static int filesystem_rename(const char *name, const char *destname)
{
int ret;
ret = access_check(FTP_TARGET, FTP_TARGET_SIZE, ACCESS_OP_DELETE, name);
if (ret < 0) {
error("rename(%s, %s): %s (%d)", name, destname,
strerror(-ret), -ret);
return ret;
}
ret = access_check(FTP_TARGET, FTP_TARGET_SIZE, ACCESS_OP_CREATE,
destname);
if (ret < 0) {
error("rename(%s, %s): %s (%d)", name, destname,
strerror(-ret), -ret);
return ret;
}
ret = rename(name, destname);
if (ret < 0) {
error("rename(%s, %s): %s (%d)", name, destname,
strerror(errno), errno);
return -errno;
}
return ret;
}
static int _router_accept_check(router_t r, mio_fd_t fd, const char *ip) {
rate_t rt;
if(access_check(r->access, ip) == 0) {
log_write(r->log, LOG_NOTICE, "[%d] [%s] access denied by configuration", fd->fd, ip);
return 1;
}
if(r->conn_rate_total != 0) {
rt = (rate_t) xhash_get(r->conn_rates, ip);
if(rt == NULL) {
rt = rate_new(r->conn_rate_total, r->conn_rate_seconds, r->conn_rate_wait);
xhash_put(r->conn_rates, pstrdup(xhash_pool(r->conn_rates), ip), (void *) rt);
}
if(rate_check(rt) == 0) {
log_write(r->log, LOG_NOTICE, "[%d] [%s] is being rate limited", fd->fd, ip);
return 1;
}
rate_add(rt, 1);
}
return 0;
}
void connection::close(){
access_check();
int err = sqlite3_close(handle);
if(err != SQLITE_OK)
throw database_exception_code(sqlite3_errmsg(handle), err);
handle = 0;
}
static void *capability_open(const char *name, int oflag, mode_t mode,
void *context, size_t *size, int *err)
{
struct capability_object *object = NULL;
char *buf;
const char *argv[2];
if (oflag != O_RDONLY)
goto fail;
if (access_check(FTP_TARGET, FTP_TARGET_SIZE, ACCESS_OP_READ, name) < 0)
goto fail;
object = g_new0(struct capability_object, 1);
object->pid = -1;
object->output = -1;
object->err = -1;
if (name[0] != '!') {
GError *gerr = NULL;
gboolean ret;
ret = g_file_get_contents(name, &buf, NULL, &gerr);
if (ret == FALSE) {
error("%s", gerr->message);
g_error_free(gerr);
goto fail;
}
object->buffer = g_string_new(buf);
if (size)
*size = object->buffer->len;
goto done;
}
argv[0] = &name[1];
argv[1] = NULL;
object->pid = capability_exec(argv, &object->output, &object->err);
if (object->pid < 0)
goto fail;
/* Watch cannot be removed while the process is still running */
g_child_watch_add(object->pid, script_exited, object);
done:
if (err)
*err = 0;
return object;
fail:
if (err)
*err = -EPERM;
g_free(object);
return NULL;
}
/* <array|packedarray|dict|file|string> wcheck <bool> */
static int
zwcheck(i_ctx_t *i_ctx_p)
{
os_ptr op = osp;
int code = access_check(i_ctx_p, a_write, false);
if (code >= 0)
make_bool(op, code), code = 0;
return code;
}
/* <obj:array|packedarray|file|string> executeonly <obj> */
static int
zexecuteonly(i_ctx_t *i_ctx_p)
{
os_ptr op = osp;
check_op(1);
if (r_has_type(op, t_dictionary))
return_error(e_typecheck);
return access_check(i_ctx_p, a_execute, true);
}
static void daemon_accept (int fd, fd_set socketfds, fd_set sslfds, int maxfd)
{
struct sockaddr_in addr;
socklen_t addrlen = sizeof (addr);
CLIENT *initclient;
int rc = -1;
rc = accept (fd, (struct sockaddr *)&addr, &addrlen);
if (rc < 0) return;
initclient = access_check (rc, addr);
// uint port = ntohs (addr.sin_port);
if (! initclient) {
close (rc);
return;
}
initclient->useSSL = FD_ISSET(fd, &sslfds);
initclient->ssl = NULL;
#if defined(_SC_NPROCESSORS_ONLN)
if ( cfg.CoreBind > 0 )
{
/* Select CPU core to bind to */
master->currcore++;
if ( master->currcore >= master->numcores )
master->currcore = 0;
initclient->numcore = master->currcore;
}
#endif
switch (fork ()) {
case 0:
syslog_open ("nntpswitchd", LOG_PID, LOG_NEWS);
for (int i = 0; i <= maxfd; i++) {
if (FD_ISSET (i, &socketfds))
close (i);
}
run_child (initclient);
syslog_close ();
_exit (0);
case -1:
info ("couldnt fork child %s", strerror (errno));
default:
if ( cfg.JSONACL == 1 && initclient->acl != NULL ) {
freehttpacl(initclient->acl);
}
close (rc);
}
}
static int filesystem_remove(const char *name)
{
int ret;
ret = access_check(FTP_TARGET, FTP_TARGET_SIZE, ACCESS_OP_DELETE, name);
if (ret < 0) {
error("remove(%s, %s): %s (%d)", name, name,
strerror(-ret), -ret);
return ret;
}
if (remove(name) < 0)
return -errno;
return 0;
}
/* <obj:array|packedarray|dict|file|string> noaccess <obj> */
static int
znoaccess(i_ctx_t *i_ctx_p)
{
os_ptr op = osp;
check_op(1);
if (r_has_type(op, t_dictionary)) {
ref *aop = dict_access_ref(op);
/* CPSI throws invalidaccess when seting noaccess to a readonly dictionary (CET 13-13-6) : */
if (!r_has_attrs(aop, a_write)) {
if (!r_has_attrs(aop, a_read) && !r_has_attrs(aop, a_execute)) {
/* Already noaccess - do nothing (CET 24-09-1). */
return 0;
}
return_error(e_invalidaccess);
}
/* Don't allow removing read access to permanent dictionaries. */
if (dict_is_permanent_on_dstack(op))
return_error(e_invalidaccess);
}
return access_check(i_ctx_p, 0, true);
}
/* <obj:array|packedarray|dict|file|string> readonly <obj> */
int
zreadonly(i_ctx_t *i_ctx_p)
{
return access_check(i_ctx_p, a_readonly, true);
}
static GString *append_listing(GString *object, const char *name,
gboolean pcsuite, size_t *size, int *err)
{
struct stat fstat, dstat;
struct dirent *ep;
DIR *dp = NULL;
gboolean root;
int ret;
root = g_str_equal(name, obex_option_root_folder());
ret = access_check(FTP_TARGET, FTP_TARGET_SIZE, ACCESS_OP_READ, name);
if (ret < 0) {
if (err)
*err = ret;
goto failed;
}
dp = opendir(name);
if (dp == NULL) {
if (err)
*err = -ENOENT;
goto failed;
}
if (!root)
object = g_string_append(object, FL_PARENT_FOLDER_ELEMENT);
ret = verify_path(name);
if (ret < 0) {
*err = ret;
goto failed;
}
ret = stat(name, &dstat);
if (ret < 0) {
if (err)
*err = -errno;
goto failed;
}
while ((ep = readdir(dp))) {
char *filename;
char *fullname;
char *line;
if (ep->d_name[0] == '.')
continue;
if (access_check_at(FTP_TARGET, FTP_TARGET_SIZE, ACCESS_OP_LIST,
name, ep->d_name) < 0)
continue;
filename = g_filename_to_utf8(ep->d_name, -1, NULL, NULL, NULL);
if (filename == NULL) {
error("g_filename_to_utf8: invalid filename");
continue;
}
fullname = g_build_filename(name, ep->d_name, NULL);
ret = stat(fullname, &fstat);
if (ret < 0) {
DBG("stat: %s(%d)", strerror(errno), errno);
g_free(filename);
g_free(fullname);
continue;
}
g_free(fullname);
line = file_stat_line(filename, &fstat, &dstat, root, FALSE);
if (line == NULL) {
g_free(filename);
continue;
}
g_free(filename);
object = g_string_append(object, line);
g_free(line);
}
closedir(dp);
object = g_string_append(object, FL_BODY_END);
if (size)
*size = object->len;
if (err)
*err = 0;
return object;
failed:
if (dp)
closedir(dp);
g_string_free(object, TRUE);
return NULL;
}
static void *common_filesystem_open(const char *name, int oflag, mode_t mode,
void *context, size_t *size, int *err,
const uint8_t *target,
gsize target_size,
const char *roots[])
{
struct stat stats;
struct statvfs buf;
int fd, ret;
uint64_t avail;
enum access_op op;
if (oflag & O_CREAT)
op = ACCESS_OP_CREATE;
else if ((oflag & O_WRONLY) || (oflag & O_RDWR))
op = ACCESS_OP_WRITE;
else
op = ACCESS_OP_READ;
ret = access_check(target, target_size, op, name);
if (ret < 0) {
if (err)
*err = ret;
return NULL;
}
fd = open(name, oflag, mode);
if (fd < 0) {
if (err)
*err = -errno;
return NULL;
}
if (fstat(fd, &stats) < 0) {
if (err)
*err = -errno;
goto failed;
}
ret = verify_path_many(name, roots);
if (ret < 0) {
if (err)
*err = ret;
goto failed;
}
if (oflag == O_RDONLY) {
if (size)
*size = stats.st_size;
goto done;
}
if (fstatvfs(fd, &buf) < 0) {
if (err)
*err = -errno;
goto failed;
}
if (size == NULL)
goto done;
avail = (uint64_t) buf.f_bsize * buf.f_bavail;
if (avail < *size) {
if (err)
*err = -ENOSPC;
goto failed;
}
done:
if (err)
*err = 0;
return GINT_TO_POINTER(fd);
failed:
close(fd);
return NULL;
}