Date: Wed, 15 Aug 2007 15:46:06 GMT From: Alexey Mikhailov <karma@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 125177 for review Message-ID: <200708151546.l7FFk62i000789@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=125177 Change 125177 by karma@karma_ez on 2007/08/15 15:45:20 Continue merging of new code in. In this serie, you'll see: - Basic client SSL stuff - Get rid of warnings, now it compiles clean with -pedantic and -Wall - Code is more readable now - Fixed some stupidness from last commit Affected files ... .. //depot/projects/soc2007/karma_audit/dlog/config.h#6 edit .. //depot/projects/soc2007/karma_audit/dlog/daemon/build#1 add .. //depot/projects/soc2007/karma_audit/dlog/daemon/client.c#5 edit .. //depot/projects/soc2007/karma_audit/dlog/daemon/client.h#3 edit .. //depot/projects/soc2007/karma_audit/dlog/daemon/config.c#5 edit .. //depot/projects/soc2007/karma_audit/dlog/daemon/config.h#5 edit .. //depot/projects/soc2007/karma_audit/dlog/daemon/config_client.y#2 edit .. //depot/projects/soc2007/karma_audit/dlog/daemon/config_server.y#2 edit .. //depot/projects/soc2007/karma_audit/dlog/daemon/dlogd.c#2 edit .. //depot/projects/soc2007/karma_audit/dlog/daemon/server.c#5 edit .. //depot/projects/soc2007/karma_audit/dlog/daemon/server.h#3 edit .. //depot/projects/soc2007/karma_audit/dlog/daemon/util.c#3 edit .. //depot/projects/soc2007/karma_audit/dlog/daemon/util.h#3 edit .. //depot/projects/soc2007/karma_audit/dlog/daemon/worker.c#2 edit .. //depot/projects/soc2007/karma_audit/dlog/daemon/worker.h#2 edit Differences ... ==== //depot/projects/soc2007/karma_audit/dlog/config.h#6 (text+ko) ==== @@ -1,5 +1,5 @@ -#ifndef DLOG_CONFIG_H -#define DLOG_CONFIG_H +#ifndef _CONFIG_H +#define _CONFIG_H #define DL_SOCKET "/tmp/dlogd.socket" #define DL_SOCKET_DIR "/tmp/" ==== //depot/projects/soc2007/karma_audit/dlog/daemon/client.c#5 (text+ko) ==== @@ -1,8 +1,13 @@ #include "../config.h" +#include "config.h" +#include "util.h" #include <errno.h> +#include <unistd.h> #include <string.h> +#include <strings.h> #include <stdio.h> #include <sys/types.h> +#include <sys/stat.h> #include <sys/socket.h> #include <sys/un.h> #include <sys/param.h> @@ -10,7 +15,7 @@ extern int errno; -void +void * client_main() { int s, cs, opt = 1; @@ -54,13 +59,13 @@ s = socket(PF_LOCAL, SOCK_STREAM, 0); if (s < 0) { - err_fatal("can't create PF_LOCAL socket"); + err_fatal("client: can't create PF_LOCAL socket"); } unlink(DL_SOCKET); if ((setsockopt(s, 0, LOCAL_CREDS, &opt, sizeof(opt))) < 0) { - err_fatal("can't receive credentials from PF_LOCAL socket"); + err_fatal("client: can't receive credentials from PF_LOCAL socket"); } bzero(&n, sizeof(n)); @@ -68,11 +73,11 @@ strcpy(n.sun_path, DL_SOCKET); if ((bind(s, (struct sockaddr *) &n, SUN_LEN (&n))) < 0) { - err_fatal("can't bind PF_LOCAL socket. Another instance is running?"); + err_fatal("client: can't bind PF_LOCAL socket. Another instance is running?"); } if (listen(s, QLEN) < 0) { - err_fatal("cat't listen() on PF_LOCAL socket."); + err_fatal("client: cat't listen() on PF_LOCAL socket."); } while ((cs = accept(s, (struct sockaddr *) NULL, NULL)) >= 0) { @@ -81,7 +86,7 @@ /* TODO: could go bad here.. fix later.. */ if ((sscanf(buf, "%s\n%s", pathname, keyword)) < 2) { - printf("ouch!"); + /* TODO: wrong query */ } @@ -95,23 +100,26 @@ #ifdef DEBUG printf("UID %d, GID %d\n", cr.uc.sc_uid, cr.uc.sc_gid); #endif - if ((verify_client_access(cr.uc.sc_uid, cr.uc.sc_gid)) == 0) { + if ((verify_client_access(keyword, cr.uc.sc_uid, cr.uc.sc_gid)) == 0) { /* TODO: add logfile to spool here */ /* TODO: umask? */ snprintf(pathbuf, PATH_MAX, "%s/%s", SPOOL_DIR, keyword); - if (mkdir(pathbuf, "0700") == -1 && errno != EEXIST) { - fprintf(stderr, "can't create spool dir for keyword"); + if (mkdir(pathbuf, 0700) == -1 && errno != EEXIST) { + err_fatal("client: can't create spool dir for keyword"); } else { +#if 0 snprintf(pathbuf, PATH_MAX, "%s/%ld.%s"); +#endif } } } else { /* TODO: can't check permissions. wrong query */ - fprintf(stderr,"can't check permissions"); + fprintf(stderr,"client: can't check permissions"); } close(cs); } + return 0; } ==== //depot/projects/soc2007/karma_audit/dlog/daemon/client.h#3 (text+ko) ==== @@ -1,6 +1,6 @@ #ifndef DLOG_CLIENT_H #define DLOG_CLIENT_H -void client_main(); +void * client_main(); #endif ==== //depot/projects/soc2007/karma_audit/dlog/daemon/config.c#5 (text+ko) ==== @@ -7,11 +7,47 @@ #include <errno.h> #include <grp.h> #include <stdio.h> +#include <string.h> +#include <strings.h> #include <netinet/in.h> #include <sys/types.h> #include <sys/socket.h> #include <netdb.h> +typedef struct client_kw_access { + int id; + uid_t uid; + gid_t gid; + struct client_kw_access * next; +} cl_kw_access; + +typedef struct host_ll { + struct sockaddr s; + struct host_ll *next; +} host_ll; + +typedef struct client_kw_host { + char *host; + host_ll *hs; + struct client_kw_host * next; +} cl_kw_hosts; + +typedef struct server_kw_host { + char *host; + host_ll *hs; + char *dir; + struct server_kw_host * next; +} sv_kw_hostdir; + +typedef struct keyword_cli_data { + cl_kw_access *access; + cl_kw_hosts *hosts; +} cl_kw_data; + +typedef struct keyword_srv_data { + sv_kw_hostdir *hds; +} sv_kw_data; + cl_kw_access * cka = NULL; cl_kw_access * pcka = NULL; cl_kw_hosts * ckh = NULL; @@ -24,6 +60,8 @@ extern int errno; extern FILE * yyin; +int yyparse (void); + #if 0 int main (int argc, char **argv) @@ -44,15 +82,13 @@ yyin = fopen("client.conf", "r"); - if (yyin == NULL) - { + if (yyin == NULL) { err_fatal("cannot open client configuration file"); } error = yyparse(); - if (error) - { + if (error) { err_fatal("cannot parse client configuration file"); } } @@ -102,6 +138,9 @@ int add_client_kw_access (char * id, char * val) { + struct passwd * psw; + struct group * grp; + if (cka == NULL) { cka = xmalloc(sizeof(cl_kw_access)); @@ -123,7 +162,7 @@ err_fatal("wrong UID."); } - struct passwd * psw = getpwuid(pcka -> uid); + psw = getpwuid(pcka -> uid); if (psw == NULL) { @@ -141,9 +180,9 @@ err_fatal("wrong gid"); } - struct group * grp = getgrgid (pcka -> gid); + grp = getgrgid (pcka -> gid); - if (grp = NULL) + if (grp == NULL) { err_fatal("getgrgid() failed. Probably wrong GID."); } @@ -155,7 +194,7 @@ { pcka -> id = 1; - struct passwd * psw = getpwnam(val); + psw = getpwnam(val); if (psw == NULL) { err_fatal("getpwnam() failed. Probably wrong username."); @@ -168,7 +207,7 @@ if (strcmp(id, "group") == 0) { pcka -> id = 2; - struct group * grp = getgrnam(val); + grp = getgrnam(val); if (grp == NULL) { err_fatal("getgrnam() failed. Probably wrong groupname."); ==== //depot/projects/soc2007/karma_audit/dlog/daemon/config.h#5 (text+ko) ==== @@ -4,41 +4,6 @@ #include <sys/types.h> #include <sys/socket.h> -typedef struct client_kw_access { - int id; - uid_t uid; - gid_t gid; - struct client_kw_access * next; -} cl_kw_access; - -typedef struct host_ll { - struct sockaddr s; - struct host_ll *next; -} host_ll; - -typedef struct client_kw_host { - char *host; - host_ll *hs; - struct client_kw_host * next; -} cl_kw_hosts; - -typedef struct server_kw_host { - char *host; - host_ll *hs; - char *dir; - struct server_kw_host * next; -} sv_kw_hostdir; - -typedef struct keyword_cli_data { - cl_kw_access *access; - cl_kw_hosts *hosts; -} cl_kw_data; - -typedef struct keyword_srv_data { - sv_kw_hostdir *hds; -} sv_kw_data; - - TTree * client_kw_tree; TTree * server_kw_tree; TTree * client_host_tree; @@ -54,6 +19,9 @@ void parse_client_config(); void parse_server_config(); +int add_client_host(char * host); +int add_server_host(char * host); + int verify_client_access (const char * keyword, uid_t uid, gid_t gid); char * verify_server_access (struct sockaddr * sa, const char * keyword); #endif ==== //depot/projects/soc2007/karma_audit/dlog/daemon/config_client.y#2 (text+ko) ==== @@ -1,6 +1,10 @@ //%start commands %{ #include <sys/types.h> +#include "config.h" + +void yyerror(const char *); +int yylex(void); %} %union { ==== //depot/projects/soc2007/karma_audit/dlog/daemon/config_server.y#2 (text+ko) ==== @@ -1,6 +1,10 @@ //%start commands %{ #include <sys/types.h> +#include "config.h" + +void yyerror(const char *); +int yylex(void); %} %union { ==== //depot/projects/soc2007/karma_audit/dlog/daemon/dlogd.c#2 (text+ko) ==== @@ -1,0 +1,79 @@ +#include "config.h" +#include "ttree.h" +#include "util.h" +#include "client.h" +#include "server.h" +#include "worker.h" + +#include <pthread.h> +#include <unistd.h> + +extern int optind; + +int +main (int argc, char **argv) +{ + int ch,cli=0,srv=0,err; + pthread_t tid1=0, tid2=0, tid3=0; + void *tret; + + while ((ch = getopt(argc, argv, "cs")) != -1) + { + switch (ch) { + case 'c': + client_kw_tree = allocate_ttree(); + client_host_tree = allocate_ttree(); + parse_client_config(); + cli = 1; + break; + case 's': + server_kw_tree = allocate_ttree(); + server_host_tree = allocate_ttree(); + parse_server_config(); + srv = 1; + break; + default: + err_fatal("unknown argument"); + } + + } + argc -= optind; + argv += optind; + + if (cli == 0 && srv == 0) + err_fatal("nothing to do"); + + if (cli) + { + err = pthread_create(&tid1, NULL, client_main, NULL); + if (err != 0) + { + err_fatal("can't create client thread"); + } + err = pthread_create(&tid3, NULL, worker_main, NULL); + if (err != 0) + { + err_fatal("can't create worker thread"); + } + } + + if (srv) + { + err = pthread_create(&tid2, NULL, server_main, NULL); + if (err != 0) + { + err_fatal("can't create server thread"); + } + } + + if (tid1 != 0) + { + err = pthread_join(tid1, &tret); + } + else + { + err = pthread_join(tid2, &tret); + } + + return 0; +} ==== //depot/projects/soc2007/karma_audit/dlog/daemon/server.c#5 (text+ko) ==== @@ -1,9 +1,14 @@ #include "../config.h" +#include "config.h" +#include "util.h" #include <netdb.h> #include <limits.h> #include <stdio.h> #include <sys/socket.h> #include <errno.h> +#include <strings.h> +#include <string.h> +#include <unistd.h> #include <netinet/in.h> #include <openssl/ssl.h> #include <openssl/err.h> @@ -14,7 +19,8 @@ static void serve_conn(int, struct sockaddr *); static int myssl_accept(int, SSL*); -void +/* Thread entry point */ +void * server_main() { #if 0 @@ -122,9 +128,8 @@ /* Go loop */ for (;;) { clifd = accept(sockfd, (struct sockaddr *)&sockaddr_cli, &l); - if (clifd < 0) - { - if (errno = EINTR) + if (clifd < 0) { + if (errno == EINTR) continue; err_fatal("accept()"); } @@ -133,6 +138,7 @@ } } +/* Server connection from sacli at clifd */ static void serve_conn (int clifd, struct sockaddr *sacli) { @@ -141,9 +147,7 @@ char buf[KEYWORD_MAX+FILENAME_MAX+2]; char filename[FILENAME_MAX+1]; char keyword[KEYWORD_MAX+1]; -#ifdef DEBUG - printf("got connection from %lx\n", ((struct sockaddr_in *)sacli)->sin_addr.s_addr); -#endif + if (myssl_accept(clifd, ssl) != 0) { fprintf(stderr, "Failed SSL negotitation\n"); return; @@ -166,27 +170,34 @@ /* TODO: Could go bad here? */ e = sscanf(buf, "%s\n%s", keyword, filename); + /* TODO: Verify access + receive file */ + if (verify_server_access(sacli, keyword)) + { + + } + #ifdef DEBUG printf("received keyword %s with filename %s", keyword, filename); #endif } +/* Try to perform SSL handshake at clifd */ static int myssl_accept (int clifd, SSL *ssl) { if ((ssl = SSL_new(sslContext)) == NULL) { - fprintf(stderr, "SSL_new(): %s\n", ERR_error_string(ERR_get_error(), NULL)); + fprintf(stderr, "server: SSL_new(): %s\n", ERR_error_string(ERR_get_error(), NULL)); return -1; } SSL_set_fd(ssl, clifd); if (SSL_accept(ssl) <= 0) { - fprintf(stderr, "SSL_accept(): %s\n", ERR_error_string(ERR_get_error(), NULL)); + fprintf(stderr, "server: SSL_accept(): %s\n", ERR_error_string(ERR_get_error(), NULL)); return -1; } #ifdef DEBUG - fprintf(stderr, "SSL_get_cipher(): %s\n", SSL_get_cipher(ssl)); + fprintf(stderr, "server: SSL_get_cipher(): %s\n", SSL_get_cipher(ssl)); #endif return 0; } ==== //depot/projects/soc2007/karma_audit/dlog/daemon/server.h#3 (text+ko) ==== @@ -1,6 +1,6 @@ #ifndef DLOG_SERVER_H #define DLOG_SERVER_H -void server_main(); +void * server_main(); #endif ==== //depot/projects/soc2007/karma_audit/dlog/daemon/util.c#3 (text+ko) ==== @@ -1,5 +1,6 @@ #include <stdio.h> #include <stdlib.h> +#include <string.h> #include "util.h" @@ -15,13 +16,15 @@ return p; } -void +/* Fatal error */ +inline void err_fatal (const char * msg) { fprintf(stderr, "Fatal error: %s\n", msg); exit(1); } +/* Check for "bad" chars in received message ie more than one '\n' or '/' */ int search_bad_chars (const char * msg) { ==== //depot/projects/soc2007/karma_audit/dlog/daemon/util.h#3 (text+ko) ==== @@ -1,9 +1,11 @@ #ifndef _UTIL_H #define _UTIL_H +#include <sys/types.h> /* Wrapper for malloc() */ void * xmalloc (size_t size); void err_fatal (const char * msg); +int search_bad_chars (const char * msg); #endif ==== //depot/projects/soc2007/karma_audit/dlog/daemon/worker.c#2 (text+ko) ==== @@ -1,19 +1,110 @@ #include "../config.h" +#include "util.h" #include <signal.h> +#include <libgen.h> +#include <stdio.h> +#include <string.h> +#include <unistd.h> +#include <sys/socket.h> +#include <pthread.h> +#include <openssl/x509.h> +#include <openssl/err.h> +#include <openssl/ssl.h> static sigset_t mask; +static SSL_CTX *sslContext=NULL; -void +/* Go through spool and perform pending tasks */ +static void go_queue() { + +} + +/* Perform sending log file out */ +static int +ssl_sendfile (const char * pathname, const char * keyword, struct sockaddr * to) +{ + int sock, r, ans; + SSL* ssl; + X509* cert; + char buf[FILENAME_MAX + KEYWORD_MAX + 2]; + sock = socket (AF_INET, SOCK_STREAM, 0); + + if (sock < 0) + err_fatal("worker: socket()"); + + r = connect(sock, to, sizeof(*to)); + + if (r < 0) { + fprintf(stderr,"worker: connect()"); + return 1; + } + + /* SSL handshake */ + ssl = SSL_new(sslContext); + SSL_set_fd (ssl, sock); + +#ifdef DEBUG + fprintf(stderr, "worker: cipher %s", SSL_get_cipher(ssl)); +#endif + + /* Catch server's certificate */ + cert = SSL_get_peer_certificate (ssl); + + if (cert == NULL) { + fprintf(stderr, "worker: can't get server's certificate"); + SSL_shutdown(ssl); + close(sock); + return 1; + } + + /* TODO: certificate validation goes here. Think of having TA in config */ + + /* Don't need certificate anymore */ + X509_free(cert); + + /* Send filename\keyword */ + snprintf(buf, sizeof(buf),"%s\n%s", keyword, basename(pathname)); + + r = SSL_write (ssl, buf, strlen(buf)); + if (r < 0) { + fprintf(stderr, "worker: SSL_write()"); + SSL_shutdown(ssl); + close(sock); + return 1; + } + + r = SSL_read (ssl, &ans, sizeof(ans)); + if (r < 0) { + fprintf(stderr, "worker: SSL_read()"); + SSL_shutdown(ssl); + close(sock); + return 1; + } + + if (ans < 0) { + fprintf(stderr, "worker: server returned %d", ans); + SSL_shutdown(ssl); + close(sock); + return 1; + } + + /* TODO: OK, sending flle goes here */ + return 0; } -void +void * worker_main() { - int signo, r; + int signo; sigset_t oldmask; + + SSL_load_error_strings(); + SSLeay_add_ssl_algorithms(); + sslContext = SSL_CTX_new(SSLv23_client_method()); + sigemptyset(&mask); sigaddset(&mask, SIGALRM); if (pthread_sigmask(SIG_BLOCK, &mask, &oldmask) < 0) ==== //depot/projects/soc2007/karma_audit/dlog/daemon/worker.h#2 (text+ko) ==== @@ -1,0 +1,6 @@ +#ifndef DLOG_WORKER_H +#define DLOG_WORKER_H + +void * worker_main(); + +#endif
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200708151546.l7FFk62i000789>