3 * $Id: check.c,v 1.10 1999/05/04 16:17:12 mdw Exp $
5 * Check validity of requests
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of `become'
14 * `Become' is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
19 * `Become' is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with `become'; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
29 /*----- Revision history --------------------------------------------------*
32 * Revision 1.10 1999/05/04 16:17:12 mdw
33 * Change to header file name for parser. See log for `parse.h' for
36 * Revision 1.9 1998/06/19 13:48:16 mdw
37 * Set close-on-exec flag for UDP socket.
39 * Revision 1.8 1998/06/18 15:10:44 mdw
40 * SECURITY HOLE: the file descriptor for the secret key was left open and
41 * inherited by the target process. This is now fixed. Also set
42 * close-on-exec flags on key file, close config file carefully, and close
43 * UDP socket after receiving reply from server.
45 * Revision 1.7 1998/04/23 13:22:08 mdw
46 * Support no-network configuration option, and new interface to
47 * configuration file parser.
49 * Revision 1.6 1998/01/12 16:45:47 mdw
52 * Revision 1.5 1997/09/26 09:14:58 mdw
53 * Merged blowfish branch into trunk.
55 * Revision 1.4.2.1 1997/09/26 09:08:01 mdw
56 * Use the Blowfish encryption algorithm instead of IDEA. This is partly
57 * because I prefer Blowfish (without any particularly strong evidence) but
58 * mainly because IDEA is patented and Blowfish isn't.
60 * Revision 1.4 1997/08/07 09:52:05 mdw
61 * (Log entry for previous version is bogus.) Added support for multiple
64 * Revision 1.2 1997/08/04 10:24:20 mdw
65 * Sources placed under CVS control.
67 * Revision 1.1 1997/07/21 13:47:53 mdw
72 /*----- Header files ------------------------------------------------------*/
74 /* --- ANSI headers --- */
83 /* --- Unix headers --- */
86 #include <sys/types.h>
87 #include <sys/socket.h>
89 #include <netinet/in.h>
91 #include <arpa/inet.h>
97 /* --- Local headers --- */
100 #include "blowfish.h"
112 /*----- Client-end network support ----------------------------------------*/
116 /* --- @check__send@ --- *
118 * Arguments: @unsigned char *crq@ = pointer to encrypted request
119 * @int fd@ = socket to send from
120 * @struct sockaddr_in *serv@ = pointer to table of servers
121 * @size_t n_serv@ = number of servers
125 * Use: Sends the request packet to the list of servers. If the
126 * message couldn't be sent to any of them, an error is
130 static void check__send(unsigned char *crq
, int fd
,
131 struct sockaddr_in
*serv
, size_t n_serv
)
137 for (i
= 0; i
< n_serv
; i
++) {
138 if (sendto(fd
, (char *)crq
, crq_size
, 0,
139 (struct sockaddr
*)(serv
+ i
), sizeof(serv
[i
])) < 0) {
140 T( trace(TRACE_CLIENT
, "client: send to %s failed: %s",
141 inet_ntoa(serv
[i
].sin_addr
), strerror(errno
)); )
148 die("couldn't send request to server: %s", strerror(err
));
151 /* --- @check__ask@ --- *
153 * Arguments: @request *rq@ = pointer to request buffer
154 * @struct sockaddr_in *serv@ = pointer to table of servers
155 * @size_t n_serv@ = number of servers
157 * Returns: Nonzero if OK, zero if forbidden
159 * Use: Contacts a number of servers to decide whether the request
163 static int check__ask(request
*rq
, struct sockaddr_in
*serv
, size_t n_serv
)
166 unsigned char crq
[crq_size
];
167 unsigned char sk
[BLOWFISH_KEYSIZE
];
171 /* --- First, build the encrypted request packet --- */
174 unsigned char k
[BLOWFISH_KEYSIZE
];
177 /* --- Read in the encryption key --- */
179 if ((fp
= fopen(file_KEY
, "r")) == 0) {
180 die("couldn't open key file `%s': %s", file_KEY
,
183 if (fcntl(fileno(fp
), F_SETFD
, 1) < 0) {
184 die("couldn't set close-on-exec on key file `%s': %s", file_KEY
,
187 tx_getBits(k
, 128, fp
);
190 /* --- Now build a request packet --- */
194 crypt_packRequest(rq
, crq
, t
, pid
, k
, sk
);
196 T( trace(TRACE_CLIENT
, "client: encrypted request packet"); )
199 /* --- Create my socket --- */
202 struct sockaddr_in sin
;
204 if ((fd
= socket(PF_INET
, SOCK_DGRAM
, 0)) < 0)
205 die("couldn't create socket: %s", strerror(errno
));
206 if (fcntl(fd
, F_SETFD
, 1) < 0)
207 die("couldn't set close-on-exec flag for socket: %s", strerror(errno
));
209 /* --- Bind myself to some address --- */
211 sin
.sin_family
= AF_INET
;
213 sin
.sin_addr
.s_addr
= htonl(INADDR_ANY
);
215 if (bind(fd
, (struct sockaddr
*)&sin
, sizeof(sin
)) < 0)
216 die("couldn't bind socket to address: %s", strerror(errno
));
219 /* --- Now wait for a reply --- */
223 struct timeval start
, now
, tv
;
227 /* --- State table for waiting for replies --- *
229 * For each number, send off the request to our servers, and wait for
230 * that many seconds to have elapsed since we started. If the number is
231 * %$-1$% then it's time to give up.
234 static int tbl
[] = { 0, 5, 10, 20, -1 };
236 /* --- Find out when we are --- */
238 gettimeofday(&start
, 0);
241 /* --- Now loop until everything's done --- */
244 gettimeofday(&now
, 0);
246 /* --- If the current timer has expired, find one that hasn't --- *
248 * Also resend the request after I've found a timer which is still
249 * extant. If there aren't any, report an error.
252 if (now
.tv_sec
>= start
.tv_sec
+ tbl
[ind
] &&
253 now
.tv_usec
>= start
.tv_usec
) {
257 die("no reply from servers");
258 } while (now
.tv_sec
>= start
.tv_sec
+ tbl
[ind
] &&
259 now
.tv_usec
>= start
.tv_usec
);
260 check__send(crq
, fd
, serv
, n_serv
);
261 T( trace(TRACE_CLIENT
, "client: send request to servers"); )
264 /* --- Now wait for a packet to arrive --- */
266 if (now
.tv_usec
> start
.tv_usec
) {
267 now
.tv_usec
-= 1000000;
270 tv
.tv_sec
= start
.tv_sec
+ tbl
[ind
] - now
.tv_sec
;
271 tv
.tv_usec
= start
.tv_usec
- now
.tv_usec
;
273 /* --- Sort out file descriptors to watch --- */
278 /* --- Wait for them --- */
280 i
= select(FD_SETSIZE
, &fds
, 0, 0, &tv
);
281 if (i
== 0 || (i
< 0 && errno
== EINTR
))
284 die("error waiting for reply: %s", strerror(errno
));
286 /* --- A reply should be waiting now --- */
289 struct sockaddr_in sin
;
290 int slen
= sizeof(sin
);
291 unsigned char buff
[256];
294 /* --- Read the reply data --- */
296 if (recvfrom(fd
, (char *)buff
, sizeof(buff
), 0,
297 (struct sockaddr
*)&sin
, &slen
) < 0)
298 die("error reading server's reply: %s", strerror(errno
));
300 IF_TRACING(TRACE_CLIENT
, {
301 struct hostent
*h
= gethostbyaddr((char *)&sin
.sin_addr
,
302 sizeof(sin
.sin_addr
), AF_INET
);
303 trace(TRACE_CLIENT
, "client: reply received from %s port %i",
304 h ? h
->h_name
: inet_ntoa(sin
.sin_addr
),
305 ntohs(sin
.sin_port
));
308 /* --- Verify the sender --- *
310 * This is more to avoid confusion than for security: an active
311 * attacker is quite capable of forging the source address. We rely
312 * on the checksum in the reply packet for authentication.
315 for (i
= 0; i
< n_serv
; i
++) {
316 if (sin
.sin_addr
.s_addr
== serv
[i
].sin_addr
.s_addr
&&
317 sin
.sin_port
== serv
[i
].sin_port
)
321 T( trace(TRACE_CLIENT
, "client: reply from unknown host"); )
325 /* --- Unpack and verify the response --- */
327 answer
= crypt_unpackReply(buff
, sk
, t
, pid
);
329 T( trace(TRACE_CLIENT
,
330 "client: invalid or corrupt reply packet"); )
339 die("internal error: can't get here in check__ask");
343 /* --- @check__client@ --- *
345 * Arguments: @request *rq@ = pointer to a request block
346 * @FILE *fp@ = file containing server configuration
348 * Returns: Nonzero if OK, zero if forbidden
350 * Use: Asks one or several servers whether a request is acceptable.
353 int check__client(request
*rq
, FILE *fp
)
355 /* --- Format of the file --- *
357 * The `servers' file contains entries of the form
359 * %%\syntax{<host> [`:' <port>]}%%
361 * separates by whitespace. I build them all into an array of socket
362 * addresses and pass the whole lot to another function.
365 struct sockaddr_in
*serv
; /* Array of servers */
366 size_t n_serv
, max_serv
; /* Number and maximum number */
368 /* --- Initialise the server array --- */
370 T( trace(TRACE_CLIENT
, "client: reading server definitions"); )
371 n_serv
= 0; max_serv
= 4; /* Four seems reasonable */
372 serv
= xmalloc(sizeof(*serv
) * max_serv
);
374 /* --- Start reading the file --- */
377 char buff
[256], *p
, *l
; /* A buffer and pointers for it */
378 int port
; /* Default port for servers */
379 int state
; /* Current parser state */
380 struct in_addr t_host
; /* Temp place for an address*/
381 int t_port
; /* Temp place for a port */
382 int ch
; /* The current character */
384 /* --- Parser states --- */
387 st_start
, /* Waiting to begin */
388 st_host
, /* Reading a new hostname */
389 st_colon
, /* Expecting a colon, maybe */
390 st_preport
, /* Waiting before reading port */
391 st_port
, /* Reading a port number */
392 st_commit
, /* Commit a newly read server */
393 st_done
/* Finished reading the file */
396 /* --- Find a default port --- */
399 struct servent
*s
= getservbyname(quis(), "udp");
400 port
= (s ? s
->s_port
: -1);
403 /* --- Initialise for scanning the file --- */
407 l
= buff
+ sizeof(buff
);
411 /* --- Go for it --- */
413 while (state
!= st_done
) {
416 /* --- Initial whitespace before hostname --- */
421 else if (isspace((unsigned char)ch
))
427 /* --- Read a host name --- */
431 die("string too long in `" file_SERVER
"'");
432 if (ch
!= EOF
&& !isspace((unsigned char)ch
) && ch
!= ':') {
439 if ((h
= gethostbyname(buff
)) == 0)
440 die("unknown host `%s' in `" file_SERVER
"'", buff
);
441 memcpy(&t_host
, h
->h_addr
, sizeof(t_host
));
446 /* --- Waiting for a colon coming up --- */
451 else if (isspace((unsigned char)ch
))
453 else if (ch
== ':') {
461 /* --- Clearing whitespace before a port number --- */
466 else if (isspace((unsigned char)ch
))
474 /* --- Read a port number --- */
478 die("string too long in `" file_SERVER
"'");
479 if (ch
!= EOF
&& !isspace((unsigned char)ch
) && ch
!= ':') {
486 s
= getservbyname(buff
, "udp");
487 if (!s
&& isdigit((unsigned char)buff
[0]))
488 t_port
= htons(atoi(buff
));
490 die("unknown service `%s' in `" file_SERVER
"'", buff
);
497 /* --- A server has been read successfully --- */
500 if (n_serv
== max_serv
) {
502 serv
= xrealloc(serv
, max_serv
* sizeof(*serv
));
504 serv
[n_serv
].sin_family
= AF_INET
;
505 serv
[n_serv
].sin_addr
= t_host
;
506 serv
[n_serv
].sin_port
= t_port
;
513 /* --- A safety net for a broken parser --- */
516 die("internal error: can't get here in check__client");
524 /* --- Now start sending requests --- */
527 die("no servers specified in `" file_SERVER
"'");
529 IF_TRACING(TRACE_CLIENT
, {
532 for (i
= 0; i
< n_serv
; i
++) {
533 trace(TRACE_CLIENT
, "client: server %s port %i",
534 inet_ntoa(serv
[i
].sin_addr
), ntohs(serv
[i
].sin_port
));
537 return (check__ask(rq
, serv
, n_serv
));
542 /*----- Main checking function --------------------------------------------*/
546 * Arguments: @request *rq@ = pointer to request buffer
548 * Returns: Nonzero if OK, zero if forbidden
550 * Use: Checks to see if the request is acceptable.
553 int check(request
*rq
)
557 /* --- Check if we need to talk to a server --- */
560 if ((fp
= fopen(file_SERVER
, "r")) != 0)
561 return (check__client(rq
, fp
));
564 /* --- Otherwise do this all the old-fashioned way --- */
566 if ((fp
= fopen(file_RULES
, "r")) == 0) {
567 die("couldn't read configuration file `%s': %s",
568 file_RULES
, strerror(errno
));
581 return (rule_check(rq
));
584 /*----- That's all, folks -------------------------------------------------*/