OSSP: CVS Repository: Check-in [1161]

Check-in Number:

1161

Date:

2001-Oct-12 08:58:54 (local)
2001-Oct-12 06:58:54 (UTC)

User:

thl

Branch:

Comment:

cleaned ACL logging, moved ACL fake initialization using fprintf before l2 initalization, changed "any-IP" to IPv4 ACL insertion, prepared for IPv6 fake ACL insertion (not working due to IPv6 syntax, possibly in sa)

Tickets:

Inspections:

Files:

ossp-pkg/lmtp2nntp/lmtp2nntp.c

1.79 -> 1.80

55 inserted, 32 deleted

ossp-pkg/lmtp2nntp/lmtp2nntp.c 1.79 -> 1.80

--- lmtp2nntp.c 2001/10/11 15:46:48 1.79 +++ lmtp2nntp.c 2001/10/12 06:58:54 1.80 @@ -760,6 +760,57 @@ argz_add(&ctx->azGroupargs, &ctx->asGroupargs, argv[i]); } + /* if no positive ACL exists (option -a) add a wildcard match-all for IPv4 and IPv6 */ + bOk = FALSE; + for (i = 0; i < ctx->option_aclc; i++) { + if (!ctx->option_acl[i].not) { + bOk = TRUE; + break; + } + } + if (!bOk) { + if (ctx->option_aclc >= MAXACLS) { + fprintf(stderr, "%s:Error: Too many ACL (%d) using option -a (no space for additional fake IPv4 ACL)\n", ctx->progname, ctx->option_aclc); + CU(ERR_EXECUTION); + } + ctx->option_acl[ctx->option_aclc].acl = "0.0.0.0"; + ctx->option_acl[ctx->option_aclc].not = FALSE; + ctx->option_acl[ctx->option_aclc].prefixlen = 0; + if ((rc = sa_addr_create(&ctx->option_acl[ctx->option_aclc].saa)) != SA_OK) { + fprintf(stderr, "%s:Error: Creating fake address failed for -a option (%d)\n", + ctx->progname, rc); + } + if ((rc = sa_addr_u2a(ctx->option_acl[ctx->option_aclc].saa, "inet://%s:0", ctx->option_acl[ctx->option_aclc].acl)) != SA_OK) { + fprintf(stderr, "%s:Error: Parsing host address failed for \"%s:0\" (%s)\n", + ctx->progname, ctx->option_acl[ctx->option_aclc].acl, + sa_error(rc)); + CU(ERR_EXECUTION); + } + ctx->option_aclc++; + } +#if 0 //FIXME IPv6 addr not working + if (!bOk) { + if (ctx->option_aclc >= MAXACLS) { + fprintf(stderr, "%s:Error: Too many ACL (%d) using option -a (no space for additional fake IPv6 ACL)\n", ctx->progname, ctx->option_aclc); + CU(ERR_EXECUTION); + } + ctx->option_acl[ctx->option_aclc].acl = "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"; + ctx->option_acl[ctx->option_aclc].not = FALSE; + ctx->option_acl[ctx->option_aclc].prefixlen = 0; + if ((rc = sa_addr_create(&ctx->option_acl[ctx->option_aclc].saa)) != SA_OK) { + fprintf(stderr, "%s:Error: Creating fake address failed for -a option (%d)\n", + ctx->progname, rc); + } + if ((rc = sa_addr_u2a(ctx->option_acl[ctx->option_aclc].saa, "inet://%s:0", ctx->option_acl[ctx->option_aclc].acl)) != SA_OK) { + fprintf(stderr, "%s:Error: Parsing host address failed for \"%s:0\" (%s)\n", + ctx->progname, ctx->option_acl[ctx->option_aclc].acl, + sa_error(rc)); + CU(ERR_EXECUTION); + } + ctx->option_aclc++; + } +#endif + if ((ctx->l2 = l2_stream_create()) == NULL) { fprintf(stderr, "%s:Error: logging failed to create stream\n", ctx->progname); CU(ERR_EXECUTION); @@ -859,34 +910,6 @@ CU(0); } - /* if no positive ACL exists (option -a) add a wildcard match-all */ - bOk = FALSE; - for (i = 0; i < ctx->option_aclc; i++) { - if (!ctx->option_acl[i].not) { - bOk = TRUE; - break; - } - } - if (!bOk) { - if (ctx->option_aclc >= MAXACLS) { - fprintf(stderr, "%s:Error: Too many ACL (%d) using option -a (no space for additional fake ACL)\n", ctx->progname, ctx->option_aclc); - CU(ERR_EXECUTION); - } - ctx->option_acl[ctx->option_aclc].acl = "0.0.0.0/0[FAKE]"; - ctx->option_acl[ctx->option_aclc].not = FALSE; - ctx->option_acl[ctx->option_aclc].prefixlen = 0; - if ((rc = sa_addr_create(&ctx->option_acl[ctx->option_aclc].saa)) != SA_OK) { - fprintf(stderr, "%s:Error: Creating fake address failed for -a option (%d)\n", - ctx->progname, rc); - } - if ((rc = sa_addr_u2a(ctx->option_acl[ctx->option_aclc].saa, "inet://0.0.0.0:0")) != SA_OK) { - fprintf(stderr, "%s:Error: Parsing host address failed for \"0.0.0.0:0\" (%d)\n", - ctx->progname, rc); - CU(ERR_EXECUTION); - } - ctx->option_aclc++; - } - catchsignal(0, ctx); signal(SIGCHLD, (void(*)())catchsignal); signal(SIGHUP, (void(*)())catchsignal); @@ -970,12 +993,12 @@ sa_addr_a2u(ctx->option_acl[i].saa, &cpA1); sa_addr_a2u(ctx->saaIO, &cpA2); if (sa_addr_match(ctx->saaIO, ctx->option_acl[i].saa, ctx->option_acl[i].prefixlen) == SA_OK) { - log4(ctx, TRACE, "positive/inclusive ACL \"%s\" (%s/%d) matching %s: OK", ctx->option_acl[i].acl, cpA1, ctx->option_acl[i].prefixlen, cpA2); + log4(ctx, TRACE, "positive/inclusive ACL \"%s\" (%s/%d) matches %s: YES (stop comparison)", ctx->option_acl[i].acl, cpA1, ctx->option_acl[i].prefixlen, cpA2); bOk = TRUE; break; } else - log4(ctx, TRACE, "positive/inclusive ACL \"%s\" (%s/%d) matching %s: FAILED", ctx->option_acl[i].acl, cpA1, ctx->option_acl[i].prefixlen, cpA2); + log4(ctx, TRACE, "positive/inclusive ACL \"%s\" (%s/%d) matches %s: NO", ctx->option_acl[i].acl, cpA1, ctx->option_acl[i].prefixlen, cpA2); free(cpA1); free(cpA2); } @@ -988,12 +1011,12 @@ sa_addr_a2u(ctx->option_acl[i].saa, &cpA1); sa_addr_a2u(ctx->saaIO, &cpA2); if (sa_addr_match(ctx->saaIO, ctx->option_acl[i].saa, ctx->option_acl[i].prefixlen) == SA_OK) { - log4(ctx, TRACE, "negative/exclusive ACL \"%s\" (not %s/%d) matching %s: OK (stop)", ctx->option_acl[i].acl, cpA1, ctx->option_acl[i].prefixlen, cpA2); + log4(ctx, TRACE, "negative/exclusive ACL \"%s\" (not %s/%d) matches %s: YES (stop comparison)", ctx->option_acl[i].acl, cpA1, ctx->option_acl[i].prefixlen, cpA2); bOk = FALSE; break; } else { - log4(ctx, TRACE, "negative/exclusive ACL \"%s\" (not %s/%d) matching %s: FAILED", ctx->option_acl[i].acl, cpA1, ctx->option_acl[i].prefixlen, cpA2); + log4(ctx, TRACE, "negative/exclusive ACL \"%s\" (not %s/%d) matches %s: NO", ctx->option_acl[i].acl, cpA1, ctx->option_acl[i].prefixlen, cpA2); } } if (bOk) {

OSSP CVS Repository