/** * telnet_process_command: * @self: * @ep: * * * * Returns: * */ static guint telnet_process_command(TelnetProxy *self, guint ep) { ZPolicyObj *res = NULL; guint option_needed; gchar cmd_str[5]; guint ret_status; z_proxy_enter(self); /* * allow commands defined in RFC 854 * these are important, and must be implemented */ /* NOTE: this triggers a warning in gcc as the second part of the * condition is always TRUE as guchar is always less-or-equal than 255, * this is true, but I leave the condition intact as in the possible case * command is changed to int the condition might be perfectly valid */ if (self->command[ep] >= 240) z_proxy_return(self, TELNET_CHECK_OK); /* * allow negotiated commands * these were allowed during a negotiation */ g_snprintf(cmd_str, sizeof(cmd_str), "%hhu", self->command[ep]); z_policy_lock(self->super.thread); res = g_hash_table_lookup(self->negotiation, cmd_str); if (res != NULL) { if (!z_policy_var_parse(res, "i", &option_needed)) { z_proxy_log(self, TELNET_POLICY, 2, "Value in negotiation table bad; command='%d'", self->command[ep]); z_policy_unlock(self->super.thread); z_proxy_return(self, TELNET_CHECK_REJECT); } z_proxy_trace(self, "Changed needed negotiated option; command='%s', option='%d'", cmd_str, option_needed); } else { option_needed = self->command[ep]; } z_policy_unlock(self->super.thread); ret_status = TELNET_CHECK_REJECT; if (option_needed == 255) { ret_status = TELNET_CHECK_OK; } else if (option_needed > 255) { z_proxy_log(self, TELNET_POLICY, 2, "Value in negotation table out of range; command='%d', value='%d'", self->command[ep], option_needed); } else { z_proxy_trace(self, "Option state check; option='%d', state='%d:%d'", option_needed, self->options[option_needed][ep], self->options[option_needed][OTHER_EP(ep)]); if (self->options[option_needed][ep] & (SENT_WILL | GOT_DO)) ret_status = TELNET_CHECK_OK; } /* reject everything else */ z_proxy_return(self, ret_status); }
gboolean smtp_policy_is_extension_permitted(SmtpProxy *self, gchar *extension) { ZPolicyObj *e; SmtpExtensionDesc *ed; SmtpActionTypes verdict = SMTP_EXT_DROP; gboolean found; z_proxy_enter(self); /* compatibility, check permit_extensions first */ ed = g_hash_table_lookup(known_extensions, extension); if (ed && (self->permit_extensions & ed->extension_mask)) z_proxy_return(self, TRUE); e = g_hash_table_lookup(self->extensions, extension); if (!e) e = g_hash_table_lookup(self->extensions, "*"); if (!e) z_proxy_return(self, FALSE); z_policy_lock(self->super.thread); found = smtp_hash_get_type(e, &verdict); z_policy_unlock(self->super.thread); z_proxy_return(self, found && (verdict == SMTP_EXT_ACCEPT)); }
gboolean ftp_policy_parse_authinfo(FtpProxy *self, const gchar *cmd, GString *param) { gboolean called = FALSE; PyObject *result = NULL; PyObject *args = NULL; gboolean ret; z_proxy_enter(self); z_policy_lock(self->super.thread); args = z_policy_var_build("ss", cmd, param->str); result = z_policy_call(self->super.handler, "parseInbandAuth", args, &called, self->super.session_id); if (!called) { z_policy_unlock(self->super.thread); z_proxy_return(self, FALSE); } if (result == NULL || !z_policy_var_parse(result, "i", &ret)) ret = FALSE; if (result) z_policy_var_unref(result); z_policy_unlock(self->super.thread); z_proxy_return(self, ret); }
gboolean ftp_policy_bounce_check(FtpProxy *self, guint side, ZSockAddr *remote, gboolean connect) { PyObject *zsock; gboolean called; ZPolicyObj *res; gboolean ret; z_proxy_enter(self); z_policy_lock(self->super.thread); zsock = z_policy_sockaddr_new(remote); res = z_policy_call(self->super.handler, "bounceCheck", z_policy_var_build("(Oii)", zsock, side, connect), &called, self->super.session_id); if (!called) { z_policy_unlock(self->super.thread); z_proxy_return(self, TRUE); } if ((res == NULL) || !z_policy_var_parse(res, "i", &ret)) ret = FALSE; z_policy_var_unref(res); z_policy_var_unref(zsock); z_policy_unlock(self->super.thread); z_proxy_return(self, ret); }
void ftp_policy_feature_hash_handle_insert(struct _FtpProxy *self, GHashTable *features) { z_proxy_enter(self); z_policy_lock(self->super.thread); g_hash_table_foreach(self->policy_features, ftp_policy_feature_hash_foreach_cb, features); z_policy_unlock(self->super.thread); z_proxy_leave(self); }
/** * finger_query_policy: * @self: FingerProxy instance * * Check the policy about the current request. **/ static gboolean finger_query_policy(FingerProxy *self) { char *errmsg = "Policy violation, request denied.\r\n"; gsize bytes_written; gint res; z_proxy_enter(self); z_policy_lock(self->super.thread); res = z_policy_event(self->super.handler, "fingerRequest", z_policy_var_build("(ss)", self->username->str, self->hostnames->str), self->super.session_id); switch (res) { case FINGER_REQ_UNSPEC: case FINGER_REQ_REJECT: case FINGER_REQ_ABORT: /*LOG This message is about administrator decision to reject the finger session. */ z_proxy_log(self, FINGER_POLICY, 2, "Policy violation, abort session;"); z_stream_write(self->super.endpoints[EP_CLIENT], errmsg, strlen(errmsg), &bytes_written, NULL); /* fallthrough */ case FINGER_REQ_DROP: if (res == ZV_DROP) { /*LOG This message is about administrator decision to drop finger session. */ z_proxy_log(self, FINGER_POLICY, 2, "Policy violation, drop session;"); } z_policy_unlock(self->super.thread); z_proxy_return(self, FALSE); case FINGER_REQ_ACCEPT: default: break; } z_policy_unlock(self->super.thread); z_proxy_return(self, TRUE); }
static void anypy_main(ZProxy * s) { AnyPyProxy *self = Z_CAST(s, AnyPyProxy); ZPolicyObj *res; gboolean called; z_proxy_enter(self); if (!z_proxy_connect_server(&self->super, NULL, 0) || !anypy_stream_init(self)) { z_proxy_leave(self); return; } z_policy_lock(self->super.thread); res = z_policy_call(self->super.handler, "proxyThread", NULL, &called, self->super.session_id); z_policy_var_unref(res); z_policy_unlock(self->super.thread); z_proxy_return(self); }
guint ftp_policy_feature_hash_search(struct _FtpProxy *self, const gchar *feature) { ZPolicyObj *res; guint verdict; gboolean valid; z_proxy_enter(self); res = g_hash_table_lookup(self->policy_features, feature); if (!res) res = g_hash_table_lookup(self->policy_features, "*"); if (!res) { /*LOG This message indicates that the policy does not contain any setting for the given feature and Zorp drops the feature. Check the 'features' attribute. */ z_proxy_log(self, FTP_POLICY, 5, "Policy does not contain this feature, dropping; feature='%s'", feature); z_proxy_return(self, FTP_FEATURE_DROP); } z_policy_lock(self->super.thread); valid = ftp_hash_get_type(res, &verdict); z_policy_unlock(self->super.thread); if (!valid) { /*LOG This message indicates that the policy type is invalid for the given feature and thus Zorp drops the feature. */ z_proxy_log(self, FTP_POLICY, 1, "Policy value invalid; feature='%s'", feature); z_proxy_return(self, FTP_FEATURE_DROP); } z_proxy_return(self, verdict); }
/** * telnet_policy_option: * @self: * * * * Returns: * */ guint telnet_policy_option(TelnetProxy *self) { guint res; ZPolicyObj *pol_res; ZPolicyObj *tmp; ZPolicyObj *command_where = NULL; guint command_do; gchar lookup_str[10]; gchar *keys[1]; gboolean type_found; z_proxy_enter(self); z_proxy_log(self, TELNET_DEBUG, 8, "Policy option negotiation check; option='%d'", self->opneg_option[self->ep]); g_snprintf(lookup_str, sizeof(lookup_str), "%d", self->opneg_option[self->ep]); keys[0] = lookup_str; tmp = z_dim_hash_table_search(self->telnet_policy, 1, keys); if (!tmp) { z_proxy_log(self, TELNET_POLICY, 2, "Option not found in policy; option='%s'", lookup_str); z_proxy_return(self, TELNET_CHECK_DROP); } z_policy_lock(self->super.thread); type_found = telnet_hash_get_type(tmp, &command_do); z_policy_unlock(self->super.thread); if (!type_found ) { z_proxy_log(self, TELNET_POLICY, 2, "Policy type invalid; option='%s'", lookup_str); z_proxy_return(self, TELNET_CHECK_ABORT); } switch (command_do) { case TELNET_OPTION_DROP: z_proxy_log(self, TELNET_POLICY, 3, "Policy denied option; option='%s'", lookup_str); res = TELNET_CHECK_DROP; break; case TELNET_OPTION_ACCEPT: z_proxy_log(self, TELNET_POLICY, 6, "Policy accepted option; option='%s'", lookup_str); res = TELNET_CHECK_OK; break; case TELNET_OPTION_POLICY: z_policy_lock(self->super.thread); if (!z_policy_var_parse(tmp, "(iO)", &command_do, &command_where)) { z_proxy_log(self, TELNET_POLICY, 2, "Cannot parse policy line; option='%s'", lookup_str); res = TELNET_CHECK_ABORT; } else { pol_res = z_policy_call_object(command_where, z_policy_var_build("(i)", &self->opneg_option[self->ep]), self->super.session_id); if (pol_res == NULL) { z_proxy_log(self, TELNET_POLICY, 2, "Error in policy calling; option='%s'", lookup_str); res = TELNET_CHECK_ABORT; } else if (!z_policy_var_parse(pol_res, "i", &res)) { z_proxy_log(self, TELNET_POLICY, 1, "Can't parse return verdict; option='%s'", lookup_str); res = TELNET_CHECK_ABORT; } else { switch (res) { case ZV_ACCEPT: z_proxy_log(self, TELNET_POLICY, 6, "Policy function accepted option; option='%s'", lookup_str); res = TELNET_CHECK_OK; break; case ZV_UNSPEC: case ZV_DROP: z_proxy_log(self, TELNET_POLICY, 3, "Policy function drop option; option='%s'", lookup_str); res = TELNET_CHECK_DROP; break; case TELNET_OPTION_REJECT: z_proxy_log(self, TELNET_POLICY, 3, "Policy function reject option; option='%s'", lookup_str); res = TELNET_CHECK_REJECT; break; case ZV_ABORT: default: z_proxy_log(self, TELNET_POLICY, 1, "Policy function aborted session; option='%s'", lookup_str); res = TELNET_CHECK_ABORT; break; } } } z_policy_unlock(self->super.thread); break; case TELNET_OPTION_REJECT: z_proxy_log(self, TELNET_POLICY, 3, "Policy rejected option; option='%s'", lookup_str); res = TELNET_CHECK_REJECT; break; case TELNET_OPTION_ABORT: default: z_proxy_log(self, TELNET_POLICY, 3, "Policy aborted session; option='%s'", lookup_str); res = TELNET_CHECK_ABORT; break; } z_proxy_return(self, res); }
/** * telnet_policy_suboption: * @self: * @command: * @name: * @value: * * * * Returns: * */ guint telnet_policy_suboption(TelnetProxy *self, guchar command, gchar *name, gchar *value) { guint res; ZPolicyObj *pol_res; ZPolicyObj *tmp; ZPolicyObj *command_where = NULL; guint command_do; gchar lookup_str[2][10]; gchar *keys[2]; gboolean type_found; z_proxy_enter(self); z_proxy_log(self, TELNET_DEBUG, 8, "Policy suboption negotiation check;"); g_snprintf(lookup_str[0], sizeof(lookup_str[0]), "%d", self->opneg_option[self->ep]); g_snprintf(lookup_str[1], sizeof(lookup_str[1]), "%d", command); keys[0] = lookup_str[0]; keys[1] = lookup_str[1]; tmp = z_dim_hash_table_search(self->telnet_policy, 2, keys); if (!tmp) { z_proxy_log(self, TELNET_POLICY, 1, "Option not found in policy hash, dropping; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]); z_proxy_return(self, TELNET_CHECK_DROP); } z_policy_lock(self->super.thread); type_found = telnet_hash_get_type(tmp, &command_do); z_policy_unlock(self->super.thread); if (!type_found) { z_proxy_log(self, TELNET_POLICY, 2, "Policy type invalid!"); z_proxy_return(self, TELNET_CHECK_ABORT); } switch (command_do) { case TELNET_OPTION_DROP: z_proxy_log(self, TELNET_POLICY, 6, "Policy denied suboption; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]); res = TELNET_CHECK_DROP; break; case TELNET_OPTION_ACCEPT: z_proxy_log(self, TELNET_POLICY, 6, "Policy accepted suboption; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]); res = TELNET_CHECK_OK; break; case TELNET_OPTION_POLICY: z_policy_lock(self->super.thread); if (!z_policy_var_parse(tmp, "(iO)", &command_do, &command_where)) { z_proxy_log(self, TELNET_POLICY, 2, "Cannot parse policy line for option; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]); res = TELNET_CHECK_ABORT; } else { /* call Python method with appropriate parameters */ switch (self->opneg_option[self->ep]) { case TELNET_OPTION_TERMINAL_TYPE: case TELNET_OPTION_TERMINAL_SPEED: case TELNET_OPTION_X_DISPLAY_LOCATION: case TELNET_OPTION_ENVIRONMENT: case TELNET_OPTION_NAWS: pol_res = z_policy_call_object(command_where, z_policy_var_build("(iss)", &self->opneg_option[self->ep], name, value), self->super.session_id); break; default: pol_res = z_policy_call_object(command_where, z_policy_var_build("(i)", &self->opneg_option[self->ep]), self->super.session_id); break; } if (pol_res == NULL) { z_proxy_log(self, TELNET_POLICY, 2, "Error in policy calling; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]); res = TELNET_CHECK_ABORT; } else if (!z_policy_var_parse(pol_res, "i", &res)) { z_proxy_log(self, TELNET_POLICY, 2, "Can't parse return verdict; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]); res = TELNET_CHECK_ABORT; } else { switch (res) { case ZV_ACCEPT: z_proxy_log(self, TELNET_POLICY, 6, "Policy function accepted suboption; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]); res = TELNET_CHECK_OK; break; case ZV_UNSPEC: case ZV_REJECT: case ZV_DROP: z_proxy_log(self, TELNET_POLICY, 3, "Policy function denied suboption; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]); res = TELNET_CHECK_DROP; break; case ZV_ABORT: default: z_proxy_log(self, TELNET_POLICY, 3, "Policy function aborted suboption; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]); res = TELNET_CHECK_ABORT; break; } } } z_policy_unlock(self->super.thread); break; case TELNET_OPTION_ABORT: default: z_proxy_log(self, TELNET_POLICY, 3, "Policy aborted session; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]); res = TELNET_CHECK_ABORT; break; } z_proxy_return(self, res); }
SmtpRequestTypes smtp_policy_check_request(SmtpProxy *self) { ZPolicyObj *entry; ZPolicyObj *res; ZPolicyObj *process_cmd = NULL; SmtpRequestTypes action; gchar *response = NULL, *response_param = NULL; z_proxy_enter(self); entry = g_hash_table_lookup(self->request_policy, self->request->str); if (!entry) entry = g_hash_table_lookup(self->request_policy, "*"); if (!entry) z_proxy_return(self, SMTP_REQ_REJECT); z_policy_lock(self->super.thread); if (!smtp_hash_get_type(entry, &action)) { /*LOG This message indicates that the policy type is invalid for the given request and Zorp aborts the connection. Check the 'request' attribute. */ z_proxy_log(self, SMTP_POLICY, 1, "Invalid request policy type; request='%s'", self->request->str); z_policy_unlock(self->super.thread); z_proxy_return(self, SMTP_REQ_ABORT); } z_policy_unlock(self->super.thread); z_cp(); switch (action) { case SMTP_REQ_REJECT: z_policy_lock(self->super.thread); if (!z_policy_var_parse_tuple(entry, "i|ss", &action, &response, &response_param)) { /*LOG This message indicates that the parameter of the request policy of the given request is invalid and Zorp aborts the connection. Check the 'request' attribute. */ z_proxy_log(self, SMTP_POLICY, 1, "Error in request policy; request='%s'", self->request->str); action = SMTP_REQ_ABORT; } else { if (response) g_string_assign(self->error_code, response); if (response_param) g_string_assign(self->error_info, response_param); } z_policy_unlock(self->super.thread); break; case SMTP_REQ_ACCEPT: break; case SMTP_REQ_POLICY: z_policy_lock(self->super.thread); if (!z_policy_var_parse(entry, "(iO)", &action, &process_cmd)) { /*LOG This message indicates that the parameter of the request policy of the given request is invalid and Zorp aborts the connection. Check the 'request' attribute. */ z_proxy_log(self, SMTP_POLICY, 1, "Error in request policy; request='%s'", self->request->str); action = SMTP_REQ_ABORT; } else { res = z_policy_call_object(process_cmd, z_policy_var_build("(ss)", self->request->str, self->request_param->str), self->super.session_id); if (res) { if (!z_policy_var_parse(res, "i", &action)) { /*LOG This message indicates that the returned value of the callback for the given request policy is invalid and Zorp aborts the connection. Check the callback function. */ z_proxy_log(self, SMTP_POLICY, 1, "The verdict returned by the policy is not an int; request='%s'", self->request->str); action = SMTP_REQ_ABORT; } else { switch (action) { case SMTP_REQ_ACCEPT: case SMTP_REQ_REJECT: case SMTP_REQ_ABORT: break; default: action = SMTP_REQ_ABORT; break; } } } else { action = SMTP_REQ_ABORT; } } z_policy_unlock(self->super.thread); break; case SMTP_REQ_ABORT: default: action = SMTP_REQ_ABORT; break; } z_proxy_return(self, action); }
SmtpResponseTypes smtp_policy_check_response(SmtpProxy *self) { ZPolicyObj *entry, *process_rsp, *res; gchar *key[2]; gchar *response, *response_param; SmtpResponseTypes action; z_proxy_enter(self); if (self->request->len) key[0] = self->request->str; else key[0] = "Null"; key[1] = self->response->str; entry = z_dim_hash_table_search(self->response_policy, 2, key); if (!entry) z_proxy_return(self, SMTP_RSP_REJECT); z_policy_lock(self->super.thread); if (!smtp_hash_get_type(entry, &action)) { /*LOG This message indicates that the policy type is invalid for the given response and Zorp aborts the connection. Check the 'response' attribute. */ z_proxy_log(self, SMTP_POLICY, 1, "Invalid response policy; request='%s', response='%s'", self->request->str, self->response->str); z_proxy_return(self, SMTP_RSP_ABORT); } z_policy_unlock(self->super.thread); switch (action) { case SMTP_RSP_REJECT: z_policy_lock(self->super.thread); if (!z_policy_var_parse_tuple(entry, "i|ss", &action, &response, &response_param)) { /*LOG This message indicates that the parameter of the response policy of the given request is invalid and Zorp aborts the connection. Check the 'response' attribute. */ z_proxy_log(self, SMTP_POLICY, 1, "Error in response policy; request='%s', response='%s'", self->request->str, self->response->str); action = SMTP_RSP_ABORT; } else { if (response) g_string_assign(self->error_code, response); if (response_param) g_string_assign(self->error_info, response_param); } z_policy_unlock(self->super.thread); break; case SMTP_RSP_ACCEPT: case SMTP_RSP_ABORT: break; case SMTP_RSP_POLICY: z_policy_lock(self->super.thread); if (!z_policy_var_parse(entry, "(iO)", &action, &process_rsp)) { /*LOG This message indicates that the parameter of the response policy of the given request is invalid and Zorp aborts the connection. Check the 'response' attribute. */ z_proxy_log(self, SMTP_POLICY, 1, "Error in response policy; request='%s', response='%s'", self->request->str, self->response->str); action = SMTP_RSP_ABORT; } else { res = z_policy_call_object(process_rsp, z_policy_var_build("(ssss)", self->request->str, self->request_param->str, self->response->str, self->response_param->str), self->super.session_id); if (res) { if (!z_policy_var_parse(res, "i", &action)) { /*LOG This message indicates that the returned value of the callback for the given response policy is invalid and Zorp aborts the connection. Check the callback function. */ z_proxy_log(self, SMTP_POLICY, 1, "The verdict returned by the policy is not an int; request='%s', response='%s'", self->request->str, self->response->str); action = SMTP_RSP_ABORT; } } else { action = SMTP_RSP_ABORT; } } z_policy_unlock(self->super.thread); break; default: action = SMTP_RSP_ABORT; break; } z_proxy_return(self, action); }
guint pop3_policy_command_hash_do(Pop3Proxy *self) { guint rc; ZPolicyObj *res; ZPolicyObj *tmp = g_hash_table_lookup(self->commands_policy, self->command->str); ZPolicyObj *command_where = NULL; ZPolicyObj *answer_where = NULL; unsigned int command_do; z_proxy_enter(self); if (!tmp) { z_proxy_log(self, POP3_DEBUG, 6, "Policy does not contain this request, trying the default; request='%s'", self->command->str); tmp = g_hash_table_lookup(self->commands_policy, "*"); } if (!tmp) { /*LOG This message indicates that the policy does not contain any setting for the given request and Zorp rejects the request. Check the 'request' attribute. */ z_proxy_log(self, POP3_DEBUG, 5, "Policy does not contain this request, using hard-coded default; request='%s'", self->command->str); z_proxy_return(self, POP3_REQ_REJECT); } z_policy_lock(self->super.thread); if (!pop3_hash_get_type(tmp, &command_do)) { /*LOG This message indicates that the policy type is invalid for the given request and Zorp aborts the connection. Check the 'request' attribute. */ z_proxy_log(self, POP3_POLICY, 1, "Policy type is invalid; req='%s'", self->command->str); z_policy_unlock(self->super.thread); z_proxy_return(self, POP3_REQ_ABORT); } z_policy_unlock(self->super.thread); switch(command_do) { case POP3_REQ_ACCEPT_MLINE: self->response_multiline = TRUE; /* No Break */ case POP3_REQ_REJECT: case POP3_REQ_ACCEPT: rc = command_do; break; case POP3_REQ_POLICY: z_policy_lock(self->super.thread); if (!z_policy_var_parse(tmp, "(iOO)", &command_do, &command_where, &answer_where) && !z_policy_var_parse(tmp, "(iO)", &command_do, &command_where)) { /*LOG This message indicates that the policy for the given request is invalid and Zorp aborts the connection. Check the 'request' attribute. It is likely that the parameter for the POP3_REQ_POLICY is invalid. */ z_proxy_log(self, POP3_POLICY, 1, "Cannot parse policy line; req='%s'",self->command->str); rc = POP3_REQ_ABORT; } else { res = z_policy_call_object(command_where, z_policy_var_build("(s)", self->command), self->super.session_id); if (res == NULL) { /*LOG This message indicates that the callback for the given request policy is invalid and Zorp aborts the connection. Check the 'request' attribute. It is likely that the parameter for the POP3_REQ_POLICY is invalid. */ z_proxy_log(self, POP3_POLICY, 1, "Error in policy call; req='%s'", self->command->str); rc = POP3_REQ_ABORT; } else { if (!z_policy_var_parse(res, "i", &rc)) { /*LOG This message indicates that the returned value of the callback for the given request policy is invalid and Zorp aborts the connection. Check the callback function. */ z_proxy_log(self, POP3_POLICY, 1, "Cannot parse the return code; req='%s'", self->command->str); rc = POP3_REQ_ABORT; } else { switch(rc) { case POP3_REQ_ACCEPT_MLINE: self->response_multiline = TRUE; /* No Break */ case POP3_REQ_ACCEPT: rc = POP3_REQ_ACCEPT; break; case ZV_UNSPEC: case ZV_DROP: case POP3_REQ_REJECT: rc = POP3_REQ_REJECT; break; case POP3_REQ_ABORT: default: rc = POP3_REQ_ABORT; break; } } } } z_policy_unlock(self->super.thread); break; case POP3_REQ_ABORT: default: rc = POP3_REQ_ABORT; break; } z_proxy_return(self, rc); }
gboolean pop3_policy_stack_hash_do(Pop3Proxy *self, ZStackedProxy **stacked) { guint rc; ZPolicyObj *res = NULL; ZPolicyObj *tmp = g_hash_table_lookup(self->command_stack, self->command->str); ZPolicyObj *command_where = NULL; ZPolicyObj *stack_proxy = NULL; unsigned int command_do; gboolean success = TRUE; z_proxy_enter(self); if (!tmp) tmp = g_hash_table_lookup(self->command_stack, "*"); if (!tmp) z_proxy_return(self, TRUE); z_policy_lock(self->super.thread); if (!pop3_hash_get_type(tmp, &command_do)) { /*LOG This message indicates that the stack policy type is invalid for the given response, so nothing will be stacked. Check the 'response_stack' attribute. */ z_proxy_log(self, POP3_POLICY, 1, "Stack policy type is invalid; req='%s'", self->command->str); z_policy_unlock(self->super.thread); z_proxy_return(self, FALSE); } switch(command_do) { case POP3_STK_NONE: rc = command_do; break; case POP3_STK_DATA: case POP3_STK_MIME: if (!z_policy_var_parse(tmp, "(iO)", &rc, &stack_proxy)) { /*LOG This message indicates that the stack policy for the given response is invalid and Zorp stacks nothing. Check the 'response_stack' attribute. It is likely that the parameter for the POP3_STK_MIME or POP3_STK_DATA is invalid. */ z_proxy_log(self, POP3_POLICY, 1, "Cannot parse stack policy line; req='%s'", self->command->str); success = FALSE; } break; case POP3_STK_POLICY: if (!z_policy_var_parse(tmp, "(iO)", &rc, &command_where)) { /*LOG This message indicates that the stack policy for the given response is invalid and Zorp stacks nothing. Check the 'response_stack' attribute. It is likely that the parameter for the POP3_STK_POLICY is invalid. */ z_proxy_log(self, POP3_POLICY, 1, "Cannot parse stack policy line; req='%s'", self->command->str); success = FALSE; } else { res = z_policy_call_object(command_where, z_policy_var_build("(s)", self->command->str), self->super.session_id); if (res == NULL) { /*LOG This message indicates that the callback for the given request policy is invalid and Zorp stacks nothing. Check the 'request' attribute. It is likely that the parameter for the POP3_STK_POLICY is invalid. */ z_proxy_log(self, POP3_POLICY, 1, "Error in policy call; req='%s'", self->command->str); success = FALSE; } else { if (!z_policy_var_parse(res, "i", &rc) && !z_policy_var_parse(res, "(iO)", &rc, &stack_proxy)) { /*LOG This message indicates that the returned value of the callback for the given response policy is invalid and Zorp stacks nothing. Check the callback function. */ z_proxy_log(self, POP3_POLICY, 1, "Cannot parse return code; req='%s'", self->command->str); success = FALSE; } z_policy_var_unref(res); } } break; } if (success && rc != POP3_STK_NONE && stack_proxy) success = z_proxy_stack_object(&self->super, stack_proxy, stacked, NULL); z_policy_unlock(self->super.thread); z_proxy_return(self, success); }
guint ftp_policy_answer_hash_do(FtpProxy *self) { guint ret; ZPolicyObj *res; ZPolicyObj *tmp; ZPolicyObj *answer_where; unsigned int answer_do; gchar key1[5]; gchar key2[5]; gchar *key[2]; gchar *msg; int i; gchar work[10]; z_proxy_enter(self); if (self->request_cmd->len > 0) g_snprintf(key1, sizeof(key1), "%s", self->request_cmd->str); else g_snprintf(key1, sizeof(key1), "Null"); g_snprintf(key2, sizeof(key2), "%s", self->answer_cmd->str); key[0] = key1; key[1] = key2; tmp = z_dim_hash_table_search(self->policy_answer_hash, 2, key); if (!tmp) { /*LOG This message indicates that the policy does not contain any setting for the given response and Zorp rejects the response. Check the 'response' attribute. */ z_proxy_log(self, FTP_POLICY, 5, "Policy does not contain this response, using hard-coded default; request='%s', response='%s", self->request_cmd->str, self->answer_cmd->str); z_proxy_return(self, FTP_RSP_REJECT); } z_policy_lock(self->super.thread); if (!ftp_hash_get_type(tmp, &answer_do)) { /*LOG This message indicates that the policy type is invalid for the given response and Zorp rejects the request. Check the 'request' attribute. */ z_proxy_log(self, FTP_POLICY, 1, "Answer type invalid; req='%s', rsp='%s'", self->request_cmd->str, self->answer_cmd->str); z_proxy_return(self, FTP_RSP_REJECT); } z_policy_unlock(self->super.thread); switch(answer_do) { case FTP_RSP_REJECT: ret = FTP_RSP_REJECT; z_policy_lock(self->super.thread); if (!z_policy_var_parse(tmp, "(is)", &answer_do, &msg)) { g_string_assign(self->answer_cmd, "500"); g_string_assign(self->answer_param, "Error parsing answer"); } else { for(i = 0; i < 3; i++) work[i]=msg[i]; work[i]=0; g_string_assign(self->answer_cmd, work); g_string_assign(self->answer_param, &msg[i+1]); } z_policy_unlock(self->super.thread); break; case FTP_RSP_ACCEPT: ret = FTP_RSP_ACCEPT; break; case FTP_RSP_ABORT: ret = FTP_RSP_ABORT; z_policy_lock(self->super.thread); if (!z_policy_var_parse(tmp, "(is)", &answer_do, &msg)) { g_string_assign(self->answer_cmd, "500"); g_string_assign(self->answer_param, "Error parsing answer"); } else { for(i = 0; i < 3; i++) work[i]=msg[i]; work[i]=0; g_string_assign(self->answer_cmd, work); g_string_assign(self->answer_param, &msg[i+1]); } z_policy_unlock(self->super.thread); break; case FTP_RSP_POLICY: z_policy_lock(self->super.thread); if (!z_policy_var_parse(tmp,"(iO)", &answer_do, &answer_where)) { /*LOG This message indicates that the policy for the given response is invalid and Zorp rejects the response. Check the 'response' attribute. It is likely that the parameter for the FTP_RSP_POLICY is invalid. */ z_proxy_log(self, FTP_POLICY, 1, "Bad policy line; command='%s', answer='%s'", self->request_cmd->str, self->answer_cmd->str); g_string_assign(self->answer_cmd, "500"); g_string_assign(self->answer_param, "Error parsing answer (bad policy)"); ret = FTP_RSP_ABORT; } else { res = z_policy_call_object(answer_where, z_policy_var_build("(ss)", self->request_cmd->str, self->answer_cmd->str), self->super.session_id); if (res == NULL) { /*LOG This message indicates that the callback for the given response policy is invalid and Zorp rejects the response. Check the 'response' attribute. It is likely that the parameter for the FTP_RSP_POLICY is invalid. */ z_proxy_log(self, FTP_POLICY, 1, "Error in policy calling; command='%s', answer='%s'", self->request_cmd->str, self->answer_cmd->str); g_string_assign(self->answer_cmd, "500"); g_string_assign(self->answer_param, "Error parsing answer (bad policy)"); ret = FTP_RSP_ABORT; } else if (!z_policy_var_parse(res, "i", &ret)) { /*LOG This message indicates that the returned value of the callback for the given response policy is invalid and Zorp rejects the response. Check the callback function. */ z_proxy_log(self, FTP_POLICY, 1, "Return code invalid from policy function; command='%s', answer='%s'", self->request_cmd->str, self->answer_cmd->str); g_string_assign(self->answer_cmd, "500"); g_string_assign(self->answer_param, "Error parsing answer (bad policy)"); ret = FTP_RSP_ABORT; } else { switch(ret) { case FTP_RSP_ACCEPT: case FTP_RSP_REJECT: case FTP_RSP_ABORT: break; case Z_DROP: case Z_UNSPEC: ret = FTP_RSP_REJECT; break; default: g_string_assign(self->answer_cmd, "500"); g_string_assign(self->answer_param, "Error parsing answer, connection dropped."); ret = FTP_RSP_ABORT; break; } } } z_policy_unlock(self->super.thread); break; default: g_string_assign(self->answer_cmd, "500"); g_string_assign(self->answer_param, "Error parsing answer, connection dropped."); ret = FTP_RSP_ABORT; break; } z_proxy_return(self, ret); }
guint ftp_policy_command_hash_do(FtpProxy *self) { guint ret; ZPolicyObj *res; ZPolicyObj *tmp; ZPolicyObj *command_where; unsigned int command_do; gchar work[10]; gchar *msg; int i; z_proxy_enter(self); tmp = g_hash_table_lookup(self->policy_command_hash, self->request_cmd->str); if (!tmp) { z_proxy_log(self, FTP_POLICY, 6, "Policy does not contain this request, trying the default; request='%s'", self->request_cmd->str); tmp = g_hash_table_lookup(self->policy_command_hash, "*"); } if (!tmp) { /*LOG This message indicates that the policy does not contain any setting for the given request and Zorp rejects the request. Check the 'request' attribute. */ z_proxy_log(self, FTP_POLICY, 5, "Policy does not contain this request, using hard-coded default; request='%s'", self->request_cmd->str); z_proxy_return(self, FTP_REQ_REJECT); } z_policy_lock(self->super.thread); if (!ftp_hash_get_type(tmp,&command_do)) { /*LOG This message indicates that the policy type is invalid for the given request and Zorp rejects the request. Check the 'request' attribute. */ z_proxy_log(self, FTP_POLICY, 1, "Policy type invalid; req='%s", self->request_cmd->str); z_policy_unlock(self->super.thread); z_proxy_return(self, FTP_REQ_REJECT); } z_policy_unlock(self->super.thread); switch(command_do) { case FTP_REQ_ACCEPT: case FTP_REQ_ABORT: ret = command_do; break; case FTP_REQ_REJECT: z_policy_lock(self->super.thread); if (z_policy_var_parse(tmp, "(is)", &command_do, &msg)) { for (i = 0; i < 3; i++) work[i]=msg[i]; work[i]=0; g_string_assign(self->answer_cmd, work); g_string_assign(self->answer_param, &msg[i+1]); } ret = command_do; z_policy_unlock(self->super.thread); break; case FTP_REQ_POLICY: z_policy_lock(self->super.thread); if (!z_policy_var_parse(tmp,"(iO)",&command_do,&command_where)) { /*LOG This message indicates that the policy for the given request is invalid and Zorp rejects the request. Check the 'request' attribute. It is likely that the parameter for the FTP_REQ_POLICY is invalid. */ z_proxy_log(self, FTP_POLICY, 1, "Cannot parse policy line; req='%s'", self->request_cmd->str); ret = FTP_REQ_ABORT; } else { g_string_assign(self->answer_cmd, "500"); g_string_assign(self->answer_param, "Error parsing command"); res = z_policy_call_object(command_where, z_policy_var_build("(s)",self->request_cmd->str), self->super.session_id); if (res == NULL) { /*LOG This message indicates that the callback for the given request policy is invalid and Zorp rejects the request. Check the 'request' attribute. It is likely that the parameter for the FTP_REQ_POLICY is invalid. */ z_proxy_log(self, FTP_POLICY, 1, "Error in policy calling; req='%s'", self->request_cmd->str); ret = FTP_REQ_ABORT; } else if (!z_policy_var_parse(res,"i",&ret)) { /*LOG This message indicates that the returned value of the callback for the given request policy is invalid and Zorp rejects the request. Check the callback function. */ z_proxy_log(self, FTP_POLICY, 1, "Can't parsing return code; command='%s'", self->request_cmd->str); ret = FTP_REQ_ABORT; } else { switch(ret) { case FTP_REQ_ACCEPT: case FTP_REQ_ABORT: case FTP_REQ_REJECT: break; case Z_UNSPEC: case Z_DROP: ret = FTP_REQ_REJECT; break; default: break; } } } z_policy_unlock(self->super.thread); break; default: ret = FTP_REQ_ABORT; break; } z_proxy_return(self, ret); }