File duilder added (mode: 100755) (index 0000000..274273c) |
|
1 |
|
#!/bin/bash |
|
2 |
|
|
|
3 |
|
set -e |
|
4 |
|
|
|
5 |
|
function duilder_final() |
|
6 |
|
{ |
|
7 |
|
PRJ="${1}" |
|
8 |
|
VER="${2}" |
|
9 |
|
RELEASE_SCRIPT="${3}" |
|
10 |
|
|
|
11 |
|
# Run release script |
|
12 |
|
if [ ! -z "${RELEASE_SCRIPT}" -a -x "${RELEASE_SCRIPT}" ]; then |
|
13 |
|
echo "[*] Running ${RELEASE_SCRIPT}..." |
|
14 |
|
${RELEASE_SCRIPT} |
|
15 |
|
fi |
|
16 |
|
} |
|
17 |
|
|
|
18 |
|
function duilder_docs() |
|
19 |
|
{ |
|
20 |
|
PRJ="${1}" |
|
21 |
|
VER="${2}" |
|
22 |
|
EXPORT_PATH="${3}" |
|
23 |
|
|
|
24 |
|
if [ ! -d "${EXPORT_PATH}" ]; then |
|
25 |
|
echo "[*] WARN: ${EXPORT_PATH} does not exists. Creating it..." |
|
26 |
|
mkdir -p "${EXPORT_PATH}" |
|
27 |
|
fi |
|
28 |
|
|
|
29 |
|
if [ "${BUILD_SDEB}" = "1" ]; then |
|
30 |
|
if [ -d "debian" ]; then |
|
31 |
|
>debian/docs |
|
32 |
|
fi |
|
33 |
|
fi |
|
34 |
|
|
|
35 |
|
echo "[*] Copying docs to [${EXPORT_PATH}]..." |
|
36 |
|
for f in README License LICENSE Changelog Changelog-last TODO FAQ INSTALL AUTHORS samples; do |
|
37 |
|
if [ -r "${f}" ]; then |
|
38 |
|
cp -avp "${f}" "${EXPORT_PATH}/" |
|
39 |
|
if [ "${BUILD_SDEB}" = "1" ]; then |
|
40 |
|
# No need to install the license file |
|
41 |
|
if [ "${f}" = "LICENSE" ]; then |
|
42 |
|
continue |
|
43 |
|
fi |
|
44 |
|
echo "${f}" >> debian/docs |
|
45 |
|
fi |
|
46 |
|
fi |
|
47 |
|
done |
|
48 |
|
echo |
|
49 |
|
|
|
50 |
|
if [ -d "screenshot" ]; then |
|
51 |
|
echo "[*] Copying screenshots..." |
|
52 |
|
mkdir -p "${EXPORT_PATH}" |
|
53 |
|
cp -vp screenshot/* "${EXPORT_PATH}/" |
|
54 |
|
echo |
|
55 |
|
fi |
|
56 |
|
} |
|
57 |
|
|
|
58 |
|
function duilder_git() |
|
59 |
|
{ |
|
60 |
|
PRJ="${1}" |
|
61 |
|
GIT_DEST="${2}" |
|
62 |
|
EXPORT_GIT="${3}" |
|
63 |
|
GIT_CHANGELOG="${4}" |
|
64 |
|
GIT_PUSH="${5}" |
|
65 |
|
|
|
66 |
|
if [ ! -x /usr/bin/git ]; then |
|
67 |
|
echo "[*] Warning: Git not found!" |
|
68 |
|
exit 0 |
|
69 |
|
fi |
|
70 |
|
|
|
71 |
|
if [ ! -d .git ]; then |
|
72 |
|
echo "[*] Warning: I cannot find .git directory!" |
|
73 |
|
exit 0 |
|
74 |
|
fi |
|
75 |
|
|
|
76 |
|
echo "[*] Testing if a tag is present for HEAD..." |
|
77 |
|
D=`git describe | sed -e 's/^.*-g[0-9a-fA-F]*$//'` |
|
78 |
|
if [ "${D}" = "" ]; then |
|
79 |
|
echo "No annotated tag preset for HEAD! Please add one!" |
|
80 |
|
exit 1 |
|
81 |
|
fi |
|
82 |
|
|
|
83 |
|
if [ "${EXPORT_GIT}" = "1" ]; then |
|
84 |
|
echo "[*] Generating GIT tree for HTTP transport..." |
|
85 |
|
if [ ! -d "${GIT_DEST}/${PRJ}.git" ]; then |
|
86 |
|
git clone --bare . "${GIT_DEST}/${PRJ}.git" |
|
87 |
|
|
|
88 |
|
# Activate post-update hook |
|
89 |
|
cp "${GIT_DEST}/${PRJ}.git/hooks/post-update.sample" \ |
|
90 |
|
"${GIT_DEST}/${PRJ}.git/hooks/post-update" |
|
91 |
|
chmod a+x "${GIT_DEST}/${PRJ}.git/hooks/post-update" |
|
92 |
|
|
|
93 |
|
# add project name and description |
|
94 |
|
echo "${PRJ}" > "${GIT_DEST}/${PRJ}.git/description" |
|
95 |
|
|
|
96 |
|
# allow export by git daemon? |
|
97 |
|
#touch "${GIT_DEST}/${PRJ}.git/git-daemon-export-ok |
|
98 |
|
else |
|
99 |
|
# --force? |
|
100 |
|
echo "Running git push -v --all \"${GIT_DEST}/${PRJ}.git\"..." |
|
101 |
|
git push -v --all "${GIT_DEST}/${PRJ}.git" |
|
102 |
|
echo "Running git push -v --tags \"${GIT_DEST}/${PRJ}.git\"..." |
|
103 |
|
git push -v --tags "${GIT_DEST}/${PRJ}.git" |
|
104 |
|
fi |
|
105 |
|
(cd "${GIT_DEST}/${PRJ}.git" && git update-server-info) |
|
106 |
|
fi |
|
107 |
|
|
|
108 |
|
if [ "${GIT_PUSH}" = "1" ]; then |
|
109 |
|
echo "[*] Git push..." |
|
110 |
|
git push -v --all |
|
111 |
|
fi |
|
112 |
|
|
|
113 |
|
if [ "${GIT_CHANGELOG}" = "1" ]; then |
|
114 |
|
echo "[*] Generating Changelog from git..." |
|
115 |
|
echo -n > Changelog |
|
116 |
|
|
|
117 |
|
# get the list of tags |
|
118 |
|
number_of_tags=0 |
|
119 |
|
git show-ref --tags -d | grep refs/tags/v > duilder.tmp |
|
120 |
|
while read sha1 full_tag; do |
|
121 |
|
tag=`echo ${full_tag} | sed -e 's#refs/tags/##' | cut -d'^' -f1` |
|
122 |
|
tags[${number_of_tags}]=${tag} |
|
123 |
|
tags_commit[${number_of_tags}]=${sha1} |
|
124 |
|
number_of_tags=$[${number_of_tags}+1] |
|
125 |
|
done < duilder.tmp |
|
126 |
|
rm -f duilder.tmp |
|
127 |
|
|
|
128 |
|
# get the list of commits, test if is a tag and do the diff |
|
129 |
|
prev="" |
|
130 |
|
add="" |
|
131 |
|
first=1 |
|
132 |
|
git log --pretty=oneline | cut -f1 | \ |
|
133 |
|
while read commit junk; do |
|
134 |
|
# test if it is a tag |
|
135 |
|
tag="" |
|
136 |
|
i=0 |
|
137 |
|
while [ "${i}" -lt "${number_of_tags}" ]; do |
|
138 |
|
if [ "${commit}" = "${tags_commit[${i}]}" ]; then |
|
139 |
|
tag="${tags[${i}]}" |
|
140 |
|
break |
|
141 |
|
fi |
|
142 |
|
|
|
143 |
|
i=$[${i}+1] |
|
144 |
|
done |
|
145 |
|
|
|
146 |
|
if [ -z "${tag}" ]; then |
|
147 |
|
continue |
|
148 |
|
fi |
|
149 |
|
|
|
150 |
|
if [ ! -z "${prev}" ]; then |
|
151 |
|
echo "[*] Generating Changelog from ${tag} -> ${prev}..." |
|
152 |
|
echo -en "${add}" >> Changelog |
|
153 |
|
add="\n" |
|
154 |
|
echo "[${tag} -> ${prev}]" >> Changelog |
|
155 |
|
git shortlog ${tag}..${prev} | \ |
|
156 |
|
(IFS="" |
|
157 |
|
while read line; do |
|
158 |
|
echo " ${line}" |
|
159 |
|
done) \ |
|
160 |
|
>> Changelog |
|
161 |
|
|
|
162 |
|
if [ "${first}" = "1" ]; then |
|
163 |
|
echo "[*] Generating Changelog-last..." |
|
164 |
|
cp Changelog Changelog-last |
|
165 |
|
first=0 |
|
166 |
|
fi |
|
167 |
|
fi |
|
168 |
|
prev=${tag} |
|
169 |
|
done |
|
170 |
|
fi |
|
171 |
|
} |
|
172 |
|
|
|
173 |
|
function duilder_srpm() |
|
174 |
|
{ |
|
175 |
|
PRJ="${1}" |
|
176 |
|
VER="${2}" |
|
177 |
|
EXPORT_PATH="${3}" |
|
178 |
|
BUILD_SRPM="${4}" |
|
179 |
|
SRPM_DEST="${5}" |
|
180 |
|
SRPM_POST_RUN="${6}" |
|
181 |
|
|
|
182 |
|
P="${PRJ}-${VER}" |
|
183 |
|
|
|
184 |
|
if [ "${BUILD_SRPM}" != "1" ]; then |
|
185 |
|
exit 0 |
|
186 |
|
fi |
|
187 |
|
|
|
188 |
|
if [ ! -d "${EXPORT_PATH}" ]; then |
|
189 |
|
echo "WARN: ${EXPORT_PATH} does not exists. Creating it..." |
|
190 |
|
mkdir -p "${EXPORT_PATH}" |
|
191 |
|
fi |
|
192 |
|
|
|
193 |
|
echo "[*] Building SRPM..." |
|
194 |
|
rpmbuild -ts "${P}.tar.gz" |
|
195 |
|
echo |
|
196 |
|
|
|
197 |
|
PKG="${RPMBUILD}/SRPMS/${P}-${REV}.src.rpm" |
|
198 |
|
|
|
199 |
|
# Run a rpmlint on it |
|
200 |
|
if [ -x /usr/bin/rpmlint ]; then |
|
201 |
|
echo "[*] RPMlinting..." |
|
202 |
|
rpmlint -iv "${PKG}" > rpmlint.out |
|
203 |
|
else |
|
204 |
|
echo "[*] WARN: rpmlint is missing!" |
|
205 |
|
fi |
|
206 |
|
|
|
207 |
|
if [ ! -z "${SRPM_DEST}" ]; then |
|
208 |
|
echo "[*] Copying [${PKG}] to [${SRPM_DEST}]..." |
|
209 |
|
cp -vp "${PKG}" "${SRPM_DEST}/" |
|
210 |
|
fi |
|
211 |
|
|
|
212 |
|
echo "[*] Copying to export dir [${EXPORT_PATH}]..." |
|
213 |
|
mkdir -p "${EXPORT_PATH}" |
|
214 |
|
cp -vp "${PKG}" "${EXPORT_PATH}/" |
|
215 |
|
echo |
|
216 |
|
|
|
217 |
|
if [ -x "${SRPM_POST_RUN}" ]; then |
|
218 |
|
echo "[*] Running post SRPM build script [${SRPM_POST_RUN}]..." |
|
219 |
|
${SRPM_POST_RUN} "${PKG}" |
|
220 |
|
fi |
|
221 |
|
} |
|
222 |
|
|
|
223 |
|
function duilder_sdeb() |
|
224 |
|
{ |
|
225 |
|
PRJ="${1}" |
|
226 |
|
VER="${2}" |
|
227 |
|
EXPORT_PATH="${3}" |
|
228 |
|
BUILD_SDEB="${4}" |
|
229 |
|
SDEB_DEST="${5}" |
|
230 |
|
SDEB_POST_RUN="${6}" |
|
231 |
|
|
|
232 |
|
P="${PRJ}-${VER}" |
|
233 |
|
|
|
234 |
|
if [ "${BUILD_SDEB}" != "1" ]; then |
|
235 |
|
exit 0 |
|
236 |
|
fi |
|
237 |
|
|
|
238 |
|
if [ ! -d "${EXPORT_PATH}" ]; then |
|
239 |
|
echo "WARN: ${EXPORT_PATH} does not exists. Creating it..." |
|
240 |
|
mkdir -p "${EXPORT_PATH}" |
|
241 |
|
fi |
|
242 |
|
|
|
243 |
|
echo "[*] Copying SDEB..." |
|
244 |
|
PKG="${PRJ}_${VER}.orig.tar.gz" |
|
245 |
|
|
|
246 |
|
if [ -n "${SDEB_DEST}" ]; then |
|
247 |
|
cp -vp "${P}.tar.gz" "${SDEB_DEST}/${PKG}" |
|
248 |
|
fi |
|
249 |
|
|
|
250 |
|
echo "[*] Copying to export dir [${DEB_EXPORT_PATH}]..." |
|
251 |
|
mkdir -p "${EXPORT_PATH}" |
|
252 |
|
cp -vp "${P}.tar.gz" "${EXPORT_PATH}/${PKG}" |
|
253 |
|
echo |
|
254 |
|
|
|
255 |
|
if [ -x "${SDEB_POST_RUN}" ]; then |
|
256 |
|
echo "[*] Running post SDEB build script [${SDEB_POST_RUN}]..." |
|
257 |
|
${SDEB_POST_RUN} "${SDEB}/${PKG}" |
|
258 |
|
fi |
|
259 |
|
} |
|
260 |
|
|
|
261 |
|
function duilder_tar() |
|
262 |
|
{ |
|
263 |
|
PRJ="${1}" |
|
264 |
|
VER="${2}" |
|
265 |
|
EXPORT_PATH="${3}" |
|
266 |
|
EXCLUDE="${4}" |
|
267 |
|
|
|
268 |
|
P="${PRJ}-${VER}" |
|
269 |
|
|
|
270 |
|
if [ ! -d "${EXPORT_PATH}" ]; then |
|
271 |
|
echo "[*] WARN: ${EXPORT_PATH} does not exists. Creating it..." |
|
272 |
|
mkdir -p "${EXPORT_PATH}" |
|
273 |
|
fi |
|
274 |
|
|
|
275 |
|
echo "[*] Generating tarball [${P}.tar.gz]..." |
|
276 |
|
ADD_EXCLUDE="" |
|
277 |
|
if [ ! -z "${EXCLUDE}" ]; then |
|
278 |
|
ADD_EXCLUDE="--exclude-from ${P}/${EXCLUDE}" |
|
279 |
|
echo "[*] ADD_EXCLUDE=${ADD_EXCLUDE}" |
|
280 |
|
fi |
|
281 |
|
|
|
282 |
|
(cd .. \ |
|
283 |
|
&& rm -rf "${P}" \ |
|
284 |
|
&& cp -a --link "${PRJ}" "${P}" \ |
|
285 |
|
&& tar czf "${PRJ}/${P}.tar.gz" \ |
|
286 |
|
--exclude-vcs \ |
|
287 |
|
--exclude ${P}/Makefile \ |
|
288 |
|
${ADD_EXCLUDE} \ |
|
289 |
|
"${P}" \ |
|
290 |
|
&& rm -rf "${P}" |
|
291 |
|
) |
|
292 |
|
|
|
293 |
|
echo "[*] Copying source to ${EXPORT_PATH}..." |
|
294 |
|
mkdir -p "${EXPORT_PATH}" |
|
295 |
|
cp -vp "${P}.tar.gz" "${EXPORT_PATH}/" |
|
296 |
|
echo |
|
297 |
|
} |
|
298 |
|
|
|
299 |
|
#################################################################### |
|
300 |
|
|
|
301 |
|
# Variables |
|
302 |
|
if [ -d "${HOME}/rpmbuild" ]; then |
|
303 |
|
RPMBUILD="${HOME}/rpmbuild" |
|
304 |
|
else |
|
305 |
|
RPMBUILD="/usr/src/redhat" |
|
306 |
|
fi |
|
307 |
|
|
|
308 |
|
|
|
309 |
|
if [ ! -r duilder.conf ]; then |
|
310 |
|
echo "[*] You must build a duilder.conf file!" |
|
311 |
|
exit 1 |
|
312 |
|
fi |
|
313 |
|
|
|
314 |
|
source ${PWD}/duilder.conf |
|
315 |
|
|
|
316 |
|
# fixes |
|
317 |
|
if [ -z "${GIT_DEST}" ]; then |
|
318 |
|
GIT_DEST="${EXPORT_PATH}" |
|
319 |
|
fi |
|
320 |
|
|
|
321 |
|
if [ -z "${PRJ}" ]; then |
|
322 |
|
echo "ERROR: PRJ= parameter is missing." |
|
323 |
|
exit 1 |
|
324 |
|
fi |
|
325 |
|
|
|
326 |
|
if [ -z "${VER}" ]; then |
|
327 |
|
echo "ERROR: VER= parameter is missing." |
|
328 |
|
exit 1 |
|
329 |
|
fi |
|
330 |
|
|
|
331 |
|
if [ -z "${REV}" ]; then |
|
332 |
|
echo "ERROR: REV= parameter is missing." |
|
333 |
|
exit 1 |
|
334 |
|
fi |
|
335 |
|
|
|
336 |
|
# export variables - just in case a script cares |
|
337 |
|
export PRJ VER REV SHORT_DESCRIPTION EXPORT_PATH EXPORT_GIT GIT_PUSH GIT_DEST |
|
338 |
|
export SRPM_DEST SDEB_DEST LICENSE MAINTAINER_NAME MAINTAINER_EMAIL |
|
339 |
|
export HOME_PAGE BUILD_SRPM BUILD_SDEB |
|
340 |
|
|
|
341 |
|
|
|
342 |
|
# Multiplexer |
|
343 |
|
if [ "${1}" = "docs" ]; then |
|
344 |
|
shift |
|
345 |
|
duilder_docs "$@" |
|
346 |
|
exit $? |
|
347 |
|
fi |
|
348 |
|
|
|
349 |
|
if [ "${1}" = "tar" ]; then |
|
350 |
|
shift |
|
351 |
|
duilder_tar "$@" |
|
352 |
|
exit $? |
|
353 |
|
fi |
|
354 |
|
|
|
355 |
|
if [ "${1}" = "git" ]; then |
|
356 |
|
shift |
|
357 |
|
duilder_git "$@" |
|
358 |
|
exit $? |
|
359 |
|
fi |
|
360 |
|
|
|
361 |
|
if [ "${1}" = "srpm" ]; then |
|
362 |
|
shift |
|
363 |
|
duilder_srpm "$@" |
|
364 |
|
exit $? |
|
365 |
|
fi |
|
366 |
|
|
|
367 |
|
if [ "${1}" = "sdeb" ]; then |
|
368 |
|
shift |
|
369 |
|
duilder_sdeb "$@" |
|
370 |
|
exit $? |
|
371 |
|
fi |
|
372 |
|
|
|
373 |
|
if [ "${1}" = "final" ]; then |
|
374 |
|
shift |
|
375 |
|
duilder_final "$@" |
|
376 |
|
exit $? |
|
377 |
|
fi |
|
378 |
|
|
|
379 |
|
|
|
380 |
|
###### Main stuff |
|
381 |
|
echo "[*] Duilder builder script" |
|
382 |
|
echo "[*] Copyright Catalin(ux) M. BOIE - catab at embedromix dot ro" |
|
383 |
|
echo "[*] PRJ=${PRJ}, VER=${VER}, REV=${REV}" |
|
384 |
|
echo "[*] System: `uname -a`" |
|
385 |
|
echo "[*] Parameters: ${@}" |
|
386 |
|
|
|
387 |
|
ETC="/etc" |
|
388 |
|
BIN="/bin" |
|
389 |
|
USR="/usr" |
|
390 |
|
USR_BIN="/usr/bin" |
|
391 |
|
USR_SBIN="/usr/sbin" |
|
392 |
|
USR_INCLUDE="/usr/include" |
|
393 |
|
if [ "`uname -m`" = "i686" ]; then |
|
394 |
|
USR_LIB="/usr/lib" |
|
395 |
|
else |
|
396 |
|
USR_LIB="/usr/lib64" |
|
397 |
|
fi |
|
398 |
|
USR_SHARE="/usr/share" |
|
399 |
|
USR_SHARE_DOC="/usr/share/doc/${PRJ}" |
|
400 |
|
SBIN="/usr/sbin" |
|
401 |
|
VAR="/var" |
|
402 |
|
VAR_LIB="/var/lib" |
|
403 |
|
MAN="/usr/share/man" |
|
404 |
|
PREFIX="/usr" |
|
405 |
|
|
|
406 |
|
while [ "${1}" != "" ]; do |
|
407 |
|
xVAR="`echo ${1} | cut -d'=' -f1`" |
|
408 |
|
xVAL="`echo ${1} | cut -d'=' -f2 | sed -e "s|\\${prefix}|${PREFIX}|"`" |
|
409 |
|
shift |
|
410 |
|
case ${xVAR} in |
|
411 |
|
--sysconfdir) |
|
412 |
|
ETC="${xVAL}" |
|
413 |
|
;; |
|
414 |
|
--bindir) |
|
415 |
|
USR_BIN="${xVAL}" |
|
416 |
|
;; |
|
417 |
|
--sbindir) |
|
418 |
|
USR_SBIN="${xVAL}" |
|
419 |
|
;; |
|
420 |
|
--includedir) |
|
421 |
|
USR_INCLUDE="${xVAL}" |
|
422 |
|
;; |
|
423 |
|
--libdir) |
|
424 |
|
USR_LIB="${xVAL}" |
|
425 |
|
;; |
|
426 |
|
--localstatedir) |
|
427 |
|
VAR="${xVAL}" |
|
428 |
|
;; |
|
429 |
|
--sharedstatedir) |
|
430 |
|
VAR_LIB="${xVAL}" |
|
431 |
|
;; |
|
432 |
|
--datadir) |
|
433 |
|
USR_SHARE="${xVAL}" |
|
434 |
|
;; |
|
435 |
|
--mandir) |
|
436 |
|
MAN="${xVAL}" |
|
437 |
|
;; |
|
438 |
|
--prefix) |
|
439 |
|
PREFIX="${xVAL}" |
|
440 |
|
USR="${xVAL}" |
|
441 |
|
;; |
|
442 |
|
esac |
|
443 |
|
done |
|
444 |
|
|
|
445 |
|
# Last fixes |
|
446 |
|
VAR_LOG="${VAR}/log" |
|
447 |
|
VAR_RUN="${VAR}/run" |
|
448 |
|
|
|
449 |
|
for i in ETC BIN USR USR_BIN USR_SBIN USR_INCLUDE USR_LIB USR_SHARE USR_SHARE_DOC SBIN VAR VAR_LIB MAN VAR_LOG VAR_RUN; do |
|
450 |
|
eval value=\$$i |
|
451 |
|
echo "[*] Var ${i}=${value}" |
|
452 |
|
done |
|
453 |
|
|
|
454 |
|
# Truncate future sed file |
|
455 |
|
> tmp.sed |
|
456 |
|
|
|
457 |
|
DB_SUPPORT=0 |
|
458 |
|
|
|
459 |
|
echo -n "[*] Searching for PostgreSQL..." |
|
460 |
|
set +e |
|
461 |
|
PG_VERSION="`pg_config --version 2>/dev/null`" |
|
462 |
|
set -e |
|
463 |
|
if [ -z "${PG_VERSION}" ]; then |
|
464 |
|
echo " not found." |
|
465 |
|
PG_FOUND=0 |
|
466 |
|
else |
|
467 |
|
echo " found version ${PG_VERSION}." |
|
468 |
|
PG_FOUND=1 |
|
469 |
|
PG_INC="-I`pg_config --includedir`" |
|
470 |
|
PG_LIB="-L`pg_config --libdir` -lpq" |
|
471 |
|
|
|
472 |
|
echo "s#@PG_VERSION@#${PG_VERSION}#g" >> tmp.sed |
|
473 |
|
echo "s#@PG_INC@#${PG_INC}#g" >> tmp.sed |
|
474 |
|
echo "s#@PG_LIB@#${PG_LIB}#g" >> tmp.sed |
|
475 |
|
|
|
476 |
|
DB_SUPPORT=1 |
|
477 |
|
echo "s#@DB_SUPPORT@#${DB_SUPPORT}#g" >> tmp.sed |
|
478 |
|
fi |
|
479 |
|
echo "s#@PG_FOUND@#${PG_FOUND}#g" >> tmp.sed |
|
480 |
|
|
|
481 |
|
|
|
482 |
|
echo -n "[*] Searching for MySQL..." |
|
483 |
|
set +e |
|
484 |
|
MYSQL_VERSION="`mysql_config --version 2>/dev/null`" |
|
485 |
|
set -e |
|
486 |
|
if [ -z "${MYSQL_VERSION}" ]; then |
|
487 |
|
echo " not found." |
|
488 |
|
MYSQL_FOUND=0 |
|
489 |
|
else |
|
490 |
|
echo " found version ${MYSQL_VERSION}." |
|
491 |
|
MYSQL_FOUND=1 |
|
492 |
|
MYSQL_INC="`mysql_config --include`" |
|
493 |
|
MYSQL_LIB="`mysql_config --libs`" |
|
494 |
|
|
|
495 |
|
echo "s#@MYSQL_VERSION@#${MYSQL_VERSION}#g" >> tmp.sed |
|
496 |
|
echo "s#@MYSQL_INC@#${MYSQL_INC}#g" >> tmp.sed |
|
497 |
|
echo "s#@MYSQL_LIB@#${MYSQL_LIB}#g" >> tmp.sed |
|
498 |
|
|
|
499 |
|
DB_SUPPORT=1 |
|
500 |
|
echo "s#@DB_SUPPORT@#${DB_SUPPORT}#g" >> tmp.sed |
|
501 |
|
fi |
|
502 |
|
echo "s#@MYSQL_FOUND@#${MYSQL_FOUND}#g" >> tmp.sed |
|
503 |
|
|
|
504 |
|
echo -n "[*] Searching for poll..." |
|
505 |
|
set +e |
|
506 |
|
echo -e "#include <poll.h> \n int main(void) { return poll(0, 0, 0); }" | gcc -x c -pipe - -o /dev/null 2>/dev/null |
|
507 |
|
E="${?}" |
|
508 |
|
set -e |
|
509 |
|
if [ "${E}" != "0" ]; then |
|
510 |
|
echo " not found." |
|
511 |
|
echo "s#@POLL_FOUND@#0#g" >> tmp.sed |
|
512 |
|
else |
|
513 |
|
echo " found." |
|
514 |
|
echo "s#@POLL_FOUND@#1#g" >> tmp.sed |
|
515 |
|
fi |
|
516 |
|
|
|
517 |
|
echo -n "[*] Searching for epoll..." |
|
518 |
|
set +e |
|
519 |
|
echo -e "#include <sys/epoll.h> \n int main(void) { return epoll_create(64); }" | gcc -x c -pipe - -o /dev/null 2>/dev/null |
|
520 |
|
E="${?}" |
|
521 |
|
set -e |
|
522 |
|
if [ "${E}" != "0" ]; then |
|
523 |
|
echo " not found." |
|
524 |
|
echo "s#@EPOLL_FOUND@#0#g" >> tmp.sed |
|
525 |
|
else |
|
526 |
|
echo " found." |
|
527 |
|
echo "s#@EPOLL_FOUND@#1#g" >> tmp.sed |
|
528 |
|
fi |
|
529 |
|
|
|
530 |
|
echo -n "[*] Searching for ncurses..." |
|
531 |
|
set +e |
|
532 |
|
echo -e "#include <ncurses.h> \n int main(void) { initscr(); return 0; }" | gcc -x c -pipe - -o /dev/null -lncurses 2>/dev/null |
|
533 |
|
E="${?}" |
|
534 |
|
set -e |
|
535 |
|
if [ "${E}" != "0" ]; then |
|
536 |
|
echo " not found." |
|
537 |
|
echo "s#@NCURSES_FOUND@#0#g" >> tmp.sed |
|
538 |
|
else |
|
539 |
|
echo " found." |
|
540 |
|
echo "s#@NCURSES_FOUND@#1#g" >> tmp.sed |
|
541 |
|
fi |
|
542 |
|
|
|
543 |
|
if [ -n "${CC_SWITCHES}" ]; then |
|
544 |
|
_CC_SWITCHES="" |
|
545 |
|
echo "[*] Search for valid compiler flags..." |
|
546 |
|
add="" |
|
547 |
|
for s in ${CC_SWITCHES}; do |
|
548 |
|
echo -n " [*] Testing switch [${s}]..." |
|
549 |
|
set +e |
|
550 |
|
echo "int main(void) { return 0; }" | gcc ${s} -x c -pipe - -o /dev/null 2>/dev/null |
|
551 |
|
E=${?} |
|
552 |
|
set -e |
|
553 |
|
if [ "${E}" != "0" ]; then |
|
554 |
|
echo "not supported" |
|
555 |
|
else |
|
556 |
|
echo "supported" |
|
557 |
|
_CC_SWITCHES="${_CC_SWITCHES}${add}${s}" |
|
558 |
|
add=" " |
|
559 |
|
fi |
|
560 |
|
done |
|
561 |
|
fi |
|
562 |
|
|
|
563 |
|
# generic stuff |
|
564 |
|
echo "s#@PRJ@#${PRJ}#g" >> tmp.sed |
|
565 |
|
echo "s#@VER@#${VER}#g" >> tmp.sed |
|
566 |
|
echo "s#@REV@#${REV}#g" >> tmp.sed |
|
567 |
|
echo "s#@ETC@#${ETC}#g" >> tmp.sed |
|
568 |
|
echo "s#@BIN@#${BIN}#g" >> tmp.sed |
|
569 |
|
echo "s#@USR@#${USR}#g" >> tmp.sed |
|
570 |
|
echo "s#@USR_BIN@#${USR_BIN}#g" >> tmp.sed |
|
571 |
|
echo "s#@SBIN@#${SBIN}#g" >> tmp.sed |
|
572 |
|
echo "s#@USR_SBIN@#${USR_SBIN}#g" >> tmp.sed |
|
573 |
|
echo "s#@VAR@#${VAR}#g" >> tmp.sed |
|
574 |
|
echo "s#@VAR_LIB@#${VAR_LIB}#g" >> tmp.sed |
|
575 |
|
echo "s#@VAR_LOG@#${VAR_LOG}#g" >> tmp.sed |
|
576 |
|
echo "s#@VAR_RUN@#${VAR_RUN}#g" >> tmp.sed |
|
577 |
|
echo "s#@USR_INCLUDE@#${USR_INCLUDE}#g" >> tmp.sed |
|
578 |
|
echo "s#@USR_INC@#${USR_INCLUDE}#g" >> tmp.sed |
|
579 |
|
echo "s#@USR_LIB@#${USR_LIB}#g" >> tmp.sed |
|
580 |
|
echo "s#@USR_SHARE@#${USR_SHARE}#g" >> tmp.sed |
|
581 |
|
echo "s#@USR_SHARE_DOC@#${USR_SHARE_DOC}#g" >> tmp.sed |
|
582 |
|
echo "s#@MAN@#${MAN}#g" >> tmp.sed |
|
583 |
|
# Export stuff |
|
584 |
|
echo "s#@EXPORT_PATH@#${EXPORT_PATH}#g" >> tmp.sed |
|
585 |
|
# cc_switches |
|
586 |
|
echo "s#@CC_SWITCHES@#${_CC_SWITCHES}#g" >> tmp.sed |
|
587 |
|
echo "s#@MAINTAINER_NAME@#${MAINTAINER_NAME}#g" >> tmp.sed |
|
588 |
|
echo "s#@MAINTAINER_EMAIL@#${MAINTAINER_EMAIL}#g" >> tmp.sed |
|
589 |
|
echo "s#@SHORT_DESCRIPTION@#${SHORT_DESCRIPTION}#g" >> tmp.sed |
|
590 |
|
echo "s#@HOME_PAGE@#${HOME_PAGE}#g" >> tmp.sed |
|
591 |
|
|
|
592 |
|
|
|
593 |
|
|
|
594 |
|
if [ -r Makefile.in ]; then |
|
595 |
|
echo "[*] Building Makefile..." |
|
596 |
|
echo -n > Makefile |
|
597 |
|
echo "# duilder header starts #" >> Makefile |
|
598 |
|
echo "export PRJ := ${PRJ}" >> Makefile |
|
599 |
|
echo "export VER := ${VER}" >> Makefile |
|
600 |
|
echo "export REV := ${REV}" >> Makefile |
|
601 |
|
echo "export DESTDIR" >> Makefile |
|
602 |
|
echo >> Makefile |
|
603 |
|
echo "export I_ETC := \$(DESTDIR)${ETC}" >> Makefile |
|
604 |
|
echo "export I_BIN := \$(DESTDIR)${BIN}" >> Makefile |
|
605 |
|
echo "export I_SBIN := \$(DESTDIR)${SBIN}" >> Makefile |
|
606 |
|
echo "export I_USR := \$(DESTDIR)${USR}" >> Makefile |
|
607 |
|
echo "export I_USR_BIN := \$(DESTDIR)${USR_BIN}" >> Makefile |
|
608 |
|
echo "export I_USR_SBIN := \$(DESTDIR)${USR_SBIN}" >> Makefile |
|
609 |
|
echo "export I_USR_INCLUDE := \$(DESTDIR)${USR_INCLUDE}" >> Makefile |
|
610 |
|
echo "export I_USR_INC := \$(DESTDIR)${USR_INCLUDE}" >> Makefile |
|
611 |
|
echo "export I_USR_SHARE := \$(DESTDIR)${USR_SHARE}" >> Makefile |
|
612 |
|
echo "export I_USR_SHARE_DOC := \$(DESTDIR)${USR_SHARE_DOC}" >> Makefile |
|
613 |
|
echo "export I_USR_LIB := \$(DESTDIR)${USR_LIB}" >> Makefile |
|
614 |
|
echo "export I_LIB := \$(DESTDIR)${USR_LIB}" >> Makefile |
|
615 |
|
echo "export I_VAR := \$(DESTDIR)${VAR}" >> Makefile |
|
616 |
|
echo "export I_VAR_LIB := \$(DESTDIR)${VAR_LIB}" >> Makefile |
|
617 |
|
echo "export I_VAR_LOG := \$(DESTDIR)${VAR_LOG}" >> Makefile |
|
618 |
|
echo "export I_VAR_RUN := \$(DESTDIR)${VAR_RUN}" >> Makefile |
|
619 |
|
echo "export I_MAN := \$(DESTDIR)${MAN}" >> Makefile |
|
620 |
|
echo >> Makefile |
|
621 |
|
echo "# DB stuff" >> Makefile |
|
622 |
|
echo "export DB_SUPPORT := ${DB_SUPPORT}" >> Makefile |
|
623 |
|
echo "# PG" >> Makefile |
|
624 |
|
echo "export PG_FOUND := ${PG_FOUND}" >> Makefile |
|
625 |
|
echo "export PG_INC := ${PG_INC}" >> Makefile |
|
626 |
|
echo "export PG_LIB := ${PG_LIB}" >> Makefile |
|
627 |
|
echo "# MySQL" >> Makefile |
|
628 |
|
echo "export MYSQL_FOUND := ${MYSQL_FOUND}" >> Makefile |
|
629 |
|
echo "export MYSQL_INC := ${MYSQL_INC}" >> Makefile |
|
630 |
|
echo "export MYSQL_LIB := ${MYSQL_LIB}" >> Makefile |
|
631 |
|
echo >> Makefile |
|
632 |
|
echo "# duilder header ends #" >> Makefile |
|
633 |
|
echo >> Makefile |
|
634 |
|
|
|
635 |
|
sed -f tmp.sed Makefile.in >> Makefile |
|
636 |
|
|
|
637 |
|
echo >> Makefile |
|
638 |
|
echo "# duilder tail starts #" >> Makefile |
|
639 |
|
echo >> Makefile |
|
640 |
|
echo "# This is to allow exporting only the git tree" >> Makefile |
|
641 |
|
echo "dist_git:" >> Makefile |
|
642 |
|
echo " @./duilder git \"\$(PRJ)\" \"${GIT_DEST}\" \"${EXPORT_GIT}\" \"${EXPORT_PATH}\" \"${GIT_CHANGELOG}\"" >> Makefile |
|
643 |
|
echo >> Makefile |
|
644 |
|
echo ".PHONY: dist" >> Makefile |
|
645 |
|
echo "dist: clean" >> Makefile |
|
646 |
|
echo " @./duilder git \"\$(PRJ)\" \"${GIT_DEST}\" \"${EXPORT_GIT}\" \"${GIT_CHANGELOG}\"" \"${GIT_PUSH}\" >> Makefile |
|
647 |
|
echo " @./duilder tar \"\$(PRJ)\" \"\$(VER)\" \"${EXPORT_PATH}\" \"${EXCLUDE}\"" >> Makefile |
|
648 |
|
echo " @./duilder srpm \"\$(PRJ)\" \"\$(VER)\" \"${EXPORT_PATH}\" \"${BUILD_SRPM}\" \"${SRPM_DEST}\" \"${SRPM_POST_RUN}\"" >> Makefile |
|
649 |
|
echo " @./duilder sdeb \"\$(PRJ)\" \"\$(VER)\" \"${EXPORT_PATH}\" \"${BUILD_SDEB}\" \"${SDEB_DEST}\" \"${SDEB_POST_RUN}\"" >> Makefile |
|
650 |
|
echo " @./duilder docs \"\$(PRJ)\" \"\$(VER)\" \"${EXPORT_PATH}\"" >> Makefile |
|
651 |
|
echo " @./duilder final \"\$(PRJ)\" \"\$(VER)\" \"${RELEASE_SCRIPT}\"" >> Makefile |
|
652 |
|
echo " @rm -f \"\$(PRJ)-\$(VER).tar.gz\"" >> Makefile |
|
653 |
|
echo >> Makefile |
|
654 |
|
fi |
|
655 |
|
|
|
656 |
|
if [ -r "${PRJ}.spec.in" ]; then |
|
657 |
|
echo "[*] Generating .spec file..." |
|
658 |
|
sed -f tmp.sed ${PRJ}.spec.in > ${PRJ}.spec |
|
659 |
|
fi |
|
660 |
|
|
|
661 |
|
if [ ! -z "${CONFIG_H}" ]; then |
|
662 |
|
echo "[*] Generating ${CONFIG_H} file..." |
|
663 |
|
sed -f tmp.sed ${CONFIG_H}.in > ${CONFIG_H} |
|
664 |
|
fi |
|
665 |
|
|
|
666 |
|
if [ "${BUILD_SDEB}" = "1" ]; then |
|
667 |
|
AUTOGENERATE="${AUTOGENERATE} debian/control.in debian/changelog.in" |
|
668 |
|
AUTOGENERATE="${AUTOGENERATE} debian/copyright.in debian/rules.in" |
|
669 |
|
fi |
|
670 |
|
|
|
671 |
|
echo "[*] Autogenerate files from .in..." |
|
672 |
|
for f in ${AUTOGENERATE}; do |
|
673 |
|
if [ -r "${f}" ]; then |
|
674 |
|
dst="${f%.in}" |
|
675 |
|
echo " [*] Autogenerate ${dst} from ${f}..." |
|
676 |
|
sed -f tmp.sed "${f}" > "${dst}" |
|
677 |
|
# We need to have the same rights (maybe is executable...) |
|
678 |
|
chmod --reference="${f}" "${dst}" |
|
679 |
|
fi |
|
680 |
|
done |
|
681 |
|
|
|
682 |
|
rm -f tmp.sed |
|
683 |
|
|
|
684 |
|
if [ "`basename ${0}`" = "duilderx" ]; then |
|
685 |
|
echo "[*] Cloning myself to destination as 'duilder'..." |
|
686 |
|
cp -vpf "${0}" ${PWD}/duilder |
|
687 |
|
fi |
|
688 |
|
|
|
689 |
|
echo "[*] Done. Run make." |
File nf2fac.c changed (mode: 100644) (index cc8fdaa..b070c4f) |
22 |
22 |
#include "key.h" |
#include "key.h" |
23 |
23 |
#include "protocol.h" |
#include "protocol.h" |
24 |
24 |
|
|
|
25 |
|
static char *sock_path = "/etc/nf2fa.sock"; |
|
26 |
|
|
25 |
27 |
static void help(void) |
static void help(void) |
26 |
28 |
{ |
{ |
27 |
29 |
printf("Usage: nf2afc <command> [options]\n"); |
printf("Usage: nf2afc <command> [options]\n"); |
|
... |
... |
static void help(void) |
33 |
35 |
|
|
34 |
36 |
int main(int argc, char *argv[]) |
int main(int argc, char *argv[]) |
35 |
37 |
{ |
{ |
36 |
|
unsigned char buf[8 * 4096], len; |
|
|
38 |
|
unsigned char buf[8 * 4096]; |
37 |
39 |
int sock; |
int sock; |
38 |
40 |
struct sockaddr_un sa_un; |
struct sockaddr_un sa_un; |
39 |
41 |
socklen_t slen; |
socklen_t slen; |
|
... |
... |
int main(int argc, char *argv[]) |
41 |
43 |
unsigned short i; |
unsigned short i; |
42 |
44 |
unsigned char cmd, err; |
unsigned char cmd, err; |
43 |
45 |
struct key k; |
struct key k; |
|
46 |
|
char *s; |
44 |
47 |
|
|
45 |
48 |
if (argc < 2) { |
if (argc < 2) { |
46 |
49 |
help(); |
help(); |
47 |
50 |
return 1; |
return 1; |
48 |
51 |
} |
} |
49 |
52 |
|
|
|
53 |
|
s = getenv("NF2FA_SOCK"); |
|
54 |
|
if (s) |
|
55 |
|
sock_path = s; |
|
56 |
|
|
50 |
57 |
i = 0; |
i = 0; |
51 |
58 |
if (strcmp(argv[1], "enroll") == 0) { |
if (strcmp(argv[1], "enroll") == 0) { |
52 |
59 |
if (argc < 3) { |
if (argc < 3) { |
|
... |
... |
int main(int argc, char *argv[]) |
61 |
68 |
} else if (strcmp(argv[1], "list") == 0) { |
} else if (strcmp(argv[1], "list") == 0) { |
62 |
69 |
buf[i++] = NF2FA_CMD_LIST; |
buf[i++] = NF2FA_CMD_LIST; |
63 |
70 |
} else if (strcmp(argv[1], "unenroll") == 0) { |
} else if (strcmp(argv[1], "unenroll") == 0) { |
|
71 |
|
unsigned char id; |
|
72 |
|
char sid[4]; |
|
73 |
|
|
64 |
74 |
if (argc < 3) { |
if (argc < 3) { |
65 |
75 |
help(); |
help(); |
66 |
76 |
return 1; |
return 1; |
67 |
77 |
} |
} |
68 |
78 |
|
|
|
79 |
|
id = strtoul(argv[2], NULL, 10); |
|
80 |
|
sprintf(sid, "%03hhu", id); |
|
81 |
|
if (strcmp(sid, argv[2]) != 0) { |
|
82 |
|
fprintf(stderr, |
|
83 |
|
"Error: Invalid id! Must be XXX (0 <= X <= 9)\n"); |
|
84 |
|
return 1; |
|
85 |
|
} |
69 |
86 |
buf[i++] = NF2FA_CMD_UNENROLL; |
buf[i++] = NF2FA_CMD_UNENROLL; |
70 |
|
buf[i++] = strtoul(argv[2], NULL, 10); |
|
|
87 |
|
buf[i++] = id; |
71 |
88 |
} else { |
} else { |
72 |
|
printf("Unknown command!\n"); |
|
|
89 |
|
fprintf(stderr, "Error: unknown command!\n"); |
|
90 |
|
help(); |
73 |
91 |
return 1; |
return 1; |
74 |
92 |
} |
} |
75 |
93 |
|
|
76 |
94 |
sock = socket(AF_UNIX, SOCK_STREAM, 0); |
sock = socket(AF_UNIX, SOCK_STREAM, 0); |
77 |
95 |
if (sock == -1) { |
if (sock == -1) { |
78 |
|
printf("Cannot create unix socket: %s!\n", strerror(errno)); |
|
|
96 |
|
fprintf(stderr, "Error: cannot create unix socket: %s!\n", |
|
97 |
|
strerror(errno)); |
79 |
98 |
return 1; |
return 1; |
80 |
99 |
} |
} |
81 |
100 |
memset(&sa_un, 0, sizeof(struct sockaddr_un)); |
memset(&sa_un, 0, sizeof(struct sockaddr_un)); |
82 |
101 |
sa_un.sun_family = AF_UNIX; |
sa_un.sun_family = AF_UNIX; |
83 |
|
strncpy(sa_un.sun_path, SOCKET_NAME, sizeof(sa_un.sun_path) - 1); |
|
|
102 |
|
strncpy(sa_un.sun_path, sock_path, sizeof(sa_un.sun_path) - 1); |
84 |
103 |
slen = sizeof(struct sockaddr_un); |
slen = sizeof(struct sockaddr_un); |
85 |
104 |
|
|
86 |
105 |
n = connect(sock, (struct sockaddr *) &sa_un, slen); |
n = connect(sock, (struct sockaddr *) &sa_un, slen); |
87 |
106 |
if (n == -1) { |
if (n == -1) { |
88 |
|
printf("Cannot connect: %s!\n", strerror(errno)); |
|
|
107 |
|
fprintf(stderr, "Error: cannot connect: %s!\n", strerror(errno)); |
89 |
108 |
return 1; |
return 1; |
90 |
109 |
} |
} |
91 |
110 |
|
|
92 |
111 |
n = send(sock, buf, i, 0); |
n = send(sock, buf, i, 0); |
93 |
112 |
if (n == -1) { |
if (n == -1) { |
94 |
|
printf("Cannot send: %s!\n", strerror(errno)); |
|
|
113 |
|
fprintf(stderr, "Error: cannot send: %s!\n", strerror(errno)); |
95 |
114 |
return 1; |
return 1; |
96 |
115 |
} |
} |
97 |
116 |
|
|
98 |
117 |
n = recv(sock, buf, sizeof(buf), 0); |
n = recv(sock, buf, sizeof(buf), 0); |
99 |
118 |
if (n == -1) { |
if (n == -1) { |
100 |
|
printf("Cannot receive: %s!\n", strerror(errno)); |
|
|
119 |
|
fprintf(stderr, "Error: cannot receive: %s!\n", strerror(errno)); |
|
120 |
|
return 1; |
|
121 |
|
} |
|
122 |
|
if (n == 0) { |
|
123 |
|
fprintf(stderr, "Error: server unexpectedly closed the connection.\n"); |
|
124 |
|
return 1; |
|
125 |
|
} |
|
126 |
|
if (n < 2) { |
|
127 |
|
fprintf(stderr, "Error: server sent partial data.\n"); |
101 |
128 |
return 1; |
return 1; |
102 |
129 |
} |
} |
103 |
130 |
|
|
104 |
131 |
close(sock); |
close(sock); |
105 |
132 |
|
|
106 |
|
printf("DEBUG: Received:\n"); |
|
107 |
|
dump(buf, n); |
|
|
133 |
|
//printf("DEBUG: Received:\n"); |
|
134 |
|
//dump(buf, n); |
108 |
135 |
|
|
109 |
136 |
i = 0; |
i = 0; |
110 |
137 |
cmd = buf[i++]; n--; |
cmd = buf[i++]; n--; |
111 |
138 |
err = buf[i++]; n--; |
err = buf[i++]; n--; |
112 |
139 |
|
|
113 |
|
if (err != 0x00) { |
|
|
140 |
|
while (err != 0x00) { |
114 |
141 |
char error[64]; |
char error[64]; |
|
142 |
|
unsigned char len, len2; |
115 |
143 |
|
|
116 |
144 |
len = buf[i++]; n--; |
len = buf[i++]; n--; |
117 |
|
memcpy(error, buf + i, len); |
|
118 |
|
error[len] = '\0'; |
|
119 |
|
printf("ERROR: %s!\n", error); |
|
|
145 |
|
if (len > n) |
|
146 |
|
break; |
|
147 |
|
if (len > sizeof(error) - 1) |
|
148 |
|
len2 = sizeof(error) - 1; |
|
149 |
|
else |
|
150 |
|
len2 = len; |
|
151 |
|
memcpy(error, buf + i, len2); |
|
152 |
|
error[len2] = '\0'; |
|
153 |
|
i += len; n -= len; |
|
154 |
|
|
|
155 |
|
fprintf(stderr, "Error: %s!\n", error); |
120 |
156 |
return 1; |
return 1; |
121 |
157 |
} |
} |
122 |
158 |
|
|
123 |
|
if (cmd == NF2FA_CMD_ENROLL) { |
|
|
159 |
|
while (cmd == NF2FA_CMD_ENROLL) { |
124 |
160 |
char info[128]; |
char info[128]; |
125 |
|
unsigned char id; |
|
|
161 |
|
unsigned char id, len, len2; |
|
162 |
|
int r; |
|
163 |
|
|
|
164 |
|
if (n < 2) |
|
165 |
|
break; |
|
166 |
|
|
|
167 |
|
id = buf[i++]; n--; |
|
168 |
|
len = buf[i++]; n--; |
|
169 |
|
if (len > n) |
|
170 |
|
break; |
|
171 |
|
if (len > sizeof(k.key) - 1) |
|
172 |
|
len2 = sizeof(k.key) - 1; |
|
173 |
|
else |
|
174 |
|
len2 = len; |
|
175 |
|
memcpy(k.key, buf + i, len2); |
|
176 |
|
k.key[len2] = '\0'; |
|
177 |
|
i += len; n -= len; |
126 |
178 |
|
|
127 |
|
id = buf[i++]; |
|
128 |
|
len = buf[i++]; |
|
129 |
|
memcpy(k.key, buf + i, len); i += len; |
|
130 |
|
k.key[len] = '\0'; |
|
131 |
179 |
printf("Key is %s (id %03hhu). Scan the QR code or type the key.\n", |
printf("Key is %s (id %03hhu). Scan the QR code or type the key.\n", |
132 |
180 |
k.key, id); |
k.key, id); |
133 |
181 |
snprintf(info, sizeof(info), "%s - id %03hhu", k.name, id); |
snprintf(info, sizeof(info), "%s - id %03hhu", k.name, id); |
134 |
|
totp_text(k.key, info); |
|
|
182 |
|
r = totp_text(k.key, info); |
|
183 |
|
if (r != 0) { |
|
184 |
|
fprintf(stderr, "Error: %s\n", totp_error()); |
|
185 |
|
return 1; |
|
186 |
|
} |
135 |
187 |
return 0; |
return 0; |
136 |
188 |
} |
} |
137 |
189 |
|
|
138 |
|
if (cmd == NF2FA_CMD_LIST) { |
|
|
190 |
|
while (cmd == NF2FA_CMD_LIST) { |
|
191 |
|
int err = 1; |
|
192 |
|
|
139 |
193 |
if (n == 0) { |
if (n == 0) { |
140 |
194 |
printf("No enrollments.\n"); |
printf("No enrollments.\n"); |
141 |
195 |
return 0; |
return 0; |
142 |
196 |
} |
} |
143 |
197 |
|
|
144 |
|
printf("No Last used Last IP" |
|
145 |
|
" Name\n"); |
|
146 |
|
while (n > 0) { |
|
|
198 |
|
printf("No Enroll time Name\n"); |
|
199 |
|
while (1) { |
147 |
200 |
struct key k; |
struct key k; |
148 |
201 |
unsigned int x; |
unsigned int x; |
149 |
|
char t[32]; |
|
|
202 |
|
char t[32], itime[32]; |
150 |
203 |
struct tm tm; |
struct tm tm; |
|
204 |
|
unsigned char len, len2; |
|
205 |
|
|
|
206 |
|
if (n == 0) { |
|
207 |
|
err = 0; |
|
208 |
|
break; |
|
209 |
|
} |
151 |
210 |
|
|
152 |
211 |
k.id = buf[i++]; n--; |
k.id = buf[i++]; n--; |
153 |
212 |
|
|
154 |
213 |
len = buf[i++]; n--; |
len = buf[i++]; n--; |
155 |
|
memcpy(k.name, buf + i, len); i += len; n -= len; |
|
156 |
|
k.name[len] = '\0'; |
|
|
214 |
|
if (len > n) |
|
215 |
|
break; |
|
216 |
|
if (len > sizeof(k.name) - 1) |
|
217 |
|
len2 = sizeof(k.name) - 1; |
|
218 |
|
else |
|
219 |
|
len2 = len; |
|
220 |
|
memcpy(k.name, buf + i, len2); |
|
221 |
|
k.name[len2] = '\0'; |
|
222 |
|
i += len; n -= len; |
157 |
223 |
|
|
158 |
|
memcpy(&x, buf + i, 4); i += 4; n -= 4; |
|
|
224 |
|
if (n < 4) |
|
225 |
|
break; |
|
226 |
|
memcpy(&x, buf + i, 4); |
159 |
227 |
k.ts = ntohl(x); |
k.ts = ntohl(x); |
|
228 |
|
i += 4; n -= 4; |
160 |
229 |
|
|
|
230 |
|
if (n < 4) |
|
231 |
|
break; |
|
232 |
|
memcpy(&x, buf + i, 4); i += 4; n -= 4; |
|
233 |
|
k.itime = ntohl(x); |
|
234 |
|
|
|
235 |
|
if (n < 1) |
|
236 |
|
break; |
161 |
237 |
len = buf[i++]; n--; |
len = buf[i++]; n--; |
162 |
|
memcpy(k.ip, buf + i, len); i += len; n -= len; |
|
163 |
|
k.ip[len] = '\0'; |
|
|
238 |
|
if (len > n) |
|
239 |
|
break; |
|
240 |
|
if (len > sizeof(k.ip) - 1) |
|
241 |
|
len2 = sizeof(k.ip) - 1; |
|
242 |
|
else |
|
243 |
|
len2 = len; |
|
244 |
|
memcpy(k.ip, buf + i, len2); |
|
245 |
|
k.ip[len2] = '\0'; |
|
246 |
|
i += len; n -= len; |
164 |
247 |
|
|
|
248 |
|
// show |
165 |
249 |
if (k.ts == 0) { |
if (k.ts == 0) { |
166 |
250 |
sprintf(t, "%-14s", "not used"); |
sprintf(t, "%-14s", "not used"); |
167 |
251 |
} else { |
} else { |
168 |
252 |
localtime_r(&k.ts, &tm); |
localtime_r(&k.ts, &tm); |
169 |
|
strftime(t, sizeof(t), "%D %H:%M", &tm); |
|
|
253 |
|
strftime(t, sizeof(t), "%F %H:%M", &tm); |
170 |
254 |
} |
} |
171 |
|
printf("%03hhu %s %-39s %s\n", |
|
172 |
|
k.id, t, k.ip, k.name); |
|
|
255 |
|
localtime_r(&k.itime, &tm); |
|
256 |
|
strftime(itime, sizeof(itime), "%F %H:%M", &tm); |
|
257 |
|
printf("%03hhu %s %s\n", k.id, itime, k.name); |
|
258 |
|
if (k.ts) |
|
259 |
|
printf(" Last access from IP %s on %s\n", |
|
260 |
|
k.ip, t); |
173 |
261 |
} |
} |
|
262 |
|
if (err) |
|
263 |
|
break; |
|
264 |
|
|
174 |
265 |
return 0; |
return 0; |
175 |
266 |
} |
} |
176 |
267 |
|
|
177 |
|
if (cmd == NF2FA_CMD_UNENROLL) { |
|
|
268 |
|
while (cmd == NF2FA_CMD_UNENROLL) { |
178 |
269 |
printf("Successfully un-enrolled.\n"); |
printf("Successfully un-enrolled.\n"); |
179 |
270 |
return 0; |
return 0; |
180 |
271 |
} |
} |
181 |
272 |
|
|
182 |
|
printf("Unknown answer [0x%02hhx]!\n", buf[0]); |
|
|
273 |
|
fprintf(stderr, "Unknown or broken answer [0x%02hhx]!\n", buf[0]); |
183 |
274 |
return 1; |
return 1; |
184 |
275 |
} |
} |
File nf2fad.c changed (mode: 100644) (index c7b5814..ca35560) |
1 |
1 |
/* |
/* |
2 |
2 |
* Based on http://www.netfilter.org/projects/libnetfilter_queue/doxygen/html/nf-queue_8c_source.html |
* Based on http://www.netfilter.org/projects/libnetfilter_queue/doxygen/html/nf-queue_8c_source.html |
|
3 |
|
* Based on https://code.woboq.org/linux/linux/net/netfilter/nfnetlink_queue.c.html |
3 |
4 |
* Based on libmnl example. |
* Based on libmnl example. |
4 |
5 |
* Author: Catalin(ux) M. BOIE |
* Author: Catalin(ux) M. BOIE |
5 |
6 |
*/ |
*/ |
|
27 |
28 |
#include <sys/epoll.h> |
#include <sys/epoll.h> |
28 |
29 |
#include <sys/stat.h> |
#include <sys/stat.h> |
29 |
30 |
#include <sys/un.h> |
#include <sys/un.h> |
|
31 |
|
#include <sys/capability.h> |
|
32 |
|
#include <grp.h> |
|
33 |
|
#include <pwd.h> |
30 |
34 |
#include <arpa/inet.h> |
#include <arpa/inet.h> |
31 |
35 |
#include <netinet/ip.h> |
#include <netinet/ip.h> |
32 |
36 |
#include <netinet/ip6.h> |
#include <netinet/ip6.h> |
|
43 |
47 |
|
|
44 |
48 |
#include "nf2fa_common.h" |
#include "nf2fa_common.h" |
45 |
49 |
#include "util.h" |
#include "util.h" |
|
50 |
|
#include "conf.h" |
46 |
51 |
#include "totp.h" |
#include "totp.h" |
47 |
52 |
#include "key.h" |
#include "key.h" |
48 |
53 |
#include "protocol.h" |
#include "protocol.h" |
|
54 |
|
#include "brute.h" |
49 |
55 |
|
|
50 |
56 |
/* Keep track of IP and expiration */ |
/* Keep track of IP and expiration */ |
51 |
|
#define MAX_IPS 128 |
|
|
57 |
|
#define MAX_IPS 1024 |
52 |
58 |
struct my_ip |
struct my_ip |
53 |
59 |
{ |
{ |
54 |
60 |
unsigned char src[16]; |
unsigned char src[16]; |
55 |
61 |
unsigned char src_len; |
unsigned char src_len; |
|
62 |
|
unsigned char pad[3]; |
56 |
63 |
unsigned int expire; /* when we should invalidate this IP */ |
unsigned int expire; /* when we should invalidate this IP */ |
57 |
64 |
}; |
}; |
58 |
65 |
static struct my_ip my_ips[MAX_IPS]; |
static struct my_ip my_ips[MAX_IPS]; |
|
... |
... |
static struct my_ip my_ips[MAX_IPS]; |
61 |
68 |
struct user |
struct user |
62 |
69 |
{ |
{ |
63 |
70 |
unsigned int uid; |
unsigned int uid; |
|
71 |
|
unsigned char pad[4]; |
64 |
72 |
struct key *head, *tail; |
struct key *head, *tail; |
65 |
73 |
struct user *next; |
struct user *next; |
66 |
74 |
}; |
}; |
|
... |
... |
static struct nlmsghdr *nfq_hdr_put(unsigned char *buf, const int type, |
83 |
91 |
return nlh; |
return nlh; |
84 |
92 |
} |
} |
85 |
93 |
|
|
86 |
|
static void send_verdict(const int queue_num, const uint32_t id, |
|
|
94 |
|
static int send_verdict(const int queue_num, const uint32_t id, |
87 |
95 |
const int verdict) |
const int verdict) |
88 |
96 |
{ |
{ |
89 |
97 |
unsigned char buf[MNL_SOCKET_BUFFER_SIZE]; |
unsigned char buf[MNL_SOCKET_BUFFER_SIZE]; |
|
... |
... |
static void send_verdict(const int queue_num, const uint32_t id, |
92 |
100 |
nlh = nfq_hdr_put(buf, NFQNL_MSG_VERDICT, queue_num); |
nlh = nfq_hdr_put(buf, NFQNL_MSG_VERDICT, queue_num); |
93 |
101 |
nfq_nlmsg_verdict_put(nlh, id, verdict); |
nfq_nlmsg_verdict_put(nlh, id, verdict); |
94 |
102 |
if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) { |
if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) { |
95 |
|
perror("mnl_socket_send"); |
|
96 |
|
exit(EXIT_FAILURE); |
|
|
103 |
|
xlog("mnl_socket_send send_verdict: %s\n", strerror(errno)); |
|
104 |
|
return -1; |
97 |
105 |
} |
} |
|
106 |
|
|
|
107 |
|
return 0; |
98 |
108 |
} |
} |
99 |
109 |
|
|
100 |
110 |
/* |
/* |
101 |
111 |
* Try to find the code inside the packet |
* Try to find the code inside the packet |
102 |
|
* Returns 1 if ok |
|
|
112 |
|
* Returns 0 if not ok, else, the command |
103 |
113 |
*/ |
*/ |
104 |
114 |
static int test_2fa(const unsigned char *data, const unsigned int data_len, |
static int test_2fa(const unsigned char *data, const unsigned int data_len, |
105 |
115 |
const unsigned int now, const char *ip) |
const unsigned int now, const char *ip) |
106 |
116 |
{ |
{ |
107 |
|
unsigned short i, j; |
|
|
117 |
|
unsigned short i, j, last_tested; |
108 |
118 |
unsigned int now30; |
unsigned int now30; |
109 |
|
unsigned char c; |
|
|
119 |
|
unsigned char c, cmd; |
110 |
120 |
struct user *q; |
struct user *q; |
111 |
121 |
struct key *k; |
struct key *k; |
112 |
122 |
char pin[7]; |
char pin[7]; |
|
... |
... |
static int test_2fa(const unsigned char *data, const unsigned int data_len, |
114 |
124 |
|
|
115 |
125 |
now30 = now / 30; |
now30 = now / 30; |
116 |
126 |
|
|
117 |
|
for (i = 0; i < data_len - (3 - 1); i++) { |
|
|
127 |
|
xlog("DEBUG: %s: %s\n", __func__, ip); |
|
128 |
|
dump(data, data_len); |
|
129 |
|
|
|
130 |
|
last_tested = 0xFFFF; |
|
131 |
|
for (i = 0; i < data_len - (5 - 1); i++) { |
|
132 |
|
if (data[i] != 0xAA) |
|
133 |
|
continue; |
|
134 |
|
|
|
135 |
|
// We do not want to check all clones |
|
136 |
|
if ((last_tested != 0xFFFF) && (memcmp(data + last_tested, data + i, 3) == 0)) |
|
137 |
|
continue; |
|
138 |
|
|
118 |
139 |
for (j = 0; j < 3; j++) { |
for (j = 0; j < 3; j++) { |
119 |
|
c = data[i + j]; |
|
|
140 |
|
c = data[i + 1 + j]; |
120 |
141 |
if (((c & 0xF) > 9) || ((c >> 4) > 9)) |
if (((c & 0xF) > 9) || ((c >> 4) > 9)) |
121 |
142 |
break; |
break; |
122 |
143 |
} |
} |
123 |
144 |
if (j != 3) // not found |
if (j != 3) // not found |
124 |
145 |
continue; |
continue; |
125 |
146 |
|
|
|
147 |
|
last_tested = i; |
126 |
148 |
snprintf(pin, sizeof(pin), "%02hhx%02hhx%02hhx", |
snprintf(pin, sizeof(pin), "%02hhx%02hhx%02hhx", |
127 |
|
data[i], data[i + 1], data[i + 2]); |
|
128 |
|
printf("DEBUG: Packet pin: %s\n", pin); |
|
|
149 |
|
data[i + 1], data[i + 2], data[i + 3]); |
|
150 |
|
cmd = data[i + 4]; |
|
151 |
|
xlog("DEBUG: Packet pin: %s cmd=0x%02hhx\n", pin, cmd); |
|
152 |
|
|
|
153 |
|
if (cmd == 0x11) { // 0x11 = open |
|
154 |
|
// do nothing |
|
155 |
|
} else if (cmd == 0xcc) { // 0xcc = close |
|
156 |
|
// do nothing |
|
157 |
|
} else { |
|
158 |
|
continue; // invalid command, search again |
|
159 |
|
} |
129 |
160 |
|
|
130 |
161 |
q = users_head; |
q = users_head; |
131 |
162 |
while (q) { |
while (q) { |
132 |
163 |
k = q->head; |
k = q->head; |
133 |
164 |
while (k) { |
while (k) { |
134 |
165 |
r = totp_verify(k->key, now30, k->ts / 30, pin); |
r = totp_verify(k->key, now30, k->ts / 30, pin); |
135 |
|
if (r == 1) { |
|
136 |
|
printf(" DEBUG: uid %u key %03hhu matched!\n", q->uid, k->id); |
|
137 |
|
k->ts = now; |
|
|
166 |
|
if (r != 1) { |
|
167 |
|
k = k->next; |
|
168 |
|
continue; |
|
169 |
|
} |
|
170 |
|
|
|
171 |
|
k->ts = now; |
|
172 |
|
|
|
173 |
|
switch (cmd) { |
|
174 |
|
case 0x11: // open |
138 |
175 |
snprintf(k->ip, sizeof(k->ip), "%s", ip); |
snprintf(k->ip, sizeof(k->ip), "%s", ip); |
139 |
|
key_save(q->uid, k); |
|
140 |
|
return 1; |
|
|
176 |
|
// TODO: maybe we shoul not allow access if we cannot save key? But it is saved in memory! |
|
177 |
|
xlog("%s: uid %u: key %03hhu: authorized\n", |
|
178 |
|
ip, q->uid, k->id); |
|
179 |
|
break; |
|
180 |
|
|
|
181 |
|
case 0xcc: // close |
|
182 |
|
xlog("%s: uid %u: key %03hhu: closed the firewall\n", |
|
183 |
|
ip, q->uid, k->id); |
|
184 |
|
break; |
|
185 |
|
|
|
186 |
|
default: |
|
187 |
|
return cmd; |
141 |
188 |
} |
} |
142 |
189 |
|
|
143 |
|
k = k->next; |
|
|
190 |
|
key_save(q->uid, k); |
|
191 |
|
return cmd; |
144 |
192 |
} |
} |
145 |
193 |
|
|
146 |
194 |
q = q->next; |
q = q->next; |
|
... |
... |
static int test_2fa(const unsigned char *data, const unsigned int data_len, |
152 |
200 |
|
|
153 |
201 |
/* |
/* |
154 |
202 |
* Check if IP is in the list (1 if found) |
* Check if IP is in the list (1 if found) |
155 |
|
* Returns the position in @pos |
|
|
203 |
|
* Returns 1 if ok |
|
204 |
|
* Returns 0 if not found |
156 |
205 |
*/ |
*/ |
157 |
206 |
static int check_ip(const unsigned char *src, const unsigned int src_len, |
static int check_ip(const unsigned char *src, const unsigned int src_len, |
158 |
207 |
unsigned int *pos, const struct timeval *now) |
unsigned int *pos, const struct timeval *now) |
|
... |
... |
static int check_ip(const unsigned char *src, const unsigned int src_len, |
185 |
234 |
* @pos - Position where we shoud store the new entry |
* @pos - Position where we shoud store the new entry |
186 |
235 |
*/ |
*/ |
187 |
236 |
static void add_ip(const unsigned int pos, const unsigned char *src, |
static void add_ip(const unsigned int pos, const unsigned char *src, |
188 |
|
const unsigned char src_len, const struct timeval *now) |
|
|
237 |
|
const unsigned char src_len, const time_t now) |
189 |
238 |
{ |
{ |
190 |
239 |
unsigned int j; |
unsigned int j; |
191 |
240 |
|
|
|
... |
... |
static void add_ip(const unsigned int pos, const unsigned char *src, |
199 |
248 |
break; |
break; |
200 |
249 |
} |
} |
201 |
250 |
|
|
202 |
|
if (my_ips[i].expire > now->tv_sec) { |
|
|
251 |
|
if (my_ips[i].expire > now) { |
203 |
252 |
j = i; |
j = i; |
204 |
253 |
break; |
break; |
205 |
254 |
} |
} |
|
... |
... |
static void add_ip(const unsigned int pos, const unsigned char *src, |
207 |
256 |
} |
} |
208 |
257 |
|
|
209 |
258 |
if (j == 0xFFFFFFFF) { |
if (j == 0xFFFFFFFF) { |
210 |
|
printf("We could not find a free slot!" |
|
211 |
|
" The accept will not be permanent\n"); |
|
|
259 |
|
xlog("We could not find a free slot" |
|
260 |
|
"; the accept will not be permanent.\n"); |
212 |
261 |
return; |
return; |
213 |
262 |
} |
} |
214 |
263 |
|
|
215 |
264 |
memcpy(my_ips[j].src, src, src_len); |
memcpy(my_ips[j].src, src, src_len); |
216 |
265 |
my_ips[j].src_len = src_len; |
my_ips[j].src_len = src_len; |
217 |
|
my_ips[j].expire = now->tv_sec + 3600; |
|
|
266 |
|
my_ips[j].expire = now + grant_time; |
218 |
267 |
} |
} |
219 |
268 |
|
|
220 |
269 |
/* |
/* |
|
... |
... |
static unsigned int process(const unsigned short eth, |
226 |
275 |
struct iphdr *iph; |
struct iphdr *iph; |
227 |
276 |
const unsigned char *data; |
const unsigned char *data; |
228 |
277 |
unsigned char src[16]; |
unsigned char src[16]; |
229 |
|
unsigned int data_len, src_len, verdict = NF_DROP; |
|
|
278 |
|
unsigned int data_len, src_len; |
230 |
279 |
struct timeval now; |
struct timeval now; |
231 |
280 |
unsigned int pos = 0xFFFFFFFF; |
unsigned int pos = 0xFFFFFFFF; |
232 |
281 |
int r, af; |
int r, af; |
|
... |
... |
static unsigned int process(const unsigned short eth, |
235 |
284 |
switch (eth) { |
switch (eth) { |
236 |
285 |
case ETH_P_IP: |
case ETH_P_IP: |
237 |
286 |
iph = (struct iphdr *) p; |
iph = (struct iphdr *) p; |
238 |
|
data = p + iph->ihl * 4; |
|
239 |
|
data_len = len - iph->ihl * 4; |
|
|
287 |
|
data = p + iph->ihl * 4 + 8; |
|
288 |
|
data_len = len - (data - p); |
240 |
289 |
memcpy(src, p + 12, 4); src_len = 4; |
memcpy(src, p + 12, 4); src_len = 4; |
241 |
290 |
af = AF_INET; |
af = AF_INET; |
242 |
291 |
break; |
break; |
243 |
292 |
|
|
244 |
293 |
case ETH_P_IPV6: |
case ETH_P_IPV6: |
245 |
|
data = p + 40; |
|
246 |
|
data_len = len - 40; |
|
|
294 |
|
data = p + 40 + 4; |
|
295 |
|
data_len = len - (data - p); |
247 |
296 |
memcpy(src, p + 8, 16); src_len = 16; |
memcpy(src, p + 8, 16); src_len = 16; |
248 |
297 |
af = AF_INET6; |
af = AF_INET6; |
249 |
298 |
break; |
break; |
250 |
299 |
|
|
251 |
|
default: return verdict; |
|
|
300 |
|
default: return NF_DROP; |
252 |
301 |
} |
} |
253 |
302 |
|
|
254 |
|
printf("src: "); dump(src, src_len); |
|
255 |
|
dump(data, data_len); |
|
|
303 |
|
//xlog("DEBUG: src: "); dump(src, src_len); |
|
304 |
|
//xlog("DEBUG: packet: "); dump(data, data_len); |
|
305 |
|
inet_ntop(af, src, ip, sizeof(ip)); |
|
306 |
|
//xlog("DEBUG: ip=%s\n", ip); |
256 |
307 |
|
|
257 |
308 |
gettimeofday(&now, NULL); |
gettimeofday(&now, NULL); |
258 |
309 |
|
|
259 |
310 |
// Checking if the IP is already in the whitelist |
// Checking if the IP is already in the whitelist |
260 |
311 |
r = check_ip(src, src_len, &pos, &now); |
r = check_ip(src, src_len, &pos, &now); |
261 |
312 |
if (r == 1) { |
if (r == 1) { |
262 |
|
printf("\tGive access because already in list!\n"); |
|
263 |
|
my_ips[pos].expire = now.tv_sec + 3600; // TODO: configurable if we want to do it |
|
264 |
|
return NF_ACCEPT; |
|
|
313 |
|
//xlog("\t%s: ip is in the white list.\n", ip); |
|
314 |
|
|
|
315 |
|
r = test_2fa(data, data_len, now.tv_sec, ip); |
|
316 |
|
if (r == 0xcc) { |
|
317 |
|
xlog("\t%s: User removed from list.\n", ip); |
|
318 |
|
my_ips[pos].src_len = 0; |
|
319 |
|
return NF_ACCEPT; |
|
320 |
|
} |
|
321 |
|
|
|
322 |
|
if (r == 0x11) { |
|
323 |
|
xlog("\t%s: Extend access because already in the list!\n", ip); |
|
324 |
|
my_ips[pos].expire = now.tv_sec + grant_time; |
|
325 |
|
return NF_ACCEPT; |
|
326 |
|
} |
|
327 |
|
|
|
328 |
|
xlog("\t%s: invalid command\n", ip); |
|
329 |
|
return NF_DROP; |
265 |
330 |
} |
} |
266 |
331 |
|
|
267 |
|
inet_ntop(af, src, ip, sizeof(ip)); |
|
268 |
|
printf("DBEUG: ip=%s\n", ip); |
|
|
332 |
|
r = brute_check(src, src_len, now.tv_sec); |
|
333 |
|
if (r == -1) { |
|
334 |
|
//xlog("\t%s: User tried too early! Brute force attack?\n", ip); |
|
335 |
|
return NF_DROP; |
|
336 |
|
} |
|
337 |
|
|
|
338 |
|
//xlog("\t%s: ip is NOT in the white list.\n", ip); |
269 |
339 |
r = test_2fa(data, data_len, now.tv_sec, ip); |
r = test_2fa(data, data_len, now.tv_sec, ip); |
270 |
|
if (r == 1) { |
|
271 |
|
add_ip(pos, src, src_len, &now); |
|
272 |
|
verdict = NF_ACCEPT; |
|
|
340 |
|
if (r == 0x11) { |
|
341 |
|
add_ip(pos, src, src_len, now.tv_sec); |
|
342 |
|
return NF_ACCEPT; |
273 |
343 |
} |
} |
274 |
344 |
|
|
275 |
|
printf("\tverdict=%s\n", verdict == NF_ACCEPT ? "ACCEPT" : "DROP"); |
|
276 |
|
return verdict; |
|
|
345 |
|
xlog("\t%s: DROP.\n", ip); |
|
346 |
|
return NF_DROP; |
277 |
347 |
} |
} |
278 |
348 |
|
|
279 |
349 |
/* |
/* |
|
... |
... |
static int queue_cb(const struct nlmsghdr *nlh, void *data) |
287 |
357 |
struct nfgenmsg *nfg; |
struct nfgenmsg *nfg; |
288 |
358 |
uint16_t plen; |
uint16_t plen; |
289 |
359 |
unsigned char *payload; |
unsigned char *payload; |
|
360 |
|
int ret; |
290 |
361 |
|
|
291 |
362 |
if (nfq_nlmsg_parse(nlh, attr) < 0) { |
if (nfq_nlmsg_parse(nlh, attr) < 0) { |
292 |
|
perror("problems parsing"); |
|
|
363 |
|
xlog("Problems parsing netlink message!\n"); |
293 |
364 |
return MNL_CB_ERROR; |
return MNL_CB_ERROR; |
294 |
365 |
} |
} |
295 |
366 |
|
|
296 |
367 |
nfg = mnl_nlmsg_get_payload(nlh); |
nfg = mnl_nlmsg_get_payload(nlh); |
297 |
368 |
|
|
298 |
369 |
if (attr[NFQA_PACKET_HDR] == NULL) { |
if (attr[NFQA_PACKET_HDR] == NULL) { |
299 |
|
fputs("metaheader not set\n", stderr); |
|
|
370 |
|
xlog("Packet metaheader not set!\n"); |
300 |
371 |
return MNL_CB_ERROR; |
return MNL_CB_ERROR; |
301 |
372 |
} |
} |
302 |
373 |
|
|
|
... |
... |
static int queue_cb(const struct nlmsghdr *nlh, void *data) |
305 |
376 |
|
|
306 |
377 |
ph = mnl_attr_get_payload(attr[NFQA_PACKET_HDR]); |
ph = mnl_attr_get_payload(attr[NFQA_PACKET_HDR]); |
307 |
378 |
id = ntohl(ph->packet_id); |
id = ntohl(ph->packet_id); |
308 |
|
printf("packet received (id=%u hw=0x%04hx hook=%hhu, payload len %u" |
|
|
379 |
|
xlog("packet received (id=%u hw=0x%04hx hook=%hhu, payload len %u" |
309 |
380 |
" data=%p\n", |
" data=%p\n", |
310 |
381 |
id, ntohs(ph->hw_protocol), ph->hook, plen, data); |
id, ntohs(ph->hw_protocol), ph->hook, plen, data); |
311 |
382 |
|
|
312 |
383 |
verdict = process(ntohs(ph->hw_protocol), payload, plen); |
verdict = process(ntohs(ph->hw_protocol), payload, plen); |
313 |
|
send_verdict(ntohs(nfg->res_id), id, verdict); |
|
|
384 |
|
ret = send_verdict(ntohs(nfg->res_id), id, verdict); |
|
385 |
|
if (ret == -1) |
|
386 |
|
return MNL_CB_ERROR; |
314 |
387 |
|
|
315 |
388 |
return MNL_CB_OK; |
return MNL_CB_OK; |
316 |
389 |
} |
} |
|
... |
... |
static int queue_cb(const struct nlmsghdr *nlh, void *data) |
318 |
391 |
/* |
/* |
319 |
392 |
* Add a key to a struct user, ordering them correctly |
* Add a key to a struct user, ordering them correctly |
320 |
393 |
*/ |
*/ |
321 |
|
void key_add(struct user *u, struct key *k) |
|
|
394 |
|
static void key_add(struct user *u, struct key *k) |
322 |
395 |
{ |
{ |
323 |
396 |
struct key *q, *prev; |
struct key *q, *prev; |
324 |
397 |
|
|
325 |
398 |
prev = NULL; |
prev = NULL; |
326 |
399 |
q = u->head; |
q = u->head; |
327 |
400 |
while (q) { |
while (q) { |
328 |
|
printf("DEBUG: comparing q->id (%hhu) with k->id (%hhu)\n", |
|
329 |
|
q->id, k->id); |
|
330 |
401 |
if (q->id > k->id) |
if (q->id > k->id) |
331 |
402 |
break; |
break; |
332 |
403 |
|
|
|
... |
... |
void key_add(struct user *u, struct key *k) |
346 |
417 |
/* |
/* |
347 |
418 |
* Returns a struct user by uid |
* Returns a struct user by uid |
348 |
419 |
*/ |
*/ |
349 |
|
struct user *uid_to_user(const unsigned int uid) |
|
|
420 |
|
static struct user *uid_to_user(const unsigned int uid) |
350 |
421 |
{ |
{ |
351 |
422 |
struct user *q; |
struct user *q; |
352 |
423 |
|
|
|
... |
... |
struct user *uid_to_user(const unsigned int uid) |
365 |
436 |
* Returns the next free key slot. |
* Returns the next free key slot. |
366 |
437 |
* Returns 0xFF if not available |
* Returns 0xFF if not available |
367 |
438 |
*/ |
*/ |
368 |
|
unsigned char key_next_free(struct user *u) |
|
|
439 |
|
static unsigned char key_next_free(struct user *u) |
369 |
440 |
{ |
{ |
370 |
441 |
struct key *k; |
struct key *k; |
371 |
442 |
unsigned char min = 0; |
unsigned char min = 0; |
|
... |
... |
unsigned char key_next_free(struct user *u) |
385 |
456 |
/* |
/* |
386 |
457 |
* Process a client command |
* Process a client command |
387 |
458 |
* Returns the number of bytes stored in @buf |
* Returns the number of bytes stored in @buf |
|
459 |
|
* TODO: do we really heave at least 1 byte? |
388 |
460 |
*/ |
*/ |
389 |
|
int process_client(const unsigned int uid, unsigned char *buf, |
|
390 |
|
const unsigned int len) |
|
|
461 |
|
static int process_client(const unsigned int uid, unsigned char *buf, |
|
462 |
|
unsigned int n) |
391 |
463 |
{ |
{ |
392 |
464 |
unsigned char cmd; |
unsigned char cmd; |
393 |
465 |
unsigned short i = 0; |
unsigned short i = 0; |
394 |
466 |
int r; |
int r; |
395 |
467 |
|
|
396 |
468 |
i = 0; |
i = 0; |
397 |
|
cmd = buf[i++]; |
|
|
469 |
|
cmd = buf[i++]; n--; |
398 |
470 |
|
|
399 |
|
if (cmd == NF2FA_CMD_ENROLL) { |
|
|
471 |
|
while (cmd == NF2FA_CMD_ENROLL) { |
400 |
472 |
struct user *u; |
struct user *u; |
401 |
473 |
struct key k, *k2; |
struct key k, *k2; |
402 |
|
unsigned char len8; |
|
|
474 |
|
unsigned char len, len2; |
403 |
475 |
struct timeval now; |
struct timeval now; |
404 |
476 |
|
|
|
477 |
|
if (n < 1) |
|
478 |
|
break; |
|
479 |
|
|
405 |
480 |
memset(&k, 0, sizeof(struct key)); |
memset(&k, 0, sizeof(struct key)); |
406 |
481 |
|
|
407 |
|
len8 = buf[i++]; |
|
408 |
|
if (len8 > sizeof(k.name) - 1) |
|
409 |
|
len8 = sizeof(k.name) - 1; |
|
410 |
|
memcpy(k.name, buf + i, len8); i += len8; |
|
411 |
|
k.name[len8] = '\0'; |
|
412 |
|
printf("DEBUG: ENROLL name=[%s]\n", k.name); |
|
|
482 |
|
len = buf[i++]; n--; |
|
483 |
|
if (len > n) |
|
484 |
|
break; |
|
485 |
|
if (len > sizeof(k.name) - 1) |
|
486 |
|
len2 = sizeof(k.name) - 1; |
|
487 |
|
else |
|
488 |
|
len2 = len; |
|
489 |
|
memcpy(k.name, buf + i, len2); |
|
490 |
|
k.name[len2] = '\0'; |
|
491 |
|
i += len; n -= len; |
|
492 |
|
//xlog("DEBUG: ENROLL name=[%s]\n", k.name); |
413 |
493 |
|
|
414 |
494 |
i = 1; /* we now overwrite the buffer */ |
i = 1; /* we now overwrite the buffer */ |
415 |
495 |
|
|
|
... |
... |
int process_client(const unsigned int uid, unsigned char *buf, |
424 |
504 |
|
|
425 |
505 |
r = totp_base64_generate(k.key, KEY_DIGITS); |
r = totp_base64_generate(k.key, KEY_DIGITS); |
426 |
506 |
if (r != 0) |
if (r != 0) |
427 |
|
return i + protocol_enqueue_error(buf + i, |
|
428 |
|
"cannot generate key: too low entropy"); |
|
|
507 |
|
return i + protocol_enqueue_error(buf + i, totp_error()); |
429 |
508 |
|
|
430 |
509 |
gettimeofday(&now, NULL); |
gettimeofday(&now, NULL); |
431 |
510 |
k.itime = now.tv_sec; |
k.itime = now.tv_sec; |
432 |
511 |
|
|
433 |
512 |
r = key_save(uid, &k); |
r = key_save(uid, &k); |
434 |
513 |
if (r != 0) |
if (r != 0) |
435 |
|
return i + protocol_enqueue_error(buf + i, |
|
436 |
|
"cannot save key"); |
|
|
514 |
|
return i + protocol_enqueue_error(buf + i, key_error()); |
437 |
515 |
|
|
438 |
516 |
// Add the key to memory |
// Add the key to memory |
439 |
517 |
u = users_head; |
u = users_head; |
|
... |
... |
int process_client(const unsigned int uid, unsigned char *buf, |
469 |
547 |
return i; |
return i; |
470 |
548 |
} |
} |
471 |
549 |
|
|
472 |
|
if (cmd == NF2FA_CMD_LIST) { |
|
|
550 |
|
while (cmd == NF2FA_CMD_LIST) { |
473 |
551 |
struct user *u; |
struct user *u; |
474 |
552 |
struct key *k; |
struct key *k; |
475 |
553 |
|
|
|
... |
... |
int process_client(const unsigned int uid, unsigned char *buf, |
493 |
571 |
i += protocol_enqueue_string(buf + i, k->name); |
i += protocol_enqueue_string(buf + i, k->name); |
494 |
572 |
x = htonl(k->ts); |
x = htonl(k->ts); |
495 |
573 |
memcpy(buf + i, &x, 4); i += 4; |
memcpy(buf + i, &x, 4); i += 4; |
|
574 |
|
x = htonl(k->itime); |
|
575 |
|
memcpy(buf + i, &x, 4); i += 4; |
496 |
576 |
i += protocol_enqueue_string(buf + i, k->ip); |
i += protocol_enqueue_string(buf + i, k->ip); |
497 |
577 |
|
|
498 |
578 |
k = k->next; |
k = k->next; |
|
... |
... |
int process_client(const unsigned int uid, unsigned char *buf, |
501 |
581 |
return i; |
return i; |
502 |
582 |
} |
} |
503 |
583 |
|
|
504 |
|
if (cmd == NF2FA_CMD_UNENROLL) { |
|
|
584 |
|
while (cmd == NF2FA_CMD_UNENROLL) { |
505 |
585 |
struct user *u; |
struct user *u; |
506 |
586 |
struct key *k, *kprev; |
struct key *k, *kprev; |
507 |
587 |
int r; |
int r; |
508 |
588 |
unsigned char id; |
unsigned char id; |
509 |
589 |
|
|
510 |
|
id = buf[i++]; |
|
|
590 |
|
if (n < 1) |
|
591 |
|
break; |
|
592 |
|
|
|
593 |
|
id = buf[i++]; n--; |
511 |
594 |
|
|
512 |
595 |
i = 1; /* we now overwrite the buffer */ |
i = 1; /* we now overwrite the buffer */ |
513 |
596 |
|
|
514 |
597 |
r = key_remove(uid, id); |
r = key_remove(uid, id); |
515 |
598 |
if (r != 0) |
if (r != 0) |
516 |
|
return i + protocol_enqueue_error(buf + i, |
|
517 |
|
"cannot remove key"); |
|
|
599 |
|
return i + protocol_enqueue_error(buf + i, key_error()); |
518 |
600 |
|
|
519 |
601 |
// Remove it from memory |
// Remove it from memory |
520 |
602 |
u = users_head; |
u = users_head; |
|
... |
... |
int process_client(const unsigned int uid, unsigned char *buf, |
542 |
624 |
} |
} |
543 |
625 |
|
|
544 |
626 |
buf[i++] = 0x00; /* marks the success */ |
buf[i++] = 0x00; /* marks the success */ |
|
627 |
|
xlog("Unenrolled key %03hhu for uid %u.\n", id, uid); |
545 |
628 |
return i; |
return i; |
546 |
629 |
} |
} |
547 |
630 |
|
|
548 |
|
return i + protocol_enqueue_error(buf + i, "unknown command"); |
|
|
631 |
|
return i + protocol_enqueue_error(buf + i, "unknown or invalid command"); |
549 |
632 |
} |
} |
550 |
633 |
|
|
551 |
634 |
/* |
/* |
552 |
635 |
* Load the keys for a user |
* Load the keys for a user |
553 |
636 |
*/ |
*/ |
554 |
|
int load_keys_uid(struct user *u, const unsigned int uid) |
|
|
637 |
|
static int load_keys_uid(struct user *u, const unsigned int uid) |
555 |
638 |
{ |
{ |
556 |
639 |
int err; |
int err; |
557 |
640 |
|
|
|
... |
... |
int load_keys_uid(struct user *u, const unsigned int uid) |
563 |
646 |
snprintf(path, sizeof(path), "%s/%u", KEY_DIR, uid); |
snprintf(path, sizeof(path), "%s/%u", KEY_DIR, uid); |
564 |
647 |
d = opendir(path); |
d = opendir(path); |
565 |
648 |
if (!d) { |
if (!d) { |
566 |
|
printf("Cannot open dir %s: %s!\n", |
|
|
649 |
|
xlog("Cannot open dir %s: %s!\n", |
567 |
650 |
path, strerror(errno)); |
path, strerror(errno)); |
568 |
651 |
break; |
break; |
569 |
652 |
} |
} |
|
... |
... |
int load_keys_uid(struct user *u, const unsigned int uid) |
585 |
668 |
if (strlen(de->d_name) != 3) |
if (strlen(de->d_name) != 3) |
586 |
669 |
continue; |
continue; |
587 |
670 |
|
|
588 |
|
//printf(" Loading key %s...\n", de->d_name); |
|
|
671 |
|
//xlog(" Loading key %s...\n", de->d_name); |
589 |
672 |
k = malloc(sizeof(struct key)); |
k = malloc(sizeof(struct key)); |
590 |
673 |
if (!k) { |
if (!k) { |
591 |
|
printf("Cannot alloc memory!\n"); |
|
|
674 |
|
xlog("Cannot alloc memory!\n"); |
592 |
675 |
break; |
break; |
593 |
676 |
} |
} |
594 |
677 |
|
|
|
... |
... |
int load_keys_uid(struct user *u, const unsigned int uid) |
611 |
694 |
/* |
/* |
612 |
695 |
* Load all keys from KEY_DIR |
* Load all keys from KEY_DIR |
613 |
696 |
*/ |
*/ |
614 |
|
int load_keys(void) |
|
|
697 |
|
static int load_keys(void) |
615 |
698 |
{ |
{ |
616 |
699 |
DIR *d; |
DIR *d; |
617 |
700 |
int err, r; |
int err, r; |
618 |
701 |
|
|
619 |
702 |
d = opendir(KEY_DIR); |
d = opendir(KEY_DIR); |
620 |
703 |
if (!d) { |
if (!d) { |
621 |
|
printf("Cannot open keys dir: %s!\n", strerror(errno)); |
|
|
704 |
|
xlog("Cannot open keys dir: %s!\n", strerror(errno)); |
622 |
705 |
return -1; |
return -1; |
623 |
706 |
} |
} |
624 |
707 |
|
|
|
... |
... |
int load_keys(void) |
639 |
722 |
if (de->d_name[0] == '.') |
if (de->d_name[0] == '.') |
640 |
723 |
continue; |
continue; |
641 |
724 |
|
|
642 |
|
//printf("Loading uid [%s]...\n", de->d_name); |
|
|
725 |
|
//xlog("Loading uid [%s]...\n", de->d_name); |
643 |
726 |
|
|
644 |
727 |
u = malloc(sizeof(struct user)); |
u = malloc(sizeof(struct user)); |
645 |
728 |
if (!u) { |
if (!u) { |
646 |
|
printf("Cannot alloc memory!\n"); |
|
|
729 |
|
xlog("Cannot alloc memory!\n"); |
647 |
730 |
break; |
break; |
648 |
731 |
} |
} |
649 |
732 |
memset(u, 0, sizeof(struct user)); |
memset(u, 0, sizeof(struct user)); |
|
... |
... |
int load_keys(void) |
664 |
747 |
return err; |
return err; |
665 |
748 |
} |
} |
666 |
749 |
|
|
|
750 |
|
/* |
|
751 |
|
* Drop privileges |
|
752 |
|
* returns -1 on error |
|
753 |
|
*/ |
|
754 |
|
static int drop_privileges(void) |
|
755 |
|
{ |
|
756 |
|
int ret, err; |
|
757 |
|
cap_t caps; |
|
758 |
|
cap_value_t cap_list[1]; |
|
759 |
|
|
|
760 |
|
// Be sure the rights are ok |
|
761 |
|
chmod(KEY_DIR, 0700); |
|
762 |
|
|
|
763 |
|
chdir("/"); |
|
764 |
|
|
|
765 |
|
err = -1; |
|
766 |
|
while (1) { |
|
767 |
|
caps = cap_get_proc(); |
|
768 |
|
if (!caps) { |
|
769 |
|
xlog("Cannot obtain caps: %s!\n", strerror(errno)); |
|
770 |
|
break; |
|
771 |
|
} |
|
772 |
|
|
|
773 |
|
ret = cap_clear(caps); |
|
774 |
|
if (ret == -1) { |
|
775 |
|
xlog("Cannot clear caps: %s!\n", strerror(errno)); |
|
776 |
|
break; |
|
777 |
|
} |
|
778 |
|
|
|
779 |
|
cap_list[0] = CAP_NET_ADMIN; |
|
780 |
|
|
|
781 |
|
ret = cap_set_flag(caps, CAP_EFFECTIVE, 1, cap_list, CAP_SET); |
|
782 |
|
if (ret == -1) { |
|
783 |
|
xlog("Cannot set eff flags: %s!\n", strerror(errno)); |
|
784 |
|
break; |
|
785 |
|
} |
|
786 |
|
|
|
787 |
|
ret = cap_set_flag(caps, CAP_PERMITTED, 1, cap_list, CAP_SET); |
|
788 |
|
if (ret == -1) { |
|
789 |
|
xlog("Cannot set perm flags: %s!\n", strerror(errno)); |
|
790 |
|
break; |
|
791 |
|
} |
|
792 |
|
|
|
793 |
|
ret = cap_set_proc(caps); |
|
794 |
|
if (ret == -1) { |
|
795 |
|
xlog("Cannot set caps: %s!\n", strerror(errno)); |
|
796 |
|
break; |
|
797 |
|
} |
|
798 |
|
|
|
799 |
|
err = 0; |
|
800 |
|
break; |
|
801 |
|
} |
|
802 |
|
if (caps) |
|
803 |
|
cap_free(caps); |
|
804 |
|
|
|
805 |
|
return err; |
|
806 |
|
} |
|
807 |
|
|
667 |
808 |
int main(int argc, char *argv[]) |
int main(int argc, char *argv[]) |
668 |
809 |
{ |
{ |
669 |
810 |
unsigned char buf[MNL_SOCKET_BUFFER_SIZE]; |
unsigned char buf[MNL_SOCKET_BUFFER_SIZE]; |
670 |
811 |
struct nlmsghdr *nlh; |
struct nlmsghdr *nlh; |
671 |
812 |
int ret, efd, fd1, fd2; |
int ret, efd, fd1, fd2; |
672 |
|
unsigned int portid, queue_num; |
|
|
813 |
|
unsigned int portid; |
673 |
814 |
unsigned int i; |
unsigned int i; |
674 |
815 |
struct epoll_event ev; |
struct epoll_event ev; |
675 |
816 |
struct sockaddr_un sa_un; |
struct sockaddr_un sa_un; |
676 |
817 |
socklen_t slen; |
socklen_t slen; |
|
818 |
|
char *conf_file; |
677 |
819 |
|
|
678 |
|
ret = load_keys(); |
|
|
820 |
|
xlog("Version: %s\n", NF2FA_VERSION); |
|
821 |
|
|
|
822 |
|
if (argc >= 2) |
|
823 |
|
conf_file = argv[1]; |
|
824 |
|
else |
|
825 |
|
conf_file = CONF_FILE; |
|
826 |
|
xlog("conf_file: %s\n", conf_file); |
|
827 |
|
|
|
828 |
|
ret = conf_load(conf_file); |
|
829 |
|
if (ret == -1) |
|
830 |
|
return 1; |
|
831 |
|
|
|
832 |
|
ret = drop_privileges(); |
|
833 |
|
if (ret != 0) |
|
834 |
|
return 1; |
|
835 |
|
|
|
836 |
|
ret = brute_init(bad_entries); |
679 |
837 |
if (ret == -1) { |
if (ret == -1) { |
680 |
|
printf("Cannot load keys!\n"); |
|
|
838 |
|
xerr("cannot init brute module: %s", brute_error()); |
681 |
839 |
return 1; |
return 1; |
682 |
840 |
} |
} |
683 |
841 |
|
|
684 |
|
if (argc < 2) |
|
685 |
|
queue_num = 0x4545; |
|
686 |
|
else |
|
687 |
|
queue_num = strtoul(argv[1], NULL, 0); |
|
688 |
|
printf("queue_num: %u\n", queue_num); |
|
|
842 |
|
ret = load_keys(); |
|
843 |
|
if (ret == -1) |
|
844 |
|
return 1; |
|
845 |
|
|
689 |
846 |
|
|
690 |
847 |
nl = mnl_socket_open(NETLINK_NETFILTER); |
nl = mnl_socket_open(NETLINK_NETFILTER); |
691 |
848 |
if (nl == NULL) { |
if (nl == NULL) { |
|
... |
... |
int main(int argc, char *argv[]) |
697 |
854 |
perror("mnl_socket_bind"); |
perror("mnl_socket_bind"); |
698 |
855 |
return 1; |
return 1; |
699 |
856 |
} |
} |
700 |
|
portid = mnl_socket_get_portid(nl); |
|
701 |
857 |
|
|
702 |
|
nlh = nfq_hdr_put(buf, NFQNL_MSG_CONFIG, 0); |
|
703 |
|
nfq_nlmsg_cfg_put_cmd(nlh, AF_INET, NFQNL_CFG_CMD_PF_UNBIND); |
|
704 |
|
if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) { |
|
705 |
|
perror("mnl_socket_send"); |
|
|
858 |
|
unlink(sock_path); |
|
859 |
|
fd2 = socket(AF_UNIX, SOCK_STREAM, 0); |
|
860 |
|
if (fd2 == -1) { |
|
861 |
|
xlog("Cannot create unix socket: %s!\n", strerror(errno)); |
706 |
862 |
return 1; |
return 1; |
707 |
863 |
} |
} |
708 |
864 |
|
|
709 |
|
nlh = nfq_hdr_put(buf, NFQNL_MSG_CONFIG, 0); |
|
710 |
|
nfq_nlmsg_cfg_put_cmd(nlh, AF_INET, NFQNL_CFG_CMD_PF_BIND); |
|
711 |
|
if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) { |
|
712 |
|
perror("mnl_socket_send"); |
|
|
865 |
|
memset(&sa_un, 0, sizeof(struct sockaddr_un)); |
|
866 |
|
sa_un.sun_family = AF_UNIX; |
|
867 |
|
strncpy(sa_un.sun_path, sock_path, sizeof(sa_un.sun_path) - 1); |
|
868 |
|
slen = sizeof(struct sockaddr_un); |
|
869 |
|
ret = bind(fd2, (struct sockaddr *) &sa_un, slen); |
|
870 |
|
if (ret == -1) { |
|
871 |
|
xlog("Cannot bind unix socket: %s!\n", strerror(errno)); |
713 |
872 |
return 1; |
return 1; |
714 |
873 |
} |
} |
|
874 |
|
chmod(sock_path, 0666); |
|
875 |
|
|
715 |
876 |
|
|
716 |
|
nlh = nfq_hdr_put(buf, NFQNL_MSG_CONFIG, queue_num); |
|
|
877 |
|
portid = mnl_socket_get_portid(nl); |
|
878 |
|
|
|
879 |
|
nlh = nfq_hdr_put(buf, NFQNL_MSG_CONFIG, queue); |
717 |
880 |
nfq_nlmsg_cfg_put_cmd(nlh, AF_INET, NFQNL_CFG_CMD_BIND); |
nfq_nlmsg_cfg_put_cmd(nlh, AF_INET, NFQNL_CFG_CMD_BIND); |
718 |
881 |
if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) { |
if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) { |
719 |
|
perror("mnl_socket_send"); |
|
|
882 |
|
perror("mnl_socket_send cmd_bind"); |
720 |
883 |
return 1; |
return 1; |
721 |
884 |
} |
} |
722 |
885 |
|
|
723 |
|
nlh = nfq_hdr_put(buf, NFQNL_MSG_CONFIG, queue_num); |
|
|
886 |
|
nlh = nfq_hdr_put(buf, NFQNL_MSG_CONFIG, queue); |
724 |
887 |
nfq_nlmsg_cfg_put_params(nlh, NFQNL_COPY_PACKET, 0xffff); |
nfq_nlmsg_cfg_put_params(nlh, NFQNL_COPY_PACKET, 0xffff); |
725 |
888 |
if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) { |
if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) { |
726 |
|
perror("mnl_socket_send"); |
|
|
889 |
|
perror("mnl_socket_send copy_packet"); |
727 |
890 |
return 1; |
return 1; |
728 |
891 |
} |
} |
729 |
892 |
|
|
|
... |
... |
int main(int argc, char *argv[]) |
733 |
896 |
ret = 1; |
ret = 1; |
734 |
897 |
mnl_socket_setsockopt(nl, NETLINK_NO_ENOBUFS, &ret, sizeof(int)); |
mnl_socket_setsockopt(nl, NETLINK_NO_ENOBUFS, &ret, sizeof(int)); |
735 |
898 |
|
|
|
899 |
|
|
736 |
900 |
efd = epoll_create1(0); |
efd = epoll_create1(0); |
737 |
901 |
if (efd == -1) { |
if (efd == -1) { |
738 |
|
printf("Cannot create epoll socket: %s!\n", strerror(errno)); |
|
|
902 |
|
xlog("Cannot create epoll socket: %s!\n", strerror(errno)); |
739 |
903 |
return 1; |
return 1; |
740 |
904 |
} |
} |
741 |
905 |
|
|
742 |
906 |
fd1 = mnl_socket_get_fd(nl); |
fd1 = mnl_socket_get_fd(nl); |
743 |
|
printf("fd1=%d\n", fd1); |
|
744 |
907 |
memset(&ev, 0, sizeof(struct epoll_event)); |
memset(&ev, 0, sizeof(struct epoll_event)); |
745 |
908 |
ev.events = EPOLLIN; |
ev.events = EPOLLIN; |
746 |
909 |
ev.data.fd = fd1; |
ev.data.fd = fd1; |
747 |
910 |
if (epoll_ctl(efd, EPOLL_CTL_ADD, fd1, &ev) == -1) { |
if (epoll_ctl(efd, EPOLL_CTL_ADD, fd1, &ev) == -1) { |
748 |
|
printf("Cannot add nl socket to epoll: %s!\n", |
|
|
911 |
|
xlog("Cannot add nl socket to epoll: %s!\n", |
749 |
912 |
strerror(errno)); |
strerror(errno)); |
750 |
913 |
return 1; |
return 1; |
751 |
914 |
} |
} |
752 |
915 |
|
|
753 |
|
unlink(SOCKET_NAME); |
|
754 |
|
fd2 = socket(AF_UNIX, SOCK_STREAM, 0); |
|
755 |
|
if (fd2 == -1) { |
|
756 |
|
printf("Cannot create unix socket: %s!\n", strerror(errno)); |
|
757 |
|
return 1; |
|
758 |
|
} |
|
759 |
|
memset(&sa_un, 0, sizeof(struct sockaddr_un)); |
|
760 |
|
sa_un.sun_family = AF_UNIX; |
|
761 |
|
strncpy(sa_un.sun_path, SOCKET_NAME, sizeof(sa_un.sun_path) - 1); |
|
762 |
|
slen = sizeof(struct sockaddr_un); |
|
763 |
|
ret = bind(fd2, (struct sockaddr *) &sa_un, slen); |
|
764 |
|
if (ret == -1) { |
|
765 |
|
printf("Cannot bind unix socket: %s!\n", strerror(errno)); |
|
766 |
|
return 1; |
|
767 |
|
} |
|
|
916 |
|
// Preparing unix socket for control |
768 |
917 |
listen(fd2, 16); |
listen(fd2, 16); |
769 |
|
chmod(SOCKET_NAME, 0666); |
|
770 |
|
printf("fd2=%d\n", fd2); |
|
771 |
918 |
memset(&ev, 0, sizeof(struct epoll_event)); |
memset(&ev, 0, sizeof(struct epoll_event)); |
772 |
919 |
ev.events = EPOLLIN; |
ev.events = EPOLLIN; |
773 |
920 |
ev.data.fd = fd2; |
ev.data.fd = fd2; |
774 |
921 |
if (epoll_ctl(efd, EPOLL_CTL_ADD, fd2, &ev) == -1) { |
if (epoll_ctl(efd, EPOLL_CTL_ADD, fd2, &ev) == -1) { |
775 |
|
printf("Cannot add unix socket to epoll: %s!\n", |
|
|
922 |
|
xlog("Cannot add unix socket to epoll: %s!\n", |
776 |
923 |
strerror(errno)); |
strerror(errno)); |
777 |
924 |
return 1; |
return 1; |
778 |
925 |
} |
} |
|
... |
... |
int main(int argc, char *argv[]) |
784 |
931 |
for (;;) { |
for (;;) { |
785 |
932 |
ret = epoll_wait(efd, &ev, 1, -1); |
ret = epoll_wait(efd, &ev, 1, -1); |
786 |
933 |
if (ret == -1) { |
if (ret == -1) { |
787 |
|
printf("Cannot wait for epoll: %s!\n", |
|
|
934 |
|
xlog("Cannot wait for epoll: %s!\n", |
788 |
935 |
strerror(errno)); |
strerror(errno)); |
789 |
936 |
return 1; |
return 1; |
790 |
937 |
} |
} |
|
... |
... |
int main(int argc, char *argv[]) |
812 |
959 |
|
|
813 |
960 |
csock = accept(fd2, NULL, NULL); |
csock = accept(fd2, NULL, NULL); |
814 |
961 |
if (csock == -1) { |
if (csock == -1) { |
815 |
|
printf("Cannot accept: %s!\n", strerror(errno)); |
|
|
962 |
|
xlog("Cannot accept: %s!\n", strerror(errno)); |
816 |
963 |
continue; |
continue; |
817 |
964 |
} |
} |
818 |
965 |
|
|
819 |
966 |
slen = sizeof(struct ucred); |
slen = sizeof(struct ucred); |
820 |
967 |
if (getsockopt(csock, SOL_SOCKET, SO_PEERCRED, |
if (getsockopt(csock, SOL_SOCKET, SO_PEERCRED, |
821 |
968 |
&ucred, &slen) == -1) { |
&ucred, &slen) == -1) { |
822 |
|
printf("Canno find out uid/gid of peer: %s!\n", |
|
|
969 |
|
xlog("Cannot find out uid/gid of peer: %s!\n", |
823 |
970 |
strerror(errno)); |
strerror(errno)); |
824 |
971 |
goto clean; |
goto clean; |
825 |
972 |
} |
} |
826 |
|
printf("Credentials from SO_PEERCRED: pid=%ld, euid=%ld, egid=%ld\n", |
|
827 |
|
(long) ucred.pid, (long) ucred.uid, (long) ucred.gid); |
|
|
973 |
|
xlog("Connection from " |
|
974 |
|
" pid=%ld, euid=%ld, egid=%ld\n", |
|
975 |
|
(long) ucred.pid, (long) ucred.uid, |
|
976 |
|
(long) ucred.gid); |
828 |
977 |
|
|
829 |
978 |
// Set timeout |
// Set timeout |
830 |
979 |
tv.tv_sec = 0; tv.tv_usec = 20000; |
tv.tv_sec = 0; tv.tv_usec = 20000; |
|
... |
... |
int main(int argc, char *argv[]) |
833 |
982 |
|
|
834 |
983 |
n = recv(csock, buf, sizeof(buf), 0); |
n = recv(csock, buf, sizeof(buf), 0); |
835 |
984 |
if (n == -1) { |
if (n == -1) { |
836 |
|
printf("Cannot receive: %s\n", strerror(errno)); |
|
|
985 |
|
xlog("Cannot receive: %s\n", strerror(errno)); |
837 |
986 |
goto clean; |
goto clean; |
838 |
987 |
} |
} |
839 |
|
printf("Data on UNIX socket:\n"); dump(buf, n); |
|
|
988 |
|
//xlog("Data on UNIX socket:\n"); dump(buf, n); |
840 |
989 |
|
|
841 |
990 |
n = process_client(ucred.uid, buf, n); |
n = process_client(ucred.uid, buf, n); |
842 |
991 |
if (n == -1) |
if (n == -1) |
|
... |
... |
int main(int argc, char *argv[]) |
844 |
993 |
|
|
845 |
994 |
n = send(csock, buf, n, 0); |
n = send(csock, buf, n, 0); |
846 |
995 |
if (n == -1) |
if (n == -1) |
847 |
|
printf("Cannot send: %s!\n", strerror(errno)); |
|
|
996 |
|
xlog("Cannot send: %s!\n", strerror(errno)); |
848 |
997 |
|
|
849 |
998 |
clean: |
clean: |
850 |
999 |
close(csock); |
close(csock); |