void UserMediaRequest::allow(const String& audioDeviceUID, const String& videoDeviceUID)
{
m_allowedAudioDeviceUID = audioDeviceUID;
m_allowedVideoDeviceUID = videoDeviceUID;
RefPtr<UserMediaRequest> protectedThis = this;
RealtimeMediaSourceCenter::NewMediaStreamHandler callback = [this, protectedThis = WTFMove(protectedThis)](RefPtr<MediaStreamPrivate>&& privateStream) mutable {
if (!m_scriptExecutionContext)
return;
if (!privateStream) {
deny(MediaAccessDenialReason::HardwareError, emptyString());
return;
}
auto stream = MediaStream::create(*m_scriptExecutionContext, WTFMove(privateStream));
if (stream->getTracks().isEmpty()) {
deny(MediaAccessDenialReason::HardwareError, emptyString());
return;
}
for (auto& track : stream->getAudioTracks())
track->source().startProducingData();
for (auto& track : stream->getVideoTracks())
track->source().startProducingData();
m_promise.resolve(stream);
};
RealtimeMediaSourceCenter::singleton().createMediaStream(WTFMove(callback), m_allowedAudioDeviceUID, m_allowedVideoDeviceUID, &m_audioConstraints.get(), &m_videoConstraints.get());
}
int filter_src(u_char *buffer, session_t *sp){
struct iphdr *iph;
struct ip6_hdr *ipv6h;
struct ethhdr *eth;
int version;
eth = (struct ethhdr *)buffer;
// ip_dump(buffer);
/* IP layer process */
if(ntohs(eth->h_proto) == ETH_P_IP){
iph = (struct iphdr *)(buffer+sizeof(struct ethhdr));
version = 4;
} else if(ntohs(eth->h_proto) == ETH_P_IPV6){
ipv6h = (struct ip6_hdr *)(buffer+sizeof(struct ethhdr));
version = 6;
} else {
return FALSE;
}
// printf("IN:%x %x\n",ntohl(sp->hostip), iph->saddr);
// printf("%d\n",version);
if(version == 4){
/* basic ipv4 filter rule */
/* avoid broadcast packet */
if(((ntohl(iph->daddr)&0xff)) == 0xff){
return deny(430);
}
/* avoid sending packet */
// printf("%x %x\n", ntohl(sp->hostip), (iph->saddr));
if(ntohl(sp->hostip) == (iph->saddr)){
// printf("NG:%x %x\n",ntohl(sp->hostip), iph->saddr);
return deny(432);
}
/* if((sp->destnet&(NETMASK[sp->destmask].mask)) == (iph->saddr&(NETMASK[sp->destmask].mask))){
printf("Filtnet:%x %x\n",sp->destnet, sp->destmask);
return FALSE;
}
*/
return filter_src_net(iph, sp);
/* avoid incoming packet */
if((sp->hostip) == (iph->daddr)){
return deny(433);
}
} else if(version == 6){
} else {
printf("unknown ip version: filt");
return FALSE;
}
// printf("OK:%x %x\n",ntohl(sp->hostip), iph->saddr);
return TRUE;
}
int main ()
{
testResult_t *result = initializeTestResult();
getFS();
deleteFile("File to Delete");
deleteDir("Dir to Delete");
int newFd = openFile("NewFile");
char *text = "Here is some text.";
int writeLen = writeInFile(newFd, text, strlen(text));
assert(writeLen == strlen(text), "File write return value test.", result);
seekInFile(newFd, 0);
char target[100];
memset(target, 0, sizeof(target));
int readLen = readInFile(newFd, target, strlen(text));
assert(readLen == strlen(text), "File write return value test.", result);
deny(strcmp(target, text), "Read + write test.", result);
int fd = openFile("File to Delete");
seekInFile(newFd, FILE_BLOCK_DATA_SIZE - 2);
writeLen = writeInFile(newFd, text, strlen(text));
seekInFile(newFd, FILE_BLOCK_DATA_SIZE - 2);
readLen = readInFile(newFd, target, strlen(text));
assert(readLen == strlen(text), "Non-contiguous allocation read+write test.", result);
deny(strcmp(target, text), "Read + write test.", result);
mkDir("Dir to Delete");
giveDirListing();
deleteFile("File to Delete");
mkDir("NewDir");
giveDirListing();
deleteDir("Dir to Delete");
giveDirListing();
seekInFile(newFd, 0);
int i;
for (i = 0; i < 150; i++)
{
writeInFile(newFd, text, strlen(text));
seekInFile(newFd, (i * FILE_BLOCK_DATA_SIZE) - 2);
}
printTestResult(result);
freeTestResult(result);
return 0;
}
void TimerImpl::invokeAfterDelay(uint64_t millis,
std::function<void()> handler) {
deny();
handler_ = std::move(handler);
timer_->start(uvw::TimerHandle::Time(millis),
uvw::TimerHandle::Time(0));
}
MojErr MojDbKind::checkOwnerPermission(MojDbReq& req)
{
if (!hasOwnerPermission(req)) {
MojErr err = deny(req);
MojErrCheck(err);
}
return MojErrNone;
}
int main(void) {
jolly();
jolly();
jolly();
deny();
return 0;
}
int main(void)
{
int i;
for(i=0;i<3;i++)
{
good();
}
deny();
return 0;
}
void UserMediaRequest::start()
{
if (!m_scriptExecutionContext || !m_controller) {
deny(MediaAccessDenialReason::OtherFailure, emptyString());
return;
}
Document& document = downcast<Document>(*m_scriptExecutionContext);
// 10.2 - 6.3 Optionally, e.g., based on a previously-established user preference, for security reasons,
// or due to platform limitations, jump to the step labeled Permission Failure below.
String errorMessage;
if (!canCallGetUserMedia(document, errorMessage)) {
deny(MediaAccessDenialReason::PermissionDenied, emptyString());
document.domWindow()->printErrorMessage(errorMessage);
return;
}
m_controller->requestUserMediaAccess(*this);
}
MojErr MojDbKind::checkPermission(MojDbOp op, MojDbReq& req)
{
// if this request has admin privileges, skip the permissions check
if (hasOwnerPermission(req))
return MojErrNone;
if (op == OpKindUpdate) {
MojErr err = deny(req);
MojErrCheck(err);
} else {
// check if permissions are set on this kind
const MojChar* opStr = stringFromOperation(op);
MojDbPermissionEngine::Value val = objectPermission(opStr, req);
if (val != MojDbPermissionEngine::ValueAllow) {
MojErr err = deny(req);
MojErrCheck(err);
}
}
return MojErrNone;
}
int main ()
{
testResult_t *result = initializeTestResult();
int i;
for (i = 0; i < 10; i++) { }
assert( i == 10, "For loop.", result);
deny( i == 12, "For loop, should error.", result);
printTestResult(result);
freeTestResult(result);
return 0;
}
void UserMediaPermissionRequestManagerProxy::requestUserMediaPermissionForFrame(uint64_t userMediaID, uint64_t frameID, String userMediaDocumentOriginIdentifier, String topLevelDocumentOriginIdentifier, const WebCore::MediaConstraintsData& audioConstraintsData, const WebCore::MediaConstraintsData& videoConstraintsData)
{
#if ENABLE(MEDIA_STREAM)
auto invalidHandler = [this, userMediaID](const String& invalidConstraint) {
if (!m_page.isValid())
return;
denyRequest(userMediaID, UserMediaPermissionRequestProxy::UserMediaAccessDenialReason::InvalidConstraint, invalidConstraint);
};
auto validHandler = [this, userMediaID, frameID, userMediaDocumentOriginIdentifier, topLevelDocumentOriginIdentifier](const Vector<String>&& audioDeviceUIDs, const Vector<String>&& videoDeviceUIDs) {
if (!m_page.isValid())
return;
if (videoDeviceUIDs.isEmpty() && audioDeviceUIDs.isEmpty()) {
denyRequest(userMediaID, UserMediaPermissionRequestProxy::UserMediaAccessDenialReason::NoConstraints, "");
return;
}
auto userMediaOrigin = API::SecurityOrigin::create(SecurityOriginData::fromDatabaseIdentifier(userMediaDocumentOriginIdentifier)->securityOrigin());
auto topLevelOrigin = API::SecurityOrigin::create(SecurityOriginData::fromDatabaseIdentifier(topLevelDocumentOriginIdentifier)->securityOrigin());
auto request = createRequest(userMediaID, audioDeviceUIDs, videoDeviceUIDs);
if (!m_page.uiClient().decidePolicyForUserMediaPermissionRequest(m_page, *m_page.process().webFrame(frameID), *userMediaOrigin.get(), *topLevelOrigin.get(), request.get())) {
m_pendingUserMediaRequests.take(userMediaID);
request->deny(UserMediaPermissionRequestProxy::UserMediaAccessDenialReason::UserMediaDisabled);
}
};
auto audioConstraints = MediaConstraintsImpl::create(audioConstraintsData);
auto videoConstraints = MediaConstraintsImpl::create(videoConstraintsData);
syncWithWebCorePrefs();
RealtimeMediaSourceCenter::singleton().validateRequestConstraints(validHandler, invalidHandler, audioConstraints, videoConstraints);
#else
UNUSED_PARAM(userMediaID);
UNUSED_PARAM(frameID);
UNUSED_PARAM(userMediaDocumentOriginIdentifier);
UNUSED_PARAM(topLevelDocumentOriginIdentifier);
UNUSED_PARAM(audioConstraintsData);
UNUSED_PARAM(videoConstraintsData);
#endif
}
int main()
{
setupTestEnv();
{
int numeros[] = {1,2,3,4,3,2,1};
deny(numeros[3] < numeros[4], 1);
// Para ordenar el array de numeros utilizamos el qsort. Para eso
// necesitamos una función q compare dos elementos del array
// como en este caso son enteros definimos una f 'compare_int' con la
// firma que requiere el qsort
//
qsort(numeros, sizeof(numeros) / sizeof(int), sizeof(int), compare_int);
assert(numeros[0] <= numeros[1], 1);
assert(numeros[1] <= numeros[2], 1);
assert(numeros[2] <= numeros[3], 1);
assert(numeros[3] <= numeros[4], 1);
assert(numeros[4] <= numeros[5], 1);
// Hagamos una función que nos permita ver si el array impreso
// está ordenado
//
// NOTA: Estas dos funciones 'print_enteros_0' y 'print_floats_0'
// tienen código idéntico. Vamos como reescribirlo para que el código
// no se repita.
//
// HABRA MANERA DE ESCRIBIR UNA UNICA FUNCION Q NOS PERMITA ITERAR
// UN ARRAY E IMPRIMIR SU CONTENIDO?
//
print_enteros_0(
numeros, /* base del array */
sizeof(numeros) / sizeof(float) /* cantidad de elementos */
);
// PRIMERA REFACTORIZACIOM:
// Lo único q tienen de diferentes estas funciones son los printfs que dependen
// de cada uno de los tipos (int o float), con el fin de sacar este código de
// esta función, defino un puntero a función que recibirá la función que imprime en
// efecto. Hacemos lo propio para floats
//
print_enteros_1(
numeros, /* base del array */
sizeof(numeros) / sizeof(float), /* cantidad de elementos */
print_entero_parametro_fijo
);
//
// Esto no nos sirve para nada!!!!! Seguimos teniendo dos funciones y para colmo de males
// ahora reciben un puntero a función!
//
// Cambiemos el puntero a función para que nos sirva en cualquier situación, ya sea
// si los elementos son enteros o flotantes
//
print_enteros_2(
numeros, /* base del array */
sizeof(numeros) / sizeof(float), /* cantidad de elementos */
print_entero_parametro_generico
);
//
// Logramos generalizar la función q se encarga de la impresión! Ahora solo nos resta
// tener una única función que itere y le podamos pasar la f de impresión
// Eso es iterar
iterar(numeros, sizeof(numeros), sizeof(int), print_entero_en_pesos);
iterar(numeros, sizeof(numeros), sizeof(int), print_entero);
}
{
float numeros[] = {1.1, 2.2, 3.3, 4.4, 3.3, 2.2, 1.1};
deny(numeros[3] < numeros[4], 1);
// Para ordenar el array de numeros utilizamos el qsort. Para eso
// necesitamos una función q compare dos elementos del array
// como en este caso son enteros definimos una f 'compare_float' con la
// firma que requiere el qsort
//
qsort(numeros, sizeof(numeros) / sizeof(float), sizeof(float), compare_float);
assert(numeros[0] <= numeros[1], 1);
assert(numeros[1] <= numeros[2], 1);
assert(numeros[2] <= numeros[3], 1);
assert(numeros[3] <= numeros[4], 1);
assert(numeros[4] <= numeros[5], 1);
// Hagamos una función que nos permita ver si el array impreso
// está ordenado
//
// NOTA: Ver nota en invocación de 'print_enteros_0'
//
print_float_0(
numeros, /* base del array */
sizeof(numeros) / sizeof(float) /* cantidad de elementos */
);
print_float_1(
numeros, /* base del array */
sizeof(numeros) / sizeof(float), /* cantidad de elementos */
print_float_parametro_fijo
);
print_float_2(
numeros, /* base del array */
sizeof(numeros) / sizeof(float), /* cantidad de elementos */
print_float_parametro_generico
);
iterar(numeros, sizeof(numeros), sizeof(float), print_flotante);
iterar(numeros, sizeof(numeros), sizeof(float), print_flotante_en_pesos);
}
{
// Lo interesante de nuestra f iterar es que se puede utilizar para cualquier
// tipo de dato
short numeros[] = {1990, 1920, 1480};
iterar(numeros, sizeof(numeros), sizeof(short), print_short);
}
}
int main(int argc, char *argv[])
{
int i, j, flag;
char *buf;
char *args[MAXARGS];
int ok;
uid_t uid;
struct passwd *cuser;
char *username;
openlog("tuxshell" , LOG_NOWAIT | LOG_NDELAY , LOG_AUTHPRIV );
ok = 0;
uid = getuid();
cuser = getpwuid(uid);
if( cuser == NULL )
{
closelog();
exit( -1 );
}
/* Get username */
username = cuser->pw_name;
if(argc != 3) {
syslog( LOG_INFO , "user %s tried to open a login shell" , username );
closelog();
deny();
}
/* process the initial option (see options array) */
i = -1;
while((options[++i] != NULL) && strcmp(options[i], argv[OPTION_ARGC]));
if(options[i] == NULL) {
/* printf("FATAL: %s bailed because options didn't qualify.\n", argv[0]); */
syslog( LOG_INFO , "option %s is not allowed for user %s " , argv[OPTION_ARGC] , username );
closelog();
deny();
}
/* break single command and args string into seperate strings
in a char** for execvp() to use */
i = 0;
flag = GRAP_TRUE;
buf = argv[ARGS_ARGC];
j = CMD_POS;
while((buf[i] != '\0') && (j < MAXARGS)) {
if(buf[i] == ' ') {
buf[i] = '\0';
flag = GRAP_TRUE;
} else {
if(flag) {
args[j++] = &buf[i];
flag = GRAP_FALSE;
args[j] = NULL;
}
}
i++;
}
i = 0;
/* check the command to insure it's in the acceptance list */
while( commands[i] != NULL )
{
line = commands[i];
k = -1;
if( line[0] == NULL )
{
ok = 0;
break;
}
while((line[++k] != NULL) && ( args[CMD_POS+k] != NULL ) && !strcmp(line[k], args[CMD_POS+k]));
if( line[k] == NULL )
{
ok = 1;
break;
}
i++;
}
if( ok == 0 )
{
syslog( LOG_WARNING , "denied command %s for user %s" , args[CMD_POS] , username );
closelog();
deny();
}
syslog( LOG_INFO , "allowed command %s for user %s" , args[CMD_POS] , username );
closelog();
/* remove quotes of pathname (needed for git) */
if(args[0] && args[1] && args[1][0] == '\'') {
args[1]++;
args[1][ strlen(args[1])-1 ] = '\0';
}
/* change the umask to allow shared work */
umask (02);
/* ok, the command is clear, exec() it */
return (execvp(args[CMD_POS], args));
}
int
sys_execve(pink_easy_process_t *current, const char *name)
{
int r;
char *path, *abspath;
pid_t pid = pink_easy_process_get_pid(current);
pink_bitness_t bit = pink_easy_process_get_bitness(current);
proc_data_t *data = pink_easy_process_get_userdata(current);
path = abspath = NULL;
r = path_decode(current, 0, &path);
if (r < 0)
return deny(current);
else if (r /* > 0 */)
return r;
if ((r = box_resolve_path(path, data->cwd, pid, 0, 1, &abspath)) < 0) {
info("resolving path:\"%s\" [%s() index:0] failed for process:%lu [%s name:\"%s\" cwd:\"%s\"] (errno:%d %s)",
path, name,
(unsigned long)pid, pink_bitness_name(bit),
data->comm, data->cwd,
-r, strerror(-r));
errno = -r;
r = deny(current);
if (pandora->config.violation_raise_fail)
violation(current, "%s(\"%s\")", name, path);
free(path);
return r;
}
free(path);
/* Handling exec.kill_if_match and exec.resume_if_match:
*
* Resolve and save the path argument in data->abspath.
* When we receive a PINK_EVENT_EXEC which means execve() was
* successful, we'll check for kill_if_match and resume_if_match lists
* and kill or resume the process as necessary.
*/
data->abspath = abspath;
switch (data->config.sandbox_exec) {
case SANDBOX_OFF:
return 0;
case SANDBOX_DENY:
if (box_match_path(abspath, &data->config.whitelist_exec, NULL))
return 0;
break;
case SANDBOX_ALLOW:
if (!box_match_path(abspath, &data->config.blacklist_exec, NULL))
return 0;
break;
default:
abort();
}
errno = EACCES;
r = deny(current);
if (!box_match_path(abspath, &pandora->config.filter_exec, NULL))
violation(current, "%s(\"%s\")", name, abspath);
free(abspath);
data->abspath = NULL;
return r;
}
int filter_frame(u_char *buffer, session_t *sp)
{
struct ethhdr *eth;
struct iphdr *iph;
struct ip6_hdr *ipv6h;
struct udphdr *udph;
struct tcphdr *tcph;
struct icmp *icmph;
char meth[3];
struct in_addr insaddr,indaddr;
struct in6_addr in6src,in6dst;
int cnt, i;
char dest[20];
enum layer3 {ipv4, ipv6} NET_PROTO;
enum layer4 {tcp, udp} TRANS_PROTO;
static u_int32_t last_tcpseq, tcpseq;
static u_int16_t last_icmpseq, icmpseq;
char src_addr6[40], dst_addr6[40];
eth = (struct ethhdr *)buffer;
// printf("%x %d %x %x\n",sp->destnet, sp->destmask, sp->network, (inet_addr(DEST_NET)));
/* IP layer process */
if(ntohs(eth->h_proto) == ETH_P_IP){
NET_PROTO = ipv4;
iph = (struct iphdr *)(buffer+sizeof(struct ethhdr));
} else if(ntohs(eth->h_proto) == ETH_P_IPV6){
// return deny(500);
NET_PROTO = ipv6;
ipv6h = (struct ip6_hdr *)(buffer+sizeof(struct ethhdr));
} else {
/* Receive unsupporting protocol */
return deny(400);
}
#if 0
/* Transport layer process */
if(NET_PROTO == ipv4){
if(iph->protocol == IPPROTO_TCP){
} else if(iph->protocol == IPPROTO_UDP){
udph = (struct udphdr *)(buffer + sizeof(struct ethhdr) + iph->ihl*UNIT);
printf("%d\n", ntohs(udph->len));
}
}
#endif
#if 1
/* Transport layer process */
if(NET_PROTO == ipv4){
if(iph->protocol == IPPROTO_TCP){
/* フラグメントしていない時 */
if((htons(iph->frag_off) & IP_OFFMASK) == 0){
tcph = (struct tcphdr *)(buffer + sizeof(struct ethhdr) + iph->ihl*UNIT);
// last_tcpseq = tcpseq;
// tcpseq = tcph->seq;
TRANS_PROTO = tcp;
}
} else if(iph->protocol == IPPROTO_UDP){
/* フラグメントしていない時 */
if((htons(iph->frag_off) & IP_OFFMASK) == 0){
udph = (struct udphdr *)(buffer + sizeof(struct ethhdr) + iph->ihl*UNIT);
TRANS_PROTO = udp;
}
} else if(iph->protocol == IPPROTO_ICMP){
icmph = (struct icmp *)(buffer+sizeof(struct ethhdr)+iph->ihl*UNIT);
// last_icmpseq = icmpseq;
// icmpseq = icmph->icmp_seq;
// if(last_icmpseq == icmpseq){
// return deny(2);
// }
TRANS_PROTO = 98;
} else {
TRANS_PROTO = 99;
/* Do Nothing */
// return deny();
}
} else if(NET_PROTO == ipv6){
in6src = ipv6h->ip6_src;
in6dst = ipv6h->ip6_dst;
if(ipv6h->ip6_nxt == IPPROTO_TCP){
tcph = (struct tcphdr *)(buffer + sizeof(struct ethhdr) + sizeof(struct ip6_hdr));
TRANS_PROTO = tcp;
} else if(ipv6h->ip6_nxt == IPPROTO_UDP){
udph = (struct udphdr *)(buffer + sizeof(struct ethhdr) + sizeof(struct ip6_hdr));
TRANS_PROTO = udp;
} else {
TRANS_PROTO = 99;
}
} else {
NET_PROTO = 99;
}
/* Filtering Rule */
/* avoid well-known port */
// printf("%d %x\n", iph->id, htons(iph->frag_off)&(IP_OFFMASK) );
if((TRANS_PROTO == udp) && (udph != NULL)){
assert(udph != NULL);
for(i = 0;i < sp->d_port_cnt;i++){
if(ntohs(udph->dest) == sp->d_port[i]){
return deny(412);
}
}
/* if(ntohs(udph->dest) < 1024){
return deny(410);
}
if(ntohs(udph->source) < 1024){
return deny(411);
}
if(ntohs(udph->dest) == 9004){
return deny(412);
}
if(ntohs(udph->source) == 9004){
return deny(413);
}
*/
}
if((TRANS_PROTO == tcp) && (tcph != NULL)){
/* if(last_tcpseq == tcpseq){
// return deny(4);
}
if(ntohs(tcph->dest) == 22){
return deny(422);
}
if(ntohs(tcph->source) == 22){
return deny(422);
}
if(ntohs(tcph->dest) == 20){
return allow(220);
}
if(ntohs(tcph->dest) == 21){
return allow(220);
}
if(ntohs(tcph->dest) == 80){
return allow(220);
}
if(ntohs(tcph->dest) < 1024){
return deny(420);
}
if(ntohs(tcph->source) < 1024){
return deny(421);
}
*/
}
// packet_dump(buffer);
#endif
if(NET_PROTO == ipv4){
/*
for(cnt = 0; cnt < sp->session_num; cnt++){
sprintf(dest,"%s",sp->ESendAddr[cnt]);
// avoid correspond node
if(iph->saddr == inet_addr(dest)){
return deny(431);
}
}
*/
/* basic ipv4 filter rule */
/* avoid broadcast packet */
// printf("%x\n",sp->netmask^v4MASK);
// if(((ntohl(iph->daddr)&0xff)) == 0xff){
if(((ntohl(iph->daddr)&(sp->netmask^v4MASK))) == (sp->netmask^v4MASK)){
return deny(430);
}
/* avoid sending packet */
//printf("%x %x\n", ntohl(sp->hostip), (iph->saddr));
if(ntohl(sp->hostip) == (iph->saddr)){
return deny(432);
}
/* avoid incoming packet */
if((sp->hostip) == (iph->daddr)){
return deny(433);
}
/* if((inet_addr(sp->localnet)&(NETMASK[24].mask)) == (iph->daddr&(NETMASK[24].mask))){
return deny(7);
}
*/
/* For Multicast */
/* Multicastパケットの場合 */
if(IN_MULTICAST(ntohl(iph->daddr))){
/* 他ネットワークからのマルチキャストパケットの場合 */
if(sp->m_taddr){
/* if(iph->saddr == sp->m_taddr){
return m_allow(200);
}
*/
}
/* 送信パケットが自ネットワークのもの以外は拒否 */
if(sp->network != (iph->saddr&ntohl(sp->netmask))){
// if((inet_addr(sp->localnet)&(NETMASK[24].mask)) != (iph->saddr&(NETMASK[24].mask))){
return deny(440);
}
/* Avoid local multicast loop */
// if(inet_addr(sp->localnet) == inet_addr(DEST_NET)){
// if(sp->network == inet_addr(DEST_NET)){
/* 自ネットワークと宛先が同じマルチキャストパケットを拒否 */
/* これはパケットを見ていないんで意味がないかも */
#if 0
if(sp->network == sp->destnet){
return deny(441);
}
#endif
return m_allow(200);
}
if((sp->destnet&(NETMASK[sp->destmask].mask)) == (iph->daddr&(NETMASK[sp->destmask].mask))){
if(sp->network == (iph->saddr&ntohl(sp->netmask))){
// if((inet_addr(sp->localnet)&(NETMASK[24].mask)) == (iph->saddr&(NETMASK[24].mask))){
// if((inet_addr(LOCAL_NET)&(NETMASK[24].mask)) == (iph->saddr&(NETMASK[24].mask))){
return allow(230);
}
}
} else if(NET_PROTO == ipv6){
/* For Multicast */
// IN6_IS_ADDR_MULTICAST
/* if(ntohs(in6dst.s6_addr16[0]) == 0xff02){
return m_allow(300);
}
*/
sprintf(dst_addr6, "%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x\n",
ntohs(in6dst.s6_addr16[0]),
ntohs(in6dst.s6_addr16[1]),
ntohs(in6dst.s6_addr16[2]),
ntohs(in6dst.s6_addr16[3]),
ntohs(in6dst.s6_addr16[4]),
ntohs(in6dst.s6_addr16[5]),
ntohs(in6dst.s6_addr16[6]),
ntohs(in6dst.s6_addr16[7])
);
sprintf(src_addr6, "%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x\n",
ntohs(in6src.s6_addr16[0]),
ntohs(in6src.s6_addr16[1]),
ntohs(in6src.s6_addr16[2]),
ntohs(in6src.s6_addr16[3]),
ntohs(in6src.s6_addr16[4]),
ntohs(in6src.s6_addr16[5]),
ntohs(in6src.s6_addr16[6]),
ntohs(in6src.s6_addr16[7])
);
// printf("%s -> %s\n",src_addr6, dst_addr6);
if((ntohs(in6dst.s6_addr16[0])&0xfff0) == 0xff10){
// if(ntohs(in6dst.s6_addr16[0]) == 0xff1e){
//printf("host %s src %s\n", sp->hostip6, src_addr6);
/* 送信先が自ネットワークのもののみ送出 */
if(strncmp(sp->hostip6, src_addr6, sp->prefix/OCTET_BITS*OCTET_UNIT) == 0)
{
return m_allow(301);
}
/* マルチキャスト転送オプションがセットされている場合 */
if(sp->m_taddr6){
if(strncmp(sp->m_taddr6, src_addr6, sp->prefix/OCTET_BITS*OCTET_UNIT) == 0)
{
return m_allow(301);
}
}
/* 送信元がリンクローカルアドレスでも送出 */
if(ntohs(in6src.s6_addr16[0]) == 0xfe80){
return m_allow(302);
}
return deny(533);
/* if(ntohs(in6src.s6_addr16[2]) != 0x5102){
return deny(530);
}
return m_allow(300);
*/
}
}
return deny(499);
}
MojErr MojDbKind::configure(const MojObject& obj, const KindMap& map, const MojString& locale, MojDbReq& req)
{
MojLogTrace(s_log);
// get owner before checking permissions
MojString owner;
MojErr err = obj.getRequired(OwnerKey, owner);
MojErrCheck(err);
// only admin can change owner
if (!m_owner.empty() && m_owner != owner && !req.admin()) {
err = deny(req);
MojErrCheck(err);
}
m_owner = owner;
err = checkPermission(OpKindUpdate, req);
MojErrCheck(err);
// schema
MojObject schema;
if (obj.get(SchemaKey,schema)) {
err = m_schema.fromObject(schema);
MojErrCheck(err);
}
// supers
StringVec superIds;
MojObject supers;
if (obj.get(ExtendsKey, supers)) {
MojObject::ConstArrayIterator end = supers.arrayEnd();
for (MojObject::ConstArrayIterator i = supers.arrayBegin(); i != end; ++i) {
MojString str;
err = i->stringValue(str);
MojErrCheck(err);
err = superIds.push(str);
MojErrCheck(err);
}
}
// backup
bool backup = false;
if (obj.get(SyncKey, backup))
m_backup = backup;
bool updating = !m_obj.undefined();
// load state
m_state.reset(new MojDbKindState(m_id, m_kindEngine));
MojAllocCheck(m_state.get());
err = m_state->init(m_schema.strings(), req);
MojErrCheck(err);
// indexes
err = configureIndexes(obj, locale, req);
MojErrCheck(err);
// supers
err = updateSupers(map, superIds, updating, req);
MojErrCheck(err);
// revision sets
err = configureRevSets(obj);
MojErrCheck(err);
// keep a copy of obj
m_obj = obj;
return MojErrNone;
}
void Cconfig::setup_gui()
{
this->this_Widget = new QWidget;
//dialog
this->gui_checkForUpdateNowButton = new QPushButton( QIcon( ":/resources/img/refresh.png" ), tr( "Check for an Update" ) );
QObject::connect( this->gui_checkForUpdateNowButton, SIGNAL(clicked()),
this, SLOT(showUpdateDialog()) );
#ifdef Q_WS_WIN
this->gui_checkForUpdateNowButton->setEnabled( false );
#endif
this->gui_styleComboBox = new QComboBox( this );
this->gui_styleComboBox->addItem( QIcon( ":/resources/img/gui_style_elegant.png" ), tr( "White" ) );
this->gui_styleComboBox->addItem( QIcon( ":/resources/img/gui_style_simple.png" ), tr( "Normal" ) );
this->gui_styleComboBox->addItem( QIcon( ":/resources/img/gui_style_haxor.png" ), tr( "Matrix" ) );
this->gui_styleComboBox->addItem( QIcon( ":/resources/img/gui_style_pink.png" ), tr( "Pink" ) );
this->gui_styleComboBox->addItem( QIcon( ":/resources/img/gui_style_inverted.png" ), tr( "Inverted" ) );
this->gui_styleComboBox->setCurrentIndex( this->config_file_system->guiStyle );
this->gui_styleMainMenuBtnz_ComboBox = new QComboBox( this );
this->gui_styleMainMenuBtnz_ComboBox->addItem( QIcon( ":/resources/img/naked_button.png" ), tr( "Normal" ) );
this->gui_styleMainMenuBtnz_ComboBox->addItem( QIcon( ":/resources/img/wood_label.png" ), tr( "Wooden" ) );
this->gui_styleMainMenuBtnz_ComboBox->addItem( QIcon( ":/resources/img/menu_fruity_bg.png" ), tr( "Fruity" ) );
this->gui_styleMainMenuBtnz_ComboBox->setCurrentIndex( this->config_file_system->guiStyle );
QObject::connect( this->gui_styleMainMenuBtnz_ComboBox, SIGNAL(currentIndexChanged(int)),
this, SLOT(allTheGuiTweaks()) );
this->gui_style_show_textCheckBox = new QCheckBox( this );
this->gui_style_show_textCheckBox->setText( "Show text on the buttons" );
this->gui_style_show_textCheckBox->setChecked( false );
QObject::connect( this->gui_style_show_textCheckBox, SIGNAL(clicked()), this, SLOT(allTheGuiTweaks()) );
this->gui_style_show_iconsCheckBox = new QCheckBox( this );
this->gui_style_show_iconsCheckBox->setText( "Show icons on the buttons" );
this->gui_style_show_iconsCheckBox->setChecked( false );
QObject::connect( this->gui_style_show_iconsCheckBox, SIGNAL(clicked()), this, SLOT(allTheGuiTweaks()) );
//*** setting up the gui to avoid trouble like getting language without a btn to store
//'em into and so on
this->setWindowIcon( QIcon( ":/resources/img/tool.png" ));
this->setWindowTitle( tr( "GNU RPG Maker's Preferences" ) );
this->setModal( true );
this->gui_typeComboBox = new QComboBox(this);
this->gui_typeComboBox->addItem(QIcon(":/resources/img/form_desktop.png"),tr("Desktop or Laptop"));
this->gui_typeComboBox->addItem(QIcon(":/resources/img/form_netbook.png"),tr("Netbook"));
QObject::connect( this->gui_typeComboBox, SIGNAL(currentIndexChanged(int)), this, SLOT(allTheGuiTweaks()) );
// this->gui_typeComboBox->addItem(QIcon(":/resources/img/form_tablet.png"),tr("Touch- and Tablet-Laptops"));
// this->gui_typeComboBox->addItem(QIcon(":/resources/img/config_accessibility.png"),tr("Accessibility Support"));
this->gui_typeComboBox->setCurrentIndex( this->config_file_system->guiType );
this->gui_update_enable_updates_btn = new QCheckBox( "", this->this_Widget );
QObject::connect( this->gui_update_enable_updates_btn, SIGNAL(clicked()), this, SLOT(allTheGuiTweaks()) );
//this->gui_updateCycle_daily_radioButton = new QRadioButton( tr( "Check Daily" ), this->this_Widget );
//this->gui_updateCycle_weekly_radioButton = new QRadioButton( tr( "Check Weekly" ), this->this_Widget );
//this->gui_updateCycle_monthly_radioButton = new QRadioButton( tr( "Check Monthly" ), this->this_Widget );
this->gui_updateCycle_currentVersion_line = new QLineEdit( this );
this->gui_updateCycle_currentVersion_line->setText( QString( "%1" ).arg( (quint32) DEF_CURRENT_VERSION ) );
this->gui_updateCycle_currentVersion_line->setEnabled( false );
this->gui_updateCycle_lastUpdatedate_line = new QLineEdit( this );
this->gui_updateCycle_lastUpdatedate_line->setText( this->config_file_system->updateLastUpdateDate.toString() );
this->gui_updateCycle_lastUpdatedate_line->setEnabled( false );
//this->gui_updateCycle_enable_updates_btn->setVisible( false );
//this->gui_updateCycle_daily_radioButton->setVisible( false );
//this->gui_updateCycle_weekly_radioButton->setVisible( false );
//this->gui_updateCycle_monthly_radioButton->setVisible( false );
//this->gui_updateCycle_lastUpdatedate_line->setVisible( false);
//also uncomment the addRow ( .. ) commands
this->gui_lastProjectFilePathLineEdit = new QLineEdit( this->config_file_system->lastProjectFilePath ,this);
this->gui_showTutorialsCheckBox = new QCheckBox( this );
QObject::connect( this->gui_showTutorialsCheckBox, SIGNAL(clicked()), this, SLOT(allTheGuiTweaks()) );
this->gui_showTutorials_tileset_info_CheckBox = new QCheckBox( tr( "Show infos about tilesets" ), this );
this->gui_showTutorials_preject_preferences_scripting_CheckBox = new QCheckBox( tr( "Show infos about project preferences-scripting" ), this );
this->gui_languageComboBox = new QComboBox(this);
//get languages from ./languages
QDir lang( "/usr/share/gnurpgm/languages" );
if ( lang.exists() )
{
//TODO
//get all files here
this->availableLanguageFiles = lang.entryList(QDir::Files , QDir::Name);
//just *pwned myself
}
else
{
QMessageBox::warning( this, tr( "No languages"), tr( "The folder /usr/share/gnurpgm/languages does not exist.\nIf you want to use gnurpgm in another language you'll have to copy some language files in there." ) );
}
//add std[eng]::language and the found filez
// "English (Default)" would be creepy enough for a filename - so I'm sure noone will try to name his language files
// this way - and the main window omits the language change and falls back to this default written english. Bingo biatch!
this->gui_languageComboBox->addItem( QIcon( ":/resources/img/config_language.png" ), tr( "English (Default)" ) );
this->gui_languageComboBox->addItems( this->availableLanguageFiles );
QObject::connect( this->gui_languageComboBox, SIGNAL(currentIndexChanged(QString)),
this, SLOT(show_language_change_warning()) );
this->gui_oxygenTrayIconCheckBox = new QCheckBox( "" );
QObject::connect( this->gui_oxygenTrayIconCheckBox, SIGNAL(clicked()), this, SLOT(allTheGuiTweaks()) );
this->gui_depugCheckBox = new QCheckBox( this );
this->gui_depugCheckBox->setIcon( QIcon( ":/icons/icons/tools-report-bug.png"));
this->gui_okButton = new QPushButton(QIcon(":/resources/img/ok.png"),tr("Save & Apply"),this);
this->gui_cancelButton = new QPushButton(QIcon(":/resources/img/exit.png"),tr("Cancel"),this);
this->gui_okCancelButtonsLayout = new QHBoxLayout();
this->gui_okCancelButtonsLayout->addStretch();
this->gui_okCancelButtonsLayout->addWidget(this->gui_okButton);
this->gui_okCancelButtonsLayout->addWidget(this->gui_cancelButton);
this->mainLayout = new QFormLayout();
this->mainLayout->addRow( new funny_head_widget( ":/resources/img/config_gui_style.png", tr( "Style" ) , this ) );
this->mainLayout->addRow(tr("Choose your prefered GUI style"),this->gui_styleComboBox);
this->mainLayout->addRow(tr("Choose your prefered MainMenu\nButton style"),this->gui_styleMainMenuBtnz_ComboBox);
this->mainLayout->addRow( "",this->gui_style_show_textCheckBox);
this->mainLayout->addRow( "",this->gui_style_show_iconsCheckBox);
this->mainLayout->addRow( "", this->gui_depugCheckBox);
this->mainLayout->addRow( new funny_head_widget( ":/resources/img/config_gui_inputs.png", tr( "Workspace" ) , this ) );
this->mainLayout->addRow(tr("Choose your input/desktop type"),this->gui_typeComboBox);
this->mainLayout->addRow( "", this->gui_depugCheckBox);
this->mainLayout->addRow( new funny_head_widget( ":/resources/img/document-revert.png", tr( "Last used Project" ) , this ) );
this->mainLayout->addRow(tr("Path to the last used Project File"),this->gui_lastProjectFilePathLineEdit);
this->mainLayout->addRow( "", this->gui_depugCheckBox);
this->mainLayout->addRow( new funny_head_widget( ":/resources/img/tools-wizard.png", tr( "Tutorials" ) , this ) );
this->mainLayout->addRow( tr( "Show Tutorials and Hints" ),this->gui_showTutorialsCheckBox);
this->mainLayout->addRow( tr( "" ),this->gui_showTutorials_tileset_info_CheckBox);
this->mainLayout->addRow( tr( "" ),this->gui_showTutorials_preject_preferences_scripting_CheckBox);
this->mainLayout->addRow( "", this->gui_depugCheckBox);
this->mainLayout->addRow( new funny_head_widget( ":/resources/img/config_language.png", tr( "Language" ) , this ) );
this->mainLayout->addRow(tr("Choose a prefered language"),this->gui_languageComboBox);
this->mainLayout->addRow( "", this->gui_depugCheckBox);
this->mainLayout->addRow( new funny_head_widget( ":/resources/img/start-here-kde.png", tr( "KDE Integration" ) , this ) );
this->mainLayout->addRow(tr( "Use Oxygen-Styled Tray Icon" ),this->gui_oxygenTrayIconCheckBox);
this->mainLayout->addRow( "", this->gui_depugCheckBox);
this->mainLayout->addRow( new funny_head_widget( ":/resources/img/config_update.png", tr( "Updates" ) , this ) );
this->mainLayout->addRow(tr("Enable Automatic Updates"),this->gui_update_enable_updates_btn);
// this->mainLayout->addRow( "", this->gui_updateCycle_daily_radioButton );
// this->mainLayout->addRow( "", this->gui_updateCycle_weekly_radioButton );
// this->mainLayout->addRow( "", this->gui_updateCycle_monthly_radioButton );
this->mainLayout->addRow( "", this->gui_checkForUpdateNowButton );
this->mainLayout->addRow( "Current Version", this->gui_updateCycle_currentVersion_line);
this->mainLayout->addRow( "Last Update", this->gui_updateCycle_lastUpdatedate_line);
this->mainLayout->addRow( "", this->gui_depugCheckBox);
this->mainLayout->addRow( "", this->gui_depugCheckBox);
this->mainLayout->addRow( tr( "Use Debug Mode" ), this->gui_depugCheckBox);
//the main widgetz disaster
QVBoxLayout *layz = new QVBoxLayout();
this->this_scrollArea = new QScrollArea( this );
layz->addWidget( this->this_scrollArea );
layz->addLayout( this->gui_okCancelButtonsLayout );
this->setLayout( layz );
this->this_Widget->setLayout( this->mainLayout );
this->this_Widget->setMinimumHeight( this->this_Widget->height() );
this->this_scrollArea->setWidget( this->this_Widget );
this->this_scrollArea->setAlignment( Qt::AlignCenter );
QObject::connect(this->gui_okButton, SIGNAL(clicked()),
this, SLOT(accept()));
QObject::connect(this->gui_cancelButton, SIGNAL(clicked()),
this, SLOT(deny()));
this->resize( this->this_Widget->size().width() + 80, 400 );
this->allTheGuiTweaks();
}
int main(int argc, char *argv[])
{
struct stat st;
static int socket_serv_fd = -1;
char buf[64], shell[PATH_MAX], *result, debuggable[PROPERTY_VALUE_MAX];
char enabled[PROPERTY_VALUE_MAX], build_type[PROPERTY_VALUE_MAX];
char root_settings[PROPERTY_VALUE_MAX];
int i, dballow;
mode_t orig_umask;
for (i = 1; i < argc; i++) {
if (!strcmp(argv[i], "-c") || !strcmp(argv[i], "--command")) {
if (++i < argc) {
su_to.command = argv[i];
} else {
usage();
}
} else if (!strcmp(argv[i], "-s") || !strcmp(argv[i], "--shell")) {
if (++i < argc) {
strncpy(shell, argv[i], sizeof(shell));
shell[sizeof(shell) - 1] = 0;
} else {
usage();
}
} else if (!strcmp(argv[i], "-v") || !strcmp(argv[i], "--version")) {
printf("%s\n", VERSION);
exit(EXIT_SUCCESS);
} else if (!strcmp(argv[i], "-V")) {
printf("%d\n", VERSION_CODE);
exit(EXIT_SUCCESS);
} else if (!strcmp(argv[i], "-h") || !strcmp(argv[i], "--help")) {
usage();
} else if (!strcmp(argv[i], "-") || !strcmp(argv[i], "-l") ||
!strcmp(argv[i], "--login")) {
++i;
break;
} else {
break;
}
}
if (i < argc-1) {
usage();
}
if (i == argc-1) {
struct passwd *pw;
pw = getpwnam(argv[i]);
if (!pw) {
su_to.uid = atoi(argv[i]);
} else {
su_to.uid = pw->pw_uid;
}
}
if (from_init(&su_from) < 0) {
deny();
}
property_get("ro.debuggable", debuggable, "0");
property_get(ROOT_ACCESS_PROPERTY, enabled, ROOT_ACCESS_DEFAULT);
property_get("ro.build.type", build_type, "");
property_get(ROOT_SETTINGS_PROPERTY, root_settings, "");
orig_umask = umask(027);
// Root Settings-specific behavior
if (strcmp("1", root_settings) == 0) {
// only allow su on debuggable builds
if (strcmp("1", debuggable) != 0) {
LOGE("Root access is disabled on non-debug builds");
deny();
}
// enforce persist.sys.root_access on non-eng builds
if (strcmp("eng", build_type) != 0 &&
(atoi(enabled) & 1) != 1 ) {
LOGE("Root access is disabled by system setting - enable it under settings -> developer options");
deny();
}
// disallow su in a shell if appropriate
if (su_from.uid == AID_SHELL && (atoi(enabled) == 1)) {
LOGE("Root access is disabled by a system setting - enable it under settings -> developer options");
deny();
}
}
if (su_from.uid == AID_ROOT || su_from.uid == AID_SHELL)
allow(shell, orig_umask);
if (stat(REQUESTOR_DATA_PATH, &st) < 0) {
PLOGE("stat");
deny();
}
if (st.st_gid != st.st_uid)
{
LOGE("Bad uid/gid %d/%d for Superuser Requestor application",
(int)st.st_uid, (int)st.st_gid);
deny();
}
if (mkdir(REQUESTOR_CACHE_PATH, 0770) >= 0) {
chown(REQUESTOR_CACHE_PATH, st.st_uid, st.st_gid);
}
setgroups(0, NULL);
setegid(st.st_gid);
seteuid(st.st_uid);
LOGE("sudb - Opening database");
db = database_init();
if (!db) {
LOGE("sudb - Could not open database, prompt user");
// if the database could not be opened, we can assume we need to
// prompt the user
dballow = DB_INTERACTIVE;
} else {
LOGE("sudb - Database opened");
dballow = database_check(db, &su_from, &su_to);
// Close the database, we're done with it. If it stays open,
// it will cause problems
sqlite3_close(db);
db = NULL;
LOGE("sudb - Database closed");
}
switch (dballow) {
case DB_DENY: deny();
case DB_ALLOW: allow(shell, orig_umask);
case DB_INTERACTIVE: break;
default: deny();
}
socket_serv_fd = socket_create_temp();
if (socket_serv_fd < 0) {
deny();
}
signal(SIGHUP, cleanup_signal);
signal(SIGPIPE, cleanup_signal);
signal(SIGTERM, cleanup_signal);
signal(SIGABRT, cleanup_signal);
atexit(cleanup);
if (send_intent(&su_from, &su_to, socket_path, -1, 0) < 0) {
deny();
}
if (socket_receive_result(socket_serv_fd, buf, sizeof(buf)) < 0) {
deny();
}
close(socket_serv_fd);
socket_cleanup();
result = buf;
if (!strcmp(result, "DENY")) {
deny();
} else if (!strcmp(result, "ALLOW")) {
allow(shell, orig_umask);
} else {
LOGE("unknown response from Superuser Requestor: %s", result);
deny();
}
deny();
return -1;
}