diff options
Diffstat (limited to 'runtime')
-rw-r--r-- | runtime/net.c | 2 | ||||
-rw-r--r-- | runtime/netstrm.c | 12 | ||||
-rw-r--r-- | runtime/netstrm.h | 10 | ||||
-rw-r--r-- | runtime/netstrms.c | 4 | ||||
-rw-r--r-- | runtime/nsd.h | 12 | ||||
-rw-r--r-- | runtime/nsd_gtls.c | 23 | ||||
-rw-r--r-- | runtime/nsd_ptcp.c | 25 | ||||
-rw-r--r-- | runtime/nsd_ptcp.h | 3 |
8 files changed, 88 insertions, 3 deletions
diff --git a/runtime/net.c b/runtime/net.c index 096e0a1d..1472b4db 100644 --- a/runtime/net.c +++ b/runtime/net.c @@ -104,8 +104,10 @@ setAllowRoot(struct AllowedSenders **ppAllowRoot, uchar *pszType) *ppAllowRoot = pAllowedSenders_UDP; else if(!strcmp((char*)pszType, "TCP")) *ppAllowRoot = pAllowedSenders_TCP; +#ifdef USE_GSSAPI else if(!strcmp((char*)pszType, "GSS")) *ppAllowRoot = pAllowedSenders_GSS; +#endif else { dbgprintf("program error: invalid allowed sender ID '%s', denying...\n", pszType); ABORT_FINALIZE(RS_RET_CODE_ERR); /* everything is invalid for an invalid type */ diff --git a/runtime/netstrm.c b/runtime/netstrm.c index 2f4a1964..ffa1c578 100644 --- a/runtime/netstrm.c +++ b/runtime/netstrm.c @@ -265,6 +265,17 @@ GetRemoteIP(netstrm_t *pThis, uchar **ppsz) } +/* get remote addr - slim wrapper for NSD driver function */ +static rsRetVal +GetRemAddr(netstrm_t *pThis, struct sockaddr_storage **ppAddr) +{ + DEFiRet; + ISOBJ_TYPE_assert(pThis, netstrm); + iRet = pThis->Drvr.GetRemAddr(pThis->pDrvrData, ppAddr); + RETiRet; +} + + /* open a connection to a remote host (server). * rgerhards, 2008-03-19 */ @@ -320,6 +331,7 @@ CODESTARTobjQueryInterface(netstrm) pIf->AcceptConnReq = AcceptConnReq; pIf->GetRemoteHName = GetRemoteHName; pIf->GetRemoteIP = GetRemoteIP; + pIf->GetRemAddr = GetRemAddr; pIf->SetDrvrMode = SetDrvrMode; pIf->SetDrvrAuthMode = SetDrvrAuthMode; pIf->SetDrvrPermPeers = SetDrvrPermPeers; diff --git a/runtime/netstrm.h b/runtime/netstrm.h index 1a97ef23..3ab790e8 100644 --- a/runtime/netstrm.h +++ b/runtime/netstrm.h @@ -61,8 +61,16 @@ BEGINinterface(netstrm) /* name must also be changed in ENDinterface macro! */ * this interface. -- rgerhards, 2008-05-05 */ rsRetVal (*GetSock)(netstrm_t *pThis, int *pSock); + rsRetVal (*GetRemAddr)(netstrm_t *pThis, struct sockaddr_storage **ppAddr); + /* getRemAddr() is an aid needed by the legacy ACL system. It exposes the remote + * peer's socket addr structure, so that the legacy matching functions can work on + * it. Note that this ties netstream drivers to things that can be implemented over + * sockets - not really desirable, but not the end of the world... TODO: should be + * reconsidered when a new ACL system is build. -- rgerhards, 2008-12-01 + */ ENDinterface(netstrm) -#define netstrmCURR_IF_VERSION 2 /* increment whenever you change the interface structure! */ +#define netstrmCURR_IF_VERSION 3 /* increment whenever you change the interface structure! */ +/* interface version 3 added GetRemAddr() */ /* prototypes */ PROTOTYPEObj(netstrm); diff --git a/runtime/netstrms.c b/runtime/netstrms.c index 2b754ecc..6b28e7ea 100644 --- a/runtime/netstrms.c +++ b/runtime/netstrms.c @@ -104,6 +104,10 @@ CODESTARTobjDestruct(netstrms) obj.ReleaseObj(__FILE__, pThis->pDrvrName+2, pThis->pDrvrName, (void*) &pThis->Drvr); free(pThis->pDrvrName); } + if(pThis->pszDrvrAuthMode != NULL) { + free(pThis->pszDrvrAuthMode); + pThis->pszDrvrAuthMode = NULL; + } if(pThis->pBaseDrvrName != NULL) { free(pThis->pBaseDrvrName); pThis->pBaseDrvrName = NULL; diff --git a/runtime/nsd.h b/runtime/nsd.h index 1811f078..f0c9b9b6 100644 --- a/runtime/nsd.h +++ b/runtime/nsd.h @@ -27,6 +27,8 @@ #ifndef INCLUDED_NSD_H #define INCLUDED_NSD_H +#include <sys/socket.h> + enum nsdsel_waitOp_e { NSDSEL_RD = 1, NSDSEL_WR = 2, @@ -60,8 +62,16 @@ BEGINinterface(nsd) /* name must also be changed in ENDinterface macro! */ * OS sockets. This interface is primarily meant as an internal aid for * those drivers that utilize the nsd_ptcp to do some of their work. */ + rsRetVal (*GetRemAddr)(nsd_t *pThis, struct sockaddr_storage **ppAddr); + /* getRemAddr() is an aid needed by the legacy ACL system. It exposes the remote + * peer's socket addr structure, so that the legacy matching functions can work on + * it. Note that this ties netstream drivers to things that can be implemented over + * sockets - not really desirable, but not the end of the world... TODO: should be + * reconsidered when a new ACL system is build. -- rgerhards, 2008-12-01 + */ ENDinterface(nsd) -#define nsdCURR_IF_VERSION 3 /* increment whenever you change the interface structure! */ +#define nsdCURR_IF_VERSION 4 /* increment whenever you change the interface structure! */ +/* interface version 4 added GetRemAddr() */ /* interface for the select call */ BEGINinterface(nsdsel) /* name must also be changed in ENDinterface macro! */ diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c index 08623da8..3a79a015 100644 --- a/runtime/nsd_gtls.c +++ b/runtime/nsd_gtls.c @@ -1229,7 +1229,6 @@ SetAuthMode(nsd_t *pNsd, uchar *mode) /* TODO: clear stored IDs! */ finalize_it: -dbgprintf("gtls auth mode %d set\n", pThis->authMode); RETiRet; } @@ -1342,6 +1341,20 @@ GetRemoteHName(nsd_t *pNsd, uchar **ppszHName) } +/* Provide access to the sockaddr_storage of the remote peer. This + * is needed by the legacy ACL system. --- gerhards, 2008-12-01 + */ +static rsRetVal +GetRemAddr(nsd_t *pNsd, struct sockaddr_storage **ppAddr) +{ + DEFiRet; + nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd; + ISOBJ_TYPE_assert(pThis, nsd_gtls); + iRet = nsd_ptcp.GetRemAddr(pThis->pTcp, ppAddr); + RETiRet; +} + + /* get the remote host's IP address. The returned string must be freed by the * caller. -- rgerhards, 2008-04-25 */ @@ -1477,6 +1490,13 @@ Rcv(nsd_t *pNsd, uchar *pBuf, ssize_t *pLenBuf) if(pThis->lenRcvBuf == 0) { /* EOS */ *pLenBuf = 0; + /* in this case, we also need to free the receive buffer, if we + * allocated one. -- rgerhards, 2008-12-03 + */ + if(pThis->pszRcvBuf != NULL) { + free(pThis->pszRcvBuf); + pThis->pszRcvBuf = NULL; + } ABORT_FINALIZE(RS_RET_CLOSED); } @@ -1646,6 +1666,7 @@ CODESTARTobjQueryInterface(nsd_gtls) pIf->CheckConnection = CheckConnection; pIf->GetRemoteHName = GetRemoteHName; pIf->GetRemoteIP = GetRemoteIP; + pIf->GetRemAddr = GetRemAddr; finalize_it: ENDobjQueryInterface(nsd_gtls) diff --git a/runtime/nsd_ptcp.c b/runtime/nsd_ptcp.c index 4cb46380..cc531ca0 100644 --- a/runtime/nsd_ptcp.c +++ b/runtime/nsd_ptcp.c @@ -91,6 +91,24 @@ CODESTARTobjDestruct(nsd_ptcp) ENDobjDestruct(nsd_ptcp) +/* Provide access to the sockaddr_storage of the remote peer. This + * is needed by the legacy ACL system. --- gerhards, 2008-12-01 + */ +static rsRetVal +GetRemAddr(nsd_t *pNsd, struct sockaddr_storage **ppAddr) +{ + nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd; + DEFiRet; + + ISOBJ_TYPE_assert((pThis), nsd_ptcp); + assert(ppAddr != NULL); + + *ppAddr = &(pThis->remAddr); + + RETiRet; +} + + /* Provide access to the underlying OS socket. This is primarily * useful for other drivers (like nsd_gtls) who utilize ourselfs * for some of their functionality. -- rgerhards, 2008-04-18 @@ -320,6 +338,12 @@ AcceptConnReq(nsd_t *pNsd, nsd_t **ppNew) /* construct our object so that we can use it... */ CHKiRet(nsd_ptcpConstruct(&pNew)); + /* for the legacy ACL code, we need to preserve addr. While this is far from + * begin perfect (from an abstract design perspective), we need this to prevent + * breaking everything. TODO: we need to implement a new ACL module to get rid + * of this function. -- rgerhards, 2008-12-01 + */ + memcpy(&pNew->remAddr, &addr, sizeof(struct sockaddr_storage)); CHKiRet(FillRemHost(pNew, (struct sockaddr*) &addr)); /* set the new socket to non-blocking IO -TODO:do we really need to do this here? Do we always want it? */ @@ -716,6 +740,7 @@ CODESTARTobjQueryInterface(nsd_ptcp) pIf->Construct = (rsRetVal(*)(nsd_t**)) nsd_ptcpConstruct; pIf->Destruct = (rsRetVal(*)(nsd_t**)) nsd_ptcpDestruct; pIf->Abort = Abort; + pIf->GetRemAddr = GetRemAddr; pIf->GetSock = GetSock; pIf->SetSock = SetSock; pIf->SetMode = SetMode; diff --git a/runtime/nsd_ptcp.h b/runtime/nsd_ptcp.h index efd3ed05..b94cc018 100644 --- a/runtime/nsd_ptcp.h +++ b/runtime/nsd_ptcp.h @@ -24,6 +24,8 @@ #ifndef INCLUDED_NSD_PTCP_H #define INCLUDED_NSD_PTCP_H +#include <sys/socket.h> + #include "nsd.h" typedef nsd_if_t nsd_ptcp_if_t; /* we just *implement* this interface */ @@ -32,6 +34,7 @@ struct nsd_ptcp_s { BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */ uchar *pRemHostIP; /**< IP address of remote peer (currently used in server mode, only) */ uchar *pRemHostName; /**< host name of remote peer (currently used in server mode, only) */ + struct sockaddr_storage remAddr; /**< remote addr as sockaddr - used for legacy ACL code */ int sock; /**< the socket we use for regular, single-socket, operations */ }; |