int proxy_forward_sess_init(pool *p, const char *tables_dir, struct proxy_session *proxy_sess) { config_rec *c; int allowed = FALSE; void *enabled = NULL; /* By default, only allow connections from RFC1918 addresses to use * forward proxying. Otherwise, it must be from an explicitly allowed * connection class, via the class notes. */ if (session.conn_class != NULL) { enabled = pr_table_get(session.conn_class->cls_notes, PROXY_FORWARD_ENABLED_NOTE, NULL); } if (enabled != NULL) { allowed = *((int *) enabled); if (allowed == FALSE) { (void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION, "forward proxying not allowed from client address %s in <Class %s> " "(see ProxyForwardEnabled)", pr_netaddr_get_ipstr(session.c->remote_addr), session.conn_class->cls_name); } } else { if (pr_netaddr_is_rfc1918(session.c->remote_addr) == TRUE) { allowed = TRUE; } else { (void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION, "forward proxying not allowed from non-RFC1918 client address %s", pr_netaddr_get_ipstr(session.c->remote_addr)); } } if (allowed == FALSE) { errno = EPERM; return -1; } c = find_config(main_server->conf, CONF_PARAM, "ProxyForwardMethod", FALSE); if (c != NULL) { proxy_method = *((int *) c->argv[0]); } c = find_config(main_server->conf, CONF_PARAM, "ProxyRetryCount", FALSE); if (c != NULL) { forward_retry_count = *((int *) c->argv[0]); } return 0; }
END_TEST START_TEST (netaddr_is_rfc1918_test) { int res; const char *name; pr_netaddr_t *addr; res = pr_netaddr_is_rfc1918(NULL); fail_unless(res == -1, "Failed to handle null arguments"); fail_unless(errno == EINVAL, "Failed to set errno to EINVAL"); name = "127.0.0.1"; addr = pr_netaddr_get_addr(p, name, NULL); fail_unless(addr != NULL, "Failed to get addr for '%s': %s", name, strerror(errno)); res = pr_netaddr_is_rfc1918(addr); fail_unless(res == FALSE, "Failed to handle non-RFC1918 IPv4 address"); fail_unless(errno == EINVAL, "Failed to set errno to EINVAL, got %s (%d)", strerror(errno), errno); name = "::1"; addr = pr_netaddr_get_addr(p, name, NULL); #ifdef PR_USE_IPV6 fail_unless(addr != NULL, "Failed to get addr for '%s': %s", name, strerror(errno)); res = pr_netaddr_is_rfc1918(addr); fail_unless(res == FALSE, "Failed to handle IPv6 address"); fail_unless(errno == EINVAL, "Failed to set errno to EINVAL"); #else fail_unless(addr == NULL, "IPv6 support disabled, should not be able to get addr for '%s'", name); #endif /* PR_USE_IPV6 */ name = "10.0.0.1"; addr = pr_netaddr_get_addr(p, name, NULL); fail_unless(addr != NULL, "Failed to get addr for '%s': %s", name, strerror(errno)); res = pr_netaddr_is_rfc1918(addr); fail_unless(res == TRUE, "Expected 'true' for address '%s'", name); name = "192.168.0.1"; addr = pr_netaddr_get_addr(p, name, NULL); fail_unless(addr != NULL, "Failed to get addr for '%s': %s", name, strerror(errno)); res = pr_netaddr_is_rfc1918(addr); fail_unless(res == TRUE, "Expected 'true' for address '%s'", name); name = "172.31.200.55"; addr = pr_netaddr_get_addr(p, name, NULL); fail_unless(addr != NULL, "Failed to get addr for '%s': %s", name, strerror(errno)); res = pr_netaddr_is_rfc1918(addr); fail_unless(res == TRUE, "Expected 'true' for address '%s'", name); }