int
mac_socket_check_accepted(kauth_cred_t cred, struct socket *so)
{
struct sockaddr *sockaddr;
int error;
if (!mac_socket_enforce)
return 0;
if (sock_getaddr((socket_t)so, &sockaddr, 1) != 0) {
error = ECONNABORTED;
} else {
MAC_CHECK(socket_check_accepted, cred,
(socket_t)so, so->so_label, sockaddr);
sock_freeaddr(sockaddr);
}
return (error);
}
int
mac_socket_check_accepted(kauth_cred_t cred, struct socket *so)
{
struct sockaddr *sockaddr;
int error;
#if SECURITY_MAC_CHECK_ENFORCE
/* 21167099 - only check if we allow write */
if (!mac_socket_enforce)
return 0;
#endif
if (sock_getaddr((socket_t)so, &sockaddr, 1) != 0) {
error = ECONNABORTED;
} else {
MAC_CHECK(socket_check_accepted, cred,
(socket_t)so, so->so_label, sockaddr);
sock_freeaddr(sockaddr);
}
return (error);
}
int
main(int argc, char **argv)
{
int i;
char *device;
char *rasname;
int physport;
int ptyiosize;
int netiosize;
int retrydelay;
int retry, nretries;
int opt;
int retst;
int devmodem;
int closemode;
int baseport;
struct sockaddr_un control_addr;
struct sigaction act;
struct stat stat_buf;
act.sa_handler = SIG_IGN;
if (sigaction(SIGPIPE, &act, NULL))
sysmessage(MSG_ERR, "Can't block SIGPIPE.\n");
ptyiosize = DEV_DEFIOSZ;
netiosize = SOCK_DEFIOSZ;
retrydelay = RETRY_DELAY;
nretries = NUM_RETRIES;
Nvt.servertype = SRV_RTELNET;
devmodem = DEV_MODEM;
closemode = CLOSE_HANG;
baseport = 0;
Console = FALSE;
Foreground = FALSE;
LogFile = NULL;
Pgname = argv[0];
Debug = 0;
while ((opt = getopt(argc, argv, "u:n:r:fi:st:m:c:p:d:xvhHl:")) != EOF) {
switch (opt) {
case 'u':
ptyiosize = atoi(optarg);
if (ptyiosize > DEV_MAXIOSZ) {
ptyiosize = DEV_MAXIOSZ;
}
break;
case 'n':
netiosize = atoi(optarg);
if (netiosize > SOCK_MAXIOSZ) {
netiosize = SOCK_MAXIOSZ;
}
break;
case 'r':
nretries = atoi(optarg);
break;
case 'f':
Foreground = TRUE;
break;
case 'i':
retrydelay = atoi(optarg) * 1000;
break;
case 's':
Nvt.servertype = SRV_SOCKET;
if (!baseport)
baseport = SOCKET_BASE;
break;
case 'm':
devmodem = atoi(optarg);
break;
case 'c':
closemode = atoi(optarg);
break;
case 'p':
baseport = atoi(optarg);
break;
case 'd':
Debug = atoi(optarg);
break;
case 'x':
Console = TRUE;
Foreground = TRUE;
break;
case 'v':
printf("%s\n", Version);
exit(E_NORMAL);
case 'l':
LogFile = strdup(optarg);
break;
case 'h':
case 'H':
default:
helpmsg();
exit(E_PARMINVAL);
}
}
if (!baseport)
baseport = RTELNET_BASE;
argc -= optind;
argv += optind;
if (argc != 3) {
helpmsg();
exit(E_PARMINVAL);
}
device = argv[0];
mkidmsg(Pgname, device);
rasname = argv[1];
physport = atoi(argv[2]);
if (physport == 0) {
if (Nvt.servertype == SRV_RTELNET) {
baseport = RTELNET_STD;
}
else {
fprintf(stderr,
"%s: Physical port must be > 0 for socket service\n",
Idmsg);
exit(E_PARMINVAL);
}
}
init_system();
/* Get socket and device addresses */
if ((retst = dev_getaddr(device)) != E_NORMAL) {
exit(retst);
}
if (Nvt.servertype == SRV_RTELNET) {
P_contr_listen = socket(PF_UNIX, SOCK_STREAM, 0);
if (P_contr_listen == -1) {
sysmessage(MSG_ERR, "Can't create Unix socket.\n");
exit(1);
}
control_addr.sun_family = AF_UNIX;
snprintf(P_contrname, sizeof(P_contrname), "%s.control", device);
P_contrname[sizeof(P_contrname) - 1] = '\0';
if (!stat(P_contrname, &stat_buf)) {
sysmessage(MSG_WARNING, "Removing old control socket \"%s\".\n",
P_contrname);
unlink(P_contrname);
}
strcpy(control_addr.sun_path, P_contrname);
if (bind
(P_contr_listen, (struct sockaddr *) &control_addr,
sizeof(control_addr)) || listen(P_contr_listen, 8)) {
sysmessage(MSG_ERR, "Can't bind Unix socket.\n");
exit(1);
}
for (i = 0; i < MAX_CONTROL_SOCKS; i++)
P_contr[i] = -1;
}
if ((retst = sock_getaddr(rasname, baseport, physport)) != E_NORMAL)
exit(retst);
retry = 0;
if (!Foreground)
daemon(0, 0);
while (retry < nretries) {
if (retry) {
if (retrydelay) {
sysdelay(retrydelay);
}
sysmessage(MSG_WARNING, "Trying again ... \n");
}
if ((retst = sock_link(netiosize)) != E_NORMAL) {
if (retst != E_CONNECT) {
doexit(retst);
}
retry++;
continue;
}
retry = 0;
tsr_init(netiosize, ptyiosize, devmodem, closemode);
/* Main scheduler */
tsr_io();
retry++;
}
sysmessage(MSG_ERR, "Exiting ...\n");
doexit(E_RETRYEND);
/* Not Reached */
return 0; /* gcc gives a warning otherwise */
}
