static void client_srv_passive(char *arg) { int h1, h2, h3, h4, p1, p2; u_int32_t addr, ladr; u_int16_t port; int incr; if (arg == NULL) /* Basic sanity check */ return; /* ** Read the port. According to RFC 1123, 4.1.2.6, ** we have to scan the string for the first digit. */ while (*arg < '0' || *arg > '9') arg++; if (sscanf(arg, "%d,%d,%d,%d,%d,%d", &h1, &h2, &h3, &h4, &p1, &p2) != 6) { syslog_error("bad PASV 277 response from server for %s", ctx.cli_ctrl->peer); client_respond(425, NULL, "Can't open data connection"); client_data_reset(MOD_RESET); ctx.expect = EXP_IDLE; return; } addr = (u_int32_t) ((h1 << 24) + (h2 << 16) + (h3 << 8) + h4); port = (u_int16_t) ((p1 << 8) + p2); syslog_write(T_DBG, "got SRV-PASV %s:%d for %s:%d", socket_addr2str(addr), port, ctx.cli_ctrl->peer, ctx.cli_ctrl->port); /* ** should we bind a rand(port-range) or increment? */ incr = !config_bool(NULL,"SockBindRand", 0); /* ** Open a connection to the server at the given port */ ladr = socket_sck2addr(ctx.srv_ctrl->sock, LOC_END, NULL); if (socket_d_connect(addr, port, ladr, ctx.srv_lrng, ctx.srv_urng, &(ctx.srv_data), "Srv-Data", incr) == 0) { syslog_error("can't connect Srv-Data for %s", ctx.cli_ctrl->peer); client_respond(425, NULL, "Can't open data connection"); client_data_reset(MOD_RESET); ctx.expect = EXP_IDLE; return; } /* ** Finally send the original command from the client */ client_xfer_fireup(); }
static int client_setup_file(CONTEXT *ctx, char *who) { char *p; u_int16_t l, u; /* ** little bit sanity check */ if( !(ctx && who && *who)) { return -1; } /* ** Inform the auditor that we are using the config file */ syslog_write(U_INF, "reading data for '%s' from cfg-file", who); /* ** Evaluate DestinationAddress, except we have magic_addr */ if (INADDR_ANY != ctx->magic_addr) { ctx->srv_addr = ctx->magic_addr; } else { ctx->srv_addr = config_addr(who, "DestinationAddress", INADDR_ANY); #if defined(COMPILE_DEBUG) debug(2, "file DestAddr for %s: '%s'", ctx->cli_ctrl->peer, socket_addr2str(ctx->srv_addr)); #endif } /* ** Evaluate DestinationPort, except we have magic_port */ if (INPORT_ANY != ctx->magic_port) { ctx->srv_port = ctx->magic_port; } else { ctx->srv_port = config_port(who, "DestinationPort", IPPORT_FTP); #if defined(COMPILE_DEBUG) debug(2, "file DestPort for %s: %d", ctx->cli_ctrl->peer, (int) ctx->srv_port); #endif } /* ** Evaluate the destination transfer mode */ p = config_str(who, "DestinationTransferMode", "client"); if(0 == strcasecmp(p, "active")) { ctx->srv_mode = MOD_ACT_FTP; } else if(0 == strcasecmp(p, "passive")) { ctx->srv_mode = MOD_PAS_FTP; } else if(0 == strcasecmp(p, "client")) { ctx->srv_mode = MOD_CLI_FTP; } else { syslog_error("can't eval DestMode for %s", ctx->cli_ctrl->peer); return -1; } #if defined(COMPILE_DEBUG) debug(2, "file DestMode for %s: %s", ctx->cli_ctrl->peer, p); #endif /* ** Evaluate min/max destination port range */ l = config_port(who, "DestinationMinPort", INPORT_ANY); u = config_port(who, "DestinationMaxPort", INPORT_ANY); if (l > 0 && u > 0 && u >= l) { ctx->srv_lrng = l; ctx->srv_urng = u; } else { ctx->srv_lrng = INPORT_ANY; ctx->srv_urng = INPORT_ANY; } #if defined(COMPILE_DEBUG) debug(2, "file DestRange for %s: %u-%u", ctx->cli_ctrl->peer, ctx->srv_lrng, ctx->srv_urng); #endif /* ** Evaluate min/max active port range */ l = config_port(who, "ActiveMinDataPort", INPORT_ANY); u = config_port(who, "ActiveMaxDataPort", INPORT_ANY); if (l > 0 && u > 0 && u >= l) { ctx->act_lrng = l; ctx->act_urng = u; } else { /* do not try to bind a port < 1024 if running as UID != 0 */ if(0 == getuid()) { ctx->act_lrng = (IPPORT_FTP - 1); ctx->act_urng = (IPPORT_FTP - 1); } else { ctx->act_lrng = INPORT_ANY; ctx->act_urng = INPORT_ANY; } } #if defined(COMPILE_DEBUG) debug(2, "file ActiveRange for %s: %u-%u", ctx->cli_ctrl->peer, ctx->act_lrng, ctx->act_urng); #endif /* ** Evaluate min/max passive port range */ l = config_port(who, "PassiveMinDataPort", INPORT_ANY); u = config_port(who, "PassiveMaxDataPort", INPORT_ANY); if (l > 0 && u > 0 && u >= l) { ctx->pas_lrng = l; ctx->pas_urng = u; } else { ctx->pas_lrng = INPORT_ANY; ctx->pas_urng = INPORT_ANY; } #if defined(COMPILE_DEBUG) debug(2, "file PassiveRange for %s: %u-%u", ctx->cli_ctrl->peer, ctx->pas_lrng, ctx->pas_urng); #endif /* ** Setup other configuration options */ ctx->same_adr = config_bool(who, "SameAddress", 1); ctx->timeout = config_int (who, "TimeOut", 900); #if defined(COMPILE_DEBUG) debug(2, "file SameAddress for %s: %s", ctx->cli_ctrl->peer, ctx->same_adr ? "yes" : "no"); debug(2, "file TimeOut for %s: %d", ctx->cli_ctrl->peer, ctx->timeout); #endif /* ** Adjust the allow/deny flags for the commands */ p = config_str(who, "ValidCommands", NULL); cmds_set_allow(p); return 0; }
void client_srv_open(void) { struct sockaddr_in saddr; u_int16_t lprt, lowrng, res; int sock, incr, retry; /* ** should we bind a rand(port-range) or increment? */ incr = !config_bool(NULL,"SockBindRand", 0); /* ** mark socket invalid */ sock = -1; /* ** Forward connection to destination */ retry = MAX_RETRIES; lprt = ctx.srv_lrng; while(0 <= retry--) { /* ** First of all, get a socket */ if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) { syslog_error("Srv-Ctrl: can't create socket for %s", ctx.cli_ctrl->peer); exit(EXIT_FAILURE); } socket_opts(sock, SK_CONTROL); /* ** check if we have to take care to a port range */ if( !(INPORT_ANY == ctx.srv_lrng && INPORT_ANY == ctx.srv_urng)) { u_int32_t ladr = INADDR_ANY; /* ** bind the socket, taking care of a given port range */ if(incr) { lowrng = lprt; #if defined(COMPILE_DEBUG) debug(2, "Srv-Ctrl: " "about to bind to %s:range(%d-%d)", socket_addr2str(ladr), lowrng, ctx.srv_urng); #endif res = socket_d_bind(sock, ladr, lowrng, ctx.srv_urng, incr); } else { lowrng = ctx.srv_lrng; #if defined(COMPILE_DEBUG) debug(2, "Srv-Ctrl: " "about to bind to %s:range(%d-%d)", socket_addr2str(ladr), lowrng, ctx.srv_urng); #endif res = socket_d_bind(sock, ladr, lowrng, ctx.srv_urng, incr); } if (INPORT_ANY == res) { /* nothing found? */ close(sock); syslog_error("Srv-Ctrl: can't bind to" " %s:%d for %s", socket_addr2str(ladr), (int)lprt, ctx.cli_ctrl->peer); exit(EXIT_FAILURE); } else { lprt = res; } } else lprt = INPORT_ANY; /* ** Okay, now try the actual connect to the server */ memset(&saddr, 0, sizeof(saddr)); saddr.sin_addr.s_addr = htonl(ctx.srv_addr); saddr.sin_family = AF_INET; saddr.sin_port = htons(ctx.srv_port); if (connect(sock, (struct sockaddr *)&saddr, sizeof(saddr)) < 0) { #if defined(COMPILE_DEBUG) debug(2, "Srv-Ctrl: connect failed with '%s'", strerror(errno)); #endif close(sock); sock = -1; /* check if is makes sense to retry? ** perhaps we only need an other ** local port (EADDRNOTAVAIL) for ** this destination? */ if( !(EINTR == errno || EAGAIN == errno || EADDRINUSE == errno || EADDRNOTAVAIL == errno)) { /* ** an other (real) error ocurred */ syslog_error("Srv-Ctrl: " "can't connect %s:%d for %s", socket_addr2str(ctx.srv_addr), (int) ctx.srv_port, ctx.cli_ctrl->peer); exit(EXIT_FAILURE); } if(incr && INPORT_ANY != lprt) { /* increment lower range if we use ** increment mode and have a range */ if(lprt < ctx.srv_urng) { lprt++; } else { /* ** no more ports in range we can try */ syslog_error("Srv-Ctrl: " "can't connect %s:%d for %s", socket_addr2str(ctx.srv_addr), (int) ctx.srv_port, ctx.cli_ctrl->peer); exit(EXIT_FAILURE); } } } else break; } /* ** check if we have a valid, connected socket */ if(-1 == sock) { syslog_error("Srv-Ctrl: can't connect %s:%d for %s", socket_addr2str(ctx.srv_addr), (int) ctx.srv_port, ctx.cli_ctrl->peer); exit(EXIT_FAILURE); } if ((ctx.srv_ctrl = socket_init(sock)) == NULL) misc_die(FL, "cmds_user: ?srv_ctrl?"); ctx.srv_ctrl->ctyp = "Srv-Ctrl"; #if defined(COMPILE_DEBUG) debug(2, "Srv-Ctrl is %s:%d", ctx.srv_ctrl->peer, (int) ctx.srv_port); #endif ctx.expect = EXP_CONN; /* Expect Welcome */ }
void client_run(void) { int sock, need, diff; char str[MAX_PATH_SIZE * 2]; char *p, *q; FILE *fp; BUF *buf; /* ** Setup client signal handling (mostly graceful exit) */ signal(SIGINT, client_signal); signal(SIGTERM, client_signal); signal(SIGQUIT, client_signal); signal(SIGHUP, client_signal); signal(SIGCHLD, SIG_IGN); signal(SIGUSR1, SIG_IGN); /* ** Prepare our general client context */ memset(&ctx, 0, sizeof(ctx)); ctx.sess_beg = time(NULL); ctx.cli_mode = MOD_ACT_FTP; ctx.expect = EXP_IDLE; ctx.timeout = config_int(NULL, "TimeOut", 900); sock = fileno(stdin); /* "recover" our socket */ /* ** Check whether a DenyMessage file exists. This ** indicates that we are currently not willing ** to serve any clients. */ p = config_str(NULL, "DenyMessage", NULL); if (p != NULL && (fp = fopen(p, "r")) != NULL) { while (fgets(str, sizeof(str) - 4, fp) != NULL) { p = socket_msgline(str); if ((q = strchr(p, '\n')) != NULL) strcpy(q, "\r\n"); else strcat(p, "\r\n"); send(sock, "421-", 4, 0); send(sock, p, strlen(p), 0); } fclose(fp); if ((p = config_str(NULL, "DenyString", NULL)) != NULL) p = socket_msgline(p); else p = "Service not available"; send(sock, "421 ", 4, 0); send(sock, p, strlen(p), 0); send(sock, ".\r\n", 3, 0); p = socket_addr2str(socket_sck2addr(sock, REM_END, NULL)); close(sock); syslog_write(U_ERR, "reject: '%s' (DenyMessage)", p); exit(EXIT_SUCCESS); } /* ** Create a High Level Socket for the client's User-PI */ if ((ctx.cli_ctrl = socket_init(sock)) == NULL) misc_die(FL, "client_run: ?cli_ctrl?"); ctx.cli_ctrl->ctyp = "Cli-Ctrl"; /* ** Announce the connection request */ syslog_write(U_INF, "connect from %s", ctx.cli_ctrl->peer); /* ** Display the welcome message (invite the user to login) */ if ((p = config_str(NULL, "WelcomeString", NULL)) == NULL) p = "%h FTP server (Version %v - %b) ready"; misc_strncpy(str, socket_msgline(p), sizeof(str)); client_respond(220, config_str(NULL, "WelcomeMessage", NULL), str); /* ** Enter the client mainloop */ while (close_flag == 0) { /* ** We need to go into select() only ** if all input has been processed ** or ** we wait for more data to get a line ** complete (partially sent, no EOL). ** ** (data buffers are never splited) */ need = 1; if (ctx.cli_ctrl && ctx.cli_ctrl->rbuf) need = 0; if (ctx.srv_ctrl && ctx.srv_ctrl->rbuf) need = 0; if((ctx.cli_ctrl && ctx.cli_ctrl->more>0) || (ctx.srv_ctrl && ctx.srv_ctrl->more>0)) need = 1; /* ** use higher priority to writes; ** read only if nothing to write... */ if(ctx.srv_data && ctx.cli_data) { if(ctx.srv_data->wbuf) { ctx.cli_data->more = -1; } else { ctx.cli_data->more = 0; } if(ctx.cli_data->wbuf) { ctx.srv_data->more = -1; } else { ctx.srv_data->more = 0; } } if (need != 0) { if (socket_exec(ctx.timeout, &close_flag) <= 0) break; /* Timed out or worse */ } #if defined(COMPILE_DEBUG) debug(4, "client-loop ..."); #endif /* ** Check if any zombie sockets can be removed */ if (ctx.cli_ctrl != NULL && ctx.cli_ctrl->sock == -1) close_flag = 1; /* Oops, forget it ... */ if (ctx.srv_ctrl != NULL && ctx.srv_ctrl->sock == -1) { #if defined(COMPILE_DEBUG) debug(3, "about to destroy Srv-Ctrl"); #endif /* ** If we have any open data connections, ** make really sure they don't survive. */ if (ctx.cli_data != NULL) ctx.cli_data->kill = 1; if (ctx.srv_data != NULL) ctx.srv_data->kill = 1; /* ** Our client should be informed */ if (ctx.cli_ctrl->kill == 0) { client_respond(421, NULL, "Service not available, " "closing control connection"); } /* ** Don't forget to remove the dead socket */ socket_kill(ctx.srv_ctrl); ctx.srv_ctrl = NULL; } if (ctx.cli_data != NULL && ctx.cli_data->sock == -1) { #if defined(COMPILE_DEBUG) debug(3, "about to destroy Cli-Data"); #endif /* ** If we have an outstanding server reply ** (e.g. 226 Transfer complete), send it. */ if (ctx.xfer_rep[0] != '\0') { socket_printf(ctx.cli_ctrl, "%s\r\n", ctx.xfer_rep); memset(ctx.xfer_rep, 0, sizeof(ctx.xfer_rep)); } else { if(ctx.expect == EXP_XFER) ctx.expect = EXP_PTHR; } /* ** Good time for statistics and data reset */ if (ctx.xfer_beg == 0) ctx.xfer_beg = time(NULL); diff = (int) (time(NULL) - ctx.xfer_beg); if (diff < 1) diff = 1; /* ** print our current statistic */ syslog_write(U_INF, "Transfer for %s %s: %s '%s' %s %u/%d byte/sec", ctx.cli_ctrl->peer, ctx.cli_data->ernr ? "failed" : "completed", ctx.xfer_cmd, ctx.xfer_arg, ctx.cli_data->rcnt ? "sent" : "read", ctx.cli_data->rcnt ? ctx.cli_data->rcnt : ctx.cli_data->wcnt, diff); /* ** update session statistics data */ if(ctx.cli_data->rcnt) ctx.xfer_rsec += diff; ctx.xfer_rcnt += ctx.cli_data->rcnt; if(ctx.cli_data->wcnt) ctx.xfer_wsec += diff; ctx.xfer_wcnt += ctx.cli_data->wcnt; /* ** reset data transfer state */ client_data_reset(MOD_RESET); /* ** Doom the corresponding server socket */ if (ctx.srv_data != NULL) ctx.srv_data->kill = 1; /* ** Don't forget to remove the dead socket */ socket_kill(ctx.cli_data); ctx.cli_data = NULL; } if (ctx.srv_data != NULL && ctx.srv_data->sock == -1) { #if defined(COMPILE_DEBUG) debug(3, "about to destroy Srv-Data"); #endif /* ** Doom the corresponding client socket if an ** error occured, FailResetsPasv=yes or we ** expect other response than PASV (Netscape!) */ if(ctx.cli_data != NULL) { if(0 != ctx.srv_data->ernr) { ctx.cli_data->ernr = -1; ctx.cli_data->kill = 1; } if(config_bool(NULL,"FailResetsPasv", 0)) { ctx.cli_data->kill = 1; } else if(ctx.expect != EXP_PASV) { ctx.cli_data->kill = 1; } } /* ** Don't forget to remove the dead socket */ socket_kill(ctx.srv_data); ctx.srv_data = NULL; } /* ** Serve the control connections */ if (ctx.cli_ctrl != NULL && ctx.cli_ctrl->rbuf != NULL) { if (socket_gets(ctx.cli_ctrl, str, sizeof(str)) != NULL) client_cli_ctrl_read(str); } if (ctx.srv_ctrl != NULL && ctx.srv_ctrl->rbuf != NULL) { if (socket_gets(ctx.srv_ctrl, str, sizeof(str)) != NULL) client_srv_ctrl_read(str); } /* ** Serve the data connections. This is a bit tricky, ** since all we do is move the buffer pointers. */ if (ctx.cli_data != NULL && ctx.srv_data != NULL) { if (ctx.cli_data->rbuf != NULL) { #if defined(COMPILE_DEBUG) debug(2, "Cli-Data -> Srv-Data"); #endif if (ctx.srv_data->wbuf == NULL) { ctx.srv_data->wbuf = ctx.cli_data->rbuf; } else { for (buf = ctx.srv_data->wbuf; buf && buf->next; buf = buf->next) ; buf->next = ctx.cli_data->rbuf; } ctx.cli_data->rbuf = NULL; } if (ctx.srv_data->rbuf != NULL) { #if defined(COMPILE_DEBUG) debug(2, "Srv-Data -> Cli-Data"); #endif if (ctx.cli_data->wbuf == NULL) { ctx.cli_data->wbuf = ctx.srv_data->rbuf; } else { for (buf = ctx.cli_data->wbuf; buf && buf->next; buf = buf->next) ; buf->next = ctx.srv_data->rbuf; } ctx.srv_data->rbuf = NULL; } } /* at this point the main loop resumes ... */ } /* ** Display basic session statistics... ** in secs since session begin ** downloads / read (xfer-reads from server) ** uploads / send (xfer-sends from server) */ syslog_write(U_INF, "closing connect from %s after %d secs - " "read %d/%d, sent %d/%d byte/sec", ctx.cli_ctrl ? ctx.cli_ctrl->peer : "unknown peer", time(NULL)-ctx.sess_beg, ctx.xfer_wcnt, ctx.xfer_wsec, ctx.xfer_rcnt, ctx.xfer_rsec); /* ** Free allocated memory */ ctx.magic_auth = NULL; if (ctx.userauth != NULL) { misc_free(FL, ctx.userauth); ctx.userauth = NULL; } if (ctx.username != NULL) { misc_free(FL, ctx.username); ctx.username = NULL; } if(ctx.userpass != NULL) { misc_free(FL, ctx.userpass); ctx.userpass = NULL; } #if defined(COMPILE_DEBUG) debug(1, "}}}}} %s client-exit", misc_getprog()); #endif exit(EXIT_SUCCESS); }
static int client_setup_file(CONTEXT *ctx, char *who) { char *p; u_int16_t l, u; /* ** little bit sanity check */ if( !(ctx && who && *who)) { return -1; } /* ** Inform the auditor that we are using the config file */ syslog_write(U_INF, "[ %s ] reading data for '%s' from cfg-file", ctx->cli_ctrl->peer, who); /* ** Evaluate DestinationAddress, except we have magic_addr */ if (INADDR_ANY != ctx->magic_addr) { ctx->srv_addr = ctx->magic_addr; } else { ctx->srv_addr = config_addr(who, "DestinationAddress", INADDR_ANY); #if defined(COMPILE_DEBUG) debug(2, "[ %s ] file DestAddr for %s: '%s'", ctx->cli_ctrl->peer, ctx->cli_ctrl->peer, socket_addr2str(ctx->srv_addr)); #endif } /* ** Evaluate DestinationPort, except we have magic_port */ if (INPORT_ANY != ctx->magic_port) { ctx->srv_port = ctx->magic_port; } else { ctx->srv_port = config_port(who, "DestinationPort", IPPORT_FTP); #if defined(COMPILE_DEBUG) debug(2, "[ %s ] file DestPort for %s: %d", ctx->cli_ctrl->peer, ctx->cli_ctrl->peer, (int) ctx->srv_port); #endif } /* ** Evaluate the destination transfer mode */ p = config_str(who, "DestinationTransferMode", "client"); if(0 == strcasecmp(p, "active")) { ctx->srv_mode = MOD_ACT_FTP; } else if(0 == strcasecmp(p, "passive")) { ctx->srv_mode = MOD_PAS_FTP; } else if(0 == strcasecmp(p, "client")) { ctx->srv_mode = MOD_CLI_FTP; } else { syslog_error("can't eval DestMode for %s", ctx->cli_ctrl->peer); return -1; } #if defined(COMPILE_DEBUG) debug(2, "file DestMode for %s: %s", ctx->cli_ctrl->peer, p); #endif /* ** Evaluate min/max destination port range */ l = config_port(who, "DestinationMinPort", INPORT_ANY); u = config_port(who, "DestinationMaxPort", INPORT_ANY); if (l > 0 && u > 0 && u >= l) { ctx->srv_lrng = l; ctx->srv_urng = u; } else { ctx->srv_lrng = INPORT_ANY; ctx->srv_urng = INPORT_ANY; } #if defined(COMPILE_DEBUG) debug(2, "file DestRange for %s: %u-%u", ctx->cli_ctrl->peer, ctx->srv_lrng, ctx->srv_urng); #endif /* ** Evaluate min/max active port range */ l = config_port(who, "ActiveMinDataPort", INPORT_ANY); u = config_port(who, "ActiveMaxDataPort", INPORT_ANY); if (l > 0 && u > 0 && u >= l) { ctx->act_lrng = l; ctx->act_urng = u; } else { /* do not try to bind a port < 1024 if running as UID != 0 */ if(0 == getuid()) { ctx->act_lrng = (IPPORT_FTP - 1); ctx->act_urng = (IPPORT_FTP - 1); } else { ctx->act_lrng = INPORT_ANY; ctx->act_urng = INPORT_ANY; } } #if defined(COMPILE_DEBUG) debug(2, "file ActiveRange for %s: %u-%u", ctx->cli_ctrl->peer, ctx->act_lrng, ctx->act_urng); #endif /* ** Evaluate min/max passive port range */ l = config_port(who, "PassiveMinDataPort", INPORT_ANY); u = config_port(who, "PassiveMaxDataPort", INPORT_ANY); if (l > 0 && u > 0 && u >= l) { ctx->pas_lrng = l; ctx->pas_urng = u; } else { ctx->pas_lrng = INPORT_ANY; ctx->pas_urng = INPORT_ANY; } #if defined(COMPILE_DEBUG) debug(2, "file PassiveRange for %s: %u-%u", ctx->cli_ctrl->peer, ctx->pas_lrng, ctx->pas_urng); #endif /* ** Setup other configuration options */ ctx->same_adr = config_bool(who, "SameAddress", 1); ctx->timeout = config_int (who, "TimeOut", 900); #if defined(COMPILE_DEBUG) debug(2, "file SameAddress for %s: %s", ctx->cli_ctrl->peer, ctx->same_adr ? "yes" : "no"); debug(2, "file TimeOut for %s: %d", ctx->cli_ctrl->peer, ctx->timeout); #endif /*** Adjust the allow/deny flags for the commands ** Fred patch */ char dest[17]; char ipdest[17]; char ipsrc[17]; strcpy (ipsrc,ctx->cli_ctrl->peer); strcpy (ipdest, socket_addr2str(ctx->srv_addr)); syslog_write(U_INF, "\n"); syslog_write(U_INF, "[ %s ] Fred Patch rules dest: %s src: %s", ipsrc, ipdest, ipsrc); char groupname[]="group"; char commandename[]="ValidCommands"; char *group; FILE *fp; group = "group1"; int ix; int ix2; u_int32_t dnsaddr; for(ix=1; group != NULL; ix++) { sprintf (&groupname[5],"%d",ix); group = config_str(who, groupname, NULL); } syslog_write(U_INF, "[ %s ] Number of groups: %d", ipsrc, ix-2); for (ix2=1; ix2 <= ix-2; ix2++) { sprintf (&groupname[5],"%d",ix2); group = config_str(who, groupname, NULL); syslog_write(U_INF, "[ %s ] Reading: %s",ipsrc, group ); if ((fp = fopen(group, "r")) == NULL) { syslog_write(U_INF, "File not found"); return 0; } else { fseek(fp, 0, SEEK_SET); while (fgets(dest, 17 , fp) != NULL) { // Pour une IP // Correction Bug Ligne sans \n dest[16] = '\n'; char *c = strchr (dest, '\n'); *c = 0; /* Dns resolution */ if (ipdest != dest) { dnsaddr = socket_str2addr(dest, INADDR_ANY); if (dnsaddr != 0) strcpy (dest, socket_addr2str(dnsaddr)); } if (strcmp(dest,ipdest) == 0 || strcmp(dest,ipsrc) == 0) { sprintf (&commandename[13],"%d",ix); p = config_str(who,commandename, NULL); cmds_set_allow(p); syslog_write(U_INF, "[ %s ] Apply rules for: %s dst: %s",ipsrc, ipsrc, ipdest); syslog_write(U_INF, "[ %s ] Server match %s ",ipsrc, group ); syslog_write(U_INF, "\n"); fclose(fp); return 0; } // Network if (strchr(dest, 'x') != NULL) { char *c = strchr(dest, 'x'); *c = 0; int longueur; longueur = strlen(dest); if (strncmp(dest,ipdest,longueur) == 0 || strncmp(dest,ipsrc,longueur) == 0) { sprintf (&commandename[13],"%d",ix); p = config_str(who,commandename, NULL); cmds_set_allow(p); syslog_write(U_INF, "[ %s ] Apply rules for Network: %s src: %s",ipsrc, ipdest, ipsrc); syslog_write(U_INF, "[ %s ] Server match %s ",ipsrc, group ); syslog_write(U_INF, "\n"); fclose(fp); return 0; } } } fclose(fp); } } syslog_write(U_INF, "[ %s ] Oh, Oh, no rule found -> defaultrules", ipsrc) ; p = config_str(who, "defaultrules", NULL); cmds_set_allow(p); return 0; }