2 * Amanda, The Advanced Maryland Automatic Network Disk Archiver
3 * Copyright (c) 1999 University of Maryland
6 * Permission to use, copy, modify, distribute, and sell this software and its
7 * documentation for any purpose is hereby granted without fee, provided that
8 * the above copyright notice appear in all copies and that both that
9 * copyright notice and this permission notice appear in supporting
10 * documentation, and that the name of U.M. not be used in advertising or
11 * publicity pertaining to distribution of the software without specific,
12 * written prior permission. U.M. makes no representations about the
13 * suitability of this software for any purpose. It is provided "as is"
14 * without express or implied warranty.
16 * U.M. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL U.M.
18 * BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
19 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
20 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
21 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
23 * Authors: the Amanda Development Team. Its members are listed in a
24 * file named AUTHORS, in the root directory of this distribution.
28 * $Id: security-util.c,v 1.25 2006/07/22 12:04:47 martinea Exp $
30 * sec-security.c - security and transport over sec or a sec-like command.
32 * XXX still need to check for initial keyword on connect so we can skip
33 * over shell garbage and other stuff that sec might want to spew out.
41 #include "security-util.h"
43 #include "sockaddr-util.h"
46 * Magic values for sec_conn->handle
48 #define H_TAKEN -1 /* sec_conn->tok was already read */
49 #define H_EOF -2 /* this connection has been shut down */
52 * This is a queue of open connections
55 static int newhandle = 1;
56 static int newevent = 1;
61 static void recvpkt_callback(void *, void *, ssize_t);
62 static void stream_read_callback(void *);
63 static void stream_read_sync_callback(void *);
65 static void sec_tcp_conn_read_cancel(struct tcp_conn *);
66 static void sec_tcp_conn_read_callback(void *);
70 * Authenticate a stream
71 * Nothing needed for sec. The connection is authenticated by secd
78 (void)s; /* Quiet unused parameter warning */
83 * Returns the stream id for this stream. This is just the local
90 struct sec_stream *rs = s;
98 * Setup to handle new incoming connections
102 const security_driver_t *driver,
103 char *(*conf_fn)(char *, void *),
106 void (*fn)(security_handle_t *, pkt_t *),
111 rc = sec_tcp_conn_get("unknown",0);
116 rc->conf_fn = conf_fn;
118 sec_tcp_conn_read(rc);
122 * frees a handle allocated by the above
128 struct sec_handle *rh = inst;
132 auth_debug(1, _("sec: closing handle to %s\n"), rh->hostname);
134 if (rh->rs != NULL) {
135 /* This may be null if we get here on an error */
136 stream_recvpkt_cancel(rh);
137 security_stream_close(&rh->rs->secstr);
139 /* keep us from getting here again */
140 rh->sech.driver = NULL;
141 amfree(rh->hostname);
146 * Called when a sec connection is finished connecting and is ready
147 * to be authenticated.
150 sec_connect_callback(
153 struct sec_handle *rh = cookie;
155 event_release(rh->rs->ev_read);
156 rh->rs->ev_read = NULL;
157 event_release(rh->ev_timeout);
158 rh->ev_timeout = NULL;
160 (*rh->fn.connect)(rh->arg, &rh->sech, S_OK);
164 * Called if a connection times out before completion.
170 struct sec_handle *rh = cookie;
172 event_release(rh->rs->ev_read);
173 rh->rs->ev_read = NULL;
174 event_release(rh->ev_timeout);
175 rh->ev_timeout = NULL;
177 (*rh->fn.connect)(rh->arg, &rh->sech, S_TIMEOUT);
181 sec_close_connection_none(
202 struct sec_handle *rh = cookie;
209 auth_debug(1, _("sec: stream_sendpkt: enter\n"));
211 if (rh->rc->prefix_packet)
212 s = rh->rc->prefix_packet(rh, pkt);
215 len = strlen(pkt->body) + strlen(s) + 2;
217 buf[0] = (char)pkt->type;
218 strncpy(&buf[1], s, len - 1);
219 strncpy(&buf[1 + strlen(s)], pkt->body, (len - strlen(s) - 1));
224 _("sec: stream_sendpkt: %s (%d) pkt_t (len %zu) contains:\n\n\"%s\"\n\n"),
225 pkt_type2str(pkt->type), pkt->type, strlen(pkt->body), pkt->body);
227 if (security_stream_write(&rh->rs->secstr, buf, len) < 0) {
228 security_seterror(&rh->sech, "%s", security_stream_geterror(&rh->rs->secstr));
237 * Set up to receive a packet asyncronously, and call back when
243 void (*fn)(void *, pkt_t *, security_status_t),
247 struct sec_handle *rh = cookie;
251 auth_debug(1, _("sec: recvpkt registered for %s\n"), rh->hostname);
254 * Reset any pending timeout on this handle
256 if (rh->ev_timeout != NULL)
257 event_release(rh->ev_timeout);
260 * Negative timeouts mean no timeout
263 rh->ev_timeout = NULL;
265 rh->ev_timeout = event_register((event_id_t)timeout, EV_TIME,
266 stream_recvpkt_timeout, rh);
270 security_stream_read(&rh->rs->secstr, recvpkt_callback, rh);
274 * This is called when a handle times out before receiving a packet.
277 stream_recvpkt_timeout(
280 struct sec_handle *rh = cookie;
284 auth_debug(1, _("sec: recvpkt timeout for %s\n"), rh->hostname);
286 stream_recvpkt_cancel(rh);
287 (*rh->fn.recvpkt)(rh->arg, NULL, S_TIMEOUT);
291 * Remove a async receive request from the queue
294 stream_recvpkt_cancel(
297 struct sec_handle *rh = cookie;
299 auth_debug(1, _("sec: cancelling recvpkt for %s\n"), rh->hostname);
303 security_stream_read_cancel(&rh->rs->secstr);
304 if (rh->ev_timeout != NULL) {
305 event_release(rh->ev_timeout);
306 rh->ev_timeout = NULL;
311 * Write a chunk of data to a stream. Blocks until completion.
319 struct sec_stream *rs = s;
322 assert(rs->rc != NULL);
324 auth_debug(1, _("sec: stream_write: writing %zu bytes to %s:%d %d\n"),
325 size, rs->rc->hostname, rs->handle,
328 if (tcpm_send_token(rs->rc, rs->rc->write, rs->handle, &rs->rc->errmsg,
330 security_stream_seterror(&rs->secstr, "%s", rs->rc->errmsg);
337 * Submit a request to read some data. Calls back with the given
338 * function and arg when completed.
343 void (*fn)(void *, void *, ssize_t),
346 struct sec_stream *rs = s;
351 * Only one read request can be active per stream.
353 if (rs->ev_read == NULL) {
354 rs->ev_read = event_register((event_id_t)rs->rc->event_id, EV_WAIT,
355 stream_read_callback, rs);
356 sec_tcp_conn_read(rs->rc);
362 /* buffer for tcpm_stream_read_sync function */
363 static ssize_t sync_pktlen;
364 static void *sync_pkt;
367 * Write a chunk of data to a stream. Blocks until completion.
370 tcpm_stream_read_sync(
374 struct sec_stream *rs = s;
379 * Only one read request can be active per stream.
381 if (rs->ev_read != NULL) {
386 rs->ev_read = event_register((event_id_t)rs->rc->event_id, EV_WAIT,
387 stream_read_sync_callback, rs);
388 sec_tcp_conn_read(rs->rc);
389 event_wait(rs->ev_read);
390 /* Can't use rs or rc, they can be freed */
392 return (sync_pktlen);
396 * Cancel a previous stream read request. It's ok if we didn't have a read
400 tcpm_stream_read_cancel(
403 struct sec_stream *rs = s;
407 if (rs->ev_read != NULL) {
408 event_release(rs->ev_read);
410 sec_tcp_conn_read_cancel(rs->rc);
415 * Transmits a chunk of data over a rsh_handle, adding
416 * the necessary headers to allow the remote end to decode it.
436 assert(SIZEOF(netlength) == 4);
438 auth_debug(1, "tcpm_send_token: write %zd bytes to handle %d\n",
442 * 32 bit length (network byte order)
443 * 32 bit handle (network byte order)
446 netlength = htonl(len);
447 iov[0].iov_base = (void *)&netlength;
448 iov[0].iov_len = SIZEOF(netlength);
450 nethandle = htonl((guint32)handle);
451 iov[1].iov_base = (void *)&nethandle;
452 iov[1].iov_len = SIZEOF(nethandle);
454 encbuf = (char *)buf;
461 if (rc->driver->data_encrypt == NULL) {
462 iov[2].iov_base = (void *)buf;
463 iov[2].iov_len = len;
465 /* (the extra (void *) cast is to quiet type-punning warnings) */
466 rc->driver->data_encrypt(rc, (void *)buf, len, (void **)(void *)&encbuf, &encsize);
467 iov[2].iov_base = (void *)encbuf;
468 iov[2].iov_len = encsize;
469 netlength = htonl(encsize);
474 rval = full_writev(fd, iov, nb_iov);
476 if (len != 0 && rc->driver->data_encrypt != NULL && buf != encbuf) {
482 *errmsg = newvstrallocf(*errmsg, _("write error to: %s"),
483 strerror(save_errno));
491 * return 0 on EOF: *handle = H_EOF && *size = 0 if socket closed
492 * return 0 on EOF: *handle = handle && *size = 0 if stream closed
493 * return size : *handle = handle && *size = size for data read
506 unsigned int netint[2];
508 assert(SIZEOF(netint) == 8);
510 switch (net_read(fd, &netint, SIZEOF(netint), timeout)) {
513 *errmsg = newvstrallocf(*errmsg, _("recv error: %s"), strerror(errno));
514 auth_debug(1, _("tcpm_recv_token: A return(-1)\n"));
519 *errmsg = newvstrallocf(*errmsg, _("SOCKET_EOF"));
520 auth_debug(1, _("tcpm_recv_token: A return(0)\n"));
526 *size = (ssize_t)ntohl(netint[0]);
527 *handle = (int)ntohl(netint[1]);
528 /* amanda protocol packet can be above NETWORK_BLOCK_BYTES */
529 if (*size > 128*NETWORK_BLOCK_BYTES || *size < 0) {
530 if (isprint((int)(*size ) & 0xFF) &&
531 isprint((int)(*size >> 8 ) & 0xFF) &&
532 isprint((int)(*size >> 16) & 0xFF) &&
533 isprint((int)(*size >> 24) & 0xFF) &&
534 isprint((*handle ) & 0xFF) &&
535 isprint((*handle >> 8 ) & 0xFF) &&
536 isprint((*handle >> 16) & 0xFF) &&
537 isprint((*handle >> 24) & 0xFF)) {
540 s[0] = ((int)(*size) >> 24) & 0xFF;
541 s[1] = ((int)(*size) >> 16) & 0xFF;
542 s[2] = ((int)(*size) >> 8) & 0xFF;
543 s[3] = ((int)(*size) ) & 0xFF;
544 s[4] = (*handle >> 24) & 0xFF;
545 s[5] = (*handle >> 16) & 0xFF;
546 s[6] = (*handle >> 8 ) & 0xFF;
547 s[7] = (*handle ) & 0xFF;
549 while(i<100 && isprint((int)s[i]) && s[i] != '\n') {
550 switch(net_read(fd, &s[i], 1, 0)) {
551 case -1: s[i] = '\0'; break;
552 case 0: s[i] = '\0'; break;
554 dbprintf(_("read: %c\n"), s[i]); i++; s[i]=' ';
559 *errmsg = newvstrallocf(*errmsg, _("tcpm_recv_token: invalid size: %s"), s);
560 dbprintf(_("tcpm_recv_token: invalid size %s\n"), s);
562 *errmsg = newvstrallocf(*errmsg, _("tcpm_recv_token: invalid size"));
563 dbprintf(_("tcpm_recv_token: invalid size %zd\n"), *size);
569 *buf = alloc((size_t)*size);
572 auth_debug(1, _("tcpm_recv_token: read EOF from %d\n"), *handle);
573 *errmsg = newvstrallocf(*errmsg, _("EOF"));
576 switch (net_read(fd, *buf, (size_t)*size, timeout)) {
579 *errmsg = newvstrallocf(*errmsg, _("recv error: %s"), strerror(errno));
580 auth_debug(1, _("tcpm_recv_token: B return(-1)\n"));
584 *errmsg = newvstrallocf(*errmsg, _("SOCKET_EOF"));
585 auth_debug(1, _("tcpm_recv_token: B return(0)\n"));
591 auth_debug(1, _("tcpm_recv_token: read %zd bytes from %d\n"), *size, *handle);
593 if (*size > 0 && rc->driver->data_decrypt != NULL) {
596 rc->driver->data_decrypt(rc, *buf, *size, &decbuf, &decsize);
597 if (*buf != (char *)decbuf) {
599 *buf = (char *)decbuf;
608 tcpm_close_connection(
612 struct sec_handle *rh = h;
616 if (rh && rh->rc && rh->rc->read >= 0 && rh->rc->toclose == 0) {
618 sec_tcp_conn_put(rh->rc);
625 * Accept an incoming connection on a stream_server socket
626 * Nothing needed for tcpma.
632 (void)s; /* Quiet unused parameter warning */
638 * Return a connected stream. For sec, this means setup a stream
639 * with the supplied handle.
646 struct sec_handle *rh = h;
647 struct sec_stream *rs;
652 security_seterror(&rh->sech,
653 _("%d: invalid security stream id"), id);
657 rs = alloc(SIZEOF(*rs));
658 security_streaminit(&rs->secstr, rh->sech.driver);
661 rs->closed_by_me = 0;
662 rs->closed_by_network = 0;
668 rs->rc = sec_tcp_conn_get(rh->hostname, 0);
669 rs->rc->driver = rh->sech.driver;
673 auth_debug(1, _("sec: stream_client: connected to stream %d\n"), id);
679 * Create the server end of a stream. For sec, this means setup a stream
680 * object and allocate a new handle for it.
686 struct sec_handle *rh = h;
687 struct sec_stream *rs;
691 rs = alloc(SIZEOF(*rs));
692 security_streaminit(&rs->secstr, rh->sech.driver);
693 rs->closed_by_me = 0;
694 rs->closed_by_network = 0;
700 rs->rc = sec_tcp_conn_get(rh->hostname, 0);
701 rs->rc->driver = rh->sech.driver;
705 * Stream should already be setup!
707 if (rs->rc->read < 0) {
708 sec_tcp_conn_put(rs->rc);
710 security_seterror(&rh->sech, _("lost connection to %s"), rh->hostname);
713 assert(strcmp(rh->hostname, rs->rc->hostname) == 0);
715 * so as not to conflict with the amanda server's handle numbers,
716 * we start at 500000 and work down
718 rs->handle = 500000 - newhandle++;
720 auth_debug(1, _("sec: stream_server: created stream %d\n"), rs->handle);
725 * Close and unallocate resources for a stream.
731 struct sec_stream *rs = s;
736 auth_debug(1, _("sec: tcpma_stream_close: closing stream %d\n"), rs->handle);
738 if(rs->closed_by_network == 0 && rs->rc->write != -1)
739 tcpm_stream_write(rs, &buf, 0);
740 security_stream_read_cancel(&rs->secstr);
741 if(rs->closed_by_network == 0)
742 sec_tcp_conn_put(rs->rc);
747 * Create the server end of a stream. For bsdudp, this means setup a tcp
748 * socket for receiving a connection.
754 struct sec_stream *rs = NULL;
755 struct sec_handle *rh = h;
759 rs = alloc(SIZEOF(*rs));
760 security_streaminit(&rs->secstr, rh->sech.driver);
761 rs->closed_by_me = 0;
762 rs->closed_by_network = 0;
765 rs->handle = 500000 - newhandle++;
767 rs->socket = 0; /* the socket is already opened */
770 rh->rc = sec_tcp_conn_get(rh->hostname, 1);
771 rh->rc->driver = rh->sech.driver;
773 rs->socket = stream_server(SU_GET_FAMILY(&rh->udp->peer), &rs->port,
774 STREAM_BUFSIZE, STREAM_BUFSIZE, 0);
775 if (rs->socket < 0) {
776 security_seterror(&rh->sech,
777 _("can't create server stream: %s"), strerror(errno));
781 rh->rc->read = rs->socket;
782 rh->rc->write = rs->socket;
783 rs->handle = (int)rs->port;
791 * Accepts a new connection on unconnected streams. Assumes it is ok to
798 struct sec_stream *bs = s;
801 assert(bs->socket != -1);
804 if (bs->socket > 0) {
805 bs->fd = stream_accept(bs->socket, 30, STREAM_BUFSIZE, STREAM_BUFSIZE);
807 security_stream_seterror(&bs->secstr,
808 _("can't accept new stream connection: %s"),
812 bs->rc->read = bs->fd;
813 bs->rc->write = bs->fd;
819 * Return a connected stream
826 struct sec_stream *rs = NULL;
827 struct sec_handle *rh = h;
831 rs = alloc(SIZEOF(*rs));
832 security_streaminit(&rs->secstr, rh->sech.driver);
835 rs->closed_by_me = 0;
836 rs->closed_by_network = 0;
842 rh->rc = sec_tcp_conn_get(rh->hostname, 1);
843 rh->rc->driver = rh->sech.driver;
845 rh->rc->read = stream_client(rh->hostname, (in_port_t)id,
846 STREAM_BUFSIZE, STREAM_BUFSIZE, &rs->port, 0);
847 if (rh->rc->read < 0) {
848 security_seterror(&rh->sech,
849 _("can't connect stream to %s port %d: %s"),
850 rh->hostname, id, strerror(errno));
854 rh->rc->write = rh->rc->read;
856 rs->socket = -1; /* we're a client */
867 struct sec_stream *rs = s;
871 if (full_write(rs->fd, buf, size) < size) {
872 security_stream_seterror(&rs->secstr,
873 _("write error on stream %d: %s"), rs->port, strerror(errno));
884 struct sec_handle *rh = h;
888 if (pkt->type != P_REQ)
891 if ((pwd = getpwuid(geteuid())) == NULL) {
892 security_seterror(&rh->sech,
893 _("can't get login name for my uid %ld"),
897 buf = alloc(16+strlen(pwd->pw_name));
898 strncpy(buf, "SECURITY USER ", (16 + strlen(pwd->pw_name)));
899 strncpy(&buf[14], pwd->pw_name, (16 + strlen(pwd->pw_name) - 14));
900 buf[14 + strlen(pwd->pw_name)] = '\n';
901 buf[15 + strlen(pwd->pw_name)] = '\0';
908 * Check the security of a received packet. Returns negative on security
909 * violation, or returns 0 if ok. Removes the security info from the pkt_t.
912 bsd_recv_security_ok(
913 struct sec_handle * rh,
916 char *tok, *security, *body, *result;
917 char *service = NULL, *serviceX, *serviceY;
924 * Now, find the SECURITY line in the body, and parse it out
927 if (strncmp_const(pkt->body, "SECURITY ") == 0) {
928 security = pkt->body;
930 while(*security != '\n' && len < pkt->size) {
934 if(*security == '\n') {
937 security_line = stralloc(pkt->body);
938 security = pkt->body + strlen("SECURITY ");
941 security_line = NULL;
946 security_line = NULL;
951 * Now, find the SERVICE line in the body, and parse it out
955 if (strncmp_const_skip(s, "SERVICE ", s, ch) == 0) {
956 serviceX = stralloc(s);
957 serviceY = strtok(serviceX, "\n");
959 service = stralloc(serviceY);
964 * We need to do different things depending on which type of packet
970 * Request packets must come from a reserved port
972 port = SU_GET_PORT(&rh->peer);
973 if (port >= IPPORT_RESERVED) {
974 security_seterror(&rh->sech,
975 _("host %s: port %u not secure"), rh->hostname,
978 amfree(security_line);
983 security_seterror(&rh->sech,
984 _("packet as no SERVICE line"));
985 amfree(security_line);
990 * Request packets contain a remote username. We need to check
991 * that we allow it in.
993 * They will look like:
994 * SECURITY USER [username]
997 /* there must be some security info */
998 if (security == NULL) {
999 security_seterror(&rh->sech,
1000 _("no bsd SECURITY for P_REQ"));
1005 /* second word must be USER */
1006 if ((tok = strtok(security, " ")) == NULL) {
1007 security_seterror(&rh->sech,
1008 _("SECURITY line: %s"), security_line);
1010 amfree(security_line);
1011 return (-1); /* default errmsg */
1013 if (strcmp(tok, "USER") != 0) {
1014 security_seterror(&rh->sech,
1015 _("REQ SECURITY line parse error, expecting USER, got %s"), tok);
1017 amfree(security_line);
1021 /* the third word is the username */
1022 if ((tok = strtok(NULL, "")) == NULL) {
1023 security_seterror(&rh->sech,
1024 _("SECURITY line: %s"), security_line);
1026 amfree(security_line);
1027 return (-1); /* default errmsg */
1029 if ((result = check_user(rh, tok, service)) != NULL) {
1030 security_seterror(&rh->sech, "%s", result);
1033 amfree(security_line);
1037 /* we're good to go */
1043 amfree(security_line);
1046 * If there is security info at the front of the packet, we need to
1047 * shift the rest of the data up and nuke it.
1049 if (body != pkt->body)
1050 memmove(pkt->body, body, strlen(body) + 1);
1055 * Transmit a packet. Add security information first.
1062 struct sec_handle *rh = cookie;
1066 assert(pkt != NULL);
1068 auth_debug(1, _("udpbsd_sendpkt: enter\n"));
1070 * Initialize this datagram, and add the header
1072 dgram_zero(&rh->udp->dgram);
1073 dgram_cat(&rh->udp->dgram, "%s", pkthdr2str(rh, pkt));
1076 * Add the security info. This depends on which kind of packet we're
1079 switch (pkt->type) {
1082 * Requests get sent with our username in the body
1084 if ((pwd = getpwuid(geteuid())) == NULL) {
1085 security_seterror(&rh->sech,
1086 _("can't get login name for my uid %ld"), (long)getuid());
1089 dgram_cat(&rh->udp->dgram, _("SECURITY USER %s\n"), pwd->pw_name);
1097 * Add the body, and send it
1099 dgram_cat(&rh->udp->dgram, "%s", pkt->body);
1102 _("sec: udpbsd_sendpkt: %s (%d) pkt_t (len %zu) contains:\n\n\"%s\"\n\n"),
1103 pkt_type2str(pkt->type), pkt->type, strlen(pkt->body), pkt->body);
1105 if (dgram_send_addr(&rh->peer, &rh->udp->dgram) != 0) {
1106 security_seterror(&rh->sech,
1107 _("send %s to %s failed: %s"), pkt_type2str(pkt->type),
1108 rh->hostname, strerror(errno));
1118 struct sec_handle *rh = cookie;
1120 if (rh->proto_handle == NULL) {
1124 auth_debug(1, _("udp: close handle '%s'\n"), rh->proto_handle);
1126 udp_recvpkt_cancel(rh);
1128 rh->next->prev = rh->prev;
1131 rh->udp->bh_last = rh->prev;
1134 rh->prev->next = rh->next;
1137 rh->udp->bh_first = rh->next;
1140 amfree(rh->proto_handle);
1141 amfree(rh->hostname);
1146 * Set up to receive a packet asynchronously, and call back when it has
1152 void (*fn)(void *, pkt_t *, security_status_t),
1156 struct sec_handle *rh = cookie;
1158 auth_debug(1, _("udp_recvpkt(cookie=%p, fn=%p, arg=%p, timeout=%u)\n"),
1159 cookie, fn, arg, timeout);
1165 * Subsequent recvpkt calls override previous ones
1167 if (rh->ev_read == NULL) {
1168 udp_addref(rh->udp, &udp_netfd_read_callback);
1169 rh->ev_read = event_register(rh->event_id, EV_WAIT,
1170 udp_recvpkt_callback, rh);
1172 if (rh->ev_timeout != NULL)
1173 event_release(rh->ev_timeout);
1175 rh->ev_timeout = NULL;
1177 rh->ev_timeout = event_register((event_id_t)timeout, EV_TIME,
1178 udp_recvpkt_timeout, rh);
1179 rh->fn.recvpkt = fn;
1184 * Remove a async receive request on this handle from the queue.
1185 * If it is the last one to be removed, then remove the event
1186 * handler for our network fd
1192 struct sec_handle *rh = cookie;
1196 if (rh->ev_read != NULL) {
1197 udp_delref(rh->udp);
1198 event_release(rh->ev_read);
1202 if (rh->ev_timeout != NULL) {
1203 event_release(rh->ev_timeout);
1204 rh->ev_timeout = NULL;
1209 * This is called when a handle is woken up because data read off of the
1213 udp_recvpkt_callback(
1216 struct sec_handle *rh = cookie;
1217 void (*fn)(void *, pkt_t *, security_status_t);
1220 auth_debug(1, _("udp: receive handle '%s' netfd '%s'\n"),
1221 rh->proto_handle, rh->udp->handle);
1224 /* if it doesn't correspond to this handle, something is wrong */
1225 assert(strcmp(rh->proto_handle, rh->udp->handle) == 0);
1227 /* if it didn't come from the same host/port, forget it */
1228 if (cmp_sockaddr(&rh->peer, &rh->udp->peer, 0) != 0) {
1229 amfree(rh->udp->handle);
1230 dbprintf(_("not from same host\n"));
1231 dump_sockaddr(&rh->peer);
1232 dump_sockaddr(&rh->udp->peer);
1237 * We need to cancel the recvpkt request before calling the callback
1238 * because the callback may reschedule us.
1240 fn = rh->fn.recvpkt;
1242 udp_recvpkt_cancel(rh);
1245 * Check the security of the packet. If it is bad, then pass NULL
1246 * to the packet handling function instead of a packet.
1248 if (rh->udp->recv_security_ok &&
1249 rh->udp->recv_security_ok(rh, &rh->udp->pkt) < 0) {
1250 (*fn)(arg, NULL, S_ERROR);
1252 (*fn)(arg, &rh->udp->pkt, S_OK);
1257 * This is called when a handle times out before receiving a packet.
1260 udp_recvpkt_timeout(
1263 struct sec_handle *rh = cookie;
1264 void (*fn)(void *, pkt_t *, security_status_t);
1269 assert(rh->ev_timeout != NULL);
1270 fn = rh->fn.recvpkt;
1272 udp_recvpkt_cancel(rh);
1273 (*fn)(arg, NULL, S_TIMEOUT);
1277 * Given a hostname and a port, setup a udp_handle
1282 struct sec_handle * rh,
1284 sockaddr_union *addr,
1290 * Save the hostname and port info
1292 auth_debug(1, _("udp_inithandle port %u handle %s sequence %d\n"),
1293 (unsigned int)ntohs(port), handle, sequence);
1294 assert(addr != NULL);
1296 rh->hostname = stralloc(hostname);
1297 copy_sockaddr(&rh->peer, addr);
1298 SU_SET_PORT(&rh->peer, port);
1301 rh->prev = udp->bh_last;
1303 rh->prev->next = rh;
1305 if (!udp->bh_first) {
1311 rh->sequence = sequence;
1312 rh->event_id = (event_id_t)newevent++;
1313 amfree(rh->proto_handle);
1314 rh->proto_handle = stralloc(handle);
1315 rh->fn.connect = NULL;
1318 rh->ev_timeout = NULL;
1320 auth_debug(1, _("udp: adding handle '%s'\n"), rh->proto_handle);
1327 * Callback for received packets. This is the function bsd_recvpkt
1328 * registers with the event handler. It is called when the event handler
1329 * realizes that data is waiting to be read on the network socket.
1332 udp_netfd_read_callback(
1335 struct udp_handle *udp = cookie;
1336 struct sec_handle *rh;
1338 char hostname[NI_MAXHOST];
1340 char *errmsg = NULL;
1343 auth_debug(1, _("udp_netfd_read_callback(cookie=%p)\n"), cookie);
1344 assert(udp != NULL);
1346 #ifndef TEST /* { */
1348 * Receive the packet.
1350 dgram_zero(&udp->dgram);
1351 if (dgram_recv(&udp->dgram, 0, &udp->peer) < 0)
1353 #endif /* !TEST */ /* } */
1358 if (str2pkthdr(udp) < 0)
1362 * If there are events waiting on this handle, we're done
1365 while(rh != NULL && (strcmp(rh->proto_handle, udp->handle) != 0 ||
1366 rh->sequence != udp->sequence ||
1367 cmp_sockaddr(&rh->peer, &udp->peer, 0) != 0)) {
1370 if (rh && event_wakeup(rh->event_id) > 0)
1374 * If we didn't find a handle, then check for a new incoming packet.
1375 * If no accept handler was setup, then just return.
1377 if (udp->accept_fn == NULL) {
1378 dbprintf(_("Receive packet from unknown source"));
1382 rh = alloc(SIZEOF(*rh));
1383 rh->proto_handle=NULL;
1386 security_handleinit(&rh->sech, udp->driver);
1388 result = getnameinfo((struct sockaddr *)&udp->peer, SS_LEN(&udp->peer),
1389 hostname, sizeof(hostname), NULL, 0, 0);
1391 dbprintf("getnameinfo failed: %s\n",
1392 gai_strerror(result));
1393 security_seterror(&rh->sech, "getnameinfo failed: %s",
1394 gai_strerror(result));
1397 if (check_name_give_sockaddr(hostname,
1398 (struct sockaddr *)&udp->peer, &errmsg) < 0) {
1399 security_seterror(&rh->sech, "%s",errmsg);
1405 port = SU_GET_PORT(&udp->peer);
1406 a = udp_inithandle(udp, rh,
1413 auth_debug(1, _("bsd: closeX handle '%s'\n"), rh->proto_handle);
1419 * Check the security of the packet. If it is bad, then pass NULL
1420 * to the accept function instead of a packet.
1422 if (rh->udp->recv_security_ok(rh, &udp->pkt) < 0)
1423 (*udp->accept_fn)(&rh->sech, NULL);
1425 (*udp->accept_fn)(&rh->sech, &udp->pkt);
1429 * Locate an existing connection to the given host, or create a new,
1430 * unconnected entry if none exists. The caller is expected to check
1431 * for the lack of a connection (rc->read == -1) and set one up.
1435 const char *hostname,
1439 struct tcp_conn *rc = NULL;
1441 auth_debug(1, _("sec_tcp_conn_get: %s\n"), hostname);
1443 if (want_new == 0) {
1444 for (iter = connq; iter != NULL; iter = iter->next) {
1445 rc = (struct tcp_conn *)iter->data;
1446 if (strcasecmp(hostname, rc->hostname) == 0)
1453 _("sec_tcp_conn_get: exists, refcnt to %s is now %d\n"),
1454 rc->hostname, rc->refcnt);
1459 auth_debug(1, _("sec_tcp_conn_get: creating new handle\n"));
1461 * We can't be creating a new handle if we are the client
1463 rc = alloc(SIZEOF(*rc));
1464 rc->read = rc->write = -1;
1470 strncpy(rc->hostname, hostname, SIZEOF(rc->hostname) - 1);
1471 rc->hostname[SIZEOF(rc->hostname) - 1] = '\0';
1476 rc->accept_fn = NULL;
1477 rc->recv_security_ok = NULL;
1478 rc->prefix_packet = NULL;
1482 rc->event_id = newevent++;
1483 connq = g_slist_append(connq, rc);
1488 * Delete a reference to a connection, and close it if it is the last
1493 struct tcp_conn * rc)
1497 assert(rc->refcnt > 0);
1499 auth_debug(1, _("sec_tcp_conn_put: decrementing refcnt for %s to %d\n"),
1500 rc->hostname, rc->refcnt);
1501 if (rc->refcnt > 0) {
1504 auth_debug(1, _("sec_tcp_conn_put: closing connection to %s\n"), rc->hostname);
1507 if (rc->write != -1)
1509 if (rc->pid != -1) {
1510 waitpid(rc->pid, &status, WNOHANG);
1512 if (rc->ev_read != NULL)
1513 event_release(rc->ev_read);
1514 if (rc->errmsg != NULL)
1516 connq = g_slist_remove(connq, rc);
1518 if(!rc->donotclose) {
1520 /* a memory leak occurs, but freeing it lead to memory
1521 * corruption because it can still be used.
1522 * We need to find a good place to free 'rc'.
1528 * Turn on read events for a conn. Or, increase a ev_read_refcnt if we are
1529 * already receiving read events.
1533 struct tcp_conn * rc)
1535 assert (rc != NULL);
1537 if (rc->ev_read != NULL) {
1538 rc->ev_read_refcnt++;
1540 _("sec: conn_read: incremented ev_read_refcnt to %d for %s\n"),
1541 rc->ev_read_refcnt, rc->hostname);
1544 auth_debug(1, _("sec: conn_read registering event handler for %s\n"),
1546 rc->ev_read = event_register((event_id_t)rc->read, EV_READFD,
1547 sec_tcp_conn_read_callback, rc);
1548 rc->ev_read_refcnt = 1;
1552 sec_tcp_conn_read_cancel(
1553 struct tcp_conn * rc)
1556 --rc->ev_read_refcnt;
1558 _("sec: conn_read_cancel: decremented ev_read_refcnt to %d for %s\n"),
1559 rc->ev_read_refcnt, rc->hostname);
1560 if (rc->ev_read_refcnt > 0) {
1564 _("sec: conn_read_cancel: releasing event handler for %s\n"),
1566 event_release(rc->ev_read);
1571 * This is called when a handle is woken up because data read off of the
1581 struct sec_handle *rh = cookie;
1585 auth_debug(1, _("sec: recvpkt_callback: %zd\n"), bufsize);
1587 * We need to cancel the recvpkt request before calling
1588 * the callback because the callback may reschedule us.
1590 stream_recvpkt_cancel(rh);
1594 security_seterror(&rh->sech,
1595 _("EOF on read from %s"), rh->hostname);
1596 (*rh->fn.recvpkt)(rh->arg, NULL, S_ERROR);
1599 security_seterror(&rh->sech, "%s", security_stream_geterror(&rh->rs->secstr));
1600 (*rh->fn.recvpkt)(rh->arg, NULL, S_ERROR);
1606 parse_pkt(&pkt, buf, (size_t)bufsize);
1608 _("sec: received %s packet (%d) from %s, contains:\n\n\"%s\"\n\n"),
1609 pkt_type2str(pkt.type), pkt.type,
1610 rh->hostname, pkt.body);
1611 if (rh->rc->recv_security_ok && (rh->rc->recv_security_ok)(rh, &pkt) < 0)
1612 (*rh->fn.recvpkt)(rh->arg, NULL, S_ERROR);
1614 (*rh->fn.recvpkt)(rh->arg, &pkt, S_OK);
1619 * Callback for tcpm_stream_read_sync
1622 stream_read_sync_callback(
1625 struct sec_stream *rs = s;
1628 auth_debug(1, _("sec: stream_read_callback_sync: handle %d\n"), rs->handle);
1631 * Make sure this was for us. If it was, then blow away the handle
1632 * so it doesn't get claimed twice. Otherwise, leave it alone.
1634 * If the handle is EOF, pass that up to our callback.
1636 if (rs->rc->handle == rs->handle) {
1637 auth_debug(1, _("sec: stream_read_callback_sync: it was for us\n"));
1638 rs->rc->handle = H_TAKEN;
1639 } else if (rs->rc->handle != H_EOF) {
1640 auth_debug(1, _("sec: stream_read_callback_sync: not for us\n"));
1645 * Remove the event first, and then call the callback.
1646 * We remove it first because we don't want to get in their
1647 * way if they reschedule it.
1649 tcpm_stream_read_cancel(rs);
1651 sync_pktlen = rs->rc->pktlen;
1652 sync_pkt = malloc(sync_pktlen);
1653 memcpy(sync_pkt, rs->rc->pkt, sync_pktlen);
1655 if (rs->rc->pktlen <= 0) {
1656 auth_debug(1, _("sec: stream_read_sync_callback: %s\n"), rs->rc->errmsg);
1657 security_stream_seterror(&rs->secstr, "%s", rs->rc->errmsg);
1658 if(rs->closed_by_me == 0 && rs->closed_by_network == 0)
1659 sec_tcp_conn_put(rs->rc);
1660 rs->closed_by_network = 1;
1664 _("sec: stream_read_callback_sync: read %zd bytes from %s:%d\n"),
1665 rs->rc->pktlen, rs->rc->hostname, rs->handle);
1669 * Callback for tcpm_stream_read
1672 stream_read_callback(
1675 struct sec_stream *rs = arg;
1678 auth_debug(1, _("sec: stream_read_callback: handle %d\n"), rs->handle);
1681 * Make sure this was for us. If it was, then blow away the handle
1682 * so it doesn't get claimed twice. Otherwise, leave it alone.
1684 * If the handle is EOF, pass that up to our callback.
1686 if (rs->rc->handle == rs->handle) {
1687 auth_debug(1, _("sec: stream_read_callback: it was for us\n"));
1688 rs->rc->handle = H_TAKEN;
1689 } else if (rs->rc->handle != H_EOF) {
1690 auth_debug(1, _("sec: stream_read_callback: not for us\n"));
1695 * Remove the event first, and then call the callback.
1696 * We remove it first because we don't want to get in their
1697 * way if they reschedule it.
1699 tcpm_stream_read_cancel(rs);
1701 if (rs->rc->pktlen <= 0) {
1702 auth_debug(1, _("sec: stream_read_callback: %s\n"), rs->rc->errmsg);
1703 security_stream_seterror(&rs->secstr, "%s", rs->rc->errmsg);
1704 if(rs->closed_by_me == 0 && rs->closed_by_network == 0)
1705 sec_tcp_conn_put(rs->rc);
1706 rs->closed_by_network = 1;
1707 (*rs->fn)(rs->arg, NULL, rs->rc->pktlen);
1710 auth_debug(1, _("sec: stream_read_callback: read %zd bytes from %s:%d\n"),
1711 rs->rc->pktlen, rs->rc->hostname, rs->handle);
1712 (*rs->fn)(rs->arg, rs->rc->pkt, rs->rc->pktlen);
1713 auth_debug(1, _("sec: after callback stream_read_callback\n"));
1717 * The callback for the netfd for the event handler
1718 * Determines if this packet is for this security handle,
1719 * and does the real callback if so.
1722 sec_tcp_conn_read_callback(
1725 struct tcp_conn * rc = cookie;
1726 struct sec_handle * rh;
1731 assert(cookie != NULL);
1733 auth_debug(1, _("sec: conn_read_callback\n"));
1735 /* Read the data off the wire. If we get errors, shut down. */
1736 rval = tcpm_recv_token(rc, rc->read, &rc->handle, &rc->errmsg, &rc->pkt,
1738 auth_debug(1, _("sec: conn_read_callback: tcpm_recv_token returned %zd\n"),
1740 if (rval < 0 || rc->handle == H_EOF) {
1743 revent = event_wakeup((event_id_t)rc->event_id);
1744 auth_debug(1, _("sec: conn_read_callback: event_wakeup return %d\n"),
1746 /* delete our 'accept' reference */
1747 if (rc->accept_fn != NULL) {
1748 if(rc->refcnt != 1) {
1749 dbprintf(_("STRANGE, rc->refcnt should be 1, it is %d\n"),
1753 rc->accept_fn = NULL;
1754 sec_tcp_conn_put(rc);
1761 revent = event_wakeup((event_id_t)rc->event_id);
1763 _("sec: conn_read_callback: event_wakeup return %d\n"), revent);
1767 /* If there are events waiting on this handle, we're done */
1769 revent = event_wakeup((event_id_t)rc->event_id);
1770 auth_debug(1, _("sec: conn_read_callback: event_wakeup return %d\n"), revent);
1772 if (rc->handle == H_TAKEN || rc->pktlen == 0) {
1773 if(rc->refcnt == 0) amfree(rc);
1777 assert(rc->refcnt > 0);
1779 /* If there is no accept fn registered, then drop the packet */
1780 if (rc->accept_fn == NULL) {
1782 _("sec: conn_read_callback: %zd bytes for handle %d went unclaimed!"),
1783 rc->pktlen, rc->handle);
1787 rh = alloc(SIZEOF(*rh));
1788 security_handleinit(&rh->sech, rc->driver);
1789 rh->hostname = stralloc(rc->hostname);
1790 rh->ev_timeout = NULL;
1792 rh->peer = rc->peer;
1793 rh->rs = tcpma_stream_client(rh, rc->handle);
1795 auth_debug(1, _("sec: new connection\n"));
1797 parse_pkt(&pkt, rc->pkt, (size_t)rc->pktlen);
1798 auth_debug(1, _("sec: calling accept_fn\n"));
1799 if (rh->rc->recv_security_ok && (rh->rc->recv_security_ok)(rh, &pkt) < 0)
1800 (*rc->accept_fn)(&rh->sech, NULL);
1802 (*rc->accept_fn)(&rh->sech, &pkt);
1812 const unsigned char *bufp = buf;
1814 auth_debug(1, _("sec: parse_pkt: parsing buffer of %zu bytes\n"), bufsize);
1816 pkt->type = (pktype_t)*bufp++;
1819 pkt->packet_size = bufsize+1;
1820 pkt->body = alloc(pkt->packet_size);
1822 pkt->body[0] = '\0';
1824 memcpy(pkt->body, bufp, bufsize);
1825 pkt->body[pkt->packet_size - 1] = '\0';
1827 pkt->size = strlen(pkt->body);
1829 auth_debug(1, _("sec: parse_pkt: %s (%d): \"%s\"\n"), pkt_type2str(pkt->type),
1830 pkt->type, pkt->body);
1834 * Convert a packet header into a string
1838 const struct sec_handle * rh,
1841 static char retbuf[256];
1844 assert(pkt != NULL);
1846 g_snprintf(retbuf, SIZEOF(retbuf), _("Amanda %d.%d %s HANDLE %s SEQ %d\n"),
1847 VERSION_MAJOR, VERSION_MINOR, pkt_type2str(pkt->type),
1848 rh->proto_handle, rh->sequence);
1850 auth_debug(1, _("bsd: pkthdr2str handle '%s'\n"), rh->proto_handle);
1852 /* check for truncation. If only we had asprintf()... */
1853 assert(retbuf[strlen(retbuf) - 1] == '\n');
1859 * Parses out the header line in 'str' into the pkt and handle
1860 * Returns negative on parse error.
1872 assert(udp->dgram.cur != NULL);
1873 str = stralloc(udp->dgram.cur);
1875 /* "Amanda %d.%d <ACK,NAK,...> HANDLE %s SEQ %d\n" */
1877 /* Read in "Amanda" */
1878 if ((tok = strtok(str, " ")) == NULL || strcmp(tok, "Amanda") != 0)
1881 /* nothing is done with the major/minor numbers currently */
1882 if ((tok = strtok(NULL, " ")) == NULL || strchr(tok, '.') == NULL)
1885 /* Read in the packet type */
1886 if ((tok = strtok(NULL, " ")) == NULL)
1889 pkt_init_empty(pkt, pkt_str2type(tok));
1890 if (pkt->type == (pktype_t)-1)
1893 /* Read in "HANDLE" */
1894 if ((tok = strtok(NULL, " ")) == NULL || strcmp(tok, "HANDLE") != 0)
1897 /* parse the handle */
1898 if ((tok = strtok(NULL, " ")) == NULL)
1900 amfree(udp->handle);
1901 udp->handle = stralloc(tok);
1904 if ((tok = strtok(NULL, " ")) == NULL || strcmp(tok, "SEQ") != 0)
1907 /* parse the sequence number */
1908 if ((tok = strtok(NULL, "\n")) == NULL)
1910 udp->sequence = atoi(tok);
1912 /* Save the body, if any */
1913 if ((tok = strtok(NULL, "")) != NULL)
1914 pkt_cat(pkt, "%s", tok);
1920 #if 0 /* XXX we have no way of passing this back up */
1921 security_seterror(&rh->sech,
1922 "parse error in packet header : '%s'", origstr);
1930 struct sec_handle * rh,
1931 const char * remoteuser,
1932 const char * service)
1936 char *result = NULL;
1937 char *localuser = NULL;
1939 /* lookup our local user name */
1940 if ((pwd = getpwnam(CLIENT_LOGIN)) == NULL) {
1941 return vstrallocf(_("getpwnam(%s) failed."), CLIENT_LOGIN);
1945 * Make a copy of the user name in case getpw* is called by
1946 * any of the lower level routines.
1948 localuser = stralloc(pwd->pw_name);
1950 #ifndef USE_AMANDAHOSTS
1951 r = check_user_ruserok(rh->hostname, pwd, remoteuser);
1953 r = check_user_amandahosts(rh->hostname, &rh->peer, pwd, remoteuser, service);
1956 result = vstrallocf(
1957 _("user %s from %s is not allowed to execute the service %s: %s"),
1958 remoteuser, rh->hostname, service, r);
1966 * See if a remote user is allowed in. This version uses ruserok()
1969 * Returns NULL on success, or error message on error.
1974 struct passwd * pwd,
1975 const char * remoteuser)
1986 uid_t myuid = getuid();
1989 * note that some versions of ruserok (eg SunOS 3.2) look in
1990 * "./.rhosts" rather than "~CLIENT_LOGIN/.rhosts", so we have to
1991 * chdir ourselves. Sigh.
1993 * And, believe it or not, some ruserok()'s try an initgroup just
1994 * for the hell of it. Since we probably aren't root at this point
1995 * it'll fail, and initgroup "helpfully" will blatt "Setgroups: Not owner"
1996 * into our stderr output even though the initgroup failure is not a
1997 * problem and is expected. Thanks a lot. Not.
1999 if (pipe(fd) != 0) {
2000 return stralloc2(_("pipe() fails: "), strerror(errno));
2002 if ((ruserok_pid = fork()) < 0) {
2003 return stralloc2(_("fork() fails: "), strerror(errno));
2004 } else if (ruserok_pid == 0) {
2008 fError = fdopen(fd[1], "w");
2010 error(_("Can't fdopen: %s"), strerror(errno));
2013 /* pamper braindead ruserok's */
2014 if (chdir(pwd->pw_dir) != 0) {
2015 g_fprintf(fError, _("chdir(%s) failed: %s"),
2016 pwd->pw_dir, strerror(errno));
2021 if (debug_auth >= 9) {
2022 char *dir = stralloc(pwd->pw_dir);
2024 auth_debug(9, _("bsd: calling ruserok(%s, %d, %s, %s)\n"), host,
2025 ((myuid == 0) ? 1 : 0), remoteuser, pwd->pw_name);
2027 auth_debug(9, _("bsd: because you are running as root, "));
2028 auth_debug(9, _("/etc/hosts.equiv will not be used\n"));
2030 show_stat_info("/etc/hosts.equiv", NULL);
2032 show_stat_info(dir, "/.rhosts");
2036 saved_stderr = dup(2);
2038 if (open("/dev/null", O_RDWR) == -1) {
2039 auth_debug(1, _("Could not open /dev/null: %s\n"), strerror(errno));
2042 ok = ruserok(host, myuid == 0, remoteuser, CLIENT_LOGIN);
2049 (void)dup2(saved_stderr,2);
2050 close(saved_stderr);
2054 fError = fdopen(fd[0], "r");
2056 error(_("Can't fdopen: %s"), strerror(errno));
2061 while ((es = agets(fError)) != NULL) {
2066 if (result == NULL) {
2067 result = stralloc("");
2069 strappend(result, ": ");
2071 strappend(result, es);
2076 pid = wait(&exitcode);
2077 while (pid != ruserok_pid) {
2078 if ((pid == (pid_t) -1) && (errno != EINTR)) {
2080 return vstrallocf(_("ruserok wait failed: %s"), strerror(errno));
2082 pid = wait(&exitcode);
2084 if (!WIFEXITED(exitcode) || WEXITSTATUS(exitcode) != 0) {
2086 result = str_exit_status("ruserok child", exitcode);
2095 * Check to see if a user is allowed in. This version uses .amandahosts
2096 * Returns an error message on failure, or NULL on success.
2099 check_user_amandahosts(
2101 sockaddr_union *addr,
2102 struct passwd * pwd,
2103 const char * remoteuser,
2104 const char * service)
2108 const char *fileuser;
2110 char *result = NULL;
2116 char *aservice = NULL;
2118 char ipstr[INET6_ADDRSTRLEN];
2120 char ipstr[INET_ADDRSTRLEN];
2123 auth_debug(1, _("check_user_amandahosts(host=%s, pwd=%p, "
2124 "remoteuser=%s, service=%s)\n"),
2125 host, pwd, remoteuser, service);
2127 ptmp = stralloc2(pwd->pw_dir, "/.amandahosts");
2128 if (debug_auth >= 9) {
2129 show_stat_info(ptmp, "");;
2131 if ((fp = fopen(ptmp, "r")) == NULL) {
2132 result = vstrallocf(_("cannot open %s: %s"), ptmp, strerror(errno));
2138 * Make sure the file is owned by the Amanda user and does not
2139 * have any group/other access allowed.
2141 if (fstat(fileno(fp), &sbuf) != 0) {
2142 result = vstrallocf(_("cannot fstat %s: %s"), ptmp, strerror(errno));
2145 if (sbuf.st_uid != pwd->pw_uid) {
2146 result = vstrallocf(_("%s: owned by id %ld, should be %ld"),
2147 ptmp, (long)sbuf.st_uid, (long)pwd->pw_uid);
2150 if ((sbuf.st_mode & 077) != 0) {
2151 result = vstrallocf(_("%s: incorrect permissions; file must be accessible only by its owner"), ptmp);
2156 * Now, scan the file for the host/user/service.
2159 while ((line = agets(fp)) != NULL) {
2165 auth_debug(9, _("bsd: processing line: <%s>\n"), line);
2166 /* get the host out of the file */
2167 if ((filehost = strtok(line, " \t")) == NULL) {
2172 /* get the username. If no user specified, then use the local user */
2173 if ((fileuser = strtok(NULL, " \t")) == NULL) {
2174 fileuser = pwd->pw_name;
2177 hostmatch = (strcasecmp(filehost, host) == 0);
2178 /* ok if addr=127.0.0.1 and
2179 * either localhost or localhost.domain is in .amandahost */
2181 (strcasecmp(filehost, "localhost")== 0 ||
2182 strcasecmp(filehost, "localhost.localdomain")== 0)) {
2184 if (SU_GET_FAMILY(addr) == (sa_family_t)AF_INET6)
2185 inet_ntop(AF_INET6, &addr->sin6.sin6_addr,
2186 ipstr, sizeof(ipstr));
2189 inet_ntop(AF_INET, &addr->sin.sin_addr,
2190 ipstr, sizeof(ipstr));
2191 if (strcmp(ipstr, "127.0.0.1") == 0 ||
2192 strcmp(ipstr, "::1") == 0)
2195 usermatch = (strcasecmp(fileuser, remoteuser) == 0);
2196 auth_debug(9, _("bsd: comparing \"%s\" with\n"), filehost);
2197 auth_debug(9, _("bsd: \"%s\" (%s)\n"), host,
2198 hostmatch ? _("match") : _("no match"));
2199 auth_debug(9, _("bsd: and \"%s\" with\n"), fileuser);
2200 auth_debug(9, _("bsd: \"%s\" (%s)\n"), remoteuser,
2201 usermatch ? _("match") : _("no match"));
2203 if (!hostmatch || !usermatch) {
2215 /* get the services. If no service specified, then use
2216 * noop/selfcheck/sendsize/sendbackup
2218 aservice = strtok(NULL, " \t,");
2220 if (strcmp(service,"noop") == 0 ||
2221 strcmp(service,"selfcheck") == 0 ||
2222 strcmp(service,"sendsize") == 0 ||
2223 strcmp(service,"sendbackup") == 0) {
2236 if (strcmp(aservice,service) == 0) {
2240 if (strcmp(aservice, "amdump") == 0 &&
2241 (strcmp(service, "noop") == 0 ||
2242 strcmp(service, "selfcheck") == 0 ||
2243 strcmp(service, "sendsize") == 0 ||
2244 strcmp(service, "sendbackup") == 0)) {
2248 } while((aservice = strtok(NULL, " \t,")) != NULL);
2250 if (aservice && strcmp(aservice, service) == 0) {
2259 if (strcmp(service, "amindexd") == 0 ||
2260 strcmp(service, "amidxtaped") == 0) {
2261 result = vstrallocf(_("Please add the line \"%s %s amindexd amidxtaped\" to %s on the server"), host, remoteuser, ptmp);
2262 } else if (strcmp(service, "amdump") == 0 ||
2263 strcmp(service, "noop") == 0 ||
2264 strcmp(service, "selfcheck") == 0 ||
2265 strcmp(service, "sendsize") == 0 ||
2266 strcmp(service, "sendbackup") == 0) {
2267 result = vstrallocf(_("Please add the line \"%s %s amdump\" to %s on the client"), host, remoteuser, ptmp);
2269 result = vstrallocf(_("%s: invalid service %s"), ptmp, service);
2281 /* return 1 on success, 0 on failure */
2284 sockaddr_union *addr,
2286 unsigned long cksum,
2289 char * remotehost = NULL, *remoteuser = NULL;
2290 char * bad_bsd = NULL;
2291 struct passwd * pwptr;
2296 char hostname[NI_MAXHOST];
2300 (void)cksum; /* Quiet unused parameter warning */
2303 _("check_security(addr=%p, str='%s', cksum=%lu, errstr=%p\n"),
2304 addr, str, cksum, errstr);
2305 dump_sockaddr(addr);
2309 /* what host is making the request? */
2310 if ((result = getnameinfo((struct sockaddr *)addr, SS_LEN(addr),
2311 hostname, NI_MAXHOST, NULL, 0, 0)) != 0) {
2312 dbprintf(_("getnameinfo failed: %s\n"),
2313 gai_strerror(result));
2314 *errstr = vstralloc("[", "addr ", str_sockaddr(addr), ": ",
2315 "getnameinfo failed: ", gai_strerror(result),
2319 remotehost = stralloc(hostname);
2320 if( check_name_give_sockaddr(hostname,
2321 (struct sockaddr *)addr, errstr) < 0) {
2327 /* next, make sure the remote port is a "reserved" one */
2328 port = SU_GET_PORT(addr);
2329 if (port >= IPPORT_RESERVED) {
2330 *errstr = vstrallocf(_("[host %s: port %u not secure]"),
2331 remotehost, (unsigned int)port);
2336 /* extract the remote user name from the message */
2341 bad_bsd = vstrallocf(_("[host %s: bad bsd security line]"), remotehost);
2343 if (strncmp_const_skip(s - 1, "USER ", s, ch) != 0) {
2350 skip_whitespace(s, ch);
2358 skip_non_whitespace(s, ch);
2360 remoteuser = stralloc(fp);
2364 /* lookup our local user name */
2367 if ((pwptr = getpwuid(myuid)) == NULL)
2368 error(_("error [getpwuid(%d) fails]"), (int)myuid);
2370 auth_debug(1, _("bsd security: remote host %s user %s local user %s\n"),
2371 remotehost, remoteuser, pwptr->pw_name);
2373 #ifndef USE_AMANDAHOSTS
2374 s = check_user_ruserok(remotehost, pwptr, remoteuser);
2376 s = check_user_amandahosts(remotehost, addr, pwptr, remoteuser, NULL);
2380 *errstr = vstrallocf(_("[access as %s not allowed from %s@%s: %s]"),
2381 pwptr->pw_name, remoteuser, remotehost, s);
2386 return *errstr == NULL;
2390 * Like read(), but waits until the entire buffer has been filled.
2399 char *buf = vbuf; /* ptr arith */
2401 size_t size = origsize;
2403 auth_debug(1, _("net_read: begin %zu\n"), origsize);
2406 auth_debug(1, _("net_read: while %zu\n"), size);
2407 nread = net_read_fillbuf(fd, timeout, buf, size);
2409 auth_debug(1, _("db: net_read: end return(-1)\n"));
2413 auth_debug(1, _("net_read: end return(0)\n"));
2419 auth_debug(1, _("net_read: end %zu\n"), origsize);
2420 return ((ssize_t)origsize);
2424 * net_read likes to do a lot of little reads. Buffer it.
2433 SELECT_ARG_TYPE readfds;
2437 auth_debug(1, _("net_read_fillbuf: begin\n"));
2439 FD_SET(fd, &readfds);
2440 tv.tv_sec = timeout;
2442 switch (select(fd + 1, &readfds, NULL, NULL, &tv)) {
2447 auth_debug(1, _("net_read_fillbuf: case -1\n"));
2450 auth_debug(1, _("net_read_fillbuf: case 1\n"));
2451 assert(FD_ISSET(fd, &readfds));
2454 auth_debug(1, _("net_read_fillbuf: case default\n"));
2458 nread = read(fd, buf, size);
2461 auth_debug(1, _("net_read_fillbuf: end %zd\n"), nread);
2467 * Display stat() information about a file.
2475 char *name = vstralloc(a, b, NULL);
2477 struct passwd *pwptr G_GNUC_UNUSED;
2478 struct passwd pw G_GNUC_UNUSED;
2480 struct group *grptr G_GNUC_UNUSED;
2481 struct group gr G_GNUC_UNUSED;
2483 int buflen G_GNUC_UNUSED;
2484 char *buf G_GNUC_UNUSED;
2486 if (stat(name, &sbuf) != 0) {
2487 auth_debug(1, _("bsd: cannot stat %s: %s\n"), name, strerror(errno));
2492 #ifdef _SC_GETPW_R_SIZE_MAX
2493 buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
2499 buf = malloc(buflen);
2501 #ifdef HAVE_GETPWUID_R
2502 if (getpwuid_r(sbuf.st_uid, &pw, buf, buflen, &pwptr) == 0 &&
2504 owner = stralloc(pwptr->pw_name);
2508 owner = alloc(NUM_STR_SIZE + 1);
2509 g_snprintf(owner, NUM_STR_SIZE, "%ld", (long)sbuf.st_uid);
2511 #ifdef HAVE_GETGRGID_R
2512 if (getgrgid_r(sbuf.st_gid, &gr, buf, buflen, &grptr) == 0 &&
2514 group = stralloc(grptr->gr_name);
2518 group = alloc(NUM_STR_SIZE + 1);
2519 g_snprintf(group, NUM_STR_SIZE, "%ld", (long)sbuf.st_gid);
2522 auth_debug(1, _("bsd: processing file: %s\n"), name);
2523 auth_debug(1, _("bsd: owner=%s group=%s mode=%03o\n"),
2525 (int) (sbuf.st_mode & 0777));
2533 check_name_give_sockaddr(
2534 const char *hostname,
2535 struct sockaddr *addr,
2539 struct addrinfo *res = NULL, *res1;
2542 result = resolve_hostname(hostname, 0, &res, &canonname);
2544 dbprintf(_("check_name_give_sockaddr: resolve_hostname('%s'): %s\n"), hostname, gai_strerror(result));
2545 *errstr = newvstrallocf(*errstr,
2546 _("check_name_give_sockaddr: resolve_hostname('%s'): %s"),
2547 hostname, gai_strerror(result));
2550 if (canonname == NULL) {
2551 dbprintf(_("resolve_hostname('%s') did not return a canonical name\n"), hostname);
2552 *errstr = newvstrallocf(*errstr,
2553 _("check_name_give_sockaddr: resolve_hostname('%s') did not return a canonical name"),
2558 if (strncasecmp(hostname, canonname, strlen(hostname)) != 0) {
2559 dbprintf(_("%s doesn't resolve to itself, it resolves to %s\n"),
2560 hostname, canonname);
2561 *errstr = newvstrallocf(*errstr,
2562 _("%s doesn't resolve to itself, it resolves to %s"),
2563 hostname, canonname);
2567 for(res1=res; res1 != NULL; res1 = res1->ai_next) {
2568 if (cmp_sockaddr((sockaddr_union *)res1->ai_addr, (sockaddr_union *)addr, 1) == 0) {
2575 dbprintf(_("%s doesn't resolve to %s"),
2576 hostname, str_sockaddr((sockaddr_union *)addr));
2577 *errstr = newvstrallocf(*errstr,
2578 "%s doesn't resolve to %s",
2579 hostname, str_sockaddr((sockaddr_union *)addr));
2581 if (res) freeaddrinfo(res);
2587 find_port_for_service(
2593 int all_numeric = 1;
2595 for (s=service; *s != '\0'; s++) {
2596 if (!isdigit((int)*s)) {
2601 if (all_numeric == 1) {
2602 port = atoi(service);
2606 if ((sp = getservbyname(service, proto)) == NULL) {
2609 port = (in_port_t)(ntohs((in_port_t)sp->s_port));