int
main()
{
char buf[50];
char buf1[50];
struct sockaddr_in sin;
SafeSock ssock;
IpVerify* userverify;
set_mySubSystem( "COLLECTOR", SUBSYSTEM_TYPE_COLLECTOR );
config();
#ifdef WIN32
_CrtMemCheckpoint( &s1 );
#endif
userverify = new IpVerify();
userverify->Init();
buf[0] = '\0';
while( 1 ) {
printf("Enter test:\n");
scanf("%s",buf);
if ( strncmp(buf,"exit",4) == 0 )
break;
if ( strncmp(buf,"reinit",6) == 0 ) {
config();
userverify->Init();
continue;
}
printf("Verifying %s ... ",buf);
sprintf(buf1,"<%s:1970>",buf);
string_to_sin(buf1,&sin);
if ( userverify->Verify(WRITE,&sin) == TRUE )
printf("ALLOW\n");
else
printf("DENY\n");
}
delete userverify;
#ifdef WIN32
_CrtMemCheckpoint( &s2 );
// _CrtMemDumpAllObjectsSince( &s1 );
_CrtSetReportMode(_CRT_WARN, _CRTDBG_MODE_FILE);
_CrtSetReportFile(_CRT_WARN, _CRTDBG_FILE_STDOUT);
_CrtSetReportMode(_CRT_ERROR, _CRTDBG_MODE_FILE);
_CrtSetReportFile(_CRT_ERROR, _CRTDBG_FILE_STDOUT);
_CrtSetReportMode(_CRT_ASSERT, _CRTDBG_MODE_FILE);
_CrtSetReportFile(_CRT_ASSERT, _CRTDBG_FILE_STDOUT);
if ( _CrtMemDifference( &s3, &s1, &s2 ) )
_CrtMemDumpStatistics( &s3 );
// _CrtDumpMemoryLeaks(); // report any memory leaks on Win32
#endif
return TRUE;
}
void startShadow( ClassAd *ad )
{
// see if the SchedD punched a DAEMON-level authorization
// hole for this job. if it did, we'll do the same here
//
MyString auth_hole_id;
if (ad->LookupString(ATTR_STARTD_PRINCIPAL, auth_hole_id)) {
IpVerify* ipv = daemonCore->getIpVerify();
if (!ipv->PunchHole(DAEMON, auth_hole_id)) {
dprintf(D_ALWAYS,
"WARNING: IpVerify::PunchHole error for %s: "
"job may fail to execute\n",
auth_hole_id.Value());
}
}
initShadow( ad );
int wantClaiming = 0;
ad->LookupBool(ATTR_CLAIM_STARTD, wantClaiming);
if( is_reconnect ) {
Shadow->reconnect();
} else {
// if the shadow is going to claim the startd,
// we need to asynchrously claim it.
// Otherwise, in the usual case under the sched,
// call spawn here, which will activate the pre-claimed
// startd
if (!wantClaiming) {
Shadow->spawn();
}
}
}
int
main( int argc, char* argv[] )
{
int i;
param_functions *p_funcs = NULL;
set_mySubSystem( "DAEMON-TOOL", SUBSYSTEM_TYPE_TOOL );
MyName = argv[0];
myDistro->Init( argc, argv );
FILE *input_fp = stdin;
for( i=1; i<argc; i++ ) {
if( match_prefix( argv[i], "-daemontype" ) ) {
if( argv[i + 1] ) {
get_mySubSystem()->setName( argv[++i] );
get_mySubSystem()->setTypeFromName( );
} else {
usage();
}
} else if( match_prefix( argv[i], "-debug" ) ) {
// dprintf to console
Termlog = 1;
p_funcs = get_param_functions();
dprintf_config( "DAEMON-TOOL", p_funcs );
set_debug_flags(NULL, D_FULLDEBUG|D_SECURITY);
} else if( match_prefix( argv[i], "-" ) ) {
usage();
} else {
usage();
}
}
// If we didn't get told what subsystem we should use, set it
// to "TOOL".
if( !get_mySubSystem()->isNameValid() ) {
get_mySubSystem()->setName( "DAEMON-TOOL" );
}
config( 0, true );
IpVerify ipverify;
MyString line;
while( line.readLine(input_fp) ) {
line.chomp();
if( line.IsEmpty() || line[0] == '#' ) {
printf("%s\n",line.Value());
continue;
}
StringList fields(line.Value()," ");
fields.rewind();
char const *perm_str = fields.next();
char const *fqu = fields.next();
char const *ip = fields.next();
char const *expected = fields.next();
MyString sin_str = generate_sinful(ip, 0);
condor_sockaddr addr;
if( !addr.from_sinful(sin_str) ) {
fprintf(stderr,"Invalid ip address: %s\n",ip);
exit(1);
}
DCpermission perm = StringToDCpermission(perm_str);
if( perm == LAST_PERM ) {
fprintf(stderr,"Invalid permission level: %s\n",perm_str);
exit(1);
}
if( strcmp(fqu,"*") == 0 ) {
fqu = "";
}
char const *result;
MyString reason;
if( ipverify.Verify(perm,addr,fqu,&reason,&reason) != USER_AUTH_SUCCESS ) {
result = "DENIED";
}
else {
result = "ALLOWED";
}
if( expected && strcasecmp(expected,result) != 0 ) {
printf("Got wrong result '%s' for '%s': reason: %s!\n",
result,line.Value(),reason.Value());
printf("Aborting.\n");
exit(1);
}
if( expected ) {
printf("%s\n",line.Value());
}
else {
printf("%s %s\n",line.Value(),result);
}
}
}