/* -*-c-*-
*
- * $Id: check.c,v 1.6 1998/01/12 16:45:47 mdw Exp $
+ * $Id: check.c,v 1.10 1999/05/04 16:17:12 mdw Exp $
*
* Check validity of requests
*
/*----- Revision history --------------------------------------------------*
*
* $Log: check.c,v $
+ * Revision 1.10 1999/05/04 16:17:12 mdw
+ * Change to header file name for parser. See log for `parse.h' for
+ * details.
+ *
+ * Revision 1.9 1998/06/19 13:48:16 mdw
+ * Set close-on-exec flag for UDP socket.
+ *
+ * Revision 1.8 1998/06/18 15:10:44 mdw
+ * SECURITY HOLE: the file descriptor for the secret key was left open and
+ * inherited by the target process. This is now fixed. Also set
+ * close-on-exec flags on key file, close config file carefully, and close
+ * UDP socket after receiving reply from server.
+ *
+ * Revision 1.7 1998/04/23 13:22:08 mdw
+ * Support no-network configuration option, and new interface to
+ * configuration file parser.
+ *
* Revision 1.6 1998/01/12 16:45:47 mdw
* Fix copyright date.
*
#include <arpa/inet.h>
+#include <fcntl.h>
#include <netdb.h>
#include <unistd.h>
#include "name.h"
#include "netg.h"
#include "rule.h"
-#include "parser.h"
+#include "parse.h"
#include "tx.h"
#include "userdb.h"
#include "utils.h"
-/*----- Main code ---------------------------------------------------------*/
+/*----- Client-end network support ----------------------------------------*/
+
+#ifndef NONETWORK
/* --- @check__send@ --- *
*
die("couldn't open key file `%s': %s", file_KEY,
strerror(errno));
}
+ if (fcntl(fileno(fp), F_SETFD, 1) < 0) {
+ die("couldn't set close-on-exec on key file `%s': %s", file_KEY,
+ strerror(errno));
+ }
tx_getBits(k, 128, fp);
+ fclose(fp);
/* --- Now build a request packet --- */
if ((fd = socket(PF_INET, SOCK_DGRAM, 0)) < 0)
die("couldn't create socket: %s", strerror(errno));
+ if (fcntl(fd, F_SETFD, 1) < 0)
+ die("couldn't set close-on-exec flag for socket: %s", strerror(errno));
/* --- Bind myself to some address --- */
T( trace(TRACE_CLIENT, "client: reply from unknown host"); )
continue;
}
-
+
/* --- Unpack and verify the response --- */
answer = crypt_unpackReply(buff, sk, t, pid);
"client: invalid or corrupt reply packet"); )
continue;
}
+ close(fd);
return (answer);
}
}
return (check__ask(rq, serv, n_serv));
}
+#endif
+
+/*----- Main checking function --------------------------------------------*/
+
/* --- @check@ --- *
*
* Arguments: @request *rq@ = pointer to request buffer
/* --- Check if we need to talk to a server --- */
+#ifndef NONETWORK
if ((fp = fopen(file_SERVER, "r")) != 0)
return (check__client(rq, fp));
+#endif
/* --- Otherwise do this all the old-fashioned way --- */
name_init();
rule_init();
lexer_scan(fp);
- yyparse();
+ parse();
+ fclose(fp);
return (rule_check(rq));
}