source-git / amanda

Clone
Source Code
GIT

Blame common-src/security-util.h

c8 c8s master
  1.   c8s
  2.   common-src
  3.   security-util.h
Blob History Raw
Packit Service 392537 
#ifndef _SECURITY_UTIL_H
Packit Service 392537 
#define _SECURITY_UTIL_H
Packit Service 392537
Packit Service 392537 
/*
Packit Service 392537 
 * Amanda, The Advanced Maryland Automatic Network Disk Archiver
Packit Service 392537 
 * Copyright (c) 1999 University of Maryland
Packit Service 392537 
 * All Rights Reserved.
Packit Service 392537 
 *
Packit Service 392537 
 * Permission to use, copy, modify, distribute, and sell this software and its
Packit Service 392537 
 * documentation for any purpose is hereby granted without fee, provided that
Packit Service 392537 
 * the above copyright notice appear in all copies and that both that
Packit Service 392537 
 * copyright notice and this permission notice appear in supporting
Packit Service 392537 
 * documentation, and that the name of U.M. not be used in advertising or
Packit Service 392537 
 * publicity pertaining to distribution of the software without specific,
Packit Service 392537 
 * written prior permission.  U.M. makes no representations about the
Packit Service 392537 
 * suitability of this software for any purpose.  It is provided "as is"
Packit Service 392537 
 * without express or implied warranty.
Packit Service 392537 
 *
Packit Service 392537 
 * U.M. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL
Packit Service 392537 
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL U.M.
Packit Service 392537 
 * BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
Packit Service 392537 
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
Packit Service 392537 
 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
Packit Service 392537 
 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Packit Service 392537 
 *
Packit Service 392537 
 * Authors: the Amanda Development Team.  Its members are listed in a
Packit Service 392537 
 * file named AUTHORS, in the root directory of this distribution.
Packit Service 392537 
 */
Packit Service 392537
Packit Service 392537 
/*
Packit Service 392537 
 * $Id: security-util.h,v 1.5 2006/07/01 00:10:38 paddy_s Exp $
Packit Service 392537 
 *
Packit Service 392537 
 */
Packit Service 392537
Packit Service 392537 
#include "stream.h"
Packit Service 392537 
#include "dgram.h"
Packit Service 392537 
#include "conffile.h"
Packit Service 392537 
#include "shm-ring.h"
Packit Service 392537 
#include "security.h"
Packit Service 392537 
#include "event.h"
Packit Service 392537
Packit Service 392537 
#define auth_debug(i, ...) do {		\
Packit Service 392537 
	if ((i) <= debug_auth) {	\
Packit Service 392537 
	    dbprintf(__VA_ARGS__);	\
Packit Service 392537 
	}				\
Packit Service 392537 
} while (0)
Packit Service 392537
Packit Service 392537
Packit Service 392537 
/*
Packit Service 392537 
 * Magic values for sec_conn->handle
Packit Service 392537 
 */
Packit Service 392537 
#define H_TAKEN -1		/* sec_conn->tok was already read */
Packit Service 392537 
#define H_EOF   -2		/* this connection has been shut down */
Packit Service 392537
Packit Service 392537 
#ifdef KRB5_SECURITY
Packit Service 392537 
#  define KRB5_DEPRECATED 1
Packit Service 392537 
#  ifndef KRB5_HEIMDAL_INCLUDES
Packit Service 392537 
#    include <gssapi/gssapi_generic.h>
Packit Service 392537 
#  else
Packit Service 392537 
#    include <gssapi/gssapi.h>
Packit Service 392537 
#  endif
Packit Service 392537 
#  include <krb5.h>
Packit Service 392537 
#endif
Packit Service 392537
Packit Service 392537 
#ifdef SSL_SECURITY
Packit Service 392537 
#include <openssl/crypto.h>
Packit Service 392537 
#include <openssl/ssl.h>
Packit Service 392537 
#include <openssl/err.h>
Packit Service 392537 
#endif
Packit Service 392537
Packit Service 392537 
typedef struct async_write_data {
Packit Service 392537 
    struct iovec  iov[3];
Packit Service 392537 
    int           nb_iov;
Packit Service 392537 
    struct iovec  copy_iov[3];
Packit Service 392537 
    int           copy_nb_iov;
Packit Service 392537 
    void	 *buf;
Packit Service 392537 
    ssize_t	  written;
Packit Service 392537 
    void          (*fn)(void *, ssize_t, void *, ssize_t);
Packit Service 392537 
    void	 *arg;
Packit Service 392537 
} async_write_data;
Packit Service 392537
Packit Service 392537 
struct sec_handle;
Packit Service 392537 
struct sec_stream;
Packit Service 392537
Packit Service 392537 
typedef struct reader_callback {
Packit Service 392537 
    int          handle;
Packit Service 392537 
    struct sec_stream  *s;
Packit Service 392537 
    void       (*callback)(void *);
Packit Service 392537 
} reader_callback;
Packit Service 392537
Packit Service 392537 
/*
Packit Service 392537 
 * This is a sec connection to a host.  We should only have
Packit Service 392537 
 * one connection per host.
Packit Service 392537 
 */
Packit Service 392537 
struct tcp_conn {
Packit Service 392537 
    const struct security_driver *driver;	/* MUST be first */
Packit Service 392537 
    int			read, write;		/* pipes to sec */
Packit Service 392537 
    pid_t		pid;			/* pid of sec process */
Packit Service 392537 
    char *		pkt;			/* last pkt read */
Packit Service 392537 
    ssize_t		pktlen;			/* len of above */
Packit Service 392537 
    event_handle_t *	ev_read;		/* read (EV_READFD) handle */
Packit Service 392537 
    event_handle_t *	ev_write;		/* write (EV_WRITEFD) handle */
Packit Service 392537 
    int			ev_read_refcnt;		/* number of readers */
Packit Service 392537 
    GList	       *async_write_data_list;  /* list of block to write */
Packit Service 392537 
    ssize_t		async_write_data_size;
Packit Service 392537 
    char		hostname[MAX_HOSTNAME_LENGTH+1];
Packit Service 392537 
						/* host we're talking to */
Packit Service 392537 
    char               *dle_hostname;
Packit Service 392537 
    char *		errmsg;			/* error passed up */
Packit Service 392537 
    int			refcnt;			/* number of handles using */
Packit Service 392537 
    int			handle;			/* last proto handle read */
Packit Service 392537 
    int			event_id;		/* event ID fired when token read */
Packit Service 392537 
    void		(*accept_fn)(security_handle_t *, pkt_t *);
Packit Service 392537 
    sockaddr_union	peer;
Packit Service 392537 
    GSList             *reader_callbacks;
Packit Service 392537 
    int			(*recv_security_ok)(struct sec_handle *, pkt_t *, int);
Packit Service 392537 
    int			need_priv_port;
Packit Service 392537 
    char *		(*prefix_packet)(void *, pkt_t *);
Packit Service 392537 
    int			toclose;
Packit Service 392537 
    int			donotclose;
Packit Service 392537 
    int			auth;
Packit Service 392537 
    char *              (*conf_fn)(char *, void *);
Packit Service 392537 
    void *              datap;
Packit Service 392537 
    time_t              logstamp;
Packit Service 392537 
#ifdef KRB5_SECURITY
Packit Service 392537 
    gss_ctx_id_t	gss_context;
Packit Service 392537 
#endif
Packit Service 392537 
    unsigned int	netint[2];
Packit Service 392537 
    char *              buffer;
Packit Service 392537 
    ssize_t             size_header_read;
Packit Service 392537 
    ssize_t             size_buffer_read;
Packit Service 392537 
    GSource            *child_watch;
Packit Service 392537 
#ifdef SSL_SECURITY
Packit Service 392537 
    SSL_CTX            *ctx;
Packit Service 392537 
    SSL                *ssl;
Packit Service 392537 
#endif
Packit Service 392537 
    gboolean            paused;
Packit Service 392537 
};
Packit Service 392537
Packit Service 392537
Packit Service 392537 
struct sec_stream;
Packit Service 392537
Packit Service 392537 
/*
Packit Service 392537 
 * This is the private handle data.
Packit Service 392537 
 */
Packit Service 392537 
struct sec_handle {
Packit Service 392537 
    security_handle_t	sech;		/* MUST be first */
Packit Service 392537 
    char *		hostname;	/* ptr to rc->hostname */
Packit Service 392537 
    char *		dle_hostname;	/* hostname from the dle */
Packit Service 392537 
    struct sec_stream *	rs;		/* virtual stream we xmit over */
Packit Service 392537 
    struct tcp_conn *	rc;		/* */
Packit Service 392537 
    union {
Packit Service 392537 
	void (*recvpkt)(void *, pkt_t *, security_status_t);
Packit Service 392537 
					/* func to call when packet recvd */
Packit Service 392537 
	void (*connect)(void *, security_handle_t *, security_status_t);
Packit Service 392537 
					/* func to call when connected */
Packit Service 392537 
    } fn;
Packit Service 392537 
    void *		arg;		/* argument to pass function */
Packit Service 392537 
    shm_ring_t *	shm_ring;
Packit Service 392537 
    event_handle_t *	ev_timeout;	/* timeout handle for recv */
Packit Service 392537 
    sockaddr_union	peer;
Packit Service 392537 
    int			sequence;
Packit Service 392537 
    event_id_t		event_id;
Packit Service 392537 
    char *		proto_handle;
Packit Service 392537 
    event_handle_t *	ev_read;
Packit Service 392537 
    struct sec_handle *	prev;
Packit Service 392537 
    struct sec_handle *	next;
Packit Service 392537 
    struct udp_handle *	udp;
Packit Service 392537 
    void		(*accept_fn)(security_handle_t *, pkt_t *);
Packit Service 392537 
    struct addrinfo    *res;
Packit Service 392537 
    struct addrinfo    *next_res;
Packit Service 392537 
    void                (*connect_callback)(void *, security_handle_t *, security_status_t);
Packit Service 392537 
    void               *connect_arg;
Packit Service 392537 
    char               *src_ip;
Packit Service 392537 
    int                 port;
Packit Service 392537 
};
Packit Service 392537
Packit Service 392537 
/*
Packit Service 392537 
 * This is the internal security_stream data for sec.
Packit Service 392537 
 */
Packit Service 392537 
struct sec_stream {
Packit Service 392537 
    security_stream_t	secstr;		/* MUST be first */
Packit Service 392537 
    struct tcp_conn *	rc;		/* physical connection */
Packit Service 392537 
    int			handle;		/* protocol handle */
Packit Service 392537 
    gboolean		ev_read_callback;	/* read */
Packit Service 392537 
    event_handle_t *	ev_read;	/* read */
Packit Service 392537 
    event_handle_t *	ev_read_sync;	/* read */
Packit Service 392537 
    void		(*fn)(void *, void *, ssize_t);	/* read event fn */
Packit Service 392537 
    void *		arg;		/* arg for previous */
Packit Service 392537 
    int			fd;
Packit Service 392537 
    char		databuf[NETWORK_BLOCK_BYTES];
Packit Service 392537 
    ssize_t		len;
Packit Service 392537 
    int			socket;
Packit Service 392537 
    in_port_t		port;
Packit Service 392537 
    int			closed_by_me;
Packit Service 392537 
    int			closed_by_network;
Packit Service 392537 
    reader_callback     r_callback;
Packit Service 392537 
    shm_ring_t        *shm_ring;
Packit Service 392537 
    gboolean            ring_init;
Packit Service 392537 
    event_id_t          event_id;
Packit Service 392537 
    gboolean            paused;
Packit Service 392537 
};
Packit Service 392537
Packit Service 392537 
/*
Packit Service 392537 
 * This is data local to the datagram socket.  We have one datagram
Packit Service 392537 
 * per process per auth.
Packit Service 392537 
 */
Packit Service 392537 
typedef struct udp_handle {
Packit Service 392537 
    const struct security_driver *driver;	/* MUST be first */
Packit Service 392537 
    dgram_t dgram;		/* datagram to read/write from */
Packit Service 392537 
    sockaddr_union peer;	/* who sent it to us */
Packit Service 392537 
    pkt_t pkt;			/* parsed form of dgram */
Packit Service 392537 
    char *handle;		/* handle from recvd packet */
Packit Service 392537 
    int sequence;		/* seq no of packet */
Packit Service 392537 
    event_handle_t *ev_read;	/* read event handle from dgram */
Packit Service 392537 
    int refcnt;			/* number of handles blocked for reading */
Packit Service 392537 
    struct sec_handle *bh_first, *bh_last;
Packit Service 392537 
    void (*accept_fn)(security_handle_t *, pkt_t *);
Packit Service 392537 
    int (*recv_security_ok)(struct sec_handle *, pkt_t *, int);
Packit Service 392537 
    char *(*prefix_packet)(void *, pkt_t *);
Packit Service 392537 
    int			need_priv_port;
Packit Service 392537 
} udp_handle_t;
Packit Service 392537
Packit Service 392537 
/*
Packit Service 392537 
 * We register one event handler for our network fd which takes
Packit Service 392537 
 * care of all of our async requests.  When all async requests
Packit Service 392537 
 * have either been satisfied or cancelled, we unregister our
Packit Service 392537 
 * network event handler.
Packit Service 392537 
 */
Packit Service 392537 
#define	udp_addref(udp, netfd_read_callback) do {			\
Packit Service 392537 
    if ((udp)->refcnt++ == 0) {						\
Packit Service 392537 
	assert((udp)->ev_read == NULL);					\
Packit Service 392537 
	(udp)->ev_read = event_create((event_id_t)(udp)->dgram.socket,	\
Packit Service 392537 
	    EV_READFD, netfd_read_callback, (udp));			\
Packit Service 392537 
	event_activate((udp)->ev_read);					\
Packit Service 392537 
    }									\
Packit Service 392537 
    assert((udp)->refcnt > 0);						\
Packit Service 392537 
} while (0)
Packit Service 392537
Packit Service 392537 
/*
Packit Service 392537 
 * If this is the last request to be removed, then remove the
Packit Service 392537 
 * reader event from the netfd.
Packit Service 392537 
 */
Packit Service 392537 
#define	udp_delref(udp) do {						\
Packit Service 392537 
    assert((udp)->refcnt > 0);						\
Packit Service 392537 
    if (--(udp)->refcnt == 0) {						\
Packit Service 392537 
	assert((udp)->ev_read != NULL);					\
Packit Service 392537 
	event_release((udp)->ev_read);					\
Packit Service 392537 
	(udp)->ev_read = NULL;						\
Packit Service 392537 
    }									\
Packit Service 392537 
} while (0)
Packit Service 392537
Packit Service 392537
Packit Service 392537 
int	sec_stream_auth(void *);
Packit Service 392537 
int	sec_stream_id(void *);
Packit Service 392537 
void	sec_accept(const security_driver_t *,
Packit Service 392537 
		   char *(*)(char *, void *),
Packit Service 392537 
		   int, int,
Packit Service 392537 
		   void (*)(security_handle_t *, pkt_t *),
Packit Service 392537 
		   void *);
Packit Service 392537 
void	sec_close(void *);
Packit Service 392537 
void	sec_connect_callback(void *);
Packit Service 392537 
void	sec_connect_timeout(void *);
Packit Service 392537 
void	sec_close_connection_none(void *, char *);
Packit Service 392537
Packit Service 392537 
ssize_t	stream_sendpkt(void *, pkt_t *);
Packit Service 392537 
void	stream_recvpkt(void *,
Packit Service 392537 
		        void (*)(void *, pkt_t *, security_status_t),
Packit Service 392537 
		        void *, int);
Packit Service 392537 
void	stream_recvpkt_timeout(void *);
Packit Service 392537 
void	stream_recvpkt_cancel(void *);
Packit Service 392537
Packit Service 392537 
int	tcpm_stream_write(void *, const void *, size_t);
Packit Service 392537 
int	tcpm_stream_write_async(void *, void *, size_t, void (*)(void *, ssize_t, void *, ssize_t), void *);
Packit Service 392537 
void	tcpm_stream_read(void *, void (*)(void *, void *, ssize_t), void *);
Packit Service 392537 
ssize_t	tcpm_stream_read_sync(void *, void **);
Packit Service 392537 
void	tcpm_stream_read_to_shm_ring(void *, void (*)(void *, void *, ssize_t), struct shm_ring_t *, void *);
Packit Service 392537 
void	tcpm_stream_read_cancel(void *);
Packit Service 392537 
void	tcpm_stream_pause(void *);
Packit Service 392537 
void	tcpm_stream_resume(void *);
Packit Service 392537 
ssize_t	tcpm_send_token(struct tcp_conn *, int, char **, const void *, size_t);
Packit Service 392537 
ssize_t	tcpm_send_token_async(struct sec_stream *, void *, size_t, void (*)(void *, ssize_t, void *, ssize_t), void *);
Packit Service 392537 
ssize_t	tcpm_recv_token(struct tcp_conn *, int *, char **, char **, ssize_t *);
Packit Service 392537 
void	tcpm_close_connection(void *, char *);
Packit Service 392537
Packit Service 392537 
int	tcpma_stream_accept(void *);
Packit Service 392537 
void *	tcpma_stream_client(void *, int);
Packit Service 392537 
void *	tcpma_stream_server(void *);
Packit Service 392537 
void	tcpma_stream_close(void *);
Packit Service 392537 
void    tcpma_stream_close_async(void *s, void (*fn)(void *, ssize_t, void *, ssize_t), void *arg);
Packit Service 392537
Packit Service 392537 
void *	tcp1_stream_server(void *);
Packit Service 392537 
int	tcp1_stream_accept(void *);
Packit Service 392537 
void *	tcp1_stream_client(void *, int);
Packit Service 392537
Packit Service 392537 
int	tcp_stream_write(void *, const void *, size_t);
Packit Service 392537 
int	tcp_stream_write_async(void *, void *, size_t, void (*)(void *, ssize_t, void *, ssize_t), void *);
Packit Service 392537
Packit Service 392537 
char *	bsd_prefix_packet(void *, pkt_t *);
Packit Service 392537 
int	bsd_recv_security_ok(struct sec_handle *, pkt_t *, int);
Packit Service 392537
Packit Service 392537 
ssize_t	udpbsd_sendpkt(void *, pkt_t *);
Packit Service 392537 
void	udp_close(void *);
Packit Service 392537 
void	udp_recvpkt(void *, void (*)(void *, pkt_t *, security_status_t),
Packit Service 392537 
		     void *, int);
Packit Service 392537 
void	udp_recvpkt_cancel(void *);
Packit Service 392537 
void	udp_recvpkt_callback(void *);
Packit Service 392537 
void	udp_recvpkt_timeout(void *);
Packit Service 392537 
int	udp_inithandle(udp_handle_t *, struct sec_handle *, char *hostname,
Packit Service 392537 
		       sockaddr_union *, in_port_t, char *, int);
Packit Service 392537 
void	udp_netfd_read_callback(void *);
Packit Service 392537
Packit Service 392537 
struct tcp_conn *sec_tcp_conn_get(const char *, const char *, int);
Packit Service 392537 
void	sec_tcp_conn_read(struct tcp_conn *);
Packit Service 392537 
void	parse_pkt(pkt_t *, const void *, size_t);
Packit Service 392537 
const char *pkthdr2str(const struct sec_handle *, const pkt_t *);
Packit Service 392537 
int	str2pkthdr(udp_handle_t *);
Packit Service 392537 
char *	check_user(struct sec_handle *, const char *, const char *);
Packit Service 392537
Packit Service 392537 
char *	check_user_ruserok    (const char *host,
Packit Service 392537 
				struct passwd *pwd,
Packit Service 392537 
				const char *user);
Packit Service 392537 
char *	check_user_amandahosts(const char *host,
Packit Service 392537 
			        sockaddr_union *addr,
Packit Service 392537 
				struct passwd *pwd,
Packit Service 392537 
				const char *user,
Packit Service 392537 
				const char *service);
Packit Service 392537
Packit Service 392537 
ssize_t	net_read(int, void *, size_t, int);
Packit Service 392537 
ssize_t net_read_fillbuf(int, int, void *, size_t);
Packit Service 392537 
void	show_stat_info(char *a, char *b);
Packit Service 392537 
int     check_name_give_sockaddr(const char *hostname, struct sockaddr *addr,
Packit Service 392537 
				 char **errstr);
Packit Service 392537 
in_port_t find_port_for_service(char *service, char *proto);
Packit Service 392537 
char	*sec_get_authenticated_peer_name_gethostname(security_handle_t *);
Packit Service 392537 
char	*sec_get_authenticated_peer_name_hostname(security_handle_t *);
Packit Service 392537 
ssize_t generic_data_write(void *, struct iovec *iov, int iovcnt);
Packit Service 392537 
ssize_t generic_data_write_non_blocking(void *, struct iovec *iov, int iovcnt);
Packit Service 392537 
ssize_t generic_data_read(void *, void *vbuf, size_t sizebuf, int timeout);
Packit Service 392537
Packit Service 392537 
#endif /* _SECURITY_INFO_H */

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation