status_e svc_child_access_control( struct service *sp, connection_s *cp )
{
access_e result ;
result = access_control( sp, cp, MASK_NULL ) ;
if( failed_service(sp, cp, result) == FAILED )
return(FAILED);
banner_success(sp, cp);
return( OK ) ;
}
TSS_RESULT
dispatchCommand(struct tcsd_thread_data *data)
{
UINT64 offset;
TSS_RESULT result;
/* First, check the ordinal bounds */
if (data->comm.hdr.u.ordinal >= TCSD_MAX_NUM_ORDS) {
LogError("Illegal TCSD Ordinal");
return TCSERR(TSS_E_FAIL);
}
LogDebug("Dispatching ordinal %u (%s)", data->comm.hdr.u.ordinal,
tcs_func_table[data->comm.hdr.u.ordinal].name);
/* We only need to check access_control if there are remote operations that are defined
* in the config file, which means we allow remote connections */
if (tcsd_options.remote_ops[0] && access_control(data)) {
LogWarn("Denied %s operation from %s",
tcs_func_table[data->comm.hdr.u.ordinal].name, data->hostname);
/* set platform header */
memset(&data->comm.hdr, 0, sizeof(data->comm.hdr));
data->comm.hdr.packet_size = sizeof(struct tcsd_packet_hdr);
data->comm.hdr.u.result = TCSERR(TSS_E_FAIL);
/* set the comm buffer */
memset(data->comm.buf, 0, data->comm.buf_size);
offset = 0;
LoadBlob_UINT32(&offset, data->comm.hdr.packet_size, data->comm.buf);
LoadBlob_UINT32(&offset, data->comm.hdr.u.result, data->comm.buf);
return TSS_SUCCESS;
}
/* Now, dispatch */
if ((result = tcs_func_table[data->comm.hdr.u.ordinal].Func(data)) == TSS_SUCCESS) {
/* set the comm buffer */
offset = 0;
LoadBlob_UINT32(&offset, data->comm.hdr.packet_size, data->comm.buf);
LoadBlob_UINT32(&offset, data->comm.hdr.u.result, data->comm.buf);
LoadBlob_UINT32(&offset, data->comm.hdr.num_parms, data->comm.buf);
LoadBlob_UINT32(&offset, data->comm.hdr.type_size, data->comm.buf);
LoadBlob_UINT32(&offset, data->comm.hdr.type_offset, data->comm.buf);
LoadBlob_UINT32(&offset, data->comm.hdr.parm_size, data->comm.buf);
LoadBlob_UINT32(&offset, data->comm.hdr.parm_offset, data->comm.buf);
}
return result;
}
/*
* Read data from the remote socket and send it to the appropriate local
* socket.
* If this is a new connection, insert it in the connection table and
* place its handle in *chpp.
*/
static void udp_remote_to_local( struct intercept_s *ip, channel_s **chpp )
{
char buf[ MAX_DATAGRAM_SIZE ] ;
packet_s packet ;
channel_s *chp ;
bool_int addr_checked ;
*chpp = CHANNEL_NULL ;
packet.data = buf ;
packet.size = sizeof( buf ) ;
if ( get_incoming_packet( ip, &packet ) == FAILED )
return ;
chp = int_lookupconn( ip, &packet.from, &addr_checked ) ;
if ( chp == CHANNEL_NULL )
{
struct server *serp = INT_SERVER( ip ) ;
struct service *sp = SERVER_SERVICE( serp ) ;
connection_s *cop = SERVER_CONNECTION( serp ) ;
if ( ( chp = int_newconn( ip, &packet.from, INT_REMOTE( ip ) ) ) == NULL )
return ;
CONN_SETADDR( cop, &packet.from ) ; /* for logging */
if ( INTERCEPT( ip ) )
{
mask_t check_mask ;
access_e result ;
M_OR( check_mask, XMASK( CF_ADDRESS ), XMASK( CF_TIME ) ) ;
result = access_control( sp, cop, &check_mask ) ;
if ( result != AC_OK )
{
svc_log_failure( sp, cop, result ) ;
chp->ch_state = BAD_CHANNEL ;
return ;
}
}
/*
* Since we don't distinguish ports, there is no point to log
* another successful attempt from the same address
*/
if ( ! addr_checked )
svc_log_success( sp, cop, SERVER_PID( serp ) ) ;
*chpp = chp ;
}
else if ( chp->ch_state == BAD_CHANNEL )
return ;
#ifdef DEBUG_UDPINT
if ( debug.on )
msg( LOG_DEBUG, "udp_remote_to_local",
"sending %d bytes to server on port %d",
packet.size, ntohs( INT_LOCALADDR( ip )->sin_port ) ) ;
#endif
send_data( chp->ch_local_socket,
packet.data, packet.size, NULL ) ;
}
