| /* |
| |
| kHTTPd -- the next generation |
| |
| Permissions/Security functions |
| |
| */ |
| |
| /**************************************************************** |
| * This program is free software; you can redistribute it and/or modify |
| * it under the terms of the GNU General Public License as published by |
| * the Free Software Foundation; either version 2, or (at your option) |
| * any later version. |
| * |
| * This program is distributed in the hope that it will be useful, |
| * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| * GNU General Public License for more details. |
| * |
| * You should have received a copy of the GNU General Public License |
| * along with this program; if not, write to the Free Software |
| * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
| * |
| ****************************************************************/ |
| |
| |
| #include <linux/kernel.h> |
| |
| #include <linux/errno.h> |
| #include <linux/slab.h> |
| #include <linux/net.h> |
| #include <linux/sched.h> |
| #include <linux/skbuff.h> |
| #include <linux/smp_lock.h> |
| #include <linux/un.h> |
| #include <linux/unistd.h> |
| |
| #include <net/ip.h> |
| #include <net/sock.h> |
| #include <net/tcp.h> |
| |
| #include <asm/atomic.h> |
| #include <asm/semaphore.h> |
| #include <asm/processor.h> |
| #include <asm/uaccess.h> |
| |
| #include <linux/file.h> |
| |
| #include "sysctl.h" |
| #include "security.h" |
| #include "prototypes.h" |
| |
| /* |
| |
| The basic security function answers "Userspace" when any one of the following |
| conditions is met: |
| |
| 1) The filename contains a "?" (this is before % decoding, all others are |
| after % decoding) |
| 2) The filename doesn't start with a "/" |
| 3) The file does not exist |
| 4) The file does not have enough permissions |
| (sysctl-configurable, default = worldreadble) |
| 5) The file has any of the "forbidden" permissions |
| (sysctl-configurable, default = execute, directory and sticky) |
| 6) The filename contains a string as defined in the "Dynamic" list. |
| |
| */ |
| |
| |
| /* Prototypes */ |
| |
| static void DecodeHexChars(char *URL); |
| static struct DynamicString *DynamicList=NULL; |
| |
| |
| |
| /* |
| |
| The function "OpenFileForSecurity" returns either the "struct file" pointer |
| of the file, or NULL. NULL means "let userspace handle it". |
| |
| */ |
| struct file *OpenFileForSecurity(char *Filename) |
| { |
| struct file *filp = NULL; |
| struct DynamicString *List; |
| umode_t permission; |
| |
| EnterFunction("OpenFileForSecurity"); |
| if (Filename==NULL) |
| goto out_error; |
| |
| if (strlen(Filename)>=256 ) |
| goto out_error; /* Sanity check */ |
| |
| /* Rule no. 1 -- No "?" characters */ |
| #ifndef BENCHMARK |
| if (strchr(Filename,'?')!=NULL) |
| goto out_error; |
| |
| /* Intermediate step: decode all %hex sequences */ |
| |
| DecodeHexChars(Filename); |
| |
| /* Rule no. 2 -- Must start with a "/" */ |
| |
| if (Filename[0]!='/') |
| goto out_error; |
| |
| #endif |
| /* Rule no. 3 -- Does the file exist ? */ |
| |
| filp = filp_open(Filename, O_RDONLY, 0); |
| |
| if (IS_ERR(filp)) |
| goto out_error; |
| |
| #ifndef BENCHMARK |
| permission = filp->f_dentry->d_inode->i_mode; |
| |
| /* Rule no. 4 : must have enough permissions */ |
| |
| if ((permission & sysctl_khttpd_permreq)==0) |
| goto out_error_put; |
| |
| /* Rule no. 5 : cannot have "forbidden" permission */ |
| |
| if ((permission & sysctl_khttpd_permforbid)!=0) |
| goto out_error_put; |
| |
| /* Rule no. 6 : No string in DynamicList can be a |
| substring of the filename */ |
| |
| List = DynamicList; |
| while (List!=NULL) |
| { |
| if (strstr(Filename,List->value)!=NULL) |
| goto out_error_put; |
| |
| List = List->Next; |
| } |
| |
| #endif |
| LeaveFunction("OpenFileForSecurity - success"); |
| out: |
| return filp; |
| |
| out_error_put: |
| fput(filp); |
| out_error: |
| filp=NULL; |
| LeaveFunction("OpenFileForSecurity - fail"); |
| goto out; |
| } |
| |
| /* |
| |
| DecodeHexChars does the actual %HEX decoding, in place. |
| In place is possible because strings only get shorter by this. |
| |
| */ |
| static void DecodeHexChars(char *URL) |
| { |
| char *Source,*Dest; |
| int val,val2; |
| |
| EnterFunction("DecodeHexChars"); |
| |
| Source = strchr(URL,'%'); |
| |
| if (Source==NULL) |
| return; |
| |
| Dest = Source; |
| |
| while (*Source!=0) |
| { |
| if (*Source=='%') |
| { |
| Source++; |
| val = *Source; |
| |
| if (val>'Z') val-=0x20; |
| val = val - '0'; |
| if (val<0) val=0; |
| if (val>9) val-=7; |
| if (val>15) val=15; |
| |
| Source++; |
| |
| val2 = *Source; |
| |
| if (val2>'Z') val2-=0x20; |
| val2 = val2 - '0'; |
| if (val2<0) val2=0; |
| if (val2>9) val2-=7; |
| if (val2>15) val2=15; |
| |
| *Dest=val*16+val2; |
| } else *Dest = *Source; |
| Dest++; |
| Source++; |
| } |
| *Dest=0; |
| |
| LeaveFunction("DecodeHexChars"); |
| } |
| |
| |
| void AddDynamicString(const char *String) |
| { |
| struct DynamicString *Temp; |
| |
| EnterFunction("AddDynamicString"); |
| |
| Temp = (struct DynamicString*)kmalloc(sizeof(struct DynamicString),(int)GFP_KERNEL); |
| |
| if (Temp==NULL) |
| return; |
| |
| memset(Temp->value,0,sizeof(Temp->value)); |
| strncpy(Temp->value,String,sizeof(Temp->value)-1); |
| |
| Temp->Next = DynamicList; |
| DynamicList = Temp; |
| |
| LeaveFunction("AddDynamicString"); |
| } |
| |
| void GetSecureString(char *String) |
| { |
| struct DynamicString *Temp; |
| int max; |
| |
| EnterFunction("GetSecureString"); |
| |
| *String = 0; |
| |
| memset(String,0,255); |
| |
| strncpy(String,"Dynamic strings are : -",255); |
| Temp = DynamicList; |
| while (Temp!=NULL) |
| { |
| max=253 - strlen(String) - strlen(Temp->value); |
| strncat(String,Temp->value,max); |
| max=253 - strlen(String) - 3; |
| strncat(String,"- -",max); |
| Temp = Temp->Next; |
| } |
| |
| LeaveFunction("GetSecureString"); |
| } |
