[become] / src / check.c

/* -*-c-*-
 *
 * $Id: check.c,v 1.10 1999/05/04 16:17:12 mdw Exp $
 *
 * Check validity of requests
 *
 * (c) 1998 EBI
 */

/*----- Licensing notice --------------------------------------------------*
 *
 * This file is part of `become'
 *
 * `Become' is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * `Become' is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with `become'; if not, write to the Free Software Foundation,
 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 */

/*----- Revision history --------------------------------------------------*
 *
 * $Log: check.c,v $
 * Revision 1.10  1999/05/04 16:17:12  mdw
 * Change to header file name for parser.  See log for `parse.h' for
 * details.
 *
 * Revision 1.9  1998/06/19  13:48:16  mdw
 * Set close-on-exec flag for UDP socket.
 *
 * Revision 1.8  1998/06/18 15:10:44  mdw
 * SECURITY HOLE: the file descriptor for the secret key was left open and
 * inherited by the target process.  This is now fixed.  Also set
 * close-on-exec flags on key file, close config file carefully, and close
 * UDP socket after receiving reply from server.
 *
 * Revision 1.7  1998/04/23 13:22:08  mdw
 * Support no-network configuration option, and new interface to
 * configuration file parser.
 *
 * Revision 1.6  1998/01/12 16:45:47  mdw
 * Fix copyright date.
 *
 * Revision 1.5  1997/09/26 09:14:58  mdw
 * Merged blowfish branch into trunk.
 *
 * Revision 1.4.2.1  1997/09/26 09:08:01  mdw
 * Use the Blowfish encryption algorithm instead of IDEA.  This is partly
 * because I prefer Blowfish (without any particularly strong evidence) but
 * mainly because IDEA is patented and Blowfish isn't.
 *
 * Revision 1.4  1997/08/07 09:52:05  mdw
 * (Log entry for previous version is bogus.)  Added support for multiple
 * servers.
 *
 * Revision 1.2  1997/08/04 10:24:20  mdw
 * Sources placed under CVS control.
 *
 * Revision 1.1  1997/07/21  13:47:53  mdw
 * Initial revision
 *
 */

/*----- Header files ------------------------------------------------------*/

/* --- ANSI headers --- */

#include <ctype.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>

/* --- Unix headers --- */

#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>

#include <netinet/in.h>

#include <arpa/inet.h>

#include <fcntl.h>
#include <netdb.h>
#include <unistd.h>

/* --- Local headers --- */

#include "become.h"
#include "blowfish.h"
#include "config.h"
#include "crypt.h"
#include "lexer.h"
#include "name.h"
#include "netg.h"
#include "rule.h"
#include "parse.h"
#include "tx.h"
#include "userdb.h"
#include "utils.h"

/*----- Client-end network support ----------------------------------------*/

#ifndef NONETWORK

/* --- @check__send@ --- *
 *
 * Arguments:	@unsigned char *crq@ = pointer to encrypted request
 *		@int fd@ = socket to send from
 *		@struct sockaddr_in *serv@ = pointer to table of servers
 *		@size_t n_serv@ = number of servers
 *
 * Returns:	---
 *
 * Use:		Sends the request packet to the list of servers.  If the
 *		message couldn't be sent to any of them, an error is
 *		reported.
 */

static void check__send(unsigned char *crq, int fd,
			struct sockaddr_in *serv, size_t n_serv)
{
  size_t i;
  int ok = 0;
  int err = 0;

  for (i = 0; i < n_serv; i++) {
    if (sendto(fd, (char *)crq, crq_size, 0,
	       (struct sockaddr *)(serv + i), sizeof(serv[i])) < 0) {
      T( trace(TRACE_CLIENT, "client: send to %s failed: %s",
	       inet_ntoa(serv[i].sin_addr), strerror(errno)); )
      err = errno;
    } else
      ok = 1;
  }

  if (!ok)
    die("couldn't send request to server: %s", strerror(err));
}

/* --- @check__ask@ --- *
 *
 * Arguments:	@request *rq@ = pointer to request buffer
 *		@struct sockaddr_in *serv@ = pointer to table of servers
 *		@size_t n_serv@ = number of servers
 *
 * Returns:	Nonzero if OK, zero if forbidden
 *
 * Use:		Contacts a number of servers to decide whether the request
 *		is OK.
 */

static int check__ask(request *rq, struct sockaddr_in *serv, size_t n_serv)
{
  int fd;
  unsigned char crq[crq_size];
  unsigned char sk[BLOWFISH_KEYSIZE];
  time_t t;
  pid_t pid;

  /* --- First, build the encrypted request packet --- */

  {
    unsigned char k[BLOWFISH_KEYSIZE];
    FILE *fp;

    /* --- Read in the encryption key --- */

    if ((fp = fopen(file_KEY, "r")) == 0) {
      die("couldn't open key file `%s': %s", file_KEY,
	  strerror(errno));
    }
    if (fcntl(fileno(fp), F_SETFD, 1) < 0) {
      die("couldn't set close-on-exec on key file `%s': %s", file_KEY,
	  strerror(errno));
    }
    tx_getBits(k, 128, fp);
    fclose(fp);

    /* --- Now build a request packet --- */

    t = time(0);
    pid = getpid();
    crypt_packRequest(rq, crq, t, pid, k, sk);
    burn(k);
    T( trace(TRACE_CLIENT, "client: encrypted request packet"); )
  }

  /* --- Create my socket --- */

  {
    struct sockaddr_in sin;

    if ((fd = socket(PF_INET, SOCK_DGRAM, 0)) < 0)
      die("couldn't create socket: %s", strerror(errno));
    if (fcntl(fd, F_SETFD, 1) < 0)
      die("couldn't set close-on-exec flag for socket: %s", strerror(errno));

    /* --- Bind myself to some address --- */

    sin.sin_family = AF_INET;
    sin.sin_port = 0;
    sin.sin_addr.s_addr = htonl(INADDR_ANY);

    if (bind(fd, (struct sockaddr *)&sin, sizeof(sin)) < 0)
      die("couldn't bind socket to address: %s", strerror(errno));
  }

  /* --- Now wait for a reply --- */

  {
    fd_set fds;
    struct timeval start, now, tv;
    int ind;
    size_t i;

    /* --- State table for waiting for replies --- *
     *
     * For each number, send off the request to our servers, and wait for
     * that many seconds to have elapsed since we started.  If the number is
     * %$-1$% then it's time to give up.
     */

    static int tbl[] = { 0, 5, 10, 20, -1 };

    /* --- Find out when we are --- */

    gettimeofday(&start, 0);
    ind = 0;

    /* --- Now loop until everything's done --- */

    for (;;) {
      gettimeofday(&now, 0);

      /* --- If the current timer has expired, find one that hasn't --- *
       *
       * Also resend the request after I've found a timer which is still
       * extant.  If there aren't any, report an error.
       */

      if (now.tv_sec >= start.tv_sec + tbl[ind] &&
	  now.tv_usec >= start.tv_usec) {
	do {
	  ind++;
	  if (tbl[ind] < 0)
	    die("no reply from servers");
	} while (now.tv_sec >= start.tv_sec + tbl[ind] &&
		 now.tv_usec >= start.tv_usec);
	check__send(crq, fd, serv, n_serv);
	T( trace(TRACE_CLIENT, "client: send request to servers"); )
      }

      /* --- Now wait for a packet to arrive --- */

      if (now.tv_usec > start.tv_usec) {
	now.tv_usec -= 1000000;
	now.tv_sec += 1;
      }
      tv.tv_sec = start.tv_sec + tbl[ind] - now.tv_sec;
      tv.tv_usec = start.tv_usec - now.tv_usec;

      /* --- Sort out file descriptors to watch --- */

      FD_ZERO(&fds);
      FD_SET(fd, &fds);

      /* --- Wait for them --- */

      i = select(FD_SETSIZE, &fds, 0, 0, &tv);
      if (i == 0 || (i < 0 && errno == EINTR))
	continue;
      if (i < 0)
	die("error waiting for reply: %s", strerror(errno));

      /* --- A reply should be waiting now --- */

      {
	struct sockaddr_in sin;
	int slen = sizeof(sin);
	unsigned char buff[256];
	int answer;

	/* --- Read the reply data --- */

	if (recvfrom(fd, (char *)buff, sizeof(buff), 0,
		     (struct sockaddr *)&sin, &slen) < 0)
	  die("error reading server's reply: %s", strerror(errno));

	IF_TRACING(TRACE_CLIENT, {
	  struct hostent *h = gethostbyaddr((char *)&sin.sin_addr,
					    sizeof(sin.sin_addr), AF_INET);
	  trace(TRACE_CLIENT, "client: reply received from %s port %i",
		h ? h->h_name : inet_ntoa(sin.sin_addr),
		ntohs(sin.sin_port));
	})

	/* --- Verify the sender --- *
	 *
	 * This is more to avoid confusion than for security: an active
	 * attacker is quite capable of forging the source address.  We rely
	 * on the checksum in the reply packet for authentication.
	 */

	for (i = 0; i < n_serv; i++) {
	  if (sin.sin_addr.s_addr == serv[i].sin_addr.s_addr &&
	      sin.sin_port == serv[i].sin_port)
	    break;
	}
	if (i >= n_serv) {
	  T( trace(TRACE_CLIENT, "client: reply from unknown host"); )
	  continue;
	}

	/* --- Unpack and verify the response --- */

	answer = crypt_unpackReply(buff, sk, t, pid);
	if (answer < 0) {
	  T( trace(TRACE_CLIENT,
		   "client: invalid or corrupt reply packet"); )
	  continue;
	}
	close(fd);
	return (answer);
      }
    }
  }

  die("internal error: can't get here in check__ask");
  return (0);
}

/* --- @check__client@ --- *
 *
 * Arguments:	@request *rq@ = pointer to a request block
 *		@FILE *fp@ = file containing server configuration
 *
 * Returns:	Nonzero if OK, zero if forbidden
 *
 * Use:		Asks one or several servers whether a request is acceptable.
 */

int check__client(request *rq, FILE *fp)
{
  /* --- Format of the file --- *
   *
   * The `servers' file contains entries of the form
   *
   *    %%\syntax{<host> [`:' <port>]}%%
   *
   * separates by whitespace.  I build them all into an array of socket
   * addresses and pass the whole lot to another function.
   */

  struct sockaddr_in *serv;		/* Array of servers */
  size_t n_serv, max_serv;		/* Number and maximum number */

  /* --- Initialise the server array --- */

  T( trace(TRACE_CLIENT, "client: reading server definitions"); )
  n_serv = 0; max_serv = 4;		/* Four seems reasonable */
  serv = xmalloc(sizeof(*serv) * max_serv);

  /* --- Start reading the file --- */

  {
    char buff[256], *p, *l;		/* A buffer and pointers for it */
    int port;				/* Default port for servers */
    int state;				/* Current parser state */
    struct in_addr t_host;		/* Temp place for an address*/
    int t_port;				/* Temp place for a port */
    int ch;				/* The current character */

    /* --- Parser states --- */

    enum {
      st_start,				/* Waiting to begin */
      st_host,				/* Reading a new hostname */
      st_colon,				/* Expecting a colon, maybe */
      st_preport,			/* Waiting before reading port */
      st_port,				/* Reading a port number */
      st_commit,			/* Commit a newly read server */
      st_done				/* Finished reading the file */
    };

    /* --- Find a default port --- */

    {
      struct servent *s = getservbyname(quis(), "udp");
      port = (s ? s->s_port : -1);
    }

    /* --- Initialise for scanning the file --- */

    state = st_host;
    p = buff;
    l = buff + sizeof(buff);
    t_port = port;
    ch = getc(fp);

    /* --- Go for it --- */

    while (state != st_done) {
      switch (state) {

	/* --- Initial whitespace before hostname --- */

	case st_start:
	  if (ch == EOF)
	    state = st_done;
	  else if (isspace((unsigned char)ch))
	    ch = getc(fp);
	  else
	    state = st_host;
	  break;

	/* --- Read a host name --- */

	case st_host:
	  if (p == l)
	    die("string too long in `" file_SERVER "'");
	  if (ch != EOF && !isspace((unsigned char)ch) && ch != ':') {
	    *p++ = ch;
	    ch = getc(fp);
	  } else {
	    struct hostent *h;

	    *p++ = 0;
	    if ((h = gethostbyname(buff)) == 0)
	      die("unknown host `%s' in `" file_SERVER "'", buff);
	    memcpy(&t_host, h->h_addr, sizeof(t_host));
	    state = st_colon;
	  }
	  break;

	/* --- Waiting for a colon coming up --- */

	case st_colon:
	  if (ch == EOF)
	    state = st_commit;
	  else if (isspace((unsigned char)ch))
	    ch = getc(fp);
	  else if (ch == ':') {
	    state = st_preport;
	    ch = getc(fp);
	  }
	  else
	    state = st_commit;
	  break;

	/* --- Clearing whitespace before a port number --- */

	case st_preport:
	  if (ch == EOF)
	    state = st_commit;
	  else if (isspace((unsigned char)ch))
	    ch = getc(fp);
	  else {
	    state = st_port;
	    p = buff;
	  }
	  break;

	/* --- Read a port number --- */

	case st_port:
	  if (p == l)
	    die("string too long in `" file_SERVER "'");
	  if (ch != EOF && !isspace((unsigned char)ch) && ch != ':') {
	    *p++ = ch;
	    ch = getc(fp);
	  } else {
	    struct servent *s;

	    *p++ = 0;
	    s = getservbyname(buff, "udp");
	    if (!s && isdigit((unsigned char)buff[0]))
	      t_port = htons(atoi(buff));
	    else if (!s)
	      die("unknown service `%s' in `" file_SERVER "'", buff);
	    else
	      t_port = s->s_port;
	    state = st_commit;
	  }
	  break;

	/* --- A server has been read successfully --- */

	case st_commit:
	  if (n_serv == max_serv) {
	    max_serv *= 2;
	    serv = xrealloc(serv, max_serv * sizeof(*serv));
	  }
	  serv[n_serv].sin_family = AF_INET;
	  serv[n_serv].sin_addr = t_host;
	  serv[n_serv].sin_port = t_port;
	  n_serv++;
	  state = st_start;
	  p = buff;
	  t_port = port;
	  break;

	/* --- A safety net for a broken parser --- */

	default:
	  die("internal error: can't get here in check__client");
	  break;	  
      }
    }
  }

  fclose(fp);

  /* --- Now start sending requests --- */

  if (!n_serv)
    die("no servers specified in `" file_SERVER "'");

  IF_TRACING(TRACE_CLIENT, {
    size_t i;

    for (i = 0; i < n_serv; i++) {
      trace(TRACE_CLIENT, "client: server %s port %i",
	    inet_ntoa(serv[i].sin_addr), ntohs(serv[i].sin_port));
    }
  })
  return (check__ask(rq, serv, n_serv));
}

#endif

/*----- Main checking function --------------------------------------------*/

/* --- @check@ --- *
 *
 * Arguments:	@request *rq@ = pointer to request buffer
 *
 * Returns:	Nonzero if OK, zero if forbidden
 *
 * Use:		Checks to see if the request is acceptable.
 */

int check(request *rq)
{
  FILE *fp;

  /* --- Check if we need to talk to a server --- */

#ifndef NONETWORK
  if ((fp = fopen(file_SERVER, "r")) != 0)
    return (check__client(rq, fp));
#endif

  /* --- Otherwise do this all the old-fashioned way --- */

  if ((fp = fopen(file_RULES, "r")) == 0) {
    die("couldn't read configuration file `%s': %s",
	file_RULES, strerror(errno));
  }

  userdb_init();
  userdb_local();
  userdb_yp();
  netg_init();
  name_init();
  rule_init();
  lexer_scan(fp);
  parse();
  fclose(fp);

  return (rule_check(rq));
}

/*----- That's all, folks -------------------------------------------------*/
Commit	Line	Data
c4f2d992	1	/* --c--
c4f2d992	2	*
79fae27d	3	* $Id: check.c,v 1.10 1999/05/04 16:17:12 mdw Exp $
c4f2d992	4	*
	5	* Check validity of requests
	6	*
c758e654	7	* (c) 1998 EBI
c4f2d992	8	*/
c4f2d992	9
03f996bd	10	/----- Licensing notice --------------------------------------------------
c4f2d992	11	*
	12	* This file is part of `become'
	13	*
	14	* `Become' is free software; you can redistribute it and/or modify
	15	* it under the terms of the GNU General Public License as published by
	16	* the Free Software Foundation; either version 2 of the License, or
	17	* (at your option) any later version.
	18	*
	19	* `Become' is distributed in the hope that it will be useful,
	20	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	21	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	22	* GNU General Public License for more details.
	23	*
	24	* You should have received a copy of the GNU General Public License
03f996bd	25	* along with `become'; if not, write to the Free Software Foundation,
03f996bd	26	* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
c4f2d992	27	*/
	28
	29	/----- Revision history --------------------------------------------------
	30	*
	31	* $Log: check.c,v $
79fae27d	32	* Revision 1.10 1999/05/04 16:17:12 mdw
	33	* Change to header file name for parser. See log for `parse.h' for
	34	* details.
	35	*
	36	* Revision 1.9 1998/06/19 13:48:16 mdw
9739ca83	37	* Set close-on-exec flag for UDP socket.
9739ca83	38	*
ff2d3282	39	* Revision 1.8 1998/06/18 15:10:44 mdw
	40	* SECURITY HOLE: the file descriptor for the secret key was left open and
	41	* inherited by the target process. This is now fixed. Also set
	42	* close-on-exec flags on key file, close config file carefully, and close
	43	* UDP socket after receiving reply from server.
	44	*
318c0b91	45	* Revision 1.7 1998/04/23 13:22:08 mdw
	46	* Support no-network configuration option, and new interface to
	47	* configuration file parser.
	48	*
c758e654	49	* Revision 1.6 1998/01/12 16:45:47 mdw
	50	* Fix copyright date.
	51	*
9e5602f0	52	* Revision 1.5 1997/09/26 09:14:58 mdw
	53	* Merged blowfish branch into trunk.
	54	*
	55	* Revision 1.4.2.1 1997/09/26 09:08:01 mdw
	56	* Use the Blowfish encryption algorithm instead of IDEA. This is partly
	57	* because I prefer Blowfish (without any particularly strong evidence) but
	58	* mainly because IDEA is patented and Blowfish isn't.
	59	*
27d7bfc2	60	* Revision 1.4 1997/08/07 09:52:05 mdw
	61	* (Log entry for previous version is bogus.) Added support for multiple
	62	* servers.
607937a4	63	*
03f996bd	64	* Revision 1.2 1997/08/04 10:24:20 mdw
	65	* Sources placed under CVS control.
	66	*
	67	* Revision 1.1 1997/07/21 13:47:53 mdw
c4f2d992	68	* Initial revision
	69	*
	70	*/
	71
	72	/----- Header files ------------------------------------------------------/
	73
	74	/* --- ANSI headers --- */
	75
	76	#include <ctype.h>
	77	#include <errno.h>
	78	#include <stdio.h>
	79	#include <stdlib.h>
	80	#include <string.h>
	81	#include <time.h>
	82
	83	/* --- Unix headers --- */
	84
	85	#include <sys/time.h>
	86	#include <sys/types.h>
	87	#include <sys/socket.h>
	88
	89	#include <netinet/in.h>
	90
	91	#include <arpa/inet.h>
	92
ff2d3282	93	#include <fcntl.h>
c4f2d992	94	#include <netdb.h>
	95	#include <unistd.h>
	96
	97	/* --- Local headers --- */
	98
	99	#include "become.h"
9e5602f0	100	#include "blowfish.h"
c4f2d992	101	#include "config.h"
c4f2d992	102	#include "crypt.h"
c4f2d992	103	#include "lexer.h"
c4f2d992	104	#include "name.h"
607937a4	105	#include "netg.h"
c4f2d992	106	#include "rule.h"
79fae27d	107	#include "parse.h"
c4f2d992	108	#include "tx.h"
03f996bd	109	#include "userdb.h"
c4f2d992	110	#include "utils.h"
c4f2d992	111
318c0b91	112	/----- Client-end network support ----------------------------------------/
	113
	114	#ifndef NONETWORK
c4f2d992	115
03f996bd	116	/* --- @check__send@ --- *
	117	*
	118	* Arguments: @unsigned char *crq@ = pointer to encrypted request
	119	* @int fd@ = socket to send from
	120	* @struct sockaddr_in *serv@ = pointer to table of servers
	121	* @size_t n_serv@ = number of servers
	122	*
	123	* Returns: ---
	124	*
	125	* Use: Sends the request packet to the list of servers. If the
	126	* message couldn't be sent to any of them, an error is
	127	* reported.
	128	*/
	129
	130	static void check__send(unsigned char *crq, int fd,
	131	struct sockaddr_in *serv, size_t n_serv)
	132	{
	133	size_t i;
	134	int ok = 0;
	135	int err = 0;
	136
	137	for (i = 0; i < n_serv; i++) {
	138	if (sendto(fd, (char *)crq, crq_size, 0,
	139	(struct sockaddr *)(serv + i), sizeof(serv[i])) < 0) {
	140	T( trace(TRACE_CLIENT, "client: send to %s failed: %s",
	141	inet_ntoa(serv[i].sin_addr), strerror(errno)); )
	142	err = errno;
	143	} else
	144	ok = 1;
	145	}
	146
	147	if (!ok)
	148	die("couldn't send request to server: %s", strerror(err));
	149	}
	150
	151	/* --- @check__ask@ --- *
c4f2d992	152	*
c4f2d992	153	* Arguments: @request *rq@ = pointer to request buffer
03f996bd	154	* @struct sockaddr_in *serv@ = pointer to table of servers
03f996bd	155	* @size_t n_serv@ = number of servers
c4f2d992	156	*
	157	* Returns: Nonzero if OK, zero if forbidden
	158	*
03f996bd	159	* Use: Contacts a number of servers to decide whether the request
03f996bd	160	* is OK.
c4f2d992	161	*/
c4f2d992	162
03f996bd	163	static int check__ask(request rq, struct sockaddr_in serv, size_t n_serv)
c4f2d992	164	{
c4f2d992	165	int fd;
c4f2d992	166	unsigned char crq[crq_size];
9e5602f0	167	unsigned char sk[BLOWFISH_KEYSIZE];
c4f2d992	168	time_t t;
	169	pid_t pid;
	170
03f996bd	171	/* --- First, build the encrypted request packet --- */
c4f2d992	172
03f996bd	173	{
9e5602f0	174	unsigned char k[BLOWFISH_KEYSIZE];
03f996bd	175	FILE *fp;
c4f2d992	176
03f996bd	177	/* --- Read in the encryption key --- */
c4f2d992	178
03f996bd	179	if ((fp = fopen(file_KEY, "r")) == 0) {
	180	die("couldn't open key file `%s': %s", file_KEY,
	181	strerror(errno));
	182	}
ff2d3282	183	if (fcntl(fileno(fp), F_SETFD, 1) < 0) {
	184	die("couldn't set close-on-exec on key file `%s': %s", file_KEY,
	185	strerror(errno));
	186	}
03f996bd	187	tx_getBits(k, 128, fp);
ff2d3282	188	fclose(fp);
c4f2d992	189
03f996bd	190	/* --- Now build a request packet --- */
c4f2d992	191
03f996bd	192	t = time(0);
	193	pid = getpid();
	194	crypt_packRequest(rq, crq, t, pid, k, sk);
	195	burn(k);
	196	T( trace(TRACE_CLIENT, "client: encrypted request packet"); )
c4f2d992	197	}
c4f2d992	198
03f996bd	199	/* --- Create my socket --- */
c4f2d992	200
c4f2d992	201	{
03f996bd	202	struct sockaddr_in sin;
c4f2d992	203
03f996bd	204	if ((fd = socket(PF_INET, SOCK_DGRAM, 0)) < 0)
03f996bd	205	die("couldn't create socket: %s", strerror(errno));
9739ca83	206	if (fcntl(fd, F_SETFD, 1) < 0)
9739ca83	207	die("couldn't set close-on-exec flag for socket: %s", strerror(errno));
c4f2d992	208
03f996bd	209	/* --- Bind myself to some address --- */
c4f2d992	210
03f996bd	211	sin.sin_family = AF_INET;
	212	sin.sin_port = 0;
	213	sin.sin_addr.s_addr = htonl(INADDR_ANY);
c4f2d992	214
03f996bd	215	if (bind(fd, (struct sockaddr *)&sin, sizeof(sin)) < 0)
03f996bd	216	die("couldn't bind socket to address: %s", strerror(errno));
c4f2d992	217	}
c4f2d992	218
03f996bd	219	/* --- Now wait for a reply --- */
c4f2d992	220
c4f2d992	221	{
03f996bd	222	fd_set fds;
	223	struct timeval start, now, tv;
	224	int ind;
	225	size_t i;
c4f2d992	226
03f996bd	227	/* --- State table for waiting for replies --- *
	228	*
	229	* For each number, send off the request to our servers, and wait for
	230	* that many seconds to have elapsed since we started. If the number is
	231	* %$-1$% then it's time to give up.
	232	*/
c4f2d992	233
03f996bd	234	static int tbl[] = { 0, 5, 10, 20, -1 };
c4f2d992	235
03f996bd	236	/* --- Find out when we are --- */
c4f2d992	237
03f996bd	238	gettimeofday(&start, 0);
03f996bd	239	ind = 0;
c4f2d992	240
03f996bd	241	/* --- Now loop until everything's done --- */
c4f2d992	242
c4f2d992	243	for (;;) {
03f996bd	244	gettimeofday(&now, 0);
c4f2d992	245
03f996bd	246	/* --- If the current timer has expired, find one that hasn't --- *
	247	*
	248	* Also resend the request after I've found a timer which is still
	249	* extant. If there aren't any, report an error.
	250	*/
	251
	252	if (now.tv_sec >= start.tv_sec + tbl[ind] &&
	253	now.tv_usec >= start.tv_usec) {
	254	do {
	255	ind++;
	256	if (tbl[ind] < 0)
	257	die("no reply from servers");
	258	} while (now.tv_sec >= start.tv_sec + tbl[ind] &&
	259	now.tv_usec >= start.tv_usec);
	260	check__send(crq, fd, serv, n_serv);
	261	T( trace(TRACE_CLIENT, "client: send request to servers"); )
	262	}
c4f2d992	263
03f996bd	264	/* --- Now wait for a packet to arrive --- */
	265
	266	if (now.tv_usec > start.tv_usec) {
c4f2d992	267	now.tv_usec -= 1000000;
	268	now.tv_sec += 1;
	269	}
03f996bd	270	tv.tv_sec = start.tv_sec + tbl[ind] - now.tv_sec;
03f996bd	271	tv.tv_usec = start.tv_usec - now.tv_usec;
c4f2d992	272
	273	/* --- Sort out file descriptors to watch --- */
	274
	275	FD_ZERO(&fds);
	276	FD_SET(fd, &fds);
	277
	278	/* --- Wait for them --- */
	279
	280	i = select(FD_SETSIZE, &fds, 0, 0, &tv);
03f996bd	281	if (i == 0 \|\| (i < 0 && errno == EINTR))
03f996bd	282	continue;
c4f2d992	283	if (i < 0)
	284	die("error waiting for reply: %s", strerror(errno));
	285
	286	/* --- A reply should be waiting now --- */
	287
	288	{
	289	struct sockaddr_in sin;
	290	int slen = sizeof(sin);
	291	unsigned char buff[256];
	292	int answer;
	293
	294	/* --- Read the reply data --- */
	295
	296	if (recvfrom(fd, (char *)buff, sizeof(buff), 0,
	297	(struct sockaddr *)&sin, &slen) < 0)
	298	die("error reading server's reply: %s", strerror(errno));
	299
03f996bd	300	IF_TRACING(TRACE_CLIENT, {
	301	struct hostent h = gethostbyaddr((char )&sin.sin_addr,
	302	sizeof(sin.sin_addr), AF_INET);
	303	trace(TRACE_CLIENT, "client: reply received from %s port %i",
	304	h ? h->h_name : inet_ntoa(sin.sin_addr),
	305	ntohs(sin.sin_port));
	306	})
	307
	308	/* --- Verify the sender --- *
	309	*
	310	* This is more to avoid confusion than for security: an active
	311	* attacker is quite capable of forging the source address. We rely
	312	* on the checksum in the reply packet for authentication.
	313	*/
	314
	315	for (i = 0; i < n_serv; i++) {
	316	if (sin.sin_addr.s_addr == serv[i].sin_addr.s_addr &&
	317	sin.sin_port == serv[i].sin_port)
	318	break;
	319	}
	320	if (i >= n_serv) {
	321	T( trace(TRACE_CLIENT, "client: reply from unknown host"); )
c4f2d992	322	continue;
03f996bd	323	}
ff2d3282	324
c4f2d992	325	/* --- Unpack and verify the response --- */
	326
	327	answer = crypt_unpackReply(buff, sk, t, pid);
03f996bd	328	if (answer < 0) {
	329	T( trace(TRACE_CLIENT,
	330	"client: invalid or corrupt reply packet"); )
c4f2d992	331	continue;
03f996bd	332	}
ff2d3282	333	close(fd);
c4f2d992	334	return (answer);
	335	}
	336	}
	337	}
	338
03f996bd	339	die("internal error: can't get here in check__ask");
c4f2d992	340	return (0);
	341	}
	342
03f996bd	343	/* --- @check__client@ --- *
	344	*
	345	* Arguments: @request *rq@ = pointer to a request block
	346	* @FILE *fp@ = file containing server configuration
	347	*
	348	* Returns: Nonzero if OK, zero if forbidden
	349	*
	350	* Use: Asks one or several servers whether a request is acceptable.
	351	*/
	352
	353	int check__client(request rq, FILE fp)
	354	{
	355	/* --- Format of the file --- *
	356	*
	357	* The `servers' file contains entries of the form
	358	*
	359	* %%\syntax{<host> [`:' <port>]}%%
	360	*
	361	* separates by whitespace. I build them all into an array of socket
	362	* addresses and pass the whole lot to another function.
	363	*/
	364
	365	struct sockaddr_in serv; / Array of servers */
	366	size_t n_serv, max_serv; /* Number and maximum number */
	367
	368	/* --- Initialise the server array --- */
	369
	370	T( trace(TRACE_CLIENT, "client: reading server definitions"); )
	371	n_serv = 0; max_serv = 4; /* Four seems reasonable */
	372	serv = xmalloc(sizeof(serv) max_serv);
	373
	374	/* --- Start reading the file --- */
	375
	376	{
	377	char buff[256], p, l; /* A buffer and pointers for it */
	378	int port; /* Default port for servers */
	379	int state; /* Current parser state */
	380	struct in_addr t_host; /* Temp place for an address*/
	381	int t_port; /* Temp place for a port */
	382	int ch; /* The current character */
	383
	384	/* --- Parser states --- */
	385
	386	enum {
	387	st_start, /* Waiting to begin */
	388	st_host, /* Reading a new hostname */
	389	st_colon, /* Expecting a colon, maybe */
	390	st_preport, /* Waiting before reading port */
	391	st_port, /* Reading a port number */
	392	st_commit, /* Commit a newly read server */
	393	st_done /* Finished reading the file */
	394	};
	395
	396	/* --- Find a default port --- */
	397
	398	{
	399	struct servent *s = getservbyname(quis(), "udp");
	400	port = (s ? s->s_port : -1);
	401	}
	402
	403	/* --- Initialise for scanning the file --- */
	404
	405	state = st_host;
	406	p = buff;
407	l = buff + sizeof(buff);
408	t_port = port;
409	ch = getc(fp);
410
411	/* --- Go for it --- */
412
413	while (state != st_done) {
414	switch (state) {
415
416	/* --- Initial whitespace before hostname --- */
417
418	case st_start:
419	if (ch == EOF)
420	state = st_done;
421	else if (isspace((unsigned char)ch))
422	ch = getc(fp);
423	else
424	state = st_host;
425	break;
426
427	/* --- Read a host name --- */
428
429	case st_host:
430	if (p == l)
431	die("string too long in `" file_SERVER "'");
432	if (ch != EOF && !isspace((unsigned char)ch) && ch != ':') {
433	*p++ = ch;
434	ch = getc(fp);
435	} else {
436	struct hostent *h;
437
438	*p++ = 0;
439	if ((h = gethostbyname(buff)) == 0)
440	die("unknown host `%s' in `" file_SERVER "'", buff);
441	memcpy(&t_host, h->h_addr, sizeof(t_host));
442	state = st_colon;
443	}
444	break;
445
446	/* --- Waiting for a colon coming up --- */
447
448	case st_colon:
449	if (ch == EOF)
450	state = st_commit;
451	else if (isspace((unsigned char)ch))
452	ch = getc(fp);
453	else if (ch == ':') {
454	state = st_preport;
455	ch = getc(fp);
456	}
457	else
458	state = st_commit;
459	break;
460
461	/* --- Clearing whitespace before a port number --- */
462
463	case st_preport:
464	if (ch == EOF)
465	state = st_commit;
466	else if (isspace((unsigned char)ch))
467	ch = getc(fp);
468	else {
469	state = st_port;
470	p = buff;
471	}
472	break;
473
474	/* --- Read a port number --- */
475
476	case st_port:
477	if (p == l)
478	die("string too long in `" file_SERVER "'");
479	if (ch != EOF && !isspace((unsigned char)ch) && ch != ':') {
480	*p++ = ch;
481	ch = getc(fp);
482	} else {
483	struct servent *s;
484
485	*p++ = 0;
486	s = getservbyname(buff, "udp");
487	if (!s && isdigit((unsigned char)buff[0]))
488	t_port = htons(atoi(buff));
489	else if (!s)
490	die("unknown service `%s' in `" file_SERVER "'", buff);
491	else
492	t_port = s->s_port;
493	state = st_commit;
494	}
495	break;
496
497	/* --- A server has been read successfully --- */
498
499	case st_commit:
500	if (n_serv == max_serv) {
501	max_serv *= 2;
502	serv = xrealloc(serv, max_serv * sizeof(*serv));
503	}
504	serv[n_serv].sin_family = AF_INET;
505	serv[n_serv].sin_addr = t_host;
506	serv[n_serv].sin_port = t_port;
507	n_serv++;
508	state = st_start;
509	p = buff;
510	t_port = port;
511	break;
512
513	/* --- A safety net for a broken parser --- */
514
515	default:
516	die("internal error: can't get here in check__client");
517	break;
518	}
519	}
520	}
521
522	fclose(fp);
523
524	/* --- Now start sending requests --- */
525
526	if (!n_serv)
527	die("no servers specified in `" file_SERVER "'");
528
529	IF_TRACING(TRACE_CLIENT, {
530	size_t i;
531
532	for (i = 0; i < n_serv; i++) {
533	trace(TRACE_CLIENT, "client: server %s port %i",
534	inet_ntoa(serv[i].sin_addr), ntohs(serv[i].sin_port));
535	}
536	})
537	return (check__ask(rq, serv, n_serv));
538	}
539
318c0b91	540	#endif
	541
	542	/----- Main checking function --------------------------------------------/
	543
c4f2d992	544	/* --- @check@ --- *
	545	*
	546	* Arguments: @request *rq@ = pointer to request buffer
	547	*
	548	* Returns: Nonzero if OK, zero if forbidden
	549	*
	550	* Use: Checks to see if the request is acceptable.
	551	*/
	552
	553	int check(request *rq)
	554	{
	555	FILE *fp;
	556
	557	/* --- Check if we need to talk to a server --- */
	558
318c0b91	559	#ifndef NONETWORK
03f996bd	560	if ((fp = fopen(file_SERVER, "r")) != 0)
03f996bd	561	return (check__client(rq, fp));
318c0b91	562	#endif
c4f2d992	563
03f996bd	564	/* --- Otherwise do this all the old-fashioned way --- */
c4f2d992	565
	566	if ((fp = fopen(file_RULES, "r")) == 0) {
	567	die("couldn't read configuration file `%s': %s",
	568	file_RULES, strerror(errno));
	569	}
	570
03f996bd	571	userdb_init();
	572	userdb_local();
	573	userdb_yp();
607937a4	574	netg_init();
c4f2d992	575	name_init();
	576	rule_init();
	577	lexer_scan(fp);
318c0b91	578	parse();
ff2d3282	579	fclose(fp);
c4f2d992	580
	581	return (rule_check(rq));
	582	}
	583
	584	/----- That's all, folks -------------------------------------------------/