예제 #1
0
파일: telnet.c 프로젝트: pfeiffersz/zorp
/**
 * telnet_process_command:
 * @self: 
 * @ep: 
 *
 * 
 *
 * Returns:
 * 
 */
static guint
telnet_process_command(TelnetProxy *self, guint ep)
{
  ZPolicyObj    *res = NULL;
  guint         option_needed;
  gchar         cmd_str[5];
  guint         ret_status;

  z_proxy_enter(self);
  /* 
   * allow commands defined in RFC 854
   * these are important, and must be implemented
   */
  
  /* NOTE: this triggers a warning in gcc as the second part of the
   * condition is always TRUE as guchar is always less-or-equal than 255,
   * this is true, but I leave the condition intact as in the possible case
   * command is changed to int the condition might be perfectly valid
   */
  if (self->command[ep] >= 240)
    z_proxy_return(self, TELNET_CHECK_OK);
  /* 
   * allow negotiated commands
   * these were allowed during a negotiation
   */
  g_snprintf(cmd_str, sizeof(cmd_str), "%hhu", self->command[ep]);
  z_policy_lock(self->super.thread);
  res = g_hash_table_lookup(self->negotiation, cmd_str);
  if (res != NULL)
    {
      if (!z_policy_var_parse(res, "i", &option_needed))
        {
          z_proxy_log(self, TELNET_POLICY, 2, "Value in negotiation table bad; command='%d'", self->command[ep]);
          z_policy_unlock(self->super.thread);
          z_proxy_return(self, TELNET_CHECK_REJECT); 
        }
      z_proxy_trace(self, "Changed needed negotiated option; command='%s', option='%d'", cmd_str, option_needed);
    }
  else
    {
      option_needed = self->command[ep];
    }
  z_policy_unlock(self->super.thread);
  ret_status = TELNET_CHECK_REJECT;
  if (option_needed == 255)
    {
      ret_status = TELNET_CHECK_OK;
    }
  else if (option_needed > 255)
    {
      z_proxy_log(self, TELNET_POLICY, 2, "Value in negotation table out of range; command='%d', value='%d'", self->command[ep], option_needed);
    }
  else
    {
      z_proxy_trace(self, "Option state check; option='%d', state='%d:%d'", option_needed, self->options[option_needed][ep], self->options[option_needed][OTHER_EP(ep)]);
      if (self->options[option_needed][ep] & (SENT_WILL | GOT_DO))
        ret_status = TELNET_CHECK_OK;
    } /* reject everything else */
  z_proxy_return(self, ret_status);
} 
예제 #2
0
파일: smtppolicy.c 프로젝트: VPetyaa/zorp
gboolean
smtp_policy_is_extension_permitted(SmtpProxy *self, gchar *extension)
{
  ZPolicyObj *e;
  SmtpExtensionDesc *ed;
  SmtpActionTypes verdict = SMTP_EXT_DROP;
  gboolean found;

  z_proxy_enter(self);

  /* compatibility, check permit_extensions first */
  ed = g_hash_table_lookup(known_extensions, extension);
  if (ed && (self->permit_extensions & ed->extension_mask))
    z_proxy_return(self, TRUE);

  e = g_hash_table_lookup(self->extensions, extension);
  if (!e)
    e = g_hash_table_lookup(self->extensions, "*");

  if (!e)
    z_proxy_return(self, FALSE);

  z_policy_lock(self->super.thread);
  found = smtp_hash_get_type(e, &verdict);
  z_policy_unlock(self->super.thread);

  z_proxy_return(self, found && (verdict == SMTP_EXT_ACCEPT));
}
예제 #3
0
파일: ftpolicy.c 프로젝트: kkovaacs/zorp
gboolean
ftp_policy_parse_authinfo(FtpProxy *self, const gchar *cmd, GString *param)
{
  gboolean called = FALSE;
  PyObject *result = NULL;
  PyObject *args = NULL;
  gboolean ret;

  z_proxy_enter(self);

  z_policy_lock(self->super.thread);

  args = z_policy_var_build("ss", cmd, param->str);
  result = z_policy_call(self->super.handler, "parseInbandAuth", args, &called, self->super.session_id);

  if (!called)
    {
      z_policy_unlock(self->super.thread);
      z_proxy_return(self, FALSE);
    }

  if (result == NULL || !z_policy_var_parse(result, "i", &ret))
    ret = FALSE;

  if (result)
    z_policy_var_unref(result);
  z_policy_unlock(self->super.thread);

  z_proxy_return(self, ret);
}
예제 #4
0
파일: ftpolicy.c 프로젝트: kkovaacs/zorp
gboolean
ftp_policy_bounce_check(FtpProxy *self, guint  side, ZSockAddr *remote, gboolean  connect)
{
  PyObject *zsock;
  gboolean called;
  ZPolicyObj *res;
  gboolean ret;
  
  z_proxy_enter(self);
  z_policy_lock(self->super.thread);
  zsock = z_policy_sockaddr_new(remote);
  res = z_policy_call(self->super.handler, "bounceCheck", z_policy_var_build("(Oii)", zsock, side, connect), &called, self->super.session_id);
  if (!called)
    {
      z_policy_unlock(self->super.thread);
      z_proxy_return(self, TRUE);
    }
  
  if ((res == NULL) || !z_policy_var_parse(res, "i", &ret))
    ret = FALSE;

  z_policy_var_unref(res);
  z_policy_var_unref(zsock);
  z_policy_unlock(self->super.thread);
  z_proxy_return(self, ret);
}
예제 #5
0
파일: ftpolicy.c 프로젝트: kkovaacs/zorp
void
ftp_policy_feature_hash_handle_insert(struct _FtpProxy *self, GHashTable *features)
{
  z_proxy_enter(self);

  z_policy_lock(self->super.thread);
  g_hash_table_foreach(self->policy_features, ftp_policy_feature_hash_foreach_cb, features);
  z_policy_unlock(self->super.thread);

  z_proxy_leave(self);
}
예제 #6
0
파일: finger.c 프로젝트: akatrevorjay/zorp
/**
 * finger_query_policy:
 * @self: FingerProxy instance
 *
 * Check the policy about the current request.
 **/
static gboolean
finger_query_policy(FingerProxy *self)
{
    char *errmsg = "Policy violation, request denied.\r\n";
    gsize bytes_written;
    gint res;

    z_proxy_enter(self);
    z_policy_lock(self->super.thread);
    res = z_policy_event(self->super.handler, "fingerRequest", z_policy_var_build("(ss)", self->username->str, self->hostnames->str), self->super.session_id);
    switch (res)
    {
    case FINGER_REQ_UNSPEC:
    case FINGER_REQ_REJECT:
    case FINGER_REQ_ABORT:
        /*LOG
          This message is about administrator decision to reject the
          finger session.
         */
        z_proxy_log(self, FINGER_POLICY, 2, "Policy violation, abort session;");
        z_stream_write(self->super.endpoints[EP_CLIENT],
                       errmsg,
                       strlen(errmsg),
                       &bytes_written,
                       NULL);
    /* fallthrough */

    case FINGER_REQ_DROP:
        if (res == ZV_DROP)
        {
            /*LOG
              This message is about administrator decision to drop
              finger session.
             */
            z_proxy_log(self, FINGER_POLICY, 2, "Policy violation, drop session;");
        }
        z_policy_unlock(self->super.thread);
        z_proxy_return(self, FALSE);

    case FINGER_REQ_ACCEPT:
    default:
        break;
    }
    z_policy_unlock(self->super.thread);
    z_proxy_return(self, TRUE);
}
예제 #7
0
파일: anypy.c 프로젝트: akatrevorjay/zorp
static void
anypy_main(ZProxy * s)
{
  AnyPyProxy *self = Z_CAST(s, AnyPyProxy);
  ZPolicyObj *res;
  gboolean called;

  z_proxy_enter(self);
  if (!z_proxy_connect_server(&self->super, NULL, 0) || !anypy_stream_init(self))
    {
      z_proxy_leave(self);
      return;
    }
  z_policy_lock(self->super.thread);  
  res = z_policy_call(self->super.handler, "proxyThread", NULL, &called, self->super.session_id);
  z_policy_var_unref(res);
  z_policy_unlock(self->super.thread);
  z_proxy_return(self);
}
예제 #8
0
파일: ftpolicy.c 프로젝트: kkovaacs/zorp
guint
ftp_policy_feature_hash_search(struct _FtpProxy *self, const gchar *feature)
{
  ZPolicyObj *res;
  guint verdict;
  gboolean valid;

  z_proxy_enter(self);

  res = g_hash_table_lookup(self->policy_features, feature);
  if (!res)
    res = g_hash_table_lookup(self->policy_features, "*");

  if (!res)
    {
      /*LOG
        This message indicates that the policy does not contain any setting for the given
        feature and Zorp drops the feature. Check the 'features' attribute.
       */
      z_proxy_log(self, FTP_POLICY, 5, "Policy does not contain this feature, dropping; feature='%s'", feature);
      z_proxy_return(self, FTP_FEATURE_DROP);
    }

  z_policy_lock(self->super.thread);
  valid = ftp_hash_get_type(res, &verdict);
  z_policy_unlock(self->super.thread);

  if (!valid)
    {
      /*LOG
        This message indicates that the policy type is invalid for the given feature and
        thus Zorp drops the feature.
       */
      z_proxy_log(self, FTP_POLICY, 1, "Policy value invalid; feature='%s'", feature);
      z_proxy_return(self, FTP_FEATURE_DROP);
    }

  z_proxy_return(self, verdict);
}
예제 #9
0
/**
 * telnet_policy_option:
 * @self: 
 *
 * 
 *
 * Returns:
 * 
 */
guint
telnet_policy_option(TelnetProxy *self)
{
  guint         res;
  ZPolicyObj    *pol_res;
  ZPolicyObj    *tmp;
  ZPolicyObj    *command_where = NULL;
  guint         command_do;
  gchar         lookup_str[10];
  gchar         *keys[1];
  gboolean      type_found;

  z_proxy_enter(self);
  z_proxy_log(self, TELNET_DEBUG, 8, "Policy option negotiation check; option='%d'", self->opneg_option[self->ep]);
  g_snprintf(lookup_str, sizeof(lookup_str), "%d", self->opneg_option[self->ep]);
  keys[0] = lookup_str;
  tmp = z_dim_hash_table_search(self->telnet_policy, 1, keys);
  if (!tmp)
    {
      z_proxy_log(self, TELNET_POLICY, 2, "Option not found in policy; option='%s'", lookup_str);
      z_proxy_return(self, TELNET_CHECK_DROP);
    }

  z_policy_lock(self->super.thread);
  type_found = telnet_hash_get_type(tmp, &command_do);
  z_policy_unlock(self->super.thread);
  if (!type_found )
    {
      z_proxy_log(self, TELNET_POLICY, 2, "Policy type invalid; option='%s'", lookup_str);
      z_proxy_return(self, TELNET_CHECK_ABORT);
    }

  switch (command_do)
    {
    case TELNET_OPTION_DROP:
      z_proxy_log(self, TELNET_POLICY, 3, "Policy denied option; option='%s'", lookup_str);
      res = TELNET_CHECK_DROP;
      break;

    case TELNET_OPTION_ACCEPT:
      z_proxy_log(self, TELNET_POLICY, 6, "Policy accepted option; option='%s'", lookup_str);
      res = TELNET_CHECK_OK;
      break;

    case TELNET_OPTION_POLICY:
      z_policy_lock(self->super.thread);
      if (!z_policy_var_parse(tmp, "(iO)", &command_do, &command_where))
        {
          z_proxy_log(self, TELNET_POLICY, 2, "Cannot parse policy line; option='%s'", lookup_str);
          res = TELNET_CHECK_ABORT;
        }
      else 
        {
          pol_res = z_policy_call_object(command_where, z_policy_var_build("(i)", &self->opneg_option[self->ep]), self->super.session_id);
          if (pol_res == NULL)
            {
              z_proxy_log(self, TELNET_POLICY, 2, "Error in policy calling; option='%s'", lookup_str);
              res = TELNET_CHECK_ABORT;
            }
          else if (!z_policy_var_parse(pol_res, "i", &res))
            {
              z_proxy_log(self, TELNET_POLICY, 1, "Can't parse return verdict; option='%s'", lookup_str);
              res = TELNET_CHECK_ABORT;
            }
          else
            {
              switch (res)
                {
                case ZV_ACCEPT:
                  z_proxy_log(self, TELNET_POLICY, 6, "Policy function accepted option; option='%s'", lookup_str);
                  res = TELNET_CHECK_OK;
                  break;

                case ZV_UNSPEC:
                case ZV_DROP:
                  z_proxy_log(self, TELNET_POLICY, 3, "Policy function drop option; option='%s'", lookup_str);
                  res = TELNET_CHECK_DROP;
                  break;

                case TELNET_OPTION_REJECT:
                  z_proxy_log(self, TELNET_POLICY, 3, "Policy function reject option; option='%s'", lookup_str);
                  res = TELNET_CHECK_REJECT;
                  break;

                case ZV_ABORT:
                default:
                  z_proxy_log(self, TELNET_POLICY, 1, "Policy function aborted session; option='%s'", lookup_str);
                  res = TELNET_CHECK_ABORT;
                  break;
                }
            }
        }
      z_policy_unlock(self->super.thread);
      break;

    case TELNET_OPTION_REJECT:
      z_proxy_log(self, TELNET_POLICY, 3, "Policy rejected option; option='%s'", lookup_str);
      res = TELNET_CHECK_REJECT;
      break;

    case TELNET_OPTION_ABORT:
    default:
      z_proxy_log(self, TELNET_POLICY, 3, "Policy aborted session; option='%s'", lookup_str);
      res = TELNET_CHECK_ABORT;
      break;
    }
  z_proxy_return(self, res);
}
예제 #10
0
/**
 * telnet_policy_suboption:
 * @self: 
 * @command: 
 * @name: 
 * @value: 
 *
 * 
 *
 * Returns:
 * 
 */
guint
telnet_policy_suboption(TelnetProxy *self, guchar command, gchar *name, gchar *value)
{
  guint         res;
  ZPolicyObj    *pol_res;
  ZPolicyObj    *tmp;
  ZPolicyObj    *command_where = NULL;
  guint         command_do;
  gchar         lookup_str[2][10];
  gchar         *keys[2];
  gboolean      type_found;

  z_proxy_enter(self);
  z_proxy_log(self, TELNET_DEBUG, 8, "Policy suboption negotiation check;");
  g_snprintf(lookup_str[0], sizeof(lookup_str[0]), "%d", self->opneg_option[self->ep]);
  g_snprintf(lookup_str[1], sizeof(lookup_str[1]), "%d", command);
  keys[0] = lookup_str[0];
  keys[1] = lookup_str[1];
  tmp = z_dim_hash_table_search(self->telnet_policy, 2, keys);
  if (!tmp)
    {
      z_proxy_log(self, TELNET_POLICY, 1, "Option not found in policy hash, dropping; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
      z_proxy_return(self, TELNET_CHECK_DROP);
    }

  z_policy_lock(self->super.thread);
  type_found = telnet_hash_get_type(tmp, &command_do);
  z_policy_unlock(self->super.thread);
  if (!type_found)
    {
      z_proxy_log(self, TELNET_POLICY, 2, "Policy type invalid!");
      z_proxy_return(self, TELNET_CHECK_ABORT);
    }

  switch (command_do)
    {
    case TELNET_OPTION_DROP:
      z_proxy_log(self, TELNET_POLICY, 6, "Policy denied suboption; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
      res = TELNET_CHECK_DROP;
      break;

    case TELNET_OPTION_ACCEPT:
      z_proxy_log(self, TELNET_POLICY, 6, "Policy accepted suboption; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
      res = TELNET_CHECK_OK;
      break;

    case TELNET_OPTION_POLICY:
      z_policy_lock(self->super.thread);
      if (!z_policy_var_parse(tmp, "(iO)", &command_do, &command_where))
        {
          z_proxy_log(self, TELNET_POLICY, 2, "Cannot parse policy line for option; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
          res = TELNET_CHECK_ABORT;
        }
      else 
        {
          /* call Python method with appropriate parameters */
          switch (self->opneg_option[self->ep])
            {
            case TELNET_OPTION_TERMINAL_TYPE:
            case TELNET_OPTION_TERMINAL_SPEED:
            case TELNET_OPTION_X_DISPLAY_LOCATION:
            case TELNET_OPTION_ENVIRONMENT:
            case TELNET_OPTION_NAWS:
              pol_res = z_policy_call_object(command_where, z_policy_var_build("(iss)", &self->opneg_option[self->ep], name, value), self->super.session_id);
              break;

            default:
              pol_res = z_policy_call_object(command_where, z_policy_var_build("(i)", &self->opneg_option[self->ep]), self->super.session_id);
              break;
            }

          if (pol_res == NULL)
            {
              z_proxy_log(self, TELNET_POLICY, 2, "Error in policy calling; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
              res = TELNET_CHECK_ABORT;
            }
          else if (!z_policy_var_parse(pol_res, "i", &res))
            {
              z_proxy_log(self, TELNET_POLICY, 2, "Can't parse return verdict; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
              res = TELNET_CHECK_ABORT;
            }
          else
            {
              switch (res)
                {
                case ZV_ACCEPT:
                  z_proxy_log(self, TELNET_POLICY, 6, "Policy function accepted suboption; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
                  res = TELNET_CHECK_OK;
                  break;

                case ZV_UNSPEC:
                case ZV_REJECT:
                case ZV_DROP:
                  z_proxy_log(self, TELNET_POLICY, 3, "Policy function denied suboption; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
                  res = TELNET_CHECK_DROP;
                  break;

                case ZV_ABORT:
                default:
                  z_proxy_log(self, TELNET_POLICY, 3, "Policy function aborted suboption; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
                  res = TELNET_CHECK_ABORT;
                  break;
                }
            }
        }
      z_policy_unlock(self->super.thread);
      break;

    case TELNET_OPTION_ABORT:
    default:
      z_proxy_log(self, TELNET_POLICY, 3, "Policy aborted session; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
      res = TELNET_CHECK_ABORT;
      break;
    }
  z_proxy_return(self, res);
}
예제 #11
0
파일: smtppolicy.c 프로젝트: VPetyaa/zorp
SmtpRequestTypes
smtp_policy_check_request(SmtpProxy *self)
{
  ZPolicyObj *entry;
  ZPolicyObj *res;
  ZPolicyObj *process_cmd = NULL;
  SmtpRequestTypes action;
  gchar *response = NULL, *response_param = NULL;

  z_proxy_enter(self);
  entry = g_hash_table_lookup(self->request_policy, self->request->str);
  if (!entry)
    entry = g_hash_table_lookup(self->request_policy, "*");
  if (!entry)
    z_proxy_return(self, SMTP_REQ_REJECT);

  z_policy_lock(self->super.thread);
  if (!smtp_hash_get_type(entry, &action))
    {
      /*LOG
	This message indicates that the policy type is invalid for the given request and Zorp
	aborts the connection. Check the 'request' attribute.
       */
      z_proxy_log(self, SMTP_POLICY, 1, "Invalid request policy type; request='%s'", self->request->str);
      z_policy_unlock(self->super.thread);
      z_proxy_return(self, SMTP_REQ_ABORT);
    }
  z_policy_unlock(self->super.thread);

  z_cp();
  switch (action)
    {
    case SMTP_REQ_REJECT:
      z_policy_lock(self->super.thread);
      if (!z_policy_var_parse_tuple(entry, "i|ss", &action, &response, &response_param))
        {
	  /*LOG
	    This message indicates that the parameter of the request policy of the given request is invalid and Zorp aborts the connection.
	    Check the 'request' attribute.
	   */
          z_proxy_log(self, SMTP_POLICY, 1, "Error in request policy; request='%s'", self->request->str);
          action = SMTP_REQ_ABORT;
        }
      else
        {
          if (response)
            g_string_assign(self->error_code, response);
          if (response_param)
            g_string_assign(self->error_info, response_param);
        }
      z_policy_unlock(self->super.thread);
      break;

    case SMTP_REQ_ACCEPT:
      break;

    case SMTP_REQ_POLICY:
      z_policy_lock(self->super.thread);
      if (!z_policy_var_parse(entry, "(iO)", &action, &process_cmd))
        {
	  /*LOG
	    This message indicates that the parameter of the request policy of the given request is invalid and Zorp aborts the connection.
	    Check the 'request' attribute.
	   */
          z_proxy_log(self, SMTP_POLICY, 1, "Error in request policy; request='%s'", self->request->str);
          action = SMTP_REQ_ABORT;
        }
      else
        {
          res = z_policy_call_object(process_cmd, z_policy_var_build("(ss)", self->request->str, self->request_param->str), self->super.session_id);
          if (res)
            {
              if (!z_policy_var_parse(res, "i", &action))
                {
		  /*LOG
		    This message indicates that the returned value of the callback for the given request policy
		    is invalid and Zorp aborts the connection. Check the callback function.
		   */
                  z_proxy_log(self, SMTP_POLICY, 1, "The verdict returned by the policy is not an int; request='%s'", self->request->str);
                  action = SMTP_REQ_ABORT;
                }
              else
                {
                  switch (action)
                    {
                    case SMTP_REQ_ACCEPT:
                    case SMTP_REQ_REJECT:
                    case SMTP_REQ_ABORT:
                      break;

                    default:
                      action = SMTP_REQ_ABORT;
                      break;
                    }
                }
            }
          else
            {
              action = SMTP_REQ_ABORT;
            }
        }
      z_policy_unlock(self->super.thread);
      break;

    case SMTP_REQ_ABORT:
    default:
      action = SMTP_REQ_ABORT;
      break;
    }
  z_proxy_return(self, action);
}
예제 #12
0
파일: smtppolicy.c 프로젝트: VPetyaa/zorp
SmtpResponseTypes
smtp_policy_check_response(SmtpProxy *self)
{
  ZPolicyObj *entry, *process_rsp, *res;
  gchar *key[2];
  gchar *response, *response_param;
  SmtpResponseTypes action;

  z_proxy_enter(self);
  if (self->request->len)
    key[0] = self->request->str;
  else
    key[0] = "Null";
  key[1] = self->response->str;
  entry = z_dim_hash_table_search(self->response_policy, 2, key);
  if (!entry)
    z_proxy_return(self, SMTP_RSP_REJECT);

  z_policy_lock(self->super.thread);
  if (!smtp_hash_get_type(entry, &action))
    {
      /*LOG
	This message indicates that the policy type is invalid for the given response and Zorp
	aborts the connection. Check the 'response' attribute.
       */
      z_proxy_log(self, SMTP_POLICY, 1, "Invalid response policy; request='%s', response='%s'", self->request->str, self->response->str);
      z_proxy_return(self, SMTP_RSP_ABORT);
    }
  z_policy_unlock(self->super.thread);
  switch (action)
    {
    case SMTP_RSP_REJECT:
      z_policy_lock(self->super.thread);
      if (!z_policy_var_parse_tuple(entry, "i|ss", &action, &response, &response_param))
        {
	  /*LOG
	    This message indicates that the parameter of the response policy of the given request is invalid and Zorp aborts the connection.
	    Check the 'response' attribute.
	   */
          z_proxy_log(self, SMTP_POLICY, 1, "Error in response policy; request='%s', response='%s'", self->request->str, self->response->str);
          action = SMTP_RSP_ABORT;
        }
      else
        {
          if (response)
            g_string_assign(self->error_code, response);
          if (response_param)
            g_string_assign(self->error_info, response_param);
        }
      z_policy_unlock(self->super.thread);
      break;

    case SMTP_RSP_ACCEPT:
    case SMTP_RSP_ABORT:
      break;

    case SMTP_RSP_POLICY:
      z_policy_lock(self->super.thread);
      if (!z_policy_var_parse(entry, "(iO)", &action, &process_rsp))
        {
	  /*LOG
	    This message indicates that the parameter of the response policy of the given request is invalid and Zorp aborts the connection.
	    Check the 'response' attribute.
	   */
          z_proxy_log(self, SMTP_POLICY, 1, "Error in response policy; request='%s', response='%s'", self->request->str, self->response->str);
          action = SMTP_RSP_ABORT;
        }
      else
        {
          res = z_policy_call_object(process_rsp, z_policy_var_build("(ssss)", self->request->str, self->request_param->str, self->response->str, self->response_param->str), self->super.session_id);
          if (res)
            {
              if (!z_policy_var_parse(res, "i", &action))
                {
		  /*LOG
		    This message indicates that the returned value of the callback for the given response policy
		    is invalid and Zorp aborts the connection. Check the callback function.
		   */
                  z_proxy_log(self, SMTP_POLICY, 1, "The verdict returned by the policy is not an int; request='%s', response='%s'", self->request->str, self->response->str);
                  action = SMTP_RSP_ABORT;
                }
            }
          else
            {
              action = SMTP_RSP_ABORT;
            }
        }
      z_policy_unlock(self->super.thread);
      break;

    default:
      action = SMTP_RSP_ABORT;
      break;
    }
  z_proxy_return(self, action);
}
예제 #13
0
guint
pop3_policy_command_hash_do(Pop3Proxy *self)
{
  guint rc;
  ZPolicyObj *res;
  ZPolicyObj *tmp = g_hash_table_lookup(self->commands_policy, self->command->str);
  ZPolicyObj *command_where = NULL;
  ZPolicyObj *answer_where = NULL;
  unsigned int command_do;
  
  z_proxy_enter(self);
  if (!tmp)
    {
      z_proxy_log(self, POP3_DEBUG, 6, "Policy does not contain this request, trying the default; request='%s'",
                  self->command->str);
      tmp = g_hash_table_lookup(self->commands_policy, "*");
    }
  
  if (!tmp)
    {
      /*LOG
        This message indicates that the policy does not contain any setting for the given
	request and Zorp rejects the request. Check the 'request' attribute.
       */
      z_proxy_log(self, POP3_DEBUG, 5, "Policy does not contain this request, using hard-coded default; request='%s'",
                  self->command->str);
      z_proxy_return(self, POP3_REQ_REJECT);
    }

  z_policy_lock(self->super.thread);
  if (!pop3_hash_get_type(tmp, &command_do))
    {
      /*LOG
        This message indicates that the policy type is invalid for the given request and Zorp
	aborts the connection. Check the 'request' attribute.
       */
      z_proxy_log(self, POP3_POLICY, 1, "Policy type is invalid; req='%s'", self->command->str);
      z_policy_unlock(self->super.thread);
      z_proxy_return(self, POP3_REQ_ABORT);
    }
  z_policy_unlock(self->super.thread);

  switch(command_do)
    {
    case POP3_REQ_ACCEPT_MLINE:
      self->response_multiline = TRUE;  /* No Break */
    case POP3_REQ_REJECT:
    case POP3_REQ_ACCEPT:
      rc = command_do;
      break;

    case POP3_REQ_POLICY:
      z_policy_lock(self->super.thread);
      if (!z_policy_var_parse(tmp, "(iOO)", &command_do, &command_where, &answer_where) &&
          !z_policy_var_parse(tmp, "(iO)", &command_do, &command_where))
        {
          /*LOG
            This message indicates that the policy for the given request is invalid
            and Zorp aborts the connection. Check the 'request' attribute. It is likely that the
            parameter for the POP3_REQ_POLICY is invalid.
           */
          z_proxy_log(self, POP3_POLICY, 1, "Cannot parse policy line; req='%s'",self->command->str);
          rc = POP3_REQ_ABORT;
        }
      else
        {
          res = z_policy_call_object(command_where, z_policy_var_build("(s)", self->command), self->super.session_id);
          if (res == NULL)
            {
              /*LOG
                This message indicates that the callback for the given request policy is invalid
                and Zorp aborts the connection. Check the 'request' attribute. It is likely that the
                parameter for the POP3_REQ_POLICY is invalid.
               */
              z_proxy_log(self, POP3_POLICY, 1, "Error in policy call; req='%s'", self->command->str);
              rc = POP3_REQ_ABORT;
            }
          else
            {
              if (!z_policy_var_parse(res, "i", &rc))
                {
                  /*LOG
                    This message indicates that the returned value of the callback for the given request policy 
                    is invalid and Zorp aborts the connection. Check the callback function.
                   */
                  z_proxy_log(self, POP3_POLICY, 1, "Cannot parse the return code; req='%s'", self->command->str);
                  rc = POP3_REQ_ABORT;
                }
              else
                {
                  switch(rc)
                    {
                    case POP3_REQ_ACCEPT_MLINE:
                      self->response_multiline = TRUE; /* No Break */

                    case POP3_REQ_ACCEPT:
                      rc = POP3_REQ_ACCEPT;
                      break;
                      
                    case ZV_UNSPEC:
                    case ZV_DROP:
                    case POP3_REQ_REJECT:
                      rc = POP3_REQ_REJECT;
                      break;
                      
                    case POP3_REQ_ABORT:
                    default:
                      rc = POP3_REQ_ABORT;
                      break;
                    }
                }
            }
        }
      z_policy_unlock(self->super.thread);
      break;

    case POP3_REQ_ABORT:
    default:
      rc = POP3_REQ_ABORT;
      break;
    }
  z_proxy_return(self, rc);
}
예제 #14
0
gboolean
pop3_policy_stack_hash_do(Pop3Proxy *self, ZStackedProxy **stacked)
{
  guint rc;
  ZPolicyObj *res = NULL;
  ZPolicyObj *tmp = g_hash_table_lookup(self->command_stack, self->command->str);
  ZPolicyObj *command_where = NULL;
  ZPolicyObj *stack_proxy = NULL;
  unsigned int command_do;
  gboolean success = TRUE;
  
  z_proxy_enter(self);
  if (!tmp)
    tmp = g_hash_table_lookup(self->command_stack, "*");
  
  if (!tmp)
    z_proxy_return(self, TRUE);

  z_policy_lock(self->super.thread);
  if (!pop3_hash_get_type(tmp, &command_do))
    {
      /*LOG
        This message indicates that the stack policy type is invalid for the given response, so nothing will
	be stacked. Check the 'response_stack' attribute.
       */
      z_proxy_log(self, POP3_POLICY, 1, "Stack policy type is invalid; req='%s'", self->command->str);
      z_policy_unlock(self->super.thread);
      z_proxy_return(self, FALSE);
    }

  switch(command_do)
    {
    case POP3_STK_NONE:
      rc = command_do;
      break;
      
    case POP3_STK_DATA:
    case POP3_STK_MIME:
      if (!z_policy_var_parse(tmp, "(iO)", &rc, &stack_proxy))
        {
	  /*LOG
	    This message indicates that the stack policy for the given response is invalid
	    and Zorp stacks nothing. Check the 'response_stack' attribute. It is likely that the
	    parameter for the POP3_STK_MIME or POP3_STK_DATA is invalid.
	   */
          z_proxy_log(self, POP3_POLICY, 1, "Cannot parse stack policy line; req='%s'", self->command->str);
          success = FALSE;
        }
      break;
      
    case POP3_STK_POLICY:
      if (!z_policy_var_parse(tmp, "(iO)", &rc, &command_where))
        {
	  /*LOG
	    This message indicates that the stack policy for the given response is invalid
	    and Zorp stacks nothing. Check the 'response_stack' attribute. It is likely that the
	    parameter for the POP3_STK_POLICY is invalid.
	   */
          z_proxy_log(self, POP3_POLICY, 1, "Cannot parse stack policy line; req='%s'", self->command->str);
          success = FALSE;
        }
      else
        {
          res = z_policy_call_object(command_where, z_policy_var_build("(s)", self->command->str), self->super.session_id);
          if (res == NULL)
            {
	      /*LOG
		This message indicates that the callback for the given request policy is invalid
		and Zorp stacks nothing. Check the 'request' attribute. It is likely that the
		parameter for the POP3_STK_POLICY is invalid.
	       */
              z_proxy_log(self, POP3_POLICY, 1, "Error in policy call; req='%s'", self->command->str);
              success = FALSE;
            }
          else
            {
              if (!z_policy_var_parse(res, "i", &rc) &&
                  !z_policy_var_parse(res, "(iO)", &rc, &stack_proxy))
                {
		  /*LOG
		    This message indicates that the returned value of the callback for the given response policy 
		    is invalid and Zorp stacks nothing. Check the callback function.
		   */
                  z_proxy_log(self, POP3_POLICY, 1, "Cannot parse return code; req='%s'", self->command->str);
                  success = FALSE;
                }
              z_policy_var_unref(res);
            }
        }
      break;
    }
  
  if (success && rc != POP3_STK_NONE && stack_proxy)
    success = z_proxy_stack_object(&self->super, stack_proxy, stacked, NULL);

  z_policy_unlock(self->super.thread);
  z_proxy_return(self, success);
}
예제 #15
0
파일: ftpolicy.c 프로젝트: kkovaacs/zorp
guint
ftp_policy_answer_hash_do(FtpProxy *self)
{
  guint ret;
  ZPolicyObj *res;
  ZPolicyObj *tmp;
  ZPolicyObj *answer_where;
  unsigned int answer_do;
  gchar key1[5];
  gchar key2[5];
  gchar *key[2];
  gchar *msg;
  int i;
  gchar work[10];

  z_proxy_enter(self);
  if (self->request_cmd->len > 0)
    g_snprintf(key1, sizeof(key1), "%s", self->request_cmd->str);
  else
    g_snprintf(key1, sizeof(key1), "Null");

  g_snprintf(key2, sizeof(key2), "%s", self->answer_cmd->str);
  key[0] = key1;
  key[1] = key2;
  tmp = z_dim_hash_table_search(self->policy_answer_hash, 2, key);
  if (!tmp)
    {
      /*LOG
        This message indicates that the policy does not contain any setting for the given
        response and Zorp rejects the response. Check the 'response' attribute.
       */
      z_proxy_log(self, FTP_POLICY, 5, "Policy does not contain this response, using hard-coded default; request='%s', response='%s", self->request_cmd->str, self->answer_cmd->str);
      z_proxy_return(self, FTP_RSP_REJECT);
    }
    
  z_policy_lock(self->super.thread);
  if (!ftp_hash_get_type(tmp, &answer_do))
    {
      /*LOG
        This message indicates that the policy type is invalid for the given response and Zorp
        rejects the request. Check the 'request' attribute.
       */
      z_proxy_log(self, FTP_POLICY, 1, "Answer type invalid; req='%s', rsp='%s'", self->request_cmd->str, self->answer_cmd->str);
      z_proxy_return(self, FTP_RSP_REJECT);
    }
  z_policy_unlock(self->super.thread);
  
  switch(answer_do)
    {
    case FTP_RSP_REJECT:
      ret = FTP_RSP_REJECT;
      z_policy_lock(self->super.thread);
      if (!z_policy_var_parse(tmp, "(is)", &answer_do, &msg))
        {
          g_string_assign(self->answer_cmd, "500");
          g_string_assign(self->answer_param, "Error parsing answer");
        }
      else
        {
          for(i = 0; i < 3; i++)
            work[i]=msg[i];
          work[i]=0;
          g_string_assign(self->answer_cmd, work);
          g_string_assign(self->answer_param, &msg[i+1]);
        }
      z_policy_unlock(self->super.thread);
      break;
      
    case FTP_RSP_ACCEPT:
      ret = FTP_RSP_ACCEPT;
      break;
      
    case FTP_RSP_ABORT:
      ret = FTP_RSP_ABORT;
      z_policy_lock(self->super.thread);
      if (!z_policy_var_parse(tmp, "(is)", &answer_do, &msg))
        {
          g_string_assign(self->answer_cmd, "500");
          g_string_assign(self->answer_param, "Error parsing answer");
        }
      else
        {
          for(i = 0; i < 3; i++)
            work[i]=msg[i];
          work[i]=0;
          g_string_assign(self->answer_cmd, work);
          g_string_assign(self->answer_param, &msg[i+1]);
        }
      z_policy_unlock(self->super.thread);
      break;
      
    case FTP_RSP_POLICY:
      z_policy_lock(self->super.thread);
      if (!z_policy_var_parse(tmp,"(iO)", &answer_do, &answer_where))
        {
          /*LOG
            This message indicates that the policy for the given response is invalid
            and Zorp rejects the response. Check the 'response' attribute. It is likely that the
            parameter for the FTP_RSP_POLICY is invalid.
           */
          z_proxy_log(self, FTP_POLICY, 1, "Bad policy line; command='%s', answer='%s'", self->request_cmd->str, self->answer_cmd->str);
          g_string_assign(self->answer_cmd, "500");
          g_string_assign(self->answer_param, "Error parsing answer (bad policy)");
          ret = FTP_RSP_ABORT;
        }
      else
        {
          res = z_policy_call_object(answer_where, z_policy_var_build("(ss)", self->request_cmd->str, self->answer_cmd->str), self->super.session_id);
          if (res == NULL)
            {
              /*LOG
                This message indicates that the callback for the given response policy is invalid
                and Zorp rejects the response. Check the 'response' attribute. It is likely that the
                parameter for the FTP_RSP_POLICY is invalid.
               */
              z_proxy_log(self, FTP_POLICY, 1, "Error in policy calling; command='%s', answer='%s'", self->request_cmd->str, self->answer_cmd->str);
              g_string_assign(self->answer_cmd, "500");
              g_string_assign(self->answer_param, "Error parsing answer (bad policy)");
              ret = FTP_RSP_ABORT;
            }
          else if (!z_policy_var_parse(res, "i", &ret))
            {
              /*LOG
                This message indicates that the returned value of the callback for the given response policy 
                is invalid and Zorp rejects the response. Check the callback function.
               */
              z_proxy_log(self, FTP_POLICY, 1, "Return code invalid from policy function; command='%s', answer='%s'", self->request_cmd->str, self->answer_cmd->str);
              g_string_assign(self->answer_cmd, "500");
              g_string_assign(self->answer_param, "Error parsing answer (bad policy)");
              ret = FTP_RSP_ABORT;
            }
          else
            {
              switch(ret)
                {
                case FTP_RSP_ACCEPT:
                case FTP_RSP_REJECT:
                case FTP_RSP_ABORT:
                  break;
                  
                case Z_DROP:
                case Z_UNSPEC:
                  ret = FTP_RSP_REJECT;
                  break;
                  
                default:
                  g_string_assign(self->answer_cmd, "500");
                  g_string_assign(self->answer_param, "Error parsing answer, connection dropped.");
                  ret = FTP_RSP_ABORT;
                  break;
                }
            }
        }
      z_policy_unlock(self->super.thread);
      break;
      
    default:
      g_string_assign(self->answer_cmd, "500");
      g_string_assign(self->answer_param, "Error parsing answer, connection dropped.");
      ret = FTP_RSP_ABORT;
      break;
    }
  z_proxy_return(self, ret);
}
예제 #16
0
파일: ftpolicy.c 프로젝트: kkovaacs/zorp
guint
ftp_policy_command_hash_do(FtpProxy *self)
{
  guint ret;
  ZPolicyObj *res;
  ZPolicyObj *tmp;
  ZPolicyObj *command_where;
  unsigned int command_do;
  gchar work[10];
  gchar *msg;
  int i;
  
  z_proxy_enter(self);
  tmp = g_hash_table_lookup(self->policy_command_hash, self->request_cmd->str);
  if (!tmp)
    {
      z_proxy_log(self, FTP_POLICY, 6, "Policy does not contain this request, trying the default; request='%s'", self->request_cmd->str);
      tmp = g_hash_table_lookup(self->policy_command_hash, "*");
    }
  if (!tmp)
    {
      /*LOG
        This message indicates that the policy does not contain any setting for the given
        request and Zorp rejects the request. Check the 'request' attribute.
       */
      z_proxy_log(self, FTP_POLICY, 5, "Policy does not contain this request, using hard-coded default; request='%s'", self->request_cmd->str);
      z_proxy_return(self, FTP_REQ_REJECT);
    }
  
  z_policy_lock(self->super.thread);
  if (!ftp_hash_get_type(tmp,&command_do))
    {
      /*LOG
        This message indicates that the policy type is invalid for the given request and Zorp
        rejects the request. Check the 'request' attribute.
       */
      z_proxy_log(self, FTP_POLICY, 1, "Policy type invalid; req='%s", self->request_cmd->str);
      z_policy_unlock(self->super.thread);
      z_proxy_return(self, FTP_REQ_REJECT);
    }
  z_policy_unlock(self->super.thread);
  
  switch(command_do)
    {
    case FTP_REQ_ACCEPT:
    case FTP_REQ_ABORT:
      ret = command_do;
      break;
      
    case FTP_REQ_REJECT:
      z_policy_lock(self->super.thread);
      if (z_policy_var_parse(tmp, "(is)", &command_do, &msg))
        {
          for (i = 0; i < 3; i++)
            work[i]=msg[i];

          work[i]=0;
          g_string_assign(self->answer_cmd, work);
          g_string_assign(self->answer_param, &msg[i+1]);
        }
      ret = command_do;
      z_policy_unlock(self->super.thread);
      break;
      
    case FTP_REQ_POLICY:
      z_policy_lock(self->super.thread);
      if (!z_policy_var_parse(tmp,"(iO)",&command_do,&command_where))
        {
          /*LOG
            This message indicates that the policy for the given request is invalid
            and Zorp rejects the request. Check the 'request' attribute. It is likely that the
            parameter for the FTP_REQ_POLICY is invalid.
           */
          z_proxy_log(self, FTP_POLICY, 1, "Cannot parse policy line; req='%s'", self->request_cmd->str);
          ret = FTP_REQ_ABORT;
        }
      else
        {
          g_string_assign(self->answer_cmd, "500");
          g_string_assign(self->answer_param, "Error parsing command");
          res = z_policy_call_object(command_where, z_policy_var_build("(s)",self->request_cmd->str), self->super.session_id);
          if (res == NULL)
            {
              /*LOG
                This message indicates that the callback for the given request policy is invalid
                and Zorp rejects the request. Check the 'request' attribute. It is likely that the
                parameter for the FTP_REQ_POLICY is invalid.
               */
              z_proxy_log(self, FTP_POLICY, 1, "Error in policy calling; req='%s'", self->request_cmd->str);
              ret = FTP_REQ_ABORT;
            }
          else if (!z_policy_var_parse(res,"i",&ret))
            {
              /*LOG
                This message indicates that the returned value of the callback for the given request policy 
                is invalid and Zorp rejects the request. Check the callback function.
               */
              z_proxy_log(self, FTP_POLICY, 1, "Can't parsing return code; command='%s'", self->request_cmd->str);
              ret = FTP_REQ_ABORT;
            }
          else
            {
              switch(ret)
                {
                case FTP_REQ_ACCEPT:
                case FTP_REQ_ABORT:
                case FTP_REQ_REJECT:
                  break;
                  
                case Z_UNSPEC:
                case Z_DROP:
                  ret = FTP_REQ_REJECT;
                  break;

                default:
                  break;
                }
            }
        }
      z_policy_unlock(self->super.thread);
      break;
      
    default:
      ret = FTP_REQ_ABORT;
      break;
    }
  z_proxy_return(self, ret);
}