static int
svn_read_custom(FILE *fp, char line[], int size, int line_num, result_t *result)
{
// Caller has already read line 1. Read lines 2..5, discarding 2..4.
while (line_num <= 5) {
if (fgets(line, size, fp) == NULL) {
debug(".svn/entries: early EOF (line %d empty)", line_num);
return 0;
}
line_num++;
}
// Line 5 is the complete URL for the working dir (repos_root
// + repos_path). To parse it easily, we first need the
// repos_root from line 6.
char *repos_root;
int root_len;
char *repos_path = strdup(line);
chop_newline(repos_path);
if (fgets(line, size, fp) == NULL) {
debug(".svn/entries: early EOF (line %d empty)", line_num);
return 0;
}
line_num++;
repos_root = line;
chop_newline(repos_root);
root_len = strlen(repos_root);
if (strncmp(repos_path, repos_root, root_len) != 0) {
debug(".svn/entries: repos_path (%s) does not start with "
"repos_root (%s)",
repos_path, repos_root);
free(repos_path);
return 0;
}
// Lines 6 .. 10 are also uninteresting.
while (line_num <= 11) {
if (fgets(line, size, fp) == NULL) {
debug(".svn/entries: early EOF (line %d empty)", line_num);
return 0;
}
line_num++;
}
// Line 11 is the revision number we care about, now in 'line'.
chop_newline(line);
result->revision = strdup(line);
debug("read svn revision from .svn/entries: '%s'", line);
result->branch = get_branch_name(repos_path + root_len + 1, result->revision);
free(repos_path);
return 1;
}
static int
create_rule(const fko_srv_options_t * const opts,
const char * const fw_chain, const char * const fw_rule)
{
int res = 0;
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s -A %s %s",
opts->fw_config->fw_command, fw_chain, fw_rule);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, WANT_STDERR,
NO_TIMEOUT, &pid_status, opts);
chop_newline(err_buf);
log_msg(LOG_DEBUG, "create_rule() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
if(EXTCMD_IS_SUCCESS(res))
{
log_msg(LOG_DEBUG, "create_rule() Rule: '%s' added to %s",
fw_rule, fw_chain);
res = 1;
}
else
log_msg(LOG_ERR, "Error %i from cmd:'%s': %s", res, cmd_buf, err_buf);
return res;
}
int
read_last_line(char *filename, char *buf, int size)
{
FILE *file;
file = fopen(filename, "r");
if (file == NULL) {
debug("error opening '%s': %s", filename, strerror(errno));
return 0;
}
buf[0] = '\0';
while (fgets(buf, size, file));
fclose(file);
if (!buf[0]) {
debug("empty line read from '%s'", filename);
return 0;
}
/* chop trailing newline */
chop_newline(buf);
return 1;
}
static int
rule_exists_chk_support(const fko_srv_options_t * const opts,
const char * const chain, const char * const rule)
{
int rule_exists = 0;
int res = 0;
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_CHK_RULE_ARGS,
opts->fw_config->fw_command, chain, rule);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE,
WANT_STDERR, NO_TIMEOUT, &pid_status, opts);
chop_newline(err_buf);
log_msg(LOG_DEBUG, "rule_exists_chk_support() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
if(EXTCMD_IS_SUCCESS(res) && strlen(err_buf))
{
log_msg(LOG_DEBUG, "rule_exists_chk_support() Rule : '%s' in %s does not exist",
rule, chain);
}
else
{
rule_exists = 1;
log_msg(LOG_DEBUG, "rule_exists_chk_support() Rule : '%s' in %s already exists",
rule, chain);
}
return(rule_exists);
}
static int
create_chain(const fko_srv_options_t * const opts, const int chain_num)
{
int res = 0, rv = 0;
zero_cmd_buffers();
/* Create the custom chain.
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_NEW_CHAIN_ARGS,
fwc.fw_command,
fwc.chain[chain_num].table,
fwc.chain[chain_num].to_chain
);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, WANT_STDERR,
NO_TIMEOUT, &pid_status, opts);
chop_newline(err_buf);
log_msg(LOG_DEBUG, "create_chain() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
/* Expect full success on this */
if(EXTCMD_IS_SUCCESS(res))
rv = 1;
else
log_msg(LOG_ERR, "Error %i from cmd:'%s': %s", res, cmd_buf, err_buf);
return rv;
}
static int
chain_exists(const fko_srv_options_t * const opts, const int chain_num)
{
int res = 0;
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_CHAIN_EXISTS_ARGS,
fwc.fw_command,
fwc.chain[chain_num].table,
fwc.chain[chain_num].to_chain
);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE,
WANT_STDERR, NO_TIMEOUT, &pid_status, opts);
chop_newline(err_buf);
log_msg(LOG_DEBUG, "chain_exists() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
if(EXTCMD_IS_SUCCESS(res))
log_msg(LOG_DEBUG, "'%s' table '%s' chain exists",
fwc.chain[chain_num].table,
fwc.chain[chain_num].to_chain);
else
log_msg(LOG_ERR, "Error %i from cmd:'%s': %s", res, cmd_buf, err_buf);
return res;
}
int main(void)
{
int soc = -1;
char hostname[HOSTNAME_LENGTH];
printf("Input Server's Host Name: ");
fgets(hostname, HOSTNAME_LENGTH, stdin);
chop_newline(hostname, HOSTNAME_LENGTH);
if ((soc = setup(hostname)) < 0) {
exit(1);
}
session(soc);
}
int main() {
int soc; // ソケットのディスクリプタ
char my_stone = 'x'; // 自分の石
char peer_stone = 'o'; // 相手の石
char hostname[HOSTNAME_LENGTH]; // サーバのホスト名
// サーバのホスト名の入力
printf("Input server's hostname: ");
fgets(hostname, HOSTNAME_LENGTH, stdin);
chop_newline(hostname, HOSTNAME_LENGTH);
// サーバとの接続を確立する
if ((soc = setup_client(hostname, PORT)) == -1) {
exit(1);
}
// 碁盤の初期化
goban_init(soc, my_stone, peer_stone);
// ループ.終了時にbreak
while(1) {
// =======================
// 自分の番
// =======================
goban_show();
printf("Your turn.\n");
// 碁盤を更新した後に相手に書込み
if (goban_my_turn() == -1) break;
// =======================
// 相手の番
// =======================
goban_show();
printf("Peer turn. Wait...\n");
// 相手から読込んだ後に碁盤を更新
if (goban_peer_turn() == -1) break;
}
// 終了処理
goban_destroy();
return 0;
}
Method * read_Method_line(char * line,FILE * ifp)
{
Method * out;
char buffer[MAXLINE];
char * temp;
MethodArg * m;
if( strstartcmp(line,"method") != 0 ) {
warn("Attempting to read a method with no method line!");
return NULL;
}
out = Method_alloc_std();
out->logical = second_word_alloc(line,spacestr);
while( fgets(buffer,MAXLINE,ifp) != NULL ) {
chop_newline(buffer);
if( strstartcmp(buffer,"end") == 0 )
break;
else if( strstartcmp(buffer,"map") == 0 ) {
temp = second_word_alloc(buffer,spacestr);
if( out->real != NULL ) {
warn("For method [%s], second map replacing [%s] with [%s]",out->logical,out->real,temp);
ckfree(out->real);
}
out->real = temp;
} else if ( strstartcmp(buffer,"arg") == 0 ) {
m = MethodArg_from_line(buffer);
if( m == NULL ) {
warn("Got a NULL method arg. Yikes!");
} else {
add_Method(out,m);
}
} else if ( strstartcmp(buffer,"return") == 0 ) {
out->retstr = second_word_alloc(buffer,spacestr);
} else {
warn("In method [%s] did not understand %s",out->logical,buffer);
}
}
return out;
}
boolean read_into_MethodTypeSet(MethodTypeSet * mts,FILE * ifp)
{
char buffer[MAXLINE];
Method * me;
Type * ty;
Input * in;
while( fgets(buffer,MAXLINE,ifp) != NULL) {
chop_newline(buffer);
if( buffer[0] == '#' || strwhitestartcmp(buffer,"#",spacestr) == 0 )
continue;
if( only_whitespace(buffer,spacestr) == TRUE)
continue;
if( strstartcmp(buffer,"method") == 0 ) {
if( (me=read_Method_line(buffer,ifp)) == NULL ) {
warn("Unable to read method in line [%s] ",buffer);
} else {
add_me_MethodTypeSet(mts,me);
}
} else if ( strstartcmp(buffer,"type") == 0 ) {
if( (ty=read_Type_line(buffer,ifp)) == NULL ) {
warn("Unable to read type in line [%s] ",buffer);
} else {
add_ty_MethodTypeSet(mts,ty);
}
} else if ( strstartcmp(buffer,"input") == 0 ) {
if( (in = read_Input_line(buffer,ifp)) == NULL ) {
warn("Unable to read type in line [%s]",buffer);
} else {
add_in_MethodTypeSet(mts,in);
}
} else {
warn("In reading only method/types got an impossible line [%s]",buffer);
}
}
return TRUE;
}
int
read_first_line(char *filename, char *buf, int size)
{
FILE *file;
file = fopen(filename, "r");
if (file == NULL) {
debug("error opening '%s': %s", filename, strerror(errno));
return 0;
}
int ok = (fgets(buf, size, file) != NULL);
fclose(file);
if (!ok) {
debug("error or EOF reading from '%s'", filename);
return 0;
}
/* chop trailing newline */
chop_newline(buf);
return 1;
}
ModuleFunctionList * parse_function_section(FILE * input,DYNFILE * dfp,FailureType * ft,boolean addnumbers)
{
ModuleFunctionList * out;
boolean outoffunction=TRUE;
char * name;
boolean next_line_alloc = FALSE;
boolean next_line_free = FALSE;
char buffer[MAXLINE];
char * tempb;
ModuleFunction * mf;
FuncInfo * fi = NULL;
out = ModuleFunctionList_alloc_std();
while( get_watched_line(buffer,MAXLINE,input) != NULL) {
chop_newline(buffer);
if( strstartcmp(buffer,"%}") == 0)
break;
if( strstartcmp(buffer,"%func") == 0 ) {
/* fprintf(stderr,"Getting info line!\n"); */
fi = read_FuncInfo_line(buffer,input);
fi->is_hand_written = TRUE;
if( fi == NULL ) {
warn("Unable to read function info line at %s. Probably going to give a parse error",buffer);
}
else add_DYNFILE(dfp,fi);
continue;
}
if( outoffunction == TRUE ) {
if( buffer[0] == '{' ) {
outoffunction = FALSE;
fputs_func_DYNFILE(buffer,dfp);
continue;
}
/* fprintf(stderr,"Got here [%s]\n",buffer); */
if( buffer[0] == '\0' || isspace(buffer[0]) || strstartcmp(buffer,"static") == 0 || buffer[0] == '#'
|| buffer[0] == '/' || buffer[0] == '*' ) {
next_line_alloc = next_line_free = FALSE;
fputs_func_DYNFILE(buffer,dfp);
continue;
}
/*** if the line starts with a ! we want to interpret it ***/
/*** as a dynamite specific tag ***/
if( strstartcmp(buffer,"!constructor") == 0 ) {
next_line_alloc = TRUE;
continue;
}
if( strstartcmp(buffer,"!deconstructor") == 0 ) {
next_line_free = TRUE;
continue;
}
if ( buffer[0] == '!' ) {
next_line_alloc = next_line_free = FALSE;
continue;
}
/*fprintf(stderr,"Got here again [%s]\n",buffer);*/
/*** ok this should be a function! ****/
if( next_line_alloc == TRUE || next_line_free == TRUE ) {
tempb = stringalloc(buffer);
name = parse_and_get_module_name_from_func(tempb,next_line_alloc);
if(name == NULL) {
warn("Function [%s] specified as cons/decons, but no module name parsed...",buffer);
}
else {
if( (mf=get_ModuleFunction_from_name(out,name)) == NULL )
mf = new_ModuleFunction(out,name);
if( next_line_alloc == TRUE ) {
if( mf->has_cons == TRUE )
warn("Module %s already has a constructor... double overload!",name);
else mf->has_cons = TRUE;
}
else {
if( mf->has_decons == TRUE )
warn("Module %s already has a deconstructor... double overload",name);
else mf->has_decons = TRUE;
}
ckfree(name);
}
ckfree(tempb);
} /*** end of if cons/decons ***/
next_line_alloc = next_line_free = FALSE;
/*** reconcile with fi if any ***/
if( fi != NULL ) {
reconcile_FuncInfo_with_funcstr(fi,buffer);
dfp->funcpos += show_eddystyle_FuncInfo(fi,dfp->func);
/** already added to DYNFILE **/
} else {
/* fprintf(stderr,"Using [%s] as an unknown function\n",buffer); */
fi = unknown_user_FuncInfo(buffer);
/* fprintf(stderr,"Unknown function %s...\n",fi->name);*/
add_DYNFILE(dfp,fi);
}
/*** put #line compiler information ***/
/***
using global parsed file which
is also used for errors... sort of yukky.
***/
if( addnumbers == TRUE) {
fprintf(dfp->func,"# line %d \"%s\"\n",get_watched_linecount(),parsed_file);
dfp->funcpos++;
}
/*** put line ***/
fi->line_in_c = dfp->funcpos;
fi = NULL;
fputs_func_DYNFILE(buffer,dfp);
/*** put away function now ***/
/*** header information will be put away in dfp call ***/
} else {
/*** actually inside a function ***/
if( buffer[0] == '}' )
outoffunction = TRUE;
fputs_func_DYNFILE(buffer,dfp);
}
}
return out;
}
/* Iterate over the configure firewall access chains and purge expired
* firewall rules.
*/
void
check_firewall_rules(const fko_srv_options_t * const opts)
{
char exp_str[12] = {0};
char rule_num_str[6] = {0};
char *ndx, *rn_start, *rn_end, *tmp_mark;
int i, res, rn_offset, rule_num, is_err;
time_t now, rule_exp, min_exp = 0;
struct fw_chain *ch = opts->fw_config->chain;
time(&now);
/* Iterate over each chain and look for active rules to delete.
*/
for(i=0; i < NUM_FWKNOP_ACCESS_TYPES; i++)
{
/* If there are no active rules or we have not yet
* reached our expected next expire time, continue.
*/
if(ch[i].active_rules == 0 || ch[i].next_expire > now)
continue;
zero_cmd_buffers();
rn_offset = 0;
/* There should be a rule to delete. Get the current list of
* rules for this chain and delete the ones that are expired.
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_LIST_RULES_ARGS,
opts->fw_config->fw_command,
ch[i].table,
ch[i].to_chain
);
res = run_extcmd(cmd_buf, cmd_out, STANDARD_CMD_OUT_BUFSIZE,
WANT_STDERR, NO_TIMEOUT, &pid_status, opts);
chop_newline(cmd_out);
log_msg(LOG_DEBUG, "check_firewall_rules() CMD: '%s' (res: %d, cmd_out: %s)",
cmd_buf, res, cmd_out);
if(!EXTCMD_IS_SUCCESS(res))
{
log_msg(LOG_ERR, "Error %i from cmd:'%s': %s", res, cmd_buf, cmd_out);
continue;
}
log_msg(LOG_DEBUG, "RES=%i, CMD_BUF: %s\nRULES LIST: %s", res, cmd_buf, cmd_out);
ndx = strstr(cmd_out, EXPIRE_COMMENT_PREFIX);
if(ndx == NULL)
{
/* we did not find an expected rule.
*/
log_msg(LOG_ERR,
"Did not find expire comment in rules list %i", i);
if (ch[i].active_rules > 0)
ch[i].active_rules--;
continue;
}
/* walk the list and process rules as needed.
*/
while (ndx != NULL) {
/* Jump forward and extract the timestamp
*/
ndx += strlen(EXPIRE_COMMENT_PREFIX);
/* remember this spot for when we look for the next
* rule.
*/
tmp_mark = ndx;
strlcpy(exp_str, ndx, sizeof(exp_str));
rule_exp = (time_t)atoll(exp_str);
if(rule_exp <= now)
{
/* Backtrack and get the rule number and delete it.
*/
rn_start = ndx;
while(--rn_start > cmd_out)
{
if(*rn_start == '\n')
break;
}
if(*rn_start != '\n')
{
/* This should not happen. But if it does, complain,
* decrement the active rule value, and go on.
*/
log_msg(LOG_ERR,
"Rule parse error while finding rule line start in chain %i", i);
if (ch[i].active_rules > 0)
ch[i].active_rules--;
break;
}
rn_start++;
rn_end = strchr(rn_start, ' ');
if(rn_end == NULL)
{
/* This should not happen. But if it does, complain,
* decrement the active rule value, and go on.
*/
log_msg(LOG_ERR,
"Rule parse error while finding rule number in chain %i", i);
if (ch[i].active_rules > 0)
ch[i].active_rules--;
break;
}
strlcpy(rule_num_str, rn_start, (rn_end - rn_start)+1);
rule_num = strtol_wrapper(rule_num_str, rn_offset, RCHK_MAX_IPT_RULE_NUM,
NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
log_msg(LOG_ERR,
"Rule parse error while finding rule number in chain %i", i);
if (ch[i].active_rules > 0)
ch[i].active_rules--;
break;
}
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_DEL_RULE_ARGS,
opts->fw_config->fw_command,
ch[i].table,
ch[i].to_chain,
rule_num - rn_offset
);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE,
WANT_STDERR, NO_TIMEOUT, &pid_status, opts);
chop_newline(err_buf);
log_msg(LOG_DEBUG, "check_firewall_rules() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
if(EXTCMD_IS_SUCCESS(res))
{
log_msg(LOG_INFO, "Removed rule %s from %s with expire time of %u",
rule_num_str, ch[i].to_chain, rule_exp
);
rn_offset++;
if (ch[i].active_rules > 0)
ch[i].active_rules--;
}
else
log_msg(LOG_ERR, "Error %i from cmd:'%s': %s", res, cmd_buf, err_buf);
}
else
{
/* Track the minimum future rule expire time.
*/
if(rule_exp > now)
min_exp = (min_exp < rule_exp) ? min_exp : rule_exp;
}
/* Push our tracking index forward beyond (just processed) _exp_
* string so we can continue to the next rule in the list.
*/
ndx = strstr(tmp_mark, EXPIRE_COMMENT_PREFIX);
}
/* Set the next pending expire time accordingly. 0 if there are no
* more rules, or whatever the next expected (min_exp) time will be.
*/
if(ch[i].active_rules < 1)
ch[i].next_expire = 0;
else if(min_exp)
ch[i].next_expire = min_exp;
}
}
FuncInfo * read_FuncInfo_line(char * line,FILE * ifp)
{
FuncInfo * out;
ArgInfo * ari;
char buffer[MAXLINE];
char * runner;
if( strstartcmp(line,"%func") != 0 ) {
warn("Attempting to read in-line function help with line starting [%30s] not %func",line);
return NULL;
}
out = FuncInfo_alloc_std();
out->functype = FI_CALLABLE;
out->ft = read_Ftext(buffer,MAXLINE,ifp,"%",get_watched_line);
if( strstartcmp(buffer,"%%") == 0 )
return out;
/*** could be in any order ***/
for(;;) {
/* fprintf(stderr,"Looking at [%s]\n",buffer); */
if( feof(ifp) || ferror(ifp) ) {
warn("End of file or file read error while in FuncInfo read. Not good!");
break;
} else if ( strstartcmp(buffer,"%%") == 0 ) {
break;
} else if ( strstartcmp(buffer,"%simple") == 0 ) {
if( (runner=strtok(buffer+7,spacestr)) == NULL ) {
warn("Got a simple name specification, but no name!");
} else {
out->simple = stringalloc(runner);
}
get_watched_line(buffer,MAXLINE,ifp);
} else if( strstartcmp(buffer,"%arg") == 0) {
while( get_watched_line(buffer,MAXLINE,ifp) != NULL ) {
if( buffer[0] == '%' )
break;
ari = read_ArgInfo_line(buffer);
if( strcmp(ari->name,"return") == 0 ) {
out->ret = ari;
} else if( ari != NULL ) {
add_FuncInfo(out,ari);
}
}
} else if ( strstartcmp(buffer,"%short") == 0 ) {
for(runner=buffer;*runner && !isspace(*runner);runner++)
;
for(;*runner && isspace(*runner);runner++)
;
out->sdesc=stringalloc(runner);
get_watched_line(buffer,MAXLINE,ifp);
} else if ( strstartcmp(buffer,"%type") == 0 ) {
if( strstr(buffer,"call") != NULL ) {
out->functype = FI_CALLABLE;
} else if ( strstr(buffer,"int") != NULL ) {
out->functype = FI_INTERNAL;
}
get_watched_line(buffer,MAXLINE,ifp);
}
else {
warn("Cannot understand %% tag %20s\n",buffer);
while( get_watched_line(buffer,MAXLINE,ifp) != NULL ) {
if( buffer[0] == '%' )
break;
}
}
if( buffer[0] == '%')
continue; /*** back to for(;;) ***/
/* else */
warn("In funcinfo line, could not understand [%s], going to skip to next %% tag",buffer);
while( get_watched_line(buffer,MAXLINE,ifp) != NULL ) {
chop_newline(buffer);
if( buffer[0] == '%' )
break;
else {
warn("Did not interpret line [%s]\n",buffer);
}
}
}
return out;
}
static void
ipt_chk_support(const fko_srv_options_t * const opts)
{
int res = 1;
struct fw_chain *in_chain = &(opts->fw_config->chain[IPT_INPUT_ACCESS]);
zero_cmd_buffers();
/* Add a harmless rule to the iptables INPUT chain and see if iptables
* supports '-C' to check for it. Set "have_ipt_chk_support" accordingly,
* delete the rule, and return.
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_TMP_CHK_RULE_ARGS,
opts->fw_config->fw_command,
in_chain->table,
in_chain->from_chain,
1, /* first rule */
in_chain->target
);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE,
WANT_STDERR, NO_TIMEOUT, &pid_status, opts);
chop_newline(err_buf);
log_msg(LOG_DEBUG, "ipt_chk_support() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
zero_cmd_buffers();
/* Now see if '-C' works - any output indicates failure
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_TMP_VERIFY_CHK_ARGS,
opts->fw_config->fw_command,
in_chain->table,
in_chain->from_chain,
in_chain->target
);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE,
WANT_STDERR, NO_TIMEOUT, &pid_status, opts);
chop_newline(err_buf);
log_msg(LOG_DEBUG, "ipt_chk_support() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
if(EXTCMD_IS_SUCCESS(res) && strlen(err_buf))
{
log_msg(LOG_DEBUG, "ipt_chk_support() -C not supported");
have_ipt_chk_support = 0;
}
else
{
log_msg(LOG_DEBUG, "ipt_chk_support() -C supported");
have_ipt_chk_support = 1;
}
/* Delete the tmp rule
*/
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_DEL_RULE_ARGS,
opts->fw_config->fw_command,
in_chain->table,
in_chain->from_chain,
1
);
run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE,
WANT_STDERR, NO_TIMEOUT, &pid_status, opts);
return;
}
static int
comment_match_exists(const fko_srv_options_t * const opts)
{
int res = 1;
char *ndx = NULL;
struct fw_chain *in_chain = &(opts->fw_config->chain[IPT_INPUT_ACCESS]);
zero_cmd_buffers();
/* Add a harmless rule to the iptables INPUT chain that uses the comment
* match and make sure it exists. If not, return zero. Otherwise, delete
* the rule and return true.
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_TMP_COMMENT_ARGS,
opts->fw_config->fw_command,
in_chain->table,
in_chain->from_chain,
1, /* first rule */
in_chain->target
);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE,
WANT_STDERR, NO_TIMEOUT, &pid_status, opts);
chop_newline(err_buf);
log_msg(LOG_DEBUG, "comment_match_exists() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_LIST_RULES_ARGS,
opts->fw_config->fw_command,
in_chain->table,
in_chain->from_chain
);
res = run_extcmd(cmd_buf, cmd_out, STANDARD_CMD_OUT_BUFSIZE,
WANT_STDERR, NO_TIMEOUT, &pid_status, opts);
chop_newline(cmd_out);
if(!EXTCMD_IS_SUCCESS(res))
log_msg(LOG_ERR, "Error %i from cmd:'%s': %s", res, cmd_buf, cmd_out);
ndx = strstr(cmd_out, TMP_COMMENT);
if(ndx == NULL)
res = 0; /* did not find the tmp comment */
else
res = 1;
if(res == 1)
{
/* Delete the tmp comment rule
*/
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_DEL_RULE_ARGS,
opts->fw_config->fw_command,
in_chain->table,
in_chain->from_chain,
1
);
run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE,
WANT_STDERR, NO_TIMEOUT, &pid_status, opts);
}
return res;
}
Type * read_Type_line(char * line,FILE * ifp)
{
Type * out;
char * temp;
char buffer[MAXLINE];
if( strstartcmp(line,"type") != 0 ) {
warn("Attempting to read a method with no method line!");
return NULL;
}
out = Type_alloc();
out->logical = second_word_alloc(line,spacestr);
while( fgets(buffer,MAXLINE,ifp) != NULL ) {
chop_newline(buffer);
if( strstartcmp(buffer,"end") == 0 )
break;
else if( strstartcmp(buffer,"real") == 0 ) {
temp = second_word_alloc(buffer,spacestr);
if( out->real != NULL ) {
warn("For type [%s], second real replacing [%s] with [%s]",out->logical,out->real,temp);
ckfree(out->real);
}
out->real = temp;
} else if( strstartcmp(buffer,"threadsafe") == 0 ) {
out->is_thread_safe = TRUE;
} else if ( strstartcmp(buffer,"dbtype") == 0 ) {
temp = second_word_alloc(buffer,spacestr);
if( out->database_type != NULL ) {
warn("For type [%s], second database type replacing [%s] with [%s]",out->logical,out->database_type,temp);
ckfree(out->database_type);
}
out->database_type = temp;
} else if ( strstartcmp(buffer,"init") == 0 ) {
temp = second_word_alloc(buffer,spacestr);
if( out->init_func != NULL ) {
warn("For type [%s], second init replacing [%s] with [%s]",out->logical,out->init_func,temp);
ckfree(out->init_func);
}
out->init_func = temp;
} else if ( strstartcmp(buffer,"maxlen") == 0 ) {
temp = second_word_alloc(buffer,spacestr);
if( out->maxlen != NULL ) {
warn("For type [%s], second maxlen replacing [%s] with [%s]",out->logical,out->maxlen,temp);
ckfree(out->maxlen);
}
out->maxlen = temp;
} else if ( strstartcmp(buffer,"reload") == 0 ) {
temp = second_word_alloc(buffer,spacestr);
if( out->reload_func != NULL ) {
warn("For type [%s], second reload function replacing [%s] with [%s]",out->logical,out->reload_func,temp);
ckfree(out->reload_func);
}
out->reload_func = temp;
} else if ( strstartcmp(buffer,"addentry") == 0 ) {
temp = second_word_alloc(buffer,spacestr);
if( out->dataentry_add != NULL ) {
warn("For type [%s], second dataentry_add function replacing [%s] with [%s]",out->logical,out->dataentry_add,temp);
ckfree(out->dataentry_add);
}
out->dataentry_add = temp;
} else if ( strstartcmp(buffer,"close") == 0 ) {
temp = second_word_alloc(buffer,spacestr);
if( out->close_func != NULL ) {
warn("For type [%s], second close func replacing [%s] with [%s]",out->logical,out->close_func,temp);
ckfree(out->close_func);
}
out->close_func = temp;
} else if ( strstartcmp(buffer,"hardlink") == 0 ) {
temp = second_word_alloc(buffer,spacestr);
if( out->hard_link_func != NULL ) {
warn("For type [%s], second hard_link func replacing [%s] with [%s]",out->logical,out->hard_link_func,temp);
ckfree(out->hard_link_func);
}
out->hard_link_func = temp;
} else if ( strstartcmp(buffer,"free") == 0 ) {
temp = second_word_alloc(buffer,spacestr);
if( out->free_func != NULL ) {
warn("For type [%s], second free func replacing [%s] with [%s]",out->logical,out->free_func,temp);
ckfree(out->free_func);
}
out->free_func = temp;
} else if ( strstartcmp(buffer,"name") == 0 ) {
temp = second_word_alloc(buffer,spacestr);
if( out->get_id_func != NULL ) {
warn("For type [%s], second get name func replacing [%s] with [%s]",out->logical,out->get_id_func,temp);
ckfree(out->get_id_func);
}
out->get_id_func = temp;
} else {
warn("In reading type [%s] did not understand [%s]",out->logical,buffer);
}
}
if( out->is_thread_safe == TRUE ) {
if( out->hard_link_func == NULL || out->free_func == NULL ) {
warn("Trying to make type %s threadsafe but have not supplied hardlink and free functions",out->logical);
out->is_thread_safe = FALSE;
}
}
out->is_database = is_database_type(out);
return out;
}
/* Quietly flush and delete all fwknop custom chains.
*/
static void
delete_all_chains(const fko_srv_options_t * const opts)
{
int i, res, cmd_ctr = 0;
for(i=0; i < NUM_FWKNOP_ACCESS_TYPES; i++)
{
if(fwc.chain[i].target[0] == '\0')
continue;
/* First look for a jump rule to this chain and remove it if it
* is there.
*/
cmd_ctr = 0;
while(cmd_ctr < CMD_LOOP_TRIES && (jump_rule_exists(opts, i) == 1))
{
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_DEL_JUMP_RULE_ARGS,
fwc.fw_command,
fwc.chain[i].table,
fwc.chain[i].from_chain,
fwc.chain[i].to_chain
);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE,
WANT_STDERR, NO_TIMEOUT, &pid_status, opts);
chop_newline(err_buf);
log_msg(LOG_DEBUG, "delete_all_chains() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
/* Expect full success on this */
if(! EXTCMD_IS_SUCCESS(res))
log_msg(LOG_ERR, "Error %i from cmd:'%s': %s", res, cmd_buf, err_buf);
cmd_ctr++;
}
zero_cmd_buffers();
/* Now flush and remove the chain.
*/
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_FLUSH_CHAIN_ARGS,
fwc.fw_command,
fwc.chain[i].table,
fwc.chain[i].to_chain
);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, WANT_STDERR,
NO_TIMEOUT, &pid_status, opts);
chop_newline(err_buf);
log_msg(LOG_DEBUG, "delete_all_chains() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
/* Expect full success on this */
if(! EXTCMD_IS_SUCCESS(res))
log_msg(LOG_ERR, "Error %i from cmd:'%s': %s", res, cmd_buf, err_buf);
zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_DEL_CHAIN_ARGS,
fwc.fw_command,
fwc.chain[i].table,
fwc.chain[i].to_chain
);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, WANT_STDERR,
NO_TIMEOUT, &pid_status, opts);
chop_newline(err_buf);
log_msg(LOG_DEBUG, "delete_all_chains() CMD: '%s' (res: %d, err: %s)",
cmd_buf, res, err_buf);
/* Expect full success on this */
if(! EXTCMD_IS_SUCCESS(res))
log_msg(LOG_ERR, "Error %i from cmd:'%s': %s", res, cmd_buf, err_buf);
}
return;
}
