Merge pull request #6 from walterdejong/master

cleanup stuff

8 files changed, 109 insertions, 72 deletions

diff --git a/libtac/include/libtac.h b/libtac/include/libtac.h
index 6ede892..aad4cbf 100644
--- a/libtac/include/libtac.h
+++ b/libtac/include/libtac.h
@@ -79,7 +79,7 @@ struct areply {
 };
 
 #ifndef TAC_PLUS_MAXSERVERS		
-#define TAC_PLUS_MAXSERVERS 4
+#define TAC_PLUS_MAXSERVERS 8
 #endif
 
 #ifndef TAC_PLUS_PORT
@@ -113,8 +113,8 @@ extern int tac_ver_patch;
 /* header.c */
 extern int session_id;
 extern int tac_encryption;
-extern char *tac_secret;
-extern char *tac_login;
+extern const char *tac_secret;
+extern char tac_login[64];
 extern int tac_priv_lvl;
 extern int tac_authen_method;
 extern int tac_authen_service;
@@ -124,32 +124,37 @@ extern int tac_readtimeout_enable;
 
 /* connect.c */
 extern int tac_timeout;
-extern int tac_connect(struct addrinfo **server, char **key, int servers);
-extern int tac_connect_single(struct addrinfo *server, char *key);
-extern char *tac_ntop(const struct sockaddr *sa, size_t ai_addrlen);
-
-extern int tac_authen_send(int fd, const char *user, char *pass, char *tty,
-    char *r_addr);
-extern int tac_authen_read(int fd);
-extern int tac_cont_send(int fd, char *pass);
-extern HDR *_tac_req_header(u_char type, int cont_session);
-extern void _tac_crypt(u_char *buf, HDR *th, int length);
-extern u_char *_tac_md5_pad(int len, HDR *hdr);
-extern void tac_add_attrib(struct tac_attrib **attr, char *name, char *value);
-extern void tac_free_attrib(struct tac_attrib **attr);
-extern char *tac_acct_flag2str(int flag);
-extern int tac_acct_send(int fd, int type, const char *user, char *tty, char *r_addr,
-    struct tac_attrib *attr);
-extern int tac_acct_read(int fd, struct areply *arep);
-extern void *xcalloc(size_t nmemb, size_t size);
-extern void *xrealloc(void *ptr, size_t size);
-extern char *_tac_check_header(HDR *th, int type);
-extern int tac_author_send(int fd, const char *user, char *tty, char *r_addr,
-    struct tac_attrib *attr);
-extern int tac_author_read(int fd, struct areply *arep);
-extern void tac_add_attrib_pair(struct tac_attrib **attr, char *name, char sep,
-    char *value);
-extern int tac_read_wait(int fd, int timeout, int size, int *time_left);
+
+int tac_connect(struct addrinfo **, char **, int);
+int tac_connect_single(struct addrinfo *, const char *);
+char *tac_ntop(const struct sockaddr *);
+
+int tac_authen_send(int, const char *, char *, char *,
+    char *);
+int tac_authen_read(int);
+int tac_cont_send(int, char *);
+HDR *_tac_req_header(u_char, int);
+void _tac_crypt(u_char *, HDR *, int);
+u_char *_tac_md5_pad(int, HDR *);
+void tac_add_attrib(struct tac_attrib **, char *, char *);
+void tac_free_attrib(struct tac_attrib **);
+char *tac_acct_flag2str(int);
+int tac_acct_send(int, int, const char *, char *, char *,
+    struct tac_attrib *);
+int tac_acct_read(int, struct areply *);
+void *xcalloc(size_t, size_t);
+void *xrealloc(void *, size_t);
+char *xstrcpy(char *, const char *, size_t);
+char *_tac_check_header(HDR *, int);
+int tac_author_send(int, const char *, char *, char *,
+    struct tac_attrib *);
+int tac_author_read(int, struct areply *);
+void tac_add_attrib_pair(struct tac_attrib **, char *, char,
+    char *);
+int tac_read_wait(int, int, int, int *);
+
+/* magic.c */
+u_int32_t magic(void);
 
 #ifdef __cplusplus
 }
diff --git a/libtac/lib/acct_s.c b/libtac/lib/acct_s.c
index 200dd62..929378a 100644
--- a/libtac/lib/acct_s.c
+++ b/libtac/lib/acct_s.c
@@ -78,7 +78,7 @@ int tac_acct_send(int fd, int type, const char *user, char *tty,
     tb.flags=(u_char) type;
     tb.authen_method=tac_authen_method;
     tb.priv_lvl=tac_priv_lvl;
-    if (tac_login == NULL) {
+    if (tac_login == NULL || !*tac_login) {
         /* default to PAP */
         tb.authen_type = TAC_PLUS_AUTHEN_TYPE_PAP;
     } else {
diff --git a/libtac/lib/authen_s.c b/libtac/lib/authen_s.c
index 8cb7cb9..87dcb74 100644
--- a/libtac/lib/authen_s.c
+++ b/libtac/lib/authen_s.c
@@ -51,7 +51,7 @@ int tac_authen_send(int fd, const char *user, char *pass, char *tty,
     th=_tac_req_header(TAC_PLUS_AUTHEN, 0);
 
     /* set some header options */
-    if ((tac_login != NULL) && (strcmp(tac_login,"login") == 0)) {
+    if (tac_login != NULL && !strcmp(tac_login,"login")) {
         th->version = TAC_PLUS_VER_0;
     } else {
         th->version = TAC_PLUS_VER_1;
@@ -62,7 +62,7 @@ int tac_authen_send(int fd, const char *user, char *pass, char *tty,
         __FUNCTION__, user, tty, r_addr, \
         (tac_encryption) ? "yes" : "no"))        
         
-    if ((tac_login != NULL) && (strcmp(tac_login,"chap") == 0)) {
+    if (tac_login != NULL && !strcmp(tac_login,"chap")) {
         chal_len = strlen(chal);
         mdp_len = sizeof(u_char) + strlen(pass) + chal_len;
         mdp = (u_char *) xcalloc(1, mdp_len);
@@ -90,13 +90,13 @@ int tac_authen_send(int fd, const char *user, char *pass, char *tty,
     /* fill the body of message */
     tb.action = TAC_PLUS_AUTHEN_LOGIN;
     tb.priv_lvl = tac_priv_lvl;
-    if (tac_login == NULL) {
+    if (tac_login == NULL || !*tac_login) {
         /* default to PAP */
         tb.authen_type = TAC_PLUS_AUTHEN_TYPE_PAP;
     } else {
-        if (strcmp(tac_login,"chap") == 0) {
+        if (!strcmp(tac_login,"chap")) {
             tb.authen_type = TAC_PLUS_AUTHEN_TYPE_CHAP;
-        } else if (strcmp(tac_login,"login") == 0) {
+        } else if (!strcmp(tac_login,"login")) {
             tb.authen_type = TAC_PLUS_AUTHEN_TYPE_ASCII;
         } else {
             tb.authen_type = TAC_PLUS_AUTHEN_TYPE_PAP;
diff --git a/libtac/lib/connect.c b/libtac/lib/connect.c
index 1844381..1226797 100644
--- a/libtac/lib/connect.c
+++ b/libtac/lib/connect.c
@@ -67,7 +67,7 @@ int tac_connect(struct addrinfo **server, char **key, int servers) {
  *   >= 0 : valid fd
  *   <  0 : error status code, see LIBTAC_STATUS_...
  */
-int tac_connect_single(struct addrinfo *server, char *key) {
+int tac_connect_single(struct addrinfo *server, const char *key) {
     int retval = LIBTAC_STATUS_CONN_ERR; /* default retval */
     int fd = -1;
     int flags, rc;
@@ -75,7 +75,7 @@ int tac_connect_single(struct addrinfo *server, char *key) {
     struct timeval tv;
     socklen_t len;
     struct sockaddr_storage addr;
-    char *ip = NULL;
+    char *ip;
 
     if(server == NULL) {
         TACSYSLOG((LOG_ERR, "%s: no TACACS+ server defined", __FUNCTION__))
@@ -83,7 +83,7 @@ int tac_connect_single(struct addrinfo *server, char *key) {
     }
 
     /* format server address into a string  for use in messages */
-    ip = tac_ntop(server->ai_addr, 0);
+    ip = tac_ntop(server->ai_addr);
 
     if((fd=socket(server->ai_family, server->ai_socktype, server->ai_protocol)) < 0) {
         TACSYSLOG((LOG_ERR,"%s: socket creation error", __FUNCTION__))
@@ -159,8 +159,6 @@ int tac_connect_single(struct addrinfo *server, char *key) {
         tac_secret = key;
     }
 
-    free(ip);
-
     /* if valid fd, but error experienced after open, close fd */
     if ( fd >= 0 && retval < 0 ) {
         close(fd);
@@ -174,29 +172,32 @@ int tac_connect_single(struct addrinfo *server, char *key) {
 
 /* return value:
  *   ptr to char* with format IP address
- *   must be freed by caller
+ *   warning: returns a static buffer
+ *   (which some ppl don't like, but it's robust and at last no more memory leaks)
  */
-char *tac_ntop(const struct sockaddr *sa, size_t unused) {
-    char portstr[7];
-    char *str = (char *) xcalloc(1, INET6_ADDRSTRLEN+sizeof(portstr));
+char *tac_ntop(const struct sockaddr *sa) {
+    static char server_address[INET6_ADDRSTRLEN+16];
 
     switch(sa->sa_family) {
         case AF_INET:
             inet_ntop(AF_INET, &(((struct sockaddr_in *)sa)->sin_addr),
-                str, INET_ADDRSTRLEN);
-            snprintf(portstr, sizeof(portstr), ":%hu", 
-            htons(((struct sockaddr_in *)sa)->sin_port));
-            strcat(str, portstr);
+                server_address, INET_ADDRSTRLEN);
+
+            snprintf(server_address + strlen(server_address), 14, ":%hu", 
+                htons(((struct sockaddr_in *)sa)->sin_port));
             break;
+
         case AF_INET6:
             inet_ntop(AF_INET6, &(((struct sockaddr_in6 *)sa)->sin6_addr),
-                str, INET6_ADDRSTRLEN);
-            snprintf(portstr, sizeof(portstr), ":%hu",
+                server_address, INET6_ADDRSTRLEN);
+
+            snprintf(server_address + strlen(server_address), 14, ":%hu",
                 htons(((struct sockaddr_in6 *)sa)->sin6_port));
-            strcat(str, portstr);
             break;
+
         default:
-            strncpy(str, "Unknown AF", INET6_ADDRSTRLEN);
+            strcpy(server_address, "Unknown AF");
     }
-    return str;
+    return server_address;
 } /* tac_ntop */
+
diff --git a/libtac/lib/header.c b/libtac/lib/header.c
index f361225..73c4f13 100644
--- a/libtac/lib/header.c
+++ b/libtac/lib/header.c
@@ -33,10 +33,11 @@ int session_id;
 int tac_encryption = 0;
 
 /* Pointer to TACACS+ shared secret string. */
-char *tac_secret = NULL;
+/* note: tac_secret will point to tacplus_server[i].key */
+const char *tac_secret = NULL;
 
-/* Pointer to TACACS+ shared login string. */
-char *tac_login = NULL; /* default is PAP */
+/* TACACS+ shared login string. */
+char tac_login[64]; /* default is PAP */
 
 /* priv_lvl */
 int tac_priv_lvl = TAC_PLUS_PRIV_LVL_MIN;
diff --git a/libtac/lib/magic.c b/libtac/lib/magic.c
index e813afc..6af5bb6 100644
--- a/libtac/lib/magic.c
+++ b/libtac/lib/magic.c
@@ -36,9 +36,10 @@ extern void srand48 __P((long));
 /* on Linux we use /dev/urandom as random numbers source 
    I find it really cool :) */
 int rfd = -1;	/* /dev/urandom */
-int magic_inited = 0;
 #endif
 
+static int magic_inited = 0;
+
 /*
  * magic_init - Initialize the magic number generator.
  *
@@ -52,8 +53,11 @@ magic_init()
     long seed;
     struct timeval t;
 
+    if (magic_inited)
+        return;
+
+/* FIXME this should be ifdef HAVE_DEV_URANDOM + test for /dev/urandom in configure */
 #ifdef __linux__
-    magic_inited = 1;
     rfd = open("/dev/urandom", O_RDONLY);
     if(rfd != -1) 
         return;
@@ -62,6 +66,8 @@ magic_init()
     gettimeofday(&t, NULL);
     seed = gethostid() ^ t.tv_sec ^ t.tv_usec ^ getpid();
     srand48(seed);
+
+    magic_inited = 1;
 }
 
 /*
@@ -70,21 +76,20 @@ magic_init()
 u_int32_t
 magic()
 {
+    magic_init();
+
 #ifdef __linux__
     u_int32_t ret = 0;
 
-    if (magic_inited == 0 )
-        magic_init();
-
-	if(rfd > -1) {
-            read(rfd, &ret, sizeof(ret));
-            return ret;
-        }
-	else
+    if(rfd > -1) {
+        if (read(rfd, &ret, sizeof(ret)) < sizeof(ret)) {
+            /* on read() error, fallback to other method */
             return (u_int32_t) mrand48();
-#else
-    return (u_int32_t) mrand48();
+        }
+        return ret;
+    }
 #endif
+    return (u_int32_t) mrand48();
 }
 
 #ifdef NO_DRAND48
diff --git a/libtac/lib/xalloc.c b/libtac/lib/xalloc.c
index ce34c44..3fddcfb 100644
--- a/libtac/lib/xalloc.c
+++ b/libtac/lib/xalloc.c
@@ -23,7 +23,7 @@
 #include "xalloc.h"
 
 void *xcalloc(size_t nmemb, size_t size) {
-    register void *val = calloc(nmemb, size);
+    void *val = calloc(nmemb, size);
     if(val == 0) {
         TACSYSLOG((LOG_ERR, "%s: calloc(%u,%u) failed", __FUNCTION__,\
             (unsigned) nmemb, (unsigned) size))
@@ -33,7 +33,7 @@ void *xcalloc(size_t nmemb, size_t size) {
 }
 
 void *xrealloc(void *ptr, size_t size) {
-    register void *val = realloc(ptr, size);
+    void *val = realloc(ptr, size);
     if(val == 0) {
         TACSYSLOG((LOG_ERR, "%s: realloc(%u) failed", __FUNCTION__, (unsigned) size))
         exit(1);
@@ -41,7 +41,7 @@ void *xrealloc(void *ptr, size_t size) {
     return val;
 }
 
-char *xstrdup(char *s) {
+char *xstrdup(const char *s) {
     char *p;
     if (s == NULL) return NULL;
 
@@ -51,3 +51,28 @@ char *xstrdup(char *s) {
     }
     return p;
 }
+
+
+/*
+    safe string copy that aborts when destination buffer is too small
+*/
+char *xstrcpy(char *dst, const char *src, size_t dst_size) {
+    if (dst == NULL) {
+        TACSYSLOG((LOG_ERR, "xstrcpy(): dst == NULL"));
+        abort();
+    }
+    if (src == NULL) {
+        TACSYSLOG((LOG_ERR, "xstrcpy(): src == NULL"));
+        abort();
+    }
+    if (!dst_size)
+        return NULL;
+
+    if (strlen(src) >= dst_size) {
+        TACSYSLOG((LOG_ERR, "xstrcpy(): argument too long, aborting"));
+        abort();
+    }
+
+    return strcpy(dst, src);
+}
+
diff --git a/libtac/lib/xalloc.h b/libtac/lib/xalloc.h
index 70bc666..196cc9f 100644
--- a/libtac/lib/xalloc.h
+++ b/libtac/lib/xalloc.h
@@ -27,7 +27,7 @@
 __BEGIN_DECLS
 extern void *xcalloc(size_t nmemb, size_t size);
 extern void *xrealloc(void *ptr, size_t size);
-extern char *xstrdup(char *s);
+extern char *xstrdup(const char *s);
 __END_DECLS
 
 #endif