Committer: Miika Komu <miika@xxxxxx> Date: Mon Mar 08 23:42:08 2010 +0200 Revision: 3857 Revision-id: miika@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Branch nick: trunk Log: Splitting misc.c into multiple files continued (bug id 1139). Added filemanip.c. Modified: A lib/core/filemanip.c A lib/core/filemanip.h M Makefile.am M firewall/firewall.c M hipd/init.c M lib/core/misc.c M lib/core/misc.h M lib/tool/lutil.h === modified file 'Makefile.am' --- Makefile.am 2010-03-08 17:29:23 +0000 +++ Makefile.am 2010-03-08 21:42:08 +0000 @@ -252,6 +252,7 @@ lib/core/esp_prot_common.c \ lib/core/misc.c \ lib/core/hostsfiles.c \ + lib/core/filemanip.c \ lib/core/hashchain.c \ lib/core/sqlitedbapi.c \ lib/core/hashchain_store.c \ === modified file 'firewall/firewall.c' --- firewall/firewall.c 2010-03-07 11:20:52 +0000 +++ firewall/firewall.c 2010-03-08 21:42:08 +0000 @@ -56,6 +56,7 @@ #include "lib/performance/performance.h" /* Performance Analysis */ #endif #include "helpers.h" +#include "lib/core/filemanip.h" /* packet types handled by the firewall */ #define OTHER_PACKET 0 === modified file 'hipd/init.c' --- hipd/init.c 2010-03-05 08:24:06 +0000 +++ hipd/init.c 2010-03-08 21:42:08 +0000 @@ -21,6 +21,7 @@ #include "init.h" #include "lib/performance/performance.h" #include "lib/core/hip_capability.h" +#include "lib/core/filemanip.h" #include "lib/tool/nlink.h" #include "oppdb.h" #include "lib/dht/libhipdht.h" === added file 'lib/core/filemanip.c' --- lib/core/filemanip.c 1970-01-01 00:00:00 +0000 +++ lib/core/filemanip.c 2010-03-08 21:42:08 +0000 @@ -0,0 +1,191 @@ +#include "filemanip.h" + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif /* HAVE_CONFIG_H */ + +#include <unistd.h> +#include "crypto.h" + +/** + * get rid of a lock file + * + * @param filename the file name of the lock file + * @return zero on success and negative on error + */ +int hip_remove_lock_file(char *filename) +{ + return unlink(filename); +} + +/** + * create a new lock file + * + * @param filename the file name of the lock + * @param killold one if the function should steal the lock from + * and existing process and kill it, or zero otherwise + * @return zero on success and negative on error + */ +int hip_create_lock_file(char *filename, int killold) +{ + int err = 0, fd = 0, old_pid = 0, new_pid_str_len = 0; + char old_pid_str[64], new_pid_str[64]; + int pid_set = 0; /* the pid was read successfully */ + memset(old_pid_str, 0, sizeof(old_pid_str)); + memset(new_pid_str, 0, sizeof(new_pid_str)); + + /* New pid */ + snprintf(new_pid_str, sizeof(new_pid_str) - 1, "%d\n", getpid()); + new_pid_str_len = strlen(new_pid_str); + HIP_IFEL((new_pid_str_len <= 0), -1, "pID length error.\n"); + + /* Read old pid */ + fd = HIP_CREATE_FILE(filename); + HIP_IFEL((fd <= 0), -1, "opening lock file failed\n"); + + /** @todo This is possibly unsafe: the pid is read from the file without checking + * file permissions and the process with the number is simply killed. + * THIS COULD BE USED TO ATTACK THE SYSTEM + */ + pid_set = read(fd, old_pid_str, sizeof(old_pid_str) - 1); + old_pid = atoi(old_pid_str); + + if (lockf(fd, F_TLOCK, 0) < 0) { + HIP_IFEL(!killold, -12, + "\nHIP daemon already running with pid %d\n" + "Give: -k option to kill old daemon.\n", old_pid); + + HIP_INFO("\nDaemon is already running with pid %d\n" + "-k option given, terminating old one...\n", old_pid); + /* Erase the old lock file to avoid having multiple pids + * in the file */ + if (lockf(fd, F_ULOCK, 0) == -1) { + HIP_ERROR("Cannot unlock pid lock."); + } + + close(fd); + HIP_IFEL(hip_remove_lock_file(filename), -1, + "Removing lock file failed.\n"); + + /* fd = open(filename, O_RDWR | O_CREAT, 0644); */ + fd = open(filename, O_RDWR | O_CREAT | O_TRUNC, 0644); + + /* Don't close file descriptor because new started process is + * running. */ + HIP_IFEL((fd <= 0), -1, "Opening lock file failed.\n"); + HIP_IFEL(lockf(fd, F_TLOCK, 0), -1, "Lock attempt failed.\n"); + if (pid_set) { + err = kill(old_pid, SIGKILL); + } + if (err != 0) { + HIP_ERROR("\nError when trying to send signal SIGKILL " \ + "process identified by process identifier " \ + "%d.\n", old_pid); + HIP_PERROR("errno after kill() is: "); + } + } + + lseek(fd, 0, SEEK_SET); + + HIP_IFEL((write(fd, new_pid_str, new_pid_str_len) != new_pid_str_len), + -1, "Writing new process identifier failed.\n"); + +out_err: + if (err == -12) { + exit(0); + } + + return err; +} + +/** + * check and create a directory + * @param dirname the name of the directory + * @param mode creation mode for the directory, if it does not exist + * + * @return 0 if successful, or negative on error. + */ +int check_and_create_dir(char *dirname, mode_t mode) +{ + int err = 0; + struct stat dir_stat; + + HIP_INFO("dirname=%s mode=%o\n", dirname, mode); + err = stat(dirname, &dir_stat); + if (err && errno == ENOENT) { /* no such file or directory */ + err = mkdir(dirname, mode); + if (err) { + HIP_ERROR("mkdir %s failed: %s\n", dirname, + strerror(errno)); + } + } else if (err) { + HIP_ERROR("stat %s failed: %s\n", dirname, + strerror(errno)); + } + + return err; +} + +/** + * check and create a file + * @param file the name of the file + * @param mode creation mode for the file, if it does not exist + * + * @return file descriptor of the created file + */ +int check_and_create_file(char *filename, mode_t mode) +{ + int err = 0, fd = 0; + struct stat file_stat; + + HIP_INFO("filename=%s mode=%o\n", filename, mode); + err = stat(filename, &file_stat); + if (err && errno == ENOENT) { /* no such file or file */ + fd = open(filename, O_RDWR | O_CREAT, 0644); + if (fd < 0) { + HIP_ERROR("creating file %s failed: %s\n", filename, + strerror(errno)); + } + } else { + fd = open(filename, O_RDWR); + if (fd < 0) { + HIP_ERROR("opening file %s failed: %s\n", filename, + strerror(errno)); + } + } + + return fd; +} + +/** + * make /etc/hip file permissions more secure + * + * @param filenamebase the file name based for keys + */ +void change_key_file_perms(char *filenamebase) +{ + char *pubfilename = NULL; + int pubfilename_len; + + pubfilename_len = + strlen(filenamebase) + strlen(DEFAULT_PUB_FILE_SUFFIX) + 1; + pubfilename = malloc(pubfilename_len); + if (!pubfilename) { + HIP_ERROR("malloc(%d) failed\n", pubfilename_len); + goto out_err; + } + + /* check retval */ + snprintf(pubfilename, pubfilename_len, "%s%s", filenamebase, + DEFAULT_PUB_FILE_SUFFIX); + + chmod(filenamebase, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); + chmod(pubfilename, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH); + +out_err: + if (pubfilename) { + HIP_FREE(pubfilename); + } + + return; +} === added file 'lib/core/filemanip.h' --- lib/core/filemanip.h 1970-01-01 00:00:00 +0000 +++ lib/core/filemanip.h 2010-03-08 21:42:08 +0000 @@ -0,0 +1,15 @@ +#ifndef HIP_LIB_CORE_FILEMANIP_H +#define HIP_LIB_CORE_FILEMANIP_H + +#include <sys/types.h> + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif /* HAVE_CONFIG_H */ + +int hip_create_lock_file(char *filename, int killold); +int hip_remove_lock_file(char *filename); +int check_and_create_dir(char *dirname, mode_t mode); +void change_key_file_perms(char *filenamebase); + +#endif /* HIP_LIB_CORE_FILEMANIP_H */ === modified file 'lib/core/misc.c' --- lib/core/misc.c 2010-03-08 21:21:01 +0000 +++ lib/core/misc.c 2010-03-08 21:42:08 +0000 @@ -15,6 +15,7 @@ #endif /* HAVE_CONFIG_H */ #include <string.h> +#include "filemanip.h" #include "misc.h" #include "prefix.h" @@ -792,64 +793,6 @@ return err; } -/** - * check and create a directory - * @param dirname the name of the directory - * @param mode creation mode for the directory, if it does not exist - * - * @return 0 if successful, or negative on error. - */ -int check_and_create_dir(char *dirname, mode_t mode) -{ - int err = 0; - struct stat dir_stat; - - HIP_INFO("dirname=%s mode=%o\n", dirname, mode); - err = stat(dirname, &dir_stat); - if (err && errno == ENOENT) { /* no such file or directory */ - err = mkdir(dirname, mode); - if (err) { - HIP_ERROR("mkdir %s failed: %s\n", dirname, - strerror(errno)); - } - } else if (err) { - HIP_ERROR("stat %s failed: %s\n", dirname, - strerror(errno)); - } - - return err; -} - -/** - * check and create a file - * @param file the name of the file - * @param mode creation mode for the file, if it does not exist - * - * @return file descriptor of the created file - */ -int check_and_create_file(char *filename, mode_t mode) -{ - int err = 0, fd = 0; - struct stat file_stat; - - HIP_INFO("filename=%s mode=%o\n", filename, mode); - err = stat(filename, &file_stat); - if (err && errno == ENOENT) { /* no such file or file */ - fd = open(filename, O_RDWR | O_CREAT, 0644); - if (fd < 0) { - HIP_ERROR("creating file %s failed: %s\n", filename, - strerror(errno)); - } - } else { - fd = open(filename, O_RDWR); - if (fd < 0) { - HIP_ERROR("opening file %s failed: %s\n", filename, - strerror(errno)); - } - } - - return fd; -} /** * check if a given host id just contains a public key (i.e. can @@ -867,38 +810,6 @@ return len >= 3 * (64 + 8 * t) + 2 * 20; /* PQGXY 3*(64+8*t) + 2*20 */ } -/** - * make /etc/hip file permissions more secure - * - * @param filenamebase the file name based for keys - */ -void change_key_file_perms(char *filenamebase) -{ - char *pubfilename = NULL; - int pubfilename_len; - - pubfilename_len = - strlen(filenamebase) + strlen(DEFAULT_PUB_FILE_SUFFIX) + 1; - pubfilename = malloc(pubfilename_len); - if (!pubfilename) { - HIP_ERROR("malloc(%d) failed\n", pubfilename_len); - goto out_err; - } - - /* check retval */ - snprintf(pubfilename, pubfilename_len, "%s%s", filenamebase, - DEFAULT_PUB_FILE_SUFFIX); - - chmod(filenamebase, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); - chmod(pubfilename, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH); - -out_err: - if (pubfilename) { - HIP_FREE(pubfilename); - } - - return; -} /** * (Re)create new host identities or load existing ones, and append the @@ -1596,96 +1507,6 @@ } -/** - * get rid of a lock file - * - * @param filename the file name of the lock file - * @return zero on success and negative on error - */ -int hip_remove_lock_file(char *filename) -{ - return unlink(filename); -} - -/** - * create a new lock file - * - * @param filename the file name of the lock - * @param killold one if the function should steal the lock from - * and existing process and kill it, or zero otherwise - * @return zero on success and negative on error - */ -int hip_create_lock_file(char *filename, int killold) -{ - int err = 0, fd = 0, old_pid = 0, new_pid_str_len = 0; - char old_pid_str[64], new_pid_str[64]; - int pid_set = 0; /* the pid was read successfully */ - memset(old_pid_str, 0, sizeof(old_pid_str)); - memset(new_pid_str, 0, sizeof(new_pid_str)); - - /* New pid */ - snprintf(new_pid_str, sizeof(new_pid_str) - 1, "%d\n", getpid()); - new_pid_str_len = strlen(new_pid_str); - HIP_IFEL((new_pid_str_len <= 0), -1, "pID length error.\n"); - - /* Read old pid */ - fd = HIP_CREATE_FILE(filename); - HIP_IFEL((fd <= 0), -1, "opening lock file failed\n"); - - /** @todo This is possibly unsafe: the pid is read from the file without checking - * file permissions and the process with the number is simply killed. - * THIS COULD BE USED TO ATTACK THE SYSTEM - */ - pid_set = read(fd, old_pid_str, sizeof(old_pid_str) - 1); - old_pid = atoi(old_pid_str); - - if (lockf(fd, F_TLOCK, 0) < 0) { - HIP_IFEL(!killold, -12, - "\nHIP daemon already running with pid %d\n" - "Give: -k option to kill old daemon.\n", old_pid); - - HIP_INFO("\nDaemon is already running with pid %d\n" - "-k option given, terminating old one...\n", old_pid); - /* Erase the old lock file to avoid having multiple pids - * in the file */ - if (lockf(fd, F_ULOCK, 0) == -1) { - HIP_ERROR("Cannot unlock pid lock."); - } - - close(fd); - HIP_IFEL(hip_remove_lock_file(filename), -1, - "Removing lock file failed.\n"); - - /* fd = open(filename, O_RDWR | O_CREAT, 0644); */ - fd = open(filename, O_RDWR | O_CREAT | O_TRUNC, 0644); - - /* Don't close file descriptor because new started process is - * running. */ - HIP_IFEL((fd <= 0), -1, "Opening lock file failed.\n"); - HIP_IFEL(lockf(fd, F_TLOCK, 0), -1, "Lock attempt failed.\n"); - if (pid_set) { - err = kill(old_pid, SIGKILL); - } - if (err != 0) { - HIP_ERROR("\nError when trying to send signal SIGKILL " \ - "process identified by process identifier " \ - "%d.\n", old_pid); - HIP_PERROR("errno after kill() is: "); - } - } - - lseek(fd, 0, SEEK_SET); - - HIP_IFEL((write(fd, new_pid_str, new_pid_str_len) != new_pid_str_len), - -1, "Writing new process identifier failed.\n"); - -out_err: - if (err == -12) { - exit(0); - } - - return err; -} /** * solve a computational puzzle for HIP === modified file 'lib/core/misc.h' --- lib/core/misc.h 2010-03-08 21:21:01 +0000 +++ lib/core/misc.h 2010-03-08 21:42:08 +0000 @@ -135,9 +135,6 @@ int hit_type); int hip_private_host_id_to_hit(const struct hip_host_id_priv *host_id, struct in6_addr *hit, int hit_type); -int check_and_create_dir(char *dirname, mode_t mode); -int hip_timeval_diff(const struct timeval *t1, const struct timeval *t2, - struct timeval *result); char *hip_in6_ntop(const struct in6_addr *in6, char *buf); char *hip_hit_ntop(const hip_hit_t *hit, char *buf); int hip_host_id_contains_private_key(struct hip_host_id *host_id); @@ -178,8 +175,6 @@ int dsa_to_dns_key_rr(DSA *dsa, unsigned char **buf); int rsa_to_dns_key_rr(RSA *rsa, unsigned char **rsa_key_rr); -int hip_create_lock_file(char *filename, int killold); -int hip_remove_lock_file(char *filename); uint64_t hip_solve_puzzle(void *puzzle, struct hip_common *hdr, int mode); int hip_solve_puzzle_m(struct hip_common *out, === modified file 'lib/tool/lutil.h' --- lib/tool/lutil.h 2010-03-03 16:51:18 +0000 +++ lib/tool/lutil.h 2010-03-08 21:42:08 +0000 @@ -54,6 +54,8 @@ void insert(List *, char *data); void destroy(List *); int length(List *); +int hip_timeval_diff(const struct timeval *t1, const struct timeval *t2, + struct timeval *result); /** * Gets an item from a linked list. Gets <code>n</code>th item from a linked