|
Collaboration diagram for Libnuclient:
|
|
| #define USE_GCRYPT_MALLOC_SECURE |
Use gcry_malloc_secure() to disallow a memory page to be moved to the swap
Definition at line 38 of file libnuclient.c.
| nuauth_session_t* _nu_client_new | ( | nuclient_error_t * | err | ) |
Init connection to nuauth server.
(very secure but initialization is slower)
| err | Pointer to a nuclient_error_t: which contains the error |
Definition at line 481 of file libnuclient.c.
References nuauth_session::auth_by_default, nuauth_session::connected, nuauth_session::ct, nuauth_session::debug_mode, err, INTERNAL_ERROR, MAX_DELAY_SEC, MAX_DELAY_USEC, nuauth_session::max_sleep_delay, MEMORY_ERR, MIN_DELAY_SEC, MIN_DELAY_USEC, nuauth_session::min_sleep_delay, NO_ERR, nu_exit_clean(), nuauth_session::packet_seq, session, SET_ERROR, nuauth_session::sleep_delay, tcptable_init(), nuauth_session::timestamp_last_sent, nuauth_session::userid, and nuauth_session::verbose.
Referenced by nu_client_new(), and nu_client_new_callback().
Here is the call graph for this function:
| static int add_packet_to_send | ( | nuauth_session_t * | session, | |
| conn_t ** | auth, | |||
| int * | count_p, | |||
| conn_t * | bucket | |||
| ) | [static] |
Definition at line 229 of file internal.c.
References CONN_MAX, send_user_pckt(), and session.
Referenced by compare().
Here is the call graph for this function:
| void ask_session_end | ( | nuauth_session_t * | session | ) |
Definition at line 637 of file internal.c.
References nuauth_session::connected, nuauth_session::nussl, nussl_session_destroy(), and session.
Referenced by nu_client_check(), nu_client_delete(), nu_client_real_check(), nu_client_reset(), and recv_message().
Here is the call graph for this function:
| int compare | ( | nuauth_session_t * | session, | |
| conntable_t * | old, | |||
| conntable_t * | new, | |||
| nuclient_error_t * | err | |||
| ) |
Compare connection tables and send packets.
Compare the `old' and `new' tables, sending packet to nuauth if differences are found.
Definition at line 264 of file internal.c.
References add_packet_to_send(), CONN_MAX, CONNTABLE_BUCKETS, conn_type::createtime, DEBUG, conn_type::next, conn_type::retransmit, session, tcptable_find(), and UDP_TIMEOUT.
Referenced by nu_client_real_check().
Here is the call graph for this function:
| void do_panic | ( | const char * | filename, | |
| unsigned long | line, | |||
| const char * | fmt, | |||
| ... | ||||
| ) |
Display an error message, prefixed by "Fatal error: ", and then exit the program. If filename is not NULL and line different than zero, also prefix the message with them.
Example: "checks.c:45:Fatal error: Message ..."
Definition at line 52 of file internal.c.
| nu_error_t increase_refresh_delay | ( | nuauth_session_t * | session | ) |
Definition at line 124 of file checks.c.
References nuauth_session::max_sleep_delay, NU_EXIT_OK, session, and nuauth_session::sleep_delay.
Referenced by nu_client_check().
| int init_sasl | ( | nuauth_session_t * | session, | |
| const char * | hostname, | |||
| nuclient_error_t * | err | |||
| ) |
Initialize SASL: create an client, set properties and then call mysasl_negotiate()
| session | Pointer to client session | |
| hostname | Name (FQDN) of the Nuauth server | |
| err | Pointer to a nuclient_error_t: which contains the error |
Definition at line 539 of file internal.c.
References DEFAULT_KRB5_REALM, err, nuauth_session::krb5_service, mysasl_negotiate(), nu_get_userdatas(), nu_get_usersecret(), nuauth_session::nussl, NUSSL_ERR, nussl_write(), SASL_ERROR, session, SET_ERROR, nuauth_session::username, nuauth_session::username_callback, and nuauth_session::verbose.
Referenced by nu_client_connect().
Here is the call graph for this function:
| int mysasl_negotiate | ( | nuauth_session_t * | session, | |
| sasl_conn_t * | conn, | |||
| nuclient_error_t * | err | |||
| ) |
Definition at line 132 of file internal.c.
References err, samp_recv(), samp_send(), SASL_ERROR, session, SET_ERROR, and nuauth_session::verbose.
Referenced by init_sasl(), and sasl_user_check().
Here is the call graph for this function:
| int nu_client_real_check | ( | nuauth_session_t * | session, | |
| nuclient_error_t * | err | |||
| ) |
Function that check connections table and send authentication packets:
Definition at line 250 of file checks.c.
References ask_session_end(), compare(), nuauth_session::ct, nuauth_session::debug_mode, err, INTERNAL_ERROR, MEMORY_ERR, reset_refresh_delay(), session, SET_ERROR, TCPTABLE_ERR, tcptable_free(), tcptable_init(), and tcptable_read().
Referenced by nu_client_check(), and recv_message().
Here is the call graph for this function:
| int nu_client_set_ca | ( | nuauth_session_t * | session, | |
| char * | cafile, | |||
| nuclient_error_t * | err | |||
| ) |
Definition at line 232 of file libnuclient.c.
References nuauth_session::pem_ca, and session.
Referenced by do_connect().
| int nu_client_set_key | ( | nuauth_session_t * | session, | |
| char * | keyfile, | |||
| char * | certfile, | |||
| nuclient_error_t * | err | |||
| ) |
Definition at line 209 of file libnuclient.c.
References nuauth_session::pem_cert, nuauth_session::pem_key, and session.
Referenced by do_connect().
| int nu_client_set_pkcs12 | ( | nuauth_session_t * | session, | |
| char * | key_file, | |||
| char * | key_password, | |||
| nuclient_error_t * | err | |||
| ) |
Definition at line 243 of file libnuclient.c.
References nuauth_session::pkcs12_file, nuauth_session::pkcs12_password, and session.
Referenced by do_connect().
| char* nu_client_to_utf8 | ( | const char * | inbuf, | |
| char * | from_charset | |||
| ) |
Convert a locale in locale charset to Unicode charset using UTF-8 encoding. Maximum length of output buffer is four times of inbuf length.
| inbuf | Input buffer written in locale charset | |
| from_charset | Target charset |
Definition at line 44 of file iconv.c.
References nu_assert, and panic.
Referenced by nu_client_set_password(), nu_client_set_username(), nu_get_userdatas(), nu_get_usersecret(), and nufw_client_func().
| void nu_exit_clean | ( | nuauth_session_t * | session | ) |
Definition at line 58 of file libnuclient.c.
References nuauth_session::ct, nuauth_session::nussl, nussl_session_destroy(), nuauth_session::password, secure_str_free, session, tcptable_free(), and nuauth_session::username.
Referenced by _nu_client_new(), and nu_client_delete().
Here is the call graph for this function:
| static int nu_get_userdatas | ( | void *context | __attribute__((unused)), | |
| int | id, | |||
| const char ** | result, | |||
| unsigned * | len | |||
| ) | [static] |
Definition at line 491 of file internal.c.
References nu_client_to_utf8(), nu_locale_charset, session, nuauth_session::username, and nuauth_session::username_callback.
Referenced by init_sasl().
Here is the call graph for this function:
| static int nu_get_usersecret | ( | sasl_conn_t *conn | __attribute__((unused)), | |
| void *context | __attribute__((unused)), | |||
| int | id, | |||
| sasl_secret_t ** | psecret | |||
| ) | [static] |
SASL callback used to get password
Definition at line 449 of file internal.c.
References nu_client_to_utf8(), nu_locale_charset, nuauth_session::passwd_callback, nuauth_session::password, SECURE_STRNCPY, session, and nuauth_session::verbose.
Referenced by init_sasl().
Here is the call graph for this function:
| nu_error_t recv_message | ( | nuauth_session_t * | session, | |
| nuclient_error_t * | err | |||
| ) |
Thread waiting for nuauth message to do client tasks
Message from nuauth :
Definition at line 46 of file checks.c.
References ask_session_end(), nuauth_session::debug_mode, err, HELLO_FIELD, nu_authfield_hello::helloid, INTERNAL_ERROR, nu_header::length, nu_authfield_hello::length, nu_header::msg_type, NO_ERR, nu_client_real_check(), NU_EXIT_CONTINUE, NU_EXIT_ERROR, NU_EXIT_OK, nuauth_session::nussl, nussl_read(), NUSSL_SOCK_TIMEOUT, nussl_write(), nu_header::option, nu_authfield_hello::option, nu_authreq::packet_length, nu_authreq::packet_seq, nuauth_session::packet_seq, nu_header::proto, PROTO_VERSION, session, SESSION_NOT_CONNECTED_ERR, SET_ERROR, SRV_REQUIRED_HELLO, SRV_REQUIRED_PACKET, nu_authfield_hello::type, and USER_REQUEST.
Referenced by nu_client_check().
Here is the call graph for this function:
| nu_error_t reset_refresh_delay | ( | nuauth_session_t * | session | ) |
Definition at line 140 of file checks.c.
References nuauth_session::min_sleep_delay, NU_EXIT_OK, session, and nuauth_session::sleep_delay.
Referenced by nu_client_real_check().
| static unsigned samp_recv | ( | nuauth_session_t * | session, | |
| char * | buf, | |||
| int | bufsize, | |||
| nuclient_error_t * | err | |||
| ) | [static] |
Definition at line 105 of file internal.c.
References err, nuauth_session::nussl, NUSSL_ERR, nussl_read(), SASL_ERROR, session, and SET_ERROR.
Referenced by mysasl_negotiate().
Here is the call graph for this function:
| static int samp_send | ( | nuauth_session_t * | session, | |
| const char * | buffer, | |||
| unsigned | length, | |||
| nuclient_error_t * | err | |||
| ) | [static] |
Definition at line 70 of file internal.c.
References err, INTERNAL_ERROR, MEMORY_ERR, nuauth_session::nussl, NUSSL_ERR, nussl_write(), SASL_ERROR, session, and SET_ERROR.
Referenced by mysasl_negotiate().
Here is the call graph for this function:
| char* secure_str_copy | ( | const char * | orig | ) |
Make a copy in a string in a secure memory buffer, ie. buffer never moved to swap (hard drive). Use secure_str_free() to free the memory when you don't need the string anymore.
If USE_GCRYPT_MALLOC_SECURE compilation option in not set, strdup() is used.
Definition at line 623 of file internal.c.
References SECURE_STRNCPY.
Referenced by nu_client_new(), nu_client_set_password(), and nu_client_set_username().
| int send_hello_pckt | ( | nuauth_session_t * | session | ) |
Definition at line 40 of file sending.c.
References nu_header::length, nu_header::msg_type, nuauth_session::nussl, nussl_write(), nu_header::option, nu_header::proto, PROTO_VERSION, session, and USER_HELLO.
Referenced by nu_client_check().
Here is the call graph for this function:
| int send_os | ( | nuauth_session_t * | session, | |
| nuclient_error_t * | err | |||
| ) |
Create the operating system packet and send it to nuauth. Packet is in format nuv2_authfield.
| session | Pointer to client session | |
| err | Pointer to a nuclient_error_t: which contains the error |
Definition at line 353 of file internal.c.
References err, nu_authfield::length, nuauth_session::nussl, NUSSL_ERR, nussl_read(), nussl_write(), nu_authfield::option, OS_FIELD, OS_SRV, secure_snprintf(), nuauth_session::server_mode, session, SET_ERROR, SRV_TYPE, SRV_TYPE_POLL, nu_authfield::type, and nuauth_session::verbose.
Referenced by nu_client_connect().
Here is the call graph for this function:
| int send_user_pckt | ( | nuauth_session_t * | session, | |
| conn_t * | carray[CONN_MAX] | |||
| ) |
Send connections to nuauth: between 1 and CONN_MAX connections in a big packet of format: [ nu_header + nu_authfield_ipv6 * N ]
Definition at line 83 of file sending.c.
References APP_FIELD, APP_TYPE_NAME, APP_TYPE_SHA1, DEBUG, nuauth_session::debug_mode, IPV6_FIELD, nu_header::length, nu_authfield_app::length, nu_header::msg_type, nuauth_session::nussl, nussl_write(), nu_header::option, nu_authfield_app::option, nu_authreq::packet_seq, nuauth_session::packet_seq, PACKET_SIZE, PROGNAME_BASE64_WIDTH, nu_header::proto, PROTO_VERSION, session, nuauth_session::timestamp_last_sent, nu_authfield_ipv6::type, nu_authfield_app::type, and USER_REQUEST.
Referenced by add_packet_to_send().
Here is the call graph for this function:
| void tcptable_add | ( | conntable_t * | ct, | |
| conn_t * | c | |||
| ) |
Add a connection entry to a connection table.
Definition at line 361 of file tcptable.c.
References conntable_t::buckets, conn_type::createtime, conn_type::next, panic, and tcptable_hash().
Referenced by tcptable_read().
Here is the call graph for this function:
| conn_t* tcptable_find | ( | conntable_t * | ct, | |
| conn_t * | c | |||
| ) |
Find a connection in a table.
Definition at line 388 of file tcptable.c.
References conntable_t::buckets, conn_type::ip_dst, conn_type::ip_src, ipv6_equal(), conn_type::next, conn_type::port_dst, conn_type::port_src, conn_type::protocol, and tcptable_hash().
Referenced by compare().
Here is the call graph for this function:
| void tcptable_free | ( | conntable_t * | ct | ) |
Destroy a connection table (free memory).
Definition at line 414 of file tcptable.c.
References conntable_t::buckets, CONNTABLE_BUCKETS, and conn_type::next.
Referenced by nu_client_real_check(), and nu_exit_clean().
| int tcptable_hash | ( | conn_t * | c | ) |
Compute connection hash (index in a connection table, see conntable_t). Hash is an integer in interval 0..(CONNTABLE_BUCKETS-1).
Definition at line 342 of file tcptable.c.
References CONNTABLE_BUCKETS, conn_type::ip_dst, conn_type::ip_src, conn_type::port_dst, and conn_type::port_src.
Referenced by tcptable_add(), and tcptable_find().
| int tcptable_init | ( | conntable_t ** | ct | ) |
Create a connection table: allocate memory with zero bytes, and init. each list with NULL pointer.
Definition at line 323 of file tcptable.c.
References CONNTABLE_BUCKETS.
Referenced by _nu_client_new(), and nu_client_real_check().
| int tcptable_read | ( | nuauth_session_t * | session, | |
| conntable_t * | ct | |||
| ) |
On Linux: Parse connection table /proc/net/tcp and /proc/net/udp to get connections in state "SYN sent" from session user.
On FreeBSD: Use sysctl with "net.inet.tcp.pcblist" to get the connection table. Add connections to the our table using tcptable_add().
Definition at line 205 of file tcptable.c.
References conn_type::ip_dst, conn_type::ip_src, conn_type::port_dst, conn_type::port_src, conn_type::protocol, session, tcptable_add(), and uint32_to_ipv6().
Referenced by nu_client_real_check().
Here is the call graph for this function:
1.4.7