int main(int argc, char **argv) { char *policy; struct policy_file pf; policydb_t policydb; int rc; int i; if (argc < 3) usage(argv[0]); policy = argv[1]; if(load_policy(policy, &policydb, &pf)) exit(1); for(i = 0; i < NUM_COMPONENTS; i++) { if (!strcmp(analyze_components[i].key, argv[2])) { rc = analyze_components[i].func(argc - 2, argv + 2, &policydb); if (rc && USAGE_ERROR) { usage(argv[0]); } return rc; } } usage(argv[0]); exit(0); }
int main(int argc, char **argv) { char *policy = NULL; struct policy_file pf; policydb_t policydb; char ch; char equiv = 0, diff = 0, dups = 0; struct option long_options[] = { {"equiv", no_argument, NULL, 'e'}, {"diff", no_argument, NULL, 'd'}, {"dups", no_argument, NULL, 'D'}, {"policy", required_argument, NULL, 'P'}, {NULL, 0, NULL, 0} }; while ((ch = getopt_long(argc, argv, "edDP:", long_options, NULL)) != -1) { switch (ch) { case 'e': equiv = 1; break; case 'd': diff = 1; break; case 'D': dups = 1; break; case 'P': policy = optarg; break; default: usage(argv[0]); } } if (!policy || (!equiv && !diff && !dups)) usage(argv[0]); if (load_policy(policy, &policydb, &pf)) exit(1); if (equiv || diff) analyze_types(&policydb, equiv, diff); if (dups) find_dups(&policydb); policydb_destroy(&policydb); return 0; }
static int load_file(const char *filename, struct policy_file *file) { GKeyFile *keyfile; struct policy_group *group; char **groupnames; char *pathname; int err = 0, i; DBG("%s", filename); pathname = g_strdup_printf("%s/%s", POLICYDIR, filename); err = load_keyfile(pathname, &keyfile); g_free(pathname); if (err < 0) return err; groupnames = g_key_file_get_groups(keyfile, NULL); for (i = 0; groupnames[i]; i++) { group = g_new0(struct policy_group, 1); group->config = g_new0(struct connman_session_config, 1); err = load_policy(keyfile, groupnames[i], group); if (err < 0) { g_free(group->config); g_free(group); break; } if (group->selinux) g_hash_table_replace(selinux_hash, group->selinux, group); if (group->uid) g_hash_table_replace(uid_hash, group->uid, group); if (group->gid) g_hash_table_replace(gid_hash, group->gid, group); file->groups = g_slist_prepend(file->groups, group); } g_strfreev(groupnames); if (err < 0) g_slist_free_full(file->groups, cleanup_group); g_key_file_free(keyfile); return err; }
int main(int argc, char **argv) { int res=0, run=0, dump=0, reset=0, detachall=0, detachpid=0, all=0, /* applies to all running processes */ pid=-1, /* applies to pid, -1 means -all */ hotp_nudge_pid=0, hotp_modes_nudge_pid=0, hotp_nudge_all=0, hotp_modes_nudge_all=0, nudge=0, /* generic nudge with argument */ nudge_action_mask=0, /* generic nudge action mask */ delay_ms_all= /* delay between acting on processes */ NUDGE_NO_DELAY, timeout_ms= /* timeout for finishing a nudge on a single process */ DETACH_RECOMMENDED_TIMEOUT, runval=0, canary_default=0, canary_run = CANARY_RUN_FLAGS_DEFAULT, canary_fault_run = 0, exists = 0, destroy = 0, free_eventlog = 0; uint64 nudge_client_arg=0; /* client nudge argument */ int verbose = 0; char *create=NULL, *addapp=NULL, *appdump=NULL, *removeapp=NULL, *opstring=NULL, *drdll=NULL, *preinject=NULL, *logdir=NULL, *sharedcache=NULL, *appname=NULL, *drhome=NULL, *modes=NULL, *defs=NULL, *detach_exename=NULL, *load=NULL, *save=NULL, *eventlog=NULL, *canary_process=NULL, *scratch_folder=NULL, *canary_fault_ops=NULL; dr_platform_t dr_platform = DR_PLATFORM_DEFAULT; int argidx=1; WCHAR wbuf[MAX_PATH]; ConfigGroup *policy = NULL, *working_group; if (argc < 2) usage(); while (argidx < argc) { if (!strcmp(argv[argidx], "-help")) { help(); } /* ******************** actions on active processes ******************** */ else if (!strcmp(argv[argidx], "-detachall")) { detachall=1; } else if (!strcmp(argv[argidx], "-detach")) { if (++argidx >= argc) usage(); detachpid=atoi(argv[argidx]); } else if (!strcmp(argv[argidx], "-detachexe")) { if (++argidx >= argc) usage(); detach_exename=argv[argidx]; } else if (!strcmp(argv[argidx], "-pid") || !strcmp(argv[argidx], "-p")) { if (++argidx >= argc) usage(); pid=atoi(argv[argidx]); } else if (!strcmp(argv[argidx], "-all")) { all=1; } else if (!strcmp(argv[argidx], "-delay")) { /* in milliseconds */ if (++argidx >= argc) usage(); delay_ms_all=atoi(argv[argidx]); } else if (!strcmp(argv[argidx], "-timeout")) { /* in milliseconds */ if (++argidx >= argc) usage(); timeout_ms=atoi(argv[argidx]); } else if (!strcmp(argv[argidx], "-hot_patch_nudge")) { if (++argidx >= argc) usage(); hotp_nudge_pid=atoi(argv[argidx]); } else if (!strcmp(argv[argidx], "-hot_patch_modes_nudge")) { if (++argidx >= argc) usage(); hotp_modes_nudge_pid=atoi(argv[argidx]); } else if (!strcmp(argv[argidx], "-hot_patch_nudge_all")) { hotp_nudge_all = 1; } else if (!strcmp(argv[argidx], "-verbose")) { verbose = 1; } else if (!strcmp(argv[argidx], "-hot_patch_modes_nudge_all")) { hotp_modes_nudge_all = 1; } else if (!strcmp(argv[argidx], "-drpop")) { nudge = 1; /* allow composition */ nudge_action_mask |= NUDGE_GENERIC(opt) | NUDGE_GENERIC(reset); } else if (!strcmp(argv[argidx], "-nudge")) { int nudge_numeric; if (++argidx >= argc) usage(); nudge_numeric = atoi(argv[argidx]); /* 0 if fails */ nudge_action_mask |= nudge_numeric; /* compare against numeric new code, or against symbolic names */ /* -nudge opt -nudge reset -nudge stats -nudge 30000 */ { int found = 0; #define NUDGE_DEF(name, comment) if (strcmp(#name, argv[argidx]) == 0) { found = 1; nudge_action_mask |= NUDGE_GENERIC(name);} NUDGE_DEFINITIONS(); #undef NUDGE_DEF if (!found && nudge_numeric == 0) { printf("unknown -nudge %s\n", argv[argidx]); usage(); } } nudge=1; } else if (!strcmp(argv[argidx], "-client_nudge")) { if (++argidx >= argc) usage(); nudge_client_arg = _strtoui64(argv[argidx], NULL, 16); nudge_action_mask |= NUDGE_GENERIC(client); nudge = 1; } /* ******************** configuration actions ******************** */ else if (!strcmp(argv[argidx], "-reset")) { reset=1; } else if (!strcmp(argv[argidx], "-create")) { if (++argidx >= argc) usage(); create = argv[argidx]; } else if (!strcmp(argv[argidx], "-destroy")) { destroy = 1; } else if (!strcmp(argv[argidx], "-exists")) { exists = 1; } else if (!strcmp(argv[argidx], "-run")) { run = 1; if (++argidx >= argc) usage(); runval = atoi(argv[argidx]); } else if (!strcmp(argv[argidx], "-app")) { if (++argidx >= argc) usage(); appname = argv[argidx]; } else if (!strcmp(argv[argidx], "-add")) { if (++argidx >= argc) usage(); addapp = argv[argidx]; } else if (!strcmp(argv[argidx], "-remove")) { if (++argidx >= argc) usage(); removeapp = argv[argidx]; } else if (!strcmp(argv[argidx], "-options")) { if (++argidx >= argc) usage(); opstring = argv[argidx]; } else if (!strcmp(argv[argidx], "-drlib")) { if (++argidx >= argc) usage(); drdll = argv[argidx]; } else if (!strcmp(argv[argidx], "-preinject")) { if (++argidx >= argc) usage(); preinject = argv[argidx]; } else if (!strcmp(argv[argidx], "-create_eventlog")) { if (++argidx >= argc) usage(); eventlog = argv[argidx]; } else if (!strcmp(argv[argidx], "-destroy_eventlog")) { free_eventlog = 1; } else if (!strcmp(argv[argidx], "-drhome")) { if (++argidx >= argc) usage(); drhome = argv[argidx]; } else if (!strcmp(argv[argidx], "-modes")) { if (++argidx >= argc) usage(); modes = argv[argidx]; } else if (!strcmp(argv[argidx], "-defs")) { if (++argidx >= argc) usage(); defs = argv[argidx]; } else if (!strcmp(argv[argidx], "-logdir")) { if (++argidx >= argc) usage(); logdir = argv[argidx]; } else if (!strcmp(argv[argidx], "-sharedcache")) { if (++argidx >= argc) usage(); sharedcache = argv[argidx]; } else if (!strcmp(argv[argidx], "-load")) { if (++argidx >= argc) usage(); load = argv[argidx]; } else if (!strcmp(argv[argidx], "-save")) { if (++argidx >= argc) usage(); save = argv[argidx]; } else if (!strcmp(argv[argidx], "-dump")) { dump = 1; } else if (!strcmp(argv[argidx], "-appdump")) { if (++argidx >= argc) usage(); appdump = argv[argidx]; } else if (!strcmp(argv[argidx], "-fulldump")) { dump = 1; } else if (!strcmp(argv[argidx], "-v")) { #ifdef BUILD_NUMBER printf("DRcontrol.exe build %d -- %s", BUILD_NUMBER, __DATE__); #else printf("DRcontrol.exe custom build -- %s, %s", __DATE__, __TIME__); #endif } else if (!strcmp(argv[argidx], "-canary_default")) { canary_default = 1; } else if (!strcmp(argv[argidx], "-canary")) { if (++argidx >= argc) usage(); canary_process=argv[argidx]; if (++argidx >= argc) usage(); scratch_folder=argv[argidx]; } else if (!strcmp(argv[argidx], "-canary_run")) { if (++argidx >= argc) usage(); canary_run = strtol(argv[argidx], NULL, 0); } else if (!strcmp(argv[argidx], "-canary_fault")) { char *dummy; if (++argidx >= argc) usage(); canary_fault_run = strtol(argv[argidx], &dummy, 0); if (++argidx >= argc) usage(); canary_fault_ops = argv[argidx]; } else if (!strcmp(argv[argidx], "-32")) { dr_platform = DR_PLATFORM_32BIT; } else if (!strcmp(argv[argidx], "-64")) { dr_platform = DR_PLATFORM_64BIT; } else { fprintf(stderr, "Unknown option: %s\n", argv[argidx]); usage(); } argidx++; } /* PR 244206: set the registry view before any registry access */ set_dr_platform(dr_platform); if (canary_process != NULL || canary_default != 0) { BOOL result = TRUE; WCHAR canary_fault_args[MAX_PATH]; CANARY_INFO info = {0}; info.run_flags = canary_run; info.info_flags = CANARY_INFO_FLAGS_DEFAULT; info.fault_run = canary_fault_run; _snwprintf(canary_fault_args, BUFFER_SIZE_ELEMENTS(canary_fault_args), L"%S", canary_fault_ops); NULL_TERMINATE_BUFFER(canary_fault_args); info.canary_fault_args = canary_fault_args; if (canary_process != NULL && *canary_process != '\0' && scratch_folder != NULL && *scratch_folder != '\0') { wchar_t canary[MAX_PATH], scratch[MAX_PATH], out[MAX_PATH]; FILE *out_file; _snwprintf(canary, BUFFER_SIZE_ELEMENTS(canary), L"%S", canary_process); NULL_TERMINATE_BUFFER(canary); _snwprintf(scratch, BUFFER_SIZE_ELEMENTS(scratch), L"%S\\canary_test", scratch_folder); NULL_TERMINATE_BUFFER(scratch); CreateDirectory(scratch, NULL); _snwprintf(out, BUFFER_SIZE_ELEMENTS(out), L"%S\\canary_report.crep", scratch_folder); out_file = _wfopen(out, L"wb"); /* FIXME - check directory, out_file, and canary proc exist */ result = run_canary_test_ex(out_file, &info, scratch, canary); } else if (canary_default != 0) { result = run_canary_test(&info, L_EXPAND_LEVEL(STRINGIFY(BUILD_NUMBER))); printf("See report file \"%S\"\n", info.report); } printf("Canary test - %s enable protection - code 0x%08x\n" " msg=\"%S\"\n url=\"%S\"\n", result ? "do" : "don\'t", info.canary_code, info.msg, info.url); return info.canary_code; } if (exists) { if (get_dynamorio_home() != NULL) { printf("Registry setup exists\n"); return 0; } printf("Registry setup doesn't exist\n"); return 1; } if (save) { _snwprintf(wbuf, MAX_PATH, L"%S", save); NULL_TERMINATE_BUFFER(wbuf); checked_operation("save policy", save_policy(wbuf)); } if (destroy) { checked_operation("delete product key", destroy_root_key()); if (!load && create == NULL) return 0; } if (load) { _snwprintf(wbuf, MAX_PATH, L"%S", load); NULL_TERMINATE_BUFFER(wbuf); checked_operation("load policy", load_policy(wbuf, FALSE, NULL)); } if (create != NULL) { _snwprintf(wbuf, MAX_PATH, L"%S", create); NULL_TERMINATE_BUFFER(wbuf); /* FALSE: do not overwrite (preserves old behavior) */ checked_operation("create registry", setup_installation(wbuf, FALSE)); } /* ensure we init dynamorio_home, case 4009 */ get_dynamorio_home(); /* ignore return value */ if (nudge) { if (verbose) printf("-nudge %d -pid %d %s\n", nudge_action_mask, pid, all ? "all" : ""); if (pid == -1) /* explicitly set */ all = 1; if (all) checked_operation("nudge all", generic_nudge_all(nudge_action_mask, nudge_client_arg, timeout_ms, delay_ms_all)); else checked_operation("nudge", generic_nudge(pid, TRUE, nudge_action_mask, 0, /* client ID (ignored here) */ nudge_client_arg, timeout_ms)); goto finished; } if (detachall) { checked_operation("detach all", detach_all(timeout_ms)); goto finished; } if (detachpid) { checked_operation("detach", detach(detachpid, TRUE, timeout_ms)); goto finished; } if (detach_exename) { _snwprintf(wbuf, MAX_PATH, L"%S", detach_exename); NULL_TERMINATE_BUFFER(wbuf); checked_operation("detach-exe", detach_exe(wbuf, timeout_ms)); goto finished; } if (hotp_nudge_pid) { checked_operation("hot patch update", hotp_notify_defs_update(hotp_nudge_pid, TRUE, timeout_ms)); goto finished; } if (hotp_modes_nudge_pid) { checked_operation("hot patch modes update", hotp_notify_modes_update(hotp_modes_nudge_pid, TRUE, timeout_ms)); goto finished; } if (hotp_nudge_all) { checked_operation("hot patch nudge all", hotp_notify_all_defs_update(timeout_ms)); goto finished; } if (hotp_modes_nudge_all) { checked_operation("hot patch modes nudge all", hotp_notify_all_modes_update(timeout_ms)); goto finished; } checked_operation("read config", read_config_group(&policy, L_PRODUCT_NAME, TRUE)); if (reset) { remove_children(policy); policy->should_clear = TRUE; checked_operation("write registry", write_config_group(policy)); } working_group = policy; if (dump || appdump) goto dumponly; if (preinject) { if (0 == strcmp(preinject, "OFF")) { checked_operation("unset autoinject", unset_autoinjection()); } else if (0 == strcmp(preinject, "ON")) { checked_operation("set autoinject", set_autoinjection()); } else if (0 == strcmp(preinject, "CLEAR")) { checked_operation("clear autoinject", set_autoinjection_ex(FALSE, APPINIT_USE_WHITELIST, NULL, L"", NULL, NULL, NULL, 0)); } else if (0 == strcmp(preinject, "LIST")) { WCHAR list[MAX_PARAM_LEN]; checked_operation("read appinit", get_config_parameter(INJECT_ALL_KEY_L, TRUE, INJECT_ALL_SUBKEY_L, list, MAX_PARAM_LEN)); printf("%S\n", list); if (is_vista()) { printf("LoadAppInit is %s\n", is_loadappinit_set() ? "on" : "off"); } } else if (0 == strcmp(preinject, "REPORT")) { WCHAR list[MAX_PARAM_LEN], *entry, *sep; checked_operation("read appinit", get_config_parameter(INJECT_ALL_KEY_L, TRUE, INJECT_ALL_SUBKEY_L, list, MAX_PARAM_LEN)); entry = get_entry_location(list, L_EXPAND_LEVEL(INJECT_DLL_8_3_NAME), APPINIT_SEPARATOR_CHAR); if (NULL != entry) { sep = wcschr(entry, APPINIT_SEPARATOR_CHAR); if (NULL != sep) *sep = L'\0'; printf("%S\n", entry); if (is_vista()) { printf("LoadAppInit is %s\n", is_loadappinit_set() ? "on" : "off"); } } } else if (0 == strcmp(preinject, "LOAD_OFF")) { checked_operation("unset load autoinject", unset_loadappinit()); } else if (0 == strcmp(preinject, "LOAD_ON")) { checked_operation("set load autoinject", set_loadappinit()); } else { _snwprintf(wbuf, MAX_PATH, L"%S", preinject); NULL_TERMINATE_BUFFER(wbuf); checked_operation("set custom autoinject", set_autoinjection_ex(TRUE, APPINIT_OVERWRITE, NULL, NULL, NULL, wbuf, NULL, 0)); } if (0 != strcmp(preinject, "LIST") && 0 != strcmp(preinject, "REPORT") && using_system32_for_preinject(NULL)) { DWORD platform; if (get_platform(&platform) == ERROR_SUCCESS && platform == PLATFORM_WIN_NT_4) { fprintf(stderr, "Warning! On NT4, new AppInit_DLLs setting will not take effect until reboot!\n"); } } } if (free_eventlog) { checked_operation("free eventlog", destroy_eventlog()); } if (eventlog) { _snwprintf(wbuf, BUFFER_SIZE_ELEMENTS(wbuf), L"%S", eventlog); NULL_TERMINATE_BUFFER(wbuf); checked_operation("create eventlog", create_eventlog(wbuf)); } /* configuration */ if (addapp) { _snwprintf(wbuf, MAX_PATH, L"%S", addapp); NULL_TERMINATE_BUFFER(wbuf); if (NULL == get_child(wbuf, policy)) { add_config_group(policy, new_config_group(wbuf)); } } if (removeapp) { _snwprintf(wbuf, MAX_PATH, L"%S", removeapp); NULL_TERMINATE_BUFFER(wbuf); remove_child(wbuf, policy); policy->should_clear = TRUE; } if (appname) { _snwprintf(wbuf, MAX_PATH, L"%S", appname); NULL_TERMINATE_BUFFER(wbuf); working_group = get_child(wbuf, policy); if (NULL == working_group) { working_group = new_config_group(wbuf); add_config_group(policy, working_group); } } if (run) { _snwprintf(wbuf, MAX_PATH, L"%d", runval); NULL_TERMINATE_BUFFER(wbuf); set_config_group_parameter(working_group, L_DYNAMORIO_VAR_RUNUNDER, wbuf); } if (opstring) { _snwprintf(wbuf, MAX_PATH, L"%S", opstring); NULL_TERMINATE_BUFFER(wbuf); set_config_group_parameter(working_group, L_DYNAMORIO_VAR_OPTIONS, wbuf); } if (drdll) { _snwprintf(wbuf, MAX_PATH, L"%S", drdll); NULL_TERMINATE_BUFFER(wbuf); set_config_group_parameter(working_group, L_DYNAMORIO_VAR_AUTOINJECT, wbuf); } if (drhome) { _snwprintf(wbuf, MAX_PATH, L"%S", drhome); NULL_TERMINATE_BUFFER(wbuf); set_config_group_parameter(working_group, L_DYNAMORIO_VAR_HOME, wbuf); } if (modes) { _snwprintf(wbuf, MAX_PATH, L"%S", modes); NULL_TERMINATE_BUFFER(wbuf); set_config_group_parameter(working_group, L_DYNAMORIO_VAR_HOT_PATCH_MODES, wbuf); } if (defs) { _snwprintf(wbuf, MAX_PATH, L"%S", defs); NULL_TERMINATE_BUFFER(wbuf); set_config_group_parameter(working_group, L_DYNAMORIO_VAR_HOT_PATCH_POLICIES, wbuf); } if (logdir) { _snwprintf(wbuf, MAX_PATH, L"%S", logdir); NULL_TERMINATE_BUFFER(wbuf); set_config_group_parameter(working_group, L_DYNAMORIO_VAR_LOGDIR, wbuf); } if (sharedcache) { /* note if the sharedcache root directory doesn't exist it should be * created before calling this function */ _snwprintf(wbuf, MAX_PATH, L"%S", sharedcache); NULL_TERMINATE_BUFFER(wbuf); res = setup_cache_shared_directories(wbuf); if (res != ERROR_SUCCESS) { fprintf(stderr, "error %d creating directories!\n", res); } setup_cache_shared_registry(wbuf, working_group); } checked_operation("write policy", write_config_group(policy)); dumponly: if (appdump) { _snwprintf(wbuf, MAX_PATH, L"%S", appdump); NULL_TERMINATE_BUFFER(wbuf); working_group = get_child(wbuf, policy); } else { working_group = policy; } if (dump || appdump) { if (NULL == working_group) fprintf(stderr, "No Configuration Exists!\n"); else dump_config_group(""," ",working_group,FALSE); } finished: if (policy != NULL) free_config_group(policy); return 0; }
int main_seinject(int argc, char **argv) { char *policy = NULL, *source = NULL, *target = NULL, *clazz = NULL, *perm = NULL, *perm_token = NULL, *perm_saveptr = NULL, *outfile = NULL, *permissive = NULL; policydb_t policydb; struct policy_file pf, outpf; sidtab_t sidtab; int ret_add_rule; int load = 0; int quiet = 0; FILE *fp; int i; for (i=1; i<argc; i++) { if (argv[i][0] == '-') { if (argv[i][1] == 's') { i++; source = argv[i]; continue; } if (argv[i][1] == 't') { i++; target = argv[i]; continue; } if (argv[i][1] == 'c') { i++; clazz = argv[i]; continue; } if (argv[i][1] == 'p') { i++; perm = argv[i]; continue; } if (argv[i][1] == 'P') { i++; policy = argv[i]; continue; } if (argv[i][1] == 'o') { i++; outfile = argv[i]; continue; } if (argv[i][1] == 'Z') { i++; permissive = argv[i]; continue; } if (argv[i][1] == 'l') { load = 1; continue; } if (argv[i][1] == 'q') { quiet = 1; continue; } break; } } if (i < argc || argc == 1 || ((!source || !target || !clazz || !perm) && !permissive)) { fprintf(stderr, "%s -s <source type> -t <target type> -c <class> -p <perm>[,<perm2>,<perm3>,...] [-P <policy file>] [-o <output file>] [-l|--load]\n", argv[0]); fprintf(stderr, "%s -Z permissive_type [-P <policy file>] [-o <output file>] [-l|--load]\n", argv[0]); exit(1); } if (!policy) policy = "/sys/fs/selinux/policy"; sepol_set_policydb(&policydb); sepol_set_sidtab(&sidtab); if (load_policy(policy, &policydb, &pf)) { fprintf(stderr, "Could not load policy\n"); return 1; } if (policydb_load_isids(&policydb, &sidtab)) return 1; if (permissive) { type_datum_t *type; type = hashtab_search(policydb.p_types.table, permissive); if (type == NULL) { fprintf(stderr, "type %s does not exist\n", permissive); return 2; } if (ebitmap_set_bit(&policydb.permissive_map, type->s.value, 1)) { fprintf(stderr, "Could not set bit in permissive map\n"); return 1; } } else { perm_token = strtok_r(perm, ",", &perm_saveptr); while (perm_token) { ret_add_rule = add_rule(source, target, clazz, perm_token, &policydb); if (ret_add_rule) { fprintf(stderr, "Could not add rule for perm: %s\n", perm_token); return ret_add_rule; } perm_token = strtok_r(NULL, ",", &perm_saveptr); } } if (outfile) { fp = fopen(outfile, "wb"); if (!fp) { fprintf(stderr, "Could not open outfile\n"); return 1; } policy_file_init(&outpf); outpf.type = PF_USE_STDIO; outpf.fp = fp; if (policydb_write(&policydb, &outpf)) { fprintf(stderr, "Could not write policy\n"); return 1; } fclose(fp); } if (load) { if (load_policy_into_kernel(&policydb)) { fprintf(stderr, "Could not load new policy into kernel\n"); return 1; } } policydb_destroy(&policydb); if (quiet == 0) fprintf(stdout, "Success\n"); return 0; }
/** * Create a new ndnr instance * @param progname - name of program binary, used for locating helpers * @param logger - logger function * @param loggerdata - data to pass to logger function */ PUBLIC struct ndnr_handle * r_init_create(const char *progname, ndnr_logger logger, void *loggerdata) { char *sockname = NULL; const char *portstr = NULL; const char *listen_on = NULL; const char *d = NULL; struct ndnr_handle *h = NULL; struct hashtb_param param = {0}; struct ndn_charbuf *config = NULL; int res; h = calloc(1, sizeof(*h)); if (h == NULL) return(h); h->notify_after = 0; //NDNR_MAX_ACCESSION; h->logger = logger; h->loggerdata = loggerdata; h->logpid = (int)getpid(); h->progname = progname; h->debug = -1; config = r_init_read_config(h); if (config == NULL) goto Bail; r_init_parse_config(h, config, 0); /* silent pass to pick up NDNR_DEBUG */ h->debug = 1; /* so that we see any complaints */ h->debug = r_init_debug_getenv(h, "NDNR_DEBUG"); res = r_init_parse_config(h, config, 1); if (res < 0) { h->running = -1; goto Bail; } r_init_parse_config(h, config, 2); sockname = r_net_get_local_sockname(); h->skiplinks = ndn_indexbuf_create(); h->face_limit = 10; /* soft limit */ h->fdholder_by_fd = calloc(h->face_limit, sizeof(h->fdholder_by_fd[0])); param.finalize_data = h; param.finalize = &r_fwd_finalize_nameprefix; h->nameprefix_tab = hashtb_create(sizeof(struct nameprefix_entry), ¶m); param.finalize = 0; // PRUNED &r_fwd_finalize_propagating; h->propagating_tab = hashtb_create(sizeof(struct propagating_entry), ¶m); param.finalize = &r_proto_finalize_enum_state; h->enum_state_tab = hashtb_create(sizeof(struct enum_state), ¶m); h->min_stale = ~0; h->max_stale = 0; h->unsol = ndn_indexbuf_create(); h->ticktock.descr[0] = 'C'; h->ticktock.micros_per_base = 1000000; h->ticktock.gettime = &r_util_gettime; h->ticktock.data = h; h->sched = ndn_schedule_create(h, &h->ticktock); h->starttime = h->sec; h->starttime_usec = h->usec; h->oldformatcontentgrumble = 1; h->oldformatinterestgrumble = 1; h->cob_limit = 4201; h->start_write_scope_limit = r_init_confval(h, "NDNR_START_WRITE_SCOPE_LIMIT", 0, 3, 3); h->debug = 1; /* so that we see any complaints */ h->debug = r_init_debug_getenv(h, "NDNR_DEBUG"); h->syncdebug = r_init_debug_getenv(h, "NDNS_DEBUG"); portstr = getenv("NDNR_STATUS_PORT"); if (portstr == NULL || portstr[0] == 0 || strlen(portstr) > 10) portstr = ""; h->portstr = portstr; ndnr_msg(h, "NDNR_DEBUG=%d NDNR_DIRECTORY=%s NDNR_STATUS_PORT=%s", h->debug, h->directory, h->portstr); listen_on = getenv("NDNR_LISTEN_ON"); if (listen_on != NULL && listen_on[0] != 0) ndnr_msg(h, "NDNR_LISTEN_ON=%s", listen_on); if (ndnr_init_repo_keystore(h, NULL) < 0) { h->running = -1; goto Bail; } r_util_reseed(h); r_store_init(h); if (h->running == -1) goto Bail; while (h->active_in_fd >= 0) { r_dispatch_process_input(h, h->active_in_fd); r_store_trim(h, h->cob_limit); ndn_schedule_run(h->sched); } ndnr_msg(h, "Repository file is indexed"); if (h->face0 == NULL) { struct fdholder *fdholder; fdholder = calloc(1, sizeof(*fdholder)); if (dup2(open("/dev/null", O_RDONLY), 0) == -1) ndnr_msg(h, "stdin: %s", strerror(errno)); fdholder->filedesc = 0; fdholder->flags = (NDNR_FACE_GG | NDNR_FACE_NORECV); r_io_enroll_face(h, fdholder); } ndnr_direct_client_start(h); d = getenv("NDNR_SKIP_VERIFY"); #if (NDN_API_VERSION >= 4004) if (d != NULL && strcmp(d, "1") == 0) { ndnr_msg(h, "NDNR_SKIP_VERIFY=%s", d); ndn_defer_verification(h->direct_client, 1); } #endif if (ndn_connect(h->direct_client, NULL) != -1) { int af = 0; int bufsize; int flags; int fd; struct fdholder *fdholder; fd = ndn_get_connection_fd(h->direct_client); // Play a dirty trick here - if this wins, we can fix it right in the c lib later on... af = try_tcp_instead(fd); flags = NDNR_FACE_NDND; if (af == AF_INET) flags |= NDNR_FACE_INET; else if (af == AF_INET6) flags |= NDNR_FACE_INET6; else flags |= NDNR_FACE_LOCAL; fdholder = r_io_record_fd(h, fd, "NDND", 5, flags); if (fdholder == NULL) abort(); ndnr_uri_listen(h, h->direct_client, "ndn:/%C1.M.S.localhost/%C1.M.SRV/repository", &ndnr_answer_req, OP_SERVICE); ndnr_uri_listen(h, h->direct_client, "ndn:/%C1.M.S.neighborhood/%C1.M.SRV/repository", &ndnr_answer_req, OP_SERVICE); bufsize = r_init_confval(h, "NDNR_MIN_SEND_BUFSIZE", 1, 2097152, 16384); establish_min_send_bufsize(h, fd, bufsize); } else ndn_disconnect(h->direct_client); // Apparently ndn_connect error case needs work. if (1 == r_init_confval(h, "NDNS_ENABLE", 0, 1, 1)) { h->sync_plumbing = calloc(1, sizeof(struct sync_plumbing)); h->sync_plumbing->ndn = h->direct_client; h->sync_plumbing->sched = h->sched; h->sync_plumbing->client_methods = &sync_client_methods; h->sync_plumbing->client_data = h; h->sync_base = SyncNewBaseForActions(h->sync_plumbing); } if (-1 == load_policy(h)) goto Bail; r_net_listen_on(h, listen_on); ndnr_internal_client_start(h); r_proto_init(h); r_proto_activate_policy(h, h->parsed_policy); if (merge_files(h) == -1) r_init_fail(h, __LINE__, "Unable to merge additional repository data files.", errno); if (h->running == -1) goto Bail; if (h->sync_plumbing) { // Start sync running // returns < 0 if a failure occurred // returns 0 if the name updates should fully restart // returns > 0 if the name updates should restart at last fence res = h->sync_plumbing->sync_methods->sync_start(h->sync_plumbing, NULL); if (res < 0) { r_init_fail(h, __LINE__, "starting sync", res); abort(); } else if (res > 0) { // XXX: need to work out details of starting from last fence. // By examination of code, SyncActions won't take this path } } Bail: if (sockname) free(sockname); sockname = NULL; ndn_charbuf_destroy(&config); if (h->running == -1) r_init_destroy(&h); return(h); }