int proxy_forward_sess_init(pool *p, const char *tables_dir,
struct proxy_session *proxy_sess) {
config_rec *c;
int allowed = FALSE;
void *enabled = NULL;
/* By default, only allow connections from RFC1918 addresses to use
* forward proxying. Otherwise, it must be from an explicitly allowed
* connection class, via the class notes.
*/
if (session.conn_class != NULL) {
enabled = pr_table_get(session.conn_class->cls_notes,
PROXY_FORWARD_ENABLED_NOTE, NULL);
}
if (enabled != NULL) {
allowed = *((int *) enabled);
if (allowed == FALSE) {
(void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION,
"forward proxying not allowed from client address %s in <Class %s> "
"(see ProxyForwardEnabled)",
pr_netaddr_get_ipstr(session.c->remote_addr),
session.conn_class->cls_name);
}
} else {
if (pr_netaddr_is_rfc1918(session.c->remote_addr) == TRUE) {
allowed = TRUE;
} else {
(void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION,
"forward proxying not allowed from non-RFC1918 client address %s",
pr_netaddr_get_ipstr(session.c->remote_addr));
}
}
if (allowed == FALSE) {
errno = EPERM;
return -1;
}
c = find_config(main_server->conf, CONF_PARAM, "ProxyForwardMethod", FALSE);
if (c != NULL) {
proxy_method = *((int *) c->argv[0]);
}
c = find_config(main_server->conf, CONF_PARAM, "ProxyRetryCount", FALSE);
if (c != NULL) {
forward_retry_count = *((int *) c->argv[0]);
}
return 0;
}
END_TEST
START_TEST (netaddr_is_rfc1918_test) {
int res;
const char *name;
pr_netaddr_t *addr;
res = pr_netaddr_is_rfc1918(NULL);
fail_unless(res == -1, "Failed to handle null arguments");
fail_unless(errno == EINVAL, "Failed to set errno to EINVAL");
name = "127.0.0.1";
addr = pr_netaddr_get_addr(p, name, NULL);
fail_unless(addr != NULL, "Failed to get addr for '%s': %s", name,
strerror(errno));
res = pr_netaddr_is_rfc1918(addr);
fail_unless(res == FALSE, "Failed to handle non-RFC1918 IPv4 address");
fail_unless(errno == EINVAL, "Failed to set errno to EINVAL, got %s (%d)",
strerror(errno), errno);
name = "::1";
addr = pr_netaddr_get_addr(p, name, NULL);
#ifdef PR_USE_IPV6
fail_unless(addr != NULL, "Failed to get addr for '%s': %s", name,
strerror(errno));
res = pr_netaddr_is_rfc1918(addr);
fail_unless(res == FALSE, "Failed to handle IPv6 address");
fail_unless(errno == EINVAL, "Failed to set errno to EINVAL");
#else
fail_unless(addr == NULL,
"IPv6 support disabled, should not be able to get addr for '%s'", name);
#endif /* PR_USE_IPV6 */
name = "10.0.0.1";
addr = pr_netaddr_get_addr(p, name, NULL);
fail_unless(addr != NULL, "Failed to get addr for '%s': %s", name,
strerror(errno));
res = pr_netaddr_is_rfc1918(addr);
fail_unless(res == TRUE, "Expected 'true' for address '%s'", name);
name = "192.168.0.1";
addr = pr_netaddr_get_addr(p, name, NULL);
fail_unless(addr != NULL, "Failed to get addr for '%s': %s", name,
strerror(errno));
res = pr_netaddr_is_rfc1918(addr);
fail_unless(res == TRUE, "Expected 'true' for address '%s'", name);
name = "172.31.200.55";
addr = pr_netaddr_get_addr(p, name, NULL);
fail_unless(addr != NULL, "Failed to get addr for '%s': %s", name,
strerror(errno));
res = pr_netaddr_is_rfc1918(addr);
fail_unless(res == TRUE, "Expected 'true' for address '%s'", name);
}