1 /* @(#) $Id: secure.c,v 1.29 2009/06/24 18:53:07 dcid Exp $ */
3 /* Copyright (C) 2009 Trend Micro Inc.
6 * This program is a free software; you can redistribute it
7 * and/or modify it under the terms of the GNU General Public
8 * License (version 3) as published by the FSF - Free Software
15 #include "os_net/os_net.h"
21 /** void HandleSecure() v0.3
22 * Handle the secure connections
28 char buffer[OS_MAXSTR +1];
29 char cleartext_msg[OS_MAXSTR +1];
30 char srcip[IPSIZE +1];
32 char srcmsg[OS_FLSIZE +1];
37 struct sockaddr_in peer_info;
45 /* Initializing key mutex. */
49 /* Initializing manager */
53 /* Creating Ar forwarder thread */
54 if(CreateThread(AR_Forward, (void *)NULL) != 0)
56 ErrorExit(THREAD_ERROR, ARGV0);
59 /* Creating wait_for_msgs thread */
60 if(CreateThread(wait_for_msgs, (void *)NULL) != 0)
62 ErrorExit(THREAD_ERROR, ARGV0);
66 /* Connecting to the message queue
69 if((logr.m_queue = StartMQ(DEFAULTQUEUE,WRITE)) < 0)
71 ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQUEUE);
75 verbose(AG_AX_AGENTS, ARGV0, MAX_AGENTS);
78 /* Reading authentication keys */
79 verbose(ENC_READ, ARGV0);
83 debug1("%s: DEBUG: OS_StartCounter.", ARGV0);
84 OS_StartCounter(&keys);
85 debug1("%s: DEBUG: OS_StartCounter completed.", ARGV0);
88 /* setting up peer size */
89 peer_size = sizeof(peer_info);
90 logr.peer_size = sizeof(peer_info);
93 /* Initializing some variables */
94 memset(buffer, '\0', OS_MAXSTR +1);
95 memset(cleartext_msg, '\0', OS_MAXSTR +1);
96 memset(srcmsg, '\0', OS_FLSIZE +1);
104 /* Receiving message */
105 recv_b = recvfrom(logr.sock, buffer, OS_MAXSTR, 0,
106 (struct sockaddr *)&peer_info, &peer_size);
109 /* Nothing received */
116 /* Setting the source ip */
117 strncpy(srcip, inet_ntoa(peer_info.sin_addr), IPSIZE);
118 srcip[IPSIZE] = '\0';
122 /* Getting a valid agentid */
129 /* We need to make sure that we have a valid id
130 * and that we reduce the recv buffer size.
132 while(isdigit((int)*tmp_msg))
140 merror(ENCFORMAT_ERROR, __local_name, srcip);
148 agentid = OS_IsAllowedDynamicID(&keys, buffer +1, srcip);
151 if(check_keyupdate())
153 agentid = OS_IsAllowedDynamicID(&keys, buffer +1, srcip);
156 merror(ENC_IP_ERROR, ARGV0, srcip);
162 merror(ENC_IP_ERROR, ARGV0, srcip);
169 agentid = OS_IsAllowedIP(&keys, srcip);
172 if(check_keyupdate())
174 agentid = OS_IsAllowedIP(&keys, srcip);
177 merror(DENYIP_WARN,ARGV0,srcip);
183 merror(DENYIP_WARN,ARGV0,srcip);
191 /* Decrypting the message */
192 tmp_msg = ReadSecMSG(&keys, tmp_msg, cleartext_msg,
196 /* If duplicated, a warning was already generated */
201 /* Check if it is a control message */
202 if(IsValidHeader(tmp_msg))
204 /* We need to save the peerinfo if it is a control msg */
205 memcpy(&keys.keyentries[agentid]->peer_info, &peer_info, peer_size);
206 keys.keyentries[agentid]->rcvd = time(0);
208 save_controlmsg(agentid, tmp_msg);
214 /* Generating srcmsg */
215 snprintf(srcmsg, OS_FLSIZE,"(%s) %s",keys.keyentries[agentid]->name,
216 keys.keyentries[agentid]->ip->ip);
219 /* If we can't send the message, try to connect to the
220 * socket again. If it not exit.
222 if(SendMSG(logr.m_queue, tmp_msg, srcmsg,
225 merror(QUEUE_ERROR, ARGV0, DEFAULTQUEUE, strerror(errno));
227 if((logr.m_queue = StartMQ(DEFAULTQUEUE, WRITE)) < 0)
229 ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQUEUE);