static bool parse_redirection(const char **name_p, int *flags,
const char *label, char **errmsg)
{
const char *name = *name_p;
if (!name) {
return true;
}
if (name[0] != '>') {
ignore_result(asprintf(errmsg,
"%s: must be prefixed with either > or >>, got %s",
label, name));
return false;
}
*flags = O_CREAT|O_CLOEXEC|O_WRONLY;
if (name[1] == '>') {
#ifdef _WIN32
ignore_result(asprintf(errmsg,
"Windows does not support O_APPEND"));
return false;
#else
*flags |= O_APPEND;
*name_p = name + 2;
#endif
} else {
*flags |= O_TRUNC;
*name_p = name + 1;
}
return true;
}
/*
* Below function creates a secured folder path,ie a folder path a normal user has no access to
*/
static string_t _create_work_directory( void )
{
/*
* ZULUCRYPTtempFolder and ZULUCRYPtmountMiniPath are set in ../constants.h
*/
const char * temp_path = "/run/zuluCrypt/" ;
struct stat xt ;
mode_t mode = S_IRWXU | S_IRGRP | S_IXGRP | S_IXOTH | S_IROTH ;
zuluCryptSecurityGainElevatedPrivileges() ;
#define path_does_not_exist( x ) stat( x,&xt ) != 0
if( path_does_not_exist( "/run" ) ){
mkdir( "/run",mode ) ;
ignore_result( chown( "/run",0,0 ) ) ;
}
if( path_does_not_exist( temp_path ) ){
mkdir( temp_path,S_IRWXU ) ;
ignore_result( chown( temp_path,0,0 ) ) ;
}
zuluCryptSecurityDropElevatedPrivileges() ;
return String( temp_path ) ;
}
bool starter_klips_init(void)
{
struct stat stb;
if (stat(PROC_KLIPS, &stb) != 0)
{
/* ipsec module makes the pf_key proc interface visible */
if (stat(PROC_MODULES, &stb) == 0)
{
ignore_result(system("modprobe -qv ipsec"));
}
/* now test again */
if (stat(PROC_KLIPS, &stb) != 0)
{
DBG2(DBG_APP, "kernel appears to lack the KLIPS IPsec stack");
return FALSE;
}
}
/* load crypto algorithm modules */
ignore_result(system("modprobe -qv ipsec_aes"));
ignore_result(system("modprobe -qv ipsec_blowfish"));
ignore_result(system("modprobe -qv ipsec_sha2"));
DBG2(DBG_APP, "found KLIPS IPsec stack");
return TRUE;
}
static void generate_selfcert()
{
struct stat stb;
/* if ipsec.secrets file is missing then generate RSA default key pair */
if (stat(SECRETS_FILE, &stb) != 0)
{
mode_t oldmask;
FILE *f;
uid_t uid = 0;
gid_t gid = 0;
#ifdef IPSEC_GROUP
{
char buf[1024];
struct group group, *grp;
if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) == 0 && grp)
{
gid = grp->gr_gid;
}
}
#endif
#ifdef IPSEC_USER
{
char buf[1024];
struct passwd passwd, *pwp;
if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) == 0 && pwp)
{
uid = pwp->pw_uid;
}
}
#endif
setegid(gid);
seteuid(uid);
ignore_result(system("ipsec scepclient --out pkcs1 --out cert-self --quiet"));
seteuid(0);
setegid(0);
/* ipsec.secrets is root readable only */
oldmask = umask(0066);
f = fopen(SECRETS_FILE, "w");
if (f)
{
fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n");
fprintf(f, "\n");
fprintf(f, ": RSA myKey.der\n");
fclose(f);
}
ignore_result(chown(SECRETS_FILE, uid, gid));
umask(oldmask);
}
}
/*
* Below function copies a secured file from secured location to a user owned and managed location.
* The source file will be deleted when the copy is done.
*/
static int _secure_copy_file( const char * source,const char * dest,uid_t uid )
{
int st = 4 ;
int fd_source ;
int fd_dest ;
size_t len ;
char buffer[ SIZE ] ;
zuluCryptSecurityDropElevatedPrivileges() ;
fd_dest = open( dest,O_WRONLY | O_CREAT,S_IRUSR | S_IWUSR | S_IRGRP |S_IROTH ) ;
if( fd_dest == -1 ){
zuluCryptSecurityGainElevatedPrivileges() ;
zuluCryptDeleteFile( source ) ;
zuluCryptSecurityDropElevatedPrivileges() ;
return 6 ;
}
zuluCryptSecurityGainElevatedPrivileges() ;
fd_source = open( source,O_RDONLY ) ;
if( fd_source != -1 ){
while( 1 ){
len = read( fd_source,buffer,SIZE ) ;
if( len < SIZE ){
ignore_result( write( fd_dest,buffer,len ) ) ;
break ;
}else{
ignore_result( write( fd_dest,buffer,len ) ) ;
}
}
ignore_result( chmod( dest,S_IRUSR ) ) ;
ignore_result( chown( dest,uid,uid ) ) ;
st = 0 ;
}
/*
* zuluCryptDeleteFile() is defined in ../lib/file_path_security.c
*/
zuluCryptDeleteFile( source ) ;
zuluCryptSecurityDropElevatedPrivileges() ;
return st ;
}
static FILE *dump(FILE *in, const char *filename, int follow, FILE *out)
{
struct utmp ut;
if (follow)
ignore_result( fseek(in, -10 * sizeof(ut), SEEK_END) );
while (fread(&ut, sizeof(ut), 1, in) == 1)
print_utline(ut, out);
if (!follow)
return in;
#ifdef HAVE_INOTIFY_INIT
if (follow_by_inotify(in, filename, out) == 0)
return NULL; /* file already closed */
else
#endif
/* fallback for systems without inotify or with non-free
* inotify instances */
for (;;) {
while (fread(&ut, sizeof(ut), 1, in) == 1)
print_utline(ut, out);
sleep(1);
}
return in;
}
int Disk_GetStat(char* path, long* size, int* used_perc) {
struct statfs s;
long blocks_used;
long blocks_percent_used;
if(statfs(path, &s) != 0) {
return 0;
}
// check if mounted
char buffer[128];
sprintf(buffer, "cat /proc/mounts | grep \"%s\" | wc -l > /tmp/is_mounted", path);
ignore_result(system(buffer));
FILE* f = fopen("/tmp/is_mounted", "r");
char is_mounted = fgetc(f);
fclose(f);
if(is_mounted == '0') return 0;
// get blocks
if(s.f_blocks > 0) {
blocks_used = s.f_blocks - s.f_bfree;
if(blocks_used == 0) {
blocks_percent_used = 0;
} else {
blocks_percent_used = (long)(blocks_used * 100.0 / (blocks_used + s.f_bavail) + 0.5);
}
*size = (long)(((double)(s.f_blocks / 1024.0 / 1024.0) * (double)(s.f_bsize / 1024.0)) + 0.5);
*used_perc = (int)blocks_percent_used;
} else {
return 0;
}
return 1;
}
void
ProgressPanel::onItemRightClicked(QPoint globalPos, const TableItemPtr& item)
{
ProgressTaskInfoPtr task;
{
QMutexLocker k(&_imp->tasksMutex);
task = _imp->findTask(item);
}
if (!task) {
return;
}
ProcessHandlerPtr hasProcess = task->getProcess();
Menu m(this);
QAction* showLogAction = 0;
if (hasProcess) {
showLogAction = new QAction(tr("Show Process Log"), &m);
m.addAction(showLogAction);
}
QAction* triggered = 0;
if ( !m.isEmpty() ) {
triggered = m.exec(globalPos);
}
if ( (triggered == showLogAction) && showLogAction ) {
const QString& log = hasProcess->getProcessLog();
LogWindowModal window(log,this);
window.setWindowTitle( tr("Background Render Log") );
ignore_result(window.exec());
}
}
/* Returns true if the global config root_restrict_files is not defined or if
* one of the files in root_restrict_files exists, false otherwise. */
static bool root_check_restrict(const char *watch_path) {
uint32_t i;
bool enforcing;
auto root_restrict_files = cfg_compute_root_files(&enforcing);
if (!root_restrict_files) {
return true;
}
if (!enforcing) {
return true;
}
for (i = 0; i < json_array_size(root_restrict_files); i++) {
auto obj = json_array_get(root_restrict_files, i);
const char *restrict_file = json_string_value(obj);
char *restrict_path;
bool rv;
if (!restrict_file) {
w_log(W_LOG_ERR, "resolve_root: global config root_restrict_files "
"element %" PRIu32 " should be a string\n", i);
continue;
}
ignore_result(asprintf(&restrict_path, "%s%c%s", watch_path,
WATCHMAN_DIR_SEP, restrict_file));
rv = w_path_exists(restrict_path);
free(restrict_path);
if (rv)
return true;
}
return false;
}
static bool check_allowed_fs(const char *filename, char **errmsg) {
auto fs_type = w_fstype(filename);
json_t *illegal_fstypes = NULL;
json_t *advice_string;
uint32_t i;
const char *advice = NULL;
// Report this to the log always, as it is helpful in understanding
// problem reports
w_log(
W_LOG_ERR,
"path %s is on filesystem type %s\n",
filename,
fs_type.c_str());
illegal_fstypes = cfg_get_json("illegal_fstypes");
if (!illegal_fstypes) {
return true;
}
advice_string = cfg_get_json("illegal_fstypes_advice");
if (advice_string) {
advice = json_string_value(advice_string);
}
if (!advice) {
advice = "relocate the dir to an allowed filesystem type";
}
if (!json_is_array(illegal_fstypes)) {
w_log(W_LOG_ERR,
"resolve_root: global config illegal_fstypes is not an array\n");
return true;
}
for (i = 0; i < json_array_size(illegal_fstypes); i++) {
json_t *obj = json_array_get(illegal_fstypes, i);
const char *name = json_string_value(obj);
if (!name) {
w_log(W_LOG_ERR, "resolve_root: global config illegal_fstypes "
"element %" PRIu32 " should be a string\n", i);
continue;
}
if (!w_string_equal_cstring(fs_type, name)) {
continue;
}
ignore_result(asprintf(
errmsg,
"path uses the \"%s\" filesystem "
"and is disallowed by global config illegal_fstypes: %s",
fs_type.c_str(),
advice));
return false;
}
return true;
}
bool inot_root_init(watchman_global_watcher_t watcher, w_root_t *root,
char **errmsg) {
struct inot_root_state *state;
unused_parameter(watcher);
state = calloc(1, sizeof(*state));
if (!state) {
*errmsg = strdup("out of memory");
return false;
}
root->watch = state;
pthread_mutex_init(&state->lock, NULL);
#ifdef HAVE_INOTIFY_INIT1
state->infd = inotify_init1(IN_CLOEXEC);
#else
state->infd = inotify_init();
#endif
if (state->infd == -1) {
ignore_result(asprintf(errmsg, "watch(%.*s): inotify_init error: %s",
root->root_path->len, root->root_path->buf, inot_strerror(errno)));
w_log(W_LOG_ERR, "%s\n", *errmsg);
return false;
}
w_set_cloexec(state->infd);
state->wd_to_name = w_ht_new(HINT_NUM_DIRS, &w_ht_string_val_funcs);
state->move_map = w_ht_new(2, &move_hash_funcs);
return true;
}
bool fsevents_root_init(watchman_global_watcher_t watcher, w_root_t *root,
char **errmsg) {
struct fsevents_root_state *state;
unused_parameter(watcher);
state = calloc(1, sizeof(*state));
if (!state) {
*errmsg = strdup("out of memory");
return false;
}
root->watch = state;
if (pipe(state->fse_pipe)) {
ignore_result(asprintf(errmsg, "watch(%.*s): pipe error: %s",
root->root_path->len, root->root_path->buf, strerror(errno)));
w_log(W_LOG_ERR, "%s\n", *errmsg);
return false;
}
w_set_cloexec(state->fse_pipe[0]);
w_set_cloexec(state->fse_pipe[1]);
pthread_mutex_init(&state->fse_mtx, NULL);
pthread_cond_init(&state->fse_cond, NULL);
return true;
}
void w_log(int level, const char *fmt, ...)
{
char buf[4096];
va_list ap;
int len;
uint32_t tid = (uint32_t)(uintptr_t)pthread_self();
bool fatal = false;
if (level == W_LOG_FATAL) {
level = W_LOG_ERR;
fatal = true;
}
len = snprintf(buf, sizeof(buf),
"%d: tid=%" PRIu32 " ", (int)time(NULL), tid);
va_start(ap, fmt);
len += vsnprintf(buf + len, sizeof(buf) - len, fmt, ap);
va_end(ap);
if (level <= log_level) {
ignore_result(write(STDERR_FILENO, buf, len));
}
w_log_to_clients(level, buf);
if (fatal) {
log_stack_trace();
abort();
}
}
// ---------------------------------------------------------------------------
void stopMusic() {
// stop music
char cmd[128];
sprintf(cmd, "%s &", Settings_Get("programs", "stop"));
ignore_result(system(cmd));
resetMetaInfo();
}
int
skip(unsigned int n, char *fmt, ...)
{
va_list ap;
char *skip_msg;
LOCK;
va_start(ap, fmt);
ignore_result(asprintf(&skip_msg, fmt, ap));
va_end(ap);
while(n-- > 0) {
test_count++;
printf("ok %d # skip %s\n", test_count,
skip_msg != NULL ?
skip_msg : "libtap():malloc() failed");
}
free(skip_msg);
UNLOCK;
return 1;
}
bool kqueue_root_init(watchman_global_watcher_t watcher, w_root_t *root,
char **errmsg) {
struct kqueue_root_state *state;
unused_parameter(watcher);
state = calloc(1, sizeof(*state));
if (!state) {
*errmsg = strdup("out of memory");
return false;
}
root->watch = state;
pthread_mutex_init(&state->lock, NULL);
state->name_to_fd = w_ht_new(HINT_NUM_DIRS, &name_to_fd_funcs);
state->fd_to_name = w_ht_new(HINT_NUM_DIRS, &w_ht_string_val_funcs);
state->kq_fd = kqueue();
if (state->kq_fd == -1) {
ignore_result(asprintf(errmsg, "watch(%.*s): kqueue() error: %s",
root->root_path->len, root->root_path->buf, strerror(errno)));
w_log(W_LOG_ERR, "%s\n", *errmsg);
return false;
}
w_set_cloexec(state->kq_fd);
return true;
}
static void run_service(void)
{
int fd;
bool res;
// redirect std{in,out,err}
fd = open("/dev/null", O_RDONLY);
if (fd != -1) {
dup2(fd, STDIN_FILENO);
close(fd);
}
fd = open(log_name, O_WRONLY|O_APPEND|O_CREAT, 0600);
if (fd != -1) {
dup2(fd, STDOUT_FILENO);
dup2(fd, STDERR_FILENO);
close(fd);
}
/* we are the child, let's set things up */
ignore_result(chdir("/"));
watchman_watcher_init();
res = w_start_listener(sock_name);
watchman_watcher_dtor();
if (res) {
exit(0);
}
exit(1);
}
/* parse an expression term. It can be one of:
* "term"
* ["term" <parameters>]
*/
w_query_expr *w_query_expr_parse(w_query *query, json_t *exp)
{
w_string_t *name;
w_query_expr_parser parser;
if (json_is_string(exp)) {
name = w_string_new(json_string_value(exp));
} else if (json_is_array(exp) && json_array_size(exp) > 0) {
json_t *first = json_array_get(exp, 0);
if (!json_is_string(first)) {
query->errmsg = strdup(
"first element of an expression must be a string");
return NULL;
}
name = w_string_new(json_string_value(first));
} else {
query->errmsg = strdup("expected array or string for an expression");
return NULL;
}
parser = w_ht_val_ptr(w_ht_get(term_hash, w_ht_ptr_val(name)));
if (!parser) {
ignore_result(asprintf(&query->errmsg,
"unknown expression term '%s'",
name->buf));
w_string_delref(name);
return NULL;
}
w_string_delref(name);
return parser(query, exp);
}
static void run_service(void)
{
int fd;
bool res;
// redirect std{in,out,err}
fd = open("/dev/null", O_RDONLY);
if (fd != -1) {
ignore_result(dup2(fd, STDIN_FILENO));
close(fd);
}
fd = open(log_name, O_WRONLY|O_APPEND|O_CREAT, 0600);
if (fd != -1) {
ignore_result(dup2(fd, STDOUT_FILENO));
ignore_result(dup2(fd, STDERR_FILENO));
close(fd);
}
#ifndef _WIN32
/* we are the child, let's set things up */
ignore_result(chdir("/"));
#endif
w_set_thread_name("listener");
{
char hostname[256];
gethostname(hostname, sizeof(hostname));
hostname[sizeof(hostname) - 1] = '\0';
w_log(W_LOG_ERR, "Watchman %s %s starting up on %s\n",
PACKAGE_VERSION,
#ifdef WATCHMAN_BUILD_INFO
WATCHMAN_BUILD_INFO,
#else
"<no build info set>",
#endif
hostname);
}
watchman_watcher_init();
res = w_start_listener(sock_name);
watchman_watcher_dtor();
if (res) {
exit(0);
}
exit(1);
}
void
Gui::showAbout()
{
_imp->_aboutWindow->show();
_imp->_aboutWindow->raise();
_imp->_aboutWindow->activateWindow();
ignore_result( _imp->_aboutWindow->exec() );
}
void starter_klips_cleanup(void)
{
if (system("type eroute > /dev/null 2>&1") == 0)
{
ignore_result(system("spi --clear"));
ignore_result(system("eroute --clear"));
}
else if (system("type setkey > /dev/null 2>&1") == 0)
{
ignore_result(system("setkey -F"));
ignore_result(system("setkey -FP"));
}
else
{
DBG1(DBG_APP, "WARNING: cannot flush IPsec state/policy database");
}
}
static void timedout(int sig __attribute__ ((__unused__)))
{
signal(SIGALRM, timedout2);
alarm(10);
ignore_result( write(STDERR_FILENO, timeout_msg, strlen(timeout_msg)) );
signal(SIGALRM, SIG_IGN);
alarm(0);
timedout2(0);
}
void w_log(int level, const char *fmt, ...)
{
char buf[4096];
va_list ap;
int len;
bool fatal = false;
struct timeval tv;
char timebuf[64];
struct tm tm;
bool should_log_to_stderr = level <= log_level;
bool should_log_to_clients = w_should_log_to_clients(level);
if (!(should_log_to_stderr || should_log_to_clients)) {
// Don't bother formatting the log message if nobody's listening.
return;
}
if (level == W_LOG_FATAL) {
level = W_LOG_ERR;
fatal = true;
}
gettimeofday(&tv, NULL);
localtime_r(&tv.tv_sec, &tm);
strftime(timebuf, sizeof(timebuf), "%Y-%m-%dT%H:%M:%S", &tm);
len = snprintf(buf, sizeof(buf), "%s,%03d: [%s] ",
timebuf, (int)tv.tv_usec / 1000, w_get_thread_name());
va_start(ap, fmt);
vsnprintf(buf + len, sizeof(buf) - len, fmt, ap);
va_end(ap);
len = strlen(buf);
if (buf[len - 1] != '\n') {
if (len < (int)sizeof(buf) - 1) {
buf[len] = '\n';
buf[len + 1] = 0;
len++;
} else {
buf[len - 1] = '\n';
}
}
if (should_log_to_stderr) {
ignore_result(write(STDERR_FILENO, buf, len));
}
if (should_log_to_clients) {
w_log_to_clients(level, buf);
}
if (fatal) {
log_stack_trace();
abort();
}
}
// Convert and map inconvertible Unicode characters.
// We use it for extended ASCII names in Unix.
void CharToWideMap(const char *Src,wchar *Dest,size_t DestSize,bool &Success)
{
// Map inconvertible characters to private use Unicode area 0xE000.
// Mark such string by placing special non-character code before
// first inconvertible character.
Success=false;
bool MarkAdded=false;
uint SrcPos=0,DestPos=0;
while (DestPos<DestSize)
{
if (Src[SrcPos]==0)
{
Dest[DestPos]=0;
Success=true;
break;
}
ignore_result( mbtowc(NULL,NULL,0) ); // Reset shift state.
if (mbtowc(Dest+DestPos,Src+SrcPos,MB_CUR_MAX)==-1)
{
// For security reasons we do not want to map low ASCII characters,
// so we do not have additional .. and path separator codes.
if (byte(Src[SrcPos])>=0x80)
{
if (!MarkAdded)
{
Dest[DestPos++]=MappedStringMark;
MarkAdded=true;
if (DestPos>=DestSize)
break;
}
Dest[DestPos++]=byte(Src[SrcPos++])+MapAreaStart;
}
else
break;
}
else
{
ignore_result( mblen(NULL,0) ); // Reset shift state.
int Length=mblen(Src+SrcPos,MB_CUR_MAX);
SrcPos+=Max(Length,1);
DestPos++;
}
}
}
const char *w_set_thread_name(const char *fmt, ...) {
char *name = NULL;
va_list ap;
free(pthread_getspecific(thread_name_key));
va_start(ap, fmt);
ignore_result(vasprintf(&name, fmt, ap));
va_end(ap);
pthread_setspecific(thread_name_key, name);
return name;
}
bool parse_field_list(json_t *field_list,
struct w_query_field_list *selected,
char **errmsg)
{
uint32_t i, f;
memset(selected, 0, sizeof(*selected));
if (field_list == NULL) {
// Use the default list
field_list = json_pack("[sssss]", "name", "exists", "new", "size", "mode");
} else {
// Add a ref so that we don't need complicated logic to deal with
// whether we defaulted or not; just unconditionally delref on return
json_incref(field_list);
}
if (!json_is_array(field_list)) {
*errmsg = strdup("field list must be an array of strings");
json_decref(field_list);
return false;
}
for (i = 0; i < json_array_size(field_list); i++) {
json_t *jname = json_array_get(field_list, i);
const char *name;
bool found = false;
if (!json_is_string(jname)) {
*errmsg = strdup("field list must be an array of strings");
json_decref(field_list);
return false;
}
name = json_string_value(jname);
for (f = 0; field_defs[f].name; f++) {
if (!strcmp(name, field_defs[f].name)) {
found = true;
selected->fields[selected->num_fields++] = &field_defs[f];
break;
}
}
if (!found) {
ignore_result(asprintf(errmsg, "unknown field name '%s'", name));
json_decref(field_list);
return false;
}
}
json_decref(field_list);
return true;
}
static w_query_expr *size_parser(w_query *query, json_t *term) {
struct w_query_int_compare *comp;
if (!json_is_array(term)) {
ignore_result(asprintf(&query->errmsg, "Expected array for 'size' term"));
return NULL;
}
comp = calloc(1, sizeof(*comp));
if (!comp) {
ignore_result(asprintf(&query->errmsg, "out of memory"));
return NULL;
}
if (!parse_int_compare(term, comp, &query->errmsg)) {
free(comp);
return NULL;
}
return w_query_expr_new(eval_size, free, comp);
}
static void compute_file_name(char **strp,
const char *user,
const char *suffix,
const char *what)
{
char *str = NULL;
str = *strp;
if (!str) {
#ifdef WATCHMAN_STATE_DIR
/* avoid redundant naming if they picked something like
* "/var/watchman" */
ignore_result(asprintf(&str, "%s/%s%s%s",
WATCHMAN_STATE_DIR,
user,
suffix[0] ? "." : "",
suffix));
#else
ignore_result(asprintf(&str, "%s/.watchman.%s%s%s",
watchman_tmp_dir,
user,
suffix[0] ? "." : "",
suffix));
#endif
}
if (!str) {
w_log(W_LOG_ERR, "out of memory computing %s", what);
abort();
}
if (str[0] != '/') {
w_log(W_LOG_ERR, "invalid %s: %s", what, str);
abort();
}
*strp = str;
}
bool starter_netkey_init(void)
{
struct stat stb;
if (stat(PROC_NETKEY, &stb) != 0)
{
/* af_key module makes the netkey proc interface visible */
if (stat(PROC_MODULES, &stb) == 0)
{
ignore_result(system("modprobe -qv af_key"));
}
/* now test again */
if (stat(PROC_NETKEY, &stb) != 0)
{
DBG2(DBG_APP, "kernel appears to lack the native netkey IPsec stack");
return FALSE;
}
}
/* make sure that all required IPsec modules are loaded */
if (stat(PROC_MODULES, &stb) == 0)
{
ignore_result(system("modprobe -qv ah4"));
ignore_result(system("modprobe -qv esp4"));
ignore_result(system("modprobe -qv ipcomp"));
ignore_result(system("modprobe -qv xfrm4_tunnel"));
ignore_result(system("modprobe -qv xfrm_user"));
}
DBG2(DBG_APP, "found netkey IPsec stack");
return TRUE;
}
// term is a json array that looks like:
// ["size", "eq", 1024]
bool parse_int_compare(json_t *term, struct w_query_int_compare *comp,
char **errmsg) {
const char *opname;
size_t i;
bool found = false;
if (json_array_size(term) != 3) {
ignore_result(asprintf(errmsg, "integer comparator must have 3 elements"));
return false;
}
if (!json_is_string(json_array_get(term, 1))) {
ignore_result(asprintf(errmsg, "integer comparator op must be a string"));
return false;
}
if (!json_is_integer(json_array_get(term, 2))) {
ignore_result(asprintf(errmsg,
"integer comparator operand must be an integer"));
return false;
}
opname = json_string_value(json_array_get(term, 1));
for (i = 0; i < sizeof(opname_to_op)/sizeof(opname_to_op[0]); i++) {
if (!strcmp(opname_to_op[i].opname, opname)) {
comp->op = opname_to_op[i].op;
found = true;
break;
}
}
if (!found) {
ignore_result(asprintf(errmsg,
"integer comparator opname `%s' is invalid",
opname));
return false;
}
comp->operand = json_integer_value(json_array_get(term, 2));
return true;
}