2 * Amanda, The Advanced Maryland Automatic Network Disk Archiver
3 * Copyright (c) 1999 University of Maryland
6 * Permission to use, copy, modify, distribute, and sell this software and its
7 * documentation for any purpose is hereby granted without fee, provided that
8 * the above copyright notice appear in all copies and that both that
9 * copyright notice and this permission notice appear in supporting
10 * documentation, and that the name of U.M. not be used in advertising or
11 * publicity pertaining to distribution of the software without specific,
12 * written prior permission. U.M. makes no representations about the
13 * suitability of this software for any purpose. It is provided "as is"
14 * without express or implied warranty.
16 * U.M. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL U.M.
18 * BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
19 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
20 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
21 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
23 * Authors: the Amanda Development Team. Its members are listed in a
24 * file named AUTHORS, in the root directory of this distribution.
28 * $Id: security-util.c,v 1.25 2006/07/22 12:04:47 martinea Exp $
30 * sec-security.c - security and transport over sec or a sec-like command.
32 * XXX still need to check for initial keyword on connect so we can skip
33 * over shell garbage and other stuff that sec might want to spew out.
41 #include "security-util.h"
43 #include "sockaddr-util.h"
46 * This is a queue of open connections
49 static int newhandle = 1;
50 static int newevent = 1;
55 static void recvpkt_callback(void *, void *, ssize_t);
56 static void stream_read_callback(void *);
57 static void stream_read_sync_callback(void *);
59 static void sec_tcp_conn_read_cancel(struct tcp_conn *);
60 static void sec_tcp_conn_read_callback(void *);
64 * Authenticate a stream
65 * Nothing needed for sec. The connection is authenticated by secd
72 (void)s; /* Quiet unused parameter warning */
77 * Returns the stream id for this stream. This is just the local
84 struct sec_stream *rs = s;
92 * Setup to handle new incoming connections
96 const security_driver_t *driver,
97 char *(*conf_fn)(char *, void *),
100 void (*fn)(security_handle_t *, pkt_t *),
105 rc = sec_tcp_conn_get("",0); /* no hostname yet */
110 rc->conf_fn = conf_fn;
112 sec_tcp_conn_read(rc);
116 * frees a handle allocated by the above
122 struct sec_handle *rh = inst;
126 auth_debug(1, _("sec: closing handle to %s\n"), rh->hostname);
128 if (rh->rs != NULL) {
129 /* This may be null if we get here on an error */
130 stream_recvpkt_cancel(rh);
131 security_stream_close(&rh->rs->secstr);
133 /* keep us from getting here again */
134 rh->sech.driver = NULL;
135 amfree(rh->hostname);
140 * Called when a sec connection is finished connecting and is ready
141 * to be authenticated.
144 sec_connect_callback(
147 struct sec_handle *rh = cookie;
149 event_release(rh->rs->ev_read);
150 rh->rs->ev_read = NULL;
151 event_release(rh->ev_timeout);
152 rh->ev_timeout = NULL;
154 (*rh->fn.connect)(rh->arg, &rh->sech, S_OK);
158 * Called if a connection times out before completion.
164 struct sec_handle *rh = cookie;
166 event_release(rh->rs->ev_read);
167 rh->rs->ev_read = NULL;
168 event_release(rh->ev_timeout);
169 rh->ev_timeout = NULL;
171 (*rh->fn.connect)(rh->arg, &rh->sech, S_TIMEOUT);
175 sec_close_connection_none(
196 struct sec_handle *rh = cookie;
203 auth_debug(1, _("sec: stream_sendpkt: enter\n"));
205 if (rh->rc->prefix_packet)
206 s = rh->rc->prefix_packet(rh, pkt);
209 len = strlen(pkt->body) + strlen(s) + 2;
211 buf[0] = (char)pkt->type;
212 strncpy(&buf[1], s, len - 1);
213 strncpy(&buf[1 + strlen(s)], pkt->body, (len - strlen(s) - 1));
218 _("sec: stream_sendpkt: %s (%d) pkt_t (len %zu) contains:\n\n\"%s\"\n\n"),
219 pkt_type2str(pkt->type), pkt->type, strlen(pkt->body), pkt->body);
221 if (security_stream_write(&rh->rs->secstr, buf, len) < 0) {
222 security_seterror(&rh->sech, "%s", security_stream_geterror(&rh->rs->secstr));
231 * Set up to receive a packet asyncronously, and call back when
237 void (*fn)(void *, pkt_t *, security_status_t),
241 struct sec_handle *rh = cookie;
245 auth_debug(1, _("sec: recvpkt registered for %s\n"), rh->hostname);
248 * Reset any pending timeout on this handle
250 if (rh->ev_timeout != NULL)
251 event_release(rh->ev_timeout);
254 * Negative timeouts mean no timeout
257 rh->ev_timeout = NULL;
259 rh->ev_timeout = event_register((event_id_t)timeout, EV_TIME,
260 stream_recvpkt_timeout, rh);
264 security_stream_read(&rh->rs->secstr, recvpkt_callback, rh);
268 * This is called when a handle times out before receiving a packet.
271 stream_recvpkt_timeout(
274 struct sec_handle *rh = cookie;
278 auth_debug(1, _("sec: recvpkt timeout for %s\n"), rh->hostname);
280 stream_recvpkt_cancel(rh);
281 (*rh->fn.recvpkt)(rh->arg, NULL, S_TIMEOUT);
285 * Remove a async receive request from the queue
288 stream_recvpkt_cancel(
291 struct sec_handle *rh = cookie;
293 auth_debug(1, _("sec: cancelling recvpkt for %s\n"), rh->hostname);
297 security_stream_read_cancel(&rh->rs->secstr);
298 if (rh->ev_timeout != NULL) {
299 event_release(rh->ev_timeout);
300 rh->ev_timeout = NULL;
305 * Write a chunk of data to a stream. Blocks until completion.
313 struct sec_stream *rs = s;
316 assert(rs->rc != NULL);
318 auth_debug(1, _("sec: stream_write: writing %zu bytes to %s:%d %d\n"),
319 size, rs->rc->hostname, rs->handle,
322 if (tcpm_send_token(rs->rc, rs->rc->write, rs->handle, &rs->rc->errmsg,
324 security_stream_seterror(&rs->secstr, "%s", rs->rc->errmsg);
331 * Submit a request to read some data. Calls back with the given
332 * function and arg when completed.
337 void (*fn)(void *, void *, ssize_t),
340 struct sec_stream *rs = s;
345 * Only one read request can be active per stream.
347 if (rs->ev_read == NULL) {
348 rs->ev_read = event_register((event_id_t)rs->rc->event_id, EV_WAIT,
349 stream_read_callback, rs);
350 sec_tcp_conn_read(rs->rc);
356 /* buffer for tcpm_stream_read_sync function */
357 static ssize_t sync_pktlen;
358 static void *sync_pkt;
361 * Write a chunk of data to a stream. Blocks until completion.
364 tcpm_stream_read_sync(
368 struct sec_stream *rs = s;
373 * Only one read request can be active per stream.
375 if (rs->ev_read != NULL) {
380 rs->ev_read = event_register((event_id_t)rs->rc->event_id, EV_WAIT,
381 stream_read_sync_callback, rs);
382 sec_tcp_conn_read(rs->rc);
383 event_wait(rs->ev_read);
384 /* Can't use rs or rc, they can be freed */
386 return (sync_pktlen);
390 * Cancel a previous stream read request. It's ok if we didn't have a read
394 tcpm_stream_read_cancel(
397 struct sec_stream *rs = s;
401 if (rs->ev_read != NULL) {
402 event_release(rs->ev_read);
404 sec_tcp_conn_read_cancel(rs->rc);
409 * Transmits a chunk of data over a rsh_handle, adding
410 * the necessary headers to allow the remote end to decode it.
431 assert(SIZEOF(netlength) == 4);
433 logtime = time(NULL);
434 if (rc && logtime > rc->logstamp + 10) {
435 g_debug("tcpm_send_token: data is still flowing");
436 rc->logstamp = logtime;
439 auth_debug(1, "tcpm_send_token: write %zd bytes to handle %d\n",
443 * 32 bit length (network byte order)
444 * 32 bit handle (network byte order)
447 netlength = htonl(len);
448 iov[0].iov_base = (void *)&netlength;
449 iov[0].iov_len = SIZEOF(netlength);
451 nethandle = htonl((guint32)handle);
452 iov[1].iov_base = (void *)&nethandle;
453 iov[1].iov_len = SIZEOF(nethandle);
455 encbuf = (char *)buf;
462 if (rc->driver->data_encrypt == NULL) {
463 iov[2].iov_base = (void *)buf;
464 iov[2].iov_len = len;
466 /* (the extra (void *) cast is to quiet type-punning warnings) */
467 rc->driver->data_encrypt(rc, (void *)buf, len, (void **)(void *)&encbuf, &encsize);
468 iov[2].iov_base = (void *)encbuf;
469 iov[2].iov_len = encsize;
470 netlength = htonl(encsize);
475 rval = full_writev(fd, iov, nb_iov);
477 if (len != 0 && rc->driver->data_encrypt != NULL && buf != encbuf) {
483 *errmsg = newvstrallocf(*errmsg, _("write error to: %s"),
484 strerror(save_errno));
491 * return -2 for incomplete packet
493 * return 0 on EOF: *handle = H_EOF && *size = 0 if socket closed
494 * return 0 on EOF: *handle = handle && *size = 0 if stream closed
495 * return size : *handle = handle && *size = size for data read
509 assert(SIZEOF(rc->netint) == 8);
510 if (rc->size_header_read < (ssize_t)SIZEOF(rc->netint)) {
511 rval = read(fd, ((char *)&rc->netint) + rc->size_header_read,
512 SIZEOF(rc->netint) - rc->size_header_read);
515 *errmsg = newvstrallocf(*errmsg, _("recv error: %s"),
517 auth_debug(1, _("tcpm_recv_token: A return(-1)\n"));
519 } else if (rval == 0) {
522 *errmsg = newvstrallocf(*errmsg, _("SOCKET_EOF"));
523 auth_debug(1, _("tcpm_recv_token: A return(0)\n"));
525 } else if (rval < (ssize_t)SIZEOF(rc->netint) - rc->size_header_read) {
526 rc->size_header_read += rval;
529 rc->size_header_read += rval;
531 *size = (ssize_t)ntohl(rc->netint[0]);
532 *handle = (int)ntohl(rc->netint[1]);
534 rc->size_buffer_read = 0;
536 /* amanda protocol packet can be above NETWORK_BLOCK_BYTES */
537 if (*size > 128*NETWORK_BLOCK_BYTES || *size < 0) {
538 if (isprint((int)(*size ) & 0xFF) &&
539 isprint((int)(*size >> 8 ) & 0xFF) &&
540 isprint((int)(*size >> 16) & 0xFF) &&
541 isprint((int)(*size >> 24) & 0xFF) &&
542 isprint((*handle ) & 0xFF) &&
543 isprint((*handle >> 8 ) & 0xFF) &&
544 isprint((*handle >> 16) & 0xFF) &&
545 isprint((*handle >> 24) & 0xFF)) {
549 s[0] = ((int)(*size) >> 24) & 0xFF;
550 s[1] = ((int)(*size) >> 16) & 0xFF;
551 s[2] = ((int)(*size) >> 8) & 0xFF;
552 s[3] = ((int)(*size) ) & 0xFF;
553 s[4] = (*handle >> 24) & 0xFF;
554 s[5] = (*handle >> 16) & 0xFF;
555 s[6] = (*handle >> 8 ) & 0xFF;
556 s[7] = (*handle ) & 0xFF;
558 while(i<200 && isprint((int)s[i]) && s[i] != '\n') {
559 switch(net_read(fd, &s[i], 1, 0)) {
560 case -1: s[i] = '\0'; break;
561 case 0: s[i] = '\0'; break;
563 dbprintf(_("read: %c\n"), s[i]); i++; s[i]=' ';
568 s1 = quote_string(s);
569 *errmsg = newvstrallocf(*errmsg,
570 _("tcpm_recv_token: invalid size: %s"), s1);
571 dbprintf(_("tcpm_recv_token: invalid size %s\n"), s1);
574 *errmsg = newvstrallocf(*errmsg,
575 _("tcpm_recv_token: invalid size"));
576 dbprintf(_("tcpm_recv_token: invalid size %zd\n"), *size);
581 rc->buffer = alloc((size_t)*size);
584 auth_debug(1, _("tcpm_recv_token: read EOF from %d\n"), *handle);
585 *errmsg = newvstrallocf(*errmsg, _("EOF"));
586 rc->size_header_read = 0;
591 *size = (ssize_t)ntohl(rc->netint[0]);
592 *handle = (int)ntohl(rc->netint[1]);
594 rval = read(fd, rc->buffer + rc->size_buffer_read,
595 (size_t)*size - rc->size_buffer_read);
598 *errmsg = newvstrallocf(*errmsg, _("recv error: %s"),
600 auth_debug(1, _("tcpm_recv_token: B return(-1)\n"));
602 } else if (rval == 0) {
604 *errmsg = newvstrallocf(*errmsg, _("SOCKET_EOF"));
605 auth_debug(1, _("tcpm_recv_token: B return(0)\n"));
607 } else if (rval < (ssize_t)*size - rc->size_buffer_read) {
608 rc->size_buffer_read += rval;
611 rc->size_buffer_read += rval;
614 rc->size_header_read = 0;
615 rc->size_buffer_read = 0;
618 auth_debug(1, _("tcpm_recv_token: read %zd bytes from %d\n"), *size, *handle);
620 if (*size > 0 && rc->driver->data_decrypt != NULL) {
623 rc->driver->data_decrypt(rc, *buf, *size, &decbuf, &decsize);
624 if (*buf != (char *)decbuf) {
626 *buf = (char *)decbuf;
635 tcpm_close_connection(
639 struct sec_handle *rh = h;
643 if (rh && rh->rc && rh->rc->read >= 0 && rh->rc->toclose == 0) {
645 sec_tcp_conn_put(rh->rc);
652 * Accept an incoming connection on a stream_server socket
653 * Nothing needed for tcpma.
659 (void)s; /* Quiet unused parameter warning */
665 * Return a connected stream. For sec, this means setup a stream
666 * with the supplied handle.
673 struct sec_handle *rh = h;
674 struct sec_stream *rs;
679 security_seterror(&rh->sech,
680 _("%d: invalid security stream id"), id);
684 rs = g_new0(struct sec_stream, 1);
685 security_streaminit(&rs->secstr, rh->sech.driver);
688 rs->closed_by_me = 0;
689 rs->closed_by_network = 0;
695 rs->rc = sec_tcp_conn_get(rh->hostname, 0);
696 rs->rc->driver = rh->sech.driver;
700 auth_debug(1, _("sec: stream_client: connected to stream %d\n"), id);
706 * Create the server end of a stream. For sec, this means setup a stream
707 * object and allocate a new handle for it.
713 struct sec_handle *rh = h;
714 struct sec_stream *rs;
718 rs = g_new0(struct sec_stream, 1);
719 security_streaminit(&rs->secstr, rh->sech.driver);
720 rs->closed_by_me = 0;
721 rs->closed_by_network = 0;
727 rs->rc = sec_tcp_conn_get(rh->hostname, 0);
728 rs->rc->driver = rh->sech.driver;
732 * Stream should already be setup!
734 if (rs->rc->read < 0) {
735 sec_tcp_conn_put(rs->rc);
737 security_seterror(&rh->sech, _("lost connection to %s"), rh->hostname);
740 assert(strcmp(rh->hostname, rs->rc->hostname) == 0);
742 * so as not to conflict with the amanda server's handle numbers,
743 * we start at 500000 and work down
745 rs->handle = 500000 - newhandle++;
747 auth_debug(1, _("sec: stream_server: created stream %d\n"), rs->handle);
752 * Close and unallocate resources for a stream.
758 struct sec_stream *rs = s;
763 auth_debug(1, _("sec: tcpma_stream_close: closing stream %d\n"), rs->handle);
765 if(rs->closed_by_network == 0 && rs->rc->write != -1)
766 tcpm_stream_write(rs, &buf, 0);
767 security_stream_read_cancel(&rs->secstr);
768 if(rs->closed_by_network == 0)
769 sec_tcp_conn_put(rs->rc);
770 amfree(((security_stream_t *)rs)->error);
775 * Create the server end of a stream. For bsdudp, this means setup a tcp
776 * socket for receiving a connection.
782 struct sec_stream *rs = NULL;
783 struct sec_handle *rh = h;
787 rs = g_new0(struct sec_stream, 1);
788 security_streaminit(&rs->secstr, rh->sech.driver);
789 rs->closed_by_me = 0;
790 rs->closed_by_network = 0;
793 rs->handle = 500000 - newhandle++;
795 rs->socket = 0; /* the socket is already opened */
798 rh->rc = sec_tcp_conn_get(rh->hostname, 1);
799 rh->rc->driver = rh->sech.driver;
801 rs->socket = stream_server(SU_GET_FAMILY(&rh->udp->peer), &rs->port,
802 STREAM_BUFSIZE, STREAM_BUFSIZE, 0);
803 if (rs->socket < 0) {
804 security_seterror(&rh->sech,
805 _("can't create server stream: %s"), strerror(errno));
809 rh->rc->read = rs->socket;
810 rh->rc->write = rs->socket;
811 rs->handle = (int)rs->port;
819 * Accepts a new connection on unconnected streams. Assumes it is ok to
826 struct sec_stream *bs = s;
829 assert(bs->socket != -1);
832 if (bs->socket > 0) {
833 bs->fd = stream_accept(bs->socket, 30, STREAM_BUFSIZE, STREAM_BUFSIZE);
835 security_stream_seterror(&bs->secstr,
836 _("can't accept new stream connection: %s"),
840 bs->rc->read = bs->fd;
841 bs->rc->write = bs->fd;
847 * Return a connected stream
854 struct sec_stream *rs = NULL;
855 struct sec_handle *rh = h;
859 rs = g_new0(struct sec_stream, 1);
860 security_streaminit(&rs->secstr, rh->sech.driver);
863 rs->closed_by_me = 0;
864 rs->closed_by_network = 0;
870 rh->rc = sec_tcp_conn_get(rh->hostname, 1);
871 rh->rc->driver = rh->sech.driver;
873 rh->rc->read = stream_client(rh->hostname, (in_port_t)id,
874 STREAM_BUFSIZE, STREAM_BUFSIZE, &rs->port, 0);
875 if (rh->rc->read < 0) {
876 security_seterror(&rh->sech,
877 _("can't connect stream to %s port %d: %s"),
878 rh->hostname, id, strerror(errno));
882 rh->rc->write = rh->rc->read;
884 rs->socket = -1; /* we're a client */
895 struct sec_stream *rs = s;
900 logtime = time(NULL);
901 if (rs && rs->rc && logtime > rs->rc->logstamp + 10) {
902 g_debug("tcp_stream_write: data is still flowing");
903 rs->rc->logstamp = logtime;
906 if (full_write(rs->fd, buf, size) < size) {
907 security_stream_seterror(&rs->secstr,
908 _("write error on stream %d: %s"), rs->port, strerror(errno));
919 struct sec_handle *rh = h;
923 if (pkt->type != P_REQ)
926 if ((pwd = getpwuid(geteuid())) == NULL) {
927 security_seterror(&rh->sech,
928 _("can't get login name for my uid %ld"),
932 buf = alloc(16+strlen(pwd->pw_name));
933 strncpy(buf, "SECURITY USER ", (16 + strlen(pwd->pw_name)));
934 strncpy(&buf[14], pwd->pw_name, (16 + strlen(pwd->pw_name) - 14));
935 buf[14 + strlen(pwd->pw_name)] = '\n';
936 buf[15 + strlen(pwd->pw_name)] = '\0';
943 * Check the security of a received packet. Returns negative on security
944 * violation, or returns 0 if ok. Removes the security info from the pkt_t.
947 bsd_recv_security_ok(
948 struct sec_handle * rh,
951 char *tok, *security, *body, *result;
952 char *service = NULL, *serviceX, *serviceY;
959 * Now, find the SECURITY line in the body, and parse it out
962 if (strncmp_const(pkt->body, "SECURITY ") == 0) {
963 security = pkt->body;
965 while(*security != '\n' && len < pkt->size) {
969 if(*security == '\n') {
972 security_line = stralloc(pkt->body);
973 security = pkt->body + strlen("SECURITY ");
976 security_line = NULL;
981 security_line = NULL;
986 * Now, find the SERVICE line in the body, and parse it out
990 if (strncmp_const_skip(s, "SERVICE ", s, ch) == 0) {
991 serviceX = stralloc(s);
992 serviceY = strtok(serviceX, "\n");
994 service = stralloc(serviceY);
999 * We need to do different things depending on which type of packet
1002 switch (pkt->type) {
1005 * Request packets must come from a reserved port
1007 port = SU_GET_PORT(&rh->peer);
1008 if (port >= IPPORT_RESERVED) {
1009 security_seterror(&rh->sech,
1010 _("host %s: port %u not secure"), rh->hostname,
1011 (unsigned int)port);
1013 amfree(security_line);
1018 security_seterror(&rh->sech,
1019 _("packet as no SERVICE line"));
1020 amfree(security_line);
1025 * Request packets contain a remote username. We need to check
1026 * that we allow it in.
1028 * They will look like:
1029 * SECURITY USER [username]
1032 /* there must be some security info */
1033 if (security == NULL) {
1034 security_seterror(&rh->sech,
1035 _("no bsd SECURITY for P_REQ"));
1040 /* second word must be USER */
1041 if ((tok = strtok(security, " ")) == NULL) {
1042 security_seterror(&rh->sech,
1043 _("SECURITY line: %s"), security_line);
1045 amfree(security_line);
1046 return (-1); /* default errmsg */
1048 if (strcmp(tok, "USER") != 0) {
1049 security_seterror(&rh->sech,
1050 _("REQ SECURITY line parse error, expecting USER, got %s"), tok);
1052 amfree(security_line);
1056 /* the third word is the username */
1057 if ((tok = strtok(NULL, "")) == NULL) {
1058 security_seterror(&rh->sech,
1059 _("SECURITY line: %s"), security_line);
1061 amfree(security_line);
1062 return (-1); /* default errmsg */
1064 if ((result = check_user(rh, tok, service)) != NULL) {
1065 security_seterror(&rh->sech, "%s", result);
1068 amfree(security_line);
1072 /* we're good to go */
1078 amfree(security_line);
1081 * If there is security info at the front of the packet, we need to
1082 * shift the rest of the data up and nuke it.
1084 if (body != pkt->body)
1085 memmove(pkt->body, body, strlen(body) + 1);
1090 * Transmit a packet. Add security information first.
1097 struct sec_handle *rh = cookie;
1101 assert(pkt != NULL);
1103 auth_debug(1, _("udpbsd_sendpkt: enter\n"));
1105 * Initialize this datagram, and add the header
1107 dgram_zero(&rh->udp->dgram);
1108 dgram_cat(&rh->udp->dgram, "%s", pkthdr2str(rh, pkt));
1111 * Add the security info. This depends on which kind of packet we're
1114 switch (pkt->type) {
1117 * Requests get sent with our username in the body
1119 if ((pwd = getpwuid(geteuid())) == NULL) {
1120 security_seterror(&rh->sech,
1121 _("can't get login name for my uid %ld"), (long)getuid());
1124 dgram_cat(&rh->udp->dgram, _("SECURITY USER %s\n"), pwd->pw_name);
1132 * Add the body, and send it
1134 dgram_cat(&rh->udp->dgram, "%s", pkt->body);
1137 _("sec: udpbsd_sendpkt: %s (%d) pkt_t (len %zu) contains:\n\n\"%s\"\n\n"),
1138 pkt_type2str(pkt->type), pkt->type, strlen(pkt->body), pkt->body);
1140 if (dgram_send_addr(&rh->peer, &rh->udp->dgram) != 0) {
1141 security_seterror(&rh->sech,
1142 _("send %s to %s failed: %s"), pkt_type2str(pkt->type),
1143 rh->hostname, strerror(errno));
1153 struct sec_handle *rh = cookie;
1155 if (rh->proto_handle == NULL) {
1159 auth_debug(1, _("udp: close handle '%s'\n"), rh->proto_handle);
1161 udp_recvpkt_cancel(rh);
1163 rh->next->prev = rh->prev;
1166 rh->udp->bh_last = rh->prev;
1169 rh->prev->next = rh->next;
1172 rh->udp->bh_first = rh->next;
1175 amfree(rh->proto_handle);
1176 amfree(rh->hostname);
1181 * Set up to receive a packet asynchronously, and call back when it has
1187 void (*fn)(void *, pkt_t *, security_status_t),
1191 struct sec_handle *rh = cookie;
1193 auth_debug(1, _("udp_recvpkt(cookie=%p, fn=%p, arg=%p, timeout=%u)\n"),
1194 cookie, fn, arg, timeout);
1200 * Subsequent recvpkt calls override previous ones
1202 if (rh->ev_read == NULL) {
1203 udp_addref(rh->udp, &udp_netfd_read_callback);
1204 rh->ev_read = event_register(rh->event_id, EV_WAIT,
1205 udp_recvpkt_callback, rh);
1207 if (rh->ev_timeout != NULL)
1208 event_release(rh->ev_timeout);
1210 rh->ev_timeout = NULL;
1212 rh->ev_timeout = event_register((event_id_t)timeout, EV_TIME,
1213 udp_recvpkt_timeout, rh);
1214 rh->fn.recvpkt = fn;
1219 * Remove a async receive request on this handle from the queue.
1220 * If it is the last one to be removed, then remove the event
1221 * handler for our network fd
1227 struct sec_handle *rh = cookie;
1231 if (rh->ev_read != NULL) {
1232 udp_delref(rh->udp);
1233 event_release(rh->ev_read);
1237 if (rh->ev_timeout != NULL) {
1238 event_release(rh->ev_timeout);
1239 rh->ev_timeout = NULL;
1244 * This is called when a handle is woken up because data read off of the
1248 udp_recvpkt_callback(
1251 struct sec_handle *rh = cookie;
1252 void (*fn)(void *, pkt_t *, security_status_t);
1255 auth_debug(1, _("udp: receive handle '%s' netfd '%s'\n"),
1256 rh->proto_handle, rh->udp->handle);
1259 /* if it doesn't correspond to this handle, something is wrong */
1260 assert(strcmp(rh->proto_handle, rh->udp->handle) == 0);
1262 /* if it didn't come from the same host/port, forget it */
1263 if (cmp_sockaddr(&rh->peer, &rh->udp->peer, 0) != 0) {
1264 amfree(rh->udp->handle);
1265 dbprintf(_("not from same host\n"));
1266 dump_sockaddr(&rh->peer);
1267 dump_sockaddr(&rh->udp->peer);
1272 * We need to cancel the recvpkt request before calling the callback
1273 * because the callback may reschedule us.
1275 fn = rh->fn.recvpkt;
1277 udp_recvpkt_cancel(rh);
1280 * Check the security of the packet. If it is bad, then pass NULL
1281 * to the packet handling function instead of a packet.
1283 if (rh->udp->recv_security_ok &&
1284 rh->udp->recv_security_ok(rh, &rh->udp->pkt) < 0) {
1285 (*fn)(arg, NULL, S_ERROR);
1287 (*fn)(arg, &rh->udp->pkt, S_OK);
1292 * This is called when a handle times out before receiving a packet.
1295 udp_recvpkt_timeout(
1298 struct sec_handle *rh = cookie;
1299 void (*fn)(void *, pkt_t *, security_status_t);
1304 assert(rh->ev_timeout != NULL);
1305 fn = rh->fn.recvpkt;
1307 udp_recvpkt_cancel(rh);
1308 (*fn)(arg, NULL, S_TIMEOUT);
1312 * Given a hostname and a port, setup a udp_handle
1317 struct sec_handle * rh,
1319 sockaddr_union *addr,
1325 * Save the hostname and port info
1327 auth_debug(1, _("udp_inithandle port %u handle %s sequence %d\n"),
1328 (unsigned int)ntohs(port), handle, sequence);
1329 assert(addr != NULL);
1331 rh->hostname = stralloc(hostname);
1332 copy_sockaddr(&rh->peer, addr);
1333 SU_SET_PORT(&rh->peer, port);
1336 rh->prev = udp->bh_last;
1338 rh->prev->next = rh;
1340 if (!udp->bh_first) {
1346 rh->sequence = sequence;
1347 rh->event_id = (event_id_t)newevent++;
1348 amfree(rh->proto_handle);
1349 rh->proto_handle = stralloc(handle);
1350 rh->fn.connect = NULL;
1353 rh->ev_timeout = NULL;
1355 auth_debug(1, _("udp: adding handle '%s'\n"), rh->proto_handle);
1362 * Callback for received packets. This is the function bsd_recvpkt
1363 * registers with the event handler. It is called when the event handler
1364 * realizes that data is waiting to be read on the network socket.
1367 udp_netfd_read_callback(
1370 struct udp_handle *udp = cookie;
1371 struct sec_handle *rh;
1373 char hostname[NI_MAXHOST];
1375 char *errmsg = NULL;
1378 auth_debug(1, _("udp_netfd_read_callback(cookie=%p)\n"), cookie);
1379 assert(udp != NULL);
1381 #ifndef TEST /* { */
1383 * Receive the packet.
1385 dgram_zero(&udp->dgram);
1386 if (dgram_recv(&udp->dgram, 0, &udp->peer) < 0)
1388 #endif /* !TEST */ /* } */
1393 if (str2pkthdr(udp) < 0)
1397 * If there are events waiting on this handle, we're done
1400 while(rh != NULL && (strcmp(rh->proto_handle, udp->handle) != 0 ||
1401 rh->sequence != udp->sequence ||
1402 cmp_sockaddr(&rh->peer, &udp->peer, 0) != 0)) {
1405 if (rh && event_wakeup(rh->event_id) > 0)
1409 * If we didn't find a handle, then check for a new incoming packet.
1410 * If no accept handler was setup, then just return.
1412 if (udp->accept_fn == NULL) {
1413 dbprintf(_("Receive packet from unknown source"));
1417 rh = g_new0(struct sec_handle, 1);
1418 rh->proto_handle=NULL;
1421 security_handleinit(&rh->sech, udp->driver);
1423 result = getnameinfo((struct sockaddr *)&udp->peer, SS_LEN(&udp->peer),
1424 hostname, sizeof(hostname), NULL, 0, 0);
1426 dbprintf("getnameinfo failed: %s\n",
1427 gai_strerror(result));
1428 security_seterror(&rh->sech, "getnameinfo failed: %s",
1429 gai_strerror(result));
1432 if (check_name_give_sockaddr(hostname,
1433 (struct sockaddr *)&udp->peer, &errmsg) < 0) {
1434 security_seterror(&rh->sech, "%s",errmsg);
1440 port = SU_GET_PORT(&udp->peer);
1441 a = udp_inithandle(udp, rh,
1448 auth_debug(1, _("bsd: closeX handle '%s'\n"), rh->proto_handle);
1454 * Check the security of the packet. If it is bad, then pass NULL
1455 * to the accept function instead of a packet.
1457 if (rh->udp->recv_security_ok(rh, &udp->pkt) < 0)
1458 (*udp->accept_fn)(&rh->sech, NULL);
1460 (*udp->accept_fn)(&rh->sech, &udp->pkt);
1464 * Locate an existing connection to the given host, or create a new,
1465 * unconnected entry if none exists. The caller is expected to check
1466 * for the lack of a connection (rc->read == -1) and set one up.
1470 const char *hostname,
1474 struct tcp_conn *rc = NULL;
1476 auth_debug(1, _("sec_tcp_conn_get: %s\n"), hostname);
1478 if (want_new == 0) {
1479 for (iter = connq; iter != NULL; iter = iter->next) {
1480 rc = (struct tcp_conn *)iter->data;
1481 if (strcasecmp(hostname, rc->hostname) == 0)
1488 _("sec_tcp_conn_get: exists, refcnt to %s is now %d\n"),
1489 rc->hostname, rc->refcnt);
1494 auth_debug(1, _("sec_tcp_conn_get: creating new handle\n"));
1496 * We can't be creating a new handle if we are the client
1498 rc = g_new0(struct tcp_conn, 1);
1499 rc->read = rc->write = -1;
1505 strncpy(rc->hostname, hostname, SIZEOF(rc->hostname) - 1);
1506 rc->hostname[SIZEOF(rc->hostname) - 1] = '\0';
1511 rc->accept_fn = NULL;
1512 rc->recv_security_ok = NULL;
1513 rc->prefix_packet = NULL;
1517 rc->event_id = newevent++;
1518 connq = g_slist_append(connq, rc);
1523 * Delete a reference to a connection, and close it if it is the last
1528 struct tcp_conn * rc)
1532 assert(rc->refcnt > 0);
1534 auth_debug(1, _("sec_tcp_conn_put: decrementing refcnt for %s to %d\n"),
1535 rc->hostname, rc->refcnt);
1536 if (rc->refcnt > 0) {
1539 auth_debug(1, _("sec_tcp_conn_put: closing connection to %s\n"), rc->hostname);
1542 if (rc->write != -1)
1544 if (rc->pid != -1) {
1545 waitpid(rc->pid, &status, WNOHANG);
1547 if (rc->ev_read != NULL)
1548 event_release(rc->ev_read);
1549 if (rc->errmsg != NULL)
1551 connq = g_slist_remove(connq, rc);
1553 if(!rc->donotclose) {
1555 /* a memory leak occurs, but freeing it lead to memory
1556 * corruption because it can still be used.
1557 * We need to find a good place to free 'rc'.
1563 * Turn on read events for a conn. Or, increase a ev_read_refcnt if we are
1564 * already receiving read events.
1568 struct tcp_conn * rc)
1570 assert (rc != NULL);
1572 if (rc->ev_read != NULL) {
1573 rc->ev_read_refcnt++;
1575 _("sec: conn_read: incremented ev_read_refcnt to %d for %s\n"),
1576 rc->ev_read_refcnt, rc->hostname);
1579 auth_debug(1, _("sec: conn_read registering event handler for %s\n"),
1581 rc->ev_read = event_register((event_id_t)rc->read, EV_READFD,
1582 sec_tcp_conn_read_callback, rc);
1583 rc->ev_read_refcnt = 1;
1587 sec_tcp_conn_read_cancel(
1588 struct tcp_conn * rc)
1591 --rc->ev_read_refcnt;
1593 _("sec: conn_read_cancel: decremented ev_read_refcnt to %d for %s\n"),
1594 rc->ev_read_refcnt, rc->hostname);
1595 if (rc->ev_read_refcnt > 0) {
1599 _("sec: conn_read_cancel: releasing event handler for %s\n"),
1601 event_release(rc->ev_read);
1606 * This is called when a handle is woken up because data read off of the
1616 struct sec_handle *rh = cookie;
1620 auth_debug(1, _("sec: recvpkt_callback: %zd\n"), bufsize);
1622 * We need to cancel the recvpkt request before calling
1623 * the callback because the callback may reschedule us.
1625 stream_recvpkt_cancel(rh);
1629 security_seterror(&rh->sech,
1630 _("EOF on read from %s"), rh->hostname);
1631 (*rh->fn.recvpkt)(rh->arg, NULL, S_ERROR);
1634 security_seterror(&rh->sech, "%s", security_stream_geterror(&rh->rs->secstr));
1635 (*rh->fn.recvpkt)(rh->arg, NULL, S_ERROR);
1641 parse_pkt(&pkt, buf, (size_t)bufsize);
1643 _("sec: received %s packet (%d) from %s, contains:\n\n\"%s\"\n\n"),
1644 pkt_type2str(pkt.type), pkt.type,
1645 rh->hostname, pkt.body);
1646 if (rh->rc->recv_security_ok && (rh->rc->recv_security_ok)(rh, &pkt) < 0)
1647 (*rh->fn.recvpkt)(rh->arg, NULL, S_ERROR);
1649 (*rh->fn.recvpkt)(rh->arg, &pkt, S_OK);
1654 * Callback for tcpm_stream_read_sync
1657 stream_read_sync_callback(
1660 struct sec_stream *rs = s;
1663 auth_debug(1, _("sec: stream_read_callback_sync: handle %d\n"), rs->handle);
1666 * Make sure this was for us. If it was, then blow away the handle
1667 * so it doesn't get claimed twice. Otherwise, leave it alone.
1669 * If the handle is EOF, pass that up to our callback.
1671 if (rs->rc->handle == rs->handle) {
1672 auth_debug(1, _("sec: stream_read_callback_sync: it was for us\n"));
1673 rs->rc->handle = H_TAKEN;
1674 } else if (rs->rc->handle != H_EOF) {
1675 auth_debug(1, _("sec: stream_read_callback_sync: not for us\n"));
1680 * Remove the event first, and then call the callback.
1681 * We remove it first because we don't want to get in their
1682 * way if they reschedule it.
1684 tcpm_stream_read_cancel(rs);
1686 sync_pktlen = rs->rc->pktlen;
1687 sync_pkt = malloc(sync_pktlen);
1688 memcpy(sync_pkt, rs->rc->pkt, sync_pktlen);
1690 if (rs->rc->pktlen <= 0) {
1691 auth_debug(1, _("sec: stream_read_sync_callback: %s\n"), rs->rc->errmsg);
1692 security_stream_seterror(&rs->secstr, "%s", rs->rc->errmsg);
1693 if(rs->closed_by_me == 0 && rs->closed_by_network == 0)
1694 sec_tcp_conn_put(rs->rc);
1695 rs->closed_by_network = 1;
1699 _("sec: stream_read_callback_sync: read %zd bytes from %s:%d\n"),
1700 rs->rc->pktlen, rs->rc->hostname, rs->handle);
1704 * Callback for tcpm_stream_read
1707 stream_read_callback(
1710 struct sec_stream *rs = arg;
1715 logtime = time(NULL);
1716 if (rs && rs->rc && logtime > rs->rc->logstamp + 10) {
1717 g_debug("stream_read_callback: data is still flowing");
1718 rs->rc->logstamp = logtime;
1720 auth_debug(1, _("sec: stream_read_callback: handle %d\n"), rs->handle);
1723 * Make sure this was for us. If it was, then blow away the handle
1724 * so it doesn't get claimed twice. Otherwise, leave it alone.
1726 * If the handle is EOF, pass that up to our callback.
1728 if (rs->rc->handle == rs->handle) {
1729 auth_debug(1, _("sec: stream_read_callback: it was for us\n"));
1730 rs->rc->handle = H_TAKEN;
1731 } else if (rs->rc->handle != H_EOF) {
1732 auth_debug(1, _("sec: stream_read_callback: not for us\n"));
1737 * Remove the event first, and then call the callback.
1738 * We remove it first because we don't want to get in their
1739 * way if they reschedule it.
1741 tcpm_stream_read_cancel(rs);
1743 if (rs->rc->pktlen <= 0) {
1744 auth_debug(1, _("sec: stream_read_callback: %s\n"), rs->rc->errmsg);
1745 security_stream_seterror(&rs->secstr, "%s", rs->rc->errmsg);
1746 if(rs->closed_by_me == 0 && rs->closed_by_network == 0)
1747 sec_tcp_conn_put(rs->rc);
1748 rs->closed_by_network = 1;
1749 (*rs->fn)(rs->arg, NULL, rs->rc->pktlen);
1752 auth_debug(1, _("sec: stream_read_callback: read %zd bytes from %s:%d\n"),
1753 rs->rc->pktlen, rs->rc->hostname, rs->handle);
1754 (*rs->fn)(rs->arg, rs->rc->pkt, rs->rc->pktlen);
1755 auth_debug(1, _("sec: after callback stream_read_callback\n"));
1759 * The callback for the netfd for the event handler
1760 * Determines if this packet is for this security handle,
1761 * and does the real callback if so.
1764 sec_tcp_conn_read_callback(
1767 struct tcp_conn * rc = cookie;
1768 struct sec_handle * rh;
1773 assert(cookie != NULL);
1775 auth_debug(1, _("sec: conn_read_callback\n"));
1777 /* Read the data off the wire. If we get errors, shut down. */
1778 rval = tcpm_recv_token(rc, rc->read, &rc->handle, &rc->errmsg, &rc->pkt,
1780 auth_debug(1, _("sec: conn_read_callback: tcpm_recv_token returned %zd\n"),
1787 if (rval < 0 || rc->handle == H_EOF) {
1790 revent = event_wakeup((event_id_t)rc->event_id);
1791 auth_debug(1, _("sec: conn_read_callback: event_wakeup return %d\n"),
1793 /* delete our 'accept' reference */
1794 if (rc->accept_fn != NULL) {
1795 if(rc->refcnt != 1) {
1796 dbprintf(_("STRANGE, rc->refcnt should be 1, it is %d\n"),
1800 rc->accept_fn = NULL;
1801 sec_tcp_conn_put(rc);
1808 revent = event_wakeup((event_id_t)rc->event_id);
1810 _("sec: conn_read_callback: event_wakeup return %d\n"), revent);
1814 /* If there are events waiting on this handle, we're done */
1816 revent = event_wakeup((event_id_t)rc->event_id);
1817 auth_debug(1, _("sec: conn_read_callback: event_wakeup return %d\n"), revent);
1819 if (rc->handle == H_TAKEN || rc->pktlen == 0) {
1820 if(rc->refcnt == 0) amfree(rc);
1824 assert(rc->refcnt > 0);
1826 /* If there is no accept fn registered, then drop the packet */
1827 if (rc->accept_fn == NULL) {
1829 _("sec: conn_read_callback: %zd bytes for handle %d went unclaimed!"),
1830 rc->pktlen, rc->handle);
1834 rh = g_new0(struct sec_handle, 1);
1835 security_handleinit(&rh->sech, rc->driver);
1836 rh->hostname = stralloc(rc->hostname);
1837 rh->ev_timeout = NULL;
1839 rh->peer = rc->peer;
1840 rh->rs = tcpma_stream_client(rh, rc->handle);
1842 auth_debug(1, _("sec: new connection\n"));
1844 parse_pkt(&pkt, rc->pkt, (size_t)rc->pktlen);
1845 auth_debug(1, _("sec: calling accept_fn\n"));
1846 if (rh->rc->recv_security_ok && (rh->rc->recv_security_ok)(rh, &pkt) < 0)
1847 (*rc->accept_fn)(&rh->sech, NULL);
1849 (*rc->accept_fn)(&rh->sech, &pkt);
1859 const unsigned char *bufp = buf;
1861 auth_debug(1, _("sec: parse_pkt: parsing buffer of %zu bytes\n"), bufsize);
1863 pkt->type = (pktype_t)*bufp++;
1866 pkt->packet_size = bufsize+1;
1867 pkt->body = alloc(pkt->packet_size);
1869 pkt->body[0] = '\0';
1871 memcpy(pkt->body, bufp, bufsize);
1872 pkt->body[pkt->packet_size - 1] = '\0';
1874 pkt->size = strlen(pkt->body);
1876 auth_debug(1, _("sec: parse_pkt: %s (%d): \"%s\"\n"), pkt_type2str(pkt->type),
1877 pkt->type, pkt->body);
1881 * Convert a packet header into a string
1885 const struct sec_handle * rh,
1888 static char retbuf[256];
1891 assert(pkt != NULL);
1893 g_snprintf(retbuf, SIZEOF(retbuf), _("Amanda %d.%d %s HANDLE %s SEQ %d\n"),
1894 VERSION_MAJOR, VERSION_MINOR, pkt_type2str(pkt->type),
1895 rh->proto_handle, rh->sequence);
1897 auth_debug(1, _("bsd: pkthdr2str handle '%s'\n"), rh->proto_handle);
1899 /* check for truncation. If only we had asprintf()... */
1900 assert(retbuf[strlen(retbuf) - 1] == '\n');
1906 * Parses out the header line in 'str' into the pkt and handle
1907 * Returns negative on parse error.
1919 assert(udp->dgram.cur != NULL);
1920 str = stralloc(udp->dgram.cur);
1922 /* "Amanda %d.%d <ACK,NAK,...> HANDLE %s SEQ %d\n" */
1924 /* Read in "Amanda" */
1925 if ((tok = strtok(str, " ")) == NULL || strcmp(tok, "Amanda") != 0)
1928 /* nothing is done with the major/minor numbers currently */
1929 if ((tok = strtok(NULL, " ")) == NULL || strchr(tok, '.') == NULL)
1932 /* Read in the packet type */
1933 if ((tok = strtok(NULL, " ")) == NULL)
1936 pkt_init_empty(pkt, pkt_str2type(tok));
1937 if (pkt->type == (pktype_t)-1)
1940 /* Read in "HANDLE" */
1941 if ((tok = strtok(NULL, " ")) == NULL || strcmp(tok, "HANDLE") != 0)
1944 /* parse the handle */
1945 if ((tok = strtok(NULL, " ")) == NULL)
1947 amfree(udp->handle);
1948 udp->handle = stralloc(tok);
1951 if ((tok = strtok(NULL, " ")) == NULL || strcmp(tok, "SEQ") != 0)
1954 /* parse the sequence number */
1955 if ((tok = strtok(NULL, "\n")) == NULL)
1957 udp->sequence = atoi(tok);
1959 /* Save the body, if any */
1960 if ((tok = strtok(NULL, "")) != NULL)
1961 pkt_cat(pkt, "%s", tok);
1967 #if 0 /* XXX we have no way of passing this back up */
1968 security_seterror(&rh->sech,
1969 "parse error in packet header : '%s'", origstr);
1977 struct sec_handle * rh,
1978 const char * remoteuser,
1979 const char * service)
1983 char *result = NULL;
1984 char *localuser = NULL;
1986 /* lookup our local user name */
1987 if ((pwd = getpwnam(CLIENT_LOGIN)) == NULL) {
1988 return vstrallocf(_("getpwnam(%s) failed."), CLIENT_LOGIN);
1992 * Make a copy of the user name in case getpw* is called by
1993 * any of the lower level routines.
1995 localuser = stralloc(pwd->pw_name);
1997 #ifndef USE_AMANDAHOSTS
1998 r = check_user_ruserok(rh->hostname, pwd, remoteuser);
2000 r = check_user_amandahosts(rh->hostname, &rh->peer, pwd, remoteuser, service);
2003 result = vstrallocf(
2004 _("user %s from %s is not allowed to execute the service %s: %s"),
2005 remoteuser, rh->hostname, service, r);
2013 * See if a remote user is allowed in. This version uses ruserok()
2016 * Returns NULL on success, or error message on error.
2021 struct passwd * pwd,
2022 const char * remoteuser)
2033 uid_t myuid = getuid();
2036 * note that some versions of ruserok (eg SunOS 3.2) look in
2037 * "./.rhosts" rather than "~CLIENT_LOGIN/.rhosts", so we have to
2038 * chdir ourselves. Sigh.
2040 * And, believe it or not, some ruserok()'s try an initgroup just
2041 * for the hell of it. Since we probably aren't root at this point
2042 * it'll fail, and initgroup "helpfully" will blatt "Setgroups: Not owner"
2043 * into our stderr output even though the initgroup failure is not a
2044 * problem and is expected. Thanks a lot. Not.
2046 if (pipe(fd) != 0) {
2047 return stralloc2(_("pipe() fails: "), strerror(errno));
2049 if ((ruserok_pid = fork()) < 0) {
2050 return stralloc2(_("fork() fails: "), strerror(errno));
2051 } else if (ruserok_pid == 0) {
2055 fError = fdopen(fd[1], "w");
2057 error(_("Can't fdopen: %s"), strerror(errno));
2060 /* pamper braindead ruserok's */
2061 if (chdir(pwd->pw_dir) != 0) {
2062 g_fprintf(fError, _("chdir(%s) failed: %s"),
2063 pwd->pw_dir, strerror(errno));
2068 if (debug_auth >= 9) {
2069 char *dir = stralloc(pwd->pw_dir);
2071 auth_debug(9, _("bsd: calling ruserok(%s, %d, %s, %s)\n"), host,
2072 ((myuid == 0) ? 1 : 0), remoteuser, pwd->pw_name);
2074 auth_debug(9, _("bsd: because you are running as root, "));
2075 auth_debug(9, _("/etc/hosts.equiv will not be used\n"));
2077 show_stat_info("/etc/hosts.equiv", NULL);
2079 show_stat_info(dir, "/.rhosts");
2083 saved_stderr = dup(2);
2085 if (open("/dev/null", O_RDWR) == -1) {
2086 auth_debug(1, _("Could not open /dev/null: %s\n"), strerror(errno));
2089 ok = ruserok(host, myuid == 0, remoteuser, CLIENT_LOGIN);
2096 (void)dup2(saved_stderr,2);
2097 close(saved_stderr);
2101 fError = fdopen(fd[0], "r");
2103 error(_("Can't fdopen: %s"), strerror(errno));
2108 while ((es = agets(fError)) != NULL) {
2113 if (result == NULL) {
2114 result = stralloc("");
2116 strappend(result, ": ");
2118 strappend(result, es);
2123 pid = wait(&exitcode);
2124 while (pid != ruserok_pid) {
2125 if ((pid == (pid_t) -1) && (errno != EINTR)) {
2127 return vstrallocf(_("ruserok wait failed: %s"), strerror(errno));
2129 pid = wait(&exitcode);
2131 if (!WIFEXITED(exitcode) || WEXITSTATUS(exitcode) != 0) {
2133 result = str_exit_status("ruserok child", exitcode);
2142 * Check to see if a user is allowed in. This version uses .amandahosts
2143 * Returns an error message on failure, or NULL on success.
2146 check_user_amandahosts(
2148 sockaddr_union *addr,
2149 struct passwd * pwd,
2150 const char * remoteuser,
2151 const char * service)
2155 const char *fileuser;
2157 char *result = NULL;
2163 char *aservice = NULL;
2165 char ipstr[INET6_ADDRSTRLEN];
2167 char ipstr[INET_ADDRSTRLEN];
2170 auth_debug(1, _("check_user_amandahosts(host=%s, pwd=%p, "
2171 "remoteuser=%s, service=%s)\n"),
2172 host, pwd, remoteuser, service);
2174 ptmp = stralloc2(pwd->pw_dir, "/.amandahosts");
2175 if (debug_auth >= 9) {
2176 show_stat_info(ptmp, "");;
2178 if ((fp = fopen(ptmp, "r")) == NULL) {
2179 result = vstrallocf(_("cannot open %s: %s"), ptmp, strerror(errno));
2185 * Make sure the file is owned by the Amanda user and does not
2186 * have any group/other access allowed.
2188 if (fstat(fileno(fp), &sbuf) != 0) {
2189 result = vstrallocf(_("cannot fstat %s: %s"), ptmp, strerror(errno));
2192 if (sbuf.st_uid != pwd->pw_uid) {
2193 result = vstrallocf(_("%s: owned by id %ld, should be %ld"),
2194 ptmp, (long)sbuf.st_uid, (long)pwd->pw_uid);
2197 if ((sbuf.st_mode & 077) != 0) {
2198 result = vstrallocf(_("%s: incorrect permissions; file must be accessible only by its owner"), ptmp);
2203 * Now, scan the file for the host/user/service.
2206 while ((line = agets(fp)) != NULL) {
2212 auth_debug(9, _("bsd: processing line: <%s>\n"), line);
2213 /* get the host out of the file */
2214 if ((filehost = strtok(line, " \t")) == NULL) {
2219 /* get the username. If no user specified, then use the local user */
2220 if ((fileuser = strtok(NULL, " \t")) == NULL) {
2221 fileuser = pwd->pw_name;
2224 hostmatch = (strcasecmp(filehost, host) == 0);
2225 /* ok if addr=127.0.0.1 and
2226 * either localhost or localhost.domain is in .amandahost */
2228 (strcasecmp(filehost, "localhost")== 0 ||
2229 strcasecmp(filehost, "localhost.localdomain")== 0)) {
2231 if (SU_GET_FAMILY(addr) == (sa_family_t)AF_INET6)
2232 inet_ntop(AF_INET6, &addr->sin6.sin6_addr,
2233 ipstr, sizeof(ipstr));
2236 inet_ntop(AF_INET, &addr->sin.sin_addr,
2237 ipstr, sizeof(ipstr));
2238 if (strcmp(ipstr, "127.0.0.1") == 0 ||
2239 strcmp(ipstr, "::1") == 0)
2242 usermatch = (strcasecmp(fileuser, remoteuser) == 0);
2243 auth_debug(9, _("bsd: comparing \"%s\" with\n"), filehost);
2244 auth_debug(9, _("bsd: \"%s\" (%s)\n"), host,
2245 hostmatch ? _("match") : _("no match"));
2246 auth_debug(9, _("bsd: and \"%s\" with\n"), fileuser);
2247 auth_debug(9, _("bsd: \"%s\" (%s)\n"), remoteuser,
2248 usermatch ? _("match") : _("no match"));
2250 if (!hostmatch || !usermatch) {
2262 /* get the services. If no service specified, then use
2263 * noop/selfcheck/sendsize/sendbackup
2265 aservice = strtok(NULL, " \t,");
2267 if (strcmp(service,"noop") == 0 ||
2268 strcmp(service,"selfcheck") == 0 ||
2269 strcmp(service,"sendsize") == 0 ||
2270 strcmp(service,"sendbackup") == 0) {
2283 if (strcmp(aservice,service) == 0) {
2287 if (strcmp(aservice, "amdump") == 0 &&
2288 (strcmp(service, "noop") == 0 ||
2289 strcmp(service, "selfcheck") == 0 ||
2290 strcmp(service, "sendsize") == 0 ||
2291 strcmp(service, "sendbackup") == 0)) {
2295 } while((aservice = strtok(NULL, " \t,")) != NULL);
2297 if (aservice && strcmp(aservice, service) == 0) {
2306 if (strcmp(service, "amindexd") == 0 ||
2307 strcmp(service, "amidxtaped") == 0) {
2308 result = vstrallocf(_("Please add the line \"%s %s amindexd amidxtaped\" to %s on the server"), host, remoteuser, ptmp);
2309 } else if (strcmp(service, "amdump") == 0 ||
2310 strcmp(service, "noop") == 0 ||
2311 strcmp(service, "selfcheck") == 0 ||
2312 strcmp(service, "sendsize") == 0 ||
2313 strcmp(service, "sendbackup") == 0) {
2314 result = vstrallocf(_("Please add the line \"%s %s amdump\" to %s on the client"), host, remoteuser, ptmp);
2316 result = vstrallocf(_("%s: invalid service %s"), ptmp, service);
2328 /* return 1 on success, 0 on failure */
2331 sockaddr_union *addr,
2333 unsigned long cksum,
2336 char * remotehost = NULL, *remoteuser = NULL;
2337 char * bad_bsd = NULL;
2338 struct passwd * pwptr;
2343 char hostname[NI_MAXHOST];
2347 (void)cksum; /* Quiet unused parameter warning */
2350 _("check_security(addr=%p, str='%s', cksum=%lu, errstr=%p\n"),
2351 addr, str, cksum, errstr);
2352 dump_sockaddr(addr);
2356 /* what host is making the request? */
2357 if ((result = getnameinfo((struct sockaddr *)addr, SS_LEN(addr),
2358 hostname, NI_MAXHOST, NULL, 0, 0)) != 0) {
2359 dbprintf(_("getnameinfo failed: %s\n"),
2360 gai_strerror(result));
2361 *errstr = vstralloc("[", "addr ", str_sockaddr(addr), ": ",
2362 "getnameinfo failed: ", gai_strerror(result),
2366 remotehost = stralloc(hostname);
2367 if( check_name_give_sockaddr(hostname,
2368 (struct sockaddr *)addr, errstr) < 0) {
2374 /* next, make sure the remote port is a "reserved" one */
2375 port = SU_GET_PORT(addr);
2376 if (port >= IPPORT_RESERVED) {
2377 *errstr = vstrallocf(_("[host %s: port %u not secure]"),
2378 remotehost, (unsigned int)port);
2383 /* extract the remote user name from the message */
2388 bad_bsd = vstrallocf(_("[host %s: bad bsd security line]"), remotehost);
2390 if (strncmp_const_skip(s - 1, "USER ", s, ch) != 0) {
2397 skip_whitespace(s, ch);
2405 skip_non_whitespace(s, ch);
2407 remoteuser = stralloc(fp);
2411 /* lookup our local user name */
2414 if ((pwptr = getpwuid(myuid)) == NULL)
2415 error(_("error [getpwuid(%d) fails]"), (int)myuid);
2417 auth_debug(1, _("bsd security: remote host %s user %s local user %s\n"),
2418 remotehost, remoteuser, pwptr->pw_name);
2420 #ifndef USE_AMANDAHOSTS
2421 s = check_user_ruserok(remotehost, pwptr, remoteuser);
2423 s = check_user_amandahosts(remotehost, addr, pwptr, remoteuser, NULL);
2427 *errstr = vstrallocf(_("[access as %s not allowed from %s@%s: %s]"),
2428 pwptr->pw_name, remoteuser, remotehost, s);
2433 return *errstr == NULL;
2437 * Like read(), but waits until the entire buffer has been filled.
2446 char *buf = vbuf; /* ptr arith */
2448 size_t size = origsize;
2450 auth_debug(1, _("net_read: begin %zu\n"), origsize);
2453 auth_debug(1, _("net_read: while %zu\n"), size);
2454 nread = net_read_fillbuf(fd, timeout, buf, size);
2456 auth_debug(1, _("db: net_read: end return(-1)\n"));
2460 auth_debug(1, _("net_read: end return(0)\n"));
2466 auth_debug(1, _("net_read: end %zu\n"), origsize);
2467 return ((ssize_t)origsize);
2471 * net_read likes to do a lot of little reads. Buffer it.
2480 SELECT_ARG_TYPE readfds;
2484 auth_debug(1, _("net_read_fillbuf: begin\n"));
2486 FD_SET(fd, &readfds);
2487 tv.tv_sec = timeout;
2489 switch (select(fd + 1, &readfds, NULL, NULL, &tv)) {
2494 auth_debug(1, _("net_read_fillbuf: case -1\n"));
2497 auth_debug(1, _("net_read_fillbuf: case 1\n"));
2498 assert(FD_ISSET(fd, &readfds));
2501 auth_debug(1, _("net_read_fillbuf: case default\n"));
2505 nread = read(fd, buf, size);
2508 auth_debug(1, _("net_read_fillbuf: end %zd\n"), nread);
2514 * Display stat() information about a file.
2522 char *name = vstralloc(a, b, NULL);
2524 struct passwd *pwptr G_GNUC_UNUSED;
2525 struct passwd pw G_GNUC_UNUSED;
2527 struct group *grptr G_GNUC_UNUSED;
2528 struct group gr G_GNUC_UNUSED;
2530 int buflen G_GNUC_UNUSED;
2531 char *buf G_GNUC_UNUSED;
2533 if (stat(name, &sbuf) != 0) {
2534 auth_debug(1, _("bsd: cannot stat %s: %s\n"), name, strerror(errno));
2539 #ifdef _SC_GETPW_R_SIZE_MAX
2540 buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
2546 buf = malloc(buflen);
2548 #ifdef HAVE_GETPWUID_R
2549 if (getpwuid_r(sbuf.st_uid, &pw, buf, buflen, &pwptr) == 0 &&
2551 owner = stralloc(pwptr->pw_name);
2555 owner = alloc(NUM_STR_SIZE + 1);
2556 g_snprintf(owner, NUM_STR_SIZE, "%ld", (long)sbuf.st_uid);
2558 #ifdef HAVE_GETGRGID_R
2559 if (getgrgid_r(sbuf.st_gid, &gr, buf, buflen, &grptr) == 0 &&
2561 group = stralloc(grptr->gr_name);
2565 group = alloc(NUM_STR_SIZE + 1);
2566 g_snprintf(group, NUM_STR_SIZE, "%ld", (long)sbuf.st_gid);
2569 auth_debug(1, _("bsd: processing file: %s\n"), name);
2570 auth_debug(1, _("bsd: owner=%s group=%s mode=%03o\n"),
2572 (int) (sbuf.st_mode & 0777));
2580 check_name_give_sockaddr(
2581 const char *hostname,
2582 struct sockaddr *addr,
2586 struct addrinfo *res = NULL, *res1;
2589 result = resolve_hostname(hostname, 0, &res, &canonname);
2591 dbprintf(_("check_name_give_sockaddr: resolve_hostname('%s'): %s\n"), hostname, gai_strerror(result));
2592 *errstr = newvstrallocf(*errstr,
2593 _("check_name_give_sockaddr: resolve_hostname('%s'): %s"),
2594 hostname, gai_strerror(result));
2597 if (canonname == NULL) {
2598 dbprintf(_("resolve_hostname('%s') did not return a canonical name\n"), hostname);
2599 *errstr = newvstrallocf(*errstr,
2600 _("check_name_give_sockaddr: resolve_hostname('%s') did not return a canonical name"),
2605 if (strncasecmp(hostname, canonname, strlen(hostname)) != 0) {
2606 dbprintf(_("%s doesn't resolve to itself, it resolves to %s\n"),
2607 hostname, canonname);
2608 *errstr = newvstrallocf(*errstr,
2609 _("%s doesn't resolve to itself, it resolves to %s"),
2610 hostname, canonname);
2614 for(res1=res; res1 != NULL; res1 = res1->ai_next) {
2615 if (cmp_sockaddr((sockaddr_union *)res1->ai_addr, (sockaddr_union *)addr, 1) == 0) {
2622 g_debug("%s doesn't resolve to %s",
2623 hostname, str_sockaddr((sockaddr_union *)addr));
2624 *errstr = newvstrallocf(*errstr,
2625 "%s doesn't resolve to %s",
2626 hostname, str_sockaddr((sockaddr_union *)addr));
2628 if (res) freeaddrinfo(res);
2634 find_port_for_service(
2640 int all_numeric = 1;
2642 for (s=service; *s != '\0'; s++) {
2643 if (!isdigit((int)*s)) {
2648 if (all_numeric == 1) {
2649 port = atoi(service);
2653 if ((sp = getservbyname(service, proto)) == NULL) {
2656 port = (in_port_t)(ntohs((in_port_t)sp->s_port));
2664 sec_get_authenticated_peer_name_gethostname(
2665 security_handle_t *hdl G_GNUC_UNUSED)
2667 char *server_hostname;
2668 server_hostname = malloc(1024);
2669 if (gethostname(server_hostname, 1024) == 0) {
2670 server_hostname[1023] = '\0';
2671 return server_hostname;
2673 amfree(server_hostname);
2678 sec_get_authenticated_peer_name_hostname(
2679 security_handle_t *hdl)
2681 char *hostname = ((struct sec_handle *)hdl)->hostname;