Exemplo n.º 1
0
int vnodeSetMLSTfacts(PCStr(file),PCStr(facts)){
	CStr(vdir,1024);
	refQStr(vp,vdir);
	CStr(vnode,1024);
	CStr(line,1024);
	CStr(ofacts,1024);
	CStr(fval,1024);
	FILE *pfp;
	FILE *nfp;

	strcpy(vdir,file);
	if( vp = strrpbrk(vdir,"/\\") ){
		truncVStr(vp);
		if( !File_is(vdir) ){
			if( mkdir(vdir,0750) != 0 ){
				return 0;
			}
fprintf(stderr,"--- created %s\n",vdir);
		}
	}
	sprintf(vnode,"%s%s",file,VNODE_EXT);

	if( (pfp = fopen(vnode,"r")) && (nfp = fopen(vnode,"r+")) ){
		while( fgets(line,sizeof(line),pfp) ){
			if( strncaseeq(line,"VNO-Version:",12) ){
			}else
			if( strncaseeq(line,"VNO-Permit:",11) ){
				lineScan(line+11,fval);
				if( streq(fval,"read-only") ){
					fclose(pfp);
					fclose(nfp);
					return -1;
				}
			}else
			if( strncaseeq(line,"MLST-Facts:",11) ){
				lineScan(line+11,ofacts);
				if( streq(ofacts,facts) ){
					fclose(pfp);
					fclose(nfp);
					return 0;
				}
			}else{
				fputs(line,nfp);
			}
		}
		fclose(pfp);
fprintf(stderr,"--- CHANGED %s %s\n",vnode,facts);
	}else{
		nfp = fopen(vnode,"w+");
		if( nfp == NULL )
			return -1;
fprintf(stderr,"--- CREATED %s %s\n",vnode,facts);
	}
	fprintf(nfp,"MLST-Facts: %s\r\n",facts);
	Ftruncate(nfp,0,1);
	fclose(nfp);
	return 1;
}
Exemplo n.º 2
0
/**
 * Load private keys from the confiuguration file
 */
static bool load_keys(settings_t *settings, char *dir)
{
	enumerator_t *enumerator;
	char *type, *value, wd[PATH_MAX];
	private_key_t *key;
	key_type_t key_type;

	if (getcwd(wd, sizeof(wd)) == NULL)
	{
		fprintf(stderr, "getting cwd failed: %s\n", strerror(errno));
		return FALSE;
	}
	if (chdir(dir) != 0)
	{
		fprintf(stderr, "opening directory '%s' failed: %s\n",
				dir, strerror(errno));
		return FALSE;
	}

	enumerator = settings->create_key_value_enumerator(settings, "keys");
	while (enumerator->enumerate(enumerator, &type, &value))
	{
		if (strncaseeq(type, "ecdsa", strlen("ecdsa")))
		{
			key_type = KEY_ECDSA;
		}
		else if (strncaseeq(type, "rsa", strlen("rsa")))
		{
			key_type = KEY_RSA;
		}
		else
		{
			fprintf(stderr, "unknown key type: '%s'\n", type);
			enumerator->destroy(enumerator);
			return FALSE;
		}
		key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type,
								 BUILD_FROM_FILE, value, BUILD_END);
		if (!key)
		{
			fprintf(stderr, "loading %s key from '%s' failed\n", type, value);
			enumerator->destroy(enumerator);
			return FALSE;
		}
		conftest->creds->add_key(conftest->creds, key);
	}
	enumerator->destroy(enumerator);

	if (chdir(wd) != 0)
	{
		fprintf(stderr, "opening directory '%s' failed: %s\n",
				wd, strerror(errno));
		return FALSE;
	}
	return TRUE;
}
Exemplo n.º 3
0
/**
 * Load certificate distribution points
 */
static void load_cdps(settings_t *settings)
{
	enumerator_t *enumerator;
	identification_t *id;
	char *ca, *uri, *section;
	certificate_type_t type;
	x509_t *x509;

	enumerator = settings->create_section_enumerator(settings, "cdps");
	while (enumerator->enumerate(enumerator, &section))
	{
		if (strncaseeq(section, "crl", strlen("crl")))
		{
			type = CERT_X509_CRL;
		}
		else if (strncaseeq(section, "ocsp", strlen("ocsp")))
		{
			type = CERT_X509_OCSP_RESPONSE;
		}
		else
		{
			fprintf(stderr, "unknown cdp type '%s', ignored\n", section);
			continue;
		}

		uri = settings->get_str(settings, "cdps.%s.uri", NULL, section);
		ca = settings->get_str(settings, "cdps.%s.ca", NULL, section);
		if (!ca || !uri)
		{
			fprintf(stderr, "cdp '%s' misses ca/uri, ignored\n", section);
			continue;
		}
		x509 = lib->creds->create(lib->creds, CRED_CERTIFICATE,
							CERT_X509, BUILD_FROM_FILE, ca, BUILD_END);
		if (!x509)
		{
			fprintf(stderr, "loading cdp '%s' ca failed, ignored\n", section);
			continue;
		}
		id = identification_create_from_encoding(ID_KEY_ID,
									x509->get_subjectKeyIdentifier(x509));
		conftest->creds->add_cdp(conftest->creds, type, id, uri);
		DESTROY_IF((certificate_t*)x509);
		id->destroy(id);
	}
	enumerator->destroy(enumerator);
}
Exemplo n.º 4
0
/* compare two struct id values */
bool same_id(const struct id *a, const struct id *b)
{
	a = resolve_myid(a);
	b = resolve_myid(b);

	if (b->kind == ID_NONE || a->kind == ID_NONE)
		return TRUE; /* it's the wildcard */

	if (a->kind != b->kind)
		return FALSE;

	switch (a->kind) {
	case ID_NONE:
		return TRUE; /* repeat of above for completeness */

	case ID_IPV4_ADDR:
	case ID_IPV6_ADDR:
		return sameaddr(&a->ip_addr, &b->ip_addr);

	case ID_FQDN:
	case ID_USER_FQDN:
		/*
		 * assumptions:
		 * - case should be ignored
		 * - trailing "." should be ignored
		 *   (even if the only character?)
		 */
	{
		size_t al = a->name.len,
			bl = b->name.len;

		while (al > 0 && a->name.ptr[al - 1] == '.')
			al--;
		while (bl > 0 && b->name.ptr[bl - 1] == '.')
			bl--;
		return al == bl &&
			strncaseeq((char *)a->name.ptr,
				(char *)b->name.ptr, al);
	}

	case ID_DER_ASN1_DN:
		return same_dn(a->name, b->name);

	case ID_KEY_ID:
		return a->name.len == b->name.len &&
			memeq(a->name.ptr, b->name.ptr, a->name.len);

	default:
		bad_case(a->kind);
	}
	/* NOTREACHED */
	return FALSE;
}
Exemplo n.º 5
0
/**
 * Load trusted/untrusted certificates
 */
static bool load_cert(settings_t *settings, bool trusted)
{
	enumerator_t *enumerator;
	char *key, *value;

	enumerator = settings->create_key_value_enumerator(settings,
								trusted ? "certs.trusted" : "certs.untrusted");
	while (enumerator->enumerate(enumerator, &key, &value))
	{
		certificate_t *cert = NULL;

		if (strncaseeq(key, "x509", strlen("x509")))
		{
			cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
							CERT_X509, BUILD_FROM_FILE, value, BUILD_END);
		}
		else if (strncaseeq(key, "crl", strlen("crl")))
		{
			cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
							CERT_X509_CRL, BUILD_FROM_FILE, value, BUILD_END);
		}
		else
		{
			fprintf(stderr, "certificate type '%s' not supported\n", key);
			enumerator->destroy(enumerator);
			return FALSE;
		}
		if (!cert)
		{
			fprintf(stderr, "loading %strusted certificate '%s' from '%s' "
					"failed\n", trusted ? "" : "un", key, value);
			enumerator->destroy(enumerator);
			return FALSE;
		}
		conftest->creds->add_cert(conftest->creds, trusted, cert);
	}
	enumerator->destroy(enumerator);
	return TRUE;
}
Exemplo n.º 6
0
int asFunc(PCStr(arg1)){
	CStr(name,128);
	refQStr(dp,name);
	int fi;
	const char *n1;

	strcpy(name,arg1);
	if( dp = strrpbrk(name,"\\/") )
		ovstrcpy(name,dp+1);
	if( dp = strtailstrX(name,".exe",1) )
		setVStrEnd(dp,0);
	for( fi = 0; n1 = subfuncs[fi].f_name; fi++ ){
		if( strcaseeq(name,n1) )
			return fi+1;
		if( strncaseeq(name,"dg",2) && strcaseeq(name+2,n1) )
			return fi+1;
	}
	return 0;
}
Exemplo n.º 7
0
int waitSTLS_CL(Connection *Conn,int timeout){
	if( (ClientFlags & PF_STLS_ON) == 0 )
	{
	double St,Sr,Ss,Sn;
	St = Time();
	if( 0 < PollIn(ClientSock,timeout) ){
		Sr = Time();
		if( isinSSL(ClientSock) ){
			CStr(sts,128);
			int fcl;
			Ss = Time();
			fcl = insertFCLX(Conn,"starttls",CLNT_PROTO,FromC,ToS);
			Sn = Time();
			syslog_ERROR("## STLS ## IMPLICIT SSL ON %d,%d,%d,%d\n",
				ClientSock,FromC,ToC,fcl);
			sprintf(sts,"%.2f %.2f/%.2f %.2f %.2f = %.2f",
				St-ClntConnTime,Sr-St,timeout/1000.0,
				Ss-Sr,Sn-Ss,
				Sn-ClntConnTime);
			sv1log("OK: SSL/cl %s\n",sts);
			if( 0 <= fcl ){
				if( strncaseeq(CLNT_PROTO,"ftp",3) ){
					if( FromC == ClientSock ){ 
						ClientSock = dup(ClientSock);
					}
				}
				if( streq(iSERVER_PROTO,"delegate")
				 || ACT_GENERALIST ){
					/* 9.9.7 for FTP-data via MASTER/ssl */
					ClientSock = dup(ClientSock);
					sv1log("----ClientSock=[%d] <= [%d]\n",
						ClientSock,FromC);
				}
				dup2(fcl,FromC);
				close(fcl);
				ClientFlags |= PF_STLS_ON;
				return 1;
			}
		}
	}
	}
	return 0;
}
Exemplo n.º 8
0
/* type is really "token" type, which is actually int */
int parser_find_keyword(const char *s, YYSTYPE *lval)
{
	const struct keyword_def *k;
	bool keyleft;
	int keywordtype;

	keyleft = FALSE;
	k = ipsec_conf_keywords_v2;

	while (k->keyname != NULL) {
		if (strcaseeq(s, k->keyname))
			break;

		if (k->validity & kv_leftright) {
			if (strncaseeq(s, "left", 4) &&
			    strcaseeq(s + 4, k->keyname)) {
				keyleft = TRUE;
				break;
			} else if (strncaseeq(s, "right", 5) &&
				   strcaseeq(s + 5, k->keyname)) {
				keyleft = FALSE;
				break;
			}
		}

		k++;
	}

	lval->s = NULL;
	/* if we found nothing */
	if (k->keyname == NULL &&
	    (s[0] == 'x' || s[0] == 'X') && (s[1] == '-' || s[1] == '_')) {
		k = &ipsec_conf_keyword_comment;
		lval->k.string = strdup(s);
	}

	/* if we still found nothing */
	if (k->keyname == NULL) {
		lval->s = strdup(s);
		return STRING;
	}

	switch (k->type) {
	case kt_percent:
		keywordtype = PERCENTWORD;
		break;
	case kt_time:
		keywordtype = TIMEWORD;
		break;
	case kt_comment:
		keywordtype = COMMENT;
		break;
	case kt_bool:
	case kt_invertbool:
		keywordtype = BOOLWORD;
		break;
	default:
		keywordtype = KEYWORD;
		break;
	}

	/* else, set up llval.k to point, and return KEYWORD */
	lval->k.keydef = k;
	lval->k.keyleft = keyleft;
	return keywordtype;
}
Exemplo n.º 9
0
int DELEGATE_subfunc(DGC*Conn,int ac,const char *av[],PCStr(func),int Fopt,int type)
{	int fi;
	const char *fname;
	const char *sp;
	mainFUNCP ifunc;
	int ctype;
	const char *nav[64]; /**/
	CStr(nab,1024);
	const char **avx;
	int acx;
	int impok = 0;

	for( fi = 0; fname = subfuncs[fi].f_name; fi++ ){
		if( !strcaseeq(func,fname) )
		if( !strncaseeq(func,"dg",2) || !strcaseeq(func+2,fname) )
			continue;

		if( subfuncs[fi].f_stats & FC_DISABLE ){
			if( FimpByOwner(func) ){
				impok = 1;
			}else{
			fprintf(stderr,"Forbidden: %s\n",fname);
			Finish(-1);
			}
		}

		if( geteuid() == 0 && getuid() != 0 )
		if( (subfuncs[fi].f_stats & FC_ASROOT) == 0 )
		if( subfuncs[fi].f_func != (mainFunc*)implant_main )
		{
			/*
			fprintf(stderr,"Not allowed in root: %s\n",fname);
			*/
			seteuid(getuid());
		}

		ctype = subfuncs[fi].f_type;
		if( ctype == MS ){
			setIsFunc(Conn,1);
			LOG_type |= L_ISFUNC;
		}

		if( ctype == MV ){
			if( type != MV )
				return 1;
		}else
		if( ctype == MN ){
			if( type != MN )
				return 1;
			if( subfuncs[fi].f_proto[0] )
			DELEGATE_ScanGlobal(Conn,subfuncs[fi].f_proto);
		}

		ifunc = (mainFUNCP)subfuncs[fi].f_func;

		if( subfuncs[fi].f_withLog ){
			/* special case of "expire" */
			ac = replace_log(ac,&av,64,nav,AVStr(nab));
		}else
		if( ctype == MV ){
			/* already did arg_scan() */
			/* don't need config for any client */
		}else{
			if( ifunc == (mainFUNCP)argdec_main ){
				/* don't decrypt +=enc:... arg. */
			}else
			ac = DELEGATE_scan_args(ac,av);
			DELEGATE_config(Conn,-1);
		}

		if( subfuncs[fi].f_withAdmin )
		if( subfuncs[fi].f_proto[0] )
			checkADMIN(Conn,subfuncs[fi].f_proto);

		if( Fopt ){
			int ai;

			acx = ac - Fopt;
			avx = &av[Fopt];
			for( ai = 0; ai < acx; ai++ ){
				if( strcmp(avx[ai],"--") == 0 ){
					acx = ai;
					break;
				}
			}
		}else{
			acx = ac;
			avx = av;
		}

		if( getenv("DELEGATE_DEBUG") ){
			int ai;
			for(ai=0;ai<acx;ai++)
				fprintf(stderr,"##[%d] %s\n",ai,avx[ai]);
		}

		DELEGATE_ver(); /* set MyVer for debugging */
		(*ifunc)(acx,avx,Conn,ServSock(),SERVER_PORT());
		Finish(0);
	}
	if( Fopt ){
		printf("DeleGate: unknown function -F\"%s\"\r\n",func);
		help_main(ac,av);
		Finish(-1);
	}
	return 0;
}
Exemplo n.º 10
0
static mlt_frame filter_process( mlt_filter filter, mlt_frame frame )
{
	mlt_properties filter_props = MLT_FILTER_PROPERTIES( filter );
	mlt_properties instance_props = mlt_frame_unique_properties( frame, MLT_FILTER_SERVICE( filter ) );

	double gain = 1.0; // no adjustment

	// Parse the gain property
	if ( mlt_properties_get( filter_props, "gain" ) != NULL )
	{
		char *p = mlt_properties_get( filter_props, "gain" );

		if ( strncaseeq( p, "normalise", 9 ) )
			mlt_properties_set( filter_props, "normalise", "" );
		else
		{
			if ( strcmp( p, "" ) != 0 )
				gain = strtod( p, &p );

			while ( isspace( *p ) )
				p++;

			/* check if "dB" is given after number */
			if ( strncaseeq( p, "db", 2 ) )
				gain = DBFSTOAMP( gain );
			else
				gain = fabs( gain );

			// If there is an end adjust gain to the range
			if ( mlt_properties_get( filter_props, "end" ) != NULL )
			{
				double end = -1;
				char *p = mlt_properties_get( filter_props, "end" );
				if ( strcmp( p, "" ) != 0 )
					end = strtod( p, &p );

				while ( isspace( *p ) )
					p++;

				/* check if "dB" is given after number */
				if ( strncaseeq( p, "db", 2 ) )
					end = DBFSTOAMP( end );
				else
					end = fabs( end );

				if ( end != -1 )
					gain += ( end - gain ) * mlt_filter_get_progress( filter, frame );
			}
		}
	}
	mlt_properties_set_double( instance_props, "gain", gain );
	
	// Parse the maximum gain property
	if ( mlt_properties_get( filter_props, "max_gain" ) != NULL )
	{
		char *p = mlt_properties_get( filter_props, "max_gain" );
		double gain = strtod( p, &p ); // 0 = no max
			
		while ( isspace( *p ) )
			p++;

		/* check if "dB" is given after number */
		if ( strncaseeq( p, "db", 2 ) )
			gain = DBFSTOAMP( gain );
		else
			gain = fabs( gain );
			
		mlt_properties_set_double( instance_props, "max_gain", gain );
	}

	// Parse the limiter property
	if ( mlt_properties_get( filter_props, "limiter" ) != NULL )
	{
		char *p = mlt_properties_get( filter_props, "limiter" );
		double level = 0.5; /* -6dBFS */ 
		if ( strcmp( p, "" ) != 0 )
			level = strtod( p, &p);
		
		while ( isspace( *p ) )
			p++;
		
		/* check if "dB" is given after number */
		if ( strncaseeq( p, "db", 2 ) )
		{
			if ( level > 0 )
				level = -level;
			level = DBFSTOAMP( level );
		}
		else
		{
			if ( level < 0 )
				level = -level;
		}
		mlt_properties_set_double( instance_props, "limiter", level );
	}

	// Parse the normalise property
	if ( mlt_properties_get( filter_props, "normalise" ) != NULL )
	{
		char *p = mlt_properties_get( filter_props, "normalise" );
		double amplitude = 0.2511886431509580; /* -12dBFS */
		if ( strcmp( p, "" ) != 0 )
			amplitude = strtod( p, &p);

		while ( isspace( *p ) )
			p++;

		/* check if "dB" is given after number */
		if ( strncaseeq( p, "db", 2 ) )
		{
			if ( amplitude > 0 )
				amplitude = -amplitude;
			amplitude = DBFSTOAMP( amplitude );
		}
		else
		{
			if ( amplitude < 0 )
				amplitude = -amplitude;
			if ( amplitude > 1.0 )
				amplitude = 1.0;
		}
		
		// If there is an end adjust gain to the range
		if ( mlt_properties_get( filter_props, "end" ) != NULL )
		{
			amplitude *= mlt_filter_get_progress( filter, frame );
		}
		mlt_properties_set_int( instance_props, "normalise", 1 );
		mlt_properties_set_double( instance_props, "amplitude", amplitude );
	}

	// Parse the window property and allocate smoothing buffer if needed
	int window = mlt_properties_get_int( filter_props, "window" );
	if ( mlt_properties_get( filter_props, "smooth_buffer" ) == NULL && window > 1 )
	{
		// Create a smoothing buffer for the calculated "max power" of frame of audio used in normalisation
		double *smooth_buffer = (double*) calloc( window, sizeof( double ) );
		int i;
		for ( i = 0; i < window; i++ )
			smooth_buffer[ i ] = -1.0;
		mlt_properties_set_data( filter_props, "smooth_buffer", smooth_buffer, 0, free, NULL );
	}
	
	// Push the filter onto the stack
	mlt_frame_push_audio( frame, filter );

	// Override the get_audio method
	mlt_frame_push_audio( frame, filter_get_audio );

	return frame;
}
Exemplo n.º 11
0
/* compare two struct id values */
bool same_id(const struct id *a, const struct id *b)
{
	a = resolve_myid(a);
	b = resolve_myid(b);

	if (b->kind == ID_NONE || a->kind == ID_NONE) {
		DBG(DBG_PARSING, DBG_log("id type with ID_NONE means wildcard match"));
		return TRUE; /* it's the wildcard */
	}

	if (a->kind != b->kind) {
		return FALSE;
	}

	switch (a->kind) {
	case ID_NONE:
		return TRUE; /* repeat of above for completeness */

	case ID_NULL:
		if (a->kind == b->kind) {
			DBG(DBG_PARSING, DBG_log("ID_NULL: id kind matches"));
			return TRUE;
		}
		return FALSE;

	case ID_IPV4_ADDR:
	case ID_IPV6_ADDR:
		return sameaddr(&a->ip_addr, &b->ip_addr);

	case ID_FQDN:
	case ID_USER_FQDN:
		/*
		 * assumptions:
		 * - case should be ignored
		 * - trailing "." should be ignored
		 *   (even if the only character?)
		 */
	{
		size_t al = a->name.len,
			bl = b->name.len;

		while (al > 0 && a->name.ptr[al - 1] == '.')
			al--;
		while (bl > 0 && b->name.ptr[bl - 1] == '.')
			bl--;
		return al == bl &&
			strncaseeq((char *)a->name.ptr,
				(char *)b->name.ptr, al);
	}

	case ID_FROMCERT:
		DBG(DBG_CONTROL,
			DBG_log("same_id() received ID_FROMCERT - unexpected"));
		/* FALLTHROUGH */
	case ID_DER_ASN1_DN:
		return same_dn(a->name, b->name);

	case ID_KEY_ID:
		return a->name.len == b->name.len &&
			memeq(a->name.ptr, b->name.ptr, a->name.len);

	default:
		bad_case(a->kind);
		/* NOTREACHED */
		return FALSE;
	}
}
Exemplo n.º 12
0
void scan_STLS(Connection *Conn,PCStr(stls)){
	CStr(filt,1024);
	CStr(proto,1024);
	CStr(cmapb,1024);
	CStr(map,1024);
	CStr(opt1,1024);
	const char *cmap;
	const char *fp;
	refQStr(np,filt);
	refQStr(op,opt1);
	int fcl = 0;
	int fsv = 0;
	int opt = 0;
	const char *com = "sslway";
	CStr(comb,1024);

	/*
	cmap = wordscanY(stls,AVStr(filt),sizeof(filt),"^:");
	if( *cmap == ':' )
		cmap++;
	cmap = wordscanY(cmap,AVStr(proto),sizeof(proto),"^:");
	if( proto[0] )
		sprintf(cmapb,"starttls/{%s}%s",proto,cmap);
	else	sprintf(cmapb,"starttls%s",cmap);
	*/
	strcpy(filt,"");
	strcpy(proto,"");
	strcpy(map,"");
	scan_Listlist(stls,':',AVStr(filt),AVStr(proto),AVStr(map),VStrNULL,VStrNULL);
	if( proto[0] )
		/*
		sprintf(cmapb,"starttls/{%s}%s%s",proto,*map?":":"",map);
		*/
		sprintf(cmapb,"starttls//{%s}%s%s",proto,*map?":":"",map);
	else	sprintf(cmapb,"starttls%s%s",*map?":":"",map);

	for( fp = filt; *fp;){
		int optL;
		np = wordscanY(fp,AVStr(opt1),sizeof(opt1),"^,");
		optL = 0;

		if( strncaseeq(opt1,"-im",3) ){
			STLS_implicit_wait = -1;
			STLS_wait_set = 1;
			if( (fsv & PF_STLS_DO) && (fcl & PF_STLS_DO)==0 ){
				STLS_implicit_waitSV = -1;
				STLS_wait_setSV = 1;
			}
			goto NEXT;
		}
		if( strncaseeq(opt1,"im",2) ){
			STLS_implicit_wait = Scan_period(opt1+2,'s',0);
			STLS_wait_set = 1;
			if( (fsv & PF_STLS_DO) && (fcl & PF_STLS_DO)==0 ){
				STLS_implicit_waitSV = STLS_implicit_wait;
				STLS_wait_setSV = 1;
			}
			if( STLS_implicit_wait && STLS_implicit_wait < 0.001 )
				STLS_implicit_wait = 0.001;
			goto NEXT;
		}
		if( *opt1 == '-' ){
			ovstrcpy(opt1,opt1+1);
			optL |= PF_STLS_OPT;
		}
		if( op = strchr(opt1,'/') ){
			setVStrPtrInc(op,0);
			if( strncaseeq(op,"ssl",3) ){
				optL |= PF_STLS_SSL;
			}
		}
		if( strcaseeq(opt1,"opt") ){
			opt = PF_STLS_OPT;
		}else
		if( strcaseeq(opt1,"ssl") ){
			opt = PF_STLS_SSL;
		}else
		if( strcaseeq(opt1,"mim") || strcaseeq(opt1,"mitm") ){
			fsv = PF_STLS_DO | opt | optL | PF_MITM_DO;
			fcl = PF_STLS_DO | opt | optL | PF_MITM_DO;
		}else
		if( strcaseeq(opt1,"FSV") || strcaseeq(opt1,"SV") ){
			fsv = PF_STLS_DO | opt | optL;
			if( strneq(op,"im",2) ) fsv |= PF_SSL_IMPLICIT;
		}else
		if( strcaseeq(opt1,"FCL") || strcaseeq(opt1,"CL") ){
			fcl = PF_STLS_DO | opt | optL;
			if( strneq(op,"im",2) ) fcl |= PF_SSL_IMPLICIT;
		}else{
			syslog_ERROR("FILTER[%s]: %s\n",com,fp);
			com = fp;
			if( 1 < num_ListElems(com,':') ){
				sprintf(comb,"{%s}",com);
				com = comb;
			}
			break;
		}
	NEXT:
		fp = np;
		if( *fp == ',' )
			fp++;
	}
	if( fsv & PF_STLS_DO ){
		withSTLS_FSV++;
		sprintf(map,"%s:FSV:%s",com,cmapb);
		if( fsv & PF_MITM_DO  ) Strins(AVStr(map),"--mitm,");
		if( fsv & PF_STLS_SSL ) Strins(AVStr(map),"-ss,");
		if( fsv & PF_SSL_IMPLICIT ) Strins(AVStr(map),"--im,");
		if( fsv & PF_STLS_OPT ) Strins(AVStr(map),"-o,");
		scan_CMAP(Conn,map);
		sv1log("STLS -> CMAP=\"%s\"\n",map);
	}
	if( fcl & PF_STLS_DO ){
		withSTLS_FCL++;
		sprintf(map,"%s:FCL:%s",com,cmapb);
		if( fcl & PF_MITM_DO  ) Strins(AVStr(map),"--mitm,");
		if( fcl & PF_STLS_SSL ) Strins(AVStr(map),"-ss,");
		if( fcl & PF_SSL_IMPLICIT ) Strins(AVStr(map),"--im,");
		if( fcl & PF_STLS_OPT ) Strins(AVStr(map),"-o,");
		scan_CMAP(Conn,map);
		sv1log("STLS -> CMAP=\"%s\"\n",map);
	}
}
Exemplo n.º 13
0
int willSTLS_SV(Connection *Conn){
	int oflags = ServerFlags;

	if( (ServerFlags & PF_STLS_CHECKED) == 0 ){
		checkWithSTLS(Conn,"FSV",REAL_PROTO,"");

		if( (ClientFlags & PF_MITM_ON)
		 && (ServerFlags & PF_STLS_OPT)
		){
			/* 9.8.0-pre1 STLS=mitm,-fsv
			 * expecting STLS=fsv in the upstream proxy
			 * as PROXY, MASTER, or SOCKS
			 */
			sv1log("-- STLS=mitm,-fsv %X %d,%d,%d\n",ServerFlags,
				toMaster,toProxy,ServViaSocks);
			ServerFlags |= PF_SSL_ON;
			return 0;
		}
		if( ServerFlags & (PF_SSL_ON|PF_STLS_ON) ){
		}else
		if( ServerFlags & PF_STLS_DO )
		if( strcaseeq(DST_PROTO,"http")
		 || strcaseeq(DST_PROTO,"https")
		 || strcaseeq(DST_PROTO,"sockmux")
		 || strcaseeq(DST_PROTO,"tcprelay")
		 || strcaseeq(DST_PROTO,"telnet")
		 || strcaseeq(DST_PROTO,"telnets")
		 || (ServerFlags & PF_SSL_IMPLICIT)
		 || strcaseeq(DST_PROTO,"imaps") && !nonSSL_SV(Conn)
		 || strcaseeq(DST_PROTO,"pop3s") && !nonSSL_SV(Conn)
		){	int fsv;

			if( toProxy
			 && streq(GatewayProto,"http")
			 && streq(DST_PROTO,"https")
			){
				/* SERVER=http + STLS=fsv + PROXY */
				SSLtunnelNego(Conn,DST_HOST,DST_PORT,ToS);
				sv1log("-- PROXY=%s:%d [%s] as SSLTUNNEL\n",
					GatewayHost,GatewayPort,GatewayProto);
			}

			fsv = insertFSVX(Conn,"starttls",DST_PROTO,FromC,ToS);
			if( fsv < 0
			 && (ServerFlags & PF_SSL_IMPLICIT)
			 && streq(DST_PROTO,"ftp")
			){
			   /* 9.9.8 STLS=fsv:ftps for STLS=fsv:ftp */
			   fsv = insertFSVX(Conn,"starttls","ftps",FromC,ToS);
			}
			if( 0 <= fsv ){
				if( strncaseeq(CLNT_PROTO,"ftp",3) ){
					if( ToSX == -1 ){
					ToSX = dup(ToS); /* for ServSock() */
					}
				}
				dup2(fsv,ToS);
				close(fsv);
				ServerFlags |= PF_STLS_ON;
			}
		}
	}
	if( ConnectFlags & COF_TERSE ){
		Verbose("willSTLS_SV[%s]: ServerFlags=%X %X\n",DST_PROTO,
			ServerFlags,p2i(&ServerFlags));
	}else{
		sv1log("willSTLS_SV[%s]: ServerFlags=%X %X\n",DST_PROTO,
			ServerFlags,p2i(&ServerFlags));
	}
	if((ServerFlags & PF_STLS_CAP) == 0 )
	if( ServerFlags & PF_STLS_DONTTRY )
	if( ServerFlags & PF_STLS_OPT ){
		sv1log("WILL NOT TRY STLS -- NOT SUPPORTED and OPTIONAL\n");
		return 0;
	}

	/* this should be applied to any protocols */
	if( streq(DST_PROTO,"smtps")
	 || streq(DST_PROTO,"imaps")
	)
	if( ServerFlags & PF_SSL_ON ){
		if( oflags & PF_SSL_ON ){
			sv1log("-- with SSL already -- %s://%s:%d\n",
				DST_PROTO,DST_HOST,DST_PORT);
		}
		return 0;
	}

	return ServerFlags & PF_STLS_DO;
}
Exemplo n.º 14
0
/*
 * name can be defined
 */
int Vstat(PCStr(file),PVStr(path),PVStr(name),int isDGV,int lev,FileStat *st){
	refQStr(dp,path);
	refQStr(ep,name);
	FILE *fp;
	CStr(line,4096);
	CStr(facts,4096);
	CStr(fact1,128);
	const char *fcp;
	int rcc;
	int isdgv;

	if( 8 < lev ){
		return -1;
	}
	if( isDGV ){
		dp = 0;
	}else{
		dp = strrchr(path,'.');
		if( dp == 0 || !strcaseeq(dp,VNODE_EXT) )
			return -2;
	}
	if( (fp = fopen(path,"r+")) == 0 ){
		return -3;
	}
	truncVStr(facts);
	while( fgets(line,sizeof(line),fp) != NULL ){
		if( strncaseeq(line,"MLST-Facts:",11) ){
			lineScan(line+11,facts);
			break;
		}
		if( *line == ' ' && strcasestr(line,"Type=") ){
			lineScan(line+1,facts);
			break;
		}
	}

	if( lev == 0 ){
		FileStat vst;

		if( dp ){
			setVStrEnd(dp,0);
		}
		strcpy(name,file);
		if( ep = strrchr(name,'.') )
			setVStrEnd(ep,0);
		bzero(st,sizeof(FileStat));
		st->st_mode |= S_IFDIR;
		st->st_nlink = 1;
		if( stat(path,&vst) == 0 ){
			st->st_dev = vst.st_dev;
			st->st_ino = vst.st_ino;
		}
	}

	isdgv = 0;
	for( fcp = facts; *fcp; ){
		refQStr(f1,fact1);
		fcp = scan_ListElem1(fcp,';',AVStr(fact1));
		if( f1 = strpbrk(fact1,"\r\n") )
			setVStrEnd(f1,0);
		if( *fact1 == ' ' ){
			break;
		}else
		if( strncaseeq(fact1,"x-ref=",6) ){
			CStr(xpath,1024);
			refQStr(xp,xpath);
			strcpy(xpath,path);
			if( xp = strrpbrk(xpath,"/\\") ){
				truncVStr(xp);
			}
			chdir_cwd(AVStr(xpath),fact1+6,0);
			if( File_is(xpath) ){
				if( isdgv ){
fprintf(stderr,"--->>>> dgv ... %s\n",xpath);
				Vstat(file,AVStr(xpath),BVStr(name),1,lev+1,st);
				}else
				stat(xpath,st);
			}else{
				strcat(xpath,VNODE_EXT);
				Vstat(file,AVStr(xpath),BVStr(name),1,lev+1,st);
			}
		}else
		if( strncaseeq(fact1,"type=",5) ){
			if( strcaseeq(fact1+5,"file") )
				st->st_mode |= S_IFREG;
			else
			if( strcaseeq(fact1+5,"dir") )
				st->st_mode |= S_IFDIR;
			else
			if( strcaseeq(fact1+5,"vno") )
				isdgv = 1;
			else
			if( strcaseeq(fact1+5,"MLST") )
				isdgv = 2;
		}else
		if( strncaseeq(fact1,"perm=",5) ){
			st->st_mode |= permMode(fact1+5);
		}else
		if( strncaseeq(fact1,"size=",5) ){
			st->st_size = atoi(fact1+5);
		}else
		if( strncaseeq(fact1,"modify=",7) ){
			st->st_mtime = scanYmdHMS_GMT(fact1+7);
		}
	}
	fclose(fp);
	return 0;
}