status_e svc_child_access_control( struct service *sp, connection_s *cp ) { access_e result ; result = access_control( sp, cp, MASK_NULL ) ; if( failed_service(sp, cp, result) == FAILED ) return(FAILED); banner_success(sp, cp); return( OK ) ; }
TSS_RESULT dispatchCommand(struct tcsd_thread_data *data) { UINT64 offset; TSS_RESULT result; /* First, check the ordinal bounds */ if (data->comm.hdr.u.ordinal >= TCSD_MAX_NUM_ORDS) { LogError("Illegal TCSD Ordinal"); return TCSERR(TSS_E_FAIL); } LogDebug("Dispatching ordinal %u (%s)", data->comm.hdr.u.ordinal, tcs_func_table[data->comm.hdr.u.ordinal].name); /* We only need to check access_control if there are remote operations that are defined * in the config file, which means we allow remote connections */ if (tcsd_options.remote_ops[0] && access_control(data)) { LogWarn("Denied %s operation from %s", tcs_func_table[data->comm.hdr.u.ordinal].name, data->hostname); /* set platform header */ memset(&data->comm.hdr, 0, sizeof(data->comm.hdr)); data->comm.hdr.packet_size = sizeof(struct tcsd_packet_hdr); data->comm.hdr.u.result = TCSERR(TSS_E_FAIL); /* set the comm buffer */ memset(data->comm.buf, 0, data->comm.buf_size); offset = 0; LoadBlob_UINT32(&offset, data->comm.hdr.packet_size, data->comm.buf); LoadBlob_UINT32(&offset, data->comm.hdr.u.result, data->comm.buf); return TSS_SUCCESS; } /* Now, dispatch */ if ((result = tcs_func_table[data->comm.hdr.u.ordinal].Func(data)) == TSS_SUCCESS) { /* set the comm buffer */ offset = 0; LoadBlob_UINT32(&offset, data->comm.hdr.packet_size, data->comm.buf); LoadBlob_UINT32(&offset, data->comm.hdr.u.result, data->comm.buf); LoadBlob_UINT32(&offset, data->comm.hdr.num_parms, data->comm.buf); LoadBlob_UINT32(&offset, data->comm.hdr.type_size, data->comm.buf); LoadBlob_UINT32(&offset, data->comm.hdr.type_offset, data->comm.buf); LoadBlob_UINT32(&offset, data->comm.hdr.parm_size, data->comm.buf); LoadBlob_UINT32(&offset, data->comm.hdr.parm_offset, data->comm.buf); } return result; }
/* * Read data from the remote socket and send it to the appropriate local * socket. * If this is a new connection, insert it in the connection table and * place its handle in *chpp. */ static void udp_remote_to_local( struct intercept_s *ip, channel_s **chpp ) { char buf[ MAX_DATAGRAM_SIZE ] ; packet_s packet ; channel_s *chp ; bool_int addr_checked ; *chpp = CHANNEL_NULL ; packet.data = buf ; packet.size = sizeof( buf ) ; if ( get_incoming_packet( ip, &packet ) == FAILED ) return ; chp = int_lookupconn( ip, &packet.from, &addr_checked ) ; if ( chp == CHANNEL_NULL ) { struct server *serp = INT_SERVER( ip ) ; struct service *sp = SERVER_SERVICE( serp ) ; connection_s *cop = SERVER_CONNECTION( serp ) ; if ( ( chp = int_newconn( ip, &packet.from, INT_REMOTE( ip ) ) ) == NULL ) return ; CONN_SETADDR( cop, &packet.from ) ; /* for logging */ if ( INTERCEPT( ip ) ) { mask_t check_mask ; access_e result ; M_OR( check_mask, XMASK( CF_ADDRESS ), XMASK( CF_TIME ) ) ; result = access_control( sp, cop, &check_mask ) ; if ( result != AC_OK ) { svc_log_failure( sp, cop, result ) ; chp->ch_state = BAD_CHANNEL ; return ; } } /* * Since we don't distinguish ports, there is no point to log * another successful attempt from the same address */ if ( ! addr_checked ) svc_log_success( sp, cop, SERVER_PID( serp ) ) ; *chpp = chp ; } else if ( chp->ch_state == BAD_CHANNEL ) return ; #ifdef DEBUG_UDPINT if ( debug.on ) msg( LOG_DEBUG, "udp_remote_to_local", "sending %d bytes to server on port %d", packet.size, ntohs( INT_LOCALADDR( ip )->sin_port ) ) ; #endif send_data( chp->ch_local_socket, packet.data, packet.size, NULL ) ; }