OSSP: CVS Repository: Check-in [1790]

Check-in Number:

1790

Date:

2002-Feb-04 16:43:01 (local)
2002-Feb-04 15:43:01 (UTC)

User:

thl

Branch:

Comment:

merged new --acl option with obsolete post-option processing

Tickets:

Inspections:

Files:

ossp-pkg/lmtp2nntp/fixme.h	1.9 -> 1.10	1 inserted, 1 deleted
ossp-pkg/lmtp2nntp/lmtp2nntp_config.c	1.38 -> 1.39	53 inserted, 2 deleted
ossp-pkg/lmtp2nntp/lmtp2nntp_main.c	1.33 -> 1.34	0 inserted, 50 deleted

ossp-pkg/lmtp2nntp/fixme.h 1.9 -> 1.10

--- fixme.h 2002/02/04 13:52:14 1.9 +++ fixme.h 2002/02/04 15:43:01 1.10 @@ -6,7 +6,7 @@ #define __FIXME_H__ #include <val.h> -#define MAXACLS 32 +/*FIXME obsolete #define MAXACLS 32 */ #include <sa.h> struct acl { char *acl;

ossp-pkg/lmtp2nntp/lmtp2nntp_config.c 1.38 -> 1.39

--- lmtp2nntp_config.c 2002/02/04 14:48:30 1.38 +++ lmtp2nntp_config.c 2002/02/04 15:43:01 1.39 @@ -221,6 +221,7 @@ try { char *cp; int i; + int somepass; if ( (val_get(ctx->val, "option.acl", &ov) != VAL_OK) || (ov->ndata < 0) @@ -230,8 +231,22 @@ for (i = 0; i < ov->ndata; i++) log2(ctx, TRACE, "--acl[%d] = \"%s\"", i, (ov->data.m)[i]); + /* check if only blocking ACLs exist */ + somepass = FALSE; + if (ov->ndata >= 1) { + for (i = 0; i < ov->ndata; i++) { + cp = (ov->data.m)[i]; + if (cp[0] != '!') { + somepass = TRUE; + break; + } + } + } + + /* if only blocking ACLs exist, reserve space for two additional pass-through wildcards */ + if ((ctx->pacl = (struct acl *)malloc((ov->ndata + somepass ? 0 : 2 ) * sizeof(struct acl))) == NULL) throw(0,0,0); + if (ov->ndata >= 1) { - if ((ctx->pacl = (struct acl *)malloc(ov->ndata * sizeof(struct acl))) == NULL) throw(0,0,0); for (i = 0; i < ov->ndata; i++) { cp = (ov->data.m)[i]; log2(ctx, DEBUG, "cp = (data.m)[%d] = \"%s\"", i, cp); @@ -241,7 +256,7 @@ } else { ctx->pacl[i].acl = strdup(cp); - ctx->pacl[i].not = TRUE; + ctx->pacl[i].not = FALSE; } log2(ctx, DEBUG, "ctx->pacl[%d].not = %s", i, ctx->pacl[i].not == TRUE ? "TRUE" : "FALSE"); log2(ctx, DEBUG, "ctx->pacl[%d].acl = %s", i, ctx->pacl[i].acl); @@ -262,6 +277,42 @@ } ctx->nacl = i; } + + /* if only blocking ACLs exist, append a wildcard pass-through for IPv4 */ + if (!somepass) { + i = ctx->nacl; + ctx->pacl[i].acl = "0.0.0.0"; + ctx->pacl[i].not = FALSE; + ctx->pacl[i].prefixlen = 0; + if ((rc = sa_addr_create(&ctx->pacl[i].saa)) != SA_OK) { + log1(ctx, ERROR, "option --acl, create IPv4 pass-through address (internal) failed with \"%s\"", sa_error(rc)); + throw(0,0,0); + } + if ((rc = sa_addr_u2a(ctx->pacl[i].saa, "inet://%s:0", ctx->pacl[i].acl)) != SA_OK) { + log2(ctx, ERROR, "option --acl, parsing IPv4 pass-through address (%s) failed with \"%s\"", ctx->pacl[i].acl, sa_error(rc)); + throw(0,0,0); + } + i++; + ctx->nacl = i; + } + + /* if only blocking ACLs exist, append a wildcard pass-through for IPv6 */ + if (!somepass) { + i = ctx->nacl; + ctx->pacl[i].acl = "[::]"; + ctx->pacl[i].not = FALSE; + ctx->pacl[i].prefixlen = 0; + if ((rc = sa_addr_create(&ctx->pacl[i].saa)) != SA_OK) { + log1(ctx, ERROR, "option --acl, create IPv6 pass-through address (internal) failed with \"%s\"", sa_error(rc)); + throw(0,0,0); + } + if ((rc = sa_addr_u2a(ctx->pacl[i].saa, "inet://%s:0", ctx->pacl[i].acl)) != SA_OK) { + log2(ctx, ERROR, "option --acl, parsing IPv6 pass-through address (%s) failed with \"%s\"", ctx->pacl[i].acl, sa_error(rc)); + throw(0,0,0); + } + i++; + ctx->nacl = i; + } } catch (ex) rethrow;

ossp-pkg/lmtp2nntp/lmtp2nntp_main.c 1.33 -> 1.34

--- lmtp2nntp_main.c 2002/02/04 14:48:30 1.33 +++ lmtp2nntp_main.c 2002/02/04 15:43:01 1.34 @@ -394,56 +394,6 @@ (void)option_create(&o, ctx->val); /* FIXME */ (void)option_parse(o, argc, argv); (void)config_context(ctx); - printf("DEBUG: trace #1\n"); - - /* if no positive ACL exists (option -a) add a wildcard match-all for IPv4 and IPv6 */ - bOk = FALSE; - for (i = 0; i < ctx->nacl; i++) { - if (!ctx->pacl[i].not) { - bOk = TRUE; - break; - } - } - if (!bOk) { - if (ctx->nacl >= MAXACLS) { - fprintf(stderr, "%s:Error: Too many ACL (%d) using option -a (no space for additional fake IPv4 ACL)\n", ctx->progname, ctx->nacl); - CU(ERR_EXECUTION); - } - ctx->pacl[ctx->nacl].acl = "0.0.0.0"; - ctx->pacl[ctx->nacl].not = FALSE; - ctx->pacl[ctx->nacl].prefixlen = 0; - if ((rc = sa_addr_create(&ctx->pacl[ctx->nacl].saa)) != SA_OK) { - fprintf(stderr, "%s:Error: Creating fake address failed for -a option (%d)\n", - ctx->progname, rc); - } - if ((rc = sa_addr_u2a(ctx->pacl[ctx->nacl].saa, "inet://%s:0", ctx->pacl[ctx->nacl].acl)) != SA_OK) { - fprintf(stderr, "%s:Error: Parsing host address failed for \"%s:0\" (%s)\n", - ctx->progname, ctx->pacl[ctx->nacl].acl, - sa_error(rc)); - CU(ERR_EXECUTION); - } - ctx->nacl++; - } - if (!bOk) { - if (ctx->nacl >= MAXACLS) { - fprintf(stderr, "%s:Error: Too many ACL (%d) using option -a (no space for additional fake IPv6 ACL)\n", ctx->progname, ctx->nacl); - CU(ERR_EXECUTION); - } - ctx->pacl[ctx->nacl].acl = "[::]"; - ctx->pacl[ctx->nacl].not = FALSE; - ctx->pacl[ctx->nacl].prefixlen = 0; - if ((rc = sa_addr_create(&ctx->pacl[ctx->nacl].saa)) != SA_OK) { - fprintf(stderr, "%s:Error: Creating fake address failed for -a option (%d)\n", - ctx->progname, rc); - } - if ((rc = sa_addr_u2a(ctx->pacl[ctx->nacl].saa, "inet://%s:0", ctx->pacl[ctx->nacl].acl)) != SA_OK) { - fprintf(stderr, "%s:Error: Parsing host address failed for \"%s:0\" (%s)\n", - ctx->progname, ctx->pacl[ctx->nacl].acl, - sa_error(rc)); - CU(ERR_EXECUTION); - } - ctx->nacl++; - } if (getuid() != ctx->option_uid) { if (setuid(ctx->option_uid) == -1) {

OSSP CVS Repository