From: Mark Andrews Date: Fri, 29 Aug 2003 07:08:33 +0000 (+0000) Subject: 1499. [bug] isc_random need to be seeded better if arc4random() X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2b2270e234fefa30dd4f40369efb6358c81de32d;p=thirdparty%2Fbind9.git 1499. [bug] isc_random need to be seeded better if arc4random() is not used. 1480. [bug] Provide replay protection for rndc commands. --- diff --git a/CHANGES b/CHANGES index 8c7c282a68d..cbdf0e19705 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,8 @@ +1499. [bug] isc_random need to be seeded better if arc4random() + is not used. + +1480. [bug] Provide replay protection for rndc commands. + 1347. [bug] Incorporate OpenSSL fixes for CERT Advisory CA-2002-23 http://www.cert.org/advisories/CA-2002-23.html diff --git a/lib/isc/random.c b/lib/isc/random.c index ad8e231f887..967d894d987 100644 --- a/lib/isc/random.c +++ b/lib/isc/random.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: random.c,v 1.14.2.1 2001/01/09 22:49:14 bwelling Exp $ */ +/* $Id: random.c,v 1.14.2.2 2003/08/29 07:08:31 marka Exp $ */ #include @@ -33,7 +33,14 @@ static isc_once_t once = ISC_ONCE_INIT; static void initialize_rand(void) { - srand(time(NULL)); + unsigned int pid = getpid(); + + /* + * The low bits of pid generally change faster. + * Xor them with the high bits of time which change slowly. + */ + pid = ((pid << 16) & 0xffff0000) | ((pid >> 16) & 0xffff); + srand(time(NULL) ^ pid); } static void diff --git a/lib/omapi/include/omapi/private.h b/lib/omapi/include/omapi/private.h index a1b4b69637a..8e7baee9058 100644 --- a/lib/omapi/include/omapi/private.h +++ b/lib/omapi/include/omapi/private.h @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: private.h,v 1.25.4.1 2001/01/09 22:53:15 bwelling Exp $ */ +/* $Id: private.h,v 1.25.4.2 2003/08/29 07:08:33 marka Exp $ */ /***** ***** Private master include file for the OMAPI library. @@ -243,6 +243,7 @@ struct omapi_protocol { isc_region_t signature_in; isc_buffer_t *signature_out; isc_result_t verify_result; + isc_uint32_t authid; /* * A callback to find out whether a requested key is valid on * the connection, and the arg the caller wants to help it decide. @@ -438,12 +439,12 @@ send_intro(omapi_object_t *object, unsigned int version); #define send_status omapi__send_status isc_result_t send_status(omapi_object_t *protcol, isc_result_t waitstatus, - unsigned int response_id, const char *message); + unsigned int response_id, unsigned int authid, const char *message); #define send_update omapi__send_update isc_result_t send_update(omapi_object_t *protocol, unsigned int response_id, - omapi_object_t *object); + unsigned int authid, omapi_object_t *object); ISC_LANG_ENDDECLS diff --git a/lib/omapi/include/omapi/result.h b/lib/omapi/include/omapi/result.h index 823ffe8ac78..83f5a8f1053 100644 --- a/lib/omapi/include/omapi/result.h +++ b/lib/omapi/include/omapi/result.h @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: result.h,v 1.7.4.1 2001/01/09 22:53:16 bwelling Exp $ */ +/* $Id: result.h,v 1.7.4.2 2003/08/29 07:08:33 marka Exp $ */ #ifndef OMAPI_RESULT_H #define OMAPI_RESULT_H 1 @@ -32,8 +32,9 @@ ISC_LANG_BEGINDECLS #define OMAPI_R_INVALIDARG (ISC_RESULTCLASS_OMAPI + 3) #define OMAPI_R_VERSIONMISMATCH (ISC_RESULTCLASS_OMAPI + 4) #define OMAPI_R_PROTOCOLERROR (ISC_RESULTCLASS_OMAPI + 5) +#define OMAPI_R_BADAUTHID (ISC_RESULTCLASS_OMAPI + 6) -#define OMAPI_R_NRESULTS 6 /* Number of results */ +#define OMAPI_R_NRESULTS 7 /* Number of results */ const char * omapi_result_totext(isc_result_t); diff --git a/lib/omapi/listener.c b/lib/omapi/listener.c index 56faf4319c4..ca31b24d835 100644 --- a/lib/omapi/listener.c +++ b/lib/omapi/listener.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: listener.c,v 1.31.4.2 2001/03/27 00:14:54 bwelling Exp $ */ +/* $Id: listener.c,v 1.31.4.3 2003/08/29 07:08:32 marka Exp $ */ /* * Subroutines that support the generic listener object. @@ -219,6 +219,8 @@ listener_accept(isc_task_t *task, isc_event_t *event) { */ protocol->verify_key = listener->verify_key; protocol->verify_key_arg = listener->callback_arg; + while (protocol->authid == 0) + isc_random_get(&protocol->authid); /* * Tie the protocol object bidirectionally to the connection diff --git a/lib/omapi/message.c b/lib/omapi/message.c index abe2a406378..cc5423e39e6 100644 --- a/lib/omapi/message.c +++ b/lib/omapi/message.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: message.c,v 1.28.4.1 2001/01/09 22:53:00 bwelling Exp $ */ +/* $Id: message.c,v 1.28.4.2 2003/08/29 07:08:32 marka Exp $ */ /* * Subroutines for dealing with message objects. @@ -26,6 +26,7 @@ #include #include +#include #include #include @@ -180,7 +181,7 @@ omapi_message_send(omapi_object_t *message, omapi_object_t *protocol) { if (result == ISC_R_SUCCESS) /* XXXTL Write the ID of the authentication key we're using. */ - result = omapi_connection_putuint32(connection, 0); + result = omapi_connection_putuint32(connection, p->authid); if (result == ISC_R_SUCCESS) result = omapi_connection_putuint32(connection, authlen); @@ -209,6 +210,8 @@ omapi_message_send(omapi_object_t *message, omapi_object_t *protocol) { * Set and write the transaction ID. */ m->id = p->next_xid++; + if (m->id == 0) + m->id = p->next_xid++; result = omapi_connection_putuint32(connection, m->id); } @@ -385,6 +388,11 @@ message_process(omapi_object_t *mo, omapi_object_t *po) { dst_context_destroy(&protocol->dstctx); } + if (protocol->verify_result == ISC_R_SUCCESS && + protocol->authid != 0) + if (protocol->authid != message->authid) + result = OMAPI_R_BADAUTHID; + if (protocol->verify_result != ISC_R_SUCCESS) { if (connection->is_client) { INSIST(m != NULL); @@ -422,6 +430,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) { return (send_status(po, protocol->verify_result, message->id, + protocol->authid, "failed to verify " "signature")); } @@ -434,7 +443,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) { if (m != NULL) { return (send_status(po, OMAPI_R_INVALIDARG, - message->id, + message->id, protocol->authid, "OPEN can't be a response")); } @@ -456,7 +465,8 @@ message_process(omapi_object_t *mo, omapi_object_t *po) { } else if (result == ISC_R_NOTFOUND) type = NULL; else - return (send_status(po, result, message->id, + return (send_status(po, result, message->id, + protocol->authid, isc_result_totext(result))); /* @@ -470,6 +480,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) { create = 0; else return (send_status(po, result, message->id, + protocol->authid, isc_result_totext(result))); /* @@ -483,6 +494,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) { update = 0; else return (send_status(po, result, message->id, + protocol->authid, isc_result_totext(result))); /* @@ -496,6 +508,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) { exclusive = 0; else return (send_status(po, result, message->id, + protocol->authid, isc_result_totext(result))); /* @@ -505,6 +518,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) { #ifdef notyet /* not for 9.0.0 */ if (type != omapi_type_protocol && protocol->key == NULL) return (send_status(po, ISC_R_NOPERM, message->id, + protocol->authid, "unauthorized access")); #endif /* notyet */ @@ -516,6 +530,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) { if (create != 0) return (send_status(po, OMAPI_R_INVALIDARG, message->id, + protocol->authid, "type required on create")); goto refresh; @@ -523,6 +538,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) { if (message->object == NULL) return (send_status(po, ISC_R_NOTFOUND, message->id, + protocol->authid, "no lookup key specified")); /* @@ -551,12 +567,14 @@ message_process(omapi_object_t *mo, omapi_object_t *po) { if (result == ISC_R_NOTIMPLEMENTED) return (send_status(po, result, message->id, + protocol->authid, "unsearchable object type")); if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND && result != OMAPI_R_NOKEYS) return (send_status(po, result, message->id, + protocol->authid, "object lookup failed")); /* @@ -565,6 +583,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) { */ if (result == ISC_R_NOTFOUND && create == 0) { return (send_status(po, ISC_R_NOTFOUND, message->id, + protocol->authid, "no object matches specification")); } @@ -576,6 +595,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) { if (result == ISC_R_SUCCESS && create != 0 && exclusive != 0) { OBJECT_DEREF(&object); return (send_status(po, ISC_R_EXISTS, message->id, + protocol->authid, "specified object already exists")); } @@ -586,6 +606,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) { result = object_methodcreate(type, &object); if (result != ISC_R_SUCCESS) return (send_status(po, result, message->id, + protocol->authid, "can't create new object")); } @@ -598,6 +619,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) { if (result != ISC_R_SUCCESS) { OBJECT_DEREF(&object); return (send_status(po, result, message->id, + protocol->authid, "can't update object")); } } @@ -614,6 +636,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) { #ifdef notyet /* not for 9.0.0 */ if (protocol->key == NULL) return (send_status(po, ISC_R_NOPERM, message->id, + protocol->authid, "unauthorized access")); #endif /* notyet */ @@ -621,10 +644,11 @@ message_process(omapi_object_t *mo, omapi_object_t *po) { result = handle_lookup(&object, message->h); if (result != ISC_R_SUCCESS) return (send_status(po, result, message->id, + protocol->authid, "no matching handle")); send: - result = send_update(po, message->id, object); + result = send_update(po, message->id, protocol->authid, object); OBJECT_DEREF(&object); return (result); @@ -632,6 +656,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) { if (! connection->is_client) return (send_status(po, OMAPI_R_INVALIDARG, message->id, + protocol->authid, "OMAPI_OP_UPDATE is not a " "valid server operation")); @@ -642,6 +667,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) { result = handle_lookup(&object, message->h); if (result != ISC_R_SUCCESS) return (send_status(po, result, message->id, + protocol->authid, "no matching handle")); } @@ -656,6 +682,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) { if (result != ISC_R_SUCCESS) { if (message->rid == 0) return (send_status(po, result, message->id, + protocol->authid, "can't update object")); if (m != NULL) object_signal((omapi_object_t *)m, @@ -665,6 +692,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) { if (message->rid == 0) result = send_status(po, ISC_R_SUCCESS, message->id, + protocol->authid, NULL); if (m != NULL) @@ -675,12 +703,14 @@ message_process(omapi_object_t *mo, omapi_object_t *po) { case OMAPI_OP_NOTIFY: return (send_status(po, ISC_R_NOTIMPLEMENTED, message->id, + protocol->authid, "notify not implemented yet")); case OMAPI_OP_STATUS: if (! connection->is_client) return (send_status(po, OMAPI_R_INVALIDARG, message->id, + protocol->authid, "OMAPI_OP_STATUS is not a " "valid server operation")); @@ -720,22 +750,26 @@ message_process(omapi_object_t *mo, omapi_object_t *po) { if (protocol->key == NULL) return (send_status(po, ISC_R_NOPERM, message->id, + protocol->authid, "unauthorized delete")); result = handle_lookup(&object, message->h); if (result != ISC_R_SUCCESS) return (send_status(po, result, message->id, + protocol->authid, "no matching handle")); result = object_methodexpunge(object->type, object); if (result == ISC_R_NOTIMPLEMENTED) return (send_status(po, ISC_R_NOTIMPLEMENTED, message->id, + protocol->authid, "no remove method for object")); OBJECT_DEREF(&object); - return (send_status(po, result, message->id, NULL)); + return (send_status(po, result, message->id, + protocol->authid, NULL)); } return (ISC_R_NOTIMPLEMENTED); diff --git a/lib/omapi/protocol.c b/lib/omapi/protocol.c index c422a39531f..b9a379f6ae9 100644 --- a/lib/omapi/protocol.c +++ b/lib/omapi/protocol.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: protocol.c,v 1.32.4.1 2001/01/09 22:53:03 bwelling Exp $ */ +/* $Id: protocol.c,v 1.32.4.2 2003/08/29 07:08:32 marka Exp $ */ /* * Functions supporting the object management protocol. @@ -28,6 +28,7 @@ #include #include +#include #include #include @@ -160,7 +161,7 @@ send_intro(omapi_object_t *h, unsigned int ver) { * Make up an initial transaction ID for this connection. * XXXDCL better generator than random()? */ - p->next_xid = random(); + isc_random_get(&p->next_xid); result = connection_send(connection); @@ -212,7 +213,7 @@ omapi_protocol_listen(omapi_object_t *manager, isc_sockaddr_t *addr, isc_result_t send_status(omapi_object_t *po, isc_result_t waitstatus, - unsigned int rid, const char *msg) + unsigned int rid, unsigned int authid, const char *msg) { isc_result_t result; omapi_object_t *message = NULL; @@ -230,6 +231,10 @@ send_status(omapi_object_t *po, isc_result_t waitstatus, if (result == ISC_R_SUCCESS) result = omapi_object_setinteger(message, "rid", (int)rid); + if (result == ISC_R_SUCCESS) + result = omapi_object_setinteger(message, "authid", + (int)authid); + if (result == ISC_R_SUCCESS) result = omapi_object_setinteger(message, "result", (int)waitstatus); @@ -249,7 +254,9 @@ send_status(omapi_object_t *po, isc_result_t waitstatus, } isc_result_t -send_update(omapi_object_t *po, unsigned int rid, omapi_object_t *object) { +send_update(omapi_object_t *po, unsigned int rid, unsigned int authid, + omapi_object_t *object) +{ isc_result_t result; omapi_object_t *message = NULL; @@ -267,6 +274,10 @@ send_update(omapi_object_t *po, unsigned int rid, omapi_object_t *object) { result = omapi_object_setinteger(message, "rid", (int)rid); + if (result == ISC_R_SUCCESS) + result = omapi_object_setinteger(message, "authid", + (int)authid); + if (result == ISC_R_SUCCESS) result = object_gethandle(&handle, object); @@ -378,6 +389,8 @@ dispatch_messages(omapi_protocol_t *protocol, */ /* XXXDCL authid is unused */ connection_getuint32(connection, &protocol->message->authid); + if (protocol->authid == 0) + protocol->authid = protocol->message->authid; /* XXXTL bind the authenticator here! */ connection_getuint32(connection, &protocol->message->authlen); connection_getuint32(connection, &protocol->message->op); diff --git a/lib/omapi/result.c b/lib/omapi/result.c index caa54995330..2bbd8f63d63 100644 --- a/lib/omapi/result.c +++ b/lib/omapi/result.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: result.c,v 1.10.4.1 2001/01/09 22:53:04 bwelling Exp $ */ +/* $Id: result.c,v 1.10.4.2 2003/08/29 07:08:32 marka Exp $ */ #include #include @@ -31,6 +31,7 @@ static const char *text[OMAPI_R_NRESULTS] = { "invalid argument", /* 3 */ "protocol version mismatch", /* 4 */ "protocol error", /* 5 */ + "bad authid", /* 6 */ };