~mdw / become / blob
? search:


1d1eba89d9cf20ee6288af71f6f1d50fdc3c02e1
[become] / src / check.c
1 /* -*-c-*-
2 *
3 * $Id: check.c,v 1.2 1997/08/04 10:24:20 mdw Exp $
4 *
5 * Check validity of requests
6 *
7 * (c) 1997 EBI
8 */
9
10 /*----- Licensing notice --------------------------------------------------*
11 *
12 * This file is part of `become'
13 *
14 * `Become' is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
18 *
19 * `Become' is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
23 *
24 * You should have received a copy of the GNU General Public License
25 * along with `become'; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 */
28
29 /*----- Revision history --------------------------------------------------*
30 *
31 * $Log: check.c,v $
32 * Revision 1.2 1997/08/04 10:24:20 mdw
33 * Sources placed under CVS control.
34 *
35 * Revision 1.1 1997/07/21 13:47:53 mdw
36 * Initial revision
37 *
38 */
39
40 /*----- Header files ------------------------------------------------------*/
41
42 /* --- ANSI headers --- */
43
44 #include <ctype.h>
45 #include <errno.h>
46 #include <stdio.h>
47 #include <stdlib.h>
48 #include <string.h>
49 #include <time.h>
50
51 /* --- Unix headers --- */
52
53 #include <sys/time.h>
54 #include <sys/types.h>
55 #include <sys/socket.h>
56
57 #include <netinet/in.h>
58
59 #include <arpa/inet.h>
60
61 #include <netdb.h>
62 #include <unistd.h>
63
64 /* --- Local headers --- */
65
66 #include "become.h"
67 #include "config.h"
68 #include "crypt.h"
69 #include "idea.h"
70 #include "lexer.h"
71 #include "name.h"
72 #include "rule.h"
73 #include "parser.h"
74 #include "tx.h"
75 #include "userdb.h"
76 #include "utils.h"
77
78 /*----- Main code ---------------------------------------------------------*/
79
80 /* --- @check__send@ --- *
81 *
82 * Arguments: @unsigned char *crq@ = pointer to encrypted request
83 * @int fd@ = socket to send from
84 * @struct sockaddr_in *serv@ = pointer to table of servers
85 * @size_t n_serv@ = number of servers
86 *
87 * Returns: ---
88 *
89 * Use: Sends the request packet to the list of servers. If the
90 * message couldn't be sent to any of them, an error is
91 * reported.
92 */
93
94 static void check__send(unsigned char *crq, int fd,
95 struct sockaddr_in *serv, size_t n_serv)
96 {
97 size_t i;
98 int ok = 0;
99 int err = 0;
100
101 for (i = 0; i < n_serv; i++) {
102 if (sendto(fd, (char *)crq, crq_size, 0,
103 (struct sockaddr *)(serv + i), sizeof(serv[i])) < 0) {
104 T( trace(TRACE_CLIENT, "client: send to %s failed: %s",
105 inet_ntoa(serv[i].sin_addr), strerror(errno)); )
106 err = errno;
107 } else
108 ok = 1;
109 }
110
111 if (!ok)
112 die("couldn't send request to server: %s", strerror(err));
113 }
114
115 /* --- @check__ask@ --- *
116 *
117 * Arguments: @request *rq@ = pointer to request buffer
118 * @struct sockaddr_in *serv@ = pointer to table of servers
119 * @size_t n_serv@ = number of servers
120 *
121 * Returns: Nonzero if OK, zero if forbidden
122 *
123 * Use: Contacts a number of servers to decide whether the request
124 * is OK.
125 */
126
127 static int check__ask(request *rq, struct sockaddr_in *serv, size_t n_serv)
128 {
129 int fd;
130 unsigned char crq[crq_size];
131 unsigned char sk[IDEA_KEYSIZE];
132 time_t t;
133 pid_t pid;
134
135 /* --- First, build the encrypted request packet --- */
136
137 {
138 unsigned char k[IDEA_KEYSIZE];
139 FILE *fp;
140
141 /* --- Read in the encryption key --- */
142
143 if ((fp = fopen(file_KEY, "r")) == 0) {
144 die("couldn't open key file `%s': %s", file_KEY,
145 strerror(errno));
146 }
147 tx_getBits(k, 128, fp);
148
149 /* --- Now build a request packet --- */
150
151 t = time(0);
152 pid = getpid();
153 crypt_packRequest(rq, crq, t, pid, k, sk);
154 burn(k);
155 T( trace(TRACE_CLIENT, "client: encrypted request packet"); )
156 }
157
158 /* --- Create my socket --- */
159
160 {
161 struct sockaddr_in sin;
162
163 if ((fd = socket(PF_INET, SOCK_DGRAM, 0)) < 0)
164 die("couldn't create socket: %s", strerror(errno));
165
166 /* --- Bind myself to some address --- */
167
168 sin.sin_family = AF_INET;
169 sin.sin_port = 0;
170 sin.sin_addr.s_addr = htonl(INADDR_ANY);
171
172 if (bind(fd, (struct sockaddr *)&sin, sizeof(sin)) < 0)
173 die("couldn't bind socket to address: %s", strerror(errno));
174 }
175
176 /* --- Now wait for a reply --- */
177
178 {
179 fd_set fds;
180 struct timeval start, now, tv;
181 int ind;
182 size_t i;
183
184 /* --- State table for waiting for replies --- *
185 *
186 * For each number, send off the request to our servers, and wait for
187 * that many seconds to have elapsed since we started. If the number is
188 * %$-1$% then it's time to give up.
189 */
190
191 static int tbl[] = { 0, 5, 10, 20, -1 };
192
193 /* --- Find out when we are --- */
194
195 gettimeofday(&start, 0);
196 ind = 0;
197
198 /* --- Now loop until everything's done --- */
199
200 for (;;) {
201 gettimeofday(&now, 0);
202
203 /* --- If the current timer has expired, find one that hasn't --- *
204 *
205 * Also resend the request after I've found a timer which is still
206 * extant. If there aren't any, report an error.
207 */
208
209 if (now.tv_sec >= start.tv_sec + tbl[ind] &&
210 now.tv_usec >= start.tv_usec) {
211 do {
212 ind++;
213 if (tbl[ind] < 0)
214 die("no reply from servers");
215 } while (now.tv_sec >= start.tv_sec + tbl[ind] &&
216 now.tv_usec >= start.tv_usec);
217 check__send(crq, fd, serv, n_serv);
218 T( trace(TRACE_CLIENT, "client: send request to servers"); )
219 }
220
221 /* --- Now wait for a packet to arrive --- */
222
223 if (now.tv_usec > start.tv_usec) {
224 now.tv_usec -= 1000000;
225 now.tv_sec += 1;
226 }
227 tv.tv_sec = start.tv_sec + tbl[ind] - now.tv_sec;
228 tv.tv_usec = start.tv_usec - now.tv_usec;
229
230 /* --- Sort out file descriptors to watch --- */
231
232 FD_ZERO(&fds);
233 FD_SET(fd, &fds);
234
235 /* --- Wait for them --- */
236
237 i = select(FD_SETSIZE, &fds, 0, 0, &tv);
238 if (i == 0 || (i < 0 && errno == EINTR))
239 continue;
240 if (i < 0)
241 die("error waiting for reply: %s", strerror(errno));
242
243 /* --- A reply should be waiting now --- */
244
245 {
246 struct sockaddr_in sin;
247 int slen = sizeof(sin);
248 unsigned char buff[256];
249 int answer;
250
251 /* --- Read the reply data --- */
252
253 if (recvfrom(fd, (char *)buff, sizeof(buff), 0,
254 (struct sockaddr *)&sin, &slen) < 0)
255 die("error reading server's reply: %s", strerror(errno));
256
257 IF_TRACING(TRACE_CLIENT, {
258 struct hostent *h = gethostbyaddr((char *)&sin.sin_addr,
259 sizeof(sin.sin_addr), AF_INET);
260 trace(TRACE_CLIENT, "client: reply received from %s port %i",
261 h ? h->h_name : inet_ntoa(sin.sin_addr),
262 ntohs(sin.sin_port));
263 })
264
265 /* --- Verify the sender --- *
266 *
267 * This is more to avoid confusion than for security: an active
268 * attacker is quite capable of forging the source address. We rely
269 * on the checksum in the reply packet for authentication.
270 */
271
272 for (i = 0; i < n_serv; i++) {
273 if (sin.sin_addr.s_addr == serv[i].sin_addr.s_addr &&
274 sin.sin_port == serv[i].sin_port)
275 break;
276 }
277 if (i >= n_serv) {
278 T( trace(TRACE_CLIENT, "client: reply from unknown host"); )
279 continue;
280 }
281
282 /* --- Unpack and verify the response --- */
283
284 answer = crypt_unpackReply(buff, sk, t, pid);
285 if (answer < 0) {
286 T( trace(TRACE_CLIENT,
287 "client: invalid or corrupt reply packet"); )
288 continue;
289 }
290 return (answer);
291 }
292 }
293 }
294
295 die("internal error: can't get here in check__ask");
296 return (0);
297 }
298
299 /* --- @check__client@ --- *
300 *
301 * Arguments: @request *rq@ = pointer to a request block
302 * @FILE *fp@ = file containing server configuration
303 *
304 * Returns: Nonzero if OK, zero if forbidden
305 *
306 * Use: Asks one or several servers whether a request is acceptable.
307 */
308
309 int check__client(request *rq, FILE *fp)
310 {
311 /* --- Format of the file --- *
312 *
313 * The `servers' file contains entries of the form
314 *
315 * %%\syntax{<host> [`:' <port>]}%%
316 *
317 * separates by whitespace. I build them all into an array of socket
318 * addresses and pass the whole lot to another function.
319 */
320
321 struct sockaddr_in *serv; /* Array of servers */
322 size_t n_serv, max_serv; /* Number and maximum number */
323
324 /* --- Initialise the server array --- */
325
326 T( trace(TRACE_CLIENT, "client: reading server definitions"); )
327 n_serv = 0; max_serv = 4; /* Four seems reasonable */
328 serv = xmalloc(sizeof(*serv) * max_serv);
329
330 /* --- Start reading the file --- */
331
332 {
333 char buff[256], *p, *l; /* A buffer and pointers for it */
334 int port; /* Default port for servers */
335 int state; /* Current parser state */
336 struct in_addr t_host; /* Temp place for an address*/
337 int t_port; /* Temp place for a port */
338 int ch; /* The current character */
339
340 /* --- Parser states --- */
341
342 enum {
343 st_start, /* Waiting to begin */
344 st_host, /* Reading a new hostname */
345 st_colon, /* Expecting a colon, maybe */
346 st_preport, /* Waiting before reading port */
347 st_port, /* Reading a port number */
348 st_commit, /* Commit a newly read server */
349 st_done /* Finished reading the file */
350 };
351
352 /* --- Find a default port --- */
353
354 {
355 struct servent *s = getservbyname(quis(), "udp");
356 port = (s ? s->s_port : -1);
357 }
358
359 /* --- Initialise for scanning the file --- */
360
361 state = st_host;
362 p = buff;
363 l = buff + sizeof(buff);
364 t_port = port;
365 ch = getc(fp);
366
367 /* --- Go for it --- */
368
369 while (state != st_done) {
370 switch (state) {
371
372 /* --- Initial whitespace before hostname --- */
373
374 case st_start:
375 if (ch == EOF)
376 state = st_done;
377 else if (isspace((unsigned char)ch))
378 ch = getc(fp);
379 else
380 state = st_host;
381 break;
382
383 /* --- Read a host name --- */
384
385 case st_host:
386 if (p == l)
387 die("string too long in `" file_SERVER "'");
388 if (ch != EOF && !isspace((unsigned char)ch) && ch != ':') {
389 *p++ = ch;
390 ch = getc(fp);
391 } else {
392 struct hostent *h;
393
394 *p++ = 0;
395 if ((h = gethostbyname(buff)) == 0)
396 die("unknown host `%s' in `" file_SERVER "'", buff);
397 memcpy(&t_host, h->h_addr, sizeof(t_host));
398 state = st_colon;
399 }
400 break;
401
402 /* --- Waiting for a colon coming up --- */
403
404 case st_colon:
405 if (ch == EOF)
406 state = st_commit;
407 else if (isspace((unsigned char)ch))
408 ch = getc(fp);
409 else if (ch == ':') {
410 state = st_preport;
411 ch = getc(fp);
412 }
413 else
414 state = st_commit;
415 break;
416
417 /* --- Clearing whitespace before a port number --- */
418
419 case st_preport:
420 if (ch == EOF)
421 state = st_commit;
422 else if (isspace((unsigned char)ch))
423 ch = getc(fp);
424 else {
425 state = st_port;
426 p = buff;
427 }
428 break;
429
430 /* --- Read a port number --- */
431
432 case st_port:
433 if (p == l)
434 die("string too long in `" file_SERVER "'");
435 if (ch != EOF && !isspace((unsigned char)ch) && ch != ':') {
436 *p++ = ch;
437 ch = getc(fp);
438 } else {
439 struct servent *s;
440
441 *p++ = 0;
442 s = getservbyname(buff, "udp");
443 if (!s && isdigit((unsigned char)buff[0]))
444 t_port = htons(atoi(buff));
445 else if (!s)
446 die("unknown service `%s' in `" file_SERVER "'", buff);
447 else
448 t_port = s->s_port;
449 state = st_commit;
450 }
451 break;
452
453 /* --- A server has been read successfully --- */
454
455 case st_commit:
456 if (n_serv == max_serv) {
457 max_serv *= 2;
458 serv = xrealloc(serv, max_serv * sizeof(*serv));
459 }
460 serv[n_serv].sin_family = AF_INET;
461 serv[n_serv].sin_addr = t_host;
462 serv[n_serv].sin_port = t_port;
463 n_serv++;
464 state = st_start;
465 p = buff;
466 t_port = port;
467 break;
468
469 /* --- A safety net for a broken parser --- */
470
471 default:
472 die("internal error: can't get here in check__client");
473 break;
474 }
475 }
476 }
477
478 fclose(fp);
479
480 /* --- Now start sending requests --- */
481
482 if (!n_serv)
483 die("no servers specified in `" file_SERVER "'");
484
485 IF_TRACING(TRACE_CLIENT, {
486 size_t i;
487
488 for (i = 0; i < n_serv; i++) {
489 trace(TRACE_CLIENT, "client: server %s port %i",
490 inet_ntoa(serv[i].sin_addr), ntohs(serv[i].sin_port));
491 }
492 })
493 return (check__ask(rq, serv, n_serv));
494 }
495
496 /* --- @check@ --- *
497 *
498 * Arguments: @request *rq@ = pointer to request buffer
499 *
500 * Returns: Nonzero if OK, zero if forbidden
501 *
502 * Use: Checks to see if the request is acceptable.
503 */
504
505 int check(request *rq)
506 {
507 FILE *fp;
508
509 /* --- Check if we need to talk to a server --- */
510
511 if ((fp = fopen(file_SERVER, "r")) != 0)
512 return (check__client(rq, fp));
513
514 /* --- Otherwise do this all the old-fashioned way --- */
515
516 if ((fp = fopen(file_RULES, "r")) == 0) {
517 die("couldn't read configuration file `%s': %s",
518 file_RULES, strerror(errno));
519 }
520
521 userdb_init();
522 userdb_local();
523 userdb_yp();
524 name_init();
525 rule_init();
526 lexer_scan(fp);
527 yyparse();
528
529 return (rule_check(rq));
530 }
531
532 /*----- That's all, folks -------------------------------------------------*/
Management for shared accounts