# Set compiler warning flags
+ADD_DEFINITIONS("-Werror") # Make all warnings into errors.
ADD_DEFINITIONS("-Wall") # Generate all warnings
ADD_DEFINITIONS("-Wextra") # Generate even more extra warnings
#include "security-server-common.h"
#include "security-server-comm.h"
+#include "smack-check.h"
void printhex(const unsigned char *data, int size)
{
}
ret = TEMP_FAILURE_RETRY(write(sockfd, msg, sizeof(hdr) + strlen(obj)));
- if (ret < sizeof(hdr) + strlen(obj))
+ if (ret < (int)(sizeof(hdr) + strlen(obj)))
{
/* Error on writing */
SEC_SVR_ERR("Error on write: %d", ret);
/* Send it */
ret = TEMP_FAILURE_RETRY(write(sockfd, msg, sizeof(hdr) + sizeof(gid)));
- if (ret < sizeof(hdr) + sizeof(gid))
+ if (ret < (int)(sizeof(hdr) + sizeof(gid)))
{
/* Error on writing */
SEC_SVR_ERR("Error on write(): %d", ret);
/* Send it */
ret = TEMP_FAILURE_RETRY(write(sockfd, msg, sizeof(hdr) + sizeof(pid)));
- if (ret < sizeof(hdr) + sizeof(pid))
+ if (ret < (int)(sizeof(hdr) + sizeof(pid)))
{
/* Error on writing */
SEC_SVR_ERR("Error on write(): %d", ret);
/* Send to server */
retval = TEMP_FAILURE_RETRY(write(sock_fd, &hdr, sizeof(hdr)));
- if (retval < sizeof(hdr))
+ if (retval < (int)sizeof(hdr))
{
/* Write error */
SEC_SVR_ERR("Error on write(): %d", retval);
/* Send to server */
retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, sizeof(buf)));
- if (retval < sizeof(buf))
+ if (retval < (int)sizeof(buf))
{
/* Write error */
SEC_SVR_ERR("Error on write(): %d", retval);
/* Send to server */
retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, sizeof(buf)));
- if (retval < sizeof(buf))
+ if (retval < (int)sizeof(buf))
{
/* Write error */
SEC_SVR_ERR("Error on write(): %d", retval);
/* Send to server */
retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, sizeof(buf)));
- if (retval < sizeof(buf))
+ if (retval < (int)sizeof(buf))
{
/* Write error */
SEC_SVR_ERR("Error on write(): %d", retval);
/* Send to server */
retval = TEMP_FAILURE_RETRY(write(sock_fd, &hdr, sizeof(hdr)));
- if (retval < sizeof(hdr))
+ if (retval < (int)sizeof(hdr))
{
/* Write error */
SEC_SVR_ERR("Error on write(): %d", retval);
/* Send to server */
retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, total_length));
- if (retval < sizeof(buf))
+ if (retval < (int)sizeof(buf))
{
/* Write error */
SEC_SVR_ERR("Error on write(): %d", retval);
/* Send to server */
retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, total_length));
- if (retval < sizeof(buf))
+ if (retval < (int)sizeof(buf))
{
/* Write error */
SEC_SVR_ERR("Error on write(): %d", retval);
/* Send to server */
retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, total_length));
- if (retval < sizeof(buf))
+ if (retval < (int)sizeof(buf))
{
/* Write error */
SEC_SVR_ERR("Error on write(): %d", retval);
/* Send to server */
retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, total_length));
- if (retval < sizeof(buf))
+ if (retval < (int)sizeof(buf))
{
/* Write error */
SEC_SVR_ERR("Error on write(): %d", retval);
/* Send to server */
retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, total_length));
- if (retval < sizeof(buf))
+ if (retval < (int)sizeof(buf))
{
/* Write error */
SEC_SVR_ERR("Error on write(): %d", retval);
/* Send to server */
retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, ptr));
- if (retval < sizeof(buf))
+ if (retval < (int)sizeof(buf))
{
/* Write error */
SEC_SVR_ERR("Error on write(): %d", retval);
/* Receive request header first */
retval = TEMP_FAILURE_RETRY(read(client_sockfd, basic_hdr, sizeof(basic_header)));
- if (retval < sizeof(basic_header))
+ if (retval < (int)sizeof(basic_header))
{
SEC_SVR_ERR("read failed. closing socket %d", retval);
return SECURITY_SERVER_ERROR_RECV_FAILED;
}
retval = TEMP_FAILURE_RETRY(read(sockfd, requested_privilege, sizeof(int)));
- if (retval < sizeof(int))
+ if (retval < (int)sizeof(int))
{
SEC_SVR_ERR("privilege size is too small: %d", retval);
return SECURITY_SERVER_ERROR_RECV_FAILED;
}
retval = TEMP_FAILURE_RETRY(read(sockfd, &olen, sizeof(int)));
- if (retval < sizeof(int) || olen < 0 || olen > MAX_OBJECT_LABEL_LEN)
+ if (retval < (int)sizeof(int) || olen < 0 || olen > MAX_OBJECT_LABEL_LEN)
{
SEC_SVR_ERR("error reading object_label len: %d", retval);
return SECURITY_SERVER_ERROR_RECV_FAILED;
}
retval = TEMP_FAILURE_RETRY(read(sockfd, &alen, sizeof(int)));
- if (retval < sizeof(int) || alen < 0 || alen > MAX_MODE_STR_LEN)
+ if (retval < (int)sizeof(int) || alen < 0 || alen > MAX_MODE_STR_LEN)
{
SEC_SVR_ERR("error reading access_rights len: %d", retval);
return SECURITY_SERVER_ERROR_RECV_FAILED;
/* Receive response */
retval = TEMP_FAILURE_RETRY(read(sockfd, hdr, sizeof(response_header)));
- if (retval < sizeof(response_header))
+ if (retval < (int)sizeof(response_header))
{
/* Error on socket */
SEC_SVR_ERR("Client: Receive failed %d", retval);
return return_code_to_error_code(hdr->return_code);
retval = TEMP_FAILURE_RETRY(read(sockfd, gid, sizeof(int)));
- if (retval < sizeof(int))
+ if (retval < (int)sizeof(int))
{
/* Error on socket */
SEC_SVR_ERR("Receive failed %d", retval);
/* Read response */
retval = TEMP_FAILURE_RETRY(read(sockfd, hdr, sizeof(response_header)));
- if (retval < sizeof(response_header))
+ if (retval < (int)sizeof(response_header))
{
/* Error on socket */
SEC_SVR_ERR("cannot recv respons: %d", retval);
return return_code_to_error_code(hdr->return_code);
retval = TEMP_FAILURE_RETRY(read(sockfd, label, SMACK_LABEL_LEN + 1));
- if (retval < sizeof(int))
+ if (retval < (int)sizeof(int))
{
/* Error on socket */
SEC_SVR_ERR("Client: Receive failed %d", retval);
return return_code_to_error_code(hdr->return_code);
retval = TEMP_FAILURE_RETRY(read(sockfd, pid, sizeof(int)));
- if (retval < sizeof(int))
+ if (retval < (int)sizeof(int))
{
/* Error on socket */
SEC_SVR_ERR("Client: Receive failed %d", retval);
}
retval = TEMP_FAILURE_RETRY(read(sockfd, current_attempts, sizeof(unsigned int)));
- if (retval < sizeof(unsigned int))
+ if (retval < (int)sizeof(unsigned int))
{
/* Error on socket */
SEC_SVR_ERR("Client: Receive failed %d", retval);
return SECURITY_SERVER_ERROR_RECV_FAILED;
}
retval = TEMP_FAILURE_RETRY(read(sockfd, max_attempts, sizeof(unsigned int)));
- if (retval < sizeof(unsigned int))
+ if (retval < (int)sizeof(unsigned int))
{
/* Error on socket */
SEC_SVR_ERR("Client: Receive failed %d", retval);
return SECURITY_SERVER_ERROR_RECV_FAILED;
}
retval = TEMP_FAILURE_RETRY(read(sockfd, valid_secs, sizeof(unsigned int)));
- if (retval < sizeof(unsigned int))
+ if (retval < (int)sizeof(unsigned int))
{
/* Error on socket */
SEC_SVR_ERR("Client: Receive failed %d", retval);
//now we have "Groups:" line in fileLine[]
ret = 0;
strtok(fileLine, delim);
- while (token = strtok(NULL, delim))
+ while ((token = strtok(NULL, delim)))
{
//add found GID
if (*privileges == NULL)
int send_set_pwd_history_request(int sock_fd, int num);
int get_socket_from_systemd(int *sockfd);
+int send_pwd_response(const int sockfd,
+ const unsigned char msg_id,
+ const unsigned char return_code,
+ const unsigned int current_attempts,
+ const unsigned int max_attempts,
+ const unsigned int expire_time);
+
#endif
#include <security-server-cookie.h>
#include <security-server-comm.h>
+#include <security-server-util.h>
#include <smack-check.h>
+#include <privilege-control.h>
+
/* Delete useless cookie item *
* then connect prev and next */
void free_cookie_item(cookie_list *cookie)
cookie_list *search_existing_cookie(int pid, const cookie_list *c_list)
{
cookie_list *current = (cookie_list*)c_list, *cookie = NULL;
- char *exe = NULL, *debug_cmdline = NULL;
+ char *exe = NULL;
/* Search from the list */
while (current != NULL)
#endif
+#if 0
/* Object name is actually name of a Group ID *
* This function opens /etc/group file and search group ID and
* returns the string */
}
linebuf = tempstr;
bzero(linebuf + bufsize, 128);
- fgets(linebuf + bufsize, 128, fp);
+ if((fgets(linebuf + bufsize, 128, fp) == NULL) && !feof(fp))
+ {
+ ret = SECURITY_SERVER_ERROR_FILE_OPERATION;
+ goto error;
+ }
bufsize += 128;
}
fclose(fp);
return ret;
}
+#endif
/*
* Searches for group ID by given group name
#include <errno.h>
#include <sys/types.h>
#include <sys/stat.h>
+#include <time.h>
#include <sys/time.h>
#include <unistd.h>
#include <fcntl.h>
}
retval = TEMP_FAILURE_RETRY(read(fd, max_attempt, sizeof(unsigned int)));
- if (retval < sizeof(unsigned int))
+ if (retval < (int)sizeof(unsigned int))
{
SECURE_SLOGD("%s", "Server: Current password corrupted. resetting to previous one. 1");
close(fd);
}
retval = TEMP_FAILURE_RETRY(read(fd, expire_time, sizeof(unsigned int)));
- if (retval < sizeof(unsigned int))
+ if (retval < (int)sizeof(unsigned int))
{
SECURE_SLOGD("%s", "Server: Current password corrupted. resetting to previous one. 2");
close(fd);
/* Check expiration time. */
if (*expire_time == 0) /* No valid period */
*expire_time = 0xffffffff;
- else if (*expire_time <= time(NULL)) /* expired */
+ else if (*expire_time <= (unsigned int)time(NULL)) /* expired */
*expire_time = 0;
else /* valid yet */
*expire_time -= time(NULL);
attempt = increase;
retval = TEMP_FAILURE_RETRY(write(fd, &attempt, sizeof(int)));
close(fd);
- if (retval < sizeof(int))
+ if (retval < (int)sizeof(int))
{
SEC_SVR_ERR("%s", "Server ERROR: Cannot write attempt");
return SECURITY_SERVER_ERROR_FILE_OPERATION;
}
retval = TEMP_FAILURE_RETRY(read(fd, &attempt, sizeof(int)));
close(fd);
- if (retval < sizeof(int))
+ if (retval < (int)sizeof(int))
{
SEC_SVR_ERR("%s", "Server ERROR: Cannot read attempt");
return SECURITY_SERVER_ERROR_FILE_OPERATION;
attempt += increase;
retval = TEMP_FAILURE_RETRY(write(fd, &attempt, sizeof(int)));
close(fd);
- if (retval < sizeof(int))
+ if (retval < (int)sizeof(int))
{
SEC_SVR_ERR("%s", "Server ERROR: Cannot write attempt");
return SECURITY_SERVER_ERROR_FILE_OPERATION;
}
retval = TEMP_FAILURE_RETRY(write(fd, &attempt, sizeof(int)));
close(fd);
- if (retval < sizeof(int))
+ if (retval < (int)sizeof(int))
{
SEC_SVR_ERR("%s", "Server ERROR: Cannot write attempt");
return SECURITY_SERVER_ERROR_FILE_OPERATION;
const unsigned int max_attempts, const unsigned int expire_time,
int *current_attempt)
{
+/* The following variable is needed only when SECURITY_SERVER_DEBUG_DLOG flag is set */
+/* If its definition is not surrounded by preprocessor conditionals then it will */
+/* cause compilation warning "unused variable". Please see the SECURE_SLOGD redefinition */
+/* in "security_server_common.h" header */
+#if SECURITY_SERVER_DEBUG_DLOG
unsigned int current_time = time(NULL);
+#endif
if (max_attempts != 0)
{
*current_attempt = get_current_attempt(1);
- if (*current_attempt > max_attempts)
+ if ((unsigned int)*current_attempt > max_attempts)
{
SEC_SVR_DBG("Server: Max attempt exceeded: %d, %d", *current_attempt, max_attempts);
return SECURITY_SERVER_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED;
}
retval = TEMP_FAILURE_RETRY(write(fd, &num, sizeof(int)));
close(fd);
- if (retval < sizeof(int))
+ if (retval < (int)sizeof(int))
{
SEC_SVR_ERR("%s", "Server ERROR: Cannot write history");
return SECURITY_SERVER_ERROR_FILE_OPERATION;
}
retval = TEMP_FAILURE_RETRY(read(fd, &history, sizeof(history)));
close(fd);
- if (retval < sizeof(history))
+ if (retval < (int)sizeof(history))
{
SEC_SVR_DBG("%s", "History file corrupted. Creating new one");
unlink(path);
return SECURITY_SERVER_ERROR_FILE_OPERATION;
}
retval = TEMP_FAILURE_RETRY(write(fd, &attempts, sizeof(unsigned int)));
- if (retval < sizeof(unsigned int))
+ if (retval < (int)sizeof(unsigned int))
{
SECURE_SLOGE("%s", "Cannot write password");
close(fd);
return SECURITY_SERVER_ERROR_FILE_OPERATION;
}
retval = TEMP_FAILURE_RETRY(write(fd, &expire_time, sizeof(unsigned int)));
- if (retval < sizeof(unsigned int))
+ if (retval < (int)sizeof(unsigned int))
{
SECURE_SLOGE("%s", "Cannot write password");
close(fd);
/* Receive size of pwds */
retval = TEMP_FAILURE_RETRY(read(sockfd, &cur_pwd_len, sizeof(char)));
- if (retval < sizeof(char) || cur_pwd_len > SECURITY_SERVER_MAX_PASSWORD_LEN)
+ if (retval < (int)sizeof(char) || cur_pwd_len > SECURITY_SERVER_MAX_PASSWORD_LEN)
{
SECURE_SLOGE("Server Error: current password length recieve failed: %d, %d", retval, cur_pwd_len);
retval = send_generic_response(sockfd,
goto error;
}
retval = TEMP_FAILURE_RETRY(read(sockfd, &new_pwd_len, sizeof(char)));
- if (retval < sizeof(char) || new_pwd_len > SECURITY_SERVER_MAX_PASSWORD_LEN || new_pwd_len < 0)
+ if (retval < (int)sizeof(char) || new_pwd_len > SECURITY_SERVER_MAX_PASSWORD_LEN)
{
SECURE_SLOGE("Server Error: new password length recieve failed: %d, %d", retval, new_pwd_len);
retval = send_generic_response(sockfd,
}
goto error;
}
- requested_cur_pwd[cur_pwd_len] = 0;
+ requested_cur_pwd[(int)cur_pwd_len] = 0;
}
else /* Check first password set attempt but password is already set */
{
}
goto error;
}
- requested_new_pwd[new_pwd_len] = 0;
+ requested_new_pwd[(int)new_pwd_len] = 0;
/* Receive max attempt */
retval = TEMP_FAILURE_RETRY(read(sockfd, &received_attempts, sizeof(unsigned int)));
- if (retval < sizeof(unsigned int))
+ if (retval < (int)sizeof(unsigned int))
{
SEC_SVR_ERR("Sever Error: Max attempt receive failed: %d", retval);
retval = send_generic_response(sockfd,
/* Receive valid period */
retval = TEMP_FAILURE_RETRY(read(sockfd, &valid_days, sizeof(unsigned int)));
- if (retval < sizeof(unsigned int))
+ if (retval < (int)sizeof(unsigned int))
{
SEC_SVR_ERR("Sever Error: Max attempt receive failed: %d", retval);
retval = send_generic_response(sockfd,
/* Receive size of pwd */
retval = TEMP_FAILURE_RETRY(read(sockfd, &new_pwd_len, sizeof(char)));
- if (retval < sizeof(char) || new_pwd_len < 0 || new_pwd_len > SECURITY_SERVER_MAX_PASSWORD_LEN)
+ if (retval < (int)sizeof(char) || new_pwd_len > SECURITY_SERVER_MAX_PASSWORD_LEN)
{
SECURE_SLOGE("Server Error: new password length recieve failed: %d, %d", retval, new_pwd_len);
retval = send_generic_response(sockfd,
}
goto error;
}
- requested_new_pwd[new_pwd_len] = 0;
+ requested_new_pwd[(int)new_pwd_len] = 0;
/* Receive max attempt */
retval = TEMP_FAILURE_RETRY(read(sockfd, &received_attempts, sizeof(unsigned int)));
- if (retval < sizeof(unsigned int))
+ if (retval < (int)sizeof(unsigned int))
{
SEC_SVR_ERR("Sever Error: Max attempt receive failed: %d", retval);
retval = send_generic_response(sockfd,
/* Receive valid period */
retval = TEMP_FAILURE_RETRY(read(sockfd, &valid_days, sizeof(unsigned int)));
- if (retval < sizeof(unsigned int))
+ if (retval < (int)sizeof(unsigned int))
{
SEC_SVR_ERR("Sever Error: Max attempt receive failed: %d", retval);
retval = send_generic_response(sockfd,
/* Receive size of challenge */
retval = TEMP_FAILURE_RETRY(read(sockfd, &challenge_len, sizeof(char)));
- if (retval < sizeof(char) || challenge_len > SECURITY_SERVER_MAX_PASSWORD_LEN)
+ if (retval < (int)sizeof(char) || challenge_len > SECURITY_SERVER_MAX_PASSWORD_LEN)
{
SEC_SVR_ERR("Server ERROR: challenge length recieve failed: %d", retval);
retval = send_generic_response(sockfd,
}
goto error;
}
- requested_challenge[challenge_len] = 0;
+ requested_challenge[(int)challenge_len] = 0;
}
else
{
/* Receive size of pwds */
retval = TEMP_FAILURE_RETRY(read(sockfd, &history_num, sizeof(char)));
- if (retval < sizeof(char) || history_num > SECURITY_SERVER_MAX_PASSWORD_HISTORY || history_num < 0)
+ if (retval < (int)sizeof(char) || history_num > SECURITY_SERVER_MAX_PASSWORD_HISTORY)
{
SEC_SVR_ERR("Server Error: History number recieve failed: %d, %d", retval, history_num);
retval = send_generic_response(sockfd,
// this value (max challenge) for current password
retval = TEMP_FAILURE_RETRY(read(sockfd, &max_challenge, sizeof(unsigned int)));
- if (retval < sizeof(unsigned int))
+ if(retval < (int)sizeof(unsigned int))
{
SEC_SVR_ERR("Server Error: recieve failed: %d", retval);
retval = send_generic_response(sockfd,
// this value (validity) for current password
retval = TEMP_FAILURE_RETRY(read(sockfd, &validity, sizeof(unsigned int)));
- if (retval < sizeof(unsigned int))
+ if(retval < (int)sizeof(unsigned int))
{
SEC_SVR_ERR("Server Error: recieve failed: %d", retval);
retval = send_generic_response(sockfd,