Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
mxshadow/get_shadow_line.c
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
137 lines (118 sloc)
4.23 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define _GNU_SOURCE | |
| #include <stdio.h> | |
| #include <sys/socket.h> | |
| #include <netinet/ip.h> | |
| #include <arpa/inet.h> | |
| #include <strings.h> | |
| #include <string.h> | |
| #include <unistd.h> | |
| #include "common.h" | |
| #define TIMEOUT 5000 | |
| static int read_config(struct sockaddr_in *addr) { | |
| static const char conf_filename[] = "/etc/mxshadow.conf"; | |
| FILE *f _cleanup_(free_file) = NULL; | |
| char *line _cleanup_(free_string) = NULL; | |
| size_t n = 0; | |
| f = fopen(conf_filename, "r"); | |
| if (f == NULL) { COMMON_LOG(LOG_ERR, "%s: %m", conf_filename); return(-1); } | |
| char *server _cleanup_(free_string) = NULL; | |
| int port = -1; | |
| while (1) { | |
| int status = getline(&line, &n, f); | |
| if (status == -1) { | |
| if (feof(f)) | |
| break; | |
| COMMON_LOG(LOG_ERR, "%s: %m", conf_filename); | |
| return -1; | |
| } | |
| char *comment = strchr(line, '#'); | |
| if (comment) { | |
| *comment = 0; | |
| } | |
| sscanf(line, "server = %ms \n", &server); | |
| sscanf(line, "port = %u \n", &port); | |
| } | |
| if (server == NULL || port == -1) { | |
| COMMON_LOG(LOG_ERR, "%s: does not set server and port", conf_filename); | |
| errno = EINVAL; | |
| return -1; | |
| } | |
| int status = inet_aton(server, &addr->sin_addr); | |
| if (status == 0) { | |
| COMMON_LOG(LOG_ERR, "%s: not a invalid ip address: %s\n", conf_filename, server); | |
| errno = EINVAL; | |
| return -1; | |
| } | |
| addr->sin_port = htons(port); | |
| return 0; | |
| } | |
| static int get_int_sockopt(int sockfd, int level, int optname, int *optvalptr) { | |
| socklen_t len = sizeof(*optvalptr); | |
| return getsockopt(sockfd, level, optname, optvalptr, &len); | |
| } | |
| /* socket must be SOCK_NONBLOCK */ | |
| static int connect_with_timeout(int sockfd, struct sockaddr *addr, socklen_t addrlen, int timeout) { | |
| int status = connect(sockfd, addr, addrlen); | |
| if (status == -1 && errno == EINPROGRESS) { | |
| struct pollfd pollfd = { .fd = sockfd, .events = POLLOUT }; | |
| status = poll(&pollfd, 1, timeout); | |
| if (status == -1) | |
| return -1; | |
| if (status == 0) { | |
| errno = ETIMEDOUT; | |
| return -1; | |
| } | |
| int so_error; | |
| status = get_int_sockopt(sockfd, SOL_SOCKET, SO_ERROR, &so_error); | |
| if (status == -1) | |
| return status; | |
| if (so_error == 0) | |
| return 0; | |
| errno = so_error; | |
| return -1; | |
| } | |
| return status; | |
| } | |
| #define BUFLEN_SPWD (1024) | |
| static int get_shadow_line(char *user, char **line) { | |
| struct sockaddr_in sockaddr; | |
| bzero(&sockaddr, sizeof(sockaddr)); | |
| sockaddr.sin_family = AF_INET; | |
| int status = read_config(&sockaddr); | |
| if (status == -1) return -1; | |
| SSL_CTX *ssl_ctx _cleanup_(free_ssl_ctx) = SSL_CTX_new(TLS_client_method()); | |
| if (ssl_ctx == NULL) { psslerror("SSL_CTX_new"); return -1; } | |
| SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); | |
| if (SSL_CTX_load_verify_locations(ssl_ctx, "/etc/mxshadow.cert.pem", NULL) == 0) { psslerror("SSL_CTX_load_verify_locations"); return -1; } | |
| int sock _cleanup_(free_fd) = socket(AF_INET, SOCK_STREAM | SOCK_NONBLOCK, 0); | |
| if (sock == -1) { COMMON_LOG(LOG_ERR, "socket: %m"); return -1; } | |
| status = connect_with_timeout(sock, (struct sockaddr *)&sockaddr, sizeof(sockaddr), TIMEOUT); | |
| if (status == -1) { COMMON_LOG(LOG_ERR, "connect: %m"); return -1; } | |
| SSL *ssl _cleanup_(free_ssl) = SSL_new(ssl_ctx); | |
| if (ssl == NULL) { psslerror("SSL_new"); return -1; } | |
| SSL_set_connect_state(ssl); | |
| status = SSL_set_fd(ssl, sock); | |
| if (status == 0) { psslerror("SSL_set_fd"); return -1; } | |
| int len = strlen(user); | |
| status = ssl_write_with_timeout(ssl, sock, user, len, TIMEOUT); | |
| if (status == -1) { | |
| COMMON_LOG(LOG_ERR, "ssl_write_with_timeout failed"); | |
| return -1; | |
| } | |
| char *buffer _cleanup_(free_string) = malloc(BUFLEN_SPWD); | |
| if (buffer == NULL) | |
| return -1; | |
| len = ssl_read_with_timeout(ssl, sock, buffer, BUFLEN_SPWD, TIMEOUT); | |
| if (len<0) | |
| return -1; | |
| SSL_shutdown(ssl); | |
| if (len == BUFLEN_SPWD) { | |
| /* we don't expect reply lines longer than BUFLEN_SPWD. If we get one, regard this as a protocol error */ | |
| errno = EPROTO; | |
| return -1; | |
| } | |
| buffer[len] = '\0'; | |
| *line = buffer; | |
| buffer = NULL; | |
| return 0; | |
| } |