static int32_t cacheex_add_to_cache_int(struct s_client *cl, ECM_REQUEST *er, int8_t csp) { if(er->rc >= E_NOTFOUND) { return 0; } if(!cl) { return 0; } if(!csp && cl->reader && cl->reader->cacheex.mode != 2) //from reader { cs_log_dbg(D_CACHEEX, "CACHEX received, but disabled for %s", username(cl)); return 0; } if(!csp && !cl->reader && cl->account && cl->account->cacheex.mode != 3) //from user { cs_log_dbg(D_CACHEEX, "CACHEX received, but disabled for %s", username(cl)); return 0; } if(!csp && !cl->reader && !cl->account) //not active! { cs_log_dbg(D_CACHEEX, "CACHEX received, but invalid client state %s", username(cl)); return 0; } uint8_t i, c; uint8_t null = 0; for(i = 0; i < 16; i += 4) { c = ((er->cw[i] + er->cw[i + 1] + er->cw[i + 2]) & 0xff); null |= (er->cw[i] | er->cw[i + 1] | er->cw[i + 2]); if(er->cw[i + 3] != c) { cs_log_dump_dbg(D_CACHEEX, er->cw, 16, "push received cw with chksum error from %s", csp ? "csp" : username(cl)); cl->cwcacheexerr++; if(cl->account) { cl->account->cwcacheexerr++; } return 0; } } if(null == 0 || chk_is_null_CW(er->cw)) { cs_log_dump_dbg(D_CACHEEX, er->cw, 16, "push received null cw from %s", csp ? "csp" : username(cl)); cl->cwcacheexerr++; if(cl->account) { cl->account->cwcacheexerr++; } return 0; } if(get_odd_even(er)==0){ cs_log_dbg(D_CACHEEX, "push received ecm with null odd/even byte from %s", csp ? "csp" : username(cl)); cl->cwcacheexerr++; if(cl->account) { cl->account->cwcacheexerr++; } return 0; } if(!chk_halfCW(er, er->cw)){ log_cacheex_cw(er, "bad half cw"); cl->cwcacheexerr++; if(cl->account) { cl->account->cwcacheexerr++; } return 0; } er->grp |= cl->grp; //ok for mode2 reader too: cl->reader->grp er->rc = E_CACHEEX; er->cacheex_src = cl; er->selected_reader = cl->reader; er->client = NULL; //No Owner! So no fallback! if(check_client(cl)) { cl->cwcacheexgot++; if(cl->account) { cl->account->cwcacheexgot++; } first_client->cwcacheexgot++; } cacheex_add_hitcache(cl, er); //we have to call it before add_cache, because in chk_process we could remove it! add_cache(er); cacheex_add_stats(cl, er->caid, er->srvid, er->prid, 1); cs_writelock(__func__, &ecm_pushed_deleted_lock); er->next = ecm_pushed_deleted; ecm_pushed_deleted = er; cs_writeunlock(__func__, &ecm_pushed_deleted_lock); return 1; //NO free, we have to wait cache push out stuff ends. }
static void nfsauth_access(auth_req *argp, auth_res *result) { struct netconfig *nconf; struct nd_hostservlist *clnames = NULL; struct netbuf nbuf; struct share *sh; char tmp[MAXIPADDRLEN]; char *host = NULL; result->auth_perm = NFSAUTH_DENIED; /* * Convert the client's address to a hostname */ nconf = getnetconfigent(argp->req_netid); if (nconf == NULL) { syslog(LOG_ERR, "No netconfig entry for %s", argp->req_netid); return; } nbuf.len = argp->req_client.n_len; nbuf.buf = argp->req_client.n_bytes; if (netdir_getbyaddr(nconf, &clnames, &nbuf)) { host = &tmp[0]; if (strcmp(nconf->nc_protofmly, NC_INET) == 0) { struct sockaddr_in *sa; /* LINTED pointer alignment */ sa = (struct sockaddr_in *)nbuf.buf; (void) inet_ntoa_r(sa->sin_addr, tmp); } else if (strcmp(nconf->nc_protofmly, NC_INET6) == 0) { struct sockaddr_in6 *sa; /* LINTED pointer */ sa = (struct sockaddr_in6 *)nbuf.buf; (void) inet_ntop(AF_INET6, sa->sin6_addr.s6_addr, tmp, INET6_ADDRSTRLEN); } clnames = anon_client(host); } /* * Now find the export */ sh = findentry(argp->req_path); if (sh == NULL) { syslog(LOG_ERR, "%s not exported", argp->req_path); goto done; } result->auth_perm = check_client(sh, &nbuf, clnames, argp->req_flavor); sharefree(sh); if (result->auth_perm == NFSAUTH_DENIED) { syslog(LOG_ERR, "%s denied access to %s", clnames->h_hostservs[0].h_host, argp->req_path); } done: freenetconfigent(nconf); if (clnames) netdir_free(clnames, ND_HOSTSERVLIST); }
/** * cacheex modes: * * cacheex=1 CACHE PULL: * Situation: oscam A reader1 has cacheex=1, oscam B account1 has cacheex=1 * oscam A gets a ECM request, reader1 send this request to oscam B, oscam B checks his cache * a. not found in cache: return NOK * a. found in cache: return OK+CW * b. not found in cache, but found pending request: wait max cacheexwaittime and check again * oscam B never requests new ECMs * * CW-flow: B->A * * cacheex=2 CACHE PUSH: * Situation: oscam A reader1 has cacheex=2, oscam B account1 has cacheex=2 * if oscam B gets a CW, its pushed to oscam A * reader has normal functionality and can request ECMs * * Problem: oscam B can only push if oscam A is connected * Problem or feature?: oscam A reader can request ecms from oscam B * * CW-flow: B->A * */ void cacheex_cache_push(ECM_REQUEST *er) { if(er->rc >= E_NOTFOUND) { return; } //cacheex=2 mode: push (server->remote) struct s_client *cl; cs_readlock(__func__, &clientlist_lock); for(cl = first_client->next; cl; cl = cl->next) { if(check_client(cl) && er->cacheex_src != cl) { if(get_module(cl)->num == R_CSP) // always send to csp cl { if(!er->cacheex_src || cfg.csp.allow_reforward) { cacheex_cache_push_to_client(cl, er); } // but not if the origin was cacheex (might loop) } else if(cl->typ == 'c' && !cl->dup && cl->account && cl->account->cacheex.mode == 2) //send cache over user { if(get_module(cl)->c_cache_push // cache-push able && (!er->grp || (cl->grp & er->grp)) //Group-check /**** OUTGOING FILTER CHECK ***/ && (!er->selected_reader || !cacheex_reader(er->selected_reader) || !cfg.block_same_name || strcmp(username(cl), er->selected_reader->label)) //check reader mode-1 loopback by same name && (!er->selected_reader || !cacheex_reader(er->selected_reader) || !cfg.block_same_ip || (check_client(er->selected_reader->client) && !IP_EQUAL(cl->ip, er->selected_reader->client->ip))) //check reader mode-1 loopback by same ip && (!cl->account->cacheex.drop_csp || checkECMD5(er)) //cacheex_drop_csp-check && chk_ctab(er->caid, &cl->ctab) //Caid-check && (!checkECMD5(er) || chk_ident_filter(er->caid, er->prid, &cl->ftab)) //Ident-check (not for csp: prid=0 always!) && chk_srvid(cl, er) //Service-check && chk_csp_ctab(er, &cl->account->cacheex.filter_caidtab) //cacheex_ecm_filter ) { cacheex_cache_push_to_client(cl, er); } } } } cs_readunlock(__func__, &clientlist_lock); //cacheex=3 mode: reverse push (reader->server) cs_readlock(__func__, &readerlist_lock); cs_readlock(__func__, &clientlist_lock); struct s_reader *rdr; for(rdr = first_active_reader; rdr; rdr = rdr->next) { cl = rdr->client; if(check_client(cl) && er->cacheex_src != cl && rdr->cacheex.mode == 3) //send cache over reader { if(rdr->ph.c_cache_push // cache-push able && (!er->grp || (rdr->grp & er->grp)) //Group-check /**** OUTGOING FILTER CHECK ***/ && (!er->selected_reader || !cacheex_reader(er->selected_reader) || !cfg.block_same_name || strcmp(username(cl), er->selected_reader->label)) //check reader mode-1 loopback by same name && (!er->selected_reader || !cacheex_reader(er->selected_reader) || !cfg.block_same_ip || (check_client(er->selected_reader->client) && !IP_EQUAL(cl->ip, er->selected_reader->client->ip))) //check reader mode-1 loopback by same ip && (!rdr->cacheex.drop_csp || checkECMD5(er)) //cacheex_drop_csp-check && chk_ctab(er->caid, &rdr->ctab) //Caid-check && (!checkECMD5(er) || chk_ident_filter(er->caid, er->prid, &rdr->ftab)) //Ident-check (not for csp: prid=0 always!) && chk_srvid(cl, er) //Service-check && chk_csp_ctab(er, &rdr->cacheex.filter_caidtab) //cacheex_ecm_filter ) { cacheex_cache_push_to_client(cl, er); } } } cs_readunlock(__func__, &clientlist_lock); cs_readunlock(__func__, &readerlist_lock); }
bool cacheex_is_match_alias(struct s_client *cl, ECM_REQUEST *er) { return check_client(cl) && cl->account && cl->account->cacheex.mode == 1 && is_cacheex_matcher_matching(NULL, er); }
static void *chkcache_process(void) { set_thread_name(__func__); time_t timeout; struct ecm_request_t *er, *ecm; uint8_t add_hitcache_er; struct s_reader *cl_rdr; struct s_reader *rdr; struct s_ecm_answer *ea; struct s_client *cex_src=NULL; struct s_write_from_cache *wfc=NULL; while(cacheex_running) { cs_readlock(__func__, &ecmcache_lock); for(er = ecmcwcache; er; er = er->next) { timeout = time(NULL)-((cfg.ctimeout+500)/1000+1); if(er->tps.time < timeout) { break; } if(er->rc<E_UNHANDLED || er->readers_timeout_check) //already answered { continue; } //******** CHECK IF FOUND ECM IN CACHE ecm = check_cache(er, er->client); if(ecm) //found in cache { //check for add_hitcache if(ecm->cacheex_src) //cw from cacheex { if((er->cacheex_wait_time && !er->cacheex_wait_time_expired) || !er->cacheex_wait_time) //only when no wait_time expires (or not wait_time) { //add_hitcache already called, but we check if we have to call it for these (er) caid|prid|srvid if(ecm->prid!=er->prid || ecm->srvid!=er->srvid) { cex_src = ecm->cacheex_src && is_valid_client(ecm->cacheex_src) && !ecm->cacheex_src->kill ? ecm->cacheex_src : NULL; //here we should be sure cex client has not been freed! if(cex_src){ //add_hitcache only if client is really active add_hitcache_er=1; cl_rdr = cex_src->reader; if(cl_rdr && cl_rdr->cacheex.mode == 2) { for(ea = er->matching_rdr; ea; ea = ea->next) { rdr = ea->reader; if(cl_rdr == rdr && ((ea->status & REQUEST_ANSWERED) == REQUEST_ANSWERED)) { cs_log_dbg(D_CACHEEX|D_CSP|D_LB,"{client %s, caid %04X, prid %06X, srvid %04X} [CACHEEX] skip ADD self request!", (check_client(er->client)?er->client->account->usr:"******"),er->caid, er->prid, er->srvid); add_hitcache_er=0; //don't add hit cache, reader requested self } } } if(add_hitcache_er) { cacheex_add_hitcache(cex_src, er); } //USE cacheex client (to get correct group) and ecm from requesting client (to get correct caid|prid|srvid)!!! } } } else { //add_hitcache already called, but we have to remove it because cacheex not coming before wait_time if(ecm->prid==er->prid && ecm->srvid==er->srvid) { cacheex_del_hitcache(ecm); } } } //END check for add_hitcache if(check_client(er->client)) { wfc=NULL; if(!cs_malloc(&wfc, sizeof(struct s_write_from_cache))) { NULLFREE(ecm); continue; } wfc->er_new=er; wfc->er_cache=ecm; if(!add_job(er->client, ACTION_ECM_ANSWER_CACHE, wfc, sizeof(struct s_write_from_cache))) //write_ecm_answer_fromcache { NULLFREE(ecm); continue; } } else { NULLFREE(ecm); } } } cs_readunlock(__func__, &ecmcache_lock); cs_sleepms(10); } return NULL; }
void cacheex_timeout(ECM_REQUEST *er) { if(er->cacheex_wait_time_expired) return; er->cacheex_wait_time_expired = 1; if(er->rc >= E_UNHANDLED) { cs_log_dbg(D_LB, "{client %s, caid %04X, prid %06X, srvid %04X} cacheex timeout! ", (check_client(er->client) ? er->client->account->usr : "******"), er->caid, er->prid, er->srvid); //if check_cw mode=0, first try to get cw from cache without check counter! CWCHECK check_cw = get_cwcheck(er); if(!check_cw.mode) { struct ecm_request_t *ecm=NULL; ecm = check_cache(er, er->client); if(ecm) //found in cache { struct s_write_from_cache *wfc=NULL; if(!cs_malloc(&wfc, sizeof(struct s_write_from_cache))) { NULLFREE(ecm); return; } wfc->er_new=er; wfc->er_cache=ecm; if(!add_job(er->client, ACTION_ECM_ANSWER_CACHE, wfc, sizeof(struct s_write_from_cache))) //write_ecm_answer_fromcache { NULLFREE(ecm); } return; } } //check if "normal" readers selected, if not send NOT FOUND! //cacheex1-client (having always no "normal" reader), or not-cacheex-1 client with no normal readers available (or filtered by LB) if( (er->reader_count + er->fallback_reader_count - er->cacheex_reader_count) <= 0 ) { if(!cfg.wait_until_ctimeout){ er->rc = E_NOTFOUND; er->selected_reader = NULL; er->rcEx = 0; cs_log_dbg(D_LB, "{client %s, caid %04X, prid %06X, srvid %04X} cacheex timeout: NO \"normal\" readers... not_found! ", (check_client(er->client) ? er->client->account->usr : "******"), er->caid, er->prid, er->srvid); send_dcw(er->client, er); return; } } else { if(er->stage < 2){ debug_ecm(D_TRACE, "request for %s %s", username(er->client), buf); request_cw_from_readers(er, 0); } } } }
void cacheex_mode1_delay(ECM_REQUEST *er) { if(!er->cacheex_wait_time_expired && er->cacheex_mode1_delay && er->cacheex_reader_count > 0 && !er->stage && er->rc >= E_UNHANDLED) { cs_log_dbg(D_LB, "{client %s, caid %04X, prid %06X, srvid %04X} cacheex_mode1_delay timeout! ", (check_client(er->client) ? er->client->account->usr : "******"), er->caid, er->prid, er->srvid); request_cw_from_readers(er, 1); // setting stop_stage=1, we request only cacheex mode 1 readers. Others are requested at cacheex timeout! } }
static void scanner_thread (struct arglist *globals) { struct arglist *prefs = arg_get_value (globals, "preferences"); char asciiaddr[INET6_ADDRSTRLEN], x509_dname[512] = { '\0' }; int opt = 1, soc2 = -1, nice_retval, family, soc; void *addr = arg_get_value (globals, "client_address"); struct sockaddr_in *saddr = NULL; struct sockaddr_in6 *s6addr = NULL; family = GPOINTER_TO_SIZE (arg_get_value (globals, "family")); soc = GPOINTER_TO_SIZE (arg_get_value (globals, "global_socket")); if (family == AF_INET) { saddr = (struct sockaddr_in *) addr; inet_ntop (AF_INET, &saddr->sin_addr, asciiaddr, sizeof(asciiaddr)); } else { s6addr = (struct sockaddr_in6 *) addr; inet_ntop (AF_INET6, &s6addr->sin6_addr, asciiaddr, sizeof (asciiaddr)); } proctitle_set ("openvassd: Serving %s", asciiaddr); /* Everyone runs with a nicelevel of 10 */ if (preferences_benice (prefs)) { errno = 0; nice_retval = nice (10); if (nice_retval == -1 && errno != 0) { log_write ("Unable to renice process: %d", errno); } } /* Close the scanner thread - it is useless for us now */ close (global_iana_socket); soc2 = ovas_scanner_context_attach (ovas_scanner_ctx, soc); if (soc2 < 0) goto shutdown_and_exit; /* FIXME: The pre-gnutls code optionally printed information about * the peer's certificate at this point. */ setsockopt (soc, SOL_SOCKET, SO_KEEPALIVE, &opt, sizeof (opt)); /* arg_set_value *replaces* an existing value, but it shouldn't fail here */ (void) arg_set_value (globals, "global_socket", -1, GSIZE_TO_POINTER (soc2)); if (comm_init (soc2) < 0) { close_stream_connection (soc); exit (0); } /* Get X.509 cert subject name */ if (get_x509_dname (soc2, x509_dname, sizeof (x509_dname)) != 0) goto shutdown_and_exit; if (!check_client (x509_dname)) { auth_printf (globals, "Bad login attempt !\n"); log_write ("bad login attempt from %s\n", asciiaddr); goto shutdown_and_exit; } handle_client (globals); shutdown_and_exit: if (soc2 >= 0) close_stream_connection (soc2); else { shutdown (soc, 2); close (soc); } /* Kill left overs */ end_daemon_mode (); exit (0); }
static int32_t cacheex_add_to_cache_int(struct s_client *cl, ECM_REQUEST *er, int8_t csp) { if(er->rc >= E_NOTFOUND) { return 0; } if(!cl) { return 0; } if(!csp && cl->reader && cl->reader->cacheex.mode != 2) //from reader { cs_log_dbg(D_CACHEEX, "CACHEX received, but disabled for %s", username(cl)); return 0; } if(!csp && !cl->reader && cl->account && cl->account->cacheex.mode != 3) //from user { cs_log_dbg(D_CACHEEX, "CACHEX received, but disabled for %s", username(cl)); return 0; } if(!csp && !cl->reader && !cl->account) //not active! { cs_log_dbg(D_CACHEEX, "CACHEX received, but invalid client state %s", username(cl)); return 0; } if(!cfg.disablecrccws && ((cl->typ == 'c' && !cl->account->disablecrccacheex) || ( cl->typ == 'p' && !cl->reader->disablecrccws))) { uint8_t selectedForIgnChecksum = chk_if_ignore_checksum(er, &cfg.disablecrccws_only_for); if(cl->typ == 'c') { selectedForIgnChecksum += chk_if_ignore_checksum(er, &cl->account->disablecrccacheex_only_for); } if(cl->typ == 'p') { selectedForIgnChecksum += chk_if_ignore_checksum(er, &cl->reader->disablecrccws_only_for); } if(!selectedForIgnChecksum) { uint8_t i, c; for(i = 0; i < 16; i += 4) { c = ((er->cw[i] + er->cw[i + 1] + er->cw[i + 2]) & 0xff); if(er->cw[i + 3] != c) { cs_log_dump_dbg(D_CACHEEX, er->cw, 16, "push received cw with chksum error from %s", csp ? "csp" : username(cl)); cl->cwcacheexerr++; if(cl->account) { cl->account->cwcacheexerr++; } return 0; } } } } // Skip check for BISS1 - cw could be indeed zero // Skip check for BISS2 - we use the extended cw, so the "simple" cw is always zero if(chk_is_null_CW(er->cw) && !caid_is_biss(er->caid)) { cs_log_dump_dbg(D_CACHEEX, er->cw, 16, "push received null cw from %s", csp ? "csp" : username(cl)); cl->cwcacheexerr++; if(cl->account) { cl->account->cwcacheexerr++; } return 0; } // Don't check for BISS1 and BISS2 mode 1/E or fake caid (ECM is fake for them) // Don't check for BISS2 mode CA (ECM table is always 0x80) if(!caid_is_biss(er->caid) && !caid_is_fake(er->caid) && get_odd_even(er) == 0) { cs_log_dbg(D_CACHEEX, "push received ecm with null odd/even byte from %s", csp ? "csp" : username(cl)); cl->cwcacheexerr++; if(cl->account) { cl->account->cwcacheexerr++; } return 0; } if(!chk_halfCW(er, er->cw)) { log_cacheex_cw(er, "bad half cw"); cl->cwcacheexerr++; if(cl->account) { cl->account->cwcacheexerr++; } return 0; } if((csp && cfg.csp.block_fakecws) || (cl->reader && cl->reader->cacheex.block_fakecws) || (!cl->reader && cl->account && cl->account->cacheex.block_fakecws)) { if(chk_is_fakecw(er->cw)) { cs_log_dbg(D_CACHEEX, "push received fake cw from %s", csp ? "csp" : username(cl)); cl->cwcacheexerr++; if(cl->account) { cl->account->cwcacheexerr++; } return 0; } } er->grp |= cl->grp; // ok for mode2 reader too: cl->reader->grp er->rc = E_CACHEEX; er->cacheex_src = cl; er->selected_reader = cl->reader; er->client = NULL; // No Owner! So no fallback! if(check_client(cl)) { cl->cwcacheexgot++; if(cl->account) { cl->account->cwcacheexgot++; } first_client->cwcacheexgot++; } cacheex_add_hitcache(cl, er); // we have to call it before add_cache, because in chk_process we could remove it! add_cache(er); cacheex_add_stats(cl, er->caid, er->srvid, er->prid, 1); cs_writelock(__func__, &ecm_pushed_deleted_lock); er->next = ecm_pushed_deleted; ecm_pushed_deleted = er; cs_writeunlock(__func__, &ecm_pushed_deleted_lock); return 1; // NO free, we have to wait cache push out stuff ends. }