File: gtmsecshr_sock_init.c

package info (click to toggle)
fis-gtm 7.0-005-1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 32,264 kB
  • sloc: ansic: 336,687; asm: 5,184; csh: 4,823; sh: 1,945; awk: 291; makefile: 72; sed: 13
file content (326 lines) | stat: -rw-r--r-- 12,184 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
 
/****************************************************************
 *								*
 * Copyright (c) 2001-2022 Fidelity National Information	*
 * Services, Inc. and/or its subsidiaries. All rights reserved.	*
 *								*
 *	This source code contains the intellectual property	*
 *	of its copyright holder(s), and is made available	*
 *	under a license.  If you do not know the terms of	*
 *	the license, please stop and do not read further.	*
 *								*
 ****************************************************************/

#include "mdef.h"

#include <errno.h>

#include "gtm_stdio.h"
#include "gtm_string.h"
#include "gtm_ipc.h"
#include "gtm_stat.h"
#include "gtm_un.h"
#include "gtm_fcntl.h"
#include "gtm_unistd.h"
#include "gtm_socket.h"
#include "gtm_limits.h"

#include "gtm_logicals.h"
#include "io.h"
#include "error.h"
#include "gtmsecshr.h"
#include "gtmimagename.h"
#include "iosp.h"
#include "send_msg.h"
#include "getjobnum.h"
#include "gtmmsg.h"
#include "trans_log_name.h"
#include "eintr_wrappers.h"
#include "gtm_permissions.h"

GBLREF struct sockaddr_un 	gtmsecshr_sock_name;
GBLREF struct sockaddr_un 	gtmsecshr_cli_sock_name;
GBLREF key_t			gtmsecshr_key;
GBLREF int 			gtmsecshr_sockpath_len;
GBLREF int 			gtmsecshr_cli_sockpath_len;
GBLREF mstr 			gtmsecshr_pathname;
GBLREF boolean_t		gtmsecshr_sock_init_done;
GBLREF uint4			process_id;
GBLREF int			gtmsecshr_sockfd;
GBLREF char			gtm_dist[GTM_PATH_MAX];
GBLREF boolean_t		gtm_dist_ok_to_use;

LITREF gtmImageName            gtmImageNames[];

static char			gtmsecshr_sockpath[GTM_PATH_MAX];
static char			gtmsecshr_path[GTM_PATH_MAX];
static char hex_table[] = {'0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'};

unsigned char		*mypid2ascx(unsigned char *, pid_t);

#ifndef SUN_LEN
#  define SUN_LEN(x)	SIZEOF(*x)
#else
#  define EXACT_SIZE_SOCKNAME
#endif

error_def(ERR_GTMDISTUNVERIF);
error_def(ERR_GTMSECSHRSOCKET);
error_def(ERR_LOGTOOLONG);
error_def(ERR_TEXT);

int4 gtmsecshr_pathname_init(int caller, char *execpath, int execpathln)
{
	int			ret_status = 0, status, len;
	char			*dir_error_mesg, *error_mesg;
	mstr			secshrsock_lognam, secshrsock_transnam;
	struct stat		buf;
	int4			max_sock_path_len;

	if (!process_id)
		getjobnum();
	if (!gtm_dist_ok_to_use)
		if (SERVER == caller)
			send_msg_csa(CSA_ARG(NULL) VARLSTCNT(6) ERR_GTMDISTUNVERIF, 4, STRLEN(gtm_dist), gtm_dist,
					gtmImageNames[image_type].imageNameLen, gtmImageNames[image_type].imageName);
		else
			gtm_putmsg_csa(CSA_ARG(NULL) VARLSTCNT(6) ERR_GTMDISTUNVERIF, 4, STRLEN(gtm_dist), gtm_dist,
					gtmImageNames[image_type].imageNameLen, gtmImageNames[image_type].imageName);
	secshrsock_lognam.addr = GTMSECSHR_SOCK_DIR;
	secshrsock_lognam.len = SIZEOF(GTMSECSHR_SOCK_DIR) - 1;
	/* Get the maximum size of the path excluding the socket filename */
	max_sock_path_len = SIZEOF(gtmsecshr_sock_name.sun_path) - MAX_SECSHR_SOCKFILE_NAME_LEN;
	/* Make sure this length is atmost equal to the size of the buffer that will hold the socket path */
	if (GTM_PATH_MAX < max_sock_path_len)
		max_sock_path_len = GTM_PATH_MAX - MAX_SECSHR_SOCKFILE_NAME_LEN;
	/* Get the value of the GTMSECSHR_SOCK_DIR logical from the environment. status will be SS_LOG2LONG if
	 * the value is greater than max_sock_path_len
	 */
	status = TRANS_LOG_NAME(&secshrsock_lognam, &secshrsock_transnam, gtmsecshr_sockpath, max_sock_path_len,
				do_sendmsg_on_log2long);
	if ((SS_NORMAL != status) || !ABSOLUTE_PATH(gtmsecshr_sockpath))
	{
		if (SS_LOG2LONG == status)
		{
			if (SERVER == caller)
				send_msg_csa(CSA_ARG(NULL) VARLSTCNT(5) ERR_LOGTOOLONG, 3,
						secshrsock_lognam.len, secshrsock_lognam.addr, max_sock_path_len);
			else
				gtm_putmsg_csa(CSA_ARG(NULL) VARLSTCNT(5) ERR_LOGTOOLONG, 3,
						secshrsock_lognam.len, secshrsock_lognam.addr, max_sock_path_len);
		}
		ret_status = INVLOGNAME;
		strcpy(gtmsecshr_sockpath, DEFAULT_GTMSECSHR_SOCK_DIR);
		gtmsecshr_sockpath_len = SIZEOF(DEFAULT_GTMSECSHR_SOCK_DIR) - 1;
	} else
		gtmsecshr_sockpath_len = secshrsock_transnam.len;
	if ((-1 == Stat(gtmsecshr_sockpath, &buf)) || !S_ISDIR(buf.st_mode) )
	{
		if (ret_status)
		{
			dir_error_mesg = NULL;
			error_mesg = "Unable to locate default tmp directory";
		} else
		{
			dir_error_mesg = malloc(GTM_PATH_MAX);
			SNPRINTF(dir_error_mesg, GTM_PATH_MAX, "$gtm_tmp (%s) is not a directory", gtmsecshr_sockpath);
			error_mesg = dir_error_mesg;
		}
		if (SERVER == caller)
			send_msg_csa(CSA_ARG(NULL) VARLSTCNT(9) MAKE_MSG_SEVERE(ERR_GTMSECSHRSOCKET), 3,
				 RTS_ERROR_STRING((SERVER == caller) ? "Server" : "Caller"), process_id,
				 ERR_TEXT, 2, RTS_ERROR_STRING(error_mesg));
		else
			gtm_putmsg_csa(CSA_ARG(NULL) VARLSTCNT(9) MAKE_MSG_SEVERE(ERR_GTMSECSHRSOCKET), 3,
				   RTS_ERROR_STRING((SERVER == caller) ? "Server" : "Caller"), process_id,
				   ERR_TEXT, 2, RTS_ERROR_STRING(error_mesg));
		if (dir_error_mesg)
			free(dir_error_mesg);
		return INVLOGNAME;
	}
	ret_status = 0;
	if ('/' != gtmsecshr_sockpath[gtmsecshr_sockpath_len - 1])
	 	gtmsecshr_sockpath[gtmsecshr_sockpath_len++] = '/';
	gtmsecshr_sockpath[gtmsecshr_sockpath_len] = '\0';
	strcpy(gtmsecshr_sockpath + gtmsecshr_sockpath_len , GTMSECSHR_SOCK_PREFIX);
	gtmsecshr_sockpath_len += (SIZEOF(GTMSECSHR_SOCK_PREFIX) - 1);
	/* Servers have already determined the executable name; clients use path name discovered by gtmsecshr_init(). */
	gtmsecshr_pathname.len = SNPRINTF(gtmsecshr_path, GTM_PATH_MAX, "%s/%s",
		(SERVER == caller) ? execpath : gtm_dist, GTMSECSHR_EXECUTABLE);
	gtmsecshr_pathname.addr = gtmsecshr_path;
	/* We have different project id here. This guarantees to avoid deadlock, if only one gtm installation is there */
	if (-1 == (gtmsecshr_key = FTOK(gtmsecshr_path, GTMSECSHR_ID)))
	{
		ret_status = FTOKERR;
		if (SERVER == caller)
			gtm_putmsg_csa(CSA_ARG(NULL) VARLSTCNT(14) ERR_GTMSECSHRSOCKET, 3,
				   RTS_ERROR_STRING((SERVER == caller) ? "Server" : "Caller"), process_id,
				   ERR_TEXT, 2, RTS_ERROR_LITERAL("Error with gtmsecshr ftok :"),
				   ERR_TEXT, 2, RTS_ERROR_STRING(gtmsecshr_path), errno);
		else
			send_msg_csa(CSA_ARG(NULL) VARLSTCNT(14) ERR_GTMSECSHRSOCKET, 3,
				 RTS_ERROR_STRING((SERVER == caller) ? "Server" : "Caller"), process_id,
				 ERR_TEXT, 2, RTS_ERROR_LITERAL("Error with gtmsecshr ftok :"),
				 ERR_TEXT, 2, RTS_ERROR_STRING(gtmsecshr_path), errno);
	}
	return ret_status;
}

/* Note - only the server passes in the executable name/len - ignore for client */
int4 gtmsecshr_sock_init(int caller)
{
	int			ret_status = 0;
	int			save_errno;
	int			id_str_len;
	int4			init_pathname_status;
	unsigned int		gtmsecshr_cli_sockpath_end;
	unsigned char		id_str[MAX_ID_LEN+1], suffix;
	unsigned char		pid_str[2 * SIZEOF(pid_t) + 1];
	int			i2hex_nofill(int , uchar_ptr_t, int);
	int			stat_res;
	struct stat     	stat_buf;
	struct stat     	dist_stat_buff;
	int			lib_gid;

	assert(FALSE == gtmsecshr_sock_init_done);
	if (!process_id)
		getjobnum();
	if (CLIENT == caller)
	{
		if (0 != (init_pathname_status = gtmsecshr_pathname_init(CLIENT, NULL, 0)))
			return init_pathname_status;
		gtmsecshr_cli_sock_name.sun_family = AF_UNIX;
		memcpy(gtmsecshr_cli_sock_name.sun_path, gtmsecshr_sockpath, gtmsecshr_sockpath_len);
		strcpy(gtmsecshr_cli_sock_name.sun_path + gtmsecshr_sockpath_len, (char *)mypid2ascx(pid_str, process_id));
		gtmsecshr_cli_sockpath_len = (int)(SUN_LEN(&gtmsecshr_cli_sock_name));
	}
	id_str[i2hex_nofill((unsigned int)gtmsecshr_key, (uchar_ptr_t )id_str, MAX_ID_LEN)] = 0;
	id_str_len = STRLEN((char *)id_str);
	memcpy(gtmsecshr_sockpath + gtmsecshr_sockpath_len, (char *)id_str, id_str_len);
	gtmsecshr_sockpath_len += id_str_len;
	gtmsecshr_sock_name.sun_family = AF_UNIX;
	memcpy(gtmsecshr_sock_name.sun_path, gtmsecshr_sockpath, gtmsecshr_sockpath_len);
	gtmsecshr_sockpath_len = (int)(SUN_LEN(&gtmsecshr_sock_name));
	if (FD_INVALID == (gtmsecshr_sockfd = socket(AF_UNIX, SOCK_DGRAM, 0)))
	{
		RTS_ERROR_CSA_ABT(NULL, VARLSTCNT(10) ERR_GTMSECSHRSOCKET, 3,
			RTS_ERROR_STRING((SERVER == caller) ? "Server" : "Caller"),
			process_id, ERR_TEXT, 2, RTS_ERROR_LITERAL("Error with gtmsecshr socket create"), errno);
		ret_status = SOCKETERR;
	}
	if (SERVER == caller)
	{
		if (!ret_status)
		{
			if (-1 == UNLINK(gtmsecshr_sock_name.sun_path))
			{
				if (ENOENT != errno)
				{
					save_errno = errno;
					send_msg_csa(CSA_ARG(NULL) VARLSTCNT(9) ERR_GTMSECSHRSOCKET, 3,
						 RTS_ERROR_STRING((SERVER == caller) ? "Server" : "Caller"), process_id,
						 ERR_TEXT, 2, RTS_ERROR_LITERAL("Error unlinking leftover gtmsecshr socket"),
						save_errno);
					ret_status = UNLINKERR;
				}
			}
		}
		if (!ret_status)
		{
			if (0 > BIND(gtmsecshr_sockfd, (struct sockaddr *)&gtmsecshr_sock_name, gtmsecshr_sockpath_len))
			{
				RTS_ERROR_CSA_ABT(NULL, VARLSTCNT(10) ERR_GTMSECSHRSOCKET, 3,
					RTS_ERROR_STRING((SERVER == caller) ? "Server" : "Caller"), process_id,
					ERR_TEXT, 2, RTS_ERROR_LITERAL("Error with gtmsecshr socket bind"),
					errno);
				ret_status = BINDERR;
			}
		}
	} else /* CLIENT */
	{
		for (suffix = '\0'; !ret_status && 'z' >= suffix; )
		{
			if (-1 == UNLINK(gtmsecshr_cli_sock_name.sun_path))
			{
				if (EPERM == errno || EACCES == errno)
				{
					if (!suffix)
					{
						suffix = 'a';
						gtmsecshr_cli_sockpath_end = strnlen(gtmsecshr_cli_sock_name.sun_path,
								sizeof(gtmsecshr_cli_sock_name.sun_path));
						assert(sizeof(gtmsecshr_cli_sock_name.sun_path) > (1 + gtmsecshr_cli_sockpath_end));
						gtmsecshr_cli_sock_name.sun_path[gtmsecshr_cli_sockpath_end + 1] = '\0';
#						ifdef EXACT_SIZE_SOCKNAME
						gtmsecshr_cli_sockpath_len++; /* Account for socket name growth (suffix) */
#						endif
					} else
						suffix++;
					gtmsecshr_cli_sock_name.sun_path[gtmsecshr_cli_sockpath_end] = suffix;
					continue;
				} else if (ENOENT != errno)
				{
					save_errno = errno;
					send_msg_csa(CSA_ARG(NULL) VARLSTCNT(10) ERR_GTMSECSHRSOCKET, 3,
						 RTS_ERROR_STRING((SERVER == caller) ? "Server" : "Caller"), process_id,
						 ERR_TEXT, 2, RTS_ERROR_LITERAL("Error unlinking leftover gtmsecshr_cli socket"),
						save_errno);
					ret_status = UNLINKERR;
				} else
					break;
			} else
				break;
		}
                if ( 'z' < suffix)
		{
			send_msg_csa(CSA_ARG(NULL) VARLSTCNT(9) ERR_GTMSECSHRSOCKET, 3, RTS_ERROR_LITERAL("Client"), process_id,
				ERR_TEXT, 2, RTS_ERROR_LITERAL("Too many left over gtmsecshr_cli sockets"));
			ret_status = UNLINKERR;
		}
		if (!ret_status)
		{
			if (0 > BIND(gtmsecshr_sockfd, (struct sockaddr *)&gtmsecshr_cli_sock_name, gtmsecshr_cli_sockpath_len))
			{
				RTS_ERROR_CSA_ABT(NULL, VARLSTCNT(10) ERR_GTMSECSHRSOCKET, 3,
					RTS_ERROR_STRING((SERVER == caller) ? "Server" : "Caller"), process_id,
					ERR_TEXT, 2, RTS_ERROR_LITERAL("Error with gtmsecshr_cli socket bind"), errno);
				ret_status = BINDERR;
			} else if ('\0' != suffix)
				ret_status = ONETIMESOCKET;
			/* If ret_status is zero do the following checks if $gtm_dist/libgtmshr.so is not world accessible
			 * then set mode to 0660 and change the gid to the gid of $gtm_dist/libgtmshr.so if different from
			 * current user.
			 */
			if (!ret_status)
			{
				lib_gid = gtm_get_group_id(&dist_stat_buff);
				if ((-1 != lib_gid) && (dist_stat_buff.st_mode & 04))
					lib_gid = -1; /* don't change it */
				if ((-1 != lib_gid)	/* 4SCA: TOCTOU cannot use fchmod/fchown on socket files */
				    && (-1 == CHMOD(gtmsecshr_cli_sock_name.sun_path, 0660)
					|| ((lib_gid != GETGID())
					    && (-1 == CHOWN(gtmsecshr_cli_sock_name.sun_path, -1, lib_gid)))))
				{
					RTS_ERROR_CSA_ABT(NULL, VARLSTCNT(10) ERR_GTMSECSHRSOCKET, 3,
						RTS_ERROR_STRING("Caller"), process_id, ERR_TEXT, 2,
						RTS_ERROR_LITERAL("Error changing socket permissions/group"), errno);
				}
			}
		}
	}
	gtmsecshr_sock_init_done = TRUE;
	return ret_status;
}

unsigned char *mypid2ascx(unsigned char *pid_str, pid_t pid)
{	/* pid_str should accommodate at least 2 * SIZEOF(pid_t) + 1 characters */
	register unsigned char *cp;

	cp = &pid_str[2 * SIZEOF(pid_t)];
	*cp = '\0'; 		/* Null terminate the string */
	while (cp > pid_str)
	{
		*--cp = hex_table[pid & 0xF];
		pid >>= 4;
	}
	return pid_str;
}