Пример #1
0
static int filesystem_rename(const char *name, const char *destname)
{
	int ret;

	ret = access_check(FTP_TARGET, FTP_TARGET_SIZE, ACCESS_OP_DELETE, name);
	if (ret < 0) {
		error("rename(%s, %s): %s (%d)", name, destname,
						strerror(-ret), -ret);
		return ret;
	}

	ret = access_check(FTP_TARGET, FTP_TARGET_SIZE, ACCESS_OP_CREATE,
			destname);
	if (ret < 0) {
		error("rename(%s, %s): %s (%d)", name, destname,
						strerror(-ret), -ret);
		return ret;
	}

	ret = rename(name, destname);
	if (ret < 0) {
		error("rename(%s, %s): %s (%d)", name, destname,
						strerror(errno), errno);
		return -errno;
	}

	return ret;
}
Пример #2
0
static int _router_accept_check(router_t r, mio_fd_t fd, const char *ip) {
    rate_t rt;

    if(access_check(r->access, ip) == 0) {
        log_write(r->log, LOG_NOTICE, "[%d] [%s] access denied by configuration", fd->fd, ip);
        return 1;
    }

    if(r->conn_rate_total != 0) {
        rt = (rate_t) xhash_get(r->conn_rates, ip);
        if(rt == NULL) {
            rt = rate_new(r->conn_rate_total, r->conn_rate_seconds, r->conn_rate_wait);
            xhash_put(r->conn_rates, pstrdup(xhash_pool(r->conn_rates), ip), (void *) rt);
        }

        if(rate_check(rt) == 0) {
            log_write(r->log, LOG_NOTICE, "[%d] [%s] is being rate limited", fd->fd, ip);
            return 1;
        }

        rate_add(rt, 1);
    }

    return 0;
}
Пример #3
0
 void connection::close(){
     access_check();
     int err = sqlite3_close(handle);
     if(err != SQLITE_OK)
         throw database_exception_code(sqlite3_errmsg(handle), err);
     handle = 0;
 }
Пример #4
0
static void *capability_open(const char *name, int oflag, mode_t mode,
					void *context, size_t *size, int *err)
{
	struct capability_object *object = NULL;
	char *buf;
	const char *argv[2];

	if (oflag != O_RDONLY)
		goto fail;

	if (access_check(FTP_TARGET, FTP_TARGET_SIZE, ACCESS_OP_READ, name) < 0)
		goto fail;

	object = g_new0(struct capability_object, 1);
	object->pid = -1;
	object->output = -1;
	object->err = -1;

	if (name[0] != '!') {
		GError *gerr = NULL;
		gboolean ret;

		ret = g_file_get_contents(name, &buf, NULL, &gerr);
		if (ret == FALSE) {
			error("%s", gerr->message);
			g_error_free(gerr);
			goto fail;
		}

		object->buffer = g_string_new(buf);

		if (size)
			*size = object->buffer->len;

		goto done;
	}

	argv[0] = &name[1];
	argv[1] = NULL;

	object->pid = capability_exec(argv, &object->output, &object->err);
	if (object->pid < 0)
		goto fail;

	/* Watch cannot be removed while the process is still running */
	g_child_watch_add(object->pid, script_exited, object);

done:
	if (err)
		*err = 0;

	return object;

fail:
	if (err)
		*err = -EPERM;

	g_free(object);
	return NULL;
}
Пример #5
0
/* <array|packedarray|dict|file|string> wcheck <bool> */
static int
zwcheck(i_ctx_t *i_ctx_p)
{
    os_ptr op = osp;
    int code = access_check(i_ctx_p, a_write, false);

    if (code >= 0)
	make_bool(op, code), code = 0;
    return code;
}
Пример #6
0
/* <obj:array|packedarray|file|string> executeonly <obj> */
static int
zexecuteonly(i_ctx_t *i_ctx_p)
{
    os_ptr op = osp;

    check_op(1);
    if (r_has_type(op, t_dictionary))
	return_error(e_typecheck);
    return access_check(i_ctx_p, a_execute, true);
}
Пример #7
0
static void daemon_accept (int fd, fd_set socketfds, fd_set sslfds, int maxfd)
{
	struct sockaddr_in addr;
	socklen_t addrlen = sizeof (addr);
	CLIENT *initclient;
	int rc = -1;

        rc = accept (fd, (struct sockaddr *)&addr, &addrlen);
	if (rc < 0) return;

	initclient = access_check (rc, addr);

//	uint port = ntohs (addr.sin_port);

	if (! initclient) {
		close (rc);
		return;
	}

	initclient->useSSL = FD_ISSET(fd, &sslfds);
	initclient->ssl    = NULL;

#if defined(_SC_NPROCESSORS_ONLN)
	if ( cfg.CoreBind > 0 )
	{
		/* Select CPU core to bind to */
		master->currcore++;
		if ( master->currcore >= master->numcores )
			master->currcore = 0;
		initclient->numcore = master->currcore;
	}
#endif

	switch (fork ()) {
	case 0:
		syslog_open ("nntpswitchd", LOG_PID, LOG_NEWS);
		for (int i = 0; i <= maxfd; i++) {
			if (FD_ISSET (i, &socketfds))
				close (i);
		}
		run_child (initclient);
		syslog_close ();
		_exit (0);
	case -1: 
		info ("couldnt fork child %s", strerror (errno));
	default:
                if ( cfg.JSONACL == 1 && initclient->acl != NULL ) { 
                    freehttpacl(initclient->acl);
                }
		close (rc); 
	}
}
Пример #8
0
static int filesystem_remove(const char *name)
{
	int ret;

	ret = access_check(FTP_TARGET, FTP_TARGET_SIZE, ACCESS_OP_DELETE, name);
	if (ret < 0) {
		error("remove(%s, %s): %s (%d)", name, name,
						strerror(-ret), -ret);
		return ret;
	}

	if (remove(name) < 0)
		return -errno;

	return 0;
}
Пример #9
0
/* <obj:array|packedarray|dict|file|string> noaccess <obj> */
static int
znoaccess(i_ctx_t *i_ctx_p)
{
    os_ptr op = osp;

    check_op(1);
    if (r_has_type(op, t_dictionary)) {
	ref *aop = dict_access_ref(op);
	
	/* CPSI throws invalidaccess when seting noaccess to a readonly dictionary (CET 13-13-6) : */
	if (!r_has_attrs(aop, a_write)) {
	    if (!r_has_attrs(aop, a_read) && !r_has_attrs(aop, a_execute)) {
		/* Already noaccess - do nothing (CET 24-09-1). */
		return 0;
	    }
	    return_error(e_invalidaccess);
	}

	/* Don't allow removing read access to permanent dictionaries. */
	if (dict_is_permanent_on_dstack(op))
	    return_error(e_invalidaccess);
    }
    return access_check(i_ctx_p, 0, true);
}
Пример #10
0
/* <obj:array|packedarray|dict|file|string> readonly <obj> */
int
zreadonly(i_ctx_t *i_ctx_p)
{
    return access_check(i_ctx_p, a_readonly, true);
}
Пример #11
0
static GString *append_listing(GString *object, const char *name,
				gboolean pcsuite, size_t *size, int *err)
{
	struct stat fstat, dstat;
	struct dirent *ep;
	DIR *dp = NULL;
	gboolean root;
	int ret;

	root = g_str_equal(name, obex_option_root_folder());

	ret = access_check(FTP_TARGET, FTP_TARGET_SIZE, ACCESS_OP_READ, name);
	if (ret < 0) {
		if (err)
			*err = ret;
		goto failed;
	}

	dp = opendir(name);
	if (dp == NULL) {
		if (err)
			*err = -ENOENT;
		goto failed;
	}

	if (!root)
		object = g_string_append(object, FL_PARENT_FOLDER_ELEMENT);

	ret = verify_path(name);
	if (ret < 0) {
		*err = ret;
		goto failed;
	}

	ret = stat(name, &dstat);
	if (ret < 0) {
		if (err)
			*err = -errno;
		goto failed;
	}

	while ((ep = readdir(dp))) {
		char *filename;
		char *fullname;
		char *line;

		if (ep->d_name[0] == '.')
			continue;

		if (access_check_at(FTP_TARGET, FTP_TARGET_SIZE, ACCESS_OP_LIST,
					name, ep->d_name) < 0)
			continue;

		filename = g_filename_to_utf8(ep->d_name, -1, NULL, NULL, NULL);
		if (filename == NULL) {
			error("g_filename_to_utf8: invalid filename");
			continue;
		}

		fullname = g_build_filename(name, ep->d_name, NULL);

		ret = stat(fullname, &fstat);
		if (ret < 0) {
			DBG("stat: %s(%d)", strerror(errno), errno);
			g_free(filename);
			g_free(fullname);
			continue;
		}

		g_free(fullname);

		line = file_stat_line(filename, &fstat, &dstat, root, FALSE);
		if (line == NULL) {
			g_free(filename);
			continue;
		}

		g_free(filename);

		object = g_string_append(object, line);
		g_free(line);
	}

	closedir(dp);

	object = g_string_append(object, FL_BODY_END);
	if (size)
		*size = object->len;

	if (err)
		*err = 0;

	return object;

failed:
	if (dp)
		closedir(dp);

	g_string_free(object, TRUE);
	return NULL;
}
Пример #12
0
static void *common_filesystem_open(const char *name, int oflag, mode_t mode,
					void *context, size_t *size, int *err,
					const uint8_t *target,
					gsize target_size,
					const char *roots[])
{
	struct stat stats;
	struct statvfs buf;
	int fd, ret;
	uint64_t avail;
	enum access_op op;

	if (oflag & O_CREAT)
		op = ACCESS_OP_CREATE;
	else if ((oflag & O_WRONLY) || (oflag & O_RDWR))
		op = ACCESS_OP_WRITE;
	else
		op = ACCESS_OP_READ;

	ret = access_check(target, target_size, op, name);
	if (ret < 0) {
		if (err)
			*err = ret;
		return NULL;
	}

	fd = open(name, oflag, mode);
	if (fd < 0) {
		if (err)
			*err = -errno;
		return NULL;
	}

	if (fstat(fd, &stats) < 0) {
		if (err)
			*err = -errno;
		goto failed;
	}

	ret = verify_path_many(name, roots);
	if (ret < 0) {
		if (err)
			*err = ret;
		goto failed;
	}

	if (oflag == O_RDONLY) {
		if (size)
			*size = stats.st_size;
		goto done;
	}

	if (fstatvfs(fd, &buf) < 0) {
		if (err)
			*err = -errno;
		goto failed;
	}

	if (size == NULL)
		goto done;

	avail = (uint64_t) buf.f_bsize * buf.f_bavail;
	if (avail < *size) {
		if (err)
			*err = -ENOSPC;
		goto failed;
	}

done:
	if (err)
		*err = 0;

	return GINT_TO_POINTER(fd);

failed:
	close(fd);
	return NULL;
}