OSSP CVS Repository

ossp - Check-in [1790]
Not logged in
[Honeypot]  [Browse]  [Home]  [Login]  [Reports
[Search]  [Ticket]  [Timeline
  [Patchset]  [Tagging/Branching

Check-in Number: 1790
Date: 2002-Feb-04 16:43:01 (local)
2002-Feb-04 15:43:01 (UTC)
User:thl
Branch:
Comment: merged new --acl option with obsolete post-option processing
Tickets:
Inspections:
Files:
ossp-pkg/lmtp2nntp/fixme.h      1.9 -> 1.10     1 inserted, 1 deleted
ossp-pkg/lmtp2nntp/lmtp2nntp_config.c      1.38 -> 1.39     53 inserted, 2 deleted
ossp-pkg/lmtp2nntp/lmtp2nntp_main.c      1.33 -> 1.34     0 inserted, 50 deleted

ossp-pkg/lmtp2nntp/fixme.h 1.9 -> 1.10

--- fixme.h      2002/02/04 13:52:14     1.9
+++ fixme.h      2002/02/04 15:43:01     1.10
@@ -6,7 +6,7 @@
 #define __FIXME_H__
 
 #include <val.h>
-#define MAXACLS 32
+/*FIXME obsolete #define MAXACLS 32 */
 #include <sa.h>
 struct acl {
     char      *acl;


ossp-pkg/lmtp2nntp/lmtp2nntp_config.c 1.38 -> 1.39

--- lmtp2nntp_config.c   2002/02/04 14:48:30     1.38
+++ lmtp2nntp_config.c   2002/02/04 15:43:01     1.39
@@ -221,6 +221,7 @@
     try {
         char *cp;
         int i;
+        int somepass;
 
         if (   (val_get(ctx->val, "option.acl", &ov) != VAL_OK)
             || (ov->ndata <  0)
@@ -230,8 +231,22 @@
         for (i = 0; i < ov->ndata; i++)
             log2(ctx, TRACE, "--acl[%d] = \"%s\"", i, (ov->data.m)[i]);
 
+        /* check if only blocking ACLs exist */
+        somepass = FALSE;
+        if (ov->ndata >= 1) {
+            for (i = 0; i < ov->ndata; i++) {
+                cp = (ov->data.m)[i];
+                if (cp[0] != '!') {
+                    somepass = TRUE;
+                    break;
+                }
+            }
+        }
+
+        /* if only blocking ACLs exist, reserve space for two additional pass-through wildcards */
+        if ((ctx->pacl = (struct acl *)malloc((ov->ndata + somepass ? 0 : 2 ) * sizeof(struct acl))) == NULL) throw(0,0,0);
+
         if (ov->ndata >= 1) {
-            if ((ctx->pacl = (struct acl *)malloc(ov->ndata * sizeof(struct acl))) == NULL) throw(0,0,0);
             for (i = 0; i < ov->ndata; i++) {
                 cp = (ov->data.m)[i];
                 log2(ctx, DEBUG, "cp = (data.m)[%d] = \"%s\"", i, cp);
@@ -241,7 +256,7 @@
                 }
                 else {
                     ctx->pacl[i].acl = strdup(cp);
-                    ctx->pacl[i].not = TRUE;
+                    ctx->pacl[i].not = FALSE;
                 }
                 log2(ctx, DEBUG, "ctx->pacl[%d].not = %s", i, ctx->pacl[i].not == TRUE ? "TRUE" : "FALSE");
                 log2(ctx, DEBUG, "ctx->pacl[%d].acl = %s", i, ctx->pacl[i].acl);
@@ -262,6 +277,42 @@
             }
             ctx->nacl = i;
         }
+
+        /* if only blocking ACLs exist, append a wildcard pass-through for IPv4 */
+        if (!somepass) {
+            i = ctx->nacl;
+            ctx->pacl[i].acl = "0.0.0.0";
+            ctx->pacl[i].not = FALSE;
+            ctx->pacl[i].prefixlen = 0;
+            if ((rc = sa_addr_create(&ctx->pacl[i].saa)) != SA_OK) {
+                log1(ctx, ERROR, "option --acl, create IPv4 pass-through address (internal) failed with \"%s\"", sa_error(rc));
+                throw(0,0,0);
+            }
+            if ((rc = sa_addr_u2a(ctx->pacl[i].saa, "inet://%s:0", ctx->pacl[i].acl)) != SA_OK) {
+                log2(ctx, ERROR, "option --acl, parsing IPv4 pass-through address (%s) failed with \"%s\"", ctx->pacl[i].acl, sa_error(rc));
+                throw(0,0,0);
+            }
+            i++;
+            ctx->nacl = i;
+        }
+
+        /* if only blocking ACLs exist, append a wildcard pass-through for IPv6 */
+        if (!somepass) {
+            i = ctx->nacl;
+            ctx->pacl[i].acl = "[::]";
+            ctx->pacl[i].not = FALSE;
+            ctx->pacl[i].prefixlen = 0;
+            if ((rc = sa_addr_create(&ctx->pacl[i].saa)) != SA_OK) {
+                log1(ctx, ERROR, "option --acl, create IPv6 pass-through address (internal) failed with \"%s\"", sa_error(rc));
+                throw(0,0,0);
+            }
+            if ((rc = sa_addr_u2a(ctx->pacl[i].saa, "inet://%s:0", ctx->pacl[i].acl)) != SA_OK) {
+                log2(ctx, ERROR, "option --acl, parsing IPv6 pass-through address (%s) failed with \"%s\"", ctx->pacl[i].acl, sa_error(rc));
+                throw(0,0,0);
+            }
+            i++;
+            ctx->nacl = i;
+        }
     }
     catch (ex)
         rethrow;


ossp-pkg/lmtp2nntp/lmtp2nntp_main.c 1.33 -> 1.34

--- lmtp2nntp_main.c     2002/02/04 14:48:30     1.33
+++ lmtp2nntp_main.c     2002/02/04 15:43:01     1.34
@@ -394,56 +394,6 @@
     (void)option_create(&o, ctx->val); /* FIXME */
     (void)option_parse(o, argc, argv);
     (void)config_context(ctx);
-    printf("DEBUG: trace #1\n");
-
-    /* if no positive ACL exists (option -a) add a wildcard match-all for IPv4 and IPv6 */
-    bOk = FALSE;
-    for (i = 0; i < ctx->nacl; i++) {
-        if (!ctx->pacl[i].not) {
-            bOk = TRUE;
-            break;
-        }
-    }
-    if (!bOk) {
-        if (ctx->nacl >= MAXACLS) {
-            fprintf(stderr, "%s:Error: Too many ACL (%d) using option -a (no space for additional fake IPv4 ACL)\n", ctx->progname, ctx->nacl);
-            CU(ERR_EXECUTION);
-        }
-        ctx->pacl[ctx->nacl].acl = "0.0.0.0";
-        ctx->pacl[ctx->nacl].not = FALSE;
-        ctx->pacl[ctx->nacl].prefixlen = 0;
-        if ((rc = sa_addr_create(&ctx->pacl[ctx->nacl].saa)) != SA_OK) {
-            fprintf(stderr, "%s:Error: Creating fake address failed for -a option (%d)\n", 
-                    ctx->progname, rc);
-        }
-        if ((rc = sa_addr_u2a(ctx->pacl[ctx->nacl].saa, "inet://%s:0", ctx->pacl[ctx->nacl].acl)) != SA_OK) {
-            fprintf(stderr, "%s:Error: Parsing host address failed for \"%s:0\" (%s)\n", 
-                    ctx->progname, ctx->pacl[ctx->nacl].acl,
-                    sa_error(rc));
-            CU(ERR_EXECUTION);
-        }
-        ctx->nacl++;
-    }
-    if (!bOk) {
-        if (ctx->nacl >= MAXACLS) {
-            fprintf(stderr, "%s:Error: Too many ACL (%d) using option -a (no space for additional fake IPv6 ACL)\n", ctx->progname, ctx->nacl);
-            CU(ERR_EXECUTION);
-        }
-        ctx->pacl[ctx->nacl].acl = "[::]";
-        ctx->pacl[ctx->nacl].not = FALSE;
-        ctx->pacl[ctx->nacl].prefixlen = 0;
-        if ((rc = sa_addr_create(&ctx->pacl[ctx->nacl].saa)) != SA_OK) {
-            fprintf(stderr, "%s:Error: Creating fake address failed for -a option (%d)\n", 
-                    ctx->progname, rc);
-        }
-        if ((rc = sa_addr_u2a(ctx->pacl[ctx->nacl].saa, "inet://%s:0", ctx->pacl[ctx->nacl].acl)) != SA_OK) {
-            fprintf(stderr, "%s:Error: Parsing host address failed for \"%s:0\" (%s)\n", 
-                    ctx->progname, ctx->pacl[ctx->nacl].acl,
-                    sa_error(rc));
-            CU(ERR_EXECUTION);
-        }
-        ctx->nacl++;
-    }
 
     if (getuid() != ctx->option_uid) {
         if (setuid(ctx->option_uid) == -1) {

CVSTrac 2.0.1