Date: Mon, 9 Jul 2007 05:49:28 GMT From: Alexey Mikhailov <karma@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 123175 for review Message-ID: <200707090549.l695nS43049639@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=123175 Change 123175 by karma@karma_ez on 2007/07/09 05:49:23 * Add search function to T-Tree implementation * Add remote credentials checking * write() -> sendmsg() migration in library Affected files ... .. //depot/projects/soc2007/karma_audit/dlog/config.h#4 edit .. //depot/projects/soc2007/karma_audit/dlog/daemon/client.c#3 edit .. //depot/projects/soc2007/karma_audit/dlog/daemon/config.c#3 edit .. //depot/projects/soc2007/karma_audit/dlog/daemon/config.h#3 edit .. //depot/projects/soc2007/karma_audit/dlog/daemon/server.c#3 edit .. //depot/projects/soc2007/karma_audit/dlog/daemon/ttree.c#2 edit .. //depot/projects/soc2007/karma_audit/dlog/daemon/ttree.h#2 edit .. //depot/projects/soc2007/karma_audit/dlog/lib/libdlogd.c#3 edit .. //depot/projects/soc2007/karma_audit/dlog/lib/libdlogd.h#3 edit Differences ... ==== //depot/projects/soc2007/karma_audit/dlog/config.h#4 (text+ko) ==== @@ -14,4 +14,6 @@ #define SERVER_PORT "9991" +#define QLEN 10 + #endif ==== //depot/projects/soc2007/karma_audit/dlog/daemon/client.c#3 (text+ko) ==== @@ -12,28 +12,96 @@ void client_main() { - int s, opt = 1; + int s, cs, opt = 1; + size_t nr = 0; struct sockaddr_un n; + char buf[KEYWORD_MAX+PATH_MAX+1]; + char keyword[KEYWORD_MAX]; + char pathname[PATH_MAX]; + struct msghdr msg; + struct iovec iov[2]; + union { + struct cmsghdr cm; + char control[CMSG_SPACE(sizeof(struct cmsgcred))]; + } c; + struct cmsghdr *cm; + union + { + struct sockcred uc; + char b[sizeof (struct sockcred) + NGROUPS * sizeof (int)]; + } cr; + + cm = &c.cm; + + msg.msg_control = c.control; + msg.msg_controllen = sizeof(c.control); + msg.msg_name = NULL; + msg.msg_namelen = 0; + + bzero(keyword, KEYWORD_MAX); + bzero(pathname, PATH_MAX); + bzero(buf, KEYWORD_MAX + PATH_MAX + 1); + + iov[0].iov_base = buf; + iov[0].iov_len = PATH_MAX + KEYWORD_MAX + 1; + + msg.msg_iov = iov; + msg.msg_iovlen = 1; + s = socket(PF_LOCAL, SOCK_STREAM, 0); - if (s < 0) - { + if (s < 0) { err_fatal("can't create PF_LOCAL socket"); } - - if ((setsockopt(s, 0, LOCAL_CREDS, &opt, sizeof(opt))) < 0) - { + + unlink(DL_SOCKET); + + if ((setsockopt(s, 0, LOCAL_CREDS, &opt, sizeof(opt))) < 0) { err_fatal("can't receive credentials from PF_LOCAL socket"); } - + bzero(&n, sizeof(n)); n.sun_family = PF_LOCAL; - strncpy(n.sun_path, DL_SOCKET, sizeof(DL_SOCKET)); + strcpy(n.sun_path, DL_SOCKET); + + if ((bind(s, (struct sockaddr *) &n, SUN_LEN (&n))) < 0) { + err_fatal("can't bind PF_LOCAL socket. Another instance is running?"); + } + + if (listen(s, QLEN) < 0) { + err_fatal("cat't listen() on PF_LOCAL socket."); + } - if ((bind(s, (struct sockaddr *) &n, SUN_LEN (&n))) < 0) - { - err_fatal("can't bind PF_LOCAL socket"); + while ((cs = accept(s, (struct sockaddr *) NULL, NULL)) >= 0) { + + nr = recvmsg (cs, &msg, 0); + + /* TODO: could go bad here.. fix later.. */ + if ((sscanf(buf, "%s\n%s", pathname, keyword)) < 2) { + printf("ouch!"); + /* TODO: wrong query */ + } + +#ifdef DEBUG + printf("RECEIVED: %s %s\n", pathname, keyword); +#endif + + if (cm -> cmsg_type == SCM_CREDS) { + memcpy(&cr, ((struct sockcred *) CMSG_DATA(cm)), + cm -> cmsg_len - sizeof(struct cmsghdr)); +#ifdef DEBUG + printf("UID %d, GID %d\n", cr.uc.sc_uid, cr.uc.sc_gid); +#endif + if ((verify_client_access(cr.uc.sc_uid, cr.uc.sc_gid)) == 0) + { + /* TODO: add logfile to spool here */ + } + + } else { + /* TODO: can't check permissions. wrong query */ + printf("can't check permissions"); + } + close(cs); } - } ==== //depot/projects/soc2007/karma_audit/dlog/daemon/config.c#3 (text+ko) ==== @@ -104,13 +104,13 @@ if (strcmp(id, "uid") == 0) { pcka -> id = 1; - pcka -> ut = (uid_t)strtol(val, (char **)NULL, 10); - if (pcka -> ut == 0) + pcka -> uid = (uid_t)strtol(val, (char **)NULL, 10); + if (pcka -> uid == 0) { err_fatal("wrong UID."); } - struct passwd * psw = getpwuid(pcka -> ut); + struct passwd * psw = getpwuid(pcka -> uid); if (psw == NULL) { @@ -122,13 +122,13 @@ if (strcmp(id, "gid") == 0) { pcka -> id = 2; - pcka -> gt = (gid_t)strtol(val, (char **)NULL, 10); - if (pcka -> gt == 0) + pcka -> gid = (gid_t)strtol(val, (char **)NULL, 10); + if (pcka -> gid == 0) { err_fatal("wrong gid"); } - struct group * grp = getgrgid (pcka -> gt); + struct group * grp = getgrgid (pcka -> gid); if (grp = NULL) { @@ -148,7 +148,7 @@ err_fatal("getpwnam() failed. Probably wrong username."); } - pcka -> ut = psw -> pw_uid; + pcka -> uid = psw -> pw_uid; return 0; } @@ -161,7 +161,7 @@ err_fatal("getgrnam() failed. Probably wrong groupname."); } - pcka -> gt = grp -> gr_gid; + pcka -> gid = grp -> gr_gid; return 0; } @@ -245,3 +245,48 @@ { return 0; } + +/* Verify client access (with specified uid and gid) to specified keyword + + If success: 0 returned + If failed: -1, bad keyword + -2, access denied +*/ + +int +verify_client_access (const char * keyword, uid_t uid, gid_t gid) +{ + cl_kw_data * ck; + cl_kw_access * ca; + + ck = (cl_kw_data *)search_tree(client_kw_tree, keyword); + + if (ck == NULL) + { + return (-1); /* bad keyword */ + } + + ca = ck -> access; + + while (ca != NULL) + { + if (ca -> id == 1) + { + if (uid == ca -> uid) + { + return 0; + } + } + if (ca -> id == 2) + { + if (gid == ca -> gid) + { + return 0; + } + } + } + + /* TODO: check for supplementary groups for UID as well */ + + return (-2); /* access denied */ +} ==== //depot/projects/soc2007/karma_audit/dlog/daemon/config.h#3 (text+ko) ==== @@ -5,8 +5,8 @@ typedef struct client_kw_access { int id; - uid_t ut; - gid_t gt; + uid_t uid; + gid_t gid; struct client_kw_access * next; } cl_kw_access; @@ -46,4 +46,6 @@ void parse_client_config(); void parse_server_config(); +int verify_client_access (const char * keyword, uid_t uid, gid_t gid); + #endif ==== //depot/projects/soc2007/karma_audit/dlog/daemon/server.c#3 (text+ko) ==== @@ -4,8 +4,6 @@ #include <stdio.h> #include <sys/socket.h> -#define QLEN 10 - void server_serve (int s) { ==== //depot/projects/soc2007/karma_audit/dlog/daemon/ttree.c#2 (text+ko) ==== @@ -12,6 +12,7 @@ #define MAX(x,y) ((x > y) ? x : y) #define LT(x, y) ((strcmp(x,y)) < (0)) #define GT(x, y) ((strcmp(x,y)) > (0)) +#define EQ(x, y) ((strcmp(x,y)) == (0)) #if 0 inline void @@ -336,3 +337,49 @@ } } +/* Search tree for key. + + If success: pointer to value is returned. + If failed: NULL returned +*/ + +void * +search_tree (TTree * d, const char * key) +{ + TData *tn; + + if (d -> l == NULL) + return NULL; + + if (LT(key, d -> l -> key)) + { + if (d -> tl == NULL) + return NULL; + else + return (search_tree(d -> tl, key)); + } + + if (GT(key, d -> r -> key)) + { + if (d -> tr == NULL) + return NULL; + else + return (search_tree(d -> tr, key)); + } + + tn = d -> l; + + while (tn != NULL) + { + if (EQ(key, tn->key)) + { + return tn -> content; + } + else + { + tn = tn -> next; + } + } + + return NULL; +} ==== //depot/projects/soc2007/karma_audit/dlog/daemon/ttree.h#2 (text+ko) ==== @@ -22,6 +22,6 @@ TTree * allocate_ttree(); int insert_tree (TTree **, char *, void *); -void traverse_tree (TTree *,int); +void * search_tree (TTree *, const char * key); #endif ==== //depot/projects/soc2007/karma_audit/dlog/lib/libdlogd.c#3 (text+ko) ==== @@ -5,18 +5,15 @@ #include <stddef.h> #include <errno.h> #include <unistd.h> +#include <sys/param.h> #include <sys/poll.h> #include <sys/types.h> #include <sys/socket.h> #include <sys/stat.h> #include <sys/syslimits.h> #include <sys/un.h> - -#define BUF_SIZE PATH_MAX+KEYWORD_MAX+2 - -static int timeout = 1000; +#include <sys/ucred.h> -static int dlogd_send (int fd, const char * buf, size_t len); static int dlogd_connect (); /* Submit log file @@ -29,7 +26,14 @@ { int fd, rc; size_t len; - char buf[BUF_SIZE]; + char buf[KEYWORD_MAX + PATH_MAX + 1]; + struct msghdr msg; + struct cmsghdr *cmsg; + struct iovec iov[1]; + union { + struct cmsghdr cm; + char control[CMSG_SPACE(sizeof(struct cmsgcred))]; + } c; if (strlen(pathname) > PATH_MAX) { @@ -45,69 +49,42 @@ return fd; } - snprintf(buf, BUF_SIZE, "%s\n%s\n", keyword, pathname); - len = strlen(buf); + snprintf(buf, strlen(pathname)+strlen(keyword)+2, "%s\n%s", pathname, keyword); + + /* Construct message */ - rc = dlogd_send(fd, buf, len); + iov[0].iov_base = buf; + iov[0].iov_len = strlen(pathname)+strlen(keyword)+2; - if (rc < 0) - return rc; + bzero(&msg, sizeof(msg)); + msg.msg_control = c.control; + msg.msg_controllen = sizeof(c.control); - /* TODO: write dlogd_receive and wait for server's reply */ - - return 0; -} + cmsg = CMSG_FIRSTHDR(&msg); + cmsg -> cmsg_len = CMSG_LEN(sizeof(struct cmsgcred)); + cmsg -> cmsg_level = SOL_SOCKET; + cmsg -> cmsg_type = SCM_CREDS; -/* Send buf through fd descriptor + msg.msg_name = NULL; + msg.msg_namelen = 0; - On success: 0 returned - - On failure: -1 returned -*/ - -static int -dlogd_send (int fd, const char * buf, size_t len) -{ - struct pollfd fds; - int rc, bytes; + msg.msg_iov = iov; + msg.msg_iovlen = 1; - fds.fd = fd; - fds.events = POLLOUT; + if (sendmsg (fd, &msg, 0) < 0) + { + close(fd); + return (-5); /* can't sendmsg */ + } - while (len) - { - fds.revents = 0; - rc = poll(&fds, 1, timeout * 1000); - if (rc == 0) - return (-1); /* timeout */ - else if (rc < 0) - { - if (errno == EINTR || errno == EAGAIN) - continue; - else - return (-1); - } - - if (!fds.revents) - return (-1); - - bytes = write(fd,buf,len); - - if (bytes < 0) - { - if (errno == EINTR) - continue; - else - return (-1); - } + rc = close(fd); - len -= bytes; - buf += bytes; - } + printf("close returned %d\n", rc); return 0; } + /* Connect to local daemon through PF_LOCAL socket. On success: descriptor returned ==== //depot/projects/soc2007/karma_audit/dlog/lib/libdlogd.h#3 (text+ko) ====
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707090549.l695nS43049639>