#if 0
void printhex(unsigned char *data, int size)
{
- int i;
- for(i=0;i<size;i++)
- {
- if(data[i] < 0xF)
- printf("0");
-
- printf("%X ", data[i]);
- if(((i+1) % 16) == 0 && i != 0)
- printf("\n");
- }
- printf("\n");
+ int i;
+ for (i = 0; i < size; i++)
+ {
+ if (data[i] < 0xF)
+ printf("0");
+
+ printf("%X ", data[i]);
+ if (((i + 1) % 16) == 0 && i != 0)
+ printf("\n");
+ }
+ printf("\n");
}
char *read_cmdline_from_proc(pid_t pid)
{
- int memsize = 32;
- char path[32];
- char *cmdline = NULL;
-
- snprintf(path, sizeof(path), "/proc/%d/exe", pid);
-
- cmdline = malloc(32);
- if(cmdline == NULL)
- {
- SEC_SVR_DBG("%s", "Out of memory");
- goto error;
- }
-
- while(1)
- {
- bzero(cmdline, memsize);
- /* readlink() may have security hole in normal symbolic link. *
- * But this link is located at proc fs that only kernel can change */
- readlink(path, cmdline, memsize); /* FlawFinder: ignore */
-SEC_SVR_DBG("pid: %d, cmdline: %s", pid, cmdline);
-
- /* Check it's truncated */
- if(cmdline[memsize -1] != 0)
- {
- cmdline = (char *)realloc(cmdline, sizeof(char) * (memsize + 32));
- memsize += 32;
- if(cmdline == NULL)
- {
- SEC_SVR_DBG("%s", "Out of memory");
- goto error;
- }
- }
- else
- break;
- }
+ int memsize = 32;
+ char path[32];
+ char *cmdline = NULL;
+
+ snprintf(path, sizeof(path), "/proc/%d/exe", pid);
+
+ cmdline = malloc(32);
+ if (cmdline == NULL)
+ {
+ SEC_SVR_DBG("%s", "Out of memory");
+ goto error;
+ }
+
+ while (1)
+ {
+ bzero(cmdline, memsize);
+ /* readlink() may have security hole in normal symbolic link. *
+ * But this link is located at proc fs that only kernel can change */
+ readlink(path, cmdline, memsize); /* FlawFinder: ignore */
+ SEC_SVR_DBG("pid: %d, cmdline: %s", pid, cmdline);
+
+ /* Check it's truncated */
+ if (cmdline[memsize - 1] != 0)
+ {
+ cmdline = (char*)realloc(cmdline, sizeof(char) * (memsize + 32));
+ memsize += 32;
+ if (cmdline == NULL)
+ {
+ SEC_SVR_DBG("%s", "Out of memory");
+ goto error;
+ }
+ }
+ else
+ break;
+ }
error:
- return cmdline;
+ return cmdline;
}
#endif
/* We may need to filter error code */
int convert_to_public_error_code(int err_code)
{
- /* Do we need this? */
- return err_code;
+ /* Do we need this? */
+ return err_code;
}
static int send_exec_path_request(int sock_fd, pid_t pid)
{
- basic_header hdr;
- int retval;
- unsigned char buf[sizeof(hdr) + sizeof(pid)];
-
- /* Assemble header */
- hdr.version = SECURITY_SERVER_MSG_VERSION;
- hdr.msg_id = SECURITY_SERVER_MSG_TYPE_EXE_PATH_REQUEST;
- hdr.msg_len = sizeof(pid);
-
- memcpy(buf, &hdr, sizeof(hdr));
- memcpy(buf + sizeof(hdr), &pid, sizeof(pid));
-
- /* Check poll */
- retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(retval == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "poll() error");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- if(retval == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- SEC_SVR_ERR("%s", "poll() timeout");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
-
- /* Send to server */
- retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, sizeof(buf)));
- if(retval < (ssize_t)sizeof(buf))
- {
- /* Write error */
- SEC_SVR_ERR("Error on write(): %d", retval);
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- return SECURITY_SERVER_SUCCESS;
+ basic_header hdr;
+ int retval;
+ unsigned char buf[sizeof(hdr) + sizeof(pid)];
+
+ /* Assemble header */
+ hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.msg_id = SECURITY_SERVER_MSG_TYPE_EXE_PATH_REQUEST;
+ hdr.msg_len = sizeof(pid);
+
+ memcpy(buf, &hdr, sizeof(hdr));
+ memcpy(buf + sizeof(hdr), &pid, sizeof(pid));
+
+ /* Check poll */
+ retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (retval == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "poll() error");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ if (retval == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_ERR("%s", "poll() timeout");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+
+ /* Send to server */
+ retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, sizeof(buf)));
+ if (retval < (ssize_t)sizeof(buf))
+ {
+ /* Write error */
+ SEC_SVR_ERR("Error on write(): %d", retval);
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ return SECURITY_SERVER_SUCCESS;
}
-static int recv_exec_path_response(int sockfd, response_header *hdr, char** path)
+static int recv_exec_path_response(int sockfd, response_header *hdr, char **path)
{
- size_t size = 0;
- char* buf = NULL;
- int retval;
-
- if (*path)
- {
- SEC_SVR_ERR("path should be NULL");
- return SECURITY_SERVER_ERROR_INPUT_PARAM;
- }
-
- retval = recv_generic_response(sockfd, hdr);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Failed to get response: %d", retval);
- return return_code_to_error_code(hdr->return_code);
- }
-
- retval = TEMP_FAILURE_RETRY(read(sockfd, &size, sizeof(size_t)));
- if(retval < (ssize_t)sizeof(size_t) || size == 0 || size > MESSAGE_MAX_LEN)
- {
- /* Error on socket */
- SEC_SVR_ERR("read() failed: %d", retval);
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
- buf = (char*)malloc((size+1)*sizeof(char));
- if(!buf)
- {
- SEC_SVR_ERR("malloc() failed. Size requested: %d", size*sizeof(char));
- return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
- }
-
- retval = TEMP_FAILURE_RETRY(read(sockfd, buf, size));
- if(retval < (ssize_t)size)
- {
- /* Error on socket */
- SEC_SVR_ERR("read() failed: %d", retval);
- free(buf);
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
- // terminate string
- buf[size] = '\0';
-
- *path = buf;
- return SECURITY_SERVER_SUCCESS;
+ size_t size = 0;
+ char *buf = NULL;
+ int retval;
+
+ if (*path)
+ {
+ SEC_SVR_ERR("path should be NULL");
+ return SECURITY_SERVER_ERROR_INPUT_PARAM;
+ }
+
+ retval = recv_generic_response(sockfd, hdr);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Failed to get response: %d", retval);
+ return return_code_to_error_code(hdr->return_code);
+ }
+
+ retval = TEMP_FAILURE_RETRY(read(sockfd, &size, sizeof(size_t)));
+ if (retval < (ssize_t)sizeof(size_t) || size == 0 || size > MESSAGE_MAX_LEN)
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("read() failed: %d", retval);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+ buf = (char*)malloc((size + 1) * sizeof(char));
+ if (!buf)
+ {
+ SEC_SVR_ERR("malloc() failed. Size requested: %d", size * sizeof(char));
+ return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
+ }
+
+ retval = TEMP_FAILURE_RETRY(read(sockfd, buf, size));
+ if (retval < (ssize_t)size)
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("read() failed: %d", retval);
+ free(buf);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+ // terminate string
+ buf[size] = '\0';
+
+ *path = buf;
+ return SECURITY_SERVER_SUCCESS;
}
-static int get_exec_path(pid_t pid, char** exe)
+static int get_exec_path(pid_t pid, char **exe)
{
- int sockfd = -1;
- int ret = 0;
- char* path = NULL;
- response_header hdr;
- if (SECURITY_SERVER_SUCCESS != connect_to_server(&sockfd))
- goto out;
-
- ret = send_exec_path_request(sockfd, pid);
- if (ret != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- SEC_SVR_ERR("Client: Send failed: %d", ret);
- goto out;
- }
-
- ret = recv_exec_path_response(sockfd, &hdr, &path);
- if (ret != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Client: Recv failed: %d", ret);
- goto out;
- }
-
- ret = return_code_to_error_code(hdr.return_code);
- if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
- SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
- else if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_EXE_PATH_RESPONSE)
- {
- SEC_SVR_ERR("Client: Wrong response type.");
- ret = SECURITY_SERVER_ERROR_BAD_RESPONSE;
- }
+ int sockfd = -1;
+ int ret = 0;
+ char *path = NULL;
+ response_header hdr;
+ if (SECURITY_SERVER_SUCCESS != connect_to_server(&sockfd))
+ goto out;
+
+ ret = send_exec_path_request(sockfd, pid);
+ if (ret != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("Client: Send failed: %d", ret);
+ goto out;
+ }
+
+ ret = recv_exec_path_response(sockfd, &hdr, &path);
+ if (ret != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Client: Recv failed: %d", ret);
+ goto out;
+ }
+
+ ret = return_code_to_error_code(hdr.return_code);
+ if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
+ SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
+ else if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_EXE_PATH_RESPONSE)
+ {
+ SEC_SVR_ERR("Client: Wrong response type.");
+ ret = SECURITY_SERVER_ERROR_BAD_RESPONSE;
+ }
out:
- if (sockfd != -1)
- close(sockfd);
-
- if (ret == SECURITY_SERVER_SUCCESS)
- {
- *exe = path;
- path = NULL;
- }
- free(path);
- return ret;
+ if (sockfd != -1)
+ close(sockfd);
+
+ if (ret == SECURITY_SERVER_SUCCESS)
+ {
+ *exe = path;
+ path = NULL;
+ }
+ free(path);
+ return ret;
}
- SECURITY_SERVER_API
+SECURITY_SERVER_API
int security_server_get_gid(const char *object)
{
- int sockfd = -1, retval, gid;
- response_header hdr;
-
- if(object == NULL)
- {
- SEC_SVR_ERR("%s", "Client: object is null or object is too big");
- retval = SECURITY_SERVER_API_ERROR_INPUT_PARAM;
- goto error;
- }
- if( strlen(object) > SECURITY_SERVER_MAX_OBJ_NAME )
- {
- SEC_SVR_ERR("%s", "object is null or object is too big");
- retval = SECURITY_SERVER_API_ERROR_INPUT_PARAM;
- goto error;
- }
-
- if(strlen(object) == 0)
- {
- SEC_SVR_ERR("Client: object is is empty");
- retval = SECURITY_SERVER_API_ERROR_INPUT_PARAM;
- goto error;
- }
-
- SECURE_LOGD("%s", "Client: security_server_get_gid() is called");
- retval = connect_to_server(&sockfd);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- SEC_SVR_ERR("Connection failed: %d", retval);
- goto error;
- }
- SECURE_LOGD("%s", "Client: Security server has been connected");
-
- /* make request packet and send to server*/
- retval = send_gid_request(sockfd, object);
- SEC_SVR_DBG("%s", "Client: gid request has been sent");
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- SEC_SVR_ERR("Send gid request failed: %d", retval);
- goto error;
- }
-
- /* Receive response */
- retval = recv_get_gid_response(sockfd, &hdr, &gid);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Client: Receive response failed: %d", retval);
- goto error;
- }
- SEC_SVR_DBG("%s", "Client: get gid response has been received");
-
- if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_GID_RESPONSE) /* Wrong response */
- {
- if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
- {
- /* There must be some error */
- SEC_SVR_ERR("Client: It'll be an error. return code:%d", hdr.return_code);
- retval = return_code_to_error_code(hdr.return_code);
- goto error;
- }
- else
- {
- /* Something wrong with response */
- SEC_SVR_ERR("Client: Something wrong with response:%d", hdr.basic_hdr.msg_id);
- retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
- goto error;
- }
- }
-
- SEC_SVR_DBG("received gid is %d", gid);
- retval = gid;
+ int sockfd = -1, retval, gid;
+ response_header hdr;
+
+ if (object == NULL)
+ {
+ SEC_SVR_ERR("%s", "Client: object is null or object is too big");
+ retval = SECURITY_SERVER_API_ERROR_INPUT_PARAM;
+ goto error;
+ }
+ if (strlen(object) > SECURITY_SERVER_MAX_OBJ_NAME)
+ {
+ SEC_SVR_ERR("%s", "object is null or object is too big");
+ retval = SECURITY_SERVER_API_ERROR_INPUT_PARAM;
+ goto error;
+ }
+
+ if (strlen(object) == 0)
+ {
+ SEC_SVR_ERR("Client: object is is empty");
+ retval = SECURITY_SERVER_API_ERROR_INPUT_PARAM;
+ goto error;
+ }
+
+ SECURE_LOGD("%s", "Client: security_server_get_gid() is called");
+ retval = connect_to_server(&sockfd);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("Connection failed: %d", retval);
+ goto error;
+ }
+ SECURE_LOGD("%s", "Client: Security server has been connected");
+
+ /* make request packet and send to server*/
+ retval = send_gid_request(sockfd, object);
+ SEC_SVR_DBG("%s", "Client: gid request has been sent");
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("Send gid request failed: %d", retval);
+ goto error;
+ }
+
+ /* Receive response */
+ retval = recv_get_gid_response(sockfd, &hdr, &gid);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Client: Receive response failed: %d", retval);
+ goto error;
+ }
+ SEC_SVR_DBG("%s", "Client: get gid response has been received");
+
+ if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_GID_RESPONSE) /* Wrong response */
+ {
+ if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
+ {
+ /* There must be some error */
+ SEC_SVR_ERR("Client: It'll be an error. return code:%d", hdr.return_code);
+ retval = return_code_to_error_code(hdr.return_code);
+ goto error;
+ }
+ else
+ {
+ /* Something wrong with response */
+ SEC_SVR_ERR("Client: Something wrong with response:%d", hdr.basic_hdr.msg_id);
+ retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
+ goto error;
+ }
+ }
+
+ SEC_SVR_DBG("received gid is %d", gid);
+ retval = gid;
error:
- if(sockfd > 0)
- close(sockfd);
- /* If error happened */
- if(retval < 0)
- retval = convert_to_public_error_code(retval);
+ if (sockfd > 0)
+ close(sockfd);
+ /* If error happened */
+ if (retval < 0)
+ retval = convert_to_public_error_code(retval);
- return retval;
+ return retval;
}
- SECURITY_SERVER_API
+SECURITY_SERVER_API
int security_server_get_object_name(gid_t gid, char *object, size_t max_object_size)
{
- int sockfd = -1, retval;
- response_header hdr;
-
- if(object == NULL)
- {
- retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
- goto error;
- }
-
- retval = connect_to_server(&sockfd);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- SEC_SVR_ERR("Client: connect to server failed: %d", retval);
- goto error;
- }
-
- /* make request packet */
- retval = send_object_name_request(sockfd, gid);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- SEC_SVR_ERR("Client: cannot send request: %d", retval);
- goto error;
- }
-
- retval = recv_get_object_name(sockfd, &hdr, object, max_object_size);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Client: Receive response failed: %d", retval);
- goto error;
- }
-
- if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_RESPONSE) /* Wrong response */
- {
- if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
- {
- /* There must be some error */
- SEC_SVR_ERR("Client: There is error on response: return code:%d", hdr.basic_hdr.msg_id);
- retval = return_code_to_error_code(hdr.return_code);
- }
- else
- {
- /* Something wrong with response */
- SEC_SVR_ERR("Client: Some unexpected error happene: return code:%d", hdr.basic_hdr.msg_id);
- retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
- }
- goto error;
- }
+ int sockfd = -1, retval;
+ response_header hdr;
+
+ if (object == NULL)
+ {
+ retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
+ goto error;
+ }
+
+ retval = connect_to_server(&sockfd);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("Client: connect to server failed: %d", retval);
+ goto error;
+ }
+
+ /* make request packet */
+ retval = send_object_name_request(sockfd, gid);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("Client: cannot send request: %d", retval);
+ goto error;
+ }
+
+ retval = recv_get_object_name(sockfd, &hdr, object, max_object_size);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Client: Receive response failed: %d", retval);
+ goto error;
+ }
+
+ if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_RESPONSE) /* Wrong response */
+ {
+ if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
+ {
+ /* There must be some error */
+ SEC_SVR_ERR("Client: There is error on response: return code:%d", hdr.basic_hdr.msg_id);
+ retval = return_code_to_error_code(hdr.return_code);
+ }
+ else
+ {
+ /* Something wrong with response */
+ SEC_SVR_ERR("Client: Some unexpected error happene: return code:%d", hdr.basic_hdr.msg_id);
+ retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
+ }
+ goto error;
+ }
error:
- if(sockfd > 0)
- close(sockfd);
+ if (sockfd > 0)
+ close(sockfd);
- retval = convert_to_public_error_code(retval);
- return retval;
+ retval = convert_to_public_error_code(retval);
+ return retval;
}
- SECURITY_SERVER_API
+SECURITY_SERVER_API
int security_server_request_cookie(char *cookie, size_t max_cookie)
{
- int sockfd = -1, retval;
- response_header hdr;
-
- if(cookie == NULL)
- {
- retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
- goto error;
- }
- if(max_cookie < SECURITY_SERVER_COOKIE_LEN)
- {
- retval = SECURITY_SERVER_ERROR_BUFFER_TOO_SMALL;
- goto error;
- }
-
- SECURE_LOGD("%s", "Client: security_server_request_cookie() is called");
- retval = connect_to_server(&sockfd);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- SEC_SVR_ERR("%s", "Client: connection failed");
- goto error;
- }
-
- /* make request packet */
- retval = send_cookie_request(sockfd);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- SEC_SVR_ERR("Client: send cookie failed: %d", retval);
- goto error;
- }
- SEC_SVR_DBG("%s", "Client: cookie request sent");
- retval = recv_cookie(sockfd, &hdr, cookie);
-
- if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_COOKIE_RESPONSE) /* Wrong response */
- {
- if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
- {
- /* There must be some error */
- SEC_SVR_ERR("Client ERROR: There is an error on response. return code:%d", hdr.return_code);
- retval = return_code_to_error_code(hdr.return_code);
- }
- else
- {
- /* Something wrong with response */
- SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
- retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
- }
- goto error;
- }
- SEC_SVR_DBG("%s", "Client: cookie received");
+ int sockfd = -1, retval;
+ response_header hdr;
+
+ if (cookie == NULL)
+ {
+ retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
+ goto error;
+ }
+ if (max_cookie < SECURITY_SERVER_COOKIE_LEN)
+ {
+ retval = SECURITY_SERVER_ERROR_BUFFER_TOO_SMALL;
+ goto error;
+ }
+
+ SECURE_LOGD("%s", "Client: security_server_request_cookie() is called");
+ retval = connect_to_server(&sockfd);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("%s", "Client: connection failed");
+ goto error;
+ }
+
+ /* make request packet */
+ retval = send_cookie_request(sockfd);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("Client: send cookie failed: %d", retval);
+ goto error;
+ }
+ SEC_SVR_DBG("%s", "Client: cookie request sent");
+ retval = recv_cookie(sockfd, &hdr, cookie);
+
+ if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_COOKIE_RESPONSE) /* Wrong response */
+ {
+ if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
+ {
+ /* There must be some error */
+ SEC_SVR_ERR("Client ERROR: There is an error on response. return code:%d", hdr.return_code);
+ retval = return_code_to_error_code(hdr.return_code);
+ }
+ else
+ {
+ /* Something wrong with response */
+ SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
+ retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
+ }
+ goto error;
+ }
+ SEC_SVR_DBG("%s", "Client: cookie received");
error:
- if(sockfd > 0)
- close(sockfd);
+ if (sockfd > 0)
+ close(sockfd);
- retval = convert_to_public_error_code(retval);
- return retval;
+ retval = convert_to_public_error_code(retval);
+ return retval;
}
- SECURITY_SERVER_API
+SECURITY_SERVER_API
int security_server_check_privilege(const char *cookie, gid_t privilege)
{
- int sockfd = -1, retval;
- response_header hdr;
-
- if(cookie == NULL)
- {
- retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
- goto error;
- }
-
- retval = connect_to_server(&sockfd);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- goto error;
- }
-
- /* make request packet */
- retval = send_privilege_check_request(sockfd, cookie, privilege);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- SEC_SVR_ERR("Send failed: %d", retval);
- goto error;
- }
-
- retval = recv_privilege_check_response(sockfd, &hdr);
-
- retval = return_code_to_error_code(hdr.return_code);
- if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE) /* Wrong response */
- {
- if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
- {
- /* There must be some error */
- SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
- }
- else
- {
- /* Something wrong with response */
- SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
- retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
- }
- goto error;
- }
+ int sockfd = -1, retval;
+ response_header hdr;
+
+ if (cookie == NULL)
+ {
+ retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
+ goto error;
+ }
+
+ retval = connect_to_server(&sockfd);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ goto error;
+ }
+
+ /* make request packet */
+ retval = send_privilege_check_request(sockfd, cookie, privilege);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("Send failed: %d", retval);
+ goto error;
+ }
+
+ retval = recv_privilege_check_response(sockfd, &hdr);
+
+ retval = return_code_to_error_code(hdr.return_code);
+ if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE) /* Wrong response */
+ {
+ if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
+ {
+ /* There must be some error */
+ SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
+ }
+ else
+ {
+ /* Something wrong with response */
+ SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
+ retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
+ }
+ goto error;
+ }
error:
- if(sockfd > 0)
- close(sockfd);
+ if (sockfd > 0)
+ close(sockfd);
- retval = convert_to_public_error_code(retval);
- return retval;
+ retval = convert_to_public_error_code(retval);
+ return retval;
}
- SECURITY_SERVER_API
+SECURITY_SERVER_API
int security_server_check_privilege_by_cookie(const char *cookie,
const char *object,
const char *access_rights)
{
- int sockfd = -1, retval;
- int olen, alen;
- response_header hdr;
-
- if(cookie == NULL || object == NULL || access_rights == NULL)
- {
- retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
- goto error;
- }
-
- olen = strlen(object);
- alen = strlen(access_rights);
-
- if (olen > SMACK_LABEL_LEN || alen > MAX_MODE_STR_LEN)
- {
- retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
- goto error;
- }
-
- retval = connect_to_server(&sockfd);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- goto error;
- }
-
- /* make request packet */
- retval = send_privilege_check_new_request(
- sockfd, cookie, object, access_rights);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- SEC_SVR_ERR("Send failed: %d", retval);
- goto error;
- }
-
- retval = recv_privilege_check_new_response(sockfd, &hdr);
-
- retval = return_code_to_error_code(hdr.return_code);
- if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_RESPONSE)
- /* Wrong response */
- {
- if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
- {
- /* There must be some error */
- SEC_SVR_ERR("Client: Error has been received. return code:%d",
- hdr.return_code);
- }
- else
- {
- /* Something wrong with response */
- SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
- retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
- }
- goto error;
- }
+ int sockfd = -1, retval;
+ int olen, alen;
+ response_header hdr;
+
+ if (cookie == NULL || object == NULL || access_rights == NULL)
+ {
+ retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
+ goto error;
+ }
+
+ olen = strlen(object);
+ alen = strlen(access_rights);
+
+ if (olen > SMACK_LABEL_LEN || alen > MAX_MODE_STR_LEN)
+ {
+ retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
+ goto error;
+ }
+
+ retval = connect_to_server(&sockfd);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ goto error;
+ }
+
+ /* make request packet */
+ retval = send_privilege_check_new_request(
+ sockfd, cookie, object, access_rights);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("Send failed: %d", retval);
+ goto error;
+ }
+
+ retval = recv_privilege_check_new_response(sockfd, &hdr);
+
+ retval = return_code_to_error_code(hdr.return_code);
+ if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_RESPONSE)
+ /* Wrong response */
+ {
+ if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
+ {
+ /* There must be some error */
+ SEC_SVR_ERR("Client: Error has been received. return code:%d",
+ hdr.return_code);
+ }
+ else
+ {
+ /* Something wrong with response */
+ SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
+ retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
+ }
+ goto error;
+ }
error:
- if(sockfd >= 0)
- close(sockfd);
+ if (sockfd >= 0)
+ close(sockfd);
- retval = convert_to_public_error_code(retval);
- return retval;
+ retval = convert_to_public_error_code(retval);
+ return retval;
}
- SECURITY_SERVER_API
+SECURITY_SERVER_API
int security_server_check_privilege_by_sockfd(int sockfd,
const char *object,
const char *access_rights)
{
char *subject;
int ret;
- char * path = NULL;
+ char *path = NULL;
//for get socket options
struct ucred cr;
free(subject);
if (ret == 1)
{
- return SECURITY_SERVER_API_SUCCESS;
+ return SECURITY_SERVER_API_SUCCESS;
+ }
+ else
+ {
+ return SECURITY_SERVER_API_ERROR_ACCESS_DENIED;
+ }
+}
+
+
+SECURITY_SERVER_API
+int security_server_get_cookie_size(void)
+{
+ return SECURITY_SERVER_COOKIE_LEN;
+}
+
+
+
+SECURITY_SERVER_API
+int security_server_get_cookie_pid(const char *cookie)
+{
+ int sockfd = -1, retval, pid = -1;
+ response_header hdr;
+
+ if (cookie == NULL)
+ {
+ retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
+ goto error;
+ }
+
+ retval = connect_to_server(&sockfd);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ goto error;
+ }
+
+ /* make request packet */
+ retval = send_pid_request(sockfd, cookie);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("Client: Send failed: %d", retval);
+ goto error;
+ }
+
+ retval = recv_pid_response(sockfd, &hdr, &pid);
+
+ retval = return_code_to_error_code(hdr.return_code);
+ if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_PID_RESPONSE) /* Wrong response */
+ {
+ if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
+ {
+ /* There must be some error */
+ SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
+ }
+ else
+ {
+ /* Something wrong with response */
+ SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
+ retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
+ }
+ goto error;
+ }
+ if (hdr.return_code == SECURITY_SERVER_RETURN_CODE_NO_SUCH_COOKIE)
+ {
+ SEC_SVR_ERR("%s"," Client: There is no such cookie exist");
+ }
+
+error:
+ if (sockfd > 0)
+ close(sockfd);
+
+ retval = convert_to_public_error_code(retval);
+ if (retval == 0)
+ return pid;
+
+ return retval;
+}
+
+
+
+SECURITY_SERVER_API
+int security_server_launch_debug_tool(int argc, const char **argv)
+{
+ int sockfd = -1, retval;
+ response_header hdr;
+
+ if (argc < 1 || argv == NULL || argv[0] == NULL)
+ {
+ retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
+ goto error;
+ }
+
+ if (argc == 1)
+ {
+ if (strcmp(argv[0], SECURITY_SERVER_KILL_APP_PATH) != 0)
+ {
+ retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
+ goto error;
+ }
+ }
+
+ /* Check the caller is developer shell */
+ retval = getuid();
+ if (retval != SECURITY_SERVER_DEVELOPER_UID)
+ {
+ SEC_SVR_ERR("Client: It's not allowed to call this API by uid %d", retval);
+ retval = SECURITY_SERVER_ERROR_AUTHENTICATION_FAILED;
+ goto error;
+ }
+
+ retval = connect_to_server(&sockfd);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ goto error;
+ }
+
+ /* make request packet */
+ retval = send_launch_tool_request(sockfd, argc, argv);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("Client: Send failed: %d", retval);
+ goto error;
}
- else
+
+ retval = recv_generic_response(sockfd, &hdr);
+
+ retval = return_code_to_error_code(hdr.return_code);
+ if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE) /* Wrong response */
{
- return SECURITY_SERVER_API_ERROR_ACCESS_DENIED;
+ if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
+ {
+ /* There must be some error */
+ SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
+ }
+ else
+ {
+ /* Something wrong with response */
+ SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
+ retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
+ }
+ goto error;
}
-}
+error:
+ if (sockfd > 0)
+ close(sockfd);
- SECURITY_SERVER_API
-int security_server_get_cookie_size(void)
-{
- return SECURITY_SERVER_COOKIE_LEN;
+ retval = convert_to_public_error_code(retval);
+ return retval;
}
- SECURITY_SERVER_API
-int security_server_get_cookie_pid(const char *cookie)
+SECURITY_SERVER_API
+int security_server_is_pwd_valid(unsigned int *current_attempts,
+ unsigned int *max_attempts,
+ unsigned int *valid_secs)
{
- int sockfd = -1, retval, pid = -1;
- response_header hdr;
-
- if(cookie == NULL)
- {
- retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
- goto error;
- }
-
- retval = connect_to_server(&sockfd);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- goto error;
- }
-
- /* make request packet */
- retval = send_pid_request(sockfd, cookie);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- SEC_SVR_ERR("Client: Send failed: %d", retval);
- goto error;
- }
-
- retval = recv_pid_response(sockfd, &hdr, &pid);
-
- retval = return_code_to_error_code(hdr.return_code);
- if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_PID_RESPONSE) /* Wrong response */
- {
- if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
- {
- /* There must be some error */
- SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
- }
- else
- {
- /* Something wrong with response */
- SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
- retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
- }
- goto error;
- }
- if(hdr.return_code == SECURITY_SERVER_RETURN_CODE_NO_SUCH_COOKIE)
- {
- SEC_SVR_ERR("%s"," Client: There is no such cookie exist");
- }
-
-error:
- if(sockfd > 0)
- close(sockfd);
+ int sockfd = -1, retval = SECURITY_SERVER_ERROR_UNKNOWN;
+ response_header hdr;
- retval = convert_to_public_error_code(retval);
- if(retval == 0)
- return pid;
+ if (current_attempts == NULL || max_attempts == NULL || valid_secs == NULL)
+ {
+ retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
+ goto error;
+ }
- return retval;
-}
+ /* Authenticate self that is setting app goes here */
+ /* 1st, check cmdline which is setting app */
+ /* 2nd, check /proc/self/attr/current for the SMACK label */
+ retval = connect_to_server(&sockfd);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ goto error;
+ }
+ /* make request packet */
+ retval = send_valid_pwd_request(sockfd);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("Client: Send failed: %d", retval);
+ goto error;
+ }
- SECURITY_SERVER_API
-int security_server_launch_debug_tool(int argc, const char **argv)
-{
- int sockfd = -1, retval;
- response_header hdr;
-
- if(argc < 1 || argv == NULL || argv[0] == NULL)
- {
- retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
- goto error;
- }
-
- if(argc == 1)
- {
- if(strcmp(argv[0], SECURITY_SERVER_KILL_APP_PATH) != 0)
- {
- retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
- goto error;
- }
- }
-
- /* Check the caller is developer shell */
- retval = getuid();
- if(retval != SECURITY_SERVER_DEVELOPER_UID)
- {
- SEC_SVR_ERR("Client: It's not allowed to call this API by uid %d", retval);
- retval = SECURITY_SERVER_ERROR_AUTHENTICATION_FAILED;
- goto error;
- }
-
- retval = connect_to_server(&sockfd);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- goto error;
- }
-
- /* make request packet */
- retval = send_launch_tool_request(sockfd, argc, argv);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- SEC_SVR_ERR("Client: Send failed: %d", retval);
- goto error;
- }
-
- retval = recv_generic_response(sockfd, &hdr);
-
- retval = return_code_to_error_code(hdr.return_code);
- if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE) /* Wrong response */
- {
- if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
- {
- /* There must be some error */
- SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
- }
- else
- {
- /* Something wrong with response */
- SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
- retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
- }
- goto error;
- }
+ retval = recv_pwd_response(sockfd, &hdr, current_attempts, max_attempts, valid_secs);
+ retval = return_code_to_error_code(hdr.return_code);
+ if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_VALID_PWD_RESPONSE) /* Wrong response */
+ {
+ if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_VALID_PWD_RESPONSE)
+ {
+ /* There must be some error */
+ SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
+ }
+ else
+ {
+ /* Something wrong with response */
+ SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
+ retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
+ }
+ goto error;
+ }
error:
- if(sockfd > 0)
- close(sockfd);
+ if (sockfd > 0)
+ close(sockfd);
- retval = convert_to_public_error_code(retval);
- return retval;
+ retval = convert_to_public_error_code(retval);
+ return retval;
}
- SECURITY_SERVER_API
-int security_server_is_pwd_valid(unsigned int *current_attempts,
- unsigned int *max_attempts,
- unsigned int *valid_secs)
+SECURITY_SERVER_API
+int security_server_set_pwd(const char *cur_pwd,
+ const char *new_pwd,
+ const unsigned int max_challenge,
+ const unsigned int valid_period_in_days)
{
- int sockfd = -1, retval = SECURITY_SERVER_ERROR_UNKNOWN;
- response_header hdr;
-
- if(current_attempts == NULL || max_attempts == NULL ||valid_secs == NULL)
- {
- retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
- goto error;
- }
-
- /* Authenticate self that is setting app goes here */
- /* 1st, check cmdline which is setting app */
- /* 2nd, check /proc/self/attr/current for the SMACK label */
-
- retval = connect_to_server(&sockfd);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- goto error;
- }
-
- /* make request packet */
- retval = send_valid_pwd_request(sockfd);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- SEC_SVR_ERR("Client: Send failed: %d", retval);
- goto error;
- }
-
- retval = recv_pwd_response(sockfd, &hdr, current_attempts, max_attempts, valid_secs);
-
- retval = return_code_to_error_code(hdr.return_code);
- if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_VALID_PWD_RESPONSE) /* Wrong response */
- {
- if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_VALID_PWD_RESPONSE)
- {
- /* There must be some error */
- SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
- }
- else
- {
- /* Something wrong with response */
- SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
- retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
- }
- goto error;
- }
-error:
- if(sockfd > 0)
- close(sockfd);
+ int sockfd = -1, retval;
+ response_header hdr;
- retval = convert_to_public_error_code(retval);
- return retval;
-}
+ if (new_pwd == NULL || strlen(new_pwd) > SECURITY_SERVER_MAX_PASSWORD_LEN)
+ {
+ retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
+ goto error;
+ }
+ /* Authenticate self that is setting app goes here */
+ /* 1st, check cmdline which is setting app */
+ /* 2nd, check /proc/self/attr/current for the SMACK label */
+ retval = connect_to_server(&sockfd);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ goto error;
+ }
- SECURITY_SERVER_API
-int security_server_set_pwd(const char *cur_pwd,
- const char *new_pwd,
- const unsigned int max_challenge,
- const unsigned int valid_period_in_days)
-{
- int sockfd = -1, retval;
- response_header hdr;
-
- if(new_pwd == NULL || strlen(new_pwd) > SECURITY_SERVER_MAX_PASSWORD_LEN)
- {
- retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
- goto error;
- }
-
- /* Authenticate self that is setting app goes here */
- /* 1st, check cmdline which is setting app */
- /* 2nd, check /proc/self/attr/current for the SMACK label */
-
- retval = connect_to_server(&sockfd);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- goto error;
- }
-
- /* make request packet */
- retval = send_set_pwd_request(sockfd, cur_pwd, new_pwd, max_challenge, valid_period_in_days);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- SEC_SVR_ERR("Client: Send failed: %d", retval);
- goto error;
- }
-
- retval = recv_generic_response(sockfd, &hdr);
-
- retval = return_code_to_error_code(hdr.return_code);
- if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE) /* Wrong response */
- {
- if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
- {
- /* There must be some error */
- SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
- }
- else
- {
- /* Something wrong with response */
- SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
- retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
- }
- goto error;
- }
+ /* make request packet */
+ retval = send_set_pwd_request(sockfd, cur_pwd, new_pwd, max_challenge, valid_period_in_days);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("Client: Send failed: %d", retval);
+ goto error;
+ }
+
+ retval = recv_generic_response(sockfd, &hdr);
+
+ retval = return_code_to_error_code(hdr.return_code);
+ if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE) /* Wrong response */
+ {
+ if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
+ {
+ /* There must be some error */
+ SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
+ }
+ else
+ {
+ /* Something wrong with response */
+ SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
+ retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
+ }
+ goto error;
+ }
error:
- if(sockfd > 0)
- close(sockfd);
+ if (sockfd > 0)
+ close(sockfd);
- retval = convert_to_public_error_code(retval);
- return retval;
+ retval = convert_to_public_error_code(retval);
+ return retval;
}
- SECURITY_SERVER_API
+SECURITY_SERVER_API
int security_server_set_pwd_validity(const unsigned int valid_period_in_days)
{
int sockfd = -1, retval;
response_header hdr;
retval = connect_to_server(&sockfd);
- if(retval != SECURITY_SERVER_SUCCESS)
+ if (retval != SECURITY_SERVER_SUCCESS)
{
/* Error on socket */
goto error;
/* make request packet */
retval = send_set_pwd_validity_request(sockfd, valid_period_in_days);
- if(retval != SECURITY_SERVER_SUCCESS)
+ if (retval != SECURITY_SERVER_SUCCESS)
{
/* Error on socket */
SEC_SVR_ERR("Client: Send failed: %d", retval);
retval = recv_generic_response(sockfd, &hdr);
retval = return_code_to_error_code(hdr.return_code);
- if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_RESPONSE) /* Wrong response */
+ if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_RESPONSE) /* Wrong response */
{
- if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
+ if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
{
/* There must be some error */
SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
goto error;
}
error:
- if(sockfd > 0)
+ if (sockfd > 0)
close(sockfd);
retval = convert_to_public_error_code(retval);
return retval;
}
- SECURITY_SERVER_API
+SECURITY_SERVER_API
int security_server_set_pwd_max_challenge(const unsigned int max_challenge)
{
int sockfd = -1, retval;
response_header hdr;
retval = connect_to_server(&sockfd);
- if(retval != SECURITY_SERVER_SUCCESS)
+ if (retval != SECURITY_SERVER_SUCCESS)
{
/* Error on socket */
goto error;
/* make request packet */
retval = send_set_pwd_max_challenge_request(sockfd, max_challenge);
- if(retval != SECURITY_SERVER_SUCCESS)
+ if (retval != SECURITY_SERVER_SUCCESS)
{
/* Error on socket */
SEC_SVR_ERR("Client: Send failed: %d", retval);
retval = recv_generic_response(sockfd, &hdr);
retval = return_code_to_error_code(hdr.return_code);
- if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_RESPONSE) /* Wrong response */
+ if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_RESPONSE) /* Wrong response */
{
- if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
+ if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
{
/* There must be some error */
SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
goto error;
}
error:
- if(sockfd > 0)
+ if (sockfd > 0)
close(sockfd);
retval = convert_to_public_error_code(retval);
- SECURITY_SERVER_API
+SECURITY_SERVER_API
int security_server_reset_pwd(const char *new_pwd,
- const unsigned int max_challenge,
- const unsigned int valid_period_in_days)
+ const unsigned int max_challenge,
+ const unsigned int valid_period_in_days)
{
- int sockfd = -1, retval;
- response_header hdr;
-
- if(new_pwd == NULL || strlen(new_pwd) > SECURITY_SERVER_MAX_PASSWORD_LEN)
- {
- retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
- goto error;
- }
-
- /* Authenticate self that is setting app goes here */
- /* 1st, check cmdline which is setting app */
- /* 2nd, check /proc/self/attr/current for the SMACK label */
-
- retval = connect_to_server(&sockfd);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- goto error;
- }
-
- /* make request packet */
- retval = send_reset_pwd_request(sockfd, new_pwd, max_challenge, valid_period_in_days);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- SEC_SVR_ERR("Client: Send failed: %d", retval);
- goto error;
- }
-
- retval = recv_generic_response(sockfd, &hdr);
-
- retval = return_code_to_error_code(hdr.return_code);
- if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_RESET_PWD_RESPONSE) /* Wrong response */
- {
- if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
- {
- /* There must be some error */
- SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
- }
- else
- {
- /* Something wrong with response */
- SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
- retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
- }
- goto error;
- }
+ int sockfd = -1, retval;
+ response_header hdr;
+
+ if (new_pwd == NULL || strlen(new_pwd) > SECURITY_SERVER_MAX_PASSWORD_LEN)
+ {
+ retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
+ goto error;
+ }
+
+ /* Authenticate self that is setting app goes here */
+ /* 1st, check cmdline which is setting app */
+ /* 2nd, check /proc/self/attr/current for the SMACK label */
+
+ retval = connect_to_server(&sockfd);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ goto error;
+ }
+
+ /* make request packet */
+ retval = send_reset_pwd_request(sockfd, new_pwd, max_challenge, valid_period_in_days);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("Client: Send failed: %d", retval);
+ goto error;
+ }
+
+ retval = recv_generic_response(sockfd, &hdr);
+
+ retval = return_code_to_error_code(hdr.return_code);
+ if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_RESET_PWD_RESPONSE) /* Wrong response */
+ {
+ if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
+ {
+ /* There must be some error */
+ SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
+ }
+ else
+ {
+ /* Something wrong with response */
+ SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
+ retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
+ }
+ goto error;
+ }
error:
- if(sockfd > 0)
- close(sockfd);
+ if (sockfd > 0)
+ close(sockfd);
- retval = convert_to_public_error_code(retval);
- return retval;
+ retval = convert_to_public_error_code(retval);
+ return retval;
}
- SECURITY_SERVER_API
+SECURITY_SERVER_API
int security_server_chk_pwd(const char *challenge,
- unsigned int *current_attempt,
- unsigned int *max_attempts,
- unsigned int *valid_secs)
+ unsigned int *current_attempt,
+ unsigned int *max_attempts,
+ unsigned int *valid_secs)
{
- int sockfd = -1, retval;
- response_header hdr;
-
- if(challenge == NULL || strlen(challenge) > SECURITY_SERVER_MAX_PASSWORD_LEN
- || current_attempt == NULL || max_attempts == NULL || valid_secs == NULL)
- {
- retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
- goto error;
- }
-
- /* Authenticate self goes here */
-
- retval = connect_to_server(&sockfd);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- goto error;
- }
-
- /* make request packet */
- retval = send_chk_pwd_request(sockfd, challenge);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- SEC_SVR_ERR("Client: Send failed: %d", retval);
- goto error;
- }
-
- retval = recv_pwd_response(sockfd, &hdr, current_attempt, max_attempts, valid_secs);
-
- retval = return_code_to_error_code(hdr.return_code);
- if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE) /* Wrong response */
- {
- if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
- {
- /* There must be some error */
- SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
- }
- else
- {
- /* Something wrong with response */
- SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
- retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
- }
- goto error;
- }
+ int sockfd = -1, retval;
+ response_header hdr;
+
+ if (challenge == NULL || strlen(challenge) > SECURITY_SERVER_MAX_PASSWORD_LEN
+ || current_attempt == NULL || max_attempts == NULL || valid_secs == NULL)
+ {
+ retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
+ goto error;
+ }
+
+ /* Authenticate self goes here */
+
+ retval = connect_to_server(&sockfd);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ goto error;
+ }
+
+ /* make request packet */
+ retval = send_chk_pwd_request(sockfd, challenge);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("Client: Send failed: %d", retval);
+ goto error;
+ }
+
+ retval = recv_pwd_response(sockfd, &hdr, current_attempt, max_attempts, valid_secs);
+
+ retval = return_code_to_error_code(hdr.return_code);
+ if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE) /* Wrong response */
+ {
+ if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
+ {
+ /* There must be some error */
+ SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
+ }
+ else
+ {
+ /* Something wrong with response */
+ SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
+ retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
+ }
+ goto error;
+ }
error:
- if(sockfd > 0)
- close(sockfd);
+ if (sockfd > 0)
+ close(sockfd);
- retval = convert_to_public_error_code(retval);
- return retval;
+ retval = convert_to_public_error_code(retval);
+ return retval;
}
- SECURITY_SERVER_API
+SECURITY_SERVER_API
int security_server_set_pwd_history(int number_of_history)
{
- int sockfd = -1, retval;
- response_header hdr;
-
- if(number_of_history > SECURITY_SERVER_MAX_PASSWORD_HISTORY || number_of_history < 0)
- return SECURITY_SERVER_API_ERROR_INPUT_PARAM;
-
- /* Authenticate self that is setting app goes here */
- /* 1st, check cmdline which is setting app */
- /* 2nd, check /proc/self/attr/current for the SMACK label */
-
- retval = connect_to_server(&sockfd);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- goto error;
- }
-
- /* make request packet */
- retval = send_set_pwd_history_request(sockfd, number_of_history);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- SEC_SVR_ERR("Client: Send failed: %d", retval);
- goto error;
- }
- retval = recv_generic_response(sockfd, &hdr);
-
- retval = return_code_to_error_code(hdr.return_code);
- if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_SET_PWD_HISTORY_RESPONSE) /* Wrong response */
- {
- if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
- {
- /* There must be some error */
- SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
- }
- else
- {
- /* Something wrong with response */
- SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
- retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
- }
- goto error;
- }
+ int sockfd = -1, retval;
+ response_header hdr;
+
+ if (number_of_history > SECURITY_SERVER_MAX_PASSWORD_HISTORY || number_of_history < 0)
+ return SECURITY_SERVER_API_ERROR_INPUT_PARAM;
+
+ /* Authenticate self that is setting app goes here */
+ /* 1st, check cmdline which is setting app */
+ /* 2nd, check /proc/self/attr/current for the SMACK label */
+
+ retval = connect_to_server(&sockfd);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ goto error;
+ }
+
+ /* make request packet */
+ retval = send_set_pwd_history_request(sockfd, number_of_history);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("Client: Send failed: %d", retval);
+ goto error;
+ }
+ retval = recv_generic_response(sockfd, &hdr);
+
+ retval = return_code_to_error_code(hdr.return_code);
+ if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_SET_PWD_HISTORY_RESPONSE) /* Wrong response */
+ {
+ if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
+ {
+ /* There must be some error */
+ SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
+ }
+ else
+ {
+ /* Something wrong with response */
+ SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
+ retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
+ }
+ goto error;
+ }
error:
- if(sockfd > 0)
- close(sockfd);
+ if (sockfd > 0)
+ close(sockfd);
- retval = convert_to_public_error_code(retval);
- return retval;
+ retval = convert_to_public_error_code(retval);
+ return retval;
}
SECURITY_SERVER_API
-char * security_server_get_smacklabel_cookie(const char * cookie)
+char *security_server_get_smacklabel_cookie(const char *cookie)
{
- char * label = NULL;
+ char *label = NULL;
int sockfd = -1, retval;
response_header hdr;
- if(cookie == NULL)
+ if (cookie == NULL)
{
retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
goto error;
}
retval = connect_to_server(&sockfd);
- if(retval != SECURITY_SERVER_SUCCESS)
+ if (retval != SECURITY_SERVER_SUCCESS)
{
/* Error on socket */
goto error;
/* make request packet */
retval = send_smack_request(sockfd, cookie);
- if(retval != SECURITY_SERVER_SUCCESS)
+ if (retval != SECURITY_SERVER_SUCCESS)
{
/* Error on socket */
SEC_SVR_ERR("Client: Send failed: %d", retval);
//allocating buffer for storing SMACK label received from server
label = calloc(SMACK_LABEL_LEN + 1, 1);
- if(NULL == label)
+ if (NULL == label)
{
SEC_SVR_ERR("Client ERROR: Memory allocation error");
goto error;
retval = recv_smack_response(sockfd, &hdr, label);
retval = return_code_to_error_code(hdr.return_code);
- if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_SMACK_RESPONSE) /* Wrong response */
+ if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_SMACK_RESPONSE) /* Wrong response */
{
- if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
+ if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
{
/* There must be some error */
SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
}
goto error;
}
- if(hdr.return_code == SECURITY_SERVER_RETURN_CODE_NO_SUCH_COOKIE)
+ if (hdr.return_code == SECURITY_SERVER_RETURN_CODE_NO_SUCH_COOKIE)
{
SEC_SVR_ERR("%s"," Client: There is no such cookie exist");
}
error:
- if(sockfd > 0)
+ if (sockfd > 0)
close(sockfd);
retval = convert_to_public_error_code(retval);
- if(retval == 0)
+ if (retval == 0)
return label;
- if(NULL != label)
+ if (NULL != label)
free(label);
return NULL;
}
SECURITY_SERVER_API
-char * security_server_get_smacklabel_sockfd(int fd)
+char *security_server_get_smacklabel_sockfd(int fd)
{
- char * label = NULL;
+ char *label = NULL;
if (!smack_check())
{
return SECURITY_SERVER_SUCCESS;
retval = connect_to_server(&sockfd);
- if(retval != SECURITY_SERVER_SUCCESS)
+ if (retval != SECURITY_SERVER_SUCCESS)
{
/* Error on socket */
goto out;
}
retval = send_app_give_access(sockfd, customer_label, customer_pid);
- if(retval != SECURITY_SERVER_SUCCESS)
+ if (retval != SECURITY_SERVER_SUCCESS)
{
/* Error on socket */
SEC_SVR_ERR("Client: Send failed: %d", retval);
retval = recv_generic_response(sockfd, &hdr);
retval = return_code_to_error_code(hdr.return_code);
- if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE) {
+ if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE) {
SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
} else if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_APP_GIVE_ACCESS_RESPONSE) {
SEC_SVR_ERR("Client: Wrong response type.");
retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
}
out:
- if(sockfd > 0)
+ if (sockfd > 0)
close(sockfd);
return convert_to_public_error_code(retval);
}
//debug info about checking result
-
+
if (hdr.return_code == SECURITY_SERVER_RETURN_CODE_SUCCESS) {
SEC_SVR_DBG("%s","Client: There is privilege match");
retval = SECURITY_SERVER_SUCCESS;
}
error:
- if(sockfd > 0)
+ if (sockfd > 0)
close(sockfd);
retval = convert_to_public_error_code(retval);
void printhex(const unsigned char *data, int size)
{
- int i;
- for(i=0;i<size;i++)
- {
- if(data[i] < 0xF)
- printf("0");
-
- printf("%X ", data[i]);
- if(((i+1) % 16) == 0 && i != 0)
- printf("\n");
- }
- printf("\n");
+ int i;
+ for (i = 0; i < size; i++)
+ {
+ if (data[i] < 0xF)
+ printf("0");
+
+ printf("%X ", data[i]);
+ if (((i + 1) % 16) == 0 && i != 0)
+ printf("\n");
+ }
+ printf("\n");
}
/* Return code in packet is positive integer *
* We need to convert them to error code which are negative integer */
int return_code_to_error_code(int ret_code)
{
- int ret;
- switch(ret_code)
- {
- case SECURITY_SERVER_RETURN_CODE_SUCCESS:
- case SECURITY_SERVER_RETURN_CODE_ACCESS_GRANTED:
- ret = SECURITY_SERVER_SUCCESS;
- break;
- case SECURITY_SERVER_RETURN_CODE_BAD_REQUEST:
- ret = SECURITY_SERVER_ERROR_BAD_REQUEST;
- break;
- case SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED:
- ret = SECURITY_SERVER_ERROR_AUTHENTICATION_FAILED;
- break;
- case SECURITY_SERVER_RETURN_CODE_ACCESS_DENIED:
- ret = SECURITY_SERVER_ERROR_ACCESS_DENIED;
- break;
- case SECURITY_SERVER_RETURN_CODE_NO_SUCH_OBJECT:
- ret = SECURITY_SERVER_ERROR_NO_SUCH_OBJECT;
- break;
- case SECURITY_SERVER_RETURN_CODE_SERVER_ERROR:
- ret = SECURITY_SERVER_ERROR_SERVER_ERROR;
- break;
- case SECURITY_SERVER_RETURN_CODE_NO_SUCH_COOKIE:
- ret = SECURITY_SERVER_ERROR_NO_SUCH_COOKIE;
- break;
- case SECURITY_SERVER_RETURN_CODE_NO_PASSWORD:
- ret = SECURITY_SERVER_ERROR_NO_PASSWORD;
- break;
- case SECURITY_SERVER_RETURN_CODE_PASSWORD_EXIST:
- ret = SECURITY_SERVER_ERROR_PASSWORD_EXIST;
- break;
- case SECURITY_SERVER_RETURN_CODE_PASSWORD_MISMATCH:
- ret = SECURITY_SERVER_ERROR_PASSWORD_MISMATCH;
- break;
- case SECURITY_SERVER_RETURN_CODE_PASSWORD_RETRY_TIMER:
- ret = SECURITY_SERVER_ERROR_PASSWORD_RETRY_TIMER;
- break;
- case SECURITY_SERVER_RETURN_CODE_PASSWORD_EXPIRED:
- ret = SECURITY_SERVER_ERROR_PASSWORD_EXPIRED;
- break;
- case SECURITY_SERVER_RETURN_CODE_PASSWORD_MAX_ATTEMPTS_EXCEEDED:
- ret = SECURITY_SERVER_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED;
- break;
- case SECURITY_SERVER_RETURN_CODE_PASSWORD_REUSED:
- ret = SECURITY_SERVER_ERROR_PASSWORD_REUSED;
- break;
- default:
- ret = SECURITY_SERVER_ERROR_UNKNOWN;
- break;
- }
- return ret;
+ int ret;
+ switch (ret_code)
+ {
+ case SECURITY_SERVER_RETURN_CODE_SUCCESS:
+ case SECURITY_SERVER_RETURN_CODE_ACCESS_GRANTED:
+ ret = SECURITY_SERVER_SUCCESS;
+ break;
+ case SECURITY_SERVER_RETURN_CODE_BAD_REQUEST:
+ ret = SECURITY_SERVER_ERROR_BAD_REQUEST;
+ break;
+ case SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED:
+ ret = SECURITY_SERVER_ERROR_AUTHENTICATION_FAILED;
+ break;
+ case SECURITY_SERVER_RETURN_CODE_ACCESS_DENIED:
+ ret = SECURITY_SERVER_ERROR_ACCESS_DENIED;
+ break;
+ case SECURITY_SERVER_RETURN_CODE_NO_SUCH_OBJECT:
+ ret = SECURITY_SERVER_ERROR_NO_SUCH_OBJECT;
+ break;
+ case SECURITY_SERVER_RETURN_CODE_SERVER_ERROR:
+ ret = SECURITY_SERVER_ERROR_SERVER_ERROR;
+ break;
+ case SECURITY_SERVER_RETURN_CODE_NO_SUCH_COOKIE:
+ ret = SECURITY_SERVER_ERROR_NO_SUCH_COOKIE;
+ break;
+ case SECURITY_SERVER_RETURN_CODE_NO_PASSWORD:
+ ret = SECURITY_SERVER_ERROR_NO_PASSWORD;
+ break;
+ case SECURITY_SERVER_RETURN_CODE_PASSWORD_EXIST:
+ ret = SECURITY_SERVER_ERROR_PASSWORD_EXIST;
+ break;
+ case SECURITY_SERVER_RETURN_CODE_PASSWORD_MISMATCH:
+ ret = SECURITY_SERVER_ERROR_PASSWORD_MISMATCH;
+ break;
+ case SECURITY_SERVER_RETURN_CODE_PASSWORD_RETRY_TIMER:
+ ret = SECURITY_SERVER_ERROR_PASSWORD_RETRY_TIMER;
+ break;
+ case SECURITY_SERVER_RETURN_CODE_PASSWORD_EXPIRED:
+ ret = SECURITY_SERVER_ERROR_PASSWORD_EXPIRED;
+ break;
+ case SECURITY_SERVER_RETURN_CODE_PASSWORD_MAX_ATTEMPTS_EXCEEDED:
+ ret = SECURITY_SERVER_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED;
+ break;
+ case SECURITY_SERVER_RETURN_CODE_PASSWORD_REUSED:
+ ret = SECURITY_SERVER_ERROR_PASSWORD_REUSED;
+ break;
+ default:
+ ret = SECURITY_SERVER_ERROR_UNKNOWN;
+ break;
+ }
+ return ret;
}
int check_socket_poll(int sockfd, int event, int timeout)
{
- struct pollfd poll_fd[1];
- int retval = SECURITY_SERVER_ERROR_POLL;
-
- poll_fd[0].fd = sockfd;
- poll_fd[0].events = event;
- retval = poll(poll_fd, 1, timeout);
- if(retval < 0)
- {
- SEC_SVR_ERR("poll() error. errno=%d", errno);
- if(errno != EINTR)
- return SECURITY_SERVER_ERROR_POLL;
- else
- {
- /* Chile process has been closed. Not poll() problem. Call it once again */
- return check_socket_poll(sockfd, event, timeout);
- }
- }
-
- /* Timed out */
- if(retval == 0)
- {
- return SECURITY_SERVER_ERROR_TIMEOUT;
- }
-
- if(poll_fd[0].revents != event)
- {
- SEC_SVR_ERR("Something wrong on the peer socket. event=0x%x", poll_fd[0].revents);
- return SECURITY_SERVER_ERROR_POLL;
- }
- return SECURITY_SERVER_SUCCESS;
+ struct pollfd poll_fd[1];
+ int retval = SECURITY_SERVER_ERROR_POLL;
+
+ poll_fd[0].fd = sockfd;
+ poll_fd[0].events = event;
+ retval = poll(poll_fd, 1, timeout);
+ if (retval < 0)
+ {
+ SEC_SVR_ERR("poll() error. errno=%d", errno);
+ if (errno != EINTR)
+ return SECURITY_SERVER_ERROR_POLL;
+ else
+ {
+ /* Chile process has been closed. Not poll() problem. Call it once again */
+ return check_socket_poll(sockfd, event, timeout);
+ }
+ }
+
+ /* Timed out */
+ if (retval == 0)
+ {
+ return SECURITY_SERVER_ERROR_TIMEOUT;
+ }
+
+ if (poll_fd[0].revents != event)
+ {
+ SEC_SVR_ERR("Something wrong on the peer socket. event=0x%x", poll_fd[0].revents);
+ return SECURITY_SERVER_ERROR_POLL;
+ }
+ return SECURITY_SERVER_SUCCESS;
}
int safe_server_sock_close(int client_sockfd)
{
- struct pollfd poll_fd[1];
- int retval;
- retval = SECURITY_SERVER_ERROR_POLL;
- poll_fd[0].fd = client_sockfd;
- poll_fd[0].events = POLLRDHUP;
- retval = poll(poll_fd, 1, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- SEC_SVR_DBG("%s", "Server: Closing server socket");
- close(client_sockfd);
- return SECURITY_SERVER_SUCCESS;
+ struct pollfd poll_fd[1];
+ int retval;
+ retval = SECURITY_SERVER_ERROR_POLL;
+ poll_fd[0].fd = client_sockfd;
+ poll_fd[0].events = POLLRDHUP;
+ retval = poll(poll_fd, 1, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ SEC_SVR_DBG("%s", "Server: Closing server socket");
+ close(client_sockfd);
+ return SECURITY_SERVER_SUCCESS;
}
/* Create a Unix domain socket and bind */
int create_new_socket(int *sockfd)
{
- int retval = 0, localsockfd = 0, flags;
- struct sockaddr_un serveraddr;
- mode_t sock_mode;
+ int retval = 0, localsockfd = 0, flags;
+ struct sockaddr_un serveraddr;
+ mode_t sock_mode;
- /* Deleted garbage Unix domain socket file */
- retval = remove(SECURITY_SERVER_SOCK_PATH);
+ /* Deleted garbage Unix domain socket file */
+ retval = remove(SECURITY_SERVER_SOCK_PATH);
if (retval == -1 && errno != ENOENT) {
retval = SECURITY_SERVER_ERROR_UNKNOWN;
goto error;
}
- /* Create Unix domain socket */
- if((localsockfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0 )
- {
- retval = SECURITY_SERVER_ERROR_SOCKET;
- localsockfd = -1;
- SEC_SVR_ERR("%s", "Socket creation failed");
- goto error;
- }
-
- // If SMACK is present we have to label our sockets regardless of SMACK_ENABLED flag
- if (smack_runtime_check()) {
- if(smack_fsetlabel(localsockfd, "@", SMACK_LABEL_IPOUT) != 0)
- {
- SEC_SVR_ERR("%s", "SMACK labeling failed");
- if(errno != EOPNOTSUPP)
- {
- retval = SECURITY_SERVER_ERROR_SOCKET;
- close(localsockfd);
- localsockfd = -1;
- goto error;
- }
- }
- if(smack_fsetlabel(localsockfd, "*", SMACK_LABEL_IPIN) != 0)
- { SEC_SVR_ERR("%s", "SMACK labeling failed");
- if(errno != EOPNOTSUPP)
- {
- retval = SECURITY_SERVER_ERROR_SOCKET;
- close(localsockfd);
- localsockfd = -1;
- goto error;
- }
- }
- }
- else {
- SEC_SVR_DBG("SMACK is not available. Sockets won't be labeled.");
- }
-
- /* Make socket as non blocking */
- if((flags = fcntl(localsockfd, F_GETFL, 0)) < 0 ||
- fcntl(localsockfd, F_SETFL, flags | O_NONBLOCK) < 0)
- {
- retval = SECURITY_SERVER_ERROR_SOCKET;
- close(localsockfd);
- localsockfd = -1;
- SEC_SVR_ERR("%s", "Cannot go to nonblocking mode");
- goto error;
- }
-
- bzero (&serveraddr, sizeof(serveraddr));
- serveraddr.sun_family = AF_UNIX;
- strncpy(serveraddr.sun_path, SECURITY_SERVER_SOCK_PATH,
- strlen(SECURITY_SERVER_SOCK_PATH));
- serveraddr.sun_path[strlen(SECURITY_SERVER_SOCK_PATH)] = 0;
-
- /* Bind the socket */
- if((bind(localsockfd, (struct sockaddr *)&serveraddr, sizeof(serveraddr))) < 0)
- {
- retval = SECURITY_SERVER_ERROR_SOCKET_BIND;
- SEC_SVR_ERR("%s", "Cannot bind");
- close(localsockfd);
- localsockfd = -1;
- goto error;
- }
-
-
- /* Change permission to accept all processes that has different uID/gID */
- sock_mode = (S_IRWXU | S_IRWXG | S_IRWXO);
- /* Flawfinder hits this chmod function as level 5 CRITICAL as race condition flaw *
- * Flawfinder recommends to user fchmod insted of chmod
- * But, fchmod doesn't work on socket file so there is no other choice at this point */
- if(chmod(SECURITY_SERVER_SOCK_PATH, sock_mode) < 0) /* Flawfinder: ignore */
- {
- SEC_SVR_ERR("%s", "chmod() error");
- retval = SECURITY_SERVER_ERROR_SOCKET;
- close(localsockfd);
- localsockfd = -1;
- goto error;
- }
-
- retval = SECURITY_SERVER_SUCCESS;
+ /* Create Unix domain socket */
+ if ((localsockfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0)
+ {
+ retval = SECURITY_SERVER_ERROR_SOCKET;
+ localsockfd = -1;
+ SEC_SVR_ERR("%s", "Socket creation failed");
+ goto error;
+ }
+
+ // If SMACK is present we have to label our sockets regardless of SMACK_ENABLED flag
+ if (smack_runtime_check()) {
+ if (smack_fsetlabel(localsockfd, "@", SMACK_LABEL_IPOUT) != 0)
+ {
+ SEC_SVR_ERR("%s", "SMACK labeling failed");
+ if (errno != EOPNOTSUPP)
+ {
+ retval = SECURITY_SERVER_ERROR_SOCKET;
+ close(localsockfd);
+ localsockfd = -1;
+ goto error;
+ }
+ }
+ if (smack_fsetlabel(localsockfd, "*", SMACK_LABEL_IPIN) != 0)
+ { SEC_SVR_ERR("%s", "SMACK labeling failed");
+ if (errno != EOPNOTSUPP)
+ {
+ retval = SECURITY_SERVER_ERROR_SOCKET;
+ close(localsockfd);
+ localsockfd = -1;
+ goto error;
+ }}
+ }
+ else {
+ SEC_SVR_DBG("SMACK is not available. Sockets won't be labeled.");
+ }
+
+ /* Make socket as non blocking */
+ if ((flags = fcntl(localsockfd, F_GETFL, 0)) < 0 ||
+ fcntl(localsockfd, F_SETFL, flags | O_NONBLOCK) < 0)
+ {
+ retval = SECURITY_SERVER_ERROR_SOCKET;
+ close(localsockfd);
+ localsockfd = -1;
+ SEC_SVR_ERR("%s", "Cannot go to nonblocking mode");
+ goto error;
+ }
+
+ bzero (&serveraddr, sizeof(serveraddr));
+ serveraddr.sun_family = AF_UNIX;
+ strncpy(serveraddr.sun_path, SECURITY_SERVER_SOCK_PATH,
+ strlen(SECURITY_SERVER_SOCK_PATH));
+ serveraddr.sun_path[strlen(SECURITY_SERVER_SOCK_PATH)] = 0;
+
+ /* Bind the socket */
+ if ((bind(localsockfd, (struct sockaddr*)&serveraddr, sizeof(serveraddr))) < 0)
+ {
+ retval = SECURITY_SERVER_ERROR_SOCKET_BIND;
+ SEC_SVR_ERR("%s", "Cannot bind");
+ close(localsockfd);
+ localsockfd = -1;
+ goto error;
+ }
+
+
+ /* Change permission to accept all processes that has different uID/gID */
+ sock_mode = (S_IRWXU | S_IRWXG | S_IRWXO);
+ /* Flawfinder hits this chmod function as level 5 CRITICAL as race condition flaw *
+ * Flawfinder recommends to user fchmod insted of chmod
+ * But, fchmod doesn't work on socket file so there is no other choice at this point */
+ if (chmod(SECURITY_SERVER_SOCK_PATH, sock_mode) < 0) /* Flawfinder: ignore */
+ {
+ SEC_SVR_ERR("%s", "chmod() error");
+ retval = SECURITY_SERVER_ERROR_SOCKET;
+ close(localsockfd);
+ localsockfd = -1;
+ goto error;
+ }
+
+ retval = SECURITY_SERVER_SUCCESS;
error:
- *sockfd = localsockfd;
- return retval;
+ *sockfd = localsockfd;
+ return retval;
}
/* Authenticate peer that it's really security server.
*/
int authenticate_server(int sockfd)
{
- int retval;
- struct ucred cr;
- unsigned int cl = sizeof(cr);
+ int retval;
+ struct ucred cr;
+ unsigned int cl = sizeof(cr);
/* char *exe = NULL;*/
- /* get socket peer credential */
- if(getsockopt(sockfd, SOL_SOCKET, SO_PEERCRED, &cr, &cl) != 0)
- {
- retval = SECURITY_SERVER_ERROR_SOCKET;
- SEC_SVR_ERR("%s", "getsockopt() failed");
- goto error;
- }
-
- /* Security server must run as root */
- if(cr.uid != 0)
- {
- retval = SECURITY_SERVER_ERROR_AUTHENTICATION_FAILED;
- SEC_SVR_ERR("Peer is not root: uid=%d", cr.uid);
- goto error;
- }
- else
- retval = SECURITY_SERVER_SUCCESS;
-
- /* Read command line of the PID from proc fs */
- /* This is commented out because non root process cannot read link of /proc/pid/exe */
+ /* get socket peer credential */
+ if (getsockopt(sockfd, SOL_SOCKET, SO_PEERCRED, &cr, &cl) != 0)
+ {
+ retval = SECURITY_SERVER_ERROR_SOCKET;
+ SEC_SVR_ERR("%s", "getsockopt() failed");
+ goto error;
+ }
+
+ /* Security server must run as root */
+ if (cr.uid != 0)
+ {
+ retval = SECURITY_SERVER_ERROR_AUTHENTICATION_FAILED;
+ SEC_SVR_ERR("Peer is not root: uid=%d", cr.uid);
+ goto error;
+ }
+ else
+ retval = SECURITY_SERVER_SUCCESS;
+
+ /* Read command line of the PID from proc fs */
+ /* This is commented out because non root process cannot read link of /proc/pid/exe */
/* exe = read_exe_path_from_proc(cr.pid);
- if(strcmp(exe, SECURITY_SERVER_DAEMON_PATH) != 0)
- {
- retval = SECURITY_SERVER_ERROR_AUTHENTICATION_FAILED;
- SEC_SVR_DBG("Executable path is different. auth failed. Exe path=%s", exe);
- }
- else
- {
- retval = SECURITY_SERVER_SUCCESS;
- SEC_SVR_DBG("Server authenticatd. %s, sockfd=%d", exe, sockfd);
- }
+ if(strcmp(exe, SECURITY_SERVER_DAEMON_PATH) != 0)
+ {
+ retval = SECURITY_SERVER_ERROR_AUTHENTICATION_FAILED;
+ SEC_SVR_DBG("Executable path is different. auth failed. Exe path=%s", exe);
+ }
+ else
+ {
+ retval = SECURITY_SERVER_SUCCESS;
+ SEC_SVR_DBG("Server authenticatd. %s, sockfd=%d", exe, sockfd);
+ }
*/
error:
/* if(exe != NULL)
- free(exe);
+ free(exe);
*/
- return retval;
+ return retval;
}
/* Create a socket and connect to Security Server */
int connect_to_server(int *fd)
{
- struct sockaddr_un clientaddr;
- int client_len = 0, localsockfd, ret, flags;
- *fd = -1;
-
- /* Create a socket */
- localsockfd = socket(AF_UNIX, SOCK_STREAM, 0);
- if(localsockfd < 0)
- {
- SEC_SVR_ERR("%s", "Error on socket()");
- return SECURITY_SERVER_ERROR_SOCKET;
- }
-
- /* Make socket as non blocking */
- if((flags = fcntl(localsockfd, F_GETFL, 0)) < 0 ||
- fcntl(localsockfd, F_SETFL, flags | O_NONBLOCK) < 0)
- {
- close(localsockfd);
- SEC_SVR_ERR("%s", "Cannot go to nonblocking mode");
- return SECURITY_SERVER_ERROR_SOCKET;
- }
-
- bzero(&clientaddr, sizeof(clientaddr));
- clientaddr.sun_family = AF_UNIX;
- strncpy(clientaddr.sun_path, SECURITY_SERVER_SOCK_PATH, strlen(SECURITY_SERVER_SOCK_PATH));
- clientaddr.sun_path[strlen(SECURITY_SERVER_SOCK_PATH)] = 0;
- client_len = sizeof(clientaddr);
-
- ret = connect(localsockfd, (struct sockaddr*)&clientaddr, client_len);
- if( ret < 0)
- {
- if(errno == EINPROGRESS)
- {
- SEC_SVR_DBG("%s", "Connection is in progress");
- ret = check_socket_poll(localsockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(ret == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "poll() error");
- close(localsockfd);
- return SECURITY_SERVER_ERROR_SOCKET;
- }
- if(ret == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- SEC_SVR_ERR("%s", "poll() timeout");
- close(localsockfd);
- return SECURITY_SERVER_ERROR_SOCKET;
- }
- ret = connect(localsockfd, (struct sockaddr*)&clientaddr, client_len);
- if(ret < 0)
- {
- SEC_SVR_ERR("%s", "connection failed");
- close(localsockfd);
- return SECURITY_SERVER_ERROR_SOCKET;
- }
- }
- else
- {
- SEC_SVR_ERR("%s", "Connection failed");
- close(localsockfd);
- return SECURITY_SERVER_ERROR_SOCKET;
- }
- }
-
- /* Authenticate the peer is actually security server */
- ret = authenticate_server(localsockfd);
- if(ret != SECURITY_SERVER_SUCCESS)
- {
- close(localsockfd);
- SEC_SVR_ERR("Authentication failed. %d", ret);
- return ret;
- }
- *fd = localsockfd;
- return SECURITY_SERVER_SUCCESS;
+ struct sockaddr_un clientaddr;
+ int client_len = 0, localsockfd, ret, flags;
+ *fd = -1;
+
+ /* Create a socket */
+ localsockfd = socket(AF_UNIX, SOCK_STREAM, 0);
+ if (localsockfd < 0)
+ {
+ SEC_SVR_ERR("%s", "Error on socket()");
+ return SECURITY_SERVER_ERROR_SOCKET;
+ }
+
+ /* Make socket as non blocking */
+ if ((flags = fcntl(localsockfd, F_GETFL, 0)) < 0 ||
+ fcntl(localsockfd, F_SETFL, flags | O_NONBLOCK) < 0)
+ {
+ close(localsockfd);
+ SEC_SVR_ERR("%s", "Cannot go to nonblocking mode");
+ return SECURITY_SERVER_ERROR_SOCKET;
+ }
+
+ bzero(&clientaddr, sizeof(clientaddr));
+ clientaddr.sun_family = AF_UNIX;
+ strncpy(clientaddr.sun_path, SECURITY_SERVER_SOCK_PATH, strlen(SECURITY_SERVER_SOCK_PATH));
+ clientaddr.sun_path[strlen(SECURITY_SERVER_SOCK_PATH)] = 0;
+ client_len = sizeof(clientaddr);
+
+ ret = connect(localsockfd, (struct sockaddr*)&clientaddr, client_len);
+ if (ret < 0)
+ {
+ if (errno == EINPROGRESS)
+ {
+ SEC_SVR_DBG("%s", "Connection is in progress");
+ ret = check_socket_poll(localsockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (ret == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "poll() error");
+ close(localsockfd);
+ return SECURITY_SERVER_ERROR_SOCKET;
+ }
+ if (ret == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_ERR("%s", "poll() timeout");
+ close(localsockfd);
+ return SECURITY_SERVER_ERROR_SOCKET;
+ }
+ ret = connect(localsockfd, (struct sockaddr*)&clientaddr, client_len);
+ if (ret < 0)
+ {
+ SEC_SVR_ERR("%s", "connection failed");
+ close(localsockfd);
+ return SECURITY_SERVER_ERROR_SOCKET;
+ }
+ }
+ else
+ {
+ SEC_SVR_ERR("%s", "Connection failed");
+ close(localsockfd);
+ return SECURITY_SERVER_ERROR_SOCKET;
+ }
+ }
+
+ /* Authenticate the peer is actually security server */
+ ret = authenticate_server(localsockfd);
+ if (ret != SECURITY_SERVER_SUCCESS)
+ {
+ close(localsockfd);
+ SEC_SVR_ERR("Authentication failed. %d", ret);
+ return ret;
+ }
+ *fd = localsockfd;
+ return SECURITY_SERVER_SUCCESS;
}
/* Accept a new client connection */
int accept_client(int server_sockfd)
{
- /* Call poll() to wait for socket connection */
- int retval, localsockfd;
- struct sockaddr_un clientaddr;
- unsigned int client_len;
-
- client_len = sizeof(clientaddr);
-
- /* Check poll */
- retval = check_socket_poll(server_sockfd, POLLIN, SECURITY_SERVER_ACCEPT_TIMEOUT_MILISECOND);
- if(retval == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "Error on polling");
- return SECURITY_SERVER_ERROR_SOCKET;
- }
-
- /* Timed out */
- if(retval == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- /*SEC_SVR_DBG("%s", "accept() timeout");*/
- return SECURITY_SERVER_ERROR_TIMEOUT;
- }
-
- localsockfd = accept(server_sockfd,
- (struct sockaddr *)&clientaddr,
- &client_len);
-
- if(localsockfd < 0)
- {
- SEC_SVR_ERR("Cannot accept client. errno=%d", errno);
- return SECURITY_SERVER_ERROR_SOCKET;
- }
- return localsockfd;
+ /* Call poll() to wait for socket connection */
+ int retval, localsockfd;
+ struct sockaddr_un clientaddr;
+ unsigned int client_len;
+
+ client_len = sizeof(clientaddr);
+
+ /* Check poll */
+ retval = check_socket_poll(server_sockfd, POLLIN, SECURITY_SERVER_ACCEPT_TIMEOUT_MILISECOND);
+ if (retval == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "Error on polling");
+ return SECURITY_SERVER_ERROR_SOCKET;
+ }
+
+ /* Timed out */
+ if (retval == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ /*SEC_SVR_DBG("%s", "accept() timeout");*/
+ return SECURITY_SERVER_ERROR_TIMEOUT;
+ }
+
+ localsockfd = accept(server_sockfd,
+ (struct sockaddr*)&clientaddr,
+ &client_len);
+
+ if (localsockfd < 0)
+ {
+ SEC_SVR_ERR("Cannot accept client. errno=%d", errno);
+ return SECURITY_SERVER_ERROR_SOCKET;
+ }
+ return localsockfd;
}
/* Minimal check of request packet */
int validate_header(basic_header hdr)
{
- if(hdr.version != SECURITY_SERVER_MSG_VERSION)
- return SECURITY_SERVER_ERROR_BAD_REQUEST;
+ if (hdr.version != SECURITY_SERVER_MSG_VERSION)
+ return SECURITY_SERVER_ERROR_BAD_REQUEST;
- return SECURITY_SERVER_SUCCESS;
+ return SECURITY_SERVER_SUCCESS;
}
/* Send generic response packet to client
*/
int send_generic_response (int sockfd, unsigned char msgid, unsigned char return_code)
{
- response_header hdr;
- int size;
-
- /* Assemble header */
- hdr.basic_hdr.version = SECURITY_SERVER_MSG_VERSION;
- hdr.basic_hdr.msg_id = msgid;
- hdr.basic_hdr.msg_len = 0;
- hdr.return_code = return_code;
-
- /* Check poll */
- size = check_socket_poll(sockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(size == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "poll() error");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- if(size == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- SEC_SVR_ERR("%s", "poll() timeout");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
-
- /* Send to client */
- size = TEMP_FAILURE_RETRY(write(sockfd, &hdr, sizeof(hdr)));
-
- if(size < (int)sizeof(hdr))
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- return SECURITY_SERVER_SUCCESS;
+ response_header hdr;
+ int size;
+
+ /* Assemble header */
+ hdr.basic_hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.basic_hdr.msg_id = msgid;
+ hdr.basic_hdr.msg_len = 0;
+ hdr.return_code = return_code;
+
+ /* Check poll */
+ size = check_socket_poll(sockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (size == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "poll() error");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ if (size == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_ERR("%s", "poll() timeout");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+
+ /* Send to client */
+ size = TEMP_FAILURE_RETRY(write(sockfd, &hdr, sizeof(hdr)));
+
+ if (size < (int)sizeof(hdr))
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ return SECURITY_SERVER_SUCCESS;
}
/* Send cookie response to client
*/
int send_cookie(int sockfd, unsigned char *cookie)
{
- response_header hdr;
- unsigned char msg[SECURITY_SERVER_COOKIE_LEN + sizeof(hdr)];
- int ret;
-
- /* Assemble header */
- hdr.basic_hdr.version = SECURITY_SERVER_MSG_VERSION;
- hdr.basic_hdr.msg_id = SECURITY_SERVER_MSG_TYPE_COOKIE_RESPONSE;
- hdr.basic_hdr.msg_len = SECURITY_SERVER_COOKIE_LEN;
- hdr.return_code = SECURITY_SERVER_RETURN_CODE_SUCCESS;
-
- memcpy(msg, &hdr, sizeof(hdr));
- memcpy(msg + sizeof(hdr), cookie, SECURITY_SERVER_COOKIE_LEN);
-
- /* Check poll */
- ret = check_socket_poll(sockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(ret == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "poll() error");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- if(ret == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- SEC_SVR_ERR("%s", "poll() timeout");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
-
- ret = TEMP_FAILURE_RETRY(write(sockfd, msg, sizeof(hdr) + SECURITY_SERVER_COOKIE_LEN));
- if(ret < (int)(sizeof(hdr) + SECURITY_SERVER_COOKIE_LEN))
- {
- /* Error on writing */
- SEC_SVR_ERR("Error on write: %d", ret);
- ret = SECURITY_SERVER_ERROR_SEND_FAILED;
- return ret;
- }
- return SECURITY_SERVER_SUCCESS;
+ response_header hdr;
+ unsigned char msg[SECURITY_SERVER_COOKIE_LEN + sizeof(hdr)];
+ int ret;
+
+ /* Assemble header */
+ hdr.basic_hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.basic_hdr.msg_id = SECURITY_SERVER_MSG_TYPE_COOKIE_RESPONSE;
+ hdr.basic_hdr.msg_len = SECURITY_SERVER_COOKIE_LEN;
+ hdr.return_code = SECURITY_SERVER_RETURN_CODE_SUCCESS;
+
+ memcpy(msg, &hdr, sizeof(hdr));
+ memcpy(msg + sizeof(hdr), cookie, SECURITY_SERVER_COOKIE_LEN);
+
+ /* Check poll */
+ ret = check_socket_poll(sockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (ret == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "poll() error");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ if (ret == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_ERR("%s", "poll() timeout");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+
+ ret = TEMP_FAILURE_RETRY(write(sockfd, msg, sizeof(hdr) + SECURITY_SERVER_COOKIE_LEN));
+ if (ret < (int)(sizeof(hdr) + SECURITY_SERVER_COOKIE_LEN))
+ {
+ /* Error on writing */
+ SEC_SVR_ERR("Error on write: %d", ret);
+ ret = SECURITY_SERVER_ERROR_SEND_FAILED;
+ return ret;
+ }
+ return SECURITY_SERVER_SUCCESS;
}
/* Send Object name response *
*/
int send_object_name(int sockfd, char *obj)
{
- response_header hdr;
- unsigned char msg[strlen(obj) + sizeof(hdr)];
- int ret;
-
- hdr.basic_hdr.version = SECURITY_SERVER_MSG_VERSION;
- hdr.basic_hdr.msg_id = 0x06;
- hdr.basic_hdr.msg_len = strlen(obj);
- hdr.return_code = SECURITY_SERVER_RETURN_CODE_SUCCESS;
-
- memcpy(msg, &hdr, sizeof(hdr));
- memcpy(msg + sizeof(hdr), obj, strlen(obj));
-
- /* Check poll */
- ret = check_socket_poll(sockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(ret == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "poll() error");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- if(ret == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- SEC_SVR_ERR("%s", "poll() timeout");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
-
- ret = TEMP_FAILURE_RETRY(write(sockfd, msg, sizeof(hdr) + strlen(obj)));
- if(ret < sizeof(hdr) + strlen(obj))
- {
- /* Error on writing */
- SEC_SVR_ERR("Error on write: %d", ret);
- ret = SECURITY_SERVER_ERROR_SEND_FAILED;
- return ret;
- }
- return SECURITY_SERVER_SUCCESS;
+ response_header hdr;
+ unsigned char msg[strlen(obj) + sizeof(hdr)];
+ int ret;
+
+ hdr.basic_hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.basic_hdr.msg_id = 0x06;
+ hdr.basic_hdr.msg_len = strlen(obj);
+ hdr.return_code = SECURITY_SERVER_RETURN_CODE_SUCCESS;
+
+ memcpy(msg, &hdr, sizeof(hdr));
+ memcpy(msg + sizeof(hdr), obj, strlen(obj));
+
+ /* Check poll */
+ ret = check_socket_poll(sockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (ret == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "poll() error");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ if (ret == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_ERR("%s", "poll() timeout");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+
+ ret = TEMP_FAILURE_RETRY(write(sockfd, msg, sizeof(hdr) + strlen(obj)));
+ if (ret < sizeof(hdr) + strlen(obj))
+ {
+ /* Error on writing */
+ SEC_SVR_ERR("Error on write: %d", ret);
+ ret = SECURITY_SERVER_ERROR_SEND_FAILED;
+ return ret;
+ }
+ return SECURITY_SERVER_SUCCESS;
}
/* Send GID response to client
*/
int send_gid(int sockfd, int gid)
{
- response_header hdr;
- unsigned char msg[sizeof(gid) + sizeof(hdr)];
- int ret;
-
- /* Assemble header */
- hdr.basic_hdr.version = SECURITY_SERVER_MSG_VERSION;
- hdr.basic_hdr.msg_id = SECURITY_SERVER_MSG_TYPE_GID_RESPONSE;
- hdr.basic_hdr.msg_len = sizeof(gid);
- hdr.return_code = SECURITY_SERVER_RETURN_CODE_SUCCESS;
-
- /* Perpare packet */
- memcpy(msg, &hdr, sizeof(hdr));
- memcpy(msg + sizeof(hdr), &gid, sizeof(gid));
-
- /* Check poll */
- ret = check_socket_poll(sockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(ret == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "poll() error");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- if(ret == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- SEC_SVR_ERR("%s", "poll() timeout");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
-
- /* Send it */
- ret = TEMP_FAILURE_RETRY(write(sockfd, msg, sizeof(hdr) + sizeof(gid)));
- if(ret < sizeof(hdr) + sizeof(gid))
- {
- /* Error on writing */
- SEC_SVR_ERR("Error on write(): %d", ret);
- ret = SECURITY_SERVER_ERROR_SEND_FAILED;
- return ret;
- }
- return SECURITY_SERVER_SUCCESS;
+ response_header hdr;
+ unsigned char msg[sizeof(gid) + sizeof(hdr)];
+ int ret;
+
+ /* Assemble header */
+ hdr.basic_hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.basic_hdr.msg_id = SECURITY_SERVER_MSG_TYPE_GID_RESPONSE;
+ hdr.basic_hdr.msg_len = sizeof(gid);
+ hdr.return_code = SECURITY_SERVER_RETURN_CODE_SUCCESS;
+
+ /* Perpare packet */
+ memcpy(msg, &hdr, sizeof(hdr));
+ memcpy(msg + sizeof(hdr), &gid, sizeof(gid));
+
+ /* Check poll */
+ ret = check_socket_poll(sockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (ret == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "poll() error");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ if (ret == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_ERR("%s", "poll() timeout");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+
+ /* Send it */
+ ret = TEMP_FAILURE_RETRY(write(sockfd, msg, sizeof(hdr) + sizeof(gid)));
+ if (ret < sizeof(hdr) + sizeof(gid))
+ {
+ /* Error on writing */
+ SEC_SVR_ERR("Error on write(): %d", ret);
+ ret = SECURITY_SERVER_ERROR_SEND_FAILED;
+ return ret;
+ }
+ return SECURITY_SERVER_SUCCESS;
}
/* Send PID response to client
*/
int send_pid(int sockfd, int pid)
{
- response_header hdr;
- unsigned char msg[sizeof(pid) + sizeof(hdr)];
- int ret;
-
- /* Assemble header */
- hdr.basic_hdr.version = SECURITY_SERVER_MSG_VERSION;
- hdr.basic_hdr.msg_id = SECURITY_SERVER_MSG_TYPE_PID_RESPONSE;
- hdr.basic_hdr.msg_len = sizeof(pid);
- hdr.return_code = SECURITY_SERVER_RETURN_CODE_SUCCESS;
-
- /* Perpare packet */
- memcpy(msg, &hdr, sizeof(hdr));
- memcpy(msg + sizeof(hdr), &pid, sizeof(pid));
-
- /* Check poll */
- ret = check_socket_poll(sockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(ret == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "poll() error");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- if(ret == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- SEC_SVR_ERR("%s", "poll() timeout");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
-
- /* Send it */
- ret = TEMP_FAILURE_RETRY(write(sockfd, msg, sizeof(hdr) + sizeof(pid)));
- if(ret < sizeof(hdr) + sizeof(pid))
- {
- /* Error on writing */
- SEC_SVR_ERR("Error on write(): %d", ret);
- ret = SECURITY_SERVER_ERROR_SEND_FAILED;
- return ret;
- }
- return SECURITY_SERVER_SUCCESS;
+ response_header hdr;
+ unsigned char msg[sizeof(pid) + sizeof(hdr)];
+ int ret;
+
+ /* Assemble header */
+ hdr.basic_hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.basic_hdr.msg_id = SECURITY_SERVER_MSG_TYPE_PID_RESPONSE;
+ hdr.basic_hdr.msg_len = sizeof(pid);
+ hdr.return_code = SECURITY_SERVER_RETURN_CODE_SUCCESS;
+
+ /* Perpare packet */
+ memcpy(msg, &hdr, sizeof(hdr));
+ memcpy(msg + sizeof(hdr), &pid, sizeof(pid));
+
+ /* Check poll */
+ ret = check_socket_poll(sockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (ret == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "poll() error");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ if (ret == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_ERR("%s", "poll() timeout");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+
+ /* Send it */
+ ret = TEMP_FAILURE_RETRY(write(sockfd, msg, sizeof(hdr) + sizeof(pid)));
+ if (ret < sizeof(hdr) + sizeof(pid))
+ {
+ /* Error on writing */
+ SEC_SVR_ERR("Error on write(): %d", ret);
+ ret = SECURITY_SERVER_ERROR_SEND_FAILED;
+ return ret;
+ }
+ return SECURITY_SERVER_SUCCESS;
}
/* Send SMACK label to client with lenght N
* | SMACK label byte N |
* |---------------------------------------------------------------|
*/
-int send_smack(int sockfd, char * label)
+int send_smack(int sockfd, char *label)
{
- response_header hdr;
+ response_header hdr;
//added 1 to the size is for NULL terminating label
int LABEL_SIZE = SMACK_LABEL_LEN + 1;
int PACKET_SIZE = sizeof(hdr) + LABEL_SIZE;
- unsigned char msg[PACKET_SIZE];
- int ret;
-
- /* Assemble header */
- hdr.basic_hdr.version = SECURITY_SERVER_MSG_VERSION;
- hdr.basic_hdr.msg_id = SECURITY_SERVER_MSG_TYPE_SMACK_RESPONSE;
- hdr.basic_hdr.msg_len = LABEL_SIZE;
- hdr.return_code = SECURITY_SERVER_RETURN_CODE_SUCCESS;
-
- /* Perpare packet */
- memcpy(msg, &hdr, sizeof(hdr));
- memcpy(msg + sizeof(hdr), label, LABEL_SIZE);
+ unsigned char msg[PACKET_SIZE];
+ int ret;
+
+ /* Assemble header */
+ hdr.basic_hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.basic_hdr.msg_id = SECURITY_SERVER_MSG_TYPE_SMACK_RESPONSE;
+ hdr.basic_hdr.msg_len = LABEL_SIZE;
+ hdr.return_code = SECURITY_SERVER_RETURN_CODE_SUCCESS;
+
+ /* Perpare packet */
+ memcpy(msg, &hdr, sizeof(hdr));
+ memcpy(msg + sizeof(hdr), label, LABEL_SIZE);
memset(msg + sizeof(hdr) + SMACK_LABEL_LEN, 0x00, 1); //adding NULL ad the label end
- /* Check poll */
- ret = check_socket_poll(sockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(ret == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "poll() error");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- if(ret == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- SEC_SVR_ERR("%s", "poll() timeout");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
-
- /* Send it */
- ret = TEMP_FAILURE_RETRY(write(sockfd, msg, PACKET_SIZE));
- if(ret < PACKET_SIZE)
- {
- /* Error on writing */
- SEC_SVR_ERR("Error on write(): %d", ret);
- ret = SECURITY_SERVER_ERROR_SEND_FAILED;
- return ret;
- }
- return SECURITY_SERVER_SUCCESS;
+ /* Check poll */
+ ret = check_socket_poll(sockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (ret == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "poll() error");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ if (ret == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_ERR("%s", "poll() timeout");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+
+ /* Send it */
+ ret = TEMP_FAILURE_RETRY(write(sockfd, msg, PACKET_SIZE));
+ if (ret < PACKET_SIZE)
+ {
+ /* Error on writing */
+ SEC_SVR_ERR("Error on write(): %d", ret);
+ ret = SECURITY_SERVER_ERROR_SEND_FAILED;
+ return ret;
+ }
+ return SECURITY_SERVER_SUCCESS;
}
/* Send Check password response to client
* |----------------
*/
int send_pwd_response(const int sockfd,
- const unsigned char msg_id,
- const unsigned char return_code,
- const unsigned int current_attempts,
- const unsigned int max_attempts,
- const unsigned int expire_time)
+ const unsigned char msg_id,
+ const unsigned char return_code,
+ const unsigned int current_attempts,
+ const unsigned int max_attempts,
+ const unsigned int expire_time)
{
- response_header hdr;
- unsigned int expire_secs;
- unsigned char msg[sizeof(hdr) + sizeof(current_attempts) + sizeof(max_attempts) + sizeof(expire_secs)];
- int ret, ptr = 0;
-
-
- /* Assemble header */
- hdr.basic_hdr.version = SECURITY_SERVER_MSG_VERSION;
- hdr.basic_hdr.msg_id = msg_id;
- hdr.basic_hdr.msg_len = sizeof(unsigned int) * 3;
- hdr.return_code = return_code;
-
- /* Perpare packet */
- memcpy(msg, &hdr, sizeof(hdr));
- ptr += sizeof(hdr);
- memcpy(msg + ptr, ¤t_attempts, sizeof(current_attempts));
- ptr += sizeof(current_attempts);
- memcpy(msg + ptr, &max_attempts, sizeof(max_attempts));
- ptr += sizeof(max_attempts);
- memcpy(msg + ptr, &expire_time, sizeof(expire_time));
- ptr += sizeof(expire_time);
-
- /* Check poll */
- ret = check_socket_poll(sockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(ret == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "Server: poll() error");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- if(ret == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- SEC_SVR_ERR("%s", "Server: poll() timeout");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
-
- /* Send it */
- ret = TEMP_FAILURE_RETRY(write(sockfd, msg, ptr));
- if(ret < ptr)
- {
- /* Error on writing */
- SEC_SVR_ERR("Server: ERROR on write(): %d", ret);
- ret = SECURITY_SERVER_ERROR_SEND_FAILED;
- return ret;
- }
- return SECURITY_SERVER_SUCCESS;
+ response_header hdr;
+ unsigned int expire_secs;
+ unsigned char msg[sizeof(hdr) + sizeof(current_attempts) + sizeof(max_attempts) + sizeof(expire_secs)];
+ int ret, ptr = 0;
+
+
+ /* Assemble header */
+ hdr.basic_hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.basic_hdr.msg_id = msg_id;
+ hdr.basic_hdr.msg_len = sizeof(unsigned int) * 3;
+ hdr.return_code = return_code;
+
+ /* Perpare packet */
+ memcpy(msg, &hdr, sizeof(hdr));
+ ptr += sizeof(hdr);
+ memcpy(msg + ptr, ¤t_attempts, sizeof(current_attempts));
+ ptr += sizeof(current_attempts);
+ memcpy(msg + ptr, &max_attempts, sizeof(max_attempts));
+ ptr += sizeof(max_attempts);
+ memcpy(msg + ptr, &expire_time, sizeof(expire_time));
+ ptr += sizeof(expire_time);
+
+ /* Check poll */
+ ret = check_socket_poll(sockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (ret == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "Server: poll() error");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ if (ret == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_ERR("%s", "Server: poll() timeout");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+
+ /* Send it */
+ ret = TEMP_FAILURE_RETRY(write(sockfd, msg, ptr));
+ if (ret < ptr)
+ {
+ /* Error on writing */
+ SEC_SVR_ERR("Server: ERROR on write(): %d", ret);
+ ret = SECURITY_SERVER_ERROR_SEND_FAILED;
+ return ret;
+ }
+ return SECURITY_SERVER_SUCCESS;
}
/* Send cookie request packet to security server *
*/
int send_cookie_request(int sock_fd)
{
- basic_header hdr;
- int retval;
-
- /* Assemble header */
- hdr.version = SECURITY_SERVER_MSG_VERSION;
- hdr.msg_id = SECURITY_SERVER_MSG_TYPE_COOKIE_REQUEST;
- hdr.msg_len = 0;
-
- /* Check poll */
- retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(retval == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "poll() error");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- if(retval == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- SEC_SVR_ERR("%s", "poll() timeout");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
-
- /* Send to server */
- retval = TEMP_FAILURE_RETRY(write(sock_fd, &hdr, sizeof(hdr)));
- if(retval < sizeof(hdr))
- {
- /* Write error */
- SEC_SVR_ERR("Error on write(): %d", retval);
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- return SECURITY_SERVER_SUCCESS;
+ basic_header hdr;
+ int retval;
+
+ /* Assemble header */
+ hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.msg_id = SECURITY_SERVER_MSG_TYPE_COOKIE_REQUEST;
+ hdr.msg_len = 0;
+
+ /* Check poll */
+ retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (retval == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "poll() error");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ if (retval == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_ERR("%s", "poll() timeout");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+
+ /* Send to server */
+ retval = TEMP_FAILURE_RETRY(write(sock_fd, &hdr, sizeof(hdr)));
+ if (retval < sizeof(hdr))
+ {
+ /* Write error */
+ SEC_SVR_ERR("Error on write(): %d", retval);
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ return SECURITY_SERVER_SUCCESS;
}
/* Send GID request message to security server
* | |
* |---------------------------------------------------------------|
*/
-int send_gid_request(int sock_fd, const char* object)
+int send_gid_request(int sock_fd, const char *object)
{
- basic_header hdr;
- int retval = 0, send_len = 0;
- unsigned char *buf = NULL;
-
- if(strlen(object) > SECURITY_SERVER_MAX_OBJ_NAME)
- {
- /* Object name is too big*/
- SEC_SVR_ERR("Object name is too big %dbytes", strlen(object));
- return SECURITY_SERVER_ERROR_INPUT_PARAM;
- }
-
- hdr.version = SECURITY_SERVER_MSG_VERSION;
- hdr.msg_id = SECURITY_SERVER_MSG_TYPE_GID_REQUEST;
- hdr.msg_len = strlen(object);
-
- send_len = sizeof(hdr) + strlen(object);
-
- buf = malloc(send_len);
- if(buf == NULL)
- {
- SEC_SVR_ERR("%s", "out of memory");
- return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
- }
-
- memcpy(buf, &hdr, sizeof(hdr));
- memcpy(buf + sizeof(hdr), object, strlen(object));
-
- /* Check poll */
- retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(retval == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "poll() error");
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
- goto error;
- }
- if(retval == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- SEC_SVR_ERR("%s", "poll() timeout");
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
- goto error;
- }
-
- retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, send_len));
- if(retval < send_len)
- {
- /* Write error */
- SEC_SVR_ERR("Error on write(): %d. errno=%d, sockfd=%d", retval, errno, sock_fd);
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- else
- retval = SECURITY_SERVER_SUCCESS;
+ basic_header hdr;
+ int retval = 0, send_len = 0;
+ unsigned char *buf = NULL;
-error:
- if(buf != NULL)
- free(buf);
+ if (strlen(object) > SECURITY_SERVER_MAX_OBJ_NAME)
+ {
+ /* Object name is too big*/
+ SEC_SVR_ERR("Object name is too big %dbytes", strlen(object));
+ return SECURITY_SERVER_ERROR_INPUT_PARAM;
+ }
- return retval;
-}
+ hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.msg_id = SECURITY_SERVER_MSG_TYPE_GID_REQUEST;
+ hdr.msg_len = strlen(object);
-/* Send object name request message to security server *
- *
- * Message format
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * |---------------------------------------------------------------|
- * | version=0x01 |MessageID=0x05 | Message Length = 4 |
- * |---------------------------------------------------------------|
- * | gid |
- * |---------------------------------------------------------------|
- */
-int send_object_name_request(int sock_fd, int gid)
+ send_len = sizeof(hdr) + strlen(object);
+
+ buf = malloc(send_len);
+ if (buf == NULL)
+ {
+ SEC_SVR_ERR("%s", "out of memory");
+ return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
+ }
+
+ memcpy(buf, &hdr, sizeof(hdr));
+ memcpy(buf + sizeof(hdr), object, strlen(object));
+
+ /* Check poll */
+ retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (retval == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "poll() error");
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ goto error;
+ }
+ if (retval == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_ERR("%s", "poll() timeout");
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ goto error;
+ }
+
+ retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, send_len));
+ if (retval < send_len)
+ {
+ /* Write error */
+ SEC_SVR_ERR("Error on write(): %d. errno=%d, sockfd=%d", retval, errno, sock_fd);
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ else
+ retval = SECURITY_SERVER_SUCCESS;
+
+error:
+ if (buf != NULL)
+ free(buf);
+
+ return retval;
+}
+
+/* Send object name request message to security server *
+ *
+ * Message format
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * |---------------------------------------------------------------|
+ * | version=0x01 |MessageID=0x05 | Message Length = 4 |
+ * |---------------------------------------------------------------|
+ * | gid |
+ * |---------------------------------------------------------------|
+ */
+int send_object_name_request(int sock_fd, int gid)
{
- basic_header hdr;
- int retval;
- unsigned char buf[sizeof(hdr) + sizeof(gid)];
-
- /* Assemble header */
- hdr.version = SECURITY_SERVER_MSG_VERSION;
- hdr.msg_id = SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_REQUEST;
- hdr.msg_len = sizeof(gid);
-
- memcpy(buf, &hdr, sizeof(hdr));
- memcpy(buf + sizeof(hdr), &gid, sizeof(gid));
-
- /* Check poll */
- retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(retval == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "poll() error");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- if(retval == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- SEC_SVR_ERR("%s", "poll() timeout");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
-
- /* Send to server */
- retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, sizeof(buf)));
- if(retval < sizeof(buf))
- {
- /* Write error */
- SEC_SVR_ERR("Error on write(): %d", retval);
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- return SECURITY_SERVER_SUCCESS;
+ basic_header hdr;
+ int retval;
+ unsigned char buf[sizeof(hdr) + sizeof(gid)];
+
+ /* Assemble header */
+ hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.msg_id = SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_REQUEST;
+ hdr.msg_len = sizeof(gid);
+
+ memcpy(buf, &hdr, sizeof(hdr));
+ memcpy(buf + sizeof(hdr), &gid, sizeof(gid));
+
+ /* Check poll */
+ retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (retval == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "poll() error");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ if (retval == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_ERR("%s", "poll() timeout");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+
+ /* Send to server */
+ retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, sizeof(buf)));
+ if (retval < sizeof(buf))
+ {
+ /* Write error */
+ SEC_SVR_ERR("Error on write(): %d", retval);
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ return SECURITY_SERVER_SUCCESS;
}
/* Send privilege check request message to security server *
* | GID |
* |---------------------------------------------------------------|
*/
-int send_privilege_check_request(int sock_fd, const char*cookie, int gid)
+int send_privilege_check_request(int sock_fd, const char *cookie, int gid)
{
- basic_header hdr;
- int retval;
- unsigned char buf[sizeof(hdr) + sizeof(gid) + SECURITY_SERVER_COOKIE_LEN];
-
- /* Assemble header */
- hdr.version = SECURITY_SERVER_MSG_VERSION;
- hdr.msg_id = SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_REQUEST;
- hdr.msg_len = sizeof(gid) + SECURITY_SERVER_COOKIE_LEN;
-
- memcpy(buf, &hdr, sizeof(hdr));
- memcpy(buf + sizeof(hdr), cookie, SECURITY_SERVER_COOKIE_LEN);
- memcpy(buf + sizeof(hdr) + SECURITY_SERVER_COOKIE_LEN, &gid, sizeof(gid));
-
- /* Check poll */
- retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(retval == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "poll() error");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- if(retval == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- SEC_SVR_ERR("%s", "poll() timeout");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
-
- /* Send to server */
- retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, sizeof(buf)));
- if(retval < sizeof(buf))
- {
- /* Write error */
- SEC_SVR_ERR("Error on write(): %d", retval);
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- return SECURITY_SERVER_SUCCESS;
+ basic_header hdr;
+ int retval;
+ unsigned char buf[sizeof(hdr) + sizeof(gid) + SECURITY_SERVER_COOKIE_LEN];
+
+ /* Assemble header */
+ hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.msg_id = SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_REQUEST;
+ hdr.msg_len = sizeof(gid) + SECURITY_SERVER_COOKIE_LEN;
+
+ memcpy(buf, &hdr, sizeof(hdr));
+ memcpy(buf + sizeof(hdr), cookie, SECURITY_SERVER_COOKIE_LEN);
+ memcpy(buf + sizeof(hdr) + SECURITY_SERVER_COOKIE_LEN, &gid, sizeof(gid));
+
+ /* Check poll */
+ retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (retval == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "poll() error");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ if (retval == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_ERR("%s", "poll() timeout");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+
+ /* Send to server */
+ retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, sizeof(buf)));
+ if (retval < sizeof(buf))
+ {
+ /* Write error */
+ SEC_SVR_ERR("Error on write(): %d", retval);
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ return SECURITY_SERVER_SUCCESS;
}
int send_privilege_check_new_request(int sock_fd,
const char *object,
const char *access_rights)
{
- basic_header hdr;
- int retval;
- int olen, alen;
- int size;
-
- olen = strlen(object);
- alen = strlen(access_rights);
- if (olen > MAX_OBJECT_LABEL_LEN || alen > MAX_MODE_STR_LEN)
- {
- return SECURITY_SERVER_ERROR_INPUT_PARAM;
- }
+ basic_header hdr;
+ int retval;
+ int olen, alen;
+ int size;
+
+ olen = strlen(object);
+ alen = strlen(access_rights);
+ if (olen > MAX_OBJECT_LABEL_LEN || alen > MAX_MODE_STR_LEN)
+ {
+ return SECURITY_SERVER_ERROR_INPUT_PARAM;
+ }
+
+ unsigned char buf[sizeof(hdr) + SECURITY_SERVER_COOKIE_LEN +
+ 2 * sizeof(int) + MAX_OBJECT_LABEL_LEN + MAX_MODE_STR_LEN];
- unsigned char buf[sizeof(hdr) + SECURITY_SERVER_COOKIE_LEN +
- 2*sizeof(int) + MAX_OBJECT_LABEL_LEN + MAX_MODE_STR_LEN];
-
- /* Assemble header */
- hdr.version = SECURITY_SERVER_MSG_VERSION;
- hdr.msg_id = SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_REQUEST;
- hdr.msg_len = SECURITY_SERVER_COOKIE_LEN + 2*sizeof(int) + olen + alen;
-
- memcpy(buf, &hdr, sizeof(hdr));
- memcpy(buf + sizeof(hdr), cookie, SECURITY_SERVER_COOKIE_LEN);
- memcpy(buf + sizeof(hdr) + SECURITY_SERVER_COOKIE_LEN, &olen, sizeof(int));
- memcpy(buf + sizeof(hdr) + SECURITY_SERVER_COOKIE_LEN + sizeof(int),
- &alen, sizeof(int));
- memcpy(buf + sizeof(hdr) + SECURITY_SERVER_COOKIE_LEN + 2*sizeof(int), object, olen);
- memcpy(buf + sizeof(hdr) + SECURITY_SERVER_COOKIE_LEN + 2*sizeof(int) + olen,
- access_rights, alen);
-
- /* Check poll */
- retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(retval == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "poll() error");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- if(retval == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- SEC_SVR_ERR("%s", "poll() timeout");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
-
- size = sizeof(hdr) + SECURITY_SERVER_COOKIE_LEN + 2*sizeof(int) + olen + alen;
- /* Send to server */
- retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, size));
- if(retval < size)
- {
- /* Write error */
- SEC_SVR_ERR("Error on write(): %d", retval);
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- return SECURITY_SERVER_SUCCESS;
+ /* Assemble header */
+ hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.msg_id = SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_REQUEST;
+ hdr.msg_len = SECURITY_SERVER_COOKIE_LEN + 2 * sizeof(int) + olen + alen;
+
+ memcpy(buf, &hdr, sizeof(hdr));
+ memcpy(buf + sizeof(hdr), cookie, SECURITY_SERVER_COOKIE_LEN);
+ memcpy(buf + sizeof(hdr) + SECURITY_SERVER_COOKIE_LEN, &olen, sizeof(int));
+ memcpy(buf + sizeof(hdr) + SECURITY_SERVER_COOKIE_LEN + sizeof(int),
+ &alen, sizeof(int));
+ memcpy(buf + sizeof(hdr) + SECURITY_SERVER_COOKIE_LEN + 2 * sizeof(int), object, olen);
+ memcpy(buf + sizeof(hdr) + SECURITY_SERVER_COOKIE_LEN + 2 * sizeof(int) + olen,
+ access_rights, alen);
+
+ /* Check poll */
+ retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (retval == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "poll() error");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ if (retval == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_ERR("%s", "poll() timeout");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+
+ size = sizeof(hdr) + SECURITY_SERVER_COOKIE_LEN + 2 * sizeof(int) + olen + alen;
+ /* Send to server */
+ retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, size));
+ if (retval < size)
+ {
+ /* Write error */
+ SEC_SVR_ERR("Error on write(): %d", retval);
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ return SECURITY_SERVER_SUCCESS;
}
/* Send SMACK request message to security server *
* | |
* |---------------------------------------------------------------|
*/
-int send_smack_request(int sock_fd, const char * cookie)
+int send_smack_request(int sock_fd, const char *cookie)
{
- basic_header hdr;
- int retval;
- unsigned char buf[sizeof(hdr) + SECURITY_SERVER_COOKIE_LEN];
-
- /* Assemble header */
- hdr.version = SECURITY_SERVER_MSG_VERSION;
- hdr.msg_id = SECURITY_SERVER_MSG_TYPE_SMACK_REQUEST;
- hdr.msg_len = SECURITY_SERVER_COOKIE_LEN;
-
- memcpy(buf, &hdr, sizeof(hdr));
- memcpy(buf + sizeof(hdr), cookie, SECURITY_SERVER_COOKIE_LEN);
-
- /* Check poll */
- retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(retval == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "poll() error");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- if(retval == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- SEC_SVR_ERR("%s", "poll() timeout");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
-
- /* Send to server */
- retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, sizeof(buf)));
- if(retval < sizeof(buf))
- {
- /* Write error */
- SEC_SVR_ERR("Error on write(): %d", retval);
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- return SECURITY_SERVER_SUCCESS;
+ basic_header hdr;
+ int retval;
+ unsigned char buf[sizeof(hdr) + SECURITY_SERVER_COOKIE_LEN];
+
+ /* Assemble header */
+ hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.msg_id = SECURITY_SERVER_MSG_TYPE_SMACK_REQUEST;
+ hdr.msg_len = SECURITY_SERVER_COOKIE_LEN;
+
+ memcpy(buf, &hdr, sizeof(hdr));
+ memcpy(buf + sizeof(hdr), cookie, SECURITY_SERVER_COOKIE_LEN);
+
+ /* Check poll */
+ retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (retval == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "poll() error");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ if (retval == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_ERR("%s", "poll() timeout");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+
+ /* Send to server */
+ retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, sizeof(buf)));
+ if (retval < sizeof(buf))
+ {
+ /* Write error */
+ SEC_SVR_ERR("Error on write(): %d", retval);
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ return SECURITY_SERVER_SUCCESS;
}
//VERSION: 0x01
int retval;
int message_size;
//buffer for data
- char * buff = NULL;
+ char *buff = NULL;
int offset = 0;
if (pid < 0) {
//+1 for the '\0' at string end
message_size = sizeof(int) + strlen(object) + 1 + strlen(access_rights) + 1;
- buff = (char *)malloc(message_size + sizeof(hdr));
+ buff = (char*)malloc(message_size + sizeof(hdr));
if (buff == NULL) {
SEC_SVR_ERR("%s", "malloc() error");
retval = SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
SEC_SVR_ERR("%s", "poll() error");
retval = SECURITY_SERVER_ERROR_SEND_FAILED;
goto error;
-
}
if (retval == SECURITY_SERVER_ERROR_TIMEOUT) {
SEC_SVR_ERR("%s", "poll() timeout");
* | |
* |---------------------------------------------------------------|
*/
-int send_pid_request(int sock_fd, const char*cookie)
+int send_pid_request(int sock_fd, const char *cookie)
{
- basic_header hdr;
- int retval;
- unsigned char buf[sizeof(hdr) + SECURITY_SERVER_COOKIE_LEN];
-
- /* Assemble header */
- hdr.version = SECURITY_SERVER_MSG_VERSION;
- hdr.msg_id = SECURITY_SERVER_MSG_TYPE_PID_REQUEST;
- hdr.msg_len = SECURITY_SERVER_COOKIE_LEN;
-
- memcpy(buf, &hdr, sizeof(hdr));
- memcpy(buf + sizeof(hdr), cookie, SECURITY_SERVER_COOKIE_LEN);
-
- /* Check poll */
- retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(retval == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "poll() error");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- if(retval == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- SEC_SVR_ERR("%s", "poll() timeout");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
-
- /* Send to server */
- retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, sizeof(buf)));
- if(retval < sizeof(buf))
- {
- /* Write error */
- SEC_SVR_ERR("Error on write(): %d", retval);
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- return SECURITY_SERVER_SUCCESS;
+ basic_header hdr;
+ int retval;
+ unsigned char buf[sizeof(hdr) + SECURITY_SERVER_COOKIE_LEN];
+
+ /* Assemble header */
+ hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.msg_id = SECURITY_SERVER_MSG_TYPE_PID_REQUEST;
+ hdr.msg_len = SECURITY_SERVER_COOKIE_LEN;
+
+ memcpy(buf, &hdr, sizeof(hdr));
+ memcpy(buf + sizeof(hdr), cookie, SECURITY_SERVER_COOKIE_LEN);
+
+ /* Check poll */
+ retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (retval == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "poll() error");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ if (retval == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_ERR("%s", "poll() timeout");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+
+ /* Send to server */
+ retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, sizeof(buf)));
+ if (retval < sizeof(buf))
+ {
+ /* Write error */
+ SEC_SVR_ERR("Error on write(): %d", retval);
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ return SECURITY_SERVER_SUCCESS;
}
*/
int send_launch_tool_request(int sock_fd, int argc, const char **argv)
{
- basic_header hdr;
- int retval, total_length = 0, ptr, i, tempnum;
- unsigned char *buf = NULL;
-
- for (i=0;i<argc;i++)
- {
- if(argv[i] == NULL)
- {
- SEC_SVR_ERR("Error: %dth argv is NULL", i);
- return SECURITY_SERVER_ERROR_INPUT_PARAM;
- }
- total_length += strlen(argv[i]);
- }
-
- if(total_length < 1)
- {
- SEC_SVR_ERR("Error: There is a problem in argv. [%d]", total_length);
- return SECURITY_SERVER_ERROR_INPUT_PARAM;
- }
- total_length += sizeof(hdr) + sizeof(int) +(argc * sizeof(int));
-
- if(total_length > 0xffff)
- {
- SEC_SVR_ERR("Buffer overflow. too big payload. [%d]", total_length);
- return SECURITY_SERVER_ERROR_INPUT_PARAM;
- }
-
- buf = malloc(total_length);
- if(buf == NULL)
- {
- SEC_SVR_ERR("%s", "Error: failed to malloc()");
- return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
- }
-
- /* Assemble header */
- hdr.version = SECURITY_SERVER_MSG_VERSION;
- hdr.msg_id = SECURITY_SERVER_MSG_TYPE_TOOL_REQUEST;
- hdr.msg_len = (unsigned short)total_length;
- memcpy(buf, &hdr, sizeof(hdr));
- ptr = sizeof(hdr);
- memcpy(buf + ptr, &argc, sizeof(int));
- ptr += sizeof(hdr);
-
- /* Assemple each argv length and value */
- for(i=0;i<argc;i++)
- {
- tempnum = strlen(argv[i]);
- memcpy(buf + ptr, &tempnum, sizeof(int));
- ptr += sizeof(int);
- memcpy(buf + ptr, argv[i], tempnum);
- ptr += tempnum;
- }
-
- /* Check poll */
- retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(retval == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "poll() error");
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
- goto error;
-
- }
- if(retval == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- SEC_SVR_ERR("%s", "poll() timeout");
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
- goto error;
- }
-
- /* Send to server */
- retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, total_length));
- if(retval < sizeof(buf))
- {
- /* Write error */
- SEC_SVR_ERR("Error on write(): %d", retval);
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
- goto error;
- }
- retval = SECURITY_SERVER_SUCCESS;
+ basic_header hdr;
+ int retval, total_length = 0, ptr, i, tempnum;
+ unsigned char *buf = NULL;
+
+ for (i = 0; i < argc; i++)
+ {
+ if (argv[i] == NULL)
+ {
+ SEC_SVR_ERR("Error: %dth argv is NULL", i);
+ return SECURITY_SERVER_ERROR_INPUT_PARAM;
+ }
+ total_length += strlen(argv[i]);
+ }
+
+ if (total_length < 1)
+ {
+ SEC_SVR_ERR("Error: There is a problem in argv. [%d]", total_length);
+ return SECURITY_SERVER_ERROR_INPUT_PARAM;
+ }
+ total_length += sizeof(hdr) + sizeof(int) + (argc * sizeof(int));
+
+ if (total_length > 0xffff)
+ {
+ SEC_SVR_ERR("Buffer overflow. too big payload. [%d]", total_length);
+ return SECURITY_SERVER_ERROR_INPUT_PARAM;
+ }
+
+ buf = malloc(total_length);
+ if (buf == NULL)
+ {
+ SEC_SVR_ERR("%s", "Error: failed to malloc()");
+ return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
+ }
+
+ /* Assemble header */
+ hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.msg_id = SECURITY_SERVER_MSG_TYPE_TOOL_REQUEST;
+ hdr.msg_len = (unsigned short)total_length;
+ memcpy(buf, &hdr, sizeof(hdr));
+ ptr = sizeof(hdr);
+ memcpy(buf + ptr, &argc, sizeof(int));
+ ptr += sizeof(hdr);
+
+ /* Assemple each argv length and value */
+ for (i = 0; i < argc; i++)
+ {
+ tempnum = strlen(argv[i]);
+ memcpy(buf + ptr, &tempnum, sizeof(int));
+ ptr += sizeof(int);
+ memcpy(buf + ptr, argv[i], tempnum);
+ ptr += tempnum;
+ }
+
+ /* Check poll */
+ retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (retval == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "poll() error");
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ goto error;
+ }
+ if (retval == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_ERR("%s", "poll() timeout");
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ goto error;
+ }
+
+ /* Send to server */
+ retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, total_length));
+ if (retval < sizeof(buf))
+ {
+ /* Write error */
+ SEC_SVR_ERR("Error on write(): %d", retval);
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ goto error;
+ }
+ retval = SECURITY_SERVER_SUCCESS;
error:
- if(buf != NULL)
- free(buf);
- return retval;
+ if (buf != NULL)
+ free(buf);
+ return retval;
}
/* Send validate password request message to security server *
*/
int send_valid_pwd_request(int sock_fd)
{
- basic_header hdr;
- int retval;
-
- hdr.version = SECURITY_SERVER_MSG_VERSION;
- hdr.msg_id = SECURITY_SERVER_MSG_TYPE_VALID_PWD_REQUEST;
- hdr.msg_len = 0;
-
- /* Check poll */
- retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(retval == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "poll() error");
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
- goto error;
-
- }
- if(retval == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- SEC_SVR_ERR("%s", "poll() timeout");
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
- goto error;
- }
-
- /* Send to server */
- retval = TEMP_FAILURE_RETRY(write(sock_fd, &hdr, sizeof(hdr)));
- if(retval < sizeof(hdr))
- {
- /* Write error */
- SEC_SVR_ERR("Error on write(): %d", retval);
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
- goto error;
- }
- retval = SECURITY_SERVER_SUCCESS;
+ basic_header hdr;
+ int retval;
+
+ hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.msg_id = SECURITY_SERVER_MSG_TYPE_VALID_PWD_REQUEST;
+ hdr.msg_len = 0;
+
+ /* Check poll */
+ retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (retval == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "poll() error");
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ goto error;
+ }
+ if (retval == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_ERR("%s", "poll() timeout");
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ goto error;
+ }
+
+ /* Send to server */
+ retval = TEMP_FAILURE_RETRY(write(sock_fd, &hdr, sizeof(hdr)));
+ if (retval < sizeof(hdr))
+ {
+ /* Write error */
+ SEC_SVR_ERR("Error on write(): %d", retval);
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ goto error;
+ }
+ retval = SECURITY_SERVER_SUCCESS;
error:
- return retval;
+ return retval;
}
/* Send password set request message to security server *
* |---------------------------------------------------------------|
*/
int send_set_pwd_request(int sock_fd,
- const char*cur_pwd,
- const char*new_pwd,
- const unsigned int max_challenge,
- const unsigned int valid_period_in_days)
+ const char *cur_pwd,
+ const char *new_pwd,
+ const unsigned int max_challenge,
+ const unsigned int valid_period_in_days)
{
- basic_header hdr;
- int retval, total_length = 0, ptr;
- unsigned char *buf = NULL, cur_pwd_len, new_pwd_len;
-
- if(cur_pwd == NULL)
- cur_pwd_len = 0;
- else
- cur_pwd_len = strlen(cur_pwd);
- new_pwd_len = strlen(new_pwd);
-
- total_length += sizeof(hdr) + sizeof(char) + sizeof(char) + cur_pwd_len
- + new_pwd_len + sizeof(unsigned int) + sizeof(unsigned int);
-
- buf = malloc(total_length);
- if(buf == NULL)
- {
- SEC_SVR_ERR("%s", "Error: failed to malloc()");
- return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
- }
-
- /* Assemble header */
- hdr.version = SECURITY_SERVER_MSG_VERSION;
- hdr.msg_id = SECURITY_SERVER_MSG_TYPE_SET_PWD_REQUEST;
- hdr.msg_len = (unsigned short)total_length;
- memcpy(buf, &hdr, sizeof(hdr));
- ptr = sizeof(hdr);
- memcpy(buf + ptr, &cur_pwd_len, sizeof(char));
- ptr += sizeof(char);
- memcpy(buf + ptr, &new_pwd_len, sizeof(char));
- ptr += sizeof(char);
- if(cur_pwd != NULL)
- {
- memcpy(buf + ptr, cur_pwd, cur_pwd_len);
- ptr += cur_pwd_len;
- }
- memcpy(buf + ptr, new_pwd, new_pwd_len);
- ptr += new_pwd_len;
- memcpy(buf + ptr, &max_challenge, sizeof(unsigned int));
- ptr += sizeof(unsigned int);
- memcpy(buf + ptr, &valid_period_in_days, sizeof(unsigned int));
-
- /* Check poll */
- retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(retval == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "poll() error");
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
- goto error;
-
- }
- if(retval == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- SEC_SVR_ERR("%s", "poll() timeout");
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
- goto error;
- }
-
- /* Send to server */
- retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, total_length));
- if(retval < sizeof(buf))
- {
- /* Write error */
- SEC_SVR_ERR("Error on write(): %d", retval);
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
- goto error;
- }
- retval = SECURITY_SERVER_SUCCESS;
+ basic_header hdr;
+ int retval, total_length = 0, ptr;
+ unsigned char *buf = NULL, cur_pwd_len, new_pwd_len;
+
+ if (cur_pwd == NULL)
+ cur_pwd_len = 0;
+ else
+ cur_pwd_len = strlen(cur_pwd);
+ new_pwd_len = strlen(new_pwd);
+
+ total_length += sizeof(hdr) + sizeof(char) + sizeof(char) + cur_pwd_len
+ + new_pwd_len + sizeof(unsigned int) + sizeof(unsigned int);
+
+ buf = malloc(total_length);
+ if (buf == NULL)
+ {
+ SEC_SVR_ERR("%s", "Error: failed to malloc()");
+ return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
+ }
+
+ /* Assemble header */
+ hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.msg_id = SECURITY_SERVER_MSG_TYPE_SET_PWD_REQUEST;
+ hdr.msg_len = (unsigned short)total_length;
+ memcpy(buf, &hdr, sizeof(hdr));
+ ptr = sizeof(hdr);
+ memcpy(buf + ptr, &cur_pwd_len, sizeof(char));
+ ptr += sizeof(char);
+ memcpy(buf + ptr, &new_pwd_len, sizeof(char));
+ ptr += sizeof(char);
+ if (cur_pwd != NULL)
+ {
+ memcpy(buf + ptr, cur_pwd, cur_pwd_len);
+ ptr += cur_pwd_len;
+ }
+ memcpy(buf + ptr, new_pwd, new_pwd_len);
+ ptr += new_pwd_len;
+ memcpy(buf + ptr, &max_challenge, sizeof(unsigned int));
+ ptr += sizeof(unsigned int);
+ memcpy(buf + ptr, &valid_period_in_days, sizeof(unsigned int));
+
+ /* Check poll */
+ retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (retval == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "poll() error");
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ goto error;
+ }
+ if (retval == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_ERR("%s", "poll() timeout");
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ goto error;
+ }
+
+ /* Send to server */
+ retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, total_length));
+ if (retval < sizeof(buf))
+ {
+ /* Write error */
+ SEC_SVR_ERR("Error on write(): %d", retval);
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ goto error;
+ }
+ retval = SECURITY_SERVER_SUCCESS;
error:
- if(buf != NULL)
- free(buf);
- return retval;
+ if (buf != NULL)
+ free(buf);
+ return retval;
}
/* Send password validity change request message to security server *
total_length = sizeof(hdr) + sizeof(unsigned int);
buf = malloc(total_length);
- if(buf == NULL)
+ if (buf == NULL)
{
SEC_SVR_ERR("%s", "Error: failed to malloc()");
return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
/* Check poll */
retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(retval == SECURITY_SERVER_ERROR_POLL)
+ if (retval == SECURITY_SERVER_ERROR_POLL)
{
SEC_SVR_ERR("%s", "poll() error");
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
goto error;
-
}
- if(retval == SECURITY_SERVER_ERROR_TIMEOUT)
+ if (retval == SECURITY_SERVER_ERROR_TIMEOUT)
{
SEC_SVR_ERR("%s", "poll() timeout");
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
goto error;
}
/* Send to server */
retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, total_length));
- if(retval < sizeof(buf))
+ if (retval < sizeof(buf))
{
/* Write error */
SEC_SVR_ERR("Error on write(): %d", retval);
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
goto error;
}
retval = SECURITY_SERVER_SUCCESS;
error:
- if(buf != NULL)
+ if (buf != NULL)
free(buf);
return retval;
}
total_length = sizeof(hdr) + sizeof(unsigned int);
buf = malloc(total_length);
- if(buf == NULL)
+ if (buf == NULL)
{
SEC_SVR_ERR("%s", "Error: failed to malloc()");
return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
/* Check poll */
retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(retval == SECURITY_SERVER_ERROR_POLL)
+ if (retval == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "poll() error");
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ goto error;
+ }
+ if (retval == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_ERR("%s", "poll() timeout");
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ goto error;
+ }
+
+ /* Send to server */
+ retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, total_length));
+ if (retval < sizeof(buf))
+ {
+ /* Write error */
+ SEC_SVR_ERR("Error on write(): %d", retval);
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ goto error;
+ }
+ retval = SECURITY_SERVER_SUCCESS;
+
+error:
+ if (buf != NULL)
+ free(buf);
+ return retval;
+}
+
+/* Send password reset request message to security server *
+ *
+ * Message format
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * |---------------------------------------------------------------|
+ * | version=0x01 |MessageID=0x11 | Message Length |
+ * |---------------------------------------------------------------|
+ * | new_pwd_len | |
+ * |---------------------------------------------------------------|
+ * | |
+ * | new pwd |
+ * | |
+ * |---------------------------------------------------------------|
+ * | max attempts |
+ * |---------------------------------------------------------------|
+ * | valid days |
+ * |---------------------------------------------------------------|
+ */
+int send_reset_pwd_request(int sock_fd,
+ const char *new_pwd,
+ const unsigned int max_challenge,
+ const unsigned int valid_period_in_days)
+{
+ basic_header hdr;
+ int retval, total_length = 0, ptr;
+ unsigned char *buf = NULL, new_pwd_len;
+
+ new_pwd_len = strlen(new_pwd);
+
+ total_length += sizeof(hdr) + sizeof(char) + new_pwd_len + sizeof(unsigned int) +
+ sizeof(unsigned int);
+
+ buf = malloc(total_length);
+ if (buf == NULL)
+ {
+ SEC_SVR_ERR("%s", "Error: failed to malloc()");
+ return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
+ }
+
+ /* Assemble header */
+ hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.msg_id = SECURITY_SERVER_MSG_TYPE_RESET_PWD_REQUEST;
+ hdr.msg_len = (unsigned short)total_length;
+ memcpy(buf, &hdr, sizeof(hdr));
+ ptr = sizeof(hdr);
+ memcpy(buf + ptr, &new_pwd_len, sizeof(char));
+ ptr += sizeof(char);
+ memcpy(buf + ptr, new_pwd, new_pwd_len);
+ ptr += new_pwd_len;
+ memcpy(buf + ptr, &max_challenge, sizeof(unsigned int));
+ ptr += sizeof(unsigned int);
+ memcpy(buf + ptr, &valid_period_in_days, sizeof(unsigned int));
+
+ /* Check poll */
+ retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (retval == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "poll() error");
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ goto error;
+ }
+ if (retval == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_ERR("%s", "poll() timeout");
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ goto error;
+ }
+
+ /* Send to server */
+ retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, total_length));
+ if (retval < sizeof(buf))
+ {
+ /* Write error */
+ SEC_SVR_ERR("Error on write(): %d", retval);
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ goto error;
+ }
+ retval = SECURITY_SERVER_SUCCESS;
+
+error:
+ if (buf != NULL)
+ free(buf);
+ return retval;
+}
+
+/* Send password check request message to security server *
+ *
+ * Message format
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * |---------------------------------------------------------------|
+ * | version=0x01 |MessageID=0x13 | Message Length |
+ * |---------------------------------------------------------------|
+ * | challenge_len | |
+ * |--------------- |
+ * | challenge |
+ * |---------------------------------------------------------------|
+ */
+int send_chk_pwd_request(int sock_fd, const char *challenge)
+{
+ basic_header hdr;
+ int retval, total_length = 0, ptr;
+ unsigned char *buf = NULL, challenge_len;
+
+ challenge_len = strlen(challenge);
+
+ total_length += sizeof(hdr) + sizeof(char) + challenge_len;
+
+ buf = malloc(total_length);
+ if (buf == NULL)
+ {
+ SEC_SVR_ERR("%s", "Error: failed to malloc()");
+ return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
+ }
+
+ /* Assemble header */
+ hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.msg_id = SECURITY_SERVER_MSG_TYPE_CHK_PWD_REQUEST;
+ hdr.msg_len = (unsigned short)total_length;
+ memcpy(buf, &hdr, sizeof(hdr));
+ ptr = sizeof(hdr);
+ memcpy(buf + ptr, &challenge_len, sizeof(char));
+ ptr += sizeof(char);
+ memcpy(buf + ptr, challenge, challenge_len);
+ ptr += sizeof(char);
+
+ /* Check poll */
+ retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (retval == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "poll() error");
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ goto error;
+ }
+ if (retval == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_ERR("%s", "poll() timeout");
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ goto error;
+ }
+
+ /* Send to server */
+ retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, total_length));
+ if (retval < sizeof(buf))
+ {
+ /* Write error */
+ SEC_SVR_ERR("Error on write(): %d", retval);
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ goto error;
+ }
+ retval = SECURITY_SERVER_SUCCESS;
+
+error:
+ if (buf != NULL)
+ free(buf);
+ return retval;
+}
+
+/* Send password history set request message to security server *
+ *
+ * Message format
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * |---------------------------------------------------------------|
+ * | version=0x01 |MessageID=0x15 | Message Length |
+ * |---------------------------------------------------------------|
+ * | challenge_len |
+ * |----------------
+ */
+int send_set_pwd_history_request(int sock_fd, int num)
+{
+ basic_header hdr;
+ int retval, total_length = 0, ptr;
+ unsigned char history;
+ unsigned char buf[sizeof(hdr) + sizeof(history)];
+
+ total_length = sizeof(hdr) + sizeof(char);
+ history = (unsigned char) num;
+
+ /* Assemble header */
+ hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.msg_id = SECURITY_SERVER_MSG_TYPE_SET_PWD_HISTORY_REQUEST;
+ hdr.msg_len = (unsigned short)total_length;
+ memcpy(buf, &hdr, sizeof(hdr));
+ ptr = sizeof(hdr);
+ memcpy(buf + ptr, &history, sizeof(char));
+ ptr += sizeof(char);
+
+ /* Check poll */
+ retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (retval == SECURITY_SERVER_ERROR_POLL)
{
SEC_SVR_ERR("%s", "poll() error");
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
goto error;
-
}
- if(retval == SECURITY_SERVER_ERROR_TIMEOUT)
+ if (retval == SECURITY_SERVER_ERROR_TIMEOUT)
{
SEC_SVR_ERR("%s", "poll() timeout");
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
goto error;
}
/* Send to server */
- retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, total_length));
- if(retval < sizeof(buf))
+ retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, ptr));
+ if (retval < sizeof(buf))
{
/* Write error */
SEC_SVR_ERR("Error on write(): %d", retval);
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
goto error;
}
retval = SECURITY_SERVER_SUCCESS;
error:
- if(buf != NULL)
- free(buf);
return retval;
}
-/* Send password reset request message to security server *
- *
- * Message format
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * |---------------------------------------------------------------|
- * | version=0x01 |MessageID=0x11 | Message Length |
- * |---------------------------------------------------------------|
- * | new_pwd_len | |
- * |---------------------------------------------------------------|
- * | |
- * | new pwd |
- * | |
- * |---------------------------------------------------------------|
- * | max attempts |
- * |---------------------------------------------------------------|
- * | valid days |
- * |---------------------------------------------------------------|
- */
-int send_reset_pwd_request(int sock_fd,
- const char*new_pwd,
- const unsigned int max_challenge,
- const unsigned int valid_period_in_days)
-{
- basic_header hdr;
- int retval, total_length = 0, ptr;
- unsigned char *buf = NULL, new_pwd_len;
-
- new_pwd_len = strlen(new_pwd);
-
- total_length += sizeof(hdr) + sizeof(char) + new_pwd_len + sizeof(unsigned int) +
- sizeof(unsigned int);
-
- buf = malloc(total_length);
- if(buf == NULL)
- {
- SEC_SVR_ERR("%s", "Error: failed to malloc()");
- return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
- }
-
- /* Assemble header */
- hdr.version = SECURITY_SERVER_MSG_VERSION;
- hdr.msg_id = SECURITY_SERVER_MSG_TYPE_RESET_PWD_REQUEST;
- hdr.msg_len = (unsigned short)total_length;
- memcpy(buf, &hdr, sizeof(hdr));
- ptr = sizeof(hdr);
- memcpy(buf + ptr, &new_pwd_len, sizeof(char));
- ptr += sizeof(char);
- memcpy(buf + ptr, new_pwd, new_pwd_len);
- ptr += new_pwd_len;
- memcpy(buf + ptr, &max_challenge, sizeof(unsigned int));
- ptr += sizeof(unsigned int);
- memcpy(buf + ptr, &valid_period_in_days, sizeof(unsigned int));
-
- /* Check poll */
- retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(retval == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "poll() error");
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
- goto error;
-
- }
- if(retval == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- SEC_SVR_ERR("%s", "poll() timeout");
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
- goto error;
- }
-
- /* Send to server */
- retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, total_length));
- if(retval < sizeof(buf))
- {
- /* Write error */
- SEC_SVR_ERR("Error on write(): %d", retval);
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
- goto error;
- }
- retval = SECURITY_SERVER_SUCCESS;
-
-error:
- if(buf != NULL)
- free(buf);
- return retval;
-}
-
-/* Send password check request message to security server *
- *
- * Message format
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * |---------------------------------------------------------------|
- * | version=0x01 |MessageID=0x13 | Message Length |
- * |---------------------------------------------------------------|
- * | challenge_len | |
- * |--------------- |
- * | challenge |
- * |---------------------------------------------------------------|
- */
-int send_chk_pwd_request(int sock_fd, const char*challenge)
+/* Receive request header */
+int recv_hdr(int client_sockfd, basic_header *basic_hdr)
{
- basic_header hdr;
- int retval, total_length = 0, ptr;
- unsigned char *buf = NULL, challenge_len;
-
- challenge_len = strlen(challenge);
-
- total_length += sizeof(hdr) + sizeof(char) + challenge_len;
-
- buf = malloc(total_length);
- if(buf == NULL)
- {
- SEC_SVR_ERR("%s", "Error: failed to malloc()");
- return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
- }
-
- /* Assemble header */
- hdr.version = SECURITY_SERVER_MSG_VERSION;
- hdr.msg_id = SECURITY_SERVER_MSG_TYPE_CHK_PWD_REQUEST;
- hdr.msg_len = (unsigned short)total_length;
- memcpy(buf, &hdr, sizeof(hdr));
- ptr = sizeof(hdr);
- memcpy(buf + ptr, &challenge_len, sizeof(char));
- ptr += sizeof(char);
- memcpy(buf + ptr, challenge, challenge_len);
- ptr += sizeof(char);
-
- /* Check poll */
- retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(retval == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "poll() error");
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
- goto error;
-
- }
- if(retval == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- SEC_SVR_ERR("%s", "poll() timeout");
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
- goto error;
- }
-
- /* Send to server */
- retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, total_length));
- if(retval < sizeof(buf))
- {
- /* Write error */
- SEC_SVR_ERR("Error on write(): %d", retval);
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
- goto error;
- }
- retval = SECURITY_SERVER_SUCCESS;
-
-error:
- if(buf != NULL)
- free(buf);
- return retval;
-}
+ int retval;
-/* Send password history set request message to security server *
- *
- * Message format
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * |---------------------------------------------------------------|
- * | version=0x01 |MessageID=0x15 | Message Length |
- * |---------------------------------------------------------------|
- * | challenge_len |
- * |----------------
- */
-int send_set_pwd_history_request(int sock_fd, int num)
-{
- basic_header hdr;
- int retval, total_length = 0, ptr;
- unsigned char history;
- unsigned char buf[sizeof(hdr) + sizeof(history)];
-
- total_length = sizeof(hdr) + sizeof(char);
- history = (unsigned char) num;
-
- /* Assemble header */
- hdr.version = SECURITY_SERVER_MSG_VERSION;
- hdr.msg_id = SECURITY_SERVER_MSG_TYPE_SET_PWD_HISTORY_REQUEST;
- hdr.msg_len = (unsigned short)total_length;
- memcpy(buf, &hdr, sizeof(hdr));
- ptr = sizeof(hdr);
- memcpy(buf + ptr, &history, sizeof(char));
- ptr += sizeof(char);
-
- /* Check poll */
- retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(retval == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "poll() error");
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
- goto error;
-
- }
- if(retval == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- SEC_SVR_ERR("%s", "poll() timeout");
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
- goto error;
- }
-
- /* Send to server */
- retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, ptr));
- if(retval < sizeof(buf))
- {
- /* Write error */
- SEC_SVR_ERR("Error on write(): %d", retval);
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
- goto error;
- }
- retval = SECURITY_SERVER_SUCCESS;
+ /* Check poll */
+ retval = check_socket_poll(client_sockfd, POLLIN, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (retval == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "poll() error");
+ return SECURITY_SERVER_ERROR_SOCKET;
+ }
+ if (retval == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_ERR("%s", "poll() timeout");
+ return SECURITY_SERVER_ERROR_TIMEOUT;
+ }
-error:
- return retval;
-}
+ /* Receive request header first */
+ retval = TEMP_FAILURE_RETRY(read(client_sockfd, basic_hdr, sizeof(basic_header)));
+ if (retval < sizeof(basic_header))
+ {
+ SEC_SVR_ERR("read failed. closing socket %d", retval);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
-/* Receive request header */
-int recv_hdr(int client_sockfd, basic_header *basic_hdr)
-{
- int retval;
-
- /* Check poll */
- retval = check_socket_poll(client_sockfd, POLLIN, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(retval == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "poll() error");
- return SECURITY_SERVER_ERROR_SOCKET;
- }
- if(retval == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- SEC_SVR_ERR("%s", "poll() timeout");
- return SECURITY_SERVER_ERROR_TIMEOUT;
- }
-
- /* Receive request header first */
- retval = TEMP_FAILURE_RETRY(read(client_sockfd, basic_hdr, sizeof(basic_header)));
- if(retval < sizeof(basic_header))
- {
- SEC_SVR_ERR("read failed. closing socket %d", retval);
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
-
- /* Validate header */
- retval = validate_header(*basic_hdr);
- return retval;
+ /* Validate header */
+ retval = validate_header(*basic_hdr);
+ return retval;
}
/* Receive check privilege request packet body */
int recv_check_privilege_request(int sockfd, unsigned char *requested_cookie, int *requested_privilege)
{
- int retval;
- retval = TEMP_FAILURE_RETRY(read(sockfd, requested_cookie, SECURITY_SERVER_COOKIE_LEN));
- if(retval < SECURITY_SERVER_COOKIE_LEN)
- {
- SEC_SVR_ERR("Received cookie size is too small: %d", retval);
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
-
- retval = TEMP_FAILURE_RETRY(read(sockfd, requested_privilege, sizeof(int)));
- if(retval < sizeof(int))
- {
- SEC_SVR_ERR("privilege size is too small: %d", retval);
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
- return SECURITY_SERVER_SUCCESS;
+ int retval;
+ retval = TEMP_FAILURE_RETRY(read(sockfd, requested_cookie, SECURITY_SERVER_COOKIE_LEN));
+ if (retval < SECURITY_SERVER_COOKIE_LEN)
+ {
+ SEC_SVR_ERR("Received cookie size is too small: %d", retval);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+
+ retval = TEMP_FAILURE_RETRY(read(sockfd, requested_privilege, sizeof(int)));
+ if (retval < sizeof(int))
+ {
+ SEC_SVR_ERR("privilege size is too small: %d", retval);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+ return SECURITY_SERVER_SUCCESS;
}
/* Receive check privilege request packet body (new mode)*/
char *object_label,
char *access_rights)
{
- int retval;
- int olen, alen;
-
- retval = TEMP_FAILURE_RETRY(read(sockfd, requested_cookie, SECURITY_SERVER_COOKIE_LEN));
- if(retval < SECURITY_SERVER_COOKIE_LEN)
- {
- SEC_SVR_ERR("Received cookie size is too small: %d", retval);
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
-
- retval = TEMP_FAILURE_RETRY(read(sockfd, &olen, sizeof(int)));
- if(retval < sizeof(int) || olen < 0 || olen > MAX_OBJECT_LABEL_LEN)
- {
- SEC_SVR_ERR("error reading object_label len: %d", retval);
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
-
- retval = TEMP_FAILURE_RETRY(read(sockfd, &alen, sizeof(int)));
- if(retval < sizeof(int) || alen < 0 || alen > MAX_MODE_STR_LEN)
- {
- SEC_SVR_ERR("error reading access_rights len: %d", retval);
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
-
- retval = TEMP_FAILURE_RETRY(read(sockfd, object_label, olen));
- if(retval < olen)
- {
- SEC_SVR_ERR("error reading object_label: %d", retval);
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
- object_label[olen] = '\0';
-
- retval = TEMP_FAILURE_RETRY(read(sockfd, access_rights, alen));
- if(retval < alen)
- {
- SEC_SVR_ERR("error reading access_rights: %d", retval);
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
- access_rights[alen] = '\0';
-
- return SECURITY_SERVER_SUCCESS;
+ int retval;
+ int olen, alen;
+
+ retval = TEMP_FAILURE_RETRY(read(sockfd, requested_cookie, SECURITY_SERVER_COOKIE_LEN));
+ if (retval < SECURITY_SERVER_COOKIE_LEN)
+ {
+ SEC_SVR_ERR("Received cookie size is too small: %d", retval);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+
+ retval = TEMP_FAILURE_RETRY(read(sockfd, &olen, sizeof(int)));
+ if (retval < sizeof(int) || olen < 0 || olen > MAX_OBJECT_LABEL_LEN)
+ {
+ SEC_SVR_ERR("error reading object_label len: %d", retval);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+
+ retval = TEMP_FAILURE_RETRY(read(sockfd, &alen, sizeof(int)));
+ if (retval < sizeof(int) || alen < 0 || alen > MAX_MODE_STR_LEN)
+ {
+ SEC_SVR_ERR("error reading access_rights len: %d", retval);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+
+ retval = TEMP_FAILURE_RETRY(read(sockfd, object_label, olen));
+ if (retval < olen)
+ {
+ SEC_SVR_ERR("error reading object_label: %d", retval);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+ object_label[olen] = '\0';
+
+ retval = TEMP_FAILURE_RETRY(read(sockfd, access_rights, alen));
+ if (retval < alen)
+ {
+ SEC_SVR_ERR("error reading access_rights: %d", retval);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+ access_rights[alen] = '\0';
+
+ return SECURITY_SERVER_SUCCESS;
}
/* Receive pid request packet body */
int recv_pid_request(int sockfd, unsigned char *requested_cookie)
{
- int retval;
- retval = TEMP_FAILURE_RETRY(read(sockfd, requested_cookie, SECURITY_SERVER_COOKIE_LEN));
- if(retval < SECURITY_SERVER_COOKIE_LEN)
- {
- SEC_SVR_ERR("Received cookie size is too small: %d", retval);
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
- return SECURITY_SERVER_SUCCESS;
+ int retval;
+ retval = TEMP_FAILURE_RETRY(read(sockfd, requested_cookie, SECURITY_SERVER_COOKIE_LEN));
+ if (retval < SECURITY_SERVER_COOKIE_LEN)
+ {
+ SEC_SVR_ERR("Received cookie size is too small: %d", retval);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+ return SECURITY_SERVER_SUCCESS;
}
/* receiving cookie from package */
int recv_smack_request(int sockfd, unsigned char *requested_cookie)
{
- int retval;
- retval = TEMP_FAILURE_RETRY(read(sockfd, requested_cookie, SECURITY_SERVER_COOKIE_LEN));
- if(retval < SECURITY_SERVER_COOKIE_LEN)
- {
- SEC_SVR_ERR("Received cookie size is too small: %d", retval);
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
- return SECURITY_SERVER_SUCCESS;
+ int retval;
+ retval = TEMP_FAILURE_RETRY(read(sockfd, requested_cookie, SECURITY_SERVER_COOKIE_LEN));
+ if (retval < SECURITY_SERVER_COOKIE_LEN)
+ {
+ SEC_SVR_ERR("Received cookie size is too small: %d", retval);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+ return SECURITY_SERVER_SUCCESS;
}
-int recv_pid_privilege_request(int sockfd, int datasize, int * pid, char ** object, char ** access_rights)
+int recv_pid_privilege_request(int sockfd, int datasize, int *pid, char **object, char **access_rights)
{
int retval;
- char * buff = NULL;
+ char *buff = NULL;
int object_size = 0;
int access_rights_size = 0;
- buff = (char *)malloc(datasize);
+ buff = (char*)malloc(datasize);
if (buff == NULL)
return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
//receive all data to buffer
retval = TEMP_FAILURE_RETRY(read(sockfd, buff, datasize));
- if (retval < datasize) {
- SEC_SVR_ERR("Received data size is too small: %d / %d", retval, datasize);
- retval = SECURITY_SERVER_ERROR_RECV_FAILED;
+ if (retval < datasize) {
+ SEC_SVR_ERR("Received data size is too small: %d / %d", retval, datasize);
+ retval = SECURITY_SERVER_ERROR_RECV_FAILED;
goto error;
- }
+ }
//getPID
memcpy(pid, buff, sizeof(int));
}
object_size++; //for '\0' at end
- *object = (char *)malloc(object_size);
+ *object = (char*)malloc(object_size);
memcpy(*object, buff + sizeof(int), object_size);
//get access_rights
access_rights_size = datasize - object_size - sizeof(int);
- *access_rights = (char *)malloc(access_rights_size);
+ *access_rights = (char*)malloc(access_rights_size);
memcpy(*access_rights, buff + sizeof(int) + object_size, access_rights_size);
SEC_SVR_DBG("%s %d", "Received PID:", *pid);
if (buff != NULL)
free(buff);
- return retval;
+ return retval;
}
/* Receive pid request packet body */
argv[0] = malloc(strlen(SECURITY_SERVER_DEBUG_TOOL_PATH) + 1);
strncpy(argv[0], SECURITY_SERVER_DEBUG_TOOL_PATH, (strlen(SECURITY_SERVER_DEBUG_TOOL_PATH) + 1));
- for(i=1;i<argc;i++)
+ for (i = 1; i < argc; i++)
{
retval = TEMP_FAILURE_RETRY(read(sockfd, &argv_len, sizeof(int)));
- if(retval < sizeof(int))
+ if (retval < sizeof(int))
{
SEC_SVR_ERR("Error: argv length recieve failed: %d", retval);
return SECURITY_SERVER_ERROR_RECV_FAILED;
}
- if(argv_len <= 0 || argv_len >= INT_MAX)
+ if (argv_len <= 0 || argv_len >= INT_MAX)
{
SEC_SVR_ERR("Error: argv length out of boundaries");
return SECURITY_SERVER_ERROR_RECV_FAILED;
}
argv[i] = malloc(argv_len + 1);
- if(argv[i] == NULL)
+ if (argv[i] == NULL)
{
SEC_SVR_ERR("Error: malloc() failed: %d", retval);
return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
memset(argv[i], 0x00, argv_len + 1);
retval = TEMP_FAILURE_RETRY(read(sockfd, argv[i], argv_len));
- if(retval < argv_len)
+ if (retval < argv_len)
{
SEC_SVR_ERR("Error: argv recieve failed: %d", retval);
return SECURITY_SERVER_ERROR_RECV_FAILED;
int recv_generic_response(int sockfd, response_header *hdr)
{
- int retval;
-
- /* Check poll */
- retval = check_socket_poll(sockfd, POLLIN, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(retval == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "Client: poll() error");
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
- if(retval == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- SEC_SVR_ERR("%s", "Client: poll() timeout");
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
-
- /* Receive response */
- retval = TEMP_FAILURE_RETRY(read(sockfd, hdr, sizeof(response_header)));
- if(retval < sizeof(response_header) )
- {
- /* Error on socket */
- SEC_SVR_ERR("Client: Receive failed %d", retval);
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
-
- if(hdr->return_code != SECURITY_SERVER_RETURN_CODE_SUCCESS)
- {
- SEC_SVR_ERR("Client: return code is not success: %d", hdr->return_code);
- return return_code_to_error_code(hdr->return_code);
- }
- return SECURITY_SERVER_SUCCESS;
+ int retval;
+
+ /* Check poll */
+ retval = check_socket_poll(sockfd, POLLIN, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (retval == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "Client: poll() error");
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+ if (retval == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_ERR("%s", "Client: poll() timeout");
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+
+ /* Receive response */
+ retval = TEMP_FAILURE_RETRY(read(sockfd, hdr, sizeof(response_header)));
+ if (retval < sizeof(response_header))
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("Client: Receive failed %d", retval);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+
+ if (hdr->return_code != SECURITY_SERVER_RETURN_CODE_SUCCESS)
+ {
+ SEC_SVR_ERR("Client: return code is not success: %d", hdr->return_code);
+ return return_code_to_error_code(hdr->return_code);
+ }
+ return SECURITY_SERVER_SUCCESS;
}
int recv_get_gid_response(int sockfd, response_header *hdr, int *gid)
{
- int retval;
-
- retval = recv_generic_response(sockfd, hdr);
- if(retval != SECURITY_SERVER_SUCCESS)
- return return_code_to_error_code(hdr->return_code);
-
- retval = TEMP_FAILURE_RETRY(read(sockfd, gid, sizeof(int)));
- if(retval < sizeof(int))
- {
- /* Error on socket */
- SEC_SVR_ERR("Receive failed %d", retval);
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
- return SECURITY_SERVER_SUCCESS;
+ int retval;
+
+ retval = recv_generic_response(sockfd, hdr);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ return return_code_to_error_code(hdr->return_code);
+
+ retval = TEMP_FAILURE_RETRY(read(sockfd, gid, sizeof(int)));
+ if (retval < sizeof(int))
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("Receive failed %d", retval);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+ return SECURITY_SERVER_SUCCESS;
}
int recv_get_object_name(int sockfd, response_header *hdr, char *object, int max_object_size)
{
- int retval;
- char *local_obj_name = NULL;
-
- /* Check poll */
- retval = check_socket_poll(sockfd, POLLIN, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(retval == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "poll() error");
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
- if(retval == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- SEC_SVR_ERR("%s", "poll() timeout");
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
-
- /* Read response */
- retval = TEMP_FAILURE_RETRY(read(sockfd, hdr, sizeof(response_header)));
- if(retval < sizeof(response_header))
- {
- /* Error on socket */
- SEC_SVR_ERR("cannot recv respons: %d", retval);
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
-
- if(hdr->return_code == SECURITY_SERVER_RETURN_CODE_SUCCESS)
- {
- if(max_object_size < hdr->basic_hdr.msg_len)
- {
- SEC_SVR_ERR("Object name is too small need %d bytes, but %d bytes", hdr->basic_hdr.msg_len, max_object_size);
- return SECURITY_SERVER_ERROR_BUFFER_TOO_SMALL;
- }
- if(hdr->basic_hdr.msg_len > SECURITY_SERVER_MAX_OBJ_NAME)
- {
- SEC_SVR_ERR("Received object name is too big. %d", hdr->basic_hdr.msg_len);
- return SECURITY_SERVER_ERROR_BAD_RESPONSE;
- }
-
- local_obj_name = malloc(hdr->basic_hdr.msg_len + 1);
- if(local_obj_name == NULL)
- {
- SEC_SVR_ERR("%s", "Out of memory error");
- return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
- }
-
- retval = TEMP_FAILURE_RETRY(read(sockfd, local_obj_name, hdr->basic_hdr.msg_len));
- if(retval < (hdr->basic_hdr.msg_len))
- {
- /* Error on socket */
- SEC_SVR_ERR("read() failed: %d", retval);
- if(local_obj_name != NULL)
- free(local_obj_name);
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
- memcpy(object, local_obj_name, hdr->basic_hdr.msg_len);
- object[hdr->basic_hdr.msg_len] = 0;
- retval = SECURITY_SERVER_SUCCESS;
- }
- else
- {
- SEC_SVR_ERR("Error received. return code: %d", hdr->return_code);
- retval = return_code_to_error_code(hdr->return_code);
- return retval;
- }
-
- if(local_obj_name != NULL)
- free(local_obj_name);
- return SECURITY_SERVER_SUCCESS;
+ int retval;
+ char *local_obj_name = NULL;
+
+ /* Check poll */
+ retval = check_socket_poll(sockfd, POLLIN, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (retval == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "poll() error");
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+ if (retval == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_ERR("%s", "poll() timeout");
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+
+ /* Read response */
+ retval = TEMP_FAILURE_RETRY(read(sockfd, hdr, sizeof(response_header)));
+ if (retval < sizeof(response_header))
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("cannot recv respons: %d", retval);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+
+ if (hdr->return_code == SECURITY_SERVER_RETURN_CODE_SUCCESS)
+ {
+ if (max_object_size < hdr->basic_hdr.msg_len)
+ {
+ SEC_SVR_ERR("Object name is too small need %d bytes, but %d bytes", hdr->basic_hdr.msg_len, max_object_size);
+ return SECURITY_SERVER_ERROR_BUFFER_TOO_SMALL;
+ }
+ if (hdr->basic_hdr.msg_len > SECURITY_SERVER_MAX_OBJ_NAME)
+ {
+ SEC_SVR_ERR("Received object name is too big. %d", hdr->basic_hdr.msg_len);
+ return SECURITY_SERVER_ERROR_BAD_RESPONSE;
+ }
+
+ local_obj_name = malloc(hdr->basic_hdr.msg_len + 1);
+ if (local_obj_name == NULL)
+ {
+ SEC_SVR_ERR("%s", "Out of memory error");
+ return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
+ }
+
+ retval = TEMP_FAILURE_RETRY(read(sockfd, local_obj_name, hdr->basic_hdr.msg_len));
+ if (retval < (hdr->basic_hdr.msg_len))
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("read() failed: %d", retval);
+ if (local_obj_name != NULL)
+ free(local_obj_name);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+ memcpy(object, local_obj_name, hdr->basic_hdr.msg_len);
+ object[hdr->basic_hdr.msg_len] = 0;
+ retval = SECURITY_SERVER_SUCCESS;
+ }
+ else
+ {
+ SEC_SVR_ERR("Error received. return code: %d", hdr->return_code);
+ retval = return_code_to_error_code(hdr->return_code);
+ return retval;
+ }
+
+ if (local_obj_name != NULL)
+ free(local_obj_name);
+ return SECURITY_SERVER_SUCCESS;
}
int recv_cookie(int sockfd, response_header *hdr, char *cookie)
{
- int retval;
-
- retval = recv_generic_response(sockfd, hdr);
- if(retval != SECURITY_SERVER_SUCCESS)
- return return_code_to_error_code(hdr->return_code);
-
- retval = TEMP_FAILURE_RETRY(read(sockfd, cookie, SECURITY_SERVER_COOKIE_LEN));
- if(retval < SECURITY_SERVER_COOKIE_LEN)
- {
- /* Error on socket */
- SEC_SVR_ERR("read() failed: %d", retval);
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
- return SECURITY_SERVER_SUCCESS;
+ int retval;
+
+ retval = recv_generic_response(sockfd, hdr);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ return return_code_to_error_code(hdr->return_code);
+
+ retval = TEMP_FAILURE_RETRY(read(sockfd, cookie, SECURITY_SERVER_COOKIE_LEN));
+ if (retval < SECURITY_SERVER_COOKIE_LEN)
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("read() failed: %d", retval);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+ return SECURITY_SERVER_SUCCESS;
}
int recv_privilege_check_response(int sockfd, response_header *hdr)
{
- int retval;
-
- retval = recv_generic_response(sockfd, hdr);
- if(hdr->return_code != SECURITY_SERVER_RETURN_CODE_ACCESS_GRANTED &&
- hdr->return_code != SECURITY_SERVER_RETURN_CODE_ACCESS_DENIED)
- {
- SEC_SVR_ERR("response error: %d", hdr->return_code);
- return return_code_to_error_code(hdr->return_code);
- }
- return SECURITY_SERVER_SUCCESS;
+ int retval;
+
+ retval = recv_generic_response(sockfd, hdr);
+ if (hdr->return_code != SECURITY_SERVER_RETURN_CODE_ACCESS_GRANTED &&
+ hdr->return_code != SECURITY_SERVER_RETURN_CODE_ACCESS_DENIED)
+ {
+ SEC_SVR_ERR("response error: %d", hdr->return_code);
+ return return_code_to_error_code(hdr->return_code);
+ }
+ return SECURITY_SERVER_SUCCESS;
}
int recv_privilege_check_new_response(int sockfd, response_header *hdr)
{
- int retval;
-
- retval = recv_generic_response(sockfd, hdr);
- if(hdr->return_code != SECURITY_SERVER_RETURN_CODE_ACCESS_GRANTED &&
- hdr->return_code != SECURITY_SERVER_RETURN_CODE_ACCESS_DENIED)
- {
- SEC_SVR_ERR("response error: %d", hdr->return_code);
- return return_code_to_error_code(hdr->return_code);
- }
- return SECURITY_SERVER_SUCCESS;
+ int retval;
+
+ retval = recv_generic_response(sockfd, hdr);
+ if (hdr->return_code != SECURITY_SERVER_RETURN_CODE_ACCESS_GRANTED &&
+ hdr->return_code != SECURITY_SERVER_RETURN_CODE_ACCESS_DENIED)
+ {
+ SEC_SVR_ERR("response error: %d", hdr->return_code);
+ return return_code_to_error_code(hdr->return_code);
+ }
+ return SECURITY_SERVER_SUCCESS;
}
-int recv_smack_response(int sockfd, response_header *hdr, char * label)
+int recv_smack_response(int sockfd, response_header *hdr, char *label)
{
- int retval;
-
- retval = recv_generic_response(sockfd, hdr);
- if(retval != SECURITY_SERVER_SUCCESS)
- return return_code_to_error_code(hdr->return_code);
-
- retval = TEMP_FAILURE_RETRY(read(sockfd, label, SMACK_LABEL_LEN + 1));
- if(retval < sizeof(int))
- {
- /* Error on socket */
- SEC_SVR_ERR("Client: Receive failed %d", retval);
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
- return SECURITY_SERVER_SUCCESS;
+ int retval;
+
+ retval = recv_generic_response(sockfd, hdr);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ return return_code_to_error_code(hdr->return_code);
+
+ retval = TEMP_FAILURE_RETRY(read(sockfd, label, SMACK_LABEL_LEN + 1));
+ if (retval < sizeof(int))
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("Client: Receive failed %d", retval);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+ return SECURITY_SERVER_SUCCESS;
}
int recv_pid_privilege_response(int sockfd, response_header *hdr)
int recv_pid_response(int sockfd, response_header *hdr, int *pid)
{
- int retval;
-
- retval = recv_generic_response(sockfd, hdr);
- if(retval != SECURITY_SERVER_SUCCESS)
- return return_code_to_error_code(hdr->return_code);
-
- retval = TEMP_FAILURE_RETRY(read(sockfd, pid, sizeof(int)));
- if(retval < sizeof(int))
- {
- /* Error on socket */
- SEC_SVR_ERR("Client: Receive failed %d", retval);
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
- return SECURITY_SERVER_SUCCESS;
+ int retval;
+
+ retval = recv_generic_response(sockfd, hdr);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ return return_code_to_error_code(hdr->return_code);
+
+ retval = TEMP_FAILURE_RETRY(read(sockfd, pid, sizeof(int)));
+ if (retval < sizeof(int))
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("Client: Receive failed %d", retval);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+ return SECURITY_SERVER_SUCCESS;
}
int recv_pwd_response(int sockfd, response_header *hdr,
- unsigned int *current_attempts,
- unsigned int *max_attempts,
- unsigned int *valid_secs)
+ unsigned int *current_attempts,
+ unsigned int *max_attempts,
+ unsigned int *valid_secs)
{
- int retval;
- *current_attempts = 0;
- *max_attempts = 0;
- *valid_secs = 0;
-
- retval = recv_generic_response(sockfd, hdr);
-
- switch(retval)
- {
- case SECURITY_SERVER_ERROR_PASSWORD_EXIST:
- case SECURITY_SERVER_ERROR_NO_PASSWORD:
- case SECURITY_SERVER_ERROR_PASSWORD_MISMATCH:
- case SECURITY_SERVER_ERROR_PASSWORD_RETRY_TIMER:
- case SECURITY_SERVER_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED:
- case SECURITY_SERVER_ERROR_PASSWORD_EXPIRED:
- case SECURITY_SERVER_ERROR_PASSWORD_REUSED:
- case SECURITY_SERVER_SUCCESS:
- break;
- default:
- return return_code_to_error_code(hdr->return_code);
- }
-
- retval = TEMP_FAILURE_RETRY(read(sockfd, current_attempts, sizeof(unsigned int)));
- if(retval < sizeof(unsigned int))
- {
- /* Error on socket */
- SEC_SVR_ERR("Client: Receive failed %d", retval);
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
- retval = TEMP_FAILURE_RETRY(read(sockfd, max_attempts, sizeof(unsigned int)));
- if(retval < sizeof(unsigned int))
- {
- /* Error on socket */
- SEC_SVR_ERR("Client: Receive failed %d", retval);
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
- retval = TEMP_FAILURE_RETRY(read(sockfd, valid_secs, sizeof(unsigned int)));
- if(retval < sizeof(unsigned int))
- {
- /* Error on socket */
- SEC_SVR_ERR("Client: Receive failed %d", retval);
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
+ int retval;
+ *current_attempts = 0;
+ *max_attempts = 0;
+ *valid_secs = 0;
+
+ retval = recv_generic_response(sockfd, hdr);
+
+ switch (retval)
+ {
+ case SECURITY_SERVER_ERROR_PASSWORD_EXIST:
+ case SECURITY_SERVER_ERROR_NO_PASSWORD:
+ case SECURITY_SERVER_ERROR_PASSWORD_MISMATCH:
+ case SECURITY_SERVER_ERROR_PASSWORD_RETRY_TIMER:
+ case SECURITY_SERVER_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED:
+ case SECURITY_SERVER_ERROR_PASSWORD_EXPIRED:
+ case SECURITY_SERVER_ERROR_PASSWORD_REUSED:
+ case SECURITY_SERVER_SUCCESS:
+ break;
+ default:
+ return return_code_to_error_code(hdr->return_code);
+ }
+
+ retval = TEMP_FAILURE_RETRY(read(sockfd, current_attempts, sizeof(unsigned int)));
+ if (retval < sizeof(unsigned int))
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("Client: Receive failed %d", retval);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+ retval = TEMP_FAILURE_RETRY(read(sockfd, max_attempts, sizeof(unsigned int)));
+ if (retval < sizeof(unsigned int))
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("Client: Receive failed %d", retval);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+ retval = TEMP_FAILURE_RETRY(read(sockfd, valid_secs, sizeof(unsigned int)));
+ if (retval < sizeof(unsigned int))
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("Client: Receive failed %d", retval);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
//if come here there were no errors
return SECURITY_SERVER_SUCCESS;
unsigned int cl = sizeof(cr);
/* get PID of socket peer */
- if(getsockopt(sockfd, SOL_SOCKET, SO_PEERCRED, &cr, &cl) != 0)
+ if (getsockopt(sockfd, SOL_SOCKET, SO_PEERCRED, &cr, &cl) != 0)
{
SEC_SVR_DBG("%s", "getsockopt failed");
return SECURITY_SERVER_ERROR_SOCKET;
int uid;
return authenticate_client_application(sockfd, pid, &uid);
#if 0
- int retval = SECURITY_SERVER_SUCCESS;
- struct ucred cr;
- unsigned int cl = sizeof(cr);
- char *exe = NULL;
- struct passwd pw, *ppw;
- size_t buf_size;
- char *buf;
- static uid_t middleware_uid = 0;
-
- *pid = 0;
-
- /* get PID of socket peer */
- if(getsockopt(sockfd, SOL_SOCKET, SO_PEERCRED, &cr, &cl) != 0)
- {
- retval = SECURITY_SERVER_ERROR_SOCKET;
- SEC_SVR_ERR("%s", "Error on getsockopt");
- goto error;
- }
-
- if (!middleware_uid)
- {
- buf_size = sysconf(_SC_GETPW_R_SIZE_MAX);
- if (buf_size == -1)
- buf_size = 1024;
-
- buf = malloc(buf_size);
-
- /* This test isn't essential, skip it in case of error */
- if (buf) {
- if (getpwnam_r(SECURITY_SERVER_MIDDLEWARE_USER, &pw, buf, buf_size, &ppw) == 0 && ppw)
- middleware_uid = pw.pw_uid;
-
- free(buf);
- }
- }
-
- /* Middleware services need to run as root or middleware/app user */
- if(cr.uid != 0 && cr.uid != middleware_uid)
- {
- retval = SECURITY_SERVER_ERROR_AUTHENTICATION_FAILED;
- SEC_SVR_ERR("Non root process has called API: %d", cr.uid);
- goto error;
- }
-
- /* Read command line of the PID from proc fs */
- exe = read_exe_path_from_proc(cr.pid);
- if(exe == NULL)
- {
- /* It's weired. no file in proc file system, */
- retval = SECURITY_SERVER_ERROR_FILE_OPERATION;
- SEC_SVR_ERR("Error on opening /proc/%d/exe", cr.pid);
- goto error;
- }
-
- *pid = cr.pid;
+ int retval = SECURITY_SERVER_SUCCESS;
+ struct ucred cr;
+ unsigned int cl = sizeof(cr);
+ char *exe = NULL;
+ struct passwd pw, *ppw;
+ size_t buf_size;
+ char *buf;
+ static uid_t middleware_uid = 0;
+
+ *pid = 0;
+
+ /* get PID of socket peer */
+ if (getsockopt(sockfd, SOL_SOCKET, SO_PEERCRED, &cr, &cl) != 0)
+ {
+ retval = SECURITY_SERVER_ERROR_SOCKET;
+ SEC_SVR_ERR("%s", "Error on getsockopt");
+ goto error;
+ }
+
+ if (!middleware_uid)
+ {
+ buf_size = sysconf(_SC_GETPW_R_SIZE_MAX);
+ if (buf_size == -1)
+ buf_size = 1024;
+
+ buf = malloc(buf_size);
+
+ /* This test isn't essential, skip it in case of error */
+ if (buf) {
+ if (getpwnam_r(SECURITY_SERVER_MIDDLEWARE_USER, &pw, buf, buf_size, &ppw) == 0 && ppw)
+ middleware_uid = pw.pw_uid;
+
+ free(buf);
+ }
+ }
+
+ /* Middleware services need to run as root or middleware/app user */
+ if (cr.uid != 0 && cr.uid != middleware_uid)
+ {
+ retval = SECURITY_SERVER_ERROR_AUTHENTICATION_FAILED;
+ SEC_SVR_ERR("Non root process has called API: %d", cr.uid);
+ goto error;
+ }
+
+ /* Read command line of the PID from proc fs */
+ exe = read_exe_path_from_proc(cr.pid);
+ if (exe == NULL)
+ {
+ /* It's weired. no file in proc file system, */
+ retval = SECURITY_SERVER_ERROR_FILE_OPERATION;
+ SEC_SVR_ERR("Error on opening /proc/%d/exe", cr.pid);
+ goto error;
+ }
+
+ *pid = cr.pid;
error:
- if(exe != NULL)
- free(exe);
+ if (exe != NULL)
+ free(exe);
- return retval;
+ return retval;
#endif
}
* Notice that user must free space allocated in this function and
* returned by second parameter (int * privileges)
* */
-int get_client_gid_list(int sockfd, int ** privileges)
+int get_client_gid_list(int sockfd, int **privileges)
{
int ret;
//for read socket options
const int PATHSIZE = 24;
char path[PATHSIZE];
//file pointer
- FILE * fp = NULL;
+ FILE *fp = NULL;
//buffer for filelines
const int LINESIZE = 256;
char fileLine[LINESIZE];
//for parsing file
char delim[] = ": ";
- char * token = NULL;
+ char *token = NULL;
//clear pointer
//read socket options
ret = getsockopt(sockfd, SOL_SOCKET, SO_PEERCRED, &socopt, &socoptSize);
- if(ret != 0)
+ if (ret != 0)
{
SEC_SVR_ERR("%s", "Error on getsockopt");
return -1;
snprintf(path, PATHSIZE, "/proc/%d/status", socopt.pid);
fp = fopen(path, "r");
- if(fp == NULL)
+ if (fp == NULL)
{
SEC_SVR_ERR("%s", "Error on fopen");
return -1;
bzero(fileLine, LINESIZE);
//search for line beginning with "Groups:"
- while(strncmp(fileLine, "Groups:", 7) != 0)
+ while (strncmp(fileLine, "Groups:", 7) != 0)
{
- if(NULL == fgets(fileLine, LINESIZE, fp))
+ if (NULL == fgets(fileLine, LINESIZE, fp))
{
SEC_SVR_ERR("%s", "Error on fgets");
fclose(fp);
//now we have "Groups:" line in fileLine[]
ret = 0;
strtok(fileLine, delim);
- while(token = strtok(NULL, delim))
+ while (token = strtok(NULL, delim))
{
//add found GID
- if(*privileges == NULL)
+ if (*privileges == NULL)
{
//first GID on list
- *privileges = (int *)malloc(sizeof(int) * 1);
- if(*privileges == NULL)
+ *privileges = (int*)malloc(sizeof(int) * 1);
+ if (*privileges == NULL)
{
SEC_SVR_ERR("%s", "Error on malloc");
return -1;
}
//check if we found any GIDs for process
- if(*privileges == NULL)
+ if (*privileges == NULL)
{
SEC_SVR_DBG("%s %d", "No GIDs found for PID:", socopt.pid);
}
int free_argv(char **argv, int argc)
{
- int i;
- if(argv == NULL)
- {
- SEC_SVR_ERR("%s", "Cannot free NULL pointer");
- return SECURITY_SERVER_ERROR_INPUT_PARAM;
- }
- for (i=0;i<argc;i++)
- {
- if(argv[i] != NULL)
- free(argv[i]);
- }
- free(argv);
- return SECURITY_SERVER_SUCCESS;
+ int i;
+ if (argv == NULL)
+ {
+ SEC_SVR_ERR("%s", "Cannot free NULL pointer");
+ return SECURITY_SERVER_ERROR_INPUT_PARAM;
+ }
+ for (i = 0; i < argc; i++)
+ {
+ if (argv[i] != NULL)
+ free(argv[i]);
+ }
+ free(argv);
+ return SECURITY_SERVER_SUCCESS;
}
-int send_app_give_access(int sock_fd, const char* customer_label, int customer_pid)
+int send_app_give_access(int sock_fd, const char *customer_label, int customer_pid)
{
basic_header hdr;
unsigned char *buff = NULL;
/* Check poll */
int retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(retval == SECURITY_SERVER_ERROR_POLL)
+ if (retval == SECURITY_SERVER_ERROR_POLL)
{
SEC_SVR_ERR("%s", "poll() error");
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
goto error;
}
- if(retval == SECURITY_SERVER_ERROR_TIMEOUT)
+ if (retval == SECURITY_SERVER_ERROR_TIMEOUT)
{
SEC_SVR_ERR("%s", "poll() timeout");
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
goto error;
}
/* Send to server */
retval = TEMP_FAILURE_RETRY(write(sock_fd, buff, total_len));
- if(retval != (int)total_len)
+ if (retval != (int)total_len)
{
/* Write error */
SEC_SVR_ERR("Error on write(): %d", retval);
- retval = SECURITY_SERVER_ERROR_SEND_FAILED;
+ retval = SECURITY_SERVER_ERROR_SEND_FAILED;
goto error;
}
retval = SECURITY_SERVER_SUCCESS;
* @defgroup SLP_PG_SECURITY Security and Permissions
* @ingroup SLP_PG
* @{
- * @brief <em class="ref">Also see </em> [ @ref SecurityFW ]
- * @defgroup CertificateManager_PG
- * @defgroup Security_Server_PG
- * @defgroup SecureStorage_PG
- * @}
- * @defgroup SLP_PG_SECURITY
- * @ingroup SLP_PG
- * @{
+ * @brief <em class="ref">Also see </em> [ @ref SecurityFW ]
+ * @defgroup CertificateManager_PG
+ * @defgroup Security_Server_PG
+ * @defgroup SecureStorage_PG
+ * @}
+ * @defgroup SLP_PG_SECURITY
+ * @ingroup SLP_PG
+ * @{
<h1 class="pg">Security Requirements</h1>
<h2>Privileges </h2>
<h3 class="pg">security_server_get_gid</h3>
<table>
- <tr>
- <td>
- API Name:
- </td>
- <td>
- gid_t security_server_get_gid(const char *object)
- </td>
- </tr>
- <tr>
- <td>
- Input Parameter:
- </td>
- <td>
- object name as Null terminated string
- </td>
- </tr>
- <tr>
- <td>
- Output Parameter:
- </td>
- <td>
- N/A
- </td>
- </tr>
- <tr>
- <td>
- Return value:
- </td>
- <td>
- On success, returns the integer gid of requested object.<br>
- On fail, returns negative integer
- </td>
- </tr>
+ <tr>
+ <td>
+ API Name:
+ </td>
+ <td>
+ gid_t security_server_get_gid(const char *object)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Input Parameter:
+ </td>
+ <td>
+ object name as Null terminated string
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Output Parameter:
+ </td>
+ <td>
+ N/A
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Return value:
+ </td>
+ <td>
+ On success, returns the integer gid of requested object.<br>
+ On fail, returns negative integer
+ </td>
+ </tr>
</table>
This API returns the gid from given object name. This API is only allowed to be called from middleware service daemon which is running under root privilege
<h3 class="pg">security_server_get_object_name</h3>
<table>
- <tr>
- <td>
- API Name:
- </td>
- <td>
- int security_server_get_object_name(gid_t gid, char *object, size_t max_object_size)
- </td>
- </tr>
- <tr>
- <td>
- Input Parameter:
- </td>
- <td>
- gid, max_object_size
- </td>
- </tr>
- <tr>
- <td>
- Output Parameter:
- </td>
- <td>
- object as null terminated string
- </td>
- </tr>
- <tr>
- <td>
- Return value:
- </td>
- <td>
- On success, returns 0<br>
- On fail, returns negative integer
- </td>
- </tr>
+ <tr>
+ <td>
+ API Name:
+ </td>
+ <td>
+ int security_server_get_object_name(gid_t gid, char *object, size_t max_object_size)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Input Parameter:
+ </td>
+ <td>
+ gid, max_object_size
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Output Parameter:
+ </td>
+ <td>
+ object as null terminated string
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Return value:
+ </td>
+ <td>
+ On success, returns 0<br>
+ On fail, returns negative integer
+ </td>
+ </tr>
</table>
This API is opposite with security_server_get_gid(). It converts given gid to object name which buffer size is max_object_size. If object name is bigger then max_object_size then it returns SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMAL error.
<h3 class="pg">security_server_request_cookie</h3>
<table>
- <tr>
- <td>
- API Name:
- </td>
- <td>
- gid_t security_server_request_cookie(char *cookie, size_t max_cookie)
- </td>
- </tr>
- <tr>
- <td>
- Input Parameter:
- </td>
- <td>
- max_cookie
- </td>
- </tr>
- <tr>
- <td>
- Output Parameter:
- </td>
- <td>
- cookie
- </td>
- </tr>
- <tr>
- <td>
- Return value:
- </td>
- <td>
- On success, returns 0<br>
- On fail, returns negative integer
- </td>
- </tr>
+ <tr>
+ <td>
+ API Name:
+ </td>
+ <td>
+ gid_t security_server_request_cookie(char *cookie, size_t max_cookie)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Input Parameter:
+ </td>
+ <td>
+ max_cookie
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Output Parameter:
+ </td>
+ <td>
+ cookie
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Return value:
+ </td>
+ <td>
+ On success, returns 0<br>
+ On fail, returns negative integer
+ </td>
+ </tr>
</table>
This API requests a cookie to Security Server. max_cookie is the size of buffer cookie to be filled with cookie value, if max_cookie smaller then cookie size, then this API returns SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMAL error.
<h3 class="pg">security_server_get_cookie_size</h3>
<table>
- <tr>
- <td>
- API Name:
- </td>
- <td>
- int security_server_get_cookie_size(void)
- </td>
- </tr>
- <tr>
- <td>
- Input Parameter:
- </td>
- <td>
- N/A
- </td>
- </tr>
- <tr>
- <td>
- Output Parameter:
- </td>
- <td>
- N/A
- </td>
- </tr>
- <tr>
- <td>
- Return value:
- </td>
- <td>
- size of cookie value
- </td>
- </tr>
+ <tr>
+ <td>
+ API Name:
+ </td>
+ <td>
+ int security_server_get_cookie_size(void)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Input Parameter:
+ </td>
+ <td>
+ N/A
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Output Parameter:
+ </td>
+ <td>
+ N/A
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Return value:
+ </td>
+ <td>
+ size of cookie value
+ </td>
+ </tr>
</table>
This API simply returns the size of cookie.
<h3 class="pg">security_server_check_privilege</h3>
<table>
- <tr>
- <td>
- API Name:
- </td>
- <td>
- int security_server_check_privilege(const char *cookie, gid_t privilege)
- </td>
- </tr>
- <tr>
- <td>
- Input Parameter:
- </td>
- <td>
- cookie, privilege
- </td>
- </tr>
- <tr>
- <td>
- Output Parameter:
- </td>
- <td>
- N/A
- </td>
- </tr>
- <tr>
- <td>
- Return value:
- </td>
- <td>
- On success, returns 0<br>
- On fail, returns negative integer
- </td>
- </tr>
+ <tr>
+ <td>
+ API Name:
+ </td>
+ <td>
+ int security_server_check_privilege(const char *cookie, gid_t privilege)
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Input Parameter:
+ </td>
+ <td>
+ cookie, privilege
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Output Parameter:
+ </td>
+ <td>
+ N/A
+ </td>
+ </tr>
+ <tr>
+ <td>
+ Return value:
+ </td>
+ <td>
+ On success, returns 0<br>
+ On fail, returns negative integer
+ </td>
+ </tr>
</table>
This API checks the cookie value has privilege for given gid. This API should be called by middleware server only after application embed cookie into the request message and sent to the middleware server. The middleware server should aware with the privilege parameter because it knows the object which the client application tries to access.
int get_gid()
{
- int ret;
- // Get gid of telephony call - example object
- ret = security_server_get_gid("telephony_call");
- if(ret < 0)
- {
- return -1;
- }
- g_gid = ret;
- return 0;
+ int ret;
+ // Get gid of telephony call - example object
+ ret = security_server_get_gid("telephony_call");
+ if(ret < 0)
+ {
+ return -1;
+ }
+ g_gid = ret;
+ return 0;
}
int main(int argc, char * argv[])
{
- char *cookie = NULL;
- int ret, cookie_size;
+ char *cookie = NULL;
+ int ret, cookie_size;
- ...
+ ...
- // Initially get gid about the object which is interested in
- if(get_gid() < 0)
- exit(-1);
+ // Initially get gid about the object which is interested in
+ if(get_gid() < 0)
+ exit(-1);
- // get cookie size and malloc it if you want
- cookie_size = security_server_get_cookie_size();
- cookie = malloc(cookie_size);
+ // get cookie size and malloc it if you want
+ cookie_size = security_server_get_cookie_size();
+ cookie = malloc(cookie_size);
- ...
+ ...
- // If a request has been received
- // First parse the request and get the cookie value
- // Let's assume that the buffer cookie is filled with received cookie value
- ret = security_server_check_privilege(cookie, cookie_size);
- if(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED)
- {
- // Access denied
- // Send error message to client application
- }
- else if( ret != SECURITY_SERVER_SUCCESS)
- {
- // Error occurred
- // Check error condition
- }
- else
- {
- // Access granted
- // Continue service
- ...
- }
+ // If a request has been received
+ // First parse the request and get the cookie value
+ // Let's assume that the buffer cookie is filled with received cookie value
+ ret = security_server_check_privilege(cookie, cookie_size);
+ if(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED)
+ {
+ // Access denied
+ // Send error message to client application
+ }
+ else if( ret != SECURITY_SERVER_SUCCESS)
+ {
+ // Error occurred
+ // Check error condition
+ }
+ else
+ {
+ // Access granted
+ // Continue service
+ ...
+ }
- ...
+ ...
- free(cookie);
- ...
+ free(cookie);
+ ...
}
@endcode
@code
int some_platform_api()
{
- char *cookie = NULL;
- int cookie_size, ret;
+ char *cookie = NULL;
+ int cookie_size, ret;
- ...
+ ...
- // malloc the cookie
- cookie_size = security_server_get_cookie_size();
- cookie = malloc(cookie_size);
+ // malloc the cookie
+ cookie_size = security_server_get_cookie_size();
+ cookie = malloc(cookie_size);
- ...
+ ...
- // Request cookie from the security server
- ret = security_server_request_cookie(cookie, cookie_size);
- if(ret < 0)
- {
- // Some error occurred
- return -1;
- }
+ // Request cookie from the security server
+ ret = security_server_request_cookie(cookie, cookie_size);
+ if(ret < 0)
+ {
+ // Some error occurred
+ return -1;
+ }
- // embed cookie into the message and send to the server
+ // embed cookie into the message and send to the server
- ...
- free(cookie);
+ ...
+ free(cookie);
}
@endcode
/* Message */
typedef struct
{
- unsigned char version;
- unsigned char msg_id;
- unsigned short msg_len;
+ unsigned char version;
+ unsigned char msg_id;
+ unsigned short msg_len;
} basic_header;
typedef struct
{
- basic_header basic_hdr;
- unsigned char return_code;
+ basic_header basic_hdr;
+ unsigned char return_code;
} response_header;
#define SECURITY_SERVER_MIDDLEWARE_USER "app"
/* Message Types */
-#define SECURITY_SERVER_MSG_TYPE_COOKIE_REQUEST 0x01
-#define SECURITY_SERVER_MSG_TYPE_COOKIE_RESPONSE 0x02
-#define SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_REQUEST 0x03
-#define SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE 0x04
-#define SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_REQUEST 0x05
-#define SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_RESPONSE 0x06
-#define SECURITY_SERVER_MSG_TYPE_GID_REQUEST 0x07
-#define SECURITY_SERVER_MSG_TYPE_GID_RESPONSE 0x08
-#define SECURITY_SERVER_MSG_TYPE_PID_REQUEST 0x09
-#define SECURITY_SERVER_MSG_TYPE_PID_RESPONSE 0x0a
-#define SECURITY_SERVER_MSG_TYPE_TOOL_REQUEST 0x0b
-#define SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE 0x0c
-#define SECURITY_SERVER_MSG_TYPE_VALID_PWD_REQUEST 0x0d
-#define SECURITY_SERVER_MSG_TYPE_VALID_PWD_RESPONSE 0x0e
-#define SECURITY_SERVER_MSG_TYPE_SET_PWD_REQUEST 0x0f
-#define SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE 0x10
-#define SECURITY_SERVER_MSG_TYPE_RESET_PWD_REQUEST 0x11
-#define SECURITY_SERVER_MSG_TYPE_RESET_PWD_RESPONSE 0x12
-#define SECURITY_SERVER_MSG_TYPE_CHK_PWD_REQUEST 0x13
-#define SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE 0x14
-#define SECURITY_SERVER_MSG_TYPE_SET_PWD_HISTORY_REQUEST 0x15
-#define SECURITY_SERVER_MSG_TYPE_SET_PWD_HISTORY_RESPONSE 0x16
-#define SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_REQUEST 0x17
-#define SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_RESPONSE 0x18
-#define SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_REQUEST 0x19
-#define SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_RESPONSE 0x1a
-#define SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_REQUEST 0x1b
-#define SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_RESPONSE 0x1c
-#define SECURITY_SERVER_MSG_TYPE_SMACK_REQUEST 0x1d
-#define SECURITY_SERVER_MSG_TYPE_SMACK_RESPONSE 0x1e
-#define SECURITY_SERVER_MSG_TYPE_APP_GIVE_ACCESS_REQUEST 0x1f
-#define SECURITY_SERVER_MSG_TYPE_APP_GIVE_ACCESS_RESPONSE 0x20
+#define SECURITY_SERVER_MSG_TYPE_COOKIE_REQUEST 0x01
+#define SECURITY_SERVER_MSG_TYPE_COOKIE_RESPONSE 0x02
+#define SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_REQUEST 0x03
+#define SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE 0x04
+#define SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_REQUEST 0x05
+#define SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_RESPONSE 0x06
+#define SECURITY_SERVER_MSG_TYPE_GID_REQUEST 0x07
+#define SECURITY_SERVER_MSG_TYPE_GID_RESPONSE 0x08
+#define SECURITY_SERVER_MSG_TYPE_PID_REQUEST 0x09
+#define SECURITY_SERVER_MSG_TYPE_PID_RESPONSE 0x0a
+#define SECURITY_SERVER_MSG_TYPE_TOOL_REQUEST 0x0b
+#define SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE 0x0c
+#define SECURITY_SERVER_MSG_TYPE_VALID_PWD_REQUEST 0x0d
+#define SECURITY_SERVER_MSG_TYPE_VALID_PWD_RESPONSE 0x0e
+#define SECURITY_SERVER_MSG_TYPE_SET_PWD_REQUEST 0x0f
+#define SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE 0x10
+#define SECURITY_SERVER_MSG_TYPE_RESET_PWD_REQUEST 0x11
+#define SECURITY_SERVER_MSG_TYPE_RESET_PWD_RESPONSE 0x12
+#define SECURITY_SERVER_MSG_TYPE_CHK_PWD_REQUEST 0x13
+#define SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE 0x14
+#define SECURITY_SERVER_MSG_TYPE_SET_PWD_HISTORY_REQUEST 0x15
+#define SECURITY_SERVER_MSG_TYPE_SET_PWD_HISTORY_RESPONSE 0x16
+#define SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_REQUEST 0x17
+#define SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_RESPONSE 0x18
+#define SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_REQUEST 0x19
+#define SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_RESPONSE 0x1a
+#define SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_REQUEST 0x1b
+#define SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_RESPONSE 0x1c
+#define SECURITY_SERVER_MSG_TYPE_SMACK_REQUEST 0x1d
+#define SECURITY_SERVER_MSG_TYPE_SMACK_RESPONSE 0x1e
+#define SECURITY_SERVER_MSG_TYPE_APP_GIVE_ACCESS_REQUEST 0x1f
+#define SECURITY_SERVER_MSG_TYPE_APP_GIVE_ACCESS_RESPONSE 0x20
#define SECURITY_SERVER_MSG_TYPE_CHECK_PID_PRIVILEGE_REQUEST 0x21
#define SECURITY_SERVER_MSG_TYPE_CHECK_PID_PRIVILEGE_RESPONSE 0x22
-#define SECURITY_SERVER_MSG_TYPE_EXE_PATH_REQUEST 0x23
-#define SECURITY_SERVER_MSG_TYPE_EXE_PATH_RESPONSE 0x24
-#define SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE 0xff
+#define SECURITY_SERVER_MSG_TYPE_EXE_PATH_REQUEST 0x23
+#define SECURITY_SERVER_MSG_TYPE_EXE_PATH_RESPONSE 0x24
+#define SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE 0xff
/* Return code */
-#define SECURITY_SERVER_RETURN_CODE_SUCCESS 0x00
-#define SECURITY_SERVER_RETURN_CODE_BAD_REQUEST 0x01
-#define SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED 0x02
-#define SECURITY_SERVER_RETURN_CODE_ACCESS_GRANTED 0x03
-#define SECURITY_SERVER_RETURN_CODE_ACCESS_DENIED 0x04
-#define SECURITY_SERVER_RETURN_CODE_NO_SUCH_OBJECT 0x05
-#define SECURITY_SERVER_RETURN_CODE_NO_SUCH_COOKIE 0x06
-#define SECURITY_SERVER_RETURN_CODE_NO_PASSWORD 0x07
-#define SECURITY_SERVER_RETURN_CODE_PASSWORD_EXIST 0x08
-#define SECURITY_SERVER_RETURN_CODE_PASSWORD_MISMATCH 0x09
-#define SECURITY_SERVER_RETURN_CODE_PASSWORD_MAX_ATTEMPTS_EXCEEDED 0x0a
-#define SECURITY_SERVER_RETURN_CODE_PASSWORD_EXPIRED 0x0b
-#define SECURITY_SERVER_RETURN_CODE_PASSWORD_REUSED 0x0c
-#define SECURITY_SERVER_RETURN_CODE_PASSWORD_RETRY_TIMER 0x0d
-#define SECURITY_SERVER_RETURN_CODE_SERVER_ERROR 0x0e
+#define SECURITY_SERVER_RETURN_CODE_SUCCESS 0x00
+#define SECURITY_SERVER_RETURN_CODE_BAD_REQUEST 0x01
+#define SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED 0x02
+#define SECURITY_SERVER_RETURN_CODE_ACCESS_GRANTED 0x03
+#define SECURITY_SERVER_RETURN_CODE_ACCESS_DENIED 0x04
+#define SECURITY_SERVER_RETURN_CODE_NO_SUCH_OBJECT 0x05
+#define SECURITY_SERVER_RETURN_CODE_NO_SUCH_COOKIE 0x06
+#define SECURITY_SERVER_RETURN_CODE_NO_PASSWORD 0x07
+#define SECURITY_SERVER_RETURN_CODE_PASSWORD_EXIST 0x08
+#define SECURITY_SERVER_RETURN_CODE_PASSWORD_MISMATCH 0x09
+#define SECURITY_SERVER_RETURN_CODE_PASSWORD_MAX_ATTEMPTS_EXCEEDED 0x0a
+#define SECURITY_SERVER_RETURN_CODE_PASSWORD_EXPIRED 0x0b
+#define SECURITY_SERVER_RETURN_CODE_PASSWORD_REUSED 0x0c
+#define SECURITY_SERVER_RETURN_CODE_PASSWORD_RETRY_TIMER 0x0d
+#define SECURITY_SERVER_RETURN_CODE_SERVER_ERROR 0x0e
int return_code_to_error_code(int ret_code);
int create_new_socket(int *sockfd);
int accept_client(int server_sockfd);
int authenticate_client_application(int sockfd, int *pid, int *uid);
int authenticate_client_middleware(int sockfd, int *pid);
-int get_client_gid_list(int sockfd, int ** privileges);
+int get_client_gid_list(int sockfd, int **privileges);
int authenticate_developer_shell(int sockfd);
int send_generic_response (int sockfd, unsigned char msgid, unsigned char return_code);
int send_cookie(int sockfd, unsigned char *cookie);
int send_object_name(int sockfd, char *obj);
int send_gid(int sockfd, int gid);
int send_cookie_request(int sock_fd);
-int send_gid_request(int sock_fd, const char* object);
+int send_gid_request(int sock_fd, const char *object);
int send_object_name_request(int sock_fd, int gid);
-int send_privilege_check_request(int sock_fd, const char*cookie, int gid);
+int send_privilege_check_request(int sock_fd, const char *cookie, int gid);
int send_privilege_check_new_request(int sock_fd,
const char *cookie,
const char *object,
unsigned char *requested_cookie,
char *object_label,
char *access_rights);
-int send_pid_request(int sock_fd, const char*cookie);
+int send_pid_request(int sock_fd, const char *cookie);
int recv_pid_request(int sockfd, unsigned char *requested_cookie);
int send_pid(int sockfd, int pid);
int recv_pid_response(int sockfd, response_header *hdr, int *pid);
-int send_smack_request(int sockfd, const char * cookie);
+int send_smack_request(int sockfd, const char *cookie);
int recv_smack_request(int sockfd, unsigned char *requested_cookie);
-int send_smack(int sockfd, char * label);
-int recv_smack_response(int sockfd, response_header *hdr, char * label);
+int send_smack(int sockfd, char *label);
+int recv_smack_response(int sockfd, response_header *hdr, char *label);
int send_pid_privilege_request(int sockfd, int pid, const char *object, const char *access_rights);
-int recv_pid_privilege_request(int sockfd, int datasize, int * pid, char ** object, char ** access_rights);
+int recv_pid_privilege_request(int sockfd, int datasize, int *pid, char **object, char **access_rights);
int recv_pid_privilege_response(int sockfdi, response_header *hdr);
int send_launch_tool_request(int sock_fd, int argc, const char **argv);
int recv_generic_response(int sockfd, response_header *hdr);
int recv_launch_tool_request(int sockfd, int argc, char *argv[]);
int recv_pwd_response(int sockfd, response_header *hdr, unsigned int *current_attempts,
- unsigned int *max_attempts, unsigned int *valid_days);
-int send_set_pwd_request(int sock_fd, const char*cur_pwd, const char*new_pwd,
- const unsigned int max_challenge, const unsigned int valid_period_in_days);
+ unsigned int *max_attempts, unsigned int *valid_days);
+int send_set_pwd_request(int sock_fd, const char *cur_pwd, const char *new_pwd,
+ const unsigned int max_challenge, const unsigned int valid_period_in_days);
int send_set_pwd_validity_request(int sock_fd, const unsigned int valid_period_in_days);
int send_set_pwd_max_challenge_request(int sock_fd, const unsigned int max_challenge);
-int send_chk_pwd_request(int sock_fd, const char*challenge);
+int send_chk_pwd_request(int sock_fd, const char *challenge);
int check_socket_poll(int sockfd, int event, int timeout);
int free_argv(char **argv, int argc);
int send_valid_pwd_request(int sock_fd);
int send_reset_pwd_request(int sock_fd,
- const char*new_pwd,
+ const char *new_pwd,
const unsigned int max_challenge,
const unsigned int valid_period_in_days);
int send_set_pwd_history_request(int sock_fd, int num);
/* Definitions *********************************************************/
/* Return value. Continuing from return value of the client header file */
-#define SECURITY_SERVER_SUCCESS 0
-#define SECURITY_SERVER_ERROR_SOCKET -1
-#define SECURITY_SERVER_ERROR_BAD_REQUEST -2
-#define SECURITY_SERVER_ERROR_BAD_RESPONSE -3
-#define SECURITY_SERVER_ERROR_SEND_FAILED -4
-#define SECURITY_SERVER_ERROR_RECV_FAILED -5
-#define SECURITY_SERVER_ERROR_NO_SUCH_OBJECT -6
-#define SECURITY_SERVER_ERROR_AUTHENTICATION_FAILED -7
-#define SECURITY_SERVER_ERROR_INPUT_PARAM -8
-#define SECURITY_SERVER_ERROR_BUFFER_TOO_SMALL -9
-#define SECURITY_SERVER_ERROR_OUT_OF_MEMORY -10
-#define SECURITY_SERVER_ERROR_ACCESS_DENIED -11
-#define SECURITY_SERVER_ERROR_SERVER_ERROR -12
-#define SECURITY_SERVER_ERROR_NO_SUCH_COOKIE -13
-#define SECURITY_SERVER_ERROR_NO_PASSWORD -14
-#define SECURITY_SERVER_ERROR_PASSWORD_EXIST -15
-#define SECURITY_SERVER_ERROR_PASSWORD_MISMATCH -16
-#define SECURITY_SERVER_ERROR_PASSWORD_RETRY_TIMER -17
-#define SECURITY_SERVER_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED -18
-#define SECURITY_SERVER_ERROR_PASSWORD_EXPIRED -19
-#define SECURITY_SERVER_ERROR_PASSWORD_REUSED -20
-#define SECURITY_SERVER_ERROR_SOCKET_BIND -21
-#define SECURITY_SERVER_ERROR_FILE_OPERATION -22
-#define SECURITY_SERVER_ERROR_TIMEOUT -23
-#define SECURITY_SERVER_ERROR_POLL -24
-#define SECURITY_SERVER_ERROR_UNKNOWN -255
+#define SECURITY_SERVER_SUCCESS 0
+#define SECURITY_SERVER_ERROR_SOCKET -1
+#define SECURITY_SERVER_ERROR_BAD_REQUEST -2
+#define SECURITY_SERVER_ERROR_BAD_RESPONSE -3
+#define SECURITY_SERVER_ERROR_SEND_FAILED -4
+#define SECURITY_SERVER_ERROR_RECV_FAILED -5
+#define SECURITY_SERVER_ERROR_NO_SUCH_OBJECT -6
+#define SECURITY_SERVER_ERROR_AUTHENTICATION_FAILED -7
+#define SECURITY_SERVER_ERROR_INPUT_PARAM -8
+#define SECURITY_SERVER_ERROR_BUFFER_TOO_SMALL -9
+#define SECURITY_SERVER_ERROR_OUT_OF_MEMORY -10
+#define SECURITY_SERVER_ERROR_ACCESS_DENIED -11
+#define SECURITY_SERVER_ERROR_SERVER_ERROR -12
+#define SECURITY_SERVER_ERROR_NO_SUCH_COOKIE -13
+#define SECURITY_SERVER_ERROR_NO_PASSWORD -14
+#define SECURITY_SERVER_ERROR_PASSWORD_EXIST -15
+#define SECURITY_SERVER_ERROR_PASSWORD_MISMATCH -16
+#define SECURITY_SERVER_ERROR_PASSWORD_RETRY_TIMER -17
+#define SECURITY_SERVER_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED -18
+#define SECURITY_SERVER_ERROR_PASSWORD_EXPIRED -19
+#define SECURITY_SERVER_ERROR_PASSWORD_REUSED -20
+#define SECURITY_SERVER_ERROR_SOCKET_BIND -21
+#define SECURITY_SERVER_ERROR_FILE_OPERATION -22
+#define SECURITY_SERVER_ERROR_TIMEOUT -23
+#define SECURITY_SERVER_ERROR_POLL -24
+#define SECURITY_SERVER_ERROR_UNKNOWN -255
/* Miscellaneous Definitions */
-#define SECURITY_SERVER_SOCK_PATH "/tmp/.security_server.sock"
-#define SECURITY_SERVER_DEFAULT_COOKIE_PATH "/tmp/.security_server.coo"
-#define SECURITY_SERVER_DAEMON_PATH "/usr/bin/security-server"
-#define SECURITY_SERVER_COOKIE_LEN 20
-#define MAX_OBJECT_LABEL_LEN 32
-#define MAX_MODE_STR_LEN 16
-#define SECURITY_SERVER_MAX_OBJ_NAME 30
-#define SECURITY_SERVER_MSG_VERSION 0x01
-#define SECURITY_SERVER_ACCEPT_TIMEOUT_MILISECOND 10000
-#define SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND 3000
-#define SECURITY_SERVER_DEVELOPER_UID 5100
-#define SECURITY_SERVER_DEBUG_TOOL_PATH "/usr/bin/debug-util"
-#define SECURITY_SERVER_KILL_APP_PATH "/usr/bin/kill_app"
-#define SECURITY_SERVER_DATA_DIRECTORY_PATH "/opt/data/security-server"
-#define SECURITY_SERVER_ATTEMPT_FILE_NAME "attempts"
-#define SECURITY_SERVER_HISTORY_FILE_NAME "history"
-#define SECURITY_SERVER_MAX_PASSWORD_LEN 32
-#define SECURITY_SERVER_HASHED_PWD_LEN 32 /* SHA256 */
-#define SECURITY_SERVER_PASSWORD_RETRY_TIMEOUT_SECOND 1 /* Deprecated. Will be removed. */
-#define SECURITY_SERVER_PASSWORD_RETRY_TIMEOUT_MICROSECOND 500000 /* = 500 milliseconds */
-#define SECURITY_SERVER_MAX_PASSWORD_HISTORY 50
-#define SECURITY_SERVER_NUM_THREADS 10
-#define MESSAGE_MAX_LEN 1048576
+#define SECURITY_SERVER_SOCK_PATH "/tmp/.security_server.sock"
+#define SECURITY_SERVER_DEFAULT_COOKIE_PATH "/tmp/.security_server.coo"
+#define SECURITY_SERVER_DAEMON_PATH "/usr/bin/security-server"
+#define SECURITY_SERVER_COOKIE_LEN 20
+#define MAX_OBJECT_LABEL_LEN 32
+#define MAX_MODE_STR_LEN 16
+#define SECURITY_SERVER_MAX_OBJ_NAME 30
+#define SECURITY_SERVER_MSG_VERSION 0x01
+#define SECURITY_SERVER_ACCEPT_TIMEOUT_MILISECOND 10000
+#define SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND 3000
+#define SECURITY_SERVER_DEVELOPER_UID 5100
+#define SECURITY_SERVER_DEBUG_TOOL_PATH "/usr/bin/debug-util"
+#define SECURITY_SERVER_KILL_APP_PATH "/usr/bin/kill_app"
+#define SECURITY_SERVER_DATA_DIRECTORY_PATH "/opt/data/security-server"
+#define SECURITY_SERVER_ATTEMPT_FILE_NAME "attempts"
+#define SECURITY_SERVER_HISTORY_FILE_NAME "history"
+#define SECURITY_SERVER_MAX_PASSWORD_LEN 32
+#define SECURITY_SERVER_HASHED_PWD_LEN 32 /* SHA256 */
+#define SECURITY_SERVER_PASSWORD_RETRY_TIMEOUT_SECOND 1 /* Deprecated. Will be removed. */
+#define SECURITY_SERVER_PASSWORD_RETRY_TIMEOUT_MICROSECOND 500000 /* = 500 milliseconds */
+#define SECURITY_SERVER_MAX_PASSWORD_HISTORY 50
+#define SECURITY_SERVER_NUM_THREADS 10
+#define MESSAGE_MAX_LEN 1048576
/* API prefix */
#ifndef SECURITY_SERVER_API
-#define SECURITY_SERVER_API __attribute__((visibility("default")))
+#define SECURITY_SERVER_API __attribute__((visibility("default")))
#endif
/* Cookie List data type */
typedef struct _cookie_list
{
- unsigned char cookie[SECURITY_SERVER_COOKIE_LEN]; /* 20 bytes random Cookie */
- int permission_len; /* Client process permissions (aka group IDs) */
- pid_t pid; /* Client process's PID */
- char *path; /* Client process's executable path */
- int *permissions; /* Array of GID that the client process has */
- char *smack_label; /* SMACK label of the client process */
- char is_roots_process; /* Is cookie belongs to roots process */
- struct _cookie_list *prev; /* Next cookie list */
- struct _cookie_list *next; /* Previous cookie list */
+ unsigned char cookie[SECURITY_SERVER_COOKIE_LEN]; /* 20 bytes random Cookie */
+ int permission_len; /* Client process permissions (aka group IDs) */
+ pid_t pid; /* Client process's PID */
+ char *path; /* Client process's executable path */
+ int *permissions; /* Array of GID that the client process has */
+ char *smack_label; /* SMACK label of the client process */
+ char is_roots_process; /* Is cookie belongs to roots process */
+ struct _cookie_list *prev; /* Next cookie list */
+ struct _cookie_list *next; /* Previous cookie list */
} cookie_list;
/* Debug */
#ifdef SECURITY_SERVER_DEBUG_TO_CONSOLE /* debug msg will be printed in console */
-#define SEC_SVR_DBG(FMT, ARG ...) fprintf(stderr, "[DBG:%s:%d] "FMT"\n", \
- __FILE__, __LINE__, ##ARG)
-#define SEC_SVR_ERR(FMT, ARG ...) fprintf(stderr, "[ERR:%s:%d] "FMT"\n", \
- __FILE__, __LINE__, ##ARG)
+#define SEC_SVR_DBG(FMT, ARG ...) fprintf(stderr, "[DBG:%s:%d] "FMT "\n", \
+ __FILE__, __LINE__, ##ARG)
+#define SEC_SVR_ERR(FMT, ARG ...) fprintf(stderr, "[ERR:%s:%d] "FMT "\n", \
+ __FILE__, __LINE__, ##ARG)
-#elif SECURITY_SERVER_DEBUG_DLOG /* debug msg will be printed by dlog daemon */
+#elif SECURITY_SERVER_DEBUG_DLOG /* debug msg will be printed by dlog daemon */
/* for SECURE_LOG* purpose */
#undef _SECURE_
#define _SECURE_ (1)
#endif
#undef LOG_
-#define LOG_(id, prio, tag, fmt, arg...) \
- ( __dlog_print(id, prio, tag, "%s: %s(%d) > " fmt, __MODULE__, __func__, __LINE__, ##arg))
+#define LOG_(id, prio, tag, fmt, arg ...) \
+ (__dlog_print(id, prio, tag, "%s: %s(%d) > " fmt, __MODULE__, __func__, __LINE__, ##arg))
#undef SECURE_LOG_
-#define SECURE_LOG_(id, prio, tag, fmt, arg...) \
- (_SECURE_ ? ( __dlog_print(id, prio, tag, "%s: %s(%d) > [SECURE_LOG] " fmt, __MODULE__, __func__, __LINE__, ##arg)) : (0))
+#define SECURE_LOG_(id, prio, tag, fmt, arg ...) \
+ (_SECURE_ ? (__dlog_print(id, prio, tag, "%s: %s(%d) > [SECURE_LOG] " fmt, __MODULE__, __func__, __LINE__, ##arg)) : (0))
-#define SECURE_LOGD(format, arg...) SECURE_LOG_(LOG_ID_MAIN, DLOG_DEBUG, LOG_TAG, format, ##arg)
-#define SECURE_LOGI(format, arg...) SECURE_LOG_(LOG_ID_MAIN, DLOG_INFO, LOG_TAG, format, ##arg)
-#define SECURE_LOGW(format, arg...) SECURE_LOG_(LOG_ID_MAIN, DLOG_WARN, LOG_TAG, format, ##arg)
-#define SECURE_LOGE(format, arg...) SECURE_LOG_(LOG_ID_MAIN, DLOG_ERROR, LOG_TAG, format, ##arg)
+#define SECURE_LOGD(format, arg ...) SECURE_LOG_(LOG_ID_MAIN, DLOG_DEBUG, LOG_TAG, format, ##arg)
+#define SECURE_LOGI(format, arg ...) SECURE_LOG_(LOG_ID_MAIN, DLOG_INFO, LOG_TAG, format, ##arg)
+#define SECURE_LOGW(format, arg ...) SECURE_LOG_(LOG_ID_MAIN, DLOG_WARN, LOG_TAG, format, ##arg)
+#define SECURE_LOGE(format, arg ...) SECURE_LOG_(LOG_ID_MAIN, DLOG_ERROR, LOG_TAG, format, ##arg)
/****************************/
#define LOG_TAG "SECURITY_SERVER"
#include <dlog.h>
-#define SEC_SVR_DBG SLOGD
+#define SEC_SVR_DBG SLOGD
#define SEC_SVR_ERR LOGE
#else /* No debug output */
#define SEC_SVR_DBG(FMT, ARG ...) {}
/*
* security-server
*
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved\r
+ * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Bumjin Im <bj.im@samsung.com>
*
*
*/
-#ifndef SECURITY_SERVER_COOKIE_H\r
-#define SECURITY_SERVER_COOKIE_H\r
-\r
-#include "security-server-common.h"\r
-\r
+#ifndef SECURITY_SERVER_COOKIE_H
+#define SECURITY_SERVER_COOKIE_H
+
+#include "security-server-common.h"
+
void free_cookie_item(cookie_list *cookie);
cookie_list *delete_cookie_item(cookie_list *cookie);
cookie_list *search_existing_cookie(int pid, const cookie_list *c_list);
-cookie_list *search_cookie(const cookie_list *c_list, const unsigned char *cookie, int * privileges, int privilegesSize);
+cookie_list *search_cookie(const cookie_list *c_list, const unsigned char *cookie, int *privileges, int privilegesSize);
cookie_list *search_cookie_new(const cookie_list *c_list,
const unsigned char *cookie,
const char *object,
int generate_random_cookie(unsigned char *cookie, int size);
cookie_list *create_cookie_item(int pid, int sockfd, cookie_list *c_list);
cookie_list *create_default_cookie(void);
-cookie_list * garbage_collection(cookie_list *cookie);
+cookie_list *garbage_collection(cookie_list *cookie);
cookie_list *search_cookie_from_pid(cookie_list *c_list, int pid);
-void printhex(const unsigned char *data, int size);\r
-\r
-#endif\r
+void printhex(const unsigned char *data, int size);
+
+#endif
#include <linux/cn_proc.h>
-typedef void (*system_observer_callback)(const struct proc_event *);
+typedef void (*system_observer_callback)(const struct proc_event*);
typedef struct system_observer_config_t {
system_observer_callback event_callback;
} system_observer_config;
-void* system_observer_main(void *data);
+void *system_observer_main(void *data);
#endif // _SECURITY_SERVER_SYSTEM_OBSERVER_H_
/* Only for test */
/* These msg type MUST BE REMOVED before release **************************/
-#define SECURITY_SERVER_MSG_TYPE_GET_ALL_COOKIES_REQUEST 0x51
-#define SECURITY_SERVER_MSG_TYPE_GET_ALL_COOKIES_RESPONSE 0x52
-#define SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_FROM_PID_REQUEST 0x53
-#define SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_RESPONSE 0x54
-#define SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_FROM_COOKIE_REQUEST 0x55
+#define SECURITY_SERVER_MSG_TYPE_GET_ALL_COOKIES_REQUEST 0x51
+#define SECURITY_SERVER_MSG_TYPE_GET_ALL_COOKIES_RESPONSE 0x52
+#define SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_FROM_PID_REQUEST 0x53
+#define SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_RESPONSE 0x54
+#define SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_FROM_COOKIE_REQUEST 0x55
/**********************************************************************/
-int util_process_all_cookie(int sockfd, cookie_list* list);
-int util_process_cookie_from_pid(int sockfd, cookie_list* list);
-int util_process_cookie_from_cookie(int sockfd, cookie_list* list);
+int util_process_all_cookie(int sockfd, cookie_list *list);
+int util_process_cookie_from_pid(int sockfd, cookie_list *list);
+int util_process_cookie_from_cookie(int sockfd, cookie_list *list);
int util_smack_label_is_valid(const char *smack_label);
#endif
* result codes begin with the start error code and extend into negative direction.
* @{
*/
-#define SECURITY_SERVER_API_SUCCESS 0
+#define SECURITY_SERVER_API_SUCCESS 0
/*! \brief indicating the result of the one specific API is successful */
-#define SECURITY_SERVER_API_ERROR_SOCKET -1
+#define SECURITY_SERVER_API_ERROR_SOCKET -1
/*! \brief indicating the socket between client and Security Server has been failed */
-#define SECURITY_SERVER_API_ERROR_BAD_REQUEST -2
+#define SECURITY_SERVER_API_ERROR_BAD_REQUEST -2
/*! \brief indicating the response from Security Server is malformed */
-#define SECURITY_SERVER_API_ERROR_BAD_RESPONSE -3
+#define SECURITY_SERVER_API_ERROR_BAD_RESPONSE -3
/*! \brief indicating the transmitting request has been failed */
-#define SECURITY_SERVER_API_ERROR_SEND_FAILED -4
+#define SECURITY_SERVER_API_ERROR_SEND_FAILED -4
/*! \brief indicating the receiving response has been failed */
-#define SECURITY_SERVER_API_ERROR_RECV_FAILED -5
+#define SECURITY_SERVER_API_ERROR_RECV_FAILED -5
/*! \brief indicating requesting object is not exist */
-#define SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT -6
+#define SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT -6
/*! \brief indicating the authentication between client and server has been failed */
-#define SECURITY_SERVER_API_ERROR_AUTHENTICATION_FAILED -7
+#define SECURITY_SERVER_API_ERROR_AUTHENTICATION_FAILED -7
/*! \brief indicating the API's input parameter is malformed */
-#define SECURITY_SERVER_API_ERROR_INPUT_PARAM -8
+#define SECURITY_SERVER_API_ERROR_INPUT_PARAM -8
/*! \brief indicating the output buffer size which is passed as parameter is too small */
-#define SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL -9
+#define SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL -9
/*! \brief indicating system is running out of memory state */
-#define SECURITY_SERVER_API_ERROR_OUT_OF_MEMORY -10
+#define SECURITY_SERVER_API_ERROR_OUT_OF_MEMORY -10
/*! \brief indicating the access has been denied by Security Server */
-#define SECURITY_SERVER_API_ERROR_ACCESS_DENIED -11
+#define SECURITY_SERVER_API_ERROR_ACCESS_DENIED -11
/*! \brief indicating Security Server has been failed for some reason */
-#define SECURITY_SERVER_API_ERROR_SERVER_ERROR -12
+#define SECURITY_SERVER_API_ERROR_SERVER_ERROR -12
/*! \brief indicating given cookie is not exist in the database */
-#define SECURITY_SERVER_API_ERROR_NO_SUCH_COOKIE -13
+#define SECURITY_SERVER_API_ERROR_NO_SUCH_COOKIE -13
/*! \brief indicating there is no phone password set */
-#define SECURITY_SERVER_API_ERROR_NO_PASSWORD -14
+#define SECURITY_SERVER_API_ERROR_NO_PASSWORD -14
/*! \brief indicating password exists in system */
-#define SECURITY_SERVER_API_ERROR_PASSWORD_EXIST -15
+#define SECURITY_SERVER_API_ERROR_PASSWORD_EXIST -15
/*! \brief indicating password mismatch */
-#define SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH -16
+#define SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH -16
/*! \brief indicating password retry timeout is not occurred yet */
-#define SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER -17
+#define SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER -17
/*! \brief indicating password retry timeout is not occurred yet */
-#define SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED -18
+#define SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED -18
/*! \brief indicating password retry timeout is not occurred yet */
-#define SECURITY_SERVER_API_ERROR_PASSWORD_EXPIRED -19
+#define SECURITY_SERVER_API_ERROR_PASSWORD_EXPIRED -19
/*! \brief indicating password retry timeout is not occurred yet */
-#define SECURITY_SERVER_API_ERROR_PASSWORD_REUSED -20
+#define SECURITY_SERVER_API_ERROR_PASSWORD_REUSED -20
/*! \brief indicating the error with unknown reason */
-#define SECURITY_SERVER_API_ERROR_UNKNOWN -255
+#define SECURITY_SERVER_API_ERROR_UNKNOWN -255
/** @}*/
#ifdef __cplusplus
* retval = security_server_get_gid("telephony_makecall");
* if(retval < 0)
* {
- * printf("%s", "Error has occurred\n");
- * exit(0);
+ * printf("%s", "Error has occurred\n");
+ * exit(0);
* }
* ...
* \endcode
* retval = security_server_get_object_name(6005, objectname, sizeof(objectname));
* if(retval < 0)
* {
- * printf("%s", "Error has occurred\n");
- * exit(0);
+ * printf("%s", "Error has occurred\n");
+ * exit(0);
* }
* ...
* \endcode
* retval = security_server_request_cookie(cookie, cookie_size);
* if(retval < 0)
* {
- * printf("%s", "Error has occurred\n");
- * exit(0);
+ * printf("%s", "Error has occurred\n");
+ * exit(0);
* }
* ...
* \endcode
* retval = security_server_request_cookie(cookie, cookie_size);
* if(retval < 0)
* {
- * printf("%s", "Error has occurred\n");
- * exit(0);
+ * printf("%s", "Error has occurred\n");
+ * exit(0);
* }
* ...
* \endcode
* retval = security_server_check_privilege(recved_cookie, (gid_t)call_gid);
* if(retval < 0)
* {
- * if(retval == SECURITY_SERVER_API_ERROR_ACCESS_DENIED)
- * {
- * printf("%s", "access has been denied\n");
- * return;
- * }
- * printf("%s", "Error has occurred\n");
+ * if(retval == SECURITY_SERVER_API_ERROR_ACCESS_DENIED)
+ * {
+ * printf("%s", "access has been denied\n");
+ * return;
+ * }
+ * printf("%s", "Error has occurred\n");
* }
* ...
*
* peerpid = security_server_get_cookie_pid(recved_cookie);
* if(peerpid < 0)
* {
- * printf("%s", "Error has occurred\n");
+ * printf("%s", "Error has occurred\n");
* }
* ...
*
* ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
* if(is_pwd_set == SECURITY_SERVER_API_ERROR_NO_PASSWORD)
* {
- * printf("%s", "There is no password exists\n");
+ * printf("%s", "There is no password exists\n");
* }
* else if(is_pwd_set == SECURITY_SERVER_SUCCESS && expire_sec > 0 && attempt < max_attempts)
* {
* \endcode
*/
int security_server_is_pwd_valid(unsigned int *current_attempts,
- unsigned int *max_attempts,
- unsigned int *valid_secs);
+ unsigned int *max_attempts,
+ unsigned int *valid_secs);
* ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
* if(is_pwd_set == SECURITY_SERVER_API_ERROR_NO_PASSWORD)
* {
- * printf("%s", "There is no password exists\n");
+ * printf("%s", "There is no password exists\n");
* ret = security_server_set_pwd(NULL, "this_is_new_pwd", 20, 365);
- * if(ret != SECURITY_SERVER_API_SUCCESS)
- * {
- * printf("%s", "we have error\n");
- * ...
- * }
+ * if(ret != SECURITY_SERVER_API_SUCCESS)
+ * {
+ * printf("%s", "we have error\n");
+ * ...
+ * }
* }
* else if(is_pwd_set == SECURITY_SERVER_SUCCESS && expire_sec > 0 && attempt < max_attempts)
* {
* printf("%s", "Password is valid by now\n");
- * ret = security_server_set_pwd("this_is_current_pwd", "this_is_new_pwd", 20, 365);
- * if(ret != SECURITY_SERVER_API_SUCCESS)
- * {
- * printf("%s", "we have error\n");
- * ...
- * }
+ * ret = security_server_set_pwd("this_is_current_pwd", "this_is_new_pwd", 20, 365);
+ * if(ret != SECURITY_SERVER_API_SUCCESS)
+ * {
+ * printf("%s", "we have error\n");
+ * ...
+ * }
* }
* else
* {
* \endcode
*/
int security_server_set_pwd(const char *cur_pwd,
- const char *new_pwd,
- const unsigned int max_challenge,
- const unsigned int valid_period_in_days);
+ const char *new_pwd,
+ const unsigned int max_challenge,
+ const unsigned int valid_period_in_days);
/**
* int ret;
* unsigned int attempt, max_attempt, expire_sec;
*
- * ret = security_server_set_pwd("this_is_new_pwd", 20, 365);
- * if(retval != SECURITY_SERVER_API_SUCCESS)
- * {
- * printf("%s", "we have error\n");
- * ...
- * }
+ * ret = security_server_set_pwd("this_is_new_pwd", 20, 365);
+ * if(retval != SECURITY_SERVER_API_SUCCESS)
+ * {
+ * printf("%s", "we have error\n");
+ * ...
+ * }
* ...
*
* \endcode
*/
int security_server_reset_pwd(const char *new_pwd,
- const unsigned int max_challenge,
- const unsigned int valid_period_in_days);
+ const unsigned int max_challenge,
+ const unsigned int valid_period_in_days);
/**
* \par Description:
* retval = security_server_chk_pwd("is_this_password", &attmpt, &max_attempt, &expire_sec);
* if(retval == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH)
* {
- * printf("%s", "Oh you typed wrong password\n");
- * ...
+ * printf("%s", "Oh you typed wrong password\n");
+ * ...
* }
* else if(retval == SECURITY_SERVER_API_SUCCESS)
* {
- * printf("%s", "You remember your password.\n");
- * ...
+ * printf("%s", "You remember your password.\n");
+ * ...
* }
* ...
*
* \endcode
*/
int security_server_chk_pwd(const char *challenge,
- unsigned int *current_attempt,
- unsigned int *max_attempt,
- unsigned int *valid_secs);
+ unsigned int *current_attempt,
+ unsigned int *max_attempt,
+ unsigned int *valid_secs);
/**
*
* int main(int argc, char **argv)
* {
- * int my_uid, ret;
- * uid = getuid();
- * if(uid != DEVELOPER_UID)
- * {
- * // You must be developer user
- * exit(1);
- * }
- *
- * ret = security_server_launch_debug_tool(argc -1, argv++)
- * if(ret != SECURITY_SERVER_SUCCESS)
- * {
- * // Some error occurred
- * exit(1);
- * }
- * ...
+ * int my_uid, ret;
+ * uid = getuid();
+ * if(uid != DEVELOPER_UID)
+ * {
+ * // You must be developer user
+ * exit(1);
+ * }
+ *
+ * ret = security_server_launch_debug_tool(argc -1, argv++)
+ * if(ret != SECURITY_SERVER_SUCCESS)
+ * {
+ * // Some error occurred
+ * exit(1);
+ * }
+ * ...
* }
*
* \endcode
* \par For free label use free(), label allocated by calloc()
* User responsibility is to free resource.
*/
-char * security_server_get_smacklabel_cookie(const char *cookie);
+char *security_server_get_smacklabel_cookie(const char *cookie);
/*
* This function allows to get process SMACK label by passing socket descriptor.
* \par For free label use free(), label allocated by calloc().
* User responsibility is to free resource.
*/
-char * security_server_get_smacklabel_sockfd(int fd);
+char *security_server_get_smacklabel_sockfd(int fd);
/*
* This function will give permissions "rwxat" from
* (subject) customer_label to caller process (object).
* Object label will be extracted from socket.
* */
-int security_server_app_give_access(const char* customer_label, int customer_pid);
+int security_server_app_give_access(const char *customer_label, int customer_pid);
+
+/*
+ * This function allows middleware to check priviliges of process with specified PID.
+ * Service is able to check proces acces to the specified object label with specified
+ * access rights.
+ *
+ * \param[in] PID number of process to be checked
+ * \param[in] SMACK object label
+ * \param[in] SMACK access rights to be checked
+ *
+ * \return Privilege confirm or error code
+ * SECURITY_SERVER_SUCCESS - on succes
+ */
+int security_server_check_privilege_by_pid(int pid, const char *object, const char *access_rights);
#ifdef __cplusplus
}
* then connect prev and next */
void free_cookie_item(cookie_list *cookie)
{
- free(cookie->path);
- free(cookie->permissions);
- free(cookie->smack_label);
- if(cookie->prev != NULL)
- cookie->prev->next = cookie->next;
- if(cookie->next != NULL)
- cookie->next->prev = cookie->prev;
- free(cookie);
+ free(cookie->path);
+ free(cookie->permissions);
+ free(cookie->smack_label);
+ if (cookie->prev != NULL)
+ cookie->prev->next = cookie->next;
+ if (cookie->next != NULL)
+ cookie->next->prev = cookie->prev;
+ free(cookie);
}
/* Cut the link of the current cookie item and connect previous link and next line *
* Returns next cookie item if exist, NULL for no more cookie item */
cookie_list *delete_cookie_item(cookie_list *cookie)
{
- cookie_list *retval = NULL;
- if(cookie == NULL)
- {
- SEC_SVR_ERR("%s", "Cannot delete null cookie");
- return retval;
- }
-
- /* Reconnect cookie item */
- if(cookie->next != NULL)
- {
- cookie->prev->next = cookie->next;
- cookie->next->prev = cookie->prev;
- retval = cookie->next;
- }
- else
- {
- cookie->prev->next = NULL;
- }
-
- free_cookie_item(cookie);
- return retval;
+ cookie_list *retval = NULL;
+ if (cookie == NULL)
+ {
+ SEC_SVR_ERR("%s", "Cannot delete null cookie");
+ return retval;
+ }
+
+ /* Reconnect cookie item */
+ if (cookie->next != NULL)
+ {
+ cookie->prev->next = cookie->next;
+ cookie->next->prev = cookie->prev;
+ retval = cookie->next;
+ }
+ else
+ {
+ cookie->prev->next = NULL;
+ }
+
+ free_cookie_item(cookie);
+ return retval;
}
-cookie_list * garbage_collection(cookie_list *cookie)
+cookie_list *garbage_collection(cookie_list *cookie)
{
- char path[17];
- cookie_list *retval = NULL;
- struct stat statbuf;
- int ret;
-
- while(cookie != NULL)
- {
- /* Skip default cookie */
- if(cookie->pid ==0)
- return cookie;
-
- /* Try to find the PID directory from proc fs */
- snprintf(path, sizeof(path), "/proc/%d", cookie->pid);
- path[16] = 0;
- ret = stat(path, &statbuf);
- if(ret != 0)
- {
- /* If it's not exist, delete the cookie */
- if(errno == ENOENT)
- {
- SEC_SVR_DBG("Garbage found. PID:%d, deleting...", cookie->pid);
- cookie = delete_cookie_item(cookie);
- continue;
- }
- else
- {
- /* Some error occurred */
- SEC_SVR_ERR("Error occurred on stat: errno = %d", errno);
- return cookie;
- }
- }
- else
- {
- /* This is not a garbage. returning */
- return cookie;
- }
- }
- return retval;
+ char path[17];
+ cookie_list *retval = NULL;
+ struct stat statbuf;
+ int ret;
+
+ while (cookie != NULL)
+ {
+ /* Skip default cookie */
+ if (cookie->pid == 0)
+ return cookie;
+
+ /* Try to find the PID directory from proc fs */
+ snprintf(path, sizeof(path), "/proc/%d", cookie->pid);
+ path[16] = 0;
+ ret = stat(path, &statbuf);
+ if (ret != 0)
+ {
+ /* If it's not exist, delete the cookie */
+ if (errno == ENOENT)
+ {
+ SEC_SVR_DBG("Garbage found. PID:%d, deleting...", cookie->pid);
+ cookie = delete_cookie_item(cookie);
+ continue;
+ }
+ else
+ {
+ /* Some error occurred */
+ SEC_SVR_ERR("Error occurred on stat: errno = %d", errno);
+ return cookie;
+ }
+ }
+ else
+ {
+ /* This is not a garbage. returning */
+ return cookie;
+ }
+ }
+ return retval;
}
/* Search existing cookie from the cookie list for the client process *
* At the same time, it collects garbage cookie which PID is no longer exist and delete them */
cookie_list *search_existing_cookie(int pid, const cookie_list *c_list)
{
- cookie_list *current =(cookie_list *)c_list, *cookie = NULL;
- char *exe = NULL, *debug_cmdline = NULL;
-
- /* Search from the list */
- while(current != NULL)
- {
- /* print_cookie(current);*/
- current = garbage_collection(current);
- if(current == NULL)
- break;
-
- /* PID must be same */
- if(current->pid == pid)
- {
- /* Found cookie for the pid. Check the cookie is reused by dirrent executable */
- /* Check the path of the process */
- exe = read_exe_path_from_proc(pid);
- if(exe == NULL)
- {
- SEC_SVR_ERR("%s", "cannot read cmdline");
- return NULL;
- }
- /* Check the path is different. */
- if(strcmp(exe, current->path) != 0)
- {
- /* Delete cookie for reused pid. This is an extremely rare situation. */
- SEC_SVR_DBG("Pid [%d] for exec [%s] has been reused by [%s]. Deleting the old cookie.", pid, current->path, exe);
- current = delete_cookie_item(current);
- }
- else
- {
- SEC_SVR_DBG("%s", "cookie found");
- cookie = current;
- }
-
- if(exe != NULL)
- {
- free(exe);
- exe = NULL;
- }
- }
- current = current->next;
- }
- return cookie;
+ cookie_list *current = (cookie_list*)c_list, *cookie = NULL;
+ char *exe = NULL, *debug_cmdline = NULL;
+
+ /* Search from the list */
+ while (current != NULL)
+ {
+ /* print_cookie(current);*/
+ current = garbage_collection(current);
+ if (current == NULL)
+ break;
+
+ /* PID must be same */
+ if (current->pid == pid)
+ {
+ /* Found cookie for the pid. Check the cookie is reused by dirrent executable */
+ /* Check the path of the process */
+ exe = read_exe_path_from_proc(pid);
+ if (exe == NULL)
+ {
+ SEC_SVR_ERR("%s", "cannot read cmdline");
+ return NULL;
+ }
+ /* Check the path is different. */
+ if (strcmp(exe, current->path) != 0)
+ {
+ /* Delete cookie for reused pid. This is an extremely rare situation. */
+ SEC_SVR_DBG("Pid [%d] for exec [%s] has been reused by [%s]. Deleting the old cookie.", pid, current->path, exe);
+ current = delete_cookie_item(current);
+ }
+ else
+ {
+ SEC_SVR_DBG("%s", "cookie found");
+ cookie = current;
+ }
+
+ if (exe != NULL)
+ {
+ free(exe);
+ exe = NULL;
+ }
+ }
+ current = current->next;
+ }
+ return cookie;
}
/* Search existing cookie from the cookie list for matching pid *
* Default cookie (meaning PID 0) is not allowed in here */
cookie_list *search_cookie_from_pid(cookie_list *c_list, int pid)
{
- cookie_list *current = (cookie_list *)c_list, *retval = NULL;
-
- /* Search from the list */
- while(current != NULL)
- {
- /* print_cookie(current);*/
- /* PID must be same */
- current = garbage_collection(current);
- if(current == NULL)
- break;
-
- if(current->pid == pid)
- {
- SEC_SVR_DBG("%s", "cookie has been found");
- retval = current;
- goto finish;
- }
- current = current->next;
- }
+ cookie_list *current = (cookie_list*)c_list, *retval = NULL;
+
+ /* Search from the list */
+ while (current != NULL)
+ {
+ /* print_cookie(current);*/
+ /* PID must be same */
+ current = garbage_collection(current);
+ if (current == NULL)
+ break;
+
+ if (current->pid == pid)
+ {
+ SEC_SVR_DBG("%s", "cookie has been found");
+ retval = current;
+ goto finish;
+ }
+ current = current->next;
+ }
finish:
- return retval;
+ return retval;
}
/* Search existing cookie from the cookie list for matching cookie and privilege */
/* If privilege is 0, just search cookie exists or not */
-cookie_list *search_cookie(const cookie_list *c_list, const unsigned char *cookie, int * privileges, int privilegesSize)
+cookie_list *search_cookie(const cookie_list *c_list, const unsigned char *cookie, int *privileges, int privilegesSize)
{
- cookie_list *current = (cookie_list *)c_list, *retval = NULL;
- int i, j;
-
- /* Search from the list */
- while(current != NULL)
- {
- /* print_cookie(current);*/
- /* PID must be same */
- current = garbage_collection(current);
- if(current == NULL)
- break;
+ cookie_list *current = (cookie_list*)c_list, *retval = NULL;
+ int i, j;
+
+ /* Search from the list */
+ while (current != NULL)
+ {
+ /* print_cookie(current);*/
+ /* PID must be same */
+ current = garbage_collection(current);
+ if (current == NULL)
+ break;
//searching for cookie
- if(memcmp(current->cookie, cookie, SECURITY_SERVER_COOKIE_LEN) == 0)
- {
- SEC_SVR_DBG("%s", "Cookie has been found");
+ if (memcmp(current->cookie, cookie, SECURITY_SERVER_COOKIE_LEN) == 0)
+ {
+ SEC_SVR_DBG("%s", "Cookie has been found");
//check if this cookie belongs to root process (root process created it)
- if(current->is_roots_process == 1)
+ if (current->is_roots_process == 1)
{
SEC_SVR_DBG("%s", "Root process cookie, special privileges");
//we can skip privilege checking
goto finish;
}
- if((privileges == NULL) || (privilegesSize == 0))
+ if ((privileges == NULL) || (privilegesSize == 0))
{
SEC_SVR_DBG("%s", "No privileges to search in cookie!");
}
- else if(current->permissions == NULL)
+ else if (current->permissions == NULL)
{
SEC_SVR_DBG("%s", "Cookie has no privileges inside!");
}
SEC_SVR_DBG("%s %d", "Privileges in cookie:", current->permission_len);
SEC_SVR_DBG("%s %d", "Privileges to search:", privilegesSize);
- for(j = 0; j < privilegesSize; j++)
+ for (j = 0; j < privilegesSize; j++)
{
- for(i = 0; i < current->permission_len; i++)
+ for (i = 0; i < current->permission_len; i++)
{
- if(privileges[j] == current->permissions[i])
+ if (privileges[j] == current->permissions[i])
{
SEC_SVR_DBG("Found privilege %d", privileges[j]);
retval = current;
}
}
}
- }
- current = current->next;
- }
+ }
+ current = current->next;
+ }
finish:
- return retval;
+ return retval;
}
const char *object,
const char *access_rights)
{
- cookie_list *current = (cookie_list *)c_list, *retval = NULL;
+ cookie_list *current = (cookie_list*)c_list, *retval = NULL;
int ret;
/* Search from the list */
- while(current != NULL)
+ while (current != NULL)
{
/* print_cookie(current);*/
/* PID must be same */
current = garbage_collection(current);
- if(current == NULL)
+ if (current == NULL)
break;
- if(memcmp(current->cookie, cookie, SECURITY_SERVER_COOKIE_LEN) == 0)
+ if (memcmp(current->cookie, cookie, SECURITY_SERVER_COOKIE_LEN) == 0)
{
SEC_SVR_DBG("%s", "cookie has been found");
if (smack_check())
* by reading /dev/uranddom file */
int generate_random_cookie(unsigned char *cookie, int size)
{
- int fd, ret;
+ int fd, ret;
if (cookie == NULL) {
SEC_SVR_ERR("%s", "Null pointer passed to function");
return SECURITY_SERVER_ERROR_UNKNOWN;
}
- fd = open("/dev/urandom", O_RDONLY);
- if(fd < 0)
- {
- SEC_SVR_ERR("%s", "Cannot open /dev/urandom");
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
- ret = TEMP_FAILURE_RETRY(read(fd, cookie, size));
- if(ret < size)
- {
- SEC_SVR_ERR("Cannot read /dev/urandom: %d", ret);
- ret = SECURITY_SERVER_ERROR_FILE_OPERATION;
- goto error;
- }
- ret = SECURITY_SERVER_SUCCESS;
+ fd = open("/dev/urandom", O_RDONLY);
+ if (fd < 0)
+ {
+ SEC_SVR_ERR("%s", "Cannot open /dev/urandom");
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+ ret = TEMP_FAILURE_RETRY(read(fd, cookie, size));
+ if (ret < size)
+ {
+ SEC_SVR_ERR("Cannot read /dev/urandom: %d", ret);
+ ret = SECURITY_SERVER_ERROR_FILE_OPERATION;
+ goto error;
+ }
+ ret = SECURITY_SERVER_SUCCESS;
error:
- if(fd >= 0)
- close(fd);
- return ret;
+ if (fd >= 0)
+ close(fd);
+ return ret;
}
/* Create a cookie item from PID */
FILE *fp = NULL;
current = search_existing_cookie(pid, c_list);
- if(current != NULL)
+ if (current != NULL)
{
/* There is a cookie for this process already */
added = current;
}
/* Read command line of the PID from proc fs */
- exe = (char *)read_exe_path_from_proc(pid);
- if(exe == NULL)
+ exe = (char*)read_exe_path_from_proc(pid);
+ if (exe == NULL)
{
SEC_SVR_ERR("Error on reading /proc/%d/exe", pid);
goto error;
/* Find the line which starts with 'Groups:' */
i = 0;
- while(1)
+ while (1)
{
buf = (char*)malloc(sizeof(char) * 128);
- if(buf == NULL)
+ if (buf == NULL)
{
SEC_SVR_ERR("%s", "Error on malloc()");
goto error;
cnt = 128;
/* get one line from /proc/[PID]/status */
- while(1)
+ while (1)
{
tempint = fgetc(fp);
inputed = (char)tempint;
- if(tempint == EOF)
+ if (tempint == EOF)
goto out_of_while;
- else if(inputed == '\n')
+ else if (inputed == '\n')
{
buf[i] = '\0';
break;
}
- else if((i == cnt) && (inputed != '\n'))
+ else if ((i == cnt) && (inputed != '\n'))
{
tempptr = (char*)realloc(buf, sizeof(char) * (i + 128));
- if(tempptr == NULL)
+ if (tempptr == NULL)
{
SEC_SVR_ERR("%s", "Error on realloc()");
goto error;
i = 0;
/* find 'Groups:' */
- if(strncmp(buf, "Groups:", 7) == 0)
+ if (strncmp(buf, "Groups:", 7) == 0)
{
/* get gid from the line and insert to 'permissions' array */
token = strtok(buf, delim); // first string is "Groups"
- while((token = strtok(NULL, delim)))
+ while ((token = strtok(NULL, delim)))
{
tempperm = realloc(permissions, sizeof(int) * perm_num);
- if(tempperm == NULL)
+ if (tempperm == NULL)
{
SEC_SVR_ERR("%s", "Error on realloc()");
goto error;
/* goto out of while loop */
break;
}
- if(buf != NULL)
+ if (buf != NULL)
{
free(buf);
buf = NULL;
/* Go to last cookie from the list */
current = c_list;
- while(current->next != NULL)
+ while (current->next != NULL)
{
current = current->next;
}
/* Create a new one and assign values */
added = malloc(sizeof(cookie_list));
- if(added == NULL)
+ if (added == NULL)
goto error;
ret = generate_random_cookie(added->cookie, SECURITY_SERVER_COOKIE_LEN);
- if(ret != SECURITY_SERVER_SUCCESS)
+ if (ret != SECURITY_SERVER_SUCCESS)
{
SEC_SVR_ERR("Error on making random cookie: %d", ret);
free(added);
}
}
- added->path = exe;
- exe = NULL;
+ added->path = exe;
+ exe = NULL;
added->permission_len = perm_num;
added->pid = pid;
added->permissions = permissions;
added->next = NULL;
error:
- if(exe != NULL)
- free(exe);
- if(fp != NULL)
- fclose(fp);
- if(buf != NULL)
- free(buf);
-
- if(added == NULL && permissions != NULL)
+ if (exe != NULL)
+ free(exe);
+ if (fp != NULL)
+ fclose(fp);
+ if (buf != NULL)
+ free(buf);
+
+ if (added == NULL && permissions != NULL)
free(permissions);
return added;
/* Check stored default cookie, if it's not exist make a new one and store it */
int check_stored_cookie(unsigned char *cookie, int size)
{
- int fd, ret;
-
- /* First, check the default cookie is stored */
- fd = open(SECURITY_SERVER_DEFAULT_COOKIE_PATH, O_RDONLY);
- if(fd < 0)
- {
- if(errno != ENOENT)
- {
- SEC_SVR_ERR("Cannot open default cookie. errno=%d", errno);
- ret = SECURITY_SERVER_ERROR_FILE_OPERATION;
- unlink(SECURITY_SERVER_DEFAULT_COOKIE_PATH);
- }
-
- ret = generate_random_cookie(cookie, size);
-
- /* Save cookie to disk */
- fd = open(SECURITY_SERVER_DEFAULT_COOKIE_PATH, O_WRONLY | O_CREAT, 0600);
- if (fd < 0)
- {
- SEC_SVR_ERR("Cannot open default cookie errno=%d", errno);
- ret = SECURITY_SERVER_ERROR_FILE_OPERATION;
- goto error;
- }
- ret = TEMP_FAILURE_RETRY(write(fd, cookie, size));
- if(ret < size)
- {
- SEC_SVR_ERR("%s", "Cannot save default cookie");
- ret = SECURITY_SERVER_ERROR_FILE_OPERATION;
- goto error;
- }
-
- close(fd);
- return SECURITY_SERVER_SUCCESS;
- }
-
- ret = TEMP_FAILURE_RETRY(read(fd, cookie, size));
- if(ret < size)
- {
- SEC_SVR_ERR("Cannot read default cookie errno=%d", errno);
- ret = SECURITY_SERVER_ERROR_FILE_OPERATION;
- goto error;
- }
- ret = SECURITY_SERVER_SUCCESS;
+ int fd, ret;
+
+ /* First, check the default cookie is stored */
+ fd = open(SECURITY_SERVER_DEFAULT_COOKIE_PATH, O_RDONLY);
+ if (fd < 0)
+ {
+ if (errno != ENOENT)
+ {
+ SEC_SVR_ERR("Cannot open default cookie. errno=%d", errno);
+ ret = SECURITY_SERVER_ERROR_FILE_OPERATION;
+ unlink(SECURITY_SERVER_DEFAULT_COOKIE_PATH);
+ }
+
+ ret = generate_random_cookie(cookie, size);
+
+ /* Save cookie to disk */
+ fd = open(SECURITY_SERVER_DEFAULT_COOKIE_PATH, O_WRONLY | O_CREAT, 0600);
+ if (fd < 0)
+ {
+ SEC_SVR_ERR("Cannot open default cookie errno=%d", errno);
+ ret = SECURITY_SERVER_ERROR_FILE_OPERATION;
+ goto error;
+ }
+ ret = TEMP_FAILURE_RETRY(write(fd, cookie, size));
+ if (ret < size)
+ {
+ SEC_SVR_ERR("%s", "Cannot save default cookie");
+ ret = SECURITY_SERVER_ERROR_FILE_OPERATION;
+ goto error;
+ }
+
+ close(fd);
+ return SECURITY_SERVER_SUCCESS;
+ }
+
+ ret = TEMP_FAILURE_RETRY(read(fd, cookie, size));
+ if (ret < size)
+ {
+ SEC_SVR_ERR("Cannot read default cookie errno=%d", errno);
+ ret = SECURITY_SERVER_ERROR_FILE_OPERATION;
+ goto error;
+ }
+ ret = SECURITY_SERVER_SUCCESS;
error:
- if(fd >= 0)
- close(fd);
- return ret;
+ if (fd >= 0)
+ close(fd);
+ return ret;
}
/* Create a cookie item from PID */
* Default cookie is for root processes that needs cookie */
cookie_list *create_default_cookie(void)
{
- cookie_list *first = NULL;
- int ret;
-
- first = malloc(sizeof(cookie_list));
-
- ret = check_stored_cookie(first->cookie, SECURITY_SERVER_COOKIE_LEN);
- if(ret != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Error on making random cookie: %d", ret);
- free(first);
- return NULL;
- }
-
- first->permission_len = 0;
- first->pid = 0;
- first->path = NULL;
- first->permissions = NULL;
- first->smack_label = NULL;
- first->prev = NULL;
- first->next = NULL;
- return first;
+ cookie_list *first = NULL;
+ int ret;
+
+ first = malloc(sizeof(cookie_list));
+
+ ret = check_stored_cookie(first->cookie, SECURITY_SERVER_COOKIE_LEN);
+ if (ret != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Error on making random cookie: %d", ret);
+ free(first);
+ return NULL;
+ }
+
+ first->permission_len = 0;
+ first->pid = 0;
+ first->path = NULL;
+ first->permissions = NULL;
+ first->smack_label = NULL;
+ first->prev = NULL;
+ first->next = NULL;
+ return first;
}
#include "smack-check.h"
//definitions of security-server API labels
-#define API_PASSWD_SET "security-server::api-password-set"
+#define API_PASSWD_SET "security-server::api-password-set"
#define API_PASSWD_CHECK "security-server::api-password-check"
-#define API_DATA_SHARE "security-server::api-data-share"
-#define API_MIDDLEWARE "security-server::api-middleware"
-#define API_FREE_ACCESS "*"
+#define API_DATA_SHARE "security-server::api-data-share"
+#define API_MIDDLEWARE "security-server::api-middleware"
+#define API_FREE_ACCESS "*"
//required rule type
#define API_RULE_REQUIRED "w"
pthread_mutex_t cookie_mutex;
int thread_status[SECURITY_SERVER_NUM_THREADS];
struct security_server_thread_param {
- int client_sockfd;
- int server_sockfd;
- int thread_status;
+ int client_sockfd;
+ int server_sockfd;
+ int thread_status;
};
int process_app_get_access_request(int sockfd, size_t msg_len);
#if 0
void printhex(unsigned char *data, int size)
{
- int i;
- for(i=0;i<size;i++)
- {
- if(data[i] < 0xF)
- printf("0");
-
- printf("%X ", data[i]);
- if(((i+1) % 16) == 0 && i != 0)
- printf("\n");
- }
- printf("\n");
+ int i;
+ for (i = 0; i < size; i++)
+ {
+ if (data[i] < 0xF)
+ printf("0");
+
+ printf("%X ", data[i]);
+ if (((i + 1) % 16) == 0 && i != 0)
+ printf("\n");
+ }
+ printf("\n");
}
void print_cookie(cookie_list *list)
{
- int i;
- printf("%s", "cookie:\n");
- printhex(list->cookie, SECURITY_SERVER_COOKIE_LEN);
- printf("path_len: %d\n", list->path ? strlen(list->path) : 0);
- printf("permission_len: %d\n", list->permission_len);
- printf("PID: %d\n", list->pid);
- printf("path: %s\n", list->path);
- printf("%s", "permissions: ");
- for(i=0;i<list->permission_len;i++)
- {
- printf("%d ", list->permissions[i]);
- }
- printf("%s", "\n");
- printf("prev: %p\n", list->prev);
- printf("next: %p\n", list->next);
+ int i;
+ printf("%s", "cookie:\n");
+ printhex(list->cookie, SECURITY_SERVER_COOKIE_LEN);
+ printf("path_len: %d\n", list->path ? strlen(list->path) : 0);
+ printf("permission_len: %d\n", list->permission_len);
+ printf("PID: %d\n", list->pid);
+ printf("path: %s\n", list->path);
+ printf("%s", "permissions: ");
+ for (i = 0; i < list->permission_len; i++)
+ {
+ printf("%d ", list->permissions[i]);
+ }
+ printf("%s", "\n");
+ printf("prev: %p\n", list->prev);
+ printf("next: %p\n", list->next);
}
#endif
char *read_exe_path_from_proc(pid_t pid)
{
- char link[32];
- char *exe = NULL;
- size_t size = 64;
- ssize_t cnt = 0;
-
- // get link to executable
- snprintf(link, sizeof(link), "/proc/%d/exe", pid);
-
- for (;;)
- {
- exe = malloc(size);
- if (exe == NULL )
- {
- SEC_SVR_ERR("Out of memory");
- return NULL ;
- }
-
- // read link target
- cnt = readlink(link, exe, size);
-
- // error
- if (cnt < 0 || (size_t) cnt > size)
- {
- SEC_SVR_ERR("Can't locate process binary for pid[%d]", pid);
- free(exe);
- return NULL ;
- }
-
- // read less than requested
- if ((size_t) cnt < size)
- break;
-
- // read exactly the number of bytes requested
- free(exe);
- if (size > (SIZE_MAX >> 1))
- {
- SEC_SVR_ERR("Exe path too long (more than %d characters)", size);
- return NULL ;
- }
- size <<= 1;
- }
- // readlink does not append null byte to buffer.
- exe[cnt] = '\0';
- return exe;
+ char link[32];
+ char *exe = NULL;
+ size_t size = 64;
+ ssize_t cnt = 0;
+
+ // get link to executable
+ snprintf(link, sizeof(link), "/proc/%d/exe", pid);
+
+ for (;;)
+ {
+ exe = malloc(size);
+ if (exe == NULL)
+ {
+ SEC_SVR_ERR("Out of memory");
+ return NULL;
+ }
+
+ // read link target
+ cnt = readlink(link, exe, size);
+
+ // error
+ if (cnt < 0 || (size_t) cnt > size)
+ {
+ SEC_SVR_ERR("Can't locate process binary for pid[%d]", pid);
+ free(exe);
+ return NULL;
+ }
+
+ // read less than requested
+ if ((size_t) cnt < size)
+ break;
+
+ // read exactly the number of bytes requested
+ free(exe);
+ if (size > (SIZE_MAX >> 1))
+ {
+ SEC_SVR_ERR("Exe path too long (more than %d characters)", size);
+ return NULL;
+ }
+ size <<= 1;
+ }
+ // readlink does not append null byte to buffer.
+ exe[cnt] = '\0';
+ return exe;
}
/*
* In positive case (caller has access to the API) returns 1.
* In case of no access returns 0, and -1 in case of error.
*/
-int authorize_SS_API_caller_socket(int sockfd, char * required_API_label, char * required_rule)
+int authorize_SS_API_caller_socket(int sockfd, char *required_API_label, char *required_rule)
{
int retval;
- char * label = NULL;
- char * path = NULL;
+ char *label = NULL;
+ char *path = NULL;
//for getting socket options
struct ucred cr;
unsigned int len;
* returns the string */
int search_object_name(int gid, char *obj, int obj_size)
{
- FILE *fp = NULL;
- char *linebuf = NULL, *token = NULL, *token2, *tempstr = NULL;
- int ret = 0, tmp_gid, bufsize;
- fp = fopen("/etc/group", "r");
- if(fp == NULL)
- {
- /* cannot open /etc/group */
- SEC_SVR_ERR("%s", "Cannot open /etc/group");
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
-
- linebuf = malloc(128);
- bufsize = 128;
- if(linebuf == NULL)
- {
- ret = SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
- SEC_SVR_ERR("%s", "cannot malloc()");
- goto error;
- }
-
- bzero(linebuf, bufsize);
- ret = SECURITY_SERVER_ERROR_NO_SUCH_OBJECT;
- while(fgets(linebuf, bufsize, fp) != NULL)
- {
- while(linebuf[bufsize -2] != 0)
- {
- linebuf[bufsize -1] = (char) fgetc(fp);
- tempstr = realloc(linebuf, bufsize + 128);
- if(tempstr == NULL)
- {
- ret = SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
- goto error;
- }
- linebuf = tempstr;
- bzero(linebuf + bufsize, 128);
- fgets(linebuf + bufsize, 128, fp);
- bufsize += 128;
- }
-
- token = strtok(linebuf, ":"); /* group name */
- if(token == NULL)
- {
- SEC_SVR_ERR("/etc/group is not valid. cannot find gid: [%s]", linebuf);
- ret = SECURITY_SERVER_ERROR_SERVER_ERROR;
- goto error;
- }
- token2 = strtok(NULL, ":"); /* group password */
- if(token2== NULL)
- {
- SEC_SVR_ERR("/etc/group is not valid. cannot find gid: [%s]", linebuf);
- ret = SECURITY_SERVER_ERROR_SERVER_ERROR;
- goto error;
- }
- token2 = strtok(NULL, ":"); /* gid */
- if(token2 == NULL)
- {
- SEC_SVR_ERR("/etc/group is not valid. cannot find gid: [%s]", linebuf);
- ret = SECURITY_SERVER_ERROR_SERVER_ERROR;
- goto error;
- }
-
- errno = 0;
- tmp_gid = strtoul(token2, 0, 10);
- if (errno != 0)
- {
- SEC_SVR_ERR("cannot change string to integer [%s]", token2);
- ret = SECURITY_SERVER_ERROR_SERVER_ERROR;
- goto error;
- }
-
- if(tmp_gid == gid)
- {
- /* We found it */
- if((int)strlen(token) > obj_size)
- {
- ret = SECURITY_SERVER_ERROR_BUFFER_TOO_SMALL;
- SEC_SVR_ERR("buffer is too small. %d --> %d", obj_size, strlen(token));
- goto error;
- }
- strncpy(obj, token, strlen(token));
- obj[strlen(token)] = 0;
- ret = SECURITY_SERVER_SUCCESS;
- break;
- }
- bzero(linebuf, bufsize);
- }
+ FILE *fp = NULL;
+ char *linebuf = NULL, *token = NULL, *token2, *tempstr = NULL;
+ int ret = 0, tmp_gid, bufsize;
+ fp = fopen("/etc/group", "r");
+ if (fp == NULL)
+ {
+ /* cannot open /etc/group */
+ SEC_SVR_ERR("%s", "Cannot open /etc/group");
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+
+ linebuf = malloc(128);
+ bufsize = 128;
+ if (linebuf == NULL)
+ {
+ ret = SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
+ SEC_SVR_ERR("%s", "cannot malloc()");
+ goto error;
+ }
+
+ bzero(linebuf, bufsize);
+ ret = SECURITY_SERVER_ERROR_NO_SUCH_OBJECT;
+ while (fgets(linebuf, bufsize, fp) != NULL)
+ {
+ while (linebuf[bufsize - 2] != 0)
+ {
+ linebuf[bufsize - 1] = (char) fgetc(fp);
+ tempstr = realloc(linebuf, bufsize + 128);
+ if (tempstr == NULL)
+ {
+ ret = SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
+ goto error;
+ }
+ linebuf = tempstr;
+ bzero(linebuf + bufsize, 128);
+ fgets(linebuf + bufsize, 128, fp);
+ bufsize += 128;
+ }
+
+ token = strtok(linebuf, ":"); /* group name */
+ if (token == NULL)
+ {
+ SEC_SVR_ERR("/etc/group is not valid. cannot find gid: [%s]", linebuf);
+ ret = SECURITY_SERVER_ERROR_SERVER_ERROR;
+ goto error;
+ }
+ token2 = strtok(NULL, ":"); /* group password */
+ if (token2 == NULL)
+ {
+ SEC_SVR_ERR("/etc/group is not valid. cannot find gid: [%s]", linebuf);
+ ret = SECURITY_SERVER_ERROR_SERVER_ERROR;
+ goto error;
+ }
+ token2 = strtok(NULL, ":"); /* gid */
+ if (token2 == NULL)
+ {
+ SEC_SVR_ERR("/etc/group is not valid. cannot find gid: [%s]", linebuf);
+ ret = SECURITY_SERVER_ERROR_SERVER_ERROR;
+ goto error;
+ }
+
+ errno = 0;
+ tmp_gid = strtoul(token2, 0, 10);
+ if (errno != 0)
+ {
+ SEC_SVR_ERR("cannot change string to integer [%s]", token2);
+ ret = SECURITY_SERVER_ERROR_SERVER_ERROR;
+ goto error;
+ }
+
+ if (tmp_gid == gid)
+ {
+ /* We found it */
+ if ((int)strlen(token) > obj_size)
+ {
+ ret = SECURITY_SERVER_ERROR_BUFFER_TOO_SMALL;
+ SEC_SVR_ERR("buffer is too small. %d --> %d", obj_size, strlen(token));
+ goto error;
+ }
+ strncpy(obj, token, strlen(token));
+ obj[strlen(token)] = 0;
+ ret = SECURITY_SERVER_SUCCESS;
+ break;
+ }
+ bzero(linebuf, bufsize);
+ }
error:
- if(linebuf != NULL)
- free(linebuf);
- if(fp != NULL)
- fclose(fp);
- return ret;
+ if (linebuf != NULL)
+ free(linebuf);
+ if (fp != NULL)
+ fclose(fp);
+ return ret;
}
/*
int search_gid(const char *obj)
{
- int ret = 0;
- struct group *grpbuf = NULL;
- struct group grp;
- char *buf = NULL;
- char *bigger_buf = NULL;
- long int max_buf_size = 0;
-
- /*
- * The maximum needed size for buf can be found using sysconf(3) with the argument _SC_GETGR_R_SIZE_MAX
- * If _SC_GETGR_R_SIZE_MAX is not returned we set max_buf_size to 1024 bytes. Enough to store few groups.
- */
- max_buf_size = sysconf(_SC_GETGR_R_SIZE_MAX);
- if(max_buf_size == -1)
- max_buf_size = 1024;
-
- buf = malloc((size_t)max_buf_size);
- if(buf == NULL)
- {
- ret = SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
- SEC_SVR_ERR("Out Of Memory");
- goto error;
- }
+ int ret = 0;
+ struct group *grpbuf = NULL;
+ struct group grp;
+ char *buf = NULL;
+ char *bigger_buf = NULL;
+ long int max_buf_size = 0;
- /*
- * There can be some corner cases when for example user is assigned to a lot of groups.
- * In that case if buffer is to small getgrnam_r will return ERANGE error.
- * Solution could be calling getgrnam_r with bigger buffer until it's enough big.
- */
- while((ret = getgrnam_r(obj, &grp, buf, (size_t)max_buf_size, &grpbuf)) == ERANGE) {
- max_buf_size *= 2;
-
- bigger_buf = realloc(buf, (size_t)max_buf_size);
- if(bigger_buf == NULL) {
- ret = SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
- SEC_SVR_ERR("Out Of Memory");
- goto error;
- }
-
- buf = bigger_buf;
- }
-
- if(ret != 0)
- {
- ret = SECURITY_SERVER_ERROR_SERVER_ERROR;
- SEC_SVR_ERR("getgrnam_r failed with error %s\n", strerror(errno));
- goto error;
- } else if (grpbuf == NULL) {
- ret = SECURITY_SERVER_ERROR_NO_SUCH_OBJECT;
- SEC_SVR_ERR("Cannot find gid for group %s\n", obj);
- goto error;
+ /*
+ * The maximum needed size for buf can be found using sysconf(3) with the argument _SC_GETGR_R_SIZE_MAX
+ * If _SC_GETGR_R_SIZE_MAX is not returned we set max_buf_size to 1024 bytes. Enough to store few groups.
+ */
+ max_buf_size = sysconf(_SC_GETGR_R_SIZE_MAX);
+ if (max_buf_size == -1)
+ max_buf_size = 1024;
+
+ buf = malloc((size_t)max_buf_size);
+ if (buf == NULL)
+ {
+ ret = SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
+ SEC_SVR_ERR("Out Of Memory");
+ goto error;
+ }
+
+ /*
+ * There can be some corner cases when for example user is assigned to a lot of groups.
+ * In that case if buffer is to small getgrnam_r will return ERANGE error.
+ * Solution could be calling getgrnam_r with bigger buffer until it's enough big.
+ */
+ while ((ret = getgrnam_r(obj, &grp, buf, (size_t)max_buf_size, &grpbuf)) == ERANGE) {
+ max_buf_size *= 2;
+
+ bigger_buf = realloc(buf, (size_t)max_buf_size);
+ if (bigger_buf == NULL) {
+ ret = SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
+ SEC_SVR_ERR("Out Of Memory");
+ goto error;
}
- ret = grpbuf->gr_gid;
+ buf = bigger_buf;
+ }
+
+ if (ret != 0)
+ {
+ ret = SECURITY_SERVER_ERROR_SERVER_ERROR;
+ SEC_SVR_ERR("getgrnam_r failed with error %s\n", strerror(errno));
+ goto error;
+ } else if (grpbuf == NULL) {
+ ret = SECURITY_SERVER_ERROR_NO_SUCH_OBJECT;
+ SEC_SVR_ERR("Cannot find gid for group %s\n", obj);
+ goto error;
+ }
+
+ ret = grpbuf->gr_gid;
error:
- free(buf);
- return ret;
+ free(buf);
+ return ret;
}
/* Signal handler for processes */
SEC_SVR_DBG("Signal handler: dead_pid=%d, pgid=%d",info->si_pid,child_pgid);
while ((child_pid = waitpid(-1, &status, WNOHANG)) > 0) {
- if(child_pid == child_pgid)
+ if (child_pid == child_pgid)
killpg(child_pgid,SIGKILL);
}
}
/* Execute a debugging tool by fork() and execve() */
-int execute_debug_tool(int argc, char *const *argv, int server_sockfd, int client_sockfd)
+int execute_debug_tool(int argc, char*const *argv, int server_sockfd, int client_sockfd)
{
int ret, i;
SEC_SVR_DBG("%s", "Executing tool");
(void)argc;
ret = fork();
- if(ret == 0)
+ if (ret == 0)
{
close(client_sockfd);
close(server_sockfd);
setsid();
- for(i=0;i<_NSIG;i++)
+ for (i = 0; i < _NSIG; i++)
signal(i, SIG_DFL);
ret = execv(argv[0], argv);
- if(ret == -1)
+ if (ret == -1)
{
SEC_SVR_ERR("Error:Failed to execute [%d]", errno);
exit(-1);
}
}
- if(ret < 0)
+ if (ret < 0)
{
SEC_SVR_ERR("Error: Failed to fork [%d]", errno);
return SECURITY_SERVER_ERROR_SERVER_ERROR;
* The middleware must run as root and the cmd line must be pre listed */
int authenticate_developer_shell(int sockfd)
{
- int retval = SECURITY_SERVER_ERROR_AUTHENTICATION_FAILED;
- struct ucred cr;
- unsigned int cl = sizeof(cr);
- char *exe = NULL;
-
- /* get PID of socket peer */
- if(getsockopt(sockfd, SOL_SOCKET, SO_PEERCRED, &cr, &cl) != 0)
- {
- retval = SECURITY_SERVER_ERROR_SOCKET;
- SEC_SVR_ERR("%s", "Error on getsockopt");
- goto error;
- }
-
- /* All middlewares will run as root */
- if(cr.uid != SECURITY_SERVER_DEVELOPER_UID)
- {
- retval = SECURITY_SERVER_ERROR_AUTHENTICATION_FAILED;
- SEC_SVR_ERR("Non root process has called API: %d", cr.uid);
- goto error;
- }
-
- /* Read executable path of the PID from proc fs */
- exe = read_exe_path_from_proc(cr.pid);
- if(exe == NULL)
- {
- /* It's weired. no file in proc file system, */
- retval = SECURITY_SERVER_ERROR_FILE_OPERATION;
- SEC_SVR_ERR("Error on opening /proc/%d/exe", cr.pid);
- goto error;
- }
-
- /* Search exe of the peer that is really debug tool */
- if(strcmp(exe, SECURITY_SERVER_DEBUG_TOOL_PATH) != 0)
- {
- SEC_SVR_ERR("Error: Wrong exe path [%s]", exe);
- retval = SECURITY_SERVER_ERROR_AUTHENTICATION_FAILED;
- goto error;
- }
- retval = SECURITY_SERVER_SUCCESS;
- SEC_SVR_DBG("%s", "Client Authenticated");
+ int retval = SECURITY_SERVER_ERROR_AUTHENTICATION_FAILED;
+ struct ucred cr;
+ unsigned int cl = sizeof(cr);
+ char *exe = NULL;
+
+ /* get PID of socket peer */
+ if (getsockopt(sockfd, SOL_SOCKET, SO_PEERCRED, &cr, &cl) != 0)
+ {
+ retval = SECURITY_SERVER_ERROR_SOCKET;
+ SEC_SVR_ERR("%s", "Error on getsockopt");
+ goto error;
+ }
+
+ /* All middlewares will run as root */
+ if (cr.uid != SECURITY_SERVER_DEVELOPER_UID)
+ {
+ retval = SECURITY_SERVER_ERROR_AUTHENTICATION_FAILED;
+ SEC_SVR_ERR("Non root process has called API: %d", cr.uid);
+ goto error;
+ }
+
+ /* Read executable path of the PID from proc fs */
+ exe = read_exe_path_from_proc(cr.pid);
+ if (exe == NULL)
+ {
+ /* It's weired. no file in proc file system, */
+ retval = SECURITY_SERVER_ERROR_FILE_OPERATION;
+ SEC_SVR_ERR("Error on opening /proc/%d/exe", cr.pid);
+ goto error;
+ }
+
+ /* Search exe of the peer that is really debug tool */
+ if (strcmp(exe, SECURITY_SERVER_DEBUG_TOOL_PATH) != 0)
+ {
+ SEC_SVR_ERR("Error: Wrong exe path [%s]", exe);
+ retval = SECURITY_SERVER_ERROR_AUTHENTICATION_FAILED;
+ goto error;
+ }
+ retval = SECURITY_SERVER_SUCCESS;
+ SEC_SVR_DBG("%s", "Client Authenticated");
error:
- if(exe != NULL)
- free(exe);
+ if (exe != NULL)
+ free(exe);
- return retval;
+ return retval;
}
int process_cookie_request(int sockfd)
{
- int retval, client_pid, client_uid;
- cookie_list *created_cookie = NULL;
- unsigned char cookie[SECURITY_SERVER_COOKIE_LEN];
- pid_t cookie_pid;
- char* cookie_label = NULL;
-
- /* Authenticate client */
- retval = authenticate_client_application(sockfd, &client_pid, &client_uid);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("%s", "Client Authentication Failed");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
- /* If client application is root process, just respond default cookie */
+ int retval, client_pid, client_uid;
+ cookie_list *created_cookie = NULL;
+ unsigned char cookie[SECURITY_SERVER_COOKIE_LEN];
+ pid_t cookie_pid;
+ char *cookie_label = NULL;
+
+ /* Authenticate client */
+ retval = authenticate_client_application(sockfd, &client_pid, &client_uid);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("%s", "Client Authentication Failed");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+ /* If client application is root process, just respond default cookie */
/*
- if( client_uid == 0)
- {
- SEC_SVR_DBG("%s", "Requested application is a root process");
- created_cookie = c_list;
- if(c_list == NULL)
- {
- SEC_SVR_DBG("%s", "Cannot read default cookie");
- goto error;
- }
- }
- else
- {
+ if( client_uid == 0)
+ {
+ SEC_SVR_DBG("%s", "Requested application is a root process");
+ created_cookie = c_list;
+ if(c_list == NULL)
+ {
+ SEC_SVR_DBG("%s", "Cannot read default cookie");
+ goto error;
+ }
+ }
+ else
+ {
*/
- //TODO: Remove above code if there will be no crashes without it
- //All process should be treaded the same
-
- /* Create a new cookie. or find existing one */
- pthread_mutex_lock(&cookie_mutex);
- created_cookie = create_cookie_item(client_pid, sockfd, c_list);
- if(created_cookie == NULL)
- {
- pthread_mutex_unlock(&cookie_mutex);
- SEC_SVR_ERR("%s","Cannot create a cookie");
- goto error;
- }
-
- //let others know if this cookie belongs to root process
- if(client_uid == 0)
- created_cookie->is_roots_process = 1;
- else
- created_cookie->is_roots_process = 0;
- memcpy(cookie, created_cookie->cookie, SECURITY_SERVER_COOKIE_LEN);
- cookie_pid = created_cookie->pid;
- if (created_cookie->smack_label)
- cookie_label = strdup(created_cookie->smack_label);
- else
- cookie_label = strdup("NULL");
- pthread_mutex_unlock(&cookie_mutex);
-
- //}
- /* send cookie as response */
- retval = send_cookie(sockfd, cookie);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
- }
- SEC_SVR_DBG("Server: Cookie created for client PID %d LABEL >%s<",
- cookie_pid, cookie_label);
-
- SEC_SVR_DBG("%s", "Server: Cookie has been sent to client");
- free(cookie_label);
+ //TODO: Remove above code if there will be no crashes without it
+ //All process should be treaded the same
+
+ /* Create a new cookie. or find existing one */
+ pthread_mutex_lock(&cookie_mutex);
+ created_cookie = create_cookie_item(client_pid, sockfd, c_list);
+ if (created_cookie == NULL)
+ {
+ pthread_mutex_unlock(&cookie_mutex);
+ SEC_SVR_ERR("%s","Cannot create a cookie");
+ goto error;
+ }
+
+ //let others know if this cookie belongs to root process
+ if (client_uid == 0)
+ created_cookie->is_roots_process = 1;
+ else
+ created_cookie->is_roots_process = 0;
+ memcpy(cookie, created_cookie->cookie, SECURITY_SERVER_COOKIE_LEN);
+ cookie_pid = created_cookie->pid;
+ if (created_cookie->smack_label)
+ cookie_label = strdup(created_cookie->smack_label);
+ else
+ cookie_label = strdup("NULL");
+ pthread_mutex_unlock(&cookie_mutex);
+
+ //}
+ /* send cookie as response */
+ retval = send_cookie(sockfd, cookie);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ }
+ SEC_SVR_DBG("Server: Cookie created for client PID %d LABEL >%s<",
+ cookie_pid, cookie_label);
+
+ SEC_SVR_DBG("%s", "Server: Cookie has been sent to client");
+ free(cookie_label);
error:
- return retval;
+ return retval;
}
-int process_check_privilege_request(int sockfd)
-{
- /* Authenticate client */
- int retval, client_pid, requested_privilege;
- int privileges[1];
- unsigned char requested_cookie[SECURITY_SERVER_COOKIE_LEN];
- cookie_list *search_result = NULL;
-
- retval = authenticate_client_middleware(sockfd, &client_pid);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("%s", "Client Authentication Failed");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
- }
- goto error;;
- }
-
- retval = recv_check_privilege_request(sockfd,
- requested_cookie, &requested_privilege);
- if(retval == SECURITY_SERVER_ERROR_RECV_FAILED)
- {
- SEC_SVR_ERR("%s", "Receiving request failed");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
- }
- goto error;;
- }
-
- if(requested_privilege < 1)
- {
- SEC_SVR_ERR("Requiring bad privilege [%d]", requested_privilege);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
-
- /* Search cookie list */
- pthread_mutex_lock(&cookie_mutex);
- privileges[0] = requested_privilege;
- search_result = search_cookie(c_list, requested_cookie, privileges, 1);
- pthread_mutex_unlock(&cookie_mutex);
- if(search_result != NULL)
- {
- /* We found */
- SEC_SVR_DBG("We found the cookie with %d privilege and pid:%d", requested_privilege, client_pid);
- SEC_SVR_DBG("%s", "Cookie comparison succeeded. Access granted.");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_ACCESS_GRANTED);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
- }
- }
- else
- {
- /* It's not exist */
- SEC_SVR_ERR("Could not find the cookie with %d privilege", requested_privilege);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_ACCESS_DENIED);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
- }
- }
+int process_check_privilege_request(int sockfd)
+{
+ /* Authenticate client */
+ int retval, client_pid, requested_privilege;
+ int privileges[1];
+ unsigned char requested_cookie[SECURITY_SERVER_COOKIE_LEN];
+ cookie_list *search_result = NULL;
+
+ retval = authenticate_client_middleware(sockfd, &client_pid);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("%s", "Client Authentication Failed");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;;
+ }
+
+ retval = recv_check_privilege_request(sockfd,
+ requested_cookie, &requested_privilege);
+ if (retval == SECURITY_SERVER_ERROR_RECV_FAILED)
+ {
+ SEC_SVR_ERR("%s", "Receiving request failed");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;;
+ }
+
+ if (requested_privilege < 1)
+ {
+ SEC_SVR_ERR("Requiring bad privilege [%d]", requested_privilege);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+
+ /* Search cookie list */
+ pthread_mutex_lock(&cookie_mutex);
+ privileges[0] = requested_privilege;
+ search_result = search_cookie(c_list, requested_cookie, privileges, 1);
+ pthread_mutex_unlock(&cookie_mutex);
+ if (search_result != NULL)
+ {
+ /* We found */
+ SEC_SVR_DBG("We found the cookie with %d privilege and pid:%d", requested_privilege, client_pid);
+ SEC_SVR_DBG("%s", "Cookie comparison succeeded. Access granted.");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_ACCESS_GRANTED);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ }
+ }
+ else
+ {
+ /* It's not exist */
+ SEC_SVR_ERR("Could not find the cookie with %d privilege", requested_privilege);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_ACCESS_DENIED);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ }
+ }
+error:
+ return retval;
+}
+
+int process_check_privilege_new_request(int sockfd)
+{
+ /* Authenticate client */
+ int retval, client_pid;
+ unsigned char requested_cookie[SECURITY_SERVER_COOKIE_LEN];
+ cookie_list *search_result = NULL;
+ char object_label[MAX_OBJECT_LABEL_LEN + 1];
+ char access_rights[MAX_MODE_STR_LEN + 1];
+
+ retval = authenticate_client_middleware(sockfd, &client_pid);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("%s", "Client Authentication Failed");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;;
+ }
+
+ retval = recv_check_privilege_new_request(
+ sockfd, requested_cookie, object_label, access_rights);
+ if (retval == SECURITY_SERVER_ERROR_RECV_FAILED)
+ {
+ SEC_SVR_ERR("%s", "Receiving request failed");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;;
+ }
+
+ /* Search cookie list */
+ pthread_mutex_lock(&cookie_mutex);
+ search_result = search_cookie_new(c_list, requested_cookie, object_label, access_rights);
+ pthread_mutex_unlock(&cookie_mutex);
+
+ if (search_result != NULL)
+ {
+ /* We found */
+ SEC_SVR_DBG("We found the cookie with %s rights and pid:%d", access_rights, client_pid);
+ SEC_SVR_DBG("%s", "Cookie comparison succeeded. Access granted.");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_ACCESS_GRANTED);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ }
+ }
+ else
+ {
+ /* It's not exist */
+ SEC_SVR_ERR("Could not find the cookie with %s rights", access_rights);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_ACCESS_DENIED);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ }
+ }
+error:
+ return retval;
+}
+
+int process_object_name_request(int sockfd)
+{
+ int retval, client_pid, requested_privilege;
+ char object_name[SECURITY_SERVER_MAX_OBJ_NAME];
+
+ /* Authenticate client */
+ retval = authenticate_client_middleware(sockfd, &client_pid);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("%s", "Client Authentication Failed");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+
+ /* Receive GID */
+ retval = TEMP_FAILURE_RETRY(read(sockfd, &requested_privilege, sizeof(requested_privilege)));
+ if (retval < (int)sizeof(requested_privilege))
+ {
+ SEC_SVR_ERR("%s", "Receiving request failed");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+
+ /* Search from /etc/group */
+ retval = search_object_name(requested_privilege,
+ object_name,
+ SECURITY_SERVER_MAX_OBJ_NAME);
+ if (retval == SECURITY_SERVER_ERROR_NO_SUCH_OBJECT)
+ {
+ /* It's not exist */
+ SEC_SVR_ERR("There is no such object for gid [%d]", requested_privilege);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_NO_SUCH_OBJECT);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error occurred */
+ SEC_SVR_ERR("Error on searching object name [%d]", retval);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+
+ /* We found */
+ SECURE_LOGD("We found object: %s", object_name);
+ retval = send_object_name(sockfd, object_name);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ }
+
error:
- return retval;
+ return retval;
}
-int process_check_privilege_new_request(int sockfd)
+int process_gid_request(int sockfd, int msg_len)
{
- /* Authenticate client */
- int retval, client_pid;
- unsigned char requested_cookie[SECURITY_SERVER_COOKIE_LEN];
- cookie_list *search_result = NULL;
- char object_label[MAX_OBJECT_LABEL_LEN+1];
- char access_rights[MAX_MODE_STR_LEN+1];
-
- retval = authenticate_client_middleware(sockfd, &client_pid);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("%s", "Client Authentication Failed");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
- }
- goto error;;
- }
-
- retval = recv_check_privilege_new_request(
- sockfd, requested_cookie, object_label, access_rights);
- if(retval == SECURITY_SERVER_ERROR_RECV_FAILED)
- {
- SEC_SVR_ERR("%s", "Receiving request failed");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
- }
- goto error;;
- }
-
- /* Search cookie list */
- pthread_mutex_lock(&cookie_mutex);
- search_result = search_cookie_new(c_list, requested_cookie, object_label, access_rights);
- pthread_mutex_unlock(&cookie_mutex);
-
- if(search_result != NULL)
- {
- /* We found */
- SEC_SVR_DBG("We found the cookie with %s rights and pid:%d", access_rights, client_pid);
- SEC_SVR_DBG("%s", "Cookie comparison succeeded. Access granted.");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_ACCESS_GRANTED);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
- }
- }
- else
- {
- /* It's not exist */
- SEC_SVR_ERR("Could not find the cookie with %s rights", access_rights);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_ACCESS_DENIED);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
- }
- }
-error:
- return retval;
+ int retval, client_pid;
+ char object_name[SECURITY_SERVER_MAX_OBJ_NAME];
+ /* Authenticate client as middleware daemon */
+ retval = authenticate_client_middleware(sockfd, &client_pid);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("%s", "Client authentication failed");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_GID_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+ if (msg_len >= SECURITY_SERVER_MAX_OBJ_NAME)
+ {
+ /* Too big ojbect name */
+ SEC_SVR_ERR("%s", "Object name is too big");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_GID_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
-}
+ /* Receive group name */
+ retval = TEMP_FAILURE_RETRY(read(sockfd, object_name, msg_len));
+ if (retval < msg_len)
+ {
+ SECURE_LOGE("%s", "Failed to read object name");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_GID_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+ object_name[msg_len] = 0;
-int process_object_name_request(int sockfd)
-{
- int retval, client_pid, requested_privilege;
- char object_name[SECURITY_SERVER_MAX_OBJ_NAME];
-
- /* Authenticate client */
- retval = authenticate_client_middleware(sockfd, &client_pid);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("%s", "Client Authentication Failed");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
-
- /* Receive GID */
- retval = TEMP_FAILURE_RETRY(read(sockfd, &requested_privilege, sizeof(requested_privilege)));
- if (retval < (int)sizeof(requested_privilege))
- {
- SEC_SVR_ERR("%s", "Receiving request failed");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
-
- /* Search from /etc/group */
- retval = search_object_name(requested_privilege,
- object_name,
- SECURITY_SERVER_MAX_OBJ_NAME);
- if (retval == SECURITY_SERVER_ERROR_NO_SUCH_OBJECT)
- {
- /* It's not exist */
- SEC_SVR_ERR("There is no such object for gid [%d]", requested_privilege);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_NO_SUCH_OBJECT);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error occurred */
- SEC_SVR_ERR("Error on searching object name [%d]", retval);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
-
- /* We found */
- SECURE_LOGD("We found object: %s", object_name);
- retval = send_object_name(sockfd, object_name);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
- }
+ /* Search /etc/group for the given group name */
+ retval = search_gid(object_name);
+ if (retval == SECURITY_SERVER_ERROR_NO_SUCH_OBJECT)
+ {
+ /* Not exist */
+ SECURE_LOGE("The object [%s] is not exist", object_name);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_GID_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_NO_SUCH_OBJECT);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
-error:
- return retval;
-}
+ if (retval < 0)
+ {
+ /* Error occurred */
+ SEC_SVR_ERR("Cannot send the response. %d", retval);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_GID_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ }
-int process_gid_request(int sockfd, int msg_len)
-{
- int retval, client_pid;
- char object_name[SECURITY_SERVER_MAX_OBJ_NAME];
- /* Authenticate client as middleware daemon */
- retval = authenticate_client_middleware(sockfd, &client_pid);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("%s", "Client authentication failed");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_GID_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
-
- if(msg_len >= SECURITY_SERVER_MAX_OBJ_NAME)
- {
- /* Too big ojbect name */
- SEC_SVR_ERR("%s", "Object name is too big");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_GID_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
-
- /* Receive group name */
- retval = TEMP_FAILURE_RETRY(read(sockfd, object_name, msg_len));
- if (retval < msg_len )
- {
- SECURE_LOGE("%s", "Failed to read object name");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_GID_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
- object_name[msg_len] = 0;
-
- /* Search /etc/group for the given group name */
- retval = search_gid(object_name);
- if (retval == SECURITY_SERVER_ERROR_NO_SUCH_OBJECT)
- {
- /* Not exist */
- SECURE_LOGE("The object [%s] is not exist", object_name);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_GID_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_NO_SUCH_OBJECT);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
-
- if(retval < 0)
- {
- /* Error occurred */
- SEC_SVR_ERR("Cannot send the response. %d", retval);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_GID_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
- }
-
- goto error;
- }
- /* We found */
- retval = send_gid(sockfd, retval);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot gid response: %d", retval);
- }
+ goto error;
+ }
+ /* We found */
+ retval = send_gid(sockfd, retval);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot gid response: %d", retval);
+ }
error:
- return retval;
+ return retval;
}
int process_pid_request(int sockfd)
{
- int retval, client_pid;
- unsigned char requested_cookie[SECURITY_SERVER_COOKIE_LEN];
- int * privileges = NULL;
- cookie_list *search_result = NULL;
- pid_t cookie_pid = 0;
-
- /* Authenticate client */
- retval = authenticate_client_middleware(sockfd, &client_pid);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("%s", "Client Authentication Failed");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_PID_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
-
- retval = recv_pid_request(sockfd, requested_cookie);
- if(retval == SECURITY_SERVER_ERROR_RECV_FAILED)
- {
- SEC_SVR_ERR("%s", "Receiving request failed");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_PID_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
+ int retval, client_pid;
+ unsigned char requested_cookie[SECURITY_SERVER_COOKIE_LEN];
+ int *privileges = NULL;
+ cookie_list *search_result = NULL;
+ pid_t cookie_pid = 0;
+
+ /* Authenticate client */
+ retval = authenticate_client_middleware(sockfd, &client_pid);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("%s", "Client Authentication Failed");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_PID_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+
+ retval = recv_pid_request(sockfd, requested_cookie);
+ if (retval == SECURITY_SERVER_ERROR_RECV_FAILED)
+ {
+ SEC_SVR_ERR("%s", "Receiving request failed");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_PID_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
retval = get_client_gid_list(sockfd, &privileges);
- if(retval < 0)
+ if (retval < 0)
{
SEC_SVR_ERR("ERROR: Cannot get GID list");
goto error;
}
- /* Search cookie list */
- pthread_mutex_lock(&cookie_mutex);
- search_result = search_cookie(c_list, requested_cookie, privileges, retval);
- if(search_result)
- cookie_pid = search_result->pid;
- pthread_mutex_unlock(&cookie_mutex);
-
- free(privileges);
-
- if(search_result != NULL)
- {
- /* We found */
- SEC_SVR_DBG("We found the cookie and pid:%d", cookie_pid);
- SEC_SVR_DBG("%s", "Cookie comparison succeeded. Access granted.");
- retval = send_pid(sockfd, cookie_pid);
-
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
- }
- }
- else
- {
- /* It's not exist */
- SEC_SVR_ERR("%s", "Could not find the cookie");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_PID_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_NO_SUCH_COOKIE);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send pid response: %d", retval);
- }
- }
+ /* Search cookie list */
+ pthread_mutex_lock(&cookie_mutex);
+ search_result = search_cookie(c_list, requested_cookie, privileges, retval);
+ if (search_result)
+ cookie_pid = search_result->pid;
+ pthread_mutex_unlock(&cookie_mutex);
+
+ free(privileges);
+
+ if (search_result != NULL)
+ {
+ /* We found */
+ SEC_SVR_DBG("We found the cookie and pid:%d", cookie_pid);
+ SEC_SVR_DBG("%s", "Cookie comparison succeeded. Access granted.");
+ retval = send_pid(sockfd, cookie_pid);
+
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ }
+ }
+ else
+ {
+ /* It's not exist */
+ SEC_SVR_ERR("%s", "Could not find the cookie");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_PID_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_NO_SUCH_COOKIE);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send pid response: %d", retval);
+ }
+ }
error:
- return retval;
+ return retval;
}
int process_smack_request(int sockfd)
{
int retval, client_pid;
- int * privileges = NULL;
+ int *privileges = NULL;
unsigned char requested_cookie[SECURITY_SERVER_COOKIE_LEN];
cookie_list *search_result = NULL;
//handler for SMACK label
- char * label = NULL;
+ char *label = NULL;
/* Authenticate client */
retval = authenticate_client_middleware(sockfd, &client_pid);
- if(retval != SECURITY_SERVER_SUCCESS)
+ if (retval != SECURITY_SERVER_SUCCESS)
{
SEC_SVR_ERR("%s", "Client Authentication Failed");
retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SMACK_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
- if(retval != SECURITY_SERVER_SUCCESS)
+ SECURITY_SERVER_MSG_TYPE_SMACK_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
+ if (retval != SECURITY_SERVER_SUCCESS)
{
SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
}
}
retval = recv_smack_request(sockfd, requested_cookie);
- if(retval == SECURITY_SERVER_ERROR_RECV_FAILED)
+ if (retval == SECURITY_SERVER_ERROR_RECV_FAILED)
{
SEC_SVR_ERR("%s", "Receiving request failed");
retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SMACK_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
+ SECURITY_SERVER_MSG_TYPE_SMACK_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
{
SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
}
}
retval = get_client_gid_list(sockfd, &privileges);
- if(retval < 0)
+ if (retval < 0)
{
SEC_SVR_ERR("ERROR: Cannot get GID list");
goto error;
}
- /* Search cookie list */
- pthread_mutex_lock(&cookie_mutex);
- search_result = search_cookie(c_list, requested_cookie, privileges, retval);
- if (search_result) {
- if (search_result->smack_label)
- label = strdup(search_result->smack_label);
- else {
- SEC_SVR_DBG("%s", "No SMACK support on device - returning empty label");
- label = strdup("");
- }
- }
- pthread_mutex_unlock(&cookie_mutex);
+ /* Search cookie list */
+ pthread_mutex_lock(&cookie_mutex);
+ search_result = search_cookie(c_list, requested_cookie, privileges, retval);
+ if (search_result) {
+ if (search_result->smack_label)
+ label = strdup(search_result->smack_label);
+ else {
+ SEC_SVR_DBG("%s", "No SMACK support on device - returning empty label");
+ label = strdup("");
+ }
+ }
+ pthread_mutex_unlock(&cookie_mutex);
- free(privileges);
+ free(privileges);
- if(search_result != NULL)
+ if (search_result != NULL)
{
/* We found */
SEC_SVR_DBG("We found the cookie and pid:%d", search_result->pid);
retval = send_smack(sockfd, label);
- if(retval != SECURITY_SERVER_SUCCESS)
+ if (retval != SECURITY_SERVER_SUCCESS)
{
SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
}
/* It's not exist */
SEC_SVR_ERR("%s", "Could not find the cookie");
retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SMACK_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_NO_SUCH_COOKIE);
- if(retval != SECURITY_SERVER_SUCCESS)
+ SECURITY_SERVER_MSG_TYPE_SMACK_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_NO_SUCH_COOKIE);
+ if (retval != SECURITY_SERVER_SUCCESS)
{
SEC_SVR_ERR("ERROR: Cannot send SMACK label response: %d", retval);
}
int retval;
int client_pid;
int pid;
- char * object = NULL;
- char * access_rights = NULL;
+ char *object = NULL;
+ char *access_rights = NULL;
unsigned char return_code;
- char * path = NULL;
+ char *path = NULL;
char subject[SMACK_LABEL_LEN + 1];
subject[0] = '\0';
retval = smack_pid_have_access(pid, object, access_rights);
SEC_SVR_DBG("smack_pid_have_access returned %d", retval);
- if(get_smack_label_from_process(pid, subject) != PC_OPERATION_SUCCESS) {
+ if (get_smack_label_from_process(pid, subject) != PC_OPERATION_SUCCESS) {
// subject label is set to empty string
SEC_SVR_ERR("get_smack_label_from_process failed. Subject label has not been read.");
} else {
//send response
retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_CHECK_PID_PRIVILEGE_RESPONSE,
- return_code);
+ SECURITY_SERVER_MSG_TYPE_CHECK_PID_PRIVILEGE_RESPONSE,
+ return_code);
if (retval != SECURITY_SERVER_SUCCESS)
SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
if (access_rights != NULL)
free(access_rights);
- return retval;
+ return retval;
}
int process_tool_request(int client_sockfd, int server_sockfd)
/* Authenticate client */
retval = authenticate_developer_shell(client_sockfd);
- if(retval != SECURITY_SERVER_SUCCESS)
+ if (retval != SECURITY_SERVER_SUCCESS)
{
SEC_SVR_ERR("%s", "Client Authentication Failed");
retval = send_generic_response(client_sockfd,
- SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
- if(retval != SECURITY_SERVER_SUCCESS)
+ SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
+ if (retval != SECURITY_SERVER_SUCCESS)
{
SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
}
/* Receive Total number of argv */
retval = TEMP_FAILURE_RETRY(read(client_sockfd, &argcnum, sizeof(int)));
- if((retval < (int)sizeof(int)) || argcnum > (UINT_MAX/sizeof(char *))-2 || argcnum < 0)
+ if ((retval < (int)sizeof(int)) || argcnum > (UINT_MAX / sizeof(char*)) - 2 || argcnum < 0)
{
SEC_SVR_ERR("Error: argc recieve failed: %d", retval);
retval = send_generic_response(client_sockfd,
- SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
+ SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
{
SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
}
goto error;
}
argcnum += 2;
- recved_argv = (char **)malloc(sizeof(char *) * argcnum);
- if(recved_argv == NULL)
+ recved_argv = (char**)malloc(sizeof(char*) * argcnum);
+ if (recved_argv == NULL)
{
SEC_SVR_ERR("Error: malloc() failed: %d", retval);
retval = send_generic_response(client_sockfd,
- SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
- if(retval != SECURITY_SERVER_SUCCESS)
+ SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
+ if (retval != SECURITY_SERVER_SUCCESS)
{
SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
}
goto error;
}
- memset(recved_argv, 0, sizeof(char *) * argcnum);
+ memset(recved_argv, 0, sizeof(char*) * argcnum);
- retval = recv_launch_tool_request(client_sockfd, argcnum-1, recved_argv);
- if(retval == SECURITY_SERVER_ERROR_RECV_FAILED || retval == SECURITY_SERVER_ERROR_OUT_OF_MEMORY)
+ retval = recv_launch_tool_request(client_sockfd, argcnum - 1, recved_argv);
+ if (retval == SECURITY_SERVER_ERROR_RECV_FAILED || retval == SECURITY_SERVER_ERROR_OUT_OF_MEMORY)
{
SEC_SVR_ERR("%s", "Receiving request failed");
retval = send_generic_response(client_sockfd,
- SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
+ SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
{
SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
}
goto error;
}
- if(argcnum < 2)
+ if (argcnum < 2)
{
SEC_SVR_ERR("Error: Too small number of argv [%d]", argcnum);
retval = send_generic_response(client_sockfd,
- SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
+ SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
{
SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
}
}
/* Execute the command */
retval = execute_debug_tool(argcnum, recved_argv, server_sockfd, client_sockfd);
- if(retval != SECURITY_SERVER_SUCCESS)
+ if (retval != SECURITY_SERVER_SUCCESS)
{
SEC_SVR_ERR("Error: Cannot execute debug tool [%d]", retval);
retval = send_generic_response(client_sockfd,
- SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
- if(retval != SECURITY_SERVER_SUCCESS)
+ SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
+ if (retval != SECURITY_SERVER_SUCCESS)
{
SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
}
{
SEC_SVR_DBG("%s", "Tool has been executed");
retval = send_generic_response(client_sockfd,
- SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_SUCCESS);
- if(retval != SECURITY_SERVER_SUCCESS)
+ SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_SUCCESS);
+ if (retval != SECURITY_SERVER_SUCCESS)
{
SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
}
* |---------------------------------------------------------------|
*/
-int send_exe_path_response(int sockfd, const char* path)
+int send_exe_path_response(int sockfd, const char *path)
{
- response_header hdr;
- unsigned char* msg = NULL;
- unsigned char* ptr = NULL;
- int ret;
- size_t path_len = 0;
- unsigned short msg_len = 0;
-
- if (!path) {
- SEC_SVR_ERR("Path is NULL");
- return SECURITY_SERVER_ERROR_INPUT_PARAM;
- }
-
- path_len = strlen(path);
- msg_len = sizeof(hdr) + sizeof(size_t) + path_len;
- msg = (unsigned char*)malloc(msg_len*sizeof(unsigned char));
- if (!msg) {
- SEC_SVR_ERR("malloc failed");
- return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
- }
-
- /* Assemble header */
- hdr.basic_hdr.version = SECURITY_SERVER_MSG_VERSION;
- hdr.basic_hdr.msg_id = SECURITY_SERVER_MSG_TYPE_EXE_PATH_RESPONSE;
- hdr.basic_hdr.msg_len = sizeof(size_t) + path_len;
- hdr.return_code = SECURITY_SERVER_RETURN_CODE_SUCCESS;
-
- /* Prepare packet */
- ptr = msg;
- memcpy(ptr, &hdr, sizeof(hdr));
- ptr += sizeof(hdr);
- memcpy(ptr, &path_len, sizeof(size_t));
- ptr += sizeof(size_t);
- memcpy(ptr, path, path_len);
-
- /* Check poll */
- ret = check_socket_poll(sockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(ret == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "poll() error");
- ret = SECURITY_SERVER_ERROR_SEND_FAILED;
- goto out;
- }
- if(ret == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- SEC_SVR_ERR("%s", "poll() timeout");
- ret = SECURITY_SERVER_ERROR_SEND_FAILED;
- goto out;
- }
-
- /* Send it */
- ret = TEMP_FAILURE_RETRY(write(sockfd, msg, msg_len));
- if(ret < msg_len)
- {
- SEC_SVR_ERR("Error on write(): %d", ret);
- ret = SECURITY_SERVER_ERROR_SEND_FAILED;
- goto out;
- }
- ret = SECURITY_SERVER_SUCCESS;
+ response_header hdr;
+ unsigned char *msg = NULL;
+ unsigned char *ptr = NULL;
+ int ret;
+ size_t path_len = 0;
+ unsigned short msg_len = 0;
+
+ if (!path) {
+ SEC_SVR_ERR("Path is NULL");
+ return SECURITY_SERVER_ERROR_INPUT_PARAM;
+ }
+
+ path_len = strlen(path);
+ msg_len = sizeof(hdr) + sizeof(size_t) + path_len;
+ msg = (unsigned char*)malloc(msg_len * sizeof(unsigned char));
+ if (!msg) {
+ SEC_SVR_ERR("malloc failed");
+ return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
+ }
+
+ /* Assemble header */
+ hdr.basic_hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.basic_hdr.msg_id = SECURITY_SERVER_MSG_TYPE_EXE_PATH_RESPONSE;
+ hdr.basic_hdr.msg_len = sizeof(size_t) + path_len;
+ hdr.return_code = SECURITY_SERVER_RETURN_CODE_SUCCESS;
+
+ /* Prepare packet */
+ ptr = msg;
+ memcpy(ptr, &hdr, sizeof(hdr));
+ ptr += sizeof(hdr);
+ memcpy(ptr, &path_len, sizeof(size_t));
+ ptr += sizeof(size_t);
+ memcpy(ptr, path, path_len);
+
+ /* Check poll */
+ ret = check_socket_poll(sockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (ret == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "poll() error");
+ ret = SECURITY_SERVER_ERROR_SEND_FAILED;
+ goto out;
+ }
+ if (ret == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_ERR("%s", "poll() timeout");
+ ret = SECURITY_SERVER_ERROR_SEND_FAILED;
+ goto out;
+ }
+
+ /* Send it */
+ ret = TEMP_FAILURE_RETRY(write(sockfd, msg, msg_len));
+ if (ret < msg_len)
+ {
+ SEC_SVR_ERR("Error on write(): %d", ret);
+ ret = SECURITY_SERVER_ERROR_SEND_FAILED;
+ goto out;
+ }
+ ret = SECURITY_SERVER_SUCCESS;
out:
- free(msg);
- return ret;
+ free(msg);
+ return ret;
}
int process_exe_path_request(int sockfd)
{
- pid_t pid;
- int retval;
- char* exe = NULL;
-
- // read pid
- retval = TEMP_FAILURE_RETRY(read(sockfd, &pid, sizeof(pid_t)));
- if (retval < (ssize_t) sizeof(pid_t))
- {
- SEC_SVR_ERR("Server Error: recieve failed: %d", retval);
- retval = send_generic_response(
- sockfd,
- SECURITY_SERVER_MSG_TYPE_EXE_PATH_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
-
- if (retval != SECURITY_SERVER_SUCCESS)
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- goto error;
- }
-
- SEC_SVR_DBG("Server: Get exe path request for pid %d", pid);
-
- // get executable path
- exe = read_exe_path_from_proc(pid);
- if (!exe)
- {
- SEC_SVR_ERR("Server: Failed to read executable path for pid %d", pid);
- retval = send_generic_response(
- sockfd,
- SECURITY_SERVER_MSG_TYPE_EXE_PATH_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
-
- if (retval != SECURITY_SERVER_SUCCESS)
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- goto error;
- }
-
- // send response
- retval = send_exe_path_response(sockfd, exe);
- if (retval != SECURITY_SERVER_SUCCESS)
- SEC_SVR_ERR("ERROR: Cannot send exe path response: %d", retval);
+ pid_t pid;
+ int retval;
+ char *exe = NULL;
+
+ // read pid
+ retval = TEMP_FAILURE_RETRY(read(sockfd, &pid, sizeof(pid_t)));
+ if (retval < (ssize_t) sizeof(pid_t))
+ {
+ SEC_SVR_ERR("Server Error: recieve failed: %d", retval);
+ retval = send_generic_response(
+ sockfd,
+ SECURITY_SERVER_MSG_TYPE_EXE_PATH_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+
+ if (retval != SECURITY_SERVER_SUCCESS)
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ goto error;
+ }
+
+ SEC_SVR_DBG("Server: Get exe path request for pid %d", pid);
+
+ // get executable path
+ exe = read_exe_path_from_proc(pid);
+ if (!exe)
+ {
+ SEC_SVR_ERR("Server: Failed to read executable path for pid %d", pid);
+ retval = send_generic_response(
+ sockfd,
+ SECURITY_SERVER_MSG_TYPE_EXE_PATH_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
+
+ if (retval != SECURITY_SERVER_SUCCESS)
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ goto error;
+ }
+
+ // send response
+ retval = send_exe_path_response(sockfd, exe);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ SEC_SVR_ERR("ERROR: Cannot send exe path response: %d", retval);
error:
- free(exe);
- return retval;
+ free(exe);
+ return retval;
}
-int client_has_access(int sockfd, const char *object) {
+int client_has_access(int sockfd, const char *object)
+{
char *label = NULL;
int ret = 0;
int pid = -1;
}
//now we have PID in sockopt.pid
- if(smack_new_label_from_socket(sockfd, &label)) {
+ if (smack_new_label_from_socket(sockfd, &label)) {
SEC_SVR_ERR("%s", "Error on smack_new_label_from_socket");
label = NULL;
}
basic_header basic_hdr;
struct security_server_thread_param *my_param;
- my_param = (struct security_server_thread_param *) param;
+ my_param = (struct security_server_thread_param*) param;
client_sockfd = my_param->client_sockfd;
server_sockfd = my_param->server_sockfd;
/* Receive request header */
retval = recv_hdr(client_sockfd, &basic_hdr);
- if(retval == SECURITY_SERVER_ERROR_TIMEOUT || retval == SECURITY_SERVER_ERROR_RECV_FAILED
- || retval == SECURITY_SERVER_ERROR_SOCKET)
+ if (retval == SECURITY_SERVER_ERROR_TIMEOUT || retval == SECURITY_SERVER_ERROR_RECV_FAILED
+ || retval == SECURITY_SERVER_ERROR_SOCKET)
{
SEC_SVR_ERR("Receiving header error [%d]",retval);
close(client_sockfd);
goto error;;
}
- if(retval != SECURITY_SERVER_SUCCESS)
+ if (retval != SECURITY_SERVER_SUCCESS)
{
/* Response */
SEC_SVR_ERR("Receiving header error [%d]",retval);
retval = send_generic_response(client_sockfd,
- SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
+ SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
{
SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
goto error;
// If we realy want to restrict access it must be changed in future.
/* Act different for request message ID */
- switch(basic_hdr.msg_id)
- {
- case SECURITY_SERVER_MSG_TYPE_COOKIE_REQUEST:
- SEC_SVR_DBG("%s", "Cookie request received");
- authorize_SS_API_caller_socket(client_sockfd, API_FREE_ACCESS, API_RULE_REQUIRED);
- process_cookie_request(client_sockfd);
- break;
-
- case SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_REQUEST:
- SEC_SVR_DBG("%s", "Privilege check received");
- authorize_SS_API_caller_socket(client_sockfd, API_MIDDLEWARE, API_RULE_REQUIRED);
- process_check_privilege_request(client_sockfd);
- break;
-
- case SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_REQUEST:
- SEC_SVR_DBG("%s", "Privilege check (new mode) received");
- authorize_SS_API_caller_socket(client_sockfd, API_MIDDLEWARE, API_RULE_REQUIRED);
- process_check_privilege_new_request(client_sockfd);
- break;
-
- case SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_REQUEST:
- SEC_SVR_DBG("%s", "Get object name request received");
- authorize_SS_API_caller_socket(client_sockfd, API_MIDDLEWARE, API_RULE_REQUIRED);
- process_object_name_request(client_sockfd);
- break;
-
- case SECURITY_SERVER_MSG_TYPE_GID_REQUEST:
- SEC_SVR_DBG("%s", "Get GID received");
- authorize_SS_API_caller_socket(client_sockfd, API_MIDDLEWARE, API_RULE_REQUIRED);
- process_gid_request(client_sockfd, (int)basic_hdr.msg_len);
- break;
-
- case SECURITY_SERVER_MSG_TYPE_PID_REQUEST:
- SEC_SVR_DBG("%s", "pid request received");
- authorize_SS_API_caller_socket(client_sockfd, API_MIDDLEWARE, API_RULE_REQUIRED);
- process_pid_request(client_sockfd);
- break;
-
- case SECURITY_SERVER_MSG_TYPE_SMACK_REQUEST:
- SEC_SVR_DBG("%s", "SMACK label request received");
- authorize_SS_API_caller_socket(client_sockfd, API_MIDDLEWARE, API_RULE_REQUIRED);
- process_smack_request(client_sockfd);
- break;
-
- case SECURITY_SERVER_MSG_TYPE_CHECK_PID_PRIVILEGE_REQUEST:
- SEC_SVR_DBG("%s", "PID privilege check request received");
- authorize_SS_API_caller_socket(client_sockfd, API_MIDDLEWARE, API_RULE_REQUIRED);
- //pass data size to function
- process_pid_privilege_check(client_sockfd, basic_hdr.msg_len);
- break;
-
- case SECURITY_SERVER_MSG_TYPE_TOOL_REQUEST:
- SEC_SVR_DBG("%s", "launch tool request received");
- authorize_SS_API_caller_socket(client_sockfd, API_MIDDLEWARE, API_RULE_REQUIRED);
- process_tool_request(client_sockfd, server_sockfd);
- break;
-
- case SECURITY_SERVER_MSG_TYPE_VALID_PWD_REQUEST:
- SECURE_LOGD("%s", "Server: validate password request received");
- authorize_SS_API_caller_socket(client_sockfd, API_PASSWD_CHECK, API_RULE_REQUIRED);
- process_valid_pwd_request(client_sockfd);
- break;
-
- case SECURITY_SERVER_MSG_TYPE_SET_PWD_REQUEST:
- SECURE_LOGD("%s", "Server: set password request received");
- authorize_SS_API_caller_socket(client_sockfd, API_PASSWD_SET, API_RULE_REQUIRED);
- process_set_pwd_request(client_sockfd);
- break;
-
- case SECURITY_SERVER_MSG_TYPE_RESET_PWD_REQUEST:
- SECURE_LOGD("%s", "Server: reset password request received");
- authorize_SS_API_caller_socket(client_sockfd, API_PASSWD_SET, API_RULE_REQUIRED);
- process_reset_pwd_request(client_sockfd);
- break;
-
- case SECURITY_SERVER_MSG_TYPE_CHK_PWD_REQUEST:
- SECURE_LOGD("%s", "Server: check password request received");
- authorize_SS_API_caller_socket(client_sockfd, API_PASSWD_CHECK, API_RULE_REQUIRED);
- process_chk_pwd_request(client_sockfd);
- break;
-
- case SECURITY_SERVER_MSG_TYPE_SET_PWD_HISTORY_REQUEST:
- SECURE_LOGD("%s", "Server: set password histroy request received");
- authorize_SS_API_caller_socket(client_sockfd, API_PASSWD_SET, API_RULE_REQUIRED);
- process_set_pwd_history_request(client_sockfd);
- break;
-
- case SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_REQUEST:
- SECURE_LOGD("%s", "Server: set password max challenge request received");
- authorize_SS_API_caller_socket(client_sockfd, API_PASSWD_SET, API_RULE_REQUIRED);
- process_set_pwd_max_challenge_request(client_sockfd);
- break;
-
- case SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_REQUEST:
- SECURE_LOGD("%s", "Server: set password validity request received");
- authorize_SS_API_caller_socket(client_sockfd, API_PASSWD_SET, API_RULE_REQUIRED);
- process_set_pwd_validity_request(client_sockfd);
- break;
-
- case SECURITY_SERVER_MSG_TYPE_APP_GIVE_ACCESS_REQUEST:
- SEC_SVR_DBG("%s", "Server: app give access request received");
- authorize_SS_API_caller_socket(client_sockfd, API_DATA_SHARE, API_RULE_REQUIRED);
- if (client_has_access(client_sockfd, API_DATA_SHARE)) {
+ switch (basic_hdr.msg_id)
+ {
+ case SECURITY_SERVER_MSG_TYPE_COOKIE_REQUEST:
+ SEC_SVR_DBG("%s", "Cookie request received");
+ authorize_SS_API_caller_socket(client_sockfd, API_FREE_ACCESS, API_RULE_REQUIRED);
+ process_cookie_request(client_sockfd);
+ break;
+
+ case SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_REQUEST:
+ SEC_SVR_DBG("%s", "Privilege check received");
+ authorize_SS_API_caller_socket(client_sockfd, API_MIDDLEWARE, API_RULE_REQUIRED);
+ process_check_privilege_request(client_sockfd);
+ break;
+
+ case SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_REQUEST:
+ SEC_SVR_DBG("%s", "Privilege check (new mode) received");
+ authorize_SS_API_caller_socket(client_sockfd, API_MIDDLEWARE, API_RULE_REQUIRED);
+ process_check_privilege_new_request(client_sockfd);
+ break;
+
+ case SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_REQUEST:
+ SEC_SVR_DBG("%s", "Get object name request received");
+ authorize_SS_API_caller_socket(client_sockfd, API_MIDDLEWARE, API_RULE_REQUIRED);
+ process_object_name_request(client_sockfd);
+ break;
+
+ case SECURITY_SERVER_MSG_TYPE_GID_REQUEST:
+ SEC_SVR_DBG("%s", "Get GID received");
+ authorize_SS_API_caller_socket(client_sockfd, API_MIDDLEWARE, API_RULE_REQUIRED);
+ process_gid_request(client_sockfd, (int)basic_hdr.msg_len);
+ break;
+
+ case SECURITY_SERVER_MSG_TYPE_PID_REQUEST:
+ SEC_SVR_DBG("%s", "pid request received");
+ authorize_SS_API_caller_socket(client_sockfd, API_MIDDLEWARE, API_RULE_REQUIRED);
+ process_pid_request(client_sockfd);
+ break;
+
+ case SECURITY_SERVER_MSG_TYPE_SMACK_REQUEST:
+ SEC_SVR_DBG("%s", "SMACK label request received");
+ authorize_SS_API_caller_socket(client_sockfd, API_MIDDLEWARE, API_RULE_REQUIRED);
+ process_smack_request(client_sockfd);
+ break;
+
+ case SECURITY_SERVER_MSG_TYPE_CHECK_PID_PRIVILEGE_REQUEST:
+ SEC_SVR_DBG("%s", "PID privilege check request received");
+ authorize_SS_API_caller_socket(client_sockfd, API_MIDDLEWARE, API_RULE_REQUIRED);
+ //pass data size to function
+ process_pid_privilege_check(client_sockfd, basic_hdr.msg_len);
+ break;
+
+ case SECURITY_SERVER_MSG_TYPE_TOOL_REQUEST:
+ SEC_SVR_DBG("%s", "launch tool request received");
+ authorize_SS_API_caller_socket(client_sockfd, API_MIDDLEWARE, API_RULE_REQUIRED);
+ process_tool_request(client_sockfd, server_sockfd);
+ break;
+
+ case SECURITY_SERVER_MSG_TYPE_VALID_PWD_REQUEST:
+ SECURE_LOGD("%s", "Server: validate password request received");
+ authorize_SS_API_caller_socket(client_sockfd, API_PASSWD_CHECK, API_RULE_REQUIRED);
+ process_valid_pwd_request(client_sockfd);
+ break;
+
+ case SECURITY_SERVER_MSG_TYPE_SET_PWD_REQUEST:
+ SECURE_LOGD("%s", "Server: set password request received");
+ authorize_SS_API_caller_socket(client_sockfd, API_PASSWD_SET, API_RULE_REQUIRED);
+ process_set_pwd_request(client_sockfd);
+ break;
+
+ case SECURITY_SERVER_MSG_TYPE_RESET_PWD_REQUEST:
+ SECURE_LOGD("%s", "Server: reset password request received");
+ authorize_SS_API_caller_socket(client_sockfd, API_PASSWD_SET, API_RULE_REQUIRED);
+ process_reset_pwd_request(client_sockfd);
+ break;
+
+ case SECURITY_SERVER_MSG_TYPE_CHK_PWD_REQUEST:
+ SECURE_LOGD("%s", "Server: check password request received");
+ authorize_SS_API_caller_socket(client_sockfd, API_PASSWD_CHECK, API_RULE_REQUIRED);
+ process_chk_pwd_request(client_sockfd);
+ break;
+
+ case SECURITY_SERVER_MSG_TYPE_SET_PWD_HISTORY_REQUEST:
+ SECURE_LOGD("%s", "Server: set password histroy request received");
+ authorize_SS_API_caller_socket(client_sockfd, API_PASSWD_SET, API_RULE_REQUIRED);
+ process_set_pwd_history_request(client_sockfd);
+ break;
+
+ case SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_REQUEST:
+ SECURE_LOGD("%s", "Server: set password max challenge request received");
+ authorize_SS_API_caller_socket(client_sockfd, API_PASSWD_SET, API_RULE_REQUIRED);
+ process_set_pwd_max_challenge_request(client_sockfd);
+ break;
+
+ case SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_REQUEST:
+ SECURE_LOGD("%s", "Server: set password validity request received");
+ authorize_SS_API_caller_socket(client_sockfd, API_PASSWD_SET, API_RULE_REQUIRED);
+ process_set_pwd_validity_request(client_sockfd);
+ break;
+
+ case SECURITY_SERVER_MSG_TYPE_APP_GIVE_ACCESS_REQUEST:
SEC_SVR_DBG("%s", "Server: app give access request received");
- if (basic_hdr.msg_len >= 0 && (size_t)basic_hdr.msg_len >= sizeof(basic_hdr)) {
- process_app_get_access_request(client_sockfd,
- basic_hdr.msg_len - sizeof(basic_hdr));
+ authorize_SS_API_caller_socket(client_sockfd, API_DATA_SHARE, API_RULE_REQUIRED);
+ if (client_has_access(client_sockfd, API_DATA_SHARE)) {
+ SEC_SVR_DBG("%s", "Server: app give access request received");
+ if (basic_hdr.msg_len >= 0 && (size_t)basic_hdr.msg_len >= sizeof(basic_hdr)) {
+ process_app_get_access_request(client_sockfd,
+ basic_hdr.msg_len - sizeof(basic_hdr));
+ } else {
+ SEC_SVR_ERR("ERROR: Invalid message length: %d", basic_hdr.msg_len);
+ }
} else {
- SEC_SVR_ERR("ERROR: Invalid message length: %d", basic_hdr.msg_len);
+ SEC_SVR_DBG("%s", "Server: app give access request received (API DENIED - request will not proceed)");
+ send_generic_response(client_sockfd,
+ SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_ACCESS_DENIED);
}
- } else {
- SEC_SVR_DBG("%s", "Server: app give access request received (API DENIED - request will not proceed)");
- send_generic_response(client_sockfd,
- SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_ACCESS_DENIED);
- }
- break;
+ break;
/************************************************************************************************/
/* Just for test. This code must be removed on release */
- case SECURITY_SERVER_MSG_TYPE_GET_ALL_COOKIES_REQUEST:
- SEC_SVR_DBG("%s", "all cookie info request received -- NEED TO BE DELETED ON RELEASE");
- retval = authenticate_client_application(client_sockfd, &client_pid, &client_uid);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("%s", "Client Authentication Failed");
- retval = send_generic_response(client_sockfd,
- SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
- if(retval != SECURITY_SERVER_SUCCESS)
+ case SECURITY_SERVER_MSG_TYPE_GET_ALL_COOKIES_REQUEST:
+ SEC_SVR_DBG("%s", "all cookie info request received -- NEED TO BE DELETED ON RELEASE");
+ retval = authenticate_client_application(client_sockfd, &client_pid, &client_uid);
+ if (retval != SECURITY_SERVER_SUCCESS)
{
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ SEC_SVR_ERR("%s", "Client Authentication Failed");
+ retval = send_generic_response(client_sockfd,
+ SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ }
+ break;
+ }
+ retval = util_process_all_cookie(client_sockfd, c_list);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send all cookie info: %d", retval);
}
break;
- }
- retval = util_process_all_cookie(client_sockfd, c_list);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send all cookie info: %d", retval);
- }
- break;
- case SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_FROM_PID_REQUEST:
- SEC_SVR_DBG("%s", "cookie info from pid request received -- NEED TO BE DELETED ON RELEASE");
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("%s", "Client Authentication Failed");
- retval = send_generic_response(client_sockfd,
- SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
- if(retval != SECURITY_SERVER_SUCCESS)
+ case SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_FROM_PID_REQUEST:
+ SEC_SVR_DBG("%s", "cookie info from pid request received -- NEED TO BE DELETED ON RELEASE");
+ if (retval != SECURITY_SERVER_SUCCESS)
{
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ SEC_SVR_ERR("%s", "Client Authentication Failed");
+ retval = send_generic_response(client_sockfd,
+ SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ }
+ break;
}
- SEC_SVR_DBG("%s", "Server: app give access requset received");
- process_app_get_access_request(client_sockfd, basic_hdr.msg_len - sizeof(basic_hdr));
+ util_process_cookie_from_pid(client_sockfd, c_list);
break;
- }
- util_process_cookie_from_pid(client_sockfd, c_list);
- break;
- case SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_FROM_COOKIE_REQUEST:
- SEC_SVR_DBG("%s", "cookie info from cookie request received -- NEED TO BE DELETED ON RELEASE");
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("%s", "Client Authentication Failed");
- retval = send_generic_response(client_sockfd,
- SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
- if(retval != SECURITY_SERVER_SUCCESS)
+ case SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_FROM_COOKIE_REQUEST:
+ SEC_SVR_DBG("%s", "cookie info from cookie request received -- NEED TO BE DELETED ON RELEASE");
+ if (retval != SECURITY_SERVER_SUCCESS)
{
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ SEC_SVR_ERR("%s", "Client Authentication Failed");
+ retval = send_generic_response(client_sockfd,
+ SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ }
+ break;
}
+ util_process_cookie_from_cookie(client_sockfd, c_list);
break;
- }
- util_process_cookie_from_cookie(client_sockfd, c_list);
- break;
/************************************************************************************************/
- default:
- SEC_SVR_ERR("Unknown msg ID :%d", basic_hdr.msg_id);
- /* Unknown message ID */
- retval = send_generic_response(client_sockfd,
- SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
- }
- break;
+ default:
+ SEC_SVR_ERR("Unknown msg ID :%d", basic_hdr.msg_id);
+ /* Unknown message ID */
+ retval = send_generic_response(client_sockfd,
+ SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
+ }
+ break;
}
- if(client_sockfd > 0)
+ if (client_sockfd > 0)
{
safe_server_sock_close(client_sockfd);
client_sockfd = -1;
}
error:
- if(client_sockfd > 0)
+ if (client_sockfd > 0)
close(client_sockfd);
thread_status[my_param->thread_status] = 0;
pthread_detach(pthread_self());
SECURE_LOGD("%s", "Starting Security Server main thread");
/* security server must be executed by root */
- if(getuid() != 0)
+ if (getuid() != 0)
{
fprintf(stderr, "%s\n", "You are not root. exiting...");
goto error;
}
- for(retval = 0 ; retval < SECURITY_SERVER_NUM_THREADS; retval++)
+ for (retval = 0; retval < SECURITY_SERVER_NUM_THREADS; retval++)
thread_status[retval] = 0;
initiate_try();
/* Create and bind a Unix domain socket */
retval = create_new_socket(&server_sockfd);
- if(retval != SECURITY_SERVER_SUCCESS)
+ if (retval != SECURITY_SERVER_SUCCESS)
{
SEC_SVR_ERR("%s", "cannot create socket. exiting...");
goto error;
}
- if(listen(server_sockfd, 5) < 0)
+ if (listen(server_sockfd, 5) < 0)
{
SEC_SVR_ERR("%s", "listen() failed. exiting...");
goto error;
/* Create a default cookie --> Cookie for root process */
c_list = create_default_cookie();
- if(c_list == NULL)
+ if (c_list == NULL)
{
SEC_SVR_ERR("%s", "cannot make a default cookie. exiting...");
goto error;
pthread_mutex_init(&cookie_mutex, NULL);
- while(1)
+ while (1)
{
/* Accept a new client */
- if(client_sockfd < 0)
+ if (client_sockfd < 0)
client_sockfd = accept_client(server_sockfd);
- if(client_sockfd == SECURITY_SERVER_ERROR_TIMEOUT)
+ if (client_sockfd == SECURITY_SERVER_ERROR_TIMEOUT)
continue;
- if(client_sockfd < 0)
+ if (client_sockfd < 0)
goto error;
SEC_SVR_DBG("Server: new connection has been accepted: %d", client_sockfd);
retval = 0;
- while(1)
+ while (1)
{
- if(thread_status[retval] == 0)
+ if (thread_status[retval] == 0)
{
thread_status[retval] = 1;
param[retval].client_sockfd = client_sockfd;
param[retval].server_sockfd = server_sockfd;
- param[retval].thread_status= retval;
+ param[retval].thread_status = retval;
SEC_SVR_DBG("Server: Creating a new thread: %d", retval);
- rc =pthread_create(&threads[retval], NULL, security_server_thread, (void *)¶m[retval]);
+ rc = pthread_create(&threads[retval], NULL, security_server_thread, (void*)¶m[retval]);
if (rc)
{
SEC_SVR_ERR("Error: Server: Cannot create thread:%d", rc);
break;
}
retval++;
- if(retval >= SECURITY_SERVER_NUM_THREADS)
+ if (retval >= SECURITY_SERVER_NUM_THREADS)
retval = 0;
}
client_sockfd = -1;
}
error:
- if(server_sockfd > 0)
+ if (server_sockfd > 0)
close(server_sockfd);
pthread_detach(pthread_self());
pthread_exit(NULL);
}
-ssize_t read_wrapper(int sockfd, void *buffer, size_t len) {
- unsigned char *buff = (unsigned char *)buffer;
+ssize_t read_wrapper(int sockfd, void *buffer, size_t len)
+{
+ unsigned char *buff = (unsigned char*)buffer;
ssize_t done = 0;
- while(done < (int)len) {
+ while (done < (int)len) {
struct pollfd fds = { sockfd, POLLIN, 0};
if (0 >= poll(&fds, 1, 1000))
break;
- ssize_t ret = read(sockfd, buff+done, len-done);
+ ssize_t ret = read(sockfd, buff + done, len - done);
if (0 < ret) {
done += ret;
continue;
int send_message_id = SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE;
int send_error_id = SECURITY_SERVER_RETURN_CODE_SERVER_ERROR;
int client_pid = 0;
- static const char * const revoke = "-----";
+ static const char*const revoke = "-----";
const char *permissions = "rwxat";
- message_buffer = malloc(msg_len+1);
+ message_buffer = malloc(msg_len + 1);
if (!message_buffer)
return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
message_buffer[msg_len] = 0;
goto error;
if (smack_accesses_add_modify(smack, client_label,
- provider_label, permissions, revoke))
+ provider_label, permissions, revoke))
goto error;
- if (smack_accesses_apply(smack)){
+ if (smack_accesses_apply(smack)) {
send_message_id = SECURITY_SERVER_RETURN_CODE_ACCESS_DENIED;
goto error;
}
-
}
ret = SECURITY_SERVER_SUCCESS;
error:
retval = send_generic_response(sockfd, send_message_id, send_error_id);
- if(retval != SECURITY_SERVER_SUCCESS)
+ if (retval != SECURITY_SERVER_SUCCESS)
SEC_SVR_ERR("Server ERROR: Cannot send response: %d", retval);
free(message_buffer);
return ret;
}
-void *system_observer_main_thread(void *data) {
+void *system_observer_main_thread(void *data)
+{
system_observer_main(data);
SEC_SVR_ERR("%s", "System observer: exit. No garbage collector support.");
netlink_enabled = 0;
pthread_exit(NULL);
}
-int main(int argc, char* argv[])
+int main(int argc, char *argv[])
{
int res;
pthread_t main_thread;
void initiate_try()
{
- gettimeofday(&prev_try, NULL);
+ gettimeofday(&prev_try, NULL);
}
int validate_pwd_file(char *filename)
{
- int i;
-
- if((strncmp(filename + (strlen(filename) -4), ".pwd" , 4)) != 0)
- {
- SECURE_LOGE("The password filename [%s] is invalid", filename);
- return SECURITY_SERVER_ERROR_NO_PASSWORD;
- }
-
- for(i=0;i<((int)strlen(filename) -4);i++)
- {
- if(filename[i] > '9' || filename[i] < '0')
- {
- SECURE_LOGE("The password filename [%s] is invalid", filename);
- return SECURITY_SERVER_ERROR_NO_PASSWORD;
- }
- }
- return SECURITY_SERVER_SUCCESS;
+ int i;
+
+ if ((strncmp(filename + (strlen(filename) - 4), ".pwd", 4)) != 0)
+ {
+ SECURE_LOGE("The password filename [%s] is invalid", filename);
+ return SECURITY_SERVER_ERROR_NO_PASSWORD;
+ }
+
+ for (i = 0; i < ((int)strlen(filename) - 4); i++)
+ {
+ if (filename[i] > '9' || filename[i] < '0')
+ {
+ SECURE_LOGE("The password filename [%s] is invalid", filename);
+ return SECURITY_SERVER_ERROR_NO_PASSWORD;
+ }
+ }
+ return SECURITY_SERVER_SUCCESS;
}
int dir_filter(const struct dirent *entry)
{
- if ((strcmp(entry->d_name, ".") == 0) ||
- (strcmp(entry->d_name, "..") == 0) ||
- (strcmp(entry->d_name, "attempts") ==0) ||
- (strcmp(entry->d_name, "history") ==0) )
- return (0);
- else
- return (1);
+ if ((strcmp(entry->d_name, ".") == 0) ||
+ (strcmp(entry->d_name, "..") == 0) ||
+ (strcmp(entry->d_name, "attempts") == 0) ||
+ (strcmp(entry->d_name, "history") == 0))
+ return (0);
+ else
+ return (1);
}
int get_pwd_path(char *path)
{
- int retval;
- struct dirent **mydirent;
- int num;
- num = scandir(SECURITY_SERVER_DATA_DIRECTORY_PATH, &mydirent, &dir_filter, alphasort);
- if(num < 0)
- {
- SECURE_LOGE("Server: [Error] Cannot scan password directory. errno: %d", errno);
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
- if(num == 0)
- {
- SECURE_LOGD("%s", "Server: There is no password file");
- return SECURITY_SERVER_ERROR_NO_PASSWORD;
- }
-
- snprintf(path, 255, "%s/%s", SECURITY_SERVER_DATA_DIRECTORY_PATH, mydirent[num-1]->d_name);
- retval = validate_pwd_file(mydirent[num-1]->d_name);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SECURE_LOGD("Removing invalid password file: %s", path);
- unlink(path);
- get_pwd_path(path);
- }
- SECURE_LOGD("Password file path: %s", path);
- while (num--)
- free(mydirent[num]);
- free(mydirent);
- return SECURITY_SERVER_SUCCESS;
+ int retval;
+ struct dirent **mydirent;
+ int num;
+ num = scandir(SECURITY_SERVER_DATA_DIRECTORY_PATH, &mydirent, &dir_filter, alphasort);
+ if (num < 0)
+ {
+ SECURE_LOGE("Server: [Error] Cannot scan password directory. errno: %d", errno);
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+ if (num == 0)
+ {
+ SECURE_LOGD("%s", "Server: There is no password file");
+ return SECURITY_SERVER_ERROR_NO_PASSWORD;
+ }
+
+ snprintf(path, 255, "%s/%s", SECURITY_SERVER_DATA_DIRECTORY_PATH, mydirent[num - 1]->d_name);
+ retval = validate_pwd_file(mydirent[num - 1]->d_name);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SECURE_LOGD("Removing invalid password file: %s", path);
+ unlink(path);
+ get_pwd_path(path);
+ }
+ SECURE_LOGD("Password file path: %s", path);
+ while (num--)
+ free(mydirent[num]);
+ free(mydirent);
+ return SECURITY_SERVER_SUCCESS;
}
int load_password(unsigned char *cur_pwd, unsigned int *max_attempt, unsigned int *expire_time)
{
- int retval, fd;
- char pwd_path[255];
-
- /* Create directory */
- retval = mkdir(SECURITY_SERVER_DATA_DIRECTORY_PATH, 0700);
- if(retval != 0)
- {
- if(errno != EEXIST)
- {
- SEC_SVR_ERR("Cannot create directory. errno: %d", errno);
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
- }
-
- /* Check password files */
- while(1)
- {
- /* Get password file path */
- retval = get_pwd_path(pwd_path);
- if(retval == SECURITY_SERVER_ERROR_NO_PASSWORD)
- {
- SECURE_LOGD("%s", "Current password doesn't exist");
- return SECURITY_SERVER_ERROR_NO_PASSWORD;
- }
-
- /* Load password file */
- fd = open(pwd_path, O_RDONLY | O_NONBLOCK );
- if(fd < 0)
- {
- if(errno == ENOENT)
- {
- SECURE_LOGD("%s", "Server: Current password doesn't exist");
- return SECURITY_SERVER_ERROR_NO_PASSWORD;
- }
- SECURE_LOGE("Server: Current password cannot be opened. errno: %d", errno);
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
-
- /* Read and store into memory */
- retval = TEMP_FAILURE_RETRY(read(fd, cur_pwd, SECURITY_SERVER_HASHED_PWD_LEN));
- if(retval < SECURITY_SERVER_HASHED_PWD_LEN)
- {
- SECURE_LOGD("%s", "Server: Current password corrupted. resetting to previous one. 0");
- close(fd);
- fd = 0;
- unlink(pwd_path);
- continue;
- }
-
- retval = TEMP_FAILURE_RETRY(read(fd, max_attempt, sizeof(unsigned int)));
- if(retval < sizeof(unsigned int))
- {
- SECURE_LOGD("%s", "Server: Current password corrupted. resetting to previous one. 1");
- close(fd);
- fd = 0;
- unlink(pwd_path);
- continue;
- }
-
- retval = TEMP_FAILURE_RETRY(read(fd, expire_time, sizeof(unsigned int)));
- if(retval < sizeof(unsigned int))
- {
- SECURE_LOGD("%s", "Server: Current password corrupted. resetting to previous one. 2");
- close(fd);
- fd = 0;
- unlink(pwd_path);
- continue;
- }
- close(fd);
-
- /* Check expiration time. */
- if(*expire_time == 0) /* No valid period */
- *expire_time = 0xffffffff;
- else if(*expire_time <= time(NULL)) /* expired */
- *expire_time =0;
- else /* valid yet */
- *expire_time -= time(NULL);
- break;
- }
- SECURE_LOGD("%s", "Server: Current password file successfully loaded");
- return SECURITY_SERVER_SUCCESS;
+ int retval, fd;
+ char pwd_path[255];
+
+ /* Create directory */
+ retval = mkdir(SECURITY_SERVER_DATA_DIRECTORY_PATH, 0700);
+ if (retval != 0)
+ {
+ if (errno != EEXIST)
+ {
+ SEC_SVR_ERR("Cannot create directory. errno: %d", errno);
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+ }
+
+ /* Check password files */
+ while (1)
+ {
+ /* Get password file path */
+ retval = get_pwd_path(pwd_path);
+ if (retval == SECURITY_SERVER_ERROR_NO_PASSWORD)
+ {
+ SECURE_LOGD("%s", "Current password doesn't exist");
+ return SECURITY_SERVER_ERROR_NO_PASSWORD;
+ }
+
+ /* Load password file */
+ fd = open(pwd_path, O_RDONLY | O_NONBLOCK );
+ if (fd < 0)
+ {
+ if (errno == ENOENT)
+ {
+ SECURE_LOGD("%s", "Server: Current password doesn't exist");
+ return SECURITY_SERVER_ERROR_NO_PASSWORD;
+ }
+ SECURE_LOGE("Server: Current password cannot be opened. errno: %d", errno);
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+
+ /* Read and store into memory */
+ retval = TEMP_FAILURE_RETRY(read(fd, cur_pwd, SECURITY_SERVER_HASHED_PWD_LEN));
+ if (retval < SECURITY_SERVER_HASHED_PWD_LEN)
+ {
+ SECURE_LOGD("%s", "Server: Current password corrupted. resetting to previous one. 0");
+ close(fd);
+ fd = 0;
+ unlink(pwd_path);
+ continue;
+ }
+
+ retval = TEMP_FAILURE_RETRY(read(fd, max_attempt, sizeof(unsigned int)));
+ if (retval < sizeof(unsigned int))
+ {
+ SECURE_LOGD("%s", "Server: Current password corrupted. resetting to previous one. 1");
+ close(fd);
+ fd = 0;
+ unlink(pwd_path);
+ continue;
+ }
+
+ retval = TEMP_FAILURE_RETRY(read(fd, expire_time, sizeof(unsigned int)));
+ if (retval < sizeof(unsigned int))
+ {
+ SECURE_LOGD("%s", "Server: Current password corrupted. resetting to previous one. 2");
+ close(fd);
+ fd = 0;
+ unlink(pwd_path);
+ continue;
+ }
+ close(fd);
+
+ /* Check expiration time. */
+ if (*expire_time == 0) /* No valid period */
+ *expire_time = 0xffffffff;
+ else if (*expire_time <= time(NULL)) /* expired */
+ *expire_time = 0;
+ else /* valid yet */
+ *expire_time -= time(NULL);
+ break;
+ }
+ SECURE_LOGD("%s", "Server: Current password file successfully loaded");
+ return SECURITY_SERVER_SUCCESS;
}
int get_current_attempt(int increase)
{
- int retval, fd, attempt;
- char path[255];
-
- snprintf(path, 255, "%s/%s", SECURITY_SERVER_DATA_DIRECTORY_PATH,
- SECURITY_SERVER_ATTEMPT_FILE_NAME);
-
- /* Open current attempt file as read mode */
- fd = open(path, O_RDONLY | O_NONBLOCK );
- if(fd < 0)
- {
- if(errno == ENOENT)
- {
- SEC_SVR_DBG("%s", "Server: attempt doesn't exist. Creating one:");
- /* Create one if it doesn't exist */
- fd = open(path, O_WRONLY | O_NONBLOCK | O_CREAT, 0600);
- if(fd < 0)
- {
- SEC_SVR_ERR("Server ERROR: Cannot open attempt file. errno: %d", errno);
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
- retval = fchmod(fd, 0600);
- if(retval != 0)
- {
- SEC_SVR_ERR("Server ERROR: Cannot chmod attempt file. errno: %d", errno);
- close(fd);
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
- attempt = increase;
- retval = TEMP_FAILURE_RETRY(write(fd, &attempt, sizeof(int)));
- close(fd);
- if(retval < sizeof(int))
- {
- SEC_SVR_ERR("%s", "Server ERROR: Cannot write attempt");
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
- return attempt;
- }
- SECURE_LOGE("Current password cannot be opened. errno: %d", errno);
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
- retval = TEMP_FAILURE_RETRY(read(fd, &attempt, sizeof(int)));
- close(fd);
- if(retval < sizeof(int))
- {
- SEC_SVR_ERR("%s", "Server ERROR: Cannot read attempt");
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
-
- if(increase > 0)
- {
- /* Open the file again with write mode */
- fd = open(path, O_WRONLY | O_NONBLOCK, 0600);
- if(fd < 0)
- {
- SEC_SVR_ERR("Server ERROR: Cannot open attempt file. errno: %d", errno);
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
- retval = fchmod(fd, 0600);
- if(retval != 0)
- {
- SEC_SVR_ERR("Server ERROR: Cannot chmod attempt file. errno: %d", errno);
- close(fd);
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
- attempt += increase;
- retval = TEMP_FAILURE_RETRY(write(fd, &attempt, sizeof(int)));
- close(fd);
- if(retval < sizeof(int))
- {
- SEC_SVR_ERR("%s", "Server ERROR: Cannot write attempt");
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
- }
- return attempt;
+ int retval, fd, attempt;
+ char path[255];
+
+ snprintf(path, 255, "%s/%s", SECURITY_SERVER_DATA_DIRECTORY_PATH,
+ SECURITY_SERVER_ATTEMPT_FILE_NAME);
+
+ /* Open current attempt file as read mode */
+ fd = open(path, O_RDONLY | O_NONBLOCK );
+ if (fd < 0)
+ {
+ if (errno == ENOENT)
+ {
+ SEC_SVR_DBG("%s", "Server: attempt doesn't exist. Creating one:");
+ /* Create one if it doesn't exist */
+ fd = open(path, O_WRONLY | O_NONBLOCK | O_CREAT, 0600);
+ if (fd < 0)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot open attempt file. errno: %d", errno);
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+ retval = fchmod(fd, 0600);
+ if (retval != 0)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot chmod attempt file. errno: %d", errno);
+ close(fd);
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+ attempt = increase;
+ retval = TEMP_FAILURE_RETRY(write(fd, &attempt, sizeof(int)));
+ close(fd);
+ if (retval < sizeof(int))
+ {
+ SEC_SVR_ERR("%s", "Server ERROR: Cannot write attempt");
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+ return attempt;
+ }
+ SECURE_LOGE("Current password cannot be opened. errno: %d", errno);
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+ retval = TEMP_FAILURE_RETRY(read(fd, &attempt, sizeof(int)));
+ close(fd);
+ if (retval < sizeof(int))
+ {
+ SEC_SVR_ERR("%s", "Server ERROR: Cannot read attempt");
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+
+ if (increase > 0)
+ {
+ /* Open the file again with write mode */
+ fd = open(path, O_WRONLY | O_NONBLOCK, 0600);
+ if (fd < 0)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot open attempt file. errno: %d", errno);
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+ retval = fchmod(fd, 0600);
+ if (retval != 0)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot chmod attempt file. errno: %d", errno);
+ close(fd);
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+ attempt += increase;
+ retval = TEMP_FAILURE_RETRY(write(fd, &attempt, sizeof(int)));
+ close(fd);
+ if (retval < sizeof(int))
+ {
+ SEC_SVR_ERR("%s", "Server ERROR: Cannot write attempt");
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+ }
+ return attempt;
}
int reset_attempt(void)
{
- int fd, retval;
- char path[255];
- unsigned int attempt = 0;
-
- snprintf(path, 255, "%s/%s", SECURITY_SERVER_DATA_DIRECTORY_PATH,
- SECURITY_SERVER_ATTEMPT_FILE_NAME);
-
- /* Open the file again with write mode */
- fd = open(path, O_WRONLY | O_NONBLOCK, 0600);
- if(fd < 0)
- {
- SEC_SVR_ERR("Server ERROR: Cannot open attempt file. errno: %d", errno);
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
- retval = fchmod(fd, 0600);
- if(retval != 0)
- {
- SEC_SVR_ERR("Server ERROR: Cannot chmod attempt file. errno: %d", errno);
- close(fd);
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
- retval = TEMP_FAILURE_RETRY(write(fd, &attempt, sizeof(int)));
- close(fd);
- if(retval < sizeof(int))
- {
- SEC_SVR_ERR("%s", "Server ERROR: Cannot write attempt");
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
- SEC_SVR_DBG("%s", "Server: Attempt reset");
- return SECURITY_SERVER_SUCCESS;
+ int fd, retval;
+ char path[255];
+ unsigned int attempt = 0;
+
+ snprintf(path, 255, "%s/%s", SECURITY_SERVER_DATA_DIRECTORY_PATH,
+ SECURITY_SERVER_ATTEMPT_FILE_NAME);
+
+ /* Open the file again with write mode */
+ fd = open(path, O_WRONLY | O_NONBLOCK, 0600);
+ if (fd < 0)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot open attempt file. errno: %d", errno);
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+ retval = fchmod(fd, 0600);
+ if (retval != 0)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot chmod attempt file. errno: %d", errno);
+ close(fd);
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+ retval = TEMP_FAILURE_RETRY(write(fd, &attempt, sizeof(int)));
+ close(fd);
+ if (retval < sizeof(int))
+ {
+ SEC_SVR_ERR("%s", "Server ERROR: Cannot write attempt");
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+ SEC_SVR_DBG("%s", "Server: Attempt reset");
+ return SECURITY_SERVER_SUCCESS;
}
/* Compare current password Stored password is hashed by SHA-256 Algorithm */
int check_password(const unsigned char *cur_pwd, const unsigned char *requested_pwd,
- const unsigned int max_attempts, const unsigned int expire_time,
- int *current_attempt)
+ const unsigned int max_attempts, const unsigned int expire_time,
+ int *current_attempt)
{
- unsigned int current_time = time(NULL);
-
- if(max_attempts != 0)
- {
- *current_attempt = get_current_attempt(1);
-
- if(*current_attempt > max_attempts)
- {
- SEC_SVR_DBG("Server: Max attempt exceeded: %d, %d", *current_attempt, max_attempts);
- return SECURITY_SERVER_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED;
- }
- if(*current_attempt < 0)
- {
- SEC_SVR_DBG("Server: Attempt file operation failed. Ignoring... : %d", *current_attempt);
- }
- }
-
- /* Compare */
- if(memcmp(cur_pwd, requested_pwd, SECURITY_SERVER_HASHED_PWD_LEN) != 0)
- {
- SECURE_LOGD("%s", "Password mismatched");
- return SECURITY_SERVER_ERROR_PASSWORD_MISMATCH;
- }
-
- if(expire_time == 0)
+ unsigned int current_time = time(NULL);
+
+ if (max_attempts != 0)
+ {
+ *current_attempt = get_current_attempt(1);
+
+ if (*current_attempt > max_attempts)
+ {
+ SEC_SVR_DBG("Server: Max attempt exceeded: %d, %d", *current_attempt, max_attempts);
+ return SECURITY_SERVER_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED;
+ }
+ if (*current_attempt < 0)
+ {
+ SEC_SVR_DBG("Server: Attempt file operation failed. Ignoring... : %d", *current_attempt);
+ }
+ }
+
+ /* Compare */
+ if (memcmp(cur_pwd, requested_pwd, SECURITY_SERVER_HASHED_PWD_LEN) != 0)
+ {
+ SECURE_LOGD("%s", "Password mismatched");
+ return SECURITY_SERVER_ERROR_PASSWORD_MISMATCH;
+ }
+
+ if (expire_time == 0)
{
SECURE_LOGD("Server: Password has been expired: %d, %d", current_time, expire_time);
return SECURITY_SERVER_ERROR_PASSWORD_EXPIRED;
int set_history(int num)
{
- int fd, retval;
- char path[255];
-
- snprintf(path, 255, "%s/%s", SECURITY_SERVER_DATA_DIRECTORY_PATH,
- SECURITY_SERVER_HISTORY_FILE_NAME);
-
- /* Open the file again with write mode */
- fd = open(path, O_WRONLY | O_NONBLOCK, 0600);
- if(fd < 0)
- {
- if (errno == ENOENT)
- {
- fd = open(path, O_WRONLY | O_NONBLOCK | O_CREAT, 0600);
- if(fd < 0)
- {
- SEC_SVR_ERR("Server ERROR: Cannot create history file. errno: %d", errno);
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
- }
- else
- {
- SEC_SVR_ERR("Server ERROR: Cannot open history file. errno: %d", errno);
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
- }
- retval = fchmod(fd, 0600);
- if(retval != 0)
- {
- SEC_SVR_ERR("Server ERROR: Cannot chmod history file. errno: %d", errno);
- close(fd);
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
- retval = TEMP_FAILURE_RETRY(write(fd, &num, sizeof(int)));
- close(fd);
- if(retval < sizeof(int))
- {
- SEC_SVR_ERR("%s", "Server ERROR: Cannot write history");
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
- SEC_SVR_DBG("%s", "Server: history set finished");
- return SECURITY_SERVER_SUCCESS;
+ int fd, retval;
+ char path[255];
+
+ snprintf(path, 255, "%s/%s", SECURITY_SERVER_DATA_DIRECTORY_PATH,
+ SECURITY_SERVER_HISTORY_FILE_NAME);
+
+ /* Open the file again with write mode */
+ fd = open(path, O_WRONLY | O_NONBLOCK, 0600);
+ if (fd < 0)
+ {
+ if (errno == ENOENT)
+ {
+ fd = open(path, O_WRONLY | O_NONBLOCK | O_CREAT, 0600);
+ if (fd < 0)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot create history file. errno: %d", errno);
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+ }
+ else
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot open history file. errno: %d", errno);
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+ }
+ retval = fchmod(fd, 0600);
+ if (retval != 0)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot chmod history file. errno: %d", errno);
+ close(fd);
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+ retval = TEMP_FAILURE_RETRY(write(fd, &num, sizeof(int)));
+ close(fd);
+ if (retval < sizeof(int))
+ {
+ SEC_SVR_ERR("%s", "Server ERROR: Cannot write history");
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+ SEC_SVR_DBG("%s", "Server: history set finished");
+ return SECURITY_SERVER_SUCCESS;
}
int get_history_num(void)
{
- /* Placeholder for password history check count getting function */
- int fd, retval, history;
- char path[255];
-
- snprintf(path, 255, "%s/%s", SECURITY_SERVER_DATA_DIRECTORY_PATH,
- SECURITY_SERVER_HISTORY_FILE_NAME);
-
- /* Load password file */
- fd = open(path, O_RDONLY | O_NONBLOCK );
- if(fd < 0)
- {
- if(errno == ENOENT)
- {
- SEC_SVR_DBG("%s", "Server: history file doesn't exist");
- retval = set_history(0);
- return retval;
- }
- SEC_SVR_ERR("Server ERROR: history file cannot be opened. errno: %d", errno);
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
- retval = TEMP_FAILURE_RETRY(read(fd, &history, sizeof(history)));
- close(fd);
- if(retval < sizeof(history))
- {
- SEC_SVR_DBG("%s", "History file corrupted. Creating new one");
- unlink(path);
- retval = set_history(0);
- return retval;
- }
- SEC_SVR_DBG("History file read: %d", history);
- return history;
+ /* Placeholder for password history check count getting function */
+ int fd, retval, history;
+ char path[255];
+
+ snprintf(path, 255, "%s/%s", SECURITY_SERVER_DATA_DIRECTORY_PATH,
+ SECURITY_SERVER_HISTORY_FILE_NAME);
+
+ /* Load password file */
+ fd = open(path, O_RDONLY | O_NONBLOCK );
+ if (fd < 0)
+ {
+ if (errno == ENOENT)
+ {
+ SEC_SVR_DBG("%s", "Server: history file doesn't exist");
+ retval = set_history(0);
+ return retval;
+ }
+ SEC_SVR_ERR("Server ERROR: history file cannot be opened. errno: %d", errno);
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+ retval = TEMP_FAILURE_RETRY(read(fd, &history, sizeof(history)));
+ close(fd);
+ if (retval < sizeof(history))
+ {
+ SEC_SVR_DBG("%s", "History file corrupted. Creating new one");
+ unlink(path);
+ retval = set_history(0);
+ return retval;
+ }
+ SEC_SVR_DBG("History file read: %d", history);
+ return history;
}
int check_history(const unsigned char *requested_pwd)
{
- unsigned char history_pwd[SECURITY_SERVER_HASHED_PWD_LEN];
- char path[255];
- int num, history_count, fd, file_count, retval;
- int retval2 = SECURITY_SERVER_SUCCESS;
- struct dirent **mydirent;
-
- history_count = get_history_num();
- if(history_count <= 0)
- return SECURITY_SERVER_SUCCESS;
-
- num = scandir(SECURITY_SERVER_DATA_DIRECTORY_PATH, &mydirent, &dir_filter, alphasort);
- if(num < 0)
- {
- SECURE_LOGE("Server: [Error] Cannot scan password directory. errno: %d", errno);
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
-
- if(num == 0)
- {
- SECURE_LOGD("%s", "Server: There is no password file");
- return SECURITY_SERVER_ERROR_NO_PASSWORD;
- }
-
- file_count = 2;
- while((num--))
- {
- snprintf(path, 255, "%s/%s", SECURITY_SERVER_DATA_DIRECTORY_PATH, mydirent[num]->d_name);
- SECURE_LOGD("Password file path: %s", path);
- if(history_count > 0)
- {
- /* Load password file */
- fd = open(path, O_RDONLY | O_NONBLOCK );
- if(fd < 0)
- {
- if(errno == ENOENT)
- {
- SECURE_LOGD("%s", "Current password doesn't exist");
- return SECURITY_SERVER_SUCCESS;
- }
- SECURE_LOGE("Current password cannot be opened. errno: %d", errno);
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
- /* Read and store into memory */
- retval = TEMP_FAILURE_RETRY(read(fd, history_pwd, SECURITY_SERVER_HASHED_PWD_LEN));
- if(retval < SECURITY_SERVER_HASHED_PWD_LEN)
- {
- SECURE_LOGD("%s", "Current password corrupted. resetting to previous one. 0");
- close(fd);
- fd = 0;
- unlink(path);
- continue;
- }
- close(fd);
- /* Compare */
- if(memcmp(history_pwd, requested_pwd, SECURITY_SERVER_HASHED_PWD_LEN) == 0)
- {
- SECURE_LOGD("%s", "Server: Password has been reused");
- retval2 = SECURITY_SERVER_ERROR_PASSWORD_REUSED;
- }
- history_count--;
-
- }
-
- /* Remove too old or invalid password history */
- retval = validate_pwd_file(mydirent[num]->d_name);
- if(retval != SECURITY_SERVER_SUCCESS || file_count > (SECURITY_SERVER_MAX_PASSWORD_HISTORY))
- {
- SECURE_LOGD("Removing too old password. %s", path);
- unlink(path);
- }
- file_count++;
- free(mydirent[num]);
- }
- free(mydirent);
- if(retval2 == SECURITY_SERVER_ERROR_PASSWORD_REUSED)
- retval = retval2;
- return retval;
+ unsigned char history_pwd[SECURITY_SERVER_HASHED_PWD_LEN];
+ char path[255];
+ int num, history_count, fd, file_count, retval;
+ int retval2 = SECURITY_SERVER_SUCCESS;
+ struct dirent **mydirent;
+
+ history_count = get_history_num();
+ if (history_count <= 0)
+ return SECURITY_SERVER_SUCCESS;
+
+ num = scandir(SECURITY_SERVER_DATA_DIRECTORY_PATH, &mydirent, &dir_filter, alphasort);
+ if (num < 0)
+ {
+ SECURE_LOGE("Server: [Error] Cannot scan password directory. errno: %d", errno);
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+
+ if (num == 0)
+ {
+ SECURE_LOGD("%s", "Server: There is no password file");
+ return SECURITY_SERVER_ERROR_NO_PASSWORD;
+ }
+
+ file_count = 2;
+ while ((num--))
+ {
+ snprintf(path, 255, "%s/%s", SECURITY_SERVER_DATA_DIRECTORY_PATH, mydirent[num]->d_name);
+ SECURE_LOGD("Password file path: %s", path);
+ if (history_count > 0)
+ {
+ /* Load password file */
+ fd = open(path, O_RDONLY | O_NONBLOCK );
+ if (fd < 0)
+ {
+ if (errno == ENOENT)
+ {
+ SECURE_LOGD("%s", "Current password doesn't exist");
+ return SECURITY_SERVER_SUCCESS;
+ }
+ SECURE_LOGE("Current password cannot be opened. errno: %d", errno);
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+ /* Read and store into memory */
+ retval = TEMP_FAILURE_RETRY(read(fd, history_pwd, SECURITY_SERVER_HASHED_PWD_LEN));
+ if (retval < SECURITY_SERVER_HASHED_PWD_LEN)
+ {
+ SECURE_LOGD("%s", "Current password corrupted. resetting to previous one. 0");
+ close(fd);
+ fd = 0;
+ unlink(path);
+ continue;
+ }
+ close(fd);
+ /* Compare */
+ if (memcmp(history_pwd, requested_pwd, SECURITY_SERVER_HASHED_PWD_LEN) == 0)
+ {
+ SECURE_LOGD("%s", "Server: Password has been reused");
+ retval2 = SECURITY_SERVER_ERROR_PASSWORD_REUSED;
+ }
+ history_count--;
+ }
+
+ /* Remove too old or invalid password history */
+ retval = validate_pwd_file(mydirent[num]->d_name);
+ if (retval != SECURITY_SERVER_SUCCESS || file_count > (SECURITY_SERVER_MAX_PASSWORD_HISTORY))
+ {
+ SECURE_LOGD("Removing too old password. %s", path);
+ unlink(path);
+ }
+ file_count++;
+ free(mydirent[num]);
+ }
+ free(mydirent);
+ if (retval2 == SECURITY_SERVER_ERROR_PASSWORD_REUSED)
+ retval = retval2;
+ return retval;
}
/* Password file format */
* |---------------------------------------------------------------|
*/
int set_password(const unsigned char *requested_new_pwd, const unsigned int attempts,
- const unsigned int expire_time)
+ const unsigned int expire_time)
{
- int retval, fd;
- char pwd_path[255];
-
- /* New file created */
- retval = time(NULL);
- snprintf(pwd_path, 255, "%s/%d.pwd", SECURITY_SERVER_DATA_DIRECTORY_PATH, retval);
-
- /* Save new password as current password */
- fd = open(pwd_path, O_WRONLY | O_NONBLOCK | O_CREAT, 0600);
- if(fd < 0)
- {
- SECURE_LOGE("Cannot open current password file. errno: %d", errno);
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
- retval = fchmod(fd, 0600);
- if(retval != 0)
- {
- SECURE_LOGE("Cannot chmod current password file. errno: %d", errno);
- close(fd);
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
- retval = TEMP_FAILURE_RETRY(write(fd, requested_new_pwd, SECURITY_SERVER_HASHED_PWD_LEN));
- if(retval < SECURITY_SERVER_HASHED_PWD_LEN)
- {
- SECURE_LOGE("%s", "Cannot write password");
- close(fd);
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
- retval = TEMP_FAILURE_RETRY(write(fd, &attempts, sizeof(unsigned int)));
- if(retval < sizeof(unsigned int))
- {
- SECURE_LOGE("%s", "Cannot write password");
- close(fd);
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
- retval = TEMP_FAILURE_RETRY(write(fd, &expire_time, sizeof(unsigned int)));
- if(retval < sizeof(unsigned int))
- {
- SECURE_LOGE("%s", "Cannot write password");
- close(fd);
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
- fsync(fd);
- close(fd);
- SECURE_LOGD("%s", "Password file created");
- return SECURITY_SERVER_SUCCESS;
+ int retval, fd;
+ char pwd_path[255];
+
+ /* New file created */
+ retval = time(NULL);
+ snprintf(pwd_path, 255, "%s/%d.pwd", SECURITY_SERVER_DATA_DIRECTORY_PATH, retval);
+
+ /* Save new password as current password */
+ fd = open(pwd_path, O_WRONLY | O_NONBLOCK | O_CREAT, 0600);
+ if (fd < 0)
+ {
+ SECURE_LOGE("Cannot open current password file. errno: %d", errno);
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+ retval = fchmod(fd, 0600);
+ if (retval != 0)
+ {
+ SECURE_LOGE("Cannot chmod current password file. errno: %d", errno);
+ close(fd);
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+ retval = TEMP_FAILURE_RETRY(write(fd, requested_new_pwd, SECURITY_SERVER_HASHED_PWD_LEN));
+ if (retval < SECURITY_SERVER_HASHED_PWD_LEN)
+ {
+ SECURE_LOGE("%s", "Cannot write password");
+ close(fd);
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+ retval = TEMP_FAILURE_RETRY(write(fd, &attempts, sizeof(unsigned int)));
+ if (retval < sizeof(unsigned int))
+ {
+ SECURE_LOGE("%s", "Cannot write password");
+ close(fd);
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+ retval = TEMP_FAILURE_RETRY(write(fd, &expire_time, sizeof(unsigned int)));
+ if (retval < sizeof(unsigned int))
+ {
+ SECURE_LOGE("%s", "Cannot write password");
+ close(fd);
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+ fsync(fd);
+ close(fd);
+ SECURE_LOGD("%s", "Password file created");
+ return SECURITY_SERVER_SUCCESS;
}
int check_retry(const struct timeval cur_try)
{
- int interval_sec, interval_usec;
- interval_sec = cur_try.tv_sec - prev_try.tv_sec;
- interval_usec = cur_try.tv_usec - prev_try.tv_usec;
- prev_try = cur_try;
- if(interval_sec == 0
- && interval_usec > SECURITY_SERVER_PASSWORD_RETRY_TIMEOUT_MICROSECOND)
- return SECURITY_SERVER_SUCCESS;
-
- if(interval_sec > 0)
- return SECURITY_SERVER_SUCCESS;
-
- SEC_SVR_DBG("%s", "retry timer hit");
- return SECURITY_SERVER_ERROR_PASSWORD_RETRY_TIMER;
+ int interval_sec, interval_usec;
+ interval_sec = cur_try.tv_sec - prev_try.tv_sec;
+ interval_usec = cur_try.tv_usec - prev_try.tv_usec;
+ prev_try = cur_try;
+ if (interval_sec == 0
+ && interval_usec > SECURITY_SERVER_PASSWORD_RETRY_TIMEOUT_MICROSECOND)
+ return SECURITY_SERVER_SUCCESS;
+
+ if (interval_sec > 0)
+ return SECURITY_SERVER_SUCCESS;
+
+ SEC_SVR_DBG("%s", "retry timer hit");
+ return SECURITY_SERVER_ERROR_PASSWORD_RETRY_TIMER;
}
int process_valid_pwd_request(int sockfd)
{
- struct timeval cur_try;
- int retval, current_attempts, password_set;
- unsigned char cur_pwd[SECURITY_SERVER_HASHED_PWD_LEN];
- unsigned int max_attempt, expire_time;
+ struct timeval cur_try;
+ int retval, current_attempts, password_set;
+ unsigned char cur_pwd[SECURITY_SERVER_HASHED_PWD_LEN];
+ unsigned int max_attempt, expire_time;
/*
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_DBG("%s", "Client Authentication Failed");
- retval = send_generic_response(client_sockfd,
- SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
+ if(retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_DBG("%s", "Client Authentication Failed");
+ retval = send_generic_response(client_sockfd,
+ SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
+ if(retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
*/
- /* Check retry timer */
- gettimeofday(&cur_try, NULL);
- retval = check_retry(cur_try);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_DBG("%s", "Server: Retry timeout occurred");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_PASSWORD_RETRY_TIMER);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
- password_set = load_password(cur_pwd, &max_attempt, &expire_time);
- if(password_set == SECURITY_SERVER_ERROR_SERVER_ERROR)
- {
- SECURE_LOGE("%s", "Server: Responding error because we cannot provide password service");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SECURE_LOGE("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
-
- current_attempts = get_current_attempt(0);
- if(current_attempts < 0)
- {
- SEC_SVR_ERR("Server ERROR: Cannot get attempts: %d", current_attempts);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- }
-
- /* There is no password */
- if(password_set == SECURITY_SERVER_ERROR_NO_PASSWORD)
- {
- retval = send_pwd_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_VALID_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_NO_PASSWORD,
- 0, 0, 0);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SECURE_LOGE("Server ERROR: Cannot send password response: %d", retval);
- }
- goto error;
- }
- if(password_set == SECURITY_SERVER_SUCCESS)
- {
- retval = send_pwd_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_VALID_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_PASSWORD_EXIST,
- current_attempts, max_attempt, expire_time);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SECURE_LOGE("Server ERROR: Cannot send password response: %d", retval);
- }
- goto error;
- }
- SEC_SVR_ERR("Server ERROR: Unknown error: %d", retval);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
+ /* Check retry timer */
+ gettimeofday(&cur_try, NULL);
+ retval = check_retry(cur_try);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_DBG("%s", "Server: Retry timeout occurred");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_PASSWORD_RETRY_TIMER);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+ password_set = load_password(cur_pwd, &max_attempt, &expire_time);
+ if (password_set == SECURITY_SERVER_ERROR_SERVER_ERROR)
+ {
+ SECURE_LOGE("%s", "Server: Responding error because we cannot provide password service");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SECURE_LOGE("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+
+ current_attempts = get_current_attempt(0);
+ if (current_attempts < 0)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot get attempts: %d", current_attempts);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ }
+
+ /* There is no password */
+ if (password_set == SECURITY_SERVER_ERROR_NO_PASSWORD)
+ {
+ retval = send_pwd_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_VALID_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_NO_PASSWORD,
+ 0, 0, 0);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SECURE_LOGE("Server ERROR: Cannot send password response: %d", retval);
+ }
+ goto error;
+ }
+ if (password_set == SECURITY_SERVER_SUCCESS)
+ {
+ retval = send_pwd_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_VALID_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_PASSWORD_EXIST,
+ current_attempts, max_attempt, expire_time);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SECURE_LOGE("Server ERROR: Cannot send password response: %d", retval);
+ }
+ goto error;
+ }
+ SEC_SVR_ERR("Server ERROR: Unknown error: %d", retval);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
error:
- return retval;
+ return retval;
}
int process_set_pwd_request(int sockfd)
{
- struct timeval cur_try;
- int retval, password_set, current_attempt;
- unsigned int max_attempt, expire_time, valid_days, received_attempts;
- char new_pwd_len = 0, cur_pwd_len = 0;
- char requested_cur_pwd[SECURITY_SERVER_MAX_PASSWORD_LEN+1];
- char requested_new_pwd[SECURITY_SERVER_MAX_PASSWORD_LEN+1];
- unsigned char cur_pwd[SECURITY_SERVER_HASHED_PWD_LEN];
- unsigned char hashed_challenge[SECURITY_SERVER_HASHED_PWD_LEN];
- unsigned char hashed_new_pw[SECURITY_SERVER_HASHED_PWD_LEN];
-
- SHA256_CTX context;
-
- /* Authenticate client that peer is setting app goes here*/
- /* Check SMACK 'rw' rule for the set password */
- retval = SECURITY_SERVER_SUCCESS;
+ struct timeval cur_try;
+ int retval, password_set, current_attempt;
+ unsigned int max_attempt, expire_time, valid_days, received_attempts;
+ char new_pwd_len = 0, cur_pwd_len = 0;
+ char requested_cur_pwd[SECURITY_SERVER_MAX_PASSWORD_LEN + 1];
+ char requested_new_pwd[SECURITY_SERVER_MAX_PASSWORD_LEN + 1];
+ unsigned char cur_pwd[SECURITY_SERVER_HASHED_PWD_LEN];
+ unsigned char hashed_challenge[SECURITY_SERVER_HASHED_PWD_LEN];
+ unsigned char hashed_new_pw[SECURITY_SERVER_HASHED_PWD_LEN];
+
+ SHA256_CTX context;
+
+ /* Authenticate client that peer is setting app goes here*/
+ /* Check SMACK 'rw' rule for the set password */
+ retval = SECURITY_SERVER_SUCCESS;
/*
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_DBG("%s", "Client Authentication Failed");
- retval = send_generic_response(client_sockfd,
- SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
+ if(retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_DBG("%s", "Client Authentication Failed");
+ retval = send_generic_response(client_sockfd,
+ SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
+ if(retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
*/
- /* Check retry timer */
- gettimeofday(&cur_try, NULL);
- retval = check_retry(cur_try);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_DBG("%s", "Server: Retry timeout occurred");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_PASSWORD_RETRY_TIMER);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
- password_set = load_password(cur_pwd, &max_attempt, &expire_time);
- /* If we cannot load password file */
- if(password_set == SECURITY_SERVER_ERROR_SERVER_ERROR)
- {
- SECURE_LOGE("%s", "Server: Responding error because we cannot provide password service");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
-
- /* Receive size of pwds */
- retval = TEMP_FAILURE_RETRY(read(sockfd, &cur_pwd_len, sizeof(char)));
- if(retval < sizeof(char) || cur_pwd_len > SECURITY_SERVER_MAX_PASSWORD_LEN)
- {
- SECURE_LOGE("Server Error: current password length recieve failed: %d, %d", retval, cur_pwd_len);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
- retval = TEMP_FAILURE_RETRY(read(sockfd, &new_pwd_len, sizeof(char)));
- if(retval < sizeof(char) || new_pwd_len > SECURITY_SERVER_MAX_PASSWORD_LEN || new_pwd_len < 0)
- {
- SECURE_LOGE("Server Error: new password length recieve failed: %d, %d", retval, new_pwd_len);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
-
- /* Receive current password */
- if(cur_pwd_len > 0)
- {
- /* Check wheter current password is exist */
- if(password_set == SECURITY_SERVER_SUCCESS)
- retval = TEMP_FAILURE_RETRY(read(sockfd, requested_cur_pwd, cur_pwd_len));
- if(retval < cur_pwd_len)
- {
- SECURE_LOGE("Server Error: current password recieve failed: %d", retval);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
- requested_cur_pwd[cur_pwd_len] = 0;
- }
- else /* Check first password set attempt but password is already set */
- {
- if(password_set == SECURITY_SERVER_SUCCESS)
- {
- SECURE_LOGE("Server Error: password is already set: %d", retval);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_PASSWORD_EXIST);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
- }
-
- /* Receive new password */
- retval = TEMP_FAILURE_RETRY(read(sockfd, requested_new_pwd, new_pwd_len));
- if(retval < new_pwd_len)
- {
- SECURE_LOGE("Server Error: new password recieve failed: %d", retval);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
- requested_new_pwd[new_pwd_len] = 0;
-
- /* Receive max attempt */
- retval = TEMP_FAILURE_RETRY(read(sockfd, &received_attempts, sizeof(unsigned int)));
- if(retval < sizeof(unsigned int))
- {
- SEC_SVR_ERR("Sever Error: Max attempt receive failed: %d", retval);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
-
- /* Receive valid period */
- retval = TEMP_FAILURE_RETRY(read(sockfd, &valid_days, sizeof(unsigned int)));
- if(retval < sizeof(unsigned int))
- {
- SEC_SVR_ERR("Sever Error: Max attempt receive failed: %d", retval);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
-
- /* Hash requested password */
- SHA256_Init(&context);
- SHA256_Update(&context, (unsigned char*)requested_cur_pwd, strlen(requested_cur_pwd));
- SHA256_Final(hashed_challenge, &context);
-
- SHA256_Init(&context);
- SHA256_Update(&context, (unsigned char*)requested_new_pwd, strlen(requested_new_pwd));
- SHA256_Final(hashed_new_pw, &context);
-
- /* check current password */
- if(password_set == SECURITY_SERVER_SUCCESS)
- {
- retval = check_password(cur_pwd, hashed_challenge, max_attempt, expire_time, ¤t_attempt);
- if(retval == SECURITY_SERVER_ERROR_PASSWORD_MISMATCH)
- {
- SECURE_LOGD("%s", "Server: Wrong password");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_PASSWORD_MISMATCH);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
- if(retval == SECURITY_SERVER_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED)
- {
- SEC_SVR_DBG("%s", "Server: Too many challange");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_PASSWORD_MAX_ATTEMPTS_EXCEEDED);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
- if(retval == SECURITY_SERVER_ERROR_PASSWORD_EXPIRED)
- {
- SECURE_LOGD("%s", "Server: Password expired");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_PASSWORD_EXPIRED);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SECURE_LOGE("Error: Password check failed: %d", retval);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
- retval = check_history(hashed_new_pw);
- if(retval == SECURITY_SERVER_ERROR_PASSWORD_REUSED)
- {
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_PASSWORD_REUSED);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
- }
- else if(cur_pwd_len != 0)
- {
- /* Client ask to set with current password, but there is no password now */
- SECURE_LOGD("%s", "Server: There is no current password. But try to set with current password");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_PASSWORD_MISMATCH);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
-
- /* Calculate expire time in seconds */
- if(valid_days == 0)
- expire_time = 0;
- else
- expire_time = time(NULL) + (valid_days * 86400);
-
- /* set new password */
- retval = set_password(hashed_new_pw, received_attempts, expire_time);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SECURE_LOGE("Server Error: Password set failed: %d", retval);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- password_set = SECURITY_SERVER_ERROR_SERVER_ERROR;
- goto error;
- }
- password_set = SECURITY_SERVER_SUCCESS;
- retval = reset_attempt();
-
- /* All done. send response */
- SECURE_LOGD("%s", "Server: Password has been successfully modified");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_SUCCESS);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
+ /* Check retry timer */
+ gettimeofday(&cur_try, NULL);
+ retval = check_retry(cur_try);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_DBG("%s", "Server: Retry timeout occurred");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_PASSWORD_RETRY_TIMER);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+ password_set = load_password(cur_pwd, &max_attempt, &expire_time);
+ /* If we cannot load password file */
+ if (password_set == SECURITY_SERVER_ERROR_SERVER_ERROR)
+ {
+ SECURE_LOGE("%s", "Server: Responding error because we cannot provide password service");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+
+ /* Receive size of pwds */
+ retval = TEMP_FAILURE_RETRY(read(sockfd, &cur_pwd_len, sizeof(char)));
+ if (retval < sizeof(char) || cur_pwd_len > SECURITY_SERVER_MAX_PASSWORD_LEN)
+ {
+ SECURE_LOGE("Server Error: current password length recieve failed: %d, %d", retval, cur_pwd_len);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+ retval = TEMP_FAILURE_RETRY(read(sockfd, &new_pwd_len, sizeof(char)));
+ if (retval < sizeof(char) || new_pwd_len > SECURITY_SERVER_MAX_PASSWORD_LEN || new_pwd_len < 0)
+ {
+ SECURE_LOGE("Server Error: new password length recieve failed: %d, %d", retval, new_pwd_len);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+
+ /* Receive current password */
+ if (cur_pwd_len > 0)
+ {
+ /* Check wheter current password is exist */
+ if (password_set == SECURITY_SERVER_SUCCESS)
+ retval = TEMP_FAILURE_RETRY(read(sockfd, requested_cur_pwd, cur_pwd_len));
+ if (retval < cur_pwd_len)
+ {
+ SECURE_LOGE("Server Error: current password recieve failed: %d", retval);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+ requested_cur_pwd[cur_pwd_len] = 0;
+ }
+ else /* Check first password set attempt but password is already set */
+ {
+ if (password_set == SECURITY_SERVER_SUCCESS)
+ {
+ SECURE_LOGE("Server Error: password is already set: %d", retval);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_PASSWORD_EXIST);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+ }
+
+ /* Receive new password */
+ retval = TEMP_FAILURE_RETRY(read(sockfd, requested_new_pwd, new_pwd_len));
+ if (retval < new_pwd_len)
+ {
+ SECURE_LOGE("Server Error: new password recieve failed: %d", retval);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+ requested_new_pwd[new_pwd_len] = 0;
+
+ /* Receive max attempt */
+ retval = TEMP_FAILURE_RETRY(read(sockfd, &received_attempts, sizeof(unsigned int)));
+ if (retval < sizeof(unsigned int))
+ {
+ SEC_SVR_ERR("Sever Error: Max attempt receive failed: %d", retval);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+
+ /* Receive valid period */
+ retval = TEMP_FAILURE_RETRY(read(sockfd, &valid_days, sizeof(unsigned int)));
+ if (retval < sizeof(unsigned int))
+ {
+ SEC_SVR_ERR("Sever Error: Max attempt receive failed: %d", retval);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+
+ /* Hash requested password */
+ SHA256_Init(&context);
+ SHA256_Update(&context, (unsigned char*)requested_cur_pwd, strlen(requested_cur_pwd));
+ SHA256_Final(hashed_challenge, &context);
+
+ SHA256_Init(&context);
+ SHA256_Update(&context, (unsigned char*)requested_new_pwd, strlen(requested_new_pwd));
+ SHA256_Final(hashed_new_pw, &context);
+
+ /* check current password */
+ if (password_set == SECURITY_SERVER_SUCCESS)
+ {
+ retval = check_password(cur_pwd, hashed_challenge, max_attempt, expire_time, ¤t_attempt);
+ if (retval == SECURITY_SERVER_ERROR_PASSWORD_MISMATCH)
+ {
+ SECURE_LOGD("%s", "Server: Wrong password");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_PASSWORD_MISMATCH);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+ if (retval == SECURITY_SERVER_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED)
+ {
+ SEC_SVR_DBG("%s", "Server: Too many challange");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_PASSWORD_MAX_ATTEMPTS_EXCEEDED);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+ if (retval == SECURITY_SERVER_ERROR_PASSWORD_EXPIRED)
+ {
+ SECURE_LOGD("%s", "Server: Password expired");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_PASSWORD_EXPIRED);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SECURE_LOGE("Error: Password check failed: %d", retval);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+ retval = check_history(hashed_new_pw);
+ if (retval == SECURITY_SERVER_ERROR_PASSWORD_REUSED)
+ {
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_PASSWORD_REUSED);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+ }
+ else if (cur_pwd_len != 0)
+ {
+ /* Client ask to set with current password, but there is no password now */
+ SECURE_LOGD("%s", "Server: There is no current password. But try to set with current password");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_PASSWORD_MISMATCH);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+
+ /* Calculate expire time in seconds */
+ if (valid_days == 0)
+ expire_time = 0;
+ else
+ expire_time = time(NULL) + (valid_days * 86400);
+
+ /* set new password */
+ retval = set_password(hashed_new_pw, received_attempts, expire_time);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SECURE_LOGE("Server Error: Password set failed: %d", retval);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ password_set = SECURITY_SERVER_ERROR_SERVER_ERROR;
+ goto error;
+ }
+ password_set = SECURITY_SERVER_SUCCESS;
+ retval = reset_attempt();
+
+ /* All done. send response */
+ SECURE_LOGD("%s", "Server: Password has been successfully modified");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_SUCCESS);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
error:
- return retval;
+ return retval;
}
int process_reset_pwd_request(int sockfd)
{
- int retval, password_set;
- char new_pwd_len;
- unsigned int valid_days, received_attempts, expire_time;
- char requested_new_pwd[SECURITY_SERVER_MAX_PASSWORD_LEN +1];
- unsigned char hashed_new_pw[SECURITY_SERVER_HASHED_PWD_LEN];
- unsigned char cur_pwd[SECURITY_SERVER_HASHED_PWD_LEN];
- struct timeval cur_try;
+ int retval, password_set;
+ char new_pwd_len;
+ unsigned int valid_days, received_attempts, expire_time;
+ char requested_new_pwd[SECURITY_SERVER_MAX_PASSWORD_LEN + 1];
+ unsigned char hashed_new_pw[SECURITY_SERVER_HASHED_PWD_LEN];
+ unsigned char cur_pwd[SECURITY_SERVER_HASHED_PWD_LEN];
+ struct timeval cur_try;
- SHA256_CTX context;
+ SHA256_CTX context;
- /* Authenticate client that peer is setting app goes here*/
+ /* Authenticate client that peer is setting app goes here*/
/*
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_DBG("%s", "Client Authentication Failed");
- retval = send_generic_response(client_sockfd,
- SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
+ if(retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_DBG("%s", "Client Authentication Failed");
+ retval = send_generic_response(client_sockfd,
+ SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
+ if(retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
*/
- /* Check retry timer */
- gettimeofday(&cur_try, NULL);
- retval = check_retry(cur_try);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_DBG("%s", "Server: Retry timeout occurred");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_RESET_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_PASSWORD_RETRY_TIMER);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
-
- password_set = load_password(cur_pwd, &valid_days, &expire_time);
- if(password_set == SECURITY_SERVER_ERROR_SERVER_ERROR)
- {
- SECURE_LOGE("%s", "Server: Responding error because we cannot provide password service");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
-
- /* Receive size of pwd */
- retval = TEMP_FAILURE_RETRY(read(sockfd, &new_pwd_len, sizeof(char)));
- if(retval < sizeof(char) || new_pwd_len < 0 || new_pwd_len > SECURITY_SERVER_MAX_PASSWORD_LEN)
- {
- SECURE_LOGE("Server Error: new password length recieve failed: %d, %d", retval, new_pwd_len);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_RESET_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
-
- /* Receive new password */
- retval = TEMP_FAILURE_RETRY(read(sockfd, requested_new_pwd, new_pwd_len));
- if(retval < new_pwd_len)
- {
- SECURE_LOGE("Server Error: new password recieve failed: %d", retval);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_RESET_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
- requested_new_pwd[new_pwd_len] = 0;
-
- /* Receive max attempt */
- retval = TEMP_FAILURE_RETRY(read(sockfd, &received_attempts, sizeof(unsigned int)));
- if(retval < sizeof(unsigned int))
- {
- SEC_SVR_ERR("Sever Error: Max attempt receive failed: %d", retval);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_RESET_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
-
- /* Receive valid period */
- retval = TEMP_FAILURE_RETRY(read(sockfd, &valid_days, sizeof(unsigned int)));
- if(retval < sizeof(unsigned int))
- {
- SEC_SVR_ERR("Sever Error: Max attempt receive failed: %d", retval);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_RESET_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
-
- /* Calculate expire time in seconds */
- if(valid_days == 0)
- expire_time = 0;
- else
- expire_time = time(NULL) + (valid_days * 86400);
-
- /* Hash requested password */
- SHA256_Init(&context);
- SHA256_Update(&context, (unsigned char*)requested_new_pwd, strlen(requested_new_pwd));
- SHA256_Final(hashed_new_pw, &context);
- /* set new password */
- retval = set_password(hashed_new_pw, received_attempts, expire_time);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SECURE_LOGE("Server Error: Password set failed: %d", retval);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_RESET_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
- retval = reset_attempt();
-
- /* All done. send response */
- SECURE_LOGD("%s", "Server: Password has been successfully modified");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_RESET_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_SUCCESS);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
+ /* Check retry timer */
+ gettimeofday(&cur_try, NULL);
+ retval = check_retry(cur_try);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_DBG("%s", "Server: Retry timeout occurred");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_RESET_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_PASSWORD_RETRY_TIMER);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+
+ password_set = load_password(cur_pwd, &valid_days, &expire_time);
+ if (password_set == SECURITY_SERVER_ERROR_SERVER_ERROR)
+ {
+ SECURE_LOGE("%s", "Server: Responding error because we cannot provide password service");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+
+ /* Receive size of pwd */
+ retval = TEMP_FAILURE_RETRY(read(sockfd, &new_pwd_len, sizeof(char)));
+ if (retval < sizeof(char) || new_pwd_len < 0 || new_pwd_len > SECURITY_SERVER_MAX_PASSWORD_LEN)
+ {
+ SECURE_LOGE("Server Error: new password length recieve failed: %d, %d", retval, new_pwd_len);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_RESET_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+
+ /* Receive new password */
+ retval = TEMP_FAILURE_RETRY(read(sockfd, requested_new_pwd, new_pwd_len));
+ if (retval < new_pwd_len)
+ {
+ SECURE_LOGE("Server Error: new password recieve failed: %d", retval);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_RESET_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+ requested_new_pwd[new_pwd_len] = 0;
+
+ /* Receive max attempt */
+ retval = TEMP_FAILURE_RETRY(read(sockfd, &received_attempts, sizeof(unsigned int)));
+ if (retval < sizeof(unsigned int))
+ {
+ SEC_SVR_ERR("Sever Error: Max attempt receive failed: %d", retval);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_RESET_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+
+ /* Receive valid period */
+ retval = TEMP_FAILURE_RETRY(read(sockfd, &valid_days, sizeof(unsigned int)));
+ if (retval < sizeof(unsigned int))
+ {
+ SEC_SVR_ERR("Sever Error: Max attempt receive failed: %d", retval);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_RESET_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+
+ /* Calculate expire time in seconds */
+ if (valid_days == 0)
+ expire_time = 0;
+ else
+ expire_time = time(NULL) + (valid_days * 86400);
+
+ /* Hash requested password */
+ SHA256_Init(&context);
+ SHA256_Update(&context, (unsigned char*)requested_new_pwd, strlen(requested_new_pwd));
+ SHA256_Final(hashed_new_pw, &context);
+ /* set new password */
+ retval = set_password(hashed_new_pw, received_attempts, expire_time);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SECURE_LOGE("Server Error: Password set failed: %d", retval);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_RESET_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+ retval = reset_attempt();
+
+ /* All done. send response */
+ SECURE_LOGD("%s", "Server: Password has been successfully modified");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_RESET_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_SUCCESS);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
error:
- return retval;
+ return retval;
}
int process_chk_pwd_request(int sockfd)
{
- int retval, password_set, current_attempt;
- unsigned int max_attempt, expire_time;
- char requested_challenge[SECURITY_SERVER_MAX_PASSWORD_LEN+1];
- char challenge_len;
- unsigned char cur_pwd[SECURITY_SERVER_HASHED_PWD_LEN];
- unsigned char hashed_challenge[SECURITY_SERVER_HASHED_PWD_LEN];
- struct timeval cur_try;
-
- SHA256_CTX context;
-
- /* Authenticate client that peer is proper app goes here*/
- /* Check SMACK rule for the 'r' for password */
- retval = SECURITY_SERVER_SUCCESS;
+ int retval, password_set, current_attempt;
+ unsigned int max_attempt, expire_time;
+ char requested_challenge[SECURITY_SERVER_MAX_PASSWORD_LEN + 1];
+ char challenge_len;
+ unsigned char cur_pwd[SECURITY_SERVER_HASHED_PWD_LEN];
+ unsigned char hashed_challenge[SECURITY_SERVER_HASHED_PWD_LEN];
+ struct timeval cur_try;
+
+ SHA256_CTX context;
+
+ /* Authenticate client that peer is proper app goes here*/
+ /* Check SMACK rule for the 'r' for password */
+ retval = SECURITY_SERVER_SUCCESS;
/*
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_DBG("%s", "Client Authentication Failed");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
+ if(retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_DBG("%s", "Client Authentication Failed");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
+ if(retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
*/
- /* Check retry timer */
- gettimeofday(&cur_try, NULL);
- retval = check_retry(cur_try);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_DBG("%s", "Server: Retry timeout occurred");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_PASSWORD_RETRY_TIMER);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
-
- /* If we cannot load password file */
- password_set = load_password(cur_pwd, &max_attempt, &expire_time);;
- if(password_set == SECURITY_SERVER_ERROR_SERVER_ERROR)
- {
- SECURE_LOGE("%s", "ServerERROR: Responding error because we cannot provide password service");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
-
- /* Receive size of challenge */
- retval = TEMP_FAILURE_RETRY(read(sockfd, &challenge_len, sizeof(char)));
- if(retval < sizeof(char) || challenge_len > SECURITY_SERVER_MAX_PASSWORD_LEN)
- {
- SEC_SVR_ERR("Server ERROR: challenge length recieve failed: %d", retval);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
- /* Receive challenge */
- if(challenge_len > 0)
- {
- retval = TEMP_FAILURE_RETRY(read(sockfd, requested_challenge, challenge_len));
- if(retval < challenge_len)
- {
- SECURE_LOGE("Server ERROR: current password recieve failed: %d", retval);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
- requested_challenge[challenge_len] = 0;
- }
- else
- {
- SEC_SVR_ERR("Error: Challenge length too short: %d", retval);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
-
- /* Hash requested password */
- SHA256_Init(&context);
- SHA256_Update(&context, (unsigned char*)requested_challenge, challenge_len);
- SHA256_Final(hashed_challenge, &context);
-
- /* check current password */
- if(password_set == SECURITY_SERVER_SUCCESS)
- {
- retval = check_password(cur_pwd, hashed_challenge, max_attempt, expire_time, ¤t_attempt);
- if(retval == SECURITY_SERVER_ERROR_PASSWORD_MISMATCH)
- {
- SECURE_LOGD("%s", "Server: Wrong password");
- retval = send_pwd_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_PASSWORD_MISMATCH,
- current_attempt, max_attempt, expire_time);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
- if(retval == SECURITY_SERVER_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED)
- {
- SEC_SVR_DBG("%s", "Server: Too many trial");
- retval = send_pwd_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_PASSWORD_MAX_ATTEMPTS_EXCEEDED,
- current_attempt, max_attempt, expire_time);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
- if(retval == SECURITY_SERVER_ERROR_PASSWORD_EXPIRED)
- {
- SECURE_LOGD("%s", "Server: Password expired");
- retval = send_pwd_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_PASSWORD_EXPIRED,
- current_attempt, max_attempt, 0);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SECURE_LOGE("Server ERROR: Password check failed: %d", retval);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
-
- /* Password matched */
- SECURE_LOGD("%s", "Server: Password matched");
- retval = send_pwd_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_SUCCESS,
- current_attempt, max_attempt, expire_time);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- retval = reset_attempt();
- goto error;
- }
-
- /* There is no password */
-
- SECURE_LOGD("%s", "Server: There is no password to be checked");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_NO_PASSWORD);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
+ /* Check retry timer */
+ gettimeofday(&cur_try, NULL);
+ retval = check_retry(cur_try);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_DBG("%s", "Server: Retry timeout occurred");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_PASSWORD_RETRY_TIMER);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+
+ /* If we cannot load password file */
+ password_set = load_password(cur_pwd, &max_attempt, &expire_time);;
+ if (password_set == SECURITY_SERVER_ERROR_SERVER_ERROR)
+ {
+ SECURE_LOGE("%s", "ServerERROR: Responding error because we cannot provide password service");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+
+ /* Receive size of challenge */
+ retval = TEMP_FAILURE_RETRY(read(sockfd, &challenge_len, sizeof(char)));
+ if (retval < sizeof(char) || challenge_len > SECURITY_SERVER_MAX_PASSWORD_LEN)
+ {
+ SEC_SVR_ERR("Server ERROR: challenge length recieve failed: %d", retval);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+ /* Receive challenge */
+ if (challenge_len > 0)
+ {
+ retval = TEMP_FAILURE_RETRY(read(sockfd, requested_challenge, challenge_len));
+ if (retval < challenge_len)
+ {
+ SECURE_LOGE("Server ERROR: current password recieve failed: %d", retval);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+ requested_challenge[challenge_len] = 0;
+ }
+ else
+ {
+ SEC_SVR_ERR("Error: Challenge length too short: %d", retval);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+
+ /* Hash requested password */
+ SHA256_Init(&context);
+ SHA256_Update(&context, (unsigned char*)requested_challenge, challenge_len);
+ SHA256_Final(hashed_challenge, &context);
+
+ /* check current password */
+ if (password_set == SECURITY_SERVER_SUCCESS)
+ {
+ retval = check_password(cur_pwd, hashed_challenge, max_attempt, expire_time, ¤t_attempt);
+ if (retval == SECURITY_SERVER_ERROR_PASSWORD_MISMATCH)
+ {
+ SECURE_LOGD("%s", "Server: Wrong password");
+ retval = send_pwd_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_PASSWORD_MISMATCH,
+ current_attempt, max_attempt, expire_time);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+ if (retval == SECURITY_SERVER_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED)
+ {
+ SEC_SVR_DBG("%s", "Server: Too many trial");
+ retval = send_pwd_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_PASSWORD_MAX_ATTEMPTS_EXCEEDED,
+ current_attempt, max_attempt, expire_time);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+ if (retval == SECURITY_SERVER_ERROR_PASSWORD_EXPIRED)
+ {
+ SECURE_LOGD("%s", "Server: Password expired");
+ retval = send_pwd_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_PASSWORD_EXPIRED,
+ current_attempt, max_attempt, 0);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SECURE_LOGE("Server ERROR: Password check failed: %d", retval);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+
+ /* Password matched */
+ SECURE_LOGD("%s", "Server: Password matched");
+ retval = send_pwd_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_SUCCESS,
+ current_attempt, max_attempt, expire_time);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ retval = reset_attempt();
+ goto error;
+ }
+
+ /* There is no password */
+
+ SECURE_LOGD("%s", "Server: There is no password to be checked");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_NO_PASSWORD);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
error:
- return retval;
+ return retval;
}
int process_set_pwd_history_request(int sockfd)
{
- int retval;
- char history_num;
- struct timeval cur_try;
+ int retval;
+ char history_num;
+ struct timeval cur_try;
- /* Authenticate client that peer is setting app goes here*/
+ /* Authenticate client that peer is setting app goes here*/
/*
- f(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_DBG("%s", "Client Authentication Failed");
- retval = send_generic_response(client_sockfd,
- SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
+ f(retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_DBG("%s", "Client Authentication Failed");
+ retval = send_generic_response(client_sockfd,
+ SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
+ if(retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
*/
- /* Check retry timer */
- gettimeofday(&cur_try, NULL);
- retval = check_retry(cur_try);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_DBG("%s", "Server: Retry timeout occurred");
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_HISTORY_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_PASSWORD_RETRY_TIMER);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
-
- /* Receive size of pwds */
- retval = TEMP_FAILURE_RETRY(read(sockfd, &history_num, sizeof(char)));
- if(retval < sizeof(char) || history_num > SECURITY_SERVER_MAX_PASSWORD_HISTORY || history_num < 0 )
- {
- SEC_SVR_ERR("Server Error: History number recieve failed: %d, %d", retval, history_num);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_HISTORY_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- goto error;
- }
-
- retval = set_history((int)history_num);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server Error: History number set failed: %d", retval);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_HISTORY_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
- }
- SEC_SVR_DBG("Server History has been set to %d", history_num);
- retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_HISTORY_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_SUCCESS);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
- }
+ /* Check retry timer */
+ gettimeofday(&cur_try, NULL);
+ retval = check_retry(cur_try);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_DBG("%s", "Server: Retry timeout occurred");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_HISTORY_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_PASSWORD_RETRY_TIMER);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+
+ /* Receive size of pwds */
+ retval = TEMP_FAILURE_RETRY(read(sockfd, &history_num, sizeof(char)));
+ if (retval < sizeof(char) || history_num > SECURITY_SERVER_MAX_PASSWORD_HISTORY || history_num < 0)
+ {
+ SEC_SVR_ERR("Server Error: History number recieve failed: %d, %d", retval, history_num);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_HISTORY_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+
+ retval = set_history((int)history_num);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server Error: History number set failed: %d", retval);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_HISTORY_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
+ }
+ SEC_SVR_DBG("Server History has been set to %d", history_num);
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_HISTORY_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_SUCCESS);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
+ }
error:
- return retval;
+ return retval;
}
// this value (max challenge) for current password
retval = TEMP_FAILURE_RETRY(read(sockfd, &max_challenge, sizeof(unsigned int)));
- if(retval < sizeof(unsigned int))
+ if (retval < sizeof(unsigned int))
{
SEC_SVR_ERR("Server Error: recieve failed: %d", retval);
retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
{
SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
}
// Getting currently set password
retval = load_password(cur_pwd, ¤t_challenge, ¤t_validity);
/* If we cannot load password file */
- if(retval == SECURITY_SERVER_ERROR_NO_PASSWORD)
+ if (retval == SECURITY_SERVER_ERROR_NO_PASSWORD)
{
SECURE_LOGE("%s", "Server: can't read current password");
retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_NO_PASSWORD);
- if(retval != SECURITY_SERVER_SUCCESS)
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_NO_PASSWORD);
+ if (retval != SECURITY_SERVER_SUCCESS)
{
SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
}
goto error;
}
- else if(retval != SECURITY_SERVER_SUCCESS)
+ else if (retval != SECURITY_SERVER_SUCCESS)
{
SECURE_LOGE("%s", "Server: can't read current password");
retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
- if(retval != SECURITY_SERVER_SUCCESS)
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
+ if (retval != SECURITY_SERVER_SUCCESS)
{
SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
}
// Set 'new' password file with old password and new max challenge
retval = set_password(cur_pwd, max_challenge, time(NULL) + current_validity);
- if(retval != SECURITY_SERVER_SUCCESS)
+ if (retval != SECURITY_SERVER_SUCCESS)
{
SECURE_LOGE("Server Error: Password set failed: %d", retval);
retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
- if(retval != SECURITY_SERVER_SUCCESS)
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
+ if (retval != SECURITY_SERVER_SUCCESS)
{
SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
}
}
retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_SUCCESS);
- if(retval != SECURITY_SERVER_SUCCESS)
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_SUCCESS);
+ if (retval != SECURITY_SERVER_SUCCESS)
{
SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
}
// this value (validity) for current password
retval = TEMP_FAILURE_RETRY(read(sockfd, &validity, sizeof(unsigned int)));
- if(retval < sizeof(unsigned int))
+ if (retval < sizeof(unsigned int))
{
SEC_SVR_ERR("Server Error: recieve failed: %d", retval);
retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(retval != SECURITY_SERVER_SUCCESS)
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (retval != SECURITY_SERVER_SUCCESS)
{
SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
}
SEC_SVR_DBG("Server validity request: %d", validity);
// Calculating validity in seconds
- if(validity == 0)
+ if (validity == 0)
validity = 0;
else
validity = time(NULL) + (validity * 86400);
// Getting currently set password
retval = load_password(cur_pwd, ¤t_challenge, ¤t_validity);
/* If we cannot load password file */
- if(retval == SECURITY_SERVER_ERROR_NO_PASSWORD)
+ if (retval == SECURITY_SERVER_ERROR_NO_PASSWORD)
{
SECURE_LOGE("%s", "Server: can't read current password");
retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_NO_PASSWORD);
- if(retval != SECURITY_SERVER_SUCCESS)
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_NO_PASSWORD);
+ if (retval != SECURITY_SERVER_SUCCESS)
{
SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
}
goto error;
}
- else if(retval != SECURITY_SERVER_SUCCESS)
+ else if (retval != SECURITY_SERVER_SUCCESS)
{
SECURE_LOGE("%s", "Server: can't read current password");
retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
- if(retval != SECURITY_SERVER_SUCCESS)
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
+ if (retval != SECURITY_SERVER_SUCCESS)
{
SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
}
// Set 'new' password file with old password and new validity
retval = set_password(cur_pwd, current_challenge, validity);
- if(retval != SECURITY_SERVER_SUCCESS)
+ if (retval != SECURITY_SERVER_SUCCESS)
{
SECURE_LOGE("Server Error: Password set failed: %d", retval);
retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
- if(retval != SECURITY_SERVER_SUCCESS)
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
+ if (retval != SECURITY_SERVER_SUCCESS)
{
SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
}
}
retval = send_generic_response(sockfd,
- SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_SUCCESS);
- if(retval != SECURITY_SERVER_SUCCESS)
+ SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_SUCCESS);
+ if (retval != SECURITY_SERVER_SUCCESS)
{
SEC_SVR_ERR("Server ERROR: Cannot send generic response: %d", retval);
}
char *object;
} tree_info;
-static int tree_cmp(const void *first, const void *second) {
+static int tree_cmp(const void *first, const void *second)
+{
return (((tree_info*)first)->pid) - (((tree_info*)second)->pid);
}
-static int tree_info_push(tree_info *node) {
+static int tree_info_push(tree_info *node)
+{
int ret = 0;
pthread_mutex_lock(&tree_mutex);
}
-static int tree_info_add(int pid, const char *subject_param, const char *object_param) {
+static int tree_info_add(int pid, const char *subject_param, const char *object_param)
+{
tree_info *node = malloc(sizeof(tree_info));
char *subject = strdup(subject_param);
char *object = strdup(object_param);
return -1;
}
-static tree_info* tree_info_pop_new(int pid) {
+static tree_info *tree_info_pop_new(int pid)
+{
tree_info search, *node = NULL;
void *wtf;
search.pid = pid;
return node;
}
-static int rules_revoker_pid(int pid) {
+static int rules_revoker_pid(int pid)
+{
tree_info *node = NULL;
int ret = 0;
return ret;
}
-void rules_revoker_init(void) {
- pthread_mutex_init(&tree_mutex, NULL);
+void rules_revoker_init(void)
+{
+ pthread_mutex_init(&tree_mutex, NULL);
}
-int rules_revoker_add(int pid, const char *subject, const char *object) {
+int rules_revoker_add(int pid, const char *subject, const char *object)
+{
return tree_info_add(pid, subject, object);
}
-void rules_revoker_callback(const struct proc_event *event) {
+void rules_revoker_callback(const struct proc_event *event)
+{
if (PROC_EVENT_EXIT != event->what)
return;
rules_revoker_pid(event->event_data.exit.process_pid);
#include <security-server-system-observer.h>
#define NL_MESSAGE_SIZE (sizeof(struct nlmsghdr) + sizeof(struct cn_msg) + \
- sizeof(int))
+ sizeof(int))
static int nl_sock;
bzero(&sa_nl, sizeof(sa_nl));
sa_nl.nl_family = AF_NETLINK;
sa_nl.nl_groups = CN_IDX_PROC;
- sa_nl.nl_pid = getpid();
+ sa_nl.nl_pid = getpid();
- if (-1 == bind(nl_sock, (struct sockaddr *)&sa_nl, sizeof(sa_nl))) {
+ if (-1 == bind(nl_sock, (struct sockaddr*)&sa_nl, sizeof(sa_nl))) {
SEC_SVR_ERR("bind failed: %s", strerror(errno));
close(nl_sock);
return SECURITY_SERVER_ERROR_SOCKET;
}
/* Fill header */
- hdr = (struct nlmsghdr *)buff;
+ hdr = (struct nlmsghdr*)buff;
hdr->nlmsg_len = NL_MESSAGE_SIZE;
hdr->nlmsg_type = NLMSG_DONE;
hdr->nlmsg_flags = 0;
hdr->nlmsg_pid = getpid();
/* Fill message */
- msg = (struct cn_msg *)NLMSG_DATA(hdr);
+ msg = (struct cn_msg*)NLMSG_DATA(hdr);
msg->id.idx = CN_IDX_PROC; /* Connecting to process information */
msg->id.val = CN_VAL_PROC;
msg->seq = 0;
if (0 > select(nl_sock + 1, &fds, NULL, NULL, NULL)) {
SEC_SVR_ERR("select failed: %s", strerror(errno));
- return ;
+ return;
}
/* If there were no events detected, return */
- if (! FD_ISSET(nl_sock, &fds)) {
- return ;
+ if (!FD_ISSET(nl_sock, &fds)) {
+ return;
}
/* if there are events, make calls */
if (-1 == recv(nl_sock, buff, sizeof(buff), 0)) {
SEC_SVR_ERR("recv failed: %s", strerror(errno));
- return ;
+ return;
}
- hdr = (struct nlmsghdr *)buff;
+ hdr = (struct nlmsghdr*)buff;
if (NLMSG_ERROR == hdr->nlmsg_type) {
SEC_SVR_ERR("%s", "NLMSG_ERROR");
} else if (NLMSG_DONE == hdr->nlmsg_type) {
- event = (struct proc_event *)((struct cn_msg *)NLMSG_DATA(hdr))->data;
+ event = (struct proc_event*)((struct cn_msg*)NLMSG_DATA(hdr))->data;
if (data->event_callback)
(data->event_callback)(event);
}
}
}
-void* system_observer_main(void *data) {
+void *system_observer_main(void *data)
+{
if (SECURITY_SERVER_SUCCESS == connect_to_netlink()) {
- handle_events((system_observer_config *)data);
+ handle_events((system_observer_config*)data);
close(nl_sock);
}
return NULL;
* @source source data
* @len source data length
*/
-static void append_to_buffer(unsigned char *buffer, int* position, const void* source, size_t len) {
- if (len <= 0) {
- SEC_SVR_DBG("Appending nothing.");
- return;
- }
- memcpy(buffer + *position, source, len);
- *position += len;
+static void append_to_buffer(unsigned char *buffer, int *position, const void *source, size_t len)
+{
+ if (len <= 0) {
+ SEC_SVR_DBG("Appending nothing.");
+ return;
+ }
+ memcpy(buffer + *position, source, len);
+ *position += len;
}
-static void append_cookie(unsigned char *buffer, int* position, const cookie_list* cookie) {
- int i;
- int path_len = cookie->path ? strlen(cookie->path) : 0;
+static void append_cookie(unsigned char *buffer, int *position, const cookie_list *cookie)
+{
+ int i;
+ int path_len = cookie->path ? strlen(cookie->path) : 0;
- append_to_buffer(buffer, position, &path_len, sizeof(int));
- append_to_buffer(buffer, position, &cookie->permission_len, sizeof(int));
- append_to_buffer(buffer, position, &cookie->cookie, SECURITY_SERVER_COOKIE_LEN);
- append_to_buffer(buffer, position, &cookie->pid, sizeof(pid_t));
- append_to_buffer(buffer, position, &cookie->path, path_len);
+ append_to_buffer(buffer, position, &path_len, sizeof(int));
+ append_to_buffer(buffer, position, &cookie->permission_len, sizeof(int));
+ append_to_buffer(buffer, position, &cookie->cookie, SECURITY_SERVER_COOKIE_LEN);
+ append_to_buffer(buffer, position, &cookie->pid, sizeof(pid_t));
+ append_to_buffer(buffer, position, &cookie->path, path_len);
- for(i=0;i<cookie->permission_len;++i)
- append_to_buffer(buffer, position, &cookie->permissions[i], sizeof(int));
+ for (i = 0; i < cookie->permission_len; ++i)
+ append_to_buffer(buffer, position, &cookie->permissions[i], sizeof(int));
}
/* Get all cookie info response *
* packet format
* 0 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
* |---------------------------------------------------------------|
* | version=0x01 |MessageID=0x52 | Message Length |
* |---------------------------------------------------------------|
* | |
* | |
*/
-unsigned char * get_all_cookie_info(cookie_list *list, int *size)
+unsigned char *get_all_cookie_info(cookie_list *list, int *size)
{
- cookie_list *current = list;
- int ptr, total_num, total_size, path_len;
- unsigned char *buf = NULL, *tempptr = NULL;
- response_header hdr;
-
- total_size = sizeof(hdr) + sizeof(int);
-
- buf = malloc(total_size); /* header size */
- ptr = sizeof(hdr) + sizeof(int);
- total_num = 0; /* Total # of cookies initial value */
-
- while(current != NULL)
- {
- current = garbage_collection(current);
- if(current == NULL)
- break;
-
- total_num++;
- path_len = current->path ? strlen(current->path) : 0;
- total_size += sizeof(int) + sizeof(int) + SECURITY_SERVER_COOKIE_LEN + sizeof(pid_t) + path_len + (current->permission_len * sizeof(int));
- tempptr = realloc(buf, total_size);
- if(tempptr == NULL)
- {
- SEC_SVR_ERR("%s", "Out of memory");
- return NULL;
- }
- buf = tempptr;
-
- append_cookie(buf, &ptr, current);
- current = current->next;
- }
-
- if(total_size > 65530)
- {
- SEC_SVR_ERR("Packet too big. message length overflow: %d", total_size);
- free(buf);
- return NULL;
- }
-
- hdr.basic_hdr.version = SECURITY_SERVER_MSG_VERSION;
- hdr.basic_hdr.msg_id = SECURITY_SERVER_MSG_TYPE_GET_ALL_COOKIES_RESPONSE;
- hdr.basic_hdr.msg_len =(unsigned short)( total_size - sizeof(hdr));
- hdr.return_code = SECURITY_SERVER_RETURN_CODE_SUCCESS;
-
- // reset buffer position to the beginning of buffer and insert header
- ptr = 0;
- append_to_buffer(buf, &ptr, &hdr, sizeof(hdr));
- append_to_buffer(buf, &ptr, &total_num, sizeof(total_num));
- *size = total_size;
- return buf;
+ cookie_list *current = list;
+ int ptr, total_num, total_size, path_len;
+ unsigned char *buf = NULL, *tempptr = NULL;
+ response_header hdr;
+
+ total_size = sizeof(hdr) + sizeof(int);
+
+ buf = malloc(total_size); /* header size */
+ ptr = sizeof(hdr) + sizeof(int);
+ total_num = 0; /* Total # of cookies initial value */
+
+ while (current != NULL)
+ {
+ current = garbage_collection(current);
+ if (current == NULL)
+ break;
+
+ total_num++;
+ path_len = current->path ? strlen(current->path) : 0;
+ total_size += sizeof(int) + sizeof(int) + SECURITY_SERVER_COOKIE_LEN + sizeof(pid_t) + path_len + (current->permission_len * sizeof(int));
+ tempptr = realloc(buf, total_size);
+ if (tempptr == NULL)
+ {
+ SEC_SVR_ERR("%s", "Out of memory");
+ return NULL;
+ }
+ buf = tempptr;
+
+ append_cookie(buf, &ptr, current);
+ current = current->next;
+ }
+
+ if (total_size > 65530)
+ {
+ SEC_SVR_ERR("Packet too big. message length overflow: %d", total_size);
+ free(buf);
+ return NULL;
+ }
+
+ hdr.basic_hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.basic_hdr.msg_id = SECURITY_SERVER_MSG_TYPE_GET_ALL_COOKIES_RESPONSE;
+ hdr.basic_hdr.msg_len = (unsigned short)(total_size - sizeof(hdr));
+ hdr.return_code = SECURITY_SERVER_RETURN_CODE_SUCCESS;
+
+ // reset buffer position to the beginning of buffer and insert header
+ ptr = 0;
+ append_to_buffer(buf, &ptr, &hdr, sizeof(hdr));
+ append_to_buffer(buf, &ptr, &total_num, sizeof(total_num));
+ *size = total_size;
+ return buf;
}
int send_all_cookie_info(const unsigned char *buf, int size, int sockfd)
{
- int ret;
- /* Check poll */
- ret = check_socket_poll(sockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(ret == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "poll() error");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- if(ret == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- SEC_SVR_ERR("%s", "poll() timeout");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
-
- /* Send to client */
- ret = TEMP_FAILURE_RETRY(write(sockfd, buf, size));
-
- if(ret < size)
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- return SECURITY_SERVER_SUCCESS;
+ int ret;
+ /* Check poll */
+ ret = check_socket_poll(sockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (ret == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "poll() error");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ if (ret == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_ERR("%s", "poll() timeout");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+
+ /* Send to client */
+ ret = TEMP_FAILURE_RETRY(write(sockfd, buf, size));
+
+ if (ret < size)
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ return SECURITY_SERVER_SUCCESS;
}
/* Get one cookie info response *
* packet format
* 0 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
* |---------------------------------------------------------------|
* | version=0x01 |MessageID=0x54 | Message Length |
* |---------------------------------------------------------------|
*/
int send_one_cookie_info(const cookie_list *list, int sockfd)
{
- unsigned char *buf = NULL;
- response_header hdr;
- int total_size, ptr = 0, ret, path_len;
-
- path_len = list->path ? strlen(list->path) : 0;
-
- total_size = sizeof(hdr) + sizeof(int) + sizeof(int) + SECURITY_SERVER_COOKIE_LEN + sizeof(pid_t) + path_len + (list->permission_len * sizeof(int));
- buf = malloc(total_size);
- if(buf == NULL)
- {
- SEC_SVR_ERR("%s", "Out of memory");
- return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
- }
-
- hdr.basic_hdr.version = SECURITY_SERVER_MSG_VERSION;
- hdr.basic_hdr.msg_id = SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_RESPONSE;
- hdr.basic_hdr.msg_len =sizeof(int) + sizeof(int) + SECURITY_SERVER_COOKIE_LEN + sizeof(pid_t) + path_len + (list->permission_len * sizeof(int));
- hdr.return_code = SECURITY_SERVER_RETURN_CODE_SUCCESS;
-
- // header
- append_to_buffer(buf, &ptr, &hdr, sizeof(hdr));
- // cookie
- append_cookie(buf, &ptr, list);
-
- ret = check_socket_poll(sockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(ret == SECURITY_SERVER_ERROR_POLL)
- {
- SEC_SVR_ERR("%s", "poll() error");
- free(buf);
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- if(ret == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- SEC_SVR_ERR("%s", "poll() timeout");
- free(buf);
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
-
- /* Send to client */
- ret = TEMP_FAILURE_RETRY(write(sockfd, buf, total_size));
- free(buf);
- if(ret < total_size)
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- return SECURITY_SERVER_SUCCESS;
+ unsigned char *buf = NULL;
+ response_header hdr;
+ int total_size, ptr = 0, ret, path_len;
+
+ path_len = list->path ? strlen(list->path) : 0;
+
+ total_size = sizeof(hdr) + sizeof(int) + sizeof(int) + SECURITY_SERVER_COOKIE_LEN + sizeof(pid_t) + path_len + (list->permission_len * sizeof(int));
+ buf = malloc(total_size);
+ if (buf == NULL)
+ {
+ SEC_SVR_ERR("%s", "Out of memory");
+ return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
+ }
+
+ hdr.basic_hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.basic_hdr.msg_id = SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_RESPONSE;
+ hdr.basic_hdr.msg_len = sizeof(int) + sizeof(int) + SECURITY_SERVER_COOKIE_LEN + sizeof(pid_t) + path_len + (list->permission_len * sizeof(int));
+ hdr.return_code = SECURITY_SERVER_RETURN_CODE_SUCCESS;
+
+ // header
+ append_to_buffer(buf, &ptr, &hdr, sizeof(hdr));
+ // cookie
+ append_cookie(buf, &ptr, list);
+
+ ret = check_socket_poll(sockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (ret == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_ERR("%s", "poll() error");
+ free(buf);
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ if (ret == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_ERR("%s", "poll() timeout");
+ free(buf);
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+
+ /* Send to client */
+ ret = TEMP_FAILURE_RETRY(write(sockfd, buf, total_size));
+ free(buf);
+ if (ret < total_size)
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ return SECURITY_SERVER_SUCCESS;
}
-int util_process_all_cookie(int sockfd, cookie_list* list)
+int util_process_all_cookie(int sockfd, cookie_list *list)
{
- unsigned char *buf = NULL;
- int ret;
- buf = get_all_cookie_info(list, &ret);
- if(buf == NULL)
- {
- return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
- }
-
- ret = send_all_cookie_info(buf, ret, sockfd);
-
- if(buf != NULL)
- free(buf);
- return ret;
+ unsigned char *buf = NULL;
+ int ret;
+ buf = get_all_cookie_info(list, &ret);
+ if (buf == NULL)
+ {
+ return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
+ }
+
+ ret = send_all_cookie_info(buf, ret, sockfd);
+
+ if (buf != NULL)
+ free(buf);
+ return ret;
}
-int util_process_cookie_from_pid(int sockfd, cookie_list* list)
+int util_process_cookie_from_pid(int sockfd, cookie_list *list)
{
- int pid, ret;
- cookie_list *result = NULL;
-
- ret = TEMP_FAILURE_RETRY(read(sockfd, &pid, sizeof(int)));
- if(ret < (int)sizeof(int))
- {
- SEC_SVR_ERR("Received cookie size is too small: %d", ret);
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
- if(pid == 0)
- {
- SEC_SVR_ERR("%s", "ERROR: Default cookie is not allowed to be retrieved");
- ret = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
- if(ret != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", ret);
- }
- }
- result = search_cookie_from_pid(list, pid);
- if(result == NULL)
- {
- ret = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_NO_SUCH_COOKIE);
- if(ret != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", ret);
- }
- }
- else
- {
- ret = send_one_cookie_info(result, sockfd);
- if(ret != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send cookie info response: %d", ret);
- }
- }
-
- return ret;
+ int pid, ret;
+ cookie_list *result = NULL;
+
+ ret = TEMP_FAILURE_RETRY(read(sockfd, &pid, sizeof(int)));
+ if (ret < (int)sizeof(int))
+ {
+ SEC_SVR_ERR("Received cookie size is too small: %d", ret);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+ if (pid == 0)
+ {
+ SEC_SVR_ERR("%s", "ERROR: Default cookie is not allowed to be retrieved");
+ ret = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if (ret != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", ret);
+ }
+ }
+ result = search_cookie_from_pid(list, pid);
+ if (result == NULL)
+ {
+ ret = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_NO_SUCH_COOKIE);
+ if (ret != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", ret);
+ }
+ }
+ else
+ {
+ ret = send_one_cookie_info(result, sockfd);
+ if (ret != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send cookie info response: %d", ret);
+ }
+ }
+
+ return ret;
}
-int util_process_cookie_from_cookie(int sockfd, cookie_list* list)
+int util_process_cookie_from_cookie(int sockfd, cookie_list *list)
{
- unsigned char cookie[SECURITY_SERVER_COOKIE_LEN];
- int ret;
+ unsigned char cookie[SECURITY_SERVER_COOKIE_LEN];
+ int ret;
int privileges[] = { 0 }; //only one privilege to check - root
- cookie_list *result = NULL;
-
- ret = TEMP_FAILURE_RETRY(read(sockfd, cookie, SECURITY_SERVER_COOKIE_LEN));
- if(ret < SECURITY_SERVER_COOKIE_LEN)
- {
- SEC_SVR_ERR("Received cookie size is too small: %d", ret);
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
- result = search_cookie(list, cookie, privileges, 1);
- if(result == NULL)
- {
- ret = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_RESPONSE,
- SECURITY_SERVER_RETURN_CODE_NO_SUCH_COOKIE);
- if(ret != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send generic response: %d", ret);
- }
- }
- else
- {
- ret = send_one_cookie_info(result, sockfd);
- if(ret != SECURITY_SERVER_SUCCESS)
- {
- SEC_SVR_ERR("ERROR: Cannot send cookie info response: %d", ret);
- }
- }
-
- return ret;
+ cookie_list *result = NULL;
+
+ ret = TEMP_FAILURE_RETRY(read(sockfd, cookie, SECURITY_SERVER_COOKIE_LEN));
+ if (ret < SECURITY_SERVER_COOKIE_LEN)
+ {
+ SEC_SVR_ERR("Received cookie size is too small: %d", ret);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+ result = search_cookie(list, cookie, privileges, 1);
+ if (result == NULL)
+ {
+ ret = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_NO_SUCH_COOKIE);
+ if (ret != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send generic response: %d", ret);
+ }
+ }
+ else
+ {
+ ret = send_one_cookie_info(result, sockfd);
+ if (ret != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("ERROR: Cannot send cookie info response: %d", ret);
+ }
+ }
+
+ return ret;
}
-int util_smack_label_is_valid(const char *smack_label){
- int i;
-
- if (!smack_label || smack_label[0] == '\0' || smack_label[0] == '-')
- goto err;
-
- for (i = 0; smack_label[i]; ++i) {
- if (i >= SMACK_LABEL_LEN)
- return 0;
- switch (smack_label[i]) {
- case '~':
- case ' ':
- case '/':
- case '"':
- case '\\':
- case '\'':
- goto err;
- default:
- break;
- }
- }
-
- return 1;
+int util_smack_label_is_valid(const char *smack_label)
+{
+ int i;
+
+ if (!smack_label || smack_label[0] == '\0' || smack_label[0] == '-')
+ goto err;
+
+ for (i = 0; smack_label[i]; ++i) {
+ if (i >= SMACK_LABEL_LEN)
+ return 0;
+ switch (smack_label[i]) {
+ case '~':
+ case ' ':
+ case '/':
+ case '"':
+ case '\\':
+ case '\'':
+ goto err;
+ default:
+ break;
+ }
+ }
+
+ return 1;
err:
- SEC_SVR_ERR("ERROR: Invalid Smack label: %s", smack_label);
- return 0;
+ SEC_SVR_ERR("ERROR: Invalid Smack label: %s", smack_label);
+ return 0;
}
#define TOTAL_PATH_MAX 256
-#define mszBase64Table "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
-#define BASE64_PAD '='
+#define mszBase64Table "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
+#define BASE64_PAD '='
- void printusage(char *cmdline)
+void printusage(char *cmdline)
{
- printf("%s\n", "Usage: ");
- printf("%s [Options]\n", cmdline);
- printf("%s\n", "[Options]");
- printf("%s\n", "-a:\tList all active cookies ");
- printf("%s\n", "-f [filename]:\tList a specific cookie information from file");
- printf("%s\n", "\tThe file must contain binary form of cookie");
- printf("%s\n", "-p [pid]:\tList a specific cookie information for a process by PID");
- printf("%s\n", "-s [base64 encoded cookie]:\tList a specific cookie information for a process by given base64 encoded cookie value");
- printf("%s\n", "Example:");
- printf("%s -a\n", cmdline);
- printf("%s -f /tmp/mycookie.bin\n", cmdline);
- printf("%s -p 2115\n", cmdline);
- printf("%s -s asC34fddaxd6NDVDA43GFD345TfCADF==\n", cmdline);
+ printf("%s\n", "Usage: ");
+ printf("%s [Options]\n", cmdline);
+ printf("%s\n", "[Options]");
+ printf("%s\n", "-a:\tList all active cookies ");
+ printf("%s\n", "-f [filename]:\tList a specific cookie information from file");
+ printf("%s\n", "\tThe file must contain binary form of cookie");
+ printf("%s\n", "-p [pid]:\tList a specific cookie information for a process by PID");
+ printf("%s\n", "-s [base64 encoded cookie]:\tList a specific cookie information for a process by given base64 encoded cookie value");
+ printf("%s\n", "Example:");
+ printf("%s -a\n", cmdline);
+ printf("%s -f /tmp/mycookie.bin\n", cmdline);
+ printf("%s -p 2115\n", cmdline);
+ printf("%s -s asC34fddaxd6NDVDA43GFD345TfCADF==\n", cmdline);
}
void printstr(const unsigned char *data, int size)
{
- int i;
- for(i=0;i<size;i++)
- {
- printf("%c", data[i]);
- }
- printf("\n");
+ int i;
+ for (i = 0; i < size; i++)
+ {
+ printf("%c", data[i]);
+ }
+ printf("\n");
}
void printperm(const unsigned char *data, int num)
{
- int i, ptr, tempnum;
- for(i=0, ptr=0;i<num;i++)
- {
- memcpy(&tempnum, data+ptr, sizeof(int));
- printf("%d, ", tempnum);
- ptr+= sizeof(int);
- if(i % 6 == 0 && i != 0)
- printf("\n");
- }
- printf("\n");
+ int i, ptr, tempnum;
+ for (i = 0, ptr = 0; i < num; i++)
+ {
+ memcpy(&tempnum, data + ptr, sizeof(int));
+ printf("%d, ", tempnum);
+ ptr += sizeof(int);
+ if (i % 6 == 0 && i != 0)
+ printf("\n");
+ }
+ printf("\n");
}
/* Send all cookie information request packet to security server *
- *
+ *
* Message format
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
* |---------------------------------------------------------------|
*/
int send_all_cookie_info_request(int sockfd)
{
-
- basic_header hdr;
- int retval;
-
- /* Assemble header */
- hdr.version = SECURITY_SERVER_MSG_VERSION;
- hdr.msg_id = SECURITY_SERVER_MSG_TYPE_GET_ALL_COOKIES_REQUEST;
- hdr.msg_len = 0;
-
- /* Check poll */
- retval = check_socket_poll(sockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(retval == SECURITY_SERVER_ERROR_POLL)
- {
- printf("Error: %s\n", "poll() error");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- if(retval == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- printf("Error: %s\n", "poll() timeout");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
-
- /* Send to server */
- retval = TEMP_FAILURE_RETRY(write(sockfd, &hdr, sizeof(hdr)));
- if(retval < sizeof(hdr))
- {
- /* Write error */
- printf("Error on write(): %d\n", retval);
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- return SECURITY_SERVER_SUCCESS;
+ basic_header hdr;
+ int retval;
+
+ /* Assemble header */
+ hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.msg_id = SECURITY_SERVER_MSG_TYPE_GET_ALL_COOKIES_REQUEST;
+ hdr.msg_len = 0;
+
+ /* Check poll */
+ retval = check_socket_poll(sockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (retval == SECURITY_SERVER_ERROR_POLL)
+ {
+ printf("Error: %s\n", "poll() error");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ if (retval == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ printf("Error: %s\n", "poll() timeout");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+
+ /* Send to server */
+ retval = TEMP_FAILURE_RETRY(write(sockfd, &hdr, sizeof(hdr)));
+ if (retval < sizeof(hdr))
+ {
+ /* Write error */
+ printf("Error on write(): %d\n", retval);
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ return SECURITY_SERVER_SUCCESS;
}
int recv_all_cookie_info(int sockfd)
{
- int retval, total_cookie, ptr = 0, i, cmdline_len, perm_len, recved_pid;
- response_header hdr;
- unsigned char *buf = NULL;
-
- /* Check poll */
- retval = check_socket_poll(sockfd, POLLIN, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(retval == SECURITY_SERVER_ERROR_POLL)
- {
- printf("Error: %s\n", "poll() error");
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
- if(retval == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- printf("Error: %s\n", "poll() timeout");
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
-
- /* Receive response */
- retval = TEMP_FAILURE_RETRY(read(sockfd, &hdr, sizeof(response_header)));
- if(retval < sizeof(hdr) )
- {
- /* Error on socket */
- printf("Error: Receive failed %d\n", retval);
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
-
- if(hdr.return_code != SECURITY_SERVER_RETURN_CODE_SUCCESS)
- {
- printf("Error: response error: %d\n", hdr.return_code);
- return return_code_to_error_code(hdr.return_code);
- }
-
- if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_GET_ALL_COOKIES_RESPONSE)
- {
- printf("Error: response error: different msg type %d\n", hdr.basic_hdr.msg_id );
- return SECURITY_SERVER_ERROR_BAD_RESPONSE;
- }
-
- buf = malloc(hdr.basic_hdr.msg_len);
- if(buf == NULL)
- {
- printf("Error: Out of memory\n");
- return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
- }
-
- retval = TEMP_FAILURE_RETRY(read(sockfd, buf, hdr.basic_hdr.msg_len));
- if(retval < hdr.basic_hdr.msg_len)
- {
- printf("Error: receiving too small amount. %d, %d\n", retval, hdr.basic_hdr.msg_len);
- printhex(buf, retval);
- if(buf != NULL)
- free(buf);
- return SECURITY_SERVER_ERROR_BAD_RESPONSE;
- }
-
- memcpy(&total_cookie, buf, sizeof(int));
- if(total_cookie == 0)
- {
- printf("There is no cookie available\n");
- if(buf != NULL)
- free(buf);
- return SECURITY_SERVER_SUCCESS;
- }
- ptr = sizeof(int);
- printf("--------------------------------\n");
- for(i=0;i<total_cookie;i++)
- {
- printf("%dth cookie:\n", i+1);
- memcpy(&cmdline_len, buf+ptr, sizeof(int));
- ptr += sizeof(int);
- memcpy(&perm_len, buf+ptr, sizeof(int));
- ptr+= sizeof(int);
-
- printf("%s\n", "Cookie:");
- printhex(buf + ptr, SECURITY_SERVER_COOKIE_LEN);
- ptr += SECURITY_SERVER_COOKIE_LEN;
- memcpy(&recved_pid, buf+ptr, sizeof(int));
- ptr+= sizeof(int);
- if(recved_pid == 0)
- {
- printf("PID: %d (default cookie - for all root processes)\n", recved_pid);
- printf("%s\n", "cmdline: N/A");
- printf("%s\n", "Permissions (gids): N/A");
- }
- else
- {
- printf("PID: %d\n", recved_pid);
-
- printf("%s\n", "cmdline:");
- printstr(buf + ptr, cmdline_len);
- ptr += cmdline_len;
-
- printf("%s\n", "Permissions (gids):");
- printperm(buf + ptr, perm_len);
- ptr += (perm_len * sizeof(int));
- }
- printf("--------------------------------\n");
- }
- if(buf != NULL)
- free(buf);
- return SECURITY_SERVER_SUCCESS;
+ int retval, total_cookie, ptr = 0, i, cmdline_len, perm_len, recved_pid;
+ response_header hdr;
+ unsigned char *buf = NULL;
+
+ /* Check poll */
+ retval = check_socket_poll(sockfd, POLLIN, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (retval == SECURITY_SERVER_ERROR_POLL)
+ {
+ printf("Error: %s\n", "poll() error");
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+ if (retval == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ printf("Error: %s\n", "poll() timeout");
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+
+ /* Receive response */
+ retval = TEMP_FAILURE_RETRY(read(sockfd, &hdr, sizeof(response_header)));
+ if (retval < sizeof(hdr))
+ {
+ /* Error on socket */
+ printf("Error: Receive failed %d\n", retval);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+
+ if (hdr.return_code != SECURITY_SERVER_RETURN_CODE_SUCCESS)
+ {
+ printf("Error: response error: %d\n", hdr.return_code);
+ return return_code_to_error_code(hdr.return_code);
+ }
+
+ if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_GET_ALL_COOKIES_RESPONSE)
+ {
+ printf("Error: response error: different msg type %d\n", hdr.basic_hdr.msg_id );
+ return SECURITY_SERVER_ERROR_BAD_RESPONSE;
+ }
+
+ buf = malloc(hdr.basic_hdr.msg_len);
+ if (buf == NULL)
+ {
+ printf("Error: Out of memory\n");
+ return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
+ }
+
+ retval = TEMP_FAILURE_RETRY(read(sockfd, buf, hdr.basic_hdr.msg_len));
+ if (retval < hdr.basic_hdr.msg_len)
+ {
+ printf("Error: receiving too small amount. %d, %d\n", retval, hdr.basic_hdr.msg_len);
+ printhex(buf, retval);
+ if (buf != NULL)
+ free(buf);
+ return SECURITY_SERVER_ERROR_BAD_RESPONSE;
+ }
+
+ memcpy(&total_cookie, buf, sizeof(int));
+ if (total_cookie == 0)
+ {
+ printf("There is no cookie available\n");
+ if (buf != NULL)
+ free(buf);
+ return SECURITY_SERVER_SUCCESS;
+ }
+ ptr = sizeof(int);
+ printf("--------------------------------\n");
+ for (i = 0; i < total_cookie; i++)
+ {
+ printf("%dth cookie:\n", i + 1);
+ memcpy(&cmdline_len, buf + ptr, sizeof(int));
+ ptr += sizeof(int);
+ memcpy(&perm_len, buf + ptr, sizeof(int));
+ ptr += sizeof(int);
+
+ printf("%s\n", "Cookie:");
+ printhex(buf + ptr, SECURITY_SERVER_COOKIE_LEN);
+ ptr += SECURITY_SERVER_COOKIE_LEN;
+ memcpy(&recved_pid, buf + ptr, sizeof(int));
+ ptr += sizeof(int);
+ if (recved_pid == 0)
+ {
+ printf("PID: %d (default cookie - for all root processes)\n", recved_pid);
+ printf("%s\n", "cmdline: N/A");
+ printf("%s\n", "Permissions (gids): N/A");
+ }
+ else
+ {
+ printf("PID: %d\n", recved_pid);
+
+ printf("%s\n", "cmdline:");
+ printstr(buf + ptr, cmdline_len);
+ ptr += cmdline_len;
+
+ printf("%s\n", "Permissions (gids):");
+ printperm(buf + ptr, perm_len);
+ ptr += (perm_len * sizeof(int));
+ }
+ printf("--------------------------------\n");
+ }
+ if (buf != NULL)
+ free(buf);
+ return SECURITY_SERVER_SUCCESS;
}
/* Send cookie information request from cookie packet to security server *
- *
+ *
* Message format
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
* |---------------------------------------------------------------|
*/
int send_cookie_info_request_from_cookie(int sockfd, const unsigned char *cookie)
{
-
- basic_header hdr;
- int retval;
- int size = sizeof(hdr) + SECURITY_SERVER_COOKIE_LEN;
- unsigned char buf[size];
-
- /* Assemble header */
- hdr.version = SECURITY_SERVER_MSG_VERSION;
- hdr.msg_id = SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_FROM_COOKIE_REQUEST;
- hdr.msg_len = SECURITY_SERVER_COOKIE_LEN;
-
- memcpy(buf, &hdr, sizeof(hdr));
- memcpy(buf + sizeof(hdr), cookie, SECURITY_SERVER_COOKIE_LEN);
-
- /* Check poll */
- retval = check_socket_poll(sockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(retval == SECURITY_SERVER_ERROR_POLL)
- {
- printf("Error: %s\n", "poll() error");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- if(retval == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- printf("Error: %s\n", "poll() timeout");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
-
- /* Send to server */
- retval = TEMP_FAILURE_RETRY(write(sockfd, buf, size));
- if(retval < size)
- {
- /* Write error */
- printf("Error on write(): %d\n", retval);
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- return SECURITY_SERVER_SUCCESS;
+ basic_header hdr;
+ int retval;
+ int size = sizeof(hdr) + SECURITY_SERVER_COOKIE_LEN;
+ unsigned char buf[size];
+
+ /* Assemble header */
+ hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.msg_id = SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_FROM_COOKIE_REQUEST;
+ hdr.msg_len = SECURITY_SERVER_COOKIE_LEN;
+
+ memcpy(buf, &hdr, sizeof(hdr));
+ memcpy(buf + sizeof(hdr), cookie, SECURITY_SERVER_COOKIE_LEN);
+
+ /* Check poll */
+ retval = check_socket_poll(sockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (retval == SECURITY_SERVER_ERROR_POLL)
+ {
+ printf("Error: %s\n", "poll() error");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ if (retval == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ printf("Error: %s\n", "poll() timeout");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+
+ /* Send to server */
+ retval = TEMP_FAILURE_RETRY(write(sockfd, buf, size));
+ if (retval < size)
+ {
+ /* Write error */
+ printf("Error on write(): %d\n", retval);
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ return SECURITY_SERVER_SUCCESS;
}
/* Send cookie information request from pid packet to security server *
- *
+ *
* Message format
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
* |---------------------------------------------------------------|
*/
int send_cookie_info_request_from_pid(int sockfd, int pid)
{
- basic_header hdr;
- int retval;
- int size = sizeof(hdr) + sizeof(int);
- unsigned char buf[size];
-
- /* Assemble header */
- hdr.version = SECURITY_SERVER_MSG_VERSION;
- hdr.msg_id = SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_FROM_PID_REQUEST;
- hdr.msg_len = SECURITY_SERVER_COOKIE_LEN;
- memcpy(buf, &hdr, sizeof(hdr));
- memcpy(buf+sizeof(hdr), &pid, sizeof(int));
-
- /* Check poll */
- retval = check_socket_poll(sockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(retval == SECURITY_SERVER_ERROR_POLL)
- {
- printf("Error: %s\n", "poll() error");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- if(retval == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- printf("Error: %s\n", "poll() timeout");
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
-
- /* Send to server */
- retval = TEMP_FAILURE_RETRY(write(sockfd, buf, size));
- if(retval < size)
- {
- /* Write error */
- printf("Error on write(): %d\n", retval);
- return SECURITY_SERVER_ERROR_SEND_FAILED;
- }
- return SECURITY_SERVER_SUCCESS;
+ basic_header hdr;
+ int retval;
+ int size = sizeof(hdr) + sizeof(int);
+ unsigned char buf[size];
+
+ /* Assemble header */
+ hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.msg_id = SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_FROM_PID_REQUEST;
+ hdr.msg_len = SECURITY_SERVER_COOKIE_LEN;
+ memcpy(buf, &hdr, sizeof(hdr));
+ memcpy(buf + sizeof(hdr), &pid, sizeof(int));
+
+ /* Check poll */
+ retval = check_socket_poll(sockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (retval == SECURITY_SERVER_ERROR_POLL)
+ {
+ printf("Error: %s\n", "poll() error");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ if (retval == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ printf("Error: %s\n", "poll() timeout");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+
+ /* Send to server */
+ retval = TEMP_FAILURE_RETRY(write(sockfd, buf, size));
+ if (retval < size)
+ {
+ /* Write error */
+ printf("Error on write(): %d\n", retval);
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ return SECURITY_SERVER_SUCCESS;
}
int recv_cookie_info_response(sockfd)
{
- unsigned char *buf = NULL;
- int retval, cmdline_len, perm_len, recved_pid, ptr = 0;
- response_header hdr;
-
- /* Check poll */
- retval = check_socket_poll(sockfd, POLLIN, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
- if(retval == SECURITY_SERVER_ERROR_POLL)
- {
- printf("Error: %s\n", "poll() error");
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
- if(retval == SECURITY_SERVER_ERROR_TIMEOUT)
- {
- printf("Error: %s\n", "poll() timeout");
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
-
- /* Receive response */
- retval = TEMP_FAILURE_RETRY(read(sockfd, &hdr, sizeof(response_header)));
- if(retval < sizeof(hdr) )
- {
- /* Error on socket */
- printf("Error: Receive failed %d\n", retval);
- return SECURITY_SERVER_ERROR_RECV_FAILED;
- }
-
- if(hdr.return_code != SECURITY_SERVER_RETURN_CODE_SUCCESS)
- {
- printf("Error: response error: %d\n", hdr.return_code);
- return return_code_to_error_code(hdr.return_code);
- }
-
- if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_RESPONSE)
- {
- printf("Error: response error: different msg type %d\n" ,hdr.basic_hdr.msg_id);
- return SECURITY_SERVER_ERROR_BAD_RESPONSE;
- }
-
- buf = malloc(hdr.basic_hdr.msg_len);
- if(buf == NULL)
- {
- printf("Error: Out of memory\n");
- return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
- }
-
- retval = TEMP_FAILURE_RETRY(read(sockfd, buf, hdr.basic_hdr.msg_len));
- if(retval < hdr.basic_hdr.msg_len)
- {
- printf("Error: receiving too small amount. %d, %d\n", retval, hdr.basic_hdr.msg_len);
- printhex(buf, retval);
- if(buf != NULL)
- free(buf);
- return SECURITY_SERVER_ERROR_BAD_RESPONSE;
- }
-
- memcpy(&cmdline_len, buf+ptr, sizeof(int));
- ptr += sizeof(int);
- memcpy(&perm_len, buf+ptr, sizeof(int));
- ptr+= sizeof(int);
-
- printf("%s\n", "Cookie:");
- printhex(buf + ptr, SECURITY_SERVER_COOKIE_LEN);
- ptr += SECURITY_SERVER_COOKIE_LEN;
- memcpy(&recved_pid, buf+ptr, sizeof(int));
- ptr+= sizeof(int);
- if(recved_pid == 0)
- {
- printf("PID: %d (default cookie - for all root processes)\n", recved_pid);
- printf("%s\n", "cmdline: N/A");
- printf("%s\n", "Permissions (gids): N/A");
- }
- else
- {
- printf("PID: %d\n", recved_pid);
-
- printf("%s\n", "cmdline:");
- printstr(buf + ptr, cmdline_len);
- ptr += cmdline_len;
-
- printf("%s\n", "Permissions (gids):");
- printperm(buf + ptr, perm_len);
- }
-
- free(buf);
-
- return SECURITY_SERVER_SUCCESS;
+ unsigned char *buf = NULL;
+ int retval, cmdline_len, perm_len, recved_pid, ptr = 0;
+ response_header hdr;
+
+ /* Check poll */
+ retval = check_socket_poll(sockfd, POLLIN, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if (retval == SECURITY_SERVER_ERROR_POLL)
+ {
+ printf("Error: %s\n", "poll() error");
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+ if (retval == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ printf("Error: %s\n", "poll() timeout");
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+
+ /* Receive response */
+ retval = TEMP_FAILURE_RETRY(read(sockfd, &hdr, sizeof(response_header)));
+ if (retval < sizeof(hdr))
+ {
+ /* Error on socket */
+ printf("Error: Receive failed %d\n", retval);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+
+ if (hdr.return_code != SECURITY_SERVER_RETURN_CODE_SUCCESS)
+ {
+ printf("Error: response error: %d\n", hdr.return_code);
+ return return_code_to_error_code(hdr.return_code);
+ }
+
+ if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_RESPONSE)
+ {
+ printf("Error: response error: different msg type %d\n",hdr.basic_hdr.msg_id);
+ return SECURITY_SERVER_ERROR_BAD_RESPONSE;
+ }
+
+ buf = malloc(hdr.basic_hdr.msg_len);
+ if (buf == NULL)
+ {
+ printf("Error: Out of memory\n");
+ return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
+ }
+
+ retval = TEMP_FAILURE_RETRY(read(sockfd, buf, hdr.basic_hdr.msg_len));
+ if (retval < hdr.basic_hdr.msg_len)
+ {
+ printf("Error: receiving too small amount. %d, %d\n", retval, hdr.basic_hdr.msg_len);
+ printhex(buf, retval);
+ if (buf != NULL)
+ free(buf);
+ return SECURITY_SERVER_ERROR_BAD_RESPONSE;
+ }
+
+ memcpy(&cmdline_len, buf + ptr, sizeof(int));
+ ptr += sizeof(int);
+ memcpy(&perm_len, buf + ptr, sizeof(int));
+ ptr += sizeof(int);
+
+ printf("%s\n", "Cookie:");
+ printhex(buf + ptr, SECURITY_SERVER_COOKIE_LEN);
+ ptr += SECURITY_SERVER_COOKIE_LEN;
+ memcpy(&recved_pid, buf + ptr, sizeof(int));
+ ptr += sizeof(int);
+ if (recved_pid == 0)
+ {
+ printf("PID: %d (default cookie - for all root processes)\n", recved_pid);
+ printf("%s\n", "cmdline: N/A");
+ printf("%s\n", "Permissions (gids): N/A");
+ }
+ else
+ {
+ printf("PID: %d\n", recved_pid);
+
+ printf("%s\n", "cmdline:");
+ printstr(buf + ptr, cmdline_len);
+ ptr += cmdline_len;
+
+ printf("%s\n", "Permissions (gids):");
+ printperm(buf + ptr, perm_len);
+ }
+
+ free(buf);
+
+ return SECURITY_SERVER_SUCCESS;
}
void util_send_all_cookie_info_request(void)
{
- int sockfd = -1, retval;
-
- retval = connect_to_server(&sockfd);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- printf("Error: %s\n", "connection failed");
- goto error;
- }
-
- /* make request packet */
- retval = send_all_cookie_info_request(sockfd);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- SEC_SVR_ERR("Error: send request failed: %d", retval);
- goto error;
- }
- retval = recv_all_cookie_info(sockfd);
- if(retval <0)
- {
- printf("Error: Error receiving cookie list: %d\n", retval);
- goto error;
- }
+ int sockfd = -1, retval;
+
+ retval = connect_to_server(&sockfd);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ printf("Error: %s\n", "connection failed");
+ goto error;
+ }
+
+ /* make request packet */
+ retval = send_all_cookie_info_request(sockfd);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("Error: send request failed: %d", retval);
+ goto error;
+ }
+ retval = recv_all_cookie_info(sockfd);
+ if (retval < 0)
+ {
+ printf("Error: Error receiving cookie list: %d\n", retval);
+ goto error;
+ }
error:
- if(sockfd > 0)
- {
- close(sockfd);
- }
- return;
+ if (sockfd > 0)
+ {
+ close(sockfd);
+ }
+ return;
}
void util_read_cookie_from_bin_file(unsigned char *cookie, const char *path)
{
- char total_path[TOTAL_PATH_MAX] = {0, };
- FILE *fp = NULL;
- int ret;
-
- if(path[0] == '/' || (path[0] == '.' && path[1] == '/'))
- {
- /* Using absolute path */
- strncpy(total_path, path, TOTAL_PATH_MAX);
- }
- else
- {
- if (getcwd(total_path, TOTAL_PATH_MAX) == NULL)
- {
- printf("Cannot open cookie file\n");
- exit(1);
- }
- snprintf(total_path, TOTAL_PATH_MAX, "%s/%s", total_path, path);
- }
-
- fp = fopen(total_path, "rb");
- if(fp == NULL)
- {
- printf("Cannot open cookie file\n");
- exit(1);
- }
-
- ret = fread(cookie, 1, SECURITY_SERVER_COOKIE_LEN, fp);
- if(ret < SECURITY_SERVER_COOKIE_LEN)
- {
- printf("Cannot read cookie file: %d\n", ret);
- fclose(fp);
- exit(1);
- }
-
- fclose(fp);
- return;
+ char total_path[TOTAL_PATH_MAX] = {0, };
+ FILE *fp = NULL;
+ int ret;
+
+ if (path[0] == '/' || (path[0] == '.' && path[1] == '/'))
+ {
+ /* Using absolute path */
+ strncpy(total_path, path, TOTAL_PATH_MAX);
+ }
+ else
+ {
+ if (getcwd(total_path, TOTAL_PATH_MAX) == NULL)
+ {
+ printf("Cannot open cookie file\n");
+ exit(1);
+ }
+ snprintf(total_path, TOTAL_PATH_MAX, "%s/%s", total_path, path);
+ }
+
+ fp = fopen(total_path, "rb");
+ if (fp == NULL)
+ {
+ printf("Cannot open cookie file\n");
+ exit(1);
+ }
+
+ ret = fread(cookie, 1, SECURITY_SERVER_COOKIE_LEN, fp);
+ if (ret < SECURITY_SERVER_COOKIE_LEN)
+ {
+ printf("Cannot read cookie file: %d\n", ret);
+ fclose(fp);
+ exit(1);
+ }
+
+ fclose(fp);
+ return;
}
void util_send_cookie_info_request_from_cookie(unsigned char *cookie)
{
- int sockfd = -1, retval;
-
- retval = connect_to_server(&sockfd);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- printf("Error: %s\n", "connection failed");
- goto error;
- }
-
- /* make request packet */
- retval = send_cookie_info_request_from_cookie(sockfd, cookie);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- SEC_SVR_ERR("Error: send request failed: %d", retval);
- goto error;
- }
- retval = recv_cookie_info_response(sockfd);
- if(retval == SECURITY_SERVER_ERROR_NO_SUCH_COOKIE)
- {
- printf("There is no such cookie available\n");
- goto error;
- }
- if(retval <0)
- {
- printf("Error: Error receiving cookie info: %d\n", retval);
- goto error;
- }
+ int sockfd = -1, retval;
+
+ retval = connect_to_server(&sockfd);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ printf("Error: %s\n", "connection failed");
+ goto error;
+ }
+
+ /* make request packet */
+ retval = send_cookie_info_request_from_cookie(sockfd, cookie);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("Error: send request failed: %d", retval);
+ goto error;
+ }
+ retval = recv_cookie_info_response(sockfd);
+ if (retval == SECURITY_SERVER_ERROR_NO_SUCH_COOKIE)
+ {
+ printf("There is no such cookie available\n");
+ goto error;
+ }
+ if (retval < 0)
+ {
+ printf("Error: Error receiving cookie info: %d\n", retval);
+ goto error;
+ }
error:
- if(sockfd > 0)
- {
- close(sockfd);
- }
- return;
+ if (sockfd > 0)
+ {
+ close(sockfd);
+ }
+ return;
}
-unsigned char* util_base64_decode(unsigned char* input, long inputLength, long* outputLength)
+unsigned char *util_base64_decode(unsigned char *input, long inputLength, long *outputLength)
{
- unsigned char* pCurIn = input;
- unsigned char* pCurOut;
- long iOutCharNum = 0;
- long lInputLength = inputLength;
- char buf[4];
- unsigned char* inCode;
- unsigned char* output;
- (*outputLength) = 0;
- if((input == NULL) || (inputLength <= 0))
- return NULL;
-
- /* calculate length of output data */
- for(; lInputLength > 0; lInputLength--)
- {
- if ((*pCurIn) == BASE64_PAD)
- {
- (*outputLength) += ((iOutCharNum + 1) >> 1);
- if ((iOutCharNum == 2) &&
- ((lInputLength == 1) ||
- (*(pCurIn + 1) != BASE64_PAD)))
- {
- (*outputLength)++;
- }
- iOutCharNum = 0;
- break;
- }
- inCode = (unsigned char*)strchr(mszBase64Table, *(pCurIn++));
- if (!inCode)
- continue;
- iOutCharNum++;
- if (iOutCharNum == 4)
- {
- (*outputLength) += 3;
- iOutCharNum=0;
- }
- }
- (*outputLength) += ((iOutCharNum + 1)/2);
-
- /* allocate memory for output data*/
- output = malloc( *outputLength + 1 );
- if(NULL == output)
- {
- return NULL;
- }
- memset( output, 0, (*outputLength + 1) );
- pCurOut = output;
- iOutCharNum = buf[0] = buf[1] = buf[2] = buf[3] = 0;
-
- /* decode data*/
- pCurIn = input;
-
- for(; inputLength>0; inputLength--)
- {
- if ((*pCurIn) == BASE64_PAD)
- {
- /*end-padding processing*/
- if (iOutCharNum == 0)
- {
- return output;
- }
- (*(pCurOut++)) = ((buf[0] & 0x3F) << 2) + ((buf[1] & 0x30) >> 4);
- if ((iOutCharNum == 3)||((iOutCharNum == 2) && ((lInputLength == 0) ||
- ((*(pCurIn + 1)) != BASE64_PAD))))
- {
- (*(pCurOut++)) = ((buf[1] & 0x0F) << 4) + ((buf[2] & 0x3C) >> 2);
- }
- return output;
- }
- inCode = (unsigned char*)strchr(mszBase64Table, *(pCurIn++));
- if (!inCode)
- {
- continue;
- }
- buf[iOutCharNum++] = (char)((unsigned long)inCode - (unsigned long)mszBase64Table);
- if (iOutCharNum == 4)
- {
- *(pCurOut++) = ((buf[0] & 0x3F) << 2) + ((buf[1] & 0x30) >> 4);
- *(pCurOut++) = ((buf[1] & 0x0F) << 4) + ((buf[2] & 0x3C) >> 2);
- *(pCurOut++) = ((buf[2] & 0x03) << 6) + (buf[3] & 0x3F);
- iOutCharNum = buf[0] = buf[1] = buf[2] = buf[3] = 0;
- }
- }
- if (iOutCharNum == 0)
- {
- return output;
- }
- (*(pCurOut++)) = ((buf[0] & 0x3F) << 2) + ((buf[1] & 0x30) >> 4);
- if (iOutCharNum == 3)
- {
- (*(pCurOut++)) = ((buf[1] & 0x0F) << 4) + ((buf[2] & 0x3C) >> 2);
- }
- return output;
+ unsigned char *pCurIn = input;
+ unsigned char *pCurOut;
+ long iOutCharNum = 0;
+ long lInputLength = inputLength;
+ char buf[4];
+ unsigned char *inCode;
+ unsigned char *output;
+ (*outputLength) = 0;
+ if ((input == NULL) || (inputLength <= 0))
+ return NULL;
+
+ /* calculate length of output data */
+ for (; lInputLength > 0; lInputLength--)
+ {
+ if ((*pCurIn) == BASE64_PAD)
+ {
+ (*outputLength) += ((iOutCharNum + 1) >> 1);
+ if ((iOutCharNum == 2) &&
+ ((lInputLength == 1) ||
+ (*(pCurIn + 1) != BASE64_PAD)))
+ {
+ (*outputLength)++;
+ }
+ iOutCharNum = 0;
+ break;
+ }
+ inCode = (unsigned char*)strchr(mszBase64Table, *(pCurIn++));
+ if (!inCode)
+ continue;
+ iOutCharNum++;
+ if (iOutCharNum == 4)
+ {
+ (*outputLength) += 3;
+ iOutCharNum = 0;
+ }
+ }
+ (*outputLength) += ((iOutCharNum + 1) / 2);
+
+ /* allocate memory for output data*/
+ output = malloc( *outputLength + 1 );
+ if (NULL == output)
+ {
+ return NULL;
+ }
+ memset( output, 0, (*outputLength + 1));
+ pCurOut = output;
+ iOutCharNum = buf[0] = buf[1] = buf[2] = buf[3] = 0;
+
+ /* decode data*/
+ pCurIn = input;
+
+ for (; inputLength > 0; inputLength--)
+ {
+ if ((*pCurIn) == BASE64_PAD)
+ {
+ /*end-padding processing*/
+ if (iOutCharNum == 0)
+ {
+ return output;
+ }
+ (*(pCurOut++)) = ((buf[0] & 0x3F) << 2) + ((buf[1] & 0x30) >> 4);
+ if ((iOutCharNum == 3) || ((iOutCharNum == 2) && ((lInputLength == 0) ||
+ ((*(pCurIn + 1)) != BASE64_PAD))))
+ {
+ (*(pCurOut++)) = ((buf[1] & 0x0F) << 4) + ((buf[2] & 0x3C) >> 2);
+ }
+ return output;
+ }
+ inCode = (unsigned char*)strchr(mszBase64Table, *(pCurIn++));
+ if (!inCode)
+ {
+ continue;
+ }
+ buf[iOutCharNum++] = (char)((unsigned long)inCode - (unsigned long)mszBase64Table);
+ if (iOutCharNum == 4)
+ {
+ *(pCurOut++) = ((buf[0] & 0x3F) << 2) + ((buf[1] & 0x30) >> 4);
+ *(pCurOut++) = ((buf[1] & 0x0F) << 4) + ((buf[2] & 0x3C) >> 2);
+ *(pCurOut++) = ((buf[2] & 0x03) << 6) + (buf[3] & 0x3F);
+ iOutCharNum = buf[0] = buf[1] = buf[2] = buf[3] = 0;
+ }
+ }
+ if (iOutCharNum == 0)
+ {
+ return output;
+ }
+ (*(pCurOut++)) = ((buf[0] & 0x3F) << 2) + ((buf[1] & 0x30) >> 4);
+ if (iOutCharNum == 3)
+ {
+ (*(pCurOut++)) = ((buf[1] & 0x0F) << 4) + ((buf[2] & 0x3C) >> 2);
+ }
+ return output;
}
void util_read_cookie_from_base64_string(unsigned char *cookie, const char *encoded_cookie)
{
- unsigned char *decoded_cookie = NULL;
- int encoded_len, decoded_len;
- encoded_len = strlen(encoded_cookie);
-
- decoded_cookie = util_base64_decode((unsigned char *)encoded_cookie, encoded_len, (long *)&decoded_len);
- if(decoded_len != SECURITY_SERVER_COOKIE_LEN)
- {
- printf("Base64 decode failed: %d\n", decoded_len);
- exit(1);
- }
-
- if(decoded_cookie == NULL)
- {
- printf("%s", "BASE64 decode failed:\n");
- exit(1);
- }
-
- memcpy(cookie, decoded_cookie, SECURITY_SERVER_COOKIE_LEN);
- if(decoded_cookie != NULL)
- free(decoded_cookie);
-
- return;
+ unsigned char *decoded_cookie = NULL;
+ int encoded_len, decoded_len;
+ encoded_len = strlen(encoded_cookie);
+
+ decoded_cookie = util_base64_decode((unsigned char*)encoded_cookie, encoded_len, (long*)&decoded_len);
+ if (decoded_len != SECURITY_SERVER_COOKIE_LEN)
+ {
+ printf("Base64 decode failed: %d\n", decoded_len);
+ exit(1);
+ }
+
+ if (decoded_cookie == NULL)
+ {
+ printf("%s", "BASE64 decode failed:\n");
+ exit(1);
+ }
+
+ memcpy(cookie, decoded_cookie, SECURITY_SERVER_COOKIE_LEN);
+ if (decoded_cookie != NULL)
+ free(decoded_cookie);
+
+ return;
}
void util_send_cookie_info_request_from_pid(const char *str_pid)
{
- int retval, sockfd, pid;
-
- if(str_pid == NULL)
- {
- printf("Wrong PID\n");
- return;
- }
-
- errno = 0;
- pid = strtoul(str_pid, 0, 10);
- if (errno != 0)
- {
- SEC_SVR_ERR("cannot change string to integer [%s]", str_pid);
- return;
- }
-
- retval = connect_to_server(&sockfd);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- printf("Error: %s\n", "connection failed");
- goto error;
- }
-
- /* make request packet */
- retval = send_cookie_info_request_from_pid(sockfd, pid);
- if(retval != SECURITY_SERVER_SUCCESS)
- {
- /* Error on socket */
- SEC_SVR_ERR("Error: send request failed: %d", retval);
- goto error;
- }
- retval = recv_cookie_info_response(sockfd);
- if(retval == SECURITY_SERVER_ERROR_NO_SUCH_COOKIE)
- {
- printf("There is no such cookie available\n");
- goto error;
- }
- if(retval <0)
- {
- printf("Error: Error receiving cookie info: %d\n", retval);
- goto error;
- }
+ int retval, sockfd, pid;
+
+ if (str_pid == NULL)
+ {
+ printf("Wrong PID\n");
+ return;
+ }
+
+ errno = 0;
+ pid = strtoul(str_pid, 0, 10);
+ if (errno != 0)
+ {
+ SEC_SVR_ERR("cannot change string to integer [%s]", str_pid);
+ return;
+ }
+
+ retval = connect_to_server(&sockfd);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ printf("Error: %s\n", "connection failed");
+ goto error;
+ }
+
+ /* make request packet */
+ retval = send_cookie_info_request_from_pid(sockfd, pid);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ SEC_SVR_ERR("Error: send request failed: %d", retval);
+ goto error;
+ }
+ retval = recv_cookie_info_response(sockfd);
+ if (retval == SECURITY_SERVER_ERROR_NO_SUCH_COOKIE)
+ {
+ printf("There is no such cookie available\n");
+ goto error;
+ }
+ if (retval < 0)
+ {
+ printf("Error: Error receiving cookie info: %d\n", retval);
+ goto error;
+ }
error:
- if(sockfd > 0)
- {
- close(sockfd);
- }
- return;
+ if (sockfd > 0)
+ {
+ close(sockfd);
+ }
+ return;
}
int main(int argc, char *argv[])
{
- int ret;
- unsigned char cookie[20];
- ret = getuid();
- if(ret != 0)
- {
- printf("You must be root to test. Current UID: %d\nExiting...\n", ret);
- exit(1);
- }
- if(argc < 2 || argc > 4)
- {
- printf("Wrong usage: %d\n", argc);
- printusage(argv[0]);
- exit(1);
- }
- if(strcmp(argv[1], "-a") == 0)
- {
- if(argc != 2)
- {
- printf("Wrong usage: %d\n", argc);
- printusage(argv[0]);
- exit(1);
- }
-
- util_send_all_cookie_info_request();
- exit(0);
- }
-
- if(argc < 3)
- {
- printf("Wrong usage: %d\n", argc);
- printusage(argv[0]);
- exit(1);
- }
-
- if(strcmp(argv[1], "-f") == 0)
- {
- util_read_cookie_from_bin_file(cookie, argv[2]);
- util_send_cookie_info_request_from_cookie(cookie);
- exit(0);
- }
-
- if(strcmp(argv[1], "-p") == 0)
- {
- util_send_cookie_info_request_from_pid(argv[2]);
- exit(0);
- }
-
- if(strcmp(argv[1], "-s") == 0)
- {
- util_read_cookie_from_base64_string(cookie, argv[2]);
- util_send_cookie_info_request_from_cookie(cookie);
- exit(0);
- }
-
- printf("%s", "Wrong usage\n");
- printusage(argv[0]);
- exit(1);
+ int ret;
+ unsigned char cookie[20];
+ ret = getuid();
+ if (ret != 0)
+ {
+ printf("You must be root to test. Current UID: %d\nExiting...\n", ret);
+ exit(1);
+ }
+ if (argc < 2 || argc > 4)
+ {
+ printf("Wrong usage: %d\n", argc);
+ printusage(argv[0]);
+ exit(1);
+ }
+ if (strcmp(argv[1], "-a") == 0)
+ {
+ if (argc != 2)
+ {
+ printf("Wrong usage: %d\n", argc);
+ printusage(argv[0]);
+ exit(1);
+ }
+
+ util_send_all_cookie_info_request();
+ exit(0);
+ }
+
+ if (argc < 3)
+ {
+ printf("Wrong usage: %d\n", argc);
+ printusage(argv[0]);
+ exit(1);
+ }
+
+ if (strcmp(argv[1], "-f") == 0)
+ {
+ util_read_cookie_from_bin_file(cookie, argv[2]);
+ util_send_cookie_info_request_from_cookie(cookie);
+ exit(0);
+ }
+
+ if (strcmp(argv[1], "-p") == 0)
+ {
+ util_send_cookie_info_request_from_pid(argv[2]);
+ exit(0);
+ }
+
+ if (strcmp(argv[1], "-s") == 0)
+ {
+ util_read_cookie_from_base64_string(cookie, argv[2]);
+ util_send_cookie_info_request_from_cookie(cookie);
+ exit(0);
+ }
+
+ printf("%s", "Wrong usage\n");
+ printusage(argv[0]);
+ exit(1);
}
#else
return smack_runtime_check();
#endif
-
}
projects / platform / core / security / security-server.git / commitdiff