~mdw / become / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Replaced by Blowfish.
[become] / src / check.c
1 /* -*-c-*-
2 *
3 * $Id: check.c,v 1.4.2.1 1997/09/26 09:08:01 mdw Exp $
4 *
5 * Check validity of requests
6 *
7 * (c) 1997 EBI
8 */
9
10 /*----- Licensing notice --------------------------------------------------*
11 *
12 * This file is part of `become'
13 *
14 * `Become' is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
18 *
19 * `Become' is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
23 *
24 * You should have received a copy of the GNU General Public License
25 * along with `become'; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 */
28
29 /*----- Revision history --------------------------------------------------*
30 *
31 * $Log: check.c,v $
32 * Revision 1.4.2.1 1997/09/26 09:08:01 mdw
33 * Use the Blowfish encryption algorithm instead of IDEA. This is partly
34 * because I prefer Blowfish (without any particularly strong evidence) but
35 * mainly because IDEA is patented and Blowfish isn't.
36 *
37 * Revision 1.4 1997/08/07 09:52:05 mdw
38 * (Log entry for previous version is bogus.) Added support for multiple
39 * servers.
40 *
41 * Revision 1.2 1997/08/04 10:24:20 mdw
42 * Sources placed under CVS control.
43 *
44 * Revision 1.1 1997/07/21 13:47:53 mdw
45 * Initial revision
46 *
47 */
48
49 /*----- Header files ------------------------------------------------------*/
50
51 /* --- ANSI headers --- */
52
53 #include <ctype.h>
54 #include <errno.h>
55 #include <stdio.h>
56 #include <stdlib.h>
57 #include <string.h>
58 #include <time.h>
59
60 /* --- Unix headers --- */
61
62 #include <sys/time.h>
63 #include <sys/types.h>
64 #include <sys/socket.h>
65
66 #include <netinet/in.h>
67
68 #include <arpa/inet.h>
69
70 #include <netdb.h>
71 #include <unistd.h>
72
73 /* --- Local headers --- */
74
75 #include "become.h"
76 #include "blowfish.h"
77 #include "config.h"
78 #include "crypt.h"
79 #include "lexer.h"
80 #include "name.h"
81 #include "netg.h"
82 #include "rule.h"
83 #include "parser.h"
84 #include "tx.h"
85 #include "userdb.h"
86 #include "utils.h"
87
88 /*----- Main code ---------------------------------------------------------*/
89
90 /* --- @check__send@ --- *
91 *
92 * Arguments: @unsigned char *crq@ = pointer to encrypted request
93 * @int fd@ = socket to send from
94 * @struct sockaddr_in *serv@ = pointer to table of servers
95 * @size_t n_serv@ = number of servers
96 *
97 * Returns: ---
98 *
99 * Use: Sends the request packet to the list of servers. If the
100 * message couldn't be sent to any of them, an error is
101 * reported.
102 */
103
104 static void check__send(unsigned char *crq, int fd,
105 struct sockaddr_in *serv, size_t n_serv)
106 {
107 size_t i;
108 int ok = 0;
109 int err = 0;
110
111 for (i = 0; i < n_serv; i++) {
112 if (sendto(fd, (char *)crq, crq_size, 0,
113 (struct sockaddr *)(serv + i), sizeof(serv[i])) < 0) {
114 T( trace(TRACE_CLIENT, "client: send to %s failed: %s",
115 inet_ntoa(serv[i].sin_addr), strerror(errno)); )
116 err = errno;
117 } else
118 ok = 1;
119 }
120
121 if (!ok)
122 die("couldn't send request to server: %s", strerror(err));
123 }
124
125 /* --- @check__ask@ --- *
126 *
127 * Arguments: @request *rq@ = pointer to request buffer
128 * @struct sockaddr_in *serv@ = pointer to table of servers
129 * @size_t n_serv@ = number of servers
130 *
131 * Returns: Nonzero if OK, zero if forbidden
132 *
133 * Use: Contacts a number of servers to decide whether the request
134 * is OK.
135 */
136
137 static int check__ask(request *rq, struct sockaddr_in *serv, size_t n_serv)
138 {
139 int fd;
140 unsigned char crq[crq_size];
141 unsigned char sk[BLOWFISH_KEYSIZE];
142 time_t t;
143 pid_t pid;
144
145 /* --- First, build the encrypted request packet --- */
146
147 {
148 unsigned char k[BLOWFISH_KEYSIZE];
149 FILE *fp;
150
151 /* --- Read in the encryption key --- */
152
153 if ((fp = fopen(file_KEY, "r")) == 0) {
154 die("couldn't open key file `%s': %s", file_KEY,
155 strerror(errno));
156 }
157 tx_getBits(k, 128, fp);
158
159 /* --- Now build a request packet --- */
160
161 t = time(0);
162 pid = getpid();
163 crypt_packRequest(rq, crq, t, pid, k, sk);
164 burn(k);
165 T( trace(TRACE_CLIENT, "client: encrypted request packet"); )
166 }
167
168 /* --- Create my socket --- */
169
170 {
171 struct sockaddr_in sin;
172
173 if ((fd = socket(PF_INET, SOCK_DGRAM, 0)) < 0)
174 die("couldn't create socket: %s", strerror(errno));
175
176 /* --- Bind myself to some address --- */
177
178 sin.sin_family = AF_INET;
179 sin.sin_port = 0;
180 sin.sin_addr.s_addr = htonl(INADDR_ANY);
181
182 if (bind(fd, (struct sockaddr *)&sin, sizeof(sin)) < 0)
183 die("couldn't bind socket to address: %s", strerror(errno));
184 }
185
186 /* --- Now wait for a reply --- */
187
188 {
189 fd_set fds;
190 struct timeval start, now, tv;
191 int ind;
192 size_t i;
193
194 /* --- State table for waiting for replies --- *
195 *
196 * For each number, send off the request to our servers, and wait for
197 * that many seconds to have elapsed since we started. If the number is
198 * %$-1$% then it's time to give up.
199 */
200
201 static int tbl[] = { 0, 5, 10, 20, -1 };
202
203 /* --- Find out when we are --- */
204
205 gettimeofday(&start, 0);
206 ind = 0;
207
208 /* --- Now loop until everything's done --- */
209
210 for (;;) {
211 gettimeofday(&now, 0);
212
213 /* --- If the current timer has expired, find one that hasn't --- *
214 *
215 * Also resend the request after I've found a timer which is still
216 * extant. If there aren't any, report an error.
217 */
218
219 if (now.tv_sec >= start.tv_sec + tbl[ind] &&
220 now.tv_usec >= start.tv_usec) {
221 do {
222 ind++;
223 if (tbl[ind] < 0)
224 die("no reply from servers");
225 } while (now.tv_sec >= start.tv_sec + tbl[ind] &&
226 now.tv_usec >= start.tv_usec);
227 check__send(crq, fd, serv, n_serv);
228 T( trace(TRACE_CLIENT, "client: send request to servers"); )
229 }
230
231 /* --- Now wait for a packet to arrive --- */
232
233 if (now.tv_usec > start.tv_usec) {
234 now.tv_usec -= 1000000;
235 now.tv_sec += 1;
236 }
237 tv.tv_sec = start.tv_sec + tbl[ind] - now.tv_sec;
238 tv.tv_usec = start.tv_usec - now.tv_usec;
239
240 /* --- Sort out file descriptors to watch --- */
241
242 FD_ZERO(&fds);
243 FD_SET(fd, &fds);
244
245 /* --- Wait for them --- */
246
247 i = select(FD_SETSIZE, &fds, 0, 0, &tv);
248 if (i == 0 || (i < 0 && errno == EINTR))
249 continue;
250 if (i < 0)
251 die("error waiting for reply: %s", strerror(errno));
252
253 /* --- A reply should be waiting now --- */
254
255 {
256 struct sockaddr_in sin;
257 int slen = sizeof(sin);
258 unsigned char buff[256];
259 int answer;
260
261 /* --- Read the reply data --- */
262
263 if (recvfrom(fd, (char *)buff, sizeof(buff), 0,
264 (struct sockaddr *)&sin, &slen) < 0)
265 die("error reading server's reply: %s", strerror(errno));
266
267 IF_TRACING(TRACE_CLIENT, {
268 struct hostent *h = gethostbyaddr((char *)&sin.sin_addr,
269 sizeof(sin.sin_addr), AF_INET);
270 trace(TRACE_CLIENT, "client: reply received from %s port %i",
271 h ? h->h_name : inet_ntoa(sin.sin_addr),
272 ntohs(sin.sin_port));
273 })
274
275 /* --- Verify the sender --- *
276 *
277 * This is more to avoid confusion than for security: an active
278 * attacker is quite capable of forging the source address. We rely
279 * on the checksum in the reply packet for authentication.
280 */
281
282 for (i = 0; i < n_serv; i++) {
283 if (sin.sin_addr.s_addr == serv[i].sin_addr.s_addr &&
284 sin.sin_port == serv[i].sin_port)
285 break;
286 }
287 if (i >= n_serv) {
288 T( trace(TRACE_CLIENT, "client: reply from unknown host"); )
289 continue;
290 }
291
292 /* --- Unpack and verify the response --- */
293
294 answer = crypt_unpackReply(buff, sk, t, pid);
295 if (answer < 0) {
296 T( trace(TRACE_CLIENT,
297 "client: invalid or corrupt reply packet"); )
298 continue;
299 }
300 return (answer);
301 }
302 }
303 }
304
305 die("internal error: can't get here in check__ask");
306 return (0);
307 }
308
309 /* --- @check__client@ --- *
310 *
311 * Arguments: @request *rq@ = pointer to a request block
312 * @FILE *fp@ = file containing server configuration
313 *
314 * Returns: Nonzero if OK, zero if forbidden
315 *
316 * Use: Asks one or several servers whether a request is acceptable.
317 */
318
319 int check__client(request *rq, FILE *fp)
320 {
321 /* --- Format of the file --- *
322 *
323 * The `servers' file contains entries of the form
324 *
325 * %%\syntax{<host> [`:' <port>]}%%
326 *
327 * separates by whitespace. I build them all into an array of socket
328 * addresses and pass the whole lot to another function.
329 */
330
331 struct sockaddr_in *serv; /* Array of servers */
332 size_t n_serv, max_serv; /* Number and maximum number */
333
334 /* --- Initialise the server array --- */
335
336 T( trace(TRACE_CLIENT, "client: reading server definitions"); )
337 n_serv = 0; max_serv = 4; /* Four seems reasonable */
338 serv = xmalloc(sizeof(*serv) * max_serv);
339
340 /* --- Start reading the file --- */
341
342 {
343 char buff[256], *p, *l; /* A buffer and pointers for it */
344 int port; /* Default port for servers */
345 int state; /* Current parser state */
346 struct in_addr t_host; /* Temp place for an address*/
347 int t_port; /* Temp place for a port */
348 int ch; /* The current character */
349
350 /* --- Parser states --- */
351
352 enum {
353 st_start, /* Waiting to begin */
354 st_host, /* Reading a new hostname */
355 st_colon, /* Expecting a colon, maybe */
356 st_preport, /* Waiting before reading port */
357 st_port, /* Reading a port number */
358 st_commit, /* Commit a newly read server */
359 st_done /* Finished reading the file */
360 };
361
362 /* --- Find a default port --- */
363
364 {
365 struct servent *s = getservbyname(quis(), "udp");
366 port = (s ? s->s_port : -1);
367 }
368
369 /* --- Initialise for scanning the file --- */
370
371 state = st_host;
372 p = buff;
373 l = buff + sizeof(buff);
374 t_port = port;
375 ch = getc(fp);
376
377 /* --- Go for it --- */
378
379 while (state != st_done) {
380 switch (state) {
381
382 /* --- Initial whitespace before hostname --- */
383
384 case st_start:
385 if (ch == EOF)
386 state = st_done;
387 else if (isspace((unsigned char)ch))
388 ch = getc(fp);
389 else
390 state = st_host;
391 break;
392
393 /* --- Read a host name --- */
394
395 case st_host:
396 if (p == l)
397 die("string too long in `" file_SERVER "'");
398 if (ch != EOF && !isspace((unsigned char)ch) && ch != ':') {
399 *p++ = ch;
400 ch = getc(fp);
401 } else {
402 struct hostent *h;
403
404 *p++ = 0;
405 if ((h = gethostbyname(buff)) == 0)
406 die("unknown host `%s' in `" file_SERVER "'", buff);
407 memcpy(&t_host, h->h_addr, sizeof(t_host));
408 state = st_colon;
409 }
410 break;
411
412 /* --- Waiting for a colon coming up --- */
413
414 case st_colon:
415 if (ch == EOF)
416 state = st_commit;
417 else if (isspace((unsigned char)ch))
418 ch = getc(fp);
419 else if (ch == ':') {
420 state = st_preport;
421 ch = getc(fp);
422 }
423 else
424 state = st_commit;
425 break;
426
427 /* --- Clearing whitespace before a port number --- */
428
429 case st_preport:
430 if (ch == EOF)
431 state = st_commit;
432 else if (isspace((unsigned char)ch))
433 ch = getc(fp);
434 else {
435 state = st_port;
436 p = buff;
437 }
438 break;
439
440 /* --- Read a port number --- */
441
442 case st_port:
443 if (p == l)
444 die("string too long in `" file_SERVER "'");
445 if (ch != EOF && !isspace((unsigned char)ch) && ch != ':') {
446 *p++ = ch;
447 ch = getc(fp);
448 } else {
449 struct servent *s;
450
451 *p++ = 0;
452 s = getservbyname(buff, "udp");
453 if (!s && isdigit((unsigned char)buff[0]))
454 t_port = htons(atoi(buff));
455 else if (!s)
456 die("unknown service `%s' in `" file_SERVER "'", buff);
457 else
458 t_port = s->s_port;
459 state = st_commit;
460 }
461 break;
462
463 /* --- A server has been read successfully --- */
464
465 case st_commit:
466 if (n_serv == max_serv) {
467 max_serv *= 2;
468 serv = xrealloc(serv, max_serv * sizeof(*serv));
469 }
470 serv[n_serv].sin_family = AF_INET;
471 serv[n_serv].sin_addr = t_host;
472 serv[n_serv].sin_port = t_port;
473 n_serv++;
474 state = st_start;
475 p = buff;
476 t_port = port;
477 break;
478
479 /* --- A safety net for a broken parser --- */
480
481 default:
482 die("internal error: can't get here in check__client");
483 break;
484 }
485 }
486 }
487
488 fclose(fp);
489
490 /* --- Now start sending requests --- */
491
492 if (!n_serv)
493 die("no servers specified in `" file_SERVER "'");
494
495 IF_TRACING(TRACE_CLIENT, {
496 size_t i;
497
498 for (i = 0; i < n_serv; i++) {
499 trace(TRACE_CLIENT, "client: server %s port %i",
500 inet_ntoa(serv[i].sin_addr), ntohs(serv[i].sin_port));
501 }
502 })
503 return (check__ask(rq, serv, n_serv));
504 }
505
506 /* --- @check@ --- *
507 *
508 * Arguments: @request *rq@ = pointer to request buffer
509 *
510 * Returns: Nonzero if OK, zero if forbidden
511 *
512 * Use: Checks to see if the request is acceptable.
513 */
514
515 int check(request *rq)
516 {
517 FILE *fp;
518
519 /* --- Check if we need to talk to a server --- */
520
521 if ((fp = fopen(file_SERVER, "r")) != 0)
522 return (check__client(rq, fp));
523
524 /* --- Otherwise do this all the old-fashioned way --- */
525
526 if ((fp = fopen(file_RULES, "r")) == 0) {
527 die("couldn't read configuration file `%s': %s",
528 file_RULES, strerror(errno));
529 }
530
531 userdb_init();
532 userdb_local();
533 userdb_yp();
534 netg_init();
535 name_init();
536 rule_init();
537 lexer_scan(fp);
538 yyparse();
539
540 return (rule_check(rq));
541 }
542
543 /*----- That's all, folks -------------------------------------------------*/
Management for shared accounts