remove annoying extra newlines in syslog messages; scrub code visited till shiny(er). Reference: /n/sources/patch/applied/secstore-scrub Date: Thu Aug 30 05:01:55 CES 2007 Signed-off-by: quanstro@quanstro.net --- /sys/src/cmd/auth/secstore/secstored.c Thu Aug 30 04:59:25 2007 +++ /sys/src/cmd/auth/secstore/secstored.c Thu Aug 30 04:59:24 2007 @@ -70,14 +70,14 @@ snprint(s, Maxmsg, "%s/store/%s/%s", SECSTORE_DIR, id, gf); gd = open(s, OREAD); if(gd < 0){ - syslog(0, LOG, "can't open %s: %r\n", s); + syslog(0, LOG, "can't open %s: %r", s); free(s); conn->write(conn, (uchar*)"-1", 2); return -1; } st = dirfstat(gd); if(st == nil){ - syslog(0, LOG, "can't stat %s: %r\n", s); + syslog(0, LOG, "can't stat %s: %r", s); free(s); conn->write(conn, (uchar*)"-1", 2); return -1; @@ -86,13 +86,13 @@ len = st->length; free(st); if(mode & DMDIR) { - syslog(0, LOG, "%s should be a plain file, not a directory\n", s); + syslog(0, LOG, "%s should be a plain file, not a directory", s); free(s); conn->write(conn, (uchar*)"-1", 2); return -1; } if(len < 0 || len > MAXFILESIZE){ - syslog(0, LOG, "implausible filesize %d for %s\n", len, gf); + syslog(0, LOG, "implausible filesize %d for %s", len, gf); free(s); conn->write(conn, (uchar*)"-3", 2); return -1; @@ -104,7 +104,7 @@ while(len > 0){ n = read(gd, s, Maxmsg); if(n <= 0){ - syslog(0, LOG, "read error on %s: %r\n", gf); + syslog(0, LOG, "read error on %s: %r", gf); free(s); return -1; } @@ -126,23 +126,18 @@ /* get file size */ n = readstr(conn, s); if(n < 0){ - syslog(0, LOG, "remote: %s: %r\n", s); + syslog(0, LOG, "remote: %s: %r", s); return -1; } len = atoi(s); if(len == -1){ - syslog(0, LOG, "remote file %s does not exist\n", pf); + syslog(0, LOG, "remote file %s does not exist", pf); return -1; }else if(len < 0 || len > MAXFILESIZE){ - syslog(0, LOG, "implausible filesize %ld for %s\n", len, pf); + syslog(0, LOG, "implausible filesize %ld for %s", len, pf); return -1; } - /* get file in Maxmsg chunks */ - if(strchr(pf,'/') != nil || strcmp(pf,"..")==0){ - syslog(0, LOG, "no slashes allowed: %s\n", pf); - return -1; - } snprint(s, Maxmsg, "%s/store/%s/%s", SECSTORE_DIR, id, pf); pd = create(s, OWRITE, 0660); if(pd < 0){ @@ -152,7 +147,7 @@ while(len > 0){ n = conn->read(conn, (uchar*)s, Maxmsg); if(n <= 0){ - syslog(0, LOG, "empty file chunk\n"); + syslog(0, LOG, "empty file chunk"); return -1; } nw = write(pd, s, n); @@ -222,7 +217,7 @@ dologin(int fd, char *S, int forceSTA) { int i, n, rv; - char *file, *mess; + char *file, *mess, *nl; char msg[Maxmsg+1]; PW *pw; SConn *conn; @@ -262,6 +257,8 @@ // perform operations as asked while((n = readstr(conn, msg)) > 0){ + if(nl = strchr(msg, '\n')) + *nl = 0; syslog(0, LOG, "[%s] %s", pw->id, msg); if(strncmp(msg, "GET ", 4) == 0){ @@ -306,7 +303,7 @@ } if(n <= 0) - syslog(0, LOG, "%s closed connection without saying goodbye\n", pw->id); + syslog(0, LOG, "%s closed connection without saying goodbye", pw->id); Out: freePW(pw); --- /sys/src/cmd/auth/secstore/util.c Thu Aug 30 04:59:34 2007 +++ /sys/src/cmd/auth/secstore/util.c Thu Aug 30 04:59:32 2007 @@ -86,19 +86,27 @@ } } +static char * +illegal(char *f) +{ + syslog(0, LOG, "illegal name: %s", f); + return nil; +} + char * validatefile(char *f) { - char *nl; + char *p; if(f==nil || *f==0) return nil; - if(nl = strchr(f, '\n')) - *nl = 0; - if(strchr(f,'/') != nil || strcmp(f,"..")==0 || strlen(f) >= 300){ - syslog(0, LOG, "no slashes allowed: %s\n", f); - return nil; - } + if(strcmp(f,"..")==0) + return illegal(f); + if(strlen(f)>= 50) + return illegal(f); + for(p=f; *p; p++) + if(*p<040 || *p=='/') + return illegal(f); return f; } --- /sys/src/cmd/auth/secstore/secstore.c Thu Aug 30 04:59:42 2007 +++ /sys/src/cmd/auth/secstore/secstore.c Thu Aug 30 04:59:40 2007 @@ -35,13 +35,9 @@ AESstate aes; DigestState *sha; - if(strchr(gf, '/') != nil){ - fprint(2, "secstore: simple filenames, not paths like %s\n", gf); - return -1; - } memset(&aes, 0, sizeof aes); - snprint(s, Maxmsg, "GET %s\n", gf); + snprint(s, Maxmsg, "GET %s", gf); conn->write(conn, (uchar*)s, strlen(s)); /* get file size */ @@ -167,7 +163,7 @@ setupAESstate(&aes, skey, AESbsize, IV); memset(skey, 0, sizeof skey); - snprint(s, Maxmsg, "PUT %s\n", pf); + snprint(s, Maxmsg, "PUT %s", pf); conn->write(conn, (uchar*)s, strlen(s)); if(buf == nil){ @@ -242,7 +238,7 @@ return -1; } - snprint(buf, Maxmsg, "RM %s\n", rf); + snprint(buf, Maxmsg, "RM %s", rf); conn->write(conn, (uchar*)buf, strlen(buf)); return 0; --- /sys/src/cmd/auth/secstore/secstore.h Thu Aug 30 04:59:50 2007 +++ /sys/src/cmd/auth/secstore/secstore.h Thu Aug 30 04:59:49 2007 @@ -1,31 +1,36 @@ -enum{ MAXFILESIZE = 10*1024*1024 }; +enum{ + MAXFILESIZE = 10*1024*1024, +}; -enum{// PW status bits - Enabled = (1<<0), - STA = (1<<1), // extra SecurID step +/* PW status bits */ +enum{ + Enabled = 1<<0, + STA = 1<<1, /* extra SecurID step */ }; -typedef struct PW { - char *id; // user id - ulong expire; // expiration time (epoch seconds) - ushort status; // Enabled, STA, ... - ushort failed; // number of failed login attempts - char *other; // other information, e.g. sponsor - mpint *Hi; // H(passphrase)^-1 mod p -} PW; +typedef struct PW{ + char *id; /* user id */ + ulong expire; /* expiration time (epoch seconds) */ + ushort status; /* Enabled, STA, ... */ + ushort failed; /* number of failed login attempts */ + char *other; /* other information, e.g. sponsor */ + mpint *Hi; /* H(passphrase)^-1 mod p */ +}PW; -PW *getPW(char *, int); -int putPW(PW *); -void freePW(PW *); -char* getpassm(char*); -char *validatefile(char *f); +PW *getPW(char*, int); +int putPW(PW*); +void freePW(PW*); +char *getpassm(char*); +char *validatefile(char*f); -// *client: SConn, client name, passphrase -// *server: SConn, (partial) 1st msg, PW entry -// *setpass: Username, hashed passphrase, PW entry -int PAKclient(SConn *, char *, char *, char **); -int PAKserver(SConn *, char *, char *, PW **); -char *PAK_Hi(char *, char *, mpint *, mpint *); +/* + * *client: SConn, client name, passphrase + * *server: SConn, (partial) 1st msg, PW entry + * *setpass: Username, hashed passphrase, PW entry +*/ +int PAKclient(SConn*, char*, char*, char**); +int PAKserver(SConn*, char*, char*, PW**); +char* PAK_Hi(char*, char*, mpint*, mpint*); #define LOG "secstore" #define SECSTORE_DIR "/adm/secstore" --- /sys/src/cmd/auth/secstore/SConn.h Thu Aug 30 05:00:00 2007 +++ /sys/src/cmd/auth/secstore/SConn.h Thu Aug 30 04:59:58 2007 @@ -1,26 +1,35 @@ -// delimited, authenticated, encrypted connection -enum{ Maxmsg=4096 }; // messages > Maxmsg bytes are truncated +/* delimited, authenticated, encrypted connection */ +enum{ + Maxmsg = 4096, /* messages > Maxmsg bytes are truncated */ +}; typedef struct SConn SConn; -extern SConn* newSConn(int); // arg is open file descriptor -struct SConn{ - void *chan; - int secretlen; - int (*secret)(SConn*, uchar*, int);// - int (*read)(SConn*, uchar*, int); // <0 if error; errmess in buffer - int (*write)(SConn*, uchar*, int); - void (*free)(SConn*); // also closes file descriptor -}; -// secret(s,b,dir) sets secret for digest, encrypt, using the secretlen -// bytes in b to form keys for the two directions; -// set dir=0 in client, dir=1 in server +typedef struct{ + void *chan; + int secretlen; + int (*secret)(SConn*, uchar*, int); + int (*read)(SConn*, uchar*, int); /* <0 if error; errmess in buffer */ + int (*write)(SConn*, uchar*, int); + void (*free)(SConn*); /* also closes file descriptor */ +}SConn; +SConn *newSConn(int); /* arg is open file descriptor */ + +/* + * secret(s,b,dir) sets secret for digest, encrypt, using the secretlen + * bytes in b to form keys for the two directions; + * set dir=0 in client, dir=1 in server + */ + +/* error convention: write !message in-band */ +void writerr(SConn*, char*); -// error convention: write !message in-band -extern void writerr(SConn*, char*); -extern int readstr(SConn*, char*); // call with buf of size Maxmsg+1 - // returns -1 upon error, with error message in buf +/* + * returns -1 upon error, with error message in buf + * call with buf of size Maxmsg+1 + */ +int readstr(SConn*, char*); -extern void *emalloc(ulong); /* dies on failure; clears memory */ -extern void *erealloc(void *, ulong); -extern char *estrdup(char *); +void *emalloc(ulong); /* dies on failure; clears memory */ +void *erealloc(void*, ulong); +char *estrdup(char*);