off_t loadsetsize( FILE *tran ) { char tline[ LINE_MAX ], line[ LINE_MAX ]; char **targv; int tac, linenum = 0; off_t size = 0; while ( fgets( tline, LINE_MAX, tran ) != NULL ) { linenum++; strcpy( line, tline ); if (( tac = argcargv( tline, &targv )) == 0 ) { continue; } switch ( *targv[ 0 ] ) { case 'a': case 'f': break; default: continue; } linecheck( line, tac, linenum ); size += strtoofft( targv[ 6 ], NULL, 10 ); } rewind( tran ); return( size ); }
int main (int argc, char **argv) /*{{{*/ { argc--; argv++; if (-1 == argcargv (&argc, &argv, Table)) { fprintf (stderr, "Error.\n"); return -1; } if (argc) { fprintf (stderr, "Unprocessed: %s\n", *argv); } fprintf (stdout, "i1 = %d\n", I1); fprintf (stdout, "i2 = %d\n", I2); fprintf (stdout, "s1 = %s\n", (S1 == NULL) ? "NULL" : S1); fprintf (stdout, "s2 = %s\n", (S2 == NULL) ? "NULL" : S2); return 0; }
off_t lcksum_loadsetsize( FILE *tran, char *prefix ) { char tline[ LINE_MAX ], line[ LINE_MAX ]; char *d_path = NULL; char **targv; int tac, linenum = 0; off_t size = 0; while ( fgets( tline, LINE_MAX, tran ) != NULL ) { linenum++; strcpy( line, tline ); if (( tac = argcargv( tline, &targv )) <= 1 ) { continue; } if ( prefix != NULL ) { if (( d_path = decode( targv[ 1 ] )) == NULL ) { fprintf( stderr, "%d: path too long\n", linenum ); exit( 2 ); } if ( strncmp( d_path, prefix, strlen( prefix )) != 0 ) { continue; } } switch ( *targv[ 0 ] ) { case 'a': case 'f': linecheck( line, tac, linenum ); size += strtoofft( targv[ 6 ], NULL, 10 ); default: size += PROGRESSUNIT; break; } } rewind( tran ); return( size ); }
off_t applyloadsetsize( FILE *tran ) { char tline[ LINE_MAX ], line[ LINE_MAX ]; char **targv; int tac, linenum = 0; off_t size = 0; while ( fgets( tline, LINE_MAX, tran ) != NULL ) { linenum++; strcpy( line, tline ); /* skip empty lines and transcript marker lines */ if (( tac = argcargv( tline, &targv )) <= 1 ) { continue; } switch ( *targv[ 0 ] ) { case '+': switch ( *targv[ 1 ] ) { case 'a': case 'f': linecheck( line, tac, linenum ); size += strtoofft( targv[ 7 ], NULL, 10 ); default: break; } default: break; } size += PROGRESSUNIT; } rewind( tran ); return( size ); }
int cmdloop( int fd, struct sockaddr_in *sin ) { SNET *sn; struct hostent *hp; char *p; int ac, i; int one = 1; unsigned int n; char **av, *line; struct timeval tv; extern char *version; extern int connections; extern int maxconnections; extern int rap_extensions; if ( authlevel == 0 ) { commands = noauth; ncommands = sizeof( noauth ) / sizeof( noauth[ 0 ] ); } else { commands = notls; ncommands = sizeof( notls ) / sizeof( notls[ 0 ] ); } if (( sn = snet_attach( fd, 1024 * 1024 )) == NULL ) { syslog( LOG_ERR, "snet_attach: %m" ); exit( 1 ); } remote_addr = strdup( inet_ntoa( sin->sin_addr )); if (( hp = gethostbyaddr( (char *)&sin->sin_addr, sizeof( struct in_addr ), AF_INET )) == NULL ) { remote_host = strdup( remote_addr ); } else { /* set global remote_host for retr command */ remote_host = strdup( hp->h_name ); for ( p = remote_host; *p != '\0'; p++ ) { *p = tolower( *p ); } } syslog( LOG_INFO, "child for [%s] %s", inet_ntoa( sin->sin_addr ), remote_host ); if ( setsockopt( fd, 6, TCP_NODELAY, &one, sizeof( one )) < 0 ) { syslog( LOG_ERR, "setsockopt: %m" ); } if ( maxconnections != 0 ) { if ( connections > maxconnections ) { syslog( LOG_INFO, "%s: connection refused: server busy\r\n", remote_host ); snet_writef( sn, "%d Server busy\r\n", 420 ); exit( 1 ); } } if (( access_list = list_new( )) == NULL ) { syslog( LOG_ERR, "new_list: %m" ); snet_writef( sn, "%d Service not available, closing transmission channel\r\n", 421 ); return( -1 ); } if ( authlevel == 0 ) { /* lookup proper command file based on the hostname, IP or CN */ if ( command_k( "config", 0 ) < 0 ) { syslog( LOG_INFO, "%s: Access denied: Not in config file", remote_host ); snet_writef( sn, "%d No access for %s\r\n", 500, remote_host ); exit( 1 ); } else { if ( read_kfile( sn, command_file ) != 0 ) { /* error message given in read_kfile */ exit( 1 ); } commands = auth; ncommands = sizeof( auth ) / sizeof( auth[ 0 ] ); } } if ( gethostname( hostname, MAXHOSTNAMELEN ) < 0 ) { syslog( LOG_ERR, "gethostname: %m" ); exit( 1 ); } snet_writef( sn, "200%sRAP 1 %s %s radmind access protocol\r\n", rap_extensions ? "-" : " ", hostname, version ); if ( rap_extensions ) { snet_writef( sn, "200 CAPA" ); #ifdef HAVE_ZLIB if ( max_zlib_level > 0 ) { snet_writef( sn, " ZLIB" ); } #endif /* HAVE_ZLIB */ snet_writef( sn, " REPO" ); snet_writef( sn, "\r\n" ); } /* * 60 minutes * To make fsdiff | lapply work, when fsdiff will take a long time, * we allow the server to wait a long time. */ tv.tv_sec = 60 * 60; tv.tv_usec = 0 ; while (( line = snet_getline( sn, &tv )) != NULL ) { tv.tv_sec = 60 * 60; tv.tv_usec = 0; if ( debug ) { fprintf( stderr, "<<< %s\n", line ); } if (( ac = argcargv( line, &av )) < 0 ) { syslog( LOG_ERR, "argcargv: %m" ); return( 1 ); } if ( ac == 0 ) { snet_writef( sn, "%d Illegal null command\r\n", 501 ); continue; } for ( i = 0; i < ncommands; i++ ) { n = MAX( strlen( av[ 0 ] ), 4 ); if ( strncasecmp( av[ 0 ], commands[ i ].c_name, n ) == 0 ) { break; } } if ( i >= ncommands ) { snet_writef( sn, "%d Command %s unrecognized\r\n", 500, av[ 0 ] ); continue; } if ( (*(commands[ i ].c_func))( sn, ac, av ) < 0 ) { break; } } snet_writef( sn, "%d Server closing connection\r\n", 444 ); if ( line == NULL ) { syslog( LOG_ERR, "snet_getline: %m" ); } return( 0 ); }
/* sets command file for connected host */ int command_k( char *path_config, int depth ) { SNET *sn; char **av, *line, *p; char *valid_host; char temp[ MAXPATHLEN ]; int ac; int rc = -1; int linenum = 0; if (( sn = snet_open( path_config, O_RDONLY, 0, 0 )) == NULL ) { syslog( LOG_ERR, "command_k: snet_open: %s: %m", path_config ); return( -1 ); } while (( line = snet_getline( sn, NULL )) != NULL ) { linenum++; if (( ac = argcargv( line, &av )) < 0 ) { syslog( LOG_ERR, "argvargc: %m" ); goto command_k_done; } if ( ( ac == 0 ) || ( *av[ 0 ] == '#' ) ) { continue; } if ( ac < 2 ) { syslog( LOG_ERR, "%s: line %d: invalid number of arguments", path_config, linenum ); continue; } if ( strcmp( av[ 0 ], "@include" ) == 0 ) { if ( depth >= RADMIND_MAX_INCLUDE_DEPTH ) { syslog( LOG_ERR, "%s: line %d: include %s exceeds max depth", path_config, linenum, av[ 1 ] ); goto command_k_done; } if ( ac > 3 ) { syslog( LOG_ERR, "%s: line %d: invalid number of arguments", path_config, linenum ); continue; } else if ( ac == 3 ) { if ( match_config_entry( av[ 2 ] ) == NULL ) { /* connecting host doesn't match pattern, skip include. */ continue; } } if ( command_k( av[ 1 ], depth + 1 ) != 0 ) { continue; } rc = 0; goto command_k_done; } if (( ac > 2 ) && ( *av[ 2 ] != '#' )) { syslog( LOG_ERR, "%s: line %d: invalid number of arguments", path_config, linenum ); continue; } if (( p = strrchr( av[ 1 ], '/' )) == NULL ) { sprintf( special_dir, "special" ); } else { *p = '\0'; if ( snprintf( special_dir, MAXPATHLEN, "special/%s", av[ 1 ] ) >= MAXPATHLEN ) { syslog( LOG_ERR, "config file: line %d: path too long\n", linenum ); continue; } *p = '/'; } if (( valid_host = match_config_entry( av[ 0 ] )) != NULL ) { if ( strlen( av[ 1 ] ) >= MAXPATHLEN ) { syslog( LOG_ERR, "config file: line %d: command file too long\n", linenum ); continue; } strcpy( command_file, av[ 1 ] ); if ( snprintf( temp, MAXPATHLEN, "%s/%s", special_dir, valid_host ) >= MAXPATHLEN ) { syslog( LOG_ERR, "config file: line %d: special dir too long\n", linenum ); continue; } strcpy( special_dir, temp ); rc = 0; goto command_k_done; } } /* If we get here, the host that connected is not in the config file. So screw him. */ syslog( LOG_ERR, "host %s not in config file %s", remote_host, path_config ); command_k_done: snet_close( sn ); return( rc ); }
int f_time( SNET *sn, int ac, char *av[], SNET *pushersn ) { struct utimbuf new_time; struct stat st; struct timeval tv; int timestamp, state; int total = 0, fail = 0; char *line, path[ MAXPATHLEN ]; /* TIME */ /* 3xx */ /* login_cookie timestamp state */ /* . */ if ( al->al_key != CGI ) { syslog( LOG_ERR, "%s not allowed to tell time", al->al_hostname ); snet_writef( sn, "%d TIME: %s not allowed to propogate time.\r\n", 460, al->al_hostname ); return( 1 ); } if ( ac != 1 ) { syslog( LOG_ERR, "f_time: expected 1 argument, got %d", ac ); snet_writef( sn, "%d TIME: Wrong number of args.\r\n", 560 ); return( 1 ); } snet_writef( sn, "%d TIME: Send timestamps.\r\n", 360 ); tv = cosign_net_timeout; while (( line = snet_getline( sn, &tv )) != NULL ) { tv = cosign_net_timeout; if (( ac = argcargv( line, &av )) < 0 ) { syslog( LOG_ERR, "argcargv: %m" ); break; } if ( strcmp( line, "." ) == 0 ) { break; } if ( ac != 3 ) { syslog( LOG_ERR, "f_time: wrong number of args" ); continue; } if ( strncmp( av[ 0 ], "cosign=", 7 ) != 0 ) { syslog( LOG_ERR, "f_time: cookie name malformat" ); continue; } if ( mkcookiepath( NULL, hashlen, av[ 0 ], path, sizeof( path )) < 0 ) { syslog( LOG_ERR, "f_time: path name malformat" ); continue; } total++; if ( stat( path, &st ) != 0 ) { /* record a missing cookie here */ fail++; continue; } timestamp = atoi( av[ 1 ] ); if ( timestamp > st.st_mtime ) { new_time.modtime = timestamp; utime( path, &new_time ); } state = atoi( av[ 2 ] ); if (( state == 0 ) && (( st.st_mode & S_ISGID ) != 0 )) { if ( do_logout( path ) < 0 ) { syslog( LOG_ERR, "f_time: %s should be logged out!", path ); } } } if ( total != 0 ) { syslog( LOG_NOTICE, "STATS TIME %s: %d tried, %d%% success", al->al_hostname, total, 100 * ( total - fail ) / total ); } snet_writef( sn, "%d TIME successful: we are now up-to-date\r\n", 260 ); return( 0 ); }
int command( int fd, SNET *pushersn ) { SNET *snet; int ac, i, zero = 0; char **av, *line; struct timeval tv; extern int errno; double rate; struct protoent *proto; if (( proto = getprotobyname( "tcp" )) != NULL ) { if ( setsockopt( fd, proto->p_proto, TCP_NODELAY, &zero, sizeof( zero )) < 0 ) { syslog( LOG_ERR, "setsockopt TCP_NODELAY: %m" ); } } if (( snet = snet_attach( fd, 1024 * 1024 )) == NULL ) { syslog( LOG_ERR, "snet_attach: %m" ); exit( 1 ); } /* for debugging, TLS not required but still available. we * need to do the authlist look up here b/c it normally happens * in the starttls code which we may not even call. All the * f_cmds require an "al". */ if ( tlsopt ) { commands = auth_commands; ncommands = sizeof( auth_commands ) / sizeof( auth_commands[ 0 ] ); if (( al = authlist_find( "NOTLS" )) == NULL ) { syslog( LOG_ERR, "No debugging access" ); snet_writef( snet, "%d No NOTLS access\r\n", 508 ); exit( 1 ); } } /* * because of problems with legacy client protocol checks, we return a * list of capabilities on the same line as the banner. a multi-line * banner would be more in the SMTP-like vernacular, but the IIS & Java * legacy clients don't handle multi-line banner output gracefully. * * 220 2 Collaborative Web Single Sign-On [ CAPA1 CAPA2 ... ]\r\n */ banner( snet ); tv = cosign_net_timeout; while (( line = snet_getline( snet, &tv )) != NULL ) { /* log everything we get to stdout if we're debugging */ tv = cosign_net_timeout; if ( debug ) { printf( "debug: %s\n", line ); } if (( ac = argcargv( line, &av )) < 0 ) { syslog( LOG_ERR, "argcargv: %m" ); break; } if ( ac == 0 ) { snet_writef( snet, "%d Command unrecognized\r\n", 501 ); continue; } for ( i = 0; i < ncommands; i++ ) { if ( strcasecmp( av[ 0 ], commands[ i ].c_name ) == 0 ) { break; } } if ( i >= ncommands ) { snet_writef( snet, "%d Command %s unregcognized\r\n", 500, av[ 0 ] ); continue; } if ( (*(commands[ i ].c_func))( snet, ac, av, pushersn ) < 0 ) { break; } } if (( rate = rate_get( &checkpass )) != 0.0 ) { syslog( LOG_NOTICE, "STATS CHECK %s: PASS %.5f / sec", inet_ntoa( cosign_sin.sin_addr), rate ); } if (( rate = rate_get( &checkfail )) != 0.0 ) { syslog( LOG_NOTICE, "STATS CHECK %s: FAIL %.5f / sec", inet_ntoa( cosign_sin.sin_addr), rate ); } if (( rate = rate_get( &checkunknown )) != 0.0 ) { syslog( LOG_NOTICE, "STATS CHECK %s: UNKNOWN %.5f / sec", inet_ntoa( cosign_sin.sin_addr), rate ); } if ( line != NULL ) { snet_writef( snet, "491 Service not available, closing transmission channel\r\n" ); } else { if ( snet_eof( snet )) { exit( 0 ); } else if ( errno == ETIMEDOUT ) { exit( 0 ); } else { syslog( LOG_ERR, "snet_getline: %m" ); } } exit( 1 ); }
static int connect_sn( struct connlist *cl, cosign_host_config *cfg, void *s ) { int sock, zero = 0, ac = 0, state, i; char *line, buf[ 1024 ], **av; X509 *peer; struct timeval tv; struct protoent *proto; if (( sock = socket( PF_INET, SOCK_STREAM, 0 )) < 0 ) { cosign_log( APLOG_ERR, s, "mod_cosign: connect_sn: socket" ); return( -1 ); } if (( proto = getprotobyname( "tcp" )) != NULL ) { if ( setsockopt( sock, proto->p_proto, TCP_NODELAY, &zero, sizeof( zero )) < 0 ) { cosign_log( APLOG_ERR, s, "mod_cosign: connect_sn: setsockopt: TCP_NODELAY" ); } } if ( connect( sock, ( struct sockaddr *)&cl->conn_sin, sizeof( struct sockaddr_in )) != 0 ) { cosign_log( APLOG_ERR, s, "mod_cosign: connect_sn: connect" ); (void)close( sock ); return( -1 ); } if (( cl->conn_sn = snet_attach( sock, 1024 * 1024 ) ) == NULL ) { cosign_log( APLOG_ERR, s, "mod_cosign: connect_sn: snet_attach failed" ); (void)close( sock ); return( -1 ); } tv = timeout; if (( line = snet_getline( cl->conn_sn, &tv )) == NULL ) { cosign_log( APLOG_ERR, s, "mod_cosign: connect_sn: snet_getline failed" ); goto done; } if ( *line != '2' ) { cosign_log( APLOG_ERR, s, "mod_cosign: connect_sn: %s", line ); goto done; } if (( ac = argcargv( line, &av )) < 4 ) { cosign_log( APLOG_ERR, s, "mod_cosign: argcargv: %s", line ); goto done; } errno = 0; cl->conn_proto = strtol( av[ 1 ], (char **)NULL, 10 ); if ( errno ) { cosign_log( APLOG_ERR, s, "mod_cosign: unrecognized protocol " "version %s, falling back to protocol v0", av[1]); cl->conn_proto = COSIGN_PROTO_V0; } if ( cfg->reqfc > 0 && !COSIGN_PROTO_SUPPORTS_FACTORS( cl->conn_proto )) { cosign_log( APLOG_ERR, s, "mod_cosign: required v2 or greater " "protocol unsupported by server " "(server protocol version: %s)", av[ 1 ] ); goto done; } cl->conn_capa = COSIGN_CAPA_DEFAULTS; if ( ac > 6 ) { /* "220 2 Collaborative Web Single Sign-On [COSIGNv3 REKEY ...]" */ ac -= 6; av += 6; if ( capa_parse( ac, av, cl, s ) < 0 ) { cosign_log( APLOG_ERR, s, "mod_cosign: failed to parse server " "capabilities" ); goto done; } } else { /* pre-3.1: "220 2 Collaborative Web Single Sign-On" */ if ( COSIGN_PROTO_SUPPORTS_FACTORS( cl->conn_proto )) { cl->conn_capa |= COSIGN_CAPA_FACTORS; } } if ( cl->conn_proto >= COSIGN_PROTO_V2 ) { if ( snet_writef( cl->conn_sn, "STARTTLS %d\r\n", cl->conn_proto ) < 0 ) { cosign_log( APLOG_ERR, s, "mod_cosign: connect_sn: starttls 2 failed" ); goto done; } } else { if ( snet_writef( cl->conn_sn, "STARTTLS\r\n" ) < 0 ) { cosign_log( APLOG_ERR, s, "mod_cosign: connect_sn: starttls failed" ); goto done; } } tv = timeout; if (( line = snet_getline_multi( cl->conn_sn, logger, &tv )) == NULL ) { cosign_log( APLOG_ERR, s, "mod_cosign: connect_sn: snet_getline_multi failed" ); goto done; } if ( snet_starttls( cl->conn_sn, cfg->ctx, 0 ) != 1 ) { cosign_log( APLOG_ERR, s, "mod_cosign: snet_starttls: %s", ERR_error_string( ERR_get_error(), NULL )); goto done; } if (( peer = SSL_get_peer_certificate( cl->conn_sn->sn_ssl )) == NULL ) { cosign_log( APLOG_ERR, s, "mod_cosign: connect_sn: no certificate" ); goto done; } X509_NAME_get_text_by_NID( X509_get_subject_name( peer ), NID_commonName, buf, sizeof( buf )); X509_free( peer ); /* cn and host must match */ if ( strcasecmp( buf, cfg->host ) != 0 ) { cosign_log( APLOG_ERR, s, "mod_cosign: connect_sn: cn=%s & host=%s " "don't match!", buf, cfg->host ); goto done; } if ( cl->conn_proto >= COSIGN_PROTO_V2 ) { tv = timeout; if (( line = snet_getline_multi( cl->conn_sn, logger, &tv )) == NULL ) { cosign_log( APLOG_ERR, s, "mod_cosign: connect_sn: snet_getline_multi failed" ); goto done; } if ( *line != '2' ) { cosign_log( APLOG_ERR, s, "mod_cosign: starttls 2: %s", line ); goto done; } } return( 0 ); done: if ( snet_close( cl->conn_sn ) != 0 ) { cosign_log( APLOG_ERR, s, "mod_cosign: connect_sn: snet_close failed" ); } cl->conn_sn = NULL; cl->conn_proto = COSIGN_PROTO_V0; return( -1 ); }
static int netcheck_cookie( char *scookie, char **rekey, struct sinfo *si, struct connlist *conn, void *s, cosign_host_config *cfg ) { int i, j, ac, rc, mf, fc = cfg->reqfc; char *p, *line, **av, **fv = cfg->reqfv; char *rekeyed_cookie = NULL; char *cmd = "CHECK"; struct timeval tv; SNET *sn = conn->conn_sn; extern int errno; /* REKEY service-cookie */ if ( rekey != NULL && COSIGN_CONN_SUPPORTS_REKEY( conn )) { cmd = "REKEY"; } if ( snet_writef( sn, "%s %s\r\n", cmd, scookie ) < 0 ) { cosign_log( APLOG_ERR, s, "mod_cosign: netcheck_cookie: " "snet_writef %s failed", cmd ); return( COSIGN_ERROR ); } tv = timeout; if (( line = snet_getline_multi( sn, logger, &tv )) == NULL ) { if ( !snet_eof( sn )) { cosign_log( APLOG_ERR, s, "mod_cosign: netcheck_cookie: snet_getline_multi: %s", strerror( errno )); } return( COSIGN_ERROR ); } switch( *line ) { case '2': if (( rate = rate_tick( &checkpass )) != 0.0 ) { cosign_log( APLOG_NOTICE, s, "mod_cosign: STATS CHECK %s: PASS %.5f / sec", inet_ntoa( conn->conn_sin.sin_addr ), rate ); } break; case '4': if (( rate = rate_tick( &checkfail )) != 0.0 ) { cosign_log( APLOG_NOTICE, s, "mod_cosign: STATS CHECK %s: FAIL %.5f / sec", inet_ntoa( conn->conn_sin.sin_addr ), rate ); } return( COSIGN_LOGGED_OUT ); case '5': /* choose another connection */ if (( rate = rate_tick( &checkunknown )) != 0.0 ) { cosign_log( APLOG_NOTICE, s, "mod_cosign: STATS CHECK %s: UNKNOWN %.5f / sec", inet_ntoa( conn->conn_sin.sin_addr ), rate ); } return( COSIGN_RETRY ); default: cosign_log( APLOG_ERR, s, "mod_cosign: netcheck_cookie: %s", line ); return( COSIGN_ERROR ); } if (( ac = argcargv( line, &av )) < 4 ) { cosign_log( APLOG_ERR, s, "mod_cosign: netcheck_cookie: wrong num of args: %s", line ); return( COSIGN_ERROR ); } if ( rekey != NULL && COSIGN_CONN_SUPPORTS_REKEY( conn )) { /* last factor is penultimate argument */ mf = ac - 1; } else { /* last factor is last argument */ mf = ac; } /* I guess we check some sizing here :) */ if ( strlen( av[ 1 ] ) >= sizeof( si->si_ipaddr )) { cosign_log( APLOG_ERR, s, "mod_cosign: netcheck_cookie: IP address too long" ); return( COSIGN_ERROR ); } strcpy( si->si_ipaddr, av[ 1 ] ); if ( strlen( av[ 2 ] ) >= sizeof( si->si_user )) { cosign_log( APLOG_ERR, s, "mod_cosign: netcheck_cookie: username too long" ); return( COSIGN_ERROR ); } strcpy( si->si_user, av[ 2 ] ); si->si_protocol = conn->conn_proto; if ( COSIGN_PROTO_SUPPORTS_FACTORS( conn->conn_proto )) { for ( i = 0; i < fc; i++ ) { for ( j = 3; j < mf; j++ ) { if ( strcmp( fv[ i ], av[ j ] ) == 0 ) { break; } if ( cfg->suffix != NULL ) { if (( p = strstr( av[ j ], cfg->suffix )) != NULL ) { if (( strlen( p )) == ( strlen( cfg->suffix ))) { *p = '\0'; rc = strcmp( fv[ i ], av[ j ] ); *p = *cfg->suffix; if ( rc == 0 ) { if ( cfg->fake == 1 ) { break; } else { cosign_log( APLOG_ERR, s, "mod_cosign: netcheck: factor %s " "matches with suffix %s, but suffix " "matching is OFF", av[ j ], cfg->suffix ); return( COSIGN_ERROR ); } } } } } } if ( j >= mf ) { /* a required factor wasn't in the check line */ break; } } if ( i < fc ) { /* we broke out early */ cosign_log( APLOG_ERR, s, "mod_cosign: netcheck_cookie: we broke out early" ); return( COSIGN_RETRY ); } if ( strlen( av[ 3 ] ) + 1 > sizeof( si->si_factor )) { cosign_log( APLOG_ERR, s, "mod_cosign: netcheck: factor %s too long", av[ 3 ] ); return( COSIGN_ERROR ); } strcpy( si->si_factor, av[ 3 ] ); for ( i = 4; i < mf; i++ ) { if ( strlen( av[ i ] ) + 1 + 1 > sizeof( si->si_factor ) - strlen( si->si_factor )) { cosign_log( APLOG_ERR, s, "mod_cosign: netcheck: factor %s too long", av[ i ] ); return( COSIGN_ERROR ); } strcat( si->si_factor, " " ); strcat( si->si_factor, av[ i ] ); } } if ( strlen( av[ 3 ] ) >= sizeof( si->si_realm )) { cosign_log( APLOG_ERR, s, "mod_cosign: netcheck_cookie: realm too long" ); return( COSIGN_ERROR ); } strcpy( si->si_realm, av[ 3 ] ); #ifdef KRB *si->si_krb5tkt = '\0'; #endif /* KRB */ if ( rekey != NULL && COSIGN_CONN_SUPPORTS_REKEY( conn )) { if ( strncmp( av[ ac - 1 ], "cosign-", strlen( "cosign-" )) != 0 ) { cosign_log( APLOG_ERR, s, "mod_cosign: netcheck_cookie: " "bad rekeyed cookie \"%s\"", av[ ac - 1 ] ); return( COSIGN_ERROR ); } if (( rekeyed_cookie = strdup( av[ ac - 1 ] )) == NULL ) { cosign_log( APLOG_ERR, s, "mod_cosign: netcheck_cookie: " "strdup rekeyed cookie: %s", strerror( errno )); return( COSIGN_ERROR ); } *rekey = rekeyed_cookie; } return( COSIGN_OK ); }