Exemple #1
0
/**
 * telnet_policy_option:
 * @self: 
 *
 * 
 *
 * Returns:
 * 
 */
guint
telnet_policy_option(TelnetProxy *self)
{
  guint         res;
  ZPolicyObj    *pol_res;
  ZPolicyObj    *tmp;
  ZPolicyObj    *command_where = NULL;
  guint         command_do;
  gchar         lookup_str[10];
  gchar         *keys[1];
  gboolean      type_found;

  z_proxy_enter(self);
  z_proxy_log(self, TELNET_DEBUG, 8, "Policy option negotiation check; option='%d'", self->opneg_option[self->ep]);
  g_snprintf(lookup_str, sizeof(lookup_str), "%d", self->opneg_option[self->ep]);
  keys[0] = lookup_str;
  tmp = z_dim_hash_table_search(self->telnet_policy, 1, keys);
  if (!tmp)
    {
      z_proxy_log(self, TELNET_POLICY, 2, "Option not found in policy; option='%s'", lookup_str);
      z_proxy_return(self, TELNET_CHECK_DROP);
    }

  z_policy_lock(self->super.thread);
  type_found = telnet_hash_get_type(tmp, &command_do);
  z_policy_unlock(self->super.thread);
  if (!type_found )
    {
      z_proxy_log(self, TELNET_POLICY, 2, "Policy type invalid; option='%s'", lookup_str);
      z_proxy_return(self, TELNET_CHECK_ABORT);
    }

  switch (command_do)
    {
    case TELNET_OPTION_DROP:
      z_proxy_log(self, TELNET_POLICY, 3, "Policy denied option; option='%s'", lookup_str);
      res = TELNET_CHECK_DROP;
      break;

    case TELNET_OPTION_ACCEPT:
      z_proxy_log(self, TELNET_POLICY, 6, "Policy accepted option; option='%s'", lookup_str);
      res = TELNET_CHECK_OK;
      break;

    case TELNET_OPTION_POLICY:
      z_policy_lock(self->super.thread);
      if (!z_policy_var_parse(tmp, "(iO)", &command_do, &command_where))
        {
          z_proxy_log(self, TELNET_POLICY, 2, "Cannot parse policy line; option='%s'", lookup_str);
          res = TELNET_CHECK_ABORT;
        }
      else 
        {
          pol_res = z_policy_call_object(command_where, z_policy_var_build("(i)", &self->opneg_option[self->ep]), self->super.session_id);
          if (pol_res == NULL)
            {
              z_proxy_log(self, TELNET_POLICY, 2, "Error in policy calling; option='%s'", lookup_str);
              res = TELNET_CHECK_ABORT;
            }
          else if (!z_policy_var_parse(pol_res, "i", &res))
            {
              z_proxy_log(self, TELNET_POLICY, 1, "Can't parse return verdict; option='%s'", lookup_str);
              res = TELNET_CHECK_ABORT;
            }
          else
            {
              switch (res)
                {
                case ZV_ACCEPT:
                  z_proxy_log(self, TELNET_POLICY, 6, "Policy function accepted option; option='%s'", lookup_str);
                  res = TELNET_CHECK_OK;
                  break;

                case ZV_UNSPEC:
                case ZV_DROP:
                  z_proxy_log(self, TELNET_POLICY, 3, "Policy function drop option; option='%s'", lookup_str);
                  res = TELNET_CHECK_DROP;
                  break;

                case TELNET_OPTION_REJECT:
                  z_proxy_log(self, TELNET_POLICY, 3, "Policy function reject option; option='%s'", lookup_str);
                  res = TELNET_CHECK_REJECT;
                  break;

                case ZV_ABORT:
                default:
                  z_proxy_log(self, TELNET_POLICY, 1, "Policy function aborted session; option='%s'", lookup_str);
                  res = TELNET_CHECK_ABORT;
                  break;
                }
            }
        }
      z_policy_unlock(self->super.thread);
      break;

    case TELNET_OPTION_REJECT:
      z_proxy_log(self, TELNET_POLICY, 3, "Policy rejected option; option='%s'", lookup_str);
      res = TELNET_CHECK_REJECT;
      break;

    case TELNET_OPTION_ABORT:
    default:
      z_proxy_log(self, TELNET_POLICY, 3, "Policy aborted session; option='%s'", lookup_str);
      res = TELNET_CHECK_ABORT;
      break;
    }
  z_proxy_return(self, res);
}
Exemple #2
0
SmtpResponseTypes
smtp_policy_check_response(SmtpProxy *self)
{
  ZPolicyObj *entry, *process_rsp, *res;
  gchar *key[2];
  gchar *response, *response_param;
  SmtpResponseTypes action;

  z_proxy_enter(self);
  if (self->request->len)
    key[0] = self->request->str;
  else
    key[0] = "Null";
  key[1] = self->response->str;
  entry = z_dim_hash_table_search(self->response_policy, 2, key);
  if (!entry)
    z_proxy_return(self, SMTP_RSP_REJECT);

  z_policy_lock(self->super.thread);
  if (!smtp_hash_get_type(entry, &action))
    {
      /*LOG
	This message indicates that the policy type is invalid for the given response and Zorp
	aborts the connection. Check the 'response' attribute.
       */
      z_proxy_log(self, SMTP_POLICY, 1, "Invalid response policy; request='%s', response='%s'", self->request->str, self->response->str);
      z_proxy_return(self, SMTP_RSP_ABORT);
    }
  z_policy_unlock(self->super.thread);
  switch (action)
    {
    case SMTP_RSP_REJECT:
      z_policy_lock(self->super.thread);
      if (!z_policy_var_parse_tuple(entry, "i|ss", &action, &response, &response_param))
        {
	  /*LOG
	    This message indicates that the parameter of the response policy of the given request is invalid and Zorp aborts the connection.
	    Check the 'response' attribute.
	   */
          z_proxy_log(self, SMTP_POLICY, 1, "Error in response policy; request='%s', response='%s'", self->request->str, self->response->str);
          action = SMTP_RSP_ABORT;
        }
      else
        {
          if (response)
            g_string_assign(self->error_code, response);
          if (response_param)
            g_string_assign(self->error_info, response_param);
        }
      z_policy_unlock(self->super.thread);
      break;

    case SMTP_RSP_ACCEPT:
    case SMTP_RSP_ABORT:
      break;

    case SMTP_RSP_POLICY:
      z_policy_lock(self->super.thread);
      if (!z_policy_var_parse(entry, "(iO)", &action, &process_rsp))
        {
	  /*LOG
	    This message indicates that the parameter of the response policy of the given request is invalid and Zorp aborts the connection.
	    Check the 'response' attribute.
	   */
          z_proxy_log(self, SMTP_POLICY, 1, "Error in response policy; request='%s', response='%s'", self->request->str, self->response->str);
          action = SMTP_RSP_ABORT;
        }
      else
        {
          res = z_policy_call_object(process_rsp, z_policy_var_build("(ssss)", self->request->str, self->request_param->str, self->response->str, self->response_param->str), self->super.session_id);
          if (res)
            {
              if (!z_policy_var_parse(res, "i", &action))
                {
		  /*LOG
		    This message indicates that the returned value of the callback for the given response policy
		    is invalid and Zorp aborts the connection. Check the callback function.
		   */
                  z_proxy_log(self, SMTP_POLICY, 1, "The verdict returned by the policy is not an int; request='%s', response='%s'", self->request->str, self->response->str);
                  action = SMTP_RSP_ABORT;
                }
            }
          else
            {
              action = SMTP_RSP_ABORT;
            }
        }
      z_policy_unlock(self->super.thread);
      break;

    default:
      action = SMTP_RSP_ABORT;
      break;
    }
  z_proxy_return(self, action);
}
Exemple #3
0
/**
 * telnet_policy_suboption:
 * @self: 
 * @command: 
 * @name: 
 * @value: 
 *
 * 
 *
 * Returns:
 * 
 */
guint
telnet_policy_suboption(TelnetProxy *self, guchar command, gchar *name, gchar *value)
{
  guint         res;
  ZPolicyObj    *pol_res;
  ZPolicyObj    *tmp;
  ZPolicyObj    *command_where = NULL;
  guint         command_do;
  gchar         lookup_str[2][10];
  gchar         *keys[2];
  gboolean      type_found;

  z_proxy_enter(self);
  z_proxy_log(self, TELNET_DEBUG, 8, "Policy suboption negotiation check;");
  g_snprintf(lookup_str[0], sizeof(lookup_str[0]), "%d", self->opneg_option[self->ep]);
  g_snprintf(lookup_str[1], sizeof(lookup_str[1]), "%d", command);
  keys[0] = lookup_str[0];
  keys[1] = lookup_str[1];
  tmp = z_dim_hash_table_search(self->telnet_policy, 2, keys);
  if (!tmp)
    {
      z_proxy_log(self, TELNET_POLICY, 1, "Option not found in policy hash, dropping; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
      z_proxy_return(self, TELNET_CHECK_DROP);
    }

  z_policy_lock(self->super.thread);
  type_found = telnet_hash_get_type(tmp, &command_do);
  z_policy_unlock(self->super.thread);
  if (!type_found)
    {
      z_proxy_log(self, TELNET_POLICY, 2, "Policy type invalid!");
      z_proxy_return(self, TELNET_CHECK_ABORT);
    }

  switch (command_do)
    {
    case TELNET_OPTION_DROP:
      z_proxy_log(self, TELNET_POLICY, 6, "Policy denied suboption; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
      res = TELNET_CHECK_DROP;
      break;

    case TELNET_OPTION_ACCEPT:
      z_proxy_log(self, TELNET_POLICY, 6, "Policy accepted suboption; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
      res = TELNET_CHECK_OK;
      break;

    case TELNET_OPTION_POLICY:
      z_policy_lock(self->super.thread);
      if (!z_policy_var_parse(tmp, "(iO)", &command_do, &command_where))
        {
          z_proxy_log(self, TELNET_POLICY, 2, "Cannot parse policy line for option; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
          res = TELNET_CHECK_ABORT;
        }
      else 
        {
          /* call Python method with appropriate parameters */
          switch (self->opneg_option[self->ep])
            {
            case TELNET_OPTION_TERMINAL_TYPE:
            case TELNET_OPTION_TERMINAL_SPEED:
            case TELNET_OPTION_X_DISPLAY_LOCATION:
            case TELNET_OPTION_ENVIRONMENT:
            case TELNET_OPTION_NAWS:
              pol_res = z_policy_call_object(command_where, z_policy_var_build("(iss)", &self->opneg_option[self->ep], name, value), self->super.session_id);
              break;

            default:
              pol_res = z_policy_call_object(command_where, z_policy_var_build("(i)", &self->opneg_option[self->ep]), self->super.session_id);
              break;
            }

          if (pol_res == NULL)
            {
              z_proxy_log(self, TELNET_POLICY, 2, "Error in policy calling; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
              res = TELNET_CHECK_ABORT;
            }
          else if (!z_policy_var_parse(pol_res, "i", &res))
            {
              z_proxy_log(self, TELNET_POLICY, 2, "Can't parse return verdict; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
              res = TELNET_CHECK_ABORT;
            }
          else
            {
              switch (res)
                {
                case ZV_ACCEPT:
                  z_proxy_log(self, TELNET_POLICY, 6, "Policy function accepted suboption; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
                  res = TELNET_CHECK_OK;
                  break;

                case ZV_UNSPEC:
                case ZV_REJECT:
                case ZV_DROP:
                  z_proxy_log(self, TELNET_POLICY, 3, "Policy function denied suboption; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
                  res = TELNET_CHECK_DROP;
                  break;

                case ZV_ABORT:
                default:
                  z_proxy_log(self, TELNET_POLICY, 3, "Policy function aborted suboption; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
                  res = TELNET_CHECK_ABORT;
                  break;
                }
            }
        }
      z_policy_unlock(self->super.thread);
      break;

    case TELNET_OPTION_ABORT:
    default:
      z_proxy_log(self, TELNET_POLICY, 3, "Policy aborted session; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
      res = TELNET_CHECK_ABORT;
      break;
    }
  z_proxy_return(self, res);
}
Exemple #4
0
guint
ftp_policy_answer_hash_do(FtpProxy *self)
{
  guint ret;
  ZPolicyObj *res;
  ZPolicyObj *tmp;
  ZPolicyObj *answer_where;
  unsigned int answer_do;
  gchar key1[5];
  gchar key2[5];
  gchar *key[2];
  gchar *msg;
  int i;
  gchar work[10];

  z_proxy_enter(self);
  if (self->request_cmd->len > 0)
    g_snprintf(key1, sizeof(key1), "%s", self->request_cmd->str);
  else
    g_snprintf(key1, sizeof(key1), "Null");

  g_snprintf(key2, sizeof(key2), "%s", self->answer_cmd->str);
  key[0] = key1;
  key[1] = key2;
  tmp = z_dim_hash_table_search(self->policy_answer_hash, 2, key);
  if (!tmp)
    {
      /*LOG
        This message indicates that the policy does not contain any setting for the given
        response and Zorp rejects the response. Check the 'response' attribute.
       */
      z_proxy_log(self, FTP_POLICY, 5, "Policy does not contain this response, using hard-coded default; request='%s', response='%s", self->request_cmd->str, self->answer_cmd->str);
      z_proxy_return(self, FTP_RSP_REJECT);
    }
    
  z_policy_lock(self->super.thread);
  if (!ftp_hash_get_type(tmp, &answer_do))
    {
      /*LOG
        This message indicates that the policy type is invalid for the given response and Zorp
        rejects the request. Check the 'request' attribute.
       */
      z_proxy_log(self, FTP_POLICY, 1, "Answer type invalid; req='%s', rsp='%s'", self->request_cmd->str, self->answer_cmd->str);
      z_proxy_return(self, FTP_RSP_REJECT);
    }
  z_policy_unlock(self->super.thread);
  
  switch(answer_do)
    {
    case FTP_RSP_REJECT:
      ret = FTP_RSP_REJECT;
      z_policy_lock(self->super.thread);
      if (!z_policy_var_parse(tmp, "(is)", &answer_do, &msg))
        {
          g_string_assign(self->answer_cmd, "500");
          g_string_assign(self->answer_param, "Error parsing answer");
        }
      else
        {
          for(i = 0; i < 3; i++)
            work[i]=msg[i];
          work[i]=0;
          g_string_assign(self->answer_cmd, work);
          g_string_assign(self->answer_param, &msg[i+1]);
        }
      z_policy_unlock(self->super.thread);
      break;
      
    case FTP_RSP_ACCEPT:
      ret = FTP_RSP_ACCEPT;
      break;
      
    case FTP_RSP_ABORT:
      ret = FTP_RSP_ABORT;
      z_policy_lock(self->super.thread);
      if (!z_policy_var_parse(tmp, "(is)", &answer_do, &msg))
        {
          g_string_assign(self->answer_cmd, "500");
          g_string_assign(self->answer_param, "Error parsing answer");
        }
      else
        {
          for(i = 0; i < 3; i++)
            work[i]=msg[i];
          work[i]=0;
          g_string_assign(self->answer_cmd, work);
          g_string_assign(self->answer_param, &msg[i+1]);
        }
      z_policy_unlock(self->super.thread);
      break;
      
    case FTP_RSP_POLICY:
      z_policy_lock(self->super.thread);
      if (!z_policy_var_parse(tmp,"(iO)", &answer_do, &answer_where))
        {
          /*LOG
            This message indicates that the policy for the given response is invalid
            and Zorp rejects the response. Check the 'response' attribute. It is likely that the
            parameter for the FTP_RSP_POLICY is invalid.
           */
          z_proxy_log(self, FTP_POLICY, 1, "Bad policy line; command='%s', answer='%s'", self->request_cmd->str, self->answer_cmd->str);
          g_string_assign(self->answer_cmd, "500");
          g_string_assign(self->answer_param, "Error parsing answer (bad policy)");
          ret = FTP_RSP_ABORT;
        }
      else
        {
          res = z_policy_call_object(answer_where, z_policy_var_build("(ss)", self->request_cmd->str, self->answer_cmd->str), self->super.session_id);
          if (res == NULL)
            {
              /*LOG
                This message indicates that the callback for the given response policy is invalid
                and Zorp rejects the response. Check the 'response' attribute. It is likely that the
                parameter for the FTP_RSP_POLICY is invalid.
               */
              z_proxy_log(self, FTP_POLICY, 1, "Error in policy calling; command='%s', answer='%s'", self->request_cmd->str, self->answer_cmd->str);
              g_string_assign(self->answer_cmd, "500");
              g_string_assign(self->answer_param, "Error parsing answer (bad policy)");
              ret = FTP_RSP_ABORT;
            }
          else if (!z_policy_var_parse(res, "i", &ret))
            {
              /*LOG
                This message indicates that the returned value of the callback for the given response policy 
                is invalid and Zorp rejects the response. Check the callback function.
               */
              z_proxy_log(self, FTP_POLICY, 1, "Return code invalid from policy function; command='%s', answer='%s'", self->request_cmd->str, self->answer_cmd->str);
              g_string_assign(self->answer_cmd, "500");
              g_string_assign(self->answer_param, "Error parsing answer (bad policy)");
              ret = FTP_RSP_ABORT;
            }
          else
            {
              switch(ret)
                {
                case FTP_RSP_ACCEPT:
                case FTP_RSP_REJECT:
                case FTP_RSP_ABORT:
                  break;
                  
                case Z_DROP:
                case Z_UNSPEC:
                  ret = FTP_RSP_REJECT;
                  break;
                  
                default:
                  g_string_assign(self->answer_cmd, "500");
                  g_string_assign(self->answer_param, "Error parsing answer, connection dropped.");
                  ret = FTP_RSP_ABORT;
                  break;
                }
            }
        }
      z_policy_unlock(self->super.thread);
      break;
      
    default:
      g_string_assign(self->answer_cmd, "500");
      g_string_assign(self->answer_param, "Error parsing answer, connection dropped.");
      ret = FTP_RSP_ABORT;
      break;
    }
  z_proxy_return(self, ret);
}