PERFORCE change 125177 for review
Alexey Mikhailov
karma at FreeBSD.org
Wed Aug 15 08:46:07 PDT 2007
http://perforce.freebsd.org/chv.cgi?CH=125177
Change 125177 by karma at karma_ez on 2007/08/15 15:45:20
Continue merging of new code in. In this serie, you'll see:
- Basic client SSL stuff
- Get rid of warnings, now it compiles clean with -pedantic and -Wall
- Code is more readable now
- Fixed some stupidness from last commit
Affected files ...
.. //depot/projects/soc2007/karma_audit/dlog/config.h#6 edit
.. //depot/projects/soc2007/karma_audit/dlog/daemon/build#1 add
.. //depot/projects/soc2007/karma_audit/dlog/daemon/client.c#5 edit
.. //depot/projects/soc2007/karma_audit/dlog/daemon/client.h#3 edit
.. //depot/projects/soc2007/karma_audit/dlog/daemon/config.c#5 edit
.. //depot/projects/soc2007/karma_audit/dlog/daemon/config.h#5 edit
.. //depot/projects/soc2007/karma_audit/dlog/daemon/config_client.y#2 edit
.. //depot/projects/soc2007/karma_audit/dlog/daemon/config_server.y#2 edit
.. //depot/projects/soc2007/karma_audit/dlog/daemon/dlogd.c#2 edit
.. //depot/projects/soc2007/karma_audit/dlog/daemon/server.c#5 edit
.. //depot/projects/soc2007/karma_audit/dlog/daemon/server.h#3 edit
.. //depot/projects/soc2007/karma_audit/dlog/daemon/util.c#3 edit
.. //depot/projects/soc2007/karma_audit/dlog/daemon/util.h#3 edit
.. //depot/projects/soc2007/karma_audit/dlog/daemon/worker.c#2 edit
.. //depot/projects/soc2007/karma_audit/dlog/daemon/worker.h#2 edit
Differences ...
==== //depot/projects/soc2007/karma_audit/dlog/config.h#6 (text+ko) ====
@@ -1,5 +1,5 @@
-#ifndef DLOG_CONFIG_H
-#define DLOG_CONFIG_H
+#ifndef _CONFIG_H
+#define _CONFIG_H
#define DL_SOCKET "/tmp/dlogd.socket"
#define DL_SOCKET_DIR "/tmp/"
==== //depot/projects/soc2007/karma_audit/dlog/daemon/client.c#5 (text+ko) ====
@@ -1,8 +1,13 @@
#include "../config.h"
+#include "config.h"
+#include "util.h"
#include <errno.h>
+#include <unistd.h>
#include <string.h>
+#include <strings.h>
#include <stdio.h>
#include <sys/types.h>
+#include <sys/stat.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <sys/param.h>
@@ -10,7 +15,7 @@
extern int errno;
-void
+void *
client_main()
{
int s, cs, opt = 1;
@@ -54,13 +59,13 @@
s = socket(PF_LOCAL, SOCK_STREAM, 0);
if (s < 0) {
- err_fatal("can't create PF_LOCAL socket");
+ err_fatal("client: can't create PF_LOCAL socket");
}
unlink(DL_SOCKET);
if ((setsockopt(s, 0, LOCAL_CREDS, &opt, sizeof(opt))) < 0) {
- err_fatal("can't receive credentials from PF_LOCAL socket");
+ err_fatal("client: can't receive credentials from PF_LOCAL socket");
}
bzero(&n, sizeof(n));
@@ -68,11 +73,11 @@
strcpy(n.sun_path, DL_SOCKET);
if ((bind(s, (struct sockaddr *) &n, SUN_LEN (&n))) < 0) {
- err_fatal("can't bind PF_LOCAL socket. Another instance is running?");
+ err_fatal("client: can't bind PF_LOCAL socket. Another instance is running?");
}
if (listen(s, QLEN) < 0) {
- err_fatal("cat't listen() on PF_LOCAL socket.");
+ err_fatal("client: cat't listen() on PF_LOCAL socket.");
}
while ((cs = accept(s, (struct sockaddr *) NULL, NULL)) >= 0) {
@@ -81,7 +86,7 @@
/* TODO: could go bad here.. fix later.. */
if ((sscanf(buf, "%s\n%s", pathname, keyword)) < 2) {
- printf("ouch!");
+
/* TODO: wrong query */
}
@@ -95,23 +100,26 @@
#ifdef DEBUG
printf("UID %d, GID %d\n", cr.uc.sc_uid, cr.uc.sc_gid);
#endif
- if ((verify_client_access(cr.uc.sc_uid, cr.uc.sc_gid)) == 0) {
+ if ((verify_client_access(keyword, cr.uc.sc_uid, cr.uc.sc_gid)) == 0) {
/* TODO: add logfile to spool here */
/* TODO: umask? */
snprintf(pathbuf, PATH_MAX, "%s/%s", SPOOL_DIR, keyword);
- if (mkdir(pathbuf, "0700") == -1 && errno != EEXIST) {
- fprintf(stderr, "can't create spool dir for keyword");
+ if (mkdir(pathbuf, 0700) == -1 && errno != EEXIST) {
+ err_fatal("client: can't create spool dir for keyword");
}
else
{
+#if 0
snprintf(pathbuf, PATH_MAX, "%s/%ld.%s");
+#endif
}
}
} else {
/* TODO: can't check permissions. wrong query */
- fprintf(stderr,"can't check permissions");
+ fprintf(stderr,"client: can't check permissions");
}
close(cs);
}
+ return 0;
}
==== //depot/projects/soc2007/karma_audit/dlog/daemon/client.h#3 (text+ko) ====
@@ -1,6 +1,6 @@
#ifndef DLOG_CLIENT_H
#define DLOG_CLIENT_H
-void client_main();
+void * client_main();
#endif
==== //depot/projects/soc2007/karma_audit/dlog/daemon/config.c#5 (text+ko) ====
@@ -7,11 +7,47 @@
#include <errno.h>
#include <grp.h>
#include <stdio.h>
+#include <string.h>
+#include <strings.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
+typedef struct client_kw_access {
+ int id;
+ uid_t uid;
+ gid_t gid;
+ struct client_kw_access * next;
+} cl_kw_access;
+
+typedef struct host_ll {
+ struct sockaddr s;
+ struct host_ll *next;
+} host_ll;
+
+typedef struct client_kw_host {
+ char *host;
+ host_ll *hs;
+ struct client_kw_host * next;
+} cl_kw_hosts;
+
+typedef struct server_kw_host {
+ char *host;
+ host_ll *hs;
+ char *dir;
+ struct server_kw_host * next;
+} sv_kw_hostdir;
+
+typedef struct keyword_cli_data {
+ cl_kw_access *access;
+ cl_kw_hosts *hosts;
+} cl_kw_data;
+
+typedef struct keyword_srv_data {
+ sv_kw_hostdir *hds;
+} sv_kw_data;
+
cl_kw_access * cka = NULL;
cl_kw_access * pcka = NULL;
cl_kw_hosts * ckh = NULL;
@@ -24,6 +60,8 @@
extern int errno;
extern FILE * yyin;
+int yyparse (void);
+
#if 0
int
main (int argc, char **argv)
@@ -44,15 +82,13 @@
yyin = fopen("client.conf", "r");
- if (yyin == NULL)
- {
+ if (yyin == NULL) {
err_fatal("cannot open client configuration file");
}
error = yyparse();
- if (error)
- {
+ if (error) {
err_fatal("cannot parse client configuration file");
}
}
@@ -102,6 +138,9 @@
int
add_client_kw_access (char * id, char * val)
{
+ struct passwd * psw;
+ struct group * grp;
+
if (cka == NULL)
{
cka = xmalloc(sizeof(cl_kw_access));
@@ -123,7 +162,7 @@
err_fatal("wrong UID.");
}
- struct passwd * psw = getpwuid(pcka -> uid);
+ psw = getpwuid(pcka -> uid);
if (psw == NULL)
{
@@ -141,9 +180,9 @@
err_fatal("wrong gid");
}
- struct group * grp = getgrgid (pcka -> gid);
+ grp = getgrgid (pcka -> gid);
- if (grp = NULL)
+ if (grp == NULL)
{
err_fatal("getgrgid() failed. Probably wrong GID.");
}
@@ -155,7 +194,7 @@
{
pcka -> id = 1;
- struct passwd * psw = getpwnam(val);
+ psw = getpwnam(val);
if (psw == NULL)
{
err_fatal("getpwnam() failed. Probably wrong username.");
@@ -168,7 +207,7 @@
if (strcmp(id, "group") == 0)
{
pcka -> id = 2;
- struct group * grp = getgrnam(val);
+ grp = getgrnam(val);
if (grp == NULL)
{
err_fatal("getgrnam() failed. Probably wrong groupname.");
==== //depot/projects/soc2007/karma_audit/dlog/daemon/config.h#5 (text+ko) ====
@@ -4,41 +4,6 @@
#include <sys/types.h>
#include <sys/socket.h>
-typedef struct client_kw_access {
- int id;
- uid_t uid;
- gid_t gid;
- struct client_kw_access * next;
-} cl_kw_access;
-
-typedef struct host_ll {
- struct sockaddr s;
- struct host_ll *next;
-} host_ll;
-
-typedef struct client_kw_host {
- char *host;
- host_ll *hs;
- struct client_kw_host * next;
-} cl_kw_hosts;
-
-typedef struct server_kw_host {
- char *host;
- host_ll *hs;
- char *dir;
- struct server_kw_host * next;
-} sv_kw_hostdir;
-
-typedef struct keyword_cli_data {
- cl_kw_access *access;
- cl_kw_hosts *hosts;
-} cl_kw_data;
-
-typedef struct keyword_srv_data {
- sv_kw_hostdir *hds;
-} sv_kw_data;
-
-
TTree * client_kw_tree;
TTree * server_kw_tree;
TTree * client_host_tree;
@@ -54,6 +19,9 @@
void parse_client_config();
void parse_server_config();
+int add_client_host(char * host);
+int add_server_host(char * host);
+
int verify_client_access (const char * keyword, uid_t uid, gid_t gid);
char * verify_server_access (struct sockaddr * sa, const char * keyword);
#endif
==== //depot/projects/soc2007/karma_audit/dlog/daemon/config_client.y#2 (text+ko) ====
@@ -1,6 +1,10 @@
//%start commands
%{
#include <sys/types.h>
+#include "config.h"
+
+void yyerror(const char *);
+int yylex(void);
%}
%union {
==== //depot/projects/soc2007/karma_audit/dlog/daemon/config_server.y#2 (text+ko) ====
@@ -1,6 +1,10 @@
//%start commands
%{
#include <sys/types.h>
+#include "config.h"
+
+void yyerror(const char *);
+int yylex(void);
%}
%union {
==== //depot/projects/soc2007/karma_audit/dlog/daemon/dlogd.c#2 (text+ko) ====
@@ -1,0 +1,79 @@
+#include "config.h"
+#include "ttree.h"
+#include "util.h"
+#include "client.h"
+#include "server.h"
+#include "worker.h"
+
+#include <pthread.h>
+#include <unistd.h>
+
+extern int optind;
+
+int
+main (int argc, char **argv)
+{
+ int ch,cli=0,srv=0,err;
+ pthread_t tid1=0, tid2=0, tid3=0;
+ void *tret;
+
+ while ((ch = getopt(argc, argv, "cs")) != -1)
+ {
+ switch (ch) {
+ case 'c':
+ client_kw_tree = allocate_ttree();
+ client_host_tree = allocate_ttree();
+ parse_client_config();
+ cli = 1;
+ break;
+ case 's':
+ server_kw_tree = allocate_ttree();
+ server_host_tree = allocate_ttree();
+ parse_server_config();
+ srv = 1;
+ break;
+ default:
+ err_fatal("unknown argument");
+ }
+
+ }
+ argc -= optind;
+ argv += optind;
+
+ if (cli == 0 && srv == 0)
+ err_fatal("nothing to do");
+
+ if (cli)
+ {
+ err = pthread_create(&tid1, NULL, client_main, NULL);
+ if (err != 0)
+ {
+ err_fatal("can't create client thread");
+ }
+ err = pthread_create(&tid3, NULL, worker_main, NULL);
+ if (err != 0)
+ {
+ err_fatal("can't create worker thread");
+ }
+ }
+
+ if (srv)
+ {
+ err = pthread_create(&tid2, NULL, server_main, NULL);
+ if (err != 0)
+ {
+ err_fatal("can't create server thread");
+ }
+ }
+
+ if (tid1 != 0)
+ {
+ err = pthread_join(tid1, &tret);
+ }
+ else
+ {
+ err = pthread_join(tid2, &tret);
+ }
+
+ return 0;
+}
==== //depot/projects/soc2007/karma_audit/dlog/daemon/server.c#5 (text+ko) ====
@@ -1,9 +1,14 @@
#include "../config.h"
+#include "config.h"
+#include "util.h"
#include <netdb.h>
#include <limits.h>
#include <stdio.h>
#include <sys/socket.h>
#include <errno.h>
+#include <strings.h>
+#include <string.h>
+#include <unistd.h>
#include <netinet/in.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
@@ -14,7 +19,8 @@
static void serve_conn(int, struct sockaddr *);
static int myssl_accept(int, SSL*);
-void
+/* Thread entry point */
+void *
server_main()
{
#if 0
@@ -122,9 +128,8 @@
/* Go loop */
for (;;) {
clifd = accept(sockfd, (struct sockaddr *)&sockaddr_cli, &l);
- if (clifd < 0)
- {
- if (errno = EINTR)
+ if (clifd < 0) {
+ if (errno == EINTR)
continue;
err_fatal("accept()");
}
@@ -133,6 +138,7 @@
}
}
+/* Server connection from sacli at clifd */
static void
serve_conn (int clifd, struct sockaddr *sacli)
{
@@ -141,9 +147,7 @@
char buf[KEYWORD_MAX+FILENAME_MAX+2];
char filename[FILENAME_MAX+1];
char keyword[KEYWORD_MAX+1];
-#ifdef DEBUG
- printf("got connection from %lx\n", ((struct sockaddr_in *)sacli)->sin_addr.s_addr);
-#endif
+
if (myssl_accept(clifd, ssl) != 0) {
fprintf(stderr, "Failed SSL negotitation\n");
return;
@@ -166,27 +170,34 @@
/* TODO: Could go bad here? */
e = sscanf(buf, "%s\n%s", keyword, filename);
+ /* TODO: Verify access + receive file */
+ if (verify_server_access(sacli, keyword))
+ {
+
+ }
+
#ifdef DEBUG
printf("received keyword %s with filename %s", keyword, filename);
#endif
}
+/* Try to perform SSL handshake at clifd */
static int
myssl_accept (int clifd, SSL *ssl)
{
if ((ssl = SSL_new(sslContext)) == NULL) {
- fprintf(stderr, "SSL_new(): %s\n", ERR_error_string(ERR_get_error(), NULL));
+ fprintf(stderr, "server: SSL_new(): %s\n", ERR_error_string(ERR_get_error(), NULL));
return -1;
}
SSL_set_fd(ssl, clifd);
if (SSL_accept(ssl) <= 0) {
- fprintf(stderr, "SSL_accept(): %s\n", ERR_error_string(ERR_get_error(), NULL));
+ fprintf(stderr, "server: SSL_accept(): %s\n", ERR_error_string(ERR_get_error(), NULL));
return -1;
}
#ifdef DEBUG
- fprintf(stderr, "SSL_get_cipher(): %s\n", SSL_get_cipher(ssl));
+ fprintf(stderr, "server: SSL_get_cipher(): %s\n", SSL_get_cipher(ssl));
#endif
return 0;
}
==== //depot/projects/soc2007/karma_audit/dlog/daemon/server.h#3 (text+ko) ====
@@ -1,6 +1,6 @@
#ifndef DLOG_SERVER_H
#define DLOG_SERVER_H
-void server_main();
+void * server_main();
#endif
==== //depot/projects/soc2007/karma_audit/dlog/daemon/util.c#3 (text+ko) ====
@@ -1,5 +1,6 @@
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
#include "util.h"
@@ -15,13 +16,15 @@
return p;
}
-void
+/* Fatal error */
+inline void
err_fatal (const char * msg)
{
fprintf(stderr, "Fatal error: %s\n", msg);
exit(1);
}
+/* Check for "bad" chars in received message ie more than one '\n' or '/' */
int
search_bad_chars (const char * msg)
{
==== //depot/projects/soc2007/karma_audit/dlog/daemon/util.h#3 (text+ko) ====
@@ -1,9 +1,11 @@
#ifndef _UTIL_H
#define _UTIL_H
+#include <sys/types.h>
/* Wrapper for malloc() */
void * xmalloc (size_t size);
void err_fatal (const char * msg);
+int search_bad_chars (const char * msg);
#endif
==== //depot/projects/soc2007/karma_audit/dlog/daemon/worker.c#2 (text+ko) ====
@@ -1,19 +1,110 @@
#include "../config.h"
+#include "util.h"
#include <signal.h>
+#include <libgen.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/socket.h>
+#include <pthread.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
static sigset_t mask;
+static SSL_CTX *sslContext=NULL;
-void
+/* Go through spool and perform pending tasks */
+static void
go_queue()
{
+
+}
+
+/* Perform sending log file out */
+static int
+ssl_sendfile (const char * pathname, const char * keyword, struct sockaddr * to)
+{
+ int sock, r, ans;
+ SSL* ssl;
+ X509* cert;
+ char buf[FILENAME_MAX + KEYWORD_MAX + 2];
+ sock = socket (AF_INET, SOCK_STREAM, 0);
+
+ if (sock < 0)
+ err_fatal("worker: socket()");
+
+ r = connect(sock, to, sizeof(*to));
+
+ if (r < 0) {
+ fprintf(stderr,"worker: connect()");
+ return 1;
+ }
+
+ /* SSL handshake */
+ ssl = SSL_new(sslContext);
+ SSL_set_fd (ssl, sock);
+
+#ifdef DEBUG
+ fprintf(stderr, "worker: cipher %s", SSL_get_cipher(ssl));
+#endif
+
+ /* Catch server's certificate */
+ cert = SSL_get_peer_certificate (ssl);
+
+ if (cert == NULL) {
+ fprintf(stderr, "worker: can't get server's certificate");
+ SSL_shutdown(ssl);
+ close(sock);
+ return 1;
+ }
+
+ /* TODO: certificate validation goes here. Think of having TA in config */
+
+ /* Don't need certificate anymore */
+ X509_free(cert);
+
+ /* Send filename\keyword */
+ snprintf(buf, sizeof(buf),"%s\n%s", keyword, basename(pathname));
+
+ r = SSL_write (ssl, buf, strlen(buf));
+ if (r < 0) {
+ fprintf(stderr, "worker: SSL_write()");
+ SSL_shutdown(ssl);
+ close(sock);
+ return 1;
+ }
+
+ r = SSL_read (ssl, &ans, sizeof(ans));
+ if (r < 0) {
+ fprintf(stderr, "worker: SSL_read()");
+ SSL_shutdown(ssl);
+ close(sock);
+ return 1;
+ }
+
+ if (ans < 0) {
+ fprintf(stderr, "worker: server returned %d", ans);
+ SSL_shutdown(ssl);
+ close(sock);
+ return 1;
+ }
+
+ /* TODO: OK, sending flle goes here */
+ return 0;
}
-void
+void *
worker_main()
{
- int signo, r;
+ int signo;
sigset_t oldmask;
+
+ SSL_load_error_strings();
+ SSLeay_add_ssl_algorithms();
+ sslContext = SSL_CTX_new(SSLv23_client_method());
+
sigemptyset(&mask);
sigaddset(&mask, SIGALRM);
if (pthread_sigmask(SIG_BLOCK, &mask, &oldmask) < 0)
==== //depot/projects/soc2007/karma_audit/dlog/daemon/worker.h#2 (text+ko) ====
@@ -1,0 +1,6 @@
+#ifndef DLOG_WORKER_H
+#define DLOG_WORKER_H
+
+void * worker_main();
+
+#endif
More information about the p4-projects
mailing list