
if (target_addr)
{
shfree(target_addr);
}
return rc;
}
/* ***************************************************************************************************************** */
int rtsp_parse_cmd_options(char *local_url, char *url, char *buffer, int &deviceid)
{
int ret = 0;
string message = buffer;
int nLineCount = 0;
string *strLines = get_part_string(message, "\r\n", nLineCount);
do{
if(strLines == NULL || nLineCount <= 0)
{
ret = -1;
break;
}
int nNodeCount = 0;
string *strNodes = get_part_string(strLines[0], " ", nNodeCount);
if(strcmp(strNodes[0].c_str(), "OPTIONS") == 0)
{
if(strncmp(strNodes[1].c_str(), url, strlen(url)) == 0)
{
string strId = strNodes[1].substr(strlen(url), strNodes[1].length() - strlen(url));
deviceid = atoi(strId.c_str());
}
else if(strncmp(strNodes[1].c_str(), local_url, strlen(local_url)) == 0)
{
string strId = strNodes[1].substr(strlen(local_url), strNodes[1].length() - strlen(local_url));
deviceid = atoi(strId.c_str());
}
else
{
log_debug("错误的rtsp地址 %s", url);
free_part_string(strNodes);
break;
}
free_part_string(strNodes);
}
else
{
ret = -1;
free_part_string(strNodes);
break;
}
for(int i = 1; i < nLineCount; i++)
{
int nNodeCount = 0;
string *strNodes = get_part_string(strLines[i], " ", nNodeCount);
if(strcmp(strNodes[0].c_str(), "CSeq:") == 0)
{
ret = atoi(strNodes[1].c_str());
}
free_part_string(strNodes);
}
}while(0);
if(strLines != NULL)
{
delete [] strLines;
strLines = NULL;
}
return ret;
}
void dump_docker_info(struct dump_dir *dd, const char *root_dir)
{
if (!dd_exist(dd, FILENAME_CONTAINER))
dd_save_text(dd, FILENAME_CONTAINER, "docker");
json_object *json = NULL;
char *mntnf_path = concat_path_file(dd->dd_dirname, FILENAME_MOUNTINFO);
FILE *mntnf_file = fopen(mntnf_path, "r");
free(mntnf_path);
struct mount_point {
const char *name;
enum mountinfo_fields {
MOUNTINFO_ROOT,
MOUNTINFO_SOURCE,
} field;
} mount_points[] = {
{ "/sys/fs/cgroup/memory", MOUNTINFO_ROOT },
{ "/", MOUNTINFO_SOURCE },
};
char *container_id = NULL;
char *output = NULL;
/* initialized to 0 because we call mountinfo_destroy below */
struct mountinfo mntnf = {0};
for (size_t i = 0; i < ARRAY_SIZE(mount_points); ++i)
{
log_debug("Parsing container ID from mount point '%s'", mount_points[i].name);
rewind(mntnf_file);
/* get_mountinfo_for_mount_point() re-initializes &mntnf */
mountinfo_destroy(&mntnf);
int r = get_mountinfo_for_mount_point(mntnf_file, &mntnf, mount_points[i].name);
if (r != 0)
{
log_debug("Mount poin not found");
continue;
}
const char *mnt_info = NULL;
switch(mount_points[i].field)
{
case MOUNTINFO_ROOT:
mnt_info = MOUNTINFO_ROOT(mntnf);
break;
case MOUNTINFO_SOURCE:
mnt_info = MOUNTINFO_MOUNT_SOURCE(mntnf);
break;
default:
error_msg("BUG: forgotten MOUNTINFO field type");
abort();
}
const char *last = strrchr(mnt_info, '/');
if (last == NULL || strncmp("/docker-", last, strlen("/docker-")) != 0)
{
log_debug("Mounted source is not a docker mount source: '%s'", mnt_info);
continue;
}
last = strrchr(last, '-');
if (last == NULL)
{
log_debug("The docker mount point has unknown format");
continue;
}
++last;
/* Why we copy only 12 bytes here?
* Because only the first 12 characters are used by docker as ID of the
* container. */
container_id = xstrndup(last, 12);
if (strlen(container_id) != 12)
{
log_debug("Failed to get container ID");
continue;
}
char *docker_inspect_cmdline = NULL;
if (root_dir != NULL)
docker_inspect_cmdline = xasprintf("chroot %s /bin/sh -c \"docker inspect %s\"", root_dir, container_id);
else
docker_inspect_cmdline = xasprintf("docker inspect %s", container_id);
log_debug("Executing: '%s'", docker_inspect_cmdline);
output = run_in_shell_and_save_output(0, docker_inspect_cmdline, "/", NULL);
free(docker_inspect_cmdline);
if (output == NULL || strcmp(output, "[]\n") == 0)
{
log_debug("Unsupported container ID: '%s'", container_id);
free(container_id);
container_id = NULL;
free(output);
output = NULL;
continue;
}
break;
}
fclose(mntnf_file);
if (container_id == NULL)
{
error_msg("Could not inspect the container");
goto dump_docker_info_cleanup;
}
dd_save_text(dd, FILENAME_CONTAINER_ID, container_id);
dd_save_text(dd, FILENAME_DOCKER_INSPECT, output);
json = json_tokener_parse(output);
free(output);
if (is_error(json))
{
error_msg("Unable parse response from docker");
goto dump_docker_info_cleanup;
}
json_object *container = json_object_array_get_idx(json, 0);
if (container == NULL)
{
error_msg("docker does not contain array of containers");
goto dump_docker_info_cleanup;
}
json_object *config = NULL;
if (!json_object_object_get_ex(container, "Config", &config))
{
error_msg("container does not have 'Config' member");
goto dump_docker_info_cleanup;
}
json_object *image = NULL;
if (!json_object_object_get_ex(config, "Image", &image))
{
error_msg("Config does not have 'Image' member");
goto dump_docker_info_cleanup;
}
char *name = strtrimch(xstrdup(json_object_to_json_string(image)), '"');
dd_save_text(dd, FILENAME_CONTAINER_IMAGE, name);
free(name);
dump_docker_info_cleanup:
if (json != NULL)
json_object_put(json);
mountinfo_destroy(&mntnf);
return;
}
int
main(int argc, char *argv[])
{
struct ntpd_conf lconf;
struct pollfd pfd[POLL_MAX];
pid_t chld_pid = 0, pid;
const char *conffile;
int fd_ctl, ch, nfds;
int pipe_chld[2];
struct passwd *pw;
extern char *__progname;
__progname = _compat_get_progname(argv[0]);
if (strcmp(__progname, "ntpctl") == 0) {
ctl_main (argc, argv);
/* NOTREACHED */
}
conffile = CONFFILE;
bzero(&lconf, sizeof(lconf));
log_init(1); /* log to stderr until daemonized */
while ((ch = getopt(argc, argv, "df:nsSv")) != -1) {
switch (ch) {
case 'd':
lconf.debug = 1;
break;
case 'f':
conffile = optarg;
break;
case 'n':
lconf.noaction = 1;
break;
case 's':
lconf.settime = 1;
break;
case 'S':
lconf.settime = 0;
break;
case 'v':
debugsyslog = 1;
break;
default:
usage();
/* NOTREACHED */
}
}
argc -= optind;
argv += optind;
if (argc > 0)
usage();
if (parse_config(conffile, &lconf))
exit(1);
if (lconf.noaction) {
fprintf(stderr, "configuration OK\n");
exit(0);
}
if (geteuid())
errx(1, "need root privileges");
if ((pw = getpwnam(NTPD_USER)) == NULL)
errx(1, "unknown user %s", NTPD_USER);
#ifndef HAVE_ARC4RANDOM
seed_rng();
#endif
if (setpriority(PRIO_PROCESS, 0, -20) == -1)
warn("can't set priority");
reset_adjtime();
if (!lconf.settime) {
log_init(lconf.debug);
if (!lconf.debug)
if (daemon(1, 0))
fatal("daemon");
} else
timeout = SETTIME_TIMEOUT * 1000;
if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pipe_chld) == -1)
fatal("socketpair");
if ((fd_ctl = control_init(CTLSOCKET)) == -1)
fatalx("control socket init failed");
if (control_listen(fd_ctl) == -1)
fatalx("control socket listen failed");
signal(SIGCHLD, sighdlr);
/* fork child process */
chld_pid = ntp_main(pipe_chld, fd_ctl, &lconf, pw);
setproctitle("[priv]");
readfreq();
signal(SIGTERM, sighdlr);
signal(SIGINT, sighdlr);
signal(SIGHUP, sighdlr);
close(pipe_chld[1]);
if ((ibuf = malloc(sizeof(struct imsgbuf))) == NULL)
fatal(NULL);
imsg_init(ibuf, pipe_chld[0]);
while (quit == 0) {
pfd[PFD_PIPE].fd = ibuf->fd;
pfd[PFD_PIPE].events = POLLIN;
if (ibuf->w.queued)
pfd[PFD_PIPE].events |= POLLOUT;
if ((nfds = poll(pfd, 1, timeout)) == -1)
if (errno != EINTR) {
log_warn("poll error");
quit = 1;
}
if (nfds == 0 && lconf.settime) {
lconf.settime = 0;
timeout = INFTIM;
log_init(lconf.debug);
log_debug("no reply received in time, skipping initial "
"time setting");
if (!lconf.debug)
if (daemon(1, 0))
fatal("daemon");
}
if (nfds > 0 && (pfd[PFD_PIPE].revents & POLLOUT))
if (msgbuf_write(&ibuf->w) <= 0 && errno != EAGAIN) {
log_warn("pipe write error (to child)");
quit = 1;
}
if (nfds > 0 && pfd[PFD_PIPE].revents & POLLIN) {
nfds--;
if (dispatch_imsg(&lconf) == -1)
quit = 1;
}
if (sigchld) {
if (check_child(chld_pid, "child")) {
quit = 1;
chld_pid = 0;
}
sigchld = 0;
}
}
signal(SIGCHLD, SIG_DFL);
if (chld_pid)
kill(chld_pid, SIGTERM);
do {
if ((pid = wait(NULL)) == -1 &&
errno != EINTR && errno != ECHILD)
fatal("wait");
} while (pid != -1 || (pid == -1 && errno == EINTR));
msgbuf_clear(&ibuf->w);
free(ibuf);
log_info("Terminating");
return (0);
}
/* Fork and exec the PGMNAME, see exechelp.h for details. */
gpg_error_t
gnupg_spawn_process (const char *pgmname, const char *argv[],
int *except, void (*preexec)(void), unsigned int flags,
estream_t *r_infp,
estream_t *r_outfp,
estream_t *r_errfp,
pid_t *pid)
{
gpg_error_t err;
PROCESS_INFORMATION pi = {NULL };
char *cmdline;
es_syshd_t syshd;
struct {
HANDLE hd;
int rvid;
} inpipe = {INVALID_HANDLE_VALUE, 0};
struct {
HANDLE hd;
int rvid;
} outpipe = {INVALID_HANDLE_VALUE, 0};
struct {
HANDLE hd;
int rvid;
} errpipe = {INVALID_HANDLE_VALUE, 0};
estream_t outfp = NULL;
estream_t errfp = NULL;
gpg_err_source_t errsource = default_errsource;
(void)except; /* Not yet used. */
(void)preexec;
(void)flags;
/* Setup return values. */
if (r_outfp)
*r_outfp = NULL;
if (r_errfp)
*r_errfp = NULL;
*pid = (pid_t)(-1); /* Always required. */
log_debug ("%s: enter\n", __func__);
if (infp)
{
es_fflush (infp);
es_rewind (infp);
/* Create a pipe to copy our infile to the stdin of the child
process. On success inpipe.hd is owned by the feeder. */
inpipe.hd = _assuan_w32ce_prepare_pipe (&inpipe.rvid, 1);
if (inpipe.hd == INVALID_HANDLE_VALUE)
{
log_error ("_assuan_w32ce_prepare_pipe failed: %s\n",
w32_strerror (-1));
gpg_err_set_errno (EIO);
return gpg_error_from_syserror ();
}
log_debug ("%s: inpipe %p created; hd=%p rvid=%d\n", __func__,
infp, inpipe.hd, inpipe.rvid);
err = start_feeder (infp, inpipe.hd, 1);
if (err)
{
log_error ("error spawning feeder: %s\n", gpg_strerror (err));
CloseHandle (inpipe.hd);
return err;
}
inpipe.hd = INVALID_HANDLE_VALUE; /* Now owned by the feeder. */
log_debug ("%s: inpipe %p created; feeder started\n", __func__,
infp);
}
if (r_outfp)
{
/* Create a pipe to make the stdout of the child process
available as a stream. */
outpipe.hd = _assuan_w32ce_prepare_pipe (&outpipe.rvid, 0);
if (outpipe.hd == INVALID_HANDLE_VALUE)
{
log_error ("_assuan_w32ce_prepare_pipe failed: %s\n",
w32_strerror (-1));
gpg_err_set_errno (EIO);
/* Fixme release other stuff/kill feeder. */
return gpg_error_from_syserror ();
}
syshd.type = ES_SYSHD_HANDLE;
syshd.u.handle = outpipe.hd;
err = 0;
outfp = es_sysopen (&syshd, "r");
if (!outfp)
{
err = gpg_err_make (errsource, gpg_err_code_from_syserror ());
log_error ("error opening pipe stream: %s\n", gpg_strerror (err));
CloseHandle (outpipe.hd);
return err;
}
log_debug ("%s: outpipe %p created; hd=%p rvid=%d\n", __func__,
outfp, outpipe.hd, outpipe.rvid);
outpipe.hd = INVALID_HANDLE_VALUE; /* Now owned by the OUTFP. */
}
if (r_errfp)
{
/* Create a pipe to make the stderr of the child process
available as a stream. */
errpipe.hd = _assuan_w32ce_prepare_pipe (&errpipe.rvid, 0);
if (errpipe.hd == INVALID_HANDLE_VALUE)
{
log_error ("_assuan_w32ce_prepare_pipe failed: %s\n",
w32_strerror (-1));
gpg_err_set_errno (EIO);
/* Fixme release other stuff/kill feeder. */
return gpg_error_from_syserror ();
}
syshd.type = ES_SYSHD_HANDLE;
syshd.u.handle = errpipe.hd;
err = 0;
errfp = es_sysopen (&syshd, "r");
if (!errfp)
{
err = gpg_err_make (errsource, gpg_err_code_from_syserror ());
log_error ("error opening pipe stream: %s\n", gpg_strerror (err));
CloseHandle (errpipe.hd);
return err;
}
log_debug ("%s: errpipe %p created; hd=%p rvid=%d\n", __func__,
errfp, errpipe.hd, errpipe.rvid);
errpipe.hd = INVALID_HANDLE_VALUE; /* Now owned by the ERRFP. */
}
/* Build the command line. */
err = build_w32_commandline (argv, inpipe.rvid, outpipe.rvid, errpipe.rvid,
&cmdline);
if (err)
{
/* Fixme release other stuff/kill feeder. */
CloseHandle (errpipe.hd);
return err;
}
log_debug ("CreateProcess, path='%s' cmdline='%s'\n", pgmname, cmdline);
if (!create_process (pgmname, cmdline, &pi))
{
log_error ("CreateProcess failed: %s\n", w32_strerror (-1));
xfree (cmdline);
/* Fixme release other stuff/kill feeder. */
CloseHandle (errpipe.hd);
return gpg_error (GPG_ERR_GENERAL);
}
xfree (cmdline);
cmdline = NULL;
/* Note: The other end of the pipe is a rendezvous id and thus there
is no need for a close. */
log_debug ("CreateProcess ready: hProcess=%p hThread=%p"
" dwProcessID=%d dwThreadId=%d\n",
pi.hProcess, pi.hThread,
(int) pi.dwProcessId, (int) pi.dwThreadId);
/* Process has been created suspended; resume it now. */
ResumeThread (pi.hThread);
CloseHandle (pi.hThread);
if (r_outfp)
*r_outfp = outfp;
if (r_errfp)
*r_errfp = errfp;
*pid = handle_to_pid (pi.hProcess);
return 0;
}
/* Perform a verify operation. To verify detached signatures, data_fd
must be different than -1. With OUT_FP given and a non-detached
signature, the signed material is written to that stream. */
int
gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
{
int i, rc;
Base64Context b64reader = NULL;
Base64Context b64writer = NULL;
ksba_reader_t reader;
ksba_writer_t writer = NULL;
ksba_cms_t cms = NULL;
ksba_stop_reason_t stopreason;
ksba_cert_t cert;
KEYDB_HANDLE kh;
gcry_md_hd_t data_md = NULL;
int signer;
const char *algoid;
int algo;
int is_detached;
FILE *fp = NULL;
char *p;
audit_set_type (ctrl->audit, AUDIT_TYPE_VERIFY);
kh = keydb_new (0);
if (!kh)
{
log_error (_("failed to allocated keyDB handle\n"));
rc = gpg_error (GPG_ERR_GENERAL);
goto leave;
}
fp = fdopen ( dup (in_fd), "rb");
if (!fp)
{
rc = gpg_error (gpg_err_code_from_errno (errno));
log_error ("fdopen() failed: %s\n", strerror (errno));
goto leave;
}
rc = gpgsm_create_reader (&b64reader, ctrl, fp, 0, &reader);
if (rc)
{
log_error ("can't create reader: %s\n", gpg_strerror (rc));
goto leave;
}
if (out_fp)
{
rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, NULL, &writer);
if (rc)
{
log_error ("can't create writer: %s\n", gpg_strerror (rc));
goto leave;
}
}
rc = ksba_cms_new (&cms);
if (rc)
goto leave;
rc = ksba_cms_set_reader_writer (cms, reader, writer);
if (rc)
{
log_error ("ksba_cms_set_reader_writer failed: %s\n",
gpg_strerror (rc));
goto leave;
}
rc = gcry_md_open (&data_md, 0, 0);
if (rc)
{
log_error ("md_open failed: %s\n", gpg_strerror (rc));
goto leave;
}
if (DBG_HASHING)
gcry_md_start_debug (data_md, "vrfy.data");
audit_log (ctrl->audit, AUDIT_SETUP_READY);
is_detached = 0;
do
{
rc = ksba_cms_parse (cms, &stopreason);
if (rc)
{
log_error ("ksba_cms_parse failed: %s\n", gpg_strerror (rc));
goto leave;
}
if (stopreason == KSBA_SR_NEED_HASH)
{
is_detached = 1;
audit_log (ctrl->audit, AUDIT_DETACHED_SIGNATURE);
if (opt.verbose)
log_info ("detached signature\n");
}
if (stopreason == KSBA_SR_NEED_HASH
|| stopreason == KSBA_SR_BEGIN_DATA)
{
audit_log (ctrl->audit, AUDIT_GOT_DATA);
/* We are now able to enable the hash algorithms */
for (i=0; (algoid=ksba_cms_get_digest_algo_list (cms, i)); i++)
{
algo = gcry_md_map_name (algoid);
if (!algo)
{
log_error ("unknown hash algorithm `%s'\n",
algoid? algoid:"?");
if (algoid
&& ( !strcmp (algoid, "1.2.840.113549.1.1.2")
||!strcmp (algoid, "1.2.840.113549.2.2")))
log_info (_("(this is the MD2 algorithm)\n"));
audit_log_s (ctrl->audit, AUDIT_BAD_DATA_HASH_ALGO, algoid);
}
else
{
if (DBG_X509)
log_debug ("enabling hash algorithm %d (%s)\n",
algo, algoid? algoid:"");
gcry_md_enable (data_md, algo);
audit_log_i (ctrl->audit, AUDIT_DATA_HASH_ALGO, algo);
}
}
if (opt.extra_digest_algo)
{
if (DBG_X509)
log_debug ("enabling extra hash algorithm %d\n",
opt.extra_digest_algo);
gcry_md_enable (data_md, opt.extra_digest_algo);
audit_log_i (ctrl->audit, AUDIT_DATA_HASH_ALGO,
opt.extra_digest_algo);
}
if (is_detached)
{
if (data_fd == -1)
{
log_info ("detached signature w/o data "
"- assuming certs-only\n");
audit_log (ctrl->audit, AUDIT_CERT_ONLY_SIG);
}
else
audit_log_ok (ctrl->audit, AUDIT_DATA_HASHING,
hash_data (data_fd, data_md));
}
else
{
ksba_cms_set_hash_function (cms, HASH_FNC, data_md);
}
}
else if (stopreason == KSBA_SR_END_DATA)
{ /* The data bas been hashed */
audit_log_ok (ctrl->audit, AUDIT_DATA_HASHING, 0);
}
}
while (stopreason != KSBA_SR_READY);
if (b64writer)
{
rc = gpgsm_finish_writer (b64writer);
if (rc)
{
log_error ("write failed: %s\n", gpg_strerror (rc));
audit_log_ok (ctrl->audit, AUDIT_WRITE_ERROR, rc);
goto leave;
}
}
if (data_fd != -1 && !is_detached)
{
log_error ("data given for a non-detached signature\n");
rc = gpg_error (GPG_ERR_CONFLICT);
audit_log (ctrl->audit, AUDIT_USAGE_ERROR);
goto leave;
}
for (i=0; (cert=ksba_cms_get_cert (cms, i)); i++)
{
/* Fixme: it might be better to check the validity of the
certificate first before entering it into the DB. This way
we would avoid cluttering the DB with invalid
certificates. */
audit_log_cert (ctrl->audit, AUDIT_SAVE_CERT, cert,
keydb_store_cert (cert, 0, NULL));
ksba_cert_release (cert);
}
cert = NULL;
for (signer=0; ; signer++)
{
char *issuer = NULL;
ksba_sexp_t sigval = NULL;
ksba_isotime_t sigtime, keyexptime;
ksba_sexp_t serial;
char *msgdigest = NULL;
size_t msgdigestlen;
char *ctattr;
int sigval_hash_algo;
int info_pkalgo;
unsigned int verifyflags;
rc = ksba_cms_get_issuer_serial (cms, signer, &issuer, &serial);
if (!signer && gpg_err_code (rc) == GPG_ERR_NO_DATA
&& data_fd == -1 && is_detached)
{
log_info ("certs-only message accepted\n");
rc = 0;
break;
}
if (rc)
{
if (signer && rc == -1)
rc = 0;
break;
}
gpgsm_status (ctrl, STATUS_NEWSIG, NULL);
audit_log_i (ctrl->audit, AUDIT_NEW_SIG, signer);
if (DBG_X509)
{
log_debug ("signer %d - issuer: `%s'\n",
signer, issuer? issuer:"[NONE]");
log_debug ("signer %d - serial: ", signer);
gpgsm_dump_serial (serial);
log_printf ("\n");
}
if (ctrl->audit)
{
char *tmpstr = gpgsm_format_sn_issuer (serial, issuer);
audit_log_s (ctrl->audit, AUDIT_SIG_NAME, tmpstr);
xfree (tmpstr);
}
rc = ksba_cms_get_signing_time (cms, signer, sigtime);
if (gpg_err_code (rc) == GPG_ERR_NO_DATA)
*sigtime = 0;
else if (rc)
{
log_error ("error getting signing time: %s\n", gpg_strerror (rc));
*sigtime = 0; /* (we can't encode an error in the time string.) */
}
rc = ksba_cms_get_message_digest (cms, signer,
&msgdigest, &msgdigestlen);
if (!rc)
{
size_t is_enabled;
algoid = ksba_cms_get_digest_algo (cms, signer);
algo = gcry_md_map_name (algoid);
if (DBG_X509)
log_debug ("signer %d - digest algo: %d\n", signer, algo);
is_enabled = sizeof algo;
if ( gcry_md_info (data_md, GCRYCTL_IS_ALGO_ENABLED,
&algo, &is_enabled)
|| !is_enabled)
{
log_error ("digest algo %d (%s) has not been enabled\n",
algo, algoid?algoid:"");
audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "unsupported");
goto next_signer;
}
}
else if (gpg_err_code (rc) == GPG_ERR_NO_DATA)
{
assert (!msgdigest);
rc = 0;
algoid = NULL;
algo = 0;
}
else /* real error */
{
audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "error");
break;
}
rc = ksba_cms_get_sigattr_oids (cms, signer,
"1.2.840.113549.1.9.3", &ctattr);
if (!rc)
{
const char *s;
if (DBG_X509)
log_debug ("signer %d - content-type attribute: %s",
signer, ctattr);
s = ksba_cms_get_content_oid (cms, 1);
if (!s || strcmp (ctattr, s))
{
log_error ("content-type attribute does not match "
"actual content-type\n");
ksba_free (ctattr);
ctattr = NULL;
audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "bad");
goto next_signer;
}
ksba_free (ctattr);
ctattr = NULL;
}
else if (rc != -1)
{
log_error ("error getting content-type attribute: %s\n",
gpg_strerror (rc));
audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "bad");
goto next_signer;
}
rc = 0;
sigval = ksba_cms_get_sig_val (cms, signer);
if (!sigval)
{
log_error ("no signature value available\n");
audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "bad");
goto next_signer;
}
sigval_hash_algo = hash_algo_from_sigval (sigval);
if (DBG_X509)
{
log_debug ("signer %d - signature available (sigval hash=%d)",
signer, sigval_hash_algo);
/* log_printhex ("sigval ", sigval, */
/* gcry_sexp_canon_len (sigval, 0, NULL, NULL)); */
}
if (!sigval_hash_algo)
sigval_hash_algo = algo; /* Fallback used e.g. with old libksba. */
/* Find the certificate of the signer */
keydb_search_reset (kh);
rc = keydb_search_issuer_sn (kh, issuer, serial);
if (rc)
{
if (rc == -1)
{
log_error ("certificate not found\n");
rc = gpg_error (GPG_ERR_NO_PUBKEY);
}
else
log_error ("failed to find the certificate: %s\n",
gpg_strerror(rc));
{
char numbuf[50];
sprintf (numbuf, "%d", rc);
gpgsm_status2 (ctrl, STATUS_ERROR, "verify.findkey",
numbuf, NULL);
}
audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "no-cert");
goto next_signer;
}
rc = keydb_get_cert (kh, &cert);
if (rc)
{
log_error ("failed to get cert: %s\n", gpg_strerror (rc));
audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "error");
goto next_signer;
}
log_info (_("Signature made "));
if (*sigtime)
dump_isotime (sigtime);
else
log_printf (_("[date not given]"));
log_printf (_(" using certificate ID 0x%08lX\n"),
gpgsm_get_short_fingerprint (cert, NULL));
audit_log_i (ctrl->audit, AUDIT_DATA_HASH_ALGO, algo);
if (msgdigest)
{ /* Signed attributes are available. */
gcry_md_hd_t md;
unsigned char *s;
/* Check that the message digest in the signed attributes
matches the one we calculated on the data. */
s = gcry_md_read (data_md, algo);
if ( !s || !msgdigestlen
|| gcry_md_get_algo_dlen (algo) != msgdigestlen
|| !s || memcmp (s, msgdigest, msgdigestlen) )
{
char *fpr;
log_error (_("invalid signature: message digest attribute "
"does not match computed one\n"));
if (DBG_X509)
{
if (msgdigest)
log_printhex ("message: ", msgdigest, msgdigestlen);
if (s)
log_printhex ("computed: ",
s, gcry_md_get_algo_dlen (algo));
}
fpr = gpgsm_fpr_and_name_for_status (cert);
gpgsm_status (ctrl, STATUS_BADSIG, fpr);
xfree (fpr);
audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "bad");
goto next_signer;
}
audit_log_i (ctrl->audit, AUDIT_ATTR_HASH_ALGO, sigval_hash_algo);
rc = gcry_md_open (&md, sigval_hash_algo, 0);
if (rc)
{
log_error ("md_open failed: %s\n", gpg_strerror (rc));
audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "error");
goto next_signer;
}
if (DBG_HASHING)
gcry_md_start_debug (md, "vrfy.attr");
ksba_cms_set_hash_function (cms, HASH_FNC, md);
rc = ksba_cms_hash_signed_attrs (cms, signer);
if (rc)
{
log_error ("hashing signed attrs failed: %s\n",
gpg_strerror (rc));
gcry_md_close (md);
audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "error");
goto next_signer;
}
rc = gpgsm_check_cms_signature (cert, sigval, md,
sigval_hash_algo, &info_pkalgo);
gcry_md_close (md);
}
else
{
rc = gpgsm_check_cms_signature (cert, sigval, data_md,
algo, &info_pkalgo);
}
if (rc)
{
char *fpr;
log_error ("invalid signature: %s\n", gpg_strerror (rc));
fpr = gpgsm_fpr_and_name_for_status (cert);
gpgsm_status (ctrl, STATUS_BADSIG, fpr);
xfree (fpr);
audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "bad");
goto next_signer;
}
rc = gpgsm_cert_use_verify_p (cert); /*(this displays an info message)*/
if (rc)
{
gpgsm_status_with_err_code (ctrl, STATUS_ERROR, "verify.keyusage",
gpg_err_code (rc));
rc = 0;
}
if (DBG_X509)
log_debug ("signature okay - checking certs\n");
audit_log (ctrl->audit, AUDIT_VALIDATE_CHAIN);
rc = gpgsm_validate_chain (ctrl, cert,
*sigtime? sigtime : "19700101T000000",
keyexptime, 0,
NULL, 0, &verifyflags);
{
char *fpr, *buf, *tstr;
fpr = gpgsm_fpr_and_name_for_status (cert);
if (gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED)
{
gpgsm_status (ctrl, STATUS_EXPKEYSIG, fpr);
rc = 0;
}
else
gpgsm_status (ctrl, STATUS_GOODSIG, fpr);
xfree (fpr);
fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
tstr = strtimestamp_r (sigtime);
buf = xasprintf ("%s %s %s %s 0 0 %d %d 00", fpr, tstr,
*sigtime? sigtime : "0",
*keyexptime? keyexptime : "0",
info_pkalgo, algo);
xfree (tstr);
xfree (fpr);
gpgsm_status (ctrl, STATUS_VALIDSIG, buf);
xfree (buf);
}
audit_log_ok (ctrl->audit, AUDIT_CHAIN_STATUS, rc);
if (rc) /* of validate_chain */
{
log_error ("invalid certification chain: %s\n", gpg_strerror (rc));
if (gpg_err_code (rc) == GPG_ERR_BAD_CERT_CHAIN
|| gpg_err_code (rc) == GPG_ERR_BAD_CERT
|| gpg_err_code (rc) == GPG_ERR_BAD_CA_CERT
|| gpg_err_code (rc) == GPG_ERR_CERT_REVOKED)
gpgsm_status_with_err_code (ctrl, STATUS_TRUST_NEVER, NULL,
gpg_err_code (rc));
else
gpgsm_status_with_err_code (ctrl, STATUS_TRUST_UNDEFINED, NULL,
gpg_err_code (rc));
audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "bad");
goto next_signer;
}
audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "good");
for (i=0; (p = ksba_cert_get_subject (cert, i)); i++)
{
log_info (!i? _("Good signature from")
: _(" aka"));
log_printf (" \"");
gpgsm_print_name (log_get_stream (), p);
log_printf ("\"\n");
ksba_free (p);
}
/* Print a note if this is a qualified signature. */
{
size_t qualbuflen;
char qualbuffer[1];
rc = ksba_cert_get_user_data (cert, "is_qualified", &qualbuffer,
sizeof (qualbuffer), &qualbuflen);
if (!rc && qualbuflen)
{
if (*qualbuffer)
{
log_info (_("This is a qualified signature\n"));
if (!opt.qualsig_approval)
log_info
(_("Note, that this software is not officially approved "
"to create or verify such signatures.\n"));
}
}
else if (gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
log_error ("get_user_data(is_qualified) failed: %s\n",
gpg_strerror (rc));
}
gpgsm_status (ctrl, STATUS_TRUST_FULLY,
(verifyflags & VALIDATE_FLAG_CHAIN_MODEL)?
"0 chain": "0 shell");
next_signer:
rc = 0;
xfree (issuer);
xfree (serial);
xfree (sigval);
xfree (msgdigest);
ksba_cert_release (cert);
cert = NULL;
}
rc = 0;
leave:
ksba_cms_release (cms);
gpgsm_destroy_reader (b64reader);
gpgsm_destroy_writer (b64writer);
keydb_release (kh);
gcry_md_close (data_md);
if (fp)
fclose (fp);
if (rc)
{
char numbuf[50];
sprintf (numbuf, "%d", rc );
gpgsm_status2 (ctrl, STATUS_ERROR, "verify.leave",
numbuf, NULL);
}
return rc;
}
void Socket::onIODeviceInput(IODevice& iodevice)
{
log_debug("onIODeviceInput");
inputReady(*this);
}
static int files_add(
Hashmap *h,
Set *masked,
const char *suffix,
const char *root,
unsigned flags,
const char *path) {
_cleanup_closedir_ DIR *dir = NULL;
const char *dirpath;
struct dirent *de;
int r;
assert(h);
assert((flags & CONF_FILES_FILTER_MASKED) == 0 || masked);
assert(path);
dirpath = prefix_roota(root, path);
dir = opendir(dirpath);
if (!dir) {
if (errno == ENOENT)
return 0;
return log_debug_errno(errno, "Failed to open directory '%s': %m", dirpath);
}
FOREACH_DIRENT(de, dir, return -errno) {
struct stat st;
char *p, *key;
/* Does this match the suffix? */
if (suffix && !endswith(de->d_name, suffix))
continue;
/* Has this file already been found in an earlier directory? */
if (hashmap_contains(h, de->d_name)) {
log_debug("Skipping overridden file '%s/%s'.", dirpath, de->d_name);
continue;
}
/* Has this been masked in an earlier directory? */
if ((flags & CONF_FILES_FILTER_MASKED) && set_contains(masked, de->d_name)) {
log_debug("File '%s/%s' is masked by previous entry.", dirpath, de->d_name);
continue;
}
/* Read file metadata if we shall validate the check for file masks, for node types or whether the node is marked executable. */
if (flags & (CONF_FILES_FILTER_MASKED|CONF_FILES_REGULAR|CONF_FILES_DIRECTORY|CONF_FILES_EXECUTABLE))
if (fstatat(dirfd(dir), de->d_name, &st, 0) < 0) {
log_debug_errno(errno, "Failed to stat '%s/%s', ignoring: %m", dirpath, de->d_name);
continue;
}
/* Is this a masking entry? */
if ((flags & CONF_FILES_FILTER_MASKED))
if (null_or_empty(&st)) {
/* Mark this one as masked */
r = set_put_strdup(masked, de->d_name);
if (r < 0)
return r;
log_debug("File '%s/%s' is a mask.", dirpath, de->d_name);
continue;
}
/* Does this node have the right type? */
if (flags & (CONF_FILES_REGULAR|CONF_FILES_DIRECTORY))
if (!((flags & CONF_FILES_DIRECTORY) && S_ISDIR(st.st_mode)) &&
!((flags & CONF_FILES_REGULAR) && S_ISREG(st.st_mode))) {
log_debug("Ignoring '%s/%s', as it is not a of the right type.", dirpath, de->d_name);
continue;
}
/* Does this node have the executable bit set? */
if (flags & CONF_FILES_EXECUTABLE)
/* As requested: check if the file is marked exectuable. Note that we don't check access(X_OK)
* here, as we care about whether the file is marked executable at all, and not whether it is
* executable for us, because if so, such errors are stuff we should log about. */
if ((st.st_mode & 0111) == 0) { /* not executable */
log_debug("Ignoring '%s/%s', as it is not marked executable.", dirpath, de->d_name);
continue;
}
if (flags & CONF_FILES_BASENAME) {
p = strdup(de->d_name);
if (!p)
return -ENOMEM;
key = p;
} else {
p = strjoin(dirpath, "/", de->d_name);
if (!p)
return -ENOMEM;
key = basename(p);
}
r = hashmap_put(h, key, p);
if (r < 0) {
free(p);
return log_debug_errno(r, "Failed to add item to hashmap: %m");
}
assert(r > 0);
}
return 0;
}
static gpg_error_t
send_cmd (runner_t runner, const char *string)
{
log_debug ("sending command -->%s<--\n", string);
return send_cmd_bin (runner, string, strlen (string));
}
Messageheader::return_type Messageheader::onField(const char* name, const char* value)
{
log_debug(name << ' ' << value);
return OK;
}
int lock_vol(struct cmd_context *cmd, const char *vol, uint32_t flags)
{
char resource[258] __attribute__((aligned(8)));
lv_operation_t lv_op;
int lck_type = flags & LCK_TYPE_MASK;
switch (flags & (LCK_SCOPE_MASK | LCK_TYPE_MASK)) {
case LCK_LV_SUSPEND:
lv_op = LV_SUSPEND;
break;
case LCK_LV_RESUME:
lv_op = LV_RESUME;
break;
default: lv_op = LV_NOOP;
}
if (flags == LCK_NONE) {
log_debug(INTERNAL_ERROR "%s: LCK_NONE lock requested", vol);
return 1;
}
switch (flags & LCK_SCOPE_MASK) {
case LCK_VG:
if (!_blocking_supported)
flags |= LCK_NONBLOCK;
/* Global VG_ORPHANS lock covers all orphan formats. */
if (is_orphan_vg(vol))
vol = VG_ORPHANS;
/* VG locks alphabetical, ORPHAN lock last */
if ((lck_type != LCK_UNLOCK) &&
!(flags & LCK_CACHE) &&
!lvmcache_verify_lock_order(vol))
return_0;
/* Lock VG to change on-disk metadata. */
/* If LVM1 driver knows about the VG, it can't be accessed. */
if (!check_lvm1_vg_inactive(cmd, vol))
return_0;
break;
case LCK_LV:
/* All LV locks are non-blocking. */
flags |= LCK_NONBLOCK;
break;
default:
log_error("Unrecognised lock scope: %d",
flags & LCK_SCOPE_MASK);
return 0;
}
strncpy(resource, vol, sizeof(resource) - 1);
resource[sizeof(resource) - 1] = '\0';
if (!_lock_vol(cmd, resource, flags, lv_op))
return_0;
/*
* If a real lock was acquired (i.e. not LCK_CACHE),
* perform an immediate unlock unless LCK_HOLD was requested.
*/
if ((lck_type == LCK_NULL) || (lck_type == LCK_UNLOCK) ||
(flags & (LCK_CACHE | LCK_HOLD)))
return 1;
if (!_lock_vol(cmd, resource, (flags & ~LCK_TYPE_MASK) | LCK_UNLOCK, lv_op))
return_0;
return 1;
}
tntdb::Statement Connection::prepare(const std::string& query)
{
log_debug("prepare(\"" << query << "\")");
return tntdb::Statement(new Statement(this, query));
}
void *socks_connector_sel(void *p)
{
fd_set rset, wset;
int maxfd = 0, len, so_err;
SocksQueue_t *squeue, sq;
time_t t;
struct timeval tv;
socklen_t err_len;
for (;;)
{
if (term_req())
return NULL;
FD_ZERO(&rset);
FD_ZERO(&wset);
MFD_SET(CNF(socksfd[0]), &rset, maxfd);
t = time(NULL);
for (squeue = socks_queue_; squeue; squeue = squeue->next)
{
switch (squeue->state)
{
case SOCKS_NEW:
/*if (!squeue->fd)
{
log_msg(LOG_CRIT, "SOCKS_NEW and fd = %d, but should be 0", squeue->fd);
squeue->state = SOCKS_DELETE;
continue;
}*/
if (t < squeue->restart_time)
{
log_debug("SOCKS request is scheduled for connection not before %ds", squeue->restart_time - t);
continue;
}
// check and increase retry counter
squeue->retry++;
if (!squeue->perm && (squeue->retry > SOCKS_MAX_RETRY))
{
log_msg(LOG_NOTICE, "temporary request failed %d times and will be removed", squeue->retry - 1);
squeue->state = SOCKS_DELETE;
continue;
}
log_debug("creating socket for unconnected SOCKS request");
if ((squeue->fd = socket(CNF(socks_dst)->sin_family == AF_INET ? PF_INET : PF_INET6, SOCK_STREAM, 0)) == -1)
{
log_msg(LOG_ERR, "cannot create socket for new SOCKS request: \"%s\"", strerror(errno));
continue;
}
set_nonblock(squeue->fd);
log_debug("queueing fd %d for connect", squeue->fd);
squeue->connect_time = t;
if (socks_tcp_connect(squeue->fd, (struct sockaddr*) CNF(socks_dst), SOCKADDR_SIZE(CNF(socks_dst))) == -1)
{
socks_reschedule(squeue);
continue;
}
squeue->state = SOCKS_CONNECTING;
MFD_SET(squeue->fd, &wset, maxfd);
break;
case SOCKS_4AREQ_SENT:
MFD_SET(squeue->fd, &rset, maxfd);
break;
}
}
// select all file descriptors
set_select_timeout(&tv);
log_debug("selecting (maxfd = %d)", maxfd);
if ((maxfd = select(maxfd + 1, &rset, &wset, NULL, &tv)) == -1)
{
log_msg(LOG_EMERG, "select encountered error: \"%s\", restarting", strerror(errno));
continue;
}
log_debug("select returned %d", maxfd);
// check socks request pipe
if (FD_ISSET(CNF(socksfd[0]), &rset))
{
maxfd--;
if ((len = read(CNF(socksfd[0]), &sq, sizeof(sq))) == -1)
log_msg(LOG_ERR, "failed to read from SOCKS request pipe, fd = %d: \"%s\"",
CNF(socksfd[0]), strerror(errno));
if (len < sizeof(sq))
log_msg(LOG_ERR, "read from SOCKS request pipe truncated to %d of %d bytes, ignoring.",
len, sizeof(sq));
else
{
log_debug("received %d bytes on SOCKS request pipe fd %d", len, CNF(socksfd[0]));
if (sq.next)
{
log_debug("output of SOCKS request queue triggered");
socks_output_queue((FILE*) sq.next);
}
else if (IN6_IS_ADDR_UNSPECIFIED(&sq.addr))
{
log_debug("termination request on SOCKS request queue received");
}
else
{
log_debug("SOCKS queuing request received");
socks_enqueue(&sq);
}
}
}
// handle all other file descriptors
t = time(NULL);
for (squeue = socks_queue_; maxfd && squeue; squeue = squeue->next)
{
// check write set, this is valid after connect()
if (FD_ISSET(squeue->fd, &wset))
{
maxfd--;
if (squeue->state == SOCKS_CONNECTING)
{
// test if connect() worked
log_debug("check socket error");
err_len = sizeof(so_err);
if (getsockopt(squeue->fd, SOL_SOCKET, SO_ERROR, &so_err, &err_len) == -1)
{
log_msg(LOG_ERR, "getsockopt failed: \"%s\", rescheduling request", strerror(errno));
socks_reschedule(squeue);
continue;
}
if (so_err)
{
log_msg(LOG_ERR, "getsockopt returned %d (\"%s\")", so_err, strerror(so_err));
socks_reschedule(squeue);
continue;
}
// everything seems to be ok, now check request status
if (socks_send_request(squeue) == -1)
{
log_msg(LOG_ERR, "SOCKS request failed");
socks_reschedule(squeue);
continue;
}
// request successfully sent, advance state machine
squeue->state = SOCKS_4AREQ_SENT;
}
else
log_debug("unknown state %d in write set", squeue->state);
}
// check read set, this is valid after write, i.e. receiving SOCKS response
if (FD_ISSET(squeue->fd, &rset))
{
maxfd--;
if (squeue->state == SOCKS_4AREQ_SENT)
{
if (socks_rec_response(squeue) == -1)
{
socks_reschedule(squeue);
continue;
}
// success
log_debug("activating peer fd %d", squeue->fd);
socks_activate_peer(squeue);
squeue->state = SOCKS_DELETE;
}
else
log_debug("unknown state %d in read set", squeue->state);
}
}
// delete requests from queue which are marked for deletion
for (squeue = socks_queue_; squeue; squeue = squeue->next)
if (squeue->state == SOCKS_DELETE)
{
socks_unqueue(squeue);
// restart loop
squeue = socks_queue_;
if (!squeue)
{
log_debug("last entry deleted, breaking loop");
break;
}
}
}
}
static int test_item8(void)
{
int rc = TC_PASS;
static TYPE_VALUE target_addr[MAX_BUFFER_SIZE * 2];
static TYPE_VALUE source_addr[MAX_BUFFER_SIZE * 2];
TYPE_VALUE source_value = 0;
TYPE_VALUE expect_value = 0;
int num_proc = 0;
int my_proc = 0;
long* pSyncMult = NULL;
TYPE_VALUE* pWrkMult = NULL;
int pSyncNum = 2;
int pWrkNum = 2;
num_proc = _num_pes();
my_proc = _my_pe();
pSyncMult = shmalloc(sizeof(*pSyncMult) * pSyncNum * _SHMEM_REDUCE_SYNC_SIZE);
if (pSyncMult)
{
TYPE_VALUE value = DEFAULT_VALUE;
int i = 0;
int j = 0;
long cur_buf_size = 0;
for ( j = 0; j < pSyncNum * _SHMEM_REDUCE_SYNC_SIZE; j++ )
{
pSyncMult[j] = _SHMEM_SYNC_VALUE;
}
/* Give some time to all PE for setting their values */
shmem_barrier_all();
pWrkMult = shmalloc(sizeof(*pWrkMult) * pWrkNum * sys_max(MAX_BUFFER_SIZE, _SHMEM_REDUCE_MIN_WRKDATA_SIZE));
if (pWrkMult)
{
value = DEFAULT_VALUE;
source_value = (TYPE_VALUE)(BASE_VALUE + my_proc);
fill_buffer((void *)source_addr, MAX_BUFFER_SIZE * 2, (void *)&source_value, sizeof(source_value));
fill_buffer((void *)target_addr, MAX_BUFFER_SIZE * 2, (void *)&value, sizeof(value));
shmem_barrier_all();
for (i = 0; (i < __cycle_count) && (rc == TC_PASS); i++)
{
cur_buf_size = sys_max(1, (i + 1) * MAX_BUFFER_SIZE / __cycle_count);
/* Set initial target value */
value = DEFAULT_VALUE;
/* Set my value */
source_value = (TYPE_VALUE)(BASE_VALUE + my_proc);
/* Define expected value */
expect_value = ( my_proc % 2 ? DEFAULT_VALUE : BASE_VALUE );
/* Put value to peer */
FUNC_VALUE(target_addr + (i % 2) * MAX_BUFFER_SIZE, source_addr + (i % 2) * MAX_BUFFER_SIZE, cur_buf_size, 0, 1, ((num_proc / 2) + (num_proc % 2)), pWrkMult + (i % pWrkNum) * sys_max(MAX_BUFFER_SIZE, _SHMEM_REDUCE_MIN_WRKDATA_SIZE), pSyncMult + (i % pSyncNum) * _SHMEM_REDUCE_SYNC_SIZE);
rc = (!compare_buffer_with_const(target_addr + (i % 2) * MAX_BUFFER_SIZE, cur_buf_size, &expect_value, sizeof(expect_value)) ? TC_PASS : TC_FAIL);
log_debug(OSH_TC, "my#%d source = %lld expected = %lld actual = %lld buffer size = %lld\n",
my_proc, (INT64_TYPE)source_value, (INT64_TYPE)expect_value, (INT64_TYPE)value, (INT64_TYPE)cur_buf_size);
if (rc)
{
TYPE_VALUE* check_addr = target_addr + (i % 2) * MAX_BUFFER_SIZE;
int odd_index = compare_buffer_with_const(check_addr, cur_buf_size, &expect_value, sizeof(expect_value));
int show_index = (odd_index > 1 ? odd_index - 2 : 0);
int show_size = sizeof(*check_addr) * sys_min(3, cur_buf_size - odd_index - 1);
log_debug(OSH_TC, "index of incorrect value: 0x%08X (%d)\n", odd_index - 1, odd_index - 1);
log_debug(OSH_TC, "buffer interval: 0x%08X - 0x%08X\n", show_index, show_index + show_size);
show_buffer(check_addr + show_index, show_size);
}
fill_buffer((void *)(source_addr + (i % 2) * MAX_BUFFER_SIZE), cur_buf_size, (void *)&source_value, sizeof(source_value));
fill_buffer((void *)(target_addr + (i % 2) * MAX_BUFFER_SIZE ), cur_buf_size, (void *)&value, sizeof(value));
}
shfree(pWrkMult);
} else {
rc = TC_SETUP_FAIL;
}
shfree(pSyncMult);
} else {
rc = TC_SETUP_FAIL;
}
return rc;
}
list_selection *do_selection(list_selection * sel, const char *title,
void(*perform) (list_selection *, void *), void *data)
{
WINDOW *wn;
bool update = true;
list_selection *s;
list_selection *top = sel;
list_selection *current = top;
int i;
int height = 0, width = (int)strlen(title) + 8;
for (s = sel; s; s = s->next) {
if ((int)strlen(s->str) > width) {
width = (int)strlen(s->str);
}
++height;
log_debug("s %s w %d h %d\n", s->str, width, height);
}
if (height == 0 || width == 0)
return 0;
if (width + 3 > SX)
width = SX - 4;
if (height + 2 > SY)
height = SY - 2;
log_debug("w %d h %d\n", width, height);
wn =
newwin(height + 2, width + 4, (SY - height - 2) / 2, (SX - width - 4) / 2);
for (;;) {
int input;
if (update) {
for (s = top; s != NULL && top->index + height != s->index; s = s->next) {
i = s->index - top->index;
wmove(wn, i + 1, 4);
waddnstr(wn, s->str, -1);
wclrtoeol(wn);
}
wclrtobot(wn);
wxborder(wn);
mvwprintw(wn, 0, 2, "[ %s ]", title);
update = false;
}
i = current->index - top->index;
wattron(wn, A_BOLD | COLOR_PAIR(COLOR_YELLOW));
wmove(wn, i + 1, 2);
waddstr(wn, "->");
wmove(wn, i + 1, 4);
waddnstr(wn, current->str, width - 2);
wattroff(wn, A_BOLD | COLOR_PAIR(COLOR_YELLOW));
wrefresh(wn);
input = getch();
wmove(wn, i + 1, 2);
waddstr(wn, " ");
wmove(wn, i + 1, 4);
waddnstr(wn, current->str, width);
switch (input) {
case KEY_NPAGE:
for (i = 0; i != height / 2; ++i) {
if (current->next) {
current = current->next;
if (current->index - height >= top->index) {
top = current;
update = true;
}
}
}
break;
case KEY_PPAGE:
for (i = 0; i != height / 2; ++i) {
if (current->prev) {
if (current == top) {
top = sel;
while (top->index + height < current->index)
top = top->next;
update = true;
}
current = current->prev;
}
}
break;
case KEY_DOWN:
if (current->next) {
current = current->next;
if (current->index - height >= top->index) {
top = current;
update = true;
}
}
break;
case KEY_UP:
if (current->prev) {
if (current == top) {
top = sel;
while (top->index + height < current->index)
top = top->next;
update = true;
}
current = current->prev;
}
break;
case 27:
case 'q':
delwin(wn);
return NULL;
case 10:
case 13:
if (perform)
perform(current, data);
else {
delwin(wn);
return current;
}
break;
default:
s = current->next;
if (s == NULL)
s = top;
while (s != current) {
if (tolower(s->str[0]) == tolower(input)) {
current = s;
update = true;
}
else {
s = s->next;
if (s == NULL)
s = top;
}
}
if (current->index - height >= top->index) {
top = current;
update = true;
}
}
}
}
int
ikev2_pld_notify(struct iked *env, struct ikev2_payload *pld,
struct iked_message *msg, size_t offset, size_t left)
{
struct ikev2_notify n;
u_int8_t *buf, md[SHA_DIGEST_LENGTH];
size_t len;
u_int32_t spi32;
u_int64_t spi64;
struct iked_spi *rekey;
u_int16_t type;
u_int16_t group;
u_int16_t cpi;
u_int8_t transform;
if (ikev2_validate_notify(msg, offset, left, pld, &n))
return (-1);
type = betoh16(n.n_type);
log_debug("%s: protoid %s spisize %d type %s",
__func__,
print_map(n.n_protoid, ikev2_saproto_map), n.n_spisize,
print_map(type, ikev2_n_map));
len = betoh16(pld->pld_length) - sizeof(*pld) - sizeof(n);
if ((buf = ibuf_seek(msg->msg_data, offset + sizeof(n), len)) == NULL)
return (-1);
print_hex(buf, 0, len);
if (!ikev2_msg_frompeer(msg))
return (0);
switch (type) {
case IKEV2_N_NAT_DETECTION_SOURCE_IP:
case IKEV2_N_NAT_DETECTION_DESTINATION_IP:
if (len != sizeof(md)) {
log_debug("%s: malformed payload: hash size mismatch"
" (%zu != %zu)", __func__, len, sizeof(md));
return (-1);
}
if (ikev2_nat_detection(env, msg, md, sizeof(md), type) == -1)
return (-1);
if (memcmp(buf, md, len) != 0) {
log_debug("%s: %s detected NAT, enabling "
"UDP encapsulation", __func__,
print_map(type, ikev2_n_map));
/*
* Enable UDP encapsulation of ESP packages if
* the check detected NAT.
*/
if (msg->msg_sa != NULL)
msg->msg_sa->sa_udpencap = 1;
}
print_hex(md, 0, sizeof(md));
break;
case IKEV2_N_INVALID_KE_PAYLOAD:
if (len != sizeof(group)) {
log_debug("%s: malformed payload: group size mismatch"
" (%zu != %zu)", __func__, len, sizeof(group));
return (-1);
}
if (!msg->msg_sa->sa_hdr.sh_initiator) {
log_debug("%s: not an initiator", __func__);
sa_free(env, msg->msg_sa);
msg->msg_sa = NULL;
return (-1);
}
memcpy(&group, buf, len);
group = betoh16(group);
if ((msg->msg_policy->pol_peerdh = group_get(group))
== NULL) {
log_debug("%s: unable to select DH group %d", __func__,
group);
return (-1);
}
log_debug("%s: responder selected DH group %d", __func__,
group);
sa_free(env, msg->msg_sa);
msg->msg_sa = NULL;
timer_set(env, &env->sc_inittmr, ikev2_init_ike_sa, NULL);
timer_add(env, &env->sc_inittmr, IKED_INITIATOR_INITIAL);
break;
case IKEV2_N_NO_ADDITIONAL_SAS:
/* This makes sense for Child SAs only atm */
if (msg->msg_sa->sa_stateflags & IKED_REQ_CHILDSA) {
ikev2_disable_rekeying(env, msg->msg_sa);
msg->msg_sa->sa_stateflags &= ~IKED_REQ_CHILDSA;
}
break;
case IKEV2_N_REKEY_SA:
if (len != n.n_spisize) {
log_debug("%s: malformed notification", __func__);
return (-1);
}
rekey = &msg->msg_parent->msg_rekey;
if (rekey->spi != 0) {
log_debug("%s: rekeying of multiple SAs not supported",
__func__);
return (-1);
}
switch (n.n_spisize) {
case 4:
memcpy(&spi32, buf, len);
rekey->spi = betoh32(spi32);
break;
case 8:
memcpy(&spi64, buf, len);
rekey->spi = betoh64(spi64);
break;
default:
log_debug("%s: invalid spi size %d", __func__,
n.n_spisize);
return (-1);
}
rekey->spi_size = n.n_spisize;
rekey->spi_protoid = n.n_protoid;
log_debug("%s: rekey %s spi %s", __func__,
print_map(n.n_protoid, ikev2_saproto_map),
print_spi(rekey->spi, n.n_spisize));
break;
case IKEV2_N_IPCOMP_SUPPORTED:
if (len < sizeof(cpi) + sizeof(transform)) {
log_debug("%s: ignoring malformed ipcomp notification",
__func__);
return (0);
}
memcpy(&cpi, buf, sizeof(cpi));
memcpy(&transform, buf + sizeof(cpi), sizeof(transform));
log_debug("%s: cpi 0x%x, transform %s, len %zu", __func__,
betoh16(cpi), print_map(transform, ikev2_ipcomp_map), len);
/* we only support deflate */
if ((msg->msg_policy->pol_flags & IKED_POLICY_IPCOMP) &&
(transform == IKEV2_IPCOMP_DEFLATE)) {
msg->msg_sa->sa_ipcomp = transform;
msg->msg_sa->sa_cpi_out = betoh16(cpi);
}
break;
}
return (0);
}
void setup_task_timeouts(struct task *task, int io_timeout_arg)
{
int io_timeout_seconds = io_timeout_arg;
int id_renewal_seconds = 2 * io_timeout_seconds;
int id_renewal_fail_seconds = 8 * io_timeout_seconds;
int id_renewal_warn_seconds = 6 * io_timeout_seconds;
/* those above are chosen by us, the rest are based on them */
int host_dead_seconds = id_renewal_fail_seconds + WATCHDOG_FIRE_TIMEOUT;
int delta_large_delay = id_renewal_seconds + (6 * io_timeout_seconds);
int delta_short_delay = 2 * io_timeout_seconds;
int max = host_dead_seconds;
if (delta_large_delay > max)
max = delta_large_delay;
int delta_acquire_held_max = max + delta_short_delay + (4 * io_timeout_seconds);
int delta_acquire_held_min = max;
int delta_acquire_free_max = delta_short_delay + (3 * io_timeout_seconds);
int delta_acquire_free_min = delta_short_delay;
int delta_renew_max = 2 * io_timeout_seconds;
int delta_renew_min = 0;
int paxos_acquire_held_max = host_dead_seconds + (7 * io_timeout_seconds);
int paxos_acquire_held_min = host_dead_seconds;
int paxos_acquire_free_max = 6 * io_timeout_seconds;
int paxos_acquire_free_min = 0;
int request_finish_seconds = 3 * id_renewal_seconds; /* random */
task->io_timeout_seconds = io_timeout_seconds;
task->id_renewal_seconds = id_renewal_seconds;
task->id_renewal_fail_seconds = id_renewal_fail_seconds;
task->id_renewal_warn_seconds = id_renewal_warn_seconds;
task->host_dead_seconds = host_dead_seconds;
task->request_finish_seconds = request_finish_seconds;
/* the rest are calculated as needed in place */
/* hack to make just main thread log this info */
if (strcmp(task->name, "main"))
return;
log_debug("io_timeout_seconds %d", io_timeout_seconds);
log_debug("id_renewal_seconds %d", id_renewal_seconds);
log_debug("id_renewal_fail_seconds %d", id_renewal_fail_seconds);
log_debug("id_renewal_warn_seconds %d", id_renewal_warn_seconds);
log_debug("host_dead_seconds %d", host_dead_seconds);
log_debug("delta_large_delay %d", delta_large_delay);
log_debug("delta_short_delay %d", delta_short_delay);
log_debug("delta_acquire_held_max %d", delta_acquire_held_max);
log_debug("delta_acquire_held_min %d", delta_acquire_held_min);
log_debug("delta_acquire_free_max %d", delta_acquire_free_max);
log_debug("delta_acquire_free_min %d", delta_acquire_free_min);
log_debug("delta_renew_max %d", delta_renew_max);
log_debug("delta_renew_min %d", delta_renew_min);
log_debug("paxos_acquire_held_max %d", paxos_acquire_held_max);
log_debug("paxos_acquire_held_min %d", paxos_acquire_held_min);
log_debug("paxos_acquire_free_max %d", paxos_acquire_free_max);
log_debug("paxos_acquire_free_min %d", paxos_acquire_free_min);
log_debug("request_finish_seconds %d", request_finish_seconds);
}
int
ikev2_pld_delete(struct iked *env, struct ikev2_payload *pld,
struct iked_message *msg, size_t offset, size_t left)
{
struct iked_childsa **peersas = NULL;
struct iked_sa *sa = msg->msg_sa;
struct ikev2_delete del, *localdel;
struct ibuf *resp = NULL;
u_int64_t *localspi = NULL;
u_int64_t spi64, spi = 0;
u_int32_t spi32;
u_int8_t *buf, *msgbuf = ibuf_data(msg->msg_data);
size_t found = 0, failed = 0;
int cnt, i, len, sz, ret = -1;
/* Skip if it's a response, then we don't have to deal with it */
if (ikev2_msg_frompeer(msg) &&
msg->msg_parent->msg_response)
return (0);
if (ikev2_validate_delete(msg, offset, left, pld, &del))
return (-1);
cnt = betoh16(del.del_nspi);
sz = del.del_spisize;
log_debug("%s: proto %s spisize %d nspi %d",
__func__, print_map(del.del_protoid, ikev2_saproto_map),
sz, cnt);
buf = msgbuf + offset + sizeof(del);
len = betoh16(pld->pld_length) - sizeof(*pld) - sizeof(del);
print_hex(buf, 0, len);
switch (sz) {
case 4:
case 8:
break;
default:
if (del.del_protoid != IKEV2_SAPROTO_IKE) {
log_debug("%s: invalid SPI size", __func__);
return (-1);
}
if (ikev2_msg_frompeer(msg)) {
/* Send an empty informational response */
if ((resp = ibuf_static()) == NULL)
goto done;
ret = ikev2_send_ike_e(env, sa, resp,
IKEV2_PAYLOAD_NONE,
IKEV2_EXCHANGE_INFORMATIONAL, 1);
msg->msg_parent->msg_responded = 1;
ibuf_release(resp);
sa_state(env, sa, IKEV2_STATE_CLOSED);
return (ret);
}
log_debug("%s: invalid SPI size", __func__);
return (ret);
}
if ((len / sz) != cnt) {
log_debug("%s: invalid payload length %d/%d != %d",
__func__, len, sz, cnt);
return (-1);
}
if (ikev2_msg_frompeer(msg) &&
((peersas = calloc(cnt, sizeof(struct iked_childsa *))) == NULL ||
(localspi = calloc(cnt, sizeof(u_int64_t))) == NULL)) {
log_warn("%s", __func__);
goto done;
}
for (i = 0; i < cnt; i++) {
switch (sz) {
case 4:
memcpy(&spi32, buf + (i * sz), sizeof(spi32));
spi = betoh32(spi32);
break;
case 8:
memcpy(&spi64, buf + (i * sz), sizeof(spi64));
spi = betoh64(spi64);
break;
}
log_debug("%s: spi %s", __func__, print_spi(spi, sz));
if (peersas == NULL || sa == NULL)
continue;
if ((peersas[i] = childsa_lookup(sa, spi,
del.del_protoid)) == NULL) {
log_warnx("%s: CHILD SA doesn't exist for spi %s",
__func__, print_spi(spi, del.del_spisize));
continue;
}
if (ikev2_childsa_delete(env, sa, del.del_protoid, spi,
&localspi[i], 0) == -1)
failed++;
else
found++;
/*
* Flows are left in the require mode so that it would be
* possible to quickly negotiate a new Child SA
*/
}
/* Parsed outgoing message? */
if (!ikev2_msg_frompeer(msg))
goto done;
if (msg->msg_parent->msg_response) {
ret = 0;
goto done;
}
/* Response to the INFORMATIONAL with Delete payload */
if ((resp = ibuf_static()) == NULL)
goto done;
if (found) {
if ((localdel = ibuf_advance(resp, sizeof(*localdel))) == NULL)
goto done;
localdel->del_protoid = del.del_protoid;
localdel->del_spisize = del.del_spisize;
localdel->del_nspi = htobe16(found);
for (i = 0; i < cnt; i++) {
switch (sz) {
case 4:
spi32 = htobe32(localspi[i]);
if (ibuf_add(resp, &spi32, sizeof(spi32)) != 0)
goto done;
break;
case 8:
spi64 = htobe64(localspi[i]);
if (ibuf_add(resp, &spi64, sizeof(spi64)) != 0)
goto done;
break;
}
}
log_warnx("%s: deleted %zu spis", __func__, found);
}
if (found) {
ret = ikev2_send_ike_e(env, sa, resp, IKEV2_PAYLOAD_DELETE,
IKEV2_EXCHANGE_INFORMATIONAL, 1);
msg->msg_parent->msg_responded = 1;
} else {
/* XXX should we send an INVALID_SPI notification? */
ret = 0;
}
done:
if (localspi)
free(localspi);
if (peersas)
free(peersas);
ibuf_release(resp);
return (ret);
}
int
main(int argc, char **argv)
{
int ch;
const char *scriptpath = "/tmp/test.lua";
log_init(-1);
log_debug("debug: filter-lua: args: %s", argv[1]);
while ((ch = getopt(argc, argv, "")) != -1) {
switch (ch) {
default:
log_warnx("warn: filter-lua: bad option");
return (1);
/* NOTREACHED */
}
}
argc -= optind;
argv += optind;
log_debug("debug: filter-lua: starting...");
if ((L = luaL_newstate()) == NULL) {
log_warnx("warn: filter-lua: can't create lua state");
return (1);
}
luaL_openlibs(L);
luaL_newlib(L, l_filter);
luaL_newmetatable(L, "filter");
lua_setmetatable(L, -2);
lua_pushnumber(L, FILTER_OK);
lua_setfield(L, -2, "FILTER_OK");
lua_pushnumber(L, FILTER_FAIL);
lua_setfield(L, -2, "FILTER_FAIL");
lua_pushnumber(L, FILTER_CLOSE);
lua_setfield(L, -2, "FILTER_CLOSE");
lua_setglobal(L, "filter");
if (luaL_loadfile(L, scriptpath) != 0) {
log_warnx("warn: filter-lua: error loading script: %s", scriptpath);
return (1);
}
if (lua_pcall(L, 0, 0, 0)) {
log_warnx("warn: filter-lua: error running script: %s", scriptpath);
return (1);
}
lua_getglobal(L, "on_connect");
if (lua_isfunction(L, 1)) {
log_debug("debug: filter-lua: on_connect is present");
filter_api_on_connect(on_connect);
}
lua_getglobal(L, "on_helo");
if (lua_isfunction(L, 1)) {
log_debug("debug: filter-lua: on_helo is present");
filter_api_on_helo(on_helo);
}
lua_getglobal(L, "on_mail");
if (lua_isfunction(L, 1)) {
log_debug("debug: filter-lua: on_mail is present");
filter_api_on_mail(on_mail);
}
lua_getglobal(L, "on_rcpt");
if (lua_isfunction(L, 1)) {
log_debug("debug: filter-lua: on_rcpt is present");
filter_api_on_rcpt(on_rcpt);
}
lua_getglobal(L, "on_data");
if (lua_isfunction(L, 1)) {
log_debug("debug: filter-lua: on_data is present");
filter_api_on_data(on_data);
}
lua_getglobal(L, "on_eom");
if (lua_isfunction(L, 1)) {
log_debug("debug: filter-lua: on_eom is present");
filter_api_on_eom(on_eom);
}
filter_api_loop();
log_debug("debug: filter-lua: exiting");
return (0);
}
int
ikev2_pld_ts(struct iked *env, struct ikev2_payload *pld,
struct iked_message *msg, size_t offset, size_t left, u_int payload)
{
struct ikev2_tsp tsp;
struct ikev2_ts ts;
size_t len, i;
struct sockaddr_in s4;
struct sockaddr_in6 s6;
u_int8_t buf[2][128];
u_int8_t *msgbuf = ibuf_data(msg->msg_data);
if (ikev2_validate_ts(msg, offset, left, pld, &tsp))
return (-1);
offset += sizeof(tsp);
len = betoh16(pld->pld_length) - sizeof(*pld) - sizeof(tsp);
log_debug("%s: count %d length %zu", __func__,
tsp.tsp_count, len);
for (i = 0; i < tsp.tsp_count; i++) {
memcpy(&ts, msgbuf + offset, sizeof(ts));
log_debug("%s: type %s protoid %u length %d "
"startport %u endport %u", __func__,
print_map(ts.ts_type, ikev2_ts_map),
ts.ts_protoid, betoh16(ts.ts_length),
betoh16(ts.ts_startport),
betoh16(ts.ts_endport));
switch (ts.ts_type) {
case IKEV2_TS_IPV4_ADDR_RANGE:
bzero(&s4, sizeof(s4));
s4.sin_family = AF_INET;
s4.sin_len = sizeof(s4);
memcpy(&s4.sin_addr.s_addr,
msgbuf + offset + sizeof(ts), 4);
print_host((struct sockaddr *)&s4,
(char *)buf[0], sizeof(buf[0]));
memcpy(&s4.sin_addr.s_addr,
msgbuf + offset + sizeof(ts) + 4, 4);
print_host((struct sockaddr *)&s4,
(char *)buf[1], sizeof(buf[1]));
log_debug("%s: start %s end %s", __func__,
buf[0], buf[1]);
break;
case IKEV2_TS_IPV6_ADDR_RANGE:
bzero(&s6, sizeof(s6));
s6.sin6_family = AF_INET6;
s6.sin6_len = sizeof(s6);
memcpy(&s6.sin6_addr,
msgbuf + offset + sizeof(ts), 16);
print_host((struct sockaddr *)&s6,
(char *)buf[0], sizeof(buf[0]));
memcpy(&s6.sin6_addr,
msgbuf + offset + sizeof(ts) + 16, 16);
print_host((struct sockaddr *)&s6,
(char *)buf[1], sizeof(buf[1]));
log_debug("%s: start %s end %s", __func__,
buf[0], buf[1]);
break;
default:
break;
}
offset += betoh16(ts.ts_length);
}
return (0);
}
static int
cmd_medpolicy(struct lldpctl_conn_t *conn, struct writer *w,
struct cmd_env *env, void *arg)
{
log_debug("lldpctl", "set MED policy");
lldpctl_atom_t *iface;
while ((iface = cmd_iterate_on_interfaces(conn, env))) {
const char *name = lldpctl_atom_get_str(iface, lldpctl_k_interface_name);
lldpctl_atom_t *port = lldpctl_get_port(iface);
lldpctl_atom_t *med_policy = NULL, *med_policies = NULL;
const char *what = NULL;
med_policies = lldpctl_atom_get(port, lldpctl_k_port_med_policies);
if (med_policies == NULL) {
log_warnx("lldpctl", "unable to set LLDP-MED policies: support seems unavailable");
goto end;
}
med_policy = lldpctl_atom_iter_value(med_policies,
lldpctl_atom_iter_next(med_policies,
lldpctl_atom_iter(med_policies)));
if ((what = "application", lldpctl_atom_set_str(med_policy,
lldpctl_k_med_policy_type,
cmdenv_get(env, "application"))) == NULL ||
(what = "unknown flag", lldpctl_atom_set_int(med_policy,
lldpctl_k_med_policy_unknown,
cmdenv_get(env, "unknown")?1:0)) == NULL ||
(what = "tagged flag", lldpctl_atom_set_int(med_policy,
lldpctl_k_med_policy_tagged,
cmdenv_get(env, "tagged")?1:0)) == NULL ||
(what = "vlan",
cmdenv_get(env, "vlan")?
lldpctl_atom_set_str(med_policy,
lldpctl_k_med_policy_vid,
cmdenv_get(env, "vlan")):
lldpctl_atom_set_int(med_policy,
lldpctl_k_med_policy_vid, 0)) == NULL ||
(what = "priority",
cmdenv_get(env, "priority")?
lldpctl_atom_set_str(med_policy,
lldpctl_k_med_policy_priority,
cmdenv_get(env, "priority")):
lldpctl_atom_set_int(med_policy,
lldpctl_k_med_policy_priority,
0)) == NULL ||
(what = "dscp",
cmdenv_get(env, "dscp")?
lldpctl_atom_set_str(med_policy,
lldpctl_k_med_policy_dscp,
cmdenv_get(env, "dscp")):
lldpctl_atom_set_int(med_policy,
lldpctl_k_med_policy_dscp,
0)) == NULL)
log_warnx("lldpctl",
"unable to set LLDP MED policy value for %s on %s. %s.",
what, name, lldpctl_last_strerror(conn));
else {
if (lldpctl_atom_set(port, lldpctl_k_port_med_policies,
med_policy) == NULL) {
log_warnx("lldpctl", "unable to set LLDP MED policy on %s. %s.",
name, lldpctl_last_strerror(conn));
} else
log_info("lldpctl", "LLDP-MED policy has been set for port %s",
name);
}
end:
lldpctl_atom_dec_ref(med_policy);
lldpctl_atom_dec_ref(med_policies);
lldpctl_atom_dec_ref(port);
}
return 1;
}
int
ikev2_pld_payloads(struct iked *env, struct iked_message *msg,
size_t offset, size_t length, u_int payload)
{
struct ikev2_payload pld;
u_int e;
int ret;
u_int8_t *msgbuf = ibuf_data(msg->msg_data);
size_t left;
/* Check if message was decrypted in an E payload */
e = msg->msg_e ? IKED_E : 0;
while (payload != 0 && offset < length) {
/* Bytes left in datagram. */
left = length - offset;
if (ikev2_validate_pld(msg, offset, left, &pld))
return (-1);
log_debug("%s: %spayload %s"
" nextpayload %s critical 0x%02x length %d",
__func__, e ? "decrypted " : "",
print_map(payload, ikev2_payload_map),
print_map(pld.pld_nextpayload, ikev2_payload_map),
pld.pld_reserved & IKEV2_CRITICAL_PAYLOAD,
betoh16(pld.pld_length));
/* Skip over generic payload header. */
offset += sizeof(pld);
left -= sizeof(pld);
ret = 0;
switch (payload | e) {
case IKEV2_PAYLOAD_SA:
case IKEV2_PAYLOAD_SA | IKED_E:
ret = ikev2_pld_sa(env, &pld, msg, offset, left);
break;
case IKEV2_PAYLOAD_KE:
case IKEV2_PAYLOAD_KE | IKED_E:
ret = ikev2_pld_ke(env, &pld, msg, offset, left);
break;
case IKEV2_PAYLOAD_IDi | IKED_E:
case IKEV2_PAYLOAD_IDr | IKED_E:
ret = ikev2_pld_id(env, &pld, msg, offset, left,
payload);
break;
case IKEV2_PAYLOAD_CERT | IKED_E:
ret = ikev2_pld_cert(env, &pld, msg, offset, left);
break;
case IKEV2_PAYLOAD_CERTREQ:
case IKEV2_PAYLOAD_CERTREQ | IKED_E:
ret = ikev2_pld_certreq(env, &pld, msg, offset, left);
break;
case IKEV2_PAYLOAD_AUTH | IKED_E:
ret = ikev2_pld_auth(env, &pld, msg, offset, left);
break;
case IKEV2_PAYLOAD_NONCE:
case IKEV2_PAYLOAD_NONCE | IKED_E:
ret = ikev2_pld_nonce(env, &pld, msg, offset, left);
break;
case IKEV2_PAYLOAD_NOTIFY:
case IKEV2_PAYLOAD_NOTIFY | IKED_E:
ret = ikev2_pld_notify(env, &pld, msg, offset, left);
break;
case IKEV2_PAYLOAD_DELETE | IKED_E:
ret = ikev2_pld_delete(env, &pld, msg, offset, left);
break;
case IKEV2_PAYLOAD_TSi | IKED_E:
case IKEV2_PAYLOAD_TSr | IKED_E:
ret = ikev2_pld_ts(env, &pld, msg, offset, left,
payload);
break;
case IKEV2_PAYLOAD_SK:
ret = ikev2_pld_e(env, &pld, msg, offset);
break;
case IKEV2_PAYLOAD_CP | IKED_E:
ret = ikev2_pld_cp(env, &pld, msg, offset, left);
break;
case IKEV2_PAYLOAD_EAP | IKED_E:
ret = ikev2_pld_eap(env, &pld, msg, offset, left);
break;
default:
print_hex(msgbuf, offset,
betoh16(pld.pld_length) - sizeof(pld));
break;
}
if (ret != 0 && ikev2_msg_frompeer(msg)) {
(void)ikev2_send_informational(env, msg);
return (-1);
}
/* Encrypted payload must appear last */
if (payload == IKEV2_PAYLOAD_SK)
return (0);
payload = pld.pld_nextpayload;
offset += betoh16(pld.pld_length) - sizeof(pld);
}
return (0);
}
int bladerf_open_with_devinfo(struct bladerf **opened_device,
struct bladerf_devinfo *devinfo)
{
struct bladerf *dev;
int status;
*opened_device = NULL;
dev = (struct bladerf *)calloc(1, sizeof(struct bladerf));
if (dev == NULL) {
return BLADERF_ERR_MEM;
}
MUTEX_INIT(&dev->ctrl_lock);
MUTEX_INIT(&dev->sync_lock[BLADERF_MODULE_RX]);
MUTEX_INIT(&dev->sync_lock[BLADERF_MODULE_TX]);
dev->fpga_version.describe = calloc(1, BLADERF_VERSION_STR_MAX + 1);
if (dev->fpga_version.describe == NULL) {
free(dev);
return BLADERF_ERR_MEM;
}
dev->fw_version.describe = calloc(1, BLADERF_VERSION_STR_MAX + 1);
if (dev->fw_version.describe == NULL) {
free((void*)dev->fpga_version.describe);
free(dev);
return BLADERF_ERR_MEM;
}
status = backend_open(dev, devinfo);
if (status != 0) {
free((void*)dev->fw_version.describe);
free((void*)dev->fpga_version.describe);
free(dev);
return status;
}
status = dev->fn->get_device_speed(dev, &dev->usb_speed);
if (status < 0) {
log_debug("Failed to get device speed: %s\n",
bladerf_strerror(status));
goto error;
}
if (dev->usb_speed != BLADERF_DEVICE_SPEED_HIGH &&
dev->usb_speed != BLADERF_DEVICE_SPEED_SUPER) {
log_debug("Unsupported device speed: %d\n", dev->usb_speed);
goto error;
}
/* Verify that we have a sufficent firmware version before continuing. */
status = version_check_fw(dev);
if (status != 0) {
#ifdef LOGGING_ENABLED
if (status == BLADERF_ERR_UPDATE_FW) {
struct bladerf_version req;
const unsigned int dev_maj = dev->fw_version.major;
const unsigned int dev_min = dev->fw_version.minor;
const unsigned int dev_pat = dev->fw_version.patch;
unsigned int req_maj, req_min, req_pat;
version_required_fw(dev, &req, false);
req_maj = req.major;
req_min = req.minor;
req_pat = req.patch;
log_warning("Firmware v%u.%u.%u was detected. libbladeRF v%s "
"requires firmware v%u.%u.%u or later. An upgrade via "
"the bootloader is required.\n\n",
dev_maj, dev_min, dev_pat,
LIBBLADERF_VERSION,
req_maj, req_min, req_pat);
}
#endif
goto error;
}
/* VCTCXO trim and FPGA size are non-fatal indicators that we've
* trashed the calibration region of flash. If these were made fatal,
* we wouldn't be able to open the device to restore them. */
status = get_and_cache_vctcxo_trim(dev);
if (status < 0) {
log_warning("Failed to get VCTCXO trim value: %s\n",
bladerf_strerror(status));
}
status = get_and_cache_fpga_size(dev);
if (status < 0) {
log_warning("Failed to get FPGA size %s\n",
bladerf_strerror(status));
}
status = FPGA_IS_CONFIGURED(dev);
if (status > 0) {
/* If the FPGA version check fails, just warn, but don't error out.
*
* If an error code caused this function to bail out, it would prevent a
* user from being able to unload and reflash a bitstream being
* "autoloaded" from SPI flash. */
fpga_check_version(dev);
status = init_device(dev);
if (status != 0) {
goto error;
}
}
dev->rx_filter = -1;
dev->tx_filter = -1;
/* Load any configuration files or FPGA images that a user has stored
* for this device in their bladerf config directory */
status = config_load_all(dev);
error:
if (status < 0) {
bladerf_close(dev);
} else {
*opened_device = dev;
}
return status;
}
int
ikev2_validate_sa(struct iked_message *msg, size_t offset, size_t left,
struct ikev2_payload *pld, struct ikev2_sa_proposal *sap)
{
u_int8_t *msgbuf = ibuf_data(msg->msg_data);
size_t pld_length, sap_length;
pld_length = betoh16(pld->pld_length);
if (pld_length < sizeof(*pld) + sizeof(*sap)) {
log_debug("%s: malformed payload: specified length smaller "
"than minimum size (%zu < %zu)", __func__, pld_length,
sizeof(*pld) + sizeof(*sap));
return (-1);
}
/* This will actually be caught by earlier checks. */
if (left < sizeof(*sap)) {
log_debug("%s: malformed payload: too short for header "
"(%zu < %zu)", __func__, left, sizeof(*sap));
return (-1);
}
memcpy(sap, msgbuf + offset, sizeof(*sap));
sap_length = betoh16(sap->sap_length);
if (sap_length < sizeof(*sap)) {
log_debug("%s: malformed payload: shorter than minimum header "
"size (%zu < %zu)", __func__, sap_length, sizeof(*sap));
return (-1);
}
if (left < sap_length) {
log_debug("%s: malformed payload: too long for actual payload "
"size (%zu < %zu)", __func__, left, sap_length);
return (-1);
}
/*
* NB: There might be more proposals, we parse only the first one.
* This condition must never be true.
*/
if (pld_length - sizeof(*pld) < sap_length) {
log_debug("%s: payload malformed: SA payload length mismatches "
"proposal substructure length (%lu < %zu)", __func__,
pld_length - sizeof(*pld), sap_length);
return (-1);
}
/*
* If there is only one proposal, sap_length must be the
* total payload size.
*/
if (!sap->sap_more && ((pld_length - sizeof(*pld)) != sap_length)) {
log_debug("%s: payload malformed: SA payload length mismatches "
"single proposal substructure length (%lu != %zu)",
__func__, pld_length - sizeof(*pld), sap_length);
return (-1);
}
/*
* If there are more than one proposal, there must be bytes
* left in the payload.
*/
if (sap->sap_more && ((pld_length - sizeof(*pld)) <= sap_length)) {
log_debug("%s: payload malformed: SA payload too small for "
"further proposals (%zu <= %zu)", __func__,
pld_length - sizeof(*pld), sap_length);
return (-1);
}
return (0);
}
/* The thread started by start_feede3. */
static void *
feeder_thread (void *arg)
{
struct feeder_thread_parms *parm = arg;
char buffer[4096];
int rc;
if (parm->direction)
{
size_t nread = 0;
DWORD nwritten;
log_debug ("feeder_thread estream->pipe: stream=%p pipe=%p\n",
parm->stream, parm->hd);
while (parm->stream_valid
&& !es_read (parm->stream, buffer, sizeof buffer, &nread))
{
do
{
pth_enter ();
rc = WriteFile (parm->hd, buffer, nread, &nwritten, NULL);
pth_leave ();
if (!rc)
{
log_debug ("feeder(%p): WriteFile error: rc=%d\n",
parm->hd, (int)GetLastError ());
goto leave;
}
nread -= nwritten;
}
while (nread);
}
if (!parm->stream_valid)
log_debug ("feeder(%p): closed by other thread\n", parm->hd);
else if (nread)
log_debug ("feeder(%p): es_read error: %s\n",
parm->hd, strerror (errno));
}
else
{
DWORD nread = 0;
size_t nwritten;
log_debug ("feeder_thread pipe->estream: stream=%p pipe=%p\n",
parm->stream, parm->hd);
while ( (pth_enter (),
(rc = ReadFile (parm->hd, buffer, sizeof buffer, &nread, NULL)),
pth_leave (),
rc) && nread)
{
log_debug ("feeder_thread pipe->estream: read %d bytes\n",
(int)nread);
do
{
if (parm->stream_valid
&& es_write (parm->stream, buffer, nread, &nwritten))
{
log_debug ("feeder(%p): es_write error: %s\n",
parm->hd, strerror (errno));
goto leave;
}
log_debug ("feeder_thread pipe->estream: es_wrote %d bytes\n",
(int)nwritten);
nread -= nwritten;
}
while (nread && parm->stream_valid);
}
if (!parm->stream_valid)
log_debug ("feeder(%p): closed by other thread\n", parm->hd);
else if (nread)
log_debug ("feeder(%p): ReadFile error: rc=%d\n",
parm->hd, (int)GetLastError ());
else
log_debug ("feeder(%p): eof\n", parm->hd);
}
leave:
log_debug ("feeder(%p): waiting for es_fclose\n", parm->hd);
while (parm->stream_valid)
pth_yield (NULL);
log_debug ("feeder(%p): about to close the pipe handle\n", parm->hd);
CloseHandle (parm->hd);
log_debug ("feeder(%p): pipe handle closed\n", parm->hd);
xfree (parm);
return NULL;
}
/*
* NB: This function parses both the SA header and the first proposal.
* Additional proposals are ignored.
*/
int
ikev2_pld_sa(struct iked *env, struct ikev2_payload *pld,
struct iked_message *msg, size_t offset, size_t left)
{
struct ikev2_sa_proposal sap;
struct iked_proposal *prop = NULL;
u_int32_t spi32;
u_int64_t spi = 0, spi64;
u_int8_t *msgbuf = ibuf_data(msg->msg_data);
struct iked_proposals *props;
size_t total;
if (ikev2_validate_sa(msg, offset, left, pld, &sap))
return (-1);
if (sap.sap_more)
log_debug("%s: more than one proposal specified", __func__);
/* Assumed size of the first proposals, including SPI if present. */
total = (betoh16(sap.sap_length) - sizeof(sap));
props = &msg->msg_parent->msg_proposals;
offset += sizeof(sap);
left -= sizeof(sap);
if (sap.sap_spisize) {
if (left < sap.sap_spisize) {
log_debug("%s: malformed payload: SPI larger than "
"actual payload (%zu < %d)", __func__, left,
sap.sap_spisize);
return (-1);
}
if (total < sap.sap_spisize) {
log_debug("%s: malformed payload: SPI larger than "
"proposal (%zu < %d)", __func__, total,
sap.sap_spisize);
return (-1);
}
if (total < sap.sap_spisize) {
log_debug("%s: malformed payload: SPI too large "
"(%zu < %d)", __func__, total, sap.sap_spisize);
return (-1);
}
switch (sap.sap_spisize) {
case 4:
memcpy(&spi32, msgbuf + offset, 4);
spi = betoh32(spi32);
break;
case 8:
memcpy(&spi64, msgbuf + offset, 8);
spi = betoh64(spi64);
break;
default:
log_debug("%s: unsupported SPI size %d",
__func__, sap.sap_spisize);
return (-1);
}
offset += sap.sap_spisize;
left -= sap.sap_spisize;
/* Assumed size of the proposal, now without SPI. */
total -= sap.sap_spisize;
}
/*
* As we verified sanity of packet headers, this check will
* be always false, but just to be sure we keep it.
*/
if (left < total) {
log_debug("%s: payload malformed: too long for payload "
"(%zu < %zu)", __func__, left, total);
return (-1);
}
log_debug("%s: more %d reserved %d length %d"
" proposal #%d protoid %s spisize %d xforms %d spi %s",
__func__, sap.sap_more, sap.sap_reserved,
betoh16(sap.sap_length), sap.sap_proposalnr,
print_map(sap.sap_protoid, ikev2_saproto_map), sap.sap_spisize,
sap.sap_transforms, print_spi(spi, sap.sap_spisize));
if (ikev2_msg_frompeer(msg)) {
if ((msg->msg_parent->msg_prop = config_add_proposal(props,
sap.sap_proposalnr, sap.sap_protoid)) == NULL) {
log_debug("%s: invalid proposal", __func__);
return (-1);
}
prop = msg->msg_parent->msg_prop;
prop->prop_peerspi.spi = spi;
prop->prop_peerspi.spi_protoid = sap.sap_protoid;
prop->prop_peerspi.spi_size = sap.sap_spisize;
prop->prop_localspi.spi_protoid = sap.sap_protoid;
prop->prop_localspi.spi_size = sap.sap_spisize;
}
/*
* Parse the attached transforms
*/
if (sap.sap_transforms &&
ikev2_pld_xform(env, &sap, msg, offset, total) != 0) {
log_debug("%s: invalid proposal transforms", __func__);
return (-1);
}
return (0);
}
int main(int argc, char **argv)
{
/* I18n */
setlocale(LC_ALL, "");
#if ENABLE_NLS
bindtextdomain(PACKAGE, LOCALEDIR);
textdomain(PACKAGE);
#endif
abrt_init(argv);
const char *program_usage_string = _(
"& [-v -i -n INCREMENT] -e|--event EVENT DIR..."
);
char *event_name = NULL;
int interactive = 0; /* must be _int_, OPT_BOOL expects that! */
int nice_incr = 0;
struct options program_options[] = {
OPT__VERBOSE(&g_verbose),
OPT_STRING('e', "event" , &event_name, "EVENT", _("Run EVENT on DIR")),
OPT_BOOL('i', "interactive" , &interactive, _("Communicate directly to the user")),
OPT_INTEGER('n', "nice" , &nice_incr, _("Increment the nice value by INCREMENT")),
OPT_END()
};
parse_opts(argc, argv, program_options, program_usage_string);
argv += optind;
if (!*argv || !event_name)
show_usage_and_die(program_usage_string, program_options);
load_abrt_conf();
const char *const opt_env_nice = getenv("ABRT_EVENT_NICE");
if (opt_env_nice != NULL && opt_env_nice[0] != '\0')
{
log_debug("Using ABRT_EVENT_NICE=%s to increment the nice value", opt_env_nice);
nice_incr = xatoi(opt_env_nice);
}
if (nice_incr != 0)
{
log_debug("Incrementing the nice value by %d", nice_incr);
const int ret = nice(nice_incr);
if (ret == -1)
perror_msg_and_die("Failed to increment the nice value");
}
bool post_create = (strcmp(event_name, "post-create") == 0);
char *dump_dir_name = NULL;
while (*argv)
{
dump_dir_name = xstrdup(*argv++);
int i = strlen(dump_dir_name);
while (--i >= 0)
if (dump_dir_name[i] != '/')
break;
dump_dir_name[++i] = '\0';
struct dump_dir *dd = dd_opendir(dump_dir_name, /*flags:*/ DD_OPEN_READONLY);
if (!dd)
return 1;
uid = dd_load_text_ext(dd, FILENAME_UID, DD_FAIL_QUIETLY_ENOENT);
dd_close(dd);
struct run_event_state *run_state = new_run_event_state();
if (!interactive)
make_run_event_state_forwarding(run_state);
run_state->logging_callback = do_log;
if (post_create)
run_state->post_run_callback = is_crash_a_dup;
int r = run_event_on_dir_name(run_state, dump_dir_name, event_name);
const bool no_action_for_event = (r == 0 && run_state->children_count == 0);
free_run_event_state(run_state);
/* Needed only if is_crash_a_dup() was called, but harmless
* even if it wasn't:
*/
dup_uuid_fini();
dup_corebt_fini();
if (no_action_for_event)
error_msg_and_die("No actions are found for event '%s'", event_name);
//TODO: consider this case:
// new dump is created, post-create detects that it is a dup,
// but then load_crash_info(dup_name) *FAILS*.
// In this case, we later delete damaged dup_name (right?)
// but new dump never gets its FILENAME_COUNT set!
/* Is crash a dup? (In this case, is_crash_a_dup() should have
* aborted "post-create" event processing as soon as it saw uuid
* and determined that there is another crash with same uuid.
* In this case it sets crash_dump_dup_name)
*/
if (crash_dump_dup_name)
error_msg_and_die("DUP_OF_DIR: %s", crash_dump_dup_name);
/* Was there error on one of processing steps in run_event? */
if (r != 0)
return r; /* yes */
free(dump_dir_name);
dump_dir_name = NULL;
}
/* exit 0 means, that there is no duplicate of dump-dir */
return 0;
}
int
ikev2_pld_xform(struct iked *env, struct ikev2_sa_proposal *sap,
struct iked_message *msg, size_t offset, size_t total)
{
struct ikev2_transform xfrm;
char id[BUFSIZ];
int ret = 0;
size_t xfrm_length;
if (ikev2_validate_xform(msg, offset, total, &xfrm))
return (-1);
xfrm_length = betoh16(xfrm.xfrm_length);
switch (xfrm.xfrm_type) {
case IKEV2_XFORMTYPE_ENCR:
strlcpy(id, print_map(betoh16(xfrm.xfrm_id),
ikev2_xformencr_map), sizeof(id));
break;
case IKEV2_XFORMTYPE_PRF:
strlcpy(id, print_map(betoh16(xfrm.xfrm_id),
ikev2_xformprf_map), sizeof(id));
break;
case IKEV2_XFORMTYPE_INTEGR:
strlcpy(id, print_map(betoh16(xfrm.xfrm_id),
ikev2_xformauth_map), sizeof(id));
break;
case IKEV2_XFORMTYPE_DH:
strlcpy(id, print_map(betoh16(xfrm.xfrm_id),
ikev2_xformdh_map), sizeof(id));
break;
case IKEV2_XFORMTYPE_ESN:
strlcpy(id, print_map(betoh16(xfrm.xfrm_id),
ikev2_xformesn_map), sizeof(id));
break;
default:
snprintf(id, sizeof(id), "<%d>", betoh16(xfrm.xfrm_id));
break;
}
log_debug("%s: more %d reserved %d length %zu"
" type %s id %s",
__func__, xfrm.xfrm_more, xfrm.xfrm_reserved, xfrm_length,
print_map(xfrm.xfrm_type, ikev2_xformtype_map), id);
/*
* Parse transform attributes, if available
*/
msg->msg_attrlength = 0;
if (xfrm_length > sizeof(xfrm)) {
if (ikev2_pld_attr(env, &xfrm, msg, offset + sizeof(xfrm),
xfrm_length - sizeof(xfrm)) != 0) {
return (-1);
}
}
if (ikev2_msg_frompeer(msg)) {
if (config_add_transform(msg->msg_parent->msg_prop,
xfrm.xfrm_type, betoh16(xfrm.xfrm_id),
msg->msg_attrlength, msg->msg_attrlength) == NULL) {
log_debug("%s: failed to add transform", __func__);
return (-1);
}
}
/* Next transform */
offset += xfrm_length;
total -= xfrm_length;
if (xfrm.xfrm_more == IKEV2_XFORM_MORE)
ret = ikev2_pld_xform(env, sap, msg, offset, total);
else if (total != 0) {
/* No more transforms but still some data left. */
log_debug("%s: less data than specified, %zu bytes left",
__func__, total);
ret = -1;
}
return (ret);
}
/*
This function communicates with the kernel to check whether or not it should
allow the access.
If the machine is in permissive mode it will return ok. Audit messages will
still be generated if the access would be denied in enforcing mode.
*/
int mac_selinux_generic_access_check(
sd_bus_message *message,
const char *path,
const char *permission,
sd_bus_error *error) {
#ifdef HAVE_SELINUX
_cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL;
const char *tclass = NULL, *scon = NULL;
struct audit_info audit_info = {};
_cleanup_free_ char *cl = NULL;
security_context_t fcon = NULL;
char **cmdline = NULL;
int r = 0;
assert(message);
assert(permission);
assert(error);
if (!mac_selinux_use())
return 0;
r = mac_selinux_access_init(error);
if (r < 0)
return r;
r = sd_bus_query_sender_creds(
message,
SD_BUS_CREDS_PID|SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|
SD_BUS_CREDS_CMDLINE|SD_BUS_CREDS_AUDIT_LOGIN_UID|
SD_BUS_CREDS_SELINUX_CONTEXT|
SD_BUS_CREDS_AUGMENT /* get more bits from /proc */,
&creds);
if (r < 0)
goto finish;
r = sd_bus_creds_get_selinux_context(creds, &scon);
if (r < 0)
goto finish;
if (path) {
/* Get the file context of the unit file */
r = getfilecon(path, &fcon);
if (r < 0) {
r = sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Failed to get file context on %s.", path);
goto finish;
}
tclass = "service";
} else {
r = getcon(&fcon);
if (r < 0) {
r = sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Failed to get current context.");
goto finish;
}
tclass = "system";
}
sd_bus_creds_get_cmdline(creds, &cmdline);
cl = strv_join(cmdline, " ");
audit_info.creds = creds;
audit_info.path = path;
audit_info.cmdline = cl;
r = selinux_check_access((security_context_t) scon, fcon, tclass, permission, &audit_info);
if (r < 0)
r = sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "SELinux policy denies access.");
log_debug("SELinux access check scon=%s tcon=%s tclass=%s perm=%s path=%s cmdline=%s: %i", scon, fcon, tclass, permission, path, cl, r);
finish:
freecon(fcon);
if (r < 0 && security_getenforce() != 1) {
sd_bus_error_free(error);
r = 0;
}
return r;
#else
return 0;
#endif
}
static int test_item4(void)
{
int rc = TC_PASS;
TYPE_VALUE* target_addr = NULL;
TYPE_VALUE* source_addr = NULL;
TYPE_VALUE source_value = 0;
TYPE_VALUE expect_value = 0;
int num_proc = 0;
int my_proc = 0;
num_proc = _num_pes();
my_proc = _my_pe();
pWrk = shmalloc(sizeof(*pWrk) * sys_max(1/2 + 1, _SHMEM_REDUCE_MIN_WRKDATA_SIZE));
if (pWrk)
{
source_addr = shmalloc(sizeof(*source_addr));
target_addr = source_addr;
}
if (target_addr && source_addr)
{
TYPE_VALUE value = DEFAULT_VALUE;
int j = 0;
/* Set my value */
source_value = (TYPE_VALUE)my_proc;
*source_addr = source_value;
/* Define expected value */
expect_value = 0;
/* This guarantees that PE set initial value before peer change one */
for ( j = 0; j < _SHMEM_REDUCE_SYNC_SIZE; j++ )
{
pSync[j] = _SHMEM_SYNC_VALUE;
}
shmem_barrier_all();
/* Put value to peer */
FUNC_VALUE(target_addr, source_addr, 1, 0, 0, num_proc, pWrk, pSync);
/* Get value put by peer:
* These routines start the remote transfer and may return before the data
* is delivered to the remote PE
*/
shmem_barrier_all();
{
int total_wait = 0;
while (*target_addr == DEFAULT_VALUE && total_wait < 1000 * WAIT_COUNT)
{
total_wait++;
usleep(1);
}
value = *target_addr;
}
rc = (expect_value == value ? TC_PASS : TC_FAIL);
log_debug(OSH_TC, "my#%d source = %lld expected = %lld actual = %lld\n",
my_proc, (INT64_TYPE)source_value, (INT64_TYPE)expect_value, (INT64_TYPE)value);
}
else
{
rc = TC_SETUP_FAIL;
}
if (source_addr)
{
shfree(source_addr);
}
if (pWrk)
{
shfree(pWrk);
pWrk = NULL;
}
return rc;
}
