~mdw / become / blob
? search:


7e614333a4d22cce8d481f2e8cd9a933f23d82b9
[become] / src / check.c
1 /* -*-c-*-
2 *
3 * $Id: check.c,v 1.5 1997/09/26 09:14:58 mdw Exp $
4 *
5 * Check validity of requests
6 *
7 * (c) 1997 EBI
8 */
9
10 /*----- Licensing notice --------------------------------------------------*
11 *
12 * This file is part of `become'
13 *
14 * `Become' is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
18 *
19 * `Become' is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
23 *
24 * You should have received a copy of the GNU General Public License
25 * along with `become'; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 */
28
29 /*----- Revision history --------------------------------------------------*
30 *
31 * $Log: check.c,v $
32 * Revision 1.5 1997/09/26 09:14:58 mdw
33 * Merged blowfish branch into trunk.
34 *
35 * Revision 1.4.2.1 1997/09/26 09:08:01 mdw
36 * Use the Blowfish encryption algorithm instead of IDEA. This is partly
37 * because I prefer Blowfish (without any particularly strong evidence) but
38 * mainly because IDEA is patented and Blowfish isn't.
39 *
40 * Revision 1.4 1997/08/07 09:52:05 mdw
41 * (Log entry for previous version is bogus.) Added support for multiple
42 * servers.
43 *
44 * Revision 1.2 1997/08/04 10:24:20 mdw
45 * Sources placed under CVS control.
46 *
47 * Revision 1.1 1997/07/21 13:47:53 mdw
48 * Initial revision
49 *
50 */
51
52 /*----- Header files ------------------------------------------------------*/
53
54 /* --- ANSI headers --- */
55
56 #include <ctype.h>
57 #include <errno.h>
58 #include <stdio.h>
59 #include <stdlib.h>
60 #include <string.h>
61 #include <time.h>
62
63 /* --- Unix headers --- */
64
65 #include <sys/time.h>
66 #include <sys/types.h>
67 #include <sys/socket.h>
68
69 #include <netinet/in.h>
70
71 #include <arpa/inet.h>
72
73 #include <netdb.h>
74 #include <unistd.h>
75
76 /* --- Local headers --- */
77
78 #include "become.h"
79 #include "blowfish.h"
80 #include "config.h"
81 #include "crypt.h"
82 #include "lexer.h"
83 #include "name.h"
84 #include "netg.h"
85 #include "rule.h"
86 #include "parser.h"
87 #include "tx.h"
88 #include "userdb.h"
89 #include "utils.h"
90
91 /*----- Main code ---------------------------------------------------------*/
92
93 /* --- @check__send@ --- *
94 *
95 * Arguments: @unsigned char *crq@ = pointer to encrypted request
96 * @int fd@ = socket to send from
97 * @struct sockaddr_in *serv@ = pointer to table of servers
98 * @size_t n_serv@ = number of servers
99 *
100 * Returns: ---
101 *
102 * Use: Sends the request packet to the list of servers. If the
103 * message couldn't be sent to any of them, an error is
104 * reported.
105 */
106
107 static void check__send(unsigned char *crq, int fd,
108 struct sockaddr_in *serv, size_t n_serv)
109 {
110 size_t i;
111 int ok = 0;
112 int err = 0;
113
114 for (i = 0; i < n_serv; i++) {
115 if (sendto(fd, (char *)crq, crq_size, 0,
116 (struct sockaddr *)(serv + i), sizeof(serv[i])) < 0) {
117 T( trace(TRACE_CLIENT, "client: send to %s failed: %s",
118 inet_ntoa(serv[i].sin_addr), strerror(errno)); )
119 err = errno;
120 } else
121 ok = 1;
122 }
123
124 if (!ok)
125 die("couldn't send request to server: %s", strerror(err));
126 }
127
128 /* --- @check__ask@ --- *
129 *
130 * Arguments: @request *rq@ = pointer to request buffer
131 * @struct sockaddr_in *serv@ = pointer to table of servers
132 * @size_t n_serv@ = number of servers
133 *
134 * Returns: Nonzero if OK, zero if forbidden
135 *
136 * Use: Contacts a number of servers to decide whether the request
137 * is OK.
138 */
139
140 static int check__ask(request *rq, struct sockaddr_in *serv, size_t n_serv)
141 {
142 int fd;
143 unsigned char crq[crq_size];
144 unsigned char sk[BLOWFISH_KEYSIZE];
145 time_t t;
146 pid_t pid;
147
148 /* --- First, build the encrypted request packet --- */
149
150 {
151 unsigned char k[BLOWFISH_KEYSIZE];
152 FILE *fp;
153
154 /* --- Read in the encryption key --- */
155
156 if ((fp = fopen(file_KEY, "r")) == 0) {
157 die("couldn't open key file `%s': %s", file_KEY,
158 strerror(errno));
159 }
160 tx_getBits(k, 128, fp);
161
162 /* --- Now build a request packet --- */
163
164 t = time(0);
165 pid = getpid();
166 crypt_packRequest(rq, crq, t, pid, k, sk);
167 burn(k);
168 T( trace(TRACE_CLIENT, "client: encrypted request packet"); )
169 }
170
171 /* --- Create my socket --- */
172
173 {
174 struct sockaddr_in sin;
175
176 if ((fd = socket(PF_INET, SOCK_DGRAM, 0)) < 0)
177 die("couldn't create socket: %s", strerror(errno));
178
179 /* --- Bind myself to some address --- */
180
181 sin.sin_family = AF_INET;
182 sin.sin_port = 0;
183 sin.sin_addr.s_addr = htonl(INADDR_ANY);
184
185 if (bind(fd, (struct sockaddr *)&sin, sizeof(sin)) < 0)
186 die("couldn't bind socket to address: %s", strerror(errno));
187 }
188
189 /* --- Now wait for a reply --- */
190
191 {
192 fd_set fds;
193 struct timeval start, now, tv;
194 int ind;
195 size_t i;
196
197 /* --- State table for waiting for replies --- *
198 *
199 * For each number, send off the request to our servers, and wait for
200 * that many seconds to have elapsed since we started. If the number is
201 * %$-1$% then it's time to give up.
202 */
203
204 static int tbl[] = { 0, 5, 10, 20, -1 };
205
206 /* --- Find out when we are --- */
207
208 gettimeofday(&start, 0);
209 ind = 0;
210
211 /* --- Now loop until everything's done --- */
212
213 for (;;) {
214 gettimeofday(&now, 0);
215
216 /* --- If the current timer has expired, find one that hasn't --- *
217 *
218 * Also resend the request after I've found a timer which is still
219 * extant. If there aren't any, report an error.
220 */
221
222 if (now.tv_sec >= start.tv_sec + tbl[ind] &&
223 now.tv_usec >= start.tv_usec) {
224 do {
225 ind++;
226 if (tbl[ind] < 0)
227 die("no reply from servers");
228 } while (now.tv_sec >= start.tv_sec + tbl[ind] &&
229 now.tv_usec >= start.tv_usec);
230 check__send(crq, fd, serv, n_serv);
231 T( trace(TRACE_CLIENT, "client: send request to servers"); )
232 }
233
234 /* --- Now wait for a packet to arrive --- */
235
236 if (now.tv_usec > start.tv_usec) {
237 now.tv_usec -= 1000000;
238 now.tv_sec += 1;
239 }
240 tv.tv_sec = start.tv_sec + tbl[ind] - now.tv_sec;
241 tv.tv_usec = start.tv_usec - now.tv_usec;
242
243 /* --- Sort out file descriptors to watch --- */
244
245 FD_ZERO(&fds);
246 FD_SET(fd, &fds);
247
248 /* --- Wait for them --- */
249
250 i = select(FD_SETSIZE, &fds, 0, 0, &tv);
251 if (i == 0 || (i < 0 && errno == EINTR))
252 continue;
253 if (i < 0)
254 die("error waiting for reply: %s", strerror(errno));
255
256 /* --- A reply should be waiting now --- */
257
258 {
259 struct sockaddr_in sin;
260 int slen = sizeof(sin);
261 unsigned char buff[256];
262 int answer;
263
264 /* --- Read the reply data --- */
265
266 if (recvfrom(fd, (char *)buff, sizeof(buff), 0,
267 (struct sockaddr *)&sin, &slen) < 0)
268 die("error reading server's reply: %s", strerror(errno));
269
270 IF_TRACING(TRACE_CLIENT, {
271 struct hostent *h = gethostbyaddr((char *)&sin.sin_addr,
272 sizeof(sin.sin_addr), AF_INET);
273 trace(TRACE_CLIENT, "client: reply received from %s port %i",
274 h ? h->h_name : inet_ntoa(sin.sin_addr),
275 ntohs(sin.sin_port));
276 })
277
278 /* --- Verify the sender --- *
279 *
280 * This is more to avoid confusion than for security: an active
281 * attacker is quite capable of forging the source address. We rely
282 * on the checksum in the reply packet for authentication.
283 */
284
285 for (i = 0; i < n_serv; i++) {
286 if (sin.sin_addr.s_addr == serv[i].sin_addr.s_addr &&
287 sin.sin_port == serv[i].sin_port)
288 break;
289 }
290 if (i >= n_serv) {
291 T( trace(TRACE_CLIENT, "client: reply from unknown host"); )
292 continue;
293 }
294
295 /* --- Unpack and verify the response --- */
296
297 answer = crypt_unpackReply(buff, sk, t, pid);
298 if (answer < 0) {
299 T( trace(TRACE_CLIENT,
300 "client: invalid or corrupt reply packet"); )
301 continue;
302 }
303 return (answer);
304 }
305 }
306 }
307
308 die("internal error: can't get here in check__ask");
309 return (0);
310 }
311
312 /* --- @check__client@ --- *
313 *
314 * Arguments: @request *rq@ = pointer to a request block
315 * @FILE *fp@ = file containing server configuration
316 *
317 * Returns: Nonzero if OK, zero if forbidden
318 *
319 * Use: Asks one or several servers whether a request is acceptable.
320 */
321
322 int check__client(request *rq, FILE *fp)
323 {
324 /* --- Format of the file --- *
325 *
326 * The `servers' file contains entries of the form
327 *
328 * %%\syntax{<host> [`:' <port>]}%%
329 *
330 * separates by whitespace. I build them all into an array of socket
331 * addresses and pass the whole lot to another function.
332 */
333
334 struct sockaddr_in *serv; /* Array of servers */
335 size_t n_serv, max_serv; /* Number and maximum number */
336
337 /* --- Initialise the server array --- */
338
339 T( trace(TRACE_CLIENT, "client: reading server definitions"); )
340 n_serv = 0; max_serv = 4; /* Four seems reasonable */
341 serv = xmalloc(sizeof(*serv) * max_serv);
342
343 /* --- Start reading the file --- */
344
345 {
346 char buff[256], *p, *l; /* A buffer and pointers for it */
347 int port; /* Default port for servers */
348 int state; /* Current parser state */
349 struct in_addr t_host; /* Temp place for an address*/
350 int t_port; /* Temp place for a port */
351 int ch; /* The current character */
352
353 /* --- Parser states --- */
354
355 enum {
356 st_start, /* Waiting to begin */
357 st_host, /* Reading a new hostname */
358 st_colon, /* Expecting a colon, maybe */
359 st_preport, /* Waiting before reading port */
360 st_port, /* Reading a port number */
361 st_commit, /* Commit a newly read server */
362 st_done /* Finished reading the file */
363 };
364
365 /* --- Find a default port --- */
366
367 {
368 struct servent *s = getservbyname(quis(), "udp");
369 port = (s ? s->s_port : -1);
370 }
371
372 /* --- Initialise for scanning the file --- */
373
374 state = st_host;
375 p = buff;
376 l = buff + sizeof(buff);
377 t_port = port;
378 ch = getc(fp);
379
380 /* --- Go for it --- */
381
382 while (state != st_done) {
383 switch (state) {
384
385 /* --- Initial whitespace before hostname --- */
386
387 case st_start:
388 if (ch == EOF)
389 state = st_done;
390 else if (isspace((unsigned char)ch))
391 ch = getc(fp);
392 else
393 state = st_host;
394 break;
395
396 /* --- Read a host name --- */
397
398 case st_host:
399 if (p == l)
400 die("string too long in `" file_SERVER "'");
401 if (ch != EOF && !isspace((unsigned char)ch) && ch != ':') {
402 *p++ = ch;
403 ch = getc(fp);
404 } else {
405 struct hostent *h;
406
407 *p++ = 0;
408 if ((h = gethostbyname(buff)) == 0)
409 die("unknown host `%s' in `" file_SERVER "'", buff);
410 memcpy(&t_host, h->h_addr, sizeof(t_host));
411 state = st_colon;
412 }
413 break;
414
415 /* --- Waiting for a colon coming up --- */
416
417 case st_colon:
418 if (ch == EOF)
419 state = st_commit;
420 else if (isspace((unsigned char)ch))
421 ch = getc(fp);
422 else if (ch == ':') {
423 state = st_preport;
424 ch = getc(fp);
425 }
426 else
427 state = st_commit;
428 break;
429
430 /* --- Clearing whitespace before a port number --- */
431
432 case st_preport:
433 if (ch == EOF)
434 state = st_commit;
435 else if (isspace((unsigned char)ch))
436 ch = getc(fp);
437 else {
438 state = st_port;
439 p = buff;
440 }
441 break;
442
443 /* --- Read a port number --- */
444
445 case st_port:
446 if (p == l)
447 die("string too long in `" file_SERVER "'");
448 if (ch != EOF && !isspace((unsigned char)ch) && ch != ':') {
449 *p++ = ch;
450 ch = getc(fp);
451 } else {
452 struct servent *s;
453
454 *p++ = 0;
455 s = getservbyname(buff, "udp");
456 if (!s && isdigit((unsigned char)buff[0]))
457 t_port = htons(atoi(buff));
458 else if (!s)
459 die("unknown service `%s' in `" file_SERVER "'", buff);
460 else
461 t_port = s->s_port;
462 state = st_commit;
463 }
464 break;
465
466 /* --- A server has been read successfully --- */
467
468 case st_commit:
469 if (n_serv == max_serv) {
470 max_serv *= 2;
471 serv = xrealloc(serv, max_serv * sizeof(*serv));
472 }
473 serv[n_serv].sin_family = AF_INET;
474 serv[n_serv].sin_addr = t_host;
475 serv[n_serv].sin_port = t_port;
476 n_serv++;
477 state = st_start;
478 p = buff;
479 t_port = port;
480 break;
481
482 /* --- A safety net for a broken parser --- */
483
484 default:
485 die("internal error: can't get here in check__client");
486 break;
487 }
488 }
489 }
490
491 fclose(fp);
492
493 /* --- Now start sending requests --- */
494
495 if (!n_serv)
496 die("no servers specified in `" file_SERVER "'");
497
498 IF_TRACING(TRACE_CLIENT, {
499 size_t i;
500
501 for (i = 0; i < n_serv; i++) {
502 trace(TRACE_CLIENT, "client: server %s port %i",
503 inet_ntoa(serv[i].sin_addr), ntohs(serv[i].sin_port));
504 }
505 })
506 return (check__ask(rq, serv, n_serv));
507 }
508
509 /* --- @check@ --- *
510 *
511 * Arguments: @request *rq@ = pointer to request buffer
512 *
513 * Returns: Nonzero if OK, zero if forbidden
514 *
515 * Use: Checks to see if the request is acceptable.
516 */
517
518 int check(request *rq)
519 {
520 FILE *fp;
521
522 /* --- Check if we need to talk to a server --- */
523
524 if ((fp = fopen(file_SERVER, "r")) != 0)
525 return (check__client(rq, fp));
526
527 /* --- Otherwise do this all the old-fashioned way --- */
528
529 if ((fp = fopen(file_RULES, "r")) == 0) {
530 die("couldn't read configuration file `%s': %s",
531 file_RULES, strerror(errno));
532 }
533
534 userdb_init();
535 userdb_local();
536 userdb_yp();
537 netg_init();
538 name_init();
539 rule_init();
540 lexer_scan(fp);
541 yyparse();
542
543 return (rule_check(rq));
544 }
545
546 /*----- That's all, folks -------------------------------------------------*/
Management for shared accounts