xenocara/app/xfwp/misc.c

1476 lines
40 KiB
C
Raw Normal View History

2006-11-25 13:07:29 -07:00
/* $Xorg: misc.c,v 1.6 2001/02/09 02:05:45 xorgcvs Exp $ */
/*
Copyright "1986-1997, 1998 The Open Group
Permission to use, copy, modify, distribute, and sell this software and its
documentation for any purpose is hereby granted without fee, provided that
the above copyright notice appear in all copies and that both that
copyright notice and this permission notice appear in supporting
documentation.
The above copyright notice and the following permission notice
shall be included in all copies of the Software:
THE SOFTWARE IS PROVIDED "AS IS ", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
AND NON-INFRINGEMENT. IN NO EVENT SHALL THE OPEN GROUP BE LIABLE
FOR ANY CLAIM, DAMAGES OR OTHER SIABILITIY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF, OR IN
CONNNECTION WITH THE SOFTWARE OR THE USE OF OTHER DEALINGS IN
THE SOFTWARE.
Except as contained in this notice, the name of The Open Group
shall not be used in advertising or otherwise to promote the use
or other dealings in this Software without prior written
authorization from The Open Group.
X Window System is a trademark of The Open Group.
*/
/* $XFree86: xc/programs/xfwp/misc.c,v 1.6 2001/01/17 23:45:34 dawes Exp $ */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <X11/Xos.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <X11/Xfuncs.h> /* Need for bcopy() */
#include <X11/ICE/ICElib.h>
#include <X11/PM/PM.h>
#include "xfwp.h"
#include "misc.h"
#include "pm.h"
static Bool printConfigVerify = FALSE;
static Bool HaveSitePolicy = 0;
/*ARGSUSED*/
2013-08-13 13:39:34 -06:00
static void
2006-11-25 13:07:29 -07:00
BadSyntax(
2013-08-13 13:39:34 -06:00
const char *msg,
2006-11-25 13:07:29 -07:00
int line)
{
#ifdef DEBUG
(void) fprintf(stderr, "Config error: %s at line %d\n", msg, line);
#endif
}
2013-08-13 13:39:34 -06:00
static void
2006-11-25 13:07:29 -07:00
Usage(void)
{
2013-08-13 13:39:34 -06:00
(void) fprintf (stderr, "Usage: xfwp [-pdt <#secs>] [-clt <#secs>] \\\n");
(void) fprintf (stderr,
2006-11-25 13:07:29 -07:00
"\t[-cdt <#secs>] [-pmport <port#>] [-config <path>]\\\n");
2013-08-13 13:39:34 -06:00
(void) fprintf (stderr,
2006-11-25 13:07:29 -07:00
"\t[-logfile <path>] [-loglevel <0|1>] [-verify]\n");
exit (0);
}
2013-08-13 13:39:34 -06:00
static void
2006-11-25 13:07:29 -07:00
BadMalloc(
int line)
{
2013-08-13 13:39:34 -06:00
(void) fprintf(stderr, "Error: memory exhausted at line %d\n", line);
2006-11-25 13:07:29 -07:00
}
2013-08-13 13:39:34 -06:00
static void
2006-11-25 13:07:29 -07:00
doPrintEval(
2013-08-13 13:39:34 -06:00
struct config * config_info,
2006-11-25 13:07:29 -07:00
int line_counter)
{
struct config_line *ruleP = config_info->config_file_data[line_counter];
if (!printConfigVerify)
return;
(void) fprintf(stderr,"matched: %s %s %s %s %s %s %s\n",
(ruleP->permit_deny) ? ruleP->permit_deny : "",
2013-08-13 13:39:34 -06:00
(ruleP->source_hostname) ? ruleP->source_hostname : "",
2006-11-25 13:07:29 -07:00
(ruleP->source_netmask) ? ruleP->source_netmask : "",
2013-08-13 13:39:34 -06:00
(ruleP->dest_hostname) ? ruleP->dest_hostname : "",
2006-11-25 13:07:29 -07:00
(ruleP->dest_netmask) ? ruleP->dest_netmask : "",
(ruleP->operator) ? ruleP->operator : "",
(ruleP->service) ? ruleP->service : "");
}
static Bool
doConfigRequireDisallow(
2013-08-13 13:39:34 -06:00
int line,
2006-11-25 13:07:29 -07:00
char* result)
{
Bool permit = (strcmp("require", result) == 0);
if (((result = strtok(NULL, SEPARATOR1)) == NULL) ||
(strcmp(result, "sitepolicy") != 0))
{
BadSyntax("require/disallow must specify \"sitepolicy\"", line);
return 1;
}
if (HaveSitePolicy && (SitePolicyPermit != permit))
{
BadSyntax("can't mix require and disallow policies", line);
return 1;
}
HaveSitePolicy = True;
SitePolicyPermit = permit;
if ((result = strtok(NULL, " \n")) == NULL)
{
BadSyntax("missing policy string after \"sitepolicy\"", line);
return 1;
}
if (SitePolicies)
SitePolicies = (char**)realloc((char**)SitePolicies,
(SitePolicyCount+1) * sizeof(char*));
else
SitePolicies = (char**)malloc(sizeof(char*));
if (!SitePolicies)
{
BadMalloc(line);
return 1;
}
2013-08-13 13:39:34 -06:00
SitePolicies[SitePolicyCount] = strdup(result);
2006-11-25 13:07:29 -07:00
if (!SitePolicies[SitePolicyCount])
{
BadMalloc(line);
return 1;
}
2013-08-13 13:39:34 -06:00
SitePolicyCount++;
2006-11-25 13:07:29 -07:00
#ifdef DEBUG
(void) fprintf(stderr, "%s %s", permit ? "requiring" : "disallowing", result);
#endif
return False;
}
2013-08-13 13:39:34 -06:00
static int
2006-11-25 13:07:29 -07:00
doVerifyHostMaskToken(
char token[])
{
char * result;
int delimiter_count = 0;
/*
* verify there are 3 "." delimiters in the token
*/
while (token)
{
if ((result = strchr(token, SEPARATOR2)) != NULL)
{
token = result;
delimiter_count++;
token ++;
} else
token = result;
}
if ((delimiter_count < 3) || (delimiter_count > 3))
2013-08-13 13:39:34 -06:00
return 0;
2006-11-25 13:07:29 -07:00
else
return 1;
}
2013-08-13 13:39:34 -06:00
static int
2006-11-25 13:07:29 -07:00
doInitNewRule(
struct config *config_info)
{
int rule_number = config_info->rule_count;
struct config_line *config_lineP;
if (rule_number == config_info->lines_allocated)
{
if ((config_info->config_file_data = (struct config_line**)
2013-08-13 13:39:34 -06:00
realloc((char*)config_info->config_file_data,
2006-11-25 13:07:29 -07:00
(config_info->lines_allocated += ADD_LINES) *
2013-08-13 13:39:34 -06:00
sizeof(struct config_line *))) == NULL)
2006-11-25 13:07:29 -07:00
{
(void) fprintf (stderr, "realloc - config_file_data\n");
return -1;
}
}
2013-08-13 13:39:34 -06:00
if ((config_lineP = malloc (sizeof(struct config_line))) == NULL)
2006-11-25 13:07:29 -07:00
{
(void) fprintf (stderr, "malloc - config_lineP\n");
return -1;
}
config_lineP->permit_deny = NULL;
config_lineP->source_hostname = NULL;
config_lineP->source_host = 0;
config_lineP->source_netmask = NULL;
config_lineP->source_net = 0;
config_lineP->dest_hostname = NULL;
config_lineP->dest_host = 0;
config_lineP->dest_netmask = NULL;
config_lineP->dest_net = 0;
config_lineP->operator = NULL;
2013-08-13 13:39:34 -06:00
config_lineP->service = NULL;
2006-11-25 13:07:29 -07:00
config_info->config_file_data[rule_number] = config_lineP;
return rule_number;
}
static int
doConfigPermitDeny(
2013-08-13 13:39:34 -06:00
struct config *config_info,
2006-11-25 13:07:29 -07:00
char *result)
{
struct config_line ** config_file_data;
int line_number;
int bad_token = 0;
2013-08-13 13:39:34 -06:00
/*
* caution; config_info->config_file_data can move in doInitNewRule
2006-11-25 13:07:29 -07:00
*/
if ((line_number = doInitNewRule(config_info)) == -1)
return 1;
config_file_data = config_info->config_file_data;
2013-08-13 13:39:34 -06:00
if ((config_file_data[line_number]->permit_deny = strdup(result)) == NULL)
2006-11-25 13:07:29 -07:00
{
(void) fprintf(stderr, "malloc - config rule (permit/deny keyword)\n");
return 0;
}
#ifdef DEBUG
2013-08-13 13:39:34 -06:00
(void) fprintf(stderr,
"first token = %s\n",
2006-11-25 13:07:29 -07:00
config_file_data[line_number]->permit_deny);
#endif
/*
* do the source hostname field
*/
if ((result = strtok(NULL, SEPARATOR1)) != NULL)
{
char token[64];
strcpy(token, result);
if (doVerifyHostMaskToken(token))
{
2013-08-13 13:39:34 -06:00
if ((config_file_data[line_number]->source_hostname = strdup(result))
== NULL)
2006-11-25 13:07:29 -07:00
{
(void) fprintf(stderr, "malloc - config rule (source host)\n");
return 0;
}
#ifdef DEBUG
2013-08-13 13:39:34 -06:00
(void) fprintf(stderr,
"second token = %s\n",
2006-11-25 13:07:29 -07:00
config_file_data[line_number]->source_hostname);
#endif
/*
* generate network address format
*/
2013-08-13 13:39:34 -06:00
config_file_data[line_number]->source_host =
2006-11-25 13:07:29 -07:00
inet_addr(config_file_data[line_number]->source_hostname);
} else
bad_token = 1;
}
/*
* now the source netmask field
*/
if ((result = strtok(NULL, SEPARATOR1)) != NULL)
{
char token[64];
strcpy(token, result);
if (doVerifyHostMaskToken(token))
{
2013-08-13 13:39:34 -06:00
if ((config_file_data[line_number]->source_netmask = strdup(result))
== NULL)
2006-11-25 13:07:29 -07:00
{
(void) fprintf(stderr, "malloc - config rule (source netmask)\n");
return 0;
}
#ifdef DEBUG
2013-08-13 13:39:34 -06:00
(void) fprintf(stderr,
"third token = %s\n",
2006-11-25 13:07:29 -07:00
config_file_data[line_number]->source_netmask);
#endif
2013-08-13 13:39:34 -06:00
config_file_data[line_number]->source_net =
2006-11-25 13:07:29 -07:00
inet_addr(config_file_data[line_number]->source_netmask);
} else
bad_token = 1;
}
/*
* now the destination hostname field
*/
if ((result = strtok(NULL, SEPARATOR1)) != NULL)
{
char token[64];
strcpy(token, result);
if (doVerifyHostMaskToken(token))
{
2013-08-13 13:39:34 -06:00
if ((config_file_data[line_number]->dest_hostname = strdup(result))
== NULL)
2006-11-25 13:07:29 -07:00
{
(void) fprintf(stderr, "malloc - config rule (destination host)\n");
return 0;
}
#ifdef DEBUG
2013-08-13 13:39:34 -06:00
(void) fprintf(stderr,
"fourth token = %s\n",
2006-11-25 13:07:29 -07:00
config_file_data[line_number]->dest_hostname);
#endif
2013-08-13 13:39:34 -06:00
config_file_data[line_number]->dest_host =
2006-11-25 13:07:29 -07:00
inet_addr(config_file_data[line_number]->dest_hostname);
} else
bad_token = 1;
}
/*
* now the destination netmask field
*/
if ((result = strtok(NULL, SEPARATOR1)) != NULL)
{
char token[64];
strcpy(token, result);
if (doVerifyHostMaskToken(token))
{
2013-08-13 13:39:34 -06:00
if ((config_file_data[line_number]->dest_netmask = strdup(result))
== NULL)
2006-11-25 13:07:29 -07:00
{
(void) fprintf(stderr, "malloc - config rule (destination mask)\n");
return 0;
}
#ifdef DEBUG
2013-08-13 13:39:34 -06:00
(void) fprintf(stderr,
"fifth token = %s\n",
2006-11-25 13:07:29 -07:00
config_file_data[line_number]->dest_netmask);
#endif
2013-08-13 13:39:34 -06:00
config_file_data[line_number]->dest_net =
2006-11-25 13:07:29 -07:00
inet_addr(config_file_data[line_number]->dest_netmask);
} else
bad_token = 1;
}
/*
* now the operator field
*/
if ((result = strtok(NULL, SEPARATOR1)) != NULL)
{
if (!strcmp("eq", result))
{
2013-08-13 13:39:34 -06:00
if ((config_file_data[line_number]->operator = strdup(result)) == NULL)
2006-11-25 13:07:29 -07:00
{
(void) fprintf(stderr, "malloc - config rule (op)\n");
return 0;
}
#ifdef DEBUG
2013-08-13 13:39:34 -06:00
(void) fprintf(stderr,
"sixth token = %s\n",
2006-11-25 13:07:29 -07:00
config_file_data[line_number]->operator);
#endif
} else
bad_token = 1;
}
/*
* and finally the service field
*/
if ((result = strtok(NULL, SEPARATOR1)) != NULL)
{
2013-08-13 13:39:34 -06:00
if (!(strncmp("pm", result, 2)) ||
2006-11-25 13:07:29 -07:00
(!strncmp("fp", result, 2)) ||
2013-08-13 13:39:34 -06:00
(!strncmp("cd", result, 2)))
2006-11-25 13:07:29 -07:00
{
2013-08-13 13:39:34 -06:00
if ((config_file_data[line_number]->service = strdup(result)) == NULL)
2006-11-25 13:07:29 -07:00
{
(void) fprintf(stderr, "malloc - config rule (service)\n");
return 0;
}
#ifdef DEBUG
2013-08-13 13:39:34 -06:00
(void) fprintf(stderr,
"seventh token = %s\n",
2006-11-25 13:07:29 -07:00
config_file_data[line_number]->service);
#endif
/*
* load the appropriate service id
*/
if (!strncmp(config_file_data[line_number]->service, "pm", 2))
config_file_data[line_number]->service_id = PMGR;
else if (!strncmp(config_file_data[line_number]->service, "fp", 2))
config_file_data[line_number]->service_id = FINDPROXY;
2013-08-13 13:39:34 -06:00
else
2006-11-25 13:07:29 -07:00
if (!strncmp(config_file_data[line_number]->service, "cd", 2))
config_file_data[line_number]->service_id = CLIENT;
} else
bad_token = 1;
}
/*
* rules for bad parse
*/
if (bad_token ||
(config_file_data[line_number]->permit_deny == NULL) ||
2013-08-13 13:39:34 -06:00
((config_file_data[line_number]->permit_deny != NULL) &&
2006-11-25 13:07:29 -07:00
(config_file_data[line_number]->source_hostname == NULL)) ||
2013-08-13 13:39:34 -06:00
((config_file_data[line_number]->source_hostname != NULL) &&
(config_file_data[line_number]->source_netmask == NULL)) ||
((config_file_data[line_number]->dest_hostname != NULL) &&
(config_file_data[line_number]->dest_netmask == NULL)) ||
((config_file_data[line_number]->operator != NULL) &&
2006-11-25 13:07:29 -07:00
(config_file_data[line_number]->service == NULL)))
return 1;
config_info->rule_count++;
return 0;
}
2013-08-13 13:39:34 -06:00
static int
2006-11-25 13:07:29 -07:00
doProcessLine(
char *line,
struct config *config_info,
int config_line)
{
char * result;
int bad_parse = 0;
if (line[0] == '#' || line[0] == '\n')
return 1;
if ((result = strtok(line, SEPARATOR1)) != NULL)
{
if (!(strcmp("permit", result)) || (!strcmp("deny", result)))
{
bad_parse = doConfigPermitDeny(config_info, result);
}
else
if (!strcmp("require", result) || !strcmp("disallow", result))
bad_parse = doConfigRequireDisallow(config_line, result);
else
bad_parse = 1;
}
if (bad_parse)
return 0;
else
return 1;
}
/*
* Public functions
*/
2013-08-13 13:39:34 -06:00
int
2006-11-25 13:07:29 -07:00
doConfigCheck(
struct sockaddr_in * source_sockaddr_in,
struct sockaddr_in * dest_sockaddr_in,
struct config * config_info,
int context,
int * rule_number)
{
int line_counter;
/*
* look through the config file parse tree for a source IP address
* that matches this request
2013-08-13 13:39:34 -06:00
*/
2006-11-25 13:07:29 -07:00
for (line_counter = 0; line_counter < config_info->rule_count; line_counter++)
{
if (config_info->config_file_data[line_counter] != NULL)
{
2013-08-13 13:39:34 -06:00
if ((source_sockaddr_in->sin_addr.s_addr &
2006-11-25 13:07:29 -07:00
(~(config_info->config_file_data[line_counter]->source_net))) ==
config_info->config_file_data[line_counter]->source_host)
{
/*
* okay, the source host and netmask fields pass, see if the
* config file specifies "permit" or "deny" for this host
*/
if (!strcmp(config_info->config_file_data[line_counter]->permit_deny,
"permit"))
{
/*
* check for presence of destination info
*/
if ((config_info->config_file_data[line_counter]->dest_hostname) &&
(context != PMGR))
{
/*
* compute destination info restrictions
*/
2013-08-13 13:39:34 -06:00
if ((dest_sockaddr_in->sin_addr.s_addr &
2006-11-25 13:07:29 -07:00
(~(config_info->config_file_data[line_counter]->dest_net))) ==
config_info->config_file_data[line_counter]->dest_host)
{
/*
2013-08-13 13:39:34 -06:00
* you got a match on the destination, so look at
2006-11-25 13:07:29 -07:00
* the operator and service fields to see if the "permit"
* might be specific to one particular connection-type only
*/
if (config_info->config_file_data[line_counter]->operator != NULL)
{
/*
* there *is* a service id; see if it matches our current
* config check request
*/
2013-08-13 13:39:34 -06:00
if (config_info->config_file_data[line_counter]->service_id ==
2006-11-25 13:07:29 -07:00
context)
{
2013-08-13 13:39:34 -06:00
doPrintEval(config_info, line_counter);
2006-11-25 13:07:29 -07:00
/*
2013-08-13 13:39:34 -06:00
* if you are permitting, there's no rule match to log
2006-11-25 13:07:29 -07:00
*/
*rule_number = line_counter + 1;
return 1;
} else
/*
2013-08-13 13:39:34 -06:00
* we didn't get a match on context; this "permit" doesn't
* apply to the current request; so keep trying
2006-11-25 13:07:29 -07:00
*/
continue;
2013-08-13 13:39:34 -06:00
} else
2006-11-25 13:07:29 -07:00
/*
2013-08-13 13:39:34 -06:00
* there's no service qualifier; permit the connection
2006-11-25 13:07:29 -07:00
*/
doPrintEval(config_info, line_counter);
*rule_number = line_counter + 1;
return 1;
} else
/*
* the destination field doesn't match; keep trying
*/
continue;
} else if ((config_info->
config_file_data[line_counter]->dest_hostname) &&
(context == PMGR))
2013-08-13 13:39:34 -06:00
{
2006-11-25 13:07:29 -07:00
/*
* skip the destination address check and test for
* the operator and service_id
*/
if (config_info->config_file_data[line_counter]->operator != NULL)
{
/*
* there *is* a service id; see if it matches our current
2013-08-13 13:39:34 -06:00
* config check context
2006-11-25 13:07:29 -07:00
*/
2013-08-13 13:39:34 -06:00
if (config_info->config_file_data[line_counter]->service_id
2006-11-25 13:07:29 -07:00
== context)
{
doPrintEval(config_info, line_counter);
/*
* not logging PM events so don't save rule match
*/
return 1;
} else
/*
* we didn't get a match on context; this "permit" doesn't
2013-08-13 13:39:34 -06:00
* apply to the current client request; so keep trying
2006-11-25 13:07:29 -07:00
*/
continue;
2013-08-13 13:39:34 -06:00
} else
{
2006-11-25 13:07:29 -07:00
/*
2013-08-13 13:39:34 -06:00
* there's no service qualifier; permit the connection
2006-11-25 13:07:29 -07:00
*/
doPrintEval(config_info, line_counter);
*rule_number = line_counter + 1;
return 1;
}
} else
{
/*
* there's no destination specified; permit the connection
*/
doPrintEval(config_info, line_counter);
*rule_number = line_counter + 1;
return 1;
}
}
else
{
/*
* we still have to check the destination and service fields
* to know exactly what we are denying
*/
if ((config_info->config_file_data[line_counter]->dest_hostname) &&
(context != PMGR))
{
/*
* compute destination info restrictions
*/
2013-08-13 13:39:34 -06:00
if ((dest_sockaddr_in->sin_addr.s_addr &
2006-11-25 13:07:29 -07:00
(~(config_info->config_file_data[line_counter]->dest_net))) ==
config_info->config_file_data[line_counter]->dest_host)
{
/*
* you got a match on the destination, so look at
* the operator and service fields to see if the "deny"
* might be specific to one particular connection-type only
*/
if (config_info->config_file_data[line_counter]->operator != NULL)
{
/*
* there *is* a service id; see if it matches our current
* config check request
*/
2013-08-13 13:39:34 -06:00
if (config_info->config_file_data[line_counter]->service_id ==
2006-11-25 13:07:29 -07:00
context)
{
/*
* the match signifies an explicit denial of permission
*/
2013-08-13 13:39:34 -06:00
doPrintEval(config_info, line_counter);
2006-11-25 13:07:29 -07:00
/*
2013-08-13 13:39:34 -06:00
* save the rule match number before returning
2006-11-25 13:07:29 -07:00
*/
*rule_number = line_counter + 1;
return 0;
} else
/*
* we didn't get a match on the service id; the "deny"
* operation doesn't apply to this connection, so keep
2013-08-13 13:39:34 -06:00
* trying
2006-11-25 13:07:29 -07:00
*/
continue;
2013-08-13 13:39:34 -06:00
} else
2006-11-25 13:07:29 -07:00
{
/*
2013-08-13 13:39:34 -06:00
* there's no service qualifier; deny the connection
2006-11-25 13:07:29 -07:00
*/
2013-08-13 13:39:34 -06:00
doPrintEval(config_info, line_counter);
2006-11-25 13:07:29 -07:00
/*
2013-08-13 13:39:34 -06:00
* save the rule match number before returning
2006-11-25 13:07:29 -07:00
*/
*rule_number = line_counter + 1;
return 0;
2013-08-13 13:39:34 -06:00
}
2006-11-25 13:07:29 -07:00
} else
/*
2013-08-13 13:39:34 -06:00
* the destination field doesn't match; keep trying
2006-11-25 13:07:29 -07:00
*/
continue;
} else if ((config_info->
config_file_data[line_counter]->dest_hostname) &&
(context == PMGR))
2013-08-13 13:39:34 -06:00
{
2006-11-25 13:07:29 -07:00
/*
* skip the destination address check and test for
* the operator and service_id
*/
if (config_info->config_file_data[line_counter]->operator != NULL)
{
/*
* there *is* a service id; see if it matches our current
2013-08-13 13:39:34 -06:00
* config check context
2006-11-25 13:07:29 -07:00
*/
2013-08-13 13:39:34 -06:00
if (config_info->config_file_data[line_counter]->service_id ==
2006-11-25 13:07:29 -07:00
context)
{
/*
* this is a request to explicitly deny service, so do it
*/
2013-08-13 13:39:34 -06:00
doPrintEval(config_info, line_counter);
2006-11-25 13:07:29 -07:00
/*
* not logging PM events, but if we were, save rule match here
*/
return 0;
} else
/*
* we didn't get a match on context; this "deny" doesn't
2013-08-13 13:39:34 -06:00
* apply to the current client request; so keep trying
2006-11-25 13:07:29 -07:00
*/
continue;
2013-08-13 13:39:34 -06:00
} else
2006-11-25 13:07:29 -07:00
{
/*
2013-08-13 13:39:34 -06:00
* there's no service qualifier; deny the connection
2006-11-25 13:07:29 -07:00
*/
2013-08-13 13:39:34 -06:00
doPrintEval(config_info, line_counter);
2006-11-25 13:07:29 -07:00
/*
* if we were logging PM events ...
*/
return 0;
}
} else
{
/*
* there's no destination specified; deny the connection
*/
2013-08-13 13:39:34 -06:00
doPrintEval(config_info, line_counter);
2006-11-25 13:07:29 -07:00
/*
* save rule match
*/
*rule_number = line_counter + 1;
2013-08-13 13:39:34 -06:00
return 0;
2006-11-25 13:07:29 -07:00
}
} /* end else deny */
} /* end if match on source */
} /* end if valid config line */
} /* end all config lines for loop */
/*
* whatever you did not explicitly permit you must deny -- *unless* --
* no config file was specified, in which case permit all
*/
if (config_info->config_file_path == NULL)
{
if (printConfigVerify)
2013-08-13 13:39:34 -06:00
(void) fprintf(stderr,
2006-11-25 13:07:29 -07:00
"matched default permit 0.0.0.0 255.255.255.255\n");
/*
* there's no rule match to save
*/
*rule_number = -1;
return 1;
}
if (!config_info->config_file_data)
{
/*
* A config file was specified but it had no permit/deny
* entries. This can happen if: the file was empty; the
* file only contained comment entries; the file only has
* require/disallow entries. In any event, this case
* should be treated as if no config file was used - that
* is allow the connection.
*/
*rule_number = -1;
return 1;
}
if (printConfigVerify)
(void) fprintf(stderr, "matched default deny 0.0.0.0 255.255.255.255\n");
/*
2013-08-13 13:39:34 -06:00
* not in this case either
2006-11-25 13:07:29 -07:00
*/
*rule_number = -1;
return 0;
}
2013-08-13 13:39:34 -06:00
void
2006-11-25 13:07:29 -07:00
doCheckTimeouts(
struct config * config_info,
int * nfds_ready,
fd_set * rinit,
fd_set * winit,
fd_set * readable,
fd_set * writable)
{
int client_data_counter;
int client_listen_counter;
int pm_conn_counter;
2013-08-13 13:39:34 -06:00
struct timeval current_time;
2006-11-25 13:07:29 -07:00
struct timezone current_zone;
/*
* get current time
*/
2013-08-13 13:39:34 -06:00
gettimeofday(&current_time, &current_zone);
2006-11-25 13:07:29 -07:00
/*
2013-08-13 13:39:34 -06:00
* start with the clients; we have to do them all, because a
2006-11-25 13:07:29 -07:00
* timeout may occur even if the object's fd is not currently
* readable or writable
*/
2013-08-13 13:39:34 -06:00
for (client_data_counter = 0;
2006-11-25 13:07:29 -07:00
client_data_counter < config_info->num_client_conns;
client_data_counter++)
{
if (client_conn_array[client_data_counter] != NULL)
{
/*
* do the shutdown time computation
*/
2013-08-13 13:39:34 -06:00
if ((current_time.tv_sec
- client_conn_array[client_data_counter]->creation_time)
2006-11-25 13:07:29 -07:00
> client_conn_array[client_data_counter]->time_to_close)
{
/*
* time to shut this client conn down; we're not going to be graceful
2013-08-13 13:39:34 -06:00
* about it, either; we're just going to clear the select() masks for
2006-11-25 13:07:29 -07:00
* the relevant file descriptors, close these fd's and deallocate
2013-08-13 13:39:34 -06:00
* the connection objects (for both client and server), and finally
2006-11-25 13:07:29 -07:00
* adjust the select() return params as necessary
*/
FD_CLR(client_conn_array[client_data_counter]->fd, rinit);
FD_CLR(client_conn_array[client_data_counter]->fd, winit);
FD_CLR(client_conn_array[client_data_counter]->conn_to, rinit);
2013-08-13 13:39:34 -06:00
FD_CLR(client_conn_array[client_data_counter]->conn_to, winit);
2006-11-25 13:07:29 -07:00
close(client_conn_array[client_data_counter]->fd);
close(client_conn_array[client_data_counter]->conn_to);
free(client_conn_array[client_conn_array[client_data_counter]->conn_to]);
if (client_conn_array[client_data_counter]->source)
free(client_conn_array[client_data_counter]->source);
if (client_conn_array[client_data_counter]->destination)
free(client_conn_array[client_data_counter]->destination);
free(client_conn_array[client_data_counter]);
2013-08-13 13:39:34 -06:00
client_conn_array[client_conn_array[client_data_counter]->conn_to] =
2006-11-25 13:07:29 -07:00
NULL;
2013-08-13 13:39:34 -06:00
client_conn_array[client_data_counter] = NULL;
2006-11-25 13:07:29 -07:00
/*
* the nfds_ready value is tricky, because we're not sure if we got
2013-08-13 13:39:34 -06:00
* a readable or writable on the associated connection for this
2006-11-25 13:07:29 -07:00
* iteration through select(); we'll decrement it one instead of two,
* but it really doesn't matter either way given the logic of the
* process readables and writables code
*/
(*nfds_ready)--; /* XXX was *nfds_ready-- found spurious by gcc */
/*
* if you just shut this connection object down, you don't want
* to reset its creation date to now, so go to the next one
*/
2013-08-13 13:39:34 -06:00
continue;
2006-11-25 13:07:29 -07:00
}
/*
* recompute select() timeout to maximize blocking time without
* preventing timeout checking
*/
2013-08-13 13:39:34 -06:00
config_info->select_timeout.tv_sec =
2006-11-25 13:07:29 -07:00
min(config_info->select_timeout.tv_sec,
client_conn_array[client_data_counter]->time_to_close -
2013-08-13 13:39:34 -06:00
(current_time.tv_sec -
2006-11-25 13:07:29 -07:00
client_conn_array[client_data_counter]->creation_time));
/*
* this wasn't a shutdown case, so check to see if there's activity
2013-08-13 13:39:34 -06:00
* on the fd; if so, then reset the creation time field to now
2006-11-25 13:07:29 -07:00
*/
if (FD_ISSET(client_conn_array[client_data_counter]->fd, readable) ||
2013-08-13 13:39:34 -06:00
FD_ISSET(client_conn_array[client_data_counter]->fd, writable))
client_conn_array[client_data_counter]->creation_time =
2006-11-25 13:07:29 -07:00
current_time.tv_sec;
/*
* do the same thing with the conn_to connections, but only
* if they haven't already been marked for closing
*/
if ((client_conn_array[client_data_counter]->conn_to) > 0)
2013-08-13 13:39:34 -06:00
{
if ((FD_ISSET(client_conn_array[client_data_counter]->conn_to,
readable)) ||
(FD_ISSET(client_conn_array[client_data_counter]->conn_to,
2006-11-25 13:07:29 -07:00
writable)))
2013-08-13 13:39:34 -06:00
client_conn_array[client_data_counter]->creation_time =
2006-11-25 13:07:29 -07:00
current_time.tv_sec;
}
}
2013-08-13 13:39:34 -06:00
}
2006-11-25 13:07:29 -07:00
/*
2013-08-13 13:39:34 -06:00
* now do the client listen fds; as with the client data objects,
2006-11-25 13:07:29 -07:00
* we have to do them all, because a timeout may occur even if the
* object's fd is not currently readable or writable
*/
2013-08-13 13:39:34 -06:00
for (client_listen_counter = 0;
2006-11-25 13:07:29 -07:00
client_listen_counter < config_info->num_servers;
client_listen_counter++)
{
if (server_array[client_listen_counter] != NULL)
{
/*
* do the shutdown time computation
*/
2013-08-13 13:39:34 -06:00
if ((current_time.tv_sec
- server_array[client_listen_counter]->creation_time)
2006-11-25 13:07:29 -07:00
> server_array[client_listen_counter]->time_to_close)
{
/*
* time to shut this listener down just like we did above;
* we close the server connection here as well but we don't
* need to worry about the select() mask because we're not
* using the server fd in this object for reading or writing --
* only to initialize the client data object server connections
*/
FD_CLR(server_array[client_listen_counter]->client_listen_fd, rinit);
FD_CLR(server_array[client_listen_counter]->client_listen_fd, winit);
close(server_array[client_listen_counter]->client_listen_fd);
free(server_array[client_listen_counter]);
2013-08-13 13:39:34 -06:00
server_array[client_listen_counter] = NULL;
2006-11-25 13:07:29 -07:00
(*nfds_ready)--; /* XXX */
/*
* if you just shut this connection object down, you don't want
* to reset its creation date to now, so go to the next one
*/
2013-08-13 13:39:34 -06:00
continue;
2006-11-25 13:07:29 -07:00
}
/*
* recompute select() timeout to maximize blocking time without
* preventing timeout checking
*/
2013-08-13 13:39:34 -06:00
config_info->select_timeout.tv_sec =
2006-11-25 13:07:29 -07:00
min(config_info->select_timeout.tv_sec,
server_array[client_listen_counter]->time_to_close -
2013-08-13 13:39:34 -06:00
(current_time.tv_sec -
2006-11-25 13:07:29 -07:00
server_array[client_listen_counter]->creation_time));
/*
* this wasn't a shutdown case, so check to see if there's activity
2013-08-13 13:39:34 -06:00
* on the fd; if so, then reset the creation time field to now
2006-11-25 13:07:29 -07:00
*/
2013-08-13 13:39:34 -06:00
if (FD_ISSET(server_array[client_listen_counter]->client_listen_fd,
2006-11-25 13:07:29 -07:00
readable) ||
2013-08-13 13:39:34 -06:00
FD_ISSET(server_array[client_listen_counter]->client_listen_fd,
2006-11-25 13:07:29 -07:00
writable))
2013-08-13 13:39:34 -06:00
server_array[client_listen_counter]->creation_time =
2006-11-25 13:07:29 -07:00
current_time.tv_sec;
}
2013-08-13 13:39:34 -06:00
}
2006-11-25 13:07:29 -07:00
/*
* last of all the pm connection fds
*/
2013-08-13 13:39:34 -06:00
for (pm_conn_counter = 0;
2006-11-25 13:07:29 -07:00
pm_conn_counter < config_info->num_pm_conns;
pm_conn_counter++)
{
if (pm_conn_array[pm_conn_counter] != NULL)
{
/*
* do the shutdown time computation
*/
2013-08-13 13:39:34 -06:00
if ((current_time.tv_sec
- pm_conn_array[pm_conn_counter]->creation_time)
2006-11-25 13:07:29 -07:00
> pm_conn_array[pm_conn_counter]->time_to_close)
{
/*
2013-08-13 13:39:34 -06:00
* shut this connection down just like the others
2006-11-25 13:07:29 -07:00
*/
FD_CLR(pm_conn_array[pm_conn_counter]->fd, rinit);
FD_CLR(pm_conn_array[pm_conn_counter]->fd, winit);
close(pm_conn_array[pm_conn_counter]->fd);
free(pm_conn_array[pm_conn_counter]);
pm_conn_array[pm_conn_counter] = NULL;
(*nfds_ready)--; /* XXX */
/*
* if you just shut this connection object down, you don't want
* to reset its creation date to now, so go to the next one
*/
2013-08-13 13:39:34 -06:00
continue;
2006-11-25 13:07:29 -07:00
}
/*
* recompute select() timeout to maximize blocking time without
* preventing timeout checking
*/
2013-08-13 13:39:34 -06:00
config_info->select_timeout.tv_sec =
2006-11-25 13:07:29 -07:00
min(config_info->select_timeout.tv_sec,
pm_conn_array[pm_conn_counter]->time_to_close -
2013-08-13 13:39:34 -06:00
(current_time.tv_sec -
2006-11-25 13:07:29 -07:00
pm_conn_array[pm_conn_counter]->creation_time));
/*
* this wasn't a shutdown case, so check to see if there's activity
2013-08-13 13:39:34 -06:00
* on the fd; if so, then reset the creation time field to now
2006-11-25 13:07:29 -07:00
*/
2013-08-13 13:39:34 -06:00
if (FD_ISSET(pm_conn_array[pm_conn_counter]->fd, readable) ||
FD_ISSET(pm_conn_array[pm_conn_counter]->fd, writable))
2006-11-25 13:07:29 -07:00
pm_conn_array[pm_conn_counter]->creation_time = current_time.tv_sec;
}
}
}
int
doHandleConfigFile (
struct config * config_info)
{
FILE * stream;
char line[128];
int num_chars = 120;
int line_number = 0;
if (!config_info->config_file_path)
return 1;
if ((stream = fopen(config_info->config_file_path, "r")) == NULL)
{
perror("Could not open config file");
return 0;
}
2013-08-13 13:39:34 -06:00
while (1)
{
if ((fgets(line, num_chars, stream)) == NULL)
2006-11-25 13:07:29 -07:00
{
#ifdef DEBUG
(void) fprintf(stderr, "Reading config file - got 0 bytes\n");
#endif
break;
}
#ifdef DEBUG
(void) fprintf(stderr, line);
#endif
line_number++;
if (!doProcessLine(line, config_info, line_number))
{
(void) fprintf(stderr,"Config file format error. Parse failed.\n");
(void) fprintf(stderr,"\tline: %s\n", line);
(void) fclose(stream);
return 0;
}
2013-08-13 13:39:34 -06:00
}
2006-11-25 13:07:29 -07:00
if (!feof(stream))
{
(void) fprintf(stderr, "Error parsing config file; not at eof\n");
(void) fclose(stream);
return 0;
}
if (printConfigVerify)
(void) fprintf(stderr, "%d rules read\n", config_info->rule_count);
(void) fclose(stream);
return 1;
}
2013-08-13 13:39:34 -06:00
void
2006-11-25 13:07:29 -07:00
doWriteLogEntry(
char * source,
char * destination,
int event,
int rule_number,
struct config * config_info)
{
FILE * stream;
struct timezone current_zone;
2013-08-13 13:39:34 -06:00
struct timeval current_time;
2006-11-25 13:07:29 -07:00
char * time_stamp;
int time_length;
/*
* if no logfile, then return without action
*/
if (!config_info->log_file_path)
return;
/*
* The xfwp audit/logging spec says to always log CLIENT_REJECT_CONFIG
* events but other events should only be logged if log_level is
* > 0
*/
if (event != CLIENT_REJECT_CONFIG && !config_info->log_level)
return;
if ((stream = fopen(config_info->log_file_path, "a")) == NULL)
{
2013-08-13 13:39:34 -06:00
(void) fprintf(stderr,
2006-11-25 13:07:29 -07:00
"Failed to open log file '%s'\n",
config_info->log_file_path);
return;
}
/*
* generate time stamp for this event
2013-08-13 13:39:34 -06:00
*/
gettimeofday(&current_time, &current_zone);
time_stamp = ctime((time_t *) &current_time.tv_sec);
2006-11-25 13:07:29 -07:00
time_length = strlen(time_stamp);
/*
* eliminate newline character in time stamp
*/
*(&time_stamp[time_length - 1]) = (char) 0;
(void) fprintf (stream, "%s %2d %s %s %2d\n",
time_stamp,
event,
(source) ? source : "",
(destination) ? destination : "",
rule_number);
2013-08-13 13:39:34 -06:00
(void) fclose(stream);
2006-11-25 13:07:29 -07:00
}
2013-08-13 13:39:34 -06:00
void
2006-11-25 13:07:29 -07:00
doCopyFromTo(
2013-08-13 13:39:34 -06:00
int fd_from,
int fd_to,
2006-11-25 13:07:29 -07:00
fd_set * rinit,
fd_set * winit)
{
int ncopy;
2013-08-13 13:39:34 -06:00
2006-11-25 13:07:29 -07:00
if (client_conn_array[fd_from]->wbytes < RWBUFFER_SIZE)
{
/*
* choose to write either how much you have (from->rbytes),
* or how much you can hold (to->wbytes), whichever is
2013-08-13 13:39:34 -06:00
* smaller
2006-11-25 13:07:29 -07:00
*/
ncopy = min(client_conn_array[fd_from]->rbytes,
RWBUFFER_SIZE - client_conn_array[fd_to]->wbytes);
/*
* index into existing number bytes into the write buffer
2013-08-13 13:39:34 -06:00
* to get the start point for copying
2006-11-25 13:07:29 -07:00
*/
bcopy(client_conn_array[fd_from]->readbuf,
2013-08-13 13:39:34 -06:00
client_conn_array[fd_to]->writebuf +
2006-11-25 13:07:29 -07:00
client_conn_array[fd_to]->wbytes, ncopy);
/*
* Then up the to->wbytes counter
*/
client_conn_array[fd_to]->wbytes += ncopy;
/*
* something has to be done here with the select mask!!
*/
2013-08-13 13:39:34 -06:00
FD_SET(fd_to, winit);
2006-11-25 13:07:29 -07:00
if (ncopy == client_conn_array[fd_from]->rbytes)
client_conn_array[fd_from]->rbytes = 0;
else
{
bcopy(client_conn_array[fd_from]->readbuf + ncopy,
client_conn_array[fd_from]->readbuf,
client_conn_array[fd_from]->rbytes - ncopy);
client_conn_array[fd_from]->rbytes -= ncopy;
}
/*
* and here
*/
FD_SET(fd_to, rinit);
}
/*
2013-08-13 13:39:34 -06:00
* If there's no room in the fd_to write buffer, do nothing
2006-11-25 13:07:29 -07:00
* this iteration (keep iterating on select() until something
* gets written from this fd)
*/
return;
}
2013-08-13 13:39:34 -06:00
int
2006-11-25 13:07:29 -07:00
doCheckServerList(
2013-08-13 13:39:34 -06:00
char * server_address,
2006-11-25 13:07:29 -07:00
char ** listen_port_string,
int num_servers)
{
/*
* this routine checks the server_address (provided by XFindProxy
* and forwarded through the PM to the FWP) against the list of
* servers to which connections have already been established;
2013-08-13 13:39:34 -06:00
* it does no format type checking or conversions! (i.e., network-id
* vs. hostname representations); if the string received is not an
2006-11-25 13:07:29 -07:00
* exact match to one in the list, FWP will open a new connection
* to the specified server, even though one may already exist under
* a different name-format; all this is in a separate routine in
* case we want to check the various formats in the future
*/
int list_counter;
for (list_counter = 0; list_counter < num_servers; list_counter++)
{
if (server_array[list_counter] != NULL)
2013-08-13 13:39:34 -06:00
{
if (!strcmp(server_array[list_counter]->x_server_hostport,
2006-11-25 13:07:29 -07:00
server_address))
{
/*
2013-08-13 13:39:34 -06:00
* allocate and return the listen_port_string
2006-11-25 13:07:29 -07:00
*/
2013-08-13 13:39:34 -06:00
if ((*listen_port_string =
strdup(server_array[list_counter]->listen_port_string)) == NULL)
2006-11-25 13:07:29 -07:00
{
(void) fprintf(stderr, "malloc - listen_port_string\n");
return FAILURE;
}
2013-08-13 13:39:34 -06:00
return SUCCESS;
2006-11-25 13:07:29 -07:00
}
}
}
return FAILURE;
}
2013-08-13 13:39:34 -06:00
void
2006-11-25 13:07:29 -07:00
doProcessInputArgs (
2013-08-13 13:39:34 -06:00
struct config * config_info,
int argc,
2006-11-25 13:07:29 -07:00
char * argv[])
{
int arg_counter;
int break_flag = 0;
config_info->num_servers = 0;
config_info->num_pm_conns = 0;
config_info->pm_data_timeout = 0;
config_info->client_listen_timeout = 0;
config_info->client_data_timeout = 0;
config_info->log_level = 0;
config_info->rule_count = config_info->lines_allocated = 0;
config_info->pm_listen_port = NULL;
config_info->config_file_data = NULL;
config_info->config_file_path = NULL;
config_info->log_file_path = NULL;
2013-08-13 13:39:34 -06:00
2006-11-25 13:07:29 -07:00
/*
2013-08-13 13:39:34 -06:00
* initialize timeout for three port types; if a timeout for a
* particular port type (pmdata, clientlisten, clientdata) is
2006-11-25 13:07:29 -07:00
* not specified explicitly, then it assumes the hard-coded
* default value; initialize other command line options here
* as well
*/
for (arg_counter = 1; arg_counter < argc; arg_counter++)
{
if (argv[arg_counter][0] == '-')
{
if (!strcmp("-pdt", argv[arg_counter]))
{
if (arg_counter + 1 == argc)
{
2013-08-13 13:39:34 -06:00
break_flag = 1;
2006-11-25 13:07:29 -07:00
break;
}
config_info->pm_data_timeout = atoi(argv[arg_counter + 1]);
}
else if (!strcmp("-clt", argv[arg_counter]))
{
if (arg_counter + 1 == argc)
{
break_flag = 1;
2013-08-13 13:39:34 -06:00
break;
2006-11-25 13:07:29 -07:00
}
config_info->client_listen_timeout = atoi(argv[arg_counter + 1]);
}
else if (!strcmp("-cdt", argv[arg_counter]))
{
if (arg_counter + 1 == argc)
{
break_flag = 1;
2013-08-13 13:39:34 -06:00
break;
2006-11-25 13:07:29 -07:00
}
config_info->client_data_timeout = atoi(argv[arg_counter + 1]);
}
else if (!strcmp("-pmport", argv[arg_counter]))
{
if (arg_counter + 1 == argc)
{
2013-08-13 13:39:34 -06:00
break_flag = 1;
2006-11-25 13:07:29 -07:00
break;
}
if (atoi(argv[arg_counter + 1]) > 65536)
{
break_flag = 1;
2013-08-13 13:39:34 -06:00
break;
2006-11-25 13:07:29 -07:00
}
2013-08-13 13:39:34 -06:00
if ((config_info->pm_listen_port = strdup(argv[arg_counter+1])) == NULL)
{
fprintf(stderr, "malloc - argument -pmport\n");
exit(1);
}
2006-11-25 13:07:29 -07:00
}
else if (!strcmp("-max_pm_conns", argv[arg_counter]))
{
if (arg_counter + 1 == argc)
{
2013-08-13 13:39:34 -06:00
break_flag = 1;
2006-11-25 13:07:29 -07:00
break;
}
config_info->num_pm_conns = atoi(argv[arg_counter + 1]);
}
else if (!strcmp("-max_server_conns", argv[arg_counter]))
{
if (arg_counter + 1 == argc)
{
2013-08-13 13:39:34 -06:00
break_flag = 1;
2006-11-25 13:07:29 -07:00
break;
}
config_info->num_servers = atoi(argv[arg_counter + 1]);
}
else if (!strcmp("-config", argv[arg_counter]))
{
if (arg_counter + 1 == argc)
{
break_flag = 1;
2013-08-13 13:39:34 -06:00
break;
2006-11-25 13:07:29 -07:00
}
2013-08-13 13:39:34 -06:00
if ((config_info->config_file_path = strdup(argv[arg_counter+1]))
== NULL)
{
fprintf(stderr, "malloc - argument -config\n");
exit(1);
}
2006-11-25 13:07:29 -07:00
}
else if (!strcmp("-verify", argv[arg_counter]))
{
printConfigVerify = TRUE;
}
else if (!strcmp("-logfile", argv[arg_counter]))
{
if (arg_counter + 1 == argc)
{
break_flag = 1;
break;
}
2013-08-13 13:39:34 -06:00
if ((config_info->log_file_path = strdup(argv[arg_counter+1])) == NULL)
{
fprintf(stderr, "malloc - argument -logfile\n");
exit(1);
}
2006-11-25 13:07:29 -07:00
}
else if (!strcmp("-loglevel", argv[arg_counter]))
{
if ((arg_counter + 1 == argc) || (atoi(argv[arg_counter + 1]) > 1))
{
break_flag = 1;
2013-08-13 13:39:34 -06:00
break;
2006-11-25 13:07:29 -07:00
}
config_info->log_level = atoi(argv[arg_counter + 1]);
}
else
{
(void) fprintf(stderr, "Unrecognized command line argument\n");
Usage();
}
}
2013-08-13 13:39:34 -06:00
}
2006-11-25 13:07:29 -07:00
if (break_flag)
Usage();
/*
* Create space for the global connection arrays
*/
#ifdef XNO_SYSCONF /* should only be on FreeBSD 1.x and NetBSD 0.x */
#undef _SC_OPEN_MAX
#endif
#ifdef _SC_OPEN_MAX
config_info->num_client_conns = sysconf(_SC_OPEN_MAX) - 1;
#else
#ifdef hpux
config_info->num_client_conns = _NFILE - 1;
#else
config_info->num_client_conns = getdtablesize() - 1;
#endif
#endif
2013-08-13 13:39:34 -06:00
client_conn_array =
2006-11-25 13:07:29 -07:00
malloc (config_info->num_client_conns * sizeof (struct client_conn_buf *));
if (!client_conn_array)
{
(void) fprintf (stderr, "malloc - client connection array\n");
exit (1);
}
if (!config_info->num_pm_conns)
config_info->num_pm_conns = MAX_PM_CONNS;
2013-08-13 13:39:34 -06:00
pm_conn_array =
2006-11-25 13:07:29 -07:00
malloc (config_info->num_client_conns * sizeof (struct pm_conn_buf *));
2013-08-13 13:39:34 -06:00
if (!pm_conn_array)
2006-11-25 13:07:29 -07:00
{
(void) fprintf (stderr, "malloc - PM connection array\n");
exit (1);
}
if (!config_info->num_servers)
config_info->num_servers = MAX_SERVERS;
server_array = (struct server_list **)
malloc (config_info->num_servers * sizeof (struct server_list *));
if (!server_array)
{
(void) fprintf (stderr, "malloc - server listen array\n");
exit (1);
}
/*
* check timeout values; if still zero then apply defaults
*/
if (config_info->pm_data_timeout <= 0)
config_info->pm_data_timeout = PM_DATA_TIMEOUT_DEFAULT;
if (config_info->client_listen_timeout <= 0)
config_info->client_listen_timeout = CLIENT_LISTEN_TIMEOUT_DEFAULT;
if (config_info->client_data_timeout <= 0)
config_info->client_data_timeout = CLIENT_DATA_TIMEOUT_DEFAULT;
if (config_info->pm_listen_port == NULL)
{
2013-08-13 13:39:34 -06:00
config_info->pm_listen_port = strdup(PM_LISTEN_PORT);
if (!config_info->pm_listen_port)
{
(void) fprintf (stderr, "malloc - PM listen port\n");
exit (1);
}
2006-11-25 13:07:29 -07:00
}
}
int
doInitDataStructs(
2013-08-13 13:39:34 -06:00
struct config * config_info,
2006-11-25 13:07:29 -07:00
struct ICE_setup_info * pm_conn_setup)
{
int i;
/*
* Initialize select() timeout; start with a high value, which will
* be overridden by the minimum timeout value of all fd's taken
* together;this heuristic allows us to block inside select()
* as much as possible (avoiding CPU spin cycles), as well as
* to periodically check timeouts on open ports and thereby recover
* them
*/
config_info->select_timeout.tv_usec = 0;
2013-08-13 13:39:34 -06:00
config_info->select_timeout.tv_sec = 180000;
2006-11-25 13:07:29 -07:00
/*
* NULL the connection arrays
*/
for (i = 0; i < config_info->num_client_conns; i++)
client_conn_array[i] = NULL;
for (i = 0; i < config_info->num_pm_conns; i++)
pm_conn_array[i] = NULL;
for (i = 0; i < config_info->num_servers; i++)
server_array[i] = NULL;
/*
* init ICE connection setup data
*/
pm_conn_setup->opcode = 0;
pm_conn_setup->versionCount = 1;
pm_conn_setup->PMVersions->major_version = 1;
pm_conn_setup->PMVersions->minor_version = 0;
2013-08-13 13:39:34 -06:00
pm_conn_setup->PMVersions->process_msg_proc =
2006-11-25 13:07:29 -07:00
(IcePaProcessMsgProc) FWPprocessMessages;
/*
* Register for protocol setup
*/
if ((pm_conn_setup->opcode = IceRegisterForProtocolReply(
PM_PROTOCOL_NAME,
"XC",
"1.0",
pm_conn_setup->versionCount,
pm_conn_setup->PMVersions,
0, /* authcount */
NULL, /* authname */
NULL, /* authprocs */
FWPHostBasedAuthProc, /* force non-auth */
FWPprotocolSetupProc,
NULL, /* protocol activate proc */
NULL /* IceIOErrorProc */ )) < 0)
{
/*
* Log this message?
*/
(void) fprintf(stderr, "Could not register PROXY_MANAGEMENT ICE protocol");
return FAILURE;
}
global_data.major_opcode = pm_conn_setup->opcode;
return SUCCESS;
}