gboolean
ftp_policy_parse_authinfo(FtpProxy *self, const gchar *cmd, GString *param)
{
gboolean called = FALSE;
PyObject *result = NULL;
PyObject *args = NULL;
gboolean ret;
z_proxy_enter(self);
z_policy_lock(self->super.thread);
args = z_policy_var_build("ss", cmd, param->str);
result = z_policy_call(self->super.handler, "parseInbandAuth", args, &called, self->super.session_id);
if (!called)
{
z_policy_unlock(self->super.thread);
z_proxy_return(self, FALSE);
}
if (result == NULL || !z_policy_var_parse(result, "i", &ret))
ret = FALSE;
if (result)
z_policy_var_unref(result);
z_policy_unlock(self->super.thread);
z_proxy_return(self, ret);
}
ZPolicyObj *
smtp_policy_sanitize_address(SmtpProxy *self, ZPolicyObj *args)
{
gchar *address;
gchar *final_end;
GString *sanitized_address;
ZPolicyObj *res = NULL;
z_proxy_enter(self);
if (!z_policy_var_parse_tuple(args, "s", &address))
{
z_policy_raise_exception_obj(z_policy_exc_value_error, "Invalid arguments");
z_proxy_leave(self);
return NULL;
}
sanitized_address = g_string_new("");
if (!smtp_sanitize_address(self, sanitized_address, address, TRUE, &final_end))
{
z_policy_raise_exception_obj(z_policy_exc_value_error, "Invalid address");
goto exit;
}
res = z_policy_var_build("s", sanitized_address->str);
exit:
g_string_free(sanitized_address, TRUE);
z_proxy_leave(self);
return res;
}
gboolean
ftp_policy_bounce_check(FtpProxy *self, guint side, ZSockAddr *remote, gboolean connect)
{
PyObject *zsock;
gboolean called;
ZPolicyObj *res;
gboolean ret;
z_proxy_enter(self);
z_policy_lock(self->super.thread);
zsock = z_policy_sockaddr_new(remote);
res = z_policy_call(self->super.handler, "bounceCheck", z_policy_var_build("(Oii)", zsock, side, connect), &called, self->super.session_id);
if (!called)
{
z_policy_unlock(self->super.thread);
z_proxy_return(self, TRUE);
}
if ((res == NULL) || !z_policy_var_parse(res, "i", &ret))
ret = FALSE;
z_policy_var_unref(res);
z_policy_var_unref(zsock);
z_policy_unlock(self->super.thread);
z_proxy_return(self, ret);
}
/**
* finger_query_policy:
* @self: FingerProxy instance
*
* Check the policy about the current request.
**/
static gboolean
finger_query_policy(FingerProxy *self)
{
char *errmsg = "Policy violation, request denied.\r\n";
gsize bytes_written;
gint res;
z_proxy_enter(self);
z_policy_lock(self->super.thread);
res = z_policy_event(self->super.handler, "fingerRequest", z_policy_var_build("(ss)", self->username->str, self->hostnames->str), self->super.session_id);
switch (res)
{
case FINGER_REQ_UNSPEC:
case FINGER_REQ_REJECT:
case FINGER_REQ_ABORT:
/*LOG
This message is about administrator decision to reject the
finger session.
*/
z_proxy_log(self, FINGER_POLICY, 2, "Policy violation, abort session;");
z_stream_write(self->super.endpoints[EP_CLIENT],
errmsg,
strlen(errmsg),
&bytes_written,
NULL);
/* fallthrough */
case FINGER_REQ_DROP:
if (res == ZV_DROP)
{
/*LOG
This message is about administrator decision to drop
finger session.
*/
z_proxy_log(self, FINGER_POLICY, 2, "Policy violation, drop session;");
}
z_policy_unlock(self->super.thread);
z_proxy_return(self, FALSE);
case FINGER_REQ_ACCEPT:
default:
break;
}
z_policy_unlock(self->super.thread);
z_proxy_return(self, TRUE);
}
/**
* z_proxy_stack_proxy:
* @self: proxy instance
* @proxy_class: a Python class to be instantiated as the child proxy
*
* This function is called to start a child proxy.
**/
gboolean
z_proxy_stack_proxy(ZProxy *self, ZPolicyObj *proxy_class, ZStackedProxy **stacked, ZPolicyDict *stack_info)
{
int downpair[2], uppair[2];
ZPolicyObj *res, *client_stream, *server_stream, *stack_info_obj;
ZStream *tmpstream;
ZStream *client_upstream, *server_upstream;
z_proxy_enter(self);
if (proxy_class == z_policy_none)
{
z_policy_var_unref(proxy_class);
z_proxy_leave(self);
return FALSE;
}
if (!z_proxy_stack_prepare_streams(self, downpair, uppair))
{
z_policy_var_unref(proxy_class);
z_proxy_leave(self);
return FALSE;
}
/*LOG
This message reports that Zorp is about to stack a proxy class
with the given fds as communication channels.
*/
z_proxy_log(self, CORE_DEBUG, 6, "Stacking subproxy; client='%d:%d', server='%d:%d'", downpair[0], downpair[1], uppair[0], uppair[1]);
tmpstream = z_stream_fd_new(downpair[1], "");
client_stream = z_policy_stream_new(tmpstream);
z_stream_unref(tmpstream);
tmpstream = z_stream_fd_new(uppair[1], "");
server_stream = z_policy_stream_new(tmpstream);
z_stream_unref(tmpstream);
if (stack_info)
{
stack_info_obj = z_policy_struct_new(stack_info, Z_PST_SHARED);
}
else
{
Py_XINCREF(Py_None);
stack_info_obj = Py_None;
}
res = z_policy_call(self->handler, "stackProxy", z_policy_var_build("(OOOO)", client_stream, server_stream, proxy_class, stack_info_obj),
NULL, self->session_id);
z_policy_var_unref(client_stream);
z_policy_var_unref(server_stream);
z_policy_var_unref(stack_info_obj);
if (!res || res == z_policy_none || !z_policy_proxy_check(res))
{
z_proxy_log(self, CORE_ERROR, 3, "Error stacking subproxy;");
close(downpair[0]);
close(downpair[1]);
close(uppair[0]);
close(uppair[1]);
z_policy_var_unref(res);
z_proxy_leave(self);
return FALSE;
}
client_upstream = z_stream_fd_new(downpair[0], "");
server_upstream = z_stream_fd_new(uppair[0], "");
*stacked = z_stacked_proxy_new(client_upstream, server_upstream, NULL, self, z_policy_proxy_get_proxy(res), 0);
z_policy_var_unref(res);
z_proxy_leave(self);
return TRUE;
}
static gboolean
plug_packet_stat_event(ZPlugSession *session G_GNUC_UNUSED,
guint64 client_bytes, guint64 client_pkts,
guint64 server_bytes, guint64 server_pkts,
gpointer user_data)
{
PlugProxy *self = (PlugProxy *) user_data;
ZPolicyObj *res;
gboolean called;
guint resc;
z_policy_lock(self->super.thread);
res = z_policy_call(self->super.handler, "packetStats",
z_policy_var_build("iiii",
(guint32) client_bytes,
(guint32) client_pkts,
(guint32) server_bytes,
(guint32) server_pkts),
&called,
self->super.session_id);
if (called)
{
resc = Z_REJECT;
if (res)
{
if (!z_policy_var_parse(res, "i", &resc))
{
/*LOG
This message is logged when the policy layer returned a
non-integer value in its packetStats() function. packetStats()
/**
* telnet_policy_option:
* @self:
*
*
*
* Returns:
*
*/
guint
telnet_policy_option(TelnetProxy *self)
{
guint res;
ZPolicyObj *pol_res;
ZPolicyObj *tmp;
ZPolicyObj *command_where = NULL;
guint command_do;
gchar lookup_str[10];
gchar *keys[1];
gboolean type_found;
z_proxy_enter(self);
z_proxy_log(self, TELNET_DEBUG, 8, "Policy option negotiation check; option='%d'", self->opneg_option[self->ep]);
g_snprintf(lookup_str, sizeof(lookup_str), "%d", self->opneg_option[self->ep]);
keys[0] = lookup_str;
tmp = z_dim_hash_table_search(self->telnet_policy, 1, keys);
if (!tmp)
{
z_proxy_log(self, TELNET_POLICY, 2, "Option not found in policy; option='%s'", lookup_str);
z_proxy_return(self, TELNET_CHECK_DROP);
}
z_policy_lock(self->super.thread);
type_found = telnet_hash_get_type(tmp, &command_do);
z_policy_unlock(self->super.thread);
if (!type_found )
{
z_proxy_log(self, TELNET_POLICY, 2, "Policy type invalid; option='%s'", lookup_str);
z_proxy_return(self, TELNET_CHECK_ABORT);
}
switch (command_do)
{
case TELNET_OPTION_DROP:
z_proxy_log(self, TELNET_POLICY, 3, "Policy denied option; option='%s'", lookup_str);
res = TELNET_CHECK_DROP;
break;
case TELNET_OPTION_ACCEPT:
z_proxy_log(self, TELNET_POLICY, 6, "Policy accepted option; option='%s'", lookup_str);
res = TELNET_CHECK_OK;
break;
case TELNET_OPTION_POLICY:
z_policy_lock(self->super.thread);
if (!z_policy_var_parse(tmp, "(iO)", &command_do, &command_where))
{
z_proxy_log(self, TELNET_POLICY, 2, "Cannot parse policy line; option='%s'", lookup_str);
res = TELNET_CHECK_ABORT;
}
else
{
pol_res = z_policy_call_object(command_where, z_policy_var_build("(i)", &self->opneg_option[self->ep]), self->super.session_id);
if (pol_res == NULL)
{
z_proxy_log(self, TELNET_POLICY, 2, "Error in policy calling; option='%s'", lookup_str);
res = TELNET_CHECK_ABORT;
}
else if (!z_policy_var_parse(pol_res, "i", &res))
{
z_proxy_log(self, TELNET_POLICY, 1, "Can't parse return verdict; option='%s'", lookup_str);
res = TELNET_CHECK_ABORT;
}
else
{
switch (res)
{
case ZV_ACCEPT:
z_proxy_log(self, TELNET_POLICY, 6, "Policy function accepted option; option='%s'", lookup_str);
res = TELNET_CHECK_OK;
break;
case ZV_UNSPEC:
case ZV_DROP:
z_proxy_log(self, TELNET_POLICY, 3, "Policy function drop option; option='%s'", lookup_str);
res = TELNET_CHECK_DROP;
break;
case TELNET_OPTION_REJECT:
z_proxy_log(self, TELNET_POLICY, 3, "Policy function reject option; option='%s'", lookup_str);
res = TELNET_CHECK_REJECT;
break;
case ZV_ABORT:
default:
z_proxy_log(self, TELNET_POLICY, 1, "Policy function aborted session; option='%s'", lookup_str);
res = TELNET_CHECK_ABORT;
break;
}
}
}
z_policy_unlock(self->super.thread);
break;
case TELNET_OPTION_REJECT:
z_proxy_log(self, TELNET_POLICY, 3, "Policy rejected option; option='%s'", lookup_str);
res = TELNET_CHECK_REJECT;
break;
case TELNET_OPTION_ABORT:
default:
z_proxy_log(self, TELNET_POLICY, 3, "Policy aborted session; option='%s'", lookup_str);
res = TELNET_CHECK_ABORT;
break;
}
z_proxy_return(self, res);
}
/**
* telnet_policy_suboption:
* @self:
* @command:
* @name:
* @value:
*
*
*
* Returns:
*
*/
guint
telnet_policy_suboption(TelnetProxy *self, guchar command, gchar *name, gchar *value)
{
guint res;
ZPolicyObj *pol_res;
ZPolicyObj *tmp;
ZPolicyObj *command_where = NULL;
guint command_do;
gchar lookup_str[2][10];
gchar *keys[2];
gboolean type_found;
z_proxy_enter(self);
z_proxy_log(self, TELNET_DEBUG, 8, "Policy suboption negotiation check;");
g_snprintf(lookup_str[0], sizeof(lookup_str[0]), "%d", self->opneg_option[self->ep]);
g_snprintf(lookup_str[1], sizeof(lookup_str[1]), "%d", command);
keys[0] = lookup_str[0];
keys[1] = lookup_str[1];
tmp = z_dim_hash_table_search(self->telnet_policy, 2, keys);
if (!tmp)
{
z_proxy_log(self, TELNET_POLICY, 1, "Option not found in policy hash, dropping; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
z_proxy_return(self, TELNET_CHECK_DROP);
}
z_policy_lock(self->super.thread);
type_found = telnet_hash_get_type(tmp, &command_do);
z_policy_unlock(self->super.thread);
if (!type_found)
{
z_proxy_log(self, TELNET_POLICY, 2, "Policy type invalid!");
z_proxy_return(self, TELNET_CHECK_ABORT);
}
switch (command_do)
{
case TELNET_OPTION_DROP:
z_proxy_log(self, TELNET_POLICY, 6, "Policy denied suboption; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
res = TELNET_CHECK_DROP;
break;
case TELNET_OPTION_ACCEPT:
z_proxy_log(self, TELNET_POLICY, 6, "Policy accepted suboption; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
res = TELNET_CHECK_OK;
break;
case TELNET_OPTION_POLICY:
z_policy_lock(self->super.thread);
if (!z_policy_var_parse(tmp, "(iO)", &command_do, &command_where))
{
z_proxy_log(self, TELNET_POLICY, 2, "Cannot parse policy line for option; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
res = TELNET_CHECK_ABORT;
}
else
{
/* call Python method with appropriate parameters */
switch (self->opneg_option[self->ep])
{
case TELNET_OPTION_TERMINAL_TYPE:
case TELNET_OPTION_TERMINAL_SPEED:
case TELNET_OPTION_X_DISPLAY_LOCATION:
case TELNET_OPTION_ENVIRONMENT:
case TELNET_OPTION_NAWS:
pol_res = z_policy_call_object(command_where, z_policy_var_build("(iss)", &self->opneg_option[self->ep], name, value), self->super.session_id);
break;
default:
pol_res = z_policy_call_object(command_where, z_policy_var_build("(i)", &self->opneg_option[self->ep]), self->super.session_id);
break;
}
if (pol_res == NULL)
{
z_proxy_log(self, TELNET_POLICY, 2, "Error in policy calling; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
res = TELNET_CHECK_ABORT;
}
else if (!z_policy_var_parse(pol_res, "i", &res))
{
z_proxy_log(self, TELNET_POLICY, 2, "Can't parse return verdict; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
res = TELNET_CHECK_ABORT;
}
else
{
switch (res)
{
case ZV_ACCEPT:
z_proxy_log(self, TELNET_POLICY, 6, "Policy function accepted suboption; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
res = TELNET_CHECK_OK;
break;
case ZV_UNSPEC:
case ZV_REJECT:
case ZV_DROP:
z_proxy_log(self, TELNET_POLICY, 3, "Policy function denied suboption; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
res = TELNET_CHECK_DROP;
break;
case ZV_ABORT:
default:
z_proxy_log(self, TELNET_POLICY, 3, "Policy function aborted suboption; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
res = TELNET_CHECK_ABORT;
break;
}
}
}
z_policy_unlock(self->super.thread);
break;
case TELNET_OPTION_ABORT:
default:
z_proxy_log(self, TELNET_POLICY, 3, "Policy aborted session; command=`%s', option=`%s'", lookup_str[1], lookup_str[0]);
res = TELNET_CHECK_ABORT;
break;
}
z_proxy_return(self, res);
}
SmtpRequestTypes
smtp_policy_check_request(SmtpProxy *self)
{
ZPolicyObj *entry;
ZPolicyObj *res;
ZPolicyObj *process_cmd = NULL;
SmtpRequestTypes action;
gchar *response = NULL, *response_param = NULL;
z_proxy_enter(self);
entry = g_hash_table_lookup(self->request_policy, self->request->str);
if (!entry)
entry = g_hash_table_lookup(self->request_policy, "*");
if (!entry)
z_proxy_return(self, SMTP_REQ_REJECT);
z_policy_lock(self->super.thread);
if (!smtp_hash_get_type(entry, &action))
{
/*LOG
This message indicates that the policy type is invalid for the given request and Zorp
aborts the connection. Check the 'request' attribute.
*/
z_proxy_log(self, SMTP_POLICY, 1, "Invalid request policy type; request='%s'", self->request->str);
z_policy_unlock(self->super.thread);
z_proxy_return(self, SMTP_REQ_ABORT);
}
z_policy_unlock(self->super.thread);
z_cp();
switch (action)
{
case SMTP_REQ_REJECT:
z_policy_lock(self->super.thread);
if (!z_policy_var_parse_tuple(entry, "i|ss", &action, &response, &response_param))
{
/*LOG
This message indicates that the parameter of the request policy of the given request is invalid and Zorp aborts the connection.
Check the 'request' attribute.
*/
z_proxy_log(self, SMTP_POLICY, 1, "Error in request policy; request='%s'", self->request->str);
action = SMTP_REQ_ABORT;
}
else
{
if (response)
g_string_assign(self->error_code, response);
if (response_param)
g_string_assign(self->error_info, response_param);
}
z_policy_unlock(self->super.thread);
break;
case SMTP_REQ_ACCEPT:
break;
case SMTP_REQ_POLICY:
z_policy_lock(self->super.thread);
if (!z_policy_var_parse(entry, "(iO)", &action, &process_cmd))
{
/*LOG
This message indicates that the parameter of the request policy of the given request is invalid and Zorp aborts the connection.
Check the 'request' attribute.
*/
z_proxy_log(self, SMTP_POLICY, 1, "Error in request policy; request='%s'", self->request->str);
action = SMTP_REQ_ABORT;
}
else
{
res = z_policy_call_object(process_cmd, z_policy_var_build("(ss)", self->request->str, self->request_param->str), self->super.session_id);
if (res)
{
if (!z_policy_var_parse(res, "i", &action))
{
/*LOG
This message indicates that the returned value of the callback for the given request policy
is invalid and Zorp aborts the connection. Check the callback function.
*/
z_proxy_log(self, SMTP_POLICY, 1, "The verdict returned by the policy is not an int; request='%s'", self->request->str);
action = SMTP_REQ_ABORT;
}
else
{
switch (action)
{
case SMTP_REQ_ACCEPT:
case SMTP_REQ_REJECT:
case SMTP_REQ_ABORT:
break;
default:
action = SMTP_REQ_ABORT;
break;
}
}
}
else
{
action = SMTP_REQ_ABORT;
}
}
z_policy_unlock(self->super.thread);
break;
case SMTP_REQ_ABORT:
default:
action = SMTP_REQ_ABORT;
break;
}
z_proxy_return(self, action);
}
SmtpResponseTypes
smtp_policy_check_response(SmtpProxy *self)
{
ZPolicyObj *entry, *process_rsp, *res;
gchar *key[2];
gchar *response, *response_param;
SmtpResponseTypes action;
z_proxy_enter(self);
if (self->request->len)
key[0] = self->request->str;
else
key[0] = "Null";
key[1] = self->response->str;
entry = z_dim_hash_table_search(self->response_policy, 2, key);
if (!entry)
z_proxy_return(self, SMTP_RSP_REJECT);
z_policy_lock(self->super.thread);
if (!smtp_hash_get_type(entry, &action))
{
/*LOG
This message indicates that the policy type is invalid for the given response and Zorp
aborts the connection. Check the 'response' attribute.
*/
z_proxy_log(self, SMTP_POLICY, 1, "Invalid response policy; request='%s', response='%s'", self->request->str, self->response->str);
z_proxy_return(self, SMTP_RSP_ABORT);
}
z_policy_unlock(self->super.thread);
switch (action)
{
case SMTP_RSP_REJECT:
z_policy_lock(self->super.thread);
if (!z_policy_var_parse_tuple(entry, "i|ss", &action, &response, &response_param))
{
/*LOG
This message indicates that the parameter of the response policy of the given request is invalid and Zorp aborts the connection.
Check the 'response' attribute.
*/
z_proxy_log(self, SMTP_POLICY, 1, "Error in response policy; request='%s', response='%s'", self->request->str, self->response->str);
action = SMTP_RSP_ABORT;
}
else
{
if (response)
g_string_assign(self->error_code, response);
if (response_param)
g_string_assign(self->error_info, response_param);
}
z_policy_unlock(self->super.thread);
break;
case SMTP_RSP_ACCEPT:
case SMTP_RSP_ABORT:
break;
case SMTP_RSP_POLICY:
z_policy_lock(self->super.thread);
if (!z_policy_var_parse(entry, "(iO)", &action, &process_rsp))
{
/*LOG
This message indicates that the parameter of the response policy of the given request is invalid and Zorp aborts the connection.
Check the 'response' attribute.
*/
z_proxy_log(self, SMTP_POLICY, 1, "Error in response policy; request='%s', response='%s'", self->request->str, self->response->str);
action = SMTP_RSP_ABORT;
}
else
{
res = z_policy_call_object(process_rsp, z_policy_var_build("(ssss)", self->request->str, self->request_param->str, self->response->str, self->response_param->str), self->super.session_id);
if (res)
{
if (!z_policy_var_parse(res, "i", &action))
{
/*LOG
This message indicates that the returned value of the callback for the given response policy
is invalid and Zorp aborts the connection. Check the callback function.
*/
z_proxy_log(self, SMTP_POLICY, 1, "The verdict returned by the policy is not an int; request='%s', response='%s'", self->request->str, self->response->str);
action = SMTP_RSP_ABORT;
}
}
else
{
action = SMTP_RSP_ABORT;
}
}
z_policy_unlock(self->super.thread);
break;
default:
action = SMTP_RSP_ABORT;
break;
}
z_proxy_return(self, action);
}
guint
pop3_policy_command_hash_do(Pop3Proxy *self)
{
guint rc;
ZPolicyObj *res;
ZPolicyObj *tmp = g_hash_table_lookup(self->commands_policy, self->command->str);
ZPolicyObj *command_where = NULL;
ZPolicyObj *answer_where = NULL;
unsigned int command_do;
z_proxy_enter(self);
if (!tmp)
{
z_proxy_log(self, POP3_DEBUG, 6, "Policy does not contain this request, trying the default; request='%s'",
self->command->str);
tmp = g_hash_table_lookup(self->commands_policy, "*");
}
if (!tmp)
{
/*LOG
This message indicates that the policy does not contain any setting for the given
request and Zorp rejects the request. Check the 'request' attribute.
*/
z_proxy_log(self, POP3_DEBUG, 5, "Policy does not contain this request, using hard-coded default; request='%s'",
self->command->str);
z_proxy_return(self, POP3_REQ_REJECT);
}
z_policy_lock(self->super.thread);
if (!pop3_hash_get_type(tmp, &command_do))
{
/*LOG
This message indicates that the policy type is invalid for the given request and Zorp
aborts the connection. Check the 'request' attribute.
*/
z_proxy_log(self, POP3_POLICY, 1, "Policy type is invalid; req='%s'", self->command->str);
z_policy_unlock(self->super.thread);
z_proxy_return(self, POP3_REQ_ABORT);
}
z_policy_unlock(self->super.thread);
switch(command_do)
{
case POP3_REQ_ACCEPT_MLINE:
self->response_multiline = TRUE; /* No Break */
case POP3_REQ_REJECT:
case POP3_REQ_ACCEPT:
rc = command_do;
break;
case POP3_REQ_POLICY:
z_policy_lock(self->super.thread);
if (!z_policy_var_parse(tmp, "(iOO)", &command_do, &command_where, &answer_where) &&
!z_policy_var_parse(tmp, "(iO)", &command_do, &command_where))
{
/*LOG
This message indicates that the policy for the given request is invalid
and Zorp aborts the connection. Check the 'request' attribute. It is likely that the
parameter for the POP3_REQ_POLICY is invalid.
*/
z_proxy_log(self, POP3_POLICY, 1, "Cannot parse policy line; req='%s'",self->command->str);
rc = POP3_REQ_ABORT;
}
else
{
res = z_policy_call_object(command_where, z_policy_var_build("(s)", self->command), self->super.session_id);
if (res == NULL)
{
/*LOG
This message indicates that the callback for the given request policy is invalid
and Zorp aborts the connection. Check the 'request' attribute. It is likely that the
parameter for the POP3_REQ_POLICY is invalid.
*/
z_proxy_log(self, POP3_POLICY, 1, "Error in policy call; req='%s'", self->command->str);
rc = POP3_REQ_ABORT;
}
else
{
if (!z_policy_var_parse(res, "i", &rc))
{
/*LOG
This message indicates that the returned value of the callback for the given request policy
is invalid and Zorp aborts the connection. Check the callback function.
*/
z_proxy_log(self, POP3_POLICY, 1, "Cannot parse the return code; req='%s'", self->command->str);
rc = POP3_REQ_ABORT;
}
else
{
switch(rc)
{
case POP3_REQ_ACCEPT_MLINE:
self->response_multiline = TRUE; /* No Break */
case POP3_REQ_ACCEPT:
rc = POP3_REQ_ACCEPT;
break;
case ZV_UNSPEC:
case ZV_DROP:
case POP3_REQ_REJECT:
rc = POP3_REQ_REJECT;
break;
case POP3_REQ_ABORT:
default:
rc = POP3_REQ_ABORT;
break;
}
}
}
}
z_policy_unlock(self->super.thread);
break;
case POP3_REQ_ABORT:
default:
rc = POP3_REQ_ABORT;
break;
}
z_proxy_return(self, rc);
}
gboolean
pop3_policy_stack_hash_do(Pop3Proxy *self, ZStackedProxy **stacked)
{
guint rc;
ZPolicyObj *res = NULL;
ZPolicyObj *tmp = g_hash_table_lookup(self->command_stack, self->command->str);
ZPolicyObj *command_where = NULL;
ZPolicyObj *stack_proxy = NULL;
unsigned int command_do;
gboolean success = TRUE;
z_proxy_enter(self);
if (!tmp)
tmp = g_hash_table_lookup(self->command_stack, "*");
if (!tmp)
z_proxy_return(self, TRUE);
z_policy_lock(self->super.thread);
if (!pop3_hash_get_type(tmp, &command_do))
{
/*LOG
This message indicates that the stack policy type is invalid for the given response, so nothing will
be stacked. Check the 'response_stack' attribute.
*/
z_proxy_log(self, POP3_POLICY, 1, "Stack policy type is invalid; req='%s'", self->command->str);
z_policy_unlock(self->super.thread);
z_proxy_return(self, FALSE);
}
switch(command_do)
{
case POP3_STK_NONE:
rc = command_do;
break;
case POP3_STK_DATA:
case POP3_STK_MIME:
if (!z_policy_var_parse(tmp, "(iO)", &rc, &stack_proxy))
{
/*LOG
This message indicates that the stack policy for the given response is invalid
and Zorp stacks nothing. Check the 'response_stack' attribute. It is likely that the
parameter for the POP3_STK_MIME or POP3_STK_DATA is invalid.
*/
z_proxy_log(self, POP3_POLICY, 1, "Cannot parse stack policy line; req='%s'", self->command->str);
success = FALSE;
}
break;
case POP3_STK_POLICY:
if (!z_policy_var_parse(tmp, "(iO)", &rc, &command_where))
{
/*LOG
This message indicates that the stack policy for the given response is invalid
and Zorp stacks nothing. Check the 'response_stack' attribute. It is likely that the
parameter for the POP3_STK_POLICY is invalid.
*/
z_proxy_log(self, POP3_POLICY, 1, "Cannot parse stack policy line; req='%s'", self->command->str);
success = FALSE;
}
else
{
res = z_policy_call_object(command_where, z_policy_var_build("(s)", self->command->str), self->super.session_id);
if (res == NULL)
{
/*LOG
This message indicates that the callback for the given request policy is invalid
and Zorp stacks nothing. Check the 'request' attribute. It is likely that the
parameter for the POP3_STK_POLICY is invalid.
*/
z_proxy_log(self, POP3_POLICY, 1, "Error in policy call; req='%s'", self->command->str);
success = FALSE;
}
else
{
if (!z_policy_var_parse(res, "i", &rc) &&
!z_policy_var_parse(res, "(iO)", &rc, &stack_proxy))
{
/*LOG
This message indicates that the returned value of the callback for the given response policy
is invalid and Zorp stacks nothing. Check the callback function.
*/
z_proxy_log(self, POP3_POLICY, 1, "Cannot parse return code; req='%s'", self->command->str);
success = FALSE;
}
z_policy_var_unref(res);
}
}
break;
}
if (success && rc != POP3_STK_NONE && stack_proxy)
success = z_proxy_stack_object(&self->super, stack_proxy, stacked, NULL);
z_policy_unlock(self->super.thread);
z_proxy_return(self, success);
}
guint
ftp_policy_answer_hash_do(FtpProxy *self)
{
guint ret;
ZPolicyObj *res;
ZPolicyObj *tmp;
ZPolicyObj *answer_where;
unsigned int answer_do;
gchar key1[5];
gchar key2[5];
gchar *key[2];
gchar *msg;
int i;
gchar work[10];
z_proxy_enter(self);
if (self->request_cmd->len > 0)
g_snprintf(key1, sizeof(key1), "%s", self->request_cmd->str);
else
g_snprintf(key1, sizeof(key1), "Null");
g_snprintf(key2, sizeof(key2), "%s", self->answer_cmd->str);
key[0] = key1;
key[1] = key2;
tmp = z_dim_hash_table_search(self->policy_answer_hash, 2, key);
if (!tmp)
{
/*LOG
This message indicates that the policy does not contain any setting for the given
response and Zorp rejects the response. Check the 'response' attribute.
*/
z_proxy_log(self, FTP_POLICY, 5, "Policy does not contain this response, using hard-coded default; request='%s', response='%s", self->request_cmd->str, self->answer_cmd->str);
z_proxy_return(self, FTP_RSP_REJECT);
}
z_policy_lock(self->super.thread);
if (!ftp_hash_get_type(tmp, &answer_do))
{
/*LOG
This message indicates that the policy type is invalid for the given response and Zorp
rejects the request. Check the 'request' attribute.
*/
z_proxy_log(self, FTP_POLICY, 1, "Answer type invalid; req='%s', rsp='%s'", self->request_cmd->str, self->answer_cmd->str);
z_proxy_return(self, FTP_RSP_REJECT);
}
z_policy_unlock(self->super.thread);
switch(answer_do)
{
case FTP_RSP_REJECT:
ret = FTP_RSP_REJECT;
z_policy_lock(self->super.thread);
if (!z_policy_var_parse(tmp, "(is)", &answer_do, &msg))
{
g_string_assign(self->answer_cmd, "500");
g_string_assign(self->answer_param, "Error parsing answer");
}
else
{
for(i = 0; i < 3; i++)
work[i]=msg[i];
work[i]=0;
g_string_assign(self->answer_cmd, work);
g_string_assign(self->answer_param, &msg[i+1]);
}
z_policy_unlock(self->super.thread);
break;
case FTP_RSP_ACCEPT:
ret = FTP_RSP_ACCEPT;
break;
case FTP_RSP_ABORT:
ret = FTP_RSP_ABORT;
z_policy_lock(self->super.thread);
if (!z_policy_var_parse(tmp, "(is)", &answer_do, &msg))
{
g_string_assign(self->answer_cmd, "500");
g_string_assign(self->answer_param, "Error parsing answer");
}
else
{
for(i = 0; i < 3; i++)
work[i]=msg[i];
work[i]=0;
g_string_assign(self->answer_cmd, work);
g_string_assign(self->answer_param, &msg[i+1]);
}
z_policy_unlock(self->super.thread);
break;
case FTP_RSP_POLICY:
z_policy_lock(self->super.thread);
if (!z_policy_var_parse(tmp,"(iO)", &answer_do, &answer_where))
{
/*LOG
This message indicates that the policy for the given response is invalid
and Zorp rejects the response. Check the 'response' attribute. It is likely that the
parameter for the FTP_RSP_POLICY is invalid.
*/
z_proxy_log(self, FTP_POLICY, 1, "Bad policy line; command='%s', answer='%s'", self->request_cmd->str, self->answer_cmd->str);
g_string_assign(self->answer_cmd, "500");
g_string_assign(self->answer_param, "Error parsing answer (bad policy)");
ret = FTP_RSP_ABORT;
}
else
{
res = z_policy_call_object(answer_where, z_policy_var_build("(ss)", self->request_cmd->str, self->answer_cmd->str), self->super.session_id);
if (res == NULL)
{
/*LOG
This message indicates that the callback for the given response policy is invalid
and Zorp rejects the response. Check the 'response' attribute. It is likely that the
parameter for the FTP_RSP_POLICY is invalid.
*/
z_proxy_log(self, FTP_POLICY, 1, "Error in policy calling; command='%s', answer='%s'", self->request_cmd->str, self->answer_cmd->str);
g_string_assign(self->answer_cmd, "500");
g_string_assign(self->answer_param, "Error parsing answer (bad policy)");
ret = FTP_RSP_ABORT;
}
else if (!z_policy_var_parse(res, "i", &ret))
{
/*LOG
This message indicates that the returned value of the callback for the given response policy
is invalid and Zorp rejects the response. Check the callback function.
*/
z_proxy_log(self, FTP_POLICY, 1, "Return code invalid from policy function; command='%s', answer='%s'", self->request_cmd->str, self->answer_cmd->str);
g_string_assign(self->answer_cmd, "500");
g_string_assign(self->answer_param, "Error parsing answer (bad policy)");
ret = FTP_RSP_ABORT;
}
else
{
switch(ret)
{
case FTP_RSP_ACCEPT:
case FTP_RSP_REJECT:
case FTP_RSP_ABORT:
break;
case Z_DROP:
case Z_UNSPEC:
ret = FTP_RSP_REJECT;
break;
default:
g_string_assign(self->answer_cmd, "500");
g_string_assign(self->answer_param, "Error parsing answer, connection dropped.");
ret = FTP_RSP_ABORT;
break;
}
}
}
z_policy_unlock(self->super.thread);
break;
default:
g_string_assign(self->answer_cmd, "500");
g_string_assign(self->answer_param, "Error parsing answer, connection dropped.");
ret = FTP_RSP_ABORT;
break;
}
z_proxy_return(self, ret);
}
guint
ftp_policy_command_hash_do(FtpProxy *self)
{
guint ret;
ZPolicyObj *res;
ZPolicyObj *tmp;
ZPolicyObj *command_where;
unsigned int command_do;
gchar work[10];
gchar *msg;
int i;
z_proxy_enter(self);
tmp = g_hash_table_lookup(self->policy_command_hash, self->request_cmd->str);
if (!tmp)
{
z_proxy_log(self, FTP_POLICY, 6, "Policy does not contain this request, trying the default; request='%s'", self->request_cmd->str);
tmp = g_hash_table_lookup(self->policy_command_hash, "*");
}
if (!tmp)
{
/*LOG
This message indicates that the policy does not contain any setting for the given
request and Zorp rejects the request. Check the 'request' attribute.
*/
z_proxy_log(self, FTP_POLICY, 5, "Policy does not contain this request, using hard-coded default; request='%s'", self->request_cmd->str);
z_proxy_return(self, FTP_REQ_REJECT);
}
z_policy_lock(self->super.thread);
if (!ftp_hash_get_type(tmp,&command_do))
{
/*LOG
This message indicates that the policy type is invalid for the given request and Zorp
rejects the request. Check the 'request' attribute.
*/
z_proxy_log(self, FTP_POLICY, 1, "Policy type invalid; req='%s", self->request_cmd->str);
z_policy_unlock(self->super.thread);
z_proxy_return(self, FTP_REQ_REJECT);
}
z_policy_unlock(self->super.thread);
switch(command_do)
{
case FTP_REQ_ACCEPT:
case FTP_REQ_ABORT:
ret = command_do;
break;
case FTP_REQ_REJECT:
z_policy_lock(self->super.thread);
if (z_policy_var_parse(tmp, "(is)", &command_do, &msg))
{
for (i = 0; i < 3; i++)
work[i]=msg[i];
work[i]=0;
g_string_assign(self->answer_cmd, work);
g_string_assign(self->answer_param, &msg[i+1]);
}
ret = command_do;
z_policy_unlock(self->super.thread);
break;
case FTP_REQ_POLICY:
z_policy_lock(self->super.thread);
if (!z_policy_var_parse(tmp,"(iO)",&command_do,&command_where))
{
/*LOG
This message indicates that the policy for the given request is invalid
and Zorp rejects the request. Check the 'request' attribute. It is likely that the
parameter for the FTP_REQ_POLICY is invalid.
*/
z_proxy_log(self, FTP_POLICY, 1, "Cannot parse policy line; req='%s'", self->request_cmd->str);
ret = FTP_REQ_ABORT;
}
else
{
g_string_assign(self->answer_cmd, "500");
g_string_assign(self->answer_param, "Error parsing command");
res = z_policy_call_object(command_where, z_policy_var_build("(s)",self->request_cmd->str), self->super.session_id);
if (res == NULL)
{
/*LOG
This message indicates that the callback for the given request policy is invalid
and Zorp rejects the request. Check the 'request' attribute. It is likely that the
parameter for the FTP_REQ_POLICY is invalid.
*/
z_proxy_log(self, FTP_POLICY, 1, "Error in policy calling; req='%s'", self->request_cmd->str);
ret = FTP_REQ_ABORT;
}
else if (!z_policy_var_parse(res,"i",&ret))
{
/*LOG
This message indicates that the returned value of the callback for the given request policy
is invalid and Zorp rejects the request. Check the callback function.
*/
z_proxy_log(self, FTP_POLICY, 1, "Can't parsing return code; command='%s'", self->request_cmd->str);
ret = FTP_REQ_ABORT;
}
else
{
switch(ret)
{
case FTP_REQ_ACCEPT:
case FTP_REQ_ABORT:
case FTP_REQ_REJECT:
break;
case Z_UNSPEC:
case Z_DROP:
ret = FTP_REQ_REJECT;
break;
default:
break;
}
}
}
z_policy_unlock(self->super.thread);
break;
default:
ret = FTP_REQ_ABORT;
break;
}
z_proxy_return(self, ret);
}
gchar *username,
gchar *passwd,
gchar ***groups G_GNUC_UNUSED,
ZProxy *proxy
)
{
gboolean called;
ZPolicyObj *res;
gboolean ret = FALSE;
ZPolicyObj *session;
z_session_enter(session_id);
session = z_policy_getattr(proxy->handler, "session");
res = z_policy_call(self, "performAuthentication",
z_policy_var_build("(sOss)", session_id, session, username, passwd),
&called, session_id);
z_policy_var_unref(session);
if (res != NULL)
{
gboolean retval;
if (z_policy_var_parse_boolean(res, &retval))
{
z_log(session_id, CORE_INFO, 6, "Authentication backend called; username='******', result='%d'",
username, retval);
ret = retval;
}
else
{
