PERFORCE change 180137 for review
Sergio Ligregni
ligregni at FreeBSD.org
Wed Jun 23 03:11:21 UTC 2010
http://p4web.freebsd.org/@@180137?ac=10
Change 180137 by ligregni at ligPhenom on 2010/06/23 03:10:23
Some work on the master daemon
we can now connect to master and send the
path and MD5 checksum of a file to ask server
if the trail is there
Affected files ...
.. //depot/projects/soc2010/disaudit/damasterd.c#2 edit
.. //depot/projects/soc2010/disaudit/damasterd.h#2 edit
.. //depot/projects/soc2010/disaudit/msocket_work.c#2 edit
.. //depot/projects/soc2010/disaudit/msocket_work.h#2 edit
.. //depot/projects/soc2010/disaudit/shipd.c#5 edit
.. //depot/projects/soc2010/disaudit/shipd.h#5 edit
.. //depot/projects/soc2010/disaudit/ssocket_work.c#3 edit
.. //depot/projects/soc2010/disaudit/ssocket_work.h#3 edit
Differences ...
==== //depot/projects/soc2010/disaudit/damasterd.c#2 (text+ko) ====
@@ -27,8 +27,8 @@
/*** INCLUDES ***/
-#include "shipd.h"
-#include "ssocket_work.h"
+#include "damasterd.h"
+#include "msocket_work.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -41,11 +41,66 @@
/*** DECLARATIONS ***/
+/* Directory settings took from audit_control */
+char slave_trails_dir[MAX_DIR_SIZE + 1];
+char *ptr_std;
+int slave_dirs;
+
+/* The level of trust the shipping process will have (0 means disabled) */
+int panic_level;
+
+/* Port number */
+int port_number;
+
/* The destination of the messages are controlled by this variable */
int debug;
+/* Socket buffer management */
+char buffer[MAX_BUF_SIZE + 1];
+int brecv;
+
main(int argc, char *argv[])
{
+ char cl_opt;
+ int last = 0;
+
+ debug = 0;
+
+ while ((cl_opt = getopt(argc, argv, "dl")) != -1)
+ switch (cl_opt)
+ {
+ case 'd':
+ /* Debug option */
+ debug = 1;
+ break;
+ }
+
+ /* If not debugging, daemonize the program */
+ if (debug == 0 && daemon(0,0) != 0)
+ {
+ perror("Can't daemonize, exiting!");
+ exit(1);
+ }
+
+ /* Set the directory path, the host address, the panic level */
+ if (get_parameters() == -1)
+ {
+ to_log("Can't get the parameters to work!");
+ exit(1);
+ }
+
+ ptr_std = slave_trails_dir + strlen(slave_trails_dir);
+
+ /* There is no shipd enabled and it wasn't called by AUDIT (normally the unique way to get 'last' on) */
+ if (panic_level == 0)
+ {
+ to_log("DAMasterd disabled");
+ exit(0);
+ }
+
+ if (do_master_daemon() == -1)
+ exit(1);
+
return 0;
}
@@ -59,3 +114,150 @@
}
+do_master_daemon()
+{
+ int socketfd, newsockfd, childpid;
+ char message[256];
+ char client_host[256];
+ struct sockaddr clientinfo;
+
+ if ((socketfd = init_socket(port_number)) < 0)
+ {
+ sprintf(message, "Error initializing socket on port %d", port_number);
+ to_log(message);
+ return -1;
+ }
+
+ while (1)
+ {
+ newsockfd = accept_connection(socketfd, &clientinfo);
+
+ if (newsockfd < 0)
+ {
+ sprintf(message, "Error accepting client connections");
+ to_log(message);
+ return -1;
+ }
+
+ if ((childpid = fork()) < 0)
+ {
+ to_log("Error forking the process");
+ return -1;
+ }
+ else if (childpid == 0)
+ {
+ debug = 0;
+ if (process_request(newsockfd, &clientinfo) == -1)
+ {
+ to_log("Error processing client's request");
+ return -1;
+ }
+ close(socketfd);
+ }
+
+ close(newsockfd);
+ }
+
+ return 0;
+}
+
+get_parameters()
+{
+ /* GSoC: using an special file, intended to include this values at audit_control */
+ FILE *fpars = fopen("/etc/security/damasterd_control", "r");
+
+ char sslave_dirs[10];
+
+ if (!fpars)
+ return -1;
+
+ if (feof(fpars))
+ return -1;
+
+ fscanf(fpars, "%s", slave_trails_dir);
+ fscanf(fpars, "%s", sslave_dirs);
+ fscanf(fpars, "%d", &panic_level);
+ fscanf(fpars, "%d", &port_number);
+
+ if (strcmp(sslave_dirs, "no"))
+ slave_dirs = 1;
+ else
+ slave_dirs = 0;
+
+ return 0;
+}
+
+process_request(int sfd, struct sockaddr *clientinfo)
+{
+ int res = -1;
+
+ char opt[1];
+
+ get_from_socket(sfd, opt);
+
+ switch(opt[0])
+ {
+ case '1': /* The request is about searching for a file */
+ res = search_trail(sfd, clientinfo);
+ break;
+ case '2': /* The request is about receiving a trail */
+ res = receive_trail(sfd, clientinfo);
+ break;
+ default:
+ to_log("Can't understand user's request!");
+ }
+
+ close(sfd);
+
+ return res;
+}
+
+search_trail(int sfd, struct sockaddr *clientinfo)
+{
+ char hbuf[NI_MAXHOST+1];
+ char message[MAX_PATH_SIZE + 50];
+ char hostname[NI_MAXHOST+1];
+ char path[MAX_TRAILPATH_SIZE+1], md5slave[33];
+
+ get_from_socket(sfd, path);
+ get_from_socket(sfd, md5slave);
+
+ strcpy(hostname, inet_ntoa(((struct sockaddr_in *) clientinfo)->sin_addr));
+
+ if (getnameinfo(clientinfo, clientinfo->sa_len, hbuf, sizeof(hbuf), NULL, 0, NI_NAMEREQD))
+ to_log("Couldn't resolve hostname, using IP address");
+ else
+ strcpy(hostname, hbuf);
+
+ sprintf(message, "Looking for \"%s\" from \"%s\" with MD5: \"%s\"", path, hostname, md5slave);
+ to_log(message);
+
+ return 1;
+}
+
+void
+get_from_socket(int sfd, char *dest)
+{
+ int len, left;
+ char *ptr;
+ brecv = recv(sfd, buffer, sizeof(int), 0);
+ strncpy((char *) &len, buffer, sizeof(int));
+
+ left = len;
+ ptr = dest;
+
+ while (left > 0)
+ {
+ brecv = recv(sfd, buffer, min(MAX_BUF_SIZE, left), 0);
+ buffer[brecv] = 0;
+ strcpy(ptr, buffer);
+ ptr += brecv;
+ left -= brecv;
+ }
+}
+
+receive_trail(int sfd, struct sockaddr *clientinfo)
+{
+ return 0;
+}
+
==== //depot/projects/soc2010/disaudit/damasterd.h#2 (text+ko) ====
@@ -28,6 +28,25 @@
#ifndef _DAMASTERD_H_
#define _DAMASTERD_H_
+#define MAX_DIR_SIZE 255
+#define MAX_BUF_SIZE 1024
+#define MAX_PATH_SIZE MAX_DIR_SIZE + 50
+#define MAX_HOST_SIZE 255
+#define MAX_TRAILPATH_SIZE 29
+
+#define min(a,b) (a < b ? a : b)
+
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#include <arpa/inet.h>
+
void to_log(char *);
+int get_parameters();
+int do_master_daemon();
+int process_request(int, struct sockaddr *);
+int search_trail(int, struct sockaddr *);
+int receive_trail(int, struct sockaddr *);
+void get_from_socket(int, char *);
#endif
==== //depot/projects/soc2010/disaudit/msocket_work.c#2 (text+ko) ====
@@ -35,69 +35,14 @@
#include <string.h>
#include <unistd.h>
-int
-do_socket_check_file(char *host, int port, char *path, char *fullpath, char *md5)
+init_socket(int port)
{
+ struct sockaddr_in sockaddr;
int sockfd;
- if (init_socket(host, port, &sockfd) == -1)
- return -1;
-
- return -1;
-}
-
-int
-is_ipv4(char *address)
-{
- int points=0, last_point=0, i, len=strlen(address);
-
- /* Here we will check if the string is a valid IPv4 address */
-
- for(i=0; i<len && points<=3; ++i)
- if (i==0 || i==len-1) /* In the first and last positions there can be only a digit */
- {
- if (!isdigit(address[i]))
- break;
- }
- else if (address[i] == '.' && i > last_point+1) /* Counting the points and making sure there are no two consecutive points */
- {
- last_point = i;
- ++points;
- }
- else if (!isdigit(address[i]))
- break;
-
- if (points == 3 && i == len)
- return 1;
- return 0;
-}
-
-int
-init_socket(char *host, int port, int *sfd)
-{
- struct sockaddr_in sockaddr;
- struct in_addr inaddr;
- struct hostent *hostentry = NULL;
- char message[256];
- int sockfd, res;
- char ipv4[16];
-
- if (!is_ipv4(host))
- {
- hostentry = gethostbyname(host);
- if (!hostentry)
- {
- to_log("Error gettig the host");
- return -1;
- }
-
- sprintf(message, "Got for the host: %s the IPv4 address: %s", host, inet_ntoa(*((struct in_addr *)hostentry->h_addr)));
- to_log(message);
- }
-
sockfd = socket(PF_INET, SOCK_STREAM, 0);
- if (sockfd == -1)
+ if (sockfd < 0)
{
to_log("Cannot create socket!");
return -1;
@@ -106,21 +51,31 @@
bzero(&sockaddr, sizeof(sockaddr));
sockaddr.sin_family = AF_INET;
- sockaddr.sin_addr.s_addr = hostentry != NULL ? ((struct in_addr *) hostentry->h_addr)->s_addr : inet_addr(host);
+ sockaddr.sin_addr.s_addr = htonl(INADDR_ANY);
sockaddr.sin_port = htons(port);
- res = connect(sockfd, (struct sockaddr *) &sockaddr, sizeof(sockaddr));
-
- if (res < 0)
+ if (bind(sockfd, (struct sockaddr *) &sockaddr, sizeof(sockaddr)) < 0)
{
- to_log("Can't connect to server!");
+ to_log("Cannot bind to port");
return -1;
}
- sprintf(message, "Successfully connected to: %s", hostentry != NULL ? inet_ntoa(*((struct in_addr *) hostentry->h_addr)) : host);
- to_log(message);
+ listen(sockfd, 500);
+
+ return sockfd;
+}
+
+accept_connection(int sfd, struct sockaddr *clientinfo)
+{
+ struct sockaddr_in clientaddr;
+ int clientlen = sizeof(clientaddr);
+ int retval = 0;
+
+ retval = accept(sfd, (struct sockaddr *) &clientaddr, &clientlen);
+
+ if (retval >= 0)
+ clientinfo = (struct sockaddr *) &clientaddr;
- *sfd = sockfd;
- return 0;
+ return retval;
}
==== //depot/projects/soc2010/disaudit/msocket_work.h#2 (text+ko) ====
@@ -28,7 +28,9 @@
#ifndef _SSOCKET_WORK_H_
#define _SSOCKET_WORK_H_
-int do_socket_check_file(char *, int, char *, char *, char *);
-int init_socket(char *, int, int *);
+#include <netinet/in.h>
+
+int init_socket(int);
+int accept_connection(int, struct sockaddr *);
#endif
==== //depot/projects/soc2010/disaudit/shipd.c#5 (text+ko) ====
@@ -125,6 +125,8 @@
fscanf(fpars, "%d", &msec_freq);
fscanf(fpars, "%d", &port_number);
+ fclose(fpars);
+
return 0;
}
@@ -168,7 +170,6 @@
* closed trail in meaning of lexicographic
* order (that is also a chronological one)
*/
-int
get_last_trail(char *path)
{
DIR *dp;
@@ -227,7 +228,6 @@
* so we must ensure we will only deal with the ones
* that are trails
*/
-int
is_audit_trail(char *path)
{
/*
@@ -261,7 +261,6 @@
}
}
-int
send_trail(char *path)
{
return 0;
@@ -272,7 +271,8 @@
* newest correct trail and sync from it to the last
* closed trail
*/
-void do_daemon_date()
+void
+do_daemon_date()
{
DIR *dp;
struct dirent *dirp;
@@ -384,7 +384,7 @@
* that an audit trail is older than the other one
* according their lexicographic value
*/
-int cmp_trails (const void *A, const void *B)
+cmp_trails (const void *A, const void *B)
{
if (strcmp(*((char **)A), *((char **)B)) < 0)
return 1;
@@ -399,7 +399,7 @@
* checksums on both systems are not equal, then the function
* will return "false" since an incomplete trail is not valid here.
*/
-int is_in_master(char *path, char *fullpath)
+is_in_master(char *path, char *fullpath)
{
char *md5 = (char *) malloc (sizeof(char) * 33);
char message[MAX_PATH_SIZE + 33];
@@ -412,7 +412,7 @@
to_log(message);
/* Included in socket_work.c, this intended to implement SSL later */
- if (do_socket_check_file(master_host, port_number, path, fullpath, md5) == -1)
+ if (do_socket_check_file(master_host, port_number, path, md5) == -1)
ret_val = 0;
free(md5);
@@ -425,7 +425,8 @@
* This function will make sure that ALL the trails
* of the slave system are on master system
*/
-void do_daemon_all()
+void
+do_daemon_all()
{
DIR *dp;
struct dirent *dirp;
==== //depot/projects/soc2010/disaudit/shipd.h#5 (text+ko) ====
==== //depot/projects/soc2010/disaudit/ssocket_work.c#3 (text+ko) ====
@@ -34,19 +34,33 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include "ssocket_work.h"
-int
-do_socket_check_file(char *host, int port, char *path, char *fullpath, char *md5)
+do_socket_check_file(char *host, int port, char *path, char *md5)
{
int sockfd;
if (init_socket(host, port, &sockfd) == -1)
return -1;
+ send_to_socket(sockfd, "1");
+ send_to_socket(sockfd, path);
+ send_to_socket(sockfd, md5);
+
+ close(sockfd);
+
return -1;
}
-int
+void
+send_to_socket(int sfd, char *data)
+{
+ int len = strlen(data);
+
+ send(sfd, &len, sizeof(int), 0);
+ send(sfd, data, len, 0);
+}
+
is_ipv4(char *address)
{
int points=0, last_point=0, i, len=strlen(address);
@@ -72,7 +86,6 @@
return 0;
}
-int
init_socket(char *host, int port, int *sfd)
{
struct sockaddr_in sockaddr;
==== //depot/projects/soc2010/disaudit/ssocket_work.h#3 (text+ko) ====
@@ -28,7 +28,8 @@
#ifndef _SSOCKET_WORK_H_
#define _SSOCKET_WORK_H_
-int do_socket_check_file(char *, int, char *, char *, char *);
+int do_socket_check_file(char *, int, char *, char *);
int init_socket(char *, int, int *);
+void send_to_socket(int, char *);
#endif
More information about the p4-projects
mailing list