1 /* @(#) $Id: ./src/remoted/secure.c, 2011/09/08 dcid Exp $
4 /* Copyright (C) 2009 Trend Micro Inc.
7 * This program is a free software; you can redistribute it
8 * and/or modify it under the terms of the GNU General Public
9 * License (version 2) as published by the FSF - Free Software
16 #include "os_net/os_net.h"
22 /** void HandleSecure() v0.3
23 * Handle the secure connections
29 char buffer[OS_MAXSTR +1];
30 char cleartext_msg[OS_MAXSTR +1];
31 char srcip[IPSIZE +1];
33 char srcmsg[OS_FLSIZE +1];
38 struct sockaddr_in peer_info;
46 /* Initializing key mutex. */
50 /* Initializing manager */
54 /* Creating Ar forwarder thread */
55 if(CreateThread(AR_Forward, (void *)NULL) != 0)
57 ErrorExit(THREAD_ERROR, ARGV0);
60 /* Creating wait_for_msgs thread */
61 if(CreateThread(wait_for_msgs, (void *)NULL) != 0)
63 ErrorExit(THREAD_ERROR, ARGV0);
67 /* Connecting to the message queue
70 if((logr.m_queue = StartMQ(DEFAULTQUEUE,WRITE)) < 0)
72 ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQUEUE);
76 verbose(AG_AX_AGENTS, ARGV0, MAX_AGENTS);
79 /* Reading authentication keys */
80 verbose(ENC_READ, ARGV0);
84 debug1("%s: DEBUG: OS_StartCounter.", ARGV0);
85 OS_StartCounter(&keys);
86 debug1("%s: DEBUG: OS_StartCounter completed.", ARGV0);
89 /* setting up peer size */
90 peer_size = sizeof(peer_info);
91 logr.peer_size = sizeof(peer_info);
94 /* Initializing some variables */
95 memset(buffer, '\0', OS_MAXSTR +1);
96 memset(cleartext_msg, '\0', OS_MAXSTR +1);
97 memset(srcmsg, '\0', OS_FLSIZE +1);
105 /* Receiving message */
106 recv_b = recvfrom(logr.sock, buffer, OS_MAXSTR, 0,
107 (struct sockaddr *)&peer_info, &peer_size);
110 /* Nothing received */
117 /* Setting the source ip */
118 strncpy(srcip, inet_ntoa(peer_info.sin_addr), IPSIZE);
119 srcip[IPSIZE] = '\0';
123 /* Getting a valid agentid */
130 /* We need to make sure that we have a valid id
131 * and that we reduce the recv buffer size.
133 while(isdigit((int)*tmp_msg))
141 merror(ENCFORMAT_ERROR, __local_name, srcip);
149 agentid = OS_IsAllowedDynamicID(&keys, buffer +1, srcip);
152 if(check_keyupdate())
154 agentid = OS_IsAllowedDynamicID(&keys, buffer +1, srcip);
157 merror(ENC_IP_ERROR, ARGV0, srcip);
163 merror(ENC_IP_ERROR, ARGV0, srcip);
170 agentid = OS_IsAllowedIP(&keys, srcip);
173 if(check_keyupdate())
175 agentid = OS_IsAllowedIP(&keys, srcip);
178 merror(DENYIP_WARN,ARGV0,srcip);
184 merror(DENYIP_WARN,ARGV0,srcip);
192 /* Decrypting the message */
193 tmp_msg = ReadSecMSG(&keys, tmp_msg, cleartext_msg,
197 /* If duplicated, a warning was already generated */
202 /* Check if it is a control message */
203 if(IsValidHeader(tmp_msg))
205 /* We need to save the peerinfo if it is a control msg */
206 memcpy(&keys.keyentries[agentid]->peer_info, &peer_info, peer_size);
207 keys.keyentries[agentid]->rcvd = time(0);
209 save_controlmsg(agentid, tmp_msg);
215 /* Generating srcmsg */
216 snprintf(srcmsg, OS_FLSIZE,"(%s) %s",keys.keyentries[agentid]->name,
217 keys.keyentries[agentid]->ip->ip);
220 /* If we can't send the message, try to connect to the
221 * socket again. If it not exit.
223 if(SendMSG(logr.m_queue, tmp_msg, srcmsg,
226 merror(QUEUE_ERROR, ARGV0, DEFAULTQUEUE, strerror(errno));
228 if((logr.m_queue = StartMQ(DEFAULTQUEUE, WRITE)) < 0)
230 ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQUEUE);