int vnodeSetMLSTfacts(PCStr(file),PCStr(facts)){
CStr(vdir,1024);
refQStr(vp,vdir);
CStr(vnode,1024);
CStr(line,1024);
CStr(ofacts,1024);
CStr(fval,1024);
FILE *pfp;
FILE *nfp;
strcpy(vdir,file);
if( vp = strrpbrk(vdir,"/\\") ){
truncVStr(vp);
if( !File_is(vdir) ){
if( mkdir(vdir,0750) != 0 ){
return 0;
}
fprintf(stderr,"--- created %s\n",vdir);
}
}
sprintf(vnode,"%s%s",file,VNODE_EXT);
if( (pfp = fopen(vnode,"r")) && (nfp = fopen(vnode,"r+")) ){
while( fgets(line,sizeof(line),pfp) ){
if( strncaseeq(line,"VNO-Version:",12) ){
}else
if( strncaseeq(line,"VNO-Permit:",11) ){
lineScan(line+11,fval);
if( streq(fval,"read-only") ){
fclose(pfp);
fclose(nfp);
return -1;
}
}else
if( strncaseeq(line,"MLST-Facts:",11) ){
lineScan(line+11,ofacts);
if( streq(ofacts,facts) ){
fclose(pfp);
fclose(nfp);
return 0;
}
}else{
fputs(line,nfp);
}
}
fclose(pfp);
fprintf(stderr,"--- CHANGED %s %s\n",vnode,facts);
}else{
nfp = fopen(vnode,"w+");
if( nfp == NULL )
return -1;
fprintf(stderr,"--- CREATED %s %s\n",vnode,facts);
}
fprintf(nfp,"MLST-Facts: %s\r\n",facts);
Ftruncate(nfp,0,1);
fclose(nfp);
return 1;
}
/**
* Load private keys from the confiuguration file
*/
static bool load_keys(settings_t *settings, char *dir)
{
enumerator_t *enumerator;
char *type, *value, wd[PATH_MAX];
private_key_t *key;
key_type_t key_type;
if (getcwd(wd, sizeof(wd)) == NULL)
{
fprintf(stderr, "getting cwd failed: %s\n", strerror(errno));
return FALSE;
}
if (chdir(dir) != 0)
{
fprintf(stderr, "opening directory '%s' failed: %s\n",
dir, strerror(errno));
return FALSE;
}
enumerator = settings->create_key_value_enumerator(settings, "keys");
while (enumerator->enumerate(enumerator, &type, &value))
{
if (strncaseeq(type, "ecdsa", strlen("ecdsa")))
{
key_type = KEY_ECDSA;
}
else if (strncaseeq(type, "rsa", strlen("rsa")))
{
key_type = KEY_RSA;
}
else
{
fprintf(stderr, "unknown key type: '%s'\n", type);
enumerator->destroy(enumerator);
return FALSE;
}
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type,
BUILD_FROM_FILE, value, BUILD_END);
if (!key)
{
fprintf(stderr, "loading %s key from '%s' failed\n", type, value);
enumerator->destroy(enumerator);
return FALSE;
}
conftest->creds->add_key(conftest->creds, key);
}
enumerator->destroy(enumerator);
if (chdir(wd) != 0)
{
fprintf(stderr, "opening directory '%s' failed: %s\n",
wd, strerror(errno));
return FALSE;
}
return TRUE;
}
/**
* Load certificate distribution points
*/
static void load_cdps(settings_t *settings)
{
enumerator_t *enumerator;
identification_t *id;
char *ca, *uri, *section;
certificate_type_t type;
x509_t *x509;
enumerator = settings->create_section_enumerator(settings, "cdps");
while (enumerator->enumerate(enumerator, §ion))
{
if (strncaseeq(section, "crl", strlen("crl")))
{
type = CERT_X509_CRL;
}
else if (strncaseeq(section, "ocsp", strlen("ocsp")))
{
type = CERT_X509_OCSP_RESPONSE;
}
else
{
fprintf(stderr, "unknown cdp type '%s', ignored\n", section);
continue;
}
uri = settings->get_str(settings, "cdps.%s.uri", NULL, section);
ca = settings->get_str(settings, "cdps.%s.ca", NULL, section);
if (!ca || !uri)
{
fprintf(stderr, "cdp '%s' misses ca/uri, ignored\n", section);
continue;
}
x509 = lib->creds->create(lib->creds, CRED_CERTIFICATE,
CERT_X509, BUILD_FROM_FILE, ca, BUILD_END);
if (!x509)
{
fprintf(stderr, "loading cdp '%s' ca failed, ignored\n", section);
continue;
}
id = identification_create_from_encoding(ID_KEY_ID,
x509->get_subjectKeyIdentifier(x509));
conftest->creds->add_cdp(conftest->creds, type, id, uri);
DESTROY_IF((certificate_t*)x509);
id->destroy(id);
}
enumerator->destroy(enumerator);
}
/* compare two struct id values */
bool same_id(const struct id *a, const struct id *b)
{
a = resolve_myid(a);
b = resolve_myid(b);
if (b->kind == ID_NONE || a->kind == ID_NONE)
return TRUE; /* it's the wildcard */
if (a->kind != b->kind)
return FALSE;
switch (a->kind) {
case ID_NONE:
return TRUE; /* repeat of above for completeness */
case ID_IPV4_ADDR:
case ID_IPV6_ADDR:
return sameaddr(&a->ip_addr, &b->ip_addr);
case ID_FQDN:
case ID_USER_FQDN:
/*
* assumptions:
* - case should be ignored
* - trailing "." should be ignored
* (even if the only character?)
*/
{
size_t al = a->name.len,
bl = b->name.len;
while (al > 0 && a->name.ptr[al - 1] == '.')
al--;
while (bl > 0 && b->name.ptr[bl - 1] == '.')
bl--;
return al == bl &&
strncaseeq((char *)a->name.ptr,
(char *)b->name.ptr, al);
}
case ID_DER_ASN1_DN:
return same_dn(a->name, b->name);
case ID_KEY_ID:
return a->name.len == b->name.len &&
memeq(a->name.ptr, b->name.ptr, a->name.len);
default:
bad_case(a->kind);
}
/* NOTREACHED */
return FALSE;
}
/**
* Load trusted/untrusted certificates
*/
static bool load_cert(settings_t *settings, bool trusted)
{
enumerator_t *enumerator;
char *key, *value;
enumerator = settings->create_key_value_enumerator(settings,
trusted ? "certs.trusted" : "certs.untrusted");
while (enumerator->enumerate(enumerator, &key, &value))
{
certificate_t *cert = NULL;
if (strncaseeq(key, "x509", strlen("x509")))
{
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
CERT_X509, BUILD_FROM_FILE, value, BUILD_END);
}
else if (strncaseeq(key, "crl", strlen("crl")))
{
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
CERT_X509_CRL, BUILD_FROM_FILE, value, BUILD_END);
}
else
{
fprintf(stderr, "certificate type '%s' not supported\n", key);
enumerator->destroy(enumerator);
return FALSE;
}
if (!cert)
{
fprintf(stderr, "loading %strusted certificate '%s' from '%s' "
"failed\n", trusted ? "" : "un", key, value);
enumerator->destroy(enumerator);
return FALSE;
}
conftest->creds->add_cert(conftest->creds, trusted, cert);
}
enumerator->destroy(enumerator);
return TRUE;
}
int asFunc(PCStr(arg1)){
CStr(name,128);
refQStr(dp,name);
int fi;
const char *n1;
strcpy(name,arg1);
if( dp = strrpbrk(name,"\\/") )
ovstrcpy(name,dp+1);
if( dp = strtailstrX(name,".exe",1) )
setVStrEnd(dp,0);
for( fi = 0; n1 = subfuncs[fi].f_name; fi++ ){
if( strcaseeq(name,n1) )
return fi+1;
if( strncaseeq(name,"dg",2) && strcaseeq(name+2,n1) )
return fi+1;
}
return 0;
}
int waitSTLS_CL(Connection *Conn,int timeout){
if( (ClientFlags & PF_STLS_ON) == 0 )
{
double St,Sr,Ss,Sn;
St = Time();
if( 0 < PollIn(ClientSock,timeout) ){
Sr = Time();
if( isinSSL(ClientSock) ){
CStr(sts,128);
int fcl;
Ss = Time();
fcl = insertFCLX(Conn,"starttls",CLNT_PROTO,FromC,ToS);
Sn = Time();
syslog_ERROR("## STLS ## IMPLICIT SSL ON %d,%d,%d,%d\n",
ClientSock,FromC,ToC,fcl);
sprintf(sts,"%.2f %.2f/%.2f %.2f %.2f = %.2f",
St-ClntConnTime,Sr-St,timeout/1000.0,
Ss-Sr,Sn-Ss,
Sn-ClntConnTime);
sv1log("OK: SSL/cl %s\n",sts);
if( 0 <= fcl ){
if( strncaseeq(CLNT_PROTO,"ftp",3) ){
if( FromC == ClientSock ){
ClientSock = dup(ClientSock);
}
}
if( streq(iSERVER_PROTO,"delegate")
|| ACT_GENERALIST ){
/* 9.9.7 for FTP-data via MASTER/ssl */
ClientSock = dup(ClientSock);
sv1log("----ClientSock=[%d] <= [%d]\n",
ClientSock,FromC);
}
dup2(fcl,FromC);
close(fcl);
ClientFlags |= PF_STLS_ON;
return 1;
}
}
}
}
return 0;
}
/* type is really "token" type, which is actually int */
int parser_find_keyword(const char *s, YYSTYPE *lval)
{
const struct keyword_def *k;
bool keyleft;
int keywordtype;
keyleft = FALSE;
k = ipsec_conf_keywords_v2;
while (k->keyname != NULL) {
if (strcaseeq(s, k->keyname))
break;
if (k->validity & kv_leftright) {
if (strncaseeq(s, "left", 4) &&
strcaseeq(s + 4, k->keyname)) {
keyleft = TRUE;
break;
} else if (strncaseeq(s, "right", 5) &&
strcaseeq(s + 5, k->keyname)) {
keyleft = FALSE;
break;
}
}
k++;
}
lval->s = NULL;
/* if we found nothing */
if (k->keyname == NULL &&
(s[0] == 'x' || s[0] == 'X') && (s[1] == '-' || s[1] == '_')) {
k = &ipsec_conf_keyword_comment;
lval->k.string = strdup(s);
}
/* if we still found nothing */
if (k->keyname == NULL) {
lval->s = strdup(s);
return STRING;
}
switch (k->type) {
case kt_percent:
keywordtype = PERCENTWORD;
break;
case kt_time:
keywordtype = TIMEWORD;
break;
case kt_comment:
keywordtype = COMMENT;
break;
case kt_bool:
case kt_invertbool:
keywordtype = BOOLWORD;
break;
default:
keywordtype = KEYWORD;
break;
}
/* else, set up llval.k to point, and return KEYWORD */
lval->k.keydef = k;
lval->k.keyleft = keyleft;
return keywordtype;
}
int DELEGATE_subfunc(DGC*Conn,int ac,const char *av[],PCStr(func),int Fopt,int type)
{ int fi;
const char *fname;
const char *sp;
mainFUNCP ifunc;
int ctype;
const char *nav[64]; /**/
CStr(nab,1024);
const char **avx;
int acx;
int impok = 0;
for( fi = 0; fname = subfuncs[fi].f_name; fi++ ){
if( !strcaseeq(func,fname) )
if( !strncaseeq(func,"dg",2) || !strcaseeq(func+2,fname) )
continue;
if( subfuncs[fi].f_stats & FC_DISABLE ){
if( FimpByOwner(func) ){
impok = 1;
}else{
fprintf(stderr,"Forbidden: %s\n",fname);
Finish(-1);
}
}
if( geteuid() == 0 && getuid() != 0 )
if( (subfuncs[fi].f_stats & FC_ASROOT) == 0 )
if( subfuncs[fi].f_func != (mainFunc*)implant_main )
{
/*
fprintf(stderr,"Not allowed in root: %s\n",fname);
*/
seteuid(getuid());
}
ctype = subfuncs[fi].f_type;
if( ctype == MS ){
setIsFunc(Conn,1);
LOG_type |= L_ISFUNC;
}
if( ctype == MV ){
if( type != MV )
return 1;
}else
if( ctype == MN ){
if( type != MN )
return 1;
if( subfuncs[fi].f_proto[0] )
DELEGATE_ScanGlobal(Conn,subfuncs[fi].f_proto);
}
ifunc = (mainFUNCP)subfuncs[fi].f_func;
if( subfuncs[fi].f_withLog ){
/* special case of "expire" */
ac = replace_log(ac,&av,64,nav,AVStr(nab));
}else
if( ctype == MV ){
/* already did arg_scan() */
/* don't need config for any client */
}else{
if( ifunc == (mainFUNCP)argdec_main ){
/* don't decrypt +=enc:... arg. */
}else
ac = DELEGATE_scan_args(ac,av);
DELEGATE_config(Conn,-1);
}
if( subfuncs[fi].f_withAdmin )
if( subfuncs[fi].f_proto[0] )
checkADMIN(Conn,subfuncs[fi].f_proto);
if( Fopt ){
int ai;
acx = ac - Fopt;
avx = &av[Fopt];
for( ai = 0; ai < acx; ai++ ){
if( strcmp(avx[ai],"--") == 0 ){
acx = ai;
break;
}
}
}else{
acx = ac;
avx = av;
}
if( getenv("DELEGATE_DEBUG") ){
int ai;
for(ai=0;ai<acx;ai++)
fprintf(stderr,"##[%d] %s\n",ai,avx[ai]);
}
DELEGATE_ver(); /* set MyVer for debugging */
(*ifunc)(acx,avx,Conn,ServSock(),SERVER_PORT());
Finish(0);
}
if( Fopt ){
printf("DeleGate: unknown function -F\"%s\"\r\n",func);
help_main(ac,av);
Finish(-1);
}
return 0;
}
static mlt_frame filter_process( mlt_filter filter, mlt_frame frame )
{
mlt_properties filter_props = MLT_FILTER_PROPERTIES( filter );
mlt_properties instance_props = mlt_frame_unique_properties( frame, MLT_FILTER_SERVICE( filter ) );
double gain = 1.0; // no adjustment
// Parse the gain property
if ( mlt_properties_get( filter_props, "gain" ) != NULL )
{
char *p = mlt_properties_get( filter_props, "gain" );
if ( strncaseeq( p, "normalise", 9 ) )
mlt_properties_set( filter_props, "normalise", "" );
else
{
if ( strcmp( p, "" ) != 0 )
gain = strtod( p, &p );
while ( isspace( *p ) )
p++;
/* check if "dB" is given after number */
if ( strncaseeq( p, "db", 2 ) )
gain = DBFSTOAMP( gain );
else
gain = fabs( gain );
// If there is an end adjust gain to the range
if ( mlt_properties_get( filter_props, "end" ) != NULL )
{
double end = -1;
char *p = mlt_properties_get( filter_props, "end" );
if ( strcmp( p, "" ) != 0 )
end = strtod( p, &p );
while ( isspace( *p ) )
p++;
/* check if "dB" is given after number */
if ( strncaseeq( p, "db", 2 ) )
end = DBFSTOAMP( end );
else
end = fabs( end );
if ( end != -1 )
gain += ( end - gain ) * mlt_filter_get_progress( filter, frame );
}
}
}
mlt_properties_set_double( instance_props, "gain", gain );
// Parse the maximum gain property
if ( mlt_properties_get( filter_props, "max_gain" ) != NULL )
{
char *p = mlt_properties_get( filter_props, "max_gain" );
double gain = strtod( p, &p ); // 0 = no max
while ( isspace( *p ) )
p++;
/* check if "dB" is given after number */
if ( strncaseeq( p, "db", 2 ) )
gain = DBFSTOAMP( gain );
else
gain = fabs( gain );
mlt_properties_set_double( instance_props, "max_gain", gain );
}
// Parse the limiter property
if ( mlt_properties_get( filter_props, "limiter" ) != NULL )
{
char *p = mlt_properties_get( filter_props, "limiter" );
double level = 0.5; /* -6dBFS */
if ( strcmp( p, "" ) != 0 )
level = strtod( p, &p);
while ( isspace( *p ) )
p++;
/* check if "dB" is given after number */
if ( strncaseeq( p, "db", 2 ) )
{
if ( level > 0 )
level = -level;
level = DBFSTOAMP( level );
}
else
{
if ( level < 0 )
level = -level;
}
mlt_properties_set_double( instance_props, "limiter", level );
}
// Parse the normalise property
if ( mlt_properties_get( filter_props, "normalise" ) != NULL )
{
char *p = mlt_properties_get( filter_props, "normalise" );
double amplitude = 0.2511886431509580; /* -12dBFS */
if ( strcmp( p, "" ) != 0 )
amplitude = strtod( p, &p);
while ( isspace( *p ) )
p++;
/* check if "dB" is given after number */
if ( strncaseeq( p, "db", 2 ) )
{
if ( amplitude > 0 )
amplitude = -amplitude;
amplitude = DBFSTOAMP( amplitude );
}
else
{
if ( amplitude < 0 )
amplitude = -amplitude;
if ( amplitude > 1.0 )
amplitude = 1.0;
}
// If there is an end adjust gain to the range
if ( mlt_properties_get( filter_props, "end" ) != NULL )
{
amplitude *= mlt_filter_get_progress( filter, frame );
}
mlt_properties_set_int( instance_props, "normalise", 1 );
mlt_properties_set_double( instance_props, "amplitude", amplitude );
}
// Parse the window property and allocate smoothing buffer if needed
int window = mlt_properties_get_int( filter_props, "window" );
if ( mlt_properties_get( filter_props, "smooth_buffer" ) == NULL && window > 1 )
{
// Create a smoothing buffer for the calculated "max power" of frame of audio used in normalisation
double *smooth_buffer = (double*) calloc( window, sizeof( double ) );
int i;
for ( i = 0; i < window; i++ )
smooth_buffer[ i ] = -1.0;
mlt_properties_set_data( filter_props, "smooth_buffer", smooth_buffer, 0, free, NULL );
}
// Push the filter onto the stack
mlt_frame_push_audio( frame, filter );
// Override the get_audio method
mlt_frame_push_audio( frame, filter_get_audio );
return frame;
}
/* compare two struct id values */
bool same_id(const struct id *a, const struct id *b)
{
a = resolve_myid(a);
b = resolve_myid(b);
if (b->kind == ID_NONE || a->kind == ID_NONE) {
DBG(DBG_PARSING, DBG_log("id type with ID_NONE means wildcard match"));
return TRUE; /* it's the wildcard */
}
if (a->kind != b->kind) {
return FALSE;
}
switch (a->kind) {
case ID_NONE:
return TRUE; /* repeat of above for completeness */
case ID_NULL:
if (a->kind == b->kind) {
DBG(DBG_PARSING, DBG_log("ID_NULL: id kind matches"));
return TRUE;
}
return FALSE;
case ID_IPV4_ADDR:
case ID_IPV6_ADDR:
return sameaddr(&a->ip_addr, &b->ip_addr);
case ID_FQDN:
case ID_USER_FQDN:
/*
* assumptions:
* - case should be ignored
* - trailing "." should be ignored
* (even if the only character?)
*/
{
size_t al = a->name.len,
bl = b->name.len;
while (al > 0 && a->name.ptr[al - 1] == '.')
al--;
while (bl > 0 && b->name.ptr[bl - 1] == '.')
bl--;
return al == bl &&
strncaseeq((char *)a->name.ptr,
(char *)b->name.ptr, al);
}
case ID_FROMCERT:
DBG(DBG_CONTROL,
DBG_log("same_id() received ID_FROMCERT - unexpected"));
/* FALLTHROUGH */
case ID_DER_ASN1_DN:
return same_dn(a->name, b->name);
case ID_KEY_ID:
return a->name.len == b->name.len &&
memeq(a->name.ptr, b->name.ptr, a->name.len);
default:
bad_case(a->kind);
/* NOTREACHED */
return FALSE;
}
}
void scan_STLS(Connection *Conn,PCStr(stls)){
CStr(filt,1024);
CStr(proto,1024);
CStr(cmapb,1024);
CStr(map,1024);
CStr(opt1,1024);
const char *cmap;
const char *fp;
refQStr(np,filt);
refQStr(op,opt1);
int fcl = 0;
int fsv = 0;
int opt = 0;
const char *com = "sslway";
CStr(comb,1024);
/*
cmap = wordscanY(stls,AVStr(filt),sizeof(filt),"^:");
if( *cmap == ':' )
cmap++;
cmap = wordscanY(cmap,AVStr(proto),sizeof(proto),"^:");
if( proto[0] )
sprintf(cmapb,"starttls/{%s}%s",proto,cmap);
else sprintf(cmapb,"starttls%s",cmap);
*/
strcpy(filt,"");
strcpy(proto,"");
strcpy(map,"");
scan_Listlist(stls,':',AVStr(filt),AVStr(proto),AVStr(map),VStrNULL,VStrNULL);
if( proto[0] )
/*
sprintf(cmapb,"starttls/{%s}%s%s",proto,*map?":":"",map);
*/
sprintf(cmapb,"starttls//{%s}%s%s",proto,*map?":":"",map);
else sprintf(cmapb,"starttls%s%s",*map?":":"",map);
for( fp = filt; *fp;){
int optL;
np = wordscanY(fp,AVStr(opt1),sizeof(opt1),"^,");
optL = 0;
if( strncaseeq(opt1,"-im",3) ){
STLS_implicit_wait = -1;
STLS_wait_set = 1;
if( (fsv & PF_STLS_DO) && (fcl & PF_STLS_DO)==0 ){
STLS_implicit_waitSV = -1;
STLS_wait_setSV = 1;
}
goto NEXT;
}
if( strncaseeq(opt1,"im",2) ){
STLS_implicit_wait = Scan_period(opt1+2,'s',0);
STLS_wait_set = 1;
if( (fsv & PF_STLS_DO) && (fcl & PF_STLS_DO)==0 ){
STLS_implicit_waitSV = STLS_implicit_wait;
STLS_wait_setSV = 1;
}
if( STLS_implicit_wait && STLS_implicit_wait < 0.001 )
STLS_implicit_wait = 0.001;
goto NEXT;
}
if( *opt1 == '-' ){
ovstrcpy(opt1,opt1+1);
optL |= PF_STLS_OPT;
}
if( op = strchr(opt1,'/') ){
setVStrPtrInc(op,0);
if( strncaseeq(op,"ssl",3) ){
optL |= PF_STLS_SSL;
}
}
if( strcaseeq(opt1,"opt") ){
opt = PF_STLS_OPT;
}else
if( strcaseeq(opt1,"ssl") ){
opt = PF_STLS_SSL;
}else
if( strcaseeq(opt1,"mim") || strcaseeq(opt1,"mitm") ){
fsv = PF_STLS_DO | opt | optL | PF_MITM_DO;
fcl = PF_STLS_DO | opt | optL | PF_MITM_DO;
}else
if( strcaseeq(opt1,"FSV") || strcaseeq(opt1,"SV") ){
fsv = PF_STLS_DO | opt | optL;
if( strneq(op,"im",2) ) fsv |= PF_SSL_IMPLICIT;
}else
if( strcaseeq(opt1,"FCL") || strcaseeq(opt1,"CL") ){
fcl = PF_STLS_DO | opt | optL;
if( strneq(op,"im",2) ) fcl |= PF_SSL_IMPLICIT;
}else{
syslog_ERROR("FILTER[%s]: %s\n",com,fp);
com = fp;
if( 1 < num_ListElems(com,':') ){
sprintf(comb,"{%s}",com);
com = comb;
}
break;
}
NEXT:
fp = np;
if( *fp == ',' )
fp++;
}
if( fsv & PF_STLS_DO ){
withSTLS_FSV++;
sprintf(map,"%s:FSV:%s",com,cmapb);
if( fsv & PF_MITM_DO ) Strins(AVStr(map),"--mitm,");
if( fsv & PF_STLS_SSL ) Strins(AVStr(map),"-ss,");
if( fsv & PF_SSL_IMPLICIT ) Strins(AVStr(map),"--im,");
if( fsv & PF_STLS_OPT ) Strins(AVStr(map),"-o,");
scan_CMAP(Conn,map);
sv1log("STLS -> CMAP=\"%s\"\n",map);
}
if( fcl & PF_STLS_DO ){
withSTLS_FCL++;
sprintf(map,"%s:FCL:%s",com,cmapb);
if( fcl & PF_MITM_DO ) Strins(AVStr(map),"--mitm,");
if( fcl & PF_STLS_SSL ) Strins(AVStr(map),"-ss,");
if( fcl & PF_SSL_IMPLICIT ) Strins(AVStr(map),"--im,");
if( fcl & PF_STLS_OPT ) Strins(AVStr(map),"-o,");
scan_CMAP(Conn,map);
sv1log("STLS -> CMAP=\"%s\"\n",map);
}
}
int willSTLS_SV(Connection *Conn){
int oflags = ServerFlags;
if( (ServerFlags & PF_STLS_CHECKED) == 0 ){
checkWithSTLS(Conn,"FSV",REAL_PROTO,"");
if( (ClientFlags & PF_MITM_ON)
&& (ServerFlags & PF_STLS_OPT)
){
/* 9.8.0-pre1 STLS=mitm,-fsv
* expecting STLS=fsv in the upstream proxy
* as PROXY, MASTER, or SOCKS
*/
sv1log("-- STLS=mitm,-fsv %X %d,%d,%d\n",ServerFlags,
toMaster,toProxy,ServViaSocks);
ServerFlags |= PF_SSL_ON;
return 0;
}
if( ServerFlags & (PF_SSL_ON|PF_STLS_ON) ){
}else
if( ServerFlags & PF_STLS_DO )
if( strcaseeq(DST_PROTO,"http")
|| strcaseeq(DST_PROTO,"https")
|| strcaseeq(DST_PROTO,"sockmux")
|| strcaseeq(DST_PROTO,"tcprelay")
|| strcaseeq(DST_PROTO,"telnet")
|| strcaseeq(DST_PROTO,"telnets")
|| (ServerFlags & PF_SSL_IMPLICIT)
|| strcaseeq(DST_PROTO,"imaps") && !nonSSL_SV(Conn)
|| strcaseeq(DST_PROTO,"pop3s") && !nonSSL_SV(Conn)
){ int fsv;
if( toProxy
&& streq(GatewayProto,"http")
&& streq(DST_PROTO,"https")
){
/* SERVER=http + STLS=fsv + PROXY */
SSLtunnelNego(Conn,DST_HOST,DST_PORT,ToS);
sv1log("-- PROXY=%s:%d [%s] as SSLTUNNEL\n",
GatewayHost,GatewayPort,GatewayProto);
}
fsv = insertFSVX(Conn,"starttls",DST_PROTO,FromC,ToS);
if( fsv < 0
&& (ServerFlags & PF_SSL_IMPLICIT)
&& streq(DST_PROTO,"ftp")
){
/* 9.9.8 STLS=fsv:ftps for STLS=fsv:ftp */
fsv = insertFSVX(Conn,"starttls","ftps",FromC,ToS);
}
if( 0 <= fsv ){
if( strncaseeq(CLNT_PROTO,"ftp",3) ){
if( ToSX == -1 ){
ToSX = dup(ToS); /* for ServSock() */
}
}
dup2(fsv,ToS);
close(fsv);
ServerFlags |= PF_STLS_ON;
}
}
}
if( ConnectFlags & COF_TERSE ){
Verbose("willSTLS_SV[%s]: ServerFlags=%X %X\n",DST_PROTO,
ServerFlags,p2i(&ServerFlags));
}else{
sv1log("willSTLS_SV[%s]: ServerFlags=%X %X\n",DST_PROTO,
ServerFlags,p2i(&ServerFlags));
}
if((ServerFlags & PF_STLS_CAP) == 0 )
if( ServerFlags & PF_STLS_DONTTRY )
if( ServerFlags & PF_STLS_OPT ){
sv1log("WILL NOT TRY STLS -- NOT SUPPORTED and OPTIONAL\n");
return 0;
}
/* this should be applied to any protocols */
if( streq(DST_PROTO,"smtps")
|| streq(DST_PROTO,"imaps")
)
if( ServerFlags & PF_SSL_ON ){
if( oflags & PF_SSL_ON ){
sv1log("-- with SSL already -- %s://%s:%d\n",
DST_PROTO,DST_HOST,DST_PORT);
}
return 0;
}
return ServerFlags & PF_STLS_DO;
}
/*
* name can be defined
*/
int Vstat(PCStr(file),PVStr(path),PVStr(name),int isDGV,int lev,FileStat *st){
refQStr(dp,path);
refQStr(ep,name);
FILE *fp;
CStr(line,4096);
CStr(facts,4096);
CStr(fact1,128);
const char *fcp;
int rcc;
int isdgv;
if( 8 < lev ){
return -1;
}
if( isDGV ){
dp = 0;
}else{
dp = strrchr(path,'.');
if( dp == 0 || !strcaseeq(dp,VNODE_EXT) )
return -2;
}
if( (fp = fopen(path,"r+")) == 0 ){
return -3;
}
truncVStr(facts);
while( fgets(line,sizeof(line),fp) != NULL ){
if( strncaseeq(line,"MLST-Facts:",11) ){
lineScan(line+11,facts);
break;
}
if( *line == ' ' && strcasestr(line,"Type=") ){
lineScan(line+1,facts);
break;
}
}
if( lev == 0 ){
FileStat vst;
if( dp ){
setVStrEnd(dp,0);
}
strcpy(name,file);
if( ep = strrchr(name,'.') )
setVStrEnd(ep,0);
bzero(st,sizeof(FileStat));
st->st_mode |= S_IFDIR;
st->st_nlink = 1;
if( stat(path,&vst) == 0 ){
st->st_dev = vst.st_dev;
st->st_ino = vst.st_ino;
}
}
isdgv = 0;
for( fcp = facts; *fcp; ){
refQStr(f1,fact1);
fcp = scan_ListElem1(fcp,';',AVStr(fact1));
if( f1 = strpbrk(fact1,"\r\n") )
setVStrEnd(f1,0);
if( *fact1 == ' ' ){
break;
}else
if( strncaseeq(fact1,"x-ref=",6) ){
CStr(xpath,1024);
refQStr(xp,xpath);
strcpy(xpath,path);
if( xp = strrpbrk(xpath,"/\\") ){
truncVStr(xp);
}
chdir_cwd(AVStr(xpath),fact1+6,0);
if( File_is(xpath) ){
if( isdgv ){
fprintf(stderr,"--->>>> dgv ... %s\n",xpath);
Vstat(file,AVStr(xpath),BVStr(name),1,lev+1,st);
}else
stat(xpath,st);
}else{
strcat(xpath,VNODE_EXT);
Vstat(file,AVStr(xpath),BVStr(name),1,lev+1,st);
}
}else
if( strncaseeq(fact1,"type=",5) ){
if( strcaseeq(fact1+5,"file") )
st->st_mode |= S_IFREG;
else
if( strcaseeq(fact1+5,"dir") )
st->st_mode |= S_IFDIR;
else
if( strcaseeq(fact1+5,"vno") )
isdgv = 1;
else
if( strcaseeq(fact1+5,"MLST") )
isdgv = 2;
}else
if( strncaseeq(fact1,"perm=",5) ){
st->st_mode |= permMode(fact1+5);
}else
if( strncaseeq(fact1,"size=",5) ){
st->st_size = atoi(fact1+5);
}else
if( strncaseeq(fact1,"modify=",7) ){
st->st_mtime = scanYmdHMS_GMT(fact1+7);
}
}
fclose(fp);
return 0;
}