Skip to content
GitLab
切换分支/标签
查找文件 BlameHistoryPermalink
utils.c 10.25 KiB
在Web IDE中打开
1 
/*
2 
 *****************************************************************************
3 
 *
4 
 * File:    utils.c
5 
 *
6 
 * Purpose: General/Generic functions for the fwknop client.
7 
 *
8 
 *  Fwknop is developed primarily by the people listed in the file 'AUTHORS'.
9 
 *  Copyright (C) 2009-2014 fwknop developers and contributors. For a full
10 
 *  list of contributors, see the file 'CREDITS'.
11 
 *
12 
 *  License (GNU General Public License):
13 
 *
14 
 *  This program is free software; you can redistribute it and/or
15 
 *  modify it under the terms of the GNU General Public License
16 
 *  as published by the Free Software Foundation; either version 2
17 
 *  of the License, or (at your option) any later version.
18 
 *
19 
 *  This program is distributed in the hope that it will be useful,
20 
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
21 
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
22 
 *  GNU General Public License for more details.
23 
 *
24 
 *  You should have received a copy of the GNU General Public License
25 
 *  along with this program; if not, write to the Free Software
26 
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
27 
 *  USA
28 
 *
29 
 *****************************************************************************
30 
*/
31 
#include "common.h"
32 
#include "fwknop_common.h"
33 
#include "utils.h"
34 
#ifndef WIN32
35 
#include <arpa/inet.h>
36 
#endif
37
38 
static void *get_in_addr(struct sockaddr *sa);
39
40 
/**
41 
 * Structure to handle a protocol string and its associated integer value
42 
 */
43 
typedef struct fko_protocol
44 
{
45 
    const char  str[PROTOCOL_BUFSIZE];      /*!< String which represents a protocol value for the FKO library */
46 
    int         val;                        /*!< Value of the protocol according to the FKO library */
47 
} fko_protocol_t;
48
49 
static fko_protocol_t fko_protocol_array[] =
50 
{
51 
    { "udpraw", FKO_PROTO_UDP_RAW   },
52 
    { "udp",    FKO_PROTO_UDP       },
53 
    { "tcpraw", FKO_PROTO_TCP_RAW   },
54 
    { "tcp",    FKO_PROTO_TCP       },
55 
    { "icmp",   FKO_PROTO_ICMP      },
56 
    { "http",   FKO_PROTO_HTTP      }
57 
};
58
59 
int
60 
verify_file_perms_ownership(const char *file)
61 
{
62 
    int res = 1;
63
64 
#if HAVE_STAT
65 
    struct stat st;
66
67 
    /* Every file that the fwknop client deals with should be owned
68 
     * by the user and permissions set to 600 (user read/write)
69 
    */
70 
    if((stat(file, &st)) == 0)
7172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140
{ /* Make sure it is a regular file */ if(S_ISREG(st.st_mode) != 1 && S_ISLNK(st.st_mode) != 1) { log_msg(LOG_VERBOSITY_ERROR, "[-] file: %s is not a regular file or symbolic link.", file ); /* when we start in enforcing this instead of just warning * the user res = 0; */ } if((st.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) != (S_IRUSR|S_IWUSR)) { log_msg(LOG_VERBOSITY_ERROR, "[-] file: %s permissions should only be user read/write (0600, -rw-------)", file ); /* when we start in enforcing this instead of just warning * the user res = 0; */ } if(st.st_uid != getuid()) { log_msg(LOG_VERBOSITY_ERROR, "[-] file: %s not owned by current effective user id", file); /* when we start in enforcing this instead of just warning * the user res = 0; */ } } else { /* if the path doesn't exist, just return, but otherwise something * went wrong */ if(errno != ENOENT) { log_msg(LOG_VERBOSITY_ERROR, "[-] stat() against file: %s returned: %s", file, strerror(errno)); res = 0; } } #endif return res; } /** * @brief Grab the sin address from the sockaddr structure. * * This function returns the sin address as a sockaddr_in or sockaddr_in6 * structure according to the family set (ipv4 or ipv6) in the sockaddr * structure. * * @param sa sockaddr strcuture * * @return the sin addr if the sa family is AF_INET or the sin6_addr otherwise. */ static void * get_in_addr(struct sockaddr *sa) { if (sa->sa_family == AF_INET) {
141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210
return &(((struct sockaddr_in*)sa)->sin_addr); } else { return &(((struct sockaddr_in6*)sa)->sin6_addr); } } /** * @brief Resolve a domain name as an ip adress. * * @param dns_str Name of the host to resolve. * @param hints Hints to reduce the number of result from getaddrinfo() * @param ip_str String where to store the resolve ip address * @param ip_bufsize Number of bytes available in the ip_str buffer * * @return 0 if successful, 1 if an error occured. */ int resolve_dest_adr(const char *dns_str, struct addrinfo *hints, char *ip_str, size_t ip_bufsize) { int error; /* Function error return code */ struct addrinfo *result; /* Result of getaddrinfo() */ struct addrinfo *rp; /* Element of the linked list returned by getaddrinfo() */ #if WIN32 && WINVER <= 0x0600 struct sockaddr_in *in; char *win_ip; #else struct sockaddr_in *sai_remote; /* Remote host information as a sockaddr_in structure */ #endif /* Try to resolve the host name */ error = getaddrinfo(dns_str, NULL, hints, &result); if (error != 0) fprintf(stderr, "resolve_dest_adr() : %s\n", gai_strerror(error)); else { error = 1; /* Go through the linked list of addrinfo structures */ for (rp = result; rp != NULL; rp = rp->ai_next) { memset(ip_str, 0, ip_bufsize); #if WIN32 && WINVER <= 0x0600 /* On older Windows systems (anything before Vista?), * we use inet_ntoa for now. */ in = (struct sockaddr_in*)(rp->ai_addr); win_ip = inet_ntoa(in->sin_addr); if (win_ip != NULL && (strlcpy(ip_str, win_ip, ip_bufsize) > 0)) #else sai_remote = (struct sockaddr_in *)get_in_addr((struct sockaddr *)(rp->ai_addr)); if (inet_ntop(rp->ai_family, sai_remote, ip_str, ip_bufsize) != NULL) #endif { error = 0; break; } else log_msg(LOG_VERBOSITY_ERROR, "resolve_dest_adr() : inet_ntop (%d) - %s", errno, strerror(errno)); } /* Free our result from getaddrinfo() */ freeaddrinfo(result); }
211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280
return error; } /** * @brief Return a protocol string according to a protocol integer value * * This function checks if the protocol integer is valid, and write the protocol * string associated. * * @param proto protocol inetger value (UDP_RAW, UDP, TCPRAW...) * @param proto_str Buffer to write the protocol string * @param proto_size size of the protocol string buffer * * @return -1 if the protocol integer value is not supported, 0 otherwise */ short proto_inttostr(int proto, char *proto_str, size_t proto_size) { short proto_error = -1; unsigned char ndx_proto; /* Index for the fko_protocol_t structure */ /* Initialize the protocol string */ memset(proto_str, 0, proto_size); /* Look into the fko_protocol_array to find out the right protocol */ for (ndx_proto = 0 ; ndx_proto < ARRAY_SIZE(fko_protocol_array) ; ndx_proto++) { /* If the protocol matches, grab it */ if (fko_protocol_array[ndx_proto].val == proto) { strlcpy(proto_str, fko_protocol_array[ndx_proto].str, proto_size); proto_error = 0; break; } } return proto_error; } /** * @brief Convert a protocol string to its integer value. * * @param pr_str Protocol string (UDP_RAW, UDP, TCPRAW...) * * @return -1 if the protocol string is not supported, otherwise the protocol value */ short proto_strtoint(const char *pr_str) { unsigned char ndx_proto; /* Index for the fko_protocol_t structure */ int proto_int = -1; /* Protocol integer value */ /* Look into the fko_protocol_array to find out the right protocol */ for (ndx_proto = 0 ; ndx_proto < ARRAY_SIZE(fko_protocol_array) ; ndx_proto++) { /* If the protocol matches, grab it */ if (strcasecmp(pr_str, fko_protocol_array[ndx_proto].str) == 0) { proto_int = fko_protocol_array[ndx_proto].val; break; } } return proto_int; } static int add_argv(char **argv_new, int *argc_new, const char *new_arg, fko_cli_options_t *opts)
281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350
{ int buf_size = 0; if(opts->verbose > 2) log_msg(LOG_VERBOSITY_NORMAL, "[+] add_argv() + arg: %s", new_arg); buf_size = strlen(new_arg) + 1; argv_new[*argc_new] = calloc(1, buf_size); if(argv_new[*argc_new] == NULL) { log_msg(LOG_VERBOSITY_ERROR, "[*] Memory allocation error."); return 0; } strlcpy(argv_new[*argc_new], new_arg, buf_size); *argc_new += 1; if(*argc_new >= MAX_CMDLINE_ARGS-1) { log_msg(LOG_VERBOSITY_ERROR, "[*] max command line args exceeded."); return 0; } argv_new[*argc_new] = NULL; return 1; } int strtoargv(char *args_str, char **argv_new, int *argc_new, fko_cli_options_t *opts) { int current_arg_ctr = 0, i; char arg_tmp[MAX_LINE_LEN] = {0}; for (i=0; i < (int)strlen(args_str); i++) { if (!isspace(args_str[i])) { arg_tmp[current_arg_ctr] = args_str[i]; current_arg_ctr++; } else { if(current_arg_ctr > 0) { arg_tmp[current_arg_ctr] = '\0'; if (add_argv(argv_new, argc_new, arg_tmp, opts) != 1) { free_argv(argv_new, argc_new); return 0; } current_arg_ctr = 0; } } } /* pick up the last argument in the string */ if(current_arg_ctr > 0) { arg_tmp[current_arg_ctr] = '\0'; if (add_argv(argv_new, argc_new, arg_tmp, opts) != 1) { free_argv(argv_new, argc_new); return 0; } } return 1;
351352353354355356357358359360361362363364365366367368369370371372
} void free_argv(char **argv_new, int *argc_new) { int i; if(argv_new == NULL || *argv_new == NULL) return; for (i=0; i < *argc_new; i++) { if(argv_new[i] == NULL) break; else free(argv_new[i]); } return; } /***EOF***/