4 * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
6 * Contact: Bumjin Im <bj.im@samsung.com>
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License
27 #include <sys/types.h>
33 #include "security-server-cookie.h"
34 #include "security-server-common.h"
35 #include "security-server-password.h"
36 #include "security-server-comm.h"
38 /* Set cookie as a global variable */
40 pthread_mutex_t cookie_mutex;
41 int thread_status[SECURITY_SERVER_NUM_THREADS];
42 struct security_server_thread_param {
48 /************************************************************************************************/
49 /* Just for test. This code must be removed on release */
50 #include "security-server-util.h"
51 /************************************************************************************************/
54 void printhex(unsigned char *data, int size)
62 printf("%X ", data[i]);
63 if(((i+1) % 16) == 0 && i != 0)
69 void print_cookie(cookie_list *list)
72 printf("%s", "cookie:\n");
73 printhex(list->cookie, SECURITY_SERVER_COOKIE_LEN);
74 printf("path_len: %d\n", list->path_len);
75 printf("permission_len: %d\n", list->permission_len);
76 printf("PID: %d\n", list->pid);
77 printf("path: %s\n", list->path);
78 printf("%s", "permissions: ");
79 for(i=0;i<list->permission_len;i++)
81 printf("%d ", list->permissions[i]);
84 printf("prev: %p\n", list->prev);
85 printf("next: %p\n", list->next);
89 /* Object name is actually name of a Group ID *
90 * This function opens /etc/group file and search group ID and
91 * returns the string */
92 int search_object_name(int gid, char *obj, int obj_size)
95 char *linebuf = NULL, *token = NULL, *token2, *tempstr = NULL;
96 int ret = 0, tmp_gid, bufsize;
97 fp = fopen("/etc/group", "r");
100 /* cannot open /etc/group */
101 SEC_SVR_DBG("%s", "Cannot open /etc/group");
102 return SECURITY_SERVER_ERROR_FILE_OPERATION;
105 linebuf = malloc(128);
109 ret = SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
110 SEC_SVR_DBG("%s", "cannot malloc()");
114 bzero(linebuf, bufsize);
115 ret = SECURITY_SERVER_ERROR_NO_SUCH_OBJECT;
116 while(fgets(linebuf, bufsize, fp) != NULL)
118 while(linebuf[bufsize -2] != 0)
120 linebuf[bufsize -1] = (char) fgetc(fp);
121 tempstr = realloc(linebuf, bufsize + 128);
124 ret = SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
128 bzero(linebuf + bufsize, 128);
129 fgets(linebuf + bufsize, 128, fp);
133 token = strtok(linebuf, ":"); /* group name */
136 SEC_SVR_DBG("/etc/group is not valid. cannot find gid: [%s]", linebuf);
137 ret = SECURITY_SERVER_ERROR_SERVER_ERROR;
140 token2 = strtok(NULL, ":"); /* group password */
143 SEC_SVR_DBG("/etc/group is not valid. cannot find gid: [%s]", linebuf);
144 ret = SECURITY_SERVER_ERROR_SERVER_ERROR;
147 token2 = strtok(NULL, ":"); /* gid */
150 SEC_SVR_DBG("/etc/group is not valid. cannot find gid: [%s]", linebuf);
151 ret = SECURITY_SERVER_ERROR_SERVER_ERROR;
156 tmp_gid = strtoul(token2, 0, 10);
159 SEC_SVR_DBG("cannot change string to integer [%s]", token2);
160 ret = SECURITY_SERVER_ERROR_SERVER_ERROR;
167 if(strlen(token) > obj_size)
169 ret = SECURITY_SERVER_ERROR_BUFFER_TOO_SMALL;
170 SEC_SVR_DBG("buffer is too small. %d --> %d", obj_size, strlen(token));
173 strncpy(obj, token, strlen(token));
174 obj[strlen(token)] = 0;
175 ret = SECURITY_SERVER_SUCCESS;
178 bzero(linebuf, bufsize);
189 /* Search GID from group name *
190 * This function opens /etc/group and search group name by given gid */
191 int search_gid(const char *obj)
194 char *linebuf = NULL, *token = NULL, *token2, *tempstr = NULL;
195 int ret = SECURITY_SERVER_ERROR_NO_SUCH_OBJECT, tmp_gid, bufsize;
197 SEC_SVR_DBG("Searching for object %s", obj);
199 fp = fopen("/etc/group", "r");
202 /* cannot open /etc/group */
203 SEC_SVR_DBG("%s", "cannot open /etc/group");
204 return SECURITY_SERVER_ERROR_FILE_OPERATION;
207 linebuf = malloc(128);
211 ret = SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
212 SEC_SVR_DBG("%s", "Out Of Memory");
216 bzero(linebuf, bufsize);
217 while(fgets(linebuf, bufsize, fp) != NULL)
219 while(linebuf[bufsize -2] != 0 )
221 linebuf[bufsize -1] = (char) fgetc(fp);
222 tempstr = realloc(linebuf, bufsize + 128);
225 ret = SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
229 bzero(linebuf + bufsize, 128);
230 fgets(linebuf + bufsize, 128, fp);
234 token = strtok(linebuf, ":"); /* group name */
235 token2 = strtok(NULL, ":"); /* group password */
236 token2 = strtok(NULL, ":"); /* gid */
239 SEC_SVR_DBG("/etc/group is not valid. cannot find gid: [%s]", linebuf);
240 ret = SECURITY_SERVER_ERROR_SERVER_ERROR;
244 tmp_gid = strtoul(token2, 0, 10);
247 SEC_SVR_DBG("cannot change string to integer [%s]", token2);
248 ret = SECURITY_SERVER_ERROR_SERVER_ERROR;
252 if(strcmp(obj, token) == 0)
256 SEC_SVR_DBG("GID of %s is found: %d", obj, ret);
259 bzero(linebuf, bufsize);
270 /* Signal handler for processes */
271 static void security_server_sig_child(int signo, siginfo_t *info, void *data)
277 child_pgid = getpgid(info->si_pid);
278 SEC_SVR_DBG("Signal handler: dead_pid=%d, pgid=%d",info->si_pid,child_pgid);
280 while ((child_pid = waitpid(-1, &status, WNOHANG)) > 0) {
281 if(child_pid == child_pgid)
282 killpg(child_pgid,SIGKILL);
288 /* Execute a debugging tool by fork() and execve() */
289 int execute_debug_tool(int argc, char *const *argv, int server_sockfd, int client_sockfd)
292 SEC_SVR_DBG("%s", "Executing tool");
297 close(client_sockfd);
298 close(server_sockfd);
304 ret = execv(argv[0], argv);
307 SEC_SVR_DBG("Error:Failed to execute [%d]", errno);
313 SEC_SVR_DBG("Error: Failed to fork [%d]", errno);
314 return SECURITY_SERVER_ERROR_SERVER_ERROR;
316 return SECURITY_SERVER_SUCCESS;
319 int process_cookie_request(int sockfd)
321 int retval, client_pid, client_uid;
322 cookie_list *created_cookie = NULL;
324 /* Authenticate client */
325 retval = authenticate_client_application(sockfd, &client_pid, &client_uid);
326 if(retval != SECURITY_SERVER_SUCCESS)
328 SEC_SVR_DBG("%s", "Client Authentication Failed");
329 retval = send_generic_response(sockfd,
330 SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
331 SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
332 if(retval != SECURITY_SERVER_SUCCESS)
334 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
338 /* If client application is root process, just respond default cookie */
341 SEC_SVR_DBG("%s", "Requested application is a root process");
342 created_cookie = c_list;
345 SEC_SVR_DBG("%s", "Cannot read default cookie");
351 /* Create a new cookie. or find existing one */
352 pthread_mutex_lock(&cookie_mutex);
353 created_cookie = create_cookie_item(client_pid, sockfd, c_list);
354 pthread_mutex_unlock(&cookie_mutex);
355 if(created_cookie == NULL)
357 SEC_SVR_DBG("%s","Cannot create a cookie");
361 /* send cookie as response */
362 retval = send_cookie(sockfd, created_cookie->cookie);
363 if(retval != SECURITY_SERVER_SUCCESS)
365 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
367 SEC_SVR_DBG("Server: Cookie created for client PID %d LABEL >%s<",
369 (created_cookie->smack_label)?(created_cookie->smack_label):"NULL");
371 SEC_SVR_DBG("%s", "Server: Cookie has been sent to client");
377 int process_check_privilege_request(int sockfd)
379 /* Authenticate client */
380 int retval, client_pid, requested_privilege;
381 unsigned char requested_cookie[SECURITY_SERVER_COOKIE_LEN];
382 cookie_list *search_result = NULL;
384 retval = authenticate_client_middleware(sockfd, &client_pid);
385 if(retval != SECURITY_SERVER_SUCCESS)
387 SEC_SVR_DBG("%s", "Client Authentication Failed");
388 retval = send_generic_response(sockfd,
389 SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE,
390 SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
391 if(retval != SECURITY_SERVER_SUCCESS)
393 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
398 retval = recv_check_privilege_request(sockfd,
399 requested_cookie, &requested_privilege);
400 if(retval == SECURITY_SERVER_ERROR_RECV_FAILED)
402 SEC_SVR_DBG("%s", "Receiving request failed");
403 retval = send_generic_response(sockfd,
404 SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE,
405 SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
406 if(retval != SECURITY_SERVER_SUCCESS)
408 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
413 if(requested_privilege < 1)
415 SEC_SVR_DBG("Requiring bad privilege [%d]", requested_privilege);
416 retval = send_generic_response(sockfd,
417 SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE,
418 SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
419 if(retval != SECURITY_SERVER_SUCCESS)
421 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
426 /* Search cookie list */
427 pthread_mutex_lock(&cookie_mutex);
428 search_result = search_cookie(c_list, requested_cookie, requested_privilege);
429 pthread_mutex_unlock(&cookie_mutex);
430 if(search_result != NULL)
433 SEC_SVR_DBG("We found the cookie with %d privilege and pid:%d", requested_privilege, client_pid);
434 SEC_SVR_DBG("%s", "Cookie comparison succeeded. Access granted.");
435 retval = send_generic_response(sockfd,
436 SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE,
437 SECURITY_SERVER_RETURN_CODE_ACCESS_GRANTED);
438 if(retval != SECURITY_SERVER_SUCCESS)
440 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
446 SEC_SVR_DBG("Could not find the cookie with %d privilege", requested_privilege);
447 retval = send_generic_response(sockfd,
448 SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE,
449 SECURITY_SERVER_RETURN_CODE_ACCESS_DENIED);
450 if(retval != SECURITY_SERVER_SUCCESS)
452 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
459 int process_check_privilege_new_request(int sockfd)
461 /* Authenticate client */
462 int retval, client_pid, requested_privilege;
463 unsigned char requested_cookie[SECURITY_SERVER_COOKIE_LEN];
464 cookie_list *search_result = NULL;
465 char object_label[MAX_OBJECT_LABEL_LEN+1];
466 char access_rights[MAX_MODE_STR_LEN+1];
468 retval = authenticate_client_middleware(sockfd, &client_pid);
469 if(retval != SECURITY_SERVER_SUCCESS)
471 SEC_SVR_DBG("%s", "Client Authentication Failed");
472 retval = send_generic_response(sockfd,
473 SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_RESPONSE,
474 SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
475 if(retval != SECURITY_SERVER_SUCCESS)
477 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
482 retval = recv_check_privilege_new_request(
483 sockfd, requested_cookie, object_label, access_rights);
484 if(retval == SECURITY_SERVER_ERROR_RECV_FAILED)
486 SEC_SVR_DBG("%s", "Receiving request failed");
487 retval = send_generic_response(sockfd,
488 SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_RESPONSE,
489 SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
490 if(retval != SECURITY_SERVER_SUCCESS)
492 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
497 /* Search cookie list */
498 pthread_mutex_lock(&cookie_mutex);
499 search_result = search_cookie_new(c_list, requested_cookie, object_label, access_rights);
500 pthread_mutex_unlock(&cookie_mutex);
502 if(search_result != NULL)
505 SEC_SVR_DBG("We found the cookie with %s rights and pid:%d", access_rights, client_pid);
506 SEC_SVR_DBG("%s", "Cookie comparison succeeded. Access granted.");
507 retval = send_generic_response(sockfd,
508 SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_RESPONSE,
509 SECURITY_SERVER_RETURN_CODE_ACCESS_GRANTED);
510 if(retval != SECURITY_SERVER_SUCCESS)
512 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
518 SEC_SVR_DBG("Could not find the cookie with %s rights", access_rights);
519 retval = send_generic_response(sockfd,
520 SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_RESPONSE,
521 SECURITY_SERVER_RETURN_CODE_ACCESS_DENIED);
522 if(retval != SECURITY_SERVER_SUCCESS)
524 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
533 int process_object_name_request(int sockfd)
535 int retval, client_pid, requested_privilege;
536 char object_name[SECURITY_SERVER_MAX_OBJ_NAME];
538 /* Authenticate client */
539 retval = authenticate_client_middleware(sockfd, &client_pid);
540 if(retval != SECURITY_SERVER_SUCCESS)
542 SEC_SVR_DBG("%s", "Client Authentication Failed");
543 retval = send_generic_response(sockfd,
544 SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_RESPONSE,
545 SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
546 if(retval != SECURITY_SERVER_SUCCESS)
548 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
554 retval = read(sockfd, &requested_privilege, sizeof(requested_privilege));
555 if (retval < sizeof(requested_privilege))
557 SEC_SVR_DBG("%s", "Receiving request failed");
558 retval = send_generic_response(sockfd,
559 SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_RESPONSE,
560 SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
561 if(retval != SECURITY_SERVER_SUCCESS)
563 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
568 /* Search from /etc/group */
569 retval = search_object_name(requested_privilege,
571 SECURITY_SERVER_MAX_OBJ_NAME);
572 if (retval == SECURITY_SERVER_ERROR_NO_SUCH_OBJECT)
575 SEC_SVR_DBG("There is no such object for gid [%d]", requested_privilege);
576 retval = send_generic_response(sockfd,
577 SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_RESPONSE,
578 SECURITY_SERVER_RETURN_CODE_NO_SUCH_OBJECT);
579 if(retval != SECURITY_SERVER_SUCCESS)
581 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
585 if(retval != SECURITY_SERVER_SUCCESS)
588 SEC_SVR_DBG("Error on searching object name [%d]", retval);
589 retval = send_generic_response(sockfd,
590 SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_RESPONSE,
591 SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
592 if(retval != SECURITY_SERVER_SUCCESS)
594 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
600 SEC_SVR_DBG("We found object: %s", object_name);
601 retval = send_object_name(sockfd, object_name);
602 if(retval != SECURITY_SERVER_SUCCESS)
604 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
611 int process_gid_request(int sockfd, int msg_len)
613 int retval, client_pid;
614 char object_name[SECURITY_SERVER_MAX_OBJ_NAME];
615 /* Authenticate client as middleware daemon */
616 retval = authenticate_client_middleware(sockfd, &client_pid);
617 if(retval != SECURITY_SERVER_SUCCESS)
619 SEC_SVR_DBG("%s", "Client authentication failed");
620 retval = send_generic_response(sockfd,
621 SECURITY_SERVER_MSG_TYPE_GID_RESPONSE,
622 SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
623 if(retval != SECURITY_SERVER_SUCCESS)
625 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
630 if(msg_len >= SECURITY_SERVER_MAX_OBJ_NAME)
632 /* Too big ojbect name */
633 SEC_SVR_DBG("%s", "Object name is too big");
634 retval = send_generic_response(sockfd,
635 SECURITY_SERVER_MSG_TYPE_GID_RESPONSE,
636 SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
637 if(retval != SECURITY_SERVER_SUCCESS)
639 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
644 /* Receive group name */
645 retval = read(sockfd, object_name, msg_len);
646 if (retval < msg_len )
648 SEC_SVR_DBG("%s", "Failed to read object name");
649 retval = send_generic_response(sockfd,
650 SECURITY_SERVER_MSG_TYPE_GID_RESPONSE,
651 SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
652 if(retval != SECURITY_SERVER_SUCCESS)
654 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
658 object_name[msg_len] = 0;
660 /* Search /etc/group for the given group name */
661 retval = search_gid(object_name);
662 if (retval == SECURITY_SERVER_ERROR_NO_SUCH_OBJECT)
665 SEC_SVR_DBG("The object [%s] is not exist", object_name);
666 retval = send_generic_response(sockfd,
667 SECURITY_SERVER_MSG_TYPE_GID_RESPONSE,
668 SECURITY_SERVER_RETURN_CODE_NO_SUCH_OBJECT);
669 if(retval != SECURITY_SERVER_SUCCESS)
671 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
679 SEC_SVR_DBG("Cannot send the response. %d", retval);
680 retval = send_generic_response(sockfd,
681 SECURITY_SERVER_MSG_TYPE_GID_RESPONSE,
682 SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
683 if(retval != SECURITY_SERVER_SUCCESS)
685 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
691 retval = send_gid(sockfd, retval);
692 if(retval != SECURITY_SERVER_SUCCESS)
694 SEC_SVR_DBG("ERROR: Cannot gid response: %d", retval);
700 int process_pid_request(int sockfd)
702 int retval, client_pid;
703 unsigned char requested_cookie[SECURITY_SERVER_COOKIE_LEN];
704 cookie_list *search_result = NULL;
706 /* Authenticate client */
707 retval = authenticate_client_middleware(sockfd, &client_pid);
708 if(retval != SECURITY_SERVER_SUCCESS)
710 SEC_SVR_DBG("%s", "Client Authentication Failed");
711 retval = send_generic_response(sockfd,
712 SECURITY_SERVER_MSG_TYPE_PID_RESPONSE,
713 SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
714 if(retval != SECURITY_SERVER_SUCCESS)
716 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
721 retval = recv_pid_request(sockfd, requested_cookie);
722 if(retval == SECURITY_SERVER_ERROR_RECV_FAILED)
724 SEC_SVR_DBG("%s", "Receiving request failed");
725 retval = send_generic_response(sockfd,
726 SECURITY_SERVER_MSG_TYPE_PID_RESPONSE,
727 SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
728 if(retval != SECURITY_SERVER_SUCCESS)
730 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
735 /* Search cookie list */
736 pthread_mutex_lock(&cookie_mutex);
737 search_result = search_cookie(c_list, requested_cookie, 0);
738 pthread_mutex_unlock(&cookie_mutex);
739 if(search_result != NULL)
742 SEC_SVR_DBG("We found the cookie and pid:%d", search_result->pid);
743 SEC_SVR_DBG("%s", "Cookie comparison succeeded. Access granted.");
744 retval = send_pid(sockfd, search_result->pid);
746 if(retval != SECURITY_SERVER_SUCCESS)
748 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
754 SEC_SVR_DBG("%s", "Could not find the cookie");
755 retval = send_generic_response(sockfd,
756 SECURITY_SERVER_MSG_TYPE_PID_RESPONSE,
757 SECURITY_SERVER_RETURN_CODE_NO_SUCH_COOKIE);
758 if(retval != SECURITY_SERVER_SUCCESS)
760 SEC_SVR_DBG("ERROR: Cannot send pid response: %d", retval);
767 int process_tool_request(int client_sockfd, int server_sockfd)
770 char **recved_argv = NULL;
772 /* Authenticate client */
773 retval = authenticate_developer_shell(client_sockfd);
774 if(retval != SECURITY_SERVER_SUCCESS)
776 SEC_SVR_DBG("%s", "Client Authentication Failed");
777 retval = send_generic_response(client_sockfd,
778 SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
779 SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
780 if(retval != SECURITY_SERVER_SUCCESS)
782 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
787 /* Receive Total number of argv */
789 retval = read(client_sockfd, &argcnum, sizeof(int));
790 if((retval < sizeof(int)) || argcnum > (UINT_MAX/sizeof(char *))-2 || argcnum < 0)
792 SEC_SVR_DBG("Error: argc recieve failed: %d", retval);
793 retval = send_generic_response(client_sockfd,
794 SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
795 SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
796 if(retval != SECURITY_SERVER_SUCCESS)
798 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
803 recved_argv = (char **)malloc(sizeof(char *) * argcnum);
804 if(recved_argv == NULL)
806 SEC_SVR_DBG("Error: malloc() failed: %d", retval);
807 retval = send_generic_response(client_sockfd,
808 SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
809 SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
810 if(retval != SECURITY_SERVER_SUCCESS)
812 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
816 memset(recved_argv, 0, sizeof(char *) * argcnum);
818 retval = recv_launch_tool_request(client_sockfd, argcnum -1, recved_argv);
819 if(retval == SECURITY_SERVER_ERROR_RECV_FAILED)
821 SEC_SVR_DBG("%s", "Receiving request failed");
823 retval = send_generic_response(client_sockfd,
824 SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
825 SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
826 if(retval != SECURITY_SERVER_SUCCESS)
828 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
834 SEC_SVR_DBG("Error: Too small number of argv [%d]", argcnum);
835 retval = send_generic_response(client_sockfd,
836 SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
837 SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
838 if(retval != SECURITY_SERVER_SUCCESS)
840 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
844 /* Execute the command */
845 retval = execute_debug_tool(argcnum, recved_argv, server_sockfd, client_sockfd);
846 if(retval != SECURITY_SERVER_SUCCESS)
848 SEC_SVR_DBG("Error: Cannot execute debug tool [%d]", retval);
849 retval = send_generic_response(client_sockfd,
850 SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
851 SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
852 if(retval != SECURITY_SERVER_SUCCESS)
854 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
859 SEC_SVR_DBG("%s", "Tool has been executed");
860 retval = send_generic_response(client_sockfd,
861 SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
862 SECURITY_SERVER_RETURN_CODE_SUCCESS);
863 if(retval != SECURITY_SERVER_SUCCESS)
865 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
869 if(recved_argv != NULL)
872 free_argv(recved_argv, argcnum);
879 void *security_server_thread(void *param)
881 int client_sockfd = -1, client_uid, client_pid;
882 int server_sockfd, retval, argcnum;
883 basic_header basic_hdr;
884 struct security_server_thread_param *my_param;
886 my_param = (struct security_server_thread_param *) param;
887 client_sockfd = my_param->client_sockfd;
888 server_sockfd = my_param->server_sockfd;
890 /* Receive request header */
891 retval = recv_hdr(client_sockfd, &basic_hdr);
892 if(retval == SECURITY_SERVER_ERROR_TIMEOUT || retval == SECURITY_SERVER_ERROR_RECV_FAILED
893 || retval == SECURITY_SERVER_ERROR_SOCKET)
895 SEC_SVR_DBG("Receiving header error [%d]",retval);
896 close(client_sockfd);
901 if(retval != SECURITY_SERVER_SUCCESS)
904 SEC_SVR_DBG("Receiving header error [%d]",retval);
905 retval = send_generic_response(client_sockfd,
906 SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
907 SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
908 if(retval != SECURITY_SERVER_SUCCESS)
910 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
913 safe_server_sock_close(client_sockfd);
918 /* Act different for request message ID */
919 switch(basic_hdr.msg_id)
921 case SECURITY_SERVER_MSG_TYPE_COOKIE_REQUEST:
922 SEC_SVR_DBG("%s", "Cookie request received");
923 process_cookie_request(client_sockfd);
926 case SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_REQUEST:
927 SEC_SVR_DBG("%s", "Privilege check received");
928 process_check_privilege_request(client_sockfd);
931 case SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_REQUEST:
932 SEC_SVR_DBG("%s", "Privilege check (new mode) received");
933 process_check_privilege_new_request(client_sockfd);
936 case SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_REQUEST:
937 SEC_SVR_DBG("%s", "Get object name request received");
938 process_object_name_request(client_sockfd);
941 case SECURITY_SERVER_MSG_TYPE_GID_REQUEST:
942 SEC_SVR_DBG("%s", "Get GID received");
943 process_gid_request(client_sockfd, (int)basic_hdr.msg_len);
946 case SECURITY_SERVER_MSG_TYPE_PID_REQUEST:
947 SEC_SVR_DBG("%s", "pid request received");
948 process_pid_request(client_sockfd);
951 case SECURITY_SERVER_MSG_TYPE_TOOL_REQUEST:
952 SEC_SVR_DBG("%s", "launch tool request received");
953 process_tool_request(client_sockfd, server_sockfd);
956 case SECURITY_SERVER_MSG_TYPE_VALID_PWD_REQUEST:
957 SEC_SVR_DBG("%s", "Server: validate password request received");
958 process_valid_pwd_request(client_sockfd);
961 case SECURITY_SERVER_MSG_TYPE_SET_PWD_REQUEST:
962 SEC_SVR_DBG("%s", "Server: set password request received");
963 process_set_pwd_request(client_sockfd);
966 case SECURITY_SERVER_MSG_TYPE_RESET_PWD_REQUEST:
967 SEC_SVR_DBG("%s", "Server: reset password request received");
968 process_reset_pwd_request(client_sockfd);
971 case SECURITY_SERVER_MSG_TYPE_CHK_PWD_REQUEST:
972 SEC_SVR_DBG("%s", "Server: check password request received");
973 process_chk_pwd_request(client_sockfd);
976 case SECURITY_SERVER_MSG_TYPE_SET_PWD_HISTORY_REQUEST:
977 SEC_SVR_DBG("%s", "Server: set password histroy request received");
978 process_set_pwd_history_request(client_sockfd);
981 case SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_REQUEST:
982 SEC_SVR_DBG("%s", "Server: set password max challenge request received");
983 process_set_pwd_max_challenge_request(client_sockfd);
986 case SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_REQUEST:
987 SEC_SVR_DBG("%s", "Server: set password validity request received");
988 process_set_pwd_validity_request(client_sockfd);
991 /************************************************************************************************/
992 /* Just for test. This code must be removed on release */
993 case SECURITY_SERVER_MSG_TYPE_GET_ALL_COOKIES_REQUEST:
994 SEC_SVR_DBG("%s", "all cookie info request received -- NEED TO BE DELETED ON RELEASE");
995 retval = authenticate_client_application(client_sockfd, &client_pid, &client_uid);
996 if(retval != SECURITY_SERVER_SUCCESS)
998 SEC_SVR_DBG("%s", "Client Authentication Failed");
999 retval = send_generic_response(client_sockfd,
1000 SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
1001 SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
1002 if(retval != SECURITY_SERVER_SUCCESS)
1004 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
1008 retval = util_process_all_cookie(client_sockfd, c_list);
1009 if(retval != SECURITY_SERVER_SUCCESS)
1011 SEC_SVR_DBG("ERROR: Cannot send all cookie info: %d", retval);
1015 case SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_FROM_PID_REQUEST:
1016 SEC_SVR_DBG("%s", "cookie info from pid request received -- NEED TO BE DELETED ON RELEASE");
1017 if(retval != SECURITY_SERVER_SUCCESS)
1019 SEC_SVR_DBG("%s", "Client Authentication Failed");
1020 retval = send_generic_response(client_sockfd,
1021 SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
1022 SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
1023 if(retval != SECURITY_SERVER_SUCCESS)
1025 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
1029 util_process_cookie_from_pid(client_sockfd, c_list);
1032 case SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_FROM_COOKIE_REQUEST:
1033 SEC_SVR_DBG("%s", "cookie info from cookie request received -- NEED TO BE DELETED ON RELEASE");
1034 if(retval != SECURITY_SERVER_SUCCESS)
1036 SEC_SVR_DBG("%s", "Client Authentication Failed");
1037 retval = send_generic_response(client_sockfd,
1038 SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
1039 SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
1040 if(retval != SECURITY_SERVER_SUCCESS)
1042 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
1046 util_process_cookie_from_cookie(client_sockfd, c_list);
1048 /************************************************************************************************/
1052 SEC_SVR_DBG("Unknown msg ID :%d", basic_hdr.msg_id);
1053 /* Unknown message ID */
1054 retval = send_generic_response(client_sockfd,
1055 SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
1056 SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
1057 if(retval != SECURITY_SERVER_SUCCESS)
1059 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
1064 if(client_sockfd > 0)
1066 safe_server_sock_close(client_sockfd);
1071 if(client_sockfd > 0)
1072 close(client_sockfd);
1073 thread_status[my_param->thread_status] = 0;
1074 pthread_detach(pthread_self());
1078 void *security_server_main_thread(void *data)
1080 int server_sockfd = 0, retval, client_sockfd = -1, args[2], rc;
1081 struct sigaction act, dummy;
1082 pthread_t threads[SECURITY_SERVER_NUM_THREADS];
1083 struct security_server_thread_param param[SECURITY_SERVER_NUM_THREADS];
1085 SEC_SVR_DBG("%s", "Starting Security Server main thread");
1087 /* security server must be executed by root */
1090 fprintf(stderr, "%s\n", "You are not root. exiting...");
1094 for(retval = 0 ; retval < SECURITY_SERVER_NUM_THREADS; retval++)
1095 thread_status[retval] = 0;
1099 /* Create and bind a Unix domain socket */
1100 retval = create_new_socket(&server_sockfd);
1101 if(retval != SECURITY_SERVER_SUCCESS)
1103 SEC_SVR_DBG("%s", "cannot create socket. exiting...");
1107 if(listen(server_sockfd, 5) < 0)
1109 SEC_SVR_DBG("%s", "listen() failed. exiting...");
1113 /* Create a default cookie --> Cookie for root process */
1114 c_list = create_default_cookie();
1117 SEC_SVR_DBG("%s", "cannot make a default cookie. exiting...");
1121 /* Init signal handler */
1122 act.sa_handler = NULL;
1123 act.sa_sigaction = security_server_sig_child;
1124 sigemptyset(&act.sa_mask);
1125 act.sa_flags = SA_NOCLDSTOP | SA_SIGINFO;
1127 if (sigaction(SIGCHLD, &act, &dummy) < 0)
1129 SEC_SVR_DBG("%s", "cannot change session");
1132 pthread_mutex_init(&cookie_mutex, NULL);
1136 /* Accept a new client */
1137 if(client_sockfd < 0)
1138 client_sockfd = accept_client(server_sockfd);
1140 if(client_sockfd == SECURITY_SERVER_ERROR_TIMEOUT)
1142 if(client_sockfd < 0)
1144 SEC_SVR_DBG("Server: new connection has been accepted: %d", client_sockfd);
1148 if(thread_status[retval] == 0)
1150 thread_status[retval] = 1;
1151 param[retval].client_sockfd = client_sockfd;
1152 param[retval].server_sockfd = server_sockfd;
1153 param[retval].thread_status= retval;
1154 SEC_SVR_DBG("Server: Creating a new thread: %d", retval);
1155 rc =pthread_create(&threads[retval], NULL, security_server_thread, (void *)¶m[retval]);
1158 SEC_SVR_DBG("Error: Server: Cannot create thread:%d", rc);
1164 if(retval >= SECURITY_SERVER_NUM_THREADS)
1170 if(server_sockfd > 0)
1171 close(server_sockfd);
1173 pthread_detach(pthread_self());
1178 int main(int argc, char* argv[])
1181 pthread_t main_thread;
1183 res = pthread_create(&main_thread, NULL, security_server_main_thread, NULL);
1191 SEC_SVR_DBG("Error: Server: Cannot create main security server thread: %d", res);