BLOCXX_NAMESPACE::Secure Namespace Reference


Classes

class  ProcessAbortException
 Secure::ProcessAbortException should be caught only at the top level of the program. More...

Namespaces

namespace  Impl

Enumerations

enum  EChildGroupAction { E_NO_EXTENDED_GROUPS = 0, E_SOURCE_EXTENDED_GROUPS }

Functions

void dropPrivilegesPermanently (::uid_t newuid,::gid_t newgid, EChildGroupAction extendedGroupAction)
void addPlatformSpecificEnvVars (StringArray &absEnvironment)
StringArray minimalEnvironment ()
void runAs (char const *username, EChildGroupAction extendedGroupAction=E_SOURCE_EXTENDED_GROUPS)
 Look up user ID and group ID for username in password file, chdir to "/", then drop privileges and run with that user ID and group ID.
void dropPrivilegesPermanently (uid_t newuid, gid_t newgid, EChildGroupAction extendedGroupAction)
 Changes both the effective and actual user ID to newuid, and the effective and actual group IDs to newgid, clearing out all of root's auxiliary groups.
void rand_init ()
 Initializes and seeds the cryptographic PRNG, if this has not been done already.
unsigned char * rand (unsigned char *buf, std::size_t n)
 Generates n cryptographically secure pseudo-random bytes and stores them in buf.
::pid_t fork_reseed ()
 Forks and reseeds the PRNG so that a compromise of the child cannot compromise the parent's PRNG state, and a compromise of the parent cannot compromise the child's PRNG state.
void rand_save_state ()
template<typename UnsignedInt>
UnsignedInt rand_uint ()
template<typename UnsignedInt>
UnsignedInt rand_uint_lt (UnsignedInt n)
template<typename Integer>
Integer rand_range (Integer min_val, Integer max_val)
template<typename Real>
Real rand_unit_interval ()

Variables

LazyGlobal< StringArray, int,
MinimalEnvironmentConstructor > 		g_minimalEnvironment = { 0 , 0, {0, PTHREAD_MUTEX_INITIALIZER} }

Enumeration Type Documentation

enum BLOCXX_NAMESPACE::Secure::EChildGroupAction

Enumerator:
E_NO_EXTENDED_GROUPS 
E_SOURCE_EXTENDED_GROUPS 

Definition at line 48 of file Secure.hpp.

Function Documentation

void BLOCXX_NAMESPACE::Secure::@197::addPlatformSpecificEnvVars ( StringArray &  absEnvironment  )  [static]

Definition at line 321 of file Secure.cpp.

References BLOCXX_NAMESPACE::Array< T >::push_back().

void BLOCXX_NAMESPACE::Secure::dropPrivilegesPermanently ( uid_t  newuid,
gid_t  newgid,
EChildGroupAction  extendedGroupAction 
)

Changes both the effective and actual user ID to newuid, and the effective and actual group IDs to newgid, clearing out all of root's auxiliary groups.

If newuid == -1, defaults to the actual user ID. If newgid == -1, defaults to the actual group ID.

The second parameter controls whether or not the new user's auxiliary groups are sourced.

Precondition:
Currently running as root (both uid and euid).

Referenced by runAs().

void BLOCXX_NAMESPACE::Secure::dropPrivilegesPermanently ( ::uid_t  newuid,
::gid_t  newgid,
EChildGroupAction  extendedGroupAction 
)

Definition at line 137 of file Secure.cpp.

References ABORT_ERRNO_IF, ABORT_IF, E_SOURCE_EXTENDED_GROUPS, setresgid(), and setresuid().

pid_t BLOCXX_NAMESPACE::Secure::fork_reseed (  ) 

Forks and reseeds the PRNG so that a compromise of the child cannot compromise the parent's PRNG state, and a compromise of the parent cannot compromise the child's PRNG state.

Returns:
0 for the child; the child's process ID for the parent; or -1 on failure (errno set accordingly).
Precondition:
The process has only one thread.

Definition at line 155 of file SecureRand.cpp.

References BLOCXX_INVALID_HANDLE, rand(), RESEED_BYTES, and BLOCXX_NAMESPACE::seed.

StringArray BLOCXX_NAMESPACE::Secure::minimalEnvironment (  ) 

Returns:
A minimal environment appropriate for the platform.

Definition at line 360 of file Secure.cpp.

References g_minimalEnvironment.

unsigned char * BLOCXX_NAMESPACE::Secure::rand ( unsigned char *  buf,
std::size_t  n 
)

Generates n cryptographically secure pseudo-random bytes and stores them in buf.

Precondition:
rand_init() has been called.
Returns:
buf

Definition at line 143 of file SecureRand.cpp.

References BLOCXX_THROW, BLOCXX_NAMESPACE::callOnce(), BLOCXX_NAMESPACE::SSLCtxMgr::getOpenSSLErrorDescription(), BLOCXX_NAMESPACE::guard, and rand_init_impl().

Referenced by fork_reseed(), BLOCXX_NAMESPACE::RandomNumber::getNextNumber(), BLOCXX_NAMESPACE::getNodeIdentifier(), and rand_uint().

void BLOCXX_NAMESPACE::Secure::rand_init (  ) 

Initializes and seeds the cryptographic PRNG, if this has not been done already.

Note that this function gets called automatically the first time rand data are generated.

Definition at line 138 of file SecureRand.cpp.

References BLOCXX_NAMESPACE::callOnce(), BLOCXX_NAMESPACE::guard, and rand_init_impl().

Referenced by BLOCXX_NAMESPACE::SSLCtxMgr::initCtx().

template<typename Integer>
Integer BLOCXX_NAMESPACE::Secure::rand_range ( Integer  min_val,
Integer  max_val 
) [inline]

Returns:
cryptographically secure random number x of type Integer, with min_val <= x <= max_val and all allowed values equally probable.
Precondition:
rand_init() has been called.

Integer is an integer type (signed or unsigned).

min_val <= max_val.

Definition at line 173 of file SecureRand.hpp.

void BLOCXX_NAMESPACE::Secure::rand_save_state (  ) 

Definition at line 328 of file SecureRand.cpp.

References BLOCXX_NAMESPACE::FileSystem::Path::dirname(), BLOCXX_NAMESPACE::FileSystem::Path::E_SECURE_DIR, MAXPATHLEN, BLOCXX_NAMESPACE::FileSystem::removeFile(), and BLOCXX_NAMESPACE::FileSystem::Path::security().

template<typename UnsignedInt>
UnsignedInt BLOCXX_NAMESPACE::Secure::rand_uint (  )  [inline]

Returns:
cryptographically secure random number of type UnsignedInt, with all values equally probable.
Precondition:
rand_init() has been called.

UnsignedInt is an unsigned integer type.

Definition at line 138 of file SecureRand.hpp.

References rand().

template<typename UnsignedInt>
UnsignedInt BLOCXX_NAMESPACE::Secure::rand_uint_lt ( UnsignedInt  n  )  [inline]

Returns:
cryptographically secure random number x of type UnsignedInt, with 0 <= x < n and all allowed values equally probable.
Precondition:
rand_init() has been called.

UnsignedInt is an unsigned integer type.

Definition at line 156 of file SecureRand.hpp.

template<typename Real>
Real BLOCXX_NAMESPACE::Secure::rand_unit_interval (  )  [inline]

Returns:
cryptographically secure random number x of type Real, chosen from a uniform distribution over the interval 0 <= x < 1.
Precondition:
rand_init() has been called.

Real is one of the floating-point numeric types.

Definition at line 189 of file SecureRand.hpp.

void BLOCXX_NAMESPACE::Secure::runAs ( char const *  username,
EChildGroupAction  extendedGroupAction = E_SOURCE_EXTENDED_GROUPS 
)

Look up user ID and group ID for username in password file, chdir to "/", then drop privileges and run with that user ID and group ID.

The extendedGroupAction parameter determines whether or not the child process's extended groups get initialized, or if it only runs with its primary group.

Precondition:
Currently running as root (both uid and euid).

Definition at line 365 of file Secure.cpp.

References ABORT_ERRNO_IF, ABORT_IF, and dropPrivilegesPermanently().

Variable Documentation

LazyGlobal<StringArray, int, MinimalEnvironmentConstructor> BLOCXX_NAMESPACE::Secure::g_minimalEnvironment = { 0 , 0, {0, PTHREAD_MUTEX_INITIALIZER} } [static]

Definition at line 357 of file Secure.cpp.

Referenced by minimalEnvironment().

Generated on Wed Feb 25 19:05:19 2009 for blocxx by  doxygen 1.5.6