Commit 2b2270e2 authored by Mark Andrews's avatar Mark Andrews
Browse files

1499. [bug] isc_random need to be seeded better if arc4random()

                        is not used.

1480.   [bug]           Provide replay protection for rndc commands.
parent 591207b3
1499. [bug] isc_random need to be seeded better if arc4random()
is not used.
1480. [bug] Provide replay protection for rndc commands.
1347. [bug] Incorporate OpenSSL fixes for CERT Advisory CA-2002-23
http://www.cert.org/advisories/CA-2002-23.html
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: random.c,v 1.14.2.1 2001/01/09 22:49:14 bwelling Exp $ */
/* $Id: random.c,v 1.14.2.2 2003/08/29 07:08:31 marka Exp $ */
#include <config.h>
......@@ -33,7 +33,14 @@ static isc_once_t once = ISC_ONCE_INIT;
static void
initialize_rand(void)
{
srand(time(NULL));
unsigned int pid = getpid();
/*
* The low bits of pid generally change faster.
* Xor them with the high bits of time which change slowly.
*/
pid = ((pid << 16) & 0xffff0000) | ((pid >> 16) & 0xffff);
srand(time(NULL) ^ pid);
}
static void
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: private.h,v 1.25.4.1 2001/01/09 22:53:15 bwelling Exp $ */
/* $Id: private.h,v 1.25.4.2 2003/08/29 07:08:33 marka Exp $ */
/*****
***** Private master include file for the OMAPI library.
......@@ -243,6 +243,7 @@ struct omapi_protocol {
isc_region_t signature_in;
isc_buffer_t *signature_out;
isc_result_t verify_result;
isc_uint32_t authid;
/*
* A callback to find out whether a requested key is valid on
* the connection, and the arg the caller wants to help it decide.
......@@ -438,12 +439,12 @@ send_intro(omapi_object_t *object, unsigned int version);
#define send_status omapi__send_status
isc_result_t
send_status(omapi_object_t *protcol, isc_result_t waitstatus,
unsigned int response_id, const char *message);
unsigned int response_id, unsigned int authid, const char *message);
#define send_update omapi__send_update
isc_result_t
send_update(omapi_object_t *protocol, unsigned int response_id,
omapi_object_t *object);
unsigned int authid, omapi_object_t *object);
ISC_LANG_ENDDECLS
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: result.h,v 1.7.4.1 2001/01/09 22:53:16 bwelling Exp $ */
/* $Id: result.h,v 1.7.4.2 2003/08/29 07:08:33 marka Exp $ */
#ifndef OMAPI_RESULT_H
#define OMAPI_RESULT_H 1
......@@ -32,8 +32,9 @@ ISC_LANG_BEGINDECLS
#define OMAPI_R_INVALIDARG (ISC_RESULTCLASS_OMAPI + 3)
#define OMAPI_R_VERSIONMISMATCH (ISC_RESULTCLASS_OMAPI + 4)
#define OMAPI_R_PROTOCOLERROR (ISC_RESULTCLASS_OMAPI + 5)
#define OMAPI_R_BADAUTHID (ISC_RESULTCLASS_OMAPI + 6)
#define OMAPI_R_NRESULTS 6 /* Number of results */
#define OMAPI_R_NRESULTS 7 /* Number of results */
const char *
omapi_result_totext(isc_result_t);
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: listener.c,v 1.31.4.2 2001/03/27 00:14:54 bwelling Exp $ */
/* $Id: listener.c,v 1.31.4.3 2003/08/29 07:08:32 marka Exp $ */
/*
* Subroutines that support the generic listener object.
......@@ -219,6 +219,8 @@ listener_accept(isc_task_t *task, isc_event_t *event) {
*/
protocol->verify_key = listener->verify_key;
protocol->verify_key_arg = listener->callback_arg;
while (protocol->authid == 0)
isc_random_get(&protocol->authid);
/*
* Tie the protocol object bidirectionally to the connection
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: message.c,v 1.28.4.1 2001/01/09 22:53:00 bwelling Exp $ */
/* $Id: message.c,v 1.28.4.2 2003/08/29 07:08:32 marka Exp $ */
/*
* Subroutines for dealing with message objects.
......@@ -26,6 +26,7 @@
#include <stddef.h>
#include <isc/buffer.h>
#include <isc/random.h>
#include <isc/string.h>
#include <isc/util.h>
......@@ -180,7 +181,7 @@ omapi_message_send(omapi_object_t *message, omapi_object_t *protocol) {
if (result == ISC_R_SUCCESS)
/* XXXTL Write the ID of the authentication key we're using. */
result = omapi_connection_putuint32(connection, 0);
result = omapi_connection_putuint32(connection, p->authid);
if (result == ISC_R_SUCCESS)
result = omapi_connection_putuint32(connection, authlen);
......@@ -209,6 +210,8 @@ omapi_message_send(omapi_object_t *message, omapi_object_t *protocol) {
* Set and write the transaction ID.
*/
m->id = p->next_xid++;
if (m->id == 0)
m->id = p->next_xid++;
result = omapi_connection_putuint32(connection, m->id);
}
......@@ -385,6 +388,11 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
dst_context_destroy(&protocol->dstctx);
}
if (protocol->verify_result == ISC_R_SUCCESS &&
protocol->authid != 0)
if (protocol->authid != message->authid)
result = OMAPI_R_BADAUTHID;
if (protocol->verify_result != ISC_R_SUCCESS) {
if (connection->is_client) {
INSIST(m != NULL);
......@@ -422,6 +430,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
return (send_status(po,
protocol->verify_result,
message->id,
protocol->authid,
"failed to verify "
"signature"));
}
......@@ -434,7 +443,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
if (m != NULL) {
return (send_status(po, OMAPI_R_INVALIDARG,
message->id,
message->id, protocol->authid,
"OPEN can't be a response"));
}
......@@ -456,7 +465,8 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
} else if (result == ISC_R_NOTFOUND)
type = NULL;
else
return (send_status(po, result, message->id,
return (send_status(po, result, message->id,
protocol->authid,
isc_result_totext(result)));
/*
......@@ -470,6 +480,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
create = 0;
else
return (send_status(po, result, message->id,
protocol->authid,
isc_result_totext(result)));
/*
......@@ -483,6 +494,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
update = 0;
else
return (send_status(po, result, message->id,
protocol->authid,
isc_result_totext(result)));
/*
......@@ -496,6 +508,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
exclusive = 0;
else
return (send_status(po, result, message->id,
protocol->authid,
isc_result_totext(result)));
/*
......@@ -505,6 +518,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
#ifdef notyet /* not for 9.0.0 */
if (type != omapi_type_protocol && protocol->key == NULL)
return (send_status(po, ISC_R_NOPERM, message->id,
protocol->authid,
"unauthorized access"));
#endif /* notyet */
......@@ -516,6 +530,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
if (create != 0)
return (send_status(po, OMAPI_R_INVALIDARG,
message->id,
protocol->authid,
"type required on create"));
goto refresh;
......@@ -523,6 +538,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
if (message->object == NULL)
return (send_status(po, ISC_R_NOTFOUND, message->id,
protocol->authid,
"no lookup key specified"));
/*
......@@ -551,12 +567,14 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
if (result == ISC_R_NOTIMPLEMENTED)
return (send_status(po, result, message->id,
protocol->authid,
"unsearchable object type"));
if (result != ISC_R_SUCCESS &&
result != ISC_R_NOTFOUND &&
result != OMAPI_R_NOKEYS)
return (send_status(po, result, message->id,
protocol->authid,
"object lookup failed"));
/*
......@@ -565,6 +583,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
*/
if (result == ISC_R_NOTFOUND && create == 0) {
return (send_status(po, ISC_R_NOTFOUND, message->id,
protocol->authid,
"no object matches specification"));
}
......@@ -576,6 +595,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
if (result == ISC_R_SUCCESS && create != 0 && exclusive != 0) {
OBJECT_DEREF(&object);
return (send_status(po, ISC_R_EXISTS, message->id,
protocol->authid,
"specified object already exists"));
}
......@@ -586,6 +606,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
result = object_methodcreate(type, &object);
if (result != ISC_R_SUCCESS)
return (send_status(po, result, message->id,
protocol->authid,
"can't create new object"));
}
......@@ -598,6 +619,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
if (result != ISC_R_SUCCESS) {
OBJECT_DEREF(&object);
return (send_status(po, result, message->id,
protocol->authid,
"can't update object"));
}
}
......@@ -614,6 +636,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
#ifdef notyet /* not for 9.0.0 */
if (protocol->key == NULL)
return (send_status(po, ISC_R_NOPERM, message->id,
protocol->authid,
"unauthorized access"));
#endif /* notyet */
......@@ -621,10 +644,11 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
result = handle_lookup(&object, message->h);
if (result != ISC_R_SUCCESS)
return (send_status(po, result, message->id,
protocol->authid,
"no matching handle"));
send:
result = send_update(po, message->id, object);
result = send_update(po, message->id, protocol->authid, object);
OBJECT_DEREF(&object);
return (result);
......@@ -632,6 +656,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
if (! connection->is_client)
return (send_status(po, OMAPI_R_INVALIDARG,
message->id,
protocol->authid,
"OMAPI_OP_UPDATE is not a "
"valid server operation"));
......@@ -642,6 +667,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
result = handle_lookup(&object, message->h);
if (result != ISC_R_SUCCESS)
return (send_status(po, result, message->id,
protocol->authid,
"no matching handle"));
}
......@@ -656,6 +682,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
if (result != ISC_R_SUCCESS) {
if (message->rid == 0)
return (send_status(po, result, message->id,
protocol->authid,
"can't update object"));
if (m != NULL)
object_signal((omapi_object_t *)m,
......@@ -665,6 +692,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
if (message->rid == 0)
result = send_status(po, ISC_R_SUCCESS, message->id,
protocol->authid,
NULL);
if (m != NULL)
......@@ -675,12 +703,14 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
case OMAPI_OP_NOTIFY:
return (send_status(po, ISC_R_NOTIMPLEMENTED, message->id,
protocol->authid,
"notify not implemented yet"));
case OMAPI_OP_STATUS:
if (! connection->is_client)
return (send_status(po, OMAPI_R_INVALIDARG,
message->id,
protocol->authid,
"OMAPI_OP_STATUS is not a "
"valid server operation"));
......@@ -720,22 +750,26 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
if (protocol->key == NULL)
return (send_status(po, ISC_R_NOPERM, message->id,
protocol->authid,
"unauthorized delete"));
result = handle_lookup(&object, message->h);
if (result != ISC_R_SUCCESS)
return (send_status(po, result, message->id,
protocol->authid,
"no matching handle"));
result = object_methodexpunge(object->type, object);
if (result == ISC_R_NOTIMPLEMENTED)
return (send_status(po, ISC_R_NOTIMPLEMENTED,
message->id,
protocol->authid,
"no remove method for object"));
OBJECT_DEREF(&object);
return (send_status(po, result, message->id, NULL));
return (send_status(po, result, message->id,
protocol->authid, NULL));
}
return (ISC_R_NOTIMPLEMENTED);
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: protocol.c,v 1.32.4.1 2001/01/09 22:53:03 bwelling Exp $ */
/* $Id: protocol.c,v 1.32.4.2 2003/08/29 07:08:32 marka Exp $ */
/*
* Functions supporting the object management protocol.
......@@ -28,6 +28,7 @@
#include <isc/buffer.h>
#include <isc/mem.h>
#include <isc/random.h>
#include <isc/string.h>
#include <isc/util.h>
......@@ -160,7 +161,7 @@ send_intro(omapi_object_t *h, unsigned int ver) {
* Make up an initial transaction ID for this connection.
* XXXDCL better generator than random()?
*/
p->next_xid = random();
isc_random_get(&p->next_xid);
result = connection_send(connection);
......@@ -212,7 +213,7 @@ omapi_protocol_listen(omapi_object_t *manager, isc_sockaddr_t *addr,
isc_result_t
send_status(omapi_object_t *po, isc_result_t waitstatus,
unsigned int rid, const char *msg)
unsigned int rid, unsigned int authid, const char *msg)
{
isc_result_t result;
omapi_object_t *message = NULL;
......@@ -230,6 +231,10 @@ send_status(omapi_object_t *po, isc_result_t waitstatus,
if (result == ISC_R_SUCCESS)
result = omapi_object_setinteger(message, "rid", (int)rid);
if (result == ISC_R_SUCCESS)
result = omapi_object_setinteger(message, "authid",
(int)authid);
if (result == ISC_R_SUCCESS)
result = omapi_object_setinteger(message, "result",
(int)waitstatus);
......@@ -249,7 +254,9 @@ send_status(omapi_object_t *po, isc_result_t waitstatus,
}
isc_result_t
send_update(omapi_object_t *po, unsigned int rid, omapi_object_t *object) {
send_update(omapi_object_t *po, unsigned int rid, unsigned int authid,
omapi_object_t *object)
{
isc_result_t result;
omapi_object_t *message = NULL;
......@@ -267,6 +274,10 @@ send_update(omapi_object_t *po, unsigned int rid, omapi_object_t *object) {
result = omapi_object_setinteger(message, "rid", (int)rid);
if (result == ISC_R_SUCCESS)
result = omapi_object_setinteger(message, "authid",
(int)authid);
if (result == ISC_R_SUCCESS)
result = object_gethandle(&handle, object);
......@@ -378,6 +389,8 @@ dispatch_messages(omapi_protocol_t *protocol,
*/
/* XXXDCL authid is unused */
connection_getuint32(connection, &protocol->message->authid);
if (protocol->authid == 0)
protocol->authid = protocol->message->authid;
/* XXXTL bind the authenticator here! */
connection_getuint32(connection, &protocol->message->authlen);
connection_getuint32(connection, &protocol->message->op);
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: result.c,v 1.10.4.1 2001/01/09 22:53:04 bwelling Exp $ */
/* $Id: result.c,v 1.10.4.2 2003/08/29 07:08:32 marka Exp $ */
#include <config.h>
#include <isc/once.h>
......@@ -31,6 +31,7 @@ static const char *text[OMAPI_R_NRESULTS] = {
"invalid argument", /* 3 */
"protocol version mismatch", /* 4 */
"protocol error", /* 5 */
"bad authid", /* 6 */
};
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment