projects / platform / core / security / security-manager.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Remove deprecated and unused code.
[platform/core/security/security-manager.git] / src / client / security-server-client.c
1 /*
2  * security-server
3  *
4  *  Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
5  *
6  *  Contact: Bumjin Im <bj.im@samsung.com>
7  *
8  *  Licensed under the Apache License, Version 2.0 (the "License");
9  *  you may not use this file except in compliance with the License.
10  *  You may obtain a copy of the License at
11  *
12  *      http://www.apache.org/licenses/LICENSE-2.0
13  *
14  *  Unless required by applicable law or agreed to in writing, software
15  *  distributed under the License is distributed on an "AS IS" BASIS,
16  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17  *  See the License for the specific language governing permissions and
18  *  limitations under the License
19  *
20  */
21
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <sys/types.h>
25 #include <sys/stat.h>
26 #include <errno.h>
27 #include <unistd.h>
28 #include <string.h>
29 #include <sys/smack.h>
30 #include <fcntl.h>
31 #include <sys/socket.h>
32 #include <sys/un.h>
33 #include <sys/poll.h>
34
35 #include "smack-check.h"
36 #include "security-server.h"
37 #include "security-server-common.h"
38 #include "security-server-comm.h"
39
40 #if 0
41 void printhex(unsigned char *data, int size)
42 {
43     int i;
44     for (i = 0; i < size; i++)
45     {
46         if (data[i] < 0xF)
47             printf("0");
48
49         printf("%X ", data[i]);
50         if (((i + 1) % 16) == 0 && i != 0)
51             printf("\n");
52     }
53     printf("\n");
54 }
55
56
57 char *read_cmdline_from_proc(pid_t pid)
58 {
59     int memsize = 32;
60     char path[32];
61     char *cmdline = NULL;
62
63     snprintf(path, sizeof(path), "/proc/%d/exe", pid);
64
65     cmdline = malloc(32);
66     if (cmdline == NULL)
67     {
68         SEC_SVR_DBG("%s", "Out of memory");
69         goto error;
70     }
71
72     while (1)
73     {
74         bzero(cmdline, memsize);
75         /* readlink() may have security hole in normal symbolic link. *
76          * But this link is located at proc fs that only kernel can change */
77         readlink(path, cmdline, memsize);   /* FlawFinder: ignore */
78         SEC_SVR_DBG("pid: %d, cmdline: %s", pid, cmdline);
79
80         /* Check it's truncated */
81         if (cmdline[memsize - 1] != 0)
82         {
83             cmdline = (char*)realloc(cmdline, sizeof(char) * (memsize + 32));
84             memsize += 32;
85             if (cmdline == NULL)
86             {
87                 SEC_SVR_DBG("%s", "Out of memory");
88                 goto error;
89             }
90         }
91         else
92             break;
93     }
94
95 error:
96     return cmdline;
97 }
98 #endif
99
100
101 /* We may need to filter error code */
102 int convert_to_public_error_code(int err_code)
103 {
104     /* Do we need this? */
105     return err_code;
106 }
107
108 // SECURITY_SERVER_API
109 // int security_server_get_gid(const char *object)
110 // {
111 //     int sockfd = -1, retval, gid;
112 //     response_header hdr;
113
114 //     if (object == NULL)
115 //     {
116 //         SEC_SVR_ERR("%s", "Client: object is null or object is too big");
117 //         retval = SECURITY_SERVER_API_ERROR_INPUT_PARAM;
118 //         goto error;
119 //     }
120 //     if (strlen(object) > SECURITY_SERVER_MAX_OBJ_NAME)
121 //     {
122 //         SEC_SVR_ERR("%s", "object is null or object is too big");
123 //         retval = SECURITY_SERVER_API_ERROR_INPUT_PARAM;
124 //         goto error;
125 //     }
126
127 //     if (strlen(object) == 0)
128 //     {
129 //         SEC_SVR_ERR("Client: object is is empty");
130 //         retval = SECURITY_SERVER_API_ERROR_INPUT_PARAM;
131 //         goto error;
132 //     }
133
134 //     SECURE_SLOGD("%s", "Client: security_server_get_gid() is called");
135 //     retval = connect_to_server(&sockfd);
136 //     if (retval != SECURITY_SERVER_SUCCESS)
137 //     {
138 //         /* Error on socket */
139 //         SEC_SVR_ERR("Connection failed: %d", retval);
140 //         goto error;
141 //     }
142 //     SECURE_SLOGD("%s", "Client: Security server has been connected");
143
144 //     /* make request packet and send to server*/
145 //     retval = send_gid_request(sockfd, object);
146 //     SEC_SVR_DBG("%s", "Client: gid request has been sent");
147 //     if (retval != SECURITY_SERVER_SUCCESS)
148 //     {
149 //         /* Error on socket */
150 //         SEC_SVR_ERR("Send gid request failed: %d", retval);
151 //         goto error;
152 //     }
153
154 //     /* Receive response */
155 //     retval = recv_get_gid_response(sockfd, &hdr, &gid);
156 //     if (retval != SECURITY_SERVER_SUCCESS)
157 //     {
158 //         SEC_SVR_ERR("Client: Receive response failed: %d", retval);
159 //         goto error;
160 //     }
161 //     SEC_SVR_DBG("%s", "Client: get gid response has been received");
162
163 //     if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_GID_RESPONSE)   /* Wrong response */
164 //     {
165 //         if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
166 //         {
167 //             /* There must be some error */
168 //             SEC_SVR_ERR("Client: It'll be an error. return code:%d", hdr.return_code);
169 //             retval = return_code_to_error_code(hdr.return_code);
170 //             goto error;
171 //         }
172 //         else
173 //         {
174 //             /* Something wrong with response */
175 //             SEC_SVR_ERR("Client: Something wrong with response:%d", hdr.basic_hdr.msg_id);
176 //             retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
177 //             goto error;
178 //         }
179 //     }
180
181 //     SEC_SVR_DBG("received gid is %d", gid);
182 //     retval = gid;
183
184 // error:
185 //     if (sockfd > 0)
186 //         close(sockfd);
187 //     /* If error happened */
188 //     if (retval < 0)
189 //         retval = convert_to_public_error_code(retval);
190
191 //     return retval;
192 // }
193
194
195
196 // SECURITY_SERVER_API
197 // int security_server_get_object_name(gid_t gid, char *object, size_t max_object_size)
198 // {
199 //     int sockfd = -1, retval;
200 //     response_header hdr;
201
202 //     if (object == NULL)
203 //     {
204 //         retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
205 //         goto error;
206 //     }
207
208 //     retval = connect_to_server(&sockfd);
209 //     if (retval != SECURITY_SERVER_SUCCESS)
210 //     {
211 //         /* Error on socket */
212 //         SEC_SVR_ERR("Client: connect to server failed: %d", retval);
213 //         goto error;
214 //     }
215
216 //     /* make request packet */
217 //     retval = send_object_name_request(sockfd, gid);
218 //     if (retval != SECURITY_SERVER_SUCCESS)
219 //     {
220 //         /* Error on socket */
221 //         SEC_SVR_ERR("Client: cannot send request: %d", retval);
222 //         goto error;
223 //     }
224
225 //     retval = recv_get_object_name(sockfd, &hdr, object, max_object_size);
226 //     if (retval != SECURITY_SERVER_SUCCESS)
227 //     {
228 //         SEC_SVR_ERR("Client: Receive response failed: %d", retval);
229 //         goto error;
230 //     }
231
232 //     if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_RESPONSE)   /* Wrong response */
233 //     {
234 //         if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
235 //         {
236 //             /* There must be some error */
237 //             SEC_SVR_ERR("Client: There is error on response: return code:%d", hdr.basic_hdr.msg_id);
238 //             retval = return_code_to_error_code(hdr.return_code);
239 //         }
240 //         else
241 //         {
242 //             /* Something wrong with response */
243 //             SEC_SVR_ERR("Client: Some unexpected error happene: return code:%d", hdr.basic_hdr.msg_id);
244 //             retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
245 //         }
246 //         goto error;
247 //     }
248
249 // error:
250 //     if (sockfd > 0)
251 //         close(sockfd);
252
253 //     retval = convert_to_public_error_code(retval);
254 //     return retval;
255 // }
256
257
258 SECURITY_SERVER_API
259 int security_server_is_pwd_valid(unsigned int *current_attempts,
260                                  unsigned int *max_attempts,
261                                  unsigned int *valid_secs)
262 {
263     int sockfd = -1, retval = SECURITY_SERVER_ERROR_UNKNOWN;
264     response_header hdr;
265
266     if (current_attempts == NULL || max_attempts == NULL || valid_secs == NULL)
267     {
268         retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
269         goto error;
270     }
271
272     /* Authenticate self that is setting app  goes here */
273     /* 1st, check cmdline which is setting app */
274     /* 2nd, check /proc/self/attr/current for the SMACK label */
275
276     retval = connect_to_server(&sockfd);
277     if (retval != SECURITY_SERVER_SUCCESS)
278     {
279         /* Error on socket */
280         goto error;
281     }
282
283     /* make request packet */
284     retval = send_valid_pwd_request(sockfd);
285     if (retval != SECURITY_SERVER_SUCCESS)
286     {
287         /* Error on socket */
288         SEC_SVR_ERR("Client: Send failed: %d", retval);
289         goto error;
290     }
291
292     retval = recv_pwd_response(sockfd, &hdr, current_attempts, max_attempts, valid_secs);
293
294     retval = return_code_to_error_code(hdr.return_code);
295     if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_VALID_PWD_RESPONSE) /* Wrong response */
296     {
297         if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_VALID_PWD_RESPONSE)
298         {
299             /* There must be some error */
300             SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
301         }
302         else
303         {
304             /* Something wrong with response */
305             SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
306             retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
307         }
308         goto error;
309     }
310 error:
311     if (sockfd > 0)
312         close(sockfd);
313
314     retval = convert_to_public_error_code(retval);
315     return retval;
316 }
317
318
319
320 SECURITY_SERVER_API
321 int security_server_set_pwd(const char *cur_pwd,
322                             const char *new_pwd,
323                             const unsigned int max_challenge,
324                             const unsigned int valid_period_in_days)
325 {
326     int sockfd = -1, retval;
327     response_header hdr;
328
329     if (new_pwd == NULL || strlen(new_pwd) > SECURITY_SERVER_MAX_PASSWORD_LEN || strlen(new_pwd) == 0)
330     {
331         retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
332         goto error;
333     }
334
335     /* Authenticate self that is setting app  goes here */
336     /* 1st, check cmdline which is setting app */
337     /* 2nd, check /proc/self/attr/current for the SMACK label */
338
339     retval = connect_to_server(&sockfd);
340     if (retval != SECURITY_SERVER_SUCCESS)
341     {
342         /* Error on socket */
343         goto error;
344     }
345
346     /* make request packet */
347     retval = send_set_pwd_request(sockfd, cur_pwd, new_pwd, max_challenge, valid_period_in_days);
348     if (retval != SECURITY_SERVER_SUCCESS)
349     {
350         /* Error on socket */
351         SEC_SVR_ERR("Client: Send failed: %d", retval);
352         goto error;
353     }
354
355     retval = recv_generic_response(sockfd, &hdr);
356
357     retval = return_code_to_error_code(hdr.return_code);
358     if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE)   /* Wrong response */
359     {
360         if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
361         {
362             /* There must be some error */
363             SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
364         }
365         else
366         {
367             /* Something wrong with response */
368             SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
369             retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
370         }
371         goto error;
372     }
373 error:
374     if (sockfd > 0)
375         close(sockfd);
376
377     retval = convert_to_public_error_code(retval);
378     return retval;
379 }
380
381
382 SECURITY_SERVER_API
383 int security_server_set_pwd_validity(const unsigned int valid_period_in_days)
384 {
385     int sockfd = -1, retval;
386     response_header hdr;
387
388     retval = connect_to_server(&sockfd);
389     if (retval != SECURITY_SERVER_SUCCESS)
390     {
391         /* Error on socket */
392         goto error;
393     }
394
395     /* make request packet */
396     retval = send_set_pwd_validity_request(sockfd, valid_period_in_days);
397     if (retval != SECURITY_SERVER_SUCCESS)
398     {
399         /* Error on socket */
400         SEC_SVR_ERR("Client: Send failed: %d", retval);
401         goto error;
402     }
403
404     retval = recv_generic_response(sockfd, &hdr);
405
406     retval = return_code_to_error_code(hdr.return_code);
407     if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_RESPONSE)   /* Wrong response */
408     {
409         if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
410         {
411             /* There must be some error */
412             SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
413         }
414         else
415         {
416             /* Something wrong with response */
417             SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
418             retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
419         }
420         goto error;
421     }
422 error:
423     if (sockfd > 0)
424         close(sockfd);
425
426     retval = convert_to_public_error_code(retval);
427     return retval;
428 }
429
430 SECURITY_SERVER_API
431 int security_server_set_pwd_max_challenge(const unsigned int max_challenge)
432 {
433     int sockfd = -1, retval;
434     response_header hdr;
435
436     retval = connect_to_server(&sockfd);
437     if (retval != SECURITY_SERVER_SUCCESS)
438     {
439         /* Error on socket */
440         goto error;
441     }
442
443     /* make request packet */
444     retval = send_set_pwd_max_challenge_request(sockfd, max_challenge);
445     if (retval != SECURITY_SERVER_SUCCESS)
446     {
447         /* Error on socket */
448         SEC_SVR_ERR("Client: Send failed: %d", retval);
449         goto error;
450     }
451
452     retval = recv_generic_response(sockfd, &hdr);
453
454     retval = return_code_to_error_code(hdr.return_code);
455     if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_RESPONSE)   /* Wrong response */
456     {
457         if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
458         {
459             /* There must be some error */
460             SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
461         }
462         else
463         {
464             /* Something wrong with response */
465             SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
466             retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
467         }
468         goto error;
469     }
470 error:
471     if (sockfd > 0)
472         close(sockfd);
473
474     retval = convert_to_public_error_code(retval);
475     return retval;
476 }
477
478
479
480 SECURITY_SERVER_API
481 int security_server_reset_pwd(const char *new_pwd,
482                               const unsigned int max_challenge,
483                               const unsigned int valid_period_in_days)
484 {
485     int sockfd = -1, retval;
486     response_header hdr;
487
488     if (new_pwd == NULL || strlen(new_pwd) > SECURITY_SERVER_MAX_PASSWORD_LEN || strlen(new_pwd) == 0)
489     {
490         retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
491         goto error;
492     }
493
494     /* Authenticate self that is setting app  goes here */
495     /* 1st, check cmdline which is setting app */
496     /* 2nd, check /proc/self/attr/current for the SMACK label */
497
498     retval = connect_to_server(&sockfd);
499     if (retval != SECURITY_SERVER_SUCCESS)
500     {
501         /* Error on socket */
502         goto error;
503     }
504
505     /* make request packet */
506     retval = send_reset_pwd_request(sockfd, new_pwd, max_challenge, valid_period_in_days);
507     if (retval != SECURITY_SERVER_SUCCESS)
508     {
509         /* Error on socket */
510         SEC_SVR_ERR("Client: Send failed: %d", retval);
511         goto error;
512     }
513
514     retval = recv_generic_response(sockfd, &hdr);
515
516     retval = return_code_to_error_code(hdr.return_code);
517     if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_RESET_PWD_RESPONSE) /* Wrong response */
518     {
519         if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
520         {
521             /* There must be some error */
522             SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
523         }
524         else
525         {
526             /* Something wrong with response */
527             SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
528             retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
529         }
530         goto error;
531     }
532 error:
533     if (sockfd > 0)
534         close(sockfd);
535
536     retval = convert_to_public_error_code(retval);
537     return retval;
538 }
539
540
541
542 SECURITY_SERVER_API
543 int security_server_chk_pwd(const char *challenge,
544                             unsigned int *current_attempt,
545                             unsigned int *max_attempts,
546                             unsigned int *valid_secs)
547 {
548     int sockfd = -1, retval;
549     response_header hdr;
550
551     if (challenge == NULL || strlen(challenge) > SECURITY_SERVER_MAX_PASSWORD_LEN
552         || strlen(challenge) == 0  || current_attempt == NULL
553         || max_attempts == NULL || valid_secs == NULL)
554     {
555         retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
556         goto error;
557     }
558
559     /* Authenticate self goes here */
560
561     retval = connect_to_server(&sockfd);
562     if (retval != SECURITY_SERVER_SUCCESS)
563     {
564         /* Error on socket */
565         goto error;
566     }
567
568     /* make request packet */
569     retval = send_chk_pwd_request(sockfd, challenge);
570     if (retval != SECURITY_SERVER_SUCCESS)
571     {
572         /* Error on socket */
573         SEC_SVR_ERR("Client: Send failed: %d", retval);
574         goto error;
575     }
576
577     retval = recv_pwd_response(sockfd, &hdr, current_attempt, max_attempts, valid_secs);
578
579     retval = return_code_to_error_code(hdr.return_code);
580     if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE)   /* Wrong response */
581     {
582         if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
583         {
584             /* There must be some error */
585             SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
586         }
587         else
588         {
589             /* Something wrong with response */
590             SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
591             retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
592         }
593         goto error;
594     }
595 error:
596     if (sockfd > 0)
597         close(sockfd);
598
599     retval = convert_to_public_error_code(retval);
600     return retval;
601 }
602
603 SECURITY_SERVER_API
604 int security_server_set_pwd_history(int number_of_history)
605 {
606     int sockfd = -1, retval;
607     response_header hdr;
608
609     if (number_of_history > SECURITY_SERVER_MAX_PASSWORD_HISTORY || number_of_history < 0)
610         return SECURITY_SERVER_API_ERROR_INPUT_PARAM;
611
612     /* Authenticate self that is setting app  goes here */
613     /* 1st, check cmdline which is setting app */
614     /* 2nd, check /proc/self/attr/current for the SMACK label */
615
616     retval = connect_to_server(&sockfd);
617     if (retval != SECURITY_SERVER_SUCCESS)
618     {
619         /* Error on socket */
620         goto error;
621     }
622
623     /* make request packet */
624     retval = send_set_pwd_history_request(sockfd, number_of_history);
625     if (retval != SECURITY_SERVER_SUCCESS)
626     {
627         /* Error on socket */
628         SEC_SVR_ERR("Client: Send failed: %d", retval);
629         goto error;
630     }
631     retval = recv_generic_response(sockfd, &hdr);
632
633     retval = return_code_to_error_code(hdr.return_code);
634     if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_SET_PWD_HISTORY_RESPONSE)   /* Wrong response */
635     {
636         if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
637         {
638             /* There must be some error */
639             SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
640         }
641         else
642         {
643             /* Something wrong with response */
644             SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
645             retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
646         }
647         goto error;
648     }
649 error:
650     if (sockfd > 0)
651         close(sockfd);
652
653     retval = convert_to_public_error_code(retval);
654     return retval;
655 }
656
Domain: Security / Access Control;