OSSP: CVS Repository: Check-in [1731]

Check-in Number:

1731

Date:

2002-Jan-31 10:03:58 (local)
2002-Jan-31 09:03:58 (UTC)

User:

thl

Branch:

Comment:

moved --acl option

Tickets:

Inspections:

Files:

ossp-pkg/lmtp2nntp/example.conf	1.7 -> 1.8	3 inserted, 3 deleted
ossp-pkg/lmtp2nntp/fixme.h	1.2 -> 1.3	6 inserted, 0 deleted
ossp-pkg/lmtp2nntp/lmtp2nntp_config.c	1.18 -> 1.19	37 inserted, 51 deleted
ossp-pkg/lmtp2nntp/lmtp2nntp_main.c	1.12 -> 1.13	34 inserted, 39 deleted

ossp-pkg/lmtp2nntp/example.conf 1.7 -> 1.8

--- example.conf 2002/01/30 16:41:02 1.7 +++ example.conf 2002/01/31 09:03:58 1.8 @@ -12,9 +12,9 @@ veryverbose #see -V aka --veryverbose # obsolete since v1.2 # remove the "buffer" channel from l2spec -acl 10/8 #see -a aka --acl -acl 172.16/12 -acl 192.168/16 +acl 10.0.0.0/8 #see -a aka --acl +acl 172.16.0.0/12 +acl 192.168.0.0/16 acl 127.0.0.1/32 bind 127.0.0.1:12345 #see -b aka --bind, use IPv4:port #bind "/tmp/uds:600" # UNIX domain socket path:permissions

ossp-pkg/lmtp2nntp/fixme.h 1.2 -> 1.3

--- fixme.h 2002/01/30 16:41:02 1.2 +++ fixme.h 2002/01/31 09:03:58 1.3 @@ -57,8 +57,14 @@ int option_killflag; uid_t option_uid; int option_daemon; + + /*FIXME replaced by following int option_aclc; struct acl option_acl[MAXACLS]; + */ + int nacl; + struct acl *pacl; + int option_veryverbose; int option_childsmax; int active_childs;

ossp-pkg/lmtp2nntp/lmtp2nntp_config.c 1.18 -> 1.19

--- lmtp2nntp_config.c 2002/01/30 16:41:02 1.18 +++ lmtp2nntp_config.c 2002/01/31 09:03:58 1.19 @@ -159,15 +159,14 @@ || (ov->data.s == NULL) ) throw(0,0,0); log1(ctx, TRACE, "--childsmax = \"%s\"", ov->data.s); + if ((ctx->option_childsmax = atoi(ov->data.s)) <= 0) { - log1(ctx, ERROR, "number (%d) out of range for option --childsmax\n", ctx->option_childsmax); + log1(ctx, ERROR, "option --childsmax, number (%d) out of range", + ctx->option_childsmax); throw(0,0,0); } } catch (ex) { - log1(ctx, ERROR, "caught class %s\n", ex.ex_class == NULL ? "N/A" : (char *)ex.ex_class ); - log1(ctx, ERROR, "caught object %s\n", ex.ex_object == NULL ? "N/A" : (char *)ex.ex_object); - log1(ctx, ERROR, "caught value %s\n", ex.ex_value == NULL ? "N/A" : (char *)ex.ex_value ); rethrow; } @@ -178,6 +177,7 @@ || (ov->data.f != 1) ) throw(0,0,0); log1(ctx, TRACE, "--daemonize = %d", ov->data.f); + ctx->option_daemon = TRUE; } catch (ex) @@ -190,6 +190,7 @@ || (ov->data.f != 1) ) throw(0,0,0); log1(ctx, TRACE, "--kill = %d", ov->data.f); + ctx->option_killflag = TRUE; } catch (ex) @@ -202,6 +203,7 @@ || (ov->data.s == NULL) ) throw(0,0,0); log1(ctx, TRACE, "--pidfile = \"%s\"", ov->data.s); + ctx->option_pidfile = ov->data.s; } catch (ex) @@ -209,67 +211,51 @@ /* --acl MULTI */ try { - int i; char *cp; - struct acl *acl; + int i; if ( (val_get(ctx->val, "option.acl", &ov) != VAL_OK) || ((ov->ndata >= 1) && (ov->data.m == NULL)) ) throw(0,0,0); + log1(ctx, DEBUG, "ov->ndata = %d", ov->ndata); for (i = 0; i < ov->ndata; i++) log2(ctx, TRACE, "--acl[%d] = \"%s\"", i, (ov->data.m)[i]); - log1(ctx, DEBUG, "ov->ndata = %d", ov->ndata); - if ((acl = (struct acl *)malloc(ov->ndata * sizeof(struct acl))) == NULL) throw(0,0,0); + + if ((ctx->pacl = (struct acl *)malloc(ov->ndata * sizeof(struct acl))) == NULL) throw(0,0,0); for (i = 0; i < ov->ndata; i++) { cp = (ov->data.m)[i]; log2(ctx, DEBUG, "cp = (data.m)[%d] = \"%s\"", i, cp); - //ctx->option_acl[ctx->option_aclc].acl = strdup(cp); + if (cp[0] == '!') { + ctx->pacl[i].acl = strdup(cp + 1); + ctx->pacl[i].not = TRUE; + } + else { + ctx->pacl[i].acl = strdup(cp); + ctx->pacl[i].not = TRUE; + } + log2(ctx, DEBUG, "ctx->pacl[%d].not = %s", i, ctx->pacl[i].not == TRUE ? "TRUE" : "FALSE"); + log2(ctx, DEBUG, "ctx->pacl[%d].acl = %s", i, ctx->pacl[i].acl); + if ((cp = strrchr(ctx->pacl[i].acl, '/')) != NULL) + *cp++ = NUL; + else + cp = "-1"; + ctx->pacl[i].prefixlen = atoi(cp); + log2(ctx, DEBUG, "ctx->pacl[%d].prefixlen = %d", i, ctx->pacl[i].prefixlen); + if ((rc = sa_addr_create(&(ctx->pacl[i].saa))) != SA_OK) { + log1(ctx, ERROR, "option --acl, create address (internal) failed with \"%s\"", + sa_error(rc)); + throw(0,0,0); + } + if ((rc = sa_addr_u2a(ctx->pacl[i].saa, "inet://%s:0", ctx->pacl[i].acl)) != SA_OK) { + log2(ctx, ERROR, "option --acl, parsing address (%s) failed with \"%s\"", + ctx->pacl[i].acl, sa_error(rc)); + throw(0,0,0); + } } - + ctx->nacl = i; } catch (ex) rethrow; -#if 0 - - if (argz_create_sep(optarg, ',', &azACL, &asACL) != 0) - CU(ERR_EXECUTION); - cp = NULL; - while ((cp = argz_next(azACL, asACL, cp)) != NULL) { - if (ctx->option_aclc >= MAXACLS) { - fprintf(stderr, "%s:Error: Too many ACL (%d) using option -a\n", ctx->progname, ctx->option_aclc); - CU(ERR_EXECUTION); - } - - - - ctx->option_acl[ctx->option_aclc].acl = strdup(cp); - if (cp[0] == '!') { - ctx->option_acl[ctx->option_aclc].not = TRUE; - cpAddr = strdup(cp+1); - } - else { - cpAddr = strdup(cp); - } - if ((cpPrefixLen = strrchr(cpAddr, '/')) != NULL) - *cpPrefixLen++ = NUL; - else - cpPrefixLen = "-1"; - ctx->option_acl[ctx->option_aclc].prefixlen = atoi(cpPrefixLen); - if ((rc = sa_addr_create(&ctx->option_acl[ctx->option_aclc].saa)) != SA_OK) { - fprintf(stderr, "%s:Error: Creating address failed for -a option (%d)\n", - ctx->progname, rc); - } - if ((rc = sa_addr_u2a(ctx->option_acl[ctx->option_aclc].saa, "inet://%s:0", cpAddr)) != SA_OK) { - fprintf(stderr, "%s:Error: Parsing host address failed for \"%s:0\" (%d)\n", - ctx->progname, cpAddr, rc); - CU(ERR_EXECUTION); - } - ctx->option_aclc++; - free(cpAddr); - } - free(azACL); -#endif - CUS: return;

ossp-pkg/lmtp2nntp/lmtp2nntp_main.c 1.12 -> 1.13

--- lmtp2nntp_main.c 2002/01/30 16:41:02 1.12 +++ lmtp2nntp_main.c 2002/01/31 09:03:58 1.13 @@ -447,13 +447,8 @@ ctx->ns[i].rc = LMTP_ERR_UNKNOWN; ctx->ns[i].l2 = NULL; } - ctx->option_aclc = 0; - for (i = 0; i < MAXACLS; i++) { - ctx->option_acl[i].acl = NULL; - ctx->option_acl[i].not = FALSE; - ctx->option_acl[i].saa = NULL; - ctx->option_acl[i].prefixlen = 0; - } + ctx->nacl = 0; + ctx->pacl = NULL; ctx->azGroupargs = NULL; ctx->asGroupargs = 0; initsession(&ctx->session); @@ -824,51 +819,51 @@ /* if no positive ACL exists (option -a) add a wildcard match-all for IPv4 and IPv6 */ bOk = FALSE; - for (i = 0; i < ctx->option_aclc; i++) { - if (!ctx->option_acl[i].not) { + for (i = 0; i < ctx->nacl; i++) { + if (!ctx->pacl[i].not) { bOk = TRUE; break; } } if (!bOk) { - if (ctx->option_aclc >= MAXACLS) { - fprintf(stderr, "%s:Error: Too many ACL (%d) using option -a (no space for additional fake IPv4 ACL)\n", ctx->progname, ctx->option_aclc); + if (ctx->nacl >= MAXACLS) { + fprintf(stderr, "%s:Error: Too many ACL (%d) using option -a (no space for additional fake IPv4 ACL)\n", ctx->progname, ctx->nacl); CU(ERR_EXECUTION); } - ctx->option_acl[ctx->option_aclc].acl = "0.0.0.0"; - ctx->option_acl[ctx->option_aclc].not = FALSE; - ctx->option_acl[ctx->option_aclc].prefixlen = 0; - if ((rc = sa_addr_create(&ctx->option_acl[ctx->option_aclc].saa)) != SA_OK) { + ctx->pacl[ctx->nacl].acl = "0.0.0.0"; + ctx->pacl[ctx->nacl].not = FALSE; + ctx->pacl[ctx->nacl].prefixlen = 0; + if ((rc = sa_addr_create(&ctx->pacl[ctx->nacl].saa)) != SA_OK) { fprintf(stderr, "%s:Error: Creating fake address failed for -a option (%d)\n", ctx->progname, rc); } - if ((rc = sa_addr_u2a(ctx->option_acl[ctx->option_aclc].saa, "inet://%s:0", ctx->option_acl[ctx->option_aclc].acl)) != SA_OK) { + if ((rc = sa_addr_u2a(ctx->pacl[ctx->nacl].saa, "inet://%s:0", ctx->pacl[ctx->nacl].acl)) != SA_OK) { fprintf(stderr, "%s:Error: Parsing host address failed for \"%s:0\" (%s)\n", - ctx->progname, ctx->option_acl[ctx->option_aclc].acl, + ctx->progname, ctx->pacl[ctx->nacl].acl, sa_error(rc)); CU(ERR_EXECUTION); } - ctx->option_aclc++; + ctx->nacl++; } if (!bOk) { - if (ctx->option_aclc >= MAXACLS) { - fprintf(stderr, "%s:Error: Too many ACL (%d) using option -a (no space for additional fake IPv6 ACL)\n", ctx->progname, ctx->option_aclc); + if (ctx->nacl >= MAXACLS) { + fprintf(stderr, "%s:Error: Too many ACL (%d) using option -a (no space for additional fake IPv6 ACL)\n", ctx->progname, ctx->nacl); CU(ERR_EXECUTION); } - ctx->option_acl[ctx->option_aclc].acl = "[::]"; - ctx->option_acl[ctx->option_aclc].not = FALSE; - ctx->option_acl[ctx->option_aclc].prefixlen = 0; - if ((rc = sa_addr_create(&ctx->option_acl[ctx->option_aclc].saa)) != SA_OK) { + ctx->pacl[ctx->nacl].acl = "[::]"; + ctx->pacl[ctx->nacl].not = FALSE; + ctx->pacl[ctx->nacl].prefixlen = 0; + if ((rc = sa_addr_create(&ctx->pacl[ctx->nacl].saa)) != SA_OK) { fprintf(stderr, "%s:Error: Creating fake address failed for -a option (%d)\n", ctx->progname, rc); } - if ((rc = sa_addr_u2a(ctx->option_acl[ctx->option_aclc].saa, "inet://%s:0", ctx->option_acl[ctx->option_aclc].acl)) != SA_OK) { + if ((rc = sa_addr_u2a(ctx->pacl[ctx->nacl].saa, "inet://%s:0", ctx->pacl[ctx->nacl].acl)) != SA_OK) { fprintf(stderr, "%s:Error: Parsing host address failed for \"%s:0\" (%s)\n", - ctx->progname, ctx->option_acl[ctx->option_aclc].acl, + ctx->progname, ctx->pacl[ctx->nacl].acl, sa_error(rc)); CU(ERR_EXECUTION); } - ctx->option_aclc++; + ctx->nacl++; } if (getuid() != ctx->option_uid) { @@ -987,38 +982,38 @@ /* Access Control List */ bOk = FALSE; /* check positive matches */ - for (i = 0; i < ctx->option_aclc; i++) { + for (i = 0; i < ctx->nacl; i++) { char *cpA1; char *cpA2; - if (ctx->option_acl[i].not) + if (ctx->pacl[i].not) continue; - sa_addr_a2u(ctx->option_acl[i].saa, &cpA1); + sa_addr_a2u(ctx->pacl[i].saa, &cpA1); sa_addr_a2u(ctx->saaIO, &cpA2); - if (sa_addr_match(ctx->saaIO, ctx->option_acl[i].saa, ctx->option_acl[i].prefixlen) == SA_OK) { - log4(ctx, TRACE, "positive/inclusive ACL \"%s\" (%s/%d) matches %s: YES (stop comparison)", ctx->option_acl[i].acl, cpA1, ctx->option_acl[i].prefixlen, cpA2); + if (sa_addr_match(ctx->saaIO, ctx->pacl[i].saa, ctx->pacl[i].prefixlen) == SA_OK) { + log4(ctx, TRACE, "positive/inclusive ACL \"%s\" (%s/%d) matches %s: YES (stop comparison)", ctx->pacl[i].acl, cpA1, ctx->pacl[i].prefixlen, cpA2); bOk = TRUE; break; } else - log4(ctx, TRACE, "positive/inclusive ACL \"%s\" (%s/%d) matches %s: NO", ctx->option_acl[i].acl, cpA1, ctx->option_acl[i].prefixlen, cpA2); + log4(ctx, TRACE, "positive/inclusive ACL \"%s\" (%s/%d) matches %s: NO", ctx->pacl[i].acl, cpA1, ctx->pacl[i].prefixlen, cpA2); free(cpA1); free(cpA2); } /* check negative matches */ - for (i = 0; i < ctx->option_aclc; i++) { + for (i = 0; i < ctx->nacl; i++) { char *cpA1; char *cpA2; - if (!ctx->option_acl[i].not) + if (!ctx->pacl[i].not) continue; - sa_addr_a2u(ctx->option_acl[i].saa, &cpA1); + sa_addr_a2u(ctx->pacl[i].saa, &cpA1); sa_addr_a2u(ctx->saaIO, &cpA2); - if (sa_addr_match(ctx->saaIO, ctx->option_acl[i].saa, ctx->option_acl[i].prefixlen) == SA_OK) { - log4(ctx, TRACE, "negative/exclusive ACL \"%s\" (not %s/%d) matches %s: YES (stop comparison)", ctx->option_acl[i].acl, cpA1, ctx->option_acl[i].prefixlen, cpA2); + if (sa_addr_match(ctx->saaIO, ctx->pacl[i].saa, ctx->pacl[i].prefixlen) == SA_OK) { + log4(ctx, TRACE, "negative/exclusive ACL \"%s\" (not %s/%d) matches %s: YES (stop comparison)", ctx->pacl[i].acl, cpA1, ctx->pacl[i].prefixlen, cpA2); bOk = FALSE; break; } else { - log4(ctx, TRACE, "negative/exclusive ACL \"%s\" (not %s/%d) matches %s: NO", ctx->option_acl[i].acl, cpA1, ctx->option_acl[i].prefixlen, cpA2); + log4(ctx, TRACE, "negative/exclusive ACL \"%s\" (not %s/%d) matches %s: NO", ctx->pacl[i].acl, cpA1, ctx->pacl[i].prefixlen, cpA2); } } if (bOk) {

OSSP CVS Repository