ed561a7f1a129f1720a3eb8b6c52512fb20e219e
3 * $Id: check.c,v 1.12 2003/11/29 23:39:16 mdw Exp $
5 * Check validity of requests
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of `become'
14 * `Become' is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
19 * `Become' is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with `become'; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
29 /*----- Revision history --------------------------------------------------*
32 * Revision 1.12 2003/11/29 23:39:16 mdw
35 * Revision 1.11 2003/10/12 00:14:55 mdw
36 * Major overhaul. Now uses DSA signatures rather than the bogus symmetric
37 * encrypt-and-hope thing. Integrated with mLib and Catacomb.
39 * Revision 1.10 1999/05/04 16:17:12 mdw
40 * Change to header file name for parser. See log for `parse.h' for
43 * Revision 1.9 1998/06/19 13:48:16 mdw
44 * Set close-on-exec flag for UDP socket.
46 * Revision 1.8 1998/06/18 15:10:44 mdw
47 * SECURITY HOLE: the file descriptor for the secret key was left open and
48 * inherited by the target process. This is now fixed. Also set
49 * close-on-exec flags on key file, close config file carefully, and close
50 * UDP socket after receiving reply from server.
52 * Revision 1.7 1998/04/23 13:22:08 mdw
53 * Support no-network configuration option, and new interface to
54 * configuration file parser.
56 * Revision 1.6 1998/01/12 16:45:47 mdw
59 * Revision 1.5 1997/09/26 09:14:58 mdw
60 * Merged blowfish branch into trunk.
62 * Revision 1.4.2.1 1997/09/26 09:08:01 mdw
63 * Use the Blowfish encryption algorithm instead of IDEA. This is partly
64 * because I prefer Blowfish (without any particularly strong evidence) but
65 * mainly because IDEA is patented and Blowfish isn't.
67 * Revision 1.4 1997/08/07 09:52:05 mdw
68 * (Log entry for previous version is bogus.) Added support for multiple
71 * Revision 1.2 1997/08/04 10:24:20 mdw
72 * Sources placed under CVS control.
74 * Revision 1.1 1997/07/21 13:47:53 mdw
79 /*----- Header files ------------------------------------------------------*/
81 /* --- ANSI headers --- */
90 /* --- Unix headers --- */
93 #include <sys/types.h>
94 #include <sys/socket.h>
96 #include <netinet/in.h>
98 #include <arpa/inet.h>
104 /* --- mLib headers --- */
106 #include <mLib/alloc.h>
107 #include <mLib/quis.h>
108 #include <mLib/report.h>
109 #include <mLib/sym.h>
110 #include <mLib/trace.h>
112 /* --- Catacomb headers --- */
114 #include <catacomb/buf.h>
115 #include <catacomb/dsa.h>
116 #include <catacomb/key.h>
117 #include <catacomb/mp.h>
118 #include <catacomb/noise.h>
119 #include <catacomb/rand.h>
120 #include <catacomb/sha.h>
122 /* --- Local headers --- */
133 /*----- Client-end network support ----------------------------------------*/
137 /* --- @check__send@ --- *
139 * Arguments: @char *buf@ = pointer to encrypted request
140 * @size_t sz@ = size of request
141 * @int fd@ = socket to send from
142 * @struct sockaddr_in *serv@ = pointer to table of servers
143 * @size_t n_serv@ = number of servers
147 * Use: Sends the request packet to the list of servers. If the
148 * message couldn't be sent to any of them, an error is
152 static void check__send(char *buf
, size_t sz
, int fd
,
153 struct sockaddr_in
*serv
, size_t n_serv
)
159 for (i
= 0; i
< n_serv
; i
++) {
160 if (sendto(fd
, buf
, sz
, 0,
161 (struct sockaddr
*)(serv
+ i
), sizeof(serv
[i
])) < 0) {
162 T( trace(TRACE_CLIENT
, "client: send to %s failed: %s",
163 inet_ntoa(serv
[i
].sin_addr
), strerror(errno
)); )
170 die(1, "couldn't send request to server: %s", strerror(err
));
173 /* --- @check__ask@ --- *
175 * Arguments: @request *rq@ = pointer to request buffer
176 * @struct sockaddr_in *serv@ = pointer to table of servers
177 * @size_t n_serv@ = number of servers
179 * Returns: Nonzero if OK, zero if forbidden
181 * Use: Contacts a number of servers to decide whether the request
185 static int check__ask(request
*rq
, struct sockaddr_in
*serv
, size_t n_serv
)
187 static int tbl
[] = { 0, 5, 10, 20, -1 };
189 char buff
[2048], rbuff
[2048];
191 octet hmsg
[SHA_HASHSZ
];
193 key_packstruct kps
[DSA_PUBFETCHSZ
];
199 struct sockaddr_in sin
;
204 struct timeval start
, now
, tv
;
212 /* --- Open the public keyring --- */
214 if ((key_open(&f
, file_PUBKEY
, KOPEN_READ
, key_moan
, 0)) != 0)
215 die(1, "couldn't open public keyring");
216 kp
= key_fetchinit(dsa_pubfetch
, kps
, &kpub
);
218 /* --- Build the request packet --- */
220 rand_noisesrc(RAND_GLOBAL
, &noise_source
);
221 rand_seed(RAND_GLOBAL
, 160);
222 buf_init(&b
, buff
, sizeof(buff
));
223 rand_get(RAND_GLOBAL
, buf_get(&b
, SHA_HASHSZ
), SHA_HASHSZ
);
224 buf_putu32(&b
, rq
->from
);
225 buf_putu32(&b
, rq
->to
);
226 buf_putu16(&b
, strlen(rq
->cmd
));
227 buf_put(&b
, rq
->cmd
, strlen(rq
->cmd
));
230 sha_hash(&hc
, buff
, rqlen
);
233 /* --- Create my socket --- */
235 if ((fd
= socket(PF_INET
, SOCK_DGRAM
, 0)) < 0)
236 die(1, "couldn't create socket: %s", strerror(errno
));
237 if (fcntl(fd
, F_SETFD
, 1) < 0)
238 die(1, "couldn't set close-on-exec flag for socket: %s", strerror(errno
));
240 /* --- Bind myself to some address --- */
242 sin
.sin_family
= AF_INET
;
244 sin
.sin_addr
.s_addr
= htonl(INADDR_ANY
);
246 if (bind(fd
, (struct sockaddr
*)&sin
, sizeof(sin
)) < 0)
247 die(1, "couldn't bind socket to address: %s", strerror(errno
));
249 /* --- Find out when we are --- */
251 gettimeofday(&start
, 0);
254 /* --- Now loop until everything's done --- */
257 gettimeofday(&now
, 0);
259 /* --- If the current timer has expired, find one that hasn't --- *
261 * Also resend the request after I've found a timer which is still
262 * extant. If there aren't any, report an error.
265 if (now
.tv_sec
>= start
.tv_sec
+ tbl
[ind
] &&
266 now
.tv_usec
>= start
.tv_usec
) {
270 die(1, "no reply from servers");
271 } while (now
.tv_sec
>= start
.tv_sec
+ tbl
[ind
] &&
272 now
.tv_usec
>= start
.tv_usec
);
273 check__send(buff
, rqlen
, fd
, serv
, n_serv
);
274 T( trace(TRACE_CLIENT
, "client: send request to servers"); )
277 /* --- Now wait for a packet to arrive --- */
279 if (now
.tv_usec
> start
.tv_usec
) {
280 now
.tv_usec
-= 1000000;
283 tv
.tv_sec
= start
.tv_sec
+ tbl
[ind
] - now
.tv_sec
;
284 tv
.tv_usec
= start
.tv_usec
- now
.tv_usec
;
286 /* --- Sort out file descriptors to watch --- */
291 /* --- Wait for them --- */
293 i
= select(FD_SETSIZE
, &fds
, 0, 0, &tv
);
294 if (i
== 0 || (i
< 0 && errno
== EINTR
))
297 die(1, "error waiting for reply: %s", strerror(errno
));
299 /* --- Read the reply data --- */
302 if ((sz
= recvfrom(fd
, (char *)rbuff
, sizeof(rbuff
), 0,
303 (struct sockaddr
*)&sin
, &slen
)) < 0)
304 die(1, "error reading server's reply: %s", strerror(errno
));
306 IF_TRACING(TRACE_CLIENT
, {
307 struct hostent
*h
= gethostbyaddr((char *)&sin
.sin_addr
,
308 sizeof(sin
.sin_addr
), AF_INET
);
309 trace(TRACE_CLIENT
, "client: reply received from %s port %i",
310 h ? h
->h_name
: inet_ntoa(sin
.sin_addr
),
311 ntohs(sin
.sin_port
));
314 /* --- Verify the sender --- *
316 * This is more to avoid confusion than for security: an active
317 * attacker is quite capable of forging the source address. We rely
318 * on the signature in the reply packet for authentication.
321 for (i
= 0; i
< n_serv
; i
++) {
322 if (sin
.sin_addr
.s_addr
== serv
[i
].sin_addr
.s_addr
&&
323 sin
.sin_port
== serv
[i
].sin_port
)
327 T( trace(TRACE_CLIENT
, "client: reply from unknown host"); )
331 /* --- Unpack and verify the response --- */
333 buf_init(&b
, rbuff
, sz
);
334 if (buf_ensure(&b
, sizeof(hmsg
))) goto bad
;
335 if (memcmp(BCUR(&b
), hmsg
, sizeof(hmsg
)) != 0) goto bad
;
336 BSTEP(&b
, sizeof(hmsg
));
337 if ((ans
= buf_getbyte(&b
)) < 0) goto bad
;
340 sha_hash(&hc
, BBASE(&b
), BLEN(&b
));
342 if ((r
= buf_getmp(&b
)) == 0 || (s
= buf_getmp(&b
)) == 0) goto bad
;
343 m
= mp_loadb(MP_NEW
, h
, sizeof(h
));
346 while ((k
= key_next(&ki
)) != 0) {
347 if (key_expired(k
)) continue;
348 if (strcmp(k
->type
, "become-dsa") != 0) continue;
349 if (key_fetch(kp
, k
)) continue;
350 i
= dsa_vrfy(&kpub
.dp
, kpub
.y
, m
, r
, s
);
364 T( trace(TRACE_CLIENT
,
365 "client: invalid or corrupt reply packet"); )
368 die(1, "internal error: can't get here in check__ask");
372 /* --- @check__client@ --- *
374 * Arguments: @request *rq@ = pointer to a request block
375 * @FILE *fp@ = file containing server configuration
377 * Returns: Nonzero if OK, zero if forbidden
379 * Use: Asks one or several servers whether a request is acceptable.
382 int check__client(request
*rq
, FILE *fp
)
384 /* --- Format of the file --- *
386 * The `servers' file contains entries of the form
388 * %%\syntax{<host> [`:' <port>]}%%
390 * separates by whitespace. I build them all into an array of socket
391 * addresses and pass the whole lot to another function.
394 struct sockaddr_in
*serv
; /* Array of servers */
395 size_t n_serv
, max_serv
; /* Number and maximum number */
397 /* --- Initialise the server array --- */
399 T( trace(TRACE_CLIENT
, "client: reading server definitions"); )
400 n_serv
= 0; max_serv
= 4; /* Four seems reasonable */
401 serv
= xmalloc(sizeof(*serv
) * max_serv
);
403 /* --- Start reading the file --- */
406 char buff
[256], *p
, *l
; /* A buffer and pointers for it */
407 int port
; /* Default port for servers */
408 int state
; /* Current parser state */
409 struct in_addr t_host
; /* Temp place for an address*/
410 int t_port
; /* Temp place for a port */
411 int ch
; /* The current character */
413 /* --- Parser states --- */
416 st_start
, /* Waiting to begin */
417 st_host
, /* Reading a new hostname */
418 st_colon
, /* Expecting a colon, maybe */
419 st_preport
, /* Waiting before reading port */
420 st_port
, /* Reading a port number */
421 st_commit
, /* Commit a newly read server */
422 st_done
/* Finished reading the file */
425 /* --- Find a default port --- */
428 struct servent
*s
= getservbyname(quis(), "udp");
429 port
= (s ? s
->s_port
: htons(SERVER_PORT
));
432 /* --- Initialise for scanning the file --- */
436 l
= buff
+ sizeof(buff
);
440 /* --- Go for it --- */
442 while (state
!= st_done
) {
445 /* --- Initial whitespace before hostname --- */
450 else if (isspace((unsigned char)ch
))
456 /* --- Read a host name --- */
460 die(1, "string too long in `" file_SERVER
"'");
461 if (ch
!= EOF
&& !isspace((unsigned char)ch
) && ch
!= ':') {
468 if ((h
= gethostbyname(buff
)) == 0)
469 die(1, "unknown host `%s' in `" file_SERVER
"'", buff
);
470 memcpy(&t_host
, h
->h_addr
, sizeof(t_host
));
475 /* --- Waiting for a colon coming up --- */
480 else if (isspace((unsigned char)ch
))
482 else if (ch
== ':') {
490 /* --- Clearing whitespace before a port number --- */
495 else if (isspace((unsigned char)ch
))
503 /* --- Read a port number --- */
507 die(1, "string too long in `" file_SERVER
"'");
508 if (ch
!= EOF
&& !isspace((unsigned char)ch
) && ch
!= ':') {
515 s
= getservbyname(buff
, "udp");
516 if (!s
&& isdigit((unsigned char)buff
[0]))
517 t_port
= htons(atoi(buff
));
519 die(1, "unknown service `%s' in `" file_SERVER
"'", buff
);
526 /* --- A server has been read successfully --- */
529 if (n_serv
== max_serv
) {
531 serv
= xrealloc(serv
, n_serv
* sizeof(*serv
),
532 max_serv
* sizeof(*serv
));
534 serv
[n_serv
].sin_family
= AF_INET
;
535 serv
[n_serv
].sin_addr
= t_host
;
536 serv
[n_serv
].sin_port
= t_port
;
543 /* --- A safety net for a broken parser --- */
546 die(1, "internal error: can't get here in check__client");
554 /* --- Now start sending requests --- */
557 die(1, "no servers specified in `" file_SERVER
"'");
559 IF_TRACING(TRACE_CLIENT
, {
562 for (i
= 0; i
< n_serv
; i
++) {
563 trace(TRACE_CLIENT
, "client: server %s port %i",
564 inet_ntoa(serv
[i
].sin_addr
), ntohs(serv
[i
].sin_port
));
567 return (check__ask(rq
, serv
, n_serv
));
572 /*----- Main checking function --------------------------------------------*/
576 * Arguments: @request *rq@ = pointer to request buffer
578 * Returns: Nonzero if OK, zero if forbidden
580 * Use: Checks to see if the request is acceptable.
583 int check(request
*rq
)
587 /* --- Check if we need to talk to a server --- */
590 if ((fp
= fopen(file_SERVER
, "r")) != 0)
591 return (check__client(rq
, fp
));
594 /* --- Otherwise do this all the old-fashioned way --- */
596 if ((fp
= fopen(file_RULES
, "r")) == 0) {
597 die(1, "couldn't read configuration file `%s': %s",
598 file_RULES
, strerror(errno
));
611 return (rule_check(rq
));
614 /*----- That's all, folks -------------------------------------------------*/