void FWPprocessMessages(
IceConn iceConn,
IcePointer * client_data,
int opcode,
unsigned long length,
Bool swap)
{
switch (opcode)
{
/*
* this is really the only opcode we care about -- the one
* which indicates an XFindProxy request for a connection
* to a specified server
*/
case PM_GetProxyAddr:
{
pmGetProxyAddrMsg *pMsg;
char *pData, *pStart;
char *serviceName = NULL, *serverAddress = NULL;
char *hostAddress = NULL, *startOptions = NULL;
char *authName = NULL, *authData = NULL;
int authLen;
struct clientDataStruct * program_data;
char * listen_port_string;
int pm_send_msg_len;
pmGetProxyAddrReplyMsg * pReply;
char * pReplyData;
struct hostent * hostptr;
struct sockaddr_in server_sockaddr_in;
struct sockaddr_in dummy_sockaddr_in;
char * server_name_base;
char * config_failure = "unrecognized server or permission denied";
char * tmp_str;
int rule_number = -1;
char * colon;
char * tmpAddress = NULL;
/*
* this is where we need and get access to that client data we
* went through such contortions to set up earlier!
*/
program_data = (struct clientDataStruct *) client_data;
/*
* initial check on expected message size
*/
CHECK_AT_LEAST_SIZE (iceConn, global_data.major_opcode, opcode,
length, SIZEOF (pmGetProxyAddrMsg), IceFatalToProtocol);
IceReadCompleteMessage (iceConn, SIZEOF (pmGetProxyAddrMsg),
pmGetProxyAddrMsg, pMsg, pStart);
if (!IceValidIO (iceConn))
{
IceDisposeCompleteMessage (iceConn, pStart);
return;
}
authLen = swap ? lswaps (pMsg->authLen) : pMsg->authLen;
pData = pStart;
SKIP_STRING (pData, swap); /* proxy-service */
SKIP_STRING (pData, swap); /* server-address */
SKIP_STRING (pData, swap); /* host-address */
SKIP_STRING (pData, swap); /* start-options */
if (authLen > 0)
{
SKIP_STRING (pData, swap); /* auth-name */
pData += (authLen + PAD64 (authLen)); /* auth-data */
}
/*
* now a detailed check on message size
*/
CHECK_COMPLETE_SIZE (iceConn, global_data.major_opcode, opcode,
length, pData - pStart + SIZEOF (pmGetProxyAddrMsg),
pStart, IceFatalToProtocol);
pData = pStart;
/*
* extract message data, based on known characteristics
* of this message type
*/
EXTRACT_STRING (pData, swap, serviceName);
EXTRACT_STRING (pData, swap, serverAddress);
EXTRACT_STRING (pData, swap, hostAddress);
EXTRACT_STRING (pData, swap, startOptions);
if (authLen > 0)
{
EXTRACT_STRING (pData, swap, authName);
authData = (char *) malloc (authLen);
memcpy (authData, pData, authLen);
}
#ifdef DEBUG
(void) fprintf (stderr,
"Got GetProxyAddr, serviceName = %s, serverAddr = %s\n",
serviceName, serverAddress);
(void) fprintf (stderr,
"\thostAddr = %s, options = %s, authLen = %d\n",
hostAddress, startOptions, authLen);
if (authLen > 0)
(void) fprintf (stderr, "\tauthName = %s\n", authName);
#endif
/*
* need to copy the host port string because strtok() changes it
*/
if ((tmp_str = strdup (serverAddress)) == NULL)
{
(void) fprintf(stderr, "malloc - serverAddress copy\n");
goto sendFailure;
}
/*
* before proceeding we want to verify that we are allowed to
* accept connections from the host who called xfindproxy();
* the thing is, we don't get that host name from Proxy Manager
* even if the "-host <hostname>" command-line option was present
* in xfindproxy (and even if it was we shouldn't rely on it --
* much better to have ProxyMngr query the xfindproxy connect
* socket for its origin); the upshot of all this that we do
* a configuration check *only* on the destination (which we
* assume in this case to be the serverAddress passed in by
* xfindproxy(); so get the destination IP address!
*/
server_name_base = strtok(tmp_str, ":");
if ((hostptr = gethostbyname(server_name_base)) == NULL)
{
(void) fprintf(stderr, "gethostbyname (%s) failed\n", server_name_base);
goto sendFailure;
}
memset(&server_sockaddr_in, 0, sizeof(server_sockaddr_in));
memset(&dummy_sockaddr_in, 0, sizeof(dummy_sockaddr_in));
memcpy((char *) &server_sockaddr_in.sin_addr,
hostptr->h_addr,
hostptr->h_length);
/*
* need to initialize dummy to something, but doesn't matter
* what (should eventually be the true host address);
* NOTE: source configuration will always match (see XFWP man
* page) unless sysadmin explicitly chooses to deny
*/
memcpy((char *) &dummy_sockaddr_in.sin_addr,
hostptr->h_addr,
hostptr->h_length);
if ((doConfigCheck(&dummy_sockaddr_in,
&server_sockaddr_in,
global_data.config_info,
FINDPROXY,
&rule_number)) == FAILURE)
{
(void) fprintf(stderr, "xfindproxy failed config check\n");
sendFailure:
/*
* report failure back to the ProxyMgr
*
*/
pm_send_msg_len = STRING_BYTES(config_failure)
+ STRING_BYTES(NULL);
IceGetHeaderExtra(iceConn,
program_data->major_opcode,
PM_GetProxyAddrReply,
SIZEOF(pmGetProxyAddrReplyMsg),
WORD64COUNT (pm_send_msg_len),
pmGetProxyAddrReplyMsg,
pReply,
pReplyData);
pReply->status = PM_Failure;
STORE_STRING(pReplyData, NULL);
STORE_STRING(pReplyData, config_failure);
IceFlush(iceConn);
free(tmp_str);
return;
}
/*
* okay, you got what you need from the PM to proceed,
* so extract the fd of the selected connection and use
* it to set up the remote client listen port and add
* the name of the X server to your list of server connections
*/
/*
* Before checking to see if you already have a PM connection
* request for this server, make serverAddress a
* FQDN so that synonomous names like oregon:0 and oregon.com:0
* will be recognized as the same Xserver. If this server
* already exists, don't allocate another listen port for it -
* use the already allocated one
*/
colon = strchr (serverAddress, ':');
if (colon)
{
struct hostent *hostent;
*colon = '\0';
hostent = gethostbyname (serverAddress);
*colon = ':';
if (hostent && hostent->h_name) {
tmpAddress = (char *) malloc (strlen (hostent->h_name) +
strlen (colon) + 1);
(void) sprintf (tmpAddress, "%s%s", hostent->h_name, colon);
serverAddress = tmpAddress;
}
}
if ((doCheckServerList(serverAddress,
&listen_port_string,
program_data->config_info->num_servers)) == FAILURE)
{
/*
* this server name isn't in your list; so set up a new
* remote client listen port for it; extract the fd from
* the connection and pass it in as index to array lookup
*/
if ((doSetupRemClientListen(&listen_port_string,
program_data,
serverAddress)) == FAILURE)
{
goto sendFailure;
}
}
if (tmpAddress)
free (tmpAddress);
/*
* the PM-sent server address *was* in your list, so send back
* the rem client listen port you had already associated with
* that server (it will presumably be forwarded to the remote
* client through some other channel)
* use IceGetHeaderExtra() and the
*/
pm_send_msg_len = STRING_BYTES(listen_port_string)
+ STRING_BYTES(NULL);
IceGetHeaderExtra(iceConn,
program_data->major_opcode,
PM_GetProxyAddrReply,
SIZEOF(pmGetProxyAddrReplyMsg),
WORD64COUNT (pm_send_msg_len),
pmGetProxyAddrReplyMsg,
pReply,
pReplyData);
pReply->status = PM_Success;
STORE_STRING(pReplyData, listen_port_string);
STORE_STRING(pReplyData, NULL);
IceFlush(iceConn);
/*
* before leaving this routine, change the select() timeout
* here to be equal to the configured client listen timeout
* (otherwise you'll never *get* to your listen timeout
* if it's shorter than the startup select() default
*/
program_data->config_info->select_timeout.tv_sec =
program_data->config_info->client_listen_timeout;
break;
}
case ICE_Error:
{
iceErrorMsg *pMsg;
char *pStart;
CHECK_AT_LEAST_SIZE (iceConn, global_data.major_opcode, ICE_Error,
length, sizeof(iceErrorMsg), IceFatalToProtocol);
IceReadCompleteMessage (iceConn, SIZEOF (iceErrorMsg),
iceErrorMsg, pMsg, pStart);
if (!IceValidIO (iceConn))
{
IceDisposeCompleteMessage (iceConn, pStart);
return;
}
if (swap)
{
pMsg->errorClass = lswaps (pMsg->errorClass);
pMsg->offendingSequenceNum = lswapl (pMsg->offendingSequenceNum);
}
(void) fprintf(stderr, "Proxy Manager reported ICE Error:\n");
(void) fprintf(stderr, "\tclass = 0x%x, offending minor opcode = %d\n",
pMsg->errorClass, pMsg->offendingMinorOpcode);
(void) fprintf(stderr, "\tseverity = %d, sequence = %ld\n",
pMsg->severity, (long)pMsg->offendingSequenceNum);
IceDisposeCompleteMessage (iceConn, pStart);
break;
}
default:
break;
} /* end switch */
}
static void
PMprocessMessages(IceConn iceConn, IcePointer clientData, int opcode,
unsigned long length, Bool swap,
IceReplyWaitInfo *replyWait, Bool *replyReadyRet)
{
if (replyWait)
*replyReadyRet = False;
switch (opcode)
{
case PM_GetProxyAddrReply:
if (!replyWait ||
replyWait->minor_opcode_of_request != PM_GetProxyAddr)
{
_IceReadSkip (iceConn, length << 3);
_IceErrorBadState (iceConn, PMopcode,
PM_GetProxyAddrReply, IceFatalToProtocol);
}
else
{
pmGetProxyAddrReplyMsg *pMsg;
char *pData, *pStart;
GetProxyAddrReply *reply =
(GetProxyAddrReply *) (replyWait->reply);
#if 0 /* No-op */
CHECK_AT_LEAST_SIZE (iceConn, PMopcode, opcode,
length, SIZEOF (pmGetProxyAddrReplyMsg), IceFatalToProtocol);
#endif
IceReadCompleteMessage (iceConn, SIZEOF (pmGetProxyAddrReplyMsg),
pmGetProxyAddrReplyMsg, pMsg, pStart);
if (!IceValidIO (iceConn))
{
IceDisposeCompleteMessage (iceConn, pStart);
return;
}
pData = pStart;
SKIP_STRING (pData, swap); /* proxy-address */
SKIP_STRING (pData, swap); /* failure-reason */
CHECK_COMPLETE_SIZE (iceConn, PMopcode, opcode,
length, pData - pStart + SIZEOF (pmGetProxyAddrReplyMsg),
pStart, IceFatalToProtocol);
pData = pStart;
EXTRACT_STRING (pData, swap, reply->addr);
EXTRACT_STRING (pData, swap, reply->error);
reply->status = pMsg->status;
*replyReadyRet = True;
IceDisposeCompleteMessage (iceConn, pStart);
}
break;
default:
{
_IceErrorBadMinor (iceConn, PMopcode, opcode, IceCanContinue);
_IceReadSkip (iceConn, length << 3);
break;
}
}
}
