2dddf32a39db3c4924fa06ae1284a5660e89da55
5 * Check validity of requests
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of `become'
14 * `Become' is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
19 * `Become' is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with `become'; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
29 /*----- Header files ------------------------------------------------------*/
31 /* --- ANSI headers --- */
40 /* --- Unix headers --- */
43 #include <sys/types.h>
44 #include <sys/socket.h>
46 #include <netinet/in.h>
48 #include <arpa/inet.h>
54 /* --- mLib headers --- */
56 #include <mLib/alloc.h>
57 #include <mLib/quis.h>
58 #include <mLib/report.h>
60 #include <mLib/trace.h>
62 /* --- Catacomb headers --- */
64 #include <catacomb/buf.h>
65 #include <catacomb/gdsa.h>
66 #include <catacomb/key.h>
67 #include <catacomb/dh.h>
68 #include <catacomb/ec-keys.h>
69 #include <catacomb/mp.h>
70 #include <catacomb/noise.h>
71 #include <catacomb/rand.h>
73 /* --- Local headers --- */
84 /*----- Client-end network support ----------------------------------------*/
88 /* --- @check__send@ --- *
90 * Arguments: @char *buf@ = pointer to encrypted request
91 * @size_t sz@ = size of request
92 * @int fd@ = socket to send from
93 * @struct sockaddr_in *serv@ = pointer to table of servers
94 * @size_t n_serv@ = number of servers
98 * Use: Sends the request packet to the list of servers. If the
99 * message couldn't be sent to any of them, an error is
103 static void check__send(char *buf
, size_t sz
, int fd
,
104 struct sockaddr_in
*serv
, size_t n_serv
)
110 for (i
= 0; i
< n_serv
; i
++) {
111 if (sendto(fd
, buf
, sz
, 0,
112 (struct sockaddr
*)(serv
+ i
), sizeof(serv
[i
])) < 0) {
113 T( trace(TRACE_CLIENT
, "client: send to %s failed: %s",
114 inet_ntoa(serv
[i
].sin_addr
), strerror(errno
)); )
121 die(1, "couldn't send request to server: %s", strerror(err
));
124 /* --- @check__ask@ --- *
126 * Arguments: @request *rq@ = pointer to request buffer
127 * @struct sockaddr_in *serv@ = pointer to table of servers
128 * @size_t n_serv@ = number of servers
130 * Returns: Nonzero if OK, zero if forbidden
132 * Use: Contacts a number of servers to decide whether the request
136 static int check__ask(request
*rq
, struct sockaddr_in
*serv
, size_t n_serv
)
138 static int tbl
[] = { 0, 5, 10, 20, -1 };
140 char buff
[2048], rbuff
[2048];
148 struct sockaddr_in sin
;
153 struct timeval start
, now
, tv
;
161 /* --- Open the public keyring --- */
163 if ((key_open(&f
, file_PUBKEY
, KOPEN_READ
, key_moan
, 0)) != 0)
164 die(1, "couldn't open public keyring");
166 /* --- Build the request packet --- */
168 rand_noisesrc(RAND_GLOBAL
, &noise_source
);
169 rand_seed(RAND_GLOBAL
, 160);
170 buf_init(&b
, buff
, sizeof(buff
));
171 rand_get(RAND_GLOBAL
, buf_get(&b
, 64), 64);
172 buf_putu32(&b
, rq
->from
);
173 buf_putu32(&b
, rq
->to
);
174 buf_putu16(&b
, strlen(rq
->cmd
));
175 buf_put(&b
, rq
->cmd
, strlen(rq
->cmd
));
178 /* --- Create my socket --- */
180 if ((fd
= socket(PF_INET
, SOCK_DGRAM
, 0)) < 0)
181 die(1, "couldn't create socket: %s", strerror(errno
));
182 if (fcntl(fd
, F_SETFD
, 1) < 0)
183 die(1, "couldn't set close-on-exec flag for socket: %s", strerror(errno
));
185 /* --- Bind myself to some address --- */
187 sin
.sin_family
= AF_INET
;
189 sin
.sin_addr
.s_addr
= htonl(INADDR_ANY
);
191 if (bind(fd
, (struct sockaddr
*)&sin
, sizeof(sin
)) < 0)
192 die(1, "couldn't bind socket to address: %s", strerror(errno
));
194 /* --- Find out when we are --- */
196 gettimeofday(&start
, 0);
199 /* --- Now loop until everything's done --- */
202 gettimeofday(&now
, 0);
204 /* --- If the current timer has expired, find one that hasn't --- *
206 * Also resend the request after I've found a timer which is still
207 * extant. If there aren't any, report an error.
210 if (now
.tv_sec
>= start
.tv_sec
+ tbl
[ind
] &&
211 now
.tv_usec
>= start
.tv_usec
) {
215 die(1, "no reply from servers");
216 } while (now
.tv_sec
>= start
.tv_sec
+ tbl
[ind
] &&
217 now
.tv_usec
>= start
.tv_usec
);
218 check__send(buff
, rqlen
, fd
, serv
, n_serv
);
219 T( trace(TRACE_CLIENT
, "client: send request to servers"); )
222 /* --- Now wait for a packet to arrive --- */
224 if (now
.tv_usec
> start
.tv_usec
) {
225 now
.tv_usec
-= 1000000;
228 tv
.tv_sec
= start
.tv_sec
+ tbl
[ind
] - now
.tv_sec
;
229 tv
.tv_usec
= start
.tv_usec
- now
.tv_usec
;
231 /* --- Sort out file descriptors to watch --- */
236 /* --- Wait for them --- */
238 i
= select(FD_SETSIZE
, &fds
, 0, 0, &tv
);
239 if (i
== 0 || (i
< 0 && errno
== EINTR
))
242 die(1, "error waiting for reply: %s", strerror(errno
));
244 /* --- Read the reply data --- */
247 if ((sz
= recvfrom(fd
, (char *)rbuff
, sizeof(rbuff
), 0,
248 (struct sockaddr
*)&sin
, &slen
)) < 0)
249 die(1, "error reading server's reply: %s", strerror(errno
));
251 IF_TRACING(TRACE_CLIENT
, {
252 struct hostent
*h
= gethostbyaddr((char *)&sin
.sin_addr
,
253 sizeof(sin
.sin_addr
), AF_INET
);
254 trace(TRACE_CLIENT
, "client: reply received from %s port %i",
255 h ? h
->h_name
: inet_ntoa(sin
.sin_addr
),
256 ntohs(sin
.sin_port
));
259 /* --- Verify the sender --- *
261 * This is more to avoid confusion than for security: an active
262 * attacker is quite capable of forging the source address. We rely
263 * on the signature in the reply packet for authentication.
266 for (i
= 0; i
< n_serv
; i
++) {
267 if (sin
.sin_addr
.s_addr
== serv
[i
].sin_addr
.s_addr
&&
268 sin
.sin_port
== serv
[i
].sin_port
)
272 T( trace(TRACE_CLIENT
, "client: reply from unknown host"); )
276 /* --- The hash length varies with the key --- *
278 * So we have to unpack once for each key. This isn't too bad.
284 while ((k
= key_next(&ki
)) != 0) {
285 if (key_expired(k
)) continue;
286 if (strcmp(k
->type
, "become") != 0) continue;
288 /* --- Get a hash function --- */
290 if ((p
= key_getattr(&f
, k
, "hash")) == 0)
292 if ((g
.h
= ghash_byname(p
)) == 0)
295 /* --- Unpack the key --- */
297 p
= key_getattr(&f
, k
, "sig");
298 if (!p
|| strcmp(p
, "dsa") == 0) {
300 kp
= key_fetchinit(dh_pubfetch
, 0, &dp
);
301 if (key_fetch(kp
, k
)) goto fail_1
;
302 if ((g
.g
= group_prime(&dp
.dp
)) == 0) goto fail_1
;
304 if (G_FROMINT(g
.g
, g
.p
, dp
.y
)) goto fail_2
;
305 } else if (strcmp(p
, "ecdsa") == 0) {
308 kp
= key_fetchinit(ec_pubfetch
, 0, &ep
);
309 if (key_fetch(kp
, k
)) goto fail_1
;
310 if (ec_getinfo(&ei
, ep
.cstr
)) goto fail_1
;
313 if (G_FROMEC(g
.g
, g
.p
, &ep
.p
)) goto fail_2
;
317 /* --- Unpack the response --- */
320 GH_HASH(h
, buff
, rqlen
);
321 buf_init(&b
, rbuff
, sz
);
322 if (buf_ensure(&b
, g
.h
->hashsz
)) goto fail_3
;
323 if (memcmp(BCUR(&b
), GH_DONE(h
, 0), g
.h
->hashsz
) != 0) goto fail_3
;
324 BSTEP(&b
, g
.h
->hashsz
);
325 if ((ans
= buf_getbyte(&b
)) < 0) goto fail_3
;
328 /* --- Verify the signature --- */
330 h
= gdsa_beginhash(&g
);
331 GH_HASH(h
, BBASE(&b
), BLEN(&b
));
334 if ((s
.r
= buf_getmp(&b
)) == 0 ||
335 (s
.s
= buf_getmp(&b
)) == 0)
337 if (gdsa_verify(&g
, &s
, GH_DONE(h
, 0)))
340 mp_drop(s
.r
); mp_drop(s
.s
);
348 /* --- Tidy up and try again --- */
351 mp_drop(s
.r
); mp_drop(s
.s
);
363 T( trace(TRACE_CLIENT
,
364 "client: invalid or corrupt reply packet"); )
367 die(1, "internal error: can't get here in check__ask");
371 /* --- @check__client@ --- *
373 * Arguments: @request *rq@ = pointer to a request block
374 * @FILE *fp@ = file containing server configuration
376 * Returns: Nonzero if OK, zero if forbidden
378 * Use: Asks one or several servers whether a request is acceptable.
381 static int check__client(request
*rq
, FILE *fp
)
383 /* --- Format of the file --- *
385 * The `servers' file contains entries of the form
387 * %%\syntax{<host> [`:' <port>]}%%
389 * separates by whitespace. I build them all into an array of socket
390 * addresses and pass the whole lot to another function.
393 struct sockaddr_in
*serv
; /* Array of servers */
394 size_t n_serv
, max_serv
; /* Number and maximum number */
396 /* --- Initialise the server array --- */
398 T( trace(TRACE_CLIENT
, "client: reading server definitions"); )
399 n_serv
= 0; max_serv
= 4; /* Four seems reasonable */
400 serv
= xmalloc(sizeof(*serv
) * max_serv
);
402 /* --- Start reading the file --- */
405 char buff
[256], *p
, *l
; /* A buffer and pointers for it */
406 int port
; /* Default port for servers */
407 int state
; /* Current parser state */
408 struct in_addr t_host
; /* Temp place for an address*/
409 int t_port
; /* Temp place for a port */
410 int ch
; /* The current character */
412 /* --- Parser states --- */
415 st_start
, /* Waiting to begin */
416 st_host
, /* Reading a new hostname */
417 st_colon
, /* Expecting a colon, maybe */
418 st_preport
, /* Waiting before reading port */
419 st_port
, /* Reading a port number */
420 st_commit
, /* Commit a newly read server */
421 st_done
/* Finished reading the file */
424 /* --- Find a default port --- */
427 struct servent
*s
= getservbyname(quis(), "udp");
428 port
= (s ? s
->s_port
: htons(SERVER_PORT
));
431 /* --- Initialise for scanning the file --- */
435 l
= buff
+ sizeof(buff
);
439 /* --- Go for it --- */
441 while (state
!= st_done
) {
444 /* --- Initial whitespace before hostname --- */
449 else if (isspace((unsigned char)ch
))
455 /* --- Read a host name --- */
459 die(1, "string too long in `" file_SERVER
"'");
460 if (ch
!= EOF
&& !isspace((unsigned char)ch
) && ch
!= ':') {
467 if ((h
= gethostbyname(buff
)) == 0)
468 die(1, "unknown host `%s' in `" file_SERVER
"'", buff
);
469 memcpy(&t_host
, h
->h_addr
, sizeof(t_host
));
474 /* --- Waiting for a colon coming up --- */
479 else if (isspace((unsigned char)ch
))
481 else if (ch
== ':') {
489 /* --- Clearing whitespace before a port number --- */
494 else if (isspace((unsigned char)ch
))
502 /* --- Read a port number --- */
506 die(1, "string too long in `" file_SERVER
"'");
507 if (ch
!= EOF
&& !isspace((unsigned char)ch
) && ch
!= ':') {
514 s
= getservbyname(buff
, "udp");
515 if (!s
&& isdigit((unsigned char)buff
[0]))
516 t_port
= htons(atoi(buff
));
518 die(1, "unknown service `%s' in `" file_SERVER
"'", buff
);
525 /* --- A server has been read successfully --- */
528 if (n_serv
== max_serv
) {
530 serv
= xrealloc(serv
, n_serv
* sizeof(*serv
),
531 max_serv
* sizeof(*serv
));
533 serv
[n_serv
].sin_family
= AF_INET
;
534 serv
[n_serv
].sin_addr
= t_host
;
535 serv
[n_serv
].sin_port
= t_port
;
542 /* --- A safety net for a broken parser --- */
545 die(1, "internal error: can't get here in check__client");
553 /* --- Now start sending requests --- */
556 die(1, "no servers specified in `" file_SERVER
"'");
558 IF_TRACING(TRACE_CLIENT
, {
561 for (i
= 0; i
< n_serv
; i
++) {
562 trace(TRACE_CLIENT
, "client: server %s port %i",
563 inet_ntoa(serv
[i
].sin_addr
), ntohs(serv
[i
].sin_port
));
566 return (check__ask(rq
, serv
, n_serv
));
571 /*----- Main checking function --------------------------------------------*/
575 * Arguments: @request *rq@ = pointer to request buffer
577 * Returns: Nonzero if OK, zero if forbidden
579 * Use: Checks to see if the request is acceptable.
582 int check(request
*rq
)
586 /* --- Check if we need to talk to a server --- */
589 if ((fp
= fopen(file_SERVER
, "r")) != 0)
590 return (check__client(rq
, fp
));
593 /* --- Otherwise do this all the old-fashioned way --- */
595 if ((fp
= fopen(file_RULES
, "r")) == 0) {
596 die(1, "couldn't read configuration file `%s': %s",
597 file_RULES
, strerror(errno
));
610 return (rule_check(rq
));
613 /*----- That's all, folks -------------------------------------------------*/