OSSP CVS Repository

ossp - Check-in [1731]
Not logged in
[Honeypot]  [Browse]  [Home]  [Login]  [Reports
[Search]  [Ticket]  [Timeline
  [Patchset]  [Tagging/Branching

Check-in Number: 1731
Date: 2002-Jan-31 10:03:58 (local)
2002-Jan-31 09:03:58 (UTC)
User:thl
Branch:
Comment: moved --acl option
Tickets:
Inspections:
Files:
ossp-pkg/lmtp2nntp/example.conf      1.7 -> 1.8     3 inserted, 3 deleted
ossp-pkg/lmtp2nntp/fixme.h      1.2 -> 1.3     6 inserted, 0 deleted
ossp-pkg/lmtp2nntp/lmtp2nntp_config.c      1.18 -> 1.19     37 inserted, 51 deleted
ossp-pkg/lmtp2nntp/lmtp2nntp_main.c      1.12 -> 1.13     34 inserted, 39 deleted

ossp-pkg/lmtp2nntp/example.conf 1.7 -> 1.8

--- example.conf 2002/01/30 16:41:02     1.7
+++ example.conf 2002/01/31 09:03:58     1.8
@@ -12,9 +12,9 @@
 veryverbose                                     #see -V aka --veryverbose
                                                 #           obsolete since v1.2
                                                 #           remove the "buffer" channel from l2spec
-acl             10/8                            #see -a aka --acl
-acl             172.16/12
-acl             192.168/16
+acl             10.0.0.0/8                      #see -a aka --acl
+acl             172.16.0.0/12
+acl             192.168.0.0/16
 acl             127.0.0.1/32     
 bind            127.0.0.1:12345                 #see -b aka --bind, use IPv4:port
 #bind           "/tmp/uds:600"                  #    UNIX domain socket path:permissions 


ossp-pkg/lmtp2nntp/fixme.h 1.2 -> 1.3

--- fixme.h      2002/01/30 16:41:02     1.2
+++ fixme.h      2002/01/31 09:03:58     1.3
@@ -57,8 +57,14 @@
     int             option_killflag;
     uid_t           option_uid;
     int             option_daemon;
+
+    /*FIXME replaced by following
     int             option_aclc;
     struct acl      option_acl[MAXACLS];
+    */
+    int             nacl;
+    struct acl     *pacl;
+
     int             option_veryverbose;
     int             option_childsmax;
     int             active_childs;


ossp-pkg/lmtp2nntp/lmtp2nntp_config.c 1.18 -> 1.19

--- lmtp2nntp_config.c   2002/01/30 16:41:02     1.18
+++ lmtp2nntp_config.c   2002/01/31 09:03:58     1.19
@@ -159,15 +159,14 @@
             || (ov->data.s == NULL)
               ) throw(0,0,0);
         log1(ctx, TRACE, "--childsmax = \"%s\"", ov->data.s);
+
         if ((ctx->option_childsmax = atoi(ov->data.s)) <= 0) {
-            log1(ctx, ERROR, "number (%d) out of range for option --childsmax\n", ctx->option_childsmax);
+            log1(ctx, ERROR, "option --childsmax, number (%d) out of range",
+                 ctx->option_childsmax);
             throw(0,0,0);
         }
     }
     catch (ex) {
-        log1(ctx, ERROR, "caught class  %s\n", ex.ex_class  == NULL ? "N/A" : (char *)ex.ex_class );
-        log1(ctx, ERROR, "caught object %s\n", ex.ex_object == NULL ? "N/A" : (char *)ex.ex_object);
-        log1(ctx, ERROR, "caught value  %s\n", ex.ex_value  == NULL ? "N/A" : (char *)ex.ex_value );
         rethrow;
     }
 
@@ -178,6 +177,7 @@
             || (ov->data.f != 1)
               ) throw(0,0,0);
         log1(ctx, TRACE, "--daemonize = %d", ov->data.f);
+
         ctx->option_daemon = TRUE;
     }
     catch (ex)
@@ -190,6 +190,7 @@
             || (ov->data.f != 1)
               ) throw(0,0,0);
         log1(ctx, TRACE, "--kill = %d", ov->data.f);
+
         ctx->option_killflag = TRUE;
     }
     catch (ex)
@@ -202,6 +203,7 @@
             || (ov->data.s == NULL)
               ) throw(0,0,0);
         log1(ctx, TRACE, "--pidfile = \"%s\"", ov->data.s);
+
         ctx->option_pidfile = ov->data.s;
     }
     catch (ex)
@@ -209,67 +211,51 @@
 
     /* --acl MULTI */
     try {
-        int i;
         char *cp;
-        struct acl *acl;
+        int i;
 
         if (   (val_get(ctx->val, "option.acl", &ov) != VAL_OK)
             || ((ov->ndata >= 1) && (ov->data.m == NULL))
               ) throw(0,0,0);
+        log1(ctx, DEBUG, "ov->ndata = %d", ov->ndata);
         for (i = 0; i < ov->ndata; i++)
             log2(ctx, TRACE, "--acl[%d] = \"%s\"", i, (ov->data.m)[i]);
-        log1(ctx, DEBUG, "ov->ndata = %d", ov->ndata);
-        if ((acl = (struct acl *)malloc(ov->ndata * sizeof(struct acl))) == NULL) throw(0,0,0);
+
+        if ((ctx->pacl = (struct acl *)malloc(ov->ndata * sizeof(struct acl))) == NULL) throw(0,0,0);
         for (i = 0; i < ov->ndata; i++) {
             cp = (ov->data.m)[i];
             log2(ctx, DEBUG, "cp = (data.m)[%d] = \"%s\"", i, cp);
-            //ctx->option_acl[ctx->option_aclc].acl = strdup(cp);
+            if (cp[0] == '!') {
+                ctx->pacl[i].acl = strdup(cp + 1);
+                ctx->pacl[i].not = TRUE;
+            }
+            else {
+                ctx->pacl[i].acl = strdup(cp);
+                ctx->pacl[i].not = TRUE;
+            }
+            log2(ctx, DEBUG, "ctx->pacl[%d].not = %s", i, ctx->pacl[i].not == TRUE ? "TRUE" : "FALSE");
+            log2(ctx, DEBUG, "ctx->pacl[%d].acl = %s", i, ctx->pacl[i].acl);
+            if ((cp = strrchr(ctx->pacl[i].acl, '/')) != NULL)
+                *cp++ = NUL;
+            else
+                cp = "-1";
+            ctx->pacl[i].prefixlen = atoi(cp);
+            log2(ctx, DEBUG, "ctx->pacl[%d].prefixlen = %d", i, ctx->pacl[i].prefixlen);
+            if ((rc = sa_addr_create(&(ctx->pacl[i].saa))) != SA_OK) {
+                log1(ctx, ERROR, "option --acl, create address (internal) failed with \"%s\"",
+                     sa_error(rc));
+                throw(0,0,0);
+                }
+            if ((rc = sa_addr_u2a(ctx->pacl[i].saa, "inet://%s:0", ctx->pacl[i].acl)) != SA_OK) {
+                log2(ctx, ERROR, "option --acl, parsing address (%s) failed with \"%s\"",
+                     ctx->pacl[i].acl, sa_error(rc));
+                throw(0,0,0);
+                }
         }
-
+        ctx->nacl = i;
     }
     catch (ex)
         rethrow;
-#if 0
-
-                if (argz_create_sep(optarg, ',', &azACL, &asACL) != 0)
-                    CU(ERR_EXECUTION);
-                cp = NULL;
-                while ((cp = argz_next(azACL, asACL, cp)) != NULL) {
-                    if (ctx->option_aclc >= MAXACLS) {
-                        fprintf(stderr, "%s:Error: Too many ACL (%d) using option -a\n", ctx->progname, ctx->option_aclc);
-                        CU(ERR_EXECUTION);
-                    }
-
-
-
-                    ctx->option_acl[ctx->option_aclc].acl = strdup(cp);
-                    if (cp[0] == '!') {
-                        ctx->option_acl[ctx->option_aclc].not = TRUE;
-                        cpAddr = strdup(cp+1);
-                    }
-                    else {
-                        cpAddr = strdup(cp);
-                    }
-                    if ((cpPrefixLen = strrchr(cpAddr, '/')) != NULL)
-                        *cpPrefixLen++ = NUL;
-                    else
-                        cpPrefixLen = "-1";
-                    ctx->option_acl[ctx->option_aclc].prefixlen = atoi(cpPrefixLen);
-                    if ((rc = sa_addr_create(&ctx->option_acl[ctx->option_aclc].saa)) != SA_OK) {
-                        fprintf(stderr, "%s:Error: Creating address failed for -a option (%d)\n", 
-                                ctx->progname, rc);
-                    }
-                    if ((rc = sa_addr_u2a(ctx->option_acl[ctx->option_aclc].saa, "inet://%s:0", cpAddr)) != SA_OK) {
-                        fprintf(stderr, "%s:Error: Parsing host address failed for \"%s:0\" (%d)\n", 
-                                ctx->progname, cpAddr, rc);
-                        CU(ERR_EXECUTION);
-                    }
-                    ctx->option_aclc++;
-                    free(cpAddr);
-                }
-                free(azACL);
-#endif
-
 
 CUS:
     return;


ossp-pkg/lmtp2nntp/lmtp2nntp_main.c 1.12 -> 1.13

--- lmtp2nntp_main.c     2002/01/30 16:41:02     1.12
+++ lmtp2nntp_main.c     2002/01/31 09:03:58     1.13
@@ -447,13 +447,8 @@
         ctx->ns[i].rc = LMTP_ERR_UNKNOWN;
         ctx->ns[i].l2 = NULL;
     }
-    ctx->option_aclc = 0;
-    for (i = 0; i < MAXACLS; i++) {
-        ctx->option_acl[i].acl = NULL;
-        ctx->option_acl[i].not = FALSE;
-        ctx->option_acl[i].saa = NULL;
-        ctx->option_acl[i].prefixlen = 0;
-    }
+    ctx->nacl = 0;
+    ctx->pacl = NULL;
     ctx->azGroupargs = NULL;
     ctx->asGroupargs = 0;
     initsession(&ctx->session);
@@ -824,51 +819,51 @@
 
     /* if no positive ACL exists (option -a) add a wildcard match-all for IPv4 and IPv6 */
     bOk = FALSE;
-    for (i = 0; i < ctx->option_aclc; i++) {
-        if (!ctx->option_acl[i].not) {
+    for (i = 0; i < ctx->nacl; i++) {
+        if (!ctx->pacl[i].not) {
             bOk = TRUE;
             break;
         }
     }
     if (!bOk) {
-        if (ctx->option_aclc >= MAXACLS) {
-            fprintf(stderr, "%s:Error: Too many ACL (%d) using option -a (no space for additional fake IPv4 ACL)\n", ctx->progname, ctx->option_aclc);
+        if (ctx->nacl >= MAXACLS) {
+            fprintf(stderr, "%s:Error: Too many ACL (%d) using option -a (no space for additional fake IPv4 ACL)\n", ctx->progname, ctx->nacl);
             CU(ERR_EXECUTION);
         }
-        ctx->option_acl[ctx->option_aclc].acl = "0.0.0.0";
-        ctx->option_acl[ctx->option_aclc].not = FALSE;
-        ctx->option_acl[ctx->option_aclc].prefixlen = 0;
-        if ((rc = sa_addr_create(&ctx->option_acl[ctx->option_aclc].saa)) != SA_OK) {
+        ctx->pacl[ctx->nacl].acl = "0.0.0.0";
+        ctx->pacl[ctx->nacl].not = FALSE;
+        ctx->pacl[ctx->nacl].prefixlen = 0;
+        if ((rc = sa_addr_create(&ctx->pacl[ctx->nacl].saa)) != SA_OK) {
             fprintf(stderr, "%s:Error: Creating fake address failed for -a option (%d)\n", 
                     ctx->progname, rc);
         }
-        if ((rc = sa_addr_u2a(ctx->option_acl[ctx->option_aclc].saa, "inet://%s:0", ctx->option_acl[ctx->option_aclc].acl)) != SA_OK) {
+        if ((rc = sa_addr_u2a(ctx->pacl[ctx->nacl].saa, "inet://%s:0", ctx->pacl[ctx->nacl].acl)) != SA_OK) {
             fprintf(stderr, "%s:Error: Parsing host address failed for \"%s:0\" (%s)\n", 
-                    ctx->progname, ctx->option_acl[ctx->option_aclc].acl,
+                    ctx->progname, ctx->pacl[ctx->nacl].acl,
                     sa_error(rc));
             CU(ERR_EXECUTION);
         }
-        ctx->option_aclc++;
+        ctx->nacl++;
     }
     if (!bOk) {
-        if (ctx->option_aclc >= MAXACLS) {
-            fprintf(stderr, "%s:Error: Too many ACL (%d) using option -a (no space for additional fake IPv6 ACL)\n", ctx->progname, ctx->option_aclc);
+        if (ctx->nacl >= MAXACLS) {
+            fprintf(stderr, "%s:Error: Too many ACL (%d) using option -a (no space for additional fake IPv6 ACL)\n", ctx->progname, ctx->nacl);
             CU(ERR_EXECUTION);
         }
-        ctx->option_acl[ctx->option_aclc].acl = "[::]";
-        ctx->option_acl[ctx->option_aclc].not = FALSE;
-        ctx->option_acl[ctx->option_aclc].prefixlen = 0;
-        if ((rc = sa_addr_create(&ctx->option_acl[ctx->option_aclc].saa)) != SA_OK) {
+        ctx->pacl[ctx->nacl].acl = "[::]";
+        ctx->pacl[ctx->nacl].not = FALSE;
+        ctx->pacl[ctx->nacl].prefixlen = 0;
+        if ((rc = sa_addr_create(&ctx->pacl[ctx->nacl].saa)) != SA_OK) {
             fprintf(stderr, "%s:Error: Creating fake address failed for -a option (%d)\n", 
                     ctx->progname, rc);
         }
-        if ((rc = sa_addr_u2a(ctx->option_acl[ctx->option_aclc].saa, "inet://%s:0", ctx->option_acl[ctx->option_aclc].acl)) != SA_OK) {
+        if ((rc = sa_addr_u2a(ctx->pacl[ctx->nacl].saa, "inet://%s:0", ctx->pacl[ctx->nacl].acl)) != SA_OK) {
             fprintf(stderr, "%s:Error: Parsing host address failed for \"%s:0\" (%s)\n", 
-                    ctx->progname, ctx->option_acl[ctx->option_aclc].acl,
+                    ctx->progname, ctx->pacl[ctx->nacl].acl,
                     sa_error(rc));
             CU(ERR_EXECUTION);
         }
-        ctx->option_aclc++;
+        ctx->nacl++;
     }
 
     if (getuid() != ctx->option_uid) {
@@ -987,38 +982,38 @@
             /* Access Control List */
             bOk = FALSE;
             /* check positive matches */
-            for (i = 0; i < ctx->option_aclc; i++) {
+            for (i = 0; i < ctx->nacl; i++) {
                 char *cpA1;
                 char *cpA2;
-                if (ctx->option_acl[i].not)
+                if (ctx->pacl[i].not)
                     continue;
-                sa_addr_a2u(ctx->option_acl[i].saa, &cpA1);
+                sa_addr_a2u(ctx->pacl[i].saa, &cpA1);
                 sa_addr_a2u(ctx->saaIO, &cpA2);
-                if (sa_addr_match(ctx->saaIO, ctx->option_acl[i].saa, ctx->option_acl[i].prefixlen) == SA_OK) {
-                    log4(ctx, TRACE, "positive/inclusive ACL \"%s\" (%s/%d) matches %s: YES (stop comparison)", ctx->option_acl[i].acl, cpA1, ctx->option_acl[i].prefixlen, cpA2);
+                if (sa_addr_match(ctx->saaIO, ctx->pacl[i].saa, ctx->pacl[i].prefixlen) == SA_OK) {
+                    log4(ctx, TRACE, "positive/inclusive ACL \"%s\" (%s/%d) matches %s: YES (stop comparison)", ctx->pacl[i].acl, cpA1, ctx->pacl[i].prefixlen, cpA2);
                     bOk = TRUE;
                     break;
                 }
                 else
-                    log4(ctx, TRACE, "positive/inclusive ACL \"%s\" (%s/%d) matches %s: NO", ctx->option_acl[i].acl, cpA1, ctx->option_acl[i].prefixlen, cpA2);
+                    log4(ctx, TRACE, "positive/inclusive ACL \"%s\" (%s/%d) matches %s: NO", ctx->pacl[i].acl, cpA1, ctx->pacl[i].prefixlen, cpA2);
                 free(cpA1);
                 free(cpA2);
             }
             /* check negative matches */
-            for (i = 0; i < ctx->option_aclc; i++) {
+            for (i = 0; i < ctx->nacl; i++) {
                 char *cpA1;
                 char *cpA2;
-                if (!ctx->option_acl[i].not)
+                if (!ctx->pacl[i].not)
                     continue;
-                sa_addr_a2u(ctx->option_acl[i].saa, &cpA1);
+                sa_addr_a2u(ctx->pacl[i].saa, &cpA1);
                 sa_addr_a2u(ctx->saaIO, &cpA2);
-                if (sa_addr_match(ctx->saaIO, ctx->option_acl[i].saa, ctx->option_acl[i].prefixlen) == SA_OK) {
-                    log4(ctx, TRACE, "negative/exclusive ACL \"%s\" (not %s/%d) matches %s: YES (stop comparison)", ctx->option_acl[i].acl, cpA1, ctx->option_acl[i].prefixlen, cpA2);
+                if (sa_addr_match(ctx->saaIO, ctx->pacl[i].saa, ctx->pacl[i].prefixlen) == SA_OK) {
+                    log4(ctx, TRACE, "negative/exclusive ACL \"%s\" (not %s/%d) matches %s: YES (stop comparison)", ctx->pacl[i].acl, cpA1, ctx->pacl[i].prefixlen, cpA2);
                     bOk = FALSE;
                     break;
                 }
                 else {
-                    log4(ctx, TRACE, "negative/exclusive ACL \"%s\" (not %s/%d) matches %s: NO", ctx->option_acl[i].acl, cpA1, ctx->option_acl[i].prefixlen, cpA2);
+                    log4(ctx, TRACE, "negative/exclusive ACL \"%s\" (not %s/%d) matches %s: NO", ctx->pacl[i].acl, cpA1, ctx->pacl[i].prefixlen, cpA2);
                 }
             }
             if (bOk) {

CVSTrac 2.0.1