4 * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
6 * Contact: Bumjin Im <bj.im@samsung.com>
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License
24 #include <sys/types.h>
29 #include <sys/smack.h>
31 #include <sys/socket.h>
35 #include "smack-check.h"
36 #include "security-server.h"
37 #include "security-server-common.h"
38 #include "security-server-comm.h"
41 void printhex(unsigned char *data, int size)
44 for (i = 0; i < size; i++)
49 printf("%X ", data[i]);
50 if (((i + 1) % 16) == 0 && i != 0)
57 char *read_cmdline_from_proc(pid_t pid)
63 snprintf(path, sizeof(path), "/proc/%d/exe", pid);
68 SEC_SVR_DBG("%s", "Out of memory");
74 bzero(cmdline, memsize);
75 /* readlink() may have security hole in normal symbolic link. *
76 * But this link is located at proc fs that only kernel can change */
77 readlink(path, cmdline, memsize); /* FlawFinder: ignore */
78 SEC_SVR_DBG("pid: %d, cmdline: %s", pid, cmdline);
80 /* Check it's truncated */
81 if (cmdline[memsize - 1] != 0)
83 cmdline = (char*)realloc(cmdline, sizeof(char) * (memsize + 32));
87 SEC_SVR_DBG("%s", "Out of memory");
101 /* We may need to filter error code */
102 int convert_to_public_error_code(int err_code)
104 /* Do we need this? */
108 // SECURITY_SERVER_API
109 // int security_server_get_gid(const char *object)
111 // int sockfd = -1, retval, gid;
112 // response_header hdr;
114 // if (object == NULL)
116 // SEC_SVR_ERR("%s", "Client: object is null or object is too big");
117 // retval = SECURITY_SERVER_API_ERROR_INPUT_PARAM;
120 // if (strlen(object) > SECURITY_SERVER_MAX_OBJ_NAME)
122 // SEC_SVR_ERR("%s", "object is null or object is too big");
123 // retval = SECURITY_SERVER_API_ERROR_INPUT_PARAM;
127 // if (strlen(object) == 0)
129 // SEC_SVR_ERR("Client: object is is empty");
130 // retval = SECURITY_SERVER_API_ERROR_INPUT_PARAM;
134 // SECURE_SLOGD("%s", "Client: security_server_get_gid() is called");
135 // retval = connect_to_server(&sockfd);
136 // if (retval != SECURITY_SERVER_SUCCESS)
138 // /* Error on socket */
139 // SEC_SVR_ERR("Connection failed: %d", retval);
142 // SECURE_SLOGD("%s", "Client: Security server has been connected");
144 // /* make request packet and send to server*/
145 // retval = send_gid_request(sockfd, object);
146 // SEC_SVR_DBG("%s", "Client: gid request has been sent");
147 // if (retval != SECURITY_SERVER_SUCCESS)
149 // /* Error on socket */
150 // SEC_SVR_ERR("Send gid request failed: %d", retval);
154 // /* Receive response */
155 // retval = recv_get_gid_response(sockfd, &hdr, &gid);
156 // if (retval != SECURITY_SERVER_SUCCESS)
158 // SEC_SVR_ERR("Client: Receive response failed: %d", retval);
161 // SEC_SVR_DBG("%s", "Client: get gid response has been received");
163 // if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_GID_RESPONSE) /* Wrong response */
165 // if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
167 // /* There must be some error */
168 // SEC_SVR_ERR("Client: It'll be an error. return code:%d", hdr.return_code);
169 // retval = return_code_to_error_code(hdr.return_code);
174 // /* Something wrong with response */
175 // SEC_SVR_ERR("Client: Something wrong with response:%d", hdr.basic_hdr.msg_id);
176 // retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
181 // SEC_SVR_DBG("received gid is %d", gid);
187 // /* If error happened */
189 // retval = convert_to_public_error_code(retval);
196 // SECURITY_SERVER_API
197 // int security_server_get_object_name(gid_t gid, char *object, size_t max_object_size)
199 // int sockfd = -1, retval;
200 // response_header hdr;
202 // if (object == NULL)
204 // retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
208 // retval = connect_to_server(&sockfd);
209 // if (retval != SECURITY_SERVER_SUCCESS)
211 // /* Error on socket */
212 // SEC_SVR_ERR("Client: connect to server failed: %d", retval);
216 // /* make request packet */
217 // retval = send_object_name_request(sockfd, gid);
218 // if (retval != SECURITY_SERVER_SUCCESS)
220 // /* Error on socket */
221 // SEC_SVR_ERR("Client: cannot send request: %d", retval);
225 // retval = recv_get_object_name(sockfd, &hdr, object, max_object_size);
226 // if (retval != SECURITY_SERVER_SUCCESS)
228 // SEC_SVR_ERR("Client: Receive response failed: %d", retval);
232 // if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_RESPONSE) /* Wrong response */
234 // if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
236 // /* There must be some error */
237 // SEC_SVR_ERR("Client: There is error on response: return code:%d", hdr.basic_hdr.msg_id);
238 // retval = return_code_to_error_code(hdr.return_code);
242 // /* Something wrong with response */
243 // SEC_SVR_ERR("Client: Some unexpected error happene: return code:%d", hdr.basic_hdr.msg_id);
244 // retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
253 // retval = convert_to_public_error_code(retval);
259 int security_server_is_pwd_valid(unsigned int *current_attempts,
260 unsigned int *max_attempts,
261 unsigned int *valid_secs)
263 int sockfd = -1, retval = SECURITY_SERVER_ERROR_UNKNOWN;
266 if (current_attempts == NULL || max_attempts == NULL || valid_secs == NULL)
268 retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
272 /* Authenticate self that is setting app goes here */
273 /* 1st, check cmdline which is setting app */
274 /* 2nd, check /proc/self/attr/current for the SMACK label */
276 retval = connect_to_server(&sockfd);
277 if (retval != SECURITY_SERVER_SUCCESS)
279 /* Error on socket */
283 /* make request packet */
284 retval = send_valid_pwd_request(sockfd);
285 if (retval != SECURITY_SERVER_SUCCESS)
287 /* Error on socket */
288 SEC_SVR_ERR("Client: Send failed: %d", retval);
292 retval = recv_pwd_response(sockfd, &hdr, current_attempts, max_attempts, valid_secs);
294 retval = return_code_to_error_code(hdr.return_code);
295 if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_VALID_PWD_RESPONSE) /* Wrong response */
297 if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_VALID_PWD_RESPONSE)
299 /* There must be some error */
300 SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
304 /* Something wrong with response */
305 SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
306 retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
314 retval = convert_to_public_error_code(retval);
321 int security_server_set_pwd(const char *cur_pwd,
323 const unsigned int max_challenge,
324 const unsigned int valid_period_in_days)
326 int sockfd = -1, retval;
329 if (new_pwd == NULL || strlen(new_pwd) > SECURITY_SERVER_MAX_PASSWORD_LEN || strlen(new_pwd) == 0)
331 retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
335 /* Authenticate self that is setting app goes here */
336 /* 1st, check cmdline which is setting app */
337 /* 2nd, check /proc/self/attr/current for the SMACK label */
339 retval = connect_to_server(&sockfd);
340 if (retval != SECURITY_SERVER_SUCCESS)
342 /* Error on socket */
346 /* make request packet */
347 retval = send_set_pwd_request(sockfd, cur_pwd, new_pwd, max_challenge, valid_period_in_days);
348 if (retval != SECURITY_SERVER_SUCCESS)
350 /* Error on socket */
351 SEC_SVR_ERR("Client: Send failed: %d", retval);
355 retval = recv_generic_response(sockfd, &hdr);
357 retval = return_code_to_error_code(hdr.return_code);
358 if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE) /* Wrong response */
360 if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
362 /* There must be some error */
363 SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
367 /* Something wrong with response */
368 SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
369 retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
377 retval = convert_to_public_error_code(retval);
383 int security_server_set_pwd_validity(const unsigned int valid_period_in_days)
385 int sockfd = -1, retval;
388 retval = connect_to_server(&sockfd);
389 if (retval != SECURITY_SERVER_SUCCESS)
391 /* Error on socket */
395 /* make request packet */
396 retval = send_set_pwd_validity_request(sockfd, valid_period_in_days);
397 if (retval != SECURITY_SERVER_SUCCESS)
399 /* Error on socket */
400 SEC_SVR_ERR("Client: Send failed: %d", retval);
404 retval = recv_generic_response(sockfd, &hdr);
406 retval = return_code_to_error_code(hdr.return_code);
407 if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_RESPONSE) /* Wrong response */
409 if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
411 /* There must be some error */
412 SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
416 /* Something wrong with response */
417 SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
418 retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
426 retval = convert_to_public_error_code(retval);
431 int security_server_set_pwd_max_challenge(const unsigned int max_challenge)
433 int sockfd = -1, retval;
436 retval = connect_to_server(&sockfd);
437 if (retval != SECURITY_SERVER_SUCCESS)
439 /* Error on socket */
443 /* make request packet */
444 retval = send_set_pwd_max_challenge_request(sockfd, max_challenge);
445 if (retval != SECURITY_SERVER_SUCCESS)
447 /* Error on socket */
448 SEC_SVR_ERR("Client: Send failed: %d", retval);
452 retval = recv_generic_response(sockfd, &hdr);
454 retval = return_code_to_error_code(hdr.return_code);
455 if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_RESPONSE) /* Wrong response */
457 if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
459 /* There must be some error */
460 SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
464 /* Something wrong with response */
465 SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
466 retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
474 retval = convert_to_public_error_code(retval);
481 int security_server_reset_pwd(const char *new_pwd,
482 const unsigned int max_challenge,
483 const unsigned int valid_period_in_days)
485 int sockfd = -1, retval;
488 if (new_pwd == NULL || strlen(new_pwd) > SECURITY_SERVER_MAX_PASSWORD_LEN || strlen(new_pwd) == 0)
490 retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
494 /* Authenticate self that is setting app goes here */
495 /* 1st, check cmdline which is setting app */
496 /* 2nd, check /proc/self/attr/current for the SMACK label */
498 retval = connect_to_server(&sockfd);
499 if (retval != SECURITY_SERVER_SUCCESS)
501 /* Error on socket */
505 /* make request packet */
506 retval = send_reset_pwd_request(sockfd, new_pwd, max_challenge, valid_period_in_days);
507 if (retval != SECURITY_SERVER_SUCCESS)
509 /* Error on socket */
510 SEC_SVR_ERR("Client: Send failed: %d", retval);
514 retval = recv_generic_response(sockfd, &hdr);
516 retval = return_code_to_error_code(hdr.return_code);
517 if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_RESET_PWD_RESPONSE) /* Wrong response */
519 if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
521 /* There must be some error */
522 SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
526 /* Something wrong with response */
527 SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
528 retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
536 retval = convert_to_public_error_code(retval);
543 int security_server_chk_pwd(const char *challenge,
544 unsigned int *current_attempt,
545 unsigned int *max_attempts,
546 unsigned int *valid_secs)
548 int sockfd = -1, retval;
551 if (challenge == NULL || strlen(challenge) > SECURITY_SERVER_MAX_PASSWORD_LEN
552 || strlen(challenge) == 0 || current_attempt == NULL
553 || max_attempts == NULL || valid_secs == NULL)
555 retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
559 /* Authenticate self goes here */
561 retval = connect_to_server(&sockfd);
562 if (retval != SECURITY_SERVER_SUCCESS)
564 /* Error on socket */
568 /* make request packet */
569 retval = send_chk_pwd_request(sockfd, challenge);
570 if (retval != SECURITY_SERVER_SUCCESS)
572 /* Error on socket */
573 SEC_SVR_ERR("Client: Send failed: %d", retval);
577 retval = recv_pwd_response(sockfd, &hdr, current_attempt, max_attempts, valid_secs);
579 retval = return_code_to_error_code(hdr.return_code);
580 if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE) /* Wrong response */
582 if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
584 /* There must be some error */
585 SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
589 /* Something wrong with response */
590 SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
591 retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
599 retval = convert_to_public_error_code(retval);
604 int security_server_set_pwd_history(int number_of_history)
606 int sockfd = -1, retval;
609 if (number_of_history > SECURITY_SERVER_MAX_PASSWORD_HISTORY || number_of_history < 0)
610 return SECURITY_SERVER_API_ERROR_INPUT_PARAM;
612 /* Authenticate self that is setting app goes here */
613 /* 1st, check cmdline which is setting app */
614 /* 2nd, check /proc/self/attr/current for the SMACK label */
616 retval = connect_to_server(&sockfd);
617 if (retval != SECURITY_SERVER_SUCCESS)
619 /* Error on socket */
623 /* make request packet */
624 retval = send_set_pwd_history_request(sockfd, number_of_history);
625 if (retval != SECURITY_SERVER_SUCCESS)
627 /* Error on socket */
628 SEC_SVR_ERR("Client: Send failed: %d", retval);
631 retval = recv_generic_response(sockfd, &hdr);
633 retval = return_code_to_error_code(hdr.return_code);
634 if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_SET_PWD_HISTORY_RESPONSE) /* Wrong response */
636 if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
638 /* There must be some error */
639 SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
643 /* Something wrong with response */
644 SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
645 retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
653 retval = convert_to_public_error_code(retval);