summaryrefslogtreecommitdiffstats
path: root/runtime
diff options
context:
space:
mode:
Diffstat (limited to 'runtime')
-rw-r--r--runtime/net.c2
-rw-r--r--runtime/netstrm.c12
-rw-r--r--runtime/netstrm.h10
-rw-r--r--runtime/netstrms.c4
-rw-r--r--runtime/nsd.h12
-rw-r--r--runtime/nsd_gtls.c23
-rw-r--r--runtime/nsd_ptcp.c25
-rw-r--r--runtime/nsd_ptcp.h3
8 files changed, 88 insertions, 3 deletions
diff --git a/runtime/net.c b/runtime/net.c
index 096e0a1d..1472b4db 100644
--- a/runtime/net.c
+++ b/runtime/net.c
@@ -104,8 +104,10 @@ setAllowRoot(struct AllowedSenders **ppAllowRoot, uchar *pszType)
*ppAllowRoot = pAllowedSenders_UDP;
else if(!strcmp((char*)pszType, "TCP"))
*ppAllowRoot = pAllowedSenders_TCP;
+#ifdef USE_GSSAPI
else if(!strcmp((char*)pszType, "GSS"))
*ppAllowRoot = pAllowedSenders_GSS;
+#endif
else {
dbgprintf("program error: invalid allowed sender ID '%s', denying...\n", pszType);
ABORT_FINALIZE(RS_RET_CODE_ERR); /* everything is invalid for an invalid type */
diff --git a/runtime/netstrm.c b/runtime/netstrm.c
index 2f4a1964..ffa1c578 100644
--- a/runtime/netstrm.c
+++ b/runtime/netstrm.c
@@ -265,6 +265,17 @@ GetRemoteIP(netstrm_t *pThis, uchar **ppsz)
}
+/* get remote addr - slim wrapper for NSD driver function */
+static rsRetVal
+GetRemAddr(netstrm_t *pThis, struct sockaddr_storage **ppAddr)
+{
+ DEFiRet;
+ ISOBJ_TYPE_assert(pThis, netstrm);
+ iRet = pThis->Drvr.GetRemAddr(pThis->pDrvrData, ppAddr);
+ RETiRet;
+}
+
+
/* open a connection to a remote host (server).
* rgerhards, 2008-03-19
*/
@@ -320,6 +331,7 @@ CODESTARTobjQueryInterface(netstrm)
pIf->AcceptConnReq = AcceptConnReq;
pIf->GetRemoteHName = GetRemoteHName;
pIf->GetRemoteIP = GetRemoteIP;
+ pIf->GetRemAddr = GetRemAddr;
pIf->SetDrvrMode = SetDrvrMode;
pIf->SetDrvrAuthMode = SetDrvrAuthMode;
pIf->SetDrvrPermPeers = SetDrvrPermPeers;
diff --git a/runtime/netstrm.h b/runtime/netstrm.h
index 1a97ef23..3ab790e8 100644
--- a/runtime/netstrm.h
+++ b/runtime/netstrm.h
@@ -61,8 +61,16 @@ BEGINinterface(netstrm) /* name must also be changed in ENDinterface macro! */
* this interface. -- rgerhards, 2008-05-05
*/
rsRetVal (*GetSock)(netstrm_t *pThis, int *pSock);
+ rsRetVal (*GetRemAddr)(netstrm_t *pThis, struct sockaddr_storage **ppAddr);
+ /* getRemAddr() is an aid needed by the legacy ACL system. It exposes the remote
+ * peer's socket addr structure, so that the legacy matching functions can work on
+ * it. Note that this ties netstream drivers to things that can be implemented over
+ * sockets - not really desirable, but not the end of the world... TODO: should be
+ * reconsidered when a new ACL system is build. -- rgerhards, 2008-12-01
+ */
ENDinterface(netstrm)
-#define netstrmCURR_IF_VERSION 2 /* increment whenever you change the interface structure! */
+#define netstrmCURR_IF_VERSION 3 /* increment whenever you change the interface structure! */
+/* interface version 3 added GetRemAddr() */
/* prototypes */
PROTOTYPEObj(netstrm);
diff --git a/runtime/netstrms.c b/runtime/netstrms.c
index 2b754ecc..6b28e7ea 100644
--- a/runtime/netstrms.c
+++ b/runtime/netstrms.c
@@ -104,6 +104,10 @@ CODESTARTobjDestruct(netstrms)
obj.ReleaseObj(__FILE__, pThis->pDrvrName+2, pThis->pDrvrName, (void*) &pThis->Drvr);
free(pThis->pDrvrName);
}
+ if(pThis->pszDrvrAuthMode != NULL) {
+ free(pThis->pszDrvrAuthMode);
+ pThis->pszDrvrAuthMode = NULL;
+ }
if(pThis->pBaseDrvrName != NULL) {
free(pThis->pBaseDrvrName);
pThis->pBaseDrvrName = NULL;
diff --git a/runtime/nsd.h b/runtime/nsd.h
index 1811f078..f0c9b9b6 100644
--- a/runtime/nsd.h
+++ b/runtime/nsd.h
@@ -27,6 +27,8 @@
#ifndef INCLUDED_NSD_H
#define INCLUDED_NSD_H
+#include <sys/socket.h>
+
enum nsdsel_waitOp_e {
NSDSEL_RD = 1,
NSDSEL_WR = 2,
@@ -60,8 +62,16 @@ BEGINinterface(nsd) /* name must also be changed in ENDinterface macro! */
* OS sockets. This interface is primarily meant as an internal aid for
* those drivers that utilize the nsd_ptcp to do some of their work.
*/
+ rsRetVal (*GetRemAddr)(nsd_t *pThis, struct sockaddr_storage **ppAddr);
+ /* getRemAddr() is an aid needed by the legacy ACL system. It exposes the remote
+ * peer's socket addr structure, so that the legacy matching functions can work on
+ * it. Note that this ties netstream drivers to things that can be implemented over
+ * sockets - not really desirable, but not the end of the world... TODO: should be
+ * reconsidered when a new ACL system is build. -- rgerhards, 2008-12-01
+ */
ENDinterface(nsd)
-#define nsdCURR_IF_VERSION 3 /* increment whenever you change the interface structure! */
+#define nsdCURR_IF_VERSION 4 /* increment whenever you change the interface structure! */
+/* interface version 4 added GetRemAddr() */
/* interface for the select call */
BEGINinterface(nsdsel) /* name must also be changed in ENDinterface macro! */
diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c
index 08623da8..3a79a015 100644
--- a/runtime/nsd_gtls.c
+++ b/runtime/nsd_gtls.c
@@ -1229,7 +1229,6 @@ SetAuthMode(nsd_t *pNsd, uchar *mode)
/* TODO: clear stored IDs! */
finalize_it:
-dbgprintf("gtls auth mode %d set\n", pThis->authMode);
RETiRet;
}
@@ -1342,6 +1341,20 @@ GetRemoteHName(nsd_t *pNsd, uchar **ppszHName)
}
+/* Provide access to the sockaddr_storage of the remote peer. This
+ * is needed by the legacy ACL system. --- gerhards, 2008-12-01
+ */
+static rsRetVal
+GetRemAddr(nsd_t *pNsd, struct sockaddr_storage **ppAddr)
+{
+ DEFiRet;
+ nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd;
+ ISOBJ_TYPE_assert(pThis, nsd_gtls);
+ iRet = nsd_ptcp.GetRemAddr(pThis->pTcp, ppAddr);
+ RETiRet;
+}
+
+
/* get the remote host's IP address. The returned string must be freed by the
* caller. -- rgerhards, 2008-04-25
*/
@@ -1477,6 +1490,13 @@ Rcv(nsd_t *pNsd, uchar *pBuf, ssize_t *pLenBuf)
if(pThis->lenRcvBuf == 0) { /* EOS */
*pLenBuf = 0;
+ /* in this case, we also need to free the receive buffer, if we
+ * allocated one. -- rgerhards, 2008-12-03
+ */
+ if(pThis->pszRcvBuf != NULL) {
+ free(pThis->pszRcvBuf);
+ pThis->pszRcvBuf = NULL;
+ }
ABORT_FINALIZE(RS_RET_CLOSED);
}
@@ -1646,6 +1666,7 @@ CODESTARTobjQueryInterface(nsd_gtls)
pIf->CheckConnection = CheckConnection;
pIf->GetRemoteHName = GetRemoteHName;
pIf->GetRemoteIP = GetRemoteIP;
+ pIf->GetRemAddr = GetRemAddr;
finalize_it:
ENDobjQueryInterface(nsd_gtls)
diff --git a/runtime/nsd_ptcp.c b/runtime/nsd_ptcp.c
index 4cb46380..cc531ca0 100644
--- a/runtime/nsd_ptcp.c
+++ b/runtime/nsd_ptcp.c
@@ -91,6 +91,24 @@ CODESTARTobjDestruct(nsd_ptcp)
ENDobjDestruct(nsd_ptcp)
+/* Provide access to the sockaddr_storage of the remote peer. This
+ * is needed by the legacy ACL system. --- gerhards, 2008-12-01
+ */
+static rsRetVal
+GetRemAddr(nsd_t *pNsd, struct sockaddr_storage **ppAddr)
+{
+ nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd;
+ DEFiRet;
+
+ ISOBJ_TYPE_assert((pThis), nsd_ptcp);
+ assert(ppAddr != NULL);
+
+ *ppAddr = &(pThis->remAddr);
+
+ RETiRet;
+}
+
+
/* Provide access to the underlying OS socket. This is primarily
* useful for other drivers (like nsd_gtls) who utilize ourselfs
* for some of their functionality. -- rgerhards, 2008-04-18
@@ -320,6 +338,12 @@ AcceptConnReq(nsd_t *pNsd, nsd_t **ppNew)
/* construct our object so that we can use it... */
CHKiRet(nsd_ptcpConstruct(&pNew));
+ /* for the legacy ACL code, we need to preserve addr. While this is far from
+ * begin perfect (from an abstract design perspective), we need this to prevent
+ * breaking everything. TODO: we need to implement a new ACL module to get rid
+ * of this function. -- rgerhards, 2008-12-01
+ */
+ memcpy(&pNew->remAddr, &addr, sizeof(struct sockaddr_storage));
CHKiRet(FillRemHost(pNew, (struct sockaddr*) &addr));
/* set the new socket to non-blocking IO -TODO:do we really need to do this here? Do we always want it? */
@@ -716,6 +740,7 @@ CODESTARTobjQueryInterface(nsd_ptcp)
pIf->Construct = (rsRetVal(*)(nsd_t**)) nsd_ptcpConstruct;
pIf->Destruct = (rsRetVal(*)(nsd_t**)) nsd_ptcpDestruct;
pIf->Abort = Abort;
+ pIf->GetRemAddr = GetRemAddr;
pIf->GetSock = GetSock;
pIf->SetSock = SetSock;
pIf->SetMode = SetMode;
diff --git a/runtime/nsd_ptcp.h b/runtime/nsd_ptcp.h
index efd3ed05..b94cc018 100644
--- a/runtime/nsd_ptcp.h
+++ b/runtime/nsd_ptcp.h
@@ -24,6 +24,8 @@
#ifndef INCLUDED_NSD_PTCP_H
#define INCLUDED_NSD_PTCP_H
+#include <sys/socket.h>
+
#include "nsd.h"
typedef nsd_if_t nsd_ptcp_if_t; /* we just *implement* this interface */
@@ -32,6 +34,7 @@ struct nsd_ptcp_s {
BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */
uchar *pRemHostIP; /**< IP address of remote peer (currently used in server mode, only) */
uchar *pRemHostName; /**< host name of remote peer (currently used in server mode, only) */
+ struct sockaddr_storage remAddr; /**< remote addr as sockaddr - used for legacy ACL code */
int sock; /**< the socket we use for regular, single-socket, operations */
};