static int handle_blacklist_config(struct nlmsghdr *nl_hdr, struct request_hdr *jool_hdr,
union request_pool *request)
{
__u64 count;
int error;
if (xlat_is_nat64()) {
log_err("Blacklist does not apply to Stateful NAT64.");
return -EINVAL;
}
switch (jool_hdr->operation) {
case OP_DISPLAY:
log_debug("Sending Blacklist pool to userspace.");
return handle_blacklist_display(nl_hdr, request);
case OP_COUNT:
log_debug("Returning address count in the Blacklist pool.");
error = blacklist_count(&count);
if (error)
return respond_error(nl_hdr, error);
return respond_setcfg(nl_hdr, &count, sizeof(count));
case OP_ADD:
if (verify_superpriv())
return respond_error(nl_hdr, -EPERM);
log_debug("Adding an address to the Blacklist pool.");
return respond_error(nl_hdr, blacklist_add(&request->add.addrs));
case OP_REMOVE:
if (verify_superpriv())
return respond_error(nl_hdr, -EPERM);
log_debug("Removing an address from the Blacklist pool.");
return respond_error(nl_hdr, blacklist_rm(&request->rm.addrs));
case OP_FLUSH:
if (verify_superpriv())
return respond_error(nl_hdr, -EPERM);
log_debug("Flushing the Blacklist pool...");
return respond_error(nl_hdr, blacklist_flush());
default:
log_err("Unknown operation: %d", jool_hdr->operation);
return respond_error(nl_hdr, -EINVAL);
}
}
static void test_blacklist_reading_valid_blacklists(void)
{
const gchar *test_blacklists[] = {
simple_blacklist,
trim_blacklist,
comment_blacklist,
NULL
};
int i;
blacklist_clear();
for (i = 0; test_blacklists[i]; i++) {
struct blacklist_data *data;
char tmplate[] = "/tmp/test-jolla-blacklist.XXXXXX";
int fd = mkstemp(tmplate);
g_assert_cmpint(fd, >=, 0);
g_assert(g_file_set_contents(tmplate,
test_blacklists[i],
strlen(test_blacklists[i]),
NULL) == TRUE);
g_assert(blacklist_add("/home/nemo", tmplate) == 0);
/* Check data is as expected */
g_assert_cmpint(g_slist_length(blacklists), ==, 1);
data = blacklists->data;
g_assert_cmpstr(data->path, ==, "/home/nemo");
g_assert_cmpint(data->elem->len, ==, 3);
g_assert_cmpstr(data->elem->pdata[0], ==, ".ssh");
g_assert_cmpstr(data->elem->pdata[1], ==, ".invisible_file");
g_assert_cmpstr(data->elem->pdata[2], ==, "Music/DRM");
close(fd);
unlink(tmplate);
blacklist_clear();
}
}
static error_t parse_opt (int key, char *arg, struct argp_state *state)
{
switch(key) {
case '4':
cfg.v4_flag = 1;
cfg.v6_flag = 0;
break;
case '6':
cfg.v6_flag = 1;
cfg.v4_flag = 0;
break;
case 'b':
blacklist_add(arg);
break;
case 'd':
cfg.daemon_flag = 1;
cfg.quiet = 1;
break;
case 'H':
cfg.hashsize = atoi(arg);
break;
case 'L':
cfg.shm_data.size = atoi(arg);
if (cfg.shm_data.size < 1)
cfg.shm_data.size = 1;
break;
case 'm':
cfg.shm_data.name = arg;
break;
case 'o':
cfg.data_file = arg;
break;
case 'p':
cfg.pid_file = arg;
break;
case 'P':
cfg.promisc_flag = 0;
break;
case 'q':
cfg.quiet = 1;
break;
case 'r':
cfg.ratelimit = atoi(arg);
if (cfg.ratelimit < -1)
cfg.ratelimit = -1;
break;
#if HAVE_LIBSQLITE3
case 's':
cfg.sqlite_file = arg;
break;
case 2:
cfg.sqlite_table = arg;
break;
#endif
case 'u':
cfg.uname = arg;
break;
case 'h':
cfg.hostname = strdup(arg);
cfg.hostname_len = strlen(arg) + 1;
break;
case 'v':
log_max_priority(LOG_DEBUG);
break;
default:
return ARGP_ERR_UNKNOWN;
break;
}
return 0;
}
static void test_blacklist_matching(void)
{
const gchar *test_blacklists[] = {
home_nemo_blacklist,
home_nemo_Documents_blacklist,
sdcard_blacklist,
NULL
};
const gchar *test_blacklist_roots[] = {
"/home/nemo",
"/home/nemo/Documents",
"/media/sdcard",
NULL
};
const gchar *matching_paths[] = {
"/home/nemo/.ssh",
"/home/nemo/.ssh/",
"/home/nemo/.ssh/./",
"/home/nemo/../nemo/.ssh",
"/home/nemo/.invisible_file",
"/home/nemo/Music/DRM/BoringArtist/BoringAlbum",
"/home/nemo/Documents/Mailbox/John_Doe",
"/home/nemo/Documents/Work/Restricted/schedule.ppt",
"/media/sdcard/Music/DRM/BoringArtist/BoringAlbum",
NULL
};
const gchar *non_matching_paths[] = {
"/home/nemo",
"/home/nemo/.invisible_file2",
"/home/nemo/Documents",
"/home/nemo/Documents/Shared",
"/home/nemo/Music",
"/home/nemo/Music/GoodArtist",
"/home",
"/usr",
"/",
"/media/sdcard/Music/GoodArtist",
NULL
};
int i;
blacklist_clear();
for (i = 0; test_blacklists[i]; i++) {
char tmplate[] = "/tmp/test-jolla-blacklist.XXXXXX";
int fd = mkstemp(tmplate);
g_assert_cmpint(fd, >=, 0);
g_assert(g_file_set_contents(tmplate,
test_blacklists[i],
strlen(test_blacklists[i]),
NULL) == TRUE);
g_assert(blacklist_add(test_blacklist_roots[i], tmplate) == 0);
close(fd);
unlink(tmplate);
}
for (i = 0; matching_paths[i]; i++)
g_assert(blacklist_match(matching_paths[i]) == TRUE);
for (i = 0; non_matching_paths[i]; i++)
g_assert(blacklist_match(non_matching_paths[i]) == FALSE);
g_assert(blacklist_match(NULL) == FALSE);
g_assert(blacklist_match("not/absolute/path") == FALSE);
blacklist_clear();
}
static error_t parse_opt (int key, char *arg, struct argp_state *state)
{
switch(key) {
case '4':
cfg.v4_flag = 1;
cfg.v6_flag = 0;
break;
case '6':
cfg.v6_flag = 1;
cfg.v4_flag = 0;
break;
case 'b':
blacklist_add(arg);
break;
case 'd':
cfg.daemon_flag = 1;
cfg.quiet = 1;
break;
case 'H':
cfg.hashsize = atoi(arg);
break;
case 'l':
cfg.syslog_flag = 1;
break;
case 'o':
cfg.data_file = arg;
break;
case 'p':
cfg.pid_file = arg;
break;
case 'P':
cfg.promisc_flag = 0;
break;
case 'q':
cfg.quiet = 1;
break;
case 'r':
cfg.ratelimit = atoi(arg);
if (cfg.ratelimit < -1)
cfg.ratelimit = -1;
break;
#if HAVE_LIBSQLITE3
case 's':
cfg.sqlite_file = arg;
break;
case 2:
cfg.sqlite_table = arg;
break;
#endif
#if HAVE_LIBMYSQLCLIENT
case 'm':
cfg.mysql_flag = 1;
if (arg)
cfg.mysql_db = arg;
break;
case 1:
cfg.mysql_table = arg;
break;
case 'c':
cfg.mysql_config = arg;
break;
#endif
case 'u':
cfg.uname = arg;
break;
case 'h':
cfg.hostname = strdup(arg);
cfg.hostname_len = strlen(arg) + 1;
break;
case 'v':
cfg.verbose_flag = 1;
break;
default:
return ARGP_ERR_UNKNOWN;
break;
}
return 0;
}