~mdw / become / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix copyright date.
[become] / src / check.c
1 /* -*-c-*-
2 *
3 * $Id: check.c,v 1.6 1998/01/12 16:45:47 mdw Exp $
4 *
5 * Check validity of requests
6 *
7 * (c) 1998 EBI
8 */
9
10 /*----- Licensing notice --------------------------------------------------*
11 *
12 * This file is part of `become'
13 *
14 * `Become' is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
18 *
19 * `Become' is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
23 *
24 * You should have received a copy of the GNU General Public License
25 * along with `become'; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 */
28
29 /*----- Revision history --------------------------------------------------*
30 *
31 * $Log: check.c,v $
32 * Revision 1.6 1998/01/12 16:45:47 mdw
33 * Fix copyright date.
34 *
35 * Revision 1.5 1997/09/26 09:14:58 mdw
36 * Merged blowfish branch into trunk.
37 *
38 * Revision 1.4.2.1 1997/09/26 09:08:01 mdw
39 * Use the Blowfish encryption algorithm instead of IDEA. This is partly
40 * because I prefer Blowfish (without any particularly strong evidence) but
41 * mainly because IDEA is patented and Blowfish isn't.
42 *
43 * Revision 1.4 1997/08/07 09:52:05 mdw
44 * (Log entry for previous version is bogus.) Added support for multiple
45 * servers.
46 *
47 * Revision 1.2 1997/08/04 10:24:20 mdw
48 * Sources placed under CVS control.
49 *
50 * Revision 1.1 1997/07/21 13:47:53 mdw
51 * Initial revision
52 *
53 */
54
55 /*----- Header files ------------------------------------------------------*/
56
57 /* --- ANSI headers --- */
58
59 #include <ctype.h>
60 #include <errno.h>
61 #include <stdio.h>
62 #include <stdlib.h>
63 #include <string.h>
64 #include <time.h>
65
66 /* --- Unix headers --- */
67
68 #include <sys/time.h>
69 #include <sys/types.h>
70 #include <sys/socket.h>
71
72 #include <netinet/in.h>
73
74 #include <arpa/inet.h>
75
76 #include <netdb.h>
77 #include <unistd.h>
78
79 /* --- Local headers --- */
80
81 #include "become.h"
82 #include "blowfish.h"
83 #include "config.h"
84 #include "crypt.h"
85 #include "lexer.h"
86 #include "name.h"
87 #include "netg.h"
88 #include "rule.h"
89 #include "parser.h"
90 #include "tx.h"
91 #include "userdb.h"
92 #include "utils.h"
93
94 /*----- Main code ---------------------------------------------------------*/
95
96 /* --- @check__send@ --- *
97 *
98 * Arguments: @unsigned char *crq@ = pointer to encrypted request
99 * @int fd@ = socket to send from
100 * @struct sockaddr_in *serv@ = pointer to table of servers
101 * @size_t n_serv@ = number of servers
102 *
103 * Returns: ---
104 *
105 * Use: Sends the request packet to the list of servers. If the
106 * message couldn't be sent to any of them, an error is
107 * reported.
108 */
109
110 static void check__send(unsigned char *crq, int fd,
111 struct sockaddr_in *serv, size_t n_serv)
112 {
113 size_t i;
114 int ok = 0;
115 int err = 0;
116
117 for (i = 0; i < n_serv; i++) {
118 if (sendto(fd, (char *)crq, crq_size, 0,
119 (struct sockaddr *)(serv + i), sizeof(serv[i])) < 0) {
120 T( trace(TRACE_CLIENT, "client: send to %s failed: %s",
121 inet_ntoa(serv[i].sin_addr), strerror(errno)); )
122 err = errno;
123 } else
124 ok = 1;
125 }
126
127 if (!ok)
128 die("couldn't send request to server: %s", strerror(err));
129 }
130
131 /* --- @check__ask@ --- *
132 *
133 * Arguments: @request *rq@ = pointer to request buffer
134 * @struct sockaddr_in *serv@ = pointer to table of servers
135 * @size_t n_serv@ = number of servers
136 *
137 * Returns: Nonzero if OK, zero if forbidden
138 *
139 * Use: Contacts a number of servers to decide whether the request
140 * is OK.
141 */
142
143 static int check__ask(request *rq, struct sockaddr_in *serv, size_t n_serv)
144 {
145 int fd;
146 unsigned char crq[crq_size];
147 unsigned char sk[BLOWFISH_KEYSIZE];
148 time_t t;
149 pid_t pid;
150
151 /* --- First, build the encrypted request packet --- */
152
153 {
154 unsigned char k[BLOWFISH_KEYSIZE];
155 FILE *fp;
156
157 /* --- Read in the encryption key --- */
158
159 if ((fp = fopen(file_KEY, "r")) == 0) {
160 die("couldn't open key file `%s': %s", file_KEY,
161 strerror(errno));
162 }
163 tx_getBits(k, 128, fp);
164
165 /* --- Now build a request packet --- */
166
167 t = time(0);
168 pid = getpid();
169 crypt_packRequest(rq, crq, t, pid, k, sk);
170 burn(k);
171 T( trace(TRACE_CLIENT, "client: encrypted request packet"); )
172 }
173
174 /* --- Create my socket --- */
175
176 {
177 struct sockaddr_in sin;
178
179 if ((fd = socket(PF_INET, SOCK_DGRAM, 0)) < 0)
180 die("couldn't create socket: %s", strerror(errno));
181
182 /* --- Bind myself to some address --- */
183
184 sin.sin_family = AF_INET;
185 sin.sin_port = 0;
186 sin.sin_addr.s_addr = htonl(INADDR_ANY);
187
188 if (bind(fd, (struct sockaddr *)&sin, sizeof(sin)) < 0)
189 die("couldn't bind socket to address: %s", strerror(errno));
190 }
191
192 /* --- Now wait for a reply --- */
193
194 {
195 fd_set fds;
196 struct timeval start, now, tv;
197 int ind;
198 size_t i;
199
200 /* --- State table for waiting for replies --- *
201 *
202 * For each number, send off the request to our servers, and wait for
203 * that many seconds to have elapsed since we started. If the number is
204 * %$-1$% then it's time to give up.
205 */
206
207 static int tbl[] = { 0, 5, 10, 20, -1 };
208
209 /* --- Find out when we are --- */
210
211 gettimeofday(&start, 0);
212 ind = 0;
213
214 /* --- Now loop until everything's done --- */
215
216 for (;;) {
217 gettimeofday(&now, 0);
218
219 /* --- If the current timer has expired, find one that hasn't --- *
220 *
221 * Also resend the request after I've found a timer which is still
222 * extant. If there aren't any, report an error.
223 */
224
225 if (now.tv_sec >= start.tv_sec + tbl[ind] &&
226 now.tv_usec >= start.tv_usec) {
227 do {
228 ind++;
229 if (tbl[ind] < 0)
230 die("no reply from servers");
231 } while (now.tv_sec >= start.tv_sec + tbl[ind] &&
232 now.tv_usec >= start.tv_usec);
233 check__send(crq, fd, serv, n_serv);
234 T( trace(TRACE_CLIENT, "client: send request to servers"); )
235 }
236
237 /* --- Now wait for a packet to arrive --- */
238
239 if (now.tv_usec > start.tv_usec) {
240 now.tv_usec -= 1000000;
241 now.tv_sec += 1;
242 }
243 tv.tv_sec = start.tv_sec + tbl[ind] - now.tv_sec;
244 tv.tv_usec = start.tv_usec - now.tv_usec;
245
246 /* --- Sort out file descriptors to watch --- */
247
248 FD_ZERO(&fds);
249 FD_SET(fd, &fds);
250
251 /* --- Wait for them --- */
252
253 i = select(FD_SETSIZE, &fds, 0, 0, &tv);
254 if (i == 0 || (i < 0 && errno == EINTR))
255 continue;
256 if (i < 0)
257 die("error waiting for reply: %s", strerror(errno));
258
259 /* --- A reply should be waiting now --- */
260
261 {
262 struct sockaddr_in sin;
263 int slen = sizeof(sin);
264 unsigned char buff[256];
265 int answer;
266
267 /* --- Read the reply data --- */
268
269 if (recvfrom(fd, (char *)buff, sizeof(buff), 0,
270 (struct sockaddr *)&sin, &slen) < 0)
271 die("error reading server's reply: %s", strerror(errno));
272
273 IF_TRACING(TRACE_CLIENT, {
274 struct hostent *h = gethostbyaddr((char *)&sin.sin_addr,
275 sizeof(sin.sin_addr), AF_INET);
276 trace(TRACE_CLIENT, "client: reply received from %s port %i",
277 h ? h->h_name : inet_ntoa(sin.sin_addr),
278 ntohs(sin.sin_port));
279 })
280
281 /* --- Verify the sender --- *
282 *
283 * This is more to avoid confusion than for security: an active
284 * attacker is quite capable of forging the source address. We rely
285 * on the checksum in the reply packet for authentication.
286 */
287
288 for (i = 0; i < n_serv; i++) {
289 if (sin.sin_addr.s_addr == serv[i].sin_addr.s_addr &&
290 sin.sin_port == serv[i].sin_port)
291 break;
292 }
293 if (i >= n_serv) {
294 T( trace(TRACE_CLIENT, "client: reply from unknown host"); )
295 continue;
296 }
297
298 /* --- Unpack and verify the response --- */
299
300 answer = crypt_unpackReply(buff, sk, t, pid);
301 if (answer < 0) {
302 T( trace(TRACE_CLIENT,
303 "client: invalid or corrupt reply packet"); )
304 continue;
305 }
306 return (answer);
307 }
308 }
309 }
310
311 die("internal error: can't get here in check__ask");
312 return (0);
313 }
314
315 /* --- @check__client@ --- *
316 *
317 * Arguments: @request *rq@ = pointer to a request block
318 * @FILE *fp@ = file containing server configuration
319 *
320 * Returns: Nonzero if OK, zero if forbidden
321 *
322 * Use: Asks one or several servers whether a request is acceptable.
323 */
324
325 int check__client(request *rq, FILE *fp)
326 {
327 /* --- Format of the file --- *
328 *
329 * The `servers' file contains entries of the form
330 *
331 * %%\syntax{<host> [`:' <port>]}%%
332 *
333 * separates by whitespace. I build them all into an array of socket
334 * addresses and pass the whole lot to another function.
335 */
336
337 struct sockaddr_in *serv; /* Array of servers */
338 size_t n_serv, max_serv; /* Number and maximum number */
339
340 /* --- Initialise the server array --- */
341
342 T( trace(TRACE_CLIENT, "client: reading server definitions"); )
343 n_serv = 0; max_serv = 4; /* Four seems reasonable */
344 serv = xmalloc(sizeof(*serv) * max_serv);
345
346 /* --- Start reading the file --- */
347
348 {
349 char buff[256], *p, *l; /* A buffer and pointers for it */
350 int port; /* Default port for servers */
351 int state; /* Current parser state */
352 struct in_addr t_host; /* Temp place for an address*/
353 int t_port; /* Temp place for a port */
354 int ch; /* The current character */
355
356 /* --- Parser states --- */
357
358 enum {
359 st_start, /* Waiting to begin */
360 st_host, /* Reading a new hostname */
361 st_colon, /* Expecting a colon, maybe */
362 st_preport, /* Waiting before reading port */
363 st_port, /* Reading a port number */
364 st_commit, /* Commit a newly read server */
365 st_done /* Finished reading the file */
366 };
367
368 /* --- Find a default port --- */
369
370 {
371 struct servent *s = getservbyname(quis(), "udp");
372 port = (s ? s->s_port : -1);
373 }
374
375 /* --- Initialise for scanning the file --- */
376
377 state = st_host;
378 p = buff;
379 l = buff + sizeof(buff);
380 t_port = port;
381 ch = getc(fp);
382
383 /* --- Go for it --- */
384
385 while (state != st_done) {
386 switch (state) {
387
388 /* --- Initial whitespace before hostname --- */
389
390 case st_start:
391 if (ch == EOF)
392 state = st_done;
393 else if (isspace((unsigned char)ch))
394 ch = getc(fp);
395 else
396 state = st_host;
397 break;
398
399 /* --- Read a host name --- */
400
401 case st_host:
402 if (p == l)
403 die("string too long in `" file_SERVER "'");
404 if (ch != EOF && !isspace((unsigned char)ch) && ch != ':') {
405 *p++ = ch;
406 ch = getc(fp);
407 } else {
408 struct hostent *h;
409
410 *p++ = 0;
411 if ((h = gethostbyname(buff)) == 0)
412 die("unknown host `%s' in `" file_SERVER "'", buff);
413 memcpy(&t_host, h->h_addr, sizeof(t_host));
414 state = st_colon;
415 }
416 break;
417
418 /* --- Waiting for a colon coming up --- */
419
420 case st_colon:
421 if (ch == EOF)
422 state = st_commit;
423 else if (isspace((unsigned char)ch))
424 ch = getc(fp);
425 else if (ch == ':') {
426 state = st_preport;
427 ch = getc(fp);
428 }
429 else
430 state = st_commit;
431 break;
432
433 /* --- Clearing whitespace before a port number --- */
434
435 case st_preport:
436 if (ch == EOF)
437 state = st_commit;
438 else if (isspace((unsigned char)ch))
439 ch = getc(fp);
440 else {
441 state = st_port;
442 p = buff;
443 }
444 break;
445
446 /* --- Read a port number --- */
447
448 case st_port:
449 if (p == l)
450 die("string too long in `" file_SERVER "'");
451 if (ch != EOF && !isspace((unsigned char)ch) && ch != ':') {
452 *p++ = ch;
453 ch = getc(fp);
454 } else {
455 struct servent *s;
456
457 *p++ = 0;
458 s = getservbyname(buff, "udp");
459 if (!s && isdigit((unsigned char)buff[0]))
460 t_port = htons(atoi(buff));
461 else if (!s)
462 die("unknown service `%s' in `" file_SERVER "'", buff);
463 else
464 t_port = s->s_port;
465 state = st_commit;
466 }
467 break;
468
469 /* --- A server has been read successfully --- */
470
471 case st_commit:
472 if (n_serv == max_serv) {
473 max_serv *= 2;
474 serv = xrealloc(serv, max_serv * sizeof(*serv));
475 }
476 serv[n_serv].sin_family = AF_INET;
477 serv[n_serv].sin_addr = t_host;
478 serv[n_serv].sin_port = t_port;
479 n_serv++;
480 state = st_start;
481 p = buff;
482 t_port = port;
483 break;
484
485 /* --- A safety net for a broken parser --- */
486
487 default:
488 die("internal error: can't get here in check__client");
489 break;
490 }
491 }
492 }
493
494 fclose(fp);
495
496 /* --- Now start sending requests --- */
497
498 if (!n_serv)
499 die("no servers specified in `" file_SERVER "'");
500
501 IF_TRACING(TRACE_CLIENT, {
502 size_t i;
503
504 for (i = 0; i < n_serv; i++) {
505 trace(TRACE_CLIENT, "client: server %s port %i",
506 inet_ntoa(serv[i].sin_addr), ntohs(serv[i].sin_port));
507 }
508 })
509 return (check__ask(rq, serv, n_serv));
510 }
511
512 /* --- @check@ --- *
513 *
514 * Arguments: @request *rq@ = pointer to request buffer
515 *
516 * Returns: Nonzero if OK, zero if forbidden
517 *
518 * Use: Checks to see if the request is acceptable.
519 */
520
521 int check(request *rq)
522 {
523 FILE *fp;
524
525 /* --- Check if we need to talk to a server --- */
526
527 if ((fp = fopen(file_SERVER, "r")) != 0)
528 return (check__client(rq, fp));
529
530 /* --- Otherwise do this all the old-fashioned way --- */
531
532 if ((fp = fopen(file_RULES, "r")) == 0) {
533 die("couldn't read configuration file `%s': %s",
534 file_RULES, strerror(errno));
535 }
536
537 userdb_init();
538 userdb_local();
539 userdb_yp();
540 netg_init();
541 name_init();
542 rule_init();
543 lexer_scan(fp);
544 yyparse();
545
546 return (rule_check(rq));
547 }
548
549 /*----- That's all, folks -------------------------------------------------*/
Management for shared accounts